[nrf fromtree] Bluetooth: host: Elevate security to L4 when SC only ...

is enabled

Elevate connections always to security mode 1 level 4 when
Secure Connections Only Mode has been enabled in the Security Manager.

Elevate connections always to security mode 1 level 3 when
Legacy pairing with OOB only has been enabled in the Security Manager.

Fixes: #27338

Signed-off-by: Joakim Andersson <[email protected]>
(cherry picked from commit c7ad661)
Signed-off-by: Joakim Andersson <[email protected]>

Author: joerchan

include/bluetooth/conn.h

@@ -688,6 +688,9 @@ typedef enum __packed {
  *  This function may return error if the pairing procedure has already been
  *  initiated by the local device or the peer device.
  *
+ *  @note When :option:`CONFIG_BT_SMP_SC_ONLY` is enabled then the security
+ *        level will always be level 4.
+ *
  *  @param conn Connection object.
  *  @param sec Requested security level.
  *

subsys/bluetooth/host/conn.c

@@ -1126,14 +1126,8 @@ int bt_conn_set_security(struct bt_conn *conn, bt_security_t sec)
 		return -ENOTCONN;
 	}
 
-	if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) &&
-	    sec < BT_SECURITY_L4) {
-		return -EOPNOTSUPP;
-	}
-
-	if (IS_ENABLED(CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY) &&
-	    sec > BT_SECURITY_L3) {
-		return -EOPNOTSUPP;
+	if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY)) {
+		sec = BT_SECURITY_L4;
 	}
 
 	/* nothing to do */