1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains functions relating to BLE management.
22 *
23 ******************************************************************************/
24
25 #include <base/logging.h>
26 #include <base/strings/stringprintf.h>
27 #include <string.h>
28 #include "bt_target.h"
29 #include "bt_utils.h"
30 #include "bta_hearing_aid_api.h"
31 #include "btm_int.h"
32 #include "btu.h"
33 #include "device/include/controller.h"
34 #include "hcimsgs.h"
35 #include "l2c_api.h"
36 #include "l2c_int.h"
37 #include "l2cdefs.h"
38 #include "log/log.h"
39 #include "osi/include/osi.h"
40 #include "stack/gatt/connection_manager.h"
41 #include "stack_config.h"
42
43 using base::StringPrintf;
44
45 static void l2cble_start_conn_update(tL2C_LCB* p_lcb);
46
47 /*******************************************************************************
48 *
49 * Function L2CA_CancelBleConnectReq
50 *
51 * Description Cancel a pending connection attempt to a BLE device.
52 *
53 * Parameters: BD Address of remote
54 *
55 * Return value: true if connection was cancelled
56 *
57 ******************************************************************************/
L2CA_CancelBleConnectReq(const RawAddress & rem_bda)58 bool L2CA_CancelBleConnectReq(const RawAddress& rem_bda) {
59 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
60
61 tACL_CONN* p_acl = btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE);
62 if (p_acl) {
63 if (p_lcb != NULL && p_lcb->link_state == LST_CONNECTING) {
64 L2CAP_TRACE_WARNING("%s - disconnecting the LE link", __func__);
65 L2CA_RemoveFixedChnl(L2CAP_ATT_CID, rem_bda);
66 return (true);
67 }
68 }
69
70 connection_manager::direct_connect_remove(CONN_MGR_ID_L2CAP, rem_bda);
71
72 /* Do not remove lcb if an LE link is already up as a peripheral */
73 if (p_lcb != NULL &&
74 !(p_lcb->link_role == HCI_ROLE_SLAVE &&
75 btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE) != NULL)) {
76 p_lcb->disc_reason = L2CAP_CONN_CANCEL;
77 l2cu_release_lcb(p_lcb);
78 }
79 return (true);
80 }
81
82 /*******************************************************************************
83 *
84 * Function L2CA_UpdateBleConnParams
85 *
86 * Description Update BLE connection parameters.
87 *
88 * Parameters: BD Address of remote
89 *
90 * Return value: true if update started
91 *
92 ******************************************************************************/
L2CA_UpdateBleConnParams(const RawAddress & rem_bda,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)93 bool L2CA_UpdateBleConnParams(const RawAddress& rem_bda, uint16_t min_int,
94 uint16_t max_int, uint16_t latency,
95 uint16_t timeout, uint16_t min_ce_len,
96 uint16_t max_ce_len) {
97 tL2C_LCB* p_lcb;
98 tACL_CONN* p_acl_cb = btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE);
99
100 /* See if we have a link control block for the remote device */
101 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
102
103 /* If we don't have one, create one and accept the connection. */
104 if (!p_lcb || !p_acl_cb) {
105 LOG(WARNING) << __func__ << " - unknown BD_ADDR " << rem_bda;
106 return (false);
107 }
108
109 if (p_lcb->transport != BT_TRANSPORT_LE) {
110 LOG(WARNING) << __func__ << " - BD_ADDR " << rem_bda << " not LE";
111 return (false);
112 }
113
114 VLOG(2) << __func__ << ": BD_ADDR=" << rem_bda << ", min_int=" << min_int
115 << ", max_int=" << max_int << ", min_ce_len=" << min_ce_len
116 << ", max_ce_len=" << max_ce_len;
117
118 p_lcb->min_interval = min_int;
119 p_lcb->max_interval = max_int;
120 p_lcb->latency = latency;
121 p_lcb->timeout = timeout;
122 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
123 p_lcb->min_ce_len = min_ce_len;
124 p_lcb->max_ce_len = max_ce_len;
125
126 l2cble_start_conn_update(p_lcb);
127
128 return (true);
129 }
130
L2CA_UpdateBleConnParams(const RawAddress & rem_bda,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout)131 bool L2CA_UpdateBleConnParams(const RawAddress& rem_bda, uint16_t min_int,
132 uint16_t max_int, uint16_t latency,
133 uint16_t timeout) {
134 return L2CA_UpdateBleConnParams(rem_bda, min_int, max_int, latency, timeout,
135 0, 0);
136 }
137
138 /*******************************************************************************
139 *
140 * Function L2CA_EnableUpdateBleConnParams
141 *
142 * Description Enable or disable update based on the request from the peer
143 *
144 * Parameters: BD Address of remote
145 *
146 * Return value: true if update started
147 *
148 ******************************************************************************/
L2CA_EnableUpdateBleConnParams(const RawAddress & rem_bda,bool enable)149 bool L2CA_EnableUpdateBleConnParams(const RawAddress& rem_bda, bool enable) {
150 if (stack_config_get_interface()->get_pts_conn_updates_disabled())
151 return false;
152
153 tL2C_LCB* p_lcb;
154
155 /* See if we have a link control block for the remote device */
156 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
157
158 if (!p_lcb) {
159 LOG(WARNING) << __func__ << " - unknown BD_ADDR " << rem_bda;
160 return false;
161 }
162
163 VLOG(2) << __func__ << " - BD_ADDR " << rem_bda
164 << StringPrintf(" enable %d current upd state 0x%02x", enable,
165 p_lcb->conn_update_mask);
166
167 if (p_lcb->transport != BT_TRANSPORT_LE) {
168 LOG(WARNING) << __func__ << " - BD_ADDR " << rem_bda
169 << " not LE, link role " << p_lcb->link_role;
170 return false;
171 }
172
173 if (enable)
174 p_lcb->conn_update_mask &= ~L2C_BLE_CONN_UPDATE_DISABLE;
175 else
176 p_lcb->conn_update_mask |= L2C_BLE_CONN_UPDATE_DISABLE;
177
178 l2cble_start_conn_update(p_lcb);
179
180 return (true);
181 }
182
183 /*******************************************************************************
184 *
185 * Function L2CA_GetBleConnRole
186 *
187 * Description This function returns the connection role.
188 *
189 * Returns link role.
190 *
191 ******************************************************************************/
L2CA_GetBleConnRole(const RawAddress & bd_addr)192 uint8_t L2CA_GetBleConnRole(const RawAddress& bd_addr) {
193 uint8_t role = HCI_ROLE_UNKNOWN;
194
195 tL2C_LCB* p_lcb;
196
197 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
198 if (p_lcb != NULL) role = p_lcb->link_role;
199
200 return role;
201 }
202 /*******************************************************************************
203 *
204 * Function L2CA_GetDisconnectReason
205 *
206 * Description This function returns the disconnect reason code.
207 *
208 * Returns disconnect reason
209 *
210 ******************************************************************************/
L2CA_GetDisconnectReason(const RawAddress & remote_bda,tBT_TRANSPORT transport)211 uint16_t L2CA_GetDisconnectReason(const RawAddress& remote_bda,
212 tBT_TRANSPORT transport) {
213 tL2C_LCB* p_lcb;
214 uint16_t reason = 0;
215
216 p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, transport);
217 if (p_lcb != NULL) reason = p_lcb->disc_reason;
218
219 L2CAP_TRACE_DEBUG("L2CA_GetDisconnectReason=%d ", reason);
220
221 return reason;
222 }
223
224 /*******************************************************************************
225 *
226 * Function l2cble_notify_le_connection
227 *
228 * Description This function notifiy the l2cap connection to the app layer
229 *
230 * Returns none
231 *
232 ******************************************************************************/
l2cble_notify_le_connection(const RawAddress & bda)233 void l2cble_notify_le_connection(const RawAddress& bda) {
234 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
235 tACL_CONN* p_acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
236 tL2C_CCB* p_ccb;
237
238 if (p_lcb != NULL && p_acl != NULL && p_lcb->link_state != LST_CONNECTED) {
239 /* update link status */
240 btm_establish_continue(p_acl);
241 /* update l2cap link status and send callback */
242 p_lcb->link_state = LST_CONNECTED;
243 l2cu_process_fixed_chnl_resp(p_lcb);
244 }
245
246 if (p_lcb != NULL) {
247 /* For all channels, send the event through their FSMs */
248 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
249 p_ccb = p_ccb->p_next_ccb) {
250 if (p_ccb->chnl_state == CST_CLOSED)
251 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, NULL);
252 }
253 }
254 }
255
256 /** This function is called when an HCI Connection Complete event is received.
257 */
l2cble_conn_comp(uint16_t handle,uint8_t role,const RawAddress & bda,tBLE_ADDR_TYPE type,uint16_t conn_interval,uint16_t conn_latency,uint16_t conn_timeout)258 void l2cble_conn_comp(uint16_t handle, uint8_t role, const RawAddress& bda,
259 tBLE_ADDR_TYPE type, uint16_t conn_interval,
260 uint16_t conn_latency, uint16_t conn_timeout) {
261 btm_ble_update_link_topology_mask(role, true);
262
263 // role == HCI_ROLE_MASTER => scanner completed connection
264 // role == HCI_ROLE_SLAVE => advertiser completed connection
265
266 L2CAP_TRACE_DEBUG(
267 "%s: HANDLE=%d addr_type=%d conn_interval=%d "
268 "slave_latency=%d supervision_tout=%d",
269 __func__, handle, type, conn_interval, conn_latency, conn_timeout);
270
271 /* See if we have a link control block for the remote device */
272 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
273
274 /* If we don't have one, create one. this is auto connection complete. */
275 if (!p_lcb) {
276 p_lcb = l2cu_allocate_lcb(bda, false, BT_TRANSPORT_LE);
277 if (!p_lcb) {
278 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
279 LOG(ERROR) << __func__ << "failed to allocate LCB";
280 return;
281 } else {
282 if (!l2cu_initialize_fixed_ccb(
283 p_lcb, L2CAP_ATT_CID,
284 &l2cb.fixed_reg[L2CAP_ATT_CID - L2CAP_FIRST_FIXED_CHNL]
285 .fixed_chnl_opts)) {
286 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
287 LOG(WARNING) << __func__ << "LCB but no CCB";
288 return;
289 }
290 }
291 } else if (role == HCI_ROLE_MASTER && p_lcb->link_state != LST_CONNECTING) {
292 LOG(ERROR) << "L2CAP got BLE scanner conn_comp in bad state: "
293 << +p_lcb->link_state;
294 return;
295 }
296
297 if (role == HCI_ROLE_MASTER) alarm_cancel(p_lcb->l2c_lcb_timer);
298
299 /* Save the handle */
300 p_lcb->handle = handle;
301
302 /* Connected OK. Change state to connected, we were scanning so we are master
303 */
304 p_lcb->link_role = role;
305 p_lcb->transport = BT_TRANSPORT_LE;
306
307 /* update link parameter, set slave link as non-spec default upon link up */
308 p_lcb->min_interval = p_lcb->max_interval = conn_interval;
309 p_lcb->timeout = conn_timeout;
310 p_lcb->latency = conn_latency;
311 p_lcb->conn_update_mask = L2C_BLE_NOT_DEFAULT_PARAM;
312
313 /* Tell BTM Acl management about the link */
314 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(bda);
315 btm_acl_created(bda, NULL, p_dev_rec->sec_bd_name, handle, p_lcb->link_role,
316 BT_TRANSPORT_LE);
317
318 p_lcb->peer_chnl_mask[0] = L2CAP_FIXED_CHNL_ATT_BIT |
319 L2CAP_FIXED_CHNL_BLE_SIG_BIT |
320 L2CAP_FIXED_CHNL_SMP_BIT;
321
322 #if (BLE_PRIVACY_SPT == TRUE)
323 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, true);
324 #endif
325
326 if (role == HCI_ROLE_SLAVE) {
327 if (!HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(
328 controller_get_interface()->get_features_ble()->as_array)) {
329 p_lcb->link_state = LST_CONNECTED;
330 l2cu_process_fixed_chnl_resp(p_lcb);
331 }
332 }
333 }
334
335 /*******************************************************************************
336 *
337 * Function l2cble_start_conn_update
338 *
339 * Description Start the BLE connection parameter update process based on
340 * status.
341 *
342 * Parameters: lcb : l2cap link control block
343 *
344 * Return value: none
345 *
346 ******************************************************************************/
l2cble_start_conn_update(tL2C_LCB * p_lcb)347 static void l2cble_start_conn_update(tL2C_LCB* p_lcb) {
348 uint16_t min_conn_int, max_conn_int, slave_latency, supervision_tout;
349 tACL_CONN* p_acl_cb = btm_bda_to_acl(p_lcb->remote_bd_addr, BT_TRANSPORT_LE);
350 if (!p_acl_cb) {
351 LOG(ERROR) << "No known connection ACL for " << p_lcb->remote_bd_addr;
352 return;
353 }
354
355 // TODO(armansito): The return value of this call wasn't being used but the
356 // logic of this function might be depending on its side effects. We should
357 // verify if this call is needed at all and remove it otherwise.
358 btm_find_or_alloc_dev(p_lcb->remote_bd_addr);
359
360 if (p_lcb->conn_update_mask & L2C_BLE_UPDATE_PENDING) return;
361
362 if (p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) {
363 /* application requests to disable parameters update.
364 If parameters are already updated, lets set them
365 up to what has been requested during connection establishement */
366 if (p_lcb->conn_update_mask & L2C_BLE_NOT_DEFAULT_PARAM &&
367 /* current connection interval is greater than default min */
368 p_lcb->min_interval > BTM_BLE_CONN_INT_MIN) {
369 /* use 7.5 ms as fast connection parameter, 0 slave latency */
370 min_conn_int = max_conn_int = BTM_BLE_CONN_INT_MIN;
371
372 L2CA_AdjustConnectionIntervals(&min_conn_int, &max_conn_int,
373 BTM_BLE_CONN_INT_MIN);
374
375 slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
376 supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
377
378 /* if both side 4.1, or we are master device, send HCI command */
379 if (p_lcb->link_role == HCI_ROLE_MASTER
380 #if (BLE_LLT_INCLUDED == TRUE)
381 || (HCI_LE_CONN_PARAM_REQ_SUPPORTED(
382 controller_get_interface()->get_features_ble()->as_array) &&
383 HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
384 #endif
385 ) {
386 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, min_conn_int,
387 max_conn_int, slave_latency,
388 supervision_tout, 0, 0);
389 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
390 } else {
391 l2cu_send_peer_ble_par_req(p_lcb, min_conn_int, max_conn_int,
392 slave_latency, supervision_tout);
393 }
394 p_lcb->conn_update_mask &= ~L2C_BLE_NOT_DEFAULT_PARAM;
395 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
396 }
397 } else {
398 /* application allows to do update, if we were delaying one do it now */
399 if (p_lcb->conn_update_mask & L2C_BLE_NEW_CONN_PARAM) {
400 /* if both side 4.1, or we are master device, send HCI command */
401 if (p_lcb->link_role == HCI_ROLE_MASTER
402 #if (BLE_LLT_INCLUDED == TRUE)
403 || (HCI_LE_CONN_PARAM_REQ_SUPPORTED(
404 controller_get_interface()->get_features_ble()->as_array) &&
405 HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
406 #endif
407 ) {
408 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, p_lcb->min_interval,
409 p_lcb->max_interval, p_lcb->latency,
410 p_lcb->timeout, p_lcb->min_ce_len,
411 p_lcb->max_ce_len);
412 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
413 } else {
414 l2cu_send_peer_ble_par_req(p_lcb, p_lcb->min_interval,
415 p_lcb->max_interval, p_lcb->latency,
416 p_lcb->timeout);
417 }
418 p_lcb->conn_update_mask &= ~L2C_BLE_NEW_CONN_PARAM;
419 p_lcb->conn_update_mask |= L2C_BLE_NOT_DEFAULT_PARAM;
420 }
421 }
422 }
423
424 /*******************************************************************************
425 *
426 * Function l2cble_process_conn_update_evt
427 *
428 * Description This function enables the connection update request from
429 * remote after a successful connection update response is
430 * received.
431 *
432 * Returns void
433 *
434 ******************************************************************************/
l2cble_process_conn_update_evt(uint16_t handle,uint8_t status,uint16_t interval,uint16_t latency,uint16_t timeout)435 void l2cble_process_conn_update_evt(uint16_t handle, uint8_t status,
436 uint16_t interval, uint16_t latency,
437 uint16_t timeout) {
438 L2CAP_TRACE_DEBUG("%s", __func__);
439
440 /* See if we have a link control block for the remote device */
441 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
442 if (!p_lcb) {
443 L2CAP_TRACE_WARNING("%s: Invalid handle: %d", __func__, handle);
444 return;
445 }
446
447 p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
448
449 if (status != HCI_SUCCESS) {
450 L2CAP_TRACE_WARNING("%s: Error status: %d", __func__, status);
451 }
452
453 l2cble_start_conn_update(p_lcb);
454
455 L2CAP_TRACE_DEBUG("%s: conn_update_mask=%d", __func__,
456 p_lcb->conn_update_mask);
457 }
458
459 /*******************************************************************************
460 *
461 * Function l2cble_process_sig_cmd
462 *
463 * Description This function is called when a signalling packet is received
464 * on the BLE signalling CID
465 *
466 * Returns void
467 *
468 ******************************************************************************/
l2cble_process_sig_cmd(tL2C_LCB * p_lcb,uint8_t * p,uint16_t pkt_len)469 void l2cble_process_sig_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) {
470 uint8_t* p_pkt_end;
471 uint8_t cmd_code, id;
472 uint16_t cmd_len;
473 uint16_t min_interval, max_interval, latency, timeout;
474 tL2C_CONN_INFO con_info;
475 uint16_t lcid = 0, rcid = 0, mtu = 0, mps = 0, initial_credit = 0;
476 tL2C_CCB *p_ccb = NULL, *temp_p_ccb = NULL;
477 tL2C_RCB* p_rcb;
478 uint16_t credit;
479 p_pkt_end = p + pkt_len;
480
481 if (p + 4 > p_pkt_end) {
482 android_errorWriteLog(0x534e4554, "80261585");
483 LOG(ERROR) << "invalid read";
484 return;
485 }
486
487 STREAM_TO_UINT8(cmd_code, p);
488 STREAM_TO_UINT8(id, p);
489 STREAM_TO_UINT16(cmd_len, p);
490
491 /* Check command length does not exceed packet length */
492 if ((p + cmd_len) > p_pkt_end) {
493 L2CAP_TRACE_WARNING(
494 "L2CAP - LE - format error, pkt_len: %d cmd_len: %d code: %d",
495 pkt_len, cmd_len, cmd_code);
496 return;
497 }
498
499 switch (cmd_code) {
500 case L2CAP_CMD_REJECT:
501 p += 2;
502 break;
503
504 case L2CAP_CMD_ECHO_REQ:
505 case L2CAP_CMD_ECHO_RSP:
506 case L2CAP_CMD_INFO_RSP:
507 case L2CAP_CMD_INFO_REQ:
508 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
509 break;
510
511 case L2CAP_CMD_BLE_UPDATE_REQ:
512 if (p + 8 > p_pkt_end) {
513 android_errorWriteLog(0x534e4554, "80261585");
514 LOG(ERROR) << "invalid read";
515 return;
516 }
517
518 STREAM_TO_UINT16(min_interval, p); /* 0x0006 - 0x0C80 */
519 STREAM_TO_UINT16(max_interval, p); /* 0x0006 - 0x0C80 */
520 STREAM_TO_UINT16(latency, p); /* 0x0000 - 0x03E8 */
521 STREAM_TO_UINT16(timeout, p); /* 0x000A - 0x0C80 */
522 /* If we are a master, the slave wants to update the parameters */
523 if (p_lcb->link_role == HCI_ROLE_MASTER) {
524 L2CA_AdjustConnectionIntervals(&min_interval, &max_interval,
525 BTM_BLE_CONN_INT_MIN_LIMIT);
526
527 if (min_interval < BTM_BLE_CONN_INT_MIN ||
528 min_interval > BTM_BLE_CONN_INT_MAX ||
529 max_interval < BTM_BLE_CONN_INT_MIN ||
530 max_interval > BTM_BLE_CONN_INT_MAX ||
531 latency > BTM_BLE_CONN_LATENCY_MAX ||
532 /*(timeout >= max_interval && latency > (timeout * 10/(max_interval
533 * 1.25) - 1)) ||*/
534 timeout < BTM_BLE_CONN_SUP_TOUT_MIN ||
535 timeout > BTM_BLE_CONN_SUP_TOUT_MAX ||
536 max_interval < min_interval) {
537 l2cu_send_peer_ble_par_rsp(p_lcb, L2CAP_CFG_UNACCEPTABLE_PARAMS, id);
538 } else {
539 l2cu_send_peer_ble_par_rsp(p_lcb, L2CAP_CFG_OK, id);
540
541 p_lcb->min_interval = min_interval;
542 p_lcb->max_interval = max_interval;
543 p_lcb->latency = latency;
544 p_lcb->timeout = timeout;
545 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
546
547 l2cble_start_conn_update(p_lcb);
548 }
549 } else
550 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0,
551 0);
552 break;
553
554 case L2CAP_CMD_BLE_UPDATE_RSP:
555 p += 2;
556 break;
557
558 case L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ:
559 if (p + 10 > p_pkt_end) {
560 android_errorWriteLog(0x534e4554, "80261585");
561 LOG(ERROR) << "invalid read";
562 return;
563 }
564
565 STREAM_TO_UINT16(con_info.psm, p);
566 STREAM_TO_UINT16(rcid, p);
567 STREAM_TO_UINT16(mtu, p);
568 STREAM_TO_UINT16(mps, p);
569 STREAM_TO_UINT16(initial_credit, p);
570
571 L2CAP_TRACE_DEBUG(
572 "Recv L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ with "
573 "mtu = %d, "
574 "mps = %d, "
575 "initial credit = %d",
576 mtu, mps, initial_credit);
577
578 p_ccb = l2cu_find_ccb_by_remote_cid(p_lcb, rcid);
579 if (p_ccb) {
580 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for duplicated cid: 0x%04x",
581 rcid);
582 l2cu_reject_ble_connection(
583 p_lcb, id, L2CAP_LE_RESULT_SOURCE_CID_ALREADY_ALLOCATED);
584 break;
585 }
586
587 p_rcb = l2cu_find_ble_rcb_by_psm(con_info.psm);
588 if (p_rcb == NULL) {
589 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for unknown PSM: 0x%04x",
590 con_info.psm);
591 l2cu_reject_ble_connection(p_lcb, id, L2CAP_LE_RESULT_NO_PSM);
592 break;
593 } else {
594 if (!p_rcb->api.pL2CA_ConnectInd_Cb) {
595 L2CAP_TRACE_WARNING(
596 "L2CAP - rcvd conn req for outgoing-only connection PSM: %d",
597 con_info.psm);
598 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_PSM);
599 break;
600 }
601 }
602
603 /* Allocate a ccb for this.*/
604 p_ccb = l2cu_allocate_ccb(p_lcb, 0);
605 if (p_ccb == NULL) {
606 L2CAP_TRACE_ERROR("L2CAP - unable to allocate CCB");
607 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_RESOURCES);
608 break;
609 }
610
611 /* validate the parameters */
612 if (mtu < L2CAP_LE_MIN_MTU || mps < L2CAP_LE_MIN_MPS ||
613 mps > L2CAP_LE_MAX_MPS) {
614 L2CAP_TRACE_ERROR("L2CAP don't like the params");
615 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_RESOURCES);
616 break;
617 }
618
619 p_ccb->remote_id = id;
620 p_ccb->p_rcb = p_rcb;
621 p_ccb->remote_cid = rcid;
622
623 p_ccb->peer_conn_cfg.mtu = mtu;
624 p_ccb->peer_conn_cfg.mps = mps;
625 p_ccb->peer_conn_cfg.credits = initial_credit;
626
627 p_ccb->tx_mps = mps;
628 p_ccb->ble_sdu = NULL;
629 p_ccb->ble_sdu_length = 0;
630 p_ccb->is_first_seg = true;
631 p_ccb->peer_cfg.fcr.mode = L2CAP_FCR_LE_COC_MODE;
632
633 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_REQ, &con_info);
634 break;
635
636 case L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES:
637 L2CAP_TRACE_DEBUG("Recv L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES");
638 /* For all channels, see whose identifier matches this id */
639 for (temp_p_ccb = p_lcb->ccb_queue.p_first_ccb; temp_p_ccb;
640 temp_p_ccb = temp_p_ccb->p_next_ccb) {
641 if (temp_p_ccb->local_id == id) {
642 p_ccb = temp_p_ccb;
643 break;
644 }
645 }
646 if (p_ccb) {
647 L2CAP_TRACE_DEBUG("I remember the connection req");
648 if (p + 10 > p_pkt_end) {
649 android_errorWriteLog(0x534e4554, "80261585");
650 LOG(ERROR) << "invalid read";
651 return;
652 }
653
654 STREAM_TO_UINT16(p_ccb->remote_cid, p);
655 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.mtu, p);
656 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.mps, p);
657 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.credits, p);
658 STREAM_TO_UINT16(con_info.l2cap_result, p);
659 con_info.remote_cid = p_ccb->remote_cid;
660
661 L2CAP_TRACE_DEBUG(
662 "remote_cid = %d, "
663 "mtu = %d, "
664 "mps = %d, "
665 "initial_credit = %d, "
666 "con_info.l2cap_result = %d",
667 p_ccb->remote_cid, p_ccb->peer_conn_cfg.mtu,
668 p_ccb->peer_conn_cfg.mps, p_ccb->peer_conn_cfg.credits,
669 con_info.l2cap_result);
670
671 /* validate the parameters */
672 if (p_ccb->peer_conn_cfg.mtu < L2CAP_LE_MIN_MTU ||
673 p_ccb->peer_conn_cfg.mps < L2CAP_LE_MIN_MPS ||
674 p_ccb->peer_conn_cfg.mps > L2CAP_LE_MAX_MPS) {
675 L2CAP_TRACE_ERROR("L2CAP don't like the params");
676 con_info.l2cap_result = L2CAP_LE_RESULT_NO_RESOURCES;
677 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
678 break;
679 }
680
681 p_ccb->tx_mps = p_ccb->peer_conn_cfg.mps;
682 p_ccb->ble_sdu = NULL;
683 p_ccb->ble_sdu_length = 0;
684 p_ccb->is_first_seg = true;
685 p_ccb->peer_cfg.fcr.mode = L2CAP_FCR_LE_COC_MODE;
686
687 if (con_info.l2cap_result == L2CAP_LE_RESULT_CONN_OK)
688 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP, &con_info);
689 else
690 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
691 } else {
692 L2CAP_TRACE_DEBUG("I DO NOT remember the connection req");
693 con_info.l2cap_result = L2CAP_LE_RESULT_INVALID_SOURCE_CID;
694 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
695 }
696 break;
697
698 case L2CAP_CMD_BLE_FLOW_CTRL_CREDIT:
699 if (p + 4 > p_pkt_end) {
700 android_errorWriteLog(0x534e4554, "80261585");
701 LOG(ERROR) << "invalid read";
702 return;
703 }
704
705 STREAM_TO_UINT16(lcid, p);
706 p_ccb = l2cu_find_ccb_by_remote_cid(p_lcb, lcid);
707 if (p_ccb == NULL) {
708 L2CAP_TRACE_DEBUG("%s Credit received for unknown channel id %d",
709 __func__, lcid);
710 break;
711 }
712
713 STREAM_TO_UINT16(credit, p);
714 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_RECV_FLOW_CONTROL_CREDIT, &credit);
715 L2CAP_TRACE_DEBUG("%s Credit received", __func__);
716 break;
717
718 case L2CAP_CMD_DISC_REQ:
719 if (p + 4 > p_pkt_end) {
720 android_errorWriteLog(0x534e4554, "74121659");
721 return;
722 }
723 STREAM_TO_UINT16(lcid, p);
724 STREAM_TO_UINT16(rcid, p);
725
726 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid);
727 if (p_ccb != NULL) {
728 if (p_ccb->remote_cid == rcid) {
729 p_ccb->remote_id = id;
730 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_REQ, NULL);
731 }
732 } else
733 l2cu_send_peer_disc_rsp(p_lcb, id, lcid, rcid);
734
735 break;
736
737 case L2CAP_CMD_DISC_RSP:
738 if (p + 4 > p_pkt_end) {
739 android_errorWriteLog(0x534e4554, "80261585");
740 LOG(ERROR) << "invalid read";
741 return;
742 }
743 STREAM_TO_UINT16(rcid, p);
744 STREAM_TO_UINT16(lcid, p);
745
746 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid);
747 if (p_ccb != NULL) {
748 if ((p_ccb->remote_cid == rcid) && (p_ccb->local_id == id))
749 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_RSP, NULL);
750 }
751 break;
752
753 default:
754 L2CAP_TRACE_WARNING("L2CAP - LE - unknown cmd code: %d", cmd_code);
755 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
756 break;
757 }
758 }
759
760 /** This function is to initate a direct connection. Returns true if connection
761 * initiated, false otherwise. */
l2cble_create_conn(tL2C_LCB * p_lcb)762 bool l2cble_create_conn(tL2C_LCB* p_lcb) {
763 bool ret = connection_manager::direct_connect_add(CONN_MGR_ID_L2CAP,
764 p_lcb->remote_bd_addr);
765 if (!ret) return ret;
766
767 p_lcb->link_state = LST_CONNECTING;
768
769 // TODO: we should not need this timer at all, the connection failure should
770 // be reported from lower layer
771 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_BLE_LINK_CONNECT_TIMEOUT_MS,
772 l2c_lcb_timer_timeout, p_lcb);
773 return true;
774 }
775
776 /*******************************************************************************
777 *
778 * Function l2c_link_processs_ble_num_bufs
779 *
780 * Description This function is called when a "controller buffer size"
781 * event is first received from the controller. It updates
782 * the L2CAP values.
783 *
784 * Returns void
785 *
786 ******************************************************************************/
l2c_link_processs_ble_num_bufs(uint16_t num_lm_ble_bufs)787 void l2c_link_processs_ble_num_bufs(uint16_t num_lm_ble_bufs) {
788 if (num_lm_ble_bufs == 0) {
789 num_lm_ble_bufs = L2C_DEF_NUM_BLE_BUF_SHARED;
790 l2cb.num_lm_acl_bufs -= L2C_DEF_NUM_BLE_BUF_SHARED;
791 }
792
793 l2cb.num_lm_ble_bufs = l2cb.controller_le_xmit_window = num_lm_ble_bufs;
794 }
795
796 /*******************************************************************************
797 *
798 * Function l2c_ble_link_adjust_allocation
799 *
800 * Description This function is called when a link is created or removed
801 * to calculate the amount of packets each link may send to
802 * the HCI without an ack coming back.
803 *
804 * Currently, this is a simple allocation, dividing the
805 * number of Controller Packets by the number of links. In
806 * the future, QOS configuration should be examined.
807 *
808 * Returns void
809 *
810 ******************************************************************************/
l2c_ble_link_adjust_allocation(void)811 void l2c_ble_link_adjust_allocation(void) {
812 uint16_t qq, yy, qq_remainder;
813 tL2C_LCB* p_lcb;
814 uint16_t hi_quota, low_quota;
815 uint16_t num_lowpri_links = 0;
816 uint16_t num_hipri_links = 0;
817 uint16_t controller_xmit_quota = l2cb.num_lm_ble_bufs;
818 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
819
820 /* If no links active, reset buffer quotas and controller buffers */
821 if (l2cb.num_ble_links_active == 0) {
822 l2cb.controller_le_xmit_window = l2cb.num_lm_ble_bufs;
823 l2cb.ble_round_robin_quota = l2cb.ble_round_robin_unacked = 0;
824 return;
825 }
826
827 /* First, count the links */
828 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
829 if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
830 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
831 num_hipri_links++;
832 else
833 num_lowpri_links++;
834 }
835 }
836
837 /* now adjust high priority link quota */
838 low_quota = num_lowpri_links ? 1 : 0;
839 while ((num_hipri_links * high_pri_link_quota + low_quota) >
840 controller_xmit_quota)
841 high_pri_link_quota--;
842
843 /* Work out the xmit quota and buffer quota high and low priorities */
844 hi_quota = num_hipri_links * high_pri_link_quota;
845 low_quota =
846 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
847
848 /* Work out and save the HCI xmit quota for each low priority link */
849
850 /* If each low priority link cannot have at least one buffer */
851 if (num_lowpri_links > low_quota) {
852 l2cb.ble_round_robin_quota = low_quota;
853 qq = qq_remainder = 0;
854 }
855 /* If each low priority link can have at least one buffer */
856 else if (num_lowpri_links > 0) {
857 l2cb.ble_round_robin_quota = 0;
858 l2cb.ble_round_robin_unacked = 0;
859 qq = low_quota / num_lowpri_links;
860 qq_remainder = low_quota % num_lowpri_links;
861 }
862 /* If no low priority link */
863 else {
864 l2cb.ble_round_robin_quota = 0;
865 l2cb.ble_round_robin_unacked = 0;
866 qq = qq_remainder = 0;
867 }
868 L2CAP_TRACE_EVENT(
869 "l2c_ble_link_adjust_allocation num_hipri: %u num_lowpri: %u "
870 "low_quota: %u round_robin_quota: %u qq: %u",
871 num_hipri_links, num_lowpri_links, low_quota, l2cb.ble_round_robin_quota,
872 qq);
873
874 /* Now, assign the quotas to each link */
875 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
876 if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
877 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
878 p_lcb->link_xmit_quota = high_pri_link_quota;
879 } else {
880 /* Safety check in case we switched to round-robin with something
881 * outstanding */
882 /* if sent_not_acked is added into round_robin_unacked then don't add it
883 * again */
884 /* l2cap keeps updating sent_not_acked for exiting from round robin */
885 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
886 l2cb.ble_round_robin_unacked += p_lcb->sent_not_acked;
887
888 p_lcb->link_xmit_quota = qq;
889 if (qq_remainder > 0) {
890 p_lcb->link_xmit_quota++;
891 qq_remainder--;
892 }
893 }
894
895 L2CAP_TRACE_EVENT(
896 "l2c_ble_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d",
897 yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
898
899 L2CAP_TRACE_EVENT(" SentNotAcked: %d RRUnacked: %d",
900 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
901
902 /* There is a special case where we have readjusted the link quotas and */
903 /* this link may have sent anything but some other link sent packets so */
904 /* so we may need a timer to kick off this link's transmissions. */
905 if ((p_lcb->link_state == LST_CONNECTED) &&
906 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
907 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
908 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
909 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
910 l2c_lcb_timer_timeout, p_lcb);
911 }
912 }
913 }
914 }
915
916 #if (BLE_LLT_INCLUDED == TRUE)
917 /*******************************************************************************
918 *
919 * Function l2cble_process_rc_param_request_evt
920 *
921 * Description process LE Remote Connection Parameter Request Event.
922 *
923 * Returns void
924 *
925 ******************************************************************************/
l2cble_process_rc_param_request_evt(uint16_t handle,uint16_t int_min,uint16_t int_max,uint16_t latency,uint16_t timeout)926 void l2cble_process_rc_param_request_evt(uint16_t handle, uint16_t int_min,
927 uint16_t int_max, uint16_t latency,
928 uint16_t timeout) {
929 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
930
931 if (p_lcb != NULL) {
932 p_lcb->min_interval = int_min;
933 p_lcb->max_interval = int_max;
934 p_lcb->latency = latency;
935 p_lcb->timeout = timeout;
936
937 /* if update is enabled, always accept connection parameter update */
938 if ((p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) == 0) {
939 btsnd_hcic_ble_rc_param_req_reply(handle, int_min, int_max, latency,
940 timeout, 0, 0);
941 } else {
942 L2CAP_TRACE_EVENT("L2CAP - LE - update currently disabled");
943 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
944 btsnd_hcic_ble_rc_param_req_neg_reply(handle,
945 HCI_ERR_UNACCEPT_CONN_INTERVAL);
946 }
947
948 } else {
949 L2CAP_TRACE_WARNING("No link to update connection parameter")
950 }
951 }
952 #endif
953
954 /*******************************************************************************
955 *
956 * Function l2cble_update_data_length
957 *
958 * Description This function update link tx data length if applicable
959 *
960 * Returns void
961 *
962 ******************************************************************************/
l2cble_update_data_length(tL2C_LCB * p_lcb)963 void l2cble_update_data_length(tL2C_LCB* p_lcb) {
964 uint16_t tx_mtu = 0;
965 uint16_t i = 0;
966
967 L2CAP_TRACE_DEBUG("%s", __func__);
968
969 /* See if we have a link control block for the connection */
970 if (p_lcb == NULL) return;
971
972 for (i = 0; i < L2CAP_NUM_FIXED_CHNLS; i++) {
973 if (i + L2CAP_FIRST_FIXED_CHNL != L2CAP_BLE_SIGNALLING_CID) {
974 if ((p_lcb->p_fixed_ccbs[i] != NULL) &&
975 (tx_mtu < (p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD)))
976 tx_mtu = p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD;
977 }
978 }
979
980 if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) tx_mtu = BTM_BLE_DATA_SIZE_MAX;
981
982 /* update TX data length if changed */
983 if (p_lcb->tx_data_len != tx_mtu)
984 BTM_SetBleDataLength(p_lcb->remote_bd_addr, tx_mtu);
985 }
986
987 /*******************************************************************************
988 *
989 * Function l2cble_process_data_length_change_evt
990 *
991 * Description This function process the data length change event
992 *
993 * Returns void
994 *
995 ******************************************************************************/
l2cble_process_data_length_change_event(uint16_t handle,uint16_t tx_data_len,uint16_t rx_data_len)996 void l2cble_process_data_length_change_event(uint16_t handle,
997 uint16_t tx_data_len,
998 uint16_t rx_data_len) {
999 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1000
1001 L2CAP_TRACE_DEBUG("%s TX data len = %d", __func__, tx_data_len);
1002 if (p_lcb == NULL) return;
1003
1004 if (tx_data_len > 0) p_lcb->tx_data_len = tx_data_len;
1005
1006 /* ignore rx_data len for now */
1007 }
1008
1009 /*******************************************************************************
1010 *
1011 * Function l2cble_set_fixed_channel_tx_data_length
1012 *
1013 * Description This function update max fixed channel tx data length if
1014 * applicable
1015 *
1016 * Returns void
1017 *
1018 ******************************************************************************/
l2cble_set_fixed_channel_tx_data_length(const RawAddress & remote_bda,uint16_t fix_cid,uint16_t tx_mtu)1019 void l2cble_set_fixed_channel_tx_data_length(const RawAddress& remote_bda,
1020 uint16_t fix_cid,
1021 uint16_t tx_mtu) {
1022 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, BT_TRANSPORT_LE);
1023 uint16_t cid = fix_cid - L2CAP_FIRST_FIXED_CHNL;
1024
1025 L2CAP_TRACE_DEBUG("%s TX MTU = %d", __func__, tx_mtu);
1026
1027 if (!controller_get_interface()->supports_ble_packet_extension()) {
1028 L2CAP_TRACE_WARNING("%s, request not supported", __func__);
1029 return;
1030 }
1031
1032 /* See if we have a link control block for the connection */
1033 if (p_lcb == NULL) return;
1034
1035 if (p_lcb->p_fixed_ccbs[cid] != NULL) {
1036 if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) tx_mtu = BTM_BLE_DATA_SIZE_MAX;
1037
1038 p_lcb->p_fixed_ccbs[cid]->tx_data_len = tx_mtu;
1039 }
1040
1041 l2cble_update_data_length(p_lcb);
1042 }
1043
1044 /*******************************************************************************
1045 *
1046 * Function l2cble_credit_based_conn_req
1047 *
1048 * Description This function sends LE Credit Based Connection Request for
1049 * LE connection oriented channels.
1050 *
1051 * Returns void
1052 *
1053 ******************************************************************************/
l2cble_credit_based_conn_req(tL2C_CCB * p_ccb)1054 void l2cble_credit_based_conn_req(tL2C_CCB* p_ccb) {
1055 if (!p_ccb) return;
1056
1057 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1058 L2CAP_TRACE_WARNING("LE link doesn't exist");
1059 return;
1060 }
1061
1062 l2cu_send_peer_ble_credit_based_conn_req(p_ccb);
1063 return;
1064 }
1065
1066 /*******************************************************************************
1067 *
1068 * Function l2cble_credit_based_conn_res
1069 *
1070 * Description This function sends LE Credit Based Connection Response for
1071 * LE connection oriented channels.
1072 *
1073 * Returns void
1074 *
1075 ******************************************************************************/
l2cble_credit_based_conn_res(tL2C_CCB * p_ccb,uint16_t result)1076 void l2cble_credit_based_conn_res(tL2C_CCB* p_ccb, uint16_t result) {
1077 if (!p_ccb) return;
1078
1079 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1080 L2CAP_TRACE_WARNING("LE link doesn't exist");
1081 return;
1082 }
1083
1084 l2cu_send_peer_ble_credit_based_conn_res(p_ccb, result);
1085 return;
1086 }
1087
1088 /*******************************************************************************
1089 *
1090 * Function l2cble_send_flow_control_credit
1091 *
1092 * Description This function sends flow control credits for
1093 * LE connection oriented channels.
1094 *
1095 * Returns void
1096 *
1097 ******************************************************************************/
l2cble_send_flow_control_credit(tL2C_CCB * p_ccb,uint16_t credit_value)1098 void l2cble_send_flow_control_credit(tL2C_CCB* p_ccb, uint16_t credit_value) {
1099 if (!p_ccb) return;
1100
1101 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1102 L2CAP_TRACE_WARNING("LE link doesn't exist");
1103 return;
1104 }
1105
1106 l2cu_send_peer_ble_flow_control_credit(p_ccb, credit_value);
1107 return;
1108 }
1109
1110 /*******************************************************************************
1111 *
1112 * Function l2cble_send_peer_disc_req
1113 *
1114 * Description This function sends disconnect request
1115 * to the peer LE device
1116 *
1117 * Returns void
1118 *
1119 ******************************************************************************/
l2cble_send_peer_disc_req(tL2C_CCB * p_ccb)1120 void l2cble_send_peer_disc_req(tL2C_CCB* p_ccb) {
1121 L2CAP_TRACE_DEBUG("%s", __func__);
1122 if (!p_ccb) return;
1123
1124 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1125 L2CAP_TRACE_WARNING("LE link doesn't exist");
1126 return;
1127 }
1128
1129 l2cu_send_peer_ble_credit_based_disconn_req(p_ccb);
1130 return;
1131 }
1132
1133 /*******************************************************************************
1134 *
1135 * Function l2cble_sec_comp
1136 *
1137 * Description This function is called when security procedure for an LE
1138 * COC link is done
1139 *
1140 * Returns void
1141 *
1142 ******************************************************************************/
l2cble_sec_comp(const RawAddress * bda,tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)1143 void l2cble_sec_comp(const RawAddress* bda, tBT_TRANSPORT transport,
1144 void* p_ref_data, uint8_t status) {
1145 const RawAddress& p_bda = *bda;
1146 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, BT_TRANSPORT_LE);
1147 tL2CAP_SEC_DATA* p_buf = NULL;
1148 uint8_t sec_flag;
1149 uint8_t sec_act;
1150
1151 if (!p_lcb) {
1152 L2CAP_TRACE_WARNING("%s: security complete for unknown device. bda=%s",
1153 __func__, bda->ToString().c_str());
1154 return;
1155 }
1156
1157 sec_act = p_lcb->sec_act;
1158 p_lcb->sec_act = 0;
1159
1160 if (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) {
1161 p_buf = (tL2CAP_SEC_DATA*)fixed_queue_dequeue(p_lcb->le_sec_pending_q);
1162 if (!p_buf) {
1163 L2CAP_TRACE_WARNING(
1164 "%s Security complete for request not initiated from L2CAP",
1165 __func__);
1166 return;
1167 }
1168
1169 if (status != BTM_SUCCESS) {
1170 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1171 } else {
1172 if (sec_act == BTM_SEC_ENCRYPT_MITM) {
1173 BTM_GetSecurityFlagsByTransport(p_bda, &sec_flag, transport);
1174 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED)
1175 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1176 status);
1177 else {
1178 L2CAP_TRACE_DEBUG("%s MITM Protection Not present", __func__);
1179 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1180 BTM_FAILED_ON_SECURITY);
1181 }
1182 } else {
1183 L2CAP_TRACE_DEBUG("%s MITM Protection not required sec_act = %d",
1184 __func__, p_lcb->sec_act);
1185
1186 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1187 status);
1188 }
1189 }
1190 } else {
1191 L2CAP_TRACE_WARNING(
1192 "%s Security complete for request not initiated from L2CAP", __func__);
1193 return;
1194 }
1195 osi_free(p_buf);
1196
1197 while (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) {
1198 p_buf = (tL2CAP_SEC_DATA*)fixed_queue_dequeue(p_lcb->le_sec_pending_q);
1199
1200 if (status != BTM_SUCCESS)
1201 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1202 else
1203 l2ble_sec_access_req(p_bda, p_buf->psm, p_buf->is_originator,
1204 p_buf->p_callback, p_buf->p_ref_data);
1205
1206 osi_free(p_buf);
1207 }
1208 }
1209
1210 /*******************************************************************************
1211 *
1212 * Function l2ble_sec_access_req
1213 *
1214 * Description This function is called by LE COC link to meet the
1215 * security requirement for the link
1216 *
1217 * Returns Returns - L2CAP LE Connection Response Result Code.
1218 *
1219 ******************************************************************************/
l2ble_sec_access_req(const RawAddress & bd_addr,uint16_t psm,bool is_originator,tL2CAP_SEC_CBACK * p_callback,void * p_ref_data)1220 tL2CAP_LE_RESULT_CODE l2ble_sec_access_req(const RawAddress& bd_addr,
1221 uint16_t psm, bool is_originator,
1222 tL2CAP_SEC_CBACK* p_callback,
1223 void* p_ref_data) {
1224 L2CAP_TRACE_DEBUG("%s", __func__);
1225 tL2CAP_LE_RESULT_CODE result;
1226 tL2C_LCB* p_lcb = NULL;
1227
1228 if (!p_callback) {
1229 L2CAP_TRACE_ERROR("%s No callback function", __func__);
1230 return L2CAP_LE_RESULT_NO_RESOURCES;
1231 }
1232
1233 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1234
1235 if (!p_lcb) {
1236 L2CAP_TRACE_ERROR("%s Security check for unknown device", __func__);
1237 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_UNKNOWN_ADDR);
1238 return L2CAP_LE_RESULT_NO_RESOURCES;
1239 }
1240
1241 tL2CAP_SEC_DATA* p_buf =
1242 (tL2CAP_SEC_DATA*)osi_malloc((uint16_t)sizeof(tL2CAP_SEC_DATA));
1243 if (!p_buf) {
1244 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_NO_RESOURCES);
1245 return L2CAP_LE_RESULT_NO_RESOURCES;
1246 }
1247
1248 p_buf->psm = psm;
1249 p_buf->is_originator = is_originator;
1250 p_buf->p_callback = p_callback;
1251 p_buf->p_ref_data = p_ref_data;
1252 fixed_queue_enqueue(p_lcb->le_sec_pending_q, p_buf);
1253 result = btm_ble_start_sec_check(bd_addr, psm, is_originator,
1254 &l2cble_sec_comp, p_ref_data);
1255
1256 return result;
1257 }
1258
1259 /* This function is called to adjust the connection intervals based on various
1260 * constraints. For example, when there is at least one Hearing Aid device
1261 * bonded, the minimum interval is raised. On return, min_interval and
1262 * max_interval are updated. */
L2CA_AdjustConnectionIntervals(uint16_t * min_interval,uint16_t * max_interval,uint16_t floor_interval)1263 void L2CA_AdjustConnectionIntervals(uint16_t* min_interval,
1264 uint16_t* max_interval,
1265 uint16_t floor_interval) {
1266 uint16_t phone_min_interval = floor_interval;
1267
1268 if (HearingAid::GetDeviceCount() > 0) {
1269 // When there are bonded Hearing Aid devices, we will constrained this
1270 // minimum interval.
1271 phone_min_interval = BTM_BLE_CONN_INT_MIN_HEARINGAID;
1272 L2CAP_TRACE_DEBUG("%s: Have Hearing Aids. Min. interval is set to %d",
1273 __func__, phone_min_interval);
1274 }
1275
1276 if (*min_interval < phone_min_interval) {
1277 L2CAP_TRACE_DEBUG("%s: requested min_interval=%d too small. Set to %d",
1278 __func__, *min_interval, phone_min_interval);
1279 *min_interval = phone_min_interval;
1280 }
1281
1282 // While this could result in connection parameters that fall
1283 // outside fo the range requested, this will allow the connection
1284 // to remain established.
1285 // In other words, this is a workaround for certain peripherals.
1286 if (*max_interval < phone_min_interval) {
1287 L2CAP_TRACE_DEBUG("%s: requested max_interval=%d too small. Set to %d",
1288 __func__, *max_interval, phone_min_interval);
1289 *max_interval = phone_min_interval;
1290 }
1291 }
1292