From f3444ce00b649410d6e4a4004e86ebdb6881cb63 Mon Sep 17 00:00:00 2001
From: Alexandru Carbuneanu <alexandru.carbuneanu@nordicsemi.no>
Date: Tue, 5 Apr 2022 16:19:28 +0200
Subject: [PATCH] Bluetooth: Host: Check encryption level for EATT channels

Check the encription level before sending on EATT.

Signed-off-by: Alexandru Carbuneanu <alexandru.carbuneanu@nordicsemi.no>
---
 subsys/bluetooth/host/att.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/subsys/bluetooth/host/att.c b/subsys/bluetooth/host/att.c
index feac141b5d79..0cbfa18e8a86 100644
--- a/subsys/bluetooth/host/att.c
+++ b/subsys/bluetooth/host/att.c
@@ -203,6 +203,14 @@ static int chan_send(struct bt_att_chan *chan, struct net_buf *buf,
 			return -EAGAIN;
 		}
 
+		/* Check the encryption level for EATT */
+		if (bt_conn_get_security(chan->att->conn) < BT_SECURITY_L2) {
+			/* Vol 3, Part G, Section 5.3.2 Channel Requirements states:
+			 * The channel shall be encrypted.
+			 */
+			return -EINVAL;
+		}
+
 		/* bt_l2cap_chan_send does actually return the number of bytes
 		 * that could be sent immediately.
 		 */