1 /******************************************************************************
2  *
3  *  Copyright (C) 2016 The Android Open Source Project
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #define LOG_TAG "bt_btif_scanner"
20 
21 #include <base/bind.h>
22 #include <base/threading/thread.h>
23 #include <errno.h>
24 #include <hardware/bluetooth.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <unordered_set>
29 #include "device/include/controller.h"
30 
31 #include "btcore/include/bdaddr.h"
32 #include "btif_common.h"
33 #include "btif_util.h"
34 
35 #include <hardware/bt_gatt.h>
36 
37 #include "advertise_data_parser.h"
38 #include "bta_api.h"
39 #include "bta_closure_api.h"
40 #include "bta_gatt_api.h"
41 #include "btif_config.h"
42 #include "btif_dm.h"
43 #include "btif_gatt.h"
44 #include "btif_gatt_util.h"
45 #include "btif_storage.h"
46 #include "osi/include/log.h"
47 #include "vendor_api.h"
48 
49 using base::Bind;
50 using base::Owned;
51 using std::vector;
52 using RegisterCallback = BleScannerInterface::RegisterCallback;
53 
54 extern const btgatt_callbacks_t* bt_gatt_callbacks;
55 
56 #define SCAN_CBACK_IN_JNI(P_CBACK, ...)                              \
57   do {                                                               \
58     if (bt_gatt_callbacks && bt_gatt_callbacks->scanner->P_CBACK) {  \
59       BTIF_TRACE_API("HAL bt_gatt_callbacks->client->%s", #P_CBACK); \
60       do_in_jni_thread(                                              \
61           Bind(bt_gatt_callbacks->scanner->P_CBACK, __VA_ARGS__));   \
62     } else {                                                         \
63       ASSERTC(0, "Callback is NULL", 0);                             \
64     }                                                                \
65   } while (0)
66 
67 namespace std {
68 template <>
69 struct hash<bt_bdaddr_t> {
operator ()std::hash70   size_t operator()(const bt_bdaddr_t& f) const {
71     return f.address[0] + f.address[1] + f.address[2] + f.address[3] +
72            f.address[4] + f.address[5];
73   }
74 };
75 
76 template <>
77 struct equal_to<bt_bdaddr_t> {
operator ()std::equal_to78   size_t operator()(const bt_bdaddr_t& x, const bt_bdaddr_t& y) const {
79     return memcmp(x.address, y.address, BD_ADDR_LEN);
80   }
81 };
82 }
83 
84 namespace {
85 
86 // all access to this variable should be done on the jni thread
87 std::unordered_set<bt_bdaddr_t> p_dev_cb;
88 
btif_gattc_add_remote_bdaddr(BD_ADDR p_bda,uint8_t addr_type)89 void btif_gattc_add_remote_bdaddr(BD_ADDR p_bda, uint8_t addr_type) {
90   bt_bdaddr_t bd_addr;
91   memcpy(bd_addr.address, p_bda, BD_ADDR_LEN);
92   p_dev_cb.insert(bd_addr);
93 }
94 
btif_gattc_find_bdaddr(BD_ADDR p_bda)95 bool btif_gattc_find_bdaddr(BD_ADDR p_bda) {
96   bt_bdaddr_t bd_addr;
97   memcpy(bd_addr.address, p_bda, BD_ADDR_LEN);
98   return (p_dev_cb.count(bd_addr) != 0);
99 }
100 
btif_gattc_init_dev_cb(void)101 void btif_gattc_init_dev_cb(void) { p_dev_cb.clear(); }
102 
btif_gatts_upstreams_evt(uint16_t event,char * p_param)103 void btif_gatts_upstreams_evt(uint16_t event, char* p_param) {
104   LOG_VERBOSE(LOG_TAG, "%s: Event %d", __func__, event);
105 
106   tBTA_GATTC* p_data = (tBTA_GATTC*)p_param;
107   switch (event) {
108     case BTA_GATTC_DEREG_EVT:
109       break;
110 
111     case BTA_GATTC_SEARCH_CMPL_EVT: {
112       HAL_CBACK(bt_gatt_callbacks, client->search_complete_cb,
113                 p_data->search_cmpl.conn_id, p_data->search_cmpl.status);
114       break;
115     }
116 
117     default:
118       LOG_DEBUG(LOG_TAG, "%s: Unhandled event (%d)", __func__, event);
119       break;
120   }
121 }
122 
bta_gatts_cback(tBTA_GATTC_EVT event,tBTA_GATTC * p_data)123 void bta_gatts_cback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
124   bt_status_t status =
125       btif_transfer_context(btif_gatts_upstreams_evt, (uint16_t)event,
126                             (char*)p_data, sizeof(tBTA_GATTC), NULL);
127   ASSERTC(status == BT_STATUS_SUCCESS, "Context transfer failed!", status);
128 }
129 
bta_batch_scan_threshold_cb(tBTM_BLE_REF_VALUE ref_value)130 void bta_batch_scan_threshold_cb(tBTM_BLE_REF_VALUE ref_value) {
131   SCAN_CBACK_IN_JNI(batchscan_threshold_cb, ref_value);
132 }
133 
bta_batch_scan_reports_cb(int client_id,tBTA_STATUS status,uint8_t report_format,uint8_t num_records,std::vector<uint8_t> data)134 void bta_batch_scan_reports_cb(int client_id, tBTA_STATUS status,
135                                uint8_t report_format, uint8_t num_records,
136                                std::vector<uint8_t> data) {
137   SCAN_CBACK_IN_JNI(batchscan_reports_cb, client_id, status, report_format,
138                     num_records, std::move(data));
139 }
140 
bta_scan_results_cb_impl(bt_bdaddr_t bd_addr,tBT_DEVICE_TYPE device_type,int8_t rssi,uint8_t addr_type,uint16_t ble_evt_type,uint8_t ble_primary_phy,uint8_t ble_secondary_phy,uint8_t ble_advertising_sid,int8_t ble_tx_power,uint16_t ble_periodic_adv_int,vector<uint8_t> value)141 void bta_scan_results_cb_impl(bt_bdaddr_t bd_addr, tBT_DEVICE_TYPE device_type,
142                               int8_t rssi, uint8_t addr_type,
143                               uint16_t ble_evt_type, uint8_t ble_primary_phy,
144                               uint8_t ble_secondary_phy,
145                               uint8_t ble_advertising_sid, int8_t ble_tx_power,
146                               uint16_t ble_periodic_adv_int,
147                               vector<uint8_t> value) {
148   uint8_t remote_name_len;
149   bt_device_type_t dev_type;
150   bt_property_t properties;
151 
152   const uint8_t* p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
153       value, BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
154 
155   if (p_eir_remote_name == NULL) {
156     p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
157         value, BT_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
158   }
159 
160   if ((addr_type != BLE_ADDR_RANDOM) || (p_eir_remote_name)) {
161     if (!btif_gattc_find_bdaddr(bd_addr.address)) {
162       btif_gattc_add_remote_bdaddr(bd_addr.address, addr_type);
163 
164       if (p_eir_remote_name) {
165         if (remote_name_len > BD_NAME_LEN + 1 ||
166             (remote_name_len == BD_NAME_LEN + 1 &&
167              p_eir_remote_name[BD_NAME_LEN] != '\0')) {
168           LOG_INFO(LOG_TAG,
169                    "%s dropping invalid packet - device name too long: %d",
170                    __func__, remote_name_len);
171           return;
172         }
173 
174         bt_bdname_t bdname;
175         memcpy(bdname.name, p_eir_remote_name, remote_name_len);
176         if (remote_name_len < BD_NAME_LEN + 1)
177           bdname.name[remote_name_len] = '\0';
178 
179         LOG_VERBOSE(LOG_TAG, "%s BLE device name=%s len=%d dev_type=%d",
180                     __func__, bdname.name, remote_name_len, device_type);
181         btif_dm_update_ble_remote_properties(bd_addr.address, bdname.name,
182                                              device_type);
183       }
184     }
185   }
186 
187   dev_type = (bt_device_type_t)device_type;
188   BTIF_STORAGE_FILL_PROPERTY(&properties, BT_PROPERTY_TYPE_OF_DEVICE,
189                              sizeof(dev_type), &dev_type);
190   btif_storage_set_remote_device_property(&(bd_addr), &properties);
191 
192   btif_storage_set_remote_addr_type(&bd_addr, addr_type);
193   HAL_CBACK(bt_gatt_callbacks, scanner->scan_result_cb, ble_evt_type, addr_type,
194             &bd_addr, ble_primary_phy, ble_secondary_phy, ble_advertising_sid,
195             ble_tx_power, rssi, ble_periodic_adv_int, std::move(value));
196 }
197 
bta_scan_results_cb(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_data)198 void bta_scan_results_cb(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH* p_data) {
199   uint8_t len;
200 
201   if (event == BTA_DM_INQ_CMPL_EVT) {
202     BTIF_TRACE_DEBUG("%s  BLE observe complete. Num Resp %d", __func__,
203                      p_data->inq_cmpl.num_resps);
204     return;
205   }
206 
207   if (event != BTA_DM_INQ_RES_EVT) {
208     BTIF_TRACE_WARNING("%s : Unknown event 0x%x", __func__, event);
209     return;
210   }
211 
212   vector<uint8_t> value;
213   if (p_data->inq_res.p_eir) {
214     value.insert(value.begin(), p_data->inq_res.p_eir,
215                  p_data->inq_res.p_eir + p_data->inq_res.eir_len);
216 
217     if (AdvertiseDataParser::GetFieldByType(
218             value, BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &len)) {
219       p_data->inq_res.remt_name_not_required = true;
220     }
221   }
222 
223   tBTA_DM_INQ_RES* r = &p_data->inq_res;
224   bt_bdaddr_t bdaddr;
225   bdcpy(bdaddr.address, r->bd_addr);
226   do_in_jni_thread(Bind(bta_scan_results_cb_impl, bdaddr, r->device_type,
227                         r->rssi, r->ble_addr_type, r->ble_evt_type,
228                         r->ble_primary_phy, r->ble_secondary_phy,
229                         r->ble_advertising_sid, r->ble_tx_power,
230                         r->ble_periodic_adv_int, std::move(value)));
231 }
232 
bta_track_adv_event_cb(tBTM_BLE_TRACK_ADV_DATA * p_track_adv_data)233 void bta_track_adv_event_cb(tBTM_BLE_TRACK_ADV_DATA* p_track_adv_data) {
234   btgatt_track_adv_info_t* btif_scan_track_cb = new btgatt_track_adv_info_t;
235 
236   BTIF_TRACE_DEBUG("%s", __func__);
237   btif_gatt_move_track_adv_data(btif_scan_track_cb,
238                                 (btgatt_track_adv_info_t*)p_track_adv_data);
239 
240   SCAN_CBACK_IN_JNI(track_adv_event_cb, Owned(btif_scan_track_cb));
241 }
242 
243 class BleScannerInterfaceImpl : public BleScannerInterface {
~BleScannerInterfaceImpl()244   ~BleScannerInterfaceImpl(){};
245 
RegisterScanner(RegisterCallback cb)246   void RegisterScanner(RegisterCallback cb) override {
247     do_in_bta_thread(FROM_HERE,
248                      Bind(
249                          [](RegisterCallback cb) {
250                            BTA_GATTC_AppRegister(
251                                bta_gatts_cback,
252                                jni_thread_wrapper(FROM_HERE, std::move(cb)));
253                          },
254                          std::move(cb)));
255   }
256 
Unregister(int scanner_id)257   void Unregister(int scanner_id) override {
258     do_in_bta_thread(FROM_HERE, Bind(&BTA_GATTC_AppDeregister, scanner_id));
259   }
260 
Scan(bool start)261   void Scan(bool start) override {
262     do_in_jni_thread(Bind(
263         [](bool start) {
264           if (!start) {
265             do_in_bta_thread(FROM_HERE,
266                              Bind(&BTA_DmBleObserve, false, 0, nullptr));
267             return;
268           }
269 
270           btif_gattc_init_dev_cb();
271           do_in_bta_thread(FROM_HERE,
272                            Bind(&BTA_DmBleObserve, true, 0,
273                                 (tBTA_DM_SEARCH_CBACK*)bta_scan_results_cb));
274         },
275         start));
276   }
277 
ScanFilterParamSetup(uint8_t client_if,uint8_t action,uint8_t filt_index,std::unique_ptr<btgatt_filt_param_setup_t> filt_param,FilterParamSetupCallback cb)278   void ScanFilterParamSetup(
279       uint8_t client_if, uint8_t action, uint8_t filt_index,
280       std::unique_ptr<btgatt_filt_param_setup_t> filt_param,
281       FilterParamSetupCallback cb) override {
282     BTIF_TRACE_DEBUG("%s", __func__);
283 
284     if (filt_param && filt_param->dely_mode == 1) {
285       do_in_bta_thread(
286           FROM_HERE, base::Bind(BTM_BleTrackAdvertiser, bta_track_adv_event_cb,
287                                 client_if));
288     }
289 
290     do_in_bta_thread(FROM_HERE,
291                      base::Bind(&BTM_BleAdvFilterParamSetup, action, filt_index,
292                                 base::Passed(&filt_param),
293                                 jni_thread_wrapper(FROM_HERE, std::move(cb))));
294   }
295 
ScanFilterAddRemove(int action,int filt_type,int filt_index,int company_id,int company_id_mask,const bt_uuid_t * p_uuid,const bt_uuid_t * p_uuid_mask,const bt_bdaddr_t * bd_addr,char addr_type,vector<uint8_t> data,vector<uint8_t> mask,FilterConfigCallback cb)296   void ScanFilterAddRemove(int action, int filt_type, int filt_index,
297                            int company_id, int company_id_mask,
298                            const bt_uuid_t* p_uuid,
299                            const bt_uuid_t* p_uuid_mask,
300                            const bt_bdaddr_t* bd_addr, char addr_type,
301                            vector<uint8_t> data, vector<uint8_t> mask,
302                            FilterConfigCallback cb) override {
303     BTIF_TRACE_DEBUG("%s, %d, %d", __func__, action, filt_type);
304 
305     /* If data is passed, both mask and data have to be the same length */
306     if (data.size() != mask.size() && data.size() != 0 && mask.size() != 0)
307       return;
308 
309     switch (filt_type) {
310       case BTM_BLE_PF_ADDR_FILTER: {
311         tBLE_BD_ADDR target_addr;
312         bdcpy(target_addr.bda, bd_addr->address);
313         target_addr.type = addr_type;
314 
315         do_in_bta_thread(
316             FROM_HERE,
317             base::Bind(&BTM_LE_PF_addr_filter, action, filt_index,
318                        std::move(target_addr),
319                        jni_thread_wrapper(FROM_HERE, Bind(cb, filt_type))));
320         return;
321       }
322 
323       case BTM_BLE_PF_SRVC_DATA:
324         do_in_bta_thread(FROM_HERE,
325                          base::Bind(&BTM_LE_PF_srvc_data, action, filt_index));
326         return;
327 
328       case BTM_BLE_PF_SRVC_UUID:
329       case BTM_BLE_PF_SRVC_SOL_UUID: {
330         tBT_UUID bt_uuid;
331         btif_to_bta_uuid(&bt_uuid, p_uuid);
332 
333         if (p_uuid_mask == NULL) {
334           do_in_bta_thread(
335               FROM_HERE,
336               base::Bind(&BTM_LE_PF_uuid_filter, action, filt_index, filt_type,
337                          bt_uuid, BTM_BLE_PF_LOGIC_AND, nullptr,
338                          jni_thread_wrapper(FROM_HERE, Bind(cb, filt_type))));
339           return;
340         }
341 
342         tBTM_BLE_PF_COND_MASK* mask = new tBTM_BLE_PF_COND_MASK;
343         btif_to_bta_uuid_mask(mask, p_uuid_mask, p_uuid);
344         do_in_bta_thread(
345             FROM_HERE,
346             base::Bind(&BTM_LE_PF_uuid_filter, action, filt_index, filt_type,
347                        bt_uuid, BTM_BLE_PF_LOGIC_AND, base::Owned(mask),
348                        jni_thread_wrapper(FROM_HERE, Bind(cb, filt_type))));
349         return;
350       }
351 
352       case BTM_BLE_PF_LOCAL_NAME: {
353         do_in_bta_thread(
354             FROM_HERE,
355             base::Bind(&BTM_LE_PF_local_name, action, filt_index,
356                        std::move(data),
357                        jni_thread_wrapper(FROM_HERE, Bind(cb, filt_type))));
358         return;
359       }
360 
361       case BTM_BLE_PF_MANU_DATA: {
362         do_in_bta_thread(
363             FROM_HERE,
364             base::Bind(&BTM_LE_PF_manu_data, action, filt_index, company_id,
365                        company_id_mask, std::move(data), std::move(mask),
366                        jni_thread_wrapper(FROM_HERE, Bind(cb, filt_type))));
367         return;
368       }
369 
370       case BTM_BLE_PF_SRVC_DATA_PATTERN: {
371         do_in_bta_thread(
372             FROM_HERE,
373             base::Bind(&BTM_LE_PF_srvc_data_pattern, action, filt_index,
374                        std::move(data), std::move(mask),
375                        jni_thread_wrapper(FROM_HERE, Bind(cb, filt_type))));
376         return;
377       }
378 
379       default:
380         LOG_ERROR(LOG_TAG, "%s: Unknown filter type (%d)!", __func__, action);
381         return;
382     }
383   }
384 
ScanFilterClear(int filter_index,FilterConfigCallback cb)385   void ScanFilterClear(int filter_index, FilterConfigCallback cb) override {
386     BTIF_TRACE_DEBUG("%s: filter_index: %d", __func__, filter_index);
387     do_in_bta_thread(FROM_HERE,
388                      base::Bind(&BTM_LE_PF_clear, filter_index,
389                                 jni_thread_wrapper(
390                                     FROM_HERE, Bind(cb, BTM_BLE_PF_TYPE_ALL))));
391   }
392 
ScanFilterEnable(bool enable,EnableCallback cb)393   void ScanFilterEnable(bool enable, EnableCallback cb) override {
394     BTIF_TRACE_DEBUG("%s: enable: %d", __func__, enable);
395 
396     uint8_t action = enable ? 1 : 0;
397     do_in_bta_thread(FROM_HERE,
398                      base::Bind(&BTM_BleEnableDisableFilterFeature, action,
399                                 jni_thread_wrapper(FROM_HERE, std::move(cb))));
400   }
401 
SetScanParameters(int scan_interval,int scan_window,Callback cb)402   void SetScanParameters(int scan_interval, int scan_window,
403                          Callback cb) override {
404     do_in_bta_thread(
405         FROM_HERE, base::Bind(&BTM_BleSetScanParams, scan_interval, scan_window,
406                               BTM_BLE_SCAN_MODE_ACTI,
407                               jni_thread_wrapper(FROM_HERE, std::move(cb))));
408   }
409 
BatchscanConfigStorage(int client_if,int batch_scan_full_max,int batch_scan_trunc_max,int batch_scan_notify_threshold,Callback cb)410   void BatchscanConfigStorage(int client_if, int batch_scan_full_max,
411                               int batch_scan_trunc_max,
412                               int batch_scan_notify_threshold,
413                               Callback cb) override {
414     do_in_bta_thread(
415         FROM_HERE,
416         base::Bind(&BTM_BleSetStorageConfig, (uint8_t)batch_scan_full_max,
417                    (uint8_t)batch_scan_trunc_max,
418                    (uint8_t)batch_scan_notify_threshold,
419                    jni_thread_wrapper(FROM_HERE, cb),
420                    bta_batch_scan_threshold_cb, (tBTM_BLE_REF_VALUE)client_if));
421   }
422 
BatchscanEnable(int scan_mode,int scan_interval,int scan_window,int addr_type,int discard_rule,Callback cb)423   void BatchscanEnable(int scan_mode, int scan_interval, int scan_window,
424                        int addr_type, int discard_rule, Callback cb) override {
425     do_in_bta_thread(
426         FROM_HERE, base::Bind(&BTM_BleEnableBatchScan, scan_mode, scan_interval,
427                               scan_window, discard_rule, addr_type,
428                               jni_thread_wrapper(FROM_HERE, cb)));
429   }
430 
BatchscanDisable(Callback cb)431   void BatchscanDisable(Callback cb) override {
432     do_in_bta_thread(FROM_HERE, base::Bind(&BTM_BleDisableBatchScan,
433                                            jni_thread_wrapper(FROM_HERE, cb)));
434   }
435 
BatchscanReadReports(int client_if,int scan_mode)436   void BatchscanReadReports(int client_if, int scan_mode) override {
437     do_in_bta_thread(FROM_HERE,
438                      base::Bind(&BTM_BleReadScanReports, (uint8_t)scan_mode,
439                                 Bind(bta_batch_scan_reports_cb, client_if)));
440   }
441 
StartSync(uint8_t sid,bt_bdaddr_t address,uint16_t skip,uint16_t timeout,StartSyncCb start_cb,SyncReportCb report_cb,SyncLostCb lost_cb)442   void StartSync(uint8_t sid, bt_bdaddr_t address, uint16_t skip,
443                  uint16_t timeout, StartSyncCb start_cb, SyncReportCb report_cb,
444                  SyncLostCb lost_cb) override {}
445 
StopSync(uint16_t handle)446   void StopSync(uint16_t handle) override {}
447 };
448 
449 BleScannerInterface* btLeScannerInstance = nullptr;
450 
451 }  // namespace
452 
get_ble_scanner_instance()453 BleScannerInterface* get_ble_scanner_instance() {
454   if (btLeScannerInstance == nullptr)
455     btLeScannerInstance = new BleScannerInterfaceImpl();
456 
457   return btLeScannerInstance;
458 }
459