diff options
author | Hansong Zhang <hsz@google.com> | 2021-07-27 17:08:00 -0700 |
---|---|---|
committer | Hansong Zhang <hsz@google.com> | 2021-07-28 17:27:20 +0000 |
commit | f4a911c0de8a29437c4a90eb30caa0081bf382e8 (patch) | |
tree | 84cd8425280bd0b9982e3866bb3210aad2e243da | |
parent | ab4c8a15b628d125ec78c77b78c1123a108331d5 (diff) | |
download | bt-f4a911c0de8a29437c4a90eb30caa0081bf382e8.tar.gz |
Fix L2cap LE COC security record leaks
- When we are client, we don't need to register security during L2cap
registration.
- When we are done, we clean up security record by PSM; Service ID might
be invalid.
- Once the btif topshim facade initial commit is done, we can repro this
and verify the fix with test automation.
Tag: #stability
Bug: 193142224
Test: CtsVerifier LE COC Client for many times; later we will have an
automated test for this
Change-Id: I90fd23ce26c65ca3314e0754a2630d3f63c5d5d8
Merged-In: I90fd23ce26c65ca3314e0754a2630d3f63c5d5d8
-rw-r--r-- | stack/gap/gap_conn.cc | 2 | ||||
-rw-r--r-- | stack/l2cap/l2c_api.cc | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/stack/gap/gap_conn.cc b/stack/gap/gap_conn.cc index 52b15318f..0f0026f71 100644 --- a/stack/gap/gap_conn.cc +++ b/stack/gap/gap_conn.cc @@ -994,7 +994,7 @@ static void gap_release_ccb(tGAP_CCB* p_ccb) { } /* Free the security record for this PSM */ - BTM_SecClrService(p_ccb->service_id); + BTM_SecClrServiceByPsm(p_ccb->psm); if (p_ccb->transport == BT_TRANSPORT_BR_EDR) L2CA_Deregister(p_ccb->psm); if (p_ccb->transport == BT_TRANSPORT_LE) L2CA_DeregisterLECoc(p_ccb->psm); } diff --git a/stack/l2cap/l2c_api.cc b/stack/l2cap/l2c_api.cc index 198ccf7e8..43aab5fd6 100644 --- a/stack/l2cap/l2c_api.cc +++ b/stack/l2cap/l2c_api.cc @@ -382,7 +382,11 @@ uint16_t L2CA_RegisterLECoc(uint16_t psm, const tL2CAP_APPL_INFO& p_cb_info, return bluetooth::shim::L2CA_RegisterLECoc(psm, p_cb_info, sec_level, cfg); } - BTM_SetSecurityLevel(false, "", 0, sec_level, psm, 0, 0); + if (p_cb_info.pL2CA_ConnectInd_Cb != nullptr && psm < LE_DYNAMIC_PSM_START) { + // If we register LE COC for outgoing connection only, don't register with + // BTM_Sec, because it's handled by L2CA_ConnectLECocReq. + BTM_SetSecurityLevel(false, "", 0, sec_level, psm, 0, 0); + } /* Verify that the required callback info has been filled in ** Note: Connection callbacks are required but not checked |