1 /******************************************************************************
2  *
3  *  Copyright (C) 2000-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /*****************************************************************************
20 **
21 **  Name:          btm_acl.c
22 **
23 **  Description:   This file contains functions that handle ACL connections.
24 **                 This includes operations such as hold and sniff modes,
25 **                 supported packet types.
26 **
27 **                 This module contains both internal and external (API)
28 **                 functions. External (API) functions are distinguishable
29 **                 by their names beginning with uppercase BTM.
30 **
31 **
32 ******************************************************************************/
33 
34 #include <stdlib.h>
35 #include <string.h>
36 #include <stdio.h>
37 #include <stddef.h>
38 
39 #include "bt_types.h"
40 #include "bt_target.h"
41 #include "device/include/controller.h"
42 #include "gki.h"
43 #include "hcimsgs.h"
44 #include "btu.h"
45 #include "btm_api.h"
46 #include "btm_int.h"
47 #include "l2c_int.h"
48 #include "hcidefs.h"
49 #include "bt_utils.h"
50 
51 static void btm_read_remote_features (UINT16 handle);
52 static void btm_read_remote_ext_features (UINT16 handle, UINT8 page_number);
53 static void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, UINT8 num_read_pages);
54 
55 #define BTM_DEV_REPLY_TIMEOUT   3       /* 3 second timeout waiting for responses */
56 
57 /*******************************************************************************
58 **
59 ** Function         btm_acl_init
60 **
61 ** Description      This function is called at BTM startup to initialize
62 **
63 ** Returns          void
64 **
65 *******************************************************************************/
btm_acl_init(void)66 void btm_acl_init (void)
67 {
68     BTM_TRACE_DEBUG ("btm_acl_init");
69 #if 0  /* cleared in btm_init; put back in if called from anywhere else! */
70     memset (&btm_cb.acl_db, 0, sizeof (btm_cb.acl_db));
71     memset (btm_cb.btm_scn, 0, BTM_MAX_SCN);          /* Initialize the SCN usage to FALSE */
72     btm_cb.btm_def_link_policy     = 0;
73     btm_cb.p_bl_changed_cb         = NULL;
74 #endif
75 
76     /* Initialize nonzero defaults */
77     btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT;
78     btm_cb.acl_disc_reason         = 0xff ;
79 }
80 
81 /*******************************************************************************
82 **
83 ** Function         btm_bda_to_acl
84 **
85 ** Description      This function returns the FIRST acl_db entry for the passed BDA.
86 **
87 ** Parameters      bda : BD address of the remote device
88 **                 transport : Physical transport used for ACL connection (BR/EDR or LE)
89 **
90 ** Returns          Returns pointer to the ACL DB for the requested BDA if found.
91 **                  NULL if not found.
92 **
93 *******************************************************************************/
btm_bda_to_acl(BD_ADDR bda,tBT_TRANSPORT transport)94 tACL_CONN *btm_bda_to_acl (BD_ADDR bda, tBT_TRANSPORT transport)
95 {
96     tACL_CONN   *p = &btm_cb.acl_db[0];
97     UINT16       xx;
98     if (bda)
99     {
100         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
101         {
102             if ((p->in_use) && (!memcmp (p->remote_addr, bda, BD_ADDR_LEN))
103 #if BLE_INCLUDED == TRUE
104                 && p->transport == transport
105 #endif
106                 )
107             {
108                 BTM_TRACE_DEBUG ("btm_bda_to_acl found");
109                 return(p);
110             }
111         }
112     }
113 
114     /* If here, no BD Addr found */
115     return((tACL_CONN *)NULL);
116 }
117 
118 /*******************************************************************************
119 **
120 ** Function         btm_handle_to_acl_index
121 **
122 ** Description      This function returns the FIRST acl_db entry for the passed hci_handle.
123 **
124 ** Returns          index to the acl_db or MAX_L2CAP_LINKS.
125 **
126 *******************************************************************************/
btm_handle_to_acl_index(UINT16 hci_handle)127 UINT8 btm_handle_to_acl_index (UINT16 hci_handle)
128 {
129     tACL_CONN   *p = &btm_cb.acl_db[0];
130     UINT8       xx;
131     BTM_TRACE_DEBUG ("btm_handle_to_acl_index");
132     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
133     {
134         if ((p->in_use) && (p->hci_handle == hci_handle))
135         {
136             break;
137         }
138     }
139 
140     /* If here, no BD Addr found */
141     return(xx);
142 }
143 
144 #if BLE_PRIVACY_SPT == TRUE
145 /*******************************************************************************
146 **
147 ** Function         btm_ble_get_acl_remote_addr
148 **
149 ** Description      This function reads the active remote address used for the
150 **                  connection.
151 **
152 ** Returns          success return TRUE, otherwise FALSE.
153 **
154 *******************************************************************************/
btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC * p_dev_rec,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)155 BOOLEAN btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC *p_dev_rec, BD_ADDR conn_addr,
156                                     tBLE_ADDR_TYPE *p_addr_type)
157 {
158 #if BLE_INCLUDED == TRUE
159     BOOLEAN         st = TRUE;
160 
161     if (p_dev_rec == NULL)
162     {
163         BTM_TRACE_ERROR("btm_ble_get_acl_remote_addr can not find device with matching address");
164         return FALSE;
165     }
166 
167     switch (p_dev_rec->ble.active_addr_type)
168     {
169     case BTM_BLE_ADDR_PSEUDO:
170         memcpy(conn_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
171         * p_addr_type = p_dev_rec->ble.ble_addr_type;
172         break;
173 
174     case BTM_BLE_ADDR_RRA:
175         memcpy(conn_addr, p_dev_rec->ble.cur_rand_addr, BD_ADDR_LEN);
176         * p_addr_type = BLE_ADDR_RANDOM;
177         break;
178 
179     case BTM_BLE_ADDR_STATIC:
180         memcpy(conn_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
181         * p_addr_type = p_dev_rec->ble.static_addr_type;
182         break;
183 
184     default:
185         BTM_TRACE_ERROR("Unknown active address: %d", p_dev_rec->ble.active_addr_type);
186         st = FALSE;
187         break;
188     }
189 
190     return st;
191 #else
192     UNUSED(p_dev_rec);
193     UNUSED(conn_addr);
194     UNUSED(p_addr_type);
195     return FALSE;
196 #endif
197 }
198 #endif
199 /*******************************************************************************
200 **
201 ** Function         btm_acl_created
202 **
203 ** Description      This function is called by L2CAP when an ACL connection
204 **                  is created.
205 **
206 ** Returns          void
207 **
208 *******************************************************************************/
btm_acl_created(BD_ADDR bda,DEV_CLASS dc,BD_NAME bdn,UINT16 hci_handle,UINT8 link_role,tBT_TRANSPORT transport)209 void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
210                       UINT16 hci_handle, UINT8 link_role, tBT_TRANSPORT transport)
211 {
212     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
213     tACL_CONN        *p;
214     UINT8             xx;
215 
216     BTM_TRACE_DEBUG ("btm_acl_created hci_handle=%d link_role=%d  transport=%d",
217                       hci_handle,link_role, transport);
218     /* Ensure we don't have duplicates */
219     p = btm_bda_to_acl(bda, transport);
220     if (p != (tACL_CONN *)NULL)
221     {
222         p->hci_handle = hci_handle;
223         p->link_role  = link_role;
224 #if BLE_INCLUDED == TRUE
225         p->transport = transport;
226 #endif
227         BTM_TRACE_DEBUG ("Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x",
228                           bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
229         BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy);
230         return;
231     }
232 
233     /* Allocate acl_db entry */
234     for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++)
235     {
236         if (!p->in_use)
237         {
238             p->in_use            = TRUE;
239             p->hci_handle        = hci_handle;
240             p->link_role         = link_role;
241             p->link_up_issued    = FALSE;
242             memcpy (p->remote_addr, bda, BD_ADDR_LEN);
243 
244 #if BLE_INCLUDED == TRUE
245             p->transport = transport;
246 #if BLE_PRIVACY_SPT == TRUE
247             if (transport == BT_TRANSPORT_LE)
248                 btm_ble_refresh_local_resolvable_private_addr(bda,
249                                                     btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
250 #else
251             p->conn_addr_type = BLE_ADDR_PUBLIC;
252             memcpy(p->conn_addr, &controller_get_interface()->get_address()->address, BD_ADDR_LEN);
253 
254 #endif
255 #endif
256             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
257 
258             btm_pm_sm_alloc(xx);
259 
260 
261             if (dc)
262                 memcpy (p->remote_dc, dc, DEV_CLASS_LEN);
263 
264             if (bdn)
265                 memcpy (p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN);
266 
267             /* if BR/EDR do something more */
268             if (transport == BT_TRANSPORT_BR_EDR)
269             {
270                 btsnd_hcic_read_rmt_clk_offset (p->hci_handle);
271                 btsnd_hcic_rmt_ver_req (p->hci_handle);
272             }
273             p_dev_rec = btm_find_dev_by_handle (hci_handle);
274 
275 #if (BLE_INCLUDED == TRUE)
276             if (p_dev_rec )
277             {
278                 BTM_TRACE_DEBUG ("device_type=0x%x", p_dev_rec->device_type);
279             }
280 #endif
281 
282             if (p_dev_rec && !(transport == BT_TRANSPORT_LE))
283             {
284                 /* If remote features already known, copy them and continue connection setup */
285                 if ((p_dev_rec->num_read_pages) &&
286                     (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1)))
287                 {
288                     memcpy (p->peer_lmp_features, p_dev_rec->features,
289                         (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages));
290                     p->num_read_pages = p_dev_rec->num_read_pages;
291 
292                     const UINT8 req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
293 
294                     /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
295                     btm_sec_set_peer_sec_caps(p, p_dev_rec);
296 
297                     BTM_TRACE_API("%s: pend:%d", __FUNCTION__, req_pend);
298                     if (req_pend)
299                     {
300                         /* Request for remaining Security Features (if any) */
301                         l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
302                     }
303                     btm_establish_continue (p);
304                     return;
305                 }
306             }
307 
308 #if (BLE_INCLUDED == TRUE)
309             /* If here, features are not known yet */
310             if (p_dev_rec && transport == BT_TRANSPORT_LE)
311             {
312 #if BLE_PRIVACY_SPT == TRUE
313                 btm_ble_get_acl_remote_addr (p_dev_rec, p->active_remote_addr,
314                     &p->active_remote_addr_type);
315 #endif
316 
317                 if (HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(controller_get_interface()->get_features_ble()->as_array)
318                     || link_role == HCI_ROLE_MASTER)
319                 {
320                     btsnd_hcic_ble_read_remote_feat(p->hci_handle);
321                 }
322                 else
323                 {
324                     btm_establish_continue(p);
325                 }
326             }
327             else
328 #endif
329             {
330                 btm_read_remote_features (p->hci_handle);
331             }
332 
333             /* read page 1 - on rmt feature event for buffer reasons */
334             return;
335         }
336     }
337 }
338 
339 
340 /*******************************************************************************
341 **
342 ** Function         btm_acl_report_role_change
343 **
344 ** Description      This function is called when the local device is deemed
345 **                  to be down. It notifies L2CAP of the failure.
346 **
347 ** Returns          void
348 **
349 *******************************************************************************/
btm_acl_report_role_change(UINT8 hci_status,BD_ADDR bda)350 void btm_acl_report_role_change (UINT8 hci_status, BD_ADDR bda)
351 {
352     tBTM_ROLE_SWITCH_CMPL   ref_data;
353     BTM_TRACE_DEBUG ("btm_acl_report_role_change");
354     if (btm_cb.devcb.p_switch_role_cb
355         && (bda && (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, bda, BD_ADDR_LEN))))
356     {
357         memcpy (&ref_data, &btm_cb.devcb.switch_role_ref_data, sizeof(tBTM_ROLE_SWITCH_CMPL));
358         ref_data.hci_status = hci_status;
359         (*btm_cb.devcb.p_switch_role_cb)(&ref_data);
360         memset (&btm_cb.devcb.switch_role_ref_data, 0, sizeof(tBTM_ROLE_SWITCH_CMPL));
361         btm_cb.devcb.p_switch_role_cb = NULL;
362     }
363 }
364 
365 /*******************************************************************************
366 **
367 ** Function         btm_acl_removed
368 **
369 ** Description      This function is called by L2CAP when an ACL connection
370 **                  is removed. Since only L2CAP creates ACL links, we use
371 **                  the L2CAP link index as our index into the control blocks.
372 **
373 ** Returns          void
374 **
375 *******************************************************************************/
btm_acl_removed(BD_ADDR bda,tBT_TRANSPORT transport)376 void btm_acl_removed (BD_ADDR bda, tBT_TRANSPORT transport)
377 {
378     tACL_CONN   *p;
379     tBTM_BL_EVENT_DATA  evt_data;
380 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
381     tBTM_SEC_DEV_REC *p_dev_rec=NULL;
382 #endif
383     BTM_TRACE_DEBUG ("btm_acl_removed");
384     p = btm_bda_to_acl(bda, transport);
385     if (p != (tACL_CONN *)NULL)
386     {
387         p->in_use = FALSE;
388 
389         /* if the disconnected channel has a pending role switch, clear it now */
390         btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda);
391 
392         /* Only notify if link up has had a chance to be issued */
393         if (p->link_up_issued)
394         {
395             p->link_up_issued = FALSE;
396 
397             /* If anyone cares, tell him database changed */
398             if (btm_cb.p_bl_changed_cb)
399             {
400                 evt_data.event = BTM_BL_DISCN_EVT;
401                 evt_data.discn.p_bda = bda;
402 #if BLE_INCLUDED == TRUE
403                 evt_data.discn.handle = p->hci_handle;
404                 evt_data.discn.transport = p->transport;
405 #endif
406                 (*btm_cb.p_bl_changed_cb)(&evt_data);
407             }
408 
409             btm_acl_update_busy_level (BTM_BLI_ACL_DOWN_EVT);
410         }
411 
412 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
413 
414         BTM_TRACE_DEBUG ("acl hci_handle=%d transport=%d connectable_mode=0x%0x link_role=%d",
415                           p->hci_handle,
416                           p->transport,
417                           btm_cb.ble_ctr_cb.inq_var.connectable_mode,
418                           p->link_role);
419 
420         p_dev_rec = btm_find_dev(bda);
421         if ( p_dev_rec)
422         {
423             BTM_TRACE_DEBUG("before update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
424             if (p->transport == BT_TRANSPORT_LE)
425             {
426                 BTM_TRACE_DEBUG("LE link down");
427                 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
428                 if ( (p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_KNOWN) == 0)
429                 {
430                     BTM_TRACE_DEBUG("Not Bonded");
431                     p_dev_rec->sec_flags &= ~(BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_LE_AUTHENTICATED);
432                 }
433                 else
434                 {
435                     BTM_TRACE_DEBUG("Bonded");
436                 }
437             }
438             else
439             {
440                 BTM_TRACE_DEBUG("Bletooth link down");
441                 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
442                                         | BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
443             }
444             BTM_TRACE_DEBUG("after update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
445         }
446         else
447         {
448             BTM_TRACE_ERROR("Device not found");
449 
450         }
451 #endif
452 
453         /* Clear the ACL connection data */
454         memset(p, 0, sizeof(tACL_CONN));
455     }
456 }
457 
458 
459 /*******************************************************************************
460 **
461 ** Function         btm_acl_device_down
462 **
463 ** Description      This function is called when the local device is deemed
464 **                  to be down. It notifies L2CAP of the failure.
465 **
466 ** Returns          void
467 **
468 *******************************************************************************/
btm_acl_device_down(void)469 void btm_acl_device_down (void)
470 {
471     tACL_CONN   *p = &btm_cb.acl_db[0];
472     UINT16      xx;
473     BTM_TRACE_DEBUG ("btm_acl_device_down");
474     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++)
475     {
476         if (p->in_use)
477         {
478             BTM_TRACE_DEBUG ("hci_handle=%d HCI_ERR_HW_FAILURE ",p->hci_handle );
479             l2c_link_hci_disc_comp (p->hci_handle, HCI_ERR_HW_FAILURE);
480         }
481     }
482 }
483 
484 /*******************************************************************************
485 **
486 ** Function         btm_acl_update_busy_level
487 **
488 ** Description      This function is called to update the busy level of the system
489 **                  .
490 **
491 ** Returns          void
492 **
493 *******************************************************************************/
btm_acl_update_busy_level(tBTM_BLI_EVENT event)494 void btm_acl_update_busy_level (tBTM_BLI_EVENT event)
495 {
496     tBTM_BL_UPDATE_DATA  evt;
497     UINT8 busy_level;
498     BTM_TRACE_DEBUG ("btm_acl_update_busy_level");
499     BOOLEAN old_inquiry_state = btm_cb.is_inquiry;
500     switch (event)
501     {
502         case BTM_BLI_ACL_UP_EVT:
503             BTM_TRACE_DEBUG ("BTM_BLI_ACL_UP_EVT");
504             break;
505         case BTM_BLI_ACL_DOWN_EVT:
506             BTM_TRACE_DEBUG ("BTM_BLI_ACL_DOWN_EVT");
507             break;
508         case BTM_BLI_PAGE_EVT:
509             BTM_TRACE_DEBUG ("BTM_BLI_PAGE_EVT");
510             btm_cb.is_paging = TRUE;
511             evt.busy_level_flags= BTM_BL_PAGING_STARTED;
512             break;
513         case BTM_BLI_PAGE_DONE_EVT:
514             BTM_TRACE_DEBUG ("BTM_BLI_PAGE_DONE_EVT");
515             btm_cb.is_paging = FALSE;
516             evt.busy_level_flags = BTM_BL_PAGING_COMPLETE;
517             break;
518         case BTM_BLI_INQ_EVT:
519             BTM_TRACE_DEBUG ("BTM_BLI_INQ_EVT");
520             btm_cb.is_inquiry = TRUE;
521             evt.busy_level_flags = BTM_BL_INQUIRY_STARTED;
522             break;
523         case BTM_BLI_INQ_CANCEL_EVT:
524             BTM_TRACE_DEBUG ("BTM_BLI_INQ_CANCEL_EVT");
525             btm_cb.is_inquiry = FALSE;
526             evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED;
527             break;
528         case BTM_BLI_INQ_DONE_EVT:
529             BTM_TRACE_DEBUG ("BTM_BLI_INQ_DONE_EVT");
530             btm_cb.is_inquiry = FALSE;
531             evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE;
532             break;
533     }
534 
535     if (btm_cb.is_paging || btm_cb.is_inquiry)
536         busy_level = 10;
537     else
538         busy_level = BTM_GetNumAclLinks();
539 
540     if ((busy_level != btm_cb.busy_level) ||(old_inquiry_state != btm_cb.is_inquiry))
541     {
542         evt.event         = BTM_BL_UPDATE_EVT;
543         evt.busy_level    = busy_level;
544         btm_cb.busy_level = busy_level;
545         if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK))
546         {
547             (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
548         }
549     }
550 }
551 
552 /*******************************************************************************
553 **
554 ** Function         BTM_GetRole
555 **
556 ** Description      This function is called to get the role of the local device
557 **                  for the ACL connection with the specified remote device
558 **
559 ** Returns          BTM_SUCCESS if connection exists.
560 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
561 **
562 *******************************************************************************/
BTM_GetRole(BD_ADDR remote_bd_addr,UINT8 * p_role)563 tBTM_STATUS BTM_GetRole (BD_ADDR remote_bd_addr, UINT8 *p_role)
564 {
565     tACL_CONN   *p;
566     BTM_TRACE_DEBUG ("BTM_GetRole");
567     if ((p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR)) == NULL)
568     {
569         *p_role = BTM_ROLE_UNDEFINED;
570         return(BTM_UNKNOWN_ADDR);
571     }
572 
573     /* Get the current role */
574     *p_role = p->link_role;
575     return(BTM_SUCCESS);
576 }
577 
578 
579 /*******************************************************************************
580 **
581 ** Function         BTM_SwitchRole
582 **
583 ** Description      This function is called to switch role between master and
584 **                  slave.  If role is already set it will do nothing.  If the
585 **                  command was initiated, the callback function is called upon
586 **                  completion.
587 **
588 ** Returns          BTM_SUCCESS if already in specified role.
589 **                  BTM_CMD_STARTED if command issued to controller.
590 **                  BTM_NO_RESOURCES if couldn't allocate memory to issue command
591 **                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
592 **                  BTM_MODE_UNSUPPORTED if local device does not support role switching
593 **                  BTM_BUSY if the previous command is not completed
594 **
595 *******************************************************************************/
BTM_SwitchRole(BD_ADDR remote_bd_addr,UINT8 new_role,tBTM_CMPL_CB * p_cb)596 tBTM_STATUS BTM_SwitchRole (BD_ADDR remote_bd_addr, UINT8 new_role, tBTM_CMPL_CB *p_cb)
597 {
598     tACL_CONN   *p;
599     tBTM_SEC_DEV_REC  *p_dev_rec = NULL;
600 #if BTM_SCO_INCLUDED == TRUE
601     BOOLEAN    is_sco_active;
602 #endif
603     tBTM_STATUS  status;
604     tBTM_PM_MODE pwr_mode;
605     tBTM_PM_PWR_MD settings;
606 #if (BT_USE_TRACES == TRUE)
607     BD_ADDR_PTR  p_bda;
608 #endif
609     BTM_TRACE_API ("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x",
610                     remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2],
611                     remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]);
612 
613     /* Make sure the local device supports switching */
614     if (!controller_get_interface()->supports_master_slave_role_switch())
615         return(BTM_MODE_UNSUPPORTED);
616 
617     if (btm_cb.devcb.p_switch_role_cb && p_cb)
618     {
619 #if (BT_USE_TRACES == TRUE)
620         p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
621         BTM_TRACE_DEBUG ("Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x",
622                           p_bda[0], p_bda[1], p_bda[2],
623                           p_bda[3], p_bda[4], p_bda[5]);
624 #endif
625         return(BTM_BUSY);
626     }
627 
628     if ((p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR)) == NULL)
629         return(BTM_UNKNOWN_ADDR);
630 
631     /* Finished if already in desired role */
632     if (p->link_role == new_role)
633         return(BTM_SUCCESS);
634 
635 #if BTM_SCO_INCLUDED == TRUE
636     /* Check if there is any SCO Active on this BD Address */
637     is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr);
638 
639     if (is_sco_active == TRUE)
640         return(BTM_NO_RESOURCES);
641 #endif
642 
643     /* Ignore role switch request if the previous request was not completed */
644     if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE)
645     {
646         BTM_TRACE_DEBUG ("BTM_SwitchRole busy: %d",
647                           p->switch_role_state);
648         return(BTM_BUSY);
649     }
650 
651     if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS)
652         return(status);
653 
654     /* Wake up the link if in sniff or park before attempting switch */
655     if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF)
656     {
657         memset( (void*)&settings, 0, sizeof(settings));
658         settings.mode = BTM_PM_MD_ACTIVE;
659         status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
660         if (status != BTM_CMD_STARTED)
661             return(BTM_WRONG_MODE);
662 
663         p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
664     }
665     /* some devices do not support switch while encryption is on */
666     else
667     {
668         p_dev_rec = btm_find_dev (remote_bd_addr);
669         if ((p_dev_rec != NULL)
670             && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
671             && !BTM_EPR_AVAILABLE(p))
672         {
673             /* bypass turning off encryption if change link key is already doing it */
674             if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF)
675             {
676                 if (!btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
677                     return(BTM_NO_RESOURCES);
678                 else
679                     p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
680             }
681 
682             p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
683         }
684         else
685         {
686             if (!btsnd_hcic_switch_role (remote_bd_addr, new_role))
687                 return(BTM_NO_RESOURCES);
688 
689             p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
690 
691 #if BTM_DISC_DURING_RS == TRUE
692             if (p_dev_rec)
693                 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
694 #endif
695         }
696     }
697 
698     /* Initialize return structure in case request fails */
699     if (p_cb)
700     {
701         memcpy (btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr,
702                 BD_ADDR_LEN);
703         btm_cb.devcb.switch_role_ref_data.role = new_role;
704         /* initialized to an error code */
705         btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE;
706         btm_cb.devcb.p_switch_role_cb = p_cb;
707     }
708     return(BTM_CMD_STARTED);
709 }
710 
711 /*******************************************************************************
712 **
713 ** Function         btm_acl_encrypt_change
714 **
715 ** Description      This function is when encryption of the connection is
716 **                  completed by the LM.  Checks to see if a role switch or
717 **                  change of link key was active and initiates or continues
718 **                  process if needed.
719 **
720 ** Returns          void
721 **
722 *******************************************************************************/
btm_acl_encrypt_change(UINT16 handle,UINT8 status,UINT8 encr_enable)723 void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable)
724 {
725     tACL_CONN *p;
726     UINT8     xx;
727     tBTM_SEC_DEV_REC  *p_dev_rec;
728     tBTM_BL_ROLE_CHG_DATA   evt;
729 
730     BTM_TRACE_DEBUG ("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d",
731                       handle, status, encr_enable);
732     xx = btm_handle_to_acl_index(handle);
733     /* don't assume that we can never get a bad hci_handle */
734     if (xx < MAX_L2CAP_LINKS)
735         p = &btm_cb.acl_db[xx];
736     else
737         return;
738 
739     /* Process Role Switch if active */
740     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF)
741     {
742         /* if encryption turn off failed we still will try to switch role */
743         if (encr_enable)
744         {
745             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
746             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
747         }
748         else
749         {
750             p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING;
751             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
752         }
753 
754         if (!btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role))
755         {
756             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
757             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
758             btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
759         }
760 #if BTM_DISC_DURING_RS == TRUE
761         else
762         {
763             if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
764                 p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
765         }
766 #endif
767 
768     }
769     /* Finished enabling Encryption after role switch */
770     else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON)
771     {
772         p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
773         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
774         btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr);
775 
776         /* if role change event is registered, report it now */
777         if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
778         {
779             evt.event       = BTM_BL_ROLE_CHG_EVT;
780             evt.new_role    = btm_cb.devcb.switch_role_ref_data.role;
781             evt.p_bda       = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
782             evt.hci_status  = btm_cb.devcb.switch_role_ref_data.hci_status;
783             (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
784 
785             BTM_TRACE_DEBUG("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
786                              evt.new_role, evt.hci_status, p->switch_role_state);
787         }
788 
789 #if BTM_DISC_DURING_RS == TRUE
790         /* If a disconnect is pending, issue it now that role switch has completed */
791         if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL)
792         {
793             if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
794             {
795                 BTM_TRACE_WARNING("btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!");
796                 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
797             }
798             BTM_TRACE_ERROR("btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
799                 (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending);
800             p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING;     /* reset flag */
801         }
802 #endif
803     }
804 }
805 /*******************************************************************************
806 **
807 ** Function         BTM_SetLinkPolicy
808 **
809 ** Description      Create and send HCI "Write Policy Set" command
810 **
811 ** Returns          status of the operation
812 **
813 *******************************************************************************/
BTM_SetLinkPolicy(BD_ADDR remote_bda,UINT16 * settings)814 tBTM_STATUS BTM_SetLinkPolicy (BD_ADDR remote_bda, UINT16 *settings)
815 {
816     tACL_CONN   *p;
817     UINT8       *localFeatures = BTM_ReadLocalFeatures();
818     BTM_TRACE_DEBUG ("BTM_SetLinkPolicy");
819 /*    BTM_TRACE_API ("BTM_SetLinkPolicy: requested settings: 0x%04x", *settings ); */
820 
821     /* First, check if hold mode is supported */
822     if (*settings != HCI_DISABLE_ALL_LM_MODES)
823     {
824         if ( (*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)) )
825         {
826             *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH);
827             BTM_TRACE_API ("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)", *settings );
828         }
829         if ( (*settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)) )
830         {
831             *settings &= (~HCI_ENABLE_HOLD_MODE);
832             BTM_TRACE_API ("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)", *settings );
833         }
834         if ( (*settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)) )
835         {
836             *settings &= (~HCI_ENABLE_SNIFF_MODE);
837             BTM_TRACE_API ("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)", *settings );
838         }
839         if ( (*settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)) )
840         {
841             *settings &= (~HCI_ENABLE_PARK_MODE);
842             BTM_TRACE_API ("BTM_SetLinkPolicy park not supported (settings: 0x%04x)", *settings );
843         }
844     }
845 
846     if ((p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR)) != NULL)
847         return(btsnd_hcic_write_policy_set (p->hci_handle, *settings) ? BTM_CMD_STARTED : BTM_NO_RESOURCES);
848 
849     /* If here, no BD Addr found */
850     return(BTM_UNKNOWN_ADDR);
851 }
852 
853 /*******************************************************************************
854 **
855 ** Function         BTM_SetDefaultLinkPolicy
856 **
857 ** Description      Set the default value for HCI "Write Policy Set" command
858 **                  to use when an ACL link is created.
859 **
860 ** Returns          void
861 **
862 *******************************************************************************/
BTM_SetDefaultLinkPolicy(UINT16 settings)863 void BTM_SetDefaultLinkPolicy (UINT16 settings)
864 {
865     UINT8 *localFeatures = BTM_ReadLocalFeatures();
866 
867     BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy setting:0x%04x", settings);
868 
869     if((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)))
870     {
871         settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
872         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)", settings);
873     }
874     if ((settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)))
875     {
876         settings &= ~HCI_ENABLE_HOLD_MODE;
877         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)", settings);
878     }
879     if ((settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)))
880     {
881         settings &= ~HCI_ENABLE_SNIFF_MODE;
882         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)", settings);
883     }
884     if ((settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)))
885     {
886         settings &= ~HCI_ENABLE_PARK_MODE;
887         BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)", settings);
888     }
889     BTM_TRACE_DEBUG("Set DefaultLinkPolicy:0x%04x", settings);
890 
891     btm_cb.btm_def_link_policy = settings;
892 
893     /* Set the default Link Policy of the controller */
894     btsnd_hcic_write_def_policy_set(settings);
895 }
896 
897 /*******************************************************************************
898 **
899 ** Function         btm_read_remote_version_complete
900 **
901 ** Description      This function is called when the command complete message
902 **                  is received from the HCI for the remote version info.
903 **
904 ** Returns          void
905 **
906 *******************************************************************************/
btm_read_remote_version_complete(UINT8 * p)907 void btm_read_remote_version_complete (UINT8 *p)
908 {
909     tACL_CONN        *p_acl_cb = &btm_cb.acl_db[0];
910     UINT8             status;
911     UINT16            handle;
912     int               xx;
913     BTM_TRACE_DEBUG ("btm_read_remote_version_complete");
914     STREAM_TO_UINT8  (status, p);
915     if (status == HCI_SUCCESS)
916     {
917         STREAM_TO_UINT16 (handle, p);
918 
919         /* Look up the connection by handle and copy features */
920         for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++)
921         {
922             if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle))
923             {
924                 STREAM_TO_UINT8  (p_acl_cb->lmp_version, p);
925                 STREAM_TO_UINT16 (p_acl_cb->manufacturer, p);
926                 STREAM_TO_UINT16 (p_acl_cb->lmp_subversion, p);
927                 break;
928             }
929         }
930     }
931 }
932 
933 
934 /*******************************************************************************
935 **
936 ** Function         btm_process_remote_ext_features
937 **
938 ** Description      Local function called to process all extended features pages
939 **                  read from a remote device.
940 **
941 ** Returns          void
942 **
943 *******************************************************************************/
btm_process_remote_ext_features(tACL_CONN * p_acl_cb,UINT8 num_read_pages)944 void btm_process_remote_ext_features (tACL_CONN *p_acl_cb, UINT8 num_read_pages)
945 {
946     UINT16              handle = p_acl_cb->hci_handle;
947     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev_by_handle (handle);
948     UINT8               page_idx;
949 
950     BTM_TRACE_DEBUG ("btm_process_remote_ext_features");
951 
952     /* Make sure we have the record to save remote features information */
953     if (p_dev_rec == NULL)
954     {
955         /* Get a new device; might be doing dedicated bonding */
956         p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr);
957     }
958 
959     p_acl_cb->num_read_pages = num_read_pages;
960     p_dev_rec->num_read_pages = num_read_pages;
961 
962     /* Move the pages to placeholder */
963     for (page_idx = 0; page_idx < num_read_pages; page_idx++)
964     {
965         if (page_idx > HCI_EXT_FEATURES_PAGE_MAX)
966         {
967             BTM_TRACE_ERROR("%s: page=%d unexpected", __FUNCTION__, page_idx);
968             break;
969         }
970         memcpy (p_dev_rec->features[page_idx], p_acl_cb->peer_lmp_features[page_idx],
971                 HCI_FEATURE_BYTES_PER_PAGE);
972     }
973 
974     const UINT8 req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
975 
976     /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
977     btm_sec_set_peer_sec_caps(p_acl_cb, p_dev_rec);
978 
979     BTM_TRACE_API("%s: pend:%d", __FUNCTION__, req_pend);
980     if (req_pend)
981     {
982         /* Request for remaining Security Features (if any) */
983         l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr);
984     }
985 }
986 
987 
988 /*******************************************************************************
989 **
990 ** Function         btm_read_remote_features
991 **
992 ** Description      Local function called to send a read remote supported features/
993 **                  remote extended features page[0].
994 **
995 ** Returns          void
996 **
997 *******************************************************************************/
btm_read_remote_features(UINT16 handle)998 void btm_read_remote_features (UINT16 handle)
999 {
1000     UINT8       acl_idx;
1001     tACL_CONN   *p_acl_cb;
1002 
1003     BTM_TRACE_DEBUG("btm_read_remote_features() handle: %d", handle);
1004 
1005     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1006     {
1007         BTM_TRACE_ERROR("btm_read_remote_features handle=%d invalid", handle);
1008         return;
1009     }
1010 
1011     p_acl_cb = &btm_cb.acl_db[acl_idx];
1012     p_acl_cb->num_read_pages = 0;
1013     memset (p_acl_cb->peer_lmp_features, 0, sizeof(p_acl_cb->peer_lmp_features));
1014 
1015     /* first send read remote supported features HCI command */
1016     /* because we don't know whether the remote support extended feature command */
1017     btsnd_hcic_rmt_features_req (handle);
1018 }
1019 
1020 
1021 /*******************************************************************************
1022 **
1023 ** Function         btm_read_remote_ext_features
1024 **
1025 ** Description      Local function called to send a read remote extended features
1026 **
1027 ** Returns          void
1028 **
1029 *******************************************************************************/
btm_read_remote_ext_features(UINT16 handle,UINT8 page_number)1030 void btm_read_remote_ext_features (UINT16 handle, UINT8 page_number)
1031 {
1032     BTM_TRACE_DEBUG("btm_read_remote_ext_features() handle: %d page: %d", handle, page_number);
1033 
1034     btsnd_hcic_rmt_ext_features(handle, page_number);
1035 }
1036 
1037 
1038 /*******************************************************************************
1039 **
1040 ** Function         btm_read_remote_features_complete
1041 **
1042 ** Description      This function is called when the remote supported features
1043 **                  complete event is received from the HCI.
1044 **
1045 ** Returns          void
1046 **
1047 *******************************************************************************/
btm_read_remote_features_complete(UINT8 * p)1048 void btm_read_remote_features_complete (UINT8 *p)
1049 {
1050     tACL_CONN        *p_acl_cb;
1051     UINT8             status;
1052     UINT16            handle;
1053     UINT8            acl_idx;
1054 
1055     BTM_TRACE_DEBUG ("btm_read_remote_features_complete");
1056     STREAM_TO_UINT8  (status, p);
1057 
1058     if (status != HCI_SUCCESS)
1059     {
1060         BTM_TRACE_ERROR ("btm_read_remote_features_complete failed (status 0x%02x)", status);
1061         return;
1062     }
1063 
1064         STREAM_TO_UINT16 (handle, p);
1065 
1066     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1067         {
1068         BTM_TRACE_ERROR("btm_read_remote_features_complete handle=%d invalid", handle);
1069         return;
1070                 }
1071 
1072     p_acl_cb = &btm_cb.acl_db[acl_idx];
1073 
1074     /* Copy the received features page */
1075     STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0], p,
1076                     HCI_FEATURE_BYTES_PER_PAGE);
1077 
1078     if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])) &&
1079         (controller_get_interface()->supports_reading_remote_extended_features()))
1080     {
1081         /* if the remote controller has extended features and local controller supports
1082         ** HCI_Read_Remote_Extended_Features command then start reading these feature starting
1083         ** with extended features page 1 */
1084         BTM_TRACE_DEBUG ("Start reading remote extended features");
1085         btm_read_remote_ext_features(handle, HCI_EXT_FEATURES_PAGE_1);
1086         return;
1087     }
1088 
1089     /* Remote controller has no extended features. Process remote controller supported features
1090        (features page HCI_EXT_FEATURES_PAGE_0). */
1091     btm_process_remote_ext_features (p_acl_cb, 1);
1092 
1093     /* Continue with HCI connection establishment */
1094     btm_establish_continue (p_acl_cb);
1095 }
1096 
1097 /*******************************************************************************
1098 **
1099 ** Function         btm_read_remote_ext_features_complete
1100 **
1101 ** Description      This function is called when the remote extended features
1102 **                  complete event is received from the HCI.
1103 **
1104 ** Returns          void
1105 **
1106 *******************************************************************************/
btm_read_remote_ext_features_complete(UINT8 * p)1107 void btm_read_remote_ext_features_complete (UINT8 *p)
1108 {
1109     tACL_CONN   *p_acl_cb;
1110     UINT8       page_num, max_page;
1111     UINT16      handle;
1112     UINT8       acl_idx;
1113 
1114     BTM_TRACE_DEBUG ("btm_read_remote_ext_features_complete");
1115 
1116     ++p;
1117     STREAM_TO_UINT16 (handle, p);
1118     STREAM_TO_UINT8  (page_num, p);
1119     STREAM_TO_UINT8  (max_page, p);
1120 
1121     /* Validate parameters */
1122     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1123     {
1124         BTM_TRACE_ERROR("btm_read_remote_ext_features_complete handle=%d invalid", handle);
1125         return;
1126     }
1127 
1128     if (max_page > HCI_EXT_FEATURES_PAGE_MAX)
1129     {
1130         BTM_TRACE_ERROR("btm_read_remote_ext_features_complete page=%d unknown", max_page);
1131         return;
1132     }
1133 
1134     p_acl_cb = &btm_cb.acl_db[acl_idx];
1135 
1136     /* Copy the received features page */
1137     STREAM_TO_ARRAY(p_acl_cb->peer_lmp_features[page_num], p, HCI_FEATURE_BYTES_PER_PAGE);
1138 
1139     /* If there is the next remote features page and
1140      * we have space to keep this page data - read this page */
1141     if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX))
1142     {
1143         page_num++;
1144         BTM_TRACE_DEBUG("BTM reads next remote extended features page (%d)", page_num);
1145         btm_read_remote_ext_features (handle, page_num);
1146         return;
1147     }
1148 
1149     /* Reading of remote feature pages is complete */
1150     BTM_TRACE_DEBUG("BTM reached last remote extended features page (%d)", page_num);
1151 
1152     /* Process the pages */
1153     btm_process_remote_ext_features (p_acl_cb, (UINT8) (page_num + 1));
1154 
1155     /* Continue with HCI connection establishment */
1156     btm_establish_continue (p_acl_cb);
1157 }
1158 
1159 /*******************************************************************************
1160 **
1161 ** Function         btm_read_remote_ext_features_failed
1162 **
1163 ** Description      This function is called when the remote extended features
1164 **                  complete event returns a failed status.
1165 **
1166 ** Returns          void
1167 **
1168 *******************************************************************************/
btm_read_remote_ext_features_failed(UINT8 status,UINT16 handle)1169 void btm_read_remote_ext_features_failed (UINT8 status, UINT16 handle)
1170 {
1171     tACL_CONN   *p_acl_cb;
1172     UINT8       acl_idx;
1173 
1174     BTM_TRACE_WARNING ("btm_read_remote_ext_features_failed (status 0x%02x) for handle %d",
1175                          status, handle);
1176 
1177     if ((acl_idx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS)
1178     {
1179         BTM_TRACE_ERROR("btm_read_remote_ext_features_failed handle=%d invalid", handle);
1180         return;
1181     }
1182 
1183     p_acl_cb = &btm_cb.acl_db[acl_idx];
1184 
1185     /* Process supported features only */
1186     btm_process_remote_ext_features (p_acl_cb, 1);
1187 
1188     /* Continue HCI connection establishment */
1189     btm_establish_continue (p_acl_cb);
1190 }
1191 
1192 /*******************************************************************************
1193 **
1194 ** Function         btm_establish_continue
1195 **
1196 ** Description      This function is called when the command complete message
1197 **                  is received from the HCI for the read local link policy request.
1198 **
1199 ** Returns          void
1200 **
1201 *******************************************************************************/
btm_establish_continue(tACL_CONN * p_acl_cb)1202 void btm_establish_continue (tACL_CONN *p_acl_cb)
1203 {
1204         tBTM_BL_EVENT_DATA  evt_data;
1205         BTM_TRACE_DEBUG ("btm_establish_continue");
1206 #if (!defined(BTM_BYPASS_EXTRA_ACL_SETUP) || BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
1207 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
1208         if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR)
1209 #endif
1210         {
1211             /* For now there are a some devices that do not like sending */
1212             /* commands events and data at the same time. */
1213             /* Set the packet types to the default allowed by the device */
1214             btm_set_packet_types (p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
1215 
1216             if (btm_cb.btm_def_link_policy)
1217                 BTM_SetLinkPolicy (p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
1218         }
1219 #endif
1220         p_acl_cb->link_up_issued = TRUE;
1221 
1222         /* If anyone cares, tell him database changed */
1223         if (btm_cb.p_bl_changed_cb)
1224         {
1225             evt_data.event = BTM_BL_CONN_EVT;
1226             evt_data.conn.p_bda = p_acl_cb->remote_addr;
1227             evt_data.conn.p_bdn = p_acl_cb->remote_name;
1228             evt_data.conn.p_dc  = p_acl_cb->remote_dc;
1229             evt_data.conn.p_features = p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0];
1230 #if BLE_INCLUDED == TRUE
1231             evt_data.conn.handle = p_acl_cb->hci_handle;
1232             evt_data.conn.transport = p_acl_cb->transport;
1233 #endif
1234 
1235             (*btm_cb.p_bl_changed_cb)(&evt_data);
1236         }
1237         btm_acl_update_busy_level (BTM_BLI_ACL_UP_EVT);
1238 }
1239 
1240 
1241 /*******************************************************************************
1242 **
1243 ** Function         BTM_SetDefaultLinkSuperTout
1244 **
1245 ** Description      Set the default value for HCI "Write Link Supervision Timeout"
1246 **                  command to use when an ACL link is created.
1247 **
1248 ** Returns          void
1249 **
1250 *******************************************************************************/
BTM_SetDefaultLinkSuperTout(UINT16 timeout)1251 void BTM_SetDefaultLinkSuperTout (UINT16 timeout)
1252 {
1253     BTM_TRACE_DEBUG ("BTM_SetDefaultLinkSuperTout");
1254     btm_cb.btm_def_link_super_tout = timeout;
1255 }
1256 
1257 /*******************************************************************************
1258 **
1259 ** Function         BTM_GetLinkSuperTout
1260 **
1261 ** Description      Read the link supervision timeout value of the connection
1262 **
1263 ** Returns          status of the operation
1264 **
1265 *******************************************************************************/
BTM_GetLinkSuperTout(BD_ADDR remote_bda,UINT16 * p_timeout)1266 tBTM_STATUS BTM_GetLinkSuperTout (BD_ADDR remote_bda, UINT16 *p_timeout)
1267 {
1268     tACL_CONN   *p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1269 
1270     BTM_TRACE_DEBUG ("BTM_GetLinkSuperTout");
1271     if (p != (tACL_CONN *)NULL)
1272     {
1273         *p_timeout = p->link_super_tout;
1274         return(BTM_SUCCESS);
1275     }
1276     /* If here, no BD Addr found */
1277     return(BTM_UNKNOWN_ADDR);
1278 }
1279 
1280 
1281 /*******************************************************************************
1282 **
1283 ** Function         BTM_SetLinkSuperTout
1284 **
1285 ** Description      Create and send HCI "Write Link Supervision Timeout" command
1286 **
1287 ** Returns          status of the operation
1288 **
1289 *******************************************************************************/
BTM_SetLinkSuperTout(BD_ADDR remote_bda,UINT16 timeout)1290 tBTM_STATUS BTM_SetLinkSuperTout (BD_ADDR remote_bda, UINT16 timeout)
1291 {
1292     tACL_CONN   *p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1293 
1294     BTM_TRACE_DEBUG ("BTM_SetLinkSuperTout");
1295     if (p != (tACL_CONN *)NULL)
1296     {
1297         p->link_super_tout = timeout;
1298 
1299         /* Only send if current role is Master; 2.0 spec requires this */
1300         if (p->link_role == BTM_ROLE_MASTER)
1301         {
1302             if (!btsnd_hcic_write_link_super_tout (LOCAL_BR_EDR_CONTROLLER_ID,
1303                                                    p->hci_handle, timeout))
1304                 return(BTM_NO_RESOURCES);
1305 
1306             return(BTM_CMD_STARTED);
1307         }
1308         else
1309             return(BTM_SUCCESS);
1310     }
1311 
1312     /* If here, no BD Addr found */
1313     return(BTM_UNKNOWN_ADDR);
1314 }
1315 
1316 /*******************************************************************************
1317 **
1318 ** Function         BTM_IsAclConnectionUp
1319 **
1320 ** Description      This function is called to check if an ACL connection exists
1321 **                  to a specific remote BD Address.
1322 **
1323 ** Returns          TRUE if connection is up, else FALSE.
1324 **
1325 *******************************************************************************/
BTM_IsAclConnectionUp(BD_ADDR remote_bda,tBT_TRANSPORT transport)1326 BOOLEAN BTM_IsAclConnectionUp (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1327 {
1328     tACL_CONN   *p;
1329 
1330     BTM_TRACE_API ("BTM_IsAclConnectionUp: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1331                     remote_bda[0], remote_bda[1], remote_bda[2],
1332                     remote_bda[3], remote_bda[4], remote_bda[5]);
1333 
1334     p = btm_bda_to_acl(remote_bda, transport);
1335     if (p != (tACL_CONN *)NULL)
1336     {
1337         return(TRUE);
1338     }
1339 
1340     /* If here, no BD Addr found */
1341     return(FALSE);
1342 }
1343 
1344 /*******************************************************************************
1345 **
1346 ** Function         BTM_GetNumAclLinks
1347 **
1348 ** Description      This function is called to count the number of
1349 **                  ACL links that are active.
1350 **
1351 ** Returns          UINT16  Number of active ACL links
1352 **
1353 *******************************************************************************/
BTM_GetNumAclLinks(void)1354 UINT16 BTM_GetNumAclLinks (void)
1355 {
1356     uint16_t num_acl = 0;
1357 
1358     for (uint16_t i = 0; i < MAX_L2CAP_LINKS; ++i)
1359     {
1360         if (btm_cb.acl_db[i].in_use)
1361             ++num_acl;
1362     }
1363 
1364     return num_acl;
1365 }
1366 
1367 /*******************************************************************************
1368 **
1369 ** Function         btm_get_acl_disc_reason_code
1370 **
1371 ** Description      This function is called to get the disconnection reason code
1372 **                  returned by the HCI at disconnection complete event.
1373 **
1374 ** Returns          TRUE if connection is up, else FALSE.
1375 **
1376 *******************************************************************************/
btm_get_acl_disc_reason_code(void)1377 UINT16 btm_get_acl_disc_reason_code (void)
1378 {
1379     UINT8 res = btm_cb.acl_disc_reason;
1380     BTM_TRACE_DEBUG ("btm_get_acl_disc_reason_code");
1381     return(res);
1382 }
1383 
1384 
1385 /*******************************************************************************
1386 **
1387 ** Function         BTM_GetHCIConnHandle
1388 **
1389 ** Description      This function is called to get the handle for an ACL connection
1390 **                  to a specific remote BD Address.
1391 **
1392 ** Returns          the handle of the connection, or 0xFFFF if none.
1393 **
1394 *******************************************************************************/
BTM_GetHCIConnHandle(BD_ADDR remote_bda,tBT_TRANSPORT transport)1395 UINT16 BTM_GetHCIConnHandle (BD_ADDR remote_bda, tBT_TRANSPORT transport)
1396 {
1397     tACL_CONN   *p;
1398     BTM_TRACE_DEBUG ("BTM_GetHCIConnHandle");
1399     p = btm_bda_to_acl(remote_bda, transport);
1400     if (p != (tACL_CONN *)NULL)
1401     {
1402         return(p->hci_handle);
1403     }
1404 
1405     /* If here, no BD Addr found */
1406     return(0xFFFF);
1407 }
1408 
1409 /*******************************************************************************
1410 **
1411 ** Function         btm_process_clk_off_comp_evt
1412 **
1413 ** Description      This function is called when clock offset command completes.
1414 **
1415 ** Input Parms      hci_handle - connection handle associated with the change
1416 **                  clock offset
1417 **
1418 ** Returns          void
1419 **
1420 *******************************************************************************/
btm_process_clk_off_comp_evt(UINT16 hci_handle,UINT16 clock_offset)1421 void btm_process_clk_off_comp_evt (UINT16 hci_handle, UINT16 clock_offset)
1422 {
1423     UINT8      xx;
1424     BTM_TRACE_DEBUG ("btm_process_clk_off_comp_evt");
1425     /* Look up the connection by handle and set the current mode */
1426     if ((xx = btm_handle_to_acl_index(hci_handle)) < MAX_L2CAP_LINKS)
1427         btm_cb.acl_db[xx].clock_offset = clock_offset;
1428 }
1429 
1430 /*******************************************************************************
1431 **
1432 ** Function         btm_acl_role_changed
1433 **
1434 ** Description      This function is called whan a link's master/slave role change
1435 **                  event or command status event (with error) is received.
1436 **                  It updates the link control block, and calls
1437 **                  the registered callback with status and role (if registered).
1438 **
1439 ** Returns          void
1440 **
1441 *******************************************************************************/
btm_acl_role_changed(UINT8 hci_status,BD_ADDR bd_addr,UINT8 new_role)1442 void btm_acl_role_changed (UINT8 hci_status, BD_ADDR bd_addr, UINT8 new_role)
1443 {
1444     UINT8                   *p_bda = (bd_addr) ? bd_addr :
1445                                         btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
1446     tACL_CONN               *p = btm_bda_to_acl(p_bda, BT_TRANSPORT_BR_EDR);
1447     tBTM_ROLE_SWITCH_CMPL   *p_data = &btm_cb.devcb.switch_role_ref_data;
1448     tBTM_SEC_DEV_REC        *p_dev_rec;
1449     tBTM_BL_ROLE_CHG_DATA   evt;
1450 
1451     BTM_TRACE_DEBUG ("btm_acl_role_changed");
1452     /* Ignore any stray events */
1453     if (p == NULL)
1454     {
1455         /* it could be a failure */
1456         if (hci_status != HCI_SUCCESS)
1457             btm_acl_report_role_change(hci_status, bd_addr);
1458         return;
1459     }
1460 
1461     p_data->hci_status = hci_status;
1462 
1463     if (hci_status == HCI_SUCCESS)
1464     {
1465         p_data->role = new_role;
1466         memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN);
1467 
1468         /* Update cached value */
1469         p->link_role = new_role;
1470 
1471         /* Reload LSTO: link supervision timeout is reset in the LM after a role switch */
1472         if (new_role == BTM_ROLE_MASTER)
1473         {
1474             BTM_SetLinkSuperTout (p->remote_addr, p->link_super_tout);
1475         }
1476     }
1477     else
1478     {
1479         /* so the BTM_BL_ROLE_CHG_EVT uses the old role */
1480         new_role = p->link_role;
1481     }
1482 
1483     /* Check if any SCO req is pending for role change */
1484     btm_sco_chk_pend_rolechange (p->hci_handle);
1485 
1486     /* if switching state is switching we need to turn encryption on */
1487     /* if idle, we did not change encryption */
1488     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING)
1489     {
1490         if (btsnd_hcic_set_conn_encrypt (p->hci_handle, TRUE))
1491         {
1492             p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
1493             p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
1494             return;
1495         }
1496     }
1497 
1498     /* Set the switch_role_state to IDLE since the reply received from HCI */
1499     /* regardless of its result either success or failed. */
1500     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS)
1501     {
1502         p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
1503         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
1504     }
1505 
1506     /* if role switch complete is needed, report it now */
1507     btm_acl_report_role_change(hci_status, bd_addr);
1508 
1509     /* if role change event is registered, report it now */
1510     if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK))
1511     {
1512         evt.event       = BTM_BL_ROLE_CHG_EVT;
1513         evt.new_role    = new_role;
1514         evt.p_bda       = p_bda;
1515         evt.hci_status  = hci_status;
1516         (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt);
1517     }
1518 
1519     BTM_TRACE_DEBUG("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
1520                      p_data->role, p_data->hci_status, p->switch_role_state);
1521 
1522 #if BTM_DISC_DURING_RS == TRUE
1523     /* If a disconnect is pending, issue it now that role switch has completed */
1524     if ((p_dev_rec = btm_find_dev (p_bda)) != NULL)
1525     {
1526         if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING)
1527         {
1528             BTM_TRACE_WARNING("btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!");
1529             btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
1530         }
1531         BTM_TRACE_ERROR("tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
1532                          (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending);
1533         p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING;     /* reset flag */
1534     }
1535 
1536 #endif
1537 
1538 }
1539 
1540 /*******************************************************************************
1541 **
1542 ** Function         BTM_AllocateSCN
1543 **
1544 ** Description      Look through the Server Channel Numbers for a free one.
1545 **
1546 ** Returns          Allocated SCN number or 0 if none.
1547 **
1548 *******************************************************************************/
1549 
BTM_AllocateSCN(void)1550 UINT8 BTM_AllocateSCN(void)
1551 {
1552     UINT8   x;
1553     BTM_TRACE_DEBUG ("BTM_AllocateSCN");
1554 
1555     // stack reserves scn 1 for HFP, HSP we still do the correct way
1556     for (x = 1; x < BTM_MAX_SCN; x++)
1557     {
1558         if (!btm_cb.btm_scn[x])
1559         {
1560             btm_cb.btm_scn[x] = TRUE;
1561             return(x+1);
1562         }
1563     }
1564 
1565     return(0);     /* No free ports */
1566 }
1567 
1568 /*******************************************************************************
1569 **
1570 ** Function         BTM_TryAllocateSCN
1571 **
1572 ** Description      Try to allocate a fixed server channel
1573 **
1574 ** Returns          Returns TRUE if server channel was available
1575 **
1576 *******************************************************************************/
1577 
BTM_TryAllocateSCN(UINT8 scn)1578 BOOLEAN BTM_TryAllocateSCN(UINT8 scn)
1579 {
1580     /* Make sure we don't exceed max port range.
1581      * Stack reserves scn 1 for HFP, HSP we still do the correct way.
1582      */
1583     if ( (scn>=BTM_MAX_SCN) || (scn == 1) )
1584         return FALSE;
1585 
1586     /* check if this port is available */
1587     if (!btm_cb.btm_scn[scn-1])
1588     {
1589         btm_cb.btm_scn[scn-1] = TRUE;
1590         return TRUE;
1591     }
1592 
1593     return (FALSE);     /* Port was busy */
1594 }
1595 
1596 /*******************************************************************************
1597 **
1598 ** Function         BTM_FreeSCN
1599 **
1600 ** Description      Free the specified SCN.
1601 **
1602 ** Returns          TRUE or FALSE
1603 **
1604 *******************************************************************************/
BTM_FreeSCN(UINT8 scn)1605 BOOLEAN BTM_FreeSCN(UINT8 scn)
1606 {
1607     BTM_TRACE_DEBUG ("BTM_FreeSCN ");
1608     if (scn <= BTM_MAX_SCN)
1609     {
1610         btm_cb.btm_scn[scn-1] = FALSE;
1611         return(TRUE);
1612     }
1613     else
1614         return(FALSE);      /* Illegal SCN passed in */
1615 }
1616 
1617 /*******************************************************************************
1618 **
1619 ** Function         btm_set_packet_types
1620 **
1621 ** Description      This function sets the packet types used for a specific
1622 **                  ACL connection. It is called internally by btm_acl_created
1623 **                  or by an application/profile by BTM_SetPacketTypes.
1624 **
1625 ** Returns          status of the operation
1626 **
1627 *******************************************************************************/
btm_set_packet_types(tACL_CONN * p,UINT16 pkt_types)1628 tBTM_STATUS btm_set_packet_types (tACL_CONN *p, UINT16 pkt_types)
1629 {
1630     UINT16 temp_pkt_types;
1631     BTM_TRACE_DEBUG ("btm_set_packet_types");
1632     /* Save in the ACL control blocks, types that we support */
1633     temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK &
1634                       btm_cb.btm_acl_pkt_types_supported);
1635 
1636     /* OR in any exception packet types if at least 2.0 version of spec */
1637     temp_pkt_types |= ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) |
1638                        (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK));
1639 
1640     /* Exclude packet types not supported by the peer */
1641     btm_acl_chk_peer_pkt_type_support (p, &temp_pkt_types);
1642 
1643     BTM_TRACE_DEBUG ("SetPacketType Mask -> 0x%04x", temp_pkt_types);
1644 
1645     if (!btsnd_hcic_change_conn_type (p->hci_handle, temp_pkt_types))
1646     {
1647         return(BTM_NO_RESOURCES);
1648     }
1649 
1650     p->pkt_types_mask = temp_pkt_types;
1651 
1652     return(BTM_CMD_STARTED);
1653 }
1654 
1655 /*******************************************************************************
1656 **
1657 ** Function         btm_get_max_packet_size
1658 **
1659 ** Returns          Returns maximum packet size that can be used for current
1660 **                  connection, 0 if connection is not established
1661 **
1662 *******************************************************************************/
btm_get_max_packet_size(BD_ADDR addr)1663 UINT16 btm_get_max_packet_size (BD_ADDR addr)
1664 {
1665     tACL_CONN   *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1666     UINT16      pkt_types = 0;
1667     UINT16      pkt_size = 0;
1668     BTM_TRACE_DEBUG ("btm_get_max_packet_size");
1669     if (p != NULL)
1670     {
1671         pkt_types = p->pkt_types_mask;
1672     }
1673     else
1674     {
1675         /* Special case for when info for the local device is requested */
1676         if (memcmp (controller_get_interface()->get_address(), addr, BD_ADDR_LEN) == 0)
1677         {
1678             pkt_types = btm_cb.btm_acl_pkt_types_supported;
1679         }
1680     }
1681 
1682     if (pkt_types)
1683     {
1684         if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5))
1685             pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
1686         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5))
1687             pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
1688         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3))
1689             pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
1690         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5)
1691             pkt_size = HCI_DH5_PACKET_SIZE;
1692         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3))
1693             pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
1694         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5)
1695             pkt_size = HCI_DM5_PACKET_SIZE;
1696         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3)
1697             pkt_size = HCI_DH3_PACKET_SIZE;
1698         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3)
1699             pkt_size = HCI_DM3_PACKET_SIZE;
1700         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1))
1701             pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
1702         else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1))
1703             pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
1704         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1)
1705             pkt_size = HCI_DH1_PACKET_SIZE;
1706         else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1)
1707             pkt_size = HCI_DM1_PACKET_SIZE;
1708     }
1709 
1710    return(pkt_size);
1711 }
1712 
1713 /*******************************************************************************
1714 **
1715 ** Function         BTM_ReadRemoteVersion
1716 **
1717 ** Returns          If connected report peer device info
1718 **
1719 *******************************************************************************/
BTM_ReadRemoteVersion(BD_ADDR addr,UINT8 * lmp_version,UINT16 * manufacturer,UINT16 * lmp_sub_version)1720 tBTM_STATUS BTM_ReadRemoteVersion (BD_ADDR addr, UINT8 *lmp_version,
1721                                    UINT16 *manufacturer, UINT16 *lmp_sub_version)
1722 {
1723     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1724     BTM_TRACE_DEBUG ("BTM_ReadRemoteVersion");
1725     if (p == NULL)
1726         return(BTM_UNKNOWN_ADDR);
1727 
1728     if (lmp_version)
1729         *lmp_version = p->lmp_version;
1730 
1731     if (manufacturer)
1732         *manufacturer = p->manufacturer;
1733 
1734     if (lmp_sub_version)
1735         *lmp_sub_version = p->lmp_subversion;
1736 
1737     return(BTM_SUCCESS);
1738 }
1739 
1740 /*******************************************************************************
1741 **
1742 ** Function         BTM_ReadRemoteFeatures
1743 **
1744 ** Returns          pointer to the remote supported features mask (8 bytes)
1745 **
1746 *******************************************************************************/
BTM_ReadRemoteFeatures(BD_ADDR addr)1747 UINT8 *BTM_ReadRemoteFeatures (BD_ADDR addr)
1748 {
1749     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1750     BTM_TRACE_DEBUG ("BTM_ReadRemoteFeatures");
1751     if (p == NULL)
1752     {
1753         return(NULL);
1754     }
1755 
1756     return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
1757 }
1758 
1759 /*******************************************************************************
1760 **
1761 ** Function         BTM_ReadRemoteExtendedFeatures
1762 **
1763 ** Returns          pointer to the remote extended features mask (8 bytes)
1764 **                  or NULL if bad page
1765 **
1766 *******************************************************************************/
BTM_ReadRemoteExtendedFeatures(BD_ADDR addr,UINT8 page_number)1767 UINT8 *BTM_ReadRemoteExtendedFeatures (BD_ADDR addr, UINT8 page_number)
1768 {
1769     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1770     BTM_TRACE_DEBUG ("BTM_ReadRemoteExtendedFeatures");
1771     if (p == NULL)
1772     {
1773         return(NULL);
1774     }
1775 
1776     if (page_number > HCI_EXT_FEATURES_PAGE_MAX)
1777     {
1778         BTM_TRACE_ERROR("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown", page_number);
1779         return NULL;
1780     }
1781 
1782     return(p->peer_lmp_features[page_number]);
1783 }
1784 
1785 /*******************************************************************************
1786 **
1787 ** Function         BTM_ReadNumberRemoteFeaturesPages
1788 **
1789 ** Returns          number of features pages read from the remote device.
1790 **
1791 *******************************************************************************/
BTM_ReadNumberRemoteFeaturesPages(BD_ADDR addr)1792 UINT8 BTM_ReadNumberRemoteFeaturesPages (BD_ADDR addr)
1793 {
1794     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1795     BTM_TRACE_DEBUG ("BTM_ReadNumberRemoteFeaturesPages");
1796     if (p == NULL)
1797     {
1798         return(0);
1799     }
1800 
1801     return(p->num_read_pages);
1802 }
1803 
1804 /*******************************************************************************
1805 **
1806 ** Function         BTM_ReadAllRemoteFeatures
1807 **
1808 ** Returns          pointer to all features of the remote (24 bytes).
1809 **
1810 *******************************************************************************/
BTM_ReadAllRemoteFeatures(BD_ADDR addr)1811 UINT8 *BTM_ReadAllRemoteFeatures (BD_ADDR addr)
1812 {
1813     tACL_CONN        *p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1814     BTM_TRACE_DEBUG ("BTM_ReadAllRemoteFeatures");
1815     if (p == NULL)
1816     {
1817         return(NULL);
1818     }
1819 
1820     return(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]);
1821 }
1822 
1823 /*******************************************************************************
1824 **
1825 ** Function         BTM_RegBusyLevelNotif
1826 **
1827 ** Description      This function is called to register a callback to receive
1828 **                  busy level change events.
1829 **
1830 ** Returns          BTM_SUCCESS if successfully registered, otherwise error
1831 **
1832 *******************************************************************************/
BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB * p_cb,UINT8 * p_level,tBTM_BL_EVENT_MASK evt_mask)1833 tBTM_STATUS BTM_RegBusyLevelNotif (tBTM_BL_CHANGE_CB *p_cb, UINT8 *p_level,
1834                                    tBTM_BL_EVENT_MASK evt_mask)
1835 {
1836     BTM_TRACE_DEBUG ("BTM_RegBusyLevelNotif");
1837     if (p_level)
1838         *p_level = btm_cb.busy_level;
1839 
1840     btm_cb.bl_evt_mask = evt_mask;
1841 
1842     if (!p_cb)
1843         btm_cb.p_bl_changed_cb = NULL;
1844     else if (btm_cb.p_bl_changed_cb)
1845         return(BTM_BUSY);
1846     else
1847         btm_cb.p_bl_changed_cb = p_cb;
1848 
1849     return(BTM_SUCCESS);
1850 }
1851 
1852 /*******************************************************************************
1853 **
1854 ** Function         BTM_SetQoS
1855 **
1856 ** Description      This function is called to setup QoS
1857 **
1858 ** Returns          status of the operation
1859 **
1860 *******************************************************************************/
BTM_SetQoS(BD_ADDR bd,FLOW_SPEC * p_flow,tBTM_CMPL_CB * p_cb)1861 tBTM_STATUS BTM_SetQoS (BD_ADDR bd, FLOW_SPEC *p_flow, tBTM_CMPL_CB *p_cb)
1862 {
1863     tACL_CONN   *p = &btm_cb.acl_db[0];
1864 
1865     BTM_TRACE_API ("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x",
1866                     bd[0], bd[1], bd[2],
1867                     bd[3], bd[4], bd[5]);
1868 
1869     /* If someone already waiting on the version, do not allow another */
1870     if (btm_cb.devcb.p_qossu_cmpl_cb)
1871         return(BTM_BUSY);
1872 
1873     if ( (p = btm_bda_to_acl(bd, BT_TRANSPORT_BR_EDR)) != NULL)
1874     {
1875         btu_start_timer (&btm_cb.devcb.qossu_timer, BTU_TTYPE_BTM_ACL, BTM_DEV_REPLY_TIMEOUT);
1876         btm_cb.devcb.p_qossu_cmpl_cb = p_cb;
1877 
1878         if (!btsnd_hcic_qos_setup (p->hci_handle, p_flow->qos_flags, p_flow->service_type,
1879                                    p_flow->token_rate, p_flow->peak_bandwidth,
1880                                    p_flow->latency,p_flow->delay_variation))
1881         {
1882             btm_cb.devcb.p_qossu_cmpl_cb = NULL;
1883             btu_stop_timer(&btm_cb.devcb.qossu_timer);
1884             return(BTM_NO_RESOURCES);
1885         }
1886         else
1887             return(BTM_CMD_STARTED);
1888     }
1889 
1890     /* If here, no BD Addr found */
1891     return(BTM_UNKNOWN_ADDR);
1892 }
1893 
1894 /*******************************************************************************
1895 **
1896 ** Function         btm_qos_setup_complete
1897 **
1898 ** Description      This function is called when the command complete message
1899 **                  is received from the HCI for the qos setup request.
1900 **
1901 ** Returns          void
1902 **
1903 *******************************************************************************/
btm_qos_setup_complete(UINT8 status,UINT16 handle,FLOW_SPEC * p_flow)1904 void btm_qos_setup_complete (UINT8 status, UINT16 handle, FLOW_SPEC *p_flow)
1905 {
1906     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_qossu_cmpl_cb;
1907     tBTM_QOS_SETUP_CMPL     qossu;
1908     BTM_TRACE_DEBUG ("btm_qos_setup_complete");
1909     btu_stop_timer (&btm_cb.devcb.qossu_timer);
1910 
1911     btm_cb.devcb.p_qossu_cmpl_cb = NULL;
1912 
1913     if (p_cb)
1914     {
1915         memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL));
1916         qossu.status = status;
1917         qossu.handle = handle;
1918         if (p_flow != NULL)
1919         {
1920             qossu.flow.qos_flags = p_flow->qos_flags;
1921             qossu.flow.service_type = p_flow->service_type;
1922             qossu.flow.token_rate = p_flow->token_rate;
1923             qossu.flow.peak_bandwidth = p_flow->peak_bandwidth;
1924             qossu.flow.latency = p_flow->latency;
1925             qossu.flow.delay_variation = p_flow->delay_variation;
1926         }
1927         BTM_TRACE_DEBUG ("BTM: p_flow->delay_variation: 0x%02x",
1928                           qossu.flow.delay_variation);
1929         (*p_cb)(&qossu);
1930     }
1931 }
1932 
1933 
1934 /*******************************************************************************
1935 **
1936 ** Function         BTM_ReadRSSI
1937 **
1938 ** Description      This function is called to read the link policy settings.
1939 **                  The address of link policy results are returned in the callback.
1940 **                  (tBTM_RSSI_RESULTS)
1941 **
1942 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
1943 **
1944 *******************************************************************************/
BTM_ReadRSSI(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)1945 tBTM_STATUS BTM_ReadRSSI (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
1946 {
1947     tACL_CONN   *p;
1948     tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1949 #if BLE_INCLUDED == TRUE
1950     tBT_DEVICE_TYPE dev_type;
1951     tBLE_ADDR_TYPE  addr_type;
1952 #endif
1953     BTM_TRACE_API ("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1954                     remote_bda[0], remote_bda[1], remote_bda[2],
1955                     remote_bda[3], remote_bda[4], remote_bda[5]);
1956 
1957     /* If someone already waiting on the version, do not allow another */
1958     if (btm_cb.devcb.p_rssi_cmpl_cb)
1959         return(BTM_BUSY);
1960 
1961 #if BLE_INCLUDED == TRUE
1962     BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1963     if (dev_type == BT_DEVICE_TYPE_BLE)
1964         transport = BT_TRANSPORT_LE;
1965 #endif
1966 
1967     p = btm_bda_to_acl(remote_bda, transport);
1968     if (p != (tACL_CONN *)NULL)
1969     {
1970         btu_start_timer (&btm_cb.devcb.rssi_timer, BTU_TTYPE_BTM_ACL,
1971                          BTM_DEV_REPLY_TIMEOUT);
1972 
1973         btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
1974 
1975         if (!btsnd_hcic_read_rssi (p->hci_handle))
1976         {
1977             btm_cb.devcb.p_rssi_cmpl_cb = NULL;
1978             btu_stop_timer (&btm_cb.devcb.rssi_timer);
1979             return(BTM_NO_RESOURCES);
1980         }
1981         else
1982             return(BTM_CMD_STARTED);
1983     }
1984 
1985     /* If here, no BD Addr found */
1986     return(BTM_UNKNOWN_ADDR);
1987 }
1988 
1989 /*******************************************************************************
1990 **
1991 ** Function         BTM_ReadLinkQuality
1992 **
1993 ** Description      This function is called to read the link qulaity.
1994 **                  The value of the link quality is returned in the callback.
1995 **                  (tBTM_LINK_QUALITY_RESULTS)
1996 **
1997 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
1998 **
1999 *******************************************************************************/
BTM_ReadLinkQuality(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)2000 tBTM_STATUS BTM_ReadLinkQuality (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb)
2001 {
2002     tACL_CONN   *p;
2003 
2004     BTM_TRACE_API ("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2005                     remote_bda[0], remote_bda[1], remote_bda[2],
2006                     remote_bda[3], remote_bda[4], remote_bda[5]);
2007 
2008     /* If someone already waiting on the version, do not allow another */
2009     if (btm_cb.devcb.p_lnk_qual_cmpl_cb)
2010         return(BTM_BUSY);
2011 
2012     p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
2013     if (p != (tACL_CONN *)NULL)
2014     {
2015         btu_start_timer (&btm_cb.devcb.lnk_quality_timer, BTU_TTYPE_BTM_ACL,
2016                          BTM_DEV_REPLY_TIMEOUT);
2017         btm_cb.devcb.p_lnk_qual_cmpl_cb = p_cb;
2018 
2019         if (!btsnd_hcic_get_link_quality (p->hci_handle))
2020         {
2021             btu_stop_timer (&btm_cb.devcb.lnk_quality_timer);
2022             btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL;
2023             return(BTM_NO_RESOURCES);
2024         }
2025         else
2026             return(BTM_CMD_STARTED);
2027     }
2028 
2029     /* If here, no BD Addr found */
2030     return(BTM_UNKNOWN_ADDR);
2031 }
2032 
2033 /*******************************************************************************
2034 **
2035 ** Function         BTM_ReadTxPower
2036 **
2037 ** Description      This function is called to read the current
2038 **                  TX power of the connection. The tx power level results
2039 **                  are returned in the callback.
2040 **                  (tBTM_RSSI_RESULTS)
2041 **
2042 ** Returns          BTM_CMD_STARTED if successfully initiated or error code
2043 **
2044 *******************************************************************************/
BTM_ReadTxPower(BD_ADDR remote_bda,tBT_TRANSPORT transport,tBTM_CMPL_CB * p_cb)2045 tBTM_STATUS BTM_ReadTxPower (BD_ADDR remote_bda, tBT_TRANSPORT transport, tBTM_CMPL_CB *p_cb)
2046 {
2047     tACL_CONN   *p;
2048     BOOLEAN     ret;
2049 #define BTM_READ_RSSI_TYPE_CUR  0x00
2050 #define BTM_READ_RSSI_TYPE_MAX  0X01
2051 
2052     BTM_TRACE_API ("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2053                     remote_bda[0], remote_bda[1], remote_bda[2],
2054                     remote_bda[3], remote_bda[4], remote_bda[5]);
2055 
2056     /* If someone already waiting on the version, do not allow another */
2057     if (btm_cb.devcb.p_tx_power_cmpl_cb)
2058         return(BTM_BUSY);
2059 
2060     p = btm_bda_to_acl(remote_bda, transport);
2061     if (p != (tACL_CONN *)NULL)
2062     {
2063         btu_start_timer (&btm_cb.devcb.tx_power_timer, BTU_TTYPE_BTM_ACL,
2064                          BTM_DEV_REPLY_TIMEOUT);
2065 
2066         btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
2067 
2068 #if BLE_INCLUDED == TRUE
2069         if (p->transport == BT_TRANSPORT_LE)
2070         {
2071             memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN);
2072             ret = btsnd_hcic_ble_read_adv_chnl_tx_power();
2073         }
2074         else
2075 #endif
2076         {
2077             ret = btsnd_hcic_read_tx_power (p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
2078         }
2079         if (!ret)
2080         {
2081             btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2082             btu_stop_timer (&btm_cb.devcb.tx_power_timer);
2083             return(BTM_NO_RESOURCES);
2084         }
2085         else
2086             return(BTM_CMD_STARTED);
2087     }
2088 
2089     /* If here, no BD Addr found */
2090     return (BTM_UNKNOWN_ADDR);
2091 }
2092 /*******************************************************************************
2093 **
2094 ** Function         btm_read_tx_power_complete
2095 **
2096 ** Description      This function is called when the command complete message
2097 **                  is received from the HCI for the read tx power request.
2098 **
2099 ** Returns          void
2100 **
2101 *******************************************************************************/
btm_read_tx_power_complete(UINT8 * p,BOOLEAN is_ble)2102 void btm_read_tx_power_complete (UINT8 *p, BOOLEAN is_ble)
2103 {
2104     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
2105     tBTM_TX_POWER_RESULTS   results;
2106     UINT16                   handle;
2107     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2108     UINT16                   index;
2109     BTM_TRACE_DEBUG ("btm_read_tx_power_complete");
2110     btu_stop_timer (&btm_cb.devcb.tx_power_timer);
2111 
2112     /* If there was a callback registered for read rssi, call it */
2113     btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
2114 
2115     if (p_cb)
2116     {
2117         STREAM_TO_UINT8  (results.hci_status, p);
2118 
2119         if (results.hci_status == HCI_SUCCESS)
2120         {
2121             results.status = BTM_SUCCESS;
2122 
2123             if (!is_ble)
2124             {
2125                 STREAM_TO_UINT16 (handle, p);
2126                 STREAM_TO_UINT8 (results.tx_power, p);
2127 
2128                 /* Search through the list of active channels for the correct BD Addr */
2129                 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2130                 {
2131                     if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2132                     {
2133                         memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2134                         break;
2135                     }
2136                 }
2137             }
2138 #if BLE_INCLUDED == TRUE
2139             else
2140             {
2141                 STREAM_TO_UINT8 (results.tx_power, p);
2142                 memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN);
2143             }
2144 #endif
2145             BTM_TRACE_DEBUG ("BTM TX power Complete: tx_power %d, hci status 0x%02x",
2146                                   results.tx_power, results.hci_status);
2147         }
2148         else
2149             results.status = BTM_ERR_PROCESSING;
2150 
2151         (*p_cb)(&results);
2152     }
2153 }
2154 
2155 /*******************************************************************************
2156 **
2157 ** Function         btm_read_rssi_complete
2158 **
2159 ** Description      This function is called when the command complete message
2160 **                  is received from the HCI for the read rssi request.
2161 **
2162 ** Returns          void
2163 **
2164 *******************************************************************************/
btm_read_rssi_complete(UINT8 * p)2165 void btm_read_rssi_complete (UINT8 *p)
2166 {
2167     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
2168     tBTM_RSSI_RESULTS        results;
2169     UINT16                   handle;
2170     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2171     UINT16                   index;
2172     BTM_TRACE_DEBUG ("btm_read_rssi_complete");
2173     btu_stop_timer (&btm_cb.devcb.rssi_timer);
2174 
2175     /* If there was a callback registered for read rssi, call it */
2176     btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2177 
2178     if (p_cb)
2179     {
2180         STREAM_TO_UINT8  (results.hci_status, p);
2181 
2182         if (results.hci_status == HCI_SUCCESS)
2183         {
2184             results.status = BTM_SUCCESS;
2185 
2186             STREAM_TO_UINT16 (handle, p);
2187 
2188             STREAM_TO_UINT8 (results.rssi, p);
2189             BTM_TRACE_DEBUG ("BTM RSSI Complete: rssi %d, hci status 0x%02x",
2190                               results.rssi, results.hci_status);
2191 
2192             /* Search through the list of active channels for the correct BD Addr */
2193             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2194             {
2195                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2196                 {
2197                     memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2198                     break;
2199                 }
2200             }
2201         }
2202         else
2203             results.status = BTM_ERR_PROCESSING;
2204 
2205         (*p_cb)(&results);
2206     }
2207 }
2208 
2209 /*******************************************************************************
2210 **
2211 ** Function         btm_read_link_quality_complete
2212 **
2213 ** Description      This function is called when the command complete message
2214 **                  is received from the HCI for the read link quality.
2215 **
2216 ** Returns          void
2217 **
2218 *******************************************************************************/
btm_read_link_quality_complete(UINT8 * p)2219 void btm_read_link_quality_complete (UINT8 *p)
2220 {
2221     tBTM_CMPL_CB            *p_cb = btm_cb.devcb.p_lnk_qual_cmpl_cb;
2222     tBTM_LINK_QUALITY_RESULTS results;
2223     UINT16                   handle;
2224     tACL_CONN               *p_acl_cb = &btm_cb.acl_db[0];
2225     UINT16                   index;
2226     BTM_TRACE_DEBUG ("btm_read_link_quality_complete");
2227     btu_stop_timer (&btm_cb.devcb.lnk_quality_timer);
2228 
2229     /* If there was a callback registered for read rssi, call it */
2230     btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL;
2231 
2232     if (p_cb)
2233     {
2234         STREAM_TO_UINT8  (results.hci_status, p);
2235 
2236         if (results.hci_status == HCI_SUCCESS)
2237         {
2238             results.status = BTM_SUCCESS;
2239 
2240             STREAM_TO_UINT16 (handle, p);
2241 
2242             STREAM_TO_UINT8 (results.link_quality, p);
2243             BTM_TRACE_DEBUG ("BTM Link Quality Complete: Link Quality %d, hci status 0x%02x",
2244                               results.link_quality, results.hci_status);
2245 
2246             /* Search through the list of active channels for the correct BD Addr */
2247             for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++)
2248             {
2249                 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle))
2250                 {
2251                     memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2252                     break;
2253                 }
2254             }
2255         }
2256         else
2257             results.status = BTM_ERR_PROCESSING;
2258 
2259         (*p_cb)(&results);
2260     }
2261 }
2262 
2263 /*******************************************************************************
2264 **
2265 ** Function         btm_remove_acl
2266 **
2267 ** Description      This function is called to disconnect an ACL connection
2268 **
2269 ** Returns          BTM_SUCCESS if successfully initiated, otherwise BTM_NO_RESOURCES.
2270 **
2271 *******************************************************************************/
btm_remove_acl(BD_ADDR bd_addr,tBT_TRANSPORT transport)2272 tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr, tBT_TRANSPORT transport)
2273 {
2274     UINT16  hci_handle = BTM_GetHCIConnHandle(bd_addr, transport);
2275     tBTM_STATUS status = BTM_SUCCESS;
2276 
2277     BTM_TRACE_DEBUG ("btm_remove_acl");
2278 #if BTM_DISC_DURING_RS == TRUE
2279     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
2280 
2281     /* Role Switch is pending, postpone until completed */
2282     if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING))
2283     {
2284         p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING;
2285     }
2286     else    /* otherwise can disconnect right away */
2287 #endif
2288     {
2289         if (hci_handle != 0xFFFF && p_dev_rec &&
2290              p_dev_rec->sec_state!= BTM_SEC_STATE_DISCONNECTING)
2291         {
2292             if (!btsnd_hcic_disconnect (hci_handle, HCI_ERR_PEER_USER))
2293                 status = BTM_NO_RESOURCES;
2294         }
2295         else
2296             status = BTM_UNKNOWN_ADDR;
2297     }
2298 
2299     return status;
2300 }
2301 
2302 
2303 /*******************************************************************************
2304 **
2305 ** Function         BTM_SetTraceLevel
2306 **
2307 ** Description      This function sets the trace level for BTM.  If called with
2308 **                  a value of 0xFF, it simply returns the current trace level.
2309 **
2310 ** Returns          The new or current trace level
2311 **
2312 *******************************************************************************/
BTM_SetTraceLevel(UINT8 new_level)2313 UINT8 BTM_SetTraceLevel (UINT8 new_level)
2314 {
2315     BTM_TRACE_DEBUG ("BTM_SetTraceLevel");
2316     if (new_level != 0xFF)
2317         btm_cb.trace_level = new_level;
2318 
2319     return(btm_cb.trace_level);
2320 }
2321 
2322 /*******************************************************************************
2323 **
2324 ** Function         btm_cont_rswitch
2325 **
2326 ** Description      This function is called to continue processing an active
2327 **                  role switch. It first disables encryption if enabled and
2328 **                  EPR is not supported
2329 **
2330 ** Returns          void
2331 **
2332 *******************************************************************************/
btm_cont_rswitch(tACL_CONN * p,tBTM_SEC_DEV_REC * p_dev_rec,UINT8 hci_status)2333 void btm_cont_rswitch (tACL_CONN *p, tBTM_SEC_DEV_REC *p_dev_rec,
2334                                      UINT8 hci_status)
2335 {
2336     BOOLEAN sw_ok = TRUE;
2337     BTM_TRACE_DEBUG ("btm_cont_rswitch");
2338     /* Check to see if encryption needs to be turned off if pending
2339        change of link key or role switch */
2340     if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2341     {
2342         /* Must turn off Encryption first if necessary */
2343         /* Some devices do not support switch or change of link key while encryption is on */
2344         if (p_dev_rec != NULL && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0)
2345             && !BTM_EPR_AVAILABLE(p))
2346         {
2347             if (btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE))
2348             {
2349                 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
2350                 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2351                     p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
2352             }
2353             else
2354             {
2355                 /* Error occurred; set states back to Idle */
2356                 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2357                     sw_ok = FALSE;
2358             }
2359         }
2360         else    /* Encryption not used or EPR supported, continue with switch
2361                    and/or change of link key */
2362         {
2363             if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2364             {
2365                 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
2366 #if BTM_DISC_DURING_RS == TRUE
2367                 if (p_dev_rec)
2368                     p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
2369 #endif
2370                 sw_ok = btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role);
2371             }
2372         }
2373 
2374         if (!sw_ok)
2375         {
2376             p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
2377             btm_acl_report_role_change(hci_status, p->remote_addr);
2378         }
2379     }
2380 }
2381 
2382 /*******************************************************************************
2383 **
2384 ** Function         btm_acl_resubmit_page
2385 **
2386 ** Description      send pending page request
2387 **
2388 *******************************************************************************/
btm_acl_resubmit_page(void)2389 void btm_acl_resubmit_page (void)
2390 {
2391     tBTM_SEC_DEV_REC *p_dev_rec;
2392     BT_HDR  *p_buf;
2393     UINT8   *pp;
2394     BD_ADDR bda;
2395     BTM_TRACE_DEBUG ("btm_acl_resubmit_page");
2396     /* If there were other page request schedule can start the next one */
2397     if ((p_buf = (BT_HDR *)GKI_dequeue (&btm_cb.page_queue)) != NULL)
2398     {
2399         /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
2400          * for both create_conn and rmt_name */
2401         pp = (UINT8 *)(p_buf + 1) + p_buf->offset + 3;
2402 
2403         STREAM_TO_BDADDR (bda, pp);
2404 
2405         p_dev_rec = btm_find_or_alloc_dev (bda);
2406 
2407         memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr,   BD_ADDR_LEN);
2408         memcpy (btm_cb.connecting_dc,  p_dev_rec->dev_class, DEV_CLASS_LEN);
2409 
2410         btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
2411     }
2412     else
2413         btm_cb.paging = FALSE;
2414 }
2415 
2416 /*******************************************************************************
2417 **
2418 ** Function         btm_acl_reset_paging
2419 **
2420 ** Description      set paging to FALSE and free the page queue - called at hci_reset
2421 **
2422 *******************************************************************************/
btm_acl_reset_paging(void)2423 void  btm_acl_reset_paging (void)
2424 {
2425     BT_HDR *p;
2426     BTM_TRACE_DEBUG ("btm_acl_reset_paging");
2427     /* If we sent reset we are definitely not paging any more */
2428     while ((p = (BT_HDR *)GKI_dequeue(&btm_cb.page_queue)) != NULL)
2429         GKI_freebuf (p);
2430 
2431     btm_cb.paging = FALSE;
2432 }
2433 
2434 /*******************************************************************************
2435 **
2436 ** Function         btm_acl_paging
2437 **
2438 ** Description      send a paging command or queue it in btm_cb
2439 **
2440 *******************************************************************************/
btm_acl_paging(BT_HDR * p,BD_ADDR bda)2441 void  btm_acl_paging (BT_HDR *p, BD_ADDR bda)
2442 {
2443     tBTM_SEC_DEV_REC *p_dev_rec;
2444 
2445     BTM_TRACE_DEBUG ("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x",
2446                       btm_cb.discing, btm_cb.paging,
2447                       (bda[0]<<16) + (bda[1]<<8) + bda[2], (bda[3]<<16) + (bda[4] << 8) + bda[5]);
2448     if (btm_cb.discing)
2449     {
2450         btm_cb.paging = TRUE;
2451         GKI_enqueue (&btm_cb.page_queue, p);
2452     }
2453     else
2454     {
2455         if (!BTM_ACL_IS_CONNECTED (bda))
2456         {
2457             BTM_TRACE_DEBUG ("connecting_bda: %06x%06x",
2458                               (btm_cb.connecting_bda[0]<<16) + (btm_cb.connecting_bda[1]<<8) +
2459                                btm_cb.connecting_bda[2],
2460                               (btm_cb.connecting_bda[3]<<16) + (btm_cb.connecting_bda[4] << 8) +
2461                                btm_cb.connecting_bda[5]);
2462             if (btm_cb.paging &&
2463                 memcmp (bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0)
2464             {
2465                 GKI_enqueue (&btm_cb.page_queue, p);
2466             }
2467             else
2468             {
2469                 p_dev_rec = btm_find_or_alloc_dev (bda);
2470                 memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr,   BD_ADDR_LEN);
2471                 memcpy (btm_cb.connecting_dc,  p_dev_rec->dev_class, DEV_CLASS_LEN);
2472 
2473                 btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
2474             }
2475 
2476             btm_cb.paging = TRUE;
2477         }
2478         else /* ACL is already up */
2479         {
2480             btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p);
2481         }
2482     }
2483 }
2484 
2485 /*******************************************************************************
2486 **
2487 ** Function         btm_acl_notif_conn_collision
2488 **
2489 ** Description      Send connection collision event to upper layer if registered
2490 **
2491 ** Returns          TRUE if sent out to upper layer,
2492 **                  FALSE if no one needs the notification.
2493 **
2494 *******************************************************************************/
btm_acl_notif_conn_collision(BD_ADDR bda)2495 BOOLEAN  btm_acl_notif_conn_collision (BD_ADDR bda)
2496 {
2497     tBTM_BL_EVENT_DATA  evt_data;
2498 
2499     /* Report possible collision to the upper layer. */
2500     if (btm_cb.p_bl_changed_cb)
2501     {
2502         BTM_TRACE_DEBUG ("btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2503                           bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
2504 
2505         evt_data.event = BTM_BL_COLLISION_EVT;
2506         evt_data.conn.p_bda = bda;
2507 
2508 #if BLE_INCLUDED == TRUE
2509         evt_data.conn.transport = BT_TRANSPORT_BR_EDR;
2510         evt_data.conn.handle = BTM_INVALID_HCI_HANDLE;
2511 #endif
2512         (*btm_cb.p_bl_changed_cb)(&evt_data);
2513         return TRUE;
2514     }
2515     else
2516         return FALSE;
2517 }
2518 
2519 
2520 /*******************************************************************************
2521 **
2522 ** Function         btm_acl_chk_peer_pkt_type_support
2523 **
2524 ** Description      Check if peer supports requested packets
2525 **
2526 *******************************************************************************/
btm_acl_chk_peer_pkt_type_support(tACL_CONN * p,UINT16 * p_pkt_type)2527 void btm_acl_chk_peer_pkt_type_support (tACL_CONN *p, UINT16 *p_pkt_type)
2528 {
2529     /* 3 and 5 slot packets? */
2530     if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2531         *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 +BTM_ACL_PKT_TYPES_MASK_DM3);
2532 
2533     if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2534         *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5);
2535 
2536     /* 2 and 3 MPS support? */
2537     if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2538         /* Not supported. Add 'not_supported' mask for all 2MPS packet types */
2539         *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 +
2540                             BTM_ACL_PKT_TYPES_MASK_NO_2_DH5);
2541 
2542     if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2543         /* Not supported. Add 'not_supported' mask for all 3MPS packet types */
2544         *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 +
2545                             BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2546 
2547     /* EDR 3 and 5 slot support? */
2548     if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0])
2549      || HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2550     {
2551         if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2552             /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types */
2553             *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3);
2554 
2555         if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0]))
2556             /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types */
2557             *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2558     }
2559 }
2560