1 /******************************************************************************
2 *
3 * Copyright 2006-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for BTA JV APIs.
22 *
23 ******************************************************************************/
24
25 #define LOG_TAG "bluetooth"
26
27 #include <cstdint>
28 #include <unordered_set>
29
30 #include "bt_target.h" // Must be first to define build configuration
31
32 #include "bta/include/bta_jv_co.h"
33 #include "bta/jv/bta_jv_int.h"
34 #include "bta/sys/bta_sys.h"
35 #include "osi/include/allocator.h"
36 #include "stack/btm/btm_sec.h"
37 #include "stack/include/avct_api.h" // AVCT_PSM
38 #include "stack/include/avdt_api.h" // AVDT_PSM
39 #include "stack/include/gap_api.h"
40 #include "stack/include/port_api.h"
41 #include "types/bluetooth/uuid.h"
42 #include "types/raw_address.h"
43
44 using bluetooth::Uuid;
45
46 tBTA_JV_CB bta_jv_cb;
47 std::unordered_set<uint16_t> used_l2cap_classic_dynamic_psm;
48
49 static tBTA_JV_PCB* bta_jv_add_rfc_port(tBTA_JV_RFC_CB* p_cb,
50 tBTA_JV_PCB* p_pcb_open);
51 static tBTA_JV_STATUS bta_jv_free_set_pm_profile_cb(uint32_t jv_handle);
52 static void bta_jv_pm_conn_busy(tBTA_JV_PM_CB* p_cb);
53 static void bta_jv_pm_conn_idle(tBTA_JV_PM_CB* p_cb);
54 static void bta_jv_pm_state_change(tBTA_JV_PM_CB* p_cb,
55 const tBTA_JV_CONN_STATE state);
56
57 /*******************************************************************************
58 *
59 * Function bta_jv_alloc_sec_id
60 *
61 * Description allocate a security id
62 *
63 * Returns
64 *
65 ******************************************************************************/
bta_jv_alloc_sec_id(void)66 uint8_t bta_jv_alloc_sec_id(void) {
67 uint8_t ret = 0;
68 int i;
69 for (i = 0; i < BTA_JV_NUM_SERVICE_ID; i++) {
70 if (0 == bta_jv_cb.sec_id[i]) {
71 bta_jv_cb.sec_id[i] = BTA_JV_FIRST_SERVICE_ID + i;
72 ret = bta_jv_cb.sec_id[i];
73 break;
74 }
75 }
76 return ret;
77 }
get_sec_id_used(void)78 static int get_sec_id_used(void) {
79 int i;
80 int used = 0;
81 for (i = 0; i < BTA_JV_NUM_SERVICE_ID; i++) {
82 if (bta_jv_cb.sec_id[i]) used++;
83 }
84 if (used == BTA_JV_NUM_SERVICE_ID)
85 LOG(ERROR) << __func__
86 << ": sec id exceeds the limit=" << BTA_JV_NUM_SERVICE_ID;
87 return used;
88 }
get_rfc_cb_used(void)89 static int get_rfc_cb_used(void) {
90 int i;
91 int used = 0;
92 for (i = 0; i < BTA_JV_MAX_RFC_CONN; i++) {
93 if (bta_jv_cb.rfc_cb[i].handle) used++;
94 }
95 if (used == BTA_JV_MAX_RFC_CONN)
96 LOG(ERROR) << __func__
97 << ": rfc ctrl block exceeds the limit=" << BTA_JV_MAX_RFC_CONN;
98 return used;
99 }
100
101 /*******************************************************************************
102 *
103 * Function bta_jv_free_sec_id
104 *
105 * Description free the given security id
106 *
107 * Returns
108 *
109 ******************************************************************************/
bta_jv_free_sec_id(uint8_t * p_sec_id)110 static void bta_jv_free_sec_id(uint8_t* p_sec_id) {
111 uint8_t sec_id = *p_sec_id;
112 *p_sec_id = 0;
113 if (sec_id >= BTA_JV_FIRST_SERVICE_ID && sec_id <= BTA_JV_LAST_SERVICE_ID) {
114 BTM_SecClrService(sec_id);
115 bta_jv_cb.sec_id[sec_id - BTA_JV_FIRST_SERVICE_ID] = 0;
116 }
117 }
118
119 /*******************************************************************************
120 *
121 * Function bta_jv_alloc_rfc_cb
122 *
123 * Description allocate a control block for the given port handle
124 *
125 * Returns
126 *
127 ******************************************************************************/
bta_jv_alloc_rfc_cb(uint16_t port_handle,tBTA_JV_PCB ** pp_pcb)128 tBTA_JV_RFC_CB* bta_jv_alloc_rfc_cb(uint16_t port_handle,
129 tBTA_JV_PCB** pp_pcb) {
130 tBTA_JV_RFC_CB* p_cb = NULL;
131 tBTA_JV_PCB* p_pcb;
132 int i, j;
133 for (i = 0; i < BTA_JV_MAX_RFC_CONN; i++) {
134 if (0 == bta_jv_cb.rfc_cb[i].handle) {
135 p_cb = &bta_jv_cb.rfc_cb[i];
136 /* mask handle to distinguish it with L2CAP handle */
137 p_cb->handle = (i + 1) | BTA_JV_RFCOMM_MASK;
138
139 p_cb->max_sess = 1;
140 p_cb->curr_sess = 1;
141 for (j = 0; j < BTA_JV_MAX_RFC_SR_SESSION; j++) p_cb->rfc_hdl[j] = 0;
142 p_cb->rfc_hdl[0] = port_handle;
143 VLOG(2) << __func__ << "port_handle=" << +port_handle
144 << ", handle=" << loghex(p_cb->handle);
145
146 p_pcb = &bta_jv_cb.port_cb[port_handle - 1];
147 p_pcb->handle = p_cb->handle;
148 p_pcb->port_handle = port_handle;
149 p_pcb->p_pm_cb = NULL;
150 *pp_pcb = p_pcb;
151 break;
152 }
153 }
154 if (p_cb == NULL) {
155 LOG(ERROR) << __func__ << "port_handle=" << port_handle << " ctrl block exceeds limit:" << BTA_JV_MAX_RFC_CONN;
156 }
157 return p_cb;
158 }
159
160 /*******************************************************************************
161 *
162 * Function bta_jv_rfc_port_to_pcb
163 *
164 * Description find the port control block associated with the given port
165 * handle
166 *
167 * Returns
168 *
169 ******************************************************************************/
bta_jv_rfc_port_to_pcb(uint16_t port_handle)170 tBTA_JV_PCB* bta_jv_rfc_port_to_pcb(uint16_t port_handle) {
171 tBTA_JV_PCB* p_pcb = NULL;
172
173 if ((port_handle > 0) && (port_handle <= MAX_RFC_PORTS) &&
174 bta_jv_cb.port_cb[port_handle - 1].handle) {
175 p_pcb = &bta_jv_cb.port_cb[port_handle - 1];
176 }
177
178 return p_pcb;
179 }
180
181 /*******************************************************************************
182 *
183 * Function bta_jv_rfc_port_to_cb
184 *
185 * Description find the RFCOMM control block associated with the given port
186 * handle
187 *
188 * Returns
189 *
190 ******************************************************************************/
bta_jv_rfc_port_to_cb(uint16_t port_handle)191 tBTA_JV_RFC_CB* bta_jv_rfc_port_to_cb(uint16_t port_handle) {
192 tBTA_JV_RFC_CB* p_cb = NULL;
193 uint32_t handle;
194
195 if ((port_handle > 0) && (port_handle <= MAX_RFC_PORTS) &&
196 bta_jv_cb.port_cb[port_handle - 1].handle) {
197 handle = bta_jv_cb.port_cb[port_handle - 1].handle;
198 handle &= BTA_JV_RFC_HDL_MASK;
199 handle &= ~BTA_JV_RFCOMM_MASK;
200 if (handle) p_cb = &bta_jv_cb.rfc_cb[handle - 1];
201 } else {
202 LOG(WARNING) << __func__
203 << ": jv handle not found port_handle:" << port_handle;
204 }
205 return p_cb;
206 }
207
bta_jv_free_rfc_cb(tBTA_JV_RFC_CB * p_cb,tBTA_JV_PCB * p_pcb)208 static tBTA_JV_STATUS bta_jv_free_rfc_cb(tBTA_JV_RFC_CB* p_cb,
209 tBTA_JV_PCB* p_pcb) {
210 tBTA_JV_STATUS status = BTA_JV_SUCCESS;
211 bool remove_server = false;
212 int close_pending = 0;
213
214 if (!p_cb || !p_pcb) {
215 LOG(ERROR) << __func__ << " p_cb or p_pcb cannot be null";
216 return BTA_JV_FAILURE;
217 }
218 VLOG(2) << __func__ << ": max_sess=" << p_cb->max_sess
219 << ", curr_sess=" << p_cb->curr_sess << ", p_pcb=" << p_pcb
220 << ", user=" << p_pcb->rfcomm_slot_id << ", state=" << p_pcb->state
221 << ", jv handle=" << loghex(p_pcb->handle);
222
223 if (p_cb->curr_sess <= 0) return BTA_JV_SUCCESS;
224
225 switch (p_pcb->state) {
226 case BTA_JV_ST_CL_CLOSING:
227 case BTA_JV_ST_SR_CLOSING:
228 LOG(WARNING) << __func__
229 << ": return on closing, port state=" << p_pcb->state
230 << ", scn=" << p_cb->scn << ", p_pcb=" << p_pcb
231 << ", user_data=" << p_pcb->rfcomm_slot_id;
232 status = BTA_JV_FAILURE;
233 return status;
234 case BTA_JV_ST_CL_OPEN:
235 case BTA_JV_ST_CL_OPENING:
236 VLOG(2) << __func__ << ": state=" << p_pcb->state << ", scn=" << p_cb->scn
237 << ", user_data=" << p_pcb->rfcomm_slot_id;
238 p_pcb->state = BTA_JV_ST_CL_CLOSING;
239 break;
240 case BTA_JV_ST_SR_LISTEN:
241 p_pcb->state = BTA_JV_ST_SR_CLOSING;
242 remove_server = true;
243 VLOG(2) << __func__ << ": state: BTA_JV_ST_SR_LISTEN, scn=" << p_cb->scn
244 << ", user_data=" << p_pcb->rfcomm_slot_id;
245 break;
246 case BTA_JV_ST_SR_OPEN:
247 p_pcb->state = BTA_JV_ST_SR_CLOSING;
248 VLOG(2) << ": state: BTA_JV_ST_SR_OPEN, scn=" << p_cb->scn
249 << " user_data=" << p_pcb->rfcomm_slot_id;
250 break;
251 default:
252 LOG(WARNING) << __func__ << ":failed, ignore port state= " << p_pcb->state
253 << ", scn=" << p_cb->scn << ", p_pcb= " << p_pcb
254 << ", jv handle=" << loghex(p_pcb->handle)
255 << ", port_handle=" << p_pcb->port_handle
256 << ", user_data=" << p_pcb->rfcomm_slot_id;
257 status = BTA_JV_FAILURE;
258 break;
259 }
260 if (BTA_JV_SUCCESS == status) {
261 int port_status;
262
263 if (!remove_server)
264 port_status = RFCOMM_RemoveConnection(p_pcb->port_handle);
265 else
266 port_status = RFCOMM_RemoveServer(p_pcb->port_handle);
267 if (port_status != PORT_SUCCESS) {
268 status = BTA_JV_FAILURE;
269 LOG(WARNING) << __func__ << ": Remove jv handle=" << loghex(p_pcb->handle)
270 << ", state=" << p_pcb->state
271 << ", port_status=" << port_status
272 << ", port_handle=" << p_pcb->port_handle
273 << ", close_pending=" << close_pending;
274 }
275 }
276 if (!close_pending) {
277 p_pcb->port_handle = 0;
278 p_pcb->state = BTA_JV_ST_NONE;
279 bta_jv_free_set_pm_profile_cb(p_pcb->handle);
280
281 // Initialize congestion flags
282 p_pcb->cong = false;
283 p_pcb->rfcomm_slot_id = 0;
284 int si = BTA_JV_RFC_HDL_TO_SIDX(p_pcb->handle);
285 if (0 <= si && si < BTA_JV_MAX_RFC_SR_SESSION) p_cb->rfc_hdl[si] = 0;
286 p_pcb->handle = 0;
287 p_cb->curr_sess--;
288 if (p_cb->curr_sess == 0) {
289 RFCOMM_ClearSecurityRecord(p_cb->scn);
290 p_cb->scn = 0;
291 p_cb->p_cback = NULL;
292 p_cb->handle = 0;
293 p_cb->curr_sess = -1;
294 }
295 if (remove_server) {
296 RFCOMM_ClearSecurityRecord(p_cb->scn);
297 }
298 }
299 return status;
300 }
301
302 /*******************************************************************************
303 *
304 * Function bta_jv_free_l2c_cb
305 *
306 * Description free the given L2CAP control block
307 *
308 * Returns
309 *
310 ******************************************************************************/
bta_jv_free_l2c_cb(tBTA_JV_L2C_CB * p_cb)311 tBTA_JV_STATUS bta_jv_free_l2c_cb(tBTA_JV_L2C_CB* p_cb) {
312 tBTA_JV_STATUS status = BTA_JV_SUCCESS;
313
314 if (BTA_JV_ST_NONE != p_cb->state) {
315 bta_jv_free_set_pm_profile_cb((uint32_t)p_cb->handle);
316 if (GAP_ConnClose(p_cb->handle) != BT_PASS) status = BTA_JV_FAILURE;
317 }
318 p_cb->psm = 0;
319 p_cb->state = BTA_JV_ST_NONE;
320 p_cb->cong = false;
321 bta_jv_free_sec_id(&p_cb->sec_id);
322 p_cb->p_cback = NULL;
323 p_cb->handle = 0;
324 p_cb->l2cap_socket_id = 0;
325 return status;
326 }
327
328 /*******************************************************************************
329 *
330 *
331 * Function bta_jv_clear_pm_cb
332 *
333 * Description clears jv pm control block and optionally calls
334 * bta_sys_conn_close()
335 * In general close_conn should be set to true to remove registering
336 * with dm pm!
337 *
338 * WARNING: Make sure to clear pointer form port or l2c to this control block
339 * too!
340 *
341 ******************************************************************************/
bta_jv_clear_pm_cb(tBTA_JV_PM_CB * p_pm_cb,bool close_conn)342 static void bta_jv_clear_pm_cb(tBTA_JV_PM_CB* p_pm_cb, bool close_conn) {
343 /* needs to be called if registered with bta pm, otherwise we may run out of
344 * dm pm slots! */
345 if (close_conn)
346 bta_sys_conn_close(BTA_ID_JV, p_pm_cb->app_id, p_pm_cb->peer_bd_addr);
347 p_pm_cb->state = BTA_JV_PM_FREE_ST;
348 p_pm_cb->app_id = BTA_JV_PM_ALL;
349 p_pm_cb->handle = BTA_JV_PM_HANDLE_CLEAR;
350 p_pm_cb->peer_bd_addr = RawAddress::kEmpty;
351 }
352
353 /*******************************************************************************
354 *
355 * Function bta_jv_free_set_pm_profile_cb
356 *
357 * Description free pm profile control block
358 *
359 * Returns BTA_JV_SUCCESS if cb has been freed correctly,
360 * BTA_JV_FAILURE in case of no profile has been registered or
361 * already freed
362 *
363 ******************************************************************************/
bta_jv_free_set_pm_profile_cb(uint32_t jv_handle)364 static tBTA_JV_STATUS bta_jv_free_set_pm_profile_cb(uint32_t jv_handle) {
365 tBTA_JV_STATUS status = BTA_JV_FAILURE;
366 tBTA_JV_PM_CB** p_cb;
367 int i, j, bd_counter = 0, appid_counter = 0;
368
369 for (i = 0; i < BTA_JV_PM_MAX_NUM; i++) {
370 p_cb = NULL;
371 if ((bta_jv_cb.pm_cb[i].state != BTA_JV_PM_FREE_ST) &&
372 (jv_handle == bta_jv_cb.pm_cb[i].handle)) {
373 for (j = 0; j < BTA_JV_PM_MAX_NUM; j++) {
374 if (bta_jv_cb.pm_cb[j].peer_bd_addr == bta_jv_cb.pm_cb[i].peer_bd_addr)
375 bd_counter++;
376 if (bta_jv_cb.pm_cb[j].app_id == bta_jv_cb.pm_cb[i].app_id)
377 appid_counter++;
378 }
379
380 VLOG(2) << __func__ << ": jv_handle=" << loghex(jv_handle)
381 << ", idx=" << i << "app_id=" << bta_jv_cb.pm_cb[i].app_id
382 << ", bd_counter=" << bd_counter
383 << ", appid_counter=" << appid_counter;
384 if (bd_counter > 1) {
385 bta_jv_pm_conn_idle(&bta_jv_cb.pm_cb[i]);
386 }
387
388 if (bd_counter <= 1 || (appid_counter <= 1)) {
389 bta_jv_clear_pm_cb(&bta_jv_cb.pm_cb[i], true);
390 } else {
391 bta_jv_clear_pm_cb(&bta_jv_cb.pm_cb[i], false);
392 }
393
394 if (BTA_JV_RFCOMM_MASK & jv_handle) {
395 uint32_t hi =
396 ((jv_handle & BTA_JV_RFC_HDL_MASK) & ~BTA_JV_RFCOMM_MASK) - 1;
397 uint32_t si = BTA_JV_RFC_HDL_TO_SIDX(jv_handle);
398 if (hi < BTA_JV_MAX_RFC_CONN && bta_jv_cb.rfc_cb[hi].p_cback &&
399 si < BTA_JV_MAX_RFC_SR_SESSION &&
400 bta_jv_cb.rfc_cb[hi].rfc_hdl[si]) {
401 tBTA_JV_PCB* p_pcb =
402 bta_jv_rfc_port_to_pcb(bta_jv_cb.rfc_cb[hi].rfc_hdl[si]);
403 if (p_pcb) {
404 if (NULL == p_pcb->p_pm_cb)
405 LOG(WARNING) << __func__ << ": jv_handle=" << loghex(jv_handle)
406 << ", port_handle=" << p_pcb->port_handle
407 << ", i=" << i << ", no link to pm_cb?";
408 p_cb = &p_pcb->p_pm_cb;
409 }
410 }
411 } else {
412 if (jv_handle < BTA_JV_MAX_L2C_CONN) {
413 tBTA_JV_L2C_CB* p_l2c_cb = &bta_jv_cb.l2c_cb[jv_handle];
414 if (NULL == p_l2c_cb->p_pm_cb)
415 LOG(WARNING) << __func__ << ": jv_handle=" << loghex(jv_handle)
416 << ", i=" << i << " no link to pm_cb?";
417 p_cb = &p_l2c_cb->p_pm_cb;
418 }
419 }
420 if (p_cb) {
421 *p_cb = NULL;
422 status = BTA_JV_SUCCESS;
423 }
424 }
425 }
426 return status;
427 }
428
429 /*******************************************************************************
430 *
431 * Function bta_jv_alloc_set_pm_profile_cb
432 *
433 * Description set PM profile control block
434 *
435 * Returns pointer to allocated cb or NULL in case of failure
436 *
437 ******************************************************************************/
bta_jv_alloc_set_pm_profile_cb(uint32_t jv_handle,tBTA_JV_PM_ID app_id)438 static tBTA_JV_PM_CB* bta_jv_alloc_set_pm_profile_cb(uint32_t jv_handle,
439 tBTA_JV_PM_ID app_id) {
440 bool bRfcHandle = (jv_handle & BTA_JV_RFCOMM_MASK) != 0;
441 RawAddress peer_bd_addr = RawAddress::kEmpty;
442 int i, j;
443 tBTA_JV_PM_CB** pp_cb;
444
445 for (i = 0; i < BTA_JV_PM_MAX_NUM; i++) {
446 pp_cb = NULL;
447 if (bta_jv_cb.pm_cb[i].state == BTA_JV_PM_FREE_ST) {
448 /* rfc handle bd addr retrieval requires core stack handle */
449 if (bRfcHandle) {
450 for (j = 0; j < BTA_JV_MAX_RFC_CONN; j++) {
451 if (jv_handle == bta_jv_cb.port_cb[j].handle) {
452 pp_cb = &bta_jv_cb.port_cb[j].p_pm_cb;
453 if (PORT_SUCCESS !=
454 PORT_CheckConnection(bta_jv_cb.port_cb[j].port_handle,
455 &peer_bd_addr, NULL)) {
456 i = BTA_JV_PM_MAX_NUM;
457 }
458 break;
459 }
460 }
461 } else {
462 /* use jv handle for l2cap bd address retrieval */
463 for (j = 0; j < BTA_JV_MAX_L2C_CONN; j++) {
464 if (jv_handle == bta_jv_cb.l2c_cb[j].handle) {
465 pp_cb = &bta_jv_cb.l2c_cb[j].p_pm_cb;
466 const RawAddress* p_bd_addr =
467 GAP_ConnGetRemoteAddr((uint16_t)jv_handle);
468 if (p_bd_addr)
469 peer_bd_addr = *p_bd_addr;
470 else
471 i = BTA_JV_PM_MAX_NUM;
472 break;
473 }
474 }
475 }
476 VLOG(2) << __func__ << ": handle=" << loghex(jv_handle)
477 << ", app_id=" << app_id << ", idx=" << i
478 << ", BTA_JV_PM_MAX_NUM=" << BTA_JV_PM_MAX_NUM
479 << ", pp_cb=" << pp_cb;
480 break;
481 }
482 }
483
484 if ((i != BTA_JV_PM_MAX_NUM) && (NULL != pp_cb)) {
485 *pp_cb = &bta_jv_cb.pm_cb[i];
486 bta_jv_cb.pm_cb[i].handle = jv_handle;
487 bta_jv_cb.pm_cb[i].app_id = app_id;
488 bta_jv_cb.pm_cb[i].peer_bd_addr = peer_bd_addr;
489 bta_jv_cb.pm_cb[i].state = BTA_JV_PM_IDLE_ST;
490 return &bta_jv_cb.pm_cb[i];
491 }
492 LOG(WARNING) << __func__ << ": handle=" << loghex(jv_handle)
493 << ", app_id=" << app_id << ", return NULL";
494 return NULL;
495 }
496
497 /*******************************************************************************
498 *
499 * Function bta_jv_check_psm
500 *
501 * Description for now use only the legal PSM per JSR82 spec
502 *
503 * Returns true, if allowed
504 *
505 ******************************************************************************/
bta_jv_check_psm(uint16_t psm)506 bool bta_jv_check_psm(uint16_t psm) {
507 bool ret = false;
508
509 if (L2C_IS_VALID_PSM(psm)) {
510 if (psm < 0x1001) {
511 /* see if this is defined by spec */
512 switch (psm) {
513 case BT_PSM_SDP:
514 case BT_PSM_RFCOMM: /* 3 */
515 /* do not allow java app to use these 2 PSMs */
516 break;
517
518 case BT_PSM_TCS:
519 case BT_PSM_CTP:
520 if (!bta_sys_is_register(BTA_ID_CT) &&
521 !bta_sys_is_register(BTA_ID_CG))
522 ret = true;
523 break;
524
525 case BT_PSM_BNEP: /* F */
526 if (!bta_sys_is_register(BTA_ID_PAN)) ret = true;
527 break;
528
529 case BT_PSM_HIDC:
530 case BT_PSM_HIDI:
531 // FIX: allow HID Device and HID Host to coexist
532 if (!bta_sys_is_register(BTA_ID_HD) ||
533 !bta_sys_is_register(BTA_ID_HH))
534 ret = true;
535 break;
536
537 case AVCT_PSM: /* 0x17 */
538 case AVDT_PSM: /* 0x19 */
539 if (!bta_sys_is_register(BTA_ID_AV)) ret = true;
540 break;
541
542 default:
543 ret = true;
544 break;
545 }
546 } else {
547 ret = true;
548 }
549 }
550 return ret;
551 }
552
553 /* Initialises the JAVA I/F */
bta_jv_enable(tBTA_JV_DM_CBACK * p_cback)554 void bta_jv_enable(tBTA_JV_DM_CBACK* p_cback) {
555 tBTA_JV_STATUS status = BTA_JV_SUCCESS;
556 bta_jv_cb.p_dm_cback = p_cback;
557 tBTA_JV bta_jv;
558 bta_jv.status = status;
559 bta_jv_cb.p_dm_cback(BTA_JV_ENABLE_EVT, &bta_jv, 0);
560 memset(bta_jv_cb.free_psm_list, 0, sizeof(bta_jv_cb.free_psm_list));
561 }
562
563 /** Disables the BT device manager free the resources used by java */
bta_jv_disable()564 void bta_jv_disable() { LOG(INFO) << __func__; }
565
566 /**
567 * We keep a list of PSM's that have been freed from JAVA, for reuse.
568 * This function will return a free PSM, and delete it from the free
569 * list.
570 * If no free PSMs exist, 0 will be returned.
571 */
bta_jv_get_free_psm()572 static uint16_t bta_jv_get_free_psm() {
573 const int cnt =
574 sizeof(bta_jv_cb.free_psm_list) / sizeof(bta_jv_cb.free_psm_list[0]);
575 for (int i = 0; i < cnt; i++) {
576 uint16_t psm = bta_jv_cb.free_psm_list[i];
577 if (psm != 0) {
578 VLOG(2) << __func__ << ": Reusing PSM=" << loghex(psm);
579 bta_jv_cb.free_psm_list[i] = 0;
580 return psm;
581 }
582 }
583 return 0;
584 }
585
bta_jv_set_free_psm(uint16_t psm)586 static void bta_jv_set_free_psm(uint16_t psm) {
587 int free_index = -1;
588 const int cnt =
589 sizeof(bta_jv_cb.free_psm_list) / sizeof(bta_jv_cb.free_psm_list[0]);
590 for (int i = 0; i < cnt; i++) {
591 if (bta_jv_cb.free_psm_list[i] == 0) {
592 free_index = i;
593 } else if (psm == bta_jv_cb.free_psm_list[i]) {
594 return; // PSM already freed?
595 }
596 }
597 if (free_index != -1) {
598 bta_jv_cb.free_psm_list[free_index] = psm;
599 VLOG(2) << __func__ << ": Recycling PSM=" << loghex(psm);
600 } else {
601 LOG(ERROR) << __func__ << ": unable to free psm=" << loghex(psm)
602 << " no more free slots";
603 }
604 }
605
bta_jv_allocate_l2cap_classic_psm()606 static uint16_t bta_jv_allocate_l2cap_classic_psm() {
607 bool done = false;
608 uint16_t psm = bta_jv_cb.dyn_psm;
609
610 while (!done) {
611 psm += 2;
612 if (psm > 0xfeff) {
613 psm = 0x1001;
614 } else if (psm & 0x0100) {
615 /* the upper byte must be even */
616 psm += 0x0100;
617 }
618
619 /* if psm is in range of reserved BRCM Aware features */
620 if ((BRCM_RESERVED_PSM_START <= psm) && (psm <= BRCM_RESERVED_PSM_END))
621 continue;
622
623 /* make sure the newlly allocated psm is not used right now */
624 if (used_l2cap_classic_dynamic_psm.count(psm) == 0) done = true;
625 }
626 bta_jv_cb.dyn_psm = psm;
627
628 return (psm);
629 }
630
631 /** Obtain a free SCN (Server Channel Number) (RFCOMM channel or L2CAP PSM) */
bta_jv_get_channel_id(int32_t type,int32_t channel,uint32_t l2cap_socket_id,uint32_t rfcomm_slot_id)632 void bta_jv_get_channel_id(
633 int32_t type /* One of BTA_JV_CONN_TYPE_ */,
634 int32_t channel /* optionally request a specific channel */,
635 uint32_t l2cap_socket_id, uint32_t rfcomm_slot_id) {
636 uint16_t psm = 0;
637
638 switch (type) {
639 case BTA_JV_CONN_TYPE_RFCOMM: {
640 uint8_t scn = 0;
641 if (channel > 0) {
642 if (!BTM_TryAllocateSCN(channel)) {
643 LOG(ERROR) << "rfc channel=" << channel
644 << " already in use or invalid";
645 channel = 0;
646 }
647 } else {
648 channel = BTM_AllocateSCN();
649 if (channel == 0) {
650 LOG(ERROR) << "run out of rfc channels";
651 channel = 0;
652 }
653 }
654 if (channel != 0) {
655 bta_jv_cb.scn[channel - 1] = true;
656 scn = (uint8_t)channel;
657 }
658 if (bta_jv_cb.p_dm_cback) {
659 tBTA_JV bta_jv;
660 bta_jv.scn = scn;
661 bta_jv_cb.p_dm_cback(BTA_JV_GET_SCN_EVT, &bta_jv, rfcomm_slot_id);
662 }
663 return;
664 }
665 case BTA_JV_CONN_TYPE_L2CAP:
666 psm = bta_jv_get_free_psm();
667 if (psm == 0) {
668 psm = bta_jv_allocate_l2cap_classic_psm();
669 VLOG(2) << __func__ << ": returned PSM=" << loghex(psm);
670 }
671 break;
672 case BTA_JV_CONN_TYPE_L2CAP_LE:
673 psm = L2CA_AllocateLePSM();
674 if (psm == 0) {
675 LOG(ERROR) << __func__ << ": Error: No free LE PSM available";
676 }
677 break;
678 default:
679 break;
680 }
681
682 if (bta_jv_cb.p_dm_cback) {
683 tBTA_JV bta_jv;
684 bta_jv.psm = psm;
685 bta_jv_cb.p_dm_cback(BTA_JV_GET_PSM_EVT, &bta_jv, l2cap_socket_id);
686 }
687 }
688
689 /** free a SCN */
bta_jv_free_scn(int32_t type,uint16_t scn)690 void bta_jv_free_scn(int32_t type /* One of BTA_JV_CONN_TYPE_ */,
691 uint16_t scn) {
692 switch (type) {
693 case BTA_JV_CONN_TYPE_RFCOMM: {
694 if (scn > 0 && scn <= BTA_JV_MAX_SCN && bta_jv_cb.scn[scn - 1]) {
695 /* this scn is used by JV */
696 bta_jv_cb.scn[scn - 1] = false;
697 BTM_FreeSCN(scn);
698 }
699 break;
700 }
701 case BTA_JV_CONN_TYPE_L2CAP:
702 bta_jv_set_free_psm(scn);
703 break;
704 case BTA_JV_CONN_TYPE_L2CAP_LE:
705 VLOG(2) << __func__ << ": type=BTA_JV_CONN_TYPE_L2CAP_LE. psm=" << scn;
706 L2CA_FreeLePSM(scn);
707 break;
708 default:
709 break;
710 }
711 }
712
713 /*******************************************************************************
714 *
715 * Function bta_jv_start_discovery_cback
716 *
717 * Description Callback for Start Discovery
718 *
719 * Returns void
720 *
721 ******************************************************************************/
bta_jv_start_discovery_cback(tSDP_RESULT result,void * user_data)722 static void bta_jv_start_discovery_cback(tSDP_RESULT result, void* user_data) {
723 tBTA_JV_STATUS status;
724 uint32_t* p_rfcomm_slot_id = static_cast<uint32_t*>(user_data);
725
726 VLOG(2) << __func__ << ": res=" << loghex(static_cast<uint16_t>(result));
727
728 bta_jv_cb.sdp_active = BTA_JV_SDP_ACT_NONE;
729 if (bta_jv_cb.p_dm_cback) {
730 tBTA_JV_DISCOVERY_COMP dcomp;
731 dcomp.scn = 0;
732 status = BTA_JV_FAILURE;
733 if (result == SDP_SUCCESS || result == SDP_DB_FULL) {
734 tSDP_DISC_REC* p_sdp_rec = NULL;
735 tSDP_PROTOCOL_ELEM pe;
736 VLOG(2) << __func__ << ": bta_jv_cb.uuid=" << bta_jv_cb.uuid;
737 p_sdp_rec = SDP_FindServiceUUIDInDb(p_bta_jv_cfg->p_sdp_db,
738 bta_jv_cb.uuid, p_sdp_rec);
739 VLOG(2) << __func__ << ": p_sdp_rec=" << p_sdp_rec;
740 if (p_sdp_rec &&
741 SDP_FindProtocolListElemInRec(p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
742 dcomp.scn = (uint8_t)pe.params[0];
743 status = BTA_JV_SUCCESS;
744 }
745 }
746
747 dcomp.status = status;
748 tBTA_JV bta_jv;
749 bta_jv.disc_comp = dcomp;
750 bta_jv_cb.p_dm_cback(BTA_JV_DISCOVERY_COMP_EVT, &bta_jv, *p_rfcomm_slot_id);
751 osi_free(p_rfcomm_slot_id);
752 }
753 }
754
755 /* Discovers services on a remote device */
bta_jv_start_discovery(const RawAddress & bd_addr,uint16_t num_uuid,bluetooth::Uuid * uuid_list,uint32_t rfcomm_slot_id)756 void bta_jv_start_discovery(const RawAddress& bd_addr, uint16_t num_uuid,
757 bluetooth::Uuid* uuid_list,
758 uint32_t rfcomm_slot_id) {
759 tBTA_JV_STATUS status = BTA_JV_FAILURE;
760 VLOG(2) << __func__ << ": in, sdp_active=" << bta_jv_cb.sdp_active;
761 if (bta_jv_cb.sdp_active != BTA_JV_SDP_ACT_NONE) {
762 /* SDP is still in progress */
763 status = BTA_JV_BUSY;
764 if (bta_jv_cb.p_dm_cback) {
765 tBTA_JV bta_jv;
766 bta_jv.status = status;
767 bta_jv_cb.p_dm_cback(BTA_JV_DISCOVERY_COMP_EVT, &bta_jv, rfcomm_slot_id);
768 }
769 return;
770 }
771
772 /* init the database/set up the filter */
773 VLOG(2) << __func__ << ": call SDP_InitDiscoveryDb, num_uuid=" << num_uuid;
774 SDP_InitDiscoveryDb(p_bta_jv_cfg->p_sdp_db, p_bta_jv_cfg->sdp_db_size,
775 num_uuid, uuid_list, 0, NULL);
776
777 /* tell SDP to keep the raw data */
778 p_bta_jv_cfg->p_sdp_db->raw_data = p_bta_jv_cfg->p_sdp_raw_data;
779 p_bta_jv_cfg->p_sdp_db->raw_size = p_bta_jv_cfg->sdp_raw_size;
780
781 bta_jv_cb.p_sel_raw_data = 0;
782 bta_jv_cb.uuid = uuid_list[0];
783
784 bta_jv_cb.sdp_active = BTA_JV_SDP_ACT_YES;
785
786 uint32_t* rfcomm_slot_id_copy = (uint32_t*)osi_malloc(sizeof(uint32_t));
787 *rfcomm_slot_id_copy = rfcomm_slot_id;
788
789 if (!SDP_ServiceSearchAttributeRequest2(bd_addr, p_bta_jv_cfg->p_sdp_db,
790 bta_jv_start_discovery_cback,
791 (void*)rfcomm_slot_id_copy)) {
792 bta_jv_cb.sdp_active = BTA_JV_SDP_ACT_NONE;
793 /* failed to start SDP. report the failure right away */
794 if (bta_jv_cb.p_dm_cback) {
795 tBTA_JV bta_jv;
796 bta_jv.status = status;
797 bta_jv_cb.p_dm_cback(BTA_JV_DISCOVERY_COMP_EVT, &bta_jv, rfcomm_slot_id);
798 }
799 }
800 /*
801 else report the result when the cback is called
802 */
803 }
804
805 /* Create an SDP record with the given attributes */
bta_jv_create_record(uint32_t rfcomm_slot_id)806 void bta_jv_create_record(uint32_t rfcomm_slot_id) {
807 tBTA_JV_CREATE_RECORD evt_data;
808 evt_data.status = BTA_JV_SUCCESS;
809 if (bta_jv_cb.p_dm_cback) {
810 // callback immediately to create the sdp record in stack thread context
811 tBTA_JV bta_jv;
812 bta_jv.create_rec = evt_data;
813 bta_jv_cb.p_dm_cback(BTA_JV_CREATE_RECORD_EVT, &bta_jv, rfcomm_slot_id);
814 }
815 }
816
817 /* Delete an SDP record */
bta_jv_delete_record(uint32_t handle)818 void bta_jv_delete_record(uint32_t handle) {
819 if (handle) {
820 /* this is a record created by btif layer*/
821 SDP_DeleteRecord(handle);
822 }
823 }
824
825 /*******************************************************************************
826 *
827 * Function bta_jv_l2cap_client_cback
828 *
829 * Description handles the l2cap client events
830 *
831 * Returns void
832 *
833 ******************************************************************************/
bta_jv_l2cap_client_cback(uint16_t gap_handle,uint16_t event,tGAP_CB_DATA * data)834 static void bta_jv_l2cap_client_cback(uint16_t gap_handle, uint16_t event,
835 tGAP_CB_DATA* data) {
836 tBTA_JV_L2C_CB* p_cb = &bta_jv_cb.l2c_cb[gap_handle];
837 tBTA_JV evt_data;
838
839 if (gap_handle >= BTA_JV_MAX_L2C_CONN && !p_cb->p_cback) return;
840
841 VLOG(2) << __func__ << ": gap_handle=" << gap_handle
842 << ", evt=" << loghex(event);
843 evt_data.l2c_open.status = BTA_JV_SUCCESS;
844 evt_data.l2c_open.handle = gap_handle;
845
846 switch (event) {
847 case GAP_EVT_CONN_OPENED:
848 evt_data.l2c_open.rem_bda = *GAP_ConnGetRemoteAddr(gap_handle);
849 evt_data.l2c_open.tx_mtu = GAP_ConnGetRemMtuSize(gap_handle);
850 p_cb->state = BTA_JV_ST_CL_OPEN;
851 p_cb->p_cback(BTA_JV_L2CAP_OPEN_EVT, &evt_data, p_cb->l2cap_socket_id);
852 break;
853
854 case GAP_EVT_CONN_CLOSED:
855 p_cb->state = BTA_JV_ST_NONE;
856 bta_jv_free_sec_id(&p_cb->sec_id);
857 evt_data.l2c_close.async = true;
858 p_cb->p_cback(BTA_JV_L2CAP_CLOSE_EVT, &evt_data, p_cb->l2cap_socket_id);
859 p_cb->p_cback = NULL;
860 break;
861
862 case GAP_EVT_CONN_DATA_AVAIL:
863 evt_data.data_ind.handle = gap_handle;
864 /* Reset idle timer to avoid requesting sniff mode while receiving data */
865 bta_jv_pm_conn_busy(p_cb->p_pm_cb);
866 p_cb->p_cback(BTA_JV_L2CAP_DATA_IND_EVT, &evt_data,
867 p_cb->l2cap_socket_id);
868 bta_jv_pm_conn_idle(p_cb->p_pm_cb);
869 break;
870
871 case GAP_EVT_TX_EMPTY:
872 bta_jv_pm_conn_idle(p_cb->p_pm_cb);
873 break;
874
875 case GAP_EVT_CONN_CONGESTED:
876 case GAP_EVT_CONN_UNCONGESTED:
877 p_cb->cong = (event == GAP_EVT_CONN_CONGESTED) ? true : false;
878 evt_data.l2c_cong.cong = p_cb->cong;
879 p_cb->p_cback(BTA_JV_L2CAP_CONG_EVT, &evt_data, p_cb->l2cap_socket_id);
880 break;
881
882 default:
883 break;
884 }
885 }
886
887 /* makes an l2cap client connection */
bta_jv_l2cap_connect(int32_t type,tBTA_SEC sec_mask,tBTA_JV_ROLE role,uint16_t remote_psm,uint16_t rx_mtu,const RawAddress & peer_bd_addr,std::unique_ptr<tL2CAP_CFG_INFO> cfg_param,std::unique_ptr<tL2CAP_ERTM_INFO> ertm_info,tBTA_JV_L2CAP_CBACK * p_cback,uint32_t l2cap_socket_id)888 void bta_jv_l2cap_connect(int32_t type, tBTA_SEC sec_mask, tBTA_JV_ROLE role,
889 uint16_t remote_psm, uint16_t rx_mtu,
890 const RawAddress& peer_bd_addr,
891 std::unique_ptr<tL2CAP_CFG_INFO> cfg_param,
892 std::unique_ptr<tL2CAP_ERTM_INFO> ertm_info,
893 tBTA_JV_L2CAP_CBACK* p_cback,
894 uint32_t l2cap_socket_id) {
895 uint16_t handle = GAP_INVALID_HANDLE;
896
897 tL2CAP_CFG_INFO cfg;
898 memset(&cfg, 0, sizeof(tL2CAP_CFG_INFO));
899 if (cfg_param) {
900 cfg = *cfg_param;
901 }
902
903 /* We need to use this value for MTU to be able to handle cases where cfg is
904 * not set in req. */
905 cfg.mtu_present = true;
906 cfg.mtu = rx_mtu;
907
908 uint8_t sec_id = bta_jv_alloc_sec_id();
909 tBTA_JV_L2CAP_CL_INIT evt_data;
910 evt_data.sec_id = sec_id;
911 evt_data.status = BTA_JV_FAILURE;
912
913 if (sec_id) {
914 /* PSM checking is not required for LE COC */
915 if ((type != BTA_JV_CONN_TYPE_L2CAP) ||
916 (bta_jv_check_psm(remote_psm))) /* allowed */
917 {
918 uint16_t max_mps = 0xffff; // Let GAP_ConnOpen set the max_mps.
919 handle = GAP_ConnOpen("", sec_id, 0, &peer_bd_addr, remote_psm, max_mps,
920 &cfg, ertm_info.get(), sec_mask,
921 bta_jv_l2cap_client_cback, type);
922 if (handle != GAP_INVALID_HANDLE) {
923 evt_data.status = BTA_JV_SUCCESS;
924 }
925 }
926 }
927
928 if (evt_data.status == BTA_JV_SUCCESS) {
929 tBTA_JV_L2C_CB* p_cb;
930 p_cb = &bta_jv_cb.l2c_cb[handle];
931 p_cb->handle = handle;
932 p_cb->p_cback = p_cback;
933 p_cb->l2cap_socket_id = l2cap_socket_id;
934 p_cb->psm = 0; /* not a server */
935 p_cb->sec_id = sec_id;
936 p_cb->state = BTA_JV_ST_CL_OPENING;
937 } else {
938 bta_jv_free_sec_id(&sec_id);
939 }
940
941 evt_data.handle = handle;
942 if (p_cback) {
943 tBTA_JV bta_jv;
944 bta_jv.l2c_cl_init = evt_data;
945 p_cback(BTA_JV_L2CAP_CL_INIT_EVT, &bta_jv, l2cap_socket_id);
946 }
947 }
948
949 /** Close an L2CAP client connection */
bta_jv_l2cap_close(uint32_t handle,tBTA_JV_L2C_CB * p_cb)950 void bta_jv_l2cap_close(uint32_t handle, tBTA_JV_L2C_CB* p_cb) {
951 tBTA_JV_L2CAP_CLOSE evt_data;
952 tBTA_JV_L2CAP_CBACK* p_cback = p_cb->p_cback;
953 uint32_t l2cap_socket_id = p_cb->l2cap_socket_id;
954
955 evt_data.handle = handle;
956 evt_data.status = bta_jv_free_l2c_cb(p_cb);
957 evt_data.async = false;
958
959 if (p_cback) {
960 tBTA_JV bta_jv;
961 bta_jv.l2c_close = evt_data;
962 p_cback(BTA_JV_L2CAP_CLOSE_EVT, &bta_jv, l2cap_socket_id);
963 }
964 }
965
966 /*******************************************************************************
967 *
968 * Function bta_jv_l2cap_server_cback
969 *
970 * Description handles the l2cap server callback
971 *
972 * Returns void
973 *
974 ******************************************************************************/
bta_jv_l2cap_server_cback(uint16_t gap_handle,uint16_t event,tGAP_CB_DATA * data)975 static void bta_jv_l2cap_server_cback(uint16_t gap_handle, uint16_t event,
976 tGAP_CB_DATA* data) {
977 tBTA_JV_L2C_CB* p_cb = &bta_jv_cb.l2c_cb[gap_handle];
978 tBTA_JV evt_data;
979 tBTA_JV_L2CAP_CBACK* p_cback;
980 uint32_t socket_id;
981
982 if (gap_handle >= BTA_JV_MAX_L2C_CONN && !p_cb->p_cback) return;
983
984 VLOG(2) << __func__ << ": gap_handle=" << gap_handle
985 << ", evt=" << loghex(event);
986 evt_data.l2c_open.status = BTA_JV_SUCCESS;
987 evt_data.l2c_open.handle = gap_handle;
988
989 switch (event) {
990 case GAP_EVT_CONN_OPENED:
991 evt_data.l2c_open.rem_bda = *GAP_ConnGetRemoteAddr(gap_handle);
992 evt_data.l2c_open.tx_mtu = GAP_ConnGetRemMtuSize(gap_handle);
993 p_cb->state = BTA_JV_ST_SR_OPEN;
994 p_cb->p_cback(BTA_JV_L2CAP_OPEN_EVT, &evt_data, p_cb->l2cap_socket_id);
995 break;
996
997 case GAP_EVT_CONN_CLOSED:
998 evt_data.l2c_close.async = true;
999 evt_data.l2c_close.handle = p_cb->handle;
1000 p_cback = p_cb->p_cback;
1001 socket_id = p_cb->l2cap_socket_id;
1002 evt_data.l2c_close.status = bta_jv_free_l2c_cb(p_cb);
1003 p_cback(BTA_JV_L2CAP_CLOSE_EVT, &evt_data, socket_id);
1004 break;
1005
1006 case GAP_EVT_CONN_DATA_AVAIL:
1007 evt_data.data_ind.handle = gap_handle;
1008 /* Reset idle timer to avoid requesting sniff mode while receiving data */
1009 bta_jv_pm_conn_busy(p_cb->p_pm_cb);
1010 p_cb->p_cback(BTA_JV_L2CAP_DATA_IND_EVT, &evt_data,
1011 p_cb->l2cap_socket_id);
1012 bta_jv_pm_conn_idle(p_cb->p_pm_cb);
1013 break;
1014
1015 case GAP_EVT_TX_EMPTY:
1016 bta_jv_pm_conn_idle(p_cb->p_pm_cb);
1017 break;
1018
1019 case GAP_EVT_CONN_CONGESTED:
1020 case GAP_EVT_CONN_UNCONGESTED:
1021 p_cb->cong = (event == GAP_EVT_CONN_CONGESTED) ? true : false;
1022 evt_data.l2c_cong.cong = p_cb->cong;
1023 p_cb->p_cback(BTA_JV_L2CAP_CONG_EVT, &evt_data, p_cb->l2cap_socket_id);
1024 break;
1025
1026 default:
1027 break;
1028 }
1029 }
1030
1031 /** starts an L2CAP server */
bta_jv_l2cap_start_server(int32_t type,tBTA_SEC sec_mask,tBTA_JV_ROLE role,uint16_t local_psm,uint16_t rx_mtu,std::unique_ptr<tL2CAP_CFG_INFO> cfg_param,std::unique_ptr<tL2CAP_ERTM_INFO> ertm_info,tBTA_JV_L2CAP_CBACK * p_cback,uint32_t l2cap_socket_id)1032 void bta_jv_l2cap_start_server(int32_t type, tBTA_SEC sec_mask,
1033 tBTA_JV_ROLE role, uint16_t local_psm,
1034 uint16_t rx_mtu,
1035 std::unique_ptr<tL2CAP_CFG_INFO> cfg_param,
1036 std::unique_ptr<tL2CAP_ERTM_INFO> ertm_info,
1037 tBTA_JV_L2CAP_CBACK* p_cback,
1038 uint32_t l2cap_socket_id) {
1039 uint16_t handle;
1040 tBTA_JV_L2CAP_START evt_data;
1041
1042 tL2CAP_CFG_INFO cfg;
1043 memset(&cfg, 0, sizeof(tL2CAP_CFG_INFO));
1044 if (cfg_param) {
1045 cfg = *cfg_param;
1046 }
1047
1048 // FIX: MTU=0 means not present
1049 if (rx_mtu > 0) {
1050 cfg.mtu_present = true;
1051 cfg.mtu = rx_mtu;
1052 } else {
1053 cfg.mtu_present = false;
1054 cfg.mtu = 0;
1055 }
1056
1057 uint8_t sec_id = bta_jv_alloc_sec_id();
1058 uint16_t max_mps = 0xffff; // Let GAP_ConnOpen set the max_mps.
1059 /* PSM checking is not required for LE COC */
1060 if (0 == sec_id ||
1061 ((type == BTA_JV_CONN_TYPE_L2CAP) && (!bta_jv_check_psm(local_psm))) ||
1062 (handle = GAP_ConnOpen("JV L2CAP", sec_id, 1, nullptr, local_psm, max_mps,
1063 &cfg, ertm_info.get(), sec_mask,
1064 bta_jv_l2cap_server_cback, type)) ==
1065 GAP_INVALID_HANDLE) {
1066 bta_jv_free_sec_id(&sec_id);
1067 evt_data.status = BTA_JV_FAILURE;
1068 } else {
1069 tBTA_JV_L2C_CB* p_cb = &bta_jv_cb.l2c_cb[handle];
1070 evt_data.status = BTA_JV_SUCCESS;
1071 evt_data.handle = handle;
1072 evt_data.sec_id = sec_id;
1073 p_cb->p_cback = p_cback;
1074 p_cb->l2cap_socket_id = l2cap_socket_id;
1075 p_cb->handle = handle;
1076 p_cb->sec_id = sec_id;
1077 p_cb->state = BTA_JV_ST_SR_LISTEN;
1078 p_cb->psm = local_psm;
1079 }
1080
1081 if (p_cback) {
1082 tBTA_JV bta_jv;
1083 bta_jv.l2c_start = evt_data;
1084 p_cback(BTA_JV_L2CAP_START_EVT, &bta_jv, l2cap_socket_id);
1085 }
1086 }
1087
1088 /* stops an L2CAP server */
bta_jv_l2cap_stop_server(uint16_t local_psm,uint32_t l2cap_socket_id)1089 void bta_jv_l2cap_stop_server(uint16_t local_psm, uint32_t l2cap_socket_id) {
1090 for (int i = 0; i < BTA_JV_MAX_L2C_CONN; i++) {
1091 if (bta_jv_cb.l2c_cb[i].l2cap_socket_id == l2cap_socket_id) {
1092 tBTA_JV_L2C_CB* p_cb = &bta_jv_cb.l2c_cb[i];
1093 tBTA_JV_L2CAP_CBACK* p_cback = p_cb->p_cback;
1094 tBTA_JV_L2CAP_CLOSE evt_data;
1095 evt_data.handle = p_cb->handle;
1096 evt_data.status = bta_jv_free_l2c_cb(p_cb);
1097 evt_data.async = false;
1098 if (p_cback) {
1099 tBTA_JV bta_jv;
1100 bta_jv.l2c_close = evt_data;
1101 p_cback(BTA_JV_L2CAP_CLOSE_EVT, &bta_jv, l2cap_socket_id);
1102 }
1103 break;
1104 }
1105 }
1106 }
1107
1108 /* Write data to an L2CAP connection */
bta_jv_l2cap_write(uint32_t handle,uint32_t req_id,BT_HDR * msg,uint32_t user_id,tBTA_JV_L2C_CB * p_cb)1109 void bta_jv_l2cap_write(uint32_t handle, uint32_t req_id, BT_HDR* msg,
1110 uint32_t user_id, tBTA_JV_L2C_CB* p_cb) {
1111 /* As we check this callback exists before the tBTA_JV_API_L2CAP_WRITE can be
1112 * send through the API this check should not be needed. But the API is not
1113 * designed to be used (safely at least) in a multi-threaded scheduler, hence
1114 * if the peer device disconnects the l2cap link after the API is called, but
1115 * before this message is handled, the ->p_cback will be cleared at this
1116 * point. At first glanch this seems highly unlikely, but for all
1117 * obex-profiles with two channels connected - e.g. MAP, this happens around 1
1118 * of 4 disconnects, as a disconnect on the server channel causes a disconnect
1119 * to be send on the client (notification) channel, but at the peer typically
1120 * disconnects both the OBEX disconnect request crosses the incoming l2cap
1121 * disconnect. If p_cback is cleared, we simply discard the data. RISK: The
1122 * caller must handle any cleanup based on another signal than
1123 * BTA_JV_L2CAP_WRITE_EVT, which is typically not possible, as the pointer to
1124 * the allocated buffer is stored in this message, and can therefore not be
1125 * freed, hence we have a mem-leak-by-design.*/
1126 if (!p_cb->p_cback) {
1127 /* As this pointer is checked in the API function, this occurs only when the
1128 * channel is disconnected after the API function is called, but before the
1129 * message is handled. */
1130 LOG(ERROR) << __func__ << ": p_cb->p_cback == NULL";
1131 osi_free(msg);
1132 return;
1133 }
1134
1135 tBTA_JV_L2CAP_WRITE evt_data;
1136 evt_data.status = BTA_JV_FAILURE;
1137 evt_data.handle = handle;
1138 evt_data.req_id = req_id;
1139 evt_data.cong = p_cb->cong;
1140 evt_data.len = msg->len;
1141
1142 bta_jv_pm_conn_busy(p_cb->p_pm_cb);
1143
1144 // TODO: this was set only for non-fixed channel packets. Is that needed ?
1145 msg->event = BT_EVT_TO_BTU_SP_DATA;
1146
1147 if (evt_data.cong) {
1148 osi_free(msg);
1149 } else {
1150 if (GAP_ConnWriteData(handle, msg) == BT_PASS)
1151 evt_data.status = BTA_JV_SUCCESS;
1152 }
1153
1154 tBTA_JV bta_jv;
1155 bta_jv.l2c_write = evt_data;
1156 p_cb->p_cback(BTA_JV_L2CAP_WRITE_EVT, &bta_jv, user_id);
1157 }
1158
1159 /*******************************************************************************
1160 *
1161 * Function bta_jv_port_data_co_cback
1162 *
1163 * Description port data callback function of rfcomm
1164 * connections
1165 *
1166 * Returns void
1167 *
1168 ******************************************************************************/
bta_jv_port_data_co_cback(uint16_t port_handle,uint8_t * buf,uint16_t len,int type)1169 static int bta_jv_port_data_co_cback(uint16_t port_handle, uint8_t* buf,
1170 uint16_t len, int type) {
1171 tBTA_JV_RFC_CB* p_cb = bta_jv_rfc_port_to_cb(port_handle);
1172 tBTA_JV_PCB* p_pcb = bta_jv_rfc_port_to_pcb(port_handle);
1173 VLOG(2) << __func__ << ": p_cb=" << p_cb << ", p_pcb=" << p_pcb
1174 << ", len=" << len << ", type=" << type;
1175 if (p_pcb != NULL) {
1176 switch (type) {
1177 case DATA_CO_CALLBACK_TYPE_INCOMING:
1178 return bta_co_rfc_data_incoming(p_pcb->rfcomm_slot_id, (BT_HDR*)buf);
1179 case DATA_CO_CALLBACK_TYPE_OUTGOING_SIZE:
1180 return bta_co_rfc_data_outgoing_size(p_pcb->rfcomm_slot_id, (int*)buf);
1181 case DATA_CO_CALLBACK_TYPE_OUTGOING:
1182 return bta_co_rfc_data_outgoing(p_pcb->rfcomm_slot_id, buf, len);
1183 default:
1184 LOG(ERROR) << __func__ << ": unknown callout type=" << type;
1185 break;
1186 }
1187 }
1188 return 0;
1189 }
1190
1191 /*******************************************************************************
1192 *
1193 * Function bta_jv_port_mgmt_cl_cback
1194 *
1195 * Description callback for port mamangement function of rfcomm
1196 * client connections
1197 *
1198 * Returns void
1199 *
1200 ******************************************************************************/
bta_jv_port_mgmt_cl_cback(uint32_t code,uint16_t port_handle)1201 static void bta_jv_port_mgmt_cl_cback(uint32_t code, uint16_t port_handle) {
1202 tBTA_JV_RFC_CB* p_cb = bta_jv_rfc_port_to_cb(port_handle);
1203 tBTA_JV_PCB* p_pcb = bta_jv_rfc_port_to_pcb(port_handle);
1204 tBTA_JV evt_data;
1205 RawAddress rem_bda = RawAddress::kEmpty;
1206 uint16_t lcid;
1207 tBTA_JV_RFCOMM_CBACK* p_cback; /* the callback function */
1208
1209 VLOG(2) << __func__ << ": code=" << code << ", port_handle=" << port_handle;
1210 if (NULL == p_cb || NULL == p_cb->p_cback) return;
1211
1212 VLOG(2) << __func__ << ": code=" << code << ", port_handle=" << port_handle
1213 << ", handle=" << p_cb->handle;
1214
1215 PORT_CheckConnection(port_handle, &rem_bda, &lcid);
1216
1217 if (code == PORT_SUCCESS) {
1218 evt_data.rfc_open.handle = p_cb->handle;
1219 evt_data.rfc_open.status = BTA_JV_SUCCESS;
1220 evt_data.rfc_open.rem_bda = rem_bda;
1221 p_pcb->state = BTA_JV_ST_CL_OPEN;
1222 p_cb->p_cback(BTA_JV_RFCOMM_OPEN_EVT, &evt_data, p_pcb->rfcomm_slot_id);
1223 } else {
1224 evt_data.rfc_close.handle = p_cb->handle;
1225 evt_data.rfc_close.status = BTA_JV_FAILURE;
1226 evt_data.rfc_close.port_status = code;
1227 evt_data.rfc_close.async = true;
1228 if (p_pcb->state == BTA_JV_ST_CL_CLOSING) {
1229 evt_data.rfc_close.async = false;
1230 }
1231 // p_pcb->state = BTA_JV_ST_NONE;
1232 // p_pcb->cong = false;
1233 p_cback = p_cb->p_cback;
1234 p_cback(BTA_JV_RFCOMM_CLOSE_EVT, &evt_data, p_pcb->rfcomm_slot_id);
1235 // bta_jv_free_rfc_cb(p_cb, p_pcb);
1236 }
1237 }
1238
1239 /*******************************************************************************
1240 *
1241 * Function bta_jv_port_event_cl_cback
1242 *
1243 * Description Callback for RFCOMM client port events
1244 *
1245 * Returns void
1246 *
1247 ******************************************************************************/
bta_jv_port_event_cl_cback(uint32_t code,uint16_t port_handle)1248 static void bta_jv_port_event_cl_cback(uint32_t code, uint16_t port_handle) {
1249 tBTA_JV_RFC_CB* p_cb = bta_jv_rfc_port_to_cb(port_handle);
1250 tBTA_JV_PCB* p_pcb = bta_jv_rfc_port_to_pcb(port_handle);
1251 tBTA_JV evt_data;
1252
1253 VLOG(2) << __func__ << ": port_handle=" << port_handle;
1254 if (NULL == p_cb || NULL == p_cb->p_cback) return;
1255
1256 VLOG(2) << __func__ << ": code=" << loghex(code)
1257 << ", port_handle=" << port_handle << ", handle=" << p_cb->handle;
1258 if (code & PORT_EV_RXCHAR) {
1259 evt_data.data_ind.handle = p_cb->handle;
1260 p_cb->p_cback(BTA_JV_RFCOMM_DATA_IND_EVT, &evt_data, p_pcb->rfcomm_slot_id);
1261 }
1262
1263 if (code & PORT_EV_FC) {
1264 p_pcb->cong = (code & PORT_EV_FCS) ? false : true;
1265 evt_data.rfc_cong.cong = p_pcb->cong;
1266 evt_data.rfc_cong.handle = p_cb->handle;
1267 evt_data.rfc_cong.status = BTA_JV_SUCCESS;
1268 p_cb->p_cback(BTA_JV_RFCOMM_CONG_EVT, &evt_data, p_pcb->rfcomm_slot_id);
1269 }
1270
1271 if (code & PORT_EV_TXEMPTY) {
1272 bta_jv_pm_conn_idle(p_pcb->p_pm_cb);
1273 }
1274 }
1275
1276 /* Client initiates an RFCOMM connection */
bta_jv_rfcomm_connect(tBTA_SEC sec_mask,uint8_t remote_scn,const RawAddress & peer_bd_addr,tBTA_JV_RFCOMM_CBACK * p_cback,uint32_t rfcomm_slot_id)1277 void bta_jv_rfcomm_connect(tBTA_SEC sec_mask, uint8_t remote_scn,
1278 const RawAddress& peer_bd_addr,
1279 tBTA_JV_RFCOMM_CBACK* p_cback,
1280 uint32_t rfcomm_slot_id) {
1281 uint16_t handle = 0;
1282 uint32_t event_mask = BTA_JV_RFC_EV_MASK;
1283 tPORT_STATE port_state;
1284
1285 tBTA_JV_RFCOMM_CL_INIT evt_data;
1286 memset(&evt_data, 0, sizeof(evt_data));
1287 evt_data.status = BTA_JV_SUCCESS;
1288 if (evt_data.status == BTA_JV_SUCCESS &&
1289 RFCOMM_CreateConnectionWithSecurity(
1290 UUID_SERVCLASS_SERIAL_PORT, remote_scn, false, BTA_JV_DEF_RFC_MTU,
1291 peer_bd_addr, &handle, bta_jv_port_mgmt_cl_cback,
1292 sec_mask) != PORT_SUCCESS) {
1293 LOG(ERROR) << __func__ << ": RFCOMM_CreateConnection failed";
1294 evt_data.status = BTA_JV_FAILURE;
1295 }
1296 if (evt_data.status == BTA_JV_SUCCESS) {
1297 tBTA_JV_PCB* p_pcb;
1298 tBTA_JV_RFC_CB* p_cb = bta_jv_alloc_rfc_cb(handle, &p_pcb);
1299 if (p_cb) {
1300 p_cb->p_cback = p_cback;
1301 p_cb->scn = 0;
1302 p_pcb->state = BTA_JV_ST_CL_OPENING;
1303 p_pcb->rfcomm_slot_id = rfcomm_slot_id;
1304 evt_data.use_co = true;
1305
1306 PORT_SetEventCallback(handle, bta_jv_port_event_cl_cback);
1307 PORT_SetEventMask(handle, event_mask);
1308 PORT_SetDataCOCallback(handle, bta_jv_port_data_co_cback);
1309
1310 PORT_GetState(handle, &port_state);
1311
1312 port_state.fc_type = (PORT_FC_CTS_ON_INPUT | PORT_FC_CTS_ON_OUTPUT);
1313
1314 PORT_SetState(handle, &port_state);
1315
1316 evt_data.handle = p_cb->handle;
1317 } else {
1318 evt_data.status = BTA_JV_FAILURE;
1319 LOG(ERROR) << __func__ << ": run out of rfc control block";
1320 }
1321 }
1322 tBTA_JV bta_jv;
1323 bta_jv.rfc_cl_init = evt_data;
1324 p_cback(BTA_JV_RFCOMM_CL_INIT_EVT, &bta_jv, rfcomm_slot_id);
1325 if (bta_jv.rfc_cl_init.status == BTA_JV_FAILURE) {
1326 RFCOMM_ClearSecurityRecord(remote_scn);
1327 if (handle) RFCOMM_RemoveConnection(handle);
1328 }
1329 }
1330
find_rfc_pcb(uint32_t rfcomm_slot_id,tBTA_JV_RFC_CB ** cb,tBTA_JV_PCB ** pcb)1331 static int find_rfc_pcb(uint32_t rfcomm_slot_id, tBTA_JV_RFC_CB** cb,
1332 tBTA_JV_PCB** pcb) {
1333 *cb = NULL;
1334 *pcb = NULL;
1335 int i;
1336 for (i = 0; i < MAX_RFC_PORTS; i++) {
1337 uint32_t rfc_handle = bta_jv_cb.port_cb[i].handle & BTA_JV_RFC_HDL_MASK;
1338 rfc_handle &= ~BTA_JV_RFCOMM_MASK;
1339 if (rfc_handle && bta_jv_cb.port_cb[i].rfcomm_slot_id == rfcomm_slot_id) {
1340 *pcb = &bta_jv_cb.port_cb[i];
1341 *cb = &bta_jv_cb.rfc_cb[rfc_handle - 1];
1342 VLOG(2) << __func__ << ": FOUND rfc_cb_handle=" << loghex(rfc_handle)
1343 << ", port.jv_handle=" << loghex((*pcb)->handle)
1344 << ", state=" << (*pcb)->state
1345 << ", rfc_cb->handle=" << loghex((*cb)->handle);
1346 return 1;
1347 }
1348 }
1349 VLOG(2) << __func__
1350 << ": cannot find rfc_cb from user data:" << rfcomm_slot_id;
1351 return 0;
1352 }
1353
1354 /* Close an RFCOMM connection */
bta_jv_rfcomm_close(uint32_t handle,uint32_t rfcomm_slot_id)1355 void bta_jv_rfcomm_close(uint32_t handle, uint32_t rfcomm_slot_id) {
1356 if (!handle) {
1357 LOG(ERROR) << __func__ << ": rfc handle is null";
1358 return;
1359 }
1360
1361 VLOG(2) << __func__ << ": rfc handle=" << handle;
1362
1363 tBTA_JV_RFC_CB* p_cb = NULL;
1364 tBTA_JV_PCB* p_pcb = NULL;
1365
1366 if (!find_rfc_pcb(rfcomm_slot_id, &p_cb, &p_pcb)) return;
1367 bta_jv_free_rfc_cb(p_cb, p_pcb);
1368 }
1369
1370 /*******************************************************************************
1371 *
1372 * Function bta_jv_port_mgmt_sr_cback
1373 *
1374 * Description callback for port mamangement function of rfcomm
1375 * server connections
1376 *
1377 * Returns void
1378 *
1379 ******************************************************************************/
bta_jv_port_mgmt_sr_cback(uint32_t code,uint16_t port_handle)1380 static void bta_jv_port_mgmt_sr_cback(uint32_t code, uint16_t port_handle) {
1381 tBTA_JV_PCB* p_pcb = bta_jv_rfc_port_to_pcb(port_handle);
1382 tBTA_JV_RFC_CB* p_cb = bta_jv_rfc_port_to_cb(port_handle);
1383 tBTA_JV evt_data;
1384 RawAddress rem_bda = RawAddress::kEmpty;
1385 uint16_t lcid;
1386 VLOG(2) << __func__ << ": code=" << code << ", port_handle=" << port_handle;
1387 if (NULL == p_cb || NULL == p_cb->p_cback) {
1388 LOG(ERROR) << __func__ << ": p_cb=" << p_cb
1389 << ", p_cb->p_cback=" << (p_cb ? p_cb->p_cback : 0);
1390 return;
1391 }
1392 uint32_t rfcomm_slot_id = p_pcb->rfcomm_slot_id;
1393 VLOG(2) << __func__ << ": code=" << code
1394 << ", port_handle=" << loghex(port_handle)
1395 << ", handle=" << loghex(p_cb->handle) << ", p_pcb" << p_pcb
1396 << ", user=" << p_pcb->rfcomm_slot_id;
1397
1398 int status = PORT_CheckConnection(port_handle, &rem_bda, &lcid);
1399 int failed = true;
1400 if (code == PORT_SUCCESS) {
1401 if (status != PORT_SUCCESS) {
1402 LOG(ERROR) << __func__ << ": PORT_CheckConnection returned " << status
1403 << ", although port is supposed to be connected";
1404 }
1405 evt_data.rfc_srv_open.handle = p_pcb->handle;
1406 evt_data.rfc_srv_open.status = BTA_JV_SUCCESS;
1407 evt_data.rfc_srv_open.rem_bda = rem_bda;
1408 tBTA_JV_PCB* p_pcb_new_listen = bta_jv_add_rfc_port(p_cb, p_pcb);
1409 if (p_pcb_new_listen) {
1410 evt_data.rfc_srv_open.new_listen_handle = p_pcb_new_listen->handle;
1411 p_pcb_new_listen->rfcomm_slot_id =
1412 p_cb->p_cback(BTA_JV_RFCOMM_SRV_OPEN_EVT, &evt_data, rfcomm_slot_id);
1413 VLOG(2) << __func__ << ": curr_sess=" << p_cb->curr_sess
1414 << ", max_sess=" << p_cb->max_sess;
1415 failed = false;
1416 } else
1417 LOG(ERROR) << __func__ << ": failed to create new listen port";
1418 }
1419 if (failed) {
1420 evt_data.rfc_close.handle = p_cb->handle;
1421 evt_data.rfc_close.status = BTA_JV_FAILURE;
1422 evt_data.rfc_close.async = true;
1423 evt_data.rfc_close.port_status = code;
1424 p_pcb->cong = false;
1425
1426 tBTA_JV_RFCOMM_CBACK* p_cback = p_cb->p_cback;
1427 VLOG(2) << __func__
1428 << ": PORT_CLOSED before BTA_JV_RFCOMM_CLOSE_EVT: curr_sess="
1429 << p_cb->curr_sess << ", max_sess=" << p_cb->max_sess;
1430 if (BTA_JV_ST_SR_CLOSING == p_pcb->state) {
1431 evt_data.rfc_close.async = false;
1432 evt_data.rfc_close.status = BTA_JV_SUCCESS;
1433 }
1434 // p_pcb->state = BTA_JV_ST_NONE;
1435 p_cback(BTA_JV_RFCOMM_CLOSE_EVT, &evt_data, rfcomm_slot_id);
1436 // bta_jv_free_rfc_cb(p_cb, p_pcb);
1437
1438 VLOG(2) << __func__
1439 << ": PORT_CLOSED after BTA_JV_RFCOMM_CLOSE_EVT: curr_sess="
1440 << p_cb->curr_sess << ", max_sess=" << p_cb->max_sess;
1441 }
1442 }
1443
1444 /*******************************************************************************
1445 *
1446 * Function bta_jv_port_event_sr_cback
1447 *
1448 * Description Callback for RFCOMM server port events
1449 *
1450 * Returns void
1451 *
1452 ******************************************************************************/
bta_jv_port_event_sr_cback(uint32_t code,uint16_t port_handle)1453 static void bta_jv_port_event_sr_cback(uint32_t code, uint16_t port_handle) {
1454 tBTA_JV_PCB* p_pcb = bta_jv_rfc_port_to_pcb(port_handle);
1455 tBTA_JV_RFC_CB* p_cb = bta_jv_rfc_port_to_cb(port_handle);
1456 tBTA_JV evt_data;
1457
1458 if (NULL == p_cb || NULL == p_cb->p_cback) {
1459 LOG(ERROR) << __func__ << ": p_cb=" << p_cb
1460 << ", p_cb->p_cback=" << (p_cb ? p_cb->p_cback : 0);
1461 return;
1462 }
1463
1464 VLOG(2) << __func__ << ": code=" << loghex(code)
1465 << ", port_handle=" << port_handle << ", handle=" << p_cb->handle;
1466
1467 uint32_t user_data = p_pcb->rfcomm_slot_id;
1468 if (code & PORT_EV_RXCHAR) {
1469 evt_data.data_ind.handle = p_cb->handle;
1470 p_cb->p_cback(BTA_JV_RFCOMM_DATA_IND_EVT, &evt_data, user_data);
1471 }
1472
1473 if (code & PORT_EV_FC) {
1474 p_pcb->cong = (code & PORT_EV_FCS) ? false : true;
1475 evt_data.rfc_cong.cong = p_pcb->cong;
1476 evt_data.rfc_cong.handle = p_cb->handle;
1477 evt_data.rfc_cong.status = BTA_JV_SUCCESS;
1478 p_cb->p_cback(BTA_JV_RFCOMM_CONG_EVT, &evt_data, user_data);
1479 }
1480
1481 if (code & PORT_EV_TXEMPTY) {
1482 bta_jv_pm_conn_idle(p_pcb->p_pm_cb);
1483 }
1484 }
1485
1486 /*******************************************************************************
1487 *
1488 * Function bta_jv_add_rfc_port
1489 *
1490 * Description add a port for server when the existing posts is open
1491 *
1492 * Returns return a pointer to tBTA_JV_PCB just added
1493 *
1494 ******************************************************************************/
bta_jv_add_rfc_port(tBTA_JV_RFC_CB * p_cb,tBTA_JV_PCB * p_pcb_open)1495 static tBTA_JV_PCB* bta_jv_add_rfc_port(tBTA_JV_RFC_CB* p_cb,
1496 tBTA_JV_PCB* p_pcb_open) {
1497 uint8_t used = 0, i, listen = 0;
1498 uint32_t si = 0;
1499 tPORT_STATE port_state;
1500 uint32_t event_mask = BTA_JV_RFC_EV_MASK;
1501 tBTA_JV_PCB* p_pcb = NULL;
1502 if (p_cb->max_sess > 1) {
1503 for (i = 0; i < p_cb->max_sess; i++) {
1504 if (p_cb->rfc_hdl[i] != 0) {
1505 p_pcb = &bta_jv_cb.port_cb[p_cb->rfc_hdl[i] - 1];
1506 if (p_pcb->state == BTA_JV_ST_SR_LISTEN) {
1507 listen++;
1508 if (p_pcb_open == p_pcb) {
1509 VLOG(2) << __func__ << ": port_handle=" << p_pcb->port_handle
1510 << ", change the listen port to open state";
1511 p_pcb->state = BTA_JV_ST_SR_OPEN;
1512
1513 } else {
1514 LOG(ERROR) << __func__
1515 << ": open pcb not matching listen one, count=" << listen
1516 << ", listen pcb handle=" << p_pcb->port_handle
1517 << ", open pcb=" << p_pcb_open->handle;
1518 return NULL;
1519 }
1520 }
1521 used++;
1522 } else if (si == 0) {
1523 si = i + 1;
1524 }
1525 }
1526
1527 VLOG(2) << __func__ << ": max_sess=" << p_cb->max_sess << ", used=" << used
1528 << ", curr_sess=" << p_cb->curr_sess << ", listen=" << listen
1529 << ", si=" << si;
1530 if (used < p_cb->max_sess && listen == 1 && si) {
1531 si--;
1532 if (RFCOMM_CreateConnection(p_cb->sec_id, p_cb->scn, true,
1533 BTA_JV_DEF_RFC_MTU, RawAddress::kAny,
1534 &(p_cb->rfc_hdl[si]),
1535 bta_jv_port_mgmt_sr_cback) == PORT_SUCCESS) {
1536 p_cb->curr_sess++;
1537 p_pcb = &bta_jv_cb.port_cb[p_cb->rfc_hdl[si] - 1];
1538 p_pcb->state = BTA_JV_ST_SR_LISTEN;
1539 p_pcb->port_handle = p_cb->rfc_hdl[si];
1540 p_pcb->rfcomm_slot_id = p_pcb_open->rfcomm_slot_id;
1541
1542 PORT_ClearKeepHandleFlag(p_pcb->port_handle);
1543 PORT_SetEventCallback(p_pcb->port_handle, bta_jv_port_event_sr_cback);
1544 PORT_SetDataCOCallback(p_pcb->port_handle, bta_jv_port_data_co_cback);
1545 PORT_SetEventMask(p_pcb->port_handle, event_mask);
1546 PORT_GetState(p_pcb->port_handle, &port_state);
1547
1548 port_state.fc_type = (PORT_FC_CTS_ON_INPUT | PORT_FC_CTS_ON_OUTPUT);
1549
1550 PORT_SetState(p_pcb->port_handle, &port_state);
1551 p_pcb->handle = BTA_JV_RFC_H_S_TO_HDL(p_cb->handle, si);
1552 VLOG(2) << __func__ << ": p_pcb->handle=" << loghex(p_pcb->handle)
1553 << ", curr_sess=" << p_cb->curr_sess;
1554 } else {
1555 LOG(ERROR) << __func__ << ": RFCOMM_CreateConnection failed";
1556 return NULL;
1557 }
1558 } else {
1559 LOG(ERROR) << __func__ << ": cannot create new rfc listen port";
1560 return NULL;
1561 }
1562 }
1563 VLOG(2) << __func__ << ": sec id in use=" << get_sec_id_used()
1564 << ", rfc_cb in use=" << get_rfc_cb_used();
1565 return p_pcb;
1566 }
1567
1568 /* waits for an RFCOMM client to connect */
bta_jv_rfcomm_start_server(tBTA_SEC sec_mask,uint8_t local_scn,uint8_t max_session,tBTA_JV_RFCOMM_CBACK * p_cback,uint32_t rfcomm_slot_id)1569 void bta_jv_rfcomm_start_server(tBTA_SEC sec_mask, uint8_t local_scn,
1570 uint8_t max_session,
1571 tBTA_JV_RFCOMM_CBACK* p_cback,
1572 uint32_t rfcomm_slot_id) {
1573 uint16_t handle = 0;
1574 uint32_t event_mask = BTA_JV_RFC_EV_MASK;
1575 tPORT_STATE port_state;
1576 tBTA_JV_RFC_CB* p_cb = NULL;
1577 tBTA_JV_PCB* p_pcb;
1578 tBTA_JV_RFCOMM_START evt_data;
1579
1580 memset(&evt_data, 0, sizeof(evt_data));
1581 evt_data.status = BTA_JV_FAILURE;
1582
1583 do {
1584 if (RFCOMM_CreateConnectionWithSecurity(
1585 0, local_scn, true, BTA_JV_DEF_RFC_MTU, RawAddress::kAny, &handle,
1586 bta_jv_port_mgmt_sr_cback, sec_mask) != PORT_SUCCESS) {
1587 LOG(ERROR) << __func__ << ": RFCOMM_CreateConnection failed";
1588 break;
1589 }
1590
1591 p_cb = bta_jv_alloc_rfc_cb(handle, &p_pcb);
1592 if (!p_cb) {
1593 LOG(ERROR) << __func__ << ": run out of rfc control block";
1594 break;
1595 }
1596
1597 p_cb->max_sess = max_session;
1598 p_cb->p_cback = p_cback;
1599 p_cb->scn = local_scn;
1600 p_pcb->state = BTA_JV_ST_SR_LISTEN;
1601 p_pcb->rfcomm_slot_id = rfcomm_slot_id;
1602 evt_data.status = BTA_JV_SUCCESS;
1603 evt_data.handle = p_cb->handle;
1604 evt_data.use_co = true;
1605
1606 PORT_ClearKeepHandleFlag(handle);
1607 PORT_SetEventCallback(handle, bta_jv_port_event_sr_cback);
1608 PORT_SetEventMask(handle, event_mask);
1609 PORT_GetState(handle, &port_state);
1610
1611 port_state.fc_type = (PORT_FC_CTS_ON_INPUT | PORT_FC_CTS_ON_OUTPUT);
1612
1613 PORT_SetState(handle, &port_state);
1614 } while (0);
1615
1616 tBTA_JV bta_jv;
1617 bta_jv.rfc_start = evt_data;
1618 p_cback(BTA_JV_RFCOMM_START_EVT, &bta_jv, rfcomm_slot_id);
1619 if (bta_jv.rfc_start.status == BTA_JV_SUCCESS) {
1620 PORT_SetDataCOCallback(handle, bta_jv_port_data_co_cback);
1621 } else {
1622 RFCOMM_ClearSecurityRecord(local_scn);
1623 if (handle) RFCOMM_RemoveConnection(handle);
1624 }
1625 }
1626
1627 /* stops an RFCOMM server */
bta_jv_rfcomm_stop_server(uint32_t handle,uint32_t rfcomm_slot_id)1628 void bta_jv_rfcomm_stop_server(uint32_t handle, uint32_t rfcomm_slot_id) {
1629 if (!handle) {
1630 LOG(ERROR) << __func__ << ": jv handle is null";
1631 return;
1632 }
1633
1634 VLOG(2) << __func__;
1635 tBTA_JV_RFC_CB* p_cb = NULL;
1636 tBTA_JV_PCB* p_pcb = NULL;
1637
1638 if (!find_rfc_pcb(rfcomm_slot_id, &p_cb, &p_pcb)) return;
1639 VLOG(2) << __func__ << ": p_pcb=" << p_pcb
1640 << ", p_pcb->port_handle=" << p_pcb->port_handle;
1641 bta_jv_free_rfc_cb(p_cb, p_pcb);
1642 }
1643
1644 /* write data to an RFCOMM connection */
bta_jv_rfcomm_write(uint32_t handle,uint32_t req_id,tBTA_JV_RFC_CB * p_cb,tBTA_JV_PCB * p_pcb)1645 void bta_jv_rfcomm_write(uint32_t handle, uint32_t req_id, tBTA_JV_RFC_CB* p_cb,
1646 tBTA_JV_PCB* p_pcb) {
1647 if (p_pcb->state == BTA_JV_ST_NONE) {
1648 LOG(ERROR) << __func__ << ": in state BTA_JV_ST_NONE - cannot write";
1649 return;
1650 }
1651
1652 tBTA_JV_RFCOMM_WRITE evt_data;
1653 evt_data.status = BTA_JV_FAILURE;
1654 evt_data.handle = handle;
1655 evt_data.req_id = req_id;
1656 evt_data.cong = p_pcb->cong;
1657 evt_data.len = 0;
1658
1659 bta_jv_pm_conn_busy(p_pcb->p_pm_cb);
1660
1661 if (!evt_data.cong &&
1662 PORT_WriteDataCO(p_pcb->port_handle, &evt_data.len) == PORT_SUCCESS) {
1663 evt_data.status = BTA_JV_SUCCESS;
1664 }
1665
1666 // Update congestion flag
1667 evt_data.cong = p_pcb->cong;
1668
1669 if (!p_cb->p_cback) {
1670 LOG(ERROR) << __func__ << ": No JV callback set";
1671 return;
1672 }
1673
1674 tBTA_JV bta_jv;
1675 bta_jv.rfc_write = evt_data;
1676 p_cb->p_cback(BTA_JV_RFCOMM_WRITE_EVT, &bta_jv, p_pcb->rfcomm_slot_id);
1677 }
1678
1679 /* Set or free power mode profile for a JV application */
bta_jv_set_pm_profile(uint32_t handle,tBTA_JV_PM_ID app_id,tBTA_JV_CONN_STATE init_st)1680 void bta_jv_set_pm_profile(uint32_t handle, tBTA_JV_PM_ID app_id,
1681 tBTA_JV_CONN_STATE init_st) {
1682 tBTA_JV_STATUS status;
1683 tBTA_JV_PM_CB* p_cb;
1684
1685 VLOG(2) << __func__ << " handle=" << loghex(handle) << ", app_id=" << app_id
1686 << ", init_st=" << +init_st;
1687
1688 /* clear PM control block */
1689 if (app_id == BTA_JV_PM_ID_CLEAR) {
1690 status = bta_jv_free_set_pm_profile_cb(handle);
1691
1692 if (status != BTA_JV_SUCCESS) {
1693 LOG(WARNING) << __func__ << ": free pm cb failed: reason=" << +status;
1694 }
1695 } else /* set PM control block */
1696 {
1697 p_cb = bta_jv_alloc_set_pm_profile_cb(handle, app_id);
1698
1699 if (NULL != p_cb)
1700 bta_jv_pm_state_change(p_cb, init_st);
1701 else
1702 LOG(WARNING) << __func__ << ": failed";
1703 }
1704 }
1705
1706 /*******************************************************************************
1707 *
1708 * Function bta_jv_pm_conn_busy
1709 *
1710 * Description set pm connection busy state (input param safe)
1711 *
1712 * Params p_cb: pm control block of jv connection
1713 *
1714 * Returns void
1715 *
1716 ******************************************************************************/
bta_jv_pm_conn_busy(tBTA_JV_PM_CB * p_cb)1717 static void bta_jv_pm_conn_busy(tBTA_JV_PM_CB* p_cb) {
1718 if ((NULL != p_cb) && (BTA_JV_PM_IDLE_ST == p_cb->state))
1719 bta_jv_pm_state_change(p_cb, BTA_JV_CONN_BUSY);
1720 }
1721
1722 /*******************************************************************************
1723 *
1724 * Function bta_jv_pm_conn_busy
1725 *
1726 * Description set pm connection busy state (input param safe)
1727 *
1728 * Params p_cb: pm control block of jv connection
1729 *
1730 * Returns void
1731 *
1732 ******************************************************************************/
bta_jv_pm_conn_idle(tBTA_JV_PM_CB * p_cb)1733 static void bta_jv_pm_conn_idle(tBTA_JV_PM_CB* p_cb) {
1734 if ((NULL != p_cb) && (BTA_JV_PM_IDLE_ST != p_cb->state))
1735 bta_jv_pm_state_change(p_cb, BTA_JV_CONN_IDLE);
1736 }
1737
1738 /*******************************************************************************
1739 *
1740 * Function bta_jv_pm_state_change
1741 *
1742 * Description Notify power manager there is state change
1743 *
1744 * Params p_cb: must be NONE NULL
1745 *
1746 * Returns void
1747 *
1748 ******************************************************************************/
bta_jv_pm_state_change(tBTA_JV_PM_CB * p_cb,const tBTA_JV_CONN_STATE state)1749 static void bta_jv_pm_state_change(tBTA_JV_PM_CB* p_cb,
1750 const tBTA_JV_CONN_STATE state) {
1751 VLOG(2) << __func__ << ": p_cb=" << p_cb
1752 << ", handle=" << loghex(p_cb->handle)
1753 << ", busy/idle_state=" << p_cb->state << ", app_id=" << p_cb->app_id
1754 << ", conn_state=" << state;
1755
1756 switch (state) {
1757 case BTA_JV_CONN_OPEN:
1758 bta_sys_conn_open(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1759 break;
1760
1761 case BTA_JV_CONN_CLOSE:
1762 bta_sys_conn_close(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1763 break;
1764
1765 case BTA_JV_APP_OPEN:
1766 bta_sys_app_open(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1767 break;
1768
1769 case BTA_JV_APP_CLOSE:
1770 bta_sys_app_close(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1771 break;
1772
1773 case BTA_JV_SCO_OPEN:
1774 bta_sys_sco_open(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1775 break;
1776
1777 case BTA_JV_SCO_CLOSE:
1778 bta_sys_sco_close(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1779 break;
1780
1781 case BTA_JV_CONN_IDLE:
1782 p_cb->state = BTA_JV_PM_IDLE_ST;
1783 bta_sys_idle(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1784 break;
1785
1786 case BTA_JV_CONN_BUSY:
1787 p_cb->state = BTA_JV_PM_BUSY_ST;
1788 bta_sys_busy(BTA_ID_JV, p_cb->app_id, p_cb->peer_bd_addr);
1789 break;
1790
1791 default:
1792 LOG(WARNING) << __func__ << ": Invalid state=" << +state;
1793 break;
1794 }
1795 }
1796 /******************************************************************************/
1797