Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bb865677 authored by Andre Eisenbach's avatar Andre Eisenbach
Browse files

Do not remove device security record on LMP timeout 

If an LMP timeout is encountered in the middle of authentication, the
link key is removed from the controller (but not from NVRAM). This can
result in a follow up connction triggering a LINK_KEY_MISSING reply,
which in turn can cause a remote device to initiate pairing which will
then finally remove the link key stored in NVRAM as well.

This change prevents the link key from being removed from the Bluetooth
controller in case of a timeout during link authentication.

Bug: 36798442
Test: manual
Change-Id: Ic89a16b45756e3d40b2e374c645c8f245f6ce3fc
parent 6f6da2ed

system/bta/dm/bta_dm_act.cc

+13 −8
Original line number Diff line number Diff line
@@ -385,7 +385,8 @@ static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) { 
  } else if (status == BTA_SYS_HW_ON_EVT) {

    /* FIXME: We should not unregister as the SYS shall invoke this callback on

     * a H/W error.

    * We need to revisit when this platform has more than one BLuetooth H/W chip

     * We need to revisit when this platform has more than one BLuetooth H/W

     * chip

     */

    // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
@@ -2606,8 +2607,12 @@ static uint8_t bta_dm_authentication_complete_cback( 
    if (bta_dm_cb.p_sec_cback)

      bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);



    if (result != HCI_ERR_LMP_RESPONSE_TIMEOUT &&

        result != HCI_ERR_PAGE_TIMEOUT &&

        result != HCI_ERR_CONN_FAILED_ESTABLISHMENT) {

      bta_dm_remove_sec_dev_entry(bd_addr);

    }

  }



  return BTM_SUCCESS;

}

system/btif/src/btif_dm.cc

+1 −4
Original line number Diff line number Diff line
@@ -1148,6 +1148,7 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) { 
    // Map the HCI fail reason  to  bt status

    switch (p_auth_cmpl->fail_reason) {

      case HCI_ERR_PAGE_TIMEOUT:

      case HCI_ERR_LMP_RESPONSE_TIMEOUT:

        if (interop_match_addr(INTEROP_AUTO_RETRY_PAIRING, &bd_addr) &&

            pairing_cb.timeout_retries) {

          BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...",
@@ -1166,10 +1167,6 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) { 
        status = BT_STATUS_AUTH_REJECTED;

        break;



      case HCI_ERR_LMP_RESPONSE_TIMEOUT:

        status = BT_STATUS_AUTH_FAILURE;

        break;



      /* map the auth failure codes, so we can retry pairing if necessary */

      case HCI_ERR_AUTH_FAILURE:

      case HCI_ERR_KEY_MISSING: