1 /******************************************************************************
2 *
3 * Copyright 2005-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18 #include <string.h>
19
20 #include "bt_target.h"
21 #if (BTA_HH_INCLUDED == TRUE)
22
23 #include "bta_hh_int.h"
24 #include "btif/include/btif_storage.h"
25 #include "device/include/interop.h"
26 #include "osi/include/osi.h"
27
28 /* if SSR max latency is not defined by remote device, set the default value
29 as half of the link supervision timeout */
30 #define BTA_HH_GET_DEF_SSR_MAX_LAT(x) ((x) >> 1)
31
32 /*****************************************************************************
33 * Constants
34 ****************************************************************************/
35 #define BTA_HH_KB_CTRL_MASK 0x11
36 #define BTA_HH_KB_SHIFT_MASK 0x22
37 #define BTA_HH_KB_ALT_MASK 0x44
38 #define BTA_HH_KB_GUI_MASK 0x88
39
40 #define BTA_HH_KB_CAPS_LOCK 0x39 /* caps lock */
41 #define BTA_HH_KB_NUM_LOCK 0x53 /* num lock */
42
43 #define BTA_HH_MAX_RPT_CHARS 8
44
45 static const uint8_t bta_hh_mod_key_mask[BTA_HH_MOD_MAX_KEY] = {
46 BTA_HH_KB_CTRL_MASK, BTA_HH_KB_SHIFT_MASK, BTA_HH_KB_ALT_MASK,
47 BTA_HH_KB_GUI_MASK};
48
49 /*******************************************************************************
50 *
51 * Function bta_hh_find_cb
52 *
53 * Description Find best available control block according to BD address.
54 *
55 *
56 * Returns void
57 *
58 ******************************************************************************/
bta_hh_find_cb(const RawAddress & bda)59 uint8_t bta_hh_find_cb(const RawAddress& bda) {
60 uint8_t xx;
61
62 /* See how many active devices there are. */
63 for (xx = 0; xx < BTA_HH_MAX_DEVICE; xx++) {
64 /* check if any active/known devices is a match */
65 if ((bda == bta_hh_cb.kdev[xx].addr && !bda.IsEmpty())) {
66 #if (BTA_HH_DEBUG == TRUE)
67 APPL_TRACE_DEBUG("found kdev_cb[%d] hid_handle = %d ", xx,
68 bta_hh_cb.kdev[xx].hid_handle)
69 #endif
70 return xx;
71 }
72 #if (BTA_HH_DEBUG == TRUE)
73 else
74 APPL_TRACE_DEBUG("in_use ? [%d] kdev[%d].hid_handle = %d state = [%d]",
75 bta_hh_cb.kdev[xx].in_use, xx,
76 bta_hh_cb.kdev[xx].hid_handle, bta_hh_cb.kdev[xx].state);
77 #endif
78 }
79
80 /* if no active device match, find a spot for it */
81 for (xx = 0; xx < BTA_HH_MAX_DEVICE; xx++) {
82 if (!bta_hh_cb.kdev[xx].in_use) {
83 bta_hh_cb.kdev[xx].addr = bda;
84 break;
85 }
86 }
87 /* If device list full, report BTA_HH_IDX_INVALID */
88 #if (BTA_HH_DEBUG == TRUE)
89 APPL_TRACE_DEBUG("bta_hh_find_cb:: index = %d while max = %d", xx,
90 BTA_HH_MAX_DEVICE);
91 #endif
92
93 if (xx == BTA_HH_MAX_DEVICE) xx = BTA_HH_IDX_INVALID;
94
95 return xx;
96 }
97
98 /*******************************************************************************
99 *
100 * Function bta_hh_clean_up_kdev
101 *
102 * Description Clean up device control block when device is removed from
103 * manitainace list, and update control block index map.
104 *
105 * Returns void
106 *
107 ******************************************************************************/
bta_hh_clean_up_kdev(tBTA_HH_DEV_CB * p_cb)108 void bta_hh_clean_up_kdev(tBTA_HH_DEV_CB* p_cb) {
109 uint8_t index;
110
111 if (p_cb->hid_handle != BTA_HH_INVALID_HANDLE) {
112 #if (BTA_HH_LE_INCLUDED == TRUE)
113 if (p_cb->is_le_device)
114 bta_hh_cb.le_cb_index[BTA_HH_GET_LE_CB_IDX(p_cb->hid_handle)] =
115 BTA_HH_IDX_INVALID;
116 else
117 #endif
118 bta_hh_cb.cb_index[p_cb->hid_handle] = BTA_HH_IDX_INVALID;
119 }
120
121 /* reset device control block */
122 index = p_cb->index; /* Preserve index for this control block */
123
124 /* Free buffer for report descriptor info */
125 osi_free_and_reset((void**)&p_cb->dscp_info.descriptor.dsc_list);
126
127 memset(p_cb, 0, sizeof(tBTA_HH_DEV_CB)); /* Reset control block */
128
129 p_cb->index = index; /* Restore index for this control block */
130 p_cb->state = BTA_HH_IDLE_ST;
131 p_cb->hid_handle = BTA_HH_INVALID_HANDLE;
132 }
133 /*******************************************************************************
134 *
135 * Function bta_hh_update_di_info
136 *
137 * Description Maintain a known device list for BTA HH.
138 *
139 * Returns void
140 *
141 ******************************************************************************/
bta_hh_update_di_info(tBTA_HH_DEV_CB * p_cb,uint16_t vendor_id,uint16_t product_id,uint16_t version,uint8_t flag)142 void bta_hh_update_di_info(tBTA_HH_DEV_CB* p_cb, uint16_t vendor_id,
143 uint16_t product_id, uint16_t version,
144 #if (BTA_HH_LE_INCLUDED == TRUE)
145 uint8_t flag)
146 #else
147 UNUSED_ATTR uint8_t flag)
148 #endif
149 {
150 #if (BTA_HH_DEBUG == TRUE)
151 APPL_TRACE_DEBUG("vendor_id = 0x%2x product_id = 0x%2x version = 0x%2x",
152 vendor_id, product_id, version);
153 #endif
154 p_cb->dscp_info.vendor_id = vendor_id;
155 p_cb->dscp_info.product_id = product_id;
156 p_cb->dscp_info.version = version;
157 #if (BTA_HH_LE_INCLUDED == TRUE)
158 p_cb->dscp_info.flag = flag;
159 #endif
160 }
161 /*******************************************************************************
162 *
163 * Function bta_hh_add_device_to_list
164 *
165 * Description Maintain a known device list for BTA HH.
166 *
167 * Returns void
168 *
169 ******************************************************************************/
bta_hh_add_device_to_list(tBTA_HH_DEV_CB * p_cb,uint8_t handle,uint16_t attr_mask,tHID_DEV_DSCP_INFO * p_dscp_info,uint8_t sub_class,uint16_t ssr_max_latency,uint16_t ssr_min_tout,uint8_t app_id)170 void bta_hh_add_device_to_list(tBTA_HH_DEV_CB* p_cb, uint8_t handle,
171 uint16_t attr_mask,
172 tHID_DEV_DSCP_INFO* p_dscp_info,
173 uint8_t sub_class, uint16_t ssr_max_latency,
174 uint16_t ssr_min_tout, uint8_t app_id) {
175 #if (BTA_HH_DEBUG == TRUE)
176 APPL_TRACE_DEBUG("subclass = 0x%2x", sub_class);
177 #endif
178
179 p_cb->hid_handle = handle;
180 p_cb->in_use = true;
181 p_cb->attr_mask = attr_mask;
182
183 p_cb->sub_class = sub_class;
184 p_cb->app_id = app_id;
185
186 p_cb->dscp_info.ssr_max_latency = ssr_max_latency;
187 p_cb->dscp_info.ssr_min_tout = ssr_min_tout;
188
189 /* store report descriptor info */
190 if (p_dscp_info) {
191 osi_free_and_reset((void**)&p_cb->dscp_info.descriptor.dsc_list);
192
193 if (p_dscp_info->dl_len) {
194 p_cb->dscp_info.descriptor.dsc_list =
195 (uint8_t*)osi_malloc(p_dscp_info->dl_len);
196 p_cb->dscp_info.descriptor.dl_len = p_dscp_info->dl_len;
197 memcpy(p_cb->dscp_info.descriptor.dsc_list, p_dscp_info->dsc_list,
198 p_dscp_info->dl_len);
199 }
200 }
201 }
202
203 /*******************************************************************************
204 *
205 * Function bta_hh_tod_spt
206 *
207 * Description Check to see if this type of device is supported
208 *
209 * Returns
210 *
211 ******************************************************************************/
bta_hh_tod_spt(tBTA_HH_DEV_CB * p_cb,uint8_t sub_class)212 bool bta_hh_tod_spt(tBTA_HH_DEV_CB* p_cb, uint8_t sub_class) {
213 uint8_t xx;
214 uint8_t cod = (sub_class >> 2); /* lower two bits are reserved */
215
216 for (xx = 0; xx < p_bta_hh_cfg->max_devt_spt; xx++) {
217 if (cod == (uint8_t)p_bta_hh_cfg->p_devt_list[xx].tod) {
218 p_cb->app_id = p_bta_hh_cfg->p_devt_list[xx].app_id;
219 #if (BTA_HH_DEBUG == TRUE)
220 APPL_TRACE_EVENT("bta_hh_tod_spt sub_class:0x%x supported", sub_class);
221 #endif
222 return true;
223 }
224 }
225 #if (BTA_HH_DEBUG == TRUE)
226 APPL_TRACE_EVENT("bta_hh_tod_spt sub_class:0x%x NOT supported", sub_class);
227 #endif
228 return false;
229 }
230
231 /*******************************************************************************
232 *
233 * Function bta_hh_parse_keybd_rpt
234 *
235 * Description This utility function parse a boot mode keyboard report.
236 *
237 * Returns void
238 *
239 ******************************************************************************/
bta_hh_parse_keybd_rpt(tBTA_HH_BOOT_RPT * p_kb_data,uint8_t * p_report,uint16_t report_len)240 void bta_hh_parse_keybd_rpt(tBTA_HH_BOOT_RPT* p_kb_data, uint8_t* p_report,
241 uint16_t report_len) {
242 tBTA_HH_KB_CB* p_kb = &bta_hh_cb.kb_cb;
243 tBTA_HH_KEYBD_RPT* p_data = &p_kb_data->data_rpt.keybd_rpt;
244
245 uint8_t this_char, ctl_shift;
246 uint16_t xx, yy, key_idx = 0;
247 uint8_t this_report[BTA_HH_MAX_RPT_CHARS];
248
249 #if (BTA_HH_DEBUG == TRUE)
250 APPL_TRACE_DEBUG("bta_hh_parse_keybd_rpt: (report=%p, report_len=%d) called",
251 p_report, report_len);
252 #endif
253
254 if (report_len < 2) return;
255
256 ctl_shift = *p_report++;
257 report_len--;
258
259 if (report_len > BTA_HH_MAX_RPT_CHARS) report_len = BTA_HH_MAX_RPT_CHARS;
260
261 memset(this_report, 0, BTA_HH_MAX_RPT_CHARS);
262 memset(p_data, 0, sizeof(tBTA_HH_KEYBD_RPT));
263 memcpy(this_report, p_report, report_len);
264
265 /* Take care of shift, control, GUI and alt, modifier keys */
266 for (xx = 0; xx < BTA_HH_MOD_MAX_KEY; xx++) {
267 if (ctl_shift & bta_hh_mod_key_mask[xx]) {
268 APPL_TRACE_DEBUG("Mod Key[%02x] pressed", bta_hh_mod_key_mask[xx]);
269 p_kb->mod_key[xx] = true;
270 } else if (p_kb->mod_key[xx]) {
271 p_kb->mod_key[xx] = false;
272 }
273 /* control key flag is set */
274 p_data->mod_key[xx] = p_kb->mod_key[xx];
275 }
276
277 /***************************************************************************/
278 /* First step is to remove all characters we saw in the last report */
279 /***************************************************************************/
280 for (xx = 0; xx < report_len; xx++) {
281 for (yy = 0; yy < BTA_HH_MAX_RPT_CHARS; yy++) {
282 if (this_report[xx] == p_kb->last_report[yy]) {
283 this_report[xx] = 0;
284 }
285 }
286 }
287 /***************************************************************************/
288 /* Now, process all the characters in the report, up to 6 keycodes */
289 /***************************************************************************/
290 for (xx = 0; xx < report_len; xx++) {
291 #if (BTA_HH_DEBUG == TRUE)
292 APPL_TRACE_DEBUG("this_char = %02x", this_report[xx]);
293 #endif
294 this_char = this_report[xx];
295 if (this_char == 0) continue;
296 /* take the key code as the report data */
297 if (this_report[xx] == BTA_HH_KB_CAPS_LOCK)
298 p_kb->caps_lock = p_kb->caps_lock ? false : true;
299 else if (this_report[xx] == BTA_HH_KB_NUM_LOCK)
300 p_kb->num_lock = p_kb->num_lock ? false : true;
301 else
302 p_data->this_char[key_idx++] = this_char;
303
304 #if (BTA_HH_DEBUG == TRUE)
305 APPL_TRACE_DEBUG("found keycode %02x ", this_report[xx]);
306 #endif
307 p_data->caps_lock = p_kb->caps_lock;
308 p_data->num_lock = p_kb->num_lock;
309 }
310
311 memset(p_kb->last_report, 0, BTA_HH_MAX_RPT_CHARS);
312 memcpy(p_kb->last_report, p_report, report_len);
313
314 return;
315 }
316
317 /*******************************************************************************
318 *
319 * Function bta_hh_parse_mice_rpt
320 *
321 * Description This utility function parse a boot mode mouse report.
322 *
323 * Returns void
324 *
325 ******************************************************************************/
bta_hh_parse_mice_rpt(tBTA_HH_BOOT_RPT * p_mice_data,uint8_t * p_report,uint16_t report_len)326 void bta_hh_parse_mice_rpt(tBTA_HH_BOOT_RPT* p_mice_data, uint8_t* p_report,
327 uint16_t report_len) {
328 tBTA_HH_MICE_RPT* p_data = &p_mice_data->data_rpt.mice_rpt;
329 #if (BTA_HH_DEBUG == TRUE)
330 uint8_t xx;
331
332 APPL_TRACE_DEBUG(
333 "bta_hh_parse_mice_rpt: bta_keybd_rpt_rcvd(report=%p, \
334 report_len=%d) called",
335 p_report, report_len);
336 #endif
337
338 if (report_len < 3) return;
339
340 if (report_len > BTA_HH_MAX_RPT_CHARS) report_len = BTA_HH_MAX_RPT_CHARS;
341
342 #if (BTA_HH_DEBUG == TRUE)
343 for (xx = 0; xx < report_len; xx++) {
344 APPL_TRACE_DEBUG("this_char = %02x", p_report[xx]);
345 }
346 #endif
347
348 /* only first bytes lower 3 bits valid */
349 p_data->mouse_button = (p_report[0] & 0x07);
350
351 /* x displacement */
352 p_data->delta_x = p_report[1];
353
354 /* y displacement */
355 p_data->delta_y = p_report[2];
356
357 #if (BTA_HH_DEBUG == TRUE)
358 APPL_TRACE_DEBUG("mice button: 0x%2x", p_data->mouse_button);
359 APPL_TRACE_DEBUG("mice move: x = %d y = %d", p_data->delta_x,
360 p_data->delta_y);
361 #endif
362
363 return;
364 }
365
366 /*******************************************************************************
367 *
368 * Function bta_hh_read_ssr_param
369 *
370 * Description Read the SSR Parameter for the remote device
371 *
372 * Returns tBTA_HH_STATUS operation status
373 *
374 ******************************************************************************/
bta_hh_read_ssr_param(const RawAddress & bd_addr,uint16_t * p_max_ssr_lat,uint16_t * p_min_ssr_tout)375 tBTA_HH_STATUS bta_hh_read_ssr_param(const RawAddress& bd_addr,
376 uint16_t* p_max_ssr_lat,
377 uint16_t* p_min_ssr_tout) {
378 tBTA_HH_STATUS status = BTA_HH_ERR;
379 tBTA_HH_CB* p_cb = &bta_hh_cb;
380 uint8_t i;
381 uint16_t ssr_max_latency;
382 for (i = 0; i < BTA_HH_MAX_KNOWN; i++) {
383 if (p_cb->kdev[i].addr == bd_addr) {
384 /* if remote device does not have HIDSSRHostMaxLatency attribute in SDP,
385 set SSR max latency default value here. */
386 if (p_cb->kdev[i].dscp_info.ssr_max_latency == HID_SSR_PARAM_INVALID) {
387 /* The default is calculated as half of link supervision timeout.*/
388
389 BTM_GetLinkSuperTout(p_cb->kdev[i].addr, &ssr_max_latency);
390 ssr_max_latency = BTA_HH_GET_DEF_SSR_MAX_LAT(ssr_max_latency);
391
392 /* per 1.1 spec, if the newly calculated max latency is greater than
393 BTA_HH_SSR_MAX_LATENCY_DEF which is 500ms, use
394 BTA_HH_SSR_MAX_LATENCY_DEF */
395 if (ssr_max_latency > BTA_HH_SSR_MAX_LATENCY_DEF)
396 ssr_max_latency = BTA_HH_SSR_MAX_LATENCY_DEF;
397
398 char remote_name[BTM_MAX_REM_BD_NAME_LEN] = "";
399 if (btif_storage_get_stored_remote_name(bd_addr, remote_name)) {
400 if (interop_match_name(INTEROP_HID_HOST_LIMIT_SNIFF_INTERVAL,
401 remote_name)) {
402 if (ssr_max_latency > 18 /* slots * 0.625ms */) {
403 ssr_max_latency = 18;
404 }
405 }
406 }
407
408 *p_max_ssr_lat = ssr_max_latency;
409 } else
410 *p_max_ssr_lat = p_cb->kdev[i].dscp_info.ssr_max_latency;
411
412 if (p_cb->kdev[i].dscp_info.ssr_min_tout == HID_SSR_PARAM_INVALID)
413 *p_min_ssr_tout = BTA_HH_SSR_MIN_TOUT_DEF;
414 else
415 *p_min_ssr_tout = p_cb->kdev[i].dscp_info.ssr_min_tout;
416
417 status = BTA_HH_OK;
418
419 break;
420 }
421 }
422
423 return status;
424 }
425
426 /*******************************************************************************
427 *
428 * Function bta_hh_cleanup_disable
429 *
430 * Description when disable finished, cleanup control block and send
431 * callback
432 *
433 *
434 * Returns void
435 *
436 ******************************************************************************/
bta_hh_cleanup_disable(tBTA_HH_STATUS status)437 void bta_hh_cleanup_disable(tBTA_HH_STATUS status) {
438 uint8_t xx;
439 /* free buffer in CB holding report descriptors */
440 for (xx = 0; xx < BTA_HH_MAX_DEVICE; xx++) {
441 osi_free_and_reset(
442 (void**)&bta_hh_cb.kdev[xx].dscp_info.descriptor.dsc_list);
443 }
444
445 if (bta_hh_cb.p_disc_db) {
446 /* Cancel SDP if it had been started. */
447 (void)SDP_CancelServiceSearch (bta_hh_cb.p_disc_db);
448 osi_free_and_reset((void**)&bta_hh_cb.p_disc_db);
449 }
450
451 if (bta_hh_cb.p_cback) {
452 tBTA_HH bta_hh;
453 bta_hh.status = status;
454 (*bta_hh_cb.p_cback)(BTA_HH_DISABLE_EVT, &bta_hh);
455 /* all connections are down, no waiting for diconnect */
456 memset(&bta_hh_cb, 0, sizeof(tBTA_HH_CB));
457 }
458 }
459
460 /*******************************************************************************
461 *
462 * Function bta_hh_dev_handle_to_cb_idx
463 *
464 * Description convert a HID device handle to the device control block
465 * index.
466 *
467 *
468 * Returns uint8_t: index of the device control block.
469 *
470 ******************************************************************************/
bta_hh_dev_handle_to_cb_idx(uint8_t dev_handle)471 uint8_t bta_hh_dev_handle_to_cb_idx(uint8_t dev_handle) {
472 uint8_t index = BTA_HH_IDX_INVALID;
473
474 #if (BTA_HH_LE_INCLUDED == TRUE)
475 if (BTA_HH_IS_LE_DEV_HDL(dev_handle)) {
476 if (BTA_HH_IS_LE_DEV_HDL_VALID(dev_handle))
477 index = bta_hh_cb.le_cb_index[BTA_HH_GET_LE_CB_IDX(dev_handle)];
478 #if (BTA_HH_DEBUG == TRUE)
479 APPL_TRACE_DEBUG("bta_hh_dev_handle_to_cb_idx dev_handle = %d index = %d",
480 dev_handle, index);
481 #endif
482 } else
483 #endif
484 /* regular HID device checking */
485 if (dev_handle < BTA_HH_MAX_KNOWN)
486 index = bta_hh_cb.cb_index[dev_handle];
487
488 return index;
489 }
490 #if (BTA_HH_DEBUG == TRUE)
491 /*******************************************************************************
492 *
493 * Function bta_hh_trace_dev_db
494 *
495 * Description Check to see if this type of device is supported
496 *
497 * Returns
498 *
499 ******************************************************************************/
bta_hh_trace_dev_db(void)500 void bta_hh_trace_dev_db(void) {
501 uint8_t xx;
502
503 APPL_TRACE_DEBUG("bta_hh_trace_dev_db:: Device DB list********************");
504
505 for (xx = 0; xx < BTA_HH_MAX_DEVICE; xx++) {
506 APPL_TRACE_DEBUG("kdev[%d] in_use[%d] handle[%d] ", xx,
507 bta_hh_cb.kdev[xx].in_use, bta_hh_cb.kdev[xx].hid_handle);
508
509 APPL_TRACE_DEBUG(
510 "\t\t\t attr_mask[%04x] state [%d] sub_class[%02x] index = %d",
511 bta_hh_cb.kdev[xx].attr_mask, bta_hh_cb.kdev[xx].state,
512 bta_hh_cb.kdev[xx].sub_class, bta_hh_cb.kdev[xx].index);
513 }
514 APPL_TRACE_DEBUG("*********************************************************");
515 }
516 #endif
517 #endif /* HL_INCLUDED */
518