Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_packages_modules_Bluetooth / ec322f23840deecd15ebb54be4e212f6bfdeab53^1..ec322f23840deecd15ebb54be4e212f6bfdeab53 / .
commitec322f23840deecd15ebb54be4e212f6bfdeab53[log] [tgz]
authorMichael Bestas <mkbestas@lineageos.org>Tue May 02 01:10:55 2023 +0300
committerMichael Bestas <mkbestas@lineageos.org>Tue May 02 01:10:55 2023 +0300
tree0df43329abf79cc5795e148e0800c261649f5174
parent957b6985fce30f54da5879a06b2a953317c8be0a [diff]
parent945fc06862d046d1da07b462c909107ebc9e87e4 [diff]
Merge tag 'android-13.0.0_r43' into staging/lineage-20.0_merge-android-13.0.0_r43

Android 13.0.0 release 43

# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZFABmAAKCRDorT+BmrEO
# eGOIAKCHf+/I/K1ZPzxEPtla8Qvl70qrVACfduSiJbqisbXbh7g10KpYXg+USYA=
# =CNtH
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon May  1 21:14:48 2023 EEST
# gpg:                using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 1659 signatures in the past
#      18 months.  Encrypted 4 messages in the past 15 months.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381  0964 E8AD 3F81 9AB1 0E78

# By Brian Delwiche
# Via Android Build Coastguard Worker
* tag 'android-13.0.0_r43':
  Reject encryption drop in Common Criteria mode

Change-Id: I920f6b1a029a786b546783d7d0e67df8aa6a48a7

diff --git a/system/stack/acl/btm_acl.cc b/system/stack/acl/btm_acl.cc
index cda4d85..aaa3ad4 100644
--- a/system/stack/acl/btm_acl.cc
+++ b/system/stack/acl/btm_acl.cc

@@ -50,6 +50,7 @@
 #include "main/shim/dumpsys.h"
 #include "main/shim/l2c_api.h"
 #include "main/shim/shim.h"
+#include "os/parameter_provider.h"
 #include "osi/include/allocator.h"
 #include "osi/include/log.h"
 #include "osi/include/osi.h"  // UNUSED_ATTR
@@ -630,6 +631,23 @@
     return;
   }
 
+  /* Common Criteria mode only: if we are trying to drop encryption on an
+   * encrypted connection, drop the connection */
+  if (bluetooth::os::ParameterProvider::IsCommonCriteriaMode()) {
+    if (p->is_encrypted && !encr_enable) {
+      LOG(ERROR)
+          << __func__
+          << " attempting to decrypt encrypted connection, disconnecting. "
+             "handle: "
+          << loghex(handle);
+
+      acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY,
+                                 "stack::btu::btu_hcif::read_drop_encryption "
+                                 "Connection Already Encrypted");
+      return;
+    }
+  }
+
   p->is_encrypted = encr_enable;
 
   /* Process Role Switch if active */