From: Philipp Dunkel <pip@pipobscure.com>
To: linux-bluetooth@vger.kernel.org
Cc: Philipp Dunkel <pip@pipobscure.com>
Subject: [PATCH BlueZ 2/2] unit/test-gatt: cover no-auto-sec on auth error
Date: Sat, 18 Jul 2026 21:42:30 +0200 [thread overview]
Message-ID: <20260718194230.35959-3-pip@pipobscure.com> (raw)
In-Reply-To: <20260718194230.35959-1-pip@pipobscure.com>
Add a regression test for bt_att_set_no_auto_sec(). The client reads a
characteristic and the peer answers with Insufficient Authentication
(0x05). Security is armed to BT_ATT_SECURITY_AUTO so a reactive elevation
would normally fire and retry the read, but no_auto_sec is set, so the
error must instead be delivered to the caller with no second request on
the wire.
This is the /auto variant (which does retry after elevating) with the
elevation forbidden. With the flag honoured the read fails once with
0x05; without it the client retries and the test aborts on the
unexpected Read Request, guarding the fix against regression.
Assisted-by: Claude:Opus-4.8
AI disclosure: this change was developed with the assistance of an AI
model (Claude Opus 4.8). The author reviewed every line. The test was
run against the built tree: it passes with patch 1 applied and was
confirmed to fail (client retries, harness aborts) without it.
---
unit/test-gatt.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/unit/test-gatt.c b/unit/test-gatt.c
index 535baaf..3929bb9 100644
--- a/unit/test-gatt.c
+++ b/unit/test-gatt.c
@@ -755,6 +755,22 @@ static void test_read(struct context *context)
test_read_cb, context, NULL));
}
+static void test_read_no_auto_sec(struct context *context)
+{
+ const struct test_step *step = context->data->step;
+
+ /* Arm reactive elevation (AUTO), then forbid it. An Insufficient
+ * Authentication error must be delivered to the caller instead of
+ * silently elevating security, which on a real unbonded link would
+ * start SMP bonding that nobody requested.
+ */
+ g_assert(bt_att_set_security(context->att, BT_ATT_SECURITY_AUTO));
+ bt_att_set_no_auto_sec(context->att, true);
+
+ g_assert(bt_gatt_client_read_value(context->client, step->handle,
+ test_read_cb, context, NULL));
+}
+
static const uint8_t read_data_1[] = {0x01, 0x02, 0x03};
static const struct test_step test_read_1 = {
@@ -795,6 +811,12 @@ static const struct test_step test_read_6 = {
.expected_att_ecode = 0x0c,
};
+static const struct test_step test_read_no_auto_sec_1 = {
+ .handle = 0x0003,
+ .func = test_read_no_auto_sec,
+ .expected_att_ecode = 0x05,
+};
+
static const struct test_step test_read_7 = {
.handle = 0x0004,
.func = test_read,
@@ -2803,6 +2825,12 @@ int main(int argc, char *argv[])
raw_pdu(0x0a, 0x03, 0x00),
raw_pdu(0x0b, 0x01, 0x02, 0x03));
+ define_test_client("/TP/GAR/CL/BI-04-C/no-auto-sec", test_client,
+ service_db_1, &test_read_no_auto_sec_1,
+ SERVICE_DATA_1_PDUS,
+ raw_pdu(0x0a, 0x03, 0x00),
+ raw_pdu(0x01, 0x0a, 0x03, 0x00, 0x05));
+
define_test_client("/TP/GAR/CL/BI-05-C", test_client, service_db_1,
&test_read_6,
SERVICE_DATA_1_PDUS,
--
2.55.0
prev parent reply other threads:[~2026-07-18 19:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-18 19:42 [PATCH BlueZ 0/2] Don't auto-bond on reactive GATT security elevation Philipp Dunkel
2026-07-18 19:42 ` [PATCH BlueZ 1/2] shared/att: don't auto-bond on reactive elevation Philipp Dunkel
2026-07-18 21:22 ` Don't auto-bond on reactive GATT security elevation bluez.test.bot
2026-07-18 19:42 ` Philipp Dunkel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260718194230.35959-3-pip@pipobscure.com \
--to=pip@pipobscure.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox