Disable opening network debug ports for security reasons

By default, we open up to three TCP ports that are used
for debugging purpose:

 * TCP port 8872 - used for forwarding btsnoop logs at real time
   Note: the port is open only if "Bluetooth HCI snoop log" is enabled
   in the Developer options
 * TCP port 8873 - used for HCI debugging
 * TCP port 8879 - used for debugging the Bluetooth counters

Those ports are disabled by default.
To enable, the following #define should be added at the top of the
corresponding file(s): btcore/src/counter.c hci/src/btsnoop_net.c
hci/src/hci_inject.c

   #define BT_NET_DEBUG TRUE

Bug: 24371736

Change-Id: I5cb43af1a5d29c331eb5ef61a24dccbe95df6f40

diff --git a/btcore/src/counter.c b/btcore/src/counter.c
index e1f3da4..d693fc3 100644 (file)
--- a/btcore/src/counter.c
+++ b/btcore/src/counter.c
@@ -256,6 +256,10 @@ static bool counter_foreach_cb_(hash_map_entry_t *hash_map_entry, void *context)
 }
 
 static bool counter_socket_open(void) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return true;          // Disable using network sockets for security reasons
+#endif
+
   assert(listen_socket_ == NULL);
   assert(thread_ == NULL);
   assert(clients_ == NULL);
@@ -293,6 +297,10 @@ error:;
 }
 
 static void counter_socket_close(void) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return;               // Disable using network sockets for security reasons
+#endif
+
   socket_free(listen_socket_);
   thread_free(thread_);
   list_free(clients_);

diff --git a/hci/src/btsnoop_net.c b/hci/src/btsnoop_net.c
index f797558..e0c1ccf 100644 (file)
--- a/hci/src/btsnoop_net.c
+++ b/hci/src/btsnoop_net.c
@@ -46,6 +46,10 @@ static int listen_socket_ = -1;
 static int client_socket_ = -1;
 
 void btsnoop_net_open() {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return;               // Disable using network sockets for security reasons
+#endif
+
   listen_thread_valid_ = (pthread_create(&listen_thread_, NULL, listen_fn_, NULL) == 0);
   if (!listen_thread_valid_) {
     LOG_ERROR(LOG_TAG, "%s pthread_create failed: %s", __func__, strerror(errno));
@@ -55,6 +59,10 @@ void btsnoop_net_open() {
 }
 
 void btsnoop_net_close() {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return;               // Disable using network sockets for security reasons
+#endif
+
   if (listen_thread_valid_) {
     shutdown(listen_socket_, SHUT_RDWR);
     pthread_join(listen_thread_, NULL);
@@ -64,6 +72,10 @@ void btsnoop_net_close() {
 }
 
 void btsnoop_net_write(const void *data, size_t length) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return;               // Disable using network sockets for security reasons
+#endif
+
   pthread_mutex_lock(&client_socket_lock_);
   if (client_socket_ != -1) {
     if (send(client_socket_, data, length, 0) == -1 && errno == ECONNRESET) {

diff --git a/hci/src/hci_inject.c b/hci/src/hci_inject.c
index ea25fd0..7efb374 100644 (file)
--- a/hci/src/hci_inject.c
+++ b/hci/src/hci_inject.c
@@ -62,6 +62,10 @@ static void read_ready(socket_t *socket, void *context);
 static void client_free(void *ptr);
 
 bool hci_inject_open(const hci_t *hci_interface) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return true;          // Disable using network sockets for security reasons
+#endif
+
   assert(listen_socket == NULL);
   assert(thread == NULL);
   assert(clients == NULL);
@@ -93,6 +97,10 @@ error:;
 }
 
 void hci_inject_close(void) {
+#if (!defined(BT_NET_DEBUG) || (BT_NET_DEBUG != TRUE))
+  return;               // Disable using network sockets for security reasons
+#endif
+
   socket_free(listen_socket);
   list_free(clients);
   thread_free(thread);