Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09b33986 authored by Hui Peng's avatar Hui Peng Committed by Android Build Coastguard Worker
Browse files

Reject access to secure service authenticated from a temp bonding [1] 

Rejecct access to services running on l2cap

Backport of
Idef4ea28eb3d17b0807ab7dc6849433ddc5581b3

Bug: 294854926
Test: m com.android.btservices
Ignore-AOSP-First: security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1f08f638c91169df84a43b6cd4e04d1aa3a5d554)
Merged-In: Idef4ea28eb3d17b0807ab7dc6849433ddc5581b3
Change-Id: Idef4ea28eb3d17b0807ab7dc6849433ddc5581b3
parent 397c1e92

system/stack/btm/btm_sec.cc

+33 −2
Original line number Diff line number Diff line
@@ -230,6 +230,25 @@ static bool btm_dev_16_digit_authenticated(tBTM_SEC_DEV_REC* p_dev_rec) { 
  return (false);

}



/*******************************************************************************

 *

 * Function         access_secure_service_from_temp_bond

 *

 * Description      a utility function to test whether an access to

 *                  secure service from temp bonding is happening

 *

 * Returns          true if the aforementioned condition holds,

 *                  false otherwise

 *

 ******************************************************************************/

static bool access_secure_service_from_temp_bond(const tBTM_SEC_DEV_REC* p_dev_rec,

                                                 bool locally_initiated,

                                                 uint16_t security_req) {

  return !locally_initiated && (security_req & BTM_SEC_IN_AUTHENTICATE) &&

    p_dev_rec->is_device_authenticated() &&

    p_dev_rec->is_bond_type_temporary();

}



/*******************************************************************************

 *

 * Function         BTM_SecRegister
@@ -1636,9 +1655,14 @@ tBTM_STATUS btm_sec_l2cap_access_req_by_requirement( 
      }



      if (rc == BTM_SUCCESS) {

        if (access_secure_service_from_temp_bond(p_dev_rec, is_originator, security_required)) {

          LOG_ERROR("Trying to access a secure service from a temp bonding, rejecting");

          rc = BTM_FAILED_ON_SECURITY;

        }



        if (p_callback)

          (*p_callback)(&bd_addr, transport, (void*)p_ref_data, BTM_SUCCESS);

        return (BTM_SUCCESS);

          (*p_callback)(&bd_addr, transport, (void*)p_ref_data, rc);

        return (rc);

      }

    }
@@ -4520,6 +4544,13 @@ tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) { 
    return (BTM_FAILED_ON_SECURITY);

  }



  if (access_secure_service_from_temp_bond(p_dev_rec,

                                           p_dev_rec->IsLocallyInitiated(),

                                           p_dev_rec->security_required)) {

    LOG_ERROR("Trying to access a secure service from a temp bonding, rejecting");

    return (BTM_FAILED_ON_SECURITY);

  }



  /* All required  security procedures already established */

  p_dev_rec->security_required &=

      ~(BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_IN_AUTHENTICATE |