1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# Copyright 2024 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <sys/types.h>
include <sys/socket.h>
include <sys/sockio.h>
include <sys/bitstring.h>
include <netinet/in.h>
include <netgraph/bluetooth/include/ng_hci.h>
include <netgraph/bluetooth/include/ng_l2cap.h>
include <netgraph/bluetooth/include/ng_btsocket.h>
resource sock_bt[sock]
resource sock_bt_hci[sock_bt]
resource sock_bt_sco[sock_bt]
resource sock_bt_rfcomm[sock_bt]
resource sock_bt_l2cap[sock_bt]
socket$bt_hci(domain const[PF_BLUETOOTH], type const[SOCK_RAW], protocol const[BLUETOOTH_PROTO_HCI]) sock_bt_hci
bind$bt_hci(s sock_bt_hci, addr ptr[in, sockaddr_hci], addrlen len[addr])
ioctl$sock_bt_hci(fd sock_bt_hci, cmd flags[bt_hci_ioctl], arg buffer[inout])
setsockopt$bt_hci_HCI_FILTER(s sock_bt_hci, level const[SOL_HCI_RAW], optname const[SO_HCI_RAW_FILTER], optval ptr[in, ng_btsocket_hci_raw_filter], optlen len[optval])
setsockopt$bt_hci_HCI_DIRECTION(s sock_bt_hci, level const[SOL_HCI_RAW], optname const[SO_HCI_RAW_DIRECTION], optval ptr[in, int32], optlen len[optval])
getsockopt$bt_hci(s sock_bt_hci, level const[SOL_HCI_RAW], optname flags[bt_hci_sockopt], optval buffer[out], optlen ptr[inout, len[optval, int32]])
write$bt_hci(fd sock_bt_hci, buf buffer[in], nbytes bytesize[buf])
socket$bt_sco(domain const[PF_BLUETOOTH], type const[SOCK_SEQPACKET], protocol const[BLUETOOTH_PROTO_SCO]) sock_bt_sco
bind$bt_sco_sockaddr_sco(s sock_bt_sco, addr ptr[in, sockaddr_sco], addrlen len[addr])
connect$bt_sco_sockaddr_sco(s sock_bt_sco, name ptr[in, sockaddr_sco], namelen len[name])
getsockopt$bt_sco_SOL_SCO(s sock_bt_sco, level const[SOL_SCO], optname flags[bt_sol_sockopt], optval buffer[out], optlen ptr[inout, len[optval, int32]])
socket$bt_l2cap(domain const[PF_BLUETOOTH], type flags[bt_l2cap_type], protocol const[BLUETOOTH_PROTO_L2CAP]) sock_bt_l2cap
bind$bt_l2cap(fd sock_bt_l2cap, addr ptr[in, sockaddr_l2], addrlen len[addr])
connect$bt_l2cap(fd sock_bt_l2cap, addr ptr[in, sockaddr_l2], addrlen len[addr])
setsockopt$bt_l2cap(fd sock_bt_l2cap, level const[SOL_L2CAP], optname flags[bt_l2cap_sockopt], optval ptr[in, int32], optlen len[optval])
getsockopt$bt_l2cap(s sock_bt_l2cap, level const[SOL_L2CAP], optname flags[bt_l2cap_sockopt], optval buffer[out], optlen ptr[inout, len[optval, int32]])
socket$bt_rfcomm(domain const[PF_BLUETOOTH], type const[SOCK_STREAM], protocol const[BLUETOOTH_PROTO_RFCOMM]) sock_bt_rfcomm
bind$bt_rfcomm(fd sock_bt_rfcomm, addr ptr[in, sockaddr_rfcomm], addrlen len[addr])
connect$bt_rfcomm(fd sock_bt_rfcomm, addr ptr[in, sockaddr_rfcomm], addrlen len[addr])
setsockopt$bt_rfcomm(fd sock_bt_rfcomm, level const[SOL_RFCOMM], optname flags[bt_rfcomm_sockopt], optval ptr[in, int32], optlen len[optval])
getsockopt$bt_rfcomm(s sock_bt_rfcomm, level const[SOL_RFCOMM], optname flags[bt_rfcomm_sockopt], optval buffer[out], optlen ptr[inout, len[optval, int32]])
ng_btsocket_hci_raw_filter {
packet_mask int64[32]
event_mask int64[64]
}
sockaddr_hci {
hci_len int8
hci_family int8
hci_node int8[32]
}
sockaddr_sco {
sco_len int8
sco_family int8
sco_bdaddr int8[6]
}
sockaddr_l2 {
l2cap_len int8
l2cap_familty int8
l2cap_psm int16
l2cap_bdaddr int8[6]
l2cap_cid int16
l2cap_bdaddr_type int8
}
sockaddr_rfcomm {
rfcomm_len int8
rfcomm_family int8
rfcomm_bdaddr int8[6]
rfcomm_channel int8
}
bt_hci_ioctl = SIOC_HCI_RAW_NODE_GET_STATE, SIOC_HCI_RAW_NODE_INIT, SIOC_HCI_RAW_NODE_GET_DEBUG, SIOC_HCI_RAW_NODE_SET_DEBUG, SIOC_HCI_RAW_NODE_GET_BUFFER, SIOC_HCI_RAW_NODE_GET_BDADDR, SIOC_HCI_RAW_NODE_GET_FEATURES, SIOC_HCI_RAW_NODE_GET_STAT, SIOC_HCI_RAW_NODE_RESET_STAT, SIOC_HCI_RAW_NODE_FLUSH_NEIGHBOR_CACHE, SIOC_HCI_RAW_NODE_GET_NEIGHBOR_CACHE, SIOC_HCI_RAW_NODE_GET_CON_LIST, SIOC_HCI_RAW_NODE_GET_LINK_POLICY_MASK, SIOC_HCI_RAW_NODE_SET_LINK_POLICY_MASK, SIOC_HCI_RAW_NODE_GET_PACKET_MASK, SIOC_HCI_RAW_NODE_SET_PACKET_MASK, SIOC_HCI_RAW_NODE_GET_ROLE_SWITCH, SIOC_HCI_RAW_NODE_SET_ROLE_SWITCH
bt_hci_sockopt = SO_HCI_RAW_FILTER, SO_HCI_RAW_DIRECTION
bt_sol_sockopt = SO_SCO_MTU, SO_SCO_CONNINFO
bt_l2cap_sockopt = SO_L2CAP_IMTU, SO_L2CAP_OMTU, SO_L2CAP_IFLOW, SO_L2CAP_OFLOW, SO_L2CAP_FLUSH, SO_L2CAP_ENCRYPTED
bt_l2cap_type = SOCK_SEQPACKET, SOCK_RAW
bt_rfcomm_sockopt = SO_RFCOMM_MTU, SO_RFCOMM_FC_INFO
|
