1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2014 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains the action functions for device manager state 22 * machine. 23 * 24 ******************************************************************************/ 25 26 #define LOG_TAG "bt_bta_dm" 27 28 #include <base/bind.h> 29 #include <base/callback.h> 30 #include <base/logging.h> 31 #include <string.h> 32 33 #include "bt_common.h" 34 #include "bt_target.h" 35 #include "bt_types.h" 36 #include "bta_api.h" 37 #include "bta_dm_api.h" 38 #include "bta_dm_co.h" 39 #include "bta_dm_int.h" 40 #include "bta_sys.h" 41 #include "btm_api.h" 42 #include "btm_int.h" 43 #include "btu.h" 44 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */ 45 #include "l2c_api.h" 46 #include "osi/include/log.h" 47 #include "osi/include/osi.h" 48 #include "sdp_api.h" 49 #include "utl.h" 50 51 #if (GAP_INCLUDED == TRUE) 52 #include "gap_api.h" 53 #endif 54 55 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 56 uint16_t eir_len); 57 static void bta_dm_inq_cmpl_cb(void* p_result); 58 static void bta_dm_service_search_remname_cback(BD_ADDR bd_addr, DEV_CLASS dc, 59 BD_NAME bd_name); 60 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name); 61 static void bta_dm_find_services(BD_ADDR bd_addr); 62 static void bta_dm_discover_next_device(void); 63 static void bta_dm_sdp_callback(uint16_t sdp_status); 64 static uint8_t bta_dm_authorize_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, 65 BD_NAME bd_name, uint8_t* service_name, 66 uint8_t service_id, bool is_originator); 67 static uint8_t bta_dm_pin_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, 68 BD_NAME bd_name, bool min_16_digit); 69 static uint8_t bta_dm_new_link_key_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, 70 BD_NAME bd_name, LINK_KEY key, 71 uint8_t key_type); 72 static uint8_t bta_dm_authentication_complete_cback(BD_ADDR bd_addr, 73 DEV_CLASS dev_class, 74 BD_NAME bd_name, 75 int result); 76 static void bta_dm_local_name_cback(BD_ADDR bd_addr); 77 static bool bta_dm_check_av(uint16_t event); 78 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data); 79 80 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 81 uint8_t app_id, BD_ADDR peer_addr); 82 83 /* Extended Inquiry Response */ 84 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 85 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data); 86 #endif 87 88 static void bta_dm_set_eir(char* local_name); 89 90 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result, 91 tBTA_SERVICE_MASK* p_services_to_search, 92 tBTA_SERVICE_MASK* p_services_found); 93 94 static void bta_dm_search_timer_cback(void* data); 95 static void bta_dm_disable_conn_down_timer_cback(void* data); 96 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 97 uint8_t app_id, BD_ADDR peer_addr); 98 static void bta_dm_adjust_roles(bool delay_role_switch); 99 static char* bta_dm_get_remname(void); 100 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result); 101 102 static bool bta_dm_read_remote_device_name(BD_ADDR bd_addr, 103 tBT_TRANSPORT transport); 104 static void bta_dm_discover_device(BD_ADDR remote_bd_addr); 105 106 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status); 107 static void bta_dm_disable_search_and_disc(void); 108 109 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, BD_ADDR bda, 110 tBTM_LE_EVT_DATA* p_data); 111 static void bta_dm_ble_id_key_cback(uint8_t key_type, 112 tBTM_BLE_LOCAL_KEYS* p_key); 113 static void bta_dm_gattc_register(void); 114 static void btm_dm_start_gatt_discovery(BD_ADDR bd_addr); 115 static void bta_dm_cancel_gatt_discovery(BD_ADDR bd_addr); 116 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data); 117 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void); 118 119 #if (BLE_VND_INCLUDED == TRUE) 120 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result); 121 #endif 122 123 #ifndef BTA_DM_BLE_ADV_CHNL_MAP 124 #define BTA_DM_BLE_ADV_CHNL_MAP \ 125 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39) 126 #endif 127 128 /* Disable timer interval (in milliseconds) */ 129 #ifndef BTA_DM_DISABLE_TIMER_MS 130 #define BTA_DM_DISABLE_TIMER_MS 5000 131 #endif 132 133 /* Disable timer retrial interval (in milliseconds) */ 134 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS 135 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500 136 #endif 137 138 /* Disable connection down timer (in milliseconds) */ 139 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 140 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000 141 #endif 142 143 /* Switch delay timer (in milliseconds) */ 144 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS 145 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500 146 #endif 147 148 static void bta_dm_reset_sec_dev_pending(BD_ADDR remote_bd_addr); 149 static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr); 150 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 151 uint16_t eir_len); 152 static void bta_dm_observe_cmpl_cb(void* p_result); 153 static void bta_dm_delay_role_switch_cback(void* data); 154 static void bta_dm_disable_timer_cback(void* data); 155 156 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = { 157 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */ 158 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */ 159 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */ 160 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */ 161 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */ 162 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */ 163 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */ 164 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */ 165 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */ 166 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */ 167 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */ 168 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */ 169 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */ 170 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */ 171 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */ 172 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */ 173 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */ 174 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */ 175 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */ 176 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */ 177 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */ 178 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */ 179 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */ 180 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */ 181 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */ 182 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */ 183 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */ 184 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */ 185 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */ 186 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */ 187 }; 188 189 /* 190 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should 191 * be matching with 192 * the value BTA_MAX_SERVICE_ID in bta_api.h 193 * 194 * i.e., If you add new Service ID for BTA, the correct security ID of 195 * the new service 196 * from Security service definitions (btm_api.h) should be added to 197 * this lookup table. 198 */ 199 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = { 200 0, /* Reserved */ 201 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */ 202 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */ 203 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */ 204 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */ 205 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */ 206 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */ 207 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */ 208 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */ 209 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */ 210 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */ 211 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */ 212 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */ 213 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */ 214 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */ 215 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */ 216 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */ 217 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */ 218 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */ 219 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */ 220 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */ 221 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */ 222 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */ 223 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */ 224 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */ 225 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */ 226 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */ 227 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */ 228 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */ 229 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */ 230 }; 231 232 /* bta security callback */ 233 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback, 234 &bta_dm_pin_cback, 235 &bta_dm_new_link_key_cback, 236 &bta_dm_authentication_complete_cback, 237 &bta_dm_bond_cancel_complete_cback, 238 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 239 &bta_dm_sp_cback, 240 #else 241 NULL, 242 #endif 243 &bta_dm_ble_smp_cback, 244 &bta_dm_ble_id_key_cback}; 245 246 #define MAX_DISC_RAW_DATA_BUF (4096) 247 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF]; 248 249 extern DEV_CLASS local_device_default_class; 250 extern fixed_queue_t* btu_bta_alarm_queue; 251 252 /******************************************************************************* 253 * 254 * Function bta_dm_enable 255 * 256 * Description Initialises the BT device manager 257 * 258 * 259 * Returns void 260 * 261 ******************************************************************************/ 262 void bta_dm_enable(tBTA_DM_MSG* p_data) { 263 tBTA_DM_ENABLE enable_event; 264 265 /* if already in use, return an error */ 266 if (bta_dm_cb.is_bta_dm_active == true) { 267 APPL_TRACE_WARNING("%s Device already started by another application", 268 __func__); 269 memset(&enable_event, 0, sizeof(tBTA_DM_ENABLE)); 270 enable_event.status = BTA_FAILURE; 271 if (p_data->enable.p_sec_cback != NULL) 272 p_data->enable.p_sec_cback(BTA_DM_ENABLE_EVT, 273 (tBTA_DM_SEC*)&enable_event); 274 return; 275 } 276 277 /* first, register our callback to SYS HW manager */ 278 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback); 279 280 /* make sure security callback is saved - if no callback, do not erase the 281 previous one, 282 it could be an error recovery mechanism */ 283 if (p_data->enable.p_sec_cback != NULL) 284 bta_dm_cb.p_sec_cback = p_data->enable.p_sec_cback; 285 /* notify BTA DM is now active */ 286 bta_dm_cb.is_bta_dm_active = true; 287 288 /* send a message to BTA SYS */ 289 tBTA_SYS_HW_MSG* sys_enable_event = 290 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG)); 291 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT; 292 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH; 293 294 bta_sys_sendmsg(sys_enable_event); 295 } 296 297 /******************************************************************************* 298 * 299 * Function bta_dm_init_cb 300 * 301 * Description Initializes the bta_dm_cb control block 302 * 303 * 304 * Returns void 305 * 306 ******************************************************************************/ 307 void bta_dm_init_cb(void) { 308 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); 309 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer"); 310 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer"); 311 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) { 312 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) { 313 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer"); 314 } 315 } 316 } 317 318 /******************************************************************************* 319 * 320 * Function bta_dm_deinit_cb 321 * 322 * Description De-initializes the bta_dm_cb control block 323 * 324 * 325 * Returns void 326 * 327 ******************************************************************************/ 328 void bta_dm_deinit_cb(void) { 329 /* 330 * TODO: Should alarm_free() the bta_dm_cb timers during graceful 331 * shutdown. 332 */ 333 alarm_free(bta_dm_cb.disable_timer); 334 alarm_free(bta_dm_cb.switch_delay_timer); 335 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) { 336 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) { 337 alarm_free(bta_dm_cb.pm_timer[i].timer[j]); 338 } 339 } 340 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); 341 } 342 343 /******************************************************************************* 344 * 345 * Function bta_dm_sys_hw_cback 346 * 347 * Description callback register to SYS to get HW status updates 348 * 349 * 350 * Returns void 351 * 352 ******************************************************************************/ 353 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) { 354 DEV_CLASS dev_class; 355 tBTA_DM_SEC_CBACK* temp_cback; 356 uint8_t key_mask = 0; 357 BT_OCTET16 er; 358 tBTA_BLE_LOCAL_ID_KEYS id_key; 359 360 APPL_TRACE_DEBUG("%s with event: %i", __func__, status); 361 362 /* On H/W error evt, report to the registered DM application callback */ 363 if (status == BTA_SYS_HW_ERROR_EVT) { 364 if (bta_dm_cb.p_sec_cback != NULL) 365 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL); 366 return; 367 } 368 369 if (status == BTA_SYS_HW_OFF_EVT) { 370 if (bta_dm_cb.p_sec_cback != NULL) 371 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL); 372 373 /* reinitialize the control block */ 374 bta_dm_deinit_cb(); 375 376 /* hw is ready, go on with BTA DM initialization */ 377 alarm_free(bta_dm_search_cb.search_timer); 378 alarm_free(bta_dm_search_cb.gatt_close_timer); 379 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb)); 380 381 /* unregister from SYS */ 382 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH); 383 /* notify BTA DM is now unactive */ 384 bta_dm_cb.is_bta_dm_active = false; 385 } else if (status == BTA_SYS_HW_ON_EVT) { 386 /* FIXME: We should not unregister as the SYS shall invoke this callback on 387 * a H/W error. 388 * We need to revisit when this platform has more than one BLuetooth H/W 389 * chip 390 */ 391 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH); 392 393 /* save security callback */ 394 temp_cback = bta_dm_cb.p_sec_cback; 395 /* make sure the control block is properly initialized */ 396 bta_dm_init_cb(); 397 /* and retrieve the callback */ 398 bta_dm_cb.p_sec_cback = temp_cback; 399 bta_dm_cb.is_bta_dm_active = true; 400 401 /* hw is ready, go on with BTA DM initialization */ 402 alarm_free(bta_dm_search_cb.search_timer); 403 alarm_free(bta_dm_search_cb.gatt_close_timer); 404 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb)); 405 /* 406 * TODO: Should alarm_free() the bta_dm_search_cb timers during 407 * graceful shutdown. 408 */ 409 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer"); 410 bta_dm_search_cb.gatt_close_timer = 411 alarm_new("bta_dm_search.gatt_close_timer"); 412 413 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs)); 414 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB)); 415 416 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class)); 417 BTM_SetDeviceClass(dev_class); 418 419 /* load BLE local information: ID keys, ER if available */ 420 bta_dm_co_ble_load_local_keys(&key_mask, er, &id_key); 421 422 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) { 423 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER, 424 (tBTM_BLE_LOCAL_KEYS*)&er); 425 } 426 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) { 427 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID, 428 (tBTM_BLE_LOCAL_KEYS*)&id_key); 429 } 430 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID; 431 432 BTM_SecRegister((tBTM_APPL_INFO*)&bta_security); 433 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout); 434 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout); 435 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings; 436 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy); 437 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL, 438 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK); 439 440 #if (BLE_VND_INCLUDED == TRUE) 441 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback); 442 #else 443 /* If VSC multi adv commands are available, advertising will be initialized 444 * when capabilities are read. If they are not avaliable, initialize 445 * advertising here */ 446 btm_ble_adv_init(); 447 #endif 448 449 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the 450 bd_addr 451 from the control block and invoking the callback which was sending the 452 DM_ENABLE_EVT. 453 But then we have a few HCI commands being invoked above which were still 454 in progress 455 when the ENABLE_EVT was sent. So modified this to fetch the local name 456 which forces 457 the DM_ENABLE_EVT to be sent only after all the init steps are complete 458 */ 459 BTM_ReadLocalDeviceNameFromController( 460 (tBTM_CMPL_CB*)bta_dm_local_name_cback); 461 462 bta_sys_rm_register((tBTA_SYS_CONN_CBACK*)bta_dm_rm_cback); 463 464 /* initialize bluetooth low power manager */ 465 bta_dm_init_pm(); 466 467 bta_sys_policy_register((tBTA_SYS_CONN_CBACK*)bta_dm_policy_cback); 468 469 bta_dm_gattc_register(); 470 471 } else 472 APPL_TRACE_DEBUG(" --- ignored event"); 473 } 474 475 /******************************************************************************* 476 * 477 * Function bta_dm_disable 478 * 479 * Description Disables the BT device manager 480 * 481 * 482 * Returns void 483 * 484 ******************************************************************************/ 485 void bta_dm_disable(UNUSED_ATTR tBTA_DM_MSG* p_data) { 486 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after 487 * last channel is closed) */ 488 L2CA_SetIdleTimeoutByBdAddr((uint8_t*)BT_BD_ANY, 0, BT_TRANSPORT_BR_EDR); 489 L2CA_SetIdleTimeoutByBdAddr((uint8_t*)BT_BD_ANY, 0, BT_TRANSPORT_LE); 490 491 /* disable all active subsystems */ 492 bta_sys_disable(BTA_SYS_HW_BLUETOOTH); 493 494 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0); 495 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0); 496 497 bta_dm_disable_pm(); 498 bta_dm_disable_search_and_disc(); 499 bta_dm_cb.disabling = true; 500 501 BTM_BleClearBgConnDev(); 502 503 if (BTM_GetNumAclLinks() == 0) { 504 #if (BTA_DISABLE_DELAY > 0) 505 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the 506 * shutdown by 507 * BTA_DISABLE_DELAY milliseconds 508 */ 509 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__, 510 BTA_DISABLE_DELAY); 511 alarm_set_on_queue(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY, 512 bta_dm_disable_conn_down_timer_cback, NULL, 513 btu_bta_alarm_queue); 514 #else 515 bta_dm_disable_conn_down_timer_cback(NULL); 516 #endif 517 } else { 518 alarm_set_on_queue(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS, 519 bta_dm_disable_timer_cback, UINT_TO_PTR(0), 520 btu_bta_alarm_queue); 521 } 522 } 523 524 /******************************************************************************* 525 * 526 * Function bta_dm_disable_timer_cback 527 * 528 * Description Called if the disable timer expires 529 * Used to close ACL connections which are still active 530 * 531 * 532 * 533 * Returns void 534 * 535 ******************************************************************************/ 536 static void bta_dm_disable_timer_cback(void* data) { 537 uint8_t i; 538 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 539 bool trigger_disc = false; 540 uint32_t param = PTR_TO_UINT(data); 541 542 APPL_TRACE_EVENT("%s trial %u", __func__, param); 543 544 if (BTM_GetNumAclLinks() && (param == 0)) { 545 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 546 transport = bta_dm_cb.device_list.peer_device[i].transport; 547 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 548 transport); 549 trigger_disc = true; 550 } 551 552 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still 553 need 554 to be sent out to avoid jave layer disable timeout */ 555 if (trigger_disc) { 556 alarm_set_on_queue( 557 bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_RETRIAL_MS, 558 bta_dm_disable_timer_cback, UINT_TO_PTR(1), btu_bta_alarm_queue); 559 } 560 } else { 561 bta_dm_cb.disabling = false; 562 563 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION); 564 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL); 565 } 566 } 567 568 /******************************************************************************* 569 * 570 * Function bta_dm_set_dev_name 571 * 572 * Description Sets local device name 573 * 574 * 575 * Returns void 576 * 577 ******************************************************************************/ 578 void bta_dm_set_dev_name(tBTA_DM_MSG* p_data) { 579 BTM_SetLocalDeviceName((char*)p_data->set_name.name); 580 bta_dm_set_eir((char*)p_data->set_name.name); 581 } 582 583 /******************************************************************************* 584 * 585 * Function bta_dm_set_visibility 586 * 587 * Description Sets discoverability, connectability and pairability 588 * 589 * 590 * Returns void 591 * 592 ******************************************************************************/ 593 void bta_dm_set_visibility(tBTA_DM_MSG* p_data) { 594 uint16_t window, interval; 595 uint16_t le_disc_mode = BTM_BleReadDiscoverability(); 596 uint16_t le_conn_mode = BTM_BleReadConnectability(); 597 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval); 598 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval); 599 600 /* set modes for Discoverability and connectability if not ignore */ 601 if (p_data->set_visibility.disc_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) { 602 if ((p_data->set_visibility.disc_mode & BTA_DM_LE_IGNORE) == 603 BTA_DM_LE_IGNORE) 604 p_data->set_visibility.disc_mode = 605 ((p_data->set_visibility.disc_mode & ~BTA_DM_LE_IGNORE) | 606 le_disc_mode); 607 if ((p_data->set_visibility.disc_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE) 608 p_data->set_visibility.disc_mode = 609 ((p_data->set_visibility.disc_mode & ~BTA_DM_IGNORE) | disc_mode); 610 611 BTM_SetDiscoverability(p_data->set_visibility.disc_mode, 612 bta_dm_cb.inquiry_scan_window, 613 bta_dm_cb.inquiry_scan_interval); 614 } 615 616 if (p_data->set_visibility.conn_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) { 617 if ((p_data->set_visibility.conn_mode & BTA_DM_LE_IGNORE) == 618 BTA_DM_LE_IGNORE) 619 p_data->set_visibility.conn_mode = 620 ((p_data->set_visibility.conn_mode & ~BTA_DM_LE_IGNORE) | 621 le_conn_mode); 622 if ((p_data->set_visibility.conn_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE) 623 p_data->set_visibility.conn_mode = 624 ((p_data->set_visibility.conn_mode & ~BTA_DM_IGNORE) | conn_mode); 625 626 BTM_SetConnectability(p_data->set_visibility.conn_mode, 627 bta_dm_cb.page_scan_window, 628 bta_dm_cb.page_scan_interval); 629 } 630 631 /* Send False or True if not ignore */ 632 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE) { 633 if (p_data->set_visibility.pair_mode == BTA_DM_NON_PAIRABLE) 634 bta_dm_cb.disable_pair_mode = true; 635 else 636 bta_dm_cb.disable_pair_mode = false; 637 } 638 639 /* Send False or True if not ignore */ 640 if (p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE) { 641 if (p_data->set_visibility.conn_paired_only == BTA_DM_CONN_ALL) 642 bta_dm_cb.conn_paired_only = false; 643 else 644 bta_dm_cb.conn_paired_only = true; 645 } 646 647 /* Change mode if either mode is not ignore */ 648 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE || 649 p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE) 650 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)), 651 bta_dm_cb.conn_paired_only); 652 } 653 654 /******************************************************************************* 655 * 656 * Function bta_dm_process_remove_device 657 * 658 * Description Removes device, Disconnects ACL link if required. 659 *** 660 ******************************************************************************/ 661 void bta_dm_process_remove_device(BD_ADDR bd_addr) { 662 /* need to remove all pending background connection before unpair */ 663 BTA_GATTC_CancelOpen(0, bd_addr, false); 664 665 BTM_SecDeleteDevice(bd_addr); 666 667 /* remove all cached GATT information */ 668 BTA_GATTC_Refresh(bd_addr); 669 670 if (bta_dm_cb.p_sec_cback) { 671 tBTA_DM_SEC sec_event; 672 bdcpy(sec_event.link_down.bd_addr, bd_addr); 673 /* No connection, set status to success (acl disc code not valid) */ 674 sec_event.link_down.status = HCI_SUCCESS; 675 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event); 676 } 677 } 678 679 /******************************************************************************* 680 * 681 * Function bta_dm_remove_device 682 * 683 * Description Removes device, disconnects ACL link if required. 684 *** 685 ******************************************************************************/ 686 void bta_dm_remove_device(tBTA_DM_MSG* p_data) { 687 tBTA_DM_API_REMOVE_DEVICE* p_dev = &p_data->remove_dev; 688 bool continue_delete_other_dev = false; 689 if (p_dev == NULL) return; 690 691 BD_ADDR other_address; 692 bdcpy(other_address, p_dev->bd_addr); 693 694 /* If ACL exists for the device in the remove_bond message*/ 695 bool continue_delete_dev = false; 696 uint8_t other_transport = BT_TRANSPORT_INVALID; 697 698 if (BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_LE) || 699 BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_BR_EDR)) { 700 APPL_TRACE_DEBUG("%s: ACL Up count %d", __func__, 701 bta_dm_cb.device_list.count); 702 continue_delete_dev = false; 703 704 /* Take the link down first, and mark the device for removal when 705 * disconnected */ 706 for (int i = 0; i < bta_dm_cb.device_list.count; i++) { 707 if (!bdcmp(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 708 p_dev->bd_addr)) { 709 uint8_t transport = BT_TRANSPORT_BR_EDR; 710 711 transport = bta_dm_cb.device_list.peer_device[i].transport; 712 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING; 713 btm_remove_acl(p_dev->bd_addr, transport); 714 APPL_TRACE_DEBUG("%s:transport = %d", __func__, 715 bta_dm_cb.device_list.peer_device[i].transport); 716 717 /* save the other transport to check if device is connected on 718 * other_transport */ 719 if (bta_dm_cb.device_list.peer_device[i].transport == BT_TRANSPORT_LE) 720 other_transport = BT_TRANSPORT_BR_EDR; 721 else 722 other_transport = BT_TRANSPORT_LE; 723 724 break; 725 } 726 } 727 } else { 728 continue_delete_dev = true; 729 } 730 // If it is DUMO device and device is paired as different address, unpair that 731 // device 732 // if different address 733 if ((other_transport && 734 (BTM_ReadConnectedTransportAddress(other_address, other_transport))) || 735 (!other_transport && 736 (BTM_ReadConnectedTransportAddress(other_address, BT_TRANSPORT_BR_EDR) || 737 BTM_ReadConnectedTransportAddress(other_address, BT_TRANSPORT_LE)))) { 738 continue_delete_other_dev = false; 739 /* Take the link down first, and mark the device for removal when 740 * disconnected */ 741 for (int i = 0; i < bta_dm_cb.device_list.count; i++) { 742 if (!bdcmp(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 743 other_address)) { 744 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING; 745 btm_remove_acl(other_address, 746 bta_dm_cb.device_list.peer_device[i].transport); 747 break; 748 } 749 } 750 } else { 751 APPL_TRACE_DEBUG("%s: continue to delete the other dev ", __func__); 752 continue_delete_other_dev = true; 753 } 754 /* Delete the device mentioned in the msg */ 755 if (continue_delete_dev) bta_dm_process_remove_device(p_dev->bd_addr); 756 757 /* Delete the other paired device too */ 758 BD_ADDR dummy_bda = {0}; 759 if (continue_delete_other_dev && (bdcmp(other_address, dummy_bda) != 0)) 760 bta_dm_process_remove_device(other_address); 761 } 762 763 /******************************************************************************* 764 * 765 * Function bta_dm_add_device 766 * 767 * Description This function adds a Link Key to an security database entry. 768 * It is normally called during host startup to restore all 769 * required information stored in the NVRAM. 770 *** 771 ******************************************************************************/ 772 void bta_dm_add_device(tBTA_DM_MSG* p_data) { 773 tBTA_DM_API_ADD_DEVICE* p_dev = &p_data->add_dev; 774 uint8_t* p_dc = NULL; 775 uint8_t* p_lc = NULL; 776 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE]; 777 uint8_t index = 0; 778 uint8_t btm_mask_index = 0; 779 780 memset(trusted_services_mask, 0, sizeof(trusted_services_mask)); 781 782 /* If not all zeros, the device class has been specified */ 783 if (p_dev->dc_known) p_dc = (uint8_t*)p_dev->dc; 784 785 if (p_dev->link_key_known) p_lc = (uint8_t*)p_dev->link_key; 786 787 if (p_dev->is_trusted) { 788 /* covert BTA service mask to BTM mask */ 789 while (p_dev->tm && (index < BTA_MAX_SERVICE_ID)) { 790 if (p_dev->tm & (uint32_t)(1 << index)) { 791 btm_mask_index = 792 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS; 793 trusted_services_mask[btm_mask_index] |= 794 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] - 795 (uint32_t)(btm_mask_index * 32))); 796 797 p_dev->tm &= (uint32_t)(~(1 << index)); 798 } 799 index++; 800 } 801 } 802 803 if (!BTM_SecAddDevice(p_dev->bd_addr, p_dc, p_dev->bd_name, p_dev->features, 804 trusted_services_mask, p_lc, p_dev->key_type, 805 p_dev->io_cap, p_dev->pin_length)) { 806 APPL_TRACE_ERROR("BTA_DM: Error adding device %08x%04x", 807 (p_dev->bd_addr[0] << 24) + (p_dev->bd_addr[1] << 16) + 808 (p_dev->bd_addr[2] << 8) + p_dev->bd_addr[3], 809 (p_dev->bd_addr[4] << 8) + p_dev->bd_addr[5]); 810 } 811 } 812 813 /******************************************************************************* 814 * 815 * Function bta_dm_close_acl 816 * 817 * Description This function forces to close the connection to a remote 818 * device and optionaly remove the device from security 819 * database if required. 820 *** 821 ******************************************************************************/ 822 void bta_dm_close_acl(tBTA_DM_MSG* p_data) { 823 tBTA_DM_API_REMOVE_ACL* p_remove_acl = &p_data->remove_acl; 824 uint8_t index; 825 826 APPL_TRACE_DEBUG("bta_dm_close_acl"); 827 828 if (BTM_IsAclConnectionUp(p_remove_acl->bd_addr, p_remove_acl->transport)) { 829 for (index = 0; index < bta_dm_cb.device_list.count; index++) { 830 if (!bdcmp(bta_dm_cb.device_list.peer_device[index].peer_bdaddr, 831 p_remove_acl->bd_addr)) 832 break; 833 } 834 if (index != bta_dm_cb.device_list.count) { 835 if (p_remove_acl->remove_dev) 836 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true; 837 } else { 838 APPL_TRACE_ERROR("unknown device, remove ACL failed"); 839 } 840 /* Disconnect the ACL link */ 841 btm_remove_acl(p_remove_acl->bd_addr, p_remove_acl->transport); 842 } 843 /* if to remove the device from security database ? do it now */ 844 else if (p_remove_acl->remove_dev) { 845 if (!BTM_SecDeleteDevice(p_remove_acl->bd_addr)) { 846 APPL_TRACE_ERROR("delete device from security database failed."); 847 } 848 /* need to remove all pending background connection if any */ 849 BTA_GATTC_CancelOpen(0, p_remove_acl->bd_addr, false); 850 /* remove all cached GATT information */ 851 BTA_GATTC_Refresh(p_remove_acl->bd_addr); 852 } 853 /* otherwise, no action needed */ 854 } 855 856 /******************************************************************************* 857 * 858 * Function bta_dm_remove_all_acl 859 * 860 * Description This function forces to close all the ACL links specified by 861 * link type 862 *** 863 ******************************************************************************/ 864 void bta_dm_remove_all_acl(tBTA_DM_MSG* p_data) { 865 const tBTA_DM_LINK_TYPE link_type = p_data->remove_all_acl.link_type; 866 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 867 868 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type); 869 870 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) { 871 BD_ADDR addr = {0}; 872 bdcpy(addr, bta_dm_cb.device_list.peer_device[i].peer_bdaddr); 873 transport = bta_dm_cb.device_list.peer_device[i].transport; 874 if ((link_type == BTA_DM_LINK_TYPE_ALL) || 875 ((link_type == BTA_DM_LINK_TYPE_LE) && 876 (transport == BT_TRANSPORT_LE)) || 877 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) && 878 (transport == BT_TRANSPORT_BR_EDR))) { 879 /* Disconnect the ACL link */ 880 btm_remove_acl(addr, transport); 881 } 882 } 883 } 884 885 /******************************************************************************* 886 * 887 * Function bta_dm_bond 888 * 889 * Description Bonds with peer device 890 * 891 * 892 * Returns void 893 * 894 ******************************************************************************/ 895 void bta_dm_bond(tBTA_DM_MSG* p_data) { 896 tBTM_STATUS status; 897 tBTA_DM_SEC sec_event; 898 char* p_name; 899 900 if (p_data->bond.transport == BTA_TRANSPORT_UNKNOWN) 901 status = BTM_SecBond(p_data->bond.bd_addr, 0, NULL, 0); 902 else 903 status = BTM_SecBondByTransport(p_data->bond.bd_addr, 904 p_data->bond.transport, 0, NULL, 0); 905 906 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) { 907 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 908 bdcpy(sec_event.auth_cmpl.bd_addr, p_data->bond.bd_addr); 909 p_name = BTM_SecReadDevName(p_data->bond.bd_addr); 910 if (p_name != NULL) { 911 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1)); 912 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0; 913 } 914 915 /* taken care of by memset [above] 916 sec_event.auth_cmpl.key_present = false; 917 sec_event.auth_cmpl.success = false; 918 */ 919 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND; 920 if (status == BTM_SUCCESS) { 921 sec_event.auth_cmpl.success = true; 922 } else { 923 /* delete this device entry from Sec Dev DB */ 924 bta_dm_remove_sec_dev_entry(p_data->bond.bd_addr); 925 } 926 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); 927 } 928 } 929 930 /******************************************************************************* 931 * 932 * Function bta_dm_bond_cancel 933 * 934 * Description Cancels bonding with a peer device 935 * 936 * 937 * Returns void 938 * 939 ******************************************************************************/ 940 void bta_dm_bond_cancel(tBTA_DM_MSG* p_data) { 941 tBTM_STATUS status; 942 tBTA_DM_SEC sec_event; 943 944 APPL_TRACE_EVENT(" bta_dm_bond_cancel "); 945 status = BTM_SecBondCancel(p_data->bond_cancel.bd_addr); 946 947 if (bta_dm_cb.p_sec_cback && 948 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) { 949 sec_event.bond_cancel_cmpl.result = BTA_FAILURE; 950 951 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event); 952 } 953 } 954 955 /******************************************************************************* 956 * 957 * Function bta_dm_pin_reply 958 * 959 * Description Send the pin_reply to a request from BTM 960 * 961 * 962 * Returns void 963 * 964 ******************************************************************************/ 965 void bta_dm_pin_reply(tBTA_DM_MSG* p_data) { 966 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE]; 967 uint32_t* current_trusted_mask; 968 969 current_trusted_mask = BTM_ReadTrustedMask(p_data->pin_reply.bd_addr); 970 971 if (current_trusted_mask) { 972 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask)); 973 } else { 974 memset(trusted_mask, 0, sizeof(trusted_mask)); 975 } 976 977 if (p_data->pin_reply.accept) { 978 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_SUCCESS, 979 p_data->pin_reply.pin_len, p_data->pin_reply.p_pin, 980 trusted_mask); 981 } else { 982 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_NOT_AUTHORIZED, 0, NULL, 983 trusted_mask); 984 } 985 } 986 987 /******************************************************************************* 988 * 989 * Function bta_dm_policy_cback 990 * 991 * Description process the link policy changes 992 * 993 * Returns void 994 * 995 ******************************************************************************/ 996 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 997 uint8_t app_id, BD_ADDR peer_addr) { 998 tBTA_DM_PEER_DEVICE* p_dev = NULL; 999 uint16_t policy = app_id; 1000 uint32_t mask = (uint32_t)(1 << id); 1001 1002 if (peer_addr) p_dev = bta_dm_find_peer_device(peer_addr); 1003 1004 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy); 1005 switch (status) { 1006 case BTA_SYS_PLCY_SET: 1007 if (!p_dev) return; 1008 /* restore the default link policy */ 1009 p_dev->link_policy |= policy; 1010 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy)); 1011 break; 1012 1013 case BTA_SYS_PLCY_CLR: 1014 if (!p_dev) return; 1015 /* clear the policy from the default link policy */ 1016 p_dev->link_policy &= (~policy); 1017 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy)); 1018 1019 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) { 1020 /* if clearing sniff/park, wake the link */ 1021 bta_dm_pm_active(p_dev->peer_bdaddr); 1022 } 1023 break; 1024 1025 case BTA_SYS_PLCY_DEF_SET: 1026 /* want to restore/set the role switch policy */ 1027 bta_dm_cb.role_policy_mask &= ~mask; 1028 if (0 == bta_dm_cb.role_policy_mask) { 1029 /* if nobody wants to insist on the role */ 1030 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH; 1031 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy); 1032 } 1033 break; 1034 1035 case BTA_SYS_PLCY_DEF_CLR: 1036 /* want to remove the role switch policy */ 1037 bta_dm_cb.role_policy_mask |= mask; 1038 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH; 1039 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy); 1040 break; 1041 } 1042 } 1043 1044 /******************************************************************************* 1045 * 1046 * Function bta_dm_confirm 1047 * 1048 * Description Send the user confirm request reply in response to a 1049 * request from BTM 1050 * 1051 * Returns void 1052 * 1053 ******************************************************************************/ 1054 void bta_dm_confirm(tBTA_DM_MSG* p_data) { 1055 tBTM_STATUS res = BTM_NOT_AUTHORIZED; 1056 1057 if (p_data->confirm.accept == true) res = BTM_SUCCESS; 1058 BTM_ConfirmReqReply(res, p_data->confirm.bd_addr); 1059 } 1060 1061 /******************************************************************************* 1062 * 1063 * Function bta_dm_loc_oob 1064 * 1065 * Description Retrieve the OOB data from the local LM 1066 * 1067 * Returns void 1068 * 1069 ******************************************************************************/ 1070 void bta_dm_loc_oob(UNUSED_ATTR tBTA_DM_MSG* p_data) { BTM_ReadLocalOobData(); } 1071 1072 /******************************************************************************* 1073 * 1074 * Function bta_dm_ci_io_req_act 1075 * 1076 * Description respond to the IO capabilities request from BTM 1077 * 1078 * Returns void 1079 * 1080 ******************************************************************************/ 1081 void bta_dm_ci_io_req_act(tBTA_DM_MSG* p_data) { 1082 tBTM_AUTH_REQ auth_req = BTM_AUTH_AP_NO; 1083 if (p_data->ci_io_req.auth_req) auth_req = BTM_AUTH_AP_YES; 1084 BTM_IoCapRsp(p_data->ci_io_req.bd_addr, p_data->ci_io_req.io_cap, 1085 p_data->ci_io_req.oob_data, auth_req); 1086 } 1087 1088 /******************************************************************************* 1089 * 1090 * Function bta_dm_ci_rmt_oob_act 1091 * 1092 * Description respond to the OOB data request for the remote device from 1093 * BTM 1094 * 1095 * 1096 * Returns void 1097 * 1098 ******************************************************************************/ 1099 void bta_dm_ci_rmt_oob_act(tBTA_DM_MSG* p_data) { 1100 tBTM_STATUS res = BTM_NOT_AUTHORIZED; 1101 1102 if (p_data->ci_rmt_oob.accept == true) res = BTM_SUCCESS; 1103 BTM_RemoteOobDataReply(res, p_data->ci_rmt_oob.bd_addr, p_data->ci_rmt_oob.c, 1104 p_data->ci_rmt_oob.r); 1105 } 1106 1107 /******************************************************************************* 1108 * 1109 * Function bta_dm_search_start 1110 * 1111 * Description Starts an inquiry 1112 * 1113 * 1114 * Returns void 1115 * 1116 ******************************************************************************/ 1117 void bta_dm_search_start(tBTA_DM_MSG* p_data) { 1118 tBTM_INQUIRY_CMPL result; 1119 1120 size_t len = sizeof(tBT_UUID) * p_data->search.num_uuid; 1121 bta_dm_gattc_register(); 1122 1123 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__, 1124 p_bta_dm_cfg->avoid_scatter); 1125 1126 if (p_bta_dm_cfg->avoid_scatter && 1127 (p_data->search.rs_res == BTA_DM_RS_NONE) && 1128 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) { 1129 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH)); 1130 return; 1131 } 1132 1133 BTM_ClearInqDb(NULL); 1134 /* save search params */ 1135 bta_dm_search_cb.p_search_cback = p_data->search.p_cback; 1136 bta_dm_search_cb.services = p_data->search.services; 1137 1138 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid); 1139 1140 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 && 1141 p_data->search.p_uuid != NULL) { 1142 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len); 1143 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->search.p_uuid, len); 1144 } 1145 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params, 1146 bta_dm_inq_results_cb, 1147 (tBTM_CMPL_CB*)bta_dm_inq_cmpl_cb); 1148 1149 APPL_TRACE_EVENT("%s status=%d", __func__, result.status); 1150 if (result.status != BTM_CMD_STARTED) { 1151 result.num_resp = 0; 1152 bta_dm_inq_cmpl_cb((void*)&result); 1153 } 1154 } 1155 1156 /******************************************************************************* 1157 * 1158 * Function bta_dm_search_cancel 1159 * 1160 * Description Cancels an ongoing search for devices 1161 * 1162 * 1163 * Returns void 1164 * 1165 ******************************************************************************/ 1166 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1167 tBTA_DM_MSG* p_msg; 1168 1169 if (BTM_IsInquiryActive()) { 1170 if (BTM_CancelInquiry() == BTM_SUCCESS) { 1171 bta_dm_search_cancel_notify(NULL); 1172 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1173 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1174 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1175 bta_sys_sendmsg(p_msg); 1176 } else { 1177 /* flag a search cancel is pending */ 1178 bta_dm_search_cb.cancel_pending = true; 1179 } 1180 } 1181 /* If no Service Search going on then issue cancel remote name in case it is 1182 active */ 1183 else if (!bta_dm_search_cb.name_discover_done) { 1184 BTM_CancelRemoteDeviceName(); 1185 1186 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1187 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1188 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1189 bta_sys_sendmsg(p_msg); 1190 } else { 1191 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1192 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT; 1193 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1194 bta_sys_sendmsg(p_msg); 1195 } 1196 1197 if (bta_dm_search_cb.gatt_disc_active) { 1198 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr); 1199 } 1200 } 1201 1202 /******************************************************************************* 1203 * 1204 * Function bta_dm_discover 1205 * 1206 * Description Discovers services on a remote device 1207 * 1208 * 1209 * Returns void 1210 * 1211 ******************************************************************************/ 1212 void bta_dm_discover(tBTA_DM_MSG* p_data) { 1213 size_t len = sizeof(tBT_UUID) * p_data->discover.num_uuid; 1214 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__, 1215 p_data->discover.services, p_data->discover.sdp_search); 1216 1217 /* save the search condition */ 1218 bta_dm_search_cb.services = p_data->discover.services; 1219 1220 bta_dm_gattc_register(); 1221 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid); 1222 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 && 1223 p_data->discover.p_uuid != NULL) { 1224 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len); 1225 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->discover.p_uuid, len); 1226 } 1227 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid; 1228 1229 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback; 1230 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search; 1231 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services; 1232 bta_dm_search_cb.service_index = 0; 1233 bta_dm_search_cb.services_found = 0; 1234 bta_dm_search_cb.peer_name[0] = 0; 1235 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search; 1236 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr); 1237 bta_dm_search_cb.transport = p_data->discover.transport; 1238 1239 bta_dm_search_cb.name_discover_done = false; 1240 memcpy(&bta_dm_search_cb.uuid, &p_data->discover.uuid, sizeof(tSDP_UUID)); 1241 bta_dm_discover_device(p_data->discover.bd_addr); 1242 } 1243 1244 /******************************************************************************* 1245 * 1246 * Function bta_dm_di_disc_cmpl 1247 * 1248 * Description Sends event to application when DI discovery complete 1249 * 1250 * Returns void 1251 * 1252 ******************************************************************************/ 1253 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) { 1254 tBTA_DM_DI_DISC_CMPL di_disc; 1255 1256 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL)); 1257 bdcpy(di_disc.bd_addr, bta_dm_search_cb.peer_bdaddr); 1258 1259 if ((p_data->hdr.offset == SDP_SUCCESS) || 1260 (p_data->hdr.offset == SDP_DB_FULL)) { 1261 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db); 1262 } else 1263 di_disc.result = BTA_FAILURE; 1264 1265 bta_dm_di_cb.p_di_db = NULL; 1266 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, 1267 (tBTA_DM_SEARCH*)&di_disc); 1268 } 1269 1270 /******************************************************************************* 1271 * 1272 * Function bta_dm_di_disc_callback 1273 * 1274 * Description This function queries a remote device for DI information. 1275 * 1276 * 1277 * Returns void 1278 * 1279 ******************************************************************************/ 1280 static void bta_dm_di_disc_callback(uint16_t result) { 1281 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1282 1283 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1284 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT; 1285 p_msg->hdr.offset = result; 1286 1287 bta_sys_sendmsg(p_msg); 1288 } 1289 1290 /******************************************************************************* 1291 * 1292 * Function bta_dm_disable_search_and_disc 1293 * 1294 * Description Cancels an ongoing search or discovery for devices in case 1295 * of a Bluetooth disable 1296 * 1297 * 1298 * Returns void 1299 * 1300 ******************************************************************************/ 1301 static void bta_dm_disable_search_and_disc(void) { 1302 tBTA_DM_DI_DISC_CMPL di_disc; 1303 1304 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL); 1305 1306 if (bta_dm_di_cb.p_di_db != NULL) { 1307 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL)); 1308 bdcpy(di_disc.bd_addr, bta_dm_search_cb.peer_bdaddr); 1309 di_disc.result = BTA_FAILURE; 1310 1311 bta_dm_di_cb.p_di_db = NULL; 1312 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL); 1313 } 1314 } 1315 1316 /******************************************************************************* 1317 * 1318 * Function bta_dm_di_disc 1319 * 1320 * Description This function queries a remote device for DI information. 1321 * 1322 * 1323 * Returns void 1324 * 1325 ******************************************************************************/ 1326 void bta_dm_di_disc(tBTA_DM_MSG* p_data) { 1327 uint16_t result = BTA_FAILURE; 1328 1329 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback; 1330 bdcpy(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.bd_addr); 1331 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db; 1332 1333 bta_dm_search_cb.p_sdp_db = 1334 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE); 1335 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db, 1336 p_data->di_disc.len, 1337 bta_dm_di_disc_callback) == SDP_SUCCESS) { 1338 result = BTA_SUCCESS; 1339 } 1340 1341 if (result == BTA_FAILURE) { 1342 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1343 1344 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1345 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT; 1346 p_data->hdr.offset = result; 1347 bta_sys_sendmsg(p_msg); 1348 } 1349 } 1350 1351 /******************************************************************************* 1352 * 1353 * Function bta_dm_read_remote_device_name 1354 * 1355 * Description Initiate to get remote device name 1356 * 1357 * Returns true if started to get remote name 1358 * 1359 ******************************************************************************/ 1360 static bool bta_dm_read_remote_device_name(BD_ADDR bd_addr, 1361 tBT_TRANSPORT transport) { 1362 tBTM_STATUS btm_status; 1363 1364 APPL_TRACE_DEBUG("bta_dm_read_remote_device_name"); 1365 1366 bdcpy(bta_dm_search_cb.peer_bdaddr, bd_addr); 1367 bta_dm_search_cb.peer_name[0] = 0; 1368 1369 btm_status = 1370 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr, 1371 (tBTM_CMPL_CB*)bta_dm_remname_cback, transport); 1372 1373 if (btm_status == BTM_CMD_STARTED) { 1374 APPL_TRACE_DEBUG( 1375 "bta_dm_read_remote_device_name: BTM_ReadRemoteDeviceName is started"); 1376 1377 return (true); 1378 } else if (btm_status == BTM_BUSY) { 1379 APPL_TRACE_DEBUG( 1380 "bta_dm_read_remote_device_name: BTM_ReadRemoteDeviceName is busy"); 1381 1382 /* Remote name discovery is on going now so BTM cannot notify through 1383 * "bta_dm_remname_cback" */ 1384 /* adding callback to get notified that current reading remore name done */ 1385 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 1386 1387 return (true); 1388 } else { 1389 APPL_TRACE_WARNING( 1390 "bta_dm_read_remote_device_name: BTM_ReadRemoteDeviceName returns " 1391 "0x%02X", 1392 btm_status); 1393 1394 return (false); 1395 } 1396 } 1397 1398 /******************************************************************************* 1399 * 1400 * Function bta_dm_inq_cmpl 1401 * 1402 * Description Process the inquiry complete event from BTM 1403 * 1404 * Returns void 1405 * 1406 ******************************************************************************/ 1407 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) { 1408 tBTA_DM_SEARCH data; 1409 1410 APPL_TRACE_DEBUG("bta_dm_inq_cmpl"); 1411 1412 data.inq_cmpl.num_resps = p_data->inq_cmpl.num; 1413 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data); 1414 1415 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst(); 1416 if (bta_dm_search_cb.p_btm_inq_info != NULL) { 1417 /* start name and service discovery from the first device on inquiry result 1418 */ 1419 bta_dm_search_cb.name_discover_done = false; 1420 bta_dm_search_cb.peer_name[0] = 0; 1421 bta_dm_discover_device( 1422 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr); 1423 } else { 1424 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1425 1426 /* no devices, search complete */ 1427 bta_dm_search_cb.services = 0; 1428 1429 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1430 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1431 bta_sys_sendmsg(p_msg); 1432 } 1433 } 1434 1435 /******************************************************************************* 1436 * 1437 * Function bta_dm_rmt_name 1438 * 1439 * Description Process the remote name result from BTM 1440 * 1441 * Returns void 1442 * 1443 ******************************************************************************/ 1444 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) { 1445 APPL_TRACE_DEBUG("bta_dm_rmt_name"); 1446 1447 if (p_data->rem_name.result.disc_res.bd_name[0] && 1448 bta_dm_search_cb.p_btm_inq_info) { 1449 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true; 1450 } 1451 1452 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr); 1453 } 1454 1455 /******************************************************************************* 1456 * 1457 * Function bta_dm_disc_rmt_name 1458 * 1459 * Description Process the remote name result from BTM when application 1460 * wants to find the name for a bdaddr 1461 * 1462 * Returns void 1463 * 1464 ******************************************************************************/ 1465 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) { 1466 tBTM_INQ_INFO* p_btm_inq_info; 1467 1468 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name"); 1469 1470 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr); 1471 if (p_btm_inq_info) { 1472 if (p_data->rem_name.result.disc_res.bd_name[0]) { 1473 p_btm_inq_info->appl_knows_rem_name = true; 1474 } 1475 } 1476 1477 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr); 1478 } 1479 1480 /******************************************************************************* 1481 * 1482 * Function bta_dm_sdp_result 1483 * 1484 * Description Process the discovery result from sdp 1485 * 1486 * Returns void 1487 * 1488 ******************************************************************************/ 1489 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) { 1490 tSDP_DISC_REC* p_sdp_rec = NULL; 1491 tBTA_DM_MSG* p_msg; 1492 bool scn_found = false; 1493 uint16_t service = 0xFFFF; 1494 tSDP_PROTOCOL_ELEM pe; 1495 1496 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid; 1497 tBTA_DM_SEARCH result; 1498 tBT_UUID service_uuid; 1499 1500 uint32_t num_uuids = 0; 1501 uint8_t uuid_list[32][MAX_UUID_SIZE]; // assuming a max of 32 services 1502 1503 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) || 1504 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) || 1505 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) { 1506 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result); 1507 do { 1508 p_sdp_rec = NULL; 1509 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) { 1510 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db, 1511 &bta_dm_search_cb.uuid, p_sdp_rec); 1512 1513 if (p_sdp_rec && SDP_FindProtocolListElemInRec( 1514 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) { 1515 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0]; 1516 scn_found = true; 1517 } 1518 } else { 1519 service = 1520 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1]; 1521 p_sdp_rec = 1522 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec); 1523 } 1524 /* finished with BR/EDR services, now we check the result for GATT based 1525 * service UUID */ 1526 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) { 1527 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) { 1528 p_uuid += 1529 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search); 1530 /* only support 16 bits UUID for now */ 1531 service = p_uuid->uu.uuid16; 1532 } 1533 /* all GATT based services */ 1534 do { 1535 /* find a service record, report it */ 1536 p_sdp_rec = 1537 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec); 1538 if (p_sdp_rec) { 1539 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) { 1540 /* send result back to app now, one by one */ 1541 bdcpy(result.disc_ble_res.bd_addr, bta_dm_search_cb.peer_bdaddr); 1542 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(), 1543 BD_NAME_LEN); 1544 result.disc_ble_res.service.len = service_uuid.len; 1545 result.disc_ble_res.service.uu.uuid16 = service_uuid.uu.uuid16; 1546 1547 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result); 1548 } 1549 } 1550 1551 if (bta_dm_search_cb.uuid_to_search > 0) break; 1552 1553 } while (p_sdp_rec); 1554 } else { 1555 /* SDP_DB_FULL means some records with the 1556 required attributes were received */ 1557 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) && 1558 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) || 1559 (p_sdp_rec != NULL)) { 1560 if (service != UUID_SERVCLASS_PNP_INFORMATION) { 1561 uint16_t tmp_svc = 0xFFFF; 1562 bta_dm_search_cb.services_found |= 1563 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK( 1564 bta_dm_search_cb.service_index - 1)); 1565 tmp_svc = 1566 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1567 1]; 1568 /* Add to the list of UUIDs */ 1569 sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]); 1570 num_uuids++; 1571 } 1572 } 1573 } 1574 1575 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK && 1576 bta_dm_search_cb.services_to_search == 0) { 1577 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID && 1578 bta_dm_search_cb.uuid_to_search > 0) 1579 bta_dm_search_cb.uuid_to_search--; 1580 1581 if (bta_dm_search_cb.uuid_to_search == 0 || 1582 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID) 1583 bta_dm_search_cb.service_index++; 1584 } else /* regular one service per search or PNP search */ 1585 break; 1586 1587 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID); 1588 1589 APPL_TRACE_DEBUG("%s services_found = %04x", __func__, 1590 bta_dm_search_cb.services_found); 1591 1592 /* Collect the 128-bit services here and put them into the list */ 1593 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) { 1594 p_sdp_rec = NULL; 1595 do { 1596 tBT_UUID temp_uuid; 1597 /* find a service record, report it */ 1598 p_sdp_rec = 1599 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec); 1600 if (p_sdp_rec) { 1601 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) { 1602 memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE); 1603 num_uuids++; 1604 } 1605 } 1606 } while (p_sdp_rec); 1607 } 1608 /* if there are more services to search for */ 1609 if (bta_dm_search_cb.services_to_search) { 1610 /* Free up the p_sdp_db before checking the next one */ 1611 bta_dm_free_sdp_db(NULL); 1612 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr); 1613 } else { 1614 /* callbacks */ 1615 /* start next bd_addr if necessary */ 1616 1617 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 1618 1619 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1620 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 1621 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS; 1622 p_msg->disc_result.result.disc_res.p_raw_data = NULL; 1623 p_msg->disc_result.result.disc_res.raw_data_size = 0; 1624 p_msg->disc_result.result.disc_res.num_uuids = num_uuids; 1625 p_msg->disc_result.result.disc_res.p_uuid_list = NULL; 1626 if (num_uuids > 0) { 1627 p_msg->disc_result.result.disc_res.p_uuid_list = 1628 (uint8_t*)osi_malloc(num_uuids * MAX_UUID_SIZE); 1629 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list, 1630 num_uuids * MAX_UUID_SIZE); 1631 } 1632 // Copy the raw_data to the discovery result structure 1633 if (bta_dm_search_cb.p_sdp_db != NULL && 1634 bta_dm_search_cb.p_sdp_db->raw_used != 0 && 1635 bta_dm_search_cb.p_sdp_db->raw_data != NULL) { 1636 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x", 1637 __func__, bta_dm_search_cb.p_sdp_db->raw_used, 1638 bta_dm_search_cb.p_sdp_db->raw_data); 1639 1640 p_msg->disc_result.result.disc_res.p_raw_data = 1641 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used); 1642 memcpy(p_msg->disc_result.result.disc_res.p_raw_data, 1643 bta_dm_search_cb.p_sdp_db->raw_data, 1644 bta_dm_search_cb.p_sdp_db->raw_used); 1645 1646 p_msg->disc_result.result.disc_res.raw_data_size = 1647 bta_dm_search_cb.p_sdp_db->raw_used; 1648 1649 bta_dm_search_cb.p_sdp_db->raw_data = 1650 NULL; // no need to free this - it is a global assigned. 1651 bta_dm_search_cb.p_sdp_db->raw_used = 0; 1652 bta_dm_search_cb.p_sdp_db->raw_size = 0; 1653 } else { 1654 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!", 1655 __func__); 1656 } 1657 /* Done with p_sdp_db. Free it */ 1658 bta_dm_free_sdp_db(NULL); 1659 p_msg->disc_result.result.disc_res.services = 1660 bta_dm_search_cb.services_found; 1661 1662 // Piggy back the SCN over result field 1663 if (scn_found) { 1664 p_msg->disc_result.result.disc_res.result = 1665 (3 + bta_dm_search_cb.peer_scn); 1666 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK; 1667 1668 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d", 1669 bta_dm_search_cb.peer_scn); 1670 } 1671 bdcpy(p_msg->disc_result.result.disc_res.bd_addr, 1672 bta_dm_search_cb.peer_bdaddr); 1673 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 1674 bta_dm_get_remname(), BD_NAME_LEN); 1675 1676 bta_sys_sendmsg(p_msg); 1677 } 1678 } else { 1679 /* conn failed. No need for timer */ 1680 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED || 1681 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED || 1682 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR) 1683 bta_dm_search_cb.wait_disc = false; 1684 1685 /* not able to connect go to next device */ 1686 if (bta_dm_search_cb.p_sdp_db) 1687 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1688 1689 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 1690 1691 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1692 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 1693 p_msg->disc_result.result.disc_res.result = BTA_FAILURE; 1694 p_msg->disc_result.result.disc_res.services = 1695 bta_dm_search_cb.services_found; 1696 bdcpy(p_msg->disc_result.result.disc_res.bd_addr, 1697 bta_dm_search_cb.peer_bdaddr); 1698 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 1699 bta_dm_get_remname(), BD_NAME_LEN); 1700 1701 bta_sys_sendmsg(p_msg); 1702 } 1703 } 1704 1705 /******************************************************************************* 1706 * 1707 * Function bta_dm_search_cmpl 1708 * 1709 * Description Sends event to application 1710 * 1711 * Returns void 1712 * 1713 ******************************************************************************/ 1714 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) { 1715 APPL_TRACE_EVENT("%s", __func__); 1716 1717 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid); 1718 1719 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT) 1720 bta_dm_di_disc_cmpl(p_data); 1721 else 1722 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL); 1723 } 1724 1725 /******************************************************************************* 1726 * 1727 * Function bta_dm_disc_result 1728 * 1729 * Description Service discovery result when discovering services on a 1730 * device 1731 * 1732 * Returns void 1733 * 1734 ******************************************************************************/ 1735 void bta_dm_disc_result(tBTA_DM_MSG* p_data) { 1736 APPL_TRACE_EVENT("%s", __func__); 1737 1738 /* if any BR/EDR service discovery has been done, report the event */ 1739 if ((bta_dm_search_cb.services & 1740 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) & 1741 ~BTA_BLE_SERVICE_MASK))) 1742 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT, 1743 &p_data->disc_result.result); 1744 1745 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1746 1747 /* send a message to change state */ 1748 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1749 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1750 bta_sys_sendmsg(p_msg); 1751 } 1752 1753 /******************************************************************************* 1754 * 1755 * Function bta_dm_search_result 1756 * 1757 * Description Service discovery result while searching for devices 1758 * 1759 * Returns void 1760 * 1761 ******************************************************************************/ 1762 void bta_dm_search_result(tBTA_DM_MSG* p_data) { 1763 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__, 1764 bta_dm_search_cb.services, 1765 p_data->disc_result.result.disc_res.services); 1766 1767 /* call back if application wants name discovery or found services that 1768 * application is searching */ 1769 if ((!bta_dm_search_cb.services) || 1770 ((bta_dm_search_cb.services) && 1771 (p_data->disc_result.result.disc_res.services))) { 1772 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT, 1773 &p_data->disc_result.result); 1774 } 1775 1776 /* if searching did not initiate to create link */ 1777 if (!bta_dm_search_cb.wait_disc) { 1778 /* if service searching is done with EIR, don't search next device */ 1779 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device(); 1780 } else { 1781 /* wait until link is disconnected or timeout */ 1782 bta_dm_search_cb.sdp_results = true; 1783 alarm_set_on_queue(bta_dm_search_cb.search_timer, 1784 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1), 1785 bta_dm_search_timer_cback, NULL, btu_bta_alarm_queue); 1786 } 1787 } 1788 1789 /******************************************************************************* 1790 * 1791 * Function bta_dm_search_timer_cback 1792 * 1793 * Description Called when ACL disconnect time is over 1794 * 1795 * 1796 * Returns void 1797 * 1798 ******************************************************************************/ 1799 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) { 1800 APPL_TRACE_EVENT("%s", __func__); 1801 bta_dm_search_cb.wait_disc = false; 1802 1803 /* proceed with next device */ 1804 bta_dm_discover_next_device(); 1805 } 1806 1807 /******************************************************************************* 1808 * 1809 * Function bta_dm_free_sdp_db 1810 * 1811 * Description Frees SDP data base 1812 * 1813 * Returns void 1814 * 1815 ******************************************************************************/ 1816 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1817 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1818 } 1819 1820 /******************************************************************************* 1821 * 1822 * Function bta_dm_queue_search 1823 * 1824 * Description Queues search command while search is being cancelled 1825 * 1826 * Returns void 1827 * 1828 ******************************************************************************/ 1829 void bta_dm_queue_search(tBTA_DM_MSG* p_data) { 1830 osi_free(bta_dm_search_cb.p_search_queue); 1831 bta_dm_search_cb.p_search_queue = 1832 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH)); 1833 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH)); 1834 } 1835 1836 /******************************************************************************* 1837 * 1838 * Function bta_dm_queue_disc 1839 * 1840 * Description Queues discovery command while search is being cancelled 1841 * 1842 * Returns void 1843 * 1844 ******************************************************************************/ 1845 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) { 1846 osi_free(bta_dm_search_cb.p_search_queue); 1847 bta_dm_search_cb.p_search_queue = 1848 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER)); 1849 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER)); 1850 } 1851 1852 /******************************************************************************* 1853 * 1854 * Function bta_dm_search_clear_queue 1855 * 1856 * Description Clears the queue if API search cancel is called 1857 * 1858 * Returns void 1859 * 1860 ******************************************************************************/ 1861 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1862 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue); 1863 } 1864 1865 /******************************************************************************* 1866 * 1867 * Function bta_dm_search_cancel_cmpl 1868 * 1869 * Description Search cancel is complete 1870 * 1871 * Returns void 1872 * 1873 ******************************************************************************/ 1874 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1875 if (bta_dm_search_cb.p_search_queue) { 1876 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue); 1877 bta_dm_search_cb.p_search_queue = NULL; 1878 } 1879 } 1880 1881 /******************************************************************************* 1882 * 1883 * Function bta_dm_search_cancel_transac_cmpl 1884 * 1885 * Description Current Service Discovery or remote name procedure is 1886 * completed after search cancellation 1887 * 1888 * Returns void 1889 * 1890 ******************************************************************************/ 1891 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1892 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1893 bta_dm_search_cancel_notify(NULL); 1894 } 1895 1896 /******************************************************************************* 1897 * 1898 * Function bta_dm_search_cancel_notify 1899 * 1900 * Description Notify application that search has been cancelled 1901 * 1902 * Returns void 1903 * 1904 ******************************************************************************/ 1905 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1906 if (bta_dm_search_cb.p_search_cback) { 1907 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL); 1908 } 1909 if (!bta_dm_search_cb.name_discover_done) { 1910 BTM_CancelRemoteDeviceName(); 1911 } 1912 if (bta_dm_search_cb.gatt_disc_active) { 1913 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr); 1914 } 1915 } 1916 1917 /******************************************************************************* 1918 * 1919 * Function bta_dm_find_services 1920 * 1921 * Description Starts discovery on a device 1922 * 1923 * Returns void 1924 * 1925 ******************************************************************************/ 1926 static void bta_dm_find_services(BD_ADDR bd_addr) { 1927 tSDP_UUID uuid; 1928 1929 memset(&uuid, 0, sizeof(tSDP_UUID)); 1930 1931 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) { 1932 if (bta_dm_search_cb.services_to_search & 1933 (tBTA_SERVICE_MASK)( 1934 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) { 1935 bta_dm_search_cb.p_sdp_db = 1936 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE); 1937 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********", 1938 bta_dm_search_cb.services); 1939 /* try to search all services by search based on L2CAP UUID */ 1940 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) { 1941 LOG_INFO(LOG_TAG, "%s services_to_search=%08x", __func__, 1942 bta_dm_search_cb.services_to_search); 1943 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) { 1944 uuid.uu.uuid16 = bta_service_id_to_uuid_lkup_tbl[0]; 1945 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK; 1946 } else { 1947 uuid.uu.uuid16 = UUID_PROTOCOL_L2CAP; 1948 bta_dm_search_cb.services_to_search = 0; 1949 } 1950 } else { 1951 /* for LE only profile */ 1952 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) { 1953 if (bta_dm_search_cb.uuid_to_search > 0 && 1954 bta_dm_search_cb.p_srvc_uuid) { 1955 memcpy(&uuid, (const void*)(bta_dm_search_cb.p_srvc_uuid + 1956 bta_dm_search_cb.num_uuid - 1957 bta_dm_search_cb.uuid_to_search), 1958 sizeof(tBT_UUID)); 1959 1960 bta_dm_search_cb.uuid_to_search--; 1961 } else { 1962 uuid.uu.uuid16 = 1963 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]; 1964 } 1965 1966 /* last one? clear the BLE service bit if all discovery has been done 1967 */ 1968 if (bta_dm_search_cb.uuid_to_search == 0) 1969 bta_dm_search_cb.services_to_search &= 1970 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK( 1971 bta_dm_search_cb.service_index))); 1972 1973 } else { 1974 /* remove the service from services to be searched */ 1975 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~( 1976 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))); 1977 uuid.uu.uuid16 = 1978 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]; 1979 } 1980 } 1981 1982 if (uuid.len == 0) uuid.len = LEN_UUID_16; 1983 1984 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) { 1985 memcpy(&uuid, &bta_dm_search_cb.uuid, sizeof(tSDP_UUID)); 1986 } 1987 1988 LOG_INFO(LOG_TAG, "%s search UUID = %04x", __func__, uuid.uu.uuid16); 1989 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1, 1990 &uuid, 0, NULL); 1991 1992 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf)); 1993 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf; 1994 1995 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF; 1996 1997 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db, 1998 &bta_dm_sdp_callback)) { 1999 /* 2000 * If discovery is not successful with this device, then 2001 * proceed with the next one. 2002 */ 2003 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 2004 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID; 2005 2006 } else { 2007 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID && 2008 bta_dm_search_cb.uuid_to_search == 0) || 2009 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID) 2010 bta_dm_search_cb.service_index++; 2011 return; 2012 } 2013 } 2014 2015 bta_dm_search_cb.service_index++; 2016 } 2017 2018 /* no more services to be discovered */ 2019 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) { 2020 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2021 /* initialize the data structure - includes p_raw_data and raw_data_size */ 2022 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES)); 2023 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 2024 p_msg->disc_result.result.disc_res.services = 2025 bta_dm_search_cb.services_found; 2026 bdcpy(p_msg->disc_result.result.disc_res.bd_addr, 2027 bta_dm_search_cb.peer_bdaddr); 2028 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 2029 bta_dm_get_remname(), BD_NAME_LEN); 2030 2031 bta_sys_sendmsg(p_msg); 2032 } 2033 } 2034 2035 /******************************************************************************* 2036 * 2037 * Function bta_dm_discover_next_device 2038 * 2039 * Description Starts discovery on the next device in Inquiry data base 2040 * 2041 * Returns void 2042 * 2043 ******************************************************************************/ 2044 static void bta_dm_discover_next_device(void) { 2045 APPL_TRACE_DEBUG("bta_dm_discover_next_device"); 2046 2047 /* searching next device on inquiry result */ 2048 bta_dm_search_cb.p_btm_inq_info = 2049 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info); 2050 if (bta_dm_search_cb.p_btm_inq_info != NULL) { 2051 bta_dm_search_cb.name_discover_done = false; 2052 bta_dm_search_cb.peer_name[0] = 0; 2053 bta_dm_discover_device( 2054 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr); 2055 } else { 2056 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2057 2058 /* no devices, search complete */ 2059 bta_dm_search_cb.services = 0; 2060 2061 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 2062 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 2063 2064 bta_sys_sendmsg(p_msg); 2065 } 2066 } 2067 2068 /******************************************************************************* 2069 * 2070 * Function bta_dm_discover_device 2071 * 2072 * Description Starts name and service discovery on the device 2073 * 2074 * Returns void 2075 * 2076 ******************************************************************************/ 2077 static void bta_dm_discover_device(BD_ADDR remote_bd_addr) { 2078 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 2079 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) { 2080 tBT_DEVICE_TYPE dev_type; 2081 tBLE_ADDR_TYPE addr_type; 2082 2083 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type); 2084 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM) 2085 transport = BT_TRANSPORT_LE; 2086 } else { 2087 transport = bta_dm_search_cb.transport; 2088 } 2089 2090 /* Reset transport state for next discovery */ 2091 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN; 2092 2093 APPL_TRACE_DEBUG("%s BDA:0x%02X%02X%02X%02X%02X%02X", __func__, 2094 remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2], 2095 remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]); 2096 2097 bdcpy(bta_dm_search_cb.peer_bdaddr, remote_bd_addr); 2098 2099 APPL_TRACE_DEBUG( 2100 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d", 2101 __func__, bta_dm_search_cb.name_discover_done, 2102 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport); 2103 2104 if (bta_dm_search_cb.p_btm_inq_info) { 2105 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__, 2106 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name); 2107 } 2108 if ((bta_dm_search_cb.p_btm_inq_info) && 2109 (bta_dm_search_cb.p_btm_inq_info->results.device_type == 2110 BT_DEVICE_TYPE_BLE) && 2111 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) { 2112 /* Do not perform RNR for LE devices at inquiry complete*/ 2113 bta_dm_search_cb.name_discover_done = true; 2114 } 2115 /* if name discovery is not done and application needs remote name */ 2116 if ((!bta_dm_search_cb.name_discover_done) && 2117 ((bta_dm_search_cb.p_btm_inq_info == NULL) || 2118 (bta_dm_search_cb.p_btm_inq_info && 2119 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) { 2120 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr, 2121 transport) == true) 2122 return; 2123 2124 /* starting name discovery failed */ 2125 bta_dm_search_cb.name_discover_done = true; 2126 } 2127 2128 /* if application wants to discover service */ 2129 if (bta_dm_search_cb.services) { 2130 /* initialize variables */ 2131 bta_dm_search_cb.service_index = 0; 2132 bta_dm_search_cb.services_found = 0; 2133 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services; 2134 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid; 2135 if ((bta_dm_search_cb.p_btm_inq_info != NULL) && 2136 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK && 2137 (bta_dm_search_cb.sdp_search == false)) { 2138 /* check if EIR provides the information of supported services */ 2139 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results, 2140 &bta_dm_search_cb.services_to_search, 2141 &bta_dm_search_cb.services_found); 2142 } 2143 2144 /* if seaching with EIR is not completed */ 2145 if (bta_dm_search_cb.services_to_search) { 2146 /* check whether connection already exists to the device 2147 if connection exists, we don't have to wait for ACL 2148 link to go down to start search on next device */ 2149 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr, 2150 BT_TRANSPORT_BR_EDR)) 2151 bta_dm_search_cb.wait_disc = false; 2152 else 2153 bta_dm_search_cb.wait_disc = true; 2154 2155 if (bta_dm_search_cb.p_btm_inq_info) { 2156 APPL_TRACE_DEBUG( 2157 "%s p_btm_inq_info 0x%x results.device_type 0x%x " 2158 "services_to_search 0x%x", 2159 __func__, bta_dm_search_cb.p_btm_inq_info, 2160 bta_dm_search_cb.p_btm_inq_info->results.device_type, 2161 bta_dm_search_cb.services_to_search); 2162 } 2163 2164 if (transport == BT_TRANSPORT_LE) { 2165 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) { 2166 // set the raw data buffer here 2167 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf)); 2168 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf; 2169 2170 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF; 2171 bta_dm_search_cb.ble_raw_used = 0; 2172 2173 /* start GATT for service discovery */ 2174 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr); 2175 return; 2176 } 2177 } else { 2178 bta_dm_search_cb.sdp_results = false; 2179 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr); 2180 return; 2181 } 2182 } 2183 } 2184 2185 /* name discovery and service discovery are done for this device */ 2186 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2187 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 2188 /* initialize the data structure - includes p_raw_data and raw_data_size */ 2189 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES)); 2190 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS; 2191 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found; 2192 bdcpy(p_msg->disc_result.result.disc_res.bd_addr, 2193 bta_dm_search_cb.peer_bdaddr); 2194 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 2195 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN); 2196 2197 bta_sys_sendmsg(p_msg); 2198 } 2199 2200 /******************************************************************************* 2201 * 2202 * Function bta_dm_sdp_callback 2203 * 2204 * Description Callback from sdp with discovery status 2205 * 2206 * Returns void 2207 * 2208 ******************************************************************************/ 2209 static void bta_dm_sdp_callback(uint16_t sdp_status) { 2210 tBTA_DM_SDP_RESULT* p_msg = 2211 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT)); 2212 2213 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT; 2214 p_msg->sdp_result = sdp_status; 2215 2216 bta_sys_sendmsg(p_msg); 2217 } 2218 2219 /******************************************************************************* 2220 * 2221 * Function bta_dm_inq_results_cb 2222 * 2223 * Description Inquiry results callback from BTM 2224 * 2225 * Returns void 2226 * 2227 ******************************************************************************/ 2228 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 2229 uint16_t eir_len) { 2230 tBTA_DM_SEARCH result; 2231 tBTM_INQ_INFO* p_inq_info; 2232 uint16_t service_class; 2233 2234 bdcpy(result.inq_res.bd_addr, p_inq->remote_bd_addr); 2235 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN); 2236 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class); 2237 result.inq_res.is_limited = 2238 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false; 2239 result.inq_res.rssi = p_inq->rssi; 2240 2241 result.inq_res.ble_addr_type = p_inq->ble_addr_type; 2242 result.inq_res.inq_result_type = p_inq->inq_result_type; 2243 result.inq_res.device_type = p_inq->device_type; 2244 result.inq_res.flag = p_inq->flag; 2245 2246 /* application will parse EIR to find out remote device name */ 2247 result.inq_res.p_eir = p_eir; 2248 result.inq_res.eir_len = eir_len; 2249 2250 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr); 2251 if (p_inq_info != NULL) { 2252 /* initialize remt_name_not_required to false so that we get the name by 2253 * default */ 2254 result.inq_res.remt_name_not_required = false; 2255 } 2256 2257 if (bta_dm_search_cb.p_search_cback) 2258 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result); 2259 2260 if (p_inq_info) { 2261 /* application indicates if it knows the remote name, inside the callback 2262 copy that to the inquiry data base*/ 2263 if (result.inq_res.remt_name_not_required) 2264 p_inq_info->appl_knows_rem_name = true; 2265 } 2266 } 2267 2268 /******************************************************************************* 2269 * 2270 * Function bta_dm_inq_cmpl_cb 2271 * 2272 * Description Inquiry complete callback from BTM 2273 * 2274 * Returns void 2275 * 2276 ******************************************************************************/ 2277 static void bta_dm_inq_cmpl_cb(void* p_result) { 2278 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2279 2280 APPL_TRACE_DEBUG("%s", __func__); 2281 2282 if (bta_dm_search_cb.cancel_pending == false) { 2283 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT; 2284 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp; 2285 } else { 2286 bta_dm_search_cb.cancel_pending = false; 2287 bta_dm_search_cancel_notify(NULL); 2288 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 2289 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 2290 } 2291 2292 bta_sys_sendmsg(p_msg); 2293 } 2294 2295 /******************************************************************************* 2296 * 2297 * Function bta_dm_service_search_remname_cback 2298 * 2299 * Description Remote name call back from BTM during service discovery 2300 * 2301 * Returns void 2302 * 2303 ******************************************************************************/ 2304 static void bta_dm_service_search_remname_cback(BD_ADDR bd_addr, 2305 UNUSED_ATTR DEV_CLASS dc, 2306 BD_NAME bd_name) { 2307 tBTM_REMOTE_DEV_NAME rem_name; 2308 tBTM_STATUS btm_status; 2309 2310 APPL_TRACE_DEBUG("bta_dm_service_search_remname_cback name=<%s>", bd_name); 2311 2312 /* if this is what we are looking for */ 2313 if (!bdcmp(bta_dm_search_cb.peer_bdaddr, bd_addr)) { 2314 rem_name.length = strlen((char*)bd_name); 2315 if (rem_name.length > (BD_NAME_LEN - 1)) { 2316 rem_name.length = (BD_NAME_LEN - 1); 2317 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0; 2318 } 2319 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN); 2320 rem_name.status = BTM_SUCCESS; 2321 2322 bta_dm_remname_cback(&rem_name); 2323 } else { 2324 /* get name of device */ 2325 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr, 2326 (tBTM_CMPL_CB*)bta_dm_remname_cback, 2327 BT_TRANSPORT_BR_EDR); 2328 if (btm_status == BTM_BUSY) { 2329 /* wait for next chance(notification of remote name discovery done) */ 2330 APPL_TRACE_DEBUG( 2331 "bta_dm_service_search_remname_cback: BTM_ReadRemoteDeviceName is " 2332 "busy"); 2333 } else if (btm_status != BTM_CMD_STARTED) { 2334 /* if failed to start getting remote name then continue */ 2335 APPL_TRACE_WARNING( 2336 "bta_dm_service_search_remname_cback: BTM_ReadRemoteDeviceName " 2337 "returns 0x%02X", 2338 btm_status); 2339 2340 rem_name.length = 0; 2341 rem_name.remote_bd_name[0] = 0; 2342 rem_name.status = btm_status; 2343 bta_dm_remname_cback(&rem_name); 2344 } 2345 } 2346 } 2347 2348 /******************************************************************************* 2349 * 2350 * Function bta_dm_remname_cback 2351 * 2352 * Description Remote name complete call back from BTM 2353 * 2354 * Returns void 2355 * 2356 ******************************************************************************/ 2357 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name) { 2358 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>", 2359 p_remote_name->length, p_remote_name->remote_bd_name); 2360 2361 /* remote name discovery is done but it could be failed */ 2362 bta_dm_search_cb.name_discover_done = true; 2363 strlcpy((char*)bta_dm_search_cb.peer_name, 2364 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN); 2365 2366 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 2367 2368 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) { 2369 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr); 2370 } 2371 2372 tBTA_DM_REM_NAME* p_msg = 2373 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME)); 2374 bdcpy(p_msg->result.disc_res.bd_addr, bta_dm_search_cb.peer_bdaddr); 2375 strlcpy((char*)p_msg->result.disc_res.bd_name, 2376 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN); 2377 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT; 2378 2379 bta_sys_sendmsg(p_msg); 2380 } 2381 2382 /******************************************************************************* 2383 * 2384 * Function bta_dm_authorize_cback 2385 * 2386 * Description cback requesting authorization 2387 * 2388 * Returns void 2389 * 2390 ******************************************************************************/ 2391 static uint8_t bta_dm_authorize_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, 2392 BD_NAME bd_name, 2393 UNUSED_ATTR uint8_t* service_name, 2394 uint8_t service_id, 2395 UNUSED_ATTR bool is_originator) { 2396 tBTA_DM_SEC sec_event; 2397 uint8_t index = 1; 2398 2399 bdcpy(sec_event.authorize.bd_addr, bd_addr); 2400 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN); 2401 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN); 2402 2403 #if (BTA_JV_INCLUDED == TRUE) 2404 sec_event.authorize.service = service_id; 2405 #endif 2406 2407 while (index < BTA_MAX_SERVICE_ID) { 2408 /* get the BTA service id corresponding to BTM id */ 2409 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) { 2410 sec_event.authorize.service = index; 2411 break; 2412 } 2413 index++; 2414 } 2415 2416 /* if supported service callback otherwise not authorized */ 2417 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID 2418 #if (BTA_JV_INCLUDED == TRUE) 2419 /* pass through JV service ID */ 2420 || (service_id >= BTA_FIRST_JV_SERVICE_ID && 2421 service_id <= BTA_LAST_JV_SERVICE_ID) 2422 #endif 2423 )) { 2424 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event); 2425 return BTM_CMD_STARTED; 2426 } else { 2427 return BTM_NOT_AUTHORIZED; 2428 } 2429 } 2430 2431 /******************************************************************************* 2432 * 2433 * Function bta_dm_pinname_cback 2434 * 2435 * Description Callback requesting pin_key 2436 * 2437 * Returns void 2438 * 2439 ******************************************************************************/ 2440 static void bta_dm_pinname_cback(void* p_data) { 2441 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data; 2442 tBTA_DM_SEC sec_event; 2443 uint32_t bytes_to_copy; 2444 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt; 2445 2446 if (BTA_DM_SP_CFM_REQ_EVT == event) { 2447 /* Retrieved saved device class and bd_addr */ 2448 bdcpy(sec_event.cfm_req.bd_addr, bta_dm_cb.pin_bd_addr); 2449 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class); 2450 2451 if (p_result && p_result->status == BTM_SUCCESS) { 2452 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1)) 2453 ? p_result->length 2454 : (BD_NAME_LEN - 1); 2455 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name, 2456 bytes_to_copy); 2457 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0; 2458 } else /* No name found */ 2459 sec_event.cfm_req.bd_name[0] = 0; 2460 2461 sec_event.key_notif.passkey = 2462 bta_dm_cb.num_val; /* get PIN code numeric number */ 2463 2464 /* 1 additional event data fields for this event */ 2465 sec_event.cfm_req.just_works = bta_dm_cb.just_works; 2466 } else { 2467 /* Retrieved saved device class and bd_addr */ 2468 bdcpy(sec_event.pin_req.bd_addr, bta_dm_cb.pin_bd_addr); 2469 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class); 2470 2471 if (p_result && p_result->status == BTM_SUCCESS) { 2472 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1)) 2473 ? p_result->length 2474 : (BD_NAME_LEN - 1); 2475 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name, 2476 bytes_to_copy); 2477 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0; 2478 } else /* No name found */ 2479 sec_event.pin_req.bd_name[0] = 0; 2480 2481 event = bta_dm_cb.pin_evt; 2482 sec_event.key_notif.passkey = 2483 bta_dm_cb.num_val; /* get PIN code numeric number */ 2484 } 2485 2486 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event); 2487 } 2488 2489 /******************************************************************************* 2490 * 2491 * Function bta_dm_pin_cback 2492 * 2493 * Description Callback requesting pin_key 2494 * 2495 * Returns void 2496 * 2497 ******************************************************************************/ 2498 static uint8_t bta_dm_pin_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, 2499 BD_NAME bd_name, bool min_16_digit) { 2500 tBTA_DM_SEC sec_event; 2501 2502 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED; 2503 2504 /* If the device name is not known, save bdaddr and devclass and initiate a 2505 * name request */ 2506 if (bd_name[0] == 0) { 2507 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT; 2508 bdcpy(bta_dm_cb.pin_bd_addr, bd_addr); 2509 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class); 2510 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback, 2511 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2512 return BTM_CMD_STARTED; 2513 2514 APPL_TRACE_WARNING( 2515 " bta_dm_pin_cback() -> Failed to start Remote Name Request "); 2516 } 2517 2518 bdcpy(sec_event.pin_req.bd_addr, bd_addr); 2519 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class); 2520 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN); 2521 sec_event.pin_req.min_16_digit = min_16_digit; 2522 2523 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event); 2524 return BTM_CMD_STARTED; 2525 } 2526 2527 /******************************************************************************* 2528 * 2529 * Function bta_dm_new_link_key_cback 2530 * 2531 * Description Callback from BTM to notify new link key 2532 * 2533 * Returns void 2534 * 2535 ******************************************************************************/ 2536 static uint8_t bta_dm_new_link_key_cback(BD_ADDR bd_addr, 2537 UNUSED_ATTR DEV_CLASS dev_class, 2538 BD_NAME bd_name, LINK_KEY key, 2539 uint8_t key_type) { 2540 tBTA_DM_SEC sec_event; 2541 tBTA_DM_AUTH_CMPL* p_auth_cmpl; 2542 uint8_t event; 2543 2544 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 2545 2546 /* Not AMP Key type */ 2547 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) { 2548 event = BTA_DM_AUTH_CMPL_EVT; 2549 p_auth_cmpl = &sec_event.auth_cmpl; 2550 2551 bdcpy(p_auth_cmpl->bd_addr, bd_addr); 2552 2553 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1)); 2554 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0; 2555 2556 p_auth_cmpl->key_present = true; 2557 p_auth_cmpl->key_type = key_type; 2558 p_auth_cmpl->success = true; 2559 2560 memcpy(p_auth_cmpl->key, key, LINK_KEY_LEN); 2561 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS; 2562 2563 // Report the BR link key based on the BR/EDR address and type 2564 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type, 2565 &sec_event.auth_cmpl.addr_type); 2566 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event); 2567 2568 // Setting remove_dev_pending flag to false, where it will avoid deleting 2569 // the 2570 // security device record when the ACL connection link goes down in case of 2571 // reconnection. 2572 if (bta_dm_cb.device_list.count) 2573 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr); 2574 } else { 2575 APPL_TRACE_WARNING("%s() Received AMP Key", __func__); 2576 } 2577 2578 return BTM_CMD_STARTED; 2579 } 2580 2581 /******************************************************************************* 2582 * 2583 * Function bta_dm_authentication_complete_cback 2584 * 2585 * Description Authentication complete callback from BTM 2586 * 2587 * Returns void 2588 * 2589 ******************************************************************************/ 2590 static uint8_t bta_dm_authentication_complete_cback( 2591 BD_ADDR bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name, 2592 int result) { 2593 tBTA_DM_SEC sec_event; 2594 2595 if (result != BTM_SUCCESS) { 2596 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 2597 bdcpy(sec_event.auth_cmpl.bd_addr, bd_addr); 2598 2599 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1)); 2600 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0; 2601 2602 // Report the BR link key based on the BR/EDR address and type 2603 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type, 2604 &sec_event.auth_cmpl.addr_type); 2605 sec_event.auth_cmpl.fail_reason = (uint8_t)result; 2606 2607 if (bta_dm_cb.p_sec_cback) 2608 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); 2609 2610 if (result != HCI_ERR_LMP_RESPONSE_TIMEOUT && 2611 result != HCI_ERR_PAGE_TIMEOUT && 2612 result != HCI_ERR_CONN_FAILED_ESTABLISHMENT) { 2613 bta_dm_remove_sec_dev_entry(bd_addr); 2614 } 2615 } 2616 2617 return BTM_SUCCESS; 2618 } 2619 2620 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 2621 /******************************************************************************* 2622 * 2623 * Function bta_dm_sp_cback 2624 * 2625 * Description simple pairing callback from BTM 2626 * 2627 * Returns void 2628 * 2629 ******************************************************************************/ 2630 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) { 2631 tBTM_STATUS status = BTM_CMD_STARTED; 2632 tBTA_DM_SEC sec_event; 2633 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT; 2634 2635 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event); 2636 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED; 2637 2638 /* TODO_SP */ 2639 switch (event) { 2640 case BTM_SP_IO_REQ_EVT: 2641 /* translate auth_req */ 2642 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap, 2643 &p_data->io_req.oob_data, &p_data->io_req.auth_req, 2644 p_data->io_req.is_orig); 2645 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req, 2646 p_data->io_req.oob_data); 2647 break; 2648 case BTM_SP_IO_RSP_EVT: 2649 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap, 2650 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req); 2651 break; 2652 2653 case BTM_SP_CFM_REQ_EVT: 2654 pin_evt = BTA_DM_SP_CFM_REQ_EVT; 2655 bta_dm_cb.just_works = sec_event.cfm_req.just_works = 2656 p_data->cfm_req.just_works; 2657 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req; 2658 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req; 2659 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps; 2660 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps; 2661 2662 /* continue to next case */ 2663 /* Passkey entry mode, mobile device with output capability is very 2664 unlikely to receive key request, so skip this event */ 2665 /*case BTM_SP_KEY_REQ_EVT: */ 2666 case BTM_SP_KEY_NOTIF_EVT: 2667 bta_dm_cb.num_val = sec_event.key_notif.passkey = 2668 p_data->key_notif.passkey; 2669 2670 if (BTM_SP_CFM_REQ_EVT == event) { 2671 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT, 2672 call remote name request using values from cfm_req */ 2673 if (p_data->cfm_req.bd_name[0] == 0) { 2674 bta_dm_cb.pin_evt = pin_evt; 2675 bdcpy(bta_dm_cb.pin_bd_addr, p_data->cfm_req.bd_addr); 2676 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, 2677 p_data->cfm_req.dev_class); 2678 if ((BTM_ReadRemoteDeviceName( 2679 p_data->cfm_req.bd_addr, bta_dm_pinname_cback, 2680 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2681 return BTM_CMD_STARTED; 2682 APPL_TRACE_WARNING( 2683 " bta_dm_sp_cback() -> Failed to start Remote Name Request "); 2684 } else { 2685 /* Due to the switch case falling through below to 2686 BTM_SP_KEY_NOTIF_EVT, 2687 copy these values into key_notif from cfm_req */ 2688 bdcpy(sec_event.key_notif.bd_addr, p_data->cfm_req.bd_addr); 2689 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class, 2690 p_data->cfm_req.dev_class); 2691 strlcpy((char*)sec_event.key_notif.bd_name, 2692 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN); 2693 } 2694 } 2695 2696 if (BTM_SP_KEY_NOTIF_EVT == event) { 2697 /* If the device name is not known, save bdaddr and devclass 2698 and initiate a name request with values from key_notif */ 2699 if (p_data->key_notif.bd_name[0] == 0) { 2700 bta_dm_cb.pin_evt = pin_evt; 2701 bdcpy(bta_dm_cb.pin_bd_addr, p_data->key_notif.bd_addr); 2702 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, 2703 p_data->key_notif.dev_class); 2704 if ((BTM_ReadRemoteDeviceName( 2705 p_data->key_notif.bd_addr, bta_dm_pinname_cback, 2706 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2707 return BTM_CMD_STARTED; 2708 APPL_TRACE_WARNING( 2709 " bta_dm_sp_cback() -> Failed to start Remote Name Request "); 2710 } else { 2711 bdcpy(sec_event.key_notif.bd_addr, p_data->key_notif.bd_addr); 2712 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class, 2713 p_data->key_notif.dev_class); 2714 strlcpy((char*)sec_event.key_notif.bd_name, 2715 (char*)p_data->key_notif.bd_name, BD_NAME_LEN); 2716 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0; 2717 } 2718 } 2719 2720 bta_dm_cb.p_sec_cback(pin_evt, &sec_event); 2721 2722 break; 2723 2724 case BTM_SP_LOC_OOB_EVT: 2725 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS), 2726 p_data->loc_oob.c, p_data->loc_oob.r); 2727 break; 2728 2729 case BTM_SP_RMT_OOB_EVT: 2730 /* If the device name is not known, save bdaddr and devclass and initiate 2731 * a name request */ 2732 if (p_data->rmt_oob.bd_name[0] == 0) { 2733 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT; 2734 bdcpy(bta_dm_cb.pin_bd_addr, p_data->rmt_oob.bd_addr); 2735 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, 2736 p_data->rmt_oob.dev_class); 2737 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr, 2738 bta_dm_pinname_cback, 2739 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2740 return BTM_CMD_STARTED; 2741 APPL_TRACE_WARNING( 2742 " bta_dm_sp_cback() -> Failed to start Remote Name Request "); 2743 } 2744 2745 bdcpy(sec_event.rmt_oob.bd_addr, p_data->rmt_oob.bd_addr); 2746 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class, 2747 p_data->rmt_oob.dev_class); 2748 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name, 2749 BD_NAME_LEN); 2750 2751 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event); 2752 2753 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr); 2754 break; 2755 2756 case BTM_SP_COMPLT_EVT: 2757 /* do not report this event - handled by link_key_callback or 2758 * auth_complete_callback */ 2759 break; 2760 2761 case BTM_SP_KEYPRESS_EVT: 2762 memcpy(&sec_event.key_press, &p_data->key_press, 2763 sizeof(tBTM_SP_KEYPRESS)); 2764 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event); 2765 break; 2766 2767 case BTM_SP_UPGRADE_EVT: 2768 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade); 2769 break; 2770 2771 default: 2772 status = BTM_NOT_AUTHORIZED; 2773 break; 2774 } 2775 APPL_TRACE_EVENT("dm status: %d", status); 2776 return status; 2777 } 2778 #endif 2779 2780 /******************************************************************************* 2781 * 2782 * Function bta_dm_local_name_cback 2783 * 2784 * Description Callback from btm after local name is read 2785 * 2786 * 2787 * Returns void 2788 * 2789 ******************************************************************************/ 2790 static void bta_dm_local_name_cback(UNUSED_ATTR uint8_t* p_name) { 2791 tBTA_DM_SEC sec_event; 2792 2793 sec_event.enable.status = BTA_SUCCESS; 2794 2795 if (bta_dm_cb.p_sec_cback) 2796 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event); 2797 } 2798 2799 /******************************************************************************* 2800 * 2801 * Function bta_dm_bl_change_cback 2802 * 2803 * Description Callback from btm when acl connection goes up or down 2804 * 2805 * 2806 * Returns void 2807 * 2808 ******************************************************************************/ 2809 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) { 2810 tBTA_DM_ACL_CHANGE* p_msg = 2811 (tBTA_DM_ACL_CHANGE*)osi_malloc(sizeof(tBTA_DM_ACL_CHANGE)); 2812 2813 p_msg->event = p_data->event; 2814 p_msg->is_new = false; 2815 2816 switch (p_msg->event) { 2817 case BTM_BL_CONN_EVT: 2818 p_msg->is_new = true; 2819 bdcpy(p_msg->bd_addr, p_data->conn.p_bda); 2820 p_msg->transport = p_data->conn.transport; 2821 p_msg->handle = p_data->conn.handle; 2822 break; 2823 case BTM_BL_DISCN_EVT: 2824 bdcpy(p_msg->bd_addr, p_data->discn.p_bda); 2825 p_msg->transport = p_data->discn.transport; 2826 p_msg->handle = p_data->discn.handle; 2827 break; 2828 case BTM_BL_UPDATE_EVT: 2829 p_msg->busy_level = p_data->update.busy_level; 2830 p_msg->busy_level_flags = p_data->update.busy_level_flags; 2831 break; 2832 case BTM_BL_ROLE_CHG_EVT: 2833 p_msg->new_role = p_data->role_chg.new_role; 2834 p_msg->hci_status = p_data->role_chg.hci_status; 2835 bdcpy(p_msg->bd_addr, p_data->role_chg.p_bda); 2836 break; 2837 case BTM_BL_COLLISION_EVT: 2838 bdcpy(p_msg->bd_addr, p_data->conn.p_bda); 2839 break; 2840 } 2841 2842 p_msg->hdr.event = BTA_DM_ACL_CHANGE_EVT; 2843 bta_sys_sendmsg(p_msg); 2844 } 2845 2846 /******************************************************************************* 2847 * 2848 * Function bta_dm_rs_cback 2849 * 2850 * Description Receives the role switch complete event 2851 * 2852 * Returns 2853 * 2854 ******************************************************************************/ 2855 static void bta_dm_rs_cback(UNUSED_ATTR tBTM_ROLE_SWITCH_CMPL* p1) { 2856 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event); 2857 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) { 2858 bta_dm_cb.search_msg.rs_res = 2859 BTA_DM_RS_OK; /* do not care about the result for now */ 2860 bta_dm_cb.rs_event = 0; 2861 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg); 2862 } 2863 } 2864 2865 /******************************************************************************* 2866 * 2867 * Function bta_dm_check_av 2868 * 2869 * Description This function checks if AV is active 2870 * if yes, make sure the AV link is master 2871 * 2872 * Returns bool - true, if switch is in progress 2873 * 2874 ******************************************************************************/ 2875 static bool bta_dm_check_av(uint16_t event) { 2876 bool avoid_roleswitch = false; 2877 bool switching = false; 2878 uint8_t i; 2879 tBTA_DM_PEER_DEVICE* p_dev; 2880 2881 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE) 2882 2883 /* avoid role switch upon inquiry if a2dp is actively streaming as it 2884 introduces an audioglitch due to FW scheduling delays (unavoidable) */ 2885 if (event == BTA_DM_API_SEARCH_EVT) { 2886 avoid_roleswitch = true; 2887 } 2888 #endif 2889 2890 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count); 2891 if (bta_dm_cb.cur_av_count) { 2892 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 2893 p_dev = &bta_dm_cb.device_list.peer_device[i]; 2894 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i, 2895 p_dev->conn_state, p_dev->info, avoid_roleswitch); 2896 if ((p_dev->conn_state == BTA_DM_CONNECTED) && 2897 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (avoid_roleswitch == false)) { 2898 /* make master and take away the role switch policy */ 2899 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr, 2900 HCI_ROLE_MASTER, 2901 (tBTM_CMPL_CB*)bta_dm_rs_cback)) { 2902 /* the role switch command is actually sent */ 2903 bta_dm_cb.rs_event = event; 2904 switching = true; 2905 } 2906 /* else either already master or can not switch for some reasons */ 2907 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH, 2908 p_dev->peer_bdaddr); 2909 break; 2910 } 2911 } 2912 } 2913 return switching; 2914 } 2915 2916 /******************************************************************************* 2917 * 2918 * Function bta_dm_acl_change 2919 * 2920 * Description Process BTA_DM_ACL_CHANGE_EVT 2921 * 2922 * 2923 * Returns void 2924 * 2925 ******************************************************************************/ 2926 void bta_dm_acl_change(tBTA_DM_MSG* p_data) { 2927 uint8_t i; 2928 uint8_t* p; 2929 tBTA_DM_SEC conn; 2930 bool is_new = p_data->acl_change.is_new; 2931 BD_ADDR_PTR p_bda = p_data->acl_change.bd_addr; 2932 bool need_policy_change = false; 2933 bool issue_unpair_cb = false; 2934 2935 tBTA_DM_PEER_DEVICE* p_dev; 2936 memset(&conn, 0, sizeof(tBTA_DM_SEC)); 2937 2938 switch (p_data->acl_change.event) { 2939 case BTM_BL_UPDATE_EVT: /* busy level update */ 2940 if (bta_dm_cb.p_sec_cback) { 2941 conn.busy_level.level = p_data->acl_change.busy_level; 2942 conn.busy_level.level_flags = p_data->acl_change.busy_level_flags; 2943 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn); 2944 } 2945 return; 2946 2947 case BTM_BL_ROLE_CHG_EVT: /* role change event */ 2948 p_dev = bta_dm_find_peer_device(p_bda); 2949 if (p_dev) { 2950 APPL_TRACE_DEBUG( 2951 "bta_dm_acl_change role chg info:x%x new_role:%d dev count:%d", 2952 p_dev->info, p_data->acl_change.new_role, 2953 bta_dm_cb.device_list.count); 2954 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) { 2955 /* there's AV activity on this link */ 2956 if (p_data->acl_change.new_role == HCI_ROLE_SLAVE && 2957 bta_dm_cb.device_list.count > 1 && 2958 p_data->acl_change.hci_status == HCI_SUCCESS) { 2959 /* more than one connections and the AV connection is role switched 2960 * to slave 2961 * switch it back to master and remove the switch policy */ 2962 BTM_SwitchRole(p_bda, BTM_ROLE_MASTER, NULL); 2963 need_policy_change = true; 2964 } else if (p_bta_dm_cfg->avoid_scatter && 2965 (p_data->acl_change.new_role == HCI_ROLE_MASTER)) { 2966 /* if the link updated to be master include AV activities, remove 2967 * the switch policy */ 2968 need_policy_change = true; 2969 } 2970 2971 if (need_policy_change) { 2972 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, 2973 HCI_ENABLE_MASTER_SLAVE_SWITCH, 2974 p_dev->peer_bdaddr); 2975 } 2976 } else { 2977 /* there's AV no activity on this link and role switch happened 2978 * check if AV is active 2979 * if so, make sure the AV link is master */ 2980 bta_dm_check_av(0); 2981 } 2982 bta_sys_notify_role_chg(p_data->acl_change.bd_addr, 2983 p_data->acl_change.new_role, 2984 p_data->acl_change.hci_status); 2985 bdcpy(conn.role_chg.bd_addr, p_bda); 2986 conn.role_chg.new_role = (uint8_t)p_data->acl_change.new_role; 2987 if (bta_dm_cb.p_sec_cback) 2988 bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, (tBTA_DM_SEC*)&conn); 2989 } 2990 return; 2991 } 2992 2993 /* Collision report from Stack: Notify profiles */ 2994 if (p_data->acl_change.event == BTM_BL_COLLISION_EVT) { 2995 bta_sys_notify_collision(p_bda); 2996 return; 2997 } 2998 2999 if (is_new) { 3000 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 3001 if (!bdcmp(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, p_bda) && 3002 bta_dm_cb.device_list.peer_device[i].conn_handle == 3003 p_data->acl_change.handle) 3004 break; 3005 } 3006 3007 if (i == bta_dm_cb.device_list.count) { 3008 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) { 3009 bdcpy(bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count] 3010 .peer_bdaddr, 3011 p_bda); 3012 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count] 3013 .link_policy = bta_dm_cb.cur_policy; 3014 bta_dm_cb.device_list.count++; 3015 bta_dm_cb.device_list.peer_device[i].conn_handle = 3016 p_data->acl_change.handle; 3017 if (p_data->acl_change.transport == BT_TRANSPORT_LE) 3018 bta_dm_cb.device_list.le_count++; 3019 } else { 3020 APPL_TRACE_ERROR("%s max active connection reached, no resources", 3021 __func__); 3022 return; 3023 } 3024 } 3025 3026 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED; 3027 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE; 3028 bdcpy(conn.link_up.bd_addr, p_bda); 3029 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE; 3030 conn.link_up.link_type = p_data->acl_change.transport; 3031 bta_dm_cb.device_list.peer_device[i].transport = 3032 p_data->acl_change.transport; 3033 3034 if (((NULL != (p = BTM_ReadLocalFeatures())) && 3035 HCI_SNIFF_SUB_RATE_SUPPORTED(p)) && 3036 ((NULL != (p = BTM_ReadRemoteFeatures(p_bda))) && 3037 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) { 3038 /* both local and remote devices support SSR */ 3039 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR; 3040 } 3041 APPL_TRACE_WARNING("%s info: 0x%x", __func__, 3042 bta_dm_cb.device_list.peer_device[i].info); 3043 3044 if (bta_dm_cb.p_sec_cback) 3045 bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, (tBTA_DM_SEC*)&conn); 3046 } else { 3047 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 3048 if (bdcmp(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, p_bda) || 3049 bta_dm_cb.device_list.peer_device[i].transport != 3050 p_data->acl_change.transport) 3051 continue; 3052 3053 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) { 3054 if (BTM_SecDeleteDevice( 3055 bta_dm_cb.device_list.peer_device[i].peer_bdaddr)) 3056 issue_unpair_cb = true; 3057 3058 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__, 3059 issue_unpair_cb); 3060 } 3061 3062 conn.link_down.is_removed = 3063 bta_dm_cb.device_list.peer_device[i].remove_dev_pending; 3064 3065 // Iterate to the one before the last when shrinking the list, 3066 // otherwise we memcpy garbage data into the record. 3067 // Then clear out the last item in the list since we are shrinking. 3068 for (; i < bta_dm_cb.device_list.count - 1; i++) { 3069 memcpy(&bta_dm_cb.device_list.peer_device[i], 3070 &bta_dm_cb.device_list.peer_device[i + 1], 3071 sizeof(bta_dm_cb.device_list.peer_device[i])); 3072 } 3073 if (bta_dm_cb.device_list.count > 0) { 3074 int clear_index = bta_dm_cb.device_list.count - 1; 3075 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0, 3076 sizeof(bta_dm_cb.device_list.peer_device[clear_index])); 3077 } 3078 break; 3079 } 3080 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--; 3081 if ((p_data->acl_change.transport == BT_TRANSPORT_LE) && 3082 (bta_dm_cb.device_list.le_count)) 3083 bta_dm_cb.device_list.le_count--; 3084 conn.link_down.link_type = p_data->acl_change.transport; 3085 3086 if (bta_dm_search_cb.wait_disc && 3087 !bdcmp(bta_dm_search_cb.peer_bdaddr, p_bda)) { 3088 bta_dm_search_cb.wait_disc = false; 3089 3090 if (bta_dm_search_cb.sdp_results) { 3091 APPL_TRACE_EVENT(" timer stopped "); 3092 alarm_cancel(bta_dm_search_cb.search_timer); 3093 bta_dm_discover_next_device(); 3094 } 3095 } 3096 3097 if (bta_dm_cb.disabling) { 3098 if (!BTM_GetNumAclLinks()) { 3099 /* 3100 * Start a timer to make sure that the profiles 3101 * get the disconnect event. 3102 */ 3103 alarm_set_on_queue( 3104 bta_dm_cb.disable_timer, BTA_DM_DISABLE_CONN_DOWN_TIMER_MS, 3105 bta_dm_disable_conn_down_timer_cback, NULL, btu_bta_alarm_queue); 3106 } 3107 } 3108 if (conn.link_down.is_removed) { 3109 BTM_SecDeleteDevice(p_bda); 3110 /* need to remove all pending background connection */ 3111 BTA_GATTC_CancelOpen(0, p_bda, false); 3112 /* remove all cached GATT information */ 3113 BTA_GATTC_Refresh(p_bda); 3114 } 3115 3116 bdcpy(conn.link_down.bd_addr, p_bda); 3117 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code(); 3118 if (bta_dm_cb.p_sec_cback) { 3119 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn); 3120 if (issue_unpair_cb) 3121 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn); 3122 } 3123 } 3124 3125 bta_dm_adjust_roles(true); 3126 } 3127 3128 /******************************************************************************* 3129 * 3130 * Function bta_dm_disable_conn_down_timer_cback 3131 * 3132 * Description Sends disable event to application 3133 * 3134 * 3135 * Returns void 3136 * 3137 ******************************************************************************/ 3138 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) { 3139 tBTA_SYS_HW_MSG* sys_enable_event = 3140 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG)); 3141 3142 /* disable the power managment module */ 3143 bta_dm_disable_pm(); 3144 3145 /* register our callback to SYS HW manager */ 3146 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback); 3147 3148 /* send a message to BTA SYS */ 3149 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT; 3150 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH; 3151 bta_sys_sendmsg(sys_enable_event); 3152 3153 bta_dm_cb.disabling = false; 3154 } 3155 3156 /******************************************************************************* 3157 * 3158 * Function bta_dm_rm_cback 3159 * 3160 * Description Role management callback from sys 3161 * 3162 * 3163 * Returns void 3164 * 3165 ******************************************************************************/ 3166 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 3167 uint8_t app_id, BD_ADDR peer_addr) { 3168 uint8_t j; 3169 tBTA_PREF_ROLES role; 3170 tBTA_DM_PEER_DEVICE* p_dev; 3171 3172 p_dev = bta_dm_find_peer_device(peer_addr); 3173 if (status == BTA_SYS_CONN_OPEN) { 3174 if (p_dev) { 3175 /* Do not set to connected if we are in the middle of unpairing. When AV 3176 * stream is 3177 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role 3178 * switch command. 3179 * But this should not be done if we are in the middle of unpairing. 3180 */ 3181 if (p_dev->conn_state != BTA_DM_UNPAIRING) 3182 p_dev->conn_state = BTA_DM_CONNECTED; 3183 3184 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) { 3185 if (((p_bta_dm_rm_cfg[j].app_id == app_id) || 3186 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) && 3187 (p_bta_dm_rm_cfg[j].id == id)) { 3188 role = p_bta_dm_rm_cfg[j].cfg; 3189 3190 if (role > p_dev->pref_role) p_dev->pref_role = role; 3191 break; 3192 } 3193 } 3194 } 3195 } 3196 3197 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) { 3198 if (status == BTA_SYS_CONN_BUSY) { 3199 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE; 3200 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */ 3201 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count(); 3202 } else if (status == BTA_SYS_CONN_IDLE) { 3203 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE; 3204 3205 /* get cur_av_count from connected services */ 3206 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count(); 3207 } 3208 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count, 3209 status); 3210 } 3211 3212 /* Don't adjust roles for each busy/idle state transition to avoid 3213 excessive switch requests when individual profile busy/idle status 3214 changes */ 3215 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE)) 3216 bta_dm_adjust_roles(false); 3217 } 3218 3219 /******************************************************************************* 3220 * 3221 * Function bta_dm_delay_role_switch_cback 3222 * 3223 * Description Callback from btm to delay a role switch 3224 * 3225 * Returns void 3226 * 3227 ******************************************************************************/ 3228 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) { 3229 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__); 3230 bta_dm_adjust_roles(false); 3231 } 3232 3233 /******************************************************************************* 3234 * 3235 * Function bta_dm_reset_sec_dev_pending 3236 * 3237 * Description Setting the remove device pending status to false from 3238 * security device DB, when the link key notification 3239 * event comes. 3240 * 3241 * Returns void 3242 * 3243 ******************************************************************************/ 3244 static void bta_dm_reset_sec_dev_pending(BD_ADDR remote_bd_addr) { 3245 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) { 3246 if (bdcmp(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 3247 remote_bd_addr) == 0) { 3248 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false; 3249 return; 3250 } 3251 } 3252 } 3253 3254 /******************************************************************************* 3255 * 3256 * Function bta_dm_remove_sec_dev_entry 3257 * 3258 * Description Removes device entry from Security device DB if ACL 3259 connection with 3260 * remtoe device does not exist, else schedule for dev entry 3261 removal upon 3262 ACL close 3263 * 3264 * Returns void 3265 * 3266 ******************************************************************************/ 3267 static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr) { 3268 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) || 3269 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) { 3270 APPL_TRACE_DEBUG( 3271 "%s ACL is not down. Schedule for Dev Removal when ACL closes", 3272 __func__); 3273 BTM_SecClearSecurityFlags(remote_bd_addr); 3274 for (int i = 0; i < bta_dm_cb.device_list.count; i++) { 3275 if (!bdcmp(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 3276 remote_bd_addr)) { 3277 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE; 3278 break; 3279 } 3280 } 3281 } else { 3282 BTM_SecDeleteDevice(remote_bd_addr); 3283 /* need to remove all pending background connection */ 3284 BTA_GATTC_CancelOpen(0, remote_bd_addr, false); 3285 /* remove all cached GATT information */ 3286 BTA_GATTC_Refresh(remote_bd_addr); 3287 } 3288 } 3289 3290 /******************************************************************************* 3291 * 3292 * Function bta_dm_adjust_roles 3293 * 3294 * Description Adjust roles 3295 * 3296 * 3297 * Returns void 3298 * 3299 ******************************************************************************/ 3300 static void bta_dm_adjust_roles(bool delay_role_switch) { 3301 uint8_t i; 3302 bool set_master_role = false; 3303 uint8_t br_count = 3304 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count; 3305 if (br_count) { 3306 /* the configuration is no scatternet 3307 * or AV connection exists and there are more than one ACL link */ 3308 i