Hi Marcin,
On Tuesday 17 June 2014 15:31:11 Marcin Kraglak wrote:
> Set security level if user requested. It is used when frameworks receives
> INSUFFICIENT_ENCRYPTION or INSUFFICIENT_AUTHENTICATIONS errors on read/write
> requests and tries to elevate security.
> ---
> android/gatt.c | 72
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed,
> 72 insertions(+)
>
> diff --git a/android/gatt.c b/android/gatt.c
> index 9531577..b958167 100644
> --- a/android/gatt.c
> +++ b/android/gatt.c
> @@ -2731,6 +2731,52 @@ static int get_sec_level(struct gatt_device *dev)
> return sec_level;
> }
>
> +static bool set_security(struct gatt_device *device, int security)
> +{
> + int req_sec_level, sec_level;
> + GError *gerr = NULL;
> + GIOChannel *io;
> +
> + if (security < HAL_AUTHENTICATION_NONE ||
> + security > HAL_AUTHENTICATION_MITM) {
> + error("gatt: Invalid security value: %d", security);
> + return false;
> + }
Mmove this into default case in switch below.
> +
> + switch (security) {
> + case HAL_AUTHENTICATION_MITM:
> + req_sec_level = BT_SECURITY_HIGH;
> + break;
> + case HAL_AUTHENTICATION_NO_MITM:
> + req_sec_level = BT_SECURITY_MEDIUM;
> + break;
> + case HAL_AUTHENTICATION_NONE:
> + req_sec_level = BT_SECURITY_LOW;
> + break;
> + }
> +
> + sec_level = get_sec_level(device);
> + if (sec_level < 0)
> + return false;
> +
> + if (req_sec_level <= sec_level)
> + return true;
> +
> + io = g_attrib_get_channel(device->attrib);
> + if (!io)
> + return false;
> +
> + bt_io_set(io, &gerr, BT_IO_OPT_SEC_LEVEL, req_sec_level,
> + BT_IO_OPT_INVALID);
> + if (gerr) {
> + error("%s\n", gerr->message);
Prefix error with "gatt: Failed to set..."
> + g_error_free(gerr);
> + return false;
> + }
> +
> + return true;
> +}
> +
> static void handle_client_read_characteristic(const void *buf, uint16_t
> len) {
> const struct hal_cmd_gatt_client_read_characteristic *cmd = buf;
> @@ -2771,6 +2817,13 @@ static void handle_client_read_characteristic(const
> void *buf, uint16_t len) goto failed;
> }
>
> + if (!set_security(conn->device, cmd->auth_req)) {
> + error("gatt: Failed to set security %d", cmd->auth_req);
> + status = HAL_STATUS_FAILED;
> + free(cb_data);
> + goto failed;
> + }
> +
> if (!gatt_read_char(conn->device->attrib, ch->ch.value_handle,
> read_char_cb, cb_data)) {
> error("gatt: Cannot read characteristic with inst_id: %d",
> @@ -2898,6 +2951,12 @@ static void handle_client_write_characteristic(const
> void *buf, uint16_t len) }
> }
>
> + if (!set_security(conn->device, cmd->auth_req)) {
> + error("gatt: Failed to set security %d", cmd->auth_req);
> + status = HAL_STATUS_FAILED;
> + goto failed;
> + }
> +
> switch (cmd->write_type) {
> case GATT_WRITE_TYPE_NO_RESPONSE:
> res = gatt_write_cmd(conn->device->attrib, ch->ch.value_handle,
> @@ -3099,6 +3158,13 @@ static void handle_client_read_descriptor(const void
> *buf, uint16_t len) goto failed;
> }
>
> + if (!set_security(conn->device, cmd->auth_req)) {
> + error("gatt: Failed to set security %d", cmd->auth_req);
> + status = HAL_STATUS_FAILED;
> + free(cb_data);
> + goto failed;
> + }
> +
> if (!gatt_read_char(conn->device->attrib, descr->handle, read_desc_cb,
> cb_data)) {
> free(cb_data);
> @@ -3224,6 +3290,12 @@ static void handle_client_write_descriptor(const void
> *buf, uint16_t len) }
> }
>
> + if (!set_security(conn->device, cmd->auth_req)) {
> + error("gatt: Failed to set security %d", cmd->auth_req);
> + status = HAL_STATUS_FAILED;
> + goto failed;
> + }
> +
> switch (cmd->write_type) {
> case GATT_WRITE_TYPE_NO_RESPONSE:
> res = gatt_write_cmd(conn->device->attrib, descr->handle,
--
Szymon K. Janc
szymon.janc@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
