1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include <base/bind.h>
31 #include <base/callback.h>
32 #include <base/location.h>
33 #include <base/logging.h>
34 #include <base/threading/thread.h>
35 #include <frameworks/base/core/proto/android/bluetooth/enums.pb.h>
36 #include <frameworks/base/core/proto/android/bluetooth/hci/enums.pb.h>
37 #include <log/log.h>
38 #include <statslog.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42
43 #include "bt_common.h"
44 #include "bt_types.h"
45 #include "bt_utils.h"
46 #include "btm_api.h"
47 #include "btm_int.h"
48 #include "btu.h"
49 #include "common/metrics.h"
50 #include "device/include/controller.h"
51 #include "hci_layer.h"
52 #include "hcimsgs.h"
53 #include "l2c_int.h"
54 #include "osi/include/log.h"
55 #include "osi/include/osi.h"
56
57 using base::Location;
58
59 extern void btm_process_cancel_complete(uint8_t status, uint8_t mode);
60 extern void btm_ble_test_command_complete(uint8_t* p);
61 extern void smp_cancel_start_encryption_attempt();
62
63 /******************************************************************************/
64 /* L O C A L F U N C T I O N P R O T O T Y P E S */
65 /******************************************************************************/
66 static void btu_hcif_inquiry_comp_evt(uint8_t* p);
67 static void btu_hcif_inquiry_result_evt(uint8_t* p);
68 static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p);
69 static void btu_hcif_extended_inquiry_result_evt(uint8_t* p);
70
71 static void btu_hcif_connection_comp_evt(uint8_t* p);
72 static void btu_hcif_connection_request_evt(uint8_t* p);
73 static void btu_hcif_disconnection_comp_evt(uint8_t* p);
74 static void btu_hcif_authentication_comp_evt(uint8_t* p);
75 static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len);
76 static void btu_hcif_encryption_change_evt(uint8_t* p);
77 static void btu_hcif_read_rmt_features_comp_evt(uint8_t* p);
78 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
79 uint8_t evt_len);
80 static void btu_hcif_read_rmt_version_comp_evt(uint8_t* p);
81 static void btu_hcif_qos_setup_comp_evt(uint8_t* p);
82 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
83 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
84 void* context);
85 static void btu_hcif_hardware_error_evt(uint8_t* p);
86 static void btu_hcif_flush_occured_evt(void);
87 static void btu_hcif_role_change_evt(uint8_t* p);
88 static void btu_hcif_num_compl_data_pkts_evt(uint8_t* p);
89 static void btu_hcif_mode_change_evt(uint8_t* p);
90 static void btu_hcif_pin_code_request_evt(uint8_t* p);
91 static void btu_hcif_link_key_request_evt(uint8_t* p);
92 static void btu_hcif_link_key_notification_evt(uint8_t* p);
93 static void btu_hcif_loopback_command_evt(void);
94 static void btu_hcif_data_buf_overflow_evt(void);
95 static void btu_hcif_max_slots_changed_evt(void);
96 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
97 static void btu_hcif_conn_pkt_type_change_evt(void);
98 static void btu_hcif_qos_violation_evt(uint8_t* p);
99 static void btu_hcif_page_scan_mode_change_evt(void);
100 static void btu_hcif_page_scan_rep_mode_chng_evt(void);
101 static void btu_hcif_esco_connection_comp_evt(uint8_t* p);
102 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
103
104 /* Simple Pairing Events */
105 static void btu_hcif_host_support_evt(uint8_t* p);
106 static void btu_hcif_io_cap_request_evt(uint8_t* p);
107 static void btu_hcif_io_cap_response_evt(uint8_t* p);
108 static void btu_hcif_user_conf_request_evt(uint8_t* p);
109 static void btu_hcif_user_passkey_request_evt(uint8_t* p);
110 static void btu_hcif_user_passkey_notif_evt(uint8_t* p);
111 static void btu_hcif_keypress_notif_evt(uint8_t* p);
112 static void btu_hcif_rem_oob_request_evt(uint8_t* p);
113
114 static void btu_hcif_simple_pair_complete_evt(uint8_t* p);
115 #if L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE
116 static void btu_hcif_enhanced_flush_complete_evt(void);
117 #endif
118
119 #if (BTM_SSR_INCLUDED == TRUE)
120 static void btu_hcif_ssr_evt(uint8_t* p, uint16_t evt_len);
121 #endif /* BTM_SSR_INCLUDED == TRUE */
122
123 static void btu_ble_ll_conn_complete_evt(uint8_t* p, uint16_t evt_len);
124 static void btu_ble_read_remote_feat_evt(uint8_t* p);
125 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len);
126 static void btu_ble_proc_ltk_req(uint8_t* p);
127 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
128 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len);
129 #if (BLE_LLT_INCLUDED == TRUE)
130 static void btu_ble_rc_param_req_evt(uint8_t* p);
131 #endif
132 #if (BLE_PRIVACY_SPT == TRUE)
133 static void btu_ble_proc_enhanced_conn_cmpl(uint8_t* p, uint16_t evt_len);
134 #endif
135
136 /**
137 * Log HCI event metrics that are not handled in special functions
138 * @param evt_code event code
139 * @param p_event pointer to event parameter, skipping paremter length
140 */
btu_hcif_log_event_metrics(uint8_t evt_code,uint8_t * p_event)141 void btu_hcif_log_event_metrics(uint8_t evt_code, uint8_t* p_event) {
142 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
143 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
144 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
145 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
146 int64_t value = 0;
147
148 RawAddress bda = RawAddress::kEmpty;
149 switch (evt_code) {
150 case HCI_IO_CAPABILITY_REQUEST_EVT:
151 case HCI_IO_CAPABILITY_RESPONSE_EVT:
152 case HCI_LINK_KEY_REQUEST_EVT:
153 case HCI_LINK_KEY_NOTIFICATION_EVT:
154 case HCI_USER_PASSKEY_REQUEST_EVT:
155 case HCI_USER_PASSKEY_NOTIFY_EVT:
156 case HCI_USER_CONFIRMATION_REQUEST_EVT:
157 case HCI_KEYPRESS_NOTIFY_EVT:
158 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
159 STREAM_TO_BDADDR(bda, p_event);
160 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, value);
161 break;
162 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
163 case HCI_RMT_NAME_REQUEST_COMP_EVT:
164 STREAM_TO_UINT8(status, p_event);
165 STREAM_TO_BDADDR(bda, p_event);
166 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, value);
167 break;
168 case HCI_AUTHENTICATION_COMP_EVT:
169 STREAM_TO_UINT8(status, p_event);
170 STREAM_TO_UINT16(handle, p_event);
171 handle = HCID_GET_HANDLE(handle);
172 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, value);
173 break;
174 case HCI_ENCRYPTION_CHANGE_EVT: {
175 uint8_t encryption_enabled;
176 STREAM_TO_UINT8(status, p_event);
177 STREAM_TO_UINT16(handle, p_event);
178 STREAM_TO_UINT8(encryption_enabled, p_event);
179 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, encryption_enabled);
180 break;
181 }
182 case HCI_CONNECTION_COMP_EVT: {
183 uint8_t link_type;
184 STREAM_TO_UINT8(status, p_event);
185 STREAM_TO_UINT16(handle, p_event);
186 STREAM_TO_BDADDR(bda, p_event);
187 STREAM_TO_UINT8(link_type, p_event);
188 handle = HCID_GET_HANDLE(handle);
189 bluetooth::common::LogLinkLayerConnectionEvent(
190 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
191 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
192 break;
193 }
194 case HCI_CONNECTION_REQUEST_EVT: {
195 DEV_CLASS dc;
196 uint8_t link_type;
197 STREAM_TO_BDADDR(bda, p_event);
198 STREAM_TO_DEVCLASS(dc, p_event);
199 STREAM_TO_UINT8(link_type, p_event);
200 bluetooth::common::LogLinkLayerConnectionEvent(
201 &bda, bluetooth::common::kUnknownConnectionHandle,
202 android::bluetooth::DIRECTION_INCOMING, link_type, cmd, evt_code,
203 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
204 break;
205 }
206 case HCI_DISCONNECTION_COMP_EVT: {
207 STREAM_TO_UINT8(status, p_event);
208 STREAM_TO_UINT16(handle, p_event);
209 STREAM_TO_UINT8(reason, p_event);
210 handle = HCID_GET_HANDLE(handle);
211 bluetooth::common::LogLinkLayerConnectionEvent(
212 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
213 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
214 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
215 break;
216 }
217 case HCI_ESCO_CONNECTION_COMP_EVT: {
218 uint8_t link_type;
219 STREAM_TO_UINT8(status, p_event);
220 STREAM_TO_UINT16(handle, p_event);
221 STREAM_TO_BDADDR(bda, p_event);
222 STREAM_TO_UINT8(link_type, p_event);
223 handle = HCID_GET_HANDLE(handle);
224 bluetooth::common::LogLinkLayerConnectionEvent(
225 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
226 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
227 break;
228 }
229 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
230 STREAM_TO_UINT8(status, p_event);
231 STREAM_TO_UINT16(handle, p_event);
232 handle = HCID_GET_HANDLE(handle);
233 bluetooth::common::LogLinkLayerConnectionEvent(
234 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
235 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
236 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
237 break;
238 }
239 }
240 }
241
242 /*******************************************************************************
243 *
244 * Function btu_hcif_process_event
245 *
246 * Description This function is called when an event is received from
247 * the Host Controller.
248 *
249 * Returns void
250 *
251 ******************************************************************************/
btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,BT_HDR * p_msg)252 void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_msg) {
253 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
254 uint8_t hci_evt_code, hci_evt_len;
255 uint8_t ble_sub_code;
256 STREAM_TO_UINT8(hci_evt_code, p);
257 STREAM_TO_UINT8(hci_evt_len, p);
258
259 btu_hcif_log_event_metrics(hci_evt_code, p);
260
261 switch (hci_evt_code) {
262 case HCI_INQUIRY_COMP_EVT:
263 btu_hcif_inquiry_comp_evt(p);
264 break;
265 case HCI_INQUIRY_RESULT_EVT:
266 btu_hcif_inquiry_result_evt(p);
267 break;
268 case HCI_INQUIRY_RSSI_RESULT_EVT:
269 btu_hcif_inquiry_rssi_result_evt(p);
270 break;
271 case HCI_EXTENDED_INQUIRY_RESULT_EVT:
272 btu_hcif_extended_inquiry_result_evt(p);
273 break;
274 case HCI_CONNECTION_COMP_EVT:
275 btu_hcif_connection_comp_evt(p);
276 break;
277 case HCI_CONNECTION_REQUEST_EVT:
278 btu_hcif_connection_request_evt(p);
279 break;
280 case HCI_DISCONNECTION_COMP_EVT:
281 btu_hcif_disconnection_comp_evt(p);
282 break;
283 case HCI_AUTHENTICATION_COMP_EVT:
284 btu_hcif_authentication_comp_evt(p);
285 break;
286 case HCI_RMT_NAME_REQUEST_COMP_EVT:
287 btu_hcif_rmt_name_request_comp_evt(p, hci_evt_len);
288 break;
289 case HCI_ENCRYPTION_CHANGE_EVT:
290 btu_hcif_encryption_change_evt(p);
291 break;
292 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
293 btu_hcif_encryption_key_refresh_cmpl_evt(p);
294 break;
295 case HCI_READ_RMT_FEATURES_COMP_EVT:
296 btu_hcif_read_rmt_features_comp_evt(p);
297 break;
298 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
299 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
300 break;
301 case HCI_READ_RMT_VERSION_COMP_EVT:
302 btu_hcif_read_rmt_version_comp_evt(p);
303 break;
304 case HCI_QOS_SETUP_COMP_EVT:
305 btu_hcif_qos_setup_comp_evt(p);
306 break;
307 case HCI_COMMAND_COMPLETE_EVT:
308 LOG_ERROR(LOG_TAG,
309 "%s should not have received a command complete event. "
310 "Someone didn't go through the hci transmit_command function.",
311 __func__);
312 break;
313 case HCI_COMMAND_STATUS_EVT:
314 LOG_ERROR(LOG_TAG,
315 "%s should not have received a command status event. "
316 "Someone didn't go through the hci transmit_command function.",
317 __func__);
318 break;
319 case HCI_HARDWARE_ERROR_EVT:
320 btu_hcif_hardware_error_evt(p);
321 break;
322 case HCI_FLUSH_OCCURED_EVT:
323 btu_hcif_flush_occured_evt();
324 break;
325 case HCI_ROLE_CHANGE_EVT:
326 btu_hcif_role_change_evt(p);
327 break;
328 case HCI_NUM_COMPL_DATA_PKTS_EVT:
329 btu_hcif_num_compl_data_pkts_evt(p);
330 break;
331 case HCI_MODE_CHANGE_EVT:
332 btu_hcif_mode_change_evt(p);
333 break;
334 case HCI_PIN_CODE_REQUEST_EVT:
335 btu_hcif_pin_code_request_evt(p);
336 break;
337 case HCI_LINK_KEY_REQUEST_EVT:
338 btu_hcif_link_key_request_evt(p);
339 break;
340 case HCI_LINK_KEY_NOTIFICATION_EVT:
341 btu_hcif_link_key_notification_evt(p);
342 break;
343 case HCI_LOOPBACK_COMMAND_EVT:
344 btu_hcif_loopback_command_evt();
345 break;
346 case HCI_DATA_BUF_OVERFLOW_EVT:
347 btu_hcif_data_buf_overflow_evt();
348 break;
349 case HCI_MAX_SLOTS_CHANGED_EVT:
350 btu_hcif_max_slots_changed_evt();
351 break;
352 case HCI_READ_CLOCK_OFF_COMP_EVT:
353 btu_hcif_read_clock_off_comp_evt(p);
354 break;
355 case HCI_CONN_PKT_TYPE_CHANGE_EVT:
356 btu_hcif_conn_pkt_type_change_evt();
357 break;
358 case HCI_QOS_VIOLATION_EVT:
359 btu_hcif_qos_violation_evt(p);
360 break;
361 case HCI_PAGE_SCAN_MODE_CHANGE_EVT:
362 btu_hcif_page_scan_mode_change_evt();
363 break;
364 case HCI_PAGE_SCAN_REP_MODE_CHNG_EVT:
365 btu_hcif_page_scan_rep_mode_chng_evt();
366 break;
367 case HCI_ESCO_CONNECTION_COMP_EVT:
368 btu_hcif_esco_connection_comp_evt(p);
369 break;
370 case HCI_ESCO_CONNECTION_CHANGED_EVT:
371 btu_hcif_esco_connection_chg_evt(p);
372 break;
373 #if (BTM_SSR_INCLUDED == TRUE)
374 case HCI_SNIFF_SUB_RATE_EVT:
375 btu_hcif_ssr_evt(p, hci_evt_len);
376 break;
377 #endif /* BTM_SSR_INCLUDED == TRUE */
378 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
379 btu_hcif_host_support_evt(p);
380 break;
381 case HCI_IO_CAPABILITY_REQUEST_EVT:
382 btu_hcif_io_cap_request_evt(p);
383 break;
384 case HCI_IO_CAPABILITY_RESPONSE_EVT:
385 btu_hcif_io_cap_response_evt(p);
386 break;
387 case HCI_USER_CONFIRMATION_REQUEST_EVT:
388 btu_hcif_user_conf_request_evt(p);
389 break;
390 case HCI_USER_PASSKEY_REQUEST_EVT:
391 btu_hcif_user_passkey_request_evt(p);
392 break;
393 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
394 btu_hcif_rem_oob_request_evt(p);
395 break;
396 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
397 btu_hcif_simple_pair_complete_evt(p);
398 break;
399 case HCI_USER_PASSKEY_NOTIFY_EVT:
400 btu_hcif_user_passkey_notif_evt(p);
401 break;
402 case HCI_KEYPRESS_NOTIFY_EVT:
403 btu_hcif_keypress_notif_evt(p);
404 break;
405 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE)
406 case HCI_ENHANCED_FLUSH_COMPLETE_EVT:
407 btu_hcif_enhanced_flush_complete_evt();
408 break;
409 #endif
410
411 case HCI_BLE_EVENT: {
412 STREAM_TO_UINT8(ble_sub_code, p);
413
414 HCI_TRACE_EVENT("BLE HCI(id=%d) event = 0x%02x)", hci_evt_code,
415 ble_sub_code);
416
417 uint8_t ble_evt_len = hci_evt_len - 1;
418 switch (ble_sub_code) {
419 case HCI_BLE_ADV_PKT_RPT_EVT: /* result of inquiry */
420 HCI_TRACE_EVENT("HCI_BLE_ADV_PKT_RPT_EVT");
421 btm_ble_process_adv_pkt(ble_evt_len, p);
422 break;
423 case HCI_BLE_CONN_COMPLETE_EVT:
424 btu_ble_ll_conn_complete_evt(p, hci_evt_len);
425 break;
426 case HCI_BLE_LL_CONN_PARAM_UPD_EVT:
427 btu_ble_ll_conn_param_upd_evt(p, hci_evt_len);
428 break;
429 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
430 btu_ble_read_remote_feat_evt(p);
431 break;
432 case HCI_BLE_LTK_REQ_EVT: /* received only at slave device */
433 btu_ble_proc_ltk_req(p);
434 break;
435 #if (BLE_PRIVACY_SPT == TRUE)
436 case HCI_BLE_ENHANCED_CONN_COMPLETE_EVT:
437 btu_ble_proc_enhanced_conn_cmpl(p, hci_evt_len);
438 break;
439 #endif
440 #if (BLE_LLT_INCLUDED == TRUE)
441 case HCI_BLE_RC_PARAM_REQ_EVT:
442 btu_ble_rc_param_req_evt(p);
443 break;
444 #endif
445 case HCI_BLE_DATA_LENGTH_CHANGE_EVT:
446 btu_ble_data_length_change_evt(p, hci_evt_len);
447 break;
448
449 case HCI_BLE_PHY_UPDATE_COMPLETE_EVT:
450 btm_ble_process_phy_update_pkt(ble_evt_len, p);
451 break;
452
453 case HCI_LE_EXTENDED_ADVERTISING_REPORT_EVT:
454 btm_ble_process_ext_adv_pkt(hci_evt_len, p);
455 break;
456
457 case HCI_LE_ADVERTISING_SET_TERMINATED_EVT:
458 btm_le_on_advertising_set_terminated(p, hci_evt_len);
459 break;
460 }
461 break;
462 }
463
464 case HCI_VENDOR_SPECIFIC_EVT:
465 btm_vendor_specific_evt(p, hci_evt_len);
466 break;
467 }
468 }
469
btu_hcif_log_command_metrics(uint16_t opcode,uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)470 static void btu_hcif_log_command_metrics(uint16_t opcode, uint8_t* p_cmd,
471 uint16_t cmd_status,
472 bool is_cmd_status) {
473 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
474
475 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
476 if (!is_cmd_status) {
477 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
478 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
479 }
480
481 RawAddress bd_addr;
482 uint16_t handle;
483 uint8_t reason;
484
485 switch (opcode) {
486 case HCI_CREATE_CONNECTION:
487 case HCI_CREATE_CONNECTION_CANCEL:
488 STREAM_TO_BDADDR(bd_addr, p_cmd);
489 bluetooth::common::LogLinkLayerConnectionEvent(
490 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
491 android::bluetooth::DIRECTION_OUTGOING,
492 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
493 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
494 break;
495 case HCI_DISCONNECT:
496 STREAM_TO_UINT16(handle, p_cmd);
497 STREAM_TO_UINT8(reason, p_cmd);
498 bluetooth::common::LogLinkLayerConnectionEvent(
499 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
500 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
501 kUnknownBleEvt, cmd_status, reason);
502 break;
503 case HCI_SETUP_ESCO_CONNECTION:
504 case HCI_ENH_SETUP_ESCO_CONNECTION:
505 STREAM_TO_UINT16(handle, p_cmd);
506 bluetooth::common::LogLinkLayerConnectionEvent(
507 nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
508 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
509 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
510 break;
511 case HCI_ACCEPT_CONNECTION_REQUEST:
512 case HCI_ACCEPT_ESCO_CONNECTION:
513 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
514 STREAM_TO_BDADDR(bd_addr, p_cmd);
515 bluetooth::common::LogLinkLayerConnectionEvent(
516 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
517 android::bluetooth::DIRECTION_INCOMING,
518 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
519 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
520 break;
521 case HCI_REJECT_CONNECTION_REQUEST:
522 case HCI_REJECT_ESCO_CONNECTION:
523 STREAM_TO_BDADDR(bd_addr, p_cmd);
524 STREAM_TO_UINT8(reason, p_cmd);
525 bluetooth::common::LogLinkLayerConnectionEvent(
526 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
527 android::bluetooth::DIRECTION_INCOMING,
528 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
529 kUnknownBleEvt, cmd_status, reason);
530 break;
531
532 // BLE Commands
533 case HCI_BLE_CREATE_LL_CONN: {
534 p_cmd += 2; // Skip LE_Scan_Interval
535 p_cmd += 2; // Skip LE_Scan_Window;
536 uint8_t initiator_filter_policy;
537 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
538 uint8_t peer_address_type;
539 STREAM_TO_UINT8(peer_address_type, p_cmd);
540 STREAM_TO_BDADDR(bd_addr, p_cmd);
541 // Peer address should not be used if initiator filter policy is not 0x00
542 const RawAddress* bd_addr_p = nullptr;
543 if (initiator_filter_policy == 0x00) {
544 bd_addr_p = &bd_addr;
545 #if (BLE_PRIVACY_SPT == TRUE)
546 if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
547 peer_address_type == BLE_ADDR_RANDOM_ID) {
548 // if identity address is not matched, this address is invalid
549 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
550 false)) {
551 bd_addr_p = nullptr;
552 }
553 }
554 #endif
555 }
556 if (initiator_filter_policy == 0x00 ||
557 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
558 // Selectively log to avoid log spam due to whitelist connections:
559 // - When doing non-whitelist connection
560 // - When there is an error in command status
561 bluetooth::common::LogLinkLayerConnectionEvent(
562 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
563 android::bluetooth::DIRECTION_OUTGOING,
564 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
565 kUnknownBleEvt, cmd_status,
566 android::bluetooth::hci::STATUS_UNKNOWN);
567 }
568 break;
569 }
570 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
571 uint8_t initiator_filter_policy;
572 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
573 p_cmd += 1; // Skip Own_Address_Type
574 uint8_t peer_addr_type;
575 STREAM_TO_UINT8(peer_addr_type, p_cmd);
576 STREAM_TO_BDADDR(bd_addr, p_cmd);
577 // Peer address should not be used if initiator filter policy is not 0x00
578 const RawAddress* bd_addr_p = nullptr;
579 if (initiator_filter_policy == 0x00) {
580 bd_addr_p = &bd_addr;
581 #if (BLE_PRIVACY_SPT == TRUE)
582 // if identity address is not matched, this should be a static address
583 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
584 #endif
585 }
586 if (initiator_filter_policy == 0x00 ||
587 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
588 // Selectively log to avoid log spam due to whitelist connections:
589 // - When doing non-whitelist connection
590 // - When there is an error in command status
591 bluetooth::common::LogLinkLayerConnectionEvent(
592 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
593 android::bluetooth::DIRECTION_OUTGOING,
594 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
595 kUnknownBleEvt, cmd_status,
596 android::bluetooth::hci::STATUS_UNKNOWN);
597 }
598 break;
599 }
600 case HCI_BLE_CREATE_CONN_CANCEL:
601 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
602 // Only log errors to prevent log spam due to whitelist connections
603 bluetooth::common::LogLinkLayerConnectionEvent(
604 nullptr, bluetooth::common::kUnknownConnectionHandle,
605 android::bluetooth::DIRECTION_OUTGOING,
606 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
607 kUnknownBleEvt, cmd_status,
608 android::bluetooth::hci::STATUS_UNKNOWN);
609 }
610 break;
611 case HCI_BLE_CLEAR_WHITE_LIST:
612 bluetooth::common::LogLinkLayerConnectionEvent(
613 nullptr, bluetooth::common::kUnknownConnectionHandle,
614 android::bluetooth::DIRECTION_INCOMING,
615 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
616 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
617 break;
618 case HCI_BLE_ADD_WHITE_LIST:
619 case HCI_BLE_REMOVE_WHITE_LIST: {
620 uint8_t peer_addr_type;
621 STREAM_TO_UINT8(peer_addr_type, p_cmd);
622 STREAM_TO_BDADDR(bd_addr, p_cmd);
623 const RawAddress* bd_addr_p = nullptr;
624 // When peer_addr_type is 0xFF, bd_addr should be ignored per BT spec
625 if (peer_addr_type != BLE_ADDR_ANONYMOUS) {
626 bd_addr_p = &bd_addr;
627 #if (BLE_PRIVACY_SPT == TRUE)
628 bool addr_is_rpa = peer_addr_type == BLE_ADDR_RANDOM &&
629 BTM_BLE_IS_RESOLVE_BDA(bd_addr);
630 // Only try to match identity address for pseudo if address is not RPA
631 if (!addr_is_rpa) {
632 // if identity address is not matched, this should be a static address
633 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
634 }
635 #endif
636 }
637 bluetooth::common::LogLinkLayerConnectionEvent(
638 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
639 android::bluetooth::DIRECTION_INCOMING,
640 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
641 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
642 break;
643 }
644 case HCI_READ_LOCAL_OOB_DATA:
645 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
646 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
647 break;
648 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
649 uint8_t simple_pairing_mode;
650 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
651 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
652 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
653 simple_pairing_mode);
654 break;
655 }
656 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
657 uint8_t secure_conn_host_support;
658 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
659 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
660 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
661 secure_conn_host_support);
662 break;
663 }
664 case HCI_AUTHENTICATION_REQUESTED:
665 STREAM_TO_UINT16(handle, p_cmd);
666 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
667 android::bluetooth::hci::STATUS_UNKNOWN, 0);
668 break;
669 case HCI_SET_CONN_ENCRYPTION: {
670 STREAM_TO_UINT16(handle, p_cmd);
671 uint8_t encryption_enable;
672 STREAM_TO_UINT8(encryption_enable, p_cmd);
673 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
674 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
675 break;
676 }
677 case HCI_DELETE_STORED_LINK_KEY: {
678 uint8_t delete_all_flag;
679 STREAM_TO_BDADDR(bd_addr, p_cmd);
680 STREAM_TO_UINT8(delete_all_flag, p_cmd);
681 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
682 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, delete_all_flag);
683 break;
684 }
685 case HCI_RMT_NAME_REQUEST:
686 case HCI_RMT_NAME_REQUEST_CANCEL:
687 case HCI_LINK_KEY_REQUEST_REPLY:
688 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
689 case HCI_IO_CAPABILITY_REQUEST_REPLY:
690 case HCI_USER_CONF_REQUEST_REPLY:
691 case HCI_USER_CONF_VALUE_NEG_REPLY:
692 case HCI_USER_PASSKEY_REQ_REPLY:
693 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
694 case HCI_REM_OOB_DATA_REQ_REPLY:
695 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
696 STREAM_TO_BDADDR(bd_addr, p_cmd);
697 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
698 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
699 break;
700 case HCI_IO_CAP_REQ_NEG_REPLY:
701 STREAM_TO_BDADDR(bd_addr, p_cmd);
702 STREAM_TO_UINT8(reason, p_cmd);
703 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
704 cmd_status, reason, 0);
705 break;
706 }
707 }
708
709 /*******************************************************************************
710 *
711 * Function btu_hcif_send_cmd
712 *
713 * Description This function is called to send commands to the Host
714 * Controller.
715 *
716 * Returns void
717 *
718 ******************************************************************************/
btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id,BT_HDR * p_buf)719 void btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_buf) {
720 if (!p_buf) return;
721
722 uint16_t opcode;
723 uint8_t* stream = p_buf->data + p_buf->offset;
724 void* vsc_callback = NULL;
725
726 STREAM_TO_UINT16(opcode, stream);
727
728 // Eww...horrible hackery here
729 /* If command was a VSC, then extract command_complete callback */
730 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC ||
731 (opcode == HCI_BLE_RAND) || (opcode == HCI_BLE_ENCRYPT)) {
732 vsc_callback = *((void**)(p_buf + 1));
733 }
734
735 // Skip parameter length before logging
736 stream++;
737 btu_hcif_log_command_metrics(opcode, stream,
738 android::bluetooth::hci::STATUS_UNKNOWN, false);
739
740 hci_layer_get_interface()->transmit_command(
741 p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt,
742 vsc_callback);
743 }
744
745 using hci_cmd_cb = base::OnceCallback<void(
746 uint8_t* /* return_parameters */, uint16_t /* return_parameters_length*/)>;
747
748 struct cmd_with_cb_data {
749 hci_cmd_cb cb;
750 Location posted_from;
751 };
752
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)753 void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
754 new (&cb_wrapper->cb) hci_cmd_cb;
755 new (&cb_wrapper->posted_from) Location;
756 }
757
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)758 void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
759 cb_wrapper->cb.~hci_cmd_cb();
760 cb_wrapper->posted_from.~Location();
761 }
762
763 /**
764 * Log command complete events that is not handled individually in this file
765 * @param opcode opcode of the command
766 * @param p_return_params pointer to returned parameter after parameter length
767 * field
768 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,uint8_t * p_return_params)769 static void btu_hcif_log_command_complete_metrics(uint16_t opcode,
770 uint8_t* p_return_params) {
771 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
772 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
773 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
774 uint16_t hci_ble_event = android::bluetooth::hci::BLE_EVT_UNKNOWN;
775 RawAddress bd_addr = RawAddress::kEmpty;
776 switch (opcode) {
777 case HCI_BLE_CLEAR_WHITE_LIST:
778 case HCI_BLE_ADD_WHITE_LIST:
779 case HCI_BLE_REMOVE_WHITE_LIST: {
780 STREAM_TO_UINT8(status, p_return_params);
781 bluetooth::common::LogLinkLayerConnectionEvent(
782 nullptr, bluetooth::common::kUnknownConnectionHandle,
783 android::bluetooth::DIRECTION_INCOMING,
784 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, hci_ble_event,
785 status, reason);
786 break;
787 }
788 case HCI_DELETE_STORED_LINK_KEY:
789 case HCI_READ_LOCAL_OOB_DATA:
790 case HCI_WRITE_SIMPLE_PAIRING_MODE:
791 case HCI_WRITE_SECURE_CONNS_SUPPORT:
792 STREAM_TO_UINT8(status, p_return_params);
793 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
794 hci_event, status, reason, 0);
795 break;
796 case HCI_READ_ENCR_KEY_SIZE: {
797 uint16_t handle;
798 uint8_t key_size;
799 STREAM_TO_UINT8(status, p_return_params);
800 STREAM_TO_UINT16(handle, p_return_params);
801 STREAM_TO_UINT8(key_size, p_return_params);
802 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, handle, opcode, hci_event, status, reason,
803 key_size);
804 break;
805 }
806 case HCI_LINK_KEY_REQUEST_REPLY:
807 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
808 case HCI_IO_CAPABILITY_REQUEST_REPLY:
809 case HCI_IO_CAP_REQ_NEG_REPLY:
810 case HCI_USER_CONF_REQUEST_REPLY:
811 case HCI_USER_CONF_VALUE_NEG_REPLY:
812 case HCI_USER_PASSKEY_REQ_REPLY:
813 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
814 case HCI_REM_OOB_DATA_REQ_REPLY:
815 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
816 STREAM_TO_UINT8(status, p_return_params);
817 STREAM_TO_BDADDR(bd_addr, p_return_params);
818 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
819 status, reason, 0);
820 break;
821 }
822 }
823
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)824 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
825 void* context) {
826 command_opcode_t opcode;
827 // 2 for event header: event code (1) + parameter length (1)
828 // 1 for num_hci_pkt command credit
829 uint8_t* stream = event->data + event->offset + 3;
830 STREAM_TO_UINT16(opcode, stream);
831
832 btu_hcif_log_command_complete_metrics(opcode, stream);
833
834 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
835 HCI_TRACE_DEBUG("command complete for: %s",
836 cb_wrapper->posted_from.ToString().c_str());
837 // 2 for event header: event code (1) + parameter length (1)
838 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
839 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
840 std::move(cb_wrapper->cb).Run(stream, param_len);
841 cmd_with_cb_data_cleanup(cb_wrapper);
842 osi_free(cb_wrapper);
843
844 osi_free(event);
845 }
846
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)847 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
848 void* context) {
849 do_in_main_thread(FROM_HERE,
850 base::Bind(btu_hcif_command_complete_evt_with_cb_on_task,
851 response, context));
852 }
853
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)854 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
855 BT_HDR* event,
856 void* context) {
857 command_opcode_t opcode;
858 uint8_t* stream = event->data + event->offset;
859 STREAM_TO_UINT16(opcode, stream);
860
861 CHECK(status != 0);
862
863 // stream + 1 to skip parameter length field
864 // No need to check length since stream is written by us
865 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
866
867 // report command status error
868 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
869 HCI_TRACE_DEBUG("command status for: %s",
870 cb_wrapper->posted_from.ToString().c_str());
871 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
872 cmd_with_cb_data_cleanup(cb_wrapper);
873 osi_free(cb_wrapper);
874
875 osi_free(event);
876 }
877
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)878 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
879 void* context) {
880 // Command is pending, we report only error.
881 if (!status) {
882 osi_free(command);
883 return;
884 }
885
886 do_in_main_thread(
887 FROM_HERE, base::Bind(btu_hcif_command_status_evt_with_cb_on_task, status,
888 command, context));
889 }
890
891 /* This function is called to send commands to the Host Controller. |cb| is
892 * called when command status event is called with error code, or when the
893 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)894 void btu_hcif_send_cmd_with_cb(const Location& posted_from, uint16_t opcode,
895 uint8_t* params, uint8_t params_len,
896 hci_cmd_cb cb) {
897 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
898 uint8_t* pp = (uint8_t*)(p + 1);
899
900 p->len = HCIC_PREAMBLE_SIZE + params_len;
901 p->offset = 0;
902
903 UINT16_TO_STREAM(pp, opcode);
904 UINT8_TO_STREAM(pp, params_len);
905 if (params) {
906 memcpy(pp, params, params_len);
907 }
908
909 btu_hcif_log_command_metrics(opcode, pp,
910 android::bluetooth::hci::STATUS_UNKNOWN, false);
911
912 cmd_with_cb_data* cb_wrapper =
913 (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
914
915 cmd_with_cb_data_init(cb_wrapper);
916 cb_wrapper->cb = std::move(cb);
917 cb_wrapper->posted_from = posted_from;
918
919 hci_layer_get_interface()->transmit_command(
920 p, btu_hcif_command_complete_evt_with_cb,
921 btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
922 }
923
924 /*******************************************************************************
925 *
926 * Function btu_hcif_inquiry_comp_evt
927 *
928 * Description Process event HCI_INQUIRY_COMP_EVT
929 *
930 * Returns void
931 *
932 ******************************************************************************/
btu_hcif_inquiry_comp_evt(uint8_t * p)933 static void btu_hcif_inquiry_comp_evt(uint8_t* p) {
934 uint8_t status;
935
936 STREAM_TO_UINT8(status, p);
937
938 /* Tell inquiry processing that we are done */
939 btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
940 }
941
942 /*******************************************************************************
943 *
944 * Function btu_hcif_inquiry_result_evt
945 *
946 * Description Process event HCI_INQUIRY_RESULT_EVT
947 *
948 * Returns void
949 *
950 ******************************************************************************/
btu_hcif_inquiry_result_evt(uint8_t * p)951 static void btu_hcif_inquiry_result_evt(uint8_t* p) {
952 /* Store results in the cache */
953 btm_process_inq_results(p, BTM_INQ_RESULT_STANDARD);
954 }
955
956 /*******************************************************************************
957 *
958 * Function btu_hcif_inquiry_rssi_result_evt
959 *
960 * Description Process event HCI_INQUIRY_RSSI_RESULT_EVT
961 *
962 * Returns void
963 *
964 ******************************************************************************/
btu_hcif_inquiry_rssi_result_evt(uint8_t * p)965 static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p) {
966 /* Store results in the cache */
967 btm_process_inq_results(p, BTM_INQ_RESULT_WITH_RSSI);
968 }
969
970 /*******************************************************************************
971 *
972 * Function btu_hcif_extended_inquiry_result_evt
973 *
974 * Description Process event HCI_EXTENDED_INQUIRY_RESULT_EVT
975 *
976 * Returns void
977 *
978 ******************************************************************************/
btu_hcif_extended_inquiry_result_evt(uint8_t * p)979 static void btu_hcif_extended_inquiry_result_evt(uint8_t* p) {
980 /* Store results in the cache */
981 btm_process_inq_results(p, BTM_INQ_RESULT_EXTENDED);
982 }
983
984 /*******************************************************************************
985 *
986 * Function btu_hcif_connection_comp_evt
987 *
988 * Description Process event HCI_CONNECTION_COMP_EVT
989 *
990 * Returns void
991 *
992 ******************************************************************************/
btu_hcif_connection_comp_evt(uint8_t * p)993 static void btu_hcif_connection_comp_evt(uint8_t* p) {
994 uint8_t status;
995 uint16_t handle;
996 RawAddress bda;
997 uint8_t link_type;
998 uint8_t enc_mode;
999 tBTM_ESCO_DATA esco_data;
1000
1001 STREAM_TO_UINT8(status, p);
1002 STREAM_TO_UINT16(handle, p);
1003 STREAM_TO_BDADDR(bda, p);
1004 STREAM_TO_UINT8(link_type, p);
1005 STREAM_TO_UINT8(enc_mode, p);
1006
1007 handle = HCID_GET_HANDLE(handle);
1008
1009 if (status != HCI_SUCCESS) {
1010 HCI_TRACE_DEBUG(
1011 "%s: Connection failed: status=%d, handle=%d, link_type=%d, "
1012 "enc_mode=%d",
1013 __func__, status, handle, link_type, enc_mode);
1014 }
1015
1016 if (link_type == HCI_LINK_TYPE_ACL) {
1017 btm_sec_connected(bda, handle, status, enc_mode);
1018
1019 l2c_link_hci_conn_comp(status, handle, bda);
1020 } else {
1021 memset(&esco_data, 0, sizeof(tBTM_ESCO_DATA));
1022 /* esco_data.link_type = HCI_LINK_TYPE_SCO; already zero */
1023 esco_data.bd_addr = bda;
1024 btm_sco_connected(status, &bda, handle, &esco_data);
1025 }
1026 }
1027
1028 /*******************************************************************************
1029 *
1030 * Function btu_hcif_connection_request_evt
1031 *
1032 * Description Process event HCI_CONNECTION_REQUEST_EVT
1033 *
1034 * Returns void
1035 *
1036 ******************************************************************************/
btu_hcif_connection_request_evt(uint8_t * p)1037 static void btu_hcif_connection_request_evt(uint8_t* p) {
1038 RawAddress bda;
1039 DEV_CLASS dc;
1040 uint8_t link_type;
1041
1042 STREAM_TO_BDADDR(bda, p);
1043 STREAM_TO_DEVCLASS(dc, p);
1044 STREAM_TO_UINT8(link_type, p);
1045
1046 /* Pass request to security manager to check connect filters before */
1047 /* passing request to l2cap */
1048 if (link_type == HCI_LINK_TYPE_ACL) {
1049 btm_sec_conn_req(bda, dc);
1050 } else {
1051 btm_sco_conn_req(bda, dc, link_type);
1052 }
1053 }
1054
1055 /*******************************************************************************
1056 *
1057 * Function btu_hcif_disconnection_comp_evt
1058 *
1059 * Description Process event HCI_DISCONNECTION_COMP_EVT
1060 *
1061 * Returns void
1062 *
1063 ******************************************************************************/
btu_hcif_disconnection_comp_evt(uint8_t * p)1064 static void btu_hcif_disconnection_comp_evt(uint8_t* p) {
1065 uint8_t status;
1066 uint16_t handle;
1067 uint8_t reason;
1068
1069 STREAM_TO_UINT8(status, p);
1070 STREAM_TO_UINT16(handle, p);
1071 STREAM_TO_UINT8(reason, p);
1072
1073 handle = HCID_GET_HANDLE(handle);
1074
1075 if ((reason != HCI_ERR_CONN_CAUSE_LOCAL_HOST) &&
1076 (reason != HCI_ERR_PEER_USER)) {
1077 /* Uncommon disconnection reasons */
1078 HCI_TRACE_DEBUG("%s: Got Disconn Complete Event: reason=%d, handle=%d",
1079 __func__, reason, handle);
1080 }
1081
1082 /* If L2CAP doesn't know about it, send it to SCO */
1083 if (!l2c_link_hci_disc_comp(handle, reason)) btm_sco_removed(handle, reason);
1084
1085 /* Notify security manager */
1086 btm_sec_disconnected(handle, reason);
1087 }
1088
1089 /*******************************************************************************
1090 *
1091 * Function btu_hcif_authentication_comp_evt
1092 *
1093 * Description Process event HCI_AUTHENTICATION_COMP_EVT
1094 *
1095 * Returns void
1096 *
1097 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)1098 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
1099 uint8_t status;
1100 uint16_t handle;
1101
1102 STREAM_TO_UINT8(status, p);
1103 STREAM_TO_UINT16(handle, p);
1104
1105 btm_sec_auth_complete(handle, status);
1106 }
1107
1108 /*******************************************************************************
1109 *
1110 * Function btu_hcif_rmt_name_request_comp_evt
1111 *
1112 * Description Process event HCI_RMT_NAME_REQUEST_COMP_EVT
1113 *
1114 * Returns void
1115 *
1116 ******************************************************************************/
btu_hcif_rmt_name_request_comp_evt(uint8_t * p,uint16_t evt_len)1117 static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len) {
1118 uint8_t status;
1119 RawAddress bd_addr;
1120
1121 STREAM_TO_UINT8(status, p);
1122 STREAM_TO_BDADDR(bd_addr, p);
1123
1124 evt_len -= (1 + BD_ADDR_LEN);
1125
1126 btm_process_remote_name(&bd_addr, p, evt_len, status);
1127
1128 btm_sec_rmt_name_request_complete(&bd_addr, p, status);
1129 }
1130
1131 constexpr uint8_t MIN_KEY_SIZE = 7;
1132
read_encryption_key_size_complete_after_encryption_change(uint8_t status,uint16_t handle,uint8_t key_size)1133 static void read_encryption_key_size_complete_after_encryption_change(uint8_t status, uint16_t handle,
1134 uint8_t key_size) {
1135 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1136 /* If remote device stop the encryption before we call "Read Encryption Key
1137 * Size", we might receive Insufficient Security, which means that link is
1138 * no longer encrypted. */
1139 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1140 return;
1141 }
1142
1143 if (status != HCI_SUCCESS) {
1144 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1145 btsnd_hcic_disconnect(handle, HCI_ERR_PEER_USER);
1146 return;
1147 }
1148
1149 if (key_size < MIN_KEY_SIZE) {
1150 android_errorWriteLog(0x534e4554, "124301137");
1151 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1152 << " key_size: " << +key_size;
1153
1154 btsnd_hcic_disconnect(handle, HCI_ERR_HOST_REJECT_SECURITY);
1155 return;
1156 }
1157
1158 // good key size - succeed
1159 btm_acl_encrypt_change(handle, status, 1 /* enable */);
1160 btm_sec_encrypt_change(handle, status, 1 /* enable */);
1161 }
1162 /*******************************************************************************
1163 *
1164 * Function btu_hcif_encryption_change_evt
1165 *
1166 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
1167 *
1168 * Returns void
1169 *
1170 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)1171 static void btu_hcif_encryption_change_evt(uint8_t* p) {
1172 uint8_t status;
1173 uint16_t handle;
1174 uint8_t encr_enable;
1175
1176 STREAM_TO_UINT8(status, p);
1177 STREAM_TO_UINT16(handle, p);
1178 STREAM_TO_UINT8(encr_enable, p);
1179
1180 if (status != HCI_SUCCESS || encr_enable == 0 || BTM_IsBleConnection(handle)) {
1181 if (status == HCI_ERR_CONNECTION_TOUT) {
1182 smp_cancel_start_encryption_attempt();
1183 return;
1184 }
1185
1186 btm_acl_encrypt_change(handle, status, encr_enable);
1187 btm_sec_encrypt_change(handle, status, encr_enable);
1188 } else {
1189 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_encryption_change));
1190 }
1191 }
1192
1193 /*******************************************************************************
1194 *
1195 * Function btu_hcif_read_rmt_features_comp_evt
1196 *
1197 * Description Process event HCI_READ_RMT_FEATURES_COMP_EVT
1198 *
1199 * Returns void
1200 *
1201 ******************************************************************************/
btu_hcif_read_rmt_features_comp_evt(uint8_t * p)1202 static void btu_hcif_read_rmt_features_comp_evt(uint8_t* p) {
1203 btm_read_remote_features_complete(p);
1204 }
1205
1206 /*******************************************************************************
1207 *
1208 * Function btu_hcif_read_rmt_ext_features_comp_evt
1209 *
1210 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
1211 *
1212 * Returns void
1213 *
1214 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)1215 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
1216 uint8_t evt_len) {
1217 uint8_t* p_cur = p;
1218 uint8_t status;
1219 uint16_t handle;
1220
1221 STREAM_TO_UINT8(status, p_cur);
1222
1223 if (status == HCI_SUCCESS)
1224 btm_read_remote_ext_features_complete(p, evt_len);
1225 else {
1226 STREAM_TO_UINT16(handle, p_cur);
1227 btm_read_remote_ext_features_failed(status, handle);
1228 }
1229 }
1230
1231 /*******************************************************************************
1232 *
1233 * Function btu_hcif_read_rmt_version_comp_evt
1234 *
1235 * Description Process event HCI_READ_RMT_VERSION_COMP_EVT
1236 *
1237 * Returns void
1238 *
1239 ******************************************************************************/
btu_hcif_read_rmt_version_comp_evt(uint8_t * p)1240 static void btu_hcif_read_rmt_version_comp_evt(uint8_t* p) {
1241 btm_read_remote_version_complete(p);
1242 }
1243
1244 /*******************************************************************************
1245 *
1246 * Function btu_hcif_qos_setup_comp_evt
1247 *
1248 * Description Process event HCI_QOS_SETUP_COMP_EVT
1249 *
1250 * Returns void
1251 *
1252 ******************************************************************************/
btu_hcif_qos_setup_comp_evt(uint8_t * p)1253 static void btu_hcif_qos_setup_comp_evt(uint8_t* p) {
1254 uint8_t status;
1255 uint16_t handle;
1256 FLOW_SPEC flow;
1257
1258 STREAM_TO_UINT8(status, p);
1259 STREAM_TO_UINT16(handle, p);
1260 STREAM_TO_UINT8(flow.qos_flags, p);
1261 STREAM_TO_UINT8(flow.service_type, p);
1262 STREAM_TO_UINT32(flow.token_rate, p);
1263 STREAM_TO_UINT32(flow.peak_bandwidth, p);
1264 STREAM_TO_UINT32(flow.latency, p);
1265 STREAM_TO_UINT32(flow.delay_variation, p);
1266
1267 btm_qos_setup_complete(status, handle, &flow);
1268 }
1269
1270 /*******************************************************************************
1271 *
1272 * Function btu_hcif_esco_connection_comp_evt
1273 *
1274 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
1275 *
1276 * Returns void
1277 *
1278 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(uint8_t * p)1279 static void btu_hcif_esco_connection_comp_evt(uint8_t* p) {
1280 tBTM_ESCO_DATA data;
1281 uint16_t handle;
1282 RawAddress bda;
1283 uint8_t status;
1284
1285 STREAM_TO_UINT8(status, p);
1286 STREAM_TO_UINT16(handle, p);
1287 STREAM_TO_BDADDR(bda, p);
1288
1289 STREAM_TO_UINT8(data.link_type, p);
1290 STREAM_TO_UINT8(data.tx_interval, p);
1291 STREAM_TO_UINT8(data.retrans_window, p);
1292 STREAM_TO_UINT16(data.rx_pkt_len, p);
1293 STREAM_TO_UINT16(data.tx_pkt_len, p);
1294 STREAM_TO_UINT8(data.air_mode, p);
1295
1296 handle = HCID_GET_HANDLE(handle);
1297
1298 data.bd_addr = bda;
1299 btm_sco_connected(status, &bda, handle, &data);
1300 }
1301
1302 /*******************************************************************************
1303 *
1304 * Function btu_hcif_esco_connection_chg_evt
1305 *
1306 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
1307 *
1308 * Returns void
1309 *
1310 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)1311 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
1312 uint16_t handle;
1313 uint16_t tx_pkt_len;
1314 uint16_t rx_pkt_len;
1315 uint8_t status;
1316 uint8_t tx_interval;
1317 uint8_t retrans_window;
1318
1319 STREAM_TO_UINT8(status, p);
1320 STREAM_TO_UINT16(handle, p);
1321
1322 STREAM_TO_UINT8(tx_interval, p);
1323 STREAM_TO_UINT8(retrans_window, p);
1324 STREAM_TO_UINT16(rx_pkt_len, p);
1325 STREAM_TO_UINT16(tx_pkt_len, p);
1326
1327 handle = HCID_GET_HANDLE(handle);
1328
1329 btm_esco_proc_conn_chg(status, handle, tx_interval, retrans_window,
1330 rx_pkt_len, tx_pkt_len);
1331 }
1332
1333 /*******************************************************************************
1334 *
1335 * Function btu_hcif_hdl_command_complete
1336 *
1337 * Description Handle command complete event
1338 *
1339 * Returns void
1340 *
1341 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len,void * p_cplt_cback)1342 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
1343 uint16_t evt_len,
1344 void* p_cplt_cback) {
1345 switch (opcode) {
1346 case HCI_INQUIRY_CANCEL:
1347 /* Tell inquiry processing that we are done */
1348 btm_process_cancel_complete(HCI_SUCCESS, BTM_BR_INQUIRY_MASK);
1349 break;
1350 case HCI_SET_EVENT_FILTER:
1351 btm_event_filter_complete(p);
1352 break;
1353
1354 case HCI_DELETE_STORED_LINK_KEY:
1355 btm_delete_stored_link_key_complete(p);
1356 break;
1357
1358 case HCI_READ_LOCAL_NAME:
1359 btm_read_local_name_complete(p, evt_len);
1360 break;
1361
1362 case HCI_GET_LINK_QUALITY:
1363 btm_read_link_quality_complete(p);
1364 break;
1365
1366 case HCI_READ_RSSI:
1367 btm_read_rssi_complete(p);
1368 break;
1369
1370 case HCI_READ_FAILED_CONTACT_COUNTER:
1371 btm_read_failed_contact_counter_complete(p);
1372 break;
1373
1374 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
1375 btm_read_automatic_flush_timeout_complete(p);
1376 break;
1377
1378 case HCI_READ_TRANSMIT_POWER_LEVEL:
1379 btm_read_tx_power_complete(p, false);
1380 break;
1381
1382 case HCI_CREATE_CONNECTION_CANCEL:
1383 btm_create_conn_cancel_complete(p);
1384 break;
1385
1386 case HCI_READ_LOCAL_OOB_DATA:
1387 btm_read_local_oob_complete(p);
1388 break;
1389
1390 case HCI_READ_INQ_TX_POWER_LEVEL:
1391 btm_read_inq_tx_power_complete(p);
1392 break;
1393
1394 /* BLE Commands sComplete*/
1395 case HCI_BLE_RAND:
1396 case HCI_BLE_ENCRYPT:
1397 btm_ble_rand_enc_complete(p, opcode, (tBTM_RAND_ENC_CB*)p_cplt_cback);
1398 break;
1399
1400 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
1401 btm_read_tx_power_complete(p, true);
1402 break;
1403
1404 case HCI_BLE_WRITE_ADV_ENABLE:
1405 btm_ble_write_adv_enable_complete(p);
1406 break;
1407
1408 case HCI_BLE_CREATE_LL_CONN:
1409 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1410 // No command complete event for those commands according to spec
1411 LOG(ERROR) << "No command complete expected, but received!";
1412 break;
1413
1414 case HCI_BLE_CREATE_CONN_CANCEL:
1415 btm_ble_create_conn_cancel_complete(p);
1416 break;
1417
1418 case HCI_BLE_TRANSMITTER_TEST:
1419 case HCI_BLE_RECEIVER_TEST:
1420 case HCI_BLE_TEST_END:
1421 btm_ble_test_command_complete(p);
1422 break;
1423
1424 #if (BLE_PRIVACY_SPT == TRUE)
1425 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
1426 btm_ble_add_resolving_list_entry_complete(p, evt_len);
1427 break;
1428
1429 case HCI_BLE_RM_DEV_RESOLVING_LIST:
1430 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
1431 break;
1432
1433 case HCI_BLE_CLEAR_RESOLVING_LIST:
1434 btm_ble_clear_resolving_list_complete(p, evt_len);
1435 break;
1436
1437 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
1438 btm_ble_read_resolving_list_entry_complete(p, evt_len);
1439 break;
1440
1441 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
1442 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
1443 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
1444 break;
1445 #endif
1446 default:
1447 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC)
1448 btm_vsc_complete(p, opcode, evt_len, (tBTM_VSC_CMPL_CB*)p_cplt_cback);
1449 break;
1450 }
1451 }
1452
1453 /*******************************************************************************
1454 *
1455 * Function btu_hcif_command_complete_evt
1456 *
1457 * Description Process event HCI_COMMAND_COMPLETE_EVT
1458 *
1459 * Returns void
1460 *
1461 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event,void * context)1462 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event,
1463 void* context) {
1464 command_opcode_t opcode;
1465 // 2 for event header: event code (1) + parameter length (1)
1466 // 1 for num_hci_pkt command credit
1467 uint8_t* stream = event->data + event->offset + 3;
1468 STREAM_TO_UINT16(opcode, stream);
1469
1470 btu_hcif_log_command_complete_metrics(opcode, stream);
1471 // 2 for event header: event code (1) + parameter length (1)
1472 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1473 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1474 btu_hcif_hdl_command_complete(opcode, stream, param_len, context);
1475
1476 osi_free(event);
1477 }
1478
btu_hcif_command_complete_evt(BT_HDR * response,void * context)1479 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context) {
1480 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_complete_evt_on_task,
1481 response, context));
1482 }
1483
1484 /*******************************************************************************
1485 *
1486 * Function btu_hcif_hdl_command_status
1487 *
1488 * Description Handle a command status event
1489 *
1490 * Returns void
1491 *
1492 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,uint8_t * p_cmd,void * p_vsc_status_cback)1493 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1494 uint8_t* p_cmd,
1495 void* p_vsc_status_cback) {
1496 CHECK_NE(p_cmd, nullptr) << "Null command for opcode 0x" << loghex(opcode);
1497 p_cmd++; // Skip parameter total length
1498
1499 RawAddress bd_addr;
1500 uint16_t handle;
1501
1502 switch (opcode) {
1503 // Link Control Commands
1504 case HCI_INQUIRY:
1505 if (status != HCI_SUCCESS) {
1506 // Tell inquiry processing that we are done
1507 btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
1508 }
1509 break;
1510 case HCI_QOS_SETUP:
1511 if (status != HCI_SUCCESS) {
1512 // Tell qos setup that we are done
1513 btm_qos_setup_complete(status, 0, nullptr);
1514 }
1515 break;
1516 case HCI_SWITCH_ROLE:
1517 if (status != HCI_SUCCESS) {
1518 // Tell BTM that the command failed
1519 STREAM_TO_BDADDR(bd_addr, p_cmd);
1520 btm_acl_role_changed(status, &bd_addr, BTM_ROLE_UNDEFINED);
1521 l2c_link_role_changed(nullptr, BTM_ROLE_UNDEFINED,
1522 HCI_ERR_COMMAND_DISALLOWED);
1523 }
1524 break;
1525 case HCI_CREATE_CONNECTION:
1526 if (status != HCI_SUCCESS) {
1527 STREAM_TO_BDADDR(bd_addr, p_cmd);
1528 btm_sec_connected(bd_addr, HCI_INVALID_HANDLE, status, 0);
1529 l2c_link_hci_conn_comp(status, HCI_INVALID_HANDLE, bd_addr);
1530 }
1531 break;
1532 case HCI_AUTHENTICATION_REQUESTED:
1533 if (status != HCI_SUCCESS) {
1534 // Device refused to start authentication
1535 // This is treated as an authentication failure
1536 btm_sec_auth_complete(BTM_INVALID_HCI_HANDLE, status);
1537 }
1538 break;
1539 case HCI_SET_CONN_ENCRYPTION:
1540 if (status != HCI_SUCCESS) {
1541 // Device refused to start encryption
1542 // This is treated as an encryption failure
1543 btm_sec_encrypt_change(BTM_INVALID_HCI_HANDLE, status, false);
1544 }
1545 break;
1546 case HCI_RMT_NAME_REQUEST:
1547 if (status != HCI_SUCCESS) {
1548 // Tell inquiry processing that we are done
1549 btm_process_remote_name(nullptr, nullptr, 0, status);
1550 btm_sec_rmt_name_request_complete(nullptr, nullptr, status);
1551 }
1552 break;
1553 case HCI_READ_RMT_EXT_FEATURES:
1554 if (status != HCI_SUCCESS) {
1555 STREAM_TO_UINT16(handle, p_cmd);
1556 btm_read_remote_ext_features_failed(status, handle);
1557 }
1558 break;
1559 case HCI_SETUP_ESCO_CONNECTION:
1560 case HCI_ENH_SETUP_ESCO_CONNECTION:
1561 if (status != HCI_SUCCESS) {
1562 STREAM_TO_UINT16(handle, p_cmd);
1563 // Determine if initial connection failed or is a change of setup
1564 if (btm_is_sco_active(handle)) {
1565 btm_esco_proc_conn_chg(status, handle, 0, 0, 0, 0);
1566 } else {
1567 btm_sco_connected(status, nullptr, handle, nullptr);
1568 }
1569 }
1570 break;
1571
1572 // BLE Commands
1573 case HCI_BLE_CREATE_LL_CONN:
1574 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1575 if (status != HCI_SUCCESS) {
1576 btm_ble_create_ll_conn_complete(status);
1577 }
1578 break;
1579 case HCI_BLE_START_ENC:
1580 // Race condition: disconnection happened right before we send
1581 // "LE Encrypt", controller responds with no connection, we should
1582 // cancel the encryption attempt, rather than unpair the device.
1583 if (status == HCI_ERR_NO_CONNECTION) {
1584 smp_cancel_start_encryption_attempt();
1585 }
1586 break;
1587
1588 // Link Policy Commands
1589 case HCI_EXIT_SNIFF_MODE:
1590 case HCI_EXIT_PARK_MODE:
1591 if (status != HCI_SUCCESS) {
1592 // Allow SCO initiation to continue if waiting for change mode event
1593 STREAM_TO_UINT16(handle, p_cmd);
1594 btm_sco_chk_pend_unpark(status, handle);
1595 }
1596 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1597 case HCI_HOLD_MODE:
1598 case HCI_SNIFF_MODE:
1599 case HCI_PARK_MODE:
1600 btm_pm_proc_cmd_status(status);
1601 break;
1602
1603 default:
1604 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC) {
1605 btm_vsc_complete(&status, opcode, 1,
1606 (tBTM_VSC_CMPL_CB*)p_vsc_status_cback);
1607 }
1608 }
1609 }
1610
1611 /*******************************************************************************
1612 *
1613 * Function btu_hcif_command_status_evt
1614 *
1615 * Description Process event HCI_COMMAND_STATUS_EVT
1616 *
1617 * Returns void
1618 *
1619 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event,void * context)1620 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event,
1621 void* context) {
1622 command_opcode_t opcode;
1623 uint8_t* stream = event->data + event->offset;
1624 STREAM_TO_UINT16(opcode, stream);
1625
1626 // stream + 1 to skip parameter length field
1627 // No need to check length since stream is written by us
1628 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1629
1630 btu_hcif_hdl_command_status(opcode, status, stream, context);
1631 osi_free(event);
1632 }
1633
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void * context)1634 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
1635 void* context) {
1636 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_status_evt_on_task,
1637 status, command, context));
1638 }
1639
1640 /*******************************************************************************
1641 *
1642 * Function btu_hcif_hardware_error_evt
1643 *
1644 * Description Process event HCI_HARDWARE_ERROR_EVT
1645 *
1646 * Returns void
1647 *
1648 ******************************************************************************/
btu_hcif_hardware_error_evt(uint8_t * p)1649 static void btu_hcif_hardware_error_evt(uint8_t* p) {
1650 HCI_TRACE_ERROR("Ctlr H/w error event - code:0x%x", *p);
1651
1652 /* If anyone wants device status notifications, give him one. */
1653 btm_report_device_status(BTM_DEV_STATUS_DOWN);
1654
1655 /* Reset the controller */
1656 if (BTM_IsDeviceUp()) BTM_DeviceReset(NULL);
1657 }
1658
1659 /*******************************************************************************
1660 *
1661 * Function btu_hcif_flush_occured_evt
1662 *
1663 * Description Process event HCI_FLUSH_OCCURED_EVT
1664 *
1665 * Returns void
1666 *
1667 ******************************************************************************/
btu_hcif_flush_occured_evt(void)1668 static void btu_hcif_flush_occured_evt(void) {}
1669
1670 /*******************************************************************************
1671 *
1672 * Function btu_hcif_role_change_evt
1673 *
1674 * Description Process event HCI_ROLE_CHANGE_EVT
1675 *
1676 * Returns void
1677 *
1678 ******************************************************************************/
btu_hcif_role_change_evt(uint8_t * p)1679 static void btu_hcif_role_change_evt(uint8_t* p) {
1680 uint8_t status;
1681 RawAddress bda;
1682 uint8_t role;
1683
1684 STREAM_TO_UINT8(status, p);
1685 STREAM_TO_BDADDR(bda, p);
1686 STREAM_TO_UINT8(role, p);
1687
1688 btm_blacklist_role_change_device(bda, status);
1689 l2c_link_role_changed(&bda, role, status);
1690 btm_acl_role_changed(status, &bda, role);
1691 }
1692
1693 /*******************************************************************************
1694 *
1695 * Function btu_hcif_num_compl_data_pkts_evt
1696 *
1697 * Description Process event HCI_NUM_COMPL_DATA_PKTS_EVT
1698 *
1699 * Returns void
1700 *
1701 ******************************************************************************/
btu_hcif_num_compl_data_pkts_evt(uint8_t * p)1702 static void btu_hcif_num_compl_data_pkts_evt(uint8_t* p) {
1703 /* Process for L2CAP and SCO */
1704 l2c_link_process_num_completed_pkts(p);
1705
1706 /* Send on to SCO */
1707 /*?? No SCO for now */
1708 }
1709
1710 /*******************************************************************************
1711 *
1712 * Function btu_hcif_mode_change_evt
1713 *
1714 * Description Process event HCI_MODE_CHANGE_EVT
1715 *
1716 * Returns void
1717 *
1718 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1719 static void btu_hcif_mode_change_evt(uint8_t* p) {
1720 uint8_t status;
1721 uint16_t handle;
1722 uint8_t current_mode;
1723 uint16_t interval;
1724
1725 STREAM_TO_UINT8(status, p);
1726
1727 STREAM_TO_UINT16(handle, p);
1728 STREAM_TO_UINT8(current_mode, p);
1729 STREAM_TO_UINT16(interval, p);
1730 btm_sco_chk_pend_unpark(status, handle);
1731 btm_pm_proc_mode_change(status, handle, current_mode, interval);
1732
1733 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1734 hidd_pm_proc_mode_change(status, current_mode, interval);
1735 #endif
1736 }
1737
1738 /*******************************************************************************
1739 *
1740 * Function btu_hcif_ssr_evt
1741 *
1742 * Description Process event HCI_SNIFF_SUB_RATE_EVT
1743 *
1744 * Returns void
1745 *
1746 ******************************************************************************/
1747 #if (BTM_SSR_INCLUDED == TRUE)
btu_hcif_ssr_evt(uint8_t * p,uint16_t evt_len)1748 static void btu_hcif_ssr_evt(uint8_t* p, uint16_t evt_len) {
1749 btm_pm_proc_ssr_evt(p, evt_len);
1750 }
1751 #endif
1752
1753 /*******************************************************************************
1754 *
1755 * Function btu_hcif_pin_code_request_evt
1756 *
1757 * Description Process event HCI_PIN_CODE_REQUEST_EVT
1758 *
1759 * Returns void
1760 *
1761 ******************************************************************************/
btu_hcif_pin_code_request_evt(uint8_t * p)1762 static void btu_hcif_pin_code_request_evt(uint8_t* p) {
1763 RawAddress bda;
1764
1765 STREAM_TO_BDADDR(bda, p);
1766
1767 /* Tell L2CAP that there was a PIN code request, */
1768 /* it may need to stretch timeouts */
1769 l2c_pin_code_request(bda);
1770
1771 btm_sec_pin_code_request(bda);
1772 }
1773
1774 /*******************************************************************************
1775 *
1776 * Function btu_hcif_link_key_request_evt
1777 *
1778 * Description Process event HCI_LINK_KEY_REQUEST_EVT
1779 *
1780 * Returns void
1781 *
1782 ******************************************************************************/
btu_hcif_link_key_request_evt(uint8_t * p)1783 static void btu_hcif_link_key_request_evt(uint8_t* p) {
1784 RawAddress bda;
1785
1786 STREAM_TO_BDADDR(bda, p);
1787 btm_sec_link_key_request(bda);
1788 }
1789
1790 /*******************************************************************************
1791 *
1792 * Function btu_hcif_link_key_notification_evt
1793 *
1794 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1795 *
1796 * Returns void
1797 *
1798 ******************************************************************************/
btu_hcif_link_key_notification_evt(uint8_t * p)1799 static void btu_hcif_link_key_notification_evt(uint8_t* p) {
1800 RawAddress bda;
1801 Octet16 key;
1802 uint8_t key_type;
1803
1804 STREAM_TO_BDADDR(bda, p);
1805 STREAM_TO_ARRAY16(key.data(), p);
1806 STREAM_TO_UINT8(key_type, p);
1807
1808 btm_sec_link_key_notification(bda, key, key_type);
1809 }
1810
1811 /*******************************************************************************
1812 *
1813 * Function btu_hcif_loopback_command_evt
1814 *
1815 * Description Process event HCI_LOOPBACK_COMMAND_EVT
1816 *
1817 * Returns void
1818 *
1819 ******************************************************************************/
btu_hcif_loopback_command_evt(void)1820 static void btu_hcif_loopback_command_evt(void) {}
1821
1822 /*******************************************************************************
1823 *
1824 * Function btu_hcif_data_buf_overflow_evt
1825 *
1826 * Description Process event HCI_DATA_BUF_OVERFLOW_EVT
1827 *
1828 * Returns void
1829 *
1830 ******************************************************************************/
btu_hcif_data_buf_overflow_evt(void)1831 static void btu_hcif_data_buf_overflow_evt(void) {}
1832
1833 /*******************************************************************************
1834 *
1835 * Function btu_hcif_max_slots_changed_evt
1836 *
1837 * Description Process event HCI_MAX_SLOTS_CHANGED_EVT
1838 *
1839 * Returns void
1840 *
1841 ******************************************************************************/
btu_hcif_max_slots_changed_evt(void)1842 static void btu_hcif_max_slots_changed_evt(void) {}
1843
1844 /*******************************************************************************
1845 *
1846 * Function btu_hcif_read_clock_off_comp_evt
1847 *
1848 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1849 *
1850 * Returns void
1851 *
1852 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1853 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1854 uint8_t status;
1855 uint16_t handle;
1856 uint16_t clock_offset;
1857
1858 STREAM_TO_UINT8(status, p);
1859
1860 /* If failed to get clock offset just drop the result */
1861 if (status != HCI_SUCCESS) return;
1862
1863 STREAM_TO_UINT16(handle, p);
1864 STREAM_TO_UINT16(clock_offset, p);
1865
1866 handle = HCID_GET_HANDLE(handle);
1867
1868 btm_process_clk_off_comp_evt(handle, clock_offset);
1869 btm_sec_update_clock_offset(handle, clock_offset);
1870 }
1871
1872 /*******************************************************************************
1873 *
1874 * Function btu_hcif_conn_pkt_type_change_evt
1875 *
1876 * Description Process event HCI_CONN_PKT_TYPE_CHANGE_EVT
1877 *
1878 * Returns void
1879 *
1880 ******************************************************************************/
btu_hcif_conn_pkt_type_change_evt(void)1881 static void btu_hcif_conn_pkt_type_change_evt(void) {}
1882
1883 /*******************************************************************************
1884 *
1885 * Function btu_hcif_qos_violation_evt
1886 *
1887 * Description Process event HCI_QOS_VIOLATION_EVT
1888 *
1889 * Returns void
1890 *
1891 ******************************************************************************/
btu_hcif_qos_violation_evt(uint8_t * p)1892 static void btu_hcif_qos_violation_evt(uint8_t* p) {
1893 uint16_t handle;
1894
1895 STREAM_TO_UINT16(handle, p);
1896
1897 handle = HCID_GET_HANDLE(handle);
1898
1899 l2c_link_hci_qos_violation(handle);
1900 }
1901
1902 /*******************************************************************************
1903 *
1904 * Function btu_hcif_page_scan_mode_change_evt
1905 *
1906 * Description Process event HCI_PAGE_SCAN_MODE_CHANGE_EVT
1907 *
1908 * Returns void
1909 *
1910 ******************************************************************************/
btu_hcif_page_scan_mode_change_evt(void)1911 static void btu_hcif_page_scan_mode_change_evt(void) {}
1912
1913 /*******************************************************************************
1914 *
1915 * Function btu_hcif_page_scan_rep_mode_chng_evt
1916 *
1917 * Description Process event HCI_PAGE_SCAN_REP_MODE_CHNG_EVT
1918 *
1919 * Returns void
1920 *
1921 ******************************************************************************/
btu_hcif_page_scan_rep_mode_chng_evt(void)1922 static void btu_hcif_page_scan_rep_mode_chng_evt(void) {}
1923
1924 /**********************************************
1925 * Simple Pairing Events
1926 **********************************************/
1927
1928 /*******************************************************************************
1929 *
1930 * Function btu_hcif_host_support_evt
1931 *
1932 * Description Process event HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT
1933 *
1934 * Returns void
1935 *
1936 ******************************************************************************/
btu_hcif_host_support_evt(uint8_t * p)1937 static void btu_hcif_host_support_evt(uint8_t* p) {
1938 btm_sec_rmt_host_support_feat_evt(p);
1939 }
1940
1941 /*******************************************************************************
1942 *
1943 * Function btu_hcif_io_cap_request_evt
1944 *
1945 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1946 *
1947 * Returns void
1948 *
1949 ******************************************************************************/
btu_hcif_io_cap_request_evt(uint8_t * p)1950 static void btu_hcif_io_cap_request_evt(uint8_t* p) {
1951 RawAddress bda;
1952 STREAM_TO_BDADDR(bda, p);
1953 btm_io_capabilities_req(bda);
1954 }
1955
1956 /*******************************************************************************
1957 *
1958 * Function btu_hcif_io_cap_response_evt
1959 *
1960 * Description Process event HCI_IO_CAPABILITY_RESPONSE_EVT
1961 *
1962 * Returns void
1963 *
1964 ******************************************************************************/
btu_hcif_io_cap_response_evt(uint8_t * p)1965 static void btu_hcif_io_cap_response_evt(uint8_t* p) {
1966 btm_io_capabilities_rsp(p);
1967 }
1968
1969 /*******************************************************************************
1970 *
1971 * Function btu_hcif_user_conf_request_evt
1972 *
1973 * Description Process event HCI_USER_CONFIRMATION_REQUEST_EVT
1974 *
1975 * Returns void
1976 *
1977 ******************************************************************************/
btu_hcif_user_conf_request_evt(uint8_t * p)1978 static void btu_hcif_user_conf_request_evt(uint8_t* p) {
1979 btm_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
1980 }
1981
1982 /*******************************************************************************
1983 *
1984 * Function btu_hcif_user_passkey_request_evt
1985 *
1986 * Description Process event HCI_USER_PASSKEY_REQUEST_EVT
1987 *
1988 * Returns void
1989 *
1990 ******************************************************************************/
btu_hcif_user_passkey_request_evt(uint8_t * p)1991 static void btu_hcif_user_passkey_request_evt(uint8_t* p) {
1992 btm_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
1993 }
1994
1995 /*******************************************************************************
1996 *
1997 * Function btu_hcif_user_passkey_notif_evt
1998 *
1999 * Description Process event HCI_USER_PASSKEY_NOTIFY_EVT
2000 *
2001 * Returns void
2002 *
2003 ******************************************************************************/
btu_hcif_user_passkey_notif_evt(uint8_t * p)2004 static void btu_hcif_user_passkey_notif_evt(uint8_t* p) {
2005 btm_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
2006 }
2007
2008 /*******************************************************************************
2009 *
2010 * Function btu_hcif_keypress_notif_evt
2011 *
2012 * Description Process event HCI_KEYPRESS_NOTIFY_EVT
2013 *
2014 * Returns void
2015 *
2016 ******************************************************************************/
btu_hcif_keypress_notif_evt(uint8_t * p)2017 static void btu_hcif_keypress_notif_evt(uint8_t* p) {
2018 btm_keypress_notif_evt(p);
2019 }
2020
2021 /*******************************************************************************
2022 *
2023 * Function btu_hcif_rem_oob_request_evt
2024 *
2025 * Description Process event HCI_REMOTE_OOB_DATA_REQUEST_EVT
2026 *
2027 * Returns void
2028 *
2029 ******************************************************************************/
btu_hcif_rem_oob_request_evt(uint8_t * p)2030 static void btu_hcif_rem_oob_request_evt(uint8_t* p) { btm_rem_oob_req(p); }
2031
2032 /*******************************************************************************
2033 *
2034 * Function btu_hcif_simple_pair_complete_evt
2035 *
2036 * Description Process event HCI_SIMPLE_PAIRING_COMPLETE_EVT
2037 *
2038 * Returns void
2039 *
2040 ******************************************************************************/
btu_hcif_simple_pair_complete_evt(uint8_t * p)2041 static void btu_hcif_simple_pair_complete_evt(uint8_t* p) {
2042 btm_simple_pair_complete(p);
2043 }
2044
2045 /*******************************************************************************
2046 *
2047 * Function btu_hcif_enhanced_flush_complete_evt
2048 *
2049 * Description Process event HCI_ENHANCED_FLUSH_COMPLETE_EVT
2050 *
2051 * Returns void
2052 *
2053 ******************************************************************************/
2054 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE)
btu_hcif_enhanced_flush_complete_evt(void)2055 static void btu_hcif_enhanced_flush_complete_evt(void) {
2056 /* This is empty until an upper layer cares about returning event */
2057 }
2058 #endif
2059 /**********************************************
2060 * End of Simple Pairing Events
2061 **********************************************/
2062
read_encryption_key_size_complete_after_key_refresh(uint8_t status,uint16_t handle,uint8_t key_size)2063 static void read_encryption_key_size_complete_after_key_refresh(uint8_t status, uint16_t handle, uint8_t key_size) {
2064 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
2065 /* If remote device stop the encryption before we call "Read Encryption Key
2066 * Size", we might receive Insufficient Security, which means that link is
2067 * no longer encrypted. */
2068 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
2069 return;
2070 }
2071
2072 if (status != HCI_SUCCESS) {
2073 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
2074 btsnd_hcic_disconnect(handle, HCI_ERR_PEER_USER);
2075 return;
2076 }
2077
2078 if (key_size < MIN_KEY_SIZE) {
2079 android_errorWriteLog(0x534e4554, "124301137");
2080 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
2081 << " key_size: " << +key_size;
2082
2083 btsnd_hcic_disconnect(handle, HCI_ERR_HOST_REJECT_SECURITY);
2084 return;
2085 }
2086
2087 btm_sec_encrypt_change(handle, status, 1 /* enc_enable */);
2088 }
2089
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)2090 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
2091 uint8_t status;
2092 uint16_t handle;
2093
2094 STREAM_TO_UINT8(status, p);
2095 STREAM_TO_UINT16(handle, p);
2096
2097 if (status != HCI_SUCCESS || BTM_IsBleConnection(handle)) {
2098 btm_sec_encrypt_change(handle, status, (status == HCI_SUCCESS) ? 1 : 0);
2099 } else {
2100 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_key_refresh));
2101 }
2102 }
2103
2104 /**********************************************
2105 * BLE Events
2106 **********************************************/
2107
btu_ble_ll_conn_complete_evt(uint8_t * p,uint16_t evt_len)2108 static void btu_ble_ll_conn_complete_evt(uint8_t* p, uint16_t evt_len) {
2109 btm_ble_conn_complete(p, evt_len, false);
2110 }
2111 #if (BLE_PRIVACY_SPT == TRUE)
btu_ble_proc_enhanced_conn_cmpl(uint8_t * p,uint16_t evt_len)2112 static void btu_ble_proc_enhanced_conn_cmpl(uint8_t* p, uint16_t evt_len) {
2113 btm_ble_conn_complete(p, evt_len, true);
2114 }
2115 #endif
2116
2117 extern void gatt_notify_conn_update(uint16_t handle, uint16_t interval,
2118 uint16_t latency, uint16_t timeout,
2119 uint8_t status);
2120
btu_ble_ll_conn_param_upd_evt(uint8_t * p,uint16_t evt_len)2121 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len) {
2122 /* LE connection update has completed successfully as a master. */
2123 /* We can enable the update request if the result is a success. */
2124 /* extract the HCI handle first */
2125 uint8_t status;
2126 uint16_t handle;
2127 uint16_t interval;
2128 uint16_t latency;
2129 uint16_t timeout;
2130
2131 STREAM_TO_UINT8(status, p);
2132 STREAM_TO_UINT16(handle, p);
2133 STREAM_TO_UINT16(interval, p);
2134 STREAM_TO_UINT16(latency, p);
2135 STREAM_TO_UINT16(timeout, p);
2136
2137 l2cble_process_conn_update_evt(handle, status, interval, latency, timeout);
2138
2139 gatt_notify_conn_update(handle & 0x0FFF, interval, latency, timeout, status);
2140 }
2141
btu_ble_read_remote_feat_evt(uint8_t * p)2142 static void btu_ble_read_remote_feat_evt(uint8_t* p) {
2143 btm_ble_read_remote_features_complete(p);
2144 }
2145
btu_ble_proc_ltk_req(uint8_t * p)2146 static void btu_ble_proc_ltk_req(uint8_t* p) {
2147 uint16_t ediv, handle;
2148 uint8_t* pp;
2149
2150 STREAM_TO_UINT16(handle, p);
2151 pp = p + 8;
2152 STREAM_TO_UINT16(ediv, pp);
2153 btm_ble_ltk_request(handle, p, ediv);
2154 /* This is empty until an upper layer cares about returning event */
2155 }
2156
btu_ble_data_length_change_evt(uint8_t * p,uint16_t evt_len)2157 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len) {
2158 uint16_t handle;
2159 uint16_t tx_data_len;
2160 uint16_t rx_data_len;
2161
2162 if (!controller_get_interface()->supports_ble_packet_extension()) {
2163 HCI_TRACE_WARNING("%s, request not supported", __func__);
2164 return;
2165 }
2166
2167 STREAM_TO_UINT16(handle, p);
2168 STREAM_TO_UINT16(tx_data_len, p);
2169 p += 2; /* Skip the TxTimer */
2170 STREAM_TO_UINT16(rx_data_len, p);
2171
2172 l2cble_process_data_length_change_event(handle, tx_data_len, rx_data_len);
2173 }
2174
2175 /**********************************************
2176 * End of BLE Events Handler
2177 **********************************************/
2178 #if (BLE_LLT_INCLUDED == TRUE)
btu_ble_rc_param_req_evt(uint8_t * p)2179 static void btu_ble_rc_param_req_evt(uint8_t* p) {
2180 uint16_t handle;
2181 uint16_t int_min, int_max, latency, timeout;
2182
2183 STREAM_TO_UINT16(handle, p);
2184 STREAM_TO_UINT16(int_min, p);
2185 STREAM_TO_UINT16(int_max, p);
2186 STREAM_TO_UINT16(latency, p);
2187 STREAM_TO_UINT16(timeout, p);
2188
2189 l2cble_process_rc_param_request_evt(handle, int_min, int_max, latency,
2190 timeout);
2191 }
2192 #endif /* BLE_LLT_INCLUDED */
2193