1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include <base/bind.h>
31 #include <base/location.h>
32 #include <base/logging.h>
33
34 #include <cstdint>
35
36 #include "btif/include/btif_config.h"
37 #include "common/metrics.h"
38 #include "device/include/controller.h"
39 #include "main/shim/hci_layer.h"
40 #include "osi/include/allocator.h"
41 #include "osi/include/log.h"
42 #include "stack/include/acl_hci_link_interface.h"
43 #include "stack/include/ble_acl_interface.h"
44 #include "stack/include/ble_hci_link_interface.h"
45 #include "stack/include/bt_hdr.h"
46 #include "stack/include/btm_iso_api.h"
47 #include "stack/include/btu.h"
48 #include "stack/include/dev_hci_link_interface.h"
49 #include "stack/include/gatt_api.h"
50 #include "stack/include/hci_error_code.h"
51 #include "stack/include/hci_evt_length.h"
52 #include "stack/include/inq_hci_link_interface.h"
53 #include "stack/include/l2cap_hci_link_interface.h"
54 #include "stack/include/sco_hci_link_interface.h"
55 #include "stack/include/sec_hci_link_interface.h"
56 #include "stack/include/stack_metrics_logging.h"
57 #include "types/hci_role.h"
58 #include "types/raw_address.h"
59
60 using base::Location;
61 using bluetooth::hci::IsoManager;
62
63 bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x); // TODO remove
64 void BTA_sys_signal_hw_error(); // TODO remove
65 void smp_cancel_start_encryption_attempt(); // TODO remove
66 void acl_disconnect_from_handle(uint16_t handle, tHCI_STATUS reason,
67 std::string comment); // TODO remove
68
69 /******************************************************************************/
70 /* L O C A L F U N C T I O N P R O T O T Y P E S */
71 /******************************************************************************/
72 static void btu_hcif_inquiry_comp_evt(uint8_t* p);
73
74 static void btu_hcif_connection_request_evt(const uint8_t* p);
75 static void btu_hcif_disconnection_comp_evt(uint8_t* p);
76 static void btu_hcif_authentication_comp_evt(uint8_t* p);
77 static void btu_hcif_rmt_name_request_comp_evt(const uint8_t* p,
78 uint16_t evt_len);
79 static void btu_hcif_encryption_change_evt(uint8_t* p);
80 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
81 uint8_t evt_len);
82 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
83 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
84 void* context);
85 static void btu_hcif_hardware_error_evt(uint8_t* p);
86 static void btu_hcif_mode_change_evt(uint8_t* p);
87 static void btu_hcif_link_key_notification_evt(const uint8_t* p);
88 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
89 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p);
90 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
91
92 /* Simple Pairing Events */
93 static void btu_hcif_io_cap_request_evt(const uint8_t* p);
94
95 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len);
96 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len);
97 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
98 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len);
99 static void btu_ble_rc_param_req_evt(uint8_t* p, uint8_t len);
100
101 /**
102 * Log HCI event metrics that are not handled in special functions
103 * @param evt_code event code
104 * @param p_event pointer to event parameter, skipping paremter length
105 */
btu_hcif_log_event_metrics(uint8_t evt_code,const uint8_t * p_event)106 void btu_hcif_log_event_metrics(uint8_t evt_code, const uint8_t* p_event) {
107 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
108 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
109 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
110 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
111 int64_t value = 0;
112
113 RawAddress bda = RawAddress::kEmpty;
114 switch (evt_code) {
115 case HCI_IO_CAPABILITY_REQUEST_EVT:
116 case HCI_IO_CAPABILITY_RESPONSE_EVT:
117 case HCI_LINK_KEY_REQUEST_EVT:
118 case HCI_LINK_KEY_NOTIFICATION_EVT:
119 case HCI_USER_PASSKEY_REQUEST_EVT:
120 case HCI_USER_PASSKEY_NOTIFY_EVT:
121 case HCI_USER_CONFIRMATION_REQUEST_EVT:
122 case HCI_KEYPRESS_NOTIFY_EVT:
123 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
124 STREAM_TO_BDADDR(bda, p_event);
125 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
126 value);
127 break;
128 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
129 case HCI_RMT_NAME_REQUEST_COMP_EVT:
130 STREAM_TO_UINT8(status, p_event);
131 STREAM_TO_BDADDR(bda, p_event);
132 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
133 value);
134 break;
135 case HCI_AUTHENTICATION_COMP_EVT:
136 STREAM_TO_UINT8(status, p_event);
137 STREAM_TO_UINT16(handle, p_event);
138 handle = HCID_GET_HANDLE(handle);
139 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
140 value);
141 break;
142 case HCI_ENCRYPTION_CHANGE_EVT: {
143 uint8_t encryption_enabled;
144 STREAM_TO_UINT8(status, p_event);
145 STREAM_TO_UINT16(handle, p_event);
146 STREAM_TO_UINT8(encryption_enabled, p_event);
147 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
148 encryption_enabled);
149 break;
150 }
151 case HCI_CONNECTION_REQUEST_EVT: {
152 DEV_CLASS dc;
153 uint8_t link_type;
154 STREAM_TO_BDADDR(bda, p_event);
155 STREAM_TO_DEVCLASS(dc, p_event);
156 STREAM_TO_UINT8(link_type, p_event);
157 log_link_layer_connection_event(
158 &bda, bluetooth::common::kUnknownConnectionHandle,
159 android::bluetooth::DIRECTION_INCOMING, link_type, cmd, evt_code,
160 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
161 break;
162 }
163 case HCI_DISCONNECTION_COMP_EVT: {
164 STREAM_TO_UINT8(status, p_event);
165 STREAM_TO_UINT16(handle, p_event);
166 STREAM_TO_UINT8(reason, p_event);
167 handle = HCID_GET_HANDLE(handle);
168 log_link_layer_connection_event(
169 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
170 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
171 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
172 break;
173 }
174 case HCI_ESCO_CONNECTION_COMP_EVT: {
175 uint8_t link_type;
176 STREAM_TO_UINT8(status, p_event);
177 STREAM_TO_UINT16(handle, p_event);
178 STREAM_TO_BDADDR(bda, p_event);
179 STREAM_TO_UINT8(link_type, p_event);
180 handle = HCID_GET_HANDLE(handle);
181 log_link_layer_connection_event(
182 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
183 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
184 break;
185 }
186 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
187 STREAM_TO_UINT8(status, p_event);
188 STREAM_TO_UINT16(handle, p_event);
189 handle = HCID_GET_HANDLE(handle);
190 log_link_layer_connection_event(
191 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
192 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
193 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
194 break;
195 }
196 case HCI_BLE_EVENT: {
197 break;
198 }
199 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
200 default:
201 LOG_ERROR(
202 "Unexpectedly received event_code:0x%02x that should not be "
203 "handled here",
204 evt_code);
205 break;
206 }
207 }
208
209 /*******************************************************************************
210 *
211 * Function btu_hcif_process_event
212 *
213 * Description This function is called when an event is received from
214 * the Host Controller.
215 *
216 * Returns void
217 *
218 ******************************************************************************/
btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,const BT_HDR * p_msg)219 void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,
220 const BT_HDR* p_msg) {
221 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
222 uint8_t hci_evt_code, hci_evt_len;
223 uint8_t ble_sub_code;
224 STREAM_TO_UINT8(hci_evt_code, p);
225 STREAM_TO_UINT8(hci_evt_len, p);
226
227 // validate event size
228 if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
229 HCI_TRACE_WARNING("%s: evt:0x%2X, malformed event of size %hhd", __func__,
230 hci_evt_code, hci_evt_len);
231 return;
232 }
233
234 btu_hcif_log_event_metrics(hci_evt_code, p);
235
236 switch (hci_evt_code) {
237 case HCI_INQUIRY_COMP_EVT:
238 btu_hcif_inquiry_comp_evt(p);
239 break;
240 case HCI_INQUIRY_RESULT_EVT:
241 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_STANDARD);
242 break;
243 case HCI_INQUIRY_RSSI_RESULT_EVT:
244 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_WITH_RSSI);
245 break;
246 case HCI_EXTENDED_INQUIRY_RESULT_EVT:
247 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_EXTENDED);
248 break;
249 case HCI_CONNECTION_REQUEST_EVT:
250 btu_hcif_connection_request_evt(p);
251 break;
252 case HCI_DISCONNECTION_COMP_EVT:
253 btu_hcif_disconnection_comp_evt(p);
254 break;
255 case HCI_AUTHENTICATION_COMP_EVT:
256 btu_hcif_authentication_comp_evt(p);
257 break;
258 case HCI_RMT_NAME_REQUEST_COMP_EVT:
259 btu_hcif_rmt_name_request_comp_evt(p, hci_evt_len);
260 break;
261 case HCI_ENCRYPTION_CHANGE_EVT:
262 btu_hcif_encryption_change_evt(p);
263 break;
264 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
265 btu_hcif_encryption_key_refresh_cmpl_evt(p);
266 break;
267 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
268 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
269 break;
270 case HCI_COMMAND_COMPLETE_EVT:
271 LOG_ERROR(
272 "%s should not have received a command complete event. "
273 "Someone didn't go through the hci transmit_command function.",
274 __func__);
275 break;
276 case HCI_COMMAND_STATUS_EVT:
277 LOG_ERROR(
278 "%s should not have received a command status event. "
279 "Someone didn't go through the hci transmit_command function.",
280 __func__);
281 break;
282 case HCI_HARDWARE_ERROR_EVT:
283 btu_hcif_hardware_error_evt(p);
284 break;
285 case HCI_MODE_CHANGE_EVT:
286 btu_hcif_mode_change_evt(p);
287 break;
288 case HCI_PIN_CODE_REQUEST_EVT:
289 btm_sec_pin_code_request(p);
290 break;
291 case HCI_LINK_KEY_REQUEST_EVT:
292 btm_sec_link_key_request(p);
293 break;
294 case HCI_LINK_KEY_NOTIFICATION_EVT:
295 btu_hcif_link_key_notification_evt(p);
296 break;
297 case HCI_READ_CLOCK_OFF_COMP_EVT:
298 btu_hcif_read_clock_off_comp_evt(p);
299 break;
300 case HCI_ESCO_CONNECTION_COMP_EVT:
301 btu_hcif_esco_connection_comp_evt(p);
302 break;
303 case HCI_ESCO_CONNECTION_CHANGED_EVT:
304 btu_hcif_esco_connection_chg_evt(p);
305 break;
306 case HCI_SNIFF_SUB_RATE_EVT:
307 btm_pm_proc_ssr_evt(p, hci_evt_len);
308 break;
309 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
310 btm_sec_rmt_host_support_feat_evt(p);
311 break;
312 case HCI_IO_CAPABILITY_REQUEST_EVT:
313 btu_hcif_io_cap_request_evt(p);
314 break;
315 case HCI_IO_CAPABILITY_RESPONSE_EVT:
316 btm_io_capabilities_rsp(p);
317 break;
318 case HCI_USER_CONFIRMATION_REQUEST_EVT:
319 btm_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
320 break;
321 case HCI_USER_PASSKEY_REQUEST_EVT:
322 btm_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
323 break;
324 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
325 btm_rem_oob_req(p);
326 break;
327 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
328 btm_simple_pair_complete(p);
329 break;
330 case HCI_USER_PASSKEY_NOTIFY_EVT:
331 btm_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
332 break;
333
334 case HCI_BLE_EVENT: {
335 STREAM_TO_UINT8(ble_sub_code, p);
336
337 uint8_t ble_evt_len = hci_evt_len - 1;
338 switch (ble_sub_code) {
339 case HCI_BLE_ADV_PKT_RPT_EVT: /* result of inquiry */
340 btm_ble_process_adv_pkt(ble_evt_len, p);
341 break;
342 case HCI_BLE_LL_CONN_PARAM_UPD_EVT:
343 btu_ble_ll_conn_param_upd_evt(p, ble_evt_len);
344 break;
345 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
346 btm_ble_read_remote_features_complete(p, ble_evt_len);
347 break;
348 case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */
349 btu_ble_proc_ltk_req(p, ble_evt_len);
350 break;
351 case HCI_BLE_RC_PARAM_REQ_EVT:
352 btu_ble_rc_param_req_evt(p, ble_evt_len);
353 break;
354 case HCI_BLE_DATA_LENGTH_CHANGE_EVT:
355 btu_ble_data_length_change_evt(p, hci_evt_len);
356 break;
357
358 case HCI_BLE_PHY_UPDATE_COMPLETE_EVT:
359 btm_ble_process_phy_update_pkt(ble_evt_len, p);
360 break;
361
362 case HCI_LE_EXTENDED_ADVERTISING_REPORT_EVT:
363 btm_ble_process_ext_adv_pkt(hci_evt_len, p);
364 break;
365
366 case HCI_LE_ADVERTISING_SET_TERMINATED_EVT:
367 btm_le_on_advertising_set_terminated(p, hci_evt_len);
368 break;
369
370 case HCI_BLE_REQ_PEER_SCA_CPL_EVT:
371 btm_acl_process_sca_cmpl_pkt(ble_evt_len, p);
372 break;
373
374 case HCI_BLE_PERIODIC_ADV_SYNC_EST_EVT:
375 btm_ble_process_periodic_adv_sync_est_evt(
376 ble_evt_len, const_cast<const uint8_t*>(p));
377 break;
378
379 case HCI_BLE_PERIODIC_ADV_REPORT_EVT:
380 btm_ble_process_periodic_adv_pkt(ble_evt_len,
381 const_cast<const uint8_t*>(p));
382 break;
383
384 case HCI_BLE_PERIODIC_ADV_SYNC_LOST_EVT:
385 btm_ble_process_periodic_adv_sync_lost_evt(ble_evt_len, p);
386 break;
387
388 case HCI_BLE_CIS_EST_EVT:
389 case HCI_BLE_CREATE_BIG_CPL_EVT:
390 case HCI_BLE_TERM_BIG_CPL_EVT:
391 case HCI_BLE_CIS_REQ_EVT:
392 case HCI_BLE_BIG_SYNC_EST_EVT:
393 case HCI_BLE_BIG_SYNC_LOST_EVT:
394 IsoManager::GetInstance()->HandleHciEvent(ble_sub_code, p,
395 ble_evt_len);
396 break;
397
398 case HCI_LE_PERIODIC_ADV_SYNC_TRANSFERE_RECEIVED_EVT:
399 btm_ble_periodic_adv_sync_tx_rcvd(p, hci_evt_len);
400 break;
401
402 case HCI_LE_BIGINFO_ADVERTISING_REPORT_EVT:
403 btm_ble_biginfo_adv_report_rcvd(p, hci_evt_len);
404 break;
405
406 // Events are now captured by gd/hci/le_acl_connection_interface.h
407 case HCI_BLE_CONN_COMPLETE_EVT: // SubeventCode::CONNECTION_COMPLETE
408 case HCI_BLE_ENHANCED_CONN_COMPLETE_EVT: // SubeventCode::ENHANCED_CONNECTION_COMPLETE
409 default:
410 LOG_ERROR(
411 "Unexpectedly received LE sub_event_code:0x%02x that should not "
412 "be handled here",
413 ble_sub_code);
414 break;
415 }
416 } break;
417
418 case HCI_VENDOR_SPECIFIC_EVT:
419 btm_vendor_specific_evt(const_cast<const uint8_t*>(p), hci_evt_len);
420 break;
421
422 // Events now captured by gd::hci_layer module
423 case HCI_NUM_COMPL_DATA_PKTS_EVT: // EventCode::NUMBER_OF_COMPLETED_PACKETS
424 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
425 case HCI_READ_RMT_FEATURES_COMP_EVT: // EventCode::READ_REMOTE_SUPPORTED_FEATURES_COMPLETE
426 case HCI_READ_RMT_VERSION_COMP_EVT: // EventCode::READ_REMOTE_VERSION_INFORMATION_COMPLETE
427 case HCI_ROLE_CHANGE_EVT: // EventCode::ROLE_CHANGE
428 default:
429 LOG_ERROR(
430 "Unexpectedly received event_code:0x%02x that should not be "
431 "handled here",
432 hci_evt_code);
433 break;
434 }
435 }
436
btu_hcif_log_command_metrics(uint16_t opcode,const uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)437 static void btu_hcif_log_command_metrics(uint16_t opcode, const uint8_t* p_cmd,
438 uint16_t cmd_status,
439 bool is_cmd_status) {
440 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
441
442 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
443 if (!is_cmd_status) {
444 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
445 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
446 }
447
448 RawAddress bd_addr;
449 uint16_t handle;
450 uint8_t reason;
451
452 switch (opcode) {
453 case HCI_CREATE_CONNECTION:
454 case HCI_CREATE_CONNECTION_CANCEL:
455 STREAM_TO_BDADDR(bd_addr, p_cmd);
456 log_link_layer_connection_event(
457 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
458 android::bluetooth::DIRECTION_OUTGOING,
459 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
460 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
461 break;
462 case HCI_DISCONNECT:
463 STREAM_TO_UINT16(handle, p_cmd);
464 STREAM_TO_UINT8(reason, p_cmd);
465 log_link_layer_connection_event(
466 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
467 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
468 kUnknownBleEvt, cmd_status, reason);
469 break;
470 case HCI_SETUP_ESCO_CONNECTION:
471 case HCI_ENH_SETUP_ESCO_CONNECTION:
472 STREAM_TO_UINT16(handle, p_cmd);
473 log_link_layer_connection_event(
474 nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
475 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
476 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
477 break;
478 case HCI_ACCEPT_CONNECTION_REQUEST:
479 case HCI_ACCEPT_ESCO_CONNECTION:
480 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
481 STREAM_TO_BDADDR(bd_addr, p_cmd);
482 log_link_layer_connection_event(
483 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
484 android::bluetooth::DIRECTION_INCOMING,
485 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
486 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
487 break;
488 case HCI_REJECT_CONNECTION_REQUEST:
489 case HCI_REJECT_ESCO_CONNECTION:
490 STREAM_TO_BDADDR(bd_addr, p_cmd);
491 STREAM_TO_UINT8(reason, p_cmd);
492 log_link_layer_connection_event(
493 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
494 android::bluetooth::DIRECTION_INCOMING,
495 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
496 kUnknownBleEvt, cmd_status, reason);
497 break;
498
499 // BLE Commands
500 case HCI_BLE_CREATE_LL_CONN: {
501 p_cmd += 2; // Skip LE_Scan_Interval
502 p_cmd += 2; // Skip LE_Scan_Window;
503 uint8_t initiator_filter_policy;
504 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
505 uint8_t peer_address_type;
506 STREAM_TO_UINT8(peer_address_type, p_cmd);
507 STREAM_TO_BDADDR(bd_addr, p_cmd);
508 // Peer address should not be used if initiator filter policy is not 0x00
509 const RawAddress* bd_addr_p = nullptr;
510 if (initiator_filter_policy == 0x00) {
511 bd_addr_p = &bd_addr;
512 if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
513 peer_address_type == BLE_ADDR_RANDOM_ID) {
514 // if identity address is not matched, this address is invalid
515 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
516 false)) {
517 bd_addr_p = nullptr;
518 }
519 }
520 }
521 if (initiator_filter_policy == 0x00 ||
522 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
523 // Selectively log to avoid log spam due to acceptlist connections:
524 // - When doing non-acceptlist connection
525 // - When there is an error in command status
526 log_link_layer_connection_event(
527 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
528 android::bluetooth::DIRECTION_OUTGOING,
529 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
530 kUnknownBleEvt, cmd_status,
531 android::bluetooth::hci::STATUS_UNKNOWN);
532 }
533 break;
534 }
535 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
536 uint8_t initiator_filter_policy;
537 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
538 p_cmd += 1; // Skip Own_Address_Type
539 uint8_t peer_addr_type;
540 STREAM_TO_UINT8(peer_addr_type, p_cmd);
541 STREAM_TO_BDADDR(bd_addr, p_cmd);
542 // Peer address should not be used if initiator filter policy is not 0x00
543 const RawAddress* bd_addr_p = nullptr;
544 if (initiator_filter_policy == 0x00) {
545 bd_addr_p = &bd_addr;
546 // if identity address is not matched, this should be a static address
547 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
548 }
549 if (initiator_filter_policy == 0x00 ||
550 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
551 // Selectively log to avoid log spam due to acceptlist connections:
552 // - When doing non-acceptlist connection
553 // - When there is an error in command status
554 log_link_layer_connection_event(
555 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
556 android::bluetooth::DIRECTION_OUTGOING,
557 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
558 kUnknownBleEvt, cmd_status,
559 android::bluetooth::hci::STATUS_UNKNOWN);
560 }
561 break;
562 }
563 case HCI_BLE_CREATE_CONN_CANCEL:
564 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
565 // Only log errors to prevent log spam due to acceptlist connections
566 log_link_layer_connection_event(
567 nullptr, bluetooth::common::kUnknownConnectionHandle,
568 android::bluetooth::DIRECTION_OUTGOING,
569 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
570 kUnknownBleEvt, cmd_status,
571 android::bluetooth::hci::STATUS_UNKNOWN);
572 }
573 break;
574 case HCI_BLE_CLEAR_ACCEPTLIST:
575 log_link_layer_connection_event(
576 nullptr, bluetooth::common::kUnknownConnectionHandle,
577 android::bluetooth::DIRECTION_INCOMING,
578 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
579 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
580 break;
581 case HCI_BLE_ADD_ACCEPTLIST:
582 case HCI_BLE_REMOVE_ACCEPTLIST: {
583 uint8_t peer_addr_type;
584 STREAM_TO_UINT8(peer_addr_type, p_cmd);
585 STREAM_TO_BDADDR(bd_addr, p_cmd);
586 const RawAddress* bd_addr_p = nullptr;
587 // When peer_addr_type is 0xFF, bd_addr should be ignored per BT spec
588 if (peer_addr_type != BLE_ADDR_ANONYMOUS) {
589 bd_addr_p = &bd_addr;
590 bool addr_is_rpa = peer_addr_type == BLE_ADDR_RANDOM &&
591 BTM_BLE_IS_RESOLVE_BDA(bd_addr);
592 // Only try to match identity address for pseudo if address is not RPA
593 if (!addr_is_rpa) {
594 // if identity address is not matched, this should be a static address
595 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
596 }
597 }
598 log_link_layer_connection_event(
599 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
600 android::bluetooth::DIRECTION_INCOMING,
601 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
602 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
603 break;
604 }
605 case HCI_READ_LOCAL_OOB_DATA:
606 log_classic_pairing_event(RawAddress::kEmpty,
607 bluetooth::common::kUnknownConnectionHandle,
608 opcode, hci_event, cmd_status,
609 android::bluetooth::hci::STATUS_UNKNOWN, 0);
610 break;
611 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
612 uint8_t simple_pairing_mode;
613 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
614 log_classic_pairing_event(
615 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
616 opcode, hci_event, cmd_status,
617 android::bluetooth::hci::STATUS_UNKNOWN, simple_pairing_mode);
618 break;
619 }
620 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
621 uint8_t secure_conn_host_support;
622 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
623 log_classic_pairing_event(
624 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
625 opcode, hci_event, cmd_status,
626 android::bluetooth::hci::STATUS_UNKNOWN, secure_conn_host_support);
627 break;
628 }
629 case HCI_AUTHENTICATION_REQUESTED:
630 STREAM_TO_UINT16(handle, p_cmd);
631 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
632 cmd_status,
633 android::bluetooth::hci::STATUS_UNKNOWN, 0);
634 break;
635 case HCI_SET_CONN_ENCRYPTION: {
636 STREAM_TO_UINT16(handle, p_cmd);
637 uint8_t encryption_enable;
638 STREAM_TO_UINT8(encryption_enable, p_cmd);
639 log_classic_pairing_event(
640 RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
641 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
642 break;
643 }
644 case HCI_DELETE_STORED_LINK_KEY: {
645 uint8_t delete_all_flag;
646 STREAM_TO_BDADDR(bd_addr, p_cmd);
647 STREAM_TO_UINT8(delete_all_flag, p_cmd);
648 log_classic_pairing_event(
649 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
650 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
651 delete_all_flag);
652 break;
653 }
654 case HCI_RMT_NAME_REQUEST:
655 case HCI_RMT_NAME_REQUEST_CANCEL:
656 case HCI_LINK_KEY_REQUEST_REPLY:
657 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
658 case HCI_IO_CAPABILITY_REQUEST_REPLY:
659 case HCI_USER_CONF_REQUEST_REPLY:
660 case HCI_USER_CONF_VALUE_NEG_REPLY:
661 case HCI_USER_PASSKEY_REQ_REPLY:
662 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
663 case HCI_REM_OOB_DATA_REQ_REPLY:
664 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
665 STREAM_TO_BDADDR(bd_addr, p_cmd);
666 log_classic_pairing_event(
667 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
668 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
669 break;
670 case HCI_IO_CAP_REQ_NEG_REPLY:
671 STREAM_TO_BDADDR(bd_addr, p_cmd);
672 STREAM_TO_UINT8(reason, p_cmd);
673 log_classic_pairing_event(bd_addr,
674 bluetooth::common::kUnknownConnectionHandle,
675 opcode, hci_event, cmd_status, reason, 0);
676 break;
677 }
678 }
679
680 /*******************************************************************************
681 *
682 * Function btu_hcif_send_cmd
683 *
684 * Description This function is called to send commands to the Host
685 * Controller.
686 *
687 * Returns void
688 *
689 ******************************************************************************/
btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id,const BT_HDR * p_buf)690 void btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id, const BT_HDR* p_buf) {
691 if (!p_buf) return;
692
693 uint16_t opcode;
694 const uint8_t* stream = p_buf->data + p_buf->offset;
695 void* vsc_callback = NULL;
696
697 STREAM_TO_UINT16(opcode, stream);
698
699 // Eww...horrible hackery here
700 /* If command was a VSC, then extract command_complete callback */
701 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC ||
702 (opcode == HCI_BLE_RAND) || (opcode == HCI_BLE_ENCRYPT)) {
703 vsc_callback = *((void**)(p_buf + 1));
704 }
705
706 // Skip parameter length before logging
707 stream++;
708 btu_hcif_log_command_metrics(opcode, stream,
709 android::bluetooth::hci::STATUS_UNKNOWN, false);
710
711 bluetooth::shim::hci_layer_get_interface()->transmit_command(
712 p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt,
713 vsc_callback);
714 }
715
716 using hci_cmd_cb = base::OnceCallback<void(
717 uint8_t* /* return_parameters */, uint16_t /* return_parameters_length*/)>;
718
719 struct cmd_with_cb_data {
720 hci_cmd_cb cb;
721 base::Location posted_from;
722 };
723
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)724 void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
725 new (&cb_wrapper->cb) hci_cmd_cb;
726 new (&cb_wrapper->posted_from) Location;
727 }
728
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)729 void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
730 cb_wrapper->cb.~hci_cmd_cb();
731 cb_wrapper->posted_from.~Location();
732 }
733
734 /**
735 * Log command complete events that is not handled individually in this file
736 * @param opcode opcode of the command
737 * @param p_return_params pointer to returned parameter after parameter length
738 * field
739 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,const uint8_t * p_return_params)740 static void btu_hcif_log_command_complete_metrics(
741 uint16_t opcode, const uint8_t* p_return_params) {
742 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
743 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
744 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
745 uint16_t hci_ble_event = android::bluetooth::hci::BLE_EVT_UNKNOWN;
746 RawAddress bd_addr = RawAddress::kEmpty;
747 switch (opcode) {
748 case HCI_BLE_CLEAR_ACCEPTLIST:
749 case HCI_BLE_ADD_ACCEPTLIST:
750 case HCI_BLE_REMOVE_ACCEPTLIST: {
751 STREAM_TO_UINT8(status, p_return_params);
752 log_link_layer_connection_event(
753 nullptr, bluetooth::common::kUnknownConnectionHandle,
754 android::bluetooth::DIRECTION_INCOMING,
755 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, hci_ble_event,
756 status, reason);
757 break;
758 }
759 case HCI_DELETE_STORED_LINK_KEY:
760 case HCI_READ_LOCAL_OOB_DATA:
761 case HCI_WRITE_SIMPLE_PAIRING_MODE:
762 case HCI_WRITE_SECURE_CONNS_SUPPORT:
763 STREAM_TO_UINT8(status, p_return_params);
764 log_classic_pairing_event(RawAddress::kEmpty,
765 bluetooth::common::kUnknownConnectionHandle,
766 opcode, hci_event, status, reason, 0);
767 break;
768 case HCI_READ_ENCR_KEY_SIZE: {
769 uint16_t handle;
770 uint8_t key_size;
771 STREAM_TO_UINT8(status, p_return_params);
772 STREAM_TO_UINT16(handle, p_return_params);
773 STREAM_TO_UINT8(key_size, p_return_params);
774 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
775 status, reason, key_size);
776 break;
777 }
778 case HCI_LINK_KEY_REQUEST_REPLY:
779 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
780 case HCI_IO_CAPABILITY_REQUEST_REPLY:
781 case HCI_IO_CAP_REQ_NEG_REPLY:
782 case HCI_USER_CONF_REQUEST_REPLY:
783 case HCI_USER_CONF_VALUE_NEG_REPLY:
784 case HCI_USER_PASSKEY_REQ_REPLY:
785 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
786 case HCI_REM_OOB_DATA_REQ_REPLY:
787 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
788 STREAM_TO_UINT8(status, p_return_params);
789 STREAM_TO_BDADDR(bd_addr, p_return_params);
790 log_classic_pairing_event(bd_addr,
791 bluetooth::common::kUnknownConnectionHandle,
792 opcode, hci_event, status, reason, 0);
793 break;
794 }
795 }
796
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)797 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
798 void* context) {
799 command_opcode_t opcode;
800 // 2 for event header: event code (1) + parameter length (1)
801 // 1 for num_hci_pkt command credit
802 uint8_t* stream = event->data + event->offset + 3;
803 STREAM_TO_UINT16(opcode, stream);
804
805 btu_hcif_log_command_complete_metrics(opcode, stream);
806
807 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
808 HCI_TRACE_DEBUG("command complete for: %s",
809 cb_wrapper->posted_from.ToString().c_str());
810 // 2 for event header: event code (1) + parameter length (1)
811 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
812 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
813 std::move(cb_wrapper->cb).Run(stream, param_len);
814 cmd_with_cb_data_cleanup(cb_wrapper);
815 osi_free(cb_wrapper);
816
817 osi_free(event);
818 }
819
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)820 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
821 void* context) {
822 do_in_main_thread(FROM_HERE,
823 base::Bind(btu_hcif_command_complete_evt_with_cb_on_task,
824 response, context));
825 }
826
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)827 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
828 BT_HDR* event,
829 void* context) {
830 command_opcode_t opcode;
831 uint8_t* stream = event->data + event->offset;
832 STREAM_TO_UINT16(opcode, stream);
833
834 CHECK(status != 0);
835
836 // stream + 1 to skip parameter length field
837 // No need to check length since stream is written by us
838 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
839
840 // report command status error
841 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
842 HCI_TRACE_DEBUG("command status for: %s",
843 cb_wrapper->posted_from.ToString().c_str());
844 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
845 cmd_with_cb_data_cleanup(cb_wrapper);
846 osi_free(cb_wrapper);
847
848 osi_free(event);
849 }
850
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)851 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
852 void* context) {
853 // Command is pending, we report only error.
854 if (!status) {
855 osi_free(command);
856 return;
857 }
858
859 do_in_main_thread(
860 FROM_HERE, base::Bind(btu_hcif_command_status_evt_with_cb_on_task, status,
861 command, context));
862 }
863
864 /* This function is called to send commands to the Host Controller. |cb| is
865 * called when command status event is called with error code, or when the
866 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const base::Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)867 void btu_hcif_send_cmd_with_cb(const base::Location& posted_from,
868 uint16_t opcode, uint8_t* params,
869 uint8_t params_len, hci_cmd_cb cb) {
870 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
871 uint8_t* pp = (uint8_t*)(p + 1);
872
873 p->len = HCIC_PREAMBLE_SIZE + params_len;
874 p->offset = 0;
875
876 UINT16_TO_STREAM(pp, opcode);
877 UINT8_TO_STREAM(pp, params_len);
878 if (params) {
879 memcpy(pp, params, params_len);
880 }
881
882 btu_hcif_log_command_metrics(opcode, pp,
883 android::bluetooth::hci::STATUS_UNKNOWN, false);
884
885 cmd_with_cb_data* cb_wrapper =
886 (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
887
888 cmd_with_cb_data_init(cb_wrapper);
889 cb_wrapper->cb = std::move(cb);
890 cb_wrapper->posted_from = posted_from;
891
892 bluetooth::shim::hci_layer_get_interface()->transmit_command(
893 p, btu_hcif_command_complete_evt_with_cb,
894 btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
895 }
896
897 /*******************************************************************************
898 *
899 * Function btu_hcif_inquiry_comp_evt
900 *
901 * Description Process event HCI_INQUIRY_COMP_EVT
902 *
903 * Returns void
904 *
905 ******************************************************************************/
btu_hcif_inquiry_comp_evt(uint8_t * p)906 static void btu_hcif_inquiry_comp_evt(uint8_t* p) {
907 uint8_t status;
908
909 STREAM_TO_UINT8(status, p);
910
911 /* Tell inquiry processing that we are done */
912 btm_process_inq_complete(to_hci_status_code(status), BTM_BR_INQUIRY_MASK);
913 }
914
915 /*******************************************************************************
916 *
917 * Function btu_hcif_connection_request_evt
918 *
919 * Description Process event HCI_CONNECTION_REQUEST_EVT
920 *
921 * Returns void
922 *
923 ******************************************************************************/
btu_hcif_connection_request_evt(const uint8_t * p)924 static void btu_hcif_connection_request_evt(const uint8_t* p) {
925 RawAddress bda;
926 DEV_CLASS dc;
927 uint8_t link_type;
928
929 STREAM_TO_BDADDR(bda, p);
930 STREAM_TO_DEVCLASS(dc, p);
931 STREAM_TO_UINT8(link_type, p);
932
933 if (link_type == HCI_LINK_TYPE_ACL) {
934 btm_acl_connection_request(bda, dc);
935 } else {
936 btm_sco_conn_req(bda, dc, link_type);
937 }
938 }
939
940 /*******************************************************************************
941 *
942 * Function btu_hcif_disconnection_comp_evt
943 *
944 * Description Process event HCI_DISCONNECTION_COMP_EVT
945 *
946 * Returns void
947 *
948 ******************************************************************************/
btu_hcif_disconnection_comp_evt(uint8_t * p)949 static void btu_hcif_disconnection_comp_evt(uint8_t* p) {
950 uint8_t status;
951 uint16_t handle;
952 uint8_t reason;
953
954 STREAM_TO_UINT8(status, p);
955 STREAM_TO_UINT16(handle, p);
956 STREAM_TO_UINT8(reason, p);
957
958 handle = HCID_GET_HANDLE(handle);
959
960 btm_acl_disconnected(static_cast<tHCI_STATUS>(status), handle,
961 static_cast<tHCI_STATUS>(reason));
962 }
963
964 /*******************************************************************************
965 *
966 * Function btu_hcif_authentication_comp_evt
967 *
968 * Description Process event HCI_AUTHENTICATION_COMP_EVT
969 *
970 * Returns void
971 *
972 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)973 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
974 uint8_t status;
975 uint16_t handle;
976
977 STREAM_TO_UINT8(status, p);
978 STREAM_TO_UINT16(handle, p);
979
980 btm_sec_auth_complete(handle, static_cast<tHCI_STATUS>(status));
981 }
982
983 /*******************************************************************************
984 *
985 * Function btu_hcif_rmt_name_request_comp_evt
986 *
987 * Description Process event HCI_RMT_NAME_REQUEST_COMP_EVT
988 *
989 * Returns void
990 *
991 ******************************************************************************/
btu_hcif_rmt_name_request_comp_evt(const uint8_t * p,uint16_t evt_len)992 static void btu_hcif_rmt_name_request_comp_evt(const uint8_t* p,
993 uint16_t evt_len) {
994 uint8_t status;
995 RawAddress bd_addr;
996
997 STREAM_TO_UINT8(status, p);
998 STREAM_TO_BDADDR(bd_addr, p);
999
1000 evt_len -= (1 + BD_ADDR_LEN);
1001
1002 btm_process_remote_name(&bd_addr, p, evt_len, to_hci_status_code(status));
1003
1004 btm_sec_rmt_name_request_complete(&bd_addr, p, to_hci_status_code(status));
1005 }
1006
1007 constexpr uint8_t MIN_KEY_SIZE = 7;
1008
read_encryption_key_size_complete_after_encryption_change(uint8_t status,uint16_t handle,uint8_t key_size)1009 static void read_encryption_key_size_complete_after_encryption_change(uint8_t status, uint16_t handle,
1010 uint8_t key_size) {
1011 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1012 /* If remote device stop the encryption before we call "Read Encryption Key
1013 * Size", we might receive Insufficient Security, which means that link is
1014 * no longer encrypted. */
1015 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1016 return;
1017 }
1018
1019 if (status != HCI_SUCCESS) {
1020 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1021 acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER,
1022 "stack::btu::btu_hcif::read_encryption_key_size_"
1023 "complete_after_encryption_change Bad key size");
1024 return;
1025 }
1026
1027 if (key_size < MIN_KEY_SIZE) {
1028 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1029 << " key_size: " << +key_size;
1030
1031 acl_disconnect_from_handle(
1032 handle, HCI_ERR_HOST_REJECT_SECURITY,
1033 "stack::btu::btu_hcif::read_encryption_key_size_complete_after_"
1034 "encryption_change Key Too Short");
1035 return;
1036 }
1037
1038 // good key size - succeed
1039 btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1040 1 /* enable */);
1041 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1042 1 /* enable */);
1043 }
1044 /*******************************************************************************
1045 *
1046 * Function btu_hcif_encryption_change_evt
1047 *
1048 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
1049 *
1050 * Returns void
1051 *
1052 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)1053 static void btu_hcif_encryption_change_evt(uint8_t* p) {
1054 uint8_t status;
1055 uint16_t handle;
1056 uint8_t encr_enable;
1057
1058 STREAM_TO_UINT8(status, p);
1059 STREAM_TO_UINT16(handle, p);
1060 STREAM_TO_UINT8(encr_enable, p);
1061
1062 if (status != HCI_SUCCESS || encr_enable == 0 || BTM_IsBleConnection(handle)) {
1063 if (status == HCI_ERR_CONNECTION_TOUT) {
1064 smp_cancel_start_encryption_attempt();
1065 return;
1066 }
1067
1068 btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1069 encr_enable);
1070 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1071 encr_enable);
1072 } else {
1073 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_encryption_change));
1074 }
1075 }
1076
1077 /*******************************************************************************
1078 *
1079 * Function btu_hcif_read_rmt_ext_features_comp_evt
1080 *
1081 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
1082 *
1083 * Returns void
1084 *
1085 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)1086 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
1087 uint8_t evt_len) {
1088 uint8_t* p_cur = p;
1089 uint8_t status;
1090 uint16_t handle;
1091
1092 STREAM_TO_UINT8(status, p_cur);
1093
1094 if (status == HCI_SUCCESS)
1095 btm_read_remote_ext_features_complete_raw(p, evt_len);
1096 else {
1097 STREAM_TO_UINT16(handle, p_cur);
1098 btm_read_remote_ext_features_failed(status, handle);
1099 }
1100 }
1101
1102 /*******************************************************************************
1103 *
1104 * Function btu_hcif_esco_connection_comp_evt
1105 *
1106 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
1107 *
1108 * Returns void
1109 *
1110 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(const uint8_t * p)1111 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p) {
1112 tBTM_ESCO_DATA data;
1113 uint16_t handle;
1114 RawAddress bda;
1115 uint8_t status;
1116
1117 STREAM_TO_UINT8(status, p);
1118 STREAM_TO_UINT16(handle, p);
1119 STREAM_TO_BDADDR(bda, p);
1120
1121 STREAM_TO_UINT8(data.link_type, p);
1122 STREAM_SKIP_UINT8(p); // tx_interval
1123 STREAM_SKIP_UINT8(p); // retrans_window
1124 STREAM_SKIP_UINT16(p); // rx_pkt_len
1125 STREAM_SKIP_UINT16(p); // tx_pkt_len
1126 STREAM_SKIP_UINT8(p); // air_mode
1127
1128 handle = HCID_GET_HANDLE(handle);
1129
1130 data.bd_addr = bda;
1131 if (status == HCI_SUCCESS) {
1132 btm_sco_connected(bda, handle, &data);
1133 } else {
1134 btm_sco_connection_failed(static_cast<tHCI_STATUS>(status), bda, handle,
1135 &data);
1136 }
1137 }
1138
1139 /*******************************************************************************
1140 *
1141 * Function btu_hcif_esco_connection_chg_evt
1142 *
1143 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
1144 *
1145 * Returns void
1146 *
1147 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)1148 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
1149 uint16_t handle;
1150 uint16_t tx_pkt_len;
1151 uint16_t rx_pkt_len;
1152 uint8_t status;
1153 uint8_t tx_interval;
1154 uint8_t retrans_window;
1155
1156 STREAM_TO_UINT8(status, p);
1157 STREAM_TO_UINT16(handle, p);
1158
1159 STREAM_TO_UINT8(tx_interval, p);
1160 STREAM_TO_UINT8(retrans_window, p);
1161 STREAM_TO_UINT16(rx_pkt_len, p);
1162 STREAM_TO_UINT16(tx_pkt_len, p);
1163
1164 handle = HCID_GET_HANDLE(handle);
1165 }
1166
1167 /*******************************************************************************
1168 *
1169 * Function btu_hcif_hdl_command_complete
1170 *
1171 * Description Handle command complete event
1172 *
1173 * Returns void
1174 *
1175 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len,void * p_cplt_cback)1176 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
1177 uint16_t evt_len,
1178 void* p_cplt_cback) {
1179 switch (opcode) {
1180 case HCI_INQUIRY_CANCEL:
1181 /* Tell inquiry processing that we are done */
1182 btm_process_cancel_complete(HCI_SUCCESS, BTM_BR_INQUIRY_MASK);
1183 break;
1184 case HCI_SET_EVENT_FILTER:
1185 break;
1186
1187 case HCI_DELETE_STORED_LINK_KEY:
1188 btm_delete_stored_link_key_complete(p, evt_len);
1189 break;
1190
1191 case HCI_READ_LOCAL_NAME:
1192 btm_read_local_name_complete(p, evt_len);
1193 break;
1194
1195 case HCI_GET_LINK_QUALITY:
1196 btm_read_link_quality_complete(p, evt_len);
1197 break;
1198
1199 case HCI_READ_RSSI:
1200 btm_read_rssi_complete(p, evt_len);
1201 break;
1202
1203 case HCI_READ_FAILED_CONTACT_COUNTER:
1204 btm_read_failed_contact_counter_complete(p);
1205 break;
1206
1207 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
1208 btm_read_automatic_flush_timeout_complete(p);
1209 break;
1210
1211 case HCI_READ_TRANSMIT_POWER_LEVEL:
1212 btm_read_tx_power_complete(p, evt_len, false);
1213 break;
1214
1215 case HCI_CREATE_CONNECTION_CANCEL:
1216 btm_create_conn_cancel_complete(p, evt_len);
1217 break;
1218
1219 case HCI_READ_LOCAL_OOB_DATA:
1220 btm_read_local_oob_complete(p, evt_len);
1221 break;
1222
1223 case HCI_READ_INQ_TX_POWER_LEVEL:
1224 break;
1225
1226 /* BLE Commands sComplete*/
1227 case HCI_BLE_RAND:
1228 case HCI_BLE_ENCRYPT:
1229 btm_ble_rand_enc_complete(p, evt_len, opcode, (tBTM_RAND_ENC_CB*)p_cplt_cback);
1230 break;
1231
1232 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
1233 btm_read_tx_power_complete(p, evt_len, true);
1234 break;
1235
1236 case HCI_BLE_WRITE_ADV_ENABLE:
1237 btm_ble_write_adv_enable_complete(p, evt_len);
1238 break;
1239
1240 case HCI_BLE_CREATE_LL_CONN:
1241 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1242 // No command complete event for those commands according to spec
1243 LOG(ERROR) << "No command complete expected, but received!";
1244 break;
1245
1246 case HCI_BLE_CREATE_CONN_CANCEL:
1247 btm_ble_create_conn_cancel_complete(p);
1248 break;
1249
1250 case HCI_BLE_TRANSMITTER_TEST:
1251 case HCI_BLE_RECEIVER_TEST:
1252 case HCI_BLE_TEST_END:
1253 btm_ble_test_command_complete(p);
1254 break;
1255
1256 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
1257 btm_ble_add_resolving_list_entry_complete(p, evt_len);
1258 break;
1259
1260 case HCI_BLE_RM_DEV_RESOLVING_LIST:
1261 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
1262 break;
1263
1264 case HCI_BLE_CLEAR_RESOLVING_LIST:
1265 btm_ble_clear_resolving_list_complete(p, evt_len);
1266 break;
1267
1268 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
1269 btm_ble_read_resolving_list_entry_complete(p, evt_len);
1270 break;
1271
1272 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
1273 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
1274 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
1275 break;
1276 default:
1277 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC)
1278 btm_vsc_complete(p, opcode, evt_len, (tBTM_VSC_CMPL_CB*)p_cplt_cback);
1279 break;
1280 }
1281 }
1282
1283 /*******************************************************************************
1284 *
1285 * Function btu_hcif_command_complete_evt
1286 *
1287 * Description Process event HCI_COMMAND_COMPLETE_EVT
1288 *
1289 * Returns void
1290 *
1291 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event,void * context)1292 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event,
1293 void* context) {
1294 command_opcode_t opcode;
1295 // 2 for event header: event code (1) + parameter length (1)
1296 // 1 for num_hci_pkt command credit
1297 uint8_t* stream = event->data + event->offset + 3;
1298 STREAM_TO_UINT16(opcode, stream);
1299
1300 btu_hcif_log_command_complete_metrics(opcode, stream);
1301 // 2 for event header: event code (1) + parameter length (1)
1302 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1303 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1304 btu_hcif_hdl_command_complete(opcode, stream, param_len, context);
1305
1306 osi_free(event);
1307 }
1308
btu_hcif_command_complete_evt(BT_HDR * response,void * context)1309 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context) {
1310 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_complete_evt_on_task,
1311 response, context));
1312 }
1313
1314 /*******************************************************************************
1315 *
1316 * Function btu_hcif_hdl_command_status
1317 *
1318 * Description Handle a command status event
1319 *
1320 * Returns void
1321 *
1322 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd,void * p_vsc_status_cback)1323 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1324 const uint8_t* p_cmd,
1325 void* p_vsc_status_cback) {
1326 CHECK_NE(p_cmd, nullptr) << "Null command for opcode 0x" << loghex(opcode);
1327 p_cmd++; // Skip parameter total length
1328
1329 RawAddress bd_addr;
1330 uint16_t handle;
1331
1332 switch (opcode) {
1333 // Link Control Commands
1334 case HCI_INQUIRY:
1335 if (status != HCI_SUCCESS) {
1336 // Tell inquiry processing that we are done
1337 btm_process_inq_complete(to_hci_status_code(status),
1338 BTM_BR_INQUIRY_MASK);
1339 }
1340 break;
1341 case HCI_SWITCH_ROLE:
1342 if (status != HCI_SUCCESS) {
1343 // Tell BTM that the command failed
1344 STREAM_TO_BDADDR(bd_addr, p_cmd);
1345 btm_acl_role_changed(static_cast<tHCI_STATUS>(status), bd_addr,
1346 HCI_ROLE_UNKNOWN);
1347 }
1348 break;
1349 case HCI_CREATE_CONNECTION:
1350 if (status != HCI_SUCCESS) {
1351 STREAM_TO_BDADDR(bd_addr, p_cmd);
1352 btm_acl_connected(bd_addr, HCI_INVALID_HANDLE,
1353 static_cast<tHCI_STATUS>(status), 0);
1354 }
1355 break;
1356 case HCI_AUTHENTICATION_REQUESTED:
1357 if (status != HCI_SUCCESS) {
1358 // Device refused to start authentication
1359 // This is treated as an authentication failure
1360 btm_sec_auth_complete(HCI_INVALID_HANDLE,
1361 static_cast<tHCI_STATUS>(status));
1362 }
1363 break;
1364 case HCI_SET_CONN_ENCRYPTION:
1365 if (status != HCI_SUCCESS) {
1366 // Device refused to start encryption
1367 // This is treated as an encryption failure
1368 btm_sec_encrypt_change(HCI_INVALID_HANDLE,
1369 static_cast<tHCI_STATUS>(status), false);
1370 }
1371 break;
1372 case HCI_RMT_NAME_REQUEST:
1373 if (status != HCI_SUCCESS) {
1374 // Tell inquiry processing that we are done
1375 btm_process_remote_name(nullptr, nullptr, 0,
1376 to_hci_status_code(status));
1377 btm_sec_rmt_name_request_complete(nullptr, nullptr,
1378 to_hci_status_code(status));
1379 }
1380 break;
1381 case HCI_READ_RMT_EXT_FEATURES:
1382 if (status != HCI_SUCCESS) {
1383 STREAM_TO_UINT16(handle, p_cmd);
1384 btm_read_remote_ext_features_failed(status, handle);
1385 }
1386 break;
1387 case HCI_SETUP_ESCO_CONNECTION:
1388 case HCI_ENH_SETUP_ESCO_CONNECTION:
1389 if (status != HCI_SUCCESS) {
1390 STREAM_TO_UINT16(handle, p_cmd);
1391 RawAddress addr(RawAddress::kEmpty);
1392 btm_sco_connection_failed(static_cast<tHCI_STATUS>(status), addr,
1393 handle, nullptr);
1394 }
1395 break;
1396
1397 // BLE Commands
1398 case HCI_BLE_CREATE_LL_CONN:
1399 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1400 if (status != HCI_SUCCESS) {
1401 btm_ble_create_ll_conn_complete(static_cast<tHCI_STATUS>(status));
1402 }
1403 break;
1404 case HCI_BLE_START_ENC:
1405 // Race condition: disconnection happened right before we send
1406 // "LE Encrypt", controller responds with no connection, we should
1407 // cancel the encryption attempt, rather than unpair the device.
1408 if (status == HCI_ERR_NO_CONNECTION) {
1409 smp_cancel_start_encryption_attempt();
1410 }
1411 break;
1412
1413 // Link Policy Commands
1414 case HCI_EXIT_SNIFF_MODE:
1415 case HCI_EXIT_PARK_MODE:
1416 if (status != HCI_SUCCESS) {
1417 // Allow SCO initiation to continue if waiting for change mode event
1418 STREAM_TO_UINT16(handle, p_cmd);
1419 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1420 }
1421 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1422 case HCI_HOLD_MODE:
1423 case HCI_SNIFF_MODE:
1424 case HCI_PARK_MODE:
1425 btm_pm_proc_cmd_status(static_cast<tHCI_STATUS>(status));
1426 break;
1427
1428 default:
1429 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC) {
1430 btm_vsc_complete(&status, opcode, 1,
1431 (tBTM_VSC_CMPL_CB*)p_vsc_status_cback);
1432 }
1433 }
1434 }
1435
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd,void * p_vsc_status_cback)1436 void bluetooth::legacy::testing::btu_hcif_hdl_command_status(
1437 uint16_t opcode, uint8_t status, const uint8_t* p_cmd,
1438 void* p_vsc_status_cback) {
1439 ::btu_hcif_hdl_command_status(opcode, status, p_cmd, p_vsc_status_cback);
1440 }
1441
1442 /*******************************************************************************
1443 *
1444 * Function btu_hcif_command_status_evt
1445 *
1446 * Description Process event HCI_COMMAND_STATUS_EVT
1447 *
1448 * Returns void
1449 *
1450 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event,void * context)1451 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event,
1452 void* context) {
1453 command_opcode_t opcode;
1454 uint8_t* stream = event->data + event->offset;
1455 STREAM_TO_UINT16(opcode, stream);
1456
1457 // stream + 1 to skip parameter length field
1458 // No need to check length since stream is written by us
1459 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1460
1461 btu_hcif_hdl_command_status(opcode, status, stream, context);
1462 osi_free(event);
1463 }
1464
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void * context)1465 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
1466 void* context) {
1467 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_status_evt_on_task,
1468 status, command, context));
1469 }
1470
1471 /*******************************************************************************
1472 *
1473 * Function btu_hcif_hardware_error_evt
1474 *
1475 * Description Process event HCI_HARDWARE_ERROR_EVT
1476 *
1477 * Returns void
1478 *
1479 ******************************************************************************/
btu_hcif_hardware_error_evt(uint8_t * p)1480 static void btu_hcif_hardware_error_evt(uint8_t* p) {
1481 LOG_ERROR("UNHANDLED Ctlr H/w error event - code:0x%x", *p);
1482 BTA_sys_signal_hw_error();
1483 }
1484
1485 /*******************************************************************************
1486 *
1487 * Function btu_hcif_mode_change_evt
1488 *
1489 * Description Process event HCI_MODE_CHANGE_EVT
1490 *
1491 * Returns void
1492 *
1493 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1494 static void btu_hcif_mode_change_evt(uint8_t* p) {
1495 uint8_t status;
1496 uint16_t handle;
1497 uint8_t current_mode;
1498 uint16_t interval;
1499
1500 STREAM_TO_UINT8(status, p);
1501
1502 STREAM_TO_UINT16(handle, p);
1503 STREAM_TO_UINT8(current_mode, p);
1504 STREAM_TO_UINT16(interval, p);
1505 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1506 btm_pm_proc_mode_change(static_cast<tHCI_STATUS>(status), handle,
1507 static_cast<tHCI_MODE>(current_mode), interval);
1508
1509 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1510 hidd_pm_proc_mode_change(status, current_mode, interval);
1511 #endif
1512 }
1513
1514 /*******************************************************************************
1515 *
1516 * Function btu_hcif_link_key_notification_evt
1517 *
1518 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1519 *
1520 * Returns void
1521 *
1522 ******************************************************************************/
btu_hcif_link_key_notification_evt(const uint8_t * p)1523 static void btu_hcif_link_key_notification_evt(const uint8_t* p) {
1524 RawAddress bda;
1525 Octet16 key;
1526 uint8_t key_type;
1527
1528 STREAM_TO_BDADDR(bda, p);
1529 STREAM_TO_ARRAY16(key.data(), p);
1530 STREAM_TO_UINT8(key_type, p);
1531
1532 btm_sec_link_key_notification(bda, key, key_type);
1533 }
1534
1535 /*******************************************************************************
1536 *
1537 * Function btu_hcif_read_clock_off_comp_evt
1538 *
1539 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1540 *
1541 * Returns void
1542 *
1543 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1544 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1545 uint8_t status;
1546 uint16_t handle;
1547 uint16_t clock_offset;
1548
1549 STREAM_TO_UINT8(status, p);
1550
1551 /* If failed to get clock offset just drop the result */
1552 if (status != HCI_SUCCESS) return;
1553
1554 STREAM_TO_UINT16(handle, p);
1555 STREAM_TO_UINT16(clock_offset, p);
1556
1557 handle = HCID_GET_HANDLE(handle);
1558
1559 btm_sec_update_clock_offset(handle, clock_offset);
1560 }
1561
1562 /**********************************************
1563 * Simple Pairing Events
1564 **********************************************/
1565
1566 /*******************************************************************************
1567 *
1568 * Function btu_hcif_io_cap_request_evt
1569 *
1570 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1571 *
1572 * Returns void
1573 *
1574 ******************************************************************************/
btu_hcif_io_cap_request_evt(const uint8_t * p)1575 static void btu_hcif_io_cap_request_evt(const uint8_t* p) {
1576 RawAddress bda;
1577 STREAM_TO_BDADDR(bda, p);
1578 btm_io_capabilities_req(bda);
1579 }
1580
1581 /**********************************************
1582 * End of Simple Pairing Events
1583 **********************************************/
1584
read_encryption_key_size_complete_after_key_refresh(uint8_t status,uint16_t handle,uint8_t key_size)1585 static void read_encryption_key_size_complete_after_key_refresh(uint8_t status, uint16_t handle, uint8_t key_size) {
1586 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1587 /* If remote device stop the encryption before we call "Read Encryption Key
1588 * Size", we might receive Insufficient Security, which means that link is
1589 * no longer encrypted. */
1590 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1591 return;
1592 }
1593
1594 if (status != HCI_SUCCESS) {
1595 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1596 acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER,
1597 "stack::btu_hcif Key size fail");
1598 return;
1599 }
1600
1601 if (key_size < MIN_KEY_SIZE) {
1602 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1603 << " key_size: " << +key_size;
1604
1605 acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY,
1606 "stack::btu::btu_hcif::read_encryption_key_size_"
1607 "complete_after_key_refresh Key size too small");
1608 return;
1609 }
1610
1611 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1612 1 /* enc_enable */);
1613 }
1614
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)1615 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
1616 uint8_t status;
1617 uint16_t handle;
1618
1619 STREAM_TO_UINT8(status, p);
1620 STREAM_TO_UINT16(handle, p);
1621
1622 if (status != HCI_SUCCESS || BTM_IsBleConnection(handle)) {
1623 btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1624 (status == HCI_SUCCESS) ? 1 : 0);
1625 } else {
1626 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_key_refresh));
1627 }
1628 }
1629
1630 /**********************************************
1631 * BLE Events
1632 **********************************************/
1633
1634 extern void gatt_notify_conn_update(const RawAddress& remote, uint16_t interval,
1635 uint16_t latency, uint16_t timeout,
1636 tHCI_STATUS status);
1637
btu_ble_ll_conn_param_upd_evt(uint8_t * p,uint16_t evt_len)1638 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len) {
1639 /* LE connection update has completed successfully as a central. */
1640 /* We can enable the update request if the result is a success. */
1641 /* extract the HCI handle first */
1642 uint8_t status;
1643 uint16_t handle;
1644 uint16_t interval;
1645 uint16_t latency;
1646 uint16_t timeout;
1647
1648 if (evt_len < 9) {
1649 LOG_ERROR("Bogus event packet, too short");
1650 return;
1651 }
1652
1653 STREAM_TO_UINT8(status, p);
1654 STREAM_TO_UINT16(handle, p);
1655 STREAM_TO_UINT16(interval, p);
1656 STREAM_TO_UINT16(latency, p);
1657 STREAM_TO_UINT16(timeout, p);
1658
1659 acl_ble_update_event_received(static_cast<tHCI_STATUS>(status), handle,
1660 interval, latency, timeout);
1661 }
1662
btu_ble_proc_ltk_req(uint8_t * p,uint16_t evt_len)1663 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len) {
1664 uint16_t ediv, handle;
1665 uint8_t* pp;
1666
1667 // following the spec in Core_v5.3/Vol 4/Part E
1668 // / 7.7.65.5 LE Long Term Key Request event
1669 // A BLE Long Term Key Request event contains:
1670 // - 1-byte subevent (already consumed in btu_hcif_process_event)
1671 // - 2-byte connection handler
1672 // - 8-byte random number
1673 // - 2 byte Encrypted_Diversifier
1674 if (evt_len < 2 + 8 + 2) {
1675 LOG_ERROR("Event packet too short");
1676 return;
1677 }
1678
1679 STREAM_TO_UINT16(handle, p);
1680 pp = p + 8;
1681 STREAM_TO_UINT16(ediv, pp);
1682 btm_ble_ltk_request(handle, p, ediv);
1683 /* This is empty until an upper layer cares about returning event */
1684 }
1685
btu_ble_data_length_change_evt(uint8_t * p,uint16_t evt_len)1686 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len) {
1687 uint16_t handle;
1688 uint16_t tx_data_len;
1689 uint16_t rx_data_len;
1690
1691 if (!controller_get_interface()->supports_ble_packet_extension()) {
1692 HCI_TRACE_WARNING("%s, request not supported", __func__);
1693 return;
1694 }
1695
1696 STREAM_TO_UINT16(handle, p);
1697 STREAM_TO_UINT16(tx_data_len, p);
1698 p += 2; /* Skip the TxTimer */
1699 STREAM_TO_UINT16(rx_data_len, p);
1700
1701 l2cble_process_data_length_change_event(handle, tx_data_len, rx_data_len);
1702 }
1703
1704 /**********************************************
1705 * End of BLE Events Handler
1706 **********************************************/
btu_ble_rc_param_req_evt(uint8_t * p,uint8_t len)1707 static void btu_ble_rc_param_req_evt(uint8_t* p, uint8_t len) {
1708 uint16_t handle;
1709 uint16_t int_min, int_max, latency, timeout;
1710
1711 if (len < 10) {
1712 LOG(ERROR) << __func__ << "bogus event packet, too short";
1713 return;
1714 }
1715
1716 STREAM_TO_UINT16(handle, p);
1717 STREAM_TO_UINT16(int_min, p);
1718 STREAM_TO_UINT16(int_max, p);
1719 STREAM_TO_UINT16(latency, p);
1720 STREAM_TO_UINT16(timeout, p);
1721
1722 l2cble_process_rc_param_request_evt(handle, int_min, int_max, latency,
1723 timeout);
1724 }
1725