From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Hui Peng Date: Tue, 12 Sep 2023 23:47:48 +0000 Subject: [PATCH] Reject access to secure service authenticated from a temp bonding [3] Allow access to rfcomm PSM by default Original bug Bug: 294854926 Nearby regressions: Bug: 298539299 Test: m com.android.btservices Ignore-AOSP-First: security (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ab986fe4165aae74c5915f57ad2e78bf80f1d3ec) Merged-In: If1f7c9278a9e877f64ae78b6f067c597fb5d0e66 Change-Id: If1f7c9278a9e877f64ae78b6f067c597fb5d0e66 --- stack/btm/btm_sec.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc index 5f35733f5..fb00cb230 100644 --- a/stack/btm/btm_sec.cc +++ b/stack/btm/btm_sec.cc @@ -2254,15 +2254,15 @@ tBTM_STATUS btm_sec_l2cap_access_req(const RawAddress& bd_addr, uint16_t psm, btm_cb.security_mode == BTM_SEC_MODE_SC) { if (BTM_SEC_IS_SM4(p_dev_rec->sm4)) { if (is_originator) { - /* SM4 to SM4 -> always authenticate & encrypt */ - security_required |= (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT); + /* SM4 to SM4 -> always encrypt */ + security_required |= BTM_SEC_OUT_ENCRYPT; } else /* acceptor */ { /* SM4 to SM4: the acceptor needs to make sure the authentication is * already done */ chk_acp_auth_done = true; - /* SM4 to SM4 -> always authenticate & encrypt */ - security_required |= (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT); + /* SM4 to SM4 -> always encrypt */ + security_required |= BTM_SEC_IN_ENCRYPT; } } else if (!(BTM_SM4_KNOWN & p_dev_rec->sm4)) { /* the remote features are not known yet */