Home | History | Annotate | Download | only in btm
      1 /******************************************************************************
      2  *
      3  *  Copyright (C) 2000-2012 Broadcom Corporation
      4  *
      5  *  Licensed under the Apache License, Version 2.0 (the "License");
      6  *  you may not use this file except in compliance with the License.
      7  *  You may obtain a copy of the License at:
      8  *
      9  *  http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  *
     17  ******************************************************************************/
     18 
     19 /*****************************************************************************
     20  *
     21  *  Name:          btm_acl.cc
     22  *
     23  *  Description:   This file contains functions that handle ACL connections.
     24  *                 This includes operations such as hold and sniff modes,
     25  *                 supported packet types.
     26  *
     27  *                 This module contains both internal and external (API)
     28  *                 functions. External (API) functions are distinguishable
     29  *                 by their names beginning with uppercase BTM.
     30  *
     31  *
     32  *****************************************************************************/
     33 
     34 #include <stddef.h>
     35 #include <stdio.h>
     36 #include <stdlib.h>
     37 #include <string.h>
     38 
     39 #include "bt_common.h"
     40 #include "bt_target.h"
     41 #include "bt_types.h"
     42 #include "bt_utils.h"
     43 #include "btm_api.h"
     44 #include "btm_int.h"
     45 #include "btu.h"
     46 #include "device/include/controller.h"
     47 #include "hcidefs.h"
     48 #include "hcimsgs.h"
     49 #include "l2c_int.h"
     50 #include "osi/include/osi.h"
     51 
     52 extern fixed_queue_t* btu_general_alarm_queue;
     53 
     54 static void btm_read_remote_features(uint16_t handle);
     55 static void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number);
     56 static void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
     57                                             uint8_t num_read_pages);
     58 
     59 /* 3 seconds timeout waiting for responses */
     60 #define BTM_DEV_REPLY_TIMEOUT_MS (3 * 1000)
     61 
     62 /*******************************************************************************
     63  *
     64  * Function         btm_acl_init
     65  *
     66  * Description      This function is called at BTM startup to initialize
     67  *
     68  * Returns          void
     69  *
     70  ******************************************************************************/
     71 void btm_acl_init(void) {
     72   BTM_TRACE_DEBUG("btm_acl_init");
     73   /* Initialize nonzero defaults */
     74   btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT;
     75   btm_cb.acl_disc_reason = 0xff;
     76 }
     77 
     78 /*******************************************************************************
     79  *
     80  * Function        btm_bda_to_acl
     81  *
     82  * Description     This function returns the FIRST acl_db entry for the passed
     83  *                 BDA.
     84  *
     85  * Parameters      bda : BD address of the remote device
     86  *                 transport : Physical transport used for ACL connection
     87  *                 (BR/EDR or LE)
     88  *
     89  * Returns         Returns pointer to the ACL DB for the requested BDA if found.
     90  *                 NULL if not found.
     91  *
     92  ******************************************************************************/
     93 tACL_CONN* btm_bda_to_acl(const BD_ADDR bda, tBT_TRANSPORT transport) {
     94   tACL_CONN* p = &btm_cb.acl_db[0];
     95   uint16_t xx;
     96   if (bda) {
     97     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
     98       if ((p->in_use) && (!memcmp(p->remote_addr, bda, BD_ADDR_LEN)) &&
     99           p->transport == transport) {
    100         BTM_TRACE_DEBUG("btm_bda_to_acl found");
    101         return (p);
    102       }
    103     }
    104   }
    105 
    106   /* If here, no BD Addr found */
    107   return ((tACL_CONN*)NULL);
    108 }
    109 
    110 /*******************************************************************************
    111  *
    112  * Function         btm_handle_to_acl_index
    113  *
    114  * Description      This function returns the FIRST acl_db entry for the passed
    115  *                  hci_handle.
    116  *
    117  * Returns          index to the acl_db or MAX_L2CAP_LINKS.
    118  *
    119  ******************************************************************************/
    120 uint8_t btm_handle_to_acl_index(uint16_t hci_handle) {
    121   tACL_CONN* p = &btm_cb.acl_db[0];
    122   uint8_t xx;
    123   BTM_TRACE_DEBUG("btm_handle_to_acl_index");
    124   for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
    125     if ((p->in_use) && (p->hci_handle == hci_handle)) {
    126       break;
    127     }
    128   }
    129 
    130   /* If here, no BD Addr found */
    131   return (xx);
    132 }
    133 
    134 #if (BLE_PRIVACY_SPT == TRUE)
    135 /*******************************************************************************
    136  *
    137  * Function         btm_ble_get_acl_remote_addr
    138  *
    139  * Description      This function reads the active remote address used for the
    140  *                  connection.
    141  *
    142  * Returns          success return true, otherwise false.
    143  *
    144  ******************************************************************************/
    145 bool btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC* p_dev_rec, BD_ADDR conn_addr,
    146                                  tBLE_ADDR_TYPE* p_addr_type) {
    147   bool st = true;
    148 
    149   if (p_dev_rec == NULL) {
    150     BTM_TRACE_ERROR(
    151         "btm_ble_get_acl_remote_addr can not find device with matching "
    152         "address");
    153     return false;
    154   }
    155 
    156   switch (p_dev_rec->ble.active_addr_type) {
    157     case BTM_BLE_ADDR_PSEUDO:
    158       memcpy(conn_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
    159       *p_addr_type = p_dev_rec->ble.ble_addr_type;
    160       break;
    161 
    162     case BTM_BLE_ADDR_RRA:
    163       memcpy(conn_addr, p_dev_rec->ble.cur_rand_addr, BD_ADDR_LEN);
    164       *p_addr_type = BLE_ADDR_RANDOM;
    165       break;
    166 
    167     case BTM_BLE_ADDR_STATIC:
    168       memcpy(conn_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
    169       *p_addr_type = p_dev_rec->ble.static_addr_type;
    170       break;
    171 
    172     default:
    173       BTM_TRACE_ERROR("Unknown active address: %d",
    174                       p_dev_rec->ble.active_addr_type);
    175       st = false;
    176       break;
    177   }
    178 
    179   return st;
    180 }
    181 #endif
    182 /*******************************************************************************
    183  *
    184  * Function         btm_acl_created
    185  *
    186  * Description      This function is called by L2CAP when an ACL connection
    187  *                  is created.
    188  *
    189  * Returns          void
    190  *
    191  ******************************************************************************/
    192 void btm_acl_created(BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
    193                      uint16_t hci_handle, uint8_t link_role,
    194                      tBT_TRANSPORT transport) {
    195   tBTM_SEC_DEV_REC* p_dev_rec = NULL;
    196   tACL_CONN* p;
    197   uint8_t xx;
    198 
    199   BTM_TRACE_DEBUG("btm_acl_created hci_handle=%d link_role=%d  transport=%d",
    200                   hci_handle, link_role, transport);
    201   /* Ensure we don't have duplicates */
    202   p = btm_bda_to_acl(bda, transport);
    203   if (p != (tACL_CONN*)NULL) {
    204     p->hci_handle = hci_handle;
    205     p->link_role = link_role;
    206     p->transport = transport;
    207     BTM_TRACE_DEBUG(
    208         "Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x",
    209         bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
    210     BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy);
    211     return;
    212   }
    213 
    214   /* Allocate acl_db entry */
    215   for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++) {
    216     if (!p->in_use) {
    217       p->in_use = true;
    218       p->hci_handle = hci_handle;
    219       p->link_role = link_role;
    220       p->link_up_issued = false;
    221       memcpy(p->remote_addr, bda, BD_ADDR_LEN);
    222 
    223       p->transport = transport;
    224 #if (BLE_PRIVACY_SPT == TRUE)
    225       if (transport == BT_TRANSPORT_LE)
    226         btm_ble_refresh_local_resolvable_private_addr(
    227             bda, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
    228 #else
    229       p->conn_addr_type = BLE_ADDR_PUBLIC;
    230       memcpy(p->conn_addr, &controller_get_interface()->get_address()->address,
    231              BD_ADDR_LEN);
    232 
    233 #endif
    234       p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
    235 
    236       btm_pm_sm_alloc(xx);
    237 
    238       if (dc) memcpy(p->remote_dc, dc, DEV_CLASS_LEN);
    239 
    240       if (bdn) memcpy(p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN);
    241 
    242       /* if BR/EDR do something more */
    243       if (transport == BT_TRANSPORT_BR_EDR) {
    244         btsnd_hcic_read_rmt_clk_offset(p->hci_handle);
    245         btsnd_hcic_rmt_ver_req(p->hci_handle);
    246       }
    247       p_dev_rec = btm_find_dev_by_handle(hci_handle);
    248 
    249       if (p_dev_rec) {
    250         BTM_TRACE_DEBUG("device_type=0x%x", p_dev_rec->device_type);
    251       }
    252 
    253       if (p_dev_rec && !(transport == BT_TRANSPORT_LE)) {
    254         /* If remote features already known, copy them and continue connection
    255          * setup */
    256         if ((p_dev_rec->num_read_pages) &&
    257             (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1))) {
    258           memcpy(p->peer_lmp_feature_pages, p_dev_rec->feature_pages,
    259                  (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages));
    260           p->num_read_pages = p_dev_rec->num_read_pages;
    261 
    262           const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
    263 
    264           /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
    265           btm_sec_set_peer_sec_caps(p, p_dev_rec);
    266 
    267           BTM_TRACE_API("%s: pend:%d", __func__, req_pend);
    268           if (req_pend) {
    269             /* Request for remaining Security Features (if any) */
    270             l2cu_resubmit_pending_sec_req(p_dev_rec->bd_addr);
    271           }
    272           btm_establish_continue(p);
    273           return;
    274         }
    275       }
    276 
    277       /* If here, features are not known yet */
    278       if (p_dev_rec && transport == BT_TRANSPORT_LE) {
    279 #if (BLE_PRIVACY_SPT == TRUE)
    280         btm_ble_get_acl_remote_addr(p_dev_rec, p->active_remote_addr,
    281                                     &p->active_remote_addr_type);
    282 #endif
    283 
    284         if (HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(
    285                 controller_get_interface()->get_features_ble()->as_array) ||
    286             link_role == HCI_ROLE_MASTER) {
    287           btsnd_hcic_ble_read_remote_feat(p->hci_handle);
    288         } else {
    289           btm_establish_continue(p);
    290         }
    291       } else {
    292         btm_read_remote_features(p->hci_handle);
    293       }
    294 
    295       /* read page 1 - on rmt feature event for buffer reasons */
    296       return;
    297     }
    298   }
    299 }
    300 
    301 void btm_acl_update_conn_addr(uint8_t conn_handle, BD_ADDR address) {
    302   uint8_t idx = btm_handle_to_acl_index(conn_handle);
    303   if (idx != MAX_L2CAP_LINKS) {
    304     memcpy(btm_cb.acl_db[idx].conn_addr, address, BD_ADDR_LEN);
    305   }
    306 }
    307 
    308 /*******************************************************************************
    309  *
    310  * Function         btm_acl_report_role_change
    311  *
    312  * Description      This function is called when the local device is deemed
    313  *                  to be down. It notifies L2CAP of the failure.
    314  *
    315  * Returns          void
    316  *
    317  ******************************************************************************/
    318 void btm_acl_report_role_change(uint8_t hci_status, BD_ADDR bda) {
    319   tBTM_ROLE_SWITCH_CMPL ref_data;
    320   BTM_TRACE_DEBUG("btm_acl_report_role_change");
    321   if (btm_cb.devcb.p_switch_role_cb &&
    322       (bda && (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr,
    323                            bda, BD_ADDR_LEN)))) {
    324     memcpy(&ref_data, &btm_cb.devcb.switch_role_ref_data,
    325            sizeof(tBTM_ROLE_SWITCH_CMPL));
    326     ref_data.hci_status = hci_status;
    327     (*btm_cb.devcb.p_switch_role_cb)(&ref_data);
    328     memset(&btm_cb.devcb.switch_role_ref_data, 0,
    329            sizeof(tBTM_ROLE_SWITCH_CMPL));
    330     btm_cb.devcb.p_switch_role_cb = NULL;
    331   }
    332 }
    333 
    334 /*******************************************************************************
    335  *
    336  * Function         btm_acl_removed
    337  *
    338  * Description      This function is called by L2CAP when an ACL connection
    339  *                  is removed. Since only L2CAP creates ACL links, we use
    340  *                  the L2CAP link index as our index into the control blocks.
    341  *
    342  * Returns          void
    343  *
    344  ******************************************************************************/
    345 void btm_acl_removed(BD_ADDR bda, tBT_TRANSPORT transport) {
    346   tACL_CONN* p;
    347   tBTM_BL_EVENT_DATA evt_data;
    348   tBTM_SEC_DEV_REC* p_dev_rec = NULL;
    349   BTM_TRACE_DEBUG("btm_acl_removed");
    350   p = btm_bda_to_acl(bda, transport);
    351   if (p != (tACL_CONN*)NULL) {
    352     p->in_use = false;
    353 
    354     /* if the disconnected channel has a pending role switch, clear it now */
    355     btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda);
    356 
    357     /* Only notify if link up has had a chance to be issued */
    358     if (p->link_up_issued) {
    359       p->link_up_issued = false;
    360 
    361       /* If anyone cares, tell him database changed */
    362       if (btm_cb.p_bl_changed_cb) {
    363         evt_data.event = BTM_BL_DISCN_EVT;
    364         evt_data.discn.p_bda = bda;
    365         evt_data.discn.handle = p->hci_handle;
    366         evt_data.discn.transport = p->transport;
    367         (*btm_cb.p_bl_changed_cb)(&evt_data);
    368       }
    369 
    370       btm_acl_update_busy_level(BTM_BLI_ACL_DOWN_EVT);
    371     }
    372 
    373     BTM_TRACE_DEBUG(
    374         "acl hci_handle=%d transport=%d connectable_mode=0x%0x link_role=%d",
    375         p->hci_handle, p->transport, btm_cb.ble_ctr_cb.inq_var.connectable_mode,
    376         p->link_role);
    377 
    378     p_dev_rec = btm_find_dev(bda);
    379     if (p_dev_rec) {
    380       BTM_TRACE_DEBUG("before update p_dev_rec->sec_flags=0x%x",
    381                       p_dev_rec->sec_flags);
    382       if (p->transport == BT_TRANSPORT_LE) {
    383         BTM_TRACE_DEBUG("LE link down");
    384         p_dev_rec->sec_flags &= ~(BTM_SEC_LE_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
    385         if ((p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_KNOWN) == 0) {
    386           BTM_TRACE_DEBUG("Not Bonded");
    387           p_dev_rec->sec_flags &=
    388               ~(BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_LE_AUTHENTICATED);
    389         } else {
    390           BTM_TRACE_DEBUG("Bonded");
    391         }
    392       } else {
    393         BTM_TRACE_DEBUG("Bletooth link down");
    394         p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED |
    395                                   BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED);
    396       }
    397       BTM_TRACE_DEBUG("after update p_dev_rec->sec_flags=0x%x",
    398                       p_dev_rec->sec_flags);
    399     } else {
    400       BTM_TRACE_ERROR("Device not found");
    401     }
    402 
    403     /* Clear the ACL connection data */
    404     memset(p, 0, sizeof(tACL_CONN));
    405   }
    406 }
    407 
    408 /*******************************************************************************
    409  *
    410  * Function         btm_acl_device_down
    411  *
    412  * Description      This function is called when the local device is deemed
    413  *                  to be down. It notifies L2CAP of the failure.
    414  *
    415  * Returns          void
    416  *
    417  ******************************************************************************/
    418 void btm_acl_device_down(void) {
    419   tACL_CONN* p = &btm_cb.acl_db[0];
    420   uint16_t xx;
    421   BTM_TRACE_DEBUG("btm_acl_device_down");
    422   for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
    423     if (p->in_use) {
    424       BTM_TRACE_DEBUG("hci_handle=%d HCI_ERR_HW_FAILURE ", p->hci_handle);
    425       l2c_link_hci_disc_comp(p->hci_handle, HCI_ERR_HW_FAILURE);
    426     }
    427   }
    428 }
    429 
    430 /*******************************************************************************
    431  *
    432  * Function         btm_acl_update_busy_level
    433  *
    434  * Description      This function is called to update the busy level of the
    435  *                  system.
    436  *
    437  * Returns          void
    438  *
    439  ******************************************************************************/
    440 void btm_acl_update_busy_level(tBTM_BLI_EVENT event) {
    441   bool old_inquiry_state = btm_cb.is_inquiry;
    442   tBTM_BL_UPDATE_DATA evt;
    443   evt.busy_level_flags = 0;
    444   switch (event) {
    445     case BTM_BLI_ACL_UP_EVT:
    446       BTM_TRACE_DEBUG("BTM_BLI_ACL_UP_EVT");
    447       break;
    448     case BTM_BLI_ACL_DOWN_EVT:
    449       BTM_TRACE_DEBUG("BTM_BLI_ACL_DOWN_EVT");
    450       break;
    451     case BTM_BLI_PAGE_EVT:
    452       BTM_TRACE_DEBUG("BTM_BLI_PAGE_EVT");
    453       btm_cb.is_paging = true;
    454       evt.busy_level_flags = BTM_BL_PAGING_STARTED;
    455       break;
    456     case BTM_BLI_PAGE_DONE_EVT:
    457       BTM_TRACE_DEBUG("BTM_BLI_PAGE_DONE_EVT");
    458       btm_cb.is_paging = false;
    459       evt.busy_level_flags = BTM_BL_PAGING_COMPLETE;
    460       break;
    461     case BTM_BLI_INQ_EVT:
    462       BTM_TRACE_DEBUG("BTM_BLI_INQ_EVT");
    463       btm_cb.is_inquiry = true;
    464       evt.busy_level_flags = BTM_BL_INQUIRY_STARTED;
    465       break;
    466     case BTM_BLI_INQ_CANCEL_EVT:
    467       BTM_TRACE_DEBUG("BTM_BLI_INQ_CANCEL_EVT");
    468       btm_cb.is_inquiry = false;
    469       evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED;
    470       break;
    471     case BTM_BLI_INQ_DONE_EVT:
    472       BTM_TRACE_DEBUG("BTM_BLI_INQ_DONE_EVT");
    473       btm_cb.is_inquiry = false;
    474       evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE;
    475       break;
    476   }
    477 
    478   uint8_t busy_level;
    479   if (btm_cb.is_paging || btm_cb.is_inquiry)
    480     busy_level = 10;
    481   else
    482     busy_level = BTM_GetNumAclLinks();
    483 
    484   if ((busy_level != btm_cb.busy_level) ||
    485       (old_inquiry_state != btm_cb.is_inquiry)) {
    486     evt.event = BTM_BL_UPDATE_EVT;
    487     evt.busy_level = busy_level;
    488     btm_cb.busy_level = busy_level;
    489     if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK)) {
    490       (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA*)&evt);
    491     }
    492   }
    493 }
    494 
    495 /*******************************************************************************
    496  *
    497  * Function         BTM_GetRole
    498  *
    499  * Description      This function is called to get the role of the local device
    500  *                  for the ACL connection with the specified remote device
    501  *
    502  * Returns          BTM_SUCCESS if connection exists.
    503  *                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
    504  *
    505  ******************************************************************************/
    506 tBTM_STATUS BTM_GetRole(BD_ADDR remote_bd_addr, uint8_t* p_role) {
    507   tACL_CONN* p;
    508   BTM_TRACE_DEBUG("BTM_GetRole");
    509   p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
    510   if (p == NULL) {
    511     *p_role = BTM_ROLE_UNDEFINED;
    512     return (BTM_UNKNOWN_ADDR);
    513   }
    514 
    515   /* Get the current role */
    516   *p_role = p->link_role;
    517   return (BTM_SUCCESS);
    518 }
    519 
    520 /*******************************************************************************
    521  *
    522  * Function         BTM_SwitchRole
    523  *
    524  * Description      This function is called to switch role between master and
    525  *                  slave.  If role is already set it will do nothing.  If the
    526  *                  command was initiated, the callback function is called upon
    527  *                  completion.
    528  *
    529  * Returns          BTM_SUCCESS if already in specified role.
    530  *                  BTM_CMD_STARTED if command issued to controller.
    531  *                  BTM_NO_RESOURCES if couldn't allocate memory to issue
    532  *                                   command
    533  *                  BTM_UNKNOWN_ADDR if no active link with bd addr specified
    534  *                  BTM_MODE_UNSUPPORTED if local device does not support role
    535  *                                       switching
    536  *                  BTM_BUSY if the previous command is not completed
    537  *
    538  ******************************************************************************/
    539 tBTM_STATUS BTM_SwitchRole(BD_ADDR remote_bd_addr, uint8_t new_role,
    540                            tBTM_CMPL_CB* p_cb) {
    541   tACL_CONN* p;
    542   tBTM_SEC_DEV_REC* p_dev_rec = NULL;
    543 #if (BTM_SCO_INCLUDED == TRUE)
    544   bool is_sco_active;
    545 #endif
    546   tBTM_STATUS status;
    547   tBTM_PM_MODE pwr_mode;
    548   tBTM_PM_PWR_MD settings;
    549   BD_ADDR_PTR p_bda;
    550   BTM_TRACE_API("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x",
    551                 remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2],
    552                 remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]);
    553 
    554   /* Make sure the local device supports switching */
    555   if (!controller_get_interface()->supports_master_slave_role_switch())
    556     return (BTM_MODE_UNSUPPORTED);
    557 
    558   if (btm_cb.devcb.p_switch_role_cb && p_cb) {
    559     p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
    560     BTM_TRACE_DEBUG(
    561         "Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x",
    562         p_bda[0], p_bda[1], p_bda[2], p_bda[3], p_bda[4], p_bda[5]);
    563     return (BTM_BUSY);
    564   }
    565 
    566   p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
    567   if (p == NULL) return (BTM_UNKNOWN_ADDR);
    568 
    569   /* Finished if already in desired role */
    570   if (p->link_role == new_role) return (BTM_SUCCESS);
    571 
    572 #if (BTM_SCO_INCLUDED == TRUE)
    573   /* Check if there is any SCO Active on this BD Address */
    574   is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr);
    575 
    576   if (is_sco_active == true) return (BTM_NO_RESOURCES);
    577 #endif
    578 
    579   /* Ignore role switch request if the previous request was not completed */
    580   if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE) {
    581     BTM_TRACE_DEBUG("BTM_SwitchRole busy: %d", p->switch_role_state);
    582     return (BTM_BUSY);
    583   }
    584 
    585   status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode);
    586   if (status != BTM_SUCCESS) return (status);
    587 
    588   /* Wake up the link if in sniff or park before attempting switch */
    589   if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF) {
    590     memset((void*)&settings, 0, sizeof(settings));
    591     settings.mode = BTM_PM_MD_ACTIVE;
    592     status = BTM_SetPowerMode(BTM_PM_SET_ONLY_ID, p->remote_addr, &settings);
    593     if (status != BTM_CMD_STARTED) return (BTM_WRONG_MODE);
    594 
    595     p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE;
    596   }
    597   /* some devices do not support switch while encryption is on */
    598   else {
    599     p_dev_rec = btm_find_dev(remote_bd_addr);
    600     if ((p_dev_rec != NULL) &&
    601         ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) &&
    602         !BTM_EPR_AVAILABLE(p)) {
    603       /* bypass turning off encryption if change link key is already doing it */
    604       if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF) {
    605         btsnd_hcic_set_conn_encrypt(p->hci_handle, false);
    606         p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
    607       }
    608 
    609       p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
    610     } else {
    611       btsnd_hcic_switch_role(remote_bd_addr, new_role);
    612       p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
    613 
    614 #if (BTM_DISC_DURING_RS == TRUE)
    615       if (p_dev_rec) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
    616 #endif
    617     }
    618   }
    619 
    620   /* Initialize return structure in case request fails */
    621   if (p_cb) {
    622     memcpy(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr,
    623            BD_ADDR_LEN);
    624     btm_cb.devcb.switch_role_ref_data.role = new_role;
    625     /* initialized to an error code */
    626     btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE;
    627     btm_cb.devcb.p_switch_role_cb = p_cb;
    628   }
    629   return (BTM_CMD_STARTED);
    630 }
    631 
    632 /*******************************************************************************
    633  *
    634  * Function         btm_acl_encrypt_change
    635  *
    636  * Description      This function is when encryption of the connection is
    637  *                  completed by the LM.  Checks to see if a role switch or
    638  *                  change of link key was active and initiates or continues
    639  *                  process if needed.
    640  *
    641  * Returns          void
    642  *
    643  ******************************************************************************/
    644 void btm_acl_encrypt_change(uint16_t handle, uint8_t status,
    645                             uint8_t encr_enable) {
    646   tACL_CONN* p;
    647   uint8_t xx;
    648   tBTM_SEC_DEV_REC* p_dev_rec;
    649   tBTM_BL_ROLE_CHG_DATA evt;
    650 
    651   BTM_TRACE_DEBUG("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d",
    652                   handle, status, encr_enable);
    653   xx = btm_handle_to_acl_index(handle);
    654   /* don't assume that we can never get a bad hci_handle */
    655   if (xx < MAX_L2CAP_LINKS)
    656     p = &btm_cb.acl_db[xx];
    657   else
    658     return;
    659 
    660   /* Process Role Switch if active */
    661   if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF) {
    662     /* if encryption turn off failed we still will try to switch role */
    663     if (encr_enable) {
    664       p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
    665       p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
    666     } else {
    667       p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING;
    668       p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC;
    669     }
    670 
    671     btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role);
    672 #if (BTM_DISC_DURING_RS == TRUE)
    673     p_dev_rec = btm_find_dev(p->remote_addr);
    674     if (p_dev_rec != NULL) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
    675 #endif
    676 
    677   }
    678   /* Finished enabling Encryption after role switch */
    679   else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON) {
    680     p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
    681     p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
    682     btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status,
    683                                p->remote_addr);
    684 
    685     /* if role change event is registered, report it now */
    686     if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) {
    687       evt.event = BTM_BL_ROLE_CHG_EVT;
    688       evt.new_role = btm_cb.devcb.switch_role_ref_data.role;
    689       evt.p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
    690       evt.hci_status = btm_cb.devcb.switch_role_ref_data.hci_status;
    691       (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA*)&evt);
    692 
    693       BTM_TRACE_DEBUG(
    694           "Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
    695           evt.new_role, evt.hci_status, p->switch_role_state);
    696     }
    697 
    698 #if (BTM_DISC_DURING_RS == TRUE)
    699     /* If a disconnect is pending, issue it now that role switch has completed
    700      */
    701     p_dev_rec = btm_find_dev(p->remote_addr);
    702     if (p_dev_rec != NULL) {
    703       if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) {
    704         BTM_TRACE_WARNING(
    705             "btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!");
    706         btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
    707       }
    708       BTM_TRACE_ERROR(
    709           "btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
    710           PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending);
    711       p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
    712     }
    713 #endif
    714   }
    715 }
    716 /*******************************************************************************
    717  *
    718  * Function         BTM_SetLinkPolicy
    719  *
    720  * Description      Create and send HCI "Write Policy Set" command
    721  *
    722  * Returns          status of the operation
    723  *
    724  ******************************************************************************/
    725 tBTM_STATUS BTM_SetLinkPolicy(BD_ADDR remote_bda, uint16_t* settings) {
    726   tACL_CONN* p;
    727   uint8_t* localFeatures = BTM_ReadLocalFeatures();
    728   BTM_TRACE_DEBUG("%s", __func__);
    729   /*  BTM_TRACE_API ("%s: requested settings: 0x%04x", __func__, *settings ); */
    730 
    731   /* First, check if hold mode is supported */
    732   if (*settings != HCI_DISABLE_ALL_LM_MODES) {
    733     if ((*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) &&
    734         (!HCI_SWITCH_SUPPORTED(localFeatures))) {
    735       *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH);
    736       BTM_TRACE_API("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)",
    737                     *settings);
    738     }
    739     if ((*settings & HCI_ENABLE_HOLD_MODE) &&
    740         (!HCI_HOLD_MODE_SUPPORTED(localFeatures))) {
    741       *settings &= (~HCI_ENABLE_HOLD_MODE);
    742       BTM_TRACE_API("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)",
    743                     *settings);
    744     }
    745     if ((*settings & HCI_ENABLE_SNIFF_MODE) &&
    746         (!HCI_SNIFF_MODE_SUPPORTED(localFeatures))) {
    747       *settings &= (~HCI_ENABLE_SNIFF_MODE);
    748       BTM_TRACE_API("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)",
    749                     *settings);
    750     }
    751     if ((*settings & HCI_ENABLE_PARK_MODE) &&
    752         (!HCI_PARK_MODE_SUPPORTED(localFeatures))) {
    753       *settings &= (~HCI_ENABLE_PARK_MODE);
    754       BTM_TRACE_API("BTM_SetLinkPolicy park not supported (settings: 0x%04x)",
    755                     *settings);
    756     }
    757   }
    758 
    759   p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
    760   if (p != NULL) {
    761     btsnd_hcic_write_policy_set(p->hci_handle, *settings);
    762     return BTM_CMD_STARTED;
    763   }
    764 
    765   /* If here, no BD Addr found */
    766   return (BTM_UNKNOWN_ADDR);
    767 }
    768 
    769 /*******************************************************************************
    770  *
    771  * Function         BTM_SetDefaultLinkPolicy
    772  *
    773  * Description      Set the default value for HCI "Write Policy Set" command
    774  *                  to use when an ACL link is created.
    775  *
    776  * Returns          void
    777  *
    778  ******************************************************************************/
    779 void BTM_SetDefaultLinkPolicy(uint16_t settings) {
    780   uint8_t* localFeatures = BTM_ReadLocalFeatures();
    781 
    782   BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy setting:0x%04x", settings);
    783 
    784   if ((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) &&
    785       (!HCI_SWITCH_SUPPORTED(localFeatures))) {
    786     settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
    787     BTM_TRACE_DEBUG(
    788         "BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)",
    789         settings);
    790   }
    791   if ((settings & HCI_ENABLE_HOLD_MODE) &&
    792       (!HCI_HOLD_MODE_SUPPORTED(localFeatures))) {
    793     settings &= ~HCI_ENABLE_HOLD_MODE;
    794     BTM_TRACE_DEBUG(
    795         "BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)",
    796         settings);
    797   }
    798   if ((settings & HCI_ENABLE_SNIFF_MODE) &&
    799       (!HCI_SNIFF_MODE_SUPPORTED(localFeatures))) {
    800     settings &= ~HCI_ENABLE_SNIFF_MODE;
    801     BTM_TRACE_DEBUG(
    802         "BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)",
    803         settings);
    804   }
    805   if ((settings & HCI_ENABLE_PARK_MODE) &&
    806       (!HCI_PARK_MODE_SUPPORTED(localFeatures))) {
    807     settings &= ~HCI_ENABLE_PARK_MODE;
    808     BTM_TRACE_DEBUG(
    809         "BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)",
    810         settings);
    811   }
    812   BTM_TRACE_DEBUG("Set DefaultLinkPolicy:0x%04x", settings);
    813 
    814   btm_cb.btm_def_link_policy = settings;
    815 
    816   /* Set the default Link Policy of the controller */
    817   btsnd_hcic_write_def_policy_set(settings);
    818 }
    819 
    820 void btm_use_preferred_conn_params(BD_ADDR bda) {
    821   tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
    822   tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(bda);
    823 
    824   /* If there are any preferred connection parameters, set them now */
    825   if ((p_dev_rec->conn_params.min_conn_int >= BTM_BLE_CONN_INT_MIN) &&
    826       (p_dev_rec->conn_params.min_conn_int <= BTM_BLE_CONN_INT_MAX) &&
    827       (p_dev_rec->conn_params.max_conn_int >= BTM_BLE_CONN_INT_MIN) &&
    828       (p_dev_rec->conn_params.max_conn_int <= BTM_BLE_CONN_INT_MAX) &&
    829       (p_dev_rec->conn_params.slave_latency <= BTM_BLE_CONN_LATENCY_MAX) &&
    830       (p_dev_rec->conn_params.supervision_tout >= BTM_BLE_CONN_SUP_TOUT_MIN) &&
    831       (p_dev_rec->conn_params.supervision_tout <= BTM_BLE_CONN_SUP_TOUT_MAX) &&
    832       ((p_lcb->min_interval < p_dev_rec->conn_params.min_conn_int &&
    833         p_dev_rec->conn_params.min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) ||
    834        (p_lcb->min_interval > p_dev_rec->conn_params.max_conn_int) ||
    835        (p_lcb->latency > p_dev_rec->conn_params.slave_latency) ||
    836        (p_lcb->timeout > p_dev_rec->conn_params.supervision_tout))) {
    837     BTM_TRACE_DEBUG(
    838         "%s: HANDLE=%d min_conn_int=%d max_conn_int=%d slave_latency=%d "
    839         "supervision_tout=%d",
    840         __func__, p_lcb->handle, p_dev_rec->conn_params.min_conn_int,
    841         p_dev_rec->conn_params.max_conn_int,
    842         p_dev_rec->conn_params.slave_latency,
    843         p_dev_rec->conn_params.supervision_tout);
    844 
    845     p_lcb->min_interval = p_dev_rec->conn_params.min_conn_int;
    846     p_lcb->max_interval = p_dev_rec->conn_params.max_conn_int;
    847     p_lcb->timeout = p_dev_rec->conn_params.supervision_tout;
    848     p_lcb->latency = p_dev_rec->conn_params.slave_latency;
    849 
    850     btsnd_hcic_ble_upd_ll_conn_params(
    851         p_lcb->handle, p_dev_rec->conn_params.min_conn_int,
    852         p_dev_rec->conn_params.max_conn_int,
    853         p_dev_rec->conn_params.slave_latency,
    854         p_dev_rec->conn_params.supervision_tout, 0, 0);
    855   }
    856 }
    857 
    858 /*******************************************************************************
    859  *
    860  * Function         btm_read_remote_version_complete
    861  *
    862  * Description      This function is called when the command complete message
    863  *                  is received from the HCI for the remote version info.
    864  *
    865  * Returns          void
    866  *
    867  ******************************************************************************/
    868 void btm_read_remote_version_complete(uint8_t* p) {
    869   tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
    870   uint8_t status;
    871   uint16_t handle;
    872   int xx;
    873   BTM_TRACE_DEBUG("btm_read_remote_version_complete");
    874 
    875   STREAM_TO_UINT8(status, p);
    876   STREAM_TO_UINT16(handle, p);
    877 
    878   /* Look up the connection by handle and copy features */
    879   for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) {
    880     if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) {
    881       if (status == HCI_SUCCESS) {
    882         STREAM_TO_UINT8(p_acl_cb->lmp_version, p);
    883         STREAM_TO_UINT16(p_acl_cb->manufacturer, p);
    884         STREAM_TO_UINT16(p_acl_cb->lmp_subversion, p);
    885       }
    886 
    887       if (p_acl_cb->transport == BT_TRANSPORT_LE) {
    888         l2cble_notify_le_connection(p_acl_cb->remote_addr);
    889         btm_use_preferred_conn_params(p_acl_cb->remote_addr);
    890       }
    891       break;
    892     }
    893   }
    894 }
    895 
    896 /*******************************************************************************
    897  *
    898  * Function         btm_process_remote_ext_features
    899  *
    900  * Description      Local function called to process all extended features pages
    901  *                  read from a remote device.
    902  *
    903  * Returns          void
    904  *
    905  ******************************************************************************/
    906 void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
    907                                      uint8_t num_read_pages) {
    908   uint16_t handle = p_acl_cb->hci_handle;
    909   tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(handle);
    910   uint8_t page_idx;
    911 
    912   BTM_TRACE_DEBUG("btm_process_remote_ext_features");
    913 
    914   /* Make sure we have the record to save remote features information */
    915   if (p_dev_rec == NULL) {
    916     /* Get a new device; might be doing dedicated bonding */
    917     p_dev_rec = btm_find_or_alloc_dev(p_acl_cb->remote_addr);
    918   }
    919 
    920   p_acl_cb->num_read_pages = num_read_pages;
    921   p_dev_rec->num_read_pages = num_read_pages;
    922 
    923   /* Move the pages to placeholder */
    924   for (page_idx = 0; page_idx < num_read_pages; page_idx++) {
    925     if (page_idx > HCI_EXT_FEATURES_PAGE_MAX) {
    926       BTM_TRACE_ERROR("%s: page=%d unexpected", __func__, page_idx);
    927       break;
    928     }
    929     memcpy(p_dev_rec->feature_pages[page_idx],
    930            p_acl_cb->peer_lmp_feature_pages[page_idx],
    931            HCI_FEATURE_BYTES_PER_PAGE);
    932   }
    933 
    934   const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND);
    935 
    936   /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */
    937   btm_sec_set_peer_sec_caps(p_acl_cb, p_dev_rec);
    938 
    939   BTM_TRACE_API("%s: pend:%d", __func__, req_pend);
    940   if (req_pend) {
    941     /* Request for remaining Security Features (if any) */
    942     l2cu_resubmit_pending_sec_req(p_dev_rec->bd_addr);
    943   }
    944 }
    945 
    946 /*******************************************************************************
    947  *
    948  * Function         btm_read_remote_features
    949  *
    950  * Description      Local function called to send a read remote supported
    951  *                  features/remote extended features page[0].
    952  *
    953  * Returns          void
    954  *
    955  ******************************************************************************/
    956 void btm_read_remote_features(uint16_t handle) {
    957   uint8_t acl_idx;
    958   tACL_CONN* p_acl_cb;
    959 
    960   BTM_TRACE_DEBUG("btm_read_remote_features() handle: %d", handle);
    961 
    962   acl_idx = btm_handle_to_acl_index(handle);
    963   if (acl_idx >= MAX_L2CAP_LINKS) {
    964     BTM_TRACE_ERROR("btm_read_remote_features handle=%d invalid", handle);
    965     return;
    966   }
    967 
    968   p_acl_cb = &btm_cb.acl_db[acl_idx];
    969   p_acl_cb->num_read_pages = 0;
    970   memset(p_acl_cb->peer_lmp_feature_pages, 0,
    971          sizeof(p_acl_cb->peer_lmp_feature_pages));
    972 
    973   /* first send read remote supported features HCI command */
    974   /* because we don't know whether the remote support extended feature command
    975    */
    976   btsnd_hcic_rmt_features_req(handle);
    977 }
    978 
    979 /*******************************************************************************
    980  *
    981  * Function         btm_read_remote_ext_features
    982  *
    983  * Description      Local function called to send a read remote extended
    984  *                  features
    985  *
    986  * Returns          void
    987  *
    988  ******************************************************************************/
    989 void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number) {
    990   BTM_TRACE_DEBUG("btm_read_remote_ext_features() handle: %d page: %d", handle,
    991                   page_number);
    992 
    993   btsnd_hcic_rmt_ext_features(handle, page_number);
    994 }
    995 
    996 /*******************************************************************************
    997  *
    998  * Function         btm_read_remote_features_complete
    999  *
   1000  * Description      This function is called when the remote supported features
   1001  *                  complete event is received from the HCI.
   1002  *
   1003  * Returns          void
   1004  *
   1005  ******************************************************************************/
   1006 void btm_read_remote_features_complete(uint8_t* p) {
   1007   tACL_CONN* p_acl_cb;
   1008   uint8_t status;
   1009   uint16_t handle;
   1010   uint8_t acl_idx;
   1011 
   1012   BTM_TRACE_DEBUG("btm_read_remote_features_complete");
   1013   STREAM_TO_UINT8(status, p);
   1014 
   1015   if (status != HCI_SUCCESS) {
   1016     BTM_TRACE_ERROR("btm_read_remote_features_complete failed (status 0x%02x)",
   1017                     status);
   1018     return;
   1019   }
   1020 
   1021   STREAM_TO_UINT16(handle, p);
   1022 
   1023   acl_idx = btm_handle_to_acl_index(handle);
   1024   if (acl_idx >= MAX_L2CAP_LINKS) {
   1025     BTM_TRACE_ERROR("btm_read_remote_features_complete handle=%d invalid",
   1026                     handle);
   1027     return;
   1028   }
   1029 
   1030   p_acl_cb = &btm_cb.acl_db[acl_idx];
   1031 
   1032   /* Copy the received features page */
   1033   STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[0], p,
   1034                   HCI_FEATURE_BYTES_PER_PAGE);
   1035 
   1036   if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0])) &&
   1037       (controller_get_interface()
   1038            ->supports_reading_remote_extended_features())) {
   1039     /* if the remote controller has extended features and local controller
   1040        supports HCI_Read_Remote_Extended_Features command then start reading
   1041        these feature starting with extended features page 1 */
   1042     BTM_TRACE_DEBUG("Start reading remote extended features");
   1043     btm_read_remote_ext_features(handle, 1);
   1044     return;
   1045   }
   1046 
   1047   /* Remote controller has no extended features. Process remote controller
   1048      supported features (features page 0). */
   1049   btm_process_remote_ext_features(p_acl_cb, 1);
   1050 
   1051   /* Continue with HCI connection establishment */
   1052   btm_establish_continue(p_acl_cb);
   1053 }
   1054 
   1055 /*******************************************************************************
   1056  *
   1057  * Function         btm_read_remote_ext_features_complete
   1058  *
   1059  * Description      This function is called when the remote extended features
   1060  *                  complete event is received from the HCI.
   1061  *
   1062  * Returns          void
   1063  *
   1064  ******************************************************************************/
   1065 void btm_read_remote_ext_features_complete(uint8_t* p) {
   1066   tACL_CONN* p_acl_cb;
   1067   uint8_t page_num, max_page;
   1068   uint16_t handle;
   1069   uint8_t acl_idx;
   1070 
   1071   BTM_TRACE_DEBUG("btm_read_remote_ext_features_complete");
   1072 
   1073   ++p;
   1074   STREAM_TO_UINT16(handle, p);
   1075   STREAM_TO_UINT8(page_num, p);
   1076   STREAM_TO_UINT8(max_page, p);
   1077 
   1078   /* Validate parameters */
   1079   acl_idx = btm_handle_to_acl_index(handle);
   1080   if (acl_idx >= MAX_L2CAP_LINKS) {
   1081     BTM_TRACE_ERROR("btm_read_remote_ext_features_complete handle=%d invalid",
   1082                     handle);
   1083     return;
   1084   }
   1085 
   1086   if (max_page > HCI_EXT_FEATURES_PAGE_MAX) {
   1087     BTM_TRACE_ERROR("btm_read_remote_ext_features_complete page=%d unknown",
   1088                     max_page);
   1089     return;
   1090   }
   1091 
   1092   p_acl_cb = &btm_cb.acl_db[acl_idx];
   1093 
   1094   /* Copy the received features page */
   1095   STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[page_num], p,
   1096                   HCI_FEATURE_BYTES_PER_PAGE);
   1097 
   1098   /* If there is the next remote features page and
   1099    * we have space to keep this page data - read this page */
   1100   if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX)) {
   1101     page_num++;
   1102     BTM_TRACE_DEBUG("BTM reads next remote extended features page (%d)",
   1103                     page_num);
   1104     btm_read_remote_ext_features(handle, page_num);
   1105     return;
   1106   }
   1107 
   1108   /* Reading of remote feature pages is complete */
   1109   BTM_TRACE_DEBUG("BTM reached last remote extended features page (%d)",
   1110                   page_num);
   1111 
   1112   /* Process the pages */
   1113   btm_process_remote_ext_features(p_acl_cb, (uint8_t)(page_num + 1));
   1114 
   1115   /* Continue with HCI connection establishment */
   1116   btm_establish_continue(p_acl_cb);
   1117 }
   1118 
   1119 /*******************************************************************************
   1120  *
   1121  * Function         btm_read_remote_ext_features_failed
   1122  *
   1123  * Description      This function is called when the remote extended features
   1124  *                  complete event returns a failed status.
   1125  *
   1126  * Returns          void
   1127  *
   1128  ******************************************************************************/
   1129 void btm_read_remote_ext_features_failed(uint8_t status, uint16_t handle) {
   1130   tACL_CONN* p_acl_cb;
   1131   uint8_t acl_idx;
   1132 
   1133   BTM_TRACE_WARNING(
   1134       "btm_read_remote_ext_features_failed (status 0x%02x) for handle %d",
   1135       status, handle);
   1136 
   1137   acl_idx = btm_handle_to_acl_index(handle);
   1138   if (acl_idx >= MAX_L2CAP_LINKS) {
   1139     BTM_TRACE_ERROR("btm_read_remote_ext_features_failed handle=%d invalid",
   1140                     handle);
   1141     return;
   1142   }
   1143 
   1144   p_acl_cb = &btm_cb.acl_db[acl_idx];
   1145 
   1146   /* Process supported features only */
   1147   btm_process_remote_ext_features(p_acl_cb, 1);
   1148 
   1149   /* Continue HCI connection establishment */
   1150   btm_establish_continue(p_acl_cb);
   1151 }
   1152 
   1153 /*******************************************************************************
   1154  *
   1155  * Function         btm_establish_continue
   1156  *
   1157  * Description      This function is called when the command complete message
   1158  *                  is received from the HCI for the read local link policy
   1159  *                  request.
   1160  *
   1161  * Returns          void
   1162  *
   1163  ******************************************************************************/
   1164 void btm_establish_continue(tACL_CONN* p_acl_cb) {
   1165   tBTM_BL_EVENT_DATA evt_data;
   1166   BTM_TRACE_DEBUG("btm_establish_continue");
   1167 #if (BTM_BYPASS_EXTRA_ACL_SETUP == FALSE)
   1168   if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR) {
   1169     /* For now there are a some devices that do not like sending */
   1170     /* commands events and data at the same time. */
   1171     /* Set the packet types to the default allowed by the device */
   1172     btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported);
   1173 
   1174     if (btm_cb.btm_def_link_policy)
   1175       BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy);
   1176   }
   1177 #endif
   1178   p_acl_cb->link_up_issued = true;
   1179 
   1180   /* If anyone cares, tell him database changed */
   1181   if (btm_cb.p_bl_changed_cb) {
   1182     evt_data.event = BTM_BL_CONN_EVT;
   1183     evt_data.conn.p_bda = p_acl_cb->remote_addr;
   1184     evt_data.conn.p_bdn = p_acl_cb->remote_name;
   1185     evt_data.conn.p_dc = p_acl_cb->remote_dc;
   1186     evt_data.conn.p_features = p_acl_cb->peer_lmp_feature_pages[0];
   1187     evt_data.conn.handle = p_acl_cb->hci_handle;
   1188     evt_data.conn.transport = p_acl_cb->transport;
   1189 
   1190     (*btm_cb.p_bl_changed_cb)(&evt_data);
   1191   }
   1192   btm_acl_update_busy_level(BTM_BLI_ACL_UP_EVT);
   1193 }
   1194 
   1195 /*******************************************************************************
   1196  *
   1197  * Function         BTM_SetDefaultLinkSuperTout
   1198  *
   1199  * Description      Set the default value for HCI "Write Link Supervision
   1200  *                                                 Timeout"
   1201  *                  command to use when an ACL link is created.
   1202  *
   1203  * Returns          void
   1204  *
   1205  ******************************************************************************/
   1206 void BTM_SetDefaultLinkSuperTout(uint16_t timeout) {
   1207   BTM_TRACE_DEBUG("BTM_SetDefaultLinkSuperTout");
   1208   btm_cb.btm_def_link_super_tout = timeout;
   1209 }
   1210 
   1211 /*******************************************************************************
   1212  *
   1213  * Function         BTM_GetLinkSuperTout
   1214  *
   1215  * Description      Read the link supervision timeout value of the connection
   1216  *
   1217  * Returns          status of the operation
   1218  *
   1219  ******************************************************************************/
   1220 tBTM_STATUS BTM_GetLinkSuperTout(BD_ADDR remote_bda, uint16_t* p_timeout) {
   1221   tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
   1222 
   1223   BTM_TRACE_DEBUG("BTM_GetLinkSuperTout");
   1224   if (p != (tACL_CONN*)NULL) {
   1225     *p_timeout = p->link_super_tout;
   1226     return (BTM_SUCCESS);
   1227   }
   1228   /* If here, no BD Addr found */
   1229   return (BTM_UNKNOWN_ADDR);
   1230 }
   1231 
   1232 /*******************************************************************************
   1233  *
   1234  * Function         BTM_SetLinkSuperTout
   1235  *
   1236  * Description      Create and send HCI "Write Link Supervision Timeout" command
   1237  *
   1238  * Returns          status of the operation
   1239  *
   1240  ******************************************************************************/
   1241 tBTM_STATUS BTM_SetLinkSuperTout(BD_ADDR remote_bda, uint16_t timeout) {
   1242   tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
   1243 
   1244   BTM_TRACE_DEBUG("BTM_SetLinkSuperTout");
   1245   if (p != (tACL_CONN*)NULL) {
   1246     p->link_super_tout = timeout;
   1247 
   1248     /* Only send if current role is Master; 2.0 spec requires this */
   1249     if (p->link_role == BTM_ROLE_MASTER) {
   1250       btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID,
   1251                                        p->hci_handle, timeout);
   1252       return (BTM_CMD_STARTED);
   1253     } else
   1254       return (BTM_SUCCESS);
   1255   }
   1256 
   1257   /* If here, no BD Addr found */
   1258   return (BTM_UNKNOWN_ADDR);
   1259 }
   1260 
   1261 /*******************************************************************************
   1262  *
   1263  * Function         BTM_IsAclConnectionUp
   1264  *
   1265  * Description      This function is called to check if an ACL connection exists
   1266  *                  to a specific remote BD Address.
   1267  *
   1268  * Returns          true if connection is up, else false.
   1269  *
   1270  ******************************************************************************/
   1271 bool BTM_IsAclConnectionUp(BD_ADDR remote_bda, tBT_TRANSPORT transport) {
   1272   tACL_CONN* p;
   1273 
   1274   BTM_TRACE_API("BTM_IsAclConnectionUp: RemBdAddr: %02x%02x%02x%02x%02x%02x",
   1275                 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
   1276                 remote_bda[4], remote_bda[5]);
   1277 
   1278   p = btm_bda_to_acl(remote_bda, transport);
   1279   if (p != (tACL_CONN*)NULL) {
   1280     return (true);
   1281   }
   1282 
   1283   /* If here, no BD Addr found */
   1284   return (false);
   1285 }
   1286 
   1287 /*******************************************************************************
   1288  *
   1289  * Function         BTM_GetNumAclLinks
   1290  *
   1291  * Description      This function is called to count the number of
   1292  *                  ACL links that are active.
   1293  *
   1294  * Returns          uint16_t Number of active ACL links
   1295  *
   1296  ******************************************************************************/
   1297 uint16_t BTM_GetNumAclLinks(void) {
   1298   uint16_t num_acl = 0;
   1299 
   1300   for (uint16_t i = 0; i < MAX_L2CAP_LINKS; ++i) {
   1301     if (btm_cb.acl_db[i].in_use) ++num_acl;
   1302   }
   1303 
   1304   return num_acl;
   1305 }
   1306 
   1307 /*******************************************************************************
   1308  *
   1309  * Function         btm_get_acl_disc_reason_code
   1310  *
   1311  * Description      This function is called to get the disconnection reason code
   1312  *                  returned by the HCI at disconnection complete event.
   1313  *
   1314  * Returns          true if connection is up, else false.
   1315  *
   1316  ******************************************************************************/
   1317 uint16_t btm_get_acl_disc_reason_code(void) {
   1318   uint8_t res = btm_cb.acl_disc_reason;
   1319   BTM_TRACE_DEBUG("btm_get_acl_disc_reason_code");
   1320   return (res);
   1321 }
   1322 
   1323 /*******************************************************************************
   1324  *
   1325  * Function         BTM_GetHCIConnHandle
   1326  *
   1327  * Description      This function is called to get the handle for an ACL
   1328  *                  connection to a specific remote BD Address.
   1329  *
   1330  * Returns          the handle of the connection, or 0xFFFF if none.
   1331  *
   1332  ******************************************************************************/
   1333 uint16_t BTM_GetHCIConnHandle(const BD_ADDR remote_bda,
   1334                               tBT_TRANSPORT transport) {
   1335   tACL_CONN* p;
   1336   BTM_TRACE_DEBUG("BTM_GetHCIConnHandle");
   1337   p = btm_bda_to_acl(remote_bda, transport);
   1338   if (p != (tACL_CONN*)NULL) {
   1339     return (p->hci_handle);
   1340   }
   1341 
   1342   /* If here, no BD Addr found */
   1343   return (0xFFFF);
   1344 }
   1345 
   1346 /*******************************************************************************
   1347  *
   1348  * Function         btm_process_clk_off_comp_evt
   1349  *
   1350  * Description      This function is called when clock offset command completes.
   1351  *
   1352  * Input Parms      hci_handle - connection handle associated with the change
   1353  *                  clock offset
   1354  *
   1355  * Returns          void
   1356  *
   1357  ******************************************************************************/
   1358 void btm_process_clk_off_comp_evt(uint16_t hci_handle, uint16_t clock_offset) {
   1359   uint8_t xx;
   1360   BTM_TRACE_DEBUG("btm_process_clk_off_comp_evt");
   1361   /* Look up the connection by handle and set the current mode */
   1362   xx = btm_handle_to_acl_index(hci_handle);
   1363   if (xx < MAX_L2CAP_LINKS) btm_cb.acl_db[xx].clock_offset = clock_offset;
   1364 }
   1365 
   1366 /*******************************************************************************
   1367  *
   1368  * Function         btm_acl_role_changed
   1369  *
   1370  * Description      This function is called whan a link's master/slave role
   1371  *                  change event or command status event (with error) is
   1372  *                  received. It updates the link control block, and calls the
   1373  *                  registered callback with status and role (if registered).
   1374  *
   1375  * Returns          void
   1376  *
   1377  ******************************************************************************/
   1378 void btm_acl_role_changed(uint8_t hci_status, BD_ADDR bd_addr,
   1379                           uint8_t new_role) {
   1380   uint8_t* p_bda =
   1381       (bd_addr) ? bd_addr : btm_cb.devcb.switch_role_ref_data.remote_bd_addr;
   1382   tACL_CONN* p = btm_bda_to_acl(p_bda, BT_TRANSPORT_BR_EDR);
   1383   tBTM_ROLE_SWITCH_CMPL* p_data = &btm_cb.devcb.switch_role_ref_data;
   1384   tBTM_SEC_DEV_REC* p_dev_rec;
   1385   tBTM_BL_ROLE_CHG_DATA evt;
   1386 
   1387   BTM_TRACE_DEBUG("btm_acl_role_changed");
   1388   /* Ignore any stray events */
   1389   if (p == NULL) {
   1390     /* it could be a failure */
   1391     if (hci_status != HCI_SUCCESS)
   1392       btm_acl_report_role_change(hci_status, bd_addr);
   1393     return;
   1394   }
   1395 
   1396   p_data->hci_status = hci_status;
   1397 
   1398   if (hci_status == HCI_SUCCESS) {
   1399     p_data->role = new_role;
   1400     memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN);
   1401 
   1402     /* Update cached value */
   1403     p->link_role = new_role;
   1404 
   1405     /* Reload LSTO: link supervision timeout is reset in the LM after a role
   1406      * switch */
   1407     if (new_role == BTM_ROLE_MASTER) {
   1408       BTM_SetLinkSuperTout(p->remote_addr, p->link_super_tout);
   1409     }
   1410   } else {
   1411     /* so the BTM_BL_ROLE_CHG_EVT uses the old role */
   1412     new_role = p->link_role;
   1413   }
   1414 
   1415   /* Check if any SCO req is pending for role change */
   1416   btm_sco_chk_pend_rolechange(p->hci_handle);
   1417 
   1418   /* if switching state is switching we need to turn encryption on */
   1419   /* if idle, we did not change encryption */
   1420   if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING) {
   1421     btsnd_hcic_set_conn_encrypt(p->hci_handle, true);
   1422     p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON;
   1423     p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON;
   1424     return;
   1425   }
   1426 
   1427   /* Set the switch_role_state to IDLE since the reply received from HCI */
   1428   /* regardless of its result either success or failed. */
   1429   if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS) {
   1430     p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE;
   1431     p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE;
   1432   }
   1433 
   1434   /* if role switch complete is needed, report it now */
   1435   btm_acl_report_role_change(hci_status, bd_addr);
   1436 
   1437   /* if role change event is registered, report it now */
   1438   if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) {
   1439     evt.event = BTM_BL_ROLE_CHG_EVT;
   1440     evt.new_role = new_role;
   1441     evt.p_bda = p_bda;
   1442     evt.hci_status = hci_status;
   1443     (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA*)&evt);
   1444   }
   1445 
   1446   BTM_TRACE_DEBUG(
   1447       "Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d",
   1448       p_data->role, p_data->hci_status, p->switch_role_state);
   1449 
   1450 #if (BTM_DISC_DURING_RS == TRUE)
   1451   /* If a disconnect is pending, issue it now that role switch has completed */
   1452   p_dev_rec = btm_find_dev(p_bda);
   1453   if (p_dev_rec != NULL) {
   1454     if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) {
   1455       BTM_TRACE_WARNING(
   1456           "btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!");
   1457       btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER);
   1458     }
   1459     BTM_TRACE_ERROR("tBTM_SEC_DEV:0x%x rs_disc_pending=%d",
   1460                     PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending);
   1461     p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
   1462   }
   1463 
   1464 #endif
   1465 }
   1466 
   1467 /*******************************************************************************
   1468  *
   1469  * Function         BTM_AllocateSCN
   1470  *
   1471  * Description      Look through the Server Channel Numbers for a free one.
   1472  *
   1473  * Returns          Allocated SCN number or 0 if none.
   1474  *
   1475  ******************************************************************************/
   1476 
   1477 uint8_t BTM_AllocateSCN(void) {
   1478   uint8_t x;
   1479   BTM_TRACE_DEBUG("BTM_AllocateSCN");
   1480 
   1481   // stack reserves scn 1 for HFP, HSP we still do the correct way
   1482   for (x = 1; x < BTM_MAX_SCN; x++) {
   1483     if (!btm_cb.btm_scn[x]) {
   1484       btm_cb.btm_scn[x] = true;
   1485       return (x + 1);
   1486     }
   1487   }
   1488 
   1489   return (0); /* No free ports */
   1490 }
   1491 
   1492 /*******************************************************************************
   1493  *
   1494  * Function         BTM_TryAllocateSCN
   1495  *
   1496  * Description      Try to allocate a fixed server channel
   1497  *
   1498  * Returns          Returns true if server channel was available
   1499  *
   1500  ******************************************************************************/
   1501 
   1502 bool BTM_TryAllocateSCN(uint8_t scn) {
   1503   /* Make sure we don't exceed max port range.
   1504    * Stack reserves scn 1 for HFP, HSP we still do the correct way.
   1505    */
   1506   if ((scn >= BTM_MAX_SCN) || (scn == 1)) return false;
   1507 
   1508   /* check if this port is available */
   1509   if (!btm_cb.btm_scn[scn - 1]) {
   1510     btm_cb.btm_scn[scn - 1] = true;
   1511     return true;
   1512   }
   1513 
   1514   return (false); /* Port was busy */
   1515 }
   1516 
   1517 /*******************************************************************************
   1518  *
   1519  * Function         BTM_FreeSCN
   1520  *
   1521  * Description      Free the specified SCN.
   1522  *
   1523  * Returns          true or false
   1524  *
   1525  ******************************************************************************/
   1526 bool BTM_FreeSCN(uint8_t scn) {
   1527   BTM_TRACE_DEBUG("BTM_FreeSCN ");
   1528   if (scn <= BTM_MAX_SCN) {
   1529     btm_cb.btm_scn[scn - 1] = false;
   1530     return (true);
   1531   } else
   1532     return (false); /* Illegal SCN passed in */
   1533 }
   1534 
   1535 /*******************************************************************************
   1536  *
   1537  * Function         btm_set_packet_types
   1538  *
   1539  * Description      This function sets the packet types used for a specific
   1540  *                  ACL connection. It is called internally by btm_acl_created
   1541  *                  or by an application/profile by BTM_SetPacketTypes.
   1542  *
   1543  * Returns          status of the operation
   1544  *
   1545  ******************************************************************************/
   1546 tBTM_STATUS btm_set_packet_types(tACL_CONN* p, uint16_t pkt_types) {
   1547   uint16_t temp_pkt_types;
   1548   BTM_TRACE_DEBUG("btm_set_packet_types");
   1549   /* Save in the ACL control blocks, types that we support */
   1550   temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK &
   1551                     btm_cb.btm_acl_pkt_types_supported);
   1552 
   1553   /* OR in any exception packet types if at least 2.0 version of spec */
   1554   temp_pkt_types |=
   1555       ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) |
   1556        (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK));
   1557 
   1558   /* Exclude packet types not supported by the peer */
   1559   btm_acl_chk_peer_pkt_type_support(p, &temp_pkt_types);
   1560 
   1561   BTM_TRACE_DEBUG("SetPacketType Mask -> 0x%04x", temp_pkt_types);
   1562 
   1563   btsnd_hcic_change_conn_type(p->hci_handle, temp_pkt_types);
   1564   p->pkt_types_mask = temp_pkt_types;
   1565 
   1566   return (BTM_CMD_STARTED);
   1567 }
   1568 
   1569 /*******************************************************************************
   1570  *
   1571  * Function         btm_get_max_packet_size
   1572  *
   1573  * Returns          Returns maximum packet size that can be used for current
   1574  *                  connection, 0 if connection is not established
   1575  *
   1576  ******************************************************************************/
   1577 uint16_t btm_get_max_packet_size(BD_ADDR addr) {
   1578   tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
   1579   uint16_t pkt_types = 0;
   1580   uint16_t pkt_size = 0;
   1581   BTM_TRACE_DEBUG("btm_get_max_packet_size");
   1582   if (p != NULL) {
   1583     pkt_types = p->pkt_types_mask;
   1584   } else {
   1585     /* Special case for when info for the local device is requested */
   1586     if (memcmp(controller_get_interface()->get_address(), addr, BD_ADDR_LEN) ==
   1587         0) {
   1588       pkt_types = btm_cb.btm_acl_pkt_types_supported;
   1589     }
   1590   }
   1591 
   1592   if (pkt_types) {
   1593     if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5))
   1594       pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
   1595     else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5))
   1596       pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
   1597     else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3))
   1598       pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
   1599     else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5)
   1600       pkt_size = HCI_DH5_PACKET_SIZE;
   1601     else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3))
   1602       pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
   1603     else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5)
   1604       pkt_size = HCI_DM5_PACKET_SIZE;
   1605     else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3)
   1606       pkt_size = HCI_DH3_PACKET_SIZE;
   1607     else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3)
   1608       pkt_size = HCI_DM3_PACKET_SIZE;
   1609     else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1))
   1610       pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
   1611     else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1))
   1612       pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
   1613     else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1)
   1614       pkt_size = HCI_DH1_PACKET_SIZE;
   1615     else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1)
   1616       pkt_size = HCI_DM1_PACKET_SIZE;
   1617   }
   1618 
   1619   return (pkt_size);
   1620 }
   1621 
   1622 /*******************************************************************************
   1623  *
   1624  * Function         BTM_ReadRemoteVersion
   1625  *
   1626  * Returns          If connected report peer device info
   1627  *
   1628  ******************************************************************************/
   1629 tBTM_STATUS BTM_ReadRemoteVersion(BD_ADDR addr, uint8_t* lmp_version,
   1630                                   uint16_t* manufacturer,
   1631                                   uint16_t* lmp_sub_version) {
   1632   tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
   1633   BTM_TRACE_DEBUG("BTM_ReadRemoteVersion");
   1634   if (p == NULL) return (BTM_UNKNOWN_ADDR);
   1635 
   1636   if (lmp_version) *lmp_version = p->lmp_version;
   1637 
   1638   if (manufacturer) *manufacturer = p->manufacturer;
   1639 
   1640   if (lmp_sub_version) *lmp_sub_version = p->lmp_subversion;
   1641 
   1642   return (BTM_SUCCESS);
   1643 }
   1644 
   1645 /*******************************************************************************
   1646  *
   1647  * Function         BTM_ReadRemoteFeatures
   1648  *
   1649  * Returns          pointer to the remote supported features mask (8 bytes)
   1650  *
   1651  ******************************************************************************/
   1652 uint8_t* BTM_ReadRemoteFeatures(BD_ADDR addr) {
   1653   tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
   1654   BTM_TRACE_DEBUG("BTM_ReadRemoteFeatures");
   1655   if (p == NULL) {
   1656     return (NULL);
   1657   }
   1658 
   1659   return (p->peer_lmp_feature_pages[0]);
   1660 }
   1661 
   1662 /*******************************************************************************
   1663  *
   1664  * Function         BTM_ReadRemoteExtendedFeatures
   1665  *
   1666  * Returns          pointer to the remote extended features mask (8 bytes)
   1667  *                  or NULL if bad page
   1668  *
   1669  ******************************************************************************/
   1670 uint8_t* BTM_ReadRemoteExtendedFeatures(BD_ADDR addr, uint8_t page_number) {
   1671   tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
   1672   BTM_TRACE_DEBUG("BTM_ReadRemoteExtendedFeatures");
   1673   if (p == NULL) {
   1674     return (NULL);
   1675   }
   1676 
   1677   if (page_number > HCI_EXT_FEATURES_PAGE_MAX) {
   1678     BTM_TRACE_ERROR("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown",
   1679                     page_number);
   1680     return NULL;
   1681   }
   1682 
   1683   return (p->peer_lmp_feature_pages[page_number]);
   1684 }
   1685 
   1686 /*******************************************************************************
   1687  *
   1688  * Function         BTM_ReadNumberRemoteFeaturesPages
   1689  *
   1690  * Returns          number of features pages read from the remote device.
   1691  *
   1692  ******************************************************************************/
   1693 uint8_t BTM_ReadNumberRemoteFeaturesPages(BD_ADDR addr) {
   1694   tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
   1695   BTM_TRACE_DEBUG("BTM_ReadNumberRemoteFeaturesPages");
   1696   if (p == NULL) {
   1697     return (0);
   1698   }
   1699 
   1700   return (p->num_read_pages);
   1701 }
   1702 
   1703 /*******************************************************************************
   1704  *
   1705  * Function         BTM_ReadAllRemoteFeatures
   1706  *
   1707  * Returns          pointer to all features of the remote (24 bytes).
   1708  *
   1709  ******************************************************************************/
   1710 uint8_t* BTM_ReadAllRemoteFeatures(BD_ADDR addr) {
   1711   tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
   1712   BTM_TRACE_DEBUG("BTM_ReadAllRemoteFeatures");
   1713   if (p == NULL) {
   1714     return (NULL);
   1715   }
   1716 
   1717   return (p->peer_lmp_feature_pages[0]);
   1718 }
   1719 
   1720 /*******************************************************************************
   1721  *
   1722  * Function         BTM_RegBusyLevelNotif
   1723  *
   1724  * Description      This function is called to register a callback to receive
   1725  *                  busy level change events.
   1726  *
   1727  * Returns          BTM_SUCCESS if successfully registered, otherwise error
   1728  *
   1729  ******************************************************************************/
   1730 tBTM_STATUS BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB* p_cb, uint8_t* p_level,
   1731                                   tBTM_BL_EVENT_MASK evt_mask) {
   1732   BTM_TRACE_DEBUG("BTM_RegBusyLevelNotif");
   1733   if (p_level) *p_level = btm_cb.busy_level;
   1734 
   1735   btm_cb.bl_evt_mask = evt_mask;
   1736 
   1737   if (!p_cb)
   1738     btm_cb.p_bl_changed_cb = NULL;
   1739   else if (btm_cb.p_bl_changed_cb)
   1740     return (BTM_BUSY);
   1741   else
   1742     btm_cb.p_bl_changed_cb = p_cb;
   1743 
   1744   return (BTM_SUCCESS);
   1745 }
   1746 
   1747 /*******************************************************************************
   1748  *
   1749  * Function         BTM_SetQoS
   1750  *
   1751  * Description      This function is called to setup QoS
   1752  *
   1753  * Returns          status of the operation
   1754  *
   1755  ******************************************************************************/
   1756 tBTM_STATUS BTM_SetQoS(BD_ADDR bd, FLOW_SPEC* p_flow, tBTM_CMPL_CB* p_cb) {
   1757   tACL_CONN* p = &btm_cb.acl_db[0];
   1758 
   1759   BTM_TRACE_API("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x", bd[0], bd[1],
   1760                 bd[2], bd[3], bd[4], bd[5]);
   1761 
   1762   /* If someone already waiting on the version, do not allow another */
   1763   if (btm_cb.devcb.p_qos_setup_cmpl_cb) return (BTM_BUSY);
   1764 
   1765   p = btm_bda_to_acl(bd, BT_TRANSPORT_BR_EDR);
   1766   if (p != NULL) {
   1767     btm_cb.devcb.p_qos_setup_cmpl_cb = p_cb;
   1768     alarm_set_on_queue(btm_cb.devcb.qos_setup_timer, BTM_DEV_REPLY_TIMEOUT_MS,
   1769                        btm_qos_setup_timeout, NULL, btu_general_alarm_queue);
   1770 
   1771     btsnd_hcic_qos_setup(p->hci_handle, p_flow->qos_flags, p_flow->service_type,
   1772                          p_flow->token_rate, p_flow->peak_bandwidth,
   1773                          p_flow->latency, p_flow->delay_variation);
   1774     return (BTM_CMD_STARTED);
   1775   }
   1776 
   1777   /* If here, no BD Addr found */
   1778   return (BTM_UNKNOWN_ADDR);
   1779 }
   1780 
   1781 /*******************************************************************************
   1782  *
   1783  * Function         btm_qos_setup_timeout
   1784  *
   1785  * Description      Callback when QoS setup times out.
   1786  *
   1787  * Returns          void
   1788  *
   1789  ******************************************************************************/
   1790 void btm_qos_setup_timeout(UNUSED_ATTR void* data) {
   1791   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb;
   1792   btm_cb.devcb.p_qos_setup_cmpl_cb = NULL;
   1793   if (p_cb) (*p_cb)((void*)NULL);
   1794 }
   1795 
   1796 /*******************************************************************************
   1797  *
   1798  * Function         btm_qos_setup_complete
   1799  *
   1800  * Description      This function is called when the command complete message
   1801  *                  is received from the HCI for the qos setup request.
   1802  *
   1803  * Returns          void
   1804  *
   1805  ******************************************************************************/
   1806 void btm_qos_setup_complete(uint8_t status, uint16_t handle,
   1807                             FLOW_SPEC* p_flow) {
   1808   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb;
   1809   tBTM_QOS_SETUP_CMPL qossu;
   1810 
   1811   BTM_TRACE_DEBUG("%s", __func__);
   1812   alarm_cancel(btm_cb.devcb.qos_setup_timer);
   1813   btm_cb.devcb.p_qos_setup_cmpl_cb = NULL;
   1814 
   1815   /* If there was a registered callback, call it */
   1816   if (p_cb) {
   1817     memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL));
   1818     qossu.status = status;
   1819     qossu.handle = handle;
   1820     if (p_flow != NULL) {
   1821       qossu.flow.qos_flags = p_flow->qos_flags;
   1822       qossu.flow.service_type = p_flow->service_type;
   1823       qossu.flow.token_rate = p_flow->token_rate;
   1824       qossu.flow.peak_bandwidth = p_flow->peak_bandwidth;
   1825       qossu.flow.latency = p_flow->latency;
   1826       qossu.flow.delay_variation = p_flow->delay_variation;
   1827     }
   1828     BTM_TRACE_DEBUG("BTM: p_flow->delay_variation: 0x%02x",
   1829                     qossu.flow.delay_variation);
   1830     (*p_cb)(&qossu);
   1831   }
   1832 }
   1833 
   1834 /*******************************************************************************
   1835  *
   1836  * Function         BTM_ReadRSSI
   1837  *
   1838  * Description      This function is called to read the link policy settings.
   1839  *                  The address of link policy results are returned in the
   1840  *                  callback.
   1841  *                  (tBTM_RSSI_RESULTS)
   1842  *
   1843  * Returns          BTM_CMD_STARTED if successfully initiated or error code
   1844  *
   1845  ******************************************************************************/
   1846 tBTM_STATUS BTM_ReadRSSI(const BD_ADDR remote_bda, tBTM_CMPL_CB* p_cb) {
   1847   tACL_CONN* p;
   1848   tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
   1849   tBT_DEVICE_TYPE dev_type;
   1850   tBLE_ADDR_TYPE addr_type;
   1851   BTM_TRACE_API("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x",
   1852                 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
   1853                 remote_bda[4], remote_bda[5]);
   1854 
   1855   /* If someone already waiting on the version, do not allow another */
   1856   if (btm_cb.devcb.p_rssi_cmpl_cb) return (BTM_BUSY);
   1857 
   1858   BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
   1859   if (dev_type == BT_DEVICE_TYPE_BLE) transport = BT_TRANSPORT_LE;
   1860 
   1861   p = btm_bda_to_acl(remote_bda, transport);
   1862   if (p != (tACL_CONN*)NULL) {
   1863     btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
   1864     alarm_set_on_queue(btm_cb.devcb.read_rssi_timer, BTM_DEV_REPLY_TIMEOUT_MS,
   1865                        btm_read_rssi_timeout, NULL, btu_general_alarm_queue);
   1866 
   1867     btsnd_hcic_read_rssi(p->hci_handle);
   1868     return (BTM_CMD_STARTED);
   1869   }
   1870 
   1871   /* If here, no BD Addr found */
   1872   return (BTM_UNKNOWN_ADDR);
   1873 }
   1874 
   1875 /*******************************************************************************
   1876  *
   1877  * Function         BTM_ReadLinkQuality
   1878  *
   1879  * Description      This function is called to read the link qulaity.
   1880  *                  The value of the link quality is returned in the callback.
   1881  *                  (tBTM_LINK_QUALITY_RESULTS)
   1882  *
   1883  * Returns          BTM_CMD_STARTED if successfully initiated or error code
   1884  *
   1885  ******************************************************************************/
   1886 tBTM_STATUS BTM_ReadLinkQuality(BD_ADDR remote_bda, tBTM_CMPL_CB* p_cb) {
   1887   tACL_CONN* p;
   1888 
   1889   BTM_TRACE_API("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x",
   1890                 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
   1891                 remote_bda[4], remote_bda[5]);
   1892 
   1893   /* If someone already waiting on the version, do not allow another */
   1894   if (btm_cb.devcb.p_link_qual_cmpl_cb) return (BTM_BUSY);
   1895 
   1896   p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
   1897   if (p != (tACL_CONN*)NULL) {
   1898     btm_cb.devcb.p_link_qual_cmpl_cb = p_cb;
   1899     alarm_set_on_queue(btm_cb.devcb.read_link_quality_timer,
   1900                        BTM_DEV_REPLY_TIMEOUT_MS, btm_read_link_quality_timeout,
   1901                        NULL, btu_general_alarm_queue);
   1902 
   1903     btsnd_hcic_get_link_quality(p->hci_handle);
   1904     return (BTM_CMD_STARTED);
   1905   }
   1906 
   1907   /* If here, no BD Addr found */
   1908   return (BTM_UNKNOWN_ADDR);
   1909 }
   1910 
   1911 /*******************************************************************************
   1912  *
   1913  * Function         BTM_ReadTxPower
   1914  *
   1915  * Description      This function is called to read the current
   1916  *                  TX power of the connection. The tx power level results
   1917  *                  are returned in the callback.
   1918  *                  (tBTM_RSSI_RESULTS)
   1919  *
   1920  * Returns          BTM_CMD_STARTED if successfully initiated or error code
   1921  *
   1922  ******************************************************************************/
   1923 tBTM_STATUS BTM_ReadTxPower(BD_ADDR remote_bda, tBT_TRANSPORT transport,
   1924                             tBTM_CMPL_CB* p_cb) {
   1925   tACL_CONN* p;
   1926 #define BTM_READ_RSSI_TYPE_CUR 0x00
   1927 #define BTM_READ_RSSI_TYPE_MAX 0X01
   1928 
   1929   BTM_TRACE_API("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x",
   1930                 remote_bda[0], remote_bda[1], remote_bda[2], remote_bda[3],
   1931                 remote_bda[4], remote_bda[5]);
   1932 
   1933   /* If someone already waiting on the version, do not allow another */
   1934   if (btm_cb.devcb.p_tx_power_cmpl_cb) return (BTM_BUSY);
   1935 
   1936   p = btm_bda_to_acl(remote_bda, transport);
   1937   if (p != (tACL_CONN*)NULL) {
   1938     btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
   1939     alarm_set_on_queue(btm_cb.devcb.read_tx_power_timer,
   1940                        BTM_DEV_REPLY_TIMEOUT_MS, btm_read_tx_power_timeout,
   1941                        NULL, btu_general_alarm_queue);
   1942 
   1943     if (p->transport == BT_TRANSPORT_LE) {
   1944       memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN);
   1945       btsnd_hcic_ble_read_adv_chnl_tx_power();
   1946     } else {
   1947       btsnd_hcic_read_tx_power(p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
   1948     }
   1949 
   1950     return (BTM_CMD_STARTED);
   1951   }
   1952 
   1953   /* If here, no BD Addr found */
   1954   return (BTM_UNKNOWN_ADDR);
   1955 }
   1956 
   1957 /*******************************************************************************
   1958  *
   1959  * Function         btm_read_tx_power_timeout
   1960  *
   1961  * Description      Callback when reading the tx power times out.
   1962  *
   1963  * Returns          void
   1964  *
   1965  ******************************************************************************/
   1966 void btm_read_tx_power_timeout(UNUSED_ATTR void* data) {
   1967   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
   1968   btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
   1969   if (p_cb) (*p_cb)((void*)NULL);
   1970 }
   1971 
   1972 /*******************************************************************************
   1973  *
   1974  * Function         btm_read_tx_power_complete
   1975  *
   1976  * Description      This function is called when the command complete message
   1977  *                  is received from the HCI for the read tx power request.
   1978  *
   1979  * Returns          void
   1980  *
   1981  ******************************************************************************/
   1982 void btm_read_tx_power_complete(uint8_t* p, bool is_ble) {
   1983   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
   1984   tBTM_TX_POWER_RESULTS results;
   1985   uint16_t handle;
   1986   tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
   1987   uint16_t index;
   1988 
   1989   BTM_TRACE_DEBUG("%s", __func__);
   1990   alarm_cancel(btm_cb.devcb.read_tx_power_timer);
   1991   btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
   1992 
   1993   /* If there was a registered callback, call it */
   1994   if (p_cb) {
   1995     STREAM_TO_UINT8(results.hci_status, p);
   1996 
   1997     if (results.hci_status == HCI_SUCCESS) {
   1998       results.status = BTM_SUCCESS;
   1999 
   2000       if (!is_ble) {
   2001         STREAM_TO_UINT16(handle, p);
   2002         STREAM_TO_UINT8(results.tx_power, p);
   2003 
   2004         /* Search through the list of active channels for the correct BD Addr */
   2005         for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) {
   2006           if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) {
   2007             memcpy(results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
   2008             break;
   2009           }
   2010         }
   2011       } else {
   2012         STREAM_TO_UINT8(results.tx_power, p);
   2013         memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN);
   2014       }
   2015       BTM_TRACE_DEBUG("BTM TX power Complete: tx_power %d, hci status 0x%02x",
   2016                       results.tx_power, results.hci_status);
   2017     } else
   2018       results.status = BTM_ERR_PROCESSING;
   2019 
   2020     (*p_cb)(&results);
   2021   }
   2022 }
   2023 
   2024 /*******************************************************************************
   2025  *
   2026  * Function         btm_read_rssi_timeout
   2027  *
   2028  * Description      Callback when reading the RSSI times out.
   2029  *
   2030  * Returns          void
   2031  *
   2032  ******************************************************************************/
   2033 void btm_read_rssi_timeout(UNUSED_ATTR void* data) {
   2034   tBTM_RSSI_RESULTS  results;
   2035   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
   2036   btm_cb.devcb.p_rssi_cmpl_cb = NULL;
   2037   results.status = BTM_DEVICE_TIMEOUT;
   2038   if (p_cb)
   2039       (*p_cb)(&results);
   2040 }
   2041 
   2042 /*******************************************************************************
   2043  *
   2044  * Function         btm_read_rssi_complete
   2045  *
   2046  * Description      This function is called when the command complete message
   2047  *                  is received from the HCI for the read rssi request.
   2048  *
   2049  * Returns          void
   2050  *
   2051  ******************************************************************************/
   2052 void btm_read_rssi_complete(uint8_t* p) {
   2053   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
   2054   tBTM_RSSI_RESULTS results;
   2055   uint16_t handle;
   2056   tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
   2057   uint16_t index;
   2058 
   2059   BTM_TRACE_DEBUG("%s", __func__);
   2060   alarm_cancel(btm_cb.devcb.read_rssi_timer);
   2061   btm_cb.devcb.p_rssi_cmpl_cb = NULL;
   2062 
   2063   /* If there was a registered callback, call it */
   2064   if (p_cb) {
   2065     STREAM_TO_UINT8(results.hci_status, p);
   2066 
   2067     if (results.hci_status == HCI_SUCCESS) {
   2068       results.status = BTM_SUCCESS;
   2069 
   2070       STREAM_TO_UINT16(handle, p);
   2071 
   2072       STREAM_TO_UINT8(results.rssi, p);
   2073       BTM_TRACE_DEBUG("BTM RSSI Complete: rssi %d, hci status 0x%02x",
   2074                       results.rssi, results.hci_status);
   2075 
   2076       /* Search through the list of active channels for the correct BD Addr */
   2077       for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) {
   2078         if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) {
   2079           memcpy(results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
   2080           break;
   2081         }
   2082       }
   2083     } else
   2084       results.status = BTM_ERR_PROCESSING;
   2085 
   2086     (*p_cb)(&results);
   2087   }
   2088 }
   2089 
   2090 /*******************************************************************************
   2091  *
   2092  * Function         btm_read_link_quality_timeout
   2093  *
   2094  * Description      Callback when reading the link quality times out.
   2095  *
   2096  * Returns          void
   2097  *
   2098  ******************************************************************************/
   2099 void btm_read_link_quality_timeout(UNUSED_ATTR void* data) {
   2100   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
   2101   btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
   2102   if (p_cb) (*p_cb)((void*)NULL);
   2103 }
   2104 
   2105 /*******************************************************************************
   2106  *
   2107  * Function         btm_read_link_quality_complete
   2108  *
   2109  * Description      This function is called when the command complete message
   2110  *                  is received from the HCI for the read link quality.
   2111  *
   2112  * Returns          void
   2113  *
   2114  ******************************************************************************/
   2115 void btm_read_link_quality_complete(uint8_t* p) {
   2116   tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
   2117   tBTM_LINK_QUALITY_RESULTS results;
   2118   uint16_t handle;
   2119   tACL_CONN* p_acl_cb = &btm_cb.acl_db[0];
   2120   uint16_t index;
   2121 
   2122   BTM_TRACE_DEBUG("%s", __func__);
   2123   alarm_cancel(btm_cb.devcb.read_link_quality_timer);
   2124   btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
   2125 
   2126   /* If there was a registered callback, call it */
   2127   if (p_cb) {
   2128     STREAM_TO_UINT8(results.hci_status, p);
   2129 
   2130     if (results.hci_status == HCI_SUCCESS) {
   2131       results.status = BTM_SUCCESS;
   2132 
   2133       STREAM_TO_UINT16(handle, p);
   2134 
   2135       STREAM_TO_UINT8(results.link_quality, p);
   2136       BTM_TRACE_DEBUG(
   2137           "BTM Link Quality Complete: Link Quality %d, hci status 0x%02x",
   2138           results.link_quality, results.hci_status);
   2139 
   2140       /* Search through the list of active channels for the correct BD Addr */
   2141       for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) {
   2142         if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) {
   2143           memcpy(results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN);
   2144           break;
   2145         }
   2146       }
   2147     } else
   2148       results.status = BTM_ERR_PROCESSING;
   2149 
   2150     (*p_cb)(&results);
   2151   }
   2152 }
   2153 
   2154 /*******************************************************************************
   2155  *
   2156  * Function         btm_remove_acl
   2157  *
   2158  * Description      This function is called to disconnect an ACL connection
   2159  *
   2160  * Returns          BTM_SUCCESS if successfully initiated, otherwise
   2161  *                  BTM_NO_RESOURCES.
   2162  *
   2163  ******************************************************************************/
   2164 tBTM_STATUS btm_remove_acl(BD_ADDR bd_addr, tBT_TRANSPORT transport) {
   2165   uint16_t hci_handle = BTM_GetHCIConnHandle(bd_addr, transport);
   2166   tBTM_STATUS status = BTM_SUCCESS;
   2167 
   2168   BTM_TRACE_DEBUG("btm_remove_acl");
   2169 #if (BTM_DISC_DURING_RS == TRUE)
   2170   tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
   2171 
   2172   /* Role Switch is pending, postpone until completed */
   2173   if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING)) {
   2174     p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING;
   2175   } else /* otherwise can disconnect right away */
   2176 #endif
   2177   {
   2178     if (hci_handle != 0xFFFF && p_dev_rec &&
   2179         p_dev_rec->sec_state != BTM_SEC_STATE_DISCONNECTING) {
   2180       btsnd_hcic_disconnect(hci_handle, HCI_ERR_PEER_USER);
   2181     } else
   2182       status = BTM_UNKNOWN_ADDR;
   2183   }
   2184 
   2185   return status;
   2186 }
   2187 
   2188 /*******************************************************************************
   2189  *
   2190  * Function         BTM_SetTraceLevel
   2191  *
   2192  * Description      This function sets the trace level for BTM.  If called with
   2193  *                  a value of 0xFF, it simply returns the current trace level.
   2194  *
   2195  * Returns          The new or current trace level
   2196  *
   2197  ******************************************************************************/
   2198 uint8_t BTM_SetTraceLevel(uint8_t new_level) {
   2199   BTM_TRACE_DEBUG("BTM_SetTraceLevel");
   2200   if (new_level != 0xFF) btm_cb.trace_level = new_level;
   2201 
   2202   return (btm_cb.trace_level);
   2203 }
   2204 
   2205 /*******************************************************************************
   2206  *
   2207  * Function         btm_cont_rswitch
   2208  *
   2209  * Description      This function is called to continue processing an active
   2210  *                  role switch. It first disables encryption if enabled and
   2211  *                  EPR is not supported
   2212  *
   2213  * Returns          void
   2214  *
   2215  ******************************************************************************/
   2216 void btm_cont_rswitch(tACL_CONN* p, tBTM_SEC_DEV_REC* p_dev_rec,
   2217                       uint8_t hci_status) {
   2218   BTM_TRACE_DEBUG("btm_cont_rswitch");
   2219   /* Check to see if encryption needs to be turned off if pending
   2220      change of link key or role switch */
   2221   if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) {
   2222     /* Must turn off Encryption first if necessary */
   2223     /* Some devices do not support switch or change of link key while encryption
   2224      * is on */
   2225     if (p_dev_rec != NULL &&
   2226         ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) &&
   2227         !BTM_EPR_AVAILABLE(p)) {
   2228       btsnd_hcic_set_conn_encrypt(p->hci_handle, false);
   2229       p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF;
   2230       if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE)
   2231         p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF;
   2232     } else /* Encryption not used or EPR supported, continue with switch
   2233               and/or change of link key */
   2234     {
   2235       if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) {
   2236         p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS;
   2237 #if (BTM_DISC_DURING_RS == TRUE)
   2238         if (p_dev_rec) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING;
   2239 #endif
   2240         btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role);
   2241       }
   2242     }
   2243   }
   2244 }
   2245 
   2246 /*******************************************************************************
   2247  *
   2248  * Function         btm_acl_resubmit_page
   2249  *
   2250  * Description      send pending page request
   2251  *
   2252  ******************************************************************************/
   2253 void btm_acl_resubmit_page(void) {
   2254   tBTM_SEC_DEV_REC* p_dev_rec;
   2255   BT_HDR* p_buf;
   2256   uint8_t* pp;
   2257   BD_ADDR bda;
   2258   BTM_TRACE_DEBUG("btm_acl_resubmit_page");
   2259   /* If there were other page request schedule can start the next one */
   2260   p_buf = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue);
   2261   if (p_buf != NULL) {
   2262     /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
   2263      * for both create_conn and rmt_name */
   2264     pp = (uint8_t*)(p_buf + 1) + p_buf->offset + 3;
   2265 
   2266     STREAM_TO_BDADDR(bda, pp);
   2267 
   2268     p_dev_rec = btm_find_or_alloc_dev(bda);
   2269 
   2270     memcpy(btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
   2271     memcpy(btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN);
   2272 
   2273     btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
   2274   } else
   2275     btm_cb.paging = false;
   2276 }
   2277 
   2278 /*******************************************************************************
   2279  *
   2280  * Function         btm_acl_reset_paging
   2281  *
   2282  * Description      set paging to false and free the page queue - called at
   2283  *                  hci_reset
   2284  *
   2285  ******************************************************************************/
   2286 void btm_acl_reset_paging(void) {
   2287   BT_HDR* p;
   2288   BTM_TRACE_DEBUG("btm_acl_reset_paging");
   2289   /* If we sent reset we are definitely not paging any more */
   2290   while ((p = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL)
   2291     osi_free(p);
   2292 
   2293   btm_cb.paging = false;
   2294 }
   2295 
   2296 /*******************************************************************************
   2297  *
   2298  * Function         btm_acl_paging
   2299  *
   2300  * Description      send a paging command or queue it in btm_cb
   2301  *
   2302  ******************************************************************************/
   2303 void btm_acl_paging(BT_HDR* p, BD_ADDR bda) {
   2304   tBTM_SEC_DEV_REC* p_dev_rec;
   2305 
   2306   BTM_TRACE_DEBUG("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x",
   2307                   btm_cb.discing, btm_cb.paging,
   2308                   (bda[0] << 16) + (bda[1] << 8) + bda[2],
   2309                   (bda[3] << 16) + (bda[4] << 8) + bda[5]);
   2310   if (btm_cb.discing) {
   2311     btm_cb.paging = true;
   2312     fixed_queue_enqueue(btm_cb.page_queue, p);
   2313   } else {
   2314     if (!BTM_ACL_IS_CONNECTED(bda)) {
   2315       BTM_TRACE_DEBUG(
   2316           "connecting_bda: %06x%06x",
   2317           (btm_cb.connecting_bda[0] << 16) + (btm_cb.connecting_bda[1] << 8) +
   2318               btm_cb.connecting_bda[2],
   2319           (btm_cb.connecting_bda[3] << 16) + (btm_cb.connecting_bda[4] << 8) +
   2320               btm_cb.connecting_bda[5]);
   2321       if (btm_cb.paging &&
   2322           memcmp(bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0) {
   2323         fixed_queue_enqueue(btm_cb.page_queue, p);
   2324       } else {
   2325         p_dev_rec = btm_find_or_alloc_dev(bda);
   2326         memcpy(btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
   2327         memcpy(btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN);
   2328 
   2329         btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
   2330       }
   2331 
   2332       btm_cb.paging = true;
   2333     } else /* ACL is already up */
   2334     {
   2335       btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
   2336     }
   2337   }
   2338 }
   2339 
   2340 /*******************************************************************************
   2341  *
   2342  * Function         btm_acl_notif_conn_collision
   2343  *
   2344  * Description      Send connection collision event to upper layer if registered
   2345  *
   2346  * Returns          true if sent out to upper layer,
   2347  *                  false if no one needs the notification.
   2348  *
   2349  ******************************************************************************/
   2350 bool btm_acl_notif_conn_collision(BD_ADDR bda) {
   2351   tBTM_BL_EVENT_DATA evt_data;
   2352 
   2353   /* Report possible collision to the upper layer. */
   2354   if (btm_cb.p_bl_changed_cb) {
   2355     BTM_TRACE_DEBUG(
   2356         "btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x",
   2357         bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
   2358 
   2359     evt_data.event = BTM_BL_COLLISION_EVT;
   2360     evt_data.conn.p_bda = bda;
   2361     evt_data.conn.transport = BT_TRANSPORT_BR_EDR;
   2362     evt_data.conn.handle = BTM_INVALID_HCI_HANDLE;
   2363     (*btm_cb.p_bl_changed_cb)(&evt_data);
   2364     return true;
   2365   } else
   2366     return false;
   2367 }
   2368 
   2369 /*******************************************************************************
   2370  *
   2371  * Function         btm_acl_chk_peer_pkt_type_support
   2372  *
   2373  * Description      Check if peer supports requested packets
   2374  *
   2375  ******************************************************************************/
   2376 void btm_acl_chk_peer_pkt_type_support(tACL_CONN* p, uint16_t* p_pkt_type) {
   2377   /* 3 and 5 slot packets? */
   2378   if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_feature_pages[0]))
   2379     *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 + BTM_ACL_PKT_TYPES_MASK_DM3);
   2380 
   2381   if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_feature_pages[0]))
   2382     *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5);
   2383 
   2384   /* 2 and 3 MPS support? */
   2385   if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_feature_pages[0]))
   2386     /* Not supported. Add 'not_supported' mask for all 2MPS packet types */
   2387     *p_pkt_type |=
   2388         (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 +
   2389          BTM_ACL_PKT_TYPES_MASK_NO_2_DH5);
   2390 
   2391   if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_feature_pages[0]))
   2392     /* Not supported. Add 'not_supported' mask for all 3MPS packet types */
   2393     *p_pkt_type |=
   2394         (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 +
   2395          BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
   2396 
   2397   /* EDR 3 and 5 slot support? */
   2398   if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_feature_pages[0]) ||
   2399       HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_feature_pages[0])) {
   2400     if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_feature_pages[0]))
   2401       /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types
   2402        */
   2403       *p_pkt_type |=
   2404           (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3);
   2405 
   2406     if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_feature_pages[0]))
   2407       /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types
   2408        */
   2409       *p_pkt_type |=
   2410           (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5);
   2411   }
   2412 }
   2413