From 6893799a69f233e9ec428015631a61e5f431dee0 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 23 Sep 2024 18:22:36 +0000
Subject: [PATCH] Use encrypted link for avdtp and avctp channels

This is a backport of the AOSP changes for b/345258562.

Test: mmm packages/modules/Bluetooth
Bug: 345258562
Ignore-AOSP-First: security
Tag: #security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d7ff46bc6dc9d5afd601fb05ae1907286d03babe)
Merged-In: I4ef23f9dec4aaae6a526c11a7c2489159bd7fdf8
Change-Id: I4ef23f9dec4aaae6a526c11a7c2489159bd7fdf8
---
 system/stack/avct/avct_api.cc     | 6 ++++--
 system/stack/avct/avct_bcb_act.cc | 5 +++--
 system/stack/avct/avct_lcb_act.cc | 3 ++-
 system/stack/avdt/avdt_ad.cc      | 3 ++-
 system/stack/avdt/avdt_api.cc     | 3 ++-
 5 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/system/stack/avct/avct_api.cc b/system/stack/avct/avct_api.cc
index 1a8d6c6637a..f21dd5c89bf 100644
--- a/system/stack/avct/avct_api.cc
+++ b/system/stack/avct/avct_api.cc
@@ -62,9 +62,11 @@ void AVCT_Register() {
   /* initialize AVCTP data structures */
   memset(&avct_cb, 0, sizeof(tAVCT_CB));
 
+  uint16_t sec = BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT;
+
   /* register PSM with L2CAP */
   L2CA_Register2(AVCT_PSM, avct_l2c_appl, true /* enable_snoop */, nullptr,
-                 kAvrcMtu, 0, BTA_SEC_AUTHENTICATE);
+                 kAvrcMtu, 0, sec);
 
   /* Include the browsing channel which uses eFCR */
   tL2CAP_ERTM_INFO ertm_info;
@@ -72,7 +74,7 @@ void AVCT_Register() {
 
   L2CA_Register2(AVCT_BR_PSM, avct_l2c_br_appl, true /*enable_snoop*/,
                  &ertm_info, kAvrcBrMtu, AVCT_MIN_BROWSE_MTU,
-                 BTA_SEC_AUTHENTICATE);
+                 sec);
 
   avct_cb.trace_level = avct_trace_level;
 }
diff --git a/system/stack/avct/avct_bcb_act.cc b/system/stack/avct/avct_bcb_act.cc
index 2503d81562d..536c45782fd 100644
--- a/system/stack/avct/avct_bcb_act.cc
+++ b/system/stack/avct/avct_bcb_act.cc
@@ -113,8 +113,9 @@ void avct_bcb_chnl_open(tAVCT_BCB* p_bcb, UNUSED_ATTR tAVCT_LCB_EVT* p_data) {
 
   /* call l2cap connect req */
   p_bcb->ch_state = AVCT_CH_CONN;
-  p_bcb->ch_lcid =
-      L2CA_ConnectReq2(AVCT_BR_PSM, p_lcb->peer_addr, BTA_SEC_AUTHENTICATE);
+  p_bcb->ch_lcid = L2CA_ConnectReq2(AVCT_BR_PSM, p_lcb->peer_addr,
+    BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT);
+
   if (p_bcb->ch_lcid == 0) {
     /* if connect req failed, send ourselves close event */
     tAVCT_LCB_EVT avct_lcb_evt;
diff --git a/system/stack/avct/avct_lcb_act.cc b/system/stack/avct/avct_lcb_act.cc
index 99f1d6b9697..231e27e5766 100644
--- a/system/stack/avct/avct_lcb_act.cc
+++ b/system/stack/avct/avct_lcb_act.cc
@@ -185,7 +185,8 @@ void avct_lcb_chnl_open(tAVCT_LCB* p_lcb, UNUSED_ATTR tAVCT_LCB_EVT* p_data) {
 
   p_lcb->ch_state = AVCT_CH_CONN;
   p_lcb->ch_lcid =
-      L2CA_ConnectReq2(AVCT_PSM, p_lcb->peer_addr, BTA_SEC_AUTHENTICATE);
+      L2CA_ConnectReq2(AVCT_PSM, p_lcb->peer_addr,
+                       BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT);
   if (p_lcb->ch_lcid == 0) {
     /* if connect req failed, send ourselves close event */
     tAVCT_LCB_EVT avct_lcb_evt;
diff --git a/system/stack/avdt/avdt_ad.cc b/system/stack/avdt/avdt_ad.cc
index 947c5e0c2cc..d6a18af5913 100644
--- a/system/stack/avdt/avdt_ad.cc
+++ b/system/stack/avdt/avdt_ad.cc
@@ -547,7 +547,8 @@ void avdt_ad_open_req(uint8_t type, AvdtpCcb* p_ccb, AvdtpScb* p_scb,
 
     /* call l2cap connect req */
     lcid =
-        L2CA_ConnectReq2(AVDT_PSM, p_ccb->peer_addr, BTM_SEC_OUT_AUTHENTICATE);
+        L2CA_ConnectReq2(AVDT_PSM, p_ccb->peer_addr,
+                         BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT);
     if (lcid != 0) {
       /* if connect req ok, store tcid in lcid table  */
       avdtp_cb.ad.lcid_tbl[lcid] = avdt_ad_tc_tbl_to_idx(p_tbl);
diff --git a/system/stack/avdt/avdt_api.cc b/system/stack/avdt/avdt_api.cc
index 13f73a648f2..29c559d45b3 100644
--- a/system/stack/avdt/avdt_api.cc
+++ b/system/stack/avdt/avdt_api.cc
@@ -95,9 +95,10 @@ void avdt_scb_transport_channel_timer_timeout(void* data) {
  *
  ******************************************************************************/
 void AVDT_Register(AvdtpRcb* p_reg, tAVDT_CTRL_CBACK* p_cback) {
+  uint16_t sec = BTA_SEC_AUTHENTICATE | BTA_SEC_ENCRYPT;
   /* register PSM with L2CAP */
   L2CA_Register2(AVDT_PSM, avdt_l2c_appl, true /* enable_snoop */, nullptr,
-                 kAvdtpMtu, 0, BTA_SEC_AUTHENTICATE);
+                 kAvdtpMtu, 0, sec);
 
   /* initialize AVDTP data structures */
   avdt_scb_init();
-- 
GitLab