BLE Host - Separate secure-read from secure-write Prior to this change, attributes required encryption, authentication, and / or authorization; these were applied to both reads and writes. Now security requirements can be different for reads vs. writes.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/a8c17182 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/a8c17182 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/a8c17182 Branch: refs/heads/develop Commit: a8c1718281f2cb925a215d508074aaa849443348 Parents: 7327c54 Author: Christopher Collins <ccoll...@apache.org> Authored: Tue May 17 20:23:36 2016 -0700 Committer: Paul Dietrich <paulfdietr...@yahoo.com> Committed: Thu Jun 2 12:53:58 2016 -0700 ---------------------------------------------------------------------- net/nimble/host/src/ble_att_svr.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/a8c17182/net/nimble/host/src/ble_att_svr.c ---------------------------------------------------------------------- diff --git a/net/nimble/host/src/ble_att_svr.c b/net/nimble/host/src/ble_att_svr.c index 7f064db..ce6aa7d 100644 --- a/net/nimble/host/src/ble_att_svr.c +++ b/net/nimble/host/src/ble_att_svr.c @@ -357,15 +357,8 @@ ble_att_svr_write(uint16_t conn_handle, struct ble_att_svr_entry *entry, BLE_HS_DBG_ASSERT(!ble_hs_locked_by_cur_task()); - /* Bypass permissions and security checks if we are writing our own - * attribute. - */ - if (conn_handle != BLE_HS_CONN_HANDLE_NONE) { - if (!(entry->ha_flags & BLE_ATT_F_WRITE)) { - att_err = BLE_ATT_ERR_WRITE_NOT_PERMITTED; - rc = BLE_HS_ENOTSUP; - goto err; - } + if (conn_handle != BLE_HS_CONN_HANDLE_NONE && + !(entry->ha_flags & BLE_ATT_F_WRITE)) { rc = ble_att_svr_check_security(conn_handle, 0, entry, &att_err); if (rc != 0) { @@ -373,6 +366,11 @@ ble_att_svr_write(uint16_t conn_handle, struct ble_att_svr_entry *entry, } } + rc = ble_att_svr_check_security(conn_handle, 0, entry, &att_err); + if (rc != 0) { + goto err; + } + BLE_HS_DBG_ASSERT(entry->ha_cb != NULL); rc = entry->ha_cb(conn_handle, entry->ha_handle_id, entry->ha_uuid, BLE_ATT_ACCESS_OP_WRITE, ctxt,