1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2014 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains the action functions for device manager state 22 * machine. 23 * 24 ******************************************************************************/ 25 26 #define LOG_TAG "bt_bta_dm" 27 28 #include <base/bind.h> 29 #include <base/callback.h> 30 #include <base/logging.h> 31 #include <string.h> 32 33 #include "bt_common.h" 34 #include "bt_target.h" 35 #include "bt_types.h" 36 #include "bta_api.h" 37 #include "bta_dm_api.h" 38 #include "bta_dm_co.h" 39 #include "bta_dm_int.h" 40 #include "bta_sys.h" 41 #include "btm_api.h" 42 #include "btm_int.h" 43 #include "btu.h" 44 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */ 45 #include "l2c_api.h" 46 #include "osi/include/log.h" 47 #include "osi/include/osi.h" 48 #include "sdp_api.h" 49 #include "utl.h" 50 51 #if (GAP_INCLUDED == TRUE) 52 #include "gap_api.h" 53 #endif 54 55 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 56 uint16_t eir_len); 57 static void bta_dm_inq_cmpl_cb(void* p_result); 58 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr, 59 DEV_CLASS dc, BD_NAME bd_name); 60 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name); 61 static void bta_dm_find_services(const RawAddress& bd_addr); 62 static void bta_dm_discover_next_device(void); 63 static void bta_dm_sdp_callback(uint16_t sdp_status); 64 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr, 65 DEV_CLASS dev_class, BD_NAME bd_name, 66 uint8_t* service_name, uint8_t service_id, 67 bool is_originator); 68 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class, 69 BD_NAME bd_name, bool min_16_digit); 70 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr, 71 DEV_CLASS dev_class, BD_NAME bd_name, 72 LINK_KEY key, uint8_t key_type); 73 static uint8_t bta_dm_authentication_complete_cback(const RawAddress& bd_addr, 74 DEV_CLASS dev_class, 75 BD_NAME bd_name, 76 int result); 77 static void bta_dm_local_name_cback(const RawAddress& bd_addr); 78 static bool bta_dm_check_av(uint16_t event); 79 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data); 80 81 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 82 uint8_t app_id, const RawAddress* peer_addr); 83 84 /* Extended Inquiry Response */ 85 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 86 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data); 87 #endif 88 89 static void bta_dm_set_eir(char* local_name); 90 91 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result, 92 tBTA_SERVICE_MASK* p_services_to_search, 93 tBTA_SERVICE_MASK* p_services_found); 94 95 static void bta_dm_search_timer_cback(void* data); 96 static void bta_dm_disable_conn_down_timer_cback(void* data); 97 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 98 uint8_t app_id, const RawAddress* peer_addr); 99 static void bta_dm_adjust_roles(bool delay_role_switch); 100 static char* bta_dm_get_remname(void); 101 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result); 102 103 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr, 104 tBT_TRANSPORT transport); 105 static void bta_dm_discover_device(const RawAddress& remote_bd_addr); 106 107 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status); 108 static void bta_dm_disable_search_and_disc(void); 109 110 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda, 111 tBTM_LE_EVT_DATA* p_data); 112 static void bta_dm_ble_id_key_cback(uint8_t key_type, 113 tBTM_BLE_LOCAL_KEYS* p_key); 114 static void bta_dm_gattc_register(void); 115 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr); 116 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr); 117 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data); 118 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void); 119 120 #if (BLE_VND_INCLUDED == TRUE) 121 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result); 122 #endif 123 124 #ifndef BTA_DM_BLE_ADV_CHNL_MAP 125 #define BTA_DM_BLE_ADV_CHNL_MAP \ 126 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39) 127 #endif 128 129 /* Disable timer interval (in milliseconds) */ 130 #ifndef BTA_DM_DISABLE_TIMER_MS 131 #define BTA_DM_DISABLE_TIMER_MS 5000 132 #endif 133 134 /* Disable timer retrial interval (in milliseconds) */ 135 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS 136 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500 137 #endif 138 139 /* Disable connection down timer (in milliseconds) */ 140 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 141 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000 142 #endif 143 144 /* Switch delay timer (in milliseconds) */ 145 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS 146 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500 147 #endif 148 149 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr); 150 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr); 151 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 152 uint16_t eir_len); 153 static void bta_dm_observe_cmpl_cb(void* p_result); 154 static void bta_dm_delay_role_switch_cback(void* data); 155 static void bta_dm_disable_timer_cback(void* data); 156 157 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = { 158 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */ 159 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */ 160 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */ 161 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */ 162 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */ 163 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */ 164 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */ 165 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */ 166 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */ 167 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */ 168 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */ 169 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */ 170 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */ 171 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */ 172 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */ 173 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */ 174 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */ 175 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */ 176 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */ 177 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */ 178 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */ 179 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */ 180 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */ 181 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */ 182 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */ 183 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */ 184 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */ 185 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */ 186 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */ 187 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */ 188 }; 189 190 /* 191 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should 192 * be matching with 193 * the value BTA_MAX_SERVICE_ID in bta_api.h 194 * 195 * i.e., If you add new Service ID for BTA, the correct security ID of 196 * the new service 197 * from Security service definitions (btm_api.h) should be added to 198 * this lookup table. 199 */ 200 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = { 201 0, /* Reserved */ 202 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */ 203 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */ 204 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */ 205 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */ 206 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */ 207 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */ 208 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */ 209 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */ 210 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */ 211 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */ 212 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */ 213 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */ 214 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */ 215 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */ 216 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */ 217 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */ 218 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */ 219 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */ 220 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */ 221 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */ 222 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */ 223 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */ 224 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */ 225 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */ 226 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */ 227 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */ 228 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */ 229 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */ 230 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */ 231 }; 232 233 /* bta security callback */ 234 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback, 235 &bta_dm_pin_cback, 236 &bta_dm_new_link_key_cback, 237 &bta_dm_authentication_complete_cback, 238 &bta_dm_bond_cancel_complete_cback, 239 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 240 &bta_dm_sp_cback, 241 #else 242 NULL, 243 #endif 244 &bta_dm_ble_smp_cback, 245 &bta_dm_ble_id_key_cback}; 246 247 #define MAX_DISC_RAW_DATA_BUF (4096) 248 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF]; 249 250 extern DEV_CLASS local_device_default_class; 251 252 /******************************************************************************* 253 * 254 * Function bta_dm_enable 255 * 256 * Description Initialises the BT device manager 257 * 258 * 259 * Returns void 260 * 261 ******************************************************************************/ 262 void bta_dm_enable(tBTA_DM_MSG* p_data) { 263 tBTA_DM_ENABLE enable_event; 264 265 /* if already in use, return an error */ 266 if (bta_dm_cb.is_bta_dm_active == true) { 267 APPL_TRACE_WARNING("%s Device already started by another application", 268 __func__); 269 memset(&enable_event, 0, sizeof(tBTA_DM_ENABLE)); 270 enable_event.status = BTA_FAILURE; 271 if (p_data->enable.p_sec_cback != NULL) 272 p_data->enable.p_sec_cback(BTA_DM_ENABLE_EVT, 273 (tBTA_DM_SEC*)&enable_event); 274 return; 275 } 276 277 /* first, register our callback to SYS HW manager */ 278 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback); 279 280 /* make sure security callback is saved - if no callback, do not erase the 281 previous one, 282 it could be an error recovery mechanism */ 283 if (p_data->enable.p_sec_cback != NULL) 284 bta_dm_cb.p_sec_cback = p_data->enable.p_sec_cback; 285 /* notify BTA DM is now active */ 286 bta_dm_cb.is_bta_dm_active = true; 287 288 /* send a message to BTA SYS */ 289 tBTA_SYS_HW_MSG* sys_enable_event = 290 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG)); 291 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT; 292 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH; 293 294 bta_sys_sendmsg(sys_enable_event); 295 } 296 297 /******************************************************************************* 298 * 299 * Function bta_dm_init_cb 300 * 301 * Description Initializes the bta_dm_cb control block 302 * 303 * 304 * Returns void 305 * 306 ******************************************************************************/ 307 void bta_dm_init_cb(void) { 308 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); 309 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer"); 310 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer"); 311 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) { 312 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) { 313 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer"); 314 } 315 } 316 } 317 318 /******************************************************************************* 319 * 320 * Function bta_dm_deinit_cb 321 * 322 * Description De-initializes the bta_dm_cb control block 323 * 324 * 325 * Returns void 326 * 327 ******************************************************************************/ 328 void bta_dm_deinit_cb(void) { 329 /* 330 * TODO: Should alarm_free() the bta_dm_cb timers during graceful 331 * shutdown. 332 */ 333 alarm_free(bta_dm_cb.disable_timer); 334 alarm_free(bta_dm_cb.switch_delay_timer); 335 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) { 336 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) { 337 alarm_free(bta_dm_cb.pm_timer[i].timer[j]); 338 } 339 } 340 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); 341 } 342 343 /******************************************************************************* 344 * 345 * Function bta_dm_sys_hw_cback 346 * 347 * Description callback register to SYS to get HW status updates 348 * 349 * 350 * Returns void 351 * 352 ******************************************************************************/ 353 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) { 354 DEV_CLASS dev_class; 355 tBTA_DM_SEC_CBACK* temp_cback; 356 uint8_t key_mask = 0; 357 BT_OCTET16 er; 358 tBTA_BLE_LOCAL_ID_KEYS id_key; 359 360 APPL_TRACE_DEBUG("%s with event: %i", __func__, status); 361 362 /* On H/W error evt, report to the registered DM application callback */ 363 if (status == BTA_SYS_HW_ERROR_EVT) { 364 if (bta_dm_cb.p_sec_cback != NULL) 365 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL); 366 return; 367 } 368 369 if (status == BTA_SYS_HW_OFF_EVT) { 370 if (bta_dm_cb.p_sec_cback != NULL) 371 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL); 372 373 /* reinitialize the control block */ 374 bta_dm_deinit_cb(); 375 376 /* hw is ready, go on with BTA DM initialization */ 377 alarm_free(bta_dm_search_cb.search_timer); 378 alarm_free(bta_dm_search_cb.gatt_close_timer); 379 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb)); 380 381 /* unregister from SYS */ 382 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH); 383 /* notify BTA DM is now unactive */ 384 bta_dm_cb.is_bta_dm_active = false; 385 } else if (status == BTA_SYS_HW_ON_EVT) { 386 /* FIXME: We should not unregister as the SYS shall invoke this callback on 387 * a H/W error. 388 * We need to revisit when this platform has more than one BLuetooth H/W 389 * chip 390 */ 391 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH); 392 393 /* save security callback */ 394 temp_cback = bta_dm_cb.p_sec_cback; 395 /* make sure the control block is properly initialized */ 396 bta_dm_init_cb(); 397 /* and retrieve the callback */ 398 bta_dm_cb.p_sec_cback = temp_cback; 399 bta_dm_cb.is_bta_dm_active = true; 400 401 /* hw is ready, go on with BTA DM initialization */ 402 alarm_free(bta_dm_search_cb.search_timer); 403 alarm_free(bta_dm_search_cb.gatt_close_timer); 404 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb)); 405 /* 406 * TODO: Should alarm_free() the bta_dm_search_cb timers during 407 * graceful shutdown. 408 */ 409 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer"); 410 bta_dm_search_cb.gatt_close_timer = 411 alarm_new("bta_dm_search.gatt_close_timer"); 412 413 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs)); 414 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB)); 415 416 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class)); 417 BTM_SetDeviceClass(dev_class); 418 419 /* load BLE local information: ID keys, ER if available */ 420 bta_dm_co_ble_load_local_keys(&key_mask, er, &id_key); 421 422 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) { 423 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER, 424 (tBTM_BLE_LOCAL_KEYS*)&er); 425 } 426 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) { 427 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID, 428 (tBTM_BLE_LOCAL_KEYS*)&id_key); 429 } 430 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID; 431 432 BTM_SecRegister((tBTM_APPL_INFO*)&bta_security); 433 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout); 434 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout); 435 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings; 436 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy); 437 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL, 438 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK); 439 440 #if (BLE_VND_INCLUDED == TRUE) 441 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback); 442 #else 443 /* If VSC multi adv commands are available, advertising will be initialized 444 * when capabilities are read. If they are not avaliable, initialize 445 * advertising here */ 446 btm_ble_adv_init(); 447 #endif 448 449 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the 450 bd_addr 451 from the control block and invoking the callback which was sending the 452 DM_ENABLE_EVT. 453 But then we have a few HCI commands being invoked above which were still 454 in progress 455 when the ENABLE_EVT was sent. So modified this to fetch the local name 456 which forces 457 the DM_ENABLE_EVT to be sent only after all the init steps are complete 458 */ 459 BTM_ReadLocalDeviceNameFromController( 460 (tBTM_CMPL_CB*)bta_dm_local_name_cback); 461 462 bta_sys_rm_register((tBTA_SYS_CONN_CBACK*)bta_dm_rm_cback); 463 464 /* initialize bluetooth low power manager */ 465 bta_dm_init_pm(); 466 467 bta_sys_policy_register((tBTA_SYS_CONN_CBACK*)bta_dm_policy_cback); 468 469 bta_dm_gattc_register(); 470 471 } else 472 APPL_TRACE_DEBUG(" --- ignored event"); 473 } 474 475 /******************************************************************************* 476 * 477 * Function bta_dm_disable 478 * 479 * Description Disables the BT device manager 480 * 481 * 482 * Returns void 483 * 484 ******************************************************************************/ 485 void bta_dm_disable(UNUSED_ATTR tBTA_DM_MSG* p_data) { 486 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after 487 * last channel is closed) */ 488 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR); 489 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE); 490 491 /* disable all active subsystems */ 492 bta_sys_disable(BTA_SYS_HW_BLUETOOTH); 493 494 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0); 495 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0); 496 497 bta_dm_disable_pm(); 498 bta_dm_disable_search_and_disc(); 499 bta_dm_cb.disabling = true; 500 501 BTM_BleClearBgConnDev(); 502 503 if (BTM_GetNumAclLinks() == 0) { 504 #if (BTA_DISABLE_DELAY > 0) 505 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the 506 * shutdown by 507 * BTA_DISABLE_DELAY milliseconds 508 */ 509 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__, 510 BTA_DISABLE_DELAY); 511 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY, 512 bta_dm_disable_conn_down_timer_cback, NULL); 513 #else 514 bta_dm_disable_conn_down_timer_cback(NULL); 515 #endif 516 } else { 517 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS, 518 bta_dm_disable_timer_cback, UINT_TO_PTR(0)); 519 } 520 } 521 522 /******************************************************************************* 523 * 524 * Function bta_dm_disable_timer_cback 525 * 526 * Description Called if the disable timer expires 527 * Used to close ACL connections which are still active 528 * 529 * 530 * 531 * Returns void 532 * 533 ******************************************************************************/ 534 static void bta_dm_disable_timer_cback(void* data) { 535 uint8_t i; 536 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 537 bool trigger_disc = false; 538 uint32_t param = PTR_TO_UINT(data); 539 540 APPL_TRACE_EVENT("%s trial %u", __func__, param); 541 542 if (BTM_GetNumAclLinks() && (param == 0)) { 543 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 544 transport = bta_dm_cb.device_list.peer_device[i].transport; 545 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 546 transport); 547 trigger_disc = true; 548 } 549 550 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still 551 need 552 to be sent out to avoid jave layer disable timeout */ 553 if (trigger_disc) { 554 alarm_set_on_mloop(bta_dm_cb.disable_timer, 555 BTA_DM_DISABLE_TIMER_RETRIAL_MS, 556 bta_dm_disable_timer_cback, UINT_TO_PTR(1)); 557 } 558 } else { 559 bta_dm_cb.disabling = false; 560 561 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION); 562 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL); 563 } 564 } 565 566 /******************************************************************************* 567 * 568 * Function bta_dm_set_dev_name 569 * 570 * Description Sets local device name 571 * 572 * 573 * Returns void 574 * 575 ******************************************************************************/ 576 void bta_dm_set_dev_name(tBTA_DM_MSG* p_data) { 577 BTM_SetLocalDeviceName((char*)p_data->set_name.name); 578 bta_dm_set_eir((char*)p_data->set_name.name); 579 } 580 581 /******************************************************************************* 582 * 583 * Function bta_dm_set_visibility 584 * 585 * Description Sets discoverability, connectability and pairability 586 * 587 * 588 * Returns void 589 * 590 ******************************************************************************/ 591 void bta_dm_set_visibility(tBTA_DM_MSG* p_data) { 592 uint16_t window, interval; 593 uint16_t le_disc_mode = BTM_BleReadDiscoverability(); 594 uint16_t le_conn_mode = BTM_BleReadConnectability(); 595 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval); 596 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval); 597 598 /* set modes for Discoverability and connectability if not ignore */ 599 if (p_data->set_visibility.disc_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) { 600 if ((p_data->set_visibility.disc_mode & BTA_DM_LE_IGNORE) == 601 BTA_DM_LE_IGNORE) 602 p_data->set_visibility.disc_mode = 603 ((p_data->set_visibility.disc_mode & ~BTA_DM_LE_IGNORE) | 604 le_disc_mode); 605 if ((p_data->set_visibility.disc_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE) 606 p_data->set_visibility.disc_mode = 607 ((p_data->set_visibility.disc_mode & ~BTA_DM_IGNORE) | disc_mode); 608 609 BTM_SetDiscoverability(p_data->set_visibility.disc_mode, 610 bta_dm_cb.inquiry_scan_window, 611 bta_dm_cb.inquiry_scan_interval); 612 } 613 614 if (p_data->set_visibility.conn_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) { 615 if ((p_data->set_visibility.conn_mode & BTA_DM_LE_IGNORE) == 616 BTA_DM_LE_IGNORE) 617 p_data->set_visibility.conn_mode = 618 ((p_data->set_visibility.conn_mode & ~BTA_DM_LE_IGNORE) | 619 le_conn_mode); 620 if ((p_data->set_visibility.conn_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE) 621 p_data->set_visibility.conn_mode = 622 ((p_data->set_visibility.conn_mode & ~BTA_DM_IGNORE) | conn_mode); 623 624 BTM_SetConnectability(p_data->set_visibility.conn_mode, 625 bta_dm_cb.page_scan_window, 626 bta_dm_cb.page_scan_interval); 627 } 628 629 /* Send False or True if not ignore */ 630 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE) { 631 if (p_data->set_visibility.pair_mode == BTA_DM_NON_PAIRABLE) 632 bta_dm_cb.disable_pair_mode = true; 633 else 634 bta_dm_cb.disable_pair_mode = false; 635 } 636 637 /* Send False or True if not ignore */ 638 if (p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE) { 639 if (p_data->set_visibility.conn_paired_only == BTA_DM_CONN_ALL) 640 bta_dm_cb.conn_paired_only = false; 641 else 642 bta_dm_cb.conn_paired_only = true; 643 } 644 645 /* Change mode if either mode is not ignore */ 646 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE || 647 p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE) 648 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)), 649 bta_dm_cb.conn_paired_only); 650 } 651 652 /******************************************************************************* 653 * 654 * Function bta_dm_process_remove_device 655 * 656 * Description Removes device, Disconnects ACL link if required. 657 *** 658 ******************************************************************************/ 659 void bta_dm_process_remove_device(const RawAddress& bd_addr) { 660 /* need to remove all pending background connection before unpair */ 661 BTA_GATTC_CancelOpen(0, bd_addr, false); 662 663 BTM_SecDeleteDevice(bd_addr); 664 665 /* remove all cached GATT information */ 666 BTA_GATTC_Refresh(bd_addr); 667 668 if (bta_dm_cb.p_sec_cback) { 669 tBTA_DM_SEC sec_event; 670 sec_event.link_down.bd_addr = bd_addr; 671 ; 672 /* No connection, set status to success (acl disc code not valid) */ 673 sec_event.link_down.status = HCI_SUCCESS; 674 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event); 675 } 676 } 677 678 /******************************************************************************* 679 * 680 * Function bta_dm_remove_device 681 * 682 * Description Removes device, disconnects ACL link if required. 683 *** 684 ******************************************************************************/ 685 void bta_dm_remove_device(tBTA_DM_MSG* p_data) { 686 tBTA_DM_API_REMOVE_DEVICE* p_dev = &p_data->remove_dev; 687 bool continue_delete_other_dev = false; 688 if (p_dev == NULL) return; 689 690 RawAddress other_address = p_dev->bd_addr; 691 692 /* If ACL exists for the device in the remove_bond message*/ 693 bool continue_delete_dev = false; 694 uint8_t other_transport = BT_TRANSPORT_INVALID; 695 696 if (BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_LE) || 697 BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_BR_EDR)) { 698 APPL_TRACE_DEBUG("%s: ACL Up count %d", __func__, 699 bta_dm_cb.device_list.count); 700 continue_delete_dev = false; 701 702 /* Take the link down first, and mark the device for removal when 703 * disconnected */ 704 for (int i = 0; i < bta_dm_cb.device_list.count; i++) { 705 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == p_dev->bd_addr) { 706 uint8_t transport = BT_TRANSPORT_BR_EDR; 707 708 transport = bta_dm_cb.device_list.peer_device[i].transport; 709 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING; 710 btm_remove_acl(p_dev->bd_addr, transport); 711 APPL_TRACE_DEBUG("%s:transport = %d", __func__, 712 bta_dm_cb.device_list.peer_device[i].transport); 713 714 /* save the other transport to check if device is connected on 715 * other_transport */ 716 if (bta_dm_cb.device_list.peer_device[i].transport == BT_TRANSPORT_LE) 717 other_transport = BT_TRANSPORT_BR_EDR; 718 else 719 other_transport = BT_TRANSPORT_LE; 720 721 break; 722 } 723 } 724 } else { 725 continue_delete_dev = true; 726 } 727 // If it is DUMO device and device is paired as different address, unpair that 728 // device 729 // if different address 730 if ((other_transport && 731 (BTM_ReadConnectedTransportAddress(&other_address, other_transport))) || 732 (!other_transport && 733 (BTM_ReadConnectedTransportAddress(&other_address, 734 BT_TRANSPORT_BR_EDR) || 735 BTM_ReadConnectedTransportAddress(&other_address, BT_TRANSPORT_LE)))) { 736 continue_delete_other_dev = false; 737 /* Take the link down first, and mark the device for removal when 738 * disconnected */ 739 for (int i = 0; i < bta_dm_cb.device_list.count; i++) { 740 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == other_address) { 741 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING; 742 btm_remove_acl(other_address, 743 bta_dm_cb.device_list.peer_device[i].transport); 744 break; 745 } 746 } 747 } else { 748 APPL_TRACE_DEBUG("%s: continue to delete the other dev ", __func__); 749 continue_delete_other_dev = true; 750 } 751 /* Delete the device mentioned in the msg */ 752 if (continue_delete_dev) bta_dm_process_remove_device(p_dev->bd_addr); 753 754 /* Delete the other paired device too */ 755 if (continue_delete_other_dev && !other_address.IsEmpty()) 756 bta_dm_process_remove_device(other_address); 757 } 758 759 /******************************************************************************* 760 * 761 * Function bta_dm_add_device 762 * 763 * Description This function adds a Link Key to an security database entry. 764 * It is normally called during host startup to restore all 765 * required information stored in the NVRAM. 766 *** 767 ******************************************************************************/ 768 void bta_dm_add_device(tBTA_DM_MSG* p_data) { 769 tBTA_DM_API_ADD_DEVICE* p_dev = &p_data->add_dev; 770 uint8_t* p_dc = NULL; 771 uint8_t* p_lc = NULL; 772 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE]; 773 uint8_t index = 0; 774 uint8_t btm_mask_index = 0; 775 776 memset(trusted_services_mask, 0, sizeof(trusted_services_mask)); 777 778 /* If not all zeros, the device class has been specified */ 779 if (p_dev->dc_known) p_dc = (uint8_t*)p_dev->dc; 780 781 if (p_dev->link_key_known) p_lc = (uint8_t*)p_dev->link_key; 782 783 if (p_dev->is_trusted) { 784 /* covert BTA service mask to BTM mask */ 785 while (p_dev->tm && (index < BTA_MAX_SERVICE_ID)) { 786 if (p_dev->tm & (uint32_t)(1 << index)) { 787 btm_mask_index = 788 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS; 789 trusted_services_mask[btm_mask_index] |= 790 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] - 791 (uint32_t)(btm_mask_index * 32))); 792 793 p_dev->tm &= (uint32_t)(~(1 << index)); 794 } 795 index++; 796 } 797 } 798 799 if (!BTM_SecAddDevice(p_dev->bd_addr, p_dc, p_dev->bd_name, p_dev->features, 800 trusted_services_mask, p_lc, p_dev->key_type, 801 p_dev->io_cap, p_dev->pin_length)) { 802 LOG(ERROR) << "BTA_DM: Error adding device " << p_dev->bd_addr; 803 } 804 } 805 806 /******************************************************************************* 807 * 808 * Function bta_dm_close_acl 809 * 810 * Description This function forces to close the connection to a remote 811 * device and optionaly remove the device from security 812 * database if required. 813 *** 814 ******************************************************************************/ 815 void bta_dm_close_acl(tBTA_DM_MSG* p_data) { 816 tBTA_DM_API_REMOVE_ACL* p_remove_acl = &p_data->remove_acl; 817 uint8_t index; 818 819 APPL_TRACE_DEBUG("bta_dm_close_acl"); 820 821 if (BTM_IsAclConnectionUp(p_remove_acl->bd_addr, p_remove_acl->transport)) { 822 for (index = 0; index < bta_dm_cb.device_list.count; index++) { 823 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr == 824 p_remove_acl->bd_addr) 825 break; 826 } 827 if (index != bta_dm_cb.device_list.count) { 828 if (p_remove_acl->remove_dev) 829 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true; 830 } else { 831 APPL_TRACE_ERROR("unknown device, remove ACL failed"); 832 } 833 /* Disconnect the ACL link */ 834 btm_remove_acl(p_remove_acl->bd_addr, p_remove_acl->transport); 835 } 836 /* if to remove the device from security database ? do it now */ 837 else if (p_remove_acl->remove_dev) { 838 if (!BTM_SecDeleteDevice(p_remove_acl->bd_addr)) { 839 APPL_TRACE_ERROR("delete device from security database failed."); 840 } 841 /* need to remove all pending background connection if any */ 842 BTA_GATTC_CancelOpen(0, p_remove_acl->bd_addr, false); 843 /* remove all cached GATT information */ 844 BTA_GATTC_Refresh(p_remove_acl->bd_addr); 845 } 846 /* otherwise, no action needed */ 847 } 848 849 /******************************************************************************* 850 * 851 * Function bta_dm_remove_all_acl 852 * 853 * Description This function forces to close all the ACL links specified by 854 * link type 855 *** 856 ******************************************************************************/ 857 void bta_dm_remove_all_acl(tBTA_DM_MSG* p_data) { 858 const tBTA_DM_LINK_TYPE link_type = p_data->remove_all_acl.link_type; 859 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 860 861 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type); 862 863 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) { 864 transport = bta_dm_cb.device_list.peer_device[i].transport; 865 if ((link_type == BTA_DM_LINK_TYPE_ALL) || 866 ((link_type == BTA_DM_LINK_TYPE_LE) && 867 (transport == BT_TRANSPORT_LE)) || 868 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) && 869 (transport == BT_TRANSPORT_BR_EDR))) { 870 /* Disconnect the ACL link */ 871 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 872 transport); 873 } 874 } 875 } 876 877 /******************************************************************************* 878 * 879 * Function bta_dm_bond 880 * 881 * Description Bonds with peer device 882 * 883 * 884 * Returns void 885 * 886 ******************************************************************************/ 887 void bta_dm_bond(tBTA_DM_MSG* p_data) { 888 tBTM_STATUS status; 889 tBTA_DM_SEC sec_event; 890 char* p_name; 891 892 if (p_data->bond.transport == BTA_TRANSPORT_UNKNOWN) 893 status = BTM_SecBond(p_data->bond.bd_addr, 0, NULL, 0); 894 else 895 status = BTM_SecBondByTransport(p_data->bond.bd_addr, 896 p_data->bond.transport, 0, NULL, 0); 897 898 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) { 899 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 900 sec_event.auth_cmpl.bd_addr = p_data->bond.bd_addr; 901 p_name = BTM_SecReadDevName(p_data->bond.bd_addr); 902 if (p_name != NULL) { 903 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1)); 904 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0; 905 } 906 907 /* taken care of by memset [above] 908 sec_event.auth_cmpl.key_present = false; 909 sec_event.auth_cmpl.success = false; 910 */ 911 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND; 912 if (status == BTM_SUCCESS) { 913 sec_event.auth_cmpl.success = true; 914 } else { 915 /* delete this device entry from Sec Dev DB */ 916 bta_dm_remove_sec_dev_entry(p_data->bond.bd_addr); 917 } 918 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); 919 } 920 } 921 922 /******************************************************************************* 923 * 924 * Function bta_dm_bond_cancel 925 * 926 * Description Cancels bonding with a peer device 927 * 928 * 929 * Returns void 930 * 931 ******************************************************************************/ 932 void bta_dm_bond_cancel(tBTA_DM_MSG* p_data) { 933 tBTM_STATUS status; 934 tBTA_DM_SEC sec_event; 935 936 APPL_TRACE_EVENT(" bta_dm_bond_cancel "); 937 status = BTM_SecBondCancel(p_data->bond_cancel.bd_addr); 938 939 if (bta_dm_cb.p_sec_cback && 940 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) { 941 sec_event.bond_cancel_cmpl.result = BTA_FAILURE; 942 943 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event); 944 } 945 } 946 947 /******************************************************************************* 948 * 949 * Function bta_dm_pin_reply 950 * 951 * Description Send the pin_reply to a request from BTM 952 * 953 * 954 * Returns void 955 * 956 ******************************************************************************/ 957 void bta_dm_pin_reply(tBTA_DM_MSG* p_data) { 958 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE]; 959 uint32_t* current_trusted_mask; 960 961 current_trusted_mask = BTM_ReadTrustedMask(p_data->pin_reply.bd_addr); 962 963 if (current_trusted_mask) { 964 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask)); 965 } else { 966 memset(trusted_mask, 0, sizeof(trusted_mask)); 967 } 968 969 if (p_data->pin_reply.accept) { 970 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_SUCCESS, 971 p_data->pin_reply.pin_len, p_data->pin_reply.p_pin, 972 trusted_mask); 973 } else { 974 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_NOT_AUTHORIZED, 0, NULL, 975 trusted_mask); 976 } 977 } 978 979 /******************************************************************************* 980 * 981 * Function bta_dm_policy_cback 982 * 983 * Description process the link policy changes 984 * 985 * Returns void 986 * 987 ******************************************************************************/ 988 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 989 uint8_t app_id, const RawAddress* peer_addr) { 990 tBTA_DM_PEER_DEVICE* p_dev = NULL; 991 uint16_t policy = app_id; 992 uint32_t mask = (uint32_t)(1 << id); 993 994 if (peer_addr) p_dev = bta_dm_find_peer_device(*peer_addr); 995 996 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy); 997 switch (status) { 998 case BTA_SYS_PLCY_SET: 999 if (!p_dev) return; 1000 /* restore the default link policy */ 1001 p_dev->link_policy |= policy; 1002 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy)); 1003 break; 1004 1005 case BTA_SYS_PLCY_CLR: 1006 if (!p_dev) return; 1007 /* clear the policy from the default link policy */ 1008 p_dev->link_policy &= (~policy); 1009 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy)); 1010 1011 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) { 1012 /* if clearing sniff/park, wake the link */ 1013 bta_dm_pm_active(p_dev->peer_bdaddr); 1014 } 1015 break; 1016 1017 case BTA_SYS_PLCY_DEF_SET: 1018 /* want to restore/set the role switch policy */ 1019 bta_dm_cb.role_policy_mask &= ~mask; 1020 if (0 == bta_dm_cb.role_policy_mask) { 1021 /* if nobody wants to insist on the role */ 1022 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH; 1023 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy); 1024 } 1025 break; 1026 1027 case BTA_SYS_PLCY_DEF_CLR: 1028 /* want to remove the role switch policy */ 1029 bta_dm_cb.role_policy_mask |= mask; 1030 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH; 1031 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy); 1032 break; 1033 } 1034 } 1035 1036 /******************************************************************************* 1037 * 1038 * Function bta_dm_confirm 1039 * 1040 * Description Send the user confirm request reply in response to a 1041 * request from BTM 1042 * 1043 * Returns void 1044 * 1045 ******************************************************************************/ 1046 void bta_dm_confirm(tBTA_DM_MSG* p_data) { 1047 tBTM_STATUS res = BTM_NOT_AUTHORIZED; 1048 1049 if (p_data->confirm.accept == true) res = BTM_SUCCESS; 1050 BTM_ConfirmReqReply(res, p_data->confirm.bd_addr); 1051 } 1052 1053 /******************************************************************************* 1054 * 1055 * Function bta_dm_loc_oob 1056 * 1057 * Description Retrieve the OOB data from the local LM 1058 * 1059 * Returns void 1060 * 1061 ******************************************************************************/ 1062 void bta_dm_loc_oob(UNUSED_ATTR tBTA_DM_MSG* p_data) { BTM_ReadLocalOobData(); } 1063 1064 /******************************************************************************* 1065 * 1066 * Function bta_dm_ci_io_req_act 1067 * 1068 * Description respond to the IO capabilities request from BTM 1069 * 1070 * Returns void 1071 * 1072 ******************************************************************************/ 1073 void bta_dm_ci_io_req_act(tBTA_DM_MSG* p_data) { 1074 tBTM_AUTH_REQ auth_req = BTM_AUTH_AP_NO; 1075 if (p_data->ci_io_req.auth_req) auth_req = BTM_AUTH_AP_YES; 1076 BTM_IoCapRsp(p_data->ci_io_req.bd_addr, p_data->ci_io_req.io_cap, 1077 p_data->ci_io_req.oob_data, auth_req); 1078 } 1079 1080 /******************************************************************************* 1081 * 1082 * Function bta_dm_ci_rmt_oob_act 1083 * 1084 * Description respond to the OOB data request for the remote device from 1085 * BTM 1086 * 1087 * 1088 * Returns void 1089 * 1090 ******************************************************************************/ 1091 void bta_dm_ci_rmt_oob_act(tBTA_DM_MSG* p_data) { 1092 tBTM_STATUS res = BTM_NOT_AUTHORIZED; 1093 1094 if (p_data->ci_rmt_oob.accept == true) res = BTM_SUCCESS; 1095 BTM_RemoteOobDataReply(res, p_data->ci_rmt_oob.bd_addr, p_data->ci_rmt_oob.c, 1096 p_data->ci_rmt_oob.r); 1097 } 1098 1099 /******************************************************************************* 1100 * 1101 * Function bta_dm_search_start 1102 * 1103 * Description Starts an inquiry 1104 * 1105 * 1106 * Returns void 1107 * 1108 ******************************************************************************/ 1109 void bta_dm_search_start(tBTA_DM_MSG* p_data) { 1110 tBTM_INQUIRY_CMPL result; 1111 1112 size_t len = sizeof(tBT_UUID) * p_data->search.num_uuid; 1113 bta_dm_gattc_register(); 1114 1115 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__, 1116 p_bta_dm_cfg->avoid_scatter); 1117 1118 if (p_bta_dm_cfg->avoid_scatter && 1119 (p_data->search.rs_res == BTA_DM_RS_NONE) && 1120 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) { 1121 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH)); 1122 return; 1123 } 1124 1125 BTM_ClearInqDb(NULL); 1126 /* save search params */ 1127 bta_dm_search_cb.p_search_cback = p_data->search.p_cback; 1128 bta_dm_search_cb.services = p_data->search.services; 1129 1130 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid); 1131 1132 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 && 1133 p_data->search.p_uuid != NULL) { 1134 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len); 1135 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->search.p_uuid, len); 1136 } 1137 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params, 1138 bta_dm_inq_results_cb, 1139 (tBTM_CMPL_CB*)bta_dm_inq_cmpl_cb); 1140 1141 APPL_TRACE_EVENT("%s status=%d", __func__, result.status); 1142 if (result.status != BTM_CMD_STARTED) { 1143 result.num_resp = 0; 1144 bta_dm_inq_cmpl_cb((void*)&result); 1145 } 1146 } 1147 1148 /******************************************************************************* 1149 * 1150 * Function bta_dm_search_cancel 1151 * 1152 * Description Cancels an ongoing search for devices 1153 * 1154 * 1155 * Returns void 1156 * 1157 ******************************************************************************/ 1158 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1159 tBTA_DM_MSG* p_msg; 1160 1161 if (BTM_IsInquiryActive()) { 1162 if (BTM_CancelInquiry() == BTM_SUCCESS) { 1163 bta_dm_search_cancel_notify(NULL); 1164 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1165 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1166 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1167 bta_sys_sendmsg(p_msg); 1168 } else { 1169 /* flag a search cancel is pending */ 1170 bta_dm_search_cb.cancel_pending = true; 1171 } 1172 } 1173 /* If no Service Search going on then issue cancel remote name in case it is 1174 active */ 1175 else if (!bta_dm_search_cb.name_discover_done) { 1176 BTM_CancelRemoteDeviceName(); 1177 1178 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1179 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1180 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1181 bta_sys_sendmsg(p_msg); 1182 } else { 1183 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1184 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT; 1185 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1186 bta_sys_sendmsg(p_msg); 1187 } 1188 1189 if (bta_dm_search_cb.gatt_disc_active) { 1190 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr); 1191 } 1192 } 1193 1194 /******************************************************************************* 1195 * 1196 * Function bta_dm_discover 1197 * 1198 * Description Discovers services on a remote device 1199 * 1200 * 1201 * Returns void 1202 * 1203 ******************************************************************************/ 1204 void bta_dm_discover(tBTA_DM_MSG* p_data) { 1205 size_t len = sizeof(tBT_UUID) * p_data->discover.num_uuid; 1206 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__, 1207 p_data->discover.services, p_data->discover.sdp_search); 1208 1209 /* save the search condition */ 1210 bta_dm_search_cb.services = p_data->discover.services; 1211 1212 bta_dm_gattc_register(); 1213 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid); 1214 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 && 1215 p_data->discover.p_uuid != NULL) { 1216 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len); 1217 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->discover.p_uuid, len); 1218 } 1219 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid; 1220 1221 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback; 1222 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search; 1223 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services; 1224 bta_dm_search_cb.service_index = 0; 1225 bta_dm_search_cb.services_found = 0; 1226 bta_dm_search_cb.peer_name[0] = 0; 1227 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search; 1228 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr); 1229 bta_dm_search_cb.transport = p_data->discover.transport; 1230 1231 bta_dm_search_cb.name_discover_done = false; 1232 memcpy(&bta_dm_search_cb.uuid, &p_data->discover.uuid, sizeof(tSDP_UUID)); 1233 bta_dm_discover_device(p_data->discover.bd_addr); 1234 } 1235 1236 /******************************************************************************* 1237 * 1238 * Function bta_dm_di_disc_cmpl 1239 * 1240 * Description Sends event to application when DI discovery complete 1241 * 1242 * Returns void 1243 * 1244 ******************************************************************************/ 1245 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) { 1246 tBTA_DM_DI_DISC_CMPL di_disc; 1247 1248 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL)); 1249 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr; 1250 1251 if ((p_data->hdr.offset == SDP_SUCCESS) || 1252 (p_data->hdr.offset == SDP_DB_FULL)) { 1253 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db); 1254 } else 1255 di_disc.result = BTA_FAILURE; 1256 1257 bta_dm_di_cb.p_di_db = NULL; 1258 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, 1259 (tBTA_DM_SEARCH*)&di_disc); 1260 } 1261 1262 /******************************************************************************* 1263 * 1264 * Function bta_dm_di_disc_callback 1265 * 1266 * Description This function queries a remote device for DI information. 1267 * 1268 * 1269 * Returns void 1270 * 1271 ******************************************************************************/ 1272 static void bta_dm_di_disc_callback(uint16_t result) { 1273 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1274 1275 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1276 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT; 1277 p_msg->hdr.offset = result; 1278 1279 bta_sys_sendmsg(p_msg); 1280 } 1281 1282 /******************************************************************************* 1283 * 1284 * Function bta_dm_disable_search_and_disc 1285 * 1286 * Description Cancels an ongoing search or discovery for devices in case 1287 * of a Bluetooth disable 1288 * 1289 * 1290 * Returns void 1291 * 1292 ******************************************************************************/ 1293 static void bta_dm_disable_search_and_disc(void) { 1294 tBTA_DM_DI_DISC_CMPL di_disc; 1295 1296 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL); 1297 1298 if (bta_dm_di_cb.p_di_db != NULL) { 1299 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL)); 1300 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr; 1301 di_disc.result = BTA_FAILURE; 1302 1303 bta_dm_di_cb.p_di_db = NULL; 1304 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL); 1305 } 1306 } 1307 1308 /******************************************************************************* 1309 * 1310 * Function bta_dm_di_disc 1311 * 1312 * Description This function queries a remote device for DI information. 1313 * 1314 * 1315 * Returns void 1316 * 1317 ******************************************************************************/ 1318 void bta_dm_di_disc(tBTA_DM_MSG* p_data) { 1319 uint16_t result = BTA_FAILURE; 1320 1321 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback; 1322 bta_dm_search_cb.peer_bdaddr = p_data->di_disc.bd_addr; 1323 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db; 1324 1325 bta_dm_search_cb.p_sdp_db = 1326 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE); 1327 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db, 1328 p_data->di_disc.len, 1329 bta_dm_di_disc_callback) == SDP_SUCCESS) { 1330 result = BTA_SUCCESS; 1331 } 1332 1333 if (result == BTA_FAILURE) { 1334 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1335 1336 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1337 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT; 1338 p_data->hdr.offset = result; 1339 bta_sys_sendmsg(p_msg); 1340 } 1341 } 1342 1343 /******************************************************************************* 1344 * 1345 * Function bta_dm_read_remote_device_name 1346 * 1347 * Description Initiate to get remote device name 1348 * 1349 * Returns true if started to get remote name 1350 * 1351 ******************************************************************************/ 1352 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr, 1353 tBT_TRANSPORT transport) { 1354 tBTM_STATUS btm_status; 1355 1356 APPL_TRACE_DEBUG("%s", __func__); 1357 1358 bta_dm_search_cb.peer_bdaddr = bd_addr; 1359 bta_dm_search_cb.peer_name[0] = 0; 1360 1361 btm_status = 1362 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr, 1363 (tBTM_CMPL_CB*)bta_dm_remname_cback, transport); 1364 1365 if (btm_status == BTM_CMD_STARTED) { 1366 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__); 1367 1368 return (true); 1369 } else if (btm_status == BTM_BUSY) { 1370 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__); 1371 1372 /* Remote name discovery is on going now so BTM cannot notify through 1373 * "bta_dm_remname_cback" */ 1374 /* adding callback to get notified that current reading remore name done */ 1375 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 1376 1377 return (true); 1378 } else { 1379 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__, 1380 btm_status); 1381 1382 return (false); 1383 } 1384 } 1385 1386 /******************************************************************************* 1387 * 1388 * Function bta_dm_inq_cmpl 1389 * 1390 * Description Process the inquiry complete event from BTM 1391 * 1392 * Returns void 1393 * 1394 ******************************************************************************/ 1395 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) { 1396 tBTA_DM_SEARCH data; 1397 1398 APPL_TRACE_DEBUG("bta_dm_inq_cmpl"); 1399 1400 data.inq_cmpl.num_resps = p_data->inq_cmpl.num; 1401 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data); 1402 1403 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst(); 1404 if (bta_dm_search_cb.p_btm_inq_info != NULL) { 1405 /* start name and service discovery from the first device on inquiry result 1406 */ 1407 bta_dm_search_cb.name_discover_done = false; 1408 bta_dm_search_cb.peer_name[0] = 0; 1409 bta_dm_discover_device( 1410 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr); 1411 } else { 1412 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1413 1414 /* no devices, search complete */ 1415 bta_dm_search_cb.services = 0; 1416 1417 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1418 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1419 bta_sys_sendmsg(p_msg); 1420 } 1421 } 1422 1423 /******************************************************************************* 1424 * 1425 * Function bta_dm_rmt_name 1426 * 1427 * Description Process the remote name result from BTM 1428 * 1429 * Returns void 1430 * 1431 ******************************************************************************/ 1432 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) { 1433 APPL_TRACE_DEBUG("bta_dm_rmt_name"); 1434 1435 if (p_data->rem_name.result.disc_res.bd_name[0] && 1436 bta_dm_search_cb.p_btm_inq_info) { 1437 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true; 1438 } 1439 1440 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr); 1441 } 1442 1443 /******************************************************************************* 1444 * 1445 * Function bta_dm_disc_rmt_name 1446 * 1447 * Description Process the remote name result from BTM when application 1448 * wants to find the name for a bdaddr 1449 * 1450 * Returns void 1451 * 1452 ******************************************************************************/ 1453 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) { 1454 tBTM_INQ_INFO* p_btm_inq_info; 1455 1456 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name"); 1457 1458 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr); 1459 if (p_btm_inq_info) { 1460 if (p_data->rem_name.result.disc_res.bd_name[0]) { 1461 p_btm_inq_info->appl_knows_rem_name = true; 1462 } 1463 } 1464 1465 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr); 1466 } 1467 1468 /******************************************************************************* 1469 * 1470 * Function bta_dm_sdp_result 1471 * 1472 * Description Process the discovery result from sdp 1473 * 1474 * Returns void 1475 * 1476 ******************************************************************************/ 1477 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) { 1478 tSDP_DISC_REC* p_sdp_rec = NULL; 1479 tBTA_DM_MSG* p_msg; 1480 bool scn_found = false; 1481 uint16_t service = 0xFFFF; 1482 tSDP_PROTOCOL_ELEM pe; 1483 1484 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid; 1485 tBTA_DM_SEARCH result; 1486 tBT_UUID service_uuid; 1487 1488 uint32_t num_uuids = 0; 1489 uint8_t uuid_list[32][MAX_UUID_SIZE]; // assuming a max of 32 services 1490 1491 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) || 1492 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) || 1493 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) { 1494 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result); 1495 do { 1496 p_sdp_rec = NULL; 1497 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) { 1498 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db, 1499 &bta_dm_search_cb.uuid, p_sdp_rec); 1500 1501 if (p_sdp_rec && SDP_FindProtocolListElemInRec( 1502 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) { 1503 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0]; 1504 scn_found = true; 1505 } 1506 } else { 1507 service = 1508 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1]; 1509 p_sdp_rec = 1510 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec); 1511 } 1512 /* finished with BR/EDR services, now we check the result for GATT based 1513 * service UUID */ 1514 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) { 1515 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) { 1516 p_uuid += 1517 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search); 1518 /* only support 16 bits UUID for now */ 1519 service = p_uuid->uu.uuid16; 1520 } 1521 /* all GATT based services */ 1522 do { 1523 /* find a service record, report it */ 1524 p_sdp_rec = 1525 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec); 1526 if (p_sdp_rec) { 1527 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) { 1528 /* send result back to app now, one by one */ 1529 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 1530 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(), 1531 BD_NAME_LEN); 1532 result.disc_ble_res.service.len = service_uuid.len; 1533 result.disc_ble_res.service.uu.uuid16 = service_uuid.uu.uuid16; 1534 1535 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result); 1536 } 1537 } 1538 1539 if (bta_dm_search_cb.uuid_to_search > 0) break; 1540 1541 } while (p_sdp_rec); 1542 } else { 1543 /* SDP_DB_FULL means some records with the 1544 required attributes were received */ 1545 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) && 1546 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) || 1547 (p_sdp_rec != NULL)) { 1548 if (service != UUID_SERVCLASS_PNP_INFORMATION) { 1549 uint16_t tmp_svc = 0xFFFF; 1550 bta_dm_search_cb.services_found |= 1551 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK( 1552 bta_dm_search_cb.service_index - 1)); 1553 tmp_svc = 1554 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1555 1]; 1556 /* Add to the list of UUIDs */ 1557 sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]); 1558 num_uuids++; 1559 } 1560 } 1561 } 1562 1563 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK && 1564 bta_dm_search_cb.services_to_search == 0) { 1565 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID && 1566 bta_dm_search_cb.uuid_to_search > 0) 1567 bta_dm_search_cb.uuid_to_search--; 1568 1569 if (bta_dm_search_cb.uuid_to_search == 0 || 1570 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID) 1571 bta_dm_search_cb.service_index++; 1572 } else /* regular one service per search or PNP search */ 1573 break; 1574 1575 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID); 1576 1577 APPL_TRACE_DEBUG("%s services_found = %04x", __func__, 1578 bta_dm_search_cb.services_found); 1579 1580 /* Collect the 128-bit services here and put them into the list */ 1581 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) { 1582 p_sdp_rec = NULL; 1583 do { 1584 tBT_UUID temp_uuid; 1585 /* find a service record, report it */ 1586 p_sdp_rec = 1587 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec); 1588 if (p_sdp_rec) { 1589 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) { 1590 memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE); 1591 num_uuids++; 1592 } 1593 } 1594 } while (p_sdp_rec); 1595 } 1596 /* if there are more services to search for */ 1597 if (bta_dm_search_cb.services_to_search) { 1598 /* Free up the p_sdp_db before checking the next one */ 1599 bta_dm_free_sdp_db(NULL); 1600 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr); 1601 } else { 1602 /* callbacks */ 1603 /* start next bd_addr if necessary */ 1604 1605 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 1606 1607 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1608 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 1609 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS; 1610 p_msg->disc_result.result.disc_res.p_raw_data = NULL; 1611 p_msg->disc_result.result.disc_res.raw_data_size = 0; 1612 p_msg->disc_result.result.disc_res.num_uuids = num_uuids; 1613 p_msg->disc_result.result.disc_res.p_uuid_list = NULL; 1614 if (num_uuids > 0) { 1615 p_msg->disc_result.result.disc_res.p_uuid_list = 1616 (uint8_t*)osi_malloc(num_uuids * MAX_UUID_SIZE); 1617 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list, 1618 num_uuids * MAX_UUID_SIZE); 1619 } 1620 // Copy the raw_data to the discovery result structure 1621 if (bta_dm_search_cb.p_sdp_db != NULL && 1622 bta_dm_search_cb.p_sdp_db->raw_used != 0 && 1623 bta_dm_search_cb.p_sdp_db->raw_data != NULL) { 1624 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x", 1625 __func__, bta_dm_search_cb.p_sdp_db->raw_used, 1626 bta_dm_search_cb.p_sdp_db->raw_data); 1627 1628 p_msg->disc_result.result.disc_res.p_raw_data = 1629 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used); 1630 memcpy(p_msg->disc_result.result.disc_res.p_raw_data, 1631 bta_dm_search_cb.p_sdp_db->raw_data, 1632 bta_dm_search_cb.p_sdp_db->raw_used); 1633 1634 p_msg->disc_result.result.disc_res.raw_data_size = 1635 bta_dm_search_cb.p_sdp_db->raw_used; 1636 1637 bta_dm_search_cb.p_sdp_db->raw_data = 1638 NULL; // no need to free this - it is a global assigned. 1639 bta_dm_search_cb.p_sdp_db->raw_used = 0; 1640 bta_dm_search_cb.p_sdp_db->raw_size = 0; 1641 } else { 1642 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!", 1643 __func__); 1644 } 1645 /* Done with p_sdp_db. Free it */ 1646 bta_dm_free_sdp_db(NULL); 1647 p_msg->disc_result.result.disc_res.services = 1648 bta_dm_search_cb.services_found; 1649 1650 // Piggy back the SCN over result field 1651 if (scn_found) { 1652 p_msg->disc_result.result.disc_res.result = 1653 (3 + bta_dm_search_cb.peer_scn); 1654 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK; 1655 1656 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d", 1657 bta_dm_search_cb.peer_scn); 1658 } 1659 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 1660 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 1661 bta_dm_get_remname(), BD_NAME_LEN); 1662 1663 bta_sys_sendmsg(p_msg); 1664 } 1665 } else { 1666 /* conn failed. No need for timer */ 1667 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED || 1668 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED || 1669 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR) 1670 bta_dm_search_cb.wait_disc = false; 1671 1672 /* not able to connect go to next device */ 1673 if (bta_dm_search_cb.p_sdp_db) 1674 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1675 1676 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 1677 1678 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1679 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 1680 p_msg->disc_result.result.disc_res.result = BTA_FAILURE; 1681 p_msg->disc_result.result.disc_res.services = 1682 bta_dm_search_cb.services_found; 1683 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 1684 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 1685 bta_dm_get_remname(), BD_NAME_LEN); 1686 1687 bta_sys_sendmsg(p_msg); 1688 } 1689 } 1690 1691 /******************************************************************************* 1692 * 1693 * Function bta_dm_search_cmpl 1694 * 1695 * Description Sends event to application 1696 * 1697 * Returns void 1698 * 1699 ******************************************************************************/ 1700 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) { 1701 APPL_TRACE_EVENT("%s", __func__); 1702 1703 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid); 1704 1705 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT) 1706 bta_dm_di_disc_cmpl(p_data); 1707 else 1708 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL); 1709 } 1710 1711 /******************************************************************************* 1712 * 1713 * Function bta_dm_disc_result 1714 * 1715 * Description Service discovery result when discovering services on a 1716 * device 1717 * 1718 * Returns void 1719 * 1720 ******************************************************************************/ 1721 void bta_dm_disc_result(tBTA_DM_MSG* p_data) { 1722 APPL_TRACE_EVENT("%s", __func__); 1723 1724 /* if any BR/EDR service discovery has been done, report the event */ 1725 if ((bta_dm_search_cb.services & 1726 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) & 1727 ~BTA_BLE_SERVICE_MASK))) 1728 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT, 1729 &p_data->disc_result.result); 1730 1731 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 1732 1733 /* send a message to change state */ 1734 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 1735 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 1736 bta_sys_sendmsg(p_msg); 1737 } 1738 1739 /******************************************************************************* 1740 * 1741 * Function bta_dm_search_result 1742 * 1743 * Description Service discovery result while searching for devices 1744 * 1745 * Returns void 1746 * 1747 ******************************************************************************/ 1748 void bta_dm_search_result(tBTA_DM_MSG* p_data) { 1749 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__, 1750 bta_dm_search_cb.services, 1751 p_data->disc_result.result.disc_res.services); 1752 1753 /* call back if application wants name discovery or found services that 1754 * application is searching */ 1755 if ((!bta_dm_search_cb.services) || 1756 ((bta_dm_search_cb.services) && 1757 (p_data->disc_result.result.disc_res.services))) { 1758 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT, 1759 &p_data->disc_result.result); 1760 } 1761 1762 /* if searching did not initiate to create link */ 1763 if (!bta_dm_search_cb.wait_disc) { 1764 /* if service searching is done with EIR, don't search next device */ 1765 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device(); 1766 } else { 1767 /* wait until link is disconnected or timeout */ 1768 bta_dm_search_cb.sdp_results = true; 1769 alarm_set_on_mloop(bta_dm_search_cb.search_timer, 1770 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1), 1771 bta_dm_search_timer_cback, NULL); 1772 } 1773 } 1774 1775 /******************************************************************************* 1776 * 1777 * Function bta_dm_search_timer_cback 1778 * 1779 * Description Called when ACL disconnect time is over 1780 * 1781 * 1782 * Returns void 1783 * 1784 ******************************************************************************/ 1785 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) { 1786 APPL_TRACE_EVENT("%s", __func__); 1787 bta_dm_search_cb.wait_disc = false; 1788 1789 /* proceed with next device */ 1790 bta_dm_discover_next_device(); 1791 } 1792 1793 /******************************************************************************* 1794 * 1795 * Function bta_dm_free_sdp_db 1796 * 1797 * Description Frees SDP data base 1798 * 1799 * Returns void 1800 * 1801 ******************************************************************************/ 1802 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1803 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1804 } 1805 1806 /******************************************************************************* 1807 * 1808 * Function bta_dm_queue_search 1809 * 1810 * Description Queues search command while search is being cancelled 1811 * 1812 * Returns void 1813 * 1814 ******************************************************************************/ 1815 void bta_dm_queue_search(tBTA_DM_MSG* p_data) { 1816 osi_free(bta_dm_search_cb.p_search_queue); 1817 bta_dm_search_cb.p_search_queue = 1818 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH)); 1819 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH)); 1820 } 1821 1822 /******************************************************************************* 1823 * 1824 * Function bta_dm_queue_disc 1825 * 1826 * Description Queues discovery command while search is being cancelled 1827 * 1828 * Returns void 1829 * 1830 ******************************************************************************/ 1831 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) { 1832 osi_free(bta_dm_search_cb.p_search_queue); 1833 bta_dm_search_cb.p_search_queue = 1834 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER)); 1835 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER)); 1836 } 1837 1838 /******************************************************************************* 1839 * 1840 * Function bta_dm_search_clear_queue 1841 * 1842 * Description Clears the queue if API search cancel is called 1843 * 1844 * Returns void 1845 * 1846 ******************************************************************************/ 1847 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1848 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue); 1849 } 1850 1851 /******************************************************************************* 1852 * 1853 * Function bta_dm_search_cancel_cmpl 1854 * 1855 * Description Search cancel is complete 1856 * 1857 * Returns void 1858 * 1859 ******************************************************************************/ 1860 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1861 if (bta_dm_search_cb.p_search_queue) { 1862 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue); 1863 bta_dm_search_cb.p_search_queue = NULL; 1864 } 1865 } 1866 1867 /******************************************************************************* 1868 * 1869 * Function bta_dm_search_cancel_transac_cmpl 1870 * 1871 * Description Current Service Discovery or remote name procedure is 1872 * completed after search cancellation 1873 * 1874 * Returns void 1875 * 1876 ******************************************************************************/ 1877 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1878 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1879 bta_dm_search_cancel_notify(NULL); 1880 } 1881 1882 /******************************************************************************* 1883 * 1884 * Function bta_dm_search_cancel_notify 1885 * 1886 * Description Notify application that search has been cancelled 1887 * 1888 * Returns void 1889 * 1890 ******************************************************************************/ 1891 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) { 1892 if (bta_dm_search_cb.p_search_cback) { 1893 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL); 1894 } 1895 if (!bta_dm_search_cb.name_discover_done) { 1896 BTM_CancelRemoteDeviceName(); 1897 } 1898 if (bta_dm_search_cb.gatt_disc_active) { 1899 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr); 1900 } 1901 } 1902 1903 /******************************************************************************* 1904 * 1905 * Function bta_dm_find_services 1906 * 1907 * Description Starts discovery on a device 1908 * 1909 * Returns void 1910 * 1911 ******************************************************************************/ 1912 static void bta_dm_find_services(const RawAddress& bd_addr) { 1913 tSDP_UUID uuid; 1914 1915 memset(&uuid, 0, sizeof(tSDP_UUID)); 1916 1917 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) { 1918 if (bta_dm_search_cb.services_to_search & 1919 (tBTA_SERVICE_MASK)( 1920 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) { 1921 bta_dm_search_cb.p_sdp_db = 1922 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE); 1923 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********", 1924 bta_dm_search_cb.services); 1925 /* try to search all services by search based on L2CAP UUID */ 1926 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) { 1927 LOG_INFO(LOG_TAG, "%s services_to_search=%08x", __func__, 1928 bta_dm_search_cb.services_to_search); 1929 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) { 1930 uuid.uu.uuid16 = bta_service_id_to_uuid_lkup_tbl[0]; 1931 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK; 1932 } else { 1933 uuid.uu.uuid16 = UUID_PROTOCOL_L2CAP; 1934 bta_dm_search_cb.services_to_search = 0; 1935 } 1936 } else { 1937 /* for LE only profile */ 1938 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) { 1939 if (bta_dm_search_cb.uuid_to_search > 0 && 1940 bta_dm_search_cb.p_srvc_uuid) { 1941 memcpy(&uuid, (const void*)(bta_dm_search_cb.p_srvc_uuid + 1942 bta_dm_search_cb.num_uuid - 1943 bta_dm_search_cb.uuid_to_search), 1944 sizeof(tBT_UUID)); 1945 1946 bta_dm_search_cb.uuid_to_search--; 1947 } else { 1948 uuid.uu.uuid16 = 1949 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]; 1950 } 1951 1952 /* last one? clear the BLE service bit if all discovery has been done 1953 */ 1954 if (bta_dm_search_cb.uuid_to_search == 0) 1955 bta_dm_search_cb.services_to_search &= 1956 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK( 1957 bta_dm_search_cb.service_index))); 1958 1959 } else { 1960 /* remove the service from services to be searched */ 1961 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~( 1962 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))); 1963 uuid.uu.uuid16 = 1964 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]; 1965 } 1966 } 1967 1968 if (uuid.len == 0) uuid.len = LEN_UUID_16; 1969 1970 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) { 1971 memcpy(&uuid, &bta_dm_search_cb.uuid, sizeof(tSDP_UUID)); 1972 } 1973 1974 LOG_INFO(LOG_TAG, "%s search UUID = %04x", __func__, uuid.uu.uuid16); 1975 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1, 1976 &uuid, 0, NULL); 1977 1978 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf)); 1979 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf; 1980 1981 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF; 1982 1983 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db, 1984 &bta_dm_sdp_callback)) { 1985 /* 1986 * If discovery is not successful with this device, then 1987 * proceed with the next one. 1988 */ 1989 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db); 1990 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID; 1991 1992 } else { 1993 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID && 1994 bta_dm_search_cb.uuid_to_search == 0) || 1995 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID) 1996 bta_dm_search_cb.service_index++; 1997 return; 1998 } 1999 } 2000 2001 bta_dm_search_cb.service_index++; 2002 } 2003 2004 /* no more services to be discovered */ 2005 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) { 2006 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2007 /* initialize the data structure - includes p_raw_data and raw_data_size */ 2008 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES)); 2009 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 2010 p_msg->disc_result.result.disc_res.services = 2011 bta_dm_search_cb.services_found; 2012 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 2013 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 2014 bta_dm_get_remname(), BD_NAME_LEN); 2015 2016 bta_sys_sendmsg(p_msg); 2017 } 2018 } 2019 2020 /******************************************************************************* 2021 * 2022 * Function bta_dm_discover_next_device 2023 * 2024 * Description Starts discovery on the next device in Inquiry data base 2025 * 2026 * Returns void 2027 * 2028 ******************************************************************************/ 2029 static void bta_dm_discover_next_device(void) { 2030 APPL_TRACE_DEBUG("bta_dm_discover_next_device"); 2031 2032 /* searching next device on inquiry result */ 2033 bta_dm_search_cb.p_btm_inq_info = 2034 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info); 2035 if (bta_dm_search_cb.p_btm_inq_info != NULL) { 2036 bta_dm_search_cb.name_discover_done = false; 2037 bta_dm_search_cb.peer_name[0] = 0; 2038 bta_dm_discover_device( 2039 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr); 2040 } else { 2041 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2042 2043 /* no devices, search complete */ 2044 bta_dm_search_cb.services = 0; 2045 2046 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 2047 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 2048 2049 bta_sys_sendmsg(p_msg); 2050 } 2051 } 2052 2053 /******************************************************************************* 2054 * 2055 * Function bta_dm_discover_device 2056 * 2057 * Description Starts name and service discovery on the device 2058 * 2059 * Returns void 2060 * 2061 ******************************************************************************/ 2062 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) { 2063 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 2064 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) { 2065 tBT_DEVICE_TYPE dev_type; 2066 tBLE_ADDR_TYPE addr_type; 2067 2068 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type); 2069 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM) 2070 transport = BT_TRANSPORT_LE; 2071 } else { 2072 transport = bta_dm_search_cb.transport; 2073 } 2074 2075 /* Reset transport state for next discovery */ 2076 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN; 2077 2078 VLOG(1) << __func__ << " BDA: " << remote_bd_addr; 2079 2080 bta_dm_search_cb.peer_bdaddr = remote_bd_addr; 2081 2082 APPL_TRACE_DEBUG( 2083 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d", 2084 __func__, bta_dm_search_cb.name_discover_done, 2085 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport); 2086 2087 if (bta_dm_search_cb.p_btm_inq_info) { 2088 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__, 2089 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name); 2090 } 2091 if ((bta_dm_search_cb.p_btm_inq_info) && 2092 (bta_dm_search_cb.p_btm_inq_info->results.device_type == 2093 BT_DEVICE_TYPE_BLE) && 2094 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) { 2095 /* Do not perform RNR for LE devices at inquiry complete*/ 2096 bta_dm_search_cb.name_discover_done = true; 2097 } 2098 /* if name discovery is not done and application needs remote name */ 2099 if ((!bta_dm_search_cb.name_discover_done) && 2100 ((bta_dm_search_cb.p_btm_inq_info == NULL) || 2101 (bta_dm_search_cb.p_btm_inq_info && 2102 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) { 2103 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr, 2104 transport) == true) 2105 return; 2106 2107 /* starting name discovery failed */ 2108 bta_dm_search_cb.name_discover_done = true; 2109 } 2110 2111 /* if application wants to discover service */ 2112 if (bta_dm_search_cb.services) { 2113 /* initialize variables */ 2114 bta_dm_search_cb.service_index = 0; 2115 bta_dm_search_cb.services_found = 0; 2116 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services; 2117 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid; 2118 if ((bta_dm_search_cb.p_btm_inq_info != NULL) && 2119 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK && 2120 (bta_dm_search_cb.sdp_search == false)) { 2121 /* check if EIR provides the information of supported services */ 2122 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results, 2123 &bta_dm_search_cb.services_to_search, 2124 &bta_dm_search_cb.services_found); 2125 } 2126 2127 /* if seaching with EIR is not completed */ 2128 if (bta_dm_search_cb.services_to_search) { 2129 /* check whether connection already exists to the device 2130 if connection exists, we don't have to wait for ACL 2131 link to go down to start search on next device */ 2132 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr, 2133 BT_TRANSPORT_BR_EDR)) 2134 bta_dm_search_cb.wait_disc = false; 2135 else 2136 bta_dm_search_cb.wait_disc = true; 2137 2138 if (bta_dm_search_cb.p_btm_inq_info) { 2139 APPL_TRACE_DEBUG( 2140 "%s p_btm_inq_info 0x%x results.device_type 0x%x " 2141 "services_to_search 0x%x", 2142 __func__, bta_dm_search_cb.p_btm_inq_info, 2143 bta_dm_search_cb.p_btm_inq_info->results.device_type, 2144 bta_dm_search_cb.services_to_search); 2145 } 2146 2147 if (transport == BT_TRANSPORT_LE) { 2148 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) { 2149 // set the raw data buffer here 2150 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf)); 2151 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf; 2152 2153 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF; 2154 bta_dm_search_cb.ble_raw_used = 0; 2155 2156 /* start GATT for service discovery */ 2157 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr); 2158 return; 2159 } 2160 } else { 2161 bta_dm_search_cb.sdp_results = false; 2162 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr); 2163 return; 2164 } 2165 } 2166 } 2167 2168 /* name discovery and service discovery are done for this device */ 2169 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2170 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 2171 /* initialize the data structure - includes p_raw_data and raw_data_size */ 2172 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES)); 2173 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS; 2174 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found; 2175 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 2176 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 2177 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN); 2178 2179 bta_sys_sendmsg(p_msg); 2180 } 2181 2182 /******************************************************************************* 2183 * 2184 * Function bta_dm_sdp_callback 2185 * 2186 * Description Callback from sdp with discovery status 2187 * 2188 * Returns void 2189 * 2190 ******************************************************************************/ 2191 static void bta_dm_sdp_callback(uint16_t sdp_status) { 2192 tBTA_DM_SDP_RESULT* p_msg = 2193 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT)); 2194 2195 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT; 2196 p_msg->sdp_result = sdp_status; 2197 2198 bta_sys_sendmsg(p_msg); 2199 } 2200 2201 /******************************************************************************* 2202 * 2203 * Function bta_dm_inq_results_cb 2204 * 2205 * Description Inquiry results callback from BTM 2206 * 2207 * Returns void 2208 * 2209 ******************************************************************************/ 2210 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 2211 uint16_t eir_len) { 2212 tBTA_DM_SEARCH result; 2213 tBTM_INQ_INFO* p_inq_info; 2214 uint16_t service_class; 2215 2216 result.inq_res.bd_addr = p_inq->remote_bd_addr; 2217 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN); 2218 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class); 2219 result.inq_res.is_limited = 2220 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false; 2221 result.inq_res.rssi = p_inq->rssi; 2222 2223 result.inq_res.ble_addr_type = p_inq->ble_addr_type; 2224 result.inq_res.inq_result_type = p_inq->inq_result_type; 2225 result.inq_res.device_type = p_inq->device_type; 2226 result.inq_res.flag = p_inq->flag; 2227 2228 /* application will parse EIR to find out remote device name */ 2229 result.inq_res.p_eir = p_eir; 2230 result.inq_res.eir_len = eir_len; 2231 2232 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr); 2233 if (p_inq_info != NULL) { 2234 /* initialize remt_name_not_required to false so that we get the name by 2235 * default */ 2236 result.inq_res.remt_name_not_required = false; 2237 } 2238 2239 if (bta_dm_search_cb.p_search_cback) 2240 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result); 2241 2242 if (p_inq_info) { 2243 /* application indicates if it knows the remote name, inside the callback 2244 copy that to the inquiry data base*/ 2245 if (result.inq_res.remt_name_not_required) 2246 p_inq_info->appl_knows_rem_name = true; 2247 } 2248 } 2249 2250 /******************************************************************************* 2251 * 2252 * Function bta_dm_inq_cmpl_cb 2253 * 2254 * Description Inquiry complete callback from BTM 2255 * 2256 * Returns void 2257 * 2258 ******************************************************************************/ 2259 static void bta_dm_inq_cmpl_cb(void* p_result) { 2260 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 2261 2262 APPL_TRACE_DEBUG("%s", __func__); 2263 2264 if (bta_dm_search_cb.cancel_pending == false) { 2265 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT; 2266 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp; 2267 } else { 2268 bta_dm_search_cb.cancel_pending = false; 2269 bta_dm_search_cancel_notify(NULL); 2270 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT; 2271 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT; 2272 } 2273 2274 bta_sys_sendmsg(p_msg); 2275 } 2276 2277 /******************************************************************************* 2278 * 2279 * Function bta_dm_service_search_remname_cback 2280 * 2281 * Description Remote name call back from BTM during service discovery 2282 * 2283 * Returns void 2284 * 2285 ******************************************************************************/ 2286 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr, 2287 UNUSED_ATTR DEV_CLASS dc, 2288 BD_NAME bd_name) { 2289 tBTM_REMOTE_DEV_NAME rem_name; 2290 tBTM_STATUS btm_status; 2291 2292 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name); 2293 2294 /* if this is what we are looking for */ 2295 if (bta_dm_search_cb.peer_bdaddr == bd_addr) { 2296 rem_name.length = strlen((char*)bd_name); 2297 if (rem_name.length > (BD_NAME_LEN - 1)) { 2298 rem_name.length = (BD_NAME_LEN - 1); 2299 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0; 2300 } 2301 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN); 2302 rem_name.status = BTM_SUCCESS; 2303 2304 bta_dm_remname_cback(&rem_name); 2305 } else { 2306 /* get name of device */ 2307 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr, 2308 (tBTM_CMPL_CB*)bta_dm_remname_cback, 2309 BT_TRANSPORT_BR_EDR); 2310 if (btm_status == BTM_BUSY) { 2311 /* wait for next chance(notification of remote name discovery done) */ 2312 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__); 2313 } else if (btm_status != BTM_CMD_STARTED) { 2314 /* if failed to start getting remote name then continue */ 2315 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", 2316 __func__, btm_status); 2317 2318 rem_name.length = 0; 2319 rem_name.remote_bd_name[0] = 0; 2320 rem_name.status = btm_status; 2321 bta_dm_remname_cback(&rem_name); 2322 } 2323 } 2324 } 2325 2326 /******************************************************************************* 2327 * 2328 * Function bta_dm_remname_cback 2329 * 2330 * Description Remote name complete call back from BTM 2331 * 2332 * Returns void 2333 * 2334 ******************************************************************************/ 2335 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name) { 2336 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>", 2337 p_remote_name->length, p_remote_name->remote_bd_name); 2338 2339 /* remote name discovery is done but it could be failed */ 2340 bta_dm_search_cb.name_discover_done = true; 2341 strlcpy((char*)bta_dm_search_cb.peer_name, 2342 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN); 2343 2344 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback); 2345 2346 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) { 2347 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr); 2348 } 2349 2350 tBTA_DM_REM_NAME* p_msg = 2351 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME)); 2352 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 2353 strlcpy((char*)p_msg->result.disc_res.bd_name, 2354 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN); 2355 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT; 2356 2357 bta_sys_sendmsg(p_msg); 2358 } 2359 2360 /******************************************************************************* 2361 * 2362 * Function bta_dm_authorize_cback 2363 * 2364 * Description cback requesting authorization 2365 * 2366 * Returns void 2367 * 2368 ******************************************************************************/ 2369 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr, 2370 DEV_CLASS dev_class, BD_NAME bd_name, 2371 UNUSED_ATTR uint8_t* service_name, 2372 uint8_t service_id, 2373 UNUSED_ATTR bool is_originator) { 2374 tBTA_DM_SEC sec_event; 2375 uint8_t index = 1; 2376 2377 sec_event.authorize.bd_addr = bd_addr; 2378 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN); 2379 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN); 2380 2381 #if (BTA_JV_INCLUDED == TRUE) 2382 sec_event.authorize.service = service_id; 2383 #endif 2384 2385 while (index < BTA_MAX_SERVICE_ID) { 2386 /* get the BTA service id corresponding to BTM id */ 2387 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) { 2388 sec_event.authorize.service = index; 2389 break; 2390 } 2391 index++; 2392 } 2393 2394 /* if supported service callback otherwise not authorized */ 2395 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID 2396 #if (BTA_JV_INCLUDED == TRUE) 2397 /* pass through JV service ID */ 2398 || (service_id >= BTA_FIRST_JV_SERVICE_ID && 2399 service_id <= BTA_LAST_JV_SERVICE_ID) 2400 #endif 2401 )) { 2402 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event); 2403 return BTM_CMD_STARTED; 2404 } else { 2405 return BTM_NOT_AUTHORIZED; 2406 } 2407 } 2408 2409 /******************************************************************************* 2410 * 2411 * Function bta_dm_pinname_cback 2412 * 2413 * Description Callback requesting pin_key 2414 * 2415 * Returns void 2416 * 2417 ******************************************************************************/ 2418 static void bta_dm_pinname_cback(void* p_data) { 2419 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data; 2420 tBTA_DM_SEC sec_event; 2421 uint32_t bytes_to_copy; 2422 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt; 2423 2424 if (BTA_DM_SP_CFM_REQ_EVT == event) { 2425 /* Retrieved saved device class and bd_addr */ 2426 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr; 2427 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class); 2428 2429 if (p_result && p_result->status == BTM_SUCCESS) { 2430 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1)) 2431 ? p_result->length 2432 : (BD_NAME_LEN - 1); 2433 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name, 2434 bytes_to_copy); 2435 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0; 2436 } else /* No name found */ 2437 sec_event.cfm_req.bd_name[0] = 0; 2438 2439 sec_event.key_notif.passkey = 2440 bta_dm_cb.num_val; /* get PIN code numeric number */ 2441 2442 /* 1 additional event data fields for this event */ 2443 sec_event.cfm_req.just_works = bta_dm_cb.just_works; 2444 } else { 2445 /* Retrieved saved device class and bd_addr */ 2446 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr; 2447 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class); 2448 2449 if (p_result && p_result->status == BTM_SUCCESS) { 2450 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1)) 2451 ? p_result->length 2452 : (BD_NAME_LEN - 1); 2453 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name, 2454 bytes_to_copy); 2455 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0; 2456 } else /* No name found */ 2457 sec_event.pin_req.bd_name[0] = 0; 2458 2459 event = bta_dm_cb.pin_evt; 2460 sec_event.key_notif.passkey = 2461 bta_dm_cb.num_val; /* get PIN code numeric number */ 2462 } 2463 2464 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event); 2465 } 2466 2467 /******************************************************************************* 2468 * 2469 * Function bta_dm_pin_cback 2470 * 2471 * Description Callback requesting pin_key 2472 * 2473 * Returns void 2474 * 2475 ******************************************************************************/ 2476 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class, 2477 BD_NAME bd_name, bool min_16_digit) { 2478 tBTA_DM_SEC sec_event; 2479 2480 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED; 2481 2482 /* If the device name is not known, save bdaddr and devclass and initiate a 2483 * name request */ 2484 if (bd_name[0] == 0) { 2485 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT; 2486 bta_dm_cb.pin_bd_addr = bd_addr; 2487 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class); 2488 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback, 2489 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2490 return BTM_CMD_STARTED; 2491 2492 APPL_TRACE_WARNING( 2493 " bta_dm_pin_cback() -> Failed to start Remote Name Request "); 2494 } 2495 2496 sec_event.pin_req.bd_addr = bd_addr; 2497 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class); 2498 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN); 2499 sec_event.pin_req.min_16_digit = min_16_digit; 2500 2501 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event); 2502 return BTM_CMD_STARTED; 2503 } 2504 2505 /******************************************************************************* 2506 * 2507 * Function bta_dm_new_link_key_cback 2508 * 2509 * Description Callback from BTM to notify new link key 2510 * 2511 * Returns void 2512 * 2513 ******************************************************************************/ 2514 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr, 2515 UNUSED_ATTR DEV_CLASS dev_class, 2516 BD_NAME bd_name, LINK_KEY key, 2517 uint8_t key_type) { 2518 tBTA_DM_SEC sec_event; 2519 tBTA_DM_AUTH_CMPL* p_auth_cmpl; 2520 uint8_t event; 2521 2522 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 2523 2524 /* Not AMP Key type */ 2525 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) { 2526 event = BTA_DM_AUTH_CMPL_EVT; 2527 p_auth_cmpl = &sec_event.auth_cmpl; 2528 2529 p_auth_cmpl->bd_addr = bd_addr; 2530 2531 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1)); 2532 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0; 2533 2534 p_auth_cmpl->key_present = true; 2535 p_auth_cmpl->key_type = key_type; 2536 p_auth_cmpl->success = true; 2537 2538 memcpy(p_auth_cmpl->key, key, LINK_KEY_LEN); 2539 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS; 2540 2541 // Report the BR link key based on the BR/EDR address and type 2542 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type, 2543 &sec_event.auth_cmpl.addr_type); 2544 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event); 2545 2546 // Setting remove_dev_pending flag to false, where it will avoid deleting 2547 // the 2548 // security device record when the ACL connection link goes down in case of 2549 // reconnection. 2550 if (bta_dm_cb.device_list.count) 2551 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr); 2552 } else { 2553 APPL_TRACE_WARNING("%s() Received AMP Key", __func__); 2554 } 2555 2556 return BTM_CMD_STARTED; 2557 } 2558 2559 /******************************************************************************* 2560 * 2561 * Function bta_dm_authentication_complete_cback 2562 * 2563 * Description Authentication complete callback from BTM 2564 * 2565 * Returns void 2566 * 2567 ******************************************************************************/ 2568 static uint8_t bta_dm_authentication_complete_cback( 2569 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name, 2570 int result) { 2571 tBTA_DM_SEC sec_event; 2572 2573 if (result != BTM_SUCCESS) { 2574 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 2575 sec_event.auth_cmpl.bd_addr = bd_addr; 2576 2577 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1)); 2578 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0; 2579 2580 // Report the BR link key based on the BR/EDR address and type 2581 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type, 2582 &sec_event.auth_cmpl.addr_type); 2583 sec_event.auth_cmpl.fail_reason = (uint8_t)result; 2584 2585 if (bta_dm_cb.p_sec_cback) 2586 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); 2587 2588 if (result == HCI_ERR_AUTH_FAILURE || result == HCI_ERR_KEY_MISSING || 2589 result == HCI_ERR_HOST_REJECT_SECURITY || 2590 result == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) { 2591 APPL_TRACE_WARNING("%s deleting %s - result: 0x%02x", __func__, 2592 bd_addr.ToString().c_str(), result); 2593 bta_dm_remove_sec_dev_entry(bd_addr); 2594 } 2595 } 2596 2597 return BTM_SUCCESS; 2598 } 2599 2600 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 2601 /******************************************************************************* 2602 * 2603 * Function bta_dm_sp_cback 2604 * 2605 * Description simple pairing callback from BTM 2606 * 2607 * Returns void 2608 * 2609 ******************************************************************************/ 2610 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) { 2611 tBTM_STATUS status = BTM_CMD_STARTED; 2612 tBTA_DM_SEC sec_event; 2613 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT; 2614 2615 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event); 2616 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED; 2617 2618 /* TODO_SP */ 2619 switch (event) { 2620 case BTM_SP_IO_REQ_EVT: 2621 /* translate auth_req */ 2622 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap, 2623 &p_data->io_req.oob_data, &p_data->io_req.auth_req, 2624 p_data->io_req.is_orig); 2625 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req, 2626 p_data->io_req.oob_data); 2627 break; 2628 case BTM_SP_IO_RSP_EVT: 2629 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap, 2630 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req); 2631 break; 2632 2633 case BTM_SP_CFM_REQ_EVT: 2634 pin_evt = BTA_DM_SP_CFM_REQ_EVT; 2635 bta_dm_cb.just_works = sec_event.cfm_req.just_works = 2636 p_data->cfm_req.just_works; 2637 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req; 2638 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req; 2639 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps; 2640 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps; 2641 2642 /* continue to next case */ 2643 /* Passkey entry mode, mobile device with output capability is very 2644 unlikely to receive key request, so skip this event */ 2645 /*case BTM_SP_KEY_REQ_EVT: */ 2646 case BTM_SP_KEY_NOTIF_EVT: 2647 bta_dm_cb.num_val = sec_event.key_notif.passkey = 2648 p_data->key_notif.passkey; 2649 2650 if (BTM_SP_CFM_REQ_EVT == event) { 2651 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT, 2652 call remote name request using values from cfm_req */ 2653 if (p_data->cfm_req.bd_name[0] == 0) { 2654 bta_dm_cb.pin_evt = pin_evt; 2655 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr; 2656 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, 2657 p_data->cfm_req.dev_class); 2658 if ((BTM_ReadRemoteDeviceName( 2659 p_data->cfm_req.bd_addr, bta_dm_pinname_cback, 2660 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2661 return BTM_CMD_STARTED; 2662 APPL_TRACE_WARNING( 2663 " bta_dm_sp_cback() -> Failed to start Remote Name Request "); 2664 } else { 2665 /* Due to the switch case falling through below to 2666 BTM_SP_KEY_NOTIF_EVT, 2667 copy these values into key_notif from cfm_req */ 2668 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr; 2669 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class, 2670 p_data->cfm_req.dev_class); 2671 strlcpy((char*)sec_event.key_notif.bd_name, 2672 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN); 2673 } 2674 } 2675 2676 if (BTM_SP_KEY_NOTIF_EVT == event) { 2677 /* If the device name is not known, save bdaddr and devclass 2678 and initiate a name request with values from key_notif */ 2679 if (p_data->key_notif.bd_name[0] == 0) { 2680 bta_dm_cb.pin_evt = pin_evt; 2681 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr; 2682 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, 2683 p_data->key_notif.dev_class); 2684 if ((BTM_ReadRemoteDeviceName( 2685 p_data->key_notif.bd_addr, bta_dm_pinname_cback, 2686 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2687 return BTM_CMD_STARTED; 2688 APPL_TRACE_WARNING( 2689 " bta_dm_sp_cback() -> Failed to start Remote Name Request "); 2690 } else { 2691 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr; 2692 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class, 2693 p_data->key_notif.dev_class); 2694 strlcpy((char*)sec_event.key_notif.bd_name, 2695 (char*)p_data->key_notif.bd_name, BD_NAME_LEN); 2696 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0; 2697 } 2698 } 2699 2700 bta_dm_cb.p_sec_cback(pin_evt, &sec_event); 2701 2702 break; 2703 2704 case BTM_SP_LOC_OOB_EVT: 2705 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS), 2706 p_data->loc_oob.c, p_data->loc_oob.r); 2707 break; 2708 2709 case BTM_SP_RMT_OOB_EVT: 2710 /* If the device name is not known, save bdaddr and devclass and initiate 2711 * a name request */ 2712 if (p_data->rmt_oob.bd_name[0] == 0) { 2713 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT; 2714 bta_dm_cb.pin_bd_addr = p_data->rmt_oob.bd_addr; 2715 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, 2716 p_data->rmt_oob.dev_class); 2717 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr, 2718 bta_dm_pinname_cback, 2719 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED) 2720 return BTM_CMD_STARTED; 2721 APPL_TRACE_WARNING( 2722 " bta_dm_sp_cback() -> Failed to start Remote Name Request "); 2723 } 2724 2725 sec_event.rmt_oob.bd_addr = p_data->rmt_oob.bd_addr; 2726 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class, 2727 p_data->rmt_oob.dev_class); 2728 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name, 2729 BD_NAME_LEN); 2730 2731 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event); 2732 2733 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr); 2734 break; 2735 2736 case BTM_SP_COMPLT_EVT: 2737 /* do not report this event - handled by link_key_callback or 2738 * auth_complete_callback */ 2739 break; 2740 2741 case BTM_SP_KEYPRESS_EVT: 2742 memcpy(&sec_event.key_press, &p_data->key_press, 2743 sizeof(tBTM_SP_KEYPRESS)); 2744 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event); 2745 break; 2746 2747 case BTM_SP_UPGRADE_EVT: 2748 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade); 2749 break; 2750 2751 default: 2752 status = BTM_NOT_AUTHORIZED; 2753 break; 2754 } 2755 APPL_TRACE_EVENT("dm status: %d", status); 2756 return status; 2757 } 2758 #endif 2759 2760 /******************************************************************************* 2761 * 2762 * Function bta_dm_local_name_cback 2763 * 2764 * Description Callback from btm after local name is read 2765 * 2766 * 2767 * Returns void 2768 * 2769 ******************************************************************************/ 2770 static void bta_dm_local_name_cback(UNUSED_ATTR const RawAddress& p_name) { 2771 tBTA_DM_SEC sec_event; 2772 2773 sec_event.enable.status = BTA_SUCCESS; 2774 2775 if (bta_dm_cb.p_sec_cback) 2776 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event); 2777 } 2778 2779 /******************************************************************************* 2780 * 2781 * Function bta_dm_bl_change_cback 2782 * 2783 * Description Callback from btm when acl connection goes up or down 2784 * 2785 * 2786 * Returns void 2787 * 2788 ******************************************************************************/ 2789 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) { 2790 tBTA_DM_ACL_CHANGE* p_msg = 2791 (tBTA_DM_ACL_CHANGE*)osi_malloc(sizeof(tBTA_DM_ACL_CHANGE)); 2792 2793 p_msg->event = p_data->event; 2794 p_msg->is_new = false; 2795 2796 switch (p_msg->event) { 2797 case BTM_BL_CONN_EVT: 2798 p_msg->is_new = true; 2799 p_msg->bd_addr = *p_data->conn.p_bda; 2800 p_msg->transport = p_data->conn.transport; 2801 p_msg->handle = p_data->conn.handle; 2802 break; 2803 case BTM_BL_DISCN_EVT: 2804 p_msg->bd_addr = *p_data->discn.p_bda; 2805 p_msg->transport = p_data->discn.transport; 2806 p_msg->handle = p_data->discn.handle; 2807 break; 2808 case BTM_BL_UPDATE_EVT: 2809 p_msg->busy_level = p_data->update.busy_level; 2810 p_msg->busy_level_flags = p_data->update.busy_level_flags; 2811 break; 2812 case BTM_BL_ROLE_CHG_EVT: 2813 p_msg->new_role = p_data->role_chg.new_role; 2814 p_msg->hci_status = p_data->role_chg.hci_status; 2815 p_msg->bd_addr = *p_data->role_chg.p_bda; 2816 break; 2817 case BTM_BL_COLLISION_EVT: 2818 p_msg->bd_addr = *p_data->conn.p_bda; 2819 break; 2820 } 2821 2822 p_msg->hdr.event = BTA_DM_ACL_CHANGE_EVT; 2823 bta_sys_sendmsg(p_msg); 2824 } 2825 2826 /******************************************************************************* 2827 * 2828 * Function bta_dm_rs_cback 2829 * 2830 * Description Receives the role switch complete event 2831 * 2832 * Returns 2833 * 2834 ******************************************************************************/ 2835 static void bta_dm_rs_cback(UNUSED_ATTR tBTM_ROLE_SWITCH_CMPL* p1) { 2836 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event); 2837 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) { 2838 bta_dm_cb.search_msg.rs_res = 2839 BTA_DM_RS_OK; /* do not care about the result for now */ 2840 bta_dm_cb.rs_event = 0; 2841 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg); 2842 } 2843 } 2844 2845 /******************************************************************************* 2846 * 2847 * Function bta_dm_check_av 2848 * 2849 * Description This function checks if AV is active 2850 * if yes, make sure the AV link is master 2851 * 2852 * Returns bool - true, if switch is in progress 2853 * 2854 ******************************************************************************/ 2855 static bool bta_dm_check_av(uint16_t event) { 2856 bool avoid_roleswitch = false; 2857 bool switching = false; 2858 uint8_t i; 2859 tBTA_DM_PEER_DEVICE* p_dev; 2860 2861 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE) 2862 2863 /* avoid role switch upon inquiry if a2dp is actively streaming as it 2864 introduces an audioglitch due to FW scheduling delays (unavoidable) */ 2865 if (event == BTA_DM_API_SEARCH_EVT) { 2866 avoid_roleswitch = true; 2867 } 2868 #endif 2869 2870 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count); 2871 if (bta_dm_cb.cur_av_count) { 2872 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 2873 p_dev = &bta_dm_cb.device_list.peer_device[i]; 2874 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i, 2875 p_dev->conn_state, p_dev->info, avoid_roleswitch); 2876 if ((p_dev->conn_state == BTA_DM_CONNECTED) && 2877 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (avoid_roleswitch == false)) { 2878 /* make master and take away the role switch policy */ 2879 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr, 2880 HCI_ROLE_MASTER, 2881 (tBTM_CMPL_CB*)bta_dm_rs_cback)) { 2882 /* the role switch command is actually sent */ 2883 bta_dm_cb.rs_event = event; 2884 switching = true; 2885 } 2886 /* else either already master or can not switch for some reasons */ 2887 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH, 2888 &p_dev->peer_bdaddr); 2889 break; 2890 } 2891 } 2892 } 2893 return switching; 2894 } 2895 2896 /******************************************************************************* 2897 * 2898 * Function bta_dm_acl_change 2899 * 2900 * Description Process BTA_DM_ACL_CHANGE_EVT 2901 * 2902 * 2903 * Returns void 2904 * 2905 ******************************************************************************/ 2906 void bta_dm_acl_change(tBTA_DM_MSG* p_data) { 2907 uint8_t i; 2908 uint8_t* p; 2909 tBTA_DM_SEC conn; 2910 bool is_new = p_data->acl_change.is_new; 2911 const RawAddress& p_bda = p_data->acl_change.bd_addr; 2912 bool need_policy_change = false; 2913 bool issue_unpair_cb = false; 2914 2915 tBTA_DM_PEER_DEVICE* p_dev; 2916 memset(&conn, 0, sizeof(tBTA_DM_SEC)); 2917 2918 switch (p_data->acl_change.event) { 2919 case BTM_BL_UPDATE_EVT: /* busy level update */ 2920 if (bta_dm_cb.p_sec_cback) { 2921 conn.busy_level.level = p_data->acl_change.busy_level; 2922 conn.busy_level.level_flags = p_data->acl_change.busy_level_flags; 2923 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn); 2924 } 2925 return; 2926 2927 case BTM_BL_ROLE_CHG_EVT: /* role change event */ 2928 p_dev = bta_dm_find_peer_device(p_bda); 2929 if (p_dev) { 2930 APPL_TRACE_DEBUG( 2931 "bta_dm_acl_change role chg info:x%x new_role:%d dev count:%d", 2932 p_dev->info, p_data->acl_change.new_role, 2933 bta_dm_cb.device_list.count); 2934 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) { 2935 /* there's AV activity on this link */ 2936 if (p_data->acl_change.new_role == HCI_ROLE_SLAVE && 2937 bta_dm_cb.device_list.count > 1 && 2938 p_data->acl_change.hci_status == HCI_SUCCESS) { 2939 /* more than one connections and the AV connection is role switched 2940 * to slave 2941 * switch it back to master and remove the switch policy */ 2942 BTM_SwitchRole(p_bda, BTM_ROLE_MASTER, NULL); 2943 need_policy_change = true; 2944 } else if (p_bta_dm_cfg->avoid_scatter && 2945 (p_data->acl_change.new_role == HCI_ROLE_MASTER)) { 2946 /* if the link updated to be master include AV activities, remove 2947 * the switch policy */ 2948 need_policy_change = true; 2949 } 2950 2951 if (need_policy_change) { 2952 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, 2953 HCI_ENABLE_MASTER_SLAVE_SWITCH, 2954 &p_dev->peer_bdaddr); 2955 } 2956 } else { 2957 /* there's AV no activity on this link and role switch happened 2958 * check if AV is active 2959 * if so, make sure the AV link is master */ 2960 bta_dm_check_av(0); 2961 } 2962 bta_sys_notify_role_chg(p_data->acl_change.bd_addr, 2963 p_data->acl_change.new_role, 2964 p_data->acl_change.hci_status); 2965 conn.role_chg.bd_addr = p_bda; 2966 conn.role_chg.new_role = (uint8_t)p_data->acl_change.new_role; 2967 if (bta_dm_cb.p_sec_cback) 2968 bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, (tBTA_DM_SEC*)&conn); 2969 } 2970 return; 2971 } 2972 2973 /* Collision report from Stack: Notify profiles */ 2974 if (p_data->acl_change.event == BTM_BL_COLLISION_EVT) { 2975 bta_sys_notify_collision(p_bda); 2976 return; 2977 } 2978 2979 if (is_new) { 2980 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 2981 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == p_bda && 2982 bta_dm_cb.device_list.peer_device[i].conn_handle == 2983 p_data->acl_change.handle) 2984 break; 2985 } 2986 2987 if (i == bta_dm_cb.device_list.count) { 2988 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) { 2989 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count] 2990 .peer_bdaddr = p_bda; 2991 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count] 2992 .link_policy = bta_dm_cb.cur_policy; 2993 bta_dm_cb.device_list.count++; 2994 bta_dm_cb.device_list.peer_device[i].conn_handle = 2995 p_data->acl_change.handle; 2996 if (p_data->acl_change.transport == BT_TRANSPORT_LE) 2997 bta_dm_cb.device_list.le_count++; 2998 } else { 2999 APPL_TRACE_ERROR("%s max active connection reached, no resources", 3000 __func__); 3001 return; 3002 } 3003 } 3004 3005 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED; 3006 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE; 3007 conn.link_up.bd_addr = p_bda; 3008 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE; 3009 conn.link_up.link_type = p_data->acl_change.transport; 3010 bta_dm_cb.device_list.peer_device[i].transport = 3011 p_data->acl_change.transport; 3012 3013 if (((NULL != (p = BTM_ReadLocalFeatures())) && 3014 HCI_SNIFF_SUB_RATE_SUPPORTED(p)) && 3015 ((NULL != (p = BTM_ReadRemoteFeatures(p_bda))) && 3016 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) { 3017 /* both local and remote devices support SSR */ 3018 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR; 3019 } 3020 APPL_TRACE_WARNING("%s info: 0x%x", __func__, 3021 bta_dm_cb.device_list.peer_device[i].info); 3022 3023 if (bta_dm_cb.p_sec_cback) 3024 bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, (tBTA_DM_SEC*)&conn); 3025 } else { 3026 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 3027 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != p_bda || 3028 bta_dm_cb.device_list.peer_device[i].transport != 3029 p_data->acl_change.transport) 3030 continue; 3031 3032 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) { 3033 if (BTM_SecDeleteDevice( 3034 bta_dm_cb.device_list.peer_device[i].peer_bdaddr)) 3035 issue_unpair_cb = true; 3036 3037 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__, 3038 issue_unpair_cb); 3039 } 3040 3041 conn.link_down.is_removed = 3042 bta_dm_cb.device_list.peer_device[i].remove_dev_pending; 3043 3044 // Iterate to the one before the last when shrinking the list, 3045 // otherwise we memcpy garbage data into the record. 3046 // Then clear out the last item in the list since we are shrinking. 3047 for (; i < bta_dm_cb.device_list.count - 1; i++) { 3048 memcpy(&bta_dm_cb.device_list.peer_device[i], 3049 &bta_dm_cb.device_list.peer_device[i + 1], 3050 sizeof(bta_dm_cb.device_list.peer_device[i])); 3051 } 3052 if (bta_dm_cb.device_list.count > 0) { 3053 int clear_index = bta_dm_cb.device_list.count - 1; 3054 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0, 3055 sizeof(bta_dm_cb.device_list.peer_device[clear_index])); 3056 } 3057 break; 3058 } 3059 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--; 3060 if ((p_data->acl_change.transport == BT_TRANSPORT_LE) && 3061 (bta_dm_cb.device_list.le_count)) 3062 bta_dm_cb.device_list.le_count--; 3063 conn.link_down.link_type = p_data->acl_change.transport; 3064 3065 if (bta_dm_search_cb.wait_disc && bta_dm_search_cb.peer_bdaddr == p_bda) { 3066 bta_dm_search_cb.wait_disc = false; 3067 3068 if (bta_dm_search_cb.sdp_results) { 3069 APPL_TRACE_EVENT(" timer stopped "); 3070 alarm_cancel(bta_dm_search_cb.search_timer); 3071 bta_dm_discover_next_device(); 3072 } 3073 } 3074 3075 if (bta_dm_cb.disabling) { 3076 if (!BTM_GetNumAclLinks()) { 3077 /* 3078 * Start a timer to make sure that the profiles 3079 * get the disconnect event. 3080 */ 3081 alarm_set_on_mloop(bta_dm_cb.disable_timer, 3082 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS, 3083 bta_dm_disable_conn_down_timer_cback, NULL); 3084 } 3085 } 3086 if (conn.link_down.is_removed) { 3087 BTM_SecDeleteDevice(p_bda); 3088 /* need to remove all pending background connection */ 3089 BTA_GATTC_CancelOpen(0, p_bda, false); 3090 /* remove all cached GATT information */ 3091 BTA_GATTC_Refresh(p_bda); 3092 } 3093 3094 conn.link_down.bd_addr = p_bda; 3095 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code(); 3096 if (bta_dm_cb.p_sec_cback) { 3097 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn); 3098 if (issue_unpair_cb) 3099 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn); 3100 } 3101 } 3102 3103 bta_dm_adjust_roles(true); 3104 } 3105 3106 /******************************************************************************* 3107 * 3108 * Function bta_dm_disable_conn_down_timer_cback 3109 * 3110 * Description Sends disable event to application 3111 * 3112 * 3113 * Returns void 3114 * 3115 ******************************************************************************/ 3116 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) { 3117 tBTA_SYS_HW_MSG* sys_enable_event = 3118 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG)); 3119 3120 /* disable the power managment module */ 3121 bta_dm_disable_pm(); 3122 3123 /* register our callback to SYS HW manager */ 3124 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback); 3125 3126 /* send a message to BTA SYS */ 3127 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT; 3128 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH; 3129 bta_sys_sendmsg(sys_enable_event); 3130 3131 bta_dm_cb.disabling = false; 3132 } 3133 3134 /******************************************************************************* 3135 * 3136 * Function bta_dm_rm_cback 3137 * 3138 * Description Role management callback from sys 3139 * 3140 * 3141 * Returns void 3142 * 3143 ******************************************************************************/ 3144 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id, 3145 uint8_t app_id, const RawAddress* peer_addr) { 3146 uint8_t j; 3147 tBTA_PREF_ROLES role; 3148 tBTA_DM_PEER_DEVICE* p_dev; 3149 3150 p_dev = bta_dm_find_peer_device(*peer_addr); 3151 if (status == BTA_SYS_CONN_OPEN) { 3152 if (p_dev) { 3153 /* Do not set to connected if we are in the middle of unpairing. When AV 3154 * stream is 3155 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role 3156 * switch command. 3157 * But this should not be done if we are in the middle of unpairing. 3158 */ 3159 if (p_dev->conn_state != BTA_DM_UNPAIRING) 3160 p_dev->conn_state = BTA_DM_CONNECTED; 3161 3162 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) { 3163 if (((p_bta_dm_rm_cfg[j].app_id == app_id) || 3164 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) && 3165 (p_bta_dm_rm_cfg[j].id == id)) { 3166 role = p_bta_dm_rm_cfg[j].cfg; 3167 3168 if (role > p_dev->pref_role) p_dev->pref_role = role; 3169 break; 3170 } 3171 } 3172 } 3173 } 3174 3175 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) { 3176 if (status == BTA_SYS_CONN_BUSY) { 3177 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE; 3178 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */ 3179 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count(); 3180 } else if (status == BTA_SYS_CONN_IDLE) { 3181 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE; 3182 3183 /* get cur_av_count from connected services */ 3184 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count(); 3185 } 3186 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count, 3187 status); 3188 } 3189 3190 /* Don't adjust roles for each busy/idle state transition to avoid 3191 excessive switch requests when individual profile busy/idle status 3192 changes */ 3193 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE)) 3194 bta_dm_adjust_roles(false); 3195 } 3196 3197 /******************************************************************************* 3198 * 3199 * Function bta_dm_delay_role_switch_cback 3200 * 3201 * Description Callback from btm to delay a role switch 3202 * 3203 * Returns void 3204 * 3205 ******************************************************************************/ 3206 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) { 3207 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__); 3208 bta_dm_adjust_roles(false); 3209 } 3210 3211 /******************************************************************************* 3212 * 3213 * Function bta_dm_reset_sec_dev_pending 3214 * 3215 * Description Setting the remove device pending status to false from 3216 * security device DB, when the link key notification 3217 * event comes. 3218 * 3219 * Returns void 3220 * 3221 ******************************************************************************/ 3222 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) { 3223 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) { 3224 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) { 3225 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false; 3226 return; 3227 } 3228 } 3229 } 3230 3231 /******************************************************************************* 3232 * 3233 * Function bta_dm_remove_sec_dev_entry 3234 * 3235 * Description Removes device entry from Security device DB if ACL 3236 connection with 3237 * remtoe device does not exist, else schedule for dev entry 3238 removal upon 3239 ACL close 3240 * 3241 * Returns void 3242 * 3243 ******************************************************************************/ 3244 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) { 3245 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) || 3246 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) { 3247 APPL_TRACE_DEBUG( 3248 "%s ACL is not down. Schedule for Dev Removal when ACL closes", 3249 __func__); 3250 BTM_SecClearSecurityFlags(remote_bd_addr); 3251 for (int i = 0; i < bta_dm_cb.device_list.count; i++) { 3252 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) { 3253 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE; 3254 break; 3255 } 3256 } 3257 } else { 3258 BTM_SecDeleteDevice(remote_bd_addr); 3259 /* need to remove all pending background connection */ 3260 BTA_GATTC_CancelOpen(0, remote_bd_addr, false); 3261 /* remove all cached GATT information */ 3262 BTA_GATTC_Refresh(remote_bd_addr); 3263 } 3264 } 3265 3266 /******************************************************************************* 3267 * 3268 * Function bta_dm_adjust_roles 3269 * 3270 * Description Adjust roles 3271 * 3272 * 3273 * Returns void 3274 * 3275 ******************************************************************************/ 3276 static void bta_dm_adjust_roles(bool delay_role_switch) { 3277 uint8_t i; 3278 bool set_master_role = false; 3279 uint8_t br_count = 3280 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count; 3281 if (br_count) { 3282 /* the configuration is no scatternet 3283 * or AV connection exists and there are more than one ACL link */ 3284 if ((p_bta_dm_rm_cfg[0].cfg == BTA_DM_NO_SCATTERNET) || 3285 (bta_dm_cb.cur_av_count && br_count > 1)) { 3286 L2CA_SetDesireRole(HCI_ROLE_MASTER); 3287 set_master_role = true; 3288 } 3289 3290 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 3291 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED && 3292 bta_dm_cb.device_list.peer_device[i].transport == 3293 BT_TRANSPORT_BR_EDR) { 3294 if (!set_master_role && 3295 (bta_dm_cb.device_list.peer_device[i].pref_role != BTA_ANY_ROLE) && 3296 (p_bta_dm_rm_cfg[0].cfg == BTA_DM_PARTIAL_SCATTERNET)) { 3297 L2CA_SetDesireRole(HCI_ROLE_MASTER); 3298 set_master_role = true; 3299 } 3300 3301 if ((bta_dm_cb.device_list.peer_device[i].pref_role == 3302 BTA_MASTER_ROLE_ONLY) || 3303 (br_count > 1)) { 3304 /* Initiating immediate role switch with certain remote devices 3305 has caused issues due to role switch colliding with link encryption 3306 setup and 3307 causing encryption (and in turn the link) to fail . These device . 3308 Firmware 3309 versions are stored in a blacklist and role switch with these 3310 devices are 3311 delayed to avoid the collision with link encryption setup */ 3312 3313 if (bta_dm_cb.device_list.peer_device[i].pref_role != 3314 BTA_SLAVE_ROLE_ONLY && 3315 delay_role_switch == false) { 3316 BTM_SwitchRole(bta_dm_cb.device_list.peer_device[i].peer_bdaddr, 3317 HCI_ROLE_MASTER, NULL); 3318 } else { 3319 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer, 3320 BTA_DM_SWITCH_DELAY_TIMER_MS, 3321 bta_dm_delay_role_switch_cback, NULL); 3322 } 3323 } 3324 } 3325 } 3326 3327 if (!set_master_role) { 3328 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE); 3329 } 3330 3331 } else { 3332 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE); 3333 } 3334 } 3335 3336 /******************************************************************************* 3337 * 3338 * Function bta_dm_get_remname 3339 * 3340 * Description Returns a pointer to the remote name stored in the DM 3341 * control block if it exists, or from the BTM memory. 3342 * 3343 * Returns char * - Pointer to the remote device name 3344 ******************************************************************************/ 3345 static char* bta_dm_get_remname(void) { 3346 char* p_name = (char*)bta_dm_search_cb.peer_name; 3347 char* p_temp; 3348 3349 /* If the name isn't already stored, try retrieving from BTM */ 3350 if (*p_name == '\0') { 3351 p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr); 3352 if (p_temp != NULL) p_name = p_temp; 3353 } 3354 3355 return p_name; 3356 } 3357 3358 /******************************************************************************* 3359 * 3360 * Function bta_dm_bond_cancel_complete_cback 3361 * 3362 * Description Authentication complete callback from BTM 3363 * 3364 * Returns void 3365 * 3366 ******************************************************************************/ 3367 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) { 3368 tBTA_DM_SEC sec_event; 3369 3370 if (result == BTM_SUCCESS) 3371 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS; 3372 else 3373 sec_event.bond_cancel_cmpl.result = BTA_FAILURE; 3374 3375 if (bta_dm_cb.p_sec_cback) { 3376 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event); 3377 } 3378 } 3379 3380 /******************************************************************************* 3381 * 3382 * Function find_utf8_char_boundary 3383 * 3384 * Description This function checks a UTF8 string |utf8str| starting at 3385 * |offset|, moving backwards and returns the offset of the 3386 * next valid UTF8 character boundary found. 3387 * 3388 * Returns Offset of UTF8 character boundary 3389 * 3390 ******************************************************************************/ 3391 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) { 3392 CHECK(utf8str); 3393 CHECK(offset > 0); 3394 3395 while (--offset) { 3396 uint8_t ch = (uint8_t)utf8str[offset]; 3397 if ((ch & 0x80) == 0x00) // ASCII 3398 return offset + 1; 3399 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start 3400 return offset; 3401 } 3402 3403 return 0; 3404 } 3405 3406 /******************************************************************************* 3407 * 3408 * Function bta_dm_set_eir 3409 * 3410 * Description This function creates EIR tagged data and writes it to 3411 * controller. 3412 * 3413 * Returns None 3414 * 3415 ******************************************************************************/ 3416 static void bta_dm_set_eir(char* local_name) { 3417 uint8_t* p; 3418 uint8_t* p_length; 3419 #if (BTA_EIR_CANNED_UUID_LIST != TRUE) 3420 uint8_t* p_type; 3421 uint8_t max_num_uuid; 3422 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) 3423 uint8_t custom_uuid_idx; 3424 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID 3425 #endif // BTA_EIR_CANNED_UUID_LIST 3426 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE) 3427 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN; 3428 #else // BTM_EIR_DEFAULT_FEC_REQUIRED 3429 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE; 3430 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED 3431 uint8_t num_uuid; 3432 uint8_t data_type; 3433 uint8_t local_name_len; 3434 3435 /* wait until complete to disable */ 3436 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return; 3437 3438 #if (BTA_EIR_CANNED_UUID_LIST != TRUE) 3439 /* if local name is not provided, get it from controller */ 3440 if (local_name == NULL) { 3441 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) { 3442 APPL_TRACE_ERROR("Fail to read local device name for EIR"); 3443 } 3444 } 3445 #endif // BTA_EIR_CANNED_UUID_LIST 3446 3447 /* Allocate a buffer to hold HCI command */ 3448 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE); 3449 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; 3450 3451 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN); 3452 3453 APPL_TRACE_DEBUG("BTA is generating EIR"); 3454 3455 if (local_name) 3456 local_name_len = strlen(local_name); 3457 else 3458 local_name_len = 0; 3459 3460 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE; 3461 /* if local name is longer than minimum length of shortened name */ 3462 /* check whether it needs to be shortened or not */ 3463 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) { 3464 /* get number of UUID 16-bit list */ 3465 #if (BTA_EIR_CANNED_UUID_LIST == TRUE) 3466 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / LEN_UUID_16; 3467 #else // BTA_EIR_CANNED_UUID_LIST 3468 max_num_uuid = (free_eir_length - 2) / LEN_UUID_16; 3469 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p, 3470 max_num_uuid, &num_uuid); 3471 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */ 3472 #endif // BTA_EIR_CANNED_UUID_LIST 3473 3474 /* if UUID doesn't fit remaing space, shorten local name */ 3475 if (local_name_len > (free_eir_length - 4 - num_uuid * LEN_UUID_16)) { 3476 local_name_len = find_utf8_char_boundary( 3477 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len); 3478 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__, 3479 local_name_len); 3480 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE; 3481 } else { 3482 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE; 3483 } 3484 } 3485 3486 UINT8_TO_STREAM(p, local_name_len + 1); 3487 UINT8_TO_STREAM(p, data_type); 3488 3489 if (local_name != NULL) { 3490 memcpy(p, local_name, local_name_len); 3491 p += local_name_len; 3492 } 3493 free_eir_length -= local_name_len + 2; 3494 3495 #if (BTA_EIR_CANNED_UUID_LIST == TRUE) 3496 /* if UUID list is provided as static data in configuration */ 3497 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) && 3498 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) { 3499 if (free_eir_length > LEN_UUID_16 + 2) { 3500 free_eir_length -= 2; 3501 3502 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) { 3503 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / LEN_UUID_16; 3504 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE; 3505 } else /* not enough room for all UUIDs */ 3506 { 3507 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated"); 3508 num_uuid = free_eir_length / LEN_UUID_16; 3509 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE; 3510 } 3511 UINT8_TO_STREAM(p, num_uuid * LEN_UUID_16 + 1); 3512 UINT8_TO_STREAM(p, data_type); 3513 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16, num_uuid * LEN_UUID_16); 3514 p += num_uuid * LEN_UUID_16; 3515 free_eir_length -= num_uuid * LEN_UUID_16; 3516 } 3517 } 3518 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */ 3519 /* if UUID list is dynamic */ 3520 if (free_eir_length >= 2) { 3521 p_length = p++; 3522 p_type = p++; 3523 num_uuid = 0; 3524 3525 max_num_uuid = (free_eir_length - 2) / LEN_UUID_16; 3526 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p, 3527 max_num_uuid, &num_uuid); 3528 3529 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) { 3530 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated"); 3531 } 3532 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) 3533 else { 3534 for (custom_uuid_idx = 0; 3535 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID; 3536 custom_uuid_idx++) { 3537 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_16) { 3538 if (num_uuid < max_num_uuid) { 3539 UINT16_TO_STREAM(p, 3540 bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid16); 3541 num_uuid++; 3542 } else { 3543 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE; 3544 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated"); 3545 break; 3546 } 3547 } 3548 } 3549 } 3550 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */ 3551 3552 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_16 + 1); 3553 UINT8_TO_STREAM(p_type, data_type); 3554 free_eir_length -= num_uuid * LEN_UUID_16 + 2; 3555 } 3556 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */ 3557 3558 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) 3559 /* Adding 32-bit UUID list */ 3560 if (free_eir_length >= 2) { 3561 p_length = p++; 3562 p_type = p++; 3563 num_uuid = 0; 3564 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE; 3565 3566 max_num_uuid = (free_eir_length - 2) / LEN_UUID_32; 3567 3568 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID; 3569 custom_uuid_idx++) { 3570 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_32) { 3571 if (num_uuid < max_num_uuid) { 3572 UINT32_TO_STREAM(p, bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid32); 3573 num_uuid++; 3574 } else { 3575 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE; 3576 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated"); 3577 break; 3578 } 3579 } 3580 } 3581 3582 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_32 + 1); 3583 UINT8_TO_STREAM(p_type, data_type); 3584 free_eir_length -= num_uuid * LEN_UUID_32 + 2; 3585 } 3586 3587 /* Adding 128-bit UUID list */ 3588 if (free_eir_length >= 2) { 3589 p_length = p++; 3590 p_type = p++; 3591 num_uuid = 0; 3592 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE; 3593 3594 max_num_uuid = (free_eir_length - 2) / LEN_UUID_128; 3595 3596 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID; 3597 custom_uuid_idx++) { 3598 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_128) { 3599 if (num_uuid < max_num_uuid) { 3600 ARRAY16_TO_STREAM(p, 3601 bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid128); 3602 num_uuid++; 3603 } else { 3604 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE; 3605 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated"); 3606 break; 3607 } 3608 } 3609 } 3610 3611 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_128 + 1); 3612 UINT8_TO_STREAM(p_type, data_type); 3613 free_eir_length -= num_uuid * LEN_UUID_128 + 2; 3614 } 3615 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \ 3616 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */ 3617 3618 /* if Flags are provided in configuration */ 3619 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) && 3620 (p_bta_dm_eir_cfg->bta_dm_eir_flags) && 3621 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) { 3622 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1); 3623 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE); 3624 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags, 3625 p_bta_dm_eir_cfg->bta_dm_eir_flag_len); 3626 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len; 3627 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2; 3628 } 3629 3630 /* if Manufacturer Specific are provided in configuration */ 3631 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) && 3632 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) && 3633 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) { 3634 p_length = p; 3635 3636 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1); 3637 UINT8_TO_STREAM(p, BTM_EIR_MANUFACTURER_SPECIFIC_TYPE); 3638 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec, 3639 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len); 3640 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len; 3641 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2; 3642 3643 } else { 3644 p_length = NULL; 3645 } 3646 3647 /* if Inquiry Tx Resp Power compiled */ 3648 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) { 3649 UINT8_TO_STREAM(p, 2); /* Length field */ 3650 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE); 3651 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power)); 3652 free_eir_length -= 3; 3653 } 3654 3655 if (free_eir_length) 3656 UINT8_TO_STREAM(p, 0); /* terminator of significant part */ 3657 3658 BTM_WriteEIR(p_buf); 3659 } 3660 3661 /******************************************************************************* 3662 * 3663 * Function bta_dm_eir_search_services 3664 * 3665 * Description This function searches services in received EIR 3666 * 3667 * Returns None 3668 * 3669 ******************************************************************************/ 3670 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result, 3671 tBTA_SERVICE_MASK* p_services_to_search, 3672 tBTA_SERVICE_MASK* p_services_found) { 3673 tBTA_SERVICE_MASK service_index = 0; 3674 tBTM_EIR_SEARCH_RESULT result; 3675 3676 VLOG(1) << "BTA searching services in EIR of BDA:" 3677 << p_result->remote_bd_addr; 3678 3679 APPL_TRACE_DEBUG(" with services_to_search=0x%08X", *p_services_to_search); 3680 3681 /* always do GATT based service discovery by SDP instead of from EIR */ 3682 /* if GATT based service is also to be put in EIR, need to modify this */ 3683 while (service_index < (BTA_MAX_SERVICE_ID - 1)) { 3684 if (*p_services_to_search & 3685 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))) { 3686 result = BTM_HasInquiryEirService( 3687 p_result, bta_service_id_to_uuid_lkup_tbl[service_index]); 3688 3689 /* Searching for HSP v1.2 only device */ 3690 if ((result != BTM_EIR_FOUND) && 3691 (bta_service_id_to_uuid_lkup_tbl[service_index] == 3692 UUID_SERVCLASS_HEADSET)) { 3693 result = BTM_HasInquiryEirService(p_result, UUID_SERVCLASS_HEADSET_HS); 3694 } 3695 3696 if (result == BTM_EIR_FOUND) { 3697 /* If Plug and Play service record, need to check to see if Broadcom 3698 * stack */ 3699 /* However, EIR data doesn't have EXT_BRCM_VERSION so just skip it */ 3700 if (bta_service_id_to_uuid_lkup_tbl[service_index] != 3701 UUID_SERVCLASS_PNP_INFORMATION) { 3702 *p_services_found |= (tBTA_SERVICE_MASK)( 3703 BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)); 3704 /* remove the service from services to be searched */ 3705 *p_services_to_search &= (tBTA_SERVICE_MASK)( 3706 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))); 3707 } 3708 } else if (result == BTM_EIR_NOT_FOUND) { 3709 /* remove the service from services to be searched */ 3710 *p_services_to_search &= (tBTA_SERVICE_MASK)( 3711 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))); 3712 } 3713 } 3714 3715 service_index++; 3716 } 3717 3718 APPL_TRACE_ERROR( 3719 "BTA EIR search result, services_to_search=0x%08X, services_found=0x%08X", 3720 *p_services_to_search, *p_services_found); 3721 } 3722 3723 #if (BTA_EIR_CANNED_UUID_LIST != TRUE) 3724 /******************************************************************************* 3725 * 3726 * Function bta_dm_eir_update_uuid 3727 * 3728 * Description This function adds or removes service UUID in EIR database. 3729 * 3730 * Returns None 3731 * 3732 ******************************************************************************/ 3733 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) { 3734 /* if this UUID is not advertised in EIR */ 3735 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return; 3736 3737 if (adding) { 3738 APPL_TRACE_EVENT("Adding UUID=0x%04X into EIR", uuid16); 3739 3740 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16); 3741 } else { 3742 APPL_TRACE_EVENT("Removing UUID=0x%04X from EIR", uuid16); 3743 3744 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16); 3745 } 3746 3747 bta_dm_set_eir(NULL); 3748 3749 APPL_TRACE_EVENT("bta_dm_eir_update_uuid UUID bit mask=0x%08X %08X", 3750 bta_dm_cb.eir_uuid[1], bta_dm_cb.eir_uuid[0]); 3751 } 3752 #endif 3753 3754 /******************************************************************************* 3755 * 3756 * Function bta_dm_enable_test_mode 3757 * 3758 * Description enable test mode 3759 * 3760 * 3761 * Returns void 3762 * 3763 ******************************************************************************/ 3764 void bta_dm_enable_test_mode(UNUSED_ATTR tBTA_DM_MSG* p_data) { 3765 BTM_EnableTestMode(); 3766 } 3767 3768 /******************************************************************************* 3769 * 3770 * Function bta_dm_disable_test_mode 3771 * 3772 * Description disable test mode 3773 * 3774 * 3775 * Returns void 3776 * 3777 ******************************************************************************/ 3778 void bta_dm_disable_test_mode(UNUSED_ATTR tBTA_DM_MSG* p_data) { 3779 BTM_DeviceReset(NULL); 3780 } 3781 3782 /******************************************************************************* 3783 * 3784 * Function bta_dm_execute_callback 3785 * 3786 * Description Just execute a generic call back in the context of the 3787 * BTU/BTA tack 3788 * 3789 * 3790 * Returns void 3791 * 3792 ******************************************************************************/ 3793 void bta_dm_execute_callback(tBTA_DM_MSG* p_data) { 3794 /* sanity check */ 3795 if (p_data->exec_cback.p_exec_cback == NULL) { 3796 return; 3797 } 3798 3799 p_data->exec_cback.p_exec_cback(p_data->exec_cback.p_param); 3800 } 3801 3802 /******************************************************************************* 3803 * 3804 * Function bta_dm_encrypt_cback 3805 * 3806 * Description link encryption complete callback. 3807 * 3808 * Returns None 3809 * 3810 ******************************************************************************/ 3811 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport, 3812 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) { 3813 tBTA_STATUS bta_status = BTA_SUCCESS; 3814 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL; 3815 uint8_t i; 3816 3817 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 3818 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr && 3819 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED) 3820 break; 3821 } 3822 3823 if (i < bta_dm_cb.device_list.count) { 3824 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback; 3825 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL; 3826 } 3827 3828 switch (result) { 3829 case BTM_SUCCESS: 3830 break; 3831 case BTM_WRONG_MODE: 3832 bta_status = BTA_WRONG_MODE; 3833 break; 3834 case BTM_NO_RESOURCES: 3835 bta_status = BTA_NO_RESOURCES; 3836 break; 3837 case BTM_BUSY: 3838 bta_status = BTA_BUSY; 3839 break; 3840 default: 3841 bta_status = BTA_FAILURE; 3842 break; 3843 } 3844 3845 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x", 3846 bta_status, p_callback); 3847 3848 if (p_callback) { 3849 (*p_callback)(*bd_addr, transport, bta_status); 3850 } 3851 } 3852 3853 /******************************************************************************* 3854 * 3855 * Function bta_dm_set_encryption 3856 * 3857 * Description This function to encrypt the link 3858 * 3859 * Returns None 3860 * 3861 ******************************************************************************/ 3862 void bta_dm_set_encryption(tBTA_DM_MSG* p_data) { 3863 uint8_t i; 3864 3865 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo 3866 if (!p_data->set_encryption.p_callback) { 3867 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided"); 3868 return; 3869 } 3870 for (i = 0; i < bta_dm_cb.device_list.count; i++) { 3871 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == 3872 p_data->set_encryption.bd_addr && 3873 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED) 3874 break; 3875 } 3876 if (i < bta_dm_cb.device_list.count) { 3877 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) { 3878 APPL_TRACE_ERROR("earlier enc was not done for same device"); 3879 (*p_data->set_encryption.p_callback)(p_data->set_encryption.bd_addr, 3880 p_data->set_encryption.transport, 3881 BTA_BUSY); 3882 return; 3883 } 3884 3885 if (BTM_SetEncryption(p_data->set_encryption.bd_addr, 3886 p_data->set_encryption.transport, 3887 bta_dm_encrypt_cback, NULL, 3888 p_data->set_encryption.sec_act) == BTM_CMD_STARTED) { 3889 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = 3890 p_data->set_encryption.p_callback; 3891 } 3892 } 3893 } 3894 3895 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) { 3896 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count); 3897 3898 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) { 3899 // Check if profiles other than hid are connected 3900 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) && 3901 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) { 3902 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__, 3903 bta_dm_conn_srvcs.conn_srvc[j].id); 3904 return false; 3905 } 3906 } 3907 3908 return true; 3909 } 3910 3911 /******************************************************************************* 3912 * 3913 * Function bta_dm_observe_results_cb 3914 * 3915 * Description Callback for BLE Observe result 3916 * 3917 * 3918 * Returns void 3919 * 3920 ******************************************************************************/ 3921 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir, 3922 uint16_t eir_len) { 3923 tBTA_DM_SEARCH result; 3924 tBTM_INQ_INFO* p_inq_info; 3925 APPL_TRACE_DEBUG("bta_dm_observe_results_cb"); 3926 3927 result.inq_res.bd_addr = p_inq->remote_bd_addr; 3928 result.inq_res.rssi = p_inq->rssi; 3929 result.inq_res.ble_addr_type = p_inq->ble_addr_type; 3930 result.inq_res.inq_result_type = p_inq->inq_result_type; 3931 result.inq_res.device_type = p_inq->device_type; 3932 result.inq_res.flag = p_inq->flag; 3933 result.inq_res.ble_evt_type = p_inq->ble_evt_type; 3934 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy; 3935 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy; 3936 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid; 3937 result.inq_res.ble_tx_power = p_inq->ble_tx_power; 3938 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int; 3939 3940 /* application will parse EIR to find out remote device name */ 3941 result.inq_res.p_eir = p_eir; 3942 result.inq_res.eir_len = eir_len; 3943 3944 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr); 3945 if (p_inq_info != NULL) { 3946 /* initialize remt_name_not_required to false so that we get the name by 3947 * default */ 3948 result.inq_res.remt_name_not_required = false; 3949 } 3950 3951 if (bta_dm_search_cb.p_scan_cback) 3952 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result); 3953 3954 if (p_inq_info) { 3955 /* application indicates if it knows the remote name, inside the callback 3956 copy that to the inquiry data base*/ 3957 if (result.inq_res.remt_name_not_required) 3958 p_inq_info->appl_knows_rem_name = true; 3959 } 3960 } 3961 3962 /******************************************************************************* 3963 * 3964 * Function bta_dm_observe_cmpl_cb 3965 * 3966 * Description Callback for BLE Observe complete 3967 * 3968 * 3969 * Returns void 3970 * 3971 ******************************************************************************/ 3972 static void bta_dm_observe_cmpl_cb(void* p_result) { 3973 tBTA_DM_SEARCH data; 3974 3975 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb"); 3976 3977 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp; 3978 if (bta_dm_search_cb.p_scan_cback) { 3979 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data); 3980 } 3981 } 3982 3983 /******************************************************************************* 3984 * 3985 * Function bta_dm_ble_smp_cback 3986 * 3987 * Description Callback for BLE SMP 3988 * 3989 * 3990 * Returns void 3991 * 3992 ******************************************************************************/ 3993 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda, 3994 tBTM_LE_EVT_DATA* p_data) { 3995 tBTM_STATUS status = BTM_SUCCESS; 3996 tBTA_DM_SEC sec_event; 3997 char* p_name = NULL; 3998 3999 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED; 4000 4001 memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); 4002 switch (event) { 4003 case BTM_LE_IO_REQ_EVT: 4004 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) 4005 4006 bta_dm_co_ble_io_req( 4007 bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data, 4008 &p_data->io_req.auth_req, &p_data->io_req.max_key_size, 4009 &p_data->io_req.init_keys, &p_data->io_req.resp_keys); 4010 #endif 4011 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req, 4012 p_data->io_req.oob_data); 4013 4014 break; 4015 4016 case BTM_LE_SEC_REQUEST_EVT: 4017 sec_event.ble_req.bd_addr = bda; 4018 p_name = BTM_SecReadDevName(bda); 4019 if (p_name != NULL) 4020 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN); 4021 else 4022 sec_event.ble_req.bd_name[0] = 0; 4023 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event); 4024 break; 4025 4026 case BTM_LE_KEY_NOTIF_EVT: 4027 sec_event.key_notif.bd_addr = bda; 4028 p_name = BTM_SecReadDevName(bda); 4029 if (p_name != NULL) 4030 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN); 4031 else 4032 sec_event.key_notif.bd_name[0] = 0; 4033 sec_event.key_notif.passkey = p_data->key_notif; 4034 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event); 4035 break; 4036 4037 case BTM_LE_KEY_REQ_EVT: 4038 sec_event.ble_req.bd_addr = bda; 4039 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event); 4040 break; 4041 4042 case BTM_LE_OOB_REQ_EVT: 4043 sec_event.ble_req.bd_addr = bda; 4044 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event); 4045 break; 4046 4047 case BTM_LE_NC_REQ_EVT: 4048 sec_event.key_notif.bd_addr = bda; 4049 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(), 4050 (BD_NAME_LEN)); 4051 sec_event.key_notif.passkey = p_data->key_notif; 4052 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event); 4053 break; 4054 4055 case BTM_LE_SC_OOB_REQ_EVT: 4056 sec_event.ble_req.bd_addr = bda; 4057 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event); 4058 break; 4059 4060 case BTM_LE_KEY_EVT: 4061 sec_event.ble_key.bd_addr = bda; 4062 sec_event.ble_key.key_type = p_data->key.key_type; 4063 sec_event.ble_key.p_key_value = p_data->key.p_key_value; 4064 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event); 4065 break; 4066 4067 case BTM_LE_COMPLT_EVT: 4068 sec_event.auth_cmpl.bd_addr = bda; 4069 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type, 4070 &sec_event.auth_cmpl.addr_type); 4071 p_name = BTM_SecReadDevName(bda); 4072 if (p_name != NULL) 4073 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN)); 4074 else 4075 sec_event.auth_cmpl.bd_name[0] = 0; 4076 4077 if (p_data->complt.reason != 0) { 4078 sec_event.auth_cmpl.fail_reason = 4079 BTA_DM_AUTH_CONVERT_SMP_CODE(((uint8_t)p_data->complt.reason)); 4080 /* delete this device entry from Sec Dev DB */ 4081 bta_dm_remove_sec_dev_entry(bda); 4082 } else { 4083 sec_event.auth_cmpl.success = true; 4084 } 4085 4086 if (bta_dm_cb.p_sec_cback) { 4087 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); 4088 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event); 4089 } 4090 break; 4091 4092 default: 4093 status = BTM_NOT_AUTHORIZED; 4094 break; 4095 } 4096 return status; 4097 } 4098 4099 /******************************************************************************* 4100 * 4101 * Function bta_dm_ble_id_key_cback 4102 * 4103 * Description Callback for BLE local ID keys 4104 * 4105 * 4106 * Returns void 4107 * 4108 ******************************************************************************/ 4109 static void bta_dm_ble_id_key_cback(uint8_t key_type, 4110 tBTM_BLE_LOCAL_KEYS* p_key) { 4111 uint8_t evt; 4112 tBTA_DM_SEC dm_key; 4113 4114 switch (key_type) { 4115 case BTM_BLE_KEY_TYPE_ID: 4116 case BTM_BLE_KEY_TYPE_ER: 4117 if (bta_dm_cb.p_sec_cback) { 4118 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS)); 4119 4120 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT 4121 : BTA_DM_BLE_LOCAL_ER_EVT; 4122 bta_dm_cb.p_sec_cback(evt, &dm_key); 4123 } 4124 break; 4125 4126 default: 4127 APPL_TRACE_DEBUG("Unknown key type %d", key_type); 4128 break; 4129 } 4130 return; 4131 } 4132 4133 /******************************************************************************* 4134 * 4135 * Function bta_dm_add_blekey 4136 * 4137 * Description This function adds an BLE Key to an security database entry. 4138 * This function shall only be called AFTER BTA_DmAddBleDevice 4139 * has been called. 4140 * It is normally called during host startup to restore all 4141 * required information stored in the NVRAM. 4142 * 4143 * Parameters: 4144 * 4145 ******************************************************************************/ 4146 void bta_dm_add_blekey(tBTA_DM_MSG* p_data) { 4147 if (!BTM_SecAddBleKey(p_data->add_ble_key.bd_addr, 4148 (tBTM_LE_KEY_VALUE*)&p_data->add_ble_key.blekey, 4149 p_data->add_ble_key.key_type)) { 4150 LOG(ERROR) << "BTA_DM: Error adding BLE Key for device " 4151 << p_data->add_ble_key.bd_addr; 4152 } 4153 } 4154 4155 /******************************************************************************* 4156 * 4157 * Function bta_dm_add_ble_device 4158 * 4159 * Description This function adds an BLE device to an security database 4160 * entry. 4161 * It is normally called during host startup to restore all 4162 * required information stored in the NVRAM. 4163 * 4164 * Parameters: 4165 * 4166 ******************************************************************************/ 4167 void bta_dm_add_ble_device(tBTA_DM_MSG* p_data) { 4168 if (!BTM_SecAddBleDevice(p_data->add_ble_device.bd_addr, NULL, 4169 p_data->add_ble_device.dev_type, 4170 p_data->add_ble_device.addr_type)) { 4171 LOG(ERROR) << "BTA_DM: Error adding BLE Device for device " 4172 << p_data->add_ble_device.bd_addr; 4173 } 4174 } 4175 4176 /******************************************************************************* 4177 * 4178 * Function bta_dm_add_ble_device 4179 * 4180 * Description This function adds an BLE device to an security database 4181 * entry. 4182 * It is normally called during host startup to restore all 4183 * required information stored in the NVRAM. 4184 * 4185 * Parameters: 4186 * 4187 ******************************************************************************/ 4188 void bta_dm_ble_passkey_reply(tBTA_DM_MSG* p_data) { 4189 if (p_data->pin_reply.accept) { 4190 BTM_BlePasskeyReply(p_data->ble_passkey_reply.bd_addr, BTM_SUCCESS, 4191 p_data->ble_passkey_reply.passkey); 4192 } else { 4193 BTM_BlePasskeyReply(p_data->ble_passkey_reply.bd_addr, BTM_NOT_AUTHORIZED, 4194 p_data->ble_passkey_reply.passkey); 4195 } 4196 } 4197 4198 /******************************************************************************* 4199 * 4200 * Function bta_dm_ble_confirm_reply 4201 * 4202 * Description This is response to SM numeric comparison request submitted 4203 * to application. 4204 * 4205 * Parameters: 4206 * 4207 ******************************************************************************/ 4208 void bta_dm_ble_confirm_reply(tBTA_DM_MSG* p_data) { 4209 if (p_data->confirm.accept) { 4210 BTM_BleConfirmReply(p_data->confirm.bd_addr, BTM_SUCCESS); 4211 } else { 4212 BTM_BleConfirmReply(p_data->ble_passkey_reply.bd_addr, BTM_NOT_AUTHORIZED); 4213 } 4214 } 4215 4216 /******************************************************************************* 4217 * 4218 * Function bta_dm_security_grant 4219 * 4220 * Description This function grant SMP security request access. 4221 * 4222 * Parameters: 4223 * 4224 ******************************************************************************/ 4225 void bta_dm_security_grant(tBTA_DM_MSG* p_data) { 4226 BTM_SecurityGrant(p_data->ble_sec_grant.bd_addr, p_data->ble_sec_grant.res); 4227 } 4228 4229 /******************************************************************************* 4230 * 4231 * Function bta_dm_ble_set_bg_conn_type 4232 * 4233 * Description This function set the BLE background connection type 4234 * 4235 * Parameters: 4236 * 4237 ******************************************************************************/ 4238 void bta_dm_ble_set_bg_conn_type(tBTA_DM_MSG* p_data) { 4239 BTM_BleStartAutoConn(); 4240 } 4241 4242 /******************************************************************************* 4243 * 4244 * Function bta_dm_ble_set_conn_params 4245 * 4246 * Description This function set the preferred connection parameters. 4247 * 4248 * Parameters: 4249 * 4250 ******************************************************************************/ 4251 void bta_dm_ble_set_conn_params(tBTA_DM_MSG* p_data) { 4252 BTM_BleSetPrefConnParams(p_data->ble_set_conn_params.peer_bda, 4253 p_data->ble_set_conn_params.conn_int_min, 4254 p_data->ble_set_conn_params.conn_int_max, 4255 p_data->ble_set_conn_params.slave_latency, 4256 p_data->ble_set_conn_params.supervision_tout); 4257 } 4258 4259 /******************************************************************************* 4260 * 4261 * Function bta_dm_ble_set_conn_scan_params 4262 * 4263 * Description This function set the preferred connection scan parameters. 4264 * 4265 * Parameters: 4266 * 4267 ******************************************************************************/ 4268 void bta_dm_ble_set_conn_scan_params(tBTA_DM_MSG* p_data) { 4269 BTM_BleSetConnScanParams(p_data->ble_set_conn_scan_params.scan_int, 4270 p_data->ble_set_conn_scan_params.scan_window); 4271 } 4272 /******************************************************************************* 4273 * 4274 * Function bta_dm_ble_update_conn_params 4275 * 4276 * Description This function update LE connection parameters. 4277 * 4278 * Parameters: 4279 * 4280 ******************************************************************************/ 4281 void bta_dm_ble_update_conn_params(tBTA_DM_MSG* p_data) { 4282 if (!L2CA_UpdateBleConnParams(p_data->ble_update_conn_params.bd_addr, 4283 p_data->ble_update_conn_params.min_int, 4284 p_data->ble_update_conn_params.max_int, 4285 p_data->ble_update_conn_params.latency, 4286 p_data->ble_update_conn_params.timeout)) { 4287 APPL_TRACE_ERROR("Update connection parameters failed!"); 4288 } 4289 } 4290 4291 #if (BLE_PRIVACY_SPT == TRUE) 4292 /******************************************************************************* 4293 * 4294 * Function bta_dm_ble_config_local_privacy 4295 * 4296 * Description This function set the local device LE privacy settings. 4297 * 4298 * Parameters: 4299 * 4300 ******************************************************************************/ 4301 void bta_dm_ble_config_local_privacy(tBTA_DM_MSG* p_data) { 4302 BTM_BleConfigPrivacy(p_data->ble_local_privacy.privacy_enable); 4303 } 4304 #endif 4305 4306 /******************************************************************************* 4307 * 4308 * Function bta_dm_ble_observe 4309 * 4310 * Description This function set the preferred connection scan parameters. 4311 * 4312 * Parameters: 4313 * 4314 ******************************************************************************/ 4315 void bta_dm_ble_observe(tBTA_DM_MSG* p_data) { 4316 tBTM_STATUS status; 4317 if (p_data->ble_observe.start) { 4318 /*Save the callback to be called when a scan results are available */ 4319 bta_dm_search_cb.p_scan_cback = p_data->ble_observe.p_cback; 4320 status = BTM_BleObserve(true, p_data->ble_observe.duration, 4321 bta_dm_observe_results_cb, bta_dm_observe_cmpl_cb); 4322 if (status != BTM_CMD_STARTED) { 4323 tBTA_DM_SEARCH data; 4324 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__, 4325 status); 4326 data.inq_cmpl.num_resps = 0; 4327 if (bta_dm_search_cb.p_scan_cback) { 4328 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data); 4329 } 4330 } 4331 } else { 4332 bta_dm_search_cb.p_scan_cback = NULL; 4333 BTM_BleObserve(false, 0, NULL, NULL); 4334 } 4335 } 4336 /******************************************************************************* 4337 * 4338 * Function bta_dm_ble_set_adv_params 4339 * 4340 * Description This function set the adv parameters. 4341 * 4342 * Parameters: 4343 * 4344 ******************************************************************************/ 4345 void bta_dm_ble_set_adv_params(uint16_t adv_int_min, uint16_t adv_int_max, 4346 tBLE_BD_ADDR* p_dir_bda) { 4347 BTM_BleSetAdvParams(adv_int_min, adv_int_max, p_dir_bda, 4348 BTA_DM_BLE_ADV_CHNL_MAP); 4349 } 4350 4351 /******************************************************************************* 4352 * 4353 * Function bta_dm_ble_set_data_length 4354 * 4355 * Description This function set the maximum transmission packet size 4356 * 4357 * Parameters 4358 * 4359 ******************************************************************************/ 4360 void bta_dm_ble_set_data_length(tBTA_DM_MSG* p_data) { 4361 if (BTM_SetBleDataLength(p_data->ble_set_data_length.remote_bda, 4362 p_data->ble_set_data_length.tx_data_length) != 4363 BTM_SUCCESS) { 4364 APPL_TRACE_ERROR("%s failed", __func__); 4365 } 4366 } 4367 4368 /******************************************************************************* 4369 * 4370 * Function bta_ble_enable_scan_cmpl 4371 * 4372 * Description ADV payload filtering enable / disable complete callback 4373 * 4374 * 4375 * Returns None 4376 * 4377 ******************************************************************************/ 4378 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time, 4379 tBTM_BLE_RX_TIME_MS rx_time, 4380 tBTM_BLE_IDLE_TIME_MS idle_time, 4381 tBTM_BLE_ENERGY_USED energy_used, 4382 tBTM_STATUS status) { 4383 tBTA_STATUS st = (status == BTM_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE; 4384 tBTA_DM_CONTRL_STATE ctrl_state = 0; 4385 4386 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state(); 4387 4388 if (bta_dm_cb.p_energy_info_cback) 4389 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used, 4390 ctrl_state, st); 4391 } 4392 4393 /******************************************************************************* 4394 * 4395 * Function bta_dm_ble_get_energy_info 4396 * 4397 * Description This function obtains the energy info 4398 * 4399 * Parameters: 4400 * 4401 ******************************************************************************/ 4402 void bta_dm_ble_get_energy_info(tBTA_DM_MSG* p_data) { 4403 tBTM_STATUS btm_status = 0; 4404 4405 bta_dm_cb.p_energy_info_cback = p_data->ble_energy_info.p_energy_info_cback; 4406 btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl); 4407 if (BTM_CMD_STARTED != btm_status) 4408 bta_ble_energy_info_cmpl(0, 0, 0, 0, btm_status); 4409 } 4410 4411 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT 4412 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000 4413 #endif 4414 4415 /******************************************************************************* 4416 * 4417 * Function bta_dm_gattc_register 4418 * 4419 * Description Register with GATTC in DM if BLE is needed. 4420 * 4421 * 4422 * Returns void 4423 * 4424 ******************************************************************************/ 4425 static void bta_dm_gattc_register(void) { 4426 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) { 4427 BTA_GATTC_AppRegister(bta_dm_gattc_callback, 4428 base::Bind([](uint8_t client_id, uint8_t status) { 4429 if (status == BTA_GATT_OK) 4430 bta_dm_search_cb.client_if = client_id; 4431 else 4432 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF; 4433 4434 })); 4435 } 4436 } 4437 4438 /******************************************************************************* 4439 * 4440 * Function btm_dm_start_disc_gatt_services 4441 * 4442 * Description This function starts a GATT service search request. 4443 * 4444 * Parameters: 4445 * 4446 ******************************************************************************/ 4447 static void btm_dm_start_disc_gatt_services(uint16_t conn_id) { 4448 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid - 4449 bta_dm_search_cb.uuid_to_search; 4450 4451 p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid - 4452 bta_dm_search_cb.uuid_to_search; 4453 4454 /* always search for all services */ 4455 BTA_GATTC_ServiceSearchRequest(conn_id, p_uuid); 4456 } 4457 4458 /******************************************************************************* 4459 * 4460 * Function bta_dm_gatt_disc_result 4461 * 4462 * Description This function process the GATT service search result. 4463 * 4464 * Parameters: 4465 * 4466 ******************************************************************************/ 4467 static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) { 4468 tBTA_DM_SEARCH result; 4469 4470 /* 4471 * This logic will not work for gatt case. We are checking against the 4472 * bluetooth profiles here 4473 * just copy the GATTID in raw data field and send it across. 4474 */ 4475 4476 if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) < 4477 bta_dm_search_cb.ble_raw_size) { 4478 APPL_TRACE_DEBUG( 4479 "ADDING BLE SERVICE uuid=0x%x, ble_ptr = 0x%x, ble_raw_used = 0x%x", 4480 service_id.uuid.uu.uuid16, bta_dm_search_cb.p_ble_rawdata, 4481 bta_dm_search_cb.ble_raw_used); 4482 4483 if (bta_dm_search_cb.p_ble_rawdata) { 4484 memcpy((bta_dm_search_cb.p_ble_rawdata + bta_dm_search_cb.ble_raw_used), 4485 &service_id, sizeof(service_id)); 4486 4487 bta_dm_search_cb.ble_raw_used += sizeof(service_id); 4488 } else { 4489 APPL_TRACE_ERROR("p_ble_rawdata is NULL"); 4490 } 4491 4492 } else { 4493 APPL_TRACE_ERROR( 4494 "%s out of room to accomodate more service ids ble_raw_size = %d " 4495 "ble_raw_used = %d", 4496 __func__, bta_dm_search_cb.ble_raw_size, bta_dm_search_cb.ble_raw_used); 4497 } 4498 4499 LOG_INFO(LOG_TAG, "%s service_id_uuid_len=%d ", __func__, 4500 service_id.uuid.len); 4501 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) { 4502 /* send result back to app now, one by one */ 4503 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 4504 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(), 4505 BD_NAME_LEN); 4506 memcpy(&result.disc_ble_res.service, &service_id.uuid, sizeof(tBT_UUID)); 4507 4508 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result); 4509 } 4510 } 4511 4512 /******************************************************************************* 4513 * 4514 * Function bta_dm_gatt_disc_complete 4515 * 4516 * Description This function process the GATT service search complete. 4517 * 4518 * Parameters: 4519 * 4520 ******************************************************************************/ 4521 static void bta_dm_gatt_disc_complete(uint16_t conn_id, 4522 tBTA_GATT_STATUS status) { 4523 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id); 4524 4525 if (bta_dm_search_cb.uuid_to_search > 0) bta_dm_search_cb.uuid_to_search--; 4526 4527 if (status == BTA_GATT_OK && bta_dm_search_cb.uuid_to_search > 0) { 4528 btm_dm_start_disc_gatt_services(conn_id); 4529 } else { 4530 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG)); 4531 4532 bta_dm_search_cb.uuid_to_search = 0; 4533 4534 /* no more services to be discovered */ 4535 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT; 4536 p_msg->disc_result.result.disc_res.result = 4537 (status == BTA_GATT_OK) ? BTA_SUCCESS : BTA_FAILURE; 4538 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__, 4539 bta_dm_search_cb.services_found); 4540 p_msg->disc_result.result.disc_res.services = 4541 bta_dm_search_cb.services_found; 4542 p_msg->disc_result.result.disc_res.num_uuids = 0; 4543 p_msg->disc_result.result.disc_res.p_uuid_list = NULL; 4544 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr; 4545 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name, 4546 bta_dm_get_remname(), BD_NAME_LEN); 4547 4548 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE; 4549 if (bta_dm_search_cb.ble_raw_used > 0) { 4550 p_msg->disc_result.result.disc_res.p_raw_data = 4551 (uint8_t*)osi_malloc(bta_dm_search_cb.ble_raw_used); 4552 4553 memcpy(p_msg->disc_result.result.disc_res.p_raw_data, 4554 bta_dm_search_cb.p_ble_rawdata, bta_dm_search_cb.ble_raw_used); 4555 4556 p_msg->disc_result.result.disc_res.raw_data_size = 4557 bta_dm_search_cb.ble_raw_used; 4558 } else { 4559 p_msg->disc_result.result.disc_res.p_raw_data = NULL; 4560 bta_dm_search_cb.p_ble_rawdata = 0; 4561 } 4562 4563 bta_sys_sendmsg(p_msg); 4564 4565 if (conn_id != BTA_GATT_INVALID_CONN_ID) { 4566 /* start a GATT channel close delay timer */ 4567 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer, 4568 BTA_DM_GATT_CLOSE_DELAY_TOUT, 4569 BTA_DM_DISC_CLOSE_TOUT_EVT, 0); 4570 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr; 4571 } 4572 bta_dm_search_cb.gatt_disc_active = false; 4573 } 4574 } 4575 4576 /******************************************************************************* 4577 * 4578 * Function bta_dm_close_gatt_conn 4579 * 4580 * Description This function close the GATT connection after delay 4581 *timeout. 4582 * 4583 * Parameters: 4584 * 4585 ******************************************************************************/ 4586 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) { 4587 if (bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID) 4588 BTA_GATTC_Close(bta_dm_search_cb.conn_id); 4589 4590 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty; 4591 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID; 4592 } 4593 /******************************************************************************* 4594 * 4595 * Function btm_dm_start_gatt_discovery 4596 * 4597 * Description This is GATT initiate the service search by open a GATT 4598 * connection first. 4599 * 4600 * Parameters: 4601 * 4602 ******************************************************************************/ 4603 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) { 4604 bta_dm_search_cb.gatt_disc_active = true; 4605 4606 /* connection is already open */ 4607 if (bta_dm_search_cb.pending_close_bda == bd_addr && 4608 bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID) { 4609 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty; 4610 alarm_cancel(bta_dm_search_cb.gatt_close_timer); 4611 btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id); 4612 } else { 4613 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) { 4614 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true, 4615 BTA_GATT_TRANSPORT_LE, true); 4616 } else { 4617 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true, 4618 BTA_GATT_TRANSPORT_LE, false); 4619 } 4620 } 4621 } 4622 4623 /******************************************************************************* 4624 * 4625 * Function bta_dm_cancel_gatt_discovery 4626 * 4627 * Description This is GATT cancel the GATT service search. 4628 * 4629 * Parameters: 4630 * 4631 ******************************************************************************/ 4632 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) { 4633 if (bta_dm_search_cb.conn_id == BTA_GATT_INVALID_CONN_ID) { 4634 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true); 4635 } 4636 4637 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id, 4638 (tBTA_GATT_STATUS)BTA_GATT_ERROR); 4639 } 4640 4641 /******************************************************************************* 4642 * 4643 * Function bta_dm_proc_open_evt 4644 * 4645 * Description process BTA_GATTC_OPEN_EVT in DM. 4646 * 4647 * Parameters: 4648 * 4649 ******************************************************************************/ 4650 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) { 4651 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state 4652 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr 4653 << " connected_bda=" << p_data->remote_bda.address; 4654 4655 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d", 4656 p_data->conn_id, p_data->client_if, p_data->status); 4657 4658 bta_dm_search_cb.conn_id = p_data->conn_id; 4659 4660 if (p_data->status == BTA_GATT_OK) { 4661 btm_dm_start_disc_gatt_services(p_data->conn_id); 4662 } else { 4663 bta_dm_gatt_disc_complete(BTA_GATT_INVALID_CONN_ID, p_data->status); 4664 } 4665 } 4666 4667 /******************************************************************************* 4668 * 4669 * Function bta_dm_gattc_callback 4670 * 4671 * Description This is GATT client callback function used in DM. 4672 * 4673 * Parameters: 4674 * 4675 ******************************************************************************/ 4676 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) { 4677 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event); 4678 4679 switch (event) { 4680 case BTA_GATTC_OPEN_EVT: 4681 bta_dm_proc_open_evt(&p_data->open); 4682 break; 4683 4684 case BTA_GATTC_SEARCH_RES_EVT: 4685 bta_dm_gatt_disc_result(p_data->srvc_res.service_uuid); 4686 break; 4687 4688 case BTA_GATTC_SEARCH_CMPL_EVT: 4689 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) 4690 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id, 4691 p_data->search_cmpl.status); 4692 break; 4693 4694 case BTA_GATTC_CLOSE_EVT: 4695 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason); 4696 /* in case of disconnect before search is completed */ 4697 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) && 4698 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) && 4699 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) { 4700 bta_dm_gatt_disc_complete((uint16_t)BTA_GATT_INVALID_CONN_ID, 4701 (tBTA_GATT_STATUS)BTA_GATT_ERROR); 4702 } 4703 break; 4704 4705 default: 4706 break; 4707 } 4708 } 4709 4710 #if (BLE_VND_INCLUDED == TRUE) 4711 /******************************************************************************* 4712 * 4713 * Function bta_dm_ctrl_features_rd_cmpl_cback 4714 * 4715 * Description callback to handle controller feature read complete 4716 * 4717 * Parameters: 4718 * 4719 ******************************************************************************/ 4720 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result) { 4721 APPL_TRACE_DEBUG("%s status = %d ", __func__, result); 4722 if (result == BTM_SUCCESS) { 4723 if (bta_dm_cb.p_sec_cback) 4724 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL); 4725 } else { 4726 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__, 4727 result); 4728 } 4729 } 4730 #endif /* BLE_VND_INCLUDED */ 4731