1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /*******************************************************************************
20 *
21 * Filename: btif_dm.c
22 *
23 * Description: Contains Device Management (DM) related functionality
24 *
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btif_dm"
29
30 #include "btif_dm.h"
31
32 #include <base/bind.h>
33 #include <base/logging.h>
34 #include <signal.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <sys/types.h>
39 #include <time.h>
40 #include <unistd.h>
41
42 #include <mutex>
43
44 #include <bluetooth/uuid.h>
45 #include <hardware/bluetooth.h>
46 #include <hardware/bt_hearing_aid.h>
47
48 #include "advertise_data_parser.h"
49 #include "bt_common.h"
50 #include "bta_closure_api.h"
51 #include "bta_gatt_api.h"
52 #include "btif_api.h"
53 #include "btif_av.h"
54 #include "btif_config.h"
55 #include "btif_dm.h"
56 #include "btif_hd.h"
57 #include "btif_hf.h"
58 #include "btif_hh.h"
59 #include "btif_sdp.h"
60 #include "btif_storage.h"
61 #include "btif_util.h"
62 #include "btu.h"
63 #include "device/include/controller.h"
64 #include "device/include/interop.h"
65 #include "internal_include/stack_config.h"
66 #include "osi/include/allocator.h"
67 #include "osi/include/log.h"
68 #include "osi/include/metrics.h"
69 #include "osi/include/osi.h"
70 #include "osi/include/properties.h"
71 #include "stack/btm/btm_int.h"
72 #include "stack_config.h"
73
74 using bluetooth::Uuid;
75 /******************************************************************************
76 * Constants & Macros
77 *****************************************************************************/
78
79 const Uuid UUID_HEARING_AID = Uuid::FromString("FDF0");
80
81 #define COD_MASK 0x07FF
82
83 #define COD_UNCLASSIFIED ((0x1F) << 8)
84 #define COD_HID_KEYBOARD 0x0540
85 #define COD_HID_POINTING 0x0580
86 #define COD_HID_COMBO 0x05C0
87 #define COD_HID_MAJOR 0x0500
88 #define COD_HID_MASK 0x0700
89 #define COD_AV_HEADSETS 0x0404
90 #define COD_AV_HANDSFREE 0x0408
91 #define COD_AV_HEADPHONES 0x0418
92 #define COD_AV_PORTABLE_AUDIO 0x041C
93 #define COD_AV_HIFI_AUDIO 0x0428
94
95 #define BTIF_DM_DEFAULT_INQ_MAX_RESULTS 0
96 #define BTIF_DM_DEFAULT_INQ_MAX_DURATION 10
97 #define BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING 2
98
99 #define NUM_TIMEOUT_RETRIES 5
100
101 #define PROPERTY_PRODUCT_MODEL "ro.product.model"
102 #define DEFAULT_LOCAL_NAME_MAX 31
103 #if (DEFAULT_LOCAL_NAME_MAX > BTM_MAX_LOC_BD_NAME_LEN)
104 #error "default btif local name size exceeds stack supported length"
105 #endif
106
107 #define ENCRYPTED_BREDR 2
108 #define ENCRYPTED_LE 4
109
110 typedef struct {
111 bt_bond_state_t state;
112 RawAddress static_bdaddr;
113 RawAddress bd_addr;
114 tBTM_BOND_TYPE bond_type;
115 uint8_t pin_code_len;
116 uint8_t is_ssp;
117 uint8_t auth_req;
118 uint8_t io_cap;
119 uint8_t autopair_attempts;
120 uint8_t timeout_retries;
121 uint8_t is_local_initiated;
122 uint8_t sdp_attempts;
123 bool is_le_only;
124 bool is_le_nc; /* LE Numeric comparison */
125 btif_dm_ble_cb_t ble;
126 } btif_dm_pairing_cb_t;
127
128 typedef struct {
129 uint8_t ir[BT_OCTET16_LEN];
130 uint8_t irk[BT_OCTET16_LEN];
131 uint8_t dhk[BT_OCTET16_LEN];
132 } btif_dm_local_key_id_t;
133
134 typedef struct {
135 bool is_er_rcvd;
136 uint8_t er[BT_OCTET16_LEN];
137 bool is_id_keys_rcvd;
138 btif_dm_local_key_id_t id_keys; /* ID kyes */
139
140 } btif_dm_local_key_cb_t;
141
142 typedef struct {
143 RawAddress bd_addr;
144 BD_NAME bd_name;
145 } btif_dm_remote_name_t;
146
147 /* this structure holds optional OOB data for remote device */
148 typedef struct {
149 RawAddress bdaddr; /* peer bdaddr */
150 bt_out_of_band_data_t oob_data;
151 } btif_dm_oob_cb_t;
152
153 typedef struct {
154 RawAddress bdaddr;
155 uint8_t transport; /* 0=Unknown, 1=BR/EDR, 2=LE */
156 } btif_dm_create_bond_cb_t;
157
158 typedef struct {
159 uint8_t status;
160 uint8_t ctrl_state;
161 uint64_t tx_time;
162 uint64_t rx_time;
163 uint64_t idle_time;
164 uint64_t energy_used;
165 } btif_activity_energy_info_cb_t;
166
167 typedef struct { unsigned int manufact_id; } skip_sdp_entry_t;
168
169 typedef enum {
170 BTIF_DM_FUNC_CREATE_BOND,
171 BTIF_DM_FUNC_CANCEL_BOND,
172 BTIF_DM_FUNC_REMOVE_BOND,
173 BTIF_DM_FUNC_BOND_STATE_CHANGED,
174 } bt_bond_function_t;
175
176 typedef struct {
177 RawAddress bd_addr;
178 bt_bond_function_t function;
179 bt_bond_state_t state;
180 struct timespec timestamp;
181 } btif_bond_event_t;
182
183 #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id))
184
185 #define MAX_BTIF_BOND_EVENT_ENTRIES 15
186
187 static skip_sdp_entry_t sdp_blacklist[] = {{76}}; // Apple Mouse and Keyboard
188
189 /* This flag will be true if HCI_Inquiry is in progress */
190 static bool btif_dm_inquiry_in_progress = false;
191
192 /*******************************************************************************
193 * Static variables
194 ******************************************************************************/
195 static char btif_default_local_name[DEFAULT_LOCAL_NAME_MAX + 1] = {'\0'};
196 static uid_set_t* uid_set = NULL;
197
198 /* A circular array to keep track of the most recent bond events */
199 static btif_bond_event_t btif_dm_bond_events[MAX_BTIF_BOND_EVENT_ENTRIES + 1];
200
201 static std::mutex bond_event_lock;
202
203 /* |btif_num_bond_events| keeps track of the total number of events and can be
204 greater than |MAX_BTIF_BOND_EVENT_ENTRIES| */
205 static size_t btif_num_bond_events = 0;
206 static size_t btif_events_start_index = 0;
207 static size_t btif_events_end_index = 0;
208
209 /******************************************************************************
210 * Static functions
211 *****************************************************************************/
212 static btif_dm_pairing_cb_t pairing_cb;
213 static btif_dm_oob_cb_t oob_cb;
214 static void btif_dm_generic_evt(uint16_t event, char* p_param);
215 static void btif_dm_cb_create_bond(const RawAddress& bd_addr,
216 tBTA_TRANSPORT transport);
217 static void btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME* p_remote_name);
218 static void btif_update_remote_properties(const RawAddress& bd_addr,
219 BD_NAME bd_name, DEV_CLASS dev_class,
220 tBT_DEVICE_TYPE dev_type);
221 static btif_dm_local_key_cb_t ble_local_key_cb;
222 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif);
223 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl);
224 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req);
225 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req);
226 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
227 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type);
228
229 static void bte_scan_filt_param_cfg_evt(uint8_t action_type, uint8_t avbl_space,
230 uint8_t ref_value, uint8_t status);
231
232 static char* btif_get_default_local_name();
233
234 static void btif_stats_add_bond_event(const RawAddress& bd_addr,
235 bt_bond_function_t function,
236 bt_bond_state_t state);
237
238 /******************************************************************************
239 * Externs
240 *****************************************************************************/
241 extern bt_status_t btif_av_execute_service(bool b_enable);
242 extern bt_status_t btif_av_sink_execute_service(bool b_enable);
243 extern bt_status_t btif_hh_execute_service(bool b_enable);
244 extern bt_status_t btif_hf_client_execute_service(bool b_enable);
245 extern bt_status_t btif_sdp_execute_service(bool b_enable);
246 extern int btif_hh_connect(const RawAddress* bd_addr);
247 extern bt_status_t btif_hd_execute_service(bool b_enable);
248 extern bluetooth::hearing_aid::HearingAidInterface*
249 btif_hearing_aid_get_interface();
250
251 /******************************************************************************
252 * Functions
253 *****************************************************************************/
254
is_empty_128bit(uint8_t * data)255 static bool is_empty_128bit(uint8_t* data) {
256 static const uint8_t zero[16] = {0};
257 return !memcmp(zero, data, sizeof(zero));
258 }
259
btif_dm_data_copy(uint16_t event,char * dst,char * src)260 static void btif_dm_data_copy(uint16_t event, char* dst, char* src) {
261 tBTA_DM_SEC* dst_dm_sec = (tBTA_DM_SEC*)dst;
262 tBTA_DM_SEC* src_dm_sec = (tBTA_DM_SEC*)src;
263
264 if (!src_dm_sec) return;
265
266 CHECK(dst_dm_sec);
267 maybe_non_aligned_memcpy(dst_dm_sec, src_dm_sec, sizeof(*src_dm_sec));
268
269 if (event == BTA_DM_BLE_KEY_EVT) {
270 dst_dm_sec->ble_key.p_key_value =
271 (tBTM_LE_KEY_VALUE*)osi_malloc(sizeof(tBTM_LE_KEY_VALUE));
272 CHECK(src_dm_sec->ble_key.p_key_value);
273 memcpy(dst_dm_sec->ble_key.p_key_value, src_dm_sec->ble_key.p_key_value,
274 sizeof(tBTM_LE_KEY_VALUE));
275 }
276 }
277
btif_dm_data_free(uint16_t event,tBTA_DM_SEC * dm_sec)278 static void btif_dm_data_free(uint16_t event, tBTA_DM_SEC* dm_sec) {
279 if (event == BTA_DM_BLE_KEY_EVT)
280 osi_free_and_reset((void**)&dm_sec->ble_key.p_key_value);
281 }
282
btif_dm_init(uid_set_t * set)283 void btif_dm_init(uid_set_t* set) { uid_set = set; }
284
btif_dm_cleanup(void)285 void btif_dm_cleanup(void) {
286 if (uid_set) {
287 uid_set_destroy(uid_set);
288 uid_set = NULL;
289 }
290 }
291
btif_in_execute_service_request(tBTA_SERVICE_ID service_id,bool b_enable)292 bt_status_t btif_in_execute_service_request(tBTA_SERVICE_ID service_id,
293 bool b_enable) {
294 BTIF_TRACE_DEBUG("%s service_id: %d", __func__, service_id);
295 /* Check the service_ID and invoke the profile's BT state changed API */
296 switch (service_id) {
297 case BTA_HFP_SERVICE_ID:
298 case BTA_HSP_SERVICE_ID: {
299 bluetooth::headset::ExecuteService(b_enable);
300 } break;
301 case BTA_A2DP_SOURCE_SERVICE_ID: {
302 btif_av_source_execute_service(b_enable);
303 } break;
304 case BTA_A2DP_SINK_SERVICE_ID: {
305 btif_av_sink_execute_service(b_enable);
306 } break;
307 case BTA_HID_SERVICE_ID: {
308 btif_hh_execute_service(b_enable);
309 } break;
310 case BTA_HFP_HS_SERVICE_ID: {
311 btif_hf_client_execute_service(b_enable);
312 } break;
313 case BTA_SDP_SERVICE_ID: {
314 btif_sdp_execute_service(b_enable);
315 } break;
316 case BTA_HIDD_SERVICE_ID: {
317 btif_hd_execute_service(b_enable);
318 } break;
319 default:
320 BTIF_TRACE_ERROR("%s: Unknown service %d being %s", __func__, service_id,
321 (b_enable) ? "enabled" : "disabled");
322 return BT_STATUS_FAIL;
323 }
324 return BT_STATUS_SUCCESS;
325 }
326
327 /*******************************************************************************
328 *
329 * Function check_eir_remote_name
330 *
331 * Description Check if remote name is in the EIR data
332 *
333 * Returns true if remote name found
334 * Populate p_remote_name, if provided and remote name found
335 *
336 ******************************************************************************/
check_eir_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)337 static bool check_eir_remote_name(tBTA_DM_SEARCH* p_search_data,
338 uint8_t* p_remote_name,
339 uint8_t* p_remote_name_len) {
340 const uint8_t* p_eir_remote_name = NULL;
341 uint8_t remote_name_len = 0;
342
343 /* Check EIR for remote name and services */
344 if (p_search_data->inq_res.p_eir) {
345 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
346 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
347 BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
348 if (!p_eir_remote_name) {
349 p_eir_remote_name = AdvertiseDataParser::GetFieldByType(
350 p_search_data->inq_res.p_eir, p_search_data->inq_res.eir_len,
351 BTM_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
352 }
353
354 if (p_eir_remote_name) {
355 if (remote_name_len > BD_NAME_LEN) remote_name_len = BD_NAME_LEN;
356
357 if (p_remote_name && p_remote_name_len) {
358 memcpy(p_remote_name, p_eir_remote_name, remote_name_len);
359 *(p_remote_name + remote_name_len) = 0;
360 *p_remote_name_len = remote_name_len;
361 }
362
363 return true;
364 }
365 }
366
367 return false;
368 }
369
370 /*******************************************************************************
371 *
372 * Function check_cached_remote_name
373 *
374 * Description Check if remote name is in the NVRAM cache
375 *
376 * Returns true if remote name found
377 * Populate p_remote_name, if provided and remote name found
378 *
379 ******************************************************************************/
check_cached_remote_name(tBTA_DM_SEARCH * p_search_data,uint8_t * p_remote_name,uint8_t * p_remote_name_len)380 static bool check_cached_remote_name(tBTA_DM_SEARCH* p_search_data,
381 uint8_t* p_remote_name,
382 uint8_t* p_remote_name_len) {
383 bt_bdname_t bdname;
384 bt_property_t prop_name;
385
386 /* check if we already have it in our btif_storage cache */
387
388 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_BDNAME,
389 sizeof(bt_bdname_t), &bdname);
390 if (btif_storage_get_remote_device_property(
391 &p_search_data->inq_res.bd_addr, &prop_name) == BT_STATUS_SUCCESS) {
392 if (p_remote_name && p_remote_name_len) {
393 strcpy((char*)p_remote_name, (char*)bdname.name);
394 *p_remote_name_len = strlen((char*)p_remote_name);
395 }
396 return true;
397 }
398
399 return false;
400 }
401
get_cod(const RawAddress * remote_bdaddr)402 static uint32_t get_cod(const RawAddress* remote_bdaddr) {
403 uint32_t remote_cod;
404 bt_property_t prop_name;
405
406 /* check if we already have it in our btif_storage cache */
407 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
408 sizeof(uint32_t), &remote_cod);
409 if (btif_storage_get_remote_device_property(
410 (RawAddress*)remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS) {
411 LOG_INFO(LOG_TAG, "%s remote_cod = 0x%08x", __func__, remote_cod);
412 return remote_cod & COD_MASK;
413 }
414
415 return 0;
416 }
417
check_cod(const RawAddress * remote_bdaddr,uint32_t cod)418 bool check_cod(const RawAddress* remote_bdaddr, uint32_t cod) {
419 return get_cod(remote_bdaddr) == cod;
420 }
421
check_cod_hid(const RawAddress * remote_bdaddr)422 bool check_cod_hid(const RawAddress* remote_bdaddr) {
423 return (get_cod(remote_bdaddr) & COD_HID_MASK) == COD_HID_MAJOR;
424 }
425
check_hid_le(const RawAddress * remote_bdaddr)426 bool check_hid_le(const RawAddress* remote_bdaddr) {
427 uint32_t remote_dev_type;
428 bt_property_t prop_name;
429
430 /* check if we already have it in our btif_storage cache */
431 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_TYPE_OF_DEVICE,
432 sizeof(uint32_t), &remote_dev_type);
433 if (btif_storage_get_remote_device_property(
434 (RawAddress*)remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS) {
435 if (remote_dev_type == BT_DEVICE_DEVTYPE_BLE) {
436 if (btif_config_exist(remote_bdaddr->ToString().c_str(), "HidAppId"))
437 return true;
438 }
439 }
440 return false;
441 }
442
443 /*****************************************************************************
444 *
445 * Function check_sdp_bl
446 *
447 * Description Checks if a given device is blacklisted to skip sdp
448 *
449 * Parameters skip_sdp_entry
450 *
451 * Returns true if the device is present in blacklist, else false
452 *
453 ******************************************************************************/
check_sdp_bl(const RawAddress * remote_bdaddr)454 bool check_sdp_bl(const RawAddress* remote_bdaddr) {
455 uint16_t manufacturer = 0;
456 uint8_t lmp_ver = 0;
457 uint16_t lmp_subver = 0;
458 bt_property_t prop_name;
459 bt_remote_version_t info;
460
461 if (remote_bdaddr == NULL) return false;
462
463 /* fetch additional info about remote device used in iop query */
464 BTM_ReadRemoteVersion(*remote_bdaddr, &lmp_ver, &manufacturer, &lmp_subver);
465
466 /* if not available yet, try fetching from config database */
467 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_REMOTE_VERSION_INFO,
468 sizeof(bt_remote_version_t), &info);
469
470 if (btif_storage_get_remote_device_property(remote_bdaddr, &prop_name) !=
471 BT_STATUS_SUCCESS) {
472 return false;
473 }
474 manufacturer = info.manufacturer;
475
476 for (unsigned int i = 0; i < ARRAY_SIZE(sdp_blacklist); i++) {
477 if (manufacturer == sdp_blacklist[i].manufact_id) return true;
478 }
479 return false;
480 }
481
bond_state_changed(bt_status_t status,const RawAddress & bd_addr,bt_bond_state_t state)482 static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr,
483 bt_bond_state_t state) {
484 btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_BOND_STATE_CHANGED, state);
485
486 // Send bonding state only once - based on outgoing/incoming we may receive
487 // duplicates
488 if ((pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING)) {
489 // Cross key pairing so send callback for static address
490 if (!pairing_cb.static_bdaddr.IsEmpty()) {
491 auto tmp = bd_addr;
492 HAL_CBACK(bt_hal_cbacks, bond_state_changed_cb, status, &tmp, state);
493 }
494 return;
495 }
496
497 if (pairing_cb.bond_type == BOND_TYPE_TEMPORARY) state = BT_BOND_STATE_NONE;
498
499 BTIF_TRACE_DEBUG("%s: state=%d, prev_state=%d, sdp_attempts = %d", __func__,
500 state, pairing_cb.state, pairing_cb.sdp_attempts);
501
502 auto tmp = bd_addr;
503 HAL_CBACK(bt_hal_cbacks, bond_state_changed_cb, status, &tmp, state);
504
505 if (state == BT_BOND_STATE_BONDING) {
506 pairing_cb.state = state;
507 pairing_cb.bd_addr = bd_addr;
508 } else {
509 if (!pairing_cb.sdp_attempts)
510 memset(&pairing_cb, 0, sizeof(pairing_cb));
511 else
512 BTIF_TRACE_DEBUG("%s: BR-EDR service discovery active", __func__);
513 }
514 }
515
516 /* store remote version in bt config to always have access
517 to it post pairing*/
btif_update_remote_version_property(RawAddress * p_bd)518 static void btif_update_remote_version_property(RawAddress* p_bd) {
519 bt_property_t property;
520 uint8_t lmp_ver = 0;
521 uint16_t lmp_subver = 0;
522 uint16_t mfct_set = 0;
523 tBTM_STATUS btm_status;
524 bt_remote_version_t info;
525 bt_status_t status;
526
527 btm_status = BTM_ReadRemoteVersion(*p_bd, &lmp_ver, &mfct_set, &lmp_subver);
528
529 LOG_DEBUG(LOG_TAG, "remote version info [%s]: %x, %x, %x",
530 p_bd->ToString().c_str(), lmp_ver, mfct_set, lmp_subver);
531
532 if (btm_status == BTM_SUCCESS) {
533 // Always update cache to ensure we have availability whenever BTM API is
534 // not populated
535 info.manufacturer = mfct_set;
536 info.sub_ver = lmp_subver;
537 info.version = lmp_ver;
538 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_REMOTE_VERSION_INFO,
539 sizeof(bt_remote_version_t), &info);
540 status = btif_storage_set_remote_device_property(p_bd, &property);
541 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote version",
542 status);
543 }
544 }
545
btif_update_remote_properties(const RawAddress & bdaddr,BD_NAME bd_name,DEV_CLASS dev_class,tBT_DEVICE_TYPE device_type)546 static void btif_update_remote_properties(const RawAddress& bdaddr,
547 BD_NAME bd_name, DEV_CLASS dev_class,
548 tBT_DEVICE_TYPE device_type) {
549 int num_properties = 0;
550 bt_property_t properties[3];
551 bt_status_t status;
552 uint32_t cod;
553 bt_device_type_t dev_type;
554
555 memset(properties, 0, sizeof(properties));
556
557 /* remote name */
558 if (strlen((const char*)bd_name)) {
559 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties], BT_PROPERTY_BDNAME,
560 strlen((char*)bd_name), bd_name);
561 status = btif_storage_set_remote_device_property(
562 &bdaddr, &properties[num_properties]);
563 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device name",
564 status);
565 num_properties++;
566 }
567
568 /* class of device */
569 cod = devclass2uint(dev_class);
570 BTIF_TRACE_DEBUG("%s cod is 0x%06x", __func__, cod);
571 if (cod == 0) {
572 /* Try to retrieve cod from storage */
573 BTIF_TRACE_DEBUG("%s cod is 0, checking cod from storage", __func__);
574 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
575 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
576 status = btif_storage_get_remote_device_property(
577 &bdaddr, &properties[num_properties]);
578 BTIF_TRACE_DEBUG("%s cod retrieved from storage is 0x%06x", __func__, cod);
579 if (cod == 0) {
580 BTIF_TRACE_DEBUG("%s cod is again 0, set as unclassified", __func__);
581 cod = COD_UNCLASSIFIED;
582 }
583 }
584
585 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
586 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
587 status = btif_storage_set_remote_device_property(&bdaddr,
588 &properties[num_properties]);
589 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device class",
590 status);
591 num_properties++;
592
593 /* device type */
594 bt_property_t prop_name;
595 uint8_t remote_dev_type;
596 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_TYPE_OF_DEVICE,
597 sizeof(uint8_t), &remote_dev_type);
598 if (btif_storage_get_remote_device_property(&bdaddr, &prop_name) ==
599 BT_STATUS_SUCCESS)
600 dev_type = (bt_device_type_t)(remote_dev_type | device_type);
601 else
602 dev_type = (bt_device_type_t)device_type;
603
604 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
605 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type),
606 &dev_type);
607 status = btif_storage_set_remote_device_property(&bdaddr,
608 &properties[num_properties]);
609 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device type",
610 status);
611 num_properties++;
612
613 auto tmp = bdaddr;
614 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, status, &tmp,
615 num_properties, properties);
616 }
617
618 /*******************************************************************************
619 *
620 * Function btif_dm_cb_hid_remote_name
621 *
622 * Description Remote name callback for HID device. Called in btif context
623 * Special handling for HID devices
624 *
625 * Returns void
626 *
627 ******************************************************************************/
btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME * p_remote_name)628 static void btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME* p_remote_name) {
629 BTIF_TRACE_DEBUG("%s: status=%d pairing_cb.state=%d", __func__,
630 p_remote_name->status, pairing_cb.state);
631 if (pairing_cb.state == BT_BOND_STATE_BONDING) {
632 if (p_remote_name->status == BTM_SUCCESS) {
633 bond_state_changed(BT_STATUS_SUCCESS, pairing_cb.bd_addr,
634 BT_BOND_STATE_BONDED);
635 } else
636 bond_state_changed(BT_STATUS_FAIL, pairing_cb.bd_addr,
637 BT_BOND_STATE_NONE);
638 }
639 }
640
641 /*******************************************************************************
642 *
643 * Function btif_dm_cb_create_bond
644 *
645 * Description Create bond initiated from the BTIF thread context
646 * Special handling for HID devices
647 *
648 * Returns void
649 *
650 ******************************************************************************/
btif_dm_cb_create_bond(const RawAddress & bd_addr,tBTA_TRANSPORT transport)651 static void btif_dm_cb_create_bond(const RawAddress& bd_addr,
652 tBTA_TRANSPORT transport) {
653 bool is_hid = check_cod(&bd_addr, COD_HID_POINTING);
654 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
655
656 int device_type;
657 int addr_type;
658 std::string addrstr = bd_addr.ToString();
659 const char* bdstr = addrstr.c_str();
660 if (transport == BT_TRANSPORT_LE) {
661 if (!btif_config_get_int(bdstr, "DevType", &device_type)) {
662 btif_config_set_int(bdstr, "DevType", BT_DEVICE_TYPE_BLE);
663 }
664 if (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) !=
665 BT_STATUS_SUCCESS) {
666 // Try to read address type. OOB pairing might have set it earlier, but
667 // didn't store it, it defaults to BLE_ADDR_PUBLIC
668 uint8_t tmp_dev_type;
669 uint8_t tmp_addr_type;
670 BTM_ReadDevInfo(bd_addr, &tmp_dev_type, &tmp_addr_type);
671 addr_type = tmp_addr_type;
672
673 btif_storage_set_remote_addr_type(&bd_addr, addr_type);
674 }
675 }
676 if ((btif_config_get_int(bdstr, "DevType", &device_type) &&
677 (btif_storage_get_remote_addr_type(&bd_addr, &addr_type) ==
678 BT_STATUS_SUCCESS) &&
679 (device_type & BT_DEVICE_TYPE_BLE) == BT_DEVICE_TYPE_BLE) ||
680 (transport == BT_TRANSPORT_LE)) {
681 BTA_DmAddBleDevice(bd_addr, addr_type, device_type);
682 }
683
684 if (is_hid && (device_type & BT_DEVICE_TYPE_BLE) == 0) {
685 bt_status_t status;
686 status = (bt_status_t)btif_hh_connect(&bd_addr);
687 if (status != BT_STATUS_SUCCESS)
688 bond_state_changed(status, bd_addr, BT_BOND_STATE_NONE);
689 } else {
690 BTA_DmBondByTransport(bd_addr, transport);
691 }
692 /* Track originator of bond creation */
693 pairing_cb.is_local_initiated = true;
694 }
695
696 /*******************************************************************************
697 *
698 * Function btif_dm_cb_remove_bond
699 *
700 * Description remove bond initiated from the BTIF thread context
701 * Special handling for HID devices
702 *
703 * Returns void
704 *
705 ******************************************************************************/
btif_dm_cb_remove_bond(const RawAddress * bd_addr)706 void btif_dm_cb_remove_bond(const RawAddress* bd_addr) {
707 /*special handling for HID devices */
708 /* VUP needs to be sent if its a HID Device. The HID HOST module will check if
709 there
710 is a valid hid connection with this bd_addr. If yes VUP will be issued.*/
711 #if (BTA_HH_INCLUDED == TRUE)
712 if (btif_hh_virtual_unplug(bd_addr) != BT_STATUS_SUCCESS)
713 #endif
714 {
715 BTIF_TRACE_DEBUG("%s: Removing HH device", __func__);
716 BTA_DmRemoveDevice(*bd_addr);
717 }
718 }
719
720 /*******************************************************************************
721 *
722 * Function btif_dm_get_connection_state
723 *
724 * Description Returns whether the remote device is currently connected
725 * and whether encryption is active for the connection
726 *
727 * Returns 0 if not connected; 1 if connected and > 1 if connection is
728 * encrypted
729 *
730 ******************************************************************************/
btif_dm_get_connection_state(const RawAddress * bd_addr)731 uint16_t btif_dm_get_connection_state(const RawAddress* bd_addr) {
732 uint16_t rc = BTA_DmGetConnectionState(*bd_addr);
733
734 if (rc != 0) {
735 uint8_t flags = 0;
736
737 BTM_GetSecurityFlagsByTransport(*bd_addr, &flags, BT_TRANSPORT_BR_EDR);
738 BTIF_TRACE_DEBUG("%s: security flags (BR/EDR)=0x%02x", __func__, flags);
739 if (flags & BTM_SEC_FLAG_ENCRYPTED) rc |= ENCRYPTED_BREDR;
740
741 BTM_GetSecurityFlagsByTransport(*bd_addr, &flags, BT_TRANSPORT_LE);
742 BTIF_TRACE_DEBUG("%s: security flags (LE)=0x%02x", __func__, flags);
743 if (flags & BTM_SEC_FLAG_ENCRYPTED) rc |= ENCRYPTED_LE;
744 }
745
746 return rc;
747 }
748
749 /*******************************************************************************
750 *
751 * Function search_devices_copy_cb
752 *
753 * Description Deep copy callback for search devices event
754 *
755 * Returns void
756 *
757 ******************************************************************************/
search_devices_copy_cb(uint16_t event,char * p_dest,char * p_src)758 static void search_devices_copy_cb(uint16_t event, char* p_dest, char* p_src) {
759 tBTA_DM_SEARCH* p_dest_data = (tBTA_DM_SEARCH*)p_dest;
760 tBTA_DM_SEARCH* p_src_data = (tBTA_DM_SEARCH*)p_src;
761
762 if (!p_src) return;
763
764 BTIF_TRACE_DEBUG("%s: event=%s", __func__, dump_dm_search_event(event));
765 maybe_non_aligned_memcpy(p_dest_data, p_src_data, sizeof(*p_src_data));
766 switch (event) {
767 case BTA_DM_INQ_RES_EVT: {
768 if (p_src_data->inq_res.p_eir) {
769 p_dest_data->inq_res.p_eir =
770 (uint8_t*)(p_dest + sizeof(tBTA_DM_SEARCH));
771 memcpy(p_dest_data->inq_res.p_eir, p_src_data->inq_res.p_eir,
772 p_src_data->inq_res.eir_len);
773 p_dest_data->inq_res.eir_len = p_src_data->inq_res.eir_len;
774 }
775 } break;
776
777 case BTA_DM_DISC_RES_EVT: {
778 if (p_src_data->disc_res.raw_data_size &&
779 p_src_data->disc_res.p_raw_data) {
780 p_dest_data->disc_res.p_raw_data =
781 (uint8_t*)(p_dest + sizeof(tBTA_DM_SEARCH));
782 memcpy(p_dest_data->disc_res.p_raw_data,
783 p_src_data->disc_res.p_raw_data,
784 p_src_data->disc_res.raw_data_size);
785 }
786 } break;
787 }
788 }
789
search_services_copy_cb(uint16_t event,char * p_dest,char * p_src)790 static void search_services_copy_cb(uint16_t event, char* p_dest, char* p_src) {
791 tBTA_DM_SEARCH* p_dest_data = (tBTA_DM_SEARCH*)p_dest;
792 tBTA_DM_SEARCH* p_src_data = (tBTA_DM_SEARCH*)p_src;
793
794 if (!p_src) return;
795 maybe_non_aligned_memcpy(p_dest_data, p_src_data, sizeof(*p_src_data));
796 switch (event) {
797 case BTA_DM_DISC_RES_EVT: {
798 if (p_src_data->disc_res.result == BTA_SUCCESS) {
799 if (p_src_data->disc_res.num_uuids > 0) {
800 p_dest_data->disc_res.p_uuid_list =
801 (Uuid*)(p_dest + sizeof(tBTA_DM_SEARCH));
802 memcpy(p_dest_data->disc_res.p_uuid_list,
803 p_src_data->disc_res.p_uuid_list,
804 p_src_data->disc_res.num_uuids * sizeof(Uuid));
805 osi_free_and_reset((void**)&p_src_data->disc_res.p_uuid_list);
806 }
807 osi_free_and_reset((void**)&p_src_data->disc_res.p_raw_data);
808 }
809 } break;
810 }
811 }
812 /******************************************************************************
813 *
814 * BTIF DM callback events
815 *
816 ****************************************************************************/
817
818 /*******************************************************************************
819 *
820 * Function btif_dm_pin_req_evt
821 *
822 * Description Executes pin request event in btif context
823 *
824 * Returns void
825 *
826 ******************************************************************************/
btif_dm_pin_req_evt(tBTA_DM_PIN_REQ * p_pin_req)827 static void btif_dm_pin_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
828 bt_bdname_t bd_name;
829 uint32_t cod;
830 bt_pin_code_t pin_code;
831 int dev_type;
832
833 /* Remote properties update */
834 if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
835 dev_type = BT_DEVICE_TYPE_BREDR;
836 }
837 btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
838 p_pin_req->dev_class,
839 (tBT_DEVICE_TYPE)dev_type);
840
841 const RawAddress& bd_addr = p_pin_req->bd_addr;
842 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
843
844 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
845 bd_addr != pairing_cb.bd_addr) {
846 BTIF_TRACE_WARNING("%s(): already in bonding state, reject request",
847 __FUNCTION__);
848 btif_dm_pin_reply(&bd_addr, 0, 0, NULL);
849 return;
850 }
851
852 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
853
854 cod = devclass2uint(p_pin_req->dev_class);
855
856 if (cod == 0) {
857 BTIF_TRACE_DEBUG("%s cod is 0, set as unclassified", __func__);
858 cod = COD_UNCLASSIFIED;
859 }
860
861 /* check for auto pair possiblity only if bond was initiated by local device
862 */
863 if (pairing_cb.is_local_initiated && !p_pin_req->min_16_digit) {
864 if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
865 check_cod(&bd_addr, COD_AV_HEADPHONES) ||
866 check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
867 check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
868 check_cod(&bd_addr, COD_HID_POINTING)) {
869 /* Check if this device can be auto paired */
870 if (!interop_match_addr(INTEROP_DISABLE_AUTO_PAIRING, &bd_addr) &&
871 !interop_match_name(INTEROP_DISABLE_AUTO_PAIRING,
872 (const char*)bd_name.name) &&
873 (pairing_cb.autopair_attempts == 0)) {
874 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __func__);
875 pin_code.pin[0] = 0x30;
876 pin_code.pin[1] = 0x30;
877 pin_code.pin[2] = 0x30;
878 pin_code.pin[3] = 0x30;
879
880 pairing_cb.autopair_attempts++;
881 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
882 return;
883 }
884 } else if (check_cod(&bd_addr, COD_HID_KEYBOARD) ||
885 check_cod(&bd_addr, COD_HID_COMBO)) {
886 if ((interop_match_addr(INTEROP_KEYBOARD_REQUIRES_FIXED_PIN, &bd_addr) ==
887 true) &&
888 (pairing_cb.autopair_attempts == 0)) {
889 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __func__);
890 pin_code.pin[0] = 0x30;
891 pin_code.pin[1] = 0x30;
892 pin_code.pin[2] = 0x30;
893 pin_code.pin[3] = 0x30;
894
895 pairing_cb.autopair_attempts++;
896 BTA_DmPinReply(bd_addr, true, 4, pin_code.pin);
897 return;
898 }
899 }
900 }
901 // TODO: make cback accept const and get rid of tmp!
902 auto tmp = bd_addr;
903 HAL_CBACK(bt_hal_cbacks, pin_request_cb, &tmp, &bd_name, cod,
904 p_pin_req->min_16_digit);
905 }
906
907 /*******************************************************************************
908 *
909 * Function btif_dm_ssp_cfm_req_evt
910 *
911 * Description Executes SSP confirm request event in btif context
912 *
913 * Returns void
914 *
915 ******************************************************************************/
btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ * p_ssp_cfm_req)916 static void btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ* p_ssp_cfm_req) {
917 bt_bdname_t bd_name;
918 uint32_t cod;
919 bool is_incoming = !(pairing_cb.state == BT_BOND_STATE_BONDING);
920 int dev_type;
921
922 BTIF_TRACE_DEBUG("%s", __func__);
923
924 /* Remote properties update */
925 if (!btif_get_device_type(p_ssp_cfm_req->bd_addr, &dev_type)) {
926 dev_type = BT_DEVICE_TYPE_BREDR;
927 }
928 btif_update_remote_properties(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->bd_name,
929 p_ssp_cfm_req->dev_class,
930 (tBT_DEVICE_TYPE)dev_type);
931
932 RawAddress bd_addr = p_ssp_cfm_req->bd_addr;
933 memcpy(bd_name.name, p_ssp_cfm_req->bd_name, BD_NAME_LEN);
934
935 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
936 bd_addr != pairing_cb.bd_addr) {
937 BTIF_TRACE_WARNING("%s(): already in bonding state, reject request",
938 __FUNCTION__);
939 btif_dm_ssp_reply(&bd_addr, BT_SSP_VARIANT_PASSKEY_CONFIRMATION, 0, 0);
940 return;
941 }
942
943 /* Set the pairing_cb based on the local & remote authentication requirements
944 */
945 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
946
947 BTIF_TRACE_EVENT("%s: just_works:%d, loc_auth_req=%d, rmt_auth_req=%d",
948 __func__, p_ssp_cfm_req->just_works,
949 p_ssp_cfm_req->loc_auth_req, p_ssp_cfm_req->rmt_auth_req);
950
951 /* if just_works and bonding bit is not set treat this as temporary */
952 if (p_ssp_cfm_req->just_works &&
953 !(p_ssp_cfm_req->loc_auth_req & BTM_AUTH_BONDS) &&
954 !(p_ssp_cfm_req->rmt_auth_req & BTM_AUTH_BONDS) &&
955 !(check_cod((RawAddress*)&p_ssp_cfm_req->bd_addr, COD_HID_POINTING)))
956 pairing_cb.bond_type = BOND_TYPE_TEMPORARY;
957 else
958 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
959
960 btm_set_bond_type_dev(p_ssp_cfm_req->bd_addr, pairing_cb.bond_type);
961
962 pairing_cb.is_ssp = true;
963
964 /* If JustWorks auto-accept */
965 if (p_ssp_cfm_req->just_works) {
966 /* Pairing consent for JustWorks needed if:
967 * 1. Incoming (non-temporary) pairing is detected AND
968 * 2. local IO capabilities are DisplayYesNo AND
969 * 3. remote IO capabiltiies are DisplayOnly or NoInputNoOutput;
970 */
971 if (is_incoming && pairing_cb.bond_type != BOND_TYPE_TEMPORARY &&
972 ((p_ssp_cfm_req->loc_io_caps == HCI_IO_CAP_DISPLAY_YESNO) &&
973 (p_ssp_cfm_req->rmt_io_caps == HCI_IO_CAP_DISPLAY_ONLY ||
974 p_ssp_cfm_req->rmt_io_caps == HCI_IO_CAP_NO_IO))) {
975 BTIF_TRACE_EVENT(
976 "%s: User consent needed for incoming pairing request. loc_io_caps: "
977 "%d, rmt_io_caps: %d",
978 __func__, p_ssp_cfm_req->loc_io_caps, p_ssp_cfm_req->rmt_io_caps);
979 } else {
980 BTIF_TRACE_EVENT("%s: Auto-accept JustWorks pairing", __func__);
981 btif_dm_ssp_reply(&bd_addr, BT_SSP_VARIANT_CONSENT, true, 0);
982 return;
983 }
984 }
985
986 cod = devclass2uint(p_ssp_cfm_req->dev_class);
987
988 if (cod == 0) {
989 LOG_DEBUG(LOG_TAG, "%s cod is 0, set as unclassified", __func__);
990 cod = COD_UNCLASSIFIED;
991 }
992
993 pairing_cb.sdp_attempts = 0;
994 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
995 (p_ssp_cfm_req->just_works ? BT_SSP_VARIANT_CONSENT
996 : BT_SSP_VARIANT_PASSKEY_CONFIRMATION),
997 p_ssp_cfm_req->num_val);
998 }
999
btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)1000 static void btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
1001 bt_bdname_t bd_name;
1002 uint32_t cod;
1003 int dev_type;
1004
1005 BTIF_TRACE_DEBUG("%s", __func__);
1006
1007 /* Remote properties update */
1008 if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
1009 dev_type = BT_DEVICE_TYPE_BREDR;
1010 }
1011 btif_update_remote_properties(
1012 p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
1013 p_ssp_key_notif->dev_class, (tBT_DEVICE_TYPE)dev_type);
1014
1015 RawAddress bd_addr = p_ssp_key_notif->bd_addr;
1016 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
1017
1018 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
1019 pairing_cb.is_ssp = true;
1020 cod = devclass2uint(p_ssp_key_notif->dev_class);
1021
1022 if (cod == 0) {
1023 LOG_DEBUG(LOG_TAG, "%s cod is 0, set as unclassified", __func__);
1024 cod = COD_UNCLASSIFIED;
1025 }
1026
1027 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
1028 BT_SSP_VARIANT_PASSKEY_NOTIFICATION, p_ssp_key_notif->passkey);
1029 }
1030 /*******************************************************************************
1031 *
1032 * Function btif_dm_auth_cmpl_evt
1033 *
1034 * Description Executes authentication complete event in btif context
1035 *
1036 * Returns void
1037 *
1038 ******************************************************************************/
btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)1039 static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
1040 /* Save link key, if not temporary */
1041 bt_status_t status = BT_STATUS_FAIL;
1042 bt_bond_state_t state = BT_BOND_STATE_NONE;
1043 bool skip_sdp = false;
1044
1045 BTIF_TRACE_DEBUG("%s: bond state=%d, success=%d, key_present=%d", __func__,
1046 pairing_cb.state, p_auth_cmpl->success,
1047 p_auth_cmpl->key_present);
1048
1049 RawAddress bd_addr = p_auth_cmpl->bd_addr;
1050 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
1051 if ((p_auth_cmpl->key_type < HCI_LKEY_TYPE_DEBUG_COMB) ||
1052 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB) ||
1053 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_CHANGED_COMB) ||
1054 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB_P_256) ||
1055 pairing_cb.bond_type == BOND_TYPE_PERSISTENT) {
1056 bt_status_t ret;
1057 BTIF_TRACE_DEBUG("%s: Storing link key. key_type=0x%x, bond_type=%d",
1058 __func__, p_auth_cmpl->key_type, pairing_cb.bond_type);
1059 ret = btif_storage_add_bonded_device(&bd_addr, p_auth_cmpl->key,
1060 p_auth_cmpl->key_type,
1061 pairing_cb.pin_code_len);
1062 ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
1063 } else {
1064 BTIF_TRACE_DEBUG(
1065 "%s: Temporary key. Not storing. key_type=0x%x, bond_type=%d",
1066 __func__, p_auth_cmpl->key_type, pairing_cb.bond_type);
1067 if (pairing_cb.bond_type == BOND_TYPE_TEMPORARY) {
1068 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
1069 __func__);
1070 btif_storage_remove_bonded_device(&bd_addr);
1071 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
1072 return;
1073 }
1074 }
1075 }
1076
1077 if (p_auth_cmpl->success) {
1078 // We could have received a new link key without going through the pairing
1079 // flow. If so, we don't want to perform SDP or any other operations on the
1080 // authenticated device. Also, make sure that the link key is not derived
1081 // from secure LTK, because we will need to perform SDP in case of link key
1082 // derivation to allow bond state change notification for the BR/EDR
1083 // transport so that the subsequent BR/EDR connections to the remote can use
1084 // the derived link key.
1085 if (p_auth_cmpl->bd_addr != pairing_cb.bd_addr &&
1086 (!pairing_cb.ble.is_penc_key_rcvd)) {
1087 LOG(INFO) << __func__
1088 << " skipping SDP since we did not initiate pairing to "
1089 << p_auth_cmpl->bd_addr;
1090 return;
1091 }
1092
1093 btif_storage_set_remote_addr_type(&bd_addr, p_auth_cmpl->addr_type);
1094 btif_update_remote_properties(p_auth_cmpl->bd_addr, p_auth_cmpl->bd_name,
1095 NULL, p_auth_cmpl->dev_type);
1096 pairing_cb.timeout_retries = 0;
1097 status = BT_STATUS_SUCCESS;
1098 state = BT_BOND_STATE_BONDED;
1099 bd_addr = p_auth_cmpl->bd_addr;
1100
1101 if (check_sdp_bl(&bd_addr) && check_cod_hid(&bd_addr)) {
1102 LOG_WARN(LOG_TAG, "%s:skip SDP", __func__);
1103 skip_sdp = true;
1104 }
1105 if (!pairing_cb.is_local_initiated && skip_sdp) {
1106 bond_state_changed(status, bd_addr, state);
1107
1108 LOG_WARN(LOG_TAG, "%s: Incoming HID Connection", __func__);
1109 bt_property_t prop;
1110 RawAddress bd_addr;
1111 Uuid uuid = Uuid::From16Bit(UUID_SERVCLASS_HUMAN_INTERFACE);
1112
1113 prop.type = BT_PROPERTY_UUIDS;
1114 prop.val = &uuid;
1115 prop.len = Uuid::kNumBytes128;
1116
1117 /* Send the event to the BTIF */
1118 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, BT_STATUS_SUCCESS,
1119 &bd_addr, 1, &prop);
1120 } else {
1121 bool is_crosskey = false;
1122 /* If bonded due to cross-key, save the static address too*/
1123 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
1124 p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
1125 BTIF_TRACE_DEBUG(
1126 "%s: bonding initiated due to cross key, adding static address",
1127 __func__);
1128 pairing_cb.static_bdaddr = bd_addr;
1129 is_crosskey = true;
1130 }
1131 if (!is_crosskey ||
1132 !(stack_config_get_interface()->get_pts_crosskey_sdp_disable())) {
1133 // Ensure inquiry is stopped before attempting service discovery
1134 btif_dm_cancel_discovery();
1135
1136 /* Trigger SDP on the device */
1137 pairing_cb.sdp_attempts = 1;
1138 btif_dm_get_remote_services(bd_addr);
1139 }
1140 }
1141 // Do not call bond_state_changed_cb yet. Wait until remote service
1142 // discovery is complete
1143 } else {
1144 // Map the HCI fail reason to bt status
1145 switch (p_auth_cmpl->fail_reason) {
1146 case HCI_ERR_PAGE_TIMEOUT:
1147 case HCI_ERR_LMP_RESPONSE_TIMEOUT:
1148 if (interop_match_addr(INTEROP_AUTO_RETRY_PAIRING, &bd_addr) &&
1149 pairing_cb.timeout_retries) {
1150 BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...",
1151 __func__, pairing_cb.timeout_retries);
1152 --pairing_cb.timeout_retries;
1153 btif_dm_cb_create_bond(bd_addr, BTA_TRANSPORT_UNKNOWN);
1154 return;
1155 }
1156 /* Fall-through */
1157 case HCI_ERR_CONNECTION_TOUT:
1158 status = BT_STATUS_RMT_DEV_DOWN;
1159 break;
1160
1161 case HCI_ERR_PAIRING_NOT_ALLOWED:
1162 btif_storage_remove_bonded_device(&bd_addr);
1163 status = BT_STATUS_AUTH_REJECTED;
1164 break;
1165
1166 /* map the auth failure codes, so we can retry pairing if necessary */
1167 case HCI_ERR_AUTH_FAILURE:
1168 case HCI_ERR_KEY_MISSING:
1169 btif_storage_remove_bonded_device(&bd_addr);
1170 case HCI_ERR_HOST_REJECT_SECURITY:
1171 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
1172 case HCI_ERR_UNIT_KEY_USED:
1173 case HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED:
1174 case HCI_ERR_INSUFFCIENT_SECURITY:
1175 case HCI_ERR_PEER_USER:
1176 case HCI_ERR_UNSPECIFIED:
1177 BTIF_TRACE_DEBUG(" %s() Authentication fail reason %d", __func__,
1178 p_auth_cmpl->fail_reason);
1179 if (pairing_cb.autopair_attempts == 1) {
1180 /* Create the Bond once again */
1181 BTIF_TRACE_WARNING("%s() auto pair failed. Reinitiate Bond",
1182 __func__);
1183 btif_dm_cb_create_bond(bd_addr, BTA_TRANSPORT_UNKNOWN);
1184 return;
1185 } else {
1186 /* if autopair attempts are more than 1, or not attempted */
1187 status = BT_STATUS_AUTH_FAILURE;
1188 }
1189 break;
1190
1191 default:
1192 status = BT_STATUS_FAIL;
1193 }
1194 /* Special Handling for HID Devices */
1195 if (check_cod(&bd_addr, COD_HID_POINTING)) {
1196 /* Remove Device as bonded in nvram as authentication failed */
1197 BTIF_TRACE_DEBUG("%s(): removing hid pointing device from nvram",
1198 __func__);
1199 btif_storage_remove_bonded_device(&bd_addr);
1200 }
1201 bond_state_changed(status, bd_addr, state);
1202 }
1203 }
1204
1205 /******************************************************************************
1206 *
1207 * Function btif_dm_search_devices_evt
1208 *
1209 * Description Executes search devices callback events in btif context
1210 *
1211 * Returns void
1212 *
1213 *****************************************************************************/
btif_dm_search_devices_evt(uint16_t event,char * p_param)1214 static void btif_dm_search_devices_evt(uint16_t event, char* p_param) {
1215 tBTA_DM_SEARCH* p_search_data;
1216 BTIF_TRACE_EVENT("%s event=%s", __func__, dump_dm_search_event(event));
1217
1218 switch (event) {
1219 case BTA_DM_DISC_RES_EVT: {
1220 p_search_data = (tBTA_DM_SEARCH*)p_param;
1221 /* Remote name update */
1222 if (strlen((const char*)p_search_data->disc_res.bd_name)) {
1223 bt_property_t properties[1];
1224 bt_status_t status;
1225
1226 properties[0].type = BT_PROPERTY_BDNAME;
1227 properties[0].val = p_search_data->disc_res.bd_name;
1228 properties[0].len = strlen((char*)p_search_data->disc_res.bd_name);
1229 RawAddress& bdaddr = p_search_data->disc_res.bd_addr;
1230
1231 status =
1232 btif_storage_set_remote_device_property(&bdaddr, &properties[0]);
1233 ASSERTC(status == BT_STATUS_SUCCESS,
1234 "failed to save remote device property", status);
1235 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, status, &bdaddr,
1236 1, properties);
1237 }
1238 /* TODO: Services? */
1239 } break;
1240
1241 case BTA_DM_INQ_RES_EVT: {
1242 /* inquiry result */
1243 bt_bdname_t bdname;
1244 uint8_t remote_name_len;
1245 tBTA_SERVICE_MASK services = 0;
1246
1247 p_search_data = (tBTA_DM_SEARCH*)p_param;
1248 RawAddress& bdaddr = p_search_data->inq_res.bd_addr;
1249
1250 BTIF_TRACE_DEBUG("%s() %s device_type = 0x%x\n", __func__,
1251 bdaddr.ToString().c_str(),
1252 p_search_data->inq_res.device_type);
1253 bdname.name[0] = 0;
1254
1255 if (!check_eir_remote_name(p_search_data, bdname.name, &remote_name_len))
1256 check_cached_remote_name(p_search_data, bdname.name, &remote_name_len);
1257
1258 /* Check EIR for remote name and services */
1259 if (p_search_data->inq_res.p_eir) {
1260 BTA_GetEirService(p_search_data->inq_res.p_eir,
1261 p_search_data->inq_res.eir_len, &services);
1262 BTIF_TRACE_DEBUG("%s()EIR BTA services = %08X", __func__,
1263 (uint32_t)services);
1264 /* TODO: Get the service list and check to see which uuids we got and
1265 * send it back to the client. */
1266 }
1267
1268 {
1269 bt_property_t properties[5];
1270 bt_device_type_t dev_type;
1271 uint32_t num_properties = 0;
1272 bt_status_t status;
1273 int addr_type = 0;
1274
1275 memset(properties, 0, sizeof(properties));
1276 /* RawAddress */
1277 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1278 BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr);
1279 num_properties++;
1280 /* BD_NAME */
1281 /* Don't send BDNAME if it is empty */
1282 if (bdname.name[0]) {
1283 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1284 BT_PROPERTY_BDNAME,
1285 strlen((char*)bdname.name), &bdname);
1286 num_properties++;
1287 }
1288
1289 /* DEV_CLASS */
1290 uint32_t cod = devclass2uint(p_search_data->inq_res.dev_class);
1291 BTIF_TRACE_DEBUG("%s cod is 0x%06x", __func__, cod);
1292 if (cod != 0) {
1293 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1294 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod),
1295 &cod);
1296 num_properties++;
1297 }
1298
1299 /* DEV_TYPE */
1300 /* FixMe: Assumption is that bluetooth.h and BTE enums match */
1301
1302 /* Verify if the device is dual mode in NVRAM */
1303 int stored_device_type = 0;
1304 if (btif_get_device_type(bdaddr, &stored_device_type) &&
1305 ((stored_device_type != BT_DEVICE_TYPE_BREDR &&
1306 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BREDR) ||
1307 (stored_device_type != BT_DEVICE_TYPE_BLE &&
1308 p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE))) {
1309 dev_type = (bt_device_type_t)BT_DEVICE_TYPE_DUMO;
1310 } else {
1311 dev_type = (bt_device_type_t)p_search_data->inq_res.device_type;
1312 }
1313
1314 if (p_search_data->inq_res.device_type == BT_DEVICE_TYPE_BLE)
1315 addr_type = p_search_data->inq_res.ble_addr_type;
1316 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1317 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type),
1318 &dev_type);
1319 num_properties++;
1320 /* RSSI */
1321 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1322 BT_PROPERTY_REMOTE_RSSI, sizeof(int8_t),
1323 &(p_search_data->inq_res.rssi));
1324 num_properties++;
1325
1326 status =
1327 btif_storage_add_remote_device(&bdaddr, num_properties, properties);
1328 ASSERTC(status == BT_STATUS_SUCCESS,
1329 "failed to save remote device (inquiry)", status);
1330 status = btif_storage_set_remote_addr_type(&bdaddr, addr_type);
1331 ASSERTC(status == BT_STATUS_SUCCESS,
1332 "failed to save remote addr type (inquiry)", status);
1333 /* Callback to notify upper layer of device */
1334 HAL_CBACK(bt_hal_cbacks, device_found_cb, num_properties, properties);
1335 }
1336 } break;
1337
1338 case BTA_DM_INQ_CMPL_EVT: {
1339 do_in_bta_thread(
1340 FROM_HERE,
1341 base::Bind(&BTM_BleAdvFilterParamSetup, BTM_BLE_SCAN_COND_DELETE, 0,
1342 nullptr, base::Bind(&bte_scan_filt_param_cfg_evt, 0)));
1343 } break;
1344 case BTA_DM_DISC_CMPL_EVT: {
1345 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1346 BT_DISCOVERY_STOPPED);
1347 } break;
1348 case BTA_DM_SEARCH_CANCEL_CMPL_EVT: {
1349 /* if inquiry is not in progress and we get a cancel event, then
1350 * it means we are done with inquiry, but remote_name fetches are in
1351 * progress
1352 *
1353 * if inquiry is in progress, then we don't want to act on this
1354 * cancel_cmpl_evt
1355 * but instead wait for the cancel_cmpl_evt via the Busy Level
1356 *
1357 */
1358 if (!btif_dm_inquiry_in_progress) {
1359 btgatt_filt_param_setup_t adv_filt_param;
1360 memset(&adv_filt_param, 0, sizeof(btgatt_filt_param_setup_t));
1361 do_in_bta_thread(
1362 FROM_HERE,
1363 base::Bind(&BTM_BleAdvFilterParamSetup, BTM_BLE_SCAN_COND_DELETE, 0,
1364 nullptr, base::Bind(&bte_scan_filt_param_cfg_evt, 0)));
1365 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1366 BT_DISCOVERY_STOPPED);
1367 }
1368 } break;
1369 }
1370 }
1371
1372 /*******************************************************************************
1373 *
1374 * Function btif_dm_search_services_evt
1375 *
1376 * Description Executes search services event in btif context
1377 *
1378 * Returns void
1379 *
1380 ******************************************************************************/
btif_dm_search_services_evt(uint16_t event,char * p_param)1381 static void btif_dm_search_services_evt(uint16_t event, char* p_param) {
1382 tBTA_DM_SEARCH* p_data = (tBTA_DM_SEARCH*)p_param;
1383
1384 BTIF_TRACE_EVENT("%s: event = %d", __func__, event);
1385 switch (event) {
1386 case BTA_DM_DISC_RES_EVT: {
1387 bt_property_t prop;
1388 uint32_t i = 0;
1389 bt_status_t ret;
1390
1391 RawAddress& bd_addr = p_data->disc_res.bd_addr;
1392
1393 BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __func__,
1394 p_data->disc_res.result, p_data->disc_res.services);
1395 if ((p_data->disc_res.result != BTA_SUCCESS) &&
1396 (pairing_cb.state == BT_BOND_STATE_BONDING) &&
1397 (pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING)) {
1398 BTIF_TRACE_WARNING("%s:SDP failed after bonding re-attempting",
1399 __func__);
1400 pairing_cb.sdp_attempts++;
1401 btif_dm_get_remote_services(bd_addr);
1402 return;
1403 }
1404 prop.type = BT_PROPERTY_UUIDS;
1405 prop.len = 0;
1406 if ((p_data->disc_res.result == BTA_SUCCESS) &&
1407 (p_data->disc_res.num_uuids > 0)) {
1408 prop.val = p_data->disc_res.p_uuid_list;
1409 prop.len = p_data->disc_res.num_uuids * Uuid::kNumBytes128;
1410 for (i = 0; i < p_data->disc_res.num_uuids; i++) {
1411 std::string temp = ((p_data->disc_res.p_uuid_list + i))->ToString();
1412 LOG_INFO(LOG_TAG, "%s index:%d uuid:%s", __func__, i, temp.c_str());
1413 }
1414 }
1415
1416 /* onUuidChanged requires getBondedDevices to be populated.
1417 ** bond_state_changed needs to be sent prior to remote_device_property
1418 */
1419 if ((pairing_cb.state == BT_BOND_STATE_BONDING) &&
1420 (p_data->disc_res.bd_addr == pairing_cb.bd_addr ||
1421 p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) &&
1422 pairing_cb.sdp_attempts > 0) {
1423 BTIF_TRACE_DEBUG(
1424 "%s Remote Service SDP done. Call bond_state_changed_cb BONDED",
1425 __func__);
1426 pairing_cb.sdp_attempts = 0;
1427
1428 // If bonding occured due to cross-key pairing, send bonding callback
1429 // for static address now
1430 if (p_data->disc_res.bd_addr == pairing_cb.static_bdaddr)
1431 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
1432
1433 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED);
1434 }
1435
1436 if (p_data->disc_res.num_uuids != 0) {
1437 /* Also write this to the NVRAM */
1438 ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1439 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed",
1440 ret);
1441 /* Send the event to the BTIF */
1442 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, BT_STATUS_SUCCESS,
1443 &bd_addr, 1, &prop);
1444 }
1445 } break;
1446
1447 case BTA_DM_DISC_CMPL_EVT:
1448 /* fixme */
1449 break;
1450
1451 case BTA_DM_SEARCH_CANCEL_CMPL_EVT:
1452 /* no-op */
1453 break;
1454
1455 case BTA_DM_DISC_BLE_RES_EVT: {
1456 BTIF_TRACE_DEBUG("%s: service %s", __func__,
1457 p_data->disc_ble_res.service.ToString().c_str());
1458 int num_properties = 0;
1459 if (p_data->disc_ble_res.service.As16Bit() == UUID_SERVCLASS_LE_HID ||
1460 p_data->disc_ble_res.service == UUID_HEARING_AID) {
1461 BTIF_TRACE_DEBUG("%s: Found HOGP or HEARING AID UUID", __func__);
1462 bt_property_t prop[2];
1463 bt_status_t ret;
1464
1465 const auto& arr = p_data->disc_ble_res.service.To128BitBE();
1466
1467 RawAddress& bd_addr = p_data->disc_ble_res.bd_addr;
1468 prop[0].type = BT_PROPERTY_UUIDS;
1469 prop[0].val = (void*)arr.data();
1470 prop[0].len = Uuid::kNumBytes128;
1471
1472 /* Also write this to the NVRAM */
1473 ret = btif_storage_set_remote_device_property(&bd_addr, &prop[0]);
1474 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed",
1475 ret);
1476 num_properties++;
1477
1478 /* Remote name update */
1479 if (strnlen((const char*)p_data->disc_ble_res.bd_name, BD_NAME_LEN)) {
1480 prop[1].type = BT_PROPERTY_BDNAME;
1481 prop[1].val = p_data->disc_ble_res.bd_name;
1482 prop[1].len =
1483 strnlen((char*)p_data->disc_ble_res.bd_name, BD_NAME_LEN);
1484
1485 ret = btif_storage_set_remote_device_property(&bd_addr, &prop[1]);
1486 ASSERTC(ret == BT_STATUS_SUCCESS,
1487 "failed to save remote device property", ret);
1488 num_properties++;
1489 }
1490
1491 /* Send the event to the BTIF */
1492 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, BT_STATUS_SUCCESS,
1493 &bd_addr, num_properties, prop);
1494 }
1495 } break;
1496
1497 default: { ASSERTC(0, "unhandled search services event", event); } break;
1498 }
1499 }
1500
1501 /*******************************************************************************
1502 *
1503 * Function btif_dm_remote_service_record_evt
1504 *
1505 * Description Executes search service record event in btif context
1506 *
1507 * Returns void
1508 *
1509 ******************************************************************************/
btif_dm_remote_service_record_evt(uint16_t event,char * p_param)1510 static void btif_dm_remote_service_record_evt(uint16_t event, char* p_param) {
1511 tBTA_DM_SEARCH* p_data = (tBTA_DM_SEARCH*)p_param;
1512
1513 BTIF_TRACE_EVENT("%s: event = %d", __func__, event);
1514 switch (event) {
1515 case BTA_DM_DISC_RES_EVT: {
1516 bt_service_record_t rec;
1517 bt_property_t prop;
1518
1519 memset(&rec, 0, sizeof(bt_service_record_t));
1520 RawAddress& bd_addr = p_data->disc_res.bd_addr;
1521
1522 BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __func__,
1523 p_data->disc_res.result, p_data->disc_res.services);
1524 prop.type = BT_PROPERTY_SERVICE_RECORD;
1525 prop.val = (void*)&rec;
1526 prop.len = sizeof(rec);
1527
1528 /* disc_res.result is overloaded with SCN. Cannot check result */
1529 p_data->disc_res.services &= ~BTA_USER_SERVICE_MASK;
1530 /* TODO: Get the UUID as well */
1531 rec.channel = p_data->disc_res.result - 3;
1532 /* TODO: Need to get the service name using p_raw_data */
1533 rec.name[0] = 0;
1534
1535 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, BT_STATUS_SUCCESS,
1536 &bd_addr, 1, &prop);
1537 } break;
1538
1539 default: {
1540 ASSERTC(0, "unhandled remote service record event", event);
1541 } break;
1542 }
1543 }
1544
1545 /*******************************************************************************
1546 *
1547 * Function btif_dm_upstreams_cback
1548 *
1549 * Description Executes UPSTREAMS events in btif context
1550 *
1551 * Returns void
1552 *
1553 ******************************************************************************/
btif_dm_upstreams_evt(uint16_t event,char * p_param)1554 static void btif_dm_upstreams_evt(uint16_t event, char* p_param) {
1555 tBTA_DM_SEC* p_data = (tBTA_DM_SEC*)p_param;
1556 tBTA_SERVICE_MASK service_mask;
1557 uint32_t i;
1558 RawAddress bd_addr;
1559
1560 BTIF_TRACE_EVENT("%s: ev: %s", __func__, dump_dm_event(event));
1561
1562 switch (event) {
1563 case BTA_DM_ENABLE_EVT: {
1564 BD_NAME bdname;
1565 bt_status_t status;
1566 bt_property_t prop;
1567 prop.type = BT_PROPERTY_BDNAME;
1568 prop.len = BD_NAME_LEN;
1569 prop.val = (void*)bdname;
1570
1571 status = btif_storage_get_adapter_property(&prop);
1572 if (status == BT_STATUS_SUCCESS) {
1573 /* A name exists in the storage. Make this the device name */
1574 BTA_DmSetDeviceName((char*)prop.val);
1575 } else {
1576 /* Storage does not have a name yet.
1577 * Use the default name and write it to the chip
1578 */
1579 BTA_DmSetDeviceName(btif_get_default_local_name());
1580 }
1581
1582 /* Enable local privacy */
1583 BTA_DmBleConfigLocalPrivacy(BLE_LOCAL_PRIVACY_ENABLED);
1584
1585 /* for each of the enabled services in the mask, trigger the profile
1586 * enable */
1587 service_mask = btif_get_enabled_services_mask();
1588 for (i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
1589 if (service_mask &
1590 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
1591 btif_in_execute_service_request(i, true);
1592 }
1593 }
1594 /* clear control blocks */
1595 memset(&pairing_cb, 0, sizeof(btif_dm_pairing_cb_t));
1596 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
1597
1598 /* This function will also trigger the adapter_properties_cb
1599 ** and bonded_devices_info_cb
1600 */
1601 btif_storage_load_bonded_devices();
1602
1603 btif_enable_bluetooth_evt(p_data->enable.status);
1604 } break;
1605
1606 case BTA_DM_DISABLE_EVT:
1607 /* for each of the enabled services in the mask, trigger the profile
1608 * disable */
1609 service_mask = btif_get_enabled_services_mask();
1610 for (i = 0; i <= BTA_MAX_SERVICE_ID; i++) {
1611 if (service_mask &
1612 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i))) {
1613 btif_in_execute_service_request(i, false);
1614 }
1615 }
1616 btif_disable_bluetooth_evt();
1617 break;
1618
1619 case BTA_DM_PIN_REQ_EVT:
1620 btif_dm_pin_req_evt(&p_data->pin_req);
1621 break;
1622
1623 case BTA_DM_AUTH_CMPL_EVT:
1624 btif_dm_auth_cmpl_evt(&p_data->auth_cmpl);
1625 break;
1626
1627 case BTA_DM_BOND_CANCEL_CMPL_EVT:
1628 if (pairing_cb.state == BT_BOND_STATE_BONDING) {
1629 bd_addr = pairing_cb.bd_addr;
1630 btm_set_bond_type_dev(pairing_cb.bd_addr, BOND_TYPE_UNKNOWN);
1631 bond_state_changed((bt_status_t)p_data->bond_cancel_cmpl.result,
1632 bd_addr, BT_BOND_STATE_NONE);
1633 }
1634 break;
1635
1636 case BTA_DM_SP_CFM_REQ_EVT:
1637 btif_dm_ssp_cfm_req_evt(&p_data->cfm_req);
1638 break;
1639 case BTA_DM_SP_KEY_NOTIF_EVT:
1640 btif_dm_ssp_key_notif_evt(&p_data->key_notif);
1641 break;
1642
1643 case BTA_DM_DEV_UNPAIRED_EVT:
1644 bd_addr = p_data->link_down.bd_addr;
1645 btm_set_bond_type_dev(p_data->link_down.bd_addr, BOND_TYPE_UNKNOWN);
1646
1647 /*special handling for HID devices */
1648 #if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
1649 btif_hh_remove_device(bd_addr);
1650 #endif
1651 #if (defined(BTA_HD_INCLUDED) && (BTA_HD_INCLUDED == TRUE))
1652 btif_hd_remove_device(bd_addr);
1653 #endif
1654 btif_hearing_aid_get_interface()->RemoveDevice(bd_addr);
1655 btif_storage_remove_bonded_device(&bd_addr);
1656 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_NONE);
1657 break;
1658
1659 case BTA_DM_BUSY_LEVEL_EVT: {
1660 if (p_data->busy_level.level_flags & BTM_BL_INQUIRY_PAGING_MASK) {
1661 if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_STARTED) {
1662 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1663 BT_DISCOVERY_STARTED);
1664 btif_dm_inquiry_in_progress = true;
1665 } else if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_CANCELLED) {
1666 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1667 BT_DISCOVERY_STOPPED);
1668 btif_dm_inquiry_in_progress = false;
1669 } else if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_COMPLETE) {
1670 btif_dm_inquiry_in_progress = false;
1671 }
1672 }
1673 } break;
1674
1675 case BTA_DM_LINK_UP_EVT:
1676 bd_addr = p_data->link_up.bd_addr;
1677 BTIF_TRACE_DEBUG("BTA_DM_LINK_UP_EVT. Sending BT_ACL_STATE_CONNECTED");
1678
1679 btif_update_remote_version_property(&bd_addr);
1680
1681 HAL_CBACK(bt_hal_cbacks, acl_state_changed_cb, BT_STATUS_SUCCESS,
1682 &bd_addr, BT_ACL_STATE_CONNECTED);
1683 break;
1684
1685 case BTA_DM_LINK_DOWN_EVT:
1686 bd_addr = p_data->link_down.bd_addr;
1687 btm_set_bond_type_dev(p_data->link_down.bd_addr, BOND_TYPE_UNKNOWN);
1688 btif_av_acl_disconnected(bd_addr);
1689 BTIF_TRACE_DEBUG(
1690 "BTA_DM_LINK_DOWN_EVT. Sending BT_ACL_STATE_DISCONNECTED");
1691 HAL_CBACK(bt_hal_cbacks, acl_state_changed_cb, BT_STATUS_SUCCESS,
1692 &bd_addr, BT_ACL_STATE_DISCONNECTED);
1693 break;
1694
1695 case BTA_DM_HW_ERROR_EVT:
1696 BTIF_TRACE_ERROR("Received H/W Error. ");
1697 /* Flush storage data */
1698 btif_config_flush();
1699 usleep(100000); /* 100milliseconds */
1700 /* Killing the process to force a restart as part of fault tolerance */
1701 kill(getpid(), SIGKILL);
1702 break;
1703
1704 case BTA_DM_BLE_KEY_EVT:
1705 BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT key_type=0x%02x ",
1706 p_data->ble_key.key_type);
1707
1708 /* If this pairing is by-product of local initiated GATT client Read or
1709 Write,
1710 BTA would not have sent BTA_DM_BLE_SEC_REQ_EVT event and Bond state would
1711 not
1712 have setup properly. Setup pairing_cb and notify App about Bonding state
1713 now*/
1714 if (pairing_cb.state != BT_BOND_STATE_BONDING) {
1715 BTIF_TRACE_DEBUG(
1716 "Bond state not sent to App so far.Notify the app now");
1717 bond_state_changed(BT_STATUS_SUCCESS, p_data->ble_key.bd_addr,
1718 BT_BOND_STATE_BONDING);
1719 } else if (pairing_cb.bd_addr != p_data->ble_key.bd_addr) {
1720 BTIF_TRACE_ERROR("BD mismatch discard BLE key_type=%d ",
1721 p_data->ble_key.key_type);
1722 break;
1723 }
1724
1725 switch (p_data->ble_key.key_type) {
1726 case BTA_LE_KEY_PENC:
1727 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PENC");
1728 pairing_cb.ble.is_penc_key_rcvd = true;
1729 pairing_cb.ble.penc_key = p_data->ble_key.p_key_value->penc_key;
1730 break;
1731
1732 case BTA_LE_KEY_PID:
1733 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PID");
1734 pairing_cb.ble.is_pid_key_rcvd = true;
1735 pairing_cb.ble.pid_key = p_data->ble_key.p_key_value->pid_key;
1736 break;
1737
1738 case BTA_LE_KEY_PCSRK:
1739 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PCSRK");
1740 pairing_cb.ble.is_pcsrk_key_rcvd = true;
1741 pairing_cb.ble.pcsrk_key = p_data->ble_key.p_key_value->pcsrk_key;
1742 break;
1743
1744 case BTA_LE_KEY_LENC:
1745 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LENC");
1746 pairing_cb.ble.is_lenc_key_rcvd = true;
1747 pairing_cb.ble.lenc_key = p_data->ble_key.p_key_value->lenc_key;
1748 break;
1749
1750 case BTA_LE_KEY_LCSRK:
1751 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LCSRK");
1752 pairing_cb.ble.is_lcsrk_key_rcvd = true;
1753 pairing_cb.ble.lcsrk_key = p_data->ble_key.p_key_value->lcsrk_key;
1754 break;
1755
1756 case BTA_LE_KEY_LID:
1757 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LID");
1758 pairing_cb.ble.is_lidk_key_rcvd = true;
1759 break;
1760
1761 default:
1762 BTIF_TRACE_ERROR("unknown BLE key type (0x%02x)",
1763 p_data->ble_key.key_type);
1764 break;
1765 }
1766 break;
1767 case BTA_DM_BLE_SEC_REQ_EVT:
1768 BTIF_TRACE_DEBUG("BTA_DM_BLE_SEC_REQ_EVT. ");
1769 btif_dm_ble_sec_req_evt(&p_data->ble_req);
1770 break;
1771 case BTA_DM_BLE_PASSKEY_NOTIF_EVT:
1772 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_NOTIF_EVT. ");
1773 btif_dm_ble_key_notif_evt(&p_data->key_notif);
1774 break;
1775 case BTA_DM_BLE_PASSKEY_REQ_EVT:
1776 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1777 btif_dm_ble_passkey_req_evt(&p_data->pin_req);
1778 break;
1779 case BTA_DM_BLE_NC_REQ_EVT:
1780 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1781 btif_dm_ble_key_nc_req_evt(&p_data->key_notif);
1782 break;
1783 case BTA_DM_BLE_OOB_REQ_EVT:
1784 BTIF_TRACE_DEBUG("BTA_DM_BLE_OOB_REQ_EVT. ");
1785 btif_dm_ble_oob_req_evt(&p_data->rmt_oob);
1786 break;
1787 case BTA_DM_BLE_SC_OOB_REQ_EVT:
1788 BTIF_TRACE_DEBUG("BTA_DM_BLE_SC_OOB_REQ_EVT. ");
1789 btif_dm_ble_sc_oob_req_evt(&p_data->rmt_oob);
1790 break;
1791 case BTA_DM_BLE_LOCAL_IR_EVT:
1792 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_IR_EVT. ");
1793 ble_local_key_cb.is_id_keys_rcvd = true;
1794 memcpy(&ble_local_key_cb.id_keys.irk[0], &p_data->ble_id_keys.irk[0],
1795 sizeof(BT_OCTET16));
1796 memcpy(&ble_local_key_cb.id_keys.ir[0], &p_data->ble_id_keys.ir[0],
1797 sizeof(BT_OCTET16));
1798 memcpy(&ble_local_key_cb.id_keys.dhk[0], &p_data->ble_id_keys.dhk[0],
1799 sizeof(BT_OCTET16));
1800 btif_storage_add_ble_local_key((char*)&ble_local_key_cb.id_keys.irk[0],
1801 BTIF_DM_LE_LOCAL_KEY_IRK, BT_OCTET16_LEN);
1802 btif_storage_add_ble_local_key((char*)&ble_local_key_cb.id_keys.ir[0],
1803 BTIF_DM_LE_LOCAL_KEY_IR, BT_OCTET16_LEN);
1804 btif_storage_add_ble_local_key((char*)&ble_local_key_cb.id_keys.dhk[0],
1805 BTIF_DM_LE_LOCAL_KEY_DHK, BT_OCTET16_LEN);
1806 break;
1807 case BTA_DM_BLE_LOCAL_ER_EVT:
1808 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_ER_EVT. ");
1809 ble_local_key_cb.is_er_rcvd = true;
1810 memcpy(&ble_local_key_cb.er[0], &p_data->ble_er[0], sizeof(BT_OCTET16));
1811 btif_storage_add_ble_local_key((char*)&ble_local_key_cb.er[0],
1812 BTIF_DM_LE_LOCAL_KEY_ER, BT_OCTET16_LEN);
1813 break;
1814
1815 case BTA_DM_BLE_AUTH_CMPL_EVT:
1816 BTIF_TRACE_DEBUG("BTA_DM_BLE_AUTH_CMPL_EVT. ");
1817 btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl);
1818 break;
1819
1820 case BTA_DM_LE_FEATURES_READ: {
1821 tBTM_BLE_VSC_CB cmn_vsc_cb;
1822 bt_local_le_features_t local_le_features;
1823 char buf[512];
1824 bt_property_t prop;
1825 prop.type = BT_PROPERTY_LOCAL_LE_FEATURES;
1826 prop.val = (void*)buf;
1827 prop.len = sizeof(buf);
1828
1829 /* LE features are not stored in storage. Should be retrived from stack */
1830 BTM_BleGetVendorCapabilities(&cmn_vsc_cb);
1831 local_le_features.local_privacy_enabled = BTM_BleLocalPrivacyEnabled();
1832
1833 prop.len = sizeof(bt_local_le_features_t);
1834 if (cmn_vsc_cb.filter_support == 1)
1835 local_le_features.max_adv_filter_supported = cmn_vsc_cb.max_filter;
1836 else
1837 local_le_features.max_adv_filter_supported = 0;
1838 local_le_features.max_adv_instance = cmn_vsc_cb.adv_inst_max;
1839 local_le_features.max_irk_list_size = cmn_vsc_cb.max_irk_list_sz;
1840 local_le_features.rpa_offload_supported = cmn_vsc_cb.rpa_offloading;
1841 local_le_features.activity_energy_info_supported =
1842 cmn_vsc_cb.energy_support;
1843 local_le_features.scan_result_storage_size =
1844 cmn_vsc_cb.tot_scan_results_strg;
1845 local_le_features.version_supported = cmn_vsc_cb.version_supported;
1846 local_le_features.total_trackable_advertisers =
1847 cmn_vsc_cb.total_trackable_advertisers;
1848
1849 local_le_features.extended_scan_support =
1850 cmn_vsc_cb.extended_scan_support > 0;
1851 local_le_features.debug_logging_supported =
1852 cmn_vsc_cb.debug_logging_supported > 0;
1853
1854 const controller_t* controller = controller_get_interface();
1855
1856 local_le_features.le_2m_phy_supported = controller->supports_ble_2m_phy();
1857 local_le_features.le_coded_phy_supported =
1858 controller->supports_ble_coded_phy();
1859 local_le_features.le_extended_advertising_supported =
1860 controller->supports_ble_extended_advertising();
1861 local_le_features.le_periodic_advertising_supported =
1862 controller->supports_ble_periodic_advertising();
1863 local_le_features.le_maximum_advertising_data_length =
1864 controller->get_ble_maxium_advertising_data_length();
1865
1866 memcpy(prop.val, &local_le_features, prop.len);
1867 HAL_CBACK(bt_hal_cbacks, adapter_properties_cb, BT_STATUS_SUCCESS, 1,
1868 &prop);
1869 break;
1870 }
1871
1872 case BTA_DM_ENER_INFO_READ: {
1873 btif_activity_energy_info_cb_t* p_ener_data =
1874 (btif_activity_energy_info_cb_t*)p_param;
1875 bt_activity_energy_info energy_info;
1876 energy_info.status = p_ener_data->status;
1877 energy_info.ctrl_state = p_ener_data->ctrl_state;
1878 energy_info.rx_time = p_ener_data->rx_time;
1879 energy_info.tx_time = p_ener_data->tx_time;
1880 energy_info.idle_time = p_ener_data->idle_time;
1881 energy_info.energy_used = p_ener_data->energy_used;
1882
1883 bt_uid_traffic_t* data = uid_set_read_and_clear(uid_set);
1884 HAL_CBACK(bt_hal_cbacks, energy_info_cb, &energy_info, data);
1885 osi_free(data);
1886 break;
1887 }
1888
1889 case BTA_DM_AUTHORIZE_EVT:
1890 case BTA_DM_SIG_STRENGTH_EVT:
1891 case BTA_DM_SP_RMT_OOB_EVT:
1892 case BTA_DM_SP_KEYPRESS_EVT:
1893 case BTA_DM_ROLE_CHG_EVT:
1894
1895 default:
1896 BTIF_TRACE_WARNING("%s: unhandled event (%d)", __func__, event);
1897 break;
1898 }
1899
1900 btif_dm_data_free(event, p_data);
1901 }
1902
1903 /*******************************************************************************
1904 *
1905 * Function btif_dm_generic_evt
1906 *
1907 * Description Executes non-BTA upstream events in BTIF context
1908 *
1909 * Returns void
1910 *
1911 ******************************************************************************/
btif_dm_generic_evt(uint16_t event,char * p_param)1912 static void btif_dm_generic_evt(uint16_t event, char* p_param) {
1913 BTIF_TRACE_EVENT("%s: event=%d", __func__, event);
1914 switch (event) {
1915 case BTIF_DM_CB_DISCOVERY_STARTED: {
1916 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1917 BT_DISCOVERY_STARTED);
1918 } break;
1919
1920 case BTIF_DM_CB_CREATE_BOND: {
1921 pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
1922 btif_dm_create_bond_cb_t* create_bond_cb =
1923 (btif_dm_create_bond_cb_t*)p_param;
1924 btif_dm_cb_create_bond(create_bond_cb->bdaddr, create_bond_cb->transport);
1925 } break;
1926
1927 case BTIF_DM_CB_REMOVE_BOND: {
1928 btif_dm_cb_remove_bond((RawAddress*)p_param);
1929 } break;
1930
1931 case BTIF_DM_CB_HID_REMOTE_NAME: {
1932 btif_dm_cb_hid_remote_name((tBTM_REMOTE_DEV_NAME*)p_param);
1933 } break;
1934
1935 case BTIF_DM_CB_BOND_STATE_BONDING: {
1936 bond_state_changed(BT_STATUS_SUCCESS, *((RawAddress*)p_param),
1937 BT_BOND_STATE_BONDING);
1938 } break;
1939 case BTIF_DM_CB_LE_TX_TEST:
1940 case BTIF_DM_CB_LE_RX_TEST: {
1941 uint8_t status;
1942 STREAM_TO_UINT8(status, p_param);
1943 HAL_CBACK(bt_hal_cbacks, le_test_mode_cb,
1944 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
1945 } break;
1946 case BTIF_DM_CB_LE_TEST_END: {
1947 uint8_t status;
1948 uint16_t count = 0;
1949 STREAM_TO_UINT8(status, p_param);
1950 if (status == 0) STREAM_TO_UINT16(count, p_param);
1951 HAL_CBACK(bt_hal_cbacks, le_test_mode_cb,
1952 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, count);
1953 } break;
1954 default: {
1955 BTIF_TRACE_WARNING("%s : Unknown event 0x%x", __func__, event);
1956 } break;
1957 }
1958 }
1959
1960 /*******************************************************************************
1961 *
1962 * Function bte_dm_evt
1963 *
1964 * Description Switches context from BTE to BTIF for all DM events
1965 *
1966 * Returns void
1967 *
1968 ******************************************************************************/
1969
bte_dm_evt(tBTA_DM_SEC_EVT event,tBTA_DM_SEC * p_data)1970 void bte_dm_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data) {
1971 /* switch context to btif task context (copy full union size for convenience)
1972 */
1973 bt_status_t status = btif_transfer_context(
1974 btif_dm_upstreams_evt, (uint16_t)event, (char*)p_data,
1975 sizeof(tBTA_DM_SEC), btif_dm_data_copy);
1976
1977 /* catch any failed context transfers */
1978 ASSERTC(status == BT_STATUS_SUCCESS, "context transfer failed", status);
1979 }
1980
1981 /*******************************************************************************
1982 *
1983 * Function bte_search_devices_evt
1984 *
1985 * Description Switches context from BTE to BTIF for DM search events
1986 *
1987 * Returns void
1988 *
1989 ******************************************************************************/
bte_search_devices_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_data)1990 static void bte_search_devices_evt(tBTA_DM_SEARCH_EVT event,
1991 tBTA_DM_SEARCH* p_data) {
1992 uint16_t param_len = 0;
1993
1994 if (p_data) param_len += sizeof(tBTA_DM_SEARCH);
1995 /* Allocate buffer to hold the pointers (deep copy). The pointers will point
1996 * to the end of the tBTA_DM_SEARCH */
1997 switch (event) {
1998 case BTA_DM_INQ_RES_EVT: {
1999 if (p_data->inq_res.p_eir) param_len += p_data->inq_res.eir_len;
2000 } break;
2001
2002 case BTA_DM_DISC_RES_EVT: {
2003 if (p_data->disc_res.raw_data_size && p_data->disc_res.p_raw_data)
2004 param_len += p_data->disc_res.raw_data_size;
2005 } break;
2006 }
2007 BTIF_TRACE_DEBUG("%s event=%s param_len=%d", __func__,
2008 dump_dm_search_event(event), param_len);
2009
2010 /* if remote name is available in EIR, set teh flag so that stack doesnt
2011 * trigger RNR */
2012 if (event == BTA_DM_INQ_RES_EVT)
2013 p_data->inq_res.remt_name_not_required =
2014 check_eir_remote_name(p_data, NULL, NULL);
2015
2016 btif_transfer_context(
2017 btif_dm_search_devices_evt, (uint16_t)event, (char*)p_data, param_len,
2018 (param_len > sizeof(tBTA_DM_SEARCH)) ? search_devices_copy_cb : NULL);
2019 }
2020
2021 /*******************************************************************************
2022 *
2023 * Function bte_dm_search_services_evt
2024 *
2025 * Description Switches context from BTE to BTIF for DM search services
2026 * event
2027 *
2028 * Returns void
2029 *
2030 ******************************************************************************/
bte_dm_search_services_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_data)2031 static void bte_dm_search_services_evt(tBTA_DM_SEARCH_EVT event,
2032 tBTA_DM_SEARCH* p_data) {
2033 uint16_t param_len = 0;
2034 if (p_data) param_len += sizeof(tBTA_DM_SEARCH);
2035 switch (event) {
2036 case BTA_DM_DISC_RES_EVT: {
2037 if ((p_data->disc_res.result == BTA_SUCCESS) &&
2038 (p_data->disc_res.num_uuids > 0)) {
2039 param_len += (p_data->disc_res.num_uuids * Uuid::kNumBytes128);
2040 }
2041 } break;
2042 }
2043 /* TODO: The only other member that needs a deep copy is the p_raw_data. But
2044 * not sure
2045 * if raw_data is needed. */
2046 btif_transfer_context(
2047 btif_dm_search_services_evt, event, (char*)p_data, param_len,
2048 (param_len > sizeof(tBTA_DM_SEARCH)) ? search_services_copy_cb : NULL);
2049 }
2050
2051 /*******************************************************************************
2052 *
2053 * Function bte_dm_remote_service_record_evt
2054 *
2055 * Description Switches context from BTE to BTIF for DM search service
2056 * record event
2057 *
2058 * Returns void
2059 *
2060 ******************************************************************************/
bte_dm_remote_service_record_evt(tBTA_DM_SEARCH_EVT event,tBTA_DM_SEARCH * p_data)2061 static void bte_dm_remote_service_record_evt(tBTA_DM_SEARCH_EVT event,
2062 tBTA_DM_SEARCH* p_data) {
2063 /* TODO: The only member that needs a deep copy is the p_raw_data. But not
2064 * sure yet if this is needed. */
2065 btif_transfer_context(btif_dm_remote_service_record_evt, event, (char*)p_data,
2066 sizeof(tBTA_DM_SEARCH), NULL);
2067 }
2068
2069 /*******************************************************************************
2070 *
2071 * Function bta_energy_info_cb
2072 *
2073 * Description Switches context from BTE to BTIF for DM energy info event
2074 *
2075 * Returns void
2076 *
2077 ******************************************************************************/
bta_energy_info_cb(tBTA_DM_BLE_TX_TIME_MS tx_time,tBTA_DM_BLE_RX_TIME_MS rx_time,tBTA_DM_BLE_IDLE_TIME_MS idle_time,tBTA_DM_BLE_ENERGY_USED energy_used,tBTA_DM_CONTRL_STATE ctrl_state,tBTA_STATUS status)2078 static void bta_energy_info_cb(tBTA_DM_BLE_TX_TIME_MS tx_time,
2079 tBTA_DM_BLE_RX_TIME_MS rx_time,
2080 tBTA_DM_BLE_IDLE_TIME_MS idle_time,
2081 tBTA_DM_BLE_ENERGY_USED energy_used,
2082 tBTA_DM_CONTRL_STATE ctrl_state,
2083 tBTA_STATUS status) {
2084 BTIF_TRACE_DEBUG(
2085 "energy_info_cb-Status:%d,state=%d,tx_t=%ld, rx_t=%ld, "
2086 "idle_time=%ld,used=%ld",
2087 status, ctrl_state, tx_time, rx_time, idle_time, energy_used);
2088
2089 btif_activity_energy_info_cb_t btif_cb;
2090 btif_cb.status = status;
2091 btif_cb.ctrl_state = ctrl_state;
2092 btif_cb.tx_time = (uint64_t)tx_time;
2093 btif_cb.rx_time = (uint64_t)rx_time;
2094 btif_cb.idle_time = (uint64_t)idle_time;
2095 btif_cb.energy_used = (uint64_t)energy_used;
2096 btif_transfer_context(btif_dm_upstreams_evt, BTA_DM_ENER_INFO_READ,
2097 (char*)&btif_cb, sizeof(btif_activity_energy_info_cb_t),
2098 NULL);
2099 }
2100
2101 /* Scan filter param config event */
bte_scan_filt_param_cfg_evt(uint8_t ref_value,uint8_t avbl_space,uint8_t action_type,uint8_t status)2102 static void bte_scan_filt_param_cfg_evt(uint8_t ref_value, uint8_t avbl_space,
2103 uint8_t action_type, uint8_t status) {
2104 /* This event occurs on calling BTA_DmBleCfgFilterCondition internally,
2105 ** and that is why there is no HAL callback
2106 */
2107 if (BTA_SUCCESS != status) {
2108 BTIF_TRACE_ERROR("%s, %d", __func__, status);
2109 } else {
2110 BTIF_TRACE_DEBUG("%s", __func__);
2111 }
2112 }
2113
2114 /*****************************************************************************
2115 *
2116 * btif api functions (no context switch)
2117 *
2118 ****************************************************************************/
2119
2120 /*******************************************************************************
2121 *
2122 * Function btif_dm_start_discovery
2123 *
2124 * Description Start device discovery/inquiry
2125 *
2126 * Returns bt_status_t
2127 *
2128 ******************************************************************************/
btif_dm_start_discovery(void)2129 bt_status_t btif_dm_start_discovery(void) {
2130 tBTA_DM_INQ inq_params;
2131 tBTA_SERVICE_MASK services = 0;
2132
2133 BTIF_TRACE_EVENT("%s", __func__);
2134
2135 /* Cleanup anything remaining on index 0 */
2136 do_in_bta_thread(
2137 FROM_HERE,
2138 base::Bind(&BTM_BleAdvFilterParamSetup, BTM_BLE_SCAN_COND_DELETE, 0,
2139 nullptr, base::Bind(&bte_scan_filt_param_cfg_evt, 0)));
2140
2141 auto adv_filt_param = std::make_unique<btgatt_filt_param_setup_t>();
2142 /* Add an allow-all filter on index 0*/
2143 adv_filt_param->dely_mode = IMMEDIATE_DELY_MODE;
2144 adv_filt_param->feat_seln = ALLOW_ALL_FILTER;
2145 adv_filt_param->filt_logic_type = BTA_DM_BLE_PF_FILT_LOGIC_OR;
2146 adv_filt_param->list_logic_type = BTA_DM_BLE_PF_LIST_LOGIC_OR;
2147 adv_filt_param->rssi_low_thres = LOWEST_RSSI_VALUE;
2148 adv_filt_param->rssi_high_thres = LOWEST_RSSI_VALUE;
2149 do_in_bta_thread(
2150 FROM_HERE, base::Bind(&BTM_BleAdvFilterParamSetup, BTM_BLE_SCAN_COND_ADD,
2151 0, base::Passed(&adv_filt_param),
2152 base::Bind(&bte_scan_filt_param_cfg_evt, 0)));
2153
2154 /* TODO: Do we need to handle multiple inquiries at the same time? */
2155
2156 /* Set inquiry params and call API */
2157 inq_params.mode = BTA_DM_GENERAL_INQUIRY | BTA_BLE_GENERAL_INQUIRY;
2158 inq_params.duration = BTIF_DM_DEFAULT_INQ_MAX_DURATION;
2159
2160 inq_params.max_resps = BTIF_DM_DEFAULT_INQ_MAX_RESULTS;
2161 inq_params.report_dup = true;
2162
2163 inq_params.filter_type = BTA_DM_INQ_CLR;
2164 /* TODO: Filter device by BDA needs to be implemented here */
2165
2166 /* Will be enabled to true once inquiry busy level has been received */
2167 btif_dm_inquiry_in_progress = false;
2168 /* find nearby devices */
2169 BTA_DmSearch(&inq_params, services, bte_search_devices_evt);
2170
2171 return BT_STATUS_SUCCESS;
2172 }
2173
2174 /*******************************************************************************
2175 *
2176 * Function btif_dm_cancel_discovery
2177 *
2178 * Description Cancels search
2179 *
2180 * Returns bt_status_t
2181 *
2182 ******************************************************************************/
btif_dm_cancel_discovery(void)2183 bt_status_t btif_dm_cancel_discovery(void) {
2184 BTIF_TRACE_EVENT("%s", __func__);
2185 BTA_DmSearchCancel();
2186 return BT_STATUS_SUCCESS;
2187 }
2188
2189 /*******************************************************************************
2190 *
2191 * Function btif_dm_create_bond
2192 *
2193 * Description Initiate bonding with the specified device
2194 *
2195 * Returns bt_status_t
2196 *
2197 ******************************************************************************/
btif_dm_create_bond(const RawAddress * bd_addr,int transport)2198 bt_status_t btif_dm_create_bond(const RawAddress* bd_addr, int transport) {
2199 btif_dm_create_bond_cb_t create_bond_cb;
2200 create_bond_cb.transport = transport;
2201 create_bond_cb.bdaddr = *bd_addr;
2202
2203 BTIF_TRACE_EVENT("%s: bd_addr=%s, transport=%d", __func__,
2204 bd_addr->ToString().c_str(), transport);
2205 if (pairing_cb.state != BT_BOND_STATE_NONE) return BT_STATUS_BUSY;
2206
2207 btif_stats_add_bond_event(*bd_addr, BTIF_DM_FUNC_CREATE_BOND,
2208 pairing_cb.state);
2209
2210 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_CREATE_BOND,
2211 (char*)&create_bond_cb,
2212 sizeof(btif_dm_create_bond_cb_t), NULL);
2213
2214 return BT_STATUS_SUCCESS;
2215 }
2216
2217 /*******************************************************************************
2218 *
2219 * Function btif_dm_create_bond_out_of_band
2220 *
2221 * Description Initiate bonding with the specified device using out of band
2222 * data
2223 *
2224 * Returns bt_status_t
2225 *
2226 ******************************************************************************/
btif_dm_create_bond_out_of_band(const RawAddress * bd_addr,int transport,const bt_out_of_band_data_t * oob_data)2227 bt_status_t btif_dm_create_bond_out_of_band(
2228 const RawAddress* bd_addr, int transport,
2229 const bt_out_of_band_data_t* oob_data) {
2230 oob_cb.bdaddr = *bd_addr;
2231 memcpy(&oob_cb.oob_data, oob_data, sizeof(bt_out_of_band_data_t));
2232
2233 uint8_t empty[] = {0, 0, 0, 0, 0, 0, 0};
2234 // If LE Bluetooth Device Address is provided, use provided address type
2235 // value.
2236 if (memcmp(oob_data->le_bt_dev_addr, empty, 7) != 0) {
2237 /* byte no 7 is address type in LE Bluetooth Address OOB data */
2238 uint8_t address_type = oob_data->le_bt_dev_addr[6];
2239 if (address_type == BLE_ADDR_PUBLIC || address_type == BLE_ADDR_RANDOM) {
2240 // bd_addr->address is already reversed, so use it instead of
2241 // oob_data->le_bt_dev_addr
2242 BTM_SecAddBleDevice(*bd_addr, NULL, BT_DEVICE_TYPE_BLE, address_type);
2243 }
2244 }
2245
2246 BTIF_TRACE_EVENT("%s: bd_addr=%s, transport=%d", __func__,
2247 bd_addr->ToString().c_str(), transport);
2248 return btif_dm_create_bond(bd_addr, transport);
2249 }
2250
2251 /*******************************************************************************
2252 *
2253 * Function btif_dm_cancel_bond
2254 *
2255 * Description Initiate bonding with the specified device
2256 *
2257 * Returns bt_status_t
2258 *
2259 ******************************************************************************/
2260
btif_dm_cancel_bond(const RawAddress * bd_addr)2261 bt_status_t btif_dm_cancel_bond(const RawAddress* bd_addr) {
2262 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, bd_addr->ToString().c_str());
2263
2264 btif_stats_add_bond_event(*bd_addr, BTIF_DM_FUNC_CANCEL_BOND,
2265 pairing_cb.state);
2266
2267 /* TODO:
2268 ** 1. Restore scan modes
2269 ** 2. special handling for HID devices
2270 */
2271 if (pairing_cb.state == BT_BOND_STATE_BONDING) {
2272 if (pairing_cb.is_ssp) {
2273 if (pairing_cb.is_le_only) {
2274 BTA_DmBleSecurityGrant(*bd_addr, BTA_DM_SEC_PAIR_NOT_SPT);
2275 } else {
2276 BTA_DmConfirm(*bd_addr, false);
2277 BTA_DmBondCancel(*bd_addr);
2278 btif_storage_remove_bonded_device(bd_addr);
2279 }
2280 } else {
2281 if (pairing_cb.is_le_only) {
2282 BTA_DmBondCancel(*bd_addr);
2283 } else {
2284 BTA_DmPinReply(*bd_addr, false, 0, NULL);
2285 }
2286 /* Cancel bonding, in case it is in ACL connection setup state */
2287 BTA_DmBondCancel(*bd_addr);
2288 }
2289 }
2290
2291 return BT_STATUS_SUCCESS;
2292 }
2293
2294 /*******************************************************************************
2295 *
2296 * Function btif_dm_hh_open_failed
2297 *
2298 * Description informs the upper layers if the HH have failed during
2299 * bonding
2300 *
2301 * Returns none
2302 *
2303 ******************************************************************************/
2304
btif_dm_hh_open_failed(RawAddress * bdaddr)2305 void btif_dm_hh_open_failed(RawAddress* bdaddr) {
2306 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
2307 *bdaddr == pairing_cb.bd_addr) {
2308 bond_state_changed(BT_STATUS_FAIL, *bdaddr, BT_BOND_STATE_NONE);
2309 }
2310 }
2311
2312 /*******************************************************************************
2313 *
2314 * Function btif_dm_remove_bond
2315 *
2316 * Description Removes bonding with the specified device
2317 *
2318 * Returns bt_status_t
2319 *
2320 ******************************************************************************/
2321
btif_dm_remove_bond(const RawAddress * bd_addr)2322 bt_status_t btif_dm_remove_bond(const RawAddress* bd_addr) {
2323 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, bd_addr->ToString().c_str());
2324
2325 btif_stats_add_bond_event(*bd_addr, BTIF_DM_FUNC_REMOVE_BOND,
2326 pairing_cb.state);
2327
2328 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_REMOVE_BOND,
2329 (char*)bd_addr, sizeof(RawAddress), NULL);
2330
2331 return BT_STATUS_SUCCESS;
2332 }
2333
2334 /*******************************************************************************
2335 *
2336 * Function btif_dm_pin_reply
2337 *
2338 * Description BT legacy pairing - PIN code reply
2339 *
2340 * Returns bt_status_t
2341 *
2342 ******************************************************************************/
2343
btif_dm_pin_reply(const RawAddress * bd_addr,uint8_t accept,uint8_t pin_len,bt_pin_code_t * pin_code)2344 bt_status_t btif_dm_pin_reply(const RawAddress* bd_addr, uint8_t accept,
2345 uint8_t pin_len, bt_pin_code_t* pin_code) {
2346 BTIF_TRACE_EVENT("%s: accept=%d", __func__, accept);
2347 if (pin_code == NULL || pin_len > PIN_CODE_LEN) return BT_STATUS_FAIL;
2348 if (pairing_cb.is_le_only) {
2349 int i;
2350 uint32_t passkey = 0;
2351 int multi[] = {100000, 10000, 1000, 100, 10, 1};
2352 for (i = 0; i < 6; i++) {
2353 passkey += (multi[i] * (pin_code->pin[i] - '0'));
2354 }
2355 BTIF_TRACE_DEBUG("btif_dm_pin_reply: passkey: %d", passkey);
2356 BTA_DmBlePasskeyReply(*bd_addr, accept, passkey);
2357
2358 } else {
2359 BTA_DmPinReply(*bd_addr, accept, pin_len, pin_code->pin);
2360 if (accept) pairing_cb.pin_code_len = pin_len;
2361 }
2362 return BT_STATUS_SUCCESS;
2363 }
2364
2365 /*******************************************************************************
2366 *
2367 * Function btif_dm_ssp_reply
2368 *
2369 * Description BT SSP Reply - Just Works, Numeric Comparison & Passkey
2370 * Entry
2371 *
2372 * Returns bt_status_t
2373 *
2374 ******************************************************************************/
btif_dm_ssp_reply(const RawAddress * bd_addr,bt_ssp_variant_t variant,uint8_t accept,UNUSED_ATTR uint32_t passkey)2375 bt_status_t btif_dm_ssp_reply(const RawAddress* bd_addr,
2376 bt_ssp_variant_t variant, uint8_t accept,
2377 UNUSED_ATTR uint32_t passkey) {
2378 if (variant == BT_SSP_VARIANT_PASSKEY_ENTRY) {
2379 /* This is not implemented in the stack.
2380 * For devices with display, this is not needed
2381 */
2382 BTIF_TRACE_WARNING("%s: Not implemented", __func__);
2383 return BT_STATUS_FAIL;
2384 }
2385 /* BT_SSP_VARIANT_CONSENT & BT_SSP_VARIANT_PASSKEY_CONFIRMATION supported */
2386 BTIF_TRACE_EVENT("%s: accept=%d", __func__, accept);
2387 if (pairing_cb.is_le_only) {
2388 if (pairing_cb.is_le_nc) {
2389 BTA_DmBleConfirmReply(*bd_addr, accept);
2390 } else {
2391 if (accept)
2392 BTA_DmBleSecurityGrant(*bd_addr, BTA_DM_SEC_GRANTED);
2393 else
2394 BTA_DmBleSecurityGrant(*bd_addr, BTA_DM_SEC_PAIR_NOT_SPT);
2395 }
2396 } else {
2397 BTA_DmConfirm(*bd_addr, accept);
2398 }
2399 return BT_STATUS_SUCCESS;
2400 }
2401
2402 /*******************************************************************************
2403 *
2404 * Function btif_dm_get_adapter_property
2405 *
2406 * Description Queries the BTA for the adapter property
2407 *
2408 * Returns bt_status_t
2409 *
2410 ******************************************************************************/
btif_dm_get_adapter_property(bt_property_t * prop)2411 bt_status_t btif_dm_get_adapter_property(bt_property_t* prop) {
2412 BTIF_TRACE_EVENT("%s: type=0x%x", __func__, prop->type);
2413 switch (prop->type) {
2414 case BT_PROPERTY_BDNAME: {
2415 bt_bdname_t* bd_name = (bt_bdname_t*)prop->val;
2416 strncpy((char*)bd_name->name, (char*)btif_get_default_local_name(),
2417 sizeof(bd_name->name) - 1);
2418 bd_name->name[sizeof(bd_name->name) - 1] = 0;
2419 prop->len = strlen((char*)bd_name->name);
2420 } break;
2421
2422 case BT_PROPERTY_ADAPTER_SCAN_MODE: {
2423 /* if the storage does not have it. Most likely app never set it. Default
2424 * is NONE */
2425 bt_scan_mode_t* mode = (bt_scan_mode_t*)prop->val;
2426 *mode = BT_SCAN_MODE_NONE;
2427 prop->len = sizeof(bt_scan_mode_t);
2428 } break;
2429
2430 case BT_PROPERTY_ADAPTER_DISCOVERY_TIMEOUT: {
2431 uint32_t* tmt = (uint32_t*)prop->val;
2432 *tmt = 120; /* default to 120s, if not found in NV */
2433 prop->len = sizeof(uint32_t);
2434 } break;
2435
2436 case BT_PROPERTY_CLASS_OF_DEVICE: {
2437 DEV_CLASS dev_class = BTA_DM_COD;
2438 memcpy(prop->val, dev_class, sizeof(DEV_CLASS));
2439 prop->len = sizeof(DEV_CLASS);
2440 } break;
2441
2442 default:
2443 prop->len = 0;
2444 return BT_STATUS_FAIL;
2445 }
2446 return BT_STATUS_SUCCESS;
2447 }
2448
2449 /*******************************************************************************
2450 *
2451 * Function btif_dm_get_remote_services
2452 *
2453 * Description Start SDP to get remote services
2454 *
2455 * Returns bt_status_t
2456 *
2457 ******************************************************************************/
btif_dm_get_remote_services(const RawAddress & remote_addr)2458 bt_status_t btif_dm_get_remote_services(const RawAddress& remote_addr) {
2459 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, remote_addr.ToString().c_str());
2460
2461 BTA_DmDiscover(remote_addr, BTA_ALL_SERVICE_MASK, bte_dm_search_services_evt,
2462 true);
2463
2464 return BT_STATUS_SUCCESS;
2465 }
2466
2467 /*******************************************************************************
2468 *
2469 * Function btif_dm_get_remote_services_transport
2470 *
2471 * Description Start SDP to get remote services by transport
2472 *
2473 * Returns bt_status_t
2474 *
2475 ******************************************************************************/
btif_dm_get_remote_services_by_transport(RawAddress * remote_addr,const int transport)2476 bt_status_t btif_dm_get_remote_services_by_transport(RawAddress* remote_addr,
2477 const int transport) {
2478 BTIF_TRACE_EVENT("%s: transport=%d, remote_addr=%s", __func__, transport,
2479 remote_addr->ToString().c_str());
2480
2481 /* Set the mask extension */
2482 tBTA_SERVICE_MASK_EXT mask_ext;
2483 mask_ext.num_uuid = 0;
2484 mask_ext.p_uuid = NULL;
2485 mask_ext.srvc_mask = BTA_ALL_SERVICE_MASK;
2486
2487 BTA_DmDiscoverByTransport(*remote_addr, &mask_ext, bte_dm_search_services_evt,
2488 true, transport);
2489
2490 return BT_STATUS_SUCCESS;
2491 }
2492
2493 /*******************************************************************************
2494 *
2495 * Function btif_dm_get_remote_service_record
2496 *
2497 * Description Start SDP to get remote service record
2498 *
2499 *
2500 * Returns bt_status_t
2501 ******************************************************************************/
btif_dm_get_remote_service_record(const RawAddress & remote_addr,const Uuid & uuid)2502 bt_status_t btif_dm_get_remote_service_record(const RawAddress& remote_addr,
2503 const Uuid& uuid) {
2504 BTIF_TRACE_EVENT("%s: bd_addr=%s", __func__, remote_addr.ToString().c_str());
2505 BTA_DmDiscoverUUID(remote_addr, uuid, bte_dm_remote_service_record_evt, true);
2506
2507 return BT_STATUS_SUCCESS;
2508 }
2509
btif_dm_execute_service_request(uint16_t event,char * p_param)2510 void btif_dm_execute_service_request(uint16_t event, char* p_param) {
2511 bool b_enable = false;
2512 bt_status_t status;
2513 if (event == BTIF_DM_ENABLE_SERVICE) {
2514 b_enable = true;
2515 }
2516 status =
2517 btif_in_execute_service_request(*((tBTA_SERVICE_ID*)p_param), b_enable);
2518 if (status == BT_STATUS_SUCCESS) {
2519 bt_property_t property;
2520 Uuid local_uuids[BT_MAX_NUM_UUIDS];
2521
2522 /* Now send the UUID_PROPERTY_CHANGED event to the upper layer */
2523 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_UUIDS,
2524 sizeof(local_uuids), local_uuids);
2525 btif_storage_get_adapter_property(&property);
2526 HAL_CBACK(bt_hal_cbacks, adapter_properties_cb, BT_STATUS_SUCCESS, 1,
2527 &property);
2528 }
2529 return;
2530 }
2531
btif_dm_proc_io_req(UNUSED_ATTR const RawAddress & bd_addr,UNUSED_ATTR tBTA_IO_CAP * p_io_cap,UNUSED_ATTR tBTA_OOB_DATA * p_oob_data,tBTA_AUTH_REQ * p_auth_req,bool is_orig)2532 void btif_dm_proc_io_req(UNUSED_ATTR const RawAddress& bd_addr,
2533 UNUSED_ATTR tBTA_IO_CAP* p_io_cap,
2534 UNUSED_ATTR tBTA_OOB_DATA* p_oob_data,
2535 tBTA_AUTH_REQ* p_auth_req, bool is_orig) {
2536 uint8_t yes_no_bit = BTA_AUTH_SP_YES & *p_auth_req;
2537 /* if local initiated:
2538 ** 1. set DD + MITM
2539 ** if remote initiated:
2540 ** 1. Copy over the auth_req from peer's io_rsp
2541 ** 2. Set the MITM if peer has it set or if peer has DisplayYesNo
2542 *(iPhone)
2543 ** as a fallback set MITM+GB if peer had MITM set
2544 */
2545
2546 BTIF_TRACE_DEBUG("+%s: p_auth_req=%d", __func__, *p_auth_req);
2547 if (pairing_cb.is_local_initiated) {
2548 /* if initing/responding to a dedicated bonding, use dedicate bonding bit */
2549 *p_auth_req = BTA_AUTH_DD_BOND | BTA_AUTH_SP_YES;
2550 } else if (!is_orig) {
2551 /* peer initiated paring. They probably know what they want.
2552 ** Copy the mitm from peer device.
2553 */
2554 BTIF_TRACE_DEBUG("%s: setting p_auth_req to peer's: %d", __func__,
2555 pairing_cb.auth_req);
2556 *p_auth_req = (pairing_cb.auth_req & BTA_AUTH_BONDS);
2557
2558 /* copy over the MITM bit as well. In addition if the peer has DisplayYesNo,
2559 * force MITM */
2560 if ((yes_no_bit) || (pairing_cb.io_cap & BTM_IO_CAP_IO))
2561 *p_auth_req |= BTA_AUTH_SP_YES;
2562 } else if (yes_no_bit) {
2563 /* set the general bonding bit for stored device */
2564 *p_auth_req = BTA_AUTH_GEN_BOND | yes_no_bit;
2565 }
2566 BTIF_TRACE_DEBUG("-%s: p_auth_req=%d", __func__, *p_auth_req);
2567 }
2568
btif_dm_proc_io_rsp(UNUSED_ATTR const RawAddress & bd_addr,tBTA_IO_CAP io_cap,UNUSED_ATTR tBTA_OOB_DATA oob_data,tBTA_AUTH_REQ auth_req)2569 void btif_dm_proc_io_rsp(UNUSED_ATTR const RawAddress& bd_addr,
2570 tBTA_IO_CAP io_cap, UNUSED_ATTR tBTA_OOB_DATA oob_data,
2571 tBTA_AUTH_REQ auth_req) {
2572 if (auth_req & BTA_AUTH_BONDS) {
2573 BTIF_TRACE_DEBUG("%s auth_req:%d", __func__, auth_req);
2574 pairing_cb.auth_req = auth_req;
2575 pairing_cb.io_cap = io_cap;
2576 }
2577 }
2578
btif_dm_set_oob_for_io_req(tBTA_OOB_DATA * p_has_oob_data)2579 void btif_dm_set_oob_for_io_req(tBTA_OOB_DATA* p_has_oob_data) {
2580 if (is_empty_128bit(oob_cb.oob_data.c192)) {
2581 *p_has_oob_data = false;
2582 } else {
2583 *p_has_oob_data = true;
2584 }
2585 BTIF_TRACE_DEBUG("%s: *p_has_oob_data=%d", __func__, *p_has_oob_data);
2586 }
2587
btif_dm_set_oob_for_le_io_req(const RawAddress & bd_addr,tBTA_OOB_DATA * p_has_oob_data,tBTA_LE_AUTH_REQ * p_auth_req)2588 void btif_dm_set_oob_for_le_io_req(const RawAddress& bd_addr,
2589 tBTA_OOB_DATA* p_has_oob_data,
2590 tBTA_LE_AUTH_REQ* p_auth_req) {
2591 if (!is_empty_128bit(oob_cb.oob_data.le_sc_c) &&
2592 !is_empty_128bit(oob_cb.oob_data.le_sc_r)) {
2593 /* We have LE SC OOB data */
2594
2595 /* make sure OOB data is for this particular device */
2596 if (bd_addr == oob_cb.bdaddr) {
2597 *p_auth_req = ((*p_auth_req) | BTM_LE_AUTH_REQ_SC_ONLY);
2598 *p_has_oob_data = true;
2599 } else {
2600 *p_has_oob_data = false;
2601 BTIF_TRACE_WARNING("%s: remote address didn't match OOB data address",
2602 __func__);
2603 }
2604 } else if (!is_empty_128bit(oob_cb.oob_data.sm_tk)) {
2605 /* We have security manager TK */
2606
2607 /* make sure OOB data is for this particular device */
2608 if (bd_addr == oob_cb.bdaddr) {
2609 // When using OOB with TK, SC Secure Connections bit must be disabled.
2610 tBTA_LE_AUTH_REQ mask = ~BTM_LE_AUTH_REQ_SC_ONLY;
2611 *p_auth_req = ((*p_auth_req) & mask);
2612
2613 *p_has_oob_data = true;
2614 } else {
2615 *p_has_oob_data = false;
2616 BTIF_TRACE_WARNING("%s: remote address didn't match OOB data address",
2617 __func__);
2618 }
2619 } else {
2620 *p_has_oob_data = false;
2621 }
2622 BTIF_TRACE_DEBUG("%s *p_has_oob_data=%d", __func__, *p_has_oob_data);
2623 }
2624
2625 #ifdef BTIF_DM_OOB_TEST
btif_dm_load_local_oob(void)2626 void btif_dm_load_local_oob(void) {
2627 char prop_oob[PROPERTY_VALUE_MAX];
2628 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2629 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2630 if (prop_oob[0] != '3') {
2631 if (is_empty_128bit(oob_cb.oob_data.c192)) {
2632 BTIF_TRACE_DEBUG("%s: read OOB, call BTA_DmLocalOob()", __func__);
2633 BTA_DmLocalOob();
2634 }
2635 }
2636 }
2637
btif_dm_proc_loc_oob(bool valid,BT_OCTET16 c,BT_OCTET16 r)2638 void btif_dm_proc_loc_oob(bool valid, BT_OCTET16 c, BT_OCTET16 r) {
2639 FILE* fp;
2640 const char* path_a = "/data/misc/bluedroid/LOCAL/a.key";
2641 const char* path_b = "/data/misc/bluedroid/LOCAL/b.key";
2642 const char* path = NULL;
2643 char prop_oob[PROPERTY_VALUE_MAX];
2644 BTIF_TRACE_DEBUG("%s: valid=%d", __func__, valid);
2645 if (is_empty_128bit(oob_cb.oob_data.c192) && valid) {
2646 BTIF_TRACE_DEBUG("save local OOB data in memory");
2647 memcpy(oob_cb.oob_data.c192, c, BT_OCTET16_LEN);
2648 memcpy(oob_cb.oob_data.r192, r, BT_OCTET16_LEN);
2649 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2650 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2651 if (prop_oob[0] == '1')
2652 path = path_a;
2653 else if (prop_oob[0] == '2')
2654 path = path_b;
2655 if (path) {
2656 fp = fopen(path, "wb+");
2657 if (fp == NULL) {
2658 BTIF_TRACE_DEBUG("%s: failed to save local OOB data to %s", __func__,
2659 path);
2660 } else {
2661 BTIF_TRACE_DEBUG("%s: save local OOB data into file %s", __func__,
2662 path);
2663 fwrite(c, 1, BT_OCTET16_LEN, fp);
2664 fwrite(r, 1, BT_OCTET16_LEN, fp);
2665 fclose(fp);
2666 }
2667 }
2668 }
2669 }
2670
2671 /*******************************************************************************
2672 *
2673 * Function btif_dm_get_smp_config
2674 *
2675 * Description Retrieve the SMP pairing options from the bt_stack.conf
2676 * file. To provide specific pairing options for the host
2677 * add a node with label "SmpOptions" to the config file
2678 * and assign it a comma separated list of 5 values in the
2679 * format: auth, io, ikey, rkey, ksize, oob
2680 * eg: PTS_SmpOptions=0xD,0x4,0xf,0xf,0x10
2681 *
2682 * Parameters: tBTE_APPL_CFG*: pointer to struct defining pairing options
2683 *
2684 * Returns true if the options were successfully read, else false
2685 *
2686 ******************************************************************************/
btif_dm_get_smp_config(tBTE_APPL_CFG * p_cfg)2687 bool btif_dm_get_smp_config(tBTE_APPL_CFG* p_cfg) {
2688 const std::string* recv = stack_config_get_interface()->get_pts_smp_options();
2689 if (!recv) {
2690 BTIF_TRACE_DEBUG("%s: SMP options not found in configuration", __func__);
2691 return false;
2692 }
2693
2694 char conf[64];
2695 char* pch;
2696 char* endptr;
2697
2698 strncpy(conf, recv->c_str(), 64);
2699 conf[63] = 0; // null terminate
2700
2701 pch = strtok(conf, ",");
2702 if (pch != NULL)
2703 p_cfg->ble_auth_req = (uint8_t)strtoul(pch, &endptr, 16);
2704 else
2705 return false;
2706
2707 pch = strtok(NULL, ",");
2708 if (pch != NULL)
2709 p_cfg->ble_io_cap = (uint8_t)strtoul(pch, &endptr, 16);
2710 else
2711 return false;
2712
2713 pch = strtok(NULL, ",");
2714 if (pch != NULL)
2715 p_cfg->ble_init_key = (uint8_t)strtoul(pch, &endptr, 16);
2716 else
2717 return false;
2718
2719 pch = strtok(NULL, ",");
2720 if (pch != NULL)
2721 p_cfg->ble_resp_key = (uint8_t)strtoul(pch, &endptr, 16);
2722 else
2723 return false;
2724
2725 pch = strtok(NULL, ",");
2726 if (pch != NULL)
2727 p_cfg->ble_max_key_size = (uint8_t)strtoul(pch, &endptr, 16);
2728 else
2729 return false;
2730
2731 return true;
2732 }
2733
btif_dm_proc_rmt_oob(const RawAddress & bd_addr,BT_OCTET16 p_c,BT_OCTET16 p_r)2734 bool btif_dm_proc_rmt_oob(const RawAddress& bd_addr, BT_OCTET16 p_c,
2735 BT_OCTET16 p_r) {
2736 const char* path_a = "/data/misc/bluedroid/LOCAL/a.key";
2737 const char* path_b = "/data/misc/bluedroid/LOCAL/b.key";
2738 const char* path = NULL;
2739 char prop_oob[PROPERTY_VALUE_MAX];
2740 osi_property_get("service.brcm.bt.oob", prop_oob, "3");
2741 BTIF_TRACE_DEBUG("%s: prop_oob = %s", __func__, prop_oob);
2742 if (prop_oob[0] == '1')
2743 path = path_b;
2744 else if (prop_oob[0] == '2')
2745 path = path_a;
2746 if (!path) {
2747 BTIF_TRACE_DEBUG("%s: can't open path!", __func__);
2748 return false;
2749 }
2750
2751 FILE* fp = fopen(path, "rb");
2752 if (fp == NULL) {
2753 BTIF_TRACE_DEBUG("%s: failed to read OOB keys from %s", __func__, path);
2754 return false;
2755 }
2756
2757 BTIF_TRACE_DEBUG("%s: read OOB data from %s", __func__, path);
2758 fread(p_c, 1, BT_OCTET16_LEN, fp);
2759 fread(p_r, 1, BT_OCTET16_LEN, fp);
2760 fclose(fp);
2761
2762 RawAddress bt_bd_addr = bd_addr;
2763 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_BOND_STATE_BONDING,
2764 (char*)&bt_bd_addr, sizeof(RawAddress), NULL);
2765 return true;
2766 }
2767 #endif /* BTIF_DM_OOB_TEST */
2768
btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF * p_ssp_key_notif)2769 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF* p_ssp_key_notif) {
2770 RawAddress bd_addr;
2771 bt_bdname_t bd_name;
2772 uint32_t cod;
2773 int dev_type;
2774
2775 BTIF_TRACE_DEBUG("%s", __func__);
2776
2777 /* Remote name update */
2778 if (!btif_get_device_type(p_ssp_key_notif->bd_addr, &dev_type)) {
2779 dev_type = BT_DEVICE_TYPE_BLE;
2780 }
2781 btif_dm_update_ble_remote_properties(p_ssp_key_notif->bd_addr,
2782 p_ssp_key_notif->bd_name,
2783 (tBT_DEVICE_TYPE)dev_type);
2784 bd_addr = p_ssp_key_notif->bd_addr;
2785 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
2786
2787 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2788 pairing_cb.is_ssp = false;
2789 cod = COD_UNCLASSIFIED;
2790
2791 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
2792 BT_SSP_VARIANT_PASSKEY_NOTIFICATION, p_ssp_key_notif->passkey);
2793 }
2794
2795 /*******************************************************************************
2796 *
2797 * Function btif_dm_ble_auth_cmpl_evt
2798 *
2799 * Description Executes authentication complete event in btif context
2800 *
2801 * Returns void
2802 *
2803 ******************************************************************************/
btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL * p_auth_cmpl)2804 static void btif_dm_ble_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
2805 /* Save link key, if not temporary */
2806 bt_status_t status = BT_STATUS_FAIL;
2807 bt_bond_state_t state = BT_BOND_STATE_NONE;
2808
2809 RawAddress bd_addr = p_auth_cmpl->bd_addr;
2810
2811 /* Clear OOB data */
2812 memset(&oob_cb, 0, sizeof(oob_cb));
2813
2814 if ((p_auth_cmpl->success) && (p_auth_cmpl->key_present)) {
2815 /* store keys */
2816 }
2817 if (p_auth_cmpl->success) {
2818 status = BT_STATUS_SUCCESS;
2819 state = BT_BOND_STATE_BONDED;
2820 int addr_type;
2821 RawAddress bdaddr = p_auth_cmpl->bd_addr;
2822 if (btif_storage_get_remote_addr_type(&bdaddr, &addr_type) !=
2823 BT_STATUS_SUCCESS)
2824 btif_storage_set_remote_addr_type(&bdaddr, p_auth_cmpl->addr_type);
2825
2826 /* Test for temporary bonding */
2827 if (btm_get_bond_type_dev(p_auth_cmpl->bd_addr) == BOND_TYPE_TEMPORARY) {
2828 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
2829 __func__);
2830 btif_storage_remove_bonded_device(&bdaddr);
2831 state = BT_BOND_STATE_NONE;
2832 } else {
2833 btif_dm_save_ble_bonding_keys();
2834 BTA_GATTC_Refresh(bd_addr);
2835 btif_dm_get_remote_services_by_transport(&bd_addr, GATT_TRANSPORT_LE);
2836 }
2837 } else {
2838 /*Map the HCI fail reason to bt status */
2839 switch (p_auth_cmpl->fail_reason) {
2840 case BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL:
2841 case BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL:
2842 case BTA_DM_AUTH_SMP_UNKNOWN_ERR:
2843 case BTA_DM_AUTH_SMP_CONN_TOUT:
2844 btif_dm_remove_ble_bonding_keys();
2845 status = BT_STATUS_AUTH_FAILURE;
2846 break;
2847 case BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT:
2848 status = BT_STATUS_AUTH_REJECTED;
2849 break;
2850 default:
2851 btif_dm_remove_ble_bonding_keys();
2852 status = BT_STATUS_FAIL;
2853 break;
2854 }
2855 }
2856 bond_state_changed(status, bd_addr, state);
2857 }
2858
btif_dm_load_ble_local_keys(void)2859 void btif_dm_load_ble_local_keys(void) {
2860 memset(&ble_local_key_cb, 0, sizeof(btif_dm_local_key_cb_t));
2861
2862 if (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_ER,
2863 (char*)&ble_local_key_cb.er[0],
2864 BT_OCTET16_LEN) == BT_STATUS_SUCCESS) {
2865 ble_local_key_cb.is_er_rcvd = true;
2866 BTIF_TRACE_DEBUG("%s BLE ER key loaded", __func__);
2867 }
2868
2869 if ((btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IR,
2870 (char*)&ble_local_key_cb.id_keys.ir[0],
2871 BT_OCTET16_LEN) == BT_STATUS_SUCCESS) &&
2872 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IRK,
2873 (char*)&ble_local_key_cb.id_keys.irk[0],
2874 BT_OCTET16_LEN) == BT_STATUS_SUCCESS) &&
2875 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_DHK,
2876 (char*)&ble_local_key_cb.id_keys.dhk[0],
2877 BT_OCTET16_LEN) == BT_STATUS_SUCCESS)) {
2878 ble_local_key_cb.is_id_keys_rcvd = true;
2879 BTIF_TRACE_DEBUG("%s BLE ID keys loaded", __func__);
2880 }
2881 }
btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK * p_key_mask,BT_OCTET16 er,tBTA_BLE_LOCAL_ID_KEYS * p_id_keys)2882 void btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK* p_key_mask,
2883 BT_OCTET16 er,
2884 tBTA_BLE_LOCAL_ID_KEYS* p_id_keys) {
2885 if (ble_local_key_cb.is_er_rcvd) {
2886 memcpy(&er[0], &ble_local_key_cb.er[0], sizeof(BT_OCTET16));
2887 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ER;
2888 }
2889
2890 if (ble_local_key_cb.is_id_keys_rcvd) {
2891 memcpy(&p_id_keys->ir[0], &ble_local_key_cb.id_keys.ir[0],
2892 sizeof(BT_OCTET16));
2893 memcpy(&p_id_keys->irk[0], &ble_local_key_cb.id_keys.irk[0],
2894 sizeof(BT_OCTET16));
2895 memcpy(&p_id_keys->dhk[0], &ble_local_key_cb.id_keys.dhk[0],
2896 sizeof(BT_OCTET16));
2897 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ID;
2898 }
2899 BTIF_TRACE_DEBUG("%s *p_key_mask=0x%02x", __func__, *p_key_mask);
2900 }
2901
btif_dm_save_ble_bonding_keys(void)2902 void btif_dm_save_ble_bonding_keys(void) {
2903 BTIF_TRACE_DEBUG("%s", __func__);
2904
2905 RawAddress bd_addr = pairing_cb.bd_addr;
2906
2907 if (pairing_cb.ble.is_penc_key_rcvd) {
2908 btif_storage_add_ble_bonding_key(
2909 &bd_addr, (uint8_t*)&pairing_cb.ble.penc_key, BTIF_DM_LE_KEY_PENC,
2910 sizeof(tBTM_LE_PENC_KEYS));
2911 }
2912
2913 if (pairing_cb.ble.is_pid_key_rcvd) {
2914 btif_storage_add_ble_bonding_key(
2915 &bd_addr, (uint8_t*)&pairing_cb.ble.pid_key, BTIF_DM_LE_KEY_PID,
2916 sizeof(tBTM_LE_PID_KEYS));
2917 }
2918
2919 if (pairing_cb.ble.is_pcsrk_key_rcvd) {
2920 btif_storage_add_ble_bonding_key(
2921 &bd_addr, (uint8_t*)&pairing_cb.ble.pcsrk_key, BTIF_DM_LE_KEY_PCSRK,
2922 sizeof(tBTM_LE_PCSRK_KEYS));
2923 }
2924
2925 if (pairing_cb.ble.is_lenc_key_rcvd) {
2926 btif_storage_add_ble_bonding_key(
2927 &bd_addr, (uint8_t*)&pairing_cb.ble.lenc_key, BTIF_DM_LE_KEY_LENC,
2928 sizeof(tBTM_LE_LENC_KEYS));
2929 }
2930
2931 if (pairing_cb.ble.is_lcsrk_key_rcvd) {
2932 btif_storage_add_ble_bonding_key(
2933 &bd_addr, (uint8_t*)&pairing_cb.ble.lcsrk_key, BTIF_DM_LE_KEY_LCSRK,
2934 sizeof(tBTM_LE_LCSRK_KEYS));
2935 }
2936
2937 if (pairing_cb.ble.is_lidk_key_rcvd) {
2938 btif_storage_add_ble_bonding_key(&bd_addr, NULL, BTIF_DM_LE_KEY_LID, 0);
2939 }
2940 }
2941
btif_dm_remove_ble_bonding_keys(void)2942 void btif_dm_remove_ble_bonding_keys(void) {
2943 BTIF_TRACE_DEBUG("%s", __func__);
2944
2945 RawAddress bd_addr = pairing_cb.bd_addr;
2946 btif_storage_remove_ble_bonding_keys(&bd_addr);
2947 }
2948
2949 /*******************************************************************************
2950 *
2951 * Function btif_dm_ble_sec_req_evt
2952 *
2953 * Description Eprocess security request event in btif context
2954 *
2955 * Returns void
2956 *
2957 ******************************************************************************/
btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ * p_ble_req)2958 void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ* p_ble_req) {
2959 bt_bdname_t bd_name;
2960 uint32_t cod;
2961 int dev_type;
2962
2963 BTIF_TRACE_DEBUG("%s", __func__);
2964
2965 if (pairing_cb.state == BT_BOND_STATE_BONDING) {
2966 BTIF_TRACE_DEBUG("%s Discard security request", __func__);
2967 return;
2968 }
2969
2970 /* Remote name update */
2971 if (!btif_get_device_type(p_ble_req->bd_addr, &dev_type)) {
2972 dev_type = BT_DEVICE_TYPE_BLE;
2973 }
2974 btif_dm_update_ble_remote_properties(p_ble_req->bd_addr, p_ble_req->bd_name,
2975 (tBT_DEVICE_TYPE)dev_type);
2976
2977 RawAddress bd_addr = p_ble_req->bd_addr;
2978 memcpy(bd_name.name, p_ble_req->bd_name, BD_NAME_LEN);
2979
2980 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
2981
2982 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
2983 pairing_cb.is_le_only = true;
2984 pairing_cb.is_le_nc = false;
2985 pairing_cb.is_ssp = true;
2986 btm_set_bond_type_dev(p_ble_req->bd_addr, pairing_cb.bond_type);
2987
2988 cod = COD_UNCLASSIFIED;
2989
2990 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
2991 BT_SSP_VARIANT_CONSENT, 0);
2992 }
2993
2994 /*******************************************************************************
2995 *
2996 * Function btif_dm_ble_passkey_req_evt
2997 *
2998 * Description Executes pin request event in btif context
2999 *
3000 * Returns void
3001 *
3002 ******************************************************************************/
btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ * p_pin_req)3003 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ* p_pin_req) {
3004 bt_bdname_t bd_name;
3005 uint32_t cod;
3006 int dev_type;
3007
3008 /* Remote name update */
3009 if (!btif_get_device_type(p_pin_req->bd_addr, &dev_type)) {
3010 dev_type = BT_DEVICE_TYPE_BLE;
3011 }
3012 btif_dm_update_ble_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
3013 (tBT_DEVICE_TYPE)dev_type);
3014
3015 RawAddress bd_addr = p_pin_req->bd_addr;
3016 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
3017
3018 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3019 pairing_cb.is_le_only = true;
3020
3021 cod = COD_UNCLASSIFIED;
3022
3023 HAL_CBACK(bt_hal_cbacks, pin_request_cb, &bd_addr, &bd_name, cod, false);
3024 }
btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF * p_notif_req)3025 static void btif_dm_ble_key_nc_req_evt(tBTA_DM_SP_KEY_NOTIF* p_notif_req) {
3026 /* TODO implement key notification for numeric comparison */
3027 BTIF_TRACE_DEBUG("%s", __func__);
3028
3029 /* Remote name update */
3030 btif_update_remote_properties(p_notif_req->bd_addr, p_notif_req->bd_name,
3031 NULL, BT_DEVICE_TYPE_BLE);
3032
3033 RawAddress bd_addr = p_notif_req->bd_addr;
3034
3035 bt_bdname_t bd_name;
3036 memcpy(bd_name.name, p_notif_req->bd_name, BD_NAME_LEN);
3037
3038 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3039 pairing_cb.is_ssp = false;
3040 pairing_cb.is_le_only = true;
3041 pairing_cb.is_le_nc = true;
3042
3043 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, COD_UNCLASSIFIED,
3044 BT_SSP_VARIANT_PASSKEY_CONFIRMATION, p_notif_req->passkey);
3045 }
3046
btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)3047 static void btif_dm_ble_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
3048 BTIF_TRACE_DEBUG("%s", __func__);
3049
3050 RawAddress bd_addr = req_oob_type->bd_addr;
3051 /* We already checked if OOB data is present in
3052 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
3053 * do nothing, pairing will timeout.
3054 */
3055 if (is_empty_128bit(oob_cb.oob_data.sm_tk)) {
3056 return;
3057 }
3058
3059 /* make sure OOB data is for this particular device */
3060 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
3061 BTIF_TRACE_WARNING("%s: remote address didn't match OOB data address",
3062 __func__);
3063 return;
3064 }
3065
3066 /* Remote name update */
3067 btif_update_remote_properties(req_oob_type->bd_addr, req_oob_type->bd_name,
3068 NULL, BT_DEVICE_TYPE_BLE);
3069
3070 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3071 pairing_cb.is_ssp = false;
3072 pairing_cb.is_le_only = true;
3073 pairing_cb.is_le_nc = false;
3074
3075 BTM_BleOobDataReply(req_oob_type->bd_addr, 0, 16, oob_cb.oob_data.sm_tk);
3076 }
3077
btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB * req_oob_type)3078 static void btif_dm_ble_sc_oob_req_evt(tBTA_DM_SP_RMT_OOB* req_oob_type) {
3079 BTIF_TRACE_DEBUG("%s", __func__);
3080
3081 RawAddress bd_addr = req_oob_type->bd_addr;
3082
3083 /* We already checked if OOB data is present in
3084 * btif_dm_set_oob_for_le_io_req, but check here again. If it's not present
3085 * do nothing, pairing will timeout.
3086 */
3087 if (is_empty_128bit(oob_cb.oob_data.le_sc_c) &&
3088 is_empty_128bit(oob_cb.oob_data.le_sc_r)) {
3089 BTIF_TRACE_WARNING("%s: LE SC OOB data is empty", __func__);
3090 return;
3091 }
3092
3093 /* make sure OOB data is for this particular device */
3094 if (req_oob_type->bd_addr != oob_cb.bdaddr) {
3095 BTIF_TRACE_WARNING("%s: remote address didn't match OOB data address",
3096 __func__);
3097 return;
3098 }
3099
3100 /* Remote name update */
3101 btif_update_remote_properties(req_oob_type->bd_addr, req_oob_type->bd_name,
3102 NULL, BT_DEVICE_TYPE_BLE);
3103
3104 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
3105 pairing_cb.is_ssp = false;
3106 pairing_cb.is_le_only =
3107 true; // TODO: we can derive classic pairing from this one
3108 pairing_cb.is_le_nc = false;
3109
3110 BTM_BleSecureConnectionOobDataReply(
3111 req_oob_type->bd_addr, oob_cb.oob_data.le_sc_c, oob_cb.oob_data.le_sc_r);
3112 }
3113
btif_dm_update_ble_remote_properties(const RawAddress & bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type)3114 void btif_dm_update_ble_remote_properties(const RawAddress& bd_addr,
3115 BD_NAME bd_name,
3116 tBT_DEVICE_TYPE dev_type) {
3117 btif_update_remote_properties(bd_addr, bd_name, NULL, dev_type);
3118 }
3119
btif_dm_ble_tx_test_cback(void * p)3120 static void btif_dm_ble_tx_test_cback(void* p) {
3121 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_TX_TEST, (char*)p, 1,
3122 NULL);
3123 }
3124
btif_dm_ble_rx_test_cback(void * p)3125 static void btif_dm_ble_rx_test_cback(void* p) {
3126 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_RX_TEST, (char*)p, 1,
3127 NULL);
3128 }
3129
btif_dm_ble_test_end_cback(void * p)3130 static void btif_dm_ble_test_end_cback(void* p) {
3131 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_TEST_END, (char*)p,
3132 3, NULL);
3133 }
3134 /*******************************************************************************
3135 *
3136 * Function btif_le_test_mode
3137 *
3138 * Description Sends a HCI BLE Test command to the Controller
3139 *
3140 * Returns BT_STATUS_SUCCESS on success
3141 *
3142 ******************************************************************************/
btif_le_test_mode(uint16_t opcode,uint8_t * buf,uint8_t len)3143 bt_status_t btif_le_test_mode(uint16_t opcode, uint8_t* buf, uint8_t len) {
3144 switch (opcode) {
3145 case HCI_BLE_TRANSMITTER_TEST:
3146 if (len != 3) return BT_STATUS_PARM_INVALID;
3147 BTM_BleTransmitterTest(buf[0], buf[1], buf[2], btif_dm_ble_tx_test_cback);
3148 break;
3149 case HCI_BLE_RECEIVER_TEST:
3150 if (len != 1) return BT_STATUS_PARM_INVALID;
3151 BTM_BleReceiverTest(buf[0], btif_dm_ble_rx_test_cback);
3152 break;
3153 case HCI_BLE_TEST_END:
3154 BTM_BleTestEnd(btif_dm_ble_test_end_cback);
3155 break;
3156 default:
3157 BTIF_TRACE_ERROR("%s: Unknown LE Test Mode Command 0x%x", __func__,
3158 opcode);
3159 return BT_STATUS_UNSUPPORTED;
3160 }
3161 return BT_STATUS_SUCCESS;
3162 }
3163
btif_dm_on_disable()3164 void btif_dm_on_disable() {
3165 /* cancel any pending pairing requests */
3166 if (pairing_cb.state == BT_BOND_STATE_BONDING) {
3167 BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __func__);
3168 btif_dm_cancel_bond(&pairing_cb.bd_addr);
3169 }
3170 }
3171
3172 /*******************************************************************************
3173 *
3174 * Function btif_dm_read_energy_info
3175 *
3176 * Description Reads the energy info from controller
3177 *
3178 * Returns void
3179 *
3180 ******************************************************************************/
btif_dm_read_energy_info()3181 void btif_dm_read_energy_info() { BTA_DmBleGetEnergyInfo(bta_energy_info_cb); }
3182
btif_get_default_local_name()3183 static char* btif_get_default_local_name() {
3184 if (btif_default_local_name[0] == '\0') {
3185 int max_len = sizeof(btif_default_local_name) - 1;
3186 if (BTM_DEF_LOCAL_NAME[0] != '\0') {
3187 strncpy(btif_default_local_name, BTM_DEF_LOCAL_NAME, max_len);
3188 } else {
3189 char prop_model[PROPERTY_VALUE_MAX];
3190 osi_property_get(PROPERTY_PRODUCT_MODEL, prop_model, "");
3191 strncpy(btif_default_local_name, prop_model, max_len);
3192 }
3193 btif_default_local_name[max_len] = '\0';
3194 }
3195 return btif_default_local_name;
3196 }
3197
btif_stats_add_bond_event(const RawAddress & bd_addr,bt_bond_function_t function,bt_bond_state_t state)3198 static void btif_stats_add_bond_event(const RawAddress& bd_addr,
3199 bt_bond_function_t function,
3200 bt_bond_state_t state) {
3201 std::unique_lock<std::mutex> lock(bond_event_lock);
3202
3203 btif_bond_event_t* event = &btif_dm_bond_events[btif_events_end_index];
3204 event->bd_addr = bd_addr;
3205 event->function = function;
3206 event->state = state;
3207 clock_gettime(CLOCK_REALTIME, &event->timestamp);
3208
3209 btif_num_bond_events++;
3210 btif_events_end_index =
3211 (btif_events_end_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3212 if (btif_events_end_index == btif_events_start_index) {
3213 btif_events_start_index =
3214 (btif_events_start_index + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1);
3215 }
3216
3217 int type;
3218 btif_get_device_type(bd_addr, &type);
3219
3220 system_bt_osi::device_type_t device_type;
3221 switch (type) {
3222 case BT_DEVICE_TYPE_BREDR:
3223 device_type = system_bt_osi::DEVICE_TYPE_BREDR;
3224 break;
3225 case BT_DEVICE_TYPE_BLE:
3226 device_type = system_bt_osi::DEVICE_TYPE_LE;
3227 break;
3228 case BT_DEVICE_TYPE_DUMO:
3229 device_type = system_bt_osi::DEVICE_TYPE_DUMO;
3230 break;
3231 default:
3232 device_type = system_bt_osi::DEVICE_TYPE_UNKNOWN;
3233 break;
3234 }
3235
3236 uint32_t cod = get_cod(&bd_addr);
3237 uint64_t ts =
3238 event->timestamp.tv_sec * 1000 + event->timestamp.tv_nsec / 1000000;
3239 system_bt_osi::BluetoothMetricsLogger::GetInstance()->LogPairEvent(
3240 0, ts, cod, device_type);
3241 }
3242
btif_debug_bond_event_dump(int fd)3243 void btif_debug_bond_event_dump(int fd) {
3244 std::unique_lock<std::mutex> lock(bond_event_lock);
3245 dprintf(fd, "\nBond Events: \n");
3246 dprintf(fd, " Total Number of events: %zu\n", btif_num_bond_events);
3247 if (btif_num_bond_events > 0)
3248 dprintf(fd,
3249 " Time address Function State\n");
3250
3251 for (size_t i = btif_events_start_index; i != btif_events_end_index;
3252 i = (i + 1) % (MAX_BTIF_BOND_EVENT_ENTRIES + 1)) {
3253 btif_bond_event_t* event = &btif_dm_bond_events[i];
3254
3255 char eventtime[20];
3256 char temptime[20];
3257 struct tm* tstamp = localtime(&event->timestamp.tv_sec);
3258 strftime(temptime, sizeof(temptime), "%H:%M:%S", tstamp);
3259 snprintf(eventtime, sizeof(eventtime), "%s.%03ld", temptime,
3260 event->timestamp.tv_nsec / 1000000);
3261
3262 const char* func_name;
3263 switch (event->function) {
3264 case BTIF_DM_FUNC_CREATE_BOND:
3265 func_name = "btif_dm_create_bond";
3266 break;
3267 case BTIF_DM_FUNC_REMOVE_BOND:
3268 func_name = "btif_dm_remove_bond";
3269 break;
3270 case BTIF_DM_FUNC_BOND_STATE_CHANGED:
3271 func_name = "bond_state_changed ";
3272 break;
3273 default:
3274 func_name = "Invalid value ";
3275 break;
3276 }
3277
3278 const char* bond_state;
3279 switch (event->state) {
3280 case BT_BOND_STATE_NONE:
3281 bond_state = "BOND_STATE_NONE";
3282 break;
3283 case BT_BOND_STATE_BONDING:
3284 bond_state = "BOND_STATE_BONDING";
3285 break;
3286 case BT_BOND_STATE_BONDED:
3287 bond_state = "BOND_STATE_BONDED";
3288 break;
3289 default:
3290 bond_state = "Invalid bond state";
3291 break;
3292 }
3293
3294 dprintf(fd, " %s %s %s %s\n", eventtime,
3295 event->bd_addr.ToString().c_str(), func_name, bond_state);
3296 }
3297 }
3298