Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5f41286a authored by Brian Delwiche's avatar Brian Delwiche Committed by Automerger Merge Worker
Browse files

Reject encryption drop in Common Criteria mode am: 1ee290b8 

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/20933644



Change-Id: I0576317ac705926573ad15ec0f9730d41f9b32f2
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 70331592 1ee290b8

system/stack/acl/btm_acl.cc

+18 −0
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ 
#include "main/shim/dumpsys.h"

#include "main/shim/l2c_api.h"

#include "main/shim/shim.h"

#include "os/parameter_provider.h"

#include "osi/include/allocator.h"

#include "osi/include/log.h"

#include "osi/include/osi.h"  // UNUSED_ATTR
@@ -630,6 +631,23 @@ void btm_acl_encrypt_change(uint16_t handle, uint8_t status, 
    return;

  }



  /* Common Criteria mode only: if we are trying to drop encryption on an

   * encrypted connection, drop the connection */

  if (bluetooth::os::ParameterProvider::IsCommonCriteriaMode()) {

    if (p->is_encrypted && !encr_enable) {

      LOG(ERROR)

          << __func__

          << " attempting to decrypt encrypted connection, disconnecting. "

             "handle: "

          << loghex(handle);



      acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY,

                                 "stack::btu::btu_hcif::read_drop_encryption "

                                 "Connection Already Encrypted");

      return;

    }

  }



  p->is_encrypted = encr_enable;



  /* Process Role Switch if active */