From d28ef580ad01322fc79d81df83f200fa159a285e Mon Sep 17 00:00:00 2001 From: Zach Johnson Date: Tue, 25 Aug 2020 15:52:17 -0700 Subject: [PATCH] Correct hidd/h interrupt channel security the legacy stack had it as none, but security was implied since the channels can't exist without the protected channel up. Add security for consistency. Bug: 159815595 Tag: #refactor Test: compile & verify basic functions working Change-Id: I8edd2a9f604c719876c1b64388041f4c7d94ce6c --- stack/hid/hidd_conn.cc | 13 ++++++++----- stack/hid/hidh_conn.cc | 12 +++++++----- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/stack/hid/hidd_conn.cc b/stack/hid/hidd_conn.cc index e18868a6e..e6c2ef156 100644 --- a/stack/hid/hidd_conn.cc +++ b/stack/hid/hidd_conn.cc @@ -365,8 +365,9 @@ static void hidd_l2cif_config_ind(uint16_t cid, tL2CAP_CFG_INFO* p_cfg) { if ((p_hcon->conn_flags & HID_CONN_FLAGS_IS_ORIG) && (p_hcon->conn_flags & HID_CONN_FLAGS_MY_CTRL_CFG_DONE)) { p_hcon->disc_reason = HID_L2CAP_CONN_FAIL; - if ((p_hcon->intr_cid = L2CA_ConnectReq2( - HID_PSM_INTERRUPT, hd_cb.device.addr, BTM_SEC_NONE)) == 0) { + if ((p_hcon->intr_cid = + L2CA_ConnectReq2(HID_PSM_INTERRUPT, hd_cb.device.addr, + BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT)) == 0) { hidd_conn_disconnect(); p_hcon->conn_state = HID_CONN_STATE_UNUSED; @@ -448,8 +449,9 @@ static void hidd_l2cif_config_cfm(uint16_t cid, tL2CAP_CFG_INFO* p_cfg) { if ((p_hcon->conn_flags & HID_CONN_FLAGS_IS_ORIG) && (p_hcon->conn_flags & HID_CONN_FLAGS_HIS_CTRL_CFG_DONE)) { p_hcon->disc_reason = HID_L2CAP_CONN_FAIL; - if ((p_hcon->intr_cid = L2CA_ConnectReq2( - HID_PSM_INTERRUPT, hd_cb.device.addr, BTM_SEC_NONE)) == 0) { + if ((p_hcon->intr_cid = + L2CA_ConnectReq2(HID_PSM_INTERRUPT, hd_cb.device.addr, + BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT)) == 0) { hidd_conn_disconnect(); p_hcon->conn_state = HID_CONN_STATE_UNUSED; @@ -768,7 +770,8 @@ tHID_STATUS hidd_conn_reg(void) { if (!L2CA_Register2(HID_PSM_INTERRUPT, (tL2CAP_APPL_INFO*)&dev_reg_info, false /* enable_snoop */, nullptr, - hd_cb.l2cap_intr_cfg.mtu, BTM_SEC_NONE)) { + hd_cb.l2cap_intr_cfg.mtu, + BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT)) { L2CA_Deregister(HID_PSM_CONTROL); HIDD_TRACE_ERROR("HID Interrupt (device) registration failed"); return (HID_ERR_L2CAP_FAILED); diff --git a/stack/hid/hidh_conn.cc b/stack/hid/hidh_conn.cc index 362dcb585..be72be801 100644 --- a/stack/hid/hidh_conn.cc +++ b/stack/hid/hidh_conn.cc @@ -106,7 +106,7 @@ tHID_STATUS hidh_conn_reg(void) { } if (!L2CA_Register2(HID_PSM_INTERRUPT, (tL2CAP_APPL_INFO*)&hst_reg_info, false /* enable_snoop */, nullptr, hh_cb.l2cap_cfg.mtu, - BTM_SEC_NONE)) { + BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT)) { L2CA_Deregister(HID_PSM_CONTROL); HIDH_TRACE_ERROR("HID-Host Interrupt Registration failed"); return (HID_ERR_L2CAP_FAILED); @@ -492,8 +492,9 @@ static void hidh_l2cif_config_ind(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg) { CLOSE_EVT: Connection Attempt was made but failed */ - p_hcon->intr_cid = L2CA_ConnectReq2( - HID_PSM_INTERRUPT, hh_cb.devices[dhandle].addr, BTM_SEC_NONE); + p_hcon->intr_cid = + L2CA_ConnectReq2(HID_PSM_INTERRUPT, hh_cb.devices[dhandle].addr, + BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT); if (p_hcon->intr_cid == 0) { HIDH_TRACE_WARNING("HID-Host INTR Originate failed"); reason = HID_L2CAP_REQ_FAIL; @@ -572,8 +573,9 @@ static void hidh_l2cif_config_cfm(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg) { CLOSE_EVT: Connection Attempt was made but failed */ - p_hcon->intr_cid = L2CA_ConnectReq2( - HID_PSM_INTERRUPT, hh_cb.devices[dhandle].addr, BTM_SEC_NONE); + p_hcon->intr_cid = + L2CA_ConnectReq2(HID_PSM_INTERRUPT, hh_cb.devices[dhandle].addr, + BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT); if (p_hcon->intr_cid == 0) { HIDH_TRACE_WARNING("HID-Host INTR Originate failed"); reason = HID_L2CAP_REQ_FAIL; -- 2.11.0