Loading system/btif/Android.bp +8 −0 Original line number Diff line number Diff line Loading @@ -127,6 +127,14 @@ cc_test { "libprotobuf-cpp-lite", "libcutils", "libutils", "libcrypto", "android.hardware.keymaster@4.0", "android.hardware.keymaster@3.0", "libkeymaster4support", "libkeystore_aidl", "libkeystore_binder", "libkeystore_parcelables", "libbinder", "libstatslog", ], static_libs: [ Loading system/main/Android.bp +7 −0 Original line number Diff line number Diff line Loading @@ -51,6 +51,13 @@ cc_library_shared { "libutils", "libtinyxml2", "libz", "libcrypto", "android.hardware.keymaster@4.0", "android.hardware.keymaster@3.0", "libkeymaster4support", "libkeystore_aidl", "libkeystore_binder", "libkeystore_parcelables", "libstatslog", ], static_libs: [ Loading system/stack/btm/btm_dev.cc +13 −17 Original line number Diff line number Diff line Loading @@ -149,6 +149,12 @@ bool BTM_SecAddDevice(const RawAddress& bd_addr, DEV_CLASS dev_class, return true; } void wipe_secrets_and_remove(tBTM_SEC_DEV_REC* p_dev_rec) { memset(p_dev_rec->link_key, 0, LINK_KEY_LEN); memset(&p_dev_rec->ble.keys, 0, sizeof(tBTM_SEC_BLE_KEYS)); list_remove(btm_cb.sec_dev_rec, p_dev_rec); } /** Free resources associated with the device associated with |bd_addr| address. * * *** WARNING *** Loading @@ -170,7 +176,10 @@ bool BTM_SecDeleteDevice(const RawAddress& bd_addr) { tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); if (p_dev_rec != NULL) { RawAddress bda = p_dev_rec->bd_addr; btm_sec_free_dev(p_dev_rec); /* Clear out any saved BLE keys */ btm_sec_clear_ble_keys(p_dev_rec); wipe_secrets_and_remove(p_dev_rec); /* Tell controller to get rid of the link key, if it has one stored */ BTM_DeleteStoredLinkKey(&bda, NULL); } Loading Loading @@ -255,19 +264,6 @@ tBTM_SEC_DEV_REC* btm_sec_alloc_dev(const RawAddress& bd_addr) { return (p_dev_rec); } /******************************************************************************* * * Function btm_sec_free_dev * * Description Mark device record as not used * ******************************************************************************/ void btm_sec_free_dev(tBTM_SEC_DEV_REC* p_dev_rec) { /* Clear out any saved BLE keys */ btm_sec_clear_ble_keys(p_dev_rec); list_remove(btm_cb.sec_dev_rec, p_dev_rec); } /******************************************************************************* * * Function btm_dev_support_switch Loading Loading @@ -413,7 +409,7 @@ void btm_consolidate_dev(tBTM_SEC_DEV_REC* p_target_rec) { p_target_rec->bond_type = temp_rec.bond_type; /* remove the combined record */ list_remove(btm_cb.sec_dev_rec, p_dev_rec); wipe_secrets_and_remove(p_dev_rec); // p_dev_rec gets freed in list_remove, we should not access it further continue; } Loading @@ -425,7 +421,7 @@ void btm_consolidate_dev(tBTM_SEC_DEV_REC* p_target_rec) { p_target_rec->device_type |= p_dev_rec->device_type; /* remove the combined record */ list_remove(btm_cb.sec_dev_rec, p_dev_rec); wipe_secrets_and_remove(p_dev_rec); } } } Loading Loading @@ -514,7 +510,7 @@ tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void) { if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) { p_dev_rec = btm_find_oldest_dev_rec(); list_remove(btm_cb.sec_dev_rec, p_dev_rec); wipe_secrets_and_remove(p_dev_rec); } p_dev_rec = Loading system/stack/btm/btm_int.h +1 −1 Original line number Diff line number Diff line Loading @@ -208,7 +208,7 @@ extern bool btm_dev_support_switch(const RawAddress& bd_addr); extern tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void); extern tBTM_SEC_DEV_REC* btm_sec_alloc_dev(const RawAddress& bd_addr); extern void btm_sec_free_dev(tBTM_SEC_DEV_REC* p_dev_rec); extern void wipe_secrets_and_remove(tBTM_SEC_DEV_REC* p_dev_rec); extern tBTM_SEC_DEV_REC* btm_find_dev(const RawAddress& bd_addr); extern tBTM_SEC_DEV_REC* btm_find_or_alloc_dev(const RawAddress& bd_addr); extern tBTM_SEC_DEV_REC* btm_find_dev_by_handle(uint16_t handle); Loading system/stack/btm/btm_main.cc +10 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,16 @@ void btm_free(void) { fixed_queue_free(btm_cb.sec_pending_q, NULL); btm_cb.sec_pending_q = NULL; list_node_t* end = list_end(btm_cb.sec_dev_rec); list_node_t* node = list_begin(btm_cb.sec_dev_rec); while (node != end) { tBTM_SEC_DEV_REC* p_dev_rec = static_cast<tBTM_SEC_DEV_REC*>(list_node(node)); // we do list_remove in, must grab next before removing node = list_next(node); wipe_secrets_and_remove(p_dev_rec); } list_free(btm_cb.sec_dev_rec); btm_cb.sec_dev_rec = NULL; Loading Loading
system/btif/Android.bp +8 −0 Original line number Diff line number Diff line Loading @@ -127,6 +127,14 @@ cc_test { "libprotobuf-cpp-lite", "libcutils", "libutils", "libcrypto", "android.hardware.keymaster@4.0", "android.hardware.keymaster@3.0", "libkeymaster4support", "libkeystore_aidl", "libkeystore_binder", "libkeystore_parcelables", "libbinder", "libstatslog", ], static_libs: [ Loading
system/main/Android.bp +7 −0 Original line number Diff line number Diff line Loading @@ -51,6 +51,13 @@ cc_library_shared { "libutils", "libtinyxml2", "libz", "libcrypto", "android.hardware.keymaster@4.0", "android.hardware.keymaster@3.0", "libkeymaster4support", "libkeystore_aidl", "libkeystore_binder", "libkeystore_parcelables", "libstatslog", ], static_libs: [ Loading
system/stack/btm/btm_dev.cc +13 −17 Original line number Diff line number Diff line Loading @@ -149,6 +149,12 @@ bool BTM_SecAddDevice(const RawAddress& bd_addr, DEV_CLASS dev_class, return true; } void wipe_secrets_and_remove(tBTM_SEC_DEV_REC* p_dev_rec) { memset(p_dev_rec->link_key, 0, LINK_KEY_LEN); memset(&p_dev_rec->ble.keys, 0, sizeof(tBTM_SEC_BLE_KEYS)); list_remove(btm_cb.sec_dev_rec, p_dev_rec); } /** Free resources associated with the device associated with |bd_addr| address. * * *** WARNING *** Loading @@ -170,7 +176,10 @@ bool BTM_SecDeleteDevice(const RawAddress& bd_addr) { tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); if (p_dev_rec != NULL) { RawAddress bda = p_dev_rec->bd_addr; btm_sec_free_dev(p_dev_rec); /* Clear out any saved BLE keys */ btm_sec_clear_ble_keys(p_dev_rec); wipe_secrets_and_remove(p_dev_rec); /* Tell controller to get rid of the link key, if it has one stored */ BTM_DeleteStoredLinkKey(&bda, NULL); } Loading Loading @@ -255,19 +264,6 @@ tBTM_SEC_DEV_REC* btm_sec_alloc_dev(const RawAddress& bd_addr) { return (p_dev_rec); } /******************************************************************************* * * Function btm_sec_free_dev * * Description Mark device record as not used * ******************************************************************************/ void btm_sec_free_dev(tBTM_SEC_DEV_REC* p_dev_rec) { /* Clear out any saved BLE keys */ btm_sec_clear_ble_keys(p_dev_rec); list_remove(btm_cb.sec_dev_rec, p_dev_rec); } /******************************************************************************* * * Function btm_dev_support_switch Loading Loading @@ -413,7 +409,7 @@ void btm_consolidate_dev(tBTM_SEC_DEV_REC* p_target_rec) { p_target_rec->bond_type = temp_rec.bond_type; /* remove the combined record */ list_remove(btm_cb.sec_dev_rec, p_dev_rec); wipe_secrets_and_remove(p_dev_rec); // p_dev_rec gets freed in list_remove, we should not access it further continue; } Loading @@ -425,7 +421,7 @@ void btm_consolidate_dev(tBTM_SEC_DEV_REC* p_target_rec) { p_target_rec->device_type |= p_dev_rec->device_type; /* remove the combined record */ list_remove(btm_cb.sec_dev_rec, p_dev_rec); wipe_secrets_and_remove(p_dev_rec); } } } Loading Loading @@ -514,7 +510,7 @@ tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void) { if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) { p_dev_rec = btm_find_oldest_dev_rec(); list_remove(btm_cb.sec_dev_rec, p_dev_rec); wipe_secrets_and_remove(p_dev_rec); } p_dev_rec = Loading
system/stack/btm/btm_int.h +1 −1 Original line number Diff line number Diff line Loading @@ -208,7 +208,7 @@ extern bool btm_dev_support_switch(const RawAddress& bd_addr); extern tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void); extern tBTM_SEC_DEV_REC* btm_sec_alloc_dev(const RawAddress& bd_addr); extern void btm_sec_free_dev(tBTM_SEC_DEV_REC* p_dev_rec); extern void wipe_secrets_and_remove(tBTM_SEC_DEV_REC* p_dev_rec); extern tBTM_SEC_DEV_REC* btm_find_dev(const RawAddress& bd_addr); extern tBTM_SEC_DEV_REC* btm_find_or_alloc_dev(const RawAddress& bd_addr); extern tBTM_SEC_DEV_REC* btm_find_dev_by_handle(uint16_t handle); Loading
system/stack/btm/btm_main.cc +10 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,16 @@ void btm_free(void) { fixed_queue_free(btm_cb.sec_pending_q, NULL); btm_cb.sec_pending_q = NULL; list_node_t* end = list_end(btm_cb.sec_dev_rec); list_node_t* node = list_begin(btm_cb.sec_dev_rec); while (node != end) { tBTM_SEC_DEV_REC* p_dev_rec = static_cast<tBTM_SEC_DEV_REC*>(list_node(node)); // we do list_remove in, must grab next before removing node = list_next(node); wipe_secrets_and_remove(p_dev_rec); } list_free(btm_cb.sec_dev_rec); btm_cb.sec_dev_rec = NULL; Loading
