Loading system/gd/security/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,7 @@ filegroup { "ecc/p_256_ecc_pp.cc", "ecdh_keys.cc", "facade_configuration_api.cc", "l2cap_security_module_interface.cc", "pairing_handler_le.cc", "pairing_handler_le_legacy.cc", "pairing_handler_le_secure_connections.cc", Loading system/gd/security/internal/security_manager_impl.cc +45 −0 Original line number Diff line number Diff line Loading @@ -450,6 +450,51 @@ void SecurityManagerImpl::SetOobDataPresent(hci::OobDataPresent data_present) { this->local_oob_data_present_ = data_present; } void SecurityManagerImpl::EnforceSecurityPolicy( hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback) { bool result = false; auto record = this->security_database_.FindOrCreate(remote); switch (policy) { case l2cap::classic::SecurityPolicy::BEST: case l2cap::classic::SecurityPolicy::AUTHENTICATED_ENCRYPTED_TRANSPORT: result = record.IsAuthenticated() && record.RequiresMitmProtection() && record.IsEncryptionRequired(); break; case l2cap::classic::SecurityPolicy::ENCRYPTED_TRANSPORT: result = record.IsAuthenticated() && record.IsEncryptionRequired(); break; case l2cap::classic::SecurityPolicy::_SDP_ONLY_NO_SECURITY_WHATSOEVER_PLAINTEXT_TRANSPORT_OK: result = true; break; } if (!result) { // TODO(optedoblivion): Start pairing process to meet requirements } result_callback.Invoke(result); } void SecurityManagerImpl::EnforceLeSecurityPolicy(hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback) { bool result = false; // TODO(jpawlowski): Implement for LE switch (policy) { case l2cap::le::SecurityPolicy::BEST: break; case l2cap::le::SecurityPolicy::AUTHENTICATED_ENCRYPTED_TRANSPORT: break; case l2cap::le::SecurityPolicy::ENCRYPTED_TRANSPORT: break; case l2cap::le::SecurityPolicy::NO_SECURITY_WHATSOEVER_PLAINTEXT_TRANSPORT_OK: result = true; break; case l2cap::le::SecurityPolicy::_NOT_FOR_YOU__AUTHENTICATED_PAIRING_WITH_128_BIT_KEY: break; case l2cap::le::SecurityPolicy::_NOT_FOR_YOU__AUTHORIZATION: break; } result_callback.Invoke(result); } } // namespace internal } // namespace security } // namespace bluetooth system/gd/security/internal/security_manager_impl.h +7 −0 Original line number Diff line number Diff line Loading @@ -21,7 +21,9 @@ #include "hci/acl_manager.h" #include "hci/classic_device.h" #include "l2cap/classic/security_module_interface.h" #include "l2cap/le/l2cap_le_module.h" #include "l2cap/le/security_module_interface.h" #include "os/handler.h" #include "security/channel/security_manager_channel.h" #include "security/initial_informations.h" Loading Loading @@ -151,6 +153,11 @@ class SecurityManagerImpl : public channel::ISecurityManagerChannelListener, pub void SetAuthenticationRequirements(hci::AuthenticationRequirements authentication_requirements); void SetOobDataPresent(hci::OobDataPresent data_present); void EnforceSecurityPolicy(hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback); void EnforceLeSecurityPolicy(hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback); protected: std::vector<std::pair<ISecurityManagerListener*, os::Handler*>> listeners_; UI* user_interface_ = nullptr; Loading system/gd/security/l2cap_security_module_interface.cc 0 → 100644 +45 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "security/l2cap_security_module_interface.h" #include "common/bind.h" namespace bluetooth { namespace security { L2capSecurityModuleInterface::L2capSecurityModuleInterface(internal::SecurityManagerImpl* security_manager_impl, os::Handler* security_handler) : security_manager_impl_(security_manager_impl), security_handler_(security_handler) {} void L2capSecurityModuleInterface::EnforceSecurityPolicy( hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback) { this->security_handler_->Post(common::BindOnce( &internal::SecurityManagerImpl::EnforceSecurityPolicy, common::Unretained(security_manager_impl_), std::forward<hci::AddressWithType>(remote), std::forward<l2cap::classic::SecurityPolicy>(policy), std::forward<l2cap::classic::SecurityModuleInterface::ResultCallback>(result_callback))); } void L2capSecurityModuleInterface::EnforceSecurityPolicy( hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback) { this->security_handler_->Post(common::BindOnce( &internal::SecurityManagerImpl::EnforceLeSecurityPolicy, common::Unretained(security_manager_impl_), std::forward<hci::AddressWithType>(remote), std::forward<l2cap::le::SecurityPolicy>(policy), std::forward<l2cap::le::SecurityModuleInterface::ResultCallback>(result_callback))); } } // namespace security } // namespace bluetooth system/gd/security/l2cap_security_module_interface.h 0 → 100644 +40 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include "l2cap/classic/security_module_interface.h" #include "l2cap/le/security_module_interface.h" #include "os/handler.h" #include "security/internal/security_manager_impl.h" namespace bluetooth { namespace security { class L2capSecurityModuleInterface : public l2cap::classic::SecurityModuleInterface, public l2cap::le::SecurityModuleInterface { public: L2capSecurityModuleInterface(internal::SecurityManagerImpl* security_manager_impl, os::Handler* security_handler); void EnforceSecurityPolicy(hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback) override; void EnforceSecurityPolicy(hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback) override; private: internal::SecurityManagerImpl* security_manager_impl_; os::Handler* security_handler_ = nullptr; }; } // namespace security } // namespace bluetooth Loading
system/gd/security/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,7 @@ filegroup { "ecc/p_256_ecc_pp.cc", "ecdh_keys.cc", "facade_configuration_api.cc", "l2cap_security_module_interface.cc", "pairing_handler_le.cc", "pairing_handler_le_legacy.cc", "pairing_handler_le_secure_connections.cc", Loading
system/gd/security/internal/security_manager_impl.cc +45 −0 Original line number Diff line number Diff line Loading @@ -450,6 +450,51 @@ void SecurityManagerImpl::SetOobDataPresent(hci::OobDataPresent data_present) { this->local_oob_data_present_ = data_present; } void SecurityManagerImpl::EnforceSecurityPolicy( hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback) { bool result = false; auto record = this->security_database_.FindOrCreate(remote); switch (policy) { case l2cap::classic::SecurityPolicy::BEST: case l2cap::classic::SecurityPolicy::AUTHENTICATED_ENCRYPTED_TRANSPORT: result = record.IsAuthenticated() && record.RequiresMitmProtection() && record.IsEncryptionRequired(); break; case l2cap::classic::SecurityPolicy::ENCRYPTED_TRANSPORT: result = record.IsAuthenticated() && record.IsEncryptionRequired(); break; case l2cap::classic::SecurityPolicy::_SDP_ONLY_NO_SECURITY_WHATSOEVER_PLAINTEXT_TRANSPORT_OK: result = true; break; } if (!result) { // TODO(optedoblivion): Start pairing process to meet requirements } result_callback.Invoke(result); } void SecurityManagerImpl::EnforceLeSecurityPolicy(hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback) { bool result = false; // TODO(jpawlowski): Implement for LE switch (policy) { case l2cap::le::SecurityPolicy::BEST: break; case l2cap::le::SecurityPolicy::AUTHENTICATED_ENCRYPTED_TRANSPORT: break; case l2cap::le::SecurityPolicy::ENCRYPTED_TRANSPORT: break; case l2cap::le::SecurityPolicy::NO_SECURITY_WHATSOEVER_PLAINTEXT_TRANSPORT_OK: result = true; break; case l2cap::le::SecurityPolicy::_NOT_FOR_YOU__AUTHENTICATED_PAIRING_WITH_128_BIT_KEY: break; case l2cap::le::SecurityPolicy::_NOT_FOR_YOU__AUTHORIZATION: break; } result_callback.Invoke(result); } } // namespace internal } // namespace security } // namespace bluetooth
system/gd/security/internal/security_manager_impl.h +7 −0 Original line number Diff line number Diff line Loading @@ -21,7 +21,9 @@ #include "hci/acl_manager.h" #include "hci/classic_device.h" #include "l2cap/classic/security_module_interface.h" #include "l2cap/le/l2cap_le_module.h" #include "l2cap/le/security_module_interface.h" #include "os/handler.h" #include "security/channel/security_manager_channel.h" #include "security/initial_informations.h" Loading Loading @@ -151,6 +153,11 @@ class SecurityManagerImpl : public channel::ISecurityManagerChannelListener, pub void SetAuthenticationRequirements(hci::AuthenticationRequirements authentication_requirements); void SetOobDataPresent(hci::OobDataPresent data_present); void EnforceSecurityPolicy(hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback); void EnforceLeSecurityPolicy(hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback); protected: std::vector<std::pair<ISecurityManagerListener*, os::Handler*>> listeners_; UI* user_interface_ = nullptr; Loading
system/gd/security/l2cap_security_module_interface.cc 0 → 100644 +45 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "security/l2cap_security_module_interface.h" #include "common/bind.h" namespace bluetooth { namespace security { L2capSecurityModuleInterface::L2capSecurityModuleInterface(internal::SecurityManagerImpl* security_manager_impl, os::Handler* security_handler) : security_manager_impl_(security_manager_impl), security_handler_(security_handler) {} void L2capSecurityModuleInterface::EnforceSecurityPolicy( hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback) { this->security_handler_->Post(common::BindOnce( &internal::SecurityManagerImpl::EnforceSecurityPolicy, common::Unretained(security_manager_impl_), std::forward<hci::AddressWithType>(remote), std::forward<l2cap::classic::SecurityPolicy>(policy), std::forward<l2cap::classic::SecurityModuleInterface::ResultCallback>(result_callback))); } void L2capSecurityModuleInterface::EnforceSecurityPolicy( hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback) { this->security_handler_->Post(common::BindOnce( &internal::SecurityManagerImpl::EnforceLeSecurityPolicy, common::Unretained(security_manager_impl_), std::forward<hci::AddressWithType>(remote), std::forward<l2cap::le::SecurityPolicy>(policy), std::forward<l2cap::le::SecurityModuleInterface::ResultCallback>(result_callback))); } } // namespace security } // namespace bluetooth
system/gd/security/l2cap_security_module_interface.h 0 → 100644 +40 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include "l2cap/classic/security_module_interface.h" #include "l2cap/le/security_module_interface.h" #include "os/handler.h" #include "security/internal/security_manager_impl.h" namespace bluetooth { namespace security { class L2capSecurityModuleInterface : public l2cap::classic::SecurityModuleInterface, public l2cap::le::SecurityModuleInterface { public: L2capSecurityModuleInterface(internal::SecurityManagerImpl* security_manager_impl, os::Handler* security_handler); void EnforceSecurityPolicy(hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy, l2cap::classic::SecurityModuleInterface::ResultCallback result_callback) override; void EnforceSecurityPolicy(hci::AddressWithType remote, l2cap::le::SecurityPolicy policy, l2cap::le::SecurityModuleInterface::ResultCallback result_callback) override; private: internal::SecurityManagerImpl* security_manager_impl_; os::Handler* security_handler_ = nullptr; }; } // namespace security } // namespace bluetooth
