DivestOS/Patches/LineageOS-16.0/android_system_bt/385678.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Tue, 9 Jan 2024 22:38:20 +0000
Subject: [PATCH] Fix a security bypass issue in
 access_secure_service_from_temp_bond

Backport I48df2c2d77810077e97d4131540277273d441998
to rvc-dev

Bug: 318374503
Test: m com.android.btservices | manual test against PoC | QA
Ignore-AOSP-First: security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e908c16d9157b9e4a936117f06b8f964cf8386b8)
Merged-In: Ib7cf66019b3d45a2a23d235ad5f9dc406394456f
Change-Id: Ib7cf66019b3d45a2a23d235ad5f9dc406394456f
---
 stack/btm/btm_sec.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index 71f737ebf..e054b3111 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -229,8 +229,7 @@ static bool access_secure_service_from_temp_bond(const tBTM_SEC_DEV_REC* p_dev_r
                                                  bool locally_initiated,
                                                  uint16_t security_req) {
   return !locally_initiated && (security_req & BTM_SEC_IN_AUTHENTICATE) &&
-    btm_dev_authenticated(p_dev_rec) &&
-    p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;
+         p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;
 }
 
 /*******************************************************************************
16.0: Import and verify picks https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev> 2024-05-07 23:13:31 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Hui Peng <phui@google.com>`
			`Date: Tue, 9 Jan 2024 22:38:20 +0000`
			`Subject: [PATCH] Fix a security bypass issue in`
			`access_secure_service_from_temp_bond`

			`Backport I48df2c2d77810077e97d4131540277273d441998`
			`to rvc-dev`

			`Bug: 318374503`
			`Test: m com.android.btservices \| manual test against PoC \| QA`
			`Ignore-AOSP-First: security`
			`(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e908c16d9157b9e4a936117f06b8f964cf8386b8)`
			`Merged-In: Ib7cf66019b3d45a2a23d235ad5f9dc406394456f`
			`Change-Id: Ib7cf66019b3d45a2a23d235ad5f9dc406394456f`
			`---`
			`stack/btm/btm_sec.cc \| 3 +--`
			`1 file changed, 1 insertion(+), 2 deletions(-)`

			`diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc`
			`index 71f737ebf..e054b3111 100644`
			`--- a/stack/btm/btm_sec.cc`
			`+++ b/stack/btm/btm_sec.cc`
			`@@ -229,8 +229,7 @@ static bool access_secure_service_from_temp_bond(const tBTM_SEC_DEV_REC* p_dev_r`
			`bool locally_initiated,`
			`uint16_t security_req) {`
			`return !locally_initiated && (security_req & BTM_SEC_IN_AUTHENTICATE) &&`
			`- btm_dev_authenticated(p_dev_rec) &&`
			`- p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;`
			`+ p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;`
			`}`

			`/*******************************************************************************`