Lock and unlock your Linux session based on the proximity of a Bluetooth device
Project description
BLE Lock Session
BLE Lock Session is a tool that allows you to automatically lock and unlock your computer screen using the proximity of a Bluetooth device. Ideal for users who want a hands-free lock/unlock experience (see Security Considerations before relying on it).
Features
- Automatic Lock/Unlock: Locks the screen when you move away and unlocks it when you come closer, using a Bluetooth device.
- BLE and Classic Bluetooth: Detects both BLE devices (smartwatches, bands, tags) and Classic devices (phones), even when they are not in discoverable mode.
- Flexible Configuration: Compatible with popular desktop environments or WM in Linux.
- No Python dependencies: Uses the BlueZ tools already present on most Linux systems.
Table of Contents
- Requirements
- Installation
- Configuration
- Usage
- Available Commands
- Security Considerations
- Troubleshooting
- Contributing
- License
Requirements
- Linux (tested on Arch Linux)
- Bluetooth Device
- Python 3.x
- BlueZ -
bluetoothctlmust be available (packagebluez-utilson Arch,bluezon Debian/Ubuntu/Fedora).
No Python packages need to be installed. Classic Bluetooth devices (e.g. phones) are detected via Python's built-in Bluetooth sockets — no extra tools required.
Installation
The recommended way is pipx, which installs the ble-lock-session command in an isolated environment:
pipx install git+https://github.com/azratul/ble-lock-session.git
Alternatively, with pip:
pip install --user git+https://github.com/azratul/ble-lock-session.git
Or run it straight from a clone, no installation needed:
git clone https://github.com/azratul/ble-lock-session.git
cd ble-lock-session
python ble_lock_session.py --help
Configuration
The configuration file is located at ~/.config/ble-lock-session/config.ini. If it does not exist, it will be created automatically with default values.
You can modify the options in this file or use the following command:
ble-lock-session --config
You will be able to change the following parameters:
target_address: MAC address of the Bluetooth device. Normally set by--scan, but you can also enter it directly here if you already know it.lock_cmd: Command to lock the screen (depending on the desktop environment).unlock_cmd: Command to unlock the screen (depending on the desktop environment).sleep_time: Time interval between checks, in seconds.discover_time: Total time budget for each presence check during--start, shared by Classic and BLE probes, in seconds.scan_duration: Overall deadline for--scan, in seconds.fail_checks: Consecutive failed checks required before locking (protects against transient Bluetooth failures).
With the defaults, a departure immediately after a successful check locks the session in about 30 seconds in the slowest normal case: one initial 3-second wait, three checks of up to 7 seconds, and two 3-second waits between misses.
Usage
To use BLE Lock Session, you first need to scan and save the address of your Bluetooth device:
ble-lock-session --scan
Then, to start monitoring and automatically lock/unlock:
ble-lock-session --start
You can stop the script with Ctrl + C.
Running as a systemd service
To keep the monitor running in the background without an open terminal, install the bundled user service:
mkdir -p ~/.config/systemd/user
cp ble-lock-session.service ~/.config/systemd/user/
systemctl --user enable --now ble-lock-session
Check its status and logs with:
systemctl --user status ble-lock-session
journalctl --user -u ble-lock-session -f
The unit assumes the ble-lock-session command is in ~/.local/bin (the pipx/pip install --user location). If you installed it elsewhere, edit the ExecStart= line accordingly.
Available Commands
--scan: Searches for a Bluetooth device and saves the MAC address in the configuration.--start: Starts monitoring the configured device for lock/unlock.--config: Interactively modifies the current configuration.
Configuration Example (config.ini)
[SETTINGS]
target_address = 00:1A:7D:DA:71:13
lock_cmd = loginctl lock-session
unlock_cmd = loginctl unlock-session
sleep_time = 3
discover_time = 7
scan_duration = 60
fail_checks = 3
Security Considerations
This is a convenience tool, not an authentication mechanism. Presence is detected by Bluetooth MAC address, and MAC addresses can be spoofed by an attacker who knows (or sniffs) your device's address. Treat the automatic unlock as roughly equivalent to leaving your session open while you are nearby — do not rely on it as a security boundary. If that trade-off is not acceptable for your threat model, use only the lock half (set unlock_cmd to something harmless like true) or don't use the tool at all.
Troubleshooting
- The screen locks but never unlocks. On some distributions
loginctl unlock-sessionrequires polkit authorization. Check withloginctl unlock-sessionin a terminal while locked from another TTY; if it prompts or fails, add a polkit rule for your user or use a desktop-specific unlock command. - The phone is not detected when its screen is off. Phones stop advertising over BLE when idle, so detection relies on the Classic Bluetooth link. That needs Python built with Bluetooth socket support (all major distro packages have it — if yours doesn't,
--startprints a note about it) and the phone's Bluetooth radio on. Being paired with the computer makes detection most reliable. - The phone shows as "connected" to the computer while in range. Expected: the tool keeps a lightweight Bluetooth link open to track presence silently — opening and closing one per check would make desktops that announce Bluetooth connections (e.g. blueman) spam notifications.
- "no Bluetooth adapter available". Make sure
bluetoothdis running (systemctl status bluetooth) and the adapter is not blocked (rfkill list). - The adapter is disabled while monitoring. Adapter errors count as failed checks, so the session locks after
fail_checksconsecutive failures instead of remaining unlocked indefinitely. - Locks randomly while the device is next to the computer. Increase
fail_checksand/ordiscover_timewith--config; some devices advertise infrequently to save battery.
Contributing
Contributions are welcome! If you want to improve the code, add new features, or fix a bug, feel free to open a pull request.
- Fork the project.
- Create a branch for your new feature:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add a new feature' - Push the branch:
git push origin my-new-feature - Open a pull request.
License
This project is licensed under the GPL-3.0 License.
Thank you for trying BLE Lock Session! If you have any questions or suggestions, feel free to open an issue or contact me.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ble_lock_session-1.0.0.tar.gz.
File metadata
- Download URL: ble_lock_session-1.0.0.tar.gz
- Upload date:
- Size: 27.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
05a82d30380d3ad81d6baf3d03e0820fcbc041cb609652de9141d5c0285687dc
|
|
| MD5 |
1a97e769a3667a9525def186777a72c9
|
|
| BLAKE2b-256 |
6101d541de7ce66be4f8196c73cbecb126a91f54e35355d552f10f17f2be4a95
|
Provenance
The following attestation bundles were made for ble_lock_session-1.0.0.tar.gz:
Publisher:
release.yml on azratul/ble-lock-session
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ble_lock_session-1.0.0.tar.gz -
Subject digest:
05a82d30380d3ad81d6baf3d03e0820fcbc041cb609652de9141d5c0285687dc - Sigstore transparency entry: 2173431496
- Sigstore integration time:
-
Permalink:
azratul/ble-lock-session@78525f77b26520c77294bf106de00a4e09344a01 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/azratul
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@78525f77b26520c77294bf106de00a4e09344a01 -
Trigger Event:
release
-
Statement type:
File details
Details for the file ble_lock_session-1.0.0-py3-none-any.whl.
File metadata
- Download URL: ble_lock_session-1.0.0-py3-none-any.whl
- Upload date:
- Size: 23.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44932585ab23067a4dcf2156381aaba6d7077834b6bbe937bdbfc7ec46c9d605
|
|
| MD5 |
44c815a25a1f33dbd4c42bf94bc36d30
|
|
| BLAKE2b-256 |
1b7afd973cd7f7de9e0dcfe59c02cbb52fc0206ba3a596fdc071ea2d583b0a9e
|
Provenance
The following attestation bundles were made for ble_lock_session-1.0.0-py3-none-any.whl:
Publisher:
release.yml on azratul/ble-lock-session
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ble_lock_session-1.0.0-py3-none-any.whl -
Subject digest:
44932585ab23067a4dcf2156381aaba6d7077834b6bbe937bdbfc7ec46c9d605 - Sigstore transparency entry: 2173431621
- Sigstore integration time:
-
Permalink:
azratul/ble-lock-session@78525f77b26520c77294bf106de00a4e09344a01 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/azratul
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@78525f77b26520c77294bf106de00a4e09344a01 -
Trigger Event:
release
-
Statement type: