1 /******************************************************************************
2 *
3 * Copyright (C) 2000-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /*****************************************************************************
20 *
21 * Name: btm_acl.cc
22 *
23 * Description: This file contains functions that handle ACL connections.
24 * This includes operations such as hold and sniff modes,
25 * supported packet types.
26 *
27 * This module contains both internal and external (API)
28 * functions. External (API) functions are distinguishable
29 * by their names beginning with uppercase BTM.
30 *
31 *
32 *****************************************************************************/
33
34 #include <stddef.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38
39 #include "bt_common.h"
40 #include "bt_target.h"
41 #include "bt_types.h"
42 #include "bt_utils.h"
43 #include "btm_api.h"
44 #include "btm_int.h"
45 #include "btu.h"
46 #include "device/include/controller.h"
47 #include "hcidefs.h"
48 #include "hcimsgs.h"
49 #include "l2c_int.h"
50 #include "osi/include/osi.h"
51
52 extern fixed_queue_t* btu_general_alarm_queue;
53
54 static void btm_read_remote_features(uint16_t handle);
55 static void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number);
56 static void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
57 uint8_t num_read_pages);
58
59 /* 3 seconds timeout waiting for responses */
60 #define BTM_DEV_REPLY_TIMEOUT_MS (3 * 1000)
61
62 /*******************************************************************************
63 *
64 * Function btm_acl_init
65 *
66 * Description This function is called at BTM startup to initialize
67 *
68 * Returns void
69 *
70 ******************************************************************************/
btm_acl_init(void)71 void btm_acl_init(void) {
72 BTM_TRACE_DEBUG("btm_acl_init");
73 /* Initialize nonzero defaults */
74 btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT;
75 btm_cb.acl_disc_reason = 0xff;
76 }
77
78 /*******************************************************************************
79 *
80 * Function btm_bda_to_acl
81 *
82 * Description This function returns the FIRST acl_db entry for the passed
83 * BDA.
84 *
85 * Parameters bda : BD address of the remote device
86 * transport : Physical transport used for ACL connection
87 * (BR/EDR or LE)
88 *
89 * Returns Returns pointer to the ACL DB for the requested BDA if found.
90 * NULL if not found.
91 *
92 ******************************************************************************/
btm_bda_to_acl(const BD_ADDR bda,tBT_TRANSPORT transport)93 tACL_CONN* btm_bda_to_acl(const BD_ADDR bda, tBT_TRANSPORT transport) {
94 tACL_CONN* p = &btm_cb.acl_db[0];
95 uint16_t xx;
96 if (bda) {
97 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
98 if ((p->in_use) && (!memcmp(p->remote_addr, bda, BD_ADDR_LEN)) &&
99 p->transport == transport) {
100 BTM_TRACE_DEBUG("btm_bda_to_acl found");
101 return (p);
102 }
103 }
104 }
105
106 /* If here, no BD Addr found */
107 return ((tACL_CONN*)NULL);
108 }
109
110 /*******************************************************************************
111 *
112 * Function btm_handle_to_acl_index
113 *
114 * Description This function returns the FIRST acl_db entry for the passed
115 * hci_handle.
116 *
117 * Returns index to the acl_db or MAX_L2CAP_LINKS.
118 *
119 ******************************************************************************/
btm_handle_to_acl_index(uint16_t hci_handle)120 uint8_t btm_handle_to_acl_index(uint16_t hci_handle) {
121 tACL_CONN* p = &btm_cb.acl_db[0];
122 uint8_t xx;
123 BTM_TRACE_DEBUG("btm_handle_to_acl_index");
124 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
125 if ((p->in_use) && (p->hci_handle == hci_handle)) {
126 break;
127 }
128 }
129
130 /* If here, no BD Addr found */
131 return (xx);
132 }
133
134 #if (BLE_PRIVACY_SPT == TRUE)
135 /*******************************************************************************
136 *
137 * Function btm_ble_get_acl_remote_addr
138 *
139 * Description This function reads the active remote address used for the
140 * connection.
141 *
142 * Returns success return true, otherwise false.
143 *
144 ******************************************************************************/
btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC * p_dev_rec,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)145 bool btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC* p_dev_rec, BD_ADDR conn_addr,
146 tBLE_ADDR_TYPE* p_addr_type) {
147 bool st = true;
148
149 if (p_dev_rec == NULL) {
150 BTM_TRACE_ERROR(
151 "btm_ble_get_acl_remote_addr can not find device with matching "
152 "address");
153 return false;
154 }
155
156 switch (p_dev_rec->ble.active_addr_type) {
157 case BTM_BLE_ADDR_PSEUDO:
158 memcpy(conn_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
159 *p_addr_type = p_dev_rec->ble.ble_addr_type;
160 break;
161
162 case BTM_BLE_ADDR_RRA:
163 memcpy(conn_addr, p_dev_rec->ble.cur_rand_addr, BD_ADDR_LEN);
164 *p_addr_type = BLE_ADDR_RANDOM;
165 break;
166
167 case BTM_BLE_ADDR_STATIC:
168 memcpy(conn_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
169 *p_addr_type = p_dev_rec->ble.static_addr_type;
170 break;
171
172 default:
173 BTM_TRACE_ERROR("Unknown active address: %d",
174 p_dev_rec->ble.active_addr_type);
175 st = false;
176 break;
177 }
178
179 return st;
180 }
181 #endif
182 /*******************************************************************************
183 *
184 * Function btm_acl_created
185 *
186 * Description This function is called by L2CAP when an ACL connection
187 * is created.
188 *
189 * Returns void
190 *
191 ******************************************************************************/
btm_acl_created(BD_ADDR bda,DEV_CLASS dc,BD_NAME bdn,uint16_t hci_handle,uint8_t link_role,tBT_TRANSPORT transport)192 void btm_acl_created(BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
193 uint16_t hci_handle, uint8_t link_role,
194 tBT_TRANSPORT transport) {
195 tBTM_SEC_DEV_REC* p_dev_rec = NULL;
196 tACL_CONN* p;
197 uint8_t xx;
198
199 BTM_TRACE_DEBUG("btm_acl_created hci_handle=%d link_role=%d transport=%d",
200 hci_handle, link_role, transport);
201 /* Ensure we don't have duplicates */
202 p = btm_bda_to_acl(bda, transport);
203 if (p != (tACL_CONN*)NULL) {
204 p->hci_handle = hci_handle;
205 p->link_role = link_role;
206 p->transport = transport;
207 BTM_TRACE_DEBUG(
208 "Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x",
209 bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
210 BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy);
211 return;
212 }
213
214 /* Allocate acl_db entry */
215 for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++) {
216 if (!p->in_use) {
217 p->in_use = true;
218 p->hci_handle = hci_handle;
219 p->link_role = link_role;
220 p->link_up_issued = false;
221 memcpy(p->remote_addr, bda, BD_ADDR_LEN);
222
223 p->transport = transport;
224 #if (BLE_PRIVACY_SPT == TRUE)
225 if (transport == BT_TRANSPORT_LE)
226 btm_ble_refresh_local_resolvable_private_addr(
227 bda, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
228 #else
229 p->conn_addr_type = BLE_ADDR_PUBLIC;
230 memcpy(p->conn_addr, &controller_get_interface()->get_address()->address,
231 BD_ADDR_LEN);
232
233 #endif
234 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
235
236 btm_pm_sm_alloc(xx);
237
238 if (dc) memcpy(p->remote_dc, dc, DEV_CLASS_LEN);
239
240 if (bdn) memcpy(p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN);
241
242 /* if BR/EDR do something more */
243 if (transport == BT_TRANSPORT_BR_EDR) {
244 btsnd_hcic_read_rmt_clk_offset(p->hci_handle);
245 btsnd_hcic_rmt_ver_req(p->hci_handle);
246 }
247 p_dev_rec = btm_find_dev_by_handle(hci_handle);
248
249 if (p_dev_rec) {
250 BTM_TRACE_DEBUG("device_type=0x%x", p_dev_rec->device_type);
251 }
252
253 if (p_dev_rec && !(transport == BT_TRANSPORT_LE)) {
254 /* If remote features already known, copy them and continue connection
255 * setup */
256 if ((p_dev_rec->num_read_pages) &&
257 (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1))) {
258 memcpy(p->peer_lmp_feature_pages, p_dev_rec->feature_pages,
259 (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages));
260 p->num_read_pages = p_dev_rec->num_read_pages;
261
262 const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
263
264 /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
265 btm_sec_set_peer_sec_caps(p, p_dev_rec);
266
267 BTM_TRACE_API("%s: pend:%d", __func__, req_pend);
268 if (req_pend) {
269 /* Request for remaining Security Features (if any) */
270 l2cu_resubmit_pending_sec_req(p_dev_rec->bd_addr);
271 }
272 btm_establish_continue(p);
273 return;
274 }
275 }
276
277 /* If here, features are not known yet */
278 if (p_dev_rec && transport == BT_TRANSPORT_LE) {
279 #if (BLE_PRIVACY_SPT == TRUE)
280 btm_ble_get_acl_remote_addr(p_dev_rec, p->active_remote_addr,
281 &p->active_remote_addr_type);
282 #endif
283
284 if (HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(
285 controller_get_interface()->get_features_ble()->as_array) ||
286 link_role == HCI_ROLE_MASTER) {
287 btsnd_hcic_ble_read_remote_feat(p->hci_handle);
288 } else {
289 btm_establish_continue(p);
290 }
291 } else {
292 btm_read_remote_features(p->hci_handle);
293 }
294
295 /* read page 1 - on rmt feature event for buffer reasons */
296 return;
297 }
298 }
299 }
300
btm_acl_update_conn_addr(uint8_t conn_handle,BD_ADDR address)301 void btm_acl_update_conn_addr(uint8_t conn_handle, BD_ADDR address) {
302 uint8_t idx = btm_handle_to_acl_index(conn_handle);
303 if (idx != MAX_L2CAP_LINKS) {
304 memcpy(btm_cb.acl_db[idx].conn_addr, address, BD_ADDR_LEN);
305 }
306 }
307
308 /*******************************************************************************
309 *
310 * Function btm_acl_report_role_change
311 *
312 * Description This function is called when the local device is deemed
313 * to be down. It notifies L2CAP of the failure.
314 *
315 * Returns void
316 *
317 ******************************************************************************/
btm_acl_report_role_change(uint8_t hci_status,BD_ADDR bda)318 void btm_acl_report_role_change(uint8_t hci_status, BD_ADDR bda) {
319 tBTM_ROLE_SWITCH_CMPL ref_data;
320 BTM_TRACE_DEBUG("btm_acl_report_role_change");
321 if (btm_cb.devcb.p_switch_role_cb &&
322 (bda && (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr,
323 bda, BD_ADDR_LEN)))) {
324 memcpy(&ref_data, &btm_cb.devcb.switch_role_ref_data,
325 sizeof(tBTM_ROLE_SWITCH_CMPL));
326 ref_data.hci_status = hci_status;
327 (*btm_cb.devcb.p_switch_role_cb)(&ref_data);
328 memset(&btm_cb.devcb.switch_role_ref_data, 0,
329 sizeof(tBTM_ROLE_SWITCH_CMPL));
330 btm_cb.devcb.p_switch_role_cb = NULL;
331 }
332 }
333
334 /*******************************************************************************
335 *
336 * Function btm_acl_removed
337 *
338 * Description This function is called by L2CAP when an ACL connection
339 * is removed. Since only L2CAP creates ACL links, we use
340 * the L2CAP link index as our index into the control blocks.
341 *
342 * Returns void
343 *
344 ******************************************************************************/
btm_acl_removed(BD_ADDR bda,tBT_TRANSPORT transport)345 void btm_acl_removed(BD_ADDR bda, tBT_TRANSPORT transport) {
346 tACL_CONN* p;
347 tBTM_BL_EVENT_DATA evt_data;
348 tBTM_SEC_DEV_REC* p_dev_rec = NULL;
349 BTM_TRACE_DEBUG("btm_acl_removed");
350 p = btm_bda_to_acl(bda, transport);
351 if (p != (tACL_CONN*)NULL) {
352 p->in_use = false;
353
354 /* if the disconnected channel has a pending role switch, clear it now */
355 btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda);
356
357 /* Only notify if link up has had a chance to be issued */
358 if (p->link_up_issued) {
359 p->link_up_issued = false;
360
361 /* If anyone cares, tell him database changed */
362 if (btm_cb.p_bl_changed_cb) {
363 evt_data.event = BTM_BL_DISCN_EVT;
364 evt_data.discn.p_bda = bda;
365 evt_data.discn.handle = p->hci_handle;
366 evt_data.discn.transport = p->transport;
367 (*btm_cb.p_bl_changed_cb)(&evt_data);
368 }
369
370 btm_acl_update_busy_level(BTM_BLI_ACL_DOWN_EVT);
371 }
372
373 BTM_TRACE_DEBUG(
374 "acl hci_handle=%d transport=%d connectable_mode=0x%0x link_role=%d",
375 p->hci_handle, p->transport, btm_cb.ble_ctr_cb.inq_var.connectable_mode,
376 p->link_role);
377
378 p_dev_rec = btm_find_dev(bda);
379 if (p_dev_rec) {
380 BTM_TRACE_DEBUG("before update p_dev_rec->sec_flags=0x%x",
381 p_dev_rec->sec_flags);
382 if (p->transport == BT_TRANSPORT_LE) {
383 BTM_TRACE_DEBUG("LE link down");
384 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
385 if ((p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_KNOWN) == 0) {
386 BTM_TRACE_DEBUG("Not Bonded");
387 p_dev_rec->sec_flags &=
388 ~(BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_LE_AUTHENTICATED);
389 } else {
390 BTM_TRACE_DEBUG("Bonded");
391 }
392 } else {
393 BTM_TRACE_DEBUG("Bletooth link down");
394 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED |
395 BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
396 }
397 BTM_TRACE_DEBUG("after update p_dev_rec->sec_flags=0x%x",
398 p_dev_rec->sec_flags);
399 } else {
400 BTM_TRACE_ERROR("Device not found");
401 }
402
403 /* Clear the ACL connection data */
404 memset(p, 0, sizeof(tACL_CONN));
405 }
406 }
407
408 /*******************************************************************************
409 *
410 * Function btm_acl_device_down
411 *
412 * Description This function is called when the local device is deemed
413 * to be down. It notifies L2CAP of the failure.
414 *
415 * Returns void
416 *
417 ******************************************************************************/
btm_acl_device_down(void)418 void btm_acl_device_down(void) {
419 tACL_CONN* p = &btm_cb.acl_db[0];
420 uint16_t xx;
421 BTM_TRACE_DEBUG("btm_acl_device_down");
422 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
423 if (p->in_use) {
424 BTM_TRACE_DEBUG("hci_handle=%d HCI_ERR_HW_FAILURE ", p->hci_handle);
425 l2c_link_hci_disc_comp(p->hci_handle, HCI_ERR_HW_FAILURE);
426 }
427 }
428 }
429
430 /*******************************************************************************
431 *
432 * Function btm_acl_update_busy_level
433 *
434 * Description This function is called to update the busy level of the
435 * system.
436 *
437 * Returns void
438 *
439 ******************************************************************************/
btm_acl_update_busy_level(tBTM_BLI_EVENT event)440 void btm_acl_update_busy_level(tBTM_BLI_EVENT event) {
441 bool old_inquiry_state = btm_cb.is_inquiry;
442 tBTM_BL_UPDATE_DATA evt;
443 evt.busy_level_flags = 0;
444 switch (event) {
445 case BTM_BLI_ACL_UP_EVT:
446 BTM_TRACE_DEBUG("BTM_BLI_ACL_UP_EVT");
447 break;
448 case BTM_BLI_ACL_DOWN_EVT:
449 BTM_TRACE_DEBUG("BTM_BLI_ACL_DOWN_EVT");
450 break;
451 case BTM_BLI_PAGE_EVT:
452 BTM_TRACE_DEBUG("BTM_BLI_PAGE_EVT");
453 btm_cb.is_paging = true;
454 evt.busy_level_flags = BTM_BL_PAGING_STARTED;
455 break;
456 case BTM_BLI_PAGE_DONE_EVT:
457 BTM_TRACE_DEBUG("BTM_BLI_PAGE_DONE_EVT");
458 btm_cb.is_paging = false;
459 evt.busy_level_flags = BTM_BL_PAGING_COMPLETE;
460 break;
461 case BTM_BLI_INQ_EVT:
462 BTM_TRACE_DEBUG("BTM_BLI_INQ_EVT");
463 btm_cb.is_inquiry = true;
464 evt.busy_level_flags = BTM_BL_INQUIRY_STARTED;
465 break;
466 case BTM_BLI_INQ_CANCEL_EVT:
467 BTM_TRACE_DEBUG("BTM_BLI_INQ_CANCEL_EVT");
468 btm_cb.is_inquiry = false;
469 evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED;
470 break;
471 case BTM_BLI_INQ_DONE_EVT:
472 BTM_TRACE_DEBUG("BTM_BLI_INQ_DONE_EVT");
473 btm_cb.is_inquiry = false;
474 evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE;
475 break;
476 }
477
478 uint8_t busy_level;
479 if (btm_cb.is_paging || btm_cb.is_inquiry)
480 busy_level = 10;
481 else
482 busy_level = BTM_GetNumAclLinks();
483
484 if ((busy_level != btm_cb.busy_level) ||
485 (old_inquiry_state != btm_cb.is_inquiry)) {
486 evt.event = BTM_BL_UPDATE_EVT;
487 evt.busy_level = busy_level;
488 btm_cb.busy_level = busy_level;
489 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK)) {
490 (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA*)&evt);
491 }
492 }
493 }
494
495 /*******************************************************************************
496 *
497 * Function BTM_GetRole
498 *
499 * Description This function is called to get the role of the local device
500 * for the ACL connection with the specified remote device
501 *
502 * Returns BTM_SUCCESS if connection exists.
503 * BTM_UNKNOWN_ADDR if no active link with bd addr specified
504 *
505 ******************************************************************************/
BTM_GetRole(BD_ADDR remote_bd_addr,uint8_t * p_role)506 tBTM_STATUS BTM_GetRole(BD_ADDR remote_bd_addr, uint8_t* p_role) {
507 tACL_CONN* p;
508 BTM_TRACE_DEBUG("BTM_GetRole");
509 p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
510 if (p == NULL) {
511 *p_role = BTM_ROLE_UNDEFINED;
512 return (BTM_UNKNOWN_ADDR);
513 }
514
515 /* Get the current role */
516 *p_role = p->link_role;
517 return (BTM_SUCCESS);
518 }
519
520 /*******************************************************************************
521 *
522 * Function BTM_SwitchRole
523 *
524 * Description This function is called to switch role between master and
525 * slave. If role is already set it will do nothing. If the
526 * command was initiated, the callback function is called upon
527 * completion.
528 *
529 * Returns BTM_SUCCESS if already in specified role.
530 * BTM_CMD_STARTED if command issued to controller.
531 * BTM_NO_RESOURCES if couldn't allocate memory to issue
532 * command
533 * BTM_UNKNOWN_ADDR if no active link with bd addr specified
534 * BTM_MODE_UNSUPPORTED if local device does not support role
535 * switching
536 * BTM_BUSY if the previous command is not completed
537 *
538 ******************************************************************************/
BTM_SwitchRole(BD_ADDR remote_bd_addr,uint8_t new_role,tBTM_CMPL_CB * p_cb)539 tBTM_STATUS BTM_SwitchRole(BD_ADDR remote_bd_addr, uint8_t new_role,
540 tBTM_CMPL_CB* p_cb) {
541 tACL_CONN* p;
542 tBTM_SEC_DEV_REC* p_dev_rec = NULL;
543 #if (BTM_SCO_INCLUDED == TRUE)
544 bool is_sco_active;
545 #endif
546 tBTM_STATUS status;
547 tBTM_PM_MODE pwr_mode;
548 tBTM_PM_PWR_MD settings;
549 BD_ADDR_PTR p_bda;
550 BTM_TRACE_API("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x",
551 remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2],
552 remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]);
553
554 /* Make sure the local device supports switching */
555 if (!controller_get_interface()->supports_master_slave_role_switch())
556 return (BTM_MODE_UNSUPPORTED);
557
558 if (btm_cb.devcb.p_switch_role_cb && p_cb) {
559 p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
560 BTM_TRACE_DEBUG(
561 "Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x",
562 p_bda[0], p_bda[1], p_bda[2], p_bda[3], p_bda[4], p_bda[5]);
563 return (BTM_BUSY);
564 }
565
566 p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
567 if (p == NULL) return (BTM_UNKNOWN_ADDR);
568
569 /* Finished if already in desired role */
570 if (p->link_role == new_role) return (BTM_SUCCESS);
571
572 #if (BTM_SCO_INCLUDED == TRUE)
573 /* Check if there is any SCO Active on this BD Address */
574 is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr);
575
576 if (is_sco_active == true) return (BTM_NO_RESOURCES);
577 #endif
578
579 /* Ignore role switch request if the previous request was not completed */
580 if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE) {
581 BTM_TRACE_DEBUG("BTM_SwitchRole busy: %d", p->switch_role_state);
582 return (BTM_BUSY);
583 }
584
585 status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode);
586 if (status != BTM_SUCCESS) return (status);
587
588 /* Wake up the link if in sniff or park before attempting switch */
589 if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF) {
590 memset((void*)&settings, 0, sizeof(settings));
591 settings.mode = BTM_PM_MD_ACTIVE;
592 status = BTM_SetPowerMode(BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
593 if (status != BTM_CMD_STARTED) return (BTM_WRONG_MODE);
594
595 p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
596 }
597 /* some devices do not support switch while encryption is on */
598 else {
599 p_dev_rec = btm_find_dev(remote_bd_addr);
600 if ((p_dev_rec != NULL) &&
601 ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) &&
602 !BTM_EPR_AVAILABLE(p)) {
603 /* bypass turning off encryption if change link key is already doing it */
604 if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF) {
605 btsnd_hcic_set_conn_encrypt(p->hci_handle, false);
606 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
607 }
608
609 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
610 } else {
611 btsnd_hcic_switch_role(remote_bd_addr, new_role);
612 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
613
614 #if (BTM_DISC_DURING_RS == TRUE)
615 if (p_dev_rec) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
616 #endif
617 }
618 }
619
620 /* Initialize return structure in case request fails */
621 if (p_cb) {
622 memcpy(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr,
623 BD_ADDR_LEN);
624 btm_cb.devcb.switch_role_ref_data.role = new_role;
625 /* initialized to an error code */
626 btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE;
627 btm_cb.devcb.p_switch_role_cb = p_cb;
628 }
629 return (BTM_CMD_STARTED);
630 }
631
632 /*******************************************************************************
633 *
634 * Function btm_acl_encrypt_change
635 *
636 * Description This function is when encryption of the connection is
637 * completed by the LM. Checks to see if a role switch or
638 * change of link key was active and initiates or continues
639 * process if needed.
640 *
641 * Returns void
642 *
643 ******************************************************************************/
btm_acl_encrypt_change(uint16_t handle,uint8_t status,uint8_t encr_enable)644 void btm_acl_encrypt_change(uint16_t handle, uint8_t status,
645 uint8_t encr_enable) {
646 tACL_CONN* p;
647 uint8_t xx;
648 tBTM_SEC_DEV_REC* p_dev_rec;
649 tBTM_BL_ROLE_CHG_DATA evt;
650
651 BTM_TRACE_DEBUG("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d",
652 handle, status, encr_enable);
653 xx = btm_handle_to_acl_index(handle);
654 /* don't assume that we can never get a bad hci_handle */
655 if (xx < MAX_L2CAP_LINKS)
656 p = &btm_cb.acl_db[xx];
657 else
658 return;
659
660 /* Process Role Switch if active */
661 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF) {
662 /* if encryption turn off failed we still will try to switch role */
663 if (encr_enable) {
664 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
665 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
666 } else {
667 p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING;
668 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
669 }
670
671 btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role);
672 #if (BTM_DISC_DURING_RS == TRUE)
673 p_dev_rec = btm_find_dev(p->remote_addr);
674 if (p_dev_rec != NULL) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
675 #endif
676
677 }
678 /* Finished enabling Encryption after role switch */
679 else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON) {
680 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
681 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
682 btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status,
683 p->remote_addr);
684
685 /* if role change event is registered, report it now */
686 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) {
687 evt.event = BTM_BL_ROLE_CHG_EVT;
688 evt.new_role = btm_cb.devcb.switch_role_ref_data.role;
689 evt.p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
690 evt.hci_status = btm_cb.devcb.switch_role_ref_data.hci_status;
691 (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA*)&evt);
692
693 BTM_TRACE_DEBUG(
694 "Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
695 evt.new_role, evt.hci_status, p->switch_role_state);
696 }
697
698 #if (BTM_DISC_DURING_RS == TRUE)
699 /* If a disconnect is pending, issue it now that role switch has completed
700 */
701 p_dev_rec = btm_find_dev(p->remote_addr);
702 if (p_dev_rec != NULL) {
703 if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) {
704 BTM_TRACE_WARNING(
705 "btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!");
706 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
707 }
708 BTM_TRACE_ERROR(
709 "btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
710 PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending);
711 p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
712 }
713 #endif
714 }
715 }
716 /*******************************************************************************
717 *
718 * Function BTM_SetLinkPolicy
719 *
720 * Description Create and send HCI "Write Policy Set" command
721 *
722 * Returns status of the operation
723 *
724 ******************************************************************************/
BTM_SetLinkPolicy(BD_ADDR remote_bda,uint16_t * settings)725 tBTM_STATUS BTM_SetLinkPolicy(BD_ADDR remote_bda, uint16_t* settings) {
726 tACL_CONN* p;
727 uint8_t* localFeatures = BTM_ReadLocalFeatures();
728 BTM_TRACE_DEBUG("%s", __func__);
729 /* BTM_TRACE_API ("%s: requested settings: 0x%04x", __func__, *settings ); */
730
731 /* First, check if hold mode is supported */
732 if (*settings != HCI_DISABLE_ALL_LM_MODES) {
733 if ((*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) &&
734 (!HCI_SWITCH_SUPPORTED(localFeatures))) {
735 *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH);
736 BTM_TRACE_API("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)",
737 *settings);
738 }
739 if ((*settings & HCI_ENABLE_HOLD_MODE) &&
740 (!HCI_HOLD_MODE_SUPPORTED(localFeatures))) {
741 *settings &= (~HCI_ENABLE_HOLD_MODE);
742 BTM_TRACE_API("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)",
743 *settings);
744 }
745 if ((*settings & HCI_ENABLE_SNIFF_MODE) &&
746 (!HCI_SNIFF_MODE_SUPPORTED(localFeatures))) {
747 *settings &= (~HCI_ENABLE_SNIFF_MODE);
748 BTM_TRACE_API("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)",
749 *settings);
750 }
751 if ((*settings & HCI_ENABLE_PARK_MODE) &&
752 (!HCI_PARK_MODE_SUPPORTED(localFeatures))) {
753 *settings &= (~HCI_ENABLE_PARK_MODE);
754 BTM_TRACE_API("BTM_SetLinkPolicy park not supported (settings: 0x%04x)",
755 *settings);
756 }
757 }
758
759 p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
760 if (p != NULL) {
761 btsnd_hcic_write_policy_set(p->hci_handle, *settings);
762 return BTM_CMD_STARTED;
763 }
764
765 /* If here, no BD Addr found */
766 return (BTM_UNKNOWN_ADDR);
767 }
768
769 /*******************************************************************************
770 *
771 * Function BTM_SetDefaultLinkPolicy
772 *
773 * Description Set the default value for HCI "Write Policy Set" command
774 * to use when an ACL link is created.
775 *
776 * Returns void
777 *
778 ******************************************************************************/
BTM_SetDefaultLinkPolicy(uint16_t settings)779 void BTM_SetDefaultLinkPolicy(uint16_t settings) {
780 uint8_t* localFeatures = BTM_ReadLocalFeatures();
781
782 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy setting:0x%04x", settings);
783
784 if ((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) &&
785 (!HCI_SWITCH_SUPPORTED(localFeatures))) {
786 settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
787 BTM_TRACE_DEBUG(
788 "BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)",
789 settings);
790 }
791 if ((settings & HCI_ENABLE_HOLD_MODE) &&
792 (!HCI_HOLD_MODE_SUPPORTED(localFeatures))) {
793 settings &= ~HCI_ENABLE_HOLD_MODE;
794 BTM_TRACE_DEBUG(
795 "BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)",
796 settings);
797 }
798 if ((settings & HCI_ENABLE_SNIFF_MODE) &&
799 (!HCI_SNIFF_MODE_SUPPORTED(localFeatures))) {
800 settings &= ~HCI_ENABLE_SNIFF_MODE;
801 BTM_TRACE_DEBUG(
802 "BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)",
803 settings);
804 }
805 if ((settings & HCI_ENABLE_PARK_MODE) &&
806 (!HCI_PARK_MODE_SUPPORTED(localFeatures))) {
807 settings &= ~HCI_ENABLE_PARK_MODE;
808 BTM_TRACE_DEBUG(
809 "BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)",
810 settings);
811 }
812 BTM_TRACE_DEBUG("Set DefaultLinkPolicy:0x%04x", settings);
813
814 btm_cb.btm_def_link_policy = settings;
815
816 /* Set the default Link Policy of the controller */
817 btsnd_hcic_write_def_policy_set(settings);
818 }
819
btm_use_preferred_conn_params(BD_ADDR bda)820 void btm_use_preferred_conn_params(BD_ADDR bda) {
821 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
822 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(bda);
823
824 /* If there are any preferred connection parameters, set them now */
825 if ((p_dev_rec->conn_params.min_conn_int >= BTM_BLE_CONN_INT_MIN) &&
826 (p_dev_rec->conn_params.min_conn_int <= BTM_BLE_CONN_INT_MAX) &&
827 (p_dev_rec->conn_params.max_conn_int >= BTM_BLE_CONN_INT_MIN) &&
828 (p_dev_rec->conn_params.max_conn_int <= BTM_BLE_CONN_INT_MAX) &&
829 (p_dev_rec->conn_params.slave_latency <= BTM_BLE_CONN_LATENCY_MAX) &&
830 (p_dev_rec->conn_params.supervision_tout >= BTM_BLE_CONN_SUP_TOUT_MIN) &&
831 (p_dev_rec->conn_params.supervision_tout <= BTM_BLE_CONN_SUP_TOUT_MAX) &&
832 ((p_lcb->min_interval < p_dev_rec->conn_params.min_conn_int &&
833 p_dev_rec->conn_params.min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) ||
834 (p_lcb->min_interval > p_dev_rec->conn_params.max_conn_int) ||
835 (p_lcb->latency > p_dev_rec->conn_params.slave_latency) ||
836 (p_lcb->timeout > p_dev_rec->conn_params.supervision_tout))) {
837 BTM_TRACE_DEBUG(
838 "%s: HANDLE=%d min_conn_int=%d max_conn_int=%d slave_latency=%d "
839 "supervision_tout=%d",
840 __func__, p_lcb->handle, p_dev_rec->conn_params.min_conn_int,
841 p_dev_rec->conn_params.max_conn_int,
842 p_dev_rec->conn_params.slave_latency,
843 p_dev_rec->conn_params.supervision_tout);
844
845 p_lcb->min_interval = p_dev_rec->conn_params.min_conn_int;
846 p_lcb->max_interval = p_dev_rec->conn_params.max_conn_int;
847 p_lcb->timeout = p_dev_rec->conn_params.supervision_tout;
848 p_lcb->latency = p_dev_rec->conn_params.slave_latency;
849
850 btsnd_hcic_ble_upd_ll_conn_params(
851 p_lcb->handle, p_dev_rec->conn_params.min_conn_int,
852 p_dev_rec->conn_params.max_conn_int,
853 p_dev_rec->conn_params.slave_latency,
854 p_dev_rec->conn_params.supervision_tout, 0, 0);
855 }
856 }
857
858 /*******************************************************************************
859 *
860 * Function btm_read_remote_version_complete
861 *
862 * Description This function is called when the command complete message
863 * is received from the HCI for the remote version info.
864 *
865 * Returns void
866 *
867 ******************************************************************************/
btm_read_remote_version_complete(uint8_t * p)868 void btm_read_remote_version_complete(uint8_t* p) {
869 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
870 uint8_t status;
871 uint16_t handle;
872 int xx;
873 BTM_TRACE_DEBUG("btm_read_remote_version_complete");
874
875 STREAM_TO_UINT8(status, p);
876 STREAM_TO_UINT16(handle, p);
877
878 /* Look up the connection by handle and copy features */
879 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) {
880 if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) {
881 if (status == HCI_SUCCESS) {
882 STREAM_TO_UINT8(p_acl_cb->lmp_version, p);
883 STREAM_TO_UINT16(p_acl_cb->manufacturer, p);
884 STREAM_TO_UINT16(p_acl_cb->lmp_subversion, p);
885 }
886
887 if (p_acl_cb->transport == BT_TRANSPORT_LE) {
888 l2cble_notify_le_connection(p_acl_cb->remote_addr);
889 btm_use_preferred_conn_params(p_acl_cb->remote_addr);
890 }
891 break;
892 }
893 }
894 }
895
896 /*******************************************************************************
897 *
898 * Function btm_process_remote_ext_features
899 *
900 * Description Local function called to process all extended features pages
901 * read from a remote device.
902 *
903 * Returns void
904 *
905 ******************************************************************************/
btm_process_remote_ext_features(tACL_CONN * p_acl_cb,uint8_t num_read_pages)906 void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
907 uint8_t num_read_pages) {
908 uint16_t handle = p_acl_cb->hci_handle;
909 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(handle);
910 uint8_t page_idx;
911
912 BTM_TRACE_DEBUG("btm_process_remote_ext_features");
913
914 /* Make sure we have the record to save remote features information */
915 if (p_dev_rec == NULL) {
916 /* Get a new device; might be doing dedicated bonding */
917 p_dev_rec = btm_find_or_alloc_dev(p_acl_cb->remote_addr);
918 }
919
920 p_acl_cb->num_read_pages = num_read_pages;
921 p_dev_rec->num_read_pages = num_read_pages;
922
923 /* Move the pages to placeholder */
924 for (page_idx = 0; page_idx < num_read_pages; page_idx++) {
925 if (page_idx > HCI_EXT_FEATURES_PAGE_MAX) {
926 BTM_TRACE_ERROR("%s: page=%d unexpected", __func__, page_idx);
927 break;
928 }
929 memcpy(p_dev_rec->feature_pages[page_idx],
930 p_acl_cb->peer_lmp_feature_pages[page_idx],
931 HCI_FEATURE_BYTES_PER_PAGE);
932 }
933
934 const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
935
936 /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
937 btm_sec_set_peer_sec_caps(p_acl_cb, p_dev_rec);
938
939 BTM_TRACE_API("%s: pend:%d", __func__, req_pend);
940 if (req_pend) {
941 /* Request for remaining Security Features (if any) */
942 l2cu_resubmit_pending_sec_req(p_dev_rec->bd_addr);
943 }
944 }
945
946 /*******************************************************************************
947 *
948 * Function btm_read_remote_features
949 *
950 * Description Local function called to send a read remote supported
951 * features/remote extended features page[0].
952 *
953 * Returns void
954 *
955 ******************************************************************************/
btm_read_remote_features(uint16_t handle)956 void btm_read_remote_features(uint16_t handle) {
957 uint8_t acl_idx;
958 tACL_CONN* p_acl_cb;
959
960 BTM_TRACE_DEBUG("btm_read_remote_features() handle: %d", handle);
961
962 acl_idx = btm_handle_to_acl_index(handle);
963 if (acl_idx >= MAX_L2CAP_LINKS) {
964 BTM_TRACE_ERROR("btm_read_remote_features handle=%d invalid", handle);
965 return;
966 }
967
968 p_acl_cb = &btm_cb.acl_db[acl_idx];
969 p_acl_cb->num_read_pages = 0;
970 memset(p_acl_cb->peer_lmp_feature_pages, 0,
971 sizeof(p_acl_cb->peer_lmp_feature_pages));
972
973 /* first send read remote supported features HCI command */
974 /* because we don't know whether the remote support extended feature command
975 */
976 btsnd_hcic_rmt_features_req(handle);
977 }
978
979 /*******************************************************************************
980 *
981 * Function btm_read_remote_ext_features
982 *
983 * Description Local function called to send a read remote extended
984 * features
985 *
986 * Returns void
987 *
988 ******************************************************************************/
btm_read_remote_ext_features(uint16_t handle,uint8_t page_number)989 void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number) {
990 BTM_TRACE_DEBUG("btm_read_remote_ext_features() handle: %d page: %d", handle,
991 page_number);
992
993 btsnd_hcic_rmt_ext_features(handle, page_number);
994 }
995
996 /*******************************************************************************
997 *
998 * Function btm_read_remote_features_complete
999 *
1000 * Description This function is called when the remote supported features
1001 * complete event is received from the HCI.
1002 *
1003 * Returns void
1004 *
1005 ******************************************************************************/
btm_read_remote_features_complete(uint8_t * p)1006 void btm_read_remote_features_complete(uint8_t* p) {
1007 tACL_CONN* p_acl_cb;
1008 uint8_t status;
1009 uint16_t handle;
1010 uint8_t acl_idx;
1011
1012 BTM_TRACE_DEBUG("btm_read_remote_features_complete");
1013 STREAM_TO_UINT8(status, p);
1014
1015 if (status != HCI_SUCCESS) {
1016 BTM_TRACE_ERROR("btm_read_remote_features_complete failed (status 0x%02x)",
1017 status);
1018 return;
1019 }
1020
1021 STREAM_TO_UINT16(handle, p);
1022
1023 acl_idx = btm_handle_to_acl_index(handle);
1024 if (acl_idx >= MAX_L2CAP_LINKS) {
1025 BTM_TRACE_ERROR("btm_read_remote_features_complete handle=%d invalid",
1026 handle);
1027 return;
1028 }
1029
1030 p_acl_cb = &btm_cb.acl_db[acl_idx];
1031
1032 /* Copy the received features page */
1033 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[0], p,
1034 HCI_FEATURE_BYTES_PER_PAGE);
1035
1036 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0])) &&
1037 (controller_get_interface()
1038 ->supports_reading_remote_extended_features())) {
1039 /* if the remote controller has extended features and local controller
1040 supports HCI_Read_Remote_Extended_Features command then start reading
1041 these feature starting with extended features page 1 */
1042 BTM_TRACE_DEBUG("Start reading remote extended features");
1043 btm_read_remote_ext_features(handle, 1);
1044 return;
1045 }
1046
1047 /* Remote controller has no extended features. Process remote controller
1048 supported features (features page 0). */
1049 btm_process_remote_ext_features(p_acl_cb, 1);
1050
1051 /* Continue with HCI connection establishment */
1052 btm_establish_continue(p_acl_cb);
1053 }
1054
1055 /*******************************************************************************
1056 *
1057 * Function btm_read_remote_ext_features_complete
1058 *
1059 * Description This function is called when the remote extended features
1060 * complete event is received from the HCI.
1061 *
1062 * Returns void
1063 *
1064 ******************************************************************************/
btm_read_remote_ext_features_complete(uint8_t * p)1065 void btm_read_remote_ext_features_complete(uint8_t* p) {
1066 tACL_CONN* p_acl_cb;
1067 uint8_t page_num, max_page;
1068 uint16_t handle;
1069 uint8_t acl_idx;
1070
1071 BTM_TRACE_DEBUG("btm_read_remote_ext_features_complete");
1072
1073 ++p;
1074 STREAM_TO_UINT16(handle, p);
1075 STREAM_TO_UINT8(page_num, p);
1076 STREAM_TO_UINT8(max_page, p);
1077
1078 /* Validate parameters */
1079 acl_idx = btm_handle_to_acl_index(handle);
1080 if (acl_idx >= MAX_L2CAP_LINKS) {
1081 BTM_TRACE_ERROR("btm_read_remote_ext_features_complete handle=%d invalid",
1082 handle);
1083 return;
1084 }
1085
1086 if (max_page > HCI_EXT_FEATURES_PAGE_MAX) {
1087 BTM_TRACE_ERROR("btm_read_remote_ext_features_complete page=%d unknown",
1088 max_page);
1089 return;
1090 }
1091
1092 p_acl_cb = &btm_cb.acl_db[acl_idx];
1093
1094 /* Copy the received features page */
1095 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[page_num], p,
1096 HCI_FEATURE_BYTES_PER_PAGE);
1097
1098 /* If there is the next remote features page and
1099 * we have space to keep this page data - read this page */
1100 if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX)) {
1101 page_num++;
1102 BTM_TRACE_DEBUG("BTM reads next remote extended features page (%d)",
1103 page_num);
1104 btm_read_remote_ext_features(handle, page_num);
1105 return;
1106 }
1107
1108 /* Reading of remote feature pages is complete */
1109 BTM_TRACE_DEBUG("BTM reached last remote extended features page (%d)",
1110 page_num);
1111
1112 /* Process the pages */
1113 btm_process_remote_ext_features(p_acl_cb, (uint8_t)(page_num + 1));
1114
1115 /* Continue with HCI connection establishment */
1116 btm_establish_continue(p_acl_cb);
1117 }
1118
1119 /*******************************************************************************
1120 *
1121 * Function btm_read_remote_ext_features_failed
1122 *
1123 * Description This function is called when the remote extended features
1124 * complete event returns a failed status.
1125 *
1126 * Returns void
1127 *
1128 ******************************************************************************/
btm_read_remote_ext_features_failed(uint8_t status,uint16_t handle)1129 void btm_read_remote_ext_features_failed(uint8_t status, uint16_t handle) {
1130 tACL_CONN* p_acl_cb;
1131 uint8_t acl_idx;
1132
1133 BTM_TRACE_WARNING(
1134 "btm_read_remote_ext_features_failed (status 0x%02x) for handle %d",
1135 status, handle);
1136
1137 acl_idx = btm_handle_to_acl_index(handle);
1138 if (acl_idx >= MAX_L2CAP_LINKS) {
1139 BTM_TRACE_ERROR("btm_read_remote_ext_features_failed handle=%d invalid",
1140 handle);
1141 return;
1142 }
1143
1144 p_acl_cb = &btm_cb.acl_db[acl_idx];
1145
1146 /* Process supported features only */
1147 btm_process_remote_ext_features(p_acl_cb, 1);
1148
1149 /* Continue HCI connection establishment */
1150 btm_establish_continue(p_acl_cb);
1151 }
1152
1153 /*******************************************************************************
1154 *
1155 * Function btm_establish_continue
1156 *
1157 * Description This function is called when the command complete message
1158 * is received from the HCI for the read local link policy
1159 * request.
1160 *
1161 * Returns void
1162 *
1163 ******************************************************************************/
btm_establish_continue(tACL_CONN * p_acl_cb)1164 void btm_establish_continue(tACL_CONN* p_acl_cb) {
1165 tBTM_BL_EVENT_DATA evt_data;
1166 BTM_TRACE_DEBUG("btm_establish_continue");
1167 #if (BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
1168 if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR) {
1169 /* For now there are a some devices that do not like sending */
1170 /* commands events and data at the same time. */
1171 /* Set the packet types to the default allowed by the device */
1172 btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
1173
1174 if (btm_cb.btm_def_link_policy)
1175 BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
1176 }
1177 #endif
1178 p_acl_cb->link_up_issued = true;
1179
1180 /* If anyone cares, tell him database changed */
1181 if (btm_cb.p_bl_changed_cb) {
1182 evt_data.event = BTM_BL_CONN_EVT;
1183 evt_data.conn.p_bda = p_acl_cb->remote_addr;
1184 evt_data.conn.p_bdn = p_acl_cb->remote_name;
1185 evt_data.conn.p_dc = p_acl_cb->remote_dc;
1186 evt_data.conn.p_features = p_acl_cb->peer_lmp_feature_pages[0];
1187 evt_data.conn.handle = p_acl_cb->hci_handle;
1188 evt_data.conn.transport = p_acl_cb->transport;
1189
1190 (*btm_cb.p_bl_changed_cb)(&evt_data);
1191 }
1192 btm_acl_update_busy_level(BTM_BLI_ACL_UP_EVT);
1193 }
1194
1195 /*******************************************************************************
1196 *
1197 * Function BTM_SetDefaultLinkSuperTout
1198 *
1199 * Description Set the default value for HCI "Write Link Supervision
1200 * Timeout"
1201 * command to use when an ACL link is created.
1202 *
1203 * Returns void
1204 *
1205 ******************************************************************************/
BTM_SetDefaultLinkSuperTout(uint16_t timeout)1206 void BTM_SetDefaultLinkSuperTout(uint16_t timeout) {
1207 BTM_TRACE_DEBUG("BTM_SetDefaultLinkSuperTout");
1208 btm_cb.btm_def_link_super_tout = timeout;
1209 }
1210
1211 /*******************************************************************************
1212 *
1213 * Function BTM_GetLinkSuperTout
1214 *
1215 * Description Read the link supervision timeout value of the connection
1216 *
1217 * Returns status of the operation
1218 *
1219 ******************************************************************************/
BTM_GetLinkSuperTout(BD_ADDR remote_bda,uint16_t * p_timeout)1220 tBTM_STATUS BTM_GetLinkSuperTout(BD_ADDR remote_bda, uint16_t* p_timeout) {
1221 tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1222
1223 BTM_TRACE_DEBUG("BTM_GetLinkSuperTout");
1224 if (p != (tACL_CONN*)NULL) {
1225 *p_timeout = p->link_super_tout;
1226 return (BTM_SUCCESS);
1227 }
1228 /* If here, no BD Addr found */
1229 return (BTM_UNKNOWN_ADDR);
1230 }
1231
1232 /*******************************************************************************
1233 *
1234 * Function BTM_SetLinkSuperTout
1235 *
1236 * Description Create and send HCI "Write Link Supervision Timeout" command
1237 *
1238 * Returns status of the operation
1239 *
1240 ******************************************************************************/
BTM_SetLinkSuperTout(BD_ADDR remote_bda,uint16_t timeout)1241 tBTM_STATUS BTM_SetLinkSuperTout(BD_ADDR remote_bda, uint16_t timeout) {
1242 tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1243
1244 BTM_TRACE_DEBUG("BTM_SetLinkSuperTout");
1245 if (p != (tACL_CONN*)NULL) {
1246 p->link_super_tout = timeout;
1247
1248 /* Only send if current role is Master; 2.0 spec requires this */
1249 if (p->link_role == BTM_ROLE_MASTER) {
1250 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID,
1251 p->hci_handle, timeout);
1252 return (BTM_CMD_STARTED);
1253 } else
1254 return (BTM_SUCCESS);
1255 }
1256
1257 /* If here, no BD Addr found */
1258 return (BTM_UNKNOWN_ADDR);
1259 }
1260
1261 /*******************************************************************************
1262 *
1263 * Function BTM_IsAclConnectionUp
1264 *
1265 * Description This function is called to check if an ACL connection exists
1266 * to a specific remote BD Address.
1267 *
1268 * Returns true if connection is up, else false.
1269 *
1270 ******************************************************************************/
BTM_IsAclConnectionUp(BD_ADDR remote_bda,tBT_TRANSPORT transport)1271 bool BTM_IsAclConnectionUp(BD_ADDR remote_bda, tBT_TRANSPORT transport) {
1272 tACL_CONN* p;
1273
1274 BTM_TRACE_API("BTM_IsAclConnectionUp: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1275 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
1276 remote_bda[4], remote_bda[5]);
1277
1278 p = btm_bda_to_acl(remote_bda, transport);
1279 if (p != (tACL_CONN*)NULL) {
1280 return (true);
1281 }
1282
1283 /* If here, no BD Addr found */
1284 return (false);
1285 }
1286
1287 /*******************************************************************************
1288 *
1289 * Function BTM_GetNumAclLinks
1290 *
1291 * Description This function is called to count the number of
1292 * ACL links that are active.
1293 *
1294 * Returns uint16_t Number of active ACL links
1295 *
1296 ******************************************************************************/
BTM_GetNumAclLinks(void)1297 uint16_t BTM_GetNumAclLinks(void) {
1298 uint16_t num_acl = 0;
1299
1300 for (uint16_t i = 0; i < MAX_L2CAP_LINKS; ++i) {
1301 if (btm_cb.acl_db[i].in_use) ++num_acl;
1302 }
1303
1304 return num_acl;
1305 }
1306
1307 /*******************************************************************************
1308 *
1309 * Function btm_get_acl_disc_reason_code
1310 *
1311 * Description This function is called to get the disconnection reason code
1312 * returned by the HCI at disconnection complete event.
1313 *
1314 * Returns true if connection is up, else false.
1315 *
1316 ******************************************************************************/
btm_get_acl_disc_reason_code(void)1317 uint16_t btm_get_acl_disc_reason_code(void) {
1318 uint8_t res = btm_cb.acl_disc_reason;
1319 BTM_TRACE_DEBUG("btm_get_acl_disc_reason_code");
1320 return (res);
1321 }
1322
1323 /*******************************************************************************
1324 *
1325 * Function BTM_GetHCIConnHandle
1326 *
1327 * Description This function is called to get the handle for an ACL
1328 * connection to a specific remote BD Address.
1329 *
1330 * Returns the handle of the connection, or 0xFFFF if none.
1331 *
1332 ******************************************************************************/
BTM_GetHCIConnHandle(const BD_ADDR remote_bda,tBT_TRANSPORT transport)1333 uint16_t BTM_GetHCIConnHandle(const BD_ADDR remote_bda,
1334 tBT_TRANSPORT transport) {
1335 tACL_CONN* p;
1336 BTM_TRACE_DEBUG("BTM_GetHCIConnHandle");
1337 p = btm_bda_to_acl(remote_bda, transport);
1338 if (p != (tACL_CONN*)NULL) {
1339 return (p->hci_handle);
1340 }
1341
1342 /* If here, no BD Addr found */
1343 return (0xFFFF);
1344 }
1345
1346 /*******************************************************************************
1347 *
1348 * Function btm_process_clk_off_comp_evt
1349 *
1350 * Description This function is called when clock offset command completes.
1351 *
1352 * Input Parms hci_handle - connection handle associated with the change
1353 * clock offset
1354 *
1355 * Returns void
1356 *
1357 ******************************************************************************/
btm_process_clk_off_comp_evt(uint16_t hci_handle,uint16_t clock_offset)1358 void btm_process_clk_off_comp_evt(uint16_t hci_handle, uint16_t clock_offset) {
1359 uint8_t xx;
1360 BTM_TRACE_DEBUG("btm_process_clk_off_comp_evt");
1361 /* Look up the connection by handle and set the current mode */
1362 xx = btm_handle_to_acl_index(hci_handle);
1363 if (xx < MAX_L2CAP_LINKS) btm_cb.acl_db[xx].clock_offset = clock_offset;
1364 }
1365
1366 /*******************************************************************************
1367 *
1368 * Function btm_acl_role_changed
1369 *
1370 * Description This function is called whan a link's master/slave role
1371 * change event or command status event (with error) is
1372 * received. It updates the link control block, and calls the
1373 * registered callback with status and role (if registered).
1374 *
1375 * Returns void
1376 *
1377 ******************************************************************************/
btm_acl_role_changed(uint8_t hci_status,BD_ADDR bd_addr,uint8_t new_role)1378 void btm_acl_role_changed(uint8_t hci_status, BD_ADDR bd_addr,
1379 uint8_t new_role) {
1380 uint8_t* p_bda =
1381 (bd_addr) ? bd_addr : btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
1382 tACL_CONN* p = btm_bda_to_acl(p_bda, BT_TRANSPORT_BR_EDR);
1383 tBTM_ROLE_SWITCH_CMPL* p_data = &btm_cb.devcb.switch_role_ref_data;
1384 tBTM_SEC_DEV_REC* p_dev_rec;
1385 tBTM_BL_ROLE_CHG_DATA evt;
1386
1387 BTM_TRACE_DEBUG("btm_acl_role_changed");
1388 /* Ignore any stray events */
1389 if (p == NULL) {
1390 /* it could be a failure */
1391 if (hci_status != HCI_SUCCESS)
1392 btm_acl_report_role_change(hci_status, bd_addr);
1393 return;
1394 }
1395
1396 p_data->hci_status = hci_status;
1397
1398 if (hci_status == HCI_SUCCESS) {
1399 p_data->role = new_role;
1400 memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN);
1401
1402 /* Update cached value */
1403 p->link_role = new_role;
1404
1405 /* Reload LSTO: link supervision timeout is reset in the LM after a role
1406 * switch */
1407 if (new_role == BTM_ROLE_MASTER) {
1408 BTM_SetLinkSuperTout(p->remote_addr, p->link_super_tout);
1409 }
1410 } else {
1411 /* so the BTM_BL_ROLE_CHG_EVT uses the old role */
1412 new_role = p->link_role;
1413 }
1414
1415 /* Check if any SCO req is pending for role change */
1416 btm_sco_chk_pend_rolechange(p->hci_handle);
1417
1418 /* if switching state is switching we need to turn encryption on */
1419 /* if idle, we did not change encryption */
1420 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING) {
1421 btsnd_hcic_set_conn_encrypt(p->hci_handle, true);
1422 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
1423 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
1424 return;
1425 }
1426
1427 /* Set the switch_role_state to IDLE since the reply received from HCI */
1428 /* regardless of its result either success or failed. */
1429 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS) {
1430 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
1431 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
1432 }
1433
1434 /* if role switch complete is needed, report it now */
1435 btm_acl_report_role_change(hci_status, bd_addr);
1436
1437 /* if role change event is registered, report it now */
1438 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) {
1439 evt.event = BTM_BL_ROLE_CHG_EVT;
1440 evt.new_role = new_role;
1441 evt.p_bda = p_bda;
1442 evt.hci_status = hci_status;
1443 (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA*)&evt);
1444 }
1445
1446 BTM_TRACE_DEBUG(
1447 "Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
1448 p_data->role, p_data->hci_status, p->switch_role_state);
1449
1450 #if (BTM_DISC_DURING_RS == TRUE)
1451 /* If a disconnect is pending, issue it now that role switch has completed */
1452 p_dev_rec = btm_find_dev(p_bda);
1453 if (p_dev_rec != NULL) {
1454 if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) {
1455 BTM_TRACE_WARNING(
1456 "btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!");
1457 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
1458 }
1459 BTM_TRACE_ERROR("tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
1460 PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending);
1461 p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
1462 }
1463
1464 #endif
1465 }
1466
1467 /*******************************************************************************
1468 *
1469 * Function BTM_AllocateSCN
1470 *
1471 * Description Look through the Server Channel Numbers for a free one.
1472 *
1473 * Returns Allocated SCN number or 0 if none.
1474 *
1475 ******************************************************************************/
1476
BTM_AllocateSCN(void)1477 uint8_t BTM_AllocateSCN(void) {
1478 uint8_t x;
1479 BTM_TRACE_DEBUG("BTM_AllocateSCN");
1480
1481 // stack reserves scn 1 for HFP, HSP we still do the correct way
1482 for (x = 1; x < BTM_MAX_SCN; x++) {
1483 if (!btm_cb.btm_scn[x]) {
1484 btm_cb.btm_scn[x] = true;
1485 return (x + 1);
1486 }
1487 }
1488
1489 return (0); /* No free ports */
1490 }
1491
1492 /*******************************************************************************
1493 *
1494 * Function BTM_TryAllocateSCN
1495 *
1496 * Description Try to allocate a fixed server channel
1497 *
1498 * Returns Returns true if server channel was available
1499 *
1500 ******************************************************************************/
1501
BTM_TryAllocateSCN(uint8_t scn)1502 bool BTM_TryAllocateSCN(uint8_t scn) {
1503 /* Make sure we don't exceed max port range.
1504 * Stack reserves scn 1 for HFP, HSP we still do the correct way.
1505 */
1506 if ((scn >= BTM_MAX_SCN) || (scn == 1)) return false;
1507
1508 /* check if this port is available */
1509 if (!btm_cb.btm_scn[scn - 1]) {
1510 btm_cb.btm_scn[scn - 1] = true;
1511 return true;
1512 }
1513
1514 return (false); /* Port was busy */
1515 }
1516
1517 /*******************************************************************************
1518 *
1519 * Function BTM_FreeSCN
1520 *
1521 * Description Free the specified SCN.
1522 *
1523 * Returns true or false
1524 *
1525 ******************************************************************************/
BTM_FreeSCN(uint8_t scn)1526 bool BTM_FreeSCN(uint8_t scn) {
1527 BTM_TRACE_DEBUG("BTM_FreeSCN ");
1528 if (scn <= BTM_MAX_SCN) {
1529 btm_cb.btm_scn[scn - 1] = false;
1530 return (true);
1531 } else
1532 return (false); /* Illegal SCN passed in */
1533 }
1534
1535 /*******************************************************************************
1536 *
1537 * Function btm_set_packet_types
1538 *
1539 * Description This function sets the packet types used for a specific
1540 * ACL connection. It is called internally by btm_acl_created
1541 * or by an application/profile by BTM_SetPacketTypes.
1542 *
1543 * Returns status of the operation
1544 *
1545 ******************************************************************************/
btm_set_packet_types(tACL_CONN * p,uint16_t pkt_types)1546 tBTM_STATUS btm_set_packet_types(tACL_CONN* p, uint16_t pkt_types) {
1547 uint16_t temp_pkt_types;
1548 BTM_TRACE_DEBUG("btm_set_packet_types");
1549 /* Save in the ACL control blocks, types that we support */
1550 temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK &
1551 btm_cb.btm_acl_pkt_types_supported);
1552
1553 /* OR in any exception packet types if at least 2.0 version of spec */
1554 temp_pkt_types |=
1555 ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) |
1556 (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK));
1557
1558 /* Exclude packet types not supported by the peer */
1559 btm_acl_chk_peer_pkt_type_support(p, &temp_pkt_types);
1560
1561 BTM_TRACE_DEBUG("SetPacketType Mask -> 0x%04x", temp_pkt_types);
1562
1563 btsnd_hcic_change_conn_type(p->hci_handle, temp_pkt_types);
1564 p->pkt_types_mask = temp_pkt_types;
1565
1566 return (BTM_CMD_STARTED);
1567 }
1568
1569 /*******************************************************************************
1570 *
1571 * Function btm_get_max_packet_size
1572 *
1573 * Returns Returns maximum packet size that can be used for current
1574 * connection, 0 if connection is not established
1575 *
1576 ******************************************************************************/
btm_get_max_packet_size(BD_ADDR addr)1577 uint16_t btm_get_max_packet_size(BD_ADDR addr) {
1578 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1579 uint16_t pkt_types = 0;
1580 uint16_t pkt_size = 0;
1581 BTM_TRACE_DEBUG("btm_get_max_packet_size");
1582 if (p != NULL) {
1583 pkt_types = p->pkt_types_mask;
1584 } else {
1585 /* Special case for when info for the local device is requested */
1586 if (memcmp(controller_get_interface()->get_address(), addr, BD_ADDR_LEN) ==
1587 0) {
1588 pkt_types = btm_cb.btm_acl_pkt_types_supported;
1589 }
1590 }
1591
1592 if (pkt_types) {
1593 if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5))
1594 pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
1595 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5))
1596 pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
1597 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3))
1598 pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
1599 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5)
1600 pkt_size = HCI_DH5_PACKET_SIZE;
1601 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3))
1602 pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
1603 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5)
1604 pkt_size = HCI_DM5_PACKET_SIZE;
1605 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3)
1606 pkt_size = HCI_DH3_PACKET_SIZE;
1607 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3)
1608 pkt_size = HCI_DM3_PACKET_SIZE;
1609 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1))
1610 pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
1611 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1))
1612 pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
1613 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1)
1614 pkt_size = HCI_DH1_PACKET_SIZE;
1615 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1)
1616 pkt_size = HCI_DM1_PACKET_SIZE;
1617 }
1618
1619 return (pkt_size);
1620 }
1621
1622 /*******************************************************************************
1623 *
1624 * Function BTM_ReadRemoteVersion
1625 *
1626 * Returns If connected report peer device info
1627 *
1628 ******************************************************************************/
BTM_ReadRemoteVersion(BD_ADDR addr,uint8_t * lmp_version,uint16_t * manufacturer,uint16_t * lmp_sub_version)1629 tBTM_STATUS BTM_ReadRemoteVersion(BD_ADDR addr, uint8_t* lmp_version,
1630 uint16_t* manufacturer,
1631 uint16_t* lmp_sub_version) {
1632 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1633 BTM_TRACE_DEBUG("BTM_ReadRemoteVersion");
1634 if (p == NULL) return (BTM_UNKNOWN_ADDR);
1635
1636 if (lmp_version) *lmp_version = p->lmp_version;
1637
1638 if (manufacturer) *manufacturer = p->manufacturer;
1639
1640 if (lmp_sub_version) *lmp_sub_version = p->lmp_subversion;
1641
1642 return (BTM_SUCCESS);
1643 }
1644
1645 /*******************************************************************************
1646 *
1647 * Function BTM_ReadRemoteFeatures
1648 *
1649 * Returns pointer to the remote supported features mask (8 bytes)
1650 *
1651 ******************************************************************************/
BTM_ReadRemoteFeatures(BD_ADDR addr)1652 uint8_t* BTM_ReadRemoteFeatures(BD_ADDR addr) {
1653 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1654 BTM_TRACE_DEBUG("BTM_ReadRemoteFeatures");
1655 if (p == NULL) {
1656 return (NULL);
1657 }
1658
1659 return (p->peer_lmp_feature_pages[0]);
1660 }
1661
1662 /*******************************************************************************
1663 *
1664 * Function BTM_ReadRemoteExtendedFeatures
1665 *
1666 * Returns pointer to the remote extended features mask (8 bytes)
1667 * or NULL if bad page
1668 *
1669 ******************************************************************************/
BTM_ReadRemoteExtendedFeatures(BD_ADDR addr,uint8_t page_number)1670 uint8_t* BTM_ReadRemoteExtendedFeatures(BD_ADDR addr, uint8_t page_number) {
1671 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1672 BTM_TRACE_DEBUG("BTM_ReadRemoteExtendedFeatures");
1673 if (p == NULL) {
1674 return (NULL);
1675 }
1676
1677 if (page_number > HCI_EXT_FEATURES_PAGE_MAX) {
1678 BTM_TRACE_ERROR("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown",
1679 page_number);
1680 return NULL;
1681 }
1682
1683 return (p->peer_lmp_feature_pages[page_number]);
1684 }
1685
1686 /*******************************************************************************
1687 *
1688 * Function BTM_ReadNumberRemoteFeaturesPages
1689 *
1690 * Returns number of features pages read from the remote device.
1691 *
1692 ******************************************************************************/
BTM_ReadNumberRemoteFeaturesPages(BD_ADDR addr)1693 uint8_t BTM_ReadNumberRemoteFeaturesPages(BD_ADDR addr) {
1694 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1695 BTM_TRACE_DEBUG("BTM_ReadNumberRemoteFeaturesPages");
1696 if (p == NULL) {
1697 return (0);
1698 }
1699
1700 return (p->num_read_pages);
1701 }
1702
1703 /*******************************************************************************
1704 *
1705 * Function BTM_ReadAllRemoteFeatures
1706 *
1707 * Returns pointer to all features of the remote (24 bytes).
1708 *
1709 ******************************************************************************/
BTM_ReadAllRemoteFeatures(BD_ADDR addr)1710 uint8_t* BTM_ReadAllRemoteFeatures(BD_ADDR addr) {
1711 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1712 BTM_TRACE_DEBUG("BTM_ReadAllRemoteFeatures");
1713 if (p == NULL) {
1714 return (NULL);
1715 }
1716
1717 return (p->peer_lmp_feature_pages[0]);
1718 }
1719
1720 /*******************************************************************************
1721 *
1722 * Function BTM_RegBusyLevelNotif
1723 *
1724 * Description This function is called to register a callback to receive
1725 * busy level change events.
1726 *
1727 * Returns BTM_SUCCESS if successfully registered, otherwise error
1728 *
1729 ******************************************************************************/
BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB * p_cb,uint8_t * p_level,tBTM_BL_EVENT_MASK evt_mask)1730 tBTM_STATUS BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB* p_cb, uint8_t* p_level,
1731 tBTM_BL_EVENT_MASK evt_mask) {
1732 BTM_TRACE_DEBUG("BTM_RegBusyLevelNotif");
1733 if (p_level) *p_level = btm_cb.busy_level;
1734
1735 btm_cb.bl_evt_mask = evt_mask;
1736
1737 if (!p_cb)
1738 btm_cb.p_bl_changed_cb = NULL;
1739 else if (btm_cb.p_bl_changed_cb)
1740 return (BTM_BUSY);
1741 else
1742 btm_cb.p_bl_changed_cb = p_cb;
1743
1744 return (BTM_SUCCESS);
1745 }
1746
1747 /*******************************************************************************
1748 *
1749 * Function BTM_SetQoS
1750 *
1751 * Description This function is called to setup QoS
1752 *
1753 * Returns status of the operation
1754 *
1755 ******************************************************************************/
BTM_SetQoS(BD_ADDR bd,FLOW_SPEC * p_flow,tBTM_CMPL_CB * p_cb)1756 tBTM_STATUS BTM_SetQoS(BD_ADDR bd, FLOW_SPEC* p_flow, tBTM_CMPL_CB* p_cb) {
1757 tACL_CONN* p = &btm_cb.acl_db[0];
1758
1759 BTM_TRACE_API("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x", bd[0], bd[1],
1760 bd[2], bd[3], bd[4], bd[5]);
1761
1762 /* If someone already waiting on the version, do not allow another */
1763 if (btm_cb.devcb.p_qos_setup_cmpl_cb) return (BTM_BUSY);
1764
1765 p = btm_bda_to_acl(bd, BT_TRANSPORT_BR_EDR);
1766 if (p != NULL) {
1767 btm_cb.devcb.p_qos_setup_cmpl_cb = p_cb;
1768 alarm_set_on_queue(btm_cb.devcb.qos_setup_timer, BTM_DEV_REPLY_TIMEOUT_MS,
1769 btm_qos_setup_timeout, NULL, btu_general_alarm_queue);
1770
1771 btsnd_hcic_qos_setup(p->hci_handle, p_flow->qos_flags, p_flow->service_type,
1772 p_flow->token_rate, p_flow->peak_bandwidth,
1773 p_flow->latency, p_flow->delay_variation);
1774 return (BTM_CMD_STARTED);
1775 }
1776
1777 /* If here, no BD Addr found */
1778 return (BTM_UNKNOWN_ADDR);
1779 }
1780
1781 /*******************************************************************************
1782 *
1783 * Function btm_qos_setup_timeout
1784 *
1785 * Description Callback when QoS setup times out.
1786 *
1787 * Returns void
1788 *
1789 ******************************************************************************/
btm_qos_setup_timeout(UNUSED_ATTR void * data)1790 void btm_qos_setup_timeout(UNUSED_ATTR void* data) {
1791 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb;
1792 btm_cb.devcb.p_qos_setup_cmpl_cb = NULL;
1793 if (p_cb) (*p_cb)((void*)NULL);
1794 }
1795
1796 /*******************************************************************************
1797 *
1798 * Function btm_qos_setup_complete
1799 *
1800 * Description This function is called when the command complete message
1801 * is received from the HCI for the qos setup request.
1802 *
1803 * Returns void
1804 *
1805 ******************************************************************************/
btm_qos_setup_complete(uint8_t status,uint16_t handle,FLOW_SPEC * p_flow)1806 void btm_qos_setup_complete(uint8_t status, uint16_t handle,
1807 FLOW_SPEC* p_flow) {
1808 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb;
1809 tBTM_QOS_SETUP_CMPL qossu;
1810
1811 BTM_TRACE_DEBUG("%s", __func__);
1812 alarm_cancel(btm_cb.devcb.qos_setup_timer);
1813 btm_cb.devcb.p_qos_setup_cmpl_cb = NULL;
1814
1815 /* If there was a registered callback, call it */
1816 if (p_cb) {
1817 memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL));
1818 qossu.status = status;
1819 qossu.handle = handle;
1820 if (p_flow != NULL) {
1821 qossu.flow.qos_flags = p_flow->qos_flags;
1822 qossu.flow.service_type = p_flow->service_type;
1823 qossu.flow.token_rate = p_flow->token_rate;
1824 qossu.flow.peak_bandwidth = p_flow->peak_bandwidth;
1825 qossu.flow.latency = p_flow->latency;
1826 qossu.flow.delay_variation = p_flow->delay_variation;
1827 }
1828 BTM_TRACE_DEBUG("BTM: p_flow->delay_variation: 0x%02x",
1829 qossu.flow.delay_variation);
1830 (*p_cb)(&qossu);
1831 }
1832 }
1833
1834 /*******************************************************************************
1835 *
1836 * Function BTM_ReadRSSI
1837 *
1838 * Description This function is called to read the link policy settings.
1839 * The address of link policy results are returned in the
1840 * callback.
1841 * (tBTM_RSSI_RESULTS)
1842 *
1843 * Returns BTM_CMD_STARTED if successfully initiated or error code
1844 *
1845 ******************************************************************************/
BTM_ReadRSSI(const BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)1846 tBTM_STATUS BTM_ReadRSSI(const BD_ADDR remote_bda, tBTM_CMPL_CB* p_cb) {
1847 tACL_CONN* p;
1848 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1849 tBT_DEVICE_TYPE dev_type;
1850 tBLE_ADDR_TYPE addr_type;
1851 BTM_TRACE_API("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1852 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
1853 remote_bda[4], remote_bda[5]);
1854
1855 /* If someone already waiting on the version, do not allow another */
1856 if (btm_cb.devcb.p_rssi_cmpl_cb) return (BTM_BUSY);
1857
1858 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1859 if (dev_type == BT_DEVICE_TYPE_BLE) transport = BT_TRANSPORT_LE;
1860
1861 p = btm_bda_to_acl(remote_bda, transport);
1862 if (p != (tACL_CONN*)NULL) {
1863 btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
1864 alarm_set_on_queue(btm_cb.devcb.read_rssi_timer, BTM_DEV_REPLY_TIMEOUT_MS,
1865 btm_read_rssi_timeout, NULL, btu_general_alarm_queue);
1866
1867 btsnd_hcic_read_rssi(p->hci_handle);
1868 return (BTM_CMD_STARTED);
1869 }
1870
1871 /* If here, no BD Addr found */
1872 return (BTM_UNKNOWN_ADDR);
1873 }
1874
1875 /*******************************************************************************
1876 *
1877 * Function BTM_ReadLinkQuality
1878 *
1879 * Description This function is called to read the link qulaity.
1880 * The value of the link quality is returned in the callback.
1881 * (tBTM_LINK_QUALITY_RESULTS)
1882 *
1883 * Returns BTM_CMD_STARTED if successfully initiated or error code
1884 *
1885 ******************************************************************************/
BTM_ReadLinkQuality(BD_ADDR remote_bda,tBTM_CMPL_CB * p_cb)1886 tBTM_STATUS BTM_ReadLinkQuality(BD_ADDR remote_bda, tBTM_CMPL_CB* p_cb) {
1887 tACL_CONN* p;
1888
1889 BTM_TRACE_API("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1890 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
1891 remote_bda[4], remote_bda[5]);
1892
1893 /* If someone already waiting on the version, do not allow another */
1894 if (btm_cb.devcb.p_link_qual_cmpl_cb) return (BTM_BUSY);
1895
1896 p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1897 if (p != (tACL_CONN*)NULL) {
1898 btm_cb.devcb.p_link_qual_cmpl_cb = p_cb;
1899 alarm_set_on_queue(btm_cb.devcb.read_link_quality_timer,
1900 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_link_quality_timeout,
1901 NULL, btu_general_alarm_queue);
1902
1903 btsnd_hcic_get_link_quality(p->hci_handle);
1904 return (BTM_CMD_STARTED);
1905 }
1906
1907 /* If here, no BD Addr found */
1908 return (BTM_UNKNOWN_ADDR);
1909 }
1910
1911 /*******************************************************************************
1912 *
1913 * Function BTM_ReadTxPower
1914 *
1915 * Description This function is called to read the current
1916 * TX power of the connection. The tx power level results
1917 * are returned in the callback.
1918 * (tBTM_RSSI_RESULTS)
1919 *
1920 * Returns BTM_CMD_STARTED if successfully initiated or error code
1921 *
1922 ******************************************************************************/
BTM_ReadTxPower(BD_ADDR remote_bda,tBT_TRANSPORT transport,tBTM_CMPL_CB * p_cb)1923 tBTM_STATUS BTM_ReadTxPower(BD_ADDR remote_bda, tBT_TRANSPORT transport,
1924 tBTM_CMPL_CB* p_cb) {
1925 tACL_CONN* p;
1926 #define BTM_READ_RSSI_TYPE_CUR 0x00
1927 #define BTM_READ_RSSI_TYPE_MAX 0X01
1928
1929 BTM_TRACE_API("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x",
1930 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
1931 remote_bda[4], remote_bda[5]);
1932
1933 /* If someone already waiting on the version, do not allow another */
1934 if (btm_cb.devcb.p_tx_power_cmpl_cb) return (BTM_BUSY);
1935
1936 p = btm_bda_to_acl(remote_bda, transport);
1937 if (p != (tACL_CONN*)NULL) {
1938 btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
1939 alarm_set_on_queue(btm_cb.devcb.read_tx_power_timer,
1940 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_tx_power_timeout,
1941 NULL, btu_general_alarm_queue);
1942
1943 if (p->transport == BT_TRANSPORT_LE) {
1944 memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN);
1945 btsnd_hcic_ble_read_adv_chnl_tx_power();
1946 } else {
1947 btsnd_hcic_read_tx_power(p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
1948 }
1949
1950 return (BTM_CMD_STARTED);
1951 }
1952
1953 /* If here, no BD Addr found */
1954 return (BTM_UNKNOWN_ADDR);
1955 }
1956
1957 /*******************************************************************************
1958 *
1959 * Function btm_read_tx_power_timeout
1960 *
1961 * Description Callback when reading the tx power times out.
1962 *
1963 * Returns void
1964 *
1965 ******************************************************************************/
btm_read_tx_power_timeout(UNUSED_ATTR void * data)1966 void btm_read_tx_power_timeout(UNUSED_ATTR void* data) {
1967 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
1968 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
1969 if (p_cb) (*p_cb)((void*)NULL);
1970 }
1971
1972 /*******************************************************************************
1973 *
1974 * Function btm_read_tx_power_complete
1975 *
1976 * Description This function is called when the command complete message
1977 * is received from the HCI for the read tx power request.
1978 *
1979 * Returns void
1980 *
1981 ******************************************************************************/
btm_read_tx_power_complete(uint8_t * p,bool is_ble)1982 void btm_read_tx_power_complete(uint8_t* p, bool is_ble) {
1983 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
1984 tBTM_TX_POWER_RESULTS results;
1985 uint16_t handle;
1986 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
1987 uint16_t index;
1988
1989 BTM_TRACE_DEBUG("%s", __func__);
1990 alarm_cancel(btm_cb.devcb.read_tx_power_timer);
1991 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
1992
1993 /* If there was a registered callback, call it */
1994 if (p_cb) {
1995 STREAM_TO_UINT8(results.hci_status, p);
1996
1997 if (results.hci_status == HCI_SUCCESS) {
1998 results.status = BTM_SUCCESS;
1999
2000 if (!is_ble) {
2001 STREAM_TO_UINT16(handle, p);
2002 STREAM_TO_UINT8(results.tx_power, p);
2003
2004 /* Search through the list of active channels for the correct BD Addr */
2005 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) {
2006 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) {
2007 memcpy(results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2008 break;
2009 }
2010 }
2011 } else {
2012 STREAM_TO_UINT8(results.tx_power, p);
2013 memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN);
2014 }
2015 BTM_TRACE_DEBUG("BTM TX power Complete: tx_power %d, hci status 0x%02x",
2016 results.tx_power, results.hci_status);
2017 } else
2018 results.status = BTM_ERR_PROCESSING;
2019
2020 (*p_cb)(&results);
2021 }
2022 }
2023
2024 /*******************************************************************************
2025 *
2026 * Function btm_read_rssi_timeout
2027 *
2028 * Description Callback when reading the RSSI times out.
2029 *
2030 * Returns void
2031 *
2032 ******************************************************************************/
btm_read_rssi_timeout(UNUSED_ATTR void * data)2033 void btm_read_rssi_timeout(UNUSED_ATTR void* data) {
2034 tBTM_RSSI_RESULTS results;
2035 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
2036 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2037 results.status = BTM_DEVICE_TIMEOUT;
2038 if (p_cb)
2039 (*p_cb)(&results);
2040 }
2041
2042 /*******************************************************************************
2043 *
2044 * Function btm_read_rssi_complete
2045 *
2046 * Description This function is called when the command complete message
2047 * is received from the HCI for the read rssi request.
2048 *
2049 * Returns void
2050 *
2051 ******************************************************************************/
btm_read_rssi_complete(uint8_t * p)2052 void btm_read_rssi_complete(uint8_t* p) {
2053 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
2054 tBTM_RSSI_RESULTS results;
2055 uint16_t handle;
2056 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
2057 uint16_t index;
2058
2059 BTM_TRACE_DEBUG("%s", __func__);
2060 alarm_cancel(btm_cb.devcb.read_rssi_timer);
2061 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
2062
2063 /* If there was a registered callback, call it */
2064 if (p_cb) {
2065 STREAM_TO_UINT8(results.hci_status, p);
2066
2067 if (results.hci_status == HCI_SUCCESS) {
2068 results.status = BTM_SUCCESS;
2069
2070 STREAM_TO_UINT16(handle, p);
2071
2072 STREAM_TO_UINT8(results.rssi, p);
2073 BTM_TRACE_DEBUG("BTM RSSI Complete: rssi %d, hci status 0x%02x",
2074 results.rssi, results.hci_status);
2075
2076 /* Search through the list of active channels for the correct BD Addr */
2077 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) {
2078 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) {
2079 memcpy(results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2080 break;
2081 }
2082 }
2083 } else
2084 results.status = BTM_ERR_PROCESSING;
2085
2086 (*p_cb)(&results);
2087 }
2088 }
2089
2090 /*******************************************************************************
2091 *
2092 * Function btm_read_link_quality_timeout
2093 *
2094 * Description Callback when reading the link quality times out.
2095 *
2096 * Returns void
2097 *
2098 ******************************************************************************/
btm_read_link_quality_timeout(UNUSED_ATTR void * data)2099 void btm_read_link_quality_timeout(UNUSED_ATTR void* data) {
2100 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2101 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2102 if (p_cb) (*p_cb)((void*)NULL);
2103 }
2104
2105 /*******************************************************************************
2106 *
2107 * Function btm_read_link_quality_complete
2108 *
2109 * Description This function is called when the command complete message
2110 * is received from the HCI for the read link quality.
2111 *
2112 * Returns void
2113 *
2114 ******************************************************************************/
btm_read_link_quality_complete(uint8_t * p)2115 void btm_read_link_quality_complete(uint8_t* p) {
2116 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2117 tBTM_LINK_QUALITY_RESULTS results;
2118 uint16_t handle;
2119 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
2120 uint16_t index;
2121
2122 BTM_TRACE_DEBUG("%s", __func__);
2123 alarm_cancel(btm_cb.devcb.read_link_quality_timer);
2124 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2125
2126 /* If there was a registered callback, call it */
2127 if (p_cb) {
2128 STREAM_TO_UINT8(results.hci_status, p);
2129
2130 if (results.hci_status == HCI_SUCCESS) {
2131 results.status = BTM_SUCCESS;
2132
2133 STREAM_TO_UINT16(handle, p);
2134
2135 STREAM_TO_UINT8(results.link_quality, p);
2136 BTM_TRACE_DEBUG(
2137 "BTM Link Quality Complete: Link Quality %d, hci status 0x%02x",
2138 results.link_quality, results.hci_status);
2139
2140 /* Search through the list of active channels for the correct BD Addr */
2141 for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) {
2142 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) {
2143 memcpy(results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
2144 break;
2145 }
2146 }
2147 } else
2148 results.status = BTM_ERR_PROCESSING;
2149
2150 (*p_cb)(&results);
2151 }
2152 }
2153
2154 /*******************************************************************************
2155 *
2156 * Function btm_remove_acl
2157 *
2158 * Description This function is called to disconnect an ACL connection
2159 *
2160 * Returns BTM_SUCCESS if successfully initiated, otherwise
2161 * BTM_NO_RESOURCES.
2162 *
2163 ******************************************************************************/
btm_remove_acl(BD_ADDR bd_addr,tBT_TRANSPORT transport)2164 tBTM_STATUS btm_remove_acl(BD_ADDR bd_addr, tBT_TRANSPORT transport) {
2165 uint16_t hci_handle = BTM_GetHCIConnHandle(bd_addr, transport);
2166 tBTM_STATUS status = BTM_SUCCESS;
2167
2168 BTM_TRACE_DEBUG("btm_remove_acl");
2169 #if (BTM_DISC_DURING_RS == TRUE)
2170 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
2171
2172 /* Role Switch is pending, postpone until completed */
2173 if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING)) {
2174 p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING;
2175 } else /* otherwise can disconnect right away */
2176 #endif
2177 {
2178 if (hci_handle != 0xFFFF && p_dev_rec &&
2179 p_dev_rec->sec_state != BTM_SEC_STATE_DISCONNECTING) {
2180 btsnd_hcic_disconnect(hci_handle, HCI_ERR_PEER_USER);
2181 } else
2182 status = BTM_UNKNOWN_ADDR;
2183 }
2184
2185 return status;
2186 }
2187
2188 /*******************************************************************************
2189 *
2190 * Function BTM_SetTraceLevel
2191 *
2192 * Description This function sets the trace level for BTM. If called with
2193 * a value of 0xFF, it simply returns the current trace level.
2194 *
2195 * Returns The new or current trace level
2196 *
2197 ******************************************************************************/
BTM_SetTraceLevel(uint8_t new_level)2198 uint8_t BTM_SetTraceLevel(uint8_t new_level) {
2199 BTM_TRACE_DEBUG("BTM_SetTraceLevel");
2200 if (new_level != 0xFF) btm_cb.trace_level = new_level;
2201
2202 return (btm_cb.trace_level);
2203 }
2204
2205 /*******************************************************************************
2206 *
2207 * Function btm_cont_rswitch
2208 *
2209 * Description This function is called to continue processing an active
2210 * role switch. It first disables encryption if enabled and
2211 * EPR is not supported
2212 *
2213 * Returns void
2214 *
2215 ******************************************************************************/
btm_cont_rswitch(tACL_CONN * p,tBTM_SEC_DEV_REC * p_dev_rec,uint8_t hci_status)2216 void btm_cont_rswitch(tACL_CONN* p, tBTM_SEC_DEV_REC* p_dev_rec,
2217 uint8_t hci_status) {
2218 BTM_TRACE_DEBUG("btm_cont_rswitch");
2219 /* Check to see if encryption needs to be turned off if pending
2220 change of link key or role switch */
2221 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) {
2222 /* Must turn off Encryption first if necessary */
2223 /* Some devices do not support switch or change of link key while encryption
2224 * is on */
2225 if (p_dev_rec != NULL &&
2226 ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) &&
2227 !BTM_EPR_AVAILABLE(p)) {
2228 btsnd_hcic_set_conn_encrypt(p->hci_handle, false);
2229 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
2230 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
2231 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
2232 } else /* Encryption not used or EPR supported, continue with switch
2233 and/or change of link key */
2234 {
2235 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) {
2236 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
2237 #if (BTM_DISC_DURING_RS == TRUE)
2238 if (p_dev_rec) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
2239 #endif
2240 btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role);
2241 }
2242 }
2243 }
2244 }
2245
2246 /*******************************************************************************
2247 *
2248 * Function btm_acl_resubmit_page
2249 *
2250 * Description send pending page request
2251 *
2252 ******************************************************************************/
btm_acl_resubmit_page(void)2253 void btm_acl_resubmit_page(void) {
2254 tBTM_SEC_DEV_REC* p_dev_rec;
2255 BT_HDR* p_buf;
2256 uint8_t* pp;
2257 BD_ADDR bda;
2258 BTM_TRACE_DEBUG("btm_acl_resubmit_page");
2259 /* If there were other page request schedule can start the next one */
2260 p_buf = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue);
2261 if (p_buf != NULL) {
2262 /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
2263 * for both create_conn and rmt_name */
2264 pp = (uint8_t*)(p_buf + 1) + p_buf->offset + 3;
2265
2266 STREAM_TO_BDADDR(bda, pp);
2267
2268 p_dev_rec = btm_find_or_alloc_dev(bda);
2269
2270 memcpy(btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
2271 memcpy(btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN);
2272
2273 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
2274 } else
2275 btm_cb.paging = false;
2276 }
2277
2278 /*******************************************************************************
2279 *
2280 * Function btm_acl_reset_paging
2281 *
2282 * Description set paging to false and free the page queue - called at
2283 * hci_reset
2284 *
2285 ******************************************************************************/
btm_acl_reset_paging(void)2286 void btm_acl_reset_paging(void) {
2287 BT_HDR* p;
2288 BTM_TRACE_DEBUG("btm_acl_reset_paging");
2289 /* If we sent reset we are definitely not paging any more */
2290 while ((p = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL)
2291 osi_free(p);
2292
2293 btm_cb.paging = false;
2294 }
2295
2296 /*******************************************************************************
2297 *
2298 * Function btm_acl_paging
2299 *
2300 * Description send a paging command or queue it in btm_cb
2301 *
2302 ******************************************************************************/
btm_acl_paging(BT_HDR * p,BD_ADDR bda)2303 void btm_acl_paging(BT_HDR* p, BD_ADDR bda) {
2304 tBTM_SEC_DEV_REC* p_dev_rec;
2305
2306 BTM_TRACE_DEBUG("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x",
2307 btm_cb.discing, btm_cb.paging,
2308 (bda[0] << 16) + (bda[1] << 8) + bda[2],
2309 (bda[3] << 16) + (bda[4] << 8) + bda[5]);
2310 if (btm_cb.discing) {
2311 btm_cb.paging = true;
2312 fixed_queue_enqueue(btm_cb.page_queue, p);
2313 } else {
2314 if (!BTM_ACL_IS_CONNECTED(bda)) {
2315 BTM_TRACE_DEBUG(
2316 "connecting_bda: %06x%06x",
2317 (btm_cb.connecting_bda[0] << 16) + (btm_cb.connecting_bda[1] << 8) +
2318 btm_cb.connecting_bda[2],
2319 (btm_cb.connecting_bda[3] << 16) + (btm_cb.connecting_bda[4] << 8) +
2320 btm_cb.connecting_bda[5]);
2321 if (btm_cb.paging &&
2322 memcmp(bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0) {
2323 fixed_queue_enqueue(btm_cb.page_queue, p);
2324 } else {
2325 p_dev_rec = btm_find_or_alloc_dev(bda);
2326 memcpy(btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
2327 memcpy(btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN);
2328
2329 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
2330 }
2331
2332 btm_cb.paging = true;
2333 } else /* ACL is already up */
2334 {
2335 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
2336 }
2337 }
2338 }
2339
2340 /*******************************************************************************
2341 *
2342 * Function btm_acl_notif_conn_collision
2343 *
2344 * Description Send connection collision event to upper layer if registered
2345 *
2346 * Returns true if sent out to upper layer,
2347 * false if no one needs the notification.
2348 *
2349 ******************************************************************************/
btm_acl_notif_conn_collision(BD_ADDR bda)2350 bool btm_acl_notif_conn_collision(BD_ADDR bda) {
2351 tBTM_BL_EVENT_DATA evt_data;
2352
2353 /* Report possible collision to the upper layer. */
2354 if (btm_cb.p_bl_changed_cb) {
2355 BTM_TRACE_DEBUG(
2356 "btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x",
2357 bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
2358
2359 evt_data.event = BTM_BL_COLLISION_EVT;
2360 evt_data.conn.p_bda = bda;
2361 evt_data.conn.transport = BT_TRANSPORT_BR_EDR;
2362 evt_data.conn.handle = BTM_INVALID_HCI_HANDLE;
2363 (*btm_cb.p_bl_changed_cb)(&evt_data);
2364 return true;
2365 } else
2366 return false;
2367 }
2368
2369 /*******************************************************************************
2370 *
2371 * Function btm_acl_chk_peer_pkt_type_support
2372 *
2373 * Description Check if peer supports requested packets
2374 *
2375 ******************************************************************************/
btm_acl_chk_peer_pkt_type_support(tACL_CONN * p,uint16_t * p_pkt_type)2376 void btm_acl_chk_peer_pkt_type_support(tACL_CONN* p, uint16_t* p_pkt_type) {
2377 /* 3 and 5 slot packets? */
2378 if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_feature_pages[0]))
2379 *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 + BTM_ACL_PKT_TYPES_MASK_DM3);
2380
2381 if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_feature_pages[0]))
2382 *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5);
2383
2384 /* 2 and 3 MPS support? */
2385 if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_feature_pages[0]))
2386 /* Not supported. Add 'not_supported' mask for all 2MPS packet types */
2387 *p_pkt_type |=
2388 (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 +
2389 BTM_ACL_PKT_TYPES_MASK_NO_2_DH5);
2390
2391 if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_feature_pages[0]))
2392 /* Not supported. Add 'not_supported' mask for all 3MPS packet types */
2393 *p_pkt_type |=
2394 (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 +
2395 BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2396
2397 /* EDR 3 and 5 slot support? */
2398 if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_feature_pages[0]) ||
2399 HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_feature_pages[0])) {
2400 if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_feature_pages[0]))
2401 /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types
2402 */
2403 *p_pkt_type |=
2404 (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3);
2405
2406 if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_feature_pages[0]))
2407 /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types
2408 */
2409 *p_pkt_type |=
2410 (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
2411 }
2412 }
2413