From b531cec9bd9f1914662b4a42db597156acb285bf Mon Sep 17 00:00:00 2001
From: Yiheng Cao <65160922+Crispy-fried-chicken@users.noreply.github.com>
Date: Tue, 20 Aug 2024 06:18:07 +0000
Subject: [PATCH] Bluetooth: GATT: Add missing LESC_MASK for encrypt check The
 LE Secure connection (LESC) mask also require encryption,

and some users have been using e.g. BT_GATT_PERM_READ_LESC
without BT_GATT_PERM_READ_ENCRYPT, and then the encryption
check in bt_gatt_check_perm was never properly applied.

cherry-picked from commit d9ff7eb
> Signed-off-by: Yiheng Cao(james_watt@foxmail.com)
---
 subsys/bluetooth/host/gatt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/subsys/bluetooth/host/gatt.c b/subsys/bluetooth/host/gatt.c
index 069082ec67b095..809490a8524fee 100644
--- a/subsys/bluetooth/host/gatt.c
+++ b/subsys/bluetooth/host/gatt.c
@@ -3103,7 +3103,8 @@ uint8_t bt_gatt_check_perm(struct bt_conn *conn, const struct bt_gatt_attr *attr
 	 * the error code “Insufficient Encryption”.
 	 */
 
-	if (mask & (BT_GATT_PERM_ENCRYPT_MASK | BT_GATT_PERM_AUTHEN_MASK)) {
+	if (mask & (BT_GATT_PERM_ENCRYPT_MASK | BT_GATT_PERM_AUTHEN_MASK |
+			BT_GATT_PERM_LESC_MASK)) {
 #if defined(CONFIG_BT_SMP)
 		if (!conn->encrypt) {
 			if (bt_conn_ltk_present(conn)) {