Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 61ef3734 authored by Hansong Zhang's avatar Hansong Zhang
Browse files

GD Security: Improve Enforce() workflow 

InternalEnforceSecurityPolicy establishes the requirement
- ENCRYPTED_TRANSPORT: If paired but not encrypted, just wait for
  encryption change; if unpaired, pair with NO_BOND_NO_MITM
- AUTHENTICATED_ENCRYPTED_TRANSPORT: Similar as above, but we need to
  pair again if existing LK is not authenticated. Exception: If no MITM
  is needed during pairing, we assume authenticated LK is not possible,
  so we allow connection. In the future, use IO cap to check.

When link is encrypted, or new pairing is complete, we invoke
UpdateLinkSecurityCondition.

Test: cert/run --host
Test: CtsVerifier Insecure RFCOMM client
Tag: #gd-refactor
Bug: 141555841
Change-Id: Ic5792c8e967cd068e08df4702393ae3188c6d4e8
parent f6c7b89f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment