1 /******************************************************************************
2 *
3 * Copyright (C) 2016-2017 The Linux Foundation
4 * Copyright 2009-2012 Broadcom Corporation
5 *
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *
18 ******************************************************************************/
19
20 /*******************************************************************************
21 *
22 * Filename: btif_dm.c
23 *
24 * Description: Contains Device Management (DM) related functionality
25 *
26 *
27 ******************************************************************************/
28
29 #define LOG_TAG "bt_btif_dm"
30
31 #include "btif_dm.h"
32
33 #include <base/functional/bind.h>
34 #include <bluetooth/log.h>
35 #include <com_android_bluetooth_flags.h>
36 #include <hardware/bluetooth.h>
37 #include <hardware/bt_csis.h>
38 #include <hardware/bt_hearing_aid.h>
39 #include <hardware/bt_le_audio.h>
40 #include <hardware/bt_vc.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/types.h>
44 #include <time.h>
45 #include <unistd.h>
46
47 #include <mutex>
48 #include <optional>
49
50 #include "advertise_data_parser.h"
51 #include "bt_dev_class.h"
52 #include "bt_name.h"
53 #include "bta/dm/bta_dm_disc.h"
54 #include "bta/include/bta_api.h"
55 #include "bta/include/bta_hh_api.h"
56 #include "btif/include/stack_manager_t.h"
57 #include "btif_api.h"
58 #include "btif_bqr.h"
59 #include "btif_config.h"
60 #include "btif_sdp.h"
61 #include "btif_storage.h"
62 #include "btif_util.h"
63 #include "common/lru_cache.h"
64 #include "common/strings.h"
65 #include "device/include/interop.h"
66 #include "hci/controller_interface.h"
67 #include "hci/le_rand_callback.h"
68 #include "internal_include/bt_target.h"
69 #include "internal_include/stack_config.h"
70 #include "main/shim/acl_api.h"
71 #include "main/shim/entry.h"
72 #include "main/shim/helpers.h"
73 #include "main/shim/le_advertising_manager.h"
74 #include "main/shim/metric_id_api.h"
75 #include "main/shim/metrics_api.h"
76 #include "main_thread.h"
77 #include "metrics/bluetooth_event.h"
78 #include "os/system_properties.h"
79 #include "osi/include/properties.h"
80 #include "osi/include/stack_power_telemetry.h"
81 #include "stack/btm/btm_dev.h"
82 #include "stack/btm/btm_sec.h"
83 #include "stack/include/acl_api.h"
84 #include "stack/include/acl_api_types.h"
85 #include "stack/include/bt_dev_class.h"
86 #include "stack/include/bt_octets.h"
87 #include "stack/include/bt_types.h"
88 #include "stack/include/bt_uuid16.h"
89 #include "stack/include/btm_ble_addr.h"
90 #include "stack/include/btm_ble_api.h"
91 #include "stack/include/btm_ble_sec_api.h"
92 #include "stack/include/btm_ble_sec_api_types.h"
93 #include "stack/include/btm_client_interface.h"
94 #include "stack/include/btm_log_history.h"
95 #include "stack/include/btm_sec_api.h"
96 #include "stack/include/btm_sec_api_types.h"
97 #include "stack/include/l2cap_interface.h"
98 #include "stack/include/rnr_interface.h"
99 #include "stack/include/smp_api.h"
100 #include "stack/include/srvc_api.h" // tDIS_VALUE
101 #include "storage/config_keys.h"
102 #include "types/bluetooth/uuid.h"
103 #include "types/raw_address.h"
104
105 #ifdef __ANDROID__
106 #include <android/sysprop/BluetoothProperties.sysprop.h>
107 #endif
108
109 using bluetooth::Uuid;
110 using namespace bluetooth;
111
112 namespace {
113 constexpr char kBtmLogTag[] = "API";
114 constexpr char kBtmLogTagCallback[] = "CBACK";
115 constexpr char kBtmLogTagSdp[] = "SDP";
116 } // namespace
117
118 /******************************************************************************
119 * Constants & Macros
120 *****************************************************************************/
121
122 const Uuid UUID_HEARING_AID = Uuid::FromString("FDF0");
123 const Uuid UUID_VC = Uuid::FromString("1844");
124 const Uuid UUID_CSIS = Uuid::FromString("1846");
125 const Uuid UUID_LE_AUDIO = Uuid::FromString("184E");
126 const Uuid UUID_LE_MIDI = Uuid::FromString("03B80E5A-EDE8-4B33-A751-6CE34EC4C700");
127 const Uuid UUID_HAS = Uuid::FromString("1854");
128 const Uuid UUID_BASS = Uuid::FromString("184F");
129 const Uuid UUID_BATTERY = Uuid::FromString("180F");
130 const Uuid UUID_A2DP_SINK = Uuid::FromString("110B");
131
132 #define BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING 2
133
134 #ifndef PROPERTY_CLASS_OF_DEVICE
135 #define PROPERTY_CLASS_OF_DEVICE "bluetooth.device.class_of_device"
136 #endif
137
138 #define NUM_TIMEOUT_RETRIES 5
139 #ifndef PROPERTY_DEFAULT_DEVICE_NAME
140 #define PROPERTY_DEFAULT_DEVICE_NAME "bluetooth.device.default_name"
141 #endif
142 #ifndef PROPERTY_PRODUCT_MODEL
143 #define PROPERTY_PRODUCT_MODEL "ro.product.model"
144 #endif
145 #define DEFAULT_LOCAL_NAME_MAX 31
146 #if (DEFAULT_LOCAL_NAME_MAX > BD_NAME_LEN)
147 #error "default btif local name size exceeds stack supported length"
148 #endif
149
150 #ifndef PROPERTY_BLE_PRIVACY_ENABLED
151 #define PROPERTY_BLE_PRIVACY_ENABLED "bluetooth.core.gap.le.privacy.enabled"
152 #endif
153
154 #define ENCRYPTED_BREDR 2
155 #define ENCRYPTED_LE 4
156
157 struct btif_dm_pairing_cb_t {
158 bt_bond_state_t state;
159 RawAddress static_bdaddr;
160 RawAddress bd_addr;
161 tBTM_BOND_TYPE bond_type;
162 uint8_t pin_code_len;
163 uint8_t is_ssp;
164 uint8_t auth_req;
165 uint8_t io_cap;
166 uint8_t autopair_attempts;
167 uint8_t timeout_retries;
168 uint8_t is_local_initiated;
169 uint8_t sdp_attempts;
170 bool is_le_only;
171 bool is_le_nc; /* LE Numeric comparison */
172 btif_dm_ble_cb_t ble;
173 uint8_t fail_reason;
174
175 enum ServiceDiscoveryState { NOT_STARTED, SCHEDULED, FINISHED };
176
177 ServiceDiscoveryState gatt_over_le;
178 ServiceDiscoveryState sdp_over_classic;
179 };
180
181 namespace std {
182 template <>
183 struct formatter<btif_dm_pairing_cb_t::ServiceDiscoveryState>
184 : enum_formatter<btif_dm_pairing_cb_t::ServiceDiscoveryState> {};
185 } // namespace std
186
187 // TODO(jpawlowski): unify ?
188 // btif_dm_local_key_id_t == tBTM_BLE_LOCAL_ID_KEYS == tBTA_BLE_LOCAL_ID_KEYS
189 typedef struct {
190 Octet16 ir;
191 Octet16 irk;
192 Octet16 dhk;
193 } btif_dm_local_key_id_t;
194
195 typedef struct {
196 bool is_er_rcvd;
197 Octet16 er;
198 bool is_id_keys_rcvd;
199 btif_dm_local_key_id_t id_keys; /* ID kyes */
200 } btif_dm_local_key_cb_t;
201
202 /* this structure holds optional OOB data for remote device */
203 typedef struct {
204 RawAddress bdaddr; /* peer bdaddr */
205 tBT_TRANSPORT transport; /* BR/EDR or LE */
206 int data_present; /* What type(s) of OOB Data present */
207 bt_oob_data_t p192_data; /* P192 Data or empty */
208 bt_oob_data_t p256_data; /* P256 Data or empty */
209 } btif_dm_oob_cb_t;
210
211 typedef struct {
212 unsigned int manufact_id;
213 } skip_sdp_entry_t;
214
215 typedef struct {
216 bluetooth::common::LruCache<RawAddress, std::vector<uint8_t>> le_audio_cache;
217 } btif_dm_metadata_cb_t;
218
219 typedef enum {
220 BTIF_DM_FUNC_CREATE_BOND,
221 BTIF_DM_FUNC_CANCEL_BOND,
222 BTIF_DM_FUNC_REMOVE_BOND,
223 BTIF_DM_FUNC_BOND_STATE_CHANGED,
224 } bt_bond_function_t;
225
226 typedef struct {
227 RawAddress bd_addr;
228 bt_bond_function_t function;
229 bt_bond_state_t state;
230 struct timespec timestamp;
231 } btif_bond_event_t;
232
233 #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id))
234
235 #define MAX_BTIF_BOND_EVENT_ENTRIES 31
236
237 #define MAX_NUM_DEVICES_IN_EIR_UUID_CACHE 128
238
239 static bluetooth::common::LruCache<RawAddress, std::set<Uuid>> eir_uuids_cache(
240 MAX_NUM_DEVICES_IN_EIR_UUID_CACHE);
241
242 static skip_sdp_entry_t sdp_rejectlist[] = {{76}}; // Apple Mouse and Keyboard
243
244 /* This flag will be true if HCI_Inquiry is in progress */
245 static bool btif_dm_inquiry_in_progress = false;
246
247 /*******************************************************************************
248 * Static variables
249 ******************************************************************************/
250 static uid_set_t* uid_set = NULL;
251
252 /* A circular array to keep track of the most recent bond events */
253 static btif_bond_event_t btif_dm_bond_events[MAX_BTIF_BOND_EVENT_ENTRIES + 1];
254
255 static std::mutex bond_event_lock;
256
257 /* |btif_num_bond_events| keeps track of the total number of events and can be
258 greater than |MAX_BTIF_BOND_EVENT_ENTRIES| */
259 static size_t btif_num_bond_events = 0;
260 static size_t btif_events_start_index = 0;
261 static size_t btif_events_end_index = 0;
262
263 /******************************************************************************
264 * Static functions
265 *****************************************************************************/
266 static void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ* p_ble_req, bool is_consent);
267 static void btif_dm_remove_ble_bonding_keys(void);
268 static void btif_dm_save_ble_bonding_keys(RawAddress& bd_addr);
269 static btif_dm_pairing_cb_t pairing_cb;
270 static btif_dm_oob_cb_t oob_cb;
271 static btif_dm_metadata_cb_t metadata_cb{.le_audio_cache{40}};
272 static void btif_dm_cb_create_bond(const RawAddress bd_addr, tBT_TRANSPORT transport);
273 static void btif_dm_cb_create_bond_le(const RawAddress bd_addr, tBLE_ADDR_TYPE addr_type);
274 static btif_dm_local_key_cb_t ble_local_key_cb;
275 static void btif_dm_ble_passkey_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif);
276 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl);
277 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req);
278 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req);
279 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
280 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
281
282 static const char* btif_get_default_local_name();
283
284 static void btif_stats_add_bond_event(const RawAddress& bd_addr, bt_bond_function_t function,
285 bt_bond_state_t state);
286
287 static void btif_on_name_read(RawAddress bd_addr, tHCI_ERROR_CODE hci_status, const BD_NAME bd_name,
288 bool during_device_search);
289
290 /******************************************************************************
291 * Externs
292 *****************************************************************************/
293 void btif_iot_update_remote_info(tBTA_DM_AUTH_CMPL* p_auth_cmpl, bool is_ble, bool is_ssp);
294
295 /******************************************************************************
296 * Functions
297 *****************************************************************************/
298
is_empty_128bit(uint8_t * data)299 static bool is_empty_128bit(uint8_t* data) {
300 static const uint8_t zero[16] = {0};
301 return !memcmp(zero, data, sizeof(zero));
302 }
303
is_bonding_or_sdp()304 static bool is_bonding_or_sdp() {
305 return pairing_cb.state == BT_BOND_STATE_BONDING ||
306 (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts);
307 }
308
btif_dm_init(uid_set_t * set)309 void btif_dm_init(uid_set_t* set) { uid_set = set; }
310
btif_dm_cleanup(void)311 void btif_dm_cleanup(void) {
312 if (uid_set) {
313 uid_set_destroy(uid_set);
314 uid_set = NULL;
315 }
316 }
317
btif_in_execute_service_request(tBTA_SERVICE_ID service_id,bool b_enable)318 static bt_status_t btif_in_execute_service_request(tBTA_SERVICE_ID service_id, bool b_enable) {
319 log::verbose("service_id:{}", service_id);
320
321 if (service_id == BTA_SDP_SERVICE_ID) {
322 btif_sdp_execute_service(b_enable);
323 return BT_STATUS_SUCCESS;
324 }
325
326 return GetInterfaceToProfiles()->toggleProfile(service_id, b_enable);
327 }
328
329 /**
330 * Helper method to get asha advertising service data
331 * @param inq_res {@code tBTA_DM_INQ_RES} inquiry result
332 * @param asha_capability value will be updated as non-negative if found,
333 * otherwise return -1
334 * @param asha_truncated_hi_sync_id value will be updated if found, otherwise no
335 * change
336 */
get_asha_service_data(const tBTA_DM_INQ_RES & inq_res,int16_t & asha_capability,uint32_t & asha_truncated_hi_sync_id)337 static void get_asha_service_data(const tBTA_DM_INQ_RES& inq_res, int16_t& asha_capability,
338 uint32_t& asha_truncated_hi_sync_id) {
339 asha_capability = -1;
340 if (inq_res.p_eir) {
341 const RawAddress& bdaddr = inq_res.bd_addr;
342
343 // iterate through advertisement service data
344 const uint8_t* p_service_data = inq_res.p_eir;
345 uint8_t service_data_len = 0;
346 while ((p_service_data = AdvertiseDataParser::GetFieldByType(
347 p_service_data + service_data_len,
348 inq_res.eir_len - (p_service_data - inq_res.p_eir) - service_data_len,
349 BTM_BLE_AD_TYPE_SERVICE_DATA_TYPE, &service_data_len))) {
350 if (service_data_len < 2) {
351 continue;
352 }
353 uint16_t uuid;
354 const uint8_t* p_uuid = p_service_data;
355 STREAM_TO_UINT16(uuid, p_uuid);
356
357 if (uuid == 0xfdf0 /* ASHA service*/) {
358 log::info("ASHA found in {}", bdaddr);
359
360 // ASHA advertisement service data length should be at least 8
361 if (service_data_len < 8) {
362 log::warn("ASHA device service_data_len too short");
363 } else {
364 // It is intended to save ASHA capability byte to int16_t
365 asha_capability = p_service_data[3];
366 log::info("asha_capability: {}", asha_capability);
367
368 const uint8_t* p_truncated_hisyncid = &(p_service_data[4]);
369 STREAM_TO_UINT32(asha_truncated_hi_sync_id, p_truncated_hisyncid);
370 }
371 break;
372 }
373 }
374 }
375 }
376
377 /*******************************************************************************
378 *
379 * Function check_eir_remote_name
380 *
381 * Description Check if remote name is in the EIR data
382 *
383 * Returns true if remote name found
384 * Populate p_remote_name, if provided and remote name found
385 *
386 ******************************************************************************/
check_eir_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)387 static bool check_eir_remote_name(tBTA_DM_SEARCH* p_search_data, uint8_t* p_remote_name,
388 uint8_t* p_remote_name_len) {
389 const uint8_t* p_eir_remote_name = NULL;
390 uint8_t remote_name_len = 0;
391
392 /* Check EIR for remote name and services */
393 if (p_search_data->inq_res.p_eir) {
394 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
395 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
396 HCI_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
397 if (!p_eir_remote_name) {
398 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
399 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
400 HCI_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
401 }
402
403 if (p_eir_remote_name) {
404 if (remote_name_len > BD_NAME_LEN) {
405 remote_name_len = BD_NAME_LEN;
406 }
407
408 if (p_remote_name && p_remote_name_len) {
409 memcpy(p_remote_name, p_eir_remote_name, remote_name_len);
410 *(p_remote_name + remote_name_len) = 0;
411 *p_remote_name_len = remote_name_len;
412 }
413
414 return true;
415 }
416 }
417
418 return false;
419 }
420
421 /*******************************************************************************
422 *
423 * Function check_eir_appearance
424 *
425 * Description Check if appearance is in the EIR data
426 *
427 * Returns true if appearance found
428 * Populate p_appearance, if provided and appearance found
429 *
430 ******************************************************************************/
check_eir_appearance(tBTA_DM_SEARCH * p_search_data,uint16_t * p_appearance)431 static bool check_eir_appearance(tBTA_DM_SEARCH* p_search_data, uint16_t* p_appearance) {
432 const uint8_t* p_eir_appearance = NULL;
433 uint8_t appearance_len = 0;
434
435 /* Check EIR for remote name and services */
436 if (p_search_data->inq_res.p_eir) {
437 p_eir_appearance = AdvertiseDataParser::GetFieldByType(
438 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len, HCI_EIR_APPEARANCE_TYPE,
439 &appearance_len);
440
441 if (p_eir_appearance && appearance_len >= 2) {
442 if (p_appearance) {
443 *p_appearance = *((uint16_t*)p_eir_appearance);
444 }
445
446 return true;
447 }
448 }
449
450 return false;
451 }
452
453 /*******************************************************************************
454 *
455 * Function get_cached_remote_name
456 *
457 * Description Check if remote name is in the NVRAM cache
458 *
459 * Returns true if remote name found
460 * Populate p_remote_name, if provided and remote name found
461 *
462 ******************************************************************************/
get_cached_remote_name(const RawAddress & bd_addr,bt_bdname_t * p_remote_name,uint8_t * p_remote_name_len)463 static bool get_cached_remote_name(const RawAddress& bd_addr, bt_bdname_t* p_remote_name,
464 uint8_t* p_remote_name_len) {
465 bt_bdname_t bdname;
466 bt_property_t prop_name;
467
468 /* check if we already have it in our btif_storage cache */
469
470 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_BDNAME, sizeof(bt_bdname_t), &bdname);
471 if (btif_storage_get_remote_device_property(&bd_addr, &prop_name) == BT_STATUS_SUCCESS) {
472 if (p_remote_name && p_remote_name_len) {
473 snprintf((char*)p_remote_name->name, sizeof(p_remote_name->name), "%s", (char*)bdname.name);
474 *p_remote_name_len = strlen((char*)p_remote_name);
475 }
476 return true;
477 }
478
479 return false;
480 }
481
btif_get_cod(const RawAddress * remote_bdaddr)482 static uint32_t btif_get_cod(const RawAddress* remote_bdaddr) {
483 uint32_t remote_cod = 0;
484 if (!btif_storage_get_cod(*remote_bdaddr, &remote_cod)) {
485 remote_cod = 0;
486 }
487
488 return remote_cod;
489 }
490
btif_check_cod(const RawAddress * remote_bdaddr,uint32_t cod)491 static bool btif_check_cod(const RawAddress* remote_bdaddr, uint32_t cod) {
492 return (btif_get_cod(remote_bdaddr) & COD_DEVICE_MASK) == cod;
493 }
494
btif_check_cod_phone(const RawAddress & bd_addr)495 static bool btif_check_cod_phone(const RawAddress& bd_addr) {
496 return (btif_get_cod(&bd_addr) & PHONE_COD_MAJOR_CLASS_MASK) == (BTM_COD_MAJOR_PHONE << 8);
497 }
498
btif_check_cod_hid(const RawAddress & bd_addr)499 bool btif_check_cod_hid(const RawAddress& bd_addr) {
500 return (btif_get_cod(&bd_addr) & COD_HID_MASK) == COD_HID_MAJOR;
501 }
502
btif_check_cod_hid_major(const RawAddress & bd_addr,uint32_t cod)503 bool btif_check_cod_hid_major(const RawAddress& bd_addr, uint32_t cod) {
504 uint32_t remote_cod = btif_get_cod(&bd_addr);
505 return (remote_cod & COD_HID_MASK) == COD_HID_MAJOR &&
506 (remote_cod & COD_HID_SUB_MAJOR) == (cod & COD_HID_SUB_MAJOR);
507 }
508
btif_check_cod_le_audio(const RawAddress & bd_addr)509 static bool btif_check_cod_le_audio(const RawAddress& bd_addr) {
510 return (btif_get_cod(&bd_addr) & COD_CLASS_LE_AUDIO) == COD_CLASS_LE_AUDIO;
511 }
512
513 /*****************************************************************************
514 *
515 * Function check_sdp_bl
516 *
517 * Description Checks if a given device is rejectlisted to skip sdp
518 *
519 * Parameters skip_sdp_entry
520 *
521 * Returns true if the device is present in rejectlist, else false
522 *
523 ******************************************************************************/
check_sdp_bl(const RawAddress * remote_bdaddr)524 static bool check_sdp_bl(const RawAddress* remote_bdaddr) {
525 bt_property_t prop_name;
526 bt_remote_version_t info;
527
528 if (remote_bdaddr == NULL) {
529 return false;
530 }
531
532 /* if not available yet, try fetching from config database */
533 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_REMOTE_VERSION_INFO,
534 sizeof(bt_remote_version_t), &info);
535
536 if (btif_storage_get_remote_device_property(remote_bdaddr, &prop_name) != BT_STATUS_SUCCESS) {
537 return false;
538 }
539 uint16_t manufacturer = info.manufacturer;
540
541 for (unsigned int i = 0; i < ARRAY_SIZE(sdp_rejectlist); i++) {
542 if (manufacturer == sdp_rejectlist[i].manufact_id) {
543 return true;
544 }
545 }
546 return false;
547 }
548
wipe_le_audio_metadata_cache_for_pairing_device()549 static void wipe_le_audio_metadata_cache_for_pairing_device() {
550 if (!pairing_cb.static_bdaddr.IsEmpty()) {
551 metadata_cb.le_audio_cache.extract(pairing_cb.static_bdaddr);
552 }
553 metadata_cb.le_audio_cache.extract(pairing_cb.bd_addr);
554 }
555
bond_state_changed(bt_status_t status,const RawAddress & bd_addr,bt_bond_state_t state)556 static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr,
557 bt_bond_state_t state) {
558 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_BOND_STATE_CHANGED, state);
559
560 if ((pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING)) {
561 // Cross key pairing so send callback for static address
562 if (!pairing_cb.static_bdaddr.IsEmpty()) {
563 BTM_LogHistory(
564 kBtmLogTagCallback, bd_addr, "Bond state changed",
565 std::format("Crosskey bt_status:{} bond_state:{} reason:{}", bt_status_text(status),
566 state, hci_reason_code_text(to_hci_reason_code(pairing_cb.fail_reason))));
567 GetInterfaceToProfiles()->events->invoke_bond_state_changed_cb(status, bd_addr, state,
568 pairing_cb.fail_reason);
569 }
570 return;
571 }
572
573 if (pairing_cb.bond_type == BOND_TYPE_TEMPORARY) {
574 state = BT_BOND_STATE_NONE;
575 } else if (com::android::bluetooth::flags::reset_security_flags_on_pairing_failure() &&
576 state == BT_BOND_STATE_NONE) {
577 get_security_client_interface().BTM_SecClearSecurityFlags(bd_addr);
578 }
579
580 log::info(
581 "Bond state changed to state={}[0:none, 1:bonding, "
582 "2:bonded],prev_state={}, sdp_attempts={}",
583 state, pairing_cb.state, pairing_cb.sdp_attempts);
584
585 if (state == BT_BOND_STATE_NONE) {
586 bluetooth::shim::ForgetDeviceFromMetricIdAllocator(bd_addr);
587 btif_config_remove_device(bd_addr.ToString());
588 } else if (state == BT_BOND_STATE_BONDED) {
589 bluetooth::shim::AllocateIdFromMetricIdAllocator(bd_addr);
590 if (!bluetooth::shim::SaveDeviceOnMetricIdAllocator(bd_addr)) {
591 log::error("Fail to save metric id for device:{}", bd_addr);
592 }
593 }
594 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Bond state changed",
595 std::format("bt_status:{} bond_state:{} reason:{}", bt_status_text(status), state,
596 hci_reason_code_text(to_hci_reason_code(pairing_cb.fail_reason))));
597 GetInterfaceToProfiles()->events->invoke_bond_state_changed_cb(status, bd_addr, state,
598 pairing_cb.fail_reason);
599
600 if ((state == BT_BOND_STATE_NONE) && (pairing_cb.bd_addr != bd_addr) && is_bonding_or_sdp()) {
601 log::warn("Ignoring bond state changed for unexpected device: {} pairing: {}", bd_addr,
602 pairing_cb.bd_addr);
603 return;
604 }
605
606 if (state == BT_BOND_STATE_BONDING ||
607 (state == BT_BOND_STATE_BONDED &&
608 (pairing_cb.sdp_attempts > 0 ||
609 pairing_cb.gatt_over_le == btif_dm_pairing_cb_t::ServiceDiscoveryState::SCHEDULED))) {
610 // Save state for the device is bonding or SDP or GATT over LE discovery
611 pairing_cb.state = state;
612 pairing_cb.bd_addr = bd_addr;
613 } else {
614 log::debug("clearing btif pairing_cb");
615 wipe_le_audio_metadata_cache_for_pairing_device();
616 pairing_cb = {};
617 }
618 }
619
620 /* store remote version in bt config to always have access
621 to it post pairing*/
btif_update_remote_version_property(RawAddress * p_bd)622 static void btif_update_remote_version_property(RawAddress* p_bd) {
623 bt_property_t property;
624 uint8_t lmp_ver = 0;
625 uint16_t lmp_subver = 0;
626 uint16_t mfct_set = 0;
627 bt_remote_version_t info;
628 bt_status_t status;
629
630 log::assert_that(p_bd != nullptr, "assert failed: p_bd != nullptr");
631
632 const bool version_info_valid = get_btm_client_interface().peer.BTM_ReadRemoteVersion(
633 *p_bd, &lmp_ver, &mfct_set, &lmp_subver);
634
635 log::info("Remote version info valid:{} [{}]:0x{:x},0x{:x},0x{:x}", version_info_valid, *p_bd,
636 lmp_ver, mfct_set, lmp_subver);
637
638 if (version_info_valid) {
639 // Always update cache to ensure we have availability whenever BTM API is
640 // not populated
641 info.manufacturer = mfct_set;
642 info.sub_ver = lmp_subver;
643 info.version = lmp_ver;
644 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_REMOTE_VERSION_INFO,
645 sizeof(bt_remote_version_t), &info);
646 status = btif_storage_set_remote_device_property(p_bd, &property);
647 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote version", status);
648 }
649 }
650
btif_update_remote_properties(const RawAddress & bdaddr,BD_NAME bd_name,DEV_CLASS dev_class,tBT_DEVICE_TYPE device_type)651 void btif_update_remote_properties(const RawAddress& bdaddr, BD_NAME bd_name, DEV_CLASS dev_class,
652 tBT_DEVICE_TYPE device_type) {
653 std::vector<bt_property_t> properties;
654 bt_status_t status = BT_STATUS_UNHANDLED;
655 uint32_t cod;
656 uint32_t dev_type;
657
658 /* remote name */
659 if (strlen((const char*)bd_name)) {
660 properties.push_back(
661 bt_property_t{BT_PROPERTY_BDNAME, static_cast<int>(strlen((char*)bd_name)), bd_name});
662 status = btif_storage_set_remote_device_property(&bdaddr, &properties.back());
663 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device name", status);
664 }
665
666 uint32_t old_cod = btif_get_cod(&bdaddr);
667
668 /* class of device */
669 cod = devclass2uint(dev_class);
670 if ((cod == 0 || cod == COD_UNCLASSIFIED) && old_cod != 0) {
671 cod = old_cod;
672 }
673
674 if (cod == 0) {
675 /* Spec says UNCLASSIFIED is default value */
676 log::info("CoD from storage was zero");
677 cod = COD_UNCLASSIFIED;
678 }
679
680 if (old_cod != cod) {
681 log::info("{} CoD: 0x{:06x} -> 0x{:06x}", bdaddr, old_cod, cod);
682 }
683
684 properties.push_back(bt_property_t{BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod});
685
686 status = btif_storage_set_remote_device_property(&bdaddr, &properties.back());
687 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device class", status);
688
689 /* device type */
690 bt_property_t prop_name;
691 uint32_t remote_dev_type;
692 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_TYPE_OF_DEVICE, sizeof(uint32_t),
693 &remote_dev_type);
694 if (btif_storage_get_remote_device_property(&bdaddr, &prop_name) == BT_STATUS_SUCCESS) {
695 dev_type = remote_dev_type | device_type;
696 } else {
697 dev_type = device_type;
698 }
699
700 properties.push_back(bt_property_t{BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type), &dev_type});
701 status = btif_storage_set_remote_device_property(&bdaddr, &properties.back());
702 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device type", status);
703
704 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(
705 status, bdaddr, properties.size(), properties.data());
706 }
707
708 /* If device is LE Audio capable, we prefer LE connection first, this speeds
709 * up LE profile connection, and limits all possible service discovery
710 * ordering issues (first Classic, GATT over SDP, etc) */
is_device_le_audio_capable(const RawAddress bd_addr)711 bool is_device_le_audio_capable(const RawAddress bd_addr) {
712 if (!GetInterfaceToProfiles()->profileSpecific_HACK->IsLeAudioClientRunning()) {
713 /* If LE Audio profile is not enabled, do nothing. */
714 return false;
715 }
716
717 if (!btif_check_cod_le_audio(bd_addr) && !BTA_DmCheckLeAudioCapable(bd_addr)) {
718 /* LE Audio not present in CoD or in LE Advertisement, do nothing.*/
719 return false;
720 }
721
722 /* First try reading device type from BTIF - it persists over multiple
723 * inquiry sessions */
724 int dev_type = 0;
725 if (btif_get_device_type(bd_addr, &dev_type) &&
726 (dev_type & BT_DEVICE_TYPE_BLE) == BT_DEVICE_TYPE_BLE) {
727 /* LE Audio capable device is discoverable over both LE and Classic using
728 * same address. Prefer to use LE transport, as we don't know if it can do
729 * CTKD from Classic to LE */
730 return true;
731 }
732
733 tBT_DEVICE_TYPE tmp_dev_type;
734 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
735 get_btm_client_interface().peer.BTM_ReadDevInfo(bd_addr, &tmp_dev_type, &addr_type);
736 if (tmp_dev_type & BT_DEVICE_TYPE_BLE) {
737 /* LE Audio capable device is discoverable over both LE and Classic using
738 * same address. Prefer to use LE transport, as we don't know if it can do
739 * CTKD from Classic to LE */
740 return true;
741 }
742
743 return false;
744 }
745
746 /* use to check if device is LE Audio Capable during bonding */
is_le_audio_capable_during_service_discovery(const RawAddress & bd_addr)747 bool is_le_audio_capable_during_service_discovery(const RawAddress& bd_addr) {
748 if (!GetInterfaceToProfiles()->profileSpecific_HACK->IsLeAudioClientRunning()) {
749 /* If LE Audio profile is not enabled, do nothing. */
750 return false;
751 }
752
753 if (bd_addr != pairing_cb.bd_addr && bd_addr != pairing_cb.static_bdaddr) {
754 return false;
755 }
756
757 if (btif_check_cod_le_audio(bd_addr) || metadata_cb.le_audio_cache.contains(bd_addr) ||
758 metadata_cb.le_audio_cache.contains(pairing_cb.bd_addr) ||
759 BTA_DmCheckLeAudioCapable(bd_addr)) {
760 return true;
761 }
762
763 return false;
764 }
765
766 /*******************************************************************************
767 *
768 * Function btif_dm_cb_create_bond
769 *
770 * Description Create bond initiated from the BTIF thread context
771 * Special handling for HID devices
772 *
773 * Returns void
774 *
775 ******************************************************************************/
btif_dm_cb_create_bond(const RawAddress bd_addr,tBT_TRANSPORT transport)776 static void btif_dm_cb_create_bond(const RawAddress bd_addr, tBT_TRANSPORT transport) {
777 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
778
779 if (transport == BT_TRANSPORT_AUTO && is_device_le_audio_capable(bd_addr) &&
780 !btif_check_cod_phone(bd_addr)) {
781 log::debug("LE Audio capable,forcing LE transport for Bonding");
782 transport = BT_TRANSPORT_LE;
783 }
784
785 int device_type = 0;
786 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
787 std::string addrstr = bd_addr.ToString();
788 const char* bdstr = addrstr.c_str();
789 if (transport == BT_TRANSPORT_LE) {
790 if (!btif_config_get_int(bdstr, BTIF_STORAGE_KEY_DEV_TYPE, &device_type)) {
791 btif_config_set_int(bdstr, BTIF_STORAGE_KEY_DEV_TYPE, BT_DEVICE_TYPE_BLE);
792 }
793 if (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) != BT_STATUS_SUCCESS) {
794 // Try to read address type. OOB pairing might have set it earlier, but
795 // didn't store it, it defaults to BLE_ADDR_PUBLIC
796 uint8_t tmp_dev_type;
797 tBLE_ADDR_TYPE tmp_addr_type = BLE_ADDR_PUBLIC;
798 get_btm_client_interface().peer.BTM_ReadDevInfo(bd_addr, &tmp_dev_type, &tmp_addr_type);
799 addr_type = tmp_addr_type;
800
801 btif_storage_set_remote_addr_type(&bd_addr, addr_type);
802 }
803 }
804 if ((btif_config_get_int(bdstr, BTIF_STORAGE_KEY_DEV_TYPE, &device_type) &&
805 (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) == BT_STATUS_SUCCESS) &&
806 (device_type & BT_DEVICE_TYPE_BLE) == BT_DEVICE_TYPE_BLE) ||
807 (transport == BT_TRANSPORT_LE)) {
808 BTA_DmAddBleDevice(bd_addr, addr_type, static_cast<tBT_DEVICE_TYPE>(device_type));
809 }
810
811 /* Track originator of bond creation */
812 pairing_cb.is_local_initiated = true;
813 BTA_DmBond(bd_addr, addr_type, transport, device_type);
814 }
815
816 /*******************************************************************************
817 *
818 * Function btif_dm_cb_create_bond_le
819 *
820 * Description Create bond initiated with le device from the BTIF thread
821 * context
822 *
823 * Returns void
824 *
825 ******************************************************************************/
btif_dm_cb_create_bond_le(const RawAddress bd_addr,tBLE_ADDR_TYPE addr_type)826 static void btif_dm_cb_create_bond_le(const RawAddress bd_addr, tBLE_ADDR_TYPE addr_type) {
827 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
828 /* Handle only LE create bond with random address case */
829 BTA_DmAddBleDevice(bd_addr, addr_type, BT_DEVICE_TYPE_BLE);
830 BTA_DmBond(bd_addr, addr_type, BT_TRANSPORT_LE, BT_DEVICE_TYPE_BLE);
831 /* Track originator of bond creation */
832 pairing_cb.is_local_initiated = true;
833 }
834
835 /*******************************************************************************
836 *
837 * Function btif_dm_get_connection_state
838 *
839 * Description Returns whether the remote device is currently connected
840 * and whether encryption is active for the connection
841 *
842 * Returns 0 if not connected; 1 if connected and > 1 if connection is
843 * encrypted
844 *
845 ******************************************************************************/
btif_dm_get_connection_state(const RawAddress & bd_addr)846 uint16_t btif_dm_get_connection_state(const RawAddress& bd_addr) {
847 uint16_t rc = 0;
848 if (BTA_DmGetConnectionState(bd_addr)) {
849 rc = (uint16_t)true;
850 if (BTM_IsEncrypted(bd_addr, BT_TRANSPORT_BR_EDR)) {
851 rc |= ENCRYPTED_BREDR;
852 }
853 if (BTM_IsEncrypted(bd_addr, BT_TRANSPORT_LE)) {
854 rc |= ENCRYPTED_LE;
855 }
856 } else {
857 log::info("Acl is not connected to peer:{}", bd_addr);
858 }
859 return rc;
860 }
861
btif_dm_get_resolved_connection_state(tBLE_BD_ADDR ble_bd_addr)862 static uint16_t btif_dm_get_resolved_connection_state(tBLE_BD_ADDR ble_bd_addr) {
863 uint16_t rc = 0;
864 if (maybe_resolve_address(&ble_bd_addr.bda, &ble_bd_addr.type)) {
865 if (BTA_DmGetConnectionState(ble_bd_addr.bda)) {
866 rc = 0x0001;
867 if (BTM_IsEncrypted(ble_bd_addr.bda, BT_TRANSPORT_BR_EDR)) {
868 rc |= ENCRYPTED_BREDR;
869 }
870 if (BTM_IsEncrypted(ble_bd_addr.bda, BT_TRANSPORT_LE)) {
871 rc |= ENCRYPTED_LE;
872 }
873 }
874 }
875 return rc;
876 }
877
btif_dm_get_connection_state_sync(const RawAddress & bd_addr)878 uint16_t btif_dm_get_connection_state_sync(const RawAddress& bd_addr) {
879 std::promise<uint16_t> promise;
880 std::future future = promise.get_future();
881
882 auto status = do_in_main_thread(base::BindOnce(
883 [](const RawAddress bd_addr, std::promise<uint16_t> promise) {
884 // Experiment to try with maybe resolved address
885 uint16_t state = btif_dm_get_resolved_connection_state({
886 .type = BLE_ADDR_RANDOM,
887 .bda = bd_addr,
888 });
889 state |= btif_dm_get_connection_state(bd_addr);
890 promise.set_value(state);
891 },
892 bd_addr, std::move(promise)));
893 log::assert_that(BT_STATUS_SUCCESS == status, "assert failed: BT_STATUS_SUCCESS == status");
894 return future.get();
895 }
896
897 /******************************************************************************
898 *
899 * BTIF DM callback events
900 *
901 ****************************************************************************/
902
903 /*******************************************************************************
904 *
905 * Function btif_dm_pin_req_evt
906 *
907 * Description Executes pin request event in btif context
908 *
909 * Returns void
910 *
911 ******************************************************************************/
btif_dm_pin_req_evt(tBTA_DM_PIN_REQ * p_pin_req)912 static void btif_dm_pin_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
913 bt_bdname_t bd_name;
914 uint32_t cod;
915 bt_pin_code_t pin_code;
916 int dev_type;
917
918 /* Remote properties update */
919 if (get_btm_client_interface().peer.BTM_GetPeerDeviceTypeFromFeatures(p_pin_req->bd_addr) ==
920 BT_DEVICE_TYPE_DUMO) {
921 dev_type = BT_DEVICE_TYPE_DUMO;
922 } else if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
923 // Failed to get device type, defaulting to BR/EDR.
924 dev_type = BT_DEVICE_TYPE_BREDR;
925 }
926 btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name, p_pin_req->dev_class,
927 (tBT_DEVICE_TYPE)dev_type);
928
929 const RawAddress& bd_addr = p_pin_req->bd_addr;
930 bd_name_copy(bd_name.name, p_pin_req->bd_name);
931
932 if (pairing_cb.state == BT_BOND_STATE_BONDING && bd_addr != pairing_cb.bd_addr) {
933 log::warn("already in bonding state, reject request");
934 return;
935 }
936
937 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
938 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
939 }
940 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
941
942 cod = devclass2uint(p_pin_req->dev_class);
943
944 if (cod == 0) {
945 log::warn("cod is 0, set as unclassified");
946 cod = COD_UNCLASSIFIED;
947 }
948
949 /* check for auto pair possiblity only if bond was initiated by local device
950 */
951 if (pairing_cb.is_local_initiated && !p_pin_req->min_16_digit) {
952 if (btif_check_cod(&bd_addr, COD_AV_HEADSETS) ||
953 btif_check_cod(&bd_addr, COD_AV_HEADPHONES) ||
954 btif_check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
955 btif_check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
956 btif_check_cod_hid_major(bd_addr, COD_HID_POINTING)) {
957 /* Check if this device can be auto paired */
958 if (!interop_match_addr(INTEROP_DISABLE_AUTO_PAIRING, &bd_addr) &&
959 !interop_match_name(INTEROP_DISABLE_AUTO_PAIRING, (const char*)bd_name.name) &&
960 (pairing_cb.autopair_attempts == 0)) {
961 log::debug("Attempting auto pair w/ IOP");
962 pin_code.pin[0] = 0x30;
963 pin_code.pin[1] = 0x30;
964 pin_code.pin[2] = 0x30;
965 pin_code.pin[3] = 0x30;
966
967 pairing_cb.autopair_attempts++;
968 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
969 return;
970 }
971 } else if (btif_check_cod_hid_major(bd_addr, COD_HID_KEYBOARD) ||
972 btif_check_cod_hid_major(bd_addr, COD_HID_COMBO)) {
973 if ((interop_match_addr(INTEROP_KEYBOARD_REQUIRES_FIXED_PIN, &bd_addr) == true) &&
974 (pairing_cb.autopair_attempts == 0)) {
975 log::debug("Attempting auto pair w/ IOP");
976 pin_code.pin[0] = 0x30;
977 pin_code.pin[1] = 0x30;
978 pin_code.pin[2] = 0x30;
979 pin_code.pin[3] = 0x30;
980
981 pairing_cb.autopair_attempts++;
982 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
983 return;
984 }
985 }
986 }
987 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Pin request",
988 std::format("name:\"{}\" min16:{:c}", reinterpret_cast<char const*>(bd_name.name),
989 p_pin_req->min_16_digit ? 'T' : 'F'));
990 GetInterfaceToProfiles()->events->invoke_pin_request_cb(bd_addr, bd_name, cod,
991 p_pin_req->min_16_digit);
992 }
993
btif_dm_get_pairing_type(const RawAddress & bd_addr,const bool just_works,const uint8_t loc_auth_req,const uint8_t rmt_auth_req)994 static tBTM_BOND_TYPE btif_dm_get_pairing_type(const RawAddress& bd_addr, const bool just_works,
995 const uint8_t loc_auth_req,
996 const uint8_t rmt_auth_req) {
997 // Just works pairing without bonding bit is treated as temporary
998 if (just_works && !(loc_auth_req & BTM_AUTH_BONDS) && !(rmt_auth_req & BTM_AUTH_BONDS)) {
999 if (!(btif_check_cod_hid_major(bd_addr, COD_HID_POINTING))) {
1000 return BOND_TYPE_TEMPORARY;
1001 }
1002 }
1003 return BOND_TYPE_PERSISTENT;
1004 }
1005
1006 /*******************************************************************************
1007 *
1008 * Function btif_dm_ssp_cfm_req_evt
1009 *
1010 * Description Executes SSP confirm request event in btif context
1011 *
1012 * Returns void
1013 *
1014 ******************************************************************************/
btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ * p_ssp_cfm_req)1015 static void btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ* p_ssp_cfm_req) {
1016 int dev_type;
1017
1018 log::info("addr:{}, CoD: {}, just_works:{}, loc_auth_req={}, rmt_auth_req={}",
1019 p_ssp_cfm_req->bd_addr, dev_class_text(p_ssp_cfm_req->dev_class),
1020 p_ssp_cfm_req->just_works, p_ssp_cfm_req->loc_auth_req, p_ssp_cfm_req->rmt_auth_req);
1021 /* Remote properties update */
1022 if (get_btm_client_interface().peer.BTM_GetPeerDeviceTypeFromFeatures(p_ssp_cfm_req->bd_addr) ==
1023 BT_DEVICE_TYPE_DUMO) {
1024 dev_type = BT_DEVICE_TYPE_DUMO;
1025 } else if (!btif_get_device_type(p_ssp_cfm_req->bd_addr, &dev_type)) {
1026 // Failed to get device type, defaulting to BR/EDR.
1027 dev_type = BT_DEVICE_TYPE_BREDR;
1028 }
1029 btif_update_remote_properties(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->bd_name,
1030 p_ssp_cfm_req->dev_class, (tBT_DEVICE_TYPE)dev_type);
1031
1032 RawAddress bd_addr = p_ssp_cfm_req->bd_addr;
1033
1034 if (pairing_cb.state == BT_BOND_STATE_BONDING && bd_addr != pairing_cb.bd_addr) {
1035 log::warn("already in bonding state, reject request");
1036 btif_dm_ssp_reply(bd_addr, BT_SSP_VARIANT_PASSKEY_CONFIRMATION, 0);
1037 return;
1038 }
1039
1040 bool api_initiated_bonding = (pairing_cb.state == BT_BOND_STATE_BONDING);
1041 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
1042
1043 pairing_cb.is_ssp = true;
1044 pairing_cb.sdp_attempts = 0;
1045 pairing_cb.bond_type =
1046 btif_dm_get_pairing_type(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->just_works,
1047 p_ssp_cfm_req->loc_auth_req, p_ssp_cfm_req->rmt_auth_req);
1048 if (!com::android::bluetooth::flags::temporary_pairing_tracking()) {
1049 btm_set_bond_type_dev(p_ssp_cfm_req->bd_addr, pairing_cb.bond_type);
1050 }
1051
1052 if (!api_initiated_bonding && pairing_cb.bond_type == BOND_TYPE_TEMPORARY) {
1053 // Pairing without bonding either initiated by local service or remote device
1054 log::info("Auto-accept temporary pairing {}", bd_addr);
1055 btif_dm_ssp_reply(bd_addr, BT_SSP_VARIANT_CONSENT, true);
1056 return;
1057 }
1058
1059 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Ssp request",
1060 std::format("just_works:{:c} pin:{}", (p_ssp_cfm_req->just_works) ? 'T' : 'F',
1061 p_ssp_cfm_req->num_val));
1062 GetInterfaceToProfiles()->events->invoke_ssp_request_cb(
1063 bd_addr,
1064 p_ssp_cfm_req->just_works ? BT_SSP_VARIANT_CONSENT : BT_SSP_VARIANT_PASSKEY_CONFIRMATION,
1065 p_ssp_cfm_req->num_val);
1066 }
1067
btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)1068 static void btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
1069 int dev_type;
1070
1071 log::verbose("addr:{}", p_ssp_key_notif->bd_addr);
1072
1073 /* Remote properties update */
1074 if (get_btm_client_interface().peer.BTM_GetPeerDeviceTypeFromFeatures(p_ssp_key_notif->bd_addr) ==
1075 BT_DEVICE_TYPE_DUMO) {
1076 dev_type = BT_DEVICE_TYPE_DUMO;
1077 } else if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
1078 // Failed to get device type, defaulting to BR/EDR.
1079 dev_type = BT_DEVICE_TYPE_BREDR;
1080 }
1081 btif_update_remote_properties(p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
1082 p_ssp_key_notif->dev_class, (tBT_DEVICE_TYPE)dev_type);
1083
1084 RawAddress bd_addr = p_ssp_key_notif->bd_addr;
1085
1086 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
1087 pairing_cb.is_ssp = true;
1088 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
1089 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
1090 }
1091
1092 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Ssp request",
1093 std::format("passkey:{}", p_ssp_key_notif->passkey));
1094 GetInterfaceToProfiles()->events->invoke_ssp_request_cb(
1095 bd_addr, BT_SSP_VARIANT_PASSKEY_NOTIFICATION, p_ssp_key_notif->passkey);
1096 }
1097
1098 /*******************************************************************************
1099 *
1100 * Function btif_dm_auth_cmpl_evt
1101 *
1102 * Description Executes authentication complete event in btif context
1103 *
1104 * Returns void
1105 *
1106 ******************************************************************************/
btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)1107 static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
1108 bt_status_t status = BT_STATUS_FAIL;
1109 bt_bond_state_t state = BT_BOND_STATE_NONE;
1110 bool skip_sdp = false;
1111 RawAddress bd_addr = p_auth_cmpl->bd_addr;
1112 tBLE_ADDR_TYPE addr_type = p_auth_cmpl->addr_type;
1113
1114 pairing_cb.fail_reason = p_auth_cmpl->fail_reason;
1115 log::info("device={}, bond state={}, success={}, key_present={}", bd_addr, pairing_cb.state,
1116 p_auth_cmpl->success, p_auth_cmpl->key_present);
1117
1118 if (p_auth_cmpl->success) {
1119 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
1120 btm_set_bond_type_dev(bd_addr, pairing_cb.bond_type);
1121 }
1122
1123 if (p_auth_cmpl->key_present) {
1124 if ((p_auth_cmpl->key_type < HCI_LKEY_TYPE_DEBUG_COMB) ||
1125 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB) ||
1126 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_CHANGED_COMB) ||
1127 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB_P_256) ||
1128 pairing_cb.bond_type == BOND_TYPE_PERSISTENT) {
1129 ASSERTC(bd_addr.IsEmpty(), "bd_addr is empty", BT_STATUS_PARM_INVALID);
1130 log::debug("Storing link key. key_type=0x{:x}, bond_type={}", p_auth_cmpl->key_type,
1131 pairing_cb.bond_type);
1132 bt_status_t ret = btif_storage_add_bonded_device(
1133 &bd_addr, p_auth_cmpl->key, p_auth_cmpl->key_type, pairing_cb.pin_code_len);
1134 ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
1135 } else {
1136 log::debug("Temporary key. Not storing. key_type=0x{:x}, bond_type={}",
1137 p_auth_cmpl->key_type, pairing_cb.bond_type);
1138 if (pairing_cb.bond_type == BOND_TYPE_TEMPORARY) {
1139 log::debug("sending BT_BOND_STATE_NONE for Temp pairing");
1140 btif_storage_remove_bonded_device(&bd_addr);
1141 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
1142 return;
1143 }
1144 }
1145 }
1146
1147 // save remote info to iot conf file
1148 btif_iot_update_remote_info(p_auth_cmpl, false, pairing_cb.is_ssp);
1149
1150 // We could have received a new link key without going through the pairing
1151 // flow. If so, we don't want to perform SDP or any other operations on the
1152 // authenticated device. Also, make sure that the link key is not derived
1153 // from secure LTK, because we will need to perform SDP in case of link key
1154 // derivation to allow bond state change notification for the BR/EDR
1155 // transport so that the subsequent BR/EDR connections to the remote can use
1156 // the derived link key.
1157 if (p_auth_cmpl->bd_addr != pairing_cb.bd_addr && (!pairing_cb.ble.is_penc_key_rcvd)) {
1158 log::warn("skipping SDP for unknown device {}", p_auth_cmpl->bd_addr);
1159 return;
1160 }
1161
1162 btif_storage_set_remote_addr_type(&bd_addr, p_auth_cmpl->addr_type);
1163
1164 int dev_type;
1165 if (get_btm_client_interface().peer.BTM_GetPeerDeviceTypeFromFeatures(bd_addr) ==
1166 BT_DEVICE_TYPE_DUMO) {
1167 dev_type = BT_DEVICE_TYPE_DUMO;
1168 } else {
1169 dev_type = p_auth_cmpl->dev_type;
1170 }
1171
1172 bool is_crosskey = false;
1173 if (pairing_cb.state == BT_BOND_STATE_BONDING && p_auth_cmpl->is_ctkd) {
1174 log::debug("bonding initiated due to cross key pairing");
1175 is_crosskey = true;
1176 }
1177
1178 if (!is_crosskey) {
1179 btif_update_remote_properties(p_auth_cmpl->bd_addr, p_auth_cmpl->bd_name, kDevClassEmpty,
1180 dev_type);
1181 }
1182
1183 pairing_cb.timeout_retries = 0;
1184 status = BT_STATUS_SUCCESS;
1185 state = BT_BOND_STATE_BONDED;
1186 bd_addr = p_auth_cmpl->bd_addr;
1187
1188 if (check_sdp_bl(&bd_addr) && btif_check_cod_hid(bd_addr)) {
1189 log::warn("skip SDP");
1190 skip_sdp = true;
1191 }
1192 if (!pairing_cb.is_local_initiated && skip_sdp) {
1193 bond_state_changed(status, bd_addr, state);
1194
1195 log::warn("Incoming HID Connection");
1196 bt_property_t prop;
1197 Uuid uuid = Uuid::From16Bit(UUID_SERVCLASS_HUMAN_INTERFACE);
1198
1199 prop.type = BT_PROPERTY_UUIDS;
1200 prop.val = &uuid;
1201 prop.len = Uuid::kNumBytes128;
1202
1203 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(BT_STATUS_SUCCESS,
1204 bd_addr, 1, &prop);
1205 } else {
1206 /* If bonded due to cross-key, save the static address too*/
1207 if (is_crosskey) {
1208 log::debug("bonding initiated due to cross key, adding static address");
1209 pairing_cb.static_bdaddr = bd_addr;
1210 }
1211 if (!is_crosskey || !(stack_config_get_interface()->get_pts_crosskey_sdp_disable())) {
1212 // Ensure inquiry is stopped before attempting service discovery
1213 btif_dm_cancel_discovery();
1214
1215 /* Trigger SDP on the device */
1216 pairing_cb.sdp_attempts = 1;
1217
1218 if (is_crosskey) {
1219 // If bonding occurred due to cross-key pairing, send address
1220 // consolidate callback
1221 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Consolidate",
1222 std::format("<=> {}", pairing_cb.bd_addr));
1223 GetInterfaceToProfiles()->events->invoke_address_consolidate_cb(pairing_cb.bd_addr,
1224 bd_addr);
1225 } else {
1226 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED);
1227 }
1228
1229 if (pairing_cb.sdp_over_classic ==
1230 btif_dm_pairing_cb_t::ServiceDiscoveryState::NOT_STARTED) {
1231 log::info("scheduling SDP for {}", bd_addr);
1232 pairing_cb.sdp_over_classic = btif_dm_pairing_cb_t::ServiceDiscoveryState::SCHEDULED;
1233 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_BR_EDR);
1234 }
1235 }
1236 }
1237 // Do not call bond_state_changed_cb yet. Wait until remote service
1238 // discovery is complete
1239 } else {
1240 log::warn("Bonding failed with failure reason:{}",
1241 hci_reason_code_text(p_auth_cmpl->fail_reason));
1242 bool is_bonded_device_removed = false;
1243 // Map the HCI fail reason to bt status
1244 switch (p_auth_cmpl->fail_reason) {
1245 case HCI_ERR_PAGE_TIMEOUT:
1246 case HCI_ERR_LMP_RESPONSE_TIMEOUT:
1247 if (interop_match_addr(INTEROP_AUTO_RETRY_PAIRING, &bd_addr) &&
1248 pairing_cb.timeout_retries) {
1249 log::warn("Pairing timeout; retrying ({}) ...", pairing_cb.timeout_retries);
1250 --pairing_cb.timeout_retries;
1251 if (addr_type == BLE_ADDR_RANDOM) {
1252 btif_dm_cb_create_bond_le(bd_addr, addr_type);
1253 } else {
1254 btif_dm_cb_create_bond(bd_addr, BT_TRANSPORT_AUTO);
1255 }
1256 return;
1257 }
1258 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1259 case HCI_ERR_CONNECTION_TOUT:
1260 status = BT_STATUS_RMT_DEV_DOWN;
1261 break;
1262
1263 case HCI_ERR_PAIRING_NOT_ALLOWED:
1264 is_bonded_device_removed = false;
1265 status = BT_STATUS_AUTH_REJECTED;
1266 break;
1267
1268 /* map the auth failure codes, so we can retry pairing if necessary */
1269 case HCI_ERR_AUTH_FAILURE:
1270 case HCI_ERR_KEY_MISSING:
1271 is_bonded_device_removed = false;
1272 [[fallthrough]];
1273 case HCI_ERR_HOST_REJECT_SECURITY:
1274 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
1275 case HCI_ERR_UNIT_KEY_USED:
1276 case HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED:
1277 case HCI_ERR_INSUFFCIENT_SECURITY:
1278 case HCI_ERR_PEER_USER:
1279 case HCI_ERR_UNSPECIFIED:
1280 log::warn("Authentication fail:{}", hci_reason_code_text(p_auth_cmpl->fail_reason));
1281 if (pairing_cb.autopair_attempts == 1) {
1282 /* Create the Bond once again */
1283 log::warn("auto pair failed. Reinitiate Bond");
1284 if (addr_type == BLE_ADDR_RANDOM) {
1285 btif_dm_cb_create_bond_le(bd_addr, addr_type);
1286 } else {
1287 btif_dm_cb_create_bond(bd_addr, BT_TRANSPORT_AUTO);
1288 }
1289 return;
1290 } else {
1291 /* if autopair attempts are more than 1, or not attempted */
1292 status = BT_STATUS_AUTH_FAILURE;
1293 }
1294 break;
1295
1296 default:
1297 status = BT_STATUS_UNHANDLED;
1298 }
1299 /* Special Handling for HID Devices */
1300 if (btif_check_cod_hid_major(bd_addr, COD_HID_POINTING)) {
1301 /* Remove Device as bonded in nvram as authentication failed */
1302 log::verbose("removing hid pointing device from nvram");
1303 is_bonded_device_removed = false;
1304 }
1305 // Report bond state change to java only if we are bonding to a device or
1306 // a device is removed from the pairing list.
1307 if (pairing_cb.state == BT_BOND_STATE_BONDING || is_bonded_device_removed) {
1308 bond_state_changed(status, bd_addr, state);
1309 }
1310 }
1311 }
1312
1313 /******************************************************************************
1314 *
1315 * Function btif_dm_search_devices_evt
1316 *
1317 * Description Executes search devices callback events in btif context
1318 *
1319 * Returns void
1320 *
1321 *****************************************************************************/
btif_dm_search_devices_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_search_data)1322 static void btif_dm_search_devices_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH* p_search_data) {
1323 log::verbose("event={}", dump_dm_search_event(event));
1324
1325 switch (event) {
1326 case BTA_DM_NAME_READ_EVT: {
1327 btif_on_name_read(p_search_data->name_res.bd_addr, HCI_SUCCESS,
1328 p_search_data->name_res.bd_name, true /* during_device_search */);
1329 } break;
1330
1331 case BTA_DM_INQ_RES_EVT: {
1332 RawAddress& bdaddr = p_search_data->inq_res.bd_addr;
1333
1334 // Do not update device properties of already bonded devices.
1335 if (com::android::bluetooth::flags::guard_bonded_device_properties() &&
1336 btm_sec_is_a_bonded_dev(bdaddr)) {
1337 log::debug("Ignore device properties from discovery results for the bonded device: {}",
1338 bdaddr);
1339
1340 bool restrict_report =
1341 osi_property_get_bool("bluetooth.restrict_discovered_device.enabled", false);
1342 if (restrict_report && p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE &&
1343 !(p_search_data->inq_res.ble_evt_type & BTM_BLE_CONNECTABLE_MASK)) {
1344 log::debug("Ble device {} is not connectable", bdaddr);
1345 break;
1346 }
1347
1348 bt_property_t bt_property[] = {
1349 {BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr},
1350 {BT_PROPERTY_REMOTE_RSSI, sizeof(p_search_data->inq_res.rssi),
1351 &(p_search_data->inq_res.rssi)}};
1352 GetInterfaceToProfiles()->events->invoke_device_found_cb(ARRAY_SIZE(bt_property),
1353 bt_property);
1354 break;
1355 }
1356
1357 /* inquiry result */
1358 bt_bdname_t bdname;
1359 uint8_t remote_name_len = 0;
1360 uint8_t num_uuids = 0, max_num_uuid = 32;
1361 uint8_t uuid_list[32 * Uuid::kNumBytes16];
1362
1363 if (p_search_data->inq_res.inq_result_type != BT_DEVICE_TYPE_BLE) {
1364 p_search_data->inq_res.remt_name_not_required =
1365 check_eir_remote_name(p_search_data, NULL, NULL);
1366 }
1367
1368 log::verbose("addr:{} device_type=0x{:x}", bdaddr, p_search_data->inq_res.device_type);
1369 bdname.name[0] = 0;
1370
1371 if (!check_eir_remote_name(p_search_data, bdname.name, &remote_name_len)) {
1372 get_cached_remote_name(p_search_data->inq_res.bd_addr, &bdname, &remote_name_len);
1373 }
1374
1375 /* Check EIR for services */
1376 if (p_search_data->inq_res.p_eir) {
1377 if (!get_btm_client_interface().eir.BTM_GetEirUuidList(
1378 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len, Uuid::kNumBytes16,
1379 &num_uuids, uuid_list, max_num_uuid)) {
1380 log::debug("Unable to find service uuids in EIR peer:{}", bdaddr);
1381 }
1382 }
1383
1384 {
1385 std::vector<bt_property_t> bt_properties;
1386 uint32_t dev_type;
1387 bt_status_t status;
1388 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
1389
1390 /* RawAddress */
1391 bt_properties.push_back(bt_property_t{BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr});
1392
1393 /* BD_NAME */
1394 /* Don't send BDNAME if it is empty */
1395 if (bdname.name[0]) {
1396 bt_properties.push_back(bt_property_t{
1397 BT_PROPERTY_BDNAME, static_cast<int>(strlen((char*)bdname.name)), &bdname});
1398 }
1399
1400 /* DEV_CLASS */
1401 uint32_t cod = devclass2uint(p_search_data->inq_res.dev_class);
1402
1403 if (cod != 0) {
1404 /* Use the existing class of device when the one reported from inquiry
1405 is unclassified. Inquiry results coming from BLE can have an
1406 inferred device class based on the service uuids or appearance. We
1407 don't want this to replace the existing value below when we call
1408 btif_storage_add_remote_device */
1409 uint32_t old_cod = btif_get_cod(&bdaddr);
1410 if (cod == COD_UNCLASSIFIED && old_cod != 0) {
1411 cod = old_cod;
1412 }
1413
1414 if (old_cod != cod) {
1415 log::info("{} CoD: 0x{:06x} -> 0x{:06x}", bdaddr, old_cod, cod);
1416 }
1417 bt_properties.push_back(bt_property_t{BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod});
1418 }
1419
1420 log::verbose("clock_offset is 0x{:x}", p_search_data->inq_res.clock_offset);
1421 if (p_search_data->inq_res.clock_offset & BTM_CLOCK_OFFSET_VALID) {
1422 btif_set_device_clockoffset(bdaddr, (int)p_search_data->inq_res.clock_offset);
1423 }
1424
1425 /* DEV_TYPE */
1426 /* FixMe: Assumption is that bluetooth.h and BTE enums match */
1427
1428 /* Verify if the device is dual mode in NVRAM */
1429 int stored_device_type = 0;
1430 if (btif_get_device_type(bdaddr, &stored_device_type) &&
1431 ((stored_device_type != BT_DEVICE_TYPE_BREDR &&
1432 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BREDR) ||
1433 (stored_device_type != BT_DEVICE_TYPE_BLE &&
1434 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE))) {
1435 dev_type = (bt_device_type_t)BT_DEVICE_TYPE_DUMO;
1436 } else {
1437 dev_type = (bt_device_type_t)p_search_data->inq_res.device_type;
1438 }
1439
1440 if (p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE) {
1441 addr_type = p_search_data->inq_res.ble_addr_type;
1442 }
1443 bt_properties.push_back(
1444 bt_property_t{BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type), &dev_type});
1445 /* RSSI */
1446 bt_properties.push_back(bt_property_t{BT_PROPERTY_REMOTE_RSSI, sizeof(int8_t),
1447 &(p_search_data->inq_res.rssi)});
1448
1449 /* CSIP supported device */
1450 bt_properties.push_back(bt_property_t{BT_PROPERTY_REMOTE_IS_COORDINATED_SET_MEMBER,
1451 sizeof(bool), &(p_search_data->inq_res.include_rsi)});
1452
1453 // The default negative value means ASHA capability not found.
1454 // A non-negative value represents ASHA capability information is valid.
1455 // Because ASHA's capability is 1 byte, so int16_t is large enough.
1456 int16_t asha_capability = -1;
1457
1458 // contains ASHA truncated HiSyncId if asha_capability is non-negative
1459 uint32_t asha_truncated_hi_sync_id = 0;
1460
1461 get_asha_service_data(p_search_data->inq_res, asha_capability, asha_truncated_hi_sync_id);
1462
1463 bt_properties.push_back(bt_property_t{BT_PROPERTY_REMOTE_ASHA_CAPABILITY, sizeof(int16_t),
1464 &asha_capability});
1465
1466 bt_properties.push_back(bt_property_t{BT_PROPERTY_REMOTE_ASHA_TRUNCATED_HISYNCID,
1467 sizeof(uint32_t), &asha_truncated_hi_sync_id});
1468
1469 // Floss expects that EIR uuids are immediately reported when the
1470 // device is found and doesn't wait for the pairing intent.
1471 //
1472 // If a subsequent SDP is completed, the new UUIDs should replace
1473 // the existing UUIDs.
1474 #if TARGET_FLOSS
1475 bool report_eir_uuids = true;
1476 #else
1477 bool report_eir_uuids = false;
1478 #endif
1479 // Scope needs to persist until `invoke_device_found_cb` below.
1480 std::vector<uint8_t> property_value;
1481 /* Cache EIR queried services */
1482 if (num_uuids > 0) {
1483 uint16_t* p_uuid16 = (uint16_t*)uuid_list;
1484 auto uuid_iter = eir_uuids_cache.find(bdaddr);
1485 if (uuid_iter == eir_uuids_cache.end()) {
1486 auto triple = eir_uuids_cache.try_emplace(bdaddr, std::set<Uuid>{});
1487 uuid_iter = std::get<0>(triple);
1488 }
1489 log::info("EIR UUIDs for {}", bdaddr);
1490 for (int i = 0; i < num_uuids; ++i) {
1491 Uuid uuid = Uuid::From16Bit(p_uuid16[i]);
1492 log::info("{}", uuid.ToString());
1493 uuid_iter->second.insert(uuid);
1494 }
1495
1496 if (report_eir_uuids) {
1497 for (auto uuid : uuid_iter->second) {
1498 auto uuid_128bit = uuid.To128BitBE();
1499 property_value.insert(property_value.end(), uuid_128bit.begin(), uuid_128bit.end());
1500 }
1501
1502 bt_properties.push_back(
1503 bt_property_t{BT_PROPERTY_UUIDS,
1504 static_cast<int>(uuid_iter->second.size() * Uuid::kNumBytes128),
1505 (void*)property_value.data()});
1506 }
1507 }
1508
1509 // Floss needs appearance for metrics purposes
1510 uint16_t appearance = 0;
1511 if (check_eir_appearance(p_search_data, &appearance)) {
1512 bt_properties.push_back(
1513 bt_property_t{BT_PROPERTY_APPEARANCE, sizeof(appearance), &appearance});
1514 }
1515
1516 status =
1517 btif_storage_add_remote_device(&bdaddr, bt_properties.size(), bt_properties.data());
1518 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device (inquiry)", status);
1519 status = btif_storage_set_remote_addr_type(&bdaddr, addr_type);
1520 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote addr type (inquiry)", status);
1521
1522 bool restrict_report =
1523 osi_property_get_bool("bluetooth.restrict_discovered_device.enabled", false);
1524 if (restrict_report && p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE &&
1525 !(p_search_data->inq_res.ble_evt_type & BTM_BLE_CONNECTABLE_MASK)) {
1526 log::debug("Ble device {} is not connectable", bdaddr);
1527 break;
1528 }
1529
1530 /* Callback to notify upper layer of device */
1531 GetInterfaceToProfiles()->events->invoke_device_found_cb(bt_properties.size(),
1532 bt_properties.data());
1533 }
1534 } break;
1535
1536 case BTA_DM_DISC_CMPL_EVT: {
1537 GetInterfaceToProfiles()->events->invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1538 } break;
1539 case BTA_DM_SEARCH_CANCEL_CMPL_EVT: {
1540 /* if inquiry is not in progress and we get a cancel event, then
1541 * it means we are done with inquiry, but remote_name fetches are in
1542 * progress
1543 *
1544 * if inquiry is in progress, then we don't want to act on this
1545 * cancel_cmpl_evt
1546 * but instead wait for the cancel_cmpl_evt via the Busy Level
1547 *
1548 */
1549 if (!btif_dm_inquiry_in_progress) {
1550 GetInterfaceToProfiles()->events->invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1551 }
1552 } break;
1553 default:
1554 log::warn("Unhandled event:{}", bta_dm_search_evt_text(event));
1555 break;
1556 }
1557 }
1558
1559 /* Returns true if |uuid| should be passed as device property */
btif_is_interesting_le_service(const bluetooth::Uuid & uuid)1560 bool btif_is_interesting_le_service(const bluetooth::Uuid& uuid) {
1561 return uuid.As16Bit() == UUID_SERVCLASS_LE_HID || uuid == UUID_HEARING_AID || uuid == UUID_VC ||
1562 uuid == UUID_CSIS || uuid == UUID_LE_AUDIO || uuid == UUID_LE_MIDI || uuid == UUID_HAS ||
1563 uuid == UUID_BASS || uuid == UUID_BATTERY || uuid == ANDROID_HEADTRACKER_SERVICE_UUID;
1564 }
1565
btif_should_ignore_uuid(const Uuid & uuid)1566 static bool btif_should_ignore_uuid(const Uuid& uuid) { return uuid.IsEmpty() || uuid.IsBase(); }
1567
btif_is_gatt_service_discovery_post_pairing(const RawAddress bd_addr)1568 static bool btif_is_gatt_service_discovery_post_pairing(const RawAddress bd_addr) {
1569 return (bd_addr == pairing_cb.bd_addr || bd_addr == pairing_cb.static_bdaddr) &&
1570 (pairing_cb.gatt_over_le == btif_dm_pairing_cb_t::ServiceDiscoveryState::SCHEDULED);
1571 }
1572
btif_merge_existing_uuids(const RawAddress & addr,std::set<Uuid> * uuids,tBT_TRANSPORT transport=BT_TRANSPORT_BR_EDR)1573 static void btif_merge_existing_uuids(const RawAddress& addr, std::set<Uuid>* uuids,
1574 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR) {
1575 std::vector<Uuid> existing_uuids = btif_storage_get_services(addr, transport);
1576
1577 for (const auto& uuid : existing_uuids) {
1578 if (btif_should_ignore_uuid(uuid)) {
1579 continue;
1580 }
1581
1582 uuids->insert(uuid);
1583 }
1584 }
1585
btif_on_service_discovery_results(RawAddress bd_addr,const std::vector<bluetooth::Uuid> & uuids_param,tBTA_STATUS result)1586 static void btif_on_service_discovery_results(RawAddress bd_addr,
1587 const std::vector<bluetooth::Uuid>& uuids_param,
1588 tBTA_STATUS result) {
1589 std::set<Uuid> uuids;
1590 bool a2dp_sink_capable = false;
1591
1592 bool results_for_bonding_device =
1593 (bd_addr == pairing_cb.bd_addr || bd_addr == pairing_cb.static_bdaddr);
1594
1595 if (results_for_bonding_device && result != BTA_SUCCESS &&
1596 pairing_cb.state == BT_BOND_STATE_BONDED &&
1597 pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING) {
1598 if (pairing_cb.sdp_attempts) {
1599 log::warn("SDP failed after bonding re-attempting for {}", bd_addr);
1600 pairing_cb.sdp_attempts++;
1601 bluetooth::metrics::LogSDPComplete(bd_addr, result);
1602 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_BR_EDR);
1603 } else {
1604 log::warn("SDP triggered by someone failed when bonding");
1605 }
1606 return;
1607 }
1608
1609 if (results_for_bonding_device) {
1610 // success for SDP
1611 bluetooth::metrics::LogSDPComplete(bd_addr, tBTA_STATUS::BTA_SUCCESS);
1612 log::info("SDP finished for {}", bd_addr);
1613 pairing_cb.sdp_over_classic = btif_dm_pairing_cb_t::ServiceDiscoveryState::FINISHED;
1614 }
1615
1616 std::vector<uint8_t> bredr_property_value;
1617 std::vector<uint8_t> le_property_value;
1618 bt_property_t uuid_props[2] = {};
1619 bt_property_t& bredr_prop = uuid_props[0];
1620 bt_property_t& le_prop = uuid_props[1];
1621
1622 if ((result == BTA_SUCCESS) && !uuids_param.empty()) {
1623 log::info("New UUIDs for {}", bd_addr);
1624 for (const auto& uuid : uuids_param) {
1625 if (btif_should_ignore_uuid(uuid)) {
1626 continue;
1627 }
1628 log::info("uuid:{}", uuid.ToString());
1629 uuids.insert(uuid);
1630 }
1631
1632 if (results_for_bonding_device) {
1633 btif_merge_existing_uuids(pairing_cb.static_bdaddr, &uuids);
1634 btif_merge_existing_uuids(pairing_cb.bd_addr, &uuids);
1635 } else {
1636 btif_merge_existing_uuids(bd_addr, &uuids);
1637 }
1638
1639 for (auto& uuid : uuids) {
1640 auto uuid_128bit = uuid.To128BitBE();
1641 bredr_property_value.insert(bredr_property_value.end(), uuid_128bit.begin(),
1642 uuid_128bit.end());
1643 if (uuid == UUID_A2DP_SINK) {
1644 a2dp_sink_capable = true;
1645 }
1646 }
1647
1648 bredr_prop = {BT_PROPERTY_UUIDS, static_cast<int>(Uuid::kNumBytes128 * uuids.size()),
1649 (void*)bredr_property_value.data()};
1650
1651 if (com::android::bluetooth::flags::separate_service_storage()) {
1652 bt_status_t ret = btif_storage_set_remote_device_property(&bd_addr, &bredr_prop);
1653 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote classic services failed", ret);
1654
1655 std::set<Uuid> le_uuids;
1656 if (results_for_bonding_device) {
1657 btif_merge_existing_uuids(pairing_cb.static_bdaddr, &le_uuids, BT_TRANSPORT_LE);
1658 btif_merge_existing_uuids(pairing_cb.bd_addr, &le_uuids, BT_TRANSPORT_LE);
1659 } else {
1660 btif_merge_existing_uuids(bd_addr, &le_uuids, BT_TRANSPORT_LE);
1661 }
1662
1663 for (auto& uuid : le_uuids) {
1664 auto uuid_128bit = uuid.To128BitBE();
1665 le_property_value.insert(le_property_value.end(), uuid_128bit.begin(), uuid_128bit.end());
1666 }
1667 le_prop = {BT_PROPERTY_UUIDS_LE, static_cast<int>(Uuid::kNumBytes128 * le_uuids.size()),
1668 (void*)le_property_value.data()};
1669 }
1670 }
1671
1672 bool skip_reporting_wait_for_le = false;
1673 /* If we are doing service discovery for device that just bonded, that is
1674 * capable of a2dp, and both sides can do LE Audio, and it haven't
1675 * finished GATT over LE yet, then wait for LE service discovery to finish
1676 * before before passing services to upper layers. */
1677 if (results_for_bonding_device && a2dp_sink_capable &&
1678 pairing_cb.gatt_over_le != btif_dm_pairing_cb_t::ServiceDiscoveryState::FINISHED &&
1679 is_le_audio_capable_during_service_discovery(bd_addr)) {
1680 skip_reporting_wait_for_le = true;
1681 }
1682
1683 /* onUuidChanged requires getBondedDevices to be populated.
1684 ** bond_state_changed needs to be sent prior to remote_device_property
1685 */
1686 size_t num_eir_uuids = 0U;
1687 Uuid uuid = {};
1688 if (results_for_bonding_device && pairing_cb.state == BT_BOND_STATE_BONDED &&
1689 pairing_cb.sdp_attempts) {
1690 log::info("SDP search done for {}", bd_addr);
1691 pairing_cb.sdp_attempts = 0;
1692
1693 // Send UUIDs discovered through EIR to Java to unblock pairing intent
1694 // when SDP failed
1695 if (result != BTA_SUCCESS) {
1696 auto uuids_iter = eir_uuids_cache.find(bd_addr);
1697 if (uuids_iter != eir_uuids_cache.end()) {
1698 num_eir_uuids = uuids_iter->second.size();
1699 log::info("SDP failed, send {} EIR UUIDs to unblock bonding {}", num_eir_uuids, bd_addr);
1700 for (auto eir_uuid : uuids_iter->second) {
1701 auto uuid_128bit = eir_uuid.To128BitBE();
1702 bredr_property_value.insert(bredr_property_value.end(), uuid_128bit.begin(),
1703 uuid_128bit.end());
1704 }
1705 eir_uuids_cache.erase(uuids_iter);
1706 }
1707 if (num_eir_uuids > 0) {
1708 bredr_prop.val = (void*)bredr_property_value.data();
1709 bredr_prop.len = num_eir_uuids * Uuid::kNumBytes128;
1710 } else {
1711 log::warn("SDP failed and we have no EIR UUIDs to report either");
1712 bredr_prop.val = &uuid;
1713 bredr_prop.len = Uuid::kNumBytes128;
1714 }
1715 }
1716
1717 if (!skip_reporting_wait_for_le) {
1718 // Both SDP and bonding are done, clear pairing control block in case
1719 // it is not already cleared
1720 wipe_le_audio_metadata_cache_for_pairing_device();
1721 pairing_cb = {};
1722 log::debug("clearing btif pairing_cb");
1723 }
1724 }
1725
1726 const tBTA_STATUS bta_status = result;
1727 BTM_LogHistory(kBtmLogTagSdp, bd_addr, "Discovered services",
1728 std::format("bta_status:{} sdp_uuids:{} eir_uuids:{}", bta_status_text(bta_status),
1729 uuids_param.size(), num_eir_uuids));
1730
1731 if (!uuids_param.empty() || num_eir_uuids != 0) {
1732 if (!com::android::bluetooth::flags::separate_service_storage()) {
1733 const bt_status_t ret = btif_storage_set_remote_device_property(&bd_addr, &bredr_prop);
1734 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1735 }
1736
1737 if (skip_reporting_wait_for_le) {
1738 log::info(
1739 "Bonding LE Audio sink - must wait for le services discovery to pass "
1740 "all services to java {}",
1741 bd_addr);
1742 /* For LE Audio capable devices, we care more about passing GATT LE
1743 * services than about just finishing pairing. Service discovery
1744 * should be scheduled when LE pairing finishes, by call to
1745 * btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_LE) */
1746 return;
1747 }
1748
1749 /* Send the event to the BTIF */
1750 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(
1751 BT_STATUS_SUCCESS, bd_addr, ARRAY_SIZE(uuid_props), uuid_props);
1752 }
1753 }
1754
btif_on_gatt_results(RawAddress bd_addr,std::vector<bluetooth::Uuid> & services,bool is_transport_le)1755 static void btif_on_gatt_results(RawAddress bd_addr, std::vector<bluetooth::Uuid>& services,
1756 bool is_transport_le) {
1757 RawAddress static_addr_copy = pairing_cb.static_bdaddr;
1758 bool lea_supported = is_le_audio_capable_during_service_discovery(bd_addr);
1759
1760 if (is_transport_le) {
1761 log::info("New GATT over LE UUIDs for {}", bd_addr);
1762 BTM_LogHistory(kBtmLogTag, bd_addr, "Discovered GATT services using LE transport");
1763 if (btif_is_gatt_service_discovery_post_pairing(bd_addr)) {
1764 pairing_cb.gatt_over_le = btif_dm_pairing_cb_t::ServiceDiscoveryState::FINISHED;
1765
1766 if (pairing_cb.sdp_over_classic != btif_dm_pairing_cb_t::ServiceDiscoveryState::SCHEDULED) {
1767 // Both SDP and bonding are either done, or not scheduled,
1768 // we are safe to clear the service discovery part of CB.
1769 log::debug("clearing pairing_cb");
1770 wipe_le_audio_metadata_cache_for_pairing_device();
1771 pairing_cb = {};
1772 }
1773
1774 if (lea_supported) {
1775 /* LE Audio profile should relax parameters when it connects. If
1776 * profile is not enabled, relax parameters after timeout. */
1777 log::debug("Scheduling conn params unlock for {}", bd_addr);
1778 do_in_main_thread_delayed(
1779 base::BindOnce(
1780 [](RawAddress bd_addr) {
1781 stack::l2cap::get_interface().L2CA_LockBleConnParamsForProfileConnection(
1782 bd_addr, false);
1783 },
1784 bd_addr),
1785 std::chrono::seconds(15));
1786 }
1787 }
1788 } else {
1789 log::debug("New GATT over SDP UUIDs for {}", bd_addr);
1790 BTM_LogHistory(kBtmLogTag, bd_addr, "Discovered GATT services using SDP transport");
1791 }
1792
1793 std::set<Uuid> uuids;
1794 for (Uuid uuid : services) {
1795 if (btif_is_interesting_le_service(uuid)) {
1796 if (btif_should_ignore_uuid(uuid)) {
1797 continue;
1798 }
1799 log::info("index:{} uuid:{}", static_cast<int>(uuids.size()), uuid.ToString());
1800 uuids.insert(uuid);
1801 }
1802 }
1803
1804 if (uuids.empty()) {
1805 log::info("No well known GATT services discovered");
1806
1807 /* If services were returned as part of SDP discovery, we will
1808 * immediately send them with rest of SDP results in
1809 * on_service_discovery_results
1810 */
1811 if (!is_transport_le) {
1812 return;
1813 }
1814
1815 if (!lea_supported) {
1816 log::info("LE audio not supported, no need to report any UUIDs");
1817 return;
1818 }
1819 log::info("Will return Classic SDP results, if done, to unblock bonding");
1820 }
1821
1822 if (!com::android::bluetooth::flags::separate_service_storage()) {
1823 // Look up UUIDs using pseudo address (either RPA or static address)
1824 btif_merge_existing_uuids(bd_addr, &uuids);
1825 if (bd_addr != static_addr_copy) {
1826 // Look up UUID using static address, if different than sudo address
1827 btif_merge_existing_uuids(static_addr_copy, &uuids);
1828 }
1829 }
1830
1831 std::vector<bt_property_t> prop;
1832 std::vector<uint8_t> property_value;
1833
1834 for (auto& uuid : uuids) {
1835 auto uuid_128bit = uuid.To128BitBE();
1836 property_value.insert(property_value.end(), uuid_128bit.begin(), uuid_128bit.end());
1837 }
1838
1839 prop.push_back(bt_property_t{
1840 (com::android::bluetooth::flags::separate_service_storage() && is_transport_le)
1841 ? BT_PROPERTY_UUIDS_LE
1842 : BT_PROPERTY_UUIDS,
1843 static_cast<int>(Uuid::kNumBytes128 * uuids.size()), (void*)property_value.data()});
1844
1845 /* Also write this to the NVRAM */
1846 bt_status_t ret = btif_storage_set_remote_device_property(&bd_addr, &prop[0]);
1847 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1848
1849 if (!is_transport_le) {
1850 /* If services were returned as part of SDP discovery, we will immediately
1851 * send them with rest of SDP results in on_service_discovery_results */
1852 return;
1853 } else {
1854 if (pairing_cb.sdp_over_classic == btif_dm_pairing_cb_t::ServiceDiscoveryState::SCHEDULED) {
1855 /* Don't report services yet, they will be reported together once SDP
1856 * finishes. */
1857 log::info("will report services later, with SDP results {}", bd_addr);
1858 return;
1859 }
1860 }
1861
1862 if (!com::android::bluetooth::flags::separate_service_storage()) {
1863 /* Send the event to the BTIF */
1864 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr,
1865 prop.size(), prop.data());
1866 return;
1867 }
1868
1869 std::set<Uuid> bredr_uuids;
1870 // Look up UUIDs using pseudo address (either RPA or static address)
1871 btif_merge_existing_uuids(bd_addr, &bredr_uuids);
1872 if (bd_addr != static_addr_copy) {
1873 // Look up UUID using static address, if different than sudo address
1874 btif_merge_existing_uuids(static_addr_copy, &bredr_uuids);
1875 }
1876
1877 std::vector<uint8_t> bredr_property_value;
1878
1879 for (auto& uuid : bredr_uuids) {
1880 auto uuid_128bit = uuid.To128BitBE();
1881 bredr_property_value.insert(bredr_property_value.end(), uuid_128bit.begin(), uuid_128bit.end());
1882 }
1883
1884 prop.push_back(bt_property_t{BT_PROPERTY_UUIDS,
1885 static_cast<int>(Uuid::kNumBytes128 * bredr_uuids.size()),
1886 (void*)bredr_property_value.data()});
1887
1888 /* Send the event to the BTIF */
1889 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr,
1890 prop.size(), prop.data());
1891 }
1892
btif_on_name_read(RawAddress bd_addr,tHCI_ERROR_CODE hci_status,const BD_NAME bd_name,bool during_device_search)1893 static void btif_on_name_read(RawAddress bd_addr, tHCI_ERROR_CODE hci_status, const BD_NAME bd_name,
1894 bool during_device_search) {
1895 if (hci_status != HCI_SUCCESS) {
1896 log::warn("Received RNR event with bad status addr:{} hci_status:{}", bd_addr,
1897 hci_error_code_text(hci_status));
1898 return;
1899 }
1900 if (bd_name[0] == '\0') {
1901 log::warn("Received RNR event without valid name addr:{}", bd_addr);
1902 return;
1903 }
1904
1905 // Needs 3 properties if during_device_search is true
1906 std::vector<bt_property_t> properties;
1907
1908 properties.push_back(bt_property_t{BT_PROPERTY_BDNAME,
1909 static_cast<int>(strnlen((char*)bd_name, BD_NAME_LEN)),
1910 (void*)(bd_name)});
1911
1912 const bt_status_t status = btif_storage_set_remote_device_property(&bd_addr, properties.data());
1913 log::assert_that(status == BT_STATUS_SUCCESS, "Failed to save remote device property status:{}",
1914 bt_status_text(status));
1915 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(
1916 status, bd_addr, properties.size(), properties.data());
1917 log::info("Callback for read name event addr:{} name:{}", bd_addr,
1918 reinterpret_cast<char const*>(bd_name));
1919
1920 if (!during_device_search) {
1921 return;
1922 }
1923
1924 uint32_t cod = btif_get_cod(&bd_addr);
1925 if (cod != 0) {
1926 properties.push_back(bt_property_t{BT_PROPERTY_BDADDR, sizeof(bd_addr), &bd_addr});
1927 properties.push_back(bt_property_t{BT_PROPERTY_CLASS_OF_DEVICE, sizeof(uint32_t), &cod});
1928 log::debug("report new device to JNI");
1929 GetInterfaceToProfiles()->events->invoke_device_found_cb(properties.size(), properties.data());
1930 } else {
1931 log::info("Skipping device found callback because cod is zero addr:{} name:{}", bd_addr,
1932 reinterpret_cast<char const*>(bd_name));
1933 }
1934 }
1935
btif_on_name_read_from_btm(const RawAddress & bd_addr,DEV_CLASS,BD_NAME bd_name)1936 static void btif_on_name_read_from_btm(const RawAddress& bd_addr, DEV_CLASS /* dc */,
1937 BD_NAME bd_name) {
1938 log::info("{} {}", bd_addr, reinterpret_cast<char const*>(bd_name));
1939 btif_on_name_read(bd_addr, HCI_SUCCESS, bd_name, false /* during_device_search */);
1940 }
1941
btif_on_did_received(RawAddress bd_addr,uint8_t vendor_id_src,uint16_t vendor_id,uint16_t product_id,uint16_t version)1942 static void btif_on_did_received(RawAddress bd_addr, uint8_t vendor_id_src, uint16_t vendor_id,
1943 uint16_t product_id, uint16_t version) {
1944 bt_vendor_product_info_t vp_info{
1945 .vendor_id_src = vendor_id_src,
1946 .vendor_id = vendor_id,
1947 .product_id = product_id,
1948 .version = version,
1949 };
1950
1951 bt_property_t prop_did{
1952 .type = BT_PROPERTY_VENDOR_PRODUCT_INFO,
1953 .len = sizeof(vp_info),
1954 .val = &vp_info,
1955 };
1956
1957 bt_status_t ret = btif_storage_set_remote_device_property(&bd_addr, &prop_did);
1958 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1959
1960 /* Send the event to the BTIF */
1961 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr,
1962 1, &prop_did);
1963 }
1964
BTIF_dm_report_inquiry_status_change(tBTM_INQUIRY_STATE status)1965 void BTIF_dm_report_inquiry_status_change(tBTM_INQUIRY_STATE status) {
1966 btif_dm_inquiry_in_progress = (status == tBTM_INQUIRY_STATE::BTM_INQUIRY_STARTED);
1967
1968 if (status == tBTM_INQUIRY_STATE::BTM_INQUIRY_STARTED) {
1969 GetInterfaceToProfiles()->events->invoke_discovery_state_changed_cb(BT_DISCOVERY_STARTED);
1970 } else if (status == tBTM_INQUIRY_STATE::BTM_INQUIRY_CANCELLED) {
1971 GetInterfaceToProfiles()->events->invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1972 }
1973 }
1974
BTIF_dm_enable()1975 void BTIF_dm_enable() {
1976 if (com::android::bluetooth::flags::guest_mode_bond()) {
1977 btif_storage_prune_devices();
1978 }
1979
1980 BD_NAME bdname;
1981 bt_property_t prop{
1982 .type = BT_PROPERTY_BDNAME,
1983 .len = BD_NAME_LEN,
1984 .val = (void*)bdname,
1985 };
1986
1987 bt_status_t status = btif_storage_get_adapter_property(&prop);
1988 if (status == BT_STATUS_SUCCESS) {
1989 /* A name exists in the storage. Make this the device name */
1990 BTA_DmSetDeviceName((const char*)prop.val);
1991 } else {
1992 /* Storage does not have a name yet.
1993 * Use the default name and write it to the chip
1994 */
1995 BTA_DmSetDeviceName(btif_get_default_local_name());
1996 }
1997
1998 /* Enable or disable local privacy */
1999 bool ble_privacy_enabled = osi_property_get_bool(PROPERTY_BLE_PRIVACY_ENABLED, /*default=*/true);
2000
2001 log::info("Local BLE Privacy enabled:{}", ble_privacy_enabled);
2002 BTA_DmBleConfigLocalPrivacy(ble_privacy_enabled);
2003
2004 get_stack_rnr_interface().BTM_SecAddRmtNameNotifyCallback(btif_on_name_read_from_btm);
2005
2006 /* for each of the enabled services in the mask, trigger the profile
2007 * enable */
2008 tBTA_SERVICE_MASK service_mask = btif_get_enabled_services_mask();
2009 for (uint32_t i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
2010 if (service_mask & (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
2011 btif_in_execute_service_request(i, true);
2012 }
2013 }
2014 /* clear control blocks */
2015 wipe_le_audio_metadata_cache_for_pairing_device();
2016 pairing_cb = {};
2017 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
2018
2019 /* Bluetooth Core Specification version 5.4
2020 * 7.8.5 LE Set Advertising Parameters command
2021 * 7.8.53 LE Set Extended Advertising Parameters command
2022 * 7.8.64 LE Set Extended Scan Parameters command
2023 * 7.8.12 LE Create Connection command
2024 * 7.8.66 LE Extended Create Connection command
2025 * Set all-zero set to resolving list to make controller generate RPA for
2026 * un-direct (broadcast) advertising RPA */
2027 if (bluetooth::shim::GetController()->IsRpaGenerationSupported()) {
2028 log::info("Support RPA offload, set all-zero set in resolving list");
2029 tBLE_BD_ADDR all_zero_address_with_type = {0};
2030 const Octet16 all_zero_peer_irk = {0};
2031 bluetooth::shim::ACL_AddToAddressResolution(all_zero_address_with_type, all_zero_peer_irk,
2032 ble_local_key_cb.id_keys.irk);
2033 }
2034
2035 // Enable address consolidation.
2036 btif_storage_load_le_devices();
2037
2038 /* This function will also trigger the adapter_properties_cb
2039 ** and bonded_devices_info_cb
2040 */
2041 btif_storage_load_bonded_devices();
2042 bluetooth::bqr::EnableBtQualityReport(get_main());
2043 btif_enable_bluetooth_evt();
2044 }
2045
BTIF_dm_disable()2046 void BTIF_dm_disable() {
2047 get_stack_rnr_interface().BTM_SecDeleteRmtNameNotifyCallback(&btif_on_name_read_from_btm);
2048
2049 /* for each of the enabled services in the mask, trigger the profile
2050 * disable */
2051 tBTA_SERVICE_MASK service_mask = btif_get_enabled_services_mask();
2052 for (uint32_t i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
2053 if (service_mask & (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
2054 btif_in_execute_service_request(i, false);
2055 }
2056 }
2057 bluetooth::bqr::DisableBtQualityReport();
2058 log::info("Stack device manager shutdown finished");
2059 future_ready(stack_manager_get_hack_future(), FUTURE_SUCCESS);
2060 }
2061
2062 /*******************************************************************************
2063 *
2064 * Function btif_dm_sec_evt
2065 *
2066 * Description Executes security related events
2067 *
2068 * Returns void
2069 *
2070 ******************************************************************************/
btif_dm_sec_evt(tBTA_DM_SEC_EVT event,tBTA_DM_SEC * p_data)2071 void btif_dm_sec_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data) {
2072 RawAddress bd_addr;
2073
2074 log::verbose("ev:{}", dump_dm_event(event));
2075
2076 switch (event) {
2077 case BTA_DM_PIN_REQ_EVT:
2078 btif_dm_pin_req_evt(&p_data->pin_req);
2079 break;
2080
2081 case BTA_DM_AUTH_CMPL_EVT:
2082 btif_dm_auth_cmpl_evt(&p_data->auth_cmpl);
2083 break;
2084
2085 case BTA_DM_BOND_CANCEL_CMPL_EVT:
2086 if (is_bonding_or_sdp()) {
2087 bd_addr = pairing_cb.bd_addr;
2088 btm_set_bond_type_dev(pairing_cb.bd_addr, BOND_TYPE_UNKNOWN);
2089 bond_state_changed((bt_status_t)p_data->bond_cancel_cmpl.result, bd_addr,
2090 BT_BOND_STATE_NONE);
2091 }
2092 break;
2093
2094 case BTA_DM_SP_CFM_REQ_EVT:
2095 btif_dm_ssp_cfm_req_evt(&p_data->cfm_req);
2096 break;
2097 case BTA_DM_SP_KEY_NOTIF_EVT:
2098 btif_dm_ssp_key_notif_evt(&p_data->key_notif);
2099 break;
2100
2101 case BTA_DM_DEV_UNPAIRED_EVT:
2102 bd_addr = p_data->dev_unpair.bd_addr;
2103 btm_set_bond_type_dev(p_data->dev_unpair.bd_addr, BOND_TYPE_UNKNOWN);
2104
2105 GetInterfaceToProfiles()->removeDeviceFromProfiles(bd_addr);
2106 btif_storage_remove_bonded_device(&bd_addr);
2107 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
2108 break;
2109
2110 case BTA_DM_BLE_KEY_EVT:
2111 log::verbose("BTA_DM_BLE_KEY_EVT key_type=0x{:02x}", p_data->ble_key.key_type);
2112
2113 /* If this pairing is by-product of local initiated GATT client Read or
2114 Write,
2115 BTA would not have sent BTA_DM_BLE_SEC_REQ_EVT event and Bond state would
2116 not
2117 have setup properly. Setup pairing_cb and notify App about Bonding state
2118 now*/
2119 if (pairing_cb.state != BT_BOND_STATE_BONDING) {
2120 log::verbose("Bond state not sent to App so far.Notify the app now");
2121 bond_state_changed(BT_STATUS_SUCCESS, p_data->ble_key.bd_addr, BT_BOND_STATE_BONDING);
2122 } else if (pairing_cb.bd_addr != p_data->ble_key.bd_addr) {
2123 log::error("BD mismatch discard BLE key_type={}", p_data->ble_key.key_type);
2124 break;
2125 }
2126
2127 switch (p_data->ble_key.key_type) {
2128 case BTM_LE_KEY_PENC:
2129 log::verbose("Rcv BTM_LE_KEY_PENC");
2130 pairing_cb.ble.is_penc_key_rcvd = true;
2131 pairing_cb.ble.penc_key = p_data->ble_key.p_key_value->penc_key;
2132 break;
2133
2134 case BTM_LE_KEY_PID:
2135 log::verbose("Rcv BTM_LE_KEY_PID");
2136 pairing_cb.ble.is_pid_key_rcvd = true;
2137 pairing_cb.ble.pid_key = p_data->ble_key.p_key_value->pid_key;
2138 break;
2139
2140 case BTM_LE_KEY_PCSRK:
2141 log::verbose("Rcv BTM_LE_KEY_PCSRK");
2142 pairing_cb.ble.is_pcsrk_key_rcvd = true;
2143 pairing_cb.ble.pcsrk_key = p_data->ble_key.p_key_value->pcsrk_key;
2144 break;
2145
2146 case BTM_LE_KEY_LENC:
2147 log::verbose("Rcv BTM_LE_KEY_LENC");
2148 pairing_cb.ble.is_lenc_key_rcvd = true;
2149 pairing_cb.ble.lenc_key = p_data->ble_key.p_key_value->lenc_key;
2150 break;
2151
2152 case BTM_LE_KEY_LCSRK:
2153 log::verbose("Rcv BTM_LE_KEY_LCSRK");
2154 pairing_cb.ble.is_lcsrk_key_rcvd = true;
2155 pairing_cb.ble.lcsrk_key = p_data->ble_key.p_key_value->lcsrk_key;
2156 break;
2157
2158 case BTM_LE_KEY_LID:
2159 log::verbose("Rcv BTM_LE_KEY_LID");
2160 pairing_cb.ble.is_lidk_key_rcvd = true;
2161 break;
2162
2163 default:
2164 log::error("unknown BLE key type (0x{:02x})", p_data->ble_key.key_type);
2165 break;
2166 }
2167 break;
2168 case BTA_DM_BLE_CONSENT_REQ_EVT:
2169 log::verbose("BTA_DM_BLE_CONSENT_REQ_EVT");
2170 btif_dm_ble_sec_req_evt(&p_data->ble_req, true);
2171 break;
2172 case BTA_DM_BLE_SEC_REQ_EVT:
2173 log::verbose("BTA_DM_BLE_SEC_REQ_EVT");
2174 btif_dm_ble_sec_req_evt(&p_data->ble_req, false);
2175 break;
2176 case BTA_DM_BLE_PASSKEY_NOTIF_EVT:
2177 log::verbose("BTA_DM_BLE_PASSKEY_NOTIF_EVT");
2178 btif_dm_ble_passkey_notif_evt(&p_data->key_notif);
2179 break;
2180 case BTA_DM_BLE_PASSKEY_REQ_EVT:
2181 log::verbose("BTA_DM_BLE_PASSKEY_REQ_EVT");
2182 btif_dm_ble_passkey_req_evt(&p_data->pin_req);
2183 break;
2184 case BTA_DM_BLE_NC_REQ_EVT:
2185 log::verbose("BTA_DM_BLE_PASSKEY_REQ_EVT");
2186 btif_dm_ble_key_nc_req_evt(&p_data->key_notif);
2187 break;
2188 case BTA_DM_BLE_OOB_REQ_EVT:
2189 log::verbose("BTA_DM_BLE_OOB_REQ_EVT");
2190 btif_dm_ble_oob_req_evt(&p_data->rmt_oob);
2191 break;
2192 case BTA_DM_BLE_SC_OOB_REQ_EVT:
2193 log::verbose("BTA_DM_BLE_SC_OOB_REQ_EVT");
2194 btif_dm_ble_sc_oob_req_evt(&p_data->rmt_oob);
2195 break;
2196 case BTA_DM_BLE_SC_CR_LOC_OOB_EVT:
2197 log::verbose("BTA_DM_BLE_SC_CR_LOC_OOB_EVT");
2198 btif_dm_proc_loc_oob(BT_TRANSPORT_LE, true, p_data->local_oob_data.local_oob_c,
2199 p_data->local_oob_data.local_oob_r);
2200 break;
2201
2202 case BTA_DM_BLE_LOCAL_IR_EVT:
2203 log::verbose("BTA_DM_BLE_LOCAL_IR_EVT");
2204 ble_local_key_cb.is_id_keys_rcvd = true;
2205 ble_local_key_cb.id_keys.irk = p_data->ble_id_keys.irk;
2206 ble_local_key_cb.id_keys.ir = p_data->ble_id_keys.ir;
2207 ble_local_key_cb.id_keys.dhk = p_data->ble_id_keys.dhk;
2208 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.irk, BTIF_DM_LE_LOCAL_KEY_IRK);
2209 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.ir, BTIF_DM_LE_LOCAL_KEY_IR);
2210 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.dhk, BTIF_DM_LE_LOCAL_KEY_DHK);
2211 break;
2212 case BTA_DM_BLE_LOCAL_ER_EVT:
2213 log::verbose("BTA_DM_BLE_LOCAL_ER_EVT");
2214 ble_local_key_cb.is_er_rcvd = true;
2215 ble_local_key_cb.er = p_data->ble_er;
2216 btif_storage_add_ble_local_key(ble_local_key_cb.er, BTIF_DM_LE_LOCAL_KEY_ER);
2217 break;
2218
2219 case BTA_DM_BLE_AUTH_CMPL_EVT:
2220 log::verbose("BTA_DM_BLE_AUTH_CMPL_EVT");
2221 btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl);
2222 break;
2223
2224 case BTA_DM_LE_ADDR_ASSOC_EVT:
2225 GetInterfaceToProfiles()->events->invoke_le_address_associate_cb(
2226 p_data->proc_id_addr.pairing_bda, p_data->proc_id_addr.id_addr,
2227 p_data->proc_id_addr.id_addr_type);
2228 break;
2229
2230 case BTA_DM_SIRK_VERIFICATION_REQ_EVT:
2231 GetInterfaceToProfiles()->events->invoke_le_address_associate_cb(
2232 p_data->proc_id_addr.pairing_bda, p_data->proc_id_addr.id_addr,
2233 p_data->proc_id_addr.id_addr_type);
2234 break;
2235
2236 case BTA_DM_KEY_MISSING_EVT:
2237 GetInterfaceToProfiles()->events->invoke_key_missing_cb(p_data->key_missing.bd_addr);
2238 break;
2239
2240 case BTA_DM_ENCRYPTION_CHANGE_EVT:
2241 GetInterfaceToProfiles()->events->invoke_encryption_change_cb(p_data->encryption_change);
2242 break;
2243
2244 default:
2245 log::warn("unhandled event({})", event);
2246 break;
2247 }
2248 }
2249
2250 /*******************************************************************************
2251 *
2252 * Function bte_dm_acl_evt
2253 *
2254 * Description BTIF handler for ACL up/down, identity address report events
2255 *
2256 * Returns void
2257 *
2258 ******************************************************************************/
btif_dm_acl_evt(tBTA_DM_ACL_EVT event,tBTA_DM_ACL * p_data)2259 void btif_dm_acl_evt(tBTA_DM_ACL_EVT event, tBTA_DM_ACL* p_data) {
2260 RawAddress bd_addr;
2261
2262 switch (event) {
2263 case BTA_DM_LINK_UP_EVT:
2264 bd_addr = p_data->link_up.bd_addr;
2265 log::verbose("BTA_DM_LINK_UP_EVT. Sending BT_ACL_STATE_CONNECTED");
2266
2267 btif_update_remote_version_property(&bd_addr);
2268
2269 GetInterfaceToProfiles()->events->invoke_acl_state_changed_cb(
2270 BT_STATUS_SUCCESS, bd_addr, BT_ACL_STATE_CONNECTED,
2271 (int)p_data->link_up.transport_link_type, HCI_SUCCESS,
2272 btm_is_acl_locally_initiated() ? bt_conn_direction_t::BT_CONN_DIRECTION_OUTGOING
2273 : bt_conn_direction_t::BT_CONN_DIRECTION_INCOMING,
2274 p_data->link_up.acl_handle);
2275
2276 if (p_data->link_up.transport_link_type == BT_TRANSPORT_LE && pairing_cb.bd_addr == bd_addr &&
2277 is_device_le_audio_capable(bd_addr)) {
2278 stack::l2cap::get_interface().L2CA_LockBleConnParamsForProfileConnection(bd_addr, true);
2279 }
2280 break;
2281
2282 case BTA_DM_LINK_UP_FAILED_EVT:
2283 GetInterfaceToProfiles()->events->invoke_acl_state_changed_cb(
2284 hci_error_to_bt_status(p_data->link_up_failed.status), p_data->link_up_failed.bd_addr,
2285 BT_ACL_STATE_DISCONNECTED, p_data->link_up_failed.transport_link_type,
2286 p_data->link_up_failed.status,
2287 btm_is_acl_locally_initiated() ? bt_conn_direction_t::BT_CONN_DIRECTION_OUTGOING
2288 : bt_conn_direction_t::BT_CONN_DIRECTION_INCOMING,
2289 INVALID_ACL_HANDLE);
2290 break;
2291
2292 case BTA_DM_LINK_DOWN_EVT: {
2293 bd_addr = p_data->link_down.bd_addr;
2294 btm_set_bond_type_dev(p_data->link_down.bd_addr, BOND_TYPE_UNKNOWN);
2295 GetInterfaceToProfiles()->onLinkDown(bd_addr, p_data->link_down.transport_link_type);
2296
2297 bt_conn_direction_t direction;
2298 switch (btm_get_acl_disc_reason_code()) {
2299 case HCI_ERR_PEER_USER:
2300 case HCI_ERR_REMOTE_LOW_RESOURCE:
2301 case HCI_ERR_REMOTE_POWER_OFF:
2302 direction = bt_conn_direction_t::BT_CONN_DIRECTION_INCOMING;
2303 break;
2304 case HCI_ERR_CONN_CAUSE_LOCAL_HOST:
2305 case HCI_ERR_HOST_REJECT_SECURITY:
2306 direction = bt_conn_direction_t::BT_CONN_DIRECTION_OUTGOING;
2307 break;
2308 default:
2309 direction = bt_conn_direction_t::BT_CONN_DIRECTION_UNKNOWN;
2310 }
2311 GetInterfaceToProfiles()->events->invoke_acl_state_changed_cb(
2312 BT_STATUS_SUCCESS, bd_addr, BT_ACL_STATE_DISCONNECTED,
2313 (int)p_data->link_down.transport_link_type,
2314 static_cast<bt_hci_error_code_t>(btm_get_acl_disc_reason_code()), direction,
2315 INVALID_ACL_HANDLE);
2316 log::debug(
2317 "Sent BT_ACL_STATE_DISCONNECTED upward as ACL link down event "
2318 "device:{} reason:{}",
2319 bd_addr,
2320 hci_reason_code_text(static_cast<tHCI_REASON>(btm_get_acl_disc_reason_code())));
2321 } break;
2322 case BTA_DM_LE_FEATURES_READ:
2323 btif_get_adapter_property(BT_PROPERTY_LOCAL_LE_FEATURES);
2324 break;
2325 case BTA_DM_LPP_OFFLOAD_FEATURES_READ:
2326 btif_get_adapter_property(BT_PROPERTY_LPP_OFFLOAD_FEATURES);
2327 break;
2328
2329 default: {
2330 log::error("Unexpected tBTA_DM_ACL_EVT:{}", event);
2331 } break;
2332 }
2333 }
2334
2335 /*******************************************************************************
2336 *
2337 * Function bta_energy_info_cb
2338 *
2339 * Description Switches context from BTE to BTIF for DM energy info event
2340 *
2341 * Returns void
2342 *
2343 ******************************************************************************/
bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTM_CONTRL_STATE ctrl_state,tBTA_STATUS status)2344 static void bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time, tBTM_BLE_RX_TIME_MS rx_time,
2345 tBTM_BLE_IDLE_TIME_MS idle_time, tBTM_BLE_ENERGY_USED energy_used,
2346 tBTM_CONTRL_STATE ctrl_state, tBTA_STATUS status) {
2347 log::verbose(
2348 "energy_info_cb-Status:{},state={},tx_t={}, rx_t={}, "
2349 "idle_time={},used={}",
2350 status, ctrl_state, tx_time, rx_time, idle_time, energy_used);
2351
2352 if (uid_set != nullptr) {
2353 bt_activity_energy_info energy_info;
2354 energy_info.status = status;
2355 energy_info.ctrl_state = ctrl_state;
2356 energy_info.rx_time = rx_time;
2357 energy_info.tx_time = tx_time;
2358 energy_info.idle_time = idle_time;
2359 energy_info.energy_used = energy_used;
2360
2361 bt_uid_traffic_t* data = uid_set_read_and_clear(uid_set);
2362 GetInterfaceToProfiles()->events->invoke_energy_info_cb(energy_info, data);
2363 } else {
2364 log::warn("Energy info event dropped as module is inactive");
2365 }
2366 }
2367
2368 /*****************************************************************************
2369 *
2370 * btif api functions (no context switch)
2371 *
2372 ****************************************************************************/
2373
2374 /*******************************************************************************
2375 *
2376 * Function btif_dm_start_discovery
2377 *
2378 * Description Start device discovery/inquiry
2379 *
2380 ******************************************************************************/
btif_dm_start_discovery(void)2381 void btif_dm_start_discovery(void) {
2382 log::verbose("start device discover/inquiry");
2383
2384 BTM_LogHistory(
2385 kBtmLogTag, RawAddress::kEmpty, "Device discovery",
2386 std::format("is_request_queued:{:c}", bta_dm_is_search_request_queued() ? 'T' : 'F'));
2387
2388 /* no race here because we're guaranteed to be in the main thread */
2389 if (bta_dm_is_search_request_queued()) {
2390 log::info("skipping start discovery because a request is queued");
2391 return;
2392 }
2393
2394 /* Will be enabled to true once inquiry busy level has been received */
2395 btif_dm_inquiry_in_progress = false;
2396 /* find nearby devices */
2397 BTA_DmSearch(btif_dm_search_devices_evt);
2398 power_telemetry::GetInstance().LogScanStarted();
2399 }
2400
2401 /*******************************************************************************
2402 *
2403 * Function btif_dm_cancel_discovery
2404 *
2405 * Description Cancels search
2406 *
2407 ******************************************************************************/
btif_dm_cancel_discovery(void)2408 void btif_dm_cancel_discovery(void) {
2409 log::info("Cancel search");
2410 BTM_LogHistory(kBtmLogTag, RawAddress::kEmpty, "Cancel discovery");
2411
2412 BTA_DmSearchCancel();
2413 }
2414
btif_dm_pairing_is_busy()2415 bool btif_dm_pairing_is_busy() { return pairing_cb.state != BT_BOND_STATE_NONE; }
2416
btif_dm_is_pairing(const RawAddress & bdaddr)2417 bool btif_dm_is_pairing(const RawAddress& bdaddr) {
2418 return btif_dm_pairing_is_busy() &&
2419 (pairing_cb.bd_addr == bdaddr || pairing_cb.static_bdaddr == bdaddr);
2420 }
2421
2422 /*******************************************************************************
2423 *
2424 * Function btif_dm_create_bond
2425 *
2426 * Description Initiate bonding with the specified device
2427 *
2428 ******************************************************************************/
btif_dm_create_bond(const RawAddress bd_addr,tBT_TRANSPORT transport)2429 void btif_dm_create_bond(const RawAddress bd_addr, tBT_TRANSPORT transport) {
2430 log::verbose("bd_addr={}, transport={}", bd_addr, transport);
2431
2432 BTM_LogHistory(kBtmLogTag, bd_addr, "Create bond",
2433 std::format("transport:{}", bt_transport_text(transport)));
2434
2435 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CREATE_BOND, pairing_cb.state);
2436
2437 pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
2438 btif_dm_cb_create_bond(bd_addr, transport);
2439 }
2440
2441 /*******************************************************************************
2442 *
2443 * Function btif_dm_create_bond_le
2444 *
2445 * Description Initiate bonding with the specified device over le transport
2446 *
2447 ******************************************************************************/
btif_dm_create_bond_le(const RawAddress bd_addr,tBLE_ADDR_TYPE addr_type)2448 void btif_dm_create_bond_le(const RawAddress bd_addr, tBLE_ADDR_TYPE addr_type) {
2449 log::verbose("bd_addr={}, addr_type={}", bd_addr, addr_type);
2450 const tBLE_BD_ADDR ble_bd_addr{
2451 .type = addr_type,
2452 .bda = bd_addr,
2453 };
2454 BTM_LogHistory(kBtmLogTag, ble_bd_addr, "Create bond",
2455 std::format("transport:{}", bt_transport_text(BT_TRANSPORT_LE)));
2456
2457 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CREATE_BOND, pairing_cb.state);
2458
2459 pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
2460 btif_dm_cb_create_bond_le(bd_addr, addr_type);
2461 }
2462
2463 /*******************************************************************************
2464 *
2465 * Function btif_dm_create_bond_out_of_band
2466 *
2467 * Description Initiate bonding with the specified device using out of band
2468 * data
2469 *
2470 ******************************************************************************/
btif_dm_create_bond_out_of_band(const RawAddress bd_addr,tBT_TRANSPORT transport,const bt_oob_data_t p192_data,const bt_oob_data_t p256_data)2471 void btif_dm_create_bond_out_of_band(const RawAddress bd_addr, tBT_TRANSPORT transport,
2472 const bt_oob_data_t p192_data, const bt_oob_data_t p256_data) {
2473 bt_oob_data_t empty_data;
2474 memset(&empty_data, 0, sizeof(empty_data));
2475
2476 oob_cb.bdaddr = bd_addr;
2477 oob_cb.transport = transport;
2478 oob_cb.data_present = (int)BTM_OOB_NONE;
2479 if (memcmp(&p192_data, &empty_data, sizeof(p192_data)) != 0) {
2480 memcpy(&oob_cb.p192_data, &p192_data, sizeof(bt_oob_data_t));
2481 oob_cb.data_present = (int)BTM_OOB_PRESENT_192;
2482 }
2483
2484 if (memcmp(&p256_data, &empty_data, sizeof(p256_data)) != 0) {
2485 memcpy(&oob_cb.p256_data, &p256_data, sizeof(bt_oob_data_t));
2486 if (oob_cb.data_present == (int)BTM_OOB_PRESENT_192) {
2487 oob_cb.data_present = (int)BTM_OOB_PRESENT_192_AND_256;
2488 } else {
2489 oob_cb.data_present = (int)BTM_OOB_PRESENT_256;
2490 }
2491 }
2492
2493 BTM_LogHistory(kBtmLogTag, bd_addr, "Create bond",
2494 std::format("transport:{} oob:{}", bt_transport_text(transport),
2495 btm_oob_data_text(oob_cb.data_present)));
2496
2497 uint8_t empty[] = {0, 0, 0, 0, 0, 0, 0};
2498 switch (transport) {
2499 case BT_TRANSPORT_BR_EDR:
2500 // TODO(182162589): Flesh out classic impl in legacy BTMSec
2501 // Nothing to do yet, but not an error
2502
2503 // The controller only supports P192
2504 switch (oob_cb.data_present) {
2505 case BTM_OOB_PRESENT_192_AND_256:
2506 log::info("Have both P192 and P256");
2507 [[fallthrough]];
2508 case BTM_OOB_PRESENT_192:
2509 log::info("Using P192");
2510 break;
2511 case BTM_OOB_PRESENT_256:
2512 log::info("Using P256");
2513 // TODO(181889116):
2514 // Upgrade to support p256 (for now we just ignore P256)
2515 // because the controllers do not yet support it.
2516 bond_state_changed(BT_STATUS_UNSUPPORTED, bd_addr, BT_BOND_STATE_NONE);
2517 return;
2518 default:
2519 log::error("Invalid data present for controller:{}", oob_cb.data_present);
2520 bond_state_changed(BT_STATUS_PARM_INVALID, bd_addr, BT_BOND_STATE_NONE);
2521 return;
2522 }
2523 pairing_cb.is_local_initiated = true;
2524 log::error("Classic not implemented yet");
2525 bond_state_changed(BT_STATUS_UNSUPPORTED, bd_addr, BT_BOND_STATE_NONE);
2526 return;
2527 case BT_TRANSPORT_LE: {
2528 // Guess default RANDOM for address type for LE
2529 tBLE_ADDR_TYPE address_type = BLE_ADDR_RANDOM;
2530 log::info("Using LE Transport");
2531 switch (oob_cb.data_present) {
2532 case BTM_OOB_PRESENT_192_AND_256:
2533 log::info("Have both P192 and P256");
2534 [[fallthrough]];
2535 // Always prefer 256 for LE
2536 case BTM_OOB_PRESENT_256:
2537 log::info("Using P256");
2538 // If we have an address, lets get the type
2539 if (memcmp(p256_data.address, empty, 7) != 0) {
2540 /* byte no 7 is address type in LE Bluetooth Address OOB data */
2541 address_type = static_cast<tBLE_ADDR_TYPE>(p256_data.address[6]);
2542 }
2543 break;
2544 case BTM_OOB_PRESENT_192:
2545 log::info("Using P192");
2546 // If we have an address, lets get the type
2547 if (memcmp(p192_data.address, empty, 7) != 0) {
2548 /* byte no 7 is address type in LE Bluetooth Address OOB data */
2549 address_type = static_cast<tBLE_ADDR_TYPE>(p192_data.address[6]);
2550 }
2551 break;
2552 }
2553 pairing_cb.is_local_initiated = true;
2554 get_btm_client_interface().security.BTM_SecAddBleDevice(bd_addr, BT_DEVICE_TYPE_BLE,
2555 address_type);
2556 BTA_DmBond(bd_addr, address_type, transport, BT_DEVICE_TYPE_BLE);
2557 break;
2558 }
2559 default:
2560 log::error("Invalid transport: {}", transport);
2561 bond_state_changed(BT_STATUS_PARM_INVALID, bd_addr, BT_BOND_STATE_NONE);
2562 return;
2563 }
2564 }
2565
2566 /*******************************************************************************
2567 *
2568 * Function btif_dm_cancel_bond
2569 *
2570 * Description Initiate bonding with the specified device
2571 *
2572 ******************************************************************************/
btif_dm_cancel_bond(const RawAddress bd_addr)2573 void btif_dm_cancel_bond(const RawAddress bd_addr) {
2574 log::verbose("bd_addr={}", bd_addr);
2575
2576 BTM_LogHistory(kBtmLogTag, bd_addr, "Cancel bond");
2577
2578 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CANCEL_BOND, pairing_cb.state);
2579
2580 /* TODO:
2581 ** 1. Restore scan modes
2582 ** 2. special handling for HID devices
2583 */
2584 if (is_bonding_or_sdp()) {
2585 // clear sdp_attempts
2586 pairing_cb.sdp_attempts = 0;
2587
2588 if (com::android::bluetooth::flags::ignore_unrelated_cancel_bond() &&
2589 (pairing_cb.bd_addr != bd_addr)) {
2590 log::warn("Ignoring bond cancel for unrelated device: {} pairing: {}", bd_addr,
2591 pairing_cb.bd_addr);
2592 return;
2593 }
2594 if (pairing_cb.is_ssp) {
2595 if (pairing_cb.is_le_only) {
2596 BTA_DmBleSecurityGrant(bd_addr, tBTA_DM_BLE_SEC_GRANT::BTA_DM_SEC_PAIR_NOT_SPT);
2597 } else {
2598 BTA_DmConfirm(bd_addr, false);
2599 BTA_DmBondCancel(bd_addr);
2600 btif_storage_remove_bonded_device(&bd_addr);
2601 }
2602 } else {
2603 if (pairing_cb.is_le_only) {
2604 BTA_DmBondCancel(bd_addr);
2605 } else {
2606 BTA_DmPinReply(bd_addr, false, 0, NULL);
2607 }
2608 /* Cancel bonding, in case it is in ACL connection setup state */
2609 BTA_DmBondCancel(bd_addr);
2610 }
2611 }
2612 }
2613
2614 /*******************************************************************************
2615 *
2616 * Function btif_dm_hh_open_failed
2617 *
2618 * Description informs the upper layers if the HH have failed during
2619 * bonding
2620 *
2621 * Returns none
2622 *
2623 ******************************************************************************/
2624
btif_dm_hh_open_failed(RawAddress * bdaddr)2625 void btif_dm_hh_open_failed(RawAddress* bdaddr) {
2626 if (pairing_cb.state == BT_BOND_STATE_BONDING && *bdaddr == pairing_cb.bd_addr) {
2627 bond_state_changed(BT_STATUS_RMT_DEV_DOWN, *bdaddr, BT_BOND_STATE_NONE);
2628 }
2629 }
2630
2631 /*******************************************************************************
2632 *
2633 * Function btif_dm_remove_bond
2634 *
2635 * Description Removes bonding with the specified device
2636 *
2637 ******************************************************************************/
2638
btif_dm_remove_bond(const RawAddress bd_addr)2639 void btif_dm_remove_bond(const RawAddress bd_addr) {
2640 log::verbose("bd_addr={}", bd_addr);
2641
2642 BTM_LogHistory(kBtmLogTag, bd_addr, "Remove bond");
2643
2644 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_REMOVE_BOND, pairing_cb.state);
2645
2646 // special handling for HID devices
2647 // VUP needs to be sent if its a HID Device. The HID HOST module will check if
2648 // there is a valid hid connection with this bd_addr. If yes VUP will be
2649 // issued.
2650 #if (BTA_HH_INCLUDED == TRUE)
2651 tAclLinkSpec link_spec;
2652 link_spec.addrt.bda = bd_addr;
2653 link_spec.transport = BT_TRANSPORT_AUTO;
2654 link_spec.addrt.type = BLE_ADDR_PUBLIC;
2655
2656 if (GetInterfaceToProfiles()->profileSpecific_HACK->btif_hh_virtual_unplug(link_spec) !=
2657 BT_STATUS_SUCCESS)
2658 #endif
2659 {
2660 log::debug("Removing HH device");
2661 BTA_DmRemoveDevice(bd_addr);
2662 }
2663 }
2664
2665 /*******************************************************************************
2666 *
2667 * Function btif_dm_pin_reply
2668 *
2669 * Description BT legacy pairing - PIN code reply
2670 *
2671 ******************************************************************************/
2672
btif_dm_pin_reply(const RawAddress bd_addr,uint8_t accept,uint8_t pin_len,bt_pin_code_t pin_code)2673 void btif_dm_pin_reply(const RawAddress bd_addr, uint8_t accept, uint8_t pin_len,
2674 bt_pin_code_t pin_code) {
2675 log::verbose("{}({}) accept:{}", bd_addr, pairing_cb.is_le_only ? "LE" : "BR/EDR", accept);
2676
2677 if (pairing_cb.is_le_only) {
2678 int i;
2679 uint32_t passkey = 0;
2680 int multi[] = {100000, 10000, 1000, 100, 10, 1};
2681 for (i = 0; i < 6; i++) {
2682 passkey += (multi[i] * (pin_code.pin[i] - '0'));
2683 }
2684 BTA_DmBlePasskeyReply(bd_addr, accept, passkey);
2685
2686 } else {
2687 BTA_DmPinReply(bd_addr, accept, pin_len, pin_code.pin);
2688 if (accept) {
2689 pairing_cb.pin_code_len = pin_len;
2690 }
2691 }
2692 }
2693
2694 /*******************************************************************************
2695 *
2696 * Function btif_dm_ssp_reply
2697 *
2698 * Description BT SSP Reply - Just Works, Numeric Comparison & Passkey
2699 * Entry
2700 *
2701 ******************************************************************************/
btif_dm_ssp_reply(const RawAddress bd_addr,bt_ssp_variant_t variant,uint8_t accept)2702 void btif_dm_ssp_reply(const RawAddress bd_addr, bt_ssp_variant_t variant, uint8_t accept) {
2703 log::verbose("accept={}", accept);
2704 BTM_LogHistory(kBtmLogTag, bd_addr, "Ssp reply",
2705 std::format("originator:{} variant:{} accept:{:c} le:{:c} numeric_comparison:{:c}",
2706 pairing_cb.is_local_initiated ? "local" : "remote", variant,
2707 accept ? 'Y' : 'N', pairing_cb.is_le_only ? 'T' : 'F',
2708 pairing_cb.is_le_nc ? 'T' : 'F'));
2709 if (pairing_cb.is_le_only) {
2710 if (pairing_cb.is_le_nc) {
2711 BTA_DmBleConfirmReply(bd_addr, accept);
2712 } else {
2713 if (accept) {
2714 BTA_DmBleSecurityGrant(bd_addr, tBTA_DM_BLE_SEC_GRANT::BTA_DM_SEC_GRANTED);
2715 } else {
2716 BTA_DmBleSecurityGrant(bd_addr, tBTA_DM_BLE_SEC_GRANT::BTA_DM_SEC_PAIR_NOT_SPT);
2717 }
2718 }
2719 } else {
2720 BTA_DmConfirm(bd_addr, accept);
2721 }
2722 }
2723
2724 /*******************************************************************************
2725 *
2726 * Function btif_dm_get_local_class_of_device
2727 *
2728 * Description Reads the system property configured class of device
2729 *
2730 * Returns A DEV_CLASS containing the current class of device.
2731 * If no value is present, or the value is malformed
2732 * the default kEmpty value will be used
2733 *
2734 ******************************************************************************/
btif_dm_get_local_class_of_device()2735 DEV_CLASS btif_dm_get_local_class_of_device() {
2736 /* A class of device is a {SERVICE_CLASS, MAJOR_CLASS, MINOR_CLASS}
2737 *
2738 * The input is expected to be a string of the following format:
2739 * <decimal number>,<decimal number>,<decimal number>
2740 *
2741 * For example, "90,2,12" (Hex: 0x5A, 0x2, 0xC)
2742 *
2743 * Notice there is always two commas and no spaces.
2744 */
2745 char prop_cod[PROPERTY_VALUE_MAX];
2746 osi_property_get(PROPERTY_CLASS_OF_DEVICE, prop_cod, "");
2747
2748 // If the property is empty, use the default
2749 if (prop_cod[0] == '\0') {
2750 log::error("COD property is empty");
2751 return kDevClassUnclassified;
2752 }
2753
2754 // Start reading the contents of the property string. If at any point anything
2755 // is malformed, use the default.
2756 DEV_CLASS temp_device_class;
2757 int i = 0;
2758 int j = 0;
2759 for (;;) {
2760 // Build a string of all the chars until the next comma, null, or end of the
2761 // buffer is reached. If any char is not a digit, then return the default.
2762 std::string value;
2763 while (i < PROPERTY_VALUE_MAX && prop_cod[i] != ',' && prop_cod[i] != '\0') {
2764 char c = prop_cod[i++];
2765 if (!std::isdigit(c)) {
2766 log::error("COD malformed, '{:c}' is a non-digit", c);
2767 return kDevClassUnclassified;
2768 }
2769 value += c;
2770 }
2771
2772 // If we hit the end and it wasn't null terminated then return the default
2773 if (i == PROPERTY_VALUE_MAX && prop_cod[PROPERTY_VALUE_MAX - 1] != '\0') {
2774 log::error("COD malformed, value was truncated");
2775 return kDevClassUnclassified;
2776 }
2777
2778 // Each number in the list must be one byte, meaning 0 (0x00) -> 255 (0xFF)
2779 if (value.size() > 3 || value.size() == 0) {
2780 log::error("COD malformed, '{}' must be between [0, 255]", value);
2781 return kDevClassUnclassified;
2782 }
2783
2784 // Grab the value. If it's too large, then return the default
2785 uint32_t uint32_val = static_cast<uint32_t>(std::stoul(value.c_str()));
2786 if (uint32_val > 0xFF) {
2787 log::error("COD malformed, '{}' must be between [0, 255]", value);
2788 return kDevClassUnclassified;
2789 }
2790
2791 // Otherwise, it's safe to use
2792 temp_device_class[j++] = uint32_val;
2793
2794 // If we've reached 3 numbers then make sure we're at a null terminator
2795 if (j >= 3) {
2796 if (prop_cod[i] != '\0') {
2797 log::error("COD malformed, more than three numbers");
2798 return kDevClassUnclassified;
2799 }
2800 break;
2801 }
2802
2803 // If we're at a null terminator then we're done
2804 if (prop_cod[i] == '\0') {
2805 break;
2806 }
2807
2808 // Otherwise, skip over the comma
2809 ++i;
2810 }
2811
2812 // We must have read exactly 3 numbers
2813 DEV_CLASS device_class = kDevClassUnclassified;
2814 if (j == 3) {
2815 device_class[0] = temp_device_class[0];
2816 device_class[1] = temp_device_class[1];
2817 device_class[2] = temp_device_class[2];
2818 } else {
2819 log::error("COD malformed, fewer than three numbers");
2820 }
2821
2822 log::debug("Using class of device '0x{:x}, 0x{:x}, 0x{:x}' from CoD system property",
2823 device_class[0], device_class[1], device_class[2]);
2824
2825 #ifdef __ANDROID__
2826 // Per BAP 1.0.1, 8.2.3. Device discovery, the stack needs to set Class of
2827 // Device (CoD) field Major Service Class bit 14 to 0b1 when Unicast Server,
2828 // Unicast Client, Broadcast Source, Broadcast Sink, Scan Delegator, or
2829 // Broadcast Assistant is supported on this device
2830 if (android::sysprop::BluetoothProperties::isProfileBapUnicastClientEnabled().value_or(false) ||
2831 android::sysprop::BluetoothProperties::isProfileBapBroadcastAssistEnabled().value_or(false) ||
2832 android::sysprop::BluetoothProperties::isProfileBapBroadcastSourceEnabled().value_or(false)) {
2833 device_class[1] |= 0x01 << 6;
2834 } else {
2835 device_class[1] &= ~(0x01 << 6);
2836 }
2837 log::debug(
2838 "Check LE audio enabled status, update class of device to '0x{:x}, "
2839 "0x{:x}, 0x{:x}'",
2840 device_class[0], device_class[1], device_class[2]);
2841 #endif
2842 return device_class;
2843 }
2844
2845 /*******************************************************************************
2846 *
2847 * Function btif_dm_get_adapter_property
2848 *
2849 * Description Queries the BTA for the adapter property
2850 *
2851 * Returns bt_status_t
2852 *
2853 ******************************************************************************/
btif_dm_get_adapter_property(bt_property_t * prop)2854 bt_status_t btif_dm_get_adapter_property(bt_property_t* prop) {
2855 log::verbose("type=0x{:x}", prop->type);
2856 switch (prop->type) {
2857 case BT_PROPERTY_BDNAME: {
2858 bt_bdname_t* bd_name = (bt_bdname_t*)prop->val;
2859 strncpy((char*)bd_name->name, (char*)btif_get_default_local_name(),
2860 sizeof(bd_name->name) - 1);
2861 bd_name->name[sizeof(bd_name->name) - 1] = 0;
2862 prop->len = strlen((char*)bd_name->name);
2863 } break;
2864
2865 case BT_PROPERTY_ADAPTER_DISCOVERABLE_TIMEOUT: {
2866 uint32_t* tmt = (uint32_t*)prop->val;
2867 *tmt = 120; /* default to 120s, if not found in NV */
2868 prop->len = sizeof(uint32_t);
2869 } break;
2870
2871 default:
2872 prop->len = 0;
2873 return BT_STATUS_FAIL;
2874 }
2875 return BT_STATUS_SUCCESS;
2876 }
2877
2878 /*******************************************************************************
2879 *
2880 * Function btif_dm_get_remote_services
2881 *
2882 * Description Start SDP to get remote services by transport
2883 *
2884 * Returns bt_status_t
2885 *
2886 ******************************************************************************/
btif_dm_get_remote_services(RawAddress remote_addr,const tBT_TRANSPORT transport)2887 void btif_dm_get_remote_services(RawAddress remote_addr, const tBT_TRANSPORT transport) {
2888 log::verbose("transport={}, remote_addr={}", bt_transport_text(transport), remote_addr);
2889
2890 BTM_LogHistory(kBtmLogTag, remote_addr, "Service discovery",
2891 std::format("transport:{}", bt_transport_text(transport)));
2892
2893 BTA_DmDiscover(remote_addr,
2894 service_discovery_callbacks{
2895 .on_gatt_results = btif_on_gatt_results,
2896 .on_did_received = btif_on_did_received,
2897 .on_service_discovery_results = btif_on_service_discovery_results},
2898 transport);
2899 }
2900
btif_dm_enable_service(tBTA_SERVICE_ID service_id,bool enable)2901 void btif_dm_enable_service(tBTA_SERVICE_ID service_id, bool enable) {
2902 bt_status_t status = btif_in_execute_service_request(service_id, enable);
2903 if (status == BT_STATUS_SUCCESS) {
2904 bt_property_t property;
2905 Uuid local_uuids[BT_MAX_NUM_UUIDS];
2906
2907 /* Now send the UUID_PROPERTY_CHANGED event to the upper layer */
2908 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_UUIDS, sizeof(local_uuids), local_uuids);
2909 btif_storage_get_adapter_property(&property);
2910 GetInterfaceToProfiles()->events->invoke_adapter_properties_cb(BT_STATUS_SUCCESS, 1, &property);
2911 }
2912 return;
2913 }
2914
btif_dm_proc_io_req(tBTM_AUTH_REQ * p_auth_req,bool is_orig)2915 void btif_dm_proc_io_req(tBTM_AUTH_REQ* p_auth_req, bool is_orig) {
2916 uint8_t yes_no_bit = BTA_AUTH_SP_YES & *p_auth_req;
2917 /* if local initiated:
2918 ** 1. set DD + MITM
2919 ** if remote initiated:
2920 ** 1. Copy over the auth_req from peer's io_rsp
2921 ** 2. Set the MITM if peer has it set or if peer has DisplayYesNo
2922 *(iPhone)
2923 ** as a fallback set MITM+GB if peer had MITM set
2924 */
2925
2926 log::verbose("original p_auth_req={}", *p_auth_req);
2927 if (pairing_cb.is_local_initiated) {
2928 /* if initing/responding to a dedicated bonding, use dedicate bonding bit */
2929 *p_auth_req = BTA_AUTH_DD_BOND | BTA_AUTH_SP_YES;
2930 } else if (!is_orig) {
2931 /* peer initiated paring. They probably know what they want.
2932 ** Copy the mitm from peer device.
2933 */
2934 log::debug("peer initiated, setting p_auth_req to peer's: {}", pairing_cb.auth_req);
2935 *p_auth_req = (pairing_cb.auth_req & BTA_AUTH_BONDS);
2936
2937 /* copy over the MITM bit as well. In addition if the peer has DisplayYesNo,
2938 * force MITM */
2939 if ((yes_no_bit) || (pairing_cb.io_cap & BTM_IO_CAP_IO)) {
2940 *p_auth_req |= BTA_AUTH_SP_YES;
2941 }
2942 } else if (yes_no_bit) {
2943 /* set the general bonding bit for stored device */
2944 *p_auth_req = BTA_AUTH_GEN_BOND | yes_no_bit;
2945 }
2946 log::verbose("updated p_auth_req={}", *p_auth_req);
2947 }
2948
btif_dm_proc_io_rsp(const RawAddress &,tBTM_IO_CAP io_cap,tBTM_OOB_DATA,tBTM_AUTH_REQ auth_req)2949 void btif_dm_proc_io_rsp(const RawAddress& /* bd_addr */, tBTM_IO_CAP io_cap,
2950 tBTM_OOB_DATA /* oob_data */, tBTM_AUTH_REQ auth_req) {
2951 if (auth_req & BTA_AUTH_BONDS) {
2952 log::debug("auth_req:{}", auth_req);
2953 pairing_cb.auth_req = auth_req;
2954 pairing_cb.io_cap = io_cap;
2955 }
2956 }
2957
btif_dm_set_oob_for_io_req(tBTM_OOB_DATA * p_has_oob_data)2958 void btif_dm_set_oob_for_io_req(tBTM_OOB_DATA* p_has_oob_data) {
2959 if (is_empty_128bit(oob_cb.p192_data.c)) {
2960 *p_has_oob_data = false;
2961 } else {
2962 *p_has_oob_data = true;
2963 }
2964 log::verbose("*p_has_oob_data={}", *p_has_oob_data);
2965 }
2966
btif_dm_set_oob_for_le_io_req(const RawAddress & bd_addr,tBTM_OOB_DATA * p_has_oob_data,tBTM_LE_AUTH_REQ * p_auth_req)2967 void btif_dm_set_oob_for_le_io_req(const RawAddress& bd_addr, tBTM_OOB_DATA* p_has_oob_data,
2968 tBTM_LE_AUTH_REQ* p_auth_req) {
2969 switch (oob_cb.data_present) {
2970 case BTM_OOB_PRESENT_192_AND_256:
2971 log::info("Have both P192 and P256");
2972 [[fallthrough]];
2973 // Always prefer 256 for LE
2974 case BTM_OOB_PRESENT_256:
2975 log::info("Using P256");
2976 if (!is_empty_128bit(oob_cb.p256_data.c) && !is_empty_128bit(oob_cb.p256_data.r)) {
2977 /* make sure OOB data is for this particular device */
2978 if (bd_addr == oob_cb.bdaddr) {
2979 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
2980 *p_has_oob_data = true;
2981 } else {
2982 *p_has_oob_data = false;
2983 log::warn("P256-1: Remote address didn't match OOB data address");
2984 }
2985 } else if (!is_empty_128bit(oob_cb.p256_data.sm_tk)) {
2986 /* We have security manager TK */
2987
2988 /* make sure OOB data is for this particular device */
2989 if (bd_addr == oob_cb.bdaddr) {
2990 // When using OOB with TK, SC Secure Connections bit must be disabled.
2991 tBTM_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
2992 *p_auth_req = ((*p_auth_req) & mask);
2993 *p_has_oob_data = true;
2994 } else {
2995 *p_has_oob_data = false;
2996 log::warn("P256-2: Remote address didn't match OOB data address");
2997 }
2998 } else {
2999 *p_has_oob_data = false;
3000 }
3001 break;
3002 case BTM_OOB_PRESENT_192:
3003 log::info("Using P192");
3004 if (!is_empty_128bit(oob_cb.p192_data.c) && !is_empty_128bit(oob_cb.p192_data.r)) {
3005 /* make sure OOB data is for this particular device */
3006 if (bd_addr == oob_cb.bdaddr) {
3007 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
3008 *p_has_oob_data = true;
3009 } else {
3010 *p_has_oob_data = false;
3011 log::warn("P192-1: Remote address didn't match OOB data address");
3012 }
3013 } else if (!is_empty_128bit(oob_cb.p192_data.sm_tk)) {
3014 /* We have security manager TK */
3015
3016 /* make sure OOB data is for this particular device */
3017 if (bd_addr == oob_cb.bdaddr) {
3018 // When using OOB with TK, SC Secure Connections bit must be disabled.
3019 tBTM_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
3020 *p_auth_req = ((*p_auth_req) & mask);
3021 *p_has_oob_data = true;
3022 } else {
3023 *p_has_oob_data = false;
3024 log::warn("P192-2: Remote address didn't match OOB data address");
3025 }
3026 } else {
3027 *p_has_oob_data = false;
3028 }
3029 break;
3030 }
3031 log::verbose("*p_has_oob_data={}", *p_has_oob_data);
3032 }
3033
btif_dm_load_local_oob(void)3034 void btif_dm_load_local_oob(void) {
3035 char prop_oob[PROPERTY_VALUE_MAX];
3036 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
3037 log::verbose("prop_oob = {}", prop_oob);
3038 if (prop_oob[0] != '3') {
3039 if (is_empty_128bit(oob_cb.p192_data.c)) {
3040 log::verbose("read OOB, call BTA_DmLocalOob()");
3041 BTA_DmLocalOob();
3042 }
3043 }
3044 }
3045
3046 static bool waiting_on_oob_advertiser_start = false;
3047 static std::optional<uint8_t> oob_advertiser_id_;
stop_oob_advertiser()3048 static void stop_oob_advertiser() {
3049 // For chasing an advertising bug b/237023051
3050 log::debug("oob_advertiser_id: {}", oob_advertiser_id_.value());
3051 auto advertiser = bluetooth::shim::get_ble_advertiser_instance();
3052 advertiser->Unregister(oob_advertiser_id_.value());
3053 oob_advertiser_id_ = {};
3054 }
3055
3056 /*******************************************************************************
3057 *
3058 * Function btif_dm_generate_local_oob_data
3059 *
3060 * Description Initiate oob data fetch from controller
3061 *
3062 * Parameters transport; Classic or LE
3063 *
3064 ******************************************************************************/
btif_dm_generate_local_oob_data(tBT_TRANSPORT transport)3065 void btif_dm_generate_local_oob_data(tBT_TRANSPORT transport) {
3066 log::debug("Transport {}", bt_transport_text(transport));
3067 if (transport == BT_TRANSPORT_BR_EDR) {
3068 BTM_ReadLocalOobData();
3069 } else if (transport == BT_TRANSPORT_LE) {
3070 // Call create data first, so we don't have to hold on to the address for
3071 // the state machine lifecycle. Rather, lets create the data, then start
3072 // advertising then request the address.
3073 if (!waiting_on_oob_advertiser_start) {
3074 // For chasing an advertising bug b/237023051
3075 log::debug("oob_advertiser_id: {}", oob_advertiser_id_.value_or(255));
3076 if (oob_advertiser_id_.has_value()) {
3077 stop_oob_advertiser();
3078 }
3079 waiting_on_oob_advertiser_start = true;
3080 if (!SMP_CrLocScOobData()) {
3081 waiting_on_oob_advertiser_start = false;
3082 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(transport, false, Octet16{},
3083 Octet16{}, RawAddress{}, 0x00);
3084 }
3085 } else {
3086 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(transport, false, Octet16{},
3087 Octet16{}, RawAddress{}, 0x00);
3088 }
3089 }
3090 }
3091
3092 // Step Four: CallBack from Step Three
get_address_callback(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t address_type,RawAddress address)3093 static void get_address_callback(tBT_TRANSPORT transport, bool is_valid, const Octet16& c,
3094 const Octet16& r, uint8_t address_type, RawAddress address) {
3095 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(transport, is_valid, c, r, address,
3096 address_type);
3097 waiting_on_oob_advertiser_start = false;
3098 }
3099
3100 // Step Three: CallBack from Step Two, advertise and get address
start_advertising_callback(uint8_t id,tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t advertising_status)3101 static void start_advertising_callback(uint8_t id, tBT_TRANSPORT transport, bool is_valid,
3102 const Octet16& c, const Octet16& r,
3103 uint8_t advertising_status) {
3104 if (advertising_status != 0) {
3105 log::info("OOB get advertiser ID failed with status {}", advertising_status);
3106 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(transport, false, c, r,
3107 RawAddress{}, 0x00);
3108 SMP_ClearLocScOobData();
3109 waiting_on_oob_advertiser_start = false;
3110 oob_advertiser_id_ = {};
3111 return;
3112 }
3113 log::debug("OOB advertiser with id {}", id);
3114 auto advertiser = bluetooth::shim::get_ble_advertiser_instance();
3115 advertiser->GetOwnAddress(id, base::Bind(&get_address_callback, transport, is_valid, c, r));
3116 }
3117
timeout_cb(uint8_t id,uint8_t advertising_status)3118 static void timeout_cb(uint8_t id, uint8_t advertising_status) {
3119 log::info("OOB advertiser with id {} timed out with status {}", id, advertising_status);
3120 auto advertiser = bluetooth::shim::get_ble_advertiser_instance();
3121 advertiser->Unregister(id);
3122 SMP_ClearLocScOobData();
3123 waiting_on_oob_advertiser_start = false;
3124 oob_advertiser_id_ = {};
3125 }
3126
3127 // Step Two: CallBack from Step One, advertise and get address
id_status_callback(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t id,uint8_t advertising_status)3128 static void id_status_callback(tBT_TRANSPORT transport, bool is_valid, const Octet16& c,
3129 const Octet16& r, uint8_t id, uint8_t advertising_status) {
3130 if (advertising_status != 0) {
3131 log::info("OOB get advertiser ID failed with status {}", advertising_status);
3132 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(transport, false, c, r,
3133 RawAddress{}, 0x00);
3134 SMP_ClearLocScOobData();
3135 waiting_on_oob_advertiser_start = false;
3136 oob_advertiser_id_ = {};
3137 return;
3138 }
3139
3140 oob_advertiser_id_ = id;
3141 log::info("oob_advertiser_id: {}", id);
3142
3143 auto advertiser = bluetooth::shim::get_ble_advertiser_instance();
3144 ::AdvertiseParameters parameters{};
3145 parameters.advertising_event_properties = 0x0041 /* connectable, tx power */;
3146 parameters.min_interval = 0xa0; // 100 ms
3147 parameters.max_interval = 0x500; // 800 ms
3148 parameters.channel_map = 0x7; // Use all the channels
3149 parameters.tx_power = 0; // 0 dBm
3150 parameters.primary_advertising_phy = 1;
3151 parameters.secondary_advertising_phy = 2;
3152 parameters.scan_request_notification_enable = 0;
3153 parameters.own_address_type = BLE_ADDR_RANDOM;
3154 parameters.discoverable = true;
3155
3156 std::vector<uint8_t> advertisement{0x02, 0x01 /* Flags */, 0x02 /* Connectable */};
3157 std::vector<uint8_t> scan_data{};
3158
3159 advertiser->StartAdvertising(
3160 id, base::Bind(&start_advertising_callback, id, transport, is_valid, c, r), parameters,
3161 advertisement, scan_data, 120 /* timeout_s */, base::Bind(&timeout_cb, id));
3162 }
3163
3164 // Step One: Start the advertiser
start_oob_advertiser(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r)3165 static void start_oob_advertiser(tBT_TRANSPORT transport, bool is_valid, const Octet16& c,
3166 const Octet16& r) {
3167 auto advertiser = bluetooth::shim::get_ble_advertiser_instance();
3168 advertiser->RegisterAdvertiser(base::Bind(&id_status_callback, transport, is_valid, c, r));
3169 }
3170
btif_dm_proc_loc_oob(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r)3171 void btif_dm_proc_loc_oob(tBT_TRANSPORT transport, bool is_valid, const Octet16& c,
3172 const Octet16& r) {
3173 // is_valid is important for deciding which OobDataCallback function to use
3174 if (!is_valid) {
3175 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(transport, false, c, r,
3176 RawAddress{}, 0x00);
3177 waiting_on_oob_advertiser_start = false;
3178 return;
3179 }
3180 if (transport == BT_TRANSPORT_LE) {
3181 // Now that we have the data, lets start advertising and get the address.
3182 start_oob_advertiser(transport, is_valid, c, r);
3183 } else {
3184 GetInterfaceToProfiles()->events->invoke_oob_data_request_cb(
3185 transport, is_valid, c, r,
3186 bluetooth::ToRawAddress(bluetooth::shim::GetController()->GetMacAddress()), 0x00);
3187 }
3188 }
3189
3190 /*******************************************************************************
3191 *
3192 * Function btif_dm_get_smp_config
3193 *
3194 * Description Retrieve the SMP pairing options from the bt_stack.conf
3195 * file. To provide specific pairing options for the host
3196 * add a node with label "SmpOptions" to the config file
3197 * and assign it a comma separated list of 5 values in the
3198 * format: auth, io, ikey, rkey, ksize, oob
3199 * eg: PTS_SmpOptions=0xD,0x4,0xf,0xf,0x10
3200 *
3201 * Parameters: tBTE_APPL_CFG*: pointer to struct defining pairing options
3202 *
3203 * Returns true if the options were successfully read, else false
3204 *
3205 ******************************************************************************/
btif_dm_get_smp_config(tBTE_APPL_CFG * p_cfg)3206 bool btif_dm_get_smp_config(tBTE_APPL_CFG* p_cfg) {
3207 const std::string* recv = stack_config_get_interface()->get_pts_smp_options();
3208 if (!recv) {
3209 log::warn("SMP pairing options not found in stack configuration");
3210 return false;
3211 }
3212
3213 char conf[64];
3214 char* pch;
3215 char* endptr;
3216 char* saveptr;
3217
3218 strncpy(conf, recv->c_str(), 64);
3219 conf[63] = 0; // null terminate
3220
3221 pch = strtok_r(conf, ",", &saveptr);
3222 if (pch != NULL) {
3223 p_cfg->ble_auth_req = (uint8_t)strtoul(pch, &endptr, 16);
3224 } else {
3225 return false;
3226 }
3227
3228 pch = strtok_r(NULL, ",", &saveptr);
3229 if (pch != NULL) {
3230 p_cfg->ble_io_cap = (uint8_t)strtoul(pch, &endptr, 16);
3231 } else {
3232 return false;
3233 }
3234
3235 pch = strtok_r(NULL, ",", &saveptr);
3236 if (pch != NULL) {
3237 p_cfg->ble_init_key = (uint8_t)strtoul(pch, &endptr, 16);
3238 } else {
3239 return false;
3240 }
3241
3242 pch = strtok_r(NULL, ",", &saveptr);
3243 if (pch != NULL) {
3244 p_cfg->ble_resp_key = (uint8_t)strtoul(pch, &endptr, 16);
3245 } else {
3246 return false;
3247 }
3248
3249 pch = strtok_r(NULL, ",", &saveptr);
3250 if (pch != NULL) {
3251 p_cfg->ble_max_key_size = (uint8_t)strtoul(pch, &endptr, 16);
3252 } else {
3253 return false;
3254 }
3255
3256 return true;
3257 }
3258
btif_dm_proc_rmt_oob(const RawAddress & bd_addr,Octet16 * p_c,Octet16 * p_r)3259 bool btif_dm_proc_rmt_oob(const RawAddress& bd_addr, Octet16* p_c, Octet16* p_r) {
3260 const char* path_a = "/data/misc/bluedroid/LOCAL/a.key";
3261 const char* path_b = "/data/misc/bluedroid/LOCAL/b.key";
3262 const char* path = NULL;
3263 char prop_oob[PROPERTY_VALUE_MAX];
3264 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
3265 log::debug("prop_oob = {}", prop_oob);
3266 if (prop_oob[0] == '1') {
3267 path = path_b;
3268 } else if (prop_oob[0] == '2') {
3269 path = path_a;
3270 }
3271 if (!path) {
3272 log::debug("can't open path!");
3273 return false;
3274 }
3275
3276 FILE* fp = fopen(path, "rb");
3277 if (fp == NULL) {
3278 log::debug("failed to read OOB keys from {}", path);
3279 return false;
3280 }
3281
3282 log::verbose("read OOB data from {}", path);
3283 (void)fread(p_c->data(), 1, OCTET16_LEN, fp);
3284 (void)fread(p_r->data(), 1, OCTET16_LEN, fp);
3285 fclose(fp);
3286
3287 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3288 return true;
3289 }
3290
btif_dm_ble_passkey_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)3291 static void btif_dm_ble_passkey_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
3292 RawAddress bd_addr;
3293 int dev_type;
3294
3295 log::verbose("addr:{}", p_ssp_key_notif->bd_addr);
3296
3297 /* Remote name update */
3298 if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
3299 dev_type = BT_DEVICE_TYPE_BLE;
3300 }
3301 btif_update_remote_properties(p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
3302 p_ssp_key_notif->dev_class, (tBT_DEVICE_TYPE)dev_type);
3303 bd_addr = p_ssp_key_notif->bd_addr;
3304
3305 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3306 pairing_cb.is_ssp = false;
3307 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
3308 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
3309 }
3310
3311 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Ssp request",
3312 std::format("passkey:{}", p_ssp_key_notif->passkey));
3313
3314 GetInterfaceToProfiles()->events->invoke_ssp_request_cb(
3315 bd_addr, BT_SSP_VARIANT_PASSKEY_NOTIFICATION, p_ssp_key_notif->passkey);
3316 }
3317
btif_dm_ble_is_temp_pairing(RawAddress & bd_addr,bool ctkd)3318 static bool btif_dm_ble_is_temp_pairing(RawAddress& bd_addr, bool ctkd) {
3319 if (btm_get_bond_type_dev(bd_addr) == BOND_TYPE_TEMPORARY) {
3320 return ctkd;
3321 }
3322
3323 return false;
3324 }
3325
btif_model_name_known(const RawAddress & bd_addr)3326 static bool btif_model_name_known(const RawAddress& bd_addr) {
3327 bt_property_t prop;
3328 bt_bdname_t model_name;
3329 BTIF_STORAGE_FILL_PROPERTY(&prop, BT_PROPERTY_REMOTE_MODEL_NUM, sizeof(model_name), &model_name);
3330
3331 if (btif_storage_get_remote_device_property(&bd_addr, &prop) != BT_STATUS_SUCCESS ||
3332 prop.len == 0) {
3333 log::info("Device {} no cached model name", bd_addr);
3334 return false;
3335 }
3336
3337 return true;
3338 }
3339
read_dis_cback(const RawAddress & bd_addr,tDIS_VALUE * p_dis_value)3340 static void read_dis_cback(const RawAddress& bd_addr, tDIS_VALUE* p_dis_value) {
3341 if (p_dis_value == nullptr) {
3342 log::warn("received unexpected/error DIS callback");
3343 return;
3344 }
3345
3346 if (!(p_dis_value->attr_mask & DIS_ATTR_MODEL_NUM_BIT)) {
3347 log::warn("unknown bit, mask: {}", (int)p_dis_value->attr_mask);
3348 return;
3349 }
3350
3351 for (int i = 0; i < DIS_MAX_STRING_DATA; i++) {
3352 if (p_dis_value->data_string[i] == nullptr) {
3353 continue;
3354 }
3355
3356 bt_property_t prop;
3357 prop.type = BT_PROPERTY_REMOTE_MODEL_NUM;
3358 prop.val = p_dis_value->data_string[i];
3359 prop.len = strlen((char*)prop.val);
3360
3361 log::info("Device {}, model name: {}", bd_addr, (char*)prop.val);
3362
3363 btif_storage_set_remote_device_property(&bd_addr, &prop);
3364 GetInterfaceToProfiles()->events->invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr,
3365 1, &prop);
3366 }
3367 }
3368
3369 /*******************************************************************************
3370 *
3371 * Function btif_dm_ble_auth_cmpl_evt
3372 *
3373 * Description Executes authentication complete event in btif context
3374 *
3375 * Returns void
3376 *
3377 ******************************************************************************/
btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)3378 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
3379 /* Save link key, if not temporary */
3380 bt_status_t status = BT_STATUS_FAIL;
3381 bt_bond_state_t state = BT_BOND_STATE_NONE;
3382
3383 RawAddress bd_addr = p_auth_cmpl->bd_addr;
3384
3385 /* Clear OOB data */
3386 memset(&oob_cb, 0, sizeof(oob_cb));
3387
3388 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
3389 /* store keys */
3390 }
3391 if (p_auth_cmpl->success) {
3392 status = BT_STATUS_SUCCESS;
3393 state = BT_BOND_STATE_BONDED;
3394 tBLE_ADDR_TYPE addr_type;
3395
3396 if (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) != BT_STATUS_SUCCESS) {
3397 btif_storage_set_remote_addr_type(&bd_addr, p_auth_cmpl->addr_type);
3398 }
3399
3400 /* Test for temporary bonding */
3401 if (btif_dm_ble_is_temp_pairing(bd_addr, p_auth_cmpl->is_ctkd)) {
3402 log::debug("sending BT_BOND_STATE_NONE for Temp pairing");
3403 btif_storage_remove_bonded_device(&bd_addr);
3404 state = BT_BOND_STATE_NONE;
3405 } else {
3406 btif_dm_save_ble_bonding_keys(bd_addr);
3407
3408 if (is_le_audio_capable_during_service_discovery(bd_addr) &&
3409 !btif_model_name_known(bd_addr) &&
3410 get_btm_client_interface().peer.BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
3411 log::info("Read model name for le audio capable device");
3412 if (!DIS_ReadDISInfo(bd_addr, read_dis_cback, DIS_ATTR_MODEL_NUM_BIT)) {
3413 log::warn("Read DIS failed");
3414 }
3415 }
3416
3417 if (pairing_cb.gatt_over_le == btif_dm_pairing_cb_t::ServiceDiscoveryState::NOT_STARTED) {
3418 log::info("scheduling GATT discovery over LE for {}", bd_addr);
3419 pairing_cb.gatt_over_le = btif_dm_pairing_cb_t::ServiceDiscoveryState::SCHEDULED;
3420 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_LE);
3421 } else {
3422 log::info(
3423 "skipping GATT discovery over LE - was already scheduled or "
3424 "finished for {}, state: {}",
3425 bd_addr, pairing_cb.gatt_over_le);
3426 }
3427 }
3428 } else {
3429 /* Map the HCI fail reason to bt status */
3430 // TODO This is not a proper use of the type
3431 uint8_t fail_reason = static_cast<uint8_t>(p_auth_cmpl->fail_reason);
3432 log::error("LE authentication for {} failed with reason {}", bd_addr, p_auth_cmpl->fail_reason);
3433 switch (fail_reason) {
3434 case BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL:
3435 case BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL:
3436 case BTA_DM_AUTH_SMP_UNKNOWN_ERR:
3437 btif_dm_remove_ble_bonding_keys();
3438 status = BT_STATUS_AUTH_FAILURE;
3439 break;
3440
3441 case BTA_DM_AUTH_SMP_CONN_TOUT: {
3442 bool during_bonding =
3443 (bd_addr == pairing_cb.bd_addr || bd_addr == pairing_cb.static_bdaddr);
3444
3445 if (during_bonding || p_auth_cmpl->is_ctkd || !btm_sec_is_a_bonded_dev(bd_addr)) {
3446 log::info("Removing ble bonding keys on SMP_CONN_TOUT during_bonding: {}, is_ctkd: {}",
3447 during_bonding, p_auth_cmpl->is_ctkd);
3448 btif_dm_remove_ble_bonding_keys();
3449 status = BT_STATUS_AUTH_FAILURE;
3450 } else {
3451 log::warn("Bonded device addr={}, timed out - will not remove the keys", bd_addr);
3452 // Don't send state change to upper layers - otherwise Java think we
3453 // unbonded, and will disconnect HID profile.
3454 return;
3455 }
3456 break;
3457 }
3458 case BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT:
3459 status = BT_STATUS_AUTH_REJECTED;
3460 break;
3461 default:
3462 btif_dm_remove_ble_bonding_keys();
3463 status = BT_STATUS_UNHANDLED;
3464 break;
3465 }
3466 }
3467 if (state == BT_BOND_STATE_BONDED && !pairing_cb.static_bdaddr.IsEmpty() &&
3468 bd_addr != pairing_cb.static_bdaddr) {
3469 // Report RPA bonding state to Java in crosskey paring
3470 bond_state_changed(status, bd_addr, BT_BOND_STATE_BONDING);
3471 }
3472 bond_state_changed(status, bd_addr, state);
3473 // TODO(240451061): Calling `stop_oob_advertiser();` gets command
3474 // disallowed...
3475 }
3476
btif_dm_load_ble_local_keys(void)3477 void btif_dm_load_ble_local_keys(void) {
3478 memset(&ble_local_key_cb, 0, sizeof(btif_dm_local_key_cb_t));
3479
3480 if (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_ER, &ble_local_key_cb.er) ==
3481 BT_STATUS_SUCCESS) {
3482 ble_local_key_cb.is_er_rcvd = true;
3483 log::verbose("BLE ER key loaded");
3484 }
3485
3486 if ((btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IR, &ble_local_key_cb.id_keys.ir) ==
3487 BT_STATUS_SUCCESS) &&
3488 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IRK, &ble_local_key_cb.id_keys.irk) ==
3489 BT_STATUS_SUCCESS) &&
3490 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_DHK, &ble_local_key_cb.id_keys.dhk) ==
3491 BT_STATUS_SUCCESS)) {
3492 ble_local_key_cb.is_id_keys_rcvd = true;
3493 log::verbose("BLE ID keys loaded");
3494 }
3495 }
btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK * p_key_mask,Octet16 * p_er,tBTA_BLE_LOCAL_ID_KEYS * p_id_keys)3496 void btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK* p_key_mask, Octet16* p_er,
3497 tBTA_BLE_LOCAL_ID_KEYS* p_id_keys) {
3498 log::assert_that(p_key_mask != nullptr, "assert failed: p_key_mask != nullptr");
3499 if (ble_local_key_cb.is_er_rcvd) {
3500 log::assert_that(p_er != nullptr, "assert failed: p_er != nullptr");
3501 *p_er = ble_local_key_cb.er;
3502 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ER;
3503 }
3504
3505 if (ble_local_key_cb.is_id_keys_rcvd) {
3506 log::assert_that(p_id_keys != nullptr, "assert failed: p_id_keys != nullptr");
3507 p_id_keys->ir = ble_local_key_cb.id_keys.ir;
3508 p_id_keys->irk = ble_local_key_cb.id_keys.irk;
3509 p_id_keys->dhk = ble_local_key_cb.id_keys.dhk;
3510 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ID;
3511 }
3512 log::verbose("*p_key_mask=0x{:02x}", *p_key_mask);
3513 }
3514
btif_dm_save_ble_bonding_keys(RawAddress & bd_addr)3515 static void btif_dm_save_ble_bonding_keys(RawAddress& bd_addr) {
3516 log::verbose("{}", bd_addr);
3517
3518 if (bd_addr.IsEmpty()) {
3519 log::warn("bd_addr is empty");
3520 return;
3521 }
3522
3523 if (pairing_cb.ble.is_penc_key_rcvd) {
3524 btif_storage_add_ble_bonding_key(&bd_addr, (uint8_t*)&pairing_cb.ble.penc_key, BTM_LE_KEY_PENC,
3525 sizeof(tBTM_LE_PENC_KEYS));
3526 }
3527
3528 if (pairing_cb.ble.is_pid_key_rcvd) {
3529 btif_storage_add_ble_bonding_key(&bd_addr, (uint8_t*)&pairing_cb.ble.pid_key, BTM_LE_KEY_PID,
3530 sizeof(tBTM_LE_PID_KEYS));
3531 }
3532
3533 if (pairing_cb.ble.is_pcsrk_key_rcvd) {
3534 btif_storage_add_ble_bonding_key(&bd_addr, (uint8_t*)&pairing_cb.ble.pcsrk_key,
3535 BTM_LE_KEY_PCSRK, sizeof(tBTM_LE_PCSRK_KEYS));
3536 }
3537
3538 if (pairing_cb.ble.is_lenc_key_rcvd) {
3539 btif_storage_add_ble_bonding_key(&bd_addr, (uint8_t*)&pairing_cb.ble.lenc_key, BTM_LE_KEY_LENC,
3540 sizeof(tBTM_LE_LENC_KEYS));
3541 }
3542
3543 if (pairing_cb.ble.is_lcsrk_key_rcvd) {
3544 btif_storage_add_ble_bonding_key(&bd_addr, (uint8_t*)&pairing_cb.ble.lcsrk_key,
3545 BTM_LE_KEY_LCSRK, sizeof(tBTM_LE_LCSRK_KEYS));
3546 }
3547
3548 if (pairing_cb.ble.is_lidk_key_rcvd) {
3549 uint8_t empty[] = {};
3550 btif_storage_add_ble_bonding_key(&bd_addr, empty, BTM_LE_KEY_LID, 0);
3551 }
3552 }
3553
btif_dm_remove_ble_bonding_keys(void)3554 static void btif_dm_remove_ble_bonding_keys(void) {
3555 log::verbose("removing ble bonding keys");
3556
3557 RawAddress bd_addr = pairing_cb.bd_addr;
3558 btif_storage_remove_ble_bonding_keys(&bd_addr);
3559 }
3560
3561 /*******************************************************************************
3562 *
3563 * Function btif_dm_ble_sec_req_evt
3564 *
3565 * Description Eprocess security request event in btif context
3566 *
3567 * Returns void
3568 *
3569 ******************************************************************************/
btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ * p_ble_req,bool is_consent)3570 static void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ* p_ble_req, bool is_consent) {
3571 int dev_type;
3572
3573 log::verbose("addr:{}", p_ble_req->bd_addr);
3574
3575 if (!is_consent && pairing_cb.state == BT_BOND_STATE_BONDING) {
3576 log::warn("Discard security request");
3577 return;
3578 }
3579
3580 /* Remote name update */
3581 if (!btif_get_device_type(p_ble_req->bd_addr, &dev_type)) {
3582 dev_type = BT_DEVICE_TYPE_BLE;
3583 }
3584 btif_update_remote_properties(p_ble_req->bd_addr, p_ble_req->bd_name, p_ble_req->dev_class,
3585 (tBT_DEVICE_TYPE)dev_type);
3586
3587 RawAddress bd_addr = p_ble_req->bd_addr;
3588
3589 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3590
3591 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
3592 pairing_cb.is_le_only = true;
3593 pairing_cb.is_le_nc = false;
3594 pairing_cb.is_ssp = true;
3595 if (!com::android::bluetooth::flags::temporary_pairing_tracking()) {
3596 btm_set_bond_type_dev(p_ble_req->bd_addr, pairing_cb.bond_type);
3597 }
3598
3599 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "SSP ble request", "BT_SSP_VARIANT_CONSENT");
3600
3601 GetInterfaceToProfiles()->events->invoke_ssp_request_cb(bd_addr, BT_SSP_VARIANT_CONSENT, 0);
3602 }
3603
3604 /*******************************************************************************
3605 *
3606 * Function btif_dm_ble_passkey_req_evt
3607 *
3608 * Description Executes pin request event in btif context
3609 *
3610 * Returns void
3611 *
3612 ******************************************************************************/
btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ * p_pin_req)3613 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
3614 bt_bdname_t bd_name;
3615 uint32_t cod;
3616 int dev_type;
3617
3618 /* Remote name update */
3619 if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
3620 dev_type = BT_DEVICE_TYPE_BLE;
3621 }
3622 btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name, p_pin_req->dev_class,
3623 (tBT_DEVICE_TYPE)dev_type);
3624
3625 RawAddress bd_addr = p_pin_req->bd_addr;
3626 bd_name_copy(bd_name.name, p_pin_req->bd_name);
3627
3628 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3629 pairing_cb.is_le_only = true;
3630 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
3631 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
3632 }
3633
3634 cod = COD_UNCLASSIFIED;
3635
3636 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "PIN request",
3637 std::format("name:'{}'", reinterpret_cast<char const*>(bd_name.name)));
3638
3639 GetInterfaceToProfiles()->events->invoke_pin_request_cb(bd_addr, bd_name, cod, false);
3640 }
3641
btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF * p_notif_req)3642 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req) {
3643 /* TODO implement key notification for numeric comparison */
3644
3645 RawAddress bd_addr = p_notif_req->bd_addr;
3646 log::verbose("addr:{}", bd_addr);
3647
3648 /* Remote name update */
3649 btif_update_remote_properties(p_notif_req->bd_addr, p_notif_req->bd_name, p_notif_req->dev_class,
3650 BT_DEVICE_TYPE_BLE);
3651
3652 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3653 pairing_cb.is_ssp = false;
3654 pairing_cb.is_le_only = true;
3655 pairing_cb.is_le_nc = true;
3656 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
3657 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
3658 }
3659 BTM_LogHistory(kBtmLogTagCallback, bd_addr, "Ssp request",
3660 std::format("passkey:{}", p_notif_req->passkey));
3661
3662 GetInterfaceToProfiles()->events->invoke_ssp_request_cb(
3663 bd_addr, BT_SSP_VARIANT_PASSKEY_CONFIRMATION, p_notif_req->passkey);
3664 }
3665
btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)3666 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
3667 log::verbose("addr:{}", req_oob_type->bd_addr);
3668
3669 RawAddress bd_addr = req_oob_type->bd_addr;
3670 /* We already checked if OOB data is present in
3671 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
3672 * do nothing, pairing will timeout.
3673 */
3674 if (is_empty_128bit(oob_cb.p192_data.sm_tk)) {
3675 return;
3676 }
3677
3678 /* make sure OOB data is for this particular device */
3679 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
3680 log::warn("remote address didn't match OOB data address");
3681 return;
3682 }
3683
3684 /* Remote name update */
3685 btif_update_remote_properties(req_oob_type->bd_addr, req_oob_type->bd_name,
3686 req_oob_type->dev_class, BT_DEVICE_TYPE_BLE);
3687
3688 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3689 pairing_cb.is_ssp = false;
3690 pairing_cb.is_le_only = true;
3691 pairing_cb.is_le_nc = false;
3692 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
3693 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
3694 }
3695
3696 BTM_BleOobDataReply(req_oob_type->bd_addr, tBTM_STATUS::BTM_SUCCESS, 16, oob_cb.p192_data.sm_tk);
3697 }
3698
btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)3699 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
3700 RawAddress bd_addr = req_oob_type->bd_addr;
3701 log::verbose("bd_addr: {}", bd_addr);
3702 log::verbose("oob_cb.bdaddr: {}", oob_cb.bdaddr);
3703
3704 /* make sure OOB data is for this particular device */
3705 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
3706 log::error("remote address didn't match OOB data address");
3707 return;
3708 }
3709
3710 /* We already checked if OOB data is present in
3711 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
3712 * do nothing, pairing will timeout.
3713 */
3714 bt_oob_data_t oob_data_to_use = {};
3715 switch (oob_cb.data_present) {
3716 case BTM_OOB_PRESENT_192_AND_256:
3717 log::info("Have both P192 and P256");
3718 [[fallthrough]];
3719 // Always prefer 256 for LE
3720 case BTM_OOB_PRESENT_256:
3721 log::info("Using P256");
3722 if (is_empty_128bit(oob_cb.p256_data.c) && is_empty_128bit(oob_cb.p256_data.r)) {
3723 log::warn("P256 LE SC OOB data is empty");
3724 return;
3725 }
3726 oob_data_to_use = oob_cb.p256_data;
3727 break;
3728 case BTM_OOB_PRESENT_192:
3729 log::info("Using P192");
3730 if (is_empty_128bit(oob_cb.p192_data.c) && is_empty_128bit(oob_cb.p192_data.r)) {
3731 log::warn("P192 LE SC OOB data is empty");
3732 return;
3733 }
3734 oob_data_to_use = oob_cb.p192_data;
3735 break;
3736 }
3737
3738 /* Remote name update */
3739 btif_update_remote_properties(req_oob_type->bd_addr, oob_data_to_use.device_name,
3740 req_oob_type->dev_class, BT_DEVICE_TYPE_BLE);
3741
3742 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3743 pairing_cb.is_ssp = false;
3744 // TODO: we can derive classic pairing from this one
3745 pairing_cb.is_le_only = true;
3746 pairing_cb.is_le_nc = false;
3747 if (com::android::bluetooth::flags::temporary_pairing_tracking()) {
3748 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
3749 }
3750 BTM_BleSecureConnectionOobDataReply(req_oob_type->bd_addr, oob_data_to_use.c, oob_data_to_use.r);
3751 }
3752
btif_dm_ble_tx_test_cback(void * p)3753 static void btif_dm_ble_tx_test_cback(void* p) {
3754 char* p_param = (char*)p;
3755 uint8_t status;
3756 STREAM_TO_UINT8(status, p_param);
3757 GetInterfaceToProfiles()->events->invoke_le_test_mode_cb(
3758 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
3759 }
3760
btif_dm_ble_rx_test_cback(void * p)3761 static void btif_dm_ble_rx_test_cback(void* p) {
3762 char* p_param = (char*)p;
3763 uint8_t status;
3764 STREAM_TO_UINT8(status, p_param);
3765 GetInterfaceToProfiles()->events->invoke_le_test_mode_cb(
3766 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
3767 }
3768
btif_dm_ble_test_end_cback(void * p)3769 static void btif_dm_ble_test_end_cback(void* p) {
3770 char* p_param = (char*)p;
3771 uint8_t status;
3772 uint16_t count = 0;
3773 STREAM_TO_UINT8(status, p_param);
3774 if (status == 0) {
3775 STREAM_TO_UINT16(count, p_param);
3776 }
3777 GetInterfaceToProfiles()->events->invoke_le_test_mode_cb(
3778 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, count);
3779 }
3780
btif_ble_transmitter_test(uint8_t tx_freq,uint8_t test_data_len,uint8_t packet_payload)3781 void btif_ble_transmitter_test(uint8_t tx_freq, uint8_t test_data_len, uint8_t packet_payload) {
3782 BTM_BleTransmitterTest(tx_freq, test_data_len, packet_payload, btif_dm_ble_tx_test_cback);
3783 }
3784
btif_ble_receiver_test(uint8_t rx_freq)3785 void btif_ble_receiver_test(uint8_t rx_freq) {
3786 BTM_BleReceiverTest(rx_freq, btif_dm_ble_rx_test_cback);
3787 }
3788
btif_ble_test_end()3789 void btif_ble_test_end() { BTM_BleTestEnd(btif_dm_ble_test_end_cback); }
3790
btif_dm_on_disable()3791 void btif_dm_on_disable() {
3792 /* cancel any pending pairing requests */
3793 if (is_bonding_or_sdp()) {
3794 log::verbose("Cancel pending pairing request");
3795 btif_dm_cancel_bond(pairing_cb.bd_addr);
3796 }
3797 }
3798
3799 /*******************************************************************************
3800 *
3801 * Function btif_dm_read_energy_info
3802 *
3803 * Description Reads the energy info from controller
3804 *
3805 * Returns void
3806 *
3807 ******************************************************************************/
btif_dm_read_energy_info()3808 void btif_dm_read_energy_info() { BTA_DmBleGetEnergyInfo(bta_energy_info_cb); }
3809
btif_get_default_local_name_new()3810 static const char* btif_get_default_local_name_new() {
3811 using bluetooth::common::StringTrim;
3812 static std::string default_name = "";
3813
3814 if (default_name.empty()) {
3815 std::string name = StringTrim(os::GetSystemProperty(PROPERTY_DEFAULT_DEVICE_NAME).value_or(""));
3816 if (name.size() > BD_NAME_LEN) {
3817 name.resize(BD_NAME_LEN);
3818 }
3819 default_name = name;
3820 }
3821
3822 if (default_name.empty()) {
3823 std::string name = StringTrim(os::GetSystemProperty(PROPERTY_PRODUCT_MODEL).value_or(""));
3824 if (name.size() > BD_NAME_LEN) {
3825 name.resize(BD_NAME_LEN);
3826 }
3827 default_name = name;
3828 }
3829
3830 if (default_name.empty()) {
3831 default_name = "Android";
3832 }
3833
3834 return default_name.c_str();
3835 }
3836
btif_get_default_local_name()3837 static const char* btif_get_default_local_name() {
3838 if (com::android::bluetooth::flags::empty_names_are_invalid()) {
3839 return btif_get_default_local_name_new();
3840 }
3841 static char btif_default_local_name[DEFAULT_LOCAL_NAME_MAX + 1] = {'\0'};
3842
3843 if (btif_default_local_name[0] == '\0') {
3844 int max_len = sizeof(btif_default_local_name) - 1;
3845
3846 char prop_name[PROPERTY_VALUE_MAX];
3847 osi_property_get(PROPERTY_DEFAULT_DEVICE_NAME, prop_name, "");
3848 strncpy(btif_default_local_name, prop_name, max_len);
3849
3850 // If no value was placed in the btif_default_local_name then use model name
3851 if (btif_default_local_name[0] == '\0') {
3852 char prop_model[PROPERTY_VALUE_MAX];
3853 osi_property_get(PROPERTY_PRODUCT_MODEL, prop_model, "");
3854 strncpy(btif_default_local_name, prop_model, max_len);
3855 }
3856 btif_default_local_name[max_len] = '\0';
3857 }
3858 return btif_default_local_name;
3859 }
3860
btif_stats_add_bond_event(const RawAddress & bd_addr,bt_bond_function_t function,bt_bond_state_t state)3861 static void btif_stats_add_bond_event(const RawAddress& bd_addr, bt_bond_function_t function,
3862 bt_bond_state_t state) {
3863 std::unique_lock<std::mutex> lock(bond_event_lock);
3864
3865 btif_bond_event_t* event = &btif_dm_bond_events[btif_events_end_index];
3866 event->bd_addr = bd_addr;
3867 event->function = function;
3868 event->state = state;
3869 clock_gettime(CLOCK_REALTIME, &event->timestamp);
3870
3871 btif_num_bond_events++;
3872 btif_events_end_index = (btif_events_end_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3873 if (btif_events_end_index == btif_events_start_index) {
3874 btif_events_start_index = (btif_events_start_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3875 }
3876 }
3877
btif_debug_bond_event_dump(int fd)3878 void btif_debug_bond_event_dump(int fd) {
3879 std::unique_lock<std::mutex> lock(bond_event_lock);
3880 dprintf(fd, "\nBond Events: \n");
3881 dprintf(fd, " Total Number of events: %zu\n", btif_num_bond_events);
3882 if (btif_num_bond_events > 0) {
3883 dprintf(fd, " Time address Function State\n");
3884 }
3885
3886 for (size_t i = btif_events_start_index; i != btif_events_end_index;
3887 i = (i + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1)) {
3888 btif_bond_event_t* event = &btif_dm_bond_events[i];
3889
3890 char eventtime[20];
3891 char temptime[20];
3892 struct tm buf;
3893 struct tm* tstamp = localtime_r(&event->timestamp.tv_sec, &buf);
3894 strftime(temptime, sizeof(temptime), "%H:%M:%S", tstamp);
3895 snprintf(eventtime, sizeof(eventtime), "%s.%03ld", temptime,
3896 event->timestamp.tv_nsec / 1000000);
3897
3898 const char* func_name;
3899 switch (event->function) {
3900 case BTIF_DM_FUNC_CREATE_BOND:
3901 func_name = "btif_dm_create_bond";
3902 break;
3903 case BTIF_DM_FUNC_REMOVE_BOND:
3904 func_name = "btif_dm_remove_bond";
3905 break;
3906 case BTIF_DM_FUNC_BOND_STATE_CHANGED:
3907 func_name = "bond_state_changed ";
3908 break;
3909 case BTIF_DM_FUNC_CANCEL_BOND:
3910 func_name = "btif_dm_cancel_bond";
3911 break;
3912 default:
3913 func_name = "Invalid value ";
3914 break;
3915 }
3916
3917 const char* bond_state;
3918 switch (event->state) {
3919 case BT_BOND_STATE_NONE:
3920 bond_state = "BOND_STATE_NONE";
3921 break;
3922 case BT_BOND_STATE_BONDING:
3923 bond_state = "BOND_STATE_BONDING";
3924 break;
3925 case BT_BOND_STATE_BONDED:
3926 bond_state = "BOND_STATE_BONDED";
3927 break;
3928 default:
3929 bond_state = "Invalid bond state";
3930 break;
3931 }
3932
3933 dprintf(fd, " %s %s %s %s\n", eventtime,
3934 event->bd_addr.ToRedactedStringForLogging().c_str(), func_name, bond_state);
3935 }
3936 }
3937
btif_get_device_type(const RawAddress & bda,int * p_device_type)3938 bool btif_get_device_type(const RawAddress& bda, int* p_device_type) {
3939 if (p_device_type == NULL) {
3940 return false;
3941 }
3942
3943 std::string addrstr = bda.ToString();
3944 const char* bd_addr_str = addrstr.c_str();
3945
3946 if (!btif_config_get_int(bd_addr_str, BTIF_STORAGE_KEY_DEV_TYPE, p_device_type)) {
3947 return false;
3948 }
3949 tBT_DEVICE_TYPE device_type = static_cast<tBT_DEVICE_TYPE>(*p_device_type);
3950 log::debug("bd_addr:{} device_type:{}", bda, DeviceTypeText(device_type));
3951
3952 return true;
3953 }
3954
btif_get_address_type(const RawAddress & bda,tBLE_ADDR_TYPE * p_addr_type)3955 bool btif_get_address_type(const RawAddress& bda, tBLE_ADDR_TYPE* p_addr_type) {
3956 if (p_addr_type == NULL) {
3957 return false;
3958 }
3959
3960 std::string addrstr = bda.ToString();
3961 const char* bd_addr_str = addrstr.c_str();
3962
3963 int val = 0;
3964 if (!btif_config_get_int(bd_addr_str, BTIF_STORAGE_KEY_ADDR_TYPE, &val)) {
3965 return false;
3966 }
3967 *p_addr_type = static_cast<tBLE_ADDR_TYPE>(val);
3968 log::debug("bd_addr:{}[{}]", bda, AddressTypeText(*p_addr_type));
3969 return true;
3970 }
3971
btif_check_device_in_inquiry_db(const RawAddress & address)3972 void btif_check_device_in_inquiry_db(const RawAddress& address) {
3973 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
3974 int device_type = 0;
3975
3976 if (btif_get_address_type(address, &addr_type) && btif_get_device_type(address, &device_type) &&
3977 device_type != BT_DEVICE_TYPE_BREDR) {
3978 BTA_DmAddBleDevice(address, addr_type, device_type);
3979 }
3980 }
3981
btif_dm_clear_event_filter()3982 void btif_dm_clear_event_filter() { BTA_DmClearEventFilter(); }
3983
btif_dm_clear_event_mask()3984 void btif_dm_clear_event_mask() { BTA_DmClearEventMask(); }
3985
btif_dm_clear_filter_accept_list()3986 void btif_dm_clear_filter_accept_list() { BTA_DmClearFilterAcceptList(); }
3987
btif_dm_disconnect_all_acls()3988 void btif_dm_disconnect_all_acls() { BTA_DmDisconnectAllAcls(); }
3989
btif_dm_disconnect_acl(const RawAddress & bd_addr,tBT_TRANSPORT transport)3990 void btif_dm_disconnect_acl(const RawAddress& bd_addr, tBT_TRANSPORT transport) {
3991 log::debug(" {}, transport {}", bd_addr, transport);
3992
3993 if (transport == BT_TRANSPORT_LE || transport == BT_TRANSPORT_AUTO) {
3994 uint16_t acl_handle =
3995 get_btm_client_interface().peer.BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
3996
3997 log::debug("{}, le_acl_handle: {:#x}", bd_addr, acl_handle);
3998 if (acl_handle != HCI_INVALID_HANDLE) {
3999 acl_disconnect_from_handle(acl_handle, HCI_ERR_PEER_USER, "bt_btif_dm disconnect");
4000 }
4001 }
4002
4003 if (transport == BT_TRANSPORT_BR_EDR || transport == BT_TRANSPORT_AUTO) {
4004 uint16_t acl_handle =
4005 get_btm_client_interface().peer.BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR);
4006
4007 log::debug("{}, bredr_acl_handle: {:#x}", bd_addr, acl_handle);
4008 if (acl_handle != HCI_INVALID_HANDLE) {
4009 acl_disconnect_from_handle(acl_handle, HCI_ERR_PEER_USER, "bt_btif_dm disconnect");
4010 }
4011 }
4012 }
4013
btif_dm_le_rand(bluetooth::hci::LeRandCallback callback)4014 void btif_dm_le_rand(bluetooth::hci::LeRandCallback callback) { BTA_DmLeRand(std::move(callback)); }
4015
btif_dm_set_event_filter_connection_setup_all_devices()4016 void btif_dm_set_event_filter_connection_setup_all_devices() {
4017 // Autoplumbed
4018 BTA_DmSetEventFilterConnectionSetupAllDevices();
4019 }
4020
btif_dm_allow_wake_by_hid(std::vector<RawAddress> classic_addrs,std::vector<std::pair<RawAddress,uint8_t>> le_addrs)4021 void btif_dm_allow_wake_by_hid(std::vector<RawAddress> classic_addrs,
4022 std::vector<std::pair<RawAddress, uint8_t>> le_addrs) {
4023 BTA_DmAllowWakeByHid(std::move(classic_addrs), std::move(le_addrs));
4024 }
4025
btif_dm_restore_filter_accept_list(std::vector<std::pair<RawAddress,uint8_t>> le_devices)4026 void btif_dm_restore_filter_accept_list(std::vector<std::pair<RawAddress, uint8_t>> le_devices) {
4027 // Autoplumbed
4028 BTA_DmRestoreFilterAcceptList(std::move(le_devices));
4029 }
4030
btif_dm_set_default_event_mask_except(uint64_t mask,uint64_t le_mask)4031 void btif_dm_set_default_event_mask_except(uint64_t mask, uint64_t le_mask) {
4032 // Autoplumbed
4033 BTA_DmSetDefaultEventMaskExcept(mask, le_mask);
4034 }
4035
btif_dm_set_event_filter_inquiry_result_all_devices()4036 void btif_dm_set_event_filter_inquiry_result_all_devices() {
4037 // Autoplumbed
4038 BTA_DmSetEventFilterInquiryResultAllDevices();
4039 }
4040
btif_dm_metadata_changed(const RawAddress & remote_bd_addr,int key,std::vector<uint8_t> value)4041 void btif_dm_metadata_changed(const RawAddress& remote_bd_addr, int key,
4042 std::vector<uint8_t> value) {
4043 static const int METADATA_LE_AUDIO = 26;
4044 /* If METADATA_LE_AUDIO is present, device is LE Audio capable */
4045 if (key == METADATA_LE_AUDIO) {
4046 log::info("Device is LE Audio Capable {}", remote_bd_addr);
4047 metadata_cb.le_audio_cache.insert_or_assign(remote_bd_addr, value);
4048
4049 // TODO(b/334067583): Remove this DIS read when b/334067583 is fixed
4050 if (!btif_model_name_known(remote_bd_addr) &&
4051 get_btm_client_interface().peer.BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE)) {
4052 log::info("Read model name for le audio capable device");
4053 if (!DIS_ReadDISInfo(remote_bd_addr, read_dis_cback, DIS_ATTR_MODEL_NUM_BIT)) {
4054 log::warn("Read DIS failed");
4055 }
4056 }
4057 }
4058 }
4059
4060 namespace bluetooth {
4061 namespace legacy {
4062 namespace testing {
4063
bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTM_CONTRL_STATE ctrl_state,tBTA_STATUS status)4064 void bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time, tBTM_BLE_RX_TIME_MS rx_time,
4065 tBTM_BLE_IDLE_TIME_MS idle_time, tBTM_BLE_ENERGY_USED energy_used,
4066 tBTM_CONTRL_STATE ctrl_state, tBTA_STATUS status) {
4067 ::bta_energy_info_cb(tx_time, rx_time, idle_time, energy_used, ctrl_state, status);
4068 }
4069
btif_on_name_read(RawAddress bd_addr,tHCI_ERROR_CODE hci_status,const BD_NAME bd_name,bool during_device_search)4070 void btif_on_name_read(RawAddress bd_addr, tHCI_ERROR_CODE hci_status, const BD_NAME bd_name,
4071 bool during_device_search) {
4072 ::btif_on_name_read(bd_addr, hci_status, bd_name, during_device_search);
4073 }
4074
4075 } // namespace testing
4076 } // namespace legacy
4077 } // namespace bluetooth
4078