mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-19 12:54:22 -05:00
0b8f1a2c57
Signed-off-by: Tavi <tavi@divested.dev>
34 lines
1.3 KiB
Diff
34 lines
1.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Hui Peng <phui@google.com>
|
|
Date: Tue, 9 Jan 2024 22:38:20 +0000
|
|
Subject: [PATCH] Fix a security bypass issue in
|
|
access_secure_service_from_temp_bond
|
|
|
|
Backport I48df2c2d77810077e97d4131540277273d441998
|
|
to rvc-dev
|
|
|
|
Bug: 318374503
|
|
Test: m com.android.btservices | manual test against PoC | QA
|
|
Ignore-AOSP-First: security
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e908c16d9157b9e4a936117f06b8f964cf8386b8)
|
|
Merged-In: Ib7cf66019b3d45a2a23d235ad5f9dc406394456f
|
|
Change-Id: Ib7cf66019b3d45a2a23d235ad5f9dc406394456f
|
|
---
|
|
stack/btm/btm_sec.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/stack/btm/btm_sec.c b/stack/btm/btm_sec.c
|
|
index 1a21bce09..9b447ea07 100644
|
|
--- a/stack/btm/btm_sec.c
|
|
+++ b/stack/btm/btm_sec.c
|
|
@@ -245,8 +245,7 @@ static BOOLEAN access_secure_service_from_temp_bond(const tBTM_SEC_DEV_REC* p_de
|
|
uint16_t security_req)
|
|
{
|
|
return !locally_initiated && (security_req & BTM_SEC_IN_AUTHENTICATE) &&
|
|
- btm_dev_authenticated(p_dev_rec) &&
|
|
- p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;
|
|
+ p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;
|
|
}
|
|
|
|
/*******************************************************************************
|