From ac1f8dd88a46da193b9226724a3ac60a0876598a Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz Date: Wed, 26 Mar 2025 11:49:16 -0400 Subject: [PATCH] shared/att: Make bt_att_set_security never downgrade security level Requesting a lower security level than existing one shall result in no operation since higher security satisfy a lower one and it is never a good practice to allow downgrading security to begin with. --- src/shared/att.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/shared/att.c b/src/shared/att.c index dabbdb431..8657cb642 100644 --- a/src/shared/att.c +++ b/src/shared/att.c @@ -727,7 +727,11 @@ static bool bt_att_chan_set_security(struct bt_att_chan *chan, int level) { struct bt_security sec; - if (level == bt_att_chan_get_security(chan)) + /* Check if security level has already been set, if the security level + * is higher it shall satisfy the request since we never want to + * downgrade security. + */ + if (level <= bt_att_chan_get_security(chan)) return true; if (chan->type == BT_ATT_LOCAL) { -- 2.47.3