BLE notifications crash the BLUETOOTHCTL

1

I am using hte following command line commands to set BLE service on the mangoH yellow:

bluetoothctl

power on
advertise on
menu gatt
register-service e2d36f99-8909-4136-9a49-00805f9b34fb
yes
register-characteristic 0x0011 read,write
0x0
register-characteristic 0x0033 write,notify
0x0
register-application

now I can connect to the mangoH yellow via phone BLE and see the charecteristics, read and write

however, when I try to register to BLE notifications with my phone I get:

[CHG] Attribute /org/bluez/app/service0/chrc2 Notify sock acquired
Attribute /org/bluez/app/service0/chrc2 Notify sock closed

and this is the error from log:

Jul 6 17:51:45 swi-mdm9x28-wp daemon.debug bluetoothd[746]: …/bluez-5.52/src/gatt-database.c:client_disconnect_cb() Client disconnected
Jul 6 17:51:45 swi-mdm9x28-wp daemon.debug bluetoothd[746]: …/bluez-5.52/src/gatt-database.c:profile_remove() Removed “:1.2/org/bluez/app/register-application”
Jul 6 17:51:45 swi-mdm9x28-wp daemon.debug bluetoothd[746]: …/bluez-5.52/src/gatt-database.c:profile_release() Releasing “:1.2”
Jul 6 17:51:45 swi-mdm9x28-wp daemon.err bluetoothd[746]: Failed to acquire notify: org.freedesktop.DBus.Error.NoReply

I am working with the following :

root@swi-mdm9x28-wp:~# legato version
19.11.3-1-g8c030edad_34a8f46a3d85b53df7cd63949d660283_modified

root@swi-mdm9x28-wp:~# uname -a
Linux swi-mdm9x28-wp 3.18.140 #1 PREEMPT Wed Dec 9 12:50:57 UTC 2020 armv7l GNU/Linux

there seems to be a dbus support issue with the Yellow + bluez , please assist \ advice

1 Like
2

so I found the issue:
Jul 6 20:05:53 swi-mdm9x28-wp user.notice kernel: [ 128.301702] audit: type=1400 audit(1625591153.612:3): lsm=SMACK fn=smack_file_receive action=denied subject="_" object=“admin” requested=rw pid=483 comm=“dbus-daemon” path=“socket:[10118]” dev=“sockfs” ino=10118

my question is, can I disable SMACK from userspace?

apperentlly the solution implemented by mangoH to enable using BLE for the example was to specifically allow BLE access for specific Legato application names
this is very problematic, since I need to be able to use the BLE freely from any application I write, even outside legato

3

You might have a look on yocto source:
./kernel/security/smack/smack_lsm.c

function smack_file_receive ()

Not sure if forcing this function to return 0 can solve the problem.

4

issue resolved by adding a rule to my application

this is quite problematic for users that do not compile the kernel and want to use the legato apps development for BLE

I recommand changing that in future releases

5

How do you add a rule to your app?
Can you elaborate more?

6

I resolved by following this instruction:

https://docs.legato.io/18_10/conceptsSecuritySmack.html

notice for example the configuration:

cat /legato/smack/load2

have the sample ble app enabled:

_ app.bluetoothSensorTag rwx

7

thanks for the awesome information.