1 /******************************************************************************
2 *
3 * Copyright 2003-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the action functions for device manager state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_dm"
27
28 #include <base/logging.h>
29
30 #include <cstdint>
31
32 #include "bta/dm/bta_dm_int.h"
33 #include "bta/gatt/bta_gattc_int.h"
34 #include "bta/include/bta_dm_ci.h"
35 #include "btif/include/btif_config.h"
36 #include "btif/include/btif_dm.h"
37 #include "btif/include/btif_storage.h"
38 #include "btif/include/stack_manager.h"
39 #include "device/include/controller.h"
40 #include "device/include/interop.h"
41 #include "main/shim/acl_api.h"
42 #include "main/shim/btm_api.h"
43 #include "main/shim/dumpsys.h"
44 #include "main/shim/shim.h"
45 #include "osi/include/fixed_queue.h"
46 #include "osi/include/log.h"
47 #include "osi/include/osi.h"
48 #include "stack/btm/btm_ble_int.h"
49 #include "stack/btm/btm_sec.h"
50 #include "stack/btm/neighbor_inquiry.h"
51 #include "stack/gatt/connection_manager.h"
52 #include "stack/include/acl_api.h"
53 #include "stack/include/bt_types.h"
54 #include "stack/include/btm_client_interface.h"
55 #include "stack/include/btu.h" // do_in_main_thread
56 #include "types/raw_address.h"
57
58 #if (GAP_INCLUDED == TRUE)
59 #include "gap_api.h"
60 #endif
61
62 using bluetooth::Uuid;
63
64 void BTIF_dm_disable();
65 void BTIF_dm_enable();
66 void btm_ble_adv_init(void);
67
68 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
69 uint16_t eir_len);
70 static void bta_dm_inq_cmpl_cb(void* p_result);
71 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
72 DEV_CLASS dc, BD_NAME bd_name);
73 static void bta_dm_remname_cback(void* p);
74 static void bta_dm_find_services(const RawAddress& bd_addr);
75 static void bta_dm_discover_next_device(void);
76 static void bta_dm_sdp_callback(tSDP_STATUS sdp_status);
77 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
78 BD_NAME bd_name, bool min_16_digit);
79 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
80 DEV_CLASS dev_class, BD_NAME bd_name,
81 const LinkKey& key, uint8_t key_type);
82 static void bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
83 DEV_CLASS dev_class,
84 BD_NAME bd_name,
85 tHCI_REASON result);
86 static void bta_dm_local_name_cback(void* p_name);
87 static void bta_dm_check_av();
88
89 void BTA_dm_update_policy(tBTA_SYS_CONN_STATUS status, uint8_t id,
90 uint8_t app_id, const RawAddress& peer_addr);
91
92 /* Extended Inquiry Response */
93 static tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
94
95 static void bta_dm_set_eir(char* local_name);
96
97 static void bta_dm_search_timer_cback(void* data);
98 static void bta_dm_disable_conn_down_timer_cback(void* data);
99 void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, uint8_t app_id,
100 const RawAddress& peer_addr);
101 static void bta_dm_adjust_roles(bool delay_role_switch);
102 static char* bta_dm_get_remname(void);
103 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
104
105 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
106 tBT_TRANSPORT transport);
107 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
108
109 static void bta_dm_disable_search_and_disc(void);
110
111 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
112 tBTM_LE_EVT_DATA* p_data);
113 static void bta_dm_ble_id_key_cback(uint8_t key_type,
114 tBTM_BLE_LOCAL_KEYS* p_key);
115 static void bta_dm_gattc_register(void);
116 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
117 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr);
118 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
119 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
120 #if (BLE_VND_INCLUDED == TRUE)
121 static void bta_dm_ctrl_features_rd_cmpl_cback(tHCI_STATUS result);
122 #endif
123
124 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
125 #define BTA_DM_BLE_ADV_CHNL_MAP \
126 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
127 #endif
128
129 /* Disable timer interval (in milliseconds) */
130 #ifndef BTA_DM_DISABLE_TIMER_MS
131 #define BTA_DM_DISABLE_TIMER_MS (2000)
132 #endif
133
134 /* Disable timer retrial interval (in milliseconds) */
135 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
136 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
137 #endif
138
139 /* Disable connection down timer (in milliseconds) */
140 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
141 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 100
142 #endif
143
144 /* Switch delay timer (in milliseconds) */
145 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
146 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
147 #endif
148
149 namespace {
150
151 // Time to wait after receiving shutdown request to delay the actual shutdown
152 // process. This time may be zero which invokes immediate shutdown.
153 #ifndef BTA_DISABLE_DELAY
154 constexpr uint64_t kDisableDelayTimerInMs = 0;
155 #else
156 constexpr uint64_t kDisableDelayTimerInMs =
157 static_cast<uint64_t>(BTA_DISABLE_DELAY);
158 #endif
159
160 struct WaitForAllAclConnectionsToDrain {
161 uint64_t time_to_wait_in_ms;
TimeToWaitInMs__anonb6bae69c0110::WaitForAllAclConnectionsToDrain162 unsigned long TimeToWaitInMs() const {
163 return static_cast<unsigned long>(time_to_wait_in_ms);
164 }
AlarmCallbackData__anonb6bae69c0110::WaitForAllAclConnectionsToDrain165 void* AlarmCallbackData() const {
166 return const_cast<void*>(static_cast<const void*>(this));
167 }
168
169 static const WaitForAllAclConnectionsToDrain* FromAlarmCallbackData(
170 void* data);
171 static bool IsFirstPass(const WaitForAllAclConnectionsToDrain*);
172 } first_pass =
173 {
174 .time_to_wait_in_ms = static_cast<uint64_t>(BTA_DM_DISABLE_TIMER_MS),
175 },
176 second_pass = {
177 .time_to_wait_in_ms =
178 static_cast<uint64_t>(BTA_DM_DISABLE_TIMER_RETRIAL_MS),
179 };
180
IsFirstPass(const WaitForAllAclConnectionsToDrain * pass)181 bool WaitForAllAclConnectionsToDrain::IsFirstPass(
182 const WaitForAllAclConnectionsToDrain* pass) {
183 return pass == &first_pass;
184 }
185
186 const WaitForAllAclConnectionsToDrain*
FromAlarmCallbackData(void * data)187 WaitForAllAclConnectionsToDrain::FromAlarmCallbackData(void* data) {
188 return const_cast<const WaitForAllAclConnectionsToDrain*>(
189 static_cast<WaitForAllAclConnectionsToDrain*>(data));
190 }
191
192 } // namespace
193
194 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
195 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
196 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
197 uint16_t eir_len);
198 static void bta_dm_observe_cmpl_cb(void* p_result);
199 static void bta_dm_delay_role_switch_cback(void* data);
200 static void bta_dm_wait_for_acl_to_drain_cback(void* data);
201
202 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
203 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
204 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
205 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
206 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
207 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
208 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
209 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
210 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
211 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
212 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
213 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
214 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
215 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
216 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
217 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
218 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
219 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
220 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
221 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
222 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
223 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
224 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
225 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
226 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
227 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
228 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
229 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
230 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
231 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
232 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
233 };
234
235 /* bta security callback */
236 const tBTM_APPL_INFO bta_security = {
237 .p_pin_callback = &bta_dm_pin_cback,
238 .p_link_key_callback = &bta_dm_new_link_key_cback,
239 .p_auth_complete_callback = &bta_dm_authentication_complete_cback,
240 .p_bond_cancel_cmpl_callback = &bta_dm_bond_cancel_complete_cback,
241 .p_sp_callback = &bta_dm_sp_cback,
242 .p_le_callback = &bta_dm_ble_smp_cback,
243 .p_le_key_callback = &bta_dm_ble_id_key_cback};
244
245 #define MAX_DISC_RAW_DATA_BUF (4096)
246 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
247
248 extern DEV_CLASS local_device_default_class;
249
250 // Stores the local Input/Output Capabilities of the Bluetooth device.
251 static uint8_t btm_local_io_caps;
252
253 /** Initialises the BT device manager */
bta_dm_enable(tBTA_DM_SEC_CBACK * p_sec_cback)254 void bta_dm_enable(tBTA_DM_SEC_CBACK* p_sec_cback) {
255 /* make sure security callback is saved - if no callback, do not erase the
256 previous one,
257 it could be an error recovery mechanism */
258 if (p_sec_cback != NULL) bta_dm_cb.p_sec_cback = p_sec_cback;
259 /* notify BTA DM is now active */
260 bta_dm_cb.is_bta_dm_active = true;
261
262 btm_local_io_caps = btif_storage_get_local_io_caps();
263 }
264
265 /*******************************************************************************
266 *
267 * Function bta_dm_init_cb
268 *
269 * Description Initializes the bta_dm_cb control block
270 *
271 *
272 * Returns void
273 *
274 ******************************************************************************/
bta_dm_init_cb(void)275 void bta_dm_init_cb(void) {
276 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
277 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
278 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
279 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
280 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
281 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
282 }
283 }
284 }
285
286 /*******************************************************************************
287 *
288 * Function bta_dm_deinit_cb
289 *
290 * Description De-initializes the bta_dm_cb control block
291 *
292 *
293 * Returns void
294 *
295 ******************************************************************************/
bta_dm_deinit_cb(void)296 void bta_dm_deinit_cb(void) {
297 /*
298 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
299 * shutdown.
300 */
301 alarm_free(bta_dm_cb.disable_timer);
302 alarm_free(bta_dm_cb.switch_delay_timer);
303 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
304 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
305 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
306 }
307 }
308 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
309 }
310
BTA_dm_on_hw_off()311 void BTA_dm_on_hw_off() {
312 BTIF_dm_disable();
313
314 /* reinitialize the control block */
315 bta_dm_deinit_cb();
316
317 /* hw is ready, go on with BTA DM initialization */
318 alarm_free(bta_dm_search_cb.search_timer);
319 alarm_free(bta_dm_search_cb.gatt_close_timer);
320 osi_free(bta_dm_search_cb.p_pending_search);
321 fixed_queue_free(bta_dm_search_cb.pending_discovery_queue, osi_free);
322 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
323
324 /* notify BTA DM is now unactive */
325 bta_dm_cb.is_bta_dm_active = false;
326 }
327
BTA_dm_on_hw_on()328 void BTA_dm_on_hw_on() {
329 DEV_CLASS dev_class;
330 tBTA_DM_SEC_CBACK* temp_cback;
331 uint8_t key_mask = 0;
332 tBTA_BLE_LOCAL_ID_KEYS id_key;
333
334 /* save security callback */
335 temp_cback = bta_dm_cb.p_sec_cback;
336 /* make sure the control block is properly initialized */
337 bta_dm_init_cb();
338 /* and retrieve the callback */
339 bta_dm_cb.p_sec_cback = temp_cback;
340 bta_dm_cb.is_bta_dm_active = true;
341
342 /* hw is ready, go on with BTA DM initialization */
343 alarm_free(bta_dm_search_cb.search_timer);
344 alarm_free(bta_dm_search_cb.gatt_close_timer);
345 osi_free(bta_dm_search_cb.p_pending_search);
346 fixed_queue_free(bta_dm_search_cb.pending_discovery_queue, osi_free);
347 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
348 /*
349 * TODO: Should alarm_free() the bta_dm_search_cb timers during
350 * graceful shutdown.
351 */
352 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
353 bta_dm_search_cb.gatt_close_timer =
354 alarm_new("bta_dm_search.gatt_close_timer");
355 bta_dm_search_cb.pending_discovery_queue = fixed_queue_new(SIZE_MAX);
356
357 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
358 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
359
360 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class));
361 if (bluetooth::shim::is_gd_security_enabled()) {
362 bluetooth::shim::BTM_SetDeviceClass(dev_class);
363 } else {
364 BTM_SetDeviceClass(dev_class);
365 }
366
367 /* load BLE local information: ID keys, ER if available */
368 Octet16 er;
369 btif_dm_get_ble_local_keys(&key_mask, &er, &id_key);
370
371 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
372 get_btm_client_interface().ble.BTM_BleLoadLocalKeys(
373 BTA_BLE_LOCAL_KEY_TYPE_ER, (tBTM_BLE_LOCAL_KEYS*)&er);
374 }
375 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
376 get_btm_client_interface().ble.BTM_BleLoadLocalKeys(
377 BTA_BLE_LOCAL_KEY_TYPE_ID, (tBTM_BLE_LOCAL_KEYS*)&id_key);
378 }
379 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
380
381 if (bluetooth::shim::is_gd_security_enabled()) {
382 bluetooth::shim::BTM_SecRegister(&bta_security);
383 } else {
384 get_btm_client_interface().security.BTM_SecRegister(&bta_security);
385 }
386
387 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
388
389 #if (BLE_VND_INCLUDED == TRUE)
390 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
391 #else
392 /* If VSC multi adv commands are available, advertising will be initialized
393 * when capabilities are read. If they are not available, initialize
394 * advertising here */
395 btm_ble_adv_init();
396 #endif
397
398 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
399 bd_addr
400 from the control block and invoking the callback which was sending the
401 DM_ENABLE_EVT.
402 But then we have a few HCI commands being invoked above which were still
403 in progress
404 when the ENABLE_EVT was sent. So modified this to fetch the local name
405 which forces
406 the DM_ENABLE_EVT to be sent only after all the init steps are complete
407 */
408 BTM_ReadLocalDeviceNameFromController(bta_dm_local_name_cback);
409
410 bta_sys_rm_register(bta_dm_rm_cback);
411
412 /* initialize bluetooth low power manager */
413 bta_dm_init_pm();
414
415 bta_dm_gattc_register();
416 }
417
418 /** Disables the BT device manager */
bta_dm_disable()419 void bta_dm_disable() {
420 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
421 * last channel is closed) */
422 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
423 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
424
425 /* disable all active subsystems */
426 bta_sys_disable();
427
428 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE);
429 BTM_SetConnectability(BTM_NON_CONNECTABLE);
430
431 bta_dm_disable_pm();
432 bta_dm_disable_search_and_disc();
433 bta_dm_cb.disabling = true;
434
435 connection_manager::reset(false);
436
437 if (BTM_GetNumAclLinks() == 0) {
438 // We can shut down faster if there are no ACL links
439 switch (kDisableDelayTimerInMs) {
440 case 0:
441 LOG_DEBUG("Immediately disabling device manager");
442 bta_dm_disable_conn_down_timer_cback(nullptr);
443 break;
444 default:
445 LOG_DEBUG("Set timer to delay disable initiation:%lu ms",
446 static_cast<unsigned long>(kDisableDelayTimerInMs));
447 alarm_set_on_mloop(bta_dm_cb.disable_timer, kDisableDelayTimerInMs,
448 bta_dm_disable_conn_down_timer_cback, nullptr);
449 }
450 } else {
451 LOG_DEBUG("Set timer to wait for all ACL connections to close:%lu ms",
452 first_pass.TimeToWaitInMs());
453 alarm_set_on_mloop(bta_dm_cb.disable_timer, first_pass.time_to_wait_in_ms,
454 bta_dm_wait_for_acl_to_drain_cback,
455 first_pass.AlarmCallbackData());
456 }
457 }
458
459 /*******************************************************************************
460 *
461 * Function bta_dm_wait_for_all_acl_to_drain
462 *
463 * Description Called if the disable timer expires
464 * Used to close ACL connections which are still active
465 *
466 *
467 *
468 * Returns void
469 *
470 ******************************************************************************/
force_disconnect_all_acl_connections()471 static bool force_disconnect_all_acl_connections() {
472 const bool is_force_disconnect_needed = (bta_dm_cb.device_list.count > 0);
473
474 for (auto i = 0; i < bta_dm_cb.device_list.count; i++) {
475 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
476 bta_dm_cb.device_list.peer_device[i].transport);
477 }
478 return is_force_disconnect_needed;
479 }
480
bta_dm_wait_for_acl_to_drain_cback(void * data)481 static void bta_dm_wait_for_acl_to_drain_cback(void* data) {
482 ASSERT(data != nullptr);
483 const WaitForAllAclConnectionsToDrain* pass =
484 WaitForAllAclConnectionsToDrain::FromAlarmCallbackData(data);
485
486 if (BTM_GetNumAclLinks() &&
487 WaitForAllAclConnectionsToDrain::IsFirstPass(pass)) {
488 /* DISABLE_EVT still need to be sent out to avoid java layer disable timeout
489 */
490 if (force_disconnect_all_acl_connections()) {
491 LOG_DEBUG(
492 "Set timer for second pass to wait for all ACL connections to "
493 "close:%lu ms ",
494 second_pass.TimeToWaitInMs());
495 alarm_set_on_mloop(
496 bta_dm_cb.disable_timer, second_pass.time_to_wait_in_ms,
497 bta_dm_wait_for_acl_to_drain_cback, second_pass.AlarmCallbackData());
498 }
499 } else {
500 // No ACL links were up or is second pass at ACL closure
501 if (bluetooth::shim::is_gd_acl_enabled()) {
502 LOG_INFO("Ensuring all ACL connections have been properly flushed");
503 bluetooth::shim::ACL_Shutdown();
504 }
505
506 bta_dm_cb.disabling = false;
507
508 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
509 BTIF_dm_disable();
510 }
511 }
512
513 /** Sets local device name */
bta_dm_set_dev_name(const std::vector<uint8_t> & name)514 void bta_dm_set_dev_name(const std::vector<uint8_t>& name) {
515 BTM_SetLocalDeviceName((char*)name.data());
516 bta_dm_set_eir((char*)name.data());
517 }
518
519 /** Sets discoverability, connectability and pairability */
BTA_DmSetVisibility(bt_scan_mode_t mode)520 bool BTA_DmSetVisibility(bt_scan_mode_t mode) {
521 tBTA_DM_DISC disc_mode_param;
522 tBTA_DM_CONN conn_mode_param;
523
524 switch (mode) {
525 case BT_SCAN_MODE_NONE:
526 disc_mode_param = BTA_DM_NON_DISC;
527 conn_mode_param = BTA_DM_NON_CONN;
528 break;
529
530 case BT_SCAN_MODE_CONNECTABLE:
531 disc_mode_param = BTA_DM_NON_DISC;
532 conn_mode_param = BTA_DM_CONN;
533 break;
534
535 case BT_SCAN_MODE_CONNECTABLE_DISCOVERABLE:
536 disc_mode_param = BTA_DM_GENERAL_DISC;
537 conn_mode_param = BTA_DM_CONN;
538 break;
539
540 default:
541 return false;
542 }
543
544 BTM_SetDiscoverability(disc_mode_param);
545 BTM_SetConnectability(conn_mode_param);
546 return true;
547 }
548
bta_dm_process_remove_device_no_callback(const RawAddress & bd_addr)549 static void bta_dm_process_remove_device_no_callback(
550 const RawAddress& bd_addr) {
551 /* need to remove all pending background connection before unpair */
552 BTA_GATTC_CancelOpen(0, bd_addr, false);
553
554 if (bluetooth::shim::is_gd_security_enabled()) {
555 bluetooth::shim::BTM_SecDeleteDevice(bd_addr);
556 } else {
557 BTM_SecDeleteDevice(bd_addr);
558 }
559
560 /* remove all cached GATT information */
561 BTA_GATTC_Refresh(bd_addr);
562 }
563
bta_dm_process_remove_device(const RawAddress & bd_addr)564 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
565 bta_dm_process_remove_device_no_callback(bd_addr);
566
567 if (bta_dm_cb.p_sec_cback) {
568 tBTA_DM_SEC sec_event;
569 sec_event.link_down.bd_addr = bd_addr;
570 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
571 }
572 }
573
574 /** Removes device, disconnects ACL link if required */
bta_dm_remove_device(const RawAddress & bd_addr)575 void bta_dm_remove_device(const RawAddress& bd_addr) {
576 /* If ACL exists for the device in the remove_bond message*/
577 bool is_bd_addr_connected =
578 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
579 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR);
580
581 uint8_t other_transport = BT_TRANSPORT_INVALID;
582 if (is_bd_addr_connected) {
583 APPL_TRACE_DEBUG("%s: ACL Up count: %d", __func__,
584 bta_dm_cb.device_list.count);
585
586 /* Take the link down first, and mark the device for removal when
587 * disconnected */
588 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
589 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
590 if (peer_device.peer_bdaddr == bd_addr) {
591 peer_device.conn_state = BTA_DM_UNPAIRING;
592
593 /* Make sure device is not in acceptlist before we disconnect */
594 GATT_CancelConnect(0, bd_addr, false);
595
596 btm_remove_acl(bd_addr, peer_device.transport);
597 APPL_TRACE_DEBUG("%s: transport: %d", __func__, peer_device.transport);
598
599 /* save the other transport to check if device is connected on
600 * other_transport */
601 if (peer_device.transport == BT_TRANSPORT_LE)
602 other_transport = BT_TRANSPORT_BR_EDR;
603 else
604 other_transport = BT_TRANSPORT_LE;
605
606 break;
607 }
608 }
609 }
610
611 RawAddress other_address = bd_addr;
612 RawAddress other_address2 = bd_addr;
613
614 // If it is DUMO device and device is paired as different address, unpair that
615 // device
616 bool other_address_connected =
617 (other_transport)
618 ? BTM_ReadConnectedTransportAddress(&other_address, other_transport)
619 : (BTM_ReadConnectedTransportAddress(&other_address,
620 BT_TRANSPORT_BR_EDR) ||
621 BTM_ReadConnectedTransportAddress(&other_address2,
622 BT_TRANSPORT_LE));
623 if (other_address == bd_addr) other_address = other_address2;
624
625 if (other_address_connected) {
626 /* Take the link down first, and mark the device for removal when
627 * disconnected */
628 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
629 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
630 if (peer_device.peer_bdaddr == other_address &&
631 peer_device.transport == other_transport) {
632 peer_device.conn_state = BTA_DM_UNPAIRING;
633
634 /* Make sure device is not in acceptlist before we disconnect */
635 GATT_CancelConnect(0, bd_addr, false);
636
637 btm_remove_acl(other_address, peer_device.transport);
638 break;
639 }
640 }
641 }
642
643 /* Delete the device mentioned in the msg */
644 if (!is_bd_addr_connected) {
645 bta_dm_process_remove_device(bd_addr);
646 }
647
648 /* Delete the other paired device too */
649 if (!other_address_connected && !other_address.IsEmpty()) {
650 bta_dm_process_remove_device(other_address);
651 }
652
653 /* Check the length of the paired devices, and if 0 then reset IRK */
654 auto paired_devices = btif_config_get_paired_devices();
655 if (paired_devices.empty()) {
656 LOG_INFO("Last paired device removed, resetting IRK");
657 btm_ble_reset_id();
658 }
659 }
660
661 /*******************************************************************************
662 *
663 * Function bta_dm_add_device
664 *
665 * Description This function adds a Link Key to an security database entry.
666 * It is normally called during host startup to restore all
667 * required information stored in the NVRAM.
668 ******************************************************************************/
bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg)669 void bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg) {
670 uint8_t* p_dc = NULL;
671 LinkKey* p_lc = NULL;
672
673 /* If not all zeros, the device class has been specified */
674 if (msg->dc_known) p_dc = (uint8_t*)msg->dc;
675
676 if (msg->link_key_known) p_lc = &msg->link_key;
677
678 if (bluetooth::shim::is_gd_security_enabled()) {
679 bluetooth::shim::BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, nullptr,
680 p_lc, msg->key_type, msg->pin_length);
681 } else {
682 auto add_result =
683 BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, nullptr, p_lc,
684 msg->key_type, msg->pin_length);
685 if (!add_result) {
686 LOG(ERROR) << "BTA_DM: Error adding device " << msg->bd_addr;
687 }
688 }
689 }
690
691 /** This function forces to close the connection to a remote device and
692 * optionaly remove the device from security database if required. */
bta_dm_close_acl(const RawAddress & bd_addr,bool remove_dev,tBT_TRANSPORT transport)693 void bta_dm_close_acl(const RawAddress& bd_addr, bool remove_dev,
694 tBT_TRANSPORT transport) {
695 uint8_t index;
696
697 APPL_TRACE_DEBUG("bta_dm_close_acl");
698
699 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
700 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
701 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr == bd_addr)
702 break;
703 }
704 if (index != bta_dm_cb.device_list.count) {
705 if (remove_dev)
706 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
707 } else {
708 APPL_TRACE_ERROR("unknown device, remove ACL failed");
709 }
710
711 /* Make sure device is not in acceptlist before we disconnect */
712 GATT_CancelConnect(0, bd_addr, false);
713
714 /* Disconnect the ACL link */
715 btm_remove_acl(bd_addr, transport);
716 }
717 /* if to remove the device from security database ? do it now */
718 else if (remove_dev) {
719 bta_dm_process_remove_device_no_callback(bd_addr);
720 }
721 /* otherwise, no action needed */
722 }
723
724 /** Bonds with peer device */
bta_dm_bond(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_TRANSPORT transport,int device_type)725 void bta_dm_bond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
726 tBT_TRANSPORT transport, int device_type) {
727 tBTA_DM_SEC sec_event;
728 char* p_name;
729
730 tBTM_STATUS status =
731 (bluetooth::shim::is_gd_security_enabled())
732 ? bluetooth::shim::BTM_SecBond(bd_addr, addr_type, transport,
733 device_type)
734 : BTM_SecBond(bd_addr, addr_type, transport, device_type, 0, NULL);
735
736 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
737 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
738 sec_event.auth_cmpl.bd_addr = bd_addr;
739 p_name = (bluetooth::shim::is_gd_security_enabled())
740 ? bluetooth::shim::BTM_SecReadDevName(bd_addr)
741 : BTM_SecReadDevName(bd_addr);
742 if (p_name != NULL) {
743 memcpy(sec_event.auth_cmpl.bd_name, p_name, BD_NAME_LEN);
744 sec_event.auth_cmpl.bd_name[BD_NAME_LEN] = 0;
745 }
746
747 /* taken care of by memset [above]
748 sec_event.auth_cmpl.key_present = false;
749 sec_event.auth_cmpl.success = false;
750 */
751 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
752 if (status == BTM_SUCCESS) {
753 sec_event.auth_cmpl.success = true;
754 } else {
755 /* delete this device entry from Sec Dev DB */
756 bta_dm_remove_sec_dev_entry(bd_addr);
757 }
758 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
759 }
760 }
761
762 /** Cancels bonding with a peer device */
bta_dm_bond_cancel(const RawAddress & bd_addr)763 void bta_dm_bond_cancel(const RawAddress& bd_addr) {
764 tBTM_STATUS status;
765 tBTA_DM_SEC sec_event;
766
767 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
768
769 status = (bluetooth::shim::is_gd_security_enabled())
770 ? bluetooth::shim::BTM_SecBondCancel(bd_addr)
771 : BTM_SecBondCancel(bd_addr);
772
773 if (bta_dm_cb.p_sec_cback &&
774 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
775 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
776
777 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
778 }
779 }
780
781 /** Send the pin_reply to a request from BTM */
bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg)782 void bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg) {
783 if (msg->accept) {
784 if (bluetooth::shim::is_gd_security_enabled()) {
785 bluetooth::shim::BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len,
786 msg->p_pin);
787 } else {
788 BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len, msg->p_pin);
789 }
790 } else {
791 if (bluetooth::shim::is_gd_security_enabled()) {
792 bluetooth::shim::BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0,
793 NULL);
794 } else {
795 BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0, NULL);
796 }
797 }
798 }
799
800 /** Send the user confirm request reply in response to a request from BTM */
bta_dm_confirm(const RawAddress & bd_addr,bool accept)801 void bta_dm_confirm(const RawAddress& bd_addr, bool accept) {
802 if (bluetooth::shim::is_gd_security_enabled()) {
803 bluetooth::shim::BTM_ConfirmReqReply(
804 accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
805 } else {
806 BTM_ConfirmReqReply(accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
807 }
808 }
809
810 /** respond to the OOB data request for the remote device from BTM */
bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg)811 void bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg) {
812 if (bluetooth::shim::is_gd_security_enabled()) {
813 bluetooth::shim::BTM_RemoteOobDataReply(
814 msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, msg->bd_addr, msg->c,
815 msg->r);
816 } else {
817 BTM_RemoteOobDataReply(msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
818 msg->bd_addr, msg->c, msg->r);
819 }
820 }
821
822 /*******************************************************************************
823 *
824 * Function bta_dm_search_start
825 *
826 * Description Starts an inquiry
827 *
828 *
829 * Returns void
830 *
831 ******************************************************************************/
bta_dm_search_start(tBTA_DM_MSG * p_data)832 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
833 tBTM_INQUIRY_CMPL result = {};
834
835 bta_dm_gattc_register();
836
837 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
838 p_bta_dm_cfg->avoid_scatter);
839
840 BTM_ClearInqDb(nullptr);
841 /* save search params */
842 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
843 bta_dm_search_cb.services = p_data->search.services;
844
845 result.status = BTM_StartInquiry(bta_dm_inq_results_cb, bta_dm_inq_cmpl_cb);
846
847 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
848 if (result.status != BTM_CMD_STARTED) {
849 LOG(ERROR) << __func__ << ": BTM_StartInquiry returned "
850 << std::to_string(result.status);
851 result.num_resp = 0;
852 bta_dm_inq_cmpl_cb((void*)&result);
853 }
854 }
855
856 /*******************************************************************************
857 *
858 * Function bta_dm_search_cancel
859 *
860 * Description Cancels an ongoing search for devices
861 *
862 *
863 * Returns void
864 *
865 ******************************************************************************/
bta_dm_search_cancel()866 void bta_dm_search_cancel() {
867 if (BTM_IsInquiryActive()) {
868 BTM_CancelInquiry();
869 bta_dm_search_cancel_notify();
870 bta_dm_search_cmpl();
871 }
872 /* If no Service Search going on then issue cancel remote name in case it is
873 active */
874 else if (!bta_dm_search_cb.name_discover_done) {
875 BTM_CancelRemoteDeviceName();
876 bta_dm_search_cmpl();
877 } else {
878 bta_dm_inq_cmpl(0);
879 }
880
881 if (bta_dm_search_cb.gatt_disc_active) {
882 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
883 }
884 }
885
886 /*******************************************************************************
887 *
888 * Function bta_dm_discover
889 *
890 * Description Discovers services on a remote device
891 *
892 *
893 * Returns void
894 *
895 ******************************************************************************/
bta_dm_discover(tBTA_DM_MSG * p_data)896 void bta_dm_discover(tBTA_DM_MSG* p_data) {
897 /* save the search condition */
898 bta_dm_search_cb.services = BTA_ALL_SERVICE_MASK;
899
900 bta_dm_gattc_register();
901
902 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
903 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
904 bta_dm_search_cb.service_index = 0;
905 bta_dm_search_cb.services_found = 0;
906 bta_dm_search_cb.peer_name[0] = 0;
907 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
908 bta_dm_search_cb.transport = p_data->discover.transport;
909
910 bta_dm_search_cb.name_discover_done = false;
911 bta_dm_discover_device(p_data->discover.bd_addr);
912 }
913
914 /*******************************************************************************
915 *
916 * Function bta_dm_disable_search_and_disc
917 *
918 * Description Cancels an ongoing search or discovery for devices in case
919 * of a Bluetooth disable
920 *
921 *
922 * Returns void
923 *
924 ******************************************************************************/
bta_dm_disable_search_and_disc(void)925 static void bta_dm_disable_search_and_disc(void) {
926 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel();
927 }
928
929 /*******************************************************************************
930 *
931 * Function bta_dm_read_remote_device_name
932 *
933 * Description Initiate to get remote device name
934 *
935 * Returns true if started to get remote name
936 *
937 ******************************************************************************/
bta_dm_read_remote_device_name(const RawAddress & bd_addr,tBT_TRANSPORT transport)938 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
939 tBT_TRANSPORT transport) {
940 tBTM_STATUS btm_status;
941
942 APPL_TRACE_DEBUG("%s", __func__);
943
944 bta_dm_search_cb.peer_bdaddr = bd_addr;
945 bta_dm_search_cb.peer_name[0] = 0;
946
947 btm_status =
948 (bluetooth::shim::is_gd_security_enabled())
949 ? bluetooth::shim::BTM_ReadRemoteDeviceName(
950 bta_dm_search_cb.peer_bdaddr, bta_dm_remname_cback, transport)
951 : BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
952 bta_dm_remname_cback, transport);
953
954 if (btm_status == BTM_CMD_STARTED) {
955 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
956
957 return (true);
958 } else if (btm_status == BTM_BUSY) {
959 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
960
961 /* Remote name discovery is on going now so BTM cannot notify through
962 * "bta_dm_remname_cback" */
963 /* adding callback to get notified that current reading remore name done */
964
965 if (bluetooth::shim::is_gd_security_enabled()) {
966 bluetooth::shim::BTM_SecAddRmtNameNotifyCallback(
967 &bta_dm_service_search_remname_cback);
968 } else {
969 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
970 }
971
972 return (true);
973 } else {
974 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
975 btm_status);
976
977 return (false);
978 }
979 }
980
981 /*******************************************************************************
982 *
983 * Function bta_dm_inq_cmpl
984 *
985 * Description Process the inquiry complete event from BTM
986 *
987 * Returns void
988 *
989 ******************************************************************************/
bta_dm_inq_cmpl(uint8_t num)990 void bta_dm_inq_cmpl(uint8_t num) {
991 if (bta_dm_search_get_state() == BTA_DM_SEARCH_CANCELLING) {
992 bta_dm_search_set_state(BTA_DM_SEARCH_IDLE);
993 bta_dm_execute_queued_request();
994 return;
995 }
996
997 if (bta_dm_search_get_state() != BTA_DM_SEARCH_ACTIVE) {
998 return;
999 }
1000
1001 tBTA_DM_SEARCH data;
1002
1003 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1004
1005 data.inq_cmpl.num_resps = num;
1006 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1007
1008 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1009 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1010 /* start name and service discovery from the first device on inquiry result
1011 */
1012 bta_dm_search_cb.name_discover_done = false;
1013 bta_dm_search_cb.peer_name[0] = 0;
1014 bta_dm_discover_device(
1015 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1016 } else {
1017 bta_dm_search_cb.services = 0;
1018 bta_dm_search_cmpl();
1019 }
1020 }
1021
1022 /*******************************************************************************
1023 *
1024 * Function bta_dm_rmt_name
1025 *
1026 * Description Process the remote name result from BTM
1027 *
1028 * Returns void
1029 *
1030 ******************************************************************************/
bta_dm_rmt_name(tBTA_DM_MSG * p_data)1031 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1032 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1033
1034 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1035 bta_dm_search_cb.p_btm_inq_info) {
1036 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1037 }
1038
1039 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1040 }
1041
1042 /*******************************************************************************
1043 *
1044 * Function bta_dm_disc_rmt_name
1045 *
1046 * Description Process the remote name result from BTM when application
1047 * wants to find the name for a bdaddr
1048 *
1049 * Returns void
1050 *
1051 ******************************************************************************/
bta_dm_disc_rmt_name(tBTA_DM_MSG * p_data)1052 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1053 tBTM_INQ_INFO* p_btm_inq_info;
1054
1055 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1056
1057 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1058 if (p_btm_inq_info) {
1059 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1060 p_btm_inq_info->appl_knows_rem_name = true;
1061 }
1062 }
1063
1064 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1065 }
1066
1067 /*******************************************************************************
1068 *
1069 * Function bta_dm_sdp_result
1070 *
1071 * Description Process the discovery result from sdp
1072 *
1073 * Returns void
1074 *
1075 ******************************************************************************/
bta_dm_sdp_result(tBTA_DM_MSG * p_data)1076 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1077 tSDP_DISC_REC* p_sdp_rec = NULL;
1078 tBTA_DM_MSG* p_msg;
1079 bool scn_found = false;
1080 uint16_t service = 0xFFFF;
1081 tSDP_PROTOCOL_ELEM pe;
1082
1083 std::vector<Uuid> uuid_list;
1084
1085 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1086 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1087 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1088 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1089 do {
1090 p_sdp_rec = NULL;
1091 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1092 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1093 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1094 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1095 scn_found = true;
1096 }
1097 } else {
1098 service =
1099 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1100 p_sdp_rec =
1101 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1102 }
1103 /* finished with BR/EDR services, now we check the result for GATT based
1104 * service UUID */
1105 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1106 /* all GATT based services */
1107
1108 std::vector<Uuid> gatt_uuids;
1109
1110 do {
1111 /* find a service record, report it */
1112 p_sdp_rec =
1113 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1114 if (p_sdp_rec) {
1115 Uuid service_uuid;
1116 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1117 gatt_uuids.push_back(service_uuid);
1118 }
1119 }
1120 } while (p_sdp_rec);
1121
1122 if (!gatt_uuids.empty()) {
1123 LOG_INFO("GATT services discovered using SDP");
1124
1125 // send all result back to app
1126 tBTA_DM_SEARCH result;
1127 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1128 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1129 BD_NAME_LEN + 1);
1130
1131 result.disc_ble_res.services = &gatt_uuids;
1132 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1133 }
1134 } else {
1135 /* SDP_DB_FULL means some records with the
1136 required attributes were received */
1137 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1138 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1139 (p_sdp_rec != NULL)) {
1140 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1141 bta_dm_search_cb.services_found |=
1142 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1143 bta_dm_search_cb.service_index - 1));
1144 uint16_t tmp_svc =
1145 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1146 1];
1147 /* Add to the list of UUIDs */
1148 uuid_list.push_back(Uuid::From16Bit(tmp_svc));
1149 }
1150 }
1151 }
1152
1153 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1154 bta_dm_search_cb.services_to_search == 0) {
1155 bta_dm_search_cb.service_index++;
1156 } else /* regular one service per search or PNP search */
1157 break;
1158
1159 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1160
1161 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1162 bta_dm_search_cb.services_found);
1163
1164 /* Collect the 128-bit services here and put them into the list */
1165 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1166 p_sdp_rec = NULL;
1167 do {
1168 /* find a service record, report it */
1169 p_sdp_rec =
1170 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1171 if (p_sdp_rec) {
1172 // SDP_FindServiceUUIDInRec_128bit is used only once, refactor?
1173 Uuid temp_uuid;
1174 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1175 uuid_list.push_back(temp_uuid);
1176 }
1177 }
1178 } while (p_sdp_rec);
1179 }
1180 /* if there are more services to search for */
1181 if (bta_dm_search_cb.services_to_search) {
1182 /* Free up the p_sdp_db before checking the next one */
1183 bta_dm_free_sdp_db();
1184 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1185 } else {
1186 /* callbacks */
1187 /* start next bd_addr if necessary */
1188
1189 if (bluetooth::shim::is_gd_security_enabled()) {
1190 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1191 &bta_dm_service_search_remname_cback);
1192 } else {
1193 BTM_SecDeleteRmtNameNotifyCallback(
1194 &bta_dm_service_search_remname_cback);
1195 }
1196
1197 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1198 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1199 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1200 p_msg->disc_result.result.disc_res.num_uuids = uuid_list.size();
1201 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1202 if (uuid_list.size() > 0) {
1203 // TODO(jpawlowski): make p_uuid_list into vector, and just copy
1204 // vectors, but first get rid of bta_sys_sendmsg below.
1205 p_msg->disc_result.result.disc_res.p_uuid_list =
1206 (Uuid*)osi_malloc(uuid_list.size() * sizeof(Uuid));
1207 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list.data(),
1208 uuid_list.size() * sizeof(Uuid));
1209 }
1210 // Copy the raw_data to the discovery result structure
1211 if (bta_dm_search_cb.p_sdp_db != NULL &&
1212 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1213 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1214 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1215 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1216 bta_dm_search_cb.p_sdp_db->raw_data);
1217
1218 bta_dm_search_cb.p_sdp_db->raw_data =
1219 NULL; // no need to free this - it is a global assigned.
1220 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1221 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1222 } else {
1223 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1224 __func__);
1225 }
1226 /* Done with p_sdp_db. Free it */
1227 bta_dm_free_sdp_db();
1228 p_msg->disc_result.result.disc_res.services =
1229 bta_dm_search_cb.services_found;
1230
1231 // Piggy back the SCN over result field
1232 if (scn_found) {
1233 p_msg->disc_result.result.disc_res.result =
1234 static_cast<tBTA_STATUS>((3 + bta_dm_search_cb.peer_scn));
1235 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1236
1237 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1238 bta_dm_search_cb.peer_scn);
1239 }
1240 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1241 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1242 bta_dm_get_remname(), BD_NAME_LEN + 1);
1243
1244 bta_sys_sendmsg(p_msg);
1245 }
1246 } else {
1247 /* conn failed. No need for timer */
1248 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED)
1249 bta_dm_search_cb.wait_disc = false;
1250
1251 /* not able to connect go to next device */
1252 if (bta_dm_search_cb.p_sdp_db)
1253 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1254
1255 if (bluetooth::shim::is_gd_security_enabled()) {
1256 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1257 &bta_dm_service_search_remname_cback);
1258 } else {
1259 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1260 }
1261
1262 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1263 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1264 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1265 p_msg->disc_result.result.disc_res.services =
1266 bta_dm_search_cb.services_found;
1267 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1268 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1269 bta_dm_get_remname(), BD_NAME_LEN + 1);
1270
1271 bta_sys_sendmsg(p_msg);
1272 }
1273 }
1274
1275 /*******************************************************************************
1276 *
1277 * Function bta_dm_search_cmpl
1278 *
1279 * Description Sends event to application
1280 *
1281 * Returns void
1282 *
1283 ******************************************************************************/
bta_dm_search_cmpl()1284 void bta_dm_search_cmpl() {
1285 bta_dm_search_set_state(BTA_DM_SEARCH_IDLE);
1286
1287 uint16_t conn_id = bta_dm_search_cb.conn_id;
1288
1289 /* no BLE connection, i.e. Classic service discovery end */
1290 if (conn_id == GATT_INVALID_CONN_ID) {
1291 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, nullptr);
1292 bta_dm_execute_queued_request();
1293 return;
1294 }
1295
1296 btgatt_db_element_t* db = NULL;
1297 int count = 0;
1298 BTA_GATTC_GetGattDb(conn_id, 0x0000, 0xFFFF, &db, &count);
1299
1300 if (count == 0) {
1301 LOG_INFO("Empty GATT database - no BLE services discovered");
1302 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, nullptr);
1303 bta_dm_execute_queued_request();
1304 return;
1305 }
1306
1307 std::vector<Uuid> gatt_services;
1308
1309 for (int i = 0; i < count; i++) {
1310 // we process service entries only
1311 if (db[i].type == BTGATT_DB_PRIMARY_SERVICE) {
1312 gatt_services.push_back(db[i].uuid);
1313 }
1314 }
1315 osi_free(db);
1316
1317 tBTA_DM_SEARCH result;
1318 result.disc_ble_res.services = &gatt_services;
1319 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1320 strlcpy((char*)result.disc_ble_res.bd_name, (char*)bta_dm_search_cb.peer_name,
1321 BD_NAME_LEN + 1);
1322
1323 LOG_INFO("GATT services discovered using LE Transport");
1324 // send all result back to app
1325 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1326
1327 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, nullptr);
1328
1329 bta_dm_execute_queued_request();
1330 }
1331
1332 /*******************************************************************************
1333 *
1334 * Function bta_dm_disc_result
1335 *
1336 * Description Service discovery result when discovering services on a
1337 * device
1338 *
1339 * Returns void
1340 *
1341 ******************************************************************************/
bta_dm_disc_result(tBTA_DM_MSG * p_data)1342 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1343 APPL_TRACE_EVENT("%s", __func__);
1344
1345 /* if any BR/EDR service discovery has been done, report the event */
1346 if ((bta_dm_search_cb.services &
1347 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1348 ~BTA_BLE_SERVICE_MASK)))
1349 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1350 &p_data->disc_result.result);
1351
1352 bta_dm_search_cmpl();
1353 }
1354
1355 /*******************************************************************************
1356 *
1357 * Function bta_dm_search_result
1358 *
1359 * Description Service discovery result while searching for devices
1360 *
1361 * Returns void
1362 *
1363 ******************************************************************************/
bta_dm_search_result(tBTA_DM_MSG * p_data)1364 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1365 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1366 bta_dm_search_cb.services,
1367 p_data->disc_result.result.disc_res.services);
1368
1369 /* call back if application wants name discovery or found services that
1370 * application is searching */
1371 if ((!bta_dm_search_cb.services) ||
1372 ((bta_dm_search_cb.services) &&
1373 (p_data->disc_result.result.disc_res.services))) {
1374 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1375 &p_data->disc_result.result);
1376 }
1377
1378 /* if searching did not initiate to create link */
1379 if (!bta_dm_search_cb.wait_disc) {
1380 /* if service searching is done with EIR, don't search next device */
1381 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1382 } else {
1383 /* wait until link is disconnected or timeout */
1384 bta_dm_search_cb.sdp_results = true;
1385 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1386 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1387 bta_dm_search_timer_cback, NULL);
1388 }
1389 }
1390
1391 /*******************************************************************************
1392 *
1393 * Function bta_dm_search_timer_cback
1394 *
1395 * Description Called when ACL disconnect time is over
1396 *
1397 *
1398 * Returns void
1399 *
1400 ******************************************************************************/
bta_dm_search_timer_cback(UNUSED_ATTR void * data)1401 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1402 APPL_TRACE_EVENT("%s", __func__);
1403 bta_dm_search_cb.wait_disc = false;
1404
1405 /* proceed with next device */
1406 bta_dm_discover_next_device();
1407 }
1408
1409 /*******************************************************************************
1410 *
1411 * Function bta_dm_free_sdp_db
1412 *
1413 * Description Frees SDP data base
1414 *
1415 * Returns void
1416 *
1417 ******************************************************************************/
bta_dm_free_sdp_db()1418 void bta_dm_free_sdp_db() {
1419 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1420 }
1421
1422 /*******************************************************************************
1423 *
1424 * Function bta_dm_queue_search
1425 *
1426 * Description Queues search command
1427 *
1428 * Returns void
1429 *
1430 ******************************************************************************/
bta_dm_queue_search(tBTA_DM_MSG * p_data)1431 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1432 osi_free_and_reset((void**)&bta_dm_search_cb.p_pending_search);
1433 bta_dm_search_cb.p_pending_search =
1434 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1435 memcpy(bta_dm_search_cb.p_pending_search, p_data, sizeof(tBTA_DM_API_SEARCH));
1436 }
1437
1438 /*******************************************************************************
1439 *
1440 * Function bta_dm_queue_disc
1441 *
1442 * Description Queues discovery command
1443 *
1444 * Returns void
1445 *
1446 ******************************************************************************/
bta_dm_queue_disc(tBTA_DM_MSG * p_data)1447 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1448 tBTA_DM_MSG* p_pending_discovery =
1449 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1450 memcpy(p_pending_discovery, p_data, sizeof(tBTA_DM_API_DISCOVER));
1451 fixed_queue_enqueue(bta_dm_search_cb.pending_discovery_queue,
1452 p_pending_discovery);
1453 }
1454
1455 /*******************************************************************************
1456 *
1457 * Function bta_dm_execute_queued_request
1458 *
1459 * Description Executes queued request if one exists
1460 *
1461 * Returns void
1462 *
1463 ******************************************************************************/
bta_dm_execute_queued_request()1464 void bta_dm_execute_queued_request() {
1465 if (bta_dm_search_cb.p_pending_search) {
1466 // Updated queued event to search event to trigger start search
1467 if (bta_dm_search_cb.p_pending_search->hdr.event ==
1468 BTA_DM_API_QUEUE_SEARCH_EVT) {
1469 bta_dm_search_cb.p_pending_search->hdr.event = BTA_DM_API_SEARCH_EVT;
1470 }
1471 LOG_INFO("%s Start pending search", __func__);
1472 bta_sys_sendmsg(bta_dm_search_cb.p_pending_search);
1473 bta_dm_search_cb.p_pending_search = NULL;
1474 } else {
1475 tBTA_DM_MSG* p_pending_discovery = (tBTA_DM_MSG*)fixed_queue_try_dequeue(
1476 bta_dm_search_cb.pending_discovery_queue);
1477 if (p_pending_discovery) {
1478 if (p_pending_discovery->hdr.event == BTA_DM_API_QUEUE_DISCOVER_EVT) {
1479 p_pending_discovery->hdr.event = BTA_DM_API_DISCOVER_EVT;
1480 }
1481 LOG_INFO("%s Start pending discovery", __func__);
1482 bta_sys_sendmsg(p_pending_discovery);
1483 }
1484 }
1485 }
1486
1487 /*******************************************************************************
1488 *
1489 * Function bta_dm_is_search_request_queued
1490 *
1491 * Description Checks if there is a queued search request
1492 *
1493 * Returns bool
1494 *
1495 ******************************************************************************/
bta_dm_is_search_request_queued()1496 bool bta_dm_is_search_request_queued() {
1497 return bta_dm_search_cb.p_pending_search != NULL;
1498 }
1499
1500 /*******************************************************************************
1501 *
1502 * Function bta_dm_search_clear_queue
1503 *
1504 * Description Clears the queue if API search cancel is called
1505 *
1506 * Returns void
1507 *
1508 ******************************************************************************/
bta_dm_search_clear_queue()1509 void bta_dm_search_clear_queue() {
1510 osi_free_and_reset((void**)&bta_dm_search_cb.p_pending_search);
1511 fixed_queue_flush(bta_dm_search_cb.pending_discovery_queue, osi_free);
1512 }
1513
1514 /*******************************************************************************
1515 *
1516 * Function bta_dm_search_cancel_notify
1517 *
1518 * Description Notify application that search has been cancelled
1519 *
1520 * Returns void
1521 *
1522 ******************************************************************************/
bta_dm_search_cancel_notify()1523 void bta_dm_search_cancel_notify() {
1524 if (bta_dm_search_cb.p_search_cback) {
1525 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1526 }
1527 if (!bta_dm_search_cb.name_discover_done &&
1528 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE ||
1529 bta_dm_search_cb.state == BTA_DM_SEARCH_CANCELLING)) {
1530 BTM_CancelRemoteDeviceName();
1531 }
1532 if (bta_dm_search_cb.gatt_disc_active) {
1533 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1534 }
1535 }
1536
1537 /*******************************************************************************
1538 *
1539 * Function bta_dm_find_services
1540 *
1541 * Description Starts discovery on a device
1542 *
1543 * Returns void
1544 *
1545 ******************************************************************************/
bta_dm_find_services(const RawAddress & bd_addr)1546 static void bta_dm_find_services(const RawAddress& bd_addr) {
1547 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1548 Uuid uuid = Uuid::kEmpty;
1549 if (bta_dm_search_cb.services_to_search &
1550 (tBTA_SERVICE_MASK)(
1551 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1552 bta_dm_search_cb.p_sdp_db =
1553 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1554 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1555 bta_dm_search_cb.services);
1556 /* try to search all services by search based on L2CAP UUID */
1557 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1558 LOG_INFO("%s services_to_search=%08x", __func__,
1559 bta_dm_search_cb.services_to_search);
1560 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1561 uuid = Uuid::From16Bit(bta_service_id_to_uuid_lkup_tbl[0]);
1562 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1563 } else {
1564 uuid = Uuid::From16Bit(UUID_PROTOCOL_L2CAP);
1565 bta_dm_search_cb.services_to_search = 0;
1566 }
1567 } else {
1568 /* for LE only profile */
1569 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1570 uuid = Uuid::From16Bit(
1571 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1572
1573 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1574 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1575 } else {
1576 /* remove the service from services to be searched */
1577 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1578 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1579 uuid = Uuid::From16Bit(
1580 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1581 }
1582 }
1583
1584 LOG_INFO("%s search UUID = %s", __func__, uuid.ToString().c_str());
1585 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1586 &uuid, 0, NULL);
1587
1588 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1589 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1590
1591 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1592
1593 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1594 &bta_dm_sdp_callback)) {
1595 /*
1596 * If discovery is not successful with this device, then
1597 * proceed with the next one.
1598 */
1599 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1600 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
1601
1602 } else {
1603 bta_dm_search_cb.service_index++;
1604 return;
1605 }
1606 }
1607
1608 bta_dm_search_cb.service_index++;
1609 }
1610
1611 /* no more services to be discovered */
1612 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
1613 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1614 /* initialize the data structure */
1615 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1616 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1617 p_msg->disc_result.result.disc_res.services =
1618 bta_dm_search_cb.services_found;
1619 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1620 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1621 bta_dm_get_remname(), BD_NAME_LEN + 1);
1622
1623 bta_sys_sendmsg(p_msg);
1624 }
1625 }
1626
1627 /*******************************************************************************
1628 *
1629 * Function bta_dm_discover_next_device
1630 *
1631 * Description Starts discovery on the next device in Inquiry data base
1632 *
1633 * Returns void
1634 *
1635 ******************************************************************************/
bta_dm_discover_next_device(void)1636 static void bta_dm_discover_next_device(void) {
1637 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
1638
1639 /* searching next device on inquiry result */
1640 bta_dm_search_cb.p_btm_inq_info =
1641 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
1642 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1643 bta_dm_search_cb.name_discover_done = false;
1644 bta_dm_search_cb.peer_name[0] = 0;
1645 bta_dm_discover_device(
1646 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1647 } else {
1648 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1649
1650 /* no devices, search complete */
1651 bta_dm_search_cb.services = 0;
1652
1653 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1654 bta_sys_sendmsg(p_msg);
1655 }
1656 }
1657
1658 /*******************************************************************************
1659 *
1660 * Function bta_dm_discover_device
1661 *
1662 * Description Starts name and service discovery on the device
1663 *
1664 * Returns void
1665 *
1666 ******************************************************************************/
bta_dm_discover_device(const RawAddress & remote_bd_addr)1667 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
1668 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1669 if (bta_dm_search_cb.transport == BT_TRANSPORT_UNKNOWN) {
1670 tBT_DEVICE_TYPE dev_type;
1671 tBLE_ADDR_TYPE addr_type;
1672
1673 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
1674 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
1675 transport = BT_TRANSPORT_LE;
1676 } else {
1677 transport = bta_dm_search_cb.transport;
1678 }
1679
1680 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
1681
1682 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
1683
1684 APPL_TRACE_DEBUG(
1685 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
1686 __func__, bta_dm_search_cb.name_discover_done,
1687 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
1688
1689 if (bta_dm_search_cb.p_btm_inq_info) {
1690 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
1691 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
1692 }
1693 if (((bta_dm_search_cb.p_btm_inq_info) &&
1694 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
1695 BT_DEVICE_TYPE_BLE) &&
1696 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) ||
1697 (transport == BT_TRANSPORT_LE &&
1698 interop_match_addr(INTEROP_DISABLE_NAME_REQUEST,
1699 &bta_dm_search_cb.peer_bdaddr))) {
1700 /* Do not perform RNR for LE devices at inquiry complete*/
1701 bta_dm_search_cb.name_discover_done = true;
1702 }
1703 /* if name discovery is not done and application needs remote name */
1704 if ((!bta_dm_search_cb.name_discover_done) &&
1705 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
1706 (bta_dm_search_cb.p_btm_inq_info &&
1707 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
1708 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr,
1709 transport)) {
1710 if (bta_dm_search_cb.state != BTA_DM_DISCOVER_ACTIVE) {
1711 /* Reset transport state for next discovery */
1712 bta_dm_search_cb.transport = BT_TRANSPORT_UNKNOWN;
1713 }
1714 return;
1715 }
1716
1717 /* starting name discovery failed */
1718 bta_dm_search_cb.name_discover_done = true;
1719 }
1720
1721 /* Reset transport state for next discovery */
1722 bta_dm_search_cb.transport = BT_TRANSPORT_UNKNOWN;
1723
1724 /* if application wants to discover service */
1725 if (bta_dm_search_cb.services) {
1726 /* initialize variables */
1727 bta_dm_search_cb.service_index = 0;
1728 bta_dm_search_cb.services_found = 0;
1729 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1730
1731 /* if seaching with EIR is not completed */
1732 if (bta_dm_search_cb.services_to_search) {
1733 /* check whether connection already exists to the device
1734 if connection exists, we don't have to wait for ACL
1735 link to go down to start search on next device */
1736 if (transport == BT_TRANSPORT_BR_EDR) {
1737 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
1738 BT_TRANSPORT_BR_EDR))
1739 bta_dm_search_cb.wait_disc = false;
1740 else
1741 bta_dm_search_cb.wait_disc = true;
1742 }
1743 if (bta_dm_search_cb.p_btm_inq_info) {
1744 APPL_TRACE_DEBUG(
1745 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
1746 "services_to_search 0x%x",
1747 __func__, bta_dm_search_cb.p_btm_inq_info,
1748 bta_dm_search_cb.p_btm_inq_info->results.device_type,
1749 bta_dm_search_cb.services_to_search);
1750 }
1751
1752 if (transport == BT_TRANSPORT_LE) {
1753 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
1754 // set the raw data buffer here
1755 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1756 /* start GATT for service discovery */
1757 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1758 return;
1759 }
1760 } else {
1761 bta_dm_search_cb.sdp_results = false;
1762 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1763 return;
1764 }
1765 }
1766 }
1767
1768 /* name discovery and service discovery are done for this device */
1769 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1770 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1771 /* initialize the data structure */
1772 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1773 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1774 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
1775 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1776 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1777 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN + 1);
1778
1779 bta_sys_sendmsg(p_msg);
1780 }
1781
1782 /*******************************************************************************
1783 *
1784 * Function bta_dm_sdp_callback
1785 *
1786 * Description Callback from sdp with discovery status
1787 *
1788 * Returns void
1789 *
1790 ******************************************************************************/
bta_dm_sdp_callback(tSDP_STATUS sdp_status)1791 static void bta_dm_sdp_callback(tSDP_STATUS sdp_status) {
1792 tBTA_DM_SDP_RESULT* p_msg =
1793 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
1794
1795 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
1796 p_msg->sdp_result = static_cast<uint16_t>(sdp_status);
1797
1798 bta_sys_sendmsg(p_msg);
1799 }
1800
1801 /*******************************************************************************
1802 *
1803 * Function bta_dm_inq_results_cb
1804 *
1805 * Description Inquiry results callback from BTM
1806 *
1807 * Returns void
1808 *
1809 ******************************************************************************/
bta_dm_inq_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)1810 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
1811 uint16_t eir_len) {
1812 tBTA_DM_SEARCH result;
1813 tBTM_INQ_INFO* p_inq_info;
1814 uint16_t service_class;
1815
1816 result.inq_res.bd_addr = p_inq->remote_bd_addr;
1817
1818 // Pass the original address to GattService#onScanResult
1819 result.inq_res.original_bda = p_inq->original_bda;
1820
1821 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
1822 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
1823 result.inq_res.is_limited =
1824 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
1825 result.inq_res.rssi = p_inq->rssi;
1826
1827 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
1828 result.inq_res.inq_result_type = p_inq->inq_result_type;
1829 result.inq_res.device_type = p_inq->device_type;
1830 result.inq_res.flag = p_inq->flag;
1831
1832 /* application will parse EIR to find out remote device name */
1833 result.inq_res.p_eir = p_eir;
1834 result.inq_res.eir_len = eir_len;
1835
1836 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
1837 if (p_inq_info != NULL) {
1838 /* initialize remt_name_not_required to false so that we get the name by
1839 * default */
1840 result.inq_res.remt_name_not_required = false;
1841 }
1842
1843 if (bta_dm_search_cb.p_search_cback)
1844 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
1845
1846 if (p_inq_info) {
1847 /* application indicates if it knows the remote name, inside the callback
1848 copy that to the inquiry data base*/
1849 if (result.inq_res.remt_name_not_required)
1850 p_inq_info->appl_knows_rem_name = true;
1851 }
1852 }
1853
1854 /*******************************************************************************
1855 *
1856 * Function bta_dm_inq_cmpl_cb
1857 *
1858 * Description Inquiry complete callback from BTM
1859 *
1860 * Returns void
1861 *
1862 ******************************************************************************/
bta_dm_inq_cmpl_cb(void * p_result)1863 static void bta_dm_inq_cmpl_cb(void* p_result) {
1864 APPL_TRACE_DEBUG("%s", __func__);
1865 bta_dm_inq_cmpl(((tBTM_INQUIRY_CMPL*)p_result)->num_resp);
1866 }
1867
1868 /*******************************************************************************
1869 *
1870 * Function bta_dm_service_search_remname_cback
1871 *
1872 * Description Remote name call back from BTM during service discovery
1873 *
1874 * Returns void
1875 *
1876 ******************************************************************************/
bta_dm_service_search_remname_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dc,BD_NAME bd_name)1877 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
1878 UNUSED_ATTR DEV_CLASS dc,
1879 BD_NAME bd_name) {
1880 tBTM_REMOTE_DEV_NAME rem_name;
1881 tBTM_STATUS btm_status;
1882
1883 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
1884
1885 /* if this is what we are looking for */
1886 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
1887 rem_name.length = strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name,
1888 BD_NAME_LEN + 1);
1889 if (rem_name.length > BD_NAME_LEN) {
1890 rem_name.length = BD_NAME_LEN;
1891 }
1892 rem_name.status = BTM_SUCCESS;
1893
1894 bta_dm_remname_cback(&rem_name);
1895 } else {
1896 /* get name of device */
1897 btm_status =
1898 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1899 bta_dm_remname_cback, BT_TRANSPORT_BR_EDR);
1900 if (btm_status == BTM_BUSY) {
1901 /* wait for next chance(notification of remote name discovery done) */
1902 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1903 } else if (btm_status != BTM_CMD_STARTED) {
1904 /* if failed to start getting remote name then continue */
1905 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
1906 __func__, btm_status);
1907
1908 rem_name.length = 0;
1909 rem_name.remote_bd_name[0] = 0;
1910 rem_name.status = btm_status;
1911 bta_dm_remname_cback(&rem_name);
1912 }
1913 }
1914 }
1915
1916 /*******************************************************************************
1917 *
1918 * Function bta_dm_remname_cback
1919 *
1920 * Description Remote name complete call back from BTM
1921 *
1922 * Returns void
1923 *
1924 ******************************************************************************/
bta_dm_remname_cback(void * p)1925 static void bta_dm_remname_cback(void* p) {
1926 tBTM_REMOTE_DEV_NAME* p_remote_name = (tBTM_REMOTE_DEV_NAME*)p;
1927 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
1928 p_remote_name->length, p_remote_name->remote_bd_name);
1929
1930 /* remote name discovery is done but it could be failed */
1931 bta_dm_search_cb.name_discover_done = true;
1932 strlcpy((char*)bta_dm_search_cb.peer_name,
1933 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);
1934
1935 if (bluetooth::shim::is_gd_security_enabled()) {
1936 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1937 &bta_dm_service_search_remname_cback);
1938 } else {
1939 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1940 }
1941
1942 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
1943 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
1944 }
1945
1946 tBTA_DM_REM_NAME* p_msg =
1947 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
1948 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1949 strlcpy((char*)p_msg->result.disc_res.bd_name,
1950 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);
1951 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
1952
1953 bta_sys_sendmsg(p_msg);
1954 }
1955
1956 /*******************************************************************************
1957 *
1958 * Function bta_dm_pinname_cback
1959 *
1960 * Description Callback requesting pin_key
1961 *
1962 * Returns void
1963 *
1964 ******************************************************************************/
bta_dm_pinname_cback(void * p_data)1965 static void bta_dm_pinname_cback(void* p_data) {
1966 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
1967 tBTA_DM_SEC sec_event;
1968 uint32_t bytes_to_copy;
1969 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
1970
1971 if (BTA_DM_SP_CFM_REQ_EVT == event) {
1972 /* Retrieved saved device class and bd_addr */
1973 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
1974 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
1975
1976 if (p_result && p_result->status == BTM_SUCCESS) {
1977 bytes_to_copy =
1978 (p_result->length < BD_NAME_LEN) ? p_result->length : BD_NAME_LEN;
1979 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
1980 bytes_to_copy);
1981 sec_event.pin_req.bd_name[BD_NAME_LEN] = 0;
1982 } else /* No name found */
1983 sec_event.cfm_req.bd_name[0] = 0;
1984
1985 sec_event.key_notif.passkey =
1986 bta_dm_cb.num_val; /* get PIN code numeric number */
1987
1988 /* 1 additional event data fields for this event */
1989 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
1990 /* retrieve the loc and rmt caps */
1991 sec_event.cfm_req.loc_io_caps = bta_dm_cb.loc_io_caps;
1992 sec_event.cfm_req.rmt_io_caps = bta_dm_cb.rmt_io_caps;
1993 sec_event.cfm_req.loc_auth_req = bta_dm_cb.loc_auth_req;
1994 sec_event.cfm_req.rmt_auth_req = bta_dm_cb.rmt_auth_req;
1995
1996 } else {
1997 /* Retrieved saved device class and bd_addr */
1998 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
1999 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2000
2001 if (p_result && p_result->status == BTM_SUCCESS) {
2002 bytes_to_copy = (p_result->length < BD_NAME_LEN) ? p_result->length
2003 : (BD_NAME_LEN - 1);
2004 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2005 bytes_to_copy);
2006 sec_event.pin_req.bd_name[BD_NAME_LEN] = 0;
2007 } else /* No name found */
2008 sec_event.pin_req.bd_name[0] = 0;
2009
2010 event = bta_dm_cb.pin_evt;
2011 sec_event.key_notif.passkey =
2012 bta_dm_cb.num_val; /* get PIN code numeric number */
2013 }
2014
2015 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2016 }
2017
2018 /*******************************************************************************
2019 *
2020 * Function bta_dm_pin_cback
2021 *
2022 * Description Callback requesting pin_key
2023 *
2024 * Returns void
2025 *
2026 ******************************************************************************/
bta_dm_pin_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,bool min_16_digit)2027 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2028 BD_NAME bd_name, bool min_16_digit) {
2029 tBTA_DM_SEC sec_event;
2030
2031 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2032
2033 /* If the device name is not known, save bdaddr and devclass and initiate a
2034 * name request */
2035 if (bd_name[0] == 0) {
2036 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2037 bta_dm_cb.pin_bd_addr = bd_addr;
2038 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2039 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2040 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2041 return BTM_CMD_STARTED;
2042
2043 APPL_TRACE_WARNING(
2044 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2045 }
2046
2047 sec_event.pin_req.bd_addr = bd_addr;
2048 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2049 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN + 1);
2050 sec_event.pin_req.min_16_digit = min_16_digit;
2051
2052 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2053 return BTM_CMD_STARTED;
2054 }
2055
2056 /*******************************************************************************
2057 *
2058 * Function bta_dm_new_link_key_cback
2059 *
2060 * Description Callback from BTM to notify new link key
2061 *
2062 * Returns void
2063 *
2064 ******************************************************************************/
bta_dm_new_link_key_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,const LinkKey & key,uint8_t key_type)2065 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2066 UNUSED_ATTR DEV_CLASS dev_class,
2067 BD_NAME bd_name, const LinkKey& key,
2068 uint8_t key_type) {
2069 tBTA_DM_SEC sec_event;
2070 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2071 uint8_t event;
2072
2073 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2074
2075 event = BTA_DM_AUTH_CMPL_EVT;
2076 p_auth_cmpl = &sec_event.auth_cmpl;
2077
2078 p_auth_cmpl->bd_addr = bd_addr;
2079
2080 memcpy(p_auth_cmpl->bd_name, bd_name, BD_NAME_LEN);
2081 p_auth_cmpl->bd_name[BD_NAME_LEN] = 0;
2082 p_auth_cmpl->key_present = true;
2083 p_auth_cmpl->key_type = key_type;
2084 p_auth_cmpl->success = true;
2085 p_auth_cmpl->key = key;
2086 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2087
2088 // Report the BR link key based on the BR/EDR address and type
2089 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2090 &sec_event.auth_cmpl.addr_type);
2091 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2092
2093 // Setting remove_dev_pending flag to false, where it will avoid deleting
2094 // the
2095 // security device record when the ACL connection link goes down in case of
2096 // reconnection.
2097 if (bta_dm_cb.device_list.count)
2098 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2099
2100 return BTM_CMD_STARTED;
2101 }
2102
2103 /*******************************************************************************
2104 *
2105 * Function bta_dm_authentication_complete_cback
2106 *
2107 * Description Authentication complete callback from BTM
2108 *
2109 * Returns void
2110 *
2111 ******************************************************************************/
bta_dm_authentication_complete_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,tHCI_REASON reason)2112 static void bta_dm_authentication_complete_cback(
2113 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name,
2114 tHCI_REASON reason) {
2115 if (reason != HCI_SUCCESS) {
2116 if (bta_dm_cb.p_sec_cback) {
2117 // Build out the security event data structure
2118 tBTA_DM_SEC sec_event = {
2119 .auth_cmpl =
2120 {
2121 .bd_addr = bd_addr,
2122 },
2123 };
2124 memcpy(sec_event.auth_cmpl.bd_name, bd_name, BD_NAME_LEN);
2125 sec_event.auth_cmpl.bd_name[BD_NAME_LEN] = 0;
2126
2127 // Report the BR link key based on the BR/EDR address and type
2128 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2129 &sec_event.auth_cmpl.addr_type);
2130 sec_event.auth_cmpl.fail_reason = reason;
2131
2132 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2133 }
2134
2135 switch (reason) {
2136 case HCI_ERR_AUTH_FAILURE:
2137 case HCI_ERR_KEY_MISSING:
2138 case HCI_ERR_HOST_REJECT_SECURITY:
2139 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
2140 LOG_WARN(
2141 "Deleting device record as authentication failed entry:%s "
2142 "reason:%s",
2143 PRIVATE_ADDRESS(bd_addr), hci_reason_code_text(reason).c_str());
2144 break;
2145
2146 default:
2147 break;
2148 }
2149 }
2150 }
2151
2152 /*******************************************************************************
2153 *
2154 * Function bta_dm_sp_cback
2155 *
2156 * Description simple pairing callback from BTM
2157 *
2158 * Returns void
2159 *
2160 ******************************************************************************/
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)2161 static tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event,
2162 tBTM_SP_EVT_DATA* p_data) {
2163 tBTM_STATUS status = BTM_CMD_STARTED;
2164 tBTA_DM_SEC sec_event;
2165 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2166
2167 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2168 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2169
2170 bool sp_rmt_result = false;
2171 /* TODO_SP */
2172 switch (event) {
2173 case BTM_SP_IO_REQ_EVT:
2174 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2175 /* translate auth_req */
2176 btif_dm_set_oob_for_io_req(&p_data->io_req.oob_data);
2177 btif_dm_proc_io_req(&p_data->io_req.auth_req, p_data->io_req.is_orig);
2178 }
2179 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2180 p_data->io_req.oob_data);
2181 break;
2182 case BTM_SP_IO_RSP_EVT:
2183 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2184 btif_dm_proc_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2185 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2186 }
2187 break;
2188
2189 case BTM_SP_CFM_REQ_EVT:
2190 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2191 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2192 p_data->cfm_req.just_works;
2193 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2194 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2195 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2196 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2197
2198 [[fallthrough]];
2199 /* Passkey entry mode, mobile device with output capability is very
2200 unlikely to receive key request, so skip this event */
2201 /*case BTM_SP_KEY_REQ_EVT: */
2202 case BTM_SP_KEY_NOTIF_EVT:
2203 if (btm_local_io_caps == BTM_IO_CAP_NONE &&
2204 BTM_SP_KEY_NOTIF_EVT == event) {
2205 status = BTM_NOT_AUTHORIZED;
2206 break;
2207 }
2208
2209 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2210 p_data->key_notif.passkey;
2211
2212 if (BTM_SP_CFM_REQ_EVT == event) {
2213 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2214 call remote name request using values from cfm_req */
2215 if (p_data->cfm_req.bd_name[0] == 0) {
2216 bta_dm_cb.pin_evt = pin_evt;
2217 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2218 bta_dm_cb.rmt_io_caps = sec_event.cfm_req.rmt_io_caps;
2219 bta_dm_cb.loc_io_caps = sec_event.cfm_req.loc_io_caps;
2220 bta_dm_cb.rmt_auth_req = sec_event.cfm_req.rmt_auth_req;
2221 bta_dm_cb.loc_auth_req = sec_event.cfm_req.loc_auth_req;
2222
2223 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2224 p_data->cfm_req.dev_class);
2225 if ((BTM_ReadRemoteDeviceName(
2226 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2227 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2228 return BTM_CMD_STARTED;
2229 APPL_TRACE_WARNING(
2230 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2231 } else {
2232 /* Due to the switch case falling through below to
2233 BTM_SP_KEY_NOTIF_EVT,
2234 copy these values into key_notif from cfm_req */
2235 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2236 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2237 p_data->cfm_req.dev_class);
2238 strlcpy((char*)sec_event.key_notif.bd_name,
2239 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN + 1);
2240 }
2241 }
2242
2243 if (BTM_SP_KEY_NOTIF_EVT == event) {
2244 /* If the device name is not known, save bdaddr and devclass
2245 and initiate a name request with values from key_notif */
2246 if (p_data->key_notif.bd_name[0] == 0) {
2247 bta_dm_cb.pin_evt = pin_evt;
2248 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2249 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2250 p_data->key_notif.dev_class);
2251 if ((BTM_ReadRemoteDeviceName(
2252 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2253 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2254 return BTM_CMD_STARTED;
2255 APPL_TRACE_WARNING(
2256 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2257 } else {
2258 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2259 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2260 p_data->key_notif.dev_class);
2261 strlcpy((char*)sec_event.key_notif.bd_name,
2262 (char*)p_data->key_notif.bd_name, BD_NAME_LEN + 1);
2263 sec_event.key_notif.bd_name[BD_NAME_LEN] = 0;
2264 }
2265 }
2266
2267 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2268
2269 break;
2270
2271 case BTM_SP_LOC_OOB_EVT:
2272 #ifdef BTIF_DM_OOB_TEST
2273 btif_dm_proc_loc_oob(BT_TRANSPORT_BR_EDR,
2274 (bool)(p_data->loc_oob.status == BTM_SUCCESS),
2275 p_data->loc_oob.c, p_data->loc_oob.r);
2276 #endif
2277 break;
2278
2279 case BTM_SP_RMT_OOB_EVT: {
2280 Octet16 c;
2281 Octet16 r;
2282 sp_rmt_result = false;
2283 #ifdef BTIF_DM_OOB_TEST
2284 sp_rmt_result = btif_dm_proc_rmt_oob(p_data->rmt_oob.bd_addr, &c, &r);
2285 #endif
2286 BTIF_TRACE_DEBUG("bta_dm_ci_rmt_oob: result=%d", sp_rmt_result);
2287 bta_dm_ci_rmt_oob(sp_rmt_result, p_data->rmt_oob.bd_addr, c, r);
2288 break;
2289 }
2290
2291 default:
2292 status = BTM_NOT_AUTHORIZED;
2293 break;
2294 }
2295 APPL_TRACE_EVENT("dm status: %d", status);
2296 return status;
2297 }
2298
2299 /*******************************************************************************
2300 *
2301 * Function bta_dm_local_name_cback
2302 *
2303 * Description Callback from btm after local name is read
2304 *
2305 *
2306 * Returns void
2307 *
2308 ******************************************************************************/
bta_dm_local_name_cback(UNUSED_ATTR void * p_name)2309 static void bta_dm_local_name_cback(UNUSED_ATTR void* p_name) {
2310 BTIF_dm_enable();
2311 }
2312
handle_role_change(const RawAddress & bd_addr,tHCI_ROLE new_role,tHCI_STATUS hci_status)2313 static void handle_role_change(const RawAddress& bd_addr, tHCI_ROLE new_role,
2314 tHCI_STATUS hci_status) {
2315 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2316 if (!p_dev) {
2317 LOG_WARN(
2318 "Unable to find device for role change peer:%s new_role:%s "
2319 "hci_status:%s",
2320 PRIVATE_ADDRESS(bd_addr), RoleText(new_role).c_str(),
2321 hci_error_code_text(hci_status).c_str());
2322 return;
2323 }
2324
2325 LOG_INFO(
2326 "Role change callback peer:%s info:0x%x new_role:%s dev count:%d "
2327 "hci_status:%s",
2328 PRIVATE_ADDRESS(bd_addr), p_dev->Info(), RoleText(new_role).c_str(),
2329 bta_dm_cb.device_list.count, hci_error_code_text(hci_status).c_str());
2330
2331 if (p_dev->Info() & BTA_DM_DI_AV_ACTIVE) {
2332 bool need_policy_change = false;
2333
2334 /* there's AV activity on this link */
2335 if (new_role == HCI_ROLE_PERIPHERAL && bta_dm_cb.device_list.count > 1 &&
2336 hci_status == HCI_SUCCESS) {
2337 /* more than one connections and the AV connection is role switched
2338 * to peripheral
2339 * switch it back to central and remove the switch policy */
2340 BTM_SwitchRoleToCentral(bd_addr);
2341 need_policy_change = true;
2342 } else if (p_bta_dm_cfg->avoid_scatter && (new_role == HCI_ROLE_CENTRAL)) {
2343 /* if the link updated to be central include AV activities, remove
2344 * the switch policy */
2345 need_policy_change = true;
2346 }
2347
2348 if (need_policy_change) {
2349 BTM_block_role_switch_for(p_dev->peer_bdaddr);
2350 }
2351 } else {
2352 /* there's AV no activity on this link and role switch happened
2353 * check if AV is active
2354 * if so, make sure the AV link is central */
2355 bta_dm_check_av();
2356 }
2357 bta_sys_notify_role_chg(bd_addr, new_role, hci_status);
2358 }
2359
BTA_dm_report_role_change(const RawAddress bd_addr,tHCI_ROLE new_role,tHCI_STATUS hci_status)2360 void BTA_dm_report_role_change(const RawAddress bd_addr, tHCI_ROLE new_role,
2361 tHCI_STATUS hci_status) {
2362 do_in_main_thread(
2363 FROM_HERE, base::Bind(handle_role_change, bd_addr, new_role, hci_status));
2364 }
2365
handle_remote_features_complete(const RawAddress & bd_addr)2366 void handle_remote_features_complete(const RawAddress& bd_addr) {
2367 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2368 if (!p_dev) {
2369 LOG_WARN("Unable to find device peer:%s", PRIVATE_ADDRESS(bd_addr));
2370 return;
2371 }
2372
2373 if (controller_get_interface()->supports_sniff_subrating() &&
2374 acl_peer_supports_sniff_subrating(bd_addr)) {
2375 LOG_DEBUG("Device supports sniff subrating peer:%s",
2376 PRIVATE_ADDRESS(bd_addr));
2377 p_dev->info = BTA_DM_DI_USE_SSR;
2378 } else {
2379 LOG_DEBUG("Device does NOT support sniff subrating peer:%s",
2380 PRIVATE_ADDRESS(bd_addr));
2381 }
2382 }
2383
BTA_dm_notify_remote_features_complete(const RawAddress bd_addr)2384 void BTA_dm_notify_remote_features_complete(const RawAddress bd_addr) {
2385 do_in_main_thread(FROM_HERE,
2386 base::Bind(handle_remote_features_complete, bd_addr));
2387 }
2388
allocate_device_for(const RawAddress & bd_addr,tBT_TRANSPORT transport)2389 static tBTA_DM_PEER_DEVICE* allocate_device_for(const RawAddress& bd_addr,
2390 tBT_TRANSPORT transport) {
2391 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2392 auto device = &bta_dm_cb.device_list.peer_device[i];
2393 if (device->peer_bdaddr == bd_addr && device->transport == transport) {
2394 return device;
2395 }
2396 }
2397
2398 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
2399 auto device =
2400 &bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count];
2401 device->peer_bdaddr = bd_addr;
2402 bta_dm_cb.device_list.count++;
2403 if (transport == BT_TRANSPORT_LE) {
2404 bta_dm_cb.device_list.le_count++;
2405 }
2406 return device;
2407 }
2408 return nullptr;
2409 }
2410
bta_dm_acl_up(const RawAddress & bd_addr,tBT_TRANSPORT transport)2411 void bta_dm_acl_up(const RawAddress& bd_addr, tBT_TRANSPORT transport) {
2412 auto device = allocate_device_for(bd_addr, transport);
2413 if (device == nullptr) {
2414 LOG_WARN("Unable to allocate device resources for new connection");
2415 return;
2416 }
2417 device->conn_state = BTA_DM_CONNECTED;
2418 device->pref_role = BTA_ANY_ROLE;
2419 device->info = BTA_DM_DI_NONE;
2420 device->transport = transport;
2421
2422 if (controller_get_interface()->supports_sniff_subrating() &&
2423 acl_peer_supports_sniff_subrating(bd_addr)) {
2424 // NOTE: This callback assumes upon ACL connection that
2425 // the read remote features has completed and is valid.
2426 // The only guaranteed contract for valid read remote features
2427 // data is when the BTA_dm_notify_remote_features_complete()
2428 // callback has completed. The below assignment is kept for
2429 // transitional informational purposes only.
2430 device->info = BTA_DM_DI_USE_SSR;
2431 }
2432
2433 if (bta_dm_cb.p_sec_cback) {
2434 tBTA_DM_SEC conn;
2435 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2436 conn.link_up.bd_addr = bd_addr;
2437
2438 bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, &conn);
2439 LOG_DEBUG("Executed security callback for new connection available");
2440 }
2441 bta_dm_adjust_roles(true);
2442 }
2443
BTA_dm_acl_up(const RawAddress bd_addr,tBT_TRANSPORT transport)2444 void BTA_dm_acl_up(const RawAddress bd_addr, tBT_TRANSPORT transport) {
2445 do_in_main_thread(FROM_HERE, base::Bind(bta_dm_acl_up, bd_addr, transport));
2446 }
2447
bta_dm_acl_down(const RawAddress & bd_addr,tBT_TRANSPORT transport)2448 static void bta_dm_acl_down(const RawAddress& bd_addr,
2449 tBT_TRANSPORT transport) {
2450 bool issue_unpair_cb = false;
2451 bool remove_device = false;
2452
2453 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2454 auto device = &bta_dm_cb.device_list.peer_device[i];
2455 if (device->peer_bdaddr != bd_addr || device->transport != transport)
2456 continue;
2457
2458 if (device->conn_state == BTA_DM_UNPAIRING) {
2459 issue_unpair_cb =
2460 (bluetooth::shim::is_gd_security_enabled())
2461 ? bluetooth::shim::BTM_SecDeleteDevice(device->peer_bdaddr)
2462 : BTM_SecDeleteDevice(device->peer_bdaddr);
2463
2464 /* remove all cached GATT information */
2465 BTA_GATTC_Refresh(bd_addr);
2466
2467 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
2468 issue_unpair_cb);
2469 }
2470
2471 remove_device = device->remove_dev_pending;
2472
2473 // Iterate to the one before the last when shrinking the list,
2474 // otherwise we memcpy garbage data into the record.
2475 // Then clear out the last item in the list since we are shrinking.
2476 for (; i < bta_dm_cb.device_list.count - 1; i++) {
2477 memcpy(&bta_dm_cb.device_list.peer_device[i],
2478 &bta_dm_cb.device_list.peer_device[i + 1],
2479 sizeof(bta_dm_cb.device_list.peer_device[i]));
2480 }
2481 if (bta_dm_cb.device_list.count > 0) {
2482 int clear_index = bta_dm_cb.device_list.count - 1;
2483 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
2484 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
2485 }
2486 break;
2487 }
2488 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
2489 if ((transport == BT_TRANSPORT_LE) && (bta_dm_cb.device_list.le_count)) {
2490 bta_dm_cb.device_list.le_count--;
2491 }
2492
2493 if ((transport == BT_TRANSPORT_BR_EDR) &&
2494 (bta_dm_search_cb.wait_disc && bta_dm_search_cb.peer_bdaddr == bd_addr)) {
2495 bta_dm_search_cb.wait_disc = false;
2496
2497 if (bta_dm_search_cb.sdp_results) {
2498 APPL_TRACE_EVENT(" timer stopped ");
2499 alarm_cancel(bta_dm_search_cb.search_timer);
2500 bta_dm_discover_next_device();
2501 }
2502 }
2503
2504 if (bta_dm_cb.disabling) {
2505 if (!BTM_GetNumAclLinks()) {
2506 /*
2507 * Start a timer to make sure that the profiles
2508 * get the disconnect event.
2509 */
2510 alarm_set_on_mloop(bta_dm_cb.disable_timer,
2511 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
2512 bta_dm_disable_conn_down_timer_cback, NULL);
2513 }
2514 }
2515 if (remove_device) {
2516 bta_dm_process_remove_device_no_callback(bd_addr);
2517 }
2518
2519 if (bta_dm_cb.p_sec_cback) {
2520 tBTA_DM_SEC conn;
2521 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2522 conn.link_down.bd_addr = bd_addr;
2523
2524 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
2525 if (issue_unpair_cb) bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
2526 }
2527
2528 bta_dm_adjust_roles(true);
2529 }
2530
BTA_dm_acl_down(const RawAddress bd_addr,tBT_TRANSPORT transport)2531 void BTA_dm_acl_down(const RawAddress bd_addr, tBT_TRANSPORT transport) {
2532 do_in_main_thread(FROM_HERE, base::Bind(bta_dm_acl_down, bd_addr, transport));
2533 }
2534
2535 /*******************************************************************************
2536 *
2537 * Function bta_dm_check_av
2538 *
2539 * Description This function checks if AV is active
2540 * if yes, make sure the AV link is central
2541 *
2542 ******************************************************************************/
bta_dm_check_av()2543 static void bta_dm_check_av() {
2544 uint8_t i;
2545 tBTA_DM_PEER_DEVICE* p_dev;
2546
2547 if (bta_dm_cb.cur_av_count) {
2548 LOG_INFO("av_count:%d", bta_dm_cb.cur_av_count);
2549 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2550 p_dev = &bta_dm_cb.device_list.peer_device[i];
2551 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x", i, p_dev->conn_state,
2552 p_dev->Info());
2553 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2554 (p_dev->Info() & BTA_DM_DI_AV_ACTIVE)) {
2555 /* make central and take away the role switch policy */
2556 BTM_SwitchRoleToCentral(p_dev->peer_bdaddr);
2557 /* else either already central or can not switch for some reasons */
2558 BTM_block_role_switch_for(p_dev->peer_bdaddr);
2559 break;
2560 }
2561 }
2562 }
2563 }
2564
2565 /*******************************************************************************
2566 *
2567 * Function bta_dm_disable_conn_down_timer_cback
2568 *
2569 * Description Sends disable event to application
2570 *
2571 *
2572 * Returns void
2573 *
2574 ******************************************************************************/
bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void * data)2575 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
2576 /* disable the power managment module */
2577 bta_dm_disable_pm();
2578
2579 bta_dm_cb.disabling = false;
2580 LOG_INFO("Stack device manager shutdown completed");
2581 future_ready(stack_manager_get_hack_future(), FUTURE_SUCCESS);
2582 }
2583
2584 /*******************************************************************************
2585 *
2586 * Function bta_dm_rm_cback
2587 *
2588 * Description Role management callback from sys
2589 *
2590 *
2591 * Returns void
2592 *
2593 ******************************************************************************/
bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress & peer_addr)2594 void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, uint8_t app_id,
2595 const RawAddress& peer_addr) {
2596 uint8_t j;
2597 tBTA_PREF_ROLES role;
2598 tBTA_DM_PEER_DEVICE* p_dev;
2599
2600 LOG_DEBUG("BTA Role management callback count:%d status:%s peer:%s",
2601 bta_dm_cb.cur_av_count, bta_sys_conn_status_text(status).c_str(),
2602 PRIVATE_ADDRESS(peer_addr));
2603
2604 p_dev = bta_dm_find_peer_device(peer_addr);
2605 if (status == BTA_SYS_CONN_OPEN) {
2606 if (p_dev) {
2607 /* Do not set to connected if we are in the middle of unpairing. When AV
2608 * stream is
2609 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
2610 * switch command.
2611 * But this should not be done if we are in the middle of unpairing.
2612 */
2613 if (p_dev->conn_state != BTA_DM_UNPAIRING)
2614 p_dev->conn_state = BTA_DM_CONNECTED;
2615
2616 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
2617 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
2618 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
2619 (p_bta_dm_rm_cfg[j].id == id)) {
2620 ASSERT_LOG(p_bta_dm_rm_cfg[j].cfg <= BTA_PERIPHERAL_ROLE_ONLY,
2621 "Passing illegal preferred role:0x%02x [0x%02x<=>0x%02x]",
2622 p_bta_dm_rm_cfg[j].cfg, BTA_ANY_ROLE,
2623 BTA_PERIPHERAL_ROLE_ONLY);
2624 role = static_cast<tBTA_PREF_ROLES>(p_bta_dm_rm_cfg[j].cfg);
2625 if (role > p_dev->pref_role) p_dev->pref_role = role;
2626 break;
2627 }
2628 }
2629 }
2630 }
2631
2632 if (BTA_ID_AV == id) {
2633 if (status == BTA_SYS_CONN_BUSY) {
2634 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
2635 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
2636 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
2637 } else if (status == BTA_SYS_CONN_IDLE) {
2638 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
2639
2640 /* get cur_av_count from connected services */
2641 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
2642 }
2643 }
2644
2645 /* Don't adjust roles for each busy/idle state transition to avoid
2646 excessive switch requests when individual profile busy/idle status
2647 changes */
2648 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
2649 bta_dm_adjust_roles(false);
2650 }
2651
2652 /*******************************************************************************
2653 *
2654 * Function bta_dm_delay_role_switch_cback
2655 *
2656 * Description Callback from btm to delay a role switch
2657 *
2658 * Returns void
2659 *
2660 ******************************************************************************/
bta_dm_delay_role_switch_cback(UNUSED_ATTR void * data)2661 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
2662 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
2663 bta_dm_adjust_roles(false);
2664 }
2665
2666 /*******************************************************************************
2667 *
2668 * Function bta_dm_reset_sec_dev_pending
2669 *
2670 * Description Setting the remove device pending status to false from
2671 * security device DB, when the link key notification
2672 * event comes.
2673 *
2674 * Returns void
2675 *
2676 ******************************************************************************/
bta_dm_reset_sec_dev_pending(const RawAddress & remote_bd_addr)2677 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
2678 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2679 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
2680 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
2681 return;
2682 }
2683 }
2684 }
2685
2686 /*******************************************************************************
2687 *
2688 * Function bta_dm_remove_sec_dev_entry
2689 *
2690 * Description Removes device entry from Security device DB if ACL
2691 connection with
2692 * remtoe device does not exist, else schedule for dev entry
2693 removal upon
2694 ACL close
2695 *
2696 * Returns void
2697 *
2698 ******************************************************************************/
bta_dm_remove_sec_dev_entry(const RawAddress & remote_bd_addr)2699 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
2700 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
2701 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
2702 APPL_TRACE_DEBUG(
2703 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
2704 __func__);
2705 if (bluetooth::shim::is_gd_security_enabled()) {
2706 bluetooth::shim::BTM_SecClearSecurityFlags(remote_bd_addr);
2707 } else {
2708 BTM_SecClearSecurityFlags(remote_bd_addr);
2709 }
2710 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
2711 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
2712 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
2713 break;
2714 }
2715 }
2716 } else {
2717 // remote_bd_addr comes from security record, which is removed in
2718 // BTM_SecDeleteDevice.
2719 RawAddress addr_copy = remote_bd_addr;
2720 bta_dm_process_remove_device_no_callback(addr_copy);
2721 }
2722 }
2723
2724 /*******************************************************************************
2725 *
2726 * Function bta_dm_adjust_roles
2727 *
2728 * Description Adjust roles
2729 *
2730 *
2731 * Returns void
2732 *
2733 ******************************************************************************/
bta_dm_adjust_roles(bool delay_role_switch)2734 static void bta_dm_adjust_roles(bool delay_role_switch) {
2735 uint8_t i;
2736 uint8_t br_count =
2737 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count;
2738 if (br_count) {
2739 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2740 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
2741 bta_dm_cb.device_list.peer_device[i].transport ==
2742 BT_TRANSPORT_BR_EDR) {
2743 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
2744 BTA_CENTRAL_ROLE_ONLY) ||
2745 (br_count > 1)) {
2746 /* Initiating immediate role switch with certain remote devices
2747 has caused issues due to role switch colliding with link encryption
2748 setup and
2749 causing encryption (and in turn the link) to fail . These device .
2750 Firmware
2751 versions are stored in a rejectlist and role switch with these
2752 devices are
2753 delayed to avoid the collision with link encryption setup */
2754
2755 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
2756 BTA_PERIPHERAL_ROLE_ONLY &&
2757 !delay_role_switch) {
2758 BTM_SwitchRoleToCentral(
2759 bta_dm_cb.device_list.peer_device[i].peer_bdaddr);
2760 } else {
2761 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
2762 BTA_DM_SWITCH_DELAY_TIMER_MS,
2763 bta_dm_delay_role_switch_cback, NULL);
2764 }
2765 }
2766 }
2767 }
2768 }
2769 }
2770
2771 /*******************************************************************************
2772 *
2773 * Function bta_dm_get_remname
2774 *
2775 * Description Returns a pointer to the remote name stored in the DM
2776 * control block if it exists, or from the BTM memory.
2777 *
2778 * Returns char * - Pointer to the remote device name
2779 ******************************************************************************/
bta_dm_get_remname(void)2780 static char* bta_dm_get_remname(void) {
2781 char* p_name = (char*)bta_dm_search_cb.peer_name;
2782 char* p_temp;
2783
2784 /* If the name isn't already stored, try retrieving from BTM */
2785 if (*p_name == '\0') {
2786 p_temp =
2787 (bluetooth::shim::is_gd_security_enabled())
2788 ? bluetooth::shim::BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr)
2789 : BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
2790 if (p_temp != NULL) p_name = p_temp;
2791 }
2792
2793 return p_name;
2794 }
2795
2796 /*******************************************************************************
2797 *
2798 * Function bta_dm_bond_cancel_complete_cback
2799 *
2800 * Description Authentication complete callback from BTM
2801 *
2802 * Returns void
2803 *
2804 ******************************************************************************/
bta_dm_bond_cancel_complete_cback(tBTM_STATUS result)2805 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
2806 tBTA_DM_SEC sec_event;
2807
2808 if (result == BTM_SUCCESS)
2809 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
2810 else
2811 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
2812
2813 if (bta_dm_cb.p_sec_cback) {
2814 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
2815 }
2816 }
2817
2818 /*******************************************************************************
2819 *
2820 * Function find_utf8_char_boundary
2821 *
2822 * Description This function checks a UTF8 string |utf8str| starting at
2823 * |offset|, moving backwards and returns the offset of the
2824 * next valid UTF8 character boundary found.
2825 *
2826 * Returns Offset of UTF8 character boundary
2827 *
2828 ******************************************************************************/
find_utf8_char_boundary(const char * utf8str,size_t offset)2829 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
2830 CHECK(utf8str);
2831 CHECK(offset > 0);
2832
2833 while (--offset) {
2834 uint8_t ch = (uint8_t)utf8str[offset];
2835 if ((ch & 0x80) == 0x00) // ASCII
2836 return offset + 1;
2837 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
2838 return offset;
2839 }
2840
2841 return 0;
2842 }
2843
2844 /*******************************************************************************
2845 *
2846 * Function bta_dm_set_eir
2847 *
2848 * Description This function creates EIR tagged data and writes it to
2849 * controller.
2850 *
2851 * Returns None
2852 *
2853 ******************************************************************************/
bta_dm_set_eir(char * local_name)2854 static void bta_dm_set_eir(char* local_name) {
2855 uint8_t* p;
2856 uint8_t* p_length;
2857 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
2858 uint8_t* p_type;
2859 uint8_t max_num_uuid;
2860 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
2861 uint8_t custom_uuid_idx;
2862 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
2863 #endif // BTA_EIR_CANNED_UUID_LIST
2864 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
2865 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
2866 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
2867 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
2868 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
2869 uint8_t num_uuid;
2870 uint8_t data_type;
2871 uint8_t local_name_len;
2872
2873 /* wait until complete to disable */
2874 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
2875
2876 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
2877 /* if local name is not provided, get it from controller */
2878 if (local_name == NULL) {
2879 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) {
2880 APPL_TRACE_ERROR("Fail to read local device name for EIR");
2881 }
2882 }
2883 #endif // BTA_EIR_CANNED_UUID_LIST
2884
2885 /* Allocate a buffer to hold HCI command */
2886 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
2887 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
2888
2889 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
2890
2891 LOG_INFO("Generating extended inquiry response packet EIR");
2892
2893 if (local_name)
2894 local_name_len = strlen(local_name);
2895 else
2896 local_name_len = 0;
2897
2898 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
2899 /* if local name is longer than minimum length of shortened name */
2900 /* check whether it needs to be shortened or not */
2901 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
2902 /* get number of UUID 16-bit list */
2903 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
2904 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
2905 #else // BTA_EIR_CANNED_UUID_LIST
2906 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
2907 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
2908 max_num_uuid, &num_uuid);
2909 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
2910 #endif // BTA_EIR_CANNED_UUID_LIST
2911
2912 /* if UUID doesn't fit remaing space, shorten local name */
2913 if (local_name_len > (free_eir_length - 4 - num_uuid * Uuid::kNumBytes16)) {
2914 local_name_len = find_utf8_char_boundary(
2915 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
2916 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
2917 local_name_len);
2918 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE;
2919 } else {
2920 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
2921 }
2922 }
2923
2924 UINT8_TO_STREAM(p, local_name_len + 1);
2925 UINT8_TO_STREAM(p, data_type);
2926
2927 if (local_name != NULL) {
2928 memcpy(p, local_name, local_name_len);
2929 p += local_name_len;
2930 }
2931 free_eir_length -= local_name_len + 2;
2932
2933 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
2934 /* if UUID list is provided as static data in configuration */
2935 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
2936 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
2937 if (free_eir_length > Uuid::kNumBytes16 + 2) {
2938 free_eir_length -= 2;
2939
2940 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
2941 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
2942 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE;
2943 } else /* not enough room for all UUIDs */
2944 {
2945 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
2946 num_uuid = free_eir_length / Uuid::kNumBytes16;
2947 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
2948 }
2949 UINT8_TO_STREAM(p, num_uuid * Uuid::kNumBytes16 + 1);
2950 UINT8_TO_STREAM(p, data_type);
2951 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16,
2952 num_uuid * Uuid::kNumBytes16);
2953 p += num_uuid * Uuid::kNumBytes16;
2954 free_eir_length -= num_uuid * Uuid::kNumBytes16;
2955 }
2956 }
2957 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
2958 /* if UUID list is dynamic */
2959 if (free_eir_length >= 2) {
2960 p_length = p++;
2961 p_type = p++;
2962 num_uuid = 0;
2963
2964 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
2965 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
2966 max_num_uuid, &num_uuid);
2967
2968 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) {
2969 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
2970 }
2971 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
2972 else {
2973 for (custom_uuid_idx = 0;
2974 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
2975 custom_uuid_idx++) {
2976 const Uuid& curr = bta_dm_cb.bta_custom_uuid[custom_uuid_idx].custom_uuid;
2977 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes16) {
2978 if (num_uuid < max_num_uuid) {
2979 UINT16_TO_STREAM(p, curr.As16Bit());
2980 num_uuid++;
2981 } else {
2982 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
2983 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
2984 break;
2985 }
2986 }
2987 }
2988 }
2989 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
2990
2991 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes16 + 1);
2992 UINT8_TO_STREAM(p_type, data_type);
2993 free_eir_length -= num_uuid * Uuid::kNumBytes16 + 2;
2994 }
2995 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
2996
2997 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
2998 /* Adding 32-bit UUID list */
2999 if (free_eir_length >= 2) {
3000 p_length = p++;
3001 p_type = p++;
3002 num_uuid = 0;
3003 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE;
3004
3005 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes32;
3006
3007 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3008 custom_uuid_idx++) {
3009 const Uuid& curr = bta_dm_cb.bta_custom_uuid[custom_uuid_idx].custom_uuid;
3010 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes32) {
3011 if (num_uuid < max_num_uuid) {
3012 UINT32_TO_STREAM(p, curr.As32Bit());
3013 num_uuid++;
3014 } else {
3015 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE;
3016 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3017 break;
3018 }
3019 }
3020 }
3021
3022 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes32 + 1);
3023 UINT8_TO_STREAM(p_type, data_type);
3024 free_eir_length -= num_uuid * Uuid::kNumBytes32 + 2;
3025 }
3026
3027 /* Adding 128-bit UUID list */
3028 if (free_eir_length >= 2) {
3029 p_length = p++;
3030 p_type = p++;
3031 num_uuid = 0;
3032 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE;
3033
3034 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes128;
3035
3036 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3037 custom_uuid_idx++) {
3038 const Uuid& curr = bta_dm_cb.bta_custom_uuid[custom_uuid_idx].custom_uuid;
3039 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes128) {
3040 if (num_uuid < max_num_uuid) {
3041 ARRAY16_TO_STREAM(p, curr.To128BitBE().data());
3042 num_uuid++;
3043 } else {
3044 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE;
3045 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3046 break;
3047 }
3048 }
3049 }
3050
3051 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes128 + 1);
3052 UINT8_TO_STREAM(p_type, data_type);
3053 free_eir_length -= num_uuid * Uuid::kNumBytes128 + 2;
3054 }
3055 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3056 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3057
3058 /* if Flags are provided in configuration */
3059 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3060 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3061 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3062 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3063 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE);
3064 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3065 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3066 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3067 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3068 }
3069
3070 /* if Manufacturer Specific are provided in configuration */
3071 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3072 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3073 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3074 p_length = p;
3075
3076 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3077 UINT8_TO_STREAM(p, HCI_EIR_MANUFACTURER_SPECIFIC_TYPE);
3078 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3079 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3080 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3081 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3082
3083 } else {
3084 p_length = NULL;
3085 }
3086
3087 /* if Inquiry Tx Resp Power compiled */
3088 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3089 UINT8_TO_STREAM(p, 2); /* Length field */
3090 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE);
3091 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3092 free_eir_length -= 3;
3093 }
3094
3095 if (free_eir_length)
3096 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3097
3098 BTM_WriteEIR(p_buf);
3099 }
3100
3101 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3102 /*******************************************************************************
3103 *
3104 * Function bta_dm_get_cust_uuid_index
3105 *
3106 * Description Get index of custom uuid from list
3107 * Note, handle equals to 0 means to find a vacant
3108 * from list.
3109 *
3110 * Returns Index of array
3111 * bta_dm_cb.bta_custom_uuid[BTA_EIR_SERVER_NUM_CUSTOM_UUID]
3112 *
3113 ******************************************************************************/
bta_dm_get_cust_uuid_index(uint32_t handle)3114 static uint8_t bta_dm_get_cust_uuid_index(uint32_t handle) {
3115 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3116 uint8_t c_uu_idx = 0;
3117
3118 while(c_uu_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID &&
3119 bta_dm_cb.bta_custom_uuid[c_uu_idx].handle != handle) {
3120 c_uu_idx++;
3121 }
3122
3123 return c_uu_idx;
3124 #else
3125 return 0;
3126 #endif
3127 }
3128
3129 /*******************************************************************************
3130 *
3131 * Function bta_dm_update_cust_uuid
3132 *
3133 * Description Update custom uuid with given value
3134 *
3135 * Returns None
3136 *
3137 ******************************************************************************/
bta_dm_update_cust_uuid(uint8_t c_uu_idx,const Uuid & uuid,uint32_t handle)3138 static void bta_dm_update_cust_uuid(uint8_t c_uu_idx, const Uuid& uuid, uint32_t handle) {
3139 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3140 if (c_uu_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID) {
3141 tBTA_CUSTOM_UUID& curr = bta_dm_cb.bta_custom_uuid[c_uu_idx];
3142 curr.custom_uuid.UpdateUuid(uuid);
3143 curr.handle = handle;
3144 } else {
3145 APPL_TRACE_ERROR("%s invalid uuid index %d", __func__, c_uu_idx);
3146 }
3147 #endif
3148 }
3149
3150 /*******************************************************************************
3151 *
3152 * Function bta_dm_eir_update_cust_uuid
3153 *
3154 * Description This function adds or removes custom service UUID in EIR database.
3155 *
3156 * Returns None
3157 *
3158 ******************************************************************************/
bta_dm_eir_update_cust_uuid(const tBTA_CUSTOM_UUID & curr,bool adding)3159 void bta_dm_eir_update_cust_uuid(const tBTA_CUSTOM_UUID& curr, bool adding) {
3160 APPL_TRACE_DEBUG("%s", __func__);
3161 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3162 uint8_t c_uu_idx = 0;
3163 if (adding) {
3164 c_uu_idx = bta_dm_get_cust_uuid_index(0); /* find a vacant from uuid list */
3165 bta_dm_update_cust_uuid(c_uu_idx, curr.custom_uuid, curr.handle);
3166 } else {
3167 c_uu_idx = bta_dm_get_cust_uuid_index(curr.handle); /* find the uuid from uuid list */
3168 bta_dm_update_cust_uuid(c_uu_idx, curr.custom_uuid, 0);
3169 }
3170
3171 /* Update EIR when UUIDs are changed */
3172 if (c_uu_idx <= BTA_EIR_SERVER_NUM_CUSTOM_UUID) {
3173 bta_dm_set_eir(NULL);
3174 }
3175 #endif
3176 }
3177
3178 /*******************************************************************************
3179 *
3180 * Function bta_dm_eir_update_uuid
3181 *
3182 * Description This function adds or removes service UUID in EIR database.
3183 *
3184 * Returns None
3185 *
3186 ******************************************************************************/
bta_dm_eir_update_uuid(uint16_t uuid16,bool adding)3187 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3188 /* if this UUID is not advertised in EIR */
3189 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3190
3191 if (adding) {
3192 LOG_INFO("EIR Adding UUID=0x%04X into extended inquiry response", uuid16);
3193
3194 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3195 } else {
3196 LOG_INFO("EIR Removing UUID=0x%04X from extended inquiry response", uuid16);
3197
3198 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16);
3199 }
3200
3201 bta_dm_set_eir(NULL);
3202 }
3203 #endif
3204
3205 /*******************************************************************************
3206 *
3207 * Function bta_dm_encrypt_cback
3208 *
3209 * Description link encryption complete callback.
3210 *
3211 * Returns None
3212 *
3213 ******************************************************************************/
bta_dm_encrypt_cback(const RawAddress * bd_addr,tBT_TRANSPORT transport,UNUSED_ATTR void * p_ref_data,tBTM_STATUS result)3214 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3215 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3216 tBTA_STATUS bta_status = BTA_SUCCESS;
3217 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL;
3218 uint8_t i;
3219
3220 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3221 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr &&
3222 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3223 break;
3224 }
3225
3226 if (i < bta_dm_cb.device_list.count) {
3227 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback;
3228 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL;
3229 }
3230
3231 switch (result) {
3232 case BTM_SUCCESS:
3233 break;
3234 case BTM_WRONG_MODE:
3235 bta_status = BTA_WRONG_MODE;
3236 break;
3237 case BTM_NO_RESOURCES:
3238 bta_status = BTA_NO_RESOURCES;
3239 break;
3240 case BTM_BUSY:
3241 bta_status = BTA_BUSY;
3242 break;
3243 default:
3244 bta_status = BTA_FAILURE;
3245 break;
3246 }
3247
3248 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x",
3249 bta_status, p_callback);
3250
3251 if (p_callback) {
3252 (*p_callback)(*bd_addr, transport, bta_status);
3253 }
3254 }
3255
3256 /**This function to encrypt the link */
bta_dm_set_encryption(const RawAddress & bd_addr,tBT_TRANSPORT transport,tBTA_DM_ENCRYPT_CBACK * p_callback,tBTM_BLE_SEC_ACT sec_act)3257 void bta_dm_set_encryption(const RawAddress& bd_addr, tBT_TRANSPORT transport,
3258 tBTA_DM_ENCRYPT_CBACK* p_callback,
3259 tBTM_BLE_SEC_ACT sec_act) {
3260 uint8_t i;
3261
3262 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo
3263 if (!p_callback) {
3264 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided");
3265 return;
3266 }
3267 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3268 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
3269 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3270 break;
3271 }
3272 if (i < bta_dm_cb.device_list.count) {
3273 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) {
3274 APPL_TRACE_ERROR("earlier enc was not done for same device");
3275 (*p_callback)(bd_addr, transport, BTA_BUSY);
3276 return;
3277 }
3278
3279 if (BTM_SetEncryption(bd_addr, transport, bta_dm_encrypt_cback, NULL,
3280 sec_act) == BTM_CMD_STARTED) {
3281 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = p_callback;
3282 }
3283 }
3284 }
3285
bta_dm_check_if_only_hd_connected(const RawAddress & peer_addr)3286 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3287 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3288
3289 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3290 // Check if profiles other than hid are connected
3291 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3292 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3293 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3294 bta_dm_conn_srvcs.conn_srvc[j].id);
3295 return false;
3296 }
3297 }
3298
3299 return true;
3300 }
3301
3302 /*******************************************************************************
3303 *
3304 * Function bta_dm_observe_results_cb
3305 *
3306 * Description Callback for BLE Observe result
3307 *
3308 *
3309 * Returns void
3310 *
3311 ******************************************************************************/
bta_dm_observe_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)3312 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
3313 uint16_t eir_len) {
3314 tBTA_DM_SEARCH result;
3315 tBTM_INQ_INFO* p_inq_info;
3316 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3317 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3318 result.inq_res.original_bda = p_inq->original_bda;
3319 result.inq_res.rssi = p_inq->rssi;
3320 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3321 result.inq_res.inq_result_type = p_inq->inq_result_type;
3322 result.inq_res.device_type = p_inq->device_type;
3323 result.inq_res.flag = p_inq->flag;
3324 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3325 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3326 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3327 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3328 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3329 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3330
3331 /* application will parse EIR to find out remote device name */
3332 result.inq_res.p_eir = p_eir;
3333 result.inq_res.eir_len = eir_len;
3334
3335 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3336 if (p_inq_info != NULL) {
3337 /* initialize remt_name_not_required to false so that we get the name by
3338 * default */
3339 result.inq_res.remt_name_not_required = false;
3340 }
3341
3342 if (bta_dm_search_cb.p_scan_cback)
3343 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3344
3345 if (p_inq_info) {
3346 /* application indicates if it knows the remote name, inside the callback
3347 copy that to the inquiry data base*/
3348 if (result.inq_res.remt_name_not_required)
3349 p_inq_info->appl_knows_rem_name = true;
3350 }
3351 }
3352
3353 /*******************************************************************************
3354 *
3355 * Function bta_dm_observe_cmpl_cb
3356 *
3357 * Description Callback for BLE Observe complete
3358 *
3359 *
3360 * Returns void
3361 *
3362 ******************************************************************************/
bta_dm_observe_cmpl_cb(void * p_result)3363 static void bta_dm_observe_cmpl_cb(void* p_result) {
3364 tBTA_DM_SEARCH data;
3365
3366 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3367
3368 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3369 if (bta_dm_search_cb.p_scan_cback) {
3370 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3371 }
3372 }
3373
ble_io_req(const RawAddress & bd_addr,tBTM_IO_CAP * p_io_cap,tBTM_OOB_DATA * p_oob_data,tBTM_LE_AUTH_REQ * p_auth_req,uint8_t * p_max_key_size,tBTM_LE_KEY_TYPE * p_init_key,tBTM_LE_KEY_TYPE * p_resp_key)3374 static void ble_io_req(const RawAddress& bd_addr, tBTM_IO_CAP* p_io_cap,
3375 tBTM_OOB_DATA* p_oob_data, tBTM_LE_AUTH_REQ* p_auth_req,
3376 uint8_t* p_max_key_size, tBTM_LE_KEY_TYPE* p_init_key,
3377 tBTM_LE_KEY_TYPE* p_resp_key) {
3378 bte_appl_cfg.ble_io_cap = btif_storage_get_local_io_caps_ble();
3379
3380 /* Retrieve the properties from file system if possible */
3381 tBTE_APPL_CFG nv_config;
3382 if (btif_dm_get_smp_config(&nv_config)) bte_appl_cfg = nv_config;
3383
3384 /* *p_auth_req by default is false for devices with NoInputNoOutput; true for
3385 * other devices. */
3386
3387 if (bte_appl_cfg.ble_auth_req)
3388 *p_auth_req = bte_appl_cfg.ble_auth_req |
3389 (bte_appl_cfg.ble_auth_req & 0x04) | ((*p_auth_req) & 0x04);
3390
3391 /* if OOB is not supported, this call-out function does not need to do
3392 * anything
3393 * otherwise, look for the OOB data associated with the address and set
3394 * *p_oob_data accordingly.
3395 * If the answer can not be obtained right away,
3396 * set *p_oob_data to BTA_OOB_UNKNOWN and call bta_dm_ci_io_req() when the
3397 * answer is available.
3398 */
3399
3400 btif_dm_set_oob_for_le_io_req(bd_addr, p_oob_data, p_auth_req);
3401
3402 if (bte_appl_cfg.ble_io_cap <= 4) *p_io_cap = bte_appl_cfg.ble_io_cap;
3403
3404 if (bte_appl_cfg.ble_init_key <= BTM_BLE_INITIATOR_KEY_SIZE)
3405 *p_init_key = bte_appl_cfg.ble_init_key;
3406
3407 if (bte_appl_cfg.ble_resp_key <= BTM_BLE_RESPONDER_KEY_SIZE)
3408 *p_resp_key = bte_appl_cfg.ble_resp_key;
3409
3410 if (bte_appl_cfg.ble_max_key_size > 7 && bte_appl_cfg.ble_max_key_size <= 16)
3411 *p_max_key_size = bte_appl_cfg.ble_max_key_size;
3412 }
3413
3414 /*******************************************************************************
3415 *
3416 * Function bta_dm_ble_smp_cback
3417 *
3418 * Description Callback for BLE SMP
3419 *
3420 *
3421 * Returns void
3422 *
3423 ******************************************************************************/
bta_dm_ble_smp_cback(tBTM_LE_EVT event,const RawAddress & bda,tBTM_LE_EVT_DATA * p_data)3424 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
3425 tBTM_LE_EVT_DATA* p_data) {
3426 tBTM_STATUS status = BTM_SUCCESS;
3427 tBTA_DM_SEC sec_event;
3428 char* p_name = NULL;
3429
3430 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
3431
3432 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
3433 switch (event) {
3434 case BTM_LE_IO_REQ_EVT:
3435 ble_io_req(bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
3436 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
3437 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
3438 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
3439 p_data->io_req.oob_data);
3440 break;
3441
3442 case BTM_LE_CONSENT_REQ_EVT:
3443 sec_event.ble_req.bd_addr = bda;
3444 p_name = BTM_SecReadDevName(bda);
3445 if (p_name != NULL)
3446 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
3447 else
3448 sec_event.ble_req.bd_name[0] = 0;
3449 bta_dm_cb.p_sec_cback(BTA_DM_BLE_CONSENT_REQ_EVT, &sec_event);
3450 break;
3451
3452 case BTM_LE_SEC_REQUEST_EVT:
3453 sec_event.ble_req.bd_addr = bda;
3454 p_name = (bluetooth::shim::is_gd_security_enabled())
3455 ? bluetooth::shim::BTM_SecReadDevName(bda)
3456 : BTM_SecReadDevName(bda);
3457 if (p_name != NULL)
3458 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN + 1);
3459 else
3460 sec_event.ble_req.bd_name[0] = 0;
3461 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
3462 break;
3463
3464 case BTM_LE_KEY_NOTIF_EVT:
3465 sec_event.key_notif.bd_addr = bda;
3466 p_name = (bluetooth::shim::is_gd_security_enabled())
3467 ? bluetooth::shim::BTM_SecReadDevName(bda)
3468 : BTM_SecReadDevName(bda);
3469 if (p_name != NULL)
3470 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN + 1);
3471 else
3472 sec_event.key_notif.bd_name[0] = 0;
3473 sec_event.key_notif.passkey = p_data->key_notif;
3474 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
3475 break;
3476
3477 case BTM_LE_KEY_REQ_EVT:
3478 sec_event.ble_req.bd_addr = bda;
3479 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
3480 break;
3481
3482 case BTM_LE_OOB_REQ_EVT:
3483 sec_event.ble_req.bd_addr = bda;
3484 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
3485 break;
3486
3487 case BTM_LE_NC_REQ_EVT:
3488 sec_event.key_notif.bd_addr = bda;
3489 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
3490 (BD_NAME_LEN + 1));
3491 sec_event.key_notif.passkey = p_data->key_notif;
3492 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
3493 break;
3494
3495 case BTM_LE_SC_OOB_REQ_EVT:
3496 sec_event.ble_req.bd_addr = bda;
3497 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
3498 break;
3499
3500 case BTM_LE_SC_LOC_OOB_EVT:
3501 tBTA_DM_LOC_OOB_DATA local_oob_data;
3502 local_oob_data.local_oob_c = p_data->local_oob_data.commitment;
3503 local_oob_data.local_oob_r = p_data->local_oob_data.randomizer;
3504 sec_event.local_oob_data = local_oob_data;
3505 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_CR_LOC_OOB_EVT, &sec_event);
3506 break;
3507
3508 case BTM_LE_KEY_EVT:
3509 sec_event.ble_key.bd_addr = bda;
3510 sec_event.ble_key.key_type = p_data->key.key_type;
3511 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
3512 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
3513 break;
3514
3515 case BTM_LE_COMPLT_EVT:
3516 sec_event.auth_cmpl.bd_addr = bda;
3517 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
3518 &sec_event.auth_cmpl.addr_type);
3519 p_name = (bluetooth::shim::is_gd_security_enabled())
3520 ? bluetooth::shim::BTM_SecReadDevName(bda)
3521 : BTM_SecReadDevName(bda);
3522 if (p_name != NULL)
3523 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN + 1));
3524 else
3525 sec_event.auth_cmpl.bd_name[0] = 0;
3526
3527 if (p_data->complt.reason != HCI_SUCCESS) {
3528 // TODO This is not a proper use of this type
3529 sec_event.auth_cmpl.fail_reason =
3530 static_cast<tHCI_STATUS>(BTA_DM_AUTH_CONVERT_SMP_CODE(
3531 (static_cast<uint8_t>(p_data->complt.reason))));
3532
3533 if (btm_sec_is_a_bonded_dev(bda) &&
3534 p_data->complt.reason == SMP_CONN_TOUT) {
3535 // Bonded device failed to encrypt - to test this remove battery from
3536 // HID device right after connection, but before encryption is
3537 // established
3538 LOG(INFO) << __func__
3539 << ": bonded device disconnected when encrypting - no "
3540 "reason to unbond";
3541 } else {
3542 /* delete this device entry from Sec Dev DB */
3543 bta_dm_remove_sec_dev_entry(bda);
3544 }
3545
3546 } else {
3547 sec_event.auth_cmpl.success = true;
3548 if (!p_data->complt.smp_over_br)
3549 GATT_ConfigServiceChangeCCC(bda, true, BT_TRANSPORT_LE);
3550 }
3551
3552 if (bta_dm_cb.p_sec_cback) {
3553 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
3554 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
3555 }
3556 break;
3557
3558 default:
3559 status = BTM_NOT_AUTHORIZED;
3560 break;
3561 }
3562 return status;
3563 }
3564
3565 /*******************************************************************************
3566 *
3567 * Function bta_dm_ble_id_key_cback
3568 *
3569 * Description Callback for BLE local ID keys
3570 *
3571 *
3572 * Returns void
3573 *
3574 ******************************************************************************/
bta_dm_ble_id_key_cback(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)3575 static void bta_dm_ble_id_key_cback(uint8_t key_type,
3576 tBTM_BLE_LOCAL_KEYS* p_key) {
3577 uint8_t evt;
3578 tBTA_DM_SEC dm_key;
3579
3580 switch (key_type) {
3581 case BTM_BLE_KEY_TYPE_ID:
3582 case BTM_BLE_KEY_TYPE_ER:
3583 if (bta_dm_cb.p_sec_cback) {
3584 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
3585
3586 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT
3587 : BTA_DM_BLE_LOCAL_ER_EVT;
3588 bta_dm_cb.p_sec_cback(evt, &dm_key);
3589 }
3590 break;
3591
3592 default:
3593 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
3594 break;
3595 }
3596 return;
3597 }
3598
3599 /*******************************************************************************
3600 *
3601 * Function bta_dm_add_blekey
3602 *
3603 * Description This function adds an BLE Key to an security database entry.
3604 * This function shall only be called AFTER BTA_DmAddBleDevice
3605 * has been called.
3606 * It is normally called during host startup to restore all
3607 * required information stored in the NVRAM.
3608 *
3609 * Parameters:
3610 *
3611 ******************************************************************************/
bta_dm_add_blekey(const RawAddress & bd_addr,tBTA_LE_KEY_VALUE blekey,tBTM_LE_KEY_TYPE key_type)3612 void bta_dm_add_blekey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE blekey,
3613 tBTM_LE_KEY_TYPE key_type) {
3614 BTM_SecAddBleKey(bd_addr, (tBTM_LE_KEY_VALUE*)&blekey, key_type);
3615 }
3616
3617 /*******************************************************************************
3618 *
3619 * Function bta_dm_add_ble_device
3620 *
3621 * Description This function adds an BLE device to an security database
3622 * entry.
3623 * It is normally called during host startup to restore all
3624 * required information stored in the NVRAM.
3625 *
3626 * Parameters:
3627 *
3628 ******************************************************************************/
bta_dm_add_ble_device(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_DEVICE_TYPE dev_type)3629 void bta_dm_add_ble_device(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
3630 tBT_DEVICE_TYPE dev_type) {
3631 BTM_SecAddBleDevice(bd_addr, dev_type, addr_type);
3632 }
3633
3634 /*******************************************************************************
3635 *
3636 * Function bta_dm_add_ble_device
3637 *
3638 * Description This function adds an BLE device to an security database
3639 * entry.
3640 * It is normally called during host startup to restore all
3641 * required information stored in the NVRAM.
3642 *
3643 * Parameters:
3644 *
3645 ******************************************************************************/
bta_dm_ble_passkey_reply(const RawAddress & bd_addr,bool accept,uint32_t passkey)3646 void bta_dm_ble_passkey_reply(const RawAddress& bd_addr, bool accept,
3647 uint32_t passkey) {
3648 BTM_BlePasskeyReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
3649 passkey);
3650 }
3651
3652 /** This is response to SM numeric comparison request submitted to application.
3653 */
bta_dm_ble_confirm_reply(const RawAddress & bd_addr,bool accept)3654 void bta_dm_ble_confirm_reply(const RawAddress& bd_addr, bool accept) {
3655 BTM_BleConfirmReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED);
3656 }
3657
3658 /** This function set the preferred connection parameters */
bta_dm_ble_set_conn_params(const RawAddress & bd_addr,uint16_t conn_int_min,uint16_t conn_int_max,uint16_t peripheral_latency,uint16_t supervision_tout)3659 void bta_dm_ble_set_conn_params(const RawAddress& bd_addr,
3660 uint16_t conn_int_min, uint16_t conn_int_max,
3661 uint16_t peripheral_latency,
3662 uint16_t supervision_tout) {
3663 L2CA_AdjustConnectionIntervals(&conn_int_min, &conn_int_max,
3664 BTM_BLE_CONN_INT_MIN);
3665
3666 BTM_BleSetPrefConnParams(bd_addr, conn_int_min, conn_int_max,
3667 peripheral_latency, supervision_tout);
3668 }
3669
3670 /** This function update LE connection parameters */
bta_dm_ble_update_conn_params(const RawAddress & bd_addr,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)3671 void bta_dm_ble_update_conn_params(const RawAddress& bd_addr, uint16_t min_int,
3672 uint16_t max_int, uint16_t latency,
3673 uint16_t timeout, uint16_t min_ce_len,
3674 uint16_t max_ce_len) {
3675 L2CA_AdjustConnectionIntervals(&min_int, &max_int, BTM_BLE_CONN_INT_MIN);
3676
3677 if (!L2CA_UpdateBleConnParams(bd_addr, min_int, max_int, latency, timeout,
3678 min_ce_len, max_ce_len)) {
3679 APPL_TRACE_ERROR("Update connection parameters failed!");
3680 }
3681 }
3682
3683 #if (BLE_PRIVACY_SPT == TRUE)
3684 /** This function set the local device LE privacy settings. */
bta_dm_ble_config_local_privacy(bool privacy_enable)3685 void bta_dm_ble_config_local_privacy(bool privacy_enable) {
3686 BTM_BleConfigPrivacy(privacy_enable);
3687 }
3688 #endif
3689
bta_dm_ble_observe(bool start,uint8_t duration,tBTA_DM_SEARCH_CBACK * p_cback)3690 void bta_dm_ble_observe(bool start, uint8_t duration,
3691 tBTA_DM_SEARCH_CBACK* p_cback) {
3692 if (!start) {
3693 bta_dm_search_cb.p_scan_cback = NULL;
3694 BTM_BleObserve(false, 0, NULL, NULL);
3695 return;
3696 }
3697
3698 /*Save the callback to be called when a scan results are available */
3699 bta_dm_search_cb.p_scan_cback = p_cback;
3700 tBTM_STATUS status = BTM_BleObserve(true, duration, bta_dm_observe_results_cb,
3701 bta_dm_observe_cmpl_cb);
3702 if (status != BTM_CMD_STARTED) {
3703 tBTA_DM_SEARCH data;
3704 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
3705 status);
3706 data.inq_cmpl.num_resps = 0;
3707 if (bta_dm_search_cb.p_scan_cback) {
3708 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3709 }
3710 }
3711 }
3712
3713 /** This function set the maximum transmission packet size */
bta_dm_ble_set_data_length(const RawAddress & bd_addr)3714 void bta_dm_ble_set_data_length(const RawAddress& bd_addr) {
3715 const controller_t* controller = controller_get_interface();
3716 uint16_t max_len = controller->get_ble_maximum_tx_data_length();
3717
3718 if (BTM_SetBleDataLength(bd_addr, max_len) != BTM_SUCCESS) {
3719 LOG_INFO("Unable to set ble data length:%hu", max_len);
3720 }
3721 }
3722
3723 /*******************************************************************************
3724 *
3725 * Function bta_ble_enable_scan_cmpl
3726 *
3727 * Description ADV payload filtering enable / disable complete callback
3728 *
3729 *
3730 * Returns None
3731 *
3732 ******************************************************************************/
bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tHCI_STATUS status)3733 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
3734 tBTM_BLE_RX_TIME_MS rx_time,
3735 tBTM_BLE_IDLE_TIME_MS idle_time,
3736 tBTM_BLE_ENERGY_USED energy_used,
3737 tHCI_STATUS status) {
3738 tBTA_STATUS st = (status == HCI_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
3739 tBTA_DM_CONTRL_STATE ctrl_state = 0;
3740
3741 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
3742
3743 if (bta_dm_cb.p_energy_info_cback)
3744 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
3745 ctrl_state, st);
3746 }
3747
3748 /** This function obtains the energy info */
bta_dm_ble_get_energy_info(tBTA_BLE_ENERGY_INFO_CBACK * p_energy_info_cback)3749 void bta_dm_ble_get_energy_info(
3750 tBTA_BLE_ENERGY_INFO_CBACK* p_energy_info_cback) {
3751 bta_dm_cb.p_energy_info_cback = p_energy_info_cback;
3752 tBTM_STATUS btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
3753 if (btm_status != BTM_CMD_STARTED)
3754 bta_ble_energy_info_cmpl(0, 0, 0, 0, HCI_ERR_UNSPECIFIED);
3755 }
3756
3757 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
3758 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
3759 #endif
3760
3761 /*******************************************************************************
3762 *
3763 * Function bta_dm_gattc_register
3764 *
3765 * Description Register with GATTC in DM if BLE is needed.
3766 *
3767 *
3768 * Returns void
3769 *
3770 ******************************************************************************/
bta_dm_gattc_register(void)3771 static void bta_dm_gattc_register(void) {
3772 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
3773 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
3774 base::Bind([](uint8_t client_id, uint8_t status) {
3775 if (status == GATT_SUCCESS)
3776 bta_dm_search_cb.client_if = client_id;
3777 else
3778 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
3779
3780 }), false);
3781 }
3782 }
3783
3784 /*******************************************************************************
3785 *
3786 * Function bta_dm_gatt_disc_complete
3787 *
3788 * Description This function process the GATT service search complete.
3789 *
3790 * Parameters:
3791 *
3792 ******************************************************************************/
bta_dm_gatt_disc_complete(uint16_t conn_id,tGATT_STATUS status)3793 static void bta_dm_gatt_disc_complete(uint16_t conn_id, tGATT_STATUS status) {
3794 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
3795
3796 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
3797
3798 /* no more services to be discovered */
3799 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
3800 p_msg->disc_result.result.disc_res.result =
3801 (status == GATT_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
3802 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
3803 bta_dm_search_cb.services_found);
3804 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
3805 p_msg->disc_result.result.disc_res.num_uuids = 0;
3806 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
3807 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
3808 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
3809 bta_dm_get_remname(), BD_NAME_LEN + 1);
3810
3811 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
3812
3813 bta_sys_sendmsg(p_msg);
3814
3815 if (conn_id != GATT_INVALID_CONN_ID) {
3816 /* start a GATT channel close delay timer */
3817 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
3818 BTA_DM_GATT_CLOSE_DELAY_TOUT,
3819 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
3820 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
3821 }
3822 bta_dm_search_cb.gatt_disc_active = false;
3823 }
3824
3825 /*******************************************************************************
3826 *
3827 * Function bta_dm_close_gatt_conn
3828 *
3829 * Description This function close the GATT connection after delay
3830 *timeout.
3831 *
3832 * Parameters:
3833 *
3834 ******************************************************************************/
bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG * p_data)3835 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
3836 if (bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID)
3837 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
3838
3839 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
3840 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
3841 }
3842 /*******************************************************************************
3843 *
3844 * Function btm_dm_start_gatt_discovery
3845 *
3846 * Description This is GATT initiate the service search by open a GATT
3847 * connection first.
3848 *
3849 * Parameters:
3850 *
3851 ******************************************************************************/
btm_dm_start_gatt_discovery(const RawAddress & bd_addr)3852 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
3853 bta_dm_search_cb.gatt_disc_active = true;
3854
3855 /* connection is already open */
3856 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
3857 bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID) {
3858 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
3859 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
3860 BTA_GATTC_ServiceSearchRequest(bta_dm_search_cb.conn_id, nullptr);
3861 } else {
3862 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
3863 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true, true);
3864 } else {
3865 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true, false);
3866 }
3867 }
3868 }
3869
3870 /*******************************************************************************
3871 *
3872 * Function bta_dm_cancel_gatt_discovery
3873 *
3874 * Description This is GATT cancel the GATT service search.
3875 *
3876 * Parameters:
3877 *
3878 ******************************************************************************/
bta_dm_cancel_gatt_discovery(const RawAddress & bd_addr)3879 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) {
3880 if (bta_dm_search_cb.conn_id == GATT_INVALID_CONN_ID) {
3881 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true);
3882 }
3883
3884 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id, (tGATT_STATUS)GATT_ERROR);
3885 }
3886
3887 /*******************************************************************************
3888 *
3889 * Function bta_dm_proc_open_evt
3890 *
3891 * Description process BTA_GATTC_OPEN_EVT in DM.
3892 *
3893 * Parameters:
3894 *
3895 ******************************************************************************/
bta_dm_proc_open_evt(tBTA_GATTC_OPEN * p_data)3896 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
3897 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
3898 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
3899 << " connected_bda=" << p_data->remote_bda.address;
3900
3901 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
3902 p_data->conn_id, p_data->client_if, p_data->status);
3903
3904 bta_dm_search_cb.conn_id = p_data->conn_id;
3905
3906 if (p_data->status == GATT_SUCCESS) {
3907 BTA_GATTC_ServiceSearchRequest(p_data->conn_id, nullptr);
3908 } else {
3909 bta_dm_gatt_disc_complete(GATT_INVALID_CONN_ID, p_data->status);
3910 }
3911 }
3912
3913 /*******************************************************************************
3914 *
3915 * Function bta_dm_gattc_callback
3916 *
3917 * Description This is GATT client callback function used in DM.
3918 *
3919 * Parameters:
3920 *
3921 ******************************************************************************/
bta_dm_gattc_callback(tBTA_GATTC_EVT event,tBTA_GATTC * p_data)3922 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
3923 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
3924
3925 switch (event) {
3926 case BTA_GATTC_OPEN_EVT:
3927 bta_dm_proc_open_evt(&p_data->open);
3928 break;
3929
3930 case BTA_GATTC_SEARCH_RES_EVT:
3931 break;
3932
3933 case BTA_GATTC_SEARCH_CMPL_EVT:
3934 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
3935 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
3936 p_data->search_cmpl.status);
3937 break;
3938
3939 case BTA_GATTC_CLOSE_EVT:
3940 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
3941 /* in case of disconnect before search is completed */
3942 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
3943 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
3944 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
3945 bta_dm_gatt_disc_complete((uint16_t)GATT_INVALID_CONN_ID,
3946 (tGATT_STATUS)GATT_ERROR);
3947 }
3948 break;
3949
3950 default:
3951 break;
3952 }
3953 }
3954
3955 #if (BLE_VND_INCLUDED == TRUE)
3956 /*******************************************************************************
3957 *
3958 * Function bta_dm_ctrl_features_rd_cmpl_cback
3959 *
3960 * Description callback to handle controller feature read complete
3961 *
3962 * Parameters:
3963 *
3964 ******************************************************************************/
bta_dm_ctrl_features_rd_cmpl_cback(tHCI_STATUS result)3965 static void bta_dm_ctrl_features_rd_cmpl_cback(tHCI_STATUS result) {
3966 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
3967 if (result == HCI_SUCCESS) {
3968 if (bta_dm_cb.p_sec_cback)
3969 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
3970 } else {
3971 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
3972 result);
3973 }
3974 }
3975 #endif /* BLE_VND_INCLUDED */
3976