1 /******************************************************************************
2 *
3 * Copyright 2003-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the action functions for device manager state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_dm"
27
28 #include <base/logging.h>
29 #ifdef OS_ANDROID
30 #include <bta.sysprop.h>
31 #endif
32
33 #include <cstdint>
34
35 #include "bta/dm/bta_dm_int.h"
36 #include "bta/gatt/bta_gattc_int.h"
37 #include "bta/include/bta_dm_ci.h"
38 #include "btif/include/btif_config.h"
39 #include "btif/include/btif_dm.h"
40 #include "btif/include/btif_storage.h"
41 #include "btif/include/stack_manager.h"
42 #include "device/include/controller.h"
43 #include "device/include/interop.h"
44 #include "gd/common/init_flags.h"
45 #include "main/shim/acl_api.h"
46 #include "main/shim/btm_api.h"
47 #include "main/shim/dumpsys.h"
48 #include "main/shim/shim.h"
49 #include "osi/include/allocator.h"
50 #include "osi/include/compat.h"
51 #include "osi/include/fixed_queue.h"
52 #include "osi/include/log.h"
53 #include "osi/include/osi.h"
54 #include "osi/include/properties.h"
55 #include "stack/btm/btm_ble_int.h"
56 #include "stack/btm/btm_dev.h"
57 #include "stack/btm/btm_sec.h"
58 #include "stack/btm/neighbor_inquiry.h"
59 #include "stack/gatt/connection_manager.h"
60 #include "stack/include/acl_api.h"
61 #include "stack/include/bt_hdr.h"
62 #include "stack/include/bt_octets.h"
63 #include "stack/include/bt_types.h"
64 #include "stack/include/btm_client_interface.h"
65 #include "stack/include/btu.h" // do_in_main_thread
66 #include "types/bluetooth/uuid.h"
67 #include "types/raw_address.h"
68
69 #if (GAP_INCLUDED == TRUE)
70 #include "gap_api.h"
71 #endif
72
73 using bluetooth::Uuid;
74
75 void BTIF_dm_disable();
76 void BTIF_dm_enable();
77 void btm_ble_adv_init(void);
78 void btm_ble_scanner_init(void);
79
80 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, const uint8_t* p_eir,
81 uint16_t eir_len);
82 static void bta_dm_inq_cmpl_cb(void* p_result);
83 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
84 DEV_CLASS dc,
85 tBTM_BD_NAME bd_name);
86 static void bta_dm_remname_cback(void* p);
87 static void bta_dm_find_services(const RawAddress& bd_addr);
88 static void bta_dm_discover_next_device(void);
89 static void bta_dm_sdp_callback(tSDP_STATUS sdp_status);
90 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
91 const tBTM_BD_NAME bd_name, bool min_16_digit);
92 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
93 DEV_CLASS dev_class,
94 tBTM_BD_NAME bd_name,
95 const LinkKey& key, uint8_t key_type,
96 bool is_ctkd);
97 static void bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
98 DEV_CLASS dev_class,
99 tBTM_BD_NAME bd_name,
100 tHCI_REASON result);
101 static void bta_dm_local_name_cback(void* p_name);
102 static void bta_dm_check_av();
103
104 void BTA_dm_update_policy(tBTA_SYS_CONN_STATUS status, uint8_t id,
105 uint8_t app_id, const RawAddress& peer_addr);
106
107 /* Extended Inquiry Response */
108 static tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
109
110 static void bta_dm_set_eir(char* local_name);
111
112 static void bta_dm_search_timer_cback(void* data);
113 static void bta_dm_disable_conn_down_timer_cback(void* data);
114 void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, uint8_t app_id,
115 const RawAddress& peer_addr);
116 static void bta_dm_adjust_roles(bool delay_role_switch);
117 static char* bta_dm_get_remname(void);
118 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
119
120 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
121 tBT_TRANSPORT transport);
122 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
123
124 static void bta_dm_disable_search_and_disc(void);
125
126 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
127 tBTM_LE_EVT_DATA* p_data);
128 static void bta_dm_ble_id_key_cback(uint8_t key_type,
129 tBTM_BLE_LOCAL_KEYS* p_key);
130 static void bta_dm_gattc_register(void);
131 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
132 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
133 extern tBTM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
134 #if (BLE_VND_INCLUDED == TRUE)
135 static void bta_dm_ctrl_features_rd_cmpl_cback(tHCI_STATUS result);
136 #endif
137
138 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
139 #define BTA_DM_BLE_ADV_CHNL_MAP \
140 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
141 #endif
142
143 /* Disable timer interval (in milliseconds) */
144 #ifndef BTA_DM_DISABLE_TIMER_MS
145 #define BTA_DM_DISABLE_TIMER_MS (2000)
146 #endif
147
148 /* Disable timer retrial interval (in milliseconds) */
149 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
150 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
151 #endif
152
153 /* Disable connection down timer (in milliseconds) */
154 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
155 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 100
156 #endif
157
158 /* Switch delay timer (in milliseconds) */
159 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
160 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
161 #endif
162
163 // Time to wait after receiving shutdown request to delay the actual shutdown
164 // process. This time may be zero which invokes immediate shutdown.
get_DisableDelayTimerInMs()165 static uint64_t get_DisableDelayTimerInMs() {
166 #ifndef OS_ANDROID
167 return 200;
168 #else
169 static const uint64_t kDisableDelayTimerInMs =
170 android::sysprop::bluetooth::Bta::disable_delay().value_or(200);
171 return kDisableDelayTimerInMs;
172 #endif
173 }
174 namespace {
175
176 struct WaitForAllAclConnectionsToDrain {
177 uint64_t time_to_wait_in_ms;
TimeToWaitInMs__anon44026c720111::WaitForAllAclConnectionsToDrain178 unsigned long TimeToWaitInMs() const {
179 return static_cast<unsigned long>(time_to_wait_in_ms);
180 }
AlarmCallbackData__anon44026c720111::WaitForAllAclConnectionsToDrain181 void* AlarmCallbackData() const {
182 return const_cast<void*>(static_cast<const void*>(this));
183 }
184
185 static const WaitForAllAclConnectionsToDrain* FromAlarmCallbackData(
186 void* data);
187 static bool IsFirstPass(const WaitForAllAclConnectionsToDrain*);
188 } first_pass =
189 {
190 .time_to_wait_in_ms = static_cast<uint64_t>(BTA_DM_DISABLE_TIMER_MS),
191 },
192 second_pass = {
193 .time_to_wait_in_ms =
194 static_cast<uint64_t>(BTA_DM_DISABLE_TIMER_RETRIAL_MS),
195 };
196
IsFirstPass(const WaitForAllAclConnectionsToDrain * pass)197 bool WaitForAllAclConnectionsToDrain::IsFirstPass(
198 const WaitForAllAclConnectionsToDrain* pass) {
199 return pass == &first_pass;
200 }
201
202 const WaitForAllAclConnectionsToDrain*
FromAlarmCallbackData(void * data)203 WaitForAllAclConnectionsToDrain::FromAlarmCallbackData(void* data) {
204 return const_cast<const WaitForAllAclConnectionsToDrain*>(
205 static_cast<WaitForAllAclConnectionsToDrain*>(data));
206 }
207
208 } // namespace
209
210 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
211 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
212 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq,
213 const uint8_t* p_eir, uint16_t eir_len);
214 static void bta_dm_observe_cmpl_cb(void* p_result);
215 static void bta_dm_delay_role_switch_cback(void* data);
216 static void bta_dm_wait_for_acl_to_drain_cback(void* data);
217
218 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
219 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
220 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
221 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
222 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
223 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
224 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
225 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
226 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
227 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
228 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
229 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
230 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
231 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
232 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
233 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
234 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
235 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
236 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
237 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
238 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
239 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
240 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
241 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
242 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
243 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
244 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
245 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
246 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
247 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
248 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
249 };
250
251 /* bta security callback */
252 const tBTM_APPL_INFO bta_security = {
253 .p_pin_callback = &bta_dm_pin_cback,
254 .p_link_key_callback = &bta_dm_new_link_key_cback,
255 .p_auth_complete_callback = &bta_dm_authentication_complete_cback,
256 .p_bond_cancel_cmpl_callback = &bta_dm_bond_cancel_complete_cback,
257 .p_sp_callback = &bta_dm_sp_cback,
258 .p_le_callback = &bta_dm_ble_smp_cback,
259 .p_le_key_callback = &bta_dm_ble_id_key_cback};
260
261 #define MAX_DISC_RAW_DATA_BUF (4096)
262 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
263
264 // Stores the local Input/Output Capabilities of the Bluetooth device.
265 static uint8_t btm_local_io_caps;
266
267 /** Initialises the BT device manager */
bta_dm_enable(tBTA_DM_SEC_CBACK * p_sec_cback)268 void bta_dm_enable(tBTA_DM_SEC_CBACK* p_sec_cback) {
269 /* make sure security callback is saved - if no callback, do not erase the
270 previous one,
271 it could be an error recovery mechanism */
272 if (p_sec_cback != NULL) bta_dm_cb.p_sec_cback = p_sec_cback;
273
274 btm_local_io_caps = btif_storage_get_local_io_caps();
275 }
276
277 /*******************************************************************************
278 *
279 * Function bta_dm_init_cb
280 *
281 * Description Initializes the bta_dm_cb control block
282 *
283 *
284 * Returns void
285 *
286 ******************************************************************************/
bta_dm_init_cb(void)287 void bta_dm_init_cb(void) {
288 bta_dm_cb = {};
289 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
290 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
291 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
292 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
293 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
294 }
295 }
296 }
297
298 /*******************************************************************************
299 *
300 * Function bta_dm_deinit_cb
301 *
302 * Description De-initializes the bta_dm_cb control block
303 *
304 *
305 * Returns void
306 *
307 ******************************************************************************/
bta_dm_deinit_cb(void)308 void bta_dm_deinit_cb(void) {
309 /*
310 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
311 * shutdown.
312 */
313 alarm_free(bta_dm_cb.disable_timer);
314 alarm_free(bta_dm_cb.switch_delay_timer);
315 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
316 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
317 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
318 }
319 }
320 bta_dm_cb = {};
321 }
322
BTA_dm_on_hw_off()323 void BTA_dm_on_hw_off() {
324 BTIF_dm_disable();
325
326 /* reinitialize the control block */
327 bta_dm_deinit_cb();
328
329 /* hw is ready, go on with BTA DM initialization */
330 alarm_free(bta_dm_search_cb.search_timer);
331 alarm_free(bta_dm_search_cb.gatt_close_timer);
332 osi_free(bta_dm_search_cb.p_pending_search);
333 fixed_queue_free(bta_dm_search_cb.pending_discovery_queue, osi_free);
334 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
335 }
336
BTA_dm_on_hw_on()337 void BTA_dm_on_hw_on() {
338 DEV_CLASS dev_class;
339 tBTA_DM_SEC_CBACK* temp_cback;
340 uint8_t key_mask = 0;
341 tBTA_BLE_LOCAL_ID_KEYS id_key;
342
343 /* save security callback */
344 temp_cback = bta_dm_cb.p_sec_cback;
345 /* make sure the control block is properly initialized */
346 bta_dm_init_cb();
347 /* and retrieve the callback */
348 bta_dm_cb.p_sec_cback = temp_cback;
349
350 /* hw is ready, go on with BTA DM initialization */
351 alarm_free(bta_dm_search_cb.search_timer);
352 alarm_free(bta_dm_search_cb.gatt_close_timer);
353 osi_free(bta_dm_search_cb.p_pending_search);
354 fixed_queue_free(bta_dm_search_cb.pending_discovery_queue, osi_free);
355 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
356 /*
357 * TODO: Should alarm_free() the bta_dm_search_cb timers during
358 * graceful shutdown.
359 */
360 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
361 bool delay_close_gatt =
362 osi_property_get_bool("bluetooth.gatt.delay_close.enabled", true);
363 bta_dm_search_cb.gatt_close_timer =
364 delay_close_gatt ? alarm_new("bta_dm_search.gatt_close_timer") : nullptr;
365 bta_dm_search_cb.pending_discovery_queue = fixed_queue_new(SIZE_MAX);
366
367 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
368 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
369
370 btif_dm_get_local_class_of_device(dev_class);
371 LOG_INFO("%s: Read default class of device {0x%x, 0x%x, 0x%x}", __func__,
372 dev_class[0], dev_class[1], dev_class[2]);
373
374 if (bluetooth::shim::is_gd_security_enabled()) {
375 bluetooth::shim::BTM_SetDeviceClass(dev_class);
376 } else {
377 BTM_SetDeviceClass(dev_class);
378 }
379
380 /* load BLE local information: ID keys, ER if available */
381 Octet16 er;
382 btif_dm_get_ble_local_keys(&key_mask, &er, &id_key);
383
384 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
385 get_btm_client_interface().ble.BTM_BleLoadLocalKeys(
386 BTA_BLE_LOCAL_KEY_TYPE_ER, (tBTM_BLE_LOCAL_KEYS*)&er);
387 }
388 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
389 get_btm_client_interface().ble.BTM_BleLoadLocalKeys(
390 BTA_BLE_LOCAL_KEY_TYPE_ID, (tBTM_BLE_LOCAL_KEYS*)&id_key);
391 }
392 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
393
394 if (bluetooth::shim::is_gd_security_enabled()) {
395 bluetooth::shim::BTM_SecRegister(&bta_security);
396 } else {
397 get_btm_client_interface().security.BTM_SecRegister(&bta_security);
398 }
399
400 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
401
402 #if (BLE_VND_INCLUDED == TRUE)
403 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
404 #else
405 /* If VSC multi adv commands are available, advertising will be initialized
406 * when capabilities are read. If they are not available, initialize
407 * advertising here */
408 btm_ble_adv_init();
409 /* Set controller features even if vendor support is not included */
410 if (bta_dm_cb.p_sec_cback)
411 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
412 #endif
413
414 btm_ble_scanner_init();
415
416 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
417 bd_addr
418 from the control block and invoking the callback which was sending the
419 DM_ENABLE_EVT.
420 But then we have a few HCI commands being invoked above which were still
421 in progress
422 when the ENABLE_EVT was sent. So modified this to fetch the local name
423 which forces
424 the DM_ENABLE_EVT to be sent only after all the init steps are complete
425 */
426 get_btm_client_interface().local.BTM_ReadLocalDeviceNameFromController(
427 bta_dm_local_name_cback);
428
429 bta_sys_rm_register(bta_dm_rm_cback);
430
431 /* initialize bluetooth low power manager */
432 bta_dm_init_pm();
433
434 bta_dm_gattc_register();
435 }
436
437 /** Disables the BT device manager */
bta_dm_disable()438 void bta_dm_disable() {
439 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
440 * last channel is closed) */
441 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
442 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
443
444 /* disable all active subsystems */
445 bta_sys_disable();
446
447 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE);
448 BTM_SetConnectability(BTM_NON_CONNECTABLE);
449
450 bta_dm_disable_pm();
451 bta_dm_disable_search_and_disc();
452 bta_dm_cb.disabling = true;
453
454 connection_manager::reset(false);
455
456 if (BTM_GetNumAclLinks() == 0) {
457 // We can shut down faster if there are no ACL links
458 switch (get_DisableDelayTimerInMs()) {
459 case 0:
460 LOG_DEBUG("Immediately disabling device manager");
461 bta_dm_disable_conn_down_timer_cback(nullptr);
462 break;
463 default:
464 LOG_DEBUG("Set timer to delay disable initiation:%lu ms",
465 static_cast<unsigned long>(get_DisableDelayTimerInMs()));
466 alarm_set_on_mloop(bta_dm_cb.disable_timer, get_DisableDelayTimerInMs(),
467 bta_dm_disable_conn_down_timer_cback, nullptr);
468 }
469 } else {
470 LOG_DEBUG("Set timer to wait for all ACL connections to close:%lu ms",
471 first_pass.TimeToWaitInMs());
472 alarm_set_on_mloop(bta_dm_cb.disable_timer, first_pass.time_to_wait_in_ms,
473 bta_dm_wait_for_acl_to_drain_cback,
474 first_pass.AlarmCallbackData());
475 }
476 }
477
478 /*******************************************************************************
479 *
480 * Function bta_dm_wait_for_all_acl_to_drain
481 *
482 * Description Called if the disable timer expires
483 * Used to close ACL connections which are still active
484 *
485 * Returns true if there is a device being forcefully disconnected
486 *
487 ******************************************************************************/
force_disconnect_all_acl_connections()488 static bool force_disconnect_all_acl_connections() {
489 const bool is_force_disconnect_needed = (bta_dm_cb.device_list.count > 0);
490
491 for (auto i = 0; i < bta_dm_cb.device_list.count; i++) {
492 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
493 bta_dm_cb.device_list.peer_device[i].transport);
494 }
495 return is_force_disconnect_needed;
496 }
497
bta_dm_wait_for_acl_to_drain_cback(void * data)498 static void bta_dm_wait_for_acl_to_drain_cback(void* data) {
499 ASSERT(data != nullptr);
500 const WaitForAllAclConnectionsToDrain* pass =
501 WaitForAllAclConnectionsToDrain::FromAlarmCallbackData(data);
502
503 if (BTM_GetNumAclLinks() && force_disconnect_all_acl_connections() &&
504 WaitForAllAclConnectionsToDrain::IsFirstPass(pass)) {
505 /* DISABLE_EVT still need to be sent out to avoid java layer disable timeout
506 */
507 LOG_DEBUG(
508 "Set timer for second pass to wait for all ACL connections to "
509 "close:%lu ms ",
510 second_pass.TimeToWaitInMs());
511 alarm_set_on_mloop(bta_dm_cb.disable_timer, second_pass.time_to_wait_in_ms,
512 bta_dm_wait_for_acl_to_drain_cback,
513 second_pass.AlarmCallbackData());
514 } else {
515 // No ACL links to close were up or is second pass at ACL closure
516 LOG_INFO("Ensuring all ACL connections have been properly flushed");
517 bluetooth::shim::ACL_Shutdown();
518
519 bta_dm_cb.disabling = false;
520
521 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
522 BTIF_dm_disable();
523 }
524 }
525
526 /** Sets local device name */
bta_dm_set_dev_name(const std::vector<uint8_t> & name)527 void bta_dm_set_dev_name(const std::vector<uint8_t>& name) {
528 BTM_SetLocalDeviceName((const char*)name.data());
529 bta_dm_set_eir((char*)name.data());
530 }
531
532 /** Sets discoverability, connectability and pairability */
BTA_DmSetVisibility(bt_scan_mode_t mode)533 bool BTA_DmSetVisibility(bt_scan_mode_t mode) {
534 tBTA_DM_DISC disc_mode_param;
535 tBTA_DM_CONN conn_mode_param;
536
537 switch (mode) {
538 case BT_SCAN_MODE_NONE:
539 disc_mode_param = BTA_DM_NON_DISC;
540 conn_mode_param = BTA_DM_NON_CONN;
541 break;
542
543 case BT_SCAN_MODE_CONNECTABLE:
544 disc_mode_param = BTA_DM_NON_DISC;
545 conn_mode_param = BTA_DM_CONN;
546 break;
547
548 case BT_SCAN_MODE_CONNECTABLE_DISCOVERABLE:
549 disc_mode_param = BTA_DM_GENERAL_DISC;
550 conn_mode_param = BTA_DM_CONN;
551 break;
552
553 default:
554 return false;
555 }
556
557 BTM_SetDiscoverability(disc_mode_param);
558 BTM_SetConnectability(conn_mode_param);
559 return true;
560 }
561
bta_dm_process_remove_device_no_callback(const RawAddress & bd_addr)562 static void bta_dm_process_remove_device_no_callback(
563 const RawAddress& bd_addr) {
564 /* need to remove all pending background connection before unpair */
565 BTA_GATTC_CancelOpen(0, bd_addr, false);
566
567 if (bluetooth::shim::is_gd_security_enabled()) {
568 bluetooth::shim::BTM_SecDeleteDevice(bd_addr);
569 } else {
570 BTM_SecDeleteDevice(bd_addr);
571 }
572
573 /* remove all cached GATT information */
574 BTA_GATTC_Refresh(bd_addr);
575 }
576
bta_dm_process_remove_device(const RawAddress & bd_addr)577 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
578 bta_dm_process_remove_device_no_callback(bd_addr);
579
580 if (bta_dm_cb.p_sec_cback) {
581 tBTA_DM_SEC sec_event;
582 sec_event.link_down.bd_addr = bd_addr;
583 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
584 }
585 }
586
587 /** Removes device, disconnects ACL link if required */
bta_dm_remove_device(const RawAddress & bd_addr)588 void bta_dm_remove_device(const RawAddress& bd_addr) {
589 /* If ACL exists for the device in the remove_bond message*/
590 bool is_bd_addr_connected =
591 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
592 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR);
593
594 tBT_TRANSPORT other_transport = BT_TRANSPORT_AUTO;
595 if (is_bd_addr_connected) {
596 APPL_TRACE_DEBUG("%s: ACL Up count: %d", __func__,
597 bta_dm_cb.device_list.count);
598
599 /* Take the link down first, and mark the device for removal when
600 * disconnected */
601 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
602 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
603 if (peer_device.peer_bdaddr == bd_addr) {
604 peer_device.conn_state = BTA_DM_UNPAIRING;
605
606 /* Make sure device is not in acceptlist before we disconnect */
607 GATT_CancelConnect(0, bd_addr, false);
608
609 btm_remove_acl(bd_addr, peer_device.transport);
610 APPL_TRACE_DEBUG("%s: transport: %d", __func__, peer_device.transport);
611
612 /* save the other transport to check if device is connected on
613 * other_transport */
614 if (peer_device.transport == BT_TRANSPORT_LE)
615 other_transport = BT_TRANSPORT_BR_EDR;
616 else
617 other_transport = BT_TRANSPORT_LE;
618
619 break;
620 }
621 }
622 }
623
624 RawAddress other_address = bd_addr;
625 RawAddress other_address2 = bd_addr;
626
627 // If it is DUMO device and device is paired as different address, unpair that
628 // device
629 bool other_address_connected =
630 (other_transport)
631 ? BTM_ReadConnectedTransportAddress(&other_address, other_transport)
632 : (BTM_ReadConnectedTransportAddress(&other_address,
633 BT_TRANSPORT_BR_EDR) ||
634 BTM_ReadConnectedTransportAddress(&other_address2,
635 BT_TRANSPORT_LE));
636 if (other_address == bd_addr) other_address = other_address2;
637
638 if (other_address_connected) {
639 // Get real transport
640 if (other_transport == BT_TRANSPORT_AUTO) {
641 bool connected_with_br_edr =
642 BTM_IsAclConnectionUp(other_address, BT_TRANSPORT_BR_EDR);
643 other_transport =
644 connected_with_br_edr ? BT_TRANSPORT_BR_EDR : BT_TRANSPORT_LE;
645 }
646 LOG_INFO("other_address %s with transport %d connected",
647 PRIVATE_ADDRESS(other_address), other_transport);
648 /* Take the link down first, and mark the device for removal when
649 * disconnected */
650 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
651 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
652 if (peer_device.peer_bdaddr == other_address &&
653 peer_device.transport == other_transport) {
654 peer_device.conn_state = BTA_DM_UNPAIRING;
655 LOG_INFO("Remove ACL of address %s", PRIVATE_ADDRESS(other_address));
656
657 /* Make sure device is not in acceptlist before we disconnect */
658 GATT_CancelConnect(0, bd_addr, false);
659
660 btm_remove_acl(other_address, peer_device.transport);
661 break;
662 }
663 }
664 }
665
666 /* Delete the device mentioned in the msg */
667 if (!is_bd_addr_connected) {
668 bta_dm_process_remove_device(bd_addr);
669 }
670
671 /* Delete the other paired device too */
672 if (!other_address_connected && !other_address.IsEmpty()) {
673 bta_dm_process_remove_device(other_address);
674 }
675 }
676
677 /*******************************************************************************
678 *
679 * Function bta_dm_add_device
680 *
681 * Description This function adds a Link Key to an security database entry.
682 * It is normally called during host startup to restore all
683 * required information stored in the NVRAM.
684 ******************************************************************************/
bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg)685 void bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg) {
686 uint8_t* p_dc = NULL;
687 LinkKey* p_lc = NULL;
688
689 /* If not all zeros, the device class has been specified */
690 if (msg->dc_known) p_dc = (uint8_t*)msg->dc;
691
692 if (msg->link_key_known) p_lc = &msg->link_key;
693
694 if (bluetooth::shim::is_gd_security_enabled()) {
695 bluetooth::shim::BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, nullptr,
696 p_lc, msg->key_type, msg->pin_length);
697 } else {
698 auto add_result =
699 BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, nullptr, p_lc,
700 msg->key_type, msg->pin_length);
701 if (!add_result) {
702 LOG(ERROR) << "BTA_DM: Error adding device " << msg->bd_addr;
703 }
704 }
705 }
706
707 /** This function forces to close the connection to a remote device and
708 * optionaly remove the device from security database if required. */
bta_dm_close_acl(const RawAddress & bd_addr,bool remove_dev,tBT_TRANSPORT transport)709 void bta_dm_close_acl(const RawAddress& bd_addr, bool remove_dev,
710 tBT_TRANSPORT transport) {
711 uint8_t index;
712
713 APPL_TRACE_DEBUG("bta_dm_close_acl");
714
715 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
716 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
717 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr == bd_addr)
718 break;
719 }
720 if (index != bta_dm_cb.device_list.count) {
721 if (remove_dev)
722 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
723 } else {
724 APPL_TRACE_ERROR("unknown device, remove ACL failed");
725 }
726
727 /* Make sure device is not in acceptlist before we disconnect */
728 GATT_CancelConnect(0, bd_addr, false);
729
730 /* Disconnect the ACL link */
731 btm_remove_acl(bd_addr, transport);
732 }
733 /* if to remove the device from security database ? do it now */
734 else if (remove_dev) {
735 bta_dm_process_remove_device_no_callback(bd_addr);
736 }
737 /* otherwise, no action needed */
738 }
739
740 /** Bonds with peer device */
bta_dm_bond(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_TRANSPORT transport,tBT_DEVICE_TYPE device_type)741 void bta_dm_bond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
742 tBT_TRANSPORT transport, tBT_DEVICE_TYPE device_type) {
743 LOG_DEBUG("Bonding with peer device:%s type:%s transport:%s type:%s",
744 PRIVATE_ADDRESS(bd_addr), AddressTypeText(addr_type).c_str(),
745 bt_transport_text(transport).c_str(),
746 DeviceTypeText(device_type).c_str());
747
748 tBTA_DM_SEC sec_event;
749 char* p_name;
750
751 tBTM_STATUS status =
752 (bluetooth::shim::is_gd_security_enabled())
753 ? bluetooth::shim::BTM_SecBond(bd_addr, addr_type, transport,
754 device_type)
755 : BTM_SecBond(bd_addr, addr_type, transport, device_type, 0, NULL);
756
757 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
758 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
759 sec_event.auth_cmpl.bd_addr = bd_addr;
760 p_name = (bluetooth::shim::is_gd_security_enabled())
761 ? bluetooth::shim::BTM_SecReadDevName(bd_addr)
762 : BTM_SecReadDevName(bd_addr);
763 if (p_name != NULL) {
764 memcpy(sec_event.auth_cmpl.bd_name, p_name, BD_NAME_LEN);
765 sec_event.auth_cmpl.bd_name[BD_NAME_LEN] = 0;
766 }
767
768 /* taken care of by memset [above]
769 sec_event.auth_cmpl.key_present = false;
770 sec_event.auth_cmpl.success = false;
771 */
772 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
773 if (status == BTM_SUCCESS) {
774 sec_event.auth_cmpl.success = true;
775 } else {
776 /* delete this device entry from Sec Dev DB */
777 bta_dm_remove_sec_dev_entry(bd_addr);
778 }
779 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
780 }
781 }
782
783 /** Cancels bonding with a peer device */
bta_dm_bond_cancel(const RawAddress & bd_addr)784 void bta_dm_bond_cancel(const RawAddress& bd_addr) {
785 tBTM_STATUS status;
786 tBTA_DM_SEC sec_event;
787
788 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
789
790 status = (bluetooth::shim::is_gd_security_enabled())
791 ? bluetooth::shim::BTM_SecBondCancel(bd_addr)
792 : BTM_SecBondCancel(bd_addr);
793
794 if (bta_dm_cb.p_sec_cback &&
795 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
796 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
797
798 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
799 }
800 }
801
802 /** Send the pin_reply to a request from BTM */
bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg)803 void bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg) {
804 if (msg->accept) {
805 if (bluetooth::shim::is_gd_security_enabled()) {
806 bluetooth::shim::BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len,
807 msg->p_pin);
808 } else {
809 BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len, msg->p_pin);
810 }
811 } else {
812 if (bluetooth::shim::is_gd_security_enabled()) {
813 bluetooth::shim::BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0,
814 NULL);
815 } else {
816 BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0, NULL);
817 }
818 }
819 }
820
821 /** Send the user confirm request reply in response to a request from BTM */
bta_dm_confirm(const RawAddress & bd_addr,bool accept)822 void bta_dm_confirm(const RawAddress& bd_addr, bool accept) {
823 if (bluetooth::shim::is_gd_security_enabled()) {
824 bluetooth::shim::BTM_ConfirmReqReply(
825 accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
826 } else {
827 BTM_ConfirmReqReply(accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
828 }
829 }
830
831 /** respond to the OOB data request for the remote device from BTM */
bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg)832 void bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg) {
833 if (bluetooth::shim::is_gd_security_enabled()) {
834 bluetooth::shim::BTM_RemoteOobDataReply(
835 msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, msg->bd_addr, msg->c,
836 msg->r);
837 } else {
838 BTM_RemoteOobDataReply(msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
839 msg->bd_addr, msg->c, msg->r);
840 }
841 }
842
843 /*******************************************************************************
844 *
845 * Function bta_dm_search_start
846 *
847 * Description Starts an inquiry
848 *
849 *
850 * Returns void
851 *
852 ******************************************************************************/
bta_dm_search_start(tBTA_DM_MSG * p_data)853 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
854 tBTM_INQUIRY_CMPL result = {};
855
856 bta_dm_gattc_register();
857
858 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
859 p_bta_dm_cfg->avoid_scatter);
860
861 BTM_ClearInqDb(nullptr);
862 /* save search params */
863 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
864 bta_dm_search_cb.services = p_data->search.services;
865
866 result.status = BTM_StartInquiry(bta_dm_inq_results_cb, bta_dm_inq_cmpl_cb);
867
868 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
869 if (result.status != BTM_CMD_STARTED) {
870 LOG(ERROR) << __func__ << ": BTM_StartInquiry returned "
871 << std::to_string(result.status);
872 result.num_resp = 0;
873 bta_dm_inq_cmpl_cb((void*)&result);
874 }
875 }
876
877 /*******************************************************************************
878 *
879 * Function bta_dm_search_cancel
880 *
881 * Description Cancels an ongoing search for devices
882 *
883 *
884 * Returns void
885 *
886 ******************************************************************************/
bta_dm_search_cancel()887 void bta_dm_search_cancel() {
888 if (BTM_IsInquiryActive()) {
889 BTM_CancelInquiry();
890 bta_dm_search_cancel_notify();
891 bta_dm_search_cmpl();
892 }
893 /* If no Service Search going on then issue cancel remote name in case it is
894 active */
895 else if (!bta_dm_search_cb.name_discover_done) {
896 BTM_CancelRemoteDeviceName();
897 bta_dm_search_cmpl();
898 } else {
899 bta_dm_inq_cmpl(0);
900 }
901 }
902
903 /*******************************************************************************
904 *
905 * Function bta_dm_discover
906 *
907 * Description Discovers services on a remote device
908 *
909 *
910 * Returns void
911 *
912 ******************************************************************************/
bta_dm_discover(tBTA_DM_MSG * p_data)913 void bta_dm_discover(tBTA_DM_MSG* p_data) {
914 /* save the search condition */
915 bta_dm_search_cb.services = BTA_ALL_SERVICE_MASK;
916
917 bta_dm_gattc_register();
918
919 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
920 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
921 bta_dm_search_cb.service_index = 0;
922 bta_dm_search_cb.services_found = 0;
923 bta_dm_search_cb.peer_name[0] = 0;
924 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
925 bta_dm_search_cb.transport = p_data->discover.transport;
926
927 bta_dm_search_cb.name_discover_done = false;
928
929 LOG_INFO("bta_dm_discovery: starting service discovery to %s , transport: %s",
930 PRIVATE_ADDRESS(p_data->discover.bd_addr),
931 bt_transport_text(p_data->discover.transport).c_str());
932 bta_dm_discover_device(p_data->discover.bd_addr);
933 }
934
935 /*******************************************************************************
936 *
937 * Function bta_dm_disable_search_and_disc
938 *
939 * Description Cancels an ongoing search or discovery for devices in case
940 * of a Bluetooth disable
941 *
942 *
943 * Returns void
944 *
945 ******************************************************************************/
bta_dm_disable_search_and_disc(void)946 static void bta_dm_disable_search_and_disc(void) {
947 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel();
948 }
949
950 /*******************************************************************************
951 *
952 * Function bta_dm_read_remote_device_name
953 *
954 * Description Initiate to get remote device name
955 *
956 * Returns true if started to get remote name
957 *
958 ******************************************************************************/
bta_dm_read_remote_device_name(const RawAddress & bd_addr,tBT_TRANSPORT transport)959 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
960 tBT_TRANSPORT transport) {
961 tBTM_STATUS btm_status;
962
963 APPL_TRACE_DEBUG("%s", __func__);
964
965 bta_dm_search_cb.peer_bdaddr = bd_addr;
966 bta_dm_search_cb.peer_name[0] = 0;
967
968 btm_status =
969 (bluetooth::shim::is_gd_security_enabled())
970 ? bluetooth::shim::BTM_ReadRemoteDeviceName(
971 bta_dm_search_cb.peer_bdaddr, bta_dm_remname_cback, transport)
972 : BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
973 bta_dm_remname_cback, transport);
974
975 if (btm_status == BTM_CMD_STARTED) {
976 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
977
978 return (true);
979 } else if (btm_status == BTM_BUSY) {
980 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
981
982 /* Remote name discovery is on going now so BTM cannot notify through
983 * "bta_dm_remname_cback" */
984 /* adding callback to get notified that current reading remote name done */
985
986 if (bluetooth::shim::is_gd_security_enabled()) {
987 bluetooth::shim::BTM_SecAddRmtNameNotifyCallback(
988 &bta_dm_service_search_remname_cback);
989 } else {
990 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
991 }
992
993 return (true);
994 } else {
995 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
996 btm_status);
997
998 return (false);
999 }
1000 }
1001
1002 /*******************************************************************************
1003 *
1004 * Function bta_dm_inq_cmpl
1005 *
1006 * Description Process the inquiry complete event from BTM
1007 *
1008 * Returns void
1009 *
1010 ******************************************************************************/
bta_dm_inq_cmpl(uint8_t num)1011 void bta_dm_inq_cmpl(uint8_t num) {
1012 if (bta_dm_search_get_state() == BTA_DM_SEARCH_CANCELLING) {
1013 bta_dm_search_set_state(BTA_DM_SEARCH_IDLE);
1014 bta_dm_execute_queued_request();
1015 return;
1016 }
1017
1018 if (bta_dm_search_get_state() != BTA_DM_SEARCH_ACTIVE) {
1019 return;
1020 }
1021
1022 tBTA_DM_SEARCH data;
1023
1024 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1025
1026 data.inq_cmpl.num_resps = num;
1027 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1028
1029 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1030 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1031 /* start name and service discovery from the first device on inquiry result
1032 */
1033 bta_dm_search_cb.name_discover_done = false;
1034 bta_dm_search_cb.peer_name[0] = 0;
1035 bta_dm_discover_device(
1036 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1037 } else {
1038 bta_dm_search_cb.services = 0;
1039 bta_dm_search_cmpl();
1040 }
1041 }
1042
1043 /*******************************************************************************
1044 *
1045 * Function bta_dm_rmt_name
1046 *
1047 * Description Process the remote name result from BTM
1048 *
1049 * Returns void
1050 *
1051 ******************************************************************************/
bta_dm_rmt_name(tBTA_DM_MSG * p_data)1052 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1053 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1054
1055 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1056 bta_dm_search_cb.p_btm_inq_info) {
1057 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1058 }
1059
1060 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1061 }
1062
1063 /*******************************************************************************
1064 *
1065 * Function bta_dm_disc_rmt_name
1066 *
1067 * Description Process the remote name result from BTM when application
1068 * wants to find the name for a bdaddr
1069 *
1070 * Returns void
1071 *
1072 ******************************************************************************/
bta_dm_disc_rmt_name(tBTA_DM_MSG * p_data)1073 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1074 tBTM_INQ_INFO* p_btm_inq_info;
1075
1076 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1077
1078 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1079 if (p_btm_inq_info) {
1080 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1081 p_btm_inq_info->appl_knows_rem_name = true;
1082 }
1083 }
1084
1085 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1086 }
1087
1088 /*******************************************************************************
1089 *
1090 * Function bta_dm_sdp_result
1091 *
1092 * Description Process the discovery result from sdp
1093 *
1094 * Returns void
1095 *
1096 ******************************************************************************/
bta_dm_sdp_result(tBTA_DM_MSG * p_data)1097 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1098 tSDP_DISC_REC* p_sdp_rec = NULL;
1099 tBTA_DM_MSG* p_msg;
1100 bool scn_found = false;
1101 uint16_t service = 0xFFFF;
1102 tSDP_PROTOCOL_ELEM pe;
1103
1104 std::vector<Uuid> uuid_list;
1105
1106 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1107 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1108 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1109 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1110 do {
1111 p_sdp_rec = NULL;
1112 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1113 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1114 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1115 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1116 scn_found = true;
1117 }
1118 } else {
1119 service =
1120 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1121 p_sdp_rec =
1122 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1123 }
1124 /* finished with BR/EDR services, now we check the result for GATT based
1125 * service UUID */
1126 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1127 /* all GATT based services */
1128
1129 std::vector<Uuid> gatt_uuids;
1130
1131 do {
1132 /* find a service record, report it */
1133 p_sdp_rec =
1134 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1135 if (p_sdp_rec) {
1136 Uuid service_uuid;
1137 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1138 gatt_uuids.push_back(service_uuid);
1139 }
1140 }
1141 } while (p_sdp_rec);
1142
1143 if (!gatt_uuids.empty()) {
1144 LOG_INFO("GATT services discovered using SDP");
1145
1146 // send all result back to app
1147 tBTA_DM_SEARCH result;
1148 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1149 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1150 BD_NAME_LEN + 1);
1151
1152 result.disc_ble_res.services = &gatt_uuids;
1153 bta_dm_search_cb.p_search_cback(BTA_DM_GATT_OVER_SDP_RES_EVT,
1154 &result);
1155 }
1156 } else {
1157 /* SDP_DB_FULL means some records with the
1158 required attributes were received */
1159 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1160 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1161 (p_sdp_rec != NULL)) {
1162 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1163 bta_dm_search_cb.services_found |=
1164 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1165 bta_dm_search_cb.service_index - 1));
1166 uint16_t tmp_svc =
1167 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1168 1];
1169 /* Add to the list of UUIDs */
1170 uuid_list.push_back(Uuid::From16Bit(tmp_svc));
1171 }
1172 }
1173 }
1174
1175 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1176 bta_dm_search_cb.services_to_search == 0) {
1177 bta_dm_search_cb.service_index++;
1178 } else /* regular one service per search or PNP search */
1179 break;
1180
1181 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1182
1183 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1184 bta_dm_search_cb.services_found);
1185
1186 /* Collect the 128-bit services here and put them into the list */
1187 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1188 p_sdp_rec = NULL;
1189 do {
1190 /* find a service record, report it */
1191 p_sdp_rec =
1192 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1193 if (p_sdp_rec) {
1194 // SDP_FindServiceUUIDInRec_128bit is used only once, refactor?
1195 Uuid temp_uuid;
1196 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1197 uuid_list.push_back(temp_uuid);
1198 }
1199 }
1200 } while (p_sdp_rec);
1201 }
1202 /* if there are more services to search for */
1203 if (bta_dm_search_cb.services_to_search) {
1204 /* Free up the p_sdp_db before checking the next one */
1205 bta_dm_free_sdp_db();
1206 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1207 } else {
1208 /* callbacks */
1209 /* start next bd_addr if necessary */
1210
1211 if (bluetooth::shim::is_gd_security_enabled()) {
1212 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1213 &bta_dm_service_search_remname_cback);
1214 } else {
1215 BTM_SecDeleteRmtNameNotifyCallback(
1216 &bta_dm_service_search_remname_cback);
1217 }
1218
1219 p_msg = (tBTA_DM_MSG*)osi_calloc(sizeof(tBTA_DM_MSG));
1220 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1221 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1222 p_msg->disc_result.result.disc_res.num_uuids = uuid_list.size();
1223 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1224 if (uuid_list.size() > 0) {
1225 // TODO(jpawlowski): make p_uuid_list into vector, and just copy
1226 // vectors, but first get rid of bta_sys_sendmsg below.
1227 p_msg->disc_result.result.disc_res.p_uuid_list =
1228 (Uuid*)osi_calloc(uuid_list.size() * sizeof(Uuid));
1229 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list.data(),
1230 uuid_list.size() * sizeof(Uuid));
1231 }
1232 // Copy the raw_data to the discovery result structure
1233 if (bta_dm_search_cb.p_sdp_db != NULL &&
1234 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1235 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1236 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1237 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1238 bta_dm_search_cb.p_sdp_db->raw_data);
1239
1240 bta_dm_search_cb.p_sdp_db->raw_data =
1241 NULL; // no need to free this - it is a global assigned.
1242 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1243 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1244 } else {
1245 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1246 __func__);
1247 }
1248 /* Done with p_sdp_db. Free it */
1249 bta_dm_free_sdp_db();
1250 p_msg->disc_result.result.disc_res.services =
1251 bta_dm_search_cb.services_found;
1252
1253 // Piggy back the SCN over result field
1254 if (scn_found) {
1255 p_msg->disc_result.result.disc_res.result =
1256 static_cast<tBTA_STATUS>((3 + bta_dm_search_cb.peer_scn));
1257 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1258
1259 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1260 bta_dm_search_cb.peer_scn);
1261 }
1262 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1263 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1264 bta_dm_get_remname(), BD_NAME_LEN + 1);
1265
1266 bta_sys_sendmsg(p_msg);
1267 }
1268 } else {
1269 /* conn failed. No need for timer */
1270 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED)
1271 bta_dm_search_cb.wait_disc = false;
1272
1273 /* not able to connect go to next device */
1274 if (bta_dm_search_cb.p_sdp_db)
1275 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1276
1277 if (bluetooth::shim::is_gd_security_enabled()) {
1278 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1279 &bta_dm_service_search_remname_cback);
1280 } else {
1281 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1282 }
1283
1284 p_msg = (tBTA_DM_MSG*)osi_calloc(sizeof(tBTA_DM_MSG));
1285 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1286 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1287 p_msg->disc_result.result.disc_res.services =
1288 bta_dm_search_cb.services_found;
1289 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1290 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1291 bta_dm_get_remname(), BD_NAME_LEN + 1);
1292
1293 bta_sys_sendmsg(p_msg);
1294 }
1295 }
1296
1297 /*******************************************************************************
1298 *
1299 * Function bta_dm_search_cmpl
1300 *
1301 * Description Sends event to application
1302 *
1303 * Returns void
1304 *
1305 ******************************************************************************/
bta_dm_search_cmpl()1306 void bta_dm_search_cmpl() {
1307 bta_dm_search_set_state(BTA_DM_SEARCH_IDLE);
1308
1309 uint16_t conn_id = bta_dm_search_cb.conn_id;
1310
1311 tBTA_DM_SEARCH result;
1312 std::vector<Uuid> gatt_services;
1313 result.disc_ble_res.services = &gatt_services;
1314 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1315 strlcpy((char*)result.disc_ble_res.bd_name, (char*)bta_dm_search_cb.peer_name,
1316 BD_NAME_LEN + 1);
1317
1318 bool send_gatt_results =
1319 bluetooth::common::init_flags::
1320 always_send_services_if_gatt_disc_done_is_enabled()
1321 ? bta_dm_search_cb.gatt_disc_active
1322 : false;
1323
1324 /* no BLE connection, i.e. Classic service discovery end */
1325 if (conn_id == GATT_INVALID_CONN_ID) {
1326 if (bta_dm_search_cb.gatt_disc_active) {
1327 LOG_WARN(
1328 "GATT active but no BLE connection, likely disconnected midway "
1329 "through");
1330 } else {
1331 LOG_INFO("No BLE connection, processing classic results");
1332 }
1333 } else {
1334 btgatt_db_element_t* db = NULL;
1335 int count = 0;
1336 BTA_GATTC_GetGattDb(conn_id, 0x0000, 0xFFFF, &db, &count);
1337 if (count != 0) {
1338 for (int i = 0; i < count; i++) {
1339 // we process service entries only
1340 if (db[i].type == BTGATT_DB_PRIMARY_SERVICE) {
1341 gatt_services.push_back(db[i].uuid);
1342 }
1343 }
1344 osi_free(db);
1345 LOG_INFO(
1346 "GATT services discovered using LE Transport, will always send to "
1347 "upper layer");
1348 send_gatt_results = true;
1349 } else {
1350 LOG_WARN("Empty GATT database - no BLE services discovered");
1351 }
1352 }
1353
1354 // send all result back to app
1355 if (send_gatt_results) {
1356 LOG_INFO("Sending GATT results to upper layer");
1357 bta_dm_search_cb.p_search_cback(BTA_DM_GATT_OVER_LE_RES_EVT, &result);
1358 }
1359
1360 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, nullptr);
1361 bta_dm_search_cb.gatt_disc_active = false;
1362
1363 bta_dm_execute_queued_request();
1364 }
1365
1366 /*******************************************************************************
1367 *
1368 * Function bta_dm_disc_result
1369 *
1370 * Description Service discovery result when discovering services on a
1371 * device
1372 *
1373 * Returns void
1374 *
1375 ******************************************************************************/
bta_dm_disc_result(tBTA_DM_MSG * p_data)1376 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1377 APPL_TRACE_EVENT("%s", __func__);
1378
1379 /* disc_res.device_type is set only when GATT discovery is finished in
1380 * bta_dm_gatt_disc_complete */
1381 bool is_gatt_over_ble = ((p_data->disc_result.result.disc_res.device_type &
1382 BT_DEVICE_TYPE_BLE) != 0);
1383
1384 /* if any BR/EDR service discovery has been done, report the event */
1385 if (!is_gatt_over_ble && (bta_dm_search_cb.services &
1386 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1387 ~BTA_BLE_SERVICE_MASK)))
1388 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1389 &p_data->disc_result.result);
1390
1391 bta_dm_search_cmpl();
1392 }
1393
1394 /*******************************************************************************
1395 *
1396 * Function bta_dm_search_result
1397 *
1398 * Description Service discovery result while searching for devices
1399 *
1400 * Returns void
1401 *
1402 ******************************************************************************/
bta_dm_search_result(tBTA_DM_MSG * p_data)1403 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1404 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1405 bta_dm_search_cb.services,
1406 p_data->disc_result.result.disc_res.services);
1407
1408 /* call back if application wants name discovery or found services that
1409 * application is searching */
1410 if ((!bta_dm_search_cb.services) ||
1411 ((bta_dm_search_cb.services) &&
1412 (p_data->disc_result.result.disc_res.services))) {
1413 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1414 &p_data->disc_result.result);
1415 }
1416
1417 /* if searching did not initiate to create link */
1418 if (!bta_dm_search_cb.wait_disc) {
1419 /* if service searching is done with EIR, don't search next device */
1420 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1421 } else {
1422 /* wait until link is disconnected or timeout */
1423 bta_dm_search_cb.sdp_results = true;
1424 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1425 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1426 bta_dm_search_timer_cback, NULL);
1427 }
1428 }
1429
1430 /*******************************************************************************
1431 *
1432 * Function bta_dm_search_timer_cback
1433 *
1434 * Description Called when ACL disconnect time is over
1435 *
1436 *
1437 * Returns void
1438 *
1439 ******************************************************************************/
bta_dm_search_timer_cback(UNUSED_ATTR void * data)1440 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1441 APPL_TRACE_EVENT("%s", __func__);
1442 bta_dm_search_cb.wait_disc = false;
1443
1444 /* proceed with next device */
1445 bta_dm_discover_next_device();
1446 }
1447
1448 /*******************************************************************************
1449 *
1450 * Function bta_dm_free_sdp_db
1451 *
1452 * Description Frees SDP data base
1453 *
1454 * Returns void
1455 *
1456 ******************************************************************************/
bta_dm_free_sdp_db()1457 void bta_dm_free_sdp_db() {
1458 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1459 }
1460
1461 /*******************************************************************************
1462 *
1463 * Function bta_dm_queue_search
1464 *
1465 * Description Queues search command
1466 *
1467 * Returns void
1468 *
1469 ******************************************************************************/
bta_dm_queue_search(tBTA_DM_MSG * p_data)1470 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1471 osi_free_and_reset((void**)&bta_dm_search_cb.p_pending_search);
1472 bta_dm_search_cb.p_pending_search =
1473 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1474 memcpy(bta_dm_search_cb.p_pending_search, p_data, sizeof(tBTA_DM_API_SEARCH));
1475 }
1476
1477 /*******************************************************************************
1478 *
1479 * Function bta_dm_queue_disc
1480 *
1481 * Description Queues discovery command
1482 *
1483 * Returns void
1484 *
1485 ******************************************************************************/
bta_dm_queue_disc(tBTA_DM_MSG * p_data)1486 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1487 tBTA_DM_MSG* p_pending_discovery =
1488 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1489 memcpy(p_pending_discovery, p_data, sizeof(tBTA_DM_API_DISCOVER));
1490
1491 LOG_INFO("bta_dm_discovery: queuing service discovery to %s",
1492 p_pending_discovery->discover.bd_addr.ToString().c_str());
1493 fixed_queue_enqueue(bta_dm_search_cb.pending_discovery_queue,
1494 p_pending_discovery);
1495 }
1496
1497 /*******************************************************************************
1498 *
1499 * Function bta_dm_execute_queued_request
1500 *
1501 * Description Executes queued request if one exists
1502 *
1503 * Returns void
1504 *
1505 ******************************************************************************/
bta_dm_execute_queued_request()1506 void bta_dm_execute_queued_request() {
1507 if (bta_dm_search_cb.p_pending_search) {
1508 LOG_INFO("%s Start pending search", __func__);
1509 bta_sys_sendmsg(bta_dm_search_cb.p_pending_search);
1510 bta_dm_search_cb.p_pending_search = NULL;
1511 } else {
1512 tBTA_DM_MSG* p_pending_discovery = (tBTA_DM_MSG*)fixed_queue_try_dequeue(
1513 bta_dm_search_cb.pending_discovery_queue);
1514 if (p_pending_discovery) {
1515 LOG_INFO("%s Start pending discovery", __func__);
1516 bta_sys_sendmsg(p_pending_discovery);
1517 }
1518 }
1519 }
1520
1521 /*******************************************************************************
1522 *
1523 * Function bta_dm_is_search_request_queued
1524 *
1525 * Description Checks if there is a queued search request
1526 *
1527 * Returns bool
1528 *
1529 ******************************************************************************/
bta_dm_is_search_request_queued()1530 bool bta_dm_is_search_request_queued() {
1531 return bta_dm_search_cb.p_pending_search != NULL;
1532 }
1533
1534 /*******************************************************************************
1535 *
1536 * Function bta_dm_search_clear_queue
1537 *
1538 * Description Clears the queue if API search cancel is called
1539 *
1540 * Returns void
1541 *
1542 ******************************************************************************/
bta_dm_search_clear_queue()1543 void bta_dm_search_clear_queue() {
1544 osi_free_and_reset((void**)&bta_dm_search_cb.p_pending_search);
1545 if (bluetooth::common::InitFlags::
1546 IsBtmDmFlushDiscoveryQueueOnSearchCancel()) {
1547 fixed_queue_flush(bta_dm_search_cb.pending_discovery_queue, osi_free);
1548 }
1549 }
1550
1551 /*******************************************************************************
1552 *
1553 * Function bta_dm_search_cancel_notify
1554 *
1555 * Description Notify application that search has been cancelled
1556 *
1557 * Returns void
1558 *
1559 ******************************************************************************/
bta_dm_search_cancel_notify()1560 void bta_dm_search_cancel_notify() {
1561 if (bta_dm_search_cb.p_search_cback) {
1562 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1563 }
1564 if (!bta_dm_search_cb.name_discover_done &&
1565 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE ||
1566 bta_dm_search_cb.state == BTA_DM_SEARCH_CANCELLING)) {
1567 BTM_CancelRemoteDeviceName();
1568 }
1569 }
1570
1571 /*******************************************************************************
1572 *
1573 * Function bta_dm_find_services
1574 *
1575 * Description Starts discovery on a device
1576 *
1577 * Returns void
1578 *
1579 ******************************************************************************/
bta_dm_find_services(const RawAddress & bd_addr)1580 static void bta_dm_find_services(const RawAddress& bd_addr) {
1581 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1582 Uuid uuid = Uuid::kEmpty;
1583 if (bta_dm_search_cb.services_to_search &
1584 (tBTA_SERVICE_MASK)(
1585 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1586 bta_dm_search_cb.p_sdp_db =
1587 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1588 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1589 bta_dm_search_cb.services);
1590 /* try to search all services by search based on L2CAP UUID */
1591 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1592 LOG_INFO("%s services_to_search=%08x", __func__,
1593 bta_dm_search_cb.services_to_search);
1594 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1595 uuid = Uuid::From16Bit(bta_service_id_to_uuid_lkup_tbl[0]);
1596 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1597 } else {
1598 uuid = Uuid::From16Bit(UUID_PROTOCOL_L2CAP);
1599 bta_dm_search_cb.services_to_search = 0;
1600 }
1601 } else {
1602 /* for LE only profile */
1603 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1604 uuid = Uuid::From16Bit(
1605 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1606
1607 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1608 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1609 } else {
1610 /* remove the service from services to be searched */
1611 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1612 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1613 uuid = Uuid::From16Bit(
1614 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1615 }
1616 }
1617
1618 LOG_INFO("%s search UUID = %s", __func__, uuid.ToString().c_str());
1619 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1620 &uuid, 0, NULL);
1621
1622 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1623 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1624
1625 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1626
1627 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1628 &bta_dm_sdp_callback)) {
1629 /*
1630 * If discovery is not successful with this device, then
1631 * proceed with the next one.
1632 */
1633 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1634 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
1635
1636 } else {
1637 bta_dm_search_cb.service_index++;
1638 return;
1639 }
1640 }
1641
1642 bta_dm_search_cb.service_index++;
1643 }
1644
1645 /* no more services to be discovered */
1646 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
1647 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1648 /* initialize the data structure */
1649 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1650 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1651 p_msg->disc_result.result.disc_res.services =
1652 bta_dm_search_cb.services_found;
1653 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1654 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1655 bta_dm_get_remname(), BD_NAME_LEN + 1);
1656
1657 bta_sys_sendmsg(p_msg);
1658 }
1659 }
1660
1661 /*******************************************************************************
1662 *
1663 * Function bta_dm_discover_next_device
1664 *
1665 * Description Starts discovery on the next device in Inquiry data base
1666 *
1667 * Returns void
1668 *
1669 ******************************************************************************/
bta_dm_discover_next_device(void)1670 static void bta_dm_discover_next_device(void) {
1671 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
1672
1673 /* searching next device on inquiry result */
1674 bta_dm_search_cb.p_btm_inq_info =
1675 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
1676 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1677 bta_dm_search_cb.name_discover_done = false;
1678 bta_dm_search_cb.peer_name[0] = 0;
1679 bta_dm_discover_device(
1680 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1681 } else {
1682 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1683
1684 /* no devices, search complete */
1685 bta_dm_search_cb.services = 0;
1686
1687 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1688 bta_sys_sendmsg(p_msg);
1689 }
1690 }
1691
1692 /*******************************************************************************
1693 *
1694 * Function bta_dm_discover_device
1695 *
1696 * Description Starts name and service discovery on the device
1697 *
1698 * Returns void
1699 *
1700 ******************************************************************************/
bta_dm_discover_device(const RawAddress & remote_bd_addr)1701 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
1702 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1703 if (bta_dm_search_cb.transport == BT_TRANSPORT_AUTO) {
1704 tBT_DEVICE_TYPE dev_type;
1705 tBLE_ADDR_TYPE addr_type;
1706
1707 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
1708 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
1709 transport = BT_TRANSPORT_LE;
1710 } else {
1711 transport = bta_dm_search_cb.transport;
1712 }
1713
1714 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
1715
1716 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
1717
1718 APPL_TRACE_DEBUG(
1719 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
1720 __func__, bta_dm_search_cb.name_discover_done,
1721 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
1722
1723 if (bta_dm_search_cb.p_btm_inq_info) {
1724 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
1725 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
1726 }
1727 if (((bta_dm_search_cb.p_btm_inq_info) &&
1728 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
1729 BT_DEVICE_TYPE_BLE) &&
1730 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) ||
1731 (transport == BT_TRANSPORT_LE &&
1732 interop_match_addr(INTEROP_DISABLE_NAME_REQUEST,
1733 &bta_dm_search_cb.peer_bdaddr))) {
1734 /* Do not perform RNR for LE devices at inquiry complete*/
1735 bta_dm_search_cb.name_discover_done = true;
1736 }
1737 // If we already have the name we can skip getting the name
1738 if (BTM_IsRemoteNameKnown(remote_bd_addr, transport) &&
1739 bluetooth::common::init_flags::sdp_skip_rnr_if_known_is_enabled()) {
1740 LOG_DEBUG("Security record already known skipping read remote name peer:%s",
1741 PRIVATE_ADDRESS(remote_bd_addr));
1742 bta_dm_search_cb.name_discover_done = true;
1743 }
1744
1745 /* if name discovery is not done and application needs remote name */
1746 if ((!bta_dm_search_cb.name_discover_done) &&
1747 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
1748 (bta_dm_search_cb.p_btm_inq_info &&
1749 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
1750 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr,
1751 transport)) {
1752 if (bta_dm_search_cb.state != BTA_DM_DISCOVER_ACTIVE) {
1753 /* Reset transport state for next discovery */
1754 bta_dm_search_cb.transport = BT_TRANSPORT_AUTO;
1755 }
1756 return;
1757 }
1758
1759 /* starting name discovery failed */
1760 bta_dm_search_cb.name_discover_done = true;
1761 }
1762
1763 /* Reset transport state for next discovery */
1764 bta_dm_search_cb.transport = BT_TRANSPORT_AUTO;
1765
1766 /* if application wants to discover service */
1767 if (bta_dm_search_cb.services) {
1768 /* initialize variables */
1769 bta_dm_search_cb.service_index = 0;
1770 bta_dm_search_cb.services_found = 0;
1771 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1772
1773 /* if seaching with EIR is not completed */
1774 if (bta_dm_search_cb.services_to_search) {
1775 /* check whether connection already exists to the device
1776 if connection exists, we don't have to wait for ACL
1777 link to go down to start search on next device */
1778 if (transport == BT_TRANSPORT_BR_EDR) {
1779 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
1780 BT_TRANSPORT_BR_EDR))
1781 bta_dm_search_cb.wait_disc = false;
1782 else
1783 bta_dm_search_cb.wait_disc = true;
1784 }
1785 if (bta_dm_search_cb.p_btm_inq_info) {
1786 APPL_TRACE_DEBUG(
1787 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
1788 "services_to_search 0x%x",
1789 __func__, bta_dm_search_cb.p_btm_inq_info,
1790 bta_dm_search_cb.p_btm_inq_info->results.device_type,
1791 bta_dm_search_cb.services_to_search);
1792 }
1793
1794 if (transport == BT_TRANSPORT_LE) {
1795 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
1796 LOG_INFO("bta_dm_discovery: starting GATT discovery on %s",
1797 PRIVATE_ADDRESS(bta_dm_search_cb.peer_bdaddr));
1798 // set the raw data buffer here
1799 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1800 /* start GATT for service discovery */
1801 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1802 return;
1803 }
1804 } else {
1805 LOG_INFO("bta_dm_discovery: starting SDP discovery on %s",
1806 PRIVATE_ADDRESS(bta_dm_search_cb.peer_bdaddr));
1807 bta_dm_search_cb.sdp_results = false;
1808 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1809 return;
1810 }
1811 }
1812 }
1813
1814 /* name discovery and service discovery are done for this device */
1815 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1816 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1817 /* initialize the data structure */
1818 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1819 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1820 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
1821 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1822 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1823 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN + 1);
1824
1825 bta_sys_sendmsg(p_msg);
1826 }
1827
1828 /*******************************************************************************
1829 *
1830 * Function bta_dm_sdp_callback
1831 *
1832 * Description Callback from sdp with discovery status
1833 *
1834 * Returns void
1835 *
1836 ******************************************************************************/
bta_dm_sdp_callback(tSDP_STATUS sdp_status)1837 static void bta_dm_sdp_callback(tSDP_STATUS sdp_status) {
1838 tBTA_DM_SDP_RESULT* p_msg =
1839 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
1840
1841 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
1842 p_msg->sdp_result = sdp_status;
1843
1844 bta_sys_sendmsg(p_msg);
1845 }
1846
1847 /*******************************************************************************
1848 *
1849 * Function bta_dm_inq_results_cb
1850 *
1851 * Description Inquiry results callback from BTM
1852 *
1853 * Returns void
1854 *
1855 ******************************************************************************/
bta_dm_inq_results_cb(tBTM_INQ_RESULTS * p_inq,const uint8_t * p_eir,uint16_t eir_len)1856 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, const uint8_t* p_eir,
1857 uint16_t eir_len) {
1858 tBTA_DM_SEARCH result;
1859 tBTM_INQ_INFO* p_inq_info;
1860 uint16_t service_class;
1861
1862 result.inq_res.bd_addr = p_inq->remote_bd_addr;
1863
1864 // Pass the original address to GattService#onScanResult
1865 result.inq_res.original_bda = p_inq->original_bda;
1866
1867 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
1868 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
1869 result.inq_res.is_limited =
1870 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
1871 result.inq_res.rssi = p_inq->rssi;
1872
1873 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
1874 result.inq_res.inq_result_type = p_inq->inq_result_type;
1875 result.inq_res.device_type = p_inq->device_type;
1876 result.inq_res.flag = p_inq->flag;
1877 result.inq_res.include_rsi = p_inq->include_rsi;
1878
1879 /* application will parse EIR to find out remote device name */
1880 result.inq_res.p_eir = const_cast<uint8_t*>(p_eir);
1881 result.inq_res.eir_len = eir_len;
1882
1883 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
1884
1885 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
1886 if (p_inq_info != NULL) {
1887 /* initialize remt_name_not_required to false so that we get the name by
1888 * default */
1889 result.inq_res.remt_name_not_required = false;
1890 }
1891
1892 if (bta_dm_search_cb.p_search_cback)
1893 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
1894
1895 if (p_inq_info) {
1896 /* application indicates if it knows the remote name, inside the callback
1897 copy that to the inquiry data base*/
1898 if (result.inq_res.remt_name_not_required)
1899 p_inq_info->appl_knows_rem_name = true;
1900 }
1901 }
1902
1903 /*******************************************************************************
1904 *
1905 * Function bta_dm_inq_cmpl_cb
1906 *
1907 * Description Inquiry complete callback from BTM
1908 *
1909 * Returns void
1910 *
1911 ******************************************************************************/
bta_dm_inq_cmpl_cb(void * p_result)1912 static void bta_dm_inq_cmpl_cb(void* p_result) {
1913 APPL_TRACE_DEBUG("%s", __func__);
1914
1915 bta_dm_inq_cmpl(((tBTM_INQUIRY_CMPL*)p_result)->num_resp);
1916 }
1917
1918 /*******************************************************************************
1919 *
1920 * Function bta_dm_service_search_remname_cback
1921 *
1922 * Description Remote name call back from BTM during service discovery
1923 *
1924 * Returns void
1925 *
1926 ******************************************************************************/
bta_dm_service_search_remname_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dc,tBTM_BD_NAME bd_name)1927 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
1928 UNUSED_ATTR DEV_CLASS dc,
1929 tBTM_BD_NAME bd_name) {
1930 tBTM_REMOTE_DEV_NAME rem_name = {};
1931 tBTM_STATUS btm_status;
1932
1933 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
1934
1935 /* if this is what we are looking for */
1936 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
1937 rem_name.bd_addr = bd_addr;
1938 rem_name.length = strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name,
1939 BD_NAME_LEN + 1);
1940 if (rem_name.length > BD_NAME_LEN) {
1941 rem_name.length = BD_NAME_LEN;
1942 }
1943 rem_name.status = BTM_SUCCESS;
1944 rem_name.hci_status = HCI_SUCCESS;
1945 bta_dm_remname_cback(&rem_name);
1946 } else {
1947 /* get name of device */
1948 btm_status =
1949 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1950 bta_dm_remname_cback, BT_TRANSPORT_BR_EDR);
1951 if (btm_status == BTM_BUSY) {
1952 /* wait for next chance(notification of remote name discovery done) */
1953 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1954 } else if (btm_status != BTM_CMD_STARTED) {
1955 /* if failed to start getting remote name then continue */
1956 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
1957 __func__, btm_status);
1958
1959 // needed so our response is not ignored, since this corresponds to the
1960 // actual peer_bdaddr
1961 rem_name.bd_addr = bta_dm_search_cb.peer_bdaddr;
1962 rem_name.length = 0;
1963 rem_name.remote_bd_name[0] = 0;
1964 rem_name.status = btm_status;
1965 rem_name.hci_status = HCI_SUCCESS;
1966 bta_dm_remname_cback(&rem_name);
1967 }
1968 }
1969 }
1970
1971 /*******************************************************************************
1972 *
1973 * Function bta_dm_remname_cback
1974 *
1975 * Description Remote name complete call back from BTM
1976 *
1977 * Returns void
1978 *
1979 ******************************************************************************/
bta_dm_remname_cback(void * p)1980 static void bta_dm_remname_cback(void* p) {
1981 tBTM_REMOTE_DEV_NAME* p_remote_name = (tBTM_REMOTE_DEV_NAME*)p;
1982 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
1983 p_remote_name->length, p_remote_name->remote_bd_name);
1984
1985 if (bta_dm_search_cb.peer_bdaddr == p_remote_name->bd_addr) {
1986 if (bluetooth::shim::is_gd_security_enabled()) {
1987 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1988 &bta_dm_service_search_remname_cback);
1989 } else {
1990 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1991 }
1992 } else {
1993 // if we got a different response, maybe ignore it
1994 // we will have made a request directly from BTM_ReadRemoteDeviceName so we
1995 // expect a dedicated response for us
1996 if (p_remote_name->hci_status == HCI_ERR_CONNECTION_EXISTS) {
1997 if (bluetooth::shim::is_gd_security_enabled()) {
1998 bluetooth::shim::BTM_SecDeleteRmtNameNotifyCallback(
1999 &bta_dm_service_search_remname_cback);
2000 } else {
2001 BTM_SecDeleteRmtNameNotifyCallback(
2002 &bta_dm_service_search_remname_cback);
2003 }
2004 LOG_INFO(
2005 "Assume command failed due to disconnection hci_status:%s peer:%s",
2006 hci_error_code_text(p_remote_name->hci_status).c_str(),
2007 PRIVATE_ADDRESS(p_remote_name->bd_addr));
2008 } else {
2009 LOG_INFO(
2010 "Ignored remote name response for the wrong address exp:%s act:%s",
2011 PRIVATE_ADDRESS(bta_dm_search_cb.peer_bdaddr),
2012 PRIVATE_ADDRESS(p_remote_name->bd_addr));
2013 return;
2014 }
2015 }
2016
2017 /* remote name discovery is done but it could be failed */
2018 bta_dm_search_cb.name_discover_done = true;
2019 strlcpy((char*)bta_dm_search_cb.peer_name,
2020 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);
2021
2022 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
2023 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
2024 }
2025
2026 tBTA_DM_REM_NAME* p_msg =
2027 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
2028 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2029 strlcpy((char*)p_msg->result.disc_res.bd_name,
2030 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN + 1);
2031 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
2032
2033 bta_sys_sendmsg(p_msg);
2034 }
2035
2036 /*******************************************************************************
2037 *
2038 * Function bta_dm_pinname_cback
2039 *
2040 * Description Callback requesting pin_key
2041 *
2042 * Returns void
2043 *
2044 ******************************************************************************/
bta_dm_pinname_cback(void * p_data)2045 static void bta_dm_pinname_cback(void* p_data) {
2046 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
2047 tBTA_DM_SEC sec_event;
2048 uint32_t bytes_to_copy;
2049 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
2050
2051 if (BTA_DM_SP_CFM_REQ_EVT == event) {
2052 /* Retrieved saved device class and bd_addr */
2053 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
2054 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
2055
2056 if (p_result && p_result->status == BTM_SUCCESS) {
2057 bytes_to_copy =
2058 (p_result->length < BD_NAME_LEN) ? p_result->length : BD_NAME_LEN;
2059 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
2060 bytes_to_copy);
2061 sec_event.pin_req.bd_name[BD_NAME_LEN] = 0;
2062 } else /* No name found */
2063 sec_event.cfm_req.bd_name[0] = 0;
2064
2065 sec_event.key_notif.passkey =
2066 bta_dm_cb.num_val; /* get PIN code numeric number */
2067
2068 /* 1 additional event data fields for this event */
2069 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
2070 /* retrieve the loc and rmt caps */
2071 sec_event.cfm_req.loc_io_caps = bta_dm_cb.loc_io_caps;
2072 sec_event.cfm_req.rmt_io_caps = bta_dm_cb.rmt_io_caps;
2073 sec_event.cfm_req.loc_auth_req = bta_dm_cb.loc_auth_req;
2074 sec_event.cfm_req.rmt_auth_req = bta_dm_cb.rmt_auth_req;
2075
2076 } else {
2077 /* Retrieved saved device class and bd_addr */
2078 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
2079 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2080
2081 if (p_result && p_result->status == BTM_SUCCESS) {
2082 bytes_to_copy = (p_result->length < BD_NAME_LEN) ? p_result->length
2083 : (BD_NAME_LEN - 1);
2084 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2085 bytes_to_copy);
2086 sec_event.pin_req.bd_name[BD_NAME_LEN] = 0;
2087 } else /* No name found */
2088 sec_event.pin_req.bd_name[0] = 0;
2089
2090 event = bta_dm_cb.pin_evt;
2091 sec_event.key_notif.passkey =
2092 bta_dm_cb.num_val; /* get PIN code numeric number */
2093 }
2094
2095 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2096 }
2097
2098 /*******************************************************************************
2099 *
2100 * Function bta_dm_pin_cback
2101 *
2102 * Description Callback requesting pin_key
2103 *
2104 * Returns void
2105 *
2106 ******************************************************************************/
bta_dm_pin_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,const tBTM_BD_NAME bd_name,bool min_16_digit)2107 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2108 const tBTM_BD_NAME bd_name, bool min_16_digit) {
2109 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2110
2111 /* If the device name is not known, save bdaddr and devclass and initiate a
2112 * name request */
2113 if (bd_name[0] == 0) {
2114 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2115 bta_dm_cb.pin_bd_addr = bd_addr;
2116 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2117 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2118 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2119 return BTM_CMD_STARTED;
2120
2121 APPL_TRACE_WARNING(
2122 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2123 }
2124
2125 tBTA_DM_SEC sec_event = {.pin_req = {
2126 .bd_addr = bd_addr,
2127 }};
2128 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2129 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN + 1);
2130 sec_event.pin_req.min_16_digit = min_16_digit;
2131
2132 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2133 return BTM_CMD_STARTED;
2134 }
2135
2136 /*******************************************************************************
2137 *
2138 * Function bta_dm_new_link_key_cback
2139 *
2140 * Description Callback from BTM to notify new link key
2141 *
2142 * Returns void
2143 *
2144 ******************************************************************************/
bta_dm_new_link_key_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,tBTM_BD_NAME bd_name,const LinkKey & key,uint8_t key_type,bool is_ctkd)2145 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2146 UNUSED_ATTR DEV_CLASS dev_class,
2147 tBTM_BD_NAME bd_name,
2148 const LinkKey& key, uint8_t key_type,
2149 bool is_ctkd) {
2150 tBTA_DM_SEC sec_event;
2151 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2152 tBTA_DM_SEC_EVT event = BTA_DM_AUTH_CMPL_EVT;
2153
2154 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2155
2156 p_auth_cmpl = &sec_event.auth_cmpl;
2157
2158 p_auth_cmpl->bd_addr = bd_addr;
2159
2160 memcpy(p_auth_cmpl->bd_name, bd_name, BD_NAME_LEN);
2161 p_auth_cmpl->bd_name[BD_NAME_LEN] = 0;
2162 p_auth_cmpl->key_present = true;
2163 p_auth_cmpl->key_type = key_type;
2164 p_auth_cmpl->success = true;
2165 p_auth_cmpl->key = key;
2166 p_auth_cmpl->is_ctkd = is_ctkd;
2167
2168 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2169
2170 // Report the BR link key based on the BR/EDR address and type
2171 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2172 &sec_event.auth_cmpl.addr_type);
2173 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2174
2175 // Setting remove_dev_pending flag to false, where it will avoid deleting
2176 // the
2177 // security device record when the ACL connection link goes down in case of
2178 // reconnection.
2179 if (bta_dm_cb.device_list.count)
2180 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2181
2182 return BTM_CMD_STARTED;
2183 }
2184
2185 /*******************************************************************************
2186 *
2187 * Function bta_dm_authentication_complete_cback
2188 *
2189 * Description Authentication complete callback from BTM
2190 *
2191 * Returns void
2192 *
2193 ******************************************************************************/
bta_dm_authentication_complete_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,tBTM_BD_NAME bd_name,tHCI_REASON reason)2194 static void bta_dm_authentication_complete_cback(
2195 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class,
2196 tBTM_BD_NAME bd_name, tHCI_REASON reason) {
2197 if (reason != HCI_SUCCESS) {
2198 if (bta_dm_cb.p_sec_cback) {
2199 // Build out the security event data structure
2200 tBTA_DM_SEC sec_event = {
2201 .auth_cmpl =
2202 {
2203 .bd_addr = bd_addr,
2204 },
2205 };
2206 memcpy(sec_event.auth_cmpl.bd_name, bd_name, BD_NAME_LEN);
2207 sec_event.auth_cmpl.bd_name[BD_NAME_LEN] = 0;
2208
2209 // Report the BR link key based on the BR/EDR address and type
2210 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2211 &sec_event.auth_cmpl.addr_type);
2212 sec_event.auth_cmpl.fail_reason = reason;
2213
2214 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2215 }
2216
2217 switch (reason) {
2218 case HCI_ERR_AUTH_FAILURE:
2219 case HCI_ERR_KEY_MISSING:
2220 case HCI_ERR_HOST_REJECT_SECURITY:
2221 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
2222 LOG_WARN(
2223 "Deleting device record as authentication failed entry:%s "
2224 "reason:%s",
2225 PRIVATE_ADDRESS(bd_addr), hci_reason_code_text(reason).c_str());
2226 break;
2227
2228 default:
2229 break;
2230 }
2231 }
2232 }
2233
2234 /*******************************************************************************
2235 *
2236 * Function bta_dm_sp_cback
2237 *
2238 * Description simple pairing callback from BTM
2239 *
2240 * Returns void
2241 *
2242 ******************************************************************************/
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)2243 static tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event,
2244 tBTM_SP_EVT_DATA* p_data) {
2245 tBTM_STATUS status = BTM_CMD_STARTED;
2246 tBTA_DM_SEC sec_event;
2247 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2248
2249 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2250 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2251
2252 bool sp_rmt_result = false;
2253 /* TODO_SP */
2254 switch (event) {
2255 case BTM_SP_IO_REQ_EVT:
2256 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2257 /* translate auth_req */
2258 btif_dm_set_oob_for_io_req(&p_data->io_req.oob_data);
2259 btif_dm_proc_io_req(&p_data->io_req.auth_req, p_data->io_req.is_orig);
2260 }
2261 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2262 p_data->io_req.oob_data);
2263 break;
2264 case BTM_SP_IO_RSP_EVT:
2265 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2266 btif_dm_proc_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2267 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2268 }
2269 break;
2270
2271 case BTM_SP_CFM_REQ_EVT:
2272 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2273 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2274 p_data->cfm_req.just_works;
2275 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2276 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2277 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2278 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2279
2280 [[fallthrough]];
2281 /* Passkey entry mode, mobile device with output capability is very
2282 unlikely to receive key request, so skip this event */
2283 /*case BTM_SP_KEY_REQ_EVT: */
2284 case BTM_SP_KEY_NOTIF_EVT:
2285 if (btm_local_io_caps == BTM_IO_CAP_NONE &&
2286 BTM_SP_KEY_NOTIF_EVT == event) {
2287 status = BTM_NOT_AUTHORIZED;
2288 break;
2289 }
2290
2291 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2292 p_data->key_notif.passkey;
2293
2294 if (BTM_SP_CFM_REQ_EVT == event) {
2295 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2296 call remote name request using values from cfm_req */
2297 if (p_data->cfm_req.bd_name[0] == 0) {
2298 bta_dm_cb.pin_evt = pin_evt;
2299 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2300 bta_dm_cb.rmt_io_caps = sec_event.cfm_req.rmt_io_caps;
2301 bta_dm_cb.loc_io_caps = sec_event.cfm_req.loc_io_caps;
2302 bta_dm_cb.rmt_auth_req = sec_event.cfm_req.rmt_auth_req;
2303 bta_dm_cb.loc_auth_req = sec_event.cfm_req.loc_auth_req;
2304
2305 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2306 p_data->cfm_req.dev_class);
2307 if ((BTM_ReadRemoteDeviceName(
2308 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2309 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2310 return BTM_CMD_STARTED;
2311 APPL_TRACE_WARNING(
2312 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2313 } else {
2314 /* Due to the switch case falling through below to
2315 BTM_SP_KEY_NOTIF_EVT,
2316 copy these values into key_notif from cfm_req */
2317 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2318 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2319 p_data->cfm_req.dev_class);
2320 strlcpy((char*)sec_event.key_notif.bd_name,
2321 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN + 1);
2322 }
2323 }
2324
2325 if (BTM_SP_KEY_NOTIF_EVT == event) {
2326 /* If the device name is not known, save bdaddr and devclass
2327 and initiate a name request with values from key_notif */
2328 if (p_data->key_notif.bd_name[0] == 0) {
2329 bta_dm_cb.pin_evt = pin_evt;
2330 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2331 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2332 p_data->key_notif.dev_class);
2333 if ((BTM_ReadRemoteDeviceName(
2334 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2335 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2336 return BTM_CMD_STARTED;
2337 APPL_TRACE_WARNING(
2338 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2339 } else {
2340 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2341 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2342 p_data->key_notif.dev_class);
2343 strlcpy((char*)sec_event.key_notif.bd_name,
2344 (char*)p_data->key_notif.bd_name, BD_NAME_LEN + 1);
2345 sec_event.key_notif.bd_name[BD_NAME_LEN] = 0;
2346 }
2347 }
2348
2349 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2350
2351 break;
2352
2353 case BTM_SP_LOC_OOB_EVT:
2354 #ifdef BTIF_DM_OOB_TEST
2355 btif_dm_proc_loc_oob(BT_TRANSPORT_BR_EDR,
2356 (bool)(p_data->loc_oob.status == BTM_SUCCESS),
2357 p_data->loc_oob.c, p_data->loc_oob.r);
2358 #endif
2359 break;
2360
2361 case BTM_SP_RMT_OOB_EVT: {
2362 Octet16 c;
2363 Octet16 r;
2364 sp_rmt_result = false;
2365 #ifdef BTIF_DM_OOB_TEST
2366 sp_rmt_result = btif_dm_proc_rmt_oob(p_data->rmt_oob.bd_addr, &c, &r);
2367 #endif
2368 BTIF_TRACE_DEBUG("bta_dm_ci_rmt_oob: result=%d", sp_rmt_result);
2369 bta_dm_ci_rmt_oob(sp_rmt_result, p_data->rmt_oob.bd_addr, c, r);
2370 break;
2371 }
2372
2373 default:
2374 status = BTM_NOT_AUTHORIZED;
2375 break;
2376 }
2377 APPL_TRACE_EVENT("dm status: %d", status);
2378 return status;
2379 }
2380
2381 /*******************************************************************************
2382 *
2383 * Function bta_dm_local_name_cback
2384 *
2385 * Description Callback from btm after local name is read
2386 *
2387 *
2388 * Returns void
2389 *
2390 ******************************************************************************/
bta_dm_local_name_cback(UNUSED_ATTR void * p_name)2391 static void bta_dm_local_name_cback(UNUSED_ATTR void* p_name) {
2392 BTIF_dm_enable();
2393 }
2394
handle_role_change(const RawAddress & bd_addr,tHCI_ROLE new_role,tHCI_STATUS hci_status)2395 static void handle_role_change(const RawAddress& bd_addr, tHCI_ROLE new_role,
2396 tHCI_STATUS hci_status) {
2397 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2398 if (!p_dev) {
2399 LOG_WARN(
2400 "Unable to find device for role change peer:%s new_role:%s "
2401 "hci_status:%s",
2402 PRIVATE_ADDRESS(bd_addr), RoleText(new_role).c_str(),
2403 hci_error_code_text(hci_status).c_str());
2404 return;
2405 }
2406
2407 LOG_INFO(
2408 "Role change callback peer:%s info:0x%x new_role:%s dev count:%d "
2409 "hci_status:%s",
2410 PRIVATE_ADDRESS(bd_addr), p_dev->Info(), RoleText(new_role).c_str(),
2411 bta_dm_cb.device_list.count, hci_error_code_text(hci_status).c_str());
2412
2413 if (p_dev->Info() & BTA_DM_DI_AV_ACTIVE) {
2414 bool need_policy_change = false;
2415
2416 /* there's AV activity on this link */
2417 if (new_role == HCI_ROLE_PERIPHERAL && bta_dm_cb.device_list.count > 1 &&
2418 hci_status == HCI_SUCCESS) {
2419 /* more than one connections and the AV connection is role switched
2420 * to peripheral
2421 * switch it back to central and remove the switch policy */
2422 BTM_SwitchRoleToCentral(bd_addr);
2423 need_policy_change = true;
2424 } else if (p_bta_dm_cfg->avoid_scatter && (new_role == HCI_ROLE_CENTRAL)) {
2425 /* if the link updated to be central include AV activities, remove
2426 * the switch policy */
2427 need_policy_change = true;
2428 }
2429
2430 if (need_policy_change) {
2431 BTM_block_role_switch_for(p_dev->peer_bdaddr);
2432 }
2433 } else {
2434 /* there's AV no activity on this link and role switch happened
2435 * check if AV is active
2436 * if so, make sure the AV link is central */
2437 bta_dm_check_av();
2438 }
2439 bta_sys_notify_role_chg(bd_addr, new_role, hci_status);
2440 }
2441
BTA_dm_report_role_change(const RawAddress bd_addr,tHCI_ROLE new_role,tHCI_STATUS hci_status)2442 void BTA_dm_report_role_change(const RawAddress bd_addr, tHCI_ROLE new_role,
2443 tHCI_STATUS hci_status) {
2444 do_in_main_thread(
2445 FROM_HERE, base::Bind(handle_role_change, bd_addr, new_role, hci_status));
2446 }
2447
handle_remote_features_complete(const RawAddress & bd_addr)2448 void handle_remote_features_complete(const RawAddress& bd_addr) {
2449 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2450 if (!p_dev) {
2451 LOG_WARN("Unable to find device peer:%s", PRIVATE_ADDRESS(bd_addr));
2452 return;
2453 }
2454
2455 if (controller_get_interface()->supports_sniff_subrating() &&
2456 acl_peer_supports_sniff_subrating(bd_addr)) {
2457 LOG_DEBUG("Device supports sniff subrating peer:%s",
2458 PRIVATE_ADDRESS(bd_addr));
2459 p_dev->info = BTA_DM_DI_USE_SSR;
2460 } else {
2461 LOG_DEBUG("Device does NOT support sniff subrating peer:%s",
2462 PRIVATE_ADDRESS(bd_addr));
2463 }
2464 }
2465
BTA_dm_notify_remote_features_complete(const RawAddress bd_addr)2466 void BTA_dm_notify_remote_features_complete(const RawAddress bd_addr) {
2467 do_in_main_thread(FROM_HERE,
2468 base::Bind(handle_remote_features_complete, bd_addr));
2469 }
2470
allocate_device_for(const RawAddress & bd_addr,tBT_TRANSPORT transport)2471 static tBTA_DM_PEER_DEVICE* allocate_device_for(const RawAddress& bd_addr,
2472 tBT_TRANSPORT transport) {
2473 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2474 auto device = &bta_dm_cb.device_list.peer_device[i];
2475 if (device->peer_bdaddr == bd_addr && device->transport == transport) {
2476 return device;
2477 }
2478 }
2479
2480 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
2481 auto device =
2482 &bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count];
2483 device->peer_bdaddr = bd_addr;
2484 bta_dm_cb.device_list.count++;
2485 if (transport == BT_TRANSPORT_LE) {
2486 bta_dm_cb.device_list.le_count++;
2487 }
2488 return device;
2489 }
2490 return nullptr;
2491 }
2492
bta_dm_acl_up(const RawAddress & bd_addr,tBT_TRANSPORT transport)2493 void bta_dm_acl_up(const RawAddress& bd_addr, tBT_TRANSPORT transport) {
2494 auto device = allocate_device_for(bd_addr, transport);
2495 if (device == nullptr) {
2496 LOG_WARN("Unable to allocate device resources for new connection");
2497 return;
2498 }
2499 device->conn_state = BTA_DM_CONNECTED;
2500 device->pref_role = BTA_ANY_ROLE;
2501 device->info = BTA_DM_DI_NONE;
2502 device->transport = transport;
2503
2504 if (controller_get_interface()->supports_sniff_subrating() &&
2505 acl_peer_supports_sniff_subrating(bd_addr)) {
2506 // NOTE: This callback assumes upon ACL connection that
2507 // the read remote features has completed and is valid.
2508 // The only guaranteed contract for valid read remote features
2509 // data is when the BTA_dm_notify_remote_features_complete()
2510 // callback has completed. The below assignment is kept for
2511 // transitional informational purposes only.
2512 device->info = BTA_DM_DI_USE_SSR;
2513 }
2514
2515 if (bta_dm_cb.p_sec_cback) {
2516 tBTA_DM_SEC conn;
2517 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2518 conn.link_up.bd_addr = bd_addr;
2519 conn.link_up.transport_link_type = transport;
2520
2521 bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, &conn);
2522 LOG_DEBUG("Executed security callback for new connection available");
2523 }
2524 bta_dm_adjust_roles(true);
2525 }
2526
BTA_dm_acl_up(const RawAddress bd_addr,tBT_TRANSPORT transport)2527 void BTA_dm_acl_up(const RawAddress bd_addr, tBT_TRANSPORT transport) {
2528 do_in_main_thread(FROM_HERE, base::Bind(bta_dm_acl_up, bd_addr, transport));
2529 }
2530
bta_dm_acl_down(const RawAddress & bd_addr,tBT_TRANSPORT transport)2531 static void bta_dm_acl_down(const RawAddress& bd_addr,
2532 tBT_TRANSPORT transport) {
2533 bool issue_unpair_cb = false;
2534 bool remove_device = false;
2535
2536 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2537 auto device = &bta_dm_cb.device_list.peer_device[i];
2538 if (device->peer_bdaddr != bd_addr || device->transport != transport)
2539 continue;
2540
2541 if (device->conn_state == BTA_DM_UNPAIRING) {
2542 issue_unpair_cb =
2543 (bluetooth::shim::is_gd_security_enabled())
2544 ? bluetooth::shim::BTM_SecDeleteDevice(device->peer_bdaddr)
2545 : BTM_SecDeleteDevice(device->peer_bdaddr);
2546
2547 /* remove all cached GATT information */
2548 BTA_GATTC_Refresh(bd_addr);
2549
2550 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
2551 issue_unpair_cb);
2552 }
2553
2554 remove_device = device->remove_dev_pending;
2555
2556 // Iterate to the one before the last when shrinking the list,
2557 // otherwise we memcpy garbage data into the record.
2558 // Then clear out the last item in the list since we are shrinking.
2559 for (; i < bta_dm_cb.device_list.count - 1; i++) {
2560 memcpy(&bta_dm_cb.device_list.peer_device[i],
2561 &bta_dm_cb.device_list.peer_device[i + 1],
2562 sizeof(bta_dm_cb.device_list.peer_device[i]));
2563 }
2564 if (bta_dm_cb.device_list.count > 0) {
2565 int clear_index = bta_dm_cb.device_list.count - 1;
2566 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
2567 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
2568 }
2569 break;
2570 }
2571 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
2572 if ((transport == BT_TRANSPORT_LE) && (bta_dm_cb.device_list.le_count)) {
2573 bta_dm_cb.device_list.le_count--;
2574 }
2575
2576 if ((transport == BT_TRANSPORT_BR_EDR) &&
2577 (bta_dm_search_cb.wait_disc && bta_dm_search_cb.peer_bdaddr == bd_addr)) {
2578 bta_dm_search_cb.wait_disc = false;
2579
2580 if (bta_dm_search_cb.sdp_results) {
2581 APPL_TRACE_EVENT(" timer stopped ");
2582 alarm_cancel(bta_dm_search_cb.search_timer);
2583 bta_dm_discover_next_device();
2584 }
2585 }
2586
2587 if (bta_dm_cb.disabling) {
2588 if (!BTM_GetNumAclLinks()) {
2589 /*
2590 * Start a timer to make sure that the profiles
2591 * get the disconnect event.
2592 */
2593 alarm_set_on_mloop(bta_dm_cb.disable_timer,
2594 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
2595 bta_dm_disable_conn_down_timer_cback, NULL);
2596 }
2597 }
2598 if (remove_device) {
2599 bta_dm_process_remove_device_no_callback(bd_addr);
2600 }
2601
2602 if (bta_dm_cb.p_sec_cback) {
2603 tBTA_DM_SEC conn;
2604 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2605 conn.link_down.bd_addr = bd_addr;
2606 conn.link_down.transport_link_type = transport;
2607
2608 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
2609 if (issue_unpair_cb) bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
2610 }
2611
2612 bta_dm_adjust_roles(true);
2613 }
2614
BTA_dm_acl_down(const RawAddress bd_addr,tBT_TRANSPORT transport)2615 void BTA_dm_acl_down(const RawAddress bd_addr, tBT_TRANSPORT transport) {
2616 do_in_main_thread(FROM_HERE, base::Bind(bta_dm_acl_down, bd_addr, transport));
2617 }
2618
2619 /*******************************************************************************
2620 *
2621 * Function bta_dm_check_av
2622 *
2623 * Description This function checks if AV is active
2624 * if yes, make sure the AV link is central
2625 *
2626 ******************************************************************************/
bta_dm_check_av()2627 static void bta_dm_check_av() {
2628 uint8_t i;
2629 tBTA_DM_PEER_DEVICE* p_dev;
2630
2631 if (bta_dm_cb.cur_av_count) {
2632 LOG_INFO("av_count:%d", bta_dm_cb.cur_av_count);
2633 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2634 p_dev = &bta_dm_cb.device_list.peer_device[i];
2635 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x", i, p_dev->conn_state,
2636 p_dev->Info());
2637 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2638 (p_dev->Info() & BTA_DM_DI_AV_ACTIVE)) {
2639 /* make central and take away the role switch policy */
2640 BTM_SwitchRoleToCentral(p_dev->peer_bdaddr);
2641 /* else either already central or can not switch for some reasons */
2642 BTM_block_role_switch_for(p_dev->peer_bdaddr);
2643 break;
2644 }
2645 }
2646 }
2647 }
2648
2649 /*******************************************************************************
2650 *
2651 * Function bta_dm_disable_conn_down_timer_cback
2652 *
2653 * Description Sends disable event to application
2654 *
2655 *
2656 * Returns void
2657 *
2658 ******************************************************************************/
bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void * data)2659 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
2660 /* disable the power managment module */
2661 bta_dm_disable_pm();
2662
2663 bta_dm_cb.disabling = false;
2664 LOG_INFO("Stack device manager shutdown completed");
2665 future_ready(stack_manager_get_hack_future(), FUTURE_SUCCESS);
2666 }
2667
2668 /*******************************************************************************
2669 *
2670 * Function bta_dm_rm_cback
2671 *
2672 * Description Role management callback from sys
2673 *
2674 *
2675 * Returns void
2676 *
2677 ******************************************************************************/
bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress & peer_addr)2678 void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, uint8_t app_id,
2679 const RawAddress& peer_addr) {
2680 uint8_t j;
2681 tBTA_PREF_ROLES role;
2682 tBTA_DM_PEER_DEVICE* p_dev;
2683
2684 LOG_DEBUG("BTA Role management callback count:%d status:%s peer:%s",
2685 bta_dm_cb.cur_av_count, bta_sys_conn_status_text(status).c_str(),
2686 PRIVATE_ADDRESS(peer_addr));
2687
2688 p_dev = bta_dm_find_peer_device(peer_addr);
2689 if (status == BTA_SYS_CONN_OPEN) {
2690 if (p_dev) {
2691 /* Do not set to connected if we are in the middle of unpairing. When AV
2692 * stream is
2693 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
2694 * switch command.
2695 * But this should not be done if we are in the middle of unpairing.
2696 */
2697 if (p_dev->conn_state != BTA_DM_UNPAIRING)
2698 p_dev->conn_state = BTA_DM_CONNECTED;
2699
2700 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
2701 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
2702 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
2703 (p_bta_dm_rm_cfg[j].id == id)) {
2704 ASSERT_LOG(p_bta_dm_rm_cfg[j].cfg <= BTA_PERIPHERAL_ROLE_ONLY,
2705 "Passing illegal preferred role:0x%02x [0x%02x<=>0x%02x]",
2706 p_bta_dm_rm_cfg[j].cfg, BTA_ANY_ROLE,
2707 BTA_PERIPHERAL_ROLE_ONLY);
2708 role = static_cast<tBTA_PREF_ROLES>(p_bta_dm_rm_cfg[j].cfg);
2709 if (role > p_dev->pref_role) p_dev->pref_role = role;
2710 break;
2711 }
2712 }
2713 }
2714 }
2715
2716 if (BTA_ID_AV == id) {
2717 if (status == BTA_SYS_CONN_BUSY) {
2718 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
2719 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
2720 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
2721 } else if (status == BTA_SYS_CONN_IDLE) {
2722 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
2723
2724 /* get cur_av_count from connected services */
2725 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
2726 }
2727 }
2728
2729 /* Don't adjust roles for each busy/idle state transition to avoid
2730 excessive switch requests when individual profile busy/idle status
2731 changes */
2732 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
2733 bta_dm_adjust_roles(false);
2734 }
2735
2736 /*******************************************************************************
2737 *
2738 * Function bta_dm_delay_role_switch_cback
2739 *
2740 * Description Callback from btm to delay a role switch
2741 *
2742 * Returns void
2743 *
2744 ******************************************************************************/
bta_dm_delay_role_switch_cback(UNUSED_ATTR void * data)2745 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
2746 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
2747 bta_dm_adjust_roles(false);
2748 }
2749
2750 /*******************************************************************************
2751 *
2752 * Function bta_dm_reset_sec_dev_pending
2753 *
2754 * Description Setting the remove device pending status to false from
2755 * security device DB, when the link key notification
2756 * event comes.
2757 *
2758 * Returns void
2759 *
2760 ******************************************************************************/
bta_dm_reset_sec_dev_pending(const RawAddress & remote_bd_addr)2761 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
2762 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2763 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
2764 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
2765 return;
2766 }
2767 }
2768 }
2769
2770 /*******************************************************************************
2771 *
2772 * Function bta_dm_remove_sec_dev_entry
2773 *
2774 * Description Removes device entry from Security device DB if ACL
2775 connection with
2776 * remtoe device does not exist, else schedule for dev entry
2777 removal upon
2778 ACL close
2779 *
2780 * Returns void
2781 *
2782 ******************************************************************************/
bta_dm_remove_sec_dev_entry(const RawAddress & remote_bd_addr)2783 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
2784 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
2785 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
2786 APPL_TRACE_DEBUG(
2787 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
2788 __func__);
2789 if (bluetooth::shim::is_gd_security_enabled()) {
2790 bluetooth::shim::BTM_SecClearSecurityFlags(remote_bd_addr);
2791 } else {
2792 BTM_SecClearSecurityFlags(remote_bd_addr);
2793 }
2794 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
2795 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
2796 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
2797 break;
2798 }
2799 }
2800 } else {
2801 // remote_bd_addr comes from security record, which is removed in
2802 // BTM_SecDeleteDevice.
2803 RawAddress addr_copy = remote_bd_addr;
2804 bta_dm_process_remove_device_no_callback(addr_copy);
2805 }
2806 }
2807
2808 /*******************************************************************************
2809 *
2810 * Function bta_dm_adjust_roles
2811 *
2812 * Description Adjust roles
2813 *
2814 *
2815 * Returns void
2816 *
2817 ******************************************************************************/
bta_dm_adjust_roles(bool delay_role_switch)2818 static void bta_dm_adjust_roles(bool delay_role_switch) {
2819 uint8_t i;
2820 uint8_t link_count = bta_dm_cb.device_list.count;
2821 if (link_count) {
2822 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2823 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
2824 bta_dm_cb.device_list.peer_device[i].transport ==
2825 BT_TRANSPORT_BR_EDR) {
2826 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
2827 BTA_CENTRAL_ROLE_ONLY) ||
2828 (link_count > 1)) {
2829 /* Initiating immediate role switch with certain remote devices
2830 has caused issues due to role switch colliding with link encryption
2831 setup and
2832 causing encryption (and in turn the link) to fail . These device .
2833 Firmware
2834 versions are stored in a rejectlist and role switch with these
2835 devices are
2836 delayed to avoid the collision with link encryption setup */
2837
2838 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
2839 BTA_PERIPHERAL_ROLE_ONLY &&
2840 !delay_role_switch) {
2841 BTM_SwitchRoleToCentral(
2842 bta_dm_cb.device_list.peer_device[i].peer_bdaddr);
2843 } else {
2844 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
2845 BTA_DM_SWITCH_DELAY_TIMER_MS,
2846 bta_dm_delay_role_switch_cback, NULL);
2847 }
2848 }
2849 }
2850 }
2851 }
2852 }
2853
2854 /*******************************************************************************
2855 *
2856 * Function bta_dm_get_remname
2857 *
2858 * Description Returns a pointer to the remote name stored in the DM
2859 * control block if it exists, or from the BTM memory.
2860 *
2861 * Returns char * - Pointer to the remote device name
2862 ******************************************************************************/
bta_dm_get_remname(void)2863 static char* bta_dm_get_remname(void) {
2864 char* p_name = (char*)bta_dm_search_cb.peer_name;
2865 char* p_temp;
2866
2867 /* If the name isn't already stored, try retrieving from BTM */
2868 if (*p_name == '\0') {
2869 p_temp =
2870 (bluetooth::shim::is_gd_security_enabled())
2871 ? bluetooth::shim::BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr)
2872 : BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
2873 if (p_temp != NULL) p_name = p_temp;
2874 }
2875
2876 return p_name;
2877 }
2878
2879 /*******************************************************************************
2880 *
2881 * Function bta_dm_bond_cancel_complete_cback
2882 *
2883 * Description Authentication complete callback from BTM
2884 *
2885 * Returns void
2886 *
2887 ******************************************************************************/
bta_dm_bond_cancel_complete_cback(tBTM_STATUS result)2888 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
2889 tBTA_DM_SEC sec_event;
2890
2891 if (result == BTM_SUCCESS)
2892 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
2893 else
2894 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
2895
2896 if (bta_dm_cb.p_sec_cback) {
2897 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
2898 }
2899 }
2900
2901 /*******************************************************************************
2902 *
2903 * Function find_utf8_char_boundary
2904 *
2905 * Description This function checks a UTF8 string |utf8str| starting at
2906 * |offset|, moving backwards and returns the offset of the
2907 * next valid UTF8 character boundary found.
2908 *
2909 * Returns Offset of UTF8 character boundary
2910 *
2911 ******************************************************************************/
find_utf8_char_boundary(const char * utf8str,size_t offset)2912 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
2913 CHECK(utf8str);
2914 CHECK(offset > 0);
2915
2916 while (--offset) {
2917 uint8_t ch = (uint8_t)utf8str[offset];
2918 if ((ch & 0x80) == 0x00) // ASCII
2919 return offset + 1;
2920 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
2921 return offset;
2922 }
2923
2924 return 0;
2925 }
2926
2927 /*******************************************************************************
2928 *
2929 * Function bta_dm_set_eir
2930 *
2931 * Description This function creates EIR tagged data and writes it to
2932 * controller.
2933 *
2934 * Returns None
2935 *
2936 ******************************************************************************/
bta_dm_set_eir(char * local_name)2937 static void bta_dm_set_eir(char* local_name) {
2938 uint8_t* p;
2939 uint8_t* p_length;
2940 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
2941 uint8_t* p_type;
2942 uint8_t max_num_uuid;
2943 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
2944 uint8_t custom_uuid_idx;
2945 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
2946 #endif // BTA_EIR_CANNED_UUID_LIST
2947 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
2948 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
2949 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
2950 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
2951 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
2952 uint8_t num_uuid;
2953 uint8_t data_type;
2954 uint8_t local_name_len;
2955
2956 /* wait until complete to disable */
2957 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
2958
2959 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
2960 /* if local name is not provided, get it from controller */
2961 if (local_name == NULL) {
2962 if (BTM_ReadLocalDeviceName((const char**)&local_name) != BTM_SUCCESS) {
2963 APPL_TRACE_ERROR("Fail to read local device name for EIR");
2964 }
2965 }
2966 #endif // BTA_EIR_CANNED_UUID_LIST
2967
2968 /* Allocate a buffer to hold HCI command */
2969 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
2970 ASSERT(p_buf != nullptr);
2971 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
2972
2973 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
2974
2975 LOG_INFO("Generating extended inquiry response packet EIR");
2976
2977 if (local_name)
2978 local_name_len = strlen(local_name);
2979 else
2980 local_name_len = 0;
2981
2982 data_type = HCI_EIR_COMPLETE_LOCAL_NAME_TYPE;
2983 /* if local name is longer than minimum length of shortened name */
2984 /* check whether it needs to be shortened or not */
2985 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
2986 /* get number of UUID 16-bit list */
2987 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
2988 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
2989 #else // BTA_EIR_CANNED_UUID_LIST
2990 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
2991 data_type = get_btm_client_interface().eir.BTM_GetEirSupportedServices(
2992 bta_dm_cb.eir_uuid, &p, max_num_uuid, &num_uuid);
2993 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
2994 #endif // BTA_EIR_CANNED_UUID_LIST
2995
2996 /* if UUID doesn't fit remaing space, shorten local name */
2997 if (local_name_len > (free_eir_length - 4 - num_uuid * Uuid::kNumBytes16)) {
2998 local_name_len = find_utf8_char_boundary(
2999 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
3000 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
3001 local_name_len);
3002 data_type = HCI_EIR_SHORTENED_LOCAL_NAME_TYPE;
3003 } else {
3004 data_type = HCI_EIR_COMPLETE_LOCAL_NAME_TYPE;
3005 }
3006 }
3007
3008 UINT8_TO_STREAM(p, local_name_len + 1);
3009 UINT8_TO_STREAM(p, data_type);
3010
3011 if (local_name != NULL) {
3012 memcpy(p, local_name, local_name_len);
3013 p += local_name_len;
3014 }
3015 free_eir_length -= local_name_len + 2;
3016
3017 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3018 /* if UUID list is provided as static data in configuration */
3019 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
3020 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
3021 if (free_eir_length > Uuid::kNumBytes16 + 2) {
3022 free_eir_length -= 2;
3023
3024 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
3025 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3026 data_type = HCI_EIR_COMPLETE_16BITS_UUID_TYPE;
3027 } else /* not enough room for all UUIDs */
3028 {
3029 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3030 num_uuid = free_eir_length / Uuid::kNumBytes16;
3031 data_type = HCI_EIR_MORE_16BITS_UUID_TYPE;
3032 }
3033 UINT8_TO_STREAM(p, num_uuid * Uuid::kNumBytes16 + 1);
3034 UINT8_TO_STREAM(p, data_type);
3035 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16,
3036 num_uuid * Uuid::kNumBytes16);
3037 p += num_uuid * Uuid::kNumBytes16;
3038 free_eir_length -= num_uuid * Uuid::kNumBytes16;
3039 }
3040 }
3041 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3042 /* if UUID list is dynamic */
3043 if (free_eir_length >= 2) {
3044 p_length = p++;
3045 p_type = p++;
3046 num_uuid = 0;
3047
3048 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3049 data_type = get_btm_client_interface().eir.BTM_GetEirSupportedServices(
3050 bta_dm_cb.eir_uuid, &p, max_num_uuid, &num_uuid);
3051
3052 if (data_type == HCI_EIR_MORE_16BITS_UUID_TYPE) {
3053 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3054 }
3055 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3056 else {
3057 for (custom_uuid_idx = 0;
3058 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3059 custom_uuid_idx++) {
3060 const Uuid& curr = bta_dm_cb.bta_custom_uuid[custom_uuid_idx].custom_uuid;
3061 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes16) {
3062 if (num_uuid < max_num_uuid) {
3063 UINT16_TO_STREAM(p, curr.As16Bit());
3064 num_uuid++;
3065 } else {
3066 data_type = HCI_EIR_MORE_16BITS_UUID_TYPE;
3067 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3068 break;
3069 }
3070 }
3071 }
3072 }
3073 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3074
3075 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes16 + 1);
3076 UINT8_TO_STREAM(p_type, data_type);
3077 free_eir_length -= num_uuid * Uuid::kNumBytes16 + 2;
3078 }
3079 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3080
3081 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3082 /* Adding 32-bit UUID list */
3083 if (free_eir_length >= 2) {
3084 p_length = p++;
3085 p_type = p++;
3086 num_uuid = 0;
3087 data_type = HCI_EIR_COMPLETE_32BITS_UUID_TYPE;
3088
3089 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes32;
3090
3091 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3092 custom_uuid_idx++) {
3093 const Uuid& curr = bta_dm_cb.bta_custom_uuid[custom_uuid_idx].custom_uuid;
3094 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes32) {
3095 if (num_uuid < max_num_uuid) {
3096 UINT32_TO_STREAM(p, curr.As32Bit());
3097 num_uuid++;
3098 } else {
3099 data_type = HCI_EIR_MORE_32BITS_UUID_TYPE;
3100 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3101 break;
3102 }
3103 }
3104 }
3105
3106 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes32 + 1);
3107 UINT8_TO_STREAM(p_type, data_type);
3108 free_eir_length -= num_uuid * Uuid::kNumBytes32 + 2;
3109 }
3110
3111 /* Adding 128-bit UUID list */
3112 if (free_eir_length >= 2) {
3113 p_length = p++;
3114 p_type = p++;
3115 num_uuid = 0;
3116 data_type = HCI_EIR_COMPLETE_128BITS_UUID_TYPE;
3117
3118 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes128;
3119
3120 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3121 custom_uuid_idx++) {
3122 const Uuid& curr = bta_dm_cb.bta_custom_uuid[custom_uuid_idx].custom_uuid;
3123 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes128) {
3124 if (num_uuid < max_num_uuid) {
3125 ARRAY16_TO_STREAM(p, curr.To128BitBE().data());
3126 num_uuid++;
3127 } else {
3128 data_type = HCI_EIR_MORE_128BITS_UUID_TYPE;
3129 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3130 break;
3131 }
3132 }
3133 }
3134
3135 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes128 + 1);
3136 UINT8_TO_STREAM(p_type, data_type);
3137 free_eir_length -= num_uuid * Uuid::kNumBytes128 + 2;
3138 }
3139 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3140 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3141
3142 /* if Flags are provided in configuration */
3143 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3144 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3145 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3146 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3147 UINT8_TO_STREAM(p, HCI_EIR_FLAGS_TYPE);
3148 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3149 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3150 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3151 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3152 }
3153
3154 /* if Manufacturer Specific are provided in configuration */
3155 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3156 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3157 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3158 p_length = p;
3159
3160 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3161 UINT8_TO_STREAM(p, HCI_EIR_MANUFACTURER_SPECIFIC_TYPE);
3162 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3163 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3164 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3165 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3166
3167 } else {
3168 p_length = NULL;
3169 }
3170
3171 /* if Inquiry Tx Resp Power compiled */
3172 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3173 UINT8_TO_STREAM(p, 2); /* Length field */
3174 UINT8_TO_STREAM(p, HCI_EIR_TX_POWER_LEVEL_TYPE);
3175 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3176 free_eir_length -= 3;
3177 }
3178
3179 if (free_eir_length)
3180 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3181
3182 get_btm_client_interface().eir.BTM_WriteEIR(p_buf);
3183 }
3184
3185 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3186 /*******************************************************************************
3187 *
3188 * Function bta_dm_get_cust_uuid_index
3189 *
3190 * Description Get index of custom uuid from list
3191 * Note, handle equals to 0 means to find a vacant
3192 * from list.
3193 *
3194 * Returns Index of array
3195 * bta_dm_cb.bta_custom_uuid[BTA_EIR_SERVER_NUM_CUSTOM_UUID]
3196 *
3197 ******************************************************************************/
bta_dm_get_cust_uuid_index(uint32_t handle)3198 static uint8_t bta_dm_get_cust_uuid_index(uint32_t handle) {
3199 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3200 uint8_t c_uu_idx = 0;
3201
3202 while(c_uu_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID &&
3203 bta_dm_cb.bta_custom_uuid[c_uu_idx].handle != handle) {
3204 c_uu_idx++;
3205 }
3206
3207 return c_uu_idx;
3208 #else
3209 return 0;
3210 #endif
3211 }
3212
3213 /*******************************************************************************
3214 *
3215 * Function bta_dm_update_cust_uuid
3216 *
3217 * Description Update custom uuid with given value
3218 *
3219 * Returns None
3220 *
3221 ******************************************************************************/
bta_dm_update_cust_uuid(uint8_t c_uu_idx,const Uuid & uuid,uint32_t handle)3222 static void bta_dm_update_cust_uuid(uint8_t c_uu_idx, const Uuid& uuid, uint32_t handle) {
3223 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3224 if (c_uu_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID) {
3225 tBTA_CUSTOM_UUID& curr = bta_dm_cb.bta_custom_uuid[c_uu_idx];
3226 curr.custom_uuid.UpdateUuid(uuid);
3227 curr.handle = handle;
3228 } else {
3229 APPL_TRACE_ERROR("%s invalid uuid index %d", __func__, c_uu_idx);
3230 }
3231 #endif
3232 }
3233
3234 /*******************************************************************************
3235 *
3236 * Function bta_dm_eir_update_cust_uuid
3237 *
3238 * Description This function adds or removes custom service UUID in EIR database.
3239 *
3240 * Returns None
3241 *
3242 ******************************************************************************/
bta_dm_eir_update_cust_uuid(const tBTA_CUSTOM_UUID & curr,bool adding)3243 void bta_dm_eir_update_cust_uuid(const tBTA_CUSTOM_UUID& curr, bool adding) {
3244 APPL_TRACE_DEBUG("%s", __func__);
3245 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3246 uint8_t c_uu_idx = 0;
3247 if (adding) {
3248 c_uu_idx = bta_dm_get_cust_uuid_index(0); /* find a vacant from uuid list */
3249 bta_dm_update_cust_uuid(c_uu_idx, curr.custom_uuid, curr.handle);
3250 } else {
3251 c_uu_idx = bta_dm_get_cust_uuid_index(curr.handle); /* find the uuid from uuid list */
3252 bta_dm_update_cust_uuid(c_uu_idx, curr.custom_uuid, 0);
3253 }
3254
3255 /* Update EIR when UUIDs are changed */
3256 if (c_uu_idx <= BTA_EIR_SERVER_NUM_CUSTOM_UUID) {
3257 bta_dm_set_eir(NULL);
3258 }
3259 #endif
3260 }
3261
3262 /*******************************************************************************
3263 *
3264 * Function bta_dm_eir_update_uuid
3265 *
3266 * Description This function adds or removes service UUID in EIR database.
3267 *
3268 * Returns None
3269 *
3270 ******************************************************************************/
bta_dm_eir_update_uuid(uint16_t uuid16,bool adding)3271 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3272 /* if this UUID is not advertised in EIR */
3273 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3274
3275 if (adding) {
3276 LOG_INFO("EIR Adding UUID=0x%04X into extended inquiry response", uuid16);
3277
3278 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3279 } else {
3280 LOG_INFO("EIR Removing UUID=0x%04X from extended inquiry response", uuid16);
3281
3282 get_btm_client_interface().eir.BTM_RemoveEirService(bta_dm_cb.eir_uuid,
3283 uuid16);
3284 }
3285
3286 bta_dm_set_eir(NULL);
3287 }
3288 #endif
3289
find_connected_device(const RawAddress & bd_addr,UNUSED_ATTR tBT_TRANSPORT transport)3290 static tBTA_DM_PEER_DEVICE* find_connected_device(
3291 const RawAddress& bd_addr, UNUSED_ATTR tBT_TRANSPORT transport) {
3292 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
3293 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
3294 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3295 return &bta_dm_cb.device_list.peer_device[i];
3296 }
3297 return nullptr;
3298 }
3299
3300 /*******************************************************************************
3301 *
3302 * Function bta_dm_encrypt_cback
3303 *
3304 * Description link encryption complete callback.
3305 *
3306 * Returns None
3307 *
3308 ******************************************************************************/
bta_dm_encrypt_cback(const RawAddress * bd_addr,tBT_TRANSPORT transport,UNUSED_ATTR void * p_ref_data,tBTM_STATUS result)3309 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3310 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3311 tBTA_DM_ENCRYPT_CBACK* p_callback = nullptr;
3312 tBTA_DM_PEER_DEVICE* device = find_connected_device(*bd_addr, transport);
3313 if (device != nullptr) {
3314 p_callback = device->p_encrypt_cback;
3315 device->p_encrypt_cback = nullptr;
3316 }
3317
3318 tBTA_STATUS bta_status = BTA_SUCCESS;
3319 switch (result) {
3320 case BTM_SUCCESS:
3321 LOG_WARN("Encrypted link peer:%s transport:%s status:%s callback:%c",
3322 PRIVATE_ADDRESS((*bd_addr)),
3323 bt_transport_text(transport).c_str(),
3324 btm_status_text(result).c_str(), (p_callback) ? 'T' : 'F');
3325 break;
3326 case BTM_WRONG_MODE:
3327 LOG_WARN(
3328 "Unable to encrypt link peer:%s transport:%s status:%s callback:%c",
3329 PRIVATE_ADDRESS((*bd_addr)), bt_transport_text(transport).c_str(),
3330 btm_status_text(result).c_str(), (p_callback) ? 'T' : 'F');
3331 bta_status = BTA_WRONG_MODE;
3332 break;
3333 case BTM_NO_RESOURCES:
3334 LOG_WARN(
3335 "Unable to encrypt link peer:%s transport:%s status:%s callback:%c",
3336 PRIVATE_ADDRESS((*bd_addr)), bt_transport_text(transport).c_str(),
3337 btm_status_text(result).c_str(), (p_callback) ? 'T' : 'F');
3338 bta_status = BTA_NO_RESOURCES;
3339 break;
3340 case BTM_BUSY:
3341 LOG_WARN(
3342 "Unable to encrypt link peer:%s transport:%s status:%s callback:%c",
3343 PRIVATE_ADDRESS((*bd_addr)), bt_transport_text(transport).c_str(),
3344 btm_status_text(result).c_str(), (p_callback) ? 'T' : 'F');
3345 bta_status = BTA_BUSY;
3346 break;
3347 default:
3348 LOG_ERROR(
3349 "Failed to encrypt link peer:%s transport:%s status:%s callback:%c",
3350 PRIVATE_ADDRESS((*bd_addr)), bt_transport_text(transport).c_str(),
3351 btm_status_text(result).c_str(), (p_callback) ? 'T' : 'F');
3352 bta_status = BTA_FAILURE;
3353 break;
3354 }
3355 if (p_callback) {
3356 (*p_callback)(*bd_addr, transport, bta_status);
3357 }
3358 }
3359
3360 /**This function to encrypt the link */
bta_dm_set_encryption(const RawAddress & bd_addr,tBT_TRANSPORT transport,tBTA_DM_ENCRYPT_CBACK * p_callback,tBTM_BLE_SEC_ACT sec_act)3361 void bta_dm_set_encryption(const RawAddress& bd_addr, tBT_TRANSPORT transport,
3362 tBTA_DM_ENCRYPT_CBACK* p_callback,
3363 tBTM_BLE_SEC_ACT sec_act) {
3364 if (p_callback == nullptr) {
3365 LOG_ERROR("bta_dm_set_encryption callback is not provided");
3366 return;
3367 }
3368
3369 tBTA_DM_PEER_DEVICE* device = find_connected_device(bd_addr, transport);
3370 if (device == nullptr) {
3371 LOG_ERROR("Unable to find active ACL connection device:%s transport:%s",
3372 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
3373 return;
3374 }
3375
3376 if (device->p_encrypt_cback) {
3377 LOG_ERROR(
3378 "Unable to start encryption as already in progress peer:%s "
3379 "transport:%s",
3380 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
3381 (*p_callback)(bd_addr, transport, BTA_BUSY);
3382 return;
3383 }
3384
3385 if (BTM_SetEncryption(bd_addr, transport, bta_dm_encrypt_cback, NULL,
3386 sec_act) == BTM_CMD_STARTED) {
3387 device->p_encrypt_cback = p_callback;
3388 LOG_DEBUG("Started encryption peer:%s transport:%s",
3389 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
3390 } else {
3391 LOG_ERROR("Unable to start encryption process peer:%s transport:%s",
3392 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
3393 }
3394 }
3395
bta_dm_check_if_only_hd_connected(const RawAddress & peer_addr)3396 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3397 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3398
3399 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3400 // Check if profiles other than hid are connected
3401 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3402 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3403 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3404 bta_dm_conn_srvcs.conn_srvc[j].id);
3405 return false;
3406 }
3407 }
3408
3409 return true;
3410 }
3411
3412 /*******************************************************************************
3413 *
3414 * Function bta_dm_observe_results_cb
3415 *
3416 * Description Callback for BLE Observe result
3417 *
3418 *
3419 * Returns void
3420 *
3421 ******************************************************************************/
bta_dm_observe_results_cb(tBTM_INQ_RESULTS * p_inq,const uint8_t * p_eir,uint16_t eir_len)3422 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq,
3423 const uint8_t* p_eir, uint16_t eir_len) {
3424 tBTA_DM_SEARCH result;
3425 tBTM_INQ_INFO* p_inq_info;
3426 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3427
3428 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3429 result.inq_res.original_bda = p_inq->original_bda;
3430 result.inq_res.rssi = p_inq->rssi;
3431 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3432 result.inq_res.inq_result_type = p_inq->inq_result_type;
3433 result.inq_res.device_type = p_inq->device_type;
3434 result.inq_res.flag = p_inq->flag;
3435 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3436 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3437 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3438 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3439 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3440 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3441
3442 /* application will parse EIR to find out remote device name */
3443 result.inq_res.p_eir = const_cast<uint8_t*>(p_eir);
3444 result.inq_res.eir_len = eir_len;
3445
3446 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3447 if (p_inq_info != NULL) {
3448 /* initialize remt_name_not_required to false so that we get the name by
3449 * default */
3450 result.inq_res.remt_name_not_required = false;
3451 }
3452
3453 if (bta_dm_search_cb.p_scan_cback)
3454 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3455
3456 if (p_inq_info) {
3457 /* application indicates if it knows the remote name, inside the callback
3458 copy that to the inquiry data base*/
3459 if (result.inq_res.remt_name_not_required)
3460 p_inq_info->appl_knows_rem_name = true;
3461 }
3462 }
3463
3464 /*******************************************************************************
3465 *
3466 * Function bta_dm_opportunistic_observe_results_cb
3467 *
3468 * Description Callback for BLE Observe result
3469 *
3470 *
3471 * Returns void
3472 *
3473 ******************************************************************************/
bta_dm_opportunistic_observe_results_cb(tBTM_INQ_RESULTS * p_inq,const uint8_t * p_eir,uint16_t eir_len)3474 static void bta_dm_opportunistic_observe_results_cb(tBTM_INQ_RESULTS* p_inq,
3475 const uint8_t* p_eir,
3476 uint16_t eir_len) {
3477 tBTA_DM_SEARCH result;
3478 tBTM_INQ_INFO* p_inq_info;
3479
3480 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3481 result.inq_res.rssi = p_inq->rssi;
3482 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3483 result.inq_res.inq_result_type = p_inq->inq_result_type;
3484 result.inq_res.device_type = p_inq->device_type;
3485 result.inq_res.flag = p_inq->flag;
3486 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3487 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3488 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3489 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3490 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3491 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3492
3493 /* application will parse EIR to find out remote device name */
3494 result.inq_res.p_eir = const_cast<uint8_t*>(p_eir);
3495 result.inq_res.eir_len = eir_len;
3496
3497 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3498 if (p_inq_info != NULL) {
3499 /* initialize remt_name_not_required to false so that we get the name by
3500 * default */
3501 result.inq_res.remt_name_not_required = false;
3502 }
3503
3504 if (bta_dm_search_cb.p_csis_scan_cback)
3505 bta_dm_search_cb.p_csis_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3506
3507 if (p_inq_info) {
3508 /* application indicates if it knows the remote name, inside the callback
3509 copy that to the inquiry data base*/
3510 if (result.inq_res.remt_name_not_required)
3511 p_inq_info->appl_knows_rem_name = true;
3512 }
3513 }
3514
3515 /*******************************************************************************
3516 *
3517 * Function bta_dm_observe_cmpl_cb
3518 *
3519 * Description Callback for BLE Observe complete
3520 *
3521 *
3522 * Returns void
3523 *
3524 ******************************************************************************/
bta_dm_observe_cmpl_cb(void * p_result)3525 static void bta_dm_observe_cmpl_cb(void* p_result) {
3526 tBTA_DM_SEARCH data;
3527
3528 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3529
3530 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3531 if (bta_dm_search_cb.p_scan_cback) {
3532 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3533 }
3534 if (bta_dm_search_cb.p_csis_scan_cback) {
3535 bta_dm_search_cb.p_csis_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3536 }
3537 }
3538
ble_io_req(const RawAddress & bd_addr,tBTM_IO_CAP * p_io_cap,tBTM_OOB_DATA * p_oob_data,tBTM_LE_AUTH_REQ * p_auth_req,uint8_t * p_max_key_size,tBTM_LE_KEY_TYPE * p_init_key,tBTM_LE_KEY_TYPE * p_resp_key)3539 static void ble_io_req(const RawAddress& bd_addr, tBTM_IO_CAP* p_io_cap,
3540 tBTM_OOB_DATA* p_oob_data, tBTM_LE_AUTH_REQ* p_auth_req,
3541 uint8_t* p_max_key_size, tBTM_LE_KEY_TYPE* p_init_key,
3542 tBTM_LE_KEY_TYPE* p_resp_key) {
3543 bte_appl_cfg.ble_io_cap = btif_storage_get_local_io_caps_ble();
3544
3545 /* Retrieve the properties from file system if possible */
3546 tBTE_APPL_CFG nv_config;
3547 if (btif_dm_get_smp_config(&nv_config)) bte_appl_cfg = nv_config;
3548
3549 /* *p_auth_req by default is false for devices with NoInputNoOutput; true for
3550 * other devices. */
3551
3552 if (bte_appl_cfg.ble_auth_req)
3553 *p_auth_req = bte_appl_cfg.ble_auth_req |
3554 (bte_appl_cfg.ble_auth_req & 0x04) | ((*p_auth_req) & 0x04);
3555
3556 /* if OOB is not supported, this call-out function does not need to do
3557 * anything
3558 * otherwise, look for the OOB data associated with the address and set
3559 * *p_oob_data accordingly.
3560 * If the answer can not be obtained right away,
3561 * set *p_oob_data to BTA_OOB_UNKNOWN and call bta_dm_ci_io_req() when the
3562 * answer is available.
3563 */
3564
3565 btif_dm_set_oob_for_le_io_req(bd_addr, p_oob_data, p_auth_req);
3566
3567 if (bte_appl_cfg.ble_io_cap <= 4) *p_io_cap = bte_appl_cfg.ble_io_cap;
3568
3569 if (bte_appl_cfg.ble_init_key <= BTM_BLE_INITIATOR_KEY_SIZE)
3570 *p_init_key = bte_appl_cfg.ble_init_key;
3571
3572 if (bte_appl_cfg.ble_resp_key <= BTM_BLE_RESPONDER_KEY_SIZE)
3573 *p_resp_key = bte_appl_cfg.ble_resp_key;
3574
3575 if (bte_appl_cfg.ble_max_key_size > 7 && bte_appl_cfg.ble_max_key_size <= 16)
3576 *p_max_key_size = bte_appl_cfg.ble_max_key_size;
3577 }
3578
3579 /*******************************************************************************
3580 *
3581 * Function bta_dm_ble_smp_cback
3582 *
3583 * Description Callback for BLE SMP
3584 *
3585 *
3586 * Returns void
3587 *
3588 ******************************************************************************/
bta_dm_ble_smp_cback(tBTM_LE_EVT event,const RawAddress & bda,tBTM_LE_EVT_DATA * p_data)3589 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
3590 tBTM_LE_EVT_DATA* p_data) {
3591 tBTM_STATUS status = BTM_SUCCESS;
3592 tBTA_DM_SEC sec_event;
3593 char* p_name = NULL;
3594
3595 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
3596
3597 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
3598 switch (event) {
3599 case BTM_LE_IO_REQ_EVT:
3600 ble_io_req(bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
3601 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
3602 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
3603 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
3604 p_data->io_req.oob_data);
3605 break;
3606
3607 case BTM_LE_CONSENT_REQ_EVT:
3608 sec_event.ble_req.bd_addr = bda;
3609 p_name = BTM_SecReadDevName(bda);
3610 if (p_name != NULL)
3611 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
3612 else
3613 sec_event.ble_req.bd_name[0] = 0;
3614 bta_dm_cb.p_sec_cback(BTA_DM_BLE_CONSENT_REQ_EVT, &sec_event);
3615 break;
3616
3617 case BTM_LE_SEC_REQUEST_EVT:
3618 sec_event.ble_req.bd_addr = bda;
3619 p_name = (bluetooth::shim::is_gd_security_enabled())
3620 ? bluetooth::shim::BTM_SecReadDevName(bda)
3621 : BTM_SecReadDevName(bda);
3622 if (p_name != NULL)
3623 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN + 1);
3624 else
3625 sec_event.ble_req.bd_name[0] = 0;
3626 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
3627 break;
3628
3629 case BTM_LE_KEY_NOTIF_EVT:
3630 sec_event.key_notif.bd_addr = bda;
3631 p_name = (bluetooth::shim::is_gd_security_enabled())
3632 ? bluetooth::shim::BTM_SecReadDevName(bda)
3633 : BTM_SecReadDevName(bda);
3634 if (p_name != NULL)
3635 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN + 1);
3636 else
3637 sec_event.key_notif.bd_name[0] = 0;
3638 sec_event.key_notif.passkey = p_data->key_notif;
3639 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
3640 break;
3641
3642 case BTM_LE_KEY_REQ_EVT:
3643 sec_event.ble_req.bd_addr = bda;
3644 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
3645 break;
3646
3647 case BTM_LE_OOB_REQ_EVT:
3648 sec_event.ble_req.bd_addr = bda;
3649 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
3650 break;
3651
3652 case BTM_LE_NC_REQ_EVT:
3653 sec_event.key_notif.bd_addr = bda;
3654 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
3655 (BD_NAME_LEN + 1));
3656 sec_event.key_notif.passkey = p_data->key_notif;
3657 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
3658 break;
3659
3660 case BTM_LE_SC_OOB_REQ_EVT:
3661 sec_event.ble_req.bd_addr = bda;
3662 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
3663 break;
3664
3665 case BTM_LE_SC_LOC_OOB_EVT:
3666 tBTA_DM_LOC_OOB_DATA local_oob_data;
3667 local_oob_data.local_oob_c = p_data->local_oob_data.commitment;
3668 local_oob_data.local_oob_r = p_data->local_oob_data.randomizer;
3669 sec_event.local_oob_data = local_oob_data;
3670 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_CR_LOC_OOB_EVT, &sec_event);
3671 break;
3672
3673 case BTM_LE_KEY_EVT:
3674 sec_event.ble_key.bd_addr = bda;
3675 sec_event.ble_key.key_type = p_data->key.key_type;
3676 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
3677 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
3678 break;
3679
3680 case BTM_LE_COMPLT_EVT:
3681 sec_event.auth_cmpl.bd_addr = bda;
3682 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
3683 &sec_event.auth_cmpl.addr_type);
3684 p_name = (bluetooth::shim::is_gd_security_enabled())
3685 ? bluetooth::shim::BTM_SecReadDevName(bda)
3686 : BTM_SecReadDevName(bda);
3687 if (p_name != NULL)
3688 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN + 1));
3689 else
3690 sec_event.auth_cmpl.bd_name[0] = 0;
3691
3692 if (p_data->complt.reason != HCI_SUCCESS) {
3693 // TODO This is not a proper use of this type
3694 sec_event.auth_cmpl.fail_reason =
3695 static_cast<tHCI_STATUS>(BTA_DM_AUTH_CONVERT_SMP_CODE(
3696 (static_cast<uint8_t>(p_data->complt.reason))));
3697
3698 if (btm_sec_is_a_bonded_dev(bda) &&
3699 p_data->complt.reason == SMP_CONN_TOUT &&
3700 !p_data->complt.smp_over_br) {
3701 // Bonded device failed to encrypt - to test this remove battery from
3702 // HID device right after connection, but before encryption is
3703 // established
3704 LOG(INFO) << __func__
3705 << ": bonded device disconnected when encrypting - no "
3706 "reason to unbond";
3707 } else {
3708 /* delete this device entry from Sec Dev DB */
3709 bta_dm_remove_sec_dev_entry(bda);
3710 }
3711
3712 } else {
3713 sec_event.auth_cmpl.success = true;
3714 if (!p_data->complt.smp_over_br)
3715 GATT_ConfigServiceChangeCCC(bda, true, BT_TRANSPORT_LE);
3716 }
3717
3718 if (bta_dm_cb.p_sec_cback) {
3719 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
3720 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
3721 }
3722 break;
3723
3724 case BTM_LE_ADDR_ASSOC_EVT:
3725 sec_event.proc_id_addr.pairing_bda = bda;
3726 sec_event.proc_id_addr.id_addr = p_data->id_addr;
3727 bta_dm_cb.p_sec_cback(BTA_DM_LE_ADDR_ASSOC_EVT, &sec_event);
3728 break;
3729
3730 default:
3731 status = BTM_NOT_AUTHORIZED;
3732 break;
3733 }
3734 return status;
3735 }
3736
3737 /*******************************************************************************
3738 *
3739 * Function bta_dm_ble_id_key_cback
3740 *
3741 * Description Callback for BLE local ID keys
3742 *
3743 *
3744 * Returns void
3745 *
3746 ******************************************************************************/
bta_dm_ble_id_key_cback(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)3747 static void bta_dm_ble_id_key_cback(uint8_t key_type,
3748 tBTM_BLE_LOCAL_KEYS* p_key) {
3749 switch (key_type) {
3750 case BTM_BLE_KEY_TYPE_ID:
3751 case BTM_BLE_KEY_TYPE_ER:
3752 if (bta_dm_cb.p_sec_cback) {
3753 tBTA_DM_SEC dm_key = {
3754 .ble_id_keys = {},
3755 };
3756 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
3757
3758 tBTA_DM_SEC_EVT evt = (key_type == BTM_BLE_KEY_TYPE_ID)
3759 ? BTA_DM_BLE_LOCAL_IR_EVT
3760 : BTA_DM_BLE_LOCAL_ER_EVT;
3761 bta_dm_cb.p_sec_cback(evt, &dm_key);
3762 }
3763 break;
3764
3765 default:
3766 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
3767 break;
3768 }
3769 return;
3770 }
3771
3772 /*******************************************************************************
3773 *
3774 * Function bta_dm_add_blekey
3775 *
3776 * Description This function adds an BLE Key to an security database entry.
3777 * This function shall only be called AFTER BTA_DmAddBleDevice
3778 * has been called.
3779 * It is normally called during host startup to restore all
3780 * required information stored in the NVRAM.
3781 *
3782 * Parameters:
3783 *
3784 ******************************************************************************/
bta_dm_add_blekey(const RawAddress & bd_addr,tBTA_LE_KEY_VALUE blekey,tBTM_LE_KEY_TYPE key_type)3785 void bta_dm_add_blekey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE blekey,
3786 tBTM_LE_KEY_TYPE key_type) {
3787 BTM_SecAddBleKey(bd_addr, (tBTM_LE_KEY_VALUE*)&blekey, key_type);
3788 }
3789
3790 /*******************************************************************************
3791 *
3792 * Function bta_dm_add_ble_device
3793 *
3794 * Description This function adds an BLE device to an security database
3795 * entry.
3796 * It is normally called during host startup to restore all
3797 * required information stored in the NVRAM.
3798 *
3799 * Parameters:
3800 *
3801 ******************************************************************************/
bta_dm_add_ble_device(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_DEVICE_TYPE dev_type)3802 void bta_dm_add_ble_device(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
3803 tBT_DEVICE_TYPE dev_type) {
3804 BTM_SecAddBleDevice(bd_addr, dev_type, addr_type);
3805 }
3806
3807 /*******************************************************************************
3808 *
3809 * Function bta_dm_add_ble_device
3810 *
3811 * Description This function adds an BLE device to an security database
3812 * entry.
3813 * It is normally called during host startup to restore all
3814 * required information stored in the NVRAM.
3815 *
3816 * Parameters:
3817 *
3818 ******************************************************************************/
bta_dm_ble_passkey_reply(const RawAddress & bd_addr,bool accept,uint32_t passkey)3819 void bta_dm_ble_passkey_reply(const RawAddress& bd_addr, bool accept,
3820 uint32_t passkey) {
3821 BTM_BlePasskeyReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
3822 passkey);
3823 }
3824
3825 /** This is response to SM numeric comparison request submitted to application.
3826 */
bta_dm_ble_confirm_reply(const RawAddress & bd_addr,bool accept)3827 void bta_dm_ble_confirm_reply(const RawAddress& bd_addr, bool accept) {
3828 BTM_BleConfirmReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED);
3829 }
3830
3831 /** This function set the preferred connection parameters */
bta_dm_ble_set_conn_params(const RawAddress & bd_addr,uint16_t conn_int_min,uint16_t conn_int_max,uint16_t peripheral_latency,uint16_t supervision_tout)3832 void bta_dm_ble_set_conn_params(const RawAddress& bd_addr,
3833 uint16_t conn_int_min, uint16_t conn_int_max,
3834 uint16_t peripheral_latency,
3835 uint16_t supervision_tout) {
3836 L2CA_AdjustConnectionIntervals(&conn_int_min, &conn_int_max,
3837 BTM_BLE_CONN_INT_MIN);
3838
3839 BTM_BleSetPrefConnParams(bd_addr, conn_int_min, conn_int_max,
3840 peripheral_latency, supervision_tout);
3841 }
3842
3843 /** This function update LE connection parameters */
bta_dm_ble_update_conn_params(const RawAddress & bd_addr,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)3844 void bta_dm_ble_update_conn_params(const RawAddress& bd_addr, uint16_t min_int,
3845 uint16_t max_int, uint16_t latency,
3846 uint16_t timeout, uint16_t min_ce_len,
3847 uint16_t max_ce_len) {
3848 L2CA_AdjustConnectionIntervals(&min_int, &max_int, BTM_BLE_CONN_INT_MIN);
3849
3850 if (!L2CA_UpdateBleConnParams(bd_addr, min_int, max_int, latency, timeout,
3851 min_ce_len, max_ce_len)) {
3852 APPL_TRACE_ERROR("Update connection parameters failed!");
3853 }
3854 }
3855
3856 /** This function set the local device LE privacy settings. */
bta_dm_ble_config_local_privacy(bool privacy_enable)3857 void bta_dm_ble_config_local_privacy(bool privacy_enable) {
3858 BTM_BleConfigPrivacy(privacy_enable);
3859 }
3860
bta_dm_start_scan(uint8_t duration_sec)3861 static void bta_dm_start_scan(uint8_t duration_sec) {
3862 tBTM_STATUS status = BTM_BleObserve(
3863 true, duration_sec, bta_dm_observe_results_cb, bta_dm_observe_cmpl_cb);
3864
3865 if (status != BTM_CMD_STARTED) {
3866 tBTA_DM_SEARCH data = {
3867 .inq_cmpl =
3868 {
3869 .num_resps = 0,
3870 },
3871 };
3872 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
3873 status);
3874 if (bta_dm_search_cb.p_scan_cback) {
3875 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3876 }
3877 if (bta_dm_search_cb.p_csis_scan_cback) {
3878 bta_dm_search_cb.p_csis_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3879 }
3880 }
3881 }
3882
bta_dm_ble_observe(bool start,uint8_t duration,tBTA_DM_SEARCH_CBACK * p_cback)3883 void bta_dm_ble_observe(bool start, uint8_t duration,
3884 tBTA_DM_SEARCH_CBACK* p_cback) {
3885 if (!start) {
3886 bta_dm_search_cb.p_scan_cback = NULL;
3887 BTM_BleObserve(false, 0, NULL, NULL);
3888 return;
3889 }
3890
3891 /*Save the callback to be called when a scan results are available */
3892 bta_dm_search_cb.p_scan_cback = p_cback;
3893 bta_dm_start_scan(duration);
3894 }
3895
bta_dm_ble_scan(bool start,uint8_t duration_sec)3896 void bta_dm_ble_scan(bool start, uint8_t duration_sec) {
3897 /* Start or stop only if there is no active main scanner */
3898 if (bta_dm_search_cb.p_scan_cback != NULL) return;
3899
3900 if (!start) {
3901 BTM_BleObserve(false, 0, NULL, NULL);
3902 return;
3903 }
3904
3905 bta_dm_start_scan(duration_sec);
3906 }
3907
bta_dm_ble_csis_observe(bool observe,tBTA_DM_SEARCH_CBACK * p_cback)3908 void bta_dm_ble_csis_observe(bool observe, tBTA_DM_SEARCH_CBACK* p_cback) {
3909 if (!observe) {
3910 bta_dm_search_cb.p_csis_scan_cback = NULL;
3911 BTM_BleOpportunisticObserve(false, NULL);
3912 return;
3913 }
3914
3915 /* Save the callback to be called when a scan results are available */
3916 bta_dm_search_cb.p_csis_scan_cback = p_cback;
3917 BTM_BleOpportunisticObserve(true, bta_dm_opportunistic_observe_results_cb);
3918 }
3919
3920 /** This function set the maximum transmission packet size */
bta_dm_ble_set_data_length(const RawAddress & bd_addr)3921 void bta_dm_ble_set_data_length(const RawAddress& bd_addr) {
3922 const controller_t* controller = controller_get_interface();
3923 uint16_t max_len = controller->get_ble_maximum_tx_data_length();
3924
3925 if (BTM_SetBleDataLength(bd_addr, max_len) != BTM_SUCCESS) {
3926 LOG_INFO("Unable to set ble data length:%hu", max_len);
3927 }
3928 }
3929
3930 /*******************************************************************************
3931 *
3932 * Function bta_ble_enable_scan_cmpl
3933 *
3934 * Description ADV payload filtering enable / disable complete callback
3935 *
3936 *
3937 * Returns None
3938 *
3939 ******************************************************************************/
bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tHCI_STATUS status)3940 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
3941 tBTM_BLE_RX_TIME_MS rx_time,
3942 tBTM_BLE_IDLE_TIME_MS idle_time,
3943 tBTM_BLE_ENERGY_USED energy_used,
3944 tHCI_STATUS status) {
3945 tBTA_STATUS st = (status == HCI_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
3946 tBTM_CONTRL_STATE ctrl_state = BTM_CONTRL_UNKNOWN;
3947
3948 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
3949
3950 if (bta_dm_cb.p_energy_info_cback)
3951 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
3952 ctrl_state, st);
3953 }
3954
3955 /** This function obtains the energy info */
bta_dm_ble_get_energy_info(tBTA_BLE_ENERGY_INFO_CBACK * p_energy_info_cback)3956 void bta_dm_ble_get_energy_info(
3957 tBTA_BLE_ENERGY_INFO_CBACK* p_energy_info_cback) {
3958 bta_dm_cb.p_energy_info_cback = p_energy_info_cback;
3959 tBTM_STATUS btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
3960 if (btm_status != BTM_CMD_STARTED)
3961 bta_ble_energy_info_cmpl(0, 0, 0, 0, HCI_ERR_UNSPECIFIED);
3962 }
3963
3964 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
3965 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
3966 #endif
3967
3968 /*******************************************************************************
3969 *
3970 * Function bta_dm_gattc_register
3971 *
3972 * Description Register with GATTC in DM if BLE is needed.
3973 *
3974 *
3975 * Returns void
3976 *
3977 ******************************************************************************/
bta_dm_gattc_register(void)3978 static void bta_dm_gattc_register(void) {
3979 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
3980 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
3981 base::Bind([](uint8_t client_id, uint8_t status) {
3982 if (status == GATT_SUCCESS)
3983 bta_dm_search_cb.client_if = client_id;
3984 else
3985 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
3986
3987 }), false);
3988 }
3989 }
3990
3991 /*******************************************************************************
3992 *
3993 * Function bta_dm_gatt_disc_complete
3994 *
3995 * Description This function process the GATT service search complete.
3996 *
3997 * Parameters:
3998 *
3999 ******************************************************************************/
bta_dm_gatt_disc_complete(uint16_t conn_id,tGATT_STATUS status)4000 static void bta_dm_gatt_disc_complete(uint16_t conn_id, tGATT_STATUS status) {
4001 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
4002
4003 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4004
4005 /* no more services to be discovered */
4006 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
4007 p_msg->disc_result.result.disc_res.result =
4008 (status == GATT_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4009 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
4010 bta_dm_search_cb.services_found);
4011 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
4012 p_msg->disc_result.result.disc_res.num_uuids = 0;
4013 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
4014 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4015 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
4016 bta_dm_get_remname(), BD_NAME_LEN + 1);
4017
4018 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
4019
4020 bta_sys_sendmsg(p_msg);
4021
4022 if (conn_id != GATT_INVALID_CONN_ID) {
4023 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
4024 // Gatt will be close immediately if bluetooth.gatt.delay_close.enabled is
4025 // set to false. If property is true / unset there will be a delay
4026 if (bta_dm_search_cb.gatt_close_timer != nullptr) {
4027 /* start a GATT channel close delay timer */
4028 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
4029 BTA_DM_GATT_CLOSE_DELAY_TOUT,
4030 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
4031 } else {
4032 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4033 p_msg->hdr.event = BTA_DM_DISC_CLOSE_TOUT_EVT;
4034 p_msg->hdr.layer_specific = 0;
4035 bta_sys_sendmsg(p_msg);
4036 }
4037 } else {
4038 if (bluetooth::common::init_flags::
4039 bta_dm_clear_conn_id_on_client_close_is_enabled()) {
4040 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
4041 }
4042 }
4043 }
4044
4045 /*******************************************************************************
4046 *
4047 * Function bta_dm_close_gatt_conn
4048 *
4049 * Description This function close the GATT connection after delay
4050 *timeout.
4051 *
4052 * Parameters:
4053 *
4054 ******************************************************************************/
bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG * p_data)4055 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
4056 if (bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID)
4057 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
4058
4059 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4060 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
4061 }
4062 /*******************************************************************************
4063 *
4064 * Function btm_dm_start_gatt_discovery
4065 *
4066 * Description This is GATT initiate the service search by open a GATT
4067 * connection first.
4068 *
4069 * Parameters:
4070 *
4071 ******************************************************************************/
btm_dm_start_gatt_discovery(const RawAddress & bd_addr)4072 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
4073 bta_dm_search_cb.gatt_disc_active = true;
4074
4075 /* connection is already open */
4076 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
4077 bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID) {
4078 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4079 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
4080 BTA_GATTC_ServiceSearchRequest(bta_dm_search_cb.conn_id, nullptr);
4081 } else {
4082 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
4083 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr,
4084 BTM_BLE_DIRECT_CONNECTION, true);
4085 } else {
4086 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr,
4087 BTM_BLE_DIRECT_CONNECTION, false);
4088 }
4089 }
4090 }
4091
4092 /*******************************************************************************
4093 *
4094 * Function bta_dm_proc_open_evt
4095 *
4096 * Description process BTA_GATTC_OPEN_EVT in DM.
4097 *
4098 * Parameters:
4099 *
4100 ******************************************************************************/
bta_dm_proc_open_evt(tBTA_GATTC_OPEN * p_data)4101 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
4102 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
4103 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
4104 << " connected_bda=" << p_data->remote_bda.address;
4105
4106 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
4107 p_data->conn_id, p_data->client_if, p_data->status);
4108
4109 bta_dm_search_cb.conn_id = p_data->conn_id;
4110
4111 if (p_data->status == GATT_SUCCESS) {
4112 BTA_GATTC_ServiceSearchRequest(p_data->conn_id, nullptr);
4113 } else {
4114 bta_dm_gatt_disc_complete(GATT_INVALID_CONN_ID, p_data->status);
4115 }
4116 }
4117
4118 /*******************************************************************************
4119 *
4120 * Function bta_dm_proc_open_evt
4121 *
4122 * Description process BTA_GATTC_OPEN_EVT in DM.
4123 *
4124 * Parameters:
4125 *
4126 ******************************************************************************/
bta_dm_clear_event_filter(void)4127 void bta_dm_clear_event_filter(void) {
4128 VLOG(1) << "bta_dm_clear_event_filter in bta_dm_act";
4129 bluetooth::shim::BTM_ClearEventFilter();
4130 }
4131
4132 /*******************************************************************************
4133 *
4134 * Function bta_dm_ble_reset_id
4135 *
4136 * Description Reset the local adapter BLE keys.
4137 *
4138 * Parameters:
4139 *
4140 ******************************************************************************/
bta_dm_ble_reset_id(void)4141 void bta_dm_ble_reset_id(void) {
4142 VLOG(1) << "bta_dm_ble_reset_id in bta_dm_act";
4143 bluetooth::shim::BTM_BleResetId();
4144 }
4145
4146 /*******************************************************************************
4147 *
4148 * Function bta_dm_gattc_callback
4149 *
4150 * Description This is GATT client callback function used in DM.
4151 *
4152 * Parameters:
4153 *
4154 ******************************************************************************/
bta_dm_gattc_callback(tBTA_GATTC_EVT event,tBTA_GATTC * p_data)4155 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
4156 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
4157
4158 switch (event) {
4159 case BTA_GATTC_OPEN_EVT:
4160 bta_dm_proc_open_evt(&p_data->open);
4161 break;
4162
4163 case BTA_GATTC_SEARCH_RES_EVT:
4164 break;
4165
4166 case BTA_GATTC_SEARCH_CMPL_EVT:
4167 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
4168 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
4169 p_data->search_cmpl.status);
4170 break;
4171
4172 case BTA_GATTC_CLOSE_EVT:
4173 LOG_INFO("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
4174
4175 /* in case of disconnect before search is completed */
4176 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
4177 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
4178 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
4179 bta_dm_gatt_disc_complete((uint16_t)GATT_INVALID_CONN_ID,
4180 (tGATT_STATUS)GATT_ERROR);
4181 }
4182 break;
4183
4184 default:
4185 break;
4186 }
4187 }
4188
4189 #if (BLE_VND_INCLUDED == TRUE)
4190 /*******************************************************************************
4191 *
4192 * Function bta_dm_ctrl_features_rd_cmpl_cback
4193 *
4194 * Description callback to handle controller feature read complete
4195 *
4196 * Parameters:
4197 *
4198 ******************************************************************************/
bta_dm_ctrl_features_rd_cmpl_cback(tHCI_STATUS result)4199 static void bta_dm_ctrl_features_rd_cmpl_cback(tHCI_STATUS result) {
4200 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
4201 if (result == HCI_SUCCESS) {
4202 if (bta_dm_cb.p_sec_cback)
4203 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
4204 } else {
4205 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
4206 result);
4207 }
4208 }
4209 #endif /* BLE_VND_INCLUDED */
4210
bta_dm_process_delete_key_RC_to_unpair(const RawAddress & bd_addr)4211 void bta_dm_process_delete_key_RC_to_unpair(const RawAddress& bd_addr)
4212 {
4213 LOG_WARN("RC key missing");
4214 tBTA_DM_SEC param = {
4215 .delete_key_RC_to_unpair = {
4216 .bd_addr = bd_addr,
4217 },
4218 };
4219 bta_dm_cb.p_sec_cback(BTA_DM_REPORT_BONDING_EVT, ¶m);
4220 }
4221
4222 namespace bluetooth {
4223 namespace legacy {
4224 namespace testing {
allocate_device_for(const RawAddress & bd_addr,tBT_TRANSPORT transport)4225 tBTA_DM_PEER_DEVICE* allocate_device_for(const RawAddress& bd_addr,
4226 tBT_TRANSPORT transport) {
4227 return ::allocate_device_for(bd_addr, transport);
4228 }
4229
bta_dm_remname_cback(void * p)4230 void bta_dm_remname_cback(void* p) { ::bta_dm_remname_cback(p); }
4231
4232 } // namespace testing
4233 } // namespace legacy
4234 } // namespace bluetooth
4235