Encrypt LE link immediately on reconnection

LE link must be encrypted immediately on connection if device are
already bonded.

This is a backport of ag/29056565, but the code needs to go in a
different location because that patch relies on recent feature work.

Ignore-AOSP-First: security
Test: mmm packages/modules/Bluetooth
Bug: 288144143
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9d3b7ecfb920c07474e8a5684a00600e6ce6fcbe)
Merged-In: I7147c837ecab6c67943fc6fd78a9949f3381df62
Change-Id: I7147c837ecab6c67943fc6fd78a9949f3381df62

system/stack/acl/btm_acl.cc

@@ -1082,6 +1082,17 @@ void StackAclBtmAcl::btm_establish_continue(tACL_CONN* p_acl) {
                 PRIVATE_ADDRESS(p_acl->RemoteAddress()));
     }
     btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
+  } else if (p_acl->is_transport_ble()) {
+    tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_acl->remote_addr);
+
+    if (p_dev_rec == nullptr) {
+      LOG_WARN("No security record for %s",
+               PRIVATE_ADDRESS(p_acl->RemoteAddress()));
+    } else if (p_dev_rec->is_le_link_key_known()) {
+      btm_ble_set_encryption(
+          p_acl->remote_addr, BTM_BLE_SEC_ENCRYPT,
+          p_dev_rec->role_central ? HCI_ROLE_CENTRAL : HCI_ROLE_PERIPHERAL);
+    }
   }
   NotifyAclLinkUp(*p_acl);
 }