Merge "SM: Implement an attempt to upgrade the link security" (d44c10b4) · Commits · e / os / android_packages_modules_Bluetooth

system/gd/security/internal/security_manager_impl.cc

+32 −7

Original line number	Original line	Diff line number	Diff line
	@@ -313,10 +313,16 @@ void SecurityManagerImpl::OnPairingHandlerComplete(hci::Address address, Pairing
	pairing_handler_map_.erase(entry);		pairing_handler_map_.erase(entry);
	security_manager_channel_->Release(address);		security_manager_channel_->Release(address);
	}		}
			auto remote = hci::AddressWithType(address, hci::AddressType::PUBLIC_DEVICE_ADDRESS);
			auto cb_entry = enforce_security_policy_callback_map_.find(remote);
			if (cb_entry != enforce_security_policy_callback_map_.end()) {
			this->InternalEnforceSecurityPolicy(remote, cb_entry->second.first, std::move(cb_entry->second.second), false);
			enforce_security_policy_callback_map_.erase(cb_entry);
			}
	if (!std::holds_alternative<PairingFailure>(status)) {		if (!std::holds_alternative<PairingFailure>(status)) {
	NotifyDeviceBonded(hci::AddressWithType(address, hci::AddressType::PUBLIC_DEVICE_ADDRESS));		NotifyDeviceBonded(remote);
	} else {		} else {
	NotifyDeviceBondFailed(hci::AddressWithType(address, hci::AddressType::PUBLIC_DEVICE_ADDRESS), status);		NotifyDeviceBondFailed(remote, status);
	}		}
	}		}

	@@ -565,9 +571,11 @@ void SecurityManagerImpl::SetOobDataPresent(hci::OobDataPresent data_present) {
	this->local_oob_data_present_ = data_present;		this->local_oob_data_present_ = data_present;
	}		}

	void SecurityManagerImpl::EnforceSecurityPolicy(		void SecurityManagerImpl::InternalEnforceSecurityPolicy(
	hci::AddressWithType remote, l2cap::classic::SecurityPolicy policy,		hci::AddressWithType remote,
	l2cap::classic::SecurityEnforcementInterface::ResultCallback result_callback) {		l2cap::classic::SecurityPolicy policy,
			l2cap::classic::SecurityEnforcementInterface::ResultCallback result_callback,
			bool try_meet_requirements) {
	bool result = false;		bool result = false;
	auto record = this->security_database_.FindOrCreate(remote);		auto record = this->security_database_.FindOrCreate(remote);
	switch (policy) {		switch (policy) {
	@@ -582,12 +590,29 @@ void SecurityManagerImpl::EnforceSecurityPolicy(
	result = true;		result = true;
	break;		break;
	}		}
	if (!result) {		if (!result && try_meet_requirements) {
	// TODO(optedoblivion): Start pairing process to meet requirements		auto entry = enforce_security_policy_callback_map_.find(remote);
			if (entry != enforce_security_policy_callback_map_.end()) {
			LOG_WARN("Callback already pending for remote: '%s' !", remote.ToString().c_str());
			} else {
			enforce_security_policy_callback_map_.emplace(
			remote,
			std::pair<l2cap::classic::SecurityPolicy, l2cap::classic::SecurityEnforcementInterface::ResultCallback>(
			policy, std::move(result_callback)));
			DispatchPairingHandler(record, true);
			}
			return;
	}		}
	result_callback.Invoke(result);		result_callback.Invoke(result);
	}		}

			void SecurityManagerImpl::EnforceSecurityPolicy(
			hci::AddressWithType remote,
			l2cap::classic::SecurityPolicy policy,
			l2cap::classic::SecurityEnforcementInterface::ResultCallback result_callback) {
			this->InternalEnforceSecurityPolicy(remote, policy, std::move(result_callback), true);
			}

	void SecurityManagerImpl::EnforceLeSecurityPolicy(		void SecurityManagerImpl::EnforceLeSecurityPolicy(
	hci::AddressWithType remote, l2cap::le::SecurityPolicy policy,		hci::AddressWithType remote, l2cap::le::SecurityPolicy policy,
	l2cap::le::SecurityEnforcementInterface::ResultCallback result_callback) {		l2cap::le::SecurityEnforcementInterface::ResultCallback result_callback) {

system/gd/security/internal/security_manager_impl.h

+9 −0

Original line number	Original line	Diff line number	Diff line
	@@ -201,6 +201,11 @@ class SecurityManagerImpl : public channel::ISecurityManagerChannelListener, pub
	void OnHciLeEvent(hci::LeMetaEventView event);		void OnHciLeEvent(hci::LeMetaEventView event);
	LeFixedChannelEntry* FindStoredLeChannel(const hci::AddressWithType& device);		LeFixedChannelEntry* FindStoredLeChannel(const hci::AddressWithType& device);
	bool EraseStoredLeChannel(const hci::AddressWithType& device);		bool EraseStoredLeChannel(const hci::AddressWithType& device);
			void InternalEnforceSecurityPolicy(
			hci::AddressWithType remote,
			l2cap::classic::SecurityPolicy policy,
			l2cap::classic::SecurityEnforcementInterface::ResultCallback result_callback,
			bool try_meet_requirements);

	os::Handler* security_handler_ __attribute__((unused));		os::Handler* security_handler_ __attribute__((unused));
	l2cap::le::L2capLeModule* l2cap_le_module_ __attribute__((unused));		l2cap::le::L2capLeModule* l2cap_le_module_ __attribute__((unused));
	@@ -215,6 +220,10 @@ class SecurityManagerImpl : public channel::ISecurityManagerChannelListener, pub
	hci::OobDataPresent local_oob_data_present_ = kDefaultOobDataPresent;		hci::OobDataPresent local_oob_data_present_ = kDefaultOobDataPresent;
	security::IoCapability local_le_io_capability_ = security::IoCapability::NO_INPUT_NO_OUTPUT;		security::IoCapability local_le_io_capability_ = security::IoCapability::NO_INPUT_NO_OUTPUT;
	uint8_t local_le_auth_req_ = AuthReqMaskBondingFlag \| AuthReqMaskMitm \| AuthReqMaskSc;		uint8_t local_le_auth_req_ = AuthReqMaskBondingFlag \| AuthReqMaskMitm \| AuthReqMaskSc;
			std::unordered_map<
			hci::AddressWithType,
			std::pair<l2cap::classic::SecurityPolicy, l2cap::classic::SecurityEnforcementInterface::ResultCallback>>
			enforce_security_policy_callback_map_;

	struct {		struct {
	hci::AddressWithType address_;		hci::AddressWithType address_;