1 /******************************************************************************
3 * Copyright (C) 2003-2014 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains the action functions for device manager state
24 ******************************************************************************/
26 #define LOG_TAG "bt_bta_dm"
28 #include <base/bind.h>
29 #include <base/callback.h>
30 #include <base/logging.h>
33 #include "bt_common.h"
34 #include "bt_target.h"
37 #include "bta_dm_api.h"
38 #include "bta_dm_co.h"
39 #include "bta_dm_int.h"
44 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */
46 #include "osi/include/log.h"
47 #include "osi/include/osi.h"
51 #if (GAP_INCLUDED == TRUE)
55 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
57 static void bta_dm_inq_cmpl_cb(void* p_result);
58 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
59 DEV_CLASS dc, BD_NAME bd_name);
60 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name);
61 static void bta_dm_find_services(const RawAddress& bd_addr);
62 static void bta_dm_discover_next_device(void);
63 static void bta_dm_sdp_callback(uint16_t sdp_status);
64 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
65 DEV_CLASS dev_class, BD_NAME bd_name,
66 uint8_t* service_name, uint8_t service_id,
68 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
69 BD_NAME bd_name, bool min_16_digit);
70 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
71 DEV_CLASS dev_class, BD_NAME bd_name,
72 LINK_KEY key, uint8_t key_type);
73 static uint8_t bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
77 static void bta_dm_local_name_cback(const RawAddress& bd_addr);
78 static bool bta_dm_check_av(uint16_t event);
79 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data);
81 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
82 uint8_t app_id, const RawAddress* peer_addr);
84 /* Extended Inquiry Response */
85 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
86 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
89 static void bta_dm_set_eir(char* local_name);
91 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
92 tBTA_SERVICE_MASK* p_services_to_search,
93 tBTA_SERVICE_MASK* p_services_found);
95 static void bta_dm_search_timer_cback(void* data);
96 static void bta_dm_disable_conn_down_timer_cback(void* data);
97 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
98 uint8_t app_id, const RawAddress* peer_addr);
99 static void bta_dm_adjust_roles(bool delay_role_switch);
100 static char* bta_dm_get_remname(void);
101 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
103 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
104 tBT_TRANSPORT transport);
105 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
107 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status);
108 static void bta_dm_disable_search_and_disc(void);
110 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
111 tBTM_LE_EVT_DATA* p_data);
112 static void bta_dm_ble_id_key_cback(uint8_t key_type,
113 tBTM_BLE_LOCAL_KEYS* p_key);
114 static void bta_dm_gattc_register(void);
115 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
116 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr);
117 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
118 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
120 #if (BLE_VND_INCLUDED == TRUE)
121 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result);
124 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
125 #define BTA_DM_BLE_ADV_CHNL_MAP \
126 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
129 /* Disable timer interval (in milliseconds) */
130 #ifndef BTA_DM_DISABLE_TIMER_MS
131 #define BTA_DM_DISABLE_TIMER_MS 5000
134 /* Disable timer retrial interval (in milliseconds) */
135 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
136 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
139 /* Disable connection down timer (in milliseconds) */
140 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
141 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000
144 /* Switch delay timer (in milliseconds) */
145 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
146 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
149 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
150 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
151 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
153 static void bta_dm_observe_cmpl_cb(void* p_result);
154 static void bta_dm_delay_role_switch_cback(void* data);
155 static void bta_dm_disable_timer_cback(void* data);
157 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
158 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
159 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
160 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
161 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
162 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
163 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
164 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
165 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
166 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
167 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
168 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
169 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
170 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
171 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
172 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
173 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
174 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
175 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
176 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
177 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
178 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
179 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
180 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
181 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
182 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
183 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
184 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
185 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
186 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
187 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
191 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should
193 * the value BTA_MAX_SERVICE_ID in bta_api.h
195 * i.e., If you add new Service ID for BTA, the correct security ID of
197 * from Security service definitions (btm_api.h) should be added to
200 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = {
202 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
203 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */
204 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */
205 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */
206 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */
207 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
208 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */
209 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */
210 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */
211 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */
212 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
213 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */
214 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */
215 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */
216 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */
217 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */
218 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */
219 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */
220 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */
221 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */
222 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */
223 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */
224 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
225 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
226 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */
227 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */
228 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */
229 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */
230 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */
233 /* bta security callback */
234 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback,
236 &bta_dm_new_link_key_cback,
237 &bta_dm_authentication_complete_cback,
238 &bta_dm_bond_cancel_complete_cback,
239 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
244 &bta_dm_ble_smp_cback,
245 &bta_dm_ble_id_key_cback};
247 #define MAX_DISC_RAW_DATA_BUF (4096)
248 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
250 extern DEV_CLASS local_device_default_class;
252 /*******************************************************************************
254 * Function bta_dm_enable
256 * Description Initialises the BT device manager
261 ******************************************************************************/
262 void bta_dm_enable(tBTA_DM_MSG* p_data) {
263 tBTA_DM_ENABLE enable_event;
265 /* if already in use, return an error */
266 if (bta_dm_cb.is_bta_dm_active == true) {
267 APPL_TRACE_WARNING("%s Device already started by another application",
269 memset(&enable_event, 0, sizeof(tBTA_DM_ENABLE));
270 enable_event.status = BTA_FAILURE;
271 if (p_data->enable.p_sec_cback != NULL)
272 p_data->enable.p_sec_cback(BTA_DM_ENABLE_EVT,
273 (tBTA_DM_SEC*)&enable_event);
277 /* first, register our callback to SYS HW manager */
278 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
280 /* make sure security callback is saved - if no callback, do not erase the
282 it could be an error recovery mechanism */
283 if (p_data->enable.p_sec_cback != NULL)
284 bta_dm_cb.p_sec_cback = p_data->enable.p_sec_cback;
285 /* notify BTA DM is now active */
286 bta_dm_cb.is_bta_dm_active = true;
288 /* send a message to BTA SYS */
289 tBTA_SYS_HW_MSG* sys_enable_event =
290 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
291 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT;
292 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
294 bta_sys_sendmsg(sys_enable_event);
297 /*******************************************************************************
299 * Function bta_dm_init_cb
301 * Description Initializes the bta_dm_cb control block
306 ******************************************************************************/
307 void bta_dm_init_cb(void) {
308 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
309 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
310 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
311 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
312 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
313 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
318 /*******************************************************************************
320 * Function bta_dm_deinit_cb
322 * Description De-initializes the bta_dm_cb control block
327 ******************************************************************************/
328 void bta_dm_deinit_cb(void) {
330 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
333 alarm_free(bta_dm_cb.disable_timer);
334 alarm_free(bta_dm_cb.switch_delay_timer);
335 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
336 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
337 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
340 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
343 /*******************************************************************************
345 * Function bta_dm_sys_hw_cback
347 * Description callback register to SYS to get HW status updates
352 ******************************************************************************/
353 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) {
355 tBTA_DM_SEC_CBACK* temp_cback;
356 uint8_t key_mask = 0;
358 tBTA_BLE_LOCAL_ID_KEYS id_key;
360 APPL_TRACE_DEBUG("%s with event: %i", __func__, status);
362 /* On H/W error evt, report to the registered DM application callback */
363 if (status == BTA_SYS_HW_ERROR_EVT) {
364 if (bta_dm_cb.p_sec_cback != NULL)
365 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL);
369 if (status == BTA_SYS_HW_OFF_EVT) {
370 if (bta_dm_cb.p_sec_cback != NULL)
371 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
373 /* reinitialize the control block */
376 /* hw is ready, go on with BTA DM initialization */
377 alarm_free(bta_dm_search_cb.search_timer);
378 alarm_free(bta_dm_search_cb.gatt_close_timer);
379 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
381 /* unregister from SYS */
382 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH);
383 /* notify BTA DM is now unactive */
384 bta_dm_cb.is_bta_dm_active = false;
385 } else if (status == BTA_SYS_HW_ON_EVT) {
386 /* FIXME: We should not unregister as the SYS shall invoke this callback on
388 * We need to revisit when this platform has more than one BLuetooth H/W
391 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
393 /* save security callback */
394 temp_cback = bta_dm_cb.p_sec_cback;
395 /* make sure the control block is properly initialized */
397 /* and retrieve the callback */
398 bta_dm_cb.p_sec_cback = temp_cback;
399 bta_dm_cb.is_bta_dm_active = true;
401 /* hw is ready, go on with BTA DM initialization */
402 alarm_free(bta_dm_search_cb.search_timer);
403 alarm_free(bta_dm_search_cb.gatt_close_timer);
404 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
406 * TODO: Should alarm_free() the bta_dm_search_cb timers during
409 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
410 bta_dm_search_cb.gatt_close_timer =
411 alarm_new("bta_dm_search.gatt_close_timer");
413 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
414 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
416 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class));
417 BTM_SetDeviceClass(dev_class);
419 /* load BLE local information: ID keys, ER if available */
420 bta_dm_co_ble_load_local_keys(&key_mask, er, &id_key);
422 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
423 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER,
424 (tBTM_BLE_LOCAL_KEYS*)&er);
426 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
427 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID,
428 (tBTM_BLE_LOCAL_KEYS*)&id_key);
430 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID;
432 BTM_SecRegister((tBTM_APPL_INFO*)&bta_security);
433 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout);
434 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
435 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings;
436 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
437 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL,
438 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK);
440 #if (BLE_VND_INCLUDED == TRUE)
441 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
443 /* If VSC multi adv commands are available, advertising will be initialized
444 * when capabilities are read. If they are not avaliable, initialize
445 * advertising here */
449 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
451 from the control block and invoking the callback which was sending the
453 But then we have a few HCI commands being invoked above which were still
455 when the ENABLE_EVT was sent. So modified this to fetch the local name
457 the DM_ENABLE_EVT to be sent only after all the init steps are complete
459 BTM_ReadLocalDeviceNameFromController(
460 (tBTM_CMPL_CB*)bta_dm_local_name_cback);
462 bta_sys_rm_register((tBTA_SYS_CONN_CBACK*)bta_dm_rm_cback);
464 /* initialize bluetooth low power manager */
467 bta_sys_policy_register((tBTA_SYS_CONN_CBACK*)bta_dm_policy_cback);
469 bta_dm_gattc_register();
472 APPL_TRACE_DEBUG(" --- ignored event");
475 /*******************************************************************************
477 * Function bta_dm_disable
479 * Description Disables the BT device manager
484 ******************************************************************************/
485 void bta_dm_disable(UNUSED_ATTR tBTA_DM_MSG* p_data) {
486 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
487 * last channel is closed) */
488 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
489 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
491 /* disable all active subsystems */
492 bta_sys_disable(BTA_SYS_HW_BLUETOOTH);
494 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0);
495 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0);
498 bta_dm_disable_search_and_disc();
499 bta_dm_cb.disabling = true;
501 BTM_BleClearBgConnDev();
503 if (BTM_GetNumAclLinks() == 0) {
504 #if (BTA_DISABLE_DELAY > 0)
505 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the
507 * BTA_DISABLE_DELAY milliseconds
509 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__,
511 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY,
512 bta_dm_disable_conn_down_timer_cback, NULL);
514 bta_dm_disable_conn_down_timer_cback(NULL);
517 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS,
518 bta_dm_disable_timer_cback, UINT_TO_PTR(0));
522 /*******************************************************************************
524 * Function bta_dm_disable_timer_cback
526 * Description Called if the disable timer expires
527 * Used to close ACL connections which are still active
533 ******************************************************************************/
534 static void bta_dm_disable_timer_cback(void* data) {
536 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
537 bool trigger_disc = false;
538 uint32_t param = PTR_TO_UINT(data);
540 APPL_TRACE_EVENT("%s trial %u", __func__, param);
542 if (BTM_GetNumAclLinks() && (param == 0)) {
543 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
544 transport = bta_dm_cb.device_list.peer_device[i].transport;
545 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
550 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still
552 to be sent out to avoid jave layer disable timeout */
554 alarm_set_on_mloop(bta_dm_cb.disable_timer,
555 BTA_DM_DISABLE_TIMER_RETRIAL_MS,
556 bta_dm_disable_timer_cback, UINT_TO_PTR(1));
559 bta_dm_cb.disabling = false;
561 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
562 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
566 /*******************************************************************************
568 * Function bta_dm_set_dev_name
570 * Description Sets local device name
575 ******************************************************************************/
576 void bta_dm_set_dev_name(tBTA_DM_MSG* p_data) {
577 BTM_SetLocalDeviceName((char*)p_data->set_name.name);
578 bta_dm_set_eir((char*)p_data->set_name.name);
581 /*******************************************************************************
583 * Function bta_dm_set_visibility
585 * Description Sets discoverability, connectability and pairability
590 ******************************************************************************/
591 void bta_dm_set_visibility(tBTA_DM_MSG* p_data) {
592 uint16_t window, interval;
593 uint16_t le_disc_mode = BTM_BleReadDiscoverability();
594 uint16_t le_conn_mode = BTM_BleReadConnectability();
595 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval);
596 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval);
598 /* set modes for Discoverability and connectability if not ignore */
599 if (p_data->set_visibility.disc_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
600 if ((p_data->set_visibility.disc_mode & BTA_DM_LE_IGNORE) ==
602 p_data->set_visibility.disc_mode =
603 ((p_data->set_visibility.disc_mode & ~BTA_DM_LE_IGNORE) |
605 if ((p_data->set_visibility.disc_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE)
606 p_data->set_visibility.disc_mode =
607 ((p_data->set_visibility.disc_mode & ~BTA_DM_IGNORE) | disc_mode);
609 BTM_SetDiscoverability(p_data->set_visibility.disc_mode,
610 bta_dm_cb.inquiry_scan_window,
611 bta_dm_cb.inquiry_scan_interval);
614 if (p_data->set_visibility.conn_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
615 if ((p_data->set_visibility.conn_mode & BTA_DM_LE_IGNORE) ==
617 p_data->set_visibility.conn_mode =
618 ((p_data->set_visibility.conn_mode & ~BTA_DM_LE_IGNORE) |
620 if ((p_data->set_visibility.conn_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE)
621 p_data->set_visibility.conn_mode =
622 ((p_data->set_visibility.conn_mode & ~BTA_DM_IGNORE) | conn_mode);
624 BTM_SetConnectability(p_data->set_visibility.conn_mode,
625 bta_dm_cb.page_scan_window,
626 bta_dm_cb.page_scan_interval);
629 /* Send False or True if not ignore */
630 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE) {
631 if (p_data->set_visibility.pair_mode == BTA_DM_NON_PAIRABLE)
632 bta_dm_cb.disable_pair_mode = true;
634 bta_dm_cb.disable_pair_mode = false;
637 /* Send False or True if not ignore */
638 if (p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE) {
639 if (p_data->set_visibility.conn_paired_only == BTA_DM_CONN_ALL)
640 bta_dm_cb.conn_paired_only = false;
642 bta_dm_cb.conn_paired_only = true;
645 /* Change mode if either mode is not ignore */
646 if (p_data->set_visibility.pair_mode != BTA_DM_IGNORE ||
647 p_data->set_visibility.conn_paired_only != BTA_DM_IGNORE)
648 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)),
649 bta_dm_cb.conn_paired_only);
652 /*******************************************************************************
654 * Function bta_dm_process_remove_device
656 * Description Removes device, Disconnects ACL link if required.
658 ******************************************************************************/
659 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
660 /* need to remove all pending background connection before unpair */
661 BTA_GATTC_CancelOpen(0, bd_addr, false);
663 BTM_SecDeleteDevice(bd_addr);
665 /* remove all cached GATT information */
666 BTA_GATTC_Refresh(bd_addr);
668 if (bta_dm_cb.p_sec_cback) {
669 tBTA_DM_SEC sec_event;
670 sec_event.link_down.bd_addr = bd_addr;
672 /* No connection, set status to success (acl disc code not valid) */
673 sec_event.link_down.status = HCI_SUCCESS;
674 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
678 /*******************************************************************************
680 * Function bta_dm_remove_device
682 * Description Removes device, disconnects ACL link if required.
684 ******************************************************************************/
685 void bta_dm_remove_device(tBTA_DM_MSG* p_data) {
686 tBTA_DM_API_REMOVE_DEVICE* p_dev = &p_data->remove_dev;
687 bool continue_delete_other_dev = false;
688 if (p_dev == NULL) return;
690 RawAddress other_address = p_dev->bd_addr;
692 /* If ACL exists for the device in the remove_bond message*/
693 bool continue_delete_dev = false;
694 uint8_t other_transport = BT_TRANSPORT_INVALID;
696 if (BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_LE) ||
697 BTM_IsAclConnectionUp(p_dev->bd_addr, BT_TRANSPORT_BR_EDR)) {
698 APPL_TRACE_DEBUG("%s: ACL Up count %d", __func__,
699 bta_dm_cb.device_list.count);
700 continue_delete_dev = false;
702 /* Take the link down first, and mark the device for removal when
704 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
705 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == p_dev->bd_addr) {
706 uint8_t transport = BT_TRANSPORT_BR_EDR;
708 transport = bta_dm_cb.device_list.peer_device[i].transport;
709 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING;
710 btm_remove_acl(p_dev->bd_addr, transport);
711 APPL_TRACE_DEBUG("%s:transport = %d", __func__,
712 bta_dm_cb.device_list.peer_device[i].transport);
714 /* save the other transport to check if device is connected on
716 if (bta_dm_cb.device_list.peer_device[i].transport == BT_TRANSPORT_LE)
717 other_transport = BT_TRANSPORT_BR_EDR;
719 other_transport = BT_TRANSPORT_LE;
725 continue_delete_dev = true;
727 // If it is DUMO device and device is paired as different address, unpair that
729 // if different address
730 if ((other_transport &&
731 (BTM_ReadConnectedTransportAddress(&other_address, other_transport))) ||
733 (BTM_ReadConnectedTransportAddress(&other_address,
734 BT_TRANSPORT_BR_EDR) ||
735 BTM_ReadConnectedTransportAddress(&other_address, BT_TRANSPORT_LE)))) {
736 continue_delete_other_dev = false;
737 /* Take the link down first, and mark the device for removal when
739 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
740 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == other_address) {
741 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_UNPAIRING;
742 btm_remove_acl(other_address,
743 bta_dm_cb.device_list.peer_device[i].transport);
748 APPL_TRACE_DEBUG("%s: continue to delete the other dev ", __func__);
749 continue_delete_other_dev = true;
751 /* Delete the device mentioned in the msg */
752 if (continue_delete_dev) bta_dm_process_remove_device(p_dev->bd_addr);
754 /* Delete the other paired device too */
755 if (continue_delete_other_dev && !other_address.IsEmpty())
756 bta_dm_process_remove_device(other_address);
759 /*******************************************************************************
761 * Function bta_dm_add_device
763 * Description This function adds a Link Key to an security database entry.
764 * It is normally called during host startup to restore all
765 * required information stored in the NVRAM.
767 ******************************************************************************/
768 void bta_dm_add_device(tBTA_DM_MSG* p_data) {
769 tBTA_DM_API_ADD_DEVICE* p_dev = &p_data->add_dev;
770 uint8_t* p_dc = NULL;
771 uint8_t* p_lc = NULL;
772 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
774 uint8_t btm_mask_index = 0;
776 memset(trusted_services_mask, 0, sizeof(trusted_services_mask));
778 /* If not all zeros, the device class has been specified */
779 if (p_dev->dc_known) p_dc = (uint8_t*)p_dev->dc;
781 if (p_dev->link_key_known) p_lc = (uint8_t*)p_dev->link_key;
783 if (p_dev->is_trusted) {
784 /* covert BTA service mask to BTM mask */
785 while (p_dev->tm && (index < BTA_MAX_SERVICE_ID)) {
786 if (p_dev->tm & (uint32_t)(1 << index)) {
788 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS;
789 trusted_services_mask[btm_mask_index] |=
790 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] -
791 (uint32_t)(btm_mask_index * 32)));
793 p_dev->tm &= (uint32_t)(~(1 << index));
799 if (!BTM_SecAddDevice(p_dev->bd_addr, p_dc, p_dev->bd_name, p_dev->features,
800 trusted_services_mask, p_lc, p_dev->key_type,
801 p_dev->io_cap, p_dev->pin_length)) {
802 LOG(ERROR) << "BTA_DM: Error adding device " << p_dev->bd_addr;
806 /*******************************************************************************
808 * Function bta_dm_close_acl
810 * Description This function forces to close the connection to a remote
811 * device and optionaly remove the device from security
812 * database if required.
814 ******************************************************************************/
815 void bta_dm_close_acl(tBTA_DM_MSG* p_data) {
816 tBTA_DM_API_REMOVE_ACL* p_remove_acl = &p_data->remove_acl;
819 APPL_TRACE_DEBUG("bta_dm_close_acl");
821 if (BTM_IsAclConnectionUp(p_remove_acl->bd_addr, p_remove_acl->transport)) {
822 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
823 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr ==
824 p_remove_acl->bd_addr)
827 if (index != bta_dm_cb.device_list.count) {
828 if (p_remove_acl->remove_dev)
829 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
831 APPL_TRACE_ERROR("unknown device, remove ACL failed");
833 /* Disconnect the ACL link */
834 btm_remove_acl(p_remove_acl->bd_addr, p_remove_acl->transport);
836 /* if to remove the device from security database ? do it now */
837 else if (p_remove_acl->remove_dev) {
838 if (!BTM_SecDeleteDevice(p_remove_acl->bd_addr)) {
839 APPL_TRACE_ERROR("delete device from security database failed.");
841 /* need to remove all pending background connection if any */
842 BTA_GATTC_CancelOpen(0, p_remove_acl->bd_addr, false);
843 /* remove all cached GATT information */
844 BTA_GATTC_Refresh(p_remove_acl->bd_addr);
846 /* otherwise, no action needed */
849 /*******************************************************************************
851 * Function bta_dm_remove_all_acl
853 * Description This function forces to close all the ACL links specified by
856 ******************************************************************************/
857 void bta_dm_remove_all_acl(tBTA_DM_MSG* p_data) {
858 const tBTA_DM_LINK_TYPE link_type = p_data->remove_all_acl.link_type;
859 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
861 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type);
863 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
864 transport = bta_dm_cb.device_list.peer_device[i].transport;
865 if ((link_type == BTA_DM_LINK_TYPE_ALL) ||
866 ((link_type == BTA_DM_LINK_TYPE_LE) &&
867 (transport == BT_TRANSPORT_LE)) ||
868 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) &&
869 (transport == BT_TRANSPORT_BR_EDR))) {
870 /* Disconnect the ACL link */
871 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
877 /*******************************************************************************
879 * Function bta_dm_bond
881 * Description Bonds with peer device
886 ******************************************************************************/
887 void bta_dm_bond(tBTA_DM_MSG* p_data) {
889 tBTA_DM_SEC sec_event;
892 if (p_data->bond.transport == BTA_TRANSPORT_UNKNOWN)
893 status = BTM_SecBond(p_data->bond.bd_addr, 0, NULL, 0);
895 status = BTM_SecBondByTransport(p_data->bond.bd_addr,
896 p_data->bond.transport, 0, NULL, 0);
898 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
899 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
900 sec_event.auth_cmpl.bd_addr = p_data->bond.bd_addr;
901 p_name = BTM_SecReadDevName(p_data->bond.bd_addr);
902 if (p_name != NULL) {
903 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1));
904 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
907 /* taken care of by memset [above]
908 sec_event.auth_cmpl.key_present = false;
909 sec_event.auth_cmpl.success = false;
911 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
912 if (status == BTM_SUCCESS) {
913 sec_event.auth_cmpl.success = true;
915 /* delete this device entry from Sec Dev DB */
916 bta_dm_remove_sec_dev_entry(p_data->bond.bd_addr);
918 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
922 /*******************************************************************************
924 * Function bta_dm_bond_cancel
926 * Description Cancels bonding with a peer device
931 ******************************************************************************/
932 void bta_dm_bond_cancel(tBTA_DM_MSG* p_data) {
934 tBTA_DM_SEC sec_event;
936 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
937 status = BTM_SecBondCancel(p_data->bond_cancel.bd_addr);
939 if (bta_dm_cb.p_sec_cback &&
940 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
941 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
943 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
947 /*******************************************************************************
949 * Function bta_dm_pin_reply
951 * Description Send the pin_reply to a request from BTM
956 ******************************************************************************/
957 void bta_dm_pin_reply(tBTA_DM_MSG* p_data) {
958 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
959 uint32_t* current_trusted_mask;
961 current_trusted_mask = BTM_ReadTrustedMask(p_data->pin_reply.bd_addr);
963 if (current_trusted_mask) {
964 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask));
966 memset(trusted_mask, 0, sizeof(trusted_mask));
969 if (p_data->pin_reply.accept) {
970 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_SUCCESS,
971 p_data->pin_reply.pin_len, p_data->pin_reply.p_pin,
974 BTM_PINCodeReply(p_data->pin_reply.bd_addr, BTM_NOT_AUTHORIZED, 0, NULL,
979 /*******************************************************************************
981 * Function bta_dm_policy_cback
983 * Description process the link policy changes
987 ******************************************************************************/
988 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
989 uint8_t app_id, const RawAddress* peer_addr) {
990 tBTA_DM_PEER_DEVICE* p_dev = NULL;
991 uint16_t policy = app_id;
992 uint32_t mask = (uint32_t)(1 << id);
994 if (peer_addr) p_dev = bta_dm_find_peer_device(*peer_addr);
996 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy);
998 case BTA_SYS_PLCY_SET:
1000 /* restore the default link policy */
1001 p_dev->link_policy |= policy;
1002 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
1005 case BTA_SYS_PLCY_CLR:
1007 /* clear the policy from the default link policy */
1008 p_dev->link_policy &= (~policy);
1009 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
1011 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) {
1012 /* if clearing sniff/park, wake the link */
1013 bta_dm_pm_active(p_dev->peer_bdaddr);
1017 case BTA_SYS_PLCY_DEF_SET:
1018 /* want to restore/set the role switch policy */
1019 bta_dm_cb.role_policy_mask &= ~mask;
1020 if (0 == bta_dm_cb.role_policy_mask) {
1021 /* if nobody wants to insist on the role */
1022 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH;
1023 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
1027 case BTA_SYS_PLCY_DEF_CLR:
1028 /* want to remove the role switch policy */
1029 bta_dm_cb.role_policy_mask |= mask;
1030 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
1031 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
1036 /*******************************************************************************
1038 * Function bta_dm_confirm
1040 * Description Send the user confirm request reply in response to a
1045 ******************************************************************************/
1046 void bta_dm_confirm(tBTA_DM_MSG* p_data) {
1047 tBTM_STATUS res = BTM_NOT_AUTHORIZED;
1049 if (p_data->confirm.accept == true) res = BTM_SUCCESS;
1050 BTM_ConfirmReqReply(res, p_data->confirm.bd_addr);
1053 /*******************************************************************************
1055 * Function bta_dm_loc_oob
1057 * Description Retrieve the OOB data from the local LM
1061 ******************************************************************************/
1062 void bta_dm_loc_oob(UNUSED_ATTR tBTA_DM_MSG* p_data) { BTM_ReadLocalOobData(); }
1064 /*******************************************************************************
1066 * Function bta_dm_ci_io_req_act
1068 * Description respond to the IO capabilities request from BTM
1072 ******************************************************************************/
1073 void bta_dm_ci_io_req_act(tBTA_DM_MSG* p_data) {
1074 tBTM_AUTH_REQ auth_req = BTM_AUTH_AP_NO;
1075 if (p_data->ci_io_req.auth_req) auth_req = BTM_AUTH_AP_YES;
1076 BTM_IoCapRsp(p_data->ci_io_req.bd_addr, p_data->ci_io_req.io_cap,
1077 p_data->ci_io_req.oob_data, auth_req);
1080 /*******************************************************************************
1082 * Function bta_dm_ci_rmt_oob_act
1084 * Description respond to the OOB data request for the remote device from
1090 ******************************************************************************/
1091 void bta_dm_ci_rmt_oob_act(tBTA_DM_MSG* p_data) {
1092 tBTM_STATUS res = BTM_NOT_AUTHORIZED;
1094 if (p_data->ci_rmt_oob.accept == true) res = BTM_SUCCESS;
1095 BTM_RemoteOobDataReply(res, p_data->ci_rmt_oob.bd_addr, p_data->ci_rmt_oob.c,
1096 p_data->ci_rmt_oob.r);
1099 /*******************************************************************************
1101 * Function bta_dm_search_start
1103 * Description Starts an inquiry
1108 ******************************************************************************/
1109 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
1110 tBTM_INQUIRY_CMPL result;
1112 size_t len = sizeof(tBT_UUID) * p_data->search.num_uuid;
1113 bta_dm_gattc_register();
1115 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
1116 p_bta_dm_cfg->avoid_scatter);
1118 if (p_bta_dm_cfg->avoid_scatter &&
1119 (p_data->search.rs_res == BTA_DM_RS_NONE) &&
1120 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) {
1121 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH));
1125 BTM_ClearInqDb(NULL);
1126 /* save search params */
1127 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
1128 bta_dm_search_cb.services = p_data->search.services;
1130 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1132 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 &&
1133 p_data->search.p_uuid != NULL) {
1134 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len);
1135 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->search.p_uuid, len);
1137 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params,
1138 bta_dm_inq_results_cb,
1139 (tBTM_CMPL_CB*)bta_dm_inq_cmpl_cb);
1141 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
1142 if (result.status != BTM_CMD_STARTED) {
1143 result.num_resp = 0;
1144 bta_dm_inq_cmpl_cb((void*)&result);
1148 /*******************************************************************************
1150 * Function bta_dm_search_cancel
1152 * Description Cancels an ongoing search for devices
1157 ******************************************************************************/
1158 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1161 if (BTM_IsInquiryActive()) {
1162 if (BTM_CancelInquiry() == BTM_SUCCESS) {
1163 bta_dm_search_cancel_notify(NULL);
1164 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1165 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1166 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1167 bta_sys_sendmsg(p_msg);
1169 /* flag a search cancel is pending */
1170 bta_dm_search_cb.cancel_pending = true;
1173 /* If no Service Search going on then issue cancel remote name in case it is
1175 else if (!bta_dm_search_cb.name_discover_done) {
1176 BTM_CancelRemoteDeviceName();
1178 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1179 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1180 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1181 bta_sys_sendmsg(p_msg);
1183 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1184 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
1185 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1186 bta_sys_sendmsg(p_msg);
1189 if (bta_dm_search_cb.gatt_disc_active) {
1190 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1194 /*******************************************************************************
1196 * Function bta_dm_discover
1198 * Description Discovers services on a remote device
1203 ******************************************************************************/
1204 void bta_dm_discover(tBTA_DM_MSG* p_data) {
1205 size_t len = sizeof(tBT_UUID) * p_data->discover.num_uuid;
1206 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__,
1207 p_data->discover.services, p_data->discover.sdp_search);
1209 /* save the search condition */
1210 bta_dm_search_cb.services = p_data->discover.services;
1212 bta_dm_gattc_register();
1213 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1214 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 &&
1215 p_data->discover.p_uuid != NULL) {
1216 bta_dm_search_cb.p_srvc_uuid = (tBT_UUID*)osi_malloc(len);
1217 memcpy(bta_dm_search_cb.p_srvc_uuid, p_data->discover.p_uuid, len);
1219 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1221 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
1222 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1223 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1224 bta_dm_search_cb.service_index = 0;
1225 bta_dm_search_cb.services_found = 0;
1226 bta_dm_search_cb.peer_name[0] = 0;
1227 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1228 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
1229 bta_dm_search_cb.transport = p_data->discover.transport;
1231 bta_dm_search_cb.name_discover_done = false;
1232 memcpy(&bta_dm_search_cb.uuid, &p_data->discover.uuid, sizeof(tSDP_UUID));
1233 bta_dm_discover_device(p_data->discover.bd_addr);
1236 /*******************************************************************************
1238 * Function bta_dm_di_disc_cmpl
1240 * Description Sends event to application when DI discovery complete
1244 ******************************************************************************/
1245 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) {
1246 tBTA_DM_DI_DISC_CMPL di_disc;
1248 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1249 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1251 if ((p_data->hdr.offset == SDP_SUCCESS) ||
1252 (p_data->hdr.offset == SDP_DB_FULL)) {
1253 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db);
1255 di_disc.result = BTA_FAILURE;
1257 bta_dm_di_cb.p_di_db = NULL;
1258 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT,
1259 (tBTA_DM_SEARCH*)&di_disc);
1262 /*******************************************************************************
1264 * Function bta_dm_di_disc_callback
1266 * Description This function queries a remote device for DI information.
1271 ******************************************************************************/
1272 static void bta_dm_di_disc_callback(uint16_t result) {
1273 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1275 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1276 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1277 p_msg->hdr.offset = result;
1279 bta_sys_sendmsg(p_msg);
1282 /*******************************************************************************
1284 * Function bta_dm_disable_search_and_disc
1286 * Description Cancels an ongoing search or discovery for devices in case
1287 * of a Bluetooth disable
1292 ******************************************************************************/
1293 static void bta_dm_disable_search_and_disc(void) {
1294 tBTA_DM_DI_DISC_CMPL di_disc;
1296 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL);
1298 if (bta_dm_di_cb.p_di_db != NULL) {
1299 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1300 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1301 di_disc.result = BTA_FAILURE;
1303 bta_dm_di_cb.p_di_db = NULL;
1304 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL);
1308 /*******************************************************************************
1310 * Function bta_dm_di_disc
1312 * Description This function queries a remote device for DI information.
1317 ******************************************************************************/
1318 void bta_dm_di_disc(tBTA_DM_MSG* p_data) {
1319 uint16_t result = BTA_FAILURE;
1321 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback;
1322 bta_dm_search_cb.peer_bdaddr = p_data->di_disc.bd_addr;
1323 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db;
1325 bta_dm_search_cb.p_sdp_db =
1326 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1327 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db,
1328 p_data->di_disc.len,
1329 bta_dm_di_disc_callback) == SDP_SUCCESS) {
1330 result = BTA_SUCCESS;
1333 if (result == BTA_FAILURE) {
1334 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1336 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1337 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1338 p_data->hdr.offset = result;
1339 bta_sys_sendmsg(p_msg);
1343 /*******************************************************************************
1345 * Function bta_dm_read_remote_device_name
1347 * Description Initiate to get remote device name
1349 * Returns true if started to get remote name
1351 ******************************************************************************/
1352 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
1353 tBT_TRANSPORT transport) {
1354 tBTM_STATUS btm_status;
1356 APPL_TRACE_DEBUG("%s", __func__);
1358 bta_dm_search_cb.peer_bdaddr = bd_addr;
1359 bta_dm_search_cb.peer_name[0] = 0;
1362 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1363 (tBTM_CMPL_CB*)bta_dm_remname_cback, transport);
1365 if (btm_status == BTM_CMD_STARTED) {
1366 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
1369 } else if (btm_status == BTM_BUSY) {
1370 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1372 /* Remote name discovery is on going now so BTM cannot notify through
1373 * "bta_dm_remname_cback" */
1374 /* adding callback to get notified that current reading remore name done */
1375 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1379 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
1386 /*******************************************************************************
1388 * Function bta_dm_inq_cmpl
1390 * Description Process the inquiry complete event from BTM
1394 ******************************************************************************/
1395 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) {
1396 tBTA_DM_SEARCH data;
1398 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1400 data.inq_cmpl.num_resps = p_data->inq_cmpl.num;
1401 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1403 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1404 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1405 /* start name and service discovery from the first device on inquiry result
1407 bta_dm_search_cb.name_discover_done = false;
1408 bta_dm_search_cb.peer_name[0] = 0;
1409 bta_dm_discover_device(
1410 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1412 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1414 /* no devices, search complete */
1415 bta_dm_search_cb.services = 0;
1417 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1418 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1419 bta_sys_sendmsg(p_msg);
1423 /*******************************************************************************
1425 * Function bta_dm_rmt_name
1427 * Description Process the remote name result from BTM
1431 ******************************************************************************/
1432 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1433 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1435 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1436 bta_dm_search_cb.p_btm_inq_info) {
1437 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1440 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1443 /*******************************************************************************
1445 * Function bta_dm_disc_rmt_name
1447 * Description Process the remote name result from BTM when application
1448 * wants to find the name for a bdaddr
1452 ******************************************************************************/
1453 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1454 tBTM_INQ_INFO* p_btm_inq_info;
1456 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1458 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1459 if (p_btm_inq_info) {
1460 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1461 p_btm_inq_info->appl_knows_rem_name = true;
1465 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1468 /*******************************************************************************
1470 * Function bta_dm_sdp_result
1472 * Description Process the discovery result from sdp
1476 ******************************************************************************/
1477 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1478 tSDP_DISC_REC* p_sdp_rec = NULL;
1480 bool scn_found = false;
1481 uint16_t service = 0xFFFF;
1482 tSDP_PROTOCOL_ELEM pe;
1484 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid;
1485 tBTA_DM_SEARCH result;
1486 tBT_UUID service_uuid;
1488 uint32_t num_uuids = 0;
1489 uint8_t uuid_list[32][MAX_UUID_SIZE]; // assuming a max of 32 services
1491 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1492 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1493 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1494 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1497 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1498 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db,
1499 &bta_dm_search_cb.uuid, p_sdp_rec);
1501 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1502 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1503 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1508 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1510 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1512 /* finished with BR/EDR services, now we check the result for GATT based
1514 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1515 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) {
1517 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search);
1518 /* only support 16 bits UUID for now */
1519 service = p_uuid->uu.uuid16;
1521 /* all GATT based services */
1523 /* find a service record, report it */
1525 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1527 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1528 /* send result back to app now, one by one */
1529 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1530 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1532 result.disc_ble_res.service.len = service_uuid.len;
1533 result.disc_ble_res.service.uu.uuid16 = service_uuid.uu.uuid16;
1535 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1539 if (bta_dm_search_cb.uuid_to_search > 0) break;
1541 } while (p_sdp_rec);
1543 /* SDP_DB_FULL means some records with the
1544 required attributes were received */
1545 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1546 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1547 (p_sdp_rec != NULL)) {
1548 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1549 uint16_t tmp_svc = 0xFFFF;
1550 bta_dm_search_cb.services_found |=
1551 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1552 bta_dm_search_cb.service_index - 1));
1554 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1556 /* Add to the list of UUIDs */
1557 sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);
1563 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1564 bta_dm_search_cb.services_to_search == 0) {
1565 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1566 bta_dm_search_cb.uuid_to_search > 0)
1567 bta_dm_search_cb.uuid_to_search--;
1569 if (bta_dm_search_cb.uuid_to_search == 0 ||
1570 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1571 bta_dm_search_cb.service_index++;
1572 } else /* regular one service per search or PNP search */
1575 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1577 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1578 bta_dm_search_cb.services_found);
1580 /* Collect the 128-bit services here and put them into the list */
1581 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1585 /* find a service record, report it */
1587 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1589 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1590 memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);
1594 } while (p_sdp_rec);
1596 /* if there are more services to search for */
1597 if (bta_dm_search_cb.services_to_search) {
1598 /* Free up the p_sdp_db before checking the next one */
1599 bta_dm_free_sdp_db(NULL);
1600 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1603 /* start next bd_addr if necessary */
1605 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1607 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1608 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1609 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1610 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
1611 p_msg->disc_result.result.disc_res.raw_data_size = 0;
1612 p_msg->disc_result.result.disc_res.num_uuids = num_uuids;
1613 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1614 if (num_uuids > 0) {
1615 p_msg->disc_result.result.disc_res.p_uuid_list =
1616 (uint8_t*)osi_malloc(num_uuids * MAX_UUID_SIZE);
1617 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list,
1618 num_uuids * MAX_UUID_SIZE);
1620 // Copy the raw_data to the discovery result structure
1621 if (bta_dm_search_cb.p_sdp_db != NULL &&
1622 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1623 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1624 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1625 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1626 bta_dm_search_cb.p_sdp_db->raw_data);
1628 p_msg->disc_result.result.disc_res.p_raw_data =
1629 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used);
1630 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
1631 bta_dm_search_cb.p_sdp_db->raw_data,
1632 bta_dm_search_cb.p_sdp_db->raw_used);
1634 p_msg->disc_result.result.disc_res.raw_data_size =
1635 bta_dm_search_cb.p_sdp_db->raw_used;
1637 bta_dm_search_cb.p_sdp_db->raw_data =
1638 NULL; // no need to free this - it is a global assigned.
1639 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1640 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1642 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1645 /* Done with p_sdp_db. Free it */
1646 bta_dm_free_sdp_db(NULL);
1647 p_msg->disc_result.result.disc_res.services =
1648 bta_dm_search_cb.services_found;
1650 // Piggy back the SCN over result field
1652 p_msg->disc_result.result.disc_res.result =
1653 (3 + bta_dm_search_cb.peer_scn);
1654 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1656 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1657 bta_dm_search_cb.peer_scn);
1659 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1660 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1661 bta_dm_get_remname(), BD_NAME_LEN);
1663 bta_sys_sendmsg(p_msg);
1666 /* conn failed. No need for timer */
1667 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED ||
1668 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED ||
1669 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR)
1670 bta_dm_search_cb.wait_disc = false;
1672 /* not able to connect go to next device */
1673 if (bta_dm_search_cb.p_sdp_db)
1674 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1676 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1678 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1679 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1680 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1681 p_msg->disc_result.result.disc_res.services =
1682 bta_dm_search_cb.services_found;
1683 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1684 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1685 bta_dm_get_remname(), BD_NAME_LEN);
1687 bta_sys_sendmsg(p_msg);
1691 /*******************************************************************************
1693 * Function bta_dm_search_cmpl
1695 * Description Sends event to application
1699 ******************************************************************************/
1700 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) {
1701 APPL_TRACE_EVENT("%s", __func__);
1703 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1705 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT)
1706 bta_dm_di_disc_cmpl(p_data);
1708 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL);
1711 /*******************************************************************************
1713 * Function bta_dm_disc_result
1715 * Description Service discovery result when discovering services on a
1720 ******************************************************************************/
1721 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1722 APPL_TRACE_EVENT("%s", __func__);
1724 /* if any BR/EDR service discovery has been done, report the event */
1725 if ((bta_dm_search_cb.services &
1726 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1727 ~BTA_BLE_SERVICE_MASK)))
1728 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1729 &p_data->disc_result.result);
1731 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1733 /* send a message to change state */
1734 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1735 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1736 bta_sys_sendmsg(p_msg);
1739 /*******************************************************************************
1741 * Function bta_dm_search_result
1743 * Description Service discovery result while searching for devices
1747 ******************************************************************************/
1748 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1749 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1750 bta_dm_search_cb.services,
1751 p_data->disc_result.result.disc_res.services);
1753 /* call back if application wants name discovery or found services that
1754 * application is searching */
1755 if ((!bta_dm_search_cb.services) ||
1756 ((bta_dm_search_cb.services) &&
1757 (p_data->disc_result.result.disc_res.services))) {
1758 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1759 &p_data->disc_result.result);
1762 /* if searching did not initiate to create link */
1763 if (!bta_dm_search_cb.wait_disc) {
1764 /* if service searching is done with EIR, don't search next device */
1765 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1767 /* wait until link is disconnected or timeout */
1768 bta_dm_search_cb.sdp_results = true;
1769 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1770 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1771 bta_dm_search_timer_cback, NULL);
1775 /*******************************************************************************
1777 * Function bta_dm_search_timer_cback
1779 * Description Called when ACL disconnect time is over
1784 ******************************************************************************/
1785 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1786 APPL_TRACE_EVENT("%s", __func__);
1787 bta_dm_search_cb.wait_disc = false;
1789 /* proceed with next device */
1790 bta_dm_discover_next_device();
1793 /*******************************************************************************
1795 * Function bta_dm_free_sdp_db
1797 * Description Frees SDP data base
1801 ******************************************************************************/
1802 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1803 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1806 /*******************************************************************************
1808 * Function bta_dm_queue_search
1810 * Description Queues search command while search is being cancelled
1814 ******************************************************************************/
1815 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1816 osi_free(bta_dm_search_cb.p_search_queue);
1817 bta_dm_search_cb.p_search_queue =
1818 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1819 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH));
1822 /*******************************************************************************
1824 * Function bta_dm_queue_disc
1826 * Description Queues discovery command while search is being cancelled
1830 ******************************************************************************/
1831 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1832 osi_free(bta_dm_search_cb.p_search_queue);
1833 bta_dm_search_cb.p_search_queue =
1834 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1835 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER));
1838 /*******************************************************************************
1840 * Function bta_dm_search_clear_queue
1842 * Description Clears the queue if API search cancel is called
1846 ******************************************************************************/
1847 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1848 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue);
1851 /*******************************************************************************
1853 * Function bta_dm_search_cancel_cmpl
1855 * Description Search cancel is complete
1859 ******************************************************************************/
1860 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1861 if (bta_dm_search_cb.p_search_queue) {
1862 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue);
1863 bta_dm_search_cb.p_search_queue = NULL;
1867 /*******************************************************************************
1869 * Function bta_dm_search_cancel_transac_cmpl
1871 * Description Current Service Discovery or remote name procedure is
1872 * completed after search cancellation
1876 ******************************************************************************/
1877 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1878 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1879 bta_dm_search_cancel_notify(NULL);
1882 /*******************************************************************************
1884 * Function bta_dm_search_cancel_notify
1886 * Description Notify application that search has been cancelled
1890 ******************************************************************************/
1891 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1892 if (bta_dm_search_cb.p_search_cback) {
1893 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1895 if (!bta_dm_search_cb.name_discover_done) {
1896 BTM_CancelRemoteDeviceName();
1898 if (bta_dm_search_cb.gatt_disc_active) {
1899 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1903 /*******************************************************************************
1905 * Function bta_dm_find_services
1907 * Description Starts discovery on a device
1911 ******************************************************************************/
1912 static void bta_dm_find_services(const RawAddress& bd_addr) {
1915 memset(&uuid, 0, sizeof(tSDP_UUID));
1917 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1918 if (bta_dm_search_cb.services_to_search &
1919 (tBTA_SERVICE_MASK)(
1920 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1921 bta_dm_search_cb.p_sdp_db =
1922 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1923 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1924 bta_dm_search_cb.services);
1925 /* try to search all services by search based on L2CAP UUID */
1926 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1927 LOG_INFO(LOG_TAG, "%s services_to_search=%08x", __func__,
1928 bta_dm_search_cb.services_to_search);
1929 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1930 uuid.uu.uuid16 = bta_service_id_to_uuid_lkup_tbl[0];
1931 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1933 uuid.uu.uuid16 = UUID_PROTOCOL_L2CAP;
1934 bta_dm_search_cb.services_to_search = 0;
1937 /* for LE only profile */
1938 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1939 if (bta_dm_search_cb.uuid_to_search > 0 &&
1940 bta_dm_search_cb.p_srvc_uuid) {
1941 memcpy(&uuid, (const void*)(bta_dm_search_cb.p_srvc_uuid +
1942 bta_dm_search_cb.num_uuid -
1943 bta_dm_search_cb.uuid_to_search),
1946 bta_dm_search_cb.uuid_to_search--;
1949 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index];
1952 /* last one? clear the BLE service bit if all discovery has been done
1954 if (bta_dm_search_cb.uuid_to_search == 0)
1955 bta_dm_search_cb.services_to_search &=
1956 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK(
1957 bta_dm_search_cb.service_index)));
1960 /* remove the service from services to be searched */
1961 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1962 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1964 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index];
1968 if (uuid.len == 0) uuid.len = LEN_UUID_16;
1970 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) {
1971 memcpy(&uuid, &bta_dm_search_cb.uuid, sizeof(tSDP_UUID));
1974 LOG_INFO(LOG_TAG, "%s search UUID = %04x", __func__, uuid.uu.uuid16);
1975 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1978 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1979 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1981 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1983 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1984 &bta_dm_sdp_callback)) {
1986 * If discovery is not successful with this device, then
1987 * proceed with the next one.
1989 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1990 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
1993 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1994 bta_dm_search_cb.uuid_to_search == 0) ||
1995 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1996 bta_dm_search_cb.service_index++;
2001 bta_dm_search_cb.service_index++;
2004 /* no more services to be discovered */
2005 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
2006 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2007 /* initialize the data structure - includes p_raw_data and raw_data_size */
2008 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2009 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2010 p_msg->disc_result.result.disc_res.services =
2011 bta_dm_search_cb.services_found;
2012 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2013 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2014 bta_dm_get_remname(), BD_NAME_LEN);
2016 bta_sys_sendmsg(p_msg);
2020 /*******************************************************************************
2022 * Function bta_dm_discover_next_device
2024 * Description Starts discovery on the next device in Inquiry data base
2028 ******************************************************************************/
2029 static void bta_dm_discover_next_device(void) {
2030 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
2032 /* searching next device on inquiry result */
2033 bta_dm_search_cb.p_btm_inq_info =
2034 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
2035 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
2036 bta_dm_search_cb.name_discover_done = false;
2037 bta_dm_search_cb.peer_name[0] = 0;
2038 bta_dm_discover_device(
2039 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
2041 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2043 /* no devices, search complete */
2044 bta_dm_search_cb.services = 0;
2046 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2047 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2049 bta_sys_sendmsg(p_msg);
2053 /*******************************************************************************
2055 * Function bta_dm_discover_device
2057 * Description Starts name and service discovery on the device
2061 ******************************************************************************/
2062 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
2063 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
2064 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) {
2065 tBT_DEVICE_TYPE dev_type;
2066 tBLE_ADDR_TYPE addr_type;
2068 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
2069 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
2070 transport = BT_TRANSPORT_LE;
2072 transport = bta_dm_search_cb.transport;
2075 /* Reset transport state for next discovery */
2076 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN;
2078 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
2080 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
2083 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
2084 __func__, bta_dm_search_cb.name_discover_done,
2085 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
2087 if (bta_dm_search_cb.p_btm_inq_info) {
2088 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
2089 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
2091 if ((bta_dm_search_cb.p_btm_inq_info) &&
2092 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
2093 BT_DEVICE_TYPE_BLE) &&
2094 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) {
2095 /* Do not perform RNR for LE devices at inquiry complete*/
2096 bta_dm_search_cb.name_discover_done = true;
2098 /* if name discovery is not done and application needs remote name */
2099 if ((!bta_dm_search_cb.name_discover_done) &&
2100 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
2101 (bta_dm_search_cb.p_btm_inq_info &&
2102 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
2103 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr,
2107 /* starting name discovery failed */
2108 bta_dm_search_cb.name_discover_done = true;
2111 /* if application wants to discover service */
2112 if (bta_dm_search_cb.services) {
2113 /* initialize variables */
2114 bta_dm_search_cb.service_index = 0;
2115 bta_dm_search_cb.services_found = 0;
2116 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
2117 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
2118 if ((bta_dm_search_cb.p_btm_inq_info != NULL) &&
2119 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK &&
2120 (bta_dm_search_cb.sdp_search == false)) {
2121 /* check if EIR provides the information of supported services */
2122 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results,
2123 &bta_dm_search_cb.services_to_search,
2124 &bta_dm_search_cb.services_found);
2127 /* if seaching with EIR is not completed */
2128 if (bta_dm_search_cb.services_to_search) {
2129 /* check whether connection already exists to the device
2130 if connection exists, we don't have to wait for ACL
2131 link to go down to start search on next device */
2132 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
2133 BT_TRANSPORT_BR_EDR))
2134 bta_dm_search_cb.wait_disc = false;
2136 bta_dm_search_cb.wait_disc = true;
2138 if (bta_dm_search_cb.p_btm_inq_info) {
2140 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
2141 "services_to_search 0x%x",
2142 __func__, bta_dm_search_cb.p_btm_inq_info,
2143 bta_dm_search_cb.p_btm_inq_info->results.device_type,
2144 bta_dm_search_cb.services_to_search);
2147 if (transport == BT_TRANSPORT_LE) {
2148 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
2149 // set the raw data buffer here
2150 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
2151 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf;
2153 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF;
2154 bta_dm_search_cb.ble_raw_used = 0;
2156 /* start GATT for service discovery */
2157 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
2161 bta_dm_search_cb.sdp_results = false;
2162 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
2168 /* name discovery and service discovery are done for this device */
2169 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2170 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2171 /* initialize the data structure - includes p_raw_data and raw_data_size */
2172 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2173 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
2174 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
2175 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2176 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2177 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN);
2179 bta_sys_sendmsg(p_msg);
2182 /*******************************************************************************
2184 * Function bta_dm_sdp_callback
2186 * Description Callback from sdp with discovery status
2190 ******************************************************************************/
2191 static void bta_dm_sdp_callback(uint16_t sdp_status) {
2192 tBTA_DM_SDP_RESULT* p_msg =
2193 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
2195 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
2196 p_msg->sdp_result = sdp_status;
2198 bta_sys_sendmsg(p_msg);
2201 /*******************************************************************************
2203 * Function bta_dm_inq_results_cb
2205 * Description Inquiry results callback from BTM
2209 ******************************************************************************/
2210 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
2212 tBTA_DM_SEARCH result;
2213 tBTM_INQ_INFO* p_inq_info;
2214 uint16_t service_class;
2216 result.inq_res.bd_addr = p_inq->remote_bd_addr;
2217 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
2218 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
2219 result.inq_res.is_limited =
2220 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
2221 result.inq_res.rssi = p_inq->rssi;
2223 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
2224 result.inq_res.inq_result_type = p_inq->inq_result_type;
2225 result.inq_res.device_type = p_inq->device_type;
2226 result.inq_res.flag = p_inq->flag;
2228 /* application will parse EIR to find out remote device name */
2229 result.inq_res.p_eir = p_eir;
2230 result.inq_res.eir_len = eir_len;
2232 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
2233 if (p_inq_info != NULL) {
2234 /* initialize remt_name_not_required to false so that we get the name by
2236 result.inq_res.remt_name_not_required = false;
2239 if (bta_dm_search_cb.p_search_cback)
2240 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
2243 /* application indicates if it knows the remote name, inside the callback
2244 copy that to the inquiry data base*/
2245 if (result.inq_res.remt_name_not_required)
2246 p_inq_info->appl_knows_rem_name = true;
2250 /*******************************************************************************
2252 * Function bta_dm_inq_cmpl_cb
2254 * Description Inquiry complete callback from BTM
2258 ******************************************************************************/
2259 static void bta_dm_inq_cmpl_cb(void* p_result) {
2260 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2262 APPL_TRACE_DEBUG("%s", __func__);
2264 if (bta_dm_search_cb.cancel_pending == false) {
2265 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
2266 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
2268 bta_dm_search_cb.cancel_pending = false;
2269 bta_dm_search_cancel_notify(NULL);
2270 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2271 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2274 bta_sys_sendmsg(p_msg);
2277 /*******************************************************************************
2279 * Function bta_dm_service_search_remname_cback
2281 * Description Remote name call back from BTM during service discovery
2285 ******************************************************************************/
2286 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
2287 UNUSED_ATTR DEV_CLASS dc,
2289 tBTM_REMOTE_DEV_NAME rem_name;
2290 tBTM_STATUS btm_status;
2292 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
2294 /* if this is what we are looking for */
2295 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
2296 rem_name.length = strlen((char*)bd_name);
2297 if (rem_name.length > (BD_NAME_LEN - 1)) {
2298 rem_name.length = (BD_NAME_LEN - 1);
2299 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0;
2301 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN);
2302 rem_name.status = BTM_SUCCESS;
2304 bta_dm_remname_cback(&rem_name);
2306 /* get name of device */
2307 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
2308 (tBTM_CMPL_CB*)bta_dm_remname_cback,
2309 BT_TRANSPORT_BR_EDR);
2310 if (btm_status == BTM_BUSY) {
2311 /* wait for next chance(notification of remote name discovery done) */
2312 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
2313 } else if (btm_status != BTM_CMD_STARTED) {
2314 /* if failed to start getting remote name then continue */
2315 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
2316 __func__, btm_status);
2318 rem_name.length = 0;
2319 rem_name.remote_bd_name[0] = 0;
2320 rem_name.status = btm_status;
2321 bta_dm_remname_cback(&rem_name);
2326 /*******************************************************************************
2328 * Function bta_dm_remname_cback
2330 * Description Remote name complete call back from BTM
2334 ******************************************************************************/
2335 static void bta_dm_remname_cback(tBTM_REMOTE_DEV_NAME* p_remote_name) {
2336 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
2337 p_remote_name->length, p_remote_name->remote_bd_name);
2339 /* remote name discovery is done but it could be failed */
2340 bta_dm_search_cb.name_discover_done = true;
2341 strlcpy((char*)bta_dm_search_cb.peer_name,
2342 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2344 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
2346 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
2347 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
2350 tBTA_DM_REM_NAME* p_msg =
2351 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
2352 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2353 strlcpy((char*)p_msg->result.disc_res.bd_name,
2354 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2355 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
2357 bta_sys_sendmsg(p_msg);
2360 /*******************************************************************************
2362 * Function bta_dm_authorize_cback
2364 * Description cback requesting authorization
2368 ******************************************************************************/
2369 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
2370 DEV_CLASS dev_class, BD_NAME bd_name,
2371 UNUSED_ATTR uint8_t* service_name,
2373 UNUSED_ATTR bool is_originator) {
2374 tBTA_DM_SEC sec_event;
2377 sec_event.authorize.bd_addr = bd_addr;
2378 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN);
2379 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN);
2381 #if (BTA_JV_INCLUDED == TRUE)
2382 sec_event.authorize.service = service_id;
2385 while (index < BTA_MAX_SERVICE_ID) {
2386 /* get the BTA service id corresponding to BTM id */
2387 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) {
2388 sec_event.authorize.service = index;
2394 /* if supported service callback otherwise not authorized */
2395 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID
2396 #if (BTA_JV_INCLUDED == TRUE)
2397 /* pass through JV service ID */
2398 || (service_id >= BTA_FIRST_JV_SERVICE_ID &&
2399 service_id <= BTA_LAST_JV_SERVICE_ID)
2402 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event);
2403 return BTM_CMD_STARTED;
2405 return BTM_NOT_AUTHORIZED;
2409 /*******************************************************************************
2411 * Function bta_dm_pinname_cback
2413 * Description Callback requesting pin_key
2417 ******************************************************************************/
2418 static void bta_dm_pinname_cback(void* p_data) {
2419 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
2420 tBTA_DM_SEC sec_event;
2421 uint32_t bytes_to_copy;
2422 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
2424 if (BTA_DM_SP_CFM_REQ_EVT == event) {
2425 /* Retrieved saved device class and bd_addr */
2426 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
2427 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
2429 if (p_result && p_result->status == BTM_SUCCESS) {
2430 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2432 : (BD_NAME_LEN - 1);
2433 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
2435 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2436 } else /* No name found */
2437 sec_event.cfm_req.bd_name[0] = 0;
2439 sec_event.key_notif.passkey =
2440 bta_dm_cb.num_val; /* get PIN code numeric number */
2442 /* 1 additional event data fields for this event */
2443 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
2445 /* Retrieved saved device class and bd_addr */
2446 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
2447 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2449 if (p_result && p_result->status == BTM_SUCCESS) {
2450 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2452 : (BD_NAME_LEN - 1);
2453 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2455 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2456 } else /* No name found */
2457 sec_event.pin_req.bd_name[0] = 0;
2459 event = bta_dm_cb.pin_evt;
2460 sec_event.key_notif.passkey =
2461 bta_dm_cb.num_val; /* get PIN code numeric number */
2464 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2467 /*******************************************************************************
2469 * Function bta_dm_pin_cback
2471 * Description Callback requesting pin_key
2475 ******************************************************************************/
2476 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2477 BD_NAME bd_name, bool min_16_digit) {
2478 tBTA_DM_SEC sec_event;
2480 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2482 /* If the device name is not known, save bdaddr and devclass and initiate a
2484 if (bd_name[0] == 0) {
2485 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2486 bta_dm_cb.pin_bd_addr = bd_addr;
2487 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2488 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2489 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2490 return BTM_CMD_STARTED;
2493 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2496 sec_event.pin_req.bd_addr = bd_addr;
2497 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2498 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN);
2499 sec_event.pin_req.min_16_digit = min_16_digit;
2501 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2502 return BTM_CMD_STARTED;
2505 /*******************************************************************************
2507 * Function bta_dm_new_link_key_cback
2509 * Description Callback from BTM to notify new link key
2513 ******************************************************************************/
2514 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2515 UNUSED_ATTR DEV_CLASS dev_class,
2516 BD_NAME bd_name, LINK_KEY key,
2518 tBTA_DM_SEC sec_event;
2519 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2522 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2524 /* Not AMP Key type */
2525 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) {
2526 event = BTA_DM_AUTH_CMPL_EVT;
2527 p_auth_cmpl = &sec_event.auth_cmpl;
2529 p_auth_cmpl->bd_addr = bd_addr;
2531 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1));
2532 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0;
2534 p_auth_cmpl->key_present = true;
2535 p_auth_cmpl->key_type = key_type;
2536 p_auth_cmpl->success = true;
2538 memcpy(p_auth_cmpl->key, key, LINK_KEY_LEN);
2539 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2541 // Report the BR link key based on the BR/EDR address and type
2542 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2543 &sec_event.auth_cmpl.addr_type);
2544 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2546 // Setting remove_dev_pending flag to false, where it will avoid deleting
2548 // security device record when the ACL connection link goes down in case of
2550 if (bta_dm_cb.device_list.count)
2551 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2553 APPL_TRACE_WARNING("%s() Received AMP Key", __func__);
2556 return BTM_CMD_STARTED;
2559 /*******************************************************************************
2561 * Function bta_dm_authentication_complete_cback
2563 * Description Authentication complete callback from BTM
2567 ******************************************************************************/
2568 static uint8_t bta_dm_authentication_complete_cback(
2569 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name,
2571 tBTA_DM_SEC sec_event;
2573 if (result != BTM_SUCCESS) {
2574 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2575 sec_event.auth_cmpl.bd_addr = bd_addr;
2577 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1));
2578 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
2580 // Report the BR link key based on the BR/EDR address and type
2581 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2582 &sec_event.auth_cmpl.addr_type);
2583 sec_event.auth_cmpl.fail_reason = (uint8_t)result;
2585 if (bta_dm_cb.p_sec_cback)
2586 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2588 if (result == HCI_ERR_AUTH_FAILURE || result == HCI_ERR_KEY_MISSING ||
2589 result == HCI_ERR_HOST_REJECT_SECURITY ||
2590 result == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) {
2591 APPL_TRACE_WARNING("%s deleting %s - result: 0x%02x", __func__,
2592 bd_addr.ToString().c_str(), result);
2593 bta_dm_remove_sec_dev_entry(bd_addr);
2600 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
2601 /*******************************************************************************
2603 * Function bta_dm_sp_cback
2605 * Description simple pairing callback from BTM
2609 ******************************************************************************/
2610 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
2611 tBTM_STATUS status = BTM_CMD_STARTED;
2612 tBTA_DM_SEC sec_event;
2613 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2615 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2616 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2620 case BTM_SP_IO_REQ_EVT:
2621 /* translate auth_req */
2622 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap,
2623 &p_data->io_req.oob_data, &p_data->io_req.auth_req,
2624 p_data->io_req.is_orig);
2625 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2626 p_data->io_req.oob_data);
2628 case BTM_SP_IO_RSP_EVT:
2629 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2630 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2633 case BTM_SP_CFM_REQ_EVT:
2634 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2635 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2636 p_data->cfm_req.just_works;
2637 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2638 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2639 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2640 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2642 /* continue to next case */
2643 /* Passkey entry mode, mobile device with output capability is very
2644 unlikely to receive key request, so skip this event */
2645 /*case BTM_SP_KEY_REQ_EVT: */
2646 case BTM_SP_KEY_NOTIF_EVT:
2647 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2648 p_data->key_notif.passkey;
2650 if (BTM_SP_CFM_REQ_EVT == event) {
2651 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2652 call remote name request using values from cfm_req */
2653 if (p_data->cfm_req.bd_name[0] == 0) {
2654 bta_dm_cb.pin_evt = pin_evt;
2655 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2656 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2657 p_data->cfm_req.dev_class);
2658 if ((BTM_ReadRemoteDeviceName(
2659 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2660 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2661 return BTM_CMD_STARTED;
2663 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2665 /* Due to the switch case falling through below to
2666 BTM_SP_KEY_NOTIF_EVT,
2667 copy these values into key_notif from cfm_req */
2668 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2669 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2670 p_data->cfm_req.dev_class);
2671 strlcpy((char*)sec_event.key_notif.bd_name,
2672 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN);
2676 if (BTM_SP_KEY_NOTIF_EVT == event) {
2677 /* If the device name is not known, save bdaddr and devclass
2678 and initiate a name request with values from key_notif */
2679 if (p_data->key_notif.bd_name[0] == 0) {
2680 bta_dm_cb.pin_evt = pin_evt;
2681 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2682 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2683 p_data->key_notif.dev_class);
2684 if ((BTM_ReadRemoteDeviceName(
2685 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2686 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2687 return BTM_CMD_STARTED;
2689 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2691 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2692 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2693 p_data->key_notif.dev_class);
2694 strlcpy((char*)sec_event.key_notif.bd_name,
2695 (char*)p_data->key_notif.bd_name, BD_NAME_LEN);
2696 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0;
2700 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2704 case BTM_SP_LOC_OOB_EVT:
2705 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS),
2706 p_data->loc_oob.c, p_data->loc_oob.r);
2709 case BTM_SP_RMT_OOB_EVT:
2710 /* If the device name is not known, save bdaddr and devclass and initiate
2712 if (p_data->rmt_oob.bd_name[0] == 0) {
2713 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT;
2714 bta_dm_cb.pin_bd_addr = p_data->rmt_oob.bd_addr;
2715 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2716 p_data->rmt_oob.dev_class);
2717 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr,
2718 bta_dm_pinname_cback,
2719 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2720 return BTM_CMD_STARTED;
2722 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2725 sec_event.rmt_oob.bd_addr = p_data->rmt_oob.bd_addr;
2726 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class,
2727 p_data->rmt_oob.dev_class);
2728 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name,
2731 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event);
2733 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr);
2736 case BTM_SP_COMPLT_EVT:
2737 /* do not report this event - handled by link_key_callback or
2738 * auth_complete_callback */
2741 case BTM_SP_KEYPRESS_EVT:
2742 memcpy(&sec_event.key_press, &p_data->key_press,
2743 sizeof(tBTM_SP_KEYPRESS));
2744 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event);
2747 case BTM_SP_UPGRADE_EVT:
2748 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade);
2752 status = BTM_NOT_AUTHORIZED;
2755 APPL_TRACE_EVENT("dm status: %d", status);
2760 /*******************************************************************************
2762 * Function bta_dm_local_name_cback
2764 * Description Callback from btm after local name is read
2769 ******************************************************************************/
2770 static void bta_dm_local_name_cback(UNUSED_ATTR const RawAddress& p_name) {
2771 tBTA_DM_SEC sec_event;
2773 sec_event.enable.status = BTA_SUCCESS;
2775 if (bta_dm_cb.p_sec_cback)
2776 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event);
2779 /*******************************************************************************
2781 * Function bta_dm_bl_change_cback
2783 * Description Callback from btm when acl connection goes up or down
2788 ******************************************************************************/
2789 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) {
2790 tBTA_DM_ACL_CHANGE* p_msg =
2791 (tBTA_DM_ACL_CHANGE*)osi_malloc(sizeof(tBTA_DM_ACL_CHANGE));
2793 p_msg->event = p_data->event;
2794 p_msg->is_new = false;
2796 switch (p_msg->event) {
2797 case BTM_BL_CONN_EVT:
2798 p_msg->is_new = true;
2799 p_msg->bd_addr = *p_data->conn.p_bda;
2800 p_msg->transport = p_data->conn.transport;
2801 p_msg->handle = p_data->conn.handle;
2803 case BTM_BL_DISCN_EVT:
2804 p_msg->bd_addr = *p_data->discn.p_bda;
2805 p_msg->transport = p_data->discn.transport;
2806 p_msg->handle = p_data->discn.handle;
2808 case BTM_BL_UPDATE_EVT:
2809 p_msg->busy_level = p_data->update.busy_level;
2810 p_msg->busy_level_flags = p_data->update.busy_level_flags;
2812 case BTM_BL_ROLE_CHG_EVT:
2813 p_msg->new_role = p_data->role_chg.new_role;
2814 p_msg->hci_status = p_data->role_chg.hci_status;
2815 p_msg->bd_addr = *p_data->role_chg.p_bda;
2817 case BTM_BL_COLLISION_EVT:
2818 p_msg->bd_addr = *p_data->conn.p_bda;
2822 p_msg->hdr.event = BTA_DM_ACL_CHANGE_EVT;
2823 bta_sys_sendmsg(p_msg);
2826 /*******************************************************************************
2828 * Function bta_dm_rs_cback
2830 * Description Receives the role switch complete event
2834 ******************************************************************************/
2835 static void bta_dm_rs_cback(UNUSED_ATTR tBTM_ROLE_SWITCH_CMPL* p1) {
2836 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event);
2837 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) {
2838 bta_dm_cb.search_msg.rs_res =
2839 BTA_DM_RS_OK; /* do not care about the result for now */
2840 bta_dm_cb.rs_event = 0;
2841 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg);
2845 /*******************************************************************************
2847 * Function bta_dm_check_av
2849 * Description This function checks if AV is active
2850 * if yes, make sure the AV link is master
2852 * Returns bool - true, if switch is in progress
2854 ******************************************************************************/
2855 static bool bta_dm_check_av(uint16_t event) {
2856 bool avoid_roleswitch = false;
2857 bool switching = false;
2859 tBTA_DM_PEER_DEVICE* p_dev;
2861 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE)
2863 /* avoid role switch upon inquiry if a2dp is actively streaming as it
2864 introduces an audioglitch due to FW scheduling delays (unavoidable) */
2865 if (event == BTA_DM_API_SEARCH_EVT) {
2866 avoid_roleswitch = true;
2870 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count);
2871 if (bta_dm_cb.cur_av_count) {
2872 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2873 p_dev = &bta_dm_cb.device_list.peer_device[i];
2874 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i,
2875 p_dev->conn_state, p_dev->info, avoid_roleswitch);
2876 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2877 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (avoid_roleswitch == false)) {
2878 /* make master and take away the role switch policy */
2879 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr,
2881 (tBTM_CMPL_CB*)bta_dm_rs_cback)) {
2882 /* the role switch command is actually sent */
2883 bta_dm_cb.rs_event = event;
2886 /* else either already master or can not switch for some reasons */
2887 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2888 &p_dev->peer_bdaddr);
2896 /*******************************************************************************
2898 * Function bta_dm_acl_change
2900 * Description Process BTA_DM_ACL_CHANGE_EVT
2905 ******************************************************************************/
2906 void bta_dm_acl_change(tBTA_DM_MSG* p_data) {
2910 bool is_new = p_data->acl_change.is_new;
2911 const RawAddress& p_bda = p_data->acl_change.bd_addr;
2912 bool need_policy_change = false;
2913 bool issue_unpair_cb = false;
2915 tBTA_DM_PEER_DEVICE* p_dev;
2916 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2918 switch (p_data->acl_change.event) {
2919 case BTM_BL_UPDATE_EVT: /* busy level update */
2920 if (bta_dm_cb.p_sec_cback) {
2921 conn.busy_level.level = p_data->acl_change.busy_level;
2922 conn.busy_level.level_flags = p_data->acl_change.busy_level_flags;
2923 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn);
2927 case BTM_BL_ROLE_CHG_EVT: /* role change event */
2928 p_dev = bta_dm_find_peer_device(p_bda);
2931 "bta_dm_acl_change role chg info:x%x new_role:%d dev count:%d",
2932 p_dev->info, p_data->acl_change.new_role,
2933 bta_dm_cb.device_list.count);
2934 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) {
2935 /* there's AV activity on this link */
2936 if (p_data->acl_change.new_role == HCI_ROLE_SLAVE &&
2937 bta_dm_cb.device_list.count > 1 &&
2938 p_data->acl_change.hci_status == HCI_SUCCESS) {
2939 /* more than one connections and the AV connection is role switched
2941 * switch it back to master and remove the switch policy */
2942 BTM_SwitchRole(p_bda, BTM_ROLE_MASTER, NULL);
2943 need_policy_change = true;
2944 } else if (p_bta_dm_cfg->avoid_scatter &&
2945 (p_data->acl_change.new_role == HCI_ROLE_MASTER)) {
2946 /* if the link updated to be master include AV activities, remove
2947 * the switch policy */
2948 need_policy_change = true;
2951 if (need_policy_change) {
2952 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0,
2953 HCI_ENABLE_MASTER_SLAVE_SWITCH,
2954 &p_dev->peer_bdaddr);
2957 /* there's AV no activity on this link and role switch happened
2958 * check if AV is active
2959 * if so, make sure the AV link is master */
2962 bta_sys_notify_role_chg(p_data->acl_change.bd_addr,
2963 p_data->acl_change.new_role,
2964 p_data->acl_change.hci_status);
2965 conn.role_chg.bd_addr = p_bda;
2966 conn.role_chg.new_role = (uint8_t)p_data->acl_change.new_role;
2967 if (bta_dm_cb.p_sec_cback)
2968 bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, (tBTA_DM_SEC*)&conn);
2973 /* Collision report from Stack: Notify profiles */
2974 if (p_data->acl_change.event == BTM_BL_COLLISION_EVT) {
2975 bta_sys_notify_collision(p_bda);
2980 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2981 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == p_bda &&
2982 bta_dm_cb.device_list.peer_device[i].conn_handle ==
2983 p_data->acl_change.handle)
2987 if (i == bta_dm_cb.device_list.count) {
2988 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
2989 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2990 .peer_bdaddr = p_bda;
2991 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2992 .link_policy = bta_dm_cb.cur_policy;
2993 bta_dm_cb.device_list.count++;
2994 bta_dm_cb.device_list.peer_device[i].conn_handle =
2995 p_data->acl_change.handle;
2996 if (p_data->acl_change.transport == BT_TRANSPORT_LE)
2997 bta_dm_cb.device_list.le_count++;
2999 APPL_TRACE_ERROR("%s max active connection reached, no resources",
3005 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED;
3006 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE;
3007 conn.link_up.bd_addr = p_bda;
3008 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE;
3009 conn.link_up.link_type = p_data->acl_change.transport;
3010 bta_dm_cb.device_list.peer_device[i].transport =
3011 p_data->acl_change.transport;
3013 if (((NULL != (p = BTM_ReadLocalFeatures())) &&
3014 HCI_SNIFF_SUB_RATE_SUPPORTED(p)) &&
3015 ((NULL != (p = BTM_ReadRemoteFeatures(p_bda))) &&
3016 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) {
3017 /* both local and remote devices support SSR */
3018 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR;
3020 APPL_TRACE_WARNING("%s info: 0x%x", __func__,
3021 bta_dm_cb.device_list.peer_device[i].info);
3023 if (bta_dm_cb.p_sec_cback)
3024 bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, (tBTA_DM_SEC*)&conn);
3026 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3027 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != p_bda ||
3028 bta_dm_cb.device_list.peer_device[i].transport !=
3029 p_data->acl_change.transport)
3032 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) {
3033 if (BTM_SecDeleteDevice(
3034 bta_dm_cb.device_list.peer_device[i].peer_bdaddr))
3035 issue_unpair_cb = true;
3037 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
3041 conn.link_down.is_removed =
3042 bta_dm_cb.device_list.peer_device[i].remove_dev_pending;
3044 // Iterate to the one before the last when shrinking the list,
3045 // otherwise we memcpy garbage data into the record.
3046 // Then clear out the last item in the list since we are shrinking.
3047 for (; i < bta_dm_cb.device_list.count - 1; i++) {
3048 memcpy(&bta_dm_cb.device_list.peer_device[i],
3049 &bta_dm_cb.device_list.peer_device[i + 1],
3050 sizeof(bta_dm_cb.device_list.peer_device[i]));
3052 if (bta_dm_cb.device_list.count > 0) {
3053 int clear_index = bta_dm_cb.device_list.count - 1;
3054 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
3055 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
3059 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
3060 if ((p_data->acl_change.transport == BT_TRANSPORT_LE) &&
3061 (bta_dm_cb.device_list.le_count))
3062 bta_dm_cb.device_list.le_count--;
3063 conn.link_down.link_type = p_data->acl_change.transport;
3065 if (bta_dm_search_cb.wait_disc && bta_dm_search_cb.peer_bdaddr == p_bda) {
3066 bta_dm_search_cb.wait_disc = false;
3068 if (bta_dm_search_cb.sdp_results) {
3069 APPL_TRACE_EVENT(" timer stopped ");
3070 alarm_cancel(bta_dm_search_cb.search_timer);
3071 bta_dm_discover_next_device();
3075 if (bta_dm_cb.disabling) {
3076 if (!BTM_GetNumAclLinks()) {
3078 * Start a timer to make sure that the profiles
3079 * get the disconnect event.
3081 alarm_set_on_mloop(bta_dm_cb.disable_timer,
3082 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
3083 bta_dm_disable_conn_down_timer_cback, NULL);
3086 if (conn.link_down.is_removed) {
3087 BTM_SecDeleteDevice(p_bda);
3088 /* need to remove all pending background connection */
3089 BTA_GATTC_CancelOpen(0, p_bda, false);
3090 /* remove all cached GATT information */
3091 BTA_GATTC_Refresh(p_bda);
3094 conn.link_down.bd_addr = p_bda;
3095 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code();
3096 if (bta_dm_cb.p_sec_cback) {
3097 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
3098 if (issue_unpair_cb)
3099 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
3103 bta_dm_adjust_roles(true);
3106 /*******************************************************************************
3108 * Function bta_dm_disable_conn_down_timer_cback
3110 * Description Sends disable event to application
3115 ******************************************************************************/
3116 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
3117 tBTA_SYS_HW_MSG* sys_enable_event =
3118 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
3120 /* disable the power managment module */
3121 bta_dm_disable_pm();
3123 /* register our callback to SYS HW manager */
3124 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
3126 /* send a message to BTA SYS */
3127 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT;
3128 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
3129 bta_sys_sendmsg(sys_enable_event);
3131 bta_dm_cb.disabling = false;
3134 /*******************************************************************************
3136 * Function bta_dm_rm_cback
3138 * Description Role management callback from sys
3143 ******************************************************************************/
3144 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
3145 uint8_t app_id, const RawAddress* peer_addr) {
3147 tBTA_PREF_ROLES role;
3148 tBTA_DM_PEER_DEVICE* p_dev;
3150 p_dev = bta_dm_find_peer_device(*peer_addr);
3151 if (status == BTA_SYS_CONN_OPEN) {
3153 /* Do not set to connected if we are in the middle of unpairing. When AV
3155 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
3157 * But this should not be done if we are in the middle of unpairing.
3159 if (p_dev->conn_state != BTA_DM_UNPAIRING)
3160 p_dev->conn_state = BTA_DM_CONNECTED;
3162 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
3163 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
3164 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
3165 (p_bta_dm_rm_cfg[j].id == id)) {
3166 role = p_bta_dm_rm_cfg[j].cfg;
3168 if (role > p_dev->pref_role) p_dev->pref_role = role;
3175 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) {
3176 if (status == BTA_SYS_CONN_BUSY) {
3177 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
3178 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
3179 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3180 } else if (status == BTA_SYS_CONN_IDLE) {
3181 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
3183 /* get cur_av_count from connected services */
3184 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3186 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count,
3190 /* Don't adjust roles for each busy/idle state transition to avoid
3191 excessive switch requests when individual profile busy/idle status
3193 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
3194 bta_dm_adjust_roles(false);
3197 /*******************************************************************************
3199 * Function bta_dm_delay_role_switch_cback
3201 * Description Callback from btm to delay a role switch
3205 ******************************************************************************/
3206 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
3207 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
3208 bta_dm_adjust_roles(false);
3211 /*******************************************************************************
3213 * Function bta_dm_reset_sec_dev_pending
3215 * Description Setting the remove device pending status to false from
3216 * security device DB, when the link key notification
3221 ******************************************************************************/
3222 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
3223 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
3224 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3225 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
3231 /*******************************************************************************
3233 * Function bta_dm_remove_sec_dev_entry
3235 * Description Removes device entry from Security device DB if ACL
3237 * remtoe device does not exist, else schedule for dev entry
3243 ******************************************************************************/
3244 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
3245 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
3246 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
3248 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
3250 BTM_SecClearSecurityFlags(remote_bd_addr);
3251 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
3252 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3253 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
3258 BTM_SecDeleteDevice(remote_bd_addr);
3259 /* need to remove all pending background connection */
3260 BTA_GATTC_CancelOpen(0, remote_bd_addr, false);
3261 /* remove all cached GATT information */
3262 BTA_GATTC_Refresh(remote_bd_addr);
3266 /*******************************************************************************
3268 * Function bta_dm_adjust_roles
3270 * Description Adjust roles
3275 ******************************************************************************/
3276 static void bta_dm_adjust_roles(bool delay_role_switch) {
3278 bool set_master_role = false;
3280 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count;
3282 /* the configuration is no scatternet
3283 * or AV connection exists and there are more than one ACL link */
3284 if ((p_bta_dm_rm_cfg[0].cfg == BTA_DM_NO_SCATTERNET) ||
3285 (bta_dm_cb.cur_av_count && br_count > 1)) {
3286 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3287 set_master_role = true;
3290 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3291 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
3292 bta_dm_cb.device_list.peer_device[i].transport ==
3293 BT_TRANSPORT_BR_EDR) {
3294 if (!set_master_role &&
3295 (bta_dm_cb.device_list.peer_device[i].pref_role != BTA_ANY_ROLE) &&
3296 (p_bta_dm_rm_cfg[0].cfg == BTA_DM_PARTIAL_SCATTERNET)) {
3297 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3298 set_master_role = true;
3301 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
3302 BTA_MASTER_ROLE_ONLY) ||
3304 /* Initiating immediate role switch with certain remote devices
3305 has caused issues due to role switch colliding with link encryption
3307 causing encryption (and in turn the link) to fail . These device .
3309 versions are stored in a blacklist and role switch with these
3311 delayed to avoid the collision with link encryption setup */
3313 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
3314 BTA_SLAVE_ROLE_ONLY &&
3315 delay_role_switch == false) {
3316 BTM_SwitchRole(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
3317 HCI_ROLE_MASTER, NULL);
3319 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
3320 BTA_DM_SWITCH_DELAY_TIMER_MS,
3321 bta_dm_delay_role_switch_cback, NULL);
3327 if (!set_master_role) {
3328 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3332 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3336 /*******************************************************************************
3338 * Function bta_dm_get_remname
3340 * Description Returns a pointer to the remote name stored in the DM
3341 * control block if it exists, or from the BTM memory.
3343 * Returns char * - Pointer to the remote device name
3344 ******************************************************************************/
3345 static char* bta_dm_get_remname(void) {
3346 char* p_name = (char*)bta_dm_search_cb.peer_name;
3349 /* If the name isn't already stored, try retrieving from BTM */
3350 if (*p_name == '\0') {
3351 p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
3352 if (p_temp != NULL) p_name = p_temp;
3358 /*******************************************************************************
3360 * Function bta_dm_bond_cancel_complete_cback
3362 * Description Authentication complete callback from BTM
3366 ******************************************************************************/
3367 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
3368 tBTA_DM_SEC sec_event;
3370 if (result == BTM_SUCCESS)
3371 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
3373 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
3375 if (bta_dm_cb.p_sec_cback) {
3376 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
3380 /*******************************************************************************
3382 * Function find_utf8_char_boundary
3384 * Description This function checks a UTF8 string |utf8str| starting at
3385 * |offset|, moving backwards and returns the offset of the
3386 * next valid UTF8 character boundary found.
3388 * Returns Offset of UTF8 character boundary
3390 ******************************************************************************/
3391 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
3396 uint8_t ch = (uint8_t)utf8str[offset];
3397 if ((ch & 0x80) == 0x00) // ASCII
3399 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
3406 /*******************************************************************************
3408 * Function bta_dm_set_eir
3410 * Description This function creates EIR tagged data and writes it to
3415 ******************************************************************************/
3416 static void bta_dm_set_eir(char* local_name) {
3419 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3421 uint8_t max_num_uuid;
3422 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3423 uint8_t custom_uuid_idx;
3424 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
3425 #endif // BTA_EIR_CANNED_UUID_LIST
3426 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
3427 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
3428 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
3429 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
3430 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
3433 uint8_t local_name_len;
3435 /* wait until complete to disable */
3436 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
3438 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3439 /* if local name is not provided, get it from controller */
3440 if (local_name == NULL) {
3441 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) {
3442 APPL_TRACE_ERROR("Fail to read local device name for EIR");
3445 #endif // BTA_EIR_CANNED_UUID_LIST
3447 /* Allocate a buffer to hold HCI command */
3448 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
3449 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
3451 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
3453 APPL_TRACE_DEBUG("BTA is generating EIR");
3456 local_name_len = strlen(local_name);
3460 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3461 /* if local name is longer than minimum length of shortened name */
3462 /* check whether it needs to be shortened or not */
3463 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
3464 /* get number of UUID 16-bit list */
3465 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3466 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / LEN_UUID_16;
3467 #else // BTA_EIR_CANNED_UUID_LIST
3468 max_num_uuid = (free_eir_length - 2) / LEN_UUID_16;
3469 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3470 max_num_uuid, &num_uuid);
3471 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
3472 #endif // BTA_EIR_CANNED_UUID_LIST
3474 /* if UUID doesn't fit remaing space, shorten local name */
3475 if (local_name_len > (free_eir_length - 4 - num_uuid * LEN_UUID_16)) {
3476 local_name_len = find_utf8_char_boundary(
3477 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
3478 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
3480 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE;
3482 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3486 UINT8_TO_STREAM(p, local_name_len + 1);
3487 UINT8_TO_STREAM(p, data_type);
3489 if (local_name != NULL) {
3490 memcpy(p, local_name, local_name_len);
3491 p += local_name_len;
3493 free_eir_length -= local_name_len + 2;
3495 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3496 /* if UUID list is provided as static data in configuration */
3497 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
3498 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
3499 if (free_eir_length > LEN_UUID_16 + 2) {
3500 free_eir_length -= 2;
3502 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
3503 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / LEN_UUID_16;
3504 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE;
3505 } else /* not enough room for all UUIDs */
3507 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3508 num_uuid = free_eir_length / LEN_UUID_16;
3509 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3511 UINT8_TO_STREAM(p, num_uuid * LEN_UUID_16 + 1);
3512 UINT8_TO_STREAM(p, data_type);
3513 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16, num_uuid * LEN_UUID_16);
3514 p += num_uuid * LEN_UUID_16;
3515 free_eir_length -= num_uuid * LEN_UUID_16;
3518 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3519 /* if UUID list is dynamic */
3520 if (free_eir_length >= 2) {
3525 max_num_uuid = (free_eir_length - 2) / LEN_UUID_16;
3526 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3527 max_num_uuid, &num_uuid);
3529 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) {
3530 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3532 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3534 for (custom_uuid_idx = 0;
3535 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3536 custom_uuid_idx++) {
3537 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_16) {
3538 if (num_uuid < max_num_uuid) {
3540 bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid16);
3543 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3544 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3550 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3552 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_16 + 1);
3553 UINT8_TO_STREAM(p_type, data_type);
3554 free_eir_length -= num_uuid * LEN_UUID_16 + 2;
3556 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3558 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3559 /* Adding 32-bit UUID list */
3560 if (free_eir_length >= 2) {
3564 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE;
3566 max_num_uuid = (free_eir_length - 2) / LEN_UUID_32;
3568 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3569 custom_uuid_idx++) {
3570 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_32) {
3571 if (num_uuid < max_num_uuid) {
3572 UINT32_TO_STREAM(p, bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid32);
3575 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE;
3576 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3582 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_32 + 1);
3583 UINT8_TO_STREAM(p_type, data_type);
3584 free_eir_length -= num_uuid * LEN_UUID_32 + 2;
3587 /* Adding 128-bit UUID list */
3588 if (free_eir_length >= 2) {
3592 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE;
3594 max_num_uuid = (free_eir_length - 2) / LEN_UUID_128;
3596 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3597 custom_uuid_idx++) {
3598 if (bta_dm_cb.custom_uuid[custom_uuid_idx].len == LEN_UUID_128) {
3599 if (num_uuid < max_num_uuid) {
3600 ARRAY16_TO_STREAM(p,
3601 bta_dm_cb.custom_uuid[custom_uuid_idx].uu.uuid128);
3604 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE;
3605 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3611 UINT8_TO_STREAM(p_length, num_uuid * LEN_UUID_128 + 1);
3612 UINT8_TO_STREAM(p_type, data_type);
3613 free_eir_length -= num_uuid * LEN_UUID_128 + 2;
3615 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3616 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3618 /* if Flags are provided in configuration */
3619 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3620 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3621 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3622 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3623 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE);
3624 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3625 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3626 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3627 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3630 /* if Manufacturer Specific are provided in configuration */
3631 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3632 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3633 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3636 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3637 UINT8_TO_STREAM(p, BTM_EIR_MANUFACTURER_SPECIFIC_TYPE);
3638 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3639 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3640 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3641 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3647 /* if Inquiry Tx Resp Power compiled */
3648 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3649 UINT8_TO_STREAM(p, 2); /* Length field */
3650 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE);
3651 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3652 free_eir_length -= 3;
3655 if (free_eir_length)
3656 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3658 BTM_WriteEIR(p_buf);
3661 /*******************************************************************************
3663 * Function bta_dm_eir_search_services
3665 * Description This function searches services in received EIR
3669 ******************************************************************************/
3670 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
3671 tBTA_SERVICE_MASK* p_services_to_search,
3672 tBTA_SERVICE_MASK* p_services_found) {
3673 tBTA_SERVICE_MASK service_index = 0;
3674 tBTM_EIR_SEARCH_RESULT result;
3676 VLOG(1) << "BTA searching services in EIR of BDA:"
3677 << p_result->remote_bd_addr;
3679 APPL_TRACE_DEBUG(" with services_to_search=0x%08X", *p_services_to_search);
3681 /* always do GATT based service discovery by SDP instead of from EIR */
3682 /* if GATT based service is also to be put in EIR, need to modify this */
3683 while (service_index < (BTA_MAX_SERVICE_ID - 1)) {
3684 if (*p_services_to_search &
3685 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))) {
3686 result = BTM_HasInquiryEirService(
3687 p_result, bta_service_id_to_uuid_lkup_tbl[service_index]);
3689 /* Searching for HSP v1.2 only device */
3690 if ((result != BTM_EIR_FOUND) &&
3691 (bta_service_id_to_uuid_lkup_tbl[service_index] ==
3692 UUID_SERVCLASS_HEADSET)) {
3693 result = BTM_HasInquiryEirService(p_result, UUID_SERVCLASS_HEADSET_HS);
3696 if (result == BTM_EIR_FOUND) {
3697 /* If Plug and Play service record, need to check to see if Broadcom
3699 /* However, EIR data doesn't have EXT_BRCM_VERSION so just skip it */
3700 if (bta_service_id_to_uuid_lkup_tbl[service_index] !=
3701 UUID_SERVCLASS_PNP_INFORMATION) {
3702 *p_services_found |= (tBTA_SERVICE_MASK)(
3703 BTA_SERVICE_ID_TO_SERVICE_MASK(service_index));
3704 /* remove the service from services to be searched */
3705 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3706 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3708 } else if (result == BTM_EIR_NOT_FOUND) {
3709 /* remove the service from services to be searched */
3710 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3711 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3719 "BTA EIR search result, services_to_search=0x%08X, services_found=0x%08X",
3720 *p_services_to_search, *p_services_found);
3723 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3724 /*******************************************************************************
3726 * Function bta_dm_eir_update_uuid
3728 * Description This function adds or removes service UUID in EIR database.
3732 ******************************************************************************/
3733 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3734 /* if this UUID is not advertised in EIR */
3735 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3738 APPL_TRACE_EVENT("Adding UUID=0x%04X into EIR", uuid16);
3740 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3742 APPL_TRACE_EVENT("Removing UUID=0x%04X from EIR", uuid16);
3744 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16);
3747 bta_dm_set_eir(NULL);
3749 APPL_TRACE_EVENT("bta_dm_eir_update_uuid UUID bit mask=0x%08X %08X",
3750 bta_dm_cb.eir_uuid[1], bta_dm_cb.eir_uuid[0]);
3754 /*******************************************************************************
3756 * Function bta_dm_enable_test_mode
3758 * Description enable test mode
3763 ******************************************************************************/
3764 void bta_dm_enable_test_mode(UNUSED_ATTR tBTA_DM_MSG* p_data) {
3765 BTM_EnableTestMode();
3768 /*******************************************************************************
3770 * Function bta_dm_disable_test_mode
3772 * Description disable test mode
3777 ******************************************************************************/
3778 void bta_dm_disable_test_mode(UNUSED_ATTR tBTA_DM_MSG* p_data) {
3779 BTM_DeviceReset(NULL);
3782 /*******************************************************************************
3784 * Function bta_dm_execute_callback
3786 * Description Just execute a generic call back in the context of the
3792 ******************************************************************************/
3793 void bta_dm_execute_callback(tBTA_DM_MSG* p_data) {
3795 if (p_data->exec_cback.p_exec_cback == NULL) {
3799 p_data->exec_cback.p_exec_cback(p_data->exec_cback.p_param);
3802 /*******************************************************************************
3804 * Function bta_dm_encrypt_cback
3806 * Description link encryption complete callback.
3810 ******************************************************************************/
3811 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3812 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3813 tBTA_STATUS bta_status = BTA_SUCCESS;
3814 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL;
3817 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3818 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr &&
3819 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3823 if (i < bta_dm_cb.device_list.count) {
3824 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback;
3825 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL;
3831 case BTM_WRONG_MODE:
3832 bta_status = BTA_WRONG_MODE;
3834 case BTM_NO_RESOURCES:
3835 bta_status = BTA_NO_RESOURCES;
3838 bta_status = BTA_BUSY;
3841 bta_status = BTA_FAILURE;
3845 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x",
3846 bta_status, p_callback);
3849 (*p_callback)(*bd_addr, transport, bta_status);
3853 /*******************************************************************************
3855 * Function bta_dm_set_encryption
3857 * Description This function to encrypt the link
3861 ******************************************************************************/
3862 void bta_dm_set_encryption(tBTA_DM_MSG* p_data) {
3865 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo
3866 if (!p_data->set_encryption.p_callback) {
3867 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided");
3870 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3871 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr ==
3872 p_data->set_encryption.bd_addr &&
3873 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3876 if (i < bta_dm_cb.device_list.count) {
3877 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) {
3878 APPL_TRACE_ERROR("earlier enc was not done for same device");
3879 (*p_data->set_encryption.p_callback)(p_data->set_encryption.bd_addr,
3880 p_data->set_encryption.transport,
3885 if (BTM_SetEncryption(p_data->set_encryption.bd_addr,
3886 p_data->set_encryption.transport,
3887 bta_dm_encrypt_cback, NULL,
3888 p_data->set_encryption.sec_act) == BTM_CMD_STARTED) {
3889 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback =
3890 p_data->set_encryption.p_callback;
3895 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3896 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3898 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3899 // Check if profiles other than hid are connected
3900 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3901 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3902 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3903 bta_dm_conn_srvcs.conn_srvc[j].id);
3911 /*******************************************************************************
3913 * Function bta_dm_observe_results_cb
3915 * Description Callback for BLE Observe result
3920 ******************************************************************************/
3921 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
3923 tBTA_DM_SEARCH result;
3924 tBTM_INQ_INFO* p_inq_info;
3925 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3927 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3928 result.inq_res.rssi = p_inq->rssi;
3929 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3930 result.inq_res.inq_result_type = p_inq->inq_result_type;
3931 result.inq_res.device_type = p_inq->device_type;
3932 result.inq_res.flag = p_inq->flag;
3933 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3934 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3935 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3936 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3937 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3938 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3940 /* application will parse EIR to find out remote device name */
3941 result.inq_res.p_eir = p_eir;
3942 result.inq_res.eir_len = eir_len;
3944 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3945 if (p_inq_info != NULL) {
3946 /* initialize remt_name_not_required to false so that we get the name by
3948 result.inq_res.remt_name_not_required = false;
3951 if (bta_dm_search_cb.p_scan_cback)
3952 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3955 /* application indicates if it knows the remote name, inside the callback
3956 copy that to the inquiry data base*/
3957 if (result.inq_res.remt_name_not_required)
3958 p_inq_info->appl_knows_rem_name = true;
3962 /*******************************************************************************
3964 * Function bta_dm_observe_cmpl_cb
3966 * Description Callback for BLE Observe complete
3971 ******************************************************************************/
3972 static void bta_dm_observe_cmpl_cb(void* p_result) {
3973 tBTA_DM_SEARCH data;
3975 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3977 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3978 if (bta_dm_search_cb.p_scan_cback) {
3979 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3983 /*******************************************************************************
3985 * Function bta_dm_ble_smp_cback
3987 * Description Callback for BLE SMP
3992 ******************************************************************************/
3993 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
3994 tBTM_LE_EVT_DATA* p_data) {
3995 tBTM_STATUS status = BTM_SUCCESS;
3996 tBTA_DM_SEC sec_event;
3997 char* p_name = NULL;
3999 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
4001 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
4003 case BTM_LE_IO_REQ_EVT:
4004 #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE)
4006 bta_dm_co_ble_io_req(
4007 bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
4008 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
4009 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
4011 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
4012 p_data->io_req.oob_data);
4016 case BTM_LE_SEC_REQUEST_EVT:
4017 sec_event.ble_req.bd_addr = bda;
4018 p_name = BTM_SecReadDevName(bda);
4020 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
4022 sec_event.ble_req.bd_name[0] = 0;
4023 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
4026 case BTM_LE_KEY_NOTIF_EVT:
4027 sec_event.key_notif.bd_addr = bda;
4028 p_name = BTM_SecReadDevName(bda);
4030 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN);
4032 sec_event.key_notif.bd_name[0] = 0;
4033 sec_event.key_notif.passkey = p_data->key_notif;
4034 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
4037 case BTM_LE_KEY_REQ_EVT:
4038 sec_event.ble_req.bd_addr = bda;
4039 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
4042 case BTM_LE_OOB_REQ_EVT:
4043 sec_event.ble_req.bd_addr = bda;
4044 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
4047 case BTM_LE_NC_REQ_EVT:
4048 sec_event.key_notif.bd_addr = bda;
4049 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
4051 sec_event.key_notif.passkey = p_data->key_notif;
4052 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
4055 case BTM_LE_SC_OOB_REQ_EVT:
4056 sec_event.ble_req.bd_addr = bda;
4057 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
4060 case BTM_LE_KEY_EVT:
4061 sec_event.ble_key.bd_addr = bda;
4062 sec_event.ble_key.key_type = p_data->key.key_type;
4063 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
4064 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
4067 case BTM_LE_COMPLT_EVT:
4068 sec_event.auth_cmpl.bd_addr = bda;
4069 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
4070 &sec_event.auth_cmpl.addr_type);
4071 p_name = BTM_SecReadDevName(bda);
4073 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN));
4075 sec_event.auth_cmpl.bd_name[0] = 0;
4077 if (p_data->complt.reason != 0) {
4078 sec_event.auth_cmpl.fail_reason =
4079 BTA_DM_AUTH_CONVERT_SMP_CODE(((uint8_t)p_data->complt.reason));
4080 /* delete this device entry from Sec Dev DB */
4081 bta_dm_remove_sec_dev_entry(bda);
4083 sec_event.auth_cmpl.success = true;
4086 if (bta_dm_cb.p_sec_cback) {
4087 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
4088 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
4093 status = BTM_NOT_AUTHORIZED;
4099 /*******************************************************************************
4101 * Function bta_dm_ble_id_key_cback
4103 * Description Callback for BLE local ID keys
4108 ******************************************************************************/
4109 static void bta_dm_ble_id_key_cback(uint8_t key_type,
4110 tBTM_BLE_LOCAL_KEYS* p_key) {
4115 case BTM_BLE_KEY_TYPE_ID:
4116 case BTM_BLE_KEY_TYPE_ER:
4117 if (bta_dm_cb.p_sec_cback) {
4118 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
4120 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT
4121 : BTA_DM_BLE_LOCAL_ER_EVT;
4122 bta_dm_cb.p_sec_cback(evt, &dm_key);
4127 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
4133 /*******************************************************************************
4135 * Function bta_dm_add_blekey
4137 * Description This function adds an BLE Key to an security database entry.
4138 * This function shall only be called AFTER BTA_DmAddBleDevice
4140 * It is normally called during host startup to restore all
4141 * required information stored in the NVRAM.
4145 ******************************************************************************/
4146 void bta_dm_add_blekey(tBTA_DM_MSG* p_data) {
4147 if (!BTM_SecAddBleKey(p_data->add_ble_key.bd_addr,
4148 (tBTM_LE_KEY_VALUE*)&p_data->add_ble_key.blekey,
4149 p_data->add_ble_key.key_type)) {
4150 LOG(ERROR) << "BTA_DM: Error adding BLE Key for device "
4151 << p_data->add_ble_key.bd_addr;
4155 /*******************************************************************************
4157 * Function bta_dm_add_ble_device
4159 * Description This function adds an BLE device to an security database
4161 * It is normally called during host startup to restore all
4162 * required information stored in the NVRAM.
4166 ******************************************************************************/
4167 void bta_dm_add_ble_device(tBTA_DM_MSG* p_data) {
4168 if (!BTM_SecAddBleDevice(p_data->add_ble_device.bd_addr, NULL,
4169 p_data->add_ble_device.dev_type,
4170 p_data->add_ble_device.addr_type)) {
4171 LOG(ERROR) << "BTA_DM: Error adding BLE Device for device "
4172 << p_data->add_ble_device.bd_addr;
4176 /*******************************************************************************
4178 * Function bta_dm_add_ble_device
4180 * Description This function adds an BLE device to an security database
4182 * It is normally called during host startup to restore all
4183 * required information stored in the NVRAM.
4187 ******************************************************************************/
4188 void bta_dm_ble_passkey_reply(tBTA_DM_MSG* p_data) {
4189 if (p_data->pin_reply.accept) {
4190 BTM_BlePasskeyReply(p_data->ble_passkey_reply.bd_addr, BTM_SUCCESS,
4191 p_data->ble_passkey_reply.passkey);
4193 BTM_BlePasskeyReply(p_data->ble_passkey_reply.bd_addr, BTM_NOT_AUTHORIZED,
4194 p_data->ble_passkey_reply.passkey);
4198 /*******************************************************************************
4200 * Function bta_dm_ble_confirm_reply
4202 * Description This is response to SM numeric comparison request submitted
4207 ******************************************************************************/
4208 void bta_dm_ble_confirm_reply(tBTA_DM_MSG* p_data) {
4209 if (p_data->confirm.accept) {
4210 BTM_BleConfirmReply(p_data->confirm.bd_addr, BTM_SUCCESS);
4212 BTM_BleConfirmReply(p_data->ble_passkey_reply.bd_addr, BTM_NOT_AUTHORIZED);
4216 /*******************************************************************************
4218 * Function bta_dm_security_grant
4220 * Description This function grant SMP security request access.
4224 ******************************************************************************/
4225 void bta_dm_security_grant(tBTA_DM_MSG* p_data) {
4226 BTM_SecurityGrant(p_data->ble_sec_grant.bd_addr, p_data->ble_sec_grant.res);
4229 /*******************************************************************************
4231 * Function bta_dm_ble_set_bg_conn_type
4233 * Description This function set the BLE background connection type
4237 ******************************************************************************/
4238 void bta_dm_ble_set_bg_conn_type(tBTA_DM_MSG* p_data) {
4239 BTM_BleStartAutoConn();
4242 /*******************************************************************************
4244 * Function bta_dm_ble_set_conn_params
4246 * Description This function set the preferred connection parameters.
4250 ******************************************************************************/
4251 void bta_dm_ble_set_conn_params(tBTA_DM_MSG* p_data) {
4252 BTM_BleSetPrefConnParams(p_data->ble_set_conn_params.peer_bda,
4253 p_data->ble_set_conn_params.conn_int_min,
4254 p_data->ble_set_conn_params.conn_int_max,
4255 p_data->ble_set_conn_params.slave_latency,
4256 p_data->ble_set_conn_params.supervision_tout);
4259 /*******************************************************************************
4261 * Function bta_dm_ble_set_conn_scan_params
4263 * Description This function set the preferred connection scan parameters.
4267 ******************************************************************************/
4268 void bta_dm_ble_set_conn_scan_params(tBTA_DM_MSG* p_data) {
4269 BTM_BleSetConnScanParams(p_data->ble_set_conn_scan_params.scan_int,
4270 p_data->ble_set_conn_scan_params.scan_window);
4272 /*******************************************************************************
4274 * Function bta_dm_ble_update_conn_params
4276 * Description This function update LE connection parameters.
4280 ******************************************************************************/
4281 void bta_dm_ble_update_conn_params(tBTA_DM_MSG* p_data) {
4282 if (!L2CA_UpdateBleConnParams(p_data->ble_update_conn_params.bd_addr,
4283 p_data->ble_update_conn_params.min_int,
4284 p_data->ble_update_conn_params.max_int,
4285 p_data->ble_update_conn_params.latency,
4286 p_data->ble_update_conn_params.timeout)) {
4287 APPL_TRACE_ERROR("Update connection parameters failed!");
4291 #if (BLE_PRIVACY_SPT == TRUE)
4292 /*******************************************************************************
4294 * Function bta_dm_ble_config_local_privacy
4296 * Description This function set the local device LE privacy settings.
4300 ******************************************************************************/
4301 void bta_dm_ble_config_local_privacy(tBTA_DM_MSG* p_data) {
4302 BTM_BleConfigPrivacy(p_data->ble_local_privacy.privacy_enable);
4306 /*******************************************************************************
4308 * Function bta_dm_ble_observe
4310 * Description This function set the preferred connection scan parameters.
4314 ******************************************************************************/
4315 void bta_dm_ble_observe(tBTA_DM_MSG* p_data) {
4317 if (p_data->ble_observe.start) {
4318 /*Save the callback to be called when a scan results are available */
4319 bta_dm_search_cb.p_scan_cback = p_data->ble_observe.p_cback;
4320 status = BTM_BleObserve(true, p_data->ble_observe.duration,
4321 bta_dm_observe_results_cb, bta_dm_observe_cmpl_cb);
4322 if (status != BTM_CMD_STARTED) {
4323 tBTA_DM_SEARCH data;
4324 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
4326 data.inq_cmpl.num_resps = 0;
4327 if (bta_dm_search_cb.p_scan_cback) {
4328 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
4332 bta_dm_search_cb.p_scan_cback = NULL;
4333 BTM_BleObserve(false, 0, NULL, NULL);
4336 /*******************************************************************************
4338 * Function bta_dm_ble_set_adv_params
4340 * Description This function set the adv parameters.
4344 ******************************************************************************/
4345 void bta_dm_ble_set_adv_params(uint16_t adv_int_min, uint16_t adv_int_max,
4346 tBLE_BD_ADDR* p_dir_bda) {
4347 BTM_BleSetAdvParams(adv_int_min, adv_int_max, p_dir_bda,
4348 BTA_DM_BLE_ADV_CHNL_MAP);
4351 /*******************************************************************************
4353 * Function bta_dm_ble_set_data_length
4355 * Description This function set the maximum transmission packet size
4359 ******************************************************************************/
4360 void bta_dm_ble_set_data_length(tBTA_DM_MSG* p_data) {
4361 if (BTM_SetBleDataLength(p_data->ble_set_data_length.remote_bda,
4362 p_data->ble_set_data_length.tx_data_length) !=
4364 APPL_TRACE_ERROR("%s failed", __func__);
4368 /*******************************************************************************
4370 * Function bta_ble_enable_scan_cmpl
4372 * Description ADV payload filtering enable / disable complete callback
4377 ******************************************************************************/
4378 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
4379 tBTM_BLE_RX_TIME_MS rx_time,
4380 tBTM_BLE_IDLE_TIME_MS idle_time,
4381 tBTM_BLE_ENERGY_USED energy_used,
4382 tBTM_STATUS status) {
4383 tBTA_STATUS st = (status == BTM_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4384 tBTA_DM_CONTRL_STATE ctrl_state = 0;
4386 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
4388 if (bta_dm_cb.p_energy_info_cback)
4389 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
4393 /*******************************************************************************
4395 * Function bta_dm_ble_get_energy_info
4397 * Description This function obtains the energy info
4401 ******************************************************************************/
4402 void bta_dm_ble_get_energy_info(tBTA_DM_MSG* p_data) {
4403 tBTM_STATUS btm_status = 0;
4405 bta_dm_cb.p_energy_info_cback = p_data->ble_energy_info.p_energy_info_cback;
4406 btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
4407 if (BTM_CMD_STARTED != btm_status)
4408 bta_ble_energy_info_cmpl(0, 0, 0, 0, btm_status);
4411 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
4412 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
4415 /*******************************************************************************
4417 * Function bta_dm_gattc_register
4419 * Description Register with GATTC in DM if BLE is needed.
4424 ******************************************************************************/
4425 static void bta_dm_gattc_register(void) {
4426 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
4427 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
4428 base::Bind([](uint8_t client_id, uint8_t status) {
4429 if (status == BTA_GATT_OK)
4430 bta_dm_search_cb.client_if = client_id;
4432 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
4438 /*******************************************************************************
4440 * Function btm_dm_start_disc_gatt_services
4442 * Description This function starts a GATT service search request.
4446 ******************************************************************************/
4447 static void btm_dm_start_disc_gatt_services(uint16_t conn_id) {
4448 tBT_UUID* p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4449 bta_dm_search_cb.uuid_to_search;
4451 p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4452 bta_dm_search_cb.uuid_to_search;
4454 /* always search for all services */
4455 BTA_GATTC_ServiceSearchRequest(conn_id, p_uuid);
4458 /*******************************************************************************
4460 * Function bta_dm_gatt_disc_result
4462 * Description This function process the GATT service search result.
4466 ******************************************************************************/
4467 static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) {
4468 tBTA_DM_SEARCH result;
4471 * This logic will not work for gatt case. We are checking against the
4472 * bluetooth profiles here
4473 * just copy the GATTID in raw data field and send it across.
4476 if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) <
4477 bta_dm_search_cb.ble_raw_size) {
4479 "ADDING BLE SERVICE uuid=0x%x, ble_ptr = 0x%x, ble_raw_used = 0x%x",
4480 service_id.uuid.uu.uuid16, bta_dm_search_cb.p_ble_rawdata,
4481 bta_dm_search_cb.ble_raw_used);
4483 if (bta_dm_search_cb.p_ble_rawdata) {
4484 memcpy((bta_dm_search_cb.p_ble_rawdata + bta_dm_search_cb.ble_raw_used),
4485 &service_id, sizeof(service_id));
4487 bta_dm_search_cb.ble_raw_used += sizeof(service_id);
4489 APPL_TRACE_ERROR("p_ble_rawdata is NULL");
4494 "%s out of room to accomodate more service ids ble_raw_size = %d "
4495 "ble_raw_used = %d",
4496 __func__, bta_dm_search_cb.ble_raw_size, bta_dm_search_cb.ble_raw_used);
4499 LOG_INFO(LOG_TAG, "%s service_id_uuid_len=%d ", __func__,
4500 service_id.uuid.len);
4501 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) {
4502 /* send result back to app now, one by one */
4503 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4504 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
4506 memcpy(&result.disc_ble_res.service, &service_id.uuid, sizeof(tBT_UUID));
4508 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
4512 /*******************************************************************************
4514 * Function bta_dm_gatt_disc_complete
4516 * Description This function process the GATT service search complete.
4520 ******************************************************************************/
4521 static void bta_dm_gatt_disc_complete(uint16_t conn_id,
4522 tBTA_GATT_STATUS status) {
4523 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
4525 if (bta_dm_search_cb.uuid_to_search > 0) bta_dm_search_cb.uuid_to_search--;
4527 if (status == BTA_GATT_OK && bta_dm_search_cb.uuid_to_search > 0) {
4528 btm_dm_start_disc_gatt_services(conn_id);
4530 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4532 bta_dm_search_cb.uuid_to_search = 0;
4534 /* no more services to be discovered */
4535 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
4536 p_msg->disc_result.result.disc_res.result =
4537 (status == BTA_GATT_OK) ? BTA_SUCCESS : BTA_FAILURE;
4538 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
4539 bta_dm_search_cb.services_found);
4540 p_msg->disc_result.result.disc_res.services =
4541 bta_dm_search_cb.services_found;
4542 p_msg->disc_result.result.disc_res.num_uuids = 0;
4543 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
4544 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4545 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
4546 bta_dm_get_remname(), BD_NAME_LEN);
4548 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
4549 if (bta_dm_search_cb.ble_raw_used > 0) {
4550 p_msg->disc_result.result.disc_res.p_raw_data =
4551 (uint8_t*)osi_malloc(bta_dm_search_cb.ble_raw_used);
4553 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
4554 bta_dm_search_cb.p_ble_rawdata, bta_dm_search_cb.ble_raw_used);
4556 p_msg->disc_result.result.disc_res.raw_data_size =
4557 bta_dm_search_cb.ble_raw_used;
4559 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
4560 bta_dm_search_cb.p_ble_rawdata = 0;
4563 bta_sys_sendmsg(p_msg);
4565 if (conn_id != BTA_GATT_INVALID_CONN_ID) {
4566 /* start a GATT channel close delay timer */
4567 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
4568 BTA_DM_GATT_CLOSE_DELAY_TOUT,
4569 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
4570 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
4572 bta_dm_search_cb.gatt_disc_active = false;
4576 /*******************************************************************************
4578 * Function bta_dm_close_gatt_conn
4580 * Description This function close the GATT connection after delay
4585 ******************************************************************************/
4586 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
4587 if (bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID)
4588 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
4590 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4591 bta_dm_search_cb.conn_id = BTA_GATT_INVALID_CONN_ID;
4593 /*******************************************************************************
4595 * Function btm_dm_start_gatt_discovery
4597 * Description This is GATT initiate the service search by open a GATT
4602 ******************************************************************************/
4603 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
4604 bta_dm_search_cb.gatt_disc_active = true;
4606 /* connection is already open */
4607 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
4608 bta_dm_search_cb.conn_id != BTA_GATT_INVALID_CONN_ID) {
4609 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4610 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
4611 btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id);
4613 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
4614 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4615 BTA_GATT_TRANSPORT_LE, true);
4617 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4618 BTA_GATT_TRANSPORT_LE, false);
4623 /*******************************************************************************
4625 * Function bta_dm_cancel_gatt_discovery
4627 * Description This is GATT cancel the GATT service search.
4631 ******************************************************************************/
4632 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) {
4633 if (bta_dm_search_cb.conn_id == BTA_GATT_INVALID_CONN_ID) {
4634 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true);
4637 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id,
4638 (tBTA_GATT_STATUS)BTA_GATT_ERROR);
4641 /*******************************************************************************
4643 * Function bta_dm_proc_open_evt
4645 * Description process BTA_GATTC_OPEN_EVT in DM.
4649 ******************************************************************************/
4650 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
4651 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
4652 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
4653 << " connected_bda=" << p_data->remote_bda.address;
4655 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
4656 p_data->conn_id, p_data->client_if, p_data->status);
4658 bta_dm_search_cb.conn_id = p_data->conn_id;
4660 if (p_data->status == BTA_GATT_OK) {
4661 btm_dm_start_disc_gatt_services(p_data->conn_id);
4663 bta_dm_gatt_disc_complete(BTA_GATT_INVALID_CONN_ID, p_data->status);
4667 /*******************************************************************************
4669 * Function bta_dm_gattc_callback
4671 * Description This is GATT client callback function used in DM.
4675 ******************************************************************************/
4676 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
4677 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
4680 case BTA_GATTC_OPEN_EVT:
4681 bta_dm_proc_open_evt(&p_data->open);
4684 case BTA_GATTC_SEARCH_RES_EVT:
4685 bta_dm_gatt_disc_result(p_data->srvc_res.service_uuid);
4688 case BTA_GATTC_SEARCH_CMPL_EVT:
4689 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
4690 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
4691 p_data->search_cmpl.status);
4694 case BTA_GATTC_CLOSE_EVT:
4695 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
4696 /* in case of disconnect before search is completed */
4697 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
4698 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
4699 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
4700 bta_dm_gatt_disc_complete((uint16_t)BTA_GATT_INVALID_CONN_ID,
4701 (tBTA_GATT_STATUS)BTA_GATT_ERROR);
4710 #if (BLE_VND_INCLUDED == TRUE)
4711 /*******************************************************************************
4713 * Function bta_dm_ctrl_features_rd_cmpl_cback
4715 * Description callback to handle controller feature read complete
4719 ******************************************************************************/
4720 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result) {
4721 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
4722 if (result == BTM_SUCCESS) {
4723 if (bta_dm_cb.p_sec_cback)
4724 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
4726 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
4730 #endif /* BLE_VND_INCLUDED */
OSDN Git Service
