Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eaef6ea9 authored by Himanshu Rawat's avatar Himanshu Rawat
Browse files

Ensure that Numeric Comparison pairing is not treated as Just Works 

pairing.

According to 'Table 5.7: IO capability mapping to authentication stage
1' in 'Security aspects – BR/EDR physical transport, Generic Access
Profile, BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C',
BT device must not auto-confirm the Numeric Comparison pairing if:
1. Local device IO capability is DisplayYesNo,
2. Remote device IO capability is DisplayOnly or DisplayYesNo, and
3. Either of the devices have requested authenticated link key

Bug: 222289114
Test: Manual
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I08bbe82f78bf2986806f77b76417ae704ea438b7
(cherry picked from commit bb1ddf27)
parent 969c5b15

system/stack/btm/btm_sec.cc

+7 −3
Original line number Diff line number Diff line
@@ -2780,12 +2780,16 @@ void btm_proc_sp_req_evt(tBTM_SP_EVT event, const uint8_t* p) { 
            BTM_ConfirmReqReply(status, p_bda);

            return;

          }

          if ((p_dev_rec->rmt_io_caps == BTM_IO_CAP_IO) &&



          if ((p_dev_rec->rmt_io_caps == BTM_IO_CAP_IO ||

               p_dev_rec->rmt_io_caps == BTM_IO_CAP_OUT) &&

              (btm_cb.devcb.loc_io_caps == BTM_IO_CAP_IO) &&

              ((p_dev_rec->rmt_auth_req & BTM_AUTH_SP_YES) ||

               (btm_cb.devcb.loc_auth_req & BTM_AUTH_SP_YES))) {

            /* Both devices are DisplayYesNo and one or both devices want to

               authenticate -> use authenticated link key */

            /* Use Numeric Comparison if

             * 1. Local IO capability is DisplayYesNo,

             * 2. Remote IO capability is DisplayOnly or DiaplayYesNo, and

             * 3. Either of the devices have requested authenticated link key */

            evt_data.cfm_req.just_works = false;

          }

        }