HOGP must only accept data from bonded devices.

HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.

Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/profiles/input/hog.c b/profiles/input/hog.c
index 83c017d..dfac689 100755 (executable)
--- a/profiles/input/hog.c
+++ b/profiles/input/hog.c
@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service)
                        return -EINVAL;
        }
 
+       /* HOGP 1.0 Section 6.1 requires bonding */
+       if (!device_is_bonded(device, btd_device_get_bdaddr_type(device)))
+               return -ECONNREFUSED;
+
        /* TODO: Replace GAttrib with bt_gatt_client */
        bt_hog_attach(dev->hog, attrib);