OSDN Git Service

android/gatt: Change check permissions order
authorMarcin Kraglak <marcin.kraglak@tieto.com>
Thu, 12 Jun 2014 09:08:23 +0000 (11:08 +0200)
committerSzymon Janc <szymon.janc@tieto.com>
Thu, 12 Jun 2014 11:37:32 +0000 (13:37 +0200)
Firstly we should check if characteristic needs MITM permissions,
and next check for ENCRYPTION permissions. Now remote device can
increase security to MITM immediatelly (i.e. from sec LOW to HIGH).

android/gatt.c

index 3ec4118..2cfa0a1 100644 (file)
@@ -4064,14 +4064,14 @@ static uint8_t check_device_permissions(struct gatt_device *device,
                if (!(permissions & GATT_PERM_READ))
                        return ATT_ECODE_READ_NOT_PERM;
 
-               if ((permissions & GATT_PERM_READ_ENCRYPTED) &&
-                                               sec_level < BT_SECURITY_MEDIUM)
-                       return ATT_ECODE_INSUFF_ENC;
-
                if ((permissions & GATT_PERM_READ_MITM) &&
                                                sec_level < BT_SECURITY_HIGH)
                        return ATT_ECODE_AUTHENTICATION;
 
+               if ((permissions & GATT_PERM_READ_ENCRYPTED) &&
+                                               sec_level < BT_SECURITY_MEDIUM)
+                       return ATT_ECODE_INSUFF_ENC;
+
                if (permissions & GATT_PERM_READ_AUTHORIZATION)
                        return ATT_ECODE_AUTHORIZATION;
                break;
@@ -4082,14 +4082,14 @@ static uint8_t check_device_permissions(struct gatt_device *device,
                if (!(permissions & GATT_PERM_WRITE))
                        return ATT_ECODE_WRITE_NOT_PERM;
 
-               if ((permissions & GATT_PERM_WRITE_ENCRYPTED) &&
-                                               sec_level < BT_SECURITY_MEDIUM)
-                       return ATT_ECODE_INSUFF_ENC;
-
                if ((permissions & GATT_PERM_WRITE_MITM) &&
                                                sec_level < BT_SECURITY_HIGH)
                        return ATT_ECODE_AUTHENTICATION;
 
+               if ((permissions & GATT_PERM_WRITE_ENCRYPTED) &&
+                                               sec_level < BT_SECURITY_MEDIUM)
+                       return ATT_ECODE_INSUFF_ENC;
+
                if (permissions & GATT_PERM_WRITE_AUTHORIZATION)
                        return ATT_ECODE_AUTHORIZATION;
                break;