flags/pairing.aconfig

@@ -141,16 +141,6 @@ flag {
     }
 }
 
-flag {
-    name: "bonded_device_smp_failure_handling"
-    namespace: "bluetooth"
-    description: "Don't remove bond on SMP failure for bonded devices in peripheral role"
-    bug: "385181815"
-    metadata {
-        purpose: PURPOSE_BUGFIX
-    }
-}
-
 flag {
     name: "peripheral_auth_req"
     namespace: "bluetooth"

flags/security.aconfig

@@ -18,16 +18,6 @@ flag {
     bug: "333634398"
 }
 
-flag {
-  name: "btsec_check_valid_discovery_database"
-  namespace: "bluetooth"
-  description: "Check for a valid discovery database before using it, and don't set up a discovery database for a new HF client if one has already been defined for it"
-  bug: "356201480"
-  metadata {
-    purpose: PURPOSE_BUGFIX
-  }
-}
-
 flag {
   name: "le_enc_on_reconnect"
   namespace: "bluetooth"

system/bta/hf_client/bta_hf_client_main.cc

@@ -283,8 +283,7 @@ void bta_hf_client_cb_init(tBTA_HF_CLIENT_CB* client_cb, uint16_t handle) {
   client_cb->enabled_hf_indicators.clear();
   client_cb->peer_hf_indicators.clear();
 
-  if (client_cb->p_disc_db &&
-      com::android::bluetooth::flags::btsec_check_valid_discovery_database()) {
+  if (client_cb->p_disc_db) {
     if (!get_legacy_stack_sdp_api()->service.SDP_CancelServiceSearch(client_cb->p_disc_db)) {
       log::warn("Unable to cancel SDP service discovery peer:{}", client_cb->peer_addr);
     }

system/bta/hf_client/bta_hf_client_sdp.cc

@@ -361,8 +361,7 @@ void bta_hf_client_do_disc(tBTA_HF_CLIENT_CB* client_cb) {
   /* If we already have a non-null discovery database at this point, we can get
    * into a race condition leading to UAF once this connection is closed.
    * This should only happen with malicious modifications to a client. */
-  if (com::android::bluetooth::flags::btsec_check_valid_discovery_database() &&
-      client_cb->p_disc_db != NULL) {
+  if (client_cb->p_disc_db != NULL) {
     log::error("Tried to set up a HF client with a preexisting discovery database.");
     client_cb->p_disc_db = NULL;
     // We manually set the state here because it's possible to call this from an

system/stack/arbiter/acl_arbiter.cc

@@ -115,7 +115,7 @@ void AclArbiter::SendPacketToPeer(uint8_t tcb_idx, ::rust::Vec<uint8_t> buffer)
     if (stack::l2cap::get_interface().L2CA_SendFixedChnlData(L2CAP_ATT_CID, p_tcb->peer_bda,
                                                              p_buf) != tL2CAP_DW_RESULT::SUCCESS) {
       log::warn("Unable to send L2CAP data peer:{} fixed_cid:{} len:{}", p_tcb->peer_bda,
-                L2CAP_ATT_CID, p_buf->len);
+                L2CAP_ATT_CID, buffer.size());
     }
   } else {
     log::error("Dropping packet since connection no longer exists");

system/stack/btm/btm_ble_sec.cc

@@ -1637,10 +1637,6 @@ void btm_ble_connection_established(const RawAddress& bda) {
 
 static bool btm_ble_complete_evt_ignore(const tBTM_SEC_DEV_REC* p_dev_rec,
                                         const tBTM_LE_EVT_DATA* p_data) {
-  if (!com::android::bluetooth::flags::bonded_device_smp_failure_handling()) {
-    return false;
-  }
-
   // Peripheral role: Encryption request results in SMP Security request. SMP may generate a
   // SMP_COMPLT_EVT failure event cases like below:
   // 1) Some central devices don't handle cross-over between encryption and SMP security request

system/stack/sdp/sdp_discovery.cc

@@ -643,8 +643,7 @@ static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
     uint16_t bytes_left = SDP_DATA_BUF_SIZE;
 
     /* If we don't have a valid discovery database, we can't do anything. */
-    if (com::android::bluetooth::flags::btsec_check_valid_discovery_database() &&
-        p_ccb->p_db == NULL) {
+    if (p_ccb->p_db == NULL) {
       log::warn(
               "Attempted continuation or first time request with invalid discovery "
               "database");