1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include <base/bind.h>
31 #include <base/callback.h>
32 #include <base/location.h>
33 #include <base/logging.h>
34 #include <base/threading/thread.h>
35 #include <frameworks/base/core/proto/android/bluetooth/enums.pb.h>
36 #include <frameworks/base/core/proto/android/bluetooth/hci/enums.pb.h>
37 #include <log/log.h>
38 #include <statslog.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42
43 #include "bt_common.h"
44 #include "bt_types.h"
45 #include "bt_utils.h"
46 #include "btif_config.h"
47 #include "btm_api.h"
48 #include "btm_int.h"
49 #include "btu.h"
50 #include "common/metrics.h"
51 #include "device/include/controller.h"
52 #include "hci_evt_length.h"
53 #include "hci_layer.h"
54 #include "hcimsgs.h"
55 #include "l2c_int.h"
56 #include "osi/include/log.h"
57 #include "osi/include/osi.h"
58
59 using base::Location;
60
61 extern void btm_process_cancel_complete(uint8_t status, uint8_t mode);
62 extern void btm_process_inq_results2(uint8_t* p, uint8_t inq_res_mode);
63 extern void btm_ble_test_command_complete(uint8_t* p);
64 extern void smp_cancel_start_encryption_attempt();
65
66 /******************************************************************************/
67 /* L O C A L F U N C T I O N P R O T O T Y P E S */
68 /******************************************************************************/
69 static void btu_hcif_inquiry_comp_evt(uint8_t* p);
70 static void btu_hcif_inquiry_result_evt(uint8_t* p, uint8_t hci_evt_len);
71 static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p, uint8_t hci_evt_len);
72 static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
73 uint8_t hci_evt_len);
74
75 static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len);
76 static void btu_hcif_connection_request_evt(uint8_t* p);
77 static void btu_hcif_disconnection_comp_evt(uint8_t* p);
78 static void btu_hcif_authentication_comp_evt(uint8_t* p);
79 static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len);
80 static void btu_hcif_encryption_change_evt(uint8_t* p);
81 static void btu_hcif_read_rmt_features_comp_evt(uint8_t* p);
82 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
83 uint8_t evt_len);
84 static void btu_hcif_read_rmt_version_comp_evt(uint8_t* p);
85 static void btu_hcif_qos_setup_comp_evt(uint8_t* p);
86 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
87 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
88 void* context);
89 static void btu_hcif_hardware_error_evt(uint8_t* p);
90 static void btu_hcif_flush_occured_evt(void);
91 static void btu_hcif_role_change_evt(uint8_t* p);
92 static void btu_hcif_num_compl_data_pkts_evt(uint8_t* p, uint8_t evt_len);
93 static void btu_hcif_mode_change_evt(uint8_t* p);
94 static void btu_hcif_pin_code_request_evt(uint8_t* p);
95 static void btu_hcif_link_key_request_evt(uint8_t* p);
96 static void btu_hcif_link_key_notification_evt(uint8_t* p);
97 static void btu_hcif_loopback_command_evt(void);
98 static void btu_hcif_data_buf_overflow_evt(void);
99 static void btu_hcif_max_slots_changed_evt(void);
100 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
101 static void btu_hcif_conn_pkt_type_change_evt(void);
102 static void btu_hcif_qos_violation_evt(uint8_t* p);
103 static void btu_hcif_page_scan_mode_change_evt(void);
104 static void btu_hcif_page_scan_rep_mode_chng_evt(void);
105 static void btu_hcif_esco_connection_comp_evt(uint8_t* p);
106 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
107
108 /* Simple Pairing Events */
109 static void btu_hcif_host_support_evt(uint8_t* p);
110 static void btu_hcif_io_cap_request_evt(uint8_t* p);
111 static void btu_hcif_io_cap_response_evt(uint8_t* p);
112 static void btu_hcif_user_conf_request_evt(uint8_t* p);
113 static void btu_hcif_user_passkey_request_evt(uint8_t* p);
114 static void btu_hcif_user_passkey_notif_evt(uint8_t* p);
115 static void btu_hcif_keypress_notif_evt(uint8_t* p);
116 static void btu_hcif_rem_oob_request_evt(uint8_t* p);
117
118 static void btu_hcif_simple_pair_complete_evt(uint8_t* p);
119 #if L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE
120 static void btu_hcif_enhanced_flush_complete_evt(void);
121 #endif
122
123 #if (BTM_SSR_INCLUDED == TRUE)
124 static void btu_hcif_ssr_evt(uint8_t* p, uint16_t evt_len);
125 #endif /* BTM_SSR_INCLUDED == TRUE */
126
127 static void btu_ble_ll_conn_complete_evt(uint8_t* p, uint16_t evt_len);
128 static void btu_ble_read_remote_feat_evt(uint8_t* p);
129 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len);
130 static void btu_ble_proc_ltk_req(uint8_t* p);
131 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
132 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len);
133 #if (BLE_LLT_INCLUDED == TRUE)
134 static void btu_ble_rc_param_req_evt(uint8_t* p);
135 #endif
136 #if (BLE_PRIVACY_SPT == TRUE)
137 static void btu_ble_proc_enhanced_conn_cmpl(uint8_t* p, uint16_t evt_len);
138 #endif
139
140 /**
141 * Log HCI event metrics that are not handled in special functions
142 * @param evt_code event code
143 * @param p_event pointer to event parameter, skipping paremter length
144 */
btu_hcif_log_event_metrics(uint8_t evt_code,uint8_t * p_event)145 void btu_hcif_log_event_metrics(uint8_t evt_code, uint8_t* p_event) {
146 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
147 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
148 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
149 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
150 int64_t value = 0;
151
152 RawAddress bda = RawAddress::kEmpty;
153 switch (evt_code) {
154 case HCI_IO_CAPABILITY_REQUEST_EVT:
155 case HCI_IO_CAPABILITY_RESPONSE_EVT:
156 case HCI_LINK_KEY_REQUEST_EVT:
157 case HCI_LINK_KEY_NOTIFICATION_EVT:
158 case HCI_USER_PASSKEY_REQUEST_EVT:
159 case HCI_USER_PASSKEY_NOTIFY_EVT:
160 case HCI_USER_CONFIRMATION_REQUEST_EVT:
161 case HCI_KEYPRESS_NOTIFY_EVT:
162 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
163 STREAM_TO_BDADDR(bda, p_event);
164 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, value);
165 break;
166 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
167 case HCI_RMT_NAME_REQUEST_COMP_EVT:
168 STREAM_TO_UINT8(status, p_event);
169 STREAM_TO_BDADDR(bda, p_event);
170 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, value);
171 break;
172 case HCI_AUTHENTICATION_COMP_EVT:
173 STREAM_TO_UINT8(status, p_event);
174 STREAM_TO_UINT16(handle, p_event);
175 handle = HCID_GET_HANDLE(handle);
176 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, value);
177 break;
178 case HCI_ENCRYPTION_CHANGE_EVT: {
179 uint8_t encryption_enabled;
180 STREAM_TO_UINT8(status, p_event);
181 STREAM_TO_UINT16(handle, p_event);
182 STREAM_TO_UINT8(encryption_enabled, p_event);
183 bluetooth::common::LogClassicPairingEvent(bda, handle, cmd, evt_code, status, reason, encryption_enabled);
184 break;
185 }
186 case HCI_CONNECTION_COMP_EVT: {
187 uint8_t link_type;
188 STREAM_TO_UINT8(status, p_event);
189 STREAM_TO_UINT16(handle, p_event);
190 STREAM_TO_BDADDR(bda, p_event);
191 STREAM_TO_UINT8(link_type, p_event);
192 handle = HCID_GET_HANDLE(handle);
193 bluetooth::common::LogLinkLayerConnectionEvent(
194 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
195 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
196
197 // Read SDP_DI manufacturer, model, HW version from config,
198 // and log them
199 int sdp_di_manufacturer_id = 0;
200 int sdp_di_model_id = 0;
201 int sdp_di_hw_version = 0;
202 int sdp_di_vendor_id_source = 0;
203 std::string bda_string = bda.ToString();
204 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_MANUFACTURER,
205 &sdp_di_manufacturer_id);
206 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_MODEL,
207 &sdp_di_model_id);
208 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_HW_VERSION,
209 &sdp_di_hw_version);
210 btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_VENDOR_ID_SRC,
211 &sdp_di_vendor_id_source);
212
213 std::stringstream ss;
214 // [N - native]::SDP::[DIP - Device ID Profile]
215 ss << "N:SDP::DIP::" << loghex(sdp_di_vendor_id_source);
216 bluetooth::common::LogManufacturerInfo(
217 bda, android::bluetooth::DeviceInfoSrcEnum::DEVICE_INFO_INTERNAL,
218 ss.str(), loghex(sdp_di_manufacturer_id), loghex(sdp_di_model_id),
219 loghex(sdp_di_hw_version), "");
220
221 // Read LMP version, subversion and manufacturer from config,
222 // and log them
223 int lmp_version = -1;
224 int lmp_subversion = -1;
225 int lmp_manufacturer_id = -1;
226 btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_VER,
227 &lmp_version);
228 btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_SUBVER,
229 &lmp_subversion);
230 btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_MFCT,
231 &lmp_manufacturer_id);
232 bluetooth::common::LogRemoteVersionInfo(
233 handle, status, lmp_version, lmp_manufacturer_id, lmp_subversion);
234 break;
235 }
236 case HCI_CONNECTION_REQUEST_EVT: {
237 DEV_CLASS dc;
238 uint8_t link_type;
239 STREAM_TO_BDADDR(bda, p_event);
240 STREAM_TO_DEVCLASS(dc, p_event);
241 STREAM_TO_UINT8(link_type, p_event);
242 bluetooth::common::LogLinkLayerConnectionEvent(
243 &bda, bluetooth::common::kUnknownConnectionHandle,
244 android::bluetooth::DIRECTION_INCOMING, link_type, cmd, evt_code,
245 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
246 break;
247 }
248 case HCI_DISCONNECTION_COMP_EVT: {
249 STREAM_TO_UINT8(status, p_event);
250 STREAM_TO_UINT16(handle, p_event);
251 STREAM_TO_UINT8(reason, p_event);
252 handle = HCID_GET_HANDLE(handle);
253 bluetooth::common::LogLinkLayerConnectionEvent(
254 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
255 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
256 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
257 break;
258 }
259 case HCI_ESCO_CONNECTION_COMP_EVT: {
260 uint8_t link_type;
261 STREAM_TO_UINT8(status, p_event);
262 STREAM_TO_UINT16(handle, p_event);
263 STREAM_TO_BDADDR(bda, p_event);
264 STREAM_TO_UINT8(link_type, p_event);
265 handle = HCID_GET_HANDLE(handle);
266 bluetooth::common::LogLinkLayerConnectionEvent(
267 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
268 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
269 break;
270 }
271 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
272 STREAM_TO_UINT8(status, p_event);
273 STREAM_TO_UINT16(handle, p_event);
274 handle = HCID_GET_HANDLE(handle);
275 bluetooth::common::LogLinkLayerConnectionEvent(
276 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
277 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
278 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
279 break;
280 }
281 }
282 }
283
284 /*******************************************************************************
285 *
286 * Function btu_hcif_process_event
287 *
288 * Description This function is called when an event is received from
289 * the Host Controller.
290 *
291 * Returns void
292 *
293 ******************************************************************************/
btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id,BT_HDR * p_msg)294 void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_msg) {
295 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
296 uint8_t hci_evt_code, hci_evt_len;
297 uint8_t ble_sub_code;
298 STREAM_TO_UINT8(hci_evt_code, p);
299 STREAM_TO_UINT8(hci_evt_len, p);
300
301 // validate event size
302 if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
303 HCI_TRACE_WARNING("%s: evt:0x%2X, malformed event of size %hhd", __func__,
304 hci_evt_code, hci_evt_len);
305 return;
306 }
307
308 btu_hcif_log_event_metrics(hci_evt_code, p);
309
310 switch (hci_evt_code) {
311 case HCI_INQUIRY_COMP_EVT:
312 btu_hcif_inquiry_comp_evt(p);
313 break;
314 case HCI_INQUIRY_RESULT_EVT:
315 btu_hcif_inquiry_result_evt(p, hci_evt_len);
316 break;
317 case HCI_INQUIRY_RSSI_RESULT_EVT:
318 btu_hcif_inquiry_rssi_result_evt(p, hci_evt_len);
319 break;
320 case HCI_EXTENDED_INQUIRY_RESULT_EVT:
321 btu_hcif_extended_inquiry_result_evt(p, hci_evt_len);
322 break;
323 case HCI_CONNECTION_COMP_EVT:
324 btu_hcif_connection_comp_evt(p, hci_evt_len);
325 break;
326 case HCI_CONNECTION_REQUEST_EVT:
327 btu_hcif_connection_request_evt(p);
328 break;
329 case HCI_DISCONNECTION_COMP_EVT:
330 btu_hcif_disconnection_comp_evt(p);
331 break;
332 case HCI_AUTHENTICATION_COMP_EVT:
333 btu_hcif_authentication_comp_evt(p);
334 break;
335 case HCI_RMT_NAME_REQUEST_COMP_EVT:
336 btu_hcif_rmt_name_request_comp_evt(p, hci_evt_len);
337 break;
338 case HCI_ENCRYPTION_CHANGE_EVT:
339 btu_hcif_encryption_change_evt(p);
340 break;
341 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
342 btu_hcif_encryption_key_refresh_cmpl_evt(p);
343 break;
344 case HCI_READ_RMT_FEATURES_COMP_EVT:
345 btu_hcif_read_rmt_features_comp_evt(p);
346 break;
347 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
348 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
349 break;
350 case HCI_READ_RMT_VERSION_COMP_EVT:
351 btu_hcif_read_rmt_version_comp_evt(p);
352 break;
353 case HCI_QOS_SETUP_COMP_EVT:
354 btu_hcif_qos_setup_comp_evt(p);
355 break;
356 case HCI_COMMAND_COMPLETE_EVT:
357 LOG_ERROR(
358 "%s should not have received a command complete event. "
359 "Someone didn't go through the hci transmit_command function.",
360 __func__);
361 break;
362 case HCI_COMMAND_STATUS_EVT:
363 LOG_ERROR(
364 "%s should not have received a command status event. "
365 "Someone didn't go through the hci transmit_command function.",
366 __func__);
367 break;
368 case HCI_HARDWARE_ERROR_EVT:
369 btu_hcif_hardware_error_evt(p);
370 break;
371 case HCI_FLUSH_OCCURED_EVT:
372 btu_hcif_flush_occured_evt();
373 break;
374 case HCI_ROLE_CHANGE_EVT:
375 btu_hcif_role_change_evt(p);
376 break;
377 case HCI_NUM_COMPL_DATA_PKTS_EVT:
378 btu_hcif_num_compl_data_pkts_evt(p, hci_evt_len);
379 break;
380 case HCI_MODE_CHANGE_EVT:
381 btu_hcif_mode_change_evt(p);
382 break;
383 case HCI_PIN_CODE_REQUEST_EVT:
384 btu_hcif_pin_code_request_evt(p);
385 break;
386 case HCI_LINK_KEY_REQUEST_EVT:
387 btu_hcif_link_key_request_evt(p);
388 break;
389 case HCI_LINK_KEY_NOTIFICATION_EVT:
390 btu_hcif_link_key_notification_evt(p);
391 break;
392 case HCI_LOOPBACK_COMMAND_EVT:
393 btu_hcif_loopback_command_evt();
394 break;
395 case HCI_DATA_BUF_OVERFLOW_EVT:
396 btu_hcif_data_buf_overflow_evt();
397 break;
398 case HCI_MAX_SLOTS_CHANGED_EVT:
399 btu_hcif_max_slots_changed_evt();
400 break;
401 case HCI_READ_CLOCK_OFF_COMP_EVT:
402 btu_hcif_read_clock_off_comp_evt(p);
403 break;
404 case HCI_CONN_PKT_TYPE_CHANGE_EVT:
405 btu_hcif_conn_pkt_type_change_evt();
406 break;
407 case HCI_QOS_VIOLATION_EVT:
408 btu_hcif_qos_violation_evt(p);
409 break;
410 case HCI_PAGE_SCAN_MODE_CHANGE_EVT:
411 btu_hcif_page_scan_mode_change_evt();
412 break;
413 case HCI_PAGE_SCAN_REP_MODE_CHNG_EVT:
414 btu_hcif_page_scan_rep_mode_chng_evt();
415 break;
416 case HCI_ESCO_CONNECTION_COMP_EVT:
417 btu_hcif_esco_connection_comp_evt(p);
418 break;
419 case HCI_ESCO_CONNECTION_CHANGED_EVT:
420 btu_hcif_esco_connection_chg_evt(p);
421 break;
422 #if (BTM_SSR_INCLUDED == TRUE)
423 case HCI_SNIFF_SUB_RATE_EVT:
424 btu_hcif_ssr_evt(p, hci_evt_len);
425 break;
426 #endif /* BTM_SSR_INCLUDED == TRUE */
427 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
428 btu_hcif_host_support_evt(p);
429 break;
430 case HCI_IO_CAPABILITY_REQUEST_EVT:
431 btu_hcif_io_cap_request_evt(p);
432 break;
433 case HCI_IO_CAPABILITY_RESPONSE_EVT:
434 btu_hcif_io_cap_response_evt(p);
435 break;
436 case HCI_USER_CONFIRMATION_REQUEST_EVT:
437 btu_hcif_user_conf_request_evt(p);
438 break;
439 case HCI_USER_PASSKEY_REQUEST_EVT:
440 btu_hcif_user_passkey_request_evt(p);
441 break;
442 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
443 btu_hcif_rem_oob_request_evt(p);
444 break;
445 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
446 btu_hcif_simple_pair_complete_evt(p);
447 break;
448 case HCI_USER_PASSKEY_NOTIFY_EVT:
449 btu_hcif_user_passkey_notif_evt(p);
450 break;
451 case HCI_KEYPRESS_NOTIFY_EVT:
452 btu_hcif_keypress_notif_evt(p);
453 break;
454 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE)
455 case HCI_ENHANCED_FLUSH_COMPLETE_EVT:
456 btu_hcif_enhanced_flush_complete_evt();
457 break;
458 #endif
459
460 case HCI_BLE_EVENT: {
461 STREAM_TO_UINT8(ble_sub_code, p);
462
463 HCI_TRACE_EVENT("BLE HCI(id=%d) event = 0x%02x)", hci_evt_code,
464 ble_sub_code);
465
466 uint8_t ble_evt_len = hci_evt_len - 1;
467 switch (ble_sub_code) {
468 case HCI_BLE_ADV_PKT_RPT_EVT: /* result of inquiry */
469 HCI_TRACE_EVENT("HCI_BLE_ADV_PKT_RPT_EVT");
470 btm_ble_process_adv_pkt(ble_evt_len, p);
471 break;
472 case HCI_BLE_CONN_COMPLETE_EVT:
473 btu_ble_ll_conn_complete_evt(p, hci_evt_len);
474 break;
475 case HCI_BLE_LL_CONN_PARAM_UPD_EVT:
476 btu_ble_ll_conn_param_upd_evt(p, hci_evt_len);
477 break;
478 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
479 btu_ble_read_remote_feat_evt(p);
480 break;
481 case HCI_BLE_LTK_REQ_EVT: /* received only at slave device */
482 btu_ble_proc_ltk_req(p);
483 break;
484 #if (BLE_PRIVACY_SPT == TRUE)
485 case HCI_BLE_ENHANCED_CONN_COMPLETE_EVT:
486 btu_ble_proc_enhanced_conn_cmpl(p, hci_evt_len);
487 break;
488 #endif
489 #if (BLE_LLT_INCLUDED == TRUE)
490 case HCI_BLE_RC_PARAM_REQ_EVT:
491 btu_ble_rc_param_req_evt(p);
492 break;
493 #endif
494 case HCI_BLE_DATA_LENGTH_CHANGE_EVT:
495 btu_ble_data_length_change_evt(p, hci_evt_len);
496 break;
497
498 case HCI_BLE_PHY_UPDATE_COMPLETE_EVT:
499 btm_ble_process_phy_update_pkt(ble_evt_len, p);
500 break;
501
502 case HCI_LE_EXTENDED_ADVERTISING_REPORT_EVT:
503 btm_ble_process_ext_adv_pkt(hci_evt_len, p);
504 break;
505
506 case HCI_LE_ADVERTISING_SET_TERMINATED_EVT:
507 btm_le_on_advertising_set_terminated(p, hci_evt_len);
508 break;
509 }
510 break;
511 }
512
513 case HCI_VENDOR_SPECIFIC_EVT:
514 btm_vendor_specific_evt(p, hci_evt_len);
515 break;
516 }
517 }
518
btu_hcif_log_command_metrics(uint16_t opcode,uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)519 static void btu_hcif_log_command_metrics(uint16_t opcode, uint8_t* p_cmd,
520 uint16_t cmd_status,
521 bool is_cmd_status) {
522 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
523
524 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
525 if (!is_cmd_status) {
526 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
527 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
528 }
529
530 RawAddress bd_addr;
531 uint16_t handle;
532 uint8_t reason;
533
534 switch (opcode) {
535 case HCI_CREATE_CONNECTION:
536 case HCI_CREATE_CONNECTION_CANCEL:
537 STREAM_TO_BDADDR(bd_addr, p_cmd);
538 bluetooth::common::LogLinkLayerConnectionEvent(
539 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
540 android::bluetooth::DIRECTION_OUTGOING,
541 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
542 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
543 break;
544 case HCI_DISCONNECT:
545 STREAM_TO_UINT16(handle, p_cmd);
546 STREAM_TO_UINT8(reason, p_cmd);
547 bluetooth::common::LogLinkLayerConnectionEvent(
548 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
549 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
550 kUnknownBleEvt, cmd_status, reason);
551 break;
552 case HCI_SETUP_ESCO_CONNECTION:
553 case HCI_ENH_SETUP_ESCO_CONNECTION:
554 STREAM_TO_UINT16(handle, p_cmd);
555 bluetooth::common::LogLinkLayerConnectionEvent(
556 nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
557 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
558 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
559 break;
560 case HCI_ACCEPT_CONNECTION_REQUEST:
561 case HCI_ACCEPT_ESCO_CONNECTION:
562 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
563 STREAM_TO_BDADDR(bd_addr, p_cmd);
564 bluetooth::common::LogLinkLayerConnectionEvent(
565 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
566 android::bluetooth::DIRECTION_INCOMING,
567 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
568 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
569 break;
570 case HCI_REJECT_CONNECTION_REQUEST:
571 case HCI_REJECT_ESCO_CONNECTION:
572 STREAM_TO_BDADDR(bd_addr, p_cmd);
573 STREAM_TO_UINT8(reason, p_cmd);
574 bluetooth::common::LogLinkLayerConnectionEvent(
575 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
576 android::bluetooth::DIRECTION_INCOMING,
577 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
578 kUnknownBleEvt, cmd_status, reason);
579 break;
580
581 // BLE Commands
582 case HCI_BLE_CREATE_LL_CONN: {
583 p_cmd += 2; // Skip LE_Scan_Interval
584 p_cmd += 2; // Skip LE_Scan_Window;
585 uint8_t initiator_filter_policy;
586 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
587 uint8_t peer_address_type;
588 STREAM_TO_UINT8(peer_address_type, p_cmd);
589 STREAM_TO_BDADDR(bd_addr, p_cmd);
590 // Peer address should not be used if initiator filter policy is not 0x00
591 const RawAddress* bd_addr_p = nullptr;
592 if (initiator_filter_policy == 0x00) {
593 bd_addr_p = &bd_addr;
594 #if (BLE_PRIVACY_SPT == TRUE)
595 if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
596 peer_address_type == BLE_ADDR_RANDOM_ID) {
597 // if identity address is not matched, this address is invalid
598 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
599 false)) {
600 bd_addr_p = nullptr;
601 }
602 }
603 #endif
604 }
605 if (initiator_filter_policy == 0x00 ||
606 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
607 // Selectively log to avoid log spam due to whitelist connections:
608 // - When doing non-whitelist connection
609 // - When there is an error in command status
610 bluetooth::common::LogLinkLayerConnectionEvent(
611 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
612 android::bluetooth::DIRECTION_OUTGOING,
613 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
614 kUnknownBleEvt, cmd_status,
615 android::bluetooth::hci::STATUS_UNKNOWN);
616 }
617 break;
618 }
619 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
620 uint8_t initiator_filter_policy;
621 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
622 p_cmd += 1; // Skip Own_Address_Type
623 uint8_t peer_addr_type;
624 STREAM_TO_UINT8(peer_addr_type, p_cmd);
625 STREAM_TO_BDADDR(bd_addr, p_cmd);
626 // Peer address should not be used if initiator filter policy is not 0x00
627 const RawAddress* bd_addr_p = nullptr;
628 if (initiator_filter_policy == 0x00) {
629 bd_addr_p = &bd_addr;
630 #if (BLE_PRIVACY_SPT == TRUE)
631 // if identity address is not matched, this should be a static address
632 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
633 #endif
634 }
635 if (initiator_filter_policy == 0x00 ||
636 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
637 // Selectively log to avoid log spam due to whitelist connections:
638 // - When doing non-whitelist connection
639 // - When there is an error in command status
640 bluetooth::common::LogLinkLayerConnectionEvent(
641 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
642 android::bluetooth::DIRECTION_OUTGOING,
643 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
644 kUnknownBleEvt, cmd_status,
645 android::bluetooth::hci::STATUS_UNKNOWN);
646 }
647 break;
648 }
649 case HCI_BLE_CREATE_CONN_CANCEL:
650 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
651 // Only log errors to prevent log spam due to whitelist connections
652 bluetooth::common::LogLinkLayerConnectionEvent(
653 nullptr, bluetooth::common::kUnknownConnectionHandle,
654 android::bluetooth::DIRECTION_OUTGOING,
655 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
656 kUnknownBleEvt, cmd_status,
657 android::bluetooth::hci::STATUS_UNKNOWN);
658 }
659 break;
660 case HCI_BLE_CLEAR_WHITE_LIST:
661 bluetooth::common::LogLinkLayerConnectionEvent(
662 nullptr, bluetooth::common::kUnknownConnectionHandle,
663 android::bluetooth::DIRECTION_INCOMING,
664 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
665 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
666 break;
667 case HCI_BLE_ADD_WHITE_LIST:
668 case HCI_BLE_REMOVE_WHITE_LIST: {
669 uint8_t peer_addr_type;
670 STREAM_TO_UINT8(peer_addr_type, p_cmd);
671 STREAM_TO_BDADDR(bd_addr, p_cmd);
672 const RawAddress* bd_addr_p = nullptr;
673 // When peer_addr_type is 0xFF, bd_addr should be ignored per BT spec
674 if (peer_addr_type != BLE_ADDR_ANONYMOUS) {
675 bd_addr_p = &bd_addr;
676 #if (BLE_PRIVACY_SPT == TRUE)
677 bool addr_is_rpa = peer_addr_type == BLE_ADDR_RANDOM &&
678 BTM_BLE_IS_RESOLVE_BDA(bd_addr);
679 // Only try to match identity address for pseudo if address is not RPA
680 if (!addr_is_rpa) {
681 // if identity address is not matched, this should be a static address
682 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
683 }
684 #endif
685 }
686 bluetooth::common::LogLinkLayerConnectionEvent(
687 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
688 android::bluetooth::DIRECTION_INCOMING,
689 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
690 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
691 break;
692 }
693 case HCI_READ_LOCAL_OOB_DATA:
694 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
695 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
696 break;
697 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
698 uint8_t simple_pairing_mode;
699 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
700 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
701 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
702 simple_pairing_mode);
703 break;
704 }
705 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
706 uint8_t secure_conn_host_support;
707 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
708 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
709 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
710 secure_conn_host_support);
711 break;
712 }
713 case HCI_AUTHENTICATION_REQUESTED:
714 STREAM_TO_UINT16(handle, p_cmd);
715 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
716 android::bluetooth::hci::STATUS_UNKNOWN, 0);
717 break;
718 case HCI_SET_CONN_ENCRYPTION: {
719 STREAM_TO_UINT16(handle, p_cmd);
720 uint8_t encryption_enable;
721 STREAM_TO_UINT8(encryption_enable, p_cmd);
722 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
723 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
724 break;
725 }
726 case HCI_DELETE_STORED_LINK_KEY: {
727 uint8_t delete_all_flag;
728 STREAM_TO_BDADDR(bd_addr, p_cmd);
729 STREAM_TO_UINT8(delete_all_flag, p_cmd);
730 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
731 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, delete_all_flag);
732 break;
733 }
734 case HCI_RMT_NAME_REQUEST:
735 case HCI_RMT_NAME_REQUEST_CANCEL:
736 case HCI_LINK_KEY_REQUEST_REPLY:
737 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
738 case HCI_IO_CAPABILITY_REQUEST_REPLY:
739 case HCI_USER_CONF_REQUEST_REPLY:
740 case HCI_USER_CONF_VALUE_NEG_REPLY:
741 case HCI_USER_PASSKEY_REQ_REPLY:
742 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
743 case HCI_REM_OOB_DATA_REQ_REPLY:
744 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
745 STREAM_TO_BDADDR(bd_addr, p_cmd);
746 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
747 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
748 break;
749 case HCI_IO_CAP_REQ_NEG_REPLY:
750 STREAM_TO_BDADDR(bd_addr, p_cmd);
751 STREAM_TO_UINT8(reason, p_cmd);
752 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
753 cmd_status, reason, 0);
754 break;
755 }
756 }
757
758 /*******************************************************************************
759 *
760 * Function btu_hcif_send_cmd
761 *
762 * Description This function is called to send commands to the Host
763 * Controller.
764 *
765 * Returns void
766 *
767 ******************************************************************************/
btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id,BT_HDR * p_buf)768 void btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_buf) {
769 if (!p_buf) return;
770
771 uint16_t opcode;
772 uint8_t* stream = p_buf->data + p_buf->offset;
773 void* vsc_callback = NULL;
774
775 STREAM_TO_UINT16(opcode, stream);
776
777 // Eww...horrible hackery here
778 /* If command was a VSC, then extract command_complete callback */
779 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC ||
780 (opcode == HCI_BLE_RAND) || (opcode == HCI_BLE_ENCRYPT)) {
781 vsc_callback = *((void**)(p_buf + 1));
782 }
783
784 // Skip parameter length before logging
785 stream++;
786 btu_hcif_log_command_metrics(opcode, stream,
787 android::bluetooth::hci::STATUS_UNKNOWN, false);
788
789 hci_layer_get_interface()->transmit_command(
790 p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt,
791 vsc_callback);
792 }
793
794 using hci_cmd_cb = base::OnceCallback<void(
795 uint8_t* /* return_parameters */, uint16_t /* return_parameters_length*/)>;
796
797 struct cmd_with_cb_data {
798 hci_cmd_cb cb;
799 Location posted_from;
800 };
801
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)802 void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
803 new (&cb_wrapper->cb) hci_cmd_cb;
804 new (&cb_wrapper->posted_from) Location;
805 }
806
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)807 void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
808 cb_wrapper->cb.~hci_cmd_cb();
809 cb_wrapper->posted_from.~Location();
810 }
811
812 /**
813 * Log command complete events that is not handled individually in this file
814 * @param opcode opcode of the command
815 * @param p_return_params pointer to returned parameter after parameter length
816 * field
817 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,uint8_t * p_return_params)818 static void btu_hcif_log_command_complete_metrics(uint16_t opcode,
819 uint8_t* p_return_params) {
820 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
821 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
822 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
823 uint16_t hci_ble_event = android::bluetooth::hci::BLE_EVT_UNKNOWN;
824 RawAddress bd_addr = RawAddress::kEmpty;
825 switch (opcode) {
826 case HCI_BLE_CLEAR_WHITE_LIST:
827 case HCI_BLE_ADD_WHITE_LIST:
828 case HCI_BLE_REMOVE_WHITE_LIST: {
829 STREAM_TO_UINT8(status, p_return_params);
830 bluetooth::common::LogLinkLayerConnectionEvent(
831 nullptr, bluetooth::common::kUnknownConnectionHandle,
832 android::bluetooth::DIRECTION_INCOMING,
833 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, hci_ble_event,
834 status, reason);
835 break;
836 }
837 case HCI_DELETE_STORED_LINK_KEY:
838 case HCI_READ_LOCAL_OOB_DATA:
839 case HCI_WRITE_SIMPLE_PAIRING_MODE:
840 case HCI_WRITE_SECURE_CONNS_SUPPORT:
841 STREAM_TO_UINT8(status, p_return_params);
842 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle, opcode,
843 hci_event, status, reason, 0);
844 break;
845 case HCI_READ_ENCR_KEY_SIZE: {
846 uint16_t handle;
847 uint8_t key_size;
848 STREAM_TO_UINT8(status, p_return_params);
849 STREAM_TO_UINT16(handle, p_return_params);
850 STREAM_TO_UINT8(key_size, p_return_params);
851 bluetooth::common::LogClassicPairingEvent(RawAddress::kEmpty, handle, opcode, hci_event, status, reason,
852 key_size);
853 break;
854 }
855 case HCI_LINK_KEY_REQUEST_REPLY:
856 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
857 case HCI_IO_CAPABILITY_REQUEST_REPLY:
858 case HCI_IO_CAP_REQ_NEG_REPLY:
859 case HCI_USER_CONF_REQUEST_REPLY:
860 case HCI_USER_CONF_VALUE_NEG_REPLY:
861 case HCI_USER_PASSKEY_REQ_REPLY:
862 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
863 case HCI_REM_OOB_DATA_REQ_REPLY:
864 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
865 STREAM_TO_UINT8(status, p_return_params);
866 STREAM_TO_BDADDR(bd_addr, p_return_params);
867 bluetooth::common::LogClassicPairingEvent(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode, hci_event,
868 status, reason, 0);
869 break;
870 }
871 }
872
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)873 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
874 void* context) {
875 command_opcode_t opcode;
876 // 2 for event header: event code (1) + parameter length (1)
877 // 1 for num_hci_pkt command credit
878 uint8_t* stream = event->data + event->offset + 3;
879 STREAM_TO_UINT16(opcode, stream);
880
881 btu_hcif_log_command_complete_metrics(opcode, stream);
882
883 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
884 HCI_TRACE_DEBUG("command complete for: %s",
885 cb_wrapper->posted_from.ToString().c_str());
886 // 2 for event header: event code (1) + parameter length (1)
887 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
888 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
889 std::move(cb_wrapper->cb).Run(stream, param_len);
890 cmd_with_cb_data_cleanup(cb_wrapper);
891 osi_free(cb_wrapper);
892
893 osi_free(event);
894 }
895
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)896 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
897 void* context) {
898 do_in_main_thread(FROM_HERE,
899 base::Bind(btu_hcif_command_complete_evt_with_cb_on_task,
900 response, context));
901 }
902
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)903 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
904 BT_HDR* event,
905 void* context) {
906 command_opcode_t opcode;
907 uint8_t* stream = event->data + event->offset;
908 STREAM_TO_UINT16(opcode, stream);
909
910 CHECK(status != 0);
911
912 // stream + 1 to skip parameter length field
913 // No need to check length since stream is written by us
914 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
915
916 // report command status error
917 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
918 HCI_TRACE_DEBUG("command status for: %s",
919 cb_wrapper->posted_from.ToString().c_str());
920 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
921 cmd_with_cb_data_cleanup(cb_wrapper);
922 osi_free(cb_wrapper);
923
924 osi_free(event);
925 }
926
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)927 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
928 void* context) {
929 // Command is pending, we report only error.
930 if (!status) {
931 osi_free(command);
932 return;
933 }
934
935 do_in_main_thread(
936 FROM_HERE, base::Bind(btu_hcif_command_status_evt_with_cb_on_task, status,
937 command, context));
938 }
939
940 /* This function is called to send commands to the Host Controller. |cb| is
941 * called when command status event is called with error code, or when the
942 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)943 void btu_hcif_send_cmd_with_cb(const Location& posted_from, uint16_t opcode,
944 uint8_t* params, uint8_t params_len,
945 hci_cmd_cb cb) {
946 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
947 uint8_t* pp = (uint8_t*)(p + 1);
948
949 p->len = HCIC_PREAMBLE_SIZE + params_len;
950 p->offset = 0;
951
952 UINT16_TO_STREAM(pp, opcode);
953 UINT8_TO_STREAM(pp, params_len);
954 if (params) {
955 memcpy(pp, params, params_len);
956 }
957
958 btu_hcif_log_command_metrics(opcode, pp,
959 android::bluetooth::hci::STATUS_UNKNOWN, false);
960
961 cmd_with_cb_data* cb_wrapper =
962 (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
963
964 cmd_with_cb_data_init(cb_wrapper);
965 cb_wrapper->cb = std::move(cb);
966 cb_wrapper->posted_from = posted_from;
967
968 hci_layer_get_interface()->transmit_command(
969 p, btu_hcif_command_complete_evt_with_cb,
970 btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
971 }
972
973 /*******************************************************************************
974 *
975 * Function btu_hcif_inquiry_comp_evt
976 *
977 * Description Process event HCI_INQUIRY_COMP_EVT
978 *
979 * Returns void
980 *
981 ******************************************************************************/
btu_hcif_inquiry_comp_evt(uint8_t * p)982 static void btu_hcif_inquiry_comp_evt(uint8_t* p) {
983 uint8_t status;
984
985 STREAM_TO_UINT8(status, p);
986
987 /* Tell inquiry processing that we are done */
988 btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
989 }
990
991 /*******************************************************************************
992 *
993 * Function btu_hcif_inquiry_result_evt
994 *
995 * Description Process event HCI_INQUIRY_RESULT_EVT
996 *
997 * Returns void
998 *
999 ******************************************************************************/
btu_hcif_inquiry_result_evt(uint8_t * p,uint8_t hci_evt_len)1000 static void btu_hcif_inquiry_result_evt(uint8_t* p, uint8_t hci_evt_len) {
1001 /* Store results in the cache */
1002 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_STANDARD);
1003 }
1004
1005 /*******************************************************************************
1006 *
1007 * Function btu_hcif_inquiry_rssi_result_evt
1008 *
1009 * Description Process event HCI_INQUIRY_RSSI_RESULT_EVT
1010 *
1011 * Returns void
1012 *
1013 ******************************************************************************/
btu_hcif_inquiry_rssi_result_evt(uint8_t * p,uint8_t hci_evt_len)1014 static void btu_hcif_inquiry_rssi_result_evt(uint8_t* p, uint8_t hci_evt_len) {
1015 /* Store results in the cache */
1016 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_WITH_RSSI);
1017 }
1018
1019 /*******************************************************************************
1020 *
1021 * Function btu_hcif_extended_inquiry_result_evt
1022 *
1023 * Description Process event HCI_EXTENDED_INQUIRY_RESULT_EVT
1024 *
1025 * Returns void
1026 *
1027 ******************************************************************************/
btu_hcif_extended_inquiry_result_evt(uint8_t * p,uint8_t hci_evt_len)1028 static void btu_hcif_extended_inquiry_result_evt(uint8_t* p,
1029 uint8_t hci_evt_len) {
1030 /* Store results in the cache */
1031 btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_EXTENDED);
1032 }
1033
1034 /*******************************************************************************
1035 *
1036 * Function btu_hcif_connection_comp_evt
1037 *
1038 * Description Process event HCI_CONNECTION_COMP_EVT
1039 *
1040 * Returns void
1041 *
1042 ******************************************************************************/
btu_hcif_connection_comp_evt(uint8_t * p,uint8_t evt_len)1043 static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len) {
1044 uint8_t status;
1045 uint16_t handle;
1046 RawAddress bda;
1047 uint8_t link_type;
1048 uint8_t enc_mode;
1049 tBTM_ESCO_DATA esco_data;
1050
1051 if (evt_len < 11) {
1052 android_errorWriteLog(0x534e4554, "141619686");
1053 HCI_TRACE_WARNING("%s: malformed event of size %hhd", __func__, evt_len);
1054 return;
1055 }
1056
1057 STREAM_TO_UINT8(status, p);
1058 STREAM_TO_UINT16(handle, p);
1059 STREAM_TO_BDADDR(bda, p);
1060 STREAM_TO_UINT8(link_type, p);
1061 STREAM_TO_UINT8(enc_mode, p);
1062
1063 handle = HCID_GET_HANDLE(handle);
1064
1065 if (status != HCI_SUCCESS) {
1066 HCI_TRACE_DEBUG(
1067 "%s: Connection failed: status=%d, handle=%d, link_type=%d, "
1068 "enc_mode=%d",
1069 __func__, status, handle, link_type, enc_mode);
1070 }
1071
1072 if (link_type == HCI_LINK_TYPE_ACL) {
1073 btm_sec_connected(bda, handle, status, enc_mode);
1074
1075 l2c_link_hci_conn_comp(status, handle, bda);
1076 } else {
1077 memset(&esco_data, 0, sizeof(tBTM_ESCO_DATA));
1078 /* esco_data.link_type = HCI_LINK_TYPE_SCO; already zero */
1079 esco_data.bd_addr = bda;
1080 btm_sco_connected(status, &bda, handle, &esco_data);
1081 }
1082 }
1083
1084 /*******************************************************************************
1085 *
1086 * Function btu_hcif_connection_request_evt
1087 *
1088 * Description Process event HCI_CONNECTION_REQUEST_EVT
1089 *
1090 * Returns void
1091 *
1092 ******************************************************************************/
btu_hcif_connection_request_evt(uint8_t * p)1093 static void btu_hcif_connection_request_evt(uint8_t* p) {
1094 RawAddress bda;
1095 DEV_CLASS dc;
1096 uint8_t link_type;
1097
1098 STREAM_TO_BDADDR(bda, p);
1099 STREAM_TO_DEVCLASS(dc, p);
1100 STREAM_TO_UINT8(link_type, p);
1101
1102 /* Pass request to security manager to check connect filters before */
1103 /* passing request to l2cap */
1104 if (link_type == HCI_LINK_TYPE_ACL) {
1105 btm_sec_conn_req(bda, dc);
1106 } else {
1107 btm_sco_conn_req(bda, dc, link_type);
1108 }
1109 }
1110
1111 /*******************************************************************************
1112 *
1113 * Function btu_hcif_disconnection_comp_evt
1114 *
1115 * Description Process event HCI_DISCONNECTION_COMP_EVT
1116 *
1117 * Returns void
1118 *
1119 ******************************************************************************/
btu_hcif_disconnection_comp_evt(uint8_t * p)1120 static void btu_hcif_disconnection_comp_evt(uint8_t* p) {
1121 uint8_t status;
1122 uint16_t handle;
1123 uint8_t reason;
1124
1125 STREAM_TO_UINT8(status, p);
1126 STREAM_TO_UINT16(handle, p);
1127 STREAM_TO_UINT8(reason, p);
1128
1129 handle = HCID_GET_HANDLE(handle);
1130
1131 if ((reason != HCI_ERR_CONN_CAUSE_LOCAL_HOST) &&
1132 (reason != HCI_ERR_PEER_USER)) {
1133 /* Uncommon disconnection reasons */
1134 HCI_TRACE_DEBUG("%s: Got Disconn Complete Event: reason=%d, handle=%d",
1135 __func__, reason, handle);
1136 }
1137
1138 /* If L2CAP doesn't know about it, send it to SCO */
1139 if (!l2c_link_hci_disc_comp(handle, reason)) btm_sco_removed(handle, reason);
1140
1141 /* Notify security manager */
1142 btm_sec_disconnected(handle, reason);
1143 }
1144
1145 /*******************************************************************************
1146 *
1147 * Function btu_hcif_authentication_comp_evt
1148 *
1149 * Description Process event HCI_AUTHENTICATION_COMP_EVT
1150 *
1151 * Returns void
1152 *
1153 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)1154 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
1155 uint8_t status;
1156 uint16_t handle;
1157
1158 STREAM_TO_UINT8(status, p);
1159 STREAM_TO_UINT16(handle, p);
1160
1161 btm_sec_auth_complete(handle, status);
1162 }
1163
1164 /*******************************************************************************
1165 *
1166 * Function btu_hcif_rmt_name_request_comp_evt
1167 *
1168 * Description Process event HCI_RMT_NAME_REQUEST_COMP_EVT
1169 *
1170 * Returns void
1171 *
1172 ******************************************************************************/
btu_hcif_rmt_name_request_comp_evt(uint8_t * p,uint16_t evt_len)1173 static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len) {
1174 uint8_t status;
1175 RawAddress bd_addr;
1176
1177 STREAM_TO_UINT8(status, p);
1178 STREAM_TO_BDADDR(bd_addr, p);
1179
1180 evt_len -= (1 + BD_ADDR_LEN);
1181
1182 btm_process_remote_name(&bd_addr, p, evt_len, status);
1183
1184 btm_sec_rmt_name_request_complete(&bd_addr, p, status);
1185 }
1186
1187 constexpr uint8_t MIN_KEY_SIZE = 7;
1188
read_encryption_key_size_complete_after_encryption_change(uint8_t status,uint16_t handle,uint8_t key_size)1189 static void read_encryption_key_size_complete_after_encryption_change(uint8_t status, uint16_t handle,
1190 uint8_t key_size) {
1191 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
1192 /* If remote device stop the encryption before we call "Read Encryption Key
1193 * Size", we might receive Insufficient Security, which means that link is
1194 * no longer encrypted. */
1195 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
1196 return;
1197 }
1198
1199 if (status != HCI_SUCCESS) {
1200 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
1201 btsnd_hcic_disconnect(handle, HCI_ERR_PEER_USER);
1202 return;
1203 }
1204
1205 if (key_size < MIN_KEY_SIZE) {
1206 android_errorWriteLog(0x534e4554, "124301137");
1207 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
1208 << " key_size: " << +key_size;
1209
1210 btsnd_hcic_disconnect(handle, HCI_ERR_HOST_REJECT_SECURITY);
1211 return;
1212 }
1213
1214 // good key size - succeed
1215 btm_acl_encrypt_change(handle, status, 1 /* enable */);
1216 btm_sec_encrypt_change(handle, status, 1 /* enable */);
1217 }
1218 /*******************************************************************************
1219 *
1220 * Function btu_hcif_encryption_change_evt
1221 *
1222 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
1223 *
1224 * Returns void
1225 *
1226 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)1227 static void btu_hcif_encryption_change_evt(uint8_t* p) {
1228 uint8_t status;
1229 uint16_t handle;
1230 uint8_t encr_enable;
1231
1232 STREAM_TO_UINT8(status, p);
1233 STREAM_TO_UINT16(handle, p);
1234 STREAM_TO_UINT8(encr_enable, p);
1235
1236 if (status != HCI_SUCCESS || encr_enable == 0 || BTM_IsBleConnection(handle)) {
1237 if (status == HCI_ERR_CONNECTION_TOUT) {
1238 smp_cancel_start_encryption_attempt();
1239 return;
1240 }
1241
1242 btm_acl_encrypt_change(handle, status, encr_enable);
1243 btm_sec_encrypt_change(handle, status, encr_enable);
1244 } else {
1245 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_encryption_change));
1246 }
1247 }
1248
1249 /*******************************************************************************
1250 *
1251 * Function btu_hcif_read_rmt_features_comp_evt
1252 *
1253 * Description Process event HCI_READ_RMT_FEATURES_COMP_EVT
1254 *
1255 * Returns void
1256 *
1257 ******************************************************************************/
btu_hcif_read_rmt_features_comp_evt(uint8_t * p)1258 static void btu_hcif_read_rmt_features_comp_evt(uint8_t* p) {
1259 btm_read_remote_features_complete(p);
1260 }
1261
1262 /*******************************************************************************
1263 *
1264 * Function btu_hcif_read_rmt_ext_features_comp_evt
1265 *
1266 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
1267 *
1268 * Returns void
1269 *
1270 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)1271 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
1272 uint8_t evt_len) {
1273 uint8_t* p_cur = p;
1274 uint8_t status;
1275 uint16_t handle;
1276
1277 STREAM_TO_UINT8(status, p_cur);
1278
1279 if (status == HCI_SUCCESS)
1280 btm_read_remote_ext_features_complete(p, evt_len);
1281 else {
1282 STREAM_TO_UINT16(handle, p_cur);
1283 btm_read_remote_ext_features_failed(status, handle);
1284 }
1285 }
1286
1287 /*******************************************************************************
1288 *
1289 * Function btu_hcif_read_rmt_version_comp_evt
1290 *
1291 * Description Process event HCI_READ_RMT_VERSION_COMP_EVT
1292 *
1293 * Returns void
1294 *
1295 ******************************************************************************/
btu_hcif_read_rmt_version_comp_evt(uint8_t * p)1296 static void btu_hcif_read_rmt_version_comp_evt(uint8_t* p) {
1297 btm_read_remote_version_complete(p);
1298 }
1299
1300 /*******************************************************************************
1301 *
1302 * Function btu_hcif_qos_setup_comp_evt
1303 *
1304 * Description Process event HCI_QOS_SETUP_COMP_EVT
1305 *
1306 * Returns void
1307 *
1308 ******************************************************************************/
btu_hcif_qos_setup_comp_evt(uint8_t * p)1309 static void btu_hcif_qos_setup_comp_evt(uint8_t* p) {
1310 uint8_t status;
1311 uint16_t handle;
1312 FLOW_SPEC flow;
1313
1314 STREAM_TO_UINT8(status, p);
1315 STREAM_TO_UINT16(handle, p);
1316 STREAM_TO_UINT8(flow.qos_flags, p);
1317 STREAM_TO_UINT8(flow.service_type, p);
1318 STREAM_TO_UINT32(flow.token_rate, p);
1319 STREAM_TO_UINT32(flow.peak_bandwidth, p);
1320 STREAM_TO_UINT32(flow.latency, p);
1321 STREAM_TO_UINT32(flow.delay_variation, p);
1322
1323 btm_qos_setup_complete(status, handle, &flow);
1324 }
1325
1326 /*******************************************************************************
1327 *
1328 * Function btu_hcif_esco_connection_comp_evt
1329 *
1330 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
1331 *
1332 * Returns void
1333 *
1334 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(uint8_t * p)1335 static void btu_hcif_esco_connection_comp_evt(uint8_t* p) {
1336 tBTM_ESCO_DATA data;
1337 uint16_t handle;
1338 RawAddress bda;
1339 uint8_t status;
1340
1341 STREAM_TO_UINT8(status, p);
1342 STREAM_TO_UINT16(handle, p);
1343 STREAM_TO_BDADDR(bda, p);
1344
1345 STREAM_TO_UINT8(data.link_type, p);
1346 STREAM_TO_UINT8(data.tx_interval, p);
1347 STREAM_TO_UINT8(data.retrans_window, p);
1348 STREAM_TO_UINT16(data.rx_pkt_len, p);
1349 STREAM_TO_UINT16(data.tx_pkt_len, p);
1350 STREAM_TO_UINT8(data.air_mode, p);
1351
1352 handle = HCID_GET_HANDLE(handle);
1353
1354 data.bd_addr = bda;
1355 btm_sco_connected(status, &bda, handle, &data);
1356 }
1357
1358 /*******************************************************************************
1359 *
1360 * Function btu_hcif_esco_connection_chg_evt
1361 *
1362 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
1363 *
1364 * Returns void
1365 *
1366 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)1367 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
1368 uint16_t handle;
1369 uint16_t tx_pkt_len;
1370 uint16_t rx_pkt_len;
1371 uint8_t status;
1372 uint8_t tx_interval;
1373 uint8_t retrans_window;
1374
1375 STREAM_TO_UINT8(status, p);
1376 STREAM_TO_UINT16(handle, p);
1377
1378 STREAM_TO_UINT8(tx_interval, p);
1379 STREAM_TO_UINT8(retrans_window, p);
1380 STREAM_TO_UINT16(rx_pkt_len, p);
1381 STREAM_TO_UINT16(tx_pkt_len, p);
1382
1383 handle = HCID_GET_HANDLE(handle);
1384
1385 btm_esco_proc_conn_chg(status, handle, tx_interval, retrans_window,
1386 rx_pkt_len, tx_pkt_len);
1387 }
1388
1389 /*******************************************************************************
1390 *
1391 * Function btu_hcif_hdl_command_complete
1392 *
1393 * Description Handle command complete event
1394 *
1395 * Returns void
1396 *
1397 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len,void * p_cplt_cback)1398 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
1399 uint16_t evt_len,
1400 void* p_cplt_cback) {
1401 switch (opcode) {
1402 case HCI_INQUIRY_CANCEL:
1403 /* Tell inquiry processing that we are done */
1404 btm_process_cancel_complete(HCI_SUCCESS, BTM_BR_INQUIRY_MASK);
1405 break;
1406 case HCI_SET_EVENT_FILTER:
1407 btm_event_filter_complete(p);
1408 break;
1409
1410 case HCI_DELETE_STORED_LINK_KEY:
1411 btm_delete_stored_link_key_complete(p);
1412 break;
1413
1414 case HCI_READ_LOCAL_NAME:
1415 btm_read_local_name_complete(p, evt_len);
1416 break;
1417
1418 case HCI_GET_LINK_QUALITY:
1419 btm_read_link_quality_complete(p);
1420 break;
1421
1422 case HCI_READ_RSSI:
1423 btm_read_rssi_complete(p);
1424 break;
1425
1426 case HCI_READ_FAILED_CONTACT_COUNTER:
1427 btm_read_failed_contact_counter_complete(p);
1428 break;
1429
1430 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
1431 btm_read_automatic_flush_timeout_complete(p);
1432 break;
1433
1434 case HCI_READ_TRANSMIT_POWER_LEVEL:
1435 btm_read_tx_power_complete(p, false);
1436 break;
1437
1438 case HCI_CREATE_CONNECTION_CANCEL:
1439 btm_create_conn_cancel_complete(p);
1440 break;
1441
1442 case HCI_READ_LOCAL_OOB_DATA:
1443 btm_read_local_oob_complete(p);
1444 break;
1445
1446 case HCI_READ_INQ_TX_POWER_LEVEL:
1447 btm_read_inq_tx_power_complete(p);
1448 break;
1449
1450 /* BLE Commands sComplete*/
1451 case HCI_BLE_RAND:
1452 case HCI_BLE_ENCRYPT:
1453 btm_ble_rand_enc_complete(p, opcode, (tBTM_RAND_ENC_CB*)p_cplt_cback);
1454 break;
1455
1456 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
1457 btm_read_tx_power_complete(p, true);
1458 break;
1459
1460 case HCI_BLE_WRITE_ADV_ENABLE:
1461 btm_ble_write_adv_enable_complete(p);
1462 break;
1463
1464 case HCI_BLE_CREATE_LL_CONN:
1465 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1466 // No command complete event for those commands according to spec
1467 LOG(ERROR) << "No command complete expected, but received!";
1468 break;
1469
1470 case HCI_BLE_CREATE_CONN_CANCEL:
1471 btm_ble_create_conn_cancel_complete(p);
1472 break;
1473
1474 case HCI_BLE_TRANSMITTER_TEST:
1475 case HCI_BLE_RECEIVER_TEST:
1476 case HCI_BLE_TEST_END:
1477 btm_ble_test_command_complete(p);
1478 break;
1479
1480 #if (BLE_PRIVACY_SPT == TRUE)
1481 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
1482 btm_ble_add_resolving_list_entry_complete(p, evt_len);
1483 break;
1484
1485 case HCI_BLE_RM_DEV_RESOLVING_LIST:
1486 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
1487 break;
1488
1489 case HCI_BLE_CLEAR_RESOLVING_LIST:
1490 btm_ble_clear_resolving_list_complete(p, evt_len);
1491 break;
1492
1493 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
1494 btm_ble_read_resolving_list_entry_complete(p, evt_len);
1495 break;
1496
1497 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
1498 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
1499 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
1500 break;
1501 #endif
1502 default:
1503 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC)
1504 btm_vsc_complete(p, opcode, evt_len, (tBTM_VSC_CMPL_CB*)p_cplt_cback);
1505 break;
1506 }
1507 }
1508
1509 /*******************************************************************************
1510 *
1511 * Function btu_hcif_command_complete_evt
1512 *
1513 * Description Process event HCI_COMMAND_COMPLETE_EVT
1514 *
1515 * Returns void
1516 *
1517 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event,void * context)1518 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event,
1519 void* context) {
1520 command_opcode_t opcode;
1521 // 2 for event header: event code (1) + parameter length (1)
1522 // 1 for num_hci_pkt command credit
1523 uint8_t* stream = event->data + event->offset + 3;
1524 STREAM_TO_UINT16(opcode, stream);
1525
1526 btu_hcif_log_command_complete_metrics(opcode, stream);
1527 // 2 for event header: event code (1) + parameter length (1)
1528 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1529 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1530 btu_hcif_hdl_command_complete(opcode, stream, param_len, context);
1531
1532 osi_free(event);
1533 }
1534
btu_hcif_command_complete_evt(BT_HDR * response,void * context)1535 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context) {
1536 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_complete_evt_on_task,
1537 response, context));
1538 }
1539
1540 /*******************************************************************************
1541 *
1542 * Function btu_hcif_hdl_command_status
1543 *
1544 * Description Handle a command status event
1545 *
1546 * Returns void
1547 *
1548 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,uint8_t * p_cmd,void * p_vsc_status_cback)1549 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1550 uint8_t* p_cmd,
1551 void* p_vsc_status_cback) {
1552 CHECK_NE(p_cmd, nullptr) << "Null command for opcode 0x" << loghex(opcode);
1553 p_cmd++; // Skip parameter total length
1554
1555 RawAddress bd_addr;
1556 uint16_t handle;
1557
1558 switch (opcode) {
1559 // Link Control Commands
1560 case HCI_INQUIRY:
1561 if (status != HCI_SUCCESS) {
1562 // Tell inquiry processing that we are done
1563 btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
1564 }
1565 break;
1566 case HCI_QOS_SETUP:
1567 if (status != HCI_SUCCESS) {
1568 // Tell qos setup that we are done
1569 btm_qos_setup_complete(status, 0, nullptr);
1570 }
1571 break;
1572 case HCI_SWITCH_ROLE:
1573 if (status != HCI_SUCCESS) {
1574 // Tell BTM that the command failed
1575 STREAM_TO_BDADDR(bd_addr, p_cmd);
1576 btm_acl_role_changed(status, &bd_addr, BTM_ROLE_UNDEFINED);
1577 l2c_link_role_changed(nullptr, BTM_ROLE_UNDEFINED,
1578 HCI_ERR_COMMAND_DISALLOWED);
1579 }
1580 break;
1581 case HCI_CREATE_CONNECTION:
1582 if (status != HCI_SUCCESS) {
1583 STREAM_TO_BDADDR(bd_addr, p_cmd);
1584 btm_sec_connected(bd_addr, HCI_INVALID_HANDLE, status, 0);
1585 l2c_link_hci_conn_comp(status, HCI_INVALID_HANDLE, bd_addr);
1586 }
1587 break;
1588 case HCI_AUTHENTICATION_REQUESTED:
1589 if (status != HCI_SUCCESS) {
1590 // Device refused to start authentication
1591 // This is treated as an authentication failure
1592 btm_sec_auth_complete(BTM_INVALID_HCI_HANDLE, status);
1593 }
1594 break;
1595 case HCI_SET_CONN_ENCRYPTION:
1596 if (status != HCI_SUCCESS) {
1597 // Device refused to start encryption
1598 // This is treated as an encryption failure
1599 btm_sec_encrypt_change(BTM_INVALID_HCI_HANDLE, status, false);
1600 }
1601 break;
1602 case HCI_RMT_NAME_REQUEST:
1603 if (status != HCI_SUCCESS) {
1604 // Tell inquiry processing that we are done
1605 btm_process_remote_name(nullptr, nullptr, 0, status);
1606 btm_sec_rmt_name_request_complete(nullptr, nullptr, status);
1607 }
1608 break;
1609 case HCI_READ_RMT_EXT_FEATURES:
1610 if (status != HCI_SUCCESS) {
1611 STREAM_TO_UINT16(handle, p_cmd);
1612 btm_read_remote_ext_features_failed(status, handle);
1613 }
1614 break;
1615 case HCI_SETUP_ESCO_CONNECTION:
1616 case HCI_ENH_SETUP_ESCO_CONNECTION:
1617 if (status != HCI_SUCCESS) {
1618 STREAM_TO_UINT16(handle, p_cmd);
1619 // Determine if initial connection failed or is a change of setup
1620 if (btm_is_sco_active(handle)) {
1621 btm_esco_proc_conn_chg(status, handle, 0, 0, 0, 0);
1622 } else {
1623 btm_sco_connected(status, nullptr, handle, nullptr);
1624 }
1625 }
1626 break;
1627
1628 // BLE Commands
1629 case HCI_BLE_CREATE_LL_CONN:
1630 case HCI_LE_EXTENDED_CREATE_CONNECTION:
1631 if (status != HCI_SUCCESS) {
1632 btm_ble_create_ll_conn_complete(status);
1633 }
1634 break;
1635 case HCI_BLE_START_ENC:
1636 // Race condition: disconnection happened right before we send
1637 // "LE Encrypt", controller responds with no connection, we should
1638 // cancel the encryption attempt, rather than unpair the device.
1639 if (status == HCI_ERR_NO_CONNECTION) {
1640 smp_cancel_start_encryption_attempt();
1641 }
1642 break;
1643
1644 // Link Policy Commands
1645 case HCI_EXIT_SNIFF_MODE:
1646 case HCI_EXIT_PARK_MODE:
1647 if (status != HCI_SUCCESS) {
1648 // Allow SCO initiation to continue if waiting for change mode event
1649 STREAM_TO_UINT16(handle, p_cmd);
1650 btm_sco_chk_pend_unpark(status, handle);
1651 }
1652 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1653 case HCI_HOLD_MODE:
1654 case HCI_SNIFF_MODE:
1655 case HCI_PARK_MODE:
1656 btm_pm_proc_cmd_status(status);
1657 break;
1658
1659 default:
1660 if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC) {
1661 btm_vsc_complete(&status, opcode, 1,
1662 (tBTM_VSC_CMPL_CB*)p_vsc_status_cback);
1663 }
1664 }
1665 }
1666
1667 /*******************************************************************************
1668 *
1669 * Function btu_hcif_command_status_evt
1670 *
1671 * Description Process event HCI_COMMAND_STATUS_EVT
1672 *
1673 * Returns void
1674 *
1675 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event,void * context)1676 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event,
1677 void* context) {
1678 command_opcode_t opcode;
1679 uint8_t* stream = event->data + event->offset;
1680 STREAM_TO_UINT16(opcode, stream);
1681
1682 // stream + 1 to skip parameter length field
1683 // No need to check length since stream is written by us
1684 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1685
1686 btu_hcif_hdl_command_status(opcode, status, stream, context);
1687 osi_free(event);
1688 }
1689
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void * context)1690 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
1691 void* context) {
1692 do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_status_evt_on_task,
1693 status, command, context));
1694 }
1695
1696 /*******************************************************************************
1697 *
1698 * Function btu_hcif_hardware_error_evt
1699 *
1700 * Description Process event HCI_HARDWARE_ERROR_EVT
1701 *
1702 * Returns void
1703 *
1704 ******************************************************************************/
btu_hcif_hardware_error_evt(uint8_t * p)1705 static void btu_hcif_hardware_error_evt(uint8_t* p) {
1706 HCI_TRACE_ERROR("Ctlr H/w error event - code:0x%x", *p);
1707 if (hci_is_root_inflammation_event_received()) {
1708 // Ignore the hardware error event here as we have already received
1709 // root inflammation event earlier.
1710 HCI_TRACE_ERROR("H/w error event after root inflammation event!");
1711 return;
1712 }
1713
1714 /* If anyone wants device status notifications, give them one. */
1715 btm_report_device_status(BTM_DEV_STATUS_DOWN);
1716
1717 /* Reset the controller */
1718 if (BTM_IsDeviceUp()) BTM_DeviceReset(NULL);
1719 }
1720
1721 /*******************************************************************************
1722 *
1723 * Function btu_hcif_flush_occured_evt
1724 *
1725 * Description Process event HCI_FLUSH_OCCURED_EVT
1726 *
1727 * Returns void
1728 *
1729 ******************************************************************************/
btu_hcif_flush_occured_evt(void)1730 static void btu_hcif_flush_occured_evt(void) {}
1731
1732 /*******************************************************************************
1733 *
1734 * Function btu_hcif_role_change_evt
1735 *
1736 * Description Process event HCI_ROLE_CHANGE_EVT
1737 *
1738 * Returns void
1739 *
1740 ******************************************************************************/
btu_hcif_role_change_evt(uint8_t * p)1741 static void btu_hcif_role_change_evt(uint8_t* p) {
1742 uint8_t status;
1743 RawAddress bda;
1744 uint8_t role;
1745
1746 STREAM_TO_UINT8(status, p);
1747 STREAM_TO_BDADDR(bda, p);
1748 STREAM_TO_UINT8(role, p);
1749
1750 btm_blacklist_role_change_device(bda, status);
1751 l2c_link_role_changed(&bda, role, status);
1752 btm_acl_role_changed(status, &bda, role);
1753 }
1754
1755 /*******************************************************************************
1756 *
1757 * Function btu_hcif_num_compl_data_pkts_evt
1758 *
1759 * Description Process event HCI_NUM_COMPL_DATA_PKTS_EVT
1760 *
1761 * Returns void
1762 *
1763 ******************************************************************************/
btu_hcif_num_compl_data_pkts_evt(uint8_t * p,uint8_t evt_len)1764 static void btu_hcif_num_compl_data_pkts_evt(uint8_t* p, uint8_t evt_len) {
1765 /* Process for L2CAP and SCO */
1766 l2c_link_process_num_completed_pkts(p, evt_len);
1767
1768 /* Send on to SCO */
1769 /*?? No SCO for now */
1770 }
1771
1772 /*******************************************************************************
1773 *
1774 * Function btu_hcif_mode_change_evt
1775 *
1776 * Description Process event HCI_MODE_CHANGE_EVT
1777 *
1778 * Returns void
1779 *
1780 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1781 static void btu_hcif_mode_change_evt(uint8_t* p) {
1782 uint8_t status;
1783 uint16_t handle;
1784 uint8_t current_mode;
1785 uint16_t interval;
1786
1787 STREAM_TO_UINT8(status, p);
1788
1789 STREAM_TO_UINT16(handle, p);
1790 STREAM_TO_UINT8(current_mode, p);
1791 STREAM_TO_UINT16(interval, p);
1792 btm_sco_chk_pend_unpark(status, handle);
1793 btm_pm_proc_mode_change(status, handle, current_mode, interval);
1794
1795 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1796 hidd_pm_proc_mode_change(status, current_mode, interval);
1797 #endif
1798 }
1799
1800 /*******************************************************************************
1801 *
1802 * Function btu_hcif_ssr_evt
1803 *
1804 * Description Process event HCI_SNIFF_SUB_RATE_EVT
1805 *
1806 * Returns void
1807 *
1808 ******************************************************************************/
1809 #if (BTM_SSR_INCLUDED == TRUE)
btu_hcif_ssr_evt(uint8_t * p,uint16_t evt_len)1810 static void btu_hcif_ssr_evt(uint8_t* p, uint16_t evt_len) {
1811 btm_pm_proc_ssr_evt(p, evt_len);
1812 }
1813 #endif
1814
1815 /*******************************************************************************
1816 *
1817 * Function btu_hcif_pin_code_request_evt
1818 *
1819 * Description Process event HCI_PIN_CODE_REQUEST_EVT
1820 *
1821 * Returns void
1822 *
1823 ******************************************************************************/
btu_hcif_pin_code_request_evt(uint8_t * p)1824 static void btu_hcif_pin_code_request_evt(uint8_t* p) {
1825 RawAddress bda;
1826
1827 STREAM_TO_BDADDR(bda, p);
1828
1829 /* Tell L2CAP that there was a PIN code request, */
1830 /* it may need to stretch timeouts */
1831 l2c_pin_code_request(bda);
1832
1833 btm_sec_pin_code_request(bda);
1834 }
1835
1836 /*******************************************************************************
1837 *
1838 * Function btu_hcif_link_key_request_evt
1839 *
1840 * Description Process event HCI_LINK_KEY_REQUEST_EVT
1841 *
1842 * Returns void
1843 *
1844 ******************************************************************************/
btu_hcif_link_key_request_evt(uint8_t * p)1845 static void btu_hcif_link_key_request_evt(uint8_t* p) {
1846 RawAddress bda;
1847
1848 STREAM_TO_BDADDR(bda, p);
1849 btm_sec_link_key_request(bda);
1850 }
1851
1852 /*******************************************************************************
1853 *
1854 * Function btu_hcif_link_key_notification_evt
1855 *
1856 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1857 *
1858 * Returns void
1859 *
1860 ******************************************************************************/
btu_hcif_link_key_notification_evt(uint8_t * p)1861 static void btu_hcif_link_key_notification_evt(uint8_t* p) {
1862 RawAddress bda;
1863 Octet16 key;
1864 uint8_t key_type;
1865
1866 STREAM_TO_BDADDR(bda, p);
1867 STREAM_TO_ARRAY16(key.data(), p);
1868 STREAM_TO_UINT8(key_type, p);
1869
1870 btm_sec_link_key_notification(bda, key, key_type);
1871 }
1872
1873 /*******************************************************************************
1874 *
1875 * Function btu_hcif_loopback_command_evt
1876 *
1877 * Description Process event HCI_LOOPBACK_COMMAND_EVT
1878 *
1879 * Returns void
1880 *
1881 ******************************************************************************/
btu_hcif_loopback_command_evt(void)1882 static void btu_hcif_loopback_command_evt(void) {}
1883
1884 /*******************************************************************************
1885 *
1886 * Function btu_hcif_data_buf_overflow_evt
1887 *
1888 * Description Process event HCI_DATA_BUF_OVERFLOW_EVT
1889 *
1890 * Returns void
1891 *
1892 ******************************************************************************/
btu_hcif_data_buf_overflow_evt(void)1893 static void btu_hcif_data_buf_overflow_evt(void) {}
1894
1895 /*******************************************************************************
1896 *
1897 * Function btu_hcif_max_slots_changed_evt
1898 *
1899 * Description Process event HCI_MAX_SLOTS_CHANGED_EVT
1900 *
1901 * Returns void
1902 *
1903 ******************************************************************************/
btu_hcif_max_slots_changed_evt(void)1904 static void btu_hcif_max_slots_changed_evt(void) {}
1905
1906 /*******************************************************************************
1907 *
1908 * Function btu_hcif_read_clock_off_comp_evt
1909 *
1910 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1911 *
1912 * Returns void
1913 *
1914 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1915 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1916 uint8_t status;
1917 uint16_t handle;
1918 uint16_t clock_offset;
1919
1920 STREAM_TO_UINT8(status, p);
1921
1922 /* If failed to get clock offset just drop the result */
1923 if (status != HCI_SUCCESS) return;
1924
1925 STREAM_TO_UINT16(handle, p);
1926 STREAM_TO_UINT16(clock_offset, p);
1927
1928 handle = HCID_GET_HANDLE(handle);
1929
1930 btm_process_clk_off_comp_evt(handle, clock_offset);
1931 btm_sec_update_clock_offset(handle, clock_offset);
1932 }
1933
1934 /*******************************************************************************
1935 *
1936 * Function btu_hcif_conn_pkt_type_change_evt
1937 *
1938 * Description Process event HCI_CONN_PKT_TYPE_CHANGE_EVT
1939 *
1940 * Returns void
1941 *
1942 ******************************************************************************/
btu_hcif_conn_pkt_type_change_evt(void)1943 static void btu_hcif_conn_pkt_type_change_evt(void) {}
1944
1945 /*******************************************************************************
1946 *
1947 * Function btu_hcif_qos_violation_evt
1948 *
1949 * Description Process event HCI_QOS_VIOLATION_EVT
1950 *
1951 * Returns void
1952 *
1953 ******************************************************************************/
btu_hcif_qos_violation_evt(uint8_t * p)1954 static void btu_hcif_qos_violation_evt(uint8_t* p) {
1955 uint16_t handle;
1956
1957 STREAM_TO_UINT16(handle, p);
1958
1959 handle = HCID_GET_HANDLE(handle);
1960
1961 l2c_link_hci_qos_violation(handle);
1962 }
1963
1964 /*******************************************************************************
1965 *
1966 * Function btu_hcif_page_scan_mode_change_evt
1967 *
1968 * Description Process event HCI_PAGE_SCAN_MODE_CHANGE_EVT
1969 *
1970 * Returns void
1971 *
1972 ******************************************************************************/
btu_hcif_page_scan_mode_change_evt(void)1973 static void btu_hcif_page_scan_mode_change_evt(void) {}
1974
1975 /*******************************************************************************
1976 *
1977 * Function btu_hcif_page_scan_rep_mode_chng_evt
1978 *
1979 * Description Process event HCI_PAGE_SCAN_REP_MODE_CHNG_EVT
1980 *
1981 * Returns void
1982 *
1983 ******************************************************************************/
btu_hcif_page_scan_rep_mode_chng_evt(void)1984 static void btu_hcif_page_scan_rep_mode_chng_evt(void) {}
1985
1986 /**********************************************
1987 * Simple Pairing Events
1988 **********************************************/
1989
1990 /*******************************************************************************
1991 *
1992 * Function btu_hcif_host_support_evt
1993 *
1994 * Description Process event HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT
1995 *
1996 * Returns void
1997 *
1998 ******************************************************************************/
btu_hcif_host_support_evt(uint8_t * p)1999 static void btu_hcif_host_support_evt(uint8_t* p) {
2000 btm_sec_rmt_host_support_feat_evt(p);
2001 }
2002
2003 /*******************************************************************************
2004 *
2005 * Function btu_hcif_io_cap_request_evt
2006 *
2007 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
2008 *
2009 * Returns void
2010 *
2011 ******************************************************************************/
btu_hcif_io_cap_request_evt(uint8_t * p)2012 static void btu_hcif_io_cap_request_evt(uint8_t* p) {
2013 RawAddress bda;
2014 STREAM_TO_BDADDR(bda, p);
2015 btm_io_capabilities_req(bda);
2016 }
2017
2018 /*******************************************************************************
2019 *
2020 * Function btu_hcif_io_cap_response_evt
2021 *
2022 * Description Process event HCI_IO_CAPABILITY_RESPONSE_EVT
2023 *
2024 * Returns void
2025 *
2026 ******************************************************************************/
btu_hcif_io_cap_response_evt(uint8_t * p)2027 static void btu_hcif_io_cap_response_evt(uint8_t* p) {
2028 btm_io_capabilities_rsp(p);
2029 }
2030
2031 /*******************************************************************************
2032 *
2033 * Function btu_hcif_user_conf_request_evt
2034 *
2035 * Description Process event HCI_USER_CONFIRMATION_REQUEST_EVT
2036 *
2037 * Returns void
2038 *
2039 ******************************************************************************/
btu_hcif_user_conf_request_evt(uint8_t * p)2040 static void btu_hcif_user_conf_request_evt(uint8_t* p) {
2041 btm_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
2042 }
2043
2044 /*******************************************************************************
2045 *
2046 * Function btu_hcif_user_passkey_request_evt
2047 *
2048 * Description Process event HCI_USER_PASSKEY_REQUEST_EVT
2049 *
2050 * Returns void
2051 *
2052 ******************************************************************************/
btu_hcif_user_passkey_request_evt(uint8_t * p)2053 static void btu_hcif_user_passkey_request_evt(uint8_t* p) {
2054 btm_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
2055 }
2056
2057 /*******************************************************************************
2058 *
2059 * Function btu_hcif_user_passkey_notif_evt
2060 *
2061 * Description Process event HCI_USER_PASSKEY_NOTIFY_EVT
2062 *
2063 * Returns void
2064 *
2065 ******************************************************************************/
btu_hcif_user_passkey_notif_evt(uint8_t * p)2066 static void btu_hcif_user_passkey_notif_evt(uint8_t* p) {
2067 btm_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
2068 }
2069
2070 /*******************************************************************************
2071 *
2072 * Function btu_hcif_keypress_notif_evt
2073 *
2074 * Description Process event HCI_KEYPRESS_NOTIFY_EVT
2075 *
2076 * Returns void
2077 *
2078 ******************************************************************************/
btu_hcif_keypress_notif_evt(uint8_t * p)2079 static void btu_hcif_keypress_notif_evt(uint8_t* p) {
2080 btm_keypress_notif_evt(p);
2081 }
2082
2083 /*******************************************************************************
2084 *
2085 * Function btu_hcif_rem_oob_request_evt
2086 *
2087 * Description Process event HCI_REMOTE_OOB_DATA_REQUEST_EVT
2088 *
2089 * Returns void
2090 *
2091 ******************************************************************************/
btu_hcif_rem_oob_request_evt(uint8_t * p)2092 static void btu_hcif_rem_oob_request_evt(uint8_t* p) { btm_rem_oob_req(p); }
2093
2094 /*******************************************************************************
2095 *
2096 * Function btu_hcif_simple_pair_complete_evt
2097 *
2098 * Description Process event HCI_SIMPLE_PAIRING_COMPLETE_EVT
2099 *
2100 * Returns void
2101 *
2102 ******************************************************************************/
btu_hcif_simple_pair_complete_evt(uint8_t * p)2103 static void btu_hcif_simple_pair_complete_evt(uint8_t* p) {
2104 btm_simple_pair_complete(p);
2105 }
2106
2107 /*******************************************************************************
2108 *
2109 * Function btu_hcif_enhanced_flush_complete_evt
2110 *
2111 * Description Process event HCI_ENHANCED_FLUSH_COMPLETE_EVT
2112 *
2113 * Returns void
2114 *
2115 ******************************************************************************/
2116 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE)
btu_hcif_enhanced_flush_complete_evt(void)2117 static void btu_hcif_enhanced_flush_complete_evt(void) {
2118 /* This is empty until an upper layer cares about returning event */
2119 }
2120 #endif
2121 /**********************************************
2122 * End of Simple Pairing Events
2123 **********************************************/
2124
read_encryption_key_size_complete_after_key_refresh(uint8_t status,uint16_t handle,uint8_t key_size)2125 static void read_encryption_key_size_complete_after_key_refresh(uint8_t status, uint16_t handle, uint8_t key_size) {
2126 if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
2127 /* If remote device stop the encryption before we call "Read Encryption Key
2128 * Size", we might receive Insufficient Security, which means that link is
2129 * no longer encrypted. */
2130 LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
2131 return;
2132 }
2133
2134 if (status != HCI_SUCCESS) {
2135 LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
2136 btsnd_hcic_disconnect(handle, HCI_ERR_PEER_USER);
2137 return;
2138 }
2139
2140 if (key_size < MIN_KEY_SIZE) {
2141 android_errorWriteLog(0x534e4554, "124301137");
2142 LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
2143 << " key_size: " << +key_size;
2144
2145 btsnd_hcic_disconnect(handle, HCI_ERR_HOST_REJECT_SECURITY);
2146 return;
2147 }
2148
2149 btm_sec_encrypt_change(handle, status, 1 /* enc_enable */);
2150 }
2151
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)2152 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
2153 uint8_t status;
2154 uint16_t handle;
2155
2156 STREAM_TO_UINT8(status, p);
2157 STREAM_TO_UINT16(handle, p);
2158
2159 if (status != HCI_SUCCESS || BTM_IsBleConnection(handle)) {
2160 btm_sec_encrypt_change(handle, status, (status == HCI_SUCCESS) ? 1 : 0);
2161 } else {
2162 btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_key_refresh));
2163 }
2164 }
2165
2166 /**********************************************
2167 * BLE Events
2168 **********************************************/
2169
btu_ble_ll_conn_complete_evt(uint8_t * p,uint16_t evt_len)2170 static void btu_ble_ll_conn_complete_evt(uint8_t* p, uint16_t evt_len) {
2171 btm_ble_conn_complete(p, evt_len, false);
2172 }
2173 #if (BLE_PRIVACY_SPT == TRUE)
btu_ble_proc_enhanced_conn_cmpl(uint8_t * p,uint16_t evt_len)2174 static void btu_ble_proc_enhanced_conn_cmpl(uint8_t* p, uint16_t evt_len) {
2175 btm_ble_conn_complete(p, evt_len, true);
2176 }
2177 #endif
2178
2179 extern void gatt_notify_conn_update(uint16_t handle, uint16_t interval,
2180 uint16_t latency, uint16_t timeout,
2181 uint8_t status);
2182
btu_ble_ll_conn_param_upd_evt(uint8_t * p,uint16_t evt_len)2183 static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len) {
2184 /* LE connection update has completed successfully as a master. */
2185 /* We can enable the update request if the result is a success. */
2186 /* extract the HCI handle first */
2187 uint8_t status;
2188 uint16_t handle;
2189 uint16_t interval;
2190 uint16_t latency;
2191 uint16_t timeout;
2192
2193 STREAM_TO_UINT8(status, p);
2194 STREAM_TO_UINT16(handle, p);
2195 STREAM_TO_UINT16(interval, p);
2196 STREAM_TO_UINT16(latency, p);
2197 STREAM_TO_UINT16(timeout, p);
2198
2199 l2cble_process_conn_update_evt(handle, status, interval, latency, timeout);
2200
2201 gatt_notify_conn_update(handle & 0x0FFF, interval, latency, timeout, status);
2202 }
2203
btu_ble_read_remote_feat_evt(uint8_t * p)2204 static void btu_ble_read_remote_feat_evt(uint8_t* p) {
2205 btm_ble_read_remote_features_complete(p);
2206 }
2207
btu_ble_proc_ltk_req(uint8_t * p)2208 static void btu_ble_proc_ltk_req(uint8_t* p) {
2209 uint16_t ediv, handle;
2210 uint8_t* pp;
2211
2212 STREAM_TO_UINT16(handle, p);
2213 pp = p + 8;
2214 STREAM_TO_UINT16(ediv, pp);
2215 btm_ble_ltk_request(handle, p, ediv);
2216 /* This is empty until an upper layer cares about returning event */
2217 }
2218
btu_ble_data_length_change_evt(uint8_t * p,uint16_t evt_len)2219 static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len) {
2220 uint16_t handle;
2221 uint16_t tx_data_len;
2222 uint16_t rx_data_len;
2223
2224 if (!controller_get_interface()->supports_ble_packet_extension()) {
2225 HCI_TRACE_WARNING("%s, request not supported", __func__);
2226 return;
2227 }
2228
2229 STREAM_TO_UINT16(handle, p);
2230 STREAM_TO_UINT16(tx_data_len, p);
2231 p += 2; /* Skip the TxTimer */
2232 STREAM_TO_UINT16(rx_data_len, p);
2233
2234 l2cble_process_data_length_change_event(handle, tx_data_len, rx_data_len);
2235 }
2236
2237 /**********************************************
2238 * End of BLE Events Handler
2239 **********************************************/
2240 #if (BLE_LLT_INCLUDED == TRUE)
btu_ble_rc_param_req_evt(uint8_t * p)2241 static void btu_ble_rc_param_req_evt(uint8_t* p) {
2242 uint16_t handle;
2243 uint16_t int_min, int_max, latency, timeout;
2244
2245 STREAM_TO_UINT16(handle, p);
2246 STREAM_TO_UINT16(int_min, p);
2247 STREAM_TO_UINT16(int_max, p);
2248 STREAM_TO_UINT16(latency, p);
2249 STREAM_TO_UINT16(timeout, p);
2250
2251 l2cble_process_rc_param_request_evt(handle, int_min, int_max, latency,
2252 timeout);
2253 }
2254 #endif /* BLE_LLT_INCLUDED */
2255