af56aecd8910c605cc06f0cd9d4b5c257240883e - fp2-dev/platform/packages/apps/Bluetooth

commit	af56aecd8910c605cc06f0cd9d4b5c257240883e	[log] [tgz]
author	Teow Wan Yee <wy.teow@hi-p.com>	Wed Oct 12 10:53:27 2016 +0800
committer	Teow Wan Yee <wy.teow@hi-p.com>	Wed Oct 12 10:53:27 2016 +0800
tree	56ecab7229bbfdf5a61dbb686561e2bdda775ceb
parent	b8df996924e142596f9cbd0ca7fe0690bb2a996c [diff]

FPII-2484: Elevation of privilege vulnerability in Bluetooth CVE-2016-6719 A-29043989

A third-party application can pair with any Bluetooth device without user interaction.
The application can listen for bond state changes and call setPairingConfirmation
before the dialog is displayed to the user.

The fix is designed to restrict setPairingConfirmation to require the BLUETOOTH_PRIVILEGED permission.

Change-Id: Ib22560f2c9e7e8144ca9cc3bb1b03911e08a0f45

src/com/android/bluetooth/btservice/AdapterService.java[diff]

1 file changed

tree: 56ecab7229bbfdf5a61dbb686561e2bdda775ceb

jni/
res/
src/
tests/
Android.mk
AndroidManifest.xml
AndroidManifest_test.xml
CleanSpec.mk