Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

Bluetooth: Introduce new security level

Browse source 
Define new security level BT_SECURITY_VERY_HIGH
for BT-SAP secuirty requirements

Change-Id: Iee1f60def34d64174c71934ecf55319cee087c13
Signed-off-by: Bhakthavatsala Raghavendra <braghave@codeaurora.org>
This commit is contained in:
Bhakthavatsala Raghavendra 2013-02-12 19:44:47 +05:30 committed by Iliyan Malchev
parent 36566070dc
commit 296f7ed251
6 changed files with 24 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/net/bluetooth/bluetooth.h
View file

@ -1,6 +1,6 @@
/* /*
BlueZ - Bluetooth protocol stack for Linux BlueZ - Bluetooth protocol stack for Linux
Copyright (c) 2000-2001, 2010-2012 The Linux Foundation. All rights reserved. Copyright (c) 2000-2001, 2010-2013 The Linux Foundation. All rights reserved.
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
@ -63,6 +63,7 @@ struct bt_security {
#define BT_SECURITY_LOW 1 #define BT_SECURITY_LOW 1
#define BT_SECURITY_MEDIUM 2 #define BT_SECURITY_MEDIUM 2
#define BT_SECURITY_HIGH 3 #define BT_SECURITY_HIGH 3
#define BT_SECURITY_VERY_HIGH 4
#define BT_DEFER_SETUP 7 #define BT_DEFER_SETUP 7
#define BT_FLUSHABLE 8 #define BT_FLUSHABLE 8

10
net/bluetooth/hci_event.c
View file

@ -1,6 +1,6 @@
/* /*
BlueZ - Bluetooth protocol stack for Linux BlueZ - Bluetooth protocol stack for Linux
Copyright (c) 2000-2001, 2010-2012 The Linux Foundation. All rights reserved. Copyright (c) 2000-2001, 2010-2013 The Linux Foundation. All rights reserved.
Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
@ -2046,7 +2046,7 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
sizeof(cp), &cp); sizeof(cp), &cp);
goto unlock; goto unlock;
} else if (!(lmp_ssp_capable(conn)) && conn->auth_initiator && } else if (!(lmp_ssp_capable(conn)) && conn->auth_initiator &&
(conn->pending_sec_level == BT_SECURITY_HIGH)) { (conn->pending_sec_level == BT_SECURITY_VERY_HIGH)) {
conn->pending_sec_level = BT_SECURITY_MEDIUM; conn->pending_sec_level = BT_SECURITY_MEDIUM;
} }
@ -2853,14 +2853,14 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
conn->ssp_mode = (ev->features[0] & 0x01); conn->ssp_mode = (ev->features[0] & 0x01);
/*In case if remote device ssp supported/2.0 device /*In case if remote device ssp supported/2.0 device
reduce the security level to MEDIUM if it is HIGH*/ reduce the security level to MEDIUM if it is VERY HIGH*/
if (!conn->ssp_mode && conn->auth_initiator && if (!conn->ssp_mode && conn->auth_initiator &&
(conn->pending_sec_level == BT_SECURITY_HIGH)) (conn->pending_sec_level == BT_SECURITY_VERY_HIGH))
conn->pending_sec_level = BT_SECURITY_MEDIUM; conn->pending_sec_level = BT_SECURITY_MEDIUM;
if (conn->ssp_mode && conn->auth_initiator && if (conn->ssp_mode && conn->auth_initiator &&
conn->io_capability != 0x03) { conn->io_capability != 0x03) {
conn->pending_sec_level = BT_SECURITY_HIGH; conn->pending_sec_level = BT_SECURITY_VERY_HIGH;
conn->auth_type = HCI_AT_DEDICATED_BONDING_MITM; conn->auth_type = HCI_AT_DEDICATED_BONDING_MITM;
} }
} }

10
net/bluetooth/l2cap_core.c
View file

@ -1,6 +1,6 @@
/* /*
BlueZ - Bluetooth protocol stack for Linux BlueZ - Bluetooth protocol stack for Linux
Copyright (c) 2000-2001, 2010-2012 The Linux Foundation. All rights reserved. Copyright (c) 2000-2001, 2010-2013 The Linux Foundation. All rights reserved.
Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org> Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
Copyright (C) 2010 Google Inc. Copyright (C) 2010 Google Inc.
@ -610,6 +610,7 @@ static inline u8 l2cap_get_auth_type(struct sock *sk)
{ {
if (sk->sk_type == SOCK_RAW) { if (sk->sk_type == SOCK_RAW) {
switch (l2cap_pi(sk)->sec_level) { switch (l2cap_pi(sk)->sec_level) {
case BT_SECURITY_VERY_HIGH:
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
return HCI_AT_DEDICATED_BONDING_MITM; return HCI_AT_DEDICATED_BONDING_MITM;
case BT_SECURITY_MEDIUM: case BT_SECURITY_MEDIUM:
@ -621,12 +622,14 @@ static inline u8 l2cap_get_auth_type(struct sock *sk)
if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH ||
l2cap_pi(sk)->sec_level == BT_SECURITY_VERY_HIGH)
return HCI_AT_NO_BONDING_MITM; return HCI_AT_NO_BONDING_MITM;
else else
return HCI_AT_NO_BONDING; return HCI_AT_NO_BONDING;
} else { } else {
switch (l2cap_pi(sk)->sec_level) { switch (l2cap_pi(sk)->sec_level) {
case BT_SECURITY_VERY_HIGH:
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
return HCI_AT_GENERAL_BONDING_MITM; return HCI_AT_GENERAL_BONDING_MITM;
case BT_SECURITY_MEDIUM: case BT_SECURITY_MEDIUM:
@ -7533,7 +7536,8 @@ static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) { if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
l2cap_sock_clear_timer(sk); l2cap_sock_clear_timer(sk);
l2cap_sock_set_timer(sk, HZ * 5); l2cap_sock_set_timer(sk, HZ * 5);
} else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH ||
l2cap_pi(sk)->sec_level == BT_SECURITY_VERY_HIGH)
__l2cap_sock_close(sk, ECONNREFUSED); __l2cap_sock_close(sk, ECONNREFUSED);
} else { } else {
if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)

5
net/bluetooth/rfcomm/core.c
View file

@ -1,5 +1,6 @@
/* /*
RFCOMM implementation for Linux Bluetooth stack (BlueZ). RFCOMM implementation for Linux Bluetooth stack (BlueZ).
Copyright (c) 2013 The Linux Foundation. All rights reserved.
Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
@ -262,6 +263,7 @@ static inline int rfcomm_check_security(struct rfcomm_dlc *d)
__u8 auth_type; __u8 auth_type;
switch (d->sec_level) { switch (d->sec_level) {
case BT_SECURITY_VERY_HIGH:
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
auth_type = HCI_AT_GENERAL_BONDING_MITM; auth_type = HCI_AT_GENERAL_BONDING_MITM;
break; break;
@ -2163,7 +2165,8 @@ static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
set_bit(RFCOMM_SEC_PENDING, &d->flags); set_bit(RFCOMM_SEC_PENDING, &d->flags);
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
continue; continue;
} else if (d->sec_level == BT_SECURITY_HIGH) { } else if (d->sec_level == BT_SECURITY_HIGH ||
d->sec_level == BT_SECURITY_VERY_HIGH) {
__rfcomm_dlc_close(d, ECONNREFUSED); __rfcomm_dlc_close(d, ECONNREFUSED);
continue; continue;
} }

5
net/bluetooth/rfcomm/sock.c
View file

@ -1,5 +1,6 @@
/* /*
RFCOMM implementation for Linux Bluetooth stack (BlueZ). RFCOMM implementation for Linux Bluetooth stack (BlueZ).
Copyright (c) 2013 The Linux Foundation. All rights reserved.
Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
@ -707,12 +708,13 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
break; break;
} }
if (sec.level > BT_SECURITY_HIGH) { if (sec.level > BT_SECURITY_VERY_HIGH) {
err = -EINVAL; err = -EINVAL;
break; break;
} }
rfcomm_pi(sk)->sec_level = sec.level; rfcomm_pi(sk)->sec_level = sec.level;
BT_DBG("set to %d", sec.level);
break; break;
case BT_DEFER_SETUP: case BT_DEFER_SETUP:
@ -763,6 +765,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT;
break; break;
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
case BT_SECURITY_VERY_HIGH:
opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT |
RFCOMM_LM_SECURE; RFCOMM_LM_SECURE;
break; break;

2
net/bluetooth/smp.c
View file

@ -1,5 +1,6 @@
/* /*
BlueZ - Bluetooth protocol stack for Linux BlueZ - Bluetooth protocol stack for Linux
Copyright (c) 2013 The Linux Foundation. All rights reserved.
Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
@ -213,6 +214,7 @@ static __u8 authreq_to_seclevel(__u8 authreq)
static __u8 seclevel_to_authreq(__u8 level) static __u8 seclevel_to_authreq(__u8 level)
{ {
switch (level) { switch (level) {
case BT_SECURITY_VERY_HIGH:
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
return SMP_AUTH_MITM | SMP_AUTH_BONDING; return SMP_AUTH_MITM | SMP_AUTH_BONDING;