1 /******************************************************************************
2 *
3 * Copyright 2019 The Android Open Source Project
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <frameworks/proto_logging/stats/enums/bluetooth/enums.pb.h>
20 #include <frameworks/proto_logging/stats/enums/bluetooth/hci/enums.pb.h>
21
22 #include <bitset>
23
24 #include "bt_types.h"
25 #include "btm_int.h"
26 #include "common/metrics.h"
27 #include "device/include/controller.h"
28 #include "main/shim/shim.h"
29 #include "osi/include/log.h"
30 #include "stack/btm/btm_ble_int.h"
31 #include "stack/gatt/connection_manager.h"
32 #include "stack/include/acl_api.h"
33 #include "stack/include/ble_acl_interface.h"
34 #include "stack/include/ble_hci_link_interface.h"
35 #include "stack/include/hcimsgs.h"
36 #include "stack/include/l2cap_hci_link_interface.h"
37 #include "stack/include/stack_metrics_logging.h"
38
39 extern tBTM_CB btm_cb;
40
41 extern void btm_ble_advertiser_notify_terminated_legacy(
42 uint8_t status, uint16_t connection_handle);
43
44 extern bool btm_ble_init_pseudo_addr(tBTM_SEC_DEV_REC* p_dev_rec,
45 const RawAddress& new_pseudo_addr);
btm_send_hci_create_connection(uint16_t scan_int,uint16_t scan_win,uint8_t init_filter_policy,uint8_t addr_type_peer,const RawAddress & bda_peer,uint8_t addr_type_own,uint16_t conn_int_min,uint16_t conn_int_max,uint16_t conn_latency,uint16_t conn_timeout,uint16_t min_ce_len,uint16_t max_ce_len,uint8_t initiating_phys)46 void btm_send_hci_create_connection(
47 uint16_t scan_int, uint16_t scan_win, uint8_t init_filter_policy,
48 uint8_t addr_type_peer, const RawAddress& bda_peer, uint8_t addr_type_own,
49 uint16_t conn_int_min, uint16_t conn_int_max, uint16_t conn_latency,
50 uint16_t conn_timeout, uint16_t min_ce_len, uint16_t max_ce_len,
51 uint8_t initiating_phys) {
52 ASSERT_LOG(!bluetooth::shim::is_gd_acl_enabled(),
53 "When gd_acl enabled this code path should not be exercised");
54
55 if (controller_get_interface()->supports_ble_extended_advertising()) {
56 EXT_CONN_PHY_CFG phy_cfg[3]; // maximum three phys
57
58 int phy_cnt =
59 std::bitset<std::numeric_limits<uint8_t>::digits>(initiating_phys)
60 .count();
61
62 LOG_ASSERT(phy_cnt <= 3) << "More than three phys provided";
63 // TODO(jpawlowski): tune parameters for different transports
64 for (int i = 0; i < phy_cnt; i++) {
65 phy_cfg[i].scan_int = scan_int;
66 phy_cfg[i].scan_win = scan_win;
67 phy_cfg[i].conn_int_min = conn_int_min;
68 phy_cfg[i].conn_int_max = conn_int_max;
69 phy_cfg[i].conn_latency = conn_latency;
70 phy_cfg[i].sup_timeout = conn_timeout;
71 phy_cfg[i].min_ce_len = min_ce_len;
72 phy_cfg[i].max_ce_len = max_ce_len;
73 }
74
75 addr_type_peer &= ~BLE_ADDR_TYPE_ID_BIT;
76 btsnd_hcic_ble_ext_create_conn(init_filter_policy, addr_type_own,
77 addr_type_peer, bda_peer, initiating_phys,
78 phy_cfg);
79 } else {
80 btsnd_hcic_ble_create_ll_conn(scan_int, scan_win, init_filter_policy,
81 addr_type_peer, bda_peer, addr_type_own,
82 conn_int_min, conn_int_max, conn_latency,
83 conn_timeout, min_ce_len, max_ce_len);
84 }
85
86 btm_cb.ble_ctr_cb.set_connection_state_connecting();
87 btm_ble_set_topology_mask(BTM_BLE_STATE_INIT_BIT);
88 }
89
90 /** LE connection complete. */
btm_ble_create_ll_conn_complete(tHCI_STATUS status)91 void btm_ble_create_ll_conn_complete(tHCI_STATUS status) {
92 if (status == HCI_SUCCESS) return;
93
94 LOG(WARNING) << "LE Create Connection attempt failed, status="
95 << hci_error_code_text(status);
96
97 if (status == HCI_ERR_COMMAND_DISALLOWED) {
98 btm_cb.ble_ctr_cb.set_connection_state_connecting();
99 btm_ble_set_topology_mask(BTM_BLE_STATE_INIT_BIT);
100 LOG(ERROR) << "LE Create Connection - command disallowed";
101 } else {
102 btm_cb.ble_ctr_cb.set_connection_state_idle();
103 btm_ble_clear_topology_mask(BTM_BLE_STATE_INIT_BIT);
104 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status);
105 }
106 }
107
maybe_resolve_address(RawAddress * bda,tBLE_ADDR_TYPE * bda_type)108 bool maybe_resolve_address(RawAddress* bda, tBLE_ADDR_TYPE* bda_type) {
109 bool is_in_security_db = false;
110 tBLE_ADDR_TYPE peer_addr_type = *bda_type;
111 bool addr_is_rpa =
112 (peer_addr_type == BLE_ADDR_RANDOM && BTM_BLE_IS_RESOLVE_BDA(*bda));
113
114 /* We must translate whatever address we received into the "pseudo" address.
115 * i.e. if we bonded with device that was using RPA for first connection,
116 * "pseudo" address is equal to this RPA. If it later decides to use Public
117 * address, or Random Static Address, we convert it into the "pseudo"
118 * address here. */
119 if (!addr_is_rpa || peer_addr_type & BLE_ADDR_TYPE_ID_BIT) {
120 is_in_security_db = btm_identity_addr_to_random_pseudo(bda, bda_type, true);
121 }
122
123 /* possiblly receive connection complete with resolvable random while
124 the device has been paired */
125 if (!is_in_security_db && addr_is_rpa) {
126 tBTM_SEC_DEV_REC* match_rec = btm_ble_resolve_random_addr(*bda);
127 if (match_rec) {
128 LOG(INFO) << __func__ << ": matched and resolved random address";
129 is_in_security_db = true;
130 match_rec->ble.active_addr_type = tBTM_SEC_BLE::BTM_BLE_ADDR_RRA;
131 match_rec->ble.cur_rand_addr = *bda;
132 if (!btm_ble_init_pseudo_addr(match_rec, *bda)) {
133 /* assign the original address to be the current report address */
134 *bda = match_rec->ble.pseudo_addr;
135 *bda_type = match_rec->ble.ble_addr_type;
136 } else {
137 *bda = match_rec->bd_addr;
138 }
139 } else {
140 LOG(INFO) << __func__ << ": unable to match and resolve random address";
141 }
142 }
143 return is_in_security_db;
144 }
145
146 /** LE connection complete. */
btm_ble_conn_complete(uint8_t * p,UNUSED_ATTR uint16_t evt_len,bool enhanced)147 void btm_ble_conn_complete(uint8_t* p, UNUSED_ATTR uint16_t evt_len,
148 bool enhanced) {
149 RawAddress local_rpa, peer_rpa;
150 uint8_t raw_role, status;
151 tBLE_ADDR_TYPE bda_type;
152 uint16_t handle;
153 RawAddress bda;
154 uint16_t conn_interval, conn_latency, conn_timeout;
155
156 STREAM_TO_UINT8(status, p);
157 STREAM_TO_UINT16(handle, p);
158 STREAM_TO_UINT8(raw_role, p);
159 STREAM_TO_UINT8(bda_type, p);
160 STREAM_TO_BDADDR(bda, p);
161 if (enhanced) {
162 STREAM_TO_BDADDR(local_rpa, p);
163 STREAM_TO_BDADDR(peer_rpa, p);
164 }
165 STREAM_TO_UINT16(conn_interval, p);
166 STREAM_TO_UINT16(conn_latency, p);
167 STREAM_TO_UINT16(conn_timeout, p);
168 handle = HCID_GET_HANDLE(handle);
169
170 uint32_t hci_ble_event =
171 enhanced ? android::bluetooth::hci::BLE_EVT_ENHANCED_CONN_COMPLETE_EVT
172 : android::bluetooth::hci::BLE_EVT_CONN_COMPLETE_EVT;
173
174 if (status == HCI_SUCCESS) {
175 tBLE_ADDR_TYPE peer_addr_type = bda_type;
176 bool is_in_security_db = maybe_resolve_address(&bda, &bda_type);
177
178 // Log for the HCI success case after maybe resolving Bluetooth address
179 log_link_layer_connection_event(
180 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN,
181 android::bluetooth::LINK_TYPE_ACL, android::bluetooth::hci::CMD_UNKNOWN,
182 android::bluetooth::hci::EVT_BLE_META, hci_ble_event, status,
183 android::bluetooth::hci::STATUS_UNKNOWN);
184
185 tBLE_BD_ADDR address_with_type{.bda = bda, .type = bda_type};
186 tHCI_ROLE role = to_hci_role(raw_role);
187 if (enhanced) {
188 acl_ble_enhanced_connection_complete(
189 address_with_type, handle, role, is_in_security_db, conn_interval,
190 conn_latency, conn_timeout, local_rpa, peer_rpa, peer_addr_type);
191
192 } else {
193 acl_ble_connection_complete(address_with_type, handle, role,
194 is_in_security_db, conn_interval,
195 conn_latency, conn_timeout);
196 }
197 } else {
198 log_link_layer_connection_event(
199 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN,
200 android::bluetooth::LINK_TYPE_ACL, android::bluetooth::hci::CMD_UNKNOWN,
201 android::bluetooth::hci::EVT_BLE_META, hci_ble_event, status,
202 android::bluetooth::hci::STATUS_UNKNOWN);
203
204 tBLE_BD_ADDR address_with_type{.bda = bda, .type = bda_type};
205 acl_ble_connection_fail(address_with_type, handle, enhanced,
206 static_cast<tHCI_STATUS>(status));
207 }
208 }
209
btm_ble_create_conn_cancel()210 void btm_ble_create_conn_cancel() {
211 ASSERT_LOG(!bluetooth::shim::is_gd_acl_enabled(),
212 "When gd_acl enabled this code path should not be exercised");
213
214 btsnd_hcic_ble_create_conn_cancel();
215 btm_cb.ble_ctr_cb.set_connection_state_cancelled();
216 btm_ble_clear_topology_mask(BTM_BLE_STATE_INIT_BIT);
217 }
218
btm_ble_create_conn_cancel_complete(uint8_t * p)219 void btm_ble_create_conn_cancel_complete(uint8_t* p) {
220 uint8_t status;
221 STREAM_TO_UINT8(status, p);
222 if (status != HCI_SUCCESS) {
223 // Only log errors to prevent log spam due to acceptlist connections
224 log_link_layer_connection_event(
225 nullptr, bluetooth::common::kUnknownConnectionHandle,
226 android::bluetooth::DIRECTION_OUTGOING,
227 android::bluetooth::LINK_TYPE_ACL,
228 android::bluetooth::hci::CMD_BLE_CREATE_CONN_CANCEL,
229 android::bluetooth::hci::EVT_COMMAND_COMPLETE,
230 android::bluetooth::hci::BLE_EVT_UNKNOWN, status,
231 android::bluetooth::hci::STATUS_UNKNOWN);
232 }
233
234 if (status == HCI_ERR_COMMAND_DISALLOWED) {
235 /* This is a sign that logic around keeping connection state is broken */
236 LOG(ERROR)
237 << "Attempt to cancel LE connection, when no connection is pending.";
238 if (btm_cb.ble_ctr_cb.is_connection_state_cancelled()) {
239 btm_cb.ble_ctr_cb.set_connection_state_idle();
240 btm_ble_clear_topology_mask(BTM_BLE_STATE_INIT_BIT);
241 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, nullptr,
242 static_cast<tHCI_STATUS>(status));
243 }
244 }
245 }
246