From 0a8c39cda12639f0b08f5ca79bff6b5515ab20d9 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Fri, 8 Sep 2023 10:26:33 -0700
Subject: [PATCH] Enforce authentication if encryption is required

Original bug
Bug: 294854926

regressions:
Bug: 299570702
Bug: 299561281

Test: m com.android.btservices
Test: QA validation
Ignore-AOSP-First: security

Merged-In: I0370ed2e3166d56f708e1981c2126526e1db9eaa
Change-Id: I0370ed2e3166d56f708e1981c2126526e1db9eaa
---
 system/stack/btm/btm_sec.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/system/stack/btm/btm_sec.cc b/system/stack/btm/btm_sec.cc
index 3322b7c4dd3..3af24dd59cc 100644
--- a/system/stack/btm/btm_sec.cc
+++ b/system/stack/btm/btm_sec.cc
@@ -4417,13 +4417,15 @@ tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) {
     // Check link status of BR/EDR
     if (!(p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED)) {
       if (p_dev_rec->IsLocallyInitiated()) {
-        if (p_dev_rec->security_required & BTM_SEC_OUT_AUTHENTICATE) {
-          LOG_DEBUG("Outgoing authentication Required");
+        if (p_dev_rec->security_required &
+            (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT)) {
+          LOG_DEBUG("Outgoing authentication/encryption Required");
           start_auth = true;
         }
       } else {
-        if (p_dev_rec->security_required & BTM_SEC_IN_AUTHENTICATE) {
-          LOG_DEBUG("Incoming authentication Required");
+        if (p_dev_rec->security_required &
+            (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT)) {
+          LOG_DEBUG("Incoming authentication/encryption Required");
           start_auth = true;
         }
       }
-- 
GitLab