From 3e37bc9e90a7c126c277dc4e380cc65a0258d0e4 Mon Sep 17 00:00:00 2001
From: Emil Gydesen <emil.gydesen@nordicsemi.no>
Date: Mon, 19 Feb 2024 09:29:28 +0100
Subject: [PATCH] Bluetooth: GATT: Add missing LESC_MASK for encrypt check

The LE Secure connection (LESC) mask also require encryption,
and some users have been using e.g. BT_GATT_PERM_READ_LESC
without BT_GATT_PERM_READ_ENCRYPT, and then the encryption
check in bt_gatt_check_perm was never properly applied.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
---
 subsys/bluetooth/host/gatt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/subsys/bluetooth/host/gatt.c b/subsys/bluetooth/host/gatt.c
index eda7d2dff26d..69d43de56952 100644
--- a/subsys/bluetooth/host/gatt.c
+++ b/subsys/bluetooth/host/gatt.c
@@ -3113,7 +3113,8 @@ uint8_t bt_gatt_check_perm(struct bt_conn *conn, const struct bt_gatt_attr *attr
 	 * the error code “Insufficient Encryption”.
 	 */
 
-	if (mask & (BT_GATT_PERM_ENCRYPT_MASK | BT_GATT_PERM_AUTHEN_MASK)) {
+	if (mask &
+	    (BT_GATT_PERM_ENCRYPT_MASK | BT_GATT_PERM_AUTHEN_MASK | BT_GATT_PERM_LESC_MASK)) {
 #if defined(CONFIG_BT_SMP)
 		if (!conn->encrypt) {
 			if (bt_conn_ltk_present(conn)) {