Commit 00ae4af9 authored by Marcel Holtmann's avatar Marcel Holtmann

Bluetooth: Fix authentication requirements for L2CAP security check

The L2CAP layer can trigger the authentication via an ACL connection or
later on to increase the security level. When increasing the security
level it didn't use the same authentication requirements when triggering
a new ACL connection. Make sure that exactly the same authentication
requirements are used. The only exception here are the L2CAP raw sockets
which are only used for dedicated bonding.
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 2950f21a
......@@ -268,6 +268,15 @@ static inline int l2cap_check_security(struct sock *sk)
struct l2cap_conn *conn = l2cap_pi(sk)->conn;
__u8 auth_type;
if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
auth_type = HCI_AT_NO_BONDING_MITM;
else
auth_type = HCI_AT_NO_BONDING;
if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
} else {
switch (l2cap_pi(sk)->sec_level) {
case BT_SECURITY_HIGH:
auth_type = HCI_AT_GENERAL_BONDING_MITM;
......@@ -279,6 +288,7 @@ static inline int l2cap_check_security(struct sock *sk)
auth_type = HCI_AT_NO_BONDING;
break;
}
}
return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
auth_type);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment