Don't enforce Authenticated Link key (MITM protection) on PBAP.
Gory Details:
SecureRfcomm API => authentication is true and encyrption is true. (HIGH)
InSecureRfcomm API => authentication is false and encryption is true. (MEDIUM)
The authentication above refers to the authentication of the link
key i.e prevention of MITM attacks.
Bluetooth 2.0 legacy pairing doesn't provide MITM protection.
Bluetooth 2.1 -> If pairing is done with MITM protection already,
this doesn't matter. If pairing is NOT done with MITM protection
we have the same security as the other core profiles. It dones't make
sense to enfore MITM for this profile while having Handsfree profile
to not have MITM i.e some attacker can listen in on conversations.
Why are we changing this now: More headsets with 2.1 and No Input/Output
have started to support PBAP. So we pair without MITM with them and then
when the PBAP request comes it fails because we need MITM protection and
we try to exchange keys (i.e pair again)
The headset don't allow pairing to happen at any time because its a security
issue and hence PBAP request fails.
Change-Id: Ia80c15c545e9396e7c6882b731c90a8ede119827
1 file changed