From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Wed, 13 Sep 2023 00:00:44 +0000
Subject: [PATCH] Enforce authentication if encryption is required

Original bug
Bug: 294854926

regressions:
Bug: 299570702
Bug: 299561281

Test: Test: m com.android.btservices
Test: QA validation
Ignore-AOSP-First: security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:778d3fb3fb520e54425ecefe9a28453002053553)
Merged-In: I0370ed2e3166d56f708e1981c2126526e1db9eaa
Change-Id: I0370ed2e3166d56f708e1981c2126526e1db9eaa
---
 stack/btm/btm_sec.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index 005629c48..29ca8320f 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -5208,13 +5208,15 @@ static tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) {
     // Check link status of BR/EDR
     if (!(p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED)) {
       if (p_dev_rec->is_originator) {
-        if (p_dev_rec->security_required & BTM_SEC_OUT_AUTHENTICATE) {
-          LOG_DEBUG(LOG_TAG, "Outgoing authentication Required");
+        if (p_dev_rec->security_required &
+            (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT)) {
+          LOG_DEBUG(LOG_TAG, "Outgoing authentication/encryption Required");
           start_auth = true;
         }
       } else {
-        if (p_dev_rec->security_required & BTM_SEC_IN_AUTHENTICATE) {
-          LOG_DEBUG(LOG_TAG, "Incoming authentication Required");
+        if (p_dev_rec->security_required &
+            (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT)) {
+          LOG_DEBUG(LOG_TAG, "Incoming authentication/encryption Required");
           start_auth = true;
         }
       }