commit | af56aecd8910c605cc06f0cd9d4b5c257240883e | [log] [tgz] |
---|---|---|
author | Teow Wan Yee <wy.teow@hi-p.com> | Wed Oct 12 10:53:27 2016 +0800 |
committer | Teow Wan Yee <wy.teow@hi-p.com> | Wed Oct 12 10:53:27 2016 +0800 |
tree | 56ecab7229bbfdf5a61dbb686561e2bdda775ceb | |
parent | b8df996924e142596f9cbd0ca7fe0690bb2a996c [diff] |
FPII-2484: Elevation of privilege vulnerability in Bluetooth CVE-2016-6719 A-29043989 A third-party application can pair with any Bluetooth device without user interaction. The application can listen for bond state changes and call setPairingConfirmation before the dialog is displayed to the user. The fix is designed to restrict setPairingConfirmation to require the BLUETOOTH_PRIVILEGED permission. Change-Id: Ib22560f2c9e7e8144ca9cc3bb1b03911e08a0f45