1 /****************************************************************************** 2 * 3 * Copyright 2000-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /***************************************************************************** 20 * 21 * Name: btm_acl.cc 22 * 23 * Description: This file contains functions that handle ACL connections. 24 * This includes operations such as hold and sniff modes, 25 * supported packet types. 26 * 27 * This module contains both internal and external (API) 28 * functions. External (API) functions are distinguishable 29 * by their names beginning with uppercase BTM. 30 * 31 * 32 *****************************************************************************/ 33 34 #define LOG_TAG "btm_acl" 35 36 #include <stddef.h> 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <string.h> 40 41 #include "bt_common.h" 42 #include "bt_target.h" 43 #include "bt_types.h" 44 #include "bt_utils.h" 45 #include "btm_api.h" 46 #include "btm_int.h" 47 #include "btu.h" 48 #include "device/include/controller.h" 49 #include "device/include/interop.h" 50 #include "hcidefs.h" 51 #include "hcimsgs.h" 52 #include "l2c_int.h" 53 #include "osi/include/log.h" 54 #include "osi/include/osi.h" 55 56 static void btm_read_remote_features(uint16_t handle); 57 static void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number); 58 static void btm_process_remote_ext_features(tACL_CONN* p_acl_cb, 59 uint8_t num_read_pages); 60 61 /* 3 seconds timeout waiting for responses */ 62 #define BTM_DEV_REPLY_TIMEOUT_MS (3 * 1000) 63 64 /******************************************************************************* 65 * 66 * Function btm_acl_init 67 * 68 * Description This function is called at BTM startup to initialize 69 * 70 * Returns void 71 * 72 ******************************************************************************/ 73 void btm_acl_init(void) { 74 BTM_TRACE_DEBUG("btm_acl_init"); 75 /* Initialize nonzero defaults */ 76 btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT; 77 btm_cb.acl_disc_reason = 0xff; 78 } 79 80 /******************************************************************************* 81 * 82 * Function btm_bda_to_acl 83 * 84 * Description This function returns the FIRST acl_db entry for the passed 85 * BDA. 86 * 87 * Parameters bda : BD address of the remote device 88 * transport : Physical transport used for ACL connection 89 * (BR/EDR or LE) 90 * 91 * Returns Returns pointer to the ACL DB for the requested BDA if found. 92 * NULL if not found. 93 * 94 ******************************************************************************/ 95 tACL_CONN* btm_bda_to_acl(const RawAddress& bda, tBT_TRANSPORT transport) { 96 tACL_CONN* p = &btm_cb.acl_db[0]; 97 uint16_t xx; 98 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) { 99 if ((p->in_use) && p->remote_addr == bda && p->transport == transport) { 100 BTM_TRACE_DEBUG("btm_bda_to_acl found"); 101 return (p); 102 } 103 } 104 105 /* If here, no BD Addr found */ 106 return ((tACL_CONN*)NULL); 107 } 108 109 /******************************************************************************* 110 * 111 * Function btm_handle_to_acl_index 112 * 113 * Description This function returns the FIRST acl_db entry for the passed 114 * hci_handle. 115 * 116 * Returns index to the acl_db or MAX_L2CAP_LINKS. 117 * 118 ******************************************************************************/ 119 uint8_t btm_handle_to_acl_index(uint16_t hci_handle) { 120 tACL_CONN* p = &btm_cb.acl_db[0]; 121 uint8_t xx; 122 BTM_TRACE_DEBUG("btm_handle_to_acl_index"); 123 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) { 124 if ((p->in_use) && (p->hci_handle == hci_handle)) { 125 break; 126 } 127 } 128 129 /* If here, no BD Addr found */ 130 return (xx); 131 } 132 133 #if (BLE_PRIVACY_SPT == TRUE) 134 /******************************************************************************* 135 * 136 * Function btm_ble_get_acl_remote_addr 137 * 138 * Description This function reads the active remote address used for the 139 * connection. 140 * 141 * Returns success return true, otherwise false. 142 * 143 ******************************************************************************/ 144 bool btm_ble_get_acl_remote_addr(tBTM_SEC_DEV_REC* p_dev_rec, 145 RawAddress& conn_addr, 146 tBLE_ADDR_TYPE* p_addr_type) { 147 bool st = true; 148 149 if (p_dev_rec == NULL) { 150 BTM_TRACE_ERROR("%s can not find device with matching address", __func__); 151 return false; 152 } 153 154 switch (p_dev_rec->ble.active_addr_type) { 155 case BTM_BLE_ADDR_PSEUDO: 156 conn_addr = p_dev_rec->bd_addr; 157 *p_addr_type = p_dev_rec->ble.ble_addr_type; 158 break; 159 160 case BTM_BLE_ADDR_RRA: 161 conn_addr = p_dev_rec->ble.cur_rand_addr; 162 *p_addr_type = BLE_ADDR_RANDOM; 163 break; 164 165 case BTM_BLE_ADDR_STATIC: 166 conn_addr = p_dev_rec->ble.static_addr; 167 *p_addr_type = p_dev_rec->ble.static_addr_type; 168 break; 169 170 default: 171 BTM_TRACE_ERROR("Unknown active address: %d", 172 p_dev_rec->ble.active_addr_type); 173 st = false; 174 break; 175 } 176 177 return st; 178 } 179 #endif 180 /******************************************************************************* 181 * 182 * Function btm_acl_created 183 * 184 * Description This function is called by L2CAP when an ACL connection 185 * is created. 186 * 187 * Returns void 188 * 189 ******************************************************************************/ 190 void btm_acl_created(const RawAddress& bda, DEV_CLASS dc, BD_NAME bdn, 191 uint16_t hci_handle, uint8_t link_role, 192 tBT_TRANSPORT transport) { 193 tBTM_SEC_DEV_REC* p_dev_rec = NULL; 194 tACL_CONN* p; 195 uint8_t xx; 196 197 BTM_TRACE_DEBUG("%s: peer %s hci_handle=%d link_role=%d transport=%d", 198 __func__, bda.ToString().c_str(), hci_handle, link_role, 199 transport); 200 /* Ensure we don't have duplicates */ 201 p = btm_bda_to_acl(bda, transport); 202 if (p != (tACL_CONN*)NULL) { 203 p->hci_handle = hci_handle; 204 p->link_role = link_role; 205 p->transport = transport; 206 VLOG(1) << "Duplicate btm_acl_created: RemBdAddr: " << bda; 207 BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy); 208 return; 209 } 210 211 /* Allocate acl_db entry */ 212 for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++) { 213 if (!p->in_use) { 214 p->in_use = true; 215 p->hci_handle = hci_handle; 216 p->link_role = link_role; 217 p->link_up_issued = false; 218 p->remote_addr = bda; 219 220 p->transport = transport; 221 #if (BLE_PRIVACY_SPT == TRUE) 222 if (transport == BT_TRANSPORT_LE) 223 btm_ble_refresh_local_resolvable_private_addr( 224 bda, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr); 225 #else 226 p->conn_addr_type = BLE_ADDR_PUBLIC; 227 p->conn_addr = *controller_get_interface()->get_address(); 228 229 #endif 230 p->switch_role_failed_attempts = 0; 231 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; 232 233 btm_pm_sm_alloc(xx); 234 235 if (dc) memcpy(p->remote_dc, dc, DEV_CLASS_LEN); 236 237 if (bdn) memcpy(p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN); 238 239 /* if BR/EDR do something more */ 240 if (transport == BT_TRANSPORT_BR_EDR) { 241 btsnd_hcic_read_rmt_clk_offset(p->hci_handle); 242 btsnd_hcic_rmt_ver_req(p->hci_handle); 243 } 244 p_dev_rec = btm_find_dev_by_handle(hci_handle); 245 246 if (p_dev_rec) { 247 BTM_TRACE_DEBUG("%s: peer %s device_type=0x%x", __func__, 248 bda.ToString().c_str(), p_dev_rec->device_type); 249 } 250 251 if (p_dev_rec && !(transport == BT_TRANSPORT_LE)) { 252 /* If remote features already known, copy them and continue connection 253 * setup */ 254 if ((p_dev_rec->num_read_pages) && 255 (p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1))) { 256 memcpy(p->peer_lmp_feature_pages, p_dev_rec->feature_pages, 257 (HCI_FEATURE_BYTES_PER_PAGE * p_dev_rec->num_read_pages)); 258 p->num_read_pages = p_dev_rec->num_read_pages; 259 260 const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND); 261 262 /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */ 263 btm_sec_set_peer_sec_caps(p, p_dev_rec); 264 265 BTM_TRACE_API("%s: pend:%d", __func__, req_pend); 266 if (req_pend) { 267 /* Request for remaining Security Features (if any) */ 268 l2cu_resubmit_pending_sec_req(&p_dev_rec->bd_addr); 269 } 270 btm_establish_continue(p); 271 return; 272 } 273 } 274 275 /* If here, features are not known yet */ 276 if (p_dev_rec && transport == BT_TRANSPORT_LE) { 277 #if (BLE_PRIVACY_SPT == TRUE) 278 btm_ble_get_acl_remote_addr(p_dev_rec, p->active_remote_addr, 279 &p->active_remote_addr_type); 280 #endif 281 282 if (HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED( 283 controller_get_interface()->get_features_ble()->as_array) || 284 link_role == HCI_ROLE_MASTER) { 285 btsnd_hcic_ble_read_remote_feat(p->hci_handle); 286 } else { 287 btm_establish_continue(p); 288 } 289 } 290 291 /* read page 1 - on rmt feature event for buffer reasons */ 292 return; 293 } 294 } 295 } 296 297 void btm_acl_update_conn_addr(uint16_t conn_handle, const RawAddress& address) { 298 uint8_t idx = btm_handle_to_acl_index(conn_handle); 299 if (idx != MAX_L2CAP_LINKS) { 300 btm_cb.acl_db[idx].conn_addr = address; 301 } 302 } 303 304 /******************************************************************************* 305 * 306 * Function btm_acl_report_role_change 307 * 308 * Description This function is called when the local device is deemed 309 * to be down. It notifies L2CAP of the failure. 310 * 311 * Returns void 312 * 313 ******************************************************************************/ 314 void btm_acl_report_role_change(uint8_t hci_status, const RawAddress* bda) { 315 tBTM_ROLE_SWITCH_CMPL ref_data; 316 BTM_TRACE_DEBUG("btm_acl_report_role_change"); 317 if (btm_cb.devcb.p_switch_role_cb && 318 (bda && btm_cb.devcb.switch_role_ref_data.remote_bd_addr == *bda)) { 319 memcpy(&ref_data, &btm_cb.devcb.switch_role_ref_data, 320 sizeof(tBTM_ROLE_SWITCH_CMPL)); 321 ref_data.hci_status = hci_status; 322 (*btm_cb.devcb.p_switch_role_cb)(&ref_data); 323 memset(&btm_cb.devcb.switch_role_ref_data, 0, 324 sizeof(tBTM_ROLE_SWITCH_CMPL)); 325 btm_cb.devcb.p_switch_role_cb = NULL; 326 } 327 } 328 329 /******************************************************************************* 330 * 331 * Function btm_acl_removed 332 * 333 * Description This function is called by L2CAP when an ACL connection 334 * is removed. Since only L2CAP creates ACL links, we use 335 * the L2CAP link index as our index into the control blocks. 336 * 337 * Returns void 338 * 339 ******************************************************************************/ 340 void btm_acl_removed(const RawAddress& bda, tBT_TRANSPORT transport) { 341 tACL_CONN* p; 342 tBTM_SEC_DEV_REC* p_dev_rec = NULL; 343 BTM_TRACE_DEBUG("btm_acl_removed"); 344 p = btm_bda_to_acl(bda, transport); 345 if (p != (tACL_CONN*)NULL) { 346 p->in_use = false; 347 348 /* if the disconnected channel has a pending role switch, clear it now */ 349 btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, &bda); 350 351 /* Only notify if link up has had a chance to be issued */ 352 if (p->link_up_issued) { 353 p->link_up_issued = false; 354 355 /* If anyone cares, indicate the database changed */ 356 if (btm_cb.p_bl_changed_cb) { 357 tBTM_BL_EVENT_DATA evt_data; 358 evt_data.event = BTM_BL_DISCN_EVT; 359 evt_data.discn.p_bda = &bda; 360 evt_data.discn.handle = p->hci_handle; 361 evt_data.discn.transport = p->transport; 362 (*btm_cb.p_bl_changed_cb)(&evt_data); 363 } 364 365 btm_acl_update_busy_level(BTM_BLI_ACL_DOWN_EVT); 366 } 367 368 BTM_TRACE_DEBUG( 369 "acl hci_handle=%d transport=%d connectable_mode=0x%0x link_role=%d", 370 p->hci_handle, p->transport, btm_cb.ble_ctr_cb.inq_var.connectable_mode, 371 p->link_role); 372 373 p_dev_rec = btm_find_dev(bda); 374 if (p_dev_rec) { 375 BTM_TRACE_DEBUG("before update p_dev_rec->sec_flags=0x%x", 376 p_dev_rec->sec_flags); 377 if (p->transport == BT_TRANSPORT_LE) { 378 BTM_TRACE_DEBUG("LE link down"); 379 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_ENCRYPTED | BTM_SEC_ROLE_SWITCHED); 380 if ((p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_KNOWN) == 0) { 381 BTM_TRACE_DEBUG("Not Bonded"); 382 p_dev_rec->sec_flags &= 383 ~(BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_LE_AUTHENTICATED); 384 } else { 385 BTM_TRACE_DEBUG("Bonded"); 386 } 387 } else { 388 BTM_TRACE_DEBUG("Bletooth link down"); 389 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED | 390 BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED); 391 } 392 BTM_TRACE_DEBUG("after update p_dev_rec->sec_flags=0x%x", 393 p_dev_rec->sec_flags); 394 } else { 395 BTM_TRACE_ERROR("Device not found"); 396 } 397 398 /* Clear the ACL connection data */ 399 memset(p, 0, sizeof(tACL_CONN)); 400 } 401 } 402 403 /******************************************************************************* 404 * 405 * Function btm_acl_device_down 406 * 407 * Description This function is called when the local device is deemed 408 * to be down. It notifies L2CAP of the failure. 409 * 410 * Returns void 411 * 412 ******************************************************************************/ 413 void btm_acl_device_down(void) { 414 tACL_CONN* p = &btm_cb.acl_db[0]; 415 uint16_t xx; 416 BTM_TRACE_DEBUG("btm_acl_device_down"); 417 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) { 418 if (p->in_use) { 419 BTM_TRACE_DEBUG("hci_handle=%d HCI_ERR_HW_FAILURE ", p->hci_handle); 420 l2c_link_hci_disc_comp(p->hci_handle, HCI_ERR_HW_FAILURE); 421 } 422 } 423 } 424 425 /******************************************************************************* 426 * 427 * Function btm_acl_update_busy_level 428 * 429 * Description This function is called to update the busy level of the 430 * system. 431 * 432 * Returns void 433 * 434 ******************************************************************************/ 435 void btm_acl_update_busy_level(tBTM_BLI_EVENT event) { 436 bool old_inquiry_state = btm_cb.is_inquiry; 437 tBTM_BL_UPDATE_DATA evt; 438 evt.busy_level_flags = 0; 439 switch (event) { 440 case BTM_BLI_ACL_UP_EVT: 441 BTM_TRACE_DEBUG("BTM_BLI_ACL_UP_EVT"); 442 break; 443 case BTM_BLI_ACL_DOWN_EVT: 444 BTM_TRACE_DEBUG("BTM_BLI_ACL_DOWN_EVT"); 445 break; 446 case BTM_BLI_PAGE_EVT: 447 BTM_TRACE_DEBUG("BTM_BLI_PAGE_EVT"); 448 btm_cb.is_paging = true; 449 evt.busy_level_flags = BTM_BL_PAGING_STARTED; 450 break; 451 case BTM_BLI_PAGE_DONE_EVT: 452 BTM_TRACE_DEBUG("BTM_BLI_PAGE_DONE_EVT"); 453 btm_cb.is_paging = false; 454 evt.busy_level_flags = BTM_BL_PAGING_COMPLETE; 455 break; 456 case BTM_BLI_INQ_EVT: 457 BTM_TRACE_DEBUG("BTM_BLI_INQ_EVT"); 458 btm_cb.is_inquiry = true; 459 evt.busy_level_flags = BTM_BL_INQUIRY_STARTED; 460 break; 461 case BTM_BLI_INQ_CANCEL_EVT: 462 BTM_TRACE_DEBUG("BTM_BLI_INQ_CANCEL_EVT"); 463 btm_cb.is_inquiry = false; 464 evt.busy_level_flags = BTM_BL_INQUIRY_CANCELLED; 465 break; 466 case BTM_BLI_INQ_DONE_EVT: 467 BTM_TRACE_DEBUG("BTM_BLI_INQ_DONE_EVT"); 468 btm_cb.is_inquiry = false; 469 evt.busy_level_flags = BTM_BL_INQUIRY_COMPLETE; 470 break; 471 } 472 473 uint8_t busy_level; 474 if (btm_cb.is_paging || btm_cb.is_inquiry) 475 busy_level = 10; 476 else 477 busy_level = BTM_GetNumAclLinks(); 478 479 if ((busy_level != btm_cb.busy_level) || 480 (old_inquiry_state != btm_cb.is_inquiry)) { 481 evt.event = BTM_BL_UPDATE_EVT; 482 evt.busy_level = busy_level; 483 btm_cb.busy_level = busy_level; 484 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK)) { 485 tBTM_BL_EVENT_DATA btm_bl_event_data; 486 btm_bl_event_data.update = evt; 487 (*btm_cb.p_bl_changed_cb)(&btm_bl_event_data); 488 } 489 } 490 } 491 492 /******************************************************************************* 493 * 494 * Function BTM_GetRole 495 * 496 * Description This function is called to get the role of the local device 497 * for the ACL connection with the specified remote device 498 * 499 * Returns BTM_SUCCESS if connection exists. 500 * BTM_UNKNOWN_ADDR if no active link with bd addr specified 501 * 502 ******************************************************************************/ 503 tBTM_STATUS BTM_GetRole(const RawAddress& remote_bd_addr, uint8_t* p_role) { 504 tACL_CONN* p; 505 BTM_TRACE_DEBUG("BTM_GetRole"); 506 p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR); 507 if (p == NULL) { 508 *p_role = BTM_ROLE_UNDEFINED; 509 return (BTM_UNKNOWN_ADDR); 510 } 511 512 /* Get the current role */ 513 *p_role = p->link_role; 514 return (BTM_SUCCESS); 515 } 516 517 /******************************************************************************* 518 * 519 * Function BTM_SwitchRole 520 * 521 * Description This function is called to switch role between master and 522 * slave. If role is already set it will do nothing. If the 523 * command was initiated, the callback function is called upon 524 * completion. 525 * 526 * Returns BTM_SUCCESS if already in specified role. 527 * BTM_CMD_STARTED if command issued to controller. 528 * BTM_NO_RESOURCES if couldn't allocate memory to issue 529 * command 530 * BTM_UNKNOWN_ADDR if no active link with bd addr specified 531 * BTM_MODE_UNSUPPORTED if local device does not support role 532 * switching 533 * BTM_BUSY if the previous command is not completed 534 * 535 ******************************************************************************/ 536 tBTM_STATUS BTM_SwitchRole(const RawAddress& remote_bd_addr, uint8_t new_role, 537 tBTM_CMPL_CB* p_cb) { 538 tACL_CONN* p; 539 tBTM_SEC_DEV_REC* p_dev_rec = NULL; 540 #if (BTM_SCO_INCLUDED == TRUE) 541 bool is_sco_active; 542 #endif 543 tBTM_STATUS status; 544 tBTM_PM_MODE pwr_mode; 545 tBTM_PM_PWR_MD settings; 546 547 LOG_INFO(LOG_TAG, "%s: peer %s new_role=0x%x p_cb=%p p_switch_role_cb=%p", 548 __func__, remote_bd_addr.ToString().c_str(), new_role, p_cb, 549 btm_cb.devcb.p_switch_role_cb); 550 551 /* Make sure the local device supports switching */ 552 if (!controller_get_interface()->supports_master_slave_role_switch()) 553 return (BTM_MODE_UNSUPPORTED); 554 555 if (btm_cb.devcb.p_switch_role_cb && p_cb) { 556 VLOG(2) << "Role switch on other device is in progress " 557 << btm_cb.devcb.switch_role_ref_data.remote_bd_addr; 558 return (BTM_BUSY); 559 } 560 561 p = btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR); 562 if (p == NULL) return (BTM_UNKNOWN_ADDR); 563 564 /* Finished if already in desired role */ 565 if (p->link_role == new_role) return (BTM_SUCCESS); 566 567 if (interop_match_addr(INTEROP_DISABLE_ROLE_SWITCH, &remote_bd_addr)) 568 return BTM_DEV_BLACKLISTED; 569 570 #if (BTM_SCO_INCLUDED == TRUE) 571 /* Check if there is any SCO Active on this BD Address */ 572 is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr); 573 574 if (is_sco_active) return (BTM_NO_RESOURCES); 575 #endif 576 577 /* Ignore role switch request if the previous request was not completed */ 578 if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE) { 579 BTM_TRACE_DEBUG("BTM_SwitchRole busy: %d", p->switch_role_state); 580 return (BTM_BUSY); 581 } 582 583 if (interop_match_addr(INTEROP_DYNAMIC_ROLE_SWITCH, &remote_bd_addr)) { 584 BTM_TRACE_DEBUG("%s, Device blacklisted under INTEROP_DYNAMIC_ROLE_SWITCH.", 585 __func__); 586 return BTM_DEV_BLACKLISTED; 587 } 588 589 status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode); 590 if (status != BTM_SUCCESS) return (status); 591 592 /* Wake up the link if in sniff or park before attempting switch */ 593 if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF) { 594 memset((void*)&settings, 0, sizeof(settings)); 595 settings.mode = BTM_PM_MD_ACTIVE; 596 status = BTM_SetPowerMode(BTM_PM_SET_ONLY_ID, p->remote_addr, &settings); 597 if (status != BTM_CMD_STARTED) return (BTM_WRONG_MODE); 598 599 p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE; 600 } 601 /* some devices do not support switch while encryption is on */ 602 else { 603 p_dev_rec = btm_find_dev(remote_bd_addr); 604 if ((p_dev_rec != NULL) && 605 ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) && 606 !BTM_EPR_AVAILABLE(p)) { 607 /* bypass turning off encryption if change link key is already doing it */ 608 if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF) { 609 btsnd_hcic_set_conn_encrypt(p->hci_handle, false); 610 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF; 611 } 612 613 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF; 614 } else { 615 btsnd_hcic_switch_role(remote_bd_addr, new_role); 616 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS; 617 618 #if (BTM_DISC_DURING_RS == TRUE) 619 if (p_dev_rec) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING; 620 #endif 621 } 622 } 623 624 /* Initialize return structure in case request fails */ 625 if (p_cb) { 626 btm_cb.devcb.switch_role_ref_data.remote_bd_addr = remote_bd_addr; 627 btm_cb.devcb.switch_role_ref_data.role = new_role; 628 /* initialized to an error code */ 629 btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE; 630 btm_cb.devcb.p_switch_role_cb = p_cb; 631 } 632 return (BTM_CMD_STARTED); 633 } 634 635 /******************************************************************************* 636 * 637 * Function btm_acl_encrypt_change 638 * 639 * Description This function is when encryption of the connection is 640 * completed by the LM. Checks to see if a role switch or 641 * change of link key was active and initiates or continues 642 * process if needed. 643 * 644 * Returns void 645 * 646 ******************************************************************************/ 647 void btm_acl_encrypt_change(uint16_t handle, uint8_t status, 648 uint8_t encr_enable) { 649 tACL_CONN* p; 650 uint8_t xx; 651 tBTM_SEC_DEV_REC* p_dev_rec; 652 653 BTM_TRACE_DEBUG("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d", 654 handle, status, encr_enable); 655 xx = btm_handle_to_acl_index(handle); 656 /* don't assume that we can never get a bad hci_handle */ 657 if (xx < MAX_L2CAP_LINKS) 658 p = &btm_cb.acl_db[xx]; 659 else 660 return; 661 662 /* Process Role Switch if active */ 663 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF) { 664 /* if encryption turn off failed we still will try to switch role */ 665 if (encr_enable) { 666 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; 667 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; 668 } else { 669 p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING; 670 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC; 671 } 672 673 btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role); 674 #if (BTM_DISC_DURING_RS == TRUE) 675 p_dev_rec = btm_find_dev(p->remote_addr); 676 if (p_dev_rec != NULL) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING; 677 #endif 678 679 } 680 /* Finished enabling Encryption after role switch */ 681 else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON) { 682 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; 683 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; 684 btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, 685 &p->remote_addr); 686 687 /* if role change event is registered, report it now */ 688 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) { 689 tBTM_BL_ROLE_CHG_DATA evt; 690 evt.event = BTM_BL_ROLE_CHG_EVT; 691 evt.new_role = btm_cb.devcb.switch_role_ref_data.role; 692 evt.p_bda = &btm_cb.devcb.switch_role_ref_data.remote_bd_addr; 693 evt.hci_status = btm_cb.devcb.switch_role_ref_data.hci_status; 694 tBTM_BL_EVENT_DATA btm_bl_event_data; 695 btm_bl_event_data.role_chg = evt; 696 (*btm_cb.p_bl_changed_cb)(&btm_bl_event_data); 697 698 BTM_TRACE_DEBUG( 699 "%s: Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d", 700 __func__, evt.new_role, evt.hci_status, p->switch_role_state); 701 } 702 703 #if (BTM_DISC_DURING_RS == TRUE) 704 /* If a disconnect is pending, issue it now that role switch has completed 705 */ 706 p_dev_rec = btm_find_dev(p->remote_addr); 707 if (p_dev_rec != NULL) { 708 if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) { 709 BTM_TRACE_WARNING( 710 "btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!"); 711 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER); 712 } 713 BTM_TRACE_ERROR( 714 "btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d", 715 PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending); 716 p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ 717 } 718 #endif 719 } 720 } 721 /******************************************************************************* 722 * 723 * Function BTM_SetLinkPolicy 724 * 725 * Description Create and send HCI "Write Policy Set" command 726 * 727 * Returns status of the operation 728 * 729 ******************************************************************************/ 730 tBTM_STATUS BTM_SetLinkPolicy(const RawAddress& remote_bda, 731 uint16_t* settings) { 732 tACL_CONN* p; 733 uint8_t* localFeatures = BTM_ReadLocalFeatures(); 734 BTM_TRACE_DEBUG("%s", __func__); 735 /* BTM_TRACE_API ("%s: requested settings: 0x%04x", __func__, *settings ); */ 736 737 /* First, check if hold mode is supported */ 738 if (*settings != HCI_DISABLE_ALL_LM_MODES) { 739 if ((*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && 740 (!HCI_SWITCH_SUPPORTED(localFeatures))) { 741 *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH); 742 BTM_TRACE_API("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)", 743 *settings); 744 } 745 if ((*settings & HCI_ENABLE_HOLD_MODE) && 746 (!HCI_HOLD_MODE_SUPPORTED(localFeatures))) { 747 *settings &= (~HCI_ENABLE_HOLD_MODE); 748 BTM_TRACE_API("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)", 749 *settings); 750 } 751 if ((*settings & HCI_ENABLE_SNIFF_MODE) && 752 (!HCI_SNIFF_MODE_SUPPORTED(localFeatures))) { 753 *settings &= (~HCI_ENABLE_SNIFF_MODE); 754 BTM_TRACE_API("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)", 755 *settings); 756 } 757 if ((*settings & HCI_ENABLE_PARK_MODE) && 758 (!HCI_PARK_MODE_SUPPORTED(localFeatures))) { 759 *settings &= (~HCI_ENABLE_PARK_MODE); 760 BTM_TRACE_API("BTM_SetLinkPolicy park not supported (settings: 0x%04x)", 761 *settings); 762 } 763 } 764 765 p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR); 766 if (p != NULL) { 767 btsnd_hcic_write_policy_set(p->hci_handle, *settings); 768 return BTM_CMD_STARTED; 769 } 770 771 /* If here, no BD Addr found */ 772 return (BTM_UNKNOWN_ADDR); 773 } 774 775 /******************************************************************************* 776 * 777 * Function BTM_SetDefaultLinkPolicy 778 * 779 * Description Set the default value for HCI "Write Policy Set" command 780 * to use when an ACL link is created. 781 * 782 * Returns void 783 * 784 ******************************************************************************/ 785 void BTM_SetDefaultLinkPolicy(uint16_t settings) { 786 uint8_t* localFeatures = BTM_ReadLocalFeatures(); 787 788 BTM_TRACE_DEBUG("BTM_SetDefaultLinkPolicy setting:0x%04x", settings); 789 790 if ((settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && 791 (!HCI_SWITCH_SUPPORTED(localFeatures))) { 792 settings &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH; 793 BTM_TRACE_DEBUG( 794 "BTM_SetDefaultLinkPolicy switch not supported (settings: 0x%04x)", 795 settings); 796 } 797 if ((settings & HCI_ENABLE_HOLD_MODE) && 798 (!HCI_HOLD_MODE_SUPPORTED(localFeatures))) { 799 settings &= ~HCI_ENABLE_HOLD_MODE; 800 BTM_TRACE_DEBUG( 801 "BTM_SetDefaultLinkPolicy hold not supported (settings: 0x%04x)", 802 settings); 803 } 804 if ((settings & HCI_ENABLE_SNIFF_MODE) && 805 (!HCI_SNIFF_MODE_SUPPORTED(localFeatures))) { 806 settings &= ~HCI_ENABLE_SNIFF_MODE; 807 BTM_TRACE_DEBUG( 808 "BTM_SetDefaultLinkPolicy sniff not supported (settings: 0x%04x)", 809 settings); 810 } 811 if ((settings & HCI_ENABLE_PARK_MODE) && 812 (!HCI_PARK_MODE_SUPPORTED(localFeatures))) { 813 settings &= ~HCI_ENABLE_PARK_MODE; 814 BTM_TRACE_DEBUG( 815 "BTM_SetDefaultLinkPolicy park not supported (settings: 0x%04x)", 816 settings); 817 } 818 BTM_TRACE_DEBUG("Set DefaultLinkPolicy:0x%04x", settings); 819 820 btm_cb.btm_def_link_policy = settings; 821 822 /* Set the default Link Policy of the controller */ 823 btsnd_hcic_write_def_policy_set(settings); 824 } 825 826 void btm_use_preferred_conn_params(const RawAddress& bda) { 827 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE); 828 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(bda); 829 830 /* If there are any preferred connection parameters, set them now */ 831 if ((p_dev_rec->conn_params.min_conn_int >= BTM_BLE_CONN_INT_MIN) && 832 (p_dev_rec->conn_params.min_conn_int <= BTM_BLE_CONN_INT_MAX) && 833 (p_dev_rec->conn_params.max_conn_int >= BTM_BLE_CONN_INT_MIN) && 834 (p_dev_rec->conn_params.max_conn_int <= BTM_BLE_CONN_INT_MAX) && 835 (p_dev_rec->conn_params.slave_latency <= BTM_BLE_CONN_LATENCY_MAX) && 836 (p_dev_rec->conn_params.supervision_tout >= BTM_BLE_CONN_SUP_TOUT_MIN) && 837 (p_dev_rec->conn_params.supervision_tout <= BTM_BLE_CONN_SUP_TOUT_MAX) && 838 ((p_lcb->min_interval < p_dev_rec->conn_params.min_conn_int && 839 p_dev_rec->conn_params.min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) || 840 (p_lcb->min_interval > p_dev_rec->conn_params.max_conn_int) || 841 (p_lcb->latency > p_dev_rec->conn_params.slave_latency) || 842 (p_lcb->timeout > p_dev_rec->conn_params.supervision_tout))) { 843 BTM_TRACE_DEBUG( 844 "%s: HANDLE=%d min_conn_int=%d max_conn_int=%d slave_latency=%d " 845 "supervision_tout=%d", 846 __func__, p_lcb->handle, p_dev_rec->conn_params.min_conn_int, 847 p_dev_rec->conn_params.max_conn_int, 848 p_dev_rec->conn_params.slave_latency, 849 p_dev_rec->conn_params.supervision_tout); 850 851 p_lcb->min_interval = p_dev_rec->conn_params.min_conn_int; 852 p_lcb->max_interval = p_dev_rec->conn_params.max_conn_int; 853 p_lcb->timeout = p_dev_rec->conn_params.supervision_tout; 854 p_lcb->latency = p_dev_rec->conn_params.slave_latency; 855 856 btsnd_hcic_ble_upd_ll_conn_params( 857 p_lcb->handle, p_dev_rec->conn_params.min_conn_int, 858 p_dev_rec->conn_params.max_conn_int, 859 p_dev_rec->conn_params.slave_latency, 860 p_dev_rec->conn_params.supervision_tout, 0, 0); 861 } 862 } 863 864 /******************************************************************************* 865 * 866 * Function btm_read_remote_version_complete 867 * 868 * Description This function is called when the command complete message 869 * is received from the HCI for the remote version info. 870 * 871 * Returns void 872 * 873 ******************************************************************************/ 874 void btm_read_remote_version_complete(uint8_t* p) { 875 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0]; 876 uint8_t status; 877 uint16_t handle; 878 int xx; 879 BTM_TRACE_DEBUG("btm_read_remote_version_complete"); 880 881 STREAM_TO_UINT8(status, p); 882 STREAM_TO_UINT16(handle, p); 883 884 /* Look up the connection by handle and copy features */ 885 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) { 886 if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) { 887 if (status == HCI_SUCCESS) { 888 STREAM_TO_UINT8(p_acl_cb->lmp_version, p); 889 STREAM_TO_UINT16(p_acl_cb->manufacturer, p); 890 STREAM_TO_UINT16(p_acl_cb->lmp_subversion, p); 891 892 if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR) { 893 btm_read_remote_features(p_acl_cb->hci_handle); 894 } 895 } 896 897 if (p_acl_cb->transport == BT_TRANSPORT_LE) { 898 l2cble_notify_le_connection(p_acl_cb->remote_addr); 899 btm_use_preferred_conn_params(p_acl_cb->remote_addr); 900 } 901 break; 902 } 903 } 904 } 905 906 /******************************************************************************* 907 * 908 * Function btm_process_remote_ext_features 909 * 910 * Description Local function called to process all extended features pages 911 * read from a remote device. 912 * 913 * Returns void 914 * 915 ******************************************************************************/ 916 void btm_process_remote_ext_features(tACL_CONN* p_acl_cb, 917 uint8_t num_read_pages) { 918 uint16_t handle = p_acl_cb->hci_handle; 919 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(handle); 920 uint8_t page_idx; 921 922 BTM_TRACE_DEBUG("btm_process_remote_ext_features"); 923 924 /* Make sure we have the record to save remote features information */ 925 if (p_dev_rec == NULL) { 926 /* Get a new device; might be doing dedicated bonding */ 927 p_dev_rec = btm_find_or_alloc_dev(p_acl_cb->remote_addr); 928 } 929 930 p_acl_cb->num_read_pages = num_read_pages; 931 p_dev_rec->num_read_pages = num_read_pages; 932 933 /* Move the pages to placeholder */ 934 for (page_idx = 0; page_idx < num_read_pages; page_idx++) { 935 if (page_idx > HCI_EXT_FEATURES_PAGE_MAX) { 936 BTM_TRACE_ERROR("%s: page=%d unexpected", __func__, page_idx); 937 break; 938 } 939 memcpy(p_dev_rec->feature_pages[page_idx], 940 p_acl_cb->peer_lmp_feature_pages[page_idx], 941 HCI_FEATURE_BYTES_PER_PAGE); 942 } 943 944 if (!(p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) || 945 p_dev_rec->is_originator) { 946 BTM_TRACE_DEBUG("%s: Calling Next Security Procedure", __func__); 947 uint8_t status = btm_sec_execute_procedure(p_dev_rec); 948 if (status != BTM_CMD_STARTED) { 949 BTM_TRACE_ERROR("%s: Security procedure not started! status %d", __func__, 950 status); 951 btm_sec_dev_rec_cback_event(p_dev_rec, status, false); 952 } 953 } 954 const uint8_t req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND); 955 956 /* Store the Peer Security Capabilites (in SM4 and rmt_sec_caps) */ 957 btm_sec_set_peer_sec_caps(p_acl_cb, p_dev_rec); 958 959 BTM_TRACE_API("%s: pend:%d", __func__, req_pend); 960 if (req_pend) { 961 /* Request for remaining Security Features (if any) */ 962 l2cu_resubmit_pending_sec_req(&p_dev_rec->bd_addr); 963 } 964 } 965 966 /******************************************************************************* 967 * 968 * Function btm_read_remote_features 969 * 970 * Description Local function called to send a read remote supported 971 * features/remote extended features page[0]. 972 * 973 * Returns void 974 * 975 ******************************************************************************/ 976 void btm_read_remote_features(uint16_t handle) { 977 uint8_t acl_idx; 978 tACL_CONN* p_acl_cb; 979 980 BTM_TRACE_DEBUG("btm_read_remote_features() handle: %d", handle); 981 982 acl_idx = btm_handle_to_acl_index(handle); 983 if (acl_idx >= MAX_L2CAP_LINKS) { 984 BTM_TRACE_ERROR("btm_read_remote_features handle=%d invalid", handle); 985 return; 986 } 987 988 p_acl_cb = &btm_cb.acl_db[acl_idx]; 989 p_acl_cb->num_read_pages = 0; 990 memset(p_acl_cb->peer_lmp_feature_pages, 0, 991 sizeof(p_acl_cb->peer_lmp_feature_pages)); 992 993 /* first send read remote supported features HCI command */ 994 /* because we don't know whether the remote support extended feature command 995 */ 996 btsnd_hcic_rmt_features_req(handle); 997 } 998 999 /******************************************************************************* 1000 * 1001 * Function btm_read_remote_ext_features 1002 * 1003 * Description Local function called to send a read remote extended 1004 * features 1005 * 1006 * Returns void 1007 * 1008 ******************************************************************************/ 1009 void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number) { 1010 BTM_TRACE_DEBUG("btm_read_remote_ext_features() handle: %d page: %d", handle, 1011 page_number); 1012 1013 btsnd_hcic_rmt_ext_features(handle, page_number); 1014 } 1015 1016 /******************************************************************************* 1017 * 1018 * Function btm_read_remote_features_complete 1019 * 1020 * Description This function is called when the remote supported features 1021 * complete event is received from the HCI. 1022 * 1023 * Returns void 1024 * 1025 ******************************************************************************/ 1026 void btm_read_remote_features_complete(uint8_t* p) { 1027 tACL_CONN* p_acl_cb; 1028 uint8_t status; 1029 uint16_t handle; 1030 uint8_t acl_idx; 1031 1032 BTM_TRACE_DEBUG("btm_read_remote_features_complete"); 1033 STREAM_TO_UINT8(status, p); 1034 1035 if (status != HCI_SUCCESS) { 1036 BTM_TRACE_ERROR("btm_read_remote_features_complete failed (status 0x%02x)", 1037 status); 1038 return; 1039 } 1040 1041 STREAM_TO_UINT16(handle, p); 1042 1043 acl_idx = btm_handle_to_acl_index(handle); 1044 if (acl_idx >= MAX_L2CAP_LINKS) { 1045 BTM_TRACE_ERROR("btm_read_remote_features_complete handle=%d invalid", 1046 handle); 1047 return; 1048 } 1049 1050 p_acl_cb = &btm_cb.acl_db[acl_idx]; 1051 1052 /* Copy the received features page */ 1053 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[0], p, 1054 HCI_FEATURE_BYTES_PER_PAGE); 1055 1056 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0])) && 1057 (controller_get_interface() 1058 ->supports_reading_remote_extended_features())) { 1059 /* if the remote controller has extended features and local controller 1060 supports HCI_Read_Remote_Extended_Features command then start reading 1061 these feature starting with extended features page 1 */ 1062 BTM_TRACE_DEBUG("Start reading remote extended features"); 1063 btm_read_remote_ext_features(handle, 1); 1064 return; 1065 } 1066 1067 /* Remote controller has no extended features. Process remote controller 1068 supported features (features page 0). */ 1069 btm_process_remote_ext_features(p_acl_cb, 1); 1070 1071 /* Continue with HCI connection establishment */ 1072 btm_establish_continue(p_acl_cb); 1073 } 1074 1075 /******************************************************************************* 1076 * 1077 * Function btm_read_remote_ext_features_complete 1078 * 1079 * Description This function is called when the remote extended features 1080 * complete event is received from the HCI. 1081 * 1082 * Returns void 1083 * 1084 ******************************************************************************/ 1085 void btm_read_remote_ext_features_complete(uint8_t* p) { 1086 tACL_CONN* p_acl_cb; 1087 uint8_t page_num, max_page; 1088 uint16_t handle; 1089 uint8_t acl_idx; 1090 1091 BTM_TRACE_DEBUG("btm_read_remote_ext_features_complete"); 1092 1093 ++p; 1094 STREAM_TO_UINT16(handle, p); 1095 STREAM_TO_UINT8(page_num, p); 1096 STREAM_TO_UINT8(max_page, p); 1097 1098 /* Validate parameters */ 1099 acl_idx = btm_handle_to_acl_index(handle); 1100 if (acl_idx >= MAX_L2CAP_LINKS) { 1101 BTM_TRACE_ERROR("btm_read_remote_ext_features_complete handle=%d invalid", 1102 handle); 1103 return; 1104 } 1105 1106 if (max_page > HCI_EXT_FEATURES_PAGE_MAX) { 1107 BTM_TRACE_ERROR("btm_read_remote_ext_features_complete page=%d unknown", 1108 max_page); 1109 return; 1110 } 1111 1112 p_acl_cb = &btm_cb.acl_db[acl_idx]; 1113 1114 /* Copy the received features page */ 1115 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[page_num], p, 1116 HCI_FEATURE_BYTES_PER_PAGE); 1117 1118 /* If there is the next remote features page and 1119 * we have space to keep this page data - read this page */ 1120 if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX)) { 1121 page_num++; 1122 BTM_TRACE_DEBUG("BTM reads next remote extended features page (%d)", 1123 page_num); 1124 btm_read_remote_ext_features(handle, page_num); 1125 return; 1126 } 1127 1128 /* Reading of remote feature pages is complete */ 1129 BTM_TRACE_DEBUG("BTM reached last remote extended features page (%d)", 1130 page_num); 1131 1132 /* Process the pages */ 1133 btm_process_remote_ext_features(p_acl_cb, (uint8_t)(page_num + 1)); 1134 1135 /* Continue with HCI connection establishment */ 1136 btm_establish_continue(p_acl_cb); 1137 } 1138 1139 /******************************************************************************* 1140 * 1141 * Function btm_read_remote_ext_features_failed 1142 * 1143 * Description This function is called when the remote extended features 1144 * complete event returns a failed status. 1145 * 1146 * Returns void 1147 * 1148 ******************************************************************************/ 1149 void btm_read_remote_ext_features_failed(uint8_t status, uint16_t handle) { 1150 tACL_CONN* p_acl_cb; 1151 uint8_t acl_idx; 1152 1153 BTM_TRACE_WARNING( 1154 "btm_read_remote_ext_features_failed (status 0x%02x) for handle %d", 1155 status, handle); 1156 1157 acl_idx = btm_handle_to_acl_index(handle); 1158 if (acl_idx >= MAX_L2CAP_LINKS) { 1159 BTM_TRACE_ERROR("btm_read_remote_ext_features_failed handle=%d invalid", 1160 handle); 1161 return; 1162 } 1163 1164 p_acl_cb = &btm_cb.acl_db[acl_idx]; 1165 1166 /* Process supported features only */ 1167 btm_process_remote_ext_features(p_acl_cb, 1); 1168 1169 /* Continue HCI connection establishment */ 1170 btm_establish_continue(p_acl_cb); 1171 } 1172 1173 /******************************************************************************* 1174 * 1175 * Function btm_establish_continue 1176 * 1177 * Description This function is called when the command complete message 1178 * is received from the HCI for the read local link policy 1179 * request. 1180 * 1181 * Returns void 1182 * 1183 ******************************************************************************/ 1184 void btm_establish_continue(tACL_CONN* p_acl_cb) { 1185 tBTM_BL_EVENT_DATA evt_data; 1186 BTM_TRACE_DEBUG("btm_establish_continue"); 1187 #if (BTM_BYPASS_EXTRA_ACL_SETUP == FALSE) 1188 if (p_acl_cb->transport == BT_TRANSPORT_BR_EDR) { 1189 /* For now there are a some devices that do not like sending */ 1190 /* commands events and data at the same time. */ 1191 /* Set the packet types to the default allowed by the device */ 1192 btm_set_packet_types(p_acl_cb, btm_cb.btm_acl_pkt_types_supported); 1193 1194 if (btm_cb.btm_def_link_policy) 1195 BTM_SetLinkPolicy(p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy); 1196 } 1197 #endif 1198 if (p_acl_cb->link_up_issued) { 1199 BTM_TRACE_ERROR("%s: Already link is up ", __func__); 1200 return; 1201 } 1202 p_acl_cb->link_up_issued = true; 1203 1204 /* If anyone cares, tell him database changed */ 1205 if (btm_cb.p_bl_changed_cb) { 1206 evt_data.event = BTM_BL_CONN_EVT; 1207 evt_data.conn.p_bda = &p_acl_cb->remote_addr; 1208 evt_data.conn.p_bdn = p_acl_cb->remote_name; 1209 evt_data.conn.p_dc = p_acl_cb->remote_dc; 1210 evt_data.conn.p_features = p_acl_cb->peer_lmp_feature_pages[0]; 1211 evt_data.conn.handle = p_acl_cb->hci_handle; 1212 evt_data.conn.transport = p_acl_cb->transport; 1213 1214 (*btm_cb.p_bl_changed_cb)(&evt_data); 1215 } 1216 btm_acl_update_busy_level(BTM_BLI_ACL_UP_EVT); 1217 } 1218 1219 /******************************************************************************* 1220 * 1221 * Function BTM_SetDefaultLinkSuperTout 1222 * 1223 * Description Set the default value for HCI "Write Link Supervision 1224 * Timeout" 1225 * command to use when an ACL link is created. 1226 * 1227 * Returns void 1228 * 1229 ******************************************************************************/ 1230 void BTM_SetDefaultLinkSuperTout(uint16_t timeout) { 1231 BTM_TRACE_DEBUG("BTM_SetDefaultLinkSuperTout"); 1232 btm_cb.btm_def_link_super_tout = timeout; 1233 } 1234 1235 /******************************************************************************* 1236 * 1237 * Function BTM_GetLinkSuperTout 1238 * 1239 * Description Read the link supervision timeout value of the connection 1240 * 1241 * Returns status of the operation 1242 * 1243 ******************************************************************************/ 1244 tBTM_STATUS BTM_GetLinkSuperTout(const RawAddress& remote_bda, 1245 uint16_t* p_timeout) { 1246 tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR); 1247 1248 BTM_TRACE_DEBUG("BTM_GetLinkSuperTout"); 1249 if (p != (tACL_CONN*)NULL) { 1250 *p_timeout = p->link_super_tout; 1251 return (BTM_SUCCESS); 1252 } 1253 /* If here, no BD Addr found */ 1254 return (BTM_UNKNOWN_ADDR); 1255 } 1256 1257 /******************************************************************************* 1258 * 1259 * Function BTM_SetLinkSuperTout 1260 * 1261 * Description Create and send HCI "Write Link Supervision Timeout" command 1262 * 1263 * Returns status of the operation 1264 * 1265 ******************************************************************************/ 1266 tBTM_STATUS BTM_SetLinkSuperTout(const RawAddress& remote_bda, 1267 uint16_t timeout) { 1268 tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR); 1269 1270 BTM_TRACE_DEBUG("BTM_SetLinkSuperTout"); 1271 if (p != (tACL_CONN*)NULL) { 1272 p->link_super_tout = timeout; 1273 1274 /* Only send if current role is Master; 2.0 spec requires this */ 1275 if (p->link_role == BTM_ROLE_MASTER) { 1276 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID, 1277 p->hci_handle, timeout); 1278 return (BTM_CMD_STARTED); 1279 } else { 1280 return (BTM_SUCCESS); 1281 } 1282 } 1283 1284 /* If here, no BD Addr found */ 1285 return (BTM_UNKNOWN_ADDR); 1286 } 1287 1288 /******************************************************************************* 1289 * 1290 * Function BTM_IsAclConnectionUp 1291 * 1292 * Description This function is called to check if an ACL connection exists 1293 * to a specific remote BD Address. 1294 * 1295 * Returns true if connection is up, else false. 1296 * 1297 ******************************************************************************/ 1298 bool BTM_IsAclConnectionUp(const RawAddress& remote_bda, 1299 tBT_TRANSPORT transport) { 1300 tACL_CONN* p; 1301 1302 VLOG(2) << __func__ << " RemBdAddr: " << remote_bda; 1303 1304 p = btm_bda_to_acl(remote_bda, transport); 1305 if (p != (tACL_CONN*)NULL) { 1306 return (true); 1307 } 1308 1309 /* If here, no BD Addr found */ 1310 return (false); 1311 } 1312 1313 /******************************************************************************* 1314 * 1315 * Function BTM_GetNumAclLinks 1316 * 1317 * Description This function is called to count the number of 1318 * ACL links that are active. 1319 * 1320 * Returns uint16_t Number of active ACL links 1321 * 1322 ******************************************************************************/ 1323 uint16_t BTM_GetNumAclLinks(void) { 1324 uint16_t num_acl = 0; 1325 1326 for (uint16_t i = 0; i < MAX_L2CAP_LINKS; ++i) { 1327 if (btm_cb.acl_db[i].in_use) ++num_acl; 1328 } 1329 1330 return num_acl; 1331 } 1332 1333 /******************************************************************************* 1334 * 1335 * Function btm_get_acl_disc_reason_code 1336 * 1337 * Description This function is called to get the disconnection reason code 1338 * returned by the HCI at disconnection complete event. 1339 * 1340 * Returns true if connection is up, else false. 1341 * 1342 ******************************************************************************/ 1343 uint16_t btm_get_acl_disc_reason_code(void) { 1344 uint8_t res = btm_cb.acl_disc_reason; 1345 BTM_TRACE_DEBUG("btm_get_acl_disc_reason_code"); 1346 return (res); 1347 } 1348 1349 /******************************************************************************* 1350 * 1351 * Function BTM_GetHCIConnHandle 1352 * 1353 * Description This function is called to get the handle for an ACL 1354 * connection to a specific remote BD Address. 1355 * 1356 * Returns the handle of the connection, or 0xFFFF if none. 1357 * 1358 ******************************************************************************/ 1359 uint16_t BTM_GetHCIConnHandle(const RawAddress& remote_bda, 1360 tBT_TRANSPORT transport) { 1361 tACL_CONN* p; 1362 BTM_TRACE_DEBUG("BTM_GetHCIConnHandle"); 1363 p = btm_bda_to_acl(remote_bda, transport); 1364 if (p != (tACL_CONN*)NULL) { 1365 return (p->hci_handle); 1366 } 1367 1368 /* If here, no BD Addr found */ 1369 return (0xFFFF); 1370 } 1371 1372 /******************************************************************************* 1373 * 1374 * Function btm_process_clk_off_comp_evt 1375 * 1376 * Description This function is called when clock offset command completes. 1377 * 1378 * Input Parms hci_handle - connection handle associated with the change 1379 * clock offset 1380 * 1381 * Returns void 1382 * 1383 ******************************************************************************/ 1384 void btm_process_clk_off_comp_evt(uint16_t hci_handle, uint16_t clock_offset) { 1385 uint8_t xx; 1386 BTM_TRACE_DEBUG("btm_process_clk_off_comp_evt"); 1387 /* Look up the connection by handle and set the current mode */ 1388 xx = btm_handle_to_acl_index(hci_handle); 1389 if (xx < MAX_L2CAP_LINKS) btm_cb.acl_db[xx].clock_offset = clock_offset; 1390 } 1391 1392 /******************************************************************************* 1393 * 1394 * Function btm_blacklist_role_change_device 1395 * 1396 * Description This function is used to blacklist the device if the role 1397 * switch fails for maximum number of times. It also removes 1398 * the device from the black list if the role switch succeeds. 1399 * 1400 * Input Parms bd_addr - remote BD addr 1401 * hci_status - role switch status 1402 * 1403 * Returns void 1404 * 1405 *******************************************************************************/ 1406 void btm_blacklist_role_change_device(const RawAddress& bd_addr, 1407 uint8_t hci_status) { 1408 tACL_CONN* p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR); 1409 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 1410 1411 if (!p || !p_dev_rec) { 1412 return; 1413 } 1414 if (hci_status == HCI_SUCCESS) { 1415 p->switch_role_failed_attempts = 0; 1416 return; 1417 } 1418 1419 /* check for carkits */ 1420 const uint32_t cod_audio_device = 1421 (BTM_COD_SERVICE_AUDIO | BTM_COD_MAJOR_AUDIO) << 8; 1422 const uint32_t cod = 1423 ((p_dev_rec->dev_class[0] << 16) | (p_dev_rec->dev_class[1] << 8) | 1424 p_dev_rec->dev_class[2]) & 1425 0xffffff; 1426 if ((hci_status != HCI_SUCCESS) && 1427 ((p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING) || 1428 (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS)) && 1429 ((cod & cod_audio_device) == cod_audio_device) && 1430 (!interop_match_addr(INTEROP_DYNAMIC_ROLE_SWITCH, &bd_addr))) { 1431 p->switch_role_failed_attempts++; 1432 if (p->switch_role_failed_attempts == BTM_MAX_SW_ROLE_FAILED_ATTEMPTS) { 1433 BTM_TRACE_WARNING( 1434 "%s: Device %s blacklisted for role switching - " 1435 "multiple role switch failed attempts: %u", 1436 __func__, bd_addr.ToString().c_str(), p->switch_role_failed_attempts); 1437 interop_database_add(INTEROP_DYNAMIC_ROLE_SWITCH, &bd_addr, 3); 1438 } 1439 } 1440 } 1441 1442 /******************************************************************************* 1443 * 1444 * Function btm_acl_role_changed 1445 * 1446 * Description This function is called whan a link's master/slave role 1447 * change event or command status event (with error) is 1448 * received. It updates the link control block, and calls the 1449 * registered callback with status and role (if registered). 1450 * 1451 * Returns void 1452 * 1453 ******************************************************************************/ 1454 void btm_acl_role_changed(uint8_t hci_status, const RawAddress* bd_addr, 1455 uint8_t new_role) { 1456 const RawAddress* p_bda = 1457 (bd_addr) ? bd_addr : &btm_cb.devcb.switch_role_ref_data.remote_bd_addr; 1458 tACL_CONN* p = btm_bda_to_acl(*p_bda, BT_TRANSPORT_BR_EDR); 1459 tBTM_ROLE_SWITCH_CMPL* p_data = &btm_cb.devcb.switch_role_ref_data; 1460 tBTM_SEC_DEV_REC* p_dev_rec; 1461 1462 BTM_TRACE_DEBUG("%s: peer %s hci_status:0x%x new_role:%d", __func__, 1463 (p_bda != nullptr) ? bd_addr->ToString().c_str() : "nullptr", 1464 hci_status, new_role); 1465 /* Ignore any stray events */ 1466 if (p == NULL) { 1467 /* it could be a failure */ 1468 if (hci_status != HCI_SUCCESS) 1469 btm_acl_report_role_change(hci_status, bd_addr); 1470 return; 1471 } 1472 1473 p_data->hci_status = hci_status; 1474 1475 if (hci_status == HCI_SUCCESS) { 1476 p_data->role = new_role; 1477 p_data->remote_bd_addr = *p_bda; 1478 1479 /* Update cached value */ 1480 p->link_role = new_role; 1481 1482 /* Reload LSTO: link supervision timeout is reset in the LM after a role 1483 * switch */ 1484 if (new_role == BTM_ROLE_MASTER) { 1485 BTM_SetLinkSuperTout(p->remote_addr, p->link_super_tout); 1486 } 1487 } else { 1488 /* so the BTM_BL_ROLE_CHG_EVT uses the old role */ 1489 new_role = p->link_role; 1490 } 1491 1492 /* Check if any SCO req is pending for role change */ 1493 btm_sco_chk_pend_rolechange(p->hci_handle); 1494 1495 /* if switching state is switching we need to turn encryption on */ 1496 /* if idle, we did not change encryption */ 1497 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING) { 1498 btsnd_hcic_set_conn_encrypt(p->hci_handle, true); 1499 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON; 1500 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON; 1501 return; 1502 } 1503 1504 /* Set the switch_role_state to IDLE since the reply received from HCI */ 1505 /* regardless of its result either success or failed. */ 1506 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS) { 1507 p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; 1508 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; 1509 } 1510 1511 /* if role switch complete is needed, report it now */ 1512 btm_acl_report_role_change(hci_status, bd_addr); 1513 1514 /* if role change event is registered, report it now */ 1515 if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) { 1516 tBTM_BL_ROLE_CHG_DATA evt; 1517 evt.event = BTM_BL_ROLE_CHG_EVT; 1518 evt.new_role = new_role; 1519 evt.p_bda = p_bda; 1520 evt.hci_status = hci_status; 1521 tBTM_BL_EVENT_DATA btm_bl_event_data; 1522 btm_bl_event_data.role_chg = evt; 1523 (*btm_cb.p_bl_changed_cb)(&btm_bl_event_data); 1524 } 1525 1526 BTM_TRACE_DEBUG( 1527 "%s: peer %s Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, " 1528 "rs_st:%d", 1529 __func__, (p_bda != nullptr) ? p_bda->ToString().c_str() : "nullptr", 1530 p_data->role, p_data->hci_status, p->switch_role_state); 1531 1532 #if (BTM_DISC_DURING_RS == TRUE) 1533 /* If a disconnect is pending, issue it now that role switch has completed */ 1534 p_dev_rec = btm_find_dev(*p_bda); 1535 if (p_dev_rec != NULL) { 1536 if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) { 1537 BTM_TRACE_WARNING( 1538 "%s peer %s Issuing delayed HCI_Disconnect!!!", __func__, 1539 (p_bda != nullptr) ? p_bda->ToString().c_str() : "nullptr"); 1540 btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER); 1541 } 1542 BTM_TRACE_ERROR("%s: peer %s tBTM_SEC_DEV:0x%x rs_disc_pending=%d", 1543 __func__, 1544 (p_bda != nullptr) ? p_bda->ToString().c_str() : "nullptr", 1545 PTR_TO_UINT(p_dev_rec), p_dev_rec->rs_disc_pending); 1546 p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ 1547 } 1548 1549 #endif 1550 } 1551 1552 /******************************************************************************* 1553 * 1554 * Function BTM_AllocateSCN 1555 * 1556 * Description Look through the Server Channel Numbers for a free one. 1557 * 1558 * Returns Allocated SCN number or 0 if none. 1559 * 1560 ******************************************************************************/ 1561 1562 uint8_t BTM_AllocateSCN(void) { 1563 uint8_t x; 1564 BTM_TRACE_DEBUG("BTM_AllocateSCN"); 1565 1566 // stack reserves scn 1 for HFP, HSP we still do the correct way 1567 for (x = 1; x < BTM_MAX_SCN; x++) { 1568 if (!btm_cb.btm_scn[x]) { 1569 btm_cb.btm_scn[x] = true; 1570 return (x + 1); 1571 } 1572 } 1573 1574 return (0); /* No free ports */ 1575 } 1576 1577 /******************************************************************************* 1578 * 1579 * Function BTM_TryAllocateSCN 1580 * 1581 * Description Try to allocate a fixed server channel 1582 * 1583 * Returns Returns true if server channel was available 1584 * 1585 ******************************************************************************/ 1586 1587 bool BTM_TryAllocateSCN(uint8_t scn) { 1588 /* Make sure we don't exceed max port range. 1589 * Stack reserves scn 1 for HFP, HSP we still do the correct way. 1590 */ 1591 if ((scn >= BTM_MAX_SCN) || (scn == 1)) return false; 1592 1593 /* check if this port is available */ 1594 if (!btm_cb.btm_scn[scn - 1]) { 1595 btm_cb.btm_scn[scn - 1] = true; 1596 return true; 1597 } 1598 1599 return (false); /* Port was busy */ 1600 } 1601 1602 /******************************************************************************* 1603 * 1604 * Function BTM_FreeSCN 1605 * 1606 * Description Free the specified SCN. 1607 * 1608 * Returns true or false 1609 * 1610 ******************************************************************************/ 1611 bool BTM_FreeSCN(uint8_t scn) { 1612 BTM_TRACE_DEBUG("BTM_FreeSCN "); 1613 if (scn <= BTM_MAX_SCN) { 1614 btm_cb.btm_scn[scn - 1] = false; 1615 return (true); 1616 } else { 1617 return (false); /* Illegal SCN passed in */ 1618 } 1619 } 1620 1621 /******************************************************************************* 1622 * 1623 * Function btm_set_packet_types 1624 * 1625 * Description This function sets the packet types used for a specific 1626 * ACL connection. It is called internally by btm_acl_created 1627 * or by an application/profile by BTM_SetPacketTypes. 1628 * 1629 * Returns status of the operation 1630 * 1631 ******************************************************************************/ 1632 tBTM_STATUS btm_set_packet_types(tACL_CONN* p, uint16_t pkt_types) { 1633 uint16_t temp_pkt_types; 1634 BTM_TRACE_DEBUG("btm_set_packet_types"); 1635 /* Save in the ACL control blocks, types that we support */ 1636 temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK & 1637 btm_cb.btm_acl_pkt_types_supported); 1638 1639 /* OR in any exception packet types if at least 2.0 version of spec */ 1640 temp_pkt_types |= 1641 ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) | 1642 (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK)); 1643 1644 /* Exclude packet types not supported by the peer */ 1645 btm_acl_chk_peer_pkt_type_support(p, &temp_pkt_types); 1646 1647 BTM_TRACE_DEBUG("SetPacketType Mask -> 0x%04x", temp_pkt_types); 1648 1649 btsnd_hcic_change_conn_type(p->hci_handle, temp_pkt_types); 1650 p->pkt_types_mask = temp_pkt_types; 1651 1652 return (BTM_CMD_STARTED); 1653 } 1654 1655 /******************************************************************************* 1656 * 1657 * Function btm_get_max_packet_size 1658 * 1659 * Returns Returns maximum packet size that can be used for current 1660 * connection, 0 if connection is not established 1661 * 1662 ******************************************************************************/ 1663 uint16_t btm_get_max_packet_size(const RawAddress& addr) { 1664 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR); 1665 uint16_t pkt_types = 0; 1666 uint16_t pkt_size = 0; 1667 BTM_TRACE_DEBUG("btm_get_max_packet_size"); 1668 if (p != NULL) { 1669 pkt_types = p->pkt_types_mask; 1670 } else { 1671 /* Special case for when info for the local device is requested */ 1672 if (addr == *controller_get_interface()->get_address()) { 1673 pkt_types = btm_cb.btm_acl_pkt_types_supported; 1674 } 1675 } 1676 1677 if (pkt_types) { 1678 if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5)) 1679 pkt_size = HCI_EDR3_DH5_PACKET_SIZE; 1680 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5)) 1681 pkt_size = HCI_EDR2_DH5_PACKET_SIZE; 1682 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3)) 1683 pkt_size = HCI_EDR3_DH3_PACKET_SIZE; 1684 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5) 1685 pkt_size = HCI_DH5_PACKET_SIZE; 1686 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3)) 1687 pkt_size = HCI_EDR2_DH3_PACKET_SIZE; 1688 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5) 1689 pkt_size = HCI_DM5_PACKET_SIZE; 1690 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3) 1691 pkt_size = HCI_DH3_PACKET_SIZE; 1692 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3) 1693 pkt_size = HCI_DM3_PACKET_SIZE; 1694 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1)) 1695 pkt_size = HCI_EDR3_DH1_PACKET_SIZE; 1696 else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1)) 1697 pkt_size = HCI_EDR2_DH1_PACKET_SIZE; 1698 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1) 1699 pkt_size = HCI_DH1_PACKET_SIZE; 1700 else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1) 1701 pkt_size = HCI_DM1_PACKET_SIZE; 1702 } 1703 1704 return (pkt_size); 1705 } 1706 1707 /******************************************************************************* 1708 * 1709 * Function BTM_ReadRemoteVersion 1710 * 1711 * Returns If connected report peer device info 1712 * 1713 ******************************************************************************/ 1714 tBTM_STATUS BTM_ReadRemoteVersion(const RawAddress& addr, uint8_t* lmp_version, 1715 uint16_t* manufacturer, 1716 uint16_t* lmp_sub_version) { 1717 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR); 1718 BTM_TRACE_DEBUG("BTM_ReadRemoteVersion"); 1719 if (p == NULL) return (BTM_UNKNOWN_ADDR); 1720 1721 if (lmp_version) *lmp_version = p->lmp_version; 1722 1723 if (manufacturer) *manufacturer = p->manufacturer; 1724 1725 if (lmp_sub_version) *lmp_sub_version = p->lmp_subversion; 1726 1727 return (BTM_SUCCESS); 1728 } 1729 1730 /******************************************************************************* 1731 * 1732 * Function BTM_ReadRemoteFeatures 1733 * 1734 * Returns pointer to the remote supported features mask (8 bytes) 1735 * 1736 ******************************************************************************/ 1737 uint8_t* BTM_ReadRemoteFeatures(const RawAddress& addr) { 1738 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR); 1739 BTM_TRACE_DEBUG("BTM_ReadRemoteFeatures"); 1740 if (p == NULL) { 1741 return (NULL); 1742 } 1743 1744 return (p->peer_lmp_feature_pages[0]); 1745 } 1746 1747 /******************************************************************************* 1748 * 1749 * Function BTM_ReadRemoteExtendedFeatures 1750 * 1751 * Returns pointer to the remote extended features mask (8 bytes) 1752 * or NULL if bad page 1753 * 1754 ******************************************************************************/ 1755 uint8_t* BTM_ReadRemoteExtendedFeatures(const RawAddress& addr, 1756 uint8_t page_number) { 1757 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR); 1758 BTM_TRACE_DEBUG("BTM_ReadRemoteExtendedFeatures"); 1759 if (p == NULL) { 1760 return (NULL); 1761 } 1762 1763 if (page_number > HCI_EXT_FEATURES_PAGE_MAX) { 1764 BTM_TRACE_ERROR("Warning: BTM_ReadRemoteExtendedFeatures page %d unknown", 1765 page_number); 1766 return NULL; 1767 } 1768 1769 return (p->peer_lmp_feature_pages[page_number]); 1770 } 1771 1772 /******************************************************************************* 1773 * 1774 * Function BTM_ReadNumberRemoteFeaturesPages 1775 * 1776 * Returns number of features pages read from the remote device. 1777 * 1778 ******************************************************************************/ 1779 uint8_t BTM_ReadNumberRemoteFeaturesPages(const RawAddress& addr) { 1780 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR); 1781 BTM_TRACE_DEBUG("BTM_ReadNumberRemoteFeaturesPages"); 1782 if (p == NULL) { 1783 return (0); 1784 } 1785 1786 return (p->num_read_pages); 1787 } 1788 1789 /******************************************************************************* 1790 * 1791 * Function BTM_ReadAllRemoteFeatures 1792 * 1793 * Returns pointer to all features of the remote (24 bytes). 1794 * 1795 ******************************************************************************/ 1796 uint8_t* BTM_ReadAllRemoteFeatures(const RawAddress& addr) { 1797 tACL_CONN* p = btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR); 1798 BTM_TRACE_DEBUG("BTM_ReadAllRemoteFeatures"); 1799 if (p == NULL) { 1800 return (NULL); 1801 } 1802 1803 return (p->peer_lmp_feature_pages[0]); 1804 } 1805 1806 /******************************************************************************* 1807 * 1808 * Function BTM_RegBusyLevelNotif 1809 * 1810 * Description This function is called to register a callback to receive 1811 * busy level change events. 1812 * 1813 * Returns BTM_SUCCESS if successfully registered, otherwise error 1814 * 1815 ******************************************************************************/ 1816 tBTM_STATUS BTM_RegBusyLevelNotif(tBTM_BL_CHANGE_CB* p_cb, uint8_t* p_level, 1817 tBTM_BL_EVENT_MASK evt_mask) { 1818 BTM_TRACE_DEBUG("BTM_RegBusyLevelNotif"); 1819 if (p_level) *p_level = btm_cb.busy_level; 1820 1821 btm_cb.bl_evt_mask = evt_mask; 1822 1823 if (!p_cb) 1824 btm_cb.p_bl_changed_cb = NULL; 1825 else if (btm_cb.p_bl_changed_cb) 1826 return (BTM_BUSY); 1827 else 1828 btm_cb.p_bl_changed_cb = p_cb; 1829 1830 return (BTM_SUCCESS); 1831 } 1832 1833 /******************************************************************************* 1834 * 1835 * Function BTM_SetQoS 1836 * 1837 * Description This function is called to setup QoS 1838 * 1839 * Returns status of the operation 1840 * 1841 ******************************************************************************/ 1842 tBTM_STATUS BTM_SetQoS(const RawAddress& bd, FLOW_SPEC* p_flow, 1843 tBTM_CMPL_CB* p_cb) { 1844 tACL_CONN* p = &btm_cb.acl_db[0]; 1845 1846 VLOG(2) << __func__ << " BdAddr: " << bd; 1847 1848 /* If someone already waiting on the version, do not allow another */ 1849 if (btm_cb.devcb.p_qos_setup_cmpl_cb) return (BTM_BUSY); 1850 1851 p = btm_bda_to_acl(bd, BT_TRANSPORT_BR_EDR); 1852 if (p != NULL) { 1853 btm_cb.devcb.p_qos_setup_cmpl_cb = p_cb; 1854 alarm_set_on_mloop(btm_cb.devcb.qos_setup_timer, BTM_DEV_REPLY_TIMEOUT_MS, 1855 btm_qos_setup_timeout, NULL); 1856 1857 btsnd_hcic_qos_setup(p->hci_handle, p_flow->qos_flags, p_flow->service_type, 1858 p_flow->token_rate, p_flow->peak_bandwidth, 1859 p_flow->latency, p_flow->delay_variation); 1860 return (BTM_CMD_STARTED); 1861 } 1862 1863 /* If here, no BD Addr found */ 1864 return (BTM_UNKNOWN_ADDR); 1865 } 1866 1867 /******************************************************************************* 1868 * 1869 * Function btm_qos_setup_timeout 1870 * 1871 * Description Callback when QoS setup times out. 1872 * 1873 * Returns void 1874 * 1875 ******************************************************************************/ 1876 void btm_qos_setup_timeout(UNUSED_ATTR void* data) { 1877 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb; 1878 btm_cb.devcb.p_qos_setup_cmpl_cb = NULL; 1879 if (p_cb) (*p_cb)((void*)NULL); 1880 } 1881 1882 /******************************************************************************* 1883 * 1884 * Function btm_qos_setup_complete 1885 * 1886 * Description This function is called when the command complete message 1887 * is received from the HCI for the qos setup request. 1888 * 1889 * Returns void 1890 * 1891 ******************************************************************************/ 1892 void btm_qos_setup_complete(uint8_t status, uint16_t handle, 1893 FLOW_SPEC* p_flow) { 1894 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_qos_setup_cmpl_cb; 1895 tBTM_QOS_SETUP_CMPL qossu; 1896 1897 BTM_TRACE_DEBUG("%s", __func__); 1898 alarm_cancel(btm_cb.devcb.qos_setup_timer); 1899 btm_cb.devcb.p_qos_setup_cmpl_cb = NULL; 1900 1901 /* If there was a registered callback, call it */ 1902 if (p_cb) { 1903 memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL)); 1904 qossu.status = status; 1905 qossu.handle = handle; 1906 if (p_flow != NULL) { 1907 qossu.flow.qos_flags = p_flow->qos_flags; 1908 qossu.flow.service_type = p_flow->service_type; 1909 qossu.flow.token_rate = p_flow->token_rate; 1910 qossu.flow.peak_bandwidth = p_flow->peak_bandwidth; 1911 qossu.flow.latency = p_flow->latency; 1912 qossu.flow.delay_variation = p_flow->delay_variation; 1913 } 1914 BTM_TRACE_DEBUG("BTM: p_flow->delay_variation: 0x%02x", 1915 qossu.flow.delay_variation); 1916 (*p_cb)(&qossu); 1917 } 1918 } 1919 1920 /******************************************************************************* 1921 * 1922 * Function BTM_ReadRSSI 1923 * 1924 * Description This function is called to read the link policy settings. 1925 * The address of link policy results are returned in the 1926 * callback. 1927 * (tBTM_RSSI_RESULT) 1928 * 1929 * Returns BTM_CMD_STARTED if successfully initiated or error code 1930 * 1931 ******************************************************************************/ 1932 tBTM_STATUS BTM_ReadRSSI(const RawAddress& remote_bda, tBTM_CMPL_CB* p_cb) { 1933 tACL_CONN* p = NULL; 1934 tBT_DEVICE_TYPE dev_type; 1935 tBLE_ADDR_TYPE addr_type; 1936 1937 /* If someone already waiting on the version, do not allow another */ 1938 if (btm_cb.devcb.p_rssi_cmpl_cb) return (BTM_BUSY); 1939 1940 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type); 1941 1942 if (dev_type & BT_DEVICE_TYPE_BLE) { 1943 p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE); 1944 } 1945 1946 if (p == NULL && dev_type & BT_DEVICE_TYPE_BREDR) { 1947 p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR); 1948 } 1949 1950 if (p) { 1951 btm_cb.devcb.p_rssi_cmpl_cb = p_cb; 1952 alarm_set_on_mloop(btm_cb.devcb.read_rssi_timer, BTM_DEV_REPLY_TIMEOUT_MS, 1953 btm_read_rssi_timeout, NULL); 1954 1955 btsnd_hcic_read_rssi(p->hci_handle); 1956 return (BTM_CMD_STARTED); 1957 } 1958 1959 /* If here, no BD Addr found */ 1960 return (BTM_UNKNOWN_ADDR); 1961 } 1962 1963 /******************************************************************************* 1964 * 1965 * Function BTM_ReadFailedContactCounter 1966 * 1967 * Description This function is called to read the failed contact counter. 1968 * The result is returned in the callback. 1969 * (tBTM_FAILED_CONTACT_COUNTER_RESULT) 1970 * 1971 * Returns BTM_CMD_STARTED if successfully initiated or error code 1972 * 1973 ******************************************************************************/ 1974 tBTM_STATUS BTM_ReadFailedContactCounter(const RawAddress& remote_bda, 1975 tBTM_CMPL_CB* p_cb) { 1976 tACL_CONN* p; 1977 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 1978 tBT_DEVICE_TYPE dev_type; 1979 tBLE_ADDR_TYPE addr_type; 1980 1981 /* If someone already waiting on the result, do not allow another */ 1982 if (btm_cb.devcb.p_failed_contact_counter_cmpl_cb) return (BTM_BUSY); 1983 1984 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type); 1985 if (dev_type == BT_DEVICE_TYPE_BLE) transport = BT_TRANSPORT_LE; 1986 1987 p = btm_bda_to_acl(remote_bda, transport); 1988 if (p != (tACL_CONN*)NULL) { 1989 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = p_cb; 1990 alarm_set_on_mloop(btm_cb.devcb.read_failed_contact_counter_timer, 1991 BTM_DEV_REPLY_TIMEOUT_MS, 1992 btm_read_failed_contact_counter_timeout, NULL); 1993 1994 btsnd_hcic_read_failed_contact_counter(p->hci_handle); 1995 return (BTM_CMD_STARTED); 1996 } 1997 1998 /* If here, no BD Addr found */ 1999 return (BTM_UNKNOWN_ADDR); 2000 } 2001 2002 /******************************************************************************* 2003 * 2004 * Function BTM_ReadAutomaticFlushTimeout 2005 * 2006 * Description This function is called to read the automatic flush timeout. 2007 * The result is returned in the callback. 2008 * (tBTM_AUTOMATIC_FLUSH_TIMEOUT_RESULT) 2009 * 2010 * Returns BTM_CMD_STARTED if successfully initiated or error code 2011 * 2012 ******************************************************************************/ 2013 tBTM_STATUS BTM_ReadAutomaticFlushTimeout(const RawAddress& remote_bda, 2014 tBTM_CMPL_CB* p_cb) { 2015 tACL_CONN* p; 2016 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR; 2017 tBT_DEVICE_TYPE dev_type; 2018 tBLE_ADDR_TYPE addr_type; 2019 2020 /* If someone already waiting on the result, do not allow another */ 2021 if (btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb) return (BTM_BUSY); 2022 2023 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type); 2024 if (dev_type == BT_DEVICE_TYPE_BLE) transport = BT_TRANSPORT_LE; 2025 2026 p = btm_bda_to_acl(remote_bda, transport); 2027 if (!p) return BTM_UNKNOWN_ADDR; 2028 2029 btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb = p_cb; 2030 alarm_set_on_mloop(btm_cb.devcb.read_automatic_flush_timeout_timer, 2031 BTM_DEV_REPLY_TIMEOUT_MS, 2032 btm_read_automatic_flush_timeout_timeout, nullptr); 2033 2034 btsnd_hcic_read_automatic_flush_timeout(p->hci_handle); 2035 return BTM_CMD_STARTED; 2036 } 2037 2038 /******************************************************************************* 2039 * 2040 * Function BTM_ReadLinkQuality 2041 * 2042 * Description This function is called to read the link qulaity. 2043 * The value of the link quality is returned in the callback. 2044 * (tBTM_LINK_QUALITY_RESULT) 2045 * 2046 * Returns BTM_CMD_STARTED if successfully initiated or error code 2047 * 2048 ******************************************************************************/ 2049 tBTM_STATUS BTM_ReadLinkQuality(const RawAddress& remote_bda, 2050 tBTM_CMPL_CB* p_cb) { 2051 VLOG(2) << __func__ << ": RemBdAddr: " << remote_bda; 2052 2053 /* If someone already waiting on the version, do not allow another */ 2054 if (btm_cb.devcb.p_link_qual_cmpl_cb) return (BTM_BUSY); 2055 2056 tACL_CONN* p = btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR); 2057 if (p != (tACL_CONN*)NULL) { 2058 btm_cb.devcb.p_link_qual_cmpl_cb = p_cb; 2059 alarm_set_on_mloop(btm_cb.devcb.read_link_quality_timer, 2060 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_link_quality_timeout, 2061 NULL); 2062 2063 btsnd_hcic_get_link_quality(p->hci_handle); 2064 return (BTM_CMD_STARTED); 2065 } 2066 2067 /* If here, no BD Addr found */ 2068 return (BTM_UNKNOWN_ADDR); 2069 } 2070 2071 /******************************************************************************* 2072 * 2073 * Function BTM_ReadTxPower 2074 * 2075 * Description This function is called to read the current 2076 * TX power of the connection. The tx power level results 2077 * are returned in the callback. 2078 * (tBTM_RSSI_RESULT) 2079 * 2080 * Returns BTM_CMD_STARTED if successfully initiated or error code 2081 * 2082 ******************************************************************************/ 2083 tBTM_STATUS BTM_ReadTxPower(const RawAddress& remote_bda, 2084 tBT_TRANSPORT transport, tBTM_CMPL_CB* p_cb) { 2085 tACL_CONN* p; 2086 #define BTM_READ_RSSI_TYPE_CUR 0x00 2087 #define BTM_READ_RSSI_TYPE_MAX 0X01 2088 2089 VLOG(2) << __func__ << ": RemBdAddr: " << remote_bda; 2090 2091 /* If someone already waiting on the version, do not allow another */ 2092 if (btm_cb.devcb.p_tx_power_cmpl_cb) return (BTM_BUSY); 2093 2094 p = btm_bda_to_acl(remote_bda, transport); 2095 if (p != (tACL_CONN*)NULL) { 2096 btm_cb.devcb.p_tx_power_cmpl_cb = p_cb; 2097 alarm_set_on_mloop(btm_cb.devcb.read_tx_power_timer, 2098 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_tx_power_timeout, 2099 NULL); 2100 2101 if (p->transport == BT_TRANSPORT_LE) { 2102 btm_cb.devcb.read_tx_pwr_addr = remote_bda; 2103 btsnd_hcic_ble_read_adv_chnl_tx_power(); 2104 } else { 2105 btsnd_hcic_read_tx_power(p->hci_handle, BTM_READ_RSSI_TYPE_CUR); 2106 } 2107 2108 return (BTM_CMD_STARTED); 2109 } 2110 2111 /* If here, no BD Addr found */ 2112 return (BTM_UNKNOWN_ADDR); 2113 } 2114 2115 /******************************************************************************* 2116 * 2117 * Function btm_read_tx_power_timeout 2118 * 2119 * Description Callback when reading the tx power times out. 2120 * 2121 * Returns void 2122 * 2123 ******************************************************************************/ 2124 void btm_read_tx_power_timeout(UNUSED_ATTR void* data) { 2125 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb; 2126 btm_cb.devcb.p_tx_power_cmpl_cb = NULL; 2127 if (p_cb) (*p_cb)((void*)NULL); 2128 } 2129 2130 /******************************************************************************* 2131 * 2132 * Function btm_read_tx_power_complete 2133 * 2134 * Description This function is called when the command complete message 2135 * is received from the HCI for the read tx power request. 2136 * 2137 * Returns void 2138 * 2139 ******************************************************************************/ 2140 void btm_read_tx_power_complete(uint8_t* p, bool is_ble) { 2141 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb; 2142 tBTM_TX_POWER_RESULT result; 2143 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0]; 2144 2145 BTM_TRACE_DEBUG("%s", __func__); 2146 alarm_cancel(btm_cb.devcb.read_tx_power_timer); 2147 btm_cb.devcb.p_tx_power_cmpl_cb = NULL; 2148 2149 /* If there was a registered callback, call it */ 2150 if (p_cb) { 2151 STREAM_TO_UINT8(result.hci_status, p); 2152 2153 if (result.hci_status == HCI_SUCCESS) { 2154 result.status = BTM_SUCCESS; 2155 2156 if (!is_ble) { 2157 uint16_t handle; 2158 STREAM_TO_UINT16(handle, p); 2159 STREAM_TO_UINT8(result.tx_power, p); 2160 2161 /* Search through the list of active channels for the correct BD Addr */ 2162 for (uint16_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) { 2163 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) { 2164 result.rem_bda = p_acl_cb->remote_addr; 2165 break; 2166 } 2167 } 2168 } else { 2169 STREAM_TO_UINT8(result.tx_power, p); 2170 result.rem_bda = btm_cb.devcb.read_tx_pwr_addr; 2171 } 2172 BTM_TRACE_DEBUG("BTM TX power Complete: tx_power %d, hci status 0x%02x", 2173 result.tx_power, result.hci_status); 2174 } else { 2175 result.status = BTM_ERR_PROCESSING; 2176 } 2177 2178 (*p_cb)(&result); 2179 } 2180 } 2181 2182 /******************************************************************************* 2183 * 2184 * Function btm_read_rssi_timeout 2185 * 2186 * Description Callback when reading the RSSI times out. 2187 * 2188 * Returns void 2189 * 2190 ******************************************************************************/ 2191 void btm_read_rssi_timeout(UNUSED_ATTR void* data) { 2192 tBTM_RSSI_RESULT result; 2193 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb; 2194 btm_cb.devcb.p_rssi_cmpl_cb = NULL; 2195 result.status = BTM_DEVICE_TIMEOUT; 2196 if (p_cb) (*p_cb)(&result); 2197 } 2198 2199 /******************************************************************************* 2200 * 2201 * Function btm_read_rssi_complete 2202 * 2203 * Description This function is called when the command complete message 2204 * is received from the HCI for the read rssi request. 2205 * 2206 * Returns void 2207 * 2208 ******************************************************************************/ 2209 void btm_read_rssi_complete(uint8_t* p) { 2210 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb; 2211 tBTM_RSSI_RESULT result; 2212 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0]; 2213 2214 BTM_TRACE_DEBUG("%s", __func__); 2215 alarm_cancel(btm_cb.devcb.read_rssi_timer); 2216 btm_cb.devcb.p_rssi_cmpl_cb = NULL; 2217 2218 /* If there was a registered callback, call it */ 2219 if (p_cb) { 2220 STREAM_TO_UINT8(result.hci_status, p); 2221 2222 if (result.hci_status == HCI_SUCCESS) { 2223 uint16_t handle; 2224 result.status = BTM_SUCCESS; 2225 2226 STREAM_TO_UINT16(handle, p); 2227 2228 STREAM_TO_UINT8(result.rssi, p); 2229 BTM_TRACE_DEBUG("BTM RSSI Complete: rssi %d, hci status 0x%02x", 2230 result.rssi, result.hci_status); 2231 2232 /* Search through the list of active channels for the correct BD Addr */ 2233 for (uint16_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) { 2234 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) { 2235 result.rem_bda = p_acl_cb->remote_addr; 2236 break; 2237 } 2238 } 2239 } else { 2240 result.status = BTM_ERR_PROCESSING; 2241 } 2242 2243 (*p_cb)(&result); 2244 } 2245 } 2246 2247 /******************************************************************************* 2248 * 2249 * Function btm_read_failed_contact_counter_timeout 2250 * 2251 * Description Callback when reading the failed contact counter times out. 2252 * 2253 * Returns void 2254 * 2255 ******************************************************************************/ 2256 void btm_read_failed_contact_counter_timeout(UNUSED_ATTR void* data) { 2257 tBTM_FAILED_CONTACT_COUNTER_RESULT result; 2258 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_failed_contact_counter_cmpl_cb; 2259 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = NULL; 2260 result.status = BTM_DEVICE_TIMEOUT; 2261 if (p_cb) (*p_cb)(&result); 2262 } 2263 2264 /******************************************************************************* 2265 * 2266 * Function btm_read_failed_contact_counter_complete 2267 * 2268 * Description This function is called when the command complete message 2269 * is received from the HCI for the read failed contact 2270 * counter request. 2271 * 2272 * Returns void 2273 * 2274 ******************************************************************************/ 2275 void btm_read_failed_contact_counter_complete(uint8_t* p) { 2276 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_failed_contact_counter_cmpl_cb; 2277 tBTM_FAILED_CONTACT_COUNTER_RESULT result; 2278 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0]; 2279 2280 BTM_TRACE_DEBUG("%s", __func__); 2281 alarm_cancel(btm_cb.devcb.read_failed_contact_counter_timer); 2282 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = NULL; 2283 2284 /* If there was a registered callback, call it */ 2285 if (p_cb) { 2286 uint16_t handle; 2287 STREAM_TO_UINT8(result.hci_status, p); 2288 2289 if (result.hci_status == HCI_SUCCESS) { 2290 result.status = BTM_SUCCESS; 2291 2292 STREAM_TO_UINT16(handle, p); 2293 2294 STREAM_TO_UINT16(result.failed_contact_counter, p); 2295 BTM_TRACE_DEBUG( 2296 "BTM Failed Contact Counter Complete: counter %u, hci status 0x%02x", 2297 result.failed_contact_counter, result.hci_status); 2298 2299 /* Search through the list of active channels for the correct BD Addr */ 2300 for (uint16_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) { 2301 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) { 2302 result.rem_bda = p_acl_cb->remote_addr; 2303 break; 2304 } 2305 } 2306 } else { 2307 result.status = BTM_ERR_PROCESSING; 2308 } 2309 2310 (*p_cb)(&result); 2311 } 2312 } 2313 2314 /******************************************************************************* 2315 * 2316 * Function btm_read_automatic_flush_timeout_timeout 2317 * 2318 * Description Callback when reading the automatic flush timeout times out. 2319 * 2320 * Returns void 2321 * 2322 ******************************************************************************/ 2323 void btm_read_automatic_flush_timeout_timeout(UNUSED_ATTR void* data) { 2324 tBTM_AUTOMATIC_FLUSH_TIMEOUT_RESULT result; 2325 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb; 2326 btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb = nullptr; 2327 result.status = BTM_DEVICE_TIMEOUT; 2328 if (p_cb) (*p_cb)(&result); 2329 } 2330 2331 /******************************************************************************* 2332 * 2333 * Function btm_read_automatic_flush_timeout_complete 2334 * 2335 * Description This function is called when the command complete message 2336 * is received from the HCI for the read automatic flush 2337 * timeout request. 2338 * 2339 * Returns void 2340 * 2341 ******************************************************************************/ 2342 void btm_read_automatic_flush_timeout_complete(uint8_t* p) { 2343 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb; 2344 tBTM_AUTOMATIC_FLUSH_TIMEOUT_RESULT result; 2345 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0]; 2346 2347 BTM_TRACE_DEBUG("%s", __func__); 2348 alarm_cancel(btm_cb.devcb.read_automatic_flush_timeout_timer); 2349 btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb = nullptr; 2350 2351 /* If there was a registered callback, call it */ 2352 if (p_cb) { 2353 uint16_t handle; 2354 STREAM_TO_UINT8(result.hci_status, p); 2355 2356 if (result.hci_status == HCI_SUCCESS) { 2357 result.status = BTM_SUCCESS; 2358 2359 STREAM_TO_UINT16(handle, p); 2360 2361 STREAM_TO_UINT16(result.automatic_flush_timeout, p); 2362 BTM_TRACE_DEBUG( 2363 "BTM Automatic Flush Timeout Complete: timeout %u, hci status 0x%02x", 2364 result.automatic_flush_timeout, result.hci_status); 2365 2366 /* Search through the list of active channels for the correct BD Addr */ 2367 for (uint16_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) { 2368 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) { 2369 result.rem_bda = p_acl_cb->remote_addr; 2370 break; 2371 } 2372 } 2373 } else { 2374 result.status = BTM_ERR_PROCESSING; 2375 } 2376 2377 (*p_cb)(&result); 2378 } 2379 } 2380 2381 /******************************************************************************* 2382 * 2383 * Function btm_read_link_quality_timeout 2384 * 2385 * Description Callback when reading the link quality times out. 2386 * 2387 * Returns void 2388 * 2389 ******************************************************************************/ 2390 void btm_read_link_quality_timeout(UNUSED_ATTR void* data) { 2391 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb; 2392 btm_cb.devcb.p_link_qual_cmpl_cb = NULL; 2393 if (p_cb) (*p_cb)((void*)NULL); 2394 } 2395 2396 /******************************************************************************* 2397 * 2398 * Function btm_read_link_quality_complete 2399 * 2400 * Description This function is called when the command complete message 2401 * is received from the HCI for the read link quality. 2402 * 2403 * Returns void 2404 * 2405 ******************************************************************************/ 2406 void btm_read_link_quality_complete(uint8_t* p) { 2407 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb; 2408 tBTM_LINK_QUALITY_RESULT result; 2409 tACL_CONN* p_acl_cb = &btm_cb.acl_db[0]; 2410 2411 BTM_TRACE_DEBUG("%s", __func__); 2412 alarm_cancel(btm_cb.devcb.read_link_quality_timer); 2413 btm_cb.devcb.p_link_qual_cmpl_cb = NULL; 2414 2415 /* If there was a registered callback, call it */ 2416 if (p_cb) { 2417 STREAM_TO_UINT8(result.hci_status, p); 2418 2419 if (result.hci_status == HCI_SUCCESS) { 2420 uint16_t handle; 2421 result.status = BTM_SUCCESS; 2422 2423 STREAM_TO_UINT16(handle, p); 2424 2425 STREAM_TO_UINT8(result.link_quality, p); 2426 BTM_TRACE_DEBUG( 2427 "BTM Link Quality Complete: Link Quality %d, hci status 0x%02x", 2428 result.link_quality, result.hci_status); 2429 2430 /* Search through the list of active channels for the correct BD Addr */ 2431 for (uint16_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) { 2432 if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) { 2433 result.rem_bda = p_acl_cb->remote_addr; 2434 break; 2435 } 2436 } 2437 } else { 2438 result.status = BTM_ERR_PROCESSING; 2439 } 2440 2441 (*p_cb)(&result); 2442 } 2443 } 2444 2445 /******************************************************************************* 2446 * 2447 * Function btm_remove_acl 2448 * 2449 * Description This function is called to disconnect an ACL connection 2450 * 2451 * Returns BTM_SUCCESS if successfully initiated, otherwise 2452 * BTM_NO_RESOURCES. 2453 * 2454 ******************************************************************************/ 2455 tBTM_STATUS btm_remove_acl(const RawAddress& bd_addr, tBT_TRANSPORT transport) { 2456 uint16_t hci_handle = BTM_GetHCIConnHandle(bd_addr, transport); 2457 tBTM_STATUS status = BTM_SUCCESS; 2458 2459 BTM_TRACE_DEBUG("btm_remove_acl"); 2460 #if (BTM_DISC_DURING_RS == TRUE) 2461 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 2462 2463 /* Role Switch is pending, postpone until completed */ 2464 if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING)) { 2465 p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING; 2466 } else /* otherwise can disconnect right away */ 2467 #endif 2468 { 2469 if (hci_handle != 0xFFFF && p_dev_rec && 2470 p_dev_rec->sec_state != BTM_SEC_STATE_DISCONNECTING) { 2471 btsnd_hcic_disconnect(hci_handle, HCI_ERR_PEER_USER); 2472 } else { 2473 status = BTM_UNKNOWN_ADDR; 2474 } 2475 } 2476 2477 return status; 2478 } 2479 2480 /******************************************************************************* 2481 * 2482 * Function BTM_SetTraceLevel 2483 * 2484 * Description This function sets the trace level for BTM. If called with 2485 * a value of 0xFF, it simply returns the current trace level. 2486 * 2487 * Returns The new or current trace level 2488 * 2489 ******************************************************************************/ 2490 uint8_t BTM_SetTraceLevel(uint8_t new_level) { 2491 BTM_TRACE_DEBUG("BTM_SetTraceLevel"); 2492 if (new_level != 0xFF) btm_cb.trace_level = new_level; 2493 2494 return (btm_cb.trace_level); 2495 } 2496 2497 /******************************************************************************* 2498 * 2499 * Function btm_cont_rswitch 2500 * 2501 * Description This function is called to continue processing an active 2502 * role switch. It first disables encryption if enabled and 2503 * EPR is not supported 2504 * 2505 * Returns void 2506 * 2507 ******************************************************************************/ 2508 void btm_cont_rswitch(tACL_CONN* p, tBTM_SEC_DEV_REC* p_dev_rec, 2509 uint8_t hci_status) { 2510 BTM_TRACE_DEBUG("btm_cont_rswitch"); 2511 /* Check to see if encryption needs to be turned off if pending 2512 change of link key or role switch */ 2513 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) { 2514 /* Must turn off Encryption first if necessary */ 2515 /* Some devices do not support switch or change of link key while encryption 2516 * is on */ 2517 if (p_dev_rec != NULL && 2518 ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) && 2519 !BTM_EPR_AVAILABLE(p)) { 2520 btsnd_hcic_set_conn_encrypt(p->hci_handle, false); 2521 p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF; 2522 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) 2523 p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF; 2524 } else /* Encryption not used or EPR supported, continue with switch 2525 and/or change of link key */ 2526 { 2527 if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) { 2528 p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS; 2529 #if (BTM_DISC_DURING_RS == TRUE) 2530 if (p_dev_rec) p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING; 2531 #endif 2532 btsnd_hcic_switch_role(p->remote_addr, (uint8_t)!p->link_role); 2533 } 2534 } 2535 } 2536 } 2537 2538 /******************************************************************************* 2539 * 2540 * Function btm_acl_resubmit_page 2541 * 2542 * Description send pending page request 2543 * 2544 ******************************************************************************/ 2545 void btm_acl_resubmit_page(void) { 2546 tBTM_SEC_DEV_REC* p_dev_rec; 2547 BT_HDR* p_buf; 2548 uint8_t* pp; 2549 BTM_TRACE_DEBUG("btm_acl_resubmit_page"); 2550 /* If there were other page request schedule can start the next one */ 2551 p_buf = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue); 2552 if (p_buf != NULL) { 2553 /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr 2554 * for both create_conn and rmt_name */ 2555 pp = (uint8_t*)(p_buf + 1) + p_buf->offset + 3; 2556 2557 RawAddress bda; 2558 STREAM_TO_BDADDR(bda, pp); 2559 2560 p_dev_rec = btm_find_or_alloc_dev(bda); 2561 2562 btm_cb.connecting_bda = p_dev_rec->bd_addr; 2563 memcpy(btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN); 2564 2565 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p_buf); 2566 } else { 2567 btm_cb.paging = false; 2568 } 2569 } 2570 2571 /******************************************************************************* 2572 * 2573 * Function btm_acl_reset_paging 2574 * 2575 * Description set paging to false and free the page queue - called at 2576 * hci_reset 2577 * 2578 ******************************************************************************/ 2579 void btm_acl_reset_paging(void) { 2580 BT_HDR* p; 2581 BTM_TRACE_DEBUG("btm_acl_reset_paging"); 2582 /* If we sent reset we are definitely not paging any more */ 2583 while ((p = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL) 2584 osi_free(p); 2585 2586 btm_cb.paging = false; 2587 } 2588 2589 /******************************************************************************* 2590 * 2591 * Function btm_acl_paging 2592 * 2593 * Description send a paging command or queue it in btm_cb 2594 * 2595 ******************************************************************************/ 2596 void btm_acl_paging(BT_HDR* p, const RawAddress& bda) { 2597 tBTM_SEC_DEV_REC* p_dev_rec; 2598 2599 VLOG(2) << __func__ << ":" << btm_cb.discing << " , paging:" << btm_cb.paging 2600 << " BDA: " << bda; 2601 2602 if (btm_cb.discing) { 2603 btm_cb.paging = true; 2604 fixed_queue_enqueue(btm_cb.page_queue, p); 2605 } else { 2606 if (!BTM_ACL_IS_CONNECTED(bda)) { 2607 VLOG(1) << "connecting_bda: " << btm_cb.connecting_bda; 2608 if (btm_cb.paging && bda != btm_cb.connecting_bda) { 2609 fixed_queue_enqueue(btm_cb.page_queue, p); 2610 } else { 2611 p_dev_rec = btm_find_or_alloc_dev(bda); 2612 btm_cb.connecting_bda = p_dev_rec->bd_addr; 2613 memcpy(btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN); 2614 2615 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p); 2616 } 2617 2618 btm_cb.paging = true; 2619 } else /* ACL is already up */ 2620 { 2621 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p); 2622 } 2623 } 2624 } 2625 2626 /******************************************************************************* 2627 * 2628 * Function btm_acl_notif_conn_collision 2629 * 2630 * Description Send connection collision event to upper layer if registered 2631 * 2632 * Returns true if sent out to upper layer, 2633 * false if no one needs the notification. 2634 * 2635 ******************************************************************************/ 2636 bool btm_acl_notif_conn_collision(const RawAddress& bda) { 2637 /* Report possible collision to the upper layer. */ 2638 if (btm_cb.p_bl_changed_cb) { 2639 VLOG(1) << __func__ << " RemBdAddr: " << bda; 2640 2641 tBTM_BL_EVENT_DATA evt_data; 2642 evt_data.event = BTM_BL_COLLISION_EVT; 2643 evt_data.conn.p_bda = &bda; 2644 evt_data.conn.transport = BT_TRANSPORT_BR_EDR; 2645 evt_data.conn.handle = BTM_INVALID_HCI_HANDLE; 2646 (*btm_cb.p_bl_changed_cb)(&evt_data); 2647 return true; 2648 } else { 2649 return false; 2650 } 2651 } 2652 2653 /******************************************************************************* 2654 * 2655 * Function btm_acl_chk_peer_pkt_type_support 2656 * 2657 * Description Check if peer supports requested packets 2658 * 2659 ******************************************************************************/ 2660 void btm_acl_chk_peer_pkt_type_support(tACL_CONN* p, uint16_t* p_pkt_type) { 2661 /* 3 and 5 slot packets? */ 2662 if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->peer_lmp_feature_pages[0])) 2663 *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 + BTM_ACL_PKT_TYPES_MASK_DM3); 2664 2665 if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->peer_lmp_feature_pages[0])) 2666 *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5); 2667 2668 /* 2 and 3 MPS support? */ 2669 if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_feature_pages[0])) 2670 /* Not supported. Add 'not_supported' mask for all 2MPS packet types */ 2671 *p_pkt_type |= 2672 (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + 2673 BTM_ACL_PKT_TYPES_MASK_NO_2_DH5); 2674 2675 if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_feature_pages[0])) 2676 /* Not supported. Add 'not_supported' mask for all 3MPS packet types */ 2677 *p_pkt_type |= 2678 (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 + 2679 BTM_ACL_PKT_TYPES_MASK_NO_3_DH5); 2680 2681 /* EDR 3 and 5 slot support? */ 2682 if (HCI_EDR_ACL_2MPS_SUPPORTED(p->peer_lmp_feature_pages[0]) || 2683 HCI_EDR_ACL_3MPS_SUPPORTED(p->peer_lmp_feature_pages[0])) { 2684 if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_feature_pages[0])) 2685 /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types 2686 */ 2687 *p_pkt_type |= 2688 (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3); 2689 2690 if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->peer_lmp_feature_pages[0])) 2691 /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types 2692 */ 2693 *p_pkt_type |= 2694 (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5); 2695 } 2696 } 2697