InternalEnforceSecurityPolicy: Check if record is temporary

If we want AUTHENTICATED_ENCRYPTED_TRANSPORT, temporary link key is not
sufficient.  Pair again.

Test: cert/run --host
Tag: #gd-refactor
Bug: 141555841
Change-Id: I9a5b4b08fdd22d6c453443f6315b3f136913b516

diff --git a/gd/security/internal/security_manager_impl.cc b/gd/security/internal/security_manager_impl.cc
index 751a69b..b2d065e 100644 (file)
--- a/gd/security/internal/security_manager_impl.cc
+++ b/gd/security/internal/security_manager_impl.cc
@@ -720,7 +720,7 @@ void SecurityManagerImpl::InternalEnforceSecurityPolicy(
   switch (policy) {
     case l2cap::classic::SecurityPolicy::BEST:
     case l2cap::classic::SecurityPolicy::AUTHENTICATED_ENCRYPTED_TRANSPORT:
-      if (!record->IsPaired()) {
+      if (!record->IsPaired() || record->IsTemporary()) {
         need_to_pair = true;
       } else if (record->IsAuthenticated()) {
         // if paired with MITM, only encryption is missing, so we just need to wait for encryption change callback