• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2000-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains functions that handle ACL connections. This includes
22  *  operations such as hold and sniff modes, supported packet types.
23  *
24  ******************************************************************************/
25 
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdio.h>
29 #include <stddef.h>
30 
31 #include "bt_types.h"
32 #include "bt_target.h"
33 #include "gki.h"
34 #include "hcimsgs.h"
35 #include "btu.h"
36 #include "btm_api.h"
37 #include "btm_int.h"
38 #include "l2c_int.h"
39 #include "hcidefs.h"
40 
41 static void btm_establish_continue (tACL_CONN *p_acl_cb);
42 static void btm_read_remote_features (UINT16 handle);
43 static void btm_read_remote_ext_features (UINT16 handle, UINT8 page_number);
44 static void btm_process_remote_ext_features_page (tACL_CONN *p_acl_cb, tBTM_SEC_DEV_REC *p_dev_rec,
45                                                   UINT8 page_idx);
46 static void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, UINT8 num_read_pages);
47 
48 #define BTM_DEV_REPLY_TIMEOUT   3       /* 3 second timeout waiting for responses */
49 
50 /*******************************************************************************
51 **
52 ** Function         btm_save_remote_device_role
53 **
54 ** Description      This function is to save remote device role
55 **
56 ** Returns          void
57 **
58 *******************************************************************************/
btm_save_remote_device_role(BD_ADDR bd_addr,UINT8 role)59 static void btm_save_remote_device_role(BD_ADDR bd_addr, UINT8 role)
60 {
61     UINT8 i, j;
62     if (role == BTM_ROLE_UNDEFINED) return;
63 
64     for (i = 0; i < BTM_ROLE_DEVICE_NUM; i++) {
65         if ((btm_cb.previous_connected_role[i] != BTM_ROLE_UNDEFINED) &&
66             (!bdcmp(bd_addr, btm_cb.previous_connected_remote_addr[i]))) {
67             break;
68         }
69     }
70 
71     if (i < BTM_ROLE_DEVICE_NUM) {
72         UINT8 end;
73         if (i < btm_cb.front) {
74             for (j = i; j > 0; j--) {
75                 bdcpy(btm_cb.previous_connected_remote_addr[j],
76                     btm_cb.previous_connected_remote_addr[j-1]);
77             }
78             bdcpy(btm_cb.previous_connected_remote_addr[0],
79                 btm_cb.previous_connected_remote_addr[BTM_ROLE_DEVICE_NUM-1]);
80             end = BTM_ROLE_DEVICE_NUM-1;
81         } else {
82             end = i;
83         }
84 
85         for (j = end; j > btm_cb.front; j--) {
86             bdcpy(btm_cb.previous_connected_remote_addr[j],
87                 btm_cb.previous_connected_remote_addr[j-1]);
88         }
89     }
90 
91     bdcpy(btm_cb.previous_connected_remote_addr[btm_cb.front], bd_addr);
92     btm_cb.previous_connected_role[btm_cb.front] = role;
93     btm_cb.front = (btm_cb.front + 1) % BTM_ROLE_DEVICE_NUM;
94 }
95 
96 /*******************************************************************************
97 **
98 ** Function         btm_acl_init
99 **
100 ** Description      This function is called at BTM startup to initialize
101 **
102 ** Returns          void
103 **
104 *******************************************************************************/
btm_acl_init(void)105 void btm_acl_init (void)
106 {
107     BTM_TRACE_DEBUG0 ("btm_acl_init");
108 #if 0  /* cleared in btm_init; put back in if called from anywhere else! */
109     memset (&btm_cb.acl_db, 0, sizeof (btm_cb.acl_db));
110 #if RFCOMM_INCLUDED == TRUE
111     memset (btm_cb.btm_scn, 0, BTM_MAX_SCN);          /* Initialize the SCN usage to FALSE */
112 #endif
113     btm_cb.btm_def_link_policy     = 0;
114 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
115     btm_cb.p_bl_changed_cb         = NULL;
116 #else
117     btm_cb.p_acl_changed_cb        = NULL;
118 #endif
119 #endif
120 
121     /* Initialize nonzero defaults */
122     btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT;
123     btm_cb.acl_disc_reason         = 0xff ;
124 }
125 
126 /*******************************************************************************
127 **
128 ** Function         btm_bda_to_acl
129 **
130 ** Description      This function returns the FIRST acl_db entry for the passed BDA.
131 **
132 ** Returns          Returns pointer to the ACL DB for the requested BDA if found.
133 **                  NULL if not found.
134 **
135 *******************************************************************************/
btm_bda_to_acl(BD_ADDR bda)136 tACL_CONN *btm_bda_to_acl (BD_ADDR bda)
137 {
138     tACL_CONN   *p = &btm_cb.acl_db[0];
139     UINT16       xx;
140     if (bda)
141     {
142         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
143         {
144             if ((p->in_use) && (!memcmp (p->remote_addr, bda, BD_ADDR_LEN)))
145             {
146                 BTM_TRACE_DEBUG0 ("btm_bda_to_acl found");
147                 return(p);
148             }
149         }
150     }
151 
152     /* If here, no BD Addr found */
153     return((tACL_CONN *)NULL);
154 }
155 
156 /*******************************************************************************
157 **
158 ** Function         btm_handle_to_acl_index
159 **
160 ** Description      This function returns the FIRST acl_db entry for the passed hci_handle.
161 **
162 ** Returns          index to the acl_db or MAX_L2CAP_LINKS.
163 **
164 *******************************************************************************/
btm_handle_to_acl_index(UINT16 hci_handle)165 UINT8 btm_handle_to_acl_index (UINT16 hci_handle)
166 {
167     tACL_CONN   *p = &btm_cb.acl_db[0];
168     UINT8       xx;
169     BTM_TRACE_DEBUG0 ("btm_handle_to_acl_index");
170     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
171     {
172         if ((p->in_use) && (p->hci_handle == hci_handle))
173         {
174             break;
175         }
176     }
177 
178     /* If here, no BD Addr found */
179     return(xx);
180 }
181 /*******************************************************************************
182 **
183 ** Function         btm_acl_created
184 **
185 ** Description      This function is called by L2CAP when an ACL connection
186 **                  is created.
187 **
188 ** Returns          void
189 **
190 *******************************************************************************/
btm_acl_created(BD_ADDR bda,DEV_CLASS dc,BD_NAME bdn,UINT16 hci_handle,UINT8 link_role,UINT8 is_le_link)191 void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
192                       UINT16 hci_handle, UINT8 link_role, UINT8 is_le_link)
193 {
194     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
195     UINT8             yy;
196     tACL_CONN        *p;
197     UINT8             xx;
198 
199     BTM_TRACE_DEBUG3 ("btm_acl_created hci_handle=%d link_role=%d  is_le_link=%d",
200                       hci_handle,link_role, is_le_link);
201     /* Ensure we don't have duplicates */
202     p = btm_bda_to_acl(bda);
203     if (p != (tACL_CONN *)NULL)
204     {
205         p->hci_handle = hci_handle;
206         p->link_role  = link_role;
207         btm_save_remote_device_role(bda, link_role);
208 #if BLE_INCLUDED == TRUE
209         p->is_le_link = is_le_link;
210 #endif
211         BTM_TRACE_DEBUG6 ("Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x",
212                           bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
213         BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy);
214         return;
215     }
216 
217     /* Allocate acl_db entry */
218     for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++)
219     {
220         if (!p->in_use)
221         {
222             p->in_use            = TRUE;
223             p->hci_handle        = hci_handle;
224             p->link_role         = link_role;
225             btm_save_remote_device_role(bda, link_role);
226             p->link_up_issued    = FALSE;
227 
228 #if BLE_INCLUDED == TRUE
229             p->is_le_link        = is_le_link;
230 
231             if (is_le_link)
232             {
233                 p->conn_addr_type = BLE_ADDR_PUBLIC;
234                 BTM_GetLocalDeviceAddr(p->conn_addr);
235             }
236 
237 #endif
238             p->restore_pkt_types = 0;   /* Only exists while SCO is active */
239             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
240 
241 #if BTM_PWR_MGR_INCLUDED == FALSE
242             p->mode             = BTM_ACL_MODE_NORMAL;
243 #else
244             btm_pm_sm_alloc(xx);
245 #endif /* BTM_PWR_MGR_INCLUDED == FALSE */
246 
247             memcpy (p->remote_addr, bda, BD_ADDR_LEN);
248 
249             if (dc)
250                 memcpy (p->remote_dc, dc, DEV_CLASS_LEN);
251 
252             if (bdn)
253                 memcpy (p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN);
254 
255             /* if BR/EDR do something more */
256             if (!is_le_link)
257             {
258                 btsnd_hcic_read_rmt_clk_offset (p->hci_handle);
259                 btsnd_hcic_rmt_ver_req (p->hci_handle);
260             }
261             p_dev_rec = btm_find_dev_by_handle (hci_handle);
262 
263 #if (BLE_INCLUDED == TRUE)
264             if (p_dev_rec )
265             {
266                 BTM_TRACE_DEBUG1 ("device_type=0x%x", p_dev_rec->device_type);
267             }
268 #endif
269 
270             if (p_dev_rec && !is_le_link)
271             {
272                 /* If remote features already known, copy them and continue connection setup */
273                 if ((p_dev_rec->num_read_pages) &&
274                     (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1)) /* sanity check */)
275                 {
276                     memcpy (p->peer_lmp_features, p_dev_rec->features,
277                         (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages));
278                     p->num_read_pages = p_dev_rec->num_read_pages;
279 
280                     if (BTM_SEC_MODE_SP == btm_cb.security_mode
281                         && HCI_SSP_HOST_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_1])
282                         && HCI_SIMPLE_PAIRING_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0]))
283                     {
284                         p_dev_rec->sm4 = BTM_SM4_TRUE;
285                     }
286                     else
287                     {
288                         p_dev_rec->sm4 |= BTM_SM4_KNOWN;
289                     }
290 
291                     btm_establish_continue (p);
292                     return;
293                 }
294             }
295 
296 #if (BLE_INCLUDED == TRUE)
297             /* If here, features are not known yet */
298             if (p_dev_rec && is_le_link)
299             {
300                 btm_establish_continue(p);
301 
302 #if (!defined(BTA_SKIP_BLE_READ_REMOTE_FEAT) || BTA_SKIP_BLE_READ_REMOTE_FEAT == FALSE)
303                 if (link_role == HCI_ROLE_MASTER)
304                 {
305                     btsnd_hcic_ble_read_remote_feat(p->hci_handle);
306                 }
307 #endif
308             }
309             else
310 #endif
311             {
312                 btm_read_remote_features (p->hci_handle);
313             }
314 
315             /* read page 1 - on rmt feature event for buffer reasons */
316             return;
317         }
318     }
319 }
320 
321 
322 /*******************************************************************************
323 **
324 ** Function         btm_acl_report_role_change
325 **
326 ** Description      This function is called when the local device is deemed
327 **                  to be down. It notifies L2CAP of the failure.
328 **
329 ** Returns          void
330 **
331 *******************************************************************************/
btm_acl_report_role_change(UINT8 hci_status,BD_ADDR bda)332 void btm_acl_report_role_change (UINT8 hci_status, BD_ADDR bda)
333 {
334     tBTM_ROLE_SWITCH_CMPL   ref_data;
335     BTM_TRACE_DEBUG0 ("btm_acl_report_role_change");
336     if (btm_cb.devcb.p_switch_role_cb
337         && (bda && (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, bda, BD_ADDR_LEN))))
338     {
339         memcpy (&ref_data, &btm_cb.devcb.switch_role_ref_data, sizeof(tBTM_ROLE_SWITCH_CMPL));
340         ref_data.hci_status = hci_status;
341         (*btm_cb.devcb.p_switch_role_cb)(&ref_data);
342         memset (&btm_cb.devcb.switch_role_ref_data, 0, sizeof(tBTM_ROLE_SWITCH_CMPL));
343         btm_cb.devcb.p_switch_role_cb = NULL;
344     }
345 }
346 
347 /*******************************************************************************
348 **
349 ** Function         btm_acl_removed
350 **
351 ** Description      This function is called by L2CAP when an ACL connection
352 **                  is removed. Since only L2CAP creates ACL links, we use
353 **                  the L2CAP link index as our index into the control blocks.
354 **
355 ** Returns          void
356 **
357 *******************************************************************************/
btm_acl_removed(BD_ADDR bda)358 void btm_acl_removed (BD_ADDR bda)
359 {
360     tACL_CONN   *p;
361 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
362     tBTM_BL_EVENT_DATA  evt_data;
363 #endif
364 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
365     tBTM_SEC_DEV_REC *p_dev_rec=NULL;
366 #endif
367 
368     BTM_TRACE_DEBUG0 ("btm_acl_removed");
369     p = btm_bda_to_acl(bda);
370     if (p != (tACL_CONN *)NULL)
371     {
372         p->in_use = FALSE;
373 
374         /* if the disconnected channel has a pending role switch, clear it now */
375         btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda);
376 
377         /* Only notify if link up has had a chance to be issued */
378         if (p->link_up_issued)
379         {
380             p->link_up_issued = FALSE;
381 
382             /* If anyone cares, tell him database changed */
383 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
384             if (btm_cb.p_bl_changed_cb)
385             {
386                 evt_data.event = BTM_BL_DISCN_EVT;
387                 evt_data.discn.p_bda = bda;
388 
389                 (*btm_cb.p_bl_changed_cb)(&evt_data);
390             }
391 
392             btm_acl_update_busy_level (BTM_BLI_ACL_DOWN_EVT);
393 #else
394             if (btm_cb.p_acl_changed_cb)
395                 (*btm_cb.p_acl_changed_cb) (bda, NULL, NULL, NULL, FALSE);
396 #endif
397         }
398 
399 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
400 
401         BTM_TRACE_DEBUG4 ("acl hci_handle=%d is_le_link=%d connectable_mode=0x%0x link_role=%d",
402                           p->hci_handle,
403                           p->is_le_link,
404                           btm_cb.ble_ctr_cb.inq_var.connectable_mode,
405                           p->link_role);
406 
407         p_dev_rec = btm_find_dev(bda);
408         if ( p_dev_rec)
409         {
410             BTM_TRACE_DEBUG1("before update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
411             if (p->is_le_link)
412             {
413                 BTM_TRACE_DEBUG0("LE link down");
414                 p_dev_rec->sec_flags &= ~(BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
415                 if ( (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN) == 0)
416                 {
417                     BTM_TRACE_DEBUG0("Not Bonded");
418                     p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHENTICATED | BTM_SEC_LINK_KEY_AUTHED);
419                 }
420                 else
421                 {
422                     BTM_TRACE_DEBUG0("Bonded");
423                 }
424             }
425             else
426             {
427                 BTM_TRACE_DEBUG0("Bletooth link down");
428                 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
429                                         | BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
430             }
431             BTM_TRACE_DEBUG1("after update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
432         }
433         else
434         {
435             BTM_TRACE_ERROR0("Device not found");
436 
437         }
438 #endif
439 
440         return;
441     }
442 }
443 
444 
445 /*******************************************************************************
446 **
447 ** Function         btm_acl_device_down
448 **
449 ** Description      This function is called when the local device is deemed
450 **                  to be down. It notifies L2CAP of the failure.
451 **
452 ** Returns          void
453 **
454 *******************************************************************************/
btm_acl_device_down(void)455 void btm_acl_device_down (void)
456 {
457     tACL_CONN   *p = &btm_cb.acl_db[0];
458     UINT16      xx;
459     BTM_TRACE_DEBUG0 ("btm_acl_device_down");
460     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
461     {
462         if (p->in_use)
463         {
464             BTM_TRACE_DEBUG1 ("hci_handle=%d HCI_ERR_HW_FAILURE ",p->hci_handle );
465             l2c_link_hci_disc_comp (p->hci_handle, HCI_ERR_HW_FAILURE);
466         }
467     }
468 }
469 
470 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
471 /*******************************************************************************
472 **
473 ** Function         btm_acl_update_busy_level
474 **
475 ** Description      This function is called to update the busy level of the system
476 **                  .
477 **
478 ** Returns          void
479 **
480 *******************************************************************************/
btm_acl_update_busy_level(tBTM_BLI_EVENT event)481 void btm_acl_update_busy_level (tBTM_BLI_EVENT event)
482 {
483     tBTM_BL_UPDATE_DATA  evt;
484     UINT8 busy_level;
485     BTM_TRACE_DEBUG0 ("btm_acl_update_busy_level");
486     switch (event)
487     {
488         case BTM_BLI_ACL_UP_EVT:
489             BTM_TRACE_DEBUG0 ("BTM_BLI_ACL_UP_EVT");
490             btm_cb.num_acl++;
491             break;
492         case BTM_BLI_ACL_DOWN_EVT:
493             if (btm_cb.num_acl)
494             {
495                 btm_cb.num_acl--;
496                 BTM_TRACE_DEBUG1 ("BTM_BLI_ACL_DOWN_EVT", btm_cb.num_acl);
497             }
498             else
499             {
500                 BTM_TRACE_ERROR0 ("BTM_BLI_ACL_DOWN_EVT issued, but num_acl already zero !!!");
501             }
502             break;
503         case BTM_BLI_PAGE_EVT:
504             BTM_TRACE_DEBUG0 ("BTM_BLI_PAGE_EVT");
505             btm_cb.is_paging = TRUE;
506             evt.busy_level_flags= BTM_BL_PAGING_STARTED;
507             break;
508         case BTM_BLI_PAGE_DONE_EVT:
509             BTM_TRACE_DEBUG0 ("BTM_BLI_PAGE_DONE_EVT");
510             btm_cb.is_paging = FALSE;
511             evt.busy_level_flags = BTM_BL_PAGING_COMPLETE;
512             break;
513         case BTM_BLI_INQ_EVT:
514             BTM_TRACE_DEBUG0 ("BTM_BLI_INQ_EVT");
515             btm_cb.is_inquiry = TRUE;
516             evt.busy_level_flags = BTM_BL_INQUIRY_STARTED;
517             break;
518         case BTM_BLI_INQ_CANCEL_EVT:
519             BTM_TRACE_DEBUG0 ("BTM_BLI_INQ_CANCEL_EVT");
520             btm_cb.is_inquiry = FALSE;
521             evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED;
522             break;
523         case BTM_BLI_INQ_DONE_EVT:
524             BTM_TRACE_DEBUG0 ("BTM_BLI_INQ_DONE_EVT");
525             btm_cb.is_inquiry = FALSE;
526             evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE;
527             break;
528     }
529 
530     if (btm_cb.is_paging || btm_cb.is_inquiry)
531         busy_level = 10;
532     else
533         busy_level = (UINT8)btm_cb.num_acl;
534 
535     if (busy_level != btm_cb.busy_level)
536     {
537         evt.event         = BTM_BL_UPDATE_EVT;
538         evt.busy_level    = busy_level;
539         btm_cb.busy_level = busy_level;
540         if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK))
541         {
542             (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
543         }
544     }
545 }
546 #endif
547 
548 
549 /*******************************************************************************
550 **
551 ** Function         BTM_GetRole
552 **
553 ** Description      This function is called to get the role of the local device
554 **                  for the ACL connection with the specified remote device
555 **
556 ** Returns          BTM_SUCCESS if connection exists.
557 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
558 **
559 *******************************************************************************/
BTM_GetRole(BD_ADDR remote_bd_addr,UINT8 * p_role)560 tBTM_STATUS BTM_GetRole (BD_ADDR remote_bd_addr, UINT8 *p_role)
561 {
562     tACL_CONN   *p;
563     BTM_TRACE_DEBUG0 ("BTM_GetRole");
564     if ((p = btm_bda_to_acl(remote_bd_addr)) == NULL)
565     {
566         *p_role = BTM_ROLE_UNDEFINED;
567         return(BTM_UNKNOWN_ADDR);
568     }
569 
570     /* Get the current role */
571     *p_role = p->link_role;
572     return(BTM_SUCCESS);
573 }
574 
575 
576 /*******************************************************************************
577 **
578 ** Function         BTM_SwitchRole
579 **
580 ** Description      This function is called to switch role between master and
581 **                  slave.  If role is already set it will do nothing.  If the
582 **                  command was initiated, the callback function is called upon
583 **                  completion.
584 **
585 ** Returns          BTM_SUCCESS if already in specified role.
586 **                  BTM_CMD_STARTED if command issued to controller.
587 **                  BTM_NO_RESOURCES if couldn't allocate memory to issue command
588 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
589 **                  BTM_MODE_UNSUPPORTED if local device does not support role switching
590 **                  BTM_BUSY if the previous command is not completed
591 **
592 *******************************************************************************/
BTM_SwitchRole(BD_ADDR remote_bd_addr,UINT8 new_role,tBTM_CMPL_CB * p_cb)593 tBTM_STATUS BTM_SwitchRole (BD_ADDR remote_bd_addr, UINT8 new_role, tBTM_CMPL_CB *p_cb)
594 {
595     tACL_CONN   *p;
596     tBTM_SEC_DEV_REC  *p_dev_rec = NULL;
597 #if BTM_SCO_INCLUDED == TRUE
598     BOOLEAN    is_sco_active;
599 #endif
600 #if BTM_PWR_MGR_INCLUDED == TRUE
601     tBTM_STATUS  status;
602     tBTM_PM_MODE pwr_mode;
603     tBTM_PM_PWR_MD settings;
604 #endif
605 #if (BT_USE_TRACES == TRUE)
606     BD_ADDR_PTR  p_bda;
607 #endif
608     BTM_TRACE_API6 ("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x",
609                     remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2],
610                     remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]);
611 
612     /* Make sure the local device supports switching */
613     if (!(HCI_SWITCH_SUPPORTED(btm_cb.devcb.local_lmp_features[HCI_EXT_FEATURES_PAGE_0])))
614         return(BTM_MODE_UNSUPPORTED);
615 
616     if (btm_cb.devcb.p_switch_role_cb && p_cb)
617     {
618 #if (BT_USE_TRACES == TRUE)
619         p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
620         BTM_TRACE_DEBUG6 ("Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x",
621                           p_bda[0], p_bda[1], p_bda[2],
622                           p_bda[3], p_bda[4], p_bda[5]);
623 #endif
624         return(BTM_BUSY);
625     }
626 
627     if ((p = btm_bda_to_acl(remote_bd_addr)) == NULL)
628         return(BTM_UNKNOWN_ADDR);
629 
630     /* Finished if already in desired role */
631     if (p->link_role == new_role)
632         return(BTM_SUCCESS);
633 
634 #if BTM_SCO_INCLUDED == TRUE
635     /* Check if there is any SCO Active on this BD Address */
636     is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr);
637 
638     if (is_sco_active == TRUE)
639         return(BTM_NO_RESOURCES);
640 #endif
641 
642     /* Ignore role switch request if the previous request was not completed */
643     if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE)
644     {
645         BTM_TRACE_DEBUG1 ("BTM_SwitchRole busy: %d",
646                           p->switch_role_state);
647         return(BTM_BUSY);
648     }
649 
650     /* Cannot switch role while parked or sniffing */
651 #if BTM_PWR_MGR_INCLUDED == FALSE
652     if (p->mode == HCI_MODE_PARK)
653     {
654         if (!btsnd_hcic_exit_park_mode (p->hci_handle))
655             return(BTM_NO_RESOURCES);
656 
657         p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
658     }
659     else if (p->mode == HCI_MODE_SNIFF)
660     {
661         if (!btsnd_hcic_exit_sniff_mode (p->hci_handle))
662             return(BTM_NO_RESOURCES);
663 
664         p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
665     }
666 #else   /* power manager is in use */
667 
668     if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS)
669         return(status);
670 
671     /* Wake up the link if in sniff or park before attempting switch */
672     if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF)
673     {
674         memset( (void*)&settings, 0, sizeof(settings));
675         settings.mode = BTM_PM_MD_ACTIVE;
676         status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
677         if (status != BTM_CMD_STARTED)
678             return(BTM_WRONG_MODE);
679 
680         p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
681     }
682 #endif
683     /* some devices do not support switch while encryption is on */
684     else
685     {
686         p_dev_rec = btm_find_dev (remote_bd_addr);
687         if ((p_dev_rec != NULL)
688             && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
689             && !BTM_EPR_AVAILABLE(p))
690         {
691             /* bypass turning off encryption if change link key is already doing it */
692             if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF)
693             {
694                 if (!btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
695                     return(BTM_NO_RESOURCES);
696                 else
697                     p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
698             }
699 
700             p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
701         }
702         else
703         {
704             if (!btsnd_hcic_switch_role (remote_bd_addr, new_role))
705                 return(BTM_NO_RESOURCES);
706 
707             p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
708 
709 #if BTM_DISC_DURING_RS == TRUE
710             if (p_dev_rec)
711                 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
712 #endif
713         }
714     }
715 
716     /* Initialize return structure in case request fails */
717     if (p_cb)
718     {
719         memcpy (btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr,
720                 BD_ADDR_LEN);
721         btm_cb.devcb.switch_role_ref_data.role = new_role;
722         /* initialized to an error code */
723         btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE;
724         btm_cb.devcb.p_switch_role_cb = p_cb;
725     }
726     return(BTM_CMD_STARTED);
727 }
728 
729 /*******************************************************************************
730 **
731 ** Function         BTM_ChangeLinkKey
732 **
733 ** Description      This function is called to change the link key of the
734 **                  connection.
735 **
736 ** Returns          BTM_CMD_STARTED if command issued to controller.
737 **                  BTM_NO_RESOURCES if couldn't allocate memory to issue command
738 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
739 **                  BTM_BUSY if the previous command is not completed
740 **
741 *******************************************************************************/
BTM_ChangeLinkKey(BD_ADDR remote_bd_addr,tBTM_CMPL_CB * p_cb)742 tBTM_STATUS BTM_ChangeLinkKey (BD_ADDR remote_bd_addr, tBTM_CMPL_CB *p_cb)
743 {
744     tACL_CONN   *p;
745     tBTM_SEC_DEV_REC  *p_dev_rec = NULL;
746 #if BTM_PWR_MGR_INCLUDED == TRUE
747     tBTM_STATUS  status;
748     tBTM_PM_MODE pwr_mode;
749     tBTM_PM_PWR_MD settings;
750 #endif
751     BTM_TRACE_DEBUG0 ("BTM_ChangeLinkKey");
752     if ((p = btm_bda_to_acl(remote_bd_addr)) == NULL)
753         return(BTM_UNKNOWN_ADDR);
754 
755     /* Ignore change link key request if the previsous request has not completed */
756     if (p->change_key_state != BTM_ACL_SWKEY_STATE_IDLE)
757     {
758         BTM_TRACE_DEBUG0 ("Link key change request declined since the previous request"
759                           " for this device has not completed ");
760         return(BTM_BUSY);
761     }
762 
763     memset (&btm_cb.devcb.chg_link_key_ref_data, 0, sizeof(tBTM_CHANGE_KEY_CMPL));
764 
765     /* Cannot change key while parked */
766 #if BTM_PWR_MGR_INCLUDED == FALSE
767     if (p->mode == HCI_MODE_PARK)
768     {
769         if (!btsnd_hcic_exit_park_mode (p->hci_handle))
770             return(BTM_NO_RESOURCES);
771 
772         p->change_key_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
773     }
774 #else   /* power manager is in use */
775 
776 
777     if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS)
778         return(status);
779 
780     /* Wake up the link if in park before attempting to change link keys */
781     if (pwr_mode == BTM_PM_MD_PARK)
782     {
783         memset( (void*)&settings, 0, sizeof(settings));
784         settings.mode = BTM_PM_MD_ACTIVE;
785         status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
786         if (status != BTM_CMD_STARTED)
787             return(BTM_WRONG_MODE);
788 
789         p->change_key_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
790     }
791 #endif
792     /* some devices do not support change of link key while encryption is on */
793     else if (((p_dev_rec = btm_find_dev (remote_bd_addr)) != NULL)
794              && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) && !BTM_EPR_AVAILABLE(p))
795     {
796         /* bypass turning off encryption if switch role is already doing it */
797         if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF)
798         {
799             if (!btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
800                 return(BTM_NO_RESOURCES);
801             else
802                 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
803         }
804 
805         p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
806     }
807     else    /* Ok to initiate change of link key */
808     {
809         if (!btsnd_hcic_change_link_key (p->hci_handle))
810             return(BTM_NO_RESOURCES);
811 
812         p->change_key_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
813     }
814 
815     /* Initialize return structure in case request fails */
816     memcpy (btm_cb.devcb.chg_link_key_ref_data.remote_bd_addr, remote_bd_addr,
817             BD_ADDR_LEN);
818     btm_cb.devcb.p_chg_link_key_cb = p_cb;
819     return(BTM_CMD_STARTED);
820 }
821 
822 /*******************************************************************************
823 **
824 ** Function         btm_acl_link_key_change
825 **
826 ** Description      This function is called to when a change link key event
827 **                  is received.
828 **
829 *******************************************************************************/
btm_acl_link_key_change(UINT16 handle,UINT8 status)830 void btm_acl_link_key_change (UINT16 handle, UINT8 status)
831 {
832     tBTM_CHANGE_KEY_CMPL *p_data;
833     tACL_CONN            *p;
834     UINT8                xx;
835     BTM_TRACE_DEBUG0 ("btm_acl_link_key_change");
836     /* Look up the connection by handle and set the current mode */
837     xx = btm_handle_to_acl_index(handle);
838 
839     /* don't assume that we can never get a bad hci_handle */
840     if (xx >= MAX_L2CAP_LINKS)
841         return;
842 
843     p_data = &btm_cb.devcb.chg_link_key_ref_data;
844     p = &btm_cb.acl_db[xx];
845     p_data->hci_status = status;
846 
847     /* if switching state is switching we need to turn encryption on */
848     /* if idle, we did not change encryption */
849     if (p->change_key_state == BTM_ACL_SWKEY_STATE_SWITCHING)
850     {
851         /* Make sure there's not also a role switch going on before re-enabling */
852         if (p->switch_role_state != BTM_ACL_SWKEY_STATE_SWITCHING)
853         {
854             if (btsnd_hcic_set_conn_encrypt (p->hci_handle, TRUE))
855             {
856                 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
857                 p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
858                 return;
859             }
860         }
861         else    /* Set the state and wait for change link key */
862         {
863             p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
864             return;
865         }
866     }
867 
868     /* Set the switch_role_state to IDLE since the reply received from HCI */
869     /* regardless of its result either success or failed. */
870     if (p->change_key_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS)
871     {
872         p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE;
873         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
874     }
875 
876     if (btm_cb.devcb.p_chg_link_key_cb)
877     {
878         (*btm_cb.devcb.p_chg_link_key_cb)((void *)p_data);
879         btm_cb.devcb.p_chg_link_key_cb = NULL;
880     }
881 
882     BTM_TRACE_ERROR2("Change Link Key Complete Event: Handle 0x%02x, HCI Status 0x%02x",
883                      handle, p_data->hci_status);
884 }
885 
886 /*******************************************************************************
887 **
888 ** Function         btm_acl_encrypt_change
889 **
890 ** Description      This function is when encryption of the connection is
891 **                  completed by the LM.  Checks to see if a role switch or
892 **                  change of link key was active and initiates or continues
893 **                  process if needed.
894 **
895 ** Returns          void
896 **
897 *******************************************************************************/
btm_acl_encrypt_change(UINT16 handle,UINT8 status,UINT8 encr_enable)898 void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable)
899 {
900     tACL_CONN *p;
901     UINT8     xx;
902     tBTM_SEC_DEV_REC  *p_dev_rec;
903 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
904     tBTM_BL_ROLE_CHG_DATA   evt;
905 #endif
906 
907     BTM_TRACE_DEBUG3 ("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d",
908                       handle, status, encr_enable);
909     xx = btm_handle_to_acl_index(handle);
910     /* don't assume that we can never get a bad hci_handle */
911     if (xx < MAX_L2CAP_LINKS)
912         p = &btm_cb.acl_db[xx];
913     else
914         return;
915 
916     /* Process Role Switch if active */
917     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF)
918     {
919         /* if encryption turn off failed we still will try to switch role */
920         if (encr_enable)
921         {
922             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
923             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
924         }
925         else
926         {
927             p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING;
928             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
929         }
930 
931         if (!btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role))
932         {
933             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
934             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
935             btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
936         }
937 #if BTM_DISC_DURING_RS == TRUE
938         else
939         {
940             if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
941                 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
942         }
943 #endif
944 
945     }
946     /* Finished enabling Encryption after role switch */
947     else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON)
948     {
949         p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
950         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
951         btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
952 
953 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
954         /* if role change event is registered, report it now */
955         if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
956         {
957             evt.event       = BTM_BL_ROLE_CHG_EVT;
958             evt.new_role    = btm_cb.devcb.switch_role_ref_data.role;
959             evt.p_bda       = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
960             evt.hci_status  = btm_cb.devcb.switch_role_ref_data.hci_status;
961             (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
962 
963             BTM_TRACE_DEBUG3("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
964                              evt.new_role, evt.hci_status, p->switch_role_state);
965         }
966 #endif
967 
968 #if BTM_DISC_DURING_RS == TRUE
969         /* If a disconnect is pending, issue it now that role switch has completed */
970         if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
971         {
972             if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
973             {
974                 BTM_TRACE_WARNING0("btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!");
975                 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
976             }
977             BTM_TRACE_ERROR2("btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
978                 (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending);
979             p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING;     /* reset flag */
980         }
981 #endif
982     }
983 
984 
985     /* Process Change Link Key if active */
986     if (p->change_key_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF)
987     {
988         /* if encryption turn off failed we still will try to change link key */
989         if (encr_enable)
990         {
991             p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE;
992             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
993         }
994         else
995         {
996             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
997             p->change_key_state = BTM_ACL_SWKEY_STATE_SWITCHING;
998         }
999 
1000         if (!btsnd_hcic_change_link_key (p->hci_handle))
1001         {
1002             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
1003             p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE;
1004             if (btm_cb.devcb.p_chg_link_key_cb)
1005             {
1006                 (*btm_cb.devcb.p_chg_link_key_cb)(&btm_cb.devcb.chg_link_key_ref_data);
1007                 btm_cb.devcb.p_chg_link_key_cb = NULL;
1008             }
1009         }
1010     }
1011     /* Finished enabling Encryption after changing link key */
1012     else if (p->change_key_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON)
1013     {
1014         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
1015         p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE;
1016         if (btm_cb.devcb.p_chg_link_key_cb)
1017         {
1018             (*btm_cb.devcb.p_chg_link_key_cb)(&btm_cb.devcb.chg_link_key_ref_data);
1019             btm_cb.devcb.p_chg_link_key_cb = NULL;
1020         }
1021     }
1022 }
1023 /*******************************************************************************
1024 **
1025 ** Function         BTM_SetLinkPolicy
1026 **
1027 ** Description      Create and send HCI "Write Policy Set" command
1028 **
1029 ** Returns          status of the operation
1030 **
1031 *******************************************************************************/
BTM_SetLinkPolicy(BD_ADDR remote_bda,UINT16 * settings)1032 tBTM_STATUS BTM_SetLinkPolicy (BD_ADDR remote_bda, UINT16 *settings)
1033 {
1034     tACL_CONN   *p;
1035     UINT8       *localFeatures = BTM_ReadLocalFeatures();
1036     BTM_TRACE_DEBUG0 ("BTM_SetLinkPolicy");
1037 /*    BTM_TRACE_API1 ("BTM_SetLinkPolicy: requested settings: 0x%04x", *settings ); */
1038 
1039     /* First, check if hold mode is supported */
1040     if (*settings != HCI_DISABLE_ALL_LM_MODES)
1041     {
1042         if ( (*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)) )
1043         {
1044             *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH);
1045             BTM_TRACE_API1 ("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)", *settings );
1046         }
1047         if ( (*settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)) )
1048         {
1049             *settings &= (~HCI_ENABLE_HOLD_MODE);
1050             BTM_TRACE_API1 ("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)", *settings );
1051         }
1052         if ( (*settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)) )
1053         {
1054             *settings &= (~HCI_ENABLE_SNIFF_MODE);
1055             BTM_TRACE_API1 ("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)", *settings );
1056         }
1057         if ( (*settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)) )
1058         {
1059             *settings &= (~HCI_ENABLE_PARK_MODE);
1060             BTM_TRACE_API1 ("BTM_SetLinkPolicy park not supported (settings: 0x%04x)", *settings );
1061         }
1062     }
1063 
1064     if ((p = btm_bda_to_acl(remote_bda)) != NULL)
1065         return(btsnd_hcic_write_policy_set (p->hci_handle, *settings) ?
1066                                                 BTM_CMD_STARTED : BTM_NO_RESOURCES);
1067 
1068     /* If here, no BD Addr found */
1069     return(BTM_UNKNOWN_ADDR);
1070 }
1071 
1072 /*******************************************************************************
1073 **
1074 ** Function         BTM_SetDefaultLinkPolicy
1075 **
1076 ** Description      Set the default value for HCI "Write Policy Set" command
1077 **                  to use when an ACL link is created.
1078 **
1079 ** Returns          void
1080 **
1081 *******************************************************************************/
BTM_SetDefaultLinkPolicy(UINT16 settings)1082 void BTM_SetDefaultLinkPolicy (UINT16 settings)
1083 {
1084     UINT8 *localFeatures = BTM_ReadLocalFeatures();
1085 
1086     BTM_TRACE_DEBUG1("BTM_SetDefaultLinkPolicy setting:0x%04x", settings);
1087 
1088     if((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)))
1089     {
1090         settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
1091         BTM_TRACE_DEBUG1("BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)", settings);
1092     }
1093     if ((settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)))
1094     {
1095         settings &= ~HCI_ENABLE_HOLD_MODE;
1096         BTM_TRACE_DEBUG1("BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)", settings);
1097     }
1098     if ((settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)))
1099     {
1100         settings &= ~HCI_ENABLE_SNIFF_MODE;
1101         BTM_TRACE_DEBUG1("BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)", settings);
1102     }
1103     if ((settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)))
1104     {
1105         settings &= ~HCI_ENABLE_PARK_MODE;
1106         BTM_TRACE_DEBUG1("BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)", settings);
1107     }
1108     BTM_TRACE_DEBUG1("Set DefaultLinkPolicy:0x%04x", settings);
1109 
1110     btm_cb.btm_def_link_policy = settings;
1111 
1112     /* Set the default Link Policy of the controller */
1113     btsnd_hcic_write_def_policy_set(settings);
1114 }
1115 
1116 
1117 /*******************************************************************************
1118 **
1119 ** Function         BTM_ReadLinkPolicy
1120 **
1121 ** Description      This function is called to read the link policy settings.
1122 **                  The address of link policy results are returned in the callback.
1123 **                  (tBTM_LNK_POLICY_RESULTS)
1124 **
1125 ** Returns          status of the operation
1126 **
1127 *******************************************************************************/
BTM_ReadLinkPolicy(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)1128 tBTM_STATUS BTM_ReadLinkPolicy (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
1129 {
1130     tACL_CONN   *p;
1131 
1132     BTM_TRACE_API6 ("BTM_ReadLinkPolicy: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1133                     remote_bda[0], remote_bda[1], remote_bda[2],
1134                     remote_bda[3], remote_bda[4], remote_bda[5]);
1135 
1136     /* If someone already waiting on the version, do not allow another */
1137     if (btm_cb.devcb.p_rlinkp_cmpl_cb)
1138         return(BTM_BUSY);
1139 
1140     p = btm_bda_to_acl(remote_bda);
1141     if (p != (tACL_CONN *)NULL)
1142     {
1143         btu_start_timer (&btm_cb.devcb.rlinkp_timer, BTU_TTYPE_BTM_ACL, BTM_DEV_REPLY_TIMEOUT);
1144         btm_cb.devcb.p_rlinkp_cmpl_cb = p_cb;
1145 
1146         if (!btsnd_hcic_read_policy_set (p->hci_handle))
1147         {
1148             btu_stop_timer (&btm_cb.devcb.rlinkp_timer);
1149             btm_cb.devcb.p_rlinkp_cmpl_cb = NULL;
1150             return(BTM_NO_RESOURCES);
1151         }
1152 
1153         return(BTM_CMD_STARTED);
1154     }
1155 
1156     /* If here, no BD Addr found */
1157     return(BTM_UNKNOWN_ADDR);
1158 }
1159 
1160 
1161 /*******************************************************************************
1162 **
1163 ** Function         btm_read_link_policy_complete
1164 **
1165 ** Description      This function is called when the command complete message
1166 **                  is received from the HCI for the read local link policy request.
1167 **
1168 ** Returns          void
1169 **
1170 *******************************************************************************/
btm_read_link_policy_complete(UINT8 * p)1171 void btm_read_link_policy_complete (UINT8 *p)
1172 {
1173     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_rlinkp_cmpl_cb;
1174     tBTM_LNK_POLICY_RESULTS  lnkpol;
1175     UINT16                   handle;
1176     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
1177     UINT16                   index;
1178     BTM_TRACE_DEBUG0 ("btm_read_link_policy_complete");
1179     btu_stop_timer (&btm_cb.devcb.rlinkp_timer);
1180 
1181     /* If there was a callback address for read local version, call it */
1182     btm_cb.devcb.p_rlinkp_cmpl_cb = NULL;
1183 
1184     if (p_cb)
1185     {
1186         STREAM_TO_UINT8  (lnkpol.hci_status, p);
1187 
1188         if (lnkpol.hci_status == HCI_SUCCESS)
1189         {
1190             lnkpol.status = BTM_SUCCESS;
1191 
1192             STREAM_TO_UINT16 (handle, p);
1193 
1194             STREAM_TO_UINT16 (lnkpol.settings, p);
1195 
1196             /* Search through the list of active channels for the correct BD Addr */
1197             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
1198             {
1199                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
1200                 {
1201                     memcpy (lnkpol.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
1202                     break;
1203                 }
1204             }
1205         }
1206         else
1207             lnkpol.status = BTM_ERR_PROCESSING;
1208 
1209         (*p_cb)(&lnkpol);
1210     }
1211 }
1212 
1213 
1214 /*******************************************************************************
1215 **
1216 ** Function         btm_read_remote_version_complete
1217 **
1218 ** Description      This function is called when the command complete message
1219 **                  is received from the HCI for the remote version info.
1220 **
1221 ** Returns          void
1222 **
1223 *******************************************************************************/
btm_read_remote_version_complete(UINT8 * p)1224 void btm_read_remote_version_complete (UINT8 *p)
1225 {
1226     tACL_CONN        *p_acl_cb = &btm_cb.acl_db[0];
1227     UINT8             status;
1228     UINT16            handle;
1229     int               xx;
1230     BTM_TRACE_DEBUG0 ("btm_read_remote_version_complete");
1231     STREAM_TO_UINT8  (status, p);
1232     if (status == HCI_SUCCESS)
1233     {
1234         STREAM_TO_UINT16 (handle, p);
1235 
1236         /* Look up the connection by handle and copy features */
1237         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++)
1238         {
1239             if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle))
1240             {
1241                 STREAM_TO_UINT8  (p_acl_cb->lmp_version, p);
1242                 STREAM_TO_UINT16 (p_acl_cb->manufacturer, p);
1243                 STREAM_TO_UINT16 (p_acl_cb->lmp_subversion, p);
1244                 break;
1245             }
1246         }
1247     }
1248 }
1249 
1250 
1251 /*******************************************************************************
1252 **
1253 ** Function         btm_process_remote_ext_features
1254 **
1255 ** Description      Local function called to process all extended features pages
1256 **                  read from a remote device.
1257 **
1258 ** Returns          void
1259 **
1260 *******************************************************************************/
btm_process_remote_ext_features(tACL_CONN * p_acl_cb,UINT8 num_read_pages)1261 void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, UINT8 num_read_pages)
1262 {
1263     UINT16              handle = p_acl_cb->hci_handle;
1264     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev_by_handle (handle);
1265     UINT8               page_idx;
1266 
1267     BTM_TRACE_DEBUG0 ("btm_process_remote_ext_features");
1268 
1269     /* Make sure we have the record to save remote features information */
1270     if (p_dev_rec == NULL)
1271     {
1272         /* Get a new device; might be doing dedicated bonding */
1273         p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr);
1274     }
1275 
1276     p_acl_cb->num_read_pages = num_read_pages;
1277     p_dev_rec->num_read_pages = num_read_pages;
1278 
1279     /* Process the pages one by one */
1280     for (page_idx = 0; page_idx < num_read_pages; page_idx++)
1281     {
1282         btm_process_remote_ext_features_page (p_acl_cb, p_dev_rec, page_idx);
1283     }
1284 }
1285 
1286 
1287 /*******************************************************************************
1288 **
1289 ** Function         btm_process_remote_ext_features_page
1290 **
1291 ** Description      Local function called to process the information located
1292 **                  in the specific extended features page read from a remote device.
1293 **
1294 ** Returns          void
1295 **
1296 *******************************************************************************/
btm_process_remote_ext_features_page(tACL_CONN * p_acl_cb,tBTM_SEC_DEV_REC * p_dev_rec,UINT8 page_idx)1297 void btm_process_remote_ext_features_page (tACL_CONN *p_acl_cb, tBTM_SEC_DEV_REC *p_dev_rec,
1298                                            UINT8 page_idx)
1299 {
1300     UINT16            handle;
1301     UINT8             req_pend;
1302 
1303     handle = p_acl_cb->hci_handle;
1304 
1305     memcpy (p_dev_rec->features[page_idx], p_acl_cb->peer_lmp_features[page_idx],
1306             HCI_FEATURE_BYTES_PER_PAGE);
1307 
1308     switch (page_idx)
1309     {
1310     /* Extended (Legacy) Page 0 */
1311     case HCI_EXT_FEATURES_PAGE_0:
1312         /* Page 0 indicates Controller support for SSP */
1313         if (btm_cb.security_mode < BTM_SEC_MODE_SP ||
1314             !HCI_SIMPLE_PAIRING_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0]))
1315         {
1316             req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
1317             p_dev_rec->sm4 = BTM_SM4_KNOWN;
1318             if (req_pend)
1319             {
1320                 l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
1321             }
1322         }
1323         break;
1324 
1325     /* Extended Page 1 */
1326     case HCI_EXT_FEATURES_PAGE_1:
1327         /* Page 1 indicates Host support for SSP and SC */
1328         req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
1329 
1330         if (btm_cb.security_mode == BTM_SEC_MODE_SP
1331             && HCI_SSP_HOST_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_1])
1332             && HCI_SIMPLE_PAIRING_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0]))
1333         {
1334             p_dev_rec->sm4 = BTM_SM4_TRUE;
1335         }
1336         else
1337         {
1338             p_dev_rec->sm4 = BTM_SM4_KNOWN;
1339         }
1340 
1341         BTM_TRACE_API4 ("ext_features_complt page_num:%d f[0]:x%02x, sm4:%x, pend:%d",
1342                         HCI_EXT_FEATURES_PAGE_1, *(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_1]),
1343                         p_dev_rec->sm4, req_pend);
1344 
1345         if (req_pend)
1346             l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
1347 
1348         break;
1349 
1350     /* Extended Page 2 */
1351     case HCI_EXT_FEATURES_PAGE_2:
1352         /* Page 2 indicates Ping support*/
1353         break;
1354 
1355     default:
1356         BTM_TRACE_ERROR1("btm_process_remote_ext_features_page page=%d unexpected", page_idx);
1357         break;
1358     }
1359 }
1360 
1361 
1362 /*******************************************************************************
1363 **
1364 ** Function         btm_read_remote_features
1365 **
1366 ** Description      Local function called to send a read remote supported features/
1367 **                  remote extended features page[0].
1368 **
1369 ** Returns          void
1370 **
1371 *******************************************************************************/
btm_read_remote_features(UINT16 handle)1372 void btm_read_remote_features (UINT16 handle)
1373 {
1374     UINT8       acl_idx;
1375     tACL_CONN   *p_acl_cb;
1376 
1377     BTM_TRACE_DEBUG1("btm_read_remote_features() handle: %d", handle);
1378 
1379     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1380     {
1381         BTM_TRACE_ERROR1("btm_read_remote_features handle=%d invalid", handle);
1382         return;
1383     }
1384 
1385     p_acl_cb = &btm_cb.acl_db[acl_idx];
1386     p_acl_cb->num_read_pages = 0;
1387     memset (p_acl_cb->peer_lmp_features, 0, sizeof(p_acl_cb->peer_lmp_features));
1388 
1389     /* first send read remote supported features HCI command */
1390     /* because we don't know whether the remote support extended feature command */
1391     btsnd_hcic_rmt_features_req (handle);
1392 }
1393 
1394 
1395 /*******************************************************************************
1396 **
1397 ** Function         btm_read_remote_ext_features
1398 **
1399 ** Description      Local function called to send a read remote extended features
1400 **
1401 ** Returns          void
1402 **
1403 *******************************************************************************/
btm_read_remote_ext_features(UINT16 handle,UINT8 page_number)1404 void btm_read_remote_ext_features (UINT16 handle, UINT8 page_number)
1405 {
1406     BTM_TRACE_DEBUG2("btm_read_remote_ext_features() handle: %d page: %d", handle, page_number);
1407 
1408     btsnd_hcic_rmt_ext_features(handle, page_number);
1409 }
1410 
1411 
1412 /*******************************************************************************
1413 **
1414 ** Function         btm_read_remote_features_complete
1415 **
1416 ** Description      This function is called when the remote supported features
1417 **                  complete event is received from the HCI.
1418 **
1419 ** Returns          void
1420 **
1421 *******************************************************************************/
btm_read_remote_features_complete(UINT8 * p)1422 void btm_read_remote_features_complete (UINT8 *p)
1423 {
1424     tACL_CONN        *p_acl_cb;
1425     UINT8             status;
1426     UINT16            handle;
1427     UINT8            acl_idx;
1428 
1429     BTM_TRACE_DEBUG0 ("btm_read_remote_features_complete");
1430     STREAM_TO_UINT8  (status, p);
1431 
1432     if (status != HCI_SUCCESS)
1433     {
1434         BTM_TRACE_ERROR1 ("btm_read_remote_features_complete failed (status 0x%02x)", status);
1435         return;
1436     }
1437 
1438         STREAM_TO_UINT16 (handle, p);
1439 
1440     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1441         {
1442         BTM_TRACE_ERROR1("btm_read_remote_features_complete handle=%d invalid", handle);
1443         return;
1444                 }
1445 
1446     p_acl_cb = &btm_cb.acl_db[acl_idx];
1447 
1448     /* Copy the received features page */
1449     STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0], p,
1450                     HCI_FEATURE_BYTES_PER_PAGE);
1451 
1452     if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])) &&
1453         (HCI_READ_REMOTE_EXT_FEATURES_SUPPORTED(btm_cb.devcb.supported_cmds)))
1454     {
1455         /* if the remote controller has extended features and local controller supports
1456         ** HCI_Read_Remote_Extended_Features command then start reading these feature starting
1457         ** with extended features page 1 */
1458         BTM_TRACE_DEBUG0 ("Start reading remote extended features");
1459         btm_read_remote_ext_features(handle, HCI_EXT_FEATURES_PAGE_1);
1460         return;
1461     }
1462 
1463     /* Remote controller has no extended features. Process remote controller supported features
1464        (features page HCI_EXT_FEATURES_PAGE_0). */
1465     btm_process_remote_ext_features (p_acl_cb, 1);
1466 
1467     /* Continue with HCI connection establishment */
1468     btm_establish_continue (p_acl_cb);
1469 }
1470 
1471 /*******************************************************************************
1472 **
1473 ** Function         btm_read_remote_ext_features_complete
1474 **
1475 ** Description      This function is called when the remote extended features
1476 **                  complete event is received from the HCI.
1477 **
1478 ** Returns          void
1479 **
1480 *******************************************************************************/
btm_read_remote_ext_features_complete(UINT8 * p)1481 void btm_read_remote_ext_features_complete (UINT8 *p)
1482 {
1483     tACL_CONN   *p_acl_cb;
1484     UINT8       status, page_num, max_page;
1485     UINT16      handle;
1486     UINT8       acl_idx;
1487 
1488     BTM_TRACE_DEBUG0 ("btm_read_remote_ext_features_complete");
1489 
1490     STREAM_TO_UINT8  (status, p);
1491     STREAM_TO_UINT16 (handle, p);
1492     STREAM_TO_UINT8  (page_num, p);
1493     STREAM_TO_UINT8  (max_page, p);
1494 
1495     /* Validate parameters */
1496     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1497     {
1498         BTM_TRACE_ERROR1("btm_read_remote_ext_features_complete handle=%d invalid", handle);
1499         return;
1500     }
1501 
1502     if (max_page > HCI_EXT_FEATURES_PAGE_MAX)
1503     {
1504         BTM_TRACE_ERROR1("btm_read_remote_ext_features_complete page=%d unknown", max_page);
1505         return;
1506     }
1507 
1508     p_acl_cb = &btm_cb.acl_db[acl_idx];
1509 
1510     /* Copy the received features page */
1511     STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[page_num], p, HCI_FEATURE_BYTES_PER_PAGE);
1512 
1513     /* If there is the next remote features page and
1514      * we have space to keep this page data - read this page */
1515     if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX))
1516     {
1517         page_num++;
1518         BTM_TRACE_DEBUG1("BTM reads next remote extended features page (%d)", page_num);
1519         btm_read_remote_ext_features (handle, page_num);
1520         return;
1521     }
1522 
1523     /* Reading of remote feature pages is complete */
1524     BTM_TRACE_DEBUG1("BTM reached last remote extended features page (%d)", page_num);
1525 
1526     /* Process the pages */
1527     btm_process_remote_ext_features (p_acl_cb, (UINT8) (page_num + 1));
1528 
1529     /* Continue with HCI connection establishment */
1530     btm_establish_continue (p_acl_cb);
1531 }
1532 
1533 /*******************************************************************************
1534 **
1535 ** Function         btm_read_remote_ext_features_failed
1536 **
1537 ** Description      This function is called when the remote extended features
1538 **                  complete event returns a failed status.
1539 **
1540 ** Returns          void
1541 **
1542 *******************************************************************************/
btm_read_remote_ext_features_failed(UINT8 status,UINT16 handle)1543 void btm_read_remote_ext_features_failed (UINT8 status, UINT16 handle)
1544 {
1545     tACL_CONN   *p_acl_cb;
1546     UINT8       acl_idx;
1547 
1548     BTM_TRACE_WARNING2 ("btm_read_remote_ext_features_failed (status 0x%02x) for handle %d",
1549                          status, handle);
1550 
1551     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1552     {
1553         BTM_TRACE_ERROR1("btm_read_remote_ext_features_failed handle=%d invalid", handle);
1554         return;
1555     }
1556 
1557     p_acl_cb = &btm_cb.acl_db[acl_idx];
1558 
1559     /* Process supported features only */
1560     btm_process_remote_ext_features (p_acl_cb, 1);
1561 
1562     /* Continue HCI connection establishment */
1563     btm_establish_continue (p_acl_cb);
1564 }
1565 
1566 /*******************************************************************************
1567 **
1568 ** Function         btm_establish_continue
1569 **
1570 ** Description      This function is called when the command complete message
1571 **                  is received from the HCI for the read local link policy request.
1572 **
1573 ** Returns          void
1574 **
1575 *******************************************************************************/
btm_establish_continue(tACL_CONN * p_acl_cb)1576 static void btm_establish_continue (tACL_CONN *p_acl_cb)
1577 {
1578 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
1579     tBTM_BL_EVENT_DATA  evt_data;
1580 #endif
1581     BTM_TRACE_DEBUG0 ("btm_establish_continue");
1582 #if (!defined(BTM_BYPASS_EXTRA_ACL_SETUP) || BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
1583 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
1584     if (!p_acl_cb->is_le_link)
1585 #endif
1586     {
1587         /* For now there are a some devices that do not like sending */
1588         /* commands events and data at the same time. */
1589         /* Set the packet types to the default allowed by the device */
1590         btm_set_packet_types (p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
1591 
1592         if (btm_cb.btm_def_link_policy)
1593             BTM_SetLinkPolicy (p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
1594     }
1595 #endif
1596     p_acl_cb->link_up_issued = TRUE;
1597 
1598     /* If anyone cares, tell him database changed */
1599 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
1600     if (btm_cb.p_bl_changed_cb)
1601     {
1602         evt_data.event = BTM_BL_CONN_EVT;
1603         evt_data.conn.p_bda = p_acl_cb->remote_addr;
1604         evt_data.conn.p_bdn = p_acl_cb->remote_name;
1605         evt_data.conn.p_dc  = p_acl_cb->remote_dc;
1606         evt_data.conn.p_features = p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0];
1607 
1608 
1609         (*btm_cb.p_bl_changed_cb)(&evt_data);
1610     }
1611     btm_acl_update_busy_level (BTM_BLI_ACL_UP_EVT);
1612 #else
1613     if (btm_cb.p_acl_changed_cb)
1614         (*btm_cb.p_acl_changed_cb) (p_acl_cb->remote_addr,
1615                                     p_acl_cb->remote_dc,
1616                                     p_acl_cb->remote_name,
1617                                     p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0],
1618                                     TRUE);
1619 #endif
1620 }
1621 
1622 
1623 /*******************************************************************************
1624 **
1625 ** Function         BTM_SetDefaultLinkSuperTout
1626 **
1627 ** Description      Set the default value for HCI "Write Link Supervision Timeout"
1628 **                  command to use when an ACL link is created.
1629 **
1630 ** Returns          void
1631 **
1632 *******************************************************************************/
BTM_SetDefaultLinkSuperTout(UINT16 timeout)1633 void BTM_SetDefaultLinkSuperTout (UINT16 timeout)
1634 {
1635     BTM_TRACE_DEBUG0 ("BTM_SetDefaultLinkSuperTout");
1636     btm_cb.btm_def_link_super_tout = timeout;
1637 }
1638 
1639 /*******************************************************************************
1640 **
1641 ** Function         BTM_GetLinkSuperTout
1642 **
1643 ** Description      Read the link supervision timeout value of the connection
1644 **
1645 ** Returns          status of the operation
1646 **
1647 *******************************************************************************/
BTM_GetLinkSuperTout(BD_ADDR remote_bda,UINT16 * p_timeout)1648 tBTM_STATUS BTM_GetLinkSuperTout (BD_ADDR remote_bda, UINT16 *p_timeout)
1649 {
1650     tACL_CONN   *p = btm_bda_to_acl(remote_bda);
1651 
1652     BTM_TRACE_DEBUG0 ("BTM_GetLinkSuperTout");
1653     if (p != (tACL_CONN *)NULL)
1654     {
1655         *p_timeout = p->link_super_tout;
1656         return(BTM_SUCCESS);
1657     }
1658     /* If here, no BD Addr found */
1659     return(BTM_UNKNOWN_ADDR);
1660 }
1661 
1662 
1663 /*******************************************************************************
1664 **
1665 ** Function         BTM_SetLinkSuperTout
1666 **
1667 ** Description      Create and send HCI "Write Link Supervision Timeout" command
1668 **
1669 ** Returns          status of the operation
1670 **
1671 *******************************************************************************/
BTM_SetLinkSuperTout(BD_ADDR remote_bda,UINT16 timeout)1672 tBTM_STATUS BTM_SetLinkSuperTout (BD_ADDR remote_bda, UINT16 timeout)
1673 {
1674     tACL_CONN   *p = btm_bda_to_acl(remote_bda);
1675 
1676     BTM_TRACE_DEBUG0 ("BTM_SetLinkSuperTout");
1677     if (p != (tACL_CONN *)NULL)
1678     {
1679         p->link_super_tout = timeout;
1680 
1681         /* Only send if current role is Master; 2.0 spec requires this */
1682         if (p->link_role == BTM_ROLE_MASTER)
1683         {
1684             if (!btsnd_hcic_write_link_super_tout (LOCAL_BR_EDR_CONTROLLER_ID,
1685                                                    p->hci_handle, timeout))
1686                 return(BTM_NO_RESOURCES);
1687 
1688             return(BTM_CMD_STARTED);
1689         }
1690         else
1691             return(BTM_SUCCESS);
1692     }
1693 
1694     /* If here, no BD Addr found */
1695     return(BTM_UNKNOWN_ADDR);
1696 }
1697 
1698 /*******************************************************************************
1699 **
1700 ** Function         BTM_RegForLstoEvt
1701 **
1702 ** Description      register for the HCI "Link Supervision Timeout Change" event
1703 **
1704 ** Returns          void
1705 **
1706 *******************************************************************************/
BTM_RegForLstoEvt(tBTM_LSTO_CBACK * p_cback)1707 void BTM_RegForLstoEvt (tBTM_LSTO_CBACK *p_cback)
1708 {
1709     BTM_TRACE_DEBUG0 ("BTM_RegForLstoEvt");
1710     btm_cb.p_lsto_cback = p_cback;
1711 }
1712 
1713 /*******************************************************************************
1714 **
1715 ** Function         btm_proc_lsto_evt
1716 **
1717 ** Description      process the HCI "Link Supervision Timeout Change" event
1718 **
1719 ** Returns          void
1720 **
1721 *******************************************************************************/
btm_proc_lsto_evt(UINT16 handle,UINT16 timeout)1722 void btm_proc_lsto_evt(UINT16 handle, UINT16 timeout)
1723 {
1724     UINT8 xx;
1725 
1726     BTM_TRACE_DEBUG0 ("btm_proc_lsto_evt");
1727     if (btm_cb.p_lsto_cback)
1728     {
1729         /* Look up the connection by handle and set the current mode */
1730         xx = btm_handle_to_acl_index(handle);
1731 
1732         /* don't assume that we can never get a bad hci_handle */
1733         if (xx < MAX_L2CAP_LINKS)
1734         {
1735             (*btm_cb.p_lsto_cback)(btm_cb.acl_db[xx].remote_addr, timeout);
1736         }
1737     }
1738 }
1739 
1740 #if BTM_PWR_MGR_INCLUDED == FALSE
1741 /*******************************************************************************
1742 **
1743 ** Function         BTM_SetHoldMode
1744 **
1745 ** Description      This function is called to set a connection into hold mode.
1746 **                  A check is made if the connection is in sniff or park mode,
1747 **                  and if yes, the hold mode is ignored.
1748 **
1749 ** Returns          status of the operation
1750 **
1751 *******************************************************************************/
BTM_SetHoldMode(BD_ADDR remote_bda,UINT16 min_interval,UINT16 max_interval)1752 tBTM_STATUS BTM_SetHoldMode (BD_ADDR remote_bda, UINT16 min_interval, UINT16 max_interval)
1753 {
1754     tACL_CONN   *p;
1755 
1756     BTM_TRACE_DEBUG0 ("BTM_SetHoldMode");
1757     /* First, check if hold mode is supported */
1758     if (!HCI_HOLD_MODE_SUPPORTED(BTM_ReadLocalFeatures()))
1759         return(BTM_MODE_UNSUPPORTED);
1760 
1761     p = btm_bda_to_acl(remote_bda);
1762     if (p != (tACL_CONN *)NULL)
1763     {
1764         /* If the connection is in park or sniff mode, forget about holding it */
1765         if (p->mode != BTM_ACL_MODE_NORMAL)
1766             return(BTM_SUCCESS);
1767 
1768         if (!btsnd_hcic_hold_mode (p->hci_handle, max_interval, min_interval))
1769             return(BTM_NO_RESOURCES);
1770 
1771         return(BTM_CMD_STARTED);
1772     }
1773 
1774     /* If here, no BD Addr found */
1775     return(BTM_UNKNOWN_ADDR);
1776 }
1777 
1778 
1779 /*******************************************************************************
1780 **
1781 ** Function         BTM_SetSniffMode
1782 **
1783 ** Description      This function is called to set a connection into sniff mode.
1784 **                  A check is made if the connection is already in sniff or park
1785 **                  mode, and if yes, the sniff mode is ignored.
1786 **
1787 ** Returns          status of the operation
1788 **
1789 *******************************************************************************/
BTM_SetSniffMode(BD_ADDR remote_bda,UINT16 min_period,UINT16 max_period,UINT16 attempt,UINT16 timeout)1790 tBTM_STATUS BTM_SetSniffMode (BD_ADDR remote_bda, UINT16 min_period, UINT16 max_period,
1791                               UINT16 attempt, UINT16 timeout)
1792 {
1793     tACL_CONN   *p;
1794     BTM_TRACE_DEBUG0 ("BTM_SetSniffMode");
1795     /* First, check if sniff mode is supported */
1796     if (!HCI_SNIFF_MODE_SUPPORTED(BTM_ReadLocalFeatures()))
1797         return(BTM_MODE_UNSUPPORTED);
1798 
1799     p = btm_bda_to_acl(remote_bda);
1800     if (p != (tACL_CONN *)NULL)
1801     {
1802         /* If the connection is in park mode, forget about sniffing it */
1803         if (p->mode != BTM_ACL_MODE_NORMAL)
1804             return(BTM_WRONG_MODE);
1805 
1806         if (!btsnd_hcic_sniff_mode (p->hci_handle, max_period,
1807                                     min_period, attempt, timeout))
1808             return(BTM_NO_RESOURCES);
1809 
1810         return(BTM_CMD_STARTED);
1811     }
1812 
1813     /* If here, no BD Addr found */
1814     return(BTM_UNKNOWN_ADDR);
1815 }
1816 
1817 
1818 
1819 
1820 /*******************************************************************************
1821 **
1822 ** Function         BTM_CancelSniffMode
1823 **
1824 ** Description      This function is called to put a connection out of sniff mode.
1825 **                  A check is made if the connection is already in sniff mode,
1826 **                  and if not, the cancel sniff mode is ignored.
1827 **
1828 ** Returns          status of the operation
1829 **
1830 *******************************************************************************/
BTM_CancelSniffMode(BD_ADDR remote_bda)1831 tBTM_STATUS BTM_CancelSniffMode (BD_ADDR remote_bda)
1832 {
1833     tACL_CONN   *p = btm_bda_to_acl(remote_bda);
1834     BTM_TRACE_DEBUG0 ("BTM_CancelSniffMode ");
1835     if (p == (tACL_CONN *)NULL)
1836         return(BTM_UNKNOWN_ADDR);
1837 
1838     /* If the connection is not in sniff mode, cannot cancel */
1839     if (p->mode != BTM_ACL_MODE_SNIFF)
1840         return(BTM_WRONG_MODE);
1841 
1842     if (!btsnd_hcic_exit_sniff_mode (p->hci_handle))
1843         return(BTM_NO_RESOURCES);
1844 
1845     return(BTM_CMD_STARTED);
1846 }
1847 
1848 
1849 /*******************************************************************************
1850 **
1851 ** Function         BTM_SetParkMode
1852 **
1853 ** Description      This function is called to set a connection into park mode.
1854 **                  A check is made if the connection is already in sniff or park
1855 **                  mode, and if yes, the park mode is ignored.
1856 **
1857 ** Returns          status of the operation
1858 **
1859 *******************************************************************************/
BTM_SetParkMode(BD_ADDR remote_bda,UINT16 beacon_min_period,UINT16 beacon_max_period)1860 tBTM_STATUS BTM_SetParkMode (BD_ADDR remote_bda, UINT16 beacon_min_period, UINT16 beacon_max_period)
1861 {
1862     tACL_CONN   *p;
1863 
1864     BTM_TRACE_DEBUG0 ("BTM_SetParkMode");
1865     /* First, check if park mode is supported */
1866     if (!HCI_PARK_MODE_SUPPORTED(BTM_ReadLocalFeatures()))
1867         return(BTM_MODE_UNSUPPORTED);
1868 
1869     p = btm_bda_to_acl(remote_bda);
1870     if (p != (tACL_CONN *)NULL)
1871     {
1872         /* If the connection is in sniff mode, forget about parking it */
1873         if (p->mode != BTM_ACL_MODE_NORMAL)
1874             return(BTM_WRONG_MODE);
1875 
1876         /* no park mode if SCO exists -- CR#1982, 1.1 errata 1124
1877            command status event should be returned /w error code 0x0C "Command Disallowed"
1878            Let LM do this.
1879         */
1880         if (!btsnd_hcic_park_mode (p->hci_handle,
1881                                    beacon_max_period, beacon_min_period))
1882             return(BTM_NO_RESOURCES);
1883 
1884         return(BTM_CMD_STARTED);
1885     }
1886 
1887     /* If here, no BD Addr found */
1888     return(BTM_UNKNOWN_ADDR);
1889 }
1890 
1891 /*******************************************************************************
1892 **
1893 ** Function         BTM_CancelParkMode
1894 **
1895 ** Description      This function is called to put a connection out of park mode.
1896 **                  A check is made if the connection is already in park mode,
1897 **                  and if not, the cancel sniff mode is ignored.
1898 **
1899 ** Returns          status of the operation
1900 **
1901 *******************************************************************************/
BTM_CancelParkMode(BD_ADDR remote_bda)1902 tBTM_STATUS BTM_CancelParkMode (BD_ADDR remote_bda)
1903 {
1904     tACL_CONN   *p;
1905 
1906     BTM_TRACE_DEBUG0 ("BTM_CancelParkMode");
1907     p = btm_bda_to_acl(remote_bda);
1908     if (p != (tACL_CONN *)NULL)
1909     {
1910         /* If the connection is not in park mode, cannot cancel */
1911         if (p->mode != BTM_ACL_MODE_PARK)
1912             return(BTM_WRONG_MODE);
1913 
1914         if (!btsnd_hcic_exit_park_mode (p->hci_handle))
1915             return(BTM_NO_RESOURCES);
1916 
1917         return(BTM_CMD_STARTED);
1918     }
1919 
1920     /* If here, no BD Addr found */
1921     return(BTM_UNKNOWN_ADDR);
1922 }
1923 #endif /* BTM_PWR_MGR_INCLUDED == FALSE */
1924 
1925 
1926 /*******************************************************************************
1927 **
1928 ** Function         BTM_SetPacketTypes
1929 **
1930 ** Description      This function is set the packet types used for a specific
1931 **                  ACL connection,
1932 **
1933 ** Returns          status of the operation
1934 **
1935 *******************************************************************************/
BTM_SetPacketTypes(BD_ADDR remote_bda,UINT16 pkt_types)1936 tBTM_STATUS BTM_SetPacketTypes (BD_ADDR remote_bda, UINT16 pkt_types)
1937 {
1938     tACL_CONN   *p;
1939     BTM_TRACE_DEBUG0 ("BTM_SetPacketTypes");
1940 
1941     if ((p = btm_bda_to_acl(remote_bda)) != NULL)
1942         return(btm_set_packet_types (p, pkt_types));
1943 
1944     /* If here, no BD Addr found */
1945     return(BTM_UNKNOWN_ADDR);
1946 }
1947 
1948 
1949 /*******************************************************************************
1950 **
1951 ** Function         BTM_ReadPacketTypes
1952 **
1953 ** Description      This function is set the packet types used for a specific
1954 **                  ACL connection,
1955 **
1956 ** Returns          packet types supported for the connection, or 0 if no BD address
1957 **
1958 *******************************************************************************/
BTM_ReadPacketTypes(BD_ADDR remote_bda)1959 UINT16 BTM_ReadPacketTypes (BD_ADDR remote_bda)
1960 {
1961     tACL_CONN   *p;
1962 
1963     BTM_TRACE_DEBUG0 ("BTM_ReadPacketTypes");
1964     p = btm_bda_to_acl(remote_bda);
1965     if (p != (tACL_CONN *)NULL)
1966     {
1967         return(p->pkt_types_mask);
1968     }
1969 
1970     /* If here, no BD Addr found */
1971     return(0);
1972 }
1973 
1974 
1975 /*******************************************************************************
1976 **
1977 ** Function         BTM_ReadAclMode
1978 **
1979 ** Description      This returns the current mode for a specific
1980 **                  ACL connection.
1981 **
1982 ** Input Param      remote_bda - device address of desired ACL connection
1983 **
1984 ** Output Param     p_mode - address where the current mode is copied into.
1985 **                          BTM_ACL_MODE_NORMAL
1986 **                          BTM_ACL_MODE_HOLD
1987 **                          BTM_ACL_MODE_SNIFF
1988 **                          BTM_ACL_MODE_PARK
1989 **                          (valid only if return code is BTM_SUCCESS)
1990 **
1991 ** Returns          BTM_SUCCESS if successful,
1992 **                  BTM_UNKNOWN_ADDR if bd addr is not active or bad
1993 **
1994 *******************************************************************************/
1995 #if BTM_PWR_MGR_INCLUDED == FALSE
BTM_ReadAclMode(BD_ADDR remote_bda,UINT8 * p_mode)1996 tBTM_STATUS BTM_ReadAclMode (BD_ADDR remote_bda, UINT8 *p_mode)
1997 {
1998     tACL_CONN   *p;
1999 
2000     BTM_TRACE_API6 ("BTM_ReadAclMode: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2001                     remote_bda[0], remote_bda[1], remote_bda[2],
2002                     remote_bda[3], remote_bda[4], remote_bda[5]);
2003 
2004     p = btm_bda_to_acl(remote_bda);
2005     if (p != (tACL_CONN *)NULL)
2006     {
2007         *p_mode = p->mode;
2008         return(BTM_SUCCESS);
2009     }
2010 
2011     /* If here, no BD Addr found */
2012     return(BTM_UNKNOWN_ADDR);
2013 }
2014 #endif /* BTM_PWR_MGR_INCLUDED == FALSE */
2015 
2016 /*******************************************************************************
2017 **
2018 ** Function         BTM_ReadClockOffset
2019 **
2020 ** Description      This returns the clock offset for a specific
2021 **                  ACL connection.
2022 **
2023 ** Input Param      remote_bda - device address of desired ACL connection
2024 **
2025 ** Returns          clock-offset or 0 if unknown
2026 **
2027 *******************************************************************************/
BTM_ReadClockOffset(BD_ADDR remote_bda)2028 UINT16 BTM_ReadClockOffset (BD_ADDR remote_bda)
2029 {
2030     tACL_CONN   *p;
2031 
2032     BTM_TRACE_API6 ("BTM_ReadClockOffset: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2033                     remote_bda[0], remote_bda[1], remote_bda[2],
2034                     remote_bda[3], remote_bda[4], remote_bda[5]);
2035 
2036     if ( (p = btm_bda_to_acl(remote_bda)) != NULL)
2037         return(p->clock_offset);
2038 
2039     /* If here, no BD Addr found */
2040     return(0);
2041 }
2042 
2043 /*******************************************************************************
2044 **
2045 ** Function         BTM_IsAclConnectionUp
2046 **
2047 ** Description      This function is called to check if an ACL connection exists
2048 **                  to a specific remote BD Address.
2049 **
2050 ** Returns          TRUE if connection is up, else FALSE.
2051 **
2052 *******************************************************************************/
BTM_IsAclConnectionUp(BD_ADDR remote_bda)2053 BOOLEAN BTM_IsAclConnectionUp (BD_ADDR remote_bda)
2054 {
2055     tACL_CONN   *p;
2056 
2057     BTM_TRACE_API6 ("BTM_IsAclConnectionUp: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2058                     remote_bda[0], remote_bda[1], remote_bda[2],
2059                     remote_bda[3], remote_bda[4], remote_bda[5]);
2060 
2061     p = btm_bda_to_acl(remote_bda);
2062     if (p != (tACL_CONN *)NULL)
2063     {
2064         return(TRUE);
2065     }
2066 
2067     /* If here, no BD Addr found */
2068     return(FALSE);
2069 }
2070 
2071 /*******************************************************************************
2072 **
2073 ** Function         BTM_GetNumAclLinks
2074 **
2075 ** Description      This function is called to count the number of
2076 **                  ACL links that are active.
2077 **
2078 ** Returns          UINT16  Number of active ACL links
2079 **
2080 *******************************************************************************/
BTM_GetNumAclLinks(void)2081 UINT16 BTM_GetNumAclLinks (void)
2082 {
2083 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
2084     return(UINT16)btm_cb.num_acl;
2085 #else
2086     tACL_CONN   *p = &btm_cb.acl_db[0];
2087     UINT16      xx, yy;
2088     BTM_TRACE_DEBUG0 ("BTM_GetNumAclLinks");
2089     for (xx = yy = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
2090     {
2091         if (p->in_use)
2092             yy++;
2093     }
2094 
2095     return(yy);
2096 #endif
2097 }
2098 
2099 /*******************************************************************************
2100 **
2101 ** Function         btm_get_acl_disc_reason_code
2102 **
2103 ** Description      This function is called to get the disconnection reason code
2104 **                  returned by the HCI at disconnection complete event.
2105 **
2106 ** Returns          TRUE if connection is up, else FALSE.
2107 **
2108 *******************************************************************************/
btm_get_acl_disc_reason_code(void)2109 UINT16 btm_get_acl_disc_reason_code (void)
2110 {
2111     UINT8 res = btm_cb.acl_disc_reason;
2112     BTM_TRACE_DEBUG0 ("btm_get_acl_disc_reason_code");
2113     return(res);
2114 }
2115 
2116 
2117 /*******************************************************************************
2118 **
2119 ** Function         BTM_GetHCIConnHandle
2120 **
2121 ** Description      This function is called to get the handle for an ACL connection
2122 **                  to a specific remote BD Address.
2123 **
2124 ** Returns          the handle of the connection, or 0xFFFF if none.
2125 **
2126 *******************************************************************************/
BTM_GetHCIConnHandle(BD_ADDR remote_bda)2127 UINT16 BTM_GetHCIConnHandle (BD_ADDR remote_bda)
2128 {
2129     tACL_CONN   *p;
2130     BTM_TRACE_DEBUG0 ("BTM_GetHCIConnHandle");
2131     p = btm_bda_to_acl(remote_bda);
2132     if (p != (tACL_CONN *)NULL)
2133     {
2134         return(p->hci_handle);
2135     }
2136 
2137     /* If here, no BD Addr found */
2138     return(0xFFFF);
2139 }
2140 
2141 #if BTM_PWR_MGR_INCLUDED == FALSE
2142 /*******************************************************************************
2143 **
2144 ** Function         btm_process_mode_change
2145 **
2146 ** Description      This function is called when an HCI mode change event occurs.
2147 **
2148 ** Input Parms      hci_status - status of the event (HCI_SUCCESS if no errors)
2149 **                  hci_handle - connection handle associated with the change
2150 **                  mode - HCI_MODE_ACTIVE, HCI_MODE_HOLD, HCI_MODE_SNIFF, or HCI_MODE_PARK
2151 **                  interval - number of baseband slots (meaning depends on mode)
2152 **
2153 ** Returns          void
2154 **
2155 *******************************************************************************/
btm_process_mode_change(UINT8 hci_status,UINT16 hci_handle,UINT8 mode,UINT16 interval)2156 void btm_process_mode_change (UINT8 hci_status, UINT16 hci_handle, UINT8 mode, UINT16 interval)
2157 {
2158     tACL_CONN        *p;
2159     UINT8             xx;
2160     BTM_TRACE_DEBUG0 ("btm_process_mode_change");
2161     if (hci_status != HCI_SUCCESS)
2162     {
2163         BTM_TRACE_WARNING1 ("BTM: HCI Mode Change Error Status: 0x%02x", hci_status);
2164     }
2165 
2166     /* Look up the connection by handle and set the current mode */
2167     xx = btm_handle_to_acl_index(hci_handle);
2168 
2169     /* don't assume that we can never get a bad hci_handle */
2170     if (xx >= MAX_L2CAP_LINKS)
2171         return;
2172 
2173     p = &btm_cb.acl_db[xx];
2174 
2175     /* If status is not success mode does not mean anything */
2176     if (hci_status == HCI_SUCCESS)
2177         p->mode = mode;
2178 
2179     /* If mode change was because of an active role switch or change link key */
2180     btm_cont_rswitch_or_chglinkkey(p, btm_find_dev(p->remote_addr), hci_status);
2181 }
2182 #endif /* BTM_PWR_MGR_INCLUDED == FALSE */
2183 
2184 /*******************************************************************************
2185 **
2186 ** Function         btm_process_clk_off_comp_evt
2187 **
2188 ** Description      This function is called when clock offset command completes.
2189 **
2190 ** Input Parms      hci_handle - connection handle associated with the change
2191 **                  clock offset
2192 **
2193 ** Returns          void
2194 **
2195 *******************************************************************************/
btm_process_clk_off_comp_evt(UINT16 hci_handle,UINT16 clock_offset)2196 void btm_process_clk_off_comp_evt (UINT16 hci_handle, UINT16 clock_offset)
2197 {
2198     UINT8      xx;
2199     BTM_TRACE_DEBUG0 ("btm_process_clk_off_comp_evt");
2200     /* Look up the connection by handle and set the current mode */
2201     if ((xx = btm_handle_to_acl_index(hci_handle)) < MAX_L2CAP_LINKS)
2202         btm_cb.acl_db[xx].clock_offset = clock_offset;
2203 }
2204 
2205 /*******************************************************************************
2206 **
2207 ** Function         btm_acl_role_changed
2208 **
2209 ** Description      This function is called whan a link's master/slave role change
2210 **                  event or command status event (with error) is received.
2211 **                  It updates the link control block, and calls
2212 **                  the registered callback with status and role (if registered).
2213 **
2214 ** Returns          void
2215 **
2216 *******************************************************************************/
btm_acl_role_changed(UINT8 hci_status,BD_ADDR bd_addr,UINT8 new_role)2217 void btm_acl_role_changed (UINT8 hci_status, BD_ADDR bd_addr, UINT8 new_role)
2218 {
2219     UINT8                   *p_bda = (bd_addr) ? bd_addr :
2220                                         btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
2221     tACL_CONN               *p = btm_bda_to_acl(p_bda);
2222     tBTM_ROLE_SWITCH_CMPL   *p_data = &btm_cb.devcb.switch_role_ref_data;
2223     tBTM_SEC_DEV_REC        *p_dev_rec;
2224 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
2225     tBTM_BL_ROLE_CHG_DATA   evt;
2226 #endif
2227 
2228     BTM_TRACE_DEBUG0 ("btm_acl_role_changed");
2229     /* Ignore any stray events */
2230     if (p == NULL)
2231     {
2232         /* it could be a failure */
2233         if (hci_status != HCI_SUCCESS)
2234             btm_acl_report_role_change(hci_status, bd_addr);
2235         return;
2236     }
2237 
2238     p_data->hci_status = hci_status;
2239 
2240     if (hci_status == HCI_SUCCESS)
2241     {
2242         p_data->role = new_role;
2243         memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN);
2244 
2245         /* Update cached value */
2246         p->link_role = new_role;
2247         btm_save_remote_device_role(p_bda, new_role);
2248         /* Reload LSTO: link supervision timeout is reset in the LM after a role switch */
2249         if (new_role == BTM_ROLE_MASTER)
2250         {
2251             BTM_SetLinkSuperTout (p->remote_addr, p->link_super_tout);
2252         }
2253     }
2254     else
2255     {
2256         /* so the BTM_BL_ROLE_CHG_EVT uses the old role */
2257         new_role = p->link_role;
2258     }
2259 
2260     /* Check if any SCO req is pending for role change */
2261     btm_sco_chk_pend_rolechange (p->hci_handle);
2262 
2263     /* if switching state is switching we need to turn encryption on */
2264     /* if idle, we did not change encryption */
2265     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING)
2266     {
2267         /* Make sure there's not also a change link key going on before re-enabling */
2268         if (p->change_key_state != BTM_ACL_SWKEY_STATE_SWITCHING)
2269         {
2270             if (btsnd_hcic_set_conn_encrypt (p->hci_handle, TRUE))
2271             {
2272                 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
2273                 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
2274                 return;
2275             }
2276         }
2277         else    /* Set the state and wait for change link key */
2278         {
2279             p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
2280             return;
2281         }
2282     }
2283 
2284     /* Set the switch_role_state to IDLE since the reply received from HCI */
2285     /* regardless of its result either success or failed. */
2286     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS)
2287     {
2288         p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
2289         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
2290     }
2291 
2292     /* if role switch complete is needed, report it now */
2293     btm_acl_report_role_change(hci_status, bd_addr);
2294 
2295 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
2296     /* if role change event is registered, report it now */
2297     if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
2298     {
2299         evt.event       = BTM_BL_ROLE_CHG_EVT;
2300         evt.new_role    = new_role;
2301         evt.p_bda       = p_bda;
2302         evt.hci_status  = hci_status;
2303         (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
2304     }
2305 
2306     BTM_TRACE_DEBUG3("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
2307                      p_data->role, p_data->hci_status, p->switch_role_state);
2308 #endif
2309 
2310 #if BTM_DISC_DURING_RS == TRUE
2311     /* If a disconnect is pending, issue it now that role switch has completed */
2312     if ((p_dev_rec = btm_find_dev (p_bda)) != NULL)
2313     {
2314         if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
2315         {
2316             BTM_TRACE_WARNING0("btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!");
2317             btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
2318         }
2319         BTM_TRACE_ERROR2("tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
2320                          (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending);
2321         p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING;     /* reset flag */
2322     }
2323 
2324 #endif
2325 
2326 }
2327 
2328 #if (RFCOMM_INCLUDED==TRUE)
2329 /*******************************************************************************
2330 **
2331 ** Function         BTM_AllocateSCN
2332 **
2333 ** Description      Look through the Server Channel Numbers for a free one.
2334 **
2335 ** Returns          Allocated SCN number or 0 if none.
2336 **
2337 *******************************************************************************/
2338 
BTM_AllocateSCN(void)2339 UINT8 BTM_AllocateSCN(void)
2340 {
2341     UINT8   x;
2342     BTM_TRACE_DEBUG0 ("BTM_AllocateSCN");
2343 
2344     // stack reserves scn 1 for HFP, HSP we still do the correct way
2345     for (x = 1; x < BTM_MAX_SCN; x++)
2346     {
2347         if (!btm_cb.btm_scn[x])
2348         {
2349             btm_cb.btm_scn[x] = TRUE;
2350             return(x+1);
2351         }
2352     }
2353 
2354     return(0);     /* No free ports */
2355 }
2356 
2357 /*******************************************************************************
2358 **
2359 ** Function         BTM_TryAllocateSCN
2360 **
2361 ** Description      Try to allocate a fixed server channel
2362 **
2363 ** Returns          Returns TRUE if server channel was available
2364 **
2365 *******************************************************************************/
2366 
BTM_TryAllocateSCN(UINT8 scn)2367 BOOLEAN BTM_TryAllocateSCN(UINT8 scn)
2368 {
2369     UINT8   x;
2370 
2371     /* Make sure we don't exceed max port range.
2372      * Stack reserves scn 1 for HFP, HSP we still do the correct way.
2373      */
2374     if ( (scn>=BTM_MAX_SCN) || (scn == 1) )
2375         return FALSE;
2376 
2377     /* check if this port is available */
2378     if (!btm_cb.btm_scn[scn-1])
2379     {
2380         btm_cb.btm_scn[scn-1] = TRUE;
2381         return TRUE;
2382     }
2383 
2384     return (FALSE);     /* Port was busy */
2385 }
2386 
2387 /*******************************************************************************
2388 **
2389 ** Function         BTM_FreeSCN
2390 **
2391 ** Description      Free the specified SCN.
2392 **
2393 ** Returns          TRUE or FALSE
2394 **
2395 *******************************************************************************/
BTM_FreeSCN(UINT8 scn)2396 BOOLEAN BTM_FreeSCN(UINT8 scn)
2397 {
2398     BTM_TRACE_DEBUG0 ("BTM_FreeSCN ");
2399     if (scn <= BTM_MAX_SCN)
2400     {
2401         btm_cb.btm_scn[scn-1] = FALSE;
2402         return(TRUE);
2403     }
2404     else
2405         return(FALSE);      /* Illegal SCN passed in */
2406 }
2407 
2408 #else
2409 
2410 /* Make dummy functions for the RPC to link against */
BTM_AllocateSCN(void)2411 UINT8 BTM_AllocateSCN(void)
2412 {
2413     return(0);
2414 }
2415 
BTM_FreeSCN(UINT8 scn)2416 BOOLEAN BTM_FreeSCN(UINT8 scn)
2417 {
2418     return(FALSE);
2419 }
2420 
2421 #endif
2422 
2423 
2424 /*******************************************************************************
2425 **
2426 ** Function         btm_acl_timeout
2427 **
2428 ** Description      This function is called when a timer list entry expires.
2429 **
2430 ** Returns          void
2431 **
2432 *******************************************************************************/
btm_acl_timeout(TIMER_LIST_ENT * p_tle)2433 void btm_acl_timeout (TIMER_LIST_ENT  *p_tle)
2434 {
2435     UINT32 timer_type = p_tle->param;
2436 
2437     BTM_TRACE_DEBUG0 ("btm_acl_timeout");
2438     if (timer_type == TT_DEV_RLNKP)
2439     {
2440         tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_rlinkp_cmpl_cb;
2441         tBTM_LNK_POLICY_RESULTS  lnkpol;
2442 
2443         lnkpol.status = BTM_ERR_PROCESSING;
2444         lnkpol.settings = 0;
2445 
2446         btm_cb.devcb.p_rlinkp_cmpl_cb = NULL;
2447 
2448         if (p_cb)
2449             (*p_cb)(&lnkpol);
2450     }
2451 }
2452 
2453 /*******************************************************************************
2454 **
2455 ** Function         btm_set_packet_types
2456 **
2457 ** Description      This function sets the packet types used for a specific
2458 **                  ACL connection. It is called internally by btm_acl_created
2459 **                  or by an application/profile by BTM_SetPacketTypes.
2460 **
2461 ** Returns          status of the operation
2462 **
2463 *******************************************************************************/
btm_set_packet_types(tACL_CONN * p,UINT16 pkt_types)2464 tBTM_STATUS btm_set_packet_types (tACL_CONN *p, UINT16 pkt_types)
2465 {
2466     UINT16 temp_pkt_types;
2467     BTM_TRACE_DEBUG0 ("btm_set_packet_types");
2468     /* Save in the ACL control blocks, types that we support */
2469     temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK &
2470                       btm_cb.btm_acl_pkt_types_supported);
2471 
2472     /* OR in any exception packet types if at least 2.0 version of spec */
2473     if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0)
2474     {
2475         temp_pkt_types |= ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) |
2476                            (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK));
2477     }
2478     else
2479     {
2480         temp_pkt_types &= (~BTM_ACL_EXCEPTION_PKTS_MASK);
2481     }
2482 
2483     /* Exclude packet types not supported by the peer */
2484     btm_acl_chk_peer_pkt_type_support (p, &temp_pkt_types);
2485 
2486     BTM_TRACE_DEBUG1 ("SetPacketType Mask -> 0x%04x", temp_pkt_types);
2487 
2488     if (!btsnd_hcic_change_conn_type (p->hci_handle, temp_pkt_types))
2489     {
2490         return(BTM_NO_RESOURCES);
2491     }
2492 
2493     p->pkt_types_mask = temp_pkt_types;
2494 
2495     return(BTM_CMD_STARTED);
2496 }
2497 
2498 /*******************************************************************************
2499 **
2500 ** Function         btm_get_max_packet_size
2501 **
2502 ** Returns          Returns maximum packet size that can be used for current
2503 **                  connection, 0 if connection is not established
2504 **
2505 *******************************************************************************/
btm_get_max_packet_size(BD_ADDR addr)2506 UINT16 btm_get_max_packet_size (BD_ADDR addr)
2507 {
2508     tACL_CONN   *p = btm_bda_to_acl(addr);
2509     UINT16      pkt_types = 0;
2510     UINT16      pkt_size = 0;
2511     BTM_TRACE_DEBUG0 ("btm_get_max_packet_size");
2512     if (p != NULL)
2513     {
2514         pkt_types = p->pkt_types_mask;
2515     }
2516     else
2517     {
2518         /* Special case for when info for the local device is requested */
2519         if (memcmp (btm_cb.devcb.local_addr, addr, BD_ADDR_LEN) == 0)
2520         {
2521             pkt_types = btm_cb.btm_acl_pkt_types_supported;
2522         }
2523     }
2524 
2525     if (pkt_types)
2526     {
2527         if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5))
2528             pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
2529         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5))
2530             pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
2531         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3))
2532             pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
2533         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5)
2534             pkt_size = HCI_DH5_PACKET_SIZE;
2535         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3))
2536             pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
2537         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5)
2538             pkt_size = HCI_DM5_PACKET_SIZE;
2539         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3)
2540             pkt_size = HCI_DH3_PACKET_SIZE;
2541         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3)
2542             pkt_size = HCI_DM3_PACKET_SIZE;
2543         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1))
2544             pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
2545         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1))
2546             pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
2547         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1)
2548             pkt_size = HCI_DH1_PACKET_SIZE;
2549         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1)
2550             pkt_size = HCI_DM1_PACKET_SIZE;
2551     }
2552 
2553    return(pkt_size);
2554 }
2555 
2556 /*******************************************************************************
2557 **
2558 ** Function         BTM_ReadRemoteVersion
2559 **
2560 ** Returns          If connected report peer device info
2561 **
2562 *******************************************************************************/
BTM_ReadRemoteVersion(BD_ADDR addr,UINT8 * lmp_version,UINT16 * manufacturer,UINT16 * lmp_sub_version)2563 tBTM_STATUS BTM_ReadRemoteVersion (BD_ADDR addr, UINT8 *lmp_version,
2564                                    UINT16 *manufacturer, UINT16 *lmp_sub_version)
2565 {
2566     tACL_CONN        *p = btm_bda_to_acl(addr);
2567     BTM_TRACE_DEBUG0 ("BTM_ReadRemoteVersion");
2568     if (p == NULL)
2569         return(BTM_UNKNOWN_ADDR);
2570 
2571     if (lmp_version)
2572         *lmp_version = p->lmp_version;
2573 
2574     if (manufacturer)
2575         *manufacturer = p->manufacturer;
2576 
2577     if (lmp_sub_version)
2578         *lmp_sub_version = p->lmp_subversion;
2579 
2580     return(BTM_SUCCESS);
2581 }
2582 
2583 /*******************************************************************************
2584 **
2585 ** Function         BTM_ReadRemoteFeatures
2586 **
2587 ** Returns          pointer to the remote supported features mask (8 bytes)
2588 **
2589 *******************************************************************************/
BTM_ReadRemoteFeatures(BD_ADDR addr)2590 UINT8 *BTM_ReadRemoteFeatures (BD_ADDR addr)
2591 {
2592     tACL_CONN        *p = btm_bda_to_acl(addr);
2593     BTM_TRACE_DEBUG0 ("BTM_ReadRemoteFeatures");
2594     if (p == NULL)
2595     {
2596         return(NULL);
2597     }
2598 
2599     return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
2600 }
2601 
2602 /*******************************************************************************
2603 **
2604 ** Function         BTM_ReadRemoteExtendedFeatures
2605 **
2606 ** Returns          pointer to the remote extended features mask (8 bytes)
2607 **                  or NULL if bad page
2608 **
2609 *******************************************************************************/
BTM_ReadRemoteExtendedFeatures(BD_ADDR addr,UINT8 page_number)2610 UINT8 *BTM_ReadRemoteExtendedFeatures (BD_ADDR addr, UINT8 page_number)
2611 {
2612     tACL_CONN        *p = btm_bda_to_acl(addr);
2613     BTM_TRACE_DEBUG0 ("BTM_ReadRemoteExtendedFeatures");
2614     if (p == NULL)
2615     {
2616         return(NULL);
2617     }
2618 
2619     if (page_number > HCI_EXT_FEATURES_PAGE_MAX)
2620     {
2621         BTM_TRACE_ERROR1("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown", page_number);
2622         return NULL;
2623     }
2624 
2625     return(p->peer_lmp_features[page_number]);
2626 }
2627 
2628 /*******************************************************************************
2629 **
2630 ** Function         BTM_ReadNumberRemoteFeaturesPages
2631 **
2632 ** Returns          number of features pages read from the remote device.
2633 **
2634 *******************************************************************************/
BTM_ReadNumberRemoteFeaturesPages(BD_ADDR addr)2635 UINT8 BTM_ReadNumberRemoteFeaturesPages (BD_ADDR addr)
2636 {
2637     tACL_CONN        *p = btm_bda_to_acl(addr);
2638     BTM_TRACE_DEBUG0 ("BTM_ReadNumberRemoteFeaturesPages");
2639     if (p == NULL)
2640     {
2641         return(0);
2642     }
2643 
2644     return(p->num_read_pages);
2645 }
2646 
2647 /*******************************************************************************
2648 **
2649 ** Function         BTM_ReadAllRemoteFeatures
2650 **
2651 ** Returns          pointer to all features of the remote (24 bytes).
2652 **
2653 *******************************************************************************/
BTM_ReadAllRemoteFeatures(BD_ADDR addr)2654 UINT8 *BTM_ReadAllRemoteFeatures (BD_ADDR addr)
2655 {
2656     tACL_CONN        *p = btm_bda_to_acl(addr);
2657     BTM_TRACE_DEBUG0 ("BTM_ReadAllRemoteFeatures");
2658     if (p == NULL)
2659     {
2660         return(NULL);
2661     }
2662 
2663     return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
2664 }
2665 
2666 /*******************************************************************************
2667 **
2668 ** Function         BTM_RegBusyLevelNotif
2669 **
2670 ** Description      This function is called to register a callback to receive
2671 **                  busy level change events.
2672 **
2673 ** Returns          BTM_SUCCESS if successfully registered, otherwise error
2674 **
2675 *******************************************************************************/
2676 #if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB * p_cb,UINT8 * p_level,tBTM_BL_EVENT_MASK evt_mask)2677 tBTM_STATUS BTM_RegBusyLevelNotif (tBTM_BL_CHANGE_CB *p_cb, UINT8 *p_level,
2678                                    tBTM_BL_EVENT_MASK evt_mask)
2679 {
2680     BTM_TRACE_DEBUG0 ("BTM_RegBusyLevelNotif");
2681     if (p_level)
2682         *p_level = btm_cb.busy_level;
2683 
2684     btm_cb.bl_evt_mask = evt_mask;
2685 
2686     if (!p_cb)
2687         btm_cb.p_bl_changed_cb = NULL;
2688     else if (btm_cb.p_bl_changed_cb)
2689         return(BTM_BUSY);
2690     else
2691         btm_cb.p_bl_changed_cb = p_cb;
2692 
2693     return(BTM_SUCCESS);
2694 }
2695 #else
2696 /*******************************************************************************
2697 **
2698 ** Function         BTM_AclRegisterForChanges
2699 **
2700 ** Returns          This function is called to register a callback for when the
2701 **                  ACL database changes, i.e. new entry or entry deleted.
2702 **
2703 *******************************************************************************/
BTM_AclRegisterForChanges(tBTM_ACL_DB_CHANGE_CB * p_cb)2704 tBTM_STATUS BTM_AclRegisterForChanges (tBTM_ACL_DB_CHANGE_CB *p_cb)
2705 {
2706     BTM_TRACE_DEBUG0 ("BTM_AclRegisterForChanges");
2707     if (!p_cb)
2708         btm_cb.p_acl_changed_cb = NULL;
2709     else if (btm_cb.p_acl_changed_cb)
2710         return(BTM_BUSY);
2711     else
2712         btm_cb.p_acl_changed_cb = p_cb;
2713 
2714     return(BTM_SUCCESS);
2715 }
2716 #endif
2717 
2718 /*******************************************************************************
2719 **
2720 ** Function         BTM_SetQoS
2721 **
2722 ** Description      This function is called to setup QoS
2723 **
2724 ** Returns          status of the operation
2725 **
2726 *******************************************************************************/
BTM_SetQoS(BD_ADDR bd,FLOW_SPEC * p_flow,tBTM_CMPL_CB * p_cb)2727 tBTM_STATUS BTM_SetQoS (BD_ADDR bd, FLOW_SPEC *p_flow, tBTM_CMPL_CB *p_cb)
2728 {
2729     tACL_CONN   *p = &btm_cb.acl_db[0];
2730 
2731     BTM_TRACE_API6 ("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x",
2732                     bd[0], bd[1], bd[2],
2733                     bd[3], bd[4], bd[5]);
2734 
2735     /* If someone already waiting on the version, do not allow another */
2736     if (btm_cb.devcb.p_qossu_cmpl_cb)
2737         return(BTM_BUSY);
2738 
2739     if ( (p = btm_bda_to_acl(bd)) != NULL)
2740     {
2741         btu_start_timer (&btm_cb.devcb.qossu_timer, BTU_TTYPE_BTM_ACL, BTM_DEV_REPLY_TIMEOUT);
2742         btm_cb.devcb.p_qossu_cmpl_cb = p_cb;
2743 
2744         if (!btsnd_hcic_qos_setup (p->hci_handle, p_flow->qos_flags, p_flow->service_type,
2745                                    p_flow->token_rate, p_flow->peak_bandwidth,
2746                                    p_flow->latency,p_flow->delay_variation))
2747         {
2748             btm_cb.devcb.p_qossu_cmpl_cb = NULL;
2749             btu_stop_timer(&btm_cb.devcb.qossu_timer);
2750             return(BTM_NO_RESOURCES);
2751         }
2752         else
2753             return(BTM_CMD_STARTED);
2754     }
2755 
2756     /* If here, no BD Addr found */
2757     return(BTM_UNKNOWN_ADDR);
2758 }
2759 
2760 /*******************************************************************************
2761 **
2762 ** Function         btm_qos_setup_complete
2763 **
2764 ** Description      This function is called when the command complete message
2765 **                  is received from the HCI for the qos setup request.
2766 **
2767 ** Returns          void
2768 **
2769 *******************************************************************************/
btm_qos_setup_complete(UINT8 status,UINT16 handle,FLOW_SPEC * p_flow)2770 void btm_qos_setup_complete (UINT8 status, UINT16 handle, FLOW_SPEC *p_flow)
2771 {
2772     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_qossu_cmpl_cb;
2773     tBTM_QOS_SETUP_CMPL     qossu;
2774     BTM_TRACE_DEBUG0 ("btm_qos_setup_complete");
2775     btu_stop_timer (&btm_cb.devcb.qossu_timer);
2776 
2777     btm_cb.devcb.p_qossu_cmpl_cb = NULL;
2778 
2779     if (p_cb)
2780     {
2781         memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL));
2782         qossu.status = status;
2783         qossu.handle = handle;
2784         if (p_flow != NULL)
2785         {
2786             qossu.flow.qos_flags = p_flow->qos_flags;
2787             qossu.flow.service_type = p_flow->service_type;
2788             qossu.flow.token_rate = p_flow->token_rate;
2789             qossu.flow.peak_bandwidth = p_flow->peak_bandwidth;
2790             qossu.flow.latency = p_flow->latency;
2791             qossu.flow.delay_variation = p_flow->delay_variation;
2792         }
2793         BTM_TRACE_DEBUG1 ("BTM: p_flow->delay_variation: 0x%02x",
2794                           qossu.flow.delay_variation);
2795         (*p_cb)(&qossu);
2796     }
2797 }
2798 
2799 
2800 /*******************************************************************************
2801 **
2802 ** Function         BTM_ReadRSSI
2803 **
2804 ** Description      This function is called to read the link policy settings.
2805 **                  The address of link policy results are returned in the callback.
2806 **                  (tBTM_RSSI_RESULTS)
2807 **
2808 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
2809 **
2810 *******************************************************************************/
BTM_ReadRSSI(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)2811 tBTM_STATUS BTM_ReadRSSI (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
2812 {
2813     tACL_CONN   *p;
2814 
2815     BTM_TRACE_API6 ("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2816                     remote_bda[0], remote_bda[1], remote_bda[2],
2817                     remote_bda[3], remote_bda[4], remote_bda[5]);
2818 
2819     /* If someone already waiting on the version, do not allow another */
2820     if (btm_cb.devcb.p_rssi_cmpl_cb)
2821         return(BTM_BUSY);
2822 
2823     p = btm_bda_to_acl(remote_bda);
2824     if (p != (tACL_CONN *)NULL)
2825     {
2826         btu_start_timer (&btm_cb.devcb.rssi_timer, BTU_TTYPE_BTM_ACL,
2827                          BTM_DEV_REPLY_TIMEOUT);
2828 
2829         btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
2830 
2831         if (!btsnd_hcic_read_rssi (p->hci_handle))
2832         {
2833             btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2834             btu_stop_timer (&btm_cb.devcb.rssi_timer);
2835             return(BTM_NO_RESOURCES);
2836         }
2837         else
2838             return(BTM_CMD_STARTED);
2839     }
2840 
2841     /* If here, no BD Addr found */
2842     return(BTM_UNKNOWN_ADDR);
2843 }
2844 
2845 /*******************************************************************************
2846 **
2847 ** Function         BTM_ReadLinkQuality
2848 **
2849 ** Description      This function is called to read the link qulaity.
2850 **                  The value of the link quality is returned in the callback.
2851 **                  (tBTM_LINK_QUALITY_RESULTS)
2852 **
2853 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
2854 **
2855 *******************************************************************************/
BTM_ReadLinkQuality(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)2856 tBTM_STATUS BTM_ReadLinkQuality (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
2857 {
2858     tACL_CONN   *p;
2859 
2860     BTM_TRACE_API6 ("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2861                     remote_bda[0], remote_bda[1], remote_bda[2],
2862                     remote_bda[3], remote_bda[4], remote_bda[5]);
2863 
2864     /* If someone already waiting on the version, do not allow another */
2865     if (btm_cb.devcb.p_lnk_qual_cmpl_cb)
2866         return(BTM_BUSY);
2867 
2868     p = btm_bda_to_acl(remote_bda);
2869     if (p != (tACL_CONN *)NULL)
2870     {
2871         btu_start_timer (&btm_cb.devcb.lnk_quality_timer, BTU_TTYPE_BTM_ACL,
2872                          BTM_DEV_REPLY_TIMEOUT);
2873         btm_cb.devcb.p_lnk_qual_cmpl_cb = p_cb;
2874 
2875         if (!btsnd_hcic_get_link_quality (p->hci_handle))
2876         {
2877             btu_stop_timer (&btm_cb.devcb.lnk_quality_timer);
2878             btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL;
2879             return(BTM_NO_RESOURCES);
2880         }
2881         else
2882             return(BTM_CMD_STARTED);
2883     }
2884 
2885     /* If here, no BD Addr found */
2886     return(BTM_UNKNOWN_ADDR);
2887 }
2888 
2889 /*******************************************************************************
2890 **
2891 ** Function         BTM_ReadTxPower
2892 **
2893 ** Description      This function is called to read the current
2894 **                  TX power of the connection. The tx power level results
2895 **                  are returned in the callback.
2896 **                  (tBTM_RSSI_RESULTS)
2897 **
2898 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
2899 **
2900 *******************************************************************************/
BTM_ReadTxPower(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)2901 tBTM_STATUS BTM_ReadTxPower (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
2902 {
2903     tACL_CONN   *p;
2904     BOOLEAN     ret;
2905 #define BTM_READ_RSSI_TYPE_CUR  0x00
2906 #define BTM_READ_RSSI_TYPE_MAX  0X01
2907 
2908     BTM_TRACE_API6 ("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2909                     remote_bda[0], remote_bda[1], remote_bda[2],
2910                     remote_bda[3], remote_bda[4], remote_bda[5]);
2911 
2912     /* If someone already waiting on the version, do not allow another */
2913     if (btm_cb.devcb.p_tx_power_cmpl_cb)
2914         return(BTM_BUSY);
2915 
2916     p = btm_bda_to_acl(remote_bda);
2917     if (p != (tACL_CONN *)NULL)
2918     {
2919         btu_start_timer (&btm_cb.devcb.tx_power_timer, BTU_TTYPE_BTM_ACL,
2920                          BTM_DEV_REPLY_TIMEOUT);
2921 
2922         btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
2923 
2924 #if BLE_INCLUDED == TRUE
2925         if (p->is_le_link)
2926         {
2927             memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN);
2928             ret = btsnd_hcic_ble_read_adv_chnl_tx_power();
2929         }
2930         else
2931 #endif
2932         {
2933             ret = btsnd_hcic_read_tx_power (p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
2934         }
2935         if (!ret)
2936         {
2937             btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2938             btu_stop_timer (&btm_cb.devcb.tx_power_timer);
2939             return(BTM_NO_RESOURCES);
2940         }
2941         else
2942             return(BTM_CMD_STARTED);
2943     }
2944 
2945     /* If here, no BD Addr found */
2946     return (BTM_UNKNOWN_ADDR);
2947 }
2948 /*******************************************************************************
2949 **
2950 ** Function         btm_read_tx_power_complete
2951 **
2952 ** Description      This function is called when the command complete message
2953 **                  is received from the HCI for the read tx power request.
2954 **
2955 ** Returns          void
2956 **
2957 *******************************************************************************/
btm_read_tx_power_complete(UINT8 * p,BOOLEAN is_ble)2958 void btm_read_tx_power_complete (UINT8 *p, BOOLEAN is_ble)
2959 {
2960     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
2961     tBTM_TX_POWER_RESULTS   results;
2962     UINT16                   handle;
2963     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2964     UINT16                   index;
2965     BTM_TRACE_DEBUG0 ("btm_read_tx_power_complete");
2966     btu_stop_timer (&btm_cb.devcb.tx_power_timer);
2967 
2968     /* If there was a callback registered for read rssi, call it */
2969     btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2970 
2971     if (p_cb)
2972     {
2973         STREAM_TO_UINT8  (results.hci_status, p);
2974 
2975         if (results.hci_status == HCI_SUCCESS)
2976         {
2977             results.status = BTM_SUCCESS;
2978 
2979             if (!is_ble)
2980             {
2981                 STREAM_TO_UINT16 (handle, p);
2982                 STREAM_TO_UINT8 (results.tx_power, p);
2983 
2984                 /* Search through the list of active channels for the correct BD Addr */
2985                 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2986                 {
2987                     if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2988                     {
2989                         memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2990                         break;
2991                     }
2992                 }
2993             }
2994 #if BLE_INCLUDED == TRUE
2995             else
2996             {
2997                 STREAM_TO_UINT8 (results.tx_power, p);
2998                 memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN);
2999             }
3000 #endif
3001             BTM_TRACE_DEBUG2 ("BTM TX power Complete: tx_power %d, hci status 0x%02x",
3002                                   results.tx_power, results.hci_status);
3003         }
3004         else
3005             results.status = BTM_ERR_PROCESSING;
3006 
3007         (*p_cb)(&results);
3008     }
3009 }
3010 
3011 /*******************************************************************************
3012 **
3013 ** Function         btm_read_rssi_complete
3014 **
3015 ** Description      This function is called when the command complete message
3016 **                  is received from the HCI for the read rssi request.
3017 **
3018 ** Returns          void
3019 **
3020 *******************************************************************************/
btm_read_rssi_complete(UINT8 * p)3021 void btm_read_rssi_complete (UINT8 *p)
3022 {
3023     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
3024     tBTM_RSSI_RESULTS        results;
3025     UINT16                   handle;
3026     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
3027     UINT16                   index;
3028     BTM_TRACE_DEBUG0 ("btm_read_rssi_complete");
3029     btu_stop_timer (&btm_cb.devcb.rssi_timer);
3030 
3031     /* If there was a callback registered for read rssi, call it */
3032     btm_cb.devcb.p_rssi_cmpl_cb = NULL;
3033 
3034     if (p_cb)
3035     {
3036         STREAM_TO_UINT8  (results.hci_status, p);
3037 
3038         if (results.hci_status == HCI_SUCCESS)
3039         {
3040             results.status = BTM_SUCCESS;
3041 
3042             STREAM_TO_UINT16 (handle, p);
3043 
3044             STREAM_TO_UINT8 (results.rssi, p);
3045             BTM_TRACE_DEBUG2 ("BTM RSSI Complete: rssi %d, hci status 0x%02x",
3046                               results.rssi, results.hci_status);
3047 
3048             /* Search through the list of active channels for the correct BD Addr */
3049             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
3050             {
3051                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
3052                 {
3053                     memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
3054                     break;
3055                 }
3056             }
3057         }
3058         else
3059             results.status = BTM_ERR_PROCESSING;
3060 
3061         (*p_cb)(&results);
3062     }
3063 }
3064 
3065 /*******************************************************************************
3066 **
3067 ** Function         btm_read_link_quality_complete
3068 **
3069 ** Description      This function is called when the command complete message
3070 **                  is received from the HCI for the read link quality.
3071 **
3072 ** Returns          void
3073 **
3074 *******************************************************************************/
btm_read_link_quality_complete(UINT8 * p)3075 void btm_read_link_quality_complete (UINT8 *p)
3076 {
3077     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_lnk_qual_cmpl_cb;
3078     tBTM_LINK_QUALITY_RESULTS results;
3079     UINT16                   handle;
3080     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
3081     UINT16                   index;
3082     BTM_TRACE_DEBUG0 ("btm_read_link_quality_complete");
3083     btu_stop_timer (&btm_cb.devcb.lnk_quality_timer);
3084 
3085     /* If there was a callback registered for read rssi, call it */
3086     btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL;
3087 
3088     if (p_cb)
3089     {
3090         STREAM_TO_UINT8  (results.hci_status, p);
3091 
3092         if (results.hci_status == HCI_SUCCESS)
3093         {
3094             results.status = BTM_SUCCESS;
3095 
3096             STREAM_TO_UINT16 (handle, p);
3097 
3098             STREAM_TO_UINT8 (results.link_quality, p);
3099             BTM_TRACE_DEBUG2 ("BTM Link Quality Complete: Link Quality %d, hci status 0x%02x",
3100                               results.link_quality, results.hci_status);
3101 
3102             /* Search through the list of active channels for the correct BD Addr */
3103             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
3104             {
3105                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
3106                 {
3107                     memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
3108                     break;
3109                 }
3110             }
3111         }
3112         else
3113             results.status = BTM_ERR_PROCESSING;
3114 
3115         (*p_cb)(&results);
3116     }
3117 }
3118 
3119 /*******************************************************************************
3120 **
3121 ** Function         btm_remove_acl
3122 **
3123 ** Description      This function is called to disconnect an ACL connection
3124 **
3125 ** Returns          BTM_SUCCESS if successfully initiated, otherwise BTM_NO_RESOURCES.
3126 **
3127 *******************************************************************************/
btm_remove_acl(BD_ADDR bd_addr)3128 tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr)
3129 {
3130     UINT16  hci_handle = BTM_GetHCIConnHandle(bd_addr);
3131     tBTM_STATUS status = BTM_SUCCESS;
3132 
3133     BTM_TRACE_DEBUG0 ("btm_remove_acl");
3134 #if BTM_DISC_DURING_RS == TRUE
3135     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
3136 
3137     /* Role Switch is pending, postpone until completed */
3138     if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING))
3139     {
3140         p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING;
3141     }
3142     else    /* otherwise can disconnect right away */
3143 #endif
3144     {
3145         if (hci_handle != 0xFFFF)
3146         {
3147             if (!btsnd_hcic_disconnect (hci_handle, HCI_ERR_PEER_USER))
3148                 status = BTM_NO_RESOURCES;
3149         }
3150         else
3151             status = BTM_UNKNOWN_ADDR;
3152     }
3153 
3154     return status;
3155 }
3156 
3157 
3158 /*******************************************************************************
3159 **
3160 ** Function         BTM_SetTraceLevel
3161 **
3162 ** Description      This function sets the trace level for BTM.  If called with
3163 **                  a value of 0xFF, it simply returns the current trace level.
3164 **
3165 ** Returns          The new or current trace level
3166 **
3167 *******************************************************************************/
BTM_SetTraceLevel(UINT8 new_level)3168 UINT8 BTM_SetTraceLevel (UINT8 new_level)
3169 {
3170     BTM_TRACE_DEBUG0 ("BTM_SetTraceLevel");
3171     if (new_level != 0xFF)
3172         btm_cb.trace_level = new_level;
3173 
3174     return(btm_cb.trace_level);
3175 }
3176 
3177 /*******************************************************************************
3178 **
3179 ** Function         btm_cont_rswitch_or_chglinkkey
3180 **
3181 ** Description      This function is called to continue processing an active
3182 **                  role switch or change of link key procedure.  It first
3183 **                  disables encryption if enabled and EPR is not supported
3184 **
3185 ** Returns          void
3186 **
3187 *******************************************************************************/
btm_cont_rswitch_or_chglinkkey(tACL_CONN * p,tBTM_SEC_DEV_REC * p_dev_rec,UINT8 hci_status)3188 void btm_cont_rswitch_or_chglinkkey (tACL_CONN *p, tBTM_SEC_DEV_REC *p_dev_rec,
3189                                      UINT8 hci_status)
3190 {
3191     BOOLEAN sw_ok = TRUE;
3192     BOOLEAN chlk_ok = TRUE;
3193     BTM_TRACE_DEBUG0 ("btm_cont_rswitch_or_chglinkkey ");
3194     /* Check to see if encryption needs to be turned off if pending
3195        change of link key or role switch */
3196     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE ||
3197         p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3198     {
3199         /* Must turn off Encryption first if necessary */
3200         /* Some devices do not support switch or change of link key while encryption is on */
3201         if (p_dev_rec != NULL && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
3202             && !BTM_EPR_AVAILABLE(p))
3203         {
3204             if (btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
3205             {
3206                 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
3207                 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3208                     p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
3209 
3210                 if (p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3211                     p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
3212             }
3213             else
3214             {
3215                 /* Error occurred; set states back to Idle */
3216                 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3217                     sw_ok = FALSE;
3218 
3219                 if (p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3220                     chlk_ok = FALSE;
3221             }
3222         }
3223         else    /* Encryption not used or EPR supported, continue with switch
3224                    and/or change of link key */
3225         {
3226             if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3227             {
3228                 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
3229 #if BTM_DISC_DURING_RS == TRUE
3230                 if (p_dev_rec)
3231                     p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
3232 #endif
3233                 sw_ok = btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role);
3234             }
3235 
3236             if (p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
3237             {
3238                 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
3239                 chlk_ok = btsnd_hcic_change_link_key (p->hci_handle);
3240             }
3241         }
3242 
3243         if (!sw_ok)
3244         {
3245             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
3246             btm_acl_report_role_change(hci_status, p->remote_addr);
3247         }
3248 
3249         if (!chlk_ok)
3250         {
3251             p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE;
3252             if (btm_cb.devcb.p_chg_link_key_cb)
3253             {
3254                 btm_cb.devcb.chg_link_key_ref_data.hci_status = hci_status;
3255                 (*btm_cb.devcb.p_chg_link_key_cb)(&btm_cb.devcb.chg_link_key_ref_data);
3256                 btm_cb.devcb.p_chg_link_key_cb = NULL;
3257             }
3258         }
3259     }
3260 }
3261 
3262 /*******************************************************************************
3263 **
3264 ** Function         btm_acl_resubmit_page
3265 **
3266 ** Description      send pending page request
3267 **
3268 *******************************************************************************/
btm_acl_resubmit_page(void)3269 void btm_acl_resubmit_page (void)
3270 {
3271     tBTM_SEC_DEV_REC *p_dev_rec;
3272     BT_HDR  *p_buf;
3273     UINT8   *pp;
3274     BD_ADDR bda;
3275     BTM_TRACE_DEBUG0 ("btm_acl_resubmit_page");
3276     /* If there were other page request schedule can start the next one */
3277     if ((p_buf = (BT_HDR *)GKI_dequeue (&btm_cb.page_queue)) != NULL)
3278     {
3279         /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
3280          * for both create_conn and rmt_name */
3281         pp = (UINT8 *)(p_buf + 1) + p_buf->offset + 3;
3282 
3283         STREAM_TO_BDADDR (bda, pp);
3284 
3285         p_dev_rec = btm_find_or_alloc_dev (bda);
3286 
3287         memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr,   BD_ADDR_LEN);
3288         memcpy (btm_cb.connecting_dc,  p_dev_rec->dev_class, DEV_CLASS_LEN);
3289 
3290         btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
3291     }
3292     else
3293         btm_cb.paging = FALSE;
3294 }
3295 
3296 /*******************************************************************************
3297 **
3298 ** Function         btm_acl_reset_paging
3299 **
3300 ** Description      set paging to FALSE and free the page queue - called at hci_reset
3301 **
3302 *******************************************************************************/
btm_acl_reset_paging(void)3303 void  btm_acl_reset_paging (void)
3304 {
3305     BT_HDR *p;
3306     BTM_TRACE_DEBUG0 ("btm_acl_reset_paging");
3307     /* If we sent reset we are definitely not paging any more */
3308     while ((p = (BT_HDR *)GKI_dequeue(&btm_cb.page_queue)) != NULL)
3309         GKI_freebuf (p);
3310 
3311     btm_cb.paging = FALSE;
3312 }
3313 
3314 /*******************************************************************************
3315 **
3316 ** Function         btm_acl_set_discing
3317 **
3318 ** Description      set discing to the given value
3319 **
3320 *******************************************************************************/
btm_acl_set_discing(BOOLEAN discing)3321 void  btm_acl_set_discing (BOOLEAN discing)
3322 {
3323     BTM_TRACE_DEBUG0 ("btm_acl_set_discing");
3324     btm_cb.discing = discing;
3325 }
3326 
3327 /*******************************************************************************
3328 **
3329 ** Function         btm_acl_paging
3330 **
3331 ** Description      send a paging command or queue it in btm_cb
3332 **
3333 *******************************************************************************/
btm_acl_paging(BT_HDR * p,BD_ADDR bda)3334 void  btm_acl_paging (BT_HDR *p, BD_ADDR bda)
3335 {
3336     tBTM_SEC_DEV_REC *p_dev_rec;
3337 
3338     BTM_TRACE_DEBUG4 ("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x",
3339                       btm_cb.discing, btm_cb.paging,
3340                       (bda[0]<<16) + (bda[1]<<8) + bda[2], (bda[3]<<16) + (bda[4] << 8) + bda[5]);
3341     if (btm_cb.discing)
3342     {
3343         btm_cb.paging = TRUE;
3344         GKI_enqueue (&btm_cb.page_queue, p);
3345     }
3346     else
3347     {
3348         if (!BTM_ACL_IS_CONNECTED (bda))
3349         {
3350             BTM_TRACE_DEBUG2 ("connecting_bda: %06x%06x",
3351                               (btm_cb.connecting_bda[0]<<16) + (btm_cb.connecting_bda[1]<<8) +
3352                                btm_cb.connecting_bda[2],
3353                               (btm_cb.connecting_bda[3]<<16) + (btm_cb.connecting_bda[4] << 8) +
3354                                btm_cb.connecting_bda[5]);
3355             if (btm_cb.paging &&
3356                 memcmp (bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0)
3357             {
3358                 GKI_enqueue (&btm_cb.page_queue, p);
3359             }
3360             else
3361             {
3362                 p_dev_rec = btm_find_or_alloc_dev (bda);
3363                 memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr,   BD_ADDR_LEN);
3364                 memcpy (btm_cb.connecting_dc,  p_dev_rec->dev_class, DEV_CLASS_LEN);
3365 
3366                 btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
3367             }
3368 
3369             btm_cb.paging = TRUE;
3370         }
3371         else /* ACL is already up */
3372         {
3373             btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
3374         }
3375     }
3376 }
3377 
3378 /*******************************************************************************
3379 **
3380 ** Function         btm_acl_notif_conn_collision
3381 **
3382 ** Description      Send connection collision event to upper layer if registered
3383 **
3384 ** Returns          TRUE if sent out to upper layer,
3385 **                  FALSE if BTM_BUSY_LEVEL_CHANGE_INCLUDED == FALSE, or no one
3386 **                  needs the notification.
3387 **
3388 **          Note: Function only used if BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE
3389 **
3390 *******************************************************************************/
btm_acl_notif_conn_collision(BD_ADDR bda)3391 BOOLEAN  btm_acl_notif_conn_collision (BD_ADDR bda)
3392 {
3393 #if (BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE)
3394     tBTM_BL_EVENT_DATA  evt_data;
3395 
3396     /* Report possible collision to the upper layer. */
3397     if (btm_cb.p_bl_changed_cb)
3398     {
3399         BTM_TRACE_DEBUG6 ("btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x",
3400                           bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
3401 
3402         evt_data.event = BTM_BL_COLLISION_EVT;
3403         evt_data.conn.p_bda = bda;
3404         (*btm_cb.p_bl_changed_cb)(&evt_data);
3405         return TRUE;
3406     }
3407     else
3408         return FALSE;
3409 #else
3410     return FALSE;
3411 #endif
3412 }
3413 
3414 
3415 /*******************************************************************************
3416 **
3417 ** Function         btm_acl_chk_peer_pkt_type_support
3418 **
3419 ** Description      Check if peer supports requested packets
3420 **
3421 *******************************************************************************/
btm_acl_chk_peer_pkt_type_support(tACL_CONN * p,UINT16 * p_pkt_type)3422 void btm_acl_chk_peer_pkt_type_support (tACL_CONN *p, UINT16 *p_pkt_type)
3423 {
3424     /* 3 and 5 slot packets? */
3425     if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3426         *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 +BTM_ACL_PKT_TYPES_MASK_DM3);
3427 
3428     if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3429         *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5);
3430 
3431     /* If HCI version > 2.0, then also check EDR packet types */
3432     if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0)
3433     {
3434         /* 2 and 3 MPS support? */
3435         if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3436             /* Not supported. Add 'not_supported' mask for all 2MPS packet types */
3437             *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 +
3438                                 BTM_ACL_PKT_TYPES_MASK_NO_2_DH5);
3439 
3440         if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3441             /* Not supported. Add 'not_supported' mask for all 3MPS packet types */
3442             *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 +
3443                                 BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
3444 
3445         /* EDR 3 and 5 slot support? */
3446         if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])
3447          || HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3448         {
3449             if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3450                 /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types */
3451                 *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3);
3452 
3453             if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
3454                 /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types */
3455                 *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
3456         }
3457     }
3458 }
3459