DivestOS/Patches/LineageOS-16.0/android_system_bt/377778.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Sat, 2 Sep 2023 04:27:29 +0000
Subject: [PATCH] Reject access to secure services authenticated from temp
 bonding [2]

Reject access to service running on rfcomm

this is a backport of
I10fcc2dcd78fc22ffbe3c425669fc9889b94a166

Bug: 294854926
Test: m com.android.btservices
Ignore-AOSP-First: security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5e0e907ec4948f06b3a35ecf08725c020d533ccb)
Merged-In: I10fcc2dcd78fc22ffbe3c425669fc9889b94a166
Change-Id: I10fcc2dcd78fc22ffbe3c425669fc9889b94a166
---
 stack/btm/btm_sec.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index a4d916cc3..bce9eae06 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -2423,6 +2423,11 @@ tBTM_STATUS btm_sec_mx_access_request(const RawAddress& bd_addr, uint16_t psm,
                                mx_chan_id, p_callback, p_ref_data);
     } else /* rc == BTM_SUCCESS */
     {
+      if (access_secure_service_from_temp_bond(p_dev_rec,
+          is_originator, security_required)) {
+        LOG_ERROR(LOG_TAG, "Trying to access a secure rfcomm service from a temp bonding, reject");
+        rc = BTM_FAILED_ON_SECURITY;
+      }
       /* access granted */
       if (p_callback) {
         (*p_callback)(&bd_addr, transport, p_ref_data, (uint8_t)rc);