Do not remove device security record on LMP timeout

If an LMP timeout is encountered in the middle of authentication, the
link key is removed from the controller (but not from NVRAM). This can
result in a follow up connction triggering a LINK_KEY_MISSING reply,
which in turn can cause a remote device to initiate pairing which will
then finally remove the link key stored in NVRAM as well.

This change prevents the link key from being removed from the Bluetooth
controller in case of a timeout during link authentication.

Bug: 36798442
Test: manual
Change-Id: Ic89a16b45756e3d40b2e374c645c8f245f6ce3fc
(cherry picked from commit 1f5ec7304fc4e297f9f9868b5bd9382c2a26c8cc)

diff --git a/bta/dm/bta_dm_act.cc b/bta/dm/bta_dm_act.cc
index 9509ae6..1d6bb06 100644 (file)
--- a/bta/dm/bta_dm_act.cc
+++ b/bta/dm/bta_dm_act.cc
@@ -384,9 +384,10 @@ static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) {
     bta_dm_cb.is_bta_dm_active = false;
   } else if (status == BTA_SYS_HW_ON_EVT) {
     /* FIXME: We should not unregister as the SYS shall invoke this callback on
-    * a H/W error.
-    * We need to revisit when this platform has more than one BLuetooth H/W chip
-    */
+     * a H/W error.
+     * We need to revisit when this platform has more than one BLuetooth H/W
+     * chip
+     */
     // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
 
     /* save security callback */
@@ -2606,7 +2607,11 @@ static uint8_t bta_dm_authentication_complete_cback(
     if (bta_dm_cb.p_sec_cback)
       bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
 
-    bta_dm_remove_sec_dev_entry(bd_addr);
+    if (result != HCI_ERR_LMP_RESPONSE_TIMEOUT &&
+        result != HCI_ERR_PAGE_TIMEOUT &&
+        result != HCI_ERR_CONN_FAILED_ESTABLISHMENT) {
+      bta_dm_remove_sec_dev_entry(bd_addr);
+    }
   }
 
   return BTM_SUCCESS;
@@ -2654,7 +2659,7 @@ static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
       sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
       sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
 
-/* continue to next case */
+    /* continue to next case */
     /* Passkey entry mode, mobile device with output capability is very
         unlikely to receive key request, so skip this event */
     /*case BTM_SP_KEY_REQ_EVT: */
@@ -4492,10 +4497,10 @@ static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) {
   tBTA_DM_SEARCH result;
 
   /*
-      * This logic will not work for gatt case.  We are checking against the
+   * This logic will not work for gatt case.  We are checking against the
    * bluetooth profiles here
-      * just copy the GATTID in raw data field and send it across.
-      */
+   * just copy the GATTID in raw data field and send it across.
+   */
 
   if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) <
       bta_dm_search_cb.ble_raw_size) {

diff --git a/btif/src/btif_dm.cc b/btif/src/btif_dm.cc
index cfe17b2..e428bd1 100644 (file)
--- a/btif/src/btif_dm.cc
+++ b/btif/src/btif_dm.cc
@@ -1148,6 +1148,7 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
     // Map the HCI fail reason  to  bt status
     switch (p_auth_cmpl->fail_reason) {
       case HCI_ERR_PAGE_TIMEOUT:
+      case HCI_ERR_LMP_RESPONSE_TIMEOUT:
         if (interop_match_addr(INTEROP_AUTO_RETRY_PAIRING, &bd_addr) &&
             pairing_cb.timeout_retries) {
           BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...",
@@ -1166,10 +1167,6 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
         status = BT_STATUS_AUTH_REJECTED;
         break;
 
-      case HCI_ERR_LMP_RESPONSE_TIMEOUT:
-        status = BT_STATUS_AUTH_FAILURE;
-        break;
-
       /* map the auth failure codes, so we can retry pairing if necessary */
       case HCI_ERR_AUTH_FAILURE:
       case HCI_ERR_KEY_MISSING: