1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains functions relating to BLE management.
22 *
23 ******************************************************************************/
24
25 #include <base/logging.h>
26 #include <base/strings/stringprintf.h>
27 #include <string.h>
28 #include "bt_target.h"
29 #include "bt_utils.h"
30 #include "bta_hearing_aid_api.h"
31 #include "btm_int.h"
32 #include "btu.h"
33 #include "device/include/controller.h"
34 #include "hcimsgs.h"
35 #include "l2c_api.h"
36 #include "l2c_int.h"
37 #include "l2cdefs.h"
38 #include "log/log.h"
39 #include "main/shim/shim.h"
40 #include "osi/include/osi.h"
41 #include "stack/gatt/connection_manager.h"
42 #include "stack_config.h"
43
44 using base::StringPrintf;
45
46 static void l2cble_start_conn_update(tL2C_LCB* p_lcb);
47
48 /*******************************************************************************
49 *
50 * Function L2CA_CancelBleConnectReq
51 *
52 * Description Cancel a pending connection attempt to a BLE device.
53 *
54 * Parameters: BD Address of remote
55 *
56 * Return value: true if connection was cancelled
57 *
58 ******************************************************************************/
L2CA_CancelBleConnectReq(const RawAddress & rem_bda)59 bool L2CA_CancelBleConnectReq(const RawAddress& rem_bda) {
60 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
61
62 tACL_CONN* p_acl = btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE);
63 if (p_acl) {
64 if (p_lcb != NULL && p_lcb->link_state == LST_CONNECTING) {
65 L2CAP_TRACE_WARNING("%s - disconnecting the LE link", __func__);
66 L2CA_RemoveFixedChnl(L2CAP_ATT_CID, rem_bda);
67 return (true);
68 }
69 }
70
71 connection_manager::direct_connect_remove(CONN_MGR_ID_L2CAP, rem_bda);
72
73 /* Do not remove lcb if an LE link is already up as a peripheral */
74 if (p_lcb != NULL &&
75 !(p_lcb->link_role == HCI_ROLE_SLAVE &&
76 btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE) != NULL)) {
77 p_lcb->disc_reason = L2CAP_CONN_CANCEL;
78 l2cu_release_lcb(p_lcb);
79 }
80 return (true);
81 }
82
83 /*******************************************************************************
84 *
85 * Function L2CA_UpdateBleConnParams
86 *
87 * Description Update BLE connection parameters.
88 *
89 * Parameters: BD Address of remote
90 *
91 * Return value: true if update started
92 *
93 ******************************************************************************/
L2CA_UpdateBleConnParams(const RawAddress & rem_bda,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)94 bool L2CA_UpdateBleConnParams(const RawAddress& rem_bda, uint16_t min_int,
95 uint16_t max_int, uint16_t latency,
96 uint16_t timeout, uint16_t min_ce_len,
97 uint16_t max_ce_len) {
98 tL2C_LCB* p_lcb;
99 tACL_CONN* p_acl_cb = btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE);
100
101 /* See if we have a link control block for the remote device */
102 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
103
104 /* If we don't have one, create one and accept the connection. */
105 if (!p_lcb || !p_acl_cb) {
106 LOG(WARNING) << __func__ << " - unknown BD_ADDR " << rem_bda;
107 return (false);
108 }
109
110 if (p_lcb->transport != BT_TRANSPORT_LE) {
111 LOG(WARNING) << __func__ << " - BD_ADDR " << rem_bda << " not LE";
112 return (false);
113 }
114
115 VLOG(2) << __func__ << ": BD_ADDR=" << rem_bda << ", min_int=" << min_int
116 << ", max_int=" << max_int << ", min_ce_len=" << min_ce_len
117 << ", max_ce_len=" << max_ce_len;
118
119 p_lcb->min_interval = min_int;
120 p_lcb->max_interval = max_int;
121 p_lcb->latency = latency;
122 p_lcb->timeout = timeout;
123 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
124 p_lcb->min_ce_len = min_ce_len;
125 p_lcb->max_ce_len = max_ce_len;
126
127 l2cble_start_conn_update(p_lcb);
128
129 return (true);
130 }
131
L2CA_UpdateBleConnParams(const RawAddress & rem_bda,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout)132 bool L2CA_UpdateBleConnParams(const RawAddress& rem_bda, uint16_t min_int,
133 uint16_t max_int, uint16_t latency,
134 uint16_t timeout) {
135 return L2CA_UpdateBleConnParams(rem_bda, min_int, max_int, latency, timeout,
136 0, 0);
137 }
138
139 /*******************************************************************************
140 *
141 * Function L2CA_EnableUpdateBleConnParams
142 *
143 * Description Enable or disable update based on the request from the peer
144 *
145 * Parameters: BD Address of remote
146 *
147 * Return value: true if update started
148 *
149 ******************************************************************************/
L2CA_EnableUpdateBleConnParams(const RawAddress & rem_bda,bool enable)150 bool L2CA_EnableUpdateBleConnParams(const RawAddress& rem_bda, bool enable) {
151 if (bluetooth::shim::is_gd_shim_enabled()) {
152 LOG(ERROR) << "NOT IMPLEMENTED";
153 return true;
154 }
155
156 if (stack_config_get_interface()->get_pts_conn_updates_disabled())
157 return false;
158
159 tL2C_LCB* p_lcb;
160
161 /* See if we have a link control block for the remote device */
162 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
163
164 if (!p_lcb) {
165 LOG(WARNING) << __func__ << " - unknown BD_ADDR " << rem_bda;
166 return false;
167 }
168
169 VLOG(2) << __func__ << " - BD_ADDR " << rem_bda
170 << StringPrintf(" enable %d current upd state 0x%02x", enable,
171 p_lcb->conn_update_mask);
172
173 if (p_lcb->transport != BT_TRANSPORT_LE) {
174 LOG(WARNING) << __func__ << " - BD_ADDR " << rem_bda
175 << " not LE, link role " << p_lcb->link_role;
176 return false;
177 }
178
179 if (enable)
180 p_lcb->conn_update_mask &= ~L2C_BLE_CONN_UPDATE_DISABLE;
181 else
182 p_lcb->conn_update_mask |= L2C_BLE_CONN_UPDATE_DISABLE;
183
184 l2cble_start_conn_update(p_lcb);
185
186 return (true);
187 }
188
189 /*******************************************************************************
190 *
191 * Function L2CA_GetBleConnRole
192 *
193 * Description This function returns the connection role.
194 *
195 * Returns link role.
196 *
197 ******************************************************************************/
L2CA_GetBleConnRole(const RawAddress & bd_addr)198 uint8_t L2CA_GetBleConnRole(const RawAddress& bd_addr) {
199 uint8_t role = HCI_ROLE_UNKNOWN;
200
201 tL2C_LCB* p_lcb;
202
203 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
204 if (p_lcb != NULL) role = p_lcb->link_role;
205
206 return role;
207 }
208 /*******************************************************************************
209 *
210 * Function L2CA_GetDisconnectReason
211 *
212 * Description This function returns the disconnect reason code.
213 *
214 * Returns disconnect reason
215 *
216 ******************************************************************************/
L2CA_GetDisconnectReason(const RawAddress & remote_bda,tBT_TRANSPORT transport)217 uint16_t L2CA_GetDisconnectReason(const RawAddress& remote_bda,
218 tBT_TRANSPORT transport) {
219 tL2C_LCB* p_lcb;
220 uint16_t reason = 0;
221
222 p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, transport);
223 if (p_lcb != NULL) reason = p_lcb->disc_reason;
224
225 L2CAP_TRACE_DEBUG("L2CA_GetDisconnectReason=%d ", reason);
226
227 return reason;
228 }
229
230 /*******************************************************************************
231 *
232 * Function l2cble_notify_le_connection
233 *
234 * Description This function notifiy the l2cap connection to the app layer
235 *
236 * Returns none
237 *
238 ******************************************************************************/
l2cble_notify_le_connection(const RawAddress & bda)239 void l2cble_notify_le_connection(const RawAddress& bda) {
240 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
241 tACL_CONN* p_acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
242 tL2C_CCB* p_ccb;
243
244 if (p_lcb != NULL && p_acl != NULL && p_lcb->link_state != LST_CONNECTED) {
245 /* update link status */
246 btm_establish_continue(p_acl);
247 /* update l2cap link status and send callback */
248 p_lcb->link_state = LST_CONNECTED;
249 l2cu_process_fixed_chnl_resp(p_lcb);
250 }
251
252 if (p_lcb != NULL) {
253 /* For all channels, send the event through their FSMs */
254 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
255 p_ccb = p_ccb->p_next_ccb) {
256 if (p_ccb->chnl_state == CST_CLOSED)
257 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, NULL);
258 }
259 }
260 }
261
262 /** This function is called when an HCI Connection Complete event is received.
263 */
l2cble_conn_comp(uint16_t handle,uint8_t role,const RawAddress & bda,tBLE_ADDR_TYPE type,uint16_t conn_interval,uint16_t conn_latency,uint16_t conn_timeout)264 void l2cble_conn_comp(uint16_t handle, uint8_t role, const RawAddress& bda,
265 tBLE_ADDR_TYPE type, uint16_t conn_interval,
266 uint16_t conn_latency, uint16_t conn_timeout) {
267 btm_ble_update_link_topology_mask(role, true);
268
269 // role == HCI_ROLE_MASTER => scanner completed connection
270 // role == HCI_ROLE_SLAVE => advertiser completed connection
271
272 L2CAP_TRACE_DEBUG(
273 "%s: HANDLE=%d addr_type=%d conn_interval=%d "
274 "slave_latency=%d supervision_tout=%d",
275 __func__, handle, type, conn_interval, conn_latency, conn_timeout);
276
277 /* See if we have a link control block for the remote device */
278 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
279
280 /* If we don't have one, create one. this is auto connection complete. */
281 if (!p_lcb) {
282 p_lcb = l2cu_allocate_lcb(bda, false, BT_TRANSPORT_LE);
283 if (!p_lcb) {
284 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
285 LOG(ERROR) << __func__ << "failed to allocate LCB";
286 return;
287 } else {
288 if (!l2cu_initialize_fixed_ccb(p_lcb, L2CAP_ATT_CID)) {
289 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
290 LOG(WARNING) << __func__ << "LCB but no CCB";
291 return;
292 }
293 }
294 } else if (role == HCI_ROLE_MASTER && p_lcb->link_state != LST_CONNECTING) {
295 LOG(ERROR) << "L2CAP got BLE scanner conn_comp in bad state: "
296 << +p_lcb->link_state;
297 return;
298 }
299
300 if (role == HCI_ROLE_MASTER) alarm_cancel(p_lcb->l2c_lcb_timer);
301
302 /* Save the handle */
303 p_lcb->handle = handle;
304
305 /* Connected OK. Change state to connected, we were scanning so we are master
306 */
307 p_lcb->link_role = role;
308 p_lcb->transport = BT_TRANSPORT_LE;
309
310 /* update link parameter, set slave link as non-spec default upon link up */
311 p_lcb->min_interval = p_lcb->max_interval = conn_interval;
312 p_lcb->timeout = conn_timeout;
313 p_lcb->latency = conn_latency;
314 p_lcb->conn_update_mask = L2C_BLE_NOT_DEFAULT_PARAM;
315
316 /* Tell BTM Acl management about the link */
317 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(bda);
318 btm_acl_created(bda, NULL, p_dev_rec->sec_bd_name, handle, p_lcb->link_role,
319 BT_TRANSPORT_LE);
320
321 p_lcb->peer_chnl_mask[0] = L2CAP_FIXED_CHNL_ATT_BIT |
322 L2CAP_FIXED_CHNL_BLE_SIG_BIT |
323 L2CAP_FIXED_CHNL_SMP_BIT;
324
325 #if (BLE_PRIVACY_SPT == TRUE)
326 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, true);
327 #endif
328
329 if (role == HCI_ROLE_SLAVE) {
330 if (!controller_get_interface()
331 ->supports_ble_peripheral_initiated_feature_exchange()) {
332 p_lcb->link_state = LST_CONNECTED;
333 l2cu_process_fixed_chnl_resp(p_lcb);
334 }
335 }
336 }
337
338 /*******************************************************************************
339 *
340 * Function l2cble_start_conn_update
341 *
342 * Description Start the BLE connection parameter update process based on
343 * status.
344 *
345 * Parameters: lcb : l2cap link control block
346 *
347 * Return value: none
348 *
349 ******************************************************************************/
l2cble_start_conn_update(tL2C_LCB * p_lcb)350 static void l2cble_start_conn_update(tL2C_LCB* p_lcb) {
351 uint16_t min_conn_int, max_conn_int, slave_latency, supervision_tout;
352 tACL_CONN* p_acl_cb = btm_bda_to_acl(p_lcb->remote_bd_addr, BT_TRANSPORT_LE);
353 if (!p_acl_cb) {
354 LOG(ERROR) << "No known connection ACL for " << p_lcb->remote_bd_addr;
355 return;
356 }
357
358 // TODO(armansito): The return value of this call wasn't being used but the
359 // logic of this function might be depending on its side effects. We should
360 // verify if this call is needed at all and remove it otherwise.
361 btm_find_or_alloc_dev(p_lcb->remote_bd_addr);
362
363 if (p_lcb->conn_update_mask & L2C_BLE_UPDATE_PENDING) return;
364
365 if (p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) {
366 /* application requests to disable parameters update.
367 If parameters are already updated, lets set them
368 up to what has been requested during connection establishement */
369 if (p_lcb->conn_update_mask & L2C_BLE_NOT_DEFAULT_PARAM &&
370 /* current connection interval is greater than default min */
371 p_lcb->min_interval > BTM_BLE_CONN_INT_MIN) {
372 /* use 7.5 ms as fast connection parameter, 0 slave latency */
373 min_conn_int = max_conn_int = BTM_BLE_CONN_INT_MIN;
374
375 L2CA_AdjustConnectionIntervals(&min_conn_int, &max_conn_int,
376 BTM_BLE_CONN_INT_MIN);
377
378 slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
379 supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
380
381 /* if both side 4.1, or we are master device, send HCI command */
382 if (p_lcb->link_role == HCI_ROLE_MASTER
383 #if (BLE_LLT_INCLUDED == TRUE)
384 || (controller_get_interface()
385 ->supports_ble_connection_parameter_request() &&
386 HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
387 #endif
388 ) {
389 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, min_conn_int,
390 max_conn_int, slave_latency,
391 supervision_tout, 0, 0);
392 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
393 } else {
394 l2cu_send_peer_ble_par_req(p_lcb, min_conn_int, max_conn_int,
395 slave_latency, supervision_tout);
396 }
397 p_lcb->conn_update_mask &= ~L2C_BLE_NOT_DEFAULT_PARAM;
398 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
399 }
400 } else {
401 /* application allows to do update, if we were delaying one do it now */
402 if (p_lcb->conn_update_mask & L2C_BLE_NEW_CONN_PARAM) {
403 /* if both side 4.1, or we are master device, send HCI command */
404 if (p_lcb->link_role == HCI_ROLE_MASTER
405 #if (BLE_LLT_INCLUDED == TRUE)
406 || (controller_get_interface()
407 ->supports_ble_connection_parameter_request() &&
408 HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
409 #endif
410 ) {
411 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, p_lcb->min_interval,
412 p_lcb->max_interval, p_lcb->latency,
413 p_lcb->timeout, p_lcb->min_ce_len,
414 p_lcb->max_ce_len);
415 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
416 } else {
417 l2cu_send_peer_ble_par_req(p_lcb, p_lcb->min_interval,
418 p_lcb->max_interval, p_lcb->latency,
419 p_lcb->timeout);
420 }
421 p_lcb->conn_update_mask &= ~L2C_BLE_NEW_CONN_PARAM;
422 p_lcb->conn_update_mask |= L2C_BLE_NOT_DEFAULT_PARAM;
423 }
424 }
425 }
426
427 /*******************************************************************************
428 *
429 * Function l2cble_process_conn_update_evt
430 *
431 * Description This function enables the connection update request from
432 * remote after a successful connection update response is
433 * received.
434 *
435 * Returns void
436 *
437 ******************************************************************************/
l2cble_process_conn_update_evt(uint16_t handle,uint8_t status,uint16_t interval,uint16_t latency,uint16_t timeout)438 void l2cble_process_conn_update_evt(uint16_t handle, uint8_t status,
439 uint16_t interval, uint16_t latency,
440 uint16_t timeout) {
441 L2CAP_TRACE_DEBUG("%s", __func__);
442
443 /* See if we have a link control block for the remote device */
444 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
445 if (!p_lcb) {
446 L2CAP_TRACE_WARNING("%s: Invalid handle: %d", __func__, handle);
447 return;
448 }
449
450 p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
451
452 if (status != HCI_SUCCESS) {
453 L2CAP_TRACE_WARNING("%s: Error status: %d", __func__, status);
454 }
455
456 l2cble_start_conn_update(p_lcb);
457
458 L2CAP_TRACE_DEBUG("%s: conn_update_mask=%d", __func__,
459 p_lcb->conn_update_mask);
460 }
461
462 /*******************************************************************************
463 *
464 * Function l2cble_process_sig_cmd
465 *
466 * Description This function is called when a signalling packet is received
467 * on the BLE signalling CID
468 *
469 * Returns void
470 *
471 ******************************************************************************/
l2cble_process_sig_cmd(tL2C_LCB * p_lcb,uint8_t * p,uint16_t pkt_len)472 void l2cble_process_sig_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) {
473 uint8_t* p_pkt_end;
474 uint8_t cmd_code, id;
475 uint16_t cmd_len;
476 uint16_t min_interval, max_interval, latency, timeout;
477 tL2C_CONN_INFO con_info;
478 uint16_t lcid = 0, rcid = 0, mtu = 0, mps = 0, initial_credit = 0;
479 tL2C_CCB *p_ccb = NULL, *temp_p_ccb = NULL;
480 tL2C_RCB* p_rcb;
481 uint16_t credit;
482 p_pkt_end = p + pkt_len;
483
484 if (p + 4 > p_pkt_end) {
485 android_errorWriteLog(0x534e4554, "80261585");
486 LOG(ERROR) << "invalid read";
487 return;
488 }
489
490 STREAM_TO_UINT8(cmd_code, p);
491 STREAM_TO_UINT8(id, p);
492 STREAM_TO_UINT16(cmd_len, p);
493
494 /* Check command length does not exceed packet length */
495 if ((p + cmd_len) > p_pkt_end) {
496 L2CAP_TRACE_WARNING(
497 "L2CAP - LE - format error, pkt_len: %d cmd_len: %d code: %d",
498 pkt_len, cmd_len, cmd_code);
499 return;
500 }
501
502 switch (cmd_code) {
503 case L2CAP_CMD_REJECT:
504 p += 2;
505 break;
506
507 case L2CAP_CMD_ECHO_REQ:
508 case L2CAP_CMD_ECHO_RSP:
509 case L2CAP_CMD_INFO_RSP:
510 case L2CAP_CMD_INFO_REQ:
511 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
512 break;
513
514 case L2CAP_CMD_BLE_UPDATE_REQ:
515 if (p + 8 > p_pkt_end) {
516 android_errorWriteLog(0x534e4554, "80261585");
517 LOG(ERROR) << "invalid read";
518 return;
519 }
520
521 STREAM_TO_UINT16(min_interval, p); /* 0x0006 - 0x0C80 */
522 STREAM_TO_UINT16(max_interval, p); /* 0x0006 - 0x0C80 */
523 STREAM_TO_UINT16(latency, p); /* 0x0000 - 0x03E8 */
524 STREAM_TO_UINT16(timeout, p); /* 0x000A - 0x0C80 */
525 /* If we are a master, the slave wants to update the parameters */
526 if (p_lcb->link_role == HCI_ROLE_MASTER) {
527 L2CA_AdjustConnectionIntervals(&min_interval, &max_interval,
528 BTM_BLE_CONN_INT_MIN_LIMIT);
529
530 if (min_interval < BTM_BLE_CONN_INT_MIN ||
531 min_interval > BTM_BLE_CONN_INT_MAX ||
532 max_interval < BTM_BLE_CONN_INT_MIN ||
533 max_interval > BTM_BLE_CONN_INT_MAX ||
534 latency > BTM_BLE_CONN_LATENCY_MAX ||
535 /*(timeout >= max_interval && latency > (timeout * 10/(max_interval
536 * 1.25) - 1)) ||*/
537 timeout < BTM_BLE_CONN_SUP_TOUT_MIN ||
538 timeout > BTM_BLE_CONN_SUP_TOUT_MAX ||
539 max_interval < min_interval) {
540 l2cu_send_peer_ble_par_rsp(p_lcb, L2CAP_CFG_UNACCEPTABLE_PARAMS, id);
541 } else {
542 l2cu_send_peer_ble_par_rsp(p_lcb, L2CAP_CFG_OK, id);
543
544 p_lcb->min_interval = min_interval;
545 p_lcb->max_interval = max_interval;
546 p_lcb->latency = latency;
547 p_lcb->timeout = timeout;
548 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
549
550 l2cble_start_conn_update(p_lcb);
551 }
552 } else
553 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0,
554 0);
555 break;
556
557 case L2CAP_CMD_BLE_UPDATE_RSP:
558 p += 2;
559 break;
560
561 case L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ:
562 if (p + 10 > p_pkt_end) {
563 android_errorWriteLog(0x534e4554, "80261585");
564 LOG(ERROR) << "invalid read";
565 return;
566 }
567
568 STREAM_TO_UINT16(con_info.psm, p);
569 STREAM_TO_UINT16(rcid, p);
570 STREAM_TO_UINT16(mtu, p);
571 STREAM_TO_UINT16(mps, p);
572 STREAM_TO_UINT16(initial_credit, p);
573
574 L2CAP_TRACE_DEBUG(
575 "Recv L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ with "
576 "mtu = %d, "
577 "mps = %d, "
578 "initial credit = %d",
579 mtu, mps, initial_credit);
580
581 p_ccb = l2cu_find_ccb_by_remote_cid(p_lcb, rcid);
582 if (p_ccb) {
583 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for duplicated cid: 0x%04x",
584 rcid);
585 l2cu_reject_ble_connection(
586 p_lcb, id, L2CAP_LE_RESULT_SOURCE_CID_ALREADY_ALLOCATED);
587 break;
588 }
589
590 p_rcb = l2cu_find_ble_rcb_by_psm(con_info.psm);
591 if (p_rcb == NULL) {
592 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for unknown PSM: 0x%04x",
593 con_info.psm);
594 l2cu_reject_ble_connection(p_lcb, id, L2CAP_LE_RESULT_NO_PSM);
595 break;
596 } else {
597 if (!p_rcb->api.pL2CA_ConnectInd_Cb) {
598 L2CAP_TRACE_WARNING(
599 "L2CAP - rcvd conn req for outgoing-only connection PSM: %d",
600 con_info.psm);
601 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_PSM);
602 break;
603 }
604 }
605
606 /* Allocate a ccb for this.*/
607 p_ccb = l2cu_allocate_ccb(p_lcb, 0);
608 if (p_ccb == NULL) {
609 L2CAP_TRACE_ERROR("L2CAP - unable to allocate CCB");
610 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_RESOURCES);
611 break;
612 }
613
614 /* validate the parameters */
615 if (mtu < L2CAP_LE_MIN_MTU || mps < L2CAP_LE_MIN_MPS ||
616 mps > L2CAP_LE_MAX_MPS) {
617 L2CAP_TRACE_ERROR("L2CAP don't like the params");
618 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_RESOURCES);
619 break;
620 }
621
622 p_ccb->remote_id = id;
623 p_ccb->p_rcb = p_rcb;
624 p_ccb->remote_cid = rcid;
625
626 p_ccb->peer_conn_cfg.mtu = mtu;
627 p_ccb->peer_conn_cfg.mps = mps;
628 p_ccb->peer_conn_cfg.credits = initial_credit;
629
630 p_ccb->tx_mps = mps;
631 p_ccb->ble_sdu = NULL;
632 p_ccb->ble_sdu_length = 0;
633 p_ccb->is_first_seg = true;
634 p_ccb->peer_cfg.fcr.mode = L2CAP_FCR_LE_COC_MODE;
635
636 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_REQ, &con_info);
637 break;
638
639 case L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES:
640 L2CAP_TRACE_DEBUG("Recv L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES");
641 /* For all channels, see whose identifier matches this id */
642 for (temp_p_ccb = p_lcb->ccb_queue.p_first_ccb; temp_p_ccb;
643 temp_p_ccb = temp_p_ccb->p_next_ccb) {
644 if (temp_p_ccb->local_id == id) {
645 p_ccb = temp_p_ccb;
646 break;
647 }
648 }
649 if (p_ccb) {
650 L2CAP_TRACE_DEBUG("I remember the connection req");
651 if (p + 10 > p_pkt_end) {
652 android_errorWriteLog(0x534e4554, "80261585");
653 LOG(ERROR) << "invalid read";
654 return;
655 }
656
657 STREAM_TO_UINT16(p_ccb->remote_cid, p);
658 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.mtu, p);
659 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.mps, p);
660 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.credits, p);
661 STREAM_TO_UINT16(con_info.l2cap_result, p);
662 con_info.remote_cid = p_ccb->remote_cid;
663
664 L2CAP_TRACE_DEBUG(
665 "remote_cid = %d, "
666 "mtu = %d, "
667 "mps = %d, "
668 "initial_credit = %d, "
669 "con_info.l2cap_result = %d",
670 p_ccb->remote_cid, p_ccb->peer_conn_cfg.mtu,
671 p_ccb->peer_conn_cfg.mps, p_ccb->peer_conn_cfg.credits,
672 con_info.l2cap_result);
673
674 /* validate the parameters */
675 if (p_ccb->peer_conn_cfg.mtu < L2CAP_LE_MIN_MTU ||
676 p_ccb->peer_conn_cfg.mps < L2CAP_LE_MIN_MPS ||
677 p_ccb->peer_conn_cfg.mps > L2CAP_LE_MAX_MPS) {
678 L2CAP_TRACE_ERROR("L2CAP don't like the params");
679 con_info.l2cap_result = L2CAP_LE_RESULT_NO_RESOURCES;
680 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
681 break;
682 }
683
684 p_ccb->tx_mps = p_ccb->peer_conn_cfg.mps;
685 p_ccb->ble_sdu = NULL;
686 p_ccb->ble_sdu_length = 0;
687 p_ccb->is_first_seg = true;
688 p_ccb->peer_cfg.fcr.mode = L2CAP_FCR_LE_COC_MODE;
689
690 if (con_info.l2cap_result == L2CAP_LE_RESULT_CONN_OK)
691 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP, &con_info);
692 else
693 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
694 } else {
695 L2CAP_TRACE_DEBUG("I DO NOT remember the connection req");
696 con_info.l2cap_result = L2CAP_LE_RESULT_INVALID_SOURCE_CID;
697 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
698 }
699 break;
700
701 case L2CAP_CMD_BLE_FLOW_CTRL_CREDIT:
702 if (p + 4 > p_pkt_end) {
703 android_errorWriteLog(0x534e4554, "80261585");
704 LOG(ERROR) << "invalid read";
705 return;
706 }
707
708 STREAM_TO_UINT16(lcid, p);
709 p_ccb = l2cu_find_ccb_by_remote_cid(p_lcb, lcid);
710 if (p_ccb == NULL) {
711 L2CAP_TRACE_DEBUG("%s Credit received for unknown channel id %d",
712 __func__, lcid);
713 break;
714 }
715
716 STREAM_TO_UINT16(credit, p);
717 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_RECV_FLOW_CONTROL_CREDIT, &credit);
718 L2CAP_TRACE_DEBUG("%s Credit received", __func__);
719 break;
720
721 case L2CAP_CMD_DISC_REQ:
722 if (p + 4 > p_pkt_end) {
723 android_errorWriteLog(0x534e4554, "74121659");
724 return;
725 }
726 STREAM_TO_UINT16(lcid, p);
727 STREAM_TO_UINT16(rcid, p);
728
729 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid);
730 if (p_ccb != NULL) {
731 if (p_ccb->remote_cid == rcid) {
732 p_ccb->remote_id = id;
733 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_REQ, NULL);
734 }
735 } else
736 l2cu_send_peer_disc_rsp(p_lcb, id, lcid, rcid);
737
738 break;
739
740 case L2CAP_CMD_DISC_RSP:
741 if (p + 4 > p_pkt_end) {
742 android_errorWriteLog(0x534e4554, "80261585");
743 LOG(ERROR) << "invalid read";
744 return;
745 }
746 STREAM_TO_UINT16(rcid, p);
747 STREAM_TO_UINT16(lcid, p);
748
749 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid);
750 if (p_ccb != NULL) {
751 if ((p_ccb->remote_cid == rcid) && (p_ccb->local_id == id))
752 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_RSP, NULL);
753 }
754 break;
755
756 default:
757 L2CAP_TRACE_WARNING("L2CAP - LE - unknown cmd code: %d", cmd_code);
758 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
759 break;
760 }
761 }
762
763 /** This function is to initate a direct connection. Returns true if connection
764 * initiated, false otherwise. */
l2cble_create_conn(tL2C_LCB * p_lcb)765 bool l2cble_create_conn(tL2C_LCB* p_lcb) {
766 bool ret = connection_manager::direct_connect_add(CONN_MGR_ID_L2CAP,
767 p_lcb->remote_bd_addr);
768 if (!ret) return ret;
769
770 p_lcb->link_state = LST_CONNECTING;
771
772 // TODO: we should not need this timer at all, the connection failure should
773 // be reported from lower layer
774 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_BLE_LINK_CONNECT_TIMEOUT_MS,
775 l2c_lcb_timer_timeout, p_lcb);
776 return true;
777 }
778
779 /*******************************************************************************
780 *
781 * Function l2c_link_processs_ble_num_bufs
782 *
783 * Description This function is called when a "controller buffer size"
784 * event is first received from the controller. It updates
785 * the L2CAP values.
786 *
787 * Returns void
788 *
789 ******************************************************************************/
l2c_link_processs_ble_num_bufs(uint16_t num_lm_ble_bufs)790 void l2c_link_processs_ble_num_bufs(uint16_t num_lm_ble_bufs) {
791 if (num_lm_ble_bufs == 0) {
792 num_lm_ble_bufs = L2C_DEF_NUM_BLE_BUF_SHARED;
793 l2cb.num_lm_acl_bufs -= L2C_DEF_NUM_BLE_BUF_SHARED;
794 }
795
796 l2cb.num_lm_ble_bufs = l2cb.controller_le_xmit_window = num_lm_ble_bufs;
797 }
798
799 /*******************************************************************************
800 *
801 * Function l2c_ble_link_adjust_allocation
802 *
803 * Description This function is called when a link is created or removed
804 * to calculate the amount of packets each link may send to
805 * the HCI without an ack coming back.
806 *
807 * Currently, this is a simple allocation, dividing the
808 * number of Controller Packets by the number of links. In
809 * the future, QOS configuration should be examined.
810 *
811 * Returns void
812 *
813 ******************************************************************************/
l2c_ble_link_adjust_allocation(void)814 void l2c_ble_link_adjust_allocation(void) {
815 uint16_t qq, yy, qq_remainder;
816 tL2C_LCB* p_lcb;
817 uint16_t hi_quota, low_quota;
818 uint16_t num_lowpri_links = 0;
819 uint16_t num_hipri_links = 0;
820 uint16_t controller_xmit_quota = l2cb.num_lm_ble_bufs;
821 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
822
823 /* If no links active, reset buffer quotas and controller buffers */
824 if (l2cb.num_ble_links_active == 0) {
825 l2cb.controller_le_xmit_window = l2cb.num_lm_ble_bufs;
826 l2cb.ble_round_robin_quota = l2cb.ble_round_robin_unacked = 0;
827 return;
828 }
829
830 /* First, count the links */
831 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
832 if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
833 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
834 num_hipri_links++;
835 else
836 num_lowpri_links++;
837 }
838 }
839
840 /* now adjust high priority link quota */
841 low_quota = num_lowpri_links ? 1 : 0;
842 while ((num_hipri_links * high_pri_link_quota + low_quota) >
843 controller_xmit_quota)
844 high_pri_link_quota--;
845
846 /* Work out the xmit quota and buffer quota high and low priorities */
847 hi_quota = num_hipri_links * high_pri_link_quota;
848 low_quota =
849 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
850
851 /* Work out and save the HCI xmit quota for each low priority link */
852
853 /* If each low priority link cannot have at least one buffer */
854 if (num_lowpri_links > low_quota) {
855 l2cb.ble_round_robin_quota = low_quota;
856 qq = qq_remainder = 0;
857 }
858 /* If each low priority link can have at least one buffer */
859 else if (num_lowpri_links > 0) {
860 l2cb.ble_round_robin_quota = 0;
861 l2cb.ble_round_robin_unacked = 0;
862 qq = low_quota / num_lowpri_links;
863 qq_remainder = low_quota % num_lowpri_links;
864 }
865 /* If no low priority link */
866 else {
867 l2cb.ble_round_robin_quota = 0;
868 l2cb.ble_round_robin_unacked = 0;
869 qq = qq_remainder = 0;
870 }
871 L2CAP_TRACE_EVENT(
872 "l2c_ble_link_adjust_allocation num_hipri: %u num_lowpri: %u "
873 "low_quota: %u round_robin_quota: %u qq: %u",
874 num_hipri_links, num_lowpri_links, low_quota, l2cb.ble_round_robin_quota,
875 qq);
876
877 /* Now, assign the quotas to each link */
878 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
879 if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
880 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
881 p_lcb->link_xmit_quota = high_pri_link_quota;
882 } else {
883 /* Safety check in case we switched to round-robin with something
884 * outstanding */
885 /* if sent_not_acked is added into round_robin_unacked then don't add it
886 * again */
887 /* l2cap keeps updating sent_not_acked for exiting from round robin */
888 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
889 l2cb.ble_round_robin_unacked += p_lcb->sent_not_acked;
890
891 p_lcb->link_xmit_quota = qq;
892 if (qq_remainder > 0) {
893 p_lcb->link_xmit_quota++;
894 qq_remainder--;
895 }
896 }
897
898 L2CAP_TRACE_EVENT(
899 "l2c_ble_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d",
900 yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
901
902 L2CAP_TRACE_EVENT(" SentNotAcked: %d RRUnacked: %d",
903 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
904
905 /* There is a special case where we have readjusted the link quotas and */
906 /* this link may have sent anything but some other link sent packets so */
907 /* so we may need a timer to kick off this link's transmissions. */
908 if ((p_lcb->link_state == LST_CONNECTED) &&
909 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
910 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
911 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
912 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
913 l2c_lcb_timer_timeout, p_lcb);
914 }
915 }
916 }
917 }
918
919 #if (BLE_LLT_INCLUDED == TRUE)
920 /*******************************************************************************
921 *
922 * Function l2cble_process_rc_param_request_evt
923 *
924 * Description process LE Remote Connection Parameter Request Event.
925 *
926 * Returns void
927 *
928 ******************************************************************************/
l2cble_process_rc_param_request_evt(uint16_t handle,uint16_t int_min,uint16_t int_max,uint16_t latency,uint16_t timeout)929 void l2cble_process_rc_param_request_evt(uint16_t handle, uint16_t int_min,
930 uint16_t int_max, uint16_t latency,
931 uint16_t timeout) {
932 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
933
934 if (p_lcb != NULL) {
935 p_lcb->min_interval = int_min;
936 p_lcb->max_interval = int_max;
937 p_lcb->latency = latency;
938 p_lcb->timeout = timeout;
939
940 /* if update is enabled, always accept connection parameter update */
941 if ((p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) == 0) {
942 btsnd_hcic_ble_rc_param_req_reply(handle, int_min, int_max, latency,
943 timeout, 0, 0);
944 } else {
945 L2CAP_TRACE_EVENT("L2CAP - LE - update currently disabled");
946 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
947 btsnd_hcic_ble_rc_param_req_neg_reply(handle,
948 HCI_ERR_UNACCEPT_CONN_INTERVAL);
949 }
950
951 } else {
952 L2CAP_TRACE_WARNING("No link to update connection parameter")
953 }
954 }
955 #endif
956
957 /*******************************************************************************
958 *
959 * Function l2cble_update_data_length
960 *
961 * Description This function update link tx data length if applicable
962 *
963 * Returns void
964 *
965 ******************************************************************************/
l2cble_update_data_length(tL2C_LCB * p_lcb)966 void l2cble_update_data_length(tL2C_LCB* p_lcb) {
967 uint16_t tx_mtu = 0;
968 uint16_t i = 0;
969
970 L2CAP_TRACE_DEBUG("%s", __func__);
971
972 /* See if we have a link control block for the connection */
973 if (p_lcb == NULL) return;
974
975 for (i = 0; i < L2CAP_NUM_FIXED_CHNLS; i++) {
976 if (i + L2CAP_FIRST_FIXED_CHNL != L2CAP_BLE_SIGNALLING_CID) {
977 if ((p_lcb->p_fixed_ccbs[i] != NULL) &&
978 (tx_mtu < (p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD)))
979 tx_mtu = p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD;
980 }
981 }
982
983 if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) tx_mtu = BTM_BLE_DATA_SIZE_MAX;
984
985 /* update TX data length if changed */
986 if (p_lcb->tx_data_len != tx_mtu)
987 BTM_SetBleDataLength(p_lcb->remote_bd_addr, tx_mtu);
988 }
989
990 /*******************************************************************************
991 *
992 * Function l2cble_process_data_length_change_evt
993 *
994 * Description This function process the data length change event
995 *
996 * Returns void
997 *
998 ******************************************************************************/
l2cble_process_data_length_change_event(uint16_t handle,uint16_t tx_data_len,uint16_t rx_data_len)999 void l2cble_process_data_length_change_event(uint16_t handle,
1000 uint16_t tx_data_len,
1001 uint16_t rx_data_len) {
1002 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1003
1004 L2CAP_TRACE_DEBUG("%s TX data len = %d", __func__, tx_data_len);
1005 if (p_lcb == NULL) return;
1006
1007 if (tx_data_len > 0) p_lcb->tx_data_len = tx_data_len;
1008
1009 /* ignore rx_data len for now */
1010 }
1011
1012 /*******************************************************************************
1013 *
1014 * Function l2cble_set_fixed_channel_tx_data_length
1015 *
1016 * Description This function update max fixed channel tx data length if
1017 * applicable
1018 *
1019 * Returns void
1020 *
1021 ******************************************************************************/
l2cble_set_fixed_channel_tx_data_length(const RawAddress & remote_bda,uint16_t fix_cid,uint16_t tx_mtu)1022 void l2cble_set_fixed_channel_tx_data_length(const RawAddress& remote_bda,
1023 uint16_t fix_cid,
1024 uint16_t tx_mtu) {
1025 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, BT_TRANSPORT_LE);
1026 uint16_t cid = fix_cid - L2CAP_FIRST_FIXED_CHNL;
1027
1028 L2CAP_TRACE_DEBUG("%s TX MTU = %d", __func__, tx_mtu);
1029
1030 if (!controller_get_interface()->supports_ble_packet_extension()) {
1031 L2CAP_TRACE_WARNING("%s, request not supported", __func__);
1032 return;
1033 }
1034
1035 /* See if we have a link control block for the connection */
1036 if (p_lcb == NULL) return;
1037
1038 if (p_lcb->p_fixed_ccbs[cid] != NULL) {
1039 if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) tx_mtu = BTM_BLE_DATA_SIZE_MAX;
1040
1041 p_lcb->p_fixed_ccbs[cid]->tx_data_len = tx_mtu;
1042 }
1043
1044 l2cble_update_data_length(p_lcb);
1045 }
1046
1047 /*******************************************************************************
1048 *
1049 * Function l2cble_credit_based_conn_req
1050 *
1051 * Description This function sends LE Credit Based Connection Request for
1052 * LE connection oriented channels.
1053 *
1054 * Returns void
1055 *
1056 ******************************************************************************/
l2cble_credit_based_conn_req(tL2C_CCB * p_ccb)1057 void l2cble_credit_based_conn_req(tL2C_CCB* p_ccb) {
1058 if (!p_ccb) return;
1059
1060 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1061 L2CAP_TRACE_WARNING("LE link doesn't exist");
1062 return;
1063 }
1064
1065 l2cu_send_peer_ble_credit_based_conn_req(p_ccb);
1066 return;
1067 }
1068
1069 /*******************************************************************************
1070 *
1071 * Function l2cble_credit_based_conn_res
1072 *
1073 * Description This function sends LE Credit Based Connection Response for
1074 * LE connection oriented channels.
1075 *
1076 * Returns void
1077 *
1078 ******************************************************************************/
l2cble_credit_based_conn_res(tL2C_CCB * p_ccb,uint16_t result)1079 void l2cble_credit_based_conn_res(tL2C_CCB* p_ccb, uint16_t result) {
1080 if (!p_ccb) return;
1081
1082 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1083 L2CAP_TRACE_WARNING("LE link doesn't exist");
1084 return;
1085 }
1086
1087 l2cu_send_peer_ble_credit_based_conn_res(p_ccb, result);
1088 return;
1089 }
1090
1091 /*******************************************************************************
1092 *
1093 * Function l2cble_send_flow_control_credit
1094 *
1095 * Description This function sends flow control credits for
1096 * LE connection oriented channels.
1097 *
1098 * Returns void
1099 *
1100 ******************************************************************************/
l2cble_send_flow_control_credit(tL2C_CCB * p_ccb,uint16_t credit_value)1101 void l2cble_send_flow_control_credit(tL2C_CCB* p_ccb, uint16_t credit_value) {
1102 if (!p_ccb) return;
1103
1104 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1105 L2CAP_TRACE_WARNING("LE link doesn't exist");
1106 return;
1107 }
1108
1109 l2cu_send_peer_ble_flow_control_credit(p_ccb, credit_value);
1110 return;
1111 }
1112
1113 /*******************************************************************************
1114 *
1115 * Function l2cble_send_peer_disc_req
1116 *
1117 * Description This function sends disconnect request
1118 * to the peer LE device
1119 *
1120 * Returns void
1121 *
1122 ******************************************************************************/
l2cble_send_peer_disc_req(tL2C_CCB * p_ccb)1123 void l2cble_send_peer_disc_req(tL2C_CCB* p_ccb) {
1124 L2CAP_TRACE_DEBUG("%s", __func__);
1125 if (!p_ccb) return;
1126
1127 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1128 L2CAP_TRACE_WARNING("LE link doesn't exist");
1129 return;
1130 }
1131
1132 l2cu_send_peer_ble_credit_based_disconn_req(p_ccb);
1133 return;
1134 }
1135
1136 /*******************************************************************************
1137 *
1138 * Function l2cble_sec_comp
1139 *
1140 * Description This function is called when security procedure for an LE
1141 * COC link is done
1142 *
1143 * Returns void
1144 *
1145 ******************************************************************************/
l2cble_sec_comp(const RawAddress * bda,tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)1146 void l2cble_sec_comp(const RawAddress* bda, tBT_TRANSPORT transport,
1147 void* p_ref_data, uint8_t status) {
1148 const RawAddress& p_bda = *bda;
1149 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, BT_TRANSPORT_LE);
1150 tL2CAP_SEC_DATA* p_buf = NULL;
1151 uint8_t sec_flag;
1152 uint8_t sec_act;
1153
1154 if (!p_lcb) {
1155 L2CAP_TRACE_WARNING("%s: security complete for unknown device. bda=%s",
1156 __func__, bda->ToString().c_str());
1157 return;
1158 }
1159
1160 sec_act = p_lcb->sec_act;
1161 p_lcb->sec_act = 0;
1162
1163 if (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) {
1164 p_buf = (tL2CAP_SEC_DATA*)fixed_queue_dequeue(p_lcb->le_sec_pending_q);
1165 if (!p_buf) {
1166 L2CAP_TRACE_WARNING(
1167 "%s Security complete for request not initiated from L2CAP",
1168 __func__);
1169 return;
1170 }
1171
1172 if (status != BTM_SUCCESS) {
1173 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1174 } else {
1175 if (sec_act == BTM_SEC_ENCRYPT_MITM) {
1176 BTM_GetSecurityFlagsByTransport(p_bda, &sec_flag, transport);
1177 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED)
1178 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1179 status);
1180 else {
1181 L2CAP_TRACE_DEBUG("%s MITM Protection Not present", __func__);
1182 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1183 BTM_FAILED_ON_SECURITY);
1184 }
1185 } else {
1186 L2CAP_TRACE_DEBUG("%s MITM Protection not required sec_act = %d",
1187 __func__, p_lcb->sec_act);
1188
1189 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1190 status);
1191 }
1192 }
1193 } else {
1194 L2CAP_TRACE_WARNING(
1195 "%s Security complete for request not initiated from L2CAP", __func__);
1196 return;
1197 }
1198 osi_free(p_buf);
1199
1200 while (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) {
1201 p_buf = (tL2CAP_SEC_DATA*)fixed_queue_dequeue(p_lcb->le_sec_pending_q);
1202
1203 if (status != BTM_SUCCESS)
1204 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1205 else
1206 l2ble_sec_access_req(p_bda, p_buf->psm, p_buf->is_originator,
1207 p_buf->p_callback, p_buf->p_ref_data);
1208
1209 osi_free(p_buf);
1210 }
1211 }
1212
1213 /*******************************************************************************
1214 *
1215 * Function l2ble_sec_access_req
1216 *
1217 * Description This function is called by LE COC link to meet the
1218 * security requirement for the link
1219 *
1220 * Returns Returns - L2CAP LE Connection Response Result Code.
1221 *
1222 ******************************************************************************/
l2ble_sec_access_req(const RawAddress & bd_addr,uint16_t psm,bool is_originator,tL2CAP_SEC_CBACK * p_callback,void * p_ref_data)1223 tL2CAP_LE_RESULT_CODE l2ble_sec_access_req(const RawAddress& bd_addr,
1224 uint16_t psm, bool is_originator,
1225 tL2CAP_SEC_CBACK* p_callback,
1226 void* p_ref_data) {
1227 L2CAP_TRACE_DEBUG("%s", __func__);
1228 tL2CAP_LE_RESULT_CODE result;
1229 tL2C_LCB* p_lcb = NULL;
1230
1231 if (!p_callback) {
1232 L2CAP_TRACE_ERROR("%s No callback function", __func__);
1233 return L2CAP_LE_RESULT_NO_RESOURCES;
1234 }
1235
1236 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1237
1238 if (!p_lcb) {
1239 L2CAP_TRACE_ERROR("%s Security check for unknown device", __func__);
1240 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_UNKNOWN_ADDR);
1241 return L2CAP_LE_RESULT_NO_RESOURCES;
1242 }
1243
1244 tL2CAP_SEC_DATA* p_buf =
1245 (tL2CAP_SEC_DATA*)osi_malloc((uint16_t)sizeof(tL2CAP_SEC_DATA));
1246 if (!p_buf) {
1247 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_NO_RESOURCES);
1248 return L2CAP_LE_RESULT_NO_RESOURCES;
1249 }
1250
1251 p_buf->psm = psm;
1252 p_buf->is_originator = is_originator;
1253 p_buf->p_callback = p_callback;
1254 p_buf->p_ref_data = p_ref_data;
1255 fixed_queue_enqueue(p_lcb->le_sec_pending_q, p_buf);
1256 result = btm_ble_start_sec_check(bd_addr, psm, is_originator,
1257 &l2cble_sec_comp, p_ref_data);
1258
1259 return result;
1260 }
1261
1262 /* This function is called to adjust the connection intervals based on various
1263 * constraints. For example, when there is at least one Hearing Aid device
1264 * bonded, the minimum interval is raised. On return, min_interval and
1265 * max_interval are updated. */
L2CA_AdjustConnectionIntervals(uint16_t * min_interval,uint16_t * max_interval,uint16_t floor_interval)1266 void L2CA_AdjustConnectionIntervals(uint16_t* min_interval,
1267 uint16_t* max_interval,
1268 uint16_t floor_interval) {
1269 uint16_t phone_min_interval = floor_interval;
1270
1271 if (HearingAid::GetDeviceCount() > 0) {
1272 // When there are bonded Hearing Aid devices, we will constrained this
1273 // minimum interval.
1274 phone_min_interval = BTM_BLE_CONN_INT_MIN_HEARINGAID;
1275 L2CAP_TRACE_DEBUG("%s: Have Hearing Aids. Min. interval is set to %d",
1276 __func__, phone_min_interval);
1277 }
1278
1279 if (*min_interval < phone_min_interval) {
1280 L2CAP_TRACE_DEBUG("%s: requested min_interval=%d too small. Set to %d",
1281 __func__, *min_interval, phone_min_interval);
1282 *min_interval = phone_min_interval;
1283 }
1284
1285 // While this could result in connection parameters that fall
1286 // outside fo the range requested, this will allow the connection
1287 // to remain established.
1288 // In other words, this is a workaround for certain peripherals.
1289 if (*max_interval < phone_min_interval) {
1290 L2CAP_TRACE_DEBUG("%s: requested max_interval=%d too small. Set to %d",
1291 __func__, *max_interval, phone_min_interval);
1292 *max_interval = phone_min_interval;
1293 }
1294 }
1295
L2CA_SetLeFixedChannelTxDataLength(const RawAddress & remote_bda,uint16_t fix_cid,uint16_t tx_mtu)1296 void L2CA_SetLeFixedChannelTxDataLength(const RawAddress& remote_bda,
1297 uint16_t fix_cid, uint16_t tx_mtu) {
1298 l2cble_set_fixed_channel_tx_data_length(remote_bda, fix_cid, tx_mtu);
1299 }
1300