Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bb1ddf27 authored by Himanshu Rawat's avatar Himanshu Rawat
Browse files

Ensure that Numeric Comparison pairing is not treated as Just Works 

pairing.

According to 'Table 5.7: IO capability mapping to authentication stage
1' in 'Security aspects – BR/EDR physical transport, Generic Access
Profile, BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C',
BT device must not auto-confirm the Numeric Comparison pairing if:
1. Local device IO capability is DisplayYesNo,
2. Remote device IO capability is DisplayOnly or DisplayYesNo, and
3. Either of the devices have requested authenticated link key

Bug: 222289114
Test: Manual
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I08bbe82f78bf2986806f77b76417ae704ea438b7
parent 927a3814

system/stack/btm/btm_sec.cc

+7 −3
Original line number Diff line number Diff line
@@ -2740,12 +2740,16 @@ void btm_proc_sp_req_evt(tBTM_SP_EVT event, const uint8_t* p) { 
            BTM_ConfirmReqReply(status, p_bda);

            return;

          }

          if ((p_dev_rec->rmt_io_caps == BTM_IO_CAP_IO) &&



          if ((p_dev_rec->rmt_io_caps == BTM_IO_CAP_IO ||

               p_dev_rec->rmt_io_caps == BTM_IO_CAP_OUT) &&

              (btm_cb.devcb.loc_io_caps == BTM_IO_CAP_IO) &&

              ((p_dev_rec->rmt_auth_req & BTM_AUTH_SP_YES) ||

               (btm_cb.devcb.loc_auth_req & BTM_AUTH_SP_YES))) {

            /* Both devices are DisplayYesNo and one or both devices want to

               authenticate -> use authenticated link key */

            /* Use Numeric Comparison if

             * 1. Local IO capability is DisplayYesNo,

             * 2. Remote IO capability is DisplayOnly or DiaplayYesNo, and

             * 3. Either of the devices have requested authenticated link key */

            evt_data.cfm_req.just_works = false;

          }

        }