Split function to set_security() and set_auth_type(). Set_security()
will be used in public API.
---
android/gatt.c | 51 +++++++++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/android/gatt.c b/android/gatt.c
index 2ddbf29..31558d0 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -2832,27 +2832,12 @@ static int get_sec_level(struct gatt_device *dev)
return sec_level;
}
-static bool set_security(struct gatt_device *device, int auth_type)
+static bool set_security(struct gatt_device *device, int req_sec_level)
{
- int req_sec_level, sec_level;
+ int sec_level;
GError *gerr = NULL;
GIOChannel *io;
- switch (auth_type) {
- case HAL_GATT_AUTHENTICATION_MITM:
- req_sec_level = BT_SECURITY_HIGH;
- break;
- case HAL_GATT_AUTHENTICATION_NO_MITM:
- req_sec_level = BT_SECURITY_MEDIUM;
- break;
- case HAL_GATT_AUTHENTICATION_NONE:
- req_sec_level = BT_SECURITY_LOW;
- break;
- default:
- error("gatt: Invalid auth_type value: %d", auth_type);
- return false;
- }
-
sec_level = get_sec_level(device);
if (sec_level < 0)
return false;
@@ -2875,6 +2860,28 @@ static bool set_security(struct gatt_device *device, int auth_type)
return true;
}
+static bool set_auth_type(struct gatt_device *device, int auth_type)
+{
+ int sec_level;
+
+ switch (auth_type) {
+ case HAL_GATT_AUTHENTICATION_MITM:
+ sec_level = BT_SECURITY_HIGH;
+ break;
+ case HAL_GATT_AUTHENTICATION_NO_MITM:
+ sec_level = BT_SECURITY_MEDIUM;
+ break;
+ case HAL_GATT_AUTHENTICATION_NONE:
+ sec_level = BT_SECURITY_LOW;
+ break;
+ default:
+ error("gatt: Invalid auth_type value: %d", auth_type);
+ return false;
+ }
+
+ return set_security(device, sec_level);
+}
+
static void handle_client_read_characteristic(const void *buf, uint16_t len)
{
const struct hal_cmd_gatt_client_read_characteristic *cmd = buf;
@@ -2915,7 +2922,7 @@ static void handle_client_read_characteristic(const void *buf, uint16_t len)
goto failed;
}
- if (!set_security(conn->device, cmd->auth_req)) {
+ if (!set_auth_type(conn->device, cmd->auth_req)) {
error("gatt: Failed to set security %d", cmd->auth_req);
status = HAL_STATUS_FAILED;
free(cb_data);
@@ -3052,7 +3059,7 @@ static void handle_client_write_characteristic(const void *buf, uint16_t len)
}
}
- if (!set_security(conn->device, cmd->auth_req)) {
+ if (!set_auth_type(conn->device, cmd->auth_req)) {
error("gatt: Failed to set security %d", cmd->auth_req);
status = HAL_STATUS_FAILED;
goto failed;
@@ -3267,7 +3274,7 @@ static void handle_client_read_descriptor(const void *buf, uint16_t len)
goto failed;
}
- if (!set_security(conn->device, cmd->auth_req)) {
+ if (!set_auth_type(conn->device, cmd->auth_req)) {
error("gatt: Failed to set security %d", cmd->auth_req);
status = HAL_STATUS_FAILED;
free(cb_data);
@@ -3399,7 +3406,7 @@ static void handle_client_write_descriptor(const void *buf, uint16_t len)
}
}
- if (!set_security(conn->device, cmd->auth_req)) {
+ if (!set_auth_type(conn->device, cmd->auth_req)) {
error("gatt: Failed to set security %d", cmd->auth_req);
status = HAL_STATUS_FAILED;
goto failed;
@@ -3882,7 +3889,7 @@ static uint8_t test_increase_security(bdaddr_t *bdaddr, uint16_t u1)
if (!device)
return HAL_STATUS_FAILED;
- if (!set_security(device, u1))
+ if (!set_auth_type(device, u1))
return HAL_STATUS_FAILED;
return HAL_STATUS_SUCCESS;
--
1.9.3
Hi Luiz,
>>>> Set BT_SEC_LOW for all LE connections. Only specific profiles need
>>>> higher security, now it is possible to elevate security with public
>>>> GATT API.
>>>> ---
>>>> android/gatt.c | 6 +-----
>>>> 1 file changed, 1 insertion(+), 5 deletions(-)
>>>>
>>>> diff --git a/android/gatt.c b/android/gatt.c
>>>> index 49ca2b6..11d7a2c 100644
>>>> --- a/android/gatt.c
>>>> +++ b/android/gatt.c
>>>> @@ -1433,7 +1433,6 @@ reply:
>>>>
>>>> static int connect_le(struct gatt_device *dev)
>>>> {
>>>> - BtIOSecLevel sec_level;
>>>> GIOChannel *io;
>>>> GError *gerr = NULL;
>>>> char addr[18];
>>>> @@ -1450,9 +1449,6 @@ static int connect_le(struct gatt_device *dev)
>>>>
>>>> DBG("Connection attempt to: %s", addr);
>>>>
>>>> - sec_level = bt_device_is_bonded(&dev->bdaddr) ? BT_IO_SEC_MEDIUM :
>>>> - BT_IO_SEC_LOW;
>>>> -
>>>> /*
>>>> * If address type is random it might be that IRK was received and
>>>> * random is just for faking Android Framework. ID address should be
>>>> @@ -1478,7 +1474,7 @@ static int connect_le(struct gatt_device *dev)
>>>> BT_IO_OPT_DEST_BDADDR, bdaddr,
>>>> BT_IO_OPT_DEST_TYPE, bdaddr_type,
>>>> BT_IO_OPT_CID, ATT_CID,
>>>> - BT_IO_OPT_SEC_LEVEL, sec_level,
>>>> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>>>> BT_IO_OPT_INVALID);
>>>> if (!io) {
>>>> error("gatt: Failed bt_io_connect(%s): %s", addr,
>>>> --
>>>> 1.9.3
>>>
>>> This does not work for HoG:
>>>
>>> "If the HID Host receives the L2CAP Connection Parameter Update
>>> request but has not
>>> yet completed service discovery or has not completed encryption, the
>>> HID Host may
>>> send the L2CAP Connection Parameter Update Response with the Result field
>>> indicating that the request has been rejected."
>>>
>>
>> I think that with "[PATCH 3/5] anroid/hidhost: Set security to MEDUIM
>> after connect" there is no issue with HOG.
>> That patch basically triggers pairing or enable encryption (if device
>> are bonded) just after LE link is created.
>
> It depends when the connection parameter update is sent, if it is
> before the userspace can upgrade the security requirement and the
> remote device rejects it then it might never update. Anyway, the
> argument bellow still stand, why would you have LTK distributed and
> not encrypt?
>
> Id say the very purpose of signed writes is meant for when you don't
> have LTK, but perhaps Im missing something.
the signed write is designed for the case where you only have to do a single/minimal write operation. It is also important to note that the value origin can only be authenticated. It is not encrypted. So if you are worried that someone will see your data, then signed write is not what you want.
For LE HID devices, the only option is to enable encryption right after connection. There is really no point to let a HID device start unencrypted.
Regards
Marcel
Hi Lukasz,
On Wed, Jul 30, 2014 at 2:37 PM, Lukasz Rymanowski
<[email protected]> wrote:
> Hi Luiz,
>
> On Wed, Jul 30, 2014 at 12:41 PM, Luiz Augusto von Dentz
> <[email protected]> wrote:
>> Hi Marcin,
>>
>> On Wed, Jul 30, 2014 at 12:38 PM, Marcin Kraglak
>> <[email protected]> wrote:
>>> Set BT_SEC_LOW for all LE connections. Only specific profiles need
>>> higher security, now it is possible to elevate security with public
>>> GATT API.
>>> ---
>>> android/gatt.c | 6 +-----
>>> 1 file changed, 1 insertion(+), 5 deletions(-)
>>>
>>> diff --git a/android/gatt.c b/android/gatt.c
>>> index 49ca2b6..11d7a2c 100644
>>> --- a/android/gatt.c
>>> +++ b/android/gatt.c
>>> @@ -1433,7 +1433,6 @@ reply:
>>>
>>> static int connect_le(struct gatt_device *dev)
>>> {
>>> - BtIOSecLevel sec_level;
>>> GIOChannel *io;
>>> GError *gerr = NULL;
>>> char addr[18];
>>> @@ -1450,9 +1449,6 @@ static int connect_le(struct gatt_device *dev)
>>>
>>> DBG("Connection attempt to: %s", addr);
>>>
>>> - sec_level = bt_device_is_bonded(&dev->bdaddr) ? BT_IO_SEC_MEDIUM :
>>> - BT_IO_SEC_LOW;
>>> -
>>> /*
>>> * If address type is random it might be that IRK was received and
>>> * random is just for faking Android Framework. ID address should be
>>> @@ -1478,7 +1474,7 @@ static int connect_le(struct gatt_device *dev)
>>> BT_IO_OPT_DEST_BDADDR, bdaddr,
>>> BT_IO_OPT_DEST_TYPE, bdaddr_type,
>>> BT_IO_OPT_CID, ATT_CID,
>>> - BT_IO_OPT_SEC_LEVEL, sec_level,
>>> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>>> BT_IO_OPT_INVALID);
>>> if (!io) {
>>> error("gatt: Failed bt_io_connect(%s): %s", addr,
>>> --
>>> 1.9.3
>>
>> This does not work for HoG:
>>
>> "If the HID Host receives the L2CAP Connection Parameter Update
>> request but has not
>> yet completed service discovery or has not completed encryption, the
>> HID Host may
>> send the L2CAP Connection Parameter Update Response with the Result field
>> indicating that the request has been rejected."
>>
>
> I think that with "[PATCH 3/5] anroid/hidhost: Set security to MEDUIM
> after connect" there is no issue with HOG.
> That patch basically triggers pairing or enable encryption (if device
> are bonded) just after LE link is created.
It depends when the connection parameter update is sent, if it is
before the userspace can upgrade the security requirement and the
remote device rejects it then it might never update. Anyway, the
argument bellow still stand, why would you have LTK distributed and
not encrypt?
Id say the very purpose of signed writes is meant for when you don't
have LTK, but perhaps Im missing something.
>> IMO what we should do instead is pass what security level we want
>> based on the profiles that has requested the connection, in case of
>> HoG then we can set medium security and other might set it to low,
>> note that elevating security later is less secure then having it from
>> the start so I hope this is not just to fulfill some stupid PTS test
>> that does bonding but requires not to encrypt.
>>
>>
>> --
>> Luiz Augusto von Dentz
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> BR
> Lukasz
--
Luiz Augusto von Dentz
Hi Luiz,
On Wed, Jul 30, 2014 at 12:41 PM, Luiz Augusto von Dentz
<[email protected]> wrote:
> Hi Marcin,
>
> On Wed, Jul 30, 2014 at 12:38 PM, Marcin Kraglak
> <[email protected]> wrote:
>> Set BT_SEC_LOW for all LE connections. Only specific profiles need
>> higher security, now it is possible to elevate security with public
>> GATT API.
>> ---
>> android/gatt.c | 6 +-----
>> 1 file changed, 1 insertion(+), 5 deletions(-)
>>
>> diff --git a/android/gatt.c b/android/gatt.c
>> index 49ca2b6..11d7a2c 100644
>> --- a/android/gatt.c
>> +++ b/android/gatt.c
>> @@ -1433,7 +1433,6 @@ reply:
>>
>> static int connect_le(struct gatt_device *dev)
>> {
>> - BtIOSecLevel sec_level;
>> GIOChannel *io;
>> GError *gerr = NULL;
>> char addr[18];
>> @@ -1450,9 +1449,6 @@ static int connect_le(struct gatt_device *dev)
>>
>> DBG("Connection attempt to: %s", addr);
>>
>> - sec_level = bt_device_is_bonded(&dev->bdaddr) ? BT_IO_SEC_MEDIUM :
>> - BT_IO_SEC_LOW;
>> -
>> /*
>> * If address type is random it might be that IRK was received and
>> * random is just for faking Android Framework. ID address should be
>> @@ -1478,7 +1474,7 @@ static int connect_le(struct gatt_device *dev)
>> BT_IO_OPT_DEST_BDADDR, bdaddr,
>> BT_IO_OPT_DEST_TYPE, bdaddr_type,
>> BT_IO_OPT_CID, ATT_CID,
>> - BT_IO_OPT_SEC_LEVEL, sec_level,
>> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
>> BT_IO_OPT_INVALID);
>> if (!io) {
>> error("gatt: Failed bt_io_connect(%s): %s", addr,
>> --
>> 1.9.3
>
> This does not work for HoG:
>
> "If the HID Host receives the L2CAP Connection Parameter Update
> request but has not
> yet completed service discovery or has not completed encryption, the
> HID Host may
> send the L2CAP Connection Parameter Update Response with the Result field
> indicating that the request has been rejected."
>
I think that with "[PATCH 3/5] anroid/hidhost: Set security to MEDUIM
after connect" there is no issue with HOG.
That patch basically triggers pairing or enable encryption (if device
are bonded) just after LE link is created.
> IMO what we should do instead is pass what security level we want
> based on the profiles that has requested the connection, in case of
> HoG then we can set medium security and other might set it to low,
> note that elevating security later is less secure then having it from
> the start so I hope this is not just to fulfill some stupid PTS test
> that does bonding but requires not to encrypt.
>
>
> --
> Luiz Augusto von Dentz
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
BR
Lukasz
Hi Marcin,
On Wed, Jul 30, 2014 at 12:38 PM, Marcin Kraglak
<[email protected]> wrote:
> Set BT_SEC_LOW for all LE connections. Only specific profiles need
> higher security, now it is possible to elevate security with public
> GATT API.
> ---
> android/gatt.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/android/gatt.c b/android/gatt.c
> index 49ca2b6..11d7a2c 100644
> --- a/android/gatt.c
> +++ b/android/gatt.c
> @@ -1433,7 +1433,6 @@ reply:
>
> static int connect_le(struct gatt_device *dev)
> {
> - BtIOSecLevel sec_level;
> GIOChannel *io;
> GError *gerr = NULL;
> char addr[18];
> @@ -1450,9 +1449,6 @@ static int connect_le(struct gatt_device *dev)
>
> DBG("Connection attempt to: %s", addr);
>
> - sec_level = bt_device_is_bonded(&dev->bdaddr) ? BT_IO_SEC_MEDIUM :
> - BT_IO_SEC_LOW;
> -
> /*
> * If address type is random it might be that IRK was received and
> * random is just for faking Android Framework. ID address should be
> @@ -1478,7 +1474,7 @@ static int connect_le(struct gatt_device *dev)
> BT_IO_OPT_DEST_BDADDR, bdaddr,
> BT_IO_OPT_DEST_TYPE, bdaddr_type,
> BT_IO_OPT_CID, ATT_CID,
> - BT_IO_OPT_SEC_LEVEL, sec_level,
> + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
> BT_IO_OPT_INVALID);
> if (!io) {
> error("gatt: Failed bt_io_connect(%s): %s", addr,
> --
> 1.9.3
This does not work for HoG:
"If the HID Host receives the L2CAP Connection Parameter Update
request but has not
yet completed service discovery or has not completed encryption, the
HID Host may
send the L2CAP Connection Parameter Update Response with the Result field
indicating that the request has been rejected."
IMO what we should do instead is pass what security level we want
based on the profiles that has requested the connection, in case of
HoG then we can set medium security and other might set it to low,
note that elevating security later is less secure then having it from
the start so I hope this is not just to fulfill some stupid PTS test
that does bonding but requires not to encrypt.
--
Luiz Augusto von Dentz
Hi Marcin,
On Wednesday 30 of July 2014 11:38:46 Marcin Kraglak wrote:
> Split function to set_security() and set_auth_type(). Set_security()
> will be used in public API.
> ---
> android/gatt.c | 51 +++++++++++++++++++++++++++++----------------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/android/gatt.c b/android/gatt.c
> index 2ddbf29..31558d0 100644
> --- a/android/gatt.c
> +++ b/android/gatt.c
> @@ -2832,27 +2832,12 @@ static int get_sec_level(struct gatt_device *dev)
> return sec_level;
> }
>
> -static bool set_security(struct gatt_device *device, int auth_type)
> +static bool set_security(struct gatt_device *device, int req_sec_level)
> {
> - int req_sec_level, sec_level;
> + int sec_level;
> GError *gerr = NULL;
> GIOChannel *io;
>
> - switch (auth_type) {
> - case HAL_GATT_AUTHENTICATION_MITM:
> - req_sec_level = BT_SECURITY_HIGH;
> - break;
> - case HAL_GATT_AUTHENTICATION_NO_MITM:
> - req_sec_level = BT_SECURITY_MEDIUM;
> - break;
> - case HAL_GATT_AUTHENTICATION_NONE:
> - req_sec_level = BT_SECURITY_LOW;
> - break;
> - default:
> - error("gatt: Invalid auth_type value: %d", auth_type);
> - return false;
> - }
> -
> sec_level = get_sec_level(device);
> if (sec_level < 0)
> return false;
> @@ -2875,6 +2860,28 @@ static bool set_security(struct gatt_device *device, int auth_type)
> return true;
> }
>
> +static bool set_auth_type(struct gatt_device *device, int auth_type)
> +{
> + int sec_level;
> +
> + switch (auth_type) {
> + case HAL_GATT_AUTHENTICATION_MITM:
> + sec_level = BT_SECURITY_HIGH;
> + break;
> + case HAL_GATT_AUTHENTICATION_NO_MITM:
> + sec_level = BT_SECURITY_MEDIUM;
> + break;
> + case HAL_GATT_AUTHENTICATION_NONE:
> + sec_level = BT_SECURITY_LOW;
> + break;
> + default:
> + error("gatt: Invalid auth_type value: %d", auth_type);
> + return false;
> + }
> +
> + return set_security(device, sec_level);
> +}
> +
> static void handle_client_read_characteristic(const void *buf, uint16_t len)
> {
> const struct hal_cmd_gatt_client_read_characteristic *cmd = buf;
> @@ -2915,7 +2922,7 @@ static void handle_client_read_characteristic(const void *buf, uint16_t len)
> goto failed;
> }
>
> - if (!set_security(conn->device, cmd->auth_req)) {
> + if (!set_auth_type(conn->device, cmd->auth_req)) {
> error("gatt: Failed to set security %d", cmd->auth_req);
> status = HAL_STATUS_FAILED;
> free(cb_data);
> @@ -3052,7 +3059,7 @@ static void handle_client_write_characteristic(const void *buf, uint16_t len)
> }
> }
>
> - if (!set_security(conn->device, cmd->auth_req)) {
> + if (!set_auth_type(conn->device, cmd->auth_req)) {
> error("gatt: Failed to set security %d", cmd->auth_req);
> status = HAL_STATUS_FAILED;
> goto failed;
> @@ -3267,7 +3274,7 @@ static void handle_client_read_descriptor(const void *buf, uint16_t len)
> goto failed;
> }
>
> - if (!set_security(conn->device, cmd->auth_req)) {
> + if (!set_auth_type(conn->device, cmd->auth_req)) {
> error("gatt: Failed to set security %d", cmd->auth_req);
> status = HAL_STATUS_FAILED;
> free(cb_data);
> @@ -3399,7 +3406,7 @@ static void handle_client_write_descriptor(const void *buf, uint16_t len)
> }
> }
>
> - if (!set_security(conn->device, cmd->auth_req)) {
> + if (!set_auth_type(conn->device, cmd->auth_req)) {
> error("gatt: Failed to set security %d", cmd->auth_req);
> status = HAL_STATUS_FAILED;
> goto failed;
> @@ -3882,7 +3889,7 @@ static uint8_t test_increase_security(bdaddr_t *bdaddr, uint16_t u1)
> if (!device)
> return HAL_STATUS_FAILED;
>
> - if (!set_security(device, u1))
> + if (!set_auth_type(device, u1))
> return HAL_STATUS_FAILED;
>
> return HAL_STATUS_SUCCESS;
>
All 5 patches applied. Thanks.
--
Best regards,
Szymon Janc
It will allow to change security from external profile,
for example in hog implementation.
---
android/gatt.c | 11 +++++++++++
android/gatt.h | 1 +
2 files changed, 12 insertions(+)
diff --git a/android/gatt.c b/android/gatt.c
index 31558d0..49ca2b6 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -2860,6 +2860,17 @@ static bool set_security(struct gatt_device *device, int req_sec_level)
return true;
}
+bool bt_gatt_set_security(const bdaddr_t *bdaddr, int sec_level)
+{
+ struct gatt_device *device;
+
+ device = find_device_by_addr(bdaddr);
+ if (!device)
+ return false;
+
+ return set_security(device, sec_level);
+}
+
static bool set_auth_type(struct gatt_device *device, int auth_type)
{
int sec_level;
diff --git a/android/gatt.h b/android/gatt.h
index 5ba9161..027dda3 100644
--- a/android/gatt.h
+++ b/android/gatt.h
@@ -38,3 +38,4 @@ bool bt_gatt_unregister_app(unsigned int id);
bool bt_gatt_connect_app(unsigned int id, const bdaddr_t *addr);
bool bt_gatt_disconnect_app(unsigned int id, const bdaddr_t *addr);
+bool bt_gatt_set_security(const bdaddr_t *bdaddr, int sec_level);
--
1.9.3
---
android/bluetooth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/android/bluetooth.c b/android/bluetooth.c
index 563a743..a8d85ce 100644
--- a/android/bluetooth.c
+++ b/android/bluetooth.c
@@ -2318,7 +2318,7 @@ static void load_ltks(GSList *ltks)
cp->key_count = htobs(ltk_count);
for (l = ltks, ltk = cp->keys; l != NULL; l = g_slist_next(l), ltk++)
- memcpy(ltk, ltks->data, sizeof(*ltk));
+ memcpy(ltk, l->data, sizeof(*ltk));
if (mgmt_send(mgmt_if, MGMT_OP_LOAD_LONG_TERM_KEYS, adapter.index,
cp_size, cp, load_ltk_complete, NULL, NULL) == 0)
--
1.9.3
Set BT_SEC_LOW for all LE connections. Only specific profiles need
higher security, now it is possible to elevate security with public
GATT API.
---
android/gatt.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/android/gatt.c b/android/gatt.c
index 49ca2b6..11d7a2c 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -1433,7 +1433,6 @@ reply:
static int connect_le(struct gatt_device *dev)
{
- BtIOSecLevel sec_level;
GIOChannel *io;
GError *gerr = NULL;
char addr[18];
@@ -1450,9 +1449,6 @@ static int connect_le(struct gatt_device *dev)
DBG("Connection attempt to: %s", addr);
- sec_level = bt_device_is_bonded(&dev->bdaddr) ? BT_IO_SEC_MEDIUM :
- BT_IO_SEC_LOW;
-
/*
* If address type is random it might be that IRK was received and
* random is just for faking Android Framework. ID address should be
@@ -1478,7 +1474,7 @@ static int connect_le(struct gatt_device *dev)
BT_IO_OPT_DEST_BDADDR, bdaddr,
BT_IO_OPT_DEST_TYPE, bdaddr_type,
BT_IO_OPT_CID, ATT_CID,
- BT_IO_OPT_SEC_LEVEL, sec_level,
+ BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
BT_IO_OPT_INVALID);
if (!io) {
error("gatt: Failed bt_io_connect(%s): %s", addr,
--
1.9.3
According to spec connection with HoG device should always be
encrypted.
---
android/hidhost.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/android/hidhost.c b/android/hidhost.c
index 4b718c6..da5f818 100644
--- a/android/hidhost.c
+++ b/android/hidhost.c
@@ -802,6 +802,11 @@ static void hog_conn_cb(const bdaddr_t *addr, int err, void *attrib)
goto fail;
}
+ if (!bt_gatt_set_security(addr, BT_IO_SEC_MEDIUM)) {
+ error("Failed to set security level");
+ goto fail;
+ }
+
DBG("");
bt_hid_notify_state(dev, HAL_HIDHOST_STATE_CONNECTED);
--
1.9.3