• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2000-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /*****************************************************************************
20 **
21 **  Name:          btm_acl.c
22 **
23 **  Description:   This file contains functions that handle ACL connections.
24 **                 This includes operations such as hold and sniff modes,
25 **                 supported packet types.
26 **
27 **                 This module contains both internal and external (API)
28 **                 functions. External (API) functions are distinguishable
29 **                 by their names beginning with uppercase BTM.
30 **
31 **
32 ******************************************************************************/
33 
34 #include <stdlib.h>
35 #include <string.h>
36 #include <stdio.h>
37 #include <stddef.h>
38 
39 #include "bt_types.h"
40 #include "bt_target.h"
41 #include "device/include/controller.h"
42 #include "gki.h"
43 #include "hcimsgs.h"
44 #include "btu.h"
45 #include "btm_api.h"
46 #include "btm_int.h"
47 #include "l2c_int.h"
48 #include "hcidefs.h"
49 #include "bt_utils.h"
50 
51 static void btm_read_remote_features (UINT16 handle);
52 static void btm_read_remote_ext_features (UINT16 handle, UINT8 page_number);
53 static void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, UINT8 num_read_pages);
54 
55 #define BTM_DEV_REPLY_TIMEOUT   3       /* 3 second timeout waiting for responses */
56 
57 /*******************************************************************************
58 **
59 ** Function         btm_acl_init
60 **
61 ** Description      This function is called at BTM startup to initialize
62 **
63 ** Returns          void
64 **
65 *******************************************************************************/
btm_acl_init(void)66 void btm_acl_init (void)
67 {
68     BTM_TRACE_DEBUG ("btm_acl_init");
69 #if 0  /* cleared in btm_init; put back in if called from anywhere else! */
70     memset (&btm_cb.acl_db, 0, sizeof (btm_cb.acl_db));
71     memset (btm_cb.btm_scn, 0, BTM_MAX_SCN);          /* Initialize the SCN usage to FALSE */
72     btm_cb.btm_def_link_policy     = 0;
73     btm_cb.p_bl_changed_cb         = NULL;
74 #endif
75 
76     /* Initialize nonzero defaults */
77     btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT;
78     btm_cb.acl_disc_reason         = 0xff ;
79 }
80 
81 /*******************************************************************************
82 **
83 ** Function         btm_bda_to_acl
84 **
85 ** Description      This function returns the FIRST acl_db entry for the passed BDA.
86 **
87 ** Parameters      bda : BD address of the remote device
88 **                 transport : Physical transport used for ACL connection (BR/EDR or LE)
89 **
90 ** Returns          Returns pointer to the ACL DB for the requested BDA if found.
91 **                  NULL if not found.
92 **
93 *******************************************************************************/
btm_bda_to_acl(BD_ADDR bda,tBT_TRANSPORT transport)94 tACL_CONN *btm_bda_to_acl (BD_ADDR bda, tBT_TRANSPORT transport)
95 {
96     tACL_CONN   *p = &btm_cb.acl_db[0];
97     UINT16       xx;
98     if (bda)
99     {
100         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
101         {
102             if ((p->in_use) && (!memcmp (p->remote_addr, bda, BD_ADDR_LEN))
103 #if BLE_INCLUDED == TRUE
104                 && p->transport == transport
105 #endif
106                 )
107             {
108                 BTM_TRACE_DEBUG ("btm_bda_to_acl found");
109                 return(p);
110             }
111         }
112     }
113 
114     /* If here, no BD Addr found */
115     return((tACL_CONN *)NULL);
116 }
117 
118 /*******************************************************************************
119 **
120 ** Function         btm_handle_to_acl_index
121 **
122 ** Description      This function returns the FIRST acl_db entry for the passed hci_handle.
123 **
124 ** Returns          index to the acl_db or MAX_L2CAP_LINKS.
125 **
126 *******************************************************************************/
btm_handle_to_acl_index(UINT16 hci_handle)127 UINT8 btm_handle_to_acl_index (UINT16 hci_handle)
128 {
129     tACL_CONN   *p = &btm_cb.acl_db[0];
130     UINT8       xx;
131     BTM_TRACE_DEBUG ("btm_handle_to_acl_index");
132     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
133     {
134         if ((p->in_use) && (p->hci_handle == hci_handle))
135         {
136             break;
137         }
138     }
139 
140     /* If here, no BD Addr found */
141     return(xx);
142 }
143 
144 #if BLE_PRIVACY_SPT == TRUE
145 /*******************************************************************************
146 **
147 ** Function         btm_ble_get_acl_remote_addr
148 **
149 ** Description      This function reads the active remote address used for the
150 **                  connection.
151 **
152 ** Returns          success return TRUE, otherwise FALSE.
153 **
154 *******************************************************************************/
btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC * p_dev_rec,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)155 BOOLEAN btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC *p_dev_rec, BD_ADDR conn_addr,
156                                     tBLE_ADDR_TYPE *p_addr_type)
157 {
158 #if BLE_INCLUDED == TRUE
159     BOOLEAN         st = TRUE;
160 
161     if (p_dev_rec == NULL)
162     {
163         BTM_TRACE_ERROR("btm_ble_get_acl_remote_addr can not find device with matching address");
164         return FALSE;
165     }
166 
167     switch (p_dev_rec->ble.active_addr_type)
168     {
169     case BTM_BLE_ADDR_PSEUDO:
170         memcpy(conn_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
171         * p_addr_type = p_dev_rec->ble.ble_addr_type;
172         break;
173 
174     case BTM_BLE_ADDR_RRA:
175         memcpy(conn_addr, p_dev_rec->ble.cur_rand_addr, BD_ADDR_LEN);
176         * p_addr_type = BLE_ADDR_RANDOM;
177         break;
178 
179     case BTM_BLE_ADDR_STATIC:
180         memcpy(conn_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
181         * p_addr_type = p_dev_rec->ble.static_addr_type;
182         break;
183 
184     default:
185         BTM_TRACE_ERROR("Unknown active address: %d", p_dev_rec->ble.active_addr_type);
186         st = FALSE;
187         break;
188     }
189 
190     return st;
191 #else
192     UNUSED(p_dev_rec);
193     UNUSED(conn_addr);
194     UNUSED(p_addr_type);
195     return FALSE;
196 #endif
197 }
198 #endif
199 /*******************************************************************************
200 **
201 ** Function         btm_acl_created
202 **
203 ** Description      This function is called by L2CAP when an ACL connection
204 **                  is created.
205 **
206 ** Returns          void
207 **
208 *******************************************************************************/
btm_acl_created(BD_ADDR bda,DEV_CLASS dc,BD_NAME bdn,UINT16 hci_handle,UINT8 link_role,tBT_TRANSPORT transport)209 void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
210                       UINT16 hci_handle, UINT8 link_role, tBT_TRANSPORT transport)
211 {
212     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
213     tACL_CONN        *p;
214     UINT8             xx;
215 
216     BTM_TRACE_DEBUG ("btm_acl_created hci_handle=%d link_role=%d  transport=%d",
217                       hci_handle,link_role, transport);
218     /* Ensure we don't have duplicates */
219     p = btm_bda_to_acl(bda, transport);
220     if (p != (tACL_CONN *)NULL)
221     {
222         p->hci_handle = hci_handle;
223         p->link_role  = link_role;
224 #if BLE_INCLUDED == TRUE
225         p->transport = transport;
226 #endif
227         BTM_TRACE_DEBUG ("Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x",
228                           bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
229         BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy);
230         return;
231     }
232 
233     /* Allocate acl_db entry */
234     for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++)
235     {
236         if (!p->in_use)
237         {
238             p->in_use            = TRUE;
239             p->hci_handle        = hci_handle;
240             p->link_role         = link_role;
241             p->link_up_issued    = FALSE;
242             memcpy (p->remote_addr, bda, BD_ADDR_LEN);
243 
244 #if BLE_INCLUDED == TRUE
245             p->transport = transport;
246 #if BLE_PRIVACY_SPT == TRUE
247             if (transport == BT_TRANSPORT_LE)
248                 btm_ble_refresh_local_resolvable_private_addr(bda,
249                                                     btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
250 #else
251             p->conn_addr_type = BLE_ADDR_PUBLIC;
252             memcpy(p->conn_addr, &controller_get_interface()->get_address()->address, BD_ADDR_LEN);
253 
254 #endif
255 #endif
256             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
257 
258             btm_pm_sm_alloc(xx);
259 
260 
261             if (dc)
262                 memcpy (p->remote_dc, dc, DEV_CLASS_LEN);
263 
264             if (bdn)
265                 memcpy (p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN);
266 
267             /* if BR/EDR do something more */
268             if (transport == BT_TRANSPORT_BR_EDR)
269             {
270                 btsnd_hcic_read_rmt_clk_offset (p->hci_handle);
271                 btsnd_hcic_rmt_ver_req (p->hci_handle);
272             }
273             p_dev_rec = btm_find_dev_by_handle (hci_handle);
274 
275 #if (BLE_INCLUDED == TRUE)
276             if (p_dev_rec )
277             {
278                 BTM_TRACE_DEBUG ("device_type=0x%x", p_dev_rec->device_type);
279             }
280 #endif
281 
282             if (p_dev_rec && !(transport == BT_TRANSPORT_LE))
283             {
284                 /* If remote features already known, copy them and continue connection setup */
285                 if ((p_dev_rec->num_read_pages) &&
286                     (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1)))
287                 {
288                     memcpy (p->peer_lmp_features, p_dev_rec->features,
289                         (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages));
290                     p->num_read_pages = p_dev_rec->num_read_pages;
291 
292                     const UINT8 req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
293 
294                     /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
295                     btm_sec_set_peer_sec_caps(p, p_dev_rec);
296 
297                     BTM_TRACE_API("%s: pend:%d", __FUNCTION__, req_pend);
298                     if (req_pend)
299                     {
300                         /* Request for remaining Security Features (if any) */
301                         l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
302                     }
303                     btm_establish_continue (p);
304                     return;
305                 }
306             }
307 
308 #if (BLE_INCLUDED == TRUE)
309             /* If here, features are not known yet */
310             if (p_dev_rec && transport == BT_TRANSPORT_LE)
311             {
312 #if BLE_PRIVACY_SPT == TRUE
313                 btm_ble_get_acl_remote_addr (p_dev_rec, p->active_remote_addr,
314                     &p->active_remote_addr_type);
315 #endif
316 
317                 if (HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(controller_get_interface()->get_features_ble()->as_array)
318                     || link_role == HCI_ROLE_MASTER)
319                 {
320                     btsnd_hcic_ble_read_remote_feat(p->hci_handle);
321                 }
322                 else
323                 {
324                     btm_establish_continue(p);
325                 }
326             }
327             else
328 #endif
329             {
330                 btm_read_remote_features (p->hci_handle);
331             }
332 
333             /* read page 1 - on rmt feature event for buffer reasons */
334             return;
335         }
336     }
337 }
338 
339 
340 /*******************************************************************************
341 **
342 ** Function         btm_acl_report_role_change
343 **
344 ** Description      This function is called when the local device is deemed
345 **                  to be down. It notifies L2CAP of the failure.
346 **
347 ** Returns          void
348 **
349 *******************************************************************************/
btm_acl_report_role_change(UINT8 hci_status,BD_ADDR bda)350 void btm_acl_report_role_change (UINT8 hci_status, BD_ADDR bda)
351 {
352     tBTM_ROLE_SWITCH_CMPL   ref_data;
353     BTM_TRACE_DEBUG ("btm_acl_report_role_change");
354     if (btm_cb.devcb.p_switch_role_cb
355         && (bda && (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, bda, BD_ADDR_LEN))))
356     {
357         memcpy (&ref_data, &btm_cb.devcb.switch_role_ref_data, sizeof(tBTM_ROLE_SWITCH_CMPL));
358         ref_data.hci_status = hci_status;
359         (*btm_cb.devcb.p_switch_role_cb)(&ref_data);
360         memset (&btm_cb.devcb.switch_role_ref_data, 0, sizeof(tBTM_ROLE_SWITCH_CMPL));
361         btm_cb.devcb.p_switch_role_cb = NULL;
362     }
363 }
364 
365 /*******************************************************************************
366 **
367 ** Function         btm_acl_removed
368 **
369 ** Description      This function is called by L2CAP when an ACL connection
370 **                  is removed. Since only L2CAP creates ACL links, we use
371 **                  the L2CAP link index as our index into the control blocks.
372 **
373 ** Returns          void
374 **
375 *******************************************************************************/
btm_acl_removed(BD_ADDR bda,tBT_TRANSPORT transport)376 void btm_acl_removed (BD_ADDR bda, tBT_TRANSPORT transport)
377 {
378     tACL_CONN   *p;
379     tBTM_BL_EVENT_DATA  evt_data;
380 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
381     tBTM_SEC_DEV_REC *p_dev_rec=NULL;
382 #endif
383     BTM_TRACE_DEBUG ("btm_acl_removed");
384     p = btm_bda_to_acl(bda, transport);
385     if (p != (tACL_CONN *)NULL)
386     {
387         p->in_use = FALSE;
388 
389         /* if the disconnected channel has a pending role switch, clear it now */
390         btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda);
391 
392         /* Only notify if link up has had a chance to be issued */
393         if (p->link_up_issued)
394         {
395             p->link_up_issued = FALSE;
396 
397             /* If anyone cares, tell him database changed */
398             if (btm_cb.p_bl_changed_cb)
399             {
400                 evt_data.event = BTM_BL_DISCN_EVT;
401                 evt_data.discn.p_bda = bda;
402 #if BLE_INCLUDED == TRUE
403                 evt_data.discn.handle = p->hci_handle;
404                 evt_data.discn.transport = p->transport;
405 #endif
406                 (*btm_cb.p_bl_changed_cb)(&evt_data);
407             }
408 
409             btm_acl_update_busy_level (BTM_BLI_ACL_DOWN_EVT);
410         }
411 
412 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
413 
414         BTM_TRACE_DEBUG ("acl hci_handle=%d transport=%d connectable_mode=0x%0x link_role=%d",
415                           p->hci_handle,
416                           p->transport,
417                           btm_cb.ble_ctr_cb.inq_var.connectable_mode,
418                           p->link_role);
419 
420         p_dev_rec = btm_find_dev(bda);
421         if ( p_dev_rec)
422         {
423             BTM_TRACE_DEBUG("before update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
424             if (p->transport == BT_TRANSPORT_LE)
425             {
426                 BTM_TRACE_DEBUG("LE link down");
427                 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
428                 if ( (p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_KNOWN) == 0)
429                 {
430                     BTM_TRACE_DEBUG("Not Bonded");
431                     p_dev_rec->sec_flags &= ~(BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_LE_AUTHENTICATED);
432                 }
433                 else
434                 {
435                     BTM_TRACE_DEBUG("Bonded");
436                 }
437             }
438             else
439             {
440                 BTM_TRACE_DEBUG("Bletooth link down");
441                 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
442                                         | BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
443             }
444             BTM_TRACE_DEBUG("after update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
445         }
446         else
447         {
448             BTM_TRACE_ERROR("Device not found");
449 
450         }
451 #endif
452 
453         /* Clear the ACL connection data */
454         memset(p, 0, sizeof(tACL_CONN));
455     }
456 }
457 
458 
459 /*******************************************************************************
460 **
461 ** Function         btm_acl_device_down
462 **
463 ** Description      This function is called when the local device is deemed
464 **                  to be down. It notifies L2CAP of the failure.
465 **
466 ** Returns          void
467 **
468 *******************************************************************************/
btm_acl_device_down(void)469 void btm_acl_device_down (void)
470 {
471     tACL_CONN   *p = &btm_cb.acl_db[0];
472     UINT16      xx;
473     BTM_TRACE_DEBUG ("btm_acl_device_down");
474     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
475     {
476         if (p->in_use)
477         {
478             BTM_TRACE_DEBUG ("hci_handle=%d HCI_ERR_HW_FAILURE ",p->hci_handle );
479             l2c_link_hci_disc_comp (p->hci_handle, HCI_ERR_HW_FAILURE);
480         }
481     }
482 }
483 
484 /*******************************************************************************
485 **
486 ** Function         btm_acl_update_busy_level
487 **
488 ** Description      This function is called to update the busy level of the system
489 **                  .
490 **
491 ** Returns          void
492 **
493 *******************************************************************************/
btm_acl_update_busy_level(tBTM_BLI_EVENT event)494 void btm_acl_update_busy_level (tBTM_BLI_EVENT event)
495 {
496     tBTM_BL_UPDATE_DATA  evt;
497     UINT8 busy_level;
498     BTM_TRACE_DEBUG ("btm_acl_update_busy_level");
499     BOOLEAN old_inquiry_state = btm_cb.is_inquiry;
500     switch (event)
501     {
502         case BTM_BLI_ACL_UP_EVT:
503             BTM_TRACE_DEBUG ("BTM_BLI_ACL_UP_EVT");
504             break;
505         case BTM_BLI_ACL_DOWN_EVT:
506             BTM_TRACE_DEBUG ("BTM_BLI_ACL_DOWN_EVT");
507             break;
508         case BTM_BLI_PAGE_EVT:
509             BTM_TRACE_DEBUG ("BTM_BLI_PAGE_EVT");
510             btm_cb.is_paging = TRUE;
511             evt.busy_level_flags= BTM_BL_PAGING_STARTED;
512             break;
513         case BTM_BLI_PAGE_DONE_EVT:
514             BTM_TRACE_DEBUG ("BTM_BLI_PAGE_DONE_EVT");
515             btm_cb.is_paging = FALSE;
516             evt.busy_level_flags = BTM_BL_PAGING_COMPLETE;
517             break;
518         case BTM_BLI_INQ_EVT:
519             BTM_TRACE_DEBUG ("BTM_BLI_INQ_EVT");
520             btm_cb.is_inquiry = TRUE;
521             evt.busy_level_flags = BTM_BL_INQUIRY_STARTED;
522             break;
523         case BTM_BLI_INQ_CANCEL_EVT:
524             BTM_TRACE_DEBUG ("BTM_BLI_INQ_CANCEL_EVT");
525             btm_cb.is_inquiry = FALSE;
526             evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED;
527             break;
528         case BTM_BLI_INQ_DONE_EVT:
529             BTM_TRACE_DEBUG ("BTM_BLI_INQ_DONE_EVT");
530             btm_cb.is_inquiry = FALSE;
531             evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE;
532             break;
533     }
534 
535     if (btm_cb.is_paging || btm_cb.is_inquiry)
536         busy_level = 10;
537     else
538         busy_level = BTM_GetNumAclLinks();
539 
540     if ((busy_level != btm_cb.busy_level) ||(old_inquiry_state != btm_cb.is_inquiry))
541     {
542         evt.event         = BTM_BL_UPDATE_EVT;
543         evt.busy_level    = busy_level;
544         btm_cb.busy_level = busy_level;
545         if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK))
546         {
547             (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
548         }
549     }
550 }
551 
552 /*******************************************************************************
553 **
554 ** Function         BTM_GetRole
555 **
556 ** Description      This function is called to get the role of the local device
557 **                  for the ACL connection with the specified remote device
558 **
559 ** Returns          BTM_SUCCESS if connection exists.
560 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
561 **
562 *******************************************************************************/
BTM_GetRole(BD_ADDR remote_bd_addr,UINT8 * p_role)563 tBTM_STATUS BTM_GetRole (BD_ADDR remote_bd_addr, UINT8 *p_role)
564 {
565     tACL_CONN   *p;
566     BTM_TRACE_DEBUG ("BTM_GetRole");
567     if ((p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR)) == NULL)
568     {
569         *p_role = BTM_ROLE_UNDEFINED;
570         return(BTM_UNKNOWN_ADDR);
571     }
572 
573     /* Get the current role */
574     *p_role = p->link_role;
575     return(BTM_SUCCESS);
576 }
577 
578 
579 /*******************************************************************************
580 **
581 ** Function         BTM_SwitchRole
582 **
583 ** Description      This function is called to switch role between master and
584 **                  slave.  If role is already set it will do nothing.  If the
585 **                  command was initiated, the callback function is called upon
586 **                  completion.
587 **
588 ** Returns          BTM_SUCCESS if already in specified role.
589 **                  BTM_CMD_STARTED if command issued to controller.
590 **                  BTM_NO_RESOURCES if couldn't allocate memory to issue command
591 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
592 **                  BTM_MODE_UNSUPPORTED if local device does not support role switching
593 **                  BTM_BUSY if the previous command is not completed
594 **
595 *******************************************************************************/
BTM_SwitchRole(BD_ADDR remote_bd_addr,UINT8 new_role,tBTM_CMPL_CB * p_cb)596 tBTM_STATUS BTM_SwitchRole (BD_ADDR remote_bd_addr, UINT8 new_role, tBTM_CMPL_CB *p_cb)
597 {
598     tACL_CONN   *p;
599     tBTM_SEC_DEV_REC  *p_dev_rec = NULL;
600 #if BTM_SCO_INCLUDED == TRUE
601     BOOLEAN    is_sco_active;
602 #endif
603     tBTM_STATUS  status;
604     tBTM_PM_MODE pwr_mode;
605     tBTM_PM_PWR_MD settings;
606 #if (BT_USE_TRACES == TRUE)
607     BD_ADDR_PTR  p_bda;
608 #endif
609     BTM_TRACE_API ("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x",
610                     remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2],
611                     remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]);
612 
613     /* Make sure the local device supports switching */
614     if (!controller_get_interface()->supports_master_slave_role_switch())
615         return(BTM_MODE_UNSUPPORTED);
616 
617     if (btm_cb.devcb.p_switch_role_cb && p_cb)
618     {
619 #if (BT_USE_TRACES == TRUE)
620         p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
621         BTM_TRACE_DEBUG ("Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x",
622                           p_bda[0], p_bda[1], p_bda[2],
623                           p_bda[3], p_bda[4], p_bda[5]);
624 #endif
625         return(BTM_BUSY);
626     }
627 
628     if ((p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR)) == NULL)
629         return(BTM_UNKNOWN_ADDR);
630 
631     /* Finished if already in desired role */
632     if (p->link_role == new_role)
633         return(BTM_SUCCESS);
634 
635 #if BTM_SCO_INCLUDED == TRUE
636     /* Check if there is any SCO Active on this BD Address */
637     is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr);
638 
639     if (is_sco_active == TRUE)
640         return(BTM_NO_RESOURCES);
641 #endif
642 
643     /* Ignore role switch request if the previous request was not completed */
644     if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE)
645     {
646         BTM_TRACE_DEBUG ("BTM_SwitchRole busy: %d",
647                           p->switch_role_state);
648         return(BTM_BUSY);
649     }
650 
651     if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS)
652         return(status);
653 
654     /* Wake up the link if in sniff or park before attempting switch */
655     if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF)
656     {
657         memset( (void*)&settings, 0, sizeof(settings));
658         settings.mode = BTM_PM_MD_ACTIVE;
659         status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
660         if (status != BTM_CMD_STARTED)
661             return(BTM_WRONG_MODE);
662 
663         p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
664     }
665     /* some devices do not support switch while encryption is on */
666     else
667     {
668         p_dev_rec = btm_find_dev (remote_bd_addr);
669         if ((p_dev_rec != NULL)
670             && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
671             && !BTM_EPR_AVAILABLE(p))
672         {
673             /* bypass turning off encryption if change link key is already doing it */
674             if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF)
675             {
676                 if (!btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
677                     return(BTM_NO_RESOURCES);
678                 else
679                     p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
680             }
681 
682             p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
683         }
684         else
685         {
686             if (!btsnd_hcic_switch_role (remote_bd_addr, new_role))
687                 return(BTM_NO_RESOURCES);
688 
689             p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
690 
691 #if BTM_DISC_DURING_RS == TRUE
692             if (p_dev_rec)
693                 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
694 #endif
695         }
696     }
697 
698     /* Initialize return structure in case request fails */
699     if (p_cb)
700     {
701         memcpy (btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr,
702                 BD_ADDR_LEN);
703         btm_cb.devcb.switch_role_ref_data.role = new_role;
704         /* initialized to an error code */
705         btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE;
706         btm_cb.devcb.p_switch_role_cb = p_cb;
707     }
708     return(BTM_CMD_STARTED);
709 }
710 
711 /*******************************************************************************
712 **
713 ** Function         btm_acl_encrypt_change
714 **
715 ** Description      This function is when encryption of the connection is
716 **                  completed by the LM.  Checks to see if a role switch or
717 **                  change of link key was active and initiates or continues
718 **                  process if needed.
719 **
720 ** Returns          void
721 **
722 *******************************************************************************/
btm_acl_encrypt_change(UINT16 handle,UINT8 status,UINT8 encr_enable)723 void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable)
724 {
725     tACL_CONN *p;
726     UINT8     xx;
727     tBTM_SEC_DEV_REC  *p_dev_rec;
728     tBTM_BL_ROLE_CHG_DATA   evt;
729 
730     BTM_TRACE_DEBUG ("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d",
731                       handle, status, encr_enable);
732     xx = btm_handle_to_acl_index(handle);
733     /* don't assume that we can never get a bad hci_handle */
734     if (xx < MAX_L2CAP_LINKS)
735         p = &btm_cb.acl_db[xx];
736     else
737         return;
738 
739     /* Process Role Switch if active */
740     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF)
741     {
742         /* if encryption turn off failed we still will try to switch role */
743         if (encr_enable)
744         {
745             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
746             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
747         }
748         else
749         {
750             p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING;
751             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
752         }
753 
754         if (!btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role))
755         {
756             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
757             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
758             btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
759         }
760 #if BTM_DISC_DURING_RS == TRUE
761         else
762         {
763             if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
764                 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
765         }
766 #endif
767 
768     }
769     /* Finished enabling Encryption after role switch */
770     else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON)
771     {
772         p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
773         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
774         btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
775 
776         /* if role change event is registered, report it now */
777         if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
778         {
779             evt.event       = BTM_BL_ROLE_CHG_EVT;
780             evt.new_role    = btm_cb.devcb.switch_role_ref_data.role;
781             evt.p_bda       = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
782             evt.hci_status  = btm_cb.devcb.switch_role_ref_data.hci_status;
783             (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
784 
785             BTM_TRACE_DEBUG("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
786                              evt.new_role, evt.hci_status, p->switch_role_state);
787         }
788 
789 #if BTM_DISC_DURING_RS == TRUE
790         /* If a disconnect is pending, issue it now that role switch has completed */
791         if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
792         {
793             if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
794             {
795                 BTM_TRACE_WARNING("btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!");
796                 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
797             }
798             BTM_TRACE_ERROR("btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
799                 (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending);
800             p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING;     /* reset flag */
801         }
802 #endif
803     }
804 }
805 /*******************************************************************************
806 **
807 ** Function         BTM_SetLinkPolicy
808 **
809 ** Description      Create and send HCI "Write Policy Set" command
810 **
811 ** Returns          status of the operation
812 **
813 *******************************************************************************/
BTM_SetLinkPolicy(BD_ADDR remote_bda,UINT16 * settings)814 tBTM_STATUS BTM_SetLinkPolicy (BD_ADDR remote_bda, UINT16 *settings)
815 {
816     tACL_CONN   *p;
817     UINT8       *localFeatures = BTM_ReadLocalFeatures();
818     BTM_TRACE_DEBUG ("BTM_SetLinkPolicy");
819 /*    BTM_TRACE_API ("BTM_SetLinkPolicy: requested settings: 0x%04x", *settings ); */
820 
821     /* First, check if hold mode is supported */
822     if (*settings != HCI_DISABLE_ALL_LM_MODES)
823     {
824         if ( (*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)) )
825         {
826             *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH);
827             BTM_TRACE_API ("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)", *settings );
828         }
829         if ( (*settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)) )
830         {
831             *settings &= (~HCI_ENABLE_HOLD_MODE);
832             BTM_TRACE_API ("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)", *settings );
833         }
834         if ( (*settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)) )
835         {
836             *settings &= (~HCI_ENABLE_SNIFF_MODE);
837             BTM_TRACE_API ("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)", *settings );
838         }
839         if ( (*settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)) )
840         {
841             *settings &= (~HCI_ENABLE_PARK_MODE);
842             BTM_TRACE_API ("BTM_SetLinkPolicy park not supported (settings: 0x%04x)", *settings );
843         }
844     }
845 
846     if ((p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR)) != NULL)
847         return(btsnd_hcic_write_policy_set (p->hci_handle, *settings) ? BTM_CMD_STARTED : BTM_NO_RESOURCES);
848 
849     /* If here, no BD Addr found */
850     return(BTM_UNKNOWN_ADDR);
851 }
852 
853 /*******************************************************************************
854 **
855 ** Function         BTM_SetDefaultLinkPolicy
856 **
857 ** Description      Set the default value for HCI "Write Policy Set" command
858 **                  to use when an ACL link is created.
859 **
860 ** Returns          void
861 **
862 *******************************************************************************/
BTM_SetDefaultLinkPolicy(UINT16 settings)863 void BTM_SetDefaultLinkPolicy (UINT16 settings)
864 {
865     UINT8 *localFeatures = BTM_ReadLocalFeatures();
866 
867     BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy setting:0x%04x", settings);
868 
869     if((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)))
870     {
871         settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
872         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)", settings);
873     }
874     if ((settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)))
875     {
876         settings &= ~HCI_ENABLE_HOLD_MODE;
877         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)", settings);
878     }
879     if ((settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)))
880     {
881         settings &= ~HCI_ENABLE_SNIFF_MODE;
882         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)", settings);
883     }
884     if ((settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)))
885     {
886         settings &= ~HCI_ENABLE_PARK_MODE;
887         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)", settings);
888     }
889     BTM_TRACE_DEBUG("Set DefaultLinkPolicy:0x%04x", settings);
890 
891     btm_cb.btm_def_link_policy = settings;
892 
893     /* Set the default Link Policy of the controller */
894     btsnd_hcic_write_def_policy_set(settings);
895 }
896 
897 /*******************************************************************************
898 **
899 ** Function         btm_read_remote_version_complete
900 **
901 ** Description      This function is called when the command complete message
902 **                  is received from the HCI for the remote version info.
903 **
904 ** Returns          void
905 **
906 *******************************************************************************/
btm_read_remote_version_complete(UINT8 * p)907 void btm_read_remote_version_complete (UINT8 *p)
908 {
909     tACL_CONN        *p_acl_cb = &btm_cb.acl_db[0];
910     UINT8             status;
911     UINT16            handle;
912     int               xx;
913     BTM_TRACE_DEBUG ("btm_read_remote_version_complete");
914 
915     STREAM_TO_UINT8  (status, p);
916     STREAM_TO_UINT16 (handle, p);
917 
918     /* Look up the connection by handle and copy features */
919     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++)
920     {
921         if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle))
922         {
923             if (status == HCI_SUCCESS)
924             {
925                 STREAM_TO_UINT8  (p_acl_cb->lmp_version, p);
926                 STREAM_TO_UINT16 (p_acl_cb->manufacturer, p);
927                 STREAM_TO_UINT16 (p_acl_cb->lmp_subversion, p);
928             }
929 
930             if (p_acl_cb->transport == BT_TRANSPORT_LE)
931                 l2cble_notify_le_connection (p_acl_cb->remote_addr);
932             break;
933         }
934     }
935 }
936 
937 
938 /*******************************************************************************
939 **
940 ** Function         btm_process_remote_ext_features
941 **
942 ** Description      Local function called to process all extended features pages
943 **                  read from a remote device.
944 **
945 ** Returns          void
946 **
947 *******************************************************************************/
btm_process_remote_ext_features(tACL_CONN * p_acl_cb,UINT8 num_read_pages)948 void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, UINT8 num_read_pages)
949 {
950     UINT16              handle = p_acl_cb->hci_handle;
951     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev_by_handle (handle);
952     UINT8               page_idx;
953 
954     BTM_TRACE_DEBUG ("btm_process_remote_ext_features");
955 
956     /* Make sure we have the record to save remote features information */
957     if (p_dev_rec == NULL)
958     {
959         /* Get a new device; might be doing dedicated bonding */
960         p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr);
961     }
962 
963     p_acl_cb->num_read_pages = num_read_pages;
964     p_dev_rec->num_read_pages = num_read_pages;
965 
966     /* Move the pages to placeholder */
967     for (page_idx = 0; page_idx < num_read_pages; page_idx++)
968     {
969         if (page_idx > HCI_EXT_FEATURES_PAGE_MAX)
970         {
971             BTM_TRACE_ERROR("%s: page=%d unexpected", __FUNCTION__, page_idx);
972             break;
973         }
974         memcpy (p_dev_rec->features[page_idx], p_acl_cb->peer_lmp_features[page_idx],
975                 HCI_FEATURE_BYTES_PER_PAGE);
976     }
977 
978     const UINT8 req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
979 
980     /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
981     btm_sec_set_peer_sec_caps(p_acl_cb, p_dev_rec);
982 
983     BTM_TRACE_API("%s: pend:%d", __FUNCTION__, req_pend);
984     if (req_pend)
985     {
986         /* Request for remaining Security Features (if any) */
987         l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
988     }
989 }
990 
991 
992 /*******************************************************************************
993 **
994 ** Function         btm_read_remote_features
995 **
996 ** Description      Local function called to send a read remote supported features/
997 **                  remote extended features page[0].
998 **
999 ** Returns          void
1000 **
1001 *******************************************************************************/
btm_read_remote_features(UINT16 handle)1002 void btm_read_remote_features (UINT16 handle)
1003 {
1004     UINT8       acl_idx;
1005     tACL_CONN   *p_acl_cb;
1006 
1007     BTM_TRACE_DEBUG("btm_read_remote_features() handle: %d", handle);
1008 
1009     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1010     {
1011         BTM_TRACE_ERROR("btm_read_remote_features handle=%d invalid", handle);
1012         return;
1013     }
1014 
1015     p_acl_cb = &btm_cb.acl_db[acl_idx];
1016     p_acl_cb->num_read_pages = 0;
1017     memset (p_acl_cb->peer_lmp_features, 0, sizeof(p_acl_cb->peer_lmp_features));
1018 
1019     /* first send read remote supported features HCI command */
1020     /* because we don't know whether the remote support extended feature command */
1021     btsnd_hcic_rmt_features_req (handle);
1022 }
1023 
1024 
1025 /*******************************************************************************
1026 **
1027 ** Function         btm_read_remote_ext_features
1028 **
1029 ** Description      Local function called to send a read remote extended features
1030 **
1031 ** Returns          void
1032 **
1033 *******************************************************************************/
btm_read_remote_ext_features(UINT16 handle,UINT8 page_number)1034 void btm_read_remote_ext_features (UINT16 handle, UINT8 page_number)
1035 {
1036     BTM_TRACE_DEBUG("btm_read_remote_ext_features() handle: %d page: %d", handle, page_number);
1037 
1038     btsnd_hcic_rmt_ext_features(handle, page_number);
1039 }
1040 
1041 
1042 /*******************************************************************************
1043 **
1044 ** Function         btm_read_remote_features_complete
1045 **
1046 ** Description      This function is called when the remote supported features
1047 **                  complete event is received from the HCI.
1048 **
1049 ** Returns          void
1050 **
1051 *******************************************************************************/
btm_read_remote_features_complete(UINT8 * p)1052 void btm_read_remote_features_complete (UINT8 *p)
1053 {
1054     tACL_CONN        *p_acl_cb;
1055     UINT8             status;
1056     UINT16            handle;
1057     UINT8            acl_idx;
1058 
1059     BTM_TRACE_DEBUG ("btm_read_remote_features_complete");
1060     STREAM_TO_UINT8  (status, p);
1061 
1062     if (status != HCI_SUCCESS)
1063     {
1064         BTM_TRACE_ERROR ("btm_read_remote_features_complete failed (status 0x%02x)", status);
1065         return;
1066     }
1067 
1068         STREAM_TO_UINT16 (handle, p);
1069 
1070     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1071         {
1072         BTM_TRACE_ERROR("btm_read_remote_features_complete handle=%d invalid", handle);
1073         return;
1074                 }
1075 
1076     p_acl_cb = &btm_cb.acl_db[acl_idx];
1077 
1078     /* Copy the received features page */
1079     STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0], p,
1080                     HCI_FEATURE_BYTES_PER_PAGE);
1081 
1082     if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])) &&
1083         (controller_get_interface()->supports_reading_remote_extended_features()))
1084     {
1085         /* if the remote controller has extended features and local controller supports
1086         ** HCI_Read_Remote_Extended_Features command then start reading these feature starting
1087         ** with extended features page 1 */
1088         BTM_TRACE_DEBUG ("Start reading remote extended features");
1089         btm_read_remote_ext_features(handle, HCI_EXT_FEATURES_PAGE_1);
1090         return;
1091     }
1092 
1093     /* Remote controller has no extended features. Process remote controller supported features
1094        (features page HCI_EXT_FEATURES_PAGE_0). */
1095     btm_process_remote_ext_features (p_acl_cb, 1);
1096 
1097     /* Continue with HCI connection establishment */
1098     btm_establish_continue (p_acl_cb);
1099 }
1100 
1101 /*******************************************************************************
1102 **
1103 ** Function         btm_read_remote_ext_features_complete
1104 **
1105 ** Description      This function is called when the remote extended features
1106 **                  complete event is received from the HCI.
1107 **
1108 ** Returns          void
1109 **
1110 *******************************************************************************/
btm_read_remote_ext_features_complete(UINT8 * p)1111 void btm_read_remote_ext_features_complete (UINT8 *p)
1112 {
1113     tACL_CONN   *p_acl_cb;
1114     UINT8       page_num, max_page;
1115     UINT16      handle;
1116     UINT8       acl_idx;
1117 
1118     BTM_TRACE_DEBUG ("btm_read_remote_ext_features_complete");
1119 
1120     ++p;
1121     STREAM_TO_UINT16 (handle, p);
1122     STREAM_TO_UINT8  (page_num, p);
1123     STREAM_TO_UINT8  (max_page, p);
1124 
1125     /* Validate parameters */
1126     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1127     {
1128         BTM_TRACE_ERROR("btm_read_remote_ext_features_complete handle=%d invalid", handle);
1129         return;
1130     }
1131 
1132     if (max_page > HCI_EXT_FEATURES_PAGE_MAX)
1133     {
1134         BTM_TRACE_ERROR("btm_read_remote_ext_features_complete page=%d unknown", max_page);
1135         return;
1136     }
1137 
1138     p_acl_cb = &btm_cb.acl_db[acl_idx];
1139 
1140     /* Copy the received features page */
1141     STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[page_num], p, HCI_FEATURE_BYTES_PER_PAGE);
1142 
1143     /* If there is the next remote features page and
1144      * we have space to keep this page data - read this page */
1145     if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX))
1146     {
1147         page_num++;
1148         BTM_TRACE_DEBUG("BTM reads next remote extended features page (%d)", page_num);
1149         btm_read_remote_ext_features (handle, page_num);
1150         return;
1151     }
1152 
1153     /* Reading of remote feature pages is complete */
1154     BTM_TRACE_DEBUG("BTM reached last remote extended features page (%d)", page_num);
1155 
1156     /* Process the pages */
1157     btm_process_remote_ext_features (p_acl_cb, (UINT8) (page_num + 1));
1158 
1159     /* Continue with HCI connection establishment */
1160     btm_establish_continue (p_acl_cb);
1161 }
1162 
1163 /*******************************************************************************
1164 **
1165 ** Function         btm_read_remote_ext_features_failed
1166 **
1167 ** Description      This function is called when the remote extended features
1168 **                  complete event returns a failed status.
1169 **
1170 ** Returns          void
1171 **
1172 *******************************************************************************/
btm_read_remote_ext_features_failed(UINT8 status,UINT16 handle)1173 void btm_read_remote_ext_features_failed (UINT8 status, UINT16 handle)
1174 {
1175     tACL_CONN   *p_acl_cb;
1176     UINT8       acl_idx;
1177 
1178     BTM_TRACE_WARNING ("btm_read_remote_ext_features_failed (status 0x%02x) for handle %d",
1179                          status, handle);
1180 
1181     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1182     {
1183         BTM_TRACE_ERROR("btm_read_remote_ext_features_failed handle=%d invalid", handle);
1184         return;
1185     }
1186 
1187     p_acl_cb = &btm_cb.acl_db[acl_idx];
1188 
1189     /* Process supported features only */
1190     btm_process_remote_ext_features (p_acl_cb, 1);
1191 
1192     /* Continue HCI connection establishment */
1193     btm_establish_continue (p_acl_cb);
1194 }
1195 
1196 /*******************************************************************************
1197 **
1198 ** Function         btm_establish_continue
1199 **
1200 ** Description      This function is called when the command complete message
1201 **                  is received from the HCI for the read local link policy request.
1202 **
1203 ** Returns          void
1204 **
1205 *******************************************************************************/
btm_establish_continue(tACL_CONN * p_acl_cb)1206 void btm_establish_continue (tACL_CONN *p_acl_cb)
1207 {
1208         tBTM_BL_EVENT_DATA  evt_data;
1209         BTM_TRACE_DEBUG ("btm_establish_continue");
1210 #if (!defined(BTM_BYPASS_EXTRA_ACL_SETUP) || BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
1211 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
1212         if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR)
1213 #endif
1214         {
1215             /* For now there are a some devices that do not like sending */
1216             /* commands events and data at the same time. */
1217             /* Set the packet types to the default allowed by the device */
1218             btm_set_packet_types (p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
1219 
1220             if (btm_cb.btm_def_link_policy)
1221                 BTM_SetLinkPolicy (p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
1222         }
1223 #endif
1224         p_acl_cb->link_up_issued = TRUE;
1225 
1226         /* If anyone cares, tell him database changed */
1227         if (btm_cb.p_bl_changed_cb)
1228         {
1229             evt_data.event = BTM_BL_CONN_EVT;
1230             evt_data.conn.p_bda = p_acl_cb->remote_addr;
1231             evt_data.conn.p_bdn = p_acl_cb->remote_name;
1232             evt_data.conn.p_dc  = p_acl_cb->remote_dc;
1233             evt_data.conn.p_features = p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0];
1234 #if BLE_INCLUDED == TRUE
1235             evt_data.conn.handle = p_acl_cb->hci_handle;
1236             evt_data.conn.transport = p_acl_cb->transport;
1237 #endif
1238 
1239             (*btm_cb.p_bl_changed_cb)(&evt_data);
1240         }
1241         btm_acl_update_busy_level (BTM_BLI_ACL_UP_EVT);
1242 }
1243 
1244 
1245 /*******************************************************************************
1246 **
1247 ** Function         BTM_SetDefaultLinkSuperTout
1248 **
1249 ** Description      Set the default value for HCI "Write Link Supervision Timeout"
1250 **                  command to use when an ACL link is created.
1251 **
1252 ** Returns          void
1253 **
1254 *******************************************************************************/
BTM_SetDefaultLinkSuperTout(UINT16 timeout)1255 void BTM_SetDefaultLinkSuperTout (UINT16 timeout)
1256 {
1257     BTM_TRACE_DEBUG ("BTM_SetDefaultLinkSuperTout");
1258     btm_cb.btm_def_link_super_tout = timeout;
1259 }
1260 
1261 /*******************************************************************************
1262 **
1263 ** Function         BTM_GetLinkSuperTout
1264 **
1265 ** Description      Read the link supervision timeout value of the connection
1266 **
1267 ** Returns          status of the operation
1268 **
1269 *******************************************************************************/
BTM_GetLinkSuperTout(BD_ADDR remote_bda,UINT16 * p_timeout)1270 tBTM_STATUS BTM_GetLinkSuperTout (BD_ADDR remote_bda, UINT16 *p_timeout)
1271 {
1272     tACL_CONN   *p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1273 
1274     BTM_TRACE_DEBUG ("BTM_GetLinkSuperTout");
1275     if (p != (tACL_CONN *)NULL)
1276     {
1277         *p_timeout = p->link_super_tout;
1278         return(BTM_SUCCESS);
1279     }
1280     /* If here, no BD Addr found */
1281     return(BTM_UNKNOWN_ADDR);
1282 }
1283 
1284 
1285 /*******************************************************************************
1286 **
1287 ** Function         BTM_SetLinkSuperTout
1288 **
1289 ** Description      Create and send HCI "Write Link Supervision Timeout" command
1290 **
1291 ** Returns          status of the operation
1292 **
1293 *******************************************************************************/
BTM_SetLinkSuperTout(BD_ADDR remote_bda,UINT16 timeout)1294 tBTM_STATUS BTM_SetLinkSuperTout (BD_ADDR remote_bda, UINT16 timeout)
1295 {
1296     tACL_CONN   *p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1297 
1298     BTM_TRACE_DEBUG ("BTM_SetLinkSuperTout");
1299     if (p != (tACL_CONN *)NULL)
1300     {
1301         p->link_super_tout = timeout;
1302 
1303         /* Only send if current role is Master; 2.0 spec requires this */
1304         if (p->link_role == BTM_ROLE_MASTER)
1305         {
1306             if (!btsnd_hcic_write_link_super_tout (LOCAL_BR_EDR_CONTROLLER_ID,
1307                                                    p->hci_handle, timeout))
1308                 return(BTM_NO_RESOURCES);
1309 
1310             return(BTM_CMD_STARTED);
1311         }
1312         else
1313             return(BTM_SUCCESS);
1314     }
1315 
1316     /* If here, no BD Addr found */
1317     return(BTM_UNKNOWN_ADDR);
1318 }
1319 
1320 /*******************************************************************************
1321 **
1322 ** Function         BTM_IsAclConnectionUp
1323 **
1324 ** Description      This function is called to check if an ACL connection exists
1325 **                  to a specific remote BD Address.
1326 **
1327 ** Returns          TRUE if connection is up, else FALSE.
1328 **
1329 *******************************************************************************/
BTM_IsAclConnectionUp(BD_ADDR remote_bda,tBT_TRANSPORT transport)1330 BOOLEAN BTM_IsAclConnectionUp (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1331 {
1332     tACL_CONN   *p;
1333 
1334     BTM_TRACE_API ("BTM_IsAclConnectionUp: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1335                     remote_bda[0], remote_bda[1], remote_bda[2],
1336                     remote_bda[3], remote_bda[4], remote_bda[5]);
1337 
1338     p = btm_bda_to_acl(remote_bda, transport);
1339     if (p != (tACL_CONN *)NULL)
1340     {
1341         return(TRUE);
1342     }
1343 
1344     /* If here, no BD Addr found */
1345     return(FALSE);
1346 }
1347 
1348 /*******************************************************************************
1349 **
1350 ** Function         BTM_GetNumAclLinks
1351 **
1352 ** Description      This function is called to count the number of
1353 **                  ACL links that are active.
1354 **
1355 ** Returns          UINT16  Number of active ACL links
1356 **
1357 *******************************************************************************/
BTM_GetNumAclLinks(void)1358 UINT16 BTM_GetNumAclLinks (void)
1359 {
1360     uint16_t num_acl = 0;
1361 
1362     for (uint16_t i = 0; i < MAX_L2CAP_LINKS; ++i)
1363     {
1364         if (btm_cb.acl_db[i].in_use)
1365             ++num_acl;
1366     }
1367 
1368     return num_acl;
1369 }
1370 
1371 /*******************************************************************************
1372 **
1373 ** Function         btm_get_acl_disc_reason_code
1374 **
1375 ** Description      This function is called to get the disconnection reason code
1376 **                  returned by the HCI at disconnection complete event.
1377 **
1378 ** Returns          TRUE if connection is up, else FALSE.
1379 **
1380 *******************************************************************************/
btm_get_acl_disc_reason_code(void)1381 UINT16 btm_get_acl_disc_reason_code (void)
1382 {
1383     UINT8 res = btm_cb.acl_disc_reason;
1384     BTM_TRACE_DEBUG ("btm_get_acl_disc_reason_code");
1385     return(res);
1386 }
1387 
1388 
1389 /*******************************************************************************
1390 **
1391 ** Function         BTM_GetHCIConnHandle
1392 **
1393 ** Description      This function is called to get the handle for an ACL connection
1394 **                  to a specific remote BD Address.
1395 **
1396 ** Returns          the handle of the connection, or 0xFFFF if none.
1397 **
1398 *******************************************************************************/
BTM_GetHCIConnHandle(BD_ADDR remote_bda,tBT_TRANSPORT transport)1399 UINT16 BTM_GetHCIConnHandle (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1400 {
1401     tACL_CONN   *p;
1402     BTM_TRACE_DEBUG ("BTM_GetHCIConnHandle");
1403     p = btm_bda_to_acl(remote_bda, transport);
1404     if (p != (tACL_CONN *)NULL)
1405     {
1406         return(p->hci_handle);
1407     }
1408 
1409     /* If here, no BD Addr found */
1410     return(0xFFFF);
1411 }
1412 
1413 /*******************************************************************************
1414 **
1415 ** Function         btm_process_clk_off_comp_evt
1416 **
1417 ** Description      This function is called when clock offset command completes.
1418 **
1419 ** Input Parms      hci_handle - connection handle associated with the change
1420 **                  clock offset
1421 **
1422 ** Returns          void
1423 **
1424 *******************************************************************************/
btm_process_clk_off_comp_evt(UINT16 hci_handle,UINT16 clock_offset)1425 void btm_process_clk_off_comp_evt (UINT16 hci_handle, UINT16 clock_offset)
1426 {
1427     UINT8      xx;
1428     BTM_TRACE_DEBUG ("btm_process_clk_off_comp_evt");
1429     /* Look up the connection by handle and set the current mode */
1430     if ((xx = btm_handle_to_acl_index(hci_handle)) < MAX_L2CAP_LINKS)
1431         btm_cb.acl_db[xx].clock_offset = clock_offset;
1432 }
1433 
1434 /*******************************************************************************
1435 **
1436 ** Function         btm_acl_role_changed
1437 **
1438 ** Description      This function is called whan a link's master/slave role change
1439 **                  event or command status event (with error) is received.
1440 **                  It updates the link control block, and calls
1441 **                  the registered callback with status and role (if registered).
1442 **
1443 ** Returns          void
1444 **
1445 *******************************************************************************/
btm_acl_role_changed(UINT8 hci_status,BD_ADDR bd_addr,UINT8 new_role)1446 void btm_acl_role_changed (UINT8 hci_status, BD_ADDR bd_addr, UINT8 new_role)
1447 {
1448     UINT8                   *p_bda = (bd_addr) ? bd_addr :
1449                                         btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
1450     tACL_CONN               *p = btm_bda_to_acl(p_bda, BT_TRANSPORT_BR_EDR);
1451     tBTM_ROLE_SWITCH_CMPL   *p_data = &btm_cb.devcb.switch_role_ref_data;
1452     tBTM_SEC_DEV_REC        *p_dev_rec;
1453     tBTM_BL_ROLE_CHG_DATA   evt;
1454 
1455     BTM_TRACE_DEBUG ("btm_acl_role_changed");
1456     /* Ignore any stray events */
1457     if (p == NULL)
1458     {
1459         /* it could be a failure */
1460         if (hci_status != HCI_SUCCESS)
1461             btm_acl_report_role_change(hci_status, bd_addr);
1462         return;
1463     }
1464 
1465     p_data->hci_status = hci_status;
1466 
1467     if (hci_status == HCI_SUCCESS)
1468     {
1469         p_data->role = new_role;
1470         memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN);
1471 
1472         /* Update cached value */
1473         p->link_role = new_role;
1474 
1475         /* Reload LSTO: link supervision timeout is reset in the LM after a role switch */
1476         if (new_role == BTM_ROLE_MASTER)
1477         {
1478             BTM_SetLinkSuperTout (p->remote_addr, p->link_super_tout);
1479         }
1480     }
1481     else
1482     {
1483         /* so the BTM_BL_ROLE_CHG_EVT uses the old role */
1484         new_role = p->link_role;
1485     }
1486 
1487     /* Check if any SCO req is pending for role change */
1488     btm_sco_chk_pend_rolechange (p->hci_handle);
1489 
1490     /* if switching state is switching we need to turn encryption on */
1491     /* if idle, we did not change encryption */
1492     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING)
1493     {
1494         if (btsnd_hcic_set_conn_encrypt (p->hci_handle, TRUE))
1495         {
1496             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
1497             p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
1498             return;
1499         }
1500     }
1501 
1502     /* Set the switch_role_state to IDLE since the reply received from HCI */
1503     /* regardless of its result either success or failed. */
1504     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS)
1505     {
1506         p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
1507         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
1508     }
1509 
1510     /* if role switch complete is needed, report it now */
1511     btm_acl_report_role_change(hci_status, bd_addr);
1512 
1513     /* if role change event is registered, report it now */
1514     if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
1515     {
1516         evt.event       = BTM_BL_ROLE_CHG_EVT;
1517         evt.new_role    = new_role;
1518         evt.p_bda       = p_bda;
1519         evt.hci_status  = hci_status;
1520         (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
1521     }
1522 
1523     BTM_TRACE_DEBUG("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
1524                      p_data->role, p_data->hci_status, p->switch_role_state);
1525 
1526 #if BTM_DISC_DURING_RS == TRUE
1527     /* If a disconnect is pending, issue it now that role switch has completed */
1528     if ((p_dev_rec = btm_find_dev (p_bda)) != NULL)
1529     {
1530         if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
1531         {
1532             BTM_TRACE_WARNING("btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!");
1533             btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
1534         }
1535         BTM_TRACE_ERROR("tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
1536                          (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending);
1537         p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING;     /* reset flag */
1538     }
1539 
1540 #endif
1541 
1542 }
1543 
1544 /*******************************************************************************
1545 **
1546 ** Function         BTM_AllocateSCN
1547 **
1548 ** Description      Look through the Server Channel Numbers for a free one.
1549 **
1550 ** Returns          Allocated SCN number or 0 if none.
1551 **
1552 *******************************************************************************/
1553 
BTM_AllocateSCN(void)1554 UINT8 BTM_AllocateSCN(void)
1555 {
1556     UINT8   x;
1557     BTM_TRACE_DEBUG ("BTM_AllocateSCN");
1558 
1559     // stack reserves scn 1 for HFP, HSP we still do the correct way
1560     for (x = 1; x < BTM_MAX_SCN; x++)
1561     {
1562         if (!btm_cb.btm_scn[x])
1563         {
1564             btm_cb.btm_scn[x] = TRUE;
1565             return(x+1);
1566         }
1567     }
1568 
1569     return(0);     /* No free ports */
1570 }
1571 
1572 /*******************************************************************************
1573 **
1574 ** Function         BTM_TryAllocateSCN
1575 **
1576 ** Description      Try to allocate a fixed server channel
1577 **
1578 ** Returns          Returns TRUE if server channel was available
1579 **
1580 *******************************************************************************/
1581 
BTM_TryAllocateSCN(UINT8 scn)1582 BOOLEAN BTM_TryAllocateSCN(UINT8 scn)
1583 {
1584     /* Make sure we don't exceed max port range.
1585      * Stack reserves scn 1 for HFP, HSP we still do the correct way.
1586      */
1587     if ( (scn>=BTM_MAX_SCN) || (scn == 1) )
1588         return FALSE;
1589 
1590     /* check if this port is available */
1591     if (!btm_cb.btm_scn[scn-1])
1592     {
1593         btm_cb.btm_scn[scn-1] = TRUE;
1594         return TRUE;
1595     }
1596 
1597     return (FALSE);     /* Port was busy */
1598 }
1599 
1600 /*******************************************************************************
1601 **
1602 ** Function         BTM_FreeSCN
1603 **
1604 ** Description      Free the specified SCN.
1605 **
1606 ** Returns          TRUE or FALSE
1607 **
1608 *******************************************************************************/
BTM_FreeSCN(UINT8 scn)1609 BOOLEAN BTM_FreeSCN(UINT8 scn)
1610 {
1611     BTM_TRACE_DEBUG ("BTM_FreeSCN ");
1612     if (scn <= BTM_MAX_SCN)
1613     {
1614         btm_cb.btm_scn[scn-1] = FALSE;
1615         return(TRUE);
1616     }
1617     else
1618         return(FALSE);      /* Illegal SCN passed in */
1619 }
1620 
1621 /*******************************************************************************
1622 **
1623 ** Function         btm_set_packet_types
1624 **
1625 ** Description      This function sets the packet types used for a specific
1626 **                  ACL connection. It is called internally by btm_acl_created
1627 **                  or by an application/profile by BTM_SetPacketTypes.
1628 **
1629 ** Returns          status of the operation
1630 **
1631 *******************************************************************************/
btm_set_packet_types(tACL_CONN * p,UINT16 pkt_types)1632 tBTM_STATUS btm_set_packet_types (tACL_CONN *p, UINT16 pkt_types)
1633 {
1634     UINT16 temp_pkt_types;
1635     BTM_TRACE_DEBUG ("btm_set_packet_types");
1636     /* Save in the ACL control blocks, types that we support */
1637     temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK &
1638                       btm_cb.btm_acl_pkt_types_supported);
1639 
1640     /* OR in any exception packet types if at least 2.0 version of spec */
1641     temp_pkt_types |= ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) |
1642                        (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK));
1643 
1644     /* Exclude packet types not supported by the peer */
1645     btm_acl_chk_peer_pkt_type_support (p, &temp_pkt_types);
1646 
1647     BTM_TRACE_DEBUG ("SetPacketType Mask -> 0x%04x", temp_pkt_types);
1648 
1649     if (!btsnd_hcic_change_conn_type (p->hci_handle, temp_pkt_types))
1650     {
1651         return(BTM_NO_RESOURCES);
1652     }
1653 
1654     p->pkt_types_mask = temp_pkt_types;
1655 
1656     return(BTM_CMD_STARTED);
1657 }
1658 
1659 /*******************************************************************************
1660 **
1661 ** Function         btm_get_max_packet_size
1662 **
1663 ** Returns          Returns maximum packet size that can be used for current
1664 **                  connection, 0 if connection is not established
1665 **
1666 *******************************************************************************/
btm_get_max_packet_size(BD_ADDR addr)1667 UINT16 btm_get_max_packet_size (BD_ADDR addr)
1668 {
1669     tACL_CONN   *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1670     UINT16      pkt_types = 0;
1671     UINT16      pkt_size = 0;
1672     BTM_TRACE_DEBUG ("btm_get_max_packet_size");
1673     if (p != NULL)
1674     {
1675         pkt_types = p->pkt_types_mask;
1676     }
1677     else
1678     {
1679         /* Special case for when info for the local device is requested */
1680         if (memcmp (controller_get_interface()->get_address(), addr, BD_ADDR_LEN) == 0)
1681         {
1682             pkt_types = btm_cb.btm_acl_pkt_types_supported;
1683         }
1684     }
1685 
1686     if (pkt_types)
1687     {
1688         if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5))
1689             pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
1690         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5))
1691             pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
1692         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3))
1693             pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
1694         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5)
1695             pkt_size = HCI_DH5_PACKET_SIZE;
1696         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3))
1697             pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
1698         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5)
1699             pkt_size = HCI_DM5_PACKET_SIZE;
1700         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3)
1701             pkt_size = HCI_DH3_PACKET_SIZE;
1702         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3)
1703             pkt_size = HCI_DM3_PACKET_SIZE;
1704         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1))
1705             pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
1706         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1))
1707             pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
1708         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1)
1709             pkt_size = HCI_DH1_PACKET_SIZE;
1710         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1)
1711             pkt_size = HCI_DM1_PACKET_SIZE;
1712     }
1713 
1714    return(pkt_size);
1715 }
1716 
1717 /*******************************************************************************
1718 **
1719 ** Function         BTM_ReadRemoteVersion
1720 **
1721 ** Returns          If connected report peer device info
1722 **
1723 *******************************************************************************/
BTM_ReadRemoteVersion(BD_ADDR addr,UINT8 * lmp_version,UINT16 * manufacturer,UINT16 * lmp_sub_version)1724 tBTM_STATUS BTM_ReadRemoteVersion (BD_ADDR addr, UINT8 *lmp_version,
1725                                    UINT16 *manufacturer, UINT16 *lmp_sub_version)
1726 {
1727     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1728     BTM_TRACE_DEBUG ("BTM_ReadRemoteVersion");
1729     if (p == NULL)
1730         return(BTM_UNKNOWN_ADDR);
1731 
1732     if (lmp_version)
1733         *lmp_version = p->lmp_version;
1734 
1735     if (manufacturer)
1736         *manufacturer = p->manufacturer;
1737 
1738     if (lmp_sub_version)
1739         *lmp_sub_version = p->lmp_subversion;
1740 
1741     return(BTM_SUCCESS);
1742 }
1743 
1744 /*******************************************************************************
1745 **
1746 ** Function         BTM_ReadRemoteFeatures
1747 **
1748 ** Returns          pointer to the remote supported features mask (8 bytes)
1749 **
1750 *******************************************************************************/
BTM_ReadRemoteFeatures(BD_ADDR addr)1751 UINT8 *BTM_ReadRemoteFeatures (BD_ADDR addr)
1752 {
1753     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1754     BTM_TRACE_DEBUG ("BTM_ReadRemoteFeatures");
1755     if (p == NULL)
1756     {
1757         return(NULL);
1758     }
1759 
1760     return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
1761 }
1762 
1763 /*******************************************************************************
1764 **
1765 ** Function         BTM_ReadRemoteExtendedFeatures
1766 **
1767 ** Returns          pointer to the remote extended features mask (8 bytes)
1768 **                  or NULL if bad page
1769 **
1770 *******************************************************************************/
BTM_ReadRemoteExtendedFeatures(BD_ADDR addr,UINT8 page_number)1771 UINT8 *BTM_ReadRemoteExtendedFeatures (BD_ADDR addr, UINT8 page_number)
1772 {
1773     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1774     BTM_TRACE_DEBUG ("BTM_ReadRemoteExtendedFeatures");
1775     if (p == NULL)
1776     {
1777         return(NULL);
1778     }
1779 
1780     if (page_number > HCI_EXT_FEATURES_PAGE_MAX)
1781     {
1782         BTM_TRACE_ERROR("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown", page_number);
1783         return NULL;
1784     }
1785 
1786     return(p->peer_lmp_features[page_number]);
1787 }
1788 
1789 /*******************************************************************************
1790 **
1791 ** Function         BTM_ReadNumberRemoteFeaturesPages
1792 **
1793 ** Returns          number of features pages read from the remote device.
1794 **
1795 *******************************************************************************/
BTM_ReadNumberRemoteFeaturesPages(BD_ADDR addr)1796 UINT8 BTM_ReadNumberRemoteFeaturesPages (BD_ADDR addr)
1797 {
1798     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1799     BTM_TRACE_DEBUG ("BTM_ReadNumberRemoteFeaturesPages");
1800     if (p == NULL)
1801     {
1802         return(0);
1803     }
1804 
1805     return(p->num_read_pages);
1806 }
1807 
1808 /*******************************************************************************
1809 **
1810 ** Function         BTM_ReadAllRemoteFeatures
1811 **
1812 ** Returns          pointer to all features of the remote (24 bytes).
1813 **
1814 *******************************************************************************/
BTM_ReadAllRemoteFeatures(BD_ADDR addr)1815 UINT8 *BTM_ReadAllRemoteFeatures (BD_ADDR addr)
1816 {
1817     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1818     BTM_TRACE_DEBUG ("BTM_ReadAllRemoteFeatures");
1819     if (p == NULL)
1820     {
1821         return(NULL);
1822     }
1823 
1824     return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
1825 }
1826 
1827 /*******************************************************************************
1828 **
1829 ** Function         BTM_RegBusyLevelNotif
1830 **
1831 ** Description      This function is called to register a callback to receive
1832 **                  busy level change events.
1833 **
1834 ** Returns          BTM_SUCCESS if successfully registered, otherwise error
1835 **
1836 *******************************************************************************/
BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB * p_cb,UINT8 * p_level,tBTM_BL_EVENT_MASK evt_mask)1837 tBTM_STATUS BTM_RegBusyLevelNotif (tBTM_BL_CHANGE_CB *p_cb, UINT8 *p_level,
1838                                    tBTM_BL_EVENT_MASK evt_mask)
1839 {
1840     BTM_TRACE_DEBUG ("BTM_RegBusyLevelNotif");
1841     if (p_level)
1842         *p_level = btm_cb.busy_level;
1843 
1844     btm_cb.bl_evt_mask = evt_mask;
1845 
1846     if (!p_cb)
1847         btm_cb.p_bl_changed_cb = NULL;
1848     else if (btm_cb.p_bl_changed_cb)
1849         return(BTM_BUSY);
1850     else
1851         btm_cb.p_bl_changed_cb = p_cb;
1852 
1853     return(BTM_SUCCESS);
1854 }
1855 
1856 /*******************************************************************************
1857 **
1858 ** Function         BTM_SetQoS
1859 **
1860 ** Description      This function is called to setup QoS
1861 **
1862 ** Returns          status of the operation
1863 **
1864 *******************************************************************************/
BTM_SetQoS(BD_ADDR bd,FLOW_SPEC * p_flow,tBTM_CMPL_CB * p_cb)1865 tBTM_STATUS BTM_SetQoS (BD_ADDR bd, FLOW_SPEC *p_flow, tBTM_CMPL_CB *p_cb)
1866 {
1867     tACL_CONN   *p = &btm_cb.acl_db[0];
1868 
1869     BTM_TRACE_API ("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x",
1870                     bd[0], bd[1], bd[2],
1871                     bd[3], bd[4], bd[5]);
1872 
1873     /* If someone already waiting on the version, do not allow another */
1874     if (btm_cb.devcb.p_qossu_cmpl_cb)
1875         return(BTM_BUSY);
1876 
1877     if ( (p = btm_bda_to_acl(bd, BT_TRANSPORT_BR_EDR)) != NULL)
1878     {
1879         btu_start_timer (&btm_cb.devcb.qossu_timer, BTU_TTYPE_BTM_ACL, BTM_DEV_REPLY_TIMEOUT);
1880         btm_cb.devcb.p_qossu_cmpl_cb = p_cb;
1881 
1882         if (!btsnd_hcic_qos_setup (p->hci_handle, p_flow->qos_flags, p_flow->service_type,
1883                                    p_flow->token_rate, p_flow->peak_bandwidth,
1884                                    p_flow->latency,p_flow->delay_variation))
1885         {
1886             btm_cb.devcb.p_qossu_cmpl_cb = NULL;
1887             btu_stop_timer(&btm_cb.devcb.qossu_timer);
1888             return(BTM_NO_RESOURCES);
1889         }
1890         else
1891             return(BTM_CMD_STARTED);
1892     }
1893 
1894     /* If here, no BD Addr found */
1895     return(BTM_UNKNOWN_ADDR);
1896 }
1897 
1898 /*******************************************************************************
1899 **
1900 ** Function         btm_qos_setup_complete
1901 **
1902 ** Description      This function is called when the command complete message
1903 **                  is received from the HCI for the qos setup request.
1904 **
1905 ** Returns          void
1906 **
1907 *******************************************************************************/
btm_qos_setup_complete(UINT8 status,UINT16 handle,FLOW_SPEC * p_flow)1908 void btm_qos_setup_complete (UINT8 status, UINT16 handle, FLOW_SPEC *p_flow)
1909 {
1910     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_qossu_cmpl_cb;
1911     tBTM_QOS_SETUP_CMPL     qossu;
1912     BTM_TRACE_DEBUG ("btm_qos_setup_complete");
1913     btu_stop_timer (&btm_cb.devcb.qossu_timer);
1914 
1915     btm_cb.devcb.p_qossu_cmpl_cb = NULL;
1916 
1917     if (p_cb)
1918     {
1919         memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL));
1920         qossu.status = status;
1921         qossu.handle = handle;
1922         if (p_flow != NULL)
1923         {
1924             qossu.flow.qos_flags = p_flow->qos_flags;
1925             qossu.flow.service_type = p_flow->service_type;
1926             qossu.flow.token_rate = p_flow->token_rate;
1927             qossu.flow.peak_bandwidth = p_flow->peak_bandwidth;
1928             qossu.flow.latency = p_flow->latency;
1929             qossu.flow.delay_variation = p_flow->delay_variation;
1930         }
1931         BTM_TRACE_DEBUG ("BTM: p_flow->delay_variation: 0x%02x",
1932                           qossu.flow.delay_variation);
1933         (*p_cb)(&qossu);
1934     }
1935 }
1936 
1937 
1938 /*******************************************************************************
1939 **
1940 ** Function         BTM_ReadRSSI
1941 **
1942 ** Description      This function is called to read the link policy settings.
1943 **                  The address of link policy results are returned in the callback.
1944 **                  (tBTM_RSSI_RESULTS)
1945 **
1946 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
1947 **
1948 *******************************************************************************/
BTM_ReadRSSI(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)1949 tBTM_STATUS BTM_ReadRSSI (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
1950 {
1951     tACL_CONN   *p;
1952     tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1953 #if BLE_INCLUDED == TRUE
1954     tBT_DEVICE_TYPE dev_type;
1955     tBLE_ADDR_TYPE  addr_type;
1956 #endif
1957     BTM_TRACE_API ("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1958                     remote_bda[0], remote_bda[1], remote_bda[2],
1959                     remote_bda[3], remote_bda[4], remote_bda[5]);
1960 
1961     /* If someone already waiting on the version, do not allow another */
1962     if (btm_cb.devcb.p_rssi_cmpl_cb)
1963         return(BTM_BUSY);
1964 
1965 #if BLE_INCLUDED == TRUE
1966     BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1967     if (dev_type == BT_DEVICE_TYPE_BLE)
1968         transport = BT_TRANSPORT_LE;
1969 #endif
1970 
1971     p = btm_bda_to_acl(remote_bda, transport);
1972     if (p != (tACL_CONN *)NULL)
1973     {
1974         btu_start_timer (&btm_cb.devcb.rssi_timer, BTU_TTYPE_BTM_ACL,
1975                          BTM_DEV_REPLY_TIMEOUT);
1976 
1977         btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
1978 
1979         if (!btsnd_hcic_read_rssi (p->hci_handle))
1980         {
1981             btm_cb.devcb.p_rssi_cmpl_cb = NULL;
1982             btu_stop_timer (&btm_cb.devcb.rssi_timer);
1983             return(BTM_NO_RESOURCES);
1984         }
1985         else
1986             return(BTM_CMD_STARTED);
1987     }
1988 
1989     /* If here, no BD Addr found */
1990     return(BTM_UNKNOWN_ADDR);
1991 }
1992 
1993 /*******************************************************************************
1994 **
1995 ** Function         BTM_ReadLinkQuality
1996 **
1997 ** Description      This function is called to read the link qulaity.
1998 **                  The value of the link quality is returned in the callback.
1999 **                  (tBTM_LINK_QUALITY_RESULTS)
2000 **
2001 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
2002 **
2003 *******************************************************************************/
BTM_ReadLinkQuality(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)2004 tBTM_STATUS BTM_ReadLinkQuality (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
2005 {
2006     tACL_CONN   *p;
2007 
2008     BTM_TRACE_API ("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2009                     remote_bda[0], remote_bda[1], remote_bda[2],
2010                     remote_bda[3], remote_bda[4], remote_bda[5]);
2011 
2012     /* If someone already waiting on the version, do not allow another */
2013     if (btm_cb.devcb.p_lnk_qual_cmpl_cb)
2014         return(BTM_BUSY);
2015 
2016     p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
2017     if (p != (tACL_CONN *)NULL)
2018     {
2019         btu_start_timer (&btm_cb.devcb.lnk_quality_timer, BTU_TTYPE_BTM_ACL,
2020                          BTM_DEV_REPLY_TIMEOUT);
2021         btm_cb.devcb.p_lnk_qual_cmpl_cb = p_cb;
2022 
2023         if (!btsnd_hcic_get_link_quality (p->hci_handle))
2024         {
2025             btu_stop_timer (&btm_cb.devcb.lnk_quality_timer);
2026             btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL;
2027             return(BTM_NO_RESOURCES);
2028         }
2029         else
2030             return(BTM_CMD_STARTED);
2031     }
2032 
2033     /* If here, no BD Addr found */
2034     return(BTM_UNKNOWN_ADDR);
2035 }
2036 
2037 /*******************************************************************************
2038 **
2039 ** Function         BTM_ReadTxPower
2040 **
2041 ** Description      This function is called to read the current
2042 **                  TX power of the connection. The tx power level results
2043 **                  are returned in the callback.
2044 **                  (tBTM_RSSI_RESULTS)
2045 **
2046 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
2047 **
2048 *******************************************************************************/
BTM_ReadTxPower(BD_ADDR remote_bda,tBT_TRANSPORT transport,tBTM_CMPL_CB * p_cb)2049 tBTM_STATUS BTM_ReadTxPower (BD_ADDR remote_bda, tBT_TRANSPORT transport, tBTM_CMPL_CB *p_cb)
2050 {
2051     tACL_CONN   *p;
2052     BOOLEAN     ret;
2053 #define BTM_READ_RSSI_TYPE_CUR  0x00
2054 #define BTM_READ_RSSI_TYPE_MAX  0X01
2055 
2056     BTM_TRACE_API ("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2057                     remote_bda[0], remote_bda[1], remote_bda[2],
2058                     remote_bda[3], remote_bda[4], remote_bda[5]);
2059 
2060     /* If someone already waiting on the version, do not allow another */
2061     if (btm_cb.devcb.p_tx_power_cmpl_cb)
2062         return(BTM_BUSY);
2063 
2064     p = btm_bda_to_acl(remote_bda, transport);
2065     if (p != (tACL_CONN *)NULL)
2066     {
2067         btu_start_timer (&btm_cb.devcb.tx_power_timer, BTU_TTYPE_BTM_ACL,
2068                          BTM_DEV_REPLY_TIMEOUT);
2069 
2070         btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
2071 
2072 #if BLE_INCLUDED == TRUE
2073         if (p->transport == BT_TRANSPORT_LE)
2074         {
2075             memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN);
2076             ret = btsnd_hcic_ble_read_adv_chnl_tx_power();
2077         }
2078         else
2079 #endif
2080         {
2081             ret = btsnd_hcic_read_tx_power (p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
2082         }
2083         if (!ret)
2084         {
2085             btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2086             btu_stop_timer (&btm_cb.devcb.tx_power_timer);
2087             return(BTM_NO_RESOURCES);
2088         }
2089         else
2090             return(BTM_CMD_STARTED);
2091     }
2092 
2093     /* If here, no BD Addr found */
2094     return (BTM_UNKNOWN_ADDR);
2095 }
2096 /*******************************************************************************
2097 **
2098 ** Function         btm_read_tx_power_complete
2099 **
2100 ** Description      This function is called when the command complete message
2101 **                  is received from the HCI for the read tx power request.
2102 **
2103 ** Returns          void
2104 **
2105 *******************************************************************************/
btm_read_tx_power_complete(UINT8 * p,BOOLEAN is_ble)2106 void btm_read_tx_power_complete (UINT8 *p, BOOLEAN is_ble)
2107 {
2108     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
2109     tBTM_TX_POWER_RESULTS   results;
2110     UINT16                   handle;
2111     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2112     UINT16                   index;
2113     BTM_TRACE_DEBUG ("btm_read_tx_power_complete");
2114     btu_stop_timer (&btm_cb.devcb.tx_power_timer);
2115 
2116     /* If there was a callback registered for read rssi, call it */
2117     btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2118 
2119     if (p_cb)
2120     {
2121         STREAM_TO_UINT8  (results.hci_status, p);
2122 
2123         if (results.hci_status == HCI_SUCCESS)
2124         {
2125             results.status = BTM_SUCCESS;
2126 
2127             if (!is_ble)
2128             {
2129                 STREAM_TO_UINT16 (handle, p);
2130                 STREAM_TO_UINT8 (results.tx_power, p);
2131 
2132                 /* Search through the list of active channels for the correct BD Addr */
2133                 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2134                 {
2135                     if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2136                     {
2137                         memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2138                         break;
2139                     }
2140                 }
2141             }
2142 #if BLE_INCLUDED == TRUE
2143             else
2144             {
2145                 STREAM_TO_UINT8 (results.tx_power, p);
2146                 memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN);
2147             }
2148 #endif
2149             BTM_TRACE_DEBUG ("BTM TX power Complete: tx_power %d, hci status 0x%02x",
2150                                   results.tx_power, results.hci_status);
2151         }
2152         else
2153             results.status = BTM_ERR_PROCESSING;
2154 
2155         (*p_cb)(&results);
2156     }
2157 }
2158 
2159 /*******************************************************************************
2160 **
2161 ** Function         btm_read_rssi_complete
2162 **
2163 ** Description      This function is called when the command complete message
2164 **                  is received from the HCI for the read rssi request.
2165 **
2166 ** Returns          void
2167 **
2168 *******************************************************************************/
btm_read_rssi_complete(UINT8 * p)2169 void btm_read_rssi_complete (UINT8 *p)
2170 {
2171     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
2172     tBTM_RSSI_RESULTS        results;
2173     UINT16                   handle;
2174     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2175     UINT16                   index;
2176     BTM_TRACE_DEBUG ("btm_read_rssi_complete");
2177     btu_stop_timer (&btm_cb.devcb.rssi_timer);
2178 
2179     /* If there was a callback registered for read rssi, call it */
2180     btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2181 
2182     if (p_cb)
2183     {
2184         STREAM_TO_UINT8  (results.hci_status, p);
2185 
2186         if (results.hci_status == HCI_SUCCESS)
2187         {
2188             results.status = BTM_SUCCESS;
2189 
2190             STREAM_TO_UINT16 (handle, p);
2191 
2192             STREAM_TO_UINT8 (results.rssi, p);
2193             BTM_TRACE_DEBUG ("BTM RSSI Complete: rssi %d, hci status 0x%02x",
2194                               results.rssi, results.hci_status);
2195 
2196             /* Search through the list of active channels for the correct BD Addr */
2197             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2198             {
2199                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2200                 {
2201                     memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2202                     break;
2203                 }
2204             }
2205         }
2206         else
2207             results.status = BTM_ERR_PROCESSING;
2208 
2209         (*p_cb)(&results);
2210     }
2211 }
2212 
2213 /*******************************************************************************
2214 **
2215 ** Function         btm_read_link_quality_complete
2216 **
2217 ** Description      This function is called when the command complete message
2218 **                  is received from the HCI for the read link quality.
2219 **
2220 ** Returns          void
2221 **
2222 *******************************************************************************/
btm_read_link_quality_complete(UINT8 * p)2223 void btm_read_link_quality_complete (UINT8 *p)
2224 {
2225     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_lnk_qual_cmpl_cb;
2226     tBTM_LINK_QUALITY_RESULTS results;
2227     UINT16                   handle;
2228     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2229     UINT16                   index;
2230     BTM_TRACE_DEBUG ("btm_read_link_quality_complete");
2231     btu_stop_timer (&btm_cb.devcb.lnk_quality_timer);
2232 
2233     /* If there was a callback registered for read rssi, call it */
2234     btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL;
2235 
2236     if (p_cb)
2237     {
2238         STREAM_TO_UINT8  (results.hci_status, p);
2239 
2240         if (results.hci_status == HCI_SUCCESS)
2241         {
2242             results.status = BTM_SUCCESS;
2243 
2244             STREAM_TO_UINT16 (handle, p);
2245 
2246             STREAM_TO_UINT8 (results.link_quality, p);
2247             BTM_TRACE_DEBUG ("BTM Link Quality Complete: Link Quality %d, hci status 0x%02x",
2248                               results.link_quality, results.hci_status);
2249 
2250             /* Search through the list of active channels for the correct BD Addr */
2251             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2252             {
2253                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2254                 {
2255                     memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2256                     break;
2257                 }
2258             }
2259         }
2260         else
2261             results.status = BTM_ERR_PROCESSING;
2262 
2263         (*p_cb)(&results);
2264     }
2265 }
2266 
2267 /*******************************************************************************
2268 **
2269 ** Function         btm_remove_acl
2270 **
2271 ** Description      This function is called to disconnect an ACL connection
2272 **
2273 ** Returns          BTM_SUCCESS if successfully initiated, otherwise BTM_NO_RESOURCES.
2274 **
2275 *******************************************************************************/
btm_remove_acl(BD_ADDR bd_addr,tBT_TRANSPORT transport)2276 tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr, tBT_TRANSPORT transport)
2277 {
2278     UINT16  hci_handle = BTM_GetHCIConnHandle(bd_addr, transport);
2279     tBTM_STATUS status = BTM_SUCCESS;
2280 
2281     BTM_TRACE_DEBUG ("btm_remove_acl");
2282 #if BTM_DISC_DURING_RS == TRUE
2283     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
2284 
2285     /* Role Switch is pending, postpone until completed */
2286     if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING))
2287     {
2288         p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING;
2289     }
2290     else    /* otherwise can disconnect right away */
2291 #endif
2292     {
2293         if (hci_handle != 0xFFFF && p_dev_rec &&
2294              p_dev_rec->sec_state!= BTM_SEC_STATE_DISCONNECTING)
2295         {
2296             if (!btsnd_hcic_disconnect (hci_handle, HCI_ERR_PEER_USER))
2297                 status = BTM_NO_RESOURCES;
2298         }
2299         else
2300             status = BTM_UNKNOWN_ADDR;
2301     }
2302 
2303     return status;
2304 }
2305 
2306 
2307 /*******************************************************************************
2308 **
2309 ** Function         BTM_SetTraceLevel
2310 **
2311 ** Description      This function sets the trace level for BTM.  If called with
2312 **                  a value of 0xFF, it simply returns the current trace level.
2313 **
2314 ** Returns          The new or current trace level
2315 **
2316 *******************************************************************************/
BTM_SetTraceLevel(UINT8 new_level)2317 UINT8 BTM_SetTraceLevel (UINT8 new_level)
2318 {
2319     BTM_TRACE_DEBUG ("BTM_SetTraceLevel");
2320     if (new_level != 0xFF)
2321         btm_cb.trace_level = new_level;
2322 
2323     return(btm_cb.trace_level);
2324 }
2325 
2326 /*******************************************************************************
2327 **
2328 ** Function         btm_cont_rswitch
2329 **
2330 ** Description      This function is called to continue processing an active
2331 **                  role switch. It first disables encryption if enabled and
2332 **                  EPR is not supported
2333 **
2334 ** Returns          void
2335 **
2336 *******************************************************************************/
btm_cont_rswitch(tACL_CONN * p,tBTM_SEC_DEV_REC * p_dev_rec,UINT8 hci_status)2337 void btm_cont_rswitch (tACL_CONN *p, tBTM_SEC_DEV_REC *p_dev_rec,
2338                                      UINT8 hci_status)
2339 {
2340     BOOLEAN sw_ok = TRUE;
2341     BTM_TRACE_DEBUG ("btm_cont_rswitch");
2342     /* Check to see if encryption needs to be turned off if pending
2343        change of link key or role switch */
2344     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2345     {
2346         /* Must turn off Encryption first if necessary */
2347         /* Some devices do not support switch or change of link key while encryption is on */
2348         if (p_dev_rec != NULL && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
2349             && !BTM_EPR_AVAILABLE(p))
2350         {
2351             if (btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
2352             {
2353                 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
2354                 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2355                     p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
2356             }
2357             else
2358             {
2359                 /* Error occurred; set states back to Idle */
2360                 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2361                     sw_ok = FALSE;
2362             }
2363         }
2364         else    /* Encryption not used or EPR supported, continue with switch
2365                    and/or change of link key */
2366         {
2367             if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2368             {
2369                 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
2370 #if BTM_DISC_DURING_RS == TRUE
2371                 if (p_dev_rec)
2372                     p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
2373 #endif
2374                 sw_ok = btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role);
2375             }
2376         }
2377 
2378         if (!sw_ok)
2379         {
2380             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
2381             btm_acl_report_role_change(hci_status, p->remote_addr);
2382         }
2383     }
2384 }
2385 
2386 /*******************************************************************************
2387 **
2388 ** Function         btm_acl_resubmit_page
2389 **
2390 ** Description      send pending page request
2391 **
2392 *******************************************************************************/
btm_acl_resubmit_page(void)2393 void btm_acl_resubmit_page (void)
2394 {
2395     tBTM_SEC_DEV_REC *p_dev_rec;
2396     BT_HDR  *p_buf;
2397     UINT8   *pp;
2398     BD_ADDR bda;
2399     BTM_TRACE_DEBUG ("btm_acl_resubmit_page");
2400     /* If there were other page request schedule can start the next one */
2401     if ((p_buf = (BT_HDR *)GKI_dequeue (&btm_cb.page_queue)) != NULL)
2402     {
2403         /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
2404          * for both create_conn and rmt_name */
2405         pp = (UINT8 *)(p_buf + 1) + p_buf->offset + 3;
2406 
2407         STREAM_TO_BDADDR (bda, pp);
2408 
2409         p_dev_rec = btm_find_or_alloc_dev (bda);
2410 
2411         memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr,   BD_ADDR_LEN);
2412         memcpy (btm_cb.connecting_dc,  p_dev_rec->dev_class, DEV_CLASS_LEN);
2413 
2414         btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
2415     }
2416     else
2417         btm_cb.paging = FALSE;
2418 }
2419 
2420 /*******************************************************************************
2421 **
2422 ** Function         btm_acl_reset_paging
2423 **
2424 ** Description      set paging to FALSE and free the page queue - called at hci_reset
2425 **
2426 *******************************************************************************/
btm_acl_reset_paging(void)2427 void  btm_acl_reset_paging (void)
2428 {
2429     BT_HDR *p;
2430     BTM_TRACE_DEBUG ("btm_acl_reset_paging");
2431     /* If we sent reset we are definitely not paging any more */
2432     while ((p = (BT_HDR *)GKI_dequeue(&btm_cb.page_queue)) != NULL)
2433         GKI_freebuf (p);
2434 
2435     btm_cb.paging = FALSE;
2436 }
2437 
2438 /*******************************************************************************
2439 **
2440 ** Function         btm_acl_paging
2441 **
2442 ** Description      send a paging command or queue it in btm_cb
2443 **
2444 *******************************************************************************/
btm_acl_paging(BT_HDR * p,BD_ADDR bda)2445 void  btm_acl_paging (BT_HDR *p, BD_ADDR bda)
2446 {
2447     tBTM_SEC_DEV_REC *p_dev_rec;
2448 
2449     BTM_TRACE_DEBUG ("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x",
2450                       btm_cb.discing, btm_cb.paging,
2451                       (bda[0]<<16) + (bda[1]<<8) + bda[2], (bda[3]<<16) + (bda[4] << 8) + bda[5]);
2452     if (btm_cb.discing)
2453     {
2454         btm_cb.paging = TRUE;
2455         GKI_enqueue (&btm_cb.page_queue, p);
2456     }
2457     else
2458     {
2459         if (!BTM_ACL_IS_CONNECTED (bda))
2460         {
2461             BTM_TRACE_DEBUG ("connecting_bda: %06x%06x",
2462                               (btm_cb.connecting_bda[0]<<16) + (btm_cb.connecting_bda[1]<<8) +
2463                                btm_cb.connecting_bda[2],
2464                               (btm_cb.connecting_bda[3]<<16) + (btm_cb.connecting_bda[4] << 8) +
2465                                btm_cb.connecting_bda[5]);
2466             if (btm_cb.paging &&
2467                 memcmp (bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0)
2468             {
2469                 GKI_enqueue (&btm_cb.page_queue, p);
2470             }
2471             else
2472             {
2473                 p_dev_rec = btm_find_or_alloc_dev (bda);
2474                 memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr,   BD_ADDR_LEN);
2475                 memcpy (btm_cb.connecting_dc,  p_dev_rec->dev_class, DEV_CLASS_LEN);
2476 
2477                 btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
2478             }
2479 
2480             btm_cb.paging = TRUE;
2481         }
2482         else /* ACL is already up */
2483         {
2484             btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
2485         }
2486     }
2487 }
2488 
2489 /*******************************************************************************
2490 **
2491 ** Function         btm_acl_notif_conn_collision
2492 **
2493 ** Description      Send connection collision event to upper layer if registered
2494 **
2495 ** Returns          TRUE if sent out to upper layer,
2496 **                  FALSE if no one needs the notification.
2497 **
2498 *******************************************************************************/
btm_acl_notif_conn_collision(BD_ADDR bda)2499 BOOLEAN  btm_acl_notif_conn_collision (BD_ADDR bda)
2500 {
2501     tBTM_BL_EVENT_DATA  evt_data;
2502 
2503     /* Report possible collision to the upper layer. */
2504     if (btm_cb.p_bl_changed_cb)
2505     {
2506         BTM_TRACE_DEBUG ("btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2507                           bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
2508 
2509         evt_data.event = BTM_BL_COLLISION_EVT;
2510         evt_data.conn.p_bda = bda;
2511 
2512 #if BLE_INCLUDED == TRUE
2513         evt_data.conn.transport = BT_TRANSPORT_BR_EDR;
2514         evt_data.conn.handle = BTM_INVALID_HCI_HANDLE;
2515 #endif
2516         (*btm_cb.p_bl_changed_cb)(&evt_data);
2517         return TRUE;
2518     }
2519     else
2520         return FALSE;
2521 }
2522 
2523 
2524 /*******************************************************************************
2525 **
2526 ** Function         btm_acl_chk_peer_pkt_type_support
2527 **
2528 ** Description      Check if peer supports requested packets
2529 **
2530 *******************************************************************************/
btm_acl_chk_peer_pkt_type_support(tACL_CONN * p,UINT16 * p_pkt_type)2531 void btm_acl_chk_peer_pkt_type_support (tACL_CONN *p, UINT16 *p_pkt_type)
2532 {
2533     /* 3 and 5 slot packets? */
2534     if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2535         *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 +BTM_ACL_PKT_TYPES_MASK_DM3);
2536 
2537     if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2538         *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5);
2539 
2540     /* 2 and 3 MPS support? */
2541     if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2542         /* Not supported. Add 'not_supported' mask for all 2MPS packet types */
2543         *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 +
2544                             BTM_ACL_PKT_TYPES_MASK_NO_2_DH5);
2545 
2546     if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2547         /* Not supported. Add 'not_supported' mask for all 3MPS packet types */
2548         *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 +
2549                             BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2550 
2551     /* EDR 3 and 5 slot support? */
2552     if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])
2553      || HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2554     {
2555         if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2556             /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types */
2557             *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3);
2558 
2559         if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2560             /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types */
2561             *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2562     }
2563 }
2564