1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include <base/bind.h>
31 #include <base/location.h>
32 #include <cstdint>
33
34 #include "btif/include/btif_config.h"
35 #include "common/metrics.h"
36 #include "device/include/controller.h"
37 #include "osi/include/log.h"
38 #include "stack/include/acl_hci_link_interface.h"
39 #include "stack/include/ble_acl_interface.h"
40 #include "stack/include/ble_hci_link_interface.h"
41 #include "stack/include/btm_iso_api.h"
42 #include "stack/include/btu.h"
43 #include "stack/include/dev_hci_link_interface.h"
44 #include "stack/include/gatt_api.h"
45 #include "stack/include/hci_error_code.h"
46 #include "stack/include/hci_evt_length.h"
47 #include "stack/include/hcidefs.h"
48 #include "stack/include/inq_hci_link_interface.h"
49 #include "stack/include/l2cap_hci_link_interface.h"
50 #include "stack/include/sco_hci_link_interface.h"
51 #include "stack/include/sec_hci_link_interface.h"
52 #include "stack/include/stack_metrics_logging.h"
53 #include "types/hci_role.h"
54
55 using base::Location;
56 using bluetooth::hci::IsoManager;
57
58 bool l2c_link_hci_disc_comp(uint16_t handle,
59 tHCI_REASON reason); // TODO remove
60 bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x); // TODO remove
61 void BTA_sys_signal_hw_error(); // TODO remove
62 void smp_cancel_start_encryption_attempt(); // TODO remove
63 void acl_disconnect_from_handle(uint16_t handle,
64 tHCI_STATUS reason); // TODO remove
65
66 /******************************************************************************/
67 /* L O C A L F U N C T I O N P R O T O T Y P E S */
68 /******************************************************************************/
69 static void btu_hcif_inquiry_comp_evt(uint8_t* p);
70
71 static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len);
72 static void btu_hcif_connection_request_evt(uint8_t* p);
73 static void btu_hcif_disconnection_comp_evt(uint8_t* p);
74 static void btu_hcif_authentication_comp_evt(uint8_t* p);
75 static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len);
76 static void btu_hcif_encryption_change_evt(uint8_t* p);
77 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
78 uint8_t evt_len);
79 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
80 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
81 void* context);
82 static void btu_hcif_hardware_error_evt(uint8_t* p);
83 static void btu_hcif_role_change_evt(uint8_t* p);
84 static void btu_hcif_mode_change_evt(uint8_t* p);
85 static void btu_hcif_link_key_notification_evt(uint8_t* p);
86 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
87 static void btu_hcif_esco_connection_comp_evt(uint8_t* p);
88 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
89
90 /* Simple Pairing Events */
91 static void btu_hcif_io_cap_request_evt(uint8_t* p);
92
93 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len);
94 static void btu_ble_proc_ltk_req(uint8_t* p);
95 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
96 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len);
97 static void btu_ble_rc_param_req_evt(uint8_t* p);
98
99 /**
100 * Log HCI event metrics that are not handled in special functions
101 * @param evt_code event code
102 * @param p_event pointer to event parameter, skipping paremter length
103 */
btu_hcif_log_event_metrics(uint8_t evt_code,uint8_t * p_event)104 void btu_hcif_log_event_metrics(uint8_t evt_code, uint8_t* p_event) {
105 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
106 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
107 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
108 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
109 int64_t value = 0;
110
111 RawAddress bda = RawAddress::kEmpty;
112 switch (evt_code) {
113 case HCI_IO_CAPABILITY_REQUEST_EVT:
114 case HCI_IO_CAPABILITY_RESPONSE_EVT:
115 case HCI_LINK_KEY_REQUEST_EVT:
116 case HCI_LINK_KEY_NOTIFICATION_EVT:
117 case HCI_USER_PASSKEY_REQUEST_EVT:
118 case HCI_USER_PASSKEY_NOTIFY_EVT:
119 case HCI_USER_CONFIRMATION_REQUEST_EVT:
120 case HCI_KEYPRESS_NOTIFY_EVT:
121 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
122 STREAM_TO_BDADDR(bda, p_event);
123 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
124 value);
125 break;
126 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
127 case HCI_RMT_NAME_REQUEST_COMP_EVT:
128 STREAM_TO_UINT8(status, p_event);
129 STREAM_TO_BDADDR(bda, p_event);
130 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
131 value);
132 break;
133 case HCI_AUTHENTICATION_COMP_EVT:
134 STREAM_TO_UINT8(status, p_event);
135 STREAM_TO_UINT16(handle, p_event);
136 handle = HCID_GET_HANDLE(handle);
137 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
138 value);
139 break;
140 case HCI_ENCRYPTION_CHANGE_EVT: {
141 uint8_t encryption_enabled;
142 STREAM_TO_UINT8(status, p_event);
143 STREAM_TO_UINT16(handle, p_event);
144 STREAM_TO_UINT8(encryption_enabled, p_event);
145 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
146 encryption_enabled);
147 break;
148 }
149 case HCI_CONNECTION_COMP_EVT: {
150 uint8_t link_type;
151 STREAM_TO_UINT8(status, p_event);
152 STREAM_TO_UINT16(handle, p_event);
153 STREAM_TO_BDADDR(bda, p_event);
154 STREAM_TO_UINT8(link_type, p_event);
155 handle = HCID_GET_HANDLE(handle);
156 log_link_layer_connection_event(
157 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
158 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
159
160 // Read SDP_DI manufacturer, model, HW version from config,
161 // and log them
162 int sdp_di_manufacturer_id = 0;
163 int sdp_di_model_id = 0;
164 int sdp_di_hw_version = 0;
165 int sdp_di_vendor_id_source = 0;
166 std::string bda_string = bda.ToString();
167 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_MANUFACTURER,
168 &sdp_di_manufacturer_id);
169 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_MODEL,
170 &sdp_di_model_id);
171 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_HW_VERSION,
172 &sdp_di_hw_version);
173 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_VENDOR_ID_SRC,
174 &sdp_di_vendor_id_source);
175
176 std::stringstream ss;
177 // [N - native]::SDP::[DIP - Device ID Profile]
178 ss << "N:SDP::DIP::" << loghex(sdp_di_vendor_id_source);
179 log_manufacturer_info(
180 bda, android::bluetooth::DeviceInfoSrcEnum::DEVICE_INFO_INTERNAL,
181 ss.str(), loghex(sdp_di_manufacturer_id), loghex(sdp_di_model_id),
182 loghex(sdp_di_hw_version), "");
183
184 // Read LMP version, subversion and manufacturer from config,
185 // and log them
186 int lmp_version = -1;
187 int lmp_subversion = -1;
188 int lmp_manufacturer_id = -1;
189 btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_VER,
190 &lmp_version);
191 btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_SUBVER,
192 &lmp_subversion);
193 btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_MFCT,
194 &lmp_manufacturer_id);
195 bluetooth::common::LogRemoteVersionInfo(
196 handle, status, lmp_version, lmp_manufacturer_id, lmp_subversion);
197 break;
198 }
199 case HCI_CONNECTION_REQUEST_EVT: {
200 DEV_CLASS dc;
201 uint8_t link_type;
202 STREAM_TO_BDADDR(bda, p_event);
203 STREAM_TO_DEVCLASS(dc, p_event);
204 STREAM_TO_UINT8(link_type, p_event);
205 log_link_layer_connection_event(
206 &bda, bluetooth::common::kUnknownConnectionHandle,
207 android::bluetooth::DIRECTION_INCOMING, link_type, cmd, evt_code,
208 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
209 break;
210 }
211 case HCI_DISCONNECTION_COMP_EVT: {
212 STREAM_TO_UINT8(status, p_event);
213 STREAM_TO_UINT16(handle, p_event);
214 STREAM_TO_UINT8(reason, p_event);
215 handle = HCID_GET_HANDLE(handle);
216 log_link_layer_connection_event(
217 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
218 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
219 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
220 break;
221 }
222 case HCI_ESCO_CONNECTION_COMP_EVT: {
223 uint8_t link_type;
224 STREAM_TO_UINT8(status, p_event);
225 STREAM_TO_UINT16(handle, p_event);
226 STREAM_TO_BDADDR(bda, p_event);
227 STREAM_TO_UINT8(link_type, p_event);
228 handle = HCID_GET_HANDLE(handle);
229 log_link_layer_connection_event(
230 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
231 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
232 break;
233 }
234 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
235 STREAM_TO_UINT8(status, p_event);
236 STREAM_TO_UINT16(handle, p_event);
237 handle = HCID_GET_HANDLE(handle);
238 log_link_layer_connection_event(
239 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
240 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
241 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
242 break;
243 }
244 }
245 }
246
247 /*******************************************************************************
248 *
249 * Function btu_hcif_process_event
250 *
251 * Description This function is called when an event is received from
252 * the Host Controller.
253 *
254 * Returns void
255 *
256 ******************************************************************************/
btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,BT_HDR * p_msg)257 void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_msg) {
258 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
259 uint8_t hci_evt_code, hci_evt_len;
260 uint8_t ble_sub_code;
261 STREAM_TO_UINT8(hci_evt_code, p);
262 STREAM_TO_UINT8(hci_evt_len, p);
263
264 // validate event size
265 if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
266 HCI_TRACE_WARNING("%s: evt:0x%2X, malformed event of size %hhd", __func__,
267 hci_evt_code, hci_evt_len);
268 return;
269 }
270
271 btu_hcif_log_event_metrics(hci_evt_code, p);
272
273 switch (hci_evt_code) {
274 case HCI_INQUIRY_COMP_EVT:
275 btu_hcif_inquiry_comp_evt(p);
276 break;
277 case HCI_INQUIRY_RESULT_EVT:
278 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_STANDARD);
279 break;
280 case HCI_INQUIRY_RSSI_RESULT_EVT:
281 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_WITH_RSSI);
282 break;
283 case HCI_EXTENDED_INQUIRY_RESULT_EVT:
284 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_EXTENDED);
285 break;
286 case HCI_CONNECTION_COMP_EVT:
287 btu_hcif_connection_comp_evt(p, hci_evt_len);
288 break;
289 case HCI_CONNECTION_REQUEST_EVT:
290 btu_hcif_connection_request_evt(p);
291 break;
292 case HCI_DISCONNECTION_COMP_EVT:
293 btu_hcif_disconnection_comp_evt(p);
294 break;
295 case HCI_AUTHENTICATION_COMP_EVT:
296 btu_hcif_authentication_comp_evt(p);
297 break;
298 case HCI_RMT_NAME_REQUEST_COMP_EVT:
299 btu_hcif_rmt_name_request_comp_evt(p, hci_evt_len);
300 break;
301 case HCI_ENCRYPTION_CHANGE_EVT:
302 btu_hcif_encryption_change_evt(p);
303 break;
304 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
305 btu_hcif_encryption_key_refresh_cmpl_evt(p);
306 break;
307 case HCI_READ_RMT_FEATURES_COMP_EVT:
308 btm_read_remote_features_complete_raw(p);
309 break;
310 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
311 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
312 break;
313 case HCI_READ_RMT_VERSION_COMP_EVT:
314 btm_read_remote_version_complete_raw(p);
315 break;
316 case HCI_COMMAND_COMPLETE_EVT:
317 LOG_ERROR(
318 "%s should not have received a command complete event. "
319 "Someone didn't go through the hci transmit_command function.",
320 __func__);
321 break;
322 case HCI_COMMAND_STATUS_EVT:
323 LOG_ERROR(
324 "%s should not have received a command status event. "
325 "Someone didn't go through the hci transmit_command function.",
326 __func__);
327 break;
328 case HCI_HARDWARE_ERROR_EVT:
329 btu_hcif_hardware_error_evt(p);
330 break;
331 case HCI_ROLE_CHANGE_EVT:
332 btu_hcif_role_change_evt(p);
333 break;
334 case HCI_NUM_COMPL_DATA_PKTS_EVT:
335 acl_process_num_completed_pkts(p, hci_evt_len);
336 break;
337 case HCI_MODE_CHANGE_EVT:
338 btu_hcif_mode_change_evt(p);
339 break;
340 case HCI_PIN_CODE_REQUEST_EVT:
341 btm_sec_pin_code_request(p);
342 break;
343 case HCI_LINK_KEY_REQUEST_EVT:
344 btm_sec_link_key_request(p);
345 break;
346 case HCI_LINK_KEY_NOTIFICATION_EVT:
347 btu_hcif_link_key_notification_evt(p);
348 break;
349 case HCI_READ_CLOCK_OFF_COMP_EVT:
350 btu_hcif_read_clock_off_comp_evt(p);
351 break;
352 case HCI_ESCO_CONNECTION_COMP_EVT:
353 btu_hcif_esco_connection_comp_evt(p);
354 break;
355 case HCI_ESCO_CONNECTION_CHANGED_EVT:
356 btu_hcif_esco_connection_chg_evt(p);
357 break;
358 case HCI_SNIFF_SUB_RATE_EVT:
359 btm_pm_proc_ssr_evt(p, hci_evt_len);
360 break;
361 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
362 btm_sec_rmt_host_support_feat_evt(p);
363 break;
364 case HCI_IO_CAPABILITY_REQUEST_EVT:
365 btu_hcif_io_cap_request_evt(p);
366 break;
367 case HCI_IO_CAPABILITY_RESPONSE_EVT:
368 btm_io_capabilities_rsp(p);
369 break;
370 case HCI_USER_CONFIRMATION_REQUEST_EVT:
371 btm_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
372 break;
373 case HCI_USER_PASSKEY_REQUEST_EVT:
374 btm_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
375 break;
376 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
377 btm_rem_oob_req(p);
378 break;
379 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
380 btm_simple_pair_complete(p);
381 break;
382 case HCI_USER_PASSKEY_NOTIFY_EVT:
383 btm_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
384 break;
385
386 case HCI_BLE_EVENT: {
387 STREAM_TO_UINT8(ble_sub_code, p);
388
389 uint8_t ble_evt_len = hci_evt_len - 1;
390 switch (ble_sub_code) {
391 case HCI_BLE_ADV_PKT_RPT_EVT: /* result of inquiry */
392 btm_ble_process_adv_pkt(ble_evt_len, p);
393 break;
394 case HCI_BLE_CONN_COMPLETE_EVT:
395 btm_ble_conn_complete(p, hci_evt_len, false);
396 break;
397 case HCI_BLE_LL_CONN_PARAM_UPD_EVT:
398 btu_ble_ll_conn_param_upd_evt(p, hci_evt_len);
399 break;
400 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
401 btm_ble_read_remote_features_complete(p);
402 break;
403 case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */
404 btu_ble_proc_ltk_req(p);
405 break;
406 case HCI_BLE_ENHANCED_CONN_COMPLETE_EVT:
407 btm_ble_conn_complete(p, hci_evt_len, true);
408 break;
409 case HCI_BLE_RC_PARAM_REQ_EVT:
410 btu_ble_rc_param_req_evt(p);
411 break;
412 case HCI_BLE_DATA_LENGTH_CHANGE_EVT:
413 btu_ble_data_length_change_evt(p, hci_evt_len);
414 break;
415
416 case HCI_BLE_PHY_UPDATE_COMPLETE_EVT:
417 btm_ble_process_phy_update_pkt(ble_evt_len, p);
418 break;
419
420 case HCI_LE_EXTENDED_ADVERTISING_REPORT_EVT:
421 btm_ble_process_ext_adv_pkt(hci_evt_len, p);
422 break;
423
424 case HCI_LE_ADVERTISING_SET_TERMINATED_EVT:
425 btm_le_on_advertising_set_terminated(p, hci_evt_len);
426 break;
427
428 case HCI_BLE_REQ_PEER_SCA_CPL_EVT:
429 btm_acl_process_sca_cmpl_pkt(ble_evt_len, p);
430 break;
431
432 case HCI_BLE_PERIODIC_ADV_SYNC_EST_EVT:
433 btm_ble_process_periodic_adv_sync_est_evt(ble_evt_len, p);
434 break;
435
436 case HCI_BLE_PERIODIC_ADV_REPORT_EVT:
437 btm_ble_process_periodic_adv_pkt(ble_evt_len, p);
438 break;
439
440 case HCI_BLE_PERIODIC_ADV_SYNC_LOST_EVT:
441 btm_ble_process_periodic_adv_sync_lost_evt(ble_evt_len, p);
442 break;
443
444 case HCI_BLE_CIS_EST_EVT:
445 case HCI_BLE_CREATE_BIG_CPL_EVT:
446 case HCI_BLE_TERM_BIG_CPL_EVT:
447 case HCI_BLE_CIS_REQ_EVT:
448 case HCI_BLE_BIG_SYNC_EST_EVT:
449 case HCI_BLE_BIG_SYNC_LOST_EVT:
450 IsoManager::GetInstance()->HandleHciEvent(ble_sub_code, p,
451 ble_evt_len);
452 break;
453 }
454 break;
455 }
456
457 case HCI_VENDOR_SPECIFIC_EVT:
458 btm_vendor_specific_evt(p, hci_evt_len);
459 break;
460 }
461 }
462
btu_hcif_log_command_metrics(uint16_t opcode,uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)463 static void btu_hcif_log_command_metrics(uint16_t opcode, uint8_t* p_cmd,
464 uint16_t cmd_status,
465 bool is_cmd_status) {
466 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
467
468 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
469 if (!is_cmd_status) {
470 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
471 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
472 }
473
474 RawAddress bd_addr;
475 uint16_t handle;
476 uint8_t reason;
477
478 switch (opcode) {
479 case HCI_CREATE_CONNECTION:
480 case HCI_CREATE_CONNECTION_CANCEL:
481 STREAM_TO_BDADDR(bd_addr, p_cmd);
482 log_link_layer_connection_event(
483 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
484 android::bluetooth::DIRECTION_OUTGOING,
485 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
486 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
487 break;
488 case HCI_DISCONNECT:
489 STREAM_TO_UINT16(handle, p_cmd);
490 STREAM_TO_UINT8(reason, p_cmd);
491 log_link_layer_connection_event(
492 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
493 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
494 kUnknownBleEvt, cmd_status, reason);
495 break;
496 case HCI_SETUP_ESCO_CONNECTION:
497 case HCI_ENH_SETUP_ESCO_CONNECTION:
498 STREAM_TO_UINT16(handle, p_cmd);
499 log_link_layer_connection_event(
500 nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
501 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
502 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
503 break;
504 case HCI_ACCEPT_CONNECTION_REQUEST:
505 case HCI_ACCEPT_ESCO_CONNECTION:
506 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
507 STREAM_TO_BDADDR(bd_addr, p_cmd);
508 log_link_layer_connection_event(
509 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
510 android::bluetooth::DIRECTION_INCOMING,
511 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
512 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
513 break;
514 case HCI_REJECT_CONNECTION_REQUEST:
515 case HCI_REJECT_ESCO_CONNECTION:
516 STREAM_TO_BDADDR(bd_addr, p_cmd);
517 STREAM_TO_UINT8(reason, p_cmd);
518 log_link_layer_connection_event(
519 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
520 android::bluetooth::DIRECTION_INCOMING,
521 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
522 kUnknownBleEvt, cmd_status, reason);
523 break;
524
525 // BLE Commands
526 case HCI_BLE_CREATE_LL_CONN: {
527 p_cmd += 2; // Skip LE_Scan_Interval
528 p_cmd += 2; // Skip LE_Scan_Window;
529 uint8_t initiator_filter_policy;
530 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
531 uint8_t peer_address_type;
532 STREAM_TO_UINT8(peer_address_type, p_cmd);
533 STREAM_TO_BDADDR(bd_addr, p_cmd);
534 // Peer address should not be used if initiator filter policy is not 0x00
535 const RawAddress* bd_addr_p = nullptr;
536 if (initiator_filter_policy == 0x00) {
537 bd_addr_p = &bd_addr;
538 if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
539 peer_address_type == BLE_ADDR_RANDOM_ID) {
540 // if identity address is not matched, this address is invalid
541 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
542 false)) {
543 bd_addr_p = nullptr;
544 }
545 }
546 }
547 if (initiator_filter_policy == 0x00 ||
548 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
549 // Selectively log to avoid log spam due to acceptlist connections:
550 // - When doing non-acceptlist connection
551 // - When there is an error in command status
552 log_link_layer_connection_event(
553 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
554 android::bluetooth::DIRECTION_OUTGOING,
555 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
556 kUnknownBleEvt, cmd_status,
557 android::bluetooth::hci::STATUS_UNKNOWN);
558 }
559 break;
560 }
561 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
562 uint8_t initiator_filter_policy;
563 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
564 p_cmd += 1; // Skip Own_Address_Type
565 uint8_t peer_addr_type;
566 STREAM_TO_UINT8(peer_addr_type, p_cmd);
567 STREAM_TO_BDADDR(bd_addr, p_cmd);
568 // Peer address should not be used if initiator filter policy is not 0x00
569 const RawAddress* bd_addr_p = nullptr;
570 if (initiator_filter_policy == 0x00) {
571 bd_addr_p = &bd_addr;
572 // if identity address is not matched, this should be a static address
573 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
574 }
575 if (initiator_filter_policy == 0x00 ||
576 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
577 // Selectively log to avoid log spam due to acceptlist connections:
578 // - When doing non-acceptlist connection
579 // - When there is an error in command status
580 log_link_layer_connection_event(
581 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
582 android::bluetooth::DIRECTION_OUTGOING,
583 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
584 kUnknownBleEvt, cmd_status,
585 android::bluetooth::hci::STATUS_UNKNOWN);
586 }
587 break;
588 }
589 case HCI_BLE_CREATE_CONN_CANCEL:
590 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
591 // Only log errors to prevent log spam due to acceptlist connections
592 log_link_layer_connection_event(
593 nullptr, bluetooth::common::kUnknownConnectionHandle,
594 android::bluetooth::DIRECTION_OUTGOING,
595 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
596 kUnknownBleEvt, cmd_status,
597 android::bluetooth::hci::STATUS_UNKNOWN);
598 }
599 break;
600 case HCI_BLE_CLEAR_ACCEPTLIST:
601 log_link_layer_connection_event(
602 nullptr, bluetooth::common::kUnknownConnectionHandle,
603 android::bluetooth::DIRECTION_INCOMING,
604 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
605 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
606 break;
607 case HCI_BLE_ADD_ACCEPTLIST:
608 case HCI_BLE_REMOVE_ACCEPTLIST: {
609 uint8_t peer_addr_type;
610 STREAM_TO_UINT8(peer_addr_type, p_cmd);
611 STREAM_TO_BDADDR(bd_addr, p_cmd);
612 const RawAddress* bd_addr_p = nullptr;
613 // When peer_addr_type is 0xFF, bd_addr should be ignored per BT spec
614 if (peer_addr_type != BLE_ADDR_ANONYMOUS) {
615 bd_addr_p = &bd_addr;
616 bool addr_is_rpa = peer_addr_type == BLE_ADDR_RANDOM &&
617 BTM_BLE_IS_RESOLVE_BDA(bd_addr);
618 // Only try to match identity address for pseudo if address is not RPA
619 if (!addr_is_rpa) {
620 // if identity address is not matched, this should be a static address
621 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
622 }
623 }
624 log_link_layer_connection_event(
625 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
626 android::bluetooth::DIRECTION_INCOMING,
627 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
628 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
629 break;
630 }
631 case HCI_READ_LOCAL_OOB_DATA:
632 log_classic_pairing_event(RawAddress::kEmpty,
633 bluetooth::common::kUnknownConnectionHandle,
634 opcode, hci_event, cmd_status,
635 android::bluetooth::hci::STATUS_UNKNOWN, 0);
636 break;
637 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
638 uint8_t simple_pairing_mode;
639 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
640 log_classic_pairing_event(
641 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
642 opcode, hci_event, cmd_status,
643 android::bluetooth::hci::STATUS_UNKNOWN, simple_pairing_mode);
644 break;
645 }
646 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
647 uint8_t secure_conn_host_support;
648 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
649 log_classic_pairing_event(
650 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
651 opcode, hci_event, cmd_status,
652 android::bluetooth::hci::STATUS_UNKNOWN, secure_conn_host_support);
653 break;
654 }
655 case HCI_AUTHENTICATION_REQUESTED:
656 STREAM_TO_UINT16(handle, p_cmd);
657 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
658 cmd_status,
659 android::bluetooth::hci::STATUS_UNKNOWN, 0);
660 break;
661 case HCI_SET_CONN_ENCRYPTION: {
662 STREAM_TO_UINT16(handle, p_cmd);
663 uint8_t encryption_enable;
664 STREAM_TO_UINT8(encryption_enable, p_cmd);
665 log_classic_pairing_event(
666 RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
667 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
668 break;
669 }
670 case HCI_DELETE_STORED_LINK_KEY: {
671 uint8_t delete_all_flag;
672 STREAM_TO_BDADDR(bd_addr, p_cmd);
673 STREAM_TO_UINT8(delete_all_flag, p_cmd);
674 log_classic_pairing_event(
675 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
676 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
677 delete_all_flag);
678 break;
679 }
680 case HCI_RMT_NAME_REQUEST:
681 case HCI_RMT_NAME_REQUEST_CANCEL:
682 case HCI_LINK_KEY_REQUEST_REPLY:
683 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
684 case HCI_IO_CAPABILITY_REQUEST_REPLY:
685 case HCI_USER_CONF_REQUEST_REPLY:
686 case HCI_USER_CONF_VALUE_NEG_REPLY:
687 case HCI_USER_PASSKEY_REQ_REPLY:
688 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
689 case HCI_REM_OOB_DATA_REQ_REPLY:
690 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
691 STREAM_TO_BDADDR(bd_addr, p_cmd);
692 log_classic_pairing_event(
693 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
694 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
695 break;
696 case HCI_IO_CAP_REQ_NEG_REPLY:
697 STREAM_TO_BDADDR(bd_addr, p_cmd);
698 STREAM_TO_UINT8(reason, p_cmd);
699 log_classic_pairing_event(bd_addr,
700 bluetooth::common::kUnknownConnectionHandle,
701 opcode, hci_event, cmd_status, reason, 0);
702 break;
703 }
704 }
705
706 /*******************************************************************************
707 *
708 * Function btu_hcif_send_cmd
709 *
710 * Description This function is called to send commands to the Host
711 * Controller.
712 *
713 * Returns void
714 *
715 ******************************************************************************/
btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id,BT_HDR * p_buf)716 void btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_buf) {
717 if (!p_buf) return;
718
719 uint16_t opcode;
720 uint8_t* stream = p_buf->data + p_buf->offset;
721 void* vsc_callback = NULL;
722
723 STREAM_TO_UINT16(opcode, stream);
724
725 // Eww...horrible hackery here
726 /* If command was a VSC, then extract command_complete callback */
727 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC ||
728 (opcode == HCI_BLE_RAND) || (opcode == HCI_BLE_ENCRYPT)) {
729 vsc_callback = *((void**)(p_buf + 1));
730 }
731
732 // Skip parameter length before logging
733 stream++;
734 btu_hcif_log_command_metrics(opcode, stream,
735 android::bluetooth::hci::STATUS_UNKNOWN, false);
736
737 hci_layer_get_interface()->transmit_command(
738 p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt,
739 vsc_callback);
740 }
741
742 using hci_cmd_cb = base::OnceCallback<void(
743 uint8_t* /* return_parameters */, uint16_t /* return_parameters_length*/)>;
744
745 struct cmd_with_cb_data {
746 hci_cmd_cb cb;
747 base::Location posted_from;
748 };
749
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)750 void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
751 new (&cb_wrapper->cb) hci_cmd_cb;
752 new (&cb_wrapper->posted_from) Location;
753 }
754
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)755 void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
756 cb_wrapper->cb.~hci_cmd_cb();
757 cb_wrapper->posted_from.~Location();
758 }
759
760 /**
761 * Log command complete events that is not handled individually in this file
762 * @param opcode opcode of the command
763 * @param p_return_params pointer to returned parameter after parameter length
764 * field
765 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,uint8_t * p_return_params)766 static void btu_hcif_log_command_complete_metrics(uint16_t opcode,
767 uint8_t* p_return_params) {
768 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
769 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
770 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
771 uint16_t hci_ble_event = android::bluetooth::hci::BLE_EVT_UNKNOWN;
772 RawAddress bd_addr = RawAddress::kEmpty;
773 switch (opcode) {
774 case HCI_BLE_CLEAR_ACCEPTLIST:
775 case HCI_BLE_ADD_ACCEPTLIST:
776 case HCI_BLE_REMOVE_ACCEPTLIST: {
777 STREAM_TO_UINT8(status, p_return_params);
778 log_link_layer_connection_event(
779 nullptr, bluetooth::common::kUnknownConnectionHandle,
780 android::bluetooth::DIRECTION_INCOMING,
781 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, hci_ble_event,
782 status, reason);
783 break;
784 }
785 case HCI_DELETE_STORED_LINK_KEY:
786 case HCI_READ_LOCAL_OOB_DATA:
787 case HCI_WRITE_SIMPLE_PAIRING_MODE:
788 case HCI_WRITE_SECURE_CONNS_SUPPORT:
789 STREAM_TO_UINT8(status, p_return_params);
790 log_classic_pairing_event(RawAddress::kEmpty,
791 bluetooth::common::kUnknownConnectionHandle,
792 opcode, hci_event, status, reason, 0);
793 break;
794 case HCI_READ_ENCR_KEY_SIZE: {
795 uint16_t handle;
796 uint8_t key_size;
797 STREAM_TO_UINT8(status, p_return_params);
798 STREAM_TO_UINT16(handle, p_return_params);
799 STREAM_TO_UINT8(key_size, p_return_params);
800 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
801 status, reason, key_size);
802 break;
803 }
804 case HCI_LINK_KEY_REQUEST_REPLY:
805 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
806 case HCI_IO_CAPABILITY_REQUEST_REPLY:
807 case HCI_IO_CAP_REQ_NEG_REPLY:
808 case HCI_USER_CONF_REQUEST_REPLY:
809 case HCI_USER_CONF_VALUE_NEG_REPLY:
810 case HCI_USER_PASSKEY_REQ_REPLY:
811 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
812 case HCI_REM_OOB_DATA_REQ_REPLY:
813 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
814 STREAM_TO_UINT8(status, p_return_params);
815 STREAM_TO_BDADDR(bd_addr, p_return_params);
816 log_classic_pairing_event(bd_addr,
817 bluetooth::common::kUnknownConnectionHandle,
818 opcode, hci_event, status, reason, 0);
819 break;
820 }
821 }
822
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)823 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
824 void* context) {
825 command_opcode_t opcode;
826 // 2 for event header: event code (1) + parameter length (1)
827 // 1 for num_hci_pkt command credit
828 uint8_t* stream = event->data + event->offset + 3;
829 STREAM_TO_UINT16(opcode, stream);
830
831 btu_hcif_log_command_complete_metrics(opcode, stream);
832
833 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
834 HCI_TRACE_DEBUG("command complete for: %s",
835 cb_wrapper->posted_from.ToString().c_str());
836 // 2 for event header: event code (1) + parameter length (1)
837 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
838 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
839 std::move(cb_wrapper->cb).Run(stream, param_len);
840 cmd_with_cb_data_cleanup(cb_wrapper);
841 osi_free(cb_wrapper);
842
843 osi_free(event);
844 }
845
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)846 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
847 void* context) {
848 do_in_main_thread(FROM_HERE,
849 base::Bind(btu_hcif_command_complete_evt_with_cb_on_task,
850 response, context));
851 }
852
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)853 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
854 BT_HDR* event,
855 void* context) {
856 command_opcode_t opcode;
857 uint8_t* stream = event->data + event->offset;
858 STREAM_TO_UINT16(opcode, stream);
859
860 CHECK(status != 0);
861
862 // stream + 1 to skip parameter length field
863 // No need to check length since stream is written by us
864 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
865
866 // report command status error
867 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
868 HCI_TRACE_DEBUG("command status for: %s",
869 cb_wrapper->posted_from.ToString().c_str());
870 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
871 cmd_with_cb_data_cleanup(cb_wrapper);
872 osi_free(cb_wrapper);
873
874 osi_free(event);
875 }
876
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)877 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
878 void* context) {
879 // Command is pending, we report only error.
880 if (!status) {
881 osi_free(command);
882 return;
883 }
884
885 do_in_main_thread(
886 FROM_HERE, base::Bind(btu_hcif_command_status_evt_with_cb_on_task, status,
887 command, context));
888 }
889
890 /* This function is called to send commands to the Host Controller. |cb| is
891 * called when command status event is called with error code, or when the
892 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const base::Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)893 void btu_hcif_send_cmd_with_cb(const base::Location& posted_from,
894 uint16_t opcode, uint8_t* params,
895 uint8_t params_len, hci_cmd_cb cb) {
896 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
897 uint8_t* pp = (uint8_t*)(p + 1);
898
899 p->len = HCIC_PREAMBLE_SIZE + params_len;
900 p->offset = 0;
901
902 UINT16_TO_STREAM(pp, opcode);
903 UINT8_TO_STREAM(pp, params_len);
904 if (params) {
905 memcpy(pp, params, params_len);
906 }
907
908 btu_hcif_log_command_metrics(opcode, pp,
909 android::bluetooth::hci::STATUS_UNKNOWN, false);
910
911 cmd_with_cb_data* cb_wrapper =
912 (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
913
914 cmd_with_cb_data_init(cb_wrapper);
915 cb_wrapper->cb = std::move(cb);
916 cb_wrapper->posted_from = posted_from;
917
918 hci_layer_get_interface()->transmit_command(
919 p, btu_hcif_command_complete_evt_with_cb,
920 btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
921 }
922
923 /*******************************************************************************
924 *
925 * Function btu_hcif_inquiry_comp_evt
926 *
927 * Description Process event HCI_INQUIRY_COMP_EVT
928 *
929 * Returns void
930 *
931 ******************************************************************************/
btu_hcif_inquiry_comp_evt(uint8_t * p)932 static void btu_hcif_inquiry_comp_evt(uint8_t* p) {
933 uint8_t status;
934
935 STREAM_TO_UINT8(status, p);
936
937 /* Tell inquiry processing that we are done */
938 btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
939 }
940
941 /*******************************************************************************
942 *
943 * Function btu_hcif_connection_comp_evt
944 *
945 * Description Process event HCI_CONNECTION_COMP_EVT
946 *
947 * Returns void
948 *
949 ******************************************************************************/
btu_hcif_connection_comp_evt(uint8_t * p,uint8_t evt_len)950 static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len) {
951 uint8_t status;
952 uint16_t handle;
953 RawAddress bda;
954 uint8_t link_type;
955 uint8_t enc_mode;
956 tBTM_ESCO_DATA esco_data;
957
958 if (evt_len < 11) {
959 android_errorWriteLog(0x534e4554, "141619686");
960 HCI_TRACE_WARNING("%s: malformed event of size %hhd", __func__, evt_len);
961 return;
962 }
963
964 STREAM_TO_UINT8(status, p);
965 STREAM_TO_UINT16(handle, p);
966 STREAM_TO_BDADDR(bda, p);
967 STREAM_TO_UINT8(link_type, p);
968 STREAM_TO_UINT8(enc_mode, p);
969
970 handle = HCID_GET_HANDLE(handle);
971
972 if (status != HCI_SUCCESS) {
973 HCI_TRACE_DEBUG(
974 "%s: Connection failed: status=%d, handle=%d, link_type=%d, "
975 "enc_mode=%d",
976 __func__, status, handle, link_type, enc_mode);
977 }
978
979 if (link_type == HCI_LINK_TYPE_ACL) {
980 btm_acl_connected(bda, handle, static_cast<tHCI_STATUS>(status), enc_mode);
981 } else {
982 memset(&esco_data, 0, sizeof(tBTM_ESCO_DATA));
983 /* esco_data.link_type = HCI_LINK_TYPE_SCO; already zero */
984 esco_data.bd_addr = bda;
985 btm_sco_connected(static_cast<tHCI_STATUS>(status), bda, handle,
986 &esco_data);
987 }
988 }
989
990 /*******************************************************************************
991 *
992 * Function btu_hcif_connection_request_evt
993 *
994 * Description Process event HCI_CONNECTION_REQUEST_EVT
995 *
996 * Returns void
997 *
998 ******************************************************************************/
btu_hcif_connection_request_evt(uint8_t * p)999 static void btu_hcif_connection_request_evt(uint8_t* p) {
1000 RawAddress bda;
1001 DEV_CLASS dc;
1002 uint8_t link_type;
1003
1004 STREAM_TO_BDADDR(bda, p);
1005 STREAM_TO_DEVCLASS(dc, p);
1006 STREAM_TO_UINT8(link_type, p);
1007
1008 if (link_type == HCI_LINK_TYPE_ACL) {
1009 btm_acl_connection_request(bda, dc);
1010 } else {
1011 btm_sco_conn_req(bda, dc, link_type);
1012 }
1013 }
1014
1015 /*******************************************************************************
1016 *
1017 * Function btu_hcif_disconnection_comp_evt
1018 *
1019 * Description Process event HCI_DISCONNECTION_COMP_EVT
1020 *
1021 * Returns void
1022 *
1023 ******************************************************************************/
btu_hcif_disconnection_comp_evt(uint8_t * p)1024 static void btu_hcif_disconnection_comp_evt(uint8_t* p) {
1025 uint8_t status;
1026 uint16_t handle;
1027 uint8_t reason;
1028
1029 STREAM_TO_UINT8(status, p);
1030 STREAM_TO_UINT16(handle, p);
1031 STREAM_TO_UINT8(reason, p);
1032
1033 handle = HCID_GET_HANDLE(handle);
1034
1035 btm_acl_disconnected(static_cast<tHCI_STATUS>(status), handle,
1036 static_cast<tHCI_STATUS>(reason));
1037 }
1038
1039 /*******************************************************************************
1040 *
1041 * Function btu_hcif_authentication_comp_evt
1042 *
1043 * Description Process event HCI_AUTHENTICATION_COMP_EVT
1044 *
1045 * Returns void
1046 *
1047 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)1048 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
1049 uint8_t status;
1050 uint16_t handle;
1051
1052 STREAM_TO_UINT8(status, p);
1053 STREAM_TO_UINT16(handle, p);
1054
1055 btm_sec_auth_complete(handle, static_cast<tHCI_STATUS>(status));
1056 }
1057
1058 /*******************************************************************************
1059 *
1060 * Function btu_hcif_rmt_name_request_comp_evt
1061 *
1062 * Description Process event HCI_RMT_NAME_REQUEST_COMP_EVT
1063 *
1064 * Returns void
1065 *
1066 ******************************************************************************/
btu_hcif_rmt_name_request_comp_evt(uint8_t * p,uint16_t evt_len)1067 static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len) {
1068 uint8_t status;
1069 RawAddress bd_addr;
1070
1071 STREAM_TO_UINT8(status, p);
1072 STREAM_TO_BDADDR(bd_addr, p);
1073
1074 evt_len -= (1 + BD_ADDR_LEN);
1075
1076 btm_process_remote_name(&bd_addr, p, evt_len, status);
1077
1078 btm_sec_rmt_name_request_complete(&bd_addr, p,
1079 static_cast<tHCI_STATUS>(status));
1080 }
1081
1082 constexpr uint8_t MIN_KEY_SIZE = 7;
1083
read_encryption_key_size_complete_after_encryption_change(uint8_t status,uint16_t handle,uint8_t key_size)1084 static void read_encryption_key_size_complete_after_encryption_change(uint8_t status, uint16_t handle,
1085 uint8_t key_size) {
1086 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1087 /* If remote device stop the encryption before we call "Read Encryption Key
1088 * Size", we might receive Insufficient Security, which means that link is
1089 * no longer encrypted. */
1090 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1091 return;
1092 }
1093
1094 if (status != HCI_SUCCESS) {
1095 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1096 acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER);
1097 return;
1098 }
1099
1100 if (key_size < MIN_KEY_SIZE) {
1101 android_errorWriteLog(0x534e4554, "124301137");
1102 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1103 << " key_size: " << +key_size;
1104
1105 acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY);
1106 return;
1107 }
1108
1109 // good key size - succeed
1110 btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1111 1 /* enable */);
1112 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1113 1 /* enable */);
1114 }
1115 /*******************************************************************************
1116 *
1117 * Function btu_hcif_encryption_change_evt
1118 *
1119 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
1120 *
1121 * Returns void
1122 *
1123 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)1124 static void btu_hcif_encryption_change_evt(uint8_t* p) {
1125 uint8_t status;
1126 uint16_t handle;
1127 uint8_t encr_enable;
1128
1129 STREAM_TO_UINT8(status, p);
1130 STREAM_TO_UINT16(handle, p);
1131 STREAM_TO_UINT8(encr_enable, p);
1132
1133 if (status != HCI_SUCCESS || encr_enable == 0 || BTM_IsBleConnection(handle)) {
1134 if (status == HCI_ERR_CONNECTION_TOUT) {
1135 smp_cancel_start_encryption_attempt();
1136 return;
1137 }
1138
1139 btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1140 encr_enable);
1141 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1142 encr_enable);
1143 } else {
1144 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_encryption_change));
1145 }
1146 }
1147
1148 /*******************************************************************************
1149 *
1150 * Function btu_hcif_read_rmt_ext_features_comp_evt
1151 *
1152 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
1153 *
1154 * Returns void
1155 *
1156 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)1157 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
1158 uint8_t evt_len) {
1159 uint8_t* p_cur = p;
1160 uint8_t status;
1161 uint16_t handle;
1162
1163 STREAM_TO_UINT8(status, p_cur);
1164
1165 if (status == HCI_SUCCESS)
1166 btm_read_remote_ext_features_complete_raw(p, evt_len);
1167 else {
1168 STREAM_TO_UINT16(handle, p_cur);
1169 btm_read_remote_ext_features_failed(status, handle);
1170 }
1171 }
1172
1173 /*******************************************************************************
1174 *
1175 * Function btu_hcif_esco_connection_comp_evt
1176 *
1177 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
1178 *
1179 * Returns void
1180 *
1181 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(uint8_t * p)1182 static void btu_hcif_esco_connection_comp_evt(uint8_t* p) {
1183 tBTM_ESCO_DATA data;
1184 uint16_t handle;
1185 RawAddress bda;
1186 uint8_t status;
1187
1188 STREAM_TO_UINT8(status, p);
1189 STREAM_TO_UINT16(handle, p);
1190 STREAM_TO_BDADDR(bda, p);
1191
1192 STREAM_TO_UINT8(data.link_type, p);
1193 STREAM_TO_UINT8(data.tx_interval, p);
1194 STREAM_TO_UINT8(data.retrans_window, p);
1195 STREAM_TO_UINT16(data.rx_pkt_len, p);
1196 STREAM_TO_UINT16(data.tx_pkt_len, p);
1197 STREAM_TO_UINT8(data.air_mode, p);
1198
1199 handle = HCID_GET_HANDLE(handle);
1200
1201 data.bd_addr = bda;
1202 btm_sco_connected(static_cast<tHCI_STATUS>(status), bda, handle, &data);
1203 }
1204
1205 /*******************************************************************************
1206 *
1207 * Function btu_hcif_esco_connection_chg_evt
1208 *
1209 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
1210 *
1211 * Returns void
1212 *
1213 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)1214 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
1215 uint16_t handle;
1216 uint16_t tx_pkt_len;
1217 uint16_t rx_pkt_len;
1218 uint8_t status;
1219 uint8_t tx_interval;
1220 uint8_t retrans_window;
1221
1222 STREAM_TO_UINT8(status, p);
1223 STREAM_TO_UINT16(handle, p);
1224
1225 STREAM_TO_UINT8(tx_interval, p);
1226 STREAM_TO_UINT8(retrans_window, p);
1227 STREAM_TO_UINT16(rx_pkt_len, p);
1228 STREAM_TO_UINT16(tx_pkt_len, p);
1229
1230 handle = HCID_GET_HANDLE(handle);
1231
1232 btm_esco_proc_conn_chg(status, handle, tx_interval, retrans_window,
1233 rx_pkt_len, tx_pkt_len);
1234 }
1235
1236 /*******************************************************************************
1237 *
1238 * Function btu_hcif_hdl_command_complete
1239 *
1240 * Description Handle command complete event
1241 *
1242 * Returns void
1243 *
1244 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len,void * p_cplt_cback)1245 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
1246 uint16_t evt_len,
1247 void* p_cplt_cback) {
1248 switch (opcode) {
1249 case HCI_INQUIRY_CANCEL:
1250 /* Tell inquiry processing that we are done */
1251 btm_process_cancel_complete(HCI_SUCCESS, BTM_BR_INQUIRY_MASK);
1252 break;
1253 case HCI_SET_EVENT_FILTER:
1254 break;
1255
1256 case HCI_DELETE_STORED_LINK_KEY:
1257 btm_delete_stored_link_key_complete(p);
1258 break;
1259
1260 case HCI_READ_LOCAL_NAME:
1261 btm_read_local_name_complete(p, evt_len);
1262 break;
1263
1264 case HCI_GET_LINK_QUALITY:
1265 btm_read_link_quality_complete(p);
1266 break;
1267
1268 case HCI_READ_RSSI:
1269 btm_read_rssi_complete(p);
1270 break;
1271
1272 case HCI_READ_FAILED_CONTACT_COUNTER:
1273 btm_read_failed_contact_counter_complete(p);
1274 break;
1275
1276 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
1277 btm_read_automatic_flush_timeout_complete(p);
1278 break;
1279
1280 case HCI_READ_TRANSMIT_POWER_LEVEL:
1281 btm_read_tx_power_complete(p, false);
1282 break;
1283
1284 case HCI_CREATE_CONNECTION_CANCEL:
1285 btm_create_conn_cancel_complete(p);
1286 break;
1287
1288 case HCI_READ_LOCAL_OOB_DATA:
1289 btm_read_local_oob_complete(p);
1290 break;
1291
1292 case HCI_READ_INQ_TX_POWER_LEVEL:
1293 break;
1294
1295 /* BLE Commands sComplete*/
1296 case HCI_BLE_RAND:
1297 case HCI_BLE_ENCRYPT:
1298 btm_ble_rand_enc_complete(p, opcode, (tBTM_RAND_ENC_CB*)p_cplt_cback);
1299 break;
1300
1301 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
1302 btm_read_tx_power_complete(p, true);
1303 break;
1304
1305 case HCI_BLE_WRITE_ADV_ENABLE:
1306 btm_ble_write_adv_enable_complete(p);
1307 break;
1308
1309 case HCI_BLE_CREATE_LL_CONN:
1310 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1311 // No command complete event for those commands according to spec
1312 LOG(ERROR) << "No command complete expected, but received!";
1313 break;
1314
1315 case HCI_BLE_CREATE_CONN_CANCEL:
1316 btm_ble_create_conn_cancel_complete(p);
1317 break;
1318
1319 case HCI_BLE_TRANSMITTER_TEST:
1320 case HCI_BLE_RECEIVER_TEST:
1321 case HCI_BLE_TEST_END:
1322 btm_ble_test_command_complete(p);
1323 break;
1324
1325 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
1326 btm_ble_add_resolving_list_entry_complete(p, evt_len);
1327 break;
1328
1329 case HCI_BLE_RM_DEV_RESOLVING_LIST:
1330 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
1331 break;
1332
1333 case HCI_BLE_CLEAR_RESOLVING_LIST:
1334 btm_ble_clear_resolving_list_complete(p, evt_len);
1335 break;
1336
1337 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
1338 btm_ble_read_resolving_list_entry_complete(p, evt_len);
1339 break;
1340
1341 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
1342 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
1343 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
1344 break;
1345 default:
1346 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC)
1347 btm_vsc_complete(p, opcode, evt_len, (tBTM_VSC_CMPL_CB*)p_cplt_cback);
1348 break;
1349 }
1350 }
1351
1352 /*******************************************************************************
1353 *
1354 * Function btu_hcif_command_complete_evt
1355 *
1356 * Description Process event HCI_COMMAND_COMPLETE_EVT
1357 *
1358 * Returns void
1359 *
1360 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event,void * context)1361 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event,
1362 void* context) {
1363 command_opcode_t opcode;
1364 // 2 for event header: event code (1) + parameter length (1)
1365 // 1 for num_hci_pkt command credit
1366 uint8_t* stream = event->data + event->offset + 3;
1367 STREAM_TO_UINT16(opcode, stream);
1368
1369 btu_hcif_log_command_complete_metrics(opcode, stream);
1370 // 2 for event header: event code (1) + parameter length (1)
1371 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1372 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1373 btu_hcif_hdl_command_complete(opcode, stream, param_len, context);
1374
1375 osi_free(event);
1376 }
1377
btu_hcif_command_complete_evt(BT_HDR * response,void * context)1378 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context) {
1379 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_complete_evt_on_task,
1380 response, context));
1381 }
1382
1383 /*******************************************************************************
1384 *
1385 * Function btu_hcif_hdl_command_status
1386 *
1387 * Description Handle a command status event
1388 *
1389 * Returns void
1390 *
1391 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,uint8_t * p_cmd,void * p_vsc_status_cback)1392 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1393 uint8_t* p_cmd,
1394 void* p_vsc_status_cback) {
1395 CHECK_NE(p_cmd, nullptr) << "Null command for opcode 0x" << loghex(opcode);
1396 p_cmd++; // Skip parameter total length
1397
1398 RawAddress bd_addr;
1399 uint16_t handle;
1400
1401 switch (opcode) {
1402 // Link Control Commands
1403 case HCI_INQUIRY:
1404 if (status != HCI_SUCCESS) {
1405 // Tell inquiry processing that we are done
1406 btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
1407 }
1408 break;
1409 case HCI_SWITCH_ROLE:
1410 if (status != HCI_SUCCESS) {
1411 // Tell BTM that the command failed
1412 STREAM_TO_BDADDR(bd_addr, p_cmd);
1413 btm_acl_role_changed(static_cast<tHCI_STATUS>(status), bd_addr,
1414 HCI_ROLE_UNKNOWN);
1415 }
1416 break;
1417 case HCI_CREATE_CONNECTION:
1418 if (status != HCI_SUCCESS) {
1419 STREAM_TO_BDADDR(bd_addr, p_cmd);
1420 btm_acl_connected(bd_addr, HCI_INVALID_HANDLE,
1421 static_cast<tHCI_STATUS>(status), 0);
1422 }
1423 break;
1424 case HCI_AUTHENTICATION_REQUESTED:
1425 if (status != HCI_SUCCESS) {
1426 // Device refused to start authentication
1427 // This is treated as an authentication failure
1428 btm_sec_auth_complete(HCI_INVALID_HANDLE,
1429 static_cast<tHCI_STATUS>(status));
1430 }
1431 break;
1432 case HCI_SET_CONN_ENCRYPTION:
1433 if (status != HCI_SUCCESS) {
1434 // Device refused to start encryption
1435 // This is treated as an encryption failure
1436 btm_sec_encrypt_change(HCI_INVALID_HANDLE,
1437 static_cast<tHCI_STATUS>(status), false);
1438 }
1439 break;
1440 case HCI_RMT_NAME_REQUEST:
1441 if (status != HCI_SUCCESS) {
1442 // Tell inquiry processing that we are done
1443 btm_process_remote_name(nullptr, nullptr, 0, status);
1444 btm_sec_rmt_name_request_complete(nullptr, nullptr,
1445 static_cast<tHCI_STATUS>(status));
1446 }
1447 break;
1448 case HCI_READ_RMT_EXT_FEATURES:
1449 if (status != HCI_SUCCESS) {
1450 STREAM_TO_UINT16(handle, p_cmd);
1451 btm_read_remote_ext_features_failed(status, handle);
1452 }
1453 break;
1454 case HCI_SETUP_ESCO_CONNECTION:
1455 case HCI_ENH_SETUP_ESCO_CONNECTION:
1456 if (status != HCI_SUCCESS) {
1457 STREAM_TO_UINT16(handle, p_cmd);
1458 // Determine if initial connection failed or is a change of setup
1459 if (btm_is_sco_active(handle)) {
1460 btm_esco_proc_conn_chg(status, handle, 0, 0, 0, 0);
1461 }
1462 }
1463 break;
1464
1465 // BLE Commands
1466 case HCI_BLE_CREATE_LL_CONN:
1467 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1468 if (status != HCI_SUCCESS) {
1469 btm_ble_create_ll_conn_complete(static_cast<tHCI_STATUS>(status));
1470 }
1471 break;
1472 case HCI_BLE_START_ENC:
1473 // Race condition: disconnection happened right before we send
1474 // "LE Encrypt", controller responds with no connection, we should
1475 // cancel the encryption attempt, rather than unpair the device.
1476 if (status == HCI_ERR_NO_CONNECTION) {
1477 smp_cancel_start_encryption_attempt();
1478 }
1479 break;
1480
1481 // Link Policy Commands
1482 case HCI_EXIT_SNIFF_MODE:
1483 case HCI_EXIT_PARK_MODE:
1484 if (status != HCI_SUCCESS) {
1485 // Allow SCO initiation to continue if waiting for change mode event
1486 STREAM_TO_UINT16(handle, p_cmd);
1487 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1488 }
1489 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1490 case HCI_HOLD_MODE:
1491 case HCI_SNIFF_MODE:
1492 case HCI_PARK_MODE:
1493 btm_pm_proc_cmd_status(static_cast<tHCI_STATUS>(status));
1494 break;
1495
1496 default:
1497 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC) {
1498 btm_vsc_complete(&status, opcode, 1,
1499 (tBTM_VSC_CMPL_CB*)p_vsc_status_cback);
1500 }
1501 }
1502 }
1503
1504 /*******************************************************************************
1505 *
1506 * Function btu_hcif_command_status_evt
1507 *
1508 * Description Process event HCI_COMMAND_STATUS_EVT
1509 *
1510 * Returns void
1511 *
1512 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event,void * context)1513 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event,
1514 void* context) {
1515 command_opcode_t opcode;
1516 uint8_t* stream = event->data + event->offset;
1517 STREAM_TO_UINT16(opcode, stream);
1518
1519 // stream + 1 to skip parameter length field
1520 // No need to check length since stream is written by us
1521 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1522
1523 btu_hcif_hdl_command_status(opcode, status, stream, context);
1524 osi_free(event);
1525 }
1526
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void * context)1527 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
1528 void* context) {
1529 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_status_evt_on_task,
1530 status, command, context));
1531 }
1532
1533 /*******************************************************************************
1534 *
1535 * Function btu_hcif_hardware_error_evt
1536 *
1537 * Description Process event HCI_HARDWARE_ERROR_EVT
1538 *
1539 * Returns void
1540 *
1541 ******************************************************************************/
btu_hcif_hardware_error_evt(uint8_t * p)1542 static void btu_hcif_hardware_error_evt(uint8_t* p) {
1543 HCI_TRACE_ERROR("Ctlr H/w error event - code:0x%x", *p);
1544 if (hci_is_root_inflammation_event_received()) {
1545 // Ignore the hardware error event here as we have already received
1546 // root inflammation event earlier.
1547 HCI_TRACE_ERROR("H/w error event after root inflammation event!");
1548 return;
1549 }
1550
1551 BTA_sys_signal_hw_error();
1552 }
1553
1554 /*******************************************************************************
1555 *
1556 * Function btu_hcif_role_change_evt
1557 *
1558 * Description Process event HCI_ROLE_CHANGE_EVT
1559 *
1560 * Returns void
1561 *
1562 ******************************************************************************/
btu_hcif_role_change_evt(uint8_t * p)1563 static void btu_hcif_role_change_evt(uint8_t* p) {
1564 uint8_t status;
1565 RawAddress bda;
1566 uint8_t role;
1567
1568 STREAM_TO_UINT8(status, p);
1569 STREAM_TO_BDADDR(bda, p);
1570 STREAM_TO_UINT8(role, p);
1571
1572 btm_rejectlist_role_change_device(bda, status);
1573 btm_acl_role_changed(to_hci_status_code(status), bda, to_hci_role(role));
1574 }
1575
1576 /*******************************************************************************
1577 *
1578 * Function btu_hcif_mode_change_evt
1579 *
1580 * Description Process event HCI_MODE_CHANGE_EVT
1581 *
1582 * Returns void
1583 *
1584 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1585 static void btu_hcif_mode_change_evt(uint8_t* p) {
1586 uint8_t status;
1587 uint16_t handle;
1588 uint8_t current_mode;
1589 uint16_t interval;
1590
1591 STREAM_TO_UINT8(status, p);
1592
1593 STREAM_TO_UINT16(handle, p);
1594 STREAM_TO_UINT8(current_mode, p);
1595 STREAM_TO_UINT16(interval, p);
1596 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1597 btm_pm_proc_mode_change(static_cast<tHCI_STATUS>(status), handle,
1598 static_cast<tHCI_MODE>(current_mode), interval);
1599
1600 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1601 hidd_pm_proc_mode_change(status, current_mode, interval);
1602 #endif
1603 }
1604
1605 /*******************************************************************************
1606 *
1607 * Function btu_hcif_link_key_notification_evt
1608 *
1609 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1610 *
1611 * Returns void
1612 *
1613 ******************************************************************************/
btu_hcif_link_key_notification_evt(uint8_t * p)1614 static void btu_hcif_link_key_notification_evt(uint8_t* p) {
1615 RawAddress bda;
1616 Octet16 key;
1617 uint8_t key_type;
1618
1619 STREAM_TO_BDADDR(bda, p);
1620 STREAM_TO_ARRAY16(key.data(), p);
1621 STREAM_TO_UINT8(key_type, p);
1622
1623 btm_sec_link_key_notification(bda, key, key_type);
1624 }
1625
1626 /*******************************************************************************
1627 *
1628 * Function btu_hcif_read_clock_off_comp_evt
1629 *
1630 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1631 *
1632 * Returns void
1633 *
1634 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1635 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1636 uint8_t status;
1637 uint16_t handle;
1638 uint16_t clock_offset;
1639
1640 STREAM_TO_UINT8(status, p);
1641
1642 /* If failed to get clock offset just drop the result */
1643 if (status != HCI_SUCCESS) return;
1644
1645 STREAM_TO_UINT16(handle, p);
1646 STREAM_TO_UINT16(clock_offset, p);
1647
1648 handle = HCID_GET_HANDLE(handle);
1649
1650 btm_sec_update_clock_offset(handle, clock_offset);
1651 }
1652
1653 /**********************************************
1654 * Simple Pairing Events
1655 **********************************************/
1656
1657 /*******************************************************************************
1658 *
1659 * Function btu_hcif_io_cap_request_evt
1660 *
1661 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1662 *
1663 * Returns void
1664 *
1665 ******************************************************************************/
btu_hcif_io_cap_request_evt(uint8_t * p)1666 static void btu_hcif_io_cap_request_evt(uint8_t* p) {
1667 RawAddress bda;
1668 STREAM_TO_BDADDR(bda, p);
1669 btm_io_capabilities_req(bda);
1670 }
1671
1672 /**********************************************
1673 * End of Simple Pairing Events
1674 **********************************************/
1675
read_encryption_key_size_complete_after_key_refresh(uint8_t status,uint16_t handle,uint8_t key_size)1676 static void read_encryption_key_size_complete_after_key_refresh(uint8_t status, uint16_t handle, uint8_t key_size) {
1677 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1678 /* If remote device stop the encryption before we call "Read Encryption Key
1679 * Size", we might receive Insufficient Security, which means that link is
1680 * no longer encrypted. */
1681 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1682 return;
1683 }
1684
1685 if (status != HCI_SUCCESS) {
1686 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1687 acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER);
1688 return;
1689 }
1690
1691 if (key_size < MIN_KEY_SIZE) {
1692 android_errorWriteLog(0x534e4554, "124301137");
1693 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1694 << " key_size: " << +key_size;
1695
1696 acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY);
1697 return;
1698 }
1699
1700 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1701 1 /* enc_enable */);
1702 }
1703
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)1704 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
1705 uint8_t status;
1706 uint16_t handle;
1707
1708 STREAM_TO_UINT8(status, p);
1709 STREAM_TO_UINT16(handle, p);
1710
1711 if (status != HCI_SUCCESS || BTM_IsBleConnection(handle)) {
1712 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1713 (status == HCI_SUCCESS) ? 1 : 0);
1714 } else {
1715 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_key_refresh));
1716 }
1717 }
1718
1719 /**********************************************
1720 * BLE Events
1721 **********************************************/
1722
1723 extern void gatt_notify_conn_update(const RawAddress& remote, uint16_t interval,
1724 uint16_t latency, uint16_t timeout,
1725 tHCI_STATUS status);
1726
btu_ble_ll_conn_param_upd_evt(uint8_t * p,uint16_t evt_len)1727 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len) {
1728 /* LE connection update has completed successfully as a central. */
1729 /* We can enable the update request if the result is a success. */
1730 /* extract the HCI handle first */
1731 uint8_t status;
1732 uint16_t handle;
1733 uint16_t interval;
1734 uint16_t latency;
1735 uint16_t timeout;
1736
1737 STREAM_TO_UINT8(status, p);
1738 STREAM_TO_UINT16(handle, p);
1739 STREAM_TO_UINT16(interval, p);
1740 STREAM_TO_UINT16(latency, p);
1741 STREAM_TO_UINT16(timeout, p);
1742
1743 acl_ble_update_event_received(static_cast<tHCI_STATUS>(status), handle,
1744 interval, latency, timeout);
1745 }
1746
btu_ble_proc_ltk_req(uint8_t * p)1747 static void btu_ble_proc_ltk_req(uint8_t* p) {
1748 uint16_t ediv, handle;
1749 uint8_t* pp;
1750
1751 STREAM_TO_UINT16(handle, p);
1752 pp = p + 8;
1753 STREAM_TO_UINT16(ediv, pp);
1754 btm_ble_ltk_request(handle, p, ediv);
1755 /* This is empty until an upper layer cares about returning event */
1756 }
1757
btu_ble_data_length_change_evt(uint8_t * p,uint16_t evt_len)1758 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len) {
1759 uint16_t handle;
1760 uint16_t tx_data_len;
1761 uint16_t rx_data_len;
1762
1763 if (!controller_get_interface()->supports_ble_packet_extension()) {
1764 HCI_TRACE_WARNING("%s, request not supported", __func__);
1765 return;
1766 }
1767
1768 STREAM_TO_UINT16(handle, p);
1769 STREAM_TO_UINT16(tx_data_len, p);
1770 p += 2; /* Skip the TxTimer */
1771 STREAM_TO_UINT16(rx_data_len, p);
1772
1773 l2cble_process_data_length_change_event(handle, tx_data_len, rx_data_len);
1774 }
1775
1776 /**********************************************
1777 * End of BLE Events Handler
1778 **********************************************/
btu_ble_rc_param_req_evt(uint8_t * p)1779 static void btu_ble_rc_param_req_evt(uint8_t* p) {
1780 uint16_t handle;
1781 uint16_t int_min, int_max, latency, timeout;
1782
1783 STREAM_TO_UINT16(handle, p);
1784 STREAM_TO_UINT16(int_min, p);
1785 STREAM_TO_UINT16(int_max, p);
1786 STREAM_TO_UINT16(latency, p);
1787 STREAM_TO_UINT16(timeout, p);
1788
1789 l2cble_process_rc_param_request_evt(handle, int_min, int_max, latency,
1790 timeout);
1791 }
1792