RootCanal: Reject unsolicited PIN responses (9cbad258) · Commits · e / os / android_packages_modules_Bluetooth

system/vendor_libs/test_vendor_lib/model/controller/link_layer_controller.cc

+11 −0

Original line number	Diff line number	Diff line
		@@ -728,6 +728,7 @@ void LinkLayerController::IncomingIoCapabilityRequestPacket(
		ErrorCode::UNSUPPORTED_REMOTE_OR_LMP_FEATURE)));
		security_manager_.AuthenticationRequest(incoming.GetSourceAddress(),
		handle);
		security_manager_.SetPinRequested(peer);
		send_event_(bluetooth::hci::PinCodeRequestBuilder::Create(
		incoming.GetSourceAddress()));
		return;
		@@ -816,6 +817,7 @@ void LinkLayerController::IncomingIoCapabilityNegativeResponsePacket(
		security_manager_.InvalidateIoCapabilities();
		LOG_INFO("%s doesn't support SSP, try PIN",
		incoming.GetSourceAddress().ToString().c_str());
		security_manager_.SetPinRequested(peer);
		send_event_(bluetooth::hci::PinCodeRequestBuilder::Create(
		incoming.GetSourceAddress()));
		}
		@@ -1564,6 +1566,7 @@ ErrorCode LinkLayerController::LinkKeyRequestNegativeReply(
		} else {
		LOG_INFO("PIN pairing %s", properties_.GetAddress().ToString().c_str());
		ScheduleTask(milliseconds(5), [this, address]() {
		security_manager_.SetPinRequested(address);
		send_event_(bluetooth::hci::PinCodeRequestBuilder::Create(address));
		});
		}
		@@ -1670,6 +1673,10 @@ ErrorCode LinkLayerController::PinCodeRequestReply(const Address& peer,
		});
		return ErrorCode::UNKNOWN_CONNECTION;
		}
		if (!security_manager_.GetPinRequested(peer)) {
		LOG_INFO("No Pin Requested for %s", peer.ToString().c_str());
		return ErrorCode::COMMAND_DISALLOWED;
		}
		LOG_INFO("Authenticating %s", peer.ToString().c_str());
		SaveKeyAndAuthenticate('L', peer); // Legacy
		return ErrorCode::SUCCESS;
		@@ -1686,6 +1693,10 @@ ErrorCode LinkLayerController::PinCodeRequestNegativeReply(
		if (peer != current_peer) {
		return ErrorCode::UNKNOWN_CONNECTION;
		}
		if (!security_manager_.GetPinRequested(peer)) {
		LOG_INFO("No Pin Requested for %s", peer.ToString().c_str());
		return ErrorCode::COMMAND_DISALLOWED;
		}
		return ErrorCode::SUCCESS;
		}

system/vendor_libs/test_vendor_lib/model/controller/security_manager.cc

+10 −0

Original line number	Diff line number	Diff line
		@@ -63,6 +63,7 @@ void SecurityManager::AuthenticationRequest(const Address& addr, uint16_t handle
		authenticating_ = true;
		current_handle_ = handle;
		peer_address_ = addr;
		peer_pin_requested_ = false;
		}

		void SecurityManager::AuthenticationRequestFinished() {
		@@ -188,4 +189,13 @@ PairingType SecurityManager::GetSimplePairingType() {
		}
		}

		void SecurityManager::SetPinRequested(const Address& addr) {
		ASSERT(addr == peer_address_);
		peer_pin_requested_ = true;
		}

		bool SecurityManager::GetPinRequested(const Address& addr) {
		return peer_pin_requested_;
		}

		} // namespace test_vendor_lib

system/vendor_libs/test_vendor_lib/model/controller/security_manager.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -78,6 +78,9 @@ class SecurityManager {
		uint16_t GetAuthenticationHandle();
		Address GetAuthenticationAddress();

		void SetPinRequested(const Address& addr);
		bool GetPinRequested(const Address& addr);

		void SetPeerIoCapability(const Address& addr, uint8_t io_capability, uint8_t oob_present_flag,
		uint8_t authentication_requirements);
		void SetLocalIoCapability(const Address& peer, uint8_t io_capability, uint8_t oob_present_flag,
		@@ -96,6 +99,7 @@ class SecurityManager {
		uint8_t peer_oob_present_flag_{0};
		AuthenticationType peer_authentication_requirements_{
		AuthenticationType::NO_BONDING};
		bool peer_pin_requested_{false};

		bool host_capabilities_valid_{false};
		IoCapabilityType host_io_capability_{IoCapabilityType::DISPLAY_ONLY};