1 /******************************************************************************
2 *
3 * Copyright 2000-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /*****************************************************************************
20 *
21 * Name: btm_acl.cc
22 *
23 * Description: This file contains functions that handle ACL connections.
24 * This includes operations such as hold and sniff modes,
25 * supported packet types.
26 *
27 * This module contains both internal and external (API)
28 * functions. External (API) functions are distinguishable
29 * by their names beginning with uppercase BTM.
30 *
31 *
32 *****************************************************************************/
33
34 #define LOG_TAG "btm_acl"
35
36 #include <cstdint>
37
38 #include "bta/include/bta_dm_acl.h"
39 #include "bta/sys/bta_sys.h"
40 #include "btif/include/btif_acl.h"
41 #include "common/metrics.h"
42 #include "device/include/controller.h"
43 #include "device/include/interop.h"
44 #include "include/l2cap_hci_link_interface.h"
45 #include "main/shim/acl_api.h"
46 #include "main/shim/btm_api.h"
47 #include "main/shim/dumpsys.h"
48 #include "main/shim/l2c_api.h"
49 #include "main/shim/shim.h"
50 #include "osi/include/log.h"
51 #include "stack/acl/acl.h"
52 #include "stack/acl/peer_packet_types.h"
53 #include "stack/btm/btm_dev.h"
54 #include "stack/btm/btm_int_types.h"
55 #include "stack/btm/btm_sec.h"
56 #include "stack/btm/security_device_record.h"
57 #include "stack/gatt/connection_manager.h"
58 #include "stack/include/acl_api.h"
59 #include "stack/include/acl_hci_link_interface.h"
60 #include "stack/include/btm_api.h"
61 #include "stack/include/btm_iso_api.h"
62 #include "stack/include/btu.h"
63 #include "stack/include/hci_error_code.h"
64 #include "stack/include/hcimsgs.h"
65 #include "stack/include/l2cap_acl_interface.h"
66 #include "stack/include/sco_hci_link_interface.h"
67 #include "types/hci_role.h"
68 #include "types/raw_address.h"
69
70 void BTM_update_version_info(const RawAddress& bd_addr,
71 const remote_version_info& remote_version_info);
72
73 void gatt_find_in_device_record(const RawAddress& bd_addr,
74 tBLE_BD_ADDR* address_with_type);
75 void l2c_link_hci_conn_comp(tHCI_STATUS status, uint16_t handle,
76 const RawAddress& p_bda);
77
78 void BTM_db_reset(void);
79
80 extern tBTM_CB btm_cb;
81
82 struct StackAclBtmAcl {
83 tACL_CONN* acl_allocate_connection();
84 tACL_CONN* acl_get_connection_from_handle(uint16_t handle);
85 tACL_CONN* btm_bda_to_acl(const RawAddress& bda, tBT_TRANSPORT transport);
86 bool change_connection_packet_types(tACL_CONN& link,
87 const uint16_t new_packet_type_bitmask);
88 void btm_establish_continue(tACL_CONN* p_acl_cb);
89 void btm_read_remote_features(uint16_t handle);
90 void btm_set_default_link_policy(tLINK_POLICY settings);
91 void btm_acl_role_changed(tHCI_STATUS hci_status, const RawAddress& bd_addr,
92 tHCI_ROLE new_role);
93 void hci_start_role_switch_to_central(tACL_CONN& p_acl);
set_default_packet_types_supportedStackAclBtmAcl94 void set_default_packet_types_supported(uint16_t packet_types_supported) {
95 btm_cb.acl_cb_.btm_acl_pkt_types_supported = packet_types_supported;
96 }
97 };
98
99 struct RoleChangeView {
100 tHCI_ROLE new_role = HCI_ROLE_UNKNOWN;
101 RawAddress bd_addr;
102 };
103
104 namespace {
105 StackAclBtmAcl internal_;
106 std::unique_ptr<RoleChangeView> delayed_role_change_ = nullptr;
GetLegacyHciInterface()107 const bluetooth::legacy::hci::Interface& GetLegacyHciInterface() {
108 return bluetooth::legacy::hci::GetInterface();
109 }
110 }
111
112 typedef struct {
113 uint16_t handle;
114 uint16_t hci_len;
115 } __attribute__((packed)) acl_header_t;
116
117 constexpr uint8_t BTM_MAX_SW_ROLE_FAILED_ATTEMPTS = 3;
118
119 /* Define masks for supported and exception 2.0 ACL packet types
120 */
121 constexpr uint16_t BTM_ACL_SUPPORTED_PKTS_MASK =
122 (HCI_PKT_TYPES_MASK_DM1 | HCI_PKT_TYPES_MASK_DH1 | HCI_PKT_TYPES_MASK_DM3 |
123 HCI_PKT_TYPES_MASK_DH3 | HCI_PKT_TYPES_MASK_DM5 | HCI_PKT_TYPES_MASK_DH5);
124
125 constexpr uint16_t BTM_ACL_EXCEPTION_PKTS_MASK =
126 (HCI_PKT_TYPES_MASK_NO_2_DH1 | HCI_PKT_TYPES_MASK_NO_3_DH1 |
127 HCI_PKT_TYPES_MASK_NO_2_DH3 | HCI_PKT_TYPES_MASK_NO_3_DH3 |
128 HCI_PKT_TYPES_MASK_NO_2_DH5 | HCI_PKT_TYPES_MASK_NO_3_DH5);
129
IsEprAvailable(const tACL_CONN & p_acl)130 inline bool IsEprAvailable(const tACL_CONN& p_acl) {
131 if (!p_acl.peer_lmp_feature_valid[0]) {
132 LOG_WARN("Checking incomplete feature page read");
133 return false;
134 }
135 return HCI_ATOMIC_ENCRYPT_SUPPORTED(p_acl.peer_lmp_feature_pages[0]) &&
136 controller_get_interface()->supports_encryption_pause();
137 }
138
139 static void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
140 uint8_t max_page_number);
141 static void btm_read_failed_contact_counter_timeout(void* data);
142 static void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number);
143 static void btm_read_rssi_timeout(void* data);
144 static void btm_read_tx_power_timeout(void* data);
145 static void check_link_policy(tLINK_POLICY* settings);
146 void btm_set_link_policy(tACL_CONN* conn, tLINK_POLICY policy);
147
148 namespace {
NotifyAclLinkUp(tACL_CONN & p_acl)149 void NotifyAclLinkUp(tACL_CONN& p_acl) {
150 if (p_acl.link_up_issued) {
151 LOG_INFO("Already notified BTA layer that the link is up");
152 return;
153 }
154 p_acl.link_up_issued = true;
155 BTA_dm_acl_up(p_acl.remote_addr, p_acl.transport);
156 }
157
NotifyAclLinkDown(tACL_CONN & p_acl)158 void NotifyAclLinkDown(tACL_CONN& p_acl) {
159 /* Only notify if link up has had a chance to be issued */
160 if (p_acl.link_up_issued) {
161 p_acl.link_up_issued = false;
162 BTA_dm_acl_down(p_acl.remote_addr, p_acl.transport);
163 }
164 }
165
NotifyAclRoleSwitchComplete(const RawAddress & bda,tHCI_ROLE new_role,tHCI_STATUS hci_status)166 void NotifyAclRoleSwitchComplete(const RawAddress& bda, tHCI_ROLE new_role,
167 tHCI_STATUS hci_status) {
168 BTA_dm_report_role_change(bda, new_role, hci_status);
169 }
170
NotifyAclFeaturesReadComplete(tACL_CONN & p_acl,UNUSED_ATTR uint8_t max_page_number)171 void NotifyAclFeaturesReadComplete(tACL_CONN& p_acl,
172 UNUSED_ATTR uint8_t max_page_number) {
173 ASSERT_LOG(bluetooth::shim::is_gd_acl_enabled(),
174 "For right now only called with gd_acl support");
175 btm_process_remote_ext_features(&p_acl, max_page_number);
176 btm_set_link_policy(&p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
177 BTA_dm_notify_remote_features_complete(p_acl.remote_addr);
178 }
179
180 } // namespace
181
hci_btsnd_hcic_disconnect(tACL_CONN & p_acl,tHCI_STATUS reason)182 static void hci_btsnd_hcic_disconnect(tACL_CONN& p_acl, tHCI_STATUS reason) {
183 LOG_INFO("Disconnecting peer:%s reason:%s",
184 PRIVATE_ADDRESS(p_acl.remote_addr),
185 hci_error_code_text(reason).c_str());
186 p_acl.disconnect_reason = reason;
187
188 if (bluetooth::shim::is_gd_acl_enabled()) {
189 return bluetooth::shim::ACL_Disconnect(p_acl.hci_handle,
190 p_acl.is_transport_br_edr(), reason);
191 } else {
192 GetLegacyHciInterface().Disconnect(p_acl.hci_handle,
193 static_cast<uint16_t>(reason));
194 }
195 }
196
hci_start_role_switch_to_central(tACL_CONN & p_acl)197 void StackAclBtmAcl::hci_start_role_switch_to_central(tACL_CONN& p_acl) {
198 GetLegacyHciInterface().StartRoleSwitch(
199 p_acl.remote_addr, static_cast<uint8_t>(HCI_ROLE_CENTRAL));
200 p_acl.set_switch_role_in_progress();
201 p_acl.rs_disc_pending = BTM_SEC_RS_PENDING;
202 }
203
hci_btm_set_link_supervision_timeout(tACL_CONN & link,uint16_t timeout)204 void hci_btm_set_link_supervision_timeout(tACL_CONN& link, uint16_t timeout) {
205 if (link.link_role != HCI_ROLE_CENTRAL) {
206 /* Only send if current role is Central; 2.0 spec requires this */
207 LOG_WARN("Can only set link supervision timeout if central role:%s",
208 RoleText(link.link_role).c_str());
209 return;
210 }
211
212 LOG_DEBUG("Setting link supervision timeout:%.2fs peer:%s",
213 double(timeout) * 0.01, PRIVATE_ADDRESS(link.RemoteAddress()));
214 link.link_super_tout = timeout;
215 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID, link.Handle(),
216 timeout);
217 }
218
219 /* 3 seconds timeout waiting for responses */
220 #define BTM_DEV_REPLY_TIMEOUT_MS (3 * 1000)
221
BTM_acl_after_controller_started(const controller_t * controller)222 void BTM_acl_after_controller_started(const controller_t* controller) {
223 internal_.btm_set_default_link_policy(
224 HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH | HCI_ENABLE_HOLD_MODE |
225 HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE);
226
227 /* Create ACL supported packet types mask */
228 uint16_t btm_acl_pkt_types_supported =
229 (HCI_PKT_TYPES_MASK_DH1 + HCI_PKT_TYPES_MASK_DM1);
230
231 if (controller->supports_3_slot_packets())
232 btm_acl_pkt_types_supported |=
233 (HCI_PKT_TYPES_MASK_DH3 + HCI_PKT_TYPES_MASK_DM3);
234
235 if (controller->supports_5_slot_packets())
236 btm_acl_pkt_types_supported |=
237 (HCI_PKT_TYPES_MASK_DH5 + HCI_PKT_TYPES_MASK_DM5);
238
239 /* Add in EDR related ACL types */
240 if (!controller->supports_classic_2m_phy()) {
241 btm_acl_pkt_types_supported |=
242 (HCI_PKT_TYPES_MASK_NO_2_DH1 + HCI_PKT_TYPES_MASK_NO_2_DH3 +
243 HCI_PKT_TYPES_MASK_NO_2_DH5);
244 }
245
246 if (!controller->supports_classic_3m_phy()) {
247 btm_acl_pkt_types_supported |=
248 (HCI_PKT_TYPES_MASK_NO_3_DH1 + HCI_PKT_TYPES_MASK_NO_3_DH3 +
249 HCI_PKT_TYPES_MASK_NO_3_DH5);
250 }
251
252 /* Check to see if 3 and 5 slot packets are available */
253 if (controller->supports_classic_2m_phy() ||
254 controller->supports_classic_3m_phy()) {
255 if (!controller->supports_3_slot_edr_packets())
256 btm_acl_pkt_types_supported |=
257 (HCI_PKT_TYPES_MASK_NO_2_DH3 + HCI_PKT_TYPES_MASK_NO_3_DH3);
258
259 if (!controller->supports_5_slot_edr_packets())
260 btm_acl_pkt_types_supported |=
261 (HCI_PKT_TYPES_MASK_NO_2_DH5 + HCI_PKT_TYPES_MASK_NO_3_DH5);
262 }
263 internal_.set_default_packet_types_supported(btm_acl_pkt_types_supported);
264 }
265
266 /*******************************************************************************
267 *
268 * Function btm_bda_to_acl
269 *
270 * Description This function returns the FIRST acl_db entry for the passed
271 * BDA.
272 *
273 * Parameters bda : BD address of the remote device
274 * transport : Physical transport used for ACL connection
275 * (BR/EDR or LE)
276 *
277 * Returns Returns pointer to the ACL DB for the requested BDA if found.
278 * nullptr if not found.
279 *
280 ******************************************************************************/
btm_bda_to_acl(const RawAddress & bda,tBT_TRANSPORT transport)281 tACL_CONN* StackAclBtmAcl::btm_bda_to_acl(const RawAddress& bda,
282 tBT_TRANSPORT transport) {
283 tACL_CONN* p_acl = &btm_cb.acl_cb_.acl_db[0];
284 for (uint8_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl++) {
285 if ((p_acl->in_use) && p_acl->remote_addr == bda &&
286 p_acl->transport == transport) {
287 return p_acl;
288 }
289 }
290 return nullptr;
291 }
292
acl_get_connection_from_address(const RawAddress & bd_addr,tBT_TRANSPORT transport)293 tACL_CONN* acl_get_connection_from_address(const RawAddress& bd_addr,
294 tBT_TRANSPORT transport) {
295 return internal_.btm_bda_to_acl(bd_addr, transport);
296 }
297
298 /*******************************************************************************
299 *
300 * Function btm_handle_to_acl_index
301 *
302 * Description This function returns the FIRST acl_db entry for the passed
303 * hci_handle.
304 *
305 * Returns index to the acl_db or MAX_L2CAP_LINKS.
306 *
307 ******************************************************************************/
btm_handle_to_acl_index(uint16_t hci_handle)308 uint8_t btm_handle_to_acl_index(uint16_t hci_handle) {
309 tACL_CONN* p = &btm_cb.acl_cb_.acl_db[0];
310 uint8_t xx;
311 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
312 if ((p->in_use) && (p->hci_handle == hci_handle)) {
313 break;
314 }
315 }
316
317 /* If here, no BD Addr found */
318 return (xx);
319 }
320
acl_get_connection_from_handle(uint16_t hci_handle)321 tACL_CONN* StackAclBtmAcl::acl_get_connection_from_handle(uint16_t hci_handle) {
322 uint8_t index = btm_handle_to_acl_index(hci_handle);
323 if (index >= MAX_L2CAP_LINKS) return nullptr;
324 return &btm_cb.acl_cb_.acl_db[index];
325 }
326
acl_get_connection_from_handle(uint16_t handle)327 tACL_CONN* acl_get_connection_from_handle(uint16_t handle) {
328 return internal_.acl_get_connection_from_handle(handle);
329 }
330
btm_acl_process_sca_cmpl_pkt(uint8_t len,uint8_t * data)331 void btm_acl_process_sca_cmpl_pkt(uint8_t len, uint8_t* data) {
332 uint16_t handle;
333 uint8_t sca;
334 uint8_t status;
335
336 STREAM_TO_UINT8(status, data);
337
338 if (status != HCI_SUCCESS) {
339 LOG_WARN("Peer SCA Command complete failed:%s",
340 hci_error_code_text(static_cast<tHCI_STATUS>(status)).c_str());
341 return;
342 }
343
344 STREAM_TO_UINT16(handle, data);
345 STREAM_TO_UINT8(sca, data);
346
347 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
348 if (p_acl == nullptr) {
349 LOG_WARN("Unable to find active acl");
350 return;
351 }
352 p_acl->sca = sca;
353 }
354
acl_allocate_connection()355 tACL_CONN* StackAclBtmAcl::acl_allocate_connection() {
356 tACL_CONN* p_acl = &btm_cb.acl_cb_.acl_db[0];
357 for (uint8_t xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl++) {
358 if (!p_acl->in_use) {
359 return p_acl;
360 }
361 }
362 return nullptr;
363 }
364
btm_acl_created(const RawAddress & bda,uint16_t hci_handle,tHCI_ROLE link_role,tBT_TRANSPORT transport)365 void btm_acl_created(const RawAddress& bda, uint16_t hci_handle,
366 tHCI_ROLE link_role, tBT_TRANSPORT transport) {
367 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bda, transport);
368 if (p_acl != (tACL_CONN*)NULL) {
369 p_acl->hci_handle = hci_handle;
370 p_acl->link_role = link_role;
371 p_acl->transport = transport;
372 btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
373 LOG_WARN(
374 "Unable to create duplicate acl when one already exists handle:%hu"
375 " role:%s transport:%s",
376 hci_handle, RoleText(link_role).c_str(),
377 bt_transport_text(transport).c_str());
378 return;
379 }
380
381 p_acl = internal_.acl_allocate_connection();
382 if (p_acl == nullptr) {
383 LOG_WARN("Unable to find active acl");
384 return;
385 }
386
387 p_acl->in_use = true;
388 p_acl->hci_handle = hci_handle;
389 p_acl->link_role = link_role;
390 p_acl->link_up_issued = false;
391 p_acl->remote_addr = bda;
392 p_acl->sca = 0xFF;
393 p_acl->transport = transport;
394 p_acl->switch_role_failed_attempts = 0;
395 p_acl->reset_switch_role();
396 BTM_PM_OnConnected(hci_handle, bda);
397
398 LOG_DEBUG(
399 "Created new ACL connection peer:%s role:%s handle:0x%04x transport:%s",
400 PRIVATE_ADDRESS(bda), RoleText(p_acl->link_role).c_str(), hci_handle,
401 bt_transport_text(transport).c_str());
402 btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
403
404 if (transport == BT_TRANSPORT_LE) {
405 btm_ble_refresh_local_resolvable_private_addr(
406 bda, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
407 }
408 /* if BR/EDR do something more */
409 if (transport == BT_TRANSPORT_BR_EDR) {
410 btsnd_hcic_read_rmt_clk_offset(hci_handle);
411 if (!bluetooth::shim::is_gd_l2cap_enabled() &&
412 !bluetooth::shim::is_gd_acl_enabled()) {
413 // GD L2cap and GD Acl read this automatically
414 btsnd_hcic_rmt_ver_req(hci_handle);
415 }
416 }
417
418 if (transport == BT_TRANSPORT_LE) {
419 btm_ble_get_acl_remote_addr(hci_handle, p_acl->active_remote_addr,
420 &p_acl->active_remote_addr_type);
421
422 if (controller_get_interface()
423 ->supports_ble_peripheral_initiated_feature_exchange() ||
424 link_role == HCI_ROLE_CENTRAL) {
425 btsnd_hcic_ble_read_remote_feat(p_acl->hci_handle);
426 } else {
427 internal_.btm_establish_continue(p_acl);
428 }
429 }
430 }
431
btm_acl_update_conn_addr(uint16_t handle,const RawAddress & address)432 void btm_acl_update_conn_addr(uint16_t handle, const RawAddress& address) {
433 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
434 if (p_acl == nullptr) {
435 LOG_WARN("Unable to find active acl");
436 return;
437 }
438 p_acl->conn_addr = address;
439 }
440
441 /*******************************************************************************
442 *
443 * Function btm_acl_removed
444 *
445 * Description This function is called by L2CAP when an ACL connection
446 * is removed. Since only L2CAP creates ACL links, we use
447 * the L2CAP link index as our index into the control blocks.
448 *
449 * Returns void
450 *
451 ******************************************************************************/
btm_acl_removed(uint16_t handle)452 void btm_acl_removed(uint16_t handle) {
453 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
454 if (p_acl == nullptr) {
455 LOG_WARN("Unable to find active acl");
456 return;
457 }
458 p_acl->in_use = false;
459 NotifyAclLinkDown(*p_acl);
460 p_acl->Reset();
461 BTM_PM_OnDisconnected(handle);
462 }
463
464 /*******************************************************************************
465 *
466 * Function btm_acl_device_down
467 *
468 * Description This function is called when the local device is deemed
469 * to be down. It notifies L2CAP of the failure.
470 *
471 * Returns void
472 *
473 ******************************************************************************/
btm_acl_device_down(void)474 void btm_acl_device_down(void) {
475 tACL_CONN* p = &btm_cb.acl_cb_.acl_db[0];
476 uint16_t xx;
477 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
478 if (p->in_use) {
479 l2c_link_hci_disc_comp(p->hci_handle, HCI_ERR_HW_FAILURE);
480 }
481 }
482 BTM_db_reset();
483 }
484
btm_acl_set_paging(bool value)485 void btm_acl_set_paging(bool value) { btm_cb.is_paging = value; }
486
btm_acl_update_inquiry_status(uint8_t status)487 void btm_acl_update_inquiry_status(uint8_t status) {
488 btm_cb.is_inquiry = status == BTM_INQUIRY_STARTED;
489 BTIF_dm_report_inquiry_status_change(status);
490 }
491
BTM_GetRole(const RawAddress & remote_bd_addr,tHCI_ROLE * p_role)492 tBTM_STATUS BTM_GetRole(const RawAddress& remote_bd_addr, tHCI_ROLE* p_role) {
493 if (p_role == nullptr) {
494 return BTM_ILLEGAL_VALUE;
495 }
496 *p_role = HCI_ROLE_UNKNOWN;
497
498 tACL_CONN* p_acl =
499 internal_.btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
500 if (p_acl == nullptr) {
501 LOG_WARN("Unable to find active acl");
502 return BTM_UNKNOWN_ADDR;
503 }
504 *p_role = p_acl->link_role;
505 return BTM_SUCCESS;
506 }
507
508 /*******************************************************************************
509 *
510 * Function BTM_SwitchRoleToCentral
511 *
512 * Description This function is called to switch role between central and
513 * peripheral. If role is already set it will do nothing.
514 *
515 * Returns BTM_SUCCESS if already in specified role.
516 * BTM_CMD_STARTED if command issued to controller.
517 * BTM_NO_RESOURCES if couldn't allocate memory to issue
518 * command
519 * BTM_UNKNOWN_ADDR if no active link with bd addr specified
520 * BTM_MODE_UNSUPPORTED if local device does not support role
521 * switching
522 * BTM_BUSY if the previous command is not completed
523 *
524 ******************************************************************************/
BTM_SwitchRoleToCentral(const RawAddress & remote_bd_addr)525 tBTM_STATUS BTM_SwitchRoleToCentral(const RawAddress& remote_bd_addr) {
526 if (bluetooth::shim::is_gd_l2cap_enabled()) {
527 bluetooth::shim::L2CA_SwitchRoleToCentral(remote_bd_addr);
528 return BTM_SUCCESS;
529 }
530 if (!controller_get_interface()->supports_central_peripheral_role_switch()) {
531 LOG_INFO("Local controller does not support role switching");
532 return BTM_MODE_UNSUPPORTED;
533 }
534
535 tACL_CONN* p_acl =
536 internal_.btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
537 if (p_acl == nullptr) {
538 LOG_WARN("Unable to find active acl");
539 return BTM_UNKNOWN_ADDR;
540 }
541
542 if (p_acl->link_role == HCI_ROLE_CENTRAL) {
543 LOG_INFO("Requested role is already in effect");
544 return BTM_SUCCESS;
545 }
546
547 if (interop_match_addr(INTEROP_DISABLE_ROLE_SWITCH, &remote_bd_addr)) {
548 LOG_INFO("Remote device is on list preventing role switch");
549 return BTM_DEV_RESTRICT_LISTED;
550 }
551
552 if (BTM_IsScoActiveByBdaddr(remote_bd_addr)) {
553 LOG_INFO("An active SCO to device prevents role switch at this time");
554 return BTM_NO_RESOURCES;
555 }
556
557 if (!p_acl->is_switch_role_idle()) {
558 LOG_INFO("Role switch is already progress");
559 return BTM_BUSY;
560 }
561
562 tBTM_PM_MODE pwr_mode;
563 if (!BTM_ReadPowerMode(p_acl->remote_addr, &pwr_mode)) {
564 LOG_WARN(
565 "Unable to find device to read current power mode prior to role "
566 "switch");
567 return BTM_UNKNOWN_ADDR;
568 };
569
570 if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF) {
571 if (!BTM_SetLinkPolicyActiveMode(p_acl->remote_addr)) {
572 LOG_WARN("Unable to set link policy active before attempting switch");
573 return BTM_WRONG_MODE;
574 }
575 p_acl->set_switch_role_changing();
576 }
577 /* some devices do not support switch while encryption is on */
578 else {
579 if (p_acl->is_encrypted && !IsEprAvailable(*p_acl)) {
580 /* bypass turning off encryption if change link key is already doing it */
581 p_acl->set_encryption_off();
582 p_acl->set_switch_role_encryption_off();
583 } else {
584 internal_.hci_start_role_switch_to_central(*p_acl);
585 }
586 }
587
588 return BTM_CMD_STARTED;
589 }
590
591 /*******************************************************************************
592 *
593 * Function btm_acl_encrypt_change
594 *
595 * Description This function is when encryption of the connection is
596 * completed by the LM. Checks to see if a role switch or
597 * change of link key was active and initiates or continues
598 * process if needed.
599 *
600 * Returns void
601 *
602 ******************************************************************************/
btm_acl_encrypt_change(uint16_t handle,uint8_t status,uint8_t encr_enable)603 void btm_acl_encrypt_change(uint16_t handle, uint8_t status,
604 uint8_t encr_enable) {
605 tACL_CONN* p = internal_.acl_get_connection_from_handle(handle);
606 if (p == nullptr) {
607 LOG_WARN("Unable to find active acl");
608 return;
609 }
610
611 p->is_encrypted = encr_enable;
612
613 /* Process Role Switch if active */
614 if (p->is_switch_role_encryption_off()) {
615 /* if encryption turn off failed we still will try to switch role */
616 if (encr_enable) {
617 p->set_encryption_idle();
618 p->reset_switch_role();
619 } else {
620 p->set_encryption_switching();
621 p->set_switch_role_switching();
622 }
623 internal_.hci_start_role_switch_to_central(*p);
624 }
625 /* Finished enabling Encryption after role switch */
626 else if (p->is_switch_role_encryption_on()) {
627 p->reset_switch_role();
628 p->set_encryption_idle();
629 NotifyAclRoleSwitchComplete(
630 btm_cb.acl_cb_.switch_role_ref_data.remote_bd_addr,
631 btm_cb.acl_cb_.switch_role_ref_data.role,
632 btm_cb.acl_cb_.switch_role_ref_data.hci_status);
633
634 /* If a disconnect is pending, issue it now that role switch has completed
635 */
636 if (p->rs_disc_pending == BTM_SEC_DISC_PENDING) {
637 hci_btsnd_hcic_disconnect(*p, HCI_ERR_PEER_USER);
638 }
639 p->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
640 }
641 }
642
check_link_policy(tLINK_POLICY * settings)643 static void check_link_policy(tLINK_POLICY* settings) {
644 const controller_t* controller = controller_get_interface();
645
646 if ((*settings & HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH) &&
647 (!controller->supports_role_switch())) {
648 *settings &= (~HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
649 LOG_INFO("Role switch not supported (settings: 0x%04x)", *settings);
650 }
651 if ((*settings & HCI_ENABLE_HOLD_MODE) &&
652 (!controller->supports_hold_mode())) {
653 *settings &= (~HCI_ENABLE_HOLD_MODE);
654 LOG_INFO("hold not supported (settings: 0x%04x)", *settings);
655 }
656 if ((*settings & HCI_ENABLE_SNIFF_MODE) &&
657 (!controller->supports_sniff_mode())) {
658 *settings &= (~HCI_ENABLE_SNIFF_MODE);
659 LOG_INFO("sniff not supported (settings: 0x%04x)", *settings);
660 }
661 if ((*settings & HCI_ENABLE_PARK_MODE) &&
662 (!controller->supports_park_mode())) {
663 *settings &= (~HCI_ENABLE_PARK_MODE);
664 LOG_INFO("park not supported (settings: 0x%04x)", *settings);
665 }
666 }
667
btm_set_link_policy(tACL_CONN * conn,tLINK_POLICY policy)668 void btm_set_link_policy(tACL_CONN* conn, tLINK_POLICY policy) {
669 conn->link_policy = policy;
670 check_link_policy(&conn->link_policy);
671 if ((conn->link_policy & HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH) &&
672 interop_match_addr(INTEROP_DISABLE_SNIFF, &(conn->remote_addr))) {
673 conn->link_policy &= (~HCI_ENABLE_SNIFF_MODE);
674 }
675 btsnd_hcic_write_policy_set(conn->hci_handle,
676 static_cast<uint16_t>(conn->link_policy));
677 }
678
btm_toggle_policy_on_for(const RawAddress & peer_addr,uint16_t flag)679 static void btm_toggle_policy_on_for(const RawAddress& peer_addr,
680 uint16_t flag) {
681 auto conn = internal_.btm_bda_to_acl(peer_addr, BT_TRANSPORT_BR_EDR);
682 if (!conn) {
683 LOG_WARN("Unable to find active acl");
684 return;
685 }
686 btm_set_link_policy(conn, conn->link_policy | flag);
687 }
688
btm_toggle_policy_off_for(const RawAddress & peer_addr,uint16_t flag)689 static void btm_toggle_policy_off_for(const RawAddress& peer_addr,
690 uint16_t flag) {
691 auto conn = internal_.btm_bda_to_acl(peer_addr, BT_TRANSPORT_BR_EDR);
692 if (!conn) {
693 LOG_WARN("Unable to find active acl");
694 return;
695 }
696 btm_set_link_policy(conn, conn->link_policy & ~flag);
697 }
698
BTM_is_sniff_allowed_for(const RawAddress & peer_addr)699 bool BTM_is_sniff_allowed_for(const RawAddress& peer_addr) {
700 auto conn = internal_.btm_bda_to_acl(peer_addr, BT_TRANSPORT_BR_EDR);
701 if (!conn) {
702 LOG_WARN("Unable to find active acl");
703 return false;
704 }
705 return conn->link_policy & HCI_ENABLE_SNIFF_MODE;
706 }
707
BTM_unblock_sniff_mode_for(const RawAddress & peer_addr)708 void BTM_unblock_sniff_mode_for(const RawAddress& peer_addr) {
709 btm_toggle_policy_on_for(peer_addr, HCI_ENABLE_SNIFF_MODE);
710 }
711
BTM_block_sniff_mode_for(const RawAddress & peer_addr)712 void BTM_block_sniff_mode_for(const RawAddress& peer_addr) {
713 btm_toggle_policy_off_for(peer_addr, HCI_ENABLE_SNIFF_MODE);
714 }
715
BTM_unblock_role_switch_for(const RawAddress & peer_addr)716 void BTM_unblock_role_switch_for(const RawAddress& peer_addr) {
717 btm_toggle_policy_on_for(peer_addr, HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
718 }
719
BTM_block_role_switch_for(const RawAddress & peer_addr)720 void BTM_block_role_switch_for(const RawAddress& peer_addr) {
721 btm_toggle_policy_off_for(peer_addr, HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
722 }
723
BTM_unblock_role_switch_and_sniff_mode_for(const RawAddress & peer_addr)724 void BTM_unblock_role_switch_and_sniff_mode_for(const RawAddress& peer_addr) {
725 btm_toggle_policy_on_for(
726 peer_addr, HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
727 }
728
BTM_block_role_switch_and_sniff_mode_for(const RawAddress & peer_addr)729 void BTM_block_role_switch_and_sniff_mode_for(const RawAddress& peer_addr) {
730 btm_toggle_policy_off_for(
731 peer_addr, HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
732 }
733
btm_set_default_link_policy(tLINK_POLICY settings)734 void StackAclBtmAcl::btm_set_default_link_policy(tLINK_POLICY settings) {
735 check_link_policy(&settings);
736 btm_cb.acl_cb_.btm_def_link_policy = settings;
737 btsnd_hcic_write_def_policy_set(settings);
738 }
739
BTM_default_unblock_role_switch()740 void BTM_default_unblock_role_switch() {
741 internal_.btm_set_default_link_policy(btm_cb.acl_cb_.DefaultLinkPolicy() |
742 HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
743 }
744
BTM_default_block_role_switch()745 void BTM_default_block_role_switch() {
746 internal_.btm_set_default_link_policy(btm_cb.acl_cb_.DefaultLinkPolicy() &
747 ~HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
748 }
749
750 /*******************************************************************************
751 *
752 * Function btm_read_remote_version_complete
753 *
754 * Description This function is called when the command complete message
755 * is received from the HCI for the remote version info.
756 *
757 * Returns void
758 *
759 ******************************************************************************/
maybe_chain_more_commands_after_read_remote_version_complete(uint8_t status,uint16_t handle)760 static void maybe_chain_more_commands_after_read_remote_version_complete(
761 uint8_t status, uint16_t handle) {
762 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
763 if (p_acl_cb == nullptr) {
764 LOG_WARN("Received remote version complete for unknown device");
765 return;
766 }
767
768 switch (p_acl_cb->transport) {
769 case BT_TRANSPORT_LE:
770 l2cble_notify_le_connection(p_acl_cb->remote_addr);
771 l2cble_use_preferred_conn_params(p_acl_cb->remote_addr);
772 break;
773 case BT_TRANSPORT_BR_EDR:
774 /**
775 * When running legacy stack continue chain of executing various
776 * read commands. Skip when gd_acl is enabled because that
777 * module handles all remote read functionality.
778 */
779 if (!bluetooth::shim::is_gd_acl_enabled()) {
780 if (status == HCI_SUCCESS) {
781 internal_.btm_read_remote_features(p_acl_cb->hci_handle);
782 }
783 }
784 }
785 }
786
btm_process_remote_version_complete(uint8_t status,uint16_t handle,uint8_t lmp_version,uint16_t manufacturer,uint16_t lmp_subversion)787 void btm_process_remote_version_complete(uint8_t status, uint16_t handle,
788 uint8_t lmp_version,
789 uint16_t manufacturer,
790 uint16_t lmp_subversion) {
791 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
792 if (p_acl_cb == nullptr) {
793 LOG_WARN("Received remote version complete for unknown acl");
794 return;
795 }
796
797 if (status == HCI_SUCCESS) {
798 p_acl_cb->remote_version_info.lmp_version = lmp_version;
799 p_acl_cb->remote_version_info.manufacturer = manufacturer;
800 p_acl_cb->remote_version_info.lmp_subversion = lmp_subversion;
801 p_acl_cb->remote_version_info.valid = true;
802 BTM_update_version_info(p_acl_cb->RemoteAddress(),
803 p_acl_cb->remote_version_info);
804
805 bluetooth::common::LogRemoteVersionInfo(handle, status, lmp_version,
806 manufacturer, lmp_subversion);
807 } else {
808 bluetooth::common::LogRemoteVersionInfo(handle, status, 0, 0, 0);
809 }
810 }
811
btm_read_remote_version_complete_raw(uint8_t * p)812 void btm_read_remote_version_complete_raw(uint8_t* p) {
813 uint8_t status;
814 uint16_t handle;
815 uint8_t lmp_version;
816 uint16_t manufacturer;
817 uint16_t lmp_subversion;
818
819 STREAM_TO_UINT8(status, p);
820 STREAM_TO_UINT16(handle, p);
821 STREAM_TO_UINT8(lmp_version, p);
822 STREAM_TO_UINT16(manufacturer, p);
823 STREAM_TO_UINT16(lmp_subversion, p);
824
825 ASSERT_LOG(!bluetooth::shim::is_gd_acl_enabled(),
826 "gd acl layer should be receiving this completion");
827 btm_read_remote_version_complete(static_cast<tHCI_STATUS>(status), handle,
828 lmp_version, manufacturer, lmp_version);
829 }
830
btm_read_remote_version_complete(tHCI_STATUS status,uint16_t handle,uint8_t lmp_version,uint16_t manufacturer,uint16_t lmp_subversion)831 void btm_read_remote_version_complete(tHCI_STATUS status, uint16_t handle,
832 uint8_t lmp_version,
833 uint16_t manufacturer,
834 uint16_t lmp_subversion) {
835 btm_process_remote_version_complete(status, handle, lmp_version, manufacturer,
836 lmp_subversion);
837 maybe_chain_more_commands_after_read_remote_version_complete(status, handle);
838 }
839
840 /*******************************************************************************
841 *
842 * Function btm_process_remote_ext_features
843 *
844 * Description Local function called to process all extended features pages
845 * read from a remote device.
846 *
847 * Returns void
848 *
849 ******************************************************************************/
btm_process_remote_ext_features(tACL_CONN * p_acl_cb,uint8_t max_page_number)850 void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
851 uint8_t max_page_number) {
852 CHECK(p_acl_cb != nullptr);
853 if (!p_acl_cb->peer_lmp_feature_valid[max_page_number]) {
854 LOG_WARN(
855 "Checking remote features but remote feature read is "
856 "incomplete");
857 }
858
859 bool ssp_supported =
860 HCI_SSP_HOST_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[1]);
861 bool secure_connections_supported =
862 HCI_SC_HOST_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[1]);
863 bool role_switch_supported =
864 HCI_SWITCH_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0]);
865 bool br_edr_supported =
866 !HCI_BREDR_NOT_SPT_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0]);
867 bool le_supported =
868 HCI_LE_SPT_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0]) &&
869 HCI_LE_HOST_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[1]);
870 btm_sec_set_peer_sec_caps(p_acl_cb->hci_handle, ssp_supported,
871 secure_connections_supported, role_switch_supported,
872 br_edr_supported, le_supported);
873 }
874
875 /*******************************************************************************
876 *
877 * Function btm_read_remote_features
878 *
879 * Description Local function called to send a read remote supported
880 * features/remote extended features page[0].
881 *
882 * Returns void
883 *
884 ******************************************************************************/
btm_read_remote_features(uint16_t handle)885 void StackAclBtmAcl::btm_read_remote_features(uint16_t handle) {
886 uint8_t acl_idx;
887 tACL_CONN* p_acl_cb;
888
889 acl_idx = btm_handle_to_acl_index(handle);
890 if (acl_idx >= MAX_L2CAP_LINKS) {
891 LOG_WARN("Unable to find active acl");
892 return;
893 }
894
895 p_acl_cb = &btm_cb.acl_cb_.acl_db[acl_idx];
896 memset(p_acl_cb->peer_lmp_feature_pages, 0,
897 sizeof(p_acl_cb->peer_lmp_feature_pages));
898
899 /* first send read remote supported features HCI command */
900 /* because we don't know whether the remote support extended feature command
901 */
902 if (bluetooth::shim::is_gd_l2cap_enabled()) {
903 // GD L2cap reads this automatically
904 return;
905 }
906 btsnd_hcic_rmt_features_req(handle);
907 }
908
909 /*******************************************************************************
910 *
911 * Function btm_read_remote_ext_features
912 *
913 * Description Local function called to send a read remote extended
914 * features
915 *
916 * Returns void
917 *
918 ******************************************************************************/
btm_read_remote_ext_features(uint16_t handle,uint8_t page_number)919 void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number) {
920 if (bluetooth::shim::is_gd_l2cap_enabled()) {
921 // GD L2cap reads this automatically
922 return;
923 }
924 btsnd_hcic_rmt_ext_features(handle, page_number);
925 }
926
927 /*******************************************************************************
928 *
929 * Function btm_read_remote_features_complete
930 *
931 * Description This function is called when the remote supported features
932 * complete event is received from the HCI.
933 *
934 * Returns void
935 *
936 ******************************************************************************/
btm_read_remote_features_complete_raw(uint8_t * p)937 void btm_read_remote_features_complete_raw(uint8_t* p) {
938 uint8_t status;
939 uint16_t handle;
940
941 STREAM_TO_UINT8(status, p);
942
943 if (status != HCI_SUCCESS) {
944 LOG_WARN("Uanble to read remote features status:%s",
945 hci_error_code_text(static_cast<tHCI_STATUS>(status)).c_str());
946 return;
947 }
948
949 STREAM_TO_UINT16(handle, p);
950
951 btm_read_remote_features_complete(handle, p);
952 }
953
btm_read_remote_features_complete(uint16_t handle,uint8_t * features)954 void btm_read_remote_features_complete(uint16_t handle, uint8_t* features) {
955 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
956 if (p_acl_cb == nullptr) {
957 LOG_WARN("Unable to find active acl");
958 return;
959 }
960
961 /* Copy the received features page */
962 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[0], features,
963 HCI_FEATURE_BYTES_PER_PAGE);
964 p_acl_cb->peer_lmp_feature_valid[0] = true;
965
966 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0])) &&
967 (controller_get_interface()
968 ->supports_reading_remote_extended_features())) {
969 /* if the remote controller has extended features and local controller
970 supports HCI_Read_Remote_Extended_Features command then start reading
971 these feature starting with extended features page 1 */
972 LOG_DEBUG("Start reading remote extended features");
973 btm_read_remote_ext_features(handle, 1);
974 return;
975 }
976
977 /* Remote controller has no extended features. Process remote controller
978 supported features (features page 0). */
979 btm_process_remote_ext_features(p_acl_cb, 0);
980
981 /* Continue with HCI connection establishment */
982 internal_.btm_establish_continue(p_acl_cb);
983 }
984
985 /*******************************************************************************
986 *
987 * Function btm_read_remote_ext_features_complete
988 *
989 * Description This function is called when the remote extended features
990 * complete event is received from the HCI.
991 *
992 * Returns void
993 *
994 ******************************************************************************/
btm_read_remote_ext_features_complete_raw(uint8_t * p,uint8_t evt_len)995 void btm_read_remote_ext_features_complete_raw(uint8_t* p, uint8_t evt_len) {
996 uint8_t page_num, max_page;
997 uint16_t handle;
998
999 if (evt_len < HCI_EXT_FEATURES_SUCCESS_EVT_LEN) {
1000 android_errorWriteLog(0x534e4554, "141552859");
1001 LOG_WARN("Remote extended feature length too short. length=%d", evt_len);
1002 return;
1003 }
1004
1005 ++p;
1006 STREAM_TO_UINT16(handle, p);
1007 STREAM_TO_UINT8(page_num, p);
1008 STREAM_TO_UINT8(max_page, p);
1009
1010 if (max_page > HCI_EXT_FEATURES_PAGE_MAX) {
1011 LOG_WARN("Too many max pages read page=%d unknown", max_page);
1012 return;
1013 }
1014
1015 if (page_num > HCI_EXT_FEATURES_PAGE_MAX) {
1016 android_errorWriteLog(0x534e4554, "141552859");
1017 LOG_WARN("Too many received pages num_page=%d invalid", page_num);
1018 return;
1019 }
1020
1021 if (page_num > max_page) {
1022 LOG_WARN("num_page=%d, max_page=%d invalid", page_num, max_page);
1023 }
1024
1025 btm_read_remote_ext_features_complete(handle, page_num, max_page, p);
1026 }
1027
btm_read_remote_ext_features_complete(uint16_t handle,uint8_t page_num,uint8_t max_page,uint8_t * features)1028 void btm_read_remote_ext_features_complete(uint16_t handle, uint8_t page_num,
1029 uint8_t max_page,
1030 uint8_t* features) {
1031 /* Validate parameters */
1032 auto* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1033 if (p_acl_cb == nullptr) {
1034 LOG_WARN("Unable to find active acl");
1035 return;
1036 }
1037
1038 /* Copy the received features page */
1039 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[page_num], features,
1040 HCI_FEATURE_BYTES_PER_PAGE);
1041 p_acl_cb->peer_lmp_feature_valid[page_num] = true;
1042
1043 /* If there is the next remote features page and
1044 * we have space to keep this page data - read this page */
1045 if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX)) {
1046 page_num++;
1047 LOG_DEBUG("BTM reads next remote extended features page (%d)", page_num);
1048 btm_read_remote_ext_features(handle, page_num);
1049 return;
1050 }
1051
1052 /* Reading of remote feature pages is complete */
1053 LOG_DEBUG("BTM reached last remote extended features page (%d)", page_num);
1054
1055 /* Process the pages */
1056 btm_process_remote_ext_features(p_acl_cb, max_page);
1057
1058 /* Continue with HCI connection establishment */
1059 internal_.btm_establish_continue(p_acl_cb);
1060 }
1061
1062 /*******************************************************************************
1063 *
1064 * Function btm_read_remote_ext_features_failed
1065 *
1066 * Description This function is called when the remote extended features
1067 * complete event returns a failed status.
1068 *
1069 * Returns void
1070 *
1071 ******************************************************************************/
btm_read_remote_ext_features_failed(uint8_t status,uint16_t handle)1072 void btm_read_remote_ext_features_failed(uint8_t status, uint16_t handle) {
1073 LOG_WARN("status 0x%02x for handle %d", status, handle);
1074
1075 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1076 if (p_acl_cb == nullptr) {
1077 LOG_WARN("Unable to find active acl");
1078 return;
1079 }
1080
1081 /* Process supported features only */
1082 btm_process_remote_ext_features(p_acl_cb, 0);
1083
1084 /* Continue HCI connection establishment */
1085 internal_.btm_establish_continue(p_acl_cb);
1086 }
1087
1088 /*******************************************************************************
1089 *
1090 * Function btm_establish_continue
1091 *
1092 * Description This function is called when the command complete message
1093 * is received from the HCI for the read local link policy
1094 * request.
1095 *
1096 * Returns void
1097 *
1098 ******************************************************************************/
btm_establish_continue(tACL_CONN * p_acl)1099 void StackAclBtmAcl::btm_establish_continue(tACL_CONN* p_acl) {
1100 CHECK(p_acl != nullptr);
1101
1102 if (p_acl->is_transport_br_edr()) {
1103 /* For now there are a some devices that do not like sending */
1104 /* commands events and data at the same time. */
1105 /* Set the packet types to the default allowed by the device */
1106 const uint16_t default_packet_type_mask =
1107 btm_cb.acl_cb_.DefaultPacketTypes();
1108 if (!internal_.change_connection_packet_types(*p_acl,
1109 default_packet_type_mask)) {
1110 LOG_ERROR("Unable to change connection packet type types:%04x address:%s",
1111 default_packet_type_mask,
1112 PRIVATE_ADDRESS(p_acl->RemoteAddress()));
1113 }
1114 btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
1115 }
1116 NotifyAclLinkUp(*p_acl);
1117 }
1118
btm_establish_continue_from_address(const RawAddress & bda,tBT_TRANSPORT transport)1119 void btm_establish_continue_from_address(const RawAddress& bda,
1120 tBT_TRANSPORT transport) {
1121 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bda, transport);
1122 if (p_acl == nullptr) {
1123 LOG_WARN("Unable to find active acl");
1124 return;
1125 }
1126 internal_.btm_establish_continue(p_acl);
1127 }
1128
1129 /*******************************************************************************
1130 *
1131 * Function BTM_GetLinkSuperTout
1132 *
1133 * Description Read the link supervision timeout value of the connection
1134 *
1135 * Returns status of the operation
1136 *
1137 ******************************************************************************/
BTM_GetLinkSuperTout(const RawAddress & remote_bda,uint16_t * p_timeout)1138 tBTM_STATUS BTM_GetLinkSuperTout(const RawAddress& remote_bda,
1139 uint16_t* p_timeout) {
1140 CHECK(p_timeout != nullptr);
1141 const tACL_CONN* p_acl =
1142 internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1143 if (p_acl == nullptr) {
1144 LOG_WARN("Unable to find active acl");
1145 return BTM_UNKNOWN_ADDR;
1146 }
1147 *p_timeout = p_acl->link_super_tout;
1148 return BTM_SUCCESS;
1149 }
1150
1151 /*******************************************************************************
1152 *
1153 * Function BTM_SetLinkSuperTout
1154 *
1155 * Description Create and send HCI "Write Link Supervision Timeout" command
1156 *
1157 * Returns status of the operation
1158 *
1159 ******************************************************************************/
BTM_SetLinkSuperTout(const RawAddress & remote_bda,uint16_t timeout)1160 tBTM_STATUS BTM_SetLinkSuperTout(const RawAddress& remote_bda,
1161 uint16_t timeout) {
1162 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1163 if (p_acl == nullptr) {
1164 LOG_WARN("Unable to find active acl");
1165 return BTM_UNKNOWN_ADDR;
1166 }
1167
1168 /* Only send if current role is Central; 2.0 spec requires this */
1169 if (p_acl->link_role == HCI_ROLE_CENTRAL) {
1170 p_acl->link_super_tout = timeout;
1171 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID,
1172 p_acl->hci_handle, timeout);
1173 LOG_DEBUG("Set supervision timeout:%.2fms bd_addr:%s",
1174 supervision_timeout_to_seconds(timeout),
1175 PRIVATE_ADDRESS(remote_bda));
1176 return BTM_CMD_STARTED;
1177 } else {
1178 LOG_WARN(
1179 "Role is peripheral so unable to set supervision timeout:%.2fms "
1180 "bd_addr:%s",
1181 supervision_timeout_to_seconds(timeout), PRIVATE_ADDRESS(remote_bda));
1182 return BTM_SUCCESS;
1183 }
1184 }
1185
BTM_IsAclConnectionUp(const RawAddress & remote_bda,tBT_TRANSPORT transport)1186 bool BTM_IsAclConnectionUp(const RawAddress& remote_bda,
1187 tBT_TRANSPORT transport) {
1188 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1189 return bluetooth::shim::L2CA_IsLinkEstablished(remote_bda, transport);
1190 }
1191
1192 return internal_.btm_bda_to_acl(remote_bda, transport) != nullptr;
1193 }
1194
BTM_IsAclConnectionUpAndHandleValid(const RawAddress & remote_bda,tBT_TRANSPORT transport)1195 bool BTM_IsAclConnectionUpAndHandleValid(const RawAddress& remote_bda,
1196 tBT_TRANSPORT transport) {
1197 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1198 return bluetooth::shim::L2CA_IsLinkEstablished(remote_bda, transport);
1199 }
1200
1201 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, transport);
1202 if (p_acl == nullptr) {
1203 LOG_WARN("Unable to find active acl");
1204 return false;
1205 }
1206 return p_acl->hci_handle != HCI_INVALID_HANDLE;
1207 }
1208
BTM_IsAclConnectionUpFromHandle(uint16_t hci_handle)1209 bool BTM_IsAclConnectionUpFromHandle(uint16_t hci_handle) {
1210 return internal_.acl_get_connection_from_handle(hci_handle) != nullptr;
1211 }
1212
1213 /*******************************************************************************
1214 *
1215 * Function BTM_GetNumAclLinks
1216 *
1217 * Description This function is called to count the number of
1218 * ACL links that are active.
1219 *
1220 * Returns uint16_t Number of active ACL links
1221 *
1222 ******************************************************************************/
BTM_GetNumAclLinks(void)1223 uint16_t BTM_GetNumAclLinks(void) {
1224 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1225 return bluetooth::shim::L2CA_GetNumLinks();
1226 }
1227 return static_cast<uint16_t>(btm_cb.acl_cb_.NumberOfActiveLinks());
1228 }
1229
1230 /*******************************************************************************
1231 *
1232 * Function btm_get_acl_disc_reason_code
1233 *
1234 * Description This function is called to get the disconnection reason code
1235 * returned by the HCI at disconnection complete event.
1236 *
1237 * Returns true if connection is up, else false.
1238 *
1239 ******************************************************************************/
btm_get_acl_disc_reason_code(void)1240 tHCI_REASON btm_get_acl_disc_reason_code(void) {
1241 return btm_cb.acl_cb_.get_disconnect_reason();
1242 }
1243
1244 /*******************************************************************************
1245 *
1246 * Function BTM_GetHCIConnHandle
1247 *
1248 * Description This function is called to get the handle for an ACL
1249 * connection to a specific remote BD Address.
1250 *
1251 * Returns the handle of the connection, or HCI_INVALID_HANDLE if none.
1252 *
1253 ******************************************************************************/
BTM_GetHCIConnHandle(const RawAddress & remote_bda,tBT_TRANSPORT transport)1254 uint16_t BTM_GetHCIConnHandle(const RawAddress& remote_bda,
1255 tBT_TRANSPORT transport) {
1256 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1257 return bluetooth::shim::BTM_GetHCIConnHandle(remote_bda, transport);
1258 }
1259
1260 tACL_CONN* p;
1261 p = internal_.btm_bda_to_acl(remote_bda, transport);
1262 if (p != (tACL_CONN*)NULL) {
1263 return (p->hci_handle);
1264 }
1265
1266 /* If here, no BD Addr found */
1267 return HCI_INVALID_HANDLE;
1268 }
1269
1270 /*******************************************************************************
1271 *
1272 * Function BTM_IsPhy2mSupported
1273 *
1274 * Description This function is called to check PHY 2M support
1275 * from peer device
1276 * Returns True when PHY 2M supported false otherwise
1277 *
1278 ******************************************************************************/
BTM_IsPhy2mSupported(const RawAddress & remote_bda,tBT_TRANSPORT transport)1279 bool BTM_IsPhy2mSupported(const RawAddress& remote_bda, tBT_TRANSPORT transport) {
1280 tACL_CONN* p;
1281 BTM_TRACE_DEBUG("BTM_IsPhy2mSupported");
1282 p = internal_.btm_bda_to_acl(remote_bda, transport);
1283 if (p == (tACL_CONN*)NULL) {
1284 BTM_TRACE_DEBUG("BTM_IsPhy2mSupported: no connection");
1285 return false;
1286 }
1287
1288 if (!p->peer_le_features_valid) {
1289 LOG_WARN(
1290 "Checking remote features but remote feature read is "
1291 "incomplete");
1292 }
1293 return HCI_LE_2M_PHY_SUPPORTED(p->peer_le_features);
1294 }
1295
1296 /*******************************************************************************
1297 *
1298 * Function BTM_RequestPeerSCA
1299 *
1300 * Description This function is called to request sleep clock accuracy
1301 * from peer device
1302 *
1303 ******************************************************************************/
BTM_RequestPeerSCA(const RawAddress & remote_bda,tBT_TRANSPORT transport)1304 void BTM_RequestPeerSCA(const RawAddress& remote_bda, tBT_TRANSPORT transport) {
1305 tACL_CONN* p;
1306 p = internal_.btm_bda_to_acl(remote_bda, transport);
1307 if (p == (tACL_CONN*)NULL) {
1308 LOG_WARN("Unable to find active acl");
1309 return;
1310 }
1311
1312 btsnd_hcic_req_peer_sca(p->hci_handle);
1313 }
1314
1315 /*******************************************************************************
1316 *
1317 * Function BTM_GetPeerSCA
1318 *
1319 * Description This function is called to get peer sleep clock accuracy
1320 *
1321 * Returns SCA or 0xFF if SCA was never previously requested, request
1322 * is not supported by peer device or ACL does not exist
1323 *
1324 ******************************************************************************/
BTM_GetPeerSCA(const RawAddress & remote_bda,tBT_TRANSPORT transport)1325 uint8_t BTM_GetPeerSCA(const RawAddress& remote_bda, tBT_TRANSPORT transport) {
1326 tACL_CONN* p;
1327 p = internal_.btm_bda_to_acl(remote_bda, transport);
1328 if (p != (tACL_CONN*)NULL) {
1329 return (p->sca);
1330 }
1331 LOG_WARN("Unable to find active acl");
1332
1333 /* If here, no BD Addr found */
1334 return (0xFF);
1335 }
1336
1337 /*******************************************************************************
1338 *
1339 * Function btm_rejectlist_role_change_device
1340 *
1341 * Description This function is used to rejectlist the device if the role
1342 * switch fails for maximum number of times. It also removes
1343 * the device from the black list if the role switch succeeds.
1344 *
1345 * Input Parms bd_addr - remote BD addr
1346 * hci_status - role switch status
1347 *
1348 * Returns void
1349 *
1350 *******************************************************************************/
btm_rejectlist_role_change_device(const RawAddress & bd_addr,uint8_t hci_status)1351 void btm_rejectlist_role_change_device(const RawAddress& bd_addr,
1352 uint8_t hci_status) {
1353 tACL_CONN* p = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
1354
1355 if (!p) {
1356 LOG_WARN("Unable to find active acl");
1357 return;
1358 }
1359 if (hci_status == HCI_SUCCESS) {
1360 p->switch_role_failed_attempts = 0;
1361 return;
1362 }
1363
1364 /* check for carkits */
1365 const uint32_t cod_audio_device =
1366 (BTM_COD_SERVICE_AUDIO | BTM_COD_MAJOR_AUDIO) << 8;
1367 const uint8_t* dev_class = btm_get_dev_class(bd_addr);
1368 if (dev_class == nullptr) return;
1369 const uint32_t cod =
1370 ((dev_class[0] << 16) | (dev_class[1] << 8) | dev_class[2]) & 0xffffff;
1371 if ((hci_status != HCI_SUCCESS) &&
1372 (p->is_switch_role_switching_or_in_progress()) &&
1373 ((cod & cod_audio_device) == cod_audio_device) &&
1374 (!interop_match_addr(INTEROP_DYNAMIC_ROLE_SWITCH, &bd_addr))) {
1375 p->switch_role_failed_attempts++;
1376 if (p->switch_role_failed_attempts == BTM_MAX_SW_ROLE_FAILED_ATTEMPTS) {
1377 LOG_WARN(
1378 "Device %s rejectlisted for role switching - "
1379 "multiple role switch failed attempts: %u",
1380 bd_addr.ToString().c_str(), p->switch_role_failed_attempts);
1381 interop_database_add(INTEROP_DYNAMIC_ROLE_SWITCH, &bd_addr, 3);
1382 }
1383 }
1384 }
1385
1386 /*******************************************************************************
1387 *
1388 * Function btm_acl_role_changed
1389 *
1390 * Description This function is called whan a link's central/peripheral
1391 *role change event or command status event (with error) is received. It updates
1392 *the link control block, and calls the registered callback with status and role
1393 *(if registered).
1394 *
1395 * Returns void
1396 *
1397 ******************************************************************************/
btm_acl_role_changed(tHCI_STATUS hci_status,const RawAddress & bd_addr,tHCI_ROLE new_role)1398 void StackAclBtmAcl::btm_acl_role_changed(tHCI_STATUS hci_status,
1399 const RawAddress& bd_addr,
1400 tHCI_ROLE new_role) {
1401 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
1402 if (p_acl == nullptr) {
1403 // If we get a role change before connection complete, we cache the new
1404 // role here and then propagate it when ACL Link is created.
1405 RoleChangeView role_change;
1406 role_change.new_role = new_role;
1407 role_change.bd_addr = bd_addr;
1408 delayed_role_change_ =
1409 std::make_unique<RoleChangeView>(std::move(role_change));
1410 LOG_WARN("Unable to find active acl");
1411 return;
1412 }
1413
1414 tBTM_ROLE_SWITCH_CMPL* p_switch_role = &btm_cb.acl_cb_.switch_role_ref_data;
1415 LOG_DEBUG("Role change event received peer:%s hci_status:%s new_role:%s",
1416 PRIVATE_ADDRESS(bd_addr), hci_error_code_text(hci_status).c_str(),
1417 RoleText(new_role).c_str());
1418
1419 p_switch_role->hci_status = hci_status;
1420 if (hci_status == HCI_SUCCESS) {
1421 p_switch_role->role = new_role;
1422 p_switch_role->remote_bd_addr = bd_addr;
1423
1424 /* Update cached value */
1425 p_acl->link_role = new_role;
1426
1427 /* Reload LSTO: link supervision timeout is reset in the LM after a role
1428 * switch */
1429 if (new_role == HCI_ROLE_CENTRAL) {
1430 constexpr uint16_t link_supervision_timeout = 8000;
1431 BTM_SetLinkSuperTout(bd_addr, link_supervision_timeout);
1432 }
1433 } else {
1434 new_role = p_acl->link_role;
1435 }
1436
1437 /* Check if any SCO req is pending for role change */
1438 btm_sco_chk_pend_rolechange(p_acl->hci_handle);
1439
1440 /* if switching state is switching we need to turn encryption on */
1441 /* if idle, we did not change encryption */
1442 if (p_acl->is_switch_role_switching()) {
1443 p_acl->set_encryption_on();
1444 p_acl->set_switch_role_encryption_on();
1445 return;
1446 }
1447
1448 /* Set the switch_role_state to IDLE since the reply received from HCI */
1449 /* regardless of its result either success or failed. */
1450 if (p_acl->is_switch_role_in_progress()) {
1451 p_acl->set_encryption_idle();
1452 p_acl->reset_switch_role();
1453 }
1454
1455 BTA_dm_report_role_change(bd_addr, new_role, hci_status);
1456
1457 /* If a disconnect is pending, issue it now that role switch has completed */
1458 if (p_acl->rs_disc_pending == BTM_SEC_DISC_PENDING) {
1459 hci_btsnd_hcic_disconnect(*p_acl, HCI_ERR_PEER_USER);
1460 }
1461 p_acl->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
1462 }
1463
btm_acl_role_changed(tHCI_STATUS hci_status,const RawAddress & bd_addr,tHCI_ROLE new_role)1464 void btm_acl_role_changed(tHCI_STATUS hci_status, const RawAddress& bd_addr,
1465 tHCI_ROLE new_role) {
1466 if (hci_status == HCI_SUCCESS) {
1467 l2c_link_role_changed(&bd_addr, new_role, hci_status);
1468 } else {
1469 l2c_link_role_changed(nullptr, HCI_ROLE_UNKNOWN,
1470 HCI_ERR_COMMAND_DISALLOWED);
1471 }
1472 internal_.btm_acl_role_changed(hci_status, bd_addr, new_role);
1473 }
1474
1475 /*******************************************************************************
1476 *
1477 * Function change_connection_packet_types
1478 *
1479 * Description This function sets the packet types used for a specific
1480 * ACL connection. It is called internally by btm_acl_created
1481 * or by an application/profile by BTM_SetPacketTypes.
1482 *
1483 * Returns status of the operation
1484 *
1485 ******************************************************************************/
change_connection_packet_types(tACL_CONN & link,const uint16_t new_packet_type_mask)1486 bool StackAclBtmAcl::change_connection_packet_types(
1487 tACL_CONN& link, const uint16_t new_packet_type_mask) {
1488 // Start with the default configured packet types
1489 const uint16_t default_packet_type_mask = btm_cb.acl_cb_.DefaultPacketTypes();
1490
1491 uint16_t packet_type_mask =
1492 default_packet_type_mask &
1493 (new_packet_type_mask & BTM_ACL_SUPPORTED_PKTS_MASK);
1494
1495 /* OR in any exception packet types if at least 2.0 version of spec */
1496 packet_type_mask |=
1497 ((new_packet_type_mask & BTM_ACL_EXCEPTION_PKTS_MASK) |
1498 (BTM_ACL_EXCEPTION_PKTS_MASK & default_packet_type_mask));
1499
1500 /* Exclude packet types not supported by the peer */
1501 if (link.peer_lmp_feature_valid[0]) {
1502 PeerPacketTypes peer_packet_types(link.peer_lmp_feature_pages[0]);
1503 packet_type_mask &= peer_packet_types.acl.supported;
1504 packet_type_mask |= peer_packet_types.acl.unsupported;
1505 } else {
1506 LOG_INFO(
1507 "Unable to include remote supported packet types as read feature "
1508 "incomplete");
1509 LOG_INFO("TIP: Maybe wait until read feature complete beforehand");
1510 }
1511
1512 if (packet_type_mask == 0) {
1513 LOG_WARN("Unable to send controller illegal change packet mask:0x%04x",
1514 packet_type_mask);
1515 return false;
1516 }
1517
1518 link.pkt_types_mask = packet_type_mask;
1519 bluetooth::legacy::hci::GetInterface().ChangeConnectionPacketType(
1520 link.Handle(), link.pkt_types_mask);
1521 LOG_DEBUG("Started change connection packet type:0x%04x address:%s",
1522 link.pkt_types_mask, PRIVATE_ADDRESS(link.RemoteAddress()));
1523 return true;
1524 }
1525
btm_set_packet_types_from_address(const RawAddress & bd_addr,uint16_t pkt_types)1526 void btm_set_packet_types_from_address(const RawAddress& bd_addr,
1527 uint16_t pkt_types) {
1528 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
1529 if (p_acl == nullptr) {
1530 LOG_WARN("Unable to find active acl");
1531 return;
1532 }
1533
1534 if (!internal_.change_connection_packet_types(*p_acl, pkt_types)) {
1535 LOG_ERROR("Unable to change connection packet type types:%04x address:%s",
1536 pkt_types, PRIVATE_ADDRESS(bd_addr));
1537 }
1538 }
1539
1540 /*******************************************************************************
1541 *
1542 * Function BTM_GetMaxPacketSize
1543 *
1544 * Returns Returns maximum packet size that can be used for current
1545 * connection, 0 if connection is not established
1546 *
1547 ******************************************************************************/
BTM_GetMaxPacketSize(const RawAddress & addr)1548 uint16_t BTM_GetMaxPacketSize(const RawAddress& addr) {
1549 tACL_CONN* p = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1550 uint16_t pkt_types = 0;
1551 uint16_t pkt_size = 0;
1552 if (p != NULL) {
1553 pkt_types = p->pkt_types_mask;
1554 } else {
1555 /* Special case for when info for the local device is requested */
1556 if (addr == *controller_get_interface()->get_address()) {
1557 pkt_types = btm_cb.acl_cb_.DefaultPacketTypes();
1558 }
1559 }
1560
1561 if (pkt_types) {
1562 if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_3_DH5))
1563 pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
1564 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_2_DH5))
1565 pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
1566 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_3_DH3))
1567 pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
1568 else if (pkt_types & HCI_PKT_TYPES_MASK_DH5)
1569 pkt_size = HCI_DH5_PACKET_SIZE;
1570 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_2_DH3))
1571 pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
1572 else if (pkt_types & HCI_PKT_TYPES_MASK_DM5)
1573 pkt_size = HCI_DM5_PACKET_SIZE;
1574 else if (pkt_types & HCI_PKT_TYPES_MASK_DH3)
1575 pkt_size = HCI_DH3_PACKET_SIZE;
1576 else if (pkt_types & HCI_PKT_TYPES_MASK_DM3)
1577 pkt_size = HCI_DM3_PACKET_SIZE;
1578 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_3_DH1))
1579 pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
1580 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_2_DH1))
1581 pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
1582 else if (pkt_types & HCI_PKT_TYPES_MASK_DH1)
1583 pkt_size = HCI_DH1_PACKET_SIZE;
1584 else if (pkt_types & HCI_PKT_TYPES_MASK_DM1)
1585 pkt_size = HCI_DM1_PACKET_SIZE;
1586 }
1587
1588 return (pkt_size);
1589 }
1590
1591 /*******************************************************************************
1592 *
1593 * Function BTM_ReadRemoteVersion
1594 *
1595 * Returns If connected report peer device info
1596 *
1597 ******************************************************************************/
BTM_ReadRemoteVersion(const RawAddress & addr,uint8_t * lmp_version,uint16_t * manufacturer,uint16_t * lmp_sub_version)1598 bool BTM_ReadRemoteVersion(const RawAddress& addr, uint8_t* lmp_version,
1599 uint16_t* manufacturer, uint16_t* lmp_sub_version) {
1600 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1601 return bluetooth::shim::L2CA_ReadRemoteVersion(
1602 addr, lmp_version, manufacturer, lmp_sub_version);
1603 }
1604
1605 const tACL_CONN* p_acl = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1606 if (p_acl == nullptr) {
1607 p_acl = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_LE);
1608 if (p_acl == nullptr) {
1609 LOG_WARN("Unable to find active acl");
1610 return false;
1611 }
1612 }
1613
1614 if (!p_acl->remote_version_info.valid) {
1615 LOG_WARN("Remote version information is invalid");
1616 return false;
1617 }
1618
1619 if (lmp_version) *lmp_version = p_acl->remote_version_info.lmp_version;
1620
1621 if (manufacturer) *manufacturer = p_acl->remote_version_info.manufacturer;
1622
1623 if (lmp_sub_version)
1624 *lmp_sub_version = p_acl->remote_version_info.lmp_subversion;
1625
1626 return true;
1627 }
1628
1629 /*******************************************************************************
1630 *
1631 * Function BTM_ReadRemoteFeatures
1632 *
1633 * Returns pointer to the remote supported features mask (8 bytes)
1634 *
1635 ******************************************************************************/
BTM_ReadRemoteFeatures(const RawAddress & addr)1636 uint8_t* BTM_ReadRemoteFeatures(const RawAddress& addr) {
1637 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1638 return bluetooth::shim::L2CA_ReadRemoteFeatures(addr);
1639 }
1640 tACL_CONN* p = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1641 if (p == NULL) {
1642 LOG_WARN("Unable to find active acl");
1643 return (NULL);
1644 }
1645
1646 return (p->peer_lmp_feature_pages[0]);
1647 }
1648
1649 /*******************************************************************************
1650 *
1651 * Function BTM_ReadRSSI
1652 *
1653 * Description This function is called to read the link policy settings.
1654 * The address of link policy results are returned in the
1655 * callback.
1656 * (tBTM_RSSI_RESULT)
1657 *
1658 * Returns BTM_CMD_STARTED if successfully initiated or error code
1659 *
1660 ******************************************************************************/
BTM_ReadRSSI(const RawAddress & remote_bda,tBTM_CMPL_CB * p_cb)1661 tBTM_STATUS BTM_ReadRSSI(const RawAddress& remote_bda, tBTM_CMPL_CB* p_cb) {
1662 tACL_CONN* p = NULL;
1663 tBT_DEVICE_TYPE dev_type;
1664 tBLE_ADDR_TYPE addr_type;
1665
1666 /* If someone already waiting on the version, do not allow another */
1667 if (btm_cb.devcb.p_rssi_cmpl_cb) return (BTM_BUSY);
1668
1669 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1670
1671 if (dev_type & BT_DEVICE_TYPE_BLE) {
1672 p = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
1673 }
1674
1675 if (p == NULL && dev_type & BT_DEVICE_TYPE_BREDR) {
1676 p = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1677 }
1678
1679 if (p) {
1680 btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
1681 alarm_set_on_mloop(btm_cb.devcb.read_rssi_timer, BTM_DEV_REPLY_TIMEOUT_MS,
1682 btm_read_rssi_timeout, NULL);
1683
1684 btsnd_hcic_read_rssi(p->hci_handle);
1685 return (BTM_CMD_STARTED);
1686 }
1687 LOG_WARN("Unable to find active acl");
1688
1689 /* If here, no BD Addr found */
1690 return (BTM_UNKNOWN_ADDR);
1691 }
1692
1693 /*******************************************************************************
1694 *
1695 * Function BTM_ReadFailedContactCounter
1696 *
1697 * Description This function is called to read the failed contact counter.
1698 * The result is returned in the callback.
1699 * (tBTM_FAILED_CONTACT_COUNTER_RESULT)
1700 *
1701 * Returns BTM_CMD_STARTED if successfully initiated or error code
1702 *
1703 ******************************************************************************/
BTM_ReadFailedContactCounter(const RawAddress & remote_bda,tBTM_CMPL_CB * p_cb)1704 tBTM_STATUS BTM_ReadFailedContactCounter(const RawAddress& remote_bda,
1705 tBTM_CMPL_CB* p_cb) {
1706 tACL_CONN* p;
1707 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1708 tBT_DEVICE_TYPE dev_type;
1709 tBLE_ADDR_TYPE addr_type;
1710
1711 /* If someone already waiting on the result, do not allow another */
1712 if (btm_cb.devcb.p_failed_contact_counter_cmpl_cb) return (BTM_BUSY);
1713
1714 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1715 if (dev_type == BT_DEVICE_TYPE_BLE) transport = BT_TRANSPORT_LE;
1716
1717 p = internal_.btm_bda_to_acl(remote_bda, transport);
1718 if (p != (tACL_CONN*)NULL) {
1719 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = p_cb;
1720 alarm_set_on_mloop(btm_cb.devcb.read_failed_contact_counter_timer,
1721 BTM_DEV_REPLY_TIMEOUT_MS,
1722 btm_read_failed_contact_counter_timeout, NULL);
1723
1724 btsnd_hcic_read_failed_contact_counter(p->hci_handle);
1725 return (BTM_CMD_STARTED);
1726 }
1727 LOG_WARN("Unable to find active acl");
1728
1729 /* If here, no BD Addr found */
1730 return (BTM_UNKNOWN_ADDR);
1731 }
1732
1733 /*******************************************************************************
1734 *
1735 * Function BTM_ReadTxPower
1736 *
1737 * Description This function is called to read the current
1738 * TX power of the connection. The tx power level results
1739 * are returned in the callback.
1740 * (tBTM_RSSI_RESULT)
1741 *
1742 * Returns BTM_CMD_STARTED if successfully initiated or error code
1743 *
1744 ******************************************************************************/
BTM_ReadTxPower(const RawAddress & remote_bda,tBT_TRANSPORT transport,tBTM_CMPL_CB * p_cb)1745 tBTM_STATUS BTM_ReadTxPower(const RawAddress& remote_bda,
1746 tBT_TRANSPORT transport, tBTM_CMPL_CB* p_cb) {
1747 tACL_CONN* p;
1748 #define BTM_READ_RSSI_TYPE_CUR 0x00
1749 #define BTM_READ_RSSI_TYPE_MAX 0X01
1750
1751 VLOG(2) << __func__ << ": RemBdAddr: " << remote_bda;
1752
1753 /* If someone already waiting on the version, do not allow another */
1754 if (btm_cb.devcb.p_tx_power_cmpl_cb) return (BTM_BUSY);
1755
1756 p = internal_.btm_bda_to_acl(remote_bda, transport);
1757 if (p != (tACL_CONN*)NULL) {
1758 btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
1759 alarm_set_on_mloop(btm_cb.devcb.read_tx_power_timer,
1760 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_tx_power_timeout,
1761 NULL);
1762
1763 if (p->transport == BT_TRANSPORT_LE) {
1764 btm_cb.devcb.read_tx_pwr_addr = remote_bda;
1765 btsnd_hcic_ble_read_adv_chnl_tx_power();
1766 } else {
1767 btsnd_hcic_read_tx_power(p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
1768 }
1769
1770 return (BTM_CMD_STARTED);
1771 }
1772
1773 LOG_WARN("Unable to find active acl");
1774
1775 /* If here, no BD Addr found */
1776 return (BTM_UNKNOWN_ADDR);
1777 }
1778
1779 /*******************************************************************************
1780 *
1781 * Function btm_read_tx_power_timeout
1782 *
1783 * Description Callback when reading the tx power times out.
1784 *
1785 * Returns void
1786 *
1787 ******************************************************************************/
btm_read_tx_power_timeout(UNUSED_ATTR void * data)1788 void btm_read_tx_power_timeout(UNUSED_ATTR void* data) {
1789 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
1790 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
1791 if (p_cb) (*p_cb)((void*)NULL);
1792 }
1793
1794 /*******************************************************************************
1795 *
1796 * Function btm_read_tx_power_complete
1797 *
1798 * Description This function is called when the command complete message
1799 * is received from the HCI for the read tx power request.
1800 *
1801 * Returns void
1802 *
1803 ******************************************************************************/
btm_read_tx_power_complete(uint8_t * p,bool is_ble)1804 void btm_read_tx_power_complete(uint8_t* p, bool is_ble) {
1805 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
1806 tBTM_TX_POWER_RESULT result;
1807
1808 alarm_cancel(btm_cb.devcb.read_tx_power_timer);
1809 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
1810
1811 /* If there was a registered callback, call it */
1812 if (p_cb) {
1813 STREAM_TO_UINT8(result.hci_status, p);
1814
1815 if (result.hci_status == HCI_SUCCESS) {
1816 result.status = BTM_SUCCESS;
1817
1818 if (!is_ble) {
1819 uint16_t handle;
1820 STREAM_TO_UINT16(handle, p);
1821 STREAM_TO_UINT8(result.tx_power, p);
1822
1823 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1824 if (p_acl_cb != nullptr) {
1825 result.rem_bda = p_acl_cb->remote_addr;
1826 }
1827 } else {
1828 STREAM_TO_UINT8(result.tx_power, p);
1829 result.rem_bda = btm_cb.devcb.read_tx_pwr_addr;
1830 }
1831 LOG_DEBUG("Transmit power complete: tx_power:%d hci status:%s",
1832 result.tx_power,
1833 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
1834 .c_str());
1835 } else {
1836 result.status = BTM_ERR_PROCESSING;
1837 }
1838
1839 (*p_cb)(&result);
1840 }
1841 }
1842
1843 /*******************************************************************************
1844 *
1845 * Function btm_read_rssi_timeout
1846 *
1847 * Description Callback when reading the RSSI times out.
1848 *
1849 * Returns void
1850 *
1851 ******************************************************************************/
btm_read_rssi_timeout(UNUSED_ATTR void * data)1852 void btm_read_rssi_timeout(UNUSED_ATTR void* data) {
1853 tBTM_RSSI_RESULT result;
1854 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
1855 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
1856 result.status = BTM_DEVICE_TIMEOUT;
1857 if (p_cb) (*p_cb)(&result);
1858 }
1859
1860 /*******************************************************************************
1861 *
1862 * Function btm_read_rssi_complete
1863 *
1864 * Description This function is called when the command complete message
1865 * is received from the HCI for the read rssi request.
1866 *
1867 * Returns void
1868 *
1869 ******************************************************************************/
btm_read_rssi_complete(uint8_t * p)1870 void btm_read_rssi_complete(uint8_t* p) {
1871 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
1872 tBTM_RSSI_RESULT result;
1873
1874 alarm_cancel(btm_cb.devcb.read_rssi_timer);
1875 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
1876
1877 /* If there was a registered callback, call it */
1878 if (p_cb) {
1879 STREAM_TO_UINT8(result.hci_status, p);
1880 result.status = BTM_ERR_PROCESSING;
1881
1882 if (result.hci_status == HCI_SUCCESS) {
1883 uint16_t handle;
1884 STREAM_TO_UINT16(handle, p);
1885
1886 STREAM_TO_UINT8(result.rssi, p);
1887 LOG_DEBUG("Read rrsi complete rssi:%hhd hci status:%s", result.rssi,
1888 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
1889 .c_str());
1890
1891 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1892 if (p_acl_cb != nullptr) {
1893 result.rem_bda = p_acl_cb->remote_addr;
1894 result.status = BTM_SUCCESS;
1895 }
1896 }
1897 (*p_cb)(&result);
1898 }
1899 }
1900
1901 /*******************************************************************************
1902 *
1903 * Function btm_read_failed_contact_counter_timeout
1904 *
1905 * Description Callback when reading the failed contact counter times out.
1906 *
1907 * Returns void
1908 *
1909 ******************************************************************************/
btm_read_failed_contact_counter_timeout(UNUSED_ATTR void * data)1910 void btm_read_failed_contact_counter_timeout(UNUSED_ATTR void* data) {
1911 tBTM_FAILED_CONTACT_COUNTER_RESULT result;
1912 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_failed_contact_counter_cmpl_cb;
1913 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = NULL;
1914 result.status = BTM_DEVICE_TIMEOUT;
1915 if (p_cb) (*p_cb)(&result);
1916 }
1917
1918 /*******************************************************************************
1919 *
1920 * Function btm_read_failed_contact_counter_complete
1921 *
1922 * Description This function is called when the command complete message
1923 * is received from the HCI for the read failed contact
1924 * counter request.
1925 *
1926 * Returns void
1927 *
1928 ******************************************************************************/
btm_read_failed_contact_counter_complete(uint8_t * p)1929 void btm_read_failed_contact_counter_complete(uint8_t* p) {
1930 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_failed_contact_counter_cmpl_cb;
1931 tBTM_FAILED_CONTACT_COUNTER_RESULT result;
1932
1933 alarm_cancel(btm_cb.devcb.read_failed_contact_counter_timer);
1934 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = NULL;
1935
1936 /* If there was a registered callback, call it */
1937 if (p_cb) {
1938 uint16_t handle;
1939 STREAM_TO_UINT8(result.hci_status, p);
1940
1941 if (result.hci_status == HCI_SUCCESS) {
1942 result.status = BTM_SUCCESS;
1943
1944 STREAM_TO_UINT16(handle, p);
1945
1946 STREAM_TO_UINT16(result.failed_contact_counter, p);
1947 LOG_DEBUG(
1948 "Failed contact counter complete: counter %u, hci status:%s",
1949 result.failed_contact_counter,
1950 hci_status_code_text(to_hci_status_code(result.hci_status)).c_str());
1951
1952 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1953 if (p_acl_cb != nullptr) {
1954 result.rem_bda = p_acl_cb->remote_addr;
1955 }
1956 } else {
1957 result.status = BTM_ERR_PROCESSING;
1958 }
1959
1960 (*p_cb)(&result);
1961 }
1962 }
1963
1964 /*******************************************************************************
1965 *
1966 * Function btm_read_automatic_flush_timeout_complete
1967 *
1968 * Description This function is called when the command complete message
1969 * is received from the HCI for the read automatic flush
1970 * timeout request.
1971 *
1972 * Returns void
1973 *
1974 ******************************************************************************/
btm_read_automatic_flush_timeout_complete(uint8_t * p)1975 void btm_read_automatic_flush_timeout_complete(uint8_t* p) {
1976 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb;
1977 tBTM_AUTOMATIC_FLUSH_TIMEOUT_RESULT result;
1978
1979 alarm_cancel(btm_cb.devcb.read_automatic_flush_timeout_timer);
1980 btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb = nullptr;
1981
1982 /* If there was a registered callback, call it */
1983 if (p_cb) {
1984 uint16_t handle;
1985 STREAM_TO_UINT8(result.hci_status, p);
1986 result.status = BTM_ERR_PROCESSING;
1987
1988 if (result.hci_status == HCI_SUCCESS) {
1989 result.status = BTM_SUCCESS;
1990
1991 STREAM_TO_UINT16(handle, p);
1992 STREAM_TO_UINT16(result.automatic_flush_timeout, p);
1993 LOG_DEBUG(
1994 "Read automatic flush timeout complete timeout:%hu hci_status:%s",
1995 result.automatic_flush_timeout,
1996 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
1997 .c_str());
1998
1999 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
2000 if (p_acl_cb != nullptr) {
2001 result.rem_bda = p_acl_cb->remote_addr;
2002 }
2003 }
2004 (*p_cb)(&result);
2005 }
2006 }
2007
2008 /*******************************************************************************
2009 *
2010 * Function btm_read_link_quality_timeout
2011 *
2012 * Description Callback when reading the link quality times out.
2013 *
2014 * Returns void
2015 *
2016 ******************************************************************************/
btm_read_link_quality_timeout(UNUSED_ATTR void * data)2017 void btm_read_link_quality_timeout(UNUSED_ATTR void* data) {
2018 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2019 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2020 if (p_cb) (*p_cb)((void*)NULL);
2021 }
2022
2023 /*******************************************************************************
2024 *
2025 * Function btm_read_link_quality_complete
2026 *
2027 * Description This function is called when the command complete message
2028 * is received from the HCI for the read link quality.
2029 *
2030 * Returns void
2031 *
2032 ******************************************************************************/
btm_read_link_quality_complete(uint8_t * p)2033 void btm_read_link_quality_complete(uint8_t* p) {
2034 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2035 tBTM_LINK_QUALITY_RESULT result;
2036
2037 alarm_cancel(btm_cb.devcb.read_link_quality_timer);
2038 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2039
2040 /* If there was a registered callback, call it */
2041 if (p_cb) {
2042 STREAM_TO_UINT8(result.hci_status, p);
2043
2044 if (result.hci_status == HCI_SUCCESS) {
2045 uint16_t handle;
2046 result.status = BTM_SUCCESS;
2047
2048 STREAM_TO_UINT16(handle, p);
2049
2050 STREAM_TO_UINT8(result.link_quality, p);
2051 LOG_DEBUG("BTM Link Quality Complete: Link Quality %d, hci status:%s",
2052 result.link_quality,
2053 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
2054 .c_str());
2055
2056 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
2057 if (p_acl_cb != nullptr) {
2058 result.rem_bda = p_acl_cb->remote_addr;
2059 }
2060 } else {
2061 result.status = BTM_ERR_PROCESSING;
2062 }
2063
2064 (*p_cb)(&result);
2065 }
2066 }
2067
2068 /*******************************************************************************
2069 *
2070 * Function btm_remove_acl
2071 *
2072 * Description This function is called to disconnect an ACL connection
2073 *
2074 * Returns BTM_SUCCESS if successfully initiated, otherwise
2075 * BTM_NO_RESOURCES.
2076 *
2077 ******************************************************************************/
btm_remove_acl(const RawAddress & bd_addr,tBT_TRANSPORT transport)2078 tBTM_STATUS btm_remove_acl(const RawAddress& bd_addr, tBT_TRANSPORT transport) {
2079 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2080 if (transport == BT_TRANSPORT_LE) {
2081 LOG(ERROR) << __func__ << ": Unsupported";
2082 }
2083 bluetooth::shim::L2CA_DisconnectLink(bd_addr);
2084 return BTM_SUCCESS;
2085 }
2086
2087 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, transport);
2088 if (p_acl == nullptr) {
2089 LOG_WARN("Unable to find active acl");
2090 return BTM_UNKNOWN_ADDR;
2091 }
2092
2093 if (p_acl->Handle() == HCI_INVALID_HANDLE) {
2094 LOG_WARN("Cannot remove unknown acl bd_addr:%s transport:%s",
2095 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
2096 return BTM_UNKNOWN_ADDR;
2097 }
2098
2099 if (p_acl->rs_disc_pending == BTM_SEC_RS_PENDING) {
2100 LOG_DEBUG(
2101 "Delay disconnect until role switch is complete bd_addr:%s "
2102 "transport:%s",
2103 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
2104 p_acl->rs_disc_pending = BTM_SEC_DISC_PENDING;
2105 return BTM_SUCCESS;
2106 }
2107
2108 hci_btsnd_hcic_disconnect(*p_acl, HCI_ERR_PEER_USER);
2109 return BTM_SUCCESS;
2110 }
2111
2112 /*******************************************************************************
2113 *
2114 * Function BTM_SetTraceLevel
2115 *
2116 * Description This function sets the trace level for BTM. If called with
2117 * a value of 0xFF, it simply returns the current trace level.
2118 *
2119 * Returns The new or current trace level
2120 *
2121 ******************************************************************************/
BTM_SetTraceLevel(uint8_t new_level)2122 uint8_t BTM_SetTraceLevel(uint8_t new_level) {
2123 if (new_level != 0xFF) btm_cb.trace_level = new_level;
2124
2125 return (btm_cb.trace_level);
2126 }
2127
btm_cont_rswitch_from_handle(uint16_t hci_handle)2128 void btm_cont_rswitch_from_handle(uint16_t hci_handle) {
2129 tACL_CONN* p = internal_.acl_get_connection_from_handle(hci_handle);
2130 if (p == nullptr) {
2131 LOG_WARN("Role switch received but with no active ACL");
2132 return;
2133 }
2134
2135 /* Check to see if encryption needs to be turned off if pending
2136 change of link key or role switch */
2137 if (p->is_switch_role_mode_change()) {
2138 /* Must turn off Encryption first if necessary */
2139 /* Some devices do not support switch or change of link key while encryption
2140 * is on */
2141 if (p->is_encrypted && !IsEprAvailable(*p)) {
2142 p->set_encryption_off();
2143 if (p->is_switch_role_mode_change()) {
2144 p->set_switch_role_encryption_off();
2145 }
2146 } else /* Encryption not used or EPR supported, continue with switch
2147 and/or change of link key */
2148 {
2149 if (p->is_switch_role_mode_change()) {
2150 internal_.hci_start_role_switch_to_central(*p);
2151 }
2152 }
2153 }
2154 }
2155
2156 /*******************************************************************************
2157 *
2158 * Function btm_acl_resubmit_page
2159 *
2160 * Description send pending page request
2161 *
2162 ******************************************************************************/
btm_acl_resubmit_page(void)2163 void btm_acl_resubmit_page(void) {
2164 BT_HDR* p_buf;
2165 uint8_t* pp;
2166 /* If there were other page request schedule can start the next one */
2167 p_buf = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue);
2168 if (p_buf != NULL) {
2169 /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
2170 * for both create_conn and rmt_name */
2171 pp = (uint8_t*)(p_buf + 1) + p_buf->offset + 3;
2172
2173 RawAddress bda;
2174 STREAM_TO_BDADDR(bda, pp);
2175
2176 btm_cb.connecting_bda = bda;
2177 memcpy(btm_cb.connecting_dc, btm_get_dev_class(bda), DEV_CLASS_LEN);
2178
2179 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
2180 } else {
2181 btm_cb.paging = false;
2182 }
2183 }
2184
2185 /*******************************************************************************
2186 *
2187 * Function btm_acl_reset_paging
2188 *
2189 * Description set paging to false and free the page queue - called at
2190 * hci_reset
2191 *
2192 ******************************************************************************/
btm_acl_reset_paging(void)2193 void btm_acl_reset_paging(void) {
2194 BT_HDR* p;
2195 /* If we sent reset we are definitely not paging any more */
2196 while ((p = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL)
2197 osi_free(p);
2198
2199 btm_cb.paging = false;
2200 }
2201
2202 /*******************************************************************************
2203 *
2204 * Function btm_acl_paging
2205 *
2206 * Description send a paging command or queue it in btm_cb
2207 *
2208 ******************************************************************************/
btm_acl_paging(BT_HDR * p,const RawAddress & bda)2209 void btm_acl_paging(BT_HDR* p, const RawAddress& bda) {
2210 // This function is called by the device initiating the connection.
2211 // If no role change is requested from the remote device, we want
2212 // to classify the connection initiator as the central device.
2213 if (delayed_role_change_ == nullptr) {
2214 RoleChangeView role_change;
2215 role_change.bd_addr = bda;
2216 role_change.new_role = HCI_ROLE_CENTRAL;
2217 delayed_role_change_ =
2218 std::make_unique<RoleChangeView>(std::move(role_change));
2219 }
2220 if (!BTM_IsAclConnectionUp(bda, BT_TRANSPORT_BR_EDR)) {
2221 VLOG(1) << "connecting_bda: " << btm_cb.connecting_bda;
2222 if (btm_cb.paging && bda == btm_cb.connecting_bda) {
2223 fixed_queue_enqueue(btm_cb.page_queue, p);
2224 } else {
2225 btm_cb.connecting_bda = bda;
2226 memcpy(btm_cb.connecting_dc, btm_get_dev_class(bda), DEV_CLASS_LEN);
2227
2228 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
2229 }
2230
2231 btm_cb.paging = true;
2232 } else /* ACL is already up */
2233 {
2234 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
2235 }
2236 }
2237
2238 /*******************************************************************************
2239 *
2240 * Function btm_acl_notif_conn_collision
2241 *
2242 * Description Send connection collision event to upper layer if registered
2243 *
2244 *
2245 ******************************************************************************/
btm_acl_notif_conn_collision(const RawAddress & bda)2246 void btm_acl_notif_conn_collision(const RawAddress& bda) {
2247 do_in_main_thread(FROM_HERE, base::Bind(bta_sys_notify_collision, bda));
2248 }
2249
BTM_BLE_IS_RESOLVE_BDA(const RawAddress & x)2250 bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x) {
2251 return ((x.address)[0] & BLE_RESOLVE_ADDR_MASK) == BLE_RESOLVE_ADDR_MSB;
2252 }
2253
acl_refresh_remote_address(const RawAddress & identity_address,tBLE_ADDR_TYPE identity_address_type,const RawAddress & bda,tBLE_ADDR_TYPE rra_type,const RawAddress & rpa)2254 bool acl_refresh_remote_address(const RawAddress& identity_address,
2255 tBLE_ADDR_TYPE identity_address_type,
2256 const RawAddress& bda, tBLE_ADDR_TYPE rra_type,
2257 const RawAddress& rpa) {
2258 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bda, BT_TRANSPORT_LE);
2259 if (p_acl == nullptr) {
2260 LOG_WARN("Unable to find active acl");
2261 return false;
2262 }
2263
2264 if (rra_type == tBTM_SEC_BLE::BTM_BLE_ADDR_PSEUDO) {
2265 /* use identity address, resolvable_private_addr is empty */
2266 if (rpa.IsEmpty()) {
2267 p_acl->active_remote_addr_type = identity_address_type;
2268 p_acl->active_remote_addr = identity_address;
2269 } else {
2270 p_acl->active_remote_addr_type = BLE_ADDR_RANDOM;
2271 p_acl->active_remote_addr = rpa;
2272 }
2273 } else {
2274 p_acl->active_remote_addr_type = rra_type;
2275 p_acl->active_remote_addr = rpa;
2276 }
2277
2278 LOG_DEBUG("active_remote_addr_type: %d ", p_acl->active_remote_addr_type);
2279 return true;
2280 }
2281
acl_peer_supports_ble_connection_parameters_request(const RawAddress & remote_bda)2282 bool acl_peer_supports_ble_connection_parameters_request(
2283 const RawAddress& remote_bda) {
2284 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
2285 if (p_acl == nullptr) {
2286 LOG_WARN("Unable to find active acl");
2287 return false;
2288 }
2289 if (!p_acl->peer_le_features_valid) {
2290 LOG_WARN(
2291 "Checking remote features but remote feature read is "
2292 "incomplete");
2293 }
2294 return HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl->peer_le_features);
2295 }
2296
acl_peer_supports_sniff_subrating(const RawAddress & remote_bda)2297 bool acl_peer_supports_sniff_subrating(const RawAddress& remote_bda) {
2298 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
2299 if (p_acl == nullptr) {
2300 LOG_WARN("Unable to find active acl");
2301 return false;
2302 }
2303 if (!p_acl->peer_lmp_feature_valid[0]) {
2304 LOG_WARN(
2305 "Checking remote features but remote feature read is "
2306 "incomplete");
2307 }
2308 return HCI_SNIFF_SUB_RATE_SUPPORTED(p_acl->peer_lmp_feature_pages[0]);
2309 }
2310
2311 /*******************************************************************************
2312 *
2313 * Function BTM_ReadConnectionAddr
2314 *
2315 * Description This function is called to get the local device address
2316 * information.
2317 *
2318 * Returns void
2319 *
2320 ******************************************************************************/
BTM_ReadConnectionAddr(const RawAddress & remote_bda,RawAddress & local_conn_addr,tBLE_ADDR_TYPE * p_addr_type)2321 void BTM_ReadConnectionAddr(const RawAddress& remote_bda,
2322 RawAddress& local_conn_addr,
2323 tBLE_ADDR_TYPE* p_addr_type) {
2324 if (bluetooth::shim::is_gd_shim_enabled()) {
2325 return bluetooth::shim::BTM_ReadConnectionAddr(remote_bda, local_conn_addr,
2326 p_addr_type);
2327 }
2328
2329 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2330 bluetooth::shim::L2CA_ReadConnectionAddr(remote_bda, local_conn_addr,
2331 p_addr_type);
2332 return;
2333 } else if (bluetooth::shim::is_gd_scanning_enabled()) {
2334 bluetooth::shim::ACL_ReadConnectionAddress(remote_bda, local_conn_addr,
2335 p_addr_type);
2336 return;
2337 }
2338
2339 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
2340
2341 if (p_acl == NULL) {
2342 LOG_WARN("Unable to find active acl");
2343 return;
2344 }
2345 local_conn_addr = p_acl->conn_addr;
2346 *p_addr_type = p_acl->conn_addr_type;
2347
2348 LOG_DEBUG("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
2349 p_acl->conn_addr_type, p_acl->conn_addr.address[0]);
2350 }
2351
2352 /*******************************************************************************
2353 *
2354 * Function BTM_IsBleConnection
2355 *
2356 * Description This function is called to check if the connection handle
2357 * for an LE link
2358 *
2359 * Returns true if connection is LE link, otherwise false.
2360 *
2361 ******************************************************************************/
BTM_IsBleConnection(uint16_t hci_handle)2362 bool BTM_IsBleConnection(uint16_t hci_handle) {
2363 if (bluetooth::shim::is_gd_shim_enabled()) {
2364 ASSERT_LOG(false, "This should not be invoked from code path");
2365 }
2366
2367 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2368 return bluetooth::shim::L2CA_IsLeLink(hci_handle);
2369 }
2370
2371 const tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2372 if (p_acl == nullptr) return false;
2373 return p_acl->is_transport_ble();
2374 }
2375
acl_address_from_handle(uint16_t handle)2376 const RawAddress acl_address_from_handle(uint16_t handle) {
2377 tACL_CONN* p_acl = acl_get_connection_from_handle(handle);
2378 if (p_acl == nullptr) {
2379 return RawAddress::kEmpty;
2380 }
2381 return p_acl->remote_addr;
2382 }
2383
2384 /*******************************************************************************
2385 *
2386 * Function btm_ble_refresh_local_resolvable_private_addr
2387 *
2388 * Description This function refresh the currently used resolvable private
2389 * address for the active link to the remote device
2390 *
2391 ******************************************************************************/
btm_ble_refresh_local_resolvable_private_addr(const RawAddress & pseudo_addr,const RawAddress & local_rpa)2392 void btm_ble_refresh_local_resolvable_private_addr(
2393 const RawAddress& pseudo_addr, const RawAddress& local_rpa) {
2394 tACL_CONN* p_acl = internal_.btm_bda_to_acl(pseudo_addr, BT_TRANSPORT_LE);
2395 if (p_acl == nullptr) {
2396 LOG_WARN("Unable to find active acl");
2397 return;
2398 }
2399
2400 if (btm_cb.ble_ctr_cb.privacy_mode == BTM_PRIVACY_NONE) {
2401 p_acl->conn_addr_type = BLE_ADDR_PUBLIC;
2402 p_acl->conn_addr = *controller_get_interface()->get_address();
2403 } else {
2404 p_acl->conn_addr_type = BLE_ADDR_RANDOM;
2405 if (local_rpa.IsEmpty()) {
2406 p_acl->conn_addr = btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr;
2407 } else {
2408 p_acl->conn_addr = local_rpa;
2409 }
2410 }
2411 }
2412
sco_peer_supports_esco_2m_phy(const RawAddress & remote_bda)2413 bool sco_peer_supports_esco_2m_phy(const RawAddress& remote_bda) {
2414 uint8_t* features = BTM_ReadRemoteFeatures(remote_bda);
2415 if (features == nullptr) {
2416 LOG_WARN(
2417 "Checking remote features but remote feature read is "
2418 "incomplete");
2419 return false;
2420 }
2421 return HCI_EDR_ESCO_2MPS_SUPPORTED(features);
2422 }
2423
sco_peer_supports_esco_3m_phy(const RawAddress & remote_bda)2424 bool sco_peer_supports_esco_3m_phy(const RawAddress& remote_bda) {
2425 uint8_t* features = BTM_ReadRemoteFeatures(remote_bda);
2426 if (features == nullptr) {
2427 LOG_WARN(
2428 "Checking remote features but remote feature read is "
2429 "incomplete");
2430 return false;
2431 }
2432 return HCI_EDR_ESCO_3MPS_SUPPORTED(features);
2433 }
2434
acl_is_switch_role_idle(const RawAddress & bd_addr,tBT_TRANSPORT transport)2435 bool acl_is_switch_role_idle(const RawAddress& bd_addr,
2436 tBT_TRANSPORT transport) {
2437 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, transport);
2438 if (p_acl == nullptr) {
2439 LOG_WARN("Unable to find active acl");
2440 return false;
2441 }
2442 return p_acl->is_switch_role_idle();
2443 }
2444
2445 /*******************************************************************************
2446 *
2447 * Function BTM_ReadRemoteConnectionAddr
2448 *
2449 * Description This function is read the remote device address currently used
2450 *
2451 * Parameters pseudo_addr: pseudo random address available
2452 * conn_addr:connection address used
2453 * p_addr_type : BD Address type, Public or Random of the address
2454 * used
2455 *
2456 * Returns bool, true if connection to remote device exists, else false
2457 *
2458 ******************************************************************************/
BTM_ReadRemoteConnectionAddr(const RawAddress & pseudo_addr,RawAddress & conn_addr,tBLE_ADDR_TYPE * p_addr_type)2459 bool BTM_ReadRemoteConnectionAddr(const RawAddress& pseudo_addr,
2460 RawAddress& conn_addr,
2461 tBLE_ADDR_TYPE* p_addr_type) {
2462 if (bluetooth::shim::is_gd_shim_enabled()) {
2463 return bluetooth::shim::BTM_ReadRemoteConnectionAddr(pseudo_addr, conn_addr,
2464 p_addr_type);
2465 }
2466
2467 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2468 return bluetooth::shim::L2CA_ReadRemoteConnectionAddr(
2469 pseudo_addr, conn_addr, p_addr_type);
2470 }
2471
2472 bool st = true;
2473 tACL_CONN* p_acl = internal_.btm_bda_to_acl(pseudo_addr, BT_TRANSPORT_LE);
2474
2475 if (p_acl == NULL) {
2476 LOG_WARN("Unable to find active acl");
2477 return false;
2478 }
2479
2480 conn_addr = p_acl->active_remote_addr;
2481 *p_addr_type = p_acl->active_remote_addr_type;
2482 return st;
2483 }
2484
acl_link_role_from_handle(uint16_t handle)2485 uint8_t acl_link_role_from_handle(uint16_t handle) {
2486 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2487 if (p_acl == nullptr) {
2488 return HCI_ROLE_UNKNOWN;
2489 }
2490 return p_acl->link_role;
2491 }
2492
acl_peer_supports_ble_packet_extension(uint16_t hci_handle)2493 bool acl_peer_supports_ble_packet_extension(uint16_t hci_handle) {
2494 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2495 if (p_acl == nullptr) {
2496 return false;
2497 }
2498 if (!p_acl->peer_le_features_valid) {
2499 LOG_WARN(
2500 "Checking remote features but remote feature read is "
2501 "incomplete");
2502 }
2503 return HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features);
2504 }
2505
acl_peer_supports_ble_2m_phy(uint16_t hci_handle)2506 bool acl_peer_supports_ble_2m_phy(uint16_t hci_handle) {
2507 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2508 if (p_acl == nullptr) {
2509 return false;
2510 }
2511 if (!p_acl->peer_le_features_valid) {
2512 LOG_WARN(
2513 "Checking remote features but remote feature read is "
2514 "incomplete");
2515 }
2516 return HCI_LE_2M_PHY_SUPPORTED(p_acl->peer_le_features);
2517 }
2518
acl_peer_supports_ble_coded_phy(uint16_t hci_handle)2519 bool acl_peer_supports_ble_coded_phy(uint16_t hci_handle) {
2520 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2521 if (p_acl == nullptr) {
2522 return false;
2523 }
2524 if (!p_acl->peer_le_features_valid) {
2525 LOG_WARN(
2526 "Checking remote features but remote feature read is "
2527 "incomplete");
2528 return false;
2529 }
2530 return HCI_LE_CODED_PHY_SUPPORTED(p_acl->peer_le_features);
2531 }
2532
acl_set_disconnect_reason(tHCI_STATUS acl_disc_reason)2533 void acl_set_disconnect_reason(tHCI_STATUS acl_disc_reason) {
2534 btm_cb.acl_cb_.set_disconnect_reason(acl_disc_reason);
2535 }
2536
acl_is_role_switch_allowed()2537 bool acl_is_role_switch_allowed() {
2538 return btm_cb.acl_cb_.DefaultLinkPolicy() &
2539 HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH;
2540 }
2541
acl_get_supported_packet_types()2542 uint16_t acl_get_supported_packet_types() {
2543 return btm_cb.acl_cb_.DefaultPacketTypes();
2544 }
2545
acl_set_peer_le_features_from_handle(uint16_t hci_handle,const uint8_t * p)2546 bool acl_set_peer_le_features_from_handle(uint16_t hci_handle,
2547 const uint8_t* p) {
2548 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2549 if (p_acl == nullptr) {
2550 return false;
2551 }
2552 STREAM_TO_ARRAY(p_acl->peer_le_features, p, BD_FEATURES_LEN);
2553 p_acl->peer_le_features_valid = true;
2554 LOG_DEBUG("Completed le feature read request");
2555 return true;
2556 }
2557
on_acl_br_edr_connected(const RawAddress & bda,uint16_t handle,uint8_t enc_mode)2558 void on_acl_br_edr_connected(const RawAddress& bda, uint16_t handle,
2559 uint8_t enc_mode) {
2560 if (delayed_role_change_ != nullptr && delayed_role_change_->bd_addr == bda) {
2561 btm_sec_connected(bda, handle, HCI_SUCCESS, enc_mode,
2562 delayed_role_change_->new_role);
2563 } else {
2564 btm_sec_connected(bda, handle, HCI_SUCCESS, enc_mode);
2565 }
2566 delayed_role_change_ = nullptr;
2567 btm_acl_set_paging(false);
2568 l2c_link_hci_conn_comp(HCI_SUCCESS, handle, bda);
2569 constexpr uint16_t link_supervision_timeout = 8000;
2570 BTM_SetLinkSuperTout(bda, link_supervision_timeout);
2571
2572 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2573 if (p_acl == nullptr) {
2574 LOG_WARN("Unable to find active acl");
2575 return;
2576 }
2577
2578 /*
2579 * The legacy code path informs the upper layer via the BTA
2580 * layer after all relevant read_remote_ commands are complete.
2581 * The GD code path has ownership of the read_remote_ commands
2582 * and thus may inform the upper layers about the connection.
2583 */
2584 if (bluetooth::shim::is_gd_acl_enabled()) {
2585 NotifyAclLinkUp(*p_acl);
2586 }
2587 }
2588
on_acl_br_edr_failed(const RawAddress & bda,tHCI_STATUS status)2589 void on_acl_br_edr_failed(const RawAddress& bda, tHCI_STATUS status) {
2590 ASSERT_LOG(status != HCI_SUCCESS,
2591 "Successful connection entering failing code path");
2592 if (delayed_role_change_ != nullptr && delayed_role_change_->bd_addr == bda) {
2593 btm_sec_connected(bda, HCI_INVALID_HANDLE, status, false,
2594 delayed_role_change_->new_role);
2595 } else {
2596 btm_sec_connected(bda, HCI_INVALID_HANDLE, status, false);
2597 }
2598 delayed_role_change_ = nullptr;
2599 btm_acl_set_paging(false);
2600 l2c_link_hci_conn_comp(status, HCI_INVALID_HANDLE, bda);
2601 }
2602
btm_acl_connected(const RawAddress & bda,uint16_t handle,tHCI_STATUS status,uint8_t enc_mode)2603 void btm_acl_connected(const RawAddress& bda, uint16_t handle,
2604 tHCI_STATUS status, uint8_t enc_mode) {
2605 switch (status) {
2606 case HCI_SUCCESS:
2607 return on_acl_br_edr_connected(bda, handle, enc_mode);
2608 default:
2609 return on_acl_br_edr_failed(bda, status);
2610 }
2611 }
2612
btm_acl_disconnected(tHCI_STATUS status,uint16_t handle,tHCI_REASON reason)2613 void btm_acl_disconnected(tHCI_STATUS status, uint16_t handle,
2614 tHCI_REASON reason) {
2615 if (status != HCI_SUCCESS) {
2616 LOG_WARN("Received disconnect with error:%s",
2617 hci_error_code_text(status).c_str());
2618 }
2619
2620 /* There can be a case when we rejected PIN code authentication */
2621 /* otherwise save a new reason */
2622 if (btm_get_acl_disc_reason_code() != HCI_ERR_HOST_REJECT_SECURITY) {
2623 acl_set_disconnect_reason(static_cast<tHCI_STATUS>(reason));
2624 }
2625
2626 /* If L2CAP or SCO doesn't know about it, send it to ISO */
2627 if (!l2c_link_hci_disc_comp(handle, reason) &&
2628 !btm_sco_removed(handle, reason)) {
2629 bluetooth::hci::IsoManager::GetInstance()->HandleDisconnect(handle, reason);
2630 }
2631
2632 /* Notify security manager */
2633 btm_sec_disconnected(handle, reason);
2634 }
2635
2636 constexpr uint16_t kDefaultPacketTypes =
2637 HCI_PKT_TYPES_MASK_DM1 | HCI_PKT_TYPES_MASK_DH1 | HCI_PKT_TYPES_MASK_DM3 |
2638 HCI_PKT_TYPES_MASK_DH3 | HCI_PKT_TYPES_MASK_DM5 | HCI_PKT_TYPES_MASK_DH5;
2639
acl_create_classic_connection(const RawAddress & bd_addr,bool there_are_high_priority_channels,bool is_bonding)2640 void acl_create_classic_connection(const RawAddress& bd_addr,
2641 bool there_are_high_priority_channels,
2642 bool is_bonding) {
2643 if (bluetooth::shim::is_gd_acl_enabled()) {
2644 return bluetooth::shim::ACL_CreateClassicConnection(bd_addr);
2645 }
2646
2647 const bool controller_supports_role_switch =
2648 controller_get_interface()->supports_role_switch();
2649 const bool acl_allows_role_switch = acl_is_role_switch_allowed();
2650
2651 /* FW team says that we can participant in 4 piconets
2652 * typically 3 piconet + 1 for scanning.
2653 * We can enhance the code to count the number of piconets later. */
2654 uint8_t allow_role_switch = HCI_CR_CONN_NOT_ALLOW_SWITCH;
2655 if (((acl_allows_role_switch && (BTM_GetNumAclLinks() < 3)) ||
2656 (is_bonding && !there_are_high_priority_channels &&
2657 controller_supports_role_switch)))
2658 allow_role_switch = HCI_CR_CONN_ALLOW_SWITCH;
2659
2660 /* Check with the BT manager if details about remote device are known */
2661 uint8_t page_scan_rep_mode{HCI_PAGE_SCAN_REP_MODE_R1};
2662 uint8_t page_scan_mode{HCI_MANDATARY_PAGE_SCAN_MODE};
2663 uint16_t clock_offset = BTM_GetClockOffset(bd_addr);
2664
2665 tBTM_INQ_INFO* p_inq_info = BTM_InqDbRead(bd_addr);
2666 if (p_inq_info != nullptr &&
2667 (p_inq_info->results.inq_result_type & BTM_INQ_RESULT_BR)) {
2668 page_scan_rep_mode = p_inq_info->results.page_scan_rep_mode;
2669 page_scan_mode = p_inq_info->results.page_scan_mode;
2670 clock_offset = p_inq_info->results.clock_offset;
2671 }
2672
2673 btsnd_hcic_create_conn(bd_addr, kDefaultPacketTypes, page_scan_rep_mode,
2674 page_scan_mode, clock_offset, allow_role_switch);
2675 btm_acl_set_paging(true);
2676 }
2677
btm_acl_connection_request(const RawAddress & bda,uint8_t * dc)2678 void btm_acl_connection_request(const RawAddress& bda, uint8_t* dc) {
2679 btm_sec_conn_req(bda, dc);
2680 l2c_link_hci_conn_req(bda);
2681 }
2682
acl_accept_connection_request(const RawAddress & bd_addr,uint8_t role)2683 void acl_accept_connection_request(const RawAddress& bd_addr, uint8_t role) {
2684 btsnd_hcic_accept_conn(bd_addr, role);
2685 }
2686
acl_reject_connection_request(const RawAddress & bd_addr,uint8_t reason)2687 void acl_reject_connection_request(const RawAddress& bd_addr, uint8_t reason) {
2688 btsnd_hcic_reject_conn(bd_addr, reason);
2689 }
2690
acl_disconnect_from_handle(uint16_t handle,tHCI_STATUS reason)2691 void acl_disconnect_from_handle(uint16_t handle, tHCI_STATUS reason) {
2692 acl_disconnect_after_role_switch(handle, reason);
2693 }
2694
acl_disconnect_after_role_switch(uint16_t conn_handle,tHCI_STATUS reason)2695 void acl_disconnect_after_role_switch(uint16_t conn_handle,
2696 tHCI_STATUS reason) {
2697 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(conn_handle);
2698 if (p_acl == nullptr) {
2699 LOG_ERROR("Sending disconnect for unknown acl:%hu PLEASE FIX", conn_handle);
2700 GetLegacyHciInterface().Disconnect(conn_handle, reason);
2701 return;
2702 }
2703
2704 /* If a role switch is in progress, delay the HCI Disconnect to avoid
2705 * controller problem */
2706 if (p_acl->rs_disc_pending == BTM_SEC_RS_PENDING) {
2707 LOG_DEBUG(
2708 "Role switch in progress - Set DISC Pending flag in "
2709 "btm_sec_send_hci_disconnect "
2710 "to delay disconnect");
2711 p_acl->rs_disc_pending = BTM_SEC_DISC_PENDING;
2712 } else {
2713 LOG_DEBUG("Sending acl disconnect reason:%s [%hu]",
2714 hci_error_code_text(reason).c_str(), reason);
2715 hci_btsnd_hcic_disconnect(*p_acl, reason);
2716 }
2717 }
2718
2719 constexpr uint16_t kDataPacketEventBrEdr = (BT_EVT_TO_LM_HCI_ACL);
2720 constexpr uint16_t kDataPacketEventBle =
2721 (BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID);
2722
acl_send_data_packet_br_edr(const RawAddress & bd_addr,BT_HDR * p_buf)2723 void acl_send_data_packet_br_edr(const RawAddress& bd_addr, BT_HDR* p_buf) {
2724 if (bluetooth::shim::is_gd_acl_enabled()) {
2725 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
2726 if (p_acl == nullptr) {
2727 LOG_WARN("Acl br_edr data write for unknown device:%s",
2728 PRIVATE_ADDRESS(bd_addr));
2729 osi_free(p_buf);
2730 return;
2731 }
2732 return bluetooth::shim::ACL_WriteData(p_acl->hci_handle, p_buf);
2733 }
2734 bte_main_hci_send(p_buf, kDataPacketEventBrEdr);
2735 }
2736
acl_send_data_packet_ble(const RawAddress & bd_addr,BT_HDR * p_buf)2737 void acl_send_data_packet_ble(const RawAddress& bd_addr, BT_HDR* p_buf) {
2738 if (bluetooth::shim::is_gd_acl_enabled()) {
2739 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
2740 if (p_acl == nullptr) {
2741 LOG_WARN("Acl le data write for unknown device:%s",
2742 PRIVATE_ADDRESS(bd_addr));
2743 osi_free(p_buf);
2744 return;
2745 }
2746 return bluetooth::shim::ACL_WriteData(p_acl->hci_handle, p_buf);
2747 }
2748 bte_main_hci_send(p_buf, kDataPacketEventBle);
2749 }
2750
acl_write_automatic_flush_timeout(const RawAddress & bd_addr,uint16_t flush_timeout_in_ticks)2751 void acl_write_automatic_flush_timeout(const RawAddress& bd_addr,
2752 uint16_t flush_timeout_in_ticks) {
2753 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
2754 if (p_acl == nullptr) {
2755 LOG_WARN("Unable to find active acl");
2756 return;
2757 }
2758 if (p_acl->flush_timeout_in_ticks == flush_timeout_in_ticks) {
2759 LOG_INFO(
2760 "Ignoring since cached value is same as requested flush_timeout:%hd",
2761 flush_timeout_in_ticks);
2762 return;
2763 }
2764 flush_timeout_in_ticks &= HCI_MAX_AUTOMATIC_FLUSH_TIMEOUT;
2765 p_acl->flush_timeout_in_ticks = flush_timeout_in_ticks;
2766 btsnd_hcic_write_auto_flush_tout(p_acl->hci_handle, flush_timeout_in_ticks);
2767 }
2768
acl_create_le_connection_with_id(uint8_t id,const RawAddress & bd_addr)2769 bool acl_create_le_connection_with_id(uint8_t id, const RawAddress& bd_addr) {
2770 if (bluetooth::shim::is_gd_acl_enabled()) {
2771 tBLE_BD_ADDR address_with_type{
2772 .bda = bd_addr,
2773 .type = BLE_ADDR_RANDOM,
2774 };
2775 gatt_find_in_device_record(bd_addr, &address_with_type);
2776 LOG_DEBUG("Creating le connection to:%s",
2777 address_with_type.ToString().c_str());
2778 bluetooth::shim::ACL_AcceptLeConnectionFrom(address_with_type,
2779 /* is_direct */ true);
2780 return true;
2781 }
2782 return connection_manager::direct_connect_add(id, bd_addr);
2783 }
2784
acl_create_le_connection(const RawAddress & bd_addr)2785 bool acl_create_le_connection(const RawAddress& bd_addr) {
2786 return acl_create_le_connection_with_id(CONN_MGR_ID_L2CAP, bd_addr);
2787 }
2788
acl_rcv_acl_data(BT_HDR * p_msg)2789 void acl_rcv_acl_data(BT_HDR* p_msg) {
2790 acl_header_t acl_header{
2791 .handle = HCI_INVALID_HANDLE,
2792 .hci_len = 0,
2793 };
2794 const uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
2795
2796 STREAM_TO_UINT16(acl_header.handle, p);
2797 acl_header.handle = HCID_GET_HANDLE(acl_header.handle);
2798
2799 STREAM_TO_UINT16(acl_header.hci_len, p);
2800 if (acl_header.hci_len < L2CAP_PKT_OVERHEAD ||
2801 acl_header.hci_len != p_msg->len - sizeof(acl_header)) {
2802 LOG_WARN("Received mismatched hci header length:%u data_len:%zu",
2803 acl_header.hci_len, p_msg->len - sizeof(acl_header));
2804 osi_free(p_msg);
2805 return;
2806 }
2807 l2c_rcv_acl_data(p_msg);
2808 }
2809
acl_link_segments_xmitted(BT_HDR * p_msg)2810 void acl_link_segments_xmitted(BT_HDR* p_msg) {
2811 l2c_link_segments_xmitted(p_msg);
2812 }
2813
acl_packets_completed(uint16_t handle,uint16_t credits)2814 void acl_packets_completed(uint16_t handle, uint16_t credits) {
2815 l2c_packets_completed(handle, credits);
2816 }
2817
acl_parse_num_completed_pkts(uint8_t * p,uint8_t evt_len)2818 static void acl_parse_num_completed_pkts(uint8_t* p, uint8_t evt_len) {
2819 if (evt_len == 0) {
2820 LOG_ERROR("Received num completed packets with zero length");
2821 return;
2822 }
2823
2824 uint8_t num_handles{0};
2825 STREAM_TO_UINT8(num_handles, p);
2826
2827 if (num_handles > evt_len / (2 * sizeof(uint16_t))) {
2828 android_errorWriteLog(0x534e4554, "141617601");
2829 num_handles = evt_len / (2 * sizeof(uint16_t));
2830 }
2831
2832 for (uint8_t xx = 0; xx < num_handles; xx++) {
2833 uint16_t handle{0};
2834 uint16_t num_packets{0};
2835 STREAM_TO_UINT16(handle, p);
2836 handle = HCID_GET_HANDLE(handle);
2837 STREAM_TO_UINT16(num_packets, p);
2838 acl_packets_completed(handle, num_packets);
2839 }
2840 }
2841
acl_process_num_completed_pkts(uint8_t * p,uint8_t evt_len)2842 void acl_process_num_completed_pkts(uint8_t* p, uint8_t evt_len) {
2843 if (bluetooth::shim::is_gd_acl_enabled()) {
2844 acl_parse_num_completed_pkts(p, evt_len);
2845 } else {
2846 l2c_link_process_num_completed_pkts(p, evt_len);
2847 }
2848 bluetooth::hci::IsoManager::GetInstance()->HandleNumComplDataPkts(p, evt_len);
2849 }
2850
acl_process_supported_features(uint16_t handle,uint64_t features)2851 void acl_process_supported_features(uint16_t handle, uint64_t features) {
2852 ASSERT_LOG(bluetooth::shim::is_gd_acl_enabled(),
2853 "Should only be called when gd_acl enabled");
2854
2855 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2856 if (p_acl == nullptr) {
2857 LOG_WARN("Unable to find active acl");
2858 return;
2859 }
2860 const uint8_t current_page_number = 0;
2861
2862 memcpy(p_acl->peer_lmp_feature_pages[current_page_number],
2863 (uint8_t*)&features, sizeof(uint64_t));
2864 p_acl->peer_lmp_feature_valid[current_page_number] = true;
2865
2866 LOG_DEBUG(
2867 "Copied supported feature pages handle:%hu current_page_number:%hhu "
2868 "features:%s",
2869 handle, current_page_number,
2870 bd_features_text(p_acl->peer_lmp_feature_pages[current_page_number])
2871 .c_str());
2872
2873 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl->peer_lmp_feature_pages[0])) &&
2874 (controller_get_interface()
2875 ->supports_reading_remote_extended_features())) {
2876 LOG_DEBUG("Waiting for remote extended feature response to arrive");
2877 } else {
2878 LOG_DEBUG("No more remote features outstanding so notify upper layer");
2879 NotifyAclFeaturesReadComplete(*p_acl, current_page_number);
2880 }
2881 }
2882
acl_process_extended_features(uint16_t handle,uint8_t current_page_number,uint8_t max_page_number,uint64_t features)2883 void acl_process_extended_features(uint16_t handle, uint8_t current_page_number,
2884 uint8_t max_page_number, uint64_t features) {
2885 ASSERT_LOG(bluetooth::shim::is_gd_acl_enabled(),
2886 "Should only be called when gd_acl enabled");
2887
2888 if (current_page_number > HCI_EXT_FEATURES_PAGE_MAX) {
2889 LOG_WARN("Unable to process current_page_number:%hhu", current_page_number);
2890 return;
2891 }
2892 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2893 if (p_acl == nullptr) {
2894 LOG_WARN("Unable to find active acl");
2895 return;
2896 }
2897 memcpy(p_acl->peer_lmp_feature_pages[current_page_number],
2898 (uint8_t*)&features, sizeof(uint64_t));
2899 p_acl->peer_lmp_feature_valid[current_page_number] = true;
2900
2901 LOG_DEBUG(
2902 "Copied extended feature pages handle:%hu current_page_number:%hhu "
2903 "max_page_number:%hhu features:%s",
2904 handle, current_page_number, max_page_number,
2905 bd_features_text(p_acl->peer_lmp_feature_pages[current_page_number])
2906 .c_str());
2907
2908 if (max_page_number == current_page_number) {
2909 NotifyAclFeaturesReadComplete(*p_acl, max_page_number);
2910 }
2911 }
2912
ACL_RegisterClient(struct acl_client_callback_s * callbacks)2913 void ACL_RegisterClient(struct acl_client_callback_s* callbacks) {
2914 LOG_DEBUG("UNIMPLEMENTED");
2915 }
2916
ACL_UnregisterClient(struct acl_client_callback_s * callbacks)2917 void ACL_UnregisterClient(struct acl_client_callback_s* callbacks) {
2918 LOG_DEBUG("UNIMPLEMENTED");
2919 }
2920
ACL_SupportTransparentSynchronousData(const RawAddress & bd_addr)2921 bool ACL_SupportTransparentSynchronousData(const RawAddress& bd_addr) {
2922 const tACL_CONN* p_acl =
2923 internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
2924 if (p_acl == nullptr) {
2925 LOG_WARN("Unable to find active acl");
2926 return false;
2927 }
2928
2929 return HCI_LMP_TRANSPNT_SUPPORTED(p_acl->peer_lmp_feature_pages[0]);
2930 }
2931
acl_add_to_ignore_auto_connect_after_disconnect(const RawAddress & bd_addr)2932 void acl_add_to_ignore_auto_connect_after_disconnect(
2933 const RawAddress& bd_addr) {
2934 btm_cb.acl_cb_.AddToIgnoreAutoConnectAfterDisconnect(bd_addr);
2935 }
2936
acl_check_and_clear_ignore_auto_connect_after_disconnect(const RawAddress & bd_addr)2937 bool acl_check_and_clear_ignore_auto_connect_after_disconnect(
2938 const RawAddress& bd_addr) {
2939 return btm_cb.acl_cb_.CheckAndClearIgnoreAutoConnectAfterDisconnect(bd_addr);
2940 }
2941
acl_clear_all_ignore_auto_connect_after_disconnect()2942 void acl_clear_all_ignore_auto_connect_after_disconnect() {
2943 btm_cb.acl_cb_.ClearAllIgnoreAutoConnectAfterDisconnect();
2944 }
2945
2946 /**
2947 * Confusingly, immutable device features are stored in the
2948 * ephemeral connection data structure while connection security
2949 * is stored in the device record.
2950 *
2951 * This HACK allows legacy security protocols to work as intended under
2952 * those conditions.
2953 */
HACK_acl_check_sm4(tBTM_SEC_DEV_REC & record)2954 void HACK_acl_check_sm4(tBTM_SEC_DEV_REC& record) {
2955 // Return if we already know this info
2956 if ((record.sm4 & BTM_SM4_TRUE) != BTM_SM4_UNKNOWN) return;
2957
2958 tACL_CONN* p_acl =
2959 internal_.btm_bda_to_acl(record.RemoteAddress(), BT_TRANSPORT_BR_EDR);
2960 if (p_acl == nullptr) {
2961 LOG_WARN("Unable to find active acl for authentication device:%s",
2962 PRIVATE_ADDRESS(record.RemoteAddress()));
2963 return;
2964 }
2965
2966 // If we have not received the SSP feature record
2967 // we have to wait
2968 if (!p_acl->peer_lmp_feature_valid[1]) {
2969 LOG_WARN(
2970 "Authentication started without extended feature page 1 request "
2971 "response");
2972 return;
2973 }
2974 record.sm4 = (HCI_SSP_HOST_SUPPORTED(p_acl->peer_lmp_feature_pages[1]))
2975 ? BTM_SM4_TRUE
2976 : BTM_SM4_KNOWN;
2977 }
2978