Merge tag 'android-security-13.0.0_r28' into staging/lineage-20.0_android-security-13.0.0_r28 (8f12552f) · Commits · e / os / android_packages_modules_Bluetooth

system/stack/avdt/avdt_msg.cc

+8 −0

Original line number	Diff line number	Diff line
		@@ -1581,6 +1581,14 @@ void avdt_msg_ind(AvdtpCcb* p_ccb, BT_HDR* p_buf) {
		avdt_msg_send_grej(p_ccb, sig, &msg);
		}
		}

		/* validate reject/response against cached sig */
		if (((msg_type == AVDT_MSG_TYPE_RSP) \|\| (msg_type == AVDT_MSG_TYPE_REJ)) &&
		(p_ccb->p_curr_cmd == nullptr \|\| p_ccb->p_curr_cmd->event != sig)) {
		AVDT_TRACE_WARNING(
		"Dropping msg with mismatched sig; sig=%d", sig);
		ok = false;
		}
		}

		if (ok && !gen_rej) {

system/stack/btm/btm_ble.cc

+36 −0

Original line number	Diff line number	Diff line
		@@ -1440,6 +1440,9 @@ tBTM_STATUS btm_ble_set_encryption(const RawAddress& bd_addr,
		switch (sec_act) {
		case BTM_BLE_SEC_ENCRYPT:
		if (link_role == HCI_ROLE_CENTRAL) {
		if (p_rec->is_le_device_encrypted()) {
		return BTM_SUCCESS;
		}
		/* start link layer encryption using the security info stored */
		cmd = btm_ble_start_encrypt(bd_addr, false, NULL);
		break;
		@@ -1818,6 +1821,35 @@ void btm_ble_connected_from_address_with_type(
		address_with_type.type, addr_matched);
		}

		static bool btm_ble_complete_evt_ignore(const tBTM_SEC_DEV_REC* p_dev_rec,
		const tSMP_EVT_DATA* p_data) {
		// Encryption request in peripheral role results in SMP Security request. SMP
		// may generate a SMP_COMPLT_EVT failure event cases like below: 1) Some
		// central devices don't handle cross-over between encryption and SMP security
		// request 2) Link may get disconnected after the SMP security request was
		// sent.
		if (p_data->cmplt.reason != SMP_SUCCESS && !p_dev_rec->role_central &&
		btm_cb.pairing_bda != p_dev_rec->bd_addr &&
		btm_cb.pairing_bda != p_dev_rec->ble.pseudo_addr &&
		p_dev_rec->is_le_link_key_known() &&
		p_dev_rec->ble.key_type != BTM_LE_KEY_NONE) {
		if (p_dev_rec->is_le_device_encrypted()) {
		LOG_WARN("Bonded device %s is already encrypted, ignoring SMP failure",
		PRIVATE_ADDRESS(p_dev_rec->bd_addr));
		return true;
		} else if (p_data->cmplt.reason == SMP_CONN_TOUT) {
		LOG_WARN(
		"Bonded device %s disconnected while waiting for encryption, "
		"ignoring SMP failure",
		PRIVATE_ADDRESS(p_dev_rec->bd_addr));
		l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
		return true;
		}
		}

		return false;
		}

		/*****************************************************************************
		* Function btm_proc_smp_cback
		*
		@@ -1870,6 +1902,10 @@ tBTM_STATUS btm_proc_smp_cback(tSMP_EVT event, const RawAddress& bd_addr,
		FALLTHROUGH_INTENDED; /* FALLTHROUGH */

		case SMP_COMPLT_EVT:
		if (btm_ble_complete_evt_ignore(p_dev_rec, p_data)) {
		return BTM_SUCCESS;
		}

		if (btm_cb.api.p_le_callback) {
		/* the callback function implementation may change the IO
		* capability... */

system/stack/l2cap/l2c_ble.cc

+1 −1

Original line number	Diff line number	Diff line
		@@ -199,10 +199,10 @@ void l2cble_notify_le_connection(const RawAddress& bda) {
		if (BTM_IsAclConnectionUp(bda, BT_TRANSPORT_LE) &&
		p_lcb->link_state != LST_CONNECTED) {
		/* update link status */
		p_lcb->link_state = LST_CONNECTED;
		// TODO Move this back into acl layer
		btm_establish_continue_from_address(bda, BT_TRANSPORT_LE);
		/* update l2cap link status and send callback */
		p_lcb->link_state = LST_CONNECTED;
		l2cu_process_fixed_chnl_resp(p_lcb);
		}