mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 07:29:24 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
100 lines
4.1 KiB
Diff
100 lines
4.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Hui Peng <phui@google.com>
|
|
Date: Sat, 2 Sep 2023 04:20:10 +0000
|
|
Subject: [PATCH] Reject access to secure service authenticated from a temp
|
|
bonding [1]
|
|
|
|
Rejecct access to services running on l2cap
|
|
|
|
Backport of
|
|
Idef4ea28eb3d17b0807ab7dc6849433ddc5581b3
|
|
|
|
Bug: 294854926
|
|
Test: m com.android.btservices
|
|
Ignore-AOSP-First: security
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a36757e967ab6d956127cac298134f28ce8f0d6d)
|
|
Merged-In: Idef4ea28eb3d17b0807ab7dc6849433ddc5581b3
|
|
Change-Id: Idef4ea28eb3d17b0807ab7dc6849433ddc5581b3
|
|
---
|
|
stack/btm/btm_sec.cc | 38 ++++++++++++++++++++++++++++++++++----
|
|
1 file changed, 34 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
|
|
index 899b6b908..a4d916cc3 100644
|
|
--- a/stack/btm/btm_sec.cc
|
|
+++ b/stack/btm/btm_sec.cc
|
|
@@ -98,7 +98,7 @@ static bool btm_sec_set_security_level(CONNECTION_TYPE conn_type,
|
|
uint32_t mx_proto_id,
|
|
uint32_t mx_chan_id);
|
|
|
|
-static bool btm_dev_authenticated(tBTM_SEC_DEV_REC* p_dev_rec);
|
|
+static bool btm_dev_authenticated(const tBTM_SEC_DEV_REC* p_dev_rec);
|
|
static bool btm_dev_encrypted(tBTM_SEC_DEV_REC* p_dev_rec);
|
|
static bool btm_dev_authorized(tBTM_SEC_DEV_REC* p_dev_rec);
|
|
static bool btm_serv_trusted(tBTM_SEC_DEV_REC* p_dev_rec,
|
|
@@ -140,7 +140,7 @@ static const bool btm_sec_io_map[BTM_IO_CAP_MAX][BTM_IO_CAP_MAX] = {
|
|
* Returns bool true or false
|
|
*
|
|
******************************************************************************/
|
|
-static bool btm_dev_authenticated(tBTM_SEC_DEV_REC* p_dev_rec) {
|
|
+static bool btm_dev_authenticated(const tBTM_SEC_DEV_REC* p_dev_rec) {
|
|
if (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED) {
|
|
return (true);
|
|
}
|
|
@@ -214,6 +214,25 @@ static bool btm_serv_trusted(tBTM_SEC_DEV_REC* p_dev_rec,
|
|
return (false);
|
|
}
|
|
|
|
+/*******************************************************************************
|
|
+ *
|
|
+ * Function access_secure_service_from_temp_bond
|
|
+ *
|
|
+ * Description a utility function to test whether an access to
|
|
+ * secure service from temp bonding is happening
|
|
+ *
|
|
+ * Returns true if the aforementioned condition holds,
|
|
+ * false otherwise
|
|
+ *
|
|
+ ******************************************************************************/
|
|
+static bool access_secure_service_from_temp_bond(const tBTM_SEC_DEV_REC* p_dev_rec,
|
|
+ bool locally_initiated,
|
|
+ uint16_t security_req) {
|
|
+ return !locally_initiated && (security_req & BTM_SEC_IN_AUTHENTICATE) &&
|
|
+ btm_dev_authenticated(p_dev_rec) &&
|
|
+ p_dev_rec->bond_type == BOND_TYPE_TEMPORARY;
|
|
+}
|
|
+
|
|
/*******************************************************************************
|
|
*
|
|
* Function BTM_SecRegister
|
|
@@ -2075,9 +2094,13 @@ tBTM_STATUS btm_sec_l2cap_access_req(const RawAddress& bd_addr, uint16_t psm,
|
|
}
|
|
|
|
if (rc == BTM_SUCCESS) {
|
|
+ if (access_secure_service_from_temp_bond(p_dev_rec, is_originator, security_required)) {
|
|
+ LOG_ERROR(LOG_TAG, "Trying to access a secure service from a temp bonding, rejecting");
|
|
+ rc = BTM_FAILED_ON_SECURITY;
|
|
+ }
|
|
if (p_callback)
|
|
- (*p_callback)(&bd_addr, transport, (void*)p_ref_data, BTM_SUCCESS);
|
|
- return (BTM_SUCCESS);
|
|
+ (*p_callback)(&bd_addr, transport, (void*)p_ref_data, rc);
|
|
+ return (rc);
|
|
}
|
|
}
|
|
|
|
@@ -5133,6 +5156,13 @@ tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) {
|
|
}
|
|
}
|
|
|
|
+ if (access_secure_service_from_temp_bond(p_dev_rec,
|
|
+ p_dev_rec->is_originator,
|
|
+ p_dev_rec->security_required)) {
|
|
+ LOG_ERROR(LOG_TAG, "Trying to access a secure service from a temp bonding, rejecting");
|
|
+ return (BTM_FAILED_ON_SECURITY);
|
|
+ }
|
|
+
|
|
/* All required security procedures already established */
|
|
p_dev_rec->security_required &=
|
|
~(BTM_SEC_OUT_AUTHORIZE | BTM_SEC_IN_AUTHORIZE |
|