In the context of Bluetooth, "sap" refers to the SIM Access Profile,
designed to allow mobile phones to lend the use of their SIM or USIM
cards over Bluetooth to car handsfree kits that have their own mobile
phone radio module, which may have greater transmitter power and a
better antenna for use on the road than a hand-held phone in the user's
pocket.
The BlueZ stack attempts to register a SAP server, which will be useful
only if the system has a mobile phone SIM or USIM card and the user is
willing to lend its use to external devices.
As packaged, the SAP server component no longer has any actual
implementation to access a card reader: the upstream removed the last
actual implementation (for the long-dead STE U8500 platform) in
2017-07-13. Only the dummy implementation in sap-dummy.c is left:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/sap?id=3a140aa35b7b7dc1d7b031eec40590187f70a980
The dummy implementation will attempt to register a D-Bus interface
"org.bluez.SimAccessTest1", which is not covered by the packaged D-Bus
configuration file (src/bluetooth.conf). As a result, registering the
SIM Access Profile will always fail.
The failure of the SAP driver won't normally stop BlueZ bluetoothd from
operating, but it often results in the first error message from BlueZ
even in situations where the Bluetooth radio is not operable (e.g.
because of missing firmware), so it tends to confuse users who don't
know what the Bluetooth SAP profile is, and lead them astray in their
troubleshooting.
Sharing access to a SIM/USIM card is a security-sensitive operation, as
with it, an external device equipped with a mobile phone radio module
could place and receive calls and/or transfer data over the mobile phone
network, which could incur costs to the card owner. The SIM/USIM keys
can sometimes also be used to allow access to WiFi networks (see
wpa_supplicant and its EAP-SIM functionality).
It could also provide access to contacts information stored on the card,
which is often highly personal data.
The SAP profile allows raw APDU access to the SIM card, so it would
enable any arbitrary SIM card operations to be performed.
For all these reasons, it might be a good idea to default to have the
SIM Access Profile cleanly disabled unless the user explicitly wants to
enable it.
Starting bluetoothd with the option "--noplugin=sap" by default (as
already suggested) would be one way to do it. Another way would be to
patch the `bootstrap-configure` file in the source root directory, to
change `--enable-sap` to `--disable-sap`.
In its current form, the SIM Access Profile support of BlueZ is only
useful for developers, and even that requires modifying
/etc/dbus-1/system.d/bluetooth.conf before it will do anything other
than display an error message on Bluetooth service start-up. This is
true of both the version in bullseye and the current unstable version.
--
Matti....@iki.fi