Security policy check added. (#2004)

Thread devices that are not capable of
becoming routers should not send
parent response or child id response.

Author: deepakvenugopal

source/6LoWPAN/Thread/thread_router_bootstrap.c

@@ -1485,6 +1485,12 @@ void thread_router_bootstrap_mle_receive_cb(int8_t interface_id, mle_message_t *
                 return;
             }
 
+            // check if security policy prevents sending of parent response
+            if (!thread_extension_is_reed_upgrade_allowed(cur)) {
+                tr_debug("Security policy prevents parent response; drop packet");
+                return;
+            }
+
             if (thread_am_reed(cur)) {
                 // If we are in REED mode and receive PARENT_REQ from our parent, don't send response.
                 if (thread_router_parent_address_check(cur, mle_msg->packet_src_address)) {
@@ -1598,8 +1604,14 @@ void thread_router_bootstrap_mle_receive_cb(int8_t interface_id, mle_message_t *
                 return;
             }
 
-            // If we are in REED mode and receive child ID request from our parent, call connection error.
+            // check if security policy prevents sending of child id response
+            if (!thread_extension_is_reed_upgrade_allowed(cur)) {
+                tr_debug("Security policy prevents child id response; drop packet");
+                return;
+            }
+
             if (thread_am_reed(cur)) {
+                // If we are in REED mode and receive child ID request from our parent, call connection error.
                 if (thread_router_parent_address_check(cur, mle_msg->packet_src_address)) {
                     tr_debug("Child ID req from own parent -> connection error");
                     entry_temp = mac_neighbor_entry_get_by_ll64(mac_neighbor_info(cur), mle_msg->packet_src_address, false, NULL);