1 /*
2 * Copyright 2014 Samsung System LSI
3 * Copyright 2013 The Android Open Source Project
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #include "btif_sock_l2cap.h"
19
20 #include <bluetooth/log.h>
21 #include <com_android_bluetooth_flags.h>
22 #include <sys/ioctl.h>
23 #include <sys/socket.h>
24 #include <sys/types.h>
25 #include <unistd.h>
26
27 #include <cstdint>
28 #include <cstring>
29 #include <mutex>
30
31 #include "bta/include/bta_jv_api.h"
32 #include "btif/include/btif_dm.h"
33 #include "btif/include/btif_sock.h"
34 #include "btif/include/btif_sock_logging.h"
35 #include "btif/include/btif_sock_thread.h"
36 #include "btif/include/btif_sock_util.h"
37 #include "btif/include/btif_uid.h"
38 #include "common/time_util.h"
39 #include "gd/os/rand.h"
40 #include "include/hardware/bluetooth.h"
41 #include "internal_include/bt_target.h"
42 #include "lpp/lpp_offload_interface.h"
43 #include "main/shim/entry.h"
44 #include "osi/include/allocator.h"
45 #include "osi/include/osi.h"
46 #include "stack/include/bt_hdr.h"
47 #include "stack/include/l2cdefs.h"
48 #include "types/raw_address.h"
49
50 using namespace bluetooth;
51
52 struct packet {
53 struct packet *next, *prev;
54 uint32_t len;
55 uint8_t* data;
56 };
57
58 typedef struct l2cap_socket {
59 struct l2cap_socket* prev; // link to prev list item
60 struct l2cap_socket* next; // link to next list item
61 RawAddress addr; // other side's address
62 char name[256]; // user-friendly name of the service
63 uint32_t id; // just a tag to find this struct
64 int app_uid; // The UID of the app who requested this socket
65 int handle; // handle from lower layers
66 unsigned security; // security flags
67 int channel; // PSM
68 int our_fd; // fd from our side
69 int app_fd; // fd from app's side
70 int listen_fd; // listen socket fd from our side
71
72 unsigned bytes_buffered;
73 struct packet* first_packet; // fist packet to be delivered to app
74 struct packet* last_packet; // last packet to be delivered to app
75
76 unsigned server : 1; // is a server? (or connecting?)
77 unsigned connected : 1; // is connected?
78 unsigned outgoing_congest : 1; // should we hold?
79 unsigned server_psm_sent : 1; // The server shall only send PSM once.
80 bool is_le_coc; // is le connection oriented channel?
81 uint16_t rx_mtu;
82 uint16_t tx_mtu;
83 // Cumulative number of bytes transmitted on this socket
84 int64_t tx_bytes;
85 // Cumulative number of bytes received on this socket
86 int64_t rx_bytes;
87 uint16_t local_cid; // The local CID
88 uint16_t remote_cid; // The remote CID
89 Uuid conn_uuid; // The connection uuid
90 uint64_t socket_id; // Socket ID in connected state
91 btsock_data_path_t data_path; // socket data path
92 char socket_name[128]; // descriptive socket name
93 uint64_t hub_id; // ID of the hub to which the end point belongs
94 uint64_t endpoint_id; // ID of the hub end point
95 bool is_accepting; // is app accepting on server socket?
96 uint64_t connection_start_time_ms; // Timestamp when the connection state started
97 } l2cap_socket;
98
99 static void btsock_l2cap_server_listen(l2cap_socket* sock);
100 static uint64_t btif_l2cap_sock_generate_socket_id();
101 static void on_cl_l2cap_psm_connect_offload_l(tBTA_JV_L2CAP_OPEN* p_open, l2cap_socket* sock);
102 static void on_srv_l2cap_psm_connect_offload_l(tBTA_JV_L2CAP_OPEN* p_open, l2cap_socket* sock);
103
104 static std::mutex state_lock;
105
106 static l2cap_socket* socks = NULL;
107 static uint32_t last_sock_id = 0;
108 static uid_set_t* uid_set = NULL;
109 static int pth = -1;
110
111 static void btsock_l2cap_cbk(tBTA_JV_EVT event, tBTA_JV* p_data, uint32_t l2cap_socket_id);
112
113 /* TODO: Consider to remove this buffer, as we have a buffer in l2cap as well,
114 * and we risk a buffer overflow with this implementation if the socket data is not
115 * read from JAVA for a while. In such a case we should use flow control to tell the
116 * sender to back off.
117 * BUT remember we need to avoid blocking the BTA task execution - hence
118 * we cannot directly write to the socket. We should be able to change to store the
119 * data pointer here, and just wait confirming the l2cap_ind until we have more space
120 * in the buffer. */
121
122 /* returns false if none - caller must free "data" memory when done with it */
packet_get_head_l(l2cap_socket * sock,uint8_t ** data,uint32_t * len)123 static char packet_get_head_l(l2cap_socket* sock, uint8_t** data, uint32_t* len) {
124 struct packet* p = sock->first_packet;
125
126 if (!p) {
127 return false;
128 }
129
130 if (data) {
131 *data = sock->first_packet->data;
132 }
133 if (len) {
134 *len = sock->first_packet->len;
135 }
136 sock->first_packet = p->next;
137 if (sock->first_packet) {
138 sock->first_packet->prev = NULL;
139 } else {
140 sock->last_packet = NULL;
141 }
142
143 if (len) {
144 sock->bytes_buffered -= *len;
145 }
146
147 osi_free(p);
148
149 return true;
150 }
151
packet_alloc(const uint8_t * data,uint32_t len)152 static struct packet* packet_alloc(const uint8_t* data, uint32_t len) {
153 struct packet* p = (struct packet*)osi_calloc(sizeof(*p));
154 uint8_t* buf = (uint8_t*)osi_malloc(len);
155
156 p->data = buf;
157 p->len = len;
158 memcpy(p->data, data, len);
159 return p;
160 }
161
162 /* makes a copy of the data, returns true on success */
packet_put_head_l(l2cap_socket * sock,const void * data,uint32_t len)163 static char packet_put_head_l(l2cap_socket* sock, const void* data, uint32_t len) {
164 struct packet* p = packet_alloc((const uint8_t*)data, len);
165
166 /*
167 * We do not check size limits here since this is used to undo "getting" a
168 * packet that the user read incompletely. That is to say the packet was
169 * already in the queue. We do check thos elimits in packet_put_tail_l() since
170 * that function is used to put new data into the queue.
171 */
172
173 if (!p) {
174 return false;
175 }
176
177 p->prev = NULL;
178 p->next = sock->first_packet;
179 sock->first_packet = p;
180 if (p->next) {
181 p->next->prev = p;
182 } else {
183 sock->last_packet = p;
184 }
185
186 sock->bytes_buffered += len;
187
188 return true;
189 }
190
191 /* makes a copy of the data, returns true on success */
packet_put_tail_l(l2cap_socket * sock,const void * data,uint32_t len)192 static char packet_put_tail_l(l2cap_socket* sock, const void* data, uint32_t len) {
193 if (sock->bytes_buffered >= L2CAP_MAX_RX_BUFFER) {
194 log::error("Unable to add to buffer due to buffer overflow socket_id:{}", sock->id);
195 return false;
196 }
197
198 struct packet* p = packet_alloc((const uint8_t*)data, len);
199 p->next = NULL;
200 p->prev = sock->last_packet;
201 sock->last_packet = p;
202 if (p->prev) {
203 p->prev->next = p;
204 } else {
205 sock->first_packet = p;
206 }
207
208 sock->bytes_buffered += len;
209
210 return true;
211 }
212
is_inited(void)213 static char is_inited(void) {
214 std::unique_lock<std::mutex> lock(state_lock);
215 return pth != -1;
216 }
217
218 /* only call with std::mutex taken */
btsock_l2cap_find_by_id_l(uint32_t id)219 static l2cap_socket* btsock_l2cap_find_by_id_l(uint32_t id) {
220 l2cap_socket* sock = socks;
221
222 while (sock && sock->id != id) {
223 sock = sock->next;
224 }
225
226 return sock;
227 }
228
229 /* only call with std::mutex taken */
btsock_l2cap_find_by_conn_uuid_l(Uuid & conn_uuid)230 static l2cap_socket* btsock_l2cap_find_by_conn_uuid_l(Uuid& conn_uuid) {
231 l2cap_socket* sock = socks;
232
233 while (sock) {
234 if (sock->conn_uuid == conn_uuid) {
235 return sock;
236 }
237 sock = sock->next;
238 }
239
240 return nullptr;
241 }
242
btsock_l2cap_free_l(l2cap_socket * sock,btsock_error_code_t error_code)243 static void btsock_l2cap_free_l(l2cap_socket* sock, btsock_error_code_t error_code) {
244 uint8_t* buf;
245 l2cap_socket* t = socks;
246
247 while (t && t != sock) {
248 t = t->next;
249 }
250
251 if (!t) { /* prever double-frees */
252 return;
253 }
254
255 log::info(
256 "Disconnected L2CAP connection for device: {}, channel: {}, app_uid: {}, "
257 "id: {}, is_le: {}, socket_id: {}",
258 sock->addr, sock->channel, sock->app_uid, sock->id, sock->is_le_coc, sock->socket_id);
259 btif_sock_connection_logger(
260 sock->addr, sock->id, sock->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
261 SOCKET_CONNECTION_STATE_DISCONNECTED,
262 sock->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, sock->app_uid, sock->channel,
263 sock->tx_bytes, sock->rx_bytes, sock->name, sock->connection_start_time_ms, error_code,
264 sock->data_path);
265 if (com::android::bluetooth::flags::socket_settings_api()) {
266 if (sock->data_path == BTSOCK_DATA_PATH_HARDWARE_OFFLOAD && !sock->server &&
267 sock->socket_id != 0) {
268 bluetooth::shim::GetLppOffloadManager()->SocketClosed(sock->socket_id);
269 }
270 }
271 if (sock->next) {
272 sock->next->prev = sock->prev;
273 }
274
275 if (sock->prev) {
276 sock->prev->next = sock->next;
277 } else {
278 socks = sock->next;
279 }
280
281 shutdown(sock->our_fd, SHUT_RDWR);
282 close(sock->our_fd);
283 if (sock->app_fd != -1) {
284 close(sock->app_fd);
285 } else {
286 log::info("Application has already closed l2cap socket socket_id:{}", sock->id);
287 }
288
289 while (packet_get_head_l(sock, &buf, NULL)) {
290 osi_free(buf);
291 }
292
293 // lower-level close() should be idempotent... so let's call it and see...
294 if (sock->is_le_coc) {
295 // Only call if we are non server connections
296 if (sock->handle >= 0 && (!sock->server)) {
297 BTA_JvL2capClose(sock->handle);
298 }
299 if ((sock->channel >= 0) && (sock->server)) {
300 BTA_JvFreeChannel(sock->channel, tBTA_JV_CONN_TYPE::L2CAP_LE);
301 log::info("Stopped L2CAP LE COC server socket_id:{} channel:{}", sock->id, sock->channel);
302 BTA_JvL2capStopServer(sock->channel, sock->id);
303 }
304 } else {
305 // Only call if we are non server connections
306 if ((sock->handle >= 0) && (!sock->server)) {
307 BTA_JvL2capClose(sock->handle);
308 }
309 if ((sock->channel >= 0) && (sock->server)) {
310 BTA_JvFreeChannel(sock->channel, tBTA_JV_CONN_TYPE::L2CAP);
311 BTA_JvL2capStopServer(sock->channel, sock->id);
312 }
313 }
314
315 osi_free(sock);
316 }
317
btsock_l2cap_alloc_l(const char * name,const RawAddress * addr,char is_server,int flags)318 static l2cap_socket* btsock_l2cap_alloc_l(const char* name, const RawAddress* addr, char is_server,
319 int flags) {
320 unsigned security = 0;
321 int fds[2];
322 l2cap_socket* sock = (l2cap_socket*)osi_calloc(sizeof(*sock));
323 int sock_type = SOCK_SEQPACKET;
324
325 if (flags & BTSOCK_FLAG_ENCRYPT) {
326 security |= is_server ? BTM_SEC_IN_ENCRYPT : BTM_SEC_OUT_ENCRYPT;
327 }
328 if (flags & BTSOCK_FLAG_AUTH) {
329 security |= is_server ? BTM_SEC_IN_AUTHENTICATE : BTM_SEC_OUT_AUTHENTICATE;
330 }
331 if (flags & BTSOCK_FLAG_AUTH_MITM) {
332 security |= is_server ? BTM_SEC_IN_MITM : BTM_SEC_OUT_MITM;
333 }
334 if (flags & BTSOCK_FLAG_AUTH_16_DIGIT) {
335 security |= BTM_SEC_IN_MIN_16_DIGIT_PIN;
336 }
337
338 #if TARGET_FLOSS
339 // Changed socket type to SOCK_STREAM to address a platform issue on FLOSS.
340 // This is a workaround and not the recommended approach.
341 // SOCK_SEQPACKET is preferred for L2CAP LE CoC channels because it preserves L2CAP
342 // packet boundaries, ensuring message integrity.
343 sock_type = SOCK_STREAM;
344 #endif
345 if (socketpair(AF_LOCAL, sock_type, 0, fds)) {
346 log::error("socketpair failed:{}", strerror(errno));
347 goto fail_sockpair;
348 }
349
350 sock->our_fd = fds[0];
351 sock->app_fd = fds[1];
352 sock->listen_fd = -1;
353 sock->security = security;
354 sock->server = is_server;
355 sock->connected = false;
356 sock->handle = 0;
357 sock->server_psm_sent = false;
358 sock->app_uid = -1;
359 sock->conn_uuid = Uuid::kEmpty;
360 sock->socket_id = 0;
361 sock->data_path = BTSOCK_DATA_PATH_NO_OFFLOAD;
362 sock->hub_id = 0;
363 sock->endpoint_id = 0;
364 sock->is_accepting = false;
365 sock->connection_start_time_ms = 0;
366
367 if (name) {
368 strncpy(sock->name, name, sizeof(sock->name) - 1);
369 }
370 if (addr) {
371 sock->addr = *addr;
372 }
373
374 sock->first_packet = NULL;
375 sock->last_packet = NULL;
376
377 sock->tx_mtu = L2CAP_LE_MIN_MTU;
378
379 sock->next = socks;
380 sock->prev = NULL;
381 if (socks) {
382 socks->prev = sock;
383 }
384 sock->id = last_sock_id + 1;
385 sock->tx_bytes = 0;
386 sock->rx_bytes = 0;
387 socks = sock;
388 /* paranoia cap on: verify no ID duplicates due to overflow and fix as needed
389 */
390 while (1) {
391 l2cap_socket* t;
392 t = socks->next;
393 while (t && t->id != sock->id) {
394 t = t->next;
395 }
396 if (!t && sock->id) { /* non-zero handle is unique -> we're done */
397 break;
398 }
399 /* if we're here, we found a duplicate */
400 if (!++sock->id) { /* no zero IDs allowed */
401 sock->id++;
402 }
403 }
404 last_sock_id = sock->id;
405 log::info("Allocated l2cap socket structure socket_id:{}", sock->id);
406 return sock;
407
408 fail_sockpair:
409 osi_free(sock);
410 return NULL;
411 }
412
btsock_l2cap_init(int handle,uid_set_t * set)413 bt_status_t btsock_l2cap_init(int handle, uid_set_t* set) {
414 std::unique_lock<std::mutex> lock(state_lock);
415 pth = handle;
416 socks = NULL;
417 uid_set = set;
418 return BT_STATUS_SUCCESS;
419 }
420
btsock_l2cap_cleanup()421 bt_status_t btsock_l2cap_cleanup() {
422 std::unique_lock<std::mutex> lock(state_lock);
423 pth = -1;
424 while (socks) {
425 btsock_l2cap_free_l(socks, BTSOCK_ERROR_NONE);
426 }
427 return BT_STATUS_SUCCESS;
428 }
429
send_app_psm_or_chan_l(l2cap_socket * sock)430 static inline bool send_app_psm_or_chan_l(l2cap_socket* sock) {
431 log::info("Sending l2cap socket socket_id:{} channel:{}", sock->id, sock->channel);
432 return sock_send_all(sock->our_fd, (const uint8_t*)&sock->channel, sizeof(sock->channel)) ==
433 sizeof(sock->channel);
434 }
435
send_app_err_code(l2cap_socket * sock,tBTA_JV_L2CAP_REASON code)436 static bool send_app_err_code(l2cap_socket* sock, tBTA_JV_L2CAP_REASON code) {
437 log::info("Sending l2cap failure reason socket_id:{} reason code:{}", sock->id, code);
438 int err_channel = 0;
439 if (sock_send_all(sock->our_fd, (const uint8_t*)&err_channel, sizeof(err_channel)) !=
440 sizeof(err_channel)) {
441 return false;
442 }
443 return sock_send_all(sock->our_fd, (const uint8_t*)&code, sizeof(code)) == sizeof(code);
444 }
445
uuid_lsb(const Uuid & uuid)446 static uint64_t uuid_lsb(const Uuid& uuid) {
447 uint64_t lsb = 0;
448
449 auto uu = uuid.To128BitBE();
450 for (int i = 8; i <= 15; i++) {
451 lsb <<= 8;
452 lsb |= uu[i];
453 }
454
455 return lsb;
456 }
457
uuid_msb(const Uuid & uuid)458 static uint64_t uuid_msb(const Uuid& uuid) {
459 uint64_t msb = 0;
460
461 auto uu = uuid.To128BitBE();
462 for (int i = 0; i <= 7; i++) {
463 msb <<= 8;
464 msb |= uu[i];
465 }
466
467 return msb;
468 }
469
send_app_connect_signal(int fd,const RawAddress * addr,int channel,int status,int send_fd,uint16_t rx_mtu,uint16_t tx_mtu,const Uuid & conn_uuid,uint64_t socket_id)470 static bool send_app_connect_signal(int fd, const RawAddress* addr, int channel, int status,
471 int send_fd, uint16_t rx_mtu, uint16_t tx_mtu,
472 const Uuid& conn_uuid, uint64_t socket_id) {
473 sock_connect_signal_t cs;
474 cs.size = sizeof(cs);
475 cs.bd_addr = *addr;
476 cs.channel = channel;
477 cs.status = status;
478 cs.max_rx_packet_size = rx_mtu;
479 cs.max_tx_packet_size = tx_mtu;
480 cs.conn_uuid_lsb = uuid_lsb(conn_uuid);
481 cs.conn_uuid_msb = uuid_msb(conn_uuid);
482 cs.socket_id = socket_id;
483 if (send_fd != -1) {
484 if (sock_send_fd(fd, (const uint8_t*)&cs, sizeof(cs), send_fd) == sizeof(cs)) {
485 return true;
486 }
487 } else if (sock_send_all(fd, (const uint8_t*)&cs, sizeof(cs)) == sizeof(cs)) {
488 return true;
489 }
490
491 log::error("Unable to send data to socket fd:{} send_fd:{}", fd, send_fd);
492 return false;
493 }
494
on_srv_l2cap_listen_started(tBTA_JV_L2CAP_START * p_start,uint32_t id)495 static void on_srv_l2cap_listen_started(tBTA_JV_L2CAP_START* p_start, uint32_t id) {
496 l2cap_socket* sock;
497
498 std::unique_lock<std::mutex> lock(state_lock);
499 sock = btsock_l2cap_find_by_id_l(id);
500 if (!sock) {
501 log::error("Unable to find l2cap socket with socket_id:{}", id);
502 return;
503 }
504
505 if (p_start->status != tBTA_JV_STATUS::SUCCESS) {
506 log::error("Unable to start l2cap server socket_id:{}", sock->id);
507 btsock_l2cap_free_l(sock, BTSOCK_ERROR_SERVER_START_FAILURE);
508 return;
509 }
510
511 sock->handle = p_start->handle;
512
513 log::info(
514 "Listening for L2CAP connection for device: {}, channel: {}, app_uid: "
515 "{}, id: {}, is_le: {}",
516 sock->addr, sock->channel, sock->app_uid, sock->id, sock->is_le_coc);
517 btif_sock_connection_logger(
518 sock->addr, sock->id, sock->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
519 SOCKET_CONNECTION_STATE_LISTENING,
520 sock->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, sock->app_uid, sock->channel,
521 0, 0, sock->name, 0, BTSOCK_ERROR_NONE, sock->data_path);
522
523 if (!sock->server_psm_sent) {
524 if (!send_app_psm_or_chan_l(sock)) {
525 // closed
526 log::info("Unable to send socket to application socket_id:{}", sock->id);
527 btsock_l2cap_free_l(sock, BTSOCK_ERROR_SEND_TO_APP_FAILURE);
528 } else {
529 sock->server_psm_sent = true;
530 }
531 }
532 }
533
on_cl_l2cap_init(tBTA_JV_L2CAP_CL_INIT * p_init,uint32_t id)534 static void on_cl_l2cap_init(tBTA_JV_L2CAP_CL_INIT* p_init, uint32_t id) {
535 l2cap_socket* sock;
536
537 std::unique_lock<std::mutex> lock(state_lock);
538 sock = btsock_l2cap_find_by_id_l(id);
539 if (!sock) {
540 log::error("Unable to find l2cap socket with socket_id:{}", id);
541 return;
542 }
543
544 if (p_init->status != tBTA_JV_STATUS::SUCCESS) {
545 log::error("Initialization status failed socket_id:{}", id);
546 btsock_l2cap_free_l(sock, BTSOCK_ERROR_CLIENT_INIT_FAILURE);
547 return;
548 }
549
550 sock->handle = p_init->handle;
551 }
552
553 /**
554 * Here we allocate a new sock instance to mimic the BluetoothSocket. The socket
555 * will be a clone of the sock representing the BluetoothServerSocket.
556 * */
on_srv_l2cap_psm_connect_l(tBTA_JV_L2CAP_OPEN * p_open,l2cap_socket * sock)557 static void on_srv_l2cap_psm_connect_l(tBTA_JV_L2CAP_OPEN* p_open, l2cap_socket* sock) {
558 // state_lock taken by caller
559 l2cap_socket* accept_rs = btsock_l2cap_alloc_l(sock->name, &p_open->rem_bda, false, 0);
560 accept_rs->connected = true;
561 accept_rs->security = sock->security;
562 accept_rs->channel = sock->channel;
563 accept_rs->handle = sock->handle;
564 accept_rs->app_uid = sock->app_uid;
565 sock->handle = -1; /* We should no longer associate this handle with the server socket */
566 accept_rs->is_le_coc = sock->is_le_coc;
567 accept_rs->tx_mtu = sock->tx_mtu = p_open->tx_mtu;
568 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349374
569 accept_rs->rx_mtu = sock->rx_mtu;
570 }
571 accept_rs->local_cid = p_open->local_cid;
572 accept_rs->remote_cid = p_open->remote_cid;
573 // TODO(b/342012881) Remove connection uuid when offload socket API is landed.
574 Uuid uuid = Uuid::From128BitBE(bluetooth::os::GenerateRandom<Uuid::kNumBytes128>());
575 accept_rs->conn_uuid = uuid;
576 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349374
577 accept_rs->socket_id = btif_l2cap_sock_generate_socket_id();
578 accept_rs->data_path = sock->data_path;
579 strncpy(accept_rs->socket_name, sock->socket_name, sizeof(accept_rs->socket_name) - 1);
580 accept_rs->socket_name[sizeof(accept_rs->socket_name) - 1] = '\0';
581 accept_rs->hub_id = sock->hub_id;
582 accept_rs->endpoint_id = sock->endpoint_id;
583 }
584
585 /* Swap IDs to hand over the GAP connection to the accepted socket, and start
586 a new server on the newly create socket ID. */
587 uint32_t new_listen_id = accept_rs->id;
588 accept_rs->id = sock->id;
589 sock->id = new_listen_id;
590
591 log::info(
592 "Connected to L2CAP connection for device: {}, channel: {}, app_uid: {}, "
593 "id: {}, is_le: {}, socket_id: {}, rx_mtu: {}",
594 accept_rs->addr, accept_rs->channel, accept_rs->app_uid, accept_rs->id,
595 accept_rs->is_le_coc, accept_rs->socket_id, accept_rs->rx_mtu);
596 btif_sock_connection_logger(
597 accept_rs->addr, accept_rs->id, accept_rs->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
598 SOCKET_CONNECTION_STATE_CONNECTED,
599 accept_rs->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, accept_rs->app_uid,
600 accept_rs->channel, 0, 0, accept_rs->name, 0, BTSOCK_ERROR_NONE, accept_rs->data_path);
601 accept_rs->connection_start_time_ms = common::time_gettimeofday_us() / 1000;
602
603 // start monitor the socket
604 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_EXCEPTION, sock->id);
605 btsock_thread_add_fd(pth, accept_rs->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, accept_rs->id);
606 send_app_connect_signal(sock->our_fd, &accept_rs->addr, sock->channel, 0, accept_rs->app_fd,
607 sock->rx_mtu, p_open->tx_mtu, accept_rs->conn_uuid, accept_rs->socket_id);
608 accept_rs->app_fd = -1; // The fd is closed after sent to app in send_app_connect_signal()
609 // But for some reason we still leak a FD - either the server socket
610 // one or the accept socket one.
611 btsock_l2cap_server_listen(sock);
612 // start monitoring the socketpair to get call back when app is accepting on server socket
613 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349375
614 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, sock->id);
615 }
616 }
617
on_cl_l2cap_psm_connect_l(tBTA_JV_L2CAP_OPEN * p_open,l2cap_socket * sock)618 static void on_cl_l2cap_psm_connect_l(tBTA_JV_L2CAP_OPEN* p_open, l2cap_socket* sock) {
619 sock->addr = p_open->rem_bda;
620 sock->tx_mtu = p_open->tx_mtu;
621 sock->local_cid = p_open->local_cid;
622 sock->remote_cid = p_open->remote_cid;
623 // TODO(b/342012881) Remove connection uuid when offload socket API is landed.
624 Uuid uuid = Uuid::From128BitBE(bluetooth::os::GenerateRandom<Uuid::kNumBytes128>());
625 sock->conn_uuid = uuid;
626 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349374
627 sock->socket_id = btif_l2cap_sock_generate_socket_id();
628 }
629
630 if (!send_app_psm_or_chan_l(sock)) {
631 log::error("Unable to send l2cap socket to application socket_id:{}", sock->id);
632 return;
633 }
634
635 if (!send_app_connect_signal(sock->our_fd, &sock->addr, sock->channel, 0, -1, sock->rx_mtu,
636 p_open->tx_mtu, sock->conn_uuid, sock->socket_id)) {
637 log::error("Unable to connect l2cap socket to application socket_id:{}", sock->id);
638 return;
639 }
640
641 log::info(
642 "Connected to L2CAP connection for device: {}, channel: {}, app_uid: {}, "
643 "id: {}, is_le: {}, socket_id: {}, rx_mtu: {}",
644 sock->addr, sock->channel, sock->app_uid, sock->id, sock->is_le_coc, sock->socket_id,
645 sock->rx_mtu);
646 btif_sock_connection_logger(
647 sock->addr, sock->id, sock->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
648 SOCKET_CONNECTION_STATE_CONNECTED,
649 sock->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, sock->app_uid, sock->channel,
650 0, 0, sock->name, 0, BTSOCK_ERROR_NONE, sock->data_path);
651 sock->connection_start_time_ms = common::time_gettimeofday_us() / 1000;
652
653 // start monitoring the socketpair to get call back when app writing data
654 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, sock->id);
655 log::info("Connected l2cap socket socket_id:{}", sock->id);
656 sock->connected = true;
657 }
658
on_l2cap_connect(tBTA_JV * p_data,uint32_t id)659 static void on_l2cap_connect(tBTA_JV* p_data, uint32_t id) {
660 tBTA_JV_L2CAP_OPEN* psm_open = &p_data->l2c_open;
661 tBTA_JV_L2CAP_LE_OPEN* le_open = &p_data->l2c_le_open;
662
663 std::unique_lock<std::mutex> lock(state_lock);
664 l2cap_socket* sock = btsock_l2cap_find_by_id_l(id);
665 if (!sock) {
666 log::error("Unable to find l2cap socket with socket_id:{}", id);
667 return;
668 }
669
670 sock->tx_mtu = le_open->tx_mtu;
671 if (psm_open->status == tBTA_JV_STATUS::SUCCESS) {
672 if (!com::android::bluetooth::flags::socket_settings_api() || // Added with aosp/3349378
673 sock->data_path == BTSOCK_DATA_PATH_NO_OFFLOAD) {
674 if (!sock->server) {
675 on_cl_l2cap_psm_connect_l(psm_open, sock);
676 } else {
677 on_srv_l2cap_psm_connect_l(psm_open, sock);
678 }
679 } else {
680 if (!sock->server) {
681 on_cl_l2cap_psm_connect_offload_l(psm_open, sock);
682 } else {
683 on_srv_l2cap_psm_connect_offload_l(psm_open, sock);
684 }
685 }
686 } else {
687 log::error("Unable to open socket after receiving connection socket_id:{}", sock->id);
688 btsock_l2cap_free_l(sock, BTSOCK_ERROR_OPEN_FAILURE);
689 }
690 }
691
on_l2cap_close(tBTA_JV_L2CAP_CLOSE * p_close,uint32_t id)692 static void on_l2cap_close(tBTA_JV_L2CAP_CLOSE* p_close, uint32_t id) {
693 l2cap_socket* sock;
694
695 std::unique_lock<std::mutex> lock(state_lock);
696 sock = btsock_l2cap_find_by_id_l(id);
697 if (!sock) {
698 log::info("Unable to find probably already closed l2cap socket with socket_id:{}", id);
699 return;
700 }
701
702 log::info(
703 "Disconnecting from L2CAP connection for device: {}, channel: {}, "
704 "app_uid: {}, id: {}, is_le: {}",
705 sock->addr, sock->channel, sock->app_uid, sock->id, sock->is_le_coc);
706 btif_sock_connection_logger(
707 sock->addr, sock->id, sock->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
708 SOCKET_CONNECTION_STATE_DISCONNECTING,
709 sock->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, sock->app_uid, sock->channel,
710 0, 0, sock->name, 0, BTSOCK_ERROR_NONE, sock->data_path);
711 if (com::android::bluetooth::flags::donot_push_error_code_to_app_when_connected()) {
712 if (!sock->connected) {
713 if (!send_app_err_code(sock, p_close->reason)) {
714 log::error("Unable to send l2cap socket to application socket_id:{}", sock->id);
715 }
716 } else {
717 log::info("Don't push error for already connected socket:{}", sock->id);
718 }
719 } else {
720 if (!send_app_err_code(sock, p_close->reason)) {
721 log::error("Unable to send l2cap socket to application socket_id:{}", sock->id);
722 }
723 }
724 // TODO: This does not seem to be called...
725 // I'm not sure if this will be called for non-server sockets?
726 if (sock->server) {
727 BTA_JvFreeChannel(sock->channel, tBTA_JV_CONN_TYPE::L2CAP);
728 }
729 btsock_l2cap_free_l(sock, BTSOCK_ERROR_NONE);
730 }
731
on_l2cap_outgoing_congest(tBTA_JV_L2CAP_CONG * p,uint32_t id)732 static void on_l2cap_outgoing_congest(tBTA_JV_L2CAP_CONG* p, uint32_t id) {
733 l2cap_socket* sock;
734
735 std::unique_lock<std::mutex> lock(state_lock);
736 sock = btsock_l2cap_find_by_id_l(id);
737 if (!sock) {
738 log::error("Unable to find l2cap socket with socket_id:{}", id);
739 return;
740 }
741
742 sock->outgoing_congest = p->cong ? 1 : 0;
743
744 if (!sock->outgoing_congest) {
745 log::verbose("Monitoring l2cap socket for outgoing data socket_id:{}", sock->id);
746 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, sock->id);
747 }
748 }
749
on_l2cap_write_done(uint16_t len,uint32_t id)750 static void on_l2cap_write_done(uint16_t len, uint32_t id) {
751 std::unique_lock<std::mutex> lock(state_lock);
752 l2cap_socket* sock = btsock_l2cap_find_by_id_l(id);
753 if (!sock) {
754 log::error("Unable to find l2cap socket with socket_id:{}", id);
755 return;
756 }
757
758 int app_uid = sock->app_uid;
759 if (!sock->outgoing_congest) {
760 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, sock->id);
761 } else {
762 log::info("Socket congestion on socket_id:{}", sock->id);
763 }
764
765 sock->tx_bytes += len;
766 uid_set_add_tx(uid_set, app_uid, len);
767 }
768
on_l2cap_data_ind(tBTA_JV *,uint32_t id)769 static void on_l2cap_data_ind(tBTA_JV* /* evt */, uint32_t id) {
770 l2cap_socket* sock;
771
772 int app_uid = -1;
773 uint32_t bytes_read = 0;
774
775 std::unique_lock<std::mutex> lock(state_lock);
776 sock = btsock_l2cap_find_by_id_l(id);
777 if (!sock) {
778 log::error("Unable to find l2cap socket with socket_id:{}", id);
779 return;
780 }
781
782 app_uid = sock->app_uid;
783
784 uint32_t count;
785
786 if (BTA_JvL2capReady(sock->handle, &count) == tBTA_JV_STATUS::SUCCESS) {
787 std::vector<uint8_t> buffer(count);
788 if (BTA_JvL2capRead(sock->handle, sock->id, buffer.data(), count) == tBTA_JV_STATUS::SUCCESS) {
789 if (packet_put_tail_l(sock, buffer.data(), count)) {
790 bytes_read = count;
791 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_WR, sock->id);
792 } else { // connection must be dropped
793 log::warn("Closing socket as unable to push data to socket socket_id:{}", sock->id);
794 BTA_JvL2capClose(sock->handle);
795 btsock_l2cap_free_l(sock, BTSOCK_ERROR_RECEIVE_DATA_FAILURE);
796 return;
797 }
798 }
799 }
800
801 sock->rx_bytes += bytes_read;
802 uid_set_add_rx(uid_set, app_uid, bytes_read);
803 }
804
btsock_l2cap_cbk(tBTA_JV_EVT event,tBTA_JV * p_data,uint32_t l2cap_socket_id)805 static void btsock_l2cap_cbk(tBTA_JV_EVT event, tBTA_JV* p_data, uint32_t l2cap_socket_id) {
806 switch (event) {
807 case BTA_JV_L2CAP_START_EVT:
808 on_srv_l2cap_listen_started(&p_data->l2c_start, l2cap_socket_id);
809 break;
810
811 case BTA_JV_L2CAP_CL_INIT_EVT:
812 on_cl_l2cap_init(&p_data->l2c_cl_init, l2cap_socket_id);
813 break;
814
815 case BTA_JV_L2CAP_OPEN_EVT:
816 on_l2cap_connect(p_data, l2cap_socket_id);
817 BTA_JvSetPmProfile(p_data->l2c_open.handle, BTA_JV_PM_ID_1, BTA_JV_CONN_OPEN);
818 break;
819
820 case BTA_JV_L2CAP_CLOSE_EVT:
821 on_l2cap_close(&p_data->l2c_close, l2cap_socket_id);
822 break;
823
824 case BTA_JV_L2CAP_DATA_IND_EVT:
825 on_l2cap_data_ind(p_data, l2cap_socket_id);
826 break;
827
828 case BTA_JV_L2CAP_READ_EVT:
829 break;
830
831 case BTA_JV_L2CAP_WRITE_EVT:
832 on_l2cap_write_done(p_data->l2c_write.len, l2cap_socket_id);
833 break;
834
835 case BTA_JV_L2CAP_CONG_EVT:
836 on_l2cap_outgoing_congest(&p_data->l2c_cong, l2cap_socket_id);
837 break;
838
839 default:
840 log::error("Unhandled event:{} l2cap_socket_id:{}", bta_jv_event_text(event),
841 l2cap_socket_id);
842 break;
843 }
844 }
845
846 const tL2CAP_ERTM_INFO obex_l2c_etm_opt = {L2CAP_FCR_ERTM_MODE,
847 /* Mandatory for OBEX over l2cap */};
848
849 /**
850 * When using a dynamic PSM, a PSM allocation is requested from
851 * btsock_l2cap_listen_or_connect().
852 * The PSM allocation event is refeived in the JV-callback - currently located
853 * in RFC-code -
854 * and this function is called with the newly allocated PSM.
855 */
on_l2cap_psm_assigned(int id,int psm)856 void on_l2cap_psm_assigned(int id, int psm) {
857 /* Setup ETM settings:
858 * mtu will be set below */
859 std::unique_lock<std::mutex> lock(state_lock);
860 l2cap_socket* sock = btsock_l2cap_find_by_id_l(id);
861 if (!sock) {
862 log::error("Unable to find l2cap socket with socket_id:{}", id);
863 return;
864 }
865
866 sock->channel = psm;
867
868 btsock_l2cap_server_listen(sock);
869 }
870
btsock_l2cap_server_listen(l2cap_socket * sock)871 static void btsock_l2cap_server_listen(l2cap_socket* sock) {
872 tBTA_JV_CONN_TYPE connection_type =
873 sock->is_le_coc ? tBTA_JV_CONN_TYPE::L2CAP_LE : tBTA_JV_CONN_TYPE::L2CAP;
874
875 /* If we have a channel specified in the request, just start the server,
876 * else we request a PSM and start the server after we receive a PSM. */
877 if (sock->channel <= 0) {
878 BTA_JvGetChannelId(connection_type, sock->id, 0);
879 return;
880 }
881
882 /* Setup ETM settings: mtu will be set below */
883 std::unique_ptr<tL2CAP_CFG_INFO> cfg = std::make_unique<tL2CAP_CFG_INFO>(
884 tL2CAP_CFG_INFO{.fcr_present = true, .fcr = kDefaultErtmOptions});
885 /* For hardware offload data path, host stack sets the initial credits to 0. The offload stack
886 * should send initial credits to peer device through L2CAP signaling command when the data path
887 * is switched successfully. */
888 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349376
889 if (sock->data_path == BTSOCK_DATA_PATH_HARDWARE_OFFLOAD) {
890 cfg->init_credit_present = true;
891 cfg->init_credit = 0;
892 }
893 }
894
895 std::unique_ptr<tL2CAP_ERTM_INFO> ertm_info;
896 if (!sock->is_le_coc) {
897 ertm_info.reset(new tL2CAP_ERTM_INFO(obex_l2c_etm_opt));
898 }
899
900 BTA_JvL2capStartServer(connection_type, sock->security, std::move(ertm_info), sock->channel,
901 sock->rx_mtu, std::move(cfg), btsock_l2cap_cbk, sock->id);
902 }
903
904 /*
905 * Determine the local MTU for the offloaded L2CAP connection.
906 *
907 * The local MTU is selected as the minimum of:
908 * - The socket hal's offload capabilities (socket_cap.leCocCapabilities.mtu)
909 * - The application's requested maximum RX packet size (app_max_rx_packet_size)
910 *
911 * However, the MTU must be at least the minimum required by the L2CAP LE
912 * specification (L2CAP_SDU_LENGTH_LE_MIN).
913 */
914
btsock_l2cap_get_offload_mtu(uint16_t * rx_mtu,uint16_t app_max_rx_packet_size)915 static bool btsock_l2cap_get_offload_mtu(uint16_t* rx_mtu, uint16_t app_max_rx_packet_size) {
916 hal::SocketCapabilities socket_cap =
917 bluetooth::shim::GetLppOffloadManager()->GetSocketCapabilities();
918 if (!socket_cap.le_coc_capabilities.number_of_supported_sockets) {
919 return false;
920 }
921 /* Socket HAL client has already verified that the MTU is in a valid range. */
922 uint16_t mtu = static_cast<uint16_t>(socket_cap.le_coc_capabilities.mtu);
923 mtu = std::min(mtu, app_max_rx_packet_size);
924 if (mtu < L2CAP_SDU_LENGTH_LE_MIN) {
925 mtu = L2CAP_SDU_LENGTH_LE_MIN;
926 }
927 *rx_mtu = mtu;
928 return true;
929 }
930
btsock_l2cap_listen_or_connect(const char * name,const RawAddress * addr,int channel,int * sock_fd,int flags,char listen,int app_uid,btsock_data_path_t data_path,const char * socket_name,uint64_t hub_id,uint64_t endpoint_id,int max_rx_packet_size)931 static bt_status_t btsock_l2cap_listen_or_connect(const char* name, const RawAddress* addr,
932 int channel, int* sock_fd, int flags, char listen,
933 int app_uid, btsock_data_path_t data_path,
934 const char* socket_name, uint64_t hub_id,
935 uint64_t endpoint_id, int max_rx_packet_size) {
936 if (!is_inited()) {
937 return BT_STATUS_NOT_READY;
938 }
939
940 bool is_le_coc = (flags & BTSOCK_FLAG_LE_COC) != 0;
941
942 if (is_le_coc) {
943 if (listen) {
944 if (flags & BTSOCK_FLAG_NO_SDP) {
945 /* For LE COC server; set channel to zero so that it will be assigned */
946 channel = 0;
947 } else if (channel <= 0) {
948 log::error("type BTSOCK_L2CAP_LE: invalid channel={}", channel);
949 return BT_STATUS_SOCKET_ERROR;
950 }
951 } else {
952 // Ensure device is in inquiry database during L2CAP CoC connection
953 btif_check_device_in_inquiry_db(*addr);
954 }
955 }
956
957 if (!sock_fd) {
958 log::info("Invalid socket descriptor");
959 return BT_STATUS_PARM_INVALID;
960 }
961
962 // TODO: This is kind of bad to lock here, but it is needed for the current
963 // design.
964 std::unique_lock<std::mutex> lock(state_lock);
965 l2cap_socket* sock = btsock_l2cap_alloc_l(name, addr, listen, flags);
966 if (!sock) {
967 return BT_STATUS_NOMEM;
968 }
969
970 sock->channel = channel;
971 sock->app_uid = app_uid;
972 sock->is_le_coc = is_le_coc;
973 if (com::android::bluetooth::flags::socket_settings_api() && // Added with aosp/3349377
974 data_path == BTSOCK_DATA_PATH_HARDWARE_OFFLOAD) {
975 if (!btsock_l2cap_get_offload_mtu(&sock->rx_mtu, static_cast<uint16_t>(max_rx_packet_size))) {
976 return BT_STATUS_UNSUPPORTED;
977 }
978 } else {
979 sock->rx_mtu = is_le_coc ? L2CAP_SDU_LENGTH_LE_MAX : L2CAP_SDU_LENGTH_MAX;
980 }
981 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349374
982 sock->data_path = data_path;
983 if (socket_name) {
984 strncpy(sock->socket_name, socket_name, sizeof(sock->socket_name) - 1);
985 sock->socket_name[sizeof(sock->socket_name) - 1] = '\0';
986 }
987 sock->hub_id = hub_id;
988 sock->endpoint_id = endpoint_id;
989 }
990
991 /* "role" is never initialized in rfcomm code */
992 if (listen) {
993 btsock_l2cap_server_listen(sock);
994 // start monitoring the socketpair to get call back when app is accepting on server socket
995 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349375
996 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, sock->id);
997 }
998 } else {
999 tBTA_JV_CONN_TYPE connection_type =
1000 sock->is_le_coc ? tBTA_JV_CONN_TYPE::L2CAP_LE : tBTA_JV_CONN_TYPE::L2CAP;
1001
1002 /* Setup ETM settings: mtu will be set below */
1003 std::unique_ptr<tL2CAP_CFG_INFO> cfg = std::make_unique<tL2CAP_CFG_INFO>(
1004 tL2CAP_CFG_INFO{.fcr_present = true, .fcr = kDefaultErtmOptions});
1005 /* For hardware offload data path, host stack sets the initial credits to 0. The offload stack
1006 * should send initial credits to peer device through L2CAP signaling command when the data path
1007 * is switched successfully. */
1008 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349376
1009 if (sock->data_path == BTSOCK_DATA_PATH_HARDWARE_OFFLOAD) {
1010 cfg->init_credit_present = true;
1011 cfg->init_credit = 0;
1012 }
1013 }
1014
1015 std::unique_ptr<tL2CAP_ERTM_INFO> ertm_info;
1016 if (!sock->is_le_coc) {
1017 ertm_info.reset(new tL2CAP_ERTM_INFO(obex_l2c_etm_opt));
1018 }
1019
1020 BTA_JvL2capConnect(connection_type, sock->security, std::move(ertm_info), channel, sock->rx_mtu,
1021 std::move(cfg), sock->addr, btsock_l2cap_cbk, sock->id);
1022 }
1023
1024 *sock_fd = sock->app_fd;
1025 /* We pass the FD to JAVA, but since it runs in another process, we need to
1026 * also close it in native, either straight away, as done when accepting an
1027 * incoming connection, or when doing cleanup after this socket */
1028 sock->app_fd = -1;
1029 /*This leaks the file descriptor. The FD should be closed in JAVA but it
1030 * apparently do not work */
1031 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_EXCEPTION, sock->id);
1032
1033 return BT_STATUS_SUCCESS;
1034 }
1035
btsock_l2cap_listen(const char * name,int channel,int * sock_fd,int flags,int app_uid,btsock_data_path_t data_path,const char * socket_name,uint64_t hub_id,uint64_t endpoint_id,int max_rx_packet_size)1036 bt_status_t btsock_l2cap_listen(const char* name, int channel, int* sock_fd, int flags, int app_uid,
1037 btsock_data_path_t data_path, const char* socket_name,
1038 uint64_t hub_id, uint64_t endpoint_id, int max_rx_packet_size) {
1039 return btsock_l2cap_listen_or_connect(name, NULL, channel, sock_fd, flags, 1, app_uid, data_path,
1040 socket_name, hub_id, endpoint_id, max_rx_packet_size);
1041 }
1042
btsock_l2cap_connect(const RawAddress * bd_addr,int channel,int * sock_fd,int flags,int app_uid,btsock_data_path_t data_path,const char * socket_name,uint64_t hub_id,uint64_t endpoint_id,int max_rx_packet_size)1043 bt_status_t btsock_l2cap_connect(const RawAddress* bd_addr, int channel, int* sock_fd, int flags,
1044 int app_uid, btsock_data_path_t data_path, const char* socket_name,
1045 uint64_t hub_id, uint64_t endpoint_id, int max_rx_packet_size) {
1046 return btsock_l2cap_listen_or_connect(NULL, bd_addr, channel, sock_fd, flags, 0, app_uid,
1047 data_path, socket_name, hub_id, endpoint_id,
1048 max_rx_packet_size);
1049 }
1050
1051 /* return true if we have more to send and should wait for user readiness, false
1052 * else
1053 * (for example: unrecoverable error or no data)
1054 */
flush_incoming_que_on_wr_signal_l(l2cap_socket * sock)1055 static bool flush_incoming_que_on_wr_signal_l(l2cap_socket* sock) {
1056 uint8_t* buf;
1057 uint32_t len;
1058
1059 while (packet_get_head_l(sock, &buf, &len)) {
1060 ssize_t sent;
1061 OSI_NO_INTR(sent = send(sock->our_fd, buf, len, MSG_DONTWAIT));
1062 int saved_errno = errno;
1063
1064 if (sent == (signed)len) {
1065 osi_free(buf);
1066 } else if (sent >= 0) {
1067 packet_put_head_l(sock, buf + sent, len - sent);
1068 osi_free(buf);
1069 if (!sent) { /* special case if other end not keeping up */
1070 return true;
1071 }
1072 } else {
1073 packet_put_head_l(sock, buf, len);
1074 osi_free(buf);
1075 return saved_errno == EWOULDBLOCK || saved_errno == EAGAIN;
1076 }
1077 }
1078
1079 return false;
1080 }
1081
malloc_l2cap_buf(uint16_t len)1082 inline BT_HDR* malloc_l2cap_buf(uint16_t len) {
1083 // We need FCS only for L2CAP_FCR_ERTM_MODE, but it's just 2 bytes so it's ok
1084 BT_HDR* msg = (BT_HDR*)osi_malloc(BT_HDR_SIZE + L2CAP_MIN_OFFSET + len + L2CAP_FCS_LENGTH);
1085 msg->offset = L2CAP_MIN_OFFSET;
1086 msg->len = len;
1087 return msg;
1088 }
1089
get_l2cap_sdu_start_ptr(BT_HDR * msg)1090 inline uint8_t* get_l2cap_sdu_start_ptr(BT_HDR* msg) {
1091 return (uint8_t*)(msg) + BT_HDR_SIZE + msg->offset;
1092 }
1093
1094 // state_lock taken by caller
btsock_l2cap_read_signaled_on_connected_socket(int fd,int flags,uint32_t user_id,l2cap_socket * sock)1095 static bool btsock_l2cap_read_signaled_on_connected_socket(int fd, int flags, uint32_t user_id,
1096 l2cap_socket* sock) {
1097 if (!sock->connected) {
1098 return false;
1099 }
1100 int size = 0;
1101 bool ioctl_success = ioctl(sock->our_fd, FIONREAD, &size) == 0;
1102 if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl_success && size)) {
1103 /* FIONREAD return number of bytes that are immediately available for
1104 reading, might be bigger than awaiting packet.
1105
1106 BluetoothSocket.write(...) guarantees that any packet send to this
1107 socket is broken into pieces no bigger than MTU bytes (as requested
1108 by BT spec). */
1109 size = std::min(size, (int)sock->tx_mtu);
1110
1111 BT_HDR* buffer = malloc_l2cap_buf(size);
1112 /* The socket is created with SOCK_SEQPACKET, hence we read one message
1113 * at the time. */
1114 ssize_t count;
1115 OSI_NO_INTR(count = recv(fd, get_l2cap_sdu_start_ptr(buffer), size,
1116 MSG_NOSIGNAL | MSG_DONTWAIT | MSG_TRUNC));
1117 if (count > sock->tx_mtu) {
1118 /* This can't happen thanks to check in BluetoothSocket.java but leave
1119 * this in case this socket is ever used anywhere else*/
1120 log::error("recv more than MTU. Data will be lost: {}", count);
1121 count = sock->tx_mtu;
1122 }
1123
1124 /* When multiple packets smaller than MTU are flushed to the socket, the
1125 size of the single packet read could be smaller than the ioctl
1126 reported total size of awaiting packets. Hence, we adjust the buffer
1127 length. */
1128 buffer->len = count;
1129
1130 // will take care of freeing buffer
1131 BTA_JvL2capWrite(sock->handle, PTR_TO_UINT(buffer), buffer, user_id);
1132 }
1133 return true;
1134 }
1135
1136 // state_lock taken by caller
btsock_l2cap_read_signaled_on_listen_socket(int fd,int,uint32_t,l2cap_socket * sock)1137 static bool btsock_l2cap_read_signaled_on_listen_socket(int fd, int /* flags */,
1138 uint32_t /* user_id */,
1139 l2cap_socket* sock) {
1140 int size = 0;
1141 bool ioctl_success = ioctl(sock->our_fd, FIONREAD, &size) == 0;
1142 if (ioctl_success && size) {
1143 sock_accept_signal_t accept_signal = {};
1144 ssize_t count;
1145 OSI_NO_INTR(count = recv(fd, reinterpret_cast<uint8_t*>(&accept_signal), sizeof(accept_signal),
1146 MSG_NOSIGNAL | MSG_DONTWAIT | MSG_TRUNC));
1147 if (count != sizeof(accept_signal) || count != accept_signal.size) {
1148 log::error("Unexpected count: {}, sizeof(accept_signal): {}, accept_signal.size: {}", count,
1149 sizeof(accept_signal), accept_signal.size);
1150 return false;
1151 }
1152 sock->is_accepting = accept_signal.is_accepting;
1153 log::info("Server socket: {}, is_accepting: {}", sock->id, sock->is_accepting);
1154 }
1155 return true;
1156 }
1157
btsock_l2cap_signaled_flagged(int fd,int flags,uint32_t user_id)1158 static void btsock_l2cap_signaled_flagged(int fd, int flags, uint32_t user_id) {
1159 char drop_it = false;
1160 btsock_error_code_t error_code = BTSOCK_ERROR_NONE;
1161
1162 /* We use MSG_DONTWAIT when sending data to JAVA, hence it can be accepted to
1163 * hold the lock. */
1164 std::unique_lock<std::mutex> lock(state_lock);
1165 l2cap_socket* sock = btsock_l2cap_find_by_id_l(user_id);
1166 if (!sock) {
1167 return;
1168 }
1169 if (flags & SOCK_THREAD_FD_RD) {
1170 if (!sock->server) {
1171 // app sending data on connection socket
1172 if (!btsock_l2cap_read_signaled_on_connected_socket(fd, flags, user_id, sock)) {
1173 error_code = BTSOCK_ERROR_READ_SIGNALED_FAILURE;
1174 drop_it = true;
1175 }
1176 } else {
1177 // app sending signal on listen socket
1178 if (!btsock_l2cap_read_signaled_on_listen_socket(fd, flags, user_id, sock)) {
1179 error_code = BTSOCK_ERROR_READ_SIGNALED_FAILURE;
1180 drop_it = true;
1181 }
1182 }
1183 }
1184 if (flags & SOCK_THREAD_FD_WR) {
1185 // app is ready to receive more data, tell stack to enable the data flow
1186 if (flush_incoming_que_on_wr_signal_l(sock) && sock->connected) {
1187 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_WR, sock->id);
1188 }
1189 }
1190 if (drop_it || (flags & SOCK_THREAD_FD_EXCEPTION)) {
1191 int size = 0;
1192 if (drop_it || ioctl(sock->our_fd, FIONREAD, &size) != 0 || size == 0) {
1193 btsock_l2cap_free_l(sock, error_code);
1194 }
1195 }
1196 }
1197
btsock_l2cap_signaled(int fd,int flags,uint32_t user_id)1198 void btsock_l2cap_signaled(int fd, int flags, uint32_t user_id) {
1199 if (com::android::bluetooth::flags::socket_settings_api()) { // Added with aosp/3349375
1200 btsock_l2cap_signaled_flagged(fd, flags, user_id);
1201 return;
1202 }
1203 char drop_it = false;
1204 btsock_error_code_t error_code = BTSOCK_ERROR_NONE;
1205
1206 /* We use MSG_DONTWAIT when sending data to JAVA, hence it can be accepted to
1207 * hold the lock. */
1208 std::unique_lock<std::mutex> lock(state_lock);
1209 l2cap_socket* sock = btsock_l2cap_find_by_id_l(user_id);
1210 if (!sock) {
1211 return;
1212 }
1213
1214 if ((flags & SOCK_THREAD_FD_RD) && !sock->server) {
1215 // app sending data
1216 if (sock->connected) {
1217 int size = 0;
1218 bool ioctl_success = ioctl(sock->our_fd, FIONREAD, &size) == 0;
1219 if (!(flags & SOCK_THREAD_FD_EXCEPTION) || (ioctl_success && size)) {
1220 /* FIONREAD return number of bytes that are immediately available for
1221 reading, might be bigger than awaiting packet.
1222
1223 BluetoothSocket.write(...) guarantees that any packet send to this
1224 socket is broken into pieces no bigger than MTU bytes (as requested
1225 by BT spec). */
1226 size = std::min(size, (int)sock->tx_mtu);
1227
1228 BT_HDR* buffer = malloc_l2cap_buf(size);
1229 /* The socket is created with SOCK_SEQPACKET, hence we read one message
1230 * at the time. */
1231 ssize_t count;
1232 OSI_NO_INTR(count = recv(fd, get_l2cap_sdu_start_ptr(buffer), size,
1233 MSG_NOSIGNAL | MSG_DONTWAIT | MSG_TRUNC));
1234 if (count > sock->tx_mtu) {
1235 /* This can't happen thanks to check in BluetoothSocket.java but leave
1236 * this in case this socket is ever used anywhere else*/
1237 log::error("recv more than MTU. Data will be lost: {}", count);
1238 count = sock->tx_mtu;
1239 }
1240
1241 /* When multiple packets smaller than MTU are flushed to the socket, the
1242 size of the single packet read could be smaller than the ioctl
1243 reported total size of awaiting packets. Hence, we adjust the buffer
1244 length. */
1245 buffer->len = count;
1246
1247 // will take care of freeing buffer
1248 BTA_JvL2capWrite(sock->handle, PTR_TO_UINT(buffer), buffer, user_id);
1249 }
1250 } else {
1251 error_code = BTSOCK_ERROR_READ_SIGNALED_FAILURE;
1252 drop_it = true;
1253 }
1254 }
1255 if (flags & SOCK_THREAD_FD_WR) {
1256 // app is ready to receive more data, tell stack to enable the data flow
1257 if (flush_incoming_que_on_wr_signal_l(sock) && sock->connected) {
1258 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_WR, sock->id);
1259 }
1260 }
1261 if (drop_it || (flags & SOCK_THREAD_FD_EXCEPTION)) {
1262 int size = 0;
1263 if (drop_it || ioctl(sock->our_fd, FIONREAD, &size) != 0 || size == 0) {
1264 btsock_l2cap_free_l(sock, error_code);
1265 }
1266 }
1267 }
1268
btsock_l2cap_disconnect(const RawAddress * bd_addr)1269 bt_status_t btsock_l2cap_disconnect(const RawAddress* bd_addr) {
1270 if (!bd_addr) {
1271 return BT_STATUS_PARM_INVALID;
1272 }
1273 if (!is_inited()) {
1274 return BT_STATUS_NOT_READY;
1275 }
1276
1277 std::unique_lock<std::mutex> lock(state_lock);
1278 l2cap_socket* sock = socks;
1279
1280 while (sock) {
1281 l2cap_socket* next = sock->next;
1282 if (sock->addr == *bd_addr) {
1283 btsock_l2cap_free_l(sock, BTSOCK_ERROR_NONE);
1284 }
1285 sock = next;
1286 }
1287
1288 return BT_STATUS_SUCCESS;
1289 }
1290
btsock_l2cap_get_l2cap_local_cid(Uuid & conn_uuid,uint16_t * cid)1291 bt_status_t btsock_l2cap_get_l2cap_local_cid(Uuid& conn_uuid, uint16_t* cid) {
1292 l2cap_socket* sock;
1293
1294 std::unique_lock<std::mutex> lock(state_lock);
1295 sock = btsock_l2cap_find_by_conn_uuid_l(conn_uuid);
1296 if (!sock) {
1297 log::error("Unable to find l2cap socket with conn_uuid:{}", conn_uuid.ToString());
1298 return BT_STATUS_SOCKET_ERROR;
1299 }
1300 *cid = sock->local_cid;
1301 return BT_STATUS_SUCCESS;
1302 }
1303
btsock_l2cap_get_l2cap_remote_cid(Uuid & conn_uuid,uint16_t * cid)1304 bt_status_t btsock_l2cap_get_l2cap_remote_cid(Uuid& conn_uuid, uint16_t* cid) {
1305 l2cap_socket* sock;
1306
1307 std::unique_lock<std::mutex> lock(state_lock);
1308 sock = btsock_l2cap_find_by_conn_uuid_l(conn_uuid);
1309 if (!sock) {
1310 log::error("Unable to find l2cap socket with conn_uuid:{}", conn_uuid.ToString());
1311 return BT_STATUS_SOCKET_ERROR;
1312 }
1313 *cid = sock->remote_cid;
1314 return BT_STATUS_SUCCESS;
1315 }
1316
1317 // TODO(b/380189525): Replace the randomized socket ID with static counter when we don't have
1318 // security concerns about using static counter.
btif_l2cap_sock_generate_socket_id()1319 static uint64_t btif_l2cap_sock_generate_socket_id() {
1320 uint64_t socket_id;
1321 do {
1322 socket_id = bluetooth::os::GenerateRandomUint64();
1323 } while (!socket_id);
1324 return socket_id;
1325 }
1326
1327 /* only call with state_lock taken */
btsock_l2cap_find_by_socket_id_l(uint64_t socket_id)1328 static l2cap_socket* btsock_l2cap_find_by_socket_id_l(uint64_t socket_id) {
1329 l2cap_socket* sock = socks;
1330
1331 while (sock) {
1332 if (sock->socket_id == socket_id) {
1333 return sock;
1334 }
1335 sock = sock->next;
1336 }
1337
1338 return nullptr;
1339 }
1340
btsock_l2cap_in_use(uint64_t socket_id)1341 bool btsock_l2cap_in_use(uint64_t socket_id) {
1342 std::unique_lock<std::mutex> lock(state_lock);
1343 return btsock_l2cap_find_by_socket_id_l(socket_id) != nullptr;
1344 }
1345
on_btsocket_l2cap_opened_complete(uint64_t socket_id,bool success)1346 void on_btsocket_l2cap_opened_complete(uint64_t socket_id, bool success) {
1347 l2cap_socket* sock;
1348
1349 std::unique_lock<std::mutex> lock(state_lock);
1350 sock = btsock_l2cap_find_by_socket_id_l(socket_id);
1351 if (!sock) {
1352 log::error("Unable to find l2cap socket with socket_id:{}", socket_id);
1353 return;
1354 }
1355 if (!success) {
1356 log::error("L2CAP opened complete failed with socket_id:{}", socket_id);
1357 btsock_l2cap_free_l(sock, BTSOCK_ERROR_OPEN_FAILURE);
1358 return;
1359 }
1360 // If the socket was accepted from listen socket, use listen_fd.
1361 if (sock->listen_fd != -1) {
1362 send_app_connect_signal(sock->listen_fd, &sock->addr, sock->channel, 0, sock->app_fd,
1363 sock->rx_mtu, sock->tx_mtu, sock->conn_uuid, sock->socket_id);
1364 // The fd is closed after sent to app in send_app_connect_signal()
1365 sock->app_fd = -1;
1366 } else {
1367 if (!send_app_psm_or_chan_l(sock)) {
1368 log::error("Unable to send l2cap socket to application socket_id:{}", sock->id);
1369 return;
1370 }
1371 if (!send_app_connect_signal(sock->our_fd, &sock->addr, sock->channel, 0, -1, sock->rx_mtu,
1372 sock->tx_mtu, sock->conn_uuid, sock->socket_id)) {
1373 log::error("Unable to connect l2cap socket to application socket_id:{}", sock->id);
1374 return;
1375 }
1376
1377 log::info(
1378 "Connected to L2CAP connection for device: {}, channel: {}, app_uid: {}, id: {}, "
1379 "is_le: {}, socket_id: {}, rx_mtu: {}",
1380 sock->addr, sock->channel, sock->app_uid, sock->id, sock->is_le_coc, sock->socket_id,
1381 sock->rx_mtu);
1382 btif_sock_connection_logger(
1383 sock->addr, sock->id, sock->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
1384 SOCKET_CONNECTION_STATE_CONNECTED,
1385 sock->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, sock->app_uid,
1386 sock->channel, 0, 0, sock->name, 0, BTSOCK_ERROR_NONE, sock->data_path);
1387 sock->connection_start_time_ms = common::time_gettimeofday_us() / 1000;
1388
1389 log::info("Connected l2cap socket socket_id:{}", sock->id);
1390 sock->connected = true;
1391 }
1392 }
1393
on_btsocket_l2cap_close(uint64_t socket_id)1394 void on_btsocket_l2cap_close(uint64_t socket_id) {
1395 l2cap_socket* sock;
1396
1397 std::unique_lock<std::mutex> lock(state_lock);
1398 sock = btsock_l2cap_find_by_socket_id_l(socket_id);
1399 if (!sock) {
1400 log::error("Unable to find l2cap socket with socket_id:{}", socket_id);
1401 return;
1402 }
1403 log::info("L2CAP close request for socket_id:{}", socket_id);
1404 btsock_l2cap_free_l(sock, BTSOCK_ERROR_NONE);
1405 }
1406
on_cl_l2cap_psm_connect_offload_l(tBTA_JV_L2CAP_OPEN * p_open,l2cap_socket * sock)1407 static void on_cl_l2cap_psm_connect_offload_l(tBTA_JV_L2CAP_OPEN* p_open, l2cap_socket* sock) {
1408 sock->addr = p_open->rem_bda;
1409 sock->tx_mtu = p_open->tx_mtu;
1410 sock->local_cid = p_open->local_cid;
1411 sock->remote_cid = p_open->remote_cid;
1412 // TODO(b/342012881) Remove connection uuid when offload socket API is landed.
1413 Uuid uuid = Uuid::From128BitBE(bluetooth::os::GenerateRandom<Uuid::kNumBytes128>());
1414 sock->conn_uuid = uuid;
1415 sock->socket_id = btif_l2cap_sock_generate_socket_id();
1416
1417 log::info(
1418 "Connected to L2CAP connection for device: {}, channel: {}, app_uid: {}, "
1419 "id: {}, is_le: {}, socket_id: {}, rx_mtu: {}",
1420 sock->addr, sock->channel, sock->app_uid, sock->id, sock->is_le_coc, sock->socket_id,
1421 sock->rx_mtu);
1422 btif_sock_connection_logger(
1423 sock->addr, sock->id, sock->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
1424 SOCKET_CONNECTION_STATE_CONNECTED,
1425 sock->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, sock->app_uid, sock->channel,
1426 0, 0, sock->name, 0, BTSOCK_ERROR_NONE, sock->data_path);
1427 sock->connection_start_time_ms = common::time_gettimeofday_us() / 1000;
1428
1429 bluetooth::hal::SocketContext socket_context = {
1430 .socket_id = sock->socket_id,
1431 .name = sock->socket_name,
1432 .acl_connection_handle = p_open->acl_handle,
1433 .channel_info = bluetooth::hal::LeCocChannelInfo(
1434 p_open->local_cid, p_open->remote_cid, static_cast<uint16_t>(sock->channel),
1435 sock->rx_mtu, sock->tx_mtu, p_open->local_coc_mps, p_open->remote_coc_mps,
1436 p_open->local_coc_credit, p_open->remote_coc_credit),
1437 .endpoint_info.hub_id = sock->hub_id,
1438 .endpoint_info.endpoint_id = sock->endpoint_id,
1439 };
1440 if (!bluetooth::shim::GetLppOffloadManager()->SocketOpened(socket_context)) {
1441 log::warn("L2CAP socket opened failed. Disconnect the incoming connection.");
1442 btsock_l2cap_free_l(sock, BTSOCK_ERROR_OFFLOAD_HAL_OPEN_FAILURE);
1443 } else {
1444 log::info(
1445 "L2CAP socket opened successful. Will send connect signal in "
1446 "on_btsocket_l2cap_opened_complete() asynchronously.");
1447 }
1448 }
1449
on_srv_l2cap_psm_connect_offload_l(tBTA_JV_L2CAP_OPEN * p_open,l2cap_socket * sock)1450 static void on_srv_l2cap_psm_connect_offload_l(tBTA_JV_L2CAP_OPEN* p_open, l2cap_socket* sock) {
1451 // std::mutex locked by caller
1452 l2cap_socket* accept_rs = btsock_l2cap_alloc_l(sock->name, &p_open->rem_bda, false, 0);
1453 accept_rs->connected = true;
1454 accept_rs->security = sock->security;
1455 accept_rs->channel = sock->channel;
1456 accept_rs->handle = sock->handle;
1457 accept_rs->app_uid = sock->app_uid;
1458 sock->handle = -1; /* We should no longer associate this handle with the server socket */
1459 accept_rs->is_le_coc = sock->is_le_coc;
1460 accept_rs->tx_mtu = sock->tx_mtu = p_open->tx_mtu;
1461 accept_rs->rx_mtu = sock->rx_mtu;
1462 accept_rs->local_cid = p_open->local_cid;
1463 accept_rs->remote_cid = p_open->remote_cid;
1464 // TODO(b/342012881) Remove connection uuid when offload socket API is landed.
1465 Uuid uuid = Uuid::From128BitBE(bluetooth::os::GenerateRandom<Uuid::kNumBytes128>());
1466 accept_rs->conn_uuid = uuid;
1467 accept_rs->socket_id = btif_l2cap_sock_generate_socket_id();
1468 accept_rs->data_path = sock->data_path;
1469 strncpy(accept_rs->socket_name, sock->socket_name, sizeof(accept_rs->socket_name) - 1);
1470 accept_rs->socket_name[sizeof(accept_rs->socket_name) - 1] = '\0';
1471 accept_rs->hub_id = sock->hub_id;
1472 accept_rs->endpoint_id = sock->endpoint_id;
1473 accept_rs->listen_fd = sock->our_fd;
1474
1475 /* Swap IDs to hand over the GAP connection to the accepted socket, and start
1476 a new server on the newly create socket ID. */
1477 uint32_t new_listen_id = accept_rs->id;
1478 accept_rs->id = sock->id;
1479 sock->id = new_listen_id;
1480
1481 log::info(
1482 "Connected to L2CAP connection for device: {}, channel: {}, app_uid: {}, "
1483 "id: {}, is_le: {}, socket_id: {}, rx_mtu: {}",
1484 accept_rs->addr, accept_rs->channel, accept_rs->app_uid, accept_rs->id,
1485 accept_rs->is_le_coc, accept_rs->socket_id, accept_rs->rx_mtu);
1486 btif_sock_connection_logger(
1487 accept_rs->addr, accept_rs->id, accept_rs->is_le_coc ? BTSOCK_L2CAP_LE : BTSOCK_L2CAP,
1488 SOCKET_CONNECTION_STATE_CONNECTED,
1489 accept_rs->server ? SOCKET_ROLE_LISTEN : SOCKET_ROLE_CONNECTION, accept_rs->app_uid,
1490 accept_rs->channel, 0, 0, accept_rs->name, 0, BTSOCK_ERROR_NONE, accept_rs->data_path);
1491 accept_rs->connection_start_time_ms = common::time_gettimeofday_us() / 1000;
1492
1493 bluetooth::hal::SocketContext socket_context = {
1494 .socket_id = accept_rs->socket_id,
1495 .name = accept_rs->socket_name,
1496 .acl_connection_handle = p_open->acl_handle,
1497 .channel_info = bluetooth::hal::LeCocChannelInfo(
1498 p_open->local_cid, p_open->remote_cid, static_cast<uint16_t>(accept_rs->channel),
1499 accept_rs->rx_mtu, accept_rs->tx_mtu, p_open->local_coc_mps,
1500 p_open->remote_coc_mps, p_open->local_coc_credit, p_open->remote_coc_credit),
1501 .endpoint_info.hub_id = accept_rs->hub_id,
1502 .endpoint_info.endpoint_id = accept_rs->endpoint_id,
1503 };
1504 if (!sock->is_accepting) {
1505 log::warn("Server socket is not accepting. Disconnect the incoming connection.");
1506 btsock_l2cap_free_l(accept_rs, BTSOCK_ERROR_OFFLOAD_SERVER_NOT_ACCEPTING);
1507 } else if (!bluetooth::shim::GetLppOffloadManager()->SocketOpened(socket_context)) {
1508 log::warn("L2CAP socket opened failed. Disconnect the incoming connection.");
1509 btsock_l2cap_free_l(accept_rs, BTSOCK_ERROR_OFFLOAD_HAL_OPEN_FAILURE);
1510 } else {
1511 log::info("L2CAP socket opened successful. Will send connect signal in async callback.");
1512 }
1513 // start monitor the socket
1514 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_EXCEPTION, sock->id);
1515 btsock_l2cap_server_listen(sock);
1516 // start monitoring the socketpair to get call back when app is accepting on server socket
1517 btsock_thread_add_fd(pth, sock->our_fd, BTSOCK_L2CAP, SOCK_THREAD_FD_RD, sock->id);
1518 }
1519