From 49a5effd2c96c67ea25f7d3accdb3232fb2139b1 Mon Sep 17 00:00:00 2001
From: George Kong <GeorgeGitMail@gmail.com>
Date: Sat, 28 Feb 2026 16:41:56 -0500
Subject: [PATCH] added security levels to CharacteristicConfig with linux
 implementation

---
 gatts.go       | 20 +++++++++++++++++---
 gatts_linux.go | 20 ++++++++++++++++++++
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/gatts.go b/gatts.go
index e4bb6ec..58440ed 100644
--- a/gatts.go
+++ b/gatts.go
@@ -10,6 +10,16 @@ type Service struct {
 
 type WriteEvent = func(client Connection, offset int, value []byte)
 
+// SecurityLevel specifies the security required for a characteristic operation.
+// Settings other than the default (SecurityNone) may result in the peer initiating a pairing operation.
+type SecurityLevel uint8
+
+const (
+	SecurityNone                   SecurityLevel = iota // encryption not required
+	SecurityEncrypted                                   // encryption required
+	SecurityEncryptedAuthenticated                      // encryption and authentication (MITM protection) required
+)
+
 // CharacteristicConfig contains some parameters for the configuration of a
 // single characteristic.
 //
@@ -18,9 +28,13 @@ type WriteEvent = func(client Connection, offset int, value []byte)
 type CharacteristicConfig struct {
 	Handle *Characteristic
 	UUID
-	Value      []byte
-	Flags      CharacteristicPermissions
-	WriteEvent WriteEvent
+	Value            []byte
+	Flags            CharacteristicPermissions
+	WriteEvent       WriteEvent
+	ReadSecurity     SecurityLevel
+	WriteSecurity    SecurityLevel
+	NotifySecurity   SecurityLevel
+	IndicateSecurity SecurityLevel
 }
 
 // CharacteristicPermissions lists a number of basic permissions/capabilities
diff --git a/gatts_linux.go b/gatts_linux.go
index 792ea43..e985c24 100644
--- a/gatts_linux.go
+++ b/gatts_linux.go
@@ -108,6 +108,26 @@ func (a *Adapter) AddService(s *Service) error {
 				flags = append(flags, bluezCharFlags[i])
 			}
 		}
+		if char.ReadSecurity == SecurityEncrypted {
+			flags = append(flags, "encrypt-read")
+		} else if char.ReadSecurity == SecurityEncryptedAuthenticated {
+			flags = append(flags, "encrypt-authenticated-read")
+		}
+		if char.WriteSecurity == SecurityEncrypted {
+			flags = append(flags, "encrypt-write")
+		} else if char.WriteSecurity == SecurityEncryptedAuthenticated {
+			flags = append(flags, "encrypt-authenticated-write")
+		}
+		if char.NotifySecurity == SecurityEncrypted {
+			flags = append(flags, "encrypt-notify")
+		} else if char.NotifySecurity == SecurityEncryptedAuthenticated {
+			flags = append(flags, "encrypt-authenticated-notify")
+		}
+		if char.IndicateSecurity == SecurityEncrypted {
+			flags = append(flags, "encrypt-indicate")
+		} else if char.IndicateSecurity == SecurityEncryptedAuthenticated {
+			flags = append(flags, "encrypt-authenticated-indicate")
+		}
 
 		// Export the properties of this characteristic.
 		charPath := path + dbus.ObjectPath("/char"+strconv.Itoa(i))