1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /*******************************************************************************
20 *
21 * Filename: btif_dm.c
22 *
23 * Description: Contains Device Management (DM) related functionality
24 *
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btif_dm"
29
30 #include "btif_dm.h"
31
32 #include <base/bind.h>
33 #include <base/logging.h>
34 #include <signal.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <sys/types.h>
39 #include <time.h>
40 #include <unistd.h>
41
42 #include <mutex>
43
44 #include <bluetooth/uuid.h>
45 #include <hardware/bluetooth.h>
46 #include <hardware/bt_hearing_aid.h>
47
48 #include "advertise_data_parser.h"
49 #include "bt_common.h"
50 #include "bta_dm_int.h"
51 #include "bta_gatt_api.h"
52 #include "btif/include/stack_manager.h"
53 #include "btif_api.h"
54 #include "btif_av.h"
55 #include "btif_bqr.h"
56 #include "btif_config.h"
57 #include "btif_dm.h"
58 #include "btif_gatt.h"
59 #include "btif_hd.h"
60 #include "btif_hf.h"
61 #include "btif_hh.h"
62 #include "btif_metrics_logging.h"
63 #include "btif_sdp.h"
64 #include "btif_storage.h"
65 #include "btif_util.h"
66 #include "btu.h"
67 #include "common/metrics.h"
68 #include "device/include/controller.h"
69 #include "device/include/interop.h"
70 #include "internal_include/stack_config.h"
71 #include "main/shim/shim.h"
72 #include "osi/include/allocator.h"
73 #include "osi/include/log.h"
74 #include "osi/include/osi.h"
75 #include "osi/include/properties.h"
76 #include "stack/btm/btm_dev.h"
77 #include "stack/btm/btm_sec.h"
78 #include "stack_config.h"
79
80 using bluetooth::Uuid;
81 /******************************************************************************
82 * Constants & Macros
83 *****************************************************************************/
84
85 const Uuid UUID_HEARING_AID = Uuid::FromString("FDF0");
86 const Uuid UUID_VC = Uuid::FromString("1844");
87
88 #define COD_MASK 0x07FF
89
90 #define COD_UNCLASSIFIED ((0x1F) << 8)
91 #define COD_HID_KEYBOARD 0x0540
92 #define COD_HID_POINTING 0x0580
93 #define COD_HID_COMBO 0x05C0
94 #define COD_HID_MAJOR 0x0500
95 #define COD_HID_MASK 0x0700
96 #define COD_AV_HEADSETS 0x0404
97 #define COD_AV_HANDSFREE 0x0408
98 #define COD_AV_HEADPHONES 0x0418
99 #define COD_AV_PORTABLE_AUDIO 0x041C
100 #define COD_AV_HIFI_AUDIO 0x0428
101
102 #define BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING 2
103
104 #define NUM_TIMEOUT_RETRIES 5
105 #ifndef PROPERTY_PRODUCT_MODEL
106 #define PROPERTY_PRODUCT_MODEL "ro.product.model"
107 #endif
108 #define DEFAULT_LOCAL_NAME_MAX 31
109 #if (DEFAULT_LOCAL_NAME_MAX > BTM_MAX_LOC_BD_NAME_LEN)
110 #error "default btif local name size exceeds stack supported length"
111 #endif
112
113 #define ENCRYPTED_BREDR 2
114 #define ENCRYPTED_LE 4
115
116 typedef struct {
117 bt_bond_state_t state;
118 RawAddress static_bdaddr;
119 RawAddress bd_addr;
120 tBTM_SEC_DEV_REC::tBTM_BOND_TYPE bond_type;
121 uint8_t pin_code_len;
122 uint8_t is_ssp;
123 uint8_t auth_req;
124 uint8_t io_cap;
125 uint8_t autopair_attempts;
126 uint8_t timeout_retries;
127 uint8_t is_local_initiated;
128 uint8_t sdp_attempts;
129 bool is_le_only;
130 bool is_le_nc; /* LE Numeric comparison */
131 btif_dm_ble_cb_t ble;
132 } btif_dm_pairing_cb_t;
133
134 // TODO(jpawlowski): unify ?
135 // btif_dm_local_key_id_t == tBTM_BLE_LOCAL_ID_KEYS == tBTA_BLE_LOCAL_ID_KEYS
136 typedef struct {
137 Octet16 ir;
138 Octet16 irk;
139 Octet16 dhk;
140 } btif_dm_local_key_id_t;
141
142 typedef struct {
143 bool is_er_rcvd;
144 Octet16 er;
145 bool is_id_keys_rcvd;
146 btif_dm_local_key_id_t id_keys; /* ID kyes */
147
148 } btif_dm_local_key_cb_t;
149
150 /* this structure holds optional OOB data for remote device */
151 typedef struct {
152 RawAddress bdaddr; /* peer bdaddr */
153 tBT_TRANSPORT transport; /* BR/EDR or LE */
154 int data_present; /* What type(s) of OOB Data present */
155 bt_oob_data_t p192_data; /* P192 Data or empty */
156 bt_oob_data_t p256_data; /* P256 Data or empty */
157 } btif_dm_oob_cb_t;
158
159 typedef struct { unsigned int manufact_id; } skip_sdp_entry_t;
160
161 typedef enum {
162 BTIF_DM_FUNC_CREATE_BOND,
163 BTIF_DM_FUNC_CANCEL_BOND,
164 BTIF_DM_FUNC_REMOVE_BOND,
165 BTIF_DM_FUNC_BOND_STATE_CHANGED,
166 } bt_bond_function_t;
167
168 typedef struct {
169 RawAddress bd_addr;
170 bt_bond_function_t function;
171 bt_bond_state_t state;
172 struct timespec timestamp;
173 } btif_bond_event_t;
174
175 #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id))
176
177 #define MAX_BTIF_BOND_EVENT_ENTRIES 15
178
179 static skip_sdp_entry_t sdp_rejectlist[] = {{76}}; // Apple Mouse and Keyboard
180
181 /* This flag will be true if HCI_Inquiry is in progress */
182 static bool btif_dm_inquiry_in_progress = false;
183
184 /*******************************************************************************
185 * Static variables
186 ******************************************************************************/
187 static char btif_default_local_name[DEFAULT_LOCAL_NAME_MAX + 1] = {'\0'};
188 static uid_set_t* uid_set = NULL;
189
190 /* A circular array to keep track of the most recent bond events */
191 static btif_bond_event_t btif_dm_bond_events[MAX_BTIF_BOND_EVENT_ENTRIES + 1];
192
193 static std::mutex bond_event_lock;
194
195 /* |btif_num_bond_events| keeps track of the total number of events and can be
196 greater than |MAX_BTIF_BOND_EVENT_ENTRIES| */
197 static size_t btif_num_bond_events = 0;
198 static size_t btif_events_start_index = 0;
199 static size_t btif_events_end_index = 0;
200
201 /******************************************************************************
202 * Static functions
203 *****************************************************************************/
204 static btif_dm_pairing_cb_t pairing_cb;
205 static btif_dm_oob_cb_t oob_cb;
206 static void btif_dm_cb_create_bond(const RawAddress bd_addr,
207 tBT_TRANSPORT transport);
208 static void btif_update_remote_properties(const RawAddress& bd_addr,
209 BD_NAME bd_name, DEV_CLASS dev_class,
210 tBT_DEVICE_TYPE dev_type);
211 static btif_dm_local_key_cb_t ble_local_key_cb;
212 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif);
213 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl);
214 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req);
215 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req);
216 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
217 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
218
219 static void bte_scan_filt_param_cfg_evt(uint8_t action_type, uint8_t avbl_space,
220 uint8_t ref_value, uint8_t btm_status);
221
222 static char* btif_get_default_local_name();
223
224 static void btif_stats_add_bond_event(const RawAddress& bd_addr,
225 bt_bond_function_t function,
226 bt_bond_state_t state);
227
228 /******************************************************************************
229 * Externs
230 *****************************************************************************/
231 extern bt_status_t btif_av_sink_execute_service(bool b_enable);
232 extern bt_status_t btif_hh_execute_service(bool b_enable);
233 extern bt_status_t btif_hf_client_execute_service(bool b_enable);
234 extern bt_status_t btif_sdp_execute_service(bool b_enable);
235 extern int btif_hh_connect(const RawAddress* bd_addr);
236 extern bt_status_t btif_hd_execute_service(bool b_enable);
237 extern bluetooth::hearing_aid::HearingAidInterface*
238 btif_hearing_aid_get_interface();
239
240 /******************************************************************************
241 * Functions
242 *****************************************************************************/
243
is_empty_128bit(uint8_t * data)244 static bool is_empty_128bit(uint8_t* data) {
245 static const uint8_t zero[16] = {0};
246 return !memcmp(zero, data, sizeof(zero));
247 }
248
is_bonding_or_sdp()249 static bool is_bonding_or_sdp() {
250 return pairing_cb.state == BT_BOND_STATE_BONDING ||
251 (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts);
252 }
253
btif_dm_init(uid_set_t * set)254 void btif_dm_init(uid_set_t* set) {
255 uid_set = set;
256 }
257
btif_dm_cleanup(void)258 void btif_dm_cleanup(void) {
259 if (uid_set) {
260 uid_set_destroy(uid_set);
261 uid_set = NULL;
262 }
263 }
264
btif_in_execute_service_request(tBTA_SERVICE_ID service_id,bool b_enable)265 bt_status_t btif_in_execute_service_request(tBTA_SERVICE_ID service_id,
266 bool b_enable) {
267 BTIF_TRACE_DEBUG("%s service_id: %d", __func__, service_id);
268 /* Check the service_ID and invoke the profile's BT state changed API */
269 switch (service_id) {
270 case BTA_HFP_SERVICE_ID:
271 case BTA_HSP_SERVICE_ID: {
272 bluetooth::headset::ExecuteService(b_enable);
273 } break;
274 case BTA_A2DP_SOURCE_SERVICE_ID: {
275 btif_av_source_execute_service(b_enable);
276 } break;
277 case BTA_A2DP_SINK_SERVICE_ID: {
278 btif_av_sink_execute_service(b_enable);
279 } break;
280 case BTA_HID_SERVICE_ID: {
281 btif_hh_execute_service(b_enable);
282 } break;
283 case BTA_HFP_HS_SERVICE_ID: {
284 btif_hf_client_execute_service(b_enable);
285 } break;
286 case BTA_SDP_SERVICE_ID: {
287 btif_sdp_execute_service(b_enable);
288 } break;
289 case BTA_HIDD_SERVICE_ID: {
290 btif_hd_execute_service(b_enable);
291 } break;
292 default:
293 BTIF_TRACE_ERROR("%s: Unknown service %d being %s", __func__, service_id,
294 (b_enable) ? "enabled" : "disabled");
295 return BT_STATUS_FAIL;
296 }
297 return BT_STATUS_SUCCESS;
298 }
299
300 /*******************************************************************************
301 *
302 * Function check_eir_remote_name
303 *
304 * Description Check if remote name is in the EIR data
305 *
306 * Returns true if remote name found
307 * Populate p_remote_name, if provided and remote name found
308 *
309 ******************************************************************************/
check_eir_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)310 static bool check_eir_remote_name(tBTA_DM_SEARCH* p_search_data,
311 uint8_t* p_remote_name,
312 uint8_t* p_remote_name_len) {
313 const uint8_t* p_eir_remote_name = NULL;
314 uint8_t remote_name_len = 0;
315
316 /* Check EIR for remote name and services */
317 if (p_search_data->inq_res.p_eir) {
318 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
319 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
320 BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
321 if (!p_eir_remote_name) {
322 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
323 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
324 BTM_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
325 }
326
327 if (p_eir_remote_name) {
328 if (remote_name_len > BD_NAME_LEN) remote_name_len = BD_NAME_LEN;
329
330 if (p_remote_name && p_remote_name_len) {
331 memcpy(p_remote_name, p_eir_remote_name, remote_name_len);
332 *(p_remote_name + remote_name_len) = 0;
333 *p_remote_name_len = remote_name_len;
334 }
335
336 return true;
337 }
338 }
339
340 return false;
341 }
342
343 /*******************************************************************************
344 *
345 * Function check_cached_remote_name
346 *
347 * Description Check if remote name is in the NVRAM cache
348 *
349 * Returns true if remote name found
350 * Populate p_remote_name, if provided and remote name found
351 *
352 ******************************************************************************/
check_cached_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)353 static bool check_cached_remote_name(tBTA_DM_SEARCH* p_search_data,
354 uint8_t* p_remote_name,
355 uint8_t* p_remote_name_len) {
356 bt_bdname_t bdname;
357 bt_property_t prop_name;
358
359 /* check if we already have it in our btif_storage cache */
360
361 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_BDNAME,
362 sizeof(bt_bdname_t), &bdname);
363 if (btif_storage_get_remote_device_property(
364 &p_search_data->inq_res.bd_addr, &prop_name) == BT_STATUS_SUCCESS) {
365 if (p_remote_name && p_remote_name_len) {
366 strcpy((char*)p_remote_name, (char*)bdname.name);
367 *p_remote_name_len = strlen((char*)p_remote_name);
368 }
369 return true;
370 }
371
372 return false;
373 }
374
get_cod(const RawAddress * remote_bdaddr)375 static uint32_t get_cod(const RawAddress* remote_bdaddr) {
376 uint32_t remote_cod;
377 bt_property_t prop_name;
378
379 /* check if we already have it in our btif_storage cache */
380 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
381 sizeof(uint32_t), &remote_cod);
382 if (btif_storage_get_remote_device_property(
383 (RawAddress*)remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS) {
384 LOG_INFO("%s remote_cod = 0x%08x", __func__, remote_cod);
385 return remote_cod & COD_MASK;
386 }
387
388 return 0;
389 }
390
check_cod(const RawAddress * remote_bdaddr,uint32_t cod)391 bool check_cod(const RawAddress* remote_bdaddr, uint32_t cod) {
392 return get_cod(remote_bdaddr) == cod;
393 }
394
check_cod_hid(const RawAddress * remote_bdaddr)395 bool check_cod_hid(const RawAddress* remote_bdaddr) {
396 return (get_cod(remote_bdaddr) & COD_HID_MASK) == COD_HID_MAJOR;
397 }
398
399 /*****************************************************************************
400 *
401 * Function check_sdp_bl
402 *
403 * Description Checks if a given device is rejectlisted to skip sdp
404 *
405 * Parameters skip_sdp_entry
406 *
407 * Returns true if the device is present in rejectlist, else false
408 *
409 ******************************************************************************/
check_sdp_bl(const RawAddress * remote_bdaddr)410 bool check_sdp_bl(const RawAddress* remote_bdaddr) {
411 bt_property_t prop_name;
412 bt_remote_version_t info;
413
414 if (remote_bdaddr == NULL) return false;
415
416 /* if not available yet, try fetching from config database */
417 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_REMOTE_VERSION_INFO,
418 sizeof(bt_remote_version_t), &info);
419
420 if (btif_storage_get_remote_device_property(remote_bdaddr, &prop_name) !=
421 BT_STATUS_SUCCESS) {
422 return false;
423 }
424 uint16_t manufacturer = info.manufacturer;
425
426 for (unsigned int i = 0; i < ARRAY_SIZE(sdp_rejectlist); i++) {
427 if (manufacturer == sdp_rejectlist[i].manufact_id) return true;
428 }
429 return false;
430 }
431
bond_state_changed(bt_status_t status,const RawAddress & bd_addr,bt_bond_state_t state)432 static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr,
433 bt_bond_state_t state) {
434 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_BOND_STATE_CHANGED, state);
435
436 if ((pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING)) {
437 // Cross key pairing so send callback for static address
438 if (!pairing_cb.static_bdaddr.IsEmpty()) {
439 invoke_bond_state_changed_cb(status, bd_addr, state);
440 }
441 return;
442 }
443
444 if (pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
445 state = BT_BOND_STATE_NONE;
446 }
447
448 LOG_INFO(
449 "Bond state changed to state=%d [0:none, 1:bonding, 2:bonded],"
450 " prev_state=%d, sdp_attempts = %d",
451 state, pairing_cb.state, pairing_cb.sdp_attempts);
452
453 if (state == BT_BOND_STATE_NONE) {
454 forget_device_from_metric_id_allocator(bd_addr);
455 } else if (state == BT_BOND_STATE_BONDED) {
456 allocate_metric_id_from_metric_id_allocator(bd_addr);
457 if (!save_metric_id_from_metric_id_allocator(bd_addr)) {
458 LOG(FATAL) << __func__ << ": Fail to save metric id for device "
459 << bd_addr;
460 }
461 }
462 invoke_bond_state_changed_cb(status, bd_addr, state);
463
464 int dev_type;
465 if (!btif_get_device_type(bd_addr, &dev_type)) {
466 dev_type = BT_DEVICE_TYPE_BREDR;
467 }
468
469 if (state == BT_BOND_STATE_BONDING ||
470 (state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts > 0)) {
471 // Save state for the device is bonding or SDP.
472 pairing_cb.state = state;
473 pairing_cb.bd_addr = bd_addr;
474 } else {
475 pairing_cb = {};
476 }
477 }
478
479 /* store remote version in bt config to always have access
480 to it post pairing*/
btif_update_remote_version_property(RawAddress * p_bd)481 static void btif_update_remote_version_property(RawAddress* p_bd) {
482 bt_property_t property;
483 uint8_t lmp_ver = 0;
484 uint16_t lmp_subver = 0;
485 uint16_t mfct_set = 0;
486 bt_remote_version_t info;
487 bt_status_t status;
488
489 CHECK(p_bd != nullptr);
490
491 const bool version_info_valid =
492 BTM_ReadRemoteVersion(*p_bd, &lmp_ver, &mfct_set, &lmp_subver);
493
494 LOG_INFO("Remote version info valid:%s [%s]: %x, %x, %x",
495 logbool(version_info_valid).c_str(), PRIVATE_ADDRESS((*p_bd)),
496 lmp_ver, mfct_set, lmp_subver);
497
498 if (version_info_valid) {
499 // Always update cache to ensure we have availability whenever BTM API is
500 // not populated
501 info.manufacturer = mfct_set;
502 info.sub_ver = lmp_subver;
503 info.version = lmp_ver;
504 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_REMOTE_VERSION_INFO,
505 sizeof(bt_remote_version_t), &info);
506 status = btif_storage_set_remote_device_property(p_bd, &property);
507 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote version",
508 status);
509 }
510 }
511
btif_update_remote_properties(const RawAddress & bdaddr,BD_NAME bd_name,DEV_CLASS dev_class,tBT_DEVICE_TYPE device_type)512 static void btif_update_remote_properties(const RawAddress& bdaddr,
513 BD_NAME bd_name, DEV_CLASS dev_class,
514 tBT_DEVICE_TYPE device_type) {
515 int num_properties = 0;
516 bt_property_t properties[3];
517 bt_status_t status = BT_STATUS_UNHANDLED;
518 uint32_t cod;
519 bt_device_type_t dev_type;
520
521 memset(properties, 0, sizeof(properties));
522
523 /* remote name */
524 if (strlen((const char*)bd_name)) {
525 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties], BT_PROPERTY_BDNAME,
526 strlen((char*)bd_name), bd_name);
527 if (!bluetooth::shim::is_gd_security_enabled()) {
528 status = btif_storage_set_remote_device_property(
529 &bdaddr, &properties[num_properties]);
530 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device name",
531 status);
532 }
533 num_properties++;
534 }
535
536 /* class of device */
537 cod = devclass2uint(dev_class);
538 if (cod == 0) {
539 /* Try to retrieve cod from storage */
540 LOG_VERBOSE("class of device (cod) is unclassified, checking storage");
541 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
542 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
543 status = btif_storage_get_remote_device_property(
544 &bdaddr, &properties[num_properties]);
545 LOG_VERBOSE("cod retrieved from storage is 0x%06x", cod);
546 if (cod == 0) {
547 LOG_INFO("cod from storage is also unclassified");
548 cod = COD_UNCLASSIFIED;
549 }
550 } else {
551 LOG_INFO("class of device (cod) is 0x%06x", cod);
552 }
553
554 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
555 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
556
557 if (!bluetooth::shim::is_gd_security_enabled()) {
558 status = btif_storage_set_remote_device_property(
559 &bdaddr, &properties[num_properties]);
560 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device class",
561 status);
562 }
563 num_properties++;
564
565 /* device type */
566 bt_property_t prop_name;
567 uint8_t remote_dev_type;
568 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_TYPE_OF_DEVICE,
569 sizeof(uint8_t), &remote_dev_type);
570 if (btif_storage_get_remote_device_property(&bdaddr, &prop_name) ==
571 BT_STATUS_SUCCESS) {
572 dev_type = (bt_device_type_t)(remote_dev_type | device_type);
573 } else {
574 dev_type = (bt_device_type_t)device_type;
575 }
576
577 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
578 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type),
579 &dev_type);
580 if (!bluetooth::shim::is_gd_security_enabled()) {
581 status = btif_storage_set_remote_device_property(
582 &bdaddr, &properties[num_properties]);
583 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device type",
584 status);
585 }
586 num_properties++;
587
588 invoke_remote_device_properties_cb(status, bdaddr, num_properties,
589 properties);
590 }
591
592 /*******************************************************************************
593 *
594 * Function btif_dm_cb_create_bond
595 *
596 * Description Create bond initiated from the BTIF thread context
597 * Special handling for HID devices
598 *
599 * Returns void
600 *
601 ******************************************************************************/
btif_dm_cb_create_bond(const RawAddress bd_addr,tBT_TRANSPORT transport)602 static void btif_dm_cb_create_bond(const RawAddress bd_addr,
603 tBT_TRANSPORT transport) {
604 bool is_hid = check_cod(&bd_addr, COD_HID_POINTING);
605 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
606
607 int device_type = 0;
608 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
609 std::string addrstr = bd_addr.ToString();
610 const char* bdstr = addrstr.c_str();
611 if (transport == BT_TRANSPORT_LE) {
612 if (!btif_config_get_int(bdstr, "DevType", &device_type)) {
613 btif_config_set_int(bdstr, "DevType", BT_DEVICE_TYPE_BLE);
614 }
615 if (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) !=
616 BT_STATUS_SUCCESS) {
617 // Try to read address type. OOB pairing might have set it earlier, but
618 // didn't store it, it defaults to BLE_ADDR_PUBLIC
619 uint8_t tmp_dev_type;
620 tBLE_ADDR_TYPE tmp_addr_type = BLE_ADDR_PUBLIC;
621 BTM_ReadDevInfo(bd_addr, &tmp_dev_type, &tmp_addr_type);
622 addr_type = tmp_addr_type;
623
624 btif_storage_set_remote_addr_type(&bd_addr, addr_type);
625 }
626 }
627 if ((btif_config_get_int(bdstr, "DevType", &device_type) &&
628 (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) ==
629 BT_STATUS_SUCCESS) &&
630 (device_type & BT_DEVICE_TYPE_BLE) == BT_DEVICE_TYPE_BLE) ||
631 (transport == BT_TRANSPORT_LE)) {
632 BTA_DmAddBleDevice(bd_addr, addr_type, device_type);
633 }
634
635 if (is_hid && (device_type & BT_DEVICE_TYPE_BLE) == 0) {
636 bt_status_t status;
637 status = (bt_status_t)btif_hh_connect(&bd_addr);
638 if (status != BT_STATUS_SUCCESS)
639 bond_state_changed(status, bd_addr, BT_BOND_STATE_NONE);
640 } else {
641 BTA_DmBond(bd_addr, addr_type, transport, device_type);
642 }
643 /* Track originator of bond creation */
644 pairing_cb.is_local_initiated = true;
645 }
646
647 /*******************************************************************************
648 *
649 * Function btif_dm_get_connection_state
650 *
651 * Description Returns whether the remote device is currently connected
652 * and whether encryption is active for the connection
653 *
654 * Returns 0 if not connected; 1 if connected and > 1 if connection is
655 * encrypted
656 *
657 ******************************************************************************/
btif_dm_get_connection_state(const RawAddress * bd_addr)658 uint16_t btif_dm_get_connection_state(const RawAddress* bd_addr) {
659 uint16_t rc = BTA_DmGetConnectionState(*bd_addr);
660
661 if (rc != 0) {
662 if (BTM_IsEncrypted(*bd_addr, BT_TRANSPORT_BR_EDR)) {
663 rc |= ENCRYPTED_BREDR;
664 }
665 if (BTM_IsEncrypted(*bd_addr, BT_TRANSPORT_LE)) {
666 rc |= ENCRYPTED_LE;
667 }
668 }
669
670 return rc;
671 }
672
673 /******************************************************************************
674 *
675 * BTIF DM callback events
676 *
677 ****************************************************************************/
678
679 /*******************************************************************************
680 *
681 * Function btif_dm_pin_req_evt
682 *
683 * Description Executes pin request event in btif context
684 *
685 * Returns void
686 *
687 ******************************************************************************/
btif_dm_pin_req_evt(tBTA_DM_PIN_REQ * p_pin_req)688 static void btif_dm_pin_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
689 bt_bdname_t bd_name;
690 uint32_t cod;
691 bt_pin_code_t pin_code;
692 int dev_type;
693
694 /* Remote properties update */
695 if (BTM_GetPeerDeviceTypeFromFeatures(p_pin_req->bd_addr) ==
696 BT_DEVICE_TYPE_DUMO) {
697 dev_type = BT_DEVICE_TYPE_DUMO;
698 } else if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
699 // Failed to get device type, defaulting to BR/EDR.
700 dev_type = BT_DEVICE_TYPE_BREDR;
701 }
702 btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
703 p_pin_req->dev_class,
704 (tBT_DEVICE_TYPE)dev_type);
705
706 const RawAddress& bd_addr = p_pin_req->bd_addr;
707 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
708 bd_name.name[BD_NAME_LEN] = '\0';
709
710 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
711 bd_addr != pairing_cb.bd_addr) {
712 BTIF_TRACE_WARNING("%s(): already in bonding state, reject request",
713 __FUNCTION__);
714 return;
715 }
716
717 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
718
719 cod = devclass2uint(p_pin_req->dev_class);
720
721 if (cod == 0) {
722 BTIF_TRACE_DEBUG("%s cod is 0, set as unclassified", __func__);
723 cod = COD_UNCLASSIFIED;
724 }
725
726 /* check for auto pair possiblity only if bond was initiated by local device
727 */
728 if (pairing_cb.is_local_initiated && !p_pin_req->min_16_digit) {
729 if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
730 check_cod(&bd_addr, COD_AV_HEADPHONES) ||
731 check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
732 check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
733 check_cod(&bd_addr, COD_HID_POINTING)) {
734 /* Check if this device can be auto paired */
735 if (!interop_match_addr(INTEROP_DISABLE_AUTO_PAIRING, &bd_addr) &&
736 !interop_match_name(INTEROP_DISABLE_AUTO_PAIRING,
737 (const char*)bd_name.name) &&
738 (pairing_cb.autopair_attempts == 0)) {
739 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __func__);
740 pin_code.pin[0] = 0x30;
741 pin_code.pin[1] = 0x30;
742 pin_code.pin[2] = 0x30;
743 pin_code.pin[3] = 0x30;
744
745 pairing_cb.autopair_attempts++;
746 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
747 return;
748 }
749 } else if (check_cod(&bd_addr, COD_HID_KEYBOARD) ||
750 check_cod(&bd_addr, COD_HID_COMBO)) {
751 if ((interop_match_addr(INTEROP_KEYBOARD_REQUIRES_FIXED_PIN, &bd_addr) ==
752 true) &&
753 (pairing_cb.autopair_attempts == 0)) {
754 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __func__);
755 pin_code.pin[0] = 0x30;
756 pin_code.pin[1] = 0x30;
757 pin_code.pin[2] = 0x30;
758 pin_code.pin[3] = 0x30;
759
760 pairing_cb.autopair_attempts++;
761 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
762 return;
763 }
764 }
765 }
766 invoke_pin_request_cb(bd_addr, bd_name, cod, p_pin_req->min_16_digit);
767 }
768
769 /*******************************************************************************
770 *
771 * Function btif_dm_ssp_cfm_req_evt
772 *
773 * Description Executes SSP confirm request event in btif context
774 *
775 * Returns void
776 *
777 ******************************************************************************/
btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ * p_ssp_cfm_req)778 static void btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ* p_ssp_cfm_req) {
779 bt_bdname_t bd_name;
780 bool is_incoming = !(pairing_cb.state == BT_BOND_STATE_BONDING);
781 uint32_t cod;
782 int dev_type;
783
784 BTIF_TRACE_DEBUG("%s", __func__);
785
786 /* Remote properties update */
787 if (BTM_GetPeerDeviceTypeFromFeatures(p_ssp_cfm_req->bd_addr) ==
788 BT_DEVICE_TYPE_DUMO) {
789 dev_type = BT_DEVICE_TYPE_DUMO;
790 } else if (!btif_get_device_type(p_ssp_cfm_req->bd_addr, &dev_type)) {
791 // Failed to get device type, defaulting to BR/EDR.
792 dev_type = BT_DEVICE_TYPE_BREDR;
793 }
794 btif_update_remote_properties(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->bd_name,
795 p_ssp_cfm_req->dev_class,
796 (tBT_DEVICE_TYPE)dev_type);
797
798 RawAddress bd_addr = p_ssp_cfm_req->bd_addr;
799 memcpy(bd_name.name, p_ssp_cfm_req->bd_name, BD_NAME_LEN);
800
801 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
802 bd_addr != pairing_cb.bd_addr) {
803 BTIF_TRACE_WARNING("%s(): already in bonding state, reject request",
804 __FUNCTION__);
805 btif_dm_ssp_reply(bd_addr, BT_SSP_VARIANT_PASSKEY_CONFIRMATION, 0);
806 return;
807 }
808
809 /* Set the pairing_cb based on the local & remote authentication requirements
810 */
811 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
812
813 BTIF_TRACE_EVENT("%s: just_works:%d, loc_auth_req=%d, rmt_auth_req=%d",
814 __func__, p_ssp_cfm_req->just_works,
815 p_ssp_cfm_req->loc_auth_req, p_ssp_cfm_req->rmt_auth_req);
816
817 /* if just_works and bonding bit is not set treat this as temporary */
818 if (p_ssp_cfm_req->just_works &&
819 !(p_ssp_cfm_req->loc_auth_req & BTM_AUTH_BONDS) &&
820 !(p_ssp_cfm_req->rmt_auth_req & BTM_AUTH_BONDS) &&
821 !(check_cod((RawAddress*)&p_ssp_cfm_req->bd_addr, COD_HID_POINTING)))
822 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY;
823 else
824 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT;
825
826 btm_set_bond_type_dev(p_ssp_cfm_req->bd_addr, pairing_cb.bond_type);
827
828 pairing_cb.is_ssp = true;
829
830 /* If JustWorks auto-accept */
831 if (p_ssp_cfm_req->just_works) {
832 /* Pairing consent for JustWorks NOT needed if:
833 * 1. Incoming temporary pairing is detected
834 */
835 if (is_incoming &&
836 pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
837 BTIF_TRACE_EVENT(
838 "%s: Auto-accept JustWorks pairing for temporary incoming", __func__);
839 btif_dm_ssp_reply(bd_addr, BT_SSP_VARIANT_CONSENT, true);
840 return;
841 }
842 }
843
844 cod = devclass2uint(p_ssp_cfm_req->dev_class);
845
846 if (cod == 0) {
847 LOG_INFO("%s cod is 0, set as unclassified", __func__);
848 cod = COD_UNCLASSIFIED;
849 }
850
851 pairing_cb.sdp_attempts = 0;
852 invoke_ssp_request_cb(
853 bd_addr, bd_name, cod,
854 (p_ssp_cfm_req->just_works ? BT_SSP_VARIANT_CONSENT
855 : BT_SSP_VARIANT_PASSKEY_CONFIRMATION),
856 p_ssp_cfm_req->num_val);
857 }
858
btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)859 static void btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
860 bt_bdname_t bd_name;
861 uint32_t cod;
862 int dev_type;
863
864 BTIF_TRACE_DEBUG("%s", __func__);
865
866 /* Remote properties update */
867 if (BTM_GetPeerDeviceTypeFromFeatures(p_ssp_key_notif->bd_addr) ==
868 BT_DEVICE_TYPE_DUMO) {
869 dev_type = BT_DEVICE_TYPE_DUMO;
870 } else if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
871 // Failed to get device type, defaulting to BR/EDR.
872 dev_type = BT_DEVICE_TYPE_BREDR;
873 }
874 btif_update_remote_properties(
875 p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
876 p_ssp_key_notif->dev_class, (tBT_DEVICE_TYPE)dev_type);
877
878 RawAddress bd_addr = p_ssp_key_notif->bd_addr;
879 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
880 bd_name.name[BD_NAME_LEN] = '\0';
881
882 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
883 pairing_cb.is_ssp = true;
884 cod = devclass2uint(p_ssp_key_notif->dev_class);
885
886 if (cod == 0) {
887 LOG_INFO("%s cod is 0, set as unclassified", __func__);
888 cod = COD_UNCLASSIFIED;
889 }
890
891 invoke_ssp_request_cb(bd_addr, bd_name, cod,
892 BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
893 p_ssp_key_notif->passkey);
894 }
895 /*******************************************************************************
896 *
897 * Function btif_dm_auth_cmpl_evt
898 *
899 * Description Executes authentication complete event in btif context
900 *
901 * Returns void
902 *
903 ******************************************************************************/
btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)904 static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
905 /* Save link key, if not temporary */
906 bt_status_t status = BT_STATUS_FAIL;
907 bt_bond_state_t state = BT_BOND_STATE_NONE;
908 bool skip_sdp = false;
909
910 BTIF_TRACE_DEBUG("%s: bond state=%d, success=%d, key_present=%d", __func__,
911 pairing_cb.state, p_auth_cmpl->success,
912 p_auth_cmpl->key_present);
913
914 RawAddress bd_addr = p_auth_cmpl->bd_addr;
915 if (!bluetooth::shim::is_gd_security_enabled()) {
916 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
917 if ((p_auth_cmpl->key_type < HCI_LKEY_TYPE_DEBUG_COMB) ||
918 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB) ||
919 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_CHANGED_COMB) ||
920 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB_P_256) ||
921 pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT) {
922 bt_status_t ret;
923 BTIF_TRACE_DEBUG("%s: Storing link key. key_type=0x%x, bond_type=%d",
924 __func__, p_auth_cmpl->key_type, pairing_cb.bond_type);
925 ret = btif_storage_add_bonded_device(&bd_addr, p_auth_cmpl->key,
926 p_auth_cmpl->key_type,
927 pairing_cb.pin_code_len);
928 ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
929 } else {
930 BTIF_TRACE_DEBUG(
931 "%s: Temporary key. Not storing. key_type=0x%x, bond_type=%d",
932 __func__, p_auth_cmpl->key_type, pairing_cb.bond_type);
933 if (pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
934 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
935 __func__);
936 btif_storage_remove_bonded_device(&bd_addr);
937 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
938 return;
939 }
940 }
941 }
942 }
943
944 if (p_auth_cmpl->success) {
945 // We could have received a new link key without going through the pairing
946 // flow. If so, we don't want to perform SDP or any other operations on the
947 // authenticated device. Also, make sure that the link key is not derived
948 // from secure LTK, because we will need to perform SDP in case of link key
949 // derivation to allow bond state change notification for the BR/EDR
950 // transport so that the subsequent BR/EDR connections to the remote can use
951 // the derived link key.
952 if (p_auth_cmpl->bd_addr != pairing_cb.bd_addr &&
953 (!pairing_cb.ble.is_penc_key_rcvd)) {
954 LOG(INFO) << __func__
955 << " skipping SDP since we did not initiate pairing to "
956 << p_auth_cmpl->bd_addr;
957 return;
958 }
959
960 if (!bluetooth::shim::is_gd_security_enabled()) {
961 btif_storage_set_remote_addr_type(&bd_addr, p_auth_cmpl->addr_type);
962 }
963
964 int dev_type;
965 if (BTM_GetPeerDeviceTypeFromFeatures(bd_addr) == BT_DEVICE_TYPE_DUMO) {
966 dev_type = BT_DEVICE_TYPE_DUMO;
967 } else {
968 dev_type = p_auth_cmpl->dev_type;
969 }
970 btif_update_remote_properties(p_auth_cmpl->bd_addr, p_auth_cmpl->bd_name,
971 NULL, dev_type);
972 pairing_cb.timeout_retries = 0;
973 status = BT_STATUS_SUCCESS;
974 state = BT_BOND_STATE_BONDED;
975 bd_addr = p_auth_cmpl->bd_addr;
976
977 if (check_sdp_bl(&bd_addr) && check_cod_hid(&bd_addr)) {
978 LOG_WARN("%s:skip SDP", __func__);
979 skip_sdp = true;
980 }
981 if (!pairing_cb.is_local_initiated && skip_sdp) {
982 bond_state_changed(status, bd_addr, state);
983
984 LOG_WARN("%s: Incoming HID Connection", __func__);
985 bt_property_t prop;
986 Uuid uuid = Uuid::From16Bit(UUID_SERVCLASS_HUMAN_INTERFACE);
987
988 prop.type = BT_PROPERTY_UUIDS;
989 prop.val = &uuid;
990 prop.len = Uuid::kNumBytes128;
991
992 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1, &prop);
993 } else {
994 bool is_crosskey = false;
995 /* If bonded due to cross-key, save the static address too*/
996 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
997 p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
998 BTIF_TRACE_DEBUG(
999 "%s: bonding initiated due to cross key, adding static address",
1000 __func__);
1001 pairing_cb.static_bdaddr = bd_addr;
1002 is_crosskey = true;
1003 }
1004 if (!is_crosskey ||
1005 !(stack_config_get_interface()->get_pts_crosskey_sdp_disable())) {
1006 // Ensure inquiry is stopped before attempting service discovery
1007 btif_dm_cancel_discovery();
1008
1009 /* Trigger SDP on the device */
1010 pairing_cb.sdp_attempts = 1;
1011
1012 if (is_crosskey) {
1013 // If bonding occurred due to cross-key pairing, send bonding callback
1014 // for static address now
1015 LOG_INFO("%s: send bonding state update for static address %s",
1016 __func__, bd_addr.ToString().c_str());
1017 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
1018 }
1019 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED);
1020
1021 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_UNKNOWN);
1022 }
1023 }
1024 // Do not call bond_state_changed_cb yet. Wait until remote service
1025 // discovery is complete
1026 } else {
1027 bool is_bonded_device_removed = false;
1028 // Map the HCI fail reason to bt status
1029 switch (p_auth_cmpl->fail_reason) {
1030 case HCI_ERR_PAGE_TIMEOUT:
1031 case HCI_ERR_LMP_RESPONSE_TIMEOUT:
1032 if (interop_match_addr(INTEROP_AUTO_RETRY_PAIRING, &bd_addr) &&
1033 pairing_cb.timeout_retries) {
1034 BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...",
1035 __func__, pairing_cb.timeout_retries);
1036 --pairing_cb.timeout_retries;
1037 btif_dm_cb_create_bond(bd_addr, BT_TRANSPORT_UNKNOWN);
1038 return;
1039 }
1040 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1041 case HCI_ERR_CONNECTION_TOUT:
1042 status = BT_STATUS_RMT_DEV_DOWN;
1043 break;
1044
1045 case HCI_ERR_PAIRING_NOT_ALLOWED:
1046 if (!bluetooth::shim::is_gd_security_enabled()) {
1047 is_bonded_device_removed = (btif_storage_remove_bonded_device(
1048 &bd_addr) == BT_STATUS_SUCCESS);
1049 } else {
1050 is_bonded_device_removed = true;
1051 }
1052 status = BT_STATUS_AUTH_REJECTED;
1053 break;
1054
1055 /* map the auth failure codes, so we can retry pairing if necessary */
1056 case HCI_ERR_AUTH_FAILURE:
1057 case HCI_ERR_KEY_MISSING:
1058 is_bonded_device_removed = (bluetooth::shim::is_gd_security_enabled())
1059 ? true
1060 : (btif_storage_remove_bonded_device(
1061 &bd_addr) == BT_STATUS_SUCCESS);
1062 [[fallthrough]];
1063 case HCI_ERR_HOST_REJECT_SECURITY:
1064 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
1065 case HCI_ERR_UNIT_KEY_USED:
1066 case HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED:
1067 case HCI_ERR_INSUFFCIENT_SECURITY:
1068 case HCI_ERR_PEER_USER:
1069 case HCI_ERR_UNSPECIFIED:
1070 BTIF_TRACE_DEBUG(" %s() Authentication fail reason %d", __func__,
1071 p_auth_cmpl->fail_reason);
1072 if (pairing_cb.autopair_attempts == 1) {
1073 /* Create the Bond once again */
1074 BTIF_TRACE_WARNING("%s() auto pair failed. Reinitiate Bond",
1075 __func__);
1076 btif_dm_cb_create_bond(bd_addr, BT_TRANSPORT_UNKNOWN);
1077 return;
1078 } else {
1079 /* if autopair attempts are more than 1, or not attempted */
1080 status = BT_STATUS_AUTH_FAILURE;
1081 }
1082 break;
1083
1084 default:
1085 status = BT_STATUS_FAIL;
1086 }
1087 /* Special Handling for HID Devices */
1088 if (check_cod(&bd_addr, COD_HID_POINTING)) {
1089 /* Remove Device as bonded in nvram as authentication failed */
1090 BTIF_TRACE_DEBUG("%s(): removing hid pointing device from nvram",
1091 __func__);
1092 is_bonded_device_removed = (bluetooth::shim::is_gd_security_enabled())
1093 ? true
1094 : (btif_storage_remove_bonded_device(
1095 &bd_addr) == BT_STATUS_SUCCESS);
1096 }
1097 // Report bond state change to java only if we are bonding to a device or
1098 // a device is removed from the pairing list.
1099 if (pairing_cb.state == BT_BOND_STATE_BONDING || is_bonded_device_removed) {
1100 bond_state_changed(status, bd_addr, state);
1101 }
1102 }
1103 }
1104
1105 /******************************************************************************
1106 *
1107 * Function btif_dm_search_devices_evt
1108 *
1109 * Description Executes search devices callback events in btif context
1110 *
1111 * Returns void
1112 *
1113 *****************************************************************************/
btif_dm_search_devices_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_search_data)1114 static void btif_dm_search_devices_evt(tBTA_DM_SEARCH_EVT event,
1115 tBTA_DM_SEARCH* p_search_data) {
1116 BTIF_TRACE_EVENT("%s event=%s", __func__, dump_dm_search_event(event));
1117
1118 switch (event) {
1119 case BTA_DM_DISC_RES_EVT: {
1120 /* Remote name update */
1121 if (strlen((const char*)p_search_data->disc_res.bd_name)) {
1122 bt_property_t properties[1];
1123 bt_status_t status;
1124
1125 properties[0].type = BT_PROPERTY_BDNAME;
1126 properties[0].val = p_search_data->disc_res.bd_name;
1127 properties[0].len = strlen((char*)p_search_data->disc_res.bd_name);
1128 RawAddress& bdaddr = p_search_data->disc_res.bd_addr;
1129
1130 status =
1131 btif_storage_set_remote_device_property(&bdaddr, &properties[0]);
1132 ASSERTC(status == BT_STATUS_SUCCESS,
1133 "failed to save remote device property", status);
1134 invoke_remote_device_properties_cb(status, bdaddr, 1, properties);
1135 }
1136 /* TODO: Services? */
1137 } break;
1138
1139 case BTA_DM_INQ_RES_EVT: {
1140 /* inquiry result */
1141 bt_bdname_t bdname;
1142 uint8_t remote_name_len;
1143 tBTA_SERVICE_MASK services = 0;
1144
1145 p_search_data->inq_res.remt_name_not_required =
1146 check_eir_remote_name(p_search_data, NULL, NULL);
1147 RawAddress& bdaddr = p_search_data->inq_res.bd_addr;
1148
1149 BTIF_TRACE_DEBUG("%s() %s device_type = 0x%x\n", __func__,
1150 bdaddr.ToString().c_str(),
1151 p_search_data->inq_res.device_type);
1152 bdname.name[0] = 0;
1153
1154 if (!check_eir_remote_name(p_search_data, bdname.name, &remote_name_len))
1155 check_cached_remote_name(p_search_data, bdname.name, &remote_name_len);
1156
1157 /* Check EIR for remote name and services */
1158 if (p_search_data->inq_res.p_eir) {
1159 BTA_GetEirService(p_search_data->inq_res.p_eir,
1160 p_search_data->inq_res.eir_len, &services);
1161 BTIF_TRACE_DEBUG("%s()EIR BTA services = %08X", __func__,
1162 (uint32_t)services);
1163 /* TODO: Get the service list and check to see which uuids we got and
1164 * send it back to the client. */
1165 }
1166
1167 {
1168 bt_property_t properties[5];
1169 bt_device_type_t dev_type;
1170 uint32_t num_properties = 0;
1171 bt_status_t status;
1172 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
1173
1174 memset(properties, 0, sizeof(properties));
1175 /* RawAddress */
1176 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1177 BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr);
1178 num_properties++;
1179 /* BD_NAME */
1180 /* Don't send BDNAME if it is empty */
1181 if (bdname.name[0]) {
1182 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1183 BT_PROPERTY_BDNAME,
1184 strlen((char*)bdname.name), &bdname);
1185 num_properties++;
1186 }
1187
1188 /* DEV_CLASS */
1189 uint32_t cod = devclass2uint(p_search_data->inq_res.dev_class);
1190 BTIF_TRACE_DEBUG("%s cod is 0x%06x", __func__, cod);
1191 if (cod != 0) {
1192 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1193 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod),
1194 &cod);
1195 num_properties++;
1196 }
1197
1198 /* DEV_TYPE */
1199 /* FixMe: Assumption is that bluetooth.h and BTE enums match */
1200
1201 /* Verify if the device is dual mode in NVRAM */
1202 int stored_device_type = 0;
1203 if (btif_get_device_type(bdaddr, &stored_device_type) &&
1204 ((stored_device_type != BT_DEVICE_TYPE_BREDR &&
1205 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BREDR) ||
1206 (stored_device_type != BT_DEVICE_TYPE_BLE &&
1207 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE))) {
1208 dev_type = (bt_device_type_t)BT_DEVICE_TYPE_DUMO;
1209 } else {
1210 dev_type = (bt_device_type_t)p_search_data->inq_res.device_type;
1211 }
1212
1213 if (p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE)
1214 addr_type = p_search_data->inq_res.ble_addr_type;
1215 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1216 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type),
1217 &dev_type);
1218 num_properties++;
1219 /* RSSI */
1220 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1221 BT_PROPERTY_REMOTE_RSSI, sizeof(int8_t),
1222 &(p_search_data->inq_res.rssi));
1223 num_properties++;
1224
1225 status =
1226 btif_storage_add_remote_device(&bdaddr, num_properties, properties);
1227 ASSERTC(status == BT_STATUS_SUCCESS,
1228 "failed to save remote device (inquiry)", status);
1229 status = btif_storage_set_remote_addr_type(&bdaddr, addr_type);
1230 ASSERTC(status == BT_STATUS_SUCCESS,
1231 "failed to save remote addr type (inquiry)", status);
1232 /* Callback to notify upper layer of device */
1233 invoke_device_found_cb(num_properties, properties);
1234 }
1235 } break;
1236
1237 case BTA_DM_INQ_CMPL_EVT: {
1238 BTM_BleAdvFilterParamSetup(BTM_BLE_SCAN_COND_DELETE,
1239 static_cast<tBTM_BLE_PF_FILT_INDEX>(0),
1240 nullptr,
1241 base::Bind(&bte_scan_filt_param_cfg_evt,
1242 btm_status_value(BTM_SUCCESS)));
1243 } break;
1244 case BTA_DM_DISC_CMPL_EVT: {
1245 invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1246 } break;
1247 case BTA_DM_SEARCH_CANCEL_CMPL_EVT: {
1248 /* if inquiry is not in progress and we get a cancel event, then
1249 * it means we are done with inquiry, but remote_name fetches are in
1250 * progress
1251 *
1252 * if inquiry is in progress, then we don't want to act on this
1253 * cancel_cmpl_evt
1254 * but instead wait for the cancel_cmpl_evt via the Busy Level
1255 *
1256 */
1257 if (!btif_dm_inquiry_in_progress) {
1258 btgatt_filt_param_setup_t adv_filt_param;
1259 memset(&adv_filt_param, 0, sizeof(btgatt_filt_param_setup_t));
1260 BTM_BleAdvFilterParamSetup(BTM_BLE_SCAN_COND_DELETE, 0, nullptr,
1261 base::Bind(&bte_scan_filt_param_cfg_evt,
1262 btm_status_value(BTM_SUCCESS)));
1263 invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1264 }
1265 } break;
1266 }
1267 }
1268
1269 /* Returns true if |uuid| should be passed as device property */
btif_is_interesting_le_service(bluetooth::Uuid uuid)1270 static bool btif_is_interesting_le_service(bluetooth::Uuid uuid) {
1271 return (uuid.As16Bit() == UUID_SERVCLASS_LE_HID || uuid == UUID_HEARING_AID ||
1272 uuid == UUID_VC);
1273 }
1274
1275 /*******************************************************************************
1276 *
1277 * Function btif_dm_search_services_evt
1278 *
1279 * Description Executes search services event in btif context
1280 *
1281 * Returns void
1282 *
1283 ******************************************************************************/
btif_dm_search_services_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_data)1284 static void btif_dm_search_services_evt(tBTA_DM_SEARCH_EVT event,
1285 tBTA_DM_SEARCH* p_data) {
1286 switch (event) {
1287 case BTA_DM_DISC_RES_EVT: {
1288 bt_property_t prop;
1289 uint32_t i = 0;
1290 bt_status_t ret;
1291
1292 RawAddress& bd_addr = p_data->disc_res.bd_addr;
1293
1294 LOG_VERBOSE("result=0x%x, services 0x%x", p_data->disc_res.result,
1295 p_data->disc_res.services);
1296 if (p_data->disc_res.result != BTA_SUCCESS &&
1297 pairing_cb.state == BT_BOND_STATE_BONDED &&
1298 pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING) {
1299 if (pairing_cb.sdp_attempts) {
1300 LOG_WARN("SDP failed after bonding re-attempting");
1301 pairing_cb.sdp_attempts++;
1302 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_UNKNOWN);
1303 } else {
1304 LOG_WARN("SDP triggered by someone failed when bonding");
1305 }
1306 return;
1307 }
1308 prop.type = BT_PROPERTY_UUIDS;
1309 prop.len = 0;
1310 if ((p_data->disc_res.result == BTA_SUCCESS) &&
1311 (p_data->disc_res.num_uuids > 0)) {
1312 prop.val = p_data->disc_res.p_uuid_list;
1313 prop.len = p_data->disc_res.num_uuids * Uuid::kNumBytes128;
1314 for (i = 0; i < p_data->disc_res.num_uuids; i++) {
1315 std::string temp = ((p_data->disc_res.p_uuid_list + i))->ToString();
1316 LOG_INFO("index:%d uuid:%s", i, temp.c_str());
1317 }
1318 }
1319
1320 /* onUuidChanged requires getBondedDevices to be populated.
1321 ** bond_state_changed needs to be sent prior to remote_device_property
1322 */
1323 if (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts &&
1324 (p_data->disc_res.bd_addr == pairing_cb.bd_addr ||
1325 p_data->disc_res.bd_addr == pairing_cb.static_bdaddr)) {
1326 LOG_INFO("SDP search done for %s", bd_addr.ToString().c_str());
1327 pairing_cb.sdp_attempts = 0;
1328
1329 // Both SDP and bonding are done, clear pairing control block in case
1330 // it is not already cleared
1331 pairing_cb = {};
1332
1333 // Send one empty UUID to Java to unblock pairing intent when SDP failed
1334 // or no UUID is discovered
1335 if (p_data->disc_res.result != BTA_SUCCESS ||
1336 p_data->disc_res.num_uuids == 0) {
1337 LOG_INFO("SDP failed, send empty UUID to unblock bonding %s",
1338 bd_addr.ToString().c_str());
1339 bt_property_t prop_uuids;
1340 Uuid uuid = {};
1341
1342 prop_uuids.type = BT_PROPERTY_UUIDS;
1343 prop_uuids.val = &uuid;
1344 prop_uuids.len = Uuid::kNumBytes128;
1345
1346 /* Send the event to the BTIF */
1347 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1,
1348 &prop_uuids);
1349 break;
1350 }
1351 }
1352
1353 if (p_data->disc_res.num_uuids != 0) {
1354 /* Also write this to the NVRAM */
1355 ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1356 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed",
1357 ret);
1358 /* Send the event to the BTIF */
1359 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1,
1360 &prop);
1361 }
1362 } break;
1363
1364 case BTA_DM_DISC_CMPL_EVT:
1365 /* fixme */
1366 break;
1367
1368 case BTA_DM_SEARCH_CANCEL_CMPL_EVT:
1369 /* no-op */
1370 break;
1371
1372 case BTA_DM_DISC_BLE_RES_EVT: {
1373 int num_properties = 0;
1374 bt_property_t prop[2];
1375 std::vector<uint8_t> property_value;
1376 int num_uuids = 0;
1377
1378 for (Uuid uuid : *p_data->disc_ble_res.services) {
1379 LOG_VERBOSE("service %s", uuid.ToString().c_str());
1380 if (btif_is_interesting_le_service(uuid)) {
1381 num_uuids++;
1382 auto valAsBe = uuid.To128BitBE();
1383 property_value.insert(property_value.end(), valAsBe.begin(),
1384 valAsBe.end());
1385 }
1386 }
1387
1388 if (num_uuids == 0) {
1389 LOG_INFO("No well known BLE services discovered");
1390 return;
1391 }
1392
1393 RawAddress& bd_addr = p_data->disc_ble_res.bd_addr;
1394 prop[0].type = BT_PROPERTY_UUIDS;
1395 prop[0].val = (void*)property_value.data();
1396 prop[0].len = Uuid::kNumBytes128 * num_uuids;
1397
1398 /* Also write this to the NVRAM */
1399 bt_status_t ret =
1400 btif_storage_set_remote_device_property(&bd_addr, &prop[0]);
1401 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1402 num_properties++;
1403
1404 /* Remote name update */
1405 if (strnlen((const char*)p_data->disc_ble_res.bd_name, BD_NAME_LEN)) {
1406 prop[1].type = BT_PROPERTY_BDNAME;
1407 prop[1].val = p_data->disc_ble_res.bd_name;
1408 prop[1].len = strnlen((char*)p_data->disc_ble_res.bd_name, BD_NAME_LEN);
1409
1410 ret = btif_storage_set_remote_device_property(&bd_addr, &prop[1]);
1411 ASSERTC(ret == BT_STATUS_SUCCESS,
1412 "failed to save remote device property", ret);
1413 num_properties++;
1414 }
1415
1416 /* Send the event to the BTIF */
1417 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr,
1418 num_properties, prop);
1419 } break;
1420
1421 default: { ASSERTC(0, "unhandled search services event", event); } break;
1422 }
1423 }
1424
BTIF_dm_report_inquiry_status_change(uint8_t status)1425 void BTIF_dm_report_inquiry_status_change(uint8_t status) {
1426 if (status == BTM_INQUIRY_STARTED) {
1427 invoke_discovery_state_changed_cb(BT_DISCOVERY_STARTED);
1428 btif_dm_inquiry_in_progress = true;
1429 } else if (status == BTM_INQUIRY_CANCELLED) {
1430 invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1431 btif_dm_inquiry_in_progress = false;
1432 } else if (status == BTM_INQUIRY_COMPLETE) {
1433 btif_dm_inquiry_in_progress = false;
1434 }
1435 }
1436
BTIF_dm_on_hw_error()1437 void BTIF_dm_on_hw_error() {
1438 BTIF_TRACE_ERROR("Received H/W Error. ");
1439 /* Flush storage data */
1440 btif_config_flush();
1441 usleep(100000); /* 100milliseconds */
1442 /* Killing the process to force a restart as part of fault tolerance */
1443 kill(getpid(), SIGKILL);
1444 }
1445
BTIF_dm_enable()1446 void BTIF_dm_enable() {
1447 BD_NAME bdname;
1448 bt_status_t status;
1449 bt_property_t prop;
1450 prop.type = BT_PROPERTY_BDNAME;
1451 prop.len = BD_NAME_LEN;
1452 prop.val = (void*)bdname;
1453
1454 status = btif_storage_get_adapter_property(&prop);
1455 if (status == BT_STATUS_SUCCESS) {
1456 /* A name exists in the storage. Make this the device name */
1457 BTA_DmSetDeviceName((char*)prop.val);
1458 } else {
1459 /* Storage does not have a name yet.
1460 * Use the default name and write it to the chip
1461 */
1462 BTA_DmSetDeviceName(btif_get_default_local_name());
1463 }
1464
1465 /* Enable local privacy */
1466 BTA_DmBleConfigLocalPrivacy(BLE_LOCAL_PRIVACY_ENABLED);
1467
1468 /* for each of the enabled services in the mask, trigger the profile
1469 * enable */
1470 tBTA_SERVICE_MASK service_mask = btif_get_enabled_services_mask();
1471 for (uint32_t i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
1472 if (service_mask & (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
1473 btif_in_execute_service_request(i, true);
1474 }
1475 }
1476 /* clear control blocks */
1477 memset(&pairing_cb, 0, sizeof(btif_dm_pairing_cb_t));
1478 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT;
1479
1480 /* This function will also trigger the adapter_properties_cb
1481 ** and bonded_devices_info_cb
1482 */
1483 btif_storage_load_bonded_devices();
1484 bluetooth::bqr::EnableBtQualityReport(true);
1485 btif_enable_bluetooth_evt();
1486 }
1487
BTIF_dm_disable()1488 void BTIF_dm_disable() {
1489 /* for each of the enabled services in the mask, trigger the profile
1490 * disable */
1491 tBTA_SERVICE_MASK service_mask = btif_get_enabled_services_mask();
1492 for (uint32_t i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
1493 if (service_mask & (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
1494 btif_in_execute_service_request(i, false);
1495 }
1496 }
1497 bluetooth::bqr::EnableBtQualityReport(false);
1498 LOG_INFO("Stack device manager shutdown finished");
1499 future_ready(stack_manager_get_hack_future(), FUTURE_SUCCESS);
1500 }
1501
1502 /*******************************************************************************
1503 *
1504 * Function btif_dm_upstreams_cback
1505 *
1506 * Description Executes UPSTREAMS events in btif context
1507 *
1508 * Returns void
1509 *
1510 ******************************************************************************/
btif_dm_upstreams_evt(uint16_t event,char * p_param)1511 static void btif_dm_upstreams_evt(uint16_t event, char* p_param) {
1512 tBTA_DM_SEC* p_data = (tBTA_DM_SEC*)p_param;
1513 RawAddress bd_addr;
1514
1515 BTIF_TRACE_EVENT("%s: ev: %s", __func__, dump_dm_event(event));
1516
1517 switch (event) {
1518 case BTA_DM_PIN_REQ_EVT:
1519 btif_dm_pin_req_evt(&p_data->pin_req);
1520 break;
1521
1522 case BTA_DM_AUTH_CMPL_EVT:
1523 btif_dm_auth_cmpl_evt(&p_data->auth_cmpl);
1524 break;
1525
1526 case BTA_DM_BOND_CANCEL_CMPL_EVT:
1527 if (is_bonding_or_sdp()) {
1528 bd_addr = pairing_cb.bd_addr;
1529 btm_set_bond_type_dev(pairing_cb.bd_addr,
1530 tBTM_SEC_DEV_REC::BOND_TYPE_UNKNOWN);
1531 bond_state_changed((bt_status_t)p_data->bond_cancel_cmpl.result,
1532 bd_addr, BT_BOND_STATE_NONE);
1533 }
1534 break;
1535
1536 case BTA_DM_SP_CFM_REQ_EVT:
1537 btif_dm_ssp_cfm_req_evt(&p_data->cfm_req);
1538 break;
1539 case BTA_DM_SP_KEY_NOTIF_EVT:
1540 btif_dm_ssp_key_notif_evt(&p_data->key_notif);
1541 break;
1542
1543 case BTA_DM_DEV_UNPAIRED_EVT:
1544 bd_addr = p_data->link_down.bd_addr;
1545 btm_set_bond_type_dev(p_data->link_down.bd_addr,
1546 tBTM_SEC_DEV_REC::BOND_TYPE_UNKNOWN);
1547
1548 /*special handling for HID devices */
1549 #if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
1550 btif_hh_remove_device(bd_addr);
1551 #endif
1552 #if (defined(BTA_HD_INCLUDED) && (BTA_HD_INCLUDED == TRUE))
1553 btif_hd_remove_device(bd_addr);
1554 #endif
1555 btif_hearing_aid_get_interface()->RemoveDevice(bd_addr);
1556 btif_storage_remove_bonded_device(&bd_addr);
1557 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
1558 break;
1559
1560 case BTA_DM_LINK_UP_EVT:
1561 bd_addr = p_data->link_up.bd_addr;
1562 BTIF_TRACE_DEBUG("BTA_DM_LINK_UP_EVT. Sending BT_ACL_STATE_CONNECTED");
1563
1564 btif_update_remote_version_property(&bd_addr);
1565
1566 invoke_acl_state_changed_cb(BT_STATUS_SUCCESS, bd_addr,
1567 BT_ACL_STATE_CONNECTED, HCI_SUCCESS);
1568 break;
1569
1570 case BTA_DM_LINK_DOWN_EVT:
1571 bd_addr = p_data->link_down.bd_addr;
1572 btm_set_bond_type_dev(p_data->link_down.bd_addr,
1573 tBTM_SEC_DEV_REC::BOND_TYPE_UNKNOWN);
1574 btif_av_acl_disconnected(bd_addr);
1575 invoke_acl_state_changed_cb(BT_STATUS_SUCCESS, bd_addr,
1576 BT_ACL_STATE_DISCONNECTED,
1577 static_cast<bt_hci_error_code_t>(btm_get_acl_disc_reason_code()));
1578 LOG_DEBUG(
1579 "Sent BT_ACL_STATE_DISCONNECTED upward as ACL link down event "
1580 "device:%s reason:%s",
1581 PRIVATE_ADDRESS(bd_addr),
1582 hci_reason_code_text(
1583 static_cast<tHCI_REASON>(btm_get_acl_disc_reason_code()))
1584 .c_str());
1585 break;
1586
1587 case BTA_DM_BLE_KEY_EVT:
1588 BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT key_type=0x%02x ",
1589 p_data->ble_key.key_type);
1590
1591 /* If this pairing is by-product of local initiated GATT client Read or
1592 Write,
1593 BTA would not have sent BTA_DM_BLE_SEC_REQ_EVT event and Bond state would
1594 not
1595 have setup properly. Setup pairing_cb and notify App about Bonding state
1596 now*/
1597 if (pairing_cb.state != BT_BOND_STATE_BONDING) {
1598 BTIF_TRACE_DEBUG(
1599 "Bond state not sent to App so far.Notify the app now");
1600 bond_state_changed(BT_STATUS_SUCCESS, p_data->ble_key.bd_addr,
1601 BT_BOND_STATE_BONDING);
1602 } else if (pairing_cb.bd_addr != p_data->ble_key.bd_addr) {
1603 BTIF_TRACE_ERROR("BD mismatch discard BLE key_type=%d ",
1604 p_data->ble_key.key_type);
1605 break;
1606 }
1607
1608 switch (p_data->ble_key.key_type) {
1609 case BTM_LE_KEY_PENC:
1610 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_PENC");
1611 pairing_cb.ble.is_penc_key_rcvd = true;
1612 pairing_cb.ble.penc_key = p_data->ble_key.p_key_value->penc_key;
1613 break;
1614
1615 case BTM_LE_KEY_PID:
1616 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_PID");
1617 pairing_cb.ble.is_pid_key_rcvd = true;
1618 pairing_cb.ble.pid_key = p_data->ble_key.p_key_value->pid_key;
1619 break;
1620
1621 case BTM_LE_KEY_PCSRK:
1622 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_PCSRK");
1623 pairing_cb.ble.is_pcsrk_key_rcvd = true;
1624 pairing_cb.ble.pcsrk_key = p_data->ble_key.p_key_value->pcsrk_key;
1625 break;
1626
1627 case BTM_LE_KEY_LENC:
1628 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_LENC");
1629 pairing_cb.ble.is_lenc_key_rcvd = true;
1630 pairing_cb.ble.lenc_key = p_data->ble_key.p_key_value->lenc_key;
1631 break;
1632
1633 case BTM_LE_KEY_LCSRK:
1634 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_LCSRK");
1635 pairing_cb.ble.is_lcsrk_key_rcvd = true;
1636 pairing_cb.ble.lcsrk_key = p_data->ble_key.p_key_value->lcsrk_key;
1637 break;
1638
1639 case BTM_LE_KEY_LID:
1640 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_LID");
1641 pairing_cb.ble.is_lidk_key_rcvd = true;
1642 break;
1643
1644 default:
1645 BTIF_TRACE_ERROR("unknown BLE key type (0x%02x)",
1646 p_data->ble_key.key_type);
1647 break;
1648 }
1649 break;
1650 case BTA_DM_BLE_CONSENT_REQ_EVT:
1651 BTIF_TRACE_DEBUG("BTA_DM_BLE_CONSENT_REQ_EVT. ");
1652 btif_dm_ble_sec_req_evt(&p_data->ble_req, true);
1653 break;
1654 case BTA_DM_BLE_SEC_REQ_EVT:
1655 BTIF_TRACE_DEBUG("BTA_DM_BLE_SEC_REQ_EVT. ");
1656 btif_dm_ble_sec_req_evt(&p_data->ble_req, false);
1657 break;
1658 case BTA_DM_BLE_PASSKEY_NOTIF_EVT:
1659 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_NOTIF_EVT. ");
1660 btif_dm_ble_key_notif_evt(&p_data->key_notif);
1661 break;
1662 case BTA_DM_BLE_PASSKEY_REQ_EVT:
1663 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1664 btif_dm_ble_passkey_req_evt(&p_data->pin_req);
1665 break;
1666 case BTA_DM_BLE_NC_REQ_EVT:
1667 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1668 btif_dm_ble_key_nc_req_evt(&p_data->key_notif);
1669 break;
1670 case BTA_DM_BLE_OOB_REQ_EVT:
1671 BTIF_TRACE_DEBUG("BTA_DM_BLE_OOB_REQ_EVT. ");
1672 btif_dm_ble_oob_req_evt(&p_data->rmt_oob);
1673 break;
1674 case BTA_DM_BLE_SC_OOB_REQ_EVT:
1675 BTIF_TRACE_DEBUG("BTA_DM_BLE_SC_OOB_REQ_EVT. ");
1676 btif_dm_ble_sc_oob_req_evt(&p_data->rmt_oob);
1677 break;
1678 case BTA_DM_BLE_SC_CR_LOC_OOB_EVT:
1679 BTIF_TRACE_DEBUG("BTA_DM_BLE_SC_CR_LOC_OOB_EVT");
1680 btif_dm_proc_loc_oob(BT_TRANSPORT_LE, true,
1681 p_data->local_oob_data.local_oob_c,
1682 p_data->local_oob_data.local_oob_r);
1683 break;
1684
1685 case BTA_DM_BLE_LOCAL_IR_EVT:
1686 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_IR_EVT. ");
1687 ble_local_key_cb.is_id_keys_rcvd = true;
1688 ble_local_key_cb.id_keys.irk = p_data->ble_id_keys.irk;
1689 ble_local_key_cb.id_keys.ir = p_data->ble_id_keys.ir;
1690 ble_local_key_cb.id_keys.dhk = p_data->ble_id_keys.dhk;
1691 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.irk,
1692 BTIF_DM_LE_LOCAL_KEY_IRK);
1693 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.ir,
1694 BTIF_DM_LE_LOCAL_KEY_IR);
1695 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.dhk,
1696 BTIF_DM_LE_LOCAL_KEY_DHK);
1697 break;
1698 case BTA_DM_BLE_LOCAL_ER_EVT:
1699 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_ER_EVT. ");
1700 ble_local_key_cb.is_er_rcvd = true;
1701 ble_local_key_cb.er = p_data->ble_er;
1702 btif_storage_add_ble_local_key(ble_local_key_cb.er,
1703 BTIF_DM_LE_LOCAL_KEY_ER);
1704 break;
1705
1706 case BTA_DM_BLE_AUTH_CMPL_EVT:
1707 BTIF_TRACE_DEBUG("BTA_DM_BLE_AUTH_CMPL_EVT. ");
1708 btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl);
1709 break;
1710
1711 case BTA_DM_LE_FEATURES_READ: {
1712 tBTM_BLE_VSC_CB cmn_vsc_cb;
1713 bt_local_le_features_t local_le_features;
1714 bt_property_t prop;
1715 prop.type = BT_PROPERTY_LOCAL_LE_FEATURES;
1716 prop.val = (void*)&local_le_features;
1717 prop.len = sizeof(bt_local_le_features_t);
1718
1719 /* LE features are not stored in storage. Should be retrived from stack */
1720 BTM_BleGetVendorCapabilities(&cmn_vsc_cb);
1721 local_le_features.local_privacy_enabled = BTM_BleLocalPrivacyEnabled();
1722
1723 if (cmn_vsc_cb.filter_support == 1)
1724 local_le_features.max_adv_filter_supported = cmn_vsc_cb.max_filter;
1725 else
1726 local_le_features.max_adv_filter_supported = 0;
1727 local_le_features.max_adv_instance = cmn_vsc_cb.adv_inst_max;
1728 local_le_features.max_irk_list_size = cmn_vsc_cb.max_irk_list_sz;
1729 local_le_features.rpa_offload_supported = cmn_vsc_cb.rpa_offloading;
1730 local_le_features.activity_energy_info_supported =
1731 cmn_vsc_cb.energy_support;
1732 local_le_features.scan_result_storage_size =
1733 cmn_vsc_cb.tot_scan_results_strg;
1734 local_le_features.version_supported = cmn_vsc_cb.version_supported;
1735 local_le_features.total_trackable_advertisers =
1736 cmn_vsc_cb.total_trackable_advertisers;
1737
1738 local_le_features.extended_scan_support =
1739 cmn_vsc_cb.extended_scan_support > 0;
1740 local_le_features.debug_logging_supported =
1741 cmn_vsc_cb.debug_logging_supported > 0;
1742
1743 const controller_t* controller = controller_get_interface();
1744
1745 local_le_features.le_2m_phy_supported = controller->supports_ble_2m_phy();
1746 local_le_features.le_coded_phy_supported =
1747 controller->supports_ble_coded_phy();
1748 local_le_features.le_extended_advertising_supported =
1749 controller->supports_ble_extended_advertising();
1750 local_le_features.le_periodic_advertising_supported =
1751 controller->supports_ble_periodic_advertising();
1752 local_le_features.le_maximum_advertising_data_length =
1753 controller->get_ble_maxium_advertising_data_length();
1754
1755 local_le_features.dynamic_audio_buffer_supported =
1756 cmn_vsc_cb.dynamic_audio_buffer_support;
1757
1758 invoke_adapter_properties_cb(BT_STATUS_SUCCESS, 1, &prop);
1759 break;
1760 }
1761
1762 default:
1763 BTIF_TRACE_WARNING("%s: unhandled event (%d)", __func__, event);
1764 break;
1765 }
1766 }
1767
1768 /*******************************************************************************
1769 *
1770 * Function bte_dm_evt
1771 *
1772 * Description Switches context from BTE to BTIF for all DM events
1773 *
1774 * Returns void
1775 *
1776 ******************************************************************************/
1777
bte_dm_evt(tBTA_DM_SEC_EVT event,tBTA_DM_SEC * p_data)1778 void bte_dm_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data) {
1779 btif_dm_upstreams_evt(event, (char*)p_data);
1780 }
1781
1782 /*******************************************************************************
1783 *
1784 * Function bta_energy_info_cb
1785 *
1786 * Description Switches context from BTE to BTIF for DM energy info event
1787 *
1788 * Returns void
1789 *
1790 ******************************************************************************/
bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTA_DM_CONTRL_STATE ctrl_state,tBTA_STATUS status)1791 static void bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time,
1792 tBTM_BLE_RX_TIME_MS rx_time,
1793 tBTM_BLE_IDLE_TIME_MS idle_time,
1794 tBTM_BLE_ENERGY_USED energy_used,
1795 tBTA_DM_CONTRL_STATE ctrl_state,
1796 tBTA_STATUS status) {
1797 BTIF_TRACE_DEBUG(
1798 "energy_info_cb-Status:%d,state=%d,tx_t=%ld, rx_t=%ld, "
1799 "idle_time=%ld,used=%ld",
1800 status, ctrl_state, tx_time, rx_time, idle_time, energy_used);
1801
1802 bt_activity_energy_info energy_info;
1803 energy_info.status = status;
1804 energy_info.ctrl_state = ctrl_state;
1805 energy_info.rx_time = rx_time;
1806 energy_info.tx_time = tx_time;
1807 energy_info.idle_time = idle_time;
1808 energy_info.energy_used = energy_used;
1809
1810 bt_uid_traffic_t* data = uid_set_read_and_clear(uid_set);
1811 invoke_energy_info_cb(energy_info, data);
1812 }
1813
1814 /* Scan filter param config event */
bte_scan_filt_param_cfg_evt(uint8_t ref_value,uint8_t avbl_space,uint8_t action_type,uint8_t btm_status)1815 static void bte_scan_filt_param_cfg_evt(uint8_t ref_value, uint8_t avbl_space,
1816 uint8_t action_type,
1817 uint8_t btm_status) {
1818 /* This event occurs on calling BTA_DmBleCfgFilterCondition internally,
1819 ** and that is why there is no HAL callback
1820 */
1821 if (btm_status != btm_status_value(BTM_SUCCESS)) {
1822 BTIF_TRACE_ERROR("%s, %d", __func__, btm_status);
1823 } else {
1824 BTIF_TRACE_DEBUG("%s", __func__);
1825 }
1826 }
1827
1828 /*****************************************************************************
1829 *
1830 * btif api functions (no context switch)
1831 *
1832 ****************************************************************************/
1833
1834 /*******************************************************************************
1835 *
1836 * Function btif_dm_start_discovery
1837 *
1838 * Description Start device discovery/inquiry
1839 *
1840 ******************************************************************************/
btif_dm_start_discovery(void)1841 void btif_dm_start_discovery(void) {
1842 BTIF_TRACE_EVENT("%s", __func__);
1843
1844 if (bta_dm_is_search_request_queued()) {
1845 LOG_INFO("%s skipping start discovery because a request is queued",
1846 __func__);
1847 return;
1848 }
1849
1850 /* Cleanup anything remaining on index 0 */
1851 BTM_BleAdvFilterParamSetup(
1852 BTM_BLE_SCAN_COND_DELETE, static_cast<tBTM_BLE_PF_FILT_INDEX>(0), nullptr,
1853 base::Bind(&bte_scan_filt_param_cfg_evt, btm_status_value(BTM_SUCCESS)));
1854
1855 auto adv_filt_param = std::make_unique<btgatt_filt_param_setup_t>();
1856 /* Add an allow-all filter on index 0*/
1857 adv_filt_param->dely_mode = IMMEDIATE_DELY_MODE;
1858 adv_filt_param->feat_seln = ALLOW_ALL_FILTER;
1859 adv_filt_param->filt_logic_type = BTA_DM_BLE_PF_FILT_LOGIC_OR;
1860 adv_filt_param->list_logic_type = BTA_DM_BLE_PF_LIST_LOGIC_OR;
1861 adv_filt_param->rssi_low_thres = LOWEST_RSSI_VALUE;
1862 adv_filt_param->rssi_high_thres = LOWEST_RSSI_VALUE;
1863 BTM_BleAdvFilterParamSetup(
1864 BTM_BLE_SCAN_COND_ADD, static_cast<tBTM_BLE_PF_FILT_INDEX>(0),
1865 std::move(adv_filt_param),
1866 base::Bind(&bte_scan_filt_param_cfg_evt, btm_status_value(BTM_SUCCESS)));
1867
1868 /* Will be enabled to true once inquiry busy level has been received */
1869 btif_dm_inquiry_in_progress = false;
1870 /* find nearby devices */
1871 BTA_DmSearch(btif_dm_search_devices_evt, is_bonding_or_sdp());
1872 }
1873
1874 /*******************************************************************************
1875 *
1876 * Function btif_dm_cancel_discovery
1877 *
1878 * Description Cancels search
1879 *
1880 ******************************************************************************/
btif_dm_cancel_discovery(void)1881 void btif_dm_cancel_discovery(void) {
1882 LOG_INFO("Cancel search");
1883 BTA_DmSearchCancel();
1884 }
1885
btif_dm_pairing_is_busy()1886 bool btif_dm_pairing_is_busy() {
1887 return pairing_cb.state != BT_BOND_STATE_NONE;
1888 }
1889
1890 /*******************************************************************************
1891 *
1892 * Function btif_dm_create_bond
1893 *
1894 * Description Initiate bonding with the specified device
1895 *
1896 ******************************************************************************/
btif_dm_create_bond(const RawAddress bd_addr,int transport)1897 void btif_dm_create_bond(const RawAddress bd_addr, int transport) {
1898 BTIF_TRACE_EVENT("%s: bd_addr=%s, transport=%d", __func__,
1899 bd_addr.ToString().c_str(), transport);
1900 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CREATE_BOND,
1901 pairing_cb.state);
1902
1903 pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
1904 btif_dm_cb_create_bond(bd_addr, transport);
1905 }
1906
1907 /*******************************************************************************
1908 *
1909 * Function btif_dm_create_bond_out_of_band
1910 *
1911 * Description Initiate bonding with the specified device using out of band
1912 * data
1913 *
1914 ******************************************************************************/
btif_dm_create_bond_out_of_band(const RawAddress bd_addr,tBT_TRANSPORT transport,const bt_oob_data_t p192_data,const bt_oob_data_t p256_data)1915 void btif_dm_create_bond_out_of_band(const RawAddress bd_addr,
1916 tBT_TRANSPORT transport,
1917 const bt_oob_data_t p192_data,
1918 const bt_oob_data_t p256_data) {
1919 bt_oob_data_t empty_data;
1920 memset(&empty_data, 0, sizeof(empty_data));
1921
1922 oob_cb.bdaddr = bd_addr;
1923 oob_cb.transport = transport;
1924 oob_cb.data_present = (int)BTM_OOB_NONE;
1925 if (memcmp(&p192_data, &empty_data, sizeof(p192_data)) != 0) {
1926 memcpy(&oob_cb.p192_data, &p192_data, sizeof(bt_oob_data_t));
1927 oob_cb.data_present = (int)BTM_OOB_PRESENT_192;
1928 }
1929
1930 if (memcmp(&p256_data, &empty_data, sizeof(p256_data)) != 0) {
1931 memcpy(&oob_cb.p256_data, &p256_data, sizeof(bt_oob_data_t));
1932 if (oob_cb.data_present == (int)BTM_OOB_PRESENT_192) {
1933 oob_cb.data_present = (int)BTM_OOB_PRESENT_192_AND_256;
1934 } else {
1935 oob_cb.data_present = (int)BTM_OOB_PRESENT_256;
1936 }
1937 }
1938
1939 uint8_t empty[] = {0, 0, 0, 0, 0, 0, 0};
1940 switch (transport) {
1941 case BT_TRANSPORT_BR_EDR:
1942 // TODO(182162589): Flesh out classic impl in legacy BTMSec
1943 // Nothing to do yet, but not an error
1944
1945 // The controller only supports P192
1946 switch (oob_cb.data_present) {
1947 case BTM_OOB_PRESENT_192_AND_256:
1948 LOG_INFO("Have both P192 and P256");
1949 [[fallthrough]];
1950 case BTM_OOB_PRESENT_192:
1951 LOG_INFO("Using P192");
1952 break;
1953 case BTM_OOB_PRESENT_256:
1954 LOG_INFO("Using P256");
1955 [[fallthrough]];
1956 default:
1957 // TODO(181889116):
1958 // Upgrade to support p256 (for now we just ignore P256)
1959 // because the controllers do not yet support it.
1960 LOG_ERROR("Invalid data present for controller: %d",
1961 oob_cb.data_present);
1962 bond_state_changed(BT_STATUS_FAIL, bd_addr, BT_BOND_STATE_NONE);
1963 return;
1964 }
1965 pairing_cb.is_local_initiated = true;
1966 LOG_ERROR("Classic not implemented yet");
1967 bond_state_changed(BT_STATUS_FAIL, bd_addr, BT_BOND_STATE_NONE);
1968 return;
1969 case BT_TRANSPORT_LE: {
1970 // Guess default RANDOM for address type for LE
1971 tBLE_ADDR_TYPE address_type = BLE_ADDR_RANDOM;
1972 LOG_INFO("Using LE Transport");
1973 switch (oob_cb.data_present) {
1974 case BTM_OOB_PRESENT_192_AND_256:
1975 LOG_INFO("Have both P192 and P256");
1976 [[fallthrough]];
1977 // Always prefer 256 for LE
1978 case BTM_OOB_PRESENT_256:
1979 LOG_INFO("Using P256");
1980 // If we have an address, lets get the type
1981 if (memcmp(p256_data.address, empty, 7) != 0) {
1982 /* byte no 7 is address type in LE Bluetooth Address OOB data */
1983 address_type = static_cast<tBLE_ADDR_TYPE>(p256_data.address[6]);
1984 }
1985 break;
1986 case BTM_OOB_PRESENT_192:
1987 LOG_INFO("Using P192");
1988 // If we have an address, lets get the type
1989 if (memcmp(p192_data.address, empty, 7) != 0) {
1990 /* byte no 7 is address type in LE Bluetooth Address OOB data */
1991 address_type = static_cast<tBLE_ADDR_TYPE>(p192_data.address[6]);
1992 }
1993 break;
1994 }
1995 pairing_cb.is_local_initiated = true;
1996 BTM_SecAddBleDevice(bd_addr, BT_DEVICE_TYPE_BLE, address_type);
1997 BTA_DmBond(bd_addr, address_type, transport, BT_DEVICE_TYPE_BLE);
1998 break;
1999 }
2000 default:
2001 LOG_ERROR("Invalid transport: %d", transport);
2002 bond_state_changed(BT_STATUS_FAIL, bd_addr, BT_BOND_STATE_NONE);
2003 return;
2004 }
2005 }
2006
2007 /*******************************************************************************
2008 *
2009 * Function btif_dm_cancel_bond
2010 *
2011 * Description Initiate bonding with the specified device
2012 *
2013 ******************************************************************************/
btif_dm_cancel_bond(const RawAddress bd_addr)2014 void btif_dm_cancel_bond(const RawAddress bd_addr) {
2015 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, bd_addr.ToString().c_str());
2016
2017 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CANCEL_BOND,
2018 pairing_cb.state);
2019
2020 /* TODO:
2021 ** 1. Restore scan modes
2022 ** 2. special handling for HID devices
2023 */
2024 if (is_bonding_or_sdp()) {
2025 if (pairing_cb.is_ssp) {
2026 if (pairing_cb.is_le_only) {
2027 BTA_DmBleSecurityGrant(bd_addr, BTA_DM_SEC_PAIR_NOT_SPT);
2028 } else {
2029 BTA_DmConfirm(bd_addr, false);
2030 BTA_DmBondCancel(bd_addr);
2031 btif_storage_remove_bonded_device(&bd_addr);
2032 }
2033 } else {
2034 if (pairing_cb.is_le_only) {
2035 BTA_DmBondCancel(bd_addr);
2036 } else {
2037 BTA_DmPinReply(bd_addr, false, 0, NULL);
2038 }
2039 /* Cancel bonding, in case it is in ACL connection setup state */
2040 BTA_DmBondCancel(bd_addr);
2041 }
2042 }
2043 }
2044
2045 /*******************************************************************************
2046 *
2047 * Function btif_dm_hh_open_failed
2048 *
2049 * Description informs the upper layers if the HH have failed during
2050 * bonding
2051 *
2052 * Returns none
2053 *
2054 ******************************************************************************/
2055
btif_dm_hh_open_failed(RawAddress * bdaddr)2056 void btif_dm_hh_open_failed(RawAddress* bdaddr) {
2057 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
2058 *bdaddr == pairing_cb.bd_addr) {
2059 bond_state_changed(BT_STATUS_FAIL, *bdaddr, BT_BOND_STATE_NONE);
2060 }
2061 }
2062
2063 /*******************************************************************************
2064 *
2065 * Function btif_dm_remove_bond
2066 *
2067 * Description Removes bonding with the specified device
2068 *
2069 ******************************************************************************/
2070
btif_dm_remove_bond(const RawAddress bd_addr)2071 void btif_dm_remove_bond(const RawAddress bd_addr) {
2072 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, bd_addr.ToString().c_str());
2073
2074 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_REMOVE_BOND,
2075 pairing_cb.state);
2076
2077 // special handling for HID devices
2078 // VUP needs to be sent if its a HID Device. The HID HOST module will check if
2079 // there is a valid hid connection with this bd_addr. If yes VUP will be
2080 // issued.
2081 #if (BTA_HH_INCLUDED == TRUE)
2082 if (btif_hh_virtual_unplug(&bd_addr) != BT_STATUS_SUCCESS)
2083 #endif
2084 {
2085 BTIF_TRACE_DEBUG("%s: Removing HH device", __func__);
2086 BTA_DmRemoveDevice(bd_addr);
2087 }
2088 }
2089
2090 /*******************************************************************************
2091 *
2092 * Function btif_dm_pin_reply
2093 *
2094 * Description BT legacy pairing - PIN code reply
2095 *
2096 ******************************************************************************/
2097
btif_dm_pin_reply(const RawAddress bd_addr,uint8_t accept,uint8_t pin_len,bt_pin_code_t pin_code)2098 void btif_dm_pin_reply(const RawAddress bd_addr, uint8_t accept,
2099 uint8_t pin_len, bt_pin_code_t pin_code) {
2100 BTIF_TRACE_EVENT("%s: accept=%d", __func__, accept);
2101
2102 if (pairing_cb.is_le_only) {
2103 int i;
2104 uint32_t passkey = 0;
2105 int multi[] = {100000, 10000, 1000, 100, 10, 1};
2106 for (i = 0; i < 6; i++) {
2107 passkey += (multi[i] * (pin_code.pin[i] - '0'));
2108 }
2109 BTIF_TRACE_DEBUG("btif_dm_pin_reply: passkey: %d", passkey);
2110 BTA_DmBlePasskeyReply(bd_addr, accept, passkey);
2111
2112 } else {
2113 BTA_DmPinReply(bd_addr, accept, pin_len, pin_code.pin);
2114 if (accept) pairing_cb.pin_code_len = pin_len;
2115 }
2116 }
2117
2118 /*******************************************************************************
2119 *
2120 * Function btif_dm_ssp_reply
2121 *
2122 * Description BT SSP Reply - Just Works, Numeric Comparison & Passkey
2123 * Entry
2124 *
2125 ******************************************************************************/
btif_dm_ssp_reply(const RawAddress bd_addr,bt_ssp_variant_t variant,uint8_t accept)2126 void btif_dm_ssp_reply(const RawAddress bd_addr, bt_ssp_variant_t variant,
2127 uint8_t accept) {
2128 BTIF_TRACE_EVENT("%s: accept=%d", __func__, accept);
2129 if (pairing_cb.is_le_only) {
2130 if (pairing_cb.is_le_nc) {
2131 BTA_DmBleConfirmReply(bd_addr, accept);
2132 } else {
2133 if (accept)
2134 BTA_DmBleSecurityGrant(bd_addr, BTA_DM_SEC_GRANTED);
2135 else
2136 BTA_DmBleSecurityGrant(bd_addr, BTA_DM_SEC_PAIR_NOT_SPT);
2137 }
2138 } else {
2139 BTA_DmConfirm(bd_addr, accept);
2140 }
2141 }
2142
2143 /*******************************************************************************
2144 *
2145 * Function btif_dm_get_adapter_property
2146 *
2147 * Description Queries the BTA for the adapter property
2148 *
2149 * Returns bt_status_t
2150 *
2151 ******************************************************************************/
btif_dm_get_adapter_property(bt_property_t * prop)2152 bt_status_t btif_dm_get_adapter_property(bt_property_t* prop) {
2153 BTIF_TRACE_EVENT("%s: type=0x%x", __func__, prop->type);
2154 switch (prop->type) {
2155 case BT_PROPERTY_BDNAME: {
2156 bt_bdname_t* bd_name = (bt_bdname_t*)prop->val;
2157 strncpy((char*)bd_name->name, (char*)btif_get_default_local_name(),
2158 sizeof(bd_name->name) - 1);
2159 bd_name->name[sizeof(bd_name->name) - 1] = 0;
2160 prop->len = strlen((char*)bd_name->name);
2161 } break;
2162
2163 case BT_PROPERTY_ADAPTER_SCAN_MODE: {
2164 /* if the storage does not have it. Most likely app never set it. Default
2165 * is NONE */
2166 bt_scan_mode_t* mode = (bt_scan_mode_t*)prop->val;
2167 *mode = BT_SCAN_MODE_NONE;
2168 prop->len = sizeof(bt_scan_mode_t);
2169 } break;
2170
2171 case BT_PROPERTY_ADAPTER_DISCOVERY_TIMEOUT: {
2172 uint32_t* tmt = (uint32_t*)prop->val;
2173 *tmt = 120; /* default to 120s, if not found in NV */
2174 prop->len = sizeof(uint32_t);
2175 } break;
2176
2177 case BT_PROPERTY_CLASS_OF_DEVICE: {
2178 DEV_CLASS dev_class = BTA_DM_COD;
2179 memcpy(prop->val, dev_class, sizeof(DEV_CLASS));
2180 prop->len = sizeof(DEV_CLASS);
2181 } break;
2182
2183 // While fetching IO_CAP* values for the local device, we maintain backward
2184 // compatibility by using the value from #define macros BTM_LOCAL_IO_CAPS,
2185 // BTM_LOCAL_IO_CAPS_BLE if the values have never been explicitly set.
2186
2187 case BT_PROPERTY_LOCAL_IO_CAPS: {
2188 *(bt_io_cap_t*)prop->val = (bt_io_cap_t)BTM_LOCAL_IO_CAPS;
2189 prop->len = sizeof(bt_io_cap_t);
2190 } break;
2191
2192 case BT_PROPERTY_LOCAL_IO_CAPS_BLE: {
2193 *(bt_io_cap_t*)prop->val = (bt_io_cap_t)BTM_LOCAL_IO_CAPS_BLE;
2194 prop->len = sizeof(bt_io_cap_t);
2195 } break;
2196
2197 default:
2198 prop->len = 0;
2199 return BT_STATUS_FAIL;
2200 }
2201 return BT_STATUS_SUCCESS;
2202 }
2203
2204 /*******************************************************************************
2205 *
2206 * Function btif_dm_get_remote_services
2207 *
2208 * Description Start SDP to get remote services by transport
2209 *
2210 * Returns bt_status_t
2211 *
2212 ******************************************************************************/
btif_dm_get_remote_services(RawAddress remote_addr,const int transport)2213 void btif_dm_get_remote_services(RawAddress remote_addr, const int transport) {
2214 BTIF_TRACE_EVENT("%s: transport=%d, remote_addr=%s", __func__, transport,
2215 remote_addr.ToString().c_str());
2216
2217 BTA_DmDiscover(remote_addr, btif_dm_search_services_evt, transport,
2218 remote_addr != pairing_cb.bd_addr &&
2219 remote_addr != pairing_cb.static_bdaddr &&
2220 is_bonding_or_sdp());
2221 }
2222
btif_dm_enable_service(tBTA_SERVICE_ID service_id,bool enable)2223 void btif_dm_enable_service(tBTA_SERVICE_ID service_id, bool enable) {
2224 bt_status_t status = btif_in_execute_service_request(service_id, enable);
2225 if (status == BT_STATUS_SUCCESS) {
2226 bt_property_t property;
2227 Uuid local_uuids[BT_MAX_NUM_UUIDS];
2228
2229 /* Now send the UUID_PROPERTY_CHANGED event to the upper layer */
2230 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_UUIDS,
2231 sizeof(local_uuids), local_uuids);
2232 btif_storage_get_adapter_property(&property);
2233 invoke_adapter_properties_cb(BT_STATUS_SUCCESS, 1, &property);
2234 }
2235 return;
2236 }
2237
btif_dm_proc_io_req(tBTM_AUTH_REQ * p_auth_req,bool is_orig)2238 void btif_dm_proc_io_req(tBTM_AUTH_REQ* p_auth_req, bool is_orig) {
2239 uint8_t yes_no_bit = BTA_AUTH_SP_YES & *p_auth_req;
2240 /* if local initiated:
2241 ** 1. set DD + MITM
2242 ** if remote initiated:
2243 ** 1. Copy over the auth_req from peer's io_rsp
2244 ** 2. Set the MITM if peer has it set or if peer has DisplayYesNo
2245 *(iPhone)
2246 ** as a fallback set MITM+GB if peer had MITM set
2247 */
2248
2249 BTIF_TRACE_DEBUG("+%s: p_auth_req=%d", __func__, *p_auth_req);
2250 if (pairing_cb.is_local_initiated) {
2251 /* if initing/responding to a dedicated bonding, use dedicate bonding bit */
2252 *p_auth_req = BTA_AUTH_DD_BOND | BTA_AUTH_SP_YES;
2253 } else if (!is_orig) {
2254 /* peer initiated paring. They probably know what they want.
2255 ** Copy the mitm from peer device.
2256 */
2257 BTIF_TRACE_DEBUG("%s: setting p_auth_req to peer's: %d", __func__,
2258 pairing_cb.auth_req);
2259 *p_auth_req = (pairing_cb.auth_req & BTA_AUTH_BONDS);
2260
2261 /* copy over the MITM bit as well. In addition if the peer has DisplayYesNo,
2262 * force MITM */
2263 if ((yes_no_bit) || (pairing_cb.io_cap & BTM_IO_CAP_IO))
2264 *p_auth_req |= BTA_AUTH_SP_YES;
2265 } else if (yes_no_bit) {
2266 /* set the general bonding bit for stored device */
2267 *p_auth_req = BTA_AUTH_GEN_BOND | yes_no_bit;
2268 }
2269 BTIF_TRACE_DEBUG("-%s: p_auth_req=%d", __func__, *p_auth_req);
2270 }
2271
btif_dm_proc_io_rsp(UNUSED_ATTR const RawAddress & bd_addr,tBTM_IO_CAP io_cap,UNUSED_ATTR tBTM_OOB_DATA oob_data,tBTM_AUTH_REQ auth_req)2272 void btif_dm_proc_io_rsp(UNUSED_ATTR const RawAddress& bd_addr,
2273 tBTM_IO_CAP io_cap, UNUSED_ATTR tBTM_OOB_DATA oob_data,
2274 tBTM_AUTH_REQ auth_req) {
2275 if (auth_req & BTA_AUTH_BONDS) {
2276 BTIF_TRACE_DEBUG("%s auth_req:%d", __func__, auth_req);
2277 pairing_cb.auth_req = auth_req;
2278 pairing_cb.io_cap = io_cap;
2279 }
2280 }
2281
btif_dm_set_oob_for_io_req(tBTM_OOB_DATA * p_has_oob_data)2282 void btif_dm_set_oob_for_io_req(tBTM_OOB_DATA* p_has_oob_data) {
2283 if (is_empty_128bit(oob_cb.p192_data.c)) {
2284 *p_has_oob_data = false;
2285 } else {
2286 *p_has_oob_data = true;
2287 }
2288 BTIF_TRACE_DEBUG("%s: *p_has_oob_data=%d", __func__, *p_has_oob_data);
2289 }
2290
btif_dm_set_oob_for_le_io_req(const RawAddress & bd_addr,tBTM_OOB_DATA * p_has_oob_data,tBTM_LE_AUTH_REQ * p_auth_req)2291 void btif_dm_set_oob_for_le_io_req(const RawAddress& bd_addr,
2292 tBTM_OOB_DATA* p_has_oob_data,
2293 tBTM_LE_AUTH_REQ* p_auth_req) {
2294 switch (oob_cb.data_present) {
2295 case BTM_OOB_PRESENT_192_AND_256:
2296 LOG_INFO("Have both P192 and P256");
2297 [[fallthrough]];
2298 // Always prefer 256 for LE
2299 case BTM_OOB_PRESENT_256:
2300 LOG_INFO("Using P256");
2301 if (!is_empty_128bit(oob_cb.p256_data.c) &&
2302 !is_empty_128bit(oob_cb.p256_data.r)) {
2303 /* make sure OOB data is for this particular device */
2304 if (bd_addr == oob_cb.bdaddr) {
2305 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
2306 *p_has_oob_data = true;
2307 } else {
2308 *p_has_oob_data = false;
2309 LOG_WARN("P256-1: Remote address didn't match OOB data address");
2310 }
2311 } else if (!is_empty_128bit(oob_cb.p256_data.sm_tk)) {
2312 /* We have security manager TK */
2313
2314 /* make sure OOB data is for this particular device */
2315 if (bd_addr == oob_cb.bdaddr) {
2316 // When using OOB with TK, SC Secure Connections bit must be disabled.
2317 tBTM_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
2318 *p_auth_req = ((*p_auth_req) & mask);
2319 *p_has_oob_data = true;
2320 } else {
2321 *p_has_oob_data = false;
2322 LOG_WARN("P256-2: Remote address didn't match OOB data address");
2323 }
2324 } else {
2325 *p_has_oob_data = false;
2326 }
2327 break;
2328 case BTM_OOB_PRESENT_192:
2329 LOG_INFO("Using P192");
2330 if (!is_empty_128bit(oob_cb.p192_data.c) &&
2331 !is_empty_128bit(oob_cb.p192_data.r)) {
2332 /* make sure OOB data is for this particular device */
2333 if (bd_addr == oob_cb.bdaddr) {
2334 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
2335 *p_has_oob_data = true;
2336 } else {
2337 *p_has_oob_data = false;
2338 LOG_WARN("P192-1: Remote address didn't match OOB data address");
2339 }
2340 } else if (!is_empty_128bit(oob_cb.p192_data.sm_tk)) {
2341 /* We have security manager TK */
2342
2343 /* make sure OOB data is for this particular device */
2344 if (bd_addr == oob_cb.bdaddr) {
2345 // When using OOB with TK, SC Secure Connections bit must be disabled.
2346 tBTM_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
2347 *p_auth_req = ((*p_auth_req) & mask);
2348 *p_has_oob_data = true;
2349 } else {
2350 *p_has_oob_data = false;
2351 LOG_WARN("P192-2: Remote address didn't match OOB data address");
2352 }
2353 } else {
2354 *p_has_oob_data = false;
2355 }
2356 break;
2357 }
2358 BTIF_TRACE_DEBUG("%s *p_has_oob_data=%d", __func__, *p_has_oob_data);
2359 }
2360
2361 #ifdef BTIF_DM_OOB_TEST
btif_dm_load_local_oob(void)2362 void btif_dm_load_local_oob(void) {
2363 char prop_oob[PROPERTY_VALUE_MAX];
2364 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2365 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2366 if (prop_oob[0] != '3') {
2367 if (is_empty_128bit(oob_cb.p192_data.c)) {
2368 BTIF_TRACE_DEBUG("%s: read OOB, call BTA_DmLocalOob()", __func__);
2369 BTA_DmLocalOob();
2370 }
2371 }
2372 }
2373
2374 static bool waiting_on_oob_advertiser_start = false;
2375 static uint8_t oob_advertiser_id = 0;
stop_oob_advertiser()2376 static void stop_oob_advertiser() {
2377 auto advertiser = get_ble_advertiser_instance();
2378 advertiser->Unregister(oob_advertiser_id);
2379 oob_advertiser_id = 0;
2380 }
2381
2382 /*******************************************************************************
2383 *
2384 * Function btif_dm_generate_local_oob_data
2385 *
2386 * Description Initiate oob data fetch from controller
2387 *
2388 * Parameters transport; Classic or LE
2389 *
2390 ******************************************************************************/
btif_dm_generate_local_oob_data(tBT_TRANSPORT transport)2391 void btif_dm_generate_local_oob_data(tBT_TRANSPORT transport) {
2392 LOG_DEBUG("Transport %s", bt_transport_text(transport).c_str());
2393 if (transport == BT_TRANSPORT_BR_EDR) {
2394 BTM_ReadLocalOobData();
2395 } else if (transport == BT_TRANSPORT_LE) {
2396 // Call create data first, so we don't have to hold on to the address for
2397 // the state machine lifecycle. Rather, lets create the data, then start
2398 // advertising then request the address.
2399 if (!waiting_on_oob_advertiser_start) {
2400 if (oob_advertiser_id != 0) {
2401 stop_oob_advertiser();
2402 }
2403 waiting_on_oob_advertiser_start = true;
2404 SMP_CrLocScOobData();
2405 } else {
2406 invoke_oob_data_request_cb(transport, false, Octet16{}, Octet16{},
2407 RawAddress{}, 0x00);
2408 }
2409 }
2410 }
2411
2412 // Step Four: CallBack from Step Three
get_address_callback(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t address_type,RawAddress address)2413 static void get_address_callback(tBT_TRANSPORT transport, bool is_valid,
2414 const Octet16& c, const Octet16& r,
2415 uint8_t address_type, RawAddress address) {
2416 invoke_oob_data_request_cb(transport, is_valid, c, r, address, address_type);
2417 waiting_on_oob_advertiser_start = false;
2418 }
2419
2420 // Step Three: CallBack from Step Two, advertise and get address
start_advertising_callback(uint8_t id,tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t status)2421 static void start_advertising_callback(uint8_t id, tBT_TRANSPORT transport,
2422 bool is_valid, const Octet16& c,
2423 const Octet16& r, uint8_t status) {
2424 if (status != 0) {
2425 LOG_INFO("OOB get advertiser ID failed with status %hhd", status);
2426 invoke_oob_data_request_cb(transport, false, c, r, RawAddress{}, 0x00);
2427 SMP_ClearLocScOobData();
2428 waiting_on_oob_advertiser_start = false;
2429 oob_advertiser_id = 0;
2430 return;
2431 }
2432 LOG_DEBUG("OOB advertiser with id %hhd", id);
2433 auto advertiser = get_ble_advertiser_instance();
2434 advertiser->GetOwnAddress(
2435 id, base::Bind(&get_address_callback, transport, is_valid, c, r));
2436 }
2437
timeout_cb(uint8_t id,uint8_t status)2438 static void timeout_cb(uint8_t id, uint8_t status) {
2439 LOG_INFO("OOB advertiser with id %hhd timed out with status %hhd", id,
2440 status);
2441 auto advertiser = get_ble_advertiser_instance();
2442 advertiser->Unregister(id);
2443 SMP_ClearLocScOobData();
2444 waiting_on_oob_advertiser_start = false;
2445 oob_advertiser_id = 0;
2446 }
2447
2448 // Step Two: CallBack from Step One, advertise and get address
id_status_callback(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t id,uint8_t status)2449 static void id_status_callback(tBT_TRANSPORT transport, bool is_valid,
2450 const Octet16& c, const Octet16& r, uint8_t id,
2451 uint8_t status) {
2452 if (status != 0) {
2453 LOG_INFO("OOB get advertiser ID failed with status %hhd", status);
2454 invoke_oob_data_request_cb(transport, false, c, r, RawAddress{}, 0x00);
2455 SMP_ClearLocScOobData();
2456 waiting_on_oob_advertiser_start = false;
2457 oob_advertiser_id = 0;
2458 return;
2459 }
2460
2461 oob_advertiser_id = id;
2462
2463 auto advertiser = get_ble_advertiser_instance();
2464 AdvertiseParameters parameters;
2465 parameters.advertising_event_properties = 0x0041 /* connectable, tx power */;
2466 parameters.min_interval = 0xa0; // 100 ms
2467 parameters.max_interval = 0x500; // 800 ms
2468 parameters.channel_map = 0x7; // Use all the channels
2469 parameters.tx_power = 0; // 0 dBm
2470 parameters.primary_advertising_phy = 1;
2471 parameters.secondary_advertising_phy = 2;
2472 parameters.scan_request_notification_enable = 0;
2473
2474 std::vector<uint8_t> advertisement{0x02, 0x01 /* Flags */,
2475 0x02 /* Connectable */};
2476 std::vector<uint8_t> scan_data{};
2477
2478 advertiser->StartAdvertising(
2479 id,
2480 base::Bind(&start_advertising_callback, id, transport, is_valid, c, r),
2481 parameters, advertisement, scan_data, 3600 /* timeout_s */,
2482 base::Bind(&timeout_cb, id));
2483 }
2484
2485 // Step One: Start the advertiser
start_oob_advertiser(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r)2486 static void start_oob_advertiser(tBT_TRANSPORT transport, bool is_valid,
2487 const Octet16& c, const Octet16& r) {
2488 auto advertiser = get_ble_advertiser_instance();
2489 advertiser->RegisterAdvertiser(
2490 base::Bind(&id_status_callback, transport, is_valid, c, r));
2491 }
2492
btif_dm_proc_loc_oob(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r)2493 void btif_dm_proc_loc_oob(tBT_TRANSPORT transport, bool is_valid,
2494 const Octet16& c, const Octet16& r) {
2495 // is_valid is important for deciding which OobDataCallback function to use
2496 if (!is_valid) {
2497 invoke_oob_data_request_cb(transport, false, c, r, RawAddress{}, 0x00);
2498 waiting_on_oob_advertiser_start = false;
2499 return;
2500 }
2501 // Now that we have the data, lets start advertising and get the address.
2502 start_oob_advertiser(transport, is_valid, c, r);
2503 }
2504
2505 /*******************************************************************************
2506 *
2507 * Function btif_dm_get_smp_config
2508 *
2509 * Description Retrieve the SMP pairing options from the bt_stack.conf
2510 * file. To provide specific pairing options for the host
2511 * add a node with label "SmpOptions" to the config file
2512 * and assign it a comma separated list of 5 values in the
2513 * format: auth, io, ikey, rkey, ksize, oob
2514 * eg: PTS_SmpOptions=0xD,0x4,0xf,0xf,0x10
2515 *
2516 * Parameters: tBTE_APPL_CFG*: pointer to struct defining pairing options
2517 *
2518 * Returns true if the options were successfully read, else false
2519 *
2520 ******************************************************************************/
btif_dm_get_smp_config(tBTE_APPL_CFG * p_cfg)2521 bool btif_dm_get_smp_config(tBTE_APPL_CFG* p_cfg) {
2522 const std::string* recv = stack_config_get_interface()->get_pts_smp_options();
2523 if (!recv) {
2524 LOG_DEBUG("SMP pairing options not found in stack configuration");
2525 return false;
2526 }
2527
2528 char conf[64];
2529 char* pch;
2530 char* endptr;
2531
2532 strncpy(conf, recv->c_str(), 64);
2533 conf[63] = 0; // null terminate
2534
2535 pch = strtok(conf, ",");
2536 if (pch != NULL)
2537 p_cfg->ble_auth_req = (uint8_t)strtoul(pch, &endptr, 16);
2538 else
2539 return false;
2540
2541 pch = strtok(NULL, ",");
2542 if (pch != NULL)
2543 p_cfg->ble_io_cap = (uint8_t)strtoul(pch, &endptr, 16);
2544 else
2545 return false;
2546
2547 pch = strtok(NULL, ",");
2548 if (pch != NULL)
2549 p_cfg->ble_init_key = (uint8_t)strtoul(pch, &endptr, 16);
2550 else
2551 return false;
2552
2553 pch = strtok(NULL, ",");
2554 if (pch != NULL)
2555 p_cfg->ble_resp_key = (uint8_t)strtoul(pch, &endptr, 16);
2556 else
2557 return false;
2558
2559 pch = strtok(NULL, ",");
2560 if (pch != NULL)
2561 p_cfg->ble_max_key_size = (uint8_t)strtoul(pch, &endptr, 16);
2562 else
2563 return false;
2564
2565 return true;
2566 }
2567
btif_dm_proc_rmt_oob(const RawAddress & bd_addr,Octet16 * p_c,Octet16 * p_r)2568 bool btif_dm_proc_rmt_oob(const RawAddress& bd_addr, Octet16* p_c,
2569 Octet16* p_r) {
2570 const char* path_a = "/data/misc/bluedroid/LOCAL/a.key";
2571 const char* path_b = "/data/misc/bluedroid/LOCAL/b.key";
2572 const char* path = NULL;
2573 char prop_oob[PROPERTY_VALUE_MAX];
2574 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2575 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2576 if (prop_oob[0] == '1')
2577 path = path_b;
2578 else if (prop_oob[0] == '2')
2579 path = path_a;
2580 if (!path) {
2581 BTIF_TRACE_DEBUG("%s: can't open path!", __func__);
2582 return false;
2583 }
2584
2585 FILE* fp = fopen(path, "rb");
2586 if (fp == NULL) {
2587 BTIF_TRACE_DEBUG("%s: failed to read OOB keys from %s", __func__, path);
2588 return false;
2589 }
2590
2591 BTIF_TRACE_DEBUG("%s: read OOB data from %s", __func__, path);
2592 (void)fread(p_c->data(), 1, OCTET16_LEN, fp);
2593 (void)fread(p_r->data(), 1, OCTET16_LEN, fp);
2594 fclose(fp);
2595
2596 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2597 return true;
2598 }
2599 #endif /* BTIF_DM_OOB_TEST */
2600
btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)2601 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
2602 RawAddress bd_addr;
2603 bt_bdname_t bd_name;
2604 uint32_t cod;
2605 int dev_type;
2606
2607 BTIF_TRACE_DEBUG("%s", __func__);
2608
2609 /* Remote name update */
2610 if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
2611 dev_type = BT_DEVICE_TYPE_BLE;
2612 }
2613 btif_dm_update_ble_remote_properties(p_ssp_key_notif->bd_addr,
2614 p_ssp_key_notif->bd_name,
2615 (tBT_DEVICE_TYPE)dev_type);
2616 bd_addr = p_ssp_key_notif->bd_addr;
2617 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
2618 bd_name.name[BD_NAME_LEN] = '\0';
2619
2620 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2621 pairing_cb.is_ssp = false;
2622 cod = COD_UNCLASSIFIED;
2623
2624 invoke_ssp_request_cb(bd_addr, bd_name, cod,
2625 BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
2626 p_ssp_key_notif->passkey);
2627 }
2628
2629 /*******************************************************************************
2630 *
2631 * Function btif_dm_ble_auth_cmpl_evt
2632 *
2633 * Description Executes authentication complete event in btif context
2634 *
2635 * Returns void
2636 *
2637 ******************************************************************************/
btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)2638 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
2639 /* Save link key, if not temporary */
2640 bt_status_t status = BT_STATUS_FAIL;
2641 bt_bond_state_t state = BT_BOND_STATE_NONE;
2642
2643 RawAddress bd_addr = p_auth_cmpl->bd_addr;
2644
2645 /* Clear OOB data */
2646 memset(&oob_cb, 0, sizeof(oob_cb));
2647
2648 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
2649 /* store keys */
2650 }
2651 if (p_auth_cmpl->success) {
2652 status = BT_STATUS_SUCCESS;
2653 state = BT_BOND_STATE_BONDED;
2654 tBLE_ADDR_TYPE addr_type;
2655 RawAddress bdaddr = p_auth_cmpl->bd_addr;
2656 if (btif_storage_get_remote_addr_type(&bdaddr, &addr_type) !=
2657 BT_STATUS_SUCCESS)
2658 btif_storage_set_remote_addr_type(&bdaddr, p_auth_cmpl->addr_type);
2659
2660 /* Test for temporary bonding */
2661 if (btm_get_bond_type_dev(p_auth_cmpl->bd_addr) ==
2662 tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
2663 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
2664 __func__);
2665 btif_storage_remove_bonded_device(&bdaddr);
2666 state = BT_BOND_STATE_NONE;
2667 } else {
2668 btif_dm_save_ble_bonding_keys(bdaddr);
2669 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_LE);
2670 }
2671 } else {
2672 /*Map the HCI fail reason to bt status */
2673 // TODO This is not a proper use of the type
2674 uint8_t fail_reason = static_cast<uint8_t>(p_auth_cmpl->fail_reason);
2675 switch (fail_reason) {
2676 case BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL:
2677 case BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL:
2678 case BTA_DM_AUTH_SMP_UNKNOWN_ERR:
2679 btif_dm_remove_ble_bonding_keys();
2680 status = BT_STATUS_AUTH_FAILURE;
2681 break;
2682
2683 case BTA_DM_AUTH_SMP_CONN_TOUT: {
2684 if (btm_sec_is_a_bonded_dev(bd_addr)) {
2685 LOG(INFO) << __func__ << " Bonded device addr=" << bd_addr
2686 << " timed out - will not remove the keys";
2687 // Don't send state change to upper layers - otherwise Java think we
2688 // unbonded, and will disconnect HID profile.
2689 return;
2690 }
2691
2692 btif_dm_remove_ble_bonding_keys();
2693 status = BT_STATUS_AUTH_FAILURE;
2694 break;
2695 }
2696 case BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT:
2697 status = BT_STATUS_AUTH_REJECTED;
2698 break;
2699 default:
2700 btif_dm_remove_ble_bonding_keys();
2701 status = BT_STATUS_FAIL;
2702 break;
2703 }
2704 }
2705 if (state == BT_BOND_STATE_BONDED && !pairing_cb.static_bdaddr.IsEmpty() &&
2706 bd_addr != pairing_cb.static_bdaddr) {
2707 // Report RPA bonding state to Java in crosskey paring
2708 bond_state_changed(status, bd_addr, BT_BOND_STATE_BONDING);
2709 }
2710 bond_state_changed(status, bd_addr, state);
2711 }
2712
btif_dm_load_ble_local_keys(void)2713 void btif_dm_load_ble_local_keys(void) {
2714 memset(&ble_local_key_cb, 0, sizeof(btif_dm_local_key_cb_t));
2715
2716 if (btif_storage_get_ble_local_key(
2717 BTIF_DM_LE_LOCAL_KEY_ER, &ble_local_key_cb.er) == BT_STATUS_SUCCESS) {
2718 ble_local_key_cb.is_er_rcvd = true;
2719 BTIF_TRACE_DEBUG("%s BLE ER key loaded", __func__);
2720 }
2721
2722 if ((btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IR,
2723 &ble_local_key_cb.id_keys.ir) ==
2724 BT_STATUS_SUCCESS) &&
2725 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IRK,
2726 &ble_local_key_cb.id_keys.irk) ==
2727 BT_STATUS_SUCCESS) &&
2728 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_DHK,
2729 &ble_local_key_cb.id_keys.dhk) ==
2730 BT_STATUS_SUCCESS)) {
2731 ble_local_key_cb.is_id_keys_rcvd = true;
2732 BTIF_TRACE_DEBUG("%s BLE ID keys loaded", __func__);
2733 }
2734 }
btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK * p_key_mask,Octet16 * p_er,tBTA_BLE_LOCAL_ID_KEYS * p_id_keys)2735 void btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK* p_key_mask,
2736 Octet16* p_er,
2737 tBTA_BLE_LOCAL_ID_KEYS* p_id_keys) {
2738 if (ble_local_key_cb.is_er_rcvd) {
2739 *p_er = ble_local_key_cb.er;
2740 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ER;
2741 }
2742
2743 if (ble_local_key_cb.is_id_keys_rcvd) {
2744 p_id_keys->ir = ble_local_key_cb.id_keys.ir;
2745 p_id_keys->irk = ble_local_key_cb.id_keys.irk;
2746 p_id_keys->dhk = ble_local_key_cb.id_keys.dhk;
2747 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ID;
2748 }
2749 BTIF_TRACE_DEBUG("%s *p_key_mask=0x%02x", __func__, *p_key_mask);
2750 }
2751
btif_dm_save_ble_bonding_keys(RawAddress & bd_addr)2752 void btif_dm_save_ble_bonding_keys(RawAddress& bd_addr) {
2753 BTIF_TRACE_DEBUG("%s", __func__);
2754
2755 if (pairing_cb.ble.is_penc_key_rcvd) {
2756 btif_storage_add_ble_bonding_key(
2757 &bd_addr, (uint8_t*)&pairing_cb.ble.penc_key, BTM_LE_KEY_PENC,
2758 sizeof(tBTM_LE_PENC_KEYS));
2759 }
2760
2761 if (pairing_cb.ble.is_pid_key_rcvd) {
2762 btif_storage_add_ble_bonding_key(&bd_addr,
2763 (uint8_t*)&pairing_cb.ble.pid_key,
2764 BTM_LE_KEY_PID, sizeof(tBTM_LE_PID_KEYS));
2765 }
2766
2767 if (pairing_cb.ble.is_pcsrk_key_rcvd) {
2768 btif_storage_add_ble_bonding_key(
2769 &bd_addr, (uint8_t*)&pairing_cb.ble.pcsrk_key, BTM_LE_KEY_PCSRK,
2770 sizeof(tBTM_LE_PCSRK_KEYS));
2771 }
2772
2773 if (pairing_cb.ble.is_lenc_key_rcvd) {
2774 btif_storage_add_ble_bonding_key(
2775 &bd_addr, (uint8_t*)&pairing_cb.ble.lenc_key, BTM_LE_KEY_LENC,
2776 sizeof(tBTM_LE_LENC_KEYS));
2777 }
2778
2779 if (pairing_cb.ble.is_lcsrk_key_rcvd) {
2780 btif_storage_add_ble_bonding_key(
2781 &bd_addr, (uint8_t*)&pairing_cb.ble.lcsrk_key, BTM_LE_KEY_LCSRK,
2782 sizeof(tBTM_LE_LCSRK_KEYS));
2783 }
2784
2785 if (pairing_cb.ble.is_lidk_key_rcvd) {
2786 uint8_t empty[] = {};
2787 btif_storage_add_ble_bonding_key(&bd_addr, empty, BTM_LE_KEY_LID, 0);
2788 }
2789 }
2790
btif_dm_remove_ble_bonding_keys(void)2791 void btif_dm_remove_ble_bonding_keys(void) {
2792 BTIF_TRACE_DEBUG("%s", __func__);
2793
2794 RawAddress bd_addr = pairing_cb.bd_addr;
2795 btif_storage_remove_ble_bonding_keys(&bd_addr);
2796 }
2797
2798 /*******************************************************************************
2799 *
2800 * Function btif_dm_ble_sec_req_evt
2801 *
2802 * Description Eprocess security request event in btif context
2803 *
2804 * Returns void
2805 *
2806 ******************************************************************************/
btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ * p_ble_req,bool is_consent)2807 void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ* p_ble_req, bool is_consent) {
2808 bt_bdname_t bd_name;
2809 uint32_t cod;
2810 int dev_type;
2811
2812 BTIF_TRACE_DEBUG("%s", __func__);
2813
2814 if (!is_consent && pairing_cb.state == BT_BOND_STATE_BONDING) {
2815 BTIF_TRACE_DEBUG("%s Discard security request", __func__);
2816 return;
2817 }
2818
2819 /* Remote name update */
2820 if (!btif_get_device_type(p_ble_req->bd_addr, &dev_type)) {
2821 dev_type = BT_DEVICE_TYPE_BLE;
2822 }
2823 btif_dm_update_ble_remote_properties(p_ble_req->bd_addr, p_ble_req->bd_name,
2824 (tBT_DEVICE_TYPE)dev_type);
2825
2826 RawAddress bd_addr = p_ble_req->bd_addr;
2827 memcpy(bd_name.name, p_ble_req->bd_name, BD_NAME_LEN);
2828 bd_name.name[BD_NAME_LEN] = '\0';
2829
2830 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2831
2832 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT;
2833 pairing_cb.is_le_only = true;
2834 pairing_cb.is_le_nc = false;
2835 pairing_cb.is_ssp = true;
2836 btm_set_bond_type_dev(p_ble_req->bd_addr, pairing_cb.bond_type);
2837
2838 cod = COD_UNCLASSIFIED;
2839
2840 invoke_ssp_request_cb(bd_addr, bd_name, cod, BT_SSP_VARIANT_CONSENT, 0);
2841 }
2842
2843 /*******************************************************************************
2844 *
2845 * Function btif_dm_ble_passkey_req_evt
2846 *
2847 * Description Executes pin request event in btif context
2848 *
2849 * Returns void
2850 *
2851 ******************************************************************************/
btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ * p_pin_req)2852 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
2853 bt_bdname_t bd_name;
2854 uint32_t cod;
2855 int dev_type;
2856
2857 /* Remote name update */
2858 if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
2859 dev_type = BT_DEVICE_TYPE_BLE;
2860 }
2861 btif_dm_update_ble_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
2862 (tBT_DEVICE_TYPE)dev_type);
2863
2864 RawAddress bd_addr = p_pin_req->bd_addr;
2865 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
2866 bd_name.name[BD_NAME_LEN] = '\0';
2867
2868 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2869 pairing_cb.is_le_only = true;
2870
2871 cod = COD_UNCLASSIFIED;
2872
2873 invoke_pin_request_cb(bd_addr, bd_name, cod, false);
2874 }
btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF * p_notif_req)2875 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req) {
2876 /* TODO implement key notification for numeric comparison */
2877 BTIF_TRACE_DEBUG("%s", __func__);
2878
2879 /* Remote name update */
2880 btif_update_remote_properties(p_notif_req->bd_addr, p_notif_req->bd_name,
2881 NULL, BT_DEVICE_TYPE_BLE);
2882
2883 RawAddress bd_addr = p_notif_req->bd_addr;
2884
2885 bt_bdname_t bd_name;
2886 memcpy(bd_name.name, p_notif_req->bd_name, BD_NAME_LEN);
2887 bd_name.name[BD_NAME_LEN] = '\0';
2888
2889 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2890 pairing_cb.is_ssp = false;
2891 pairing_cb.is_le_only = true;
2892 pairing_cb.is_le_nc = true;
2893
2894 invoke_ssp_request_cb(bd_addr, bd_name, COD_UNCLASSIFIED,
2895 BT_SSP_VARIANT_PASSKEY_CONFIRMATION,
2896 p_notif_req->passkey);
2897 }
2898
btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)2899 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
2900 BTIF_TRACE_DEBUG("%s", __func__);
2901
2902 RawAddress bd_addr = req_oob_type->bd_addr;
2903 /* We already checked if OOB data is present in
2904 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
2905 * do nothing, pairing will timeout.
2906 */
2907 if (is_empty_128bit(oob_cb.p192_data.sm_tk)) {
2908 return;
2909 }
2910
2911 /* make sure OOB data is for this particular device */
2912 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
2913 BTIF_TRACE_WARNING("%s: remote address didn't match OOB data address",
2914 __func__);
2915 return;
2916 }
2917
2918 /* Remote name update */
2919 btif_update_remote_properties(req_oob_type->bd_addr, req_oob_type->bd_name,
2920 NULL, BT_DEVICE_TYPE_BLE);
2921
2922 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2923 pairing_cb.is_ssp = false;
2924 pairing_cb.is_le_only = true;
2925 pairing_cb.is_le_nc = false;
2926
2927 BTM_BleOobDataReply(req_oob_type->bd_addr, 0, 16, oob_cb.p192_data.sm_tk);
2928 }
2929
btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)2930 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
2931 BTIF_TRACE_DEBUG("%s", __func__);
2932
2933 RawAddress bd_addr = req_oob_type->bd_addr;
2934 BTIF_TRACE_DEBUG("%s: bd_addr: %s", __func__, bd_addr.ToString().c_str());
2935 BTIF_TRACE_DEBUG("%s: oob_cb.bdaddr: %s", __func__,
2936 oob_cb.bdaddr.ToString().c_str());
2937
2938 /* make sure OOB data is for this particular device */
2939 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
2940 LOG_ERROR("remote address didn't match OOB data address");
2941 return;
2942 }
2943
2944 /* We already checked if OOB data is present in
2945 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
2946 * do nothing, pairing will timeout.
2947 */
2948 bt_oob_data_t oob_data_to_use = {};
2949 switch (oob_cb.data_present) {
2950 case BTM_OOB_PRESENT_192_AND_256:
2951 LOG_INFO("Have both P192 and P256");
2952 [[fallthrough]];
2953 // Always prefer 256 for LE
2954 case BTM_OOB_PRESENT_256:
2955 LOG_INFO("Using P256");
2956 if (is_empty_128bit(oob_cb.p256_data.c) &&
2957 is_empty_128bit(oob_cb.p256_data.r)) {
2958 LOG_WARN("P256 LE SC OOB data is empty");
2959 return;
2960 }
2961 oob_data_to_use = oob_cb.p256_data;
2962 break;
2963 case BTM_OOB_PRESENT_192:
2964 LOG_INFO("Using P192");
2965 if (is_empty_128bit(oob_cb.p192_data.c) &&
2966 is_empty_128bit(oob_cb.p192_data.r)) {
2967 LOG_WARN("P192 LE SC OOB data is empty");
2968 return;
2969 }
2970 oob_data_to_use = oob_cb.p192_data;
2971 break;
2972 }
2973
2974 /* Remote name update */
2975 btif_update_remote_properties(req_oob_type->bd_addr,
2976 oob_data_to_use.device_name, NULL,
2977 BT_DEVICE_TYPE_BLE);
2978
2979 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2980 pairing_cb.is_ssp = false;
2981 // TODO: we can derive classic pairing from this one
2982 pairing_cb.is_le_only = true;
2983 pairing_cb.is_le_nc = false;
2984 BTM_BleSecureConnectionOobDataReply(req_oob_type->bd_addr, oob_data_to_use.c,
2985 oob_data_to_use.r);
2986 }
2987
btif_dm_update_ble_remote_properties(const RawAddress & bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type)2988 void btif_dm_update_ble_remote_properties(const RawAddress& bd_addr,
2989 BD_NAME bd_name,
2990 tBT_DEVICE_TYPE dev_type) {
2991 btif_update_remote_properties(bd_addr, bd_name, NULL, dev_type);
2992 }
2993
btif_dm_ble_tx_test_cback(void * p)2994 static void btif_dm_ble_tx_test_cback(void* p) {
2995 char* p_param = (char*)p;
2996 uint8_t status;
2997 STREAM_TO_UINT8(status, p_param);
2998 invoke_le_test_mode_cb((status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
2999 }
3000
btif_dm_ble_rx_test_cback(void * p)3001 static void btif_dm_ble_rx_test_cback(void* p) {
3002 char* p_param = (char*)p;
3003 uint8_t status;
3004 STREAM_TO_UINT8(status, p_param);
3005 invoke_le_test_mode_cb((status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
3006 }
3007
btif_dm_ble_test_end_cback(void * p)3008 static void btif_dm_ble_test_end_cback(void* p) {
3009 char* p_param = (char*)p;
3010 uint8_t status;
3011 uint16_t count = 0;
3012 STREAM_TO_UINT8(status, p_param);
3013 if (status == 0) STREAM_TO_UINT16(count, p_param);
3014 invoke_le_test_mode_cb((status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL,
3015 count);
3016 }
3017
btif_ble_transmitter_test(uint8_t tx_freq,uint8_t test_data_len,uint8_t packet_payload)3018 void btif_ble_transmitter_test(uint8_t tx_freq, uint8_t test_data_len,
3019 uint8_t packet_payload) {
3020 BTM_BleTransmitterTest(tx_freq, test_data_len, packet_payload,
3021 btif_dm_ble_tx_test_cback);
3022 }
3023
btif_ble_receiver_test(uint8_t rx_freq)3024 void btif_ble_receiver_test(uint8_t rx_freq) {
3025 BTM_BleReceiverTest(rx_freq, btif_dm_ble_rx_test_cback);
3026 }
3027
btif_ble_test_end()3028 void btif_ble_test_end() { BTM_BleTestEnd(btif_dm_ble_test_end_cback); }
3029
btif_dm_on_disable()3030 void btif_dm_on_disable() {
3031 /* cancel any pending pairing requests */
3032 if (is_bonding_or_sdp()) {
3033 BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __func__);
3034 btif_dm_cancel_bond(pairing_cb.bd_addr);
3035 }
3036 }
3037
3038 /*******************************************************************************
3039 *
3040 * Function btif_dm_read_energy_info
3041 *
3042 * Description Reads the energy info from controller
3043 *
3044 * Returns void
3045 *
3046 ******************************************************************************/
btif_dm_read_energy_info()3047 void btif_dm_read_energy_info() { BTA_DmBleGetEnergyInfo(bta_energy_info_cb); }
3048
3049 /*******************************************************************************
3050 *
3051 * Function btif_dm_add_uuid_to_eir
3052 *
3053 * Description Add a service class uuid to the local device's EIR data
3054 *
3055 * Returns void
3056 *
3057 ******************************************************************************/
btif_dm_add_uuid_to_eir(uint16_t uuid16)3058 void btif_dm_add_uuid_to_eir(uint16_t uuid16) {
3059 BTIF_TRACE_DEBUG("%s: %d", __func__, uuid16);
3060 BTA_AddEirUuid(uuid16);
3061 }
3062
3063 /*******************************************************************************
3064 *
3065 * Function btif_dm_remove_uuid_from_eir
3066 *
3067 * Description Remove a service class uuid from the local device's EIR data
3068 *
3069 * Returns void
3070 *
3071 ******************************************************************************/
btif_dm_remove_uuid_from_eir(uint16_t uuid16)3072 void btif_dm_remove_uuid_from_eir(uint16_t uuid16) {
3073 BTIF_TRACE_DEBUG("%s: %d", __func__, uuid16);
3074 BTA_RemoveEirUuid(uuid16);
3075 }
3076
btif_get_default_local_name()3077 static char* btif_get_default_local_name() {
3078 if (btif_default_local_name[0] == '\0') {
3079 int max_len = sizeof(btif_default_local_name) - 1;
3080 if (BTM_DEF_LOCAL_NAME[0] != '\0') {
3081 strncpy(btif_default_local_name, BTM_DEF_LOCAL_NAME, max_len);
3082 } else {
3083 char prop_model[PROPERTY_VALUE_MAX];
3084 osi_property_get(PROPERTY_PRODUCT_MODEL, prop_model, "");
3085 strncpy(btif_default_local_name, prop_model, max_len);
3086 }
3087 btif_default_local_name[max_len] = '\0';
3088 }
3089 return btif_default_local_name;
3090 }
3091
btif_stats_add_bond_event(const RawAddress & bd_addr,bt_bond_function_t function,bt_bond_state_t state)3092 static void btif_stats_add_bond_event(const RawAddress& bd_addr,
3093 bt_bond_function_t function,
3094 bt_bond_state_t state) {
3095 std::unique_lock<std::mutex> lock(bond_event_lock);
3096
3097 btif_bond_event_t* event = &btif_dm_bond_events[btif_events_end_index];
3098 event->bd_addr = bd_addr;
3099 event->function = function;
3100 event->state = state;
3101 clock_gettime(CLOCK_REALTIME, &event->timestamp);
3102
3103 btif_num_bond_events++;
3104 btif_events_end_index =
3105 (btif_events_end_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3106 if (btif_events_end_index == btif_events_start_index) {
3107 btif_events_start_index =
3108 (btif_events_start_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3109 }
3110
3111 int type;
3112 btif_get_device_type(bd_addr, &type);
3113
3114 bluetooth::common::device_type_t device_type;
3115 switch (type) {
3116 case BT_DEVICE_TYPE_BREDR:
3117 device_type = bluetooth::common::DEVICE_TYPE_BREDR;
3118 break;
3119 case BT_DEVICE_TYPE_BLE:
3120 device_type = bluetooth::common::DEVICE_TYPE_LE;
3121 break;
3122 case BT_DEVICE_TYPE_DUMO:
3123 device_type = bluetooth::common::DEVICE_TYPE_DUMO;
3124 break;
3125 default:
3126 device_type = bluetooth::common::DEVICE_TYPE_UNKNOWN;
3127 break;
3128 }
3129
3130 uint32_t cod = get_cod(&bd_addr);
3131 uint64_t ts =
3132 event->timestamp.tv_sec * 1000 + event->timestamp.tv_nsec / 1000000;
3133 bluetooth::common::BluetoothMetricsLogger::GetInstance()->LogPairEvent(
3134 0, ts, cod, device_type);
3135 }
3136
btif_debug_bond_event_dump(int fd)3137 void btif_debug_bond_event_dump(int fd) {
3138 std::unique_lock<std::mutex> lock(bond_event_lock);
3139 dprintf(fd, "\nBond Events: \n");
3140 dprintf(fd, " Total Number of events: %zu\n", btif_num_bond_events);
3141 if (btif_num_bond_events > 0)
3142 dprintf(fd,
3143 " Time address Function State\n");
3144
3145 for (size_t i = btif_events_start_index; i != btif_events_end_index;
3146 i = (i + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1)) {
3147 btif_bond_event_t* event = &btif_dm_bond_events[i];
3148
3149 char eventtime[20];
3150 char temptime[20];
3151 struct tm* tstamp = localtime(&event->timestamp.tv_sec);
3152 strftime(temptime, sizeof(temptime), "%H:%M:%S", tstamp);
3153 snprintf(eventtime, sizeof(eventtime), "%s.%03ld", temptime,
3154 event->timestamp.tv_nsec / 1000000);
3155
3156 const char* func_name;
3157 switch (event->function) {
3158 case BTIF_DM_FUNC_CREATE_BOND:
3159 func_name = "btif_dm_create_bond";
3160 break;
3161 case BTIF_DM_FUNC_REMOVE_BOND:
3162 func_name = "btif_dm_remove_bond";
3163 break;
3164 case BTIF_DM_FUNC_BOND_STATE_CHANGED:
3165 func_name = "bond_state_changed ";
3166 break;
3167 default:
3168 func_name = "Invalid value ";
3169 break;
3170 }
3171
3172 const char* bond_state;
3173 switch (event->state) {
3174 case BT_BOND_STATE_NONE:
3175 bond_state = "BOND_STATE_NONE";
3176 break;
3177 case BT_BOND_STATE_BONDING:
3178 bond_state = "BOND_STATE_BONDING";
3179 break;
3180 case BT_BOND_STATE_BONDED:
3181 bond_state = "BOND_STATE_BONDED";
3182 break;
3183 default:
3184 bond_state = "Invalid bond state";
3185 break;
3186 }
3187
3188 dprintf(fd, " %s %s %s %s\n", eventtime,
3189 event->bd_addr.ToString().c_str(), func_name, bond_state);
3190 }
3191 }
3192