1 /******************************************************************************
2 *
3 * Copyright 2003-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the action functions for device manager state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_dm"
27
28 #include <base/bind.h>
29 #include <base/callback.h>
30 #include <base/logging.h>
31 #include <string.h>
32
33 #include "bt_common.h"
34 #include "bt_target.h"
35 #include "bt_types.h"
36 #include "bta_api.h"
37 #include "bta_dm_api.h"
38 #include "bta_dm_co.h"
39 #include "bta_dm_int.h"
40 #include "bta_sys.h"
41 #include "btif_storage.h"
42 #include "btm_api.h"
43 #include "btm_int.h"
44 #include "btu.h"
45 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */
46 #include "l2c_api.h"
47 #include "osi/include/log.h"
48 #include "osi/include/osi.h"
49 #include "sdp_api.h"
50 #include "stack/gatt/connection_manager.h"
51 #include "stack/include/gatt_api.h"
52 #include "utl.h"
53
54 #if (GAP_INCLUDED == TRUE)
55 #include "gap_api.h"
56 #endif
57
58 using bluetooth::Uuid;
59
60 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
61 uint16_t eir_len);
62 static void bta_dm_inq_cmpl_cb(void* p_result);
63 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
64 DEV_CLASS dc, BD_NAME bd_name);
65 static void bta_dm_remname_cback(void* p);
66 static void bta_dm_find_services(const RawAddress& bd_addr);
67 static void bta_dm_discover_next_device(void);
68 static void bta_dm_sdp_callback(uint16_t sdp_status);
69 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
70 DEV_CLASS dev_class, BD_NAME bd_name,
71 uint8_t* service_name, uint8_t service_id,
72 bool is_originator);
73 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
74 BD_NAME bd_name, bool min_16_digit);
75 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
76 DEV_CLASS dev_class, BD_NAME bd_name,
77 const LinkKey& key, uint8_t key_type);
78 static uint8_t bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
79 DEV_CLASS dev_class,
80 BD_NAME bd_name,
81 int result);
82 static void bta_dm_local_name_cback(void* p_name);
83 static bool bta_dm_check_av(uint16_t event);
84 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data);
85
86 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
87 uint8_t app_id, const RawAddress& peer_addr);
88
89 /* Extended Inquiry Response */
90 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
91
92 static void bta_dm_set_eir(char* local_name);
93
94 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
95 tBTA_SERVICE_MASK* p_services_to_search,
96 tBTA_SERVICE_MASK* p_services_found);
97
98 static void bta_dm_search_timer_cback(void* data);
99 static void bta_dm_disable_conn_down_timer_cback(void* data);
100 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
101 uint8_t app_id, const RawAddress& peer_addr);
102 static void bta_dm_adjust_roles(bool delay_role_switch);
103 static char* bta_dm_get_remname(void);
104 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
105
106 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
107 tBT_TRANSPORT transport);
108 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
109
110 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status);
111 static void bta_dm_disable_search_and_disc(void);
112
113 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
114 tBTM_LE_EVT_DATA* p_data);
115 static void bta_dm_ble_id_key_cback(uint8_t key_type,
116 tBTM_BLE_LOCAL_KEYS* p_key);
117 static void bta_dm_gattc_register(void);
118 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
119 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr);
120 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
121 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
122
123 #if (BLE_VND_INCLUDED == TRUE)
124 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result);
125 #endif
126
127 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
128 #define BTA_DM_BLE_ADV_CHNL_MAP \
129 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
130 #endif
131
132 /* Disable timer interval (in milliseconds) */
133 #ifndef BTA_DM_DISABLE_TIMER_MS
134 #define BTA_DM_DISABLE_TIMER_MS 5000
135 #endif
136
137 /* Disable timer retrial interval (in milliseconds) */
138 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
139 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
140 #endif
141
142 /* Disable connection down timer (in milliseconds) */
143 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
144 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000
145 #endif
146
147 /* Switch delay timer (in milliseconds) */
148 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
149 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
150 #endif
151
152 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
153 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
154 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
155 uint16_t eir_len);
156 static void bta_dm_observe_cmpl_cb(void* p_result);
157 static void bta_dm_delay_role_switch_cback(void* data);
158 static void bta_dm_disable_timer_cback(void* data);
159
160 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
161 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
162 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
163 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
164 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
165 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
166 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
167 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
168 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
169 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
170 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
171 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
172 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
173 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
174 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
175 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
176 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
177 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
178 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
179 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
180 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
181 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
182 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
183 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
184 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
185 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
186 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
187 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
188 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
189 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
190 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
191 };
192
193 /*
194 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should
195 * be matching with the value BTA_MAX_SERVICE_ID in bta_api.h
196 *
197 * i.e., If you add new Service ID for BTA, the correct security ID of the new
198 * service from Security service definitions (btm_api.h) should be added to
199 * this lookup table.
200 */
201 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = {
202 0, /* Reserved */
203 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
204 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */
205 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */
206 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */
207 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */
208 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
209 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */
210 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */
211 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */
212 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */
213 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
214 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */
215 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */
216 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */
217 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */
218 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */
219 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */
220 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */
221 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */
222 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */
223 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */
224 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */
225 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
226 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
227 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */
228 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */
229 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */
230 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */
231 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */
232 };
233
234 /* bta security callback */
235 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback,
236 &bta_dm_pin_cback,
237 &bta_dm_new_link_key_cback,
238 &bta_dm_authentication_complete_cback,
239 &bta_dm_bond_cancel_complete_cback,
240 &bta_dm_sp_cback,
241 &bta_dm_ble_smp_cback,
242 &bta_dm_ble_id_key_cback};
243
244 #define MAX_DISC_RAW_DATA_BUF (4096)
245 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
246
247 extern DEV_CLASS local_device_default_class;
248
249 // Stores the local Input/Output Capabilities of the Bluetooth device.
250 static uint8_t btm_local_io_caps;
251
252 /** Initialises the BT device manager */
bta_dm_enable(tBTA_DM_SEC_CBACK * p_sec_cback)253 void bta_dm_enable(tBTA_DM_SEC_CBACK* p_sec_cback) {
254 /* if already in use, return an error */
255 if (bta_dm_cb.is_bta_dm_active) {
256 tBTA_DM_SEC enable_event;
257 APPL_TRACE_WARNING("%s Device already started by another application",
258 __func__);
259 memset(&enable_event, 0, sizeof(tBTA_DM_SEC));
260 enable_event.enable.status = BTA_FAILURE;
261 if (p_sec_cback != NULL) p_sec_cback(BTA_DM_ENABLE_EVT, &enable_event);
262 return;
263 }
264
265 /* first, register our callback to SYS HW manager */
266 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
267
268 /* make sure security callback is saved - if no callback, do not erase the
269 previous one,
270 it could be an error recovery mechanism */
271 if (p_sec_cback != NULL) bta_dm_cb.p_sec_cback = p_sec_cback;
272 /* notify BTA DM is now active */
273 bta_dm_cb.is_bta_dm_active = true;
274
275 /* send a message to BTA SYS */
276 tBTA_SYS_HW_MSG* sys_enable_event =
277 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
278 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT;
279 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
280
281 bta_sys_sendmsg(sys_enable_event);
282
283 btm_local_io_caps = btif_storage_get_local_io_caps();
284 }
285
286 /*******************************************************************************
287 *
288 * Function bta_dm_init_cb
289 *
290 * Description Initializes the bta_dm_cb control block
291 *
292 *
293 * Returns void
294 *
295 ******************************************************************************/
bta_dm_init_cb(void)296 void bta_dm_init_cb(void) {
297 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
298 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
299 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
300 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
301 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
302 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
303 }
304 }
305 }
306
307 /*******************************************************************************
308 *
309 * Function bta_dm_deinit_cb
310 *
311 * Description De-initializes the bta_dm_cb control block
312 *
313 *
314 * Returns void
315 *
316 ******************************************************************************/
bta_dm_deinit_cb(void)317 void bta_dm_deinit_cb(void) {
318 /*
319 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
320 * shutdown.
321 */
322 alarm_free(bta_dm_cb.disable_timer);
323 alarm_free(bta_dm_cb.switch_delay_timer);
324 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
325 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
326 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
327 }
328 }
329 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
330 }
331
332 /*******************************************************************************
333 *
334 * Function bta_dm_sys_hw_cback
335 *
336 * Description callback register to SYS to get HW status updates
337 *
338 *
339 * Returns void
340 *
341 ******************************************************************************/
bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status)342 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) {
343 DEV_CLASS dev_class;
344 tBTA_DM_SEC_CBACK* temp_cback;
345 uint8_t key_mask = 0;
346 tBTA_BLE_LOCAL_ID_KEYS id_key;
347
348 APPL_TRACE_DEBUG("%s with event: %i", __func__, status);
349
350 /* On H/W error evt, report to the registered DM application callback */
351 if (status == BTA_SYS_HW_ERROR_EVT) {
352 if (bta_dm_cb.p_sec_cback != NULL)
353 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL);
354 return;
355 }
356
357 if (status == BTA_SYS_HW_OFF_EVT) {
358 if (bta_dm_cb.p_sec_cback != NULL)
359 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
360
361 /* reinitialize the control block */
362 bta_dm_deinit_cb();
363
364 /* hw is ready, go on with BTA DM initialization */
365 alarm_free(bta_dm_search_cb.search_timer);
366 alarm_free(bta_dm_search_cb.gatt_close_timer);
367 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
368
369 /* unregister from SYS */
370 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH);
371 /* notify BTA DM is now unactive */
372 bta_dm_cb.is_bta_dm_active = false;
373 } else if (status == BTA_SYS_HW_ON_EVT) {
374 /* FIXME: We should not unregister as the SYS shall invoke this callback on
375 * a H/W error.
376 * We need to revisit when this platform has more than one BLuetooth H/W
377 * chip
378 */
379 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
380
381 /* save security callback */
382 temp_cback = bta_dm_cb.p_sec_cback;
383 /* make sure the control block is properly initialized */
384 bta_dm_init_cb();
385 /* and retrieve the callback */
386 bta_dm_cb.p_sec_cback = temp_cback;
387 bta_dm_cb.is_bta_dm_active = true;
388
389 /* hw is ready, go on with BTA DM initialization */
390 alarm_free(bta_dm_search_cb.search_timer);
391 alarm_free(bta_dm_search_cb.gatt_close_timer);
392 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
393 /*
394 * TODO: Should alarm_free() the bta_dm_search_cb timers during
395 * graceful shutdown.
396 */
397 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
398 bta_dm_search_cb.gatt_close_timer =
399 alarm_new("bta_dm_search.gatt_close_timer");
400
401 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
402 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
403
404 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class));
405 BTM_SetDeviceClass(dev_class);
406
407 /* load BLE local information: ID keys, ER if available */
408 Octet16 er;
409 bta_dm_co_ble_load_local_keys(&key_mask, &er, &id_key);
410
411 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
412 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER,
413 (tBTM_BLE_LOCAL_KEYS*)&er);
414 }
415 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
416 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID,
417 (tBTM_BLE_LOCAL_KEYS*)&id_key);
418 }
419 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
420
421 BTM_SecRegister(&bta_security);
422 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout);
423 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
424 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings;
425 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
426 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL,
427 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK);
428
429 #if (BLE_VND_INCLUDED == TRUE)
430 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
431 #else
432 /* If VSC multi adv commands are available, advertising will be initialized
433 * when capabilities are read. If they are not avaliable, initialize
434 * advertising here */
435 btm_ble_adv_init();
436 #endif
437
438 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
439 bd_addr
440 from the control block and invoking the callback which was sending the
441 DM_ENABLE_EVT.
442 But then we have a few HCI commands being invoked above which were still
443 in progress
444 when the ENABLE_EVT was sent. So modified this to fetch the local name
445 which forces
446 the DM_ENABLE_EVT to be sent only after all the init steps are complete
447 */
448 BTM_ReadLocalDeviceNameFromController(bta_dm_local_name_cback);
449
450 bta_sys_rm_register(bta_dm_rm_cback);
451
452 /* initialize bluetooth low power manager */
453 bta_dm_init_pm();
454
455 bta_sys_policy_register(bta_dm_policy_cback);
456
457 bta_dm_gattc_register();
458
459 } else
460 APPL_TRACE_DEBUG(" --- ignored event");
461 }
462
463 /** Disables the BT device manager */
bta_dm_disable()464 void bta_dm_disable() {
465 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
466 * last channel is closed) */
467 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
468 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
469
470 /* disable all active subsystems */
471 bta_sys_disable(BTA_SYS_HW_BLUETOOTH);
472
473 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0);
474 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0);
475
476 bta_dm_disable_pm();
477 bta_dm_disable_search_and_disc();
478 bta_dm_cb.disabling = true;
479
480 connection_manager::reset(false);
481
482 if (BTM_GetNumAclLinks() == 0) {
483 #if (BTA_DISABLE_DELAY > 0)
484 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the
485 * shutdown by
486 * BTA_DISABLE_DELAY milliseconds
487 */
488 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__,
489 BTA_DISABLE_DELAY);
490 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY,
491 bta_dm_disable_conn_down_timer_cback, NULL);
492 #else
493 bta_dm_disable_conn_down_timer_cback(NULL);
494 #endif
495 } else {
496 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS,
497 bta_dm_disable_timer_cback, UINT_TO_PTR(0));
498 }
499 }
500
501 /*******************************************************************************
502 *
503 * Function bta_dm_disable_timer_cback
504 *
505 * Description Called if the disable timer expires
506 * Used to close ACL connections which are still active
507 *
508 *
509 *
510 * Returns void
511 *
512 ******************************************************************************/
bta_dm_disable_timer_cback(void * data)513 static void bta_dm_disable_timer_cback(void* data) {
514 uint8_t i;
515 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
516 bool trigger_disc = false;
517 uint32_t param = PTR_TO_UINT(data);
518
519 APPL_TRACE_EVENT("%s trial %u", __func__, param);
520
521 if (BTM_GetNumAclLinks() && (param == 0)) {
522 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
523 transport = bta_dm_cb.device_list.peer_device[i].transport;
524 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
525 transport);
526 trigger_disc = true;
527 }
528
529 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still
530 need
531 to be sent out to avoid jave layer disable timeout */
532 if (trigger_disc) {
533 alarm_set_on_mloop(bta_dm_cb.disable_timer,
534 BTA_DM_DISABLE_TIMER_RETRIAL_MS,
535 bta_dm_disable_timer_cback, UINT_TO_PTR(1));
536 }
537 } else {
538 bta_dm_cb.disabling = false;
539
540 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
541 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
542 }
543 }
544
545 /** Sets local device name */
bta_dm_set_dev_name(const std::vector<uint8_t> & name)546 void bta_dm_set_dev_name(const std::vector<uint8_t>& name) {
547 BTM_SetLocalDeviceName((char*)name.data());
548 bta_dm_set_eir((char*)name.data());
549 }
550
551 /** Sets discoverability, connectability and pairability */
bta_dm_set_visibility(tBTA_DM_DISC disc_mode_param,tBTA_DM_CONN conn_mode_param,uint8_t pairable_mode,uint8_t conn_paired_only)552 void bta_dm_set_visibility(tBTA_DM_DISC disc_mode_param,
553 tBTA_DM_CONN conn_mode_param, uint8_t pairable_mode,
554 uint8_t conn_paired_only) {
555 uint16_t window, interval;
556 uint16_t le_disc_mode = BTM_BleReadDiscoverability();
557 uint16_t le_conn_mode = BTM_BleReadConnectability();
558 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval);
559 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval);
560
561 /* set modes for Discoverability and connectability if not ignore */
562 if (disc_mode_param != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
563 if ((disc_mode_param & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
564 disc_mode_param = ((disc_mode_param & ~BTA_DM_LE_IGNORE) | le_disc_mode);
565 if ((disc_mode_param & BTA_DM_IGNORE) == BTA_DM_IGNORE)
566 disc_mode_param = ((disc_mode_param & ~BTA_DM_IGNORE) | disc_mode);
567
568 BTM_SetDiscoverability(disc_mode_param, bta_dm_cb.inquiry_scan_window,
569 bta_dm_cb.inquiry_scan_interval);
570 }
571
572 if (conn_mode_param != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
573 if ((conn_mode_param & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
574 conn_mode_param = ((conn_mode_param & ~BTA_DM_LE_IGNORE) | le_conn_mode);
575 if ((conn_mode_param & BTA_DM_IGNORE) == BTA_DM_IGNORE)
576 conn_mode_param = ((conn_mode_param & ~BTA_DM_IGNORE) | conn_mode);
577
578 BTM_SetConnectability(conn_mode_param, bta_dm_cb.page_scan_window,
579 bta_dm_cb.page_scan_interval);
580 }
581
582 /* Send False or True if not ignore */
583 if (pairable_mode != BTA_DM_IGNORE) {
584 if (pairable_mode == BTA_DM_NON_PAIRABLE)
585 bta_dm_cb.disable_pair_mode = true;
586 else
587 bta_dm_cb.disable_pair_mode = false;
588 }
589
590 /* Send False or True if not ignore */
591 if (conn_paired_only != BTA_DM_IGNORE) {
592 if (conn_paired_only == BTA_DM_CONN_ALL)
593 bta_dm_cb.conn_paired_only = false;
594 else
595 bta_dm_cb.conn_paired_only = true;
596 }
597
598 /* Change mode if either mode is not ignore */
599 if (pairable_mode != BTA_DM_IGNORE || conn_paired_only != BTA_DM_IGNORE)
600 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)),
601 bta_dm_cb.conn_paired_only);
602 }
603
604 /*******************************************************************************
605 *
606 * Function bta_dm_process_remove_device
607 *
608 * Description Removes device, Disconnects ACL link if required.
609 ***
610 ******************************************************************************/
bta_dm_process_remove_device(const RawAddress & bd_addr)611 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
612 /* need to remove all pending background connection before unpair */
613 BTA_GATTC_CancelOpen(0, bd_addr, false);
614
615 BTM_SecDeleteDevice(bd_addr);
616
617 /* remove all cached GATT information */
618 BTA_GATTC_Refresh(bd_addr);
619
620 if (bta_dm_cb.p_sec_cback) {
621 tBTA_DM_SEC sec_event;
622 sec_event.link_down.bd_addr = bd_addr;
623 ;
624 /* No connection, set status to success (acl disc code not valid) */
625 sec_event.link_down.status = HCI_SUCCESS;
626 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
627 }
628 }
629
630 /** Removes device, disconnects ACL link if required */
bta_dm_remove_device(const RawAddress & bd_addr)631 void bta_dm_remove_device(const RawAddress& bd_addr) {
632 /* If ACL exists for the device in the remove_bond message*/
633 bool is_bd_addr_connected =
634 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
635 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR);
636
637 uint8_t other_transport = BT_TRANSPORT_INVALID;
638 if (is_bd_addr_connected) {
639 APPL_TRACE_DEBUG("%s: ACL Up count: %d", __func__,
640 bta_dm_cb.device_list.count);
641
642 /* Take the link down first, and mark the device for removal when
643 * disconnected */
644 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
645 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
646 if (peer_device.peer_bdaddr == bd_addr) {
647 peer_device.conn_state = BTA_DM_UNPAIRING;
648
649 /* Make sure device is not in white list before we disconnect */
650 GATT_CancelConnect(0, bd_addr, false);
651
652 btm_remove_acl(bd_addr, peer_device.transport);
653 APPL_TRACE_DEBUG("%s: transport: %d", __func__, peer_device.transport);
654
655 /* save the other transport to check if device is connected on
656 * other_transport */
657 if (peer_device.transport == BT_TRANSPORT_LE)
658 other_transport = BT_TRANSPORT_BR_EDR;
659 else
660 other_transport = BT_TRANSPORT_LE;
661
662 break;
663 }
664 }
665 }
666
667 RawAddress other_address = bd_addr;
668 RawAddress other_address2 = bd_addr;
669
670 // If it is DUMO device and device is paired as different address, unpair that
671 // device
672 bool other_address_connected =
673 (other_transport)
674 ? BTM_ReadConnectedTransportAddress(&other_address, other_transport)
675 : (BTM_ReadConnectedTransportAddress(&other_address,
676 BT_TRANSPORT_BR_EDR) ||
677 BTM_ReadConnectedTransportAddress(&other_address2,
678 BT_TRANSPORT_LE));
679 if (other_address == bd_addr) other_address = other_address2;
680
681 if (other_address_connected) {
682 /* Take the link down first, and mark the device for removal when
683 * disconnected */
684 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
685 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
686 if (peer_device.peer_bdaddr == other_address) {
687 peer_device.conn_state = BTA_DM_UNPAIRING;
688
689 /* Make sure device is not in white list before we disconnect */
690 GATT_CancelConnect(0, bd_addr, false);
691
692 btm_remove_acl(other_address, peer_device.transport);
693 break;
694 }
695 }
696 }
697
698 /* Delete the device mentioned in the msg */
699 if (!is_bd_addr_connected) {
700 bta_dm_process_remove_device(bd_addr);
701 }
702
703 /* Delete the other paired device too */
704 if (!other_address_connected && !other_address.IsEmpty()) {
705 bta_dm_process_remove_device(other_address);
706 }
707 }
708
709 /*******************************************************************************
710 *
711 * Function bta_dm_add_device
712 *
713 * Description This function adds a Link Key to an security database entry.
714 * It is normally called during host startup to restore all
715 * required information stored in the NVRAM.
716 ******************************************************************************/
bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg)717 void bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg) {
718 uint8_t* p_dc = NULL;
719 LinkKey* p_lc = NULL;
720 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
721 uint8_t index = 0;
722 uint8_t btm_mask_index = 0;
723
724 memset(trusted_services_mask, 0, sizeof(trusted_services_mask));
725
726 /* If not all zeros, the device class has been specified */
727 if (msg->dc_known) p_dc = (uint8_t*)msg->dc;
728
729 if (msg->link_key_known) p_lc = &msg->link_key;
730
731 if (msg->is_trusted) {
732 /* covert BTA service mask to BTM mask */
733 while (msg->tm && (index < BTA_MAX_SERVICE_ID)) {
734 if (msg->tm & (uint32_t)(1 << index)) {
735 btm_mask_index =
736 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS;
737 trusted_services_mask[btm_mask_index] |=
738 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] -
739 (uint32_t)(btm_mask_index * 32)));
740
741 msg->tm &= (uint32_t)(~(1 << index));
742 }
743 index++;
744 }
745 }
746
747 if (!BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, msg->features,
748 trusted_services_mask, p_lc, msg->key_type, msg->io_cap,
749 msg->pin_length)) {
750 LOG(ERROR) << "BTA_DM: Error adding device " << msg->bd_addr;
751 }
752 }
753
754 /** This function forces to close the connection to a remote device and
755 * optionaly remove the device from security database if required. */
bta_dm_close_acl(const RawAddress & bd_addr,bool remove_dev,tBTA_TRANSPORT transport)756 void bta_dm_close_acl(const RawAddress& bd_addr, bool remove_dev,
757 tBTA_TRANSPORT transport) {
758 uint8_t index;
759
760 APPL_TRACE_DEBUG("bta_dm_close_acl");
761
762 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
763 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
764 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr == bd_addr)
765 break;
766 }
767 if (index != bta_dm_cb.device_list.count) {
768 if (remove_dev)
769 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
770 } else {
771 APPL_TRACE_ERROR("unknown device, remove ACL failed");
772 }
773
774 /* Make sure device is not in white list before we disconnect */
775 GATT_CancelConnect(0, bd_addr, false);
776
777 /* Disconnect the ACL link */
778 btm_remove_acl(bd_addr, transport);
779 }
780 /* if to remove the device from security database ? do it now */
781 else if (remove_dev) {
782 if (!BTM_SecDeleteDevice(bd_addr)) {
783 APPL_TRACE_ERROR("delete device from security database failed.");
784 }
785 /* need to remove all pending background connection if any */
786 BTA_GATTC_CancelOpen(0, bd_addr, false);
787 /* remove all cached GATT information */
788 BTA_GATTC_Refresh(bd_addr);
789 }
790 /* otherwise, no action needed */
791 }
792
793 // TODO: this is unused. remove?
794 /** This function forces to close all the ACL links specified by link type */
bta_dm_remove_all_acl(const tBTA_DM_LINK_TYPE link_type)795 void bta_dm_remove_all_acl(const tBTA_DM_LINK_TYPE link_type) {
796 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
797
798 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type);
799
800 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
801 transport = bta_dm_cb.device_list.peer_device[i].transport;
802 if ((link_type == BTA_DM_LINK_TYPE_ALL) ||
803 ((link_type == BTA_DM_LINK_TYPE_LE) &&
804 (transport == BT_TRANSPORT_LE)) ||
805 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) &&
806 (transport == BT_TRANSPORT_BR_EDR))) {
807 /* Disconnect the ACL link */
808 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
809 transport);
810 }
811 }
812 }
813
814 /** Bonds with peer device */
bta_dm_bond(const RawAddress & bd_addr,tBTA_TRANSPORT transport)815 void bta_dm_bond(const RawAddress& bd_addr, tBTA_TRANSPORT transport) {
816 tBTM_STATUS status;
817 tBTA_DM_SEC sec_event;
818 char* p_name;
819
820 if (transport == BTA_TRANSPORT_UNKNOWN)
821 status = BTM_SecBond(bd_addr, 0, NULL, 0);
822 else
823 status = BTM_SecBondByTransport(bd_addr, transport, 0, NULL, 0);
824
825 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
826 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
827 sec_event.auth_cmpl.bd_addr = bd_addr;
828 p_name = BTM_SecReadDevName(bd_addr);
829 if (p_name != NULL) {
830 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1));
831 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
832 }
833
834 /* taken care of by memset [above]
835 sec_event.auth_cmpl.key_present = false;
836 sec_event.auth_cmpl.success = false;
837 */
838 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
839 if (status == BTM_SUCCESS) {
840 sec_event.auth_cmpl.success = true;
841 } else {
842 /* delete this device entry from Sec Dev DB */
843 bta_dm_remove_sec_dev_entry(bd_addr);
844 }
845 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
846 }
847 }
848
849 /** Cancels bonding with a peer device */
bta_dm_bond_cancel(const RawAddress & bd_addr)850 void bta_dm_bond_cancel(const RawAddress& bd_addr) {
851 tBTM_STATUS status;
852 tBTA_DM_SEC sec_event;
853
854 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
855 status = BTM_SecBondCancel(bd_addr);
856
857 if (bta_dm_cb.p_sec_cback &&
858 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
859 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
860
861 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
862 }
863 }
864
865 /** Send the pin_reply to a request from BTM */
bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg)866 void bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg) {
867 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
868
869 uint32_t* current_trusted_mask = BTM_ReadTrustedMask(msg->bd_addr);
870 if (current_trusted_mask) {
871 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask));
872 } else {
873 memset(trusted_mask, 0, sizeof(trusted_mask));
874 }
875
876 if (msg->accept) {
877 BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len, msg->p_pin,
878 trusted_mask);
879 } else {
880 BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0, NULL, trusted_mask);
881 }
882 }
883
884 /*******************************************************************************
885 *
886 * Function bta_dm_policy_cback
887 *
888 * Description process the link policy changes
889 *
890 * Returns void
891 *
892 ******************************************************************************/
bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress & peer_addr)893 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
894 uint8_t app_id, const RawAddress& peer_addr) {
895 tBTA_DM_PEER_DEVICE* p_dev = NULL;
896 uint16_t policy = app_id;
897 uint32_t mask = (uint32_t)(1 << id);
898
899 if (peer_addr != RawAddress::kEmpty) {
900 p_dev = bta_dm_find_peer_device(peer_addr);
901 }
902
903 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy);
904 switch (status) {
905 case BTA_SYS_PLCY_SET:
906 if (!p_dev) return;
907 /* restore the default link policy */
908 p_dev->link_policy |= policy;
909 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
910 break;
911
912 case BTA_SYS_PLCY_CLR:
913 if (!p_dev) return;
914 /* clear the policy from the default link policy */
915 p_dev->link_policy &= (~policy);
916 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
917
918 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) {
919 /* if clearing sniff/park, wake the link */
920 bta_dm_pm_active(p_dev->peer_bdaddr);
921 }
922 break;
923
924 case BTA_SYS_PLCY_DEF_SET:
925 /* want to restore/set the role switch policy */
926 bta_dm_cb.role_policy_mask &= ~mask;
927 if (0 == bta_dm_cb.role_policy_mask) {
928 /* if nobody wants to insist on the role */
929 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH;
930 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
931 }
932 break;
933
934 case BTA_SYS_PLCY_DEF_CLR:
935 /* want to remove the role switch policy */
936 bta_dm_cb.role_policy_mask |= mask;
937 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
938 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
939 break;
940 }
941 }
942
943 /** Send the user confirm request reply in response to a request from BTM */
bta_dm_confirm(const RawAddress & bd_addr,bool accept)944 void bta_dm_confirm(const RawAddress& bd_addr, bool accept) {
945 BTM_ConfirmReqReply(accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
946 }
947
948 /** respond to the IO capabilities request from BTM */
bta_dm_ci_io_req_act(const RawAddress & bd_addr,tBTA_IO_CAP io_cap,tBTA_OOB_DATA oob_data,tBTA_AUTH_REQ auth_req)949 void bta_dm_ci_io_req_act(const RawAddress& bd_addr, tBTA_IO_CAP io_cap,
950 tBTA_OOB_DATA oob_data, tBTA_AUTH_REQ auth_req) {
951 BTM_IoCapRsp(bd_addr, io_cap, oob_data,
952 auth_req ? BTM_AUTH_AP_YES : BTM_AUTH_AP_NO);
953 }
954
955 /** respond to the OOB data request for the remote device from BTM */
bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg)956 void bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg) {
957 BTM_RemoteOobDataReply(msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
958 msg->bd_addr, msg->c, msg->r);
959 }
960
961 /*******************************************************************************
962 *
963 * Function bta_dm_search_start
964 *
965 * Description Starts an inquiry
966 *
967 *
968 * Returns void
969 *
970 ******************************************************************************/
bta_dm_search_start(tBTA_DM_MSG * p_data)971 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
972 tBTM_INQUIRY_CMPL result = {};
973
974 size_t len = sizeof(Uuid) * p_data->search.num_uuid;
975 bta_dm_gattc_register();
976
977 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
978 p_bta_dm_cfg->avoid_scatter);
979
980 if (p_bta_dm_cfg->avoid_scatter &&
981 (p_data->search.rs_res == BTA_DM_RS_NONE) &&
982 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) {
983 LOG(INFO) << __func__ << ": delay search to avoid scatter";
984 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH));
985 return;
986 }
987
988 BTM_ClearInqDb(nullptr);
989 /* save search params */
990 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
991 bta_dm_search_cb.services = p_data->search.services;
992
993 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
994
995 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 &&
996 p_data->search.p_uuid != nullptr) {
997 bta_dm_search_cb.p_srvc_uuid = (Uuid*)osi_malloc(len);
998 *bta_dm_search_cb.p_srvc_uuid = *p_data->search.p_uuid;
999 }
1000 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params,
1001 bta_dm_inq_results_cb, bta_dm_inq_cmpl_cb);
1002
1003 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
1004 if (result.status != BTM_CMD_STARTED) {
1005 LOG(ERROR) << __func__ << ": BTM_StartInquiry returned "
1006 << std::to_string(result.status);
1007 result.num_resp = 0;
1008 bta_dm_inq_cmpl_cb((void*)&result);
1009 }
1010 }
1011
1012 /*******************************************************************************
1013 *
1014 * Function bta_dm_search_cancel
1015 *
1016 * Description Cancels an ongoing search for devices
1017 *
1018 *
1019 * Returns void
1020 *
1021 ******************************************************************************/
bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG * p_data)1022 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1023 tBTA_DM_MSG* p_msg;
1024
1025 if (BTM_IsInquiryActive()) {
1026 if (BTM_CancelInquiry() == BTM_SUCCESS) {
1027 bta_dm_search_cancel_notify(NULL);
1028 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1029 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1030 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1031 bta_sys_sendmsg(p_msg);
1032 } else {
1033 /* flag a search cancel is pending */
1034 bta_dm_search_cb.cancel_pending = true;
1035 }
1036 }
1037 /* If no Service Search going on then issue cancel remote name in case it is
1038 active */
1039 else if (!bta_dm_search_cb.name_discover_done) {
1040 BTM_CancelRemoteDeviceName();
1041
1042 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1043 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1044 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1045 bta_sys_sendmsg(p_msg);
1046 } else {
1047 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1048 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
1049 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1050 bta_sys_sendmsg(p_msg);
1051 }
1052
1053 if (bta_dm_search_cb.gatt_disc_active) {
1054 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1055 }
1056 }
1057
1058 /*******************************************************************************
1059 *
1060 * Function bta_dm_discover
1061 *
1062 * Description Discovers services on a remote device
1063 *
1064 *
1065 * Returns void
1066 *
1067 ******************************************************************************/
bta_dm_discover(tBTA_DM_MSG * p_data)1068 void bta_dm_discover(tBTA_DM_MSG* p_data) {
1069 size_t len = sizeof(Uuid) * p_data->discover.num_uuid;
1070 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__,
1071 p_data->discover.services, p_data->discover.sdp_search);
1072
1073 /* save the search condition */
1074 bta_dm_search_cb.services = p_data->discover.services;
1075
1076 bta_dm_gattc_register();
1077 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1078 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 &&
1079 p_data->discover.p_uuid != NULL) {
1080 bta_dm_search_cb.p_srvc_uuid = (Uuid*)osi_malloc(len);
1081 *bta_dm_search_cb.p_srvc_uuid = *p_data->discover.p_uuid;
1082 }
1083 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1084
1085 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
1086 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1087 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1088 bta_dm_search_cb.service_index = 0;
1089 bta_dm_search_cb.services_found = 0;
1090 bta_dm_search_cb.peer_name[0] = 0;
1091 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1092 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
1093 bta_dm_search_cb.transport = p_data->discover.transport;
1094
1095 bta_dm_search_cb.name_discover_done = false;
1096 bta_dm_search_cb.uuid = p_data->discover.uuid;
1097 bta_dm_discover_device(p_data->discover.bd_addr);
1098 }
1099
1100 /*******************************************************************************
1101 *
1102 * Function bta_dm_di_disc_cmpl
1103 *
1104 * Description Sends event to application when DI discovery complete
1105 *
1106 * Returns void
1107 *
1108 ******************************************************************************/
bta_dm_di_disc_cmpl(tBTA_DM_MSG * p_data)1109 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) {
1110 tBTA_DM_DI_DISC_CMPL di_disc;
1111
1112 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1113 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1114
1115 if ((p_data->hdr.offset == SDP_SUCCESS) ||
1116 (p_data->hdr.offset == SDP_DB_FULL)) {
1117 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db);
1118 } else
1119 di_disc.result = BTA_FAILURE;
1120
1121 bta_dm_di_cb.p_di_db = NULL;
1122 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT,
1123 (tBTA_DM_SEARCH*)&di_disc);
1124 }
1125
1126 /*******************************************************************************
1127 *
1128 * Function bta_dm_di_disc_callback
1129 *
1130 * Description This function queries a remote device for DI information.
1131 *
1132 *
1133 * Returns void
1134 *
1135 ******************************************************************************/
bta_dm_di_disc_callback(uint16_t result)1136 static void bta_dm_di_disc_callback(uint16_t result) {
1137 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1138
1139 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1140 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1141 p_msg->hdr.offset = result;
1142
1143 bta_sys_sendmsg(p_msg);
1144 }
1145
1146 /*******************************************************************************
1147 *
1148 * Function bta_dm_disable_search_and_disc
1149 *
1150 * Description Cancels an ongoing search or discovery for devices in case
1151 * of a Bluetooth disable
1152 *
1153 *
1154 * Returns void
1155 *
1156 ******************************************************************************/
bta_dm_disable_search_and_disc(void)1157 static void bta_dm_disable_search_and_disc(void) {
1158 tBTA_DM_DI_DISC_CMPL di_disc;
1159
1160 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL);
1161
1162 if (bta_dm_di_cb.p_di_db != NULL) {
1163 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1164 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1165 di_disc.result = BTA_FAILURE;
1166
1167 bta_dm_di_cb.p_di_db = NULL;
1168 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL);
1169 }
1170 }
1171
1172 /*******************************************************************************
1173 *
1174 * Function bta_dm_di_disc
1175 *
1176 * Description This function queries a remote device for DI information.
1177 *
1178 *
1179 * Returns void
1180 *
1181 ******************************************************************************/
bta_dm_di_disc(tBTA_DM_MSG * p_data)1182 void bta_dm_di_disc(tBTA_DM_MSG* p_data) {
1183 uint16_t result = BTA_FAILURE;
1184
1185 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback;
1186 bta_dm_search_cb.peer_bdaddr = p_data->di_disc.bd_addr;
1187 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db;
1188
1189 bta_dm_search_cb.p_sdp_db =
1190 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1191 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db,
1192 p_data->di_disc.len,
1193 bta_dm_di_disc_callback) == SDP_SUCCESS) {
1194 result = BTA_SUCCESS;
1195 }
1196
1197 if (result == BTA_FAILURE) {
1198 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1199
1200 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1201 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1202 p_data->hdr.offset = result;
1203 bta_sys_sendmsg(p_msg);
1204 }
1205 }
1206
1207 /*******************************************************************************
1208 *
1209 * Function bta_dm_read_remote_device_name
1210 *
1211 * Description Initiate to get remote device name
1212 *
1213 * Returns true if started to get remote name
1214 *
1215 ******************************************************************************/
bta_dm_read_remote_device_name(const RawAddress & bd_addr,tBT_TRANSPORT transport)1216 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
1217 tBT_TRANSPORT transport) {
1218 tBTM_STATUS btm_status;
1219
1220 APPL_TRACE_DEBUG("%s", __func__);
1221
1222 bta_dm_search_cb.peer_bdaddr = bd_addr;
1223 bta_dm_search_cb.peer_name[0] = 0;
1224
1225 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1226 bta_dm_remname_cback, transport);
1227
1228 if (btm_status == BTM_CMD_STARTED) {
1229 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
1230
1231 return (true);
1232 } else if (btm_status == BTM_BUSY) {
1233 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1234
1235 /* Remote name discovery is on going now so BTM cannot notify through
1236 * "bta_dm_remname_cback" */
1237 /* adding callback to get notified that current reading remore name done */
1238 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1239
1240 return (true);
1241 } else {
1242 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
1243 btm_status);
1244
1245 return (false);
1246 }
1247 }
1248
1249 /*******************************************************************************
1250 *
1251 * Function bta_dm_inq_cmpl
1252 *
1253 * Description Process the inquiry complete event from BTM
1254 *
1255 * Returns void
1256 *
1257 ******************************************************************************/
bta_dm_inq_cmpl(tBTA_DM_MSG * p_data)1258 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) {
1259 tBTA_DM_SEARCH data;
1260
1261 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1262
1263 data.inq_cmpl.num_resps = p_data->inq_cmpl.num;
1264 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1265
1266 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1267 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1268 /* start name and service discovery from the first device on inquiry result
1269 */
1270 bta_dm_search_cb.name_discover_done = false;
1271 bta_dm_search_cb.peer_name[0] = 0;
1272 bta_dm_discover_device(
1273 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1274 } else {
1275 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1276
1277 /* no devices, search complete */
1278 bta_dm_search_cb.services = 0;
1279
1280 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1281 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1282 bta_sys_sendmsg(p_msg);
1283 }
1284 }
1285
1286 /*******************************************************************************
1287 *
1288 * Function bta_dm_rmt_name
1289 *
1290 * Description Process the remote name result from BTM
1291 *
1292 * Returns void
1293 *
1294 ******************************************************************************/
bta_dm_rmt_name(tBTA_DM_MSG * p_data)1295 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1296 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1297
1298 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1299 bta_dm_search_cb.p_btm_inq_info) {
1300 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1301 }
1302
1303 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1304 }
1305
1306 /*******************************************************************************
1307 *
1308 * Function bta_dm_disc_rmt_name
1309 *
1310 * Description Process the remote name result from BTM when application
1311 * wants to find the name for a bdaddr
1312 *
1313 * Returns void
1314 *
1315 ******************************************************************************/
bta_dm_disc_rmt_name(tBTA_DM_MSG * p_data)1316 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1317 tBTM_INQ_INFO* p_btm_inq_info;
1318
1319 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1320
1321 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1322 if (p_btm_inq_info) {
1323 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1324 p_btm_inq_info->appl_knows_rem_name = true;
1325 }
1326 }
1327
1328 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1329 }
1330
1331 /*******************************************************************************
1332 *
1333 * Function bta_dm_sdp_result
1334 *
1335 * Description Process the discovery result from sdp
1336 *
1337 * Returns void
1338 *
1339 ******************************************************************************/
bta_dm_sdp_result(tBTA_DM_MSG * p_data)1340 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1341 tSDP_DISC_REC* p_sdp_rec = NULL;
1342 tBTA_DM_MSG* p_msg;
1343 bool scn_found = false;
1344 uint16_t service = 0xFFFF;
1345 tSDP_PROTOCOL_ELEM pe;
1346
1347 Uuid* p_uuid = bta_dm_search_cb.p_srvc_uuid;
1348 tBTA_DM_SEARCH result;
1349
1350 std::vector<Uuid> uuid_list;
1351
1352 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1353 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1354 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1355 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1356 do {
1357 p_sdp_rec = NULL;
1358 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1359 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db,
1360 bta_dm_search_cb.uuid, p_sdp_rec);
1361
1362 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1363 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1364 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1365 scn_found = true;
1366 }
1367 } else {
1368 service =
1369 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1370 p_sdp_rec =
1371 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1372 }
1373 /* finished with BR/EDR services, now we check the result for GATT based
1374 * service UUID */
1375 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1376 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) {
1377 p_uuid +=
1378 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search);
1379 /* only support 16 bits UUID for now */
1380 service = p_uuid->As16Bit();
1381 }
1382 /* all GATT based services */
1383 do {
1384 /* find a service record, report it */
1385 p_sdp_rec =
1386 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1387 if (p_sdp_rec) {
1388 Uuid service_uuid;
1389 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1390 /* send result back to app now, one by one */
1391 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1392 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1393 BD_NAME_LEN);
1394
1395 result.disc_ble_res.service = service_uuid;
1396 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1397 }
1398 }
1399
1400 if (bta_dm_search_cb.uuid_to_search > 0) break;
1401
1402 } while (p_sdp_rec);
1403 } else {
1404 /* SDP_DB_FULL means some records with the
1405 required attributes were received */
1406 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1407 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1408 (p_sdp_rec != NULL)) {
1409 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1410 bta_dm_search_cb.services_found |=
1411 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1412 bta_dm_search_cb.service_index - 1));
1413 uint16_t tmp_svc =
1414 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1415 1];
1416 /* Add to the list of UUIDs */
1417 uuid_list.push_back(Uuid::From16Bit(tmp_svc));
1418 }
1419 }
1420 }
1421
1422 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1423 bta_dm_search_cb.services_to_search == 0) {
1424 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1425 bta_dm_search_cb.uuid_to_search > 0)
1426 bta_dm_search_cb.uuid_to_search--;
1427
1428 if (bta_dm_search_cb.uuid_to_search == 0 ||
1429 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1430 bta_dm_search_cb.service_index++;
1431 } else /* regular one service per search or PNP search */
1432 break;
1433
1434 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1435
1436 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1437 bta_dm_search_cb.services_found);
1438
1439 /* Collect the 128-bit services here and put them into the list */
1440 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1441 p_sdp_rec = NULL;
1442 do {
1443 /* find a service record, report it */
1444 p_sdp_rec =
1445 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1446 if (p_sdp_rec) {
1447 // SDP_FindServiceUUIDInRec_128bit is used only once, refactor?
1448 Uuid temp_uuid;
1449 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1450 uuid_list.push_back(temp_uuid);
1451 }
1452 }
1453 } while (p_sdp_rec);
1454 }
1455 /* if there are more services to search for */
1456 if (bta_dm_search_cb.services_to_search) {
1457 /* Free up the p_sdp_db before checking the next one */
1458 bta_dm_free_sdp_db(NULL);
1459 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1460 } else {
1461 /* callbacks */
1462 /* start next bd_addr if necessary */
1463
1464 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1465
1466 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1467 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1468 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1469 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
1470 p_msg->disc_result.result.disc_res.raw_data_size = 0;
1471 p_msg->disc_result.result.disc_res.num_uuids = uuid_list.size();
1472 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1473 if (uuid_list.size() > 0) {
1474 // TODO(jpawlowski): make p_uuid_list into vector, and just copy
1475 // vectors, but first get rid of bta_sys_sendmsg below.
1476 p_msg->disc_result.result.disc_res.p_uuid_list =
1477 (Uuid*)osi_malloc(uuid_list.size() * sizeof(Uuid));
1478 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list.data(),
1479 uuid_list.size() * sizeof(Uuid));
1480 }
1481 // Copy the raw_data to the discovery result structure
1482 if (bta_dm_search_cb.p_sdp_db != NULL &&
1483 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1484 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1485 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1486 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1487 bta_dm_search_cb.p_sdp_db->raw_data);
1488
1489 p_msg->disc_result.result.disc_res.p_raw_data =
1490 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used);
1491 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
1492 bta_dm_search_cb.p_sdp_db->raw_data,
1493 bta_dm_search_cb.p_sdp_db->raw_used);
1494
1495 p_msg->disc_result.result.disc_res.raw_data_size =
1496 bta_dm_search_cb.p_sdp_db->raw_used;
1497
1498 bta_dm_search_cb.p_sdp_db->raw_data =
1499 NULL; // no need to free this - it is a global assigned.
1500 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1501 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1502 } else {
1503 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1504 __func__);
1505 }
1506 /* Done with p_sdp_db. Free it */
1507 bta_dm_free_sdp_db(NULL);
1508 p_msg->disc_result.result.disc_res.services =
1509 bta_dm_search_cb.services_found;
1510
1511 // Piggy back the SCN over result field
1512 if (scn_found) {
1513 p_msg->disc_result.result.disc_res.result =
1514 (3 + bta_dm_search_cb.peer_scn);
1515 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1516
1517 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1518 bta_dm_search_cb.peer_scn);
1519 }
1520 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1521 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1522 bta_dm_get_remname(), BD_NAME_LEN);
1523
1524 bta_sys_sendmsg(p_msg);
1525 }
1526 } else {
1527 /* conn failed. No need for timer */
1528 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED ||
1529 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED ||
1530 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR)
1531 bta_dm_search_cb.wait_disc = false;
1532
1533 /* not able to connect go to next device */
1534 if (bta_dm_search_cb.p_sdp_db)
1535 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1536
1537 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1538
1539 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1540 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1541 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1542 p_msg->disc_result.result.disc_res.services =
1543 bta_dm_search_cb.services_found;
1544 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1545 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1546 bta_dm_get_remname(), BD_NAME_LEN);
1547
1548 bta_sys_sendmsg(p_msg);
1549 }
1550 }
1551
1552 /*******************************************************************************
1553 *
1554 * Function bta_dm_search_cmpl
1555 *
1556 * Description Sends event to application
1557 *
1558 * Returns void
1559 *
1560 ******************************************************************************/
bta_dm_search_cmpl(tBTA_DM_MSG * p_data)1561 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) {
1562 APPL_TRACE_EVENT("%s", __func__);
1563
1564 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1565
1566 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT)
1567 bta_dm_di_disc_cmpl(p_data);
1568 else
1569 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL);
1570 }
1571
1572 /*******************************************************************************
1573 *
1574 * Function bta_dm_disc_result
1575 *
1576 * Description Service discovery result when discovering services on a
1577 * device
1578 *
1579 * Returns void
1580 *
1581 ******************************************************************************/
bta_dm_disc_result(tBTA_DM_MSG * p_data)1582 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1583 APPL_TRACE_EVENT("%s", __func__);
1584
1585 /* if any BR/EDR service discovery has been done, report the event */
1586 if ((bta_dm_search_cb.services &
1587 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1588 ~BTA_BLE_SERVICE_MASK)))
1589 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1590 &p_data->disc_result.result);
1591
1592 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1593
1594 /* send a message to change state */
1595 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1596 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1597 bta_sys_sendmsg(p_msg);
1598 }
1599
1600 /*******************************************************************************
1601 *
1602 * Function bta_dm_search_result
1603 *
1604 * Description Service discovery result while searching for devices
1605 *
1606 * Returns void
1607 *
1608 ******************************************************************************/
bta_dm_search_result(tBTA_DM_MSG * p_data)1609 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1610 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1611 bta_dm_search_cb.services,
1612 p_data->disc_result.result.disc_res.services);
1613
1614 /* call back if application wants name discovery or found services that
1615 * application is searching */
1616 if ((!bta_dm_search_cb.services) ||
1617 ((bta_dm_search_cb.services) &&
1618 (p_data->disc_result.result.disc_res.services))) {
1619 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1620 &p_data->disc_result.result);
1621 }
1622
1623 /* if searching did not initiate to create link */
1624 if (!bta_dm_search_cb.wait_disc) {
1625 /* if service searching is done with EIR, don't search next device */
1626 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1627 } else {
1628 /* wait until link is disconnected or timeout */
1629 bta_dm_search_cb.sdp_results = true;
1630 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1631 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1632 bta_dm_search_timer_cback, NULL);
1633 }
1634 }
1635
1636 /*******************************************************************************
1637 *
1638 * Function bta_dm_search_timer_cback
1639 *
1640 * Description Called when ACL disconnect time is over
1641 *
1642 *
1643 * Returns void
1644 *
1645 ******************************************************************************/
bta_dm_search_timer_cback(UNUSED_ATTR void * data)1646 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1647 APPL_TRACE_EVENT("%s", __func__);
1648 bta_dm_search_cb.wait_disc = false;
1649
1650 /* proceed with next device */
1651 bta_dm_discover_next_device();
1652 }
1653
1654 /*******************************************************************************
1655 *
1656 * Function bta_dm_free_sdp_db
1657 *
1658 * Description Frees SDP data base
1659 *
1660 * Returns void
1661 *
1662 ******************************************************************************/
bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG * p_data)1663 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1664 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1665 }
1666
1667 /*******************************************************************************
1668 *
1669 * Function bta_dm_queue_search
1670 *
1671 * Description Queues search command while search is being cancelled
1672 *
1673 * Returns void
1674 *
1675 ******************************************************************************/
bta_dm_queue_search(tBTA_DM_MSG * p_data)1676 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1677 osi_free(bta_dm_search_cb.p_search_queue);
1678 bta_dm_search_cb.p_search_queue =
1679 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1680 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH));
1681 }
1682
1683 /*******************************************************************************
1684 *
1685 * Function bta_dm_queue_disc
1686 *
1687 * Description Queues discovery command while search is being cancelled
1688 *
1689 * Returns void
1690 *
1691 ******************************************************************************/
bta_dm_queue_disc(tBTA_DM_MSG * p_data)1692 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1693 osi_free(bta_dm_search_cb.p_search_queue);
1694 bta_dm_search_cb.p_search_queue =
1695 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1696 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER));
1697 }
1698
1699 /*******************************************************************************
1700 *
1701 * Function bta_dm_search_clear_queue
1702 *
1703 * Description Clears the queue if API search cancel is called
1704 *
1705 * Returns void
1706 *
1707 ******************************************************************************/
bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG * p_data)1708 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1709 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue);
1710 }
1711
1712 /*******************************************************************************
1713 *
1714 * Function bta_dm_search_cancel_cmpl
1715 *
1716 * Description Search cancel is complete
1717 *
1718 * Returns void
1719 *
1720 ******************************************************************************/
bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG * p_data)1721 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1722 if (bta_dm_search_cb.p_search_queue) {
1723 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue);
1724 bta_dm_search_cb.p_search_queue = NULL;
1725 }
1726 }
1727
1728 /*******************************************************************************
1729 *
1730 * Function bta_dm_search_cancel_transac_cmpl
1731 *
1732 * Description Current Service Discovery or remote name procedure is
1733 * completed after search cancellation
1734 *
1735 * Returns void
1736 *
1737 ******************************************************************************/
bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG * p_data)1738 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1739 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1740 bta_dm_search_cancel_notify(NULL);
1741 }
1742
1743 /*******************************************************************************
1744 *
1745 * Function bta_dm_search_cancel_notify
1746 *
1747 * Description Notify application that search has been cancelled
1748 *
1749 * Returns void
1750 *
1751 ******************************************************************************/
bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG * p_data)1752 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1753 if (bta_dm_search_cb.p_search_cback) {
1754 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1755 }
1756 if (!bta_dm_search_cb.name_discover_done) {
1757 BTM_CancelRemoteDeviceName();
1758 }
1759 if (bta_dm_search_cb.gatt_disc_active) {
1760 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1761 }
1762 }
1763
1764 /*******************************************************************************
1765 *
1766 * Function bta_dm_find_services
1767 *
1768 * Description Starts discovery on a device
1769 *
1770 * Returns void
1771 *
1772 ******************************************************************************/
bta_dm_find_services(const RawAddress & bd_addr)1773 static void bta_dm_find_services(const RawAddress& bd_addr) {
1774
1775 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1776 Uuid uuid = Uuid::kEmpty;
1777 if (bta_dm_search_cb.services_to_search &
1778 (tBTA_SERVICE_MASK)(
1779 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1780 bta_dm_search_cb.p_sdp_db =
1781 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1782 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1783 bta_dm_search_cb.services);
1784 /* try to search all services by search based on L2CAP UUID */
1785 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1786 LOG_INFO(LOG_TAG, "%s services_to_search=%08x", __func__,
1787 bta_dm_search_cb.services_to_search);
1788 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1789 uuid = Uuid::From16Bit(bta_service_id_to_uuid_lkup_tbl[0]);
1790 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1791 } else {
1792 uuid = Uuid::From16Bit(UUID_PROTOCOL_L2CAP);
1793 bta_dm_search_cb.services_to_search = 0;
1794 }
1795 } else {
1796 /* for LE only profile */
1797 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1798 if (bta_dm_search_cb.uuid_to_search > 0 &&
1799 bta_dm_search_cb.p_srvc_uuid) {
1800 uuid = *(bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
1801 bta_dm_search_cb.uuid_to_search);
1802
1803 bta_dm_search_cb.uuid_to_search--;
1804 } else {
1805 uuid = Uuid::From16Bit(
1806 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb
1807 .service_index]);
1808 }
1809
1810 /* last one? clear the BLE service bit if all discovery has been done
1811 */
1812 if (bta_dm_search_cb.uuid_to_search == 0)
1813 bta_dm_search_cb.services_to_search &=
1814 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK(
1815 bta_dm_search_cb.service_index)));
1816
1817 } else {
1818 /* remove the service from services to be searched */
1819 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1820 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1821 uuid = Uuid::From16Bit(
1822 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1823 }
1824 }
1825
1826 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) {
1827 uuid = bta_dm_search_cb.uuid;
1828 }
1829
1830 LOG_INFO(LOG_TAG, "%s search UUID = %s", __func__,
1831 uuid.ToString().c_str());
1832 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1833 &uuid, 0, NULL);
1834
1835 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1836 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1837
1838 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1839
1840 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1841 &bta_dm_sdp_callback)) {
1842 /*
1843 * If discovery is not successful with this device, then
1844 * proceed with the next one.
1845 */
1846 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1847 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
1848
1849 } else {
1850 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1851 bta_dm_search_cb.uuid_to_search == 0) ||
1852 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1853 bta_dm_search_cb.service_index++;
1854 return;
1855 }
1856 }
1857
1858 bta_dm_search_cb.service_index++;
1859 }
1860
1861 /* no more services to be discovered */
1862 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
1863 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1864 /* initialize the data structure - includes p_raw_data and raw_data_size */
1865 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1866 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1867 p_msg->disc_result.result.disc_res.services =
1868 bta_dm_search_cb.services_found;
1869 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1870 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1871 bta_dm_get_remname(), BD_NAME_LEN);
1872
1873 bta_sys_sendmsg(p_msg);
1874 }
1875 }
1876
1877 /*******************************************************************************
1878 *
1879 * Function bta_dm_discover_next_device
1880 *
1881 * Description Starts discovery on the next device in Inquiry data base
1882 *
1883 * Returns void
1884 *
1885 ******************************************************************************/
bta_dm_discover_next_device(void)1886 static void bta_dm_discover_next_device(void) {
1887 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
1888
1889 /* searching next device on inquiry result */
1890 bta_dm_search_cb.p_btm_inq_info =
1891 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
1892 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1893 bta_dm_search_cb.name_discover_done = false;
1894 bta_dm_search_cb.peer_name[0] = 0;
1895 bta_dm_discover_device(
1896 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1897 } else {
1898 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1899
1900 /* no devices, search complete */
1901 bta_dm_search_cb.services = 0;
1902
1903 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1904 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1905
1906 bta_sys_sendmsg(p_msg);
1907 }
1908 }
1909
1910 /*******************************************************************************
1911 *
1912 * Function bta_dm_discover_device
1913 *
1914 * Description Starts name and service discovery on the device
1915 *
1916 * Returns void
1917 *
1918 ******************************************************************************/
bta_dm_discover_device(const RawAddress & remote_bd_addr)1919 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
1920 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1921 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) {
1922 tBT_DEVICE_TYPE dev_type;
1923 tBLE_ADDR_TYPE addr_type;
1924
1925 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
1926 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
1927 transport = BT_TRANSPORT_LE;
1928 } else {
1929 transport = bta_dm_search_cb.transport;
1930 }
1931
1932 /* Reset transport state for next discovery */
1933 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN;
1934
1935 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
1936
1937 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
1938
1939 APPL_TRACE_DEBUG(
1940 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
1941 __func__, bta_dm_search_cb.name_discover_done,
1942 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
1943
1944 if (bta_dm_search_cb.p_btm_inq_info) {
1945 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
1946 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
1947 }
1948 if ((bta_dm_search_cb.p_btm_inq_info) &&
1949 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
1950 BT_DEVICE_TYPE_BLE) &&
1951 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) {
1952 /* Do not perform RNR for LE devices at inquiry complete*/
1953 bta_dm_search_cb.name_discover_done = true;
1954 }
1955 /* if name discovery is not done and application needs remote name */
1956 if ((!bta_dm_search_cb.name_discover_done) &&
1957 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
1958 (bta_dm_search_cb.p_btm_inq_info &&
1959 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
1960 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr, transport))
1961 return;
1962
1963 /* starting name discovery failed */
1964 bta_dm_search_cb.name_discover_done = true;
1965 }
1966
1967 /* if application wants to discover service */
1968 if (bta_dm_search_cb.services) {
1969 /* initialize variables */
1970 bta_dm_search_cb.service_index = 0;
1971 bta_dm_search_cb.services_found = 0;
1972 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1973 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1974 if ((bta_dm_search_cb.p_btm_inq_info != NULL) &&
1975 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK &&
1976 (!bta_dm_search_cb.sdp_search)) {
1977 /* check if EIR provides the information of supported services */
1978 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results,
1979 &bta_dm_search_cb.services_to_search,
1980 &bta_dm_search_cb.services_found);
1981 }
1982
1983 /* if seaching with EIR is not completed */
1984 if (bta_dm_search_cb.services_to_search) {
1985 /* check whether connection already exists to the device
1986 if connection exists, we don't have to wait for ACL
1987 link to go down to start search on next device */
1988 if (transport == BT_TRANSPORT_BR_EDR) {
1989 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
1990 BT_TRANSPORT_BR_EDR))
1991 bta_dm_search_cb.wait_disc = false;
1992 else
1993 bta_dm_search_cb.wait_disc = true;
1994 }
1995 if (bta_dm_search_cb.p_btm_inq_info) {
1996 APPL_TRACE_DEBUG(
1997 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
1998 "services_to_search 0x%x",
1999 __func__, bta_dm_search_cb.p_btm_inq_info,
2000 bta_dm_search_cb.p_btm_inq_info->results.device_type,
2001 bta_dm_search_cb.services_to_search);
2002 }
2003
2004 if (transport == BT_TRANSPORT_LE) {
2005 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
2006 // set the raw data buffer here
2007 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
2008 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf;
2009
2010 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF;
2011 bta_dm_search_cb.ble_raw_used = 0;
2012
2013 /* start GATT for service discovery */
2014 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
2015 return;
2016 }
2017 } else {
2018 bta_dm_search_cb.sdp_results = false;
2019 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
2020 return;
2021 }
2022 }
2023 }
2024
2025 /* name discovery and service discovery are done for this device */
2026 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2027 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2028 /* initialize the data structure - includes p_raw_data and raw_data_size */
2029 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2030 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
2031 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
2032 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2033 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2034 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN);
2035
2036 bta_sys_sendmsg(p_msg);
2037 }
2038
2039 /*******************************************************************************
2040 *
2041 * Function bta_dm_sdp_callback
2042 *
2043 * Description Callback from sdp with discovery status
2044 *
2045 * Returns void
2046 *
2047 ******************************************************************************/
bta_dm_sdp_callback(uint16_t sdp_status)2048 static void bta_dm_sdp_callback(uint16_t sdp_status) {
2049 tBTA_DM_SDP_RESULT* p_msg =
2050 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
2051
2052 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
2053 p_msg->sdp_result = sdp_status;
2054
2055 bta_sys_sendmsg(p_msg);
2056 }
2057
2058 /*******************************************************************************
2059 *
2060 * Function bta_dm_inq_results_cb
2061 *
2062 * Description Inquiry results callback from BTM
2063 *
2064 * Returns void
2065 *
2066 ******************************************************************************/
bta_dm_inq_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)2067 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
2068 uint16_t eir_len) {
2069 tBTA_DM_SEARCH result;
2070 tBTM_INQ_INFO* p_inq_info;
2071 uint16_t service_class;
2072
2073 result.inq_res.bd_addr = p_inq->remote_bd_addr;
2074 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
2075 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
2076 result.inq_res.is_limited =
2077 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
2078 result.inq_res.rssi = p_inq->rssi;
2079
2080 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
2081 result.inq_res.inq_result_type = p_inq->inq_result_type;
2082 result.inq_res.device_type = p_inq->device_type;
2083 result.inq_res.flag = p_inq->flag;
2084
2085 /* application will parse EIR to find out remote device name */
2086 result.inq_res.p_eir = p_eir;
2087 result.inq_res.eir_len = eir_len;
2088
2089 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
2090 if (p_inq_info != NULL) {
2091 /* initialize remt_name_not_required to false so that we get the name by
2092 * default */
2093 result.inq_res.remt_name_not_required = false;
2094 }
2095
2096 if (bta_dm_search_cb.p_search_cback)
2097 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
2098
2099 if (p_inq_info) {
2100 /* application indicates if it knows the remote name, inside the callback
2101 copy that to the inquiry data base*/
2102 if (result.inq_res.remt_name_not_required)
2103 p_inq_info->appl_knows_rem_name = true;
2104 }
2105 }
2106
2107 /*******************************************************************************
2108 *
2109 * Function bta_dm_inq_cmpl_cb
2110 *
2111 * Description Inquiry complete callback from BTM
2112 *
2113 * Returns void
2114 *
2115 ******************************************************************************/
bta_dm_inq_cmpl_cb(void * p_result)2116 static void bta_dm_inq_cmpl_cb(void* p_result) {
2117 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2118
2119 APPL_TRACE_DEBUG("%s", __func__);
2120
2121 if (!bta_dm_search_cb.cancel_pending) {
2122 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
2123 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
2124 } else {
2125 bta_dm_search_cb.cancel_pending = false;
2126 bta_dm_search_cancel_notify(NULL);
2127 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2128 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2129 }
2130
2131 bta_sys_sendmsg(p_msg);
2132 }
2133
2134 /*******************************************************************************
2135 *
2136 * Function bta_dm_service_search_remname_cback
2137 *
2138 * Description Remote name call back from BTM during service discovery
2139 *
2140 * Returns void
2141 *
2142 ******************************************************************************/
bta_dm_service_search_remname_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dc,BD_NAME bd_name)2143 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
2144 UNUSED_ATTR DEV_CLASS dc,
2145 BD_NAME bd_name) {
2146 tBTM_REMOTE_DEV_NAME rem_name;
2147 tBTM_STATUS btm_status;
2148
2149 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
2150
2151 /* if this is what we are looking for */
2152 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
2153 rem_name.length = strlen((char*)bd_name);
2154 if (rem_name.length > (BD_NAME_LEN - 1)) {
2155 rem_name.length = (BD_NAME_LEN - 1);
2156 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0;
2157 }
2158 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN);
2159 rem_name.status = BTM_SUCCESS;
2160
2161 bta_dm_remname_cback(&rem_name);
2162 } else {
2163 /* get name of device */
2164 btm_status =
2165 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
2166 bta_dm_remname_cback, BT_TRANSPORT_BR_EDR);
2167 if (btm_status == BTM_BUSY) {
2168 /* wait for next chance(notification of remote name discovery done) */
2169 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
2170 } else if (btm_status != BTM_CMD_STARTED) {
2171 /* if failed to start getting remote name then continue */
2172 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
2173 __func__, btm_status);
2174
2175 rem_name.length = 0;
2176 rem_name.remote_bd_name[0] = 0;
2177 rem_name.status = btm_status;
2178 bta_dm_remname_cback(&rem_name);
2179 }
2180 }
2181 }
2182
2183 /*******************************************************************************
2184 *
2185 * Function bta_dm_remname_cback
2186 *
2187 * Description Remote name complete call back from BTM
2188 *
2189 * Returns void
2190 *
2191 ******************************************************************************/
bta_dm_remname_cback(void * p)2192 static void bta_dm_remname_cback(void* p) {
2193 tBTM_REMOTE_DEV_NAME* p_remote_name = (tBTM_REMOTE_DEV_NAME*)p;
2194 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
2195 p_remote_name->length, p_remote_name->remote_bd_name);
2196
2197 /* remote name discovery is done but it could be failed */
2198 bta_dm_search_cb.name_discover_done = true;
2199 strlcpy((char*)bta_dm_search_cb.peer_name,
2200 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2201
2202 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
2203
2204 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
2205 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
2206 }
2207
2208 tBTA_DM_REM_NAME* p_msg =
2209 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
2210 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2211 strlcpy((char*)p_msg->result.disc_res.bd_name,
2212 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2213 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
2214
2215 bta_sys_sendmsg(p_msg);
2216 }
2217
2218 /*******************************************************************************
2219 *
2220 * Function bta_dm_authorize_cback
2221 *
2222 * Description cback requesting authorization
2223 *
2224 * Returns void
2225 *
2226 ******************************************************************************/
bta_dm_authorize_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,UNUSED_ATTR uint8_t * service_name,uint8_t service_id,UNUSED_ATTR bool is_originator)2227 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
2228 DEV_CLASS dev_class, BD_NAME bd_name,
2229 UNUSED_ATTR uint8_t* service_name,
2230 uint8_t service_id,
2231 UNUSED_ATTR bool is_originator) {
2232 tBTA_DM_SEC sec_event;
2233 uint8_t index = 1;
2234
2235 sec_event.authorize.bd_addr = bd_addr;
2236 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN);
2237 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN);
2238
2239 #if (BTA_JV_INCLUDED == TRUE)
2240 sec_event.authorize.service = service_id;
2241 #endif
2242
2243 while (index < BTA_MAX_SERVICE_ID) {
2244 /* get the BTA service id corresponding to BTM id */
2245 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) {
2246 sec_event.authorize.service = index;
2247 break;
2248 }
2249 index++;
2250 }
2251
2252 /* if supported service callback otherwise not authorized */
2253 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID
2254 #if (BTA_JV_INCLUDED == TRUE)
2255 /* pass through JV service ID */
2256 || (service_id >= BTA_FIRST_JV_SERVICE_ID &&
2257 service_id <= BTA_LAST_JV_SERVICE_ID)
2258 #endif
2259 )) {
2260 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event);
2261 return BTM_CMD_STARTED;
2262 } else {
2263 return BTM_NOT_AUTHORIZED;
2264 }
2265 }
2266
2267 /*******************************************************************************
2268 *
2269 * Function bta_dm_pinname_cback
2270 *
2271 * Description Callback requesting pin_key
2272 *
2273 * Returns void
2274 *
2275 ******************************************************************************/
bta_dm_pinname_cback(void * p_data)2276 static void bta_dm_pinname_cback(void* p_data) {
2277 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
2278 tBTA_DM_SEC sec_event;
2279 uint32_t bytes_to_copy;
2280 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
2281
2282 if (BTA_DM_SP_CFM_REQ_EVT == event) {
2283 /* Retrieved saved device class and bd_addr */
2284 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
2285 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
2286
2287 if (p_result && p_result->status == BTM_SUCCESS) {
2288 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2289 ? p_result->length
2290 : (BD_NAME_LEN - 1);
2291 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
2292 bytes_to_copy);
2293 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2294 } else /* No name found */
2295 sec_event.cfm_req.bd_name[0] = 0;
2296
2297 sec_event.key_notif.passkey =
2298 bta_dm_cb.num_val; /* get PIN code numeric number */
2299
2300 /* 1 additional event data fields for this event */
2301 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
2302 /* retrieve the loc and rmt caps */
2303 sec_event.cfm_req.loc_io_caps = bta_dm_cb.loc_io_caps;
2304 sec_event.cfm_req.rmt_io_caps = bta_dm_cb.rmt_io_caps;
2305 sec_event.cfm_req.loc_auth_req = bta_dm_cb.loc_auth_req;
2306 sec_event.cfm_req.rmt_auth_req = bta_dm_cb.rmt_auth_req;
2307
2308 } else {
2309 /* Retrieved saved device class and bd_addr */
2310 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
2311 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2312
2313 if (p_result && p_result->status == BTM_SUCCESS) {
2314 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2315 ? p_result->length
2316 : (BD_NAME_LEN - 1);
2317 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2318 bytes_to_copy);
2319 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2320 } else /* No name found */
2321 sec_event.pin_req.bd_name[0] = 0;
2322
2323 event = bta_dm_cb.pin_evt;
2324 sec_event.key_notif.passkey =
2325 bta_dm_cb.num_val; /* get PIN code numeric number */
2326 }
2327
2328 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2329 }
2330
2331 /*******************************************************************************
2332 *
2333 * Function bta_dm_pin_cback
2334 *
2335 * Description Callback requesting pin_key
2336 *
2337 * Returns void
2338 *
2339 ******************************************************************************/
bta_dm_pin_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,bool min_16_digit)2340 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2341 BD_NAME bd_name, bool min_16_digit) {
2342 tBTA_DM_SEC sec_event;
2343
2344 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2345
2346 /* If the device name is not known, save bdaddr and devclass and initiate a
2347 * name request */
2348 if (bd_name[0] == 0) {
2349 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2350 bta_dm_cb.pin_bd_addr = bd_addr;
2351 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2352 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2353 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2354 return BTM_CMD_STARTED;
2355
2356 APPL_TRACE_WARNING(
2357 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2358 }
2359
2360 sec_event.pin_req.bd_addr = bd_addr;
2361 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2362 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN);
2363 sec_event.pin_req.min_16_digit = min_16_digit;
2364
2365 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2366 return BTM_CMD_STARTED;
2367 }
2368
2369 /*******************************************************************************
2370 *
2371 * Function bta_dm_new_link_key_cback
2372 *
2373 * Description Callback from BTM to notify new link key
2374 *
2375 * Returns void
2376 *
2377 ******************************************************************************/
bta_dm_new_link_key_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,const LinkKey & key,uint8_t key_type)2378 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2379 UNUSED_ATTR DEV_CLASS dev_class,
2380 BD_NAME bd_name, const LinkKey& key,
2381 uint8_t key_type) {
2382 tBTA_DM_SEC sec_event;
2383 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2384 uint8_t event;
2385
2386 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2387
2388 /* Not AMP Key type */
2389 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) {
2390 event = BTA_DM_AUTH_CMPL_EVT;
2391 p_auth_cmpl = &sec_event.auth_cmpl;
2392
2393 p_auth_cmpl->bd_addr = bd_addr;
2394
2395 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1));
2396 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0;
2397 p_auth_cmpl->key_present = true;
2398 p_auth_cmpl->key_type = key_type;
2399 p_auth_cmpl->success = true;
2400 p_auth_cmpl->key = key;
2401 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2402
2403 // Report the BR link key based on the BR/EDR address and type
2404 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2405 &sec_event.auth_cmpl.addr_type);
2406 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2407
2408 // Setting remove_dev_pending flag to false, where it will avoid deleting
2409 // the
2410 // security device record when the ACL connection link goes down in case of
2411 // reconnection.
2412 if (bta_dm_cb.device_list.count)
2413 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2414 } else {
2415 APPL_TRACE_WARNING("%s() Received AMP Key", __func__);
2416 }
2417
2418 return BTM_CMD_STARTED;
2419 }
2420
2421 /*******************************************************************************
2422 *
2423 * Function bta_dm_authentication_complete_cback
2424 *
2425 * Description Authentication complete callback from BTM
2426 *
2427 * Returns void
2428 *
2429 ******************************************************************************/
bta_dm_authentication_complete_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,int result)2430 static uint8_t bta_dm_authentication_complete_cback(
2431 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name,
2432 int result) {
2433 tBTA_DM_SEC sec_event;
2434
2435 if (result != BTM_SUCCESS) {
2436 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2437 sec_event.auth_cmpl.bd_addr = bd_addr;
2438
2439 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1));
2440 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
2441
2442 // Report the BR link key based on the BR/EDR address and type
2443 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2444 &sec_event.auth_cmpl.addr_type);
2445 sec_event.auth_cmpl.fail_reason = (uint8_t)result;
2446
2447 if (bta_dm_cb.p_sec_cback)
2448 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2449
2450 if (result == HCI_ERR_AUTH_FAILURE || result == HCI_ERR_KEY_MISSING ||
2451 result == HCI_ERR_HOST_REJECT_SECURITY ||
2452 result == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) {
2453 APPL_TRACE_WARNING("%s deleting %s - result: 0x%02x", __func__,
2454 bd_addr.ToString().c_str(), result);
2455 bta_dm_remove_sec_dev_entry(bd_addr);
2456 }
2457 }
2458
2459 return BTM_SUCCESS;
2460 }
2461
2462 /*******************************************************************************
2463 *
2464 * Function bta_dm_sp_cback
2465 *
2466 * Description simple pairing callback from BTM
2467 *
2468 * Returns void
2469 *
2470 ******************************************************************************/
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)2471 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
2472 tBTM_STATUS status = BTM_CMD_STARTED;
2473 tBTA_DM_SEC sec_event;
2474 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2475
2476 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2477 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2478
2479 /* TODO_SP */
2480 switch (event) {
2481 case BTM_SP_IO_REQ_EVT:
2482 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2483 /* translate auth_req */
2484 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap,
2485 &p_data->io_req.oob_data, &p_data->io_req.auth_req,
2486 p_data->io_req.is_orig);
2487 }
2488 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2489 p_data->io_req.oob_data);
2490 break;
2491 case BTM_SP_IO_RSP_EVT:
2492 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2493 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2494 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2495 }
2496 break;
2497
2498 case BTM_SP_CFM_REQ_EVT:
2499 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2500 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2501 p_data->cfm_req.just_works;
2502 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2503 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2504 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2505 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2506
2507 /* continue to next case */
2508 /* Passkey entry mode, mobile device with output capability is very
2509 unlikely to receive key request, so skip this event */
2510 /*case BTM_SP_KEY_REQ_EVT: */
2511 case BTM_SP_KEY_NOTIF_EVT:
2512 if (btm_local_io_caps == BTM_IO_CAP_NONE &&
2513 BTM_SP_KEY_NOTIF_EVT == event) {
2514 status = BTM_NOT_AUTHORIZED;
2515 break;
2516 }
2517
2518 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2519 p_data->key_notif.passkey;
2520
2521 if (BTM_SP_CFM_REQ_EVT == event) {
2522 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2523 call remote name request using values from cfm_req */
2524 if (p_data->cfm_req.bd_name[0] == 0) {
2525 bta_dm_cb.pin_evt = pin_evt;
2526 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2527 bta_dm_cb.rmt_io_caps = sec_event.cfm_req.rmt_io_caps;
2528 bta_dm_cb.loc_io_caps = sec_event.cfm_req.loc_io_caps;
2529 bta_dm_cb.rmt_auth_req = sec_event.cfm_req.rmt_auth_req;
2530 bta_dm_cb.loc_auth_req = sec_event.cfm_req.loc_auth_req;
2531
2532 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2533 p_data->cfm_req.dev_class);
2534 if ((BTM_ReadRemoteDeviceName(
2535 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2536 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2537 return BTM_CMD_STARTED;
2538 APPL_TRACE_WARNING(
2539 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2540 } else {
2541 /* Due to the switch case falling through below to
2542 BTM_SP_KEY_NOTIF_EVT,
2543 copy these values into key_notif from cfm_req */
2544 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2545 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2546 p_data->cfm_req.dev_class);
2547 strlcpy((char*)sec_event.key_notif.bd_name,
2548 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN);
2549 }
2550 }
2551
2552 if (BTM_SP_KEY_NOTIF_EVT == event) {
2553 /* If the device name is not known, save bdaddr and devclass
2554 and initiate a name request with values from key_notif */
2555 if (p_data->key_notif.bd_name[0] == 0) {
2556 bta_dm_cb.pin_evt = pin_evt;
2557 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2558 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2559 p_data->key_notif.dev_class);
2560 if ((BTM_ReadRemoteDeviceName(
2561 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2562 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2563 return BTM_CMD_STARTED;
2564 APPL_TRACE_WARNING(
2565 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2566 } else {
2567 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2568 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2569 p_data->key_notif.dev_class);
2570 strlcpy((char*)sec_event.key_notif.bd_name,
2571 (char*)p_data->key_notif.bd_name, BD_NAME_LEN);
2572 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0;
2573 }
2574 }
2575
2576 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2577
2578 break;
2579
2580 case BTM_SP_LOC_OOB_EVT:
2581 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS),
2582 p_data->loc_oob.c, p_data->loc_oob.r);
2583 break;
2584
2585 case BTM_SP_RMT_OOB_EVT:
2586 /* If the device name is not known, save bdaddr and devclass and initiate
2587 * a name request */
2588 if (p_data->rmt_oob.bd_name[0] == 0) {
2589 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT;
2590 bta_dm_cb.pin_bd_addr = p_data->rmt_oob.bd_addr;
2591 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2592 p_data->rmt_oob.dev_class);
2593 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr,
2594 bta_dm_pinname_cback,
2595 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2596 return BTM_CMD_STARTED;
2597 APPL_TRACE_WARNING(
2598 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2599 }
2600
2601 sec_event.rmt_oob.bd_addr = p_data->rmt_oob.bd_addr;
2602 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class,
2603 p_data->rmt_oob.dev_class);
2604 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name,
2605 BD_NAME_LEN);
2606
2607 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event);
2608
2609 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr);
2610 break;
2611
2612 case BTM_SP_COMPLT_EVT:
2613 /* do not report this event - handled by link_key_callback or
2614 * auth_complete_callback */
2615 break;
2616
2617 case BTM_SP_KEYPRESS_EVT:
2618 memcpy(&sec_event.key_press, &p_data->key_press,
2619 sizeof(tBTM_SP_KEYPRESS));
2620 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event);
2621 break;
2622
2623 case BTM_SP_UPGRADE_EVT:
2624 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade);
2625 break;
2626
2627 default:
2628 status = BTM_NOT_AUTHORIZED;
2629 break;
2630 }
2631 APPL_TRACE_EVENT("dm status: %d", status);
2632 return status;
2633 }
2634
2635 /*******************************************************************************
2636 *
2637 * Function bta_dm_local_name_cback
2638 *
2639 * Description Callback from btm after local name is read
2640 *
2641 *
2642 * Returns void
2643 *
2644 ******************************************************************************/
bta_dm_local_name_cback(UNUSED_ATTR void * p_name)2645 static void bta_dm_local_name_cback(UNUSED_ATTR void* p_name) {
2646 tBTA_DM_SEC sec_event;
2647
2648 sec_event.enable.status = BTA_SUCCESS;
2649
2650 if (bta_dm_cb.p_sec_cback)
2651 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event);
2652 }
2653
send_busy_level_update(uint8_t busy_level,uint8_t busy_level_flags)2654 static void send_busy_level_update(uint8_t busy_level,
2655 uint8_t busy_level_flags) {
2656 if (!bta_dm_cb.p_sec_cback) return;
2657
2658 tBTA_DM_SEC conn;
2659 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2660 conn.busy_level.level = busy_level;
2661 conn.busy_level.level_flags = busy_level_flags;
2662 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn);
2663 }
2664
handle_role_change(const RawAddress & bd_addr,uint8_t new_role,uint8_t hci_status)2665 static void handle_role_change(const RawAddress& bd_addr, uint8_t new_role,
2666 uint8_t hci_status) {
2667 tBTA_DM_SEC conn;
2668 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2669
2670 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2671 if (!p_dev) return;
2672 LOG_INFO(LOG_TAG,
2673 "%s: peer %s info:0x%x new_role:0x%x dev count:%d hci_status=%d",
2674 __func__, bd_addr.ToString().c_str(), p_dev->info, new_role,
2675 bta_dm_cb.device_list.count, hci_status);
2676 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) {
2677 bool need_policy_change = false;
2678
2679 /* there's AV activity on this link */
2680 if (new_role == HCI_ROLE_SLAVE && bta_dm_cb.device_list.count > 1 &&
2681 hci_status == HCI_SUCCESS) {
2682 /* more than one connections and the AV connection is role switched
2683 * to slave
2684 * switch it back to master and remove the switch policy */
2685 BTM_SwitchRole(bd_addr, BTM_ROLE_MASTER, NULL);
2686 need_policy_change = true;
2687 } else if (p_bta_dm_cfg->avoid_scatter && (new_role == HCI_ROLE_MASTER)) {
2688 /* if the link updated to be master include AV activities, remove
2689 * the switch policy */
2690 need_policy_change = true;
2691 }
2692
2693 if (need_policy_change) {
2694 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2695 p_dev->peer_bdaddr);
2696 }
2697 } else {
2698 /* there's AV no activity on this link and role switch happened
2699 * check if AV is active
2700 * if so, make sure the AV link is master */
2701 bta_dm_check_av(0);
2702 }
2703 bta_sys_notify_role_chg(bd_addr, new_role, hci_status);
2704 conn.role_chg.bd_addr = bd_addr;
2705 conn.role_chg.new_role = (uint8_t)new_role;
2706 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, &conn);
2707 }
2708
bta_dm_acl_change(bool is_new,const RawAddress & bd_addr,tBT_TRANSPORT transport,uint16_t handle)2709 static void bta_dm_acl_change(bool is_new, const RawAddress& bd_addr,
2710 tBT_TRANSPORT transport, uint16_t handle) {
2711 bool issue_unpair_cb = false;
2712
2713 tBTA_DM_SEC conn;
2714 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2715
2716 if (is_new) {
2717 uint8_t i;
2718 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2719 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
2720 bta_dm_cb.device_list.peer_device[i].conn_handle == handle)
2721 break;
2722 }
2723
2724 if (i == bta_dm_cb.device_list.count) {
2725 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
2726 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2727 .peer_bdaddr = bd_addr;
2728 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2729 .link_policy = bta_dm_cb.cur_policy;
2730 bta_dm_cb.device_list.count++;
2731 bta_dm_cb.device_list.peer_device[i].conn_handle = handle;
2732 if (transport == BT_TRANSPORT_LE) bta_dm_cb.device_list.le_count++;
2733 } else {
2734 APPL_TRACE_ERROR("%s max active connection reached, no resources",
2735 __func__);
2736 return;
2737 }
2738 }
2739
2740 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED;
2741 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE;
2742 conn.link_up.bd_addr = bd_addr;
2743 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE;
2744 conn.link_up.link_type = transport;
2745 bta_dm_cb.device_list.peer_device[i].transport = transport;
2746
2747 uint8_t* p;
2748 if (((NULL != (p = BTM_ReadLocalFeatures())) &&
2749 HCI_SNIFF_SUB_RATE_SUPPORTED(p)) &&
2750 ((NULL != (p = BTM_ReadRemoteFeatures(bd_addr))) &&
2751 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) {
2752 /* both local and remote devices support SSR */
2753 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR;
2754 }
2755 APPL_TRACE_WARNING("%s info: 0x%x", __func__,
2756 bta_dm_cb.device_list.peer_device[i].info);
2757
2758 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, &conn);
2759 } else {
2760 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2761 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != bd_addr ||
2762 bta_dm_cb.device_list.peer_device[i].transport != transport)
2763 continue;
2764
2765 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) {
2766 if (BTM_SecDeleteDevice(
2767 bta_dm_cb.device_list.peer_device[i].peer_bdaddr))
2768 issue_unpair_cb = true;
2769
2770 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
2771 issue_unpair_cb);
2772 }
2773
2774 conn.link_down.is_removed =
2775 bta_dm_cb.device_list.peer_device[i].remove_dev_pending;
2776
2777 // Iterate to the one before the last when shrinking the list,
2778 // otherwise we memcpy garbage data into the record.
2779 // Then clear out the last item in the list since we are shrinking.
2780 for (; i < bta_dm_cb.device_list.count - 1; i++) {
2781 memcpy(&bta_dm_cb.device_list.peer_device[i],
2782 &bta_dm_cb.device_list.peer_device[i + 1],
2783 sizeof(bta_dm_cb.device_list.peer_device[i]));
2784 }
2785 if (bta_dm_cb.device_list.count > 0) {
2786 int clear_index = bta_dm_cb.device_list.count - 1;
2787 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
2788 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
2789 }
2790 break;
2791 }
2792 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
2793 if ((transport == BT_TRANSPORT_LE) && (bta_dm_cb.device_list.le_count))
2794 bta_dm_cb.device_list.le_count--;
2795 conn.link_down.link_type = transport;
2796
2797 if ((transport == BT_TRANSPORT_BR_EDR) &&
2798 (bta_dm_search_cb.wait_disc &&
2799 bta_dm_search_cb.peer_bdaddr == bd_addr)) {
2800 bta_dm_search_cb.wait_disc = false;
2801
2802 if (bta_dm_search_cb.sdp_results) {
2803 APPL_TRACE_EVENT(" timer stopped ");
2804 alarm_cancel(bta_dm_search_cb.search_timer);
2805 bta_dm_discover_next_device();
2806 }
2807 }
2808
2809 if (bta_dm_cb.disabling) {
2810 if (!BTM_GetNumAclLinks()) {
2811 /*
2812 * Start a timer to make sure that the profiles
2813 * get the disconnect event.
2814 */
2815 alarm_set_on_mloop(bta_dm_cb.disable_timer,
2816 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
2817 bta_dm_disable_conn_down_timer_cback, NULL);
2818 }
2819 }
2820 if (conn.link_down.is_removed) {
2821 BTM_SecDeleteDevice(bd_addr);
2822 /* need to remove all pending background connection */
2823 BTA_GATTC_CancelOpen(0, bd_addr, false);
2824 /* remove all cached GATT information */
2825 BTA_GATTC_Refresh(bd_addr);
2826 }
2827
2828 conn.link_down.bd_addr = bd_addr;
2829 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code();
2830 if (bta_dm_cb.p_sec_cback) {
2831 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
2832 if (issue_unpair_cb)
2833 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
2834 }
2835 }
2836
2837 bta_dm_adjust_roles(true);
2838 }
2839
2840 /** Callback from btm when acl connection goes up or down */
bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA * p_data)2841 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) {
2842 switch (p_data->event) {
2843 case BTM_BL_CONN_EVT:
2844 /* connection up */
2845 do_in_main_thread(
2846 FROM_HERE, base::Bind(bta_dm_acl_change, true, *p_data->conn.p_bda,
2847 p_data->conn.transport, p_data->conn.handle));
2848 break;
2849 case BTM_BL_DISCN_EVT:
2850 /* connection down */
2851 do_in_main_thread(
2852 FROM_HERE, base::Bind(bta_dm_acl_change, false, *p_data->discn.p_bda,
2853 p_data->discn.transport, p_data->discn.handle));
2854 break;
2855
2856 case BTM_BL_UPDATE_EVT: {
2857 /* busy level update */
2858 do_in_main_thread(FROM_HERE, base::Bind(send_busy_level_update,
2859 p_data->update.busy_level,
2860 p_data->update.busy_level_flags));
2861 return;
2862 }
2863 case BTM_BL_ROLE_CHG_EVT: {
2864 const auto& tmp = p_data->role_chg;
2865 do_in_main_thread(FROM_HERE, base::Bind(handle_role_change, *tmp.p_bda,
2866 tmp.new_role, tmp.hci_status));
2867 return;
2868 }
2869
2870 case BTM_BL_COLLISION_EVT:
2871 /* Collision report from Stack: Notify profiles */
2872 do_in_main_thread(
2873 FROM_HERE, base::Bind(bta_sys_notify_collision, *p_data->conn.p_bda));
2874 return;
2875 }
2876 }
2877
2878 /*******************************************************************************
2879 *
2880 * Function bta_dm_rs_cback
2881 *
2882 * Description Receives the role switch complete event
2883 *
2884 * Returns
2885 *
2886 ******************************************************************************/
bta_dm_rs_cback(UNUSED_ATTR void * p1)2887 static void bta_dm_rs_cback(UNUSED_ATTR void* p1) {
2888 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event);
2889 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) {
2890 bta_dm_cb.search_msg.rs_res =
2891 BTA_DM_RS_OK; /* do not care about the result for now */
2892 bta_dm_cb.rs_event = 0;
2893 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg);
2894 }
2895 }
2896
2897 /*******************************************************************************
2898 *
2899 * Function bta_dm_check_av
2900 *
2901 * Description This function checks if AV is active
2902 * if yes, make sure the AV link is master
2903 *
2904 * Returns bool - true, if switch is in progress
2905 *
2906 ******************************************************************************/
bta_dm_check_av(uint16_t event)2907 static bool bta_dm_check_av(uint16_t event) {
2908 bool avoid_roleswitch = false;
2909 bool switching = false;
2910 uint8_t i;
2911 tBTA_DM_PEER_DEVICE* p_dev;
2912
2913 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE)
2914
2915 /* avoid role switch upon inquiry if a2dp is actively streaming as it
2916 introduces an audioglitch due to FW scheduling delays (unavoidable) */
2917 if (event == BTA_DM_API_SEARCH_EVT) {
2918 avoid_roleswitch = true;
2919 }
2920 #endif
2921
2922 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count);
2923 if (bta_dm_cb.cur_av_count) {
2924 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2925 p_dev = &bta_dm_cb.device_list.peer_device[i];
2926 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i,
2927 p_dev->conn_state, p_dev->info, avoid_roleswitch);
2928 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2929 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (!avoid_roleswitch)) {
2930 /* make master and take away the role switch policy */
2931 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr,
2932 HCI_ROLE_MASTER,
2933 bta_dm_rs_cback)) {
2934 /* the role switch command is actually sent */
2935 bta_dm_cb.rs_event = event;
2936 switching = true;
2937 }
2938 /* else either already master or can not switch for some reasons */
2939 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2940 p_dev->peer_bdaddr);
2941 break;
2942 }
2943 }
2944 }
2945 return switching;
2946 }
2947
2948 /*******************************************************************************
2949 *
2950 * Function bta_dm_disable_conn_down_timer_cback
2951 *
2952 * Description Sends disable event to application
2953 *
2954 *
2955 * Returns void
2956 *
2957 ******************************************************************************/
bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void * data)2958 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
2959 tBTA_SYS_HW_MSG* sys_enable_event =
2960 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
2961
2962 /* disable the power managment module */
2963 bta_dm_disable_pm();
2964
2965 /* register our callback to SYS HW manager */
2966 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
2967
2968 /* send a message to BTA SYS */
2969 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT;
2970 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
2971 bta_sys_sendmsg(sys_enable_event);
2972
2973 bta_dm_cb.disabling = false;
2974 }
2975
2976 /*******************************************************************************
2977 *
2978 * Function bta_dm_rm_cback
2979 *
2980 * Description Role management callback from sys
2981 *
2982 *
2983 * Returns void
2984 *
2985 ******************************************************************************/
bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress & peer_addr)2986 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
2987 uint8_t app_id, const RawAddress& peer_addr) {
2988 uint8_t j;
2989 tBTA_PREF_ROLES role;
2990 tBTA_DM_PEER_DEVICE* p_dev;
2991
2992 p_dev = bta_dm_find_peer_device(peer_addr);
2993 if (status == BTA_SYS_CONN_OPEN) {
2994 if (p_dev) {
2995 /* Do not set to connected if we are in the middle of unpairing. When AV
2996 * stream is
2997 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
2998 * switch command.
2999 * But this should not be done if we are in the middle of unpairing.
3000 */
3001 if (p_dev->conn_state != BTA_DM_UNPAIRING)
3002 p_dev->conn_state = BTA_DM_CONNECTED;
3003
3004 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
3005 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
3006 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
3007 (p_bta_dm_rm_cfg[j].id == id)) {
3008 role = p_bta_dm_rm_cfg[j].cfg;
3009
3010 if (role > p_dev->pref_role) p_dev->pref_role = role;
3011 break;
3012 }
3013 }
3014 }
3015 }
3016
3017 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) {
3018 if (status == BTA_SYS_CONN_BUSY) {
3019 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
3020 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
3021 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3022 } else if (status == BTA_SYS_CONN_IDLE) {
3023 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
3024
3025 /* get cur_av_count from connected services */
3026 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3027 }
3028 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count,
3029 status);
3030 }
3031
3032 /* Don't adjust roles for each busy/idle state transition to avoid
3033 excessive switch requests when individual profile busy/idle status
3034 changes */
3035 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
3036 bta_dm_adjust_roles(false);
3037 }
3038
3039 /*******************************************************************************
3040 *
3041 * Function bta_dm_delay_role_switch_cback
3042 *
3043 * Description Callback from btm to delay a role switch
3044 *
3045 * Returns void
3046 *
3047 ******************************************************************************/
bta_dm_delay_role_switch_cback(UNUSED_ATTR void * data)3048 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
3049 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
3050 bta_dm_adjust_roles(false);
3051 }
3052
3053 /*******************************************************************************
3054 *
3055 * Function bta_dm_reset_sec_dev_pending
3056 *
3057 * Description Setting the remove device pending status to false from
3058 * security device DB, when the link key notification
3059 * event comes.
3060 *
3061 * Returns void
3062 *
3063 ******************************************************************************/
bta_dm_reset_sec_dev_pending(const RawAddress & remote_bd_addr)3064 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
3065 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
3066 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3067 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
3068 return;
3069 }
3070 }
3071 }
3072
3073 /*******************************************************************************
3074 *
3075 * Function bta_dm_remove_sec_dev_entry
3076 *
3077 * Description Removes device entry from Security device DB if ACL
3078 connection with
3079 * remtoe device does not exist, else schedule for dev entry
3080 removal upon
3081 ACL close
3082 *
3083 * Returns void
3084 *
3085 ******************************************************************************/
bta_dm_remove_sec_dev_entry(const RawAddress & remote_bd_addr)3086 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
3087 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
3088 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
3089 APPL_TRACE_DEBUG(
3090 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
3091 __func__);
3092 BTM_SecClearSecurityFlags(remote_bd_addr);
3093 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
3094 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3095 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
3096 break;
3097 }
3098 }
3099 } else {
3100 // remote_bd_addr comes from security record, which is removed in
3101 // BTM_SecDeleteDevice.
3102 RawAddress addr_copy = remote_bd_addr;
3103 BTM_SecDeleteDevice(addr_copy);
3104 /* need to remove all pending background connection */
3105 BTA_GATTC_CancelOpen(0, addr_copy, false);
3106 /* remove all cached GATT information */
3107 BTA_GATTC_Refresh(addr_copy);
3108 }
3109 }
3110
3111 /*******************************************************************************
3112 *
3113 * Function bta_dm_adjust_roles
3114 *
3115 * Description Adjust roles
3116 *
3117 *
3118 * Returns void
3119 *
3120 ******************************************************************************/
bta_dm_adjust_roles(bool delay_role_switch)3121 static void bta_dm_adjust_roles(bool delay_role_switch) {
3122 uint8_t i;
3123 bool set_master_role = false;
3124 uint8_t br_count =
3125 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count;
3126 if (br_count) {
3127 /* the configuration is no scatternet
3128 * or AV connection exists and there are more than one ACL link */
3129 if ((p_bta_dm_rm_cfg[0].cfg == BTA_DM_NO_SCATTERNET) ||
3130 (bta_dm_cb.cur_av_count && br_count > 1)) {
3131 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3132 set_master_role = true;
3133 }
3134
3135 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3136 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
3137 bta_dm_cb.device_list.peer_device[i].transport ==
3138 BT_TRANSPORT_BR_EDR) {
3139 if (!set_master_role &&
3140 (bta_dm_cb.device_list.peer_device[i].pref_role != BTA_ANY_ROLE) &&
3141 (p_bta_dm_rm_cfg[0].cfg == BTA_DM_PARTIAL_SCATTERNET)) {
3142 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3143 set_master_role = true;
3144 }
3145
3146 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
3147 BTA_MASTER_ROLE_ONLY) ||
3148 (br_count > 1)) {
3149 /* Initiating immediate role switch with certain remote devices
3150 has caused issues due to role switch colliding with link encryption
3151 setup and
3152 causing encryption (and in turn the link) to fail . These device .
3153 Firmware
3154 versions are stored in a blacklist and role switch with these
3155 devices are
3156 delayed to avoid the collision with link encryption setup */
3157
3158 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
3159 BTA_SLAVE_ROLE_ONLY &&
3160 !delay_role_switch) {
3161 BTM_SwitchRole(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
3162 HCI_ROLE_MASTER, NULL);
3163 } else {
3164 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
3165 BTA_DM_SWITCH_DELAY_TIMER_MS,
3166 bta_dm_delay_role_switch_cback, NULL);
3167 }
3168 }
3169 }
3170 }
3171
3172 if (!set_master_role) {
3173 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3174 }
3175
3176 } else {
3177 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3178 }
3179 }
3180
3181 /*******************************************************************************
3182 *
3183 * Function bta_dm_get_remname
3184 *
3185 * Description Returns a pointer to the remote name stored in the DM
3186 * control block if it exists, or from the BTM memory.
3187 *
3188 * Returns char * - Pointer to the remote device name
3189 ******************************************************************************/
bta_dm_get_remname(void)3190 static char* bta_dm_get_remname(void) {
3191 char* p_name = (char*)bta_dm_search_cb.peer_name;
3192 char* p_temp;
3193
3194 /* If the name isn't already stored, try retrieving from BTM */
3195 if (*p_name == '\0') {
3196 p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
3197 if (p_temp != NULL) p_name = p_temp;
3198 }
3199
3200 return p_name;
3201 }
3202
3203 /*******************************************************************************
3204 *
3205 * Function bta_dm_bond_cancel_complete_cback
3206 *
3207 * Description Authentication complete callback from BTM
3208 *
3209 * Returns void
3210 *
3211 ******************************************************************************/
bta_dm_bond_cancel_complete_cback(tBTM_STATUS result)3212 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
3213 tBTA_DM_SEC sec_event;
3214
3215 if (result == BTM_SUCCESS)
3216 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
3217 else
3218 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
3219
3220 if (bta_dm_cb.p_sec_cback) {
3221 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
3222 }
3223 }
3224
3225 /*******************************************************************************
3226 *
3227 * Function find_utf8_char_boundary
3228 *
3229 * Description This function checks a UTF8 string |utf8str| starting at
3230 * |offset|, moving backwards and returns the offset of the
3231 * next valid UTF8 character boundary found.
3232 *
3233 * Returns Offset of UTF8 character boundary
3234 *
3235 ******************************************************************************/
find_utf8_char_boundary(const char * utf8str,size_t offset)3236 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
3237 CHECK(utf8str);
3238 CHECK(offset > 0);
3239
3240 while (--offset) {
3241 uint8_t ch = (uint8_t)utf8str[offset];
3242 if ((ch & 0x80) == 0x00) // ASCII
3243 return offset + 1;
3244 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
3245 return offset;
3246 }
3247
3248 return 0;
3249 }
3250
3251 /*******************************************************************************
3252 *
3253 * Function bta_dm_set_eir
3254 *
3255 * Description This function creates EIR tagged data and writes it to
3256 * controller.
3257 *
3258 * Returns None
3259 *
3260 ******************************************************************************/
bta_dm_set_eir(char * local_name)3261 static void bta_dm_set_eir(char* local_name) {
3262 uint8_t* p;
3263 uint8_t* p_length;
3264 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3265 uint8_t* p_type;
3266 uint8_t max_num_uuid;
3267 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3268 uint8_t custom_uuid_idx;
3269 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
3270 #endif // BTA_EIR_CANNED_UUID_LIST
3271 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
3272 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
3273 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
3274 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
3275 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
3276 uint8_t num_uuid;
3277 uint8_t data_type;
3278 uint8_t local_name_len;
3279
3280 /* wait until complete to disable */
3281 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
3282
3283 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3284 /* if local name is not provided, get it from controller */
3285 if (local_name == NULL) {
3286 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) {
3287 APPL_TRACE_ERROR("Fail to read local device name for EIR");
3288 }
3289 }
3290 #endif // BTA_EIR_CANNED_UUID_LIST
3291
3292 /* Allocate a buffer to hold HCI command */
3293 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
3294 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
3295
3296 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
3297
3298 APPL_TRACE_DEBUG("BTA is generating EIR");
3299
3300 if (local_name)
3301 local_name_len = strlen(local_name);
3302 else
3303 local_name_len = 0;
3304
3305 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3306 /* if local name is longer than minimum length of shortened name */
3307 /* check whether it needs to be shortened or not */
3308 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
3309 /* get number of UUID 16-bit list */
3310 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3311 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3312 #else // BTA_EIR_CANNED_UUID_LIST
3313 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3314 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3315 max_num_uuid, &num_uuid);
3316 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
3317 #endif // BTA_EIR_CANNED_UUID_LIST
3318
3319 /* if UUID doesn't fit remaing space, shorten local name */
3320 if (local_name_len > (free_eir_length - 4 - num_uuid * Uuid::kNumBytes16)) {
3321 local_name_len = find_utf8_char_boundary(
3322 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
3323 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
3324 local_name_len);
3325 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE;
3326 } else {
3327 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3328 }
3329 }
3330
3331 UINT8_TO_STREAM(p, local_name_len + 1);
3332 UINT8_TO_STREAM(p, data_type);
3333
3334 if (local_name != NULL) {
3335 memcpy(p, local_name, local_name_len);
3336 p += local_name_len;
3337 }
3338 free_eir_length -= local_name_len + 2;
3339
3340 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3341 /* if UUID list is provided as static data in configuration */
3342 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
3343 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
3344 if (free_eir_length > Uuid::kNumBytes16 + 2) {
3345 free_eir_length -= 2;
3346
3347 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
3348 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3349 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE;
3350 } else /* not enough room for all UUIDs */
3351 {
3352 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3353 num_uuid = free_eir_length / Uuid::kNumBytes16;
3354 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3355 }
3356 UINT8_TO_STREAM(p, num_uuid * Uuid::kNumBytes16 + 1);
3357 UINT8_TO_STREAM(p, data_type);
3358 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16,
3359 num_uuid * Uuid::kNumBytes16);
3360 p += num_uuid * Uuid::kNumBytes16;
3361 free_eir_length -= num_uuid * Uuid::kNumBytes16;
3362 }
3363 }
3364 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3365 /* if UUID list is dynamic */
3366 if (free_eir_length >= 2) {
3367 p_length = p++;
3368 p_type = p++;
3369 num_uuid = 0;
3370
3371 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3372 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3373 max_num_uuid, &num_uuid);
3374
3375 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) {
3376 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3377 }
3378 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3379 else {
3380 for (custom_uuid_idx = 0;
3381 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3382 custom_uuid_idx++) {
3383 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3384 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes16) {
3385 if (num_uuid < max_num_uuid) {
3386 UINT16_TO_STREAM(p, curr.As16Bit());
3387 num_uuid++;
3388 } else {
3389 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3390 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3391 break;
3392 }
3393 }
3394 }
3395 }
3396 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3397
3398 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes16 + 1);
3399 UINT8_TO_STREAM(p_type, data_type);
3400 free_eir_length -= num_uuid * Uuid::kNumBytes16 + 2;
3401 }
3402 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3403
3404 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3405 /* Adding 32-bit UUID list */
3406 if (free_eir_length >= 2) {
3407 p_length = p++;
3408 p_type = p++;
3409 num_uuid = 0;
3410 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE;
3411
3412 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes32;
3413
3414 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3415 custom_uuid_idx++) {
3416 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3417 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes32) {
3418 if (num_uuid < max_num_uuid) {
3419 UINT32_TO_STREAM(p, curr.As32Bit());
3420 num_uuid++;
3421 } else {
3422 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE;
3423 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3424 break;
3425 }
3426 }
3427 }
3428
3429 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes32 + 1);
3430 UINT8_TO_STREAM(p_type, data_type);
3431 free_eir_length -= num_uuid * Uuid::kNumBytes32 + 2;
3432 }
3433
3434 /* Adding 128-bit UUID list */
3435 if (free_eir_length >= 2) {
3436 p_length = p++;
3437 p_type = p++;
3438 num_uuid = 0;
3439 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE;
3440
3441 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes128;
3442
3443 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3444 custom_uuid_idx++) {
3445 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3446 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes128) {
3447 if (num_uuid < max_num_uuid) {
3448 ARRAY16_TO_STREAM(p, curr.To128BitBE().data());
3449 num_uuid++;
3450 } else {
3451 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE;
3452 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3453 break;
3454 }
3455 }
3456 }
3457
3458 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes128 + 1);
3459 UINT8_TO_STREAM(p_type, data_type);
3460 free_eir_length -= num_uuid * Uuid::kNumBytes128 + 2;
3461 }
3462 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3463 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3464
3465 /* if Flags are provided in configuration */
3466 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3467 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3468 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3469 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3470 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE);
3471 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3472 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3473 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3474 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3475 }
3476
3477 /* if Manufacturer Specific are provided in configuration */
3478 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3479 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3480 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3481 p_length = p;
3482
3483 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3484 UINT8_TO_STREAM(p, BTM_EIR_MANUFACTURER_SPECIFIC_TYPE);
3485 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3486 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3487 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3488 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3489
3490 } else {
3491 p_length = NULL;
3492 }
3493
3494 /* if Inquiry Tx Resp Power compiled */
3495 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3496 UINT8_TO_STREAM(p, 2); /* Length field */
3497 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE);
3498 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3499 free_eir_length -= 3;
3500 }
3501
3502 if (free_eir_length)
3503 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3504
3505 BTM_WriteEIR(p_buf);
3506 }
3507
3508 /*******************************************************************************
3509 *
3510 * Function bta_dm_eir_search_services
3511 *
3512 * Description This function searches services in received EIR
3513 *
3514 * Returns None
3515 *
3516 ******************************************************************************/
bta_dm_eir_search_services(tBTM_INQ_RESULTS * p_result,tBTA_SERVICE_MASK * p_services_to_search,tBTA_SERVICE_MASK * p_services_found)3517 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
3518 tBTA_SERVICE_MASK* p_services_to_search,
3519 tBTA_SERVICE_MASK* p_services_found) {
3520 tBTA_SERVICE_MASK service_index = 0;
3521 tBTM_EIR_SEARCH_RESULT result;
3522
3523 VLOG(1) << "BTA searching services in EIR of BDA:"
3524 << p_result->remote_bd_addr;
3525
3526 APPL_TRACE_DEBUG(" with services_to_search=0x%08X", *p_services_to_search);
3527
3528 /* always do GATT based service discovery by SDP instead of from EIR */
3529 /* if GATT based service is also to be put in EIR, need to modify this */
3530 while (service_index < (BTA_MAX_SERVICE_ID - 1)) {
3531 if (*p_services_to_search &
3532 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))) {
3533 result = BTM_HasInquiryEirService(
3534 p_result, bta_service_id_to_uuid_lkup_tbl[service_index]);
3535
3536 /* Searching for HSP v1.2 only device */
3537 if ((result != BTM_EIR_FOUND) &&
3538 (bta_service_id_to_uuid_lkup_tbl[service_index] ==
3539 UUID_SERVCLASS_HEADSET)) {
3540 result = BTM_HasInquiryEirService(p_result, UUID_SERVCLASS_HEADSET_HS);
3541 }
3542
3543 if (result == BTM_EIR_FOUND) {
3544 /* If Plug and Play service record, need to check to see if Broadcom
3545 * stack */
3546 /* However, EIR data doesn't have EXT_BRCM_VERSION so just skip it */
3547 if (bta_service_id_to_uuid_lkup_tbl[service_index] !=
3548 UUID_SERVCLASS_PNP_INFORMATION) {
3549 *p_services_found |= (tBTA_SERVICE_MASK)(
3550 BTA_SERVICE_ID_TO_SERVICE_MASK(service_index));
3551 /* remove the service from services to be searched */
3552 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3553 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3554 }
3555 } else if (result == BTM_EIR_NOT_FOUND) {
3556 /* remove the service from services to be searched */
3557 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3558 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3559 }
3560 }
3561
3562 service_index++;
3563 }
3564
3565 APPL_TRACE_ERROR(
3566 "BTA EIR search result, services_to_search=0x%08X, services_found=0x%08X",
3567 *p_services_to_search, *p_services_found);
3568 }
3569
3570 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3571 /*******************************************************************************
3572 *
3573 * Function bta_dm_eir_update_uuid
3574 *
3575 * Description This function adds or removes service UUID in EIR database.
3576 *
3577 * Returns None
3578 *
3579 ******************************************************************************/
bta_dm_eir_update_uuid(uint16_t uuid16,bool adding)3580 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3581 /* if this UUID is not advertised in EIR */
3582 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3583
3584 if (adding) {
3585 APPL_TRACE_EVENT("Adding UUID=0x%04X into EIR", uuid16);
3586
3587 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3588 } else {
3589 APPL_TRACE_EVENT("Removing UUID=0x%04X from EIR", uuid16);
3590
3591 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16);
3592 }
3593
3594 bta_dm_set_eir(NULL);
3595
3596 APPL_TRACE_EVENT("bta_dm_eir_update_uuid UUID bit mask=0x%08X %08X",
3597 bta_dm_cb.eir_uuid[1], bta_dm_cb.eir_uuid[0]);
3598 }
3599 #endif
3600
3601 /*******************************************************************************
3602 *
3603 * Function bta_dm_encrypt_cback
3604 *
3605 * Description link encryption complete callback.
3606 *
3607 * Returns None
3608 *
3609 ******************************************************************************/
bta_dm_encrypt_cback(const RawAddress * bd_addr,tBT_TRANSPORT transport,UNUSED_ATTR void * p_ref_data,tBTM_STATUS result)3610 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3611 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3612 tBTA_STATUS bta_status = BTA_SUCCESS;
3613 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL;
3614 uint8_t i;
3615
3616 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3617 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr &&
3618 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3619 break;
3620 }
3621
3622 if (i < bta_dm_cb.device_list.count) {
3623 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback;
3624 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL;
3625 }
3626
3627 switch (result) {
3628 case BTM_SUCCESS:
3629 break;
3630 case BTM_WRONG_MODE:
3631 bta_status = BTA_WRONG_MODE;
3632 break;
3633 case BTM_NO_RESOURCES:
3634 bta_status = BTA_NO_RESOURCES;
3635 break;
3636 case BTM_BUSY:
3637 bta_status = BTA_BUSY;
3638 break;
3639 default:
3640 bta_status = BTA_FAILURE;
3641 break;
3642 }
3643
3644 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x",
3645 bta_status, p_callback);
3646
3647 if (p_callback) {
3648 (*p_callback)(*bd_addr, transport, bta_status);
3649 }
3650 }
3651
3652 /**This function to encrypt the link */
bta_dm_set_encryption(const RawAddress & bd_addr,tBTA_TRANSPORT transport,tBTA_DM_ENCRYPT_CBACK * p_callback,tBTA_DM_BLE_SEC_ACT sec_act)3653 void bta_dm_set_encryption(const RawAddress& bd_addr, tBTA_TRANSPORT transport,
3654 tBTA_DM_ENCRYPT_CBACK* p_callback,
3655 tBTA_DM_BLE_SEC_ACT sec_act) {
3656 uint8_t i;
3657
3658 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo
3659 if (!p_callback) {
3660 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided");
3661 return;
3662 }
3663 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3664 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
3665 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3666 break;
3667 }
3668 if (i < bta_dm_cb.device_list.count) {
3669 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) {
3670 APPL_TRACE_ERROR("earlier enc was not done for same device");
3671 (*p_callback)(bd_addr, transport, BTA_BUSY);
3672 return;
3673 }
3674
3675 if (BTM_SetEncryption(bd_addr, transport, bta_dm_encrypt_cback, NULL,
3676 sec_act) == BTM_CMD_STARTED) {
3677 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = p_callback;
3678 }
3679 }
3680 }
3681
bta_dm_check_if_only_hd_connected(const RawAddress & peer_addr)3682 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3683 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3684
3685 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3686 // Check if profiles other than hid are connected
3687 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3688 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3689 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3690 bta_dm_conn_srvcs.conn_srvc[j].id);
3691 return false;
3692 }
3693 }
3694
3695 return true;
3696 }
3697
3698 /*******************************************************************************
3699 *
3700 * Function bta_dm_observe_results_cb
3701 *
3702 * Description Callback for BLE Observe result
3703 *
3704 *
3705 * Returns void
3706 *
3707 ******************************************************************************/
bta_dm_observe_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)3708 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
3709 uint16_t eir_len) {
3710 tBTA_DM_SEARCH result;
3711 tBTM_INQ_INFO* p_inq_info;
3712 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3713
3714 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3715 result.inq_res.rssi = p_inq->rssi;
3716 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3717 result.inq_res.inq_result_type = p_inq->inq_result_type;
3718 result.inq_res.device_type = p_inq->device_type;
3719 result.inq_res.flag = p_inq->flag;
3720 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3721 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3722 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3723 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3724 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3725 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3726
3727 /* application will parse EIR to find out remote device name */
3728 result.inq_res.p_eir = p_eir;
3729 result.inq_res.eir_len = eir_len;
3730
3731 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3732 if (p_inq_info != NULL) {
3733 /* initialize remt_name_not_required to false so that we get the name by
3734 * default */
3735 result.inq_res.remt_name_not_required = false;
3736 }
3737
3738 if (bta_dm_search_cb.p_scan_cback)
3739 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3740
3741 if (p_inq_info) {
3742 /* application indicates if it knows the remote name, inside the callback
3743 copy that to the inquiry data base*/
3744 if (result.inq_res.remt_name_not_required)
3745 p_inq_info->appl_knows_rem_name = true;
3746 }
3747 }
3748
3749 /*******************************************************************************
3750 *
3751 * Function bta_dm_observe_cmpl_cb
3752 *
3753 * Description Callback for BLE Observe complete
3754 *
3755 *
3756 * Returns void
3757 *
3758 ******************************************************************************/
bta_dm_observe_cmpl_cb(void * p_result)3759 static void bta_dm_observe_cmpl_cb(void* p_result) {
3760 tBTA_DM_SEARCH data;
3761
3762 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3763
3764 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3765 if (bta_dm_search_cb.p_scan_cback) {
3766 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3767 }
3768 }
3769
3770 /*******************************************************************************
3771 *
3772 * Function bta_dm_ble_smp_cback
3773 *
3774 * Description Callback for BLE SMP
3775 *
3776 *
3777 * Returns void
3778 *
3779 ******************************************************************************/
bta_dm_ble_smp_cback(tBTM_LE_EVT event,const RawAddress & bda,tBTM_LE_EVT_DATA * p_data)3780 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
3781 tBTM_LE_EVT_DATA* p_data) {
3782 tBTM_STATUS status = BTM_SUCCESS;
3783 tBTA_DM_SEC sec_event;
3784 char* p_name = NULL;
3785
3786 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
3787
3788 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
3789 switch (event) {
3790 case BTM_LE_IO_REQ_EVT:
3791 bta_dm_co_ble_io_req(
3792 bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
3793 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
3794 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
3795 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
3796 p_data->io_req.oob_data);
3797
3798 break;
3799
3800 case BTM_LE_SEC_REQUEST_EVT:
3801 sec_event.ble_req.bd_addr = bda;
3802 p_name = BTM_SecReadDevName(bda);
3803 if (p_name != NULL)
3804 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
3805 else
3806 sec_event.ble_req.bd_name[0] = 0;
3807 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
3808 break;
3809
3810 case BTM_LE_KEY_NOTIF_EVT:
3811 sec_event.key_notif.bd_addr = bda;
3812 p_name = BTM_SecReadDevName(bda);
3813 if (p_name != NULL)
3814 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN);
3815 else
3816 sec_event.key_notif.bd_name[0] = 0;
3817 sec_event.key_notif.passkey = p_data->key_notif;
3818 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
3819 break;
3820
3821 case BTM_LE_KEY_REQ_EVT:
3822 sec_event.ble_req.bd_addr = bda;
3823 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
3824 break;
3825
3826 case BTM_LE_OOB_REQ_EVT:
3827 sec_event.ble_req.bd_addr = bda;
3828 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
3829 break;
3830
3831 case BTM_LE_NC_REQ_EVT:
3832 sec_event.key_notif.bd_addr = bda;
3833 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
3834 (BD_NAME_LEN));
3835 sec_event.key_notif.passkey = p_data->key_notif;
3836 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
3837 break;
3838
3839 case BTM_LE_SC_OOB_REQ_EVT:
3840 sec_event.ble_req.bd_addr = bda;
3841 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
3842 break;
3843
3844 case BTM_LE_KEY_EVT:
3845 sec_event.ble_key.bd_addr = bda;
3846 sec_event.ble_key.key_type = p_data->key.key_type;
3847 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
3848 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
3849 break;
3850
3851 case BTM_LE_COMPLT_EVT:
3852 sec_event.auth_cmpl.bd_addr = bda;
3853 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
3854 &sec_event.auth_cmpl.addr_type);
3855 p_name = BTM_SecReadDevName(bda);
3856 if (p_name != NULL)
3857 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN));
3858 else
3859 sec_event.auth_cmpl.bd_name[0] = 0;
3860
3861 if (p_data->complt.reason != 0) {
3862 sec_event.auth_cmpl.fail_reason =
3863 BTA_DM_AUTH_CONVERT_SMP_CODE(((uint8_t)p_data->complt.reason));
3864
3865 if (btm_sec_is_a_bonded_dev(bda) &&
3866 p_data->complt.reason == SMP_CONN_TOUT) {
3867 // Bonded device failed to encrypt - to test this remove battery from
3868 // HID device right after connection, but before encryption is
3869 // established
3870 LOG(INFO) << __func__
3871 << ": bonded device disconnected when encrypting - no "
3872 "reason to unbond";
3873 } else {
3874 /* delete this device entry from Sec Dev DB */
3875 bta_dm_remove_sec_dev_entry(bda);
3876 }
3877
3878 } else {
3879 sec_event.auth_cmpl.success = true;
3880 if (!p_data->complt.smp_over_br)
3881 GATT_ConfigServiceChangeCCC(bda, true, BT_TRANSPORT_LE);
3882 }
3883
3884 if (bta_dm_cb.p_sec_cback) {
3885 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
3886 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
3887 }
3888 break;
3889
3890 default:
3891 status = BTM_NOT_AUTHORIZED;
3892 break;
3893 }
3894 return status;
3895 }
3896
3897 /*******************************************************************************
3898 *
3899 * Function bta_dm_ble_id_key_cback
3900 *
3901 * Description Callback for BLE local ID keys
3902 *
3903 *
3904 * Returns void
3905 *
3906 ******************************************************************************/
bta_dm_ble_id_key_cback(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)3907 static void bta_dm_ble_id_key_cback(uint8_t key_type,
3908 tBTM_BLE_LOCAL_KEYS* p_key) {
3909 uint8_t evt;
3910 tBTA_DM_SEC dm_key;
3911
3912 switch (key_type) {
3913 case BTM_BLE_KEY_TYPE_ID:
3914 case BTM_BLE_KEY_TYPE_ER:
3915 if (bta_dm_cb.p_sec_cback) {
3916 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
3917
3918 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT
3919 : BTA_DM_BLE_LOCAL_ER_EVT;
3920 bta_dm_cb.p_sec_cback(evt, &dm_key);
3921 }
3922 break;
3923
3924 default:
3925 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
3926 break;
3927 }
3928 return;
3929 }
3930
3931 /*******************************************************************************
3932 *
3933 * Function bta_dm_add_blekey
3934 *
3935 * Description This function adds an BLE Key to an security database entry.
3936 * This function shall only be called AFTER BTA_DmAddBleDevice
3937 * has been called.
3938 * It is normally called during host startup to restore all
3939 * required information stored in the NVRAM.
3940 *
3941 * Parameters:
3942 *
3943 ******************************************************************************/
bta_dm_add_blekey(const RawAddress & bd_addr,tBTA_LE_KEY_VALUE blekey,tBTA_LE_KEY_TYPE key_type)3944 void bta_dm_add_blekey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE blekey,
3945 tBTA_LE_KEY_TYPE key_type) {
3946 if (!BTM_SecAddBleKey(bd_addr, (tBTM_LE_KEY_VALUE*)&blekey, key_type)) {
3947 LOG(ERROR) << "BTA_DM: Error adding BLE Key for device " << bd_addr;
3948 }
3949 }
3950
3951 /*******************************************************************************
3952 *
3953 * Function bta_dm_add_ble_device
3954 *
3955 * Description This function adds an BLE device to an security database
3956 * entry.
3957 * It is normally called during host startup to restore all
3958 * required information stored in the NVRAM.
3959 *
3960 * Parameters:
3961 *
3962 ******************************************************************************/
bta_dm_add_ble_device(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_DEVICE_TYPE dev_type)3963 void bta_dm_add_ble_device(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
3964 tBT_DEVICE_TYPE dev_type) {
3965 if (!BTM_SecAddBleDevice(bd_addr, NULL, dev_type, addr_type)) {
3966 LOG(ERROR) << "BTA_DM: Error adding BLE Device for device " << bd_addr;
3967 }
3968 }
3969
3970 /*******************************************************************************
3971 *
3972 * Function bta_dm_add_ble_device
3973 *
3974 * Description This function adds an BLE device to an security database
3975 * entry.
3976 * It is normally called during host startup to restore all
3977 * required information stored in the NVRAM.
3978 *
3979 * Parameters:
3980 *
3981 ******************************************************************************/
bta_dm_ble_passkey_reply(const RawAddress & bd_addr,bool accept,uint32_t passkey)3982 void bta_dm_ble_passkey_reply(const RawAddress& bd_addr, bool accept,
3983 uint32_t passkey) {
3984 BTM_BlePasskeyReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
3985 passkey);
3986 }
3987
3988 /** This is response to SM numeric comparison request submitted to application.
3989 */
bta_dm_ble_confirm_reply(const RawAddress & bd_addr,bool accept)3990 void bta_dm_ble_confirm_reply(const RawAddress& bd_addr, bool accept) {
3991 BTM_BleConfirmReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED);
3992 }
3993
3994 /** This function set the preferred connection parameters */
bta_dm_ble_set_conn_params(const RawAddress & bd_addr,uint16_t conn_int_min,uint16_t conn_int_max,uint16_t slave_latency,uint16_t supervision_tout)3995 void bta_dm_ble_set_conn_params(const RawAddress& bd_addr,
3996 uint16_t conn_int_min, uint16_t conn_int_max,
3997 uint16_t slave_latency,
3998 uint16_t supervision_tout) {
3999 L2CA_AdjustConnectionIntervals(&conn_int_min, &conn_int_max,
4000 BTM_BLE_CONN_INT_MIN);
4001
4002 BTM_BleSetPrefConnParams(bd_addr, conn_int_min, conn_int_max, slave_latency,
4003 supervision_tout);
4004 }
4005
4006 /** This function set the preferred connection scan parameters */
bta_dm_ble_set_conn_scan_params(uint32_t scan_interval,uint32_t scan_window)4007 void bta_dm_ble_set_conn_scan_params(uint32_t scan_interval,
4008 uint32_t scan_window) {
4009 BTM_BleSetConnScanParams(scan_interval, scan_window);
4010 }
4011
4012 /** This function update LE connection parameters */
bta_dm_ble_update_conn_params(const RawAddress & bd_addr,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)4013 void bta_dm_ble_update_conn_params(const RawAddress& bd_addr, uint16_t min_int,
4014 uint16_t max_int, uint16_t latency,
4015 uint16_t timeout, uint16_t min_ce_len,
4016 uint16_t max_ce_len) {
4017 L2CA_AdjustConnectionIntervals(&min_int, &max_int, BTM_BLE_CONN_INT_MIN);
4018
4019 if (!L2CA_UpdateBleConnParams(bd_addr, min_int, max_int, latency, timeout,
4020 min_ce_len, max_ce_len)) {
4021 APPL_TRACE_ERROR("Update connection parameters failed!");
4022 }
4023 }
4024
4025 #if (BLE_PRIVACY_SPT == TRUE)
4026 /** This function set the local device LE privacy settings. */
bta_dm_ble_config_local_privacy(bool privacy_enable)4027 void bta_dm_ble_config_local_privacy(bool privacy_enable) {
4028 BTM_BleConfigPrivacy(privacy_enable);
4029 }
4030 #endif
4031
bta_dm_ble_observe(bool start,uint8_t duration,tBTA_DM_SEARCH_CBACK * p_cback)4032 void bta_dm_ble_observe(bool start, uint8_t duration,
4033 tBTA_DM_SEARCH_CBACK* p_cback) {
4034 if (!start) {
4035 bta_dm_search_cb.p_scan_cback = NULL;
4036 BTM_BleObserve(false, 0, NULL, NULL);
4037 return;
4038 }
4039
4040 /*Save the callback to be called when a scan results are available */
4041 bta_dm_search_cb.p_scan_cback = p_cback;
4042 tBTM_STATUS status = BTM_BleObserve(true, duration, bta_dm_observe_results_cb,
4043 bta_dm_observe_cmpl_cb);
4044 if (status != BTM_CMD_STARTED) {
4045 tBTA_DM_SEARCH data;
4046 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
4047 status);
4048 data.inq_cmpl.num_resps = 0;
4049 if (bta_dm_search_cb.p_scan_cback) {
4050 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
4051 }
4052 }
4053 }
4054
4055 /** This function set the maximum transmission packet size */
bta_dm_ble_set_data_length(const RawAddress & bd_addr,uint16_t tx_data_length)4056 void bta_dm_ble_set_data_length(const RawAddress& bd_addr,
4057 uint16_t tx_data_length) {
4058 if (BTM_SetBleDataLength(bd_addr, tx_data_length) != BTM_SUCCESS) {
4059 APPL_TRACE_ERROR("%s failed", __func__);
4060 }
4061 }
4062
4063 /*******************************************************************************
4064 *
4065 * Function bta_ble_enable_scan_cmpl
4066 *
4067 * Description ADV payload filtering enable / disable complete callback
4068 *
4069 *
4070 * Returns None
4071 *
4072 ******************************************************************************/
bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTM_STATUS status)4073 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
4074 tBTM_BLE_RX_TIME_MS rx_time,
4075 tBTM_BLE_IDLE_TIME_MS idle_time,
4076 tBTM_BLE_ENERGY_USED energy_used,
4077 tBTM_STATUS status) {
4078 tBTA_STATUS st = (status == BTM_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4079 tBTA_DM_CONTRL_STATE ctrl_state = 0;
4080
4081 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
4082
4083 if (bta_dm_cb.p_energy_info_cback)
4084 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
4085 ctrl_state, st);
4086 }
4087
4088 /** This function obtains the energy info */
bta_dm_ble_get_energy_info(tBTA_BLE_ENERGY_INFO_CBACK * p_energy_info_cback)4089 void bta_dm_ble_get_energy_info(
4090 tBTA_BLE_ENERGY_INFO_CBACK* p_energy_info_cback) {
4091 bta_dm_cb.p_energy_info_cback = p_energy_info_cback;
4092 tBTM_STATUS btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
4093 if (BTM_CMD_STARTED != btm_status)
4094 bta_ble_energy_info_cmpl(0, 0, 0, 0, btm_status);
4095 }
4096
4097 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
4098 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
4099 #endif
4100
4101 /*******************************************************************************
4102 *
4103 * Function bta_dm_gattc_register
4104 *
4105 * Description Register with GATTC in DM if BLE is needed.
4106 *
4107 *
4108 * Returns void
4109 *
4110 ******************************************************************************/
bta_dm_gattc_register(void)4111 static void bta_dm_gattc_register(void) {
4112 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
4113 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
4114 base::Bind([](uint8_t client_id, uint8_t status) {
4115 if (status == GATT_SUCCESS)
4116 bta_dm_search_cb.client_if = client_id;
4117 else
4118 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
4119
4120 }));
4121 }
4122 }
4123
4124 /*******************************************************************************
4125 *
4126 * Function btm_dm_start_disc_gatt_services
4127 *
4128 * Description This function starts a GATT service search request.
4129 *
4130 * Parameters:
4131 *
4132 ******************************************************************************/
btm_dm_start_disc_gatt_services(uint16_t conn_id)4133 static void btm_dm_start_disc_gatt_services(uint16_t conn_id) {
4134 Uuid* p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4135 bta_dm_search_cb.uuid_to_search;
4136
4137 /* always search for all services */
4138 BTA_GATTC_ServiceSearchRequest(conn_id, p_uuid);
4139 }
4140
4141 /*******************************************************************************
4142 *
4143 * Function bta_dm_gatt_disc_result
4144 *
4145 * Description This function process the GATT service search result.
4146 *
4147 * Parameters:
4148 *
4149 ******************************************************************************/
bta_dm_gatt_disc_result(tBTA_GATT_ID service_id)4150 static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) {
4151 tBTA_DM_SEARCH result;
4152
4153 /*
4154 * This logic will not work for gatt case. We are checking against the
4155 * bluetooth profiles here
4156 * just copy the GATTID in raw data field and send it across.
4157 */
4158
4159 if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) <
4160 bta_dm_search_cb.ble_raw_size) {
4161 APPL_TRACE_DEBUG(
4162 "ADDING BLE SERVICE uuid=%s, ble_ptr = 0x%x, ble_raw_used = 0x%x",
4163 service_id.uuid.ToString().c_str(), bta_dm_search_cb.p_ble_rawdata,
4164 bta_dm_search_cb.ble_raw_used);
4165
4166 if (bta_dm_search_cb.p_ble_rawdata) {
4167 // TODO(jpawlowski): the p_ble_raw data is only sent to btif_dm.cc, but is
4168 // never used there. Get rid of this code completly, or implement the
4169 // TODOs from btif_dm.cc
4170 memcpy((bta_dm_search_cb.p_ble_rawdata + bta_dm_search_cb.ble_raw_used),
4171 &service_id, sizeof(service_id));
4172
4173 bta_dm_search_cb.ble_raw_used += sizeof(service_id);
4174 } else {
4175 APPL_TRACE_ERROR("p_ble_rawdata is NULL");
4176 }
4177
4178 } else {
4179 APPL_TRACE_ERROR(
4180 "%s out of room to accomodate more service ids ble_raw_size = %d "
4181 "ble_raw_used = %d",
4182 __func__, bta_dm_search_cb.ble_raw_size, bta_dm_search_cb.ble_raw_used);
4183 }
4184
4185 LOG_INFO(LOG_TAG, "%s service_id_uuid_len=%zu", __func__,
4186 service_id.uuid.GetShortestRepresentationSize());
4187 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) {
4188 /* send result back to app now, one by one */
4189 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4190 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
4191 BD_NAME_LEN);
4192 result.disc_ble_res.service = service_id.uuid;
4193
4194 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
4195 }
4196 }
4197
4198 /*******************************************************************************
4199 *
4200 * Function bta_dm_gatt_disc_complete
4201 *
4202 * Description This function process the GATT service search complete.
4203 *
4204 * Parameters:
4205 *
4206 ******************************************************************************/
bta_dm_gatt_disc_complete(uint16_t conn_id,tGATT_STATUS status)4207 static void bta_dm_gatt_disc_complete(uint16_t conn_id, tGATT_STATUS status) {
4208 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
4209
4210 if (bta_dm_search_cb.uuid_to_search > 0) bta_dm_search_cb.uuid_to_search--;
4211
4212 if (status == GATT_SUCCESS && bta_dm_search_cb.uuid_to_search > 0) {
4213 btm_dm_start_disc_gatt_services(conn_id);
4214 } else {
4215 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4216
4217 bta_dm_search_cb.uuid_to_search = 0;
4218
4219 /* no more services to be discovered */
4220 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
4221 p_msg->disc_result.result.disc_res.result =
4222 (status == GATT_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4223 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
4224 bta_dm_search_cb.services_found);
4225 p_msg->disc_result.result.disc_res.services =
4226 bta_dm_search_cb.services_found;
4227 p_msg->disc_result.result.disc_res.num_uuids = 0;
4228 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
4229 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4230 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
4231 bta_dm_get_remname(), BD_NAME_LEN);
4232
4233 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
4234 if (bta_dm_search_cb.ble_raw_used > 0) {
4235 p_msg->disc_result.result.disc_res.p_raw_data =
4236 (uint8_t*)osi_malloc(bta_dm_search_cb.ble_raw_used);
4237
4238 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
4239 bta_dm_search_cb.p_ble_rawdata, bta_dm_search_cb.ble_raw_used);
4240
4241 p_msg->disc_result.result.disc_res.raw_data_size =
4242 bta_dm_search_cb.ble_raw_used;
4243 } else {
4244 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
4245 bta_dm_search_cb.p_ble_rawdata = 0;
4246 }
4247
4248 bta_sys_sendmsg(p_msg);
4249
4250 if (conn_id != GATT_INVALID_CONN_ID) {
4251 /* start a GATT channel close delay timer */
4252 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
4253 BTA_DM_GATT_CLOSE_DELAY_TOUT,
4254 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
4255 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
4256 }
4257 bta_dm_search_cb.gatt_disc_active = false;
4258 }
4259 }
4260
4261 /*******************************************************************************
4262 *
4263 * Function bta_dm_close_gatt_conn
4264 *
4265 * Description This function close the GATT connection after delay
4266 *timeout.
4267 *
4268 * Parameters:
4269 *
4270 ******************************************************************************/
bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG * p_data)4271 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
4272 if (bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID)
4273 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
4274
4275 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4276 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
4277 }
4278 /*******************************************************************************
4279 *
4280 * Function btm_dm_start_gatt_discovery
4281 *
4282 * Description This is GATT initiate the service search by open a GATT
4283 * connection first.
4284 *
4285 * Parameters:
4286 *
4287 ******************************************************************************/
btm_dm_start_gatt_discovery(const RawAddress & bd_addr)4288 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
4289 bta_dm_search_cb.gatt_disc_active = true;
4290
4291 /* connection is already open */
4292 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
4293 bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID) {
4294 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4295 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
4296 btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id);
4297 } else {
4298 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
4299 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4300 GATT_TRANSPORT_LE, true);
4301 } else {
4302 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4303 GATT_TRANSPORT_LE, false);
4304 }
4305 }
4306 }
4307
4308 /*******************************************************************************
4309 *
4310 * Function bta_dm_cancel_gatt_discovery
4311 *
4312 * Description This is GATT cancel the GATT service search.
4313 *
4314 * Parameters:
4315 *
4316 ******************************************************************************/
bta_dm_cancel_gatt_discovery(const RawAddress & bd_addr)4317 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) {
4318 if (bta_dm_search_cb.conn_id == GATT_INVALID_CONN_ID) {
4319 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true);
4320 }
4321
4322 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id, (tGATT_STATUS)GATT_ERROR);
4323 }
4324
4325 /*******************************************************************************
4326 *
4327 * Function bta_dm_proc_open_evt
4328 *
4329 * Description process BTA_GATTC_OPEN_EVT in DM.
4330 *
4331 * Parameters:
4332 *
4333 ******************************************************************************/
bta_dm_proc_open_evt(tBTA_GATTC_OPEN * p_data)4334 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
4335 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
4336 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
4337 << " connected_bda=" << p_data->remote_bda.address;
4338
4339 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
4340 p_data->conn_id, p_data->client_if, p_data->status);
4341
4342 bta_dm_search_cb.conn_id = p_data->conn_id;
4343
4344 if (p_data->status == GATT_SUCCESS) {
4345 btm_dm_start_disc_gatt_services(p_data->conn_id);
4346 } else {
4347 bta_dm_gatt_disc_complete(GATT_INVALID_CONN_ID, p_data->status);
4348 }
4349 }
4350
4351 /*******************************************************************************
4352 *
4353 * Function bta_dm_gattc_callback
4354 *
4355 * Description This is GATT client callback function used in DM.
4356 *
4357 * Parameters:
4358 *
4359 ******************************************************************************/
bta_dm_gattc_callback(tBTA_GATTC_EVT event,tBTA_GATTC * p_data)4360 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
4361 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
4362
4363 switch (event) {
4364 case BTA_GATTC_OPEN_EVT:
4365 bta_dm_proc_open_evt(&p_data->open);
4366 break;
4367
4368 case BTA_GATTC_SEARCH_RES_EVT:
4369 bta_dm_gatt_disc_result(p_data->srvc_res.service_uuid);
4370 break;
4371
4372 case BTA_GATTC_SEARCH_CMPL_EVT:
4373 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
4374 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
4375 p_data->search_cmpl.status);
4376 break;
4377
4378 case BTA_GATTC_CLOSE_EVT:
4379 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
4380 /* in case of disconnect before search is completed */
4381 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
4382 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
4383 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
4384 bta_dm_gatt_disc_complete((uint16_t)GATT_INVALID_CONN_ID,
4385 (tGATT_STATUS)GATT_ERROR);
4386 }
4387 break;
4388
4389 default:
4390 break;
4391 }
4392 }
4393
4394 #if (BLE_VND_INCLUDED == TRUE)
4395 /*******************************************************************************
4396 *
4397 * Function bta_dm_ctrl_features_rd_cmpl_cback
4398 *
4399 * Description callback to handle controller feature read complete
4400 *
4401 * Parameters:
4402 *
4403 ******************************************************************************/
bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result)4404 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result) {
4405 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
4406 if (result == BTM_SUCCESS) {
4407 if (bta_dm_cb.p_sec_cback)
4408 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
4409 } else {
4410 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
4411 result);
4412 }
4413 }
4414 #endif /* BLE_VND_INCLUDED */
4415