l2c: add concept of default security manager
This CL adds ability to set the security manager to be used when no l2c
connection yet exists on an hci acl connection. This means that SM had
not yet had a chance to call l2cApiLeSetSecurityManagerForAclConn().
This can happen if someone connects and immediately tries to encrypt,
with no prior traffic. This is allowed, but no traffic means that SM
has not been opened, and thus has no l2c conn associated with it. No l2c
conn means we have no instance to send the key state to. This
callback is used. If an l2c conn exists that had previously called
l2cApiLeSetSecurityManagerForAclConn(), it is used for security
management instead, as it has more of an idea of what to do. The func
called should do the same thing as the normal handling for the state
L2C_STATE_KEY_REQ is, but without the benefit of any context. If this
occurs, the lack of context is expected and normal. If no key is found,
just say no.
Implementation details: We need to make sure that when the callback is
changed or removed, it is no longer called. This is done by providing a
mutex around the variable storing it. But we might also have callbacks
in flight. We implement a flush() call to flush the workqueue, like
other modules do. This makes sure that no calls use the old pointer.
Why is this being done in l2c code if it is used when no l2c connection
exists? Precisely because of that. HCI has no visibility into such
matters and thus would be unable to decide that this is the case. We'd
end up with the possibility of both calling into SM via state and via
this. Doing this in l2c guarantees that any key request makes it into SM
via only one way.
BUG=b:74813838
TEST=builds & nothing breaks
Change-Id: I43b46fb8de89a43f8fb05b6fcaf1ea50112ef205
2 files changed
