1 /******************************************************************************
2 *
3 * Copyright 2003-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the action functions for device manager state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_dm"
27
28 #include <base/bind.h>
29 #include <base/callback.h>
30 #include <base/logging.h>
31 #include <string.h>
32
33 #include "bt_common.h"
34 #include "bt_target.h"
35 #include "bt_types.h"
36 #include "bta_api.h"
37 #include "bta_dm_api.h"
38 #include "bta_dm_co.h"
39 #include "bta_dm_int.h"
40 #include "bta_sys.h"
41 #include "btif_storage.h"
42 #include "btm_api.h"
43 #include "btm_int.h"
44 #include "btu.h"
45 #include "device/include/controller.h"
46 #include "device/include/interop.h"
47 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */
48 #include "l2c_api.h"
49 #include "osi/include/log.h"
50 #include "osi/include/osi.h"
51 #include "sdp_api.h"
52 #include "stack/gatt/connection_manager.h"
53 #include "stack/include/gatt_api.h"
54 #include "utl.h"
55
56 #if (GAP_INCLUDED == TRUE)
57 #include "gap_api.h"
58 #endif
59
60 using bluetooth::Uuid;
61
62 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
63 uint16_t eir_len);
64 static void bta_dm_inq_cmpl_cb(void* p_result);
65 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
66 DEV_CLASS dc, BD_NAME bd_name);
67 static void bta_dm_remname_cback(void* p);
68 static void bta_dm_find_services(const RawAddress& bd_addr);
69 static void bta_dm_discover_next_device(void);
70 static void bta_dm_sdp_callback(uint16_t sdp_status);
71 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
72 DEV_CLASS dev_class, BD_NAME bd_name,
73 uint8_t* service_name, uint8_t service_id,
74 bool is_originator);
75 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
76 BD_NAME bd_name, bool min_16_digit);
77 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
78 DEV_CLASS dev_class, BD_NAME bd_name,
79 const LinkKey& key, uint8_t key_type);
80 static uint8_t bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
81 DEV_CLASS dev_class,
82 BD_NAME bd_name,
83 int result);
84 static void bta_dm_local_name_cback(void* p_name);
85 static bool bta_dm_check_av(uint16_t event);
86 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data);
87
88 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
89 uint8_t app_id, const RawAddress& peer_addr);
90
91 /* Extended Inquiry Response */
92 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
93
94 static void bta_dm_set_eir(char* local_name);
95
96 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
97 tBTA_SERVICE_MASK* p_services_to_search,
98 tBTA_SERVICE_MASK* p_services_found);
99
100 static void bta_dm_search_timer_cback(void* data);
101 static void bta_dm_disable_conn_down_timer_cback(void* data);
102 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
103 uint8_t app_id, const RawAddress& peer_addr);
104 static void bta_dm_adjust_roles(bool delay_role_switch);
105 static char* bta_dm_get_remname(void);
106 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
107
108 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
109 tBT_TRANSPORT transport);
110 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
111
112 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status);
113 static void bta_dm_disable_search_and_disc(void);
114
115 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
116 tBTM_LE_EVT_DATA* p_data);
117 static void bta_dm_ble_id_key_cback(uint8_t key_type,
118 tBTM_BLE_LOCAL_KEYS* p_key);
119 static void bta_dm_gattc_register(void);
120 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
121 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr);
122 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
123 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
124
125 #if (BLE_VND_INCLUDED == TRUE)
126 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result);
127 #endif
128
129 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
130 #define BTA_DM_BLE_ADV_CHNL_MAP \
131 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
132 #endif
133
134 /* Disable timer interval (in milliseconds) */
135 #ifndef BTA_DM_DISABLE_TIMER_MS
136 #define BTA_DM_DISABLE_TIMER_MS 5000
137 #endif
138
139 /* Disable timer retrial interval (in milliseconds) */
140 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
141 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
142 #endif
143
144 /* Disable connection down timer (in milliseconds) */
145 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
146 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000
147 #endif
148
149 /* Switch delay timer (in milliseconds) */
150 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
151 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
152 #endif
153
154 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
155 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
156 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
157 uint16_t eir_len);
158 static void bta_dm_observe_cmpl_cb(void* p_result);
159 static void bta_dm_delay_role_switch_cback(void* data);
160 static void bta_dm_disable_timer_cback(void* data);
161
162 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
163 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
164 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
165 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
166 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
167 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
168 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
169 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
170 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
171 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
172 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
173 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
174 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
175 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
176 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
177 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
178 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
179 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
180 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
181 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
182 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
183 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
184 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
185 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
186 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
187 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
188 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
189 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
190 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
191 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
192 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
193 };
194
195 /*
196 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should
197 * be matching with the value BTA_MAX_SERVICE_ID in bta_api.h
198 *
199 * i.e., If you add new Service ID for BTA, the correct security ID of the new
200 * service from Security service definitions (btm_api.h) should be added to
201 * this lookup table.
202 */
203 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = {
204 0, /* Reserved */
205 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
206 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */
207 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */
208 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */
209 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */
210 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
211 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */
212 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */
213 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */
214 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */
215 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
216 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */
217 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */
218 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */
219 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */
220 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */
221 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */
222 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */
223 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */
224 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */
225 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */
226 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */
227 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
228 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
229 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */
230 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */
231 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */
232 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */
233 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */
234 };
235
236 /* bta security callback */
237 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback,
238 &bta_dm_pin_cback,
239 &bta_dm_new_link_key_cback,
240 &bta_dm_authentication_complete_cback,
241 &bta_dm_bond_cancel_complete_cback,
242 &bta_dm_sp_cback,
243 &bta_dm_ble_smp_cback,
244 &bta_dm_ble_id_key_cback};
245
246 #define MAX_DISC_RAW_DATA_BUF (4096)
247 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
248
249 extern DEV_CLASS local_device_default_class;
250
251 // Stores the local Input/Output Capabilities of the Bluetooth device.
252 static uint8_t btm_local_io_caps;
253
254 /** Initialises the BT device manager */
bta_dm_enable(tBTA_DM_SEC_CBACK * p_sec_cback)255 void bta_dm_enable(tBTA_DM_SEC_CBACK* p_sec_cback) {
256 /* if already in use, return an error */
257 if (bta_dm_cb.is_bta_dm_active) {
258 tBTA_DM_SEC enable_event;
259 APPL_TRACE_WARNING("%s Device already started by another application",
260 __func__);
261 memset(&enable_event, 0, sizeof(tBTA_DM_SEC));
262 enable_event.enable.status = BTA_FAILURE;
263 if (p_sec_cback != NULL) p_sec_cback(BTA_DM_ENABLE_EVT, &enable_event);
264 return;
265 }
266
267 /* first, register our callback to SYS HW manager */
268 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
269
270 /* make sure security callback is saved - if no callback, do not erase the
271 previous one,
272 it could be an error recovery mechanism */
273 if (p_sec_cback != NULL) bta_dm_cb.p_sec_cback = p_sec_cback;
274 /* notify BTA DM is now active */
275 bta_dm_cb.is_bta_dm_active = true;
276
277 /* send a message to BTA SYS */
278 tBTA_SYS_HW_MSG* sys_enable_event =
279 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
280 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT;
281 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
282
283 bta_sys_sendmsg(sys_enable_event);
284
285 btm_local_io_caps = btif_storage_get_local_io_caps();
286 }
287
288 /*******************************************************************************
289 *
290 * Function bta_dm_init_cb
291 *
292 * Description Initializes the bta_dm_cb control block
293 *
294 *
295 * Returns void
296 *
297 ******************************************************************************/
bta_dm_init_cb(void)298 void bta_dm_init_cb(void) {
299 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
300 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
301 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
302 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
303 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
304 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
305 }
306 }
307 }
308
309 /*******************************************************************************
310 *
311 * Function bta_dm_deinit_cb
312 *
313 * Description De-initializes the bta_dm_cb control block
314 *
315 *
316 * Returns void
317 *
318 ******************************************************************************/
bta_dm_deinit_cb(void)319 void bta_dm_deinit_cb(void) {
320 /*
321 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
322 * shutdown.
323 */
324 alarm_free(bta_dm_cb.disable_timer);
325 alarm_free(bta_dm_cb.switch_delay_timer);
326 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
327 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
328 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
329 }
330 }
331 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
332 }
333
334 /*******************************************************************************
335 *
336 * Function bta_dm_sys_hw_cback
337 *
338 * Description callback register to SYS to get HW status updates
339 *
340 *
341 * Returns void
342 *
343 ******************************************************************************/
bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status)344 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) {
345 DEV_CLASS dev_class;
346 tBTA_DM_SEC_CBACK* temp_cback;
347 uint8_t key_mask = 0;
348 tBTA_BLE_LOCAL_ID_KEYS id_key;
349
350 APPL_TRACE_DEBUG("%s with event: %i", __func__, status);
351
352 /* On H/W error evt, report to the registered DM application callback */
353 if (status == BTA_SYS_HW_ERROR_EVT) {
354 if (bta_dm_cb.p_sec_cback != NULL)
355 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL);
356 return;
357 }
358
359 if (status == BTA_SYS_HW_OFF_EVT) {
360 if (bta_dm_cb.p_sec_cback != NULL)
361 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
362
363 /* reinitialize the control block */
364 bta_dm_deinit_cb();
365
366 /* hw is ready, go on with BTA DM initialization */
367 alarm_free(bta_dm_search_cb.search_timer);
368 alarm_free(bta_dm_search_cb.gatt_close_timer);
369 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
370
371 /* unregister from SYS */
372 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH);
373 /* notify BTA DM is now unactive */
374 bta_dm_cb.is_bta_dm_active = false;
375 } else if (status == BTA_SYS_HW_ON_EVT) {
376 /* FIXME: We should not unregister as the SYS shall invoke this callback on
377 * a H/W error.
378 * We need to revisit when this platform has more than one BLuetooth H/W
379 * chip
380 */
381 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
382
383 /* save security callback */
384 temp_cback = bta_dm_cb.p_sec_cback;
385 /* make sure the control block is properly initialized */
386 bta_dm_init_cb();
387 /* and retrieve the callback */
388 bta_dm_cb.p_sec_cback = temp_cback;
389 bta_dm_cb.is_bta_dm_active = true;
390
391 /* hw is ready, go on with BTA DM initialization */
392 alarm_free(bta_dm_search_cb.search_timer);
393 alarm_free(bta_dm_search_cb.gatt_close_timer);
394 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
395 /*
396 * TODO: Should alarm_free() the bta_dm_search_cb timers during
397 * graceful shutdown.
398 */
399 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
400 bta_dm_search_cb.gatt_close_timer =
401 alarm_new("bta_dm_search.gatt_close_timer");
402
403 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
404 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
405
406 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class));
407 BTM_SetDeviceClass(dev_class);
408
409 /* load BLE local information: ID keys, ER if available */
410 Octet16 er;
411 bta_dm_co_ble_load_local_keys(&key_mask, &er, &id_key);
412
413 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
414 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER,
415 (tBTM_BLE_LOCAL_KEYS*)&er);
416 }
417 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
418 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID,
419 (tBTM_BLE_LOCAL_KEYS*)&id_key);
420 }
421 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
422
423 BTM_SecRegister(&bta_security);
424 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout);
425 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
426 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings;
427 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
428 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL,
429 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK);
430
431 #if (BLE_VND_INCLUDED == TRUE)
432 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
433 #else
434 /* If VSC multi adv commands are available, advertising will be initialized
435 * when capabilities are read. If they are not avaliable, initialize
436 * advertising here */
437 btm_ble_adv_init();
438 #endif
439
440 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
441 bd_addr
442 from the control block and invoking the callback which was sending the
443 DM_ENABLE_EVT.
444 But then we have a few HCI commands being invoked above which were still
445 in progress
446 when the ENABLE_EVT was sent. So modified this to fetch the local name
447 which forces
448 the DM_ENABLE_EVT to be sent only after all the init steps are complete
449 */
450 BTM_ReadLocalDeviceNameFromController(bta_dm_local_name_cback);
451
452 bta_sys_rm_register(bta_dm_rm_cback);
453
454 /* initialize bluetooth low power manager */
455 bta_dm_init_pm();
456
457 bta_sys_policy_register(bta_dm_policy_cback);
458
459 bta_dm_gattc_register();
460
461 } else
462 APPL_TRACE_DEBUG(" --- ignored event");
463 }
464
465 /** Disables the BT device manager */
bta_dm_disable()466 void bta_dm_disable() {
467 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
468 * last channel is closed) */
469 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
470 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
471
472 /* disable all active subsystems */
473 bta_sys_disable(BTA_SYS_HW_BLUETOOTH);
474
475 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0);
476 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0);
477
478 bta_dm_disable_pm();
479 bta_dm_disable_search_and_disc();
480 bta_dm_cb.disabling = true;
481
482 connection_manager::reset(false);
483
484 if (BTM_GetNumAclLinks() == 0) {
485 #if (BTA_DISABLE_DELAY > 0)
486 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the
487 * shutdown by
488 * BTA_DISABLE_DELAY milliseconds
489 */
490 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__,
491 BTA_DISABLE_DELAY);
492 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY,
493 bta_dm_disable_conn_down_timer_cback, NULL);
494 #else
495 bta_dm_disable_conn_down_timer_cback(NULL);
496 #endif
497 } else {
498 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS,
499 bta_dm_disable_timer_cback, UINT_TO_PTR(0));
500 }
501 }
502
503 /*******************************************************************************
504 *
505 * Function bta_dm_disable_timer_cback
506 *
507 * Description Called if the disable timer expires
508 * Used to close ACL connections which are still active
509 *
510 *
511 *
512 * Returns void
513 *
514 ******************************************************************************/
bta_dm_disable_timer_cback(void * data)515 static void bta_dm_disable_timer_cback(void* data) {
516 uint8_t i;
517 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
518 bool trigger_disc = false;
519 uint32_t param = PTR_TO_UINT(data);
520
521 APPL_TRACE_EVENT("%s trial %u", __func__, param);
522
523 if (BTM_GetNumAclLinks() && (param == 0)) {
524 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
525 transport = bta_dm_cb.device_list.peer_device[i].transport;
526 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
527 transport);
528 trigger_disc = true;
529 }
530
531 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still
532 need
533 to be sent out to avoid jave layer disable timeout */
534 if (trigger_disc) {
535 alarm_set_on_mloop(bta_dm_cb.disable_timer,
536 BTA_DM_DISABLE_TIMER_RETRIAL_MS,
537 bta_dm_disable_timer_cback, UINT_TO_PTR(1));
538 }
539 } else {
540 bta_dm_cb.disabling = false;
541
542 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
543 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
544 }
545 }
546
547 /** Sets local device name */
bta_dm_set_dev_name(const std::vector<uint8_t> & name)548 void bta_dm_set_dev_name(const std::vector<uint8_t>& name) {
549 BTM_SetLocalDeviceName((char*)name.data());
550 bta_dm_set_eir((char*)name.data());
551 }
552
553 /** Sets discoverability, connectability and pairability */
bta_dm_set_visibility(tBTA_DM_DISC disc_mode_param,tBTA_DM_CONN conn_mode_param,uint8_t pairable_mode,uint8_t conn_paired_only)554 void bta_dm_set_visibility(tBTA_DM_DISC disc_mode_param,
555 tBTA_DM_CONN conn_mode_param, uint8_t pairable_mode,
556 uint8_t conn_paired_only) {
557 uint16_t window, interval;
558 uint16_t le_disc_mode = BTM_BleReadDiscoverability();
559 uint16_t le_conn_mode = BTM_BleReadConnectability();
560 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval);
561 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval);
562
563 /* set modes for Discoverability and connectability if not ignore */
564 if (disc_mode_param != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
565 if ((disc_mode_param & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
566 disc_mode_param = ((disc_mode_param & ~BTA_DM_LE_IGNORE) | le_disc_mode);
567 if ((disc_mode_param & BTA_DM_IGNORE) == BTA_DM_IGNORE)
568 disc_mode_param = ((disc_mode_param & ~BTA_DM_IGNORE) | disc_mode);
569
570 BTM_SetDiscoverability(disc_mode_param, bta_dm_cb.inquiry_scan_window,
571 bta_dm_cb.inquiry_scan_interval);
572 }
573
574 if (conn_mode_param != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
575 if ((conn_mode_param & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
576 conn_mode_param = ((conn_mode_param & ~BTA_DM_LE_IGNORE) | le_conn_mode);
577 if ((conn_mode_param & BTA_DM_IGNORE) == BTA_DM_IGNORE)
578 conn_mode_param = ((conn_mode_param & ~BTA_DM_IGNORE) | conn_mode);
579
580 BTM_SetConnectability(conn_mode_param, bta_dm_cb.page_scan_window,
581 bta_dm_cb.page_scan_interval);
582 }
583
584 /* Send False or True if not ignore */
585 if (pairable_mode != BTA_DM_IGNORE) {
586 if (pairable_mode == BTA_DM_NON_PAIRABLE)
587 bta_dm_cb.disable_pair_mode = true;
588 else
589 bta_dm_cb.disable_pair_mode = false;
590 }
591
592 /* Send False or True if not ignore */
593 if (conn_paired_only != BTA_DM_IGNORE) {
594 if (conn_paired_only == BTA_DM_CONN_ALL)
595 bta_dm_cb.conn_paired_only = false;
596 else
597 bta_dm_cb.conn_paired_only = true;
598 }
599
600 /* Change mode if either mode is not ignore */
601 if (pairable_mode != BTA_DM_IGNORE || conn_paired_only != BTA_DM_IGNORE)
602 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)),
603 bta_dm_cb.conn_paired_only);
604 }
605
606 /*******************************************************************************
607 *
608 * Function bta_dm_process_remove_device
609 *
610 * Description Removes device, Disconnects ACL link if required.
611 ***
612 ******************************************************************************/
bta_dm_process_remove_device(const RawAddress & bd_addr)613 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
614 /* need to remove all pending background connection before unpair */
615 BTA_GATTC_CancelOpen(0, bd_addr, false);
616
617 BTM_SecDeleteDevice(bd_addr);
618
619 /* remove all cached GATT information */
620 BTA_GATTC_Refresh(bd_addr);
621
622 if (bta_dm_cb.p_sec_cback) {
623 tBTA_DM_SEC sec_event;
624 sec_event.link_down.bd_addr = bd_addr;
625 ;
626 /* No connection, set status to success (acl disc code not valid) */
627 sec_event.link_down.status = HCI_SUCCESS;
628 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
629 }
630 }
631
632 /** Removes device, disconnects ACL link if required */
bta_dm_remove_device(const RawAddress & bd_addr)633 void bta_dm_remove_device(const RawAddress& bd_addr) {
634 /* If ACL exists for the device in the remove_bond message*/
635 bool is_bd_addr_connected =
636 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
637 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR);
638
639 uint8_t other_transport = BT_TRANSPORT_INVALID;
640 if (is_bd_addr_connected) {
641 APPL_TRACE_DEBUG("%s: ACL Up count: %d", __func__,
642 bta_dm_cb.device_list.count);
643
644 /* Take the link down first, and mark the device for removal when
645 * disconnected */
646 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
647 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
648 if (peer_device.peer_bdaddr == bd_addr) {
649 peer_device.conn_state = BTA_DM_UNPAIRING;
650
651 /* Make sure device is not in white list before we disconnect */
652 GATT_CancelConnect(0, bd_addr, false);
653
654 btm_remove_acl(bd_addr, peer_device.transport);
655 APPL_TRACE_DEBUG("%s: transport: %d", __func__, peer_device.transport);
656
657 /* save the other transport to check if device is connected on
658 * other_transport */
659 if (peer_device.transport == BT_TRANSPORT_LE)
660 other_transport = BT_TRANSPORT_BR_EDR;
661 else
662 other_transport = BT_TRANSPORT_LE;
663
664 break;
665 }
666 }
667 }
668
669 RawAddress other_address = bd_addr;
670 RawAddress other_address2 = bd_addr;
671
672 // If it is DUMO device and device is paired as different address, unpair that
673 // device
674 bool other_address_connected =
675 (other_transport)
676 ? BTM_ReadConnectedTransportAddress(&other_address, other_transport)
677 : (BTM_ReadConnectedTransportAddress(&other_address,
678 BT_TRANSPORT_BR_EDR) ||
679 BTM_ReadConnectedTransportAddress(&other_address2,
680 BT_TRANSPORT_LE));
681 if (other_address == bd_addr) other_address = other_address2;
682
683 if (other_address_connected) {
684 /* Take the link down first, and mark the device for removal when
685 * disconnected */
686 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
687 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
688 if (peer_device.peer_bdaddr == other_address) {
689 peer_device.conn_state = BTA_DM_UNPAIRING;
690
691 /* Make sure device is not in white list before we disconnect */
692 GATT_CancelConnect(0, bd_addr, false);
693
694 btm_remove_acl(other_address, peer_device.transport);
695 break;
696 }
697 }
698 }
699
700 /* Delete the device mentioned in the msg */
701 if (!is_bd_addr_connected) {
702 bta_dm_process_remove_device(bd_addr);
703 }
704
705 /* Delete the other paired device too */
706 if (!other_address_connected && !other_address.IsEmpty()) {
707 bta_dm_process_remove_device(other_address);
708 }
709 }
710
711 /*******************************************************************************
712 *
713 * Function bta_dm_add_device
714 *
715 * Description This function adds a Link Key to an security database entry.
716 * It is normally called during host startup to restore all
717 * required information stored in the NVRAM.
718 ******************************************************************************/
bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg)719 void bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg) {
720 uint8_t* p_dc = NULL;
721 LinkKey* p_lc = NULL;
722 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
723 uint8_t index = 0;
724 uint8_t btm_mask_index = 0;
725
726 memset(trusted_services_mask, 0, sizeof(trusted_services_mask));
727
728 /* If not all zeros, the device class has been specified */
729 if (msg->dc_known) p_dc = (uint8_t*)msg->dc;
730
731 if (msg->link_key_known) p_lc = &msg->link_key;
732
733 if (msg->is_trusted) {
734 /* covert BTA service mask to BTM mask */
735 while (msg->tm && (index < BTA_MAX_SERVICE_ID)) {
736 if (msg->tm & (uint32_t)(1 << index)) {
737 btm_mask_index =
738 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS;
739 trusted_services_mask[btm_mask_index] |=
740 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] -
741 (uint32_t)(btm_mask_index * 32)));
742
743 msg->tm &= (uint32_t)(~(1 << index));
744 }
745 index++;
746 }
747 }
748
749 if (!BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, msg->features,
750 trusted_services_mask, p_lc, msg->key_type, msg->io_cap,
751 msg->pin_length)) {
752 LOG(ERROR) << "BTA_DM: Error adding device " << msg->bd_addr;
753 }
754 }
755
756 /** This function forces to close the connection to a remote device and
757 * optionaly remove the device from security database if required. */
bta_dm_close_acl(const RawAddress & bd_addr,bool remove_dev,tBTA_TRANSPORT transport)758 void bta_dm_close_acl(const RawAddress& bd_addr, bool remove_dev,
759 tBTA_TRANSPORT transport) {
760 uint8_t index;
761
762 APPL_TRACE_DEBUG("bta_dm_close_acl");
763
764 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
765 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
766 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr == bd_addr)
767 break;
768 }
769 if (index != bta_dm_cb.device_list.count) {
770 if (remove_dev)
771 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
772 } else {
773 APPL_TRACE_ERROR("unknown device, remove ACL failed");
774 }
775
776 /* Make sure device is not in white list before we disconnect */
777 GATT_CancelConnect(0, bd_addr, false);
778
779 /* Disconnect the ACL link */
780 btm_remove_acl(bd_addr, transport);
781 }
782 /* if to remove the device from security database ? do it now */
783 else if (remove_dev) {
784 if (!BTM_SecDeleteDevice(bd_addr)) {
785 APPL_TRACE_ERROR("delete device from security database failed.");
786 }
787 /* need to remove all pending background connection if any */
788 BTA_GATTC_CancelOpen(0, bd_addr, false);
789 /* remove all cached GATT information */
790 BTA_GATTC_Refresh(bd_addr);
791 }
792 /* otherwise, no action needed */
793 }
794
795 // TODO: this is unused. remove?
796 /** This function forces to close all the ACL links specified by link type */
bta_dm_remove_all_acl(const tBTA_DM_LINK_TYPE link_type)797 void bta_dm_remove_all_acl(const tBTA_DM_LINK_TYPE link_type) {
798 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
799
800 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type);
801
802 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
803 transport = bta_dm_cb.device_list.peer_device[i].transport;
804 if ((link_type == BTA_DM_LINK_TYPE_ALL) ||
805 ((link_type == BTA_DM_LINK_TYPE_LE) &&
806 (transport == BT_TRANSPORT_LE)) ||
807 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) &&
808 (transport == BT_TRANSPORT_BR_EDR))) {
809 /* Disconnect the ACL link */
810 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
811 transport);
812 }
813 }
814 }
815
816 /** Bonds with peer device */
bta_dm_bond(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBTA_TRANSPORT transport,int device_type)817 void bta_dm_bond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
818 tBTA_TRANSPORT transport, int device_type) {
819 tBTA_DM_SEC sec_event;
820 char* p_name;
821
822 tBTM_STATUS status =
823 BTM_SecBond(bd_addr, addr_type, transport, device_type, 0, NULL, 0);
824
825 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
826 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
827 sec_event.auth_cmpl.bd_addr = bd_addr;
828 p_name = BTM_SecReadDevName(bd_addr);
829 if (p_name != NULL) {
830 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1));
831 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
832 }
833
834 /* taken care of by memset [above]
835 sec_event.auth_cmpl.key_present = false;
836 sec_event.auth_cmpl.success = false;
837 */
838 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
839 if (status == BTM_SUCCESS) {
840 sec_event.auth_cmpl.success = true;
841 } else {
842 /* delete this device entry from Sec Dev DB */
843 bta_dm_remove_sec_dev_entry(bd_addr);
844 }
845 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
846 }
847 }
848
849 /** Cancels bonding with a peer device */
bta_dm_bond_cancel(const RawAddress & bd_addr)850 void bta_dm_bond_cancel(const RawAddress& bd_addr) {
851 tBTM_STATUS status;
852 tBTA_DM_SEC sec_event;
853
854 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
855 status = BTM_SecBondCancel(bd_addr);
856
857 if (bta_dm_cb.p_sec_cback &&
858 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
859 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
860
861 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
862 }
863 }
864
865 /** Send the pin_reply to a request from BTM */
bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg)866 void bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg) {
867 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
868
869 uint32_t* current_trusted_mask = BTM_ReadTrustedMask(msg->bd_addr);
870 if (current_trusted_mask) {
871 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask));
872 } else {
873 memset(trusted_mask, 0, sizeof(trusted_mask));
874 }
875
876 if (msg->accept) {
877 BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len, msg->p_pin,
878 trusted_mask);
879 } else {
880 BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0, NULL, trusted_mask);
881 }
882 }
883
884 /*******************************************************************************
885 *
886 * Function bta_dm_policy_cback
887 *
888 * Description process the link policy changes
889 *
890 * Returns void
891 *
892 ******************************************************************************/
bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress & peer_addr)893 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
894 uint8_t app_id, const RawAddress& peer_addr) {
895 tBTA_DM_PEER_DEVICE* p_dev = NULL;
896 uint16_t policy = app_id;
897 uint32_t mask = (uint32_t)(1 << id);
898
899 if (peer_addr != RawAddress::kEmpty) {
900 p_dev = bta_dm_find_peer_device(peer_addr);
901 }
902
903 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy);
904 switch (status) {
905 case BTA_SYS_PLCY_SET:
906 if (!p_dev) return;
907 /* restore the default link policy */
908 p_dev->link_policy |= policy;
909 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
910 break;
911
912 case BTA_SYS_PLCY_CLR:
913 if (!p_dev) return;
914 /* clear the policy from the default link policy */
915 p_dev->link_policy &= (~policy);
916 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
917
918 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) {
919 /* if clearing sniff/park, wake the link */
920 bta_dm_pm_active(p_dev->peer_bdaddr);
921 }
922 break;
923
924 case BTA_SYS_PLCY_DEF_SET:
925 /* want to restore/set the role switch policy */
926 bta_dm_cb.role_policy_mask &= ~mask;
927 if (0 == bta_dm_cb.role_policy_mask) {
928 /* if nobody wants to insist on the role */
929 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH;
930 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
931 }
932 break;
933
934 case BTA_SYS_PLCY_DEF_CLR:
935 /* want to remove the role switch policy */
936 bta_dm_cb.role_policy_mask |= mask;
937 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
938 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
939 break;
940 }
941 }
942
943 /** Send the user confirm request reply in response to a request from BTM */
bta_dm_confirm(const RawAddress & bd_addr,bool accept)944 void bta_dm_confirm(const RawAddress& bd_addr, bool accept) {
945 BTM_ConfirmReqReply(accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
946 }
947
948 /** respond to the IO capabilities request from BTM */
bta_dm_ci_io_req_act(const RawAddress & bd_addr,tBTA_IO_CAP io_cap,tBTA_OOB_DATA oob_data,tBTA_AUTH_REQ auth_req)949 void bta_dm_ci_io_req_act(const RawAddress& bd_addr, tBTA_IO_CAP io_cap,
950 tBTA_OOB_DATA oob_data, tBTA_AUTH_REQ auth_req) {
951 BTM_IoCapRsp(bd_addr, io_cap, oob_data,
952 auth_req ? BTM_AUTH_AP_YES : BTM_AUTH_AP_NO);
953 }
954
955 /** respond to the OOB data request for the remote device from BTM */
bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg)956 void bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg) {
957 BTM_RemoteOobDataReply(msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
958 msg->bd_addr, msg->c, msg->r);
959 }
960
961 /*******************************************************************************
962 *
963 * Function bta_dm_search_start
964 *
965 * Description Starts an inquiry
966 *
967 *
968 * Returns void
969 *
970 ******************************************************************************/
bta_dm_search_start(tBTA_DM_MSG * p_data)971 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
972 tBTM_INQUIRY_CMPL result = {};
973
974 size_t len = sizeof(Uuid) * p_data->search.num_uuid;
975 bta_dm_gattc_register();
976
977 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
978 p_bta_dm_cfg->avoid_scatter);
979
980 if (p_bta_dm_cfg->avoid_scatter &&
981 (p_data->search.rs_res == BTA_DM_RS_NONE) &&
982 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) {
983 LOG(INFO) << __func__ << ": delay search to avoid scatter";
984 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH));
985 return;
986 }
987
988 BTM_ClearInqDb(nullptr);
989 /* save search params */
990 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
991 bta_dm_search_cb.services = p_data->search.services;
992
993 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
994
995 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 &&
996 p_data->search.p_uuid != nullptr) {
997 bta_dm_search_cb.p_srvc_uuid = (Uuid*)osi_malloc(len);
998 *bta_dm_search_cb.p_srvc_uuid = *p_data->search.p_uuid;
999 }
1000 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params,
1001 bta_dm_inq_results_cb, bta_dm_inq_cmpl_cb);
1002
1003 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
1004 if (result.status != BTM_CMD_STARTED) {
1005 LOG(ERROR) << __func__ << ": BTM_StartInquiry returned "
1006 << std::to_string(result.status);
1007 result.num_resp = 0;
1008 bta_dm_inq_cmpl_cb((void*)&result);
1009 }
1010 }
1011
1012 /*******************************************************************************
1013 *
1014 * Function bta_dm_search_cancel
1015 *
1016 * Description Cancels an ongoing search for devices
1017 *
1018 *
1019 * Returns void
1020 *
1021 ******************************************************************************/
bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG * p_data)1022 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1023 tBTA_DM_MSG* p_msg;
1024
1025 if (BTM_IsInquiryActive()) {
1026 if (BTM_CancelInquiry() == BTM_SUCCESS) {
1027 bta_dm_search_cancel_notify(NULL);
1028 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1029 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1030 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1031 bta_sys_sendmsg(p_msg);
1032 } else {
1033 /* flag a search cancel is pending */
1034 bta_dm_search_cb.cancel_pending = true;
1035 }
1036 }
1037 /* If no Service Search going on then issue cancel remote name in case it is
1038 active */
1039 else if (!bta_dm_search_cb.name_discover_done) {
1040 BTM_CancelRemoteDeviceName();
1041
1042 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1043 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1044 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1045 bta_sys_sendmsg(p_msg);
1046 } else {
1047 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1048 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
1049 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1050 bta_sys_sendmsg(p_msg);
1051 }
1052
1053 if (bta_dm_search_cb.gatt_disc_active) {
1054 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1055 }
1056 }
1057
1058 /*******************************************************************************
1059 *
1060 * Function bta_dm_discover
1061 *
1062 * Description Discovers services on a remote device
1063 *
1064 *
1065 * Returns void
1066 *
1067 ******************************************************************************/
bta_dm_discover(tBTA_DM_MSG * p_data)1068 void bta_dm_discover(tBTA_DM_MSG* p_data) {
1069 size_t len = sizeof(Uuid) * p_data->discover.num_uuid;
1070 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__,
1071 p_data->discover.services, p_data->discover.sdp_search);
1072
1073 /* save the search condition */
1074 bta_dm_search_cb.services = p_data->discover.services;
1075
1076 bta_dm_gattc_register();
1077 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1078 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 &&
1079 p_data->discover.p_uuid != NULL) {
1080 bta_dm_search_cb.p_srvc_uuid = (Uuid*)osi_malloc(len);
1081 *bta_dm_search_cb.p_srvc_uuid = *p_data->discover.p_uuid;
1082 }
1083 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1084
1085 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
1086 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1087 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1088 bta_dm_search_cb.service_index = 0;
1089 bta_dm_search_cb.services_found = 0;
1090 bta_dm_search_cb.peer_name[0] = 0;
1091 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1092 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
1093 bta_dm_search_cb.transport = p_data->discover.transport;
1094
1095 bta_dm_search_cb.name_discover_done = false;
1096 bta_dm_search_cb.uuid = p_data->discover.uuid;
1097 bta_dm_discover_device(p_data->discover.bd_addr);
1098 }
1099
1100 /*******************************************************************************
1101 *
1102 * Function bta_dm_di_disc_cmpl
1103 *
1104 * Description Sends event to application when DI discovery complete
1105 *
1106 * Returns void
1107 *
1108 ******************************************************************************/
bta_dm_di_disc_cmpl(tBTA_DM_MSG * p_data)1109 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) {
1110 tBTA_DM_DI_DISC_CMPL di_disc;
1111
1112 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1113 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1114
1115 if ((p_data->hdr.offset == SDP_SUCCESS) ||
1116 (p_data->hdr.offset == SDP_DB_FULL)) {
1117 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db);
1118 } else
1119 di_disc.result = BTA_FAILURE;
1120
1121 bta_dm_di_cb.p_di_db = NULL;
1122 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT,
1123 (tBTA_DM_SEARCH*)&di_disc);
1124 }
1125
1126 /*******************************************************************************
1127 *
1128 * Function bta_dm_di_disc_callback
1129 *
1130 * Description This function queries a remote device for DI information.
1131 *
1132 *
1133 * Returns void
1134 *
1135 ******************************************************************************/
bta_dm_di_disc_callback(uint16_t result)1136 static void bta_dm_di_disc_callback(uint16_t result) {
1137 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1138
1139 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1140 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1141 p_msg->hdr.offset = result;
1142
1143 bta_sys_sendmsg(p_msg);
1144 }
1145
1146 /*******************************************************************************
1147 *
1148 * Function bta_dm_disable_search_and_disc
1149 *
1150 * Description Cancels an ongoing search or discovery for devices in case
1151 * of a Bluetooth disable
1152 *
1153 *
1154 * Returns void
1155 *
1156 ******************************************************************************/
bta_dm_disable_search_and_disc(void)1157 static void bta_dm_disable_search_and_disc(void) {
1158 tBTA_DM_DI_DISC_CMPL di_disc;
1159
1160 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL);
1161
1162 if (bta_dm_di_cb.p_di_db != NULL) {
1163 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1164 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1165 di_disc.result = BTA_FAILURE;
1166
1167 bta_dm_di_cb.p_di_db = NULL;
1168 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL);
1169 }
1170 }
1171
1172 /*******************************************************************************
1173 *
1174 * Function bta_dm_di_disc
1175 *
1176 * Description This function queries a remote device for DI information.
1177 *
1178 *
1179 * Returns void
1180 *
1181 ******************************************************************************/
bta_dm_di_disc(tBTA_DM_MSG * p_data)1182 void bta_dm_di_disc(tBTA_DM_MSG* p_data) {
1183 uint16_t result = BTA_FAILURE;
1184
1185 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback;
1186 bta_dm_search_cb.peer_bdaddr = p_data->di_disc.bd_addr;
1187 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db;
1188
1189 bta_dm_search_cb.p_sdp_db =
1190 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1191 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db,
1192 p_data->di_disc.len,
1193 bta_dm_di_disc_callback) == SDP_SUCCESS) {
1194 result = BTA_SUCCESS;
1195 }
1196
1197 if (result == BTA_FAILURE) {
1198 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1199
1200 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1201 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1202 p_data->hdr.offset = result;
1203 bta_sys_sendmsg(p_msg);
1204 }
1205 }
1206
1207 /*******************************************************************************
1208 *
1209 * Function bta_dm_read_remote_device_name
1210 *
1211 * Description Initiate to get remote device name
1212 *
1213 * Returns true if started to get remote name
1214 *
1215 ******************************************************************************/
bta_dm_read_remote_device_name(const RawAddress & bd_addr,tBT_TRANSPORT transport)1216 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
1217 tBT_TRANSPORT transport) {
1218 tBTM_STATUS btm_status;
1219
1220 APPL_TRACE_DEBUG("%s", __func__);
1221
1222 bta_dm_search_cb.peer_bdaddr = bd_addr;
1223 bta_dm_search_cb.peer_name[0] = 0;
1224
1225 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1226 bta_dm_remname_cback, transport);
1227
1228 if (btm_status == BTM_CMD_STARTED) {
1229 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
1230
1231 return (true);
1232 } else if (btm_status == BTM_BUSY) {
1233 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1234
1235 /* Remote name discovery is on going now so BTM cannot notify through
1236 * "bta_dm_remname_cback" */
1237 /* adding callback to get notified that current reading remore name done */
1238 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1239
1240 return (true);
1241 } else {
1242 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
1243 btm_status);
1244
1245 return (false);
1246 }
1247 }
1248
1249 /*******************************************************************************
1250 *
1251 * Function bta_dm_inq_cmpl
1252 *
1253 * Description Process the inquiry complete event from BTM
1254 *
1255 * Returns void
1256 *
1257 ******************************************************************************/
bta_dm_inq_cmpl(tBTA_DM_MSG * p_data)1258 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) {
1259 tBTA_DM_SEARCH data;
1260
1261 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1262
1263 data.inq_cmpl.num_resps = p_data->inq_cmpl.num;
1264 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1265
1266 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1267 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1268 /* start name and service discovery from the first device on inquiry result
1269 */
1270 bta_dm_search_cb.name_discover_done = false;
1271 bta_dm_search_cb.peer_name[0] = 0;
1272 bta_dm_discover_device(
1273 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1274 } else {
1275 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1276
1277 /* no devices, search complete */
1278 bta_dm_search_cb.services = 0;
1279
1280 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1281 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1282 bta_sys_sendmsg(p_msg);
1283 }
1284 }
1285
1286 /*******************************************************************************
1287 *
1288 * Function bta_dm_rmt_name
1289 *
1290 * Description Process the remote name result from BTM
1291 *
1292 * Returns void
1293 *
1294 ******************************************************************************/
bta_dm_rmt_name(tBTA_DM_MSG * p_data)1295 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1296 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1297
1298 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1299 bta_dm_search_cb.p_btm_inq_info) {
1300 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1301 }
1302
1303 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1304 }
1305
1306 /*******************************************************************************
1307 *
1308 * Function bta_dm_disc_rmt_name
1309 *
1310 * Description Process the remote name result from BTM when application
1311 * wants to find the name for a bdaddr
1312 *
1313 * Returns void
1314 *
1315 ******************************************************************************/
bta_dm_disc_rmt_name(tBTA_DM_MSG * p_data)1316 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1317 tBTM_INQ_INFO* p_btm_inq_info;
1318
1319 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1320
1321 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1322 if (p_btm_inq_info) {
1323 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1324 p_btm_inq_info->appl_knows_rem_name = true;
1325 }
1326 }
1327
1328 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1329 }
1330
1331 /*******************************************************************************
1332 *
1333 * Function bta_dm_sdp_result
1334 *
1335 * Description Process the discovery result from sdp
1336 *
1337 * Returns void
1338 *
1339 ******************************************************************************/
bta_dm_sdp_result(tBTA_DM_MSG * p_data)1340 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1341 tSDP_DISC_REC* p_sdp_rec = NULL;
1342 tBTA_DM_MSG* p_msg;
1343 bool scn_found = false;
1344 uint16_t service = 0xFFFF;
1345 tSDP_PROTOCOL_ELEM pe;
1346
1347 Uuid* p_uuid = bta_dm_search_cb.p_srvc_uuid;
1348 tBTA_DM_SEARCH result;
1349
1350 std::vector<Uuid> uuid_list;
1351
1352 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1353 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1354 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1355 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1356 do {
1357 p_sdp_rec = NULL;
1358 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1359 if (!bta_dm_search_cb.uuid.IsEmpty()) {
1360 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db,
1361 bta_dm_search_cb.uuid, p_sdp_rec);
1362 }
1363
1364 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1365 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1366 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1367 scn_found = true;
1368 }
1369 } else {
1370 service =
1371 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1372 p_sdp_rec =
1373 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1374 }
1375 /* finished with BR/EDR services, now we check the result for GATT based
1376 * service UUID */
1377 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1378 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) {
1379 p_uuid +=
1380 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search);
1381 /* only support 16 bits UUID for now */
1382 service = p_uuid->As16Bit();
1383 }
1384 /* all GATT based services */
1385 do {
1386 /* find a service record, report it */
1387 p_sdp_rec =
1388 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1389 if (p_sdp_rec) {
1390 Uuid service_uuid;
1391 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1392 /* send result back to app now, one by one */
1393 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1394 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1395 BD_NAME_LEN);
1396
1397 result.disc_ble_res.service = service_uuid;
1398 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1399 }
1400 }
1401
1402 if (bta_dm_search_cb.uuid_to_search > 0) break;
1403
1404 } while (p_sdp_rec);
1405 } else {
1406 /* SDP_DB_FULL means some records with the
1407 required attributes were received */
1408 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1409 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1410 (p_sdp_rec != NULL)) {
1411 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1412 bta_dm_search_cb.services_found |=
1413 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1414 bta_dm_search_cb.service_index - 1));
1415 uint16_t tmp_svc =
1416 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1417 1];
1418 /* Add to the list of UUIDs */
1419 uuid_list.push_back(Uuid::From16Bit(tmp_svc));
1420 }
1421 }
1422 }
1423
1424 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1425 bta_dm_search_cb.services_to_search == 0) {
1426 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1427 bta_dm_search_cb.uuid_to_search > 0)
1428 bta_dm_search_cb.uuid_to_search--;
1429
1430 if (bta_dm_search_cb.uuid_to_search == 0 ||
1431 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1432 bta_dm_search_cb.service_index++;
1433 } else /* regular one service per search or PNP search */
1434 break;
1435
1436 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1437
1438 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1439 bta_dm_search_cb.services_found);
1440
1441 /* Collect the 128-bit services here and put them into the list */
1442 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1443 p_sdp_rec = NULL;
1444 do {
1445 /* find a service record, report it */
1446 p_sdp_rec =
1447 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1448 if (p_sdp_rec) {
1449 // SDP_FindServiceUUIDInRec_128bit is used only once, refactor?
1450 Uuid temp_uuid;
1451 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1452 uuid_list.push_back(temp_uuid);
1453 }
1454 }
1455 } while (p_sdp_rec);
1456 }
1457 /* if there are more services to search for */
1458 if (bta_dm_search_cb.services_to_search) {
1459 /* Free up the p_sdp_db before checking the next one */
1460 bta_dm_free_sdp_db(NULL);
1461 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1462 } else {
1463 /* callbacks */
1464 /* start next bd_addr if necessary */
1465
1466 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1467
1468 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1469 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1470 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1471 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
1472 p_msg->disc_result.result.disc_res.raw_data_size = 0;
1473 p_msg->disc_result.result.disc_res.num_uuids = uuid_list.size();
1474 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1475 if (uuid_list.size() > 0) {
1476 // TODO(jpawlowski): make p_uuid_list into vector, and just copy
1477 // vectors, but first get rid of bta_sys_sendmsg below.
1478 p_msg->disc_result.result.disc_res.p_uuid_list =
1479 (Uuid*)osi_malloc(uuid_list.size() * sizeof(Uuid));
1480 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list.data(),
1481 uuid_list.size() * sizeof(Uuid));
1482 }
1483 // Copy the raw_data to the discovery result structure
1484 if (bta_dm_search_cb.p_sdp_db != NULL &&
1485 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1486 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1487 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1488 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1489 bta_dm_search_cb.p_sdp_db->raw_data);
1490
1491 p_msg->disc_result.result.disc_res.p_raw_data =
1492 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used);
1493 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
1494 bta_dm_search_cb.p_sdp_db->raw_data,
1495 bta_dm_search_cb.p_sdp_db->raw_used);
1496
1497 p_msg->disc_result.result.disc_res.raw_data_size =
1498 bta_dm_search_cb.p_sdp_db->raw_used;
1499
1500 bta_dm_search_cb.p_sdp_db->raw_data =
1501 NULL; // no need to free this - it is a global assigned.
1502 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1503 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1504 } else {
1505 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1506 __func__);
1507 }
1508 /* Done with p_sdp_db. Free it */
1509 bta_dm_free_sdp_db(NULL);
1510 p_msg->disc_result.result.disc_res.services =
1511 bta_dm_search_cb.services_found;
1512
1513 // Piggy back the SCN over result field
1514 if (scn_found) {
1515 p_msg->disc_result.result.disc_res.result =
1516 (3 + bta_dm_search_cb.peer_scn);
1517 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1518
1519 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1520 bta_dm_search_cb.peer_scn);
1521 }
1522 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1523 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1524 bta_dm_get_remname(), BD_NAME_LEN);
1525
1526 bta_sys_sendmsg(p_msg);
1527 }
1528 } else {
1529 /* conn failed. No need for timer */
1530 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED ||
1531 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED ||
1532 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR)
1533 bta_dm_search_cb.wait_disc = false;
1534
1535 /* not able to connect go to next device */
1536 if (bta_dm_search_cb.p_sdp_db)
1537 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1538
1539 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1540
1541 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1542 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1543 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1544 p_msg->disc_result.result.disc_res.services =
1545 bta_dm_search_cb.services_found;
1546 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1547 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1548 bta_dm_get_remname(), BD_NAME_LEN);
1549
1550 bta_sys_sendmsg(p_msg);
1551 }
1552 }
1553
1554 /*******************************************************************************
1555 *
1556 * Function bta_dm_search_cmpl
1557 *
1558 * Description Sends event to application
1559 *
1560 * Returns void
1561 *
1562 ******************************************************************************/
bta_dm_search_cmpl(tBTA_DM_MSG * p_data)1563 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) {
1564 APPL_TRACE_EVENT("%s", __func__);
1565
1566 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1567
1568 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT)
1569 bta_dm_di_disc_cmpl(p_data);
1570 else
1571 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL);
1572 }
1573
1574 /*******************************************************************************
1575 *
1576 * Function bta_dm_disc_result
1577 *
1578 * Description Service discovery result when discovering services on a
1579 * device
1580 *
1581 * Returns void
1582 *
1583 ******************************************************************************/
bta_dm_disc_result(tBTA_DM_MSG * p_data)1584 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1585 APPL_TRACE_EVENT("%s", __func__);
1586
1587 /* if any BR/EDR service discovery has been done, report the event */
1588 if ((bta_dm_search_cb.services &
1589 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1590 ~BTA_BLE_SERVICE_MASK)))
1591 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1592 &p_data->disc_result.result);
1593
1594 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1595
1596 /* send a message to change state */
1597 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1598 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1599 bta_sys_sendmsg(p_msg);
1600 }
1601
1602 /*******************************************************************************
1603 *
1604 * Function bta_dm_search_result
1605 *
1606 * Description Service discovery result while searching for devices
1607 *
1608 * Returns void
1609 *
1610 ******************************************************************************/
bta_dm_search_result(tBTA_DM_MSG * p_data)1611 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1612 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1613 bta_dm_search_cb.services,
1614 p_data->disc_result.result.disc_res.services);
1615
1616 /* call back if application wants name discovery or found services that
1617 * application is searching */
1618 if ((!bta_dm_search_cb.services) ||
1619 ((bta_dm_search_cb.services) &&
1620 (p_data->disc_result.result.disc_res.services))) {
1621 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1622 &p_data->disc_result.result);
1623 }
1624
1625 /* if searching did not initiate to create link */
1626 if (!bta_dm_search_cb.wait_disc) {
1627 /* if service searching is done with EIR, don't search next device */
1628 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1629 } else {
1630 /* wait until link is disconnected or timeout */
1631 bta_dm_search_cb.sdp_results = true;
1632 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1633 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1634 bta_dm_search_timer_cback, NULL);
1635 }
1636 }
1637
1638 /*******************************************************************************
1639 *
1640 * Function bta_dm_search_timer_cback
1641 *
1642 * Description Called when ACL disconnect time is over
1643 *
1644 *
1645 * Returns void
1646 *
1647 ******************************************************************************/
bta_dm_search_timer_cback(UNUSED_ATTR void * data)1648 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1649 APPL_TRACE_EVENT("%s", __func__);
1650 bta_dm_search_cb.wait_disc = false;
1651
1652 /* proceed with next device */
1653 bta_dm_discover_next_device();
1654 }
1655
1656 /*******************************************************************************
1657 *
1658 * Function bta_dm_free_sdp_db
1659 *
1660 * Description Frees SDP data base
1661 *
1662 * Returns void
1663 *
1664 ******************************************************************************/
bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG * p_data)1665 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1666 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1667 }
1668
1669 /*******************************************************************************
1670 *
1671 * Function bta_dm_queue_search
1672 *
1673 * Description Queues search command while search is being cancelled
1674 *
1675 * Returns void
1676 *
1677 ******************************************************************************/
bta_dm_queue_search(tBTA_DM_MSG * p_data)1678 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1679 osi_free(bta_dm_search_cb.p_search_queue);
1680 bta_dm_search_cb.p_search_queue =
1681 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1682 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH));
1683 }
1684
1685 /*******************************************************************************
1686 *
1687 * Function bta_dm_queue_disc
1688 *
1689 * Description Queues discovery command while search is being cancelled
1690 *
1691 * Returns void
1692 *
1693 ******************************************************************************/
bta_dm_queue_disc(tBTA_DM_MSG * p_data)1694 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1695 osi_free(bta_dm_search_cb.p_search_queue);
1696 bta_dm_search_cb.p_search_queue =
1697 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1698 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER));
1699 }
1700
1701 /*******************************************************************************
1702 *
1703 * Function bta_dm_search_clear_queue
1704 *
1705 * Description Clears the queue if API search cancel is called
1706 *
1707 * Returns void
1708 *
1709 ******************************************************************************/
bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG * p_data)1710 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1711 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue);
1712 }
1713
1714 /*******************************************************************************
1715 *
1716 * Function bta_dm_search_cancel_cmpl
1717 *
1718 * Description Search cancel is complete
1719 *
1720 * Returns void
1721 *
1722 ******************************************************************************/
bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG * p_data)1723 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1724 if (bta_dm_search_cb.p_search_queue) {
1725 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue);
1726 bta_dm_search_cb.p_search_queue = NULL;
1727 }
1728 }
1729
1730 /*******************************************************************************
1731 *
1732 * Function bta_dm_search_cancel_transac_cmpl
1733 *
1734 * Description Current Service Discovery or remote name procedure is
1735 * completed after search cancellation
1736 *
1737 * Returns void
1738 *
1739 ******************************************************************************/
bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG * p_data)1740 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1741 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1742 bta_dm_search_cancel_notify(NULL);
1743 }
1744
1745 /*******************************************************************************
1746 *
1747 * Function bta_dm_search_cancel_notify
1748 *
1749 * Description Notify application that search has been cancelled
1750 *
1751 * Returns void
1752 *
1753 ******************************************************************************/
bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG * p_data)1754 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1755 if (bta_dm_search_cb.p_search_cback) {
1756 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1757 }
1758 if (!bta_dm_search_cb.name_discover_done &&
1759 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE ||
1760 bta_dm_search_cb.state == BTA_DM_SEARCH_CANCELLING)) {
1761 BTM_CancelRemoteDeviceName();
1762 }
1763 if (bta_dm_search_cb.gatt_disc_active) {
1764 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1765 }
1766 }
1767
1768 /*******************************************************************************
1769 *
1770 * Function bta_dm_find_services
1771 *
1772 * Description Starts discovery on a device
1773 *
1774 * Returns void
1775 *
1776 ******************************************************************************/
bta_dm_find_services(const RawAddress & bd_addr)1777 static void bta_dm_find_services(const RawAddress& bd_addr) {
1778 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1779 Uuid uuid = Uuid::kEmpty;
1780 if (bta_dm_search_cb.services_to_search &
1781 (tBTA_SERVICE_MASK)(
1782 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1783 bta_dm_search_cb.p_sdp_db =
1784 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1785 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1786 bta_dm_search_cb.services);
1787 /* try to search all services by search based on L2CAP UUID */
1788 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1789 LOG_INFO("%s services_to_search=%08x", __func__,
1790 bta_dm_search_cb.services_to_search);
1791 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1792 uuid = Uuid::From16Bit(bta_service_id_to_uuid_lkup_tbl[0]);
1793 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1794 } else {
1795 uuid = Uuid::From16Bit(UUID_PROTOCOL_L2CAP);
1796 bta_dm_search_cb.services_to_search = 0;
1797 }
1798 } else {
1799 /* for LE only profile */
1800 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1801 if (bta_dm_search_cb.uuid_to_search > 0 &&
1802 bta_dm_search_cb.p_srvc_uuid) {
1803 uuid = *(bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
1804 bta_dm_search_cb.uuid_to_search);
1805
1806 bta_dm_search_cb.uuid_to_search--;
1807 } else {
1808 uuid = Uuid::From16Bit(
1809 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb
1810 .service_index]);
1811 }
1812
1813 /* last one? clear the BLE service bit if all discovery has been done
1814 */
1815 if (bta_dm_search_cb.uuid_to_search == 0)
1816 bta_dm_search_cb.services_to_search &=
1817 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK(
1818 bta_dm_search_cb.service_index)));
1819
1820 } else {
1821 /* remove the service from services to be searched */
1822 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1823 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1824 uuid = Uuid::From16Bit(
1825 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1826 }
1827 }
1828
1829 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) {
1830 uuid = bta_dm_search_cb.uuid;
1831 }
1832
1833 LOG_INFO("%s search UUID = %s", __func__, uuid.ToString().c_str());
1834 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1835 &uuid, 0, NULL);
1836
1837 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1838 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1839
1840 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1841
1842 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1843 &bta_dm_sdp_callback)) {
1844 /*
1845 * If discovery is not successful with this device, then
1846 * proceed with the next one.
1847 */
1848 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1849 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
1850
1851 } else {
1852 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1853 bta_dm_search_cb.uuid_to_search == 0) ||
1854 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1855 bta_dm_search_cb.service_index++;
1856 return;
1857 }
1858 }
1859
1860 bta_dm_search_cb.service_index++;
1861 }
1862
1863 /* no more services to be discovered */
1864 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
1865 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1866 /* initialize the data structure - includes p_raw_data and raw_data_size */
1867 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1868 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1869 p_msg->disc_result.result.disc_res.services =
1870 bta_dm_search_cb.services_found;
1871 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1872 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1873 bta_dm_get_remname(), BD_NAME_LEN);
1874
1875 bta_sys_sendmsg(p_msg);
1876 }
1877 }
1878
1879 /*******************************************************************************
1880 *
1881 * Function bta_dm_discover_next_device
1882 *
1883 * Description Starts discovery on the next device in Inquiry data base
1884 *
1885 * Returns void
1886 *
1887 ******************************************************************************/
bta_dm_discover_next_device(void)1888 static void bta_dm_discover_next_device(void) {
1889 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
1890
1891 /* searching next device on inquiry result */
1892 bta_dm_search_cb.p_btm_inq_info =
1893 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
1894 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1895 bta_dm_search_cb.name_discover_done = false;
1896 bta_dm_search_cb.peer_name[0] = 0;
1897 bta_dm_discover_device(
1898 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1899 } else {
1900 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1901
1902 /* no devices, search complete */
1903 bta_dm_search_cb.services = 0;
1904
1905 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1906 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1907
1908 bta_sys_sendmsg(p_msg);
1909 }
1910 }
1911
1912 /*******************************************************************************
1913 *
1914 * Function bta_dm_discover_device
1915 *
1916 * Description Starts name and service discovery on the device
1917 *
1918 * Returns void
1919 *
1920 ******************************************************************************/
bta_dm_discover_device(const RawAddress & remote_bd_addr)1921 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
1922 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1923 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) {
1924 tBT_DEVICE_TYPE dev_type;
1925 tBLE_ADDR_TYPE addr_type;
1926
1927 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
1928 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
1929 transport = BT_TRANSPORT_LE;
1930 } else {
1931 transport = bta_dm_search_cb.transport;
1932 }
1933
1934 /* Reset transport state for next discovery */
1935 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN;
1936
1937 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
1938
1939 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
1940
1941 APPL_TRACE_DEBUG(
1942 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
1943 __func__, bta_dm_search_cb.name_discover_done,
1944 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
1945
1946 if (bta_dm_search_cb.p_btm_inq_info) {
1947 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
1948 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
1949 }
1950 if (((bta_dm_search_cb.p_btm_inq_info) &&
1951 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
1952 BT_DEVICE_TYPE_BLE) &&
1953 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) ||
1954 (transport == BT_TRANSPORT_LE &&
1955 interop_match_addr(INTEROP_DISABLE_NAME_REQUEST,
1956 &bta_dm_search_cb.peer_bdaddr))) {
1957 /* Do not perform RNR for LE devices at inquiry complete*/
1958 bta_dm_search_cb.name_discover_done = true;
1959 }
1960 /* if name discovery is not done and application needs remote name */
1961 if ((!bta_dm_search_cb.name_discover_done) &&
1962 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
1963 (bta_dm_search_cb.p_btm_inq_info &&
1964 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
1965 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr, transport))
1966 return;
1967
1968 /* starting name discovery failed */
1969 bta_dm_search_cb.name_discover_done = true;
1970 }
1971
1972 /* if application wants to discover service */
1973 if (bta_dm_search_cb.services) {
1974 /* initialize variables */
1975 bta_dm_search_cb.service_index = 0;
1976 bta_dm_search_cb.services_found = 0;
1977 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1978 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1979 if ((bta_dm_search_cb.p_btm_inq_info != NULL) &&
1980 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK &&
1981 (!bta_dm_search_cb.sdp_search)) {
1982 /* check if EIR provides the information of supported services */
1983 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results,
1984 &bta_dm_search_cb.services_to_search,
1985 &bta_dm_search_cb.services_found);
1986 }
1987
1988 /* if seaching with EIR is not completed */
1989 if (bta_dm_search_cb.services_to_search) {
1990 /* check whether connection already exists to the device
1991 if connection exists, we don't have to wait for ACL
1992 link to go down to start search on next device */
1993 if (transport == BT_TRANSPORT_BR_EDR) {
1994 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
1995 BT_TRANSPORT_BR_EDR))
1996 bta_dm_search_cb.wait_disc = false;
1997 else
1998 bta_dm_search_cb.wait_disc = true;
1999 }
2000 if (bta_dm_search_cb.p_btm_inq_info) {
2001 APPL_TRACE_DEBUG(
2002 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
2003 "services_to_search 0x%x",
2004 __func__, bta_dm_search_cb.p_btm_inq_info,
2005 bta_dm_search_cb.p_btm_inq_info->results.device_type,
2006 bta_dm_search_cb.services_to_search);
2007 }
2008
2009 if (transport == BT_TRANSPORT_LE) {
2010 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
2011 // set the raw data buffer here
2012 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
2013 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf;
2014
2015 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF;
2016 bta_dm_search_cb.ble_raw_used = 0;
2017
2018 /* start GATT for service discovery */
2019 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
2020 return;
2021 }
2022 } else {
2023 bta_dm_search_cb.sdp_results = false;
2024 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
2025 return;
2026 }
2027 }
2028 }
2029
2030 /* name discovery and service discovery are done for this device */
2031 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2032 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2033 /* initialize the data structure - includes p_raw_data and raw_data_size */
2034 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2035 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
2036 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
2037 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2038 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2039 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN);
2040
2041 bta_sys_sendmsg(p_msg);
2042 }
2043
2044 /*******************************************************************************
2045 *
2046 * Function bta_dm_sdp_callback
2047 *
2048 * Description Callback from sdp with discovery status
2049 *
2050 * Returns void
2051 *
2052 ******************************************************************************/
bta_dm_sdp_callback(uint16_t sdp_status)2053 static void bta_dm_sdp_callback(uint16_t sdp_status) {
2054 tBTA_DM_SDP_RESULT* p_msg =
2055 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
2056
2057 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
2058 p_msg->sdp_result = sdp_status;
2059
2060 bta_sys_sendmsg(p_msg);
2061 }
2062
2063 /*******************************************************************************
2064 *
2065 * Function bta_dm_inq_results_cb
2066 *
2067 * Description Inquiry results callback from BTM
2068 *
2069 * Returns void
2070 *
2071 ******************************************************************************/
bta_dm_inq_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)2072 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
2073 uint16_t eir_len) {
2074 tBTA_DM_SEARCH result;
2075 tBTM_INQ_INFO* p_inq_info;
2076 uint16_t service_class;
2077
2078 result.inq_res.bd_addr = p_inq->remote_bd_addr;
2079 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
2080 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
2081 result.inq_res.is_limited =
2082 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
2083 result.inq_res.rssi = p_inq->rssi;
2084
2085 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
2086 result.inq_res.inq_result_type = p_inq->inq_result_type;
2087 result.inq_res.device_type = p_inq->device_type;
2088 result.inq_res.flag = p_inq->flag;
2089
2090 /* application will parse EIR to find out remote device name */
2091 result.inq_res.p_eir = p_eir;
2092 result.inq_res.eir_len = eir_len;
2093
2094 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
2095 if (p_inq_info != NULL) {
2096 /* initialize remt_name_not_required to false so that we get the name by
2097 * default */
2098 result.inq_res.remt_name_not_required = false;
2099 }
2100
2101 if (bta_dm_search_cb.p_search_cback)
2102 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
2103
2104 if (p_inq_info) {
2105 /* application indicates if it knows the remote name, inside the callback
2106 copy that to the inquiry data base*/
2107 if (result.inq_res.remt_name_not_required)
2108 p_inq_info->appl_knows_rem_name = true;
2109 }
2110 }
2111
2112 /*******************************************************************************
2113 *
2114 * Function bta_dm_inq_cmpl_cb
2115 *
2116 * Description Inquiry complete callback from BTM
2117 *
2118 * Returns void
2119 *
2120 ******************************************************************************/
bta_dm_inq_cmpl_cb(void * p_result)2121 static void bta_dm_inq_cmpl_cb(void* p_result) {
2122 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2123
2124 APPL_TRACE_DEBUG("%s", __func__);
2125
2126 if (!bta_dm_search_cb.cancel_pending) {
2127 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
2128 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
2129 } else {
2130 bta_dm_search_cb.cancel_pending = false;
2131 bta_dm_search_cancel_notify(NULL);
2132 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2133 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2134 }
2135
2136 bta_sys_sendmsg(p_msg);
2137 }
2138
2139 /*******************************************************************************
2140 *
2141 * Function bta_dm_service_search_remname_cback
2142 *
2143 * Description Remote name call back from BTM during service discovery
2144 *
2145 * Returns void
2146 *
2147 ******************************************************************************/
bta_dm_service_search_remname_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dc,BD_NAME bd_name)2148 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
2149 UNUSED_ATTR DEV_CLASS dc,
2150 BD_NAME bd_name) {
2151 tBTM_REMOTE_DEV_NAME rem_name;
2152 tBTM_STATUS btm_status;
2153
2154 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
2155
2156 /* if this is what we are looking for */
2157 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
2158 rem_name.length = strlen((char*)bd_name);
2159 if (rem_name.length > (BD_NAME_LEN - 1)) {
2160 rem_name.length = (BD_NAME_LEN - 1);
2161 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0;
2162 }
2163 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN);
2164 rem_name.status = BTM_SUCCESS;
2165
2166 bta_dm_remname_cback(&rem_name);
2167 } else {
2168 /* get name of device */
2169 btm_status =
2170 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
2171 bta_dm_remname_cback, BT_TRANSPORT_BR_EDR);
2172 if (btm_status == BTM_BUSY) {
2173 /* wait for next chance(notification of remote name discovery done) */
2174 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
2175 } else if (btm_status != BTM_CMD_STARTED) {
2176 /* if failed to start getting remote name then continue */
2177 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
2178 __func__, btm_status);
2179
2180 rem_name.length = 0;
2181 rem_name.remote_bd_name[0] = 0;
2182 rem_name.status = btm_status;
2183 bta_dm_remname_cback(&rem_name);
2184 }
2185 }
2186 }
2187
2188 /*******************************************************************************
2189 *
2190 * Function bta_dm_remname_cback
2191 *
2192 * Description Remote name complete call back from BTM
2193 *
2194 * Returns void
2195 *
2196 ******************************************************************************/
bta_dm_remname_cback(void * p)2197 static void bta_dm_remname_cback(void* p) {
2198 tBTM_REMOTE_DEV_NAME* p_remote_name = (tBTM_REMOTE_DEV_NAME*)p;
2199 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
2200 p_remote_name->length, p_remote_name->remote_bd_name);
2201
2202 /* remote name discovery is done but it could be failed */
2203 bta_dm_search_cb.name_discover_done = true;
2204 strlcpy((char*)bta_dm_search_cb.peer_name,
2205 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2206
2207 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
2208
2209 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
2210 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
2211 }
2212
2213 tBTA_DM_REM_NAME* p_msg =
2214 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
2215 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2216 strlcpy((char*)p_msg->result.disc_res.bd_name,
2217 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2218 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
2219
2220 bta_sys_sendmsg(p_msg);
2221 }
2222
2223 /*******************************************************************************
2224 *
2225 * Function bta_dm_authorize_cback
2226 *
2227 * Description cback requesting authorization
2228 *
2229 * Returns void
2230 *
2231 ******************************************************************************/
bta_dm_authorize_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,UNUSED_ATTR uint8_t * service_name,uint8_t service_id,UNUSED_ATTR bool is_originator)2232 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
2233 DEV_CLASS dev_class, BD_NAME bd_name,
2234 UNUSED_ATTR uint8_t* service_name,
2235 uint8_t service_id,
2236 UNUSED_ATTR bool is_originator) {
2237 tBTA_DM_SEC sec_event;
2238 uint8_t index = 1;
2239
2240 sec_event.authorize.bd_addr = bd_addr;
2241 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN);
2242 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN);
2243
2244 #if (BTA_JV_INCLUDED == TRUE)
2245 sec_event.authorize.service = service_id;
2246 #endif
2247
2248 while (index < BTA_MAX_SERVICE_ID) {
2249 /* get the BTA service id corresponding to BTM id */
2250 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) {
2251 sec_event.authorize.service = index;
2252 break;
2253 }
2254 index++;
2255 }
2256
2257 /* if supported service callback otherwise not authorized */
2258 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID
2259 #if (BTA_JV_INCLUDED == TRUE)
2260 /* pass through JV service ID */
2261 || (service_id >= BTA_FIRST_JV_SERVICE_ID &&
2262 service_id <= BTA_LAST_JV_SERVICE_ID)
2263 #endif
2264 )) {
2265 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event);
2266 return BTM_CMD_STARTED;
2267 } else {
2268 return BTM_NOT_AUTHORIZED;
2269 }
2270 }
2271
2272 /*******************************************************************************
2273 *
2274 * Function bta_dm_pinname_cback
2275 *
2276 * Description Callback requesting pin_key
2277 *
2278 * Returns void
2279 *
2280 ******************************************************************************/
bta_dm_pinname_cback(void * p_data)2281 static void bta_dm_pinname_cback(void* p_data) {
2282 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
2283 tBTA_DM_SEC sec_event;
2284 uint32_t bytes_to_copy;
2285 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
2286
2287 if (BTA_DM_SP_CFM_REQ_EVT == event) {
2288 /* Retrieved saved device class and bd_addr */
2289 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
2290 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
2291
2292 if (p_result && p_result->status == BTM_SUCCESS) {
2293 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2294 ? p_result->length
2295 : (BD_NAME_LEN - 1);
2296 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
2297 bytes_to_copy);
2298 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2299 } else /* No name found */
2300 sec_event.cfm_req.bd_name[0] = 0;
2301
2302 sec_event.key_notif.passkey =
2303 bta_dm_cb.num_val; /* get PIN code numeric number */
2304
2305 /* 1 additional event data fields for this event */
2306 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
2307 /* retrieve the loc and rmt caps */
2308 sec_event.cfm_req.loc_io_caps = bta_dm_cb.loc_io_caps;
2309 sec_event.cfm_req.rmt_io_caps = bta_dm_cb.rmt_io_caps;
2310 sec_event.cfm_req.loc_auth_req = bta_dm_cb.loc_auth_req;
2311 sec_event.cfm_req.rmt_auth_req = bta_dm_cb.rmt_auth_req;
2312
2313 } else {
2314 /* Retrieved saved device class and bd_addr */
2315 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
2316 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2317
2318 if (p_result && p_result->status == BTM_SUCCESS) {
2319 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2320 ? p_result->length
2321 : (BD_NAME_LEN - 1);
2322 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2323 bytes_to_copy);
2324 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2325 } else /* No name found */
2326 sec_event.pin_req.bd_name[0] = 0;
2327
2328 event = bta_dm_cb.pin_evt;
2329 sec_event.key_notif.passkey =
2330 bta_dm_cb.num_val; /* get PIN code numeric number */
2331 }
2332
2333 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2334 }
2335
2336 /*******************************************************************************
2337 *
2338 * Function bta_dm_pin_cback
2339 *
2340 * Description Callback requesting pin_key
2341 *
2342 * Returns void
2343 *
2344 ******************************************************************************/
bta_dm_pin_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,bool min_16_digit)2345 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2346 BD_NAME bd_name, bool min_16_digit) {
2347 tBTA_DM_SEC sec_event;
2348
2349 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2350
2351 /* If the device name is not known, save bdaddr and devclass and initiate a
2352 * name request */
2353 if (bd_name[0] == 0) {
2354 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2355 bta_dm_cb.pin_bd_addr = bd_addr;
2356 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2357 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2358 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2359 return BTM_CMD_STARTED;
2360
2361 APPL_TRACE_WARNING(
2362 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2363 }
2364
2365 sec_event.pin_req.bd_addr = bd_addr;
2366 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2367 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN);
2368 sec_event.pin_req.min_16_digit = min_16_digit;
2369
2370 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2371 return BTM_CMD_STARTED;
2372 }
2373
2374 /*******************************************************************************
2375 *
2376 * Function bta_dm_new_link_key_cback
2377 *
2378 * Description Callback from BTM to notify new link key
2379 *
2380 * Returns void
2381 *
2382 ******************************************************************************/
bta_dm_new_link_key_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,const LinkKey & key,uint8_t key_type)2383 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2384 UNUSED_ATTR DEV_CLASS dev_class,
2385 BD_NAME bd_name, const LinkKey& key,
2386 uint8_t key_type) {
2387 tBTA_DM_SEC sec_event;
2388 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2389 uint8_t event;
2390
2391 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2392
2393 /* Not AMP Key type */
2394 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) {
2395 event = BTA_DM_AUTH_CMPL_EVT;
2396 p_auth_cmpl = &sec_event.auth_cmpl;
2397
2398 p_auth_cmpl->bd_addr = bd_addr;
2399
2400 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1));
2401 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0;
2402 p_auth_cmpl->key_present = true;
2403 p_auth_cmpl->key_type = key_type;
2404 p_auth_cmpl->success = true;
2405 p_auth_cmpl->key = key;
2406 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2407
2408 // Report the BR link key based on the BR/EDR address and type
2409 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2410 &sec_event.auth_cmpl.addr_type);
2411 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2412
2413 // Setting remove_dev_pending flag to false, where it will avoid deleting
2414 // the
2415 // security device record when the ACL connection link goes down in case of
2416 // reconnection.
2417 if (bta_dm_cb.device_list.count)
2418 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2419 } else {
2420 APPL_TRACE_WARNING("%s() Received AMP Key", __func__);
2421 }
2422
2423 return BTM_CMD_STARTED;
2424 }
2425
2426 /*******************************************************************************
2427 *
2428 * Function bta_dm_authentication_complete_cback
2429 *
2430 * Description Authentication complete callback from BTM
2431 *
2432 * Returns void
2433 *
2434 ******************************************************************************/
bta_dm_authentication_complete_cback(const RawAddress & bd_addr,UNUSED_ATTR DEV_CLASS dev_class,BD_NAME bd_name,int result)2435 static uint8_t bta_dm_authentication_complete_cback(
2436 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name,
2437 int result) {
2438 tBTA_DM_SEC sec_event;
2439
2440 if (result != BTM_SUCCESS) {
2441 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2442 sec_event.auth_cmpl.bd_addr = bd_addr;
2443
2444 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1));
2445 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
2446
2447 // Report the BR link key based on the BR/EDR address and type
2448 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2449 &sec_event.auth_cmpl.addr_type);
2450 sec_event.auth_cmpl.fail_reason = (uint8_t)result;
2451
2452 if (bta_dm_cb.p_sec_cback)
2453 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2454
2455 if (result == HCI_ERR_AUTH_FAILURE || result == HCI_ERR_KEY_MISSING ||
2456 result == HCI_ERR_HOST_REJECT_SECURITY ||
2457 result == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) {
2458 APPL_TRACE_WARNING("%s deleting %s - result: 0x%02x", __func__,
2459 bd_addr.ToString().c_str(), result);
2460 bta_dm_remove_sec_dev_entry(bd_addr);
2461 }
2462 }
2463
2464 return BTM_SUCCESS;
2465 }
2466
2467 /*******************************************************************************
2468 *
2469 * Function bta_dm_sp_cback
2470 *
2471 * Description simple pairing callback from BTM
2472 *
2473 * Returns void
2474 *
2475 ******************************************************************************/
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)2476 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
2477 tBTM_STATUS status = BTM_CMD_STARTED;
2478 tBTA_DM_SEC sec_event;
2479 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2480
2481 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2482 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2483
2484 /* TODO_SP */
2485 switch (event) {
2486 case BTM_SP_IO_REQ_EVT:
2487 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2488 /* translate auth_req */
2489 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap,
2490 &p_data->io_req.oob_data, &p_data->io_req.auth_req,
2491 p_data->io_req.is_orig);
2492 }
2493 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2494 p_data->io_req.oob_data);
2495 break;
2496 case BTM_SP_IO_RSP_EVT:
2497 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2498 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2499 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2500 }
2501 break;
2502
2503 case BTM_SP_CFM_REQ_EVT:
2504 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2505 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2506 p_data->cfm_req.just_works;
2507 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2508 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2509 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2510 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2511
2512 [[fallthrough]];
2513 /* Passkey entry mode, mobile device with output capability is very
2514 unlikely to receive key request, so skip this event */
2515 /*case BTM_SP_KEY_REQ_EVT: */
2516 case BTM_SP_KEY_NOTIF_EVT:
2517 if (btm_local_io_caps == BTM_IO_CAP_NONE &&
2518 BTM_SP_KEY_NOTIF_EVT == event) {
2519 status = BTM_NOT_AUTHORIZED;
2520 break;
2521 }
2522
2523 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2524 p_data->key_notif.passkey;
2525
2526 if (BTM_SP_CFM_REQ_EVT == event) {
2527 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2528 call remote name request using values from cfm_req */
2529 if (p_data->cfm_req.bd_name[0] == 0) {
2530 bta_dm_cb.pin_evt = pin_evt;
2531 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2532 bta_dm_cb.rmt_io_caps = sec_event.cfm_req.rmt_io_caps;
2533 bta_dm_cb.loc_io_caps = sec_event.cfm_req.loc_io_caps;
2534 bta_dm_cb.rmt_auth_req = sec_event.cfm_req.rmt_auth_req;
2535 bta_dm_cb.loc_auth_req = sec_event.cfm_req.loc_auth_req;
2536
2537 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2538 p_data->cfm_req.dev_class);
2539 if ((BTM_ReadRemoteDeviceName(
2540 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2541 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2542 return BTM_CMD_STARTED;
2543 APPL_TRACE_WARNING(
2544 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2545 } else {
2546 /* Due to the switch case falling through below to
2547 BTM_SP_KEY_NOTIF_EVT,
2548 copy these values into key_notif from cfm_req */
2549 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2550 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2551 p_data->cfm_req.dev_class);
2552 strlcpy((char*)sec_event.key_notif.bd_name,
2553 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN);
2554 }
2555 }
2556
2557 if (BTM_SP_KEY_NOTIF_EVT == event) {
2558 /* If the device name is not known, save bdaddr and devclass
2559 and initiate a name request with values from key_notif */
2560 if (p_data->key_notif.bd_name[0] == 0) {
2561 bta_dm_cb.pin_evt = pin_evt;
2562 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2563 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2564 p_data->key_notif.dev_class);
2565 if ((BTM_ReadRemoteDeviceName(
2566 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2567 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2568 return BTM_CMD_STARTED;
2569 APPL_TRACE_WARNING(
2570 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2571 } else {
2572 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2573 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2574 p_data->key_notif.dev_class);
2575 strlcpy((char*)sec_event.key_notif.bd_name,
2576 (char*)p_data->key_notif.bd_name, BD_NAME_LEN);
2577 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0;
2578 }
2579 }
2580
2581 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2582
2583 break;
2584
2585 case BTM_SP_LOC_OOB_EVT:
2586 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS),
2587 p_data->loc_oob.c, p_data->loc_oob.r);
2588 break;
2589
2590 case BTM_SP_RMT_OOB_EVT:
2591 /* If the device name is not known, save bdaddr and devclass and initiate
2592 * a name request */
2593 if (p_data->rmt_oob.bd_name[0] == 0) {
2594 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT;
2595 bta_dm_cb.pin_bd_addr = p_data->rmt_oob.bd_addr;
2596 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2597 p_data->rmt_oob.dev_class);
2598 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr,
2599 bta_dm_pinname_cback,
2600 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2601 return BTM_CMD_STARTED;
2602 APPL_TRACE_WARNING(
2603 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2604 }
2605
2606 sec_event.rmt_oob.bd_addr = p_data->rmt_oob.bd_addr;
2607 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class,
2608 p_data->rmt_oob.dev_class);
2609 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name,
2610 BD_NAME_LEN);
2611
2612 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event);
2613
2614 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr);
2615 break;
2616
2617 case BTM_SP_COMPLT_EVT:
2618 /* do not report this event - handled by link_key_callback or
2619 * auth_complete_callback */
2620 break;
2621
2622 case BTM_SP_KEYPRESS_EVT:
2623 memcpy(&sec_event.key_press, &p_data->key_press,
2624 sizeof(tBTM_SP_KEYPRESS));
2625 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event);
2626 break;
2627
2628 case BTM_SP_UPGRADE_EVT:
2629 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade);
2630 break;
2631
2632 default:
2633 status = BTM_NOT_AUTHORIZED;
2634 break;
2635 }
2636 APPL_TRACE_EVENT("dm status: %d", status);
2637 return status;
2638 }
2639
2640 /*******************************************************************************
2641 *
2642 * Function bta_dm_local_name_cback
2643 *
2644 * Description Callback from btm after local name is read
2645 *
2646 *
2647 * Returns void
2648 *
2649 ******************************************************************************/
bta_dm_local_name_cback(UNUSED_ATTR void * p_name)2650 static void bta_dm_local_name_cback(UNUSED_ATTR void* p_name) {
2651 tBTA_DM_SEC sec_event;
2652
2653 sec_event.enable.status = BTA_SUCCESS;
2654
2655 if (bta_dm_cb.p_sec_cback)
2656 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event);
2657 }
2658
send_busy_level_update(uint8_t busy_level,uint8_t busy_level_flags)2659 static void send_busy_level_update(uint8_t busy_level,
2660 uint8_t busy_level_flags) {
2661 if (!bta_dm_cb.p_sec_cback) return;
2662
2663 tBTA_DM_SEC conn;
2664 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2665 conn.busy_level.level = busy_level;
2666 conn.busy_level.level_flags = busy_level_flags;
2667 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn);
2668 }
2669
handle_role_change(const RawAddress & bd_addr,uint8_t new_role,uint8_t hci_status)2670 static void handle_role_change(const RawAddress& bd_addr, uint8_t new_role,
2671 uint8_t hci_status) {
2672 tBTA_DM_SEC conn;
2673 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2674
2675 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2676 if (!p_dev) return;
2677 LOG_INFO("%s: peer %s info:0x%x new_role:0x%x dev count:%d hci_status=%d",
2678 __func__, bd_addr.ToString().c_str(), p_dev->info, new_role,
2679 bta_dm_cb.device_list.count, hci_status);
2680 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) {
2681 bool need_policy_change = false;
2682
2683 /* there's AV activity on this link */
2684 if (new_role == HCI_ROLE_SLAVE && bta_dm_cb.device_list.count > 1 &&
2685 hci_status == HCI_SUCCESS) {
2686 /* more than one connections and the AV connection is role switched
2687 * to slave
2688 * switch it back to master and remove the switch policy */
2689 BTM_SwitchRole(bd_addr, BTM_ROLE_MASTER, NULL);
2690 need_policy_change = true;
2691 } else if (p_bta_dm_cfg->avoid_scatter && (new_role == HCI_ROLE_MASTER)) {
2692 /* if the link updated to be master include AV activities, remove
2693 * the switch policy */
2694 need_policy_change = true;
2695 }
2696
2697 if (need_policy_change) {
2698 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2699 p_dev->peer_bdaddr);
2700 }
2701 } else {
2702 /* there's AV no activity on this link and role switch happened
2703 * check if AV is active
2704 * if so, make sure the AV link is master */
2705 bta_dm_check_av(0);
2706 }
2707 bta_sys_notify_role_chg(bd_addr, new_role, hci_status);
2708 conn.role_chg.bd_addr = bd_addr;
2709 conn.role_chg.new_role = (uint8_t)new_role;
2710 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, &conn);
2711 }
2712
bta_dm_acl_change(bool is_new,const RawAddress & bd_addr,tBT_TRANSPORT transport,uint16_t handle)2713 static void bta_dm_acl_change(bool is_new, const RawAddress& bd_addr,
2714 tBT_TRANSPORT transport, uint16_t handle) {
2715 bool issue_unpair_cb = false;
2716
2717 tBTA_DM_SEC conn;
2718 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2719
2720 if (is_new) {
2721 uint8_t i;
2722 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2723 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
2724 bta_dm_cb.device_list.peer_device[i].conn_handle == handle)
2725 break;
2726 }
2727
2728 if (i == bta_dm_cb.device_list.count) {
2729 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
2730 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2731 .peer_bdaddr = bd_addr;
2732 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2733 .link_policy = bta_dm_cb.cur_policy;
2734 bta_dm_cb.device_list.count++;
2735 bta_dm_cb.device_list.peer_device[i].conn_handle = handle;
2736 if (transport == BT_TRANSPORT_LE) bta_dm_cb.device_list.le_count++;
2737 } else {
2738 APPL_TRACE_ERROR("%s max active connection reached, no resources",
2739 __func__);
2740 return;
2741 }
2742 }
2743
2744 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED;
2745 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE;
2746 conn.link_up.bd_addr = bd_addr;
2747 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE;
2748 conn.link_up.link_type = transport;
2749 bta_dm_cb.device_list.peer_device[i].transport = transport;
2750
2751 const controller_t* controller = controller_get_interface();
2752 uint8_t* p;
2753 if (controller->supports_sniff_subrating() &&
2754 ((NULL != (p = BTM_ReadRemoteFeatures(bd_addr))) &&
2755 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) {
2756 /* both local and remote devices support SSR */
2757 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR;
2758 }
2759 APPL_TRACE_WARNING("%s info: 0x%x", __func__,
2760 bta_dm_cb.device_list.peer_device[i].info);
2761
2762 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, &conn);
2763 } else {
2764 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2765 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != bd_addr ||
2766 bta_dm_cb.device_list.peer_device[i].transport != transport)
2767 continue;
2768
2769 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) {
2770 if (BTM_SecDeleteDevice(
2771 bta_dm_cb.device_list.peer_device[i].peer_bdaddr))
2772 issue_unpair_cb = true;
2773
2774 /* remove all cached GATT information */
2775 BTA_GATTC_Refresh(bd_addr);
2776
2777 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
2778 issue_unpair_cb);
2779 }
2780
2781 conn.link_down.is_removed =
2782 bta_dm_cb.device_list.peer_device[i].remove_dev_pending;
2783
2784 // Iterate to the one before the last when shrinking the list,
2785 // otherwise we memcpy garbage data into the record.
2786 // Then clear out the last item in the list since we are shrinking.
2787 for (; i < bta_dm_cb.device_list.count - 1; i++) {
2788 memcpy(&bta_dm_cb.device_list.peer_device[i],
2789 &bta_dm_cb.device_list.peer_device[i + 1],
2790 sizeof(bta_dm_cb.device_list.peer_device[i]));
2791 }
2792 if (bta_dm_cb.device_list.count > 0) {
2793 int clear_index = bta_dm_cb.device_list.count - 1;
2794 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
2795 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
2796 }
2797 break;
2798 }
2799 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
2800 if ((transport == BT_TRANSPORT_LE) && (bta_dm_cb.device_list.le_count))
2801 bta_dm_cb.device_list.le_count--;
2802 conn.link_down.link_type = transport;
2803
2804 if ((transport == BT_TRANSPORT_BR_EDR) &&
2805 (bta_dm_search_cb.wait_disc &&
2806 bta_dm_search_cb.peer_bdaddr == bd_addr)) {
2807 bta_dm_search_cb.wait_disc = false;
2808
2809 if (bta_dm_search_cb.sdp_results) {
2810 APPL_TRACE_EVENT(" timer stopped ");
2811 alarm_cancel(bta_dm_search_cb.search_timer);
2812 bta_dm_discover_next_device();
2813 }
2814 }
2815
2816 if (bta_dm_cb.disabling) {
2817 if (!BTM_GetNumAclLinks()) {
2818 /*
2819 * Start a timer to make sure that the profiles
2820 * get the disconnect event.
2821 */
2822 alarm_set_on_mloop(bta_dm_cb.disable_timer,
2823 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
2824 bta_dm_disable_conn_down_timer_cback, NULL);
2825 }
2826 }
2827 if (conn.link_down.is_removed) {
2828 BTM_SecDeleteDevice(bd_addr);
2829 /* need to remove all pending background connection */
2830 BTA_GATTC_CancelOpen(0, bd_addr, false);
2831 /* remove all cached GATT information */
2832 BTA_GATTC_Refresh(bd_addr);
2833 }
2834
2835 conn.link_down.bd_addr = bd_addr;
2836 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code();
2837 if (bta_dm_cb.p_sec_cback) {
2838 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
2839 if (issue_unpair_cb)
2840 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
2841 }
2842 }
2843
2844 bta_dm_adjust_roles(true);
2845 }
2846
2847 /** Callback from btm when acl connection goes up or down */
bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA * p_data)2848 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) {
2849 switch (p_data->event) {
2850 case BTM_BL_CONN_EVT:
2851 /* connection up */
2852 do_in_main_thread(
2853 FROM_HERE, base::Bind(bta_dm_acl_change, true, *p_data->conn.p_bda,
2854 p_data->conn.transport, p_data->conn.handle));
2855 break;
2856 case BTM_BL_DISCN_EVT:
2857 /* connection down */
2858 do_in_main_thread(
2859 FROM_HERE, base::Bind(bta_dm_acl_change, false, *p_data->discn.p_bda,
2860 p_data->discn.transport, p_data->discn.handle));
2861 break;
2862
2863 case BTM_BL_UPDATE_EVT: {
2864 /* busy level update */
2865 do_in_main_thread(FROM_HERE, base::Bind(send_busy_level_update,
2866 p_data->update.busy_level,
2867 p_data->update.busy_level_flags));
2868 return;
2869 }
2870 case BTM_BL_ROLE_CHG_EVT: {
2871 const auto& tmp = p_data->role_chg;
2872 do_in_main_thread(FROM_HERE, base::Bind(handle_role_change, *tmp.p_bda,
2873 tmp.new_role, tmp.hci_status));
2874 return;
2875 }
2876
2877 case BTM_BL_COLLISION_EVT:
2878 /* Collision report from Stack: Notify profiles */
2879 do_in_main_thread(
2880 FROM_HERE, base::Bind(bta_sys_notify_collision, *p_data->conn.p_bda));
2881 return;
2882 }
2883 }
2884
2885 /*******************************************************************************
2886 *
2887 * Function bta_dm_rs_cback
2888 *
2889 * Description Receives the role switch complete event
2890 *
2891 * Returns
2892 *
2893 ******************************************************************************/
bta_dm_rs_cback(UNUSED_ATTR void * p1)2894 static void bta_dm_rs_cback(UNUSED_ATTR void* p1) {
2895 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event);
2896 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) {
2897 bta_dm_cb.search_msg.rs_res =
2898 BTA_DM_RS_OK; /* do not care about the result for now */
2899 bta_dm_cb.rs_event = 0;
2900 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg);
2901 }
2902 }
2903
2904 /*******************************************************************************
2905 *
2906 * Function bta_dm_check_av
2907 *
2908 * Description This function checks if AV is active
2909 * if yes, make sure the AV link is master
2910 *
2911 * Returns bool - true, if switch is in progress
2912 *
2913 ******************************************************************************/
bta_dm_check_av(uint16_t event)2914 static bool bta_dm_check_av(uint16_t event) {
2915 bool avoid_roleswitch = false;
2916 bool switching = false;
2917 uint8_t i;
2918 tBTA_DM_PEER_DEVICE* p_dev;
2919
2920 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE)
2921
2922 /* avoid role switch upon inquiry if a2dp is actively streaming as it
2923 introduces an audioglitch due to FW scheduling delays (unavoidable) */
2924 if (event == BTA_DM_API_SEARCH_EVT) {
2925 avoid_roleswitch = true;
2926 }
2927 #endif
2928
2929 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count);
2930 if (bta_dm_cb.cur_av_count) {
2931 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2932 p_dev = &bta_dm_cb.device_list.peer_device[i];
2933 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i,
2934 p_dev->conn_state, p_dev->info, avoid_roleswitch);
2935 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2936 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (!avoid_roleswitch)) {
2937 /* make master and take away the role switch policy */
2938 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr,
2939 HCI_ROLE_MASTER,
2940 bta_dm_rs_cback)) {
2941 /* the role switch command is actually sent */
2942 bta_dm_cb.rs_event = event;
2943 switching = true;
2944 }
2945 /* else either already master or can not switch for some reasons */
2946 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2947 p_dev->peer_bdaddr);
2948 break;
2949 }
2950 }
2951 }
2952 return switching;
2953 }
2954
2955 /*******************************************************************************
2956 *
2957 * Function bta_dm_disable_conn_down_timer_cback
2958 *
2959 * Description Sends disable event to application
2960 *
2961 *
2962 * Returns void
2963 *
2964 ******************************************************************************/
bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void * data)2965 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
2966 tBTA_SYS_HW_MSG* sys_enable_event =
2967 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
2968
2969 /* disable the power managment module */
2970 bta_dm_disable_pm();
2971
2972 /* register our callback to SYS HW manager */
2973 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
2974
2975 /* send a message to BTA SYS */
2976 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT;
2977 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
2978 bta_sys_sendmsg(sys_enable_event);
2979
2980 bta_dm_cb.disabling = false;
2981 }
2982
2983 /*******************************************************************************
2984 *
2985 * Function bta_dm_rm_cback
2986 *
2987 * Description Role management callback from sys
2988 *
2989 *
2990 * Returns void
2991 *
2992 ******************************************************************************/
bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status,uint8_t id,uint8_t app_id,const RawAddress & peer_addr)2993 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
2994 uint8_t app_id, const RawAddress& peer_addr) {
2995 uint8_t j;
2996 tBTA_PREF_ROLES role;
2997 tBTA_DM_PEER_DEVICE* p_dev;
2998
2999 p_dev = bta_dm_find_peer_device(peer_addr);
3000 if (status == BTA_SYS_CONN_OPEN) {
3001 if (p_dev) {
3002 /* Do not set to connected if we are in the middle of unpairing. When AV
3003 * stream is
3004 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
3005 * switch command.
3006 * But this should not be done if we are in the middle of unpairing.
3007 */
3008 if (p_dev->conn_state != BTA_DM_UNPAIRING)
3009 p_dev->conn_state = BTA_DM_CONNECTED;
3010
3011 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
3012 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
3013 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
3014 (p_bta_dm_rm_cfg[j].id == id)) {
3015 role = p_bta_dm_rm_cfg[j].cfg;
3016
3017 if (role > p_dev->pref_role) p_dev->pref_role = role;
3018 break;
3019 }
3020 }
3021 }
3022 }
3023
3024 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) {
3025 if (status == BTA_SYS_CONN_BUSY) {
3026 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
3027 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
3028 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3029 } else if (status == BTA_SYS_CONN_IDLE) {
3030 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
3031
3032 /* get cur_av_count from connected services */
3033 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3034 }
3035 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count,
3036 status);
3037 }
3038
3039 /* Don't adjust roles for each busy/idle state transition to avoid
3040 excessive switch requests when individual profile busy/idle status
3041 changes */
3042 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
3043 bta_dm_adjust_roles(false);
3044 }
3045
3046 /*******************************************************************************
3047 *
3048 * Function bta_dm_delay_role_switch_cback
3049 *
3050 * Description Callback from btm to delay a role switch
3051 *
3052 * Returns void
3053 *
3054 ******************************************************************************/
bta_dm_delay_role_switch_cback(UNUSED_ATTR void * data)3055 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
3056 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
3057 bta_dm_adjust_roles(false);
3058 }
3059
3060 /*******************************************************************************
3061 *
3062 * Function bta_dm_reset_sec_dev_pending
3063 *
3064 * Description Setting the remove device pending status to false from
3065 * security device DB, when the link key notification
3066 * event comes.
3067 *
3068 * Returns void
3069 *
3070 ******************************************************************************/
bta_dm_reset_sec_dev_pending(const RawAddress & remote_bd_addr)3071 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
3072 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
3073 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3074 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
3075 return;
3076 }
3077 }
3078 }
3079
3080 /*******************************************************************************
3081 *
3082 * Function bta_dm_remove_sec_dev_entry
3083 *
3084 * Description Removes device entry from Security device DB if ACL
3085 connection with
3086 * remtoe device does not exist, else schedule for dev entry
3087 removal upon
3088 ACL close
3089 *
3090 * Returns void
3091 *
3092 ******************************************************************************/
bta_dm_remove_sec_dev_entry(const RawAddress & remote_bd_addr)3093 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
3094 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
3095 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
3096 APPL_TRACE_DEBUG(
3097 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
3098 __func__);
3099 BTM_SecClearSecurityFlags(remote_bd_addr);
3100 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
3101 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3102 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
3103 break;
3104 }
3105 }
3106 } else {
3107 // remote_bd_addr comes from security record, which is removed in
3108 // BTM_SecDeleteDevice.
3109 RawAddress addr_copy = remote_bd_addr;
3110 BTM_SecDeleteDevice(addr_copy);
3111 /* need to remove all pending background connection */
3112 BTA_GATTC_CancelOpen(0, addr_copy, false);
3113 /* remove all cached GATT information */
3114 BTA_GATTC_Refresh(addr_copy);
3115 }
3116 }
3117
3118 /*******************************************************************************
3119 *
3120 * Function bta_dm_adjust_roles
3121 *
3122 * Description Adjust roles
3123 *
3124 *
3125 * Returns void
3126 *
3127 ******************************************************************************/
bta_dm_adjust_roles(bool delay_role_switch)3128 static void bta_dm_adjust_roles(bool delay_role_switch) {
3129 uint8_t i;
3130 bool set_master_role = false;
3131 uint8_t br_count =
3132 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count;
3133 if (br_count) {
3134 /* the configuration is no scatternet
3135 * or AV connection exists and there are more than one ACL link */
3136 if ((p_bta_dm_rm_cfg[0].cfg == BTA_DM_NO_SCATTERNET) ||
3137 (bta_dm_cb.cur_av_count && br_count > 1)) {
3138 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3139 set_master_role = true;
3140 }
3141
3142 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3143 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
3144 bta_dm_cb.device_list.peer_device[i].transport ==
3145 BT_TRANSPORT_BR_EDR) {
3146 if (!set_master_role &&
3147 (bta_dm_cb.device_list.peer_device[i].pref_role != BTA_ANY_ROLE) &&
3148 (p_bta_dm_rm_cfg[0].cfg == BTA_DM_PARTIAL_SCATTERNET)) {
3149 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3150 set_master_role = true;
3151 }
3152
3153 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
3154 BTA_MASTER_ROLE_ONLY) ||
3155 (br_count > 1)) {
3156 /* Initiating immediate role switch with certain remote devices
3157 has caused issues due to role switch colliding with link encryption
3158 setup and
3159 causing encryption (and in turn the link) to fail . These device .
3160 Firmware
3161 versions are stored in a blacklist and role switch with these
3162 devices are
3163 delayed to avoid the collision with link encryption setup */
3164
3165 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
3166 BTA_SLAVE_ROLE_ONLY &&
3167 !delay_role_switch) {
3168 BTM_SwitchRole(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
3169 HCI_ROLE_MASTER, NULL);
3170 } else {
3171 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
3172 BTA_DM_SWITCH_DELAY_TIMER_MS,
3173 bta_dm_delay_role_switch_cback, NULL);
3174 }
3175 }
3176 }
3177 }
3178
3179 if (!set_master_role) {
3180 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3181 }
3182
3183 } else {
3184 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3185 }
3186 }
3187
3188 /*******************************************************************************
3189 *
3190 * Function bta_dm_get_remname
3191 *
3192 * Description Returns a pointer to the remote name stored in the DM
3193 * control block if it exists, or from the BTM memory.
3194 *
3195 * Returns char * - Pointer to the remote device name
3196 ******************************************************************************/
bta_dm_get_remname(void)3197 static char* bta_dm_get_remname(void) {
3198 char* p_name = (char*)bta_dm_search_cb.peer_name;
3199 char* p_temp;
3200
3201 /* If the name isn't already stored, try retrieving from BTM */
3202 if (*p_name == '\0') {
3203 p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
3204 if (p_temp != NULL) p_name = p_temp;
3205 }
3206
3207 return p_name;
3208 }
3209
3210 /*******************************************************************************
3211 *
3212 * Function bta_dm_bond_cancel_complete_cback
3213 *
3214 * Description Authentication complete callback from BTM
3215 *
3216 * Returns void
3217 *
3218 ******************************************************************************/
bta_dm_bond_cancel_complete_cback(tBTM_STATUS result)3219 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
3220 tBTA_DM_SEC sec_event;
3221
3222 if (result == BTM_SUCCESS)
3223 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
3224 else
3225 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
3226
3227 if (bta_dm_cb.p_sec_cback) {
3228 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
3229 }
3230 }
3231
3232 /*******************************************************************************
3233 *
3234 * Function find_utf8_char_boundary
3235 *
3236 * Description This function checks a UTF8 string |utf8str| starting at
3237 * |offset|, moving backwards and returns the offset of the
3238 * next valid UTF8 character boundary found.
3239 *
3240 * Returns Offset of UTF8 character boundary
3241 *
3242 ******************************************************************************/
find_utf8_char_boundary(const char * utf8str,size_t offset)3243 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
3244 CHECK(utf8str);
3245 CHECK(offset > 0);
3246
3247 while (--offset) {
3248 uint8_t ch = (uint8_t)utf8str[offset];
3249 if ((ch & 0x80) == 0x00) // ASCII
3250 return offset + 1;
3251 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
3252 return offset;
3253 }
3254
3255 return 0;
3256 }
3257
3258 /*******************************************************************************
3259 *
3260 * Function bta_dm_set_eir
3261 *
3262 * Description This function creates EIR tagged data and writes it to
3263 * controller.
3264 *
3265 * Returns None
3266 *
3267 ******************************************************************************/
bta_dm_set_eir(char * local_name)3268 static void bta_dm_set_eir(char* local_name) {
3269 uint8_t* p;
3270 uint8_t* p_length;
3271 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3272 uint8_t* p_type;
3273 uint8_t max_num_uuid;
3274 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3275 uint8_t custom_uuid_idx;
3276 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
3277 #endif // BTA_EIR_CANNED_UUID_LIST
3278 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
3279 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
3280 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
3281 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
3282 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
3283 uint8_t num_uuid;
3284 uint8_t data_type;
3285 uint8_t local_name_len;
3286
3287 /* wait until complete to disable */
3288 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
3289
3290 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3291 /* if local name is not provided, get it from controller */
3292 if (local_name == NULL) {
3293 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) {
3294 APPL_TRACE_ERROR("Fail to read local device name for EIR");
3295 }
3296 }
3297 #endif // BTA_EIR_CANNED_UUID_LIST
3298
3299 /* Allocate a buffer to hold HCI command */
3300 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
3301 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
3302
3303 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
3304
3305 APPL_TRACE_DEBUG("BTA is generating EIR");
3306
3307 if (local_name)
3308 local_name_len = strlen(local_name);
3309 else
3310 local_name_len = 0;
3311
3312 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3313 /* if local name is longer than minimum length of shortened name */
3314 /* check whether it needs to be shortened or not */
3315 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
3316 /* get number of UUID 16-bit list */
3317 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3318 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3319 #else // BTA_EIR_CANNED_UUID_LIST
3320 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3321 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3322 max_num_uuid, &num_uuid);
3323 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
3324 #endif // BTA_EIR_CANNED_UUID_LIST
3325
3326 /* if UUID doesn't fit remaing space, shorten local name */
3327 if (local_name_len > (free_eir_length - 4 - num_uuid * Uuid::kNumBytes16)) {
3328 local_name_len = find_utf8_char_boundary(
3329 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
3330 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
3331 local_name_len);
3332 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE;
3333 } else {
3334 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3335 }
3336 }
3337
3338 UINT8_TO_STREAM(p, local_name_len + 1);
3339 UINT8_TO_STREAM(p, data_type);
3340
3341 if (local_name != NULL) {
3342 memcpy(p, local_name, local_name_len);
3343 p += local_name_len;
3344 }
3345 free_eir_length -= local_name_len + 2;
3346
3347 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3348 /* if UUID list is provided as static data in configuration */
3349 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
3350 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
3351 if (free_eir_length > Uuid::kNumBytes16 + 2) {
3352 free_eir_length -= 2;
3353
3354 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
3355 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3356 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE;
3357 } else /* not enough room for all UUIDs */
3358 {
3359 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3360 num_uuid = free_eir_length / Uuid::kNumBytes16;
3361 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3362 }
3363 UINT8_TO_STREAM(p, num_uuid * Uuid::kNumBytes16 + 1);
3364 UINT8_TO_STREAM(p, data_type);
3365 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16,
3366 num_uuid * Uuid::kNumBytes16);
3367 p += num_uuid * Uuid::kNumBytes16;
3368 free_eir_length -= num_uuid * Uuid::kNumBytes16;
3369 }
3370 }
3371 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3372 /* if UUID list is dynamic */
3373 if (free_eir_length >= 2) {
3374 p_length = p++;
3375 p_type = p++;
3376 num_uuid = 0;
3377
3378 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3379 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3380 max_num_uuid, &num_uuid);
3381
3382 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) {
3383 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3384 }
3385 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3386 else {
3387 for (custom_uuid_idx = 0;
3388 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3389 custom_uuid_idx++) {
3390 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3391 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes16) {
3392 if (num_uuid < max_num_uuid) {
3393 UINT16_TO_STREAM(p, curr.As16Bit());
3394 num_uuid++;
3395 } else {
3396 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3397 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3398 break;
3399 }
3400 }
3401 }
3402 }
3403 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3404
3405 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes16 + 1);
3406 UINT8_TO_STREAM(p_type, data_type);
3407 free_eir_length -= num_uuid * Uuid::kNumBytes16 + 2;
3408 }
3409 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3410
3411 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3412 /* Adding 32-bit UUID list */
3413 if (free_eir_length >= 2) {
3414 p_length = p++;
3415 p_type = p++;
3416 num_uuid = 0;
3417 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE;
3418
3419 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes32;
3420
3421 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3422 custom_uuid_idx++) {
3423 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3424 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes32) {
3425 if (num_uuid < max_num_uuid) {
3426 UINT32_TO_STREAM(p, curr.As32Bit());
3427 num_uuid++;
3428 } else {
3429 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE;
3430 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3431 break;
3432 }
3433 }
3434 }
3435
3436 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes32 + 1);
3437 UINT8_TO_STREAM(p_type, data_type);
3438 free_eir_length -= num_uuid * Uuid::kNumBytes32 + 2;
3439 }
3440
3441 /* Adding 128-bit UUID list */
3442 if (free_eir_length >= 2) {
3443 p_length = p++;
3444 p_type = p++;
3445 num_uuid = 0;
3446 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE;
3447
3448 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes128;
3449
3450 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3451 custom_uuid_idx++) {
3452 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3453 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes128) {
3454 if (num_uuid < max_num_uuid) {
3455 ARRAY16_TO_STREAM(p, curr.To128BitBE().data());
3456 num_uuid++;
3457 } else {
3458 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE;
3459 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3460 break;
3461 }
3462 }
3463 }
3464
3465 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes128 + 1);
3466 UINT8_TO_STREAM(p_type, data_type);
3467 free_eir_length -= num_uuid * Uuid::kNumBytes128 + 2;
3468 }
3469 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3470 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3471
3472 /* if Flags are provided in configuration */
3473 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3474 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3475 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3476 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3477 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE);
3478 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3479 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3480 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3481 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3482 }
3483
3484 /* if Manufacturer Specific are provided in configuration */
3485 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3486 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3487 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3488 p_length = p;
3489
3490 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3491 UINT8_TO_STREAM(p, BTM_EIR_MANUFACTURER_SPECIFIC_TYPE);
3492 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3493 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3494 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3495 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3496
3497 } else {
3498 p_length = NULL;
3499 }
3500
3501 /* if Inquiry Tx Resp Power compiled */
3502 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3503 UINT8_TO_STREAM(p, 2); /* Length field */
3504 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE);
3505 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3506 free_eir_length -= 3;
3507 }
3508
3509 if (free_eir_length)
3510 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3511
3512 BTM_WriteEIR(p_buf);
3513 }
3514
3515 /*******************************************************************************
3516 *
3517 * Function bta_dm_eir_search_services
3518 *
3519 * Description This function searches services in received EIR
3520 *
3521 * Returns None
3522 *
3523 ******************************************************************************/
bta_dm_eir_search_services(tBTM_INQ_RESULTS * p_result,tBTA_SERVICE_MASK * p_services_to_search,tBTA_SERVICE_MASK * p_services_found)3524 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
3525 tBTA_SERVICE_MASK* p_services_to_search,
3526 tBTA_SERVICE_MASK* p_services_found) {
3527 tBTA_SERVICE_MASK service_index = 0;
3528 tBTM_EIR_SEARCH_RESULT result;
3529
3530 VLOG(1) << "BTA searching services in EIR of BDA:"
3531 << p_result->remote_bd_addr;
3532
3533 APPL_TRACE_DEBUG(" with services_to_search=0x%08X", *p_services_to_search);
3534
3535 /* always do GATT based service discovery by SDP instead of from EIR */
3536 /* if GATT based service is also to be put in EIR, need to modify this */
3537 while (service_index < (BTA_MAX_SERVICE_ID - 1)) {
3538 if (*p_services_to_search &
3539 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))) {
3540 result = BTM_HasInquiryEirService(
3541 p_result, bta_service_id_to_uuid_lkup_tbl[service_index]);
3542
3543 /* Searching for HSP v1.2 only device */
3544 if ((result != BTM_EIR_FOUND) &&
3545 (bta_service_id_to_uuid_lkup_tbl[service_index] ==
3546 UUID_SERVCLASS_HEADSET)) {
3547 result = BTM_HasInquiryEirService(p_result, UUID_SERVCLASS_HEADSET_HS);
3548 }
3549
3550 if (result == BTM_EIR_FOUND) {
3551 /* If Plug and Play service record, need to check to see if Broadcom
3552 * stack */
3553 /* However, EIR data doesn't have EXT_BRCM_VERSION so just skip it */
3554 if (bta_service_id_to_uuid_lkup_tbl[service_index] !=
3555 UUID_SERVCLASS_PNP_INFORMATION) {
3556 *p_services_found |= (tBTA_SERVICE_MASK)(
3557 BTA_SERVICE_ID_TO_SERVICE_MASK(service_index));
3558 /* remove the service from services to be searched */
3559 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3560 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3561 }
3562 } else if (result == BTM_EIR_NOT_FOUND) {
3563 /* remove the service from services to be searched */
3564 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3565 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3566 }
3567 }
3568
3569 service_index++;
3570 }
3571
3572 APPL_TRACE_ERROR(
3573 "BTA EIR search result, services_to_search=0x%08X, services_found=0x%08X",
3574 *p_services_to_search, *p_services_found);
3575 }
3576
3577 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3578 /*******************************************************************************
3579 *
3580 * Function bta_dm_eir_update_uuid
3581 *
3582 * Description This function adds or removes service UUID in EIR database.
3583 *
3584 * Returns None
3585 *
3586 ******************************************************************************/
bta_dm_eir_update_uuid(uint16_t uuid16,bool adding)3587 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3588 /* if this UUID is not advertised in EIR */
3589 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3590
3591 if (adding) {
3592 APPL_TRACE_EVENT("Adding UUID=0x%04X into EIR", uuid16);
3593
3594 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3595 } else {
3596 APPL_TRACE_EVENT("Removing UUID=0x%04X from EIR", uuid16);
3597
3598 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16);
3599 }
3600
3601 bta_dm_set_eir(NULL);
3602
3603 APPL_TRACE_EVENT("bta_dm_eir_update_uuid UUID bit mask=0x%08X %08X",
3604 bta_dm_cb.eir_uuid[1], bta_dm_cb.eir_uuid[0]);
3605 }
3606 #endif
3607
3608 /*******************************************************************************
3609 *
3610 * Function bta_dm_encrypt_cback
3611 *
3612 * Description link encryption complete callback.
3613 *
3614 * Returns None
3615 *
3616 ******************************************************************************/
bta_dm_encrypt_cback(const RawAddress * bd_addr,tBT_TRANSPORT transport,UNUSED_ATTR void * p_ref_data,tBTM_STATUS result)3617 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3618 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3619 tBTA_STATUS bta_status = BTA_SUCCESS;
3620 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL;
3621 uint8_t i;
3622
3623 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3624 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr &&
3625 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3626 break;
3627 }
3628
3629 if (i < bta_dm_cb.device_list.count) {
3630 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback;
3631 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL;
3632 }
3633
3634 switch (result) {
3635 case BTM_SUCCESS:
3636 break;
3637 case BTM_WRONG_MODE:
3638 bta_status = BTA_WRONG_MODE;
3639 break;
3640 case BTM_NO_RESOURCES:
3641 bta_status = BTA_NO_RESOURCES;
3642 break;
3643 case BTM_BUSY:
3644 bta_status = BTA_BUSY;
3645 break;
3646 default:
3647 bta_status = BTA_FAILURE;
3648 break;
3649 }
3650
3651 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x",
3652 bta_status, p_callback);
3653
3654 if (p_callback) {
3655 (*p_callback)(*bd_addr, transport, bta_status);
3656 }
3657 }
3658
3659 /**This function to encrypt the link */
bta_dm_set_encryption(const RawAddress & bd_addr,tBTA_TRANSPORT transport,tBTA_DM_ENCRYPT_CBACK * p_callback,tBTA_DM_BLE_SEC_ACT sec_act)3660 void bta_dm_set_encryption(const RawAddress& bd_addr, tBTA_TRANSPORT transport,
3661 tBTA_DM_ENCRYPT_CBACK* p_callback,
3662 tBTA_DM_BLE_SEC_ACT sec_act) {
3663 uint8_t i;
3664
3665 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo
3666 if (!p_callback) {
3667 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided");
3668 return;
3669 }
3670 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3671 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
3672 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3673 break;
3674 }
3675 if (i < bta_dm_cb.device_list.count) {
3676 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) {
3677 APPL_TRACE_ERROR("earlier enc was not done for same device");
3678 (*p_callback)(bd_addr, transport, BTA_BUSY);
3679 return;
3680 }
3681
3682 if (BTM_SetEncryption(bd_addr, transport, bta_dm_encrypt_cback, NULL,
3683 sec_act) == BTM_CMD_STARTED) {
3684 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = p_callback;
3685 }
3686 }
3687 }
3688
bta_dm_check_if_only_hd_connected(const RawAddress & peer_addr)3689 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3690 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3691
3692 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3693 // Check if profiles other than hid are connected
3694 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3695 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3696 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3697 bta_dm_conn_srvcs.conn_srvc[j].id);
3698 return false;
3699 }
3700 }
3701
3702 return true;
3703 }
3704
3705 /*******************************************************************************
3706 *
3707 * Function bta_dm_observe_results_cb
3708 *
3709 * Description Callback for BLE Observe result
3710 *
3711 *
3712 * Returns void
3713 *
3714 ******************************************************************************/
bta_dm_observe_results_cb(tBTM_INQ_RESULTS * p_inq,uint8_t * p_eir,uint16_t eir_len)3715 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
3716 uint16_t eir_len) {
3717 tBTA_DM_SEARCH result;
3718 tBTM_INQ_INFO* p_inq_info;
3719 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3720
3721 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3722 result.inq_res.rssi = p_inq->rssi;
3723 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3724 result.inq_res.inq_result_type = p_inq->inq_result_type;
3725 result.inq_res.device_type = p_inq->device_type;
3726 result.inq_res.flag = p_inq->flag;
3727 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3728 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3729 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3730 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3731 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3732 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3733
3734 /* application will parse EIR to find out remote device name */
3735 result.inq_res.p_eir = p_eir;
3736 result.inq_res.eir_len = eir_len;
3737
3738 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3739 if (p_inq_info != NULL) {
3740 /* initialize remt_name_not_required to false so that we get the name by
3741 * default */
3742 result.inq_res.remt_name_not_required = false;
3743 }
3744
3745 if (bta_dm_search_cb.p_scan_cback)
3746 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3747
3748 if (p_inq_info) {
3749 /* application indicates if it knows the remote name, inside the callback
3750 copy that to the inquiry data base*/
3751 if (result.inq_res.remt_name_not_required)
3752 p_inq_info->appl_knows_rem_name = true;
3753 }
3754 }
3755
3756 /*******************************************************************************
3757 *
3758 * Function bta_dm_observe_cmpl_cb
3759 *
3760 * Description Callback for BLE Observe complete
3761 *
3762 *
3763 * Returns void
3764 *
3765 ******************************************************************************/
bta_dm_observe_cmpl_cb(void * p_result)3766 static void bta_dm_observe_cmpl_cb(void* p_result) {
3767 tBTA_DM_SEARCH data;
3768
3769 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3770
3771 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3772 if (bta_dm_search_cb.p_scan_cback) {
3773 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3774 }
3775 }
3776
3777 /*******************************************************************************
3778 *
3779 * Function bta_dm_ble_smp_cback
3780 *
3781 * Description Callback for BLE SMP
3782 *
3783 *
3784 * Returns void
3785 *
3786 ******************************************************************************/
bta_dm_ble_smp_cback(tBTM_LE_EVT event,const RawAddress & bda,tBTM_LE_EVT_DATA * p_data)3787 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
3788 tBTM_LE_EVT_DATA* p_data) {
3789 tBTM_STATUS status = BTM_SUCCESS;
3790 tBTA_DM_SEC sec_event;
3791 char* p_name = NULL;
3792
3793 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
3794
3795 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
3796 switch (event) {
3797 case BTM_LE_IO_REQ_EVT:
3798 bta_dm_co_ble_io_req(
3799 bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
3800 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
3801 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
3802 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
3803 p_data->io_req.oob_data);
3804
3805 break;
3806
3807 case BTM_LE_SEC_REQUEST_EVT:
3808 sec_event.ble_req.bd_addr = bda;
3809 p_name = BTM_SecReadDevName(bda);
3810 if (p_name != NULL)
3811 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
3812 else
3813 sec_event.ble_req.bd_name[0] = 0;
3814 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
3815 break;
3816
3817 case BTM_LE_KEY_NOTIF_EVT:
3818 sec_event.key_notif.bd_addr = bda;
3819 p_name = BTM_SecReadDevName(bda);
3820 if (p_name != NULL)
3821 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN);
3822 else
3823 sec_event.key_notif.bd_name[0] = 0;
3824 sec_event.key_notif.passkey = p_data->key_notif;
3825 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
3826 break;
3827
3828 case BTM_LE_KEY_REQ_EVT:
3829 sec_event.ble_req.bd_addr = bda;
3830 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
3831 break;
3832
3833 case BTM_LE_OOB_REQ_EVT:
3834 sec_event.ble_req.bd_addr = bda;
3835 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
3836 break;
3837
3838 case BTM_LE_NC_REQ_EVT:
3839 sec_event.key_notif.bd_addr = bda;
3840 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
3841 (BD_NAME_LEN));
3842 sec_event.key_notif.passkey = p_data->key_notif;
3843 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
3844 break;
3845
3846 case BTM_LE_SC_OOB_REQ_EVT:
3847 sec_event.ble_req.bd_addr = bda;
3848 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
3849 break;
3850
3851 case BTM_LE_KEY_EVT:
3852 sec_event.ble_key.bd_addr = bda;
3853 sec_event.ble_key.key_type = p_data->key.key_type;
3854 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
3855 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
3856 break;
3857
3858 case BTM_LE_COMPLT_EVT:
3859 sec_event.auth_cmpl.bd_addr = bda;
3860 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
3861 &sec_event.auth_cmpl.addr_type);
3862 p_name = BTM_SecReadDevName(bda);
3863 if (p_name != NULL)
3864 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN));
3865 else
3866 sec_event.auth_cmpl.bd_name[0] = 0;
3867
3868 if (p_data->complt.reason != 0) {
3869 sec_event.auth_cmpl.fail_reason =
3870 BTA_DM_AUTH_CONVERT_SMP_CODE(((uint8_t)p_data->complt.reason));
3871
3872 if (btm_sec_is_a_bonded_dev(bda) &&
3873 p_data->complt.reason == SMP_CONN_TOUT) {
3874 // Bonded device failed to encrypt - to test this remove battery from
3875 // HID device right after connection, but before encryption is
3876 // established
3877 LOG(INFO) << __func__
3878 << ": bonded device disconnected when encrypting - no "
3879 "reason to unbond";
3880 } else {
3881 /* delete this device entry from Sec Dev DB */
3882 bta_dm_remove_sec_dev_entry(bda);
3883 }
3884
3885 } else {
3886 sec_event.auth_cmpl.success = true;
3887 if (!p_data->complt.smp_over_br)
3888 GATT_ConfigServiceChangeCCC(bda, true, BT_TRANSPORT_LE);
3889 }
3890
3891 if (bta_dm_cb.p_sec_cback) {
3892 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
3893 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
3894 }
3895 break;
3896
3897 default:
3898 status = BTM_NOT_AUTHORIZED;
3899 break;
3900 }
3901 return status;
3902 }
3903
3904 /*******************************************************************************
3905 *
3906 * Function bta_dm_ble_id_key_cback
3907 *
3908 * Description Callback for BLE local ID keys
3909 *
3910 *
3911 * Returns void
3912 *
3913 ******************************************************************************/
bta_dm_ble_id_key_cback(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)3914 static void bta_dm_ble_id_key_cback(uint8_t key_type,
3915 tBTM_BLE_LOCAL_KEYS* p_key) {
3916 uint8_t evt;
3917 tBTA_DM_SEC dm_key;
3918
3919 switch (key_type) {
3920 case BTM_BLE_KEY_TYPE_ID:
3921 case BTM_BLE_KEY_TYPE_ER:
3922 if (bta_dm_cb.p_sec_cback) {
3923 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
3924
3925 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT
3926 : BTA_DM_BLE_LOCAL_ER_EVT;
3927 bta_dm_cb.p_sec_cback(evt, &dm_key);
3928 }
3929 break;
3930
3931 default:
3932 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
3933 break;
3934 }
3935 return;
3936 }
3937
3938 /*******************************************************************************
3939 *
3940 * Function bta_dm_add_blekey
3941 *
3942 * Description This function adds an BLE Key to an security database entry.
3943 * This function shall only be called AFTER BTA_DmAddBleDevice
3944 * has been called.
3945 * It is normally called during host startup to restore all
3946 * required information stored in the NVRAM.
3947 *
3948 * Parameters:
3949 *
3950 ******************************************************************************/
bta_dm_add_blekey(const RawAddress & bd_addr,tBTA_LE_KEY_VALUE blekey,tBTA_LE_KEY_TYPE key_type)3951 void bta_dm_add_blekey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE blekey,
3952 tBTA_LE_KEY_TYPE key_type) {
3953 if (!BTM_SecAddBleKey(bd_addr, (tBTM_LE_KEY_VALUE*)&blekey, key_type)) {
3954 LOG(ERROR) << "BTA_DM: Error adding BLE Key for device " << bd_addr;
3955 }
3956 }
3957
3958 /*******************************************************************************
3959 *
3960 * Function bta_dm_add_ble_device
3961 *
3962 * Description This function adds an BLE device to an security database
3963 * entry.
3964 * It is normally called during host startup to restore all
3965 * required information stored in the NVRAM.
3966 *
3967 * Parameters:
3968 *
3969 ******************************************************************************/
bta_dm_add_ble_device(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_DEVICE_TYPE dev_type)3970 void bta_dm_add_ble_device(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
3971 tBT_DEVICE_TYPE dev_type) {
3972 if (!BTM_SecAddBleDevice(bd_addr, NULL, dev_type, addr_type)) {
3973 LOG(ERROR) << "BTA_DM: Error adding BLE Device for device " << bd_addr;
3974 }
3975 }
3976
3977 /*******************************************************************************
3978 *
3979 * Function bta_dm_add_ble_device
3980 *
3981 * Description This function adds an BLE device to an security database
3982 * entry.
3983 * It is normally called during host startup to restore all
3984 * required information stored in the NVRAM.
3985 *
3986 * Parameters:
3987 *
3988 ******************************************************************************/
bta_dm_ble_passkey_reply(const RawAddress & bd_addr,bool accept,uint32_t passkey)3989 void bta_dm_ble_passkey_reply(const RawAddress& bd_addr, bool accept,
3990 uint32_t passkey) {
3991 BTM_BlePasskeyReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
3992 passkey);
3993 }
3994
3995 /** This is response to SM numeric comparison request submitted to application.
3996 */
bta_dm_ble_confirm_reply(const RawAddress & bd_addr,bool accept)3997 void bta_dm_ble_confirm_reply(const RawAddress& bd_addr, bool accept) {
3998 BTM_BleConfirmReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED);
3999 }
4000
4001 /** This function set the preferred connection parameters */
bta_dm_ble_set_conn_params(const RawAddress & bd_addr,uint16_t conn_int_min,uint16_t conn_int_max,uint16_t slave_latency,uint16_t supervision_tout)4002 void bta_dm_ble_set_conn_params(const RawAddress& bd_addr,
4003 uint16_t conn_int_min, uint16_t conn_int_max,
4004 uint16_t slave_latency,
4005 uint16_t supervision_tout) {
4006 L2CA_AdjustConnectionIntervals(&conn_int_min, &conn_int_max,
4007 BTM_BLE_CONN_INT_MIN);
4008
4009 BTM_BleSetPrefConnParams(bd_addr, conn_int_min, conn_int_max, slave_latency,
4010 supervision_tout);
4011 }
4012
4013 /** This function update LE connection parameters */
bta_dm_ble_update_conn_params(const RawAddress & bd_addr,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)4014 void bta_dm_ble_update_conn_params(const RawAddress& bd_addr, uint16_t min_int,
4015 uint16_t max_int, uint16_t latency,
4016 uint16_t timeout, uint16_t min_ce_len,
4017 uint16_t max_ce_len) {
4018 L2CA_AdjustConnectionIntervals(&min_int, &max_int, BTM_BLE_CONN_INT_MIN);
4019
4020 if (!L2CA_UpdateBleConnParams(bd_addr, min_int, max_int, latency, timeout,
4021 min_ce_len, max_ce_len)) {
4022 APPL_TRACE_ERROR("Update connection parameters failed!");
4023 }
4024 }
4025
4026 #if (BLE_PRIVACY_SPT == TRUE)
4027 /** This function set the local device LE privacy settings. */
bta_dm_ble_config_local_privacy(bool privacy_enable)4028 void bta_dm_ble_config_local_privacy(bool privacy_enable) {
4029 BTM_BleConfigPrivacy(privacy_enable);
4030 }
4031 #endif
4032
bta_dm_ble_observe(bool start,uint8_t duration,tBTA_DM_SEARCH_CBACK * p_cback)4033 void bta_dm_ble_observe(bool start, uint8_t duration,
4034 tBTA_DM_SEARCH_CBACK* p_cback) {
4035 if (!start) {
4036 bta_dm_search_cb.p_scan_cback = NULL;
4037 BTM_BleObserve(false, 0, NULL, NULL);
4038 return;
4039 }
4040
4041 /*Save the callback to be called when a scan results are available */
4042 bta_dm_search_cb.p_scan_cback = p_cback;
4043 tBTM_STATUS status = BTM_BleObserve(true, duration, bta_dm_observe_results_cb,
4044 bta_dm_observe_cmpl_cb);
4045 if (status != BTM_CMD_STARTED) {
4046 tBTA_DM_SEARCH data;
4047 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
4048 status);
4049 data.inq_cmpl.num_resps = 0;
4050 if (bta_dm_search_cb.p_scan_cback) {
4051 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
4052 }
4053 }
4054 }
4055
4056 /** This function set the maximum transmission packet size */
bta_dm_ble_set_data_length(const RawAddress & bd_addr,uint16_t tx_data_length)4057 void bta_dm_ble_set_data_length(const RawAddress& bd_addr,
4058 uint16_t tx_data_length) {
4059 if (BTM_SetBleDataLength(bd_addr, tx_data_length) != BTM_SUCCESS) {
4060 APPL_TRACE_ERROR("%s failed", __func__);
4061 }
4062 }
4063
4064 /*******************************************************************************
4065 *
4066 * Function bta_ble_enable_scan_cmpl
4067 *
4068 * Description ADV payload filtering enable / disable complete callback
4069 *
4070 *
4071 * Returns None
4072 *
4073 ******************************************************************************/
bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTM_STATUS status)4074 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
4075 tBTM_BLE_RX_TIME_MS rx_time,
4076 tBTM_BLE_IDLE_TIME_MS idle_time,
4077 tBTM_BLE_ENERGY_USED energy_used,
4078 tBTM_STATUS status) {
4079 tBTA_STATUS st = (status == BTM_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4080 tBTA_DM_CONTRL_STATE ctrl_state = 0;
4081
4082 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
4083
4084 if (bta_dm_cb.p_energy_info_cback)
4085 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
4086 ctrl_state, st);
4087 }
4088
4089 /** This function obtains the energy info */
bta_dm_ble_get_energy_info(tBTA_BLE_ENERGY_INFO_CBACK * p_energy_info_cback)4090 void bta_dm_ble_get_energy_info(
4091 tBTA_BLE_ENERGY_INFO_CBACK* p_energy_info_cback) {
4092 bta_dm_cb.p_energy_info_cback = p_energy_info_cback;
4093 tBTM_STATUS btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
4094 if (BTM_CMD_STARTED != btm_status)
4095 bta_ble_energy_info_cmpl(0, 0, 0, 0, btm_status);
4096 }
4097
4098 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
4099 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
4100 #endif
4101
4102 /*******************************************************************************
4103 *
4104 * Function bta_dm_gattc_register
4105 *
4106 * Description Register with GATTC in DM if BLE is needed.
4107 *
4108 *
4109 * Returns void
4110 *
4111 ******************************************************************************/
bta_dm_gattc_register(void)4112 static void bta_dm_gattc_register(void) {
4113 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
4114 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
4115 base::Bind([](uint8_t client_id, uint8_t status) {
4116 if (status == GATT_SUCCESS)
4117 bta_dm_search_cb.client_if = client_id;
4118 else
4119 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
4120
4121 }));
4122 }
4123 }
4124
4125 /*******************************************************************************
4126 *
4127 * Function btm_dm_start_disc_gatt_services
4128 *
4129 * Description This function starts a GATT service search request.
4130 *
4131 * Parameters:
4132 *
4133 ******************************************************************************/
btm_dm_start_disc_gatt_services(uint16_t conn_id)4134 static void btm_dm_start_disc_gatt_services(uint16_t conn_id) {
4135 Uuid* p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4136 bta_dm_search_cb.uuid_to_search;
4137
4138 /* always search for all services */
4139 BTA_GATTC_ServiceSearchRequest(conn_id, p_uuid);
4140 }
4141
4142 /*******************************************************************************
4143 *
4144 * Function bta_dm_gatt_disc_result
4145 *
4146 * Description This function process the GATT service search result.
4147 *
4148 * Parameters:
4149 *
4150 ******************************************************************************/
bta_dm_gatt_disc_result(tBTA_GATT_ID service_id)4151 static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) {
4152 tBTA_DM_SEARCH result;
4153
4154 /*
4155 * This logic will not work for gatt case. We are checking against the
4156 * bluetooth profiles here
4157 * just copy the GATTID in raw data field and send it across.
4158 */
4159
4160 if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) <
4161 bta_dm_search_cb.ble_raw_size) {
4162 APPL_TRACE_DEBUG(
4163 "ADDING BLE SERVICE uuid=%s, ble_ptr = 0x%x, ble_raw_used = 0x%x",
4164 service_id.uuid.ToString().c_str(), bta_dm_search_cb.p_ble_rawdata,
4165 bta_dm_search_cb.ble_raw_used);
4166
4167 if (bta_dm_search_cb.p_ble_rawdata) {
4168 // TODO(jpawlowski): the p_ble_raw data is only sent to btif_dm.cc, but is
4169 // never used there. Get rid of this code completly, or implement the
4170 // TODOs from btif_dm.cc
4171 memcpy((bta_dm_search_cb.p_ble_rawdata + bta_dm_search_cb.ble_raw_used),
4172 &service_id, sizeof(service_id));
4173
4174 bta_dm_search_cb.ble_raw_used += sizeof(service_id);
4175 } else {
4176 APPL_TRACE_ERROR("p_ble_rawdata is NULL");
4177 }
4178
4179 } else {
4180 APPL_TRACE_ERROR(
4181 "%s out of room to accomodate more service ids ble_raw_size = %d "
4182 "ble_raw_used = %d",
4183 __func__, bta_dm_search_cb.ble_raw_size, bta_dm_search_cb.ble_raw_used);
4184 }
4185
4186 LOG_INFO("%s service_id_uuid_len=%zu", __func__,
4187 service_id.uuid.GetShortestRepresentationSize());
4188 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) {
4189 /* send result back to app now, one by one */
4190 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4191 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
4192 BD_NAME_LEN);
4193 result.disc_ble_res.service = service_id.uuid;
4194
4195 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
4196 }
4197 }
4198
4199 /*******************************************************************************
4200 *
4201 * Function bta_dm_gatt_disc_complete
4202 *
4203 * Description This function process the GATT service search complete.
4204 *
4205 * Parameters:
4206 *
4207 ******************************************************************************/
bta_dm_gatt_disc_complete(uint16_t conn_id,tGATT_STATUS status)4208 static void bta_dm_gatt_disc_complete(uint16_t conn_id, tGATT_STATUS status) {
4209 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
4210
4211 if (bta_dm_search_cb.uuid_to_search > 0) bta_dm_search_cb.uuid_to_search--;
4212
4213 if (status == GATT_SUCCESS && bta_dm_search_cb.uuid_to_search > 0) {
4214 btm_dm_start_disc_gatt_services(conn_id);
4215 } else {
4216 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4217
4218 bta_dm_search_cb.uuid_to_search = 0;
4219
4220 /* no more services to be discovered */
4221 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
4222 p_msg->disc_result.result.disc_res.result =
4223 (status == GATT_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4224 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
4225 bta_dm_search_cb.services_found);
4226 p_msg->disc_result.result.disc_res.services =
4227 bta_dm_search_cb.services_found;
4228 p_msg->disc_result.result.disc_res.num_uuids = 0;
4229 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
4230 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4231 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
4232 bta_dm_get_remname(), BD_NAME_LEN);
4233
4234 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
4235 if (bta_dm_search_cb.ble_raw_used > 0) {
4236 p_msg->disc_result.result.disc_res.p_raw_data =
4237 (uint8_t*)osi_malloc(bta_dm_search_cb.ble_raw_used);
4238
4239 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
4240 bta_dm_search_cb.p_ble_rawdata, bta_dm_search_cb.ble_raw_used);
4241
4242 p_msg->disc_result.result.disc_res.raw_data_size =
4243 bta_dm_search_cb.ble_raw_used;
4244 } else {
4245 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
4246 bta_dm_search_cb.p_ble_rawdata = 0;
4247 }
4248
4249 bta_sys_sendmsg(p_msg);
4250
4251 if (conn_id != GATT_INVALID_CONN_ID) {
4252 /* start a GATT channel close delay timer */
4253 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
4254 BTA_DM_GATT_CLOSE_DELAY_TOUT,
4255 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
4256 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
4257 }
4258 bta_dm_search_cb.gatt_disc_active = false;
4259 }
4260 }
4261
4262 /*******************************************************************************
4263 *
4264 * Function bta_dm_close_gatt_conn
4265 *
4266 * Description This function close the GATT connection after delay
4267 *timeout.
4268 *
4269 * Parameters:
4270 *
4271 ******************************************************************************/
bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG * p_data)4272 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
4273 if (bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID)
4274 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
4275
4276 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4277 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
4278 }
4279 /*******************************************************************************
4280 *
4281 * Function btm_dm_start_gatt_discovery
4282 *
4283 * Description This is GATT initiate the service search by open a GATT
4284 * connection first.
4285 *
4286 * Parameters:
4287 *
4288 ******************************************************************************/
btm_dm_start_gatt_discovery(const RawAddress & bd_addr)4289 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
4290 bta_dm_search_cb.gatt_disc_active = true;
4291
4292 /* connection is already open */
4293 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
4294 bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID) {
4295 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4296 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
4297 btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id);
4298 } else {
4299 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
4300 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4301 GATT_TRANSPORT_LE, true);
4302 } else {
4303 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4304 GATT_TRANSPORT_LE, false);
4305 }
4306 }
4307 }
4308
4309 /*******************************************************************************
4310 *
4311 * Function bta_dm_cancel_gatt_discovery
4312 *
4313 * Description This is GATT cancel the GATT service search.
4314 *
4315 * Parameters:
4316 *
4317 ******************************************************************************/
bta_dm_cancel_gatt_discovery(const RawAddress & bd_addr)4318 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) {
4319 if (bta_dm_search_cb.conn_id == GATT_INVALID_CONN_ID) {
4320 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true);
4321 }
4322
4323 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id, (tGATT_STATUS)GATT_ERROR);
4324 }
4325
4326 /*******************************************************************************
4327 *
4328 * Function bta_dm_proc_open_evt
4329 *
4330 * Description process BTA_GATTC_OPEN_EVT in DM.
4331 *
4332 * Parameters:
4333 *
4334 ******************************************************************************/
bta_dm_proc_open_evt(tBTA_GATTC_OPEN * p_data)4335 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
4336 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
4337 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
4338 << " connected_bda=" << p_data->remote_bda.address;
4339
4340 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
4341 p_data->conn_id, p_data->client_if, p_data->status);
4342
4343 bta_dm_search_cb.conn_id = p_data->conn_id;
4344
4345 if (p_data->status == GATT_SUCCESS) {
4346 btm_dm_start_disc_gatt_services(p_data->conn_id);
4347 } else {
4348 bta_dm_gatt_disc_complete(GATT_INVALID_CONN_ID, p_data->status);
4349 }
4350 }
4351
4352 /*******************************************************************************
4353 *
4354 * Function bta_dm_gattc_callback
4355 *
4356 * Description This is GATT client callback function used in DM.
4357 *
4358 * Parameters:
4359 *
4360 ******************************************************************************/
bta_dm_gattc_callback(tBTA_GATTC_EVT event,tBTA_GATTC * p_data)4361 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
4362 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
4363
4364 switch (event) {
4365 case BTA_GATTC_OPEN_EVT:
4366 bta_dm_proc_open_evt(&p_data->open);
4367 break;
4368
4369 case BTA_GATTC_SEARCH_RES_EVT:
4370 bta_dm_gatt_disc_result(p_data->srvc_res.service_uuid);
4371 break;
4372
4373 case BTA_GATTC_SEARCH_CMPL_EVT:
4374 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
4375 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
4376 p_data->search_cmpl.status);
4377 break;
4378
4379 case BTA_GATTC_CLOSE_EVT:
4380 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
4381 /* in case of disconnect before search is completed */
4382 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
4383 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
4384 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
4385 bta_dm_gatt_disc_complete((uint16_t)GATT_INVALID_CONN_ID,
4386 (tGATT_STATUS)GATT_ERROR);
4387 }
4388 break;
4389
4390 default:
4391 break;
4392 }
4393 }
4394
4395 #if (BLE_VND_INCLUDED == TRUE)
4396 /*******************************************************************************
4397 *
4398 * Function bta_dm_ctrl_features_rd_cmpl_cback
4399 *
4400 * Description callback to handle controller feature read complete
4401 *
4402 * Parameters:
4403 *
4404 ******************************************************************************/
bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result)4405 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result) {
4406 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
4407 if (result == BTM_SUCCESS) {
4408 if (bta_dm_cb.p_sec_cback)
4409 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
4410 } else {
4411 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
4412 result);
4413 }
4414 }
4415 #endif /* BLE_VND_INCLUDED */
4416