1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /*******************************************************************************
20 *
21 * Filename: btif_dm.c
22 *
23 * Description: Contains Device Management (DM) related functionality
24 *
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btif_dm"
29
30 #include "btif_dm.h"
31
32 #include <base/bind.h>
33 #include <base/logging.h>
34 #include <signal.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <sys/types.h>
39 #include <time.h>
40 #include <unistd.h>
41
42 #include <mutex>
43
44 #include <bluetooth/uuid.h>
45 #include <hardware/bluetooth.h>
46 #include <hardware/bt_hearing_aid.h>
47
48 #include "advertise_data_parser.h"
49 #include "bt_common.h"
50 #include "bta_dm_int.h"
51 #include "bta_gatt_api.h"
52 #include "btif/include/stack_manager.h"
53 #include "btif_api.h"
54 #include "btif_av.h"
55 #include "btif_bqr.h"
56 #include "btif_config.h"
57 #include "btif_dm.h"
58 #include "btif_gatt.h"
59 #include "btif_hd.h"
60 #include "btif_hf.h"
61 #include "btif_hh.h"
62 #include "btif_metrics_logging.h"
63 #include "btif_sdp.h"
64 #include "btif_storage.h"
65 #include "btif_util.h"
66 #include "btu.h"
67 #include "common/metrics.h"
68 #include "device/include/controller.h"
69 #include "device/include/interop.h"
70 #include "internal_include/stack_config.h"
71 #include "main/shim/shim.h"
72 #include "osi/include/allocator.h"
73 #include "osi/include/log.h"
74 #include "osi/include/osi.h"
75 #include "osi/include/properties.h"
76 #include "stack/btm/btm_dev.h"
77 #include "stack/btm/btm_sec.h"
78 #include "stack_config.h"
79
80 using bluetooth::Uuid;
81 /******************************************************************************
82 * Constants & Macros
83 *****************************************************************************/
84
85 const Uuid UUID_HEARING_AID = Uuid::FromString("FDF0");
86 const Uuid UUID_VC = Uuid::FromString("1844");
87
88 #define COD_MASK 0x07FF
89
90 #define COD_UNCLASSIFIED ((0x1F) << 8)
91 #define COD_HID_KEYBOARD 0x0540
92 #define COD_HID_POINTING 0x0580
93 #define COD_HID_COMBO 0x05C0
94 #define COD_HID_MAJOR 0x0500
95 #define COD_HID_MASK 0x0700
96 #define COD_AV_HEADSETS 0x0404
97 #define COD_AV_HANDSFREE 0x0408
98 #define COD_AV_HEADPHONES 0x0418
99 #define COD_AV_PORTABLE_AUDIO 0x041C
100 #define COD_AV_HIFI_AUDIO 0x0428
101
102 #define BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING 2
103
104 #define NUM_TIMEOUT_RETRIES 5
105 #ifndef PROPERTY_PRODUCT_MODEL
106 #define PROPERTY_PRODUCT_MODEL "ro.product.model"
107 #endif
108 #define DEFAULT_LOCAL_NAME_MAX 31
109 #if (DEFAULT_LOCAL_NAME_MAX > BTM_MAX_LOC_BD_NAME_LEN)
110 #error "default btif local name size exceeds stack supported length"
111 #endif
112
113 #define ENCRYPTED_BREDR 2
114 #define ENCRYPTED_LE 4
115
116 typedef struct {
117 bt_bond_state_t state;
118 RawAddress static_bdaddr;
119 RawAddress bd_addr;
120 tBTM_SEC_DEV_REC::tBTM_BOND_TYPE bond_type;
121 uint8_t pin_code_len;
122 uint8_t is_ssp;
123 uint8_t auth_req;
124 uint8_t io_cap;
125 uint8_t autopair_attempts;
126 uint8_t timeout_retries;
127 uint8_t is_local_initiated;
128 uint8_t sdp_attempts;
129 bool is_le_only;
130 bool is_le_nc; /* LE Numeric comparison */
131 btif_dm_ble_cb_t ble;
132 } btif_dm_pairing_cb_t;
133
134 // TODO(jpawlowski): unify ?
135 // btif_dm_local_key_id_t == tBTM_BLE_LOCAL_ID_KEYS == tBTA_BLE_LOCAL_ID_KEYS
136 typedef struct {
137 Octet16 ir;
138 Octet16 irk;
139 Octet16 dhk;
140 } btif_dm_local_key_id_t;
141
142 typedef struct {
143 bool is_er_rcvd;
144 Octet16 er;
145 bool is_id_keys_rcvd;
146 btif_dm_local_key_id_t id_keys; /* ID kyes */
147
148 } btif_dm_local_key_cb_t;
149
150 /* this structure holds optional OOB data for remote device */
151 typedef struct {
152 RawAddress bdaddr; /* peer bdaddr */
153 tBT_TRANSPORT transport; /* BR/EDR or LE */
154 int data_present; /* What type(s) of OOB Data present */
155 bt_oob_data_t p192_data; /* P192 Data or empty */
156 bt_oob_data_t p256_data; /* P256 Data or empty */
157 } btif_dm_oob_cb_t;
158
159 typedef struct { unsigned int manufact_id; } skip_sdp_entry_t;
160
161 typedef enum {
162 BTIF_DM_FUNC_CREATE_BOND,
163 BTIF_DM_FUNC_CANCEL_BOND,
164 BTIF_DM_FUNC_REMOVE_BOND,
165 BTIF_DM_FUNC_BOND_STATE_CHANGED,
166 } bt_bond_function_t;
167
168 typedef struct {
169 RawAddress bd_addr;
170 bt_bond_function_t function;
171 bt_bond_state_t state;
172 struct timespec timestamp;
173 } btif_bond_event_t;
174
175 #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id))
176
177 #define MAX_BTIF_BOND_EVENT_ENTRIES 15
178
179 static skip_sdp_entry_t sdp_rejectlist[] = {{76}}; // Apple Mouse and Keyboard
180
181 /* This flag will be true if HCI_Inquiry is in progress */
182 static bool btif_dm_inquiry_in_progress = false;
183
184 /*******************************************************************************
185 * Static variables
186 ******************************************************************************/
187 static char btif_default_local_name[DEFAULT_LOCAL_NAME_MAX + 1] = {'\0'};
188 static uid_set_t* uid_set = NULL;
189
190 /* A circular array to keep track of the most recent bond events */
191 static btif_bond_event_t btif_dm_bond_events[MAX_BTIF_BOND_EVENT_ENTRIES + 1];
192
193 static std::mutex bond_event_lock;
194
195 /* |btif_num_bond_events| keeps track of the total number of events and can be
196 greater than |MAX_BTIF_BOND_EVENT_ENTRIES| */
197 static size_t btif_num_bond_events = 0;
198 static size_t btif_events_start_index = 0;
199 static size_t btif_events_end_index = 0;
200
201 /******************************************************************************
202 * Static functions
203 *****************************************************************************/
204 static btif_dm_pairing_cb_t pairing_cb;
205 static btif_dm_oob_cb_t oob_cb;
206 static void btif_dm_cb_create_bond(const RawAddress bd_addr,
207 tBT_TRANSPORT transport);
208 static void btif_update_remote_properties(const RawAddress& bd_addr,
209 BD_NAME bd_name, DEV_CLASS dev_class,
210 tBT_DEVICE_TYPE dev_type);
211 static btif_dm_local_key_cb_t ble_local_key_cb;
212 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif);
213 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl);
214 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req);
215 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req);
216 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
217 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
218
219 static void bte_scan_filt_param_cfg_evt(uint8_t action_type, uint8_t avbl_space,
220 uint8_t ref_value, uint8_t btm_status);
221
222 static char* btif_get_default_local_name();
223
224 static void btif_stats_add_bond_event(const RawAddress& bd_addr,
225 bt_bond_function_t function,
226 bt_bond_state_t state);
227
228 /******************************************************************************
229 * Externs
230 *****************************************************************************/
231 extern bt_status_t btif_av_sink_execute_service(bool b_enable);
232 extern bt_status_t btif_hh_execute_service(bool b_enable);
233 extern bt_status_t btif_hf_client_execute_service(bool b_enable);
234 extern bt_status_t btif_sdp_execute_service(bool b_enable);
235 extern int btif_hh_connect(const RawAddress* bd_addr);
236 extern bt_status_t btif_hd_execute_service(bool b_enable);
237 extern bluetooth::hearing_aid::HearingAidInterface*
238 btif_hearing_aid_get_interface();
239
240 /******************************************************************************
241 * Functions
242 *****************************************************************************/
243
is_empty_128bit(uint8_t * data)244 static bool is_empty_128bit(uint8_t* data) {
245 static const uint8_t zero[16] = {0};
246 return !memcmp(zero, data, sizeof(zero));
247 }
248
is_bonding_or_sdp()249 static bool is_bonding_or_sdp() {
250 return pairing_cb.state == BT_BOND_STATE_BONDING ||
251 (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts);
252 }
253
btif_dm_init(uid_set_t * set)254 void btif_dm_init(uid_set_t* set) {
255 uid_set = set;
256 }
257
btif_dm_cleanup(void)258 void btif_dm_cleanup(void) {
259 if (uid_set) {
260 uid_set_destroy(uid_set);
261 uid_set = NULL;
262 }
263 }
264
btif_in_execute_service_request(tBTA_SERVICE_ID service_id,bool b_enable)265 bt_status_t btif_in_execute_service_request(tBTA_SERVICE_ID service_id,
266 bool b_enable) {
267 BTIF_TRACE_DEBUG("%s service_id: %d", __func__, service_id);
268 /* Check the service_ID and invoke the profile's BT state changed API */
269 switch (service_id) {
270 case BTA_HFP_SERVICE_ID:
271 case BTA_HSP_SERVICE_ID: {
272 bluetooth::headset::ExecuteService(b_enable);
273 } break;
274 case BTA_A2DP_SOURCE_SERVICE_ID: {
275 btif_av_source_execute_service(b_enable);
276 } break;
277 case BTA_A2DP_SINK_SERVICE_ID: {
278 btif_av_sink_execute_service(b_enable);
279 } break;
280 case BTA_HID_SERVICE_ID: {
281 btif_hh_execute_service(b_enable);
282 } break;
283 case BTA_HFP_HS_SERVICE_ID: {
284 btif_hf_client_execute_service(b_enable);
285 } break;
286 case BTA_SDP_SERVICE_ID: {
287 btif_sdp_execute_service(b_enable);
288 } break;
289 case BTA_HIDD_SERVICE_ID: {
290 btif_hd_execute_service(b_enable);
291 } break;
292 default:
293 BTIF_TRACE_ERROR("%s: Unknown service %d being %s", __func__, service_id,
294 (b_enable) ? "enabled" : "disabled");
295 return BT_STATUS_FAIL;
296 }
297 return BT_STATUS_SUCCESS;
298 }
299
300 /*******************************************************************************
301 *
302 * Function check_eir_remote_name
303 *
304 * Description Check if remote name is in the EIR data
305 *
306 * Returns true if remote name found
307 * Populate p_remote_name, if provided and remote name found
308 *
309 ******************************************************************************/
check_eir_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)310 static bool check_eir_remote_name(tBTA_DM_SEARCH* p_search_data,
311 uint8_t* p_remote_name,
312 uint8_t* p_remote_name_len) {
313 const uint8_t* p_eir_remote_name = NULL;
314 uint8_t remote_name_len = 0;
315
316 /* Check EIR for remote name and services */
317 if (p_search_data->inq_res.p_eir) {
318 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
319 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
320 BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
321 if (!p_eir_remote_name) {
322 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
323 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
324 BTM_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
325 }
326
327 if (p_eir_remote_name) {
328 if (remote_name_len > BD_NAME_LEN) remote_name_len = BD_NAME_LEN;
329
330 if (p_remote_name && p_remote_name_len) {
331 memcpy(p_remote_name, p_eir_remote_name, remote_name_len);
332 *(p_remote_name + remote_name_len) = 0;
333 *p_remote_name_len = remote_name_len;
334 }
335
336 return true;
337 }
338 }
339
340 return false;
341 }
342
343 /*******************************************************************************
344 *
345 * Function check_cached_remote_name
346 *
347 * Description Check if remote name is in the NVRAM cache
348 *
349 * Returns true if remote name found
350 * Populate p_remote_name, if provided and remote name found
351 *
352 ******************************************************************************/
check_cached_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)353 static bool check_cached_remote_name(tBTA_DM_SEARCH* p_search_data,
354 uint8_t* p_remote_name,
355 uint8_t* p_remote_name_len) {
356 bt_bdname_t bdname;
357 bt_property_t prop_name;
358
359 /* check if we already have it in our btif_storage cache */
360
361 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_BDNAME,
362 sizeof(bt_bdname_t), &bdname);
363 if (btif_storage_get_remote_device_property(
364 &p_search_data->inq_res.bd_addr, &prop_name) == BT_STATUS_SUCCESS) {
365 if (p_remote_name && p_remote_name_len) {
366 strcpy((char*)p_remote_name, (char*)bdname.name);
367 *p_remote_name_len = strlen((char*)p_remote_name);
368 }
369 return true;
370 }
371
372 return false;
373 }
374
get_cod(const RawAddress * remote_bdaddr)375 static uint32_t get_cod(const RawAddress* remote_bdaddr) {
376 uint32_t remote_cod;
377 bt_property_t prop_name;
378
379 /* check if we already have it in our btif_storage cache */
380 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
381 sizeof(uint32_t), &remote_cod);
382 if (btif_storage_get_remote_device_property(
383 (RawAddress*)remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS) {
384 LOG_INFO("%s remote_cod = 0x%08x", __func__, remote_cod);
385 return remote_cod & COD_MASK;
386 }
387
388 return 0;
389 }
390
check_cod(const RawAddress * remote_bdaddr,uint32_t cod)391 bool check_cod(const RawAddress* remote_bdaddr, uint32_t cod) {
392 return get_cod(remote_bdaddr) == cod;
393 }
394
check_cod_hid(const RawAddress * remote_bdaddr)395 bool check_cod_hid(const RawAddress* remote_bdaddr) {
396 return (get_cod(remote_bdaddr) & COD_HID_MASK) == COD_HID_MAJOR;
397 }
398
399 /*****************************************************************************
400 *
401 * Function check_sdp_bl
402 *
403 * Description Checks if a given device is rejectlisted to skip sdp
404 *
405 * Parameters skip_sdp_entry
406 *
407 * Returns true if the device is present in rejectlist, else false
408 *
409 ******************************************************************************/
check_sdp_bl(const RawAddress * remote_bdaddr)410 bool check_sdp_bl(const RawAddress* remote_bdaddr) {
411 bt_property_t prop_name;
412 bt_remote_version_t info;
413
414 if (remote_bdaddr == NULL) return false;
415
416 /* if not available yet, try fetching from config database */
417 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_REMOTE_VERSION_INFO,
418 sizeof(bt_remote_version_t), &info);
419
420 if (btif_storage_get_remote_device_property(remote_bdaddr, &prop_name) !=
421 BT_STATUS_SUCCESS) {
422 return false;
423 }
424 uint16_t manufacturer = info.manufacturer;
425
426 for (unsigned int i = 0; i < ARRAY_SIZE(sdp_rejectlist); i++) {
427 if (manufacturer == sdp_rejectlist[i].manufact_id) return true;
428 }
429 return false;
430 }
431
bond_state_changed(bt_status_t status,const RawAddress & bd_addr,bt_bond_state_t state)432 static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr,
433 bt_bond_state_t state) {
434 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_BOND_STATE_CHANGED, state);
435
436 if ((pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING)) {
437 // Cross key pairing so send callback for static address
438 if (!pairing_cb.static_bdaddr.IsEmpty()) {
439 invoke_bond_state_changed_cb(status, bd_addr, state);
440 }
441 return;
442 }
443
444 if (pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
445 state = BT_BOND_STATE_NONE;
446 }
447
448 LOG_INFO(
449 "Bond state changed to state=%d [0:none, 1:bonding, 2:bonded],"
450 " prev_state=%d, sdp_attempts = %d",
451 state, pairing_cb.state, pairing_cb.sdp_attempts);
452
453 if (state == BT_BOND_STATE_NONE) {
454 forget_device_from_metric_id_allocator(bd_addr);
455 } else if (state == BT_BOND_STATE_BONDED) {
456 allocate_metric_id_from_metric_id_allocator(bd_addr);
457 if (!save_metric_id_from_metric_id_allocator(bd_addr)) {
458 LOG(FATAL) << __func__ << ": Fail to save metric id for device "
459 << bd_addr;
460 }
461 }
462 invoke_bond_state_changed_cb(status, bd_addr, state);
463
464 int dev_type;
465 if (!btif_get_device_type(bd_addr, &dev_type)) {
466 dev_type = BT_DEVICE_TYPE_BREDR;
467 }
468
469 if (state == BT_BOND_STATE_BONDING ||
470 (state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts > 0)) {
471 // Save state for the device is bonding or SDP.
472 pairing_cb.state = state;
473 pairing_cb.bd_addr = bd_addr;
474 } else {
475 pairing_cb = {};
476 bta_dm_execute_queued_request();
477 }
478 }
479
480 /* store remote version in bt config to always have access
481 to it post pairing*/
btif_update_remote_version_property(RawAddress * p_bd)482 static void btif_update_remote_version_property(RawAddress* p_bd) {
483 bt_property_t property;
484 uint8_t lmp_ver = 0;
485 uint16_t lmp_subver = 0;
486 uint16_t mfct_set = 0;
487 bt_remote_version_t info;
488 bt_status_t status;
489
490 CHECK(p_bd != nullptr);
491
492 const bool version_info_valid =
493 BTM_ReadRemoteVersion(*p_bd, &lmp_ver, &mfct_set, &lmp_subver);
494
495 LOG_INFO("Remote version info valid:%s [%s]: %x, %x, %x",
496 logbool(version_info_valid).c_str(), PRIVATE_ADDRESS((*p_bd)),
497 lmp_ver, mfct_set, lmp_subver);
498
499 if (version_info_valid) {
500 // Always update cache to ensure we have availability whenever BTM API is
501 // not populated
502 info.manufacturer = mfct_set;
503 info.sub_ver = lmp_subver;
504 info.version = lmp_ver;
505 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_REMOTE_VERSION_INFO,
506 sizeof(bt_remote_version_t), &info);
507 status = btif_storage_set_remote_device_property(p_bd, &property);
508 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote version",
509 status);
510 }
511 }
512
btif_update_remote_properties(const RawAddress & bdaddr,BD_NAME bd_name,DEV_CLASS dev_class,tBT_DEVICE_TYPE device_type)513 static void btif_update_remote_properties(const RawAddress& bdaddr,
514 BD_NAME bd_name, DEV_CLASS dev_class,
515 tBT_DEVICE_TYPE device_type) {
516 int num_properties = 0;
517 bt_property_t properties[3];
518 bt_status_t status = BT_STATUS_UNHANDLED;
519 uint32_t cod;
520 bt_device_type_t dev_type;
521
522 memset(properties, 0, sizeof(properties));
523
524 /* remote name */
525 if (strlen((const char*)bd_name)) {
526 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties], BT_PROPERTY_BDNAME,
527 strlen((char*)bd_name), bd_name);
528 if (!bluetooth::shim::is_gd_security_enabled()) {
529 status = btif_storage_set_remote_device_property(
530 &bdaddr, &properties[num_properties]);
531 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device name",
532 status);
533 }
534 num_properties++;
535 }
536
537 /* class of device */
538 cod = devclass2uint(dev_class);
539 if (cod == 0) {
540 /* Try to retrieve cod from storage */
541 LOG_VERBOSE("class of device (cod) is unclassified, checking storage");
542 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
543 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
544 status = btif_storage_get_remote_device_property(
545 &bdaddr, &properties[num_properties]);
546 LOG_VERBOSE("cod retrieved from storage is 0x%06x", cod);
547 if (cod == 0) {
548 LOG_INFO("cod from storage is also unclassified");
549 cod = COD_UNCLASSIFIED;
550 }
551 } else {
552 LOG_INFO("class of device (cod) is 0x%06x", cod);
553 }
554
555 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
556 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
557
558 if (!bluetooth::shim::is_gd_security_enabled()) {
559 status = btif_storage_set_remote_device_property(
560 &bdaddr, &properties[num_properties]);
561 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device class",
562 status);
563 }
564 num_properties++;
565
566 /* device type */
567 bt_property_t prop_name;
568 uint8_t remote_dev_type;
569 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_TYPE_OF_DEVICE,
570 sizeof(uint8_t), &remote_dev_type);
571 if (btif_storage_get_remote_device_property(&bdaddr, &prop_name) ==
572 BT_STATUS_SUCCESS) {
573 dev_type = (bt_device_type_t)(remote_dev_type | device_type);
574 } else {
575 dev_type = (bt_device_type_t)device_type;
576 }
577
578 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
579 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type),
580 &dev_type);
581 if (!bluetooth::shim::is_gd_security_enabled()) {
582 status = btif_storage_set_remote_device_property(
583 &bdaddr, &properties[num_properties]);
584 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device type",
585 status);
586 }
587 num_properties++;
588
589 invoke_remote_device_properties_cb(status, bdaddr, num_properties,
590 properties);
591 }
592
593 /*******************************************************************************
594 *
595 * Function btif_dm_cb_create_bond
596 *
597 * Description Create bond initiated from the BTIF thread context
598 * Special handling for HID devices
599 *
600 * Returns void
601 *
602 ******************************************************************************/
btif_dm_cb_create_bond(const RawAddress bd_addr,tBT_TRANSPORT transport)603 static void btif_dm_cb_create_bond(const RawAddress bd_addr,
604 tBT_TRANSPORT transport) {
605 bool is_hid = check_cod(&bd_addr, COD_HID_POINTING);
606 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
607
608 int device_type = 0;
609 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
610 std::string addrstr = bd_addr.ToString();
611 const char* bdstr = addrstr.c_str();
612 if (transport == BT_TRANSPORT_LE) {
613 if (!btif_config_get_int(bdstr, "DevType", &device_type)) {
614 btif_config_set_int(bdstr, "DevType", BT_DEVICE_TYPE_BLE);
615 }
616 if (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) !=
617 BT_STATUS_SUCCESS) {
618 // Try to read address type. OOB pairing might have set it earlier, but
619 // didn't store it, it defaults to BLE_ADDR_PUBLIC
620 uint8_t tmp_dev_type;
621 tBLE_ADDR_TYPE tmp_addr_type = BLE_ADDR_PUBLIC;
622 BTM_ReadDevInfo(bd_addr, &tmp_dev_type, &tmp_addr_type);
623 addr_type = tmp_addr_type;
624
625 btif_storage_set_remote_addr_type(&bd_addr, addr_type);
626 }
627 }
628 if ((btif_config_get_int(bdstr, "DevType", &device_type) &&
629 (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) ==
630 BT_STATUS_SUCCESS) &&
631 (device_type & BT_DEVICE_TYPE_BLE) == BT_DEVICE_TYPE_BLE) ||
632 (transport == BT_TRANSPORT_LE)) {
633 BTA_DmAddBleDevice(bd_addr, addr_type, device_type);
634 }
635
636 if (is_hid && (device_type & BT_DEVICE_TYPE_BLE) == 0) {
637 bt_status_t status;
638 status = (bt_status_t)btif_hh_connect(&bd_addr);
639 if (status != BT_STATUS_SUCCESS)
640 bond_state_changed(status, bd_addr, BT_BOND_STATE_NONE);
641 } else {
642 BTA_DmBond(bd_addr, addr_type, transport, device_type);
643 }
644 /* Track originator of bond creation */
645 pairing_cb.is_local_initiated = true;
646 }
647
648 /*******************************************************************************
649 *
650 * Function btif_dm_get_connection_state
651 *
652 * Description Returns whether the remote device is currently connected
653 * and whether encryption is active for the connection
654 *
655 * Returns 0 if not connected; 1 if connected and > 1 if connection is
656 * encrypted
657 *
658 ******************************************************************************/
btif_dm_get_connection_state(const RawAddress * bd_addr)659 uint16_t btif_dm_get_connection_state(const RawAddress* bd_addr) {
660 uint16_t rc = BTA_DmGetConnectionState(*bd_addr);
661
662 if (rc != 0) {
663 if (BTM_IsEncrypted(*bd_addr, BT_TRANSPORT_BR_EDR)) {
664 rc |= ENCRYPTED_BREDR;
665 }
666 if (BTM_IsEncrypted(*bd_addr, BT_TRANSPORT_LE)) {
667 rc |= ENCRYPTED_LE;
668 }
669 }
670
671 return rc;
672 }
673
674 /******************************************************************************
675 *
676 * BTIF DM callback events
677 *
678 ****************************************************************************/
679
680 /*******************************************************************************
681 *
682 * Function btif_dm_pin_req_evt
683 *
684 * Description Executes pin request event in btif context
685 *
686 * Returns void
687 *
688 ******************************************************************************/
btif_dm_pin_req_evt(tBTA_DM_PIN_REQ * p_pin_req)689 static void btif_dm_pin_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
690 bt_bdname_t bd_name;
691 uint32_t cod;
692 bt_pin_code_t pin_code;
693 int dev_type;
694
695 /* Remote properties update */
696 if (BTM_GetPeerDeviceTypeFromFeatures(p_pin_req->bd_addr) ==
697 BT_DEVICE_TYPE_DUMO) {
698 dev_type = BT_DEVICE_TYPE_DUMO;
699 } else if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
700 // Failed to get device type, defaulting to BR/EDR.
701 dev_type = BT_DEVICE_TYPE_BREDR;
702 }
703 btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
704 p_pin_req->dev_class,
705 (tBT_DEVICE_TYPE)dev_type);
706
707 const RawAddress& bd_addr = p_pin_req->bd_addr;
708 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
709 bd_name.name[BD_NAME_LEN] = '\0';
710
711 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
712 bd_addr != pairing_cb.bd_addr) {
713 BTIF_TRACE_WARNING("%s(): already in bonding state, reject request",
714 __FUNCTION__);
715 return;
716 }
717
718 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
719
720 cod = devclass2uint(p_pin_req->dev_class);
721
722 if (cod == 0) {
723 BTIF_TRACE_DEBUG("%s cod is 0, set as unclassified", __func__);
724 cod = COD_UNCLASSIFIED;
725 }
726
727 /* check for auto pair possiblity only if bond was initiated by local device
728 */
729 if (pairing_cb.is_local_initiated && !p_pin_req->min_16_digit) {
730 if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
731 check_cod(&bd_addr, COD_AV_HEADPHONES) ||
732 check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
733 check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
734 check_cod(&bd_addr, COD_HID_POINTING)) {
735 /* Check if this device can be auto paired */
736 if (!interop_match_addr(INTEROP_DISABLE_AUTO_PAIRING, &bd_addr) &&
737 !interop_match_name(INTEROP_DISABLE_AUTO_PAIRING,
738 (const char*)bd_name.name) &&
739 (pairing_cb.autopair_attempts == 0)) {
740 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __func__);
741 pin_code.pin[0] = 0x30;
742 pin_code.pin[1] = 0x30;
743 pin_code.pin[2] = 0x30;
744 pin_code.pin[3] = 0x30;
745
746 pairing_cb.autopair_attempts++;
747 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
748 return;
749 }
750 } else if (check_cod(&bd_addr, COD_HID_KEYBOARD) ||
751 check_cod(&bd_addr, COD_HID_COMBO)) {
752 if ((interop_match_addr(INTEROP_KEYBOARD_REQUIRES_FIXED_PIN, &bd_addr) ==
753 true) &&
754 (pairing_cb.autopair_attempts == 0)) {
755 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __func__);
756 pin_code.pin[0] = 0x30;
757 pin_code.pin[1] = 0x30;
758 pin_code.pin[2] = 0x30;
759 pin_code.pin[3] = 0x30;
760
761 pairing_cb.autopair_attempts++;
762 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
763 return;
764 }
765 }
766 }
767 invoke_pin_request_cb(bd_addr, bd_name, cod, p_pin_req->min_16_digit);
768 }
769
770 /*******************************************************************************
771 *
772 * Function btif_dm_ssp_cfm_req_evt
773 *
774 * Description Executes SSP confirm request event in btif context
775 *
776 * Returns void
777 *
778 ******************************************************************************/
btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ * p_ssp_cfm_req)779 static void btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ* p_ssp_cfm_req) {
780 bt_bdname_t bd_name;
781 bool is_incoming = !(pairing_cb.state == BT_BOND_STATE_BONDING);
782 uint32_t cod;
783 int dev_type;
784
785 BTIF_TRACE_DEBUG("%s", __func__);
786
787 /* Remote properties update */
788 if (BTM_GetPeerDeviceTypeFromFeatures(p_ssp_cfm_req->bd_addr) ==
789 BT_DEVICE_TYPE_DUMO) {
790 dev_type = BT_DEVICE_TYPE_DUMO;
791 } else if (!btif_get_device_type(p_ssp_cfm_req->bd_addr, &dev_type)) {
792 // Failed to get device type, defaulting to BR/EDR.
793 dev_type = BT_DEVICE_TYPE_BREDR;
794 }
795 btif_update_remote_properties(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->bd_name,
796 p_ssp_cfm_req->dev_class,
797 (tBT_DEVICE_TYPE)dev_type);
798
799 RawAddress bd_addr = p_ssp_cfm_req->bd_addr;
800 memcpy(bd_name.name, p_ssp_cfm_req->bd_name, BD_NAME_LEN);
801
802 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
803 bd_addr != pairing_cb.bd_addr) {
804 BTIF_TRACE_WARNING("%s(): already in bonding state, reject request",
805 __FUNCTION__);
806 btif_dm_ssp_reply(bd_addr, BT_SSP_VARIANT_PASSKEY_CONFIRMATION, 0);
807 return;
808 }
809
810 /* Set the pairing_cb based on the local & remote authentication requirements
811 */
812 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
813
814 BTIF_TRACE_EVENT("%s: just_works:%d, loc_auth_req=%d, rmt_auth_req=%d",
815 __func__, p_ssp_cfm_req->just_works,
816 p_ssp_cfm_req->loc_auth_req, p_ssp_cfm_req->rmt_auth_req);
817
818 /* if just_works and bonding bit is not set treat this as temporary */
819 if (p_ssp_cfm_req->just_works &&
820 !(p_ssp_cfm_req->loc_auth_req & BTM_AUTH_BONDS) &&
821 !(p_ssp_cfm_req->rmt_auth_req & BTM_AUTH_BONDS) &&
822 !(check_cod((RawAddress*)&p_ssp_cfm_req->bd_addr, COD_HID_POINTING)))
823 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY;
824 else
825 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT;
826
827 btm_set_bond_type_dev(p_ssp_cfm_req->bd_addr, pairing_cb.bond_type);
828
829 pairing_cb.is_ssp = true;
830
831 /* If JustWorks auto-accept */
832 if (p_ssp_cfm_req->just_works) {
833 /* Pairing consent for JustWorks NOT needed if:
834 * 1. Incoming temporary pairing is detected
835 */
836 if (is_incoming &&
837 pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
838 BTIF_TRACE_EVENT(
839 "%s: Auto-accept JustWorks pairing for temporary incoming", __func__);
840 btif_dm_ssp_reply(bd_addr, BT_SSP_VARIANT_CONSENT, true);
841 return;
842 }
843 }
844
845 cod = devclass2uint(p_ssp_cfm_req->dev_class);
846
847 if (cod == 0) {
848 LOG_INFO("%s cod is 0, set as unclassified", __func__);
849 cod = COD_UNCLASSIFIED;
850 }
851
852 pairing_cb.sdp_attempts = 0;
853 invoke_ssp_request_cb(
854 bd_addr, bd_name, cod,
855 (p_ssp_cfm_req->just_works ? BT_SSP_VARIANT_CONSENT
856 : BT_SSP_VARIANT_PASSKEY_CONFIRMATION),
857 p_ssp_cfm_req->num_val);
858 }
859
btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)860 static void btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
861 bt_bdname_t bd_name;
862 uint32_t cod;
863 int dev_type;
864
865 BTIF_TRACE_DEBUG("%s", __func__);
866
867 /* Remote properties update */
868 if (BTM_GetPeerDeviceTypeFromFeatures(p_ssp_key_notif->bd_addr) ==
869 BT_DEVICE_TYPE_DUMO) {
870 dev_type = BT_DEVICE_TYPE_DUMO;
871 } else if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
872 // Failed to get device type, defaulting to BR/EDR.
873 dev_type = BT_DEVICE_TYPE_BREDR;
874 }
875 btif_update_remote_properties(
876 p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
877 p_ssp_key_notif->dev_class, (tBT_DEVICE_TYPE)dev_type);
878
879 RawAddress bd_addr = p_ssp_key_notif->bd_addr;
880 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
881 bd_name.name[BD_NAME_LEN] = '\0';
882
883 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
884 pairing_cb.is_ssp = true;
885 cod = devclass2uint(p_ssp_key_notif->dev_class);
886
887 if (cod == 0) {
888 LOG_INFO("%s cod is 0, set as unclassified", __func__);
889 cod = COD_UNCLASSIFIED;
890 }
891
892 invoke_ssp_request_cb(bd_addr, bd_name, cod,
893 BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
894 p_ssp_key_notif->passkey);
895 }
896 /*******************************************************************************
897 *
898 * Function btif_dm_auth_cmpl_evt
899 *
900 * Description Executes authentication complete event in btif context
901 *
902 * Returns void
903 *
904 ******************************************************************************/
btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)905 static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
906 /* Save link key, if not temporary */
907 bt_status_t status = BT_STATUS_FAIL;
908 bt_bond_state_t state = BT_BOND_STATE_NONE;
909 bool skip_sdp = false;
910
911 BTIF_TRACE_DEBUG("%s: bond state=%d, success=%d, key_present=%d", __func__,
912 pairing_cb.state, p_auth_cmpl->success,
913 p_auth_cmpl->key_present);
914
915 RawAddress bd_addr = p_auth_cmpl->bd_addr;
916 if (!bluetooth::shim::is_gd_security_enabled()) {
917 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
918 if ((p_auth_cmpl->key_type < HCI_LKEY_TYPE_DEBUG_COMB) ||
919 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB) ||
920 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_CHANGED_COMB) ||
921 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB_P_256) ||
922 pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT) {
923 bt_status_t ret;
924 BTIF_TRACE_DEBUG("%s: Storing link key. key_type=0x%x, bond_type=%d",
925 __func__, p_auth_cmpl->key_type, pairing_cb.bond_type);
926 ret = btif_storage_add_bonded_device(&bd_addr, p_auth_cmpl->key,
927 p_auth_cmpl->key_type,
928 pairing_cb.pin_code_len);
929 ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
930 } else {
931 BTIF_TRACE_DEBUG(
932 "%s: Temporary key. Not storing. key_type=0x%x, bond_type=%d",
933 __func__, p_auth_cmpl->key_type, pairing_cb.bond_type);
934 if (pairing_cb.bond_type == tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
935 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
936 __func__);
937 btif_storage_remove_bonded_device(&bd_addr);
938 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
939 return;
940 }
941 }
942 }
943 }
944
945 if (p_auth_cmpl->success) {
946 // We could have received a new link key without going through the pairing
947 // flow. If so, we don't want to perform SDP or any other operations on the
948 // authenticated device. Also, make sure that the link key is not derived
949 // from secure LTK, because we will need to perform SDP in case of link key
950 // derivation to allow bond state change notification for the BR/EDR
951 // transport so that the subsequent BR/EDR connections to the remote can use
952 // the derived link key.
953 if (p_auth_cmpl->bd_addr != pairing_cb.bd_addr &&
954 (!pairing_cb.ble.is_penc_key_rcvd)) {
955 LOG(INFO) << __func__
956 << " skipping SDP since we did not initiate pairing to "
957 << p_auth_cmpl->bd_addr;
958 return;
959 }
960
961 if (!bluetooth::shim::is_gd_security_enabled()) {
962 btif_storage_set_remote_addr_type(&bd_addr, p_auth_cmpl->addr_type);
963 }
964
965 int dev_type;
966 if (BTM_GetPeerDeviceTypeFromFeatures(bd_addr) == BT_DEVICE_TYPE_DUMO) {
967 dev_type = BT_DEVICE_TYPE_DUMO;
968 } else {
969 dev_type = p_auth_cmpl->dev_type;
970 }
971 btif_update_remote_properties(p_auth_cmpl->bd_addr, p_auth_cmpl->bd_name,
972 NULL, dev_type);
973 pairing_cb.timeout_retries = 0;
974 status = BT_STATUS_SUCCESS;
975 state = BT_BOND_STATE_BONDED;
976 bd_addr = p_auth_cmpl->bd_addr;
977
978 if (check_sdp_bl(&bd_addr) && check_cod_hid(&bd_addr)) {
979 LOG_WARN("%s:skip SDP", __func__);
980 skip_sdp = true;
981 }
982 if (!pairing_cb.is_local_initiated && skip_sdp) {
983 bond_state_changed(status, bd_addr, state);
984
985 LOG_WARN("%s: Incoming HID Connection", __func__);
986 bt_property_t prop;
987 Uuid uuid = Uuid::From16Bit(UUID_SERVCLASS_HUMAN_INTERFACE);
988
989 prop.type = BT_PROPERTY_UUIDS;
990 prop.val = &uuid;
991 prop.len = Uuid::kNumBytes128;
992
993 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1, &prop);
994 } else {
995 bool is_crosskey = false;
996 /* If bonded due to cross-key, save the static address too*/
997 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
998 p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
999 BTIF_TRACE_DEBUG(
1000 "%s: bonding initiated due to cross key, adding static address",
1001 __func__);
1002 pairing_cb.static_bdaddr = bd_addr;
1003 is_crosskey = true;
1004 }
1005 if (!is_crosskey ||
1006 !(stack_config_get_interface()->get_pts_crosskey_sdp_disable())) {
1007 // Ensure inquiry is stopped before attempting service discovery
1008 btif_dm_cancel_discovery();
1009
1010 /* Trigger SDP on the device */
1011 pairing_cb.sdp_attempts = 1;
1012
1013 if (is_crosskey) {
1014 // If bonding occurred due to cross-key pairing, send bonding callback
1015 // for static address now
1016 LOG_INFO("%s: send bonding state update for static address %s",
1017 __func__, bd_addr.ToString().c_str());
1018 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
1019 }
1020 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED);
1021
1022 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_UNKNOWN);
1023 }
1024 }
1025 // Do not call bond_state_changed_cb yet. Wait until remote service
1026 // discovery is complete
1027 } else {
1028 bool is_bonded_device_removed = false;
1029 // Map the HCI fail reason to bt status
1030 switch (p_auth_cmpl->fail_reason) {
1031 case HCI_ERR_PAGE_TIMEOUT:
1032 case HCI_ERR_LMP_RESPONSE_TIMEOUT:
1033 if (interop_match_addr(INTEROP_AUTO_RETRY_PAIRING, &bd_addr) &&
1034 pairing_cb.timeout_retries) {
1035 BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...",
1036 __func__, pairing_cb.timeout_retries);
1037 --pairing_cb.timeout_retries;
1038 btif_dm_cb_create_bond(bd_addr, BT_TRANSPORT_UNKNOWN);
1039 return;
1040 }
1041 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1042 case HCI_ERR_CONNECTION_TOUT:
1043 status = BT_STATUS_RMT_DEV_DOWN;
1044 break;
1045
1046 case HCI_ERR_PAIRING_NOT_ALLOWED:
1047 if (!bluetooth::shim::is_gd_security_enabled()) {
1048 is_bonded_device_removed = (btif_storage_remove_bonded_device(
1049 &bd_addr) == BT_STATUS_SUCCESS);
1050 } else {
1051 is_bonded_device_removed = true;
1052 }
1053 status = BT_STATUS_AUTH_REJECTED;
1054 break;
1055
1056 /* map the auth failure codes, so we can retry pairing if necessary */
1057 case HCI_ERR_AUTH_FAILURE:
1058 case HCI_ERR_KEY_MISSING:
1059 is_bonded_device_removed = (bluetooth::shim::is_gd_security_enabled())
1060 ? true
1061 : (btif_storage_remove_bonded_device(
1062 &bd_addr) == BT_STATUS_SUCCESS);
1063 [[fallthrough]];
1064 case HCI_ERR_HOST_REJECT_SECURITY:
1065 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
1066 case HCI_ERR_UNIT_KEY_USED:
1067 case HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED:
1068 case HCI_ERR_INSUFFCIENT_SECURITY:
1069 case HCI_ERR_PEER_USER:
1070 case HCI_ERR_UNSPECIFIED:
1071 BTIF_TRACE_DEBUG(" %s() Authentication fail reason %d", __func__,
1072 p_auth_cmpl->fail_reason);
1073 if (pairing_cb.autopair_attempts == 1) {
1074 /* Create the Bond once again */
1075 BTIF_TRACE_WARNING("%s() auto pair failed. Reinitiate Bond",
1076 __func__);
1077 btif_dm_cb_create_bond(bd_addr, BT_TRANSPORT_UNKNOWN);
1078 return;
1079 } else {
1080 /* if autopair attempts are more than 1, or not attempted */
1081 status = BT_STATUS_AUTH_FAILURE;
1082 }
1083 break;
1084
1085 default:
1086 status = BT_STATUS_FAIL;
1087 }
1088 /* Special Handling for HID Devices */
1089 if (check_cod(&bd_addr, COD_HID_POINTING)) {
1090 /* Remove Device as bonded in nvram as authentication failed */
1091 BTIF_TRACE_DEBUG("%s(): removing hid pointing device from nvram",
1092 __func__);
1093 is_bonded_device_removed = (bluetooth::shim::is_gd_security_enabled())
1094 ? true
1095 : (btif_storage_remove_bonded_device(
1096 &bd_addr) == BT_STATUS_SUCCESS);
1097 }
1098 // Report bond state change to java only if we are bonding to a device or
1099 // a device is removed from the pairing list.
1100 if (pairing_cb.state == BT_BOND_STATE_BONDING || is_bonded_device_removed) {
1101 bond_state_changed(status, bd_addr, state);
1102 }
1103 }
1104 }
1105
1106 /******************************************************************************
1107 *
1108 * Function btif_dm_search_devices_evt
1109 *
1110 * Description Executes search devices callback events in btif context
1111 *
1112 * Returns void
1113 *
1114 *****************************************************************************/
btif_dm_search_devices_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_search_data)1115 static void btif_dm_search_devices_evt(tBTA_DM_SEARCH_EVT event,
1116 tBTA_DM_SEARCH* p_search_data) {
1117 BTIF_TRACE_EVENT("%s event=%s", __func__, dump_dm_search_event(event));
1118
1119 switch (event) {
1120 case BTA_DM_DISC_RES_EVT: {
1121 /* Remote name update */
1122 if (strlen((const char*)p_search_data->disc_res.bd_name)) {
1123 bt_property_t properties[1];
1124 bt_status_t status;
1125
1126 properties[0].type = BT_PROPERTY_BDNAME;
1127 properties[0].val = p_search_data->disc_res.bd_name;
1128 properties[0].len = strlen((char*)p_search_data->disc_res.bd_name);
1129 RawAddress& bdaddr = p_search_data->disc_res.bd_addr;
1130
1131 status =
1132 btif_storage_set_remote_device_property(&bdaddr, &properties[0]);
1133 ASSERTC(status == BT_STATUS_SUCCESS,
1134 "failed to save remote device property", status);
1135 invoke_remote_device_properties_cb(status, bdaddr, 1, properties);
1136 }
1137 /* TODO: Services? */
1138 } break;
1139
1140 case BTA_DM_INQ_RES_EVT: {
1141 /* inquiry result */
1142 bt_bdname_t bdname;
1143 uint8_t remote_name_len;
1144 tBTA_SERVICE_MASK services = 0;
1145
1146 p_search_data->inq_res.remt_name_not_required =
1147 check_eir_remote_name(p_search_data, NULL, NULL);
1148 RawAddress& bdaddr = p_search_data->inq_res.bd_addr;
1149
1150 BTIF_TRACE_DEBUG("%s() %s device_type = 0x%x\n", __func__,
1151 bdaddr.ToString().c_str(),
1152 p_search_data->inq_res.device_type);
1153 bdname.name[0] = 0;
1154
1155 if (!check_eir_remote_name(p_search_data, bdname.name, &remote_name_len))
1156 check_cached_remote_name(p_search_data, bdname.name, &remote_name_len);
1157
1158 /* Check EIR for remote name and services */
1159 if (p_search_data->inq_res.p_eir) {
1160 BTA_GetEirService(p_search_data->inq_res.p_eir,
1161 p_search_data->inq_res.eir_len, &services);
1162 BTIF_TRACE_DEBUG("%s()EIR BTA services = %08X", __func__,
1163 (uint32_t)services);
1164 /* TODO: Get the service list and check to see which uuids we got and
1165 * send it back to the client. */
1166 }
1167
1168 {
1169 bt_property_t properties[5];
1170 bt_device_type_t dev_type;
1171 uint32_t num_properties = 0;
1172 bt_status_t status;
1173 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
1174
1175 memset(properties, 0, sizeof(properties));
1176 /* RawAddress */
1177 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1178 BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr);
1179 num_properties++;
1180 /* BD_NAME */
1181 /* Don't send BDNAME if it is empty */
1182 if (bdname.name[0]) {
1183 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1184 BT_PROPERTY_BDNAME,
1185 strlen((char*)bdname.name), &bdname);
1186 num_properties++;
1187 }
1188
1189 /* DEV_CLASS */
1190 uint32_t cod = devclass2uint(p_search_data->inq_res.dev_class);
1191 BTIF_TRACE_DEBUG("%s cod is 0x%06x", __func__, cod);
1192 if (cod != 0) {
1193 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1194 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod),
1195 &cod);
1196 num_properties++;
1197 }
1198
1199 /* DEV_TYPE */
1200 /* FixMe: Assumption is that bluetooth.h and BTE enums match */
1201
1202 /* Verify if the device is dual mode in NVRAM */
1203 int stored_device_type = 0;
1204 if (btif_get_device_type(bdaddr, &stored_device_type) &&
1205 ((stored_device_type != BT_DEVICE_TYPE_BREDR &&
1206 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BREDR) ||
1207 (stored_device_type != BT_DEVICE_TYPE_BLE &&
1208 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE))) {
1209 dev_type = (bt_device_type_t)BT_DEVICE_TYPE_DUMO;
1210 } else {
1211 dev_type = (bt_device_type_t)p_search_data->inq_res.device_type;
1212 }
1213
1214 if (p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE)
1215 addr_type = p_search_data->inq_res.ble_addr_type;
1216 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1217 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type),
1218 &dev_type);
1219 num_properties++;
1220 /* RSSI */
1221 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1222 BT_PROPERTY_REMOTE_RSSI, sizeof(int8_t),
1223 &(p_search_data->inq_res.rssi));
1224 num_properties++;
1225
1226 status =
1227 btif_storage_add_remote_device(&bdaddr, num_properties, properties);
1228 ASSERTC(status == BT_STATUS_SUCCESS,
1229 "failed to save remote device (inquiry)", status);
1230 status = btif_storage_set_remote_addr_type(&bdaddr, addr_type);
1231 ASSERTC(status == BT_STATUS_SUCCESS,
1232 "failed to save remote addr type (inquiry)", status);
1233 /* Callback to notify upper layer of device */
1234 invoke_device_found_cb(num_properties, properties);
1235 }
1236 } break;
1237
1238 case BTA_DM_INQ_CMPL_EVT: {
1239 BTM_BleAdvFilterParamSetup(BTM_BLE_SCAN_COND_DELETE,
1240 static_cast<tBTM_BLE_PF_FILT_INDEX>(0),
1241 nullptr,
1242 base::Bind(&bte_scan_filt_param_cfg_evt,
1243 btm_status_value(BTM_SUCCESS)));
1244 } break;
1245 case BTA_DM_DISC_CMPL_EVT: {
1246 invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1247 } break;
1248 case BTA_DM_SEARCH_CANCEL_CMPL_EVT: {
1249 /* if inquiry is not in progress and we get a cancel event, then
1250 * it means we are done with inquiry, but remote_name fetches are in
1251 * progress
1252 *
1253 * if inquiry is in progress, then we don't want to act on this
1254 * cancel_cmpl_evt
1255 * but instead wait for the cancel_cmpl_evt via the Busy Level
1256 *
1257 */
1258 if (!btif_dm_inquiry_in_progress) {
1259 btgatt_filt_param_setup_t adv_filt_param;
1260 memset(&adv_filt_param, 0, sizeof(btgatt_filt_param_setup_t));
1261 BTM_BleAdvFilterParamSetup(BTM_BLE_SCAN_COND_DELETE, 0, nullptr,
1262 base::Bind(&bte_scan_filt_param_cfg_evt,
1263 btm_status_value(BTM_SUCCESS)));
1264 invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1265 }
1266 } break;
1267 }
1268 }
1269
1270 /* Returns true if |uuid| should be passed as device property */
btif_is_interesting_le_service(bluetooth::Uuid uuid)1271 static bool btif_is_interesting_le_service(bluetooth::Uuid uuid) {
1272 return (uuid.As16Bit() == UUID_SERVCLASS_LE_HID || uuid == UUID_HEARING_AID ||
1273 uuid == UUID_VC);
1274 }
1275
1276 /*******************************************************************************
1277 *
1278 * Function btif_dm_search_services_evt
1279 *
1280 * Description Executes search services event in btif context
1281 *
1282 * Returns void
1283 *
1284 ******************************************************************************/
btif_dm_search_services_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_data)1285 static void btif_dm_search_services_evt(tBTA_DM_SEARCH_EVT event,
1286 tBTA_DM_SEARCH* p_data) {
1287 switch (event) {
1288 case BTA_DM_DISC_RES_EVT: {
1289 bt_property_t prop;
1290 uint32_t i = 0;
1291 bt_status_t ret;
1292
1293 RawAddress& bd_addr = p_data->disc_res.bd_addr;
1294
1295 LOG_VERBOSE("result=0x%x, services 0x%x", p_data->disc_res.result,
1296 p_data->disc_res.services);
1297 if (p_data->disc_res.result != BTA_SUCCESS &&
1298 pairing_cb.state == BT_BOND_STATE_BONDED &&
1299 pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING) {
1300 if (pairing_cb.sdp_attempts) {
1301 LOG_WARN("SDP failed after bonding re-attempting");
1302 pairing_cb.sdp_attempts++;
1303 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_UNKNOWN);
1304 } else {
1305 LOG_WARN("SDP triggered by someone failed when bonding");
1306 }
1307 return;
1308 }
1309 prop.type = BT_PROPERTY_UUIDS;
1310 prop.len = 0;
1311 if ((p_data->disc_res.result == BTA_SUCCESS) &&
1312 (p_data->disc_res.num_uuids > 0)) {
1313 prop.val = p_data->disc_res.p_uuid_list;
1314 prop.len = p_data->disc_res.num_uuids * Uuid::kNumBytes128;
1315 for (i = 0; i < p_data->disc_res.num_uuids; i++) {
1316 std::string temp = ((p_data->disc_res.p_uuid_list + i))->ToString();
1317 LOG_INFO("index:%d uuid:%s", i, temp.c_str());
1318 }
1319 }
1320
1321 /* onUuidChanged requires getBondedDevices to be populated.
1322 ** bond_state_changed needs to be sent prior to remote_device_property
1323 */
1324 if (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts &&
1325 (p_data->disc_res.bd_addr == pairing_cb.bd_addr ||
1326 p_data->disc_res.bd_addr == pairing_cb.static_bdaddr)) {
1327 LOG_INFO("SDP search done for %s", bd_addr.ToString().c_str());
1328 pairing_cb.sdp_attempts = 0;
1329
1330 // Both SDP and bonding are done, clear pairing control block in case
1331 // it is not already cleared
1332 pairing_cb = {};
1333 bta_dm_execute_queued_request();
1334
1335 // Send one empty UUID to Java to unblock pairing intent when SDP failed
1336 // or no UUID is discovered
1337 if (p_data->disc_res.result != BTA_SUCCESS ||
1338 p_data->disc_res.num_uuids == 0) {
1339 LOG_INFO("SDP failed, send empty UUID to unblock bonding %s",
1340 bd_addr.ToString().c_str());
1341 bt_property_t prop_uuids;
1342 Uuid uuid = {};
1343
1344 prop_uuids.type = BT_PROPERTY_UUIDS;
1345 prop_uuids.val = &uuid;
1346 prop_uuids.len = Uuid::kNumBytes128;
1347
1348 /* Send the event to the BTIF */
1349 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1,
1350 &prop_uuids);
1351 break;
1352 }
1353 }
1354
1355 if (p_data->disc_res.num_uuids != 0) {
1356 /* Also write this to the NVRAM */
1357 ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1358 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed",
1359 ret);
1360 /* Send the event to the BTIF */
1361 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1,
1362 &prop);
1363 }
1364 } break;
1365
1366 case BTA_DM_DISC_CMPL_EVT:
1367 /* fixme */
1368 break;
1369
1370 case BTA_DM_SEARCH_CANCEL_CMPL_EVT:
1371 /* no-op */
1372 break;
1373
1374 case BTA_DM_DISC_BLE_RES_EVT: {
1375 int num_properties = 0;
1376 bt_property_t prop[2];
1377 std::vector<uint8_t> property_value;
1378 int num_uuids = 0;
1379
1380 for (Uuid uuid : *p_data->disc_ble_res.services) {
1381 LOG_VERBOSE("service %s", uuid.ToString().c_str());
1382 if (btif_is_interesting_le_service(uuid)) {
1383 num_uuids++;
1384 auto valAsBe = uuid.To128BitBE();
1385 property_value.insert(property_value.end(), valAsBe.begin(),
1386 valAsBe.end());
1387 }
1388 }
1389
1390 if (num_uuids == 0) {
1391 LOG_INFO("No well known BLE services discovered");
1392 return;
1393 }
1394
1395 RawAddress& bd_addr = p_data->disc_ble_res.bd_addr;
1396 prop[0].type = BT_PROPERTY_UUIDS;
1397 prop[0].val = (void*)property_value.data();
1398 prop[0].len = Uuid::kNumBytes128 * num_uuids;
1399
1400 /* Also write this to the NVRAM */
1401 bt_status_t ret =
1402 btif_storage_set_remote_device_property(&bd_addr, &prop[0]);
1403 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1404 num_properties++;
1405
1406 /* Remote name update */
1407 if (strnlen((const char*)p_data->disc_ble_res.bd_name, BD_NAME_LEN)) {
1408 prop[1].type = BT_PROPERTY_BDNAME;
1409 prop[1].val = p_data->disc_ble_res.bd_name;
1410 prop[1].len = strnlen((char*)p_data->disc_ble_res.bd_name, BD_NAME_LEN);
1411
1412 ret = btif_storage_set_remote_device_property(&bd_addr, &prop[1]);
1413 ASSERTC(ret == BT_STATUS_SUCCESS,
1414 "failed to save remote device property", ret);
1415 num_properties++;
1416 }
1417
1418 /* Send the event to the BTIF */
1419 invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr,
1420 num_properties, prop);
1421 } break;
1422
1423 default: { ASSERTC(0, "unhandled search services event", event); } break;
1424 }
1425 }
1426
BTIF_dm_report_inquiry_status_change(uint8_t status)1427 void BTIF_dm_report_inquiry_status_change(uint8_t status) {
1428 if (status == BTM_INQUIRY_STARTED) {
1429 invoke_discovery_state_changed_cb(BT_DISCOVERY_STARTED);
1430 btif_dm_inquiry_in_progress = true;
1431 } else if (status == BTM_INQUIRY_CANCELLED) {
1432 invoke_discovery_state_changed_cb(BT_DISCOVERY_STOPPED);
1433 btif_dm_inquiry_in_progress = false;
1434 } else if (status == BTM_INQUIRY_COMPLETE) {
1435 btif_dm_inquiry_in_progress = false;
1436 }
1437 }
1438
BTIF_dm_on_hw_error()1439 void BTIF_dm_on_hw_error() {
1440 BTIF_TRACE_ERROR("Received H/W Error. ");
1441 /* Flush storage data */
1442 btif_config_flush();
1443 usleep(100000); /* 100milliseconds */
1444 /* Killing the process to force a restart as part of fault tolerance */
1445 kill(getpid(), SIGKILL);
1446 }
1447
BTIF_dm_enable()1448 void BTIF_dm_enable() {
1449 BD_NAME bdname;
1450 bt_status_t status;
1451 bt_property_t prop;
1452 prop.type = BT_PROPERTY_BDNAME;
1453 prop.len = BD_NAME_LEN;
1454 prop.val = (void*)bdname;
1455
1456 status = btif_storage_get_adapter_property(&prop);
1457 if (status == BT_STATUS_SUCCESS) {
1458 /* A name exists in the storage. Make this the device name */
1459 BTA_DmSetDeviceName((char*)prop.val);
1460 } else {
1461 /* Storage does not have a name yet.
1462 * Use the default name and write it to the chip
1463 */
1464 BTA_DmSetDeviceName(btif_get_default_local_name());
1465 }
1466
1467 /* Enable local privacy */
1468 BTA_DmBleConfigLocalPrivacy(BLE_LOCAL_PRIVACY_ENABLED);
1469
1470 /* for each of the enabled services in the mask, trigger the profile
1471 * enable */
1472 tBTA_SERVICE_MASK service_mask = btif_get_enabled_services_mask();
1473 for (uint32_t i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
1474 if (service_mask & (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
1475 btif_in_execute_service_request(i, true);
1476 }
1477 }
1478 /* clear control blocks */
1479 memset(&pairing_cb, 0, sizeof(btif_dm_pairing_cb_t));
1480 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT;
1481
1482 /* This function will also trigger the adapter_properties_cb
1483 ** and bonded_devices_info_cb
1484 */
1485 btif_storage_load_bonded_devices();
1486 bluetooth::bqr::EnableBtQualityReport(true);
1487 btif_enable_bluetooth_evt();
1488 }
1489
BTIF_dm_disable()1490 void BTIF_dm_disable() {
1491 /* for each of the enabled services in the mask, trigger the profile
1492 * disable */
1493 tBTA_SERVICE_MASK service_mask = btif_get_enabled_services_mask();
1494 for (uint32_t i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
1495 if (service_mask & (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
1496 btif_in_execute_service_request(i, false);
1497 }
1498 }
1499 bluetooth::bqr::EnableBtQualityReport(false);
1500 LOG_INFO("Stack device manager shutdown finished");
1501 future_ready(stack_manager_get_hack_future(), FUTURE_SUCCESS);
1502 }
1503
1504 /*******************************************************************************
1505 *
1506 * Function btif_dm_upstreams_cback
1507 *
1508 * Description Executes UPSTREAMS events in btif context
1509 *
1510 * Returns void
1511 *
1512 ******************************************************************************/
btif_dm_upstreams_evt(uint16_t event,char * p_param)1513 static void btif_dm_upstreams_evt(uint16_t event, char* p_param) {
1514 tBTA_DM_SEC* p_data = (tBTA_DM_SEC*)p_param;
1515 RawAddress bd_addr;
1516
1517 BTIF_TRACE_EVENT("%s: ev: %s", __func__, dump_dm_event(event));
1518
1519 switch (event) {
1520 case BTA_DM_PIN_REQ_EVT:
1521 btif_dm_pin_req_evt(&p_data->pin_req);
1522 break;
1523
1524 case BTA_DM_AUTH_CMPL_EVT:
1525 btif_dm_auth_cmpl_evt(&p_data->auth_cmpl);
1526 break;
1527
1528 case BTA_DM_BOND_CANCEL_CMPL_EVT:
1529 if (is_bonding_or_sdp()) {
1530 bd_addr = pairing_cb.bd_addr;
1531 btm_set_bond_type_dev(pairing_cb.bd_addr,
1532 tBTM_SEC_DEV_REC::BOND_TYPE_UNKNOWN);
1533 bond_state_changed((bt_status_t)p_data->bond_cancel_cmpl.result,
1534 bd_addr, BT_BOND_STATE_NONE);
1535 }
1536 break;
1537
1538 case BTA_DM_SP_CFM_REQ_EVT:
1539 btif_dm_ssp_cfm_req_evt(&p_data->cfm_req);
1540 break;
1541 case BTA_DM_SP_KEY_NOTIF_EVT:
1542 btif_dm_ssp_key_notif_evt(&p_data->key_notif);
1543 break;
1544
1545 case BTA_DM_DEV_UNPAIRED_EVT:
1546 bd_addr = p_data->link_down.bd_addr;
1547 btm_set_bond_type_dev(p_data->link_down.bd_addr,
1548 tBTM_SEC_DEV_REC::BOND_TYPE_UNKNOWN);
1549
1550 /*special handling for HID devices */
1551 #if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
1552 btif_hh_remove_device(bd_addr);
1553 #endif
1554 #if (defined(BTA_HD_INCLUDED) && (BTA_HD_INCLUDED == TRUE))
1555 btif_hd_remove_device(bd_addr);
1556 #endif
1557 btif_hearing_aid_get_interface()->RemoveDevice(bd_addr);
1558 btif_storage_remove_bonded_device(&bd_addr);
1559 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
1560 break;
1561
1562 case BTA_DM_LINK_UP_EVT:
1563 bd_addr = p_data->link_up.bd_addr;
1564 BTIF_TRACE_DEBUG("BTA_DM_LINK_UP_EVT. Sending BT_ACL_STATE_CONNECTED");
1565
1566 btif_update_remote_version_property(&bd_addr);
1567
1568 invoke_acl_state_changed_cb(BT_STATUS_SUCCESS, bd_addr,
1569 BT_ACL_STATE_CONNECTED, HCI_SUCCESS);
1570 break;
1571
1572 case BTA_DM_LINK_DOWN_EVT:
1573 bd_addr = p_data->link_down.bd_addr;
1574 btm_set_bond_type_dev(p_data->link_down.bd_addr,
1575 tBTM_SEC_DEV_REC::BOND_TYPE_UNKNOWN);
1576 btif_av_acl_disconnected(bd_addr);
1577 invoke_acl_state_changed_cb(BT_STATUS_SUCCESS, bd_addr,
1578 BT_ACL_STATE_DISCONNECTED,
1579 static_cast<bt_hci_error_code_t>(btm_get_acl_disc_reason_code()));
1580 LOG_DEBUG(
1581 "Sent BT_ACL_STATE_DISCONNECTED upward as ACL link down event "
1582 "device:%s reason:%s",
1583 PRIVATE_ADDRESS(bd_addr),
1584 hci_reason_code_text(
1585 static_cast<tHCI_REASON>(btm_get_acl_disc_reason_code()))
1586 .c_str());
1587 break;
1588
1589 case BTA_DM_BLE_KEY_EVT:
1590 BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT key_type=0x%02x ",
1591 p_data->ble_key.key_type);
1592
1593 /* If this pairing is by-product of local initiated GATT client Read or
1594 Write,
1595 BTA would not have sent BTA_DM_BLE_SEC_REQ_EVT event and Bond state would
1596 not
1597 have setup properly. Setup pairing_cb and notify App about Bonding state
1598 now*/
1599 if (pairing_cb.state != BT_BOND_STATE_BONDING) {
1600 BTIF_TRACE_DEBUG(
1601 "Bond state not sent to App so far.Notify the app now");
1602 bond_state_changed(BT_STATUS_SUCCESS, p_data->ble_key.bd_addr,
1603 BT_BOND_STATE_BONDING);
1604 } else if (pairing_cb.bd_addr != p_data->ble_key.bd_addr) {
1605 BTIF_TRACE_ERROR("BD mismatch discard BLE key_type=%d ",
1606 p_data->ble_key.key_type);
1607 break;
1608 }
1609
1610 switch (p_data->ble_key.key_type) {
1611 case BTM_LE_KEY_PENC:
1612 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_PENC");
1613 pairing_cb.ble.is_penc_key_rcvd = true;
1614 pairing_cb.ble.penc_key = p_data->ble_key.p_key_value->penc_key;
1615 break;
1616
1617 case BTM_LE_KEY_PID:
1618 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_PID");
1619 pairing_cb.ble.is_pid_key_rcvd = true;
1620 pairing_cb.ble.pid_key = p_data->ble_key.p_key_value->pid_key;
1621 break;
1622
1623 case BTM_LE_KEY_PCSRK:
1624 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_PCSRK");
1625 pairing_cb.ble.is_pcsrk_key_rcvd = true;
1626 pairing_cb.ble.pcsrk_key = p_data->ble_key.p_key_value->pcsrk_key;
1627 break;
1628
1629 case BTM_LE_KEY_LENC:
1630 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_LENC");
1631 pairing_cb.ble.is_lenc_key_rcvd = true;
1632 pairing_cb.ble.lenc_key = p_data->ble_key.p_key_value->lenc_key;
1633 break;
1634
1635 case BTM_LE_KEY_LCSRK:
1636 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_LCSRK");
1637 pairing_cb.ble.is_lcsrk_key_rcvd = true;
1638 pairing_cb.ble.lcsrk_key = p_data->ble_key.p_key_value->lcsrk_key;
1639 break;
1640
1641 case BTM_LE_KEY_LID:
1642 BTIF_TRACE_DEBUG("Rcv BTM_LE_KEY_LID");
1643 pairing_cb.ble.is_lidk_key_rcvd = true;
1644 break;
1645
1646 default:
1647 BTIF_TRACE_ERROR("unknown BLE key type (0x%02x)",
1648 p_data->ble_key.key_type);
1649 break;
1650 }
1651 break;
1652 case BTA_DM_BLE_CONSENT_REQ_EVT:
1653 BTIF_TRACE_DEBUG("BTA_DM_BLE_CONSENT_REQ_EVT. ");
1654 btif_dm_ble_sec_req_evt(&p_data->ble_req, true);
1655 break;
1656 case BTA_DM_BLE_SEC_REQ_EVT:
1657 BTIF_TRACE_DEBUG("BTA_DM_BLE_SEC_REQ_EVT. ");
1658 btif_dm_ble_sec_req_evt(&p_data->ble_req, false);
1659 break;
1660 case BTA_DM_BLE_PASSKEY_NOTIF_EVT:
1661 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_NOTIF_EVT. ");
1662 btif_dm_ble_key_notif_evt(&p_data->key_notif);
1663 break;
1664 case BTA_DM_BLE_PASSKEY_REQ_EVT:
1665 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1666 btif_dm_ble_passkey_req_evt(&p_data->pin_req);
1667 break;
1668 case BTA_DM_BLE_NC_REQ_EVT:
1669 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1670 btif_dm_ble_key_nc_req_evt(&p_data->key_notif);
1671 break;
1672 case BTA_DM_BLE_OOB_REQ_EVT:
1673 BTIF_TRACE_DEBUG("BTA_DM_BLE_OOB_REQ_EVT. ");
1674 btif_dm_ble_oob_req_evt(&p_data->rmt_oob);
1675 break;
1676 case BTA_DM_BLE_SC_OOB_REQ_EVT:
1677 BTIF_TRACE_DEBUG("BTA_DM_BLE_SC_OOB_REQ_EVT. ");
1678 btif_dm_ble_sc_oob_req_evt(&p_data->rmt_oob);
1679 break;
1680 case BTA_DM_BLE_SC_CR_LOC_OOB_EVT:
1681 BTIF_TRACE_DEBUG("BTA_DM_BLE_SC_CR_LOC_OOB_EVT");
1682 btif_dm_proc_loc_oob(BT_TRANSPORT_LE, true,
1683 p_data->local_oob_data.local_oob_c,
1684 p_data->local_oob_data.local_oob_r);
1685 break;
1686
1687 case BTA_DM_BLE_LOCAL_IR_EVT:
1688 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_IR_EVT. ");
1689 ble_local_key_cb.is_id_keys_rcvd = true;
1690 ble_local_key_cb.id_keys.irk = p_data->ble_id_keys.irk;
1691 ble_local_key_cb.id_keys.ir = p_data->ble_id_keys.ir;
1692 ble_local_key_cb.id_keys.dhk = p_data->ble_id_keys.dhk;
1693 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.irk,
1694 BTIF_DM_LE_LOCAL_KEY_IRK);
1695 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.ir,
1696 BTIF_DM_LE_LOCAL_KEY_IR);
1697 btif_storage_add_ble_local_key(ble_local_key_cb.id_keys.dhk,
1698 BTIF_DM_LE_LOCAL_KEY_DHK);
1699 break;
1700 case BTA_DM_BLE_LOCAL_ER_EVT:
1701 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_ER_EVT. ");
1702 ble_local_key_cb.is_er_rcvd = true;
1703 ble_local_key_cb.er = p_data->ble_er;
1704 btif_storage_add_ble_local_key(ble_local_key_cb.er,
1705 BTIF_DM_LE_LOCAL_KEY_ER);
1706 break;
1707
1708 case BTA_DM_BLE_AUTH_CMPL_EVT:
1709 BTIF_TRACE_DEBUG("BTA_DM_BLE_AUTH_CMPL_EVT. ");
1710 btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl);
1711 break;
1712
1713 case BTA_DM_LE_FEATURES_READ: {
1714 tBTM_BLE_VSC_CB cmn_vsc_cb;
1715 bt_local_le_features_t local_le_features;
1716 bt_property_t prop;
1717 prop.type = BT_PROPERTY_LOCAL_LE_FEATURES;
1718 prop.val = (void*)&local_le_features;
1719 prop.len = sizeof(bt_local_le_features_t);
1720
1721 /* LE features are not stored in storage. Should be retrived from stack */
1722 BTM_BleGetVendorCapabilities(&cmn_vsc_cb);
1723 local_le_features.local_privacy_enabled = BTM_BleLocalPrivacyEnabled();
1724
1725 if (cmn_vsc_cb.filter_support == 1)
1726 local_le_features.max_adv_filter_supported = cmn_vsc_cb.max_filter;
1727 else
1728 local_le_features.max_adv_filter_supported = 0;
1729 local_le_features.max_adv_instance = cmn_vsc_cb.adv_inst_max;
1730 local_le_features.max_irk_list_size = cmn_vsc_cb.max_irk_list_sz;
1731 local_le_features.rpa_offload_supported = cmn_vsc_cb.rpa_offloading;
1732 local_le_features.activity_energy_info_supported =
1733 cmn_vsc_cb.energy_support;
1734 local_le_features.scan_result_storage_size =
1735 cmn_vsc_cb.tot_scan_results_strg;
1736 local_le_features.version_supported = cmn_vsc_cb.version_supported;
1737 local_le_features.total_trackable_advertisers =
1738 cmn_vsc_cb.total_trackable_advertisers;
1739
1740 local_le_features.extended_scan_support =
1741 cmn_vsc_cb.extended_scan_support > 0;
1742 local_le_features.debug_logging_supported =
1743 cmn_vsc_cb.debug_logging_supported > 0;
1744
1745 const controller_t* controller = controller_get_interface();
1746
1747 local_le_features.le_2m_phy_supported = controller->supports_ble_2m_phy();
1748 local_le_features.le_coded_phy_supported =
1749 controller->supports_ble_coded_phy();
1750 local_le_features.le_extended_advertising_supported =
1751 controller->supports_ble_extended_advertising();
1752 local_le_features.le_periodic_advertising_supported =
1753 controller->supports_ble_periodic_advertising();
1754 local_le_features.le_maximum_advertising_data_length =
1755 controller->get_ble_maxium_advertising_data_length();
1756
1757 local_le_features.dynamic_audio_buffer_supported =
1758 cmn_vsc_cb.dynamic_audio_buffer_support;
1759
1760 invoke_adapter_properties_cb(BT_STATUS_SUCCESS, 1, &prop);
1761 break;
1762 }
1763
1764 default:
1765 BTIF_TRACE_WARNING("%s: unhandled event (%d)", __func__, event);
1766 break;
1767 }
1768 }
1769
1770 /*******************************************************************************
1771 *
1772 * Function bte_dm_evt
1773 *
1774 * Description Switches context from BTE to BTIF for all DM events
1775 *
1776 * Returns void
1777 *
1778 ******************************************************************************/
1779
bte_dm_evt(tBTA_DM_SEC_EVT event,tBTA_DM_SEC * p_data)1780 void bte_dm_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data) {
1781 btif_dm_upstreams_evt(event, (char*)p_data);
1782 }
1783
1784 /*******************************************************************************
1785 *
1786 * Function bta_energy_info_cb
1787 *
1788 * Description Switches context from BTE to BTIF for DM energy info event
1789 *
1790 * Returns void
1791 *
1792 ******************************************************************************/
bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time,tBTM_BLE_RX_TIME_MS rx_time,tBTM_BLE_IDLE_TIME_MS idle_time,tBTM_BLE_ENERGY_USED energy_used,tBTA_DM_CONTRL_STATE ctrl_state,tBTA_STATUS status)1793 static void bta_energy_info_cb(tBTM_BLE_TX_TIME_MS tx_time,
1794 tBTM_BLE_RX_TIME_MS rx_time,
1795 tBTM_BLE_IDLE_TIME_MS idle_time,
1796 tBTM_BLE_ENERGY_USED energy_used,
1797 tBTA_DM_CONTRL_STATE ctrl_state,
1798 tBTA_STATUS status) {
1799 BTIF_TRACE_DEBUG(
1800 "energy_info_cb-Status:%d,state=%d,tx_t=%ld, rx_t=%ld, "
1801 "idle_time=%ld,used=%ld",
1802 status, ctrl_state, tx_time, rx_time, idle_time, energy_used);
1803
1804 bt_activity_energy_info energy_info;
1805 energy_info.status = status;
1806 energy_info.ctrl_state = ctrl_state;
1807 energy_info.rx_time = rx_time;
1808 energy_info.tx_time = tx_time;
1809 energy_info.idle_time = idle_time;
1810 energy_info.energy_used = energy_used;
1811
1812 bt_uid_traffic_t* data = uid_set_read_and_clear(uid_set);
1813 invoke_energy_info_cb(energy_info, data);
1814 }
1815
1816 /* Scan filter param config event */
bte_scan_filt_param_cfg_evt(uint8_t ref_value,uint8_t avbl_space,uint8_t action_type,uint8_t btm_status)1817 static void bte_scan_filt_param_cfg_evt(uint8_t ref_value, uint8_t avbl_space,
1818 uint8_t action_type,
1819 uint8_t btm_status) {
1820 /* This event occurs on calling BTA_DmBleCfgFilterCondition internally,
1821 ** and that is why there is no HAL callback
1822 */
1823 if (btm_status != btm_status_value(BTM_SUCCESS)) {
1824 BTIF_TRACE_ERROR("%s, %d", __func__, btm_status);
1825 } else {
1826 BTIF_TRACE_DEBUG("%s", __func__);
1827 }
1828 }
1829
1830 /*****************************************************************************
1831 *
1832 * btif api functions (no context switch)
1833 *
1834 ****************************************************************************/
1835
1836 /*******************************************************************************
1837 *
1838 * Function btif_dm_start_discovery
1839 *
1840 * Description Start device discovery/inquiry
1841 *
1842 ******************************************************************************/
btif_dm_start_discovery(void)1843 void btif_dm_start_discovery(void) {
1844 BTIF_TRACE_EVENT("%s", __func__);
1845
1846 if (bta_dm_is_search_request_queued()) {
1847 LOG_INFO("%s skipping start discovery because a request is queued",
1848 __func__);
1849 return;
1850 }
1851
1852 /* Cleanup anything remaining on index 0 */
1853 BTM_BleAdvFilterParamSetup(
1854 BTM_BLE_SCAN_COND_DELETE, static_cast<tBTM_BLE_PF_FILT_INDEX>(0), nullptr,
1855 base::Bind(&bte_scan_filt_param_cfg_evt, btm_status_value(BTM_SUCCESS)));
1856
1857 auto adv_filt_param = std::make_unique<btgatt_filt_param_setup_t>();
1858 /* Add an allow-all filter on index 0*/
1859 adv_filt_param->dely_mode = IMMEDIATE_DELY_MODE;
1860 adv_filt_param->feat_seln = ALLOW_ALL_FILTER;
1861 adv_filt_param->filt_logic_type = BTA_DM_BLE_PF_FILT_LOGIC_OR;
1862 adv_filt_param->list_logic_type = BTA_DM_BLE_PF_LIST_LOGIC_OR;
1863 adv_filt_param->rssi_low_thres = LOWEST_RSSI_VALUE;
1864 adv_filt_param->rssi_high_thres = LOWEST_RSSI_VALUE;
1865 BTM_BleAdvFilterParamSetup(
1866 BTM_BLE_SCAN_COND_ADD, static_cast<tBTM_BLE_PF_FILT_INDEX>(0),
1867 std::move(adv_filt_param),
1868 base::Bind(&bte_scan_filt_param_cfg_evt, btm_status_value(BTM_SUCCESS)));
1869
1870 /* Will be enabled to true once inquiry busy level has been received */
1871 btif_dm_inquiry_in_progress = false;
1872 /* find nearby devices */
1873 BTA_DmSearch(btif_dm_search_devices_evt, is_bonding_or_sdp());
1874 }
1875
1876 /*******************************************************************************
1877 *
1878 * Function btif_dm_cancel_discovery
1879 *
1880 * Description Cancels search
1881 *
1882 ******************************************************************************/
btif_dm_cancel_discovery(void)1883 void btif_dm_cancel_discovery(void) {
1884 LOG_INFO("Cancel search");
1885 BTA_DmSearchCancel();
1886 }
1887
btif_dm_pairing_is_busy()1888 bool btif_dm_pairing_is_busy() {
1889 return pairing_cb.state != BT_BOND_STATE_NONE;
1890 }
1891
1892 /*******************************************************************************
1893 *
1894 * Function btif_dm_create_bond
1895 *
1896 * Description Initiate bonding with the specified device
1897 *
1898 ******************************************************************************/
btif_dm_create_bond(const RawAddress bd_addr,int transport)1899 void btif_dm_create_bond(const RawAddress bd_addr, int transport) {
1900 BTIF_TRACE_EVENT("%s: bd_addr=%s, transport=%d", __func__,
1901 bd_addr.ToString().c_str(), transport);
1902 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CREATE_BOND,
1903 pairing_cb.state);
1904
1905 pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
1906 btif_dm_cb_create_bond(bd_addr, transport);
1907 }
1908
1909 /*******************************************************************************
1910 *
1911 * Function btif_dm_create_bond_out_of_band
1912 *
1913 * Description Initiate bonding with the specified device using out of band
1914 * data
1915 *
1916 ******************************************************************************/
btif_dm_create_bond_out_of_band(const RawAddress bd_addr,tBT_TRANSPORT transport,const bt_oob_data_t p192_data,const bt_oob_data_t p256_data)1917 void btif_dm_create_bond_out_of_band(const RawAddress bd_addr,
1918 tBT_TRANSPORT transport,
1919 const bt_oob_data_t p192_data,
1920 const bt_oob_data_t p256_data) {
1921 bt_oob_data_t empty_data;
1922 memset(&empty_data, 0, sizeof(empty_data));
1923
1924 oob_cb.bdaddr = bd_addr;
1925 oob_cb.transport = transport;
1926 oob_cb.data_present = (int)BTM_OOB_NONE;
1927 if (memcmp(&p192_data, &empty_data, sizeof(p192_data)) != 0) {
1928 memcpy(&oob_cb.p192_data, &p192_data, sizeof(bt_oob_data_t));
1929 oob_cb.data_present = (int)BTM_OOB_PRESENT_192;
1930 }
1931
1932 if (memcmp(&p256_data, &empty_data, sizeof(p256_data)) != 0) {
1933 memcpy(&oob_cb.p256_data, &p256_data, sizeof(bt_oob_data_t));
1934 if (oob_cb.data_present == (int)BTM_OOB_PRESENT_192) {
1935 oob_cb.data_present = (int)BTM_OOB_PRESENT_192_AND_256;
1936 } else {
1937 oob_cb.data_present = (int)BTM_OOB_PRESENT_256;
1938 }
1939 }
1940
1941 uint8_t empty[] = {0, 0, 0, 0, 0, 0, 0};
1942 switch (transport) {
1943 case BT_TRANSPORT_BR_EDR:
1944 // TODO(182162589): Flesh out classic impl in legacy BTMSec
1945 // Nothing to do yet, but not an error
1946
1947 // The controller only supports P192
1948 switch (oob_cb.data_present) {
1949 case BTM_OOB_PRESENT_192_AND_256:
1950 LOG_INFO("Have both P192 and P256");
1951 [[fallthrough]];
1952 case BTM_OOB_PRESENT_192:
1953 LOG_INFO("Using P192");
1954 break;
1955 case BTM_OOB_PRESENT_256:
1956 LOG_INFO("Using P256");
1957 [[fallthrough]];
1958 default:
1959 // TODO(181889116):
1960 // Upgrade to support p256 (for now we just ignore P256)
1961 // because the controllers do not yet support it.
1962 LOG_ERROR("Invalid data present for controller: %d",
1963 oob_cb.data_present);
1964 bond_state_changed(BT_STATUS_FAIL, bd_addr, BT_BOND_STATE_NONE);
1965 return;
1966 }
1967 pairing_cb.is_local_initiated = true;
1968 LOG_ERROR("Classic not implemented yet");
1969 bond_state_changed(BT_STATUS_FAIL, bd_addr, BT_BOND_STATE_NONE);
1970 return;
1971 case BT_TRANSPORT_LE: {
1972 // Guess default RANDOM for address type for LE
1973 tBLE_ADDR_TYPE address_type = BLE_ADDR_RANDOM;
1974 LOG_INFO("Using LE Transport");
1975 switch (oob_cb.data_present) {
1976 case BTM_OOB_PRESENT_192_AND_256:
1977 LOG_INFO("Have both P192 and P256");
1978 [[fallthrough]];
1979 // Always prefer 256 for LE
1980 case BTM_OOB_PRESENT_256:
1981 LOG_INFO("Using P256");
1982 // If we have an address, lets get the type
1983 if (memcmp(p256_data.address, empty, 7) != 0) {
1984 /* byte no 7 is address type in LE Bluetooth Address OOB data */
1985 address_type = static_cast<tBLE_ADDR_TYPE>(p256_data.address[6]);
1986 }
1987 break;
1988 case BTM_OOB_PRESENT_192:
1989 LOG_INFO("Using P192");
1990 // If we have an address, lets get the type
1991 if (memcmp(p192_data.address, empty, 7) != 0) {
1992 /* byte no 7 is address type in LE Bluetooth Address OOB data */
1993 address_type = static_cast<tBLE_ADDR_TYPE>(p192_data.address[6]);
1994 }
1995 break;
1996 }
1997 pairing_cb.is_local_initiated = true;
1998 BTM_SecAddBleDevice(bd_addr, BT_DEVICE_TYPE_BLE, address_type);
1999 BTA_DmBond(bd_addr, address_type, transport, BT_DEVICE_TYPE_BLE);
2000 break;
2001 }
2002 default:
2003 LOG_ERROR("Invalid transport: %d", transport);
2004 bond_state_changed(BT_STATUS_FAIL, bd_addr, BT_BOND_STATE_NONE);
2005 return;
2006 }
2007 }
2008
2009 /*******************************************************************************
2010 *
2011 * Function btif_dm_cancel_bond
2012 *
2013 * Description Initiate bonding with the specified device
2014 *
2015 ******************************************************************************/
btif_dm_cancel_bond(const RawAddress bd_addr)2016 void btif_dm_cancel_bond(const RawAddress bd_addr) {
2017 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, bd_addr.ToString().c_str());
2018
2019 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_CANCEL_BOND,
2020 pairing_cb.state);
2021
2022 /* TODO:
2023 ** 1. Restore scan modes
2024 ** 2. special handling for HID devices
2025 */
2026 if (is_bonding_or_sdp()) {
2027 if (pairing_cb.is_ssp) {
2028 if (pairing_cb.is_le_only) {
2029 BTA_DmBleSecurityGrant(bd_addr, BTA_DM_SEC_PAIR_NOT_SPT);
2030 } else {
2031 BTA_DmConfirm(bd_addr, false);
2032 BTA_DmBondCancel(bd_addr);
2033 btif_storage_remove_bonded_device(&bd_addr);
2034 }
2035 } else {
2036 if (pairing_cb.is_le_only) {
2037 BTA_DmBondCancel(bd_addr);
2038 } else {
2039 BTA_DmPinReply(bd_addr, false, 0, NULL);
2040 }
2041 /* Cancel bonding, in case it is in ACL connection setup state */
2042 BTA_DmBondCancel(bd_addr);
2043 }
2044 }
2045 }
2046
2047 /*******************************************************************************
2048 *
2049 * Function btif_dm_hh_open_failed
2050 *
2051 * Description informs the upper layers if the HH have failed during
2052 * bonding
2053 *
2054 * Returns none
2055 *
2056 ******************************************************************************/
2057
btif_dm_hh_open_failed(RawAddress * bdaddr)2058 void btif_dm_hh_open_failed(RawAddress* bdaddr) {
2059 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
2060 *bdaddr == pairing_cb.bd_addr) {
2061 bond_state_changed(BT_STATUS_FAIL, *bdaddr, BT_BOND_STATE_NONE);
2062 }
2063 }
2064
2065 /*******************************************************************************
2066 *
2067 * Function btif_dm_remove_bond
2068 *
2069 * Description Removes bonding with the specified device
2070 *
2071 ******************************************************************************/
2072
btif_dm_remove_bond(const RawAddress bd_addr)2073 void btif_dm_remove_bond(const RawAddress bd_addr) {
2074 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, bd_addr.ToString().c_str());
2075
2076 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_REMOVE_BOND,
2077 pairing_cb.state);
2078
2079 // special handling for HID devices
2080 // VUP needs to be sent if its a HID Device. The HID HOST module will check if
2081 // there is a valid hid connection with this bd_addr. If yes VUP will be
2082 // issued.
2083 #if (BTA_HH_INCLUDED == TRUE)
2084 if (btif_hh_virtual_unplug(&bd_addr) != BT_STATUS_SUCCESS)
2085 #endif
2086 {
2087 BTIF_TRACE_DEBUG("%s: Removing HH device", __func__);
2088 BTA_DmRemoveDevice(bd_addr);
2089 }
2090 }
2091
2092 /*******************************************************************************
2093 *
2094 * Function btif_dm_pin_reply
2095 *
2096 * Description BT legacy pairing - PIN code reply
2097 *
2098 ******************************************************************************/
2099
btif_dm_pin_reply(const RawAddress bd_addr,uint8_t accept,uint8_t pin_len,bt_pin_code_t pin_code)2100 void btif_dm_pin_reply(const RawAddress bd_addr, uint8_t accept,
2101 uint8_t pin_len, bt_pin_code_t pin_code) {
2102 BTIF_TRACE_EVENT("%s: accept=%d", __func__, accept);
2103
2104 if (pairing_cb.is_le_only) {
2105 int i;
2106 uint32_t passkey = 0;
2107 int multi[] = {100000, 10000, 1000, 100, 10, 1};
2108 for (i = 0; i < 6; i++) {
2109 passkey += (multi[i] * (pin_code.pin[i] - '0'));
2110 }
2111 BTIF_TRACE_DEBUG("btif_dm_pin_reply: passkey: %d", passkey);
2112 BTA_DmBlePasskeyReply(bd_addr, accept, passkey);
2113
2114 } else {
2115 BTA_DmPinReply(bd_addr, accept, pin_len, pin_code.pin);
2116 if (accept) pairing_cb.pin_code_len = pin_len;
2117 }
2118 }
2119
2120 /*******************************************************************************
2121 *
2122 * Function btif_dm_ssp_reply
2123 *
2124 * Description BT SSP Reply - Just Works, Numeric Comparison & Passkey
2125 * Entry
2126 *
2127 ******************************************************************************/
btif_dm_ssp_reply(const RawAddress bd_addr,bt_ssp_variant_t variant,uint8_t accept)2128 void btif_dm_ssp_reply(const RawAddress bd_addr, bt_ssp_variant_t variant,
2129 uint8_t accept) {
2130 BTIF_TRACE_EVENT("%s: accept=%d", __func__, accept);
2131 if (pairing_cb.is_le_only) {
2132 if (pairing_cb.is_le_nc) {
2133 BTA_DmBleConfirmReply(bd_addr, accept);
2134 } else {
2135 if (accept)
2136 BTA_DmBleSecurityGrant(bd_addr, BTA_DM_SEC_GRANTED);
2137 else
2138 BTA_DmBleSecurityGrant(bd_addr, BTA_DM_SEC_PAIR_NOT_SPT);
2139 }
2140 } else {
2141 BTA_DmConfirm(bd_addr, accept);
2142 }
2143 }
2144
2145 /*******************************************************************************
2146 *
2147 * Function btif_dm_get_adapter_property
2148 *
2149 * Description Queries the BTA for the adapter property
2150 *
2151 * Returns bt_status_t
2152 *
2153 ******************************************************************************/
btif_dm_get_adapter_property(bt_property_t * prop)2154 bt_status_t btif_dm_get_adapter_property(bt_property_t* prop) {
2155 BTIF_TRACE_EVENT("%s: type=0x%x", __func__, prop->type);
2156 switch (prop->type) {
2157 case BT_PROPERTY_BDNAME: {
2158 bt_bdname_t* bd_name = (bt_bdname_t*)prop->val;
2159 strncpy((char*)bd_name->name, (char*)btif_get_default_local_name(),
2160 sizeof(bd_name->name) - 1);
2161 bd_name->name[sizeof(bd_name->name) - 1] = 0;
2162 prop->len = strlen((char*)bd_name->name);
2163 } break;
2164
2165 case BT_PROPERTY_ADAPTER_SCAN_MODE: {
2166 /* if the storage does not have it. Most likely app never set it. Default
2167 * is NONE */
2168 bt_scan_mode_t* mode = (bt_scan_mode_t*)prop->val;
2169 *mode = BT_SCAN_MODE_NONE;
2170 prop->len = sizeof(bt_scan_mode_t);
2171 } break;
2172
2173 case BT_PROPERTY_ADAPTER_DISCOVERY_TIMEOUT: {
2174 uint32_t* tmt = (uint32_t*)prop->val;
2175 *tmt = 120; /* default to 120s, if not found in NV */
2176 prop->len = sizeof(uint32_t);
2177 } break;
2178
2179 case BT_PROPERTY_CLASS_OF_DEVICE: {
2180 DEV_CLASS dev_class = BTA_DM_COD;
2181 memcpy(prop->val, dev_class, sizeof(DEV_CLASS));
2182 prop->len = sizeof(DEV_CLASS);
2183 } break;
2184
2185 // While fetching IO_CAP* values for the local device, we maintain backward
2186 // compatibility by using the value from #define macros BTM_LOCAL_IO_CAPS,
2187 // BTM_LOCAL_IO_CAPS_BLE if the values have never been explicitly set.
2188
2189 case BT_PROPERTY_LOCAL_IO_CAPS: {
2190 *(bt_io_cap_t*)prop->val = (bt_io_cap_t)BTM_LOCAL_IO_CAPS;
2191 prop->len = sizeof(bt_io_cap_t);
2192 } break;
2193
2194 case BT_PROPERTY_LOCAL_IO_CAPS_BLE: {
2195 *(bt_io_cap_t*)prop->val = (bt_io_cap_t)BTM_LOCAL_IO_CAPS_BLE;
2196 prop->len = sizeof(bt_io_cap_t);
2197 } break;
2198
2199 default:
2200 prop->len = 0;
2201 return BT_STATUS_FAIL;
2202 }
2203 return BT_STATUS_SUCCESS;
2204 }
2205
2206 /*******************************************************************************
2207 *
2208 * Function btif_dm_get_remote_services
2209 *
2210 * Description Start SDP to get remote services by transport
2211 *
2212 * Returns bt_status_t
2213 *
2214 ******************************************************************************/
btif_dm_get_remote_services(RawAddress remote_addr,const int transport)2215 void btif_dm_get_remote_services(RawAddress remote_addr, const int transport) {
2216 BTIF_TRACE_EVENT("%s: transport=%d, remote_addr=%s", __func__, transport,
2217 remote_addr.ToString().c_str());
2218
2219 BTA_DmDiscover(remote_addr, btif_dm_search_services_evt, transport,
2220 remote_addr != pairing_cb.bd_addr && is_bonding_or_sdp());
2221 }
2222
btif_dm_enable_service(tBTA_SERVICE_ID service_id,bool enable)2223 void btif_dm_enable_service(tBTA_SERVICE_ID service_id, bool enable) {
2224 bt_status_t status = btif_in_execute_service_request(service_id, enable);
2225 if (status == BT_STATUS_SUCCESS) {
2226 bt_property_t property;
2227 Uuid local_uuids[BT_MAX_NUM_UUIDS];
2228
2229 /* Now send the UUID_PROPERTY_CHANGED event to the upper layer */
2230 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_UUIDS,
2231 sizeof(local_uuids), local_uuids);
2232 btif_storage_get_adapter_property(&property);
2233 invoke_adapter_properties_cb(BT_STATUS_SUCCESS, 1, &property);
2234 }
2235 return;
2236 }
2237
btif_dm_proc_io_req(tBTM_AUTH_REQ * p_auth_req,bool is_orig)2238 void btif_dm_proc_io_req(tBTM_AUTH_REQ* p_auth_req, bool is_orig) {
2239 uint8_t yes_no_bit = BTA_AUTH_SP_YES & *p_auth_req;
2240 /* if local initiated:
2241 ** 1. set DD + MITM
2242 ** if remote initiated:
2243 ** 1. Copy over the auth_req from peer's io_rsp
2244 ** 2. Set the MITM if peer has it set or if peer has DisplayYesNo
2245 *(iPhone)
2246 ** as a fallback set MITM+GB if peer had MITM set
2247 */
2248
2249 BTIF_TRACE_DEBUG("+%s: p_auth_req=%d", __func__, *p_auth_req);
2250 if (pairing_cb.is_local_initiated) {
2251 /* if initing/responding to a dedicated bonding, use dedicate bonding bit */
2252 *p_auth_req = BTA_AUTH_DD_BOND | BTA_AUTH_SP_YES;
2253 } else if (!is_orig) {
2254 /* peer initiated paring. They probably know what they want.
2255 ** Copy the mitm from peer device.
2256 */
2257 BTIF_TRACE_DEBUG("%s: setting p_auth_req to peer's: %d", __func__,
2258 pairing_cb.auth_req);
2259 *p_auth_req = (pairing_cb.auth_req & BTA_AUTH_BONDS);
2260
2261 /* copy over the MITM bit as well. In addition if the peer has DisplayYesNo,
2262 * force MITM */
2263 if ((yes_no_bit) || (pairing_cb.io_cap & BTM_IO_CAP_IO))
2264 *p_auth_req |= BTA_AUTH_SP_YES;
2265 } else if (yes_no_bit) {
2266 /* set the general bonding bit for stored device */
2267 *p_auth_req = BTA_AUTH_GEN_BOND | yes_no_bit;
2268 }
2269 BTIF_TRACE_DEBUG("-%s: p_auth_req=%d", __func__, *p_auth_req);
2270 }
2271
btif_dm_proc_io_rsp(UNUSED_ATTR const RawAddress & bd_addr,tBTM_IO_CAP io_cap,UNUSED_ATTR tBTM_OOB_DATA oob_data,tBTM_AUTH_REQ auth_req)2272 void btif_dm_proc_io_rsp(UNUSED_ATTR const RawAddress& bd_addr,
2273 tBTM_IO_CAP io_cap, UNUSED_ATTR tBTM_OOB_DATA oob_data,
2274 tBTM_AUTH_REQ auth_req) {
2275 if (auth_req & BTA_AUTH_BONDS) {
2276 BTIF_TRACE_DEBUG("%s auth_req:%d", __func__, auth_req);
2277 pairing_cb.auth_req = auth_req;
2278 pairing_cb.io_cap = io_cap;
2279 }
2280 }
2281
btif_dm_set_oob_for_io_req(tBTM_OOB_DATA * p_has_oob_data)2282 void btif_dm_set_oob_for_io_req(tBTM_OOB_DATA* p_has_oob_data) {
2283 if (is_empty_128bit(oob_cb.p192_data.c)) {
2284 *p_has_oob_data = false;
2285 } else {
2286 *p_has_oob_data = true;
2287 }
2288 BTIF_TRACE_DEBUG("%s: *p_has_oob_data=%d", __func__, *p_has_oob_data);
2289 }
2290
btif_dm_set_oob_for_le_io_req(const RawAddress & bd_addr,tBTM_OOB_DATA * p_has_oob_data,tBTM_LE_AUTH_REQ * p_auth_req)2291 void btif_dm_set_oob_for_le_io_req(const RawAddress& bd_addr,
2292 tBTM_OOB_DATA* p_has_oob_data,
2293 tBTM_LE_AUTH_REQ* p_auth_req) {
2294 switch (oob_cb.data_present) {
2295 case BTM_OOB_PRESENT_192_AND_256:
2296 LOG_INFO("Have both P192 and P256");
2297 [[fallthrough]];
2298 // Always prefer 256 for LE
2299 case BTM_OOB_PRESENT_256:
2300 LOG_INFO("Using P256");
2301 if (!is_empty_128bit(oob_cb.p256_data.c) &&
2302 !is_empty_128bit(oob_cb.p256_data.r)) {
2303 /* make sure OOB data is for this particular device */
2304 if (bd_addr == oob_cb.bdaddr) {
2305 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
2306 *p_has_oob_data = true;
2307 } else {
2308 *p_has_oob_data = false;
2309 LOG_WARN("P256-1: Remote address didn't match OOB data address");
2310 }
2311 } else if (!is_empty_128bit(oob_cb.p256_data.sm_tk)) {
2312 /* We have security manager TK */
2313
2314 /* make sure OOB data is for this particular device */
2315 if (bd_addr == oob_cb.bdaddr) {
2316 // When using OOB with TK, SC Secure Connections bit must be disabled.
2317 tBTM_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
2318 *p_auth_req = ((*p_auth_req) & mask);
2319 *p_has_oob_data = true;
2320 } else {
2321 *p_has_oob_data = false;
2322 LOG_WARN("P256-2: Remote address didn't match OOB data address");
2323 }
2324 } else {
2325 *p_has_oob_data = false;
2326 }
2327 break;
2328 case BTM_OOB_PRESENT_192:
2329 LOG_INFO("Using P192");
2330 if (!is_empty_128bit(oob_cb.p192_data.c) &&
2331 !is_empty_128bit(oob_cb.p192_data.r)) {
2332 /* make sure OOB data is for this particular device */
2333 if (bd_addr == oob_cb.bdaddr) {
2334 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
2335 *p_has_oob_data = true;
2336 } else {
2337 *p_has_oob_data = false;
2338 LOG_WARN("P192-1: Remote address didn't match OOB data address");
2339 }
2340 } else if (!is_empty_128bit(oob_cb.p192_data.sm_tk)) {
2341 /* We have security manager TK */
2342
2343 /* make sure OOB data is for this particular device */
2344 if (bd_addr == oob_cb.bdaddr) {
2345 // When using OOB with TK, SC Secure Connections bit must be disabled.
2346 tBTM_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
2347 *p_auth_req = ((*p_auth_req) & mask);
2348 *p_has_oob_data = true;
2349 } else {
2350 *p_has_oob_data = false;
2351 LOG_WARN("P192-2: Remote address didn't match OOB data address");
2352 }
2353 } else {
2354 *p_has_oob_data = false;
2355 }
2356 break;
2357 }
2358 BTIF_TRACE_DEBUG("%s *p_has_oob_data=%d", __func__, *p_has_oob_data);
2359 }
2360
2361 #ifdef BTIF_DM_OOB_TEST
btif_dm_load_local_oob(void)2362 void btif_dm_load_local_oob(void) {
2363 char prop_oob[PROPERTY_VALUE_MAX];
2364 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2365 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2366 if (prop_oob[0] != '3') {
2367 if (is_empty_128bit(oob_cb.p192_data.c)) {
2368 BTIF_TRACE_DEBUG("%s: read OOB, call BTA_DmLocalOob()", __func__);
2369 BTA_DmLocalOob();
2370 }
2371 }
2372 }
2373
2374 static bool waiting_on_oob_advertiser_start = false;
2375 static uint8_t oob_advertiser_id = 0;
stop_oob_advertiser()2376 static void stop_oob_advertiser() {
2377 auto advertiser = get_ble_advertiser_instance();
2378 advertiser->Unregister(oob_advertiser_id);
2379 oob_advertiser_id = 0;
2380 }
2381
2382 /*******************************************************************************
2383 *
2384 * Function btif_dm_generate_local_oob_data
2385 *
2386 * Description Initiate oob data fetch from controller
2387 *
2388 * Parameters transport; Classic or LE
2389 *
2390 ******************************************************************************/
btif_dm_generate_local_oob_data(tBT_TRANSPORT transport)2391 void btif_dm_generate_local_oob_data(tBT_TRANSPORT transport) {
2392 LOG_DEBUG("Transport %s", bt_transport_text(transport).c_str());
2393 if (transport == BT_TRANSPORT_BR_EDR) {
2394 BTM_ReadLocalOobData();
2395 } else if (transport == BT_TRANSPORT_LE) {
2396 // Call create data first, so we don't have to hold on to the address for
2397 // the state machine lifecycle. Rather, lets create the data, then start
2398 // advertising then request the address.
2399 if (!waiting_on_oob_advertiser_start) {
2400 if (oob_advertiser_id != 0) {
2401 stop_oob_advertiser();
2402 }
2403 waiting_on_oob_advertiser_start = true;
2404 SMP_CrLocScOobData();
2405 } else {
2406 invoke_oob_data_request_cb(transport, false, Octet16{}, Octet16{},
2407 RawAddress{}, 0x00);
2408 }
2409 }
2410 }
2411
2412 // Step Four: CallBack from Step Three
get_address_callback(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t address_type,RawAddress address)2413 static void get_address_callback(tBT_TRANSPORT transport, bool is_valid,
2414 const Octet16& c, const Octet16& r,
2415 uint8_t address_type, RawAddress address) {
2416 invoke_oob_data_request_cb(transport, is_valid, c, r, address, address_type);
2417 waiting_on_oob_advertiser_start = false;
2418 }
2419
2420 // Step Three: CallBack from Step Two, advertise and get address
start_advertising_callback(uint8_t id,tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t status)2421 static void start_advertising_callback(uint8_t id, tBT_TRANSPORT transport,
2422 bool is_valid, const Octet16& c,
2423 const Octet16& r, uint8_t status) {
2424 if (status != 0) {
2425 LOG_INFO("OOB get advertiser ID failed with status %hhd", status);
2426 invoke_oob_data_request_cb(transport, false, c, r, RawAddress{}, 0x00);
2427 SMP_ClearLocScOobData();
2428 waiting_on_oob_advertiser_start = false;
2429 oob_advertiser_id = 0;
2430 return;
2431 }
2432 LOG_DEBUG("OOB advertiser with id %hhd", id);
2433 auto advertiser = get_ble_advertiser_instance();
2434 advertiser->GetOwnAddress(
2435 id, base::Bind(&get_address_callback, transport, is_valid, c, r));
2436 }
2437
timeout_cb(uint8_t id,uint8_t status)2438 static void timeout_cb(uint8_t id, uint8_t status) {
2439 LOG_INFO("OOB advertiser with id %hhd timed out with status %hhd", id,
2440 status);
2441 auto advertiser = get_ble_advertiser_instance();
2442 advertiser->Unregister(id);
2443 SMP_ClearLocScOobData();
2444 waiting_on_oob_advertiser_start = false;
2445 oob_advertiser_id = 0;
2446 }
2447
2448 // Step Two: CallBack from Step One, advertise and get address
id_status_callback(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r,uint8_t id,uint8_t status)2449 static void id_status_callback(tBT_TRANSPORT transport, bool is_valid,
2450 const Octet16& c, const Octet16& r, uint8_t id,
2451 uint8_t status) {
2452 if (status != 0) {
2453 LOG_INFO("OOB get advertiser ID failed with status %hhd", status);
2454 invoke_oob_data_request_cb(transport, false, c, r, RawAddress{}, 0x00);
2455 SMP_ClearLocScOobData();
2456 waiting_on_oob_advertiser_start = false;
2457 oob_advertiser_id = 0;
2458 return;
2459 }
2460
2461 oob_advertiser_id = id;
2462
2463 auto advertiser = get_ble_advertiser_instance();
2464 AdvertiseParameters parameters;
2465 parameters.advertising_event_properties = 0x0041 /* connectable, tx power */;
2466 parameters.min_interval = 0xa0; // 100 ms
2467 parameters.max_interval = 0x500; // 800 ms
2468 parameters.channel_map = 0x7; // Use all the channels
2469 parameters.tx_power = 0; // 0 dBm
2470 parameters.primary_advertising_phy = 1;
2471 parameters.secondary_advertising_phy = 2;
2472 parameters.scan_request_notification_enable = 0;
2473
2474 std::vector<uint8_t> advertisement{0x02, 0x01 /* Flags */,
2475 0x02 /* Connectable */};
2476 std::vector<uint8_t> scan_data{};
2477
2478 advertiser->StartAdvertising(
2479 id,
2480 base::Bind(&start_advertising_callback, id, transport, is_valid, c, r),
2481 parameters, advertisement, scan_data, 3600 /* timeout_s */,
2482 base::Bind(&timeout_cb, id));
2483 }
2484
2485 // Step One: Start the advertiser
start_oob_advertiser(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r)2486 static void start_oob_advertiser(tBT_TRANSPORT transport, bool is_valid,
2487 const Octet16& c, const Octet16& r) {
2488 auto advertiser = get_ble_advertiser_instance();
2489 advertiser->RegisterAdvertiser(
2490 base::Bind(&id_status_callback, transport, is_valid, c, r));
2491 }
2492
btif_dm_proc_loc_oob(tBT_TRANSPORT transport,bool is_valid,const Octet16 & c,const Octet16 & r)2493 void btif_dm_proc_loc_oob(tBT_TRANSPORT transport, bool is_valid,
2494 const Octet16& c, const Octet16& r) {
2495 // is_valid is important for deciding which OobDataCallback function to use
2496 if (!is_valid) {
2497 invoke_oob_data_request_cb(transport, false, c, r, RawAddress{}, 0x00);
2498 waiting_on_oob_advertiser_start = false;
2499 return;
2500 }
2501 // Now that we have the data, lets start advertising and get the address.
2502 start_oob_advertiser(transport, is_valid, c, r);
2503 }
2504
2505 /*******************************************************************************
2506 *
2507 * Function btif_dm_get_smp_config
2508 *
2509 * Description Retrieve the SMP pairing options from the bt_stack.conf
2510 * file. To provide specific pairing options for the host
2511 * add a node with label "SmpOptions" to the config file
2512 * and assign it a comma separated list of 5 values in the
2513 * format: auth, io, ikey, rkey, ksize, oob
2514 * eg: PTS_SmpOptions=0xD,0x4,0xf,0xf,0x10
2515 *
2516 * Parameters: tBTE_APPL_CFG*: pointer to struct defining pairing options
2517 *
2518 * Returns true if the options were successfully read, else false
2519 *
2520 ******************************************************************************/
btif_dm_get_smp_config(tBTE_APPL_CFG * p_cfg)2521 bool btif_dm_get_smp_config(tBTE_APPL_CFG* p_cfg) {
2522 const std::string* recv = stack_config_get_interface()->get_pts_smp_options();
2523 if (!recv) {
2524 LOG_DEBUG("SMP pairing options not found in stack configuration");
2525 return false;
2526 }
2527
2528 char conf[64];
2529 char* pch;
2530 char* endptr;
2531
2532 strncpy(conf, recv->c_str(), 64);
2533 conf[63] = 0; // null terminate
2534
2535 pch = strtok(conf, ",");
2536 if (pch != NULL)
2537 p_cfg->ble_auth_req = (uint8_t)strtoul(pch, &endptr, 16);
2538 else
2539 return false;
2540
2541 pch = strtok(NULL, ",");
2542 if (pch != NULL)
2543 p_cfg->ble_io_cap = (uint8_t)strtoul(pch, &endptr, 16);
2544 else
2545 return false;
2546
2547 pch = strtok(NULL, ",");
2548 if (pch != NULL)
2549 p_cfg->ble_init_key = (uint8_t)strtoul(pch, &endptr, 16);
2550 else
2551 return false;
2552
2553 pch = strtok(NULL, ",");
2554 if (pch != NULL)
2555 p_cfg->ble_resp_key = (uint8_t)strtoul(pch, &endptr, 16);
2556 else
2557 return false;
2558
2559 pch = strtok(NULL, ",");
2560 if (pch != NULL)
2561 p_cfg->ble_max_key_size = (uint8_t)strtoul(pch, &endptr, 16);
2562 else
2563 return false;
2564
2565 return true;
2566 }
2567
btif_dm_proc_rmt_oob(const RawAddress & bd_addr,Octet16 * p_c,Octet16 * p_r)2568 bool btif_dm_proc_rmt_oob(const RawAddress& bd_addr, Octet16* p_c,
2569 Octet16* p_r) {
2570 const char* path_a = "/data/misc/bluedroid/LOCAL/a.key";
2571 const char* path_b = "/data/misc/bluedroid/LOCAL/b.key";
2572 const char* path = NULL;
2573 char prop_oob[PROPERTY_VALUE_MAX];
2574 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2575 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2576 if (prop_oob[0] == '1')
2577 path = path_b;
2578 else if (prop_oob[0] == '2')
2579 path = path_a;
2580 if (!path) {
2581 BTIF_TRACE_DEBUG("%s: can't open path!", __func__);
2582 return false;
2583 }
2584
2585 FILE* fp = fopen(path, "rb");
2586 if (fp == NULL) {
2587 BTIF_TRACE_DEBUG("%s: failed to read OOB keys from %s", __func__, path);
2588 return false;
2589 }
2590
2591 BTIF_TRACE_DEBUG("%s: read OOB data from %s", __func__, path);
2592 (void)fread(p_c->data(), 1, OCTET16_LEN, fp);
2593 (void)fread(p_r->data(), 1, OCTET16_LEN, fp);
2594 fclose(fp);
2595
2596 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2597 return true;
2598 }
2599 #endif /* BTIF_DM_OOB_TEST */
2600
btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)2601 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
2602 RawAddress bd_addr;
2603 bt_bdname_t bd_name;
2604 uint32_t cod;
2605 int dev_type;
2606
2607 BTIF_TRACE_DEBUG("%s", __func__);
2608
2609 /* Remote name update */
2610 if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
2611 dev_type = BT_DEVICE_TYPE_BLE;
2612 }
2613 btif_dm_update_ble_remote_properties(p_ssp_key_notif->bd_addr,
2614 p_ssp_key_notif->bd_name,
2615 (tBT_DEVICE_TYPE)dev_type);
2616 bd_addr = p_ssp_key_notif->bd_addr;
2617 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
2618 bd_name.name[BD_NAME_LEN] = '\0';
2619
2620 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2621 pairing_cb.is_ssp = false;
2622 cod = COD_UNCLASSIFIED;
2623
2624 invoke_ssp_request_cb(bd_addr, bd_name, cod,
2625 BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
2626 p_ssp_key_notif->passkey);
2627 }
2628
2629 /*******************************************************************************
2630 *
2631 * Function btif_dm_ble_auth_cmpl_evt
2632 *
2633 * Description Executes authentication complete event in btif context
2634 *
2635 * Returns void
2636 *
2637 ******************************************************************************/
btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)2638 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
2639 /* Save link key, if not temporary */
2640 bt_status_t status = BT_STATUS_FAIL;
2641 bt_bond_state_t state = BT_BOND_STATE_NONE;
2642
2643 RawAddress bd_addr = p_auth_cmpl->bd_addr;
2644
2645 /* Clear OOB data */
2646 memset(&oob_cb, 0, sizeof(oob_cb));
2647
2648 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
2649 /* store keys */
2650 }
2651 if (p_auth_cmpl->success) {
2652 status = BT_STATUS_SUCCESS;
2653 state = BT_BOND_STATE_BONDED;
2654 tBLE_ADDR_TYPE addr_type;
2655 RawAddress bdaddr = p_auth_cmpl->bd_addr;
2656 if (btif_storage_get_remote_addr_type(&bdaddr, &addr_type) !=
2657 BT_STATUS_SUCCESS)
2658 btif_storage_set_remote_addr_type(&bdaddr, p_auth_cmpl->addr_type);
2659
2660 /* Test for temporary bonding */
2661 if (btm_get_bond_type_dev(p_auth_cmpl->bd_addr) ==
2662 tBTM_SEC_DEV_REC::BOND_TYPE_TEMPORARY) {
2663 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
2664 __func__);
2665 btif_storage_remove_bonded_device(&bdaddr);
2666 state = BT_BOND_STATE_NONE;
2667 } else {
2668 btif_dm_save_ble_bonding_keys(bdaddr);
2669 btif_dm_get_remote_services(bd_addr, BT_TRANSPORT_LE);
2670 }
2671 } else {
2672 /*Map the HCI fail reason to bt status */
2673 // TODO This is not a proper use of the type
2674 uint8_t fail_reason = static_cast<uint8_t>(p_auth_cmpl->fail_reason);
2675 switch (fail_reason) {
2676 case BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL:
2677 case BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL:
2678 case BTA_DM_AUTH_SMP_UNKNOWN_ERR:
2679 btif_dm_remove_ble_bonding_keys();
2680 status = BT_STATUS_AUTH_FAILURE;
2681 break;
2682
2683 case BTA_DM_AUTH_SMP_CONN_TOUT: {
2684 if (btm_sec_is_a_bonded_dev(bd_addr)) {
2685 LOG(INFO) << __func__ << " Bonded device addr=" << bd_addr
2686 << " timed out - will not remove the keys";
2687 // Don't send state change to upper layers - otherwise Java think we
2688 // unbonded, and will disconnect HID profile.
2689 return;
2690 }
2691
2692 btif_dm_remove_ble_bonding_keys();
2693 status = BT_STATUS_AUTH_FAILURE;
2694 break;
2695 }
2696 case BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT:
2697 status = BT_STATUS_AUTH_REJECTED;
2698 break;
2699 default:
2700 btif_dm_remove_ble_bonding_keys();
2701 status = BT_STATUS_FAIL;
2702 break;
2703 }
2704 }
2705 if (state == BT_BOND_STATE_BONDED && !pairing_cb.static_bdaddr.IsEmpty() &&
2706 bd_addr != pairing_cb.static_bdaddr) {
2707 // Report RPA bonding state to Java in crosskey paring
2708 bond_state_changed(status, bd_addr, BT_BOND_STATE_BONDING);
2709 }
2710 bond_state_changed(status, bd_addr, state);
2711 }
2712
btif_dm_load_ble_local_keys(void)2713 void btif_dm_load_ble_local_keys(void) {
2714 memset(&ble_local_key_cb, 0, sizeof(btif_dm_local_key_cb_t));
2715
2716 if (btif_storage_get_ble_local_key(
2717 BTIF_DM_LE_LOCAL_KEY_ER, &ble_local_key_cb.er) == BT_STATUS_SUCCESS) {
2718 ble_local_key_cb.is_er_rcvd = true;
2719 BTIF_TRACE_DEBUG("%s BLE ER key loaded", __func__);
2720 }
2721
2722 if ((btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IR,
2723 &ble_local_key_cb.id_keys.ir) ==
2724 BT_STATUS_SUCCESS) &&
2725 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IRK,
2726 &ble_local_key_cb.id_keys.irk) ==
2727 BT_STATUS_SUCCESS) &&
2728 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_DHK,
2729 &ble_local_key_cb.id_keys.dhk) ==
2730 BT_STATUS_SUCCESS)) {
2731 ble_local_key_cb.is_id_keys_rcvd = true;
2732 BTIF_TRACE_DEBUG("%s BLE ID keys loaded", __func__);
2733 }
2734 }
btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK * p_key_mask,Octet16 * p_er,tBTA_BLE_LOCAL_ID_KEYS * p_id_keys)2735 void btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK* p_key_mask,
2736 Octet16* p_er,
2737 tBTA_BLE_LOCAL_ID_KEYS* p_id_keys) {
2738 if (ble_local_key_cb.is_er_rcvd) {
2739 *p_er = ble_local_key_cb.er;
2740 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ER;
2741 }
2742
2743 if (ble_local_key_cb.is_id_keys_rcvd) {
2744 p_id_keys->ir = ble_local_key_cb.id_keys.ir;
2745 p_id_keys->irk = ble_local_key_cb.id_keys.irk;
2746 p_id_keys->dhk = ble_local_key_cb.id_keys.dhk;
2747 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ID;
2748 }
2749 BTIF_TRACE_DEBUG("%s *p_key_mask=0x%02x", __func__, *p_key_mask);
2750 }
2751
btif_dm_save_ble_bonding_keys(RawAddress & bd_addr)2752 void btif_dm_save_ble_bonding_keys(RawAddress& bd_addr) {
2753 BTIF_TRACE_DEBUG("%s", __func__);
2754
2755 if (pairing_cb.ble.is_penc_key_rcvd) {
2756 btif_storage_add_ble_bonding_key(
2757 &bd_addr, (uint8_t*)&pairing_cb.ble.penc_key, BTM_LE_KEY_PENC,
2758 sizeof(tBTM_LE_PENC_KEYS));
2759 }
2760
2761 if (pairing_cb.ble.is_pid_key_rcvd) {
2762 btif_storage_add_ble_bonding_key(&bd_addr,
2763 (uint8_t*)&pairing_cb.ble.pid_key,
2764 BTM_LE_KEY_PID, sizeof(tBTM_LE_PID_KEYS));
2765 }
2766
2767 if (pairing_cb.ble.is_pcsrk_key_rcvd) {
2768 btif_storage_add_ble_bonding_key(
2769 &bd_addr, (uint8_t*)&pairing_cb.ble.pcsrk_key, BTM_LE_KEY_PCSRK,
2770 sizeof(tBTM_LE_PCSRK_KEYS));
2771 }
2772
2773 if (pairing_cb.ble.is_lenc_key_rcvd) {
2774 btif_storage_add_ble_bonding_key(
2775 &bd_addr, (uint8_t*)&pairing_cb.ble.lenc_key, BTM_LE_KEY_LENC,
2776 sizeof(tBTM_LE_LENC_KEYS));
2777 }
2778
2779 if (pairing_cb.ble.is_lcsrk_key_rcvd) {
2780 btif_storage_add_ble_bonding_key(
2781 &bd_addr, (uint8_t*)&pairing_cb.ble.lcsrk_key, BTM_LE_KEY_LCSRK,
2782 sizeof(tBTM_LE_LCSRK_KEYS));
2783 }
2784
2785 if (pairing_cb.ble.is_lidk_key_rcvd) {
2786 uint8_t empty[] = {};
2787 btif_storage_add_ble_bonding_key(&bd_addr, empty, BTM_LE_KEY_LID, 0);
2788 }
2789 }
2790
btif_dm_remove_ble_bonding_keys(void)2791 void btif_dm_remove_ble_bonding_keys(void) {
2792 BTIF_TRACE_DEBUG("%s", __func__);
2793
2794 RawAddress bd_addr = pairing_cb.bd_addr;
2795 btif_storage_remove_ble_bonding_keys(&bd_addr);
2796 }
2797
2798 /*******************************************************************************
2799 *
2800 * Function btif_dm_ble_sec_req_evt
2801 *
2802 * Description Eprocess security request event in btif context
2803 *
2804 * Returns void
2805 *
2806 ******************************************************************************/
btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ * p_ble_req,bool is_consent)2807 void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ* p_ble_req, bool is_consent) {
2808 bt_bdname_t bd_name;
2809 uint32_t cod;
2810 int dev_type;
2811
2812 BTIF_TRACE_DEBUG("%s", __func__);
2813
2814 if (!is_consent && pairing_cb.state == BT_BOND_STATE_BONDING) {
2815 BTIF_TRACE_DEBUG("%s Discard security request", __func__);
2816 return;
2817 }
2818
2819 /* Remote name update */
2820 if (!btif_get_device_type(p_ble_req->bd_addr, &dev_type)) {
2821 dev_type = BT_DEVICE_TYPE_BLE;
2822 }
2823 btif_dm_update_ble_remote_properties(p_ble_req->bd_addr, p_ble_req->bd_name,
2824 (tBT_DEVICE_TYPE)dev_type);
2825
2826 RawAddress bd_addr = p_ble_req->bd_addr;
2827 memcpy(bd_name.name, p_ble_req->bd_name, BD_NAME_LEN);
2828 bd_name.name[BD_NAME_LEN] = '\0';
2829
2830 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2831
2832 pairing_cb.bond_type = tBTM_SEC_DEV_REC::BOND_TYPE_PERSISTENT;
2833 pairing_cb.is_le_only = true;
2834 pairing_cb.is_le_nc = false;
2835 pairing_cb.is_ssp = true;
2836 btm_set_bond_type_dev(p_ble_req->bd_addr, pairing_cb.bond_type);
2837
2838 cod = COD_UNCLASSIFIED;
2839
2840 invoke_ssp_request_cb(bd_addr, bd_name, cod, BT_SSP_VARIANT_CONSENT, 0);
2841 }
2842
2843 /*******************************************************************************
2844 *
2845 * Function btif_dm_ble_passkey_req_evt
2846 *
2847 * Description Executes pin request event in btif context
2848 *
2849 * Returns void
2850 *
2851 ******************************************************************************/
btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ * p_pin_req)2852 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
2853 bt_bdname_t bd_name;
2854 uint32_t cod;
2855 int dev_type;
2856
2857 /* Remote name update */
2858 if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
2859 dev_type = BT_DEVICE_TYPE_BLE;
2860 }
2861 btif_dm_update_ble_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
2862 (tBT_DEVICE_TYPE)dev_type);
2863
2864 RawAddress bd_addr = p_pin_req->bd_addr;
2865 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
2866 bd_name.name[BD_NAME_LEN] = '\0';
2867
2868 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2869 pairing_cb.is_le_only = true;
2870
2871 cod = COD_UNCLASSIFIED;
2872
2873 invoke_pin_request_cb(bd_addr, bd_name, cod, false);
2874 }
btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF * p_notif_req)2875 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req) {
2876 /* TODO implement key notification for numeric comparison */
2877 BTIF_TRACE_DEBUG("%s", __func__);
2878
2879 /* Remote name update */
2880 btif_update_remote_properties(p_notif_req->bd_addr, p_notif_req->bd_name,
2881 NULL, BT_DEVICE_TYPE_BLE);
2882
2883 RawAddress bd_addr = p_notif_req->bd_addr;
2884
2885 bt_bdname_t bd_name;
2886 memcpy(bd_name.name, p_notif_req->bd_name, BD_NAME_LEN);
2887 bd_name.name[BD_NAME_LEN] = '\0';
2888
2889 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2890 pairing_cb.is_ssp = false;
2891 pairing_cb.is_le_only = true;
2892 pairing_cb.is_le_nc = true;
2893
2894 invoke_ssp_request_cb(bd_addr, bd_name, COD_UNCLASSIFIED,
2895 BT_SSP_VARIANT_PASSKEY_CONFIRMATION,
2896 p_notif_req->passkey);
2897 }
2898
btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)2899 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
2900 BTIF_TRACE_DEBUG("%s", __func__);
2901
2902 RawAddress bd_addr = req_oob_type->bd_addr;
2903 /* We already checked if OOB data is present in
2904 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
2905 * do nothing, pairing will timeout.
2906 */
2907 if (is_empty_128bit(oob_cb.p192_data.sm_tk)) {
2908 return;
2909 }
2910
2911 /* make sure OOB data is for this particular device */
2912 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
2913 BTIF_TRACE_WARNING("%s: remote address didn't match OOB data address",
2914 __func__);
2915 return;
2916 }
2917
2918 /* Remote name update */
2919 btif_update_remote_properties(req_oob_type->bd_addr, req_oob_type->bd_name,
2920 NULL, BT_DEVICE_TYPE_BLE);
2921
2922 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2923 pairing_cb.is_ssp = false;
2924 pairing_cb.is_le_only = true;
2925 pairing_cb.is_le_nc = false;
2926
2927 BTM_BleOobDataReply(req_oob_type->bd_addr, 0, 16, oob_cb.p192_data.sm_tk);
2928 }
2929
btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)2930 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
2931 BTIF_TRACE_DEBUG("%s", __func__);
2932
2933 RawAddress bd_addr = req_oob_type->bd_addr;
2934 BTIF_TRACE_DEBUG("%s: bd_addr: %s", __func__, bd_addr.ToString().c_str());
2935 BTIF_TRACE_DEBUG("%s: oob_cb.bdaddr: %s", __func__,
2936 oob_cb.bdaddr.ToString().c_str());
2937
2938 /* make sure OOB data is for this particular device */
2939 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
2940 LOG_ERROR("remote address didn't match OOB data address");
2941 return;
2942 }
2943
2944 /* We already checked if OOB data is present in
2945 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
2946 * do nothing, pairing will timeout.
2947 */
2948 bt_oob_data_t oob_data_to_use = {};
2949 switch (oob_cb.data_present) {
2950 case BTM_OOB_PRESENT_192_AND_256:
2951 LOG_INFO("Have both P192 and P256");
2952 [[fallthrough]];
2953 // Always prefer 256 for LE
2954 case BTM_OOB_PRESENT_256:
2955 LOG_INFO("Using P256");
2956 if (is_empty_128bit(oob_cb.p256_data.c) &&
2957 is_empty_128bit(oob_cb.p256_data.r)) {
2958 LOG_WARN("P256 LE SC OOB data is empty");
2959 return;
2960 }
2961 oob_data_to_use = oob_cb.p256_data;
2962 break;
2963 case BTM_OOB_PRESENT_192:
2964 LOG_INFO("Using P192");
2965 if (is_empty_128bit(oob_cb.p192_data.c) &&
2966 is_empty_128bit(oob_cb.p192_data.r)) {
2967 LOG_WARN("P192 LE SC OOB data is empty");
2968 return;
2969 }
2970 oob_data_to_use = oob_cb.p192_data;
2971 break;
2972 }
2973
2974 /* Remote name update */
2975 btif_update_remote_properties(req_oob_type->bd_addr,
2976 oob_data_to_use.device_name, NULL,
2977 BT_DEVICE_TYPE_BLE);
2978
2979 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2980 pairing_cb.is_ssp = false;
2981 // TODO: we can derive classic pairing from this one
2982 pairing_cb.is_le_only = true;
2983 pairing_cb.is_le_nc = false;
2984 BTM_BleSecureConnectionOobDataReply(req_oob_type->bd_addr, oob_data_to_use.c,
2985 oob_data_to_use.r);
2986 }
2987
btif_dm_update_ble_remote_properties(const RawAddress & bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type)2988 void btif_dm_update_ble_remote_properties(const RawAddress& bd_addr,
2989 BD_NAME bd_name,
2990 tBT_DEVICE_TYPE dev_type) {
2991 btif_update_remote_properties(bd_addr, bd_name, NULL, dev_type);
2992 }
2993
btif_dm_ble_tx_test_cback(void * p)2994 static void btif_dm_ble_tx_test_cback(void* p) {
2995 char* p_param = (char*)p;
2996 uint8_t status;
2997 STREAM_TO_UINT8(status, p_param);
2998 invoke_le_test_mode_cb((status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
2999 }
3000
btif_dm_ble_rx_test_cback(void * p)3001 static void btif_dm_ble_rx_test_cback(void* p) {
3002 char* p_param = (char*)p;
3003 uint8_t status;
3004 STREAM_TO_UINT8(status, p_param);
3005 invoke_le_test_mode_cb((status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
3006 }
3007
btif_dm_ble_test_end_cback(void * p)3008 static void btif_dm_ble_test_end_cback(void* p) {
3009 char* p_param = (char*)p;
3010 uint8_t status;
3011 uint16_t count = 0;
3012 STREAM_TO_UINT8(status, p_param);
3013 if (status == 0) STREAM_TO_UINT16(count, p_param);
3014 invoke_le_test_mode_cb((status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL,
3015 count);
3016 }
3017
btif_ble_transmitter_test(uint8_t tx_freq,uint8_t test_data_len,uint8_t packet_payload)3018 void btif_ble_transmitter_test(uint8_t tx_freq, uint8_t test_data_len,
3019 uint8_t packet_payload) {
3020 BTM_BleTransmitterTest(tx_freq, test_data_len, packet_payload,
3021 btif_dm_ble_tx_test_cback);
3022 }
3023
btif_ble_receiver_test(uint8_t rx_freq)3024 void btif_ble_receiver_test(uint8_t rx_freq) {
3025 BTM_BleReceiverTest(rx_freq, btif_dm_ble_rx_test_cback);
3026 }
3027
btif_ble_test_end()3028 void btif_ble_test_end() { BTM_BleTestEnd(btif_dm_ble_test_end_cback); }
3029
btif_dm_on_disable()3030 void btif_dm_on_disable() {
3031 /* cancel any pending pairing requests */
3032 if (is_bonding_or_sdp()) {
3033 BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __func__);
3034 btif_dm_cancel_bond(pairing_cb.bd_addr);
3035 }
3036 }
3037
3038 /*******************************************************************************
3039 *
3040 * Function btif_dm_read_energy_info
3041 *
3042 * Description Reads the energy info from controller
3043 *
3044 * Returns void
3045 *
3046 ******************************************************************************/
btif_dm_read_energy_info()3047 void btif_dm_read_energy_info() { BTA_DmBleGetEnergyInfo(bta_energy_info_cb); }
3048
3049 /*******************************************************************************
3050 *
3051 * Function btif_dm_add_uuid_to_eir
3052 *
3053 * Description Add a service class uuid to the local device's EIR data
3054 *
3055 * Returns void
3056 *
3057 ******************************************************************************/
btif_dm_add_uuid_to_eir(uint16_t uuid16)3058 void btif_dm_add_uuid_to_eir(uint16_t uuid16) {
3059 BTIF_TRACE_DEBUG("%s: %d", __func__, uuid16);
3060 BTA_AddEirUuid(uuid16);
3061 }
3062
3063 /*******************************************************************************
3064 *
3065 * Function btif_dm_remove_uuid_from_eir
3066 *
3067 * Description Remove a service class uuid from the local device's EIR data
3068 *
3069 * Returns void
3070 *
3071 ******************************************************************************/
btif_dm_remove_uuid_from_eir(uint16_t uuid16)3072 void btif_dm_remove_uuid_from_eir(uint16_t uuid16) {
3073 BTIF_TRACE_DEBUG("%s: %d", __func__, uuid16);
3074 BTA_RemoveEirUuid(uuid16);
3075 }
3076
btif_get_default_local_name()3077 static char* btif_get_default_local_name() {
3078 if (btif_default_local_name[0] == '\0') {
3079 int max_len = sizeof(btif_default_local_name) - 1;
3080 if (BTM_DEF_LOCAL_NAME[0] != '\0') {
3081 strncpy(btif_default_local_name, BTM_DEF_LOCAL_NAME, max_len);
3082 } else {
3083 char prop_model[PROPERTY_VALUE_MAX];
3084 osi_property_get(PROPERTY_PRODUCT_MODEL, prop_model, "");
3085 strncpy(btif_default_local_name, prop_model, max_len);
3086 }
3087 btif_default_local_name[max_len] = '\0';
3088 }
3089 return btif_default_local_name;
3090 }
3091
btif_stats_add_bond_event(const RawAddress & bd_addr,bt_bond_function_t function,bt_bond_state_t state)3092 static void btif_stats_add_bond_event(const RawAddress& bd_addr,
3093 bt_bond_function_t function,
3094 bt_bond_state_t state) {
3095 std::unique_lock<std::mutex> lock(bond_event_lock);
3096
3097 btif_bond_event_t* event = &btif_dm_bond_events[btif_events_end_index];
3098 event->bd_addr = bd_addr;
3099 event->function = function;
3100 event->state = state;
3101 clock_gettime(CLOCK_REALTIME, &event->timestamp);
3102
3103 btif_num_bond_events++;
3104 btif_events_end_index =
3105 (btif_events_end_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3106 if (btif_events_end_index == btif_events_start_index) {
3107 btif_events_start_index =
3108 (btif_events_start_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3109 }
3110
3111 int type;
3112 btif_get_device_type(bd_addr, &type);
3113
3114 bluetooth::common::device_type_t device_type;
3115 switch (type) {
3116 case BT_DEVICE_TYPE_BREDR:
3117 device_type = bluetooth::common::DEVICE_TYPE_BREDR;
3118 break;
3119 case BT_DEVICE_TYPE_BLE:
3120 device_type = bluetooth::common::DEVICE_TYPE_LE;
3121 break;
3122 case BT_DEVICE_TYPE_DUMO:
3123 device_type = bluetooth::common::DEVICE_TYPE_DUMO;
3124 break;
3125 default:
3126 device_type = bluetooth::common::DEVICE_TYPE_UNKNOWN;
3127 break;
3128 }
3129
3130 uint32_t cod = get_cod(&bd_addr);
3131 uint64_t ts =
3132 event->timestamp.tv_sec * 1000 + event->timestamp.tv_nsec / 1000000;
3133 bluetooth::common::BluetoothMetricsLogger::GetInstance()->LogPairEvent(
3134 0, ts, cod, device_type);
3135 }
3136
btif_debug_bond_event_dump(int fd)3137 void btif_debug_bond_event_dump(int fd) {
3138 std::unique_lock<std::mutex> lock(bond_event_lock);
3139 dprintf(fd, "\nBond Events: \n");
3140 dprintf(fd, " Total Number of events: %zu\n", btif_num_bond_events);
3141 if (btif_num_bond_events > 0)
3142 dprintf(fd,
3143 " Time address Function State\n");
3144
3145 for (size_t i = btif_events_start_index; i != btif_events_end_index;
3146 i = (i + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1)) {
3147 btif_bond_event_t* event = &btif_dm_bond_events[i];
3148
3149 char eventtime[20];
3150 char temptime[20];
3151 struct tm* tstamp = localtime(&event->timestamp.tv_sec);
3152 strftime(temptime, sizeof(temptime), "%H:%M:%S", tstamp);
3153 snprintf(eventtime, sizeof(eventtime), "%s.%03ld", temptime,
3154 event->timestamp.tv_nsec / 1000000);
3155
3156 const char* func_name;
3157 switch (event->function) {
3158 case BTIF_DM_FUNC_CREATE_BOND:
3159 func_name = "btif_dm_create_bond";
3160 break;
3161 case BTIF_DM_FUNC_REMOVE_BOND:
3162 func_name = "btif_dm_remove_bond";
3163 break;
3164 case BTIF_DM_FUNC_BOND_STATE_CHANGED:
3165 func_name = "bond_state_changed ";
3166 break;
3167 default:
3168 func_name = "Invalid value ";
3169 break;
3170 }
3171
3172 const char* bond_state;
3173 switch (event->state) {
3174 case BT_BOND_STATE_NONE:
3175 bond_state = "BOND_STATE_NONE";
3176 break;
3177 case BT_BOND_STATE_BONDING:
3178 bond_state = "BOND_STATE_BONDING";
3179 break;
3180 case BT_BOND_STATE_BONDED:
3181 bond_state = "BOND_STATE_BONDED";
3182 break;
3183 default:
3184 bond_state = "Invalid bond state";
3185 break;
3186 }
3187
3188 dprintf(fd, " %s %s %s %s\n", eventtime,
3189 event->bd_addr.ToString().c_str(), func_name, bond_state);
3190 }
3191 }
3192