1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the action functions for device manager state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_dm"
27
28 #include <base/bind.h>
29 #include <base/callback.h>
30 #include <base/logging.h>
31 #include <cutils/log.h>
32 #include <string.h>
33
34 #include "bt_common.h"
35 #include "bt_target.h"
36 #include "bt_types.h"
37 #include "bta_api.h"
38 #include "bta_dm_api.h"
39 #include "bta_dm_co.h"
40 #include "bta_dm_int.h"
41 #include "bta_sys.h"
42 #include "btm_api.h"
43 #include "btm_int.h"
44 #include "btu.h"
45 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */
46 #include "l2c_api.h"
47 #include "osi/include/log.h"
48 #include "osi/include/osi.h"
49 #include "sdp_api.h"
50 #include "utl.h"
51
52 #if (GAP_INCLUDED == TRUE)
53 #include "gap_api.h"
54 #endif
55
56 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
57 uint16_t eir_len);
58 static void bta_dm_inq_cmpl_cb(void* p_result);
59 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
60 DEV_CLASS dc, BD_NAME bd_name);
61 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name);
62 static void bta_dm_find_services(const RawAddress& bd_addr);
63 static void bta_dm_discover_next_device(void);
64 static void bta_dm_sdp_callback(uint16_t sdp_status);
65 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
66 DEV_CLASS dev_class, BD_NAME bd_name,
67 uint8_t* service_name, uint8_t service_id,
68 bool is_originator);
69 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
70 BD_NAME bd_name, bool min_16_digit);
71 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
72 DEV_CLASS dev_class, BD_NAME bd_name,
73 LINK_KEY key, uint8_t key_type);
74 static uint8_t bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
75 DEV_CLASS dev_class,
76 BD_NAME bd_name,
77 int result);
78 static void bta_dm_local_name_cback(const RawAddress& bd_addr);
79 static bool bta_dm_check_av(uint16_t event);
80 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data);
81
82 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
83 uint8_t app_id, const RawAddress* peer_addr);
84
85 /* Extended Inquiry Response */
86 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
87 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
88 #endif
89
90 static void bta_dm_set_eir(char* local_name);
91
92 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
93 tBTA_SERVICE_MASK* p_services_to_search,
94 tBTA_SERVICE_MASK* p_services_found);
95
96 static void bta_dm_search_timer_cback(void* data);
97 static void bta_dm_disable_conn_down_timer_cback(void* data);
98 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
99 uint8_t app_id, const RawAddress* peer_addr);
100 static void bta_dm_adjust_roles(bool delay_role_switch);
101 static char* bta_dm_get_remname(void);
102 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
103
104 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
105 tBT_TRANSPORT transport);
106 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
107
108 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status);
109 static void bta_dm_disable_search_and_disc(void);
110
111 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
112 tBTM_LE_EVT_DATA* p_data);
113 static void bta_dm_ble_id_key_cback(uint8_t key_type,
114 tBTM_BLE_LOCAL_KEYS* p_key);
115 static void bta_dm_gattc_register(void);
116 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
117 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr);
118 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
119 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
120
121 #if (BLE_VND_INCLUDED == TRUE)
122 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result);
123 #endif
124
125 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
126 #define BTA_DM_BLE_ADV_CHNL_MAP \
127 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
128 #endif
129
130 /* Disable timer interval (in milliseconds) */
131 #ifndef BTA_DM_DISABLE_TIMER_MS
132 #define BTA_DM_DISABLE_TIMER_MS 5000
133 #endif
134
135 /* Disable timer retrial interval (in milliseconds) */
136 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
137 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
138 #endif
139
140 /* Disable connection down timer (in milliseconds) */
141 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
142 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000
143 #endif
144
145 /* Switch delay timer (in milliseconds) */
146 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
147 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
148 #endif
149
150 #define BTA_MAX_SERVICES 32
151
152 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
153 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
154 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
155 uint16_t eir_len);
156 static void bta_dm_observe_cmpl_cb(void* p_result);
157 static void bta_dm_delay_role_switch_cback(void* data);
158 static void bta_dm_disable_timer_cback(void* data);
159
160 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
161 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
162 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
163 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
164 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
165 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
166 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
167 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
168 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
169 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
170 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
171 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
172 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
173 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
174 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
175 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
176 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
177 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
178 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
179 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
180 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
181 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
182 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
183 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
184 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
185 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
186 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
187 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
188 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
189 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
190 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
191 };
192
193 /*
194 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should
195 * be matching with
196 * the value BTA_MAX_SERVICE_ID in bta_api.h
197 *
198 * i.e., If you add new Service ID for BTA, the correct security ID of
199 * the new service
200 * from Security service definitions (btm_api.h) should be added to
201 * this lookup table.
202 */
203 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = {
204 0, /* Reserved */
205 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
206 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */
207 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */
208 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */
209 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */
210 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
211 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */
212 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */
213 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */
214 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */
215 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
216 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */
217 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */
218 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */
219 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */
220 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */
221 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */
222 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */
223 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */
224 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */
225 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */
226 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */
227 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
228 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
229 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */
230 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */
231 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */
232 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */
233 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */
234 };
235
236 /* bta security callback */
237 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback,
238 &bta_dm_pin_cback,
239 &bta_dm_new_link_key_cback,
240 &bta_dm_authentication_complete_cback,
241 &bta_dm_bond_cancel_complete_cback,
242 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
243 &bta_dm_sp_cback,
244 #else
245 NULL,
246 #endif
247 &bta_dm_ble_smp_cback,
248 &bta_dm_ble_id_key_cback};
249
250 #define MAX_DISC_RAW_DATA_BUF (4096)
251 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
252
253 extern DEV_CLASS local_device_default_class;
254
255 /*******************************************************************************
256 *
257 * Function bta_dm_enable
258 *
259 * Description Initialises the BT device manager
260 *
261 *
262 * Returns void
263 *
264 ******************************************************************************/
bta_dm_enable(tBTA_DM_MSG * p_data)265 void bta_dm_enable(tBTA_DM_MSG* p_data) {
266 tBTA_DM_ENABLE enable_event;
267
268 /* if already in use, return an error */
269 if (bta_dm_cb.is_bta_dm_active == true) {
270 APPL_TRACE_WARNING("%s Device already started by another application",
271 __func__);
272 memset(&enable_event, 0, sizeof(tBTA_DM_ENABLE));
273 enable_event.status = BTA_FAILURE;
274 if (p_data->enable.p_sec_cback != NULL)
275 p_data->enable.p_sec_cback(BTA_DM_ENABLE_EVT,
276 (tBTA_DM_SEC*)&enable_event);
277 return;
278 }
279
280 /* first, register our callback to SYS HW manager */
281 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
282
283 /* make sure security callback is saved - if no callback, do not erase the
284 previous one,
285 it could be an error recovery mechanism */
286 if (p_data->enable.p_sec_cback != NULL)
287 bta_dm_cb.p_sec_cback = p_data->enable.p_sec_cback;
288 /* notify BTA DM is now active */
289 bta_dm_cb.is_bta_dm_active = true;
290
291 /* send a message to BTA SYS */
292 tBTA_SYS_HW_MSG* sys_enable_event =
293 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
294 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT;
295 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
296
297 bta_sys_sendmsg(sys_enable_event);
298 }
299
300 /*******************************************************************************
301 *
302 * Function bta_dm_init_cb
303 *
304 * Description Initializes the bta_dm_cb control block
305 *
306 *
307 * Returns void
308 *
309 ******************************************************************************/
bta_dm_init_cb(void)310 void bta_dm_init_cb(void) {
311 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
312 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
313 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
314 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
315 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
316 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
317 }
318 }
319 }
320
321 /*******************************************************************************
322 *
323 * Function bta_dm_deinit_cb
324 *
325 * Description De-initializes the bta_dm_cb control block
326 *
327 *
328 * Returns void
329 *
330 ******************************************************************************/
bta_dm_deinit_cb(void)331 void bta_dm_deinit_cb(void) {
332 /*
333 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
334 * shutdown.
335 */
336 alarm_free(bta_dm_cb.disable_timer);
337 alarm_free(bta_dm_cb.switch_delay_timer);
338 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
339 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
340 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
341 }
342 }
343 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
344 }
345
346 /*******************************************************************************
347 *
348 * Function bta_dm_sys_hw_cback
349 *
350 * Description callback register to SYS to get HW status updates
351 *
352 *
353 * Returns void
354 *
355 ******************************************************************************/
bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status)356 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) {
357 DEV_CLASS dev_class;
358 tBTA_DM_SEC_CBACK* temp_cback;
359 uint8_t key_mask = 0;
360 BT_OCTET16 er;
361 tBTA_BLE_LOCAL_ID_KEYS id_key;
362
363 APPL_TRACE_DEBUG("%s with event: %i", __func__, status);
364
365 /* On H/W error evt, report to the registered DM application callback */
366 if (status == BTA_SYS_HW_ERROR_EVT) {
367 if (bta_dm_cb.p_sec_cback != NULL)
368 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL);
369 return;
370 }
371
372 if (status == BTA_SYS_HW_OFF_EVT) {
373 if (bta_dm_cb.p_sec_cback != NULL)
374 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
375
376 /* reinitialize the control block */
377 bta_dm_deinit_cb();
378
379 /* hw is ready, go on with BTA DM initialization */
380 alarm_free(bta_dm_search_cb.search_timer);
381 alarm_free(bta_dm_search_cb.gatt_close_timer);
382 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
383
384 /* unregister from SYS */
385 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH);
386 /* notify BTA DM is now unactive */
387 bta_dm_cb.is_bta_dm_active = false;
388 } else if (status == BTA_SYS_HW_ON_EVT) {
389 /* FIXME: We should not unregister as the SYS shall invoke this callback on
390 * a H/W error.
391 * We need to revisit when this platform has more than one BLuetooth H/W
392 * chip
393 */
394 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
395
396 /* save security callback */
397 temp_cback = bta_dm_cb.p_sec_cback;
398 /* make sure the control block is properly initialized */
399 bta_dm_init_cb();
400 /* and retrieve the callback */
401 bta_dm_cb.p_sec_cback = temp_cback;
402 bta_dm_cb.is_bta_dm_active = true;
403
404 /* hw is ready, go on with BTA DM initialization */
405 alarm_free(bta_dm_search_cb.search_timer);
406 alarm_free(bta_dm_search_cb.gatt_close_timer);
407 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
408 /*
409 * TODO: Should alarm_free() the bta_dm_search_cb timers during
410 * graceful shutdown.
411 */
412 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
413 bta_dm_search_cb.gatt_close_timer =
414 alarm_new("bta_dm_search.gatt_close_timer");
415
416 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
417 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
418
419 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class));
420 BTM_SetDeviceClass(dev_class);
421
422 /* load BLE local information: ID keys, ER if available */
423 bta_dm_co_ble_load_local_keys(&key_mask, er, &id_key);
424
425 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
426 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER,
427 (tBTM_BLE_LOCAL_KEYS*)&er);
428 }
429 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
430 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID,
431 (tBTM_BLE_LOCAL_KEYS*)&id_key);
432 }
433 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID;
434
435 BTM_SecRegister((tBTM_APPL_INFO*)&bta_security);
436 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout);
437 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
438 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings;
439 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
440 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL,
441 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK);
442
443 #if (BLE_VND_INCLUDED == TRUE)
444 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
445 #else
446 /* If VSC multi adv commands are available, advertising will be initialized
447 * when capabilities are read. If they are not avaliable, initialize
448 * advertising here */
449 btm_ble_adv_init();
450 #endif
451
452 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
453 bd_addr
454 from the control block and invoking the callback which was sending the
455 DM_ENABLE_EVT.
456 But then we have a few HCI commands being invoked above which were still
457 in progress
458 when the ENABLE_EVT was sent. So modified this to fetch the local name
459 which forces
460 the DM_ENABLE_EVT to be sent only after all the init steps are complete
461 */
462 BTM_ReadLocalDeviceNameFromController(
463 (tBTM_CMPL_CB*)bta_dm_local_name_cback);
464
465 bta_sys_rm_register((tBTA_SYS_CONN_CBACK*)bta_dm_rm_cback);
466
467 /* initialize bluetooth low power manager */
468 bta_dm_init_pm();
469
470 bta_sys_policy_register((tBTA_SYS_CONN_CBACK*)bta_dm_policy_cback);
471
472 bta_dm_gattc_register();
473
474 } else
475 APPL_TRACE_DEBUG(" --- ignored event");
476 }
477
478 /*******************************************************************************
479 *
480 * Function bta_dm_disable
481 *
482 * Description Disables the BT device manager
483 *
484 *
485 * Returns void
486 *
487 ******************************************************************************/
bta_dm_disable(UNUSED_ATTR tBTA_DM_MSG * p_data)488 void bta_dm_disable(UNUSED_ATTR tBTA_DM_MSG* p_data) {
489 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
490 * last channel is closed) */
491 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
492 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
493
494 /* disable all active subsystems */
495 bta_sys_disable(BTA_SYS_HW_BLUETOOTH);
496
497 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0);
498 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0);
499
500 bta_dm_disable_pm();
501 bta_dm_disable_search_and_disc();
502 bta_dm_cb.disabling = true;
503
504 BTM_BleClearBgConnDev();
505
506 if (BTM_GetNumAclLinks() == 0) {
507 #if (BTA_DISABLE_DELAY > 0)
508 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the
509 * shutdown by
510 * BTA_DISABLE_DELAY milliseconds
511 */
512 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__,
513 BTA_DISABLE_DELAY);
514 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY,
515 bta_dm_disable_conn_down_timer_cback, NULL);
516 #else
517 bta_dm_disable_conn_down_timer_cback(NULL);
518 #endif
519 } else {
520 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS,
521 bta_dm_disable_timer_cback, UINT_TO_PTR(0));
522 }
523 }
524
525 /*******************************************************************************
526 *
527 * Function bta_dm_disable_timer_cback
528 *
529 * Description Called if the disable timer expires
530 * Used to close ACL connections which are still active
531 *
532 *
533 *
534 * Returns void
535 *
536 ******************************************************************************/
bta_dm_disable_timer_cback(void * data)537 static void bta_dm_disable_timer_cback(void* data) {
538 uint8_t i;
539 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
540 bool trigger_disc = false;
541 uint32_t param = PTR_TO_UINT(data);
542
543 APPL_TRACE_EVENT("%s trial %u", __func__, param);
544
545 if (BTM_GetNumAclLinks() && (param == 0)) {
546 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
547 transport = bta_dm_cb.device_list.peer_device[i].transport;
548 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
549 transport);
550 trigger_disc = true;
551 }
552
553 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still
554 need
555 to be sent out to avoid jave layer disable timeout */
556 if (trigger_disc) {
557 alarm_set_on_mloop(bta_dm_cb.disable_timer,
558 BTA_DM_DISABLE_TIMER_RETRIAL_MS,
559 bta_dm_disable_timer_cback, UINT_TO_PTR(1));
560 }
561 } else {
562 bta_dm_cb.disabling = false;
563
564 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
565 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
566 }
567 }
568
569 /*******************************************************************************
570 *
571 * Function bta_dm_set_dev_name
572 *
573 * Description Sets local device name
574 *
575 *
576 * Returns void
577 *
578 ******************************************************************************/
bta_dm_set_dev_name(tBTA_DM_MSG * p_data)579 void bta_dm_set_dev_name(tBTA_DM_MSG* p_data) {
580 BTM_SetLocalDeviceName((char*)p_data->set_name.name);
581 bta_dm_set_eir((char*)p_data->set_name.name);
582 }
583
584 /*******************************************************************************
585 *
586 * Function bta_dm_set_visibility
587 *
588 * Description Sets discoverability, connectability and pairability
589 *
590 *
591 * Returns void
592 *
593 ******************************************************************************/
bta_dm_set_visibility(tBTA_DM_MSG * p_data)594 void bta_dm_set_visibility(tBTA_DM_MSG* p_data) {
595 uint16_t window, interval;
596 uint16_t le_disc_mode = BTM_BleReadDiscoverability();
597 uint16_t le_conn_mode = BTM_BleReadConnectability();
598 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval);
599 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval);
600
601 /* set modes for Discoverability and connectability if not ignore */
602 if (p_data->set_visibility.disc_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
603 if ((p_data->set_visibility.disc_mode & BTA_DM_LE_IGNORE) ==
604 BTA_DM_LE_IGNORE)
605 p_data->set_visibility.disc_mode =
606 ((p_data->set_visibility.disc_mode & ~BTA_DM_LE_IGNORE) |
607 le_disc_mode);
608 if ((p_data->set_visibility.disc_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE)
609 p_data->set_visibility.disc_mode =
610 ((p_data->set_visibility.disc_mode & ~BTA_DM_IGNORE) | disc_mode);
611
612 BTM_SetDiscoverability(p_data->set_visibility.disc_mode,
613 bta_dm_cb.inquiry_scan_window,
614 bta_dm_cb.inquiry_scan_interval);
615 }
616
617 if (p_data->set_visibility.conn_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
618 if ((p_data->set_visibility.conn_mode & BTA_DM_LE_IGNORE) ==
619 BTA_DM_LE_IGNORE)
620 p_data->set_visibility.conn_mode =
621 ((p_data->set_visibility.conn_mode & ~BTA_DM_LE_IGNORE) |
622 le_conn_mode);
623 if ((p_data->set_visibility.conn_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE)
624 p_data->set_visibility.conn_mode =
625 ((p_data->set_visibility.conn_mode & ~BTA_DM_IGNORE) | conn_mode);
626
627 BTM_SetConnectability(p_data->set_visibility.conn_mode,
628 bta_dm_cb.page_scan_window,
629 bta_dm_cb.page_scan_interval);
630 }
631
632 /* Send False or True if not ignore */
633 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE) {
634 if (p_data->set_visibility.pair_mode == BTA_DM_NON_PAIRABLE)
635 bta_dm_cb.disable_pair_mode = true;
636 else
637 bta_dm_cb.disable_pair_mode = false;
638 }
639
640 /* Send False or True if not ignore */
641 if (p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE) {
642 if (p_data->set_visibility.conn_paired_only == BTA_DM_CONN_ALL)
643 bta_dm_cb.conn_paired_only = false;
644 else
645 bta_dm_cb.conn_paired_only = true;
646 }
647
648 /* Change mode if either mode is not ignore */
649 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE ||
650 p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE)
651 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)),
652 bta_dm_cb.conn_paired_only);
653 }
654
655 /*******************************************************************************
656 *
657 * Function bta_dm_process_remove_device
658 *
659 * Description Removes device, Disconnects ACL link if required.
660 ***
661 ******************************************************************************/
bta_dm_process_remove_device(const RawAddress & bd_addr)662 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
663 /* need to remove all pending background connection before unpair */
664 BTA_GATTC_CancelOpen(0, bd_addr, false);
665
666 BTM_SecDeleteDevice(bd_addr);
667
668 /* remove all cached GATT information */
669 BTA_GATTC_Refresh(bd_addr);
670
671 if (bta_dm_cb.p_sec_cback) {
672 tBTA_DM_SEC sec_event;
673 sec_event.link_down.bd_addr = bd_addr;
674 ;
675 /* No connection, set status to success (acl disc code not valid) */
676 sec_event.link_down.status = HCI_SUCCESS;
677 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
678 }
679 }
680
681 /*******************************************************************************
682 *
683 * Function bta_dm_remove_device
684 *
685 * Description Removes device, disconnects ACL link if required.
686 ***
687 ******************************************************************************/
bta_dm_remove_device(tBTA_DM_MSG * p_data)688 void bta_dm_remove_device(tBTA_DM_MSG* p_data) {
689 tBTA_DM_API_REMOVE_DEVICE* p_dev = &p_data->remove_dev;
690 bool continue_delete_other_dev = false;
691 if (p_dev == NULL) return;
692
693 RawAddress other_address = p_dev->bd_addr;
694
695 /* If ACL exists for the device in the remove_bond message*/
696 bool continue_delete_dev = false;
697 uint8_t other_transport = BT_TRANSPORT_INVALID;
698
699 if (BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_LE) ||
700 BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_BR_EDR)) {
701 APPL_TRACE_DEBUG("%s: ACL Up count %d", __func__,
702 bta_dm_cb.device_list.count);
703 continue_delete_dev = false;
704
705 /* Take the link down first, and mark the device for removal when
706 * disconnected */
707 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
708 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == p_dev->bd_addr) {
709 uint8_t transport = BT_TRANSPORT_BR_EDR;
710
711 transport = bta_dm_cb.device_list.peer_device[i].transport;
712 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING;
713 btm_remove_acl(p_dev->bd_addr, transport);
714 APPL_TRACE_DEBUG("%s:transport = %d", __func__,
715 bta_dm_cb.device_list.peer_device[i].transport);
716
717 /* save the other transport to check if device is connected on
718 * other_transport */
719 if (bta_dm_cb.device_list.peer_device[i].transport == BT_TRANSPORT_LE)
720 other_transport = BT_TRANSPORT_BR_EDR;
721 else
722 other_transport = BT_TRANSPORT_LE;
723
724 break;
725 }
726 }
727 } else {
728 continue_delete_dev = true;
729 }
730 // If it is DUMO device and device is paired as different address, unpair that
731 // device
732 // if different address
733 if ((other_transport &&
734 (BTM_ReadConnectedTransportAddress(&other_address, other_transport))) ||
735 (!other_transport &&
736 (BTM_ReadConnectedTransportAddress(&other_address,
737 BT_TRANSPORT_BR_EDR) ||
738 BTM_ReadConnectedTransportAddress(&other_address, BT_TRANSPORT_LE)))) {
739 continue_delete_other_dev = false;
740 /* Take the link down first, and mark the device for removal when
741 * disconnected */
742 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
743 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == other_address) {
744 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING;
745 btm_remove_acl(other_address,
746 bta_dm_cb.device_list.peer_device[i].transport);
747 break;
748 }
749 }
750 } else {
751 APPL_TRACE_DEBUG("%s: continue to delete the other dev ", __func__);
752 continue_delete_other_dev = true;
753 }
754 /* Delete the device mentioned in the msg */
755 if (continue_delete_dev) bta_dm_process_remove_device(p_dev->bd_addr);
756
757 /* Delete the other paired device too */
758 if (continue_delete_other_dev && !other_address.IsEmpty())
759 bta_dm_process_remove_device(other_address);
760 }
761
762 /*******************************************************************************
763 *
764 * Function bta_dm_add_device
765 *
766 * Description This function adds a Link Key to an security database entry.
767 * It is normally called during host startup to restore all
768 * required information stored in the NVRAM.
769 ***
770 ******************************************************************************/
bta_dm_add_device(tBTA_DM_MSG * p_data)771 void bta_dm_add_device(tBTA_DM_MSG* p_data) {
772 tBTA_DM_API_ADD_DEVICE* p_dev = &p_data->add_dev;
773 uint8_t* p_dc = NULL;
774 uint8_t* p_lc = NULL;
775 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
776 uint8_t index = 0;
777 uint8_t btm_mask_index = 0;
778
779 memset(trusted_services_mask, 0, sizeof(trusted_services_mask));
780
781 /* If not all zeros, the device class has been specified */
782 if (p_dev->dc_known) p_dc = (uint8_t*)p_dev->dc;
783
784 if (p_dev->link_key_known) p_lc = (uint8_t*)p_dev->link_key;
785
786 if (p_dev->is_trusted) {
787 /* covert BTA service mask to BTM mask */
788 while (p_dev->tm && (index < BTA_MAX_SERVICE_ID)) {
789 if (p_dev->tm & (uint32_t)(1 << index)) {
790 btm_mask_index =
791 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS;
792 trusted_services_mask[btm_mask_index] |=
793 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] -
794 (uint32_t)(btm_mask_index * 32)));
795
796 p_dev->tm &= (uint32_t)(~(1 << index));
797 }
798 index++;
799 }
800 }
801
802 if (!BTM_SecAddDevice(p_dev->bd_addr, p_dc, p_dev->bd_name, p_dev->features,
803 trusted_services_mask, p_lc, p_dev->key_type,
804 p_dev->io_cap, p_dev->pin_length)) {
805 LOG(ERROR) << "BTA_DM: Error adding device " << p_dev->bd_addr;
806 }
807 }
808
809 /*******************************************************************************
810 *
811 * Function bta_dm_close_acl
812 *
813 * Description This function forces to close the connection to a remote
814 * device and optionaly remove the device from security
815 * database if required.
816 ***
817 ******************************************************************************/
bta_dm_close_acl(tBTA_DM_MSG * p_data)818 void bta_dm_close_acl(tBTA_DM_MSG* p_data) {
819 tBTA_DM_API_REMOVE_ACL* p_remove_acl = &p_data->remove_acl;
820 uint8_t index;
821
822 APPL_TRACE_DEBUG("bta_dm_close_acl");
823
824 if (BTM_IsAclConnectionUp(p_remove_acl->bd_addr, p_remove_acl->transport)) {
825 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
826 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr ==
827 p_remove_acl->bd_addr)
828 break;
829 }
830 if (index != bta_dm_cb.device_list.count) {
831 if (p_remove_acl->remove_dev)
832 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
833 } else {
834 APPL_TRACE_ERROR("unknown device, remove ACL failed");
835 }
836 /* Disconnect the ACL link */
837 btm_remove_acl(p_remove_acl->bd_addr, p_remove_acl->transport);
838 }
839 /* if to remove the device from security database ? do it now */
840 else if (p_remove_acl->remove_dev) {
841 if (!BTM_SecDeleteDevice(p_remove_acl->bd_addr)) {
842 APPL_TRACE_ERROR("delete device from security database failed.");
843 }
844 /* need to remove all pending background connection if any */
845 BTA_GATTC_CancelOpen(0, p_remove_acl->bd_addr, false);
846 /* remove all cached GATT information */
847 BTA_GATTC_Refresh(p_remove_acl->bd_addr);
848 }
849 /* otherwise, no action needed */
850 }
851
852 /*******************************************************************************
853 *
854 * Function bta_dm_remove_all_acl
855 *
856 * Description This function forces to close all the ACL links specified by
857 * link type
858 ***
859 ******************************************************************************/
bta_dm_remove_all_acl(tBTA_DM_MSG * p_data)860 void bta_dm_remove_all_acl(tBTA_DM_MSG* p_data) {
861 const tBTA_DM_LINK_TYPE link_type = p_data->remove_all_acl.link_type;
862 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
863
864 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type);
865
866 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
867 transport = bta_dm_cb.device_list.peer_device[i].transport;
868 if ((link_type == BTA_DM_LINK_TYPE_ALL) ||
869 ((link_type == BTA_DM_LINK_TYPE_LE) &&
870 (transport == BT_TRANSPORT_LE)) ||
871 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) &&
872 (transport == BT_TRANSPORT_BR_EDR))) {
873 /* Disconnect the ACL link */
874 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
875 transport);
876 }
877 }
878 }
879
880 /*******************************************************************************
881 *
882 * Function bta_dm_bond
883 *
884 * Description Bonds with peer device
885 *
886 *
887 * Returns void
888 *
889 ******************************************************************************/
bta_dm_bond(tBTA_DM_MSG * p_data)890 void bta_dm_bond(tBTA_DM_MSG* p_data) {
891 tBTM_STATUS status;
892 tBTA_DM_SEC sec_event;
893 char* p_name;
894
895 if (p_data->bond.transport == BTA_TRANSPORT_UNKNOWN)
896 status = BTM_SecBond(p_data->bond.bd_addr, 0, NULL, 0);
897 else
898 status = BTM_SecBondByTransport(p_data->bond.bd_addr,
899 p_data->bond.transport, 0, NULL, 0);
900
901 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
902 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
903 sec_event.auth_cmpl.bd_addr = p_data->bond.bd_addr;
904 p_name = BTM_SecReadDevName(p_data->bond.bd_addr);
905 if (p_name != NULL) {
906 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1));
907 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
908 }
909
910 /* taken care of by memset [above]
911 sec_event.auth_cmpl.key_present = false;
912 sec_event.auth_cmpl.success = false;
913 */
914 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
915 if (status == BTM_SUCCESS) {
916 sec_event.auth_cmpl.success = true;
917 } else {
918 /* delete this device entry from Sec Dev DB */
919 bta_dm_remove_sec_dev_entry(p_data->bond.bd_addr);
920 }
921 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
922 }
923 }
924
925 /*******************************************************************************
926 *
927 * Function bta_dm_bond_cancel
928 *
929 * Description Cancels bonding with a peer device
930 *
931 *
932 * Returns void
933 *
934 ******************************************************************************/
bta_dm_bond_cancel(tBTA_DM_MSG * p_data)935 void bta_dm_bond_cancel(tBTA_DM_MSG* p_data) {
936 tBTM_STATUS status;
937 tBTA_DM_SEC sec_event;
938
939 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
940 status = BTM_SecBondCancel(p_data->bond_cancel.bd_addr);
941
942 if (bta_dm_cb.p_sec_cback &&
943 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
944 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
945
946 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
947 }
948 }
949
950 /*******************************************************************************
951 *
952 * Function bta_dm_pin_reply
953 *
954 * Description Send the pin_reply to a request from BTM
955 *
956 *
957 * Returns void
958 *
959 ******************************************************************************/
bta_dm_pin_reply(tBTA_DM_MSG * p_data)960 void bta_dm_pin_reply(tBTA_DM_MSG* p_data) {
961 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
962 uint32_t* current_trusted_mask;
963
964 current_trusted_mask = BTM_ReadTrustedMask(p_data->pin_reply.bd_addr);
965
966 if (current_trusted_mask) {
967 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask));
968 } else {
969 memset(trusted_mask, 0, sizeof(trusted_mask));
970 }
971
972 if (p_data->pin_reply.accept) {
973 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_SUCCESS,
974 p_data->pin_reply.pin_len, p_data->pin_reply.p_pin,
975 trusted_mask);
976 } else {
977 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_NOT_AUTHORIZED, 0, NULL,
978 trusted_mask);
979 }
980 }
981
982 /*******************************************************************************
983 *
984 * Function bta_dm_policy_cback
985 *
986 * Description process the link policy changes
987 *
988 * Returns void
989 *
990 ******************************************************************************/
bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress * peer_addr)991 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
992 uint8_t app_id, const RawAddress* peer_addr) {
993 tBTA_DM_PEER_DEVICE* p_dev = NULL;
994 uint16_t policy = app_id;
995 uint32_t mask = (uint32_t)(1 << id);
996
997 if (peer_addr) p_dev = bta_dm_find_peer_device(*peer_addr);
998
999 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy);
1000 switch (status) {
1001 case BTA_SYS_PLCY_SET:
1002 if (!p_dev) return;
1003 /* restore the default link policy */
1004 p_dev->link_policy |= policy;
1005 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
1006 break;
1007
1008 case BTA_SYS_PLCY_CLR:
1009 if (!p_dev) return;
1010 /* clear the policy from the default link policy */
1011 p_dev->link_policy &= (~policy);
1012 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
1013
1014 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) {
1015 /* if clearing sniff/park, wake the link */
1016 bta_dm_pm_active(p_dev->peer_bdaddr);
1017 }
1018 break;
1019
1020 case BTA_SYS_PLCY_DEF_SET:
1021 /* want to restore/set the role switch policy */
1022 bta_dm_cb.role_policy_mask &= ~mask;
1023 if (0 == bta_dm_cb.role_policy_mask) {
1024 /* if nobody wants to insist on the role */
1025 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH;
1026 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
1027 }
1028 break;
1029
1030 case BTA_SYS_PLCY_DEF_CLR:
1031 /* want to remove the role switch policy */
1032 bta_dm_cb.role_policy_mask |= mask;
1033 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
1034 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
1035 break;
1036 }
1037 }
1038
1039 /*******************************************************************************
1040 *
1041 * Function bta_dm_confirm
1042 *
1043 * Description Send the user confirm request reply in response to a
1044 * request from BTM
1045 *
1046 * Returns void
1047 *
1048 ******************************************************************************/
bta_dm_confirm(tBTA_DM_MSG * p_data)1049 void bta_dm_confirm(tBTA_DM_MSG* p_data) {
1050 tBTM_STATUS res = BTM_NOT_AUTHORIZED;
1051
1052 if (p_data->confirm.accept == true) res = BTM_SUCCESS;
1053 BTM_ConfirmReqReply(res, p_data->confirm.bd_addr);
1054 }
1055
1056 /*******************************************************************************
1057 *
1058 * Function bta_dm_loc_oob
1059 *
1060 * Description Retrieve the OOB data from the local LM
1061 *
1062 * Returns void
1063 *
1064 ******************************************************************************/
bta_dm_loc_oob(UNUSED_ATTR tBTA_DM_MSG * p_data)1065 void bta_dm_loc_oob(UNUSED_ATTR tBTA_DM_MSG* p_data) { BTM_ReadLocalOobData(); }
1066
1067 /*******************************************************************************
1068 *
1069 * Function bta_dm_ci_io_req_act
1070 *
1071 * Description respond to the IO capabilities request from BTM
1072 *
1073 * Returns void
1074 *
1075 ******************************************************************************/
bta_dm_ci_io_req_act(tBTA_DM_MSG * p_data)1076 void bta_dm_ci_io_req_act(tBTA_DM_MSG* p_data) {
1077 tBTM_AUTH_REQ auth_req = BTM_AUTH_AP_NO;
1078 if (p_data->ci_io_req.auth_req) auth_req = BTM_AUTH_AP_YES;
1079 BTM_IoCapRsp(p_data->ci_io_req.bd_addr, p_data->ci_io_req.io_cap,
1080 p_data->ci_io_req.oob_data, auth_req);
1081 }
1082
1083 /*******************************************************************************
1084 *
1085 * Function bta_dm_ci_rmt_oob_act
1086 *
1087 * Description respond to the OOB data request for the remote device from
1088 * BTM
1089 *
1090 *
1091 * Returns void
1092 *
1093 ******************************************************************************/
bta_dm_ci_rmt_oob_act(tBTA_DM_MSG * p_data)1094 void bta_dm_ci_rmt_oob_act(tBTA_DM_MSG* p_data) {
1095 tBTM_STATUS res = BTM_NOT_AUTHORIZED;
1096
1097 if (p_data->ci_rmt_oob.accept == true) res = BTM_SUCCESS;
1098 BTM_RemoteOobDataReply(res, p_data->ci_rmt_oob.bd_addr, p_data->ci_rmt_oob.c,
1099 p_data->ci_rmt_oob.r);
1100 }
1101
1102 /*******************************************************************************
1103 *
1104 * Function bta_dm_search_start
1105 *
1106 * Description Starts an inquiry
1107 *
1108 *
1109 * Returns void
1110 *
1111 ******************************************************************************/
bta_dm_search_start(tBTA_DM_MSG * p_data)1112 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
1113 tBTM_INQUIRY_CMPL result;
1114
1115 size_t len = sizeof(tBT_UUID) * p_data->search.num_uuid;
1116 bta_dm_gattc_register();
1117
1118 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
1119 p_bta_dm_cfg->avoid_scatter);
1120
1121 if (p_bta_dm_cfg->avoid_scatter &&
1122 (p_data->search.rs_res == BTA_DM_RS_NONE) &&
1123 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) {
1124 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH));
1125 return;
1126 }
1127
1128 BTM_ClearInqDb(NULL);
1129 /* save search params */
1130 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
1131 bta_dm_search_cb.services = p_data->search.services;
1132
1133 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1134
1135 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 &&
1136 p_data->search.p_uuid != NULL) {
1137 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len);
1138 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->search.p_uuid, len);
1139 }
1140 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params,
1141 bta_dm_inq_results_cb,
1142 (tBTM_CMPL_CB*)bta_dm_inq_cmpl_cb);
1143
1144 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
1145 if (result.status != BTM_CMD_STARTED) {
1146 result.num_resp = 0;
1147 bta_dm_inq_cmpl_cb((void*)&result);
1148 }
1149 }
1150
1151 /*******************************************************************************
1152 *
1153 * Function bta_dm_search_cancel
1154 *
1155 * Description Cancels an ongoing search for devices
1156 *
1157 *
1158 * Returns void
1159 *
1160 ******************************************************************************/
bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG * p_data)1161 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1162 tBTA_DM_MSG* p_msg;
1163
1164 if (BTM_IsInquiryActive()) {
1165 if (BTM_CancelInquiry() == BTM_SUCCESS) {
1166 bta_dm_search_cancel_notify(NULL);
1167 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1168 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1169 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1170 bta_sys_sendmsg(p_msg);
1171 } else {
1172 /* flag a search cancel is pending */
1173 bta_dm_search_cb.cancel_pending = true;
1174 }
1175 }
1176 /* If no Service Search going on then issue cancel remote name in case it is
1177 active */
1178 else if (!bta_dm_search_cb.name_discover_done) {
1179 BTM_CancelRemoteDeviceName();
1180
1181 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1182 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1183 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1184 bta_sys_sendmsg(p_msg);
1185 } else {
1186 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1187 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
1188 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1189 bta_sys_sendmsg(p_msg);
1190 }
1191
1192 if (bta_dm_search_cb.gatt_disc_active) {
1193 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1194 }
1195 }
1196
1197 /*******************************************************************************
1198 *
1199 * Function bta_dm_discover
1200 *
1201 * Description Discovers services on a remote device
1202 *
1203 *
1204 * Returns void
1205 *
1206 ******************************************************************************/
bta_dm_discover(tBTA_DM_MSG * p_data)1207 void bta_dm_discover(tBTA_DM_MSG* p_data) {
1208 size_t len = sizeof(tBT_UUID) * p_data->discover.num_uuid;
1209 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__,
1210 p_data->discover.services, p_data->discover.sdp_search);
1211
1212 /* save the search condition */
1213 bta_dm_search_cb.services = p_data->discover.services;
1214
1215 bta_dm_gattc_register();
1216 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1217 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 &&
1218 p_data->discover.p_uuid != NULL) {
1219 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len);
1220 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->discover.p_uuid, len);
1221 }
1222 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1223
1224 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
1225 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1226 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1227 bta_dm_search_cb.service_index = 0;
1228 bta_dm_search_cb.services_found = 0;
1229 bta_dm_search_cb.peer_name[0] = 0;
1230 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1231 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
1232 bta_dm_search_cb.transport = p_data->discover.transport;
1233
1234 bta_dm_search_cb.name_discover_done = false;
1235 memcpy(&bta_dm_search_cb.uuid, &p_data->discover.uuid, sizeof(tSDP_UUID));
1236 bta_dm_discover_device(p_data->discover.bd_addr);
1237 }
1238
1239 /*******************************************************************************
1240 *
1241 * Function bta_dm_di_disc_cmpl
1242 *
1243 * Description Sends event to application when DI discovery complete
1244 *
1245 * Returns void
1246 *
1247 ******************************************************************************/
bta_dm_di_disc_cmpl(tBTA_DM_MSG * p_data)1248 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) {
1249 tBTA_DM_DI_DISC_CMPL di_disc;
1250
1251 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1252 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1253
1254 if ((p_data->hdr.offset == SDP_SUCCESS) ||
1255 (p_data->hdr.offset == SDP_DB_FULL)) {
1256 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db);
1257 } else
1258 di_disc.result = BTA_FAILURE;
1259
1260 bta_dm_di_cb.p_di_db = NULL;
1261 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT,
1262 (tBTA_DM_SEARCH*)&di_disc);
1263 }
1264
1265 /*******************************************************************************
1266 *
1267 * Function bta_dm_di_disc_callback
1268 *
1269 * Description This function queries a remote device for DI information.
1270 *
1271 *
1272 * Returns void
1273 *
1274 ******************************************************************************/
bta_dm_di_disc_callback(uint16_t result)1275 static void bta_dm_di_disc_callback(uint16_t result) {
1276 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1277
1278 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1279 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1280 p_msg->hdr.offset = result;
1281
1282 bta_sys_sendmsg(p_msg);
1283 }
1284
1285 /*******************************************************************************
1286 *
1287 * Function bta_dm_disable_search_and_disc
1288 *
1289 * Description Cancels an ongoing search or discovery for devices in case
1290 * of a Bluetooth disable
1291 *
1292 *
1293 * Returns void
1294 *
1295 ******************************************************************************/
bta_dm_disable_search_and_disc(void)1296 static void bta_dm_disable_search_and_disc(void) {
1297 tBTA_DM_DI_DISC_CMPL di_disc;
1298
1299 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL);
1300
1301 if (bta_dm_di_cb.p_di_db != NULL) {
1302 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1303 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1304 di_disc.result = BTA_FAILURE;
1305
1306 bta_dm_di_cb.p_di_db = NULL;
1307 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL);
1308 }
1309 }
1310
1311 /*******************************************************************************
1312 *
1313 * Function bta_dm_di_disc
1314 *
1315 * Description This function queries a remote device for DI information.
1316 *
1317 *
1318 * Returns void
1319 *
1320 ******************************************************************************/
bta_dm_di_disc(tBTA_DM_MSG * p_data)1321 void bta_dm_di_disc(tBTA_DM_MSG* p_data) {
1322 uint16_t result = BTA_FAILURE;
1323
1324 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback;
1325 bta_dm_search_cb.peer_bdaddr = p_data->di_disc.bd_addr;
1326 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db;
1327
1328 bta_dm_search_cb.p_sdp_db =
1329 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1330 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db,
1331 p_data->di_disc.len,
1332 bta_dm_di_disc_callback) == SDP_SUCCESS) {
1333 result = BTA_SUCCESS;
1334 }
1335
1336 if (result == BTA_FAILURE) {
1337 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1338
1339 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1340 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1341 p_data->hdr.offset = result;
1342 bta_sys_sendmsg(p_msg);
1343 }
1344 }
1345
1346 /*******************************************************************************
1347 *
1348 * Function bta_dm_read_remote_device_name
1349 *
1350 * Description Initiate to get remote device name
1351 *
1352 * Returns true if started to get remote name
1353 *
1354 ******************************************************************************/
bta_dm_read_remote_device_name(const RawAddress & bd_addr,tBT_TRANSPORT transport)1355 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
1356 tBT_TRANSPORT transport) {
1357 tBTM_STATUS btm_status;
1358
1359 APPL_TRACE_DEBUG("%s", __func__);
1360
1361 bta_dm_search_cb.peer_bdaddr = bd_addr;
1362 bta_dm_search_cb.peer_name[0] = 0;
1363
1364 btm_status =
1365 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1366 (tBTM_CMPL_CB*)bta_dm_remname_cback, transport);
1367
1368 if (btm_status == BTM_CMD_STARTED) {
1369 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
1370
1371 return (true);
1372 } else if (btm_status == BTM_BUSY) {
1373 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1374
1375 /* Remote name discovery is on going now so BTM cannot notify through
1376 * "bta_dm_remname_cback" */
1377 /* adding callback to get notified that current reading remore name done */
1378 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1379
1380 return (true);
1381 } else {
1382 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
1383 btm_status);
1384
1385 return (false);
1386 }
1387 }
1388
1389 /*******************************************************************************
1390 *
1391 * Function bta_dm_inq_cmpl
1392 *
1393 * Description Process the inquiry complete event from BTM
1394 *
1395 * Returns void
1396 *
1397 ******************************************************************************/
bta_dm_inq_cmpl(tBTA_DM_MSG * p_data)1398 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) {
1399 tBTA_DM_SEARCH data;
1400
1401 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1402
1403 data.inq_cmpl.num_resps = p_data->inq_cmpl.num;
1404 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1405
1406 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1407 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1408 /* start name and service discovery from the first device on inquiry result
1409 */
1410 bta_dm_search_cb.name_discover_done = false;
1411 bta_dm_search_cb.peer_name[0] = 0;
1412 bta_dm_discover_device(
1413 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1414 } else {
1415 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1416
1417 /* no devices, search complete */
1418 bta_dm_search_cb.services = 0;
1419
1420 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1421 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1422 bta_sys_sendmsg(p_msg);
1423 }
1424 }
1425
1426 /*******************************************************************************
1427 *
1428 * Function bta_dm_rmt_name
1429 *
1430 * Description Process the remote name result from BTM
1431 *
1432 * Returns void
1433 *
1434 ******************************************************************************/
bta_dm_rmt_name(tBTA_DM_MSG * p_data)1435 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1436 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1437
1438 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1439 bta_dm_search_cb.p_btm_inq_info) {
1440 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1441 }
1442
1443 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1444 }
1445
1446 /*******************************************************************************
1447 *
1448 * Function bta_dm_disc_rmt_name
1449 *
1450 * Description Process the remote name result from BTM when application
1451 * wants to find the name for a bdaddr
1452 *
1453 * Returns void
1454 *
1455 ******************************************************************************/
bta_dm_disc_rmt_name(tBTA_DM_MSG * p_data)1456 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1457 tBTM_INQ_INFO* p_btm_inq_info;
1458
1459 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1460
1461 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1462 if (p_btm_inq_info) {
1463 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1464 p_btm_inq_info->appl_knows_rem_name = true;
1465 }
1466 }
1467
1468 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1469 }
1470
1471 /*******************************************************************************
1472 *
1473 * Function bta_dm_sdp_result
1474 *
1475 * Description Process the discovery result from sdp
1476 *
1477 * Returns void
1478 *
1479 ******************************************************************************/
bta_dm_sdp_result(tBTA_DM_MSG * p_data)1480 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1481 tSDP_DISC_REC* p_sdp_rec = NULL;
1482 tBTA_DM_MSG* p_msg;
1483 bool scn_found = false;
1484 uint16_t service = 0xFFFF;
1485 tSDP_PROTOCOL_ELEM pe;
1486
1487 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid;
1488 tBTA_DM_SEARCH result;
1489 tBT_UUID service_uuid;
1490
1491 uint32_t num_uuids = 0;
1492 uint8_t uuid_list[BTA_MAX_SERVICES][MAX_UUID_SIZE]; // assuming a max of 32 services
1493
1494 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1495 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1496 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1497 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1498 do {
1499 p_sdp_rec = NULL;
1500 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1501 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db,
1502 &bta_dm_search_cb.uuid, p_sdp_rec);
1503
1504 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1505 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1506 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1507 scn_found = true;
1508 }
1509 } else {
1510 service =
1511 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1512 p_sdp_rec =
1513 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1514 }
1515 /* finished with BR/EDR services, now we check the result for GATT based
1516 * service UUID */
1517 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1518 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) {
1519 p_uuid +=
1520 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search);
1521 /* only support 16 bits UUID for now */
1522 service = p_uuid->uu.uuid16;
1523 }
1524 /* all GATT based services */
1525 do {
1526 /* find a service record, report it */
1527 p_sdp_rec =
1528 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1529 if (p_sdp_rec) {
1530 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1531 /* send result back to app now, one by one */
1532 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1533 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1534 BD_NAME_LEN);
1535 result.disc_ble_res.service.len = service_uuid.len;
1536 result.disc_ble_res.service.uu.uuid16 = service_uuid.uu.uuid16;
1537
1538 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1539 }
1540 }
1541
1542 if (bta_dm_search_cb.uuid_to_search > 0) break;
1543
1544 } while (p_sdp_rec);
1545 } else {
1546 /* SDP_DB_FULL means some records with the
1547 required attributes were received */
1548 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1549 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1550 (p_sdp_rec != NULL)) {
1551 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1552 uint16_t tmp_svc = 0xFFFF;
1553 bta_dm_search_cb.services_found |=
1554 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1555 bta_dm_search_cb.service_index - 1));
1556 tmp_svc =
1557 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1558 1];
1559 /* Add to the list of UUIDs */
1560 if (num_uuids < BTA_MAX_SERVICES) {
1561 sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);
1562 num_uuids++;
1563 } else {
1564 android_errorWriteLog(0x534e4554, "74016921");
1565 }
1566 }
1567 }
1568 }
1569
1570 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1571 bta_dm_search_cb.services_to_search == 0) {
1572 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1573 bta_dm_search_cb.uuid_to_search > 0)
1574 bta_dm_search_cb.uuid_to_search--;
1575
1576 if (bta_dm_search_cb.uuid_to_search == 0 ||
1577 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1578 bta_dm_search_cb.service_index++;
1579 } else /* regular one service per search or PNP search */
1580 break;
1581
1582 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1583
1584 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1585 bta_dm_search_cb.services_found);
1586
1587 /* Collect the 128-bit services here and put them into the list */
1588 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1589 p_sdp_rec = NULL;
1590 do {
1591 tBT_UUID temp_uuid;
1592 /* find a service record, report it */
1593 p_sdp_rec =
1594 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1595 if (p_sdp_rec) {
1596 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1597 if (num_uuids < BTA_MAX_SERVICES) {
1598 memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);
1599 num_uuids++;
1600 } else {
1601 android_errorWriteLog(0x534e4554, "74016921");
1602 }
1603 }
1604 }
1605 } while (p_sdp_rec);
1606 }
1607 /* if there are more services to search for */
1608 if (bta_dm_search_cb.services_to_search) {
1609 /* Free up the p_sdp_db before checking the next one */
1610 bta_dm_free_sdp_db(NULL);
1611 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1612 } else {
1613 /* callbacks */
1614 /* start next bd_addr if necessary */
1615
1616 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1617
1618 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1619 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1620 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1621 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
1622 p_msg->disc_result.result.disc_res.raw_data_size = 0;
1623 p_msg->disc_result.result.disc_res.num_uuids = num_uuids;
1624 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1625 if (num_uuids > 0) {
1626 p_msg->disc_result.result.disc_res.p_uuid_list =
1627 (uint8_t*)osi_malloc(num_uuids * MAX_UUID_SIZE);
1628 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list,
1629 num_uuids * MAX_UUID_SIZE);
1630 }
1631 // Copy the raw_data to the discovery result structure
1632 if (bta_dm_search_cb.p_sdp_db != NULL &&
1633 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1634 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1635 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1636 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1637 bta_dm_search_cb.p_sdp_db->raw_data);
1638
1639 p_msg->disc_result.result.disc_res.p_raw_data =
1640 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used);
1641 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
1642 bta_dm_search_cb.p_sdp_db->raw_data,
1643 bta_dm_search_cb.p_sdp_db->raw_used);
1644
1645 p_msg->disc_result.result.disc_res.raw_data_size =
1646 bta_dm_search_cb.p_sdp_db->raw_used;
1647
1648 bta_dm_search_cb.p_sdp_db->raw_data =
1649 NULL; // no need to free this - it is a global assigned.
1650 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1651 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1652 } else {
1653 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1654 __func__);
1655 }
1656 /* Done with p_sdp_db. Free it */
1657 bta_dm_free_sdp_db(NULL);
1658 p_msg->disc_result.result.disc_res.services =
1659 bta_dm_search_cb.services_found;
1660
1661 // Piggy back the SCN over result field
1662 if (scn_found) {
1663 p_msg->disc_result.result.disc_res.result =
1664 (3 + bta_dm_search_cb.peer_scn);
1665 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1666
1667 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1668 bta_dm_search_cb.peer_scn);
1669 }
1670 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1671 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1672 bta_dm_get_remname(), BD_NAME_LEN);
1673
1674 bta_sys_sendmsg(p_msg);
1675 }
1676 } else {
1677 /* conn failed. No need for timer */
1678 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED ||
1679 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED ||
1680 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR)
1681 bta_dm_search_cb.wait_disc = false;
1682
1683 /* not able to connect go to next device */
1684 if (bta_dm_search_cb.p_sdp_db)
1685 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1686
1687 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1688
1689 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1690 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1691 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1692 p_msg->disc_result.result.disc_res.services =
1693 bta_dm_search_cb.services_found;
1694 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1695 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1696 bta_dm_get_remname(), BD_NAME_LEN);
1697
1698 bta_sys_sendmsg(p_msg);
1699 }
1700 }
1701
1702 /*******************************************************************************
1703 *
1704 * Function bta_dm_search_cmpl
1705 *
1706 * Description Sends event to application
1707 *
1708 * Returns void
1709 *
1710 ******************************************************************************/
bta_dm_search_cmpl(tBTA_DM_MSG * p_data)1711 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) {
1712 APPL_TRACE_EVENT("%s", __func__);
1713
1714 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1715
1716 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT)
1717 bta_dm_di_disc_cmpl(p_data);
1718 else
1719 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL);
1720 }
1721
1722 /*******************************************************************************
1723 *
1724 * Function bta_dm_disc_result
1725 *
1726 * Description Service discovery result when discovering services on a
1727 * device
1728 *
1729 * Returns void
1730 *
1731 ******************************************************************************/
bta_dm_disc_result(tBTA_DM_MSG * p_data)1732 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1733 APPL_TRACE_EVENT("%s", __func__);
1734
1735 /* if any BR/EDR service discovery has been done, report the event */
1736 if ((bta_dm_search_cb.services &
1737 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1738 ~BTA_BLE_SERVICE_MASK)))
1739 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1740 &p_data->disc_result.result);
1741
1742 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1743
1744 /* send a message to change state */
1745 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1746 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1747 bta_sys_sendmsg(p_msg);
1748 }
1749
1750 /*******************************************************************************
1751 *
1752 * Function bta_dm_search_result
1753 *
1754 * Description Service discovery result while searching for devices
1755 *
1756 * Returns void
1757 *
1758 ******************************************************************************/
bta_dm_search_result(tBTA_DM_MSG * p_data)1759 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1760 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1761 bta_dm_search_cb.services,
1762 p_data->disc_result.result.disc_res.services);
1763
1764 /* call back if application wants name discovery or found services that
1765 * application is searching */
1766 if ((!bta_dm_search_cb.services) ||
1767 ((bta_dm_search_cb.services) &&
1768 (p_data->disc_result.result.disc_res.services))) {
1769 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1770 &p_data->disc_result.result);
1771 }
1772
1773 /* if searching did not initiate to create link */
1774 if (!bta_dm_search_cb.wait_disc) {
1775 /* if service searching is done with EIR, don't search next device */
1776 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1777 } else {
1778 /* wait until link is disconnected or timeout */
1779 bta_dm_search_cb.sdp_results = true;
1780 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1781 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1782 bta_dm_search_timer_cback, NULL);
1783 }
1784 }
1785
1786 /*******************************************************************************
1787 *
1788 * Function bta_dm_search_timer_cback
1789 *
1790 * Description Called when ACL disconnect time is over
1791 *
1792 *
1793 * Returns void
1794 *
1795 ******************************************************************************/
bta_dm_search_timer_cback(UNUSED_ATTR void * data)1796 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1797 APPL_TRACE_EVENT("%s", __func__);
1798 bta_dm_search_cb.wait_disc = false;
1799
1800 /* proceed with next device */
1801 bta_dm_discover_next_device();
1802 }
1803
1804 /*******************************************************************************
1805 *
1806 * Function bta_dm_free_sdp_db
1807 *
1808 * Description Frees SDP data base
1809 *
1810 * Returns void
1811 *
1812 ******************************************************************************/
bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG * p_data)1813 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1814 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1815 }
1816
1817 /*******************************************************************************
1818 *
1819 * Function bta_dm_queue_search
1820 *
1821 * Description Queues search command while search is being cancelled
1822 *
1823 * Returns void
1824 *
1825 ******************************************************************************/
bta_dm_queue_search(tBTA_DM_MSG * p_data)1826 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1827 osi_free(bta_dm_search_cb.p_search_queue);
1828 bta_dm_search_cb.p_search_queue =
1829 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1830 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH));
1831 }
1832
1833 /*******************************************************************************
1834 *
1835 * Function bta_dm_queue_disc
1836 *
1837 * Description Queues discovery command while search is being cancelled
1838 *
1839 * Returns void
1840 *
1841 ******************************************************************************/
bta_dm_queue_disc(tBTA_DM_MSG * p_data)1842 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1843 osi_free(bta_dm_search_cb.p_search_queue);
1844 bta_dm_search_cb.p_search_queue =
1845 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1846 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER));
1847 }
1848
1849 /*******************************************************************************
1850 *
1851 * Function bta_dm_search_clear_queue
1852 *
1853 * Description Clears the queue if API search cancel is called
1854 *
1855 * Returns void
1856 *
1857 ******************************************************************************/
bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG * p_data)1858 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1859 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue);
1860 }
1861
1862 /*******************************************************************************
1863 *
1864 * Function bta_dm_search_cancel_cmpl
1865 *
1866 * Description Search cancel is complete
1867 *
1868 * Returns void
1869 *
1870 ******************************************************************************/
bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG * p_data)1871 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1872 if (bta_dm_search_cb.p_search_queue) {
1873 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue);
1874 bta_dm_search_cb.p_search_queue = NULL;
1875 }
1876 }
1877
1878 /*******************************************************************************
1879 *
1880 * Function bta_dm_search_cancel_transac_cmpl
1881 *
1882 * Description Current Service Discovery or remote name procedure is
1883 * completed after search cancellation
1884 *
1885 * Returns void
1886 *
1887 ******************************************************************************/
bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG * p_data)1888 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1889 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1890 bta_dm_search_cancel_notify(NULL);
1891 }
1892
1893 /*******************************************************************************
1894 *
1895 * Function bta_dm_search_cancel_notify
1896 *
1897 * Description Notify application that search has been cancelled
1898 *
1899 * Returns void
1900 *
1901 ******************************************************************************/
bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG * p_data)1902 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1903 if (bta_dm_search_cb.p_search_cback) {
1904 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1905 }
1906 if (!bta_dm_search_cb.name_discover_done) {
1907 BTM_CancelRemoteDeviceName();
1908 }
1909 if (bta_dm_search_cb.gatt_disc_active) {
1910 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1911 }
1912 }
1913
1914 /*******************************************************************************
1915 *
1916 * Function bta_dm_find_services
1917 *
1918 * Description Starts discovery on a device
1919 *
1920 * Returns void
1921 *
1922 ******************************************************************************/
bta_dm_find_services(const RawAddress & bd_addr)1923 static void bta_dm_find_services(const RawAddress& bd_addr) {
1924 tSDP_UUID uuid;
1925
1926 memset(&uuid, 0, sizeof(tSDP_UUID));
1927
1928 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1929 if (bta_dm_search_cb.services_to_search &
1930 (tBTA_SERVICE_MASK)(
1931 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1932 bta_dm_search_cb.p_sdp_db =
1933 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1934 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1935 bta_dm_search_cb.services);
1936 /* try to search all services by search based on L2CAP UUID */
1937 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1938 LOG_INFO(LOG_TAG, "%s services_to_search=%08x", __func__,
1939 bta_dm_search_cb.services_to_search);
1940 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1941 uuid.uu.uuid16 = bta_service_id_to_uuid_lkup_tbl[0];
1942 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1943 } else {
1944 uuid.uu.uuid16 = UUID_PROTOCOL_L2CAP;
1945 bta_dm_search_cb.services_to_search = 0;
1946 }
1947 } else {
1948 /* for LE only profile */
1949 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1950 if (bta_dm_search_cb.uuid_to_search > 0 &&
1951 bta_dm_search_cb.p_srvc_uuid) {
1952 memcpy(&uuid, (const void*)(bta_dm_search_cb.p_srvc_uuid +
1953 bta_dm_search_cb.num_uuid -
1954 bta_dm_search_cb.uuid_to_search),
1955 sizeof(tBT_UUID));
1956
1957 bta_dm_search_cb.uuid_to_search--;
1958 } else {
1959 uuid.uu.uuid16 =
1960 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index];
1961 }
1962
1963 /* last one? clear the BLE service bit if all discovery has been done
1964 */
1965 if (bta_dm_search_cb.uuid_to_search == 0)
1966 bta_dm_search_cb.services_to_search &=
1967 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK(
1968 bta_dm_search_cb.service_index)));
1969
1970 } else {
1971 /* remove the service from services to be searched */
1972 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1973 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1974 uuid.uu.uuid16 =
1975 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index];
1976 }
1977 }
1978
1979 if (uuid.len == 0) uuid.len = LEN_UUID_16;
1980
1981 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) {
1982 memcpy(&uuid, &bta_dm_search_cb.uuid, sizeof(tSDP_UUID));
1983 }
1984
1985 LOG_INFO(LOG_TAG, "%s search UUID = %04x", __func__, uuid.uu.uuid16);
1986 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1987 &uuid, 0, NULL);
1988
1989 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1990 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1991
1992 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1993
1994 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1995 &bta_dm_sdp_callback)) {
1996 /*
1997 * If discovery is not successful with this device, then
1998 * proceed with the next one.
1999 */
2000 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
2001 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
2002
2003 } else {
2004 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
2005 bta_dm_search_cb.uuid_to_search == 0) ||
2006 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
2007 bta_dm_search_cb.service_index++;
2008 return;
2009 }
2010 }
2011
2012 bta_dm_search_cb.service_index++;
2013 }
2014
2015 /* no more services to be discovered */
2016 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
2017 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2018 /* initialize the data structure - includes p_raw_data and raw_data_size */
2019 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2020 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2021 p_msg->disc_result.result.disc_res.services =
2022 bta_dm_search_cb.services_found;
2023 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2024 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2025 bta_dm_get_remname(), BD_NAME_LEN);
2026
2027 bta_sys_sendmsg(p_msg);
2028 }
2029 }
2030
2031 /*******************************************************************************
2032 *
2033 * Function bta_dm_discover_next_device
2034 *
2035 * Description Starts discovery on the next device in Inquiry data base
2036 *
2037 * Returns void
2038 *
2039 ******************************************************************************/
bta_dm_discover_next_device(void)2040 static void bta_dm_discover_next_device(void) {
2041 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
2042
2043 /* searching next device on inquiry result */
2044 bta_dm_search_cb.p_btm_inq_info =
2045 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
2046 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
2047 bta_dm_search_cb.name_discover_done = false;
2048 bta_dm_search_cb.peer_name[0] = 0;
2049 bta_dm_discover_device(
2050 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
2051 } else {
2052 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2053
2054 /* no devices, search complete */
2055 bta_dm_search_cb.services = 0;
2056
2057 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2058 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2059
2060 bta_sys_sendmsg(p_msg);
2061 }
2062 }
2063
2064 /*******************************************************************************
2065 *
2066 * Function bta_dm_discover_device
2067 *
2068 * Description Starts name and service discovery on the device
2069 *
2070 * Returns void
2071 *
2072 ******************************************************************************/
bta_dm_discover_device(const RawAddress & remote_bd_addr)2073 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
2074 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
2075 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) {
2076 tBT_DEVICE_TYPE dev_type;
2077 tBLE_ADDR_TYPE addr_type;
2078
2079 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
2080 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
2081 transport = BT_TRANSPORT_LE;
2082 } else {
2083 transport = bta_dm_search_cb.transport;
2084 }
2085
2086 /* Reset transport state for next discovery */
2087 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN;
2088
2089 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
2090
2091 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
2092
2093 APPL_TRACE_DEBUG(
2094 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
2095 __func__, bta_dm_search_cb.name_discover_done,
2096 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
2097
2098 if (bta_dm_search_cb.p_btm_inq_info) {
2099 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
2100 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
2101 }
2102 if ((bta_dm_search_cb.p_btm_inq_info) &&
2103 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
2104 BT_DEVICE_TYPE_BLE) &&
2105 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) {
2106 /* Do not perform RNR for LE devices at inquiry complete*/
2107 bta_dm_search_cb.name_discover_done = true;
2108 }
2109 /* if name discovery is not done and application needs remote name */
2110 if ((!bta_dm_search_cb.name_discover_done) &&
2111 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
2112 (bta_dm_search_cb.p_btm_inq_info &&
2113 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
2114 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr,
2115 transport) == true)
2116 return;
2117
2118 /* starting name discovery failed */
2119 bta_dm_search_cb.name_discover_done = true;
2120 }
2121
2122 /* if application wants to discover service */
2123 if (bta_dm_search_cb.services) {
2124 /* initialize variables */
2125 bta_dm_search_cb.service_index = 0;
2126 bta_dm_search_cb.services_found = 0;
2127 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
2128 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
2129 if ((bta_dm_search_cb.p_btm_inq_info != NULL) &&
2130 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK &&
2131 (bta_dm_search_cb.sdp_search == false)) {
2132 /* check if EIR provides the information of supported services */
2133 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results,
2134 &bta_dm_search_cb.services_to_search,
2135 &bta_dm_search_cb.services_found);
2136 }
2137
2138 /* if seaching with EIR is not completed */
2139 if (bta_dm_search_cb.services_to_search) {
2140 /* check whether connection already exists to the device
2141 if connection exists, we don't have to wait for ACL
2142 link to go down to start search on next device */
2143 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
2144 BT_TRANSPORT_BR_EDR))
2145 bta_dm_search_cb.wait_disc = false;
2146 else
2147 bta_dm_search_cb.wait_disc = true;
2148
2149 if (bta_dm_search_cb.p_btm_inq_info) {
2150 APPL_TRACE_DEBUG(
2151 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
2152 "services_to_search 0x%x",
2153 __func__, bta_dm_search_cb.p_btm_inq_info,
2154 bta_dm_search_cb.p_btm_inq_info->results.device_type,
2155 bta_dm_search_cb.services_to_search);
2156 }
2157
2158 if (transport == BT_TRANSPORT_LE) {
2159 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
2160 // set the raw data buffer here
2161 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
2162 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf;
2163
2164 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF;
2165 bta_dm_search_cb.ble_raw_used = 0;
2166
2167 /* start GATT for service discovery */
2168 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
2169 return;
2170 }
2171 } else {
2172 bta_dm_search_cb.sdp_results = false;
2173 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
2174 return;
2175 }
2176 }
2177 }
2178
2179 /* name discovery and service discovery are done for this device */
2180 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2181 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2182 /* initialize the data structure - includes p_raw_data and raw_data_size */
2183 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2184 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
2185 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
2186 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2187 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2188 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN);
2189
2190 bta_sys_sendmsg(p_msg);
2191 }
2192
2193 /*******************************************************************************
2194 *
2195 * Function bta_dm_sdp_callback
2196 *
2197 * Description Callback from sdp with discovery status
2198 *
2199 * Returns void
2200 *
2201 ******************************************************************************/
bta_dm_sdp_callback(uint16_t sdp_status)2202 static void bta_dm_sdp_callback(uint16_t sdp_status) {
2203 tBTA_DM_SDP_RESULT* p_msg =
2204 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
2205
2206 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
2207 p_msg->sdp_result = sdp_status;
2208
2209 bta_sys_sendmsg(p_msg);
2210 }
2211
2212 /*******************************************************************************
2213 *
2214 * Function bta_dm_inq_results_cb
2215 *
2216 * Description Inquiry results callback from BTM
2217 *
2218 * Returns void
2219 *
2220 ******************************************************************************/
bta_dm_inq_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)2221 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
2222 uint16_t eir_len) {
2223 tBTA_DM_SEARCH result;
2224 tBTM_INQ_INFO* p_inq_info;
2225 uint16_t service_class;
2226
2227 result.inq_res.bd_addr = p_inq->remote_bd_addr;
2228 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
2229 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
2230 result.inq_res.is_limited =
2231 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
2232 result.inq_res.rssi = p_inq->rssi;
2233
2234 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
2235 result.inq_res.inq_result_type = p_inq->inq_result_type;
2236 result.inq_res.device_type = p_inq->device_type;
2237 result.inq_res.flag = p_inq->flag;
2238
2239 /* application will parse EIR to find out remote device name */
2240 result.inq_res.p_eir = p_eir;
2241 result.inq_res.eir_len = eir_len;
2242
2243 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
2244 if (p_inq_info != NULL) {
2245 /* initialize remt_name_not_required to false so that we get the name by
2246 * default */
2247 result.inq_res.remt_name_not_required = false;
2248 }
2249
2250 if (bta_dm_search_cb.p_search_cback)
2251 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
2252
2253 if (p_inq_info) {
2254 /* application indicates if it knows the remote name, inside the callback
2255 copy that to the inquiry data base*/
2256 if (result.inq_res.remt_name_not_required)
2257 p_inq_info->appl_knows_rem_name = true;
2258 }
2259 }
2260
2261 /*******************************************************************************
2262 *
2263 * Function bta_dm_inq_cmpl_cb
2264 *
2265 * Description Inquiry complete callback from BTM
2266 *
2267 * Returns void
2268 *
2269 ******************************************************************************/
bta_dm_inq_cmpl_cb(void * p_result)2270 static void bta_dm_inq_cmpl_cb(void* p_result) {
2271 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2272
2273 APPL_TRACE_DEBUG("%s", __func__);
2274
2275 if (bta_dm_search_cb.cancel_pending == false) {
2276 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
2277 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
2278 } else {
2279 bta_dm_search_cb.cancel_pending = false;
2280 bta_dm_search_cancel_notify(NULL);
2281 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2282 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2283 }
2284
2285 bta_sys_sendmsg(p_msg);
2286 }
2287
2288 /*******************************************************************************
2289 *
2290 * Function bta_dm_service_search_remname_cback
2291 *
2292 * Description Remote name call back from BTM during service discovery
2293 *
2294 * Returns void
2295 *
2296 ******************************************************************************/
bta_dm_service_search_remname_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dc,BD_NAME bd_name)2297 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
2298 UNUSED_ATTR DEV_CLASS dc,
2299 BD_NAME bd_name) {
2300 tBTM_REMOTE_DEV_NAME rem_name;
2301 tBTM_STATUS btm_status;
2302
2303 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
2304
2305 /* if this is what we are looking for */
2306 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
2307 rem_name.length = strlen((char*)bd_name);
2308 if (rem_name.length > (BD_NAME_LEN - 1)) {
2309 rem_name.length = (BD_NAME_LEN - 1);
2310 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0;
2311 }
2312 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN);
2313 rem_name.status = BTM_SUCCESS;
2314
2315 bta_dm_remname_cback(&rem_name);
2316 } else {
2317 /* get name of device */
2318 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
2319 (tBTM_CMPL_CB*)bta_dm_remname_cback,
2320 BT_TRANSPORT_BR_EDR);
2321 if (btm_status == BTM_BUSY) {
2322 /* wait for next chance(notification of remote name discovery done) */
2323 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
2324 } else if (btm_status != BTM_CMD_STARTED) {
2325 /* if failed to start getting remote name then continue */
2326 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
2327 __func__, btm_status);
2328
2329 rem_name.length = 0;
2330 rem_name.remote_bd_name[0] = 0;
2331 rem_name.status = btm_status;
2332 bta_dm_remname_cback(&rem_name);
2333 }
2334 }
2335 }
2336
2337 /*******************************************************************************
2338 *
2339 * Function bta_dm_remname_cback
2340 *
2341 * Description Remote name complete call back from BTM
2342 *
2343 * Returns void
2344 *
2345 ******************************************************************************/
bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME * p_remote_name)2346 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name) {
2347 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
2348 p_remote_name->length, p_remote_name->remote_bd_name);
2349
2350 /* remote name discovery is done but it could be failed */
2351 bta_dm_search_cb.name_discover_done = true;
2352 strlcpy((char*)bta_dm_search_cb.peer_name,
2353 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2354
2355 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
2356
2357 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
2358 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
2359 }
2360
2361 tBTA_DM_REM_NAME* p_msg =
2362 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
2363 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2364 strlcpy((char*)p_msg->result.disc_res.bd_name,
2365 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2366 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
2367
2368 bta_sys_sendmsg(p_msg);
2369 }
2370
2371 /*******************************************************************************
2372 *
2373 * Function bta_dm_authorize_cback
2374 *
2375 * Description cback requesting authorization
2376 *
2377 * Returns void
2378 *
2379 ******************************************************************************/
bta_dm_authorize_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,UNUSED_ATTR uint8_t * service_name,uint8_t service_id,UNUSED_ATTR bool is_originator)2380 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
2381 DEV_CLASS dev_class, BD_NAME bd_name,
2382 UNUSED_ATTR uint8_t* service_name,
2383 uint8_t service_id,
2384 UNUSED_ATTR bool is_originator) {
2385 tBTA_DM_SEC sec_event;
2386 uint8_t index = 1;
2387
2388 sec_event.authorize.bd_addr = bd_addr;
2389 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN);
2390 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN);
2391
2392 #if (BTA_JV_INCLUDED == TRUE)
2393 sec_event.authorize.service = service_id;
2394 #endif
2395
2396 while (index < BTA_MAX_SERVICE_ID) {
2397 /* get the BTA service id corresponding to BTM id */
2398 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) {
2399 sec_event.authorize.service = index;
2400 break;
2401 }
2402 index++;
2403 }
2404
2405 /* if supported service callback otherwise not authorized */
2406 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID
2407 #if (BTA_JV_INCLUDED == TRUE)
2408 /* pass through JV service ID */
2409 || (service_id >= BTA_FIRST_JV_SERVICE_ID &&
2410 service_id <= BTA_LAST_JV_SERVICE_ID)
2411 #endif
2412 )) {
2413 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event);
2414 return BTM_CMD_STARTED;
2415 } else {
2416 return BTM_NOT_AUTHORIZED;
2417 }
2418 }
2419
2420 /*******************************************************************************
2421 *
2422 * Function bta_dm_pinname_cback
2423 *
2424 * Description Callback requesting pin_key
2425 *
2426 * Returns void
2427 *
2428 ******************************************************************************/
bta_dm_pinname_cback(void * p_data)2429 static void bta_dm_pinname_cback(void* p_data) {
2430 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
2431 tBTA_DM_SEC sec_event;
2432 uint32_t bytes_to_copy;
2433 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
2434
2435 if (BTA_DM_SP_CFM_REQ_EVT == event) {
2436 /* Retrieved saved device class and bd_addr */
2437 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
2438 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
2439
2440 if (p_result && p_result->status == BTM_SUCCESS) {
2441 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2442 ? p_result->length
2443 : (BD_NAME_LEN - 1);
2444 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
2445 bytes_to_copy);
2446 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2447 } else /* No name found */
2448 sec_event.cfm_req.bd_name[0] = 0;
2449
2450 sec_event.key_notif.passkey =
2451 bta_dm_cb.num_val; /* get PIN code numeric number */
2452
2453 /* 1 additional event data fields for this event */
2454 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
2455 } else {
2456 /* Retrieved saved device class and bd_addr */
2457 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
2458 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2459
2460 if (p_result && p_result->status == BTM_SUCCESS) {
2461 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2462 ? p_result->length
2463 : (BD_NAME_LEN - 1);
2464 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2465 bytes_to_copy);
2466 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2467 } else /* No name found */
2468 sec_event.pin_req.bd_name[0] = 0;
2469
2470 event = bta_dm_cb.pin_evt;
2471 sec_event.key_notif.passkey =
2472 bta_dm_cb.num_val; /* get PIN code numeric number */
2473 }
2474
2475 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2476 }
2477
2478 /*******************************************************************************
2479 *
2480 * Function bta_dm_pin_cback
2481 *
2482 * Description Callback requesting pin_key
2483 *
2484 * Returns void
2485 *
2486 ******************************************************************************/
bta_dm_pin_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,bool min_16_digit)2487 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2488 BD_NAME bd_name, bool min_16_digit) {
2489 tBTA_DM_SEC sec_event;
2490
2491 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2492
2493 /* If the device name is not known, save bdaddr and devclass and initiate a
2494 * name request */
2495 if (bd_name[0] == 0) {
2496 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2497 bta_dm_cb.pin_bd_addr = bd_addr;
2498 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2499 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2500 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2501 return BTM_CMD_STARTED;
2502
2503 APPL_TRACE_WARNING(
2504 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2505 }
2506
2507 sec_event.pin_req.bd_addr = bd_addr;
2508 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2509 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN);
2510 sec_event.pin_req.min_16_digit = min_16_digit;
2511
2512 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2513 return BTM_CMD_STARTED;
2514 }
2515
2516 /*******************************************************************************
2517 *
2518 * Function bta_dm_new_link_key_cback
2519 *
2520 * Description Callback from BTM to notify new link key
2521 *
2522 * Returns void
2523 *
2524 ******************************************************************************/
bta_dm_new_link_key_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,LINK_KEY key,uint8_t key_type)2525 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2526 UNUSED_ATTR DEV_CLASS dev_class,
2527 BD_NAME bd_name, LINK_KEY key,
2528 uint8_t key_type) {
2529 tBTA_DM_SEC sec_event;
2530 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2531 uint8_t event;
2532
2533 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2534
2535 /* Not AMP Key type */
2536 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) {
2537 event = BTA_DM_AUTH_CMPL_EVT;
2538 p_auth_cmpl = &sec_event.auth_cmpl;
2539
2540 p_auth_cmpl->bd_addr = bd_addr;
2541
2542 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1));
2543 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0;
2544
2545 p_auth_cmpl->key_present = true;
2546 p_auth_cmpl->key_type = key_type;
2547 p_auth_cmpl->success = true;
2548
2549 memcpy(p_auth_cmpl->key, key, LINK_KEY_LEN);
2550 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2551
2552 // Report the BR link key based on the BR/EDR address and type
2553 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2554 &sec_event.auth_cmpl.addr_type);
2555 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2556
2557 // Setting remove_dev_pending flag to false, where it will avoid deleting
2558 // the
2559 // security device record when the ACL connection link goes down in case of
2560 // reconnection.
2561 if (bta_dm_cb.device_list.count)
2562 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2563 } else {
2564 APPL_TRACE_WARNING("%s() Received AMP Key", __func__);
2565 }
2566
2567 return BTM_CMD_STARTED;
2568 }
2569
2570 /*******************************************************************************
2571 *
2572 * Function bta_dm_authentication_complete_cback
2573 *
2574 * Description Authentication complete callback from BTM
2575 *
2576 * Returns void
2577 *
2578 ******************************************************************************/
bta_dm_authentication_complete_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,int result)2579 static uint8_t bta_dm_authentication_complete_cback(
2580 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name,
2581 int result) {
2582 tBTA_DM_SEC sec_event;
2583
2584 if (result != BTM_SUCCESS) {
2585 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2586 sec_event.auth_cmpl.bd_addr = bd_addr;
2587
2588 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1));
2589 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
2590
2591 // Report the BR link key based on the BR/EDR address and type
2592 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2593 &sec_event.auth_cmpl.addr_type);
2594 sec_event.auth_cmpl.fail_reason = (uint8_t)result;
2595
2596 if (bta_dm_cb.p_sec_cback)
2597 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2598
2599 if (result == HCI_ERR_AUTH_FAILURE || result == HCI_ERR_KEY_MISSING ||
2600 result == HCI_ERR_HOST_REJECT_SECURITY ||
2601 result == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) {
2602 APPL_TRACE_WARNING("%s deleting %s - result: 0x%02x", __func__,
2603 bd_addr.ToString().c_str(), result);
2604 bta_dm_remove_sec_dev_entry(bd_addr);
2605 }
2606 }
2607
2608 return BTM_SUCCESS;
2609 }
2610
2611 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
2612 /*******************************************************************************
2613 *
2614 * Function bta_dm_sp_cback
2615 *
2616 * Description simple pairing callback from BTM
2617 *
2618 * Returns void
2619 *
2620 ******************************************************************************/
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)2621 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
2622 tBTM_STATUS status = BTM_CMD_STARTED;
2623 tBTA_DM_SEC sec_event;
2624 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2625
2626 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2627 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2628
2629 /* TODO_SP */
2630 switch (event) {
2631 case BTM_SP_IO_REQ_EVT:
2632 /* translate auth_req */
2633 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap,
2634 &p_data->io_req.oob_data, &p_data->io_req.auth_req,
2635 p_data->io_req.is_orig);
2636 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2637 p_data->io_req.oob_data);
2638 break;
2639 case BTM_SP_IO_RSP_EVT:
2640 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2641 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2642 break;
2643
2644 case BTM_SP_CFM_REQ_EVT:
2645 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2646 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2647 p_data->cfm_req.just_works;
2648 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2649 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2650 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2651 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2652
2653 /* continue to next case */
2654 /* Passkey entry mode, mobile device with output capability is very
2655 unlikely to receive key request, so skip this event */
2656 /*case BTM_SP_KEY_REQ_EVT: */
2657 case BTM_SP_KEY_NOTIF_EVT:
2658 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2659 p_data->key_notif.passkey;
2660
2661 if (BTM_SP_CFM_REQ_EVT == event) {
2662 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2663 call remote name request using values from cfm_req */
2664 if (p_data->cfm_req.bd_name[0] == 0) {
2665 bta_dm_cb.pin_evt = pin_evt;
2666 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2667 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2668 p_data->cfm_req.dev_class);
2669 if ((BTM_ReadRemoteDeviceName(
2670 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2671 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2672 return BTM_CMD_STARTED;
2673 APPL_TRACE_WARNING(
2674 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2675 } else {
2676 /* Due to the switch case falling through below to
2677 BTM_SP_KEY_NOTIF_EVT,
2678 copy these values into key_notif from cfm_req */
2679 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2680 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2681 p_data->cfm_req.dev_class);
2682 strlcpy((char*)sec_event.key_notif.bd_name,
2683 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN);
2684 }
2685 }
2686
2687 if (BTM_SP_KEY_NOTIF_EVT == event) {
2688 /* If the device name is not known, save bdaddr and devclass
2689 and initiate a name request with values from key_notif */
2690 if (p_data->key_notif.bd_name[0] == 0) {
2691 bta_dm_cb.pin_evt = pin_evt;
2692 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2693 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2694 p_data->key_notif.dev_class);
2695 if ((BTM_ReadRemoteDeviceName(
2696 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2697 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2698 return BTM_CMD_STARTED;
2699 APPL_TRACE_WARNING(
2700 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2701 } else {
2702 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2703 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2704 p_data->key_notif.dev_class);
2705 strlcpy((char*)sec_event.key_notif.bd_name,
2706 (char*)p_data->key_notif.bd_name, BD_NAME_LEN);
2707 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0;
2708 }
2709 }
2710
2711 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2712
2713 break;
2714
2715 case BTM_SP_LOC_OOB_EVT:
2716 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS),
2717 p_data->loc_oob.c, p_data->loc_oob.r);
2718 break;
2719
2720 case BTM_SP_RMT_OOB_EVT:
2721 /* If the device name is not known, save bdaddr and devclass and initiate
2722 * a name request */
2723 if (p_data->rmt_oob.bd_name[0] == 0) {
2724 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT;
2725 bta_dm_cb.pin_bd_addr = p_data->rmt_oob.bd_addr;
2726 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2727 p_data->rmt_oob.dev_class);
2728 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr,
2729 bta_dm_pinname_cback,
2730 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2731 return BTM_CMD_STARTED;
2732 APPL_TRACE_WARNING(
2733 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2734 }
2735
2736 sec_event.rmt_oob.bd_addr = p_data->rmt_oob.bd_addr;
2737 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class,
2738 p_data->rmt_oob.dev_class);
2739 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name,
2740 BD_NAME_LEN);
2741
2742 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event);
2743
2744 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr);
2745 break;
2746
2747 case BTM_SP_COMPLT_EVT:
2748 /* do not report this event - handled by link_key_callback or
2749 * auth_complete_callback */
2750 break;
2751
2752 case BTM_SP_KEYPRESS_EVT:
2753 memcpy(&sec_event.key_press, &p_data->key_press,
2754 sizeof(tBTM_SP_KEYPRESS));
2755 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event);
2756 break;
2757
2758 case BTM_SP_UPGRADE_EVT:
2759 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade);
2760 break;
2761
2762 default:
2763 status = BTM_NOT_AUTHORIZED;
2764 break;
2765 }
2766 APPL_TRACE_EVENT("dm status: %d", status);
2767 return status;
2768 }
2769 #endif
2770
2771 /*******************************************************************************
2772 *
2773 * Function bta_dm_local_name_cback
2774 *
2775 * Description Callback from btm after local name is read
2776 *
2777 *
2778 * Returns void
2779 *
2780 ******************************************************************************/
bta_dm_local_name_cback(UNUSED_ATTR const RawAddress & p_name)2781 static void bta_dm_local_name_cback(UNUSED_ATTR const RawAddress& p_name) {
2782 tBTA_DM_SEC sec_event;
2783
2784 sec_event.enable.status = BTA_SUCCESS;
2785
2786 if (bta_dm_cb.p_sec_cback)
2787 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event);
2788 }
2789
2790 /*******************************************************************************
2791 *
2792 * Function bta_dm_bl_change_cback
2793 *
2794 * Description Callback from btm when acl connection goes up or down
2795 *
2796 *
2797 * Returns void
2798 *
2799 ******************************************************************************/
bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA * p_data)2800 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) {
2801 tBTA_DM_ACL_CHANGE* p_msg =
2802 (tBTA_DM_ACL_CHANGE*)osi_malloc(sizeof(tBTA_DM_ACL_CHANGE));
2803
2804 p_msg->event = p_data->event;
2805 p_msg->is_new = false;
2806
2807 switch (p_msg->event) {
2808 case BTM_BL_CONN_EVT:
2809 p_msg->is_new = true;
2810 p_msg->bd_addr = *p_data->conn.p_bda;
2811 p_msg->transport = p_data->conn.transport;
2812 p_msg->handle = p_data->conn.handle;
2813 break;
2814 case BTM_BL_DISCN_EVT:
2815 p_msg->bd_addr = *p_data->discn.p_bda;
2816 p_msg->transport = p_data->discn.transport;
2817 p_msg->handle = p_data->discn.handle;
2818 break;
2819 case BTM_BL_UPDATE_EVT:
2820 p_msg->busy_level = p_data->update.busy_level;
2821 p_msg->busy_level_flags = p_data->update.busy_level_flags;
2822 break;
2823 case BTM_BL_ROLE_CHG_EVT:
2824 p_msg->new_role = p_data->role_chg.new_role;
2825 p_msg->hci_status = p_data->role_chg.hci_status;
2826 p_msg->bd_addr = *p_data->role_chg.p_bda;
2827 break;
2828 case BTM_BL_COLLISION_EVT:
2829 p_msg->bd_addr = *p_data->conn.p_bda;
2830 break;
2831 }
2832
2833 p_msg->hdr.event = BTA_DM_ACL_CHANGE_EVT;
2834 bta_sys_sendmsg(p_msg);
2835 }
2836
2837 /*******************************************************************************
2838 *
2839 * Function bta_dm_rs_cback
2840 *
2841 * Description Receives the role switch complete event
2842 *
2843 * Returns
2844 *
2845 ******************************************************************************/
bta_dm_rs_cback(UNUSED_ATTR tBTM_ROLE_SWITCH_CMPL * p1)2846 static void bta_dm_rs_cback(UNUSED_ATTR tBTM_ROLE_SWITCH_CMPL* p1) {
2847 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event);
2848 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) {
2849 bta_dm_cb.search_msg.rs_res =
2850 BTA_DM_RS_OK; /* do not care about the result for now */
2851 bta_dm_cb.rs_event = 0;
2852 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg);
2853 }
2854 }
2855
2856 /*******************************************************************************
2857 *
2858 * Function bta_dm_check_av
2859 *
2860 * Description This function checks if AV is active
2861 * if yes, make sure the AV link is master
2862 *
2863 * Returns bool - true, if switch is in progress
2864 *
2865 ******************************************************************************/
bta_dm_check_av(uint16_t event)2866 static bool bta_dm_check_av(uint16_t event) {
2867 bool avoid_roleswitch = false;
2868 bool switching = false;
2869 uint8_t i;
2870 tBTA_DM_PEER_DEVICE* p_dev;
2871
2872 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE)
2873
2874 /* avoid role switch upon inquiry if a2dp is actively streaming as it
2875 introduces an audioglitch due to FW scheduling delays (unavoidable) */
2876 if (event == BTA_DM_API_SEARCH_EVT) {
2877 avoid_roleswitch = true;
2878 }
2879 #endif
2880
2881 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count);
2882 if (bta_dm_cb.cur_av_count) {
2883 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2884 p_dev = &bta_dm_cb.device_list.peer_device[i];
2885 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i,
2886 p_dev->conn_state, p_dev->info, avoid_roleswitch);
2887 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2888 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (avoid_roleswitch == false)) {
2889 /* make master and take away the role switch policy */
2890 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr,
2891 HCI_ROLE_MASTER,
2892 (tBTM_CMPL_CB*)bta_dm_rs_cback)) {
2893 /* the role switch command is actually sent */
2894 bta_dm_cb.rs_event = event;
2895 switching = true;
2896 }
2897 /* else either already master or can not switch for some reasons */
2898 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2899 &p_dev->peer_bdaddr);
2900 break;
2901 }
2902 }
2903 }
2904 return switching;
2905 }
2906
2907 /*******************************************************************************
2908 *
2909 * Function bta_dm_acl_change
2910 *
2911 * Description Process BTA_DM_ACL_CHANGE_EVT
2912 *
2913 *
2914 * Returns void
2915 *
2916 ******************************************************************************/
bta_dm_acl_change(tBTA_DM_MSG * p_data)2917 void bta_dm_acl_change(tBTA_DM_MSG* p_data) {
2918 uint8_t i;
2919 uint8_t* p;
2920 tBTA_DM_SEC conn;
2921 bool is_new = p_data->acl_change.is_new;
2922 const RawAddress& p_bda = p_data->acl_change.bd_addr;
2923 bool need_policy_change = false;
2924 bool issue_unpair_cb = false;
2925
2926 tBTA_DM_PEER_DEVICE* p_dev;
2927 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2928
2929 switch (p_data->acl_change.event) {
2930 case BTM_BL_UPDATE_EVT: /* busy level update */
2931 if (bta_dm_cb.p_sec_cback) {
2932 conn.busy_level.level = p_data->acl_change.busy_level;
2933 conn.busy_level.level_flags = p_data->acl_change.busy_level_flags;
2934 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn);
2935 }
2936 return;
2937
2938 case BTM_BL_ROLE_CHG_EVT: /* role change event */
2939 p_dev = bta_dm_find_peer_device(p_bda);
2940 if (p_dev) {
2941 APPL_TRACE_DEBUG(
2942 "bta_dm_acl_change role chg info:x%x new_role:%d dev count:%d",
2943 p_dev->info, p_data->acl_change.new_role,
2944 bta_dm_cb.device_list.count);
2945 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) {
2946 /* there's AV activity on this link */
2947 if (p_data->acl_change.new_role == HCI_ROLE_SLAVE &&
2948 bta_dm_cb.device_list.count > 1 &&
2949 p_data->acl_change.hci_status == HCI_SUCCESS) {
2950 /* more than one connections and the AV connection is role switched
2951 * to slave
2952 * switch it back to master and remove the switch policy */
2953 BTM_SwitchRole(p_bda, BTM_ROLE_MASTER, NULL);
2954 need_policy_change = true;
2955 } else if (p_bta_dm_cfg->avoid_scatter &&
2956 (p_data->acl_change.new_role == HCI_ROLE_MASTER)) {
2957 /* if the link updated to be master include AV activities, remove
2958 * the switch policy */
2959 need_policy_change = true;
2960 }
2961
2962 if (need_policy_change) {
2963 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0,
2964 HCI_ENABLE_MASTER_SLAVE_SWITCH,
2965 &p_dev->peer_bdaddr);
2966 }
2967 } else {
2968 /* there's AV no activity on this link and role switch happened
2969 * check if AV is active
2970 * if so, make sure the AV link is master */
2971 bta_dm_check_av(0);
2972 }
2973 bta_sys_notify_role_chg(p_data->acl_change.bd_addr,
2974 p_data->acl_change.new_role,
2975 p_data->acl_change.hci_status);
2976 conn.role_chg.bd_addr = p_bda;
2977 conn.role_chg.new_role = (uint8_t)p_data->acl_change.new_role;
2978 if (bta_dm_cb.p_sec_cback)
2979 bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, (tBTA_DM_SEC*)&conn);
2980 }
2981 return;
2982 }
2983
2984 /* Collision report from Stack: Notify profiles */
2985 if (p_data->acl_change.event == BTM_BL_COLLISION_EVT) {
2986 bta_sys_notify_collision(p_bda);
2987 return;
2988 }
2989
2990 if (is_new) {
2991 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2992 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == p_bda &&
2993 bta_dm_cb.device_list.peer_device[i].conn_handle ==
2994 p_data->acl_change.handle)
2995 break;
2996 }
2997
2998 if (i == bta_dm_cb.device_list.count) {
2999 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
3000 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
3001 .peer_bdaddr = p_bda;
3002 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
3003 .link_policy = bta_dm_cb.cur_policy;
3004 bta_dm_cb.device_list.count++;
3005 bta_dm_cb.device_list.peer_device[i].conn_handle =
3006 p_data->acl_change.handle;
3007 if (p_data->acl_change.transport == BT_TRANSPORT_LE)
3008 bta_dm_cb.device_list.le_count++;
3009 } else {
3010 APPL_TRACE_ERROR("%s max active connection reached, no resources",
3011 __func__);
3012 return;
3013 }
3014 }
3015
3016 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED;
3017 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE;
3018 conn.link_up.bd_addr = p_bda;
3019 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE;
3020 conn.link_up.link_type = p_data->acl_change.transport;
3021 bta_dm_cb.device_list.peer_device[i].transport =
3022 p_data->acl_change.transport;
3023
3024 if (((NULL != (p = BTM_ReadLocalFeatures())) &&
3025 HCI_SNIFF_SUB_RATE_SUPPORTED(p)) &&
3026 ((NULL != (p = BTM_ReadRemoteFeatures(p_bda))) &&
3027 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) {
3028 /* both local and remote devices support SSR */
3029 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR;
3030 }
3031 APPL_TRACE_WARNING("%s info: 0x%x", __func__,
3032 bta_dm_cb.device_list.peer_device[i].info);
3033
3034 if (bta_dm_cb.p_sec_cback)
3035 bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, (tBTA_DM_SEC*)&conn);
3036 } else {
3037 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3038 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != p_bda ||
3039 bta_dm_cb.device_list.peer_device[i].transport !=
3040 p_data->acl_change.transport)
3041 continue;
3042
3043 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) {
3044 if (BTM_SecDeleteDevice(
3045 bta_dm_cb.device_list.peer_device[i].peer_bdaddr))
3046 issue_unpair_cb = true;
3047
3048 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
3049 issue_unpair_cb);
3050 }
3051
3052 conn.link_down.is_removed =
3053 bta_dm_cb.device_list.peer_device[i].remove_dev_pending;
3054
3055 // Iterate to the one before the last when shrinking the list,
3056 // otherwise we memcpy garbage data into the record.
3057 // Then clear out the last item in the list since we are shrinking.
3058 for (; i < bta_dm_cb.device_list.count - 1; i++) {
3059 memcpy(&bta_dm_cb.device_list.peer_device[i],
3060 &bta_dm_cb.device_list.peer_device[i + 1],
3061 sizeof(bta_dm_cb.device_list.peer_device[i]));
3062 }
3063 if (bta_dm_cb.device_list.count > 0) {
3064 int clear_index = bta_dm_cb.device_list.count - 1;
3065 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
3066 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
3067 }
3068 break;
3069 }
3070 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
3071 if ((p_data->acl_change.transport == BT_TRANSPORT_LE) &&
3072 (bta_dm_cb.device_list.le_count))
3073 bta_dm_cb.device_list.le_count--;
3074 conn.link_down.link_type = p_data->acl_change.transport;
3075
3076 if (bta_dm_search_cb.wait_disc && bta_dm_search_cb.peer_bdaddr == p_bda) {
3077 bta_dm_search_cb.wait_disc = false;
3078
3079 if (bta_dm_search_cb.sdp_results) {
3080 APPL_TRACE_EVENT(" timer stopped ");
3081 alarm_cancel(bta_dm_search_cb.search_timer);
3082 bta_dm_discover_next_device();
3083 }
3084 }
3085
3086 if (bta_dm_cb.disabling) {
3087 if (!BTM_GetNumAclLinks()) {
3088 /*
3089 * Start a timer to make sure that the profiles
3090 * get the disconnect event.
3091 */
3092 alarm_set_on_mloop(bta_dm_cb.disable_timer,
3093 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
3094 bta_dm_disable_conn_down_timer_cback, NULL);
3095 }
3096 }
3097 if (conn.link_down.is_removed) {
3098 BTM_SecDeleteDevice(p_bda);
3099 /* need to remove all pending background connection */
3100 BTA_GATTC_CancelOpen(0, p_bda, false);
3101 /* remove all cached GATT information */
3102 BTA_GATTC_Refresh(p_bda);
3103 }
3104
3105 conn.link_down.bd_addr = p_bda;
3106 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code();
3107 if (bta_dm_cb.p_sec_cback) {
3108 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
3109 if (issue_unpair_cb)
3110 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
3111 }
3112 }
3113
3114 bta_dm_adjust_roles(true);
3115 }
3116
3117 /*******************************************************************************
3118 *
3119 * Function bta_dm_disable_conn_down_timer_cback
3120 *
3121 * Description Sends disable event to application
3122 *
3123 *
3124 * Returns void
3125 *
3126 ******************************************************************************/
bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void * data)3127 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
3128 tBTA_SYS_HW_MSG* sys_enable_event =
3129 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
3130
3131 /* disable the power managment module */
3132 bta_dm_disable_pm();
3133
3134 /* register our callback to SYS HW manager */
3135 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
3136
3137 /* send a message to BTA SYS */
3138 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT;
3139 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
3140 bta_sys_sendmsg(sys_enable_event);
3141
3142 bta_dm_cb.disabling = false;
3143 }
3144
3145 /*******************************************************************************
3146 *
3147 * Function bta_dm_rm_cback
3148 *
3149 * Description Role management callback from sys
3150 *
3151 *
3152 * Returns void
3153 *
3154 ******************************************************************************/
bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress * peer_addr)3155 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
3156 uint8_t app_id, const RawAddress* peer_addr) {
3157 uint8_t j;
3158 tBTA_PREF_ROLES role;
3159 tBTA_DM_PEER_DEVICE* p_dev;
3160
3161 p_dev = bta_dm_find_peer_device(*peer_addr);
3162 if (status == BTA_SYS_CONN_OPEN) {
3163 if (p_dev) {
3164 /* Do not set to connected if we are in the middle of unpairing. When AV
3165 * stream is
3166 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
3167 * switch command.
3168 * But this should not be done if we are in the middle of unpairing.
3169 */
3170 if (p_dev->conn_state != BTA_DM_UNPAIRING)
3171 p_dev->conn_state = BTA_DM_CONNECTED;
3172
3173 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
3174 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
3175 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
3176 (p_bta_dm_rm_cfg[j].id == id)) {
3177 role = p_bta_dm_rm_cfg[j].cfg;
3178
3179 if (role > p_dev->pref_role) p_dev->pref_role = role;
3180 break;
3181 }
3182 }
3183 }
3184 }
3185
3186 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) {
3187 if (status == BTA_SYS_CONN_BUSY) {
3188 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
3189 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
3190 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3191 } else if (status == BTA_SYS_CONN_IDLE) {
3192 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
3193
3194 /* get cur_av_count from connected services */
3195 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3196 }
3197 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count,
3198 status);
3199 }
3200
3201 /* Don't adjust roles for each busy/idle state transition to avoid
3202 excessive switch requests when individual profile busy/idle status
3203 changes */
3204 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
3205 bta_dm_adjust_roles(false);
3206 }
3207
3208 /*******************************************************************************
3209 *
3210 * Function bta_dm_delay_role_switch_cback
3211 *
3212 * Description Callback from btm to delay a role switch
3213 *
3214 * Returns void
3215 *
3216 ******************************************************************************/
bta_dm_delay_role_switch_cback(UNUSED_ATTR void * data)3217 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
3218 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
3219 bta_dm_adjust_roles(false);
3220 }
3221
3222 /*******************************************************************************
3223 *
3224 * Function bta_dm_reset_sec_dev_pending
3225 *
3226 * Description Setting the remove device pending status to false from
3227 * security device DB, when the link key notification
3228 * event comes.
3229 *
3230 * Returns void
3231 *
3232 ******************************************************************************/
bta_dm_reset_sec_dev_pending(const RawAddress & remote_bd_addr)3233 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
3234 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
3235 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3236 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
3237 return;
3238 }
3239 }
3240 }
3241
3242 /*******************************************************************************
3243 *
3244 * Function bta_dm_remove_sec_dev_entry
3245 *
3246 * Description Removes device entry from Security device DB if ACL
3247 connection with
3248 * remtoe device does not exist, else schedule for dev entry
3249 removal upon
3250 ACL close
3251 *
3252 * Returns void
3253 *
3254 ******************************************************************************/
bta_dm_remove_sec_dev_entry(const RawAddress & remote_bd_addr)3255 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
3256 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
3257 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
3258 APPL_TRACE_DEBUG(
3259 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
3260 __func__);
3261 BTM_SecClearSecurityFlags(remote_bd_addr);
3262 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
3263 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3264 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
3265 break;
3266 }
3267 }
3268 } else {
3269 // remote_bd_addr comes from security record, which is removed in
3270 // BTM_SecDeleteDevice.
3271 RawAddress addr_copy = remote_bd_addr;
3272 BTM_SecDeleteDevice(addr_copy);
3273 /* need to remove all pending background connection */
3274 BTA_GATTC_CancelOpen(0, addr_copy, false);
3275 /* remove all cached GATT information */
3276 BTA_GATTC_Refresh(addr_copy);
3277 }
3278 }
3279
3280 /*******************************************************************************
3281 *
3282 * Function bta_dm_adjust_roles
3283 *
3284 * Description Adjust roles
3285 *
3286 *
3287 * Returns void
3288 *
3289 ******************************************************************************/
bta_dm_adjust_roles(bool delay_role_switch)3290 static void bta_dm_adjust_roles(bool delay_role_switch) {
3291 uint8_t i;
3292 bool set_master_role = false;
3293 uint8_t br_count =
3294 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count;
3295 if (br_count) {
3296 /* the configuration is no scatternet
3297 * or AV connection exists and there are more than one ACL link */
3298 if ((p_bta_dm_rm_cfg[0].cfg == BTA_DM_NO_SCATTERNET) ||
3299 (bta_dm_cb.cur_av_count && br_count > 1)) {
3300 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3301 set_master_role = true;
3302 }
3303
3304 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3305 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
3306 bta_dm_cb.device_list.peer_device[i].transport ==
3307 BT_TRANSPORT_BR_EDR) {
3308 if (!set_master_role &&
3309 (bta_dm_cb.device_list.peer_device[i].pref_role != BTA_ANY_ROLE) &&
3310 (p_bta_dm_rm_cfg[0].cfg == BTA_DM_PARTIAL_SCATTERNET)) {
3311 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3312 set_master_role = true;
3313 }
3314
3315 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
3316 BTA_MASTER_ROLE_ONLY) ||
3317 (br_count > 1)) {
3318 /* Initiating immediate role switch with certain remote devices
3319 has caused issues due to role switch colliding with link encryption
3320 setup and
3321 causing encryption (and in turn the link) to fail . These device .
3322 Firmware
3323 versions are stored in a blacklist and role switch with these
3324 devices are
3325 delayed to avoid the collision with link encryption setup */
3326
3327 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
3328 BTA_SLAVE_ROLE_ONLY &&
3329 delay_role_switch == false) {
3330 BTM_SwitchRole(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
3331 HCI_ROLE_MASTER, NULL);
3332 } else {
3333 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
3334 BTA_DM_SWITCH_DELAY_TIMER_MS,
3335 bta_dm_delay_role_switch_cback, NULL);
3336 }
3337 }
3338 }
3339 }
3340
3341 if (!set_master_role) {
3342 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3343 }
3344
3345 } else {
3346 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3347 }
3348 }
3349
3350 /*******************************************************************************
3351 *
3352 * Function bta_dm_get_remname
3353 *
3354 * Description Returns a pointer to the remote name stored in the DM
3355 * control block if it exists, or from the BTM memory.
3356 *
3357 * Returns char * - Pointer to the remote device name
3358 ******************************************************************************/
bta_dm_get_remname(void)3359 static char* bta_dm_get_remname(void) {
3360 char* p_name = (char*)bta_dm_search_cb.peer_name;
3361 char* p_temp;
3362
3363 /* If the name isn't already stored, try retrieving from BTM */
3364 if (*p_name == '\0') {
3365 p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
3366 if (p_temp != NULL) p_name = p_temp;
3367 }
3368
3369 return p_name;
3370 }
3371
3372 /*******************************************************************************
3373 *
3374 * Function bta_dm_bond_cancel_complete_cback
3375 *
3376 * Description Authentication complete callback from BTM
3377 *
3378 * Returns void
3379 *
3380 ******************************************************************************/
bta_dm_bond_cancel_complete_cback(tBTM_STATUS result)3381 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
3382 tBTA_DM_SEC sec_event;
3383
3384 if (result == BTM_SUCCESS)
3385 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
3386 else
3387 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
3388
3389 if (bta_dm_cb.p_sec_cback) {
3390 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
3391 }
3392 }
3393
3394 /*******************************************************************************
3395 *
3396 * Function find_utf8_char_boundary
3397 *
3398 * Description This function checks a UTF8 string |utf8str| starting at
3399 * |offset|, moving backwards and returns the offset of the
3400 * next valid UTF8 character boundary found.
3401 *
3402 * Returns Offset of UTF8 character boundary
3403 *
3404 ******************************************************************************/
find_utf8_char_boundary(const char * utf8str,size_t offset)3405 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
3406 CHECK(utf8str);
3407 CHECK(offset > 0);
3408
3409 while (--offset) {
3410 uint8_t ch = (uint8_t)utf8str[offset];
3411 if ((ch & 0x80) == 0x00) // ASCII
3412 return offset + 1;
3413 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
3414 return offset;
3415 }
3416
3417 return 0;
3418 }
3419
3420 /*******************************************************************************
3421 *
3422 * Function bta_dm_set_eir
3423 *
3424 * Description This function creates EIR tagged data and writes it to
3425 * controller.
3426 *
3427 * Returns None
3428 *
3429 ******************************************************************************/
bta_dm_set_eir(char * local_name)3430 static void bta_dm_set_eir(char* local_name) {
3431 uint8_t* p;
3432 uint8_t* p_length;
3433 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3434 uint8_t* p_type;
3435 uint8_t max_num_uuid;
3436 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3437 uint8_t custom_uuid_idx;
3438 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
3439 #endif // BTA_EIR_CANNED_UUID_LIST
3440 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
3441 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
3442 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
3443 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
3444 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
3445 uint8_t num_uuid;
3446 uint8_t data_type;
3447 uint8_t local_name_len;
3448
3449 /* wait until complete to disable */
3450 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
3451
3452 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3453 /* if local name is not provided, get it from controller */
3454 if (local_name == NULL) {
3455 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) {
3456 APPL_TRACE_ERROR("Fail to read local device name for EIR");
3457 }
3458 }
3459 #endif // BTA_EIR_CANNED_UUID_LIST
3460
3461 /* Allocate a buffer to hold HCI command */
3462 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
3463 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
3464
3465 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
3466
3467 APPL_TRACE_DEBUG("BTA is generating EIR");
3468
3469 if (local_name)
3470 local_name_len = strlen(local_name);
3471 else
3472 local_name_len = 0;
3473
3474 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3475 /* if local name is longer than minimum length of shortened name */
3476 /* check whether it needs to be shortened or not */
3477 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
3478 /* get number of UUID 16-bit list */
3479 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3480 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / LEN_UUID_16;
3481 #else // BTA_EIR_CANNED_UUID_LIST
3482 max_num_uuid = (free_eir_length - 2) / LEN_UUID_16;
3483 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3484 max_num_uuid, &num_uuid);
3485 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
3486 #endif // BTA_EIR_CANNED_UUID_LIST
3487
3488 /* if UUID doesn't fit remaing space, shorten local name */
3489 if (local_name_len > (free_eir_length - 4 - num_uuid * LEN_UUID_16)) {
3490 local_name_len = find_utf8_char_boundary(
3491 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
3492 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
3493 local_name_len);
3494 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE;
3495 } else {
3496 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3497 }
3498 }
3499
3500 UINT8_TO_STREAM(p, local_name_len + 1);
3501 UINT8_TO_STREAM(p, data_type);
3502
3503 if (local_name != NULL) {
3504 memcpy(p, local_name, local_name_len);
3505 p += local_name_len;
3506 }
3507 free_eir_length -= local_name_len + 2;
3508
3509 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3510 /* if UUID list is provided as static data in configuration */
3511 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
3512 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
3513 if (free_eir_length > LEN_UUID_16 + 2) {
3514 free_eir_length -= 2;
3515
3516 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
3517 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / LEN_UUID_16;
3518 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE;
3519 } else /* not enough room for all UUIDs */
3520 {
3521 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3522 num_uuid = free_eir_length / LEN_UUID_16;
3523 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3524 }
3525 UINT8_TO_STREAM(p, num_uuid * LEN_UUID_16 + 1);
3526 UINT8_TO_STREAM(p, data_type);
3527 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16, num_uuid * LEN_UUID_16);
3528 p += num_uuid * LEN_UUID_16;
3529 free_eir_length -= num_uuid * LEN_UUID_16;
3530 }
3531 }
3532 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3533 /* if UUID list is dynamic */
3534 if (free_eir_length >= 2) {
3535 p_length = p++;
3536 p_type = p++;
3537 num_uuid = 0;
3538
3539 max_num_uuid = (free_eir_length - 2) / LEN_UUID_16;
3540 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3541 max_num_uuid, &num_uuid);
3542
3543 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) {
3544 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3545 }
3546 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3547 else {
3548 for (custom_uuid_idx = 0;
3549 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3550 custom_uuid_idx++) {
3551 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_16) {
3552 if (num_uuid < max_num_uuid) {
3553 UINT16_TO_STREAM(p,
3554 bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid16);
3555 num_uuid++;
3556 } else {
3557 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3558 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3559 break;
3560 }
3561 }
3562 }
3563 }
3564 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3565
3566 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_16 + 1);
3567 UINT8_TO_STREAM(p_type, data_type);
3568 free_eir_length -= num_uuid * LEN_UUID_16 + 2;
3569 }
3570 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3571
3572 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3573 /* Adding 32-bit UUID list */
3574 if (free_eir_length >= 2) {
3575 p_length = p++;
3576 p_type = p++;
3577 num_uuid = 0;
3578 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE;
3579
3580 max_num_uuid = (free_eir_length - 2) / LEN_UUID_32;
3581
3582 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3583 custom_uuid_idx++) {
3584 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_32) {
3585 if (num_uuid < max_num_uuid) {
3586 UINT32_TO_STREAM(p, bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid32);
3587 num_uuid++;
3588 } else {
3589 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE;
3590 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3591 break;
3592 }
3593 }
3594 }
3595
3596 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_32 + 1);
3597 UINT8_TO_STREAM(p_type, data_type);
3598 free_eir_length -= num_uuid * LEN_UUID_32 + 2;
3599 }
3600
3601 /* Adding 128-bit UUID list */
3602 if (free_eir_length >= 2) {
3603 p_length = p++;
3604 p_type = p++;
3605 num_uuid = 0;
3606 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE;
3607
3608 max_num_uuid = (free_eir_length - 2) / LEN_UUID_128;
3609
3610 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3611 custom_uuid_idx++) {
3612 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_128) {
3613 if (num_uuid < max_num_uuid) {
3614 ARRAY16_TO_STREAM(p,
3615 bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid128);
3616 num_uuid++;
3617 } else {
3618 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE;
3619 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3620 break;
3621 }
3622 }
3623 }
3624
3625 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_128 + 1);
3626 UINT8_TO_STREAM(p_type, data_type);
3627 free_eir_length -= num_uuid * LEN_UUID_128 + 2;
3628 }
3629 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3630 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3631
3632 /* if Flags are provided in configuration */
3633 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3634 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3635 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3636 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3637 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE);
3638 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3639 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3640 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3641 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3642 }
3643
3644 /* if Manufacturer Specific are provided in configuration */
3645 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3646 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3647 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3648 p_length = p;
3649
3650 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3651 UINT8_TO_STREAM(p, BTM_EIR_MANUFACTURER_SPECIFIC_TYPE);
3652 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3653 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3654 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3655 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3656
3657 } else {
3658 p_length = NULL;
3659 }
3660
3661 /* if Inquiry Tx Resp Power compiled */
3662 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3663 UINT8_TO_STREAM(p, 2); /* Length field */
3664 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE);
3665 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3666 free_eir_length -= 3;
3667 }
3668
3669 if (free_eir_length)
3670 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3671
3672 BTM_WriteEIR(p_buf);
3673 }
3674
3675 /*******************************************************************************
3676 *
3677 * Function bta_dm_eir_search_services
3678 *
3679 * Description This function searches services in received EIR
3680 *
3681 * Returns None
3682 *
3683 ******************************************************************************/
bta_dm_eir_search_services(tBTM_INQ_RESULTS * p_result,tBTA_SERVICE_MASK * p_services_to_search,tBTA_SERVICE_MASK * p_services_found)3684 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
3685 tBTA_SERVICE_MASK* p_services_to_search,
3686 tBTA_SERVICE_MASK* p_services_found) {
3687 tBTA_SERVICE_MASK service_index = 0;
3688 tBTM_EIR_SEARCH_RESULT result;
3689
3690 VLOG(1) << "BTA searching services in EIR of BDA:"
3691 << p_result->remote_bd_addr;
3692
3693 APPL_TRACE_DEBUG(" with services_to_search=0x%08X", *p_services_to_search);
3694
3695 /* always do GATT based service discovery by SDP instead of from EIR */
3696 /* if GATT based service is also to be put in EIR, need to modify this */
3697 while (service_index < (BTA_MAX_SERVICE_ID - 1)) {
3698 if (*p_services_to_search &
3699 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))) {
3700 result = BTM_HasInquiryEirService(
3701 p_result, bta_service_id_to_uuid_lkup_tbl[service_index]);
3702
3703 /* Searching for HSP v1.2 only device */
3704 if ((result != BTM_EIR_FOUND) &&
3705 (bta_service_id_to_uuid_lkup_tbl[service_index] ==
3706 UUID_SERVCLASS_HEADSET)) {
3707 result = BTM_HasInquiryEirService(p_result, UUID_SERVCLASS_HEADSET_HS);
3708 }
3709
3710 if (result == BTM_EIR_FOUND) {
3711 /* If Plug and Play service record, need to check to see if Broadcom
3712 * stack */
3713 /* However, EIR data doesn't have EXT_BRCM_VERSION so just skip it */
3714 if (bta_service_id_to_uuid_lkup_tbl[service_index] !=
3715 UUID_SERVCLASS_PNP_INFORMATION) {
3716 *p_services_found |= (tBTA_SERVICE_MASK)(
3717 BTA_SERVICE_ID_TO_SERVICE_MASK(service_index));
3718 /* remove the service from services to be searched */
3719 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3720 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3721 }
3722 } else if (result == BTM_EIR_NOT_FOUND) {
3723 /* remove the service from services to be searched */
3724 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3725 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3726 }
3727 }
3728
3729 service_index++;
3730 }
3731
3732 APPL_TRACE_ERROR(
3733 "BTA EIR search result, services_to_search=0x%08X, services_found=0x%08X",
3734 *p_services_to_search, *p_services_found);
3735 }
3736
3737 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3738 /*******************************************************************************
3739 *
3740 * Function bta_dm_eir_update_uuid
3741 *
3742 * Description This function adds or removes service UUID in EIR database.
3743 *
3744 * Returns None
3745 *
3746 ******************************************************************************/
bta_dm_eir_update_uuid(uint16_t uuid16,bool adding)3747 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3748 /* if this UUID is not advertised in EIR */
3749 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3750
3751 if (adding) {
3752 APPL_TRACE_EVENT("Adding UUID=0x%04X into EIR", uuid16);
3753
3754 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3755 } else {
3756 APPL_TRACE_EVENT("Removing UUID=0x%04X from EIR", uuid16);
3757
3758 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16);
3759 }
3760
3761 bta_dm_set_eir(NULL);
3762
3763 APPL_TRACE_EVENT("bta_dm_eir_update_uuid UUID bit mask=0x%08X %08X",
3764 bta_dm_cb.eir_uuid[1], bta_dm_cb.eir_uuid[0]);
3765 }
3766 #endif
3767
3768 /*******************************************************************************
3769 *
3770 * Function bta_dm_enable_test_mode
3771 *
3772 * Description enable test mode
3773 *
3774 *
3775 * Returns void
3776 *
3777 ******************************************************************************/
bta_dm_enable_test_mode(UNUSED_ATTR tBTA_DM_MSG * p_data)3778 void bta_dm_enable_test_mode(UNUSED_ATTR tBTA_DM_MSG* p_data) {
3779 BTM_EnableTestMode();
3780 }
3781
3782 /*******************************************************************************
3783 *
3784 * Function bta_dm_disable_test_mode
3785 *
3786 * Description disable test mode
3787 *
3788 *
3789 * Returns void
3790 *
3791 ******************************************************************************/
bta_dm_disable_test_mode(UNUSED_ATTR tBTA_DM_MSG * p_data)3792 void bta_dm_disable_test_mode(UNUSED_ATTR tBTA_DM_MSG* p_data) {
3793 BTM_DeviceReset(NULL);
3794 }
3795
3796 /*******************************************************************************
3797 *
3798 * Function bta_dm_execute_callback
3799 *
3800 * Description Just execute a generic call back in the context of the
3801 * BTU/BTA tack
3802 *
3803 *
3804 * Returns void
3805 *
3806 ******************************************************************************/
bta_dm_execute_callback(tBTA_DM_MSG * p_data)3807 void bta_dm_execute_callback(tBTA_DM_MSG* p_data) {
3808 /* sanity check */
3809 if (p_data->exec_cback.p_exec_cback == NULL) {
3810 return;
3811 }
3812
3813 p_data->exec_cback.p_exec_cback(p_data->exec_cback.p_param);
3814 }
3815
3816 /*******************************************************************************
3817 *
3818 * Function bta_dm_encrypt_cback
3819 *
3820 * Description link encryption complete callback.
3821 *
3822 * Returns None
3823 *
3824 ******************************************************************************/
bta_dm_encrypt_cback(const RawAddress * bd_addr,tBT_TRANSPORT transport,UNUSED_ATTR void * p_ref_data,tBTM_STATUS result)3825 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3826 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3827 tBTA_STATUS bta_status = BTA_SUCCESS;
3828 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL;
3829 uint8_t i;
3830
3831 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3832 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr &&
3833 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3834 break;
3835 }
3836
3837 if (i < bta_dm_cb.device_list.count) {
3838 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback;
3839 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL;
3840 }
3841
3842 switch (result) {
3843 case BTM_SUCCESS:
3844 break;
3845 case BTM_WRONG_MODE:
3846 bta_status = BTA_WRONG_MODE;
3847 break;
3848 case BTM_NO_RESOURCES:
3849 bta_status = BTA_NO_RESOURCES;
3850 break;
3851 case BTM_BUSY:
3852 bta_status = BTA_BUSY;
3853 break;
3854 default:
3855 bta_status = BTA_FAILURE;
3856 break;
3857 }
3858
3859 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x",
3860 bta_status, p_callback);
3861
3862 if (p_callback) {
3863 (*p_callback)(*bd_addr, transport, bta_status);
3864 }
3865 }
3866
3867 /*******************************************************************************
3868 *
3869 * Function bta_dm_set_encryption
3870 *
3871 * Description This function to encrypt the link
3872 *
3873 * Returns None
3874 *
3875 ******************************************************************************/
bta_dm_set_encryption(tBTA_DM_MSG * p_data)3876 void bta_dm_set_encryption(tBTA_DM_MSG* p_data) {
3877 uint8_t i;
3878
3879 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo
3880 if (!p_data->set_encryption.p_callback) {
3881 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided");
3882 return;
3883 }
3884 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3885 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr ==
3886 p_data->set_encryption.bd_addr &&
3887 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3888 break;
3889 }
3890 if (i < bta_dm_cb.device_list.count) {
3891 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) {
3892 APPL_TRACE_ERROR("earlier enc was not done for same device");
3893 (*p_data->set_encryption.p_callback)(p_data->set_encryption.bd_addr,
3894 p_data->set_encryption.transport,
3895 BTA_BUSY);
3896 return;
3897 }
3898
3899 if (BTM_SetEncryption(p_data->set_encryption.bd_addr,
3900 p_data->set_encryption.transport,
3901 bta_dm_encrypt_cback, NULL,
3902 p_data->set_encryption.sec_act) == BTM_CMD_STARTED) {
3903 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback =
3904 p_data->set_encryption.p_callback;
3905 }
3906 }
3907 }
3908
bta_dm_check_if_only_hd_connected(const RawAddress & peer_addr)3909 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3910 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3911
3912 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3913 // Check if profiles other than hid are connected
3914 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3915 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3916 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3917 bta_dm_conn_srvcs.conn_srvc[j].id);
3918 return false;
3919 }
3920 }
3921
3922 return true;
3923 }
3924
3925 /*******************************************************************************
3926 *
3927 * Function bta_dm_observe_results_cb
3928 *
3929 * Description Callback for BLE Observe result
3930 *
3931 *
3932 * Returns void
3933 *
3934 ******************************************************************************/
bta_dm_observe_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)3935 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
3936 uint16_t eir_len) {
3937 tBTA_DM_SEARCH result;
3938 tBTM_INQ_INFO* p_inq_info;
3939 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3940
3941 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3942 result.inq_res.rssi = p_inq->rssi;
3943 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3944 result.inq_res.inq_result_type = p_inq->inq_result_type;
3945 result.inq_res.device_type = p_inq->device_type;
3946 result.inq_res.flag = p_inq->flag;
3947 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3948 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3949 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3950 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3951 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3952 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3953
3954 /* application will parse EIR to find out remote device name */
3955 result.inq_res.p_eir = p_eir;
3956 result.inq_res.eir_len = eir_len;
3957
3958 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3959 if (p_inq_info != NULL) {
3960 /* initialize remt_name_not_required to false so that we get the name by
3961 * default */
3962 result.inq_res.remt_name_not_required = false;
3963 }
3964
3965 if (bta_dm_search_cb.p_scan_cback)
3966 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3967
3968 if (p_inq_info) {
3969 /* application indicates if it knows the remote name, inside the callback
3970 copy that to the inquiry data base*/
3971 if (result.inq_res.remt_name_not_required)
3972 p_inq_info->appl_knows_rem_name = true;
3973 }
3974 }
3975
3976 /*******************************************************************************
3977 *
3978 * Function bta_dm_observe_cmpl_cb
3979 *
3980 * Description Callback for BLE Observe complete
3981 *
3982 *
3983 * Returns void
3984 *
3985 ******************************************************************************/
bta_dm_observe_cmpl_cb(void * p_result)3986 static void bta_dm_observe_cmpl_cb(void* p_result) {
3987 tBTA_DM_SEARCH data;
3988
3989 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3990
3991 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3992 if (bta_dm_search_cb.p_scan_cback) {
3993 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3994 }
3995 }
3996
3997 /*******************************************************************************
3998 *
3999 * Function bta_dm_ble_smp_cback
4000 *
4001 * Description Callback for BLE SMP
4002 *
4003 *
4004 * Returns void
4005 *
4006 ******************************************************************************/
bta_dm_ble_smp_cback(tBTM_LE_EVT event,const RawAddress & bda,tBTM_LE_EVT_DATA * p_data)4007 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
4008 tBTM_LE_EVT_DATA* p_data) {
4009 tBTM_STATUS status = BTM_SUCCESS;
4010 tBTA_DM_SEC sec_event;
4011 char* p_name = NULL;
4012
4013 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
4014
4015 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
4016 switch (event) {
4017 case BTM_LE_IO_REQ_EVT:
4018 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
4019
4020 bta_dm_co_ble_io_req(
4021 bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
4022 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
4023 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
4024 #endif
4025 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
4026 p_data->io_req.oob_data);
4027
4028 break;
4029
4030 case BTM_LE_SEC_REQUEST_EVT:
4031 sec_event.ble_req.bd_addr = bda;
4032 p_name = BTM_SecReadDevName(bda);
4033 if (p_name != NULL)
4034 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
4035 else
4036 sec_event.ble_req.bd_name[0] = 0;
4037 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
4038 break;
4039
4040 case BTM_LE_KEY_NOTIF_EVT:
4041 sec_event.key_notif.bd_addr = bda;
4042 p_name = BTM_SecReadDevName(bda);
4043 if (p_name != NULL)
4044 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN);
4045 else
4046 sec_event.key_notif.bd_name[0] = 0;
4047 sec_event.key_notif.passkey = p_data->key_notif;
4048 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
4049 break;
4050
4051 case BTM_LE_KEY_REQ_EVT:
4052 sec_event.ble_req.bd_addr = bda;
4053 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
4054 break;
4055
4056 case BTM_LE_OOB_REQ_EVT:
4057 sec_event.ble_req.bd_addr = bda;
4058 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
4059 break;
4060
4061 case BTM_LE_NC_REQ_EVT:
4062 sec_event.key_notif.bd_addr = bda;
4063 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
4064 (BD_NAME_LEN));
4065 sec_event.key_notif.passkey = p_data->key_notif;
4066 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
4067 break;
4068
4069 case BTM_LE_SC_OOB_REQ_EVT:
4070 sec_event.ble_req.bd_addr = bda;
4071 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
4072 break;
4073
4074 case BTM_LE_KEY_EVT:
4075 sec_event.ble_key.bd_addr = bda;
4076 sec_event.ble_key.key_type = p_data->key.key_type;
4077 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
4078 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
4079 break;
4080
4081 case BTM_LE_COMPLT_EVT:
4082 sec_event.auth_cmpl.bd_addr = bda;
4083 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
4084 &sec_event.auth_cmpl.addr_type);
4085 p_name = BTM_SecReadDevName(bda);
4086 if (p_name != NULL)
4087 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN));
4088 else
4089 sec_event.auth_cmpl.bd_name[0] = 0;
4090
4091 if (p_data->complt.reason != 0) {
4092 sec_event.auth_cmpl.fail_reason =
4093 BTA_DM_AUTH_CONVERT_SMP_CODE(((uint8_t)p_data->complt.reason));
4094 /* delete this device entry from Sec Dev DB */
4095 bta_dm_remove_sec_dev_entry(bda);
4096 } else {
4097 sec_event.auth_cmpl.success = true;
4098 }
4099
4100 if (bta_dm_cb.p_sec_cback) {
4101 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
4102 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
4103 }
4104 break;
4105
4106 default:
4107 status = BTM_NOT_AUTHORIZED;
4108 break;
4109 }
4110 return status;
4111 }
4112
4113 /*******************************************************************************
4114 *
4115 * Function bta_dm_ble_id_key_cback
4116 *
4117 * Description Callback for BLE local ID keys
4118 *
4119 *
4120 * Returns void
4121 *
4122 ******************************************************************************/
bta_dm_ble_id_key_cback(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)4123 static void bta_dm_ble_id_key_cback(uint8_t key_type,
4124 tBTM_BLE_LOCAL_KEYS* p_key) {
4125 uint8_t evt;
4126 tBTA_DM_SEC dm_key;
4127
4128 switch (key_type) {
4129 case BTM_BLE_KEY_TYPE_ID:
4130 case BTM_BLE_KEY_TYPE_ER:
4131 if (bta_dm_cb.p_sec_cback) {
4132 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
4133
4134 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT
4135 : BTA_DM_BLE_LOCAL_ER_EVT;
4136 bta_dm_cb.p_sec_cback(evt, &dm_key);
4137 }
4138 break;
4139
4140 default:
4141 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
4142 break;
4143 }
4144 return;
4145 }
4146
4147 /*******************************************************************************
4148 *
4149 * Function bta_dm_add_blekey
4150 *
4151 * Description This function adds an BLE Key to an security database entry.
4152 * This function shall only be called AFTER BTA_DmAddBleDevice
4153 * has been called.
4154 * It is normally called during host startup to restore all
4155 * required information stored in the NVRAM.
4156 *
4157 * Parameters:
4158 *
4159 ******************************************************************************/
bta_dm_add_blekey(tBTA_DM_MSG * p_data)4160 void bta_dm_add_blekey(tBTA_DM_MSG* p_data) {
4161 if (!BTM_SecAddBleKey(p_data->add_ble_key.bd_addr,
4162 (tBTM_LE_KEY_VALUE*)&p_data->add_ble_key.blekey,
4163 p_data->add_ble_key.key_type)) {
4164 LOG(ERROR) << "BTA_DM: Error adding BLE Key for device "
4165 << p_data->add_ble_key.bd_addr;
4166 }
4167 }
4168
4169 /*******************************************************************************
4170 *
4171 * Function bta_dm_add_ble_device
4172 *
4173 * Description This function adds an BLE device to an security database
4174 * entry.
4175 * It is normally called during host startup to restore all
4176 * required information stored in the NVRAM.
4177 *
4178 * Parameters:
4179 *
4180 ******************************************************************************/
bta_dm_add_ble_device(tBTA_DM_MSG * p_data)4181 void bta_dm_add_ble_device(tBTA_DM_MSG* p_data) {
4182 if (!BTM_SecAddBleDevice(p_data->add_ble_device.bd_addr, NULL,
4183 p_data->add_ble_device.dev_type,
4184 p_data->add_ble_device.addr_type)) {
4185 LOG(ERROR) << "BTA_DM: Error adding BLE Device for device "
4186 << p_data->add_ble_device.bd_addr;
4187 }
4188 }
4189
4190 /*******************************************************************************
4191 *
4192 * Function bta_dm_add_ble_device
4193 *
4194 * Description This function adds an BLE device to an security database
4195 * entry.
4196 * It is normally called during host startup to restore all
4197 * required information stored in the NVRAM.
4198 *
4199 * Parameters:
4200 *
4201 ******************************************************************************/
bta_dm_ble_passkey_reply(tBTA_DM_MSG * p_data)4202 void bta_dm_ble_passkey_reply(tBTA_DM_MSG* p_data) {
4203 if (p_data->pin_reply.accept) {
4204 BTM_BlePasskeyReply(p_data->ble_passkey_reply.bd_addr, BTM_SUCCESS,
4205 p_data->ble_passkey_reply.passkey);
4206 } else {
4207 BTM_BlePasskeyReply(p_data->ble_passkey_reply.bd_addr, BTM_NOT_AUTHORIZED,
4208 p_data->ble_passkey_reply.passkey);
4209 }
4210 }
4211
4212 /*******************************************************************************
4213 *
4214 * Function bta_dm_ble_confirm_reply
4215 *
4216 * Description This is response to SM numeric comparison request submitted
4217 * to application.
4218 *
4219 * Parameters:
4220 *
4221 ******************************************************************************/
bta_dm_ble_confirm_reply(tBTA_DM_MSG * p_data)4222 void bta_dm_ble_confirm_reply(tBTA_DM_MSG* p_data) {
4223 if (p_data->confirm.accept) {
4224 BTM_BleConfirmReply(p_data->confirm.bd_addr, BTM_SUCCESS);
4225 } else {
4226 BTM_BleConfirmReply(p_data->ble_passkey_reply.bd_addr, BTM_NOT_AUTHORIZED);
4227 }
4228 }
4229
4230 /*******************************************************************************
4231 *
4232 * Function bta_dm_security_grant
4233 *
4234 * Description This function grant SMP security request access.
4235 *
4236 * Parameters:
4237 *
4238 ******************************************************************************/
bta_dm_security_grant(tBTA_DM_MSG * p_data)4239 void bta_dm_security_grant(tBTA_DM_MSG* p_data) {
4240 BTM_SecurityGrant(p_data->ble_sec_grant.bd_addr, p_data->ble_sec_grant.res);
4241 }
4242
4243 /*******************************************************************************
4244 *
4245 * Function bta_dm_ble_set_bg_conn_type
4246 *
4247 * Description This function set the BLE background connection type
4248 *
4249 * Parameters:
4250 *
4251 ******************************************************************************/
bta_dm_ble_set_bg_conn_type(tBTA_DM_MSG * p_data)4252 void bta_dm_ble_set_bg_conn_type(tBTA_DM_MSG* p_data) {
4253 BTM_BleStartAutoConn();
4254 }
4255
4256 /*******************************************************************************
4257 *
4258 * Function bta_dm_ble_set_conn_params
4259 *
4260 * Description This function set the preferred connection parameters.
4261 *
4262 * Parameters:
4263 *
4264 ******************************************************************************/
bta_dm_ble_set_conn_params(tBTA_DM_MSG * p_data)4265 void bta_dm_ble_set_conn_params(tBTA_DM_MSG* p_data) {
4266 BTM_BleSetPrefConnParams(p_data->ble_set_conn_params.peer_bda,
4267 p_data->ble_set_conn_params.conn_int_min,
4268 p_data->ble_set_conn_params.conn_int_max,
4269 p_data->ble_set_conn_params.slave_latency,
4270 p_data->ble_set_conn_params.supervision_tout);
4271 }
4272
4273 /*******************************************************************************
4274 *
4275 * Function bta_dm_ble_set_conn_scan_params
4276 *
4277 * Description This function set the preferred connection scan parameters.
4278 *
4279 * Parameters:
4280 *
4281 ******************************************************************************/
bta_dm_ble_set_conn_scan_params(tBTA_DM_MSG * p_data)4282 void bta_dm_ble_set_conn_scan_params(tBTA_DM_MSG* p_data) {
4283 BTM_BleSetConnScanParams(p_data->ble_set_conn_scan_params.scan_int,
4284 p_data->ble_set_conn_scan_params.scan_window);
4285 }
4286 /*******************************************************************************
4287 *
4288 * Function bta_dm_ble_update_conn_params
4289 *
4290 * Description This function update LE connection parameters.
4291 *
4292 * Parameters:
4293 *
4294 ******************************************************************************/
bta_dm_ble_update_conn_params(tBTA_DM_MSG * p_data)4295 void bta_dm_ble_update_conn_params(tBTA_DM_MSG* p_data) {
4296 if (!L2CA_UpdateBleConnParams(p_data->ble_update_conn_params.bd_addr,
4297 p_data->ble_update_conn_params.min_int,
4298 p_data->ble_update_conn_params.max_int,
4299 p_data->ble_update_conn_params.latency,
4300 p_data->ble_update_conn_params.timeout)) {
4301 APPL_TRACE_ERROR("Update connection parameters failed!");
4302 }
4303 }
4304
4305 #if (BLE_PRIVACY_SPT == TRUE)
4306 /*******************************************************************************
4307 *
4308 * Function bta_dm_ble_config_local_privacy
4309 *
4310 * Description This function set the local device LE privacy settings.
4311 *
4312 * Parameters:
4313 *
4314 ******************************************************************************/
bta_dm_ble_config_local_privacy(tBTA_DM_MSG * p_data)4315 void bta_dm_ble_config_local_privacy(tBTA_DM_MSG* p_data) {
4316 BTM_BleConfigPrivacy(p_data->ble_local_privacy.privacy_enable);
4317 }
4318 #endif
4319
4320 /*******************************************************************************
4321 *
4322 * Function bta_dm_ble_observe
4323 *
4324 * Description This function set the preferred connection scan parameters.
4325 *
4326 * Parameters:
4327 *
4328 ******************************************************************************/
bta_dm_ble_observe(tBTA_DM_MSG * p_data)4329 void bta_dm_ble_observe(tBTA_DM_MSG* p_data) {
4330 tBTM_STATUS status;
4331 if (p_data->ble_observe.start) {
4332 /*Save the callback to be called when a scan results are available */
4333 bta_dm_search_cb.p_scan_cback = p_data->ble_observe.p_cback;
4334 status = BTM_BleObserve(true, p_data->ble_observe.duration,
4335 bta_dm_observe_results_cb, bta_dm_observe_cmpl_cb);
4336 if (status != BTM_CMD_STARTED) {
4337 tBTA_DM_SEARCH data;
4338 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
4339 status);
4340 data.inq_cmpl.num_resps = 0;
4341 if (bta_dm_search_cb.p_scan_cback) {
4342 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
4343 }
4344 }
4345 } else {
4346 bta_dm_search_cb.p_scan_cback = NULL;
4347 BTM_BleObserve(false, 0, NULL, NULL);
4348 }
4349 }
4350 /*******************************************************************************
4351 *
4352 * Function bta_dm_ble_set_adv_params
4353 *
4354 * Description This function set the adv parameters.
4355 *
4356 * Parameters:
4357 *
4358 ******************************************************************************/
bta_dm_ble_set_adv_params(uint16_t adv_int_min,uint16_t adv_int_max,tBLE_BD_ADDR * p_dir_bda)4359 void bta_dm_ble_set_adv_params(uint16_t adv_int_min, uint16_t adv_int_max,
4360 tBLE_BD_ADDR* p_dir_bda) {
4361 BTM_BleSetAdvParams(adv_int_min, adv_int_max, p_dir_bda,
4362 BTA_DM_BLE_ADV_CHNL_MAP);
4363 }
4364
4365 /*******************************************************************************
4366 *
4367 * Function bta_dm_ble_set_data_length
4368 *
4369 * Description This function set the maximum transmission packet size
4370 *
4371 * Parameters
4372 *
4373 ******************************************************************************/
bta_dm_ble_set_data_length(tBTA_DM_MSG * p_data)4374 void bta_dm_ble_set_data_length(tBTA_DM_MSG* p_data) {
4375 if (BTM_SetBleDataLength(p_data->ble_set_data_length.remote_bda,
4376 p_data->ble_set_data_length.tx_data_length) !=
4377 BTM_SUCCESS) {
4378 APPL_TRACE_ERROR("%s failed", __func__);
4379 }
4380 }
4381
4382 /*******************************************************************************
4383 *
4384 * Function bta_ble_enable_scan_cmpl
4385 *
4386 * Description ADV payload filtering enable / disable complete callback
4387 *
4388 *
4389 * Returns None
4390 *
4391 ******************************************************************************/
bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTM_STATUS status)4392 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
4393 tBTM_BLE_RX_TIME_MS rx_time,
4394 tBTM_BLE_IDLE_TIME_MS idle_time,
4395 tBTM_BLE_ENERGY_USED energy_used,
4396 tBTM_STATUS status) {
4397 tBTA_STATUS st = (status == BTM_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4398 tBTA_DM_CONTRL_STATE ctrl_state = 0;
4399
4400 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
4401
4402 if (bta_dm_cb.p_energy_info_cback)
4403 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
4404 ctrl_state, st);
4405 }
4406
4407 /*******************************************************************************
4408 *
4409 * Function bta_dm_ble_get_energy_info
4410 *
4411 * Description This function obtains the energy info
4412 *
4413 * Parameters:
4414 *
4415 ******************************************************************************/
bta_dm_ble_get_energy_info(tBTA_DM_MSG * p_data)4416 void bta_dm_ble_get_energy_info(tBTA_DM_MSG* p_data) {
4417 tBTM_STATUS btm_status = 0;
4418
4419 bta_dm_cb.p_energy_info_cback = p_data->ble_energy_info.p_energy_info_cback;
4420 btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
4421 if (BTM_CMD_STARTED != btm_status)
4422 bta_ble_energy_info_cmpl(0, 0, 0, 0, btm_status);
4423 }
4424
4425 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
4426 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
4427 #endif
4428
4429 /*******************************************************************************
4430 *
4431 * Function bta_dm_gattc_register
4432 *
4433 * Description Register with GATTC in DM if BLE is needed.
4434 *
4435 *
4436 * Returns void
4437 *
4438 ******************************************************************************/
bta_dm_gattc_register(void)4439 static void bta_dm_gattc_register(void) {
4440 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
4441 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
4442 base::Bind([](uint8_t client_id, uint8_t status) {
4443 if (status == BTA_GATT_OK)
4444 bta_dm_search_cb.client_if = client_id;
4445 else
4446 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
4447
4448 }));
4449 }
4450 }
4451
4452 /*******************************************************************************
4453 *
4454 * Function btm_dm_start_disc_gatt_services
4455 *
4456 * Description This function starts a GATT service search request.
4457 *
4458 * Parameters:
4459 *
4460 ******************************************************************************/
btm_dm_start_disc_gatt_services(uint16_t conn_id)4461 static void btm_dm_start_disc_gatt_services(uint16_t conn_id) {
4462 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4463 bta_dm_search_cb.uuid_to_search;
4464
4465 p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4466 bta_dm_search_cb.uuid_to_search;
4467
4468 /* always search for all services */
4469 BTA_GATTC_ServiceSearchRequest(conn_id, p_uuid);
4470 }
4471
4472 /*******************************************************************************
4473 *
4474 * Function bta_dm_gatt_disc_result
4475 *
4476 * Description This function process the GATT service search result.
4477 *
4478 * Parameters:
4479 *
4480 ******************************************************************************/
bta_dm_gatt_disc_result(tBTA_GATT_ID service_id)4481 static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) {
4482 tBTA_DM_SEARCH result;
4483
4484 /*
4485 * This logic will not work for gatt case. We are checking against the
4486 * bluetooth profiles here
4487 * just copy the GATTID in raw data field and send it across.
4488 */
4489
4490 if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) <
4491 bta_dm_search_cb.ble_raw_size) {
4492 APPL_TRACE_DEBUG(
4493 "ADDING BLE SERVICE uuid=0x%x, ble_ptr = 0x%x, ble_raw_used = 0x%x",
4494 service_id.uuid.uu.uuid16, bta_dm_search_cb.p_ble_rawdata,
4495 bta_dm_search_cb.ble_raw_used);
4496
4497 if (bta_dm_search_cb.p_ble_rawdata) {
4498 memcpy((bta_dm_search_cb.p_ble_rawdata + bta_dm_search_cb.ble_raw_used),
4499 &service_id, sizeof(service_id));
4500
4501 bta_dm_search_cb.ble_raw_used += sizeof(service_id);
4502 } else {
4503 APPL_TRACE_ERROR("p_ble_rawdata is NULL");
4504 }
4505
4506 } else {
4507 APPL_TRACE_ERROR(
4508 "%s out of room to accomodate more service ids ble_raw_size = %d "
4509 "ble_raw_used = %d",
4510 __func__, bta_dm_search_cb.ble_raw_size, bta_dm_search_cb.ble_raw_used);
4511 }
4512
4513 LOG_INFO(LOG_TAG, "%s service_id_uuid_len=%d ", __func__,
4514 service_id.uuid.len);
4515 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) {
4516 /* send result back to app now, one by one */
4517 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4518 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
4519 BD_NAME_LEN);
4520 memcpy(&result.disc_ble_res.service, &service_id.uuid, sizeof(tBT_UUID));
4521
4522 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
4523 }
4524 }
4525
4526 /*******************************************************************************
4527 *
4528 * Function bta_dm_gatt_disc_complete
4529 *
4530 * Description This function process the GATT service search complete.
4531 *
4532 * Parameters:
4533 *
4534 ******************************************************************************/
bta_dm_gatt_disc_complete(uint16_t conn_id,tBTA_GATT_STATUS status)4535 static void bta_dm_gatt_disc_complete(uint16_t conn_id,
4536 tBTA_GATT_STATUS status) {
4537 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
4538
4539 if (bta_dm_search_cb.uuid_to_search > 0) bta_dm_search_cb.uuid_to_search--;
4540
4541 if (status == BTA_GATT_OK && bta_dm_search_cb.uuid_to_search > 0) {
4542 btm_dm_start_disc_gatt_services(conn_id);
4543 } else {
4544 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4545
4546 bta_dm_search_cb.uuid_to_search = 0;
4547
4548 /* no more services to be discovered */
4549 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
4550 p_msg->disc_result.result.disc_res.result =
4551 (status == BTA_GATT_OK) ? BTA_SUCCESS : BTA_FAILURE;
4552 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
4553 bta_dm_search_cb.services_found);
4554 p_msg->disc_result.result.disc_res.services =
4555 bta_dm_search_cb.services_found;
4556 p_msg->disc_result.result.disc_res.num_uuids = 0;
4557 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
4558 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4559 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
4560 bta_dm_get_remname(), BD_NAME_LEN);
4561
4562 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
4563 if (bta_dm_search_cb.ble_raw_used > 0) {
4564 p_msg->disc_result.result.disc_res.p_raw_data =
4565 (uint8_t*)osi_malloc(bta_dm_search_cb.ble_raw_used);
4566
4567 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
4568 bta_dm_search_cb.p_ble_rawdata, bta_dm_search_cb.ble_raw_used);
4569
4570 p_msg->disc_result.result.disc_res.raw_data_size =
4571 bta_dm_search_cb.ble_raw_used;
4572 } else {
4573 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
4574 bta_dm_search_cb.p_ble_rawdata = 0;
4575 }
4576
4577 bta_sys_sendmsg(p_msg);
4578
4579 if (conn_id != BTA_GATT_INVALID_CONN_ID) {
4580 /* start a GATT channel close delay timer */
4581 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
4582 BTA_DM_GATT_CLOSE_DELAY_TOUT,
4583 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
4584 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
4585 }
4586 bta_dm_search_cb.gatt_disc_active = false;
4587 }
4588 }
4589
4590 /*******************************************************************************
4591 *
4592 * Function bta_dm_close_gatt_conn
4593 *
4594 * Description This function close the GATT connection after delay
4595 *timeout.
4596 *
4597 * Parameters:
4598 *
4599 ******************************************************************************/
bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG * p_data)4600 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
4601 if (bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID)
4602 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
4603
4604 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4605 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID;
4606 }
4607 /*******************************************************************************
4608 *
4609 * Function btm_dm_start_gatt_discovery
4610 *
4611 * Description This is GATT initiate the service search by open a GATT
4612 * connection first.
4613 *
4614 * Parameters:
4615 *
4616 ******************************************************************************/
btm_dm_start_gatt_discovery(const RawAddress & bd_addr)4617 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
4618 bta_dm_search_cb.gatt_disc_active = true;
4619
4620 /* connection is already open */
4621 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
4622 bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID) {
4623 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4624 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
4625 btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id);
4626 } else {
4627 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
4628 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4629 BTA_GATT_TRANSPORT_LE, true);
4630 } else {
4631 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4632 BTA_GATT_TRANSPORT_LE, false);
4633 }
4634 }
4635 }
4636
4637 /*******************************************************************************
4638 *
4639 * Function bta_dm_cancel_gatt_discovery
4640 *
4641 * Description This is GATT cancel the GATT service search.
4642 *
4643 * Parameters:
4644 *
4645 ******************************************************************************/
bta_dm_cancel_gatt_discovery(const RawAddress & bd_addr)4646 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) {
4647 if (bta_dm_search_cb.conn_id == BTA_GATT_INVALID_CONN_ID) {
4648 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true);
4649 }
4650
4651 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id,
4652 (tBTA_GATT_STATUS)BTA_GATT_ERROR);
4653 }
4654
4655 /*******************************************************************************
4656 *
4657 * Function bta_dm_proc_open_evt
4658 *
4659 * Description process BTA_GATTC_OPEN_EVT in DM.
4660 *
4661 * Parameters:
4662 *
4663 ******************************************************************************/
bta_dm_proc_open_evt(tBTA_GATTC_OPEN * p_data)4664 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
4665 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
4666 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
4667 << " connected_bda=" << p_data->remote_bda.address;
4668
4669 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
4670 p_data->conn_id, p_data->client_if, p_data->status);
4671
4672 bta_dm_search_cb.conn_id = p_data->conn_id;
4673
4674 if (p_data->status == BTA_GATT_OK) {
4675 btm_dm_start_disc_gatt_services(p_data->conn_id);
4676 } else {
4677 bta_dm_gatt_disc_complete(BTA_GATT_INVALID_CONN_ID, p_data->status);
4678 }
4679 }
4680
4681 /*******************************************************************************
4682 *
4683 * Function bta_dm_gattc_callback
4684 *
4685 * Description This is GATT client callback function used in DM.
4686 *
4687 * Parameters:
4688 *
4689 ******************************************************************************/
bta_dm_gattc_callback(tBTA_GATTC_EVT event,tBTA_GATTC * p_data)4690 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
4691 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
4692
4693 switch (event) {
4694 case BTA_GATTC_OPEN_EVT:
4695 bta_dm_proc_open_evt(&p_data->open);
4696 break;
4697
4698 case BTA_GATTC_SEARCH_RES_EVT:
4699 bta_dm_gatt_disc_result(p_data->srvc_res.service_uuid);
4700 break;
4701
4702 case BTA_GATTC_SEARCH_CMPL_EVT:
4703 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
4704 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
4705 p_data->search_cmpl.status);
4706 break;
4707
4708 case BTA_GATTC_CLOSE_EVT:
4709 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
4710 /* in case of disconnect before search is completed */
4711 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
4712 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
4713 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
4714 bta_dm_gatt_disc_complete((uint16_t)BTA_GATT_INVALID_CONN_ID,
4715 (tBTA_GATT_STATUS)BTA_GATT_ERROR);
4716 }
4717 break;
4718
4719 default:
4720 break;
4721 }
4722 }
4723
4724 #if (BLE_VND_INCLUDED == TRUE)
4725 /*******************************************************************************
4726 *
4727 * Function bta_dm_ctrl_features_rd_cmpl_cback
4728 *
4729 * Description callback to handle controller feature read complete
4730 *
4731 * Parameters:
4732 *
4733 ******************************************************************************/
bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result)4734 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result) {
4735 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
4736 if (result == BTM_SUCCESS) {
4737 if (bta_dm_cb.p_sec_cback)
4738 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
4739 } else {
4740 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
4741 result);
4742 }
4743 }
4744 #endif /* BLE_VND_INCLUDED */
4745