1 /******************************************************************************
3 * Copyright 2003-2014 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains the action functions for device manager state
24 ******************************************************************************/
26 #define LOG_TAG "bt_bta_dm"
28 #include <base/bind.h>
29 #include <base/callback.h>
30 #include <base/logging.h>
33 #include "bt_common.h"
34 #include "bt_target.h"
37 #include "bta_dm_api.h"
38 #include "bta_dm_co.h"
39 #include "bta_dm_int.h"
41 #include "btif_storage.h"
42 #include "btif_config.h"
46 #include "device/include/interop.h"
47 #include "gap_api.h" /* For GAP_BleReadPeerPrefConnParams */
49 #include "osi/include/log.h"
50 #include "osi/include/osi.h"
52 #include "stack/btm/btm_ble_int.h"
53 #include "stack/gatt/connection_manager.h"
54 #include "stack/include/gatt_api.h"
57 #if (GAP_INCLUDED == TRUE)
61 using bluetooth::Uuid;
63 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
65 static void bta_dm_inq_cmpl_cb(void* p_result);
66 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
67 DEV_CLASS dc, BD_NAME bd_name);
68 static void bta_dm_remname_cback(void* p);
69 static void bta_dm_find_services(const RawAddress& bd_addr);
70 static void bta_dm_discover_next_device(void);
71 static void bta_dm_sdp_callback(uint16_t sdp_status);
72 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
73 DEV_CLASS dev_class, BD_NAME bd_name,
74 uint8_t* service_name, uint8_t service_id,
76 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
77 BD_NAME bd_name, bool min_16_digit);
78 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
79 DEV_CLASS dev_class, BD_NAME bd_name,
80 const LinkKey& key, uint8_t key_type);
81 static uint8_t bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
85 static void bta_dm_local_name_cback(void* p_name);
86 static bool bta_dm_check_av(uint16_t event);
87 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data);
89 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
90 uint8_t app_id, const RawAddress& peer_addr);
92 /* Extended Inquiry Response */
93 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
95 static void bta_dm_set_eir(char* local_name);
97 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
98 tBTA_SERVICE_MASK* p_services_to_search,
99 tBTA_SERVICE_MASK* p_services_found);
101 static void bta_dm_search_timer_cback(void* data);
102 static void bta_dm_disable_conn_down_timer_cback(void* data);
103 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
104 uint8_t app_id, const RawAddress& peer_addr);
105 static void bta_dm_adjust_roles(bool delay_role_switch);
106 static char* bta_dm_get_remname(void);
107 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
109 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
110 tBT_TRANSPORT transport);
111 static void bta_dm_discover_device(const RawAddress& remote_bd_addr);
113 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status);
114 static void bta_dm_disable_search_and_disc(void);
116 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
117 tBTM_LE_EVT_DATA* p_data);
118 static void bta_dm_ble_id_key_cback(uint8_t key_type,
119 tBTM_BLE_LOCAL_KEYS* p_key);
120 static void bta_dm_gattc_register(void);
121 static void btm_dm_start_gatt_discovery(const RawAddress& bd_addr);
122 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr);
123 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data);
124 extern tBTA_DM_CONTRL_STATE bta_dm_pm_obtain_controller_state(void);
126 #if (BLE_VND_INCLUDED == TRUE)
127 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result);
130 #ifndef BTA_DM_BLE_ADV_CHNL_MAP
131 #define BTA_DM_BLE_ADV_CHNL_MAP \
132 (BTM_BLE_ADV_CHNL_37 | BTM_BLE_ADV_CHNL_38 | BTM_BLE_ADV_CHNL_39)
135 /* Disable timer interval (in milliseconds) */
136 #ifndef BTA_DM_DISABLE_TIMER_MS
137 #define BTA_DM_DISABLE_TIMER_MS 5000
140 /* Disable timer retrial interval (in milliseconds) */
141 #ifndef BTA_DM_DISABLE_TIMER_RETRIAL_MS
142 #define BTA_DM_DISABLE_TIMER_RETRIAL_MS 1500
145 /* Disable connection down timer (in milliseconds) */
146 #ifndef BTA_DM_DISABLE_CONN_DOWN_TIMER_MS
147 #define BTA_DM_DISABLE_CONN_DOWN_TIMER_MS 1000
150 /* Switch delay timer (in milliseconds) */
151 #ifndef BTA_DM_SWITCH_DELAY_TIMER_MS
152 #define BTA_DM_SWITCH_DELAY_TIMER_MS 500
155 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
156 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
157 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
159 static void bta_dm_observe_cmpl_cb(void* p_result);
160 static void bta_dm_delay_role_switch_cback(void* data);
161 static void bta_dm_disable_timer_cback(void* data);
163 const uint16_t bta_service_id_to_uuid_lkup_tbl[BTA_MAX_SERVICE_ID] = {
164 UUID_SERVCLASS_PNP_INFORMATION, /* Reserved */
165 UUID_SERVCLASS_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
166 UUID_SERVCLASS_DIALUP_NETWORKING, /* BTA_DUN_SERVICE_ID */
167 UUID_SERVCLASS_AUDIO_SOURCE, /* BTA_A2DP_SOURCE_SERVICE_ID */
168 UUID_SERVCLASS_LAN_ACCESS_USING_PPP, /* BTA_LAP_SERVICE_ID */
169 UUID_SERVCLASS_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
170 UUID_SERVCLASS_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
171 UUID_SERVCLASS_OBEX_OBJECT_PUSH, /* BTA_OPP_SERVICE_ID */
172 UUID_SERVCLASS_OBEX_FILE_TRANSFER, /* BTA_FTP_SERVICE_ID */
173 UUID_SERVCLASS_CORDLESS_TELEPHONY, /* BTA_CTP_SERVICE_ID */
174 UUID_SERVCLASS_INTERCOM, /* BTA_ICP_SERVICE_ID */
175 UUID_SERVCLASS_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
176 UUID_SERVCLASS_DIRECT_PRINTING, /* BTA_BPP_SERVICE_ID */
177 UUID_SERVCLASS_IMAGING_RESPONDER, /* BTA_BIP_SERVICE_ID */
178 UUID_SERVCLASS_PANU, /* BTA_PANU_SERVICE_ID */
179 UUID_SERVCLASS_NAP, /* BTA_NAP_SERVICE_ID */
180 UUID_SERVCLASS_GN, /* BTA_GN_SERVICE_ID */
181 UUID_SERVCLASS_SAP, /* BTA_SAP_SERVICE_ID */
182 UUID_SERVCLASS_AUDIO_SINK, /* BTA_A2DP_SERVICE_ID */
183 UUID_SERVCLASS_AV_REMOTE_CONTROL, /* BTA_AVRCP_SERVICE_ID */
184 UUID_SERVCLASS_HUMAN_INTERFACE, /* BTA_HID_SERVICE_ID */
185 UUID_SERVCLASS_VIDEO_SINK, /* BTA_VDP_SERVICE_ID */
186 UUID_SERVCLASS_PBAP_PSE, /* BTA_PBAP_SERVICE_ID */
187 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, /* BTA_HSP_SERVICE_ID */
188 UUID_SERVCLASS_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
189 UUID_SERVCLASS_MESSAGE_ACCESS, /* BTA_MAP_SERVICE_ID */
190 UUID_SERVCLASS_MESSAGE_NOTIFICATION, /* BTA_MN_SERVICE_ID */
191 UUID_SERVCLASS_HDP_PROFILE, /* BTA_HDP_SERVICE_ID */
192 UUID_SERVCLASS_PBAP_PCE, /* BTA_PCE_SERVICE_ID */
193 UUID_PROTOCOL_ATT /* BTA_GATT_SERVICE_ID */
197 * NOTE : The number of element in bta_service_id_to_btm_srv_id_lkup_tbl should
198 * be matching with the value BTA_MAX_SERVICE_ID in bta_api.h
200 * i.e., If you add new Service ID for BTA, the correct security ID of the new
201 * service from Security service definitions (btm_api.h) should be added to
204 const uint32_t bta_service_id_to_btm_srv_id_lkup_tbl[BTA_MAX_SERVICE_ID] = {
206 BTM_SEC_SERVICE_SERIAL_PORT, /* BTA_SPP_SERVICE_ID */
207 BTM_SEC_SERVICE_DUN, /* BTA_DUN_SERVICE_ID */
208 BTM_SEC_SERVICE_AVDTP, /* BTA_AUDIO_SOURCE_SERVICE_ID */
209 BTM_SEC_SERVICE_LAN_ACCESS, /* BTA_LAP_SERVICE_ID */
210 BTM_SEC_SERVICE_HEADSET_AG, /* BTA_HSP_SERVICE_ID */
211 BTM_SEC_SERVICE_AG_HANDSFREE, /* BTA_HFP_SERVICE_ID */
212 BTM_SEC_SERVICE_OBEX, /* BTA_OPP_SERVICE_ID */
213 BTM_SEC_SERVICE_OBEX_FTP, /* BTA_FTP_SERVICE_ID */
214 BTM_SEC_SERVICE_CORDLESS, /* BTA_CTP_SERVICE_ID */
215 BTM_SEC_SERVICE_INTERCOM, /* BTA_ICP_SERVICE_ID */
216 BTM_SEC_SERVICE_IRMC_SYNC, /* BTA_SYNC_SERVICE_ID */
217 BTM_SEC_SERVICE_BPP_JOB, /* BTA_BPP_SERVICE_ID */
218 BTM_SEC_SERVICE_BIP, /* BTA_BIP_SERVICE_ID */
219 BTM_SEC_SERVICE_BNEP_PANU, /* BTA_PANU_SERVICE_ID */
220 BTM_SEC_SERVICE_BNEP_NAP, /* BTA_NAP_SERVICE_ID */
221 BTM_SEC_SERVICE_BNEP_GN, /* BTA_GN_SERVICE_ID */
222 BTM_SEC_SERVICE_SAP, /* BTA_SAP_SERVICE_ID */
223 BTM_SEC_SERVICE_AVDTP, /* BTA_A2DP_SERVICE_ID */
224 BTM_SEC_SERVICE_AVCTP, /* BTA_AVRCP_SERVICE_ID */
225 BTM_SEC_SERVICE_HIDH_SEC_CTRL, /* BTA_HID_SERVICE_ID */
226 BTM_SEC_SERVICE_AVDTP, /* BTA_VDP_SERVICE_ID */
227 BTM_SEC_SERVICE_PBAP, /* BTA_PBAP_SERVICE_ID */
228 BTM_SEC_SERVICE_HEADSET, /* BTA_HSP_HS_SERVICE_ID */
229 BTM_SEC_SERVICE_HF_HANDSFREE, /* BTA_HFP_HS_SERVICE_ID */
230 BTM_SEC_SERVICE_MAP, /* BTA_MAP_SERVICE_ID */
231 BTM_SEC_SERVICE_MAP, /* BTA_MN_SERVICE_ID */
232 BTM_SEC_SERVICE_HDP_SNK, /* BTA_HDP_SERVICE_ID */
233 BTM_SEC_SERVICE_PBAP, /* BTA_PCE_SERVICE_ID */
234 BTM_SEC_SERVICE_ATT /* BTA_GATT_SERVICE_ID */
237 /* bta security callback */
238 const tBTM_APPL_INFO bta_security = {&bta_dm_authorize_cback,
240 &bta_dm_new_link_key_cback,
241 &bta_dm_authentication_complete_cback,
242 &bta_dm_bond_cancel_complete_cback,
244 &bta_dm_ble_smp_cback,
245 &bta_dm_ble_id_key_cback};
247 #define MAX_DISC_RAW_DATA_BUF (4096)
248 uint8_t g_disc_raw_data_buf[MAX_DISC_RAW_DATA_BUF];
250 extern DEV_CLASS local_device_default_class;
252 // Stores the local Input/Output Capabilities of the Bluetooth device.
253 static uint8_t btm_local_io_caps;
255 /** Initialises the BT device manager */
256 void bta_dm_enable(tBTA_DM_SEC_CBACK* p_sec_cback) {
257 /* if already in use, return an error */
258 if (bta_dm_cb.is_bta_dm_active) {
259 tBTA_DM_SEC enable_event;
260 APPL_TRACE_WARNING("%s Device already started by another application",
262 memset(&enable_event, 0, sizeof(tBTA_DM_SEC));
263 enable_event.enable.status = BTA_FAILURE;
264 if (p_sec_cback != NULL) p_sec_cback(BTA_DM_ENABLE_EVT, &enable_event);
268 /* first, register our callback to SYS HW manager */
269 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
271 /* make sure security callback is saved - if no callback, do not erase the
273 it could be an error recovery mechanism */
274 if (p_sec_cback != NULL) bta_dm_cb.p_sec_cback = p_sec_cback;
275 /* notify BTA DM is now active */
276 bta_dm_cb.is_bta_dm_active = true;
278 /* send a message to BTA SYS */
279 tBTA_SYS_HW_MSG* sys_enable_event =
280 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
281 sys_enable_event->hdr.event = BTA_SYS_API_ENABLE_EVT;
282 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
284 bta_sys_sendmsg(sys_enable_event);
286 btm_local_io_caps = btif_storage_get_local_io_caps();
289 /*******************************************************************************
291 * Function bta_dm_init_cb
293 * Description Initializes the bta_dm_cb control block
298 ******************************************************************************/
299 void bta_dm_init_cb(void) {
300 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
301 bta_dm_cb.disable_timer = alarm_new("bta_dm.disable_timer");
302 bta_dm_cb.switch_delay_timer = alarm_new("bta_dm.switch_delay_timer");
303 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
304 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
305 bta_dm_cb.pm_timer[i].timer[j] = alarm_new("bta_dm.pm_timer");
310 /*******************************************************************************
312 * Function bta_dm_deinit_cb
314 * Description De-initializes the bta_dm_cb control block
319 ******************************************************************************/
320 void bta_dm_deinit_cb(void) {
322 * TODO: Should alarm_free() the bta_dm_cb timers during graceful
325 alarm_free(bta_dm_cb.disable_timer);
326 alarm_free(bta_dm_cb.switch_delay_timer);
327 for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
328 for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
329 alarm_free(bta_dm_cb.pm_timer[i].timer[j]);
332 memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
335 /*******************************************************************************
337 * Function bta_dm_sys_hw_cback
339 * Description callback register to SYS to get HW status updates
344 ******************************************************************************/
345 static void bta_dm_sys_hw_cback(tBTA_SYS_HW_EVT status) {
347 tBTA_DM_SEC_CBACK* temp_cback;
348 uint8_t key_mask = 0;
349 tBTA_BLE_LOCAL_ID_KEYS id_key;
351 APPL_TRACE_DEBUG("%s with event: %i", __func__, status);
353 /* On H/W error evt, report to the registered DM application callback */
354 if (status == BTA_SYS_HW_ERROR_EVT) {
355 if (bta_dm_cb.p_sec_cback != NULL)
356 bta_dm_cb.p_sec_cback(BTA_DM_HW_ERROR_EVT, NULL);
360 if (status == BTA_SYS_HW_OFF_EVT) {
361 if (bta_dm_cb.p_sec_cback != NULL)
362 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
364 /* reinitialize the control block */
367 /* hw is ready, go on with BTA DM initialization */
368 alarm_free(bta_dm_search_cb.search_timer);
369 alarm_free(bta_dm_search_cb.gatt_close_timer);
370 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
372 /* unregister from SYS */
373 bta_sys_hw_unregister(BTA_SYS_HW_BLUETOOTH);
374 /* notify BTA DM is now unactive */
375 bta_dm_cb.is_bta_dm_active = false;
376 } else if (status == BTA_SYS_HW_ON_EVT) {
377 /* FIXME: We should not unregister as the SYS shall invoke this callback on
379 * We need to revisit when this platform has more than one BLuetooth H/W
382 // bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH);
384 /* save security callback */
385 temp_cback = bta_dm_cb.p_sec_cback;
386 /* make sure the control block is properly initialized */
388 /* and retrieve the callback */
389 bta_dm_cb.p_sec_cback = temp_cback;
390 bta_dm_cb.is_bta_dm_active = true;
392 /* hw is ready, go on with BTA DM initialization */
393 alarm_free(bta_dm_search_cb.search_timer);
394 alarm_free(bta_dm_search_cb.gatt_close_timer);
395 memset(&bta_dm_search_cb, 0, sizeof(bta_dm_search_cb));
397 * TODO: Should alarm_free() the bta_dm_search_cb timers during
400 bta_dm_search_cb.search_timer = alarm_new("bta_dm_search.search_timer");
401 bta_dm_search_cb.gatt_close_timer =
402 alarm_new("bta_dm_search.gatt_close_timer");
404 memset(&bta_dm_conn_srvcs, 0, sizeof(bta_dm_conn_srvcs));
405 memset(&bta_dm_di_cb, 0, sizeof(tBTA_DM_DI_CB));
407 memcpy(dev_class, p_bta_dm_cfg->dev_class, sizeof(dev_class));
408 BTM_SetDeviceClass(dev_class);
410 /* load BLE local information: ID keys, ER if available */
412 bta_dm_co_ble_load_local_keys(&key_mask, &er, &id_key);
414 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ER) {
415 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ER,
416 (tBTM_BLE_LOCAL_KEYS*)&er);
418 if (key_mask & BTA_BLE_LOCAL_KEY_TYPE_ID) {
419 BTM_BleLoadLocalKeys(BTA_BLE_LOCAL_KEY_TYPE_ID,
420 (tBTM_BLE_LOCAL_KEYS*)&id_key);
422 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
424 BTM_SecRegister(&bta_security);
425 BTM_SetDefaultLinkSuperTout(p_bta_dm_cfg->link_timeout);
426 BTM_WritePageTimeout(p_bta_dm_cfg->page_timeout);
427 bta_dm_cb.cur_policy = p_bta_dm_cfg->policy_settings;
428 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
429 BTM_RegBusyLevelNotif(bta_dm_bl_change_cback, NULL,
430 BTM_BL_UPDATE_MASK | BTM_BL_ROLE_CHG_MASK);
432 #if (BLE_VND_INCLUDED == TRUE)
433 BTM_BleReadControllerFeatures(bta_dm_ctrl_features_rd_cmpl_cback);
435 /* If VSC multi adv commands are available, advertising will be initialized
436 * when capabilities are read. If they are not avaliable, initialize
437 * advertising here */
441 /* Earlier, we used to invoke BTM_ReadLocalAddr which was just copying the
443 from the control block and invoking the callback which was sending the
445 But then we have a few HCI commands being invoked above which were still
447 when the ENABLE_EVT was sent. So modified this to fetch the local name
449 the DM_ENABLE_EVT to be sent only after all the init steps are complete
451 BTM_ReadLocalDeviceNameFromController(bta_dm_local_name_cback);
453 bta_sys_rm_register(bta_dm_rm_cback);
455 /* initialize bluetooth low power manager */
458 bta_sys_policy_register(bta_dm_policy_cback);
460 bta_dm_gattc_register();
463 APPL_TRACE_DEBUG(" --- ignored event");
466 /** Disables the BT device manager */
467 void bta_dm_disable() {
468 /* Set l2cap idle timeout to 0 (so BTE immediately disconnects ACL link after
469 * last channel is closed) */
470 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_BR_EDR);
471 L2CA_SetIdleTimeoutByBdAddr(RawAddress::kAny, 0, BT_TRANSPORT_LE);
473 /* disable all active subsystems */
474 bta_sys_disable(BTA_SYS_HW_BLUETOOTH);
476 BTM_SetDiscoverability(BTM_NON_DISCOVERABLE, 0, 0);
477 BTM_SetConnectability(BTM_NON_CONNECTABLE, 0, 0);
480 bta_dm_disable_search_and_disc();
481 bta_dm_cb.disabling = true;
483 connection_manager::reset(false);
485 if (BTM_GetNumAclLinks() == 0) {
486 #if (BTA_DISABLE_DELAY > 0)
487 /* If BTA_DISABLE_DELAY is defined and greater than zero, then delay the
489 * BTA_DISABLE_DELAY milliseconds
491 APPL_TRACE_WARNING("%s BTA_DISABLE_DELAY set to %d ms", __func__,
493 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DISABLE_DELAY,
494 bta_dm_disable_conn_down_timer_cback, NULL);
496 bta_dm_disable_conn_down_timer_cback(NULL);
499 alarm_set_on_mloop(bta_dm_cb.disable_timer, BTA_DM_DISABLE_TIMER_MS,
500 bta_dm_disable_timer_cback, UINT_TO_PTR(0));
504 /*******************************************************************************
506 * Function bta_dm_disable_timer_cback
508 * Description Called if the disable timer expires
509 * Used to close ACL connections which are still active
515 ******************************************************************************/
516 static void bta_dm_disable_timer_cback(void* data) {
518 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
519 bool trigger_disc = false;
520 uint32_t param = PTR_TO_UINT(data);
522 APPL_TRACE_EVENT("%s trial %u", __func__, param);
524 if (BTM_GetNumAclLinks() && (param == 0)) {
525 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
526 transport = bta_dm_cb.device_list.peer_device[i].transport;
527 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
532 /* Retrigger disable timer in case ACL disconnect failed, DISABLE_EVT still
534 to be sent out to avoid jave layer disable timeout */
536 alarm_set_on_mloop(bta_dm_cb.disable_timer,
537 BTA_DM_DISABLE_TIMER_RETRIAL_MS,
538 bta_dm_disable_timer_cback, UINT_TO_PTR(1));
541 bta_dm_cb.disabling = false;
543 bta_sys_remove_uuid(UUID_SERVCLASS_PNP_INFORMATION);
544 bta_dm_cb.p_sec_cback(BTA_DM_DISABLE_EVT, NULL);
548 /** Sets local device name */
549 void bta_dm_set_dev_name(const std::vector<uint8_t>& name) {
550 BTM_SetLocalDeviceName((char*)name.data());
551 bta_dm_set_eir((char*)name.data());
554 /** Sets discoverability, connectability and pairability */
555 void bta_dm_set_visibility(tBTA_DM_DISC disc_mode_param,
556 tBTA_DM_CONN conn_mode_param, uint8_t pairable_mode,
557 uint8_t conn_paired_only) {
558 uint16_t window, interval;
559 uint16_t le_disc_mode = BTM_BleReadDiscoverability();
560 uint16_t le_conn_mode = BTM_BleReadConnectability();
561 uint16_t disc_mode = BTM_ReadDiscoverability(&window, &interval);
562 uint16_t conn_mode = BTM_ReadConnectability(&window, &interval);
564 /* set modes for Discoverability and connectability if not ignore */
565 if (disc_mode_param != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
566 if ((disc_mode_param & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
567 disc_mode_param = ((disc_mode_param & ~BTA_DM_LE_IGNORE) | le_disc_mode);
568 if ((disc_mode_param & BTA_DM_IGNORE) == BTA_DM_IGNORE)
569 disc_mode_param = ((disc_mode_param & ~BTA_DM_IGNORE) | disc_mode);
571 BTM_SetDiscoverability(disc_mode_param, bta_dm_cb.inquiry_scan_window,
572 bta_dm_cb.inquiry_scan_interval);
575 if (conn_mode_param != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
576 if ((conn_mode_param & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
577 conn_mode_param = ((conn_mode_param & ~BTA_DM_LE_IGNORE) | le_conn_mode);
578 if ((conn_mode_param & BTA_DM_IGNORE) == BTA_DM_IGNORE)
579 conn_mode_param = ((conn_mode_param & ~BTA_DM_IGNORE) | conn_mode);
581 BTM_SetConnectability(conn_mode_param, bta_dm_cb.page_scan_window,
582 bta_dm_cb.page_scan_interval);
585 /* Send False or True if not ignore */
586 if (pairable_mode != BTA_DM_IGNORE) {
587 if (pairable_mode == BTA_DM_NON_PAIRABLE)
588 bta_dm_cb.disable_pair_mode = true;
590 bta_dm_cb.disable_pair_mode = false;
593 /* Send False or True if not ignore */
594 if (conn_paired_only != BTA_DM_IGNORE) {
595 if (conn_paired_only == BTA_DM_CONN_ALL)
596 bta_dm_cb.conn_paired_only = false;
598 bta_dm_cb.conn_paired_only = true;
601 /* Change mode if either mode is not ignore */
602 if (pairable_mode != BTA_DM_IGNORE || conn_paired_only != BTA_DM_IGNORE)
603 BTM_SetPairableMode((bool)(!(bta_dm_cb.disable_pair_mode)),
604 bta_dm_cb.conn_paired_only);
607 /*******************************************************************************
609 * Function bta_dm_process_remove_device
611 * Description Removes device, Disconnects ACL link if required.
613 ******************************************************************************/
614 void bta_dm_process_remove_device(const RawAddress& bd_addr) {
615 /* need to remove all pending background connection before unpair */
616 BTA_GATTC_CancelOpen(0, bd_addr, false);
618 BTM_SecDeleteDevice(bd_addr);
620 /* remove all cached GATT information */
621 BTA_GATTC_Refresh(bd_addr);
623 if (bta_dm_cb.p_sec_cback) {
624 tBTA_DM_SEC sec_event;
625 sec_event.link_down.bd_addr = bd_addr;
627 /* No connection, set status to success (acl disc code not valid) */
628 sec_event.link_down.status = HCI_SUCCESS;
629 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &sec_event);
633 /** Removes device, disconnects ACL link if required */
634 void bta_dm_remove_device(const RawAddress& bd_addr) {
635 /* If ACL exists for the device in the remove_bond message*/
636 bool is_bd_addr_connected =
637 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
638 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR);
640 uint8_t other_transport = BT_TRANSPORT_INVALID;
641 if (is_bd_addr_connected) {
642 APPL_TRACE_DEBUG("%s: ACL Up count: %d", __func__,
643 bta_dm_cb.device_list.count);
645 /* Take the link down first, and mark the device for removal when
647 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
648 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
649 if (peer_device.peer_bdaddr == bd_addr) {
650 peer_device.conn_state = BTA_DM_UNPAIRING;
652 /* Make sure device is not in white list before we disconnect */
653 GATT_CancelConnect(0, bd_addr, false);
655 btm_remove_acl(bd_addr, peer_device.transport);
656 APPL_TRACE_DEBUG("%s: transport: %d", __func__, peer_device.transport);
658 /* save the other transport to check if device is connected on
660 if (peer_device.transport == BT_TRANSPORT_LE)
661 other_transport = BT_TRANSPORT_BR_EDR;
663 other_transport = BT_TRANSPORT_LE;
670 RawAddress other_address = bd_addr;
671 RawAddress other_address2 = bd_addr;
673 // If it is DUMO device and device is paired as different address, unpair that
675 bool other_address_connected =
677 ? BTM_ReadConnectedTransportAddress(&other_address, other_transport)
678 : (BTM_ReadConnectedTransportAddress(&other_address,
679 BT_TRANSPORT_BR_EDR) ||
680 BTM_ReadConnectedTransportAddress(&other_address2,
682 if (other_address == bd_addr) other_address = other_address2;
684 if (other_address_connected) {
685 /* Take the link down first, and mark the device for removal when
687 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
688 auto& peer_device = bta_dm_cb.device_list.peer_device[i];
689 if (peer_device.peer_bdaddr == other_address) {
690 peer_device.conn_state = BTA_DM_UNPAIRING;
692 /* Make sure device is not in white list before we disconnect */
693 GATT_CancelConnect(0, bd_addr, false);
695 btm_remove_acl(other_address, peer_device.transport);
701 /* Delete the device mentioned in the msg */
702 if (!is_bd_addr_connected) {
703 bta_dm_process_remove_device(bd_addr);
706 /* Delete the other paired device too */
707 if (!other_address_connected && !other_address.IsEmpty()) {
708 bta_dm_process_remove_device(other_address);
711 /* Check the length of the paired devices, and if 0 then reset IRK */
712 if (btif_storage_get_num_bonded_devices() < 1) {
713 LOG(INFO) << "Last paired device removed, resetting IRK";
718 /*******************************************************************************
720 * Function bta_dm_add_device
722 * Description This function adds a Link Key to an security database entry.
723 * It is normally called during host startup to restore all
724 * required information stored in the NVRAM.
725 ******************************************************************************/
726 void bta_dm_add_device(std::unique_ptr<tBTA_DM_API_ADD_DEVICE> msg) {
727 uint8_t* p_dc = NULL;
728 LinkKey* p_lc = NULL;
729 uint32_t trusted_services_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
731 uint8_t btm_mask_index = 0;
733 memset(trusted_services_mask, 0, sizeof(trusted_services_mask));
735 /* If not all zeros, the device class has been specified */
736 if (msg->dc_known) p_dc = (uint8_t*)msg->dc;
738 if (msg->link_key_known) p_lc = &msg->link_key;
740 if (msg->is_trusted) {
741 /* covert BTA service mask to BTM mask */
742 while (msg->tm && (index < BTA_MAX_SERVICE_ID)) {
743 if (msg->tm & (uint32_t)(1 << index)) {
745 bta_service_id_to_btm_srv_id_lkup_tbl[index] / BTM_SEC_ARRAY_BITS;
746 trusted_services_mask[btm_mask_index] |=
747 (uint32_t)(1 << (bta_service_id_to_btm_srv_id_lkup_tbl[index] -
748 (uint32_t)(btm_mask_index * 32)));
750 msg->tm &= (uint32_t)(~(1 << index));
756 if (!BTM_SecAddDevice(msg->bd_addr, p_dc, msg->bd_name, msg->features,
757 trusted_services_mask, p_lc, msg->key_type, msg->io_cap,
759 LOG(ERROR) << "BTA_DM: Error adding device " << msg->bd_addr;
763 /** This function forces to close the connection to a remote device and
764 * optionaly remove the device from security database if required. */
765 void bta_dm_close_acl(const RawAddress& bd_addr, bool remove_dev,
766 tBTA_TRANSPORT transport) {
769 APPL_TRACE_DEBUG("bta_dm_close_acl");
771 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
772 for (index = 0; index < bta_dm_cb.device_list.count; index++) {
773 if (bta_dm_cb.device_list.peer_device[index].peer_bdaddr == bd_addr)
776 if (index != bta_dm_cb.device_list.count) {
778 bta_dm_cb.device_list.peer_device[index].remove_dev_pending = true;
780 APPL_TRACE_ERROR("unknown device, remove ACL failed");
783 /* Make sure device is not in white list before we disconnect */
784 GATT_CancelConnect(0, bd_addr, false);
786 /* Disconnect the ACL link */
787 btm_remove_acl(bd_addr, transport);
789 /* if to remove the device from security database ? do it now */
790 else if (remove_dev) {
791 if (!BTM_SecDeleteDevice(bd_addr)) {
792 APPL_TRACE_ERROR("delete device from security database failed.");
794 /* need to remove all pending background connection if any */
795 BTA_GATTC_CancelOpen(0, bd_addr, false);
796 /* remove all cached GATT information */
797 BTA_GATTC_Refresh(bd_addr);
799 /* otherwise, no action needed */
802 // TODO: this is unused. remove?
803 /** This function forces to close all the ACL links specified by link type */
804 void bta_dm_remove_all_acl(const tBTA_DM_LINK_TYPE link_type) {
805 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
807 APPL_TRACE_DEBUG("%s link type = %d", __func__, link_type);
809 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
810 transport = bta_dm_cb.device_list.peer_device[i].transport;
811 if ((link_type == BTA_DM_LINK_TYPE_ALL) ||
812 ((link_type == BTA_DM_LINK_TYPE_LE) &&
813 (transport == BT_TRANSPORT_LE)) ||
814 ((link_type == BTA_DM_LINK_TYPE_BR_EDR) &&
815 (transport == BT_TRANSPORT_BR_EDR))) {
816 /* Disconnect the ACL link */
817 btm_remove_acl(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
823 /** Bonds with peer device */
824 void bta_dm_bond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
825 tBTA_TRANSPORT transport) {
826 tBTA_DM_SEC sec_event;
829 tBTM_STATUS status = BTM_SecBond(bd_addr, addr_type, transport, 0, NULL, 0);
831 if (bta_dm_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
832 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
833 sec_event.auth_cmpl.bd_addr = bd_addr;
834 p_name = BTM_SecReadDevName(bd_addr);
835 if (p_name != NULL) {
836 memcpy(sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN - 1));
837 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
840 /* taken care of by memset [above]
841 sec_event.auth_cmpl.key_present = false;
842 sec_event.auth_cmpl.success = false;
844 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
845 if (status == BTM_SUCCESS) {
846 sec_event.auth_cmpl.success = true;
848 /* delete this device entry from Sec Dev DB */
849 bta_dm_remove_sec_dev_entry(bd_addr);
851 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
855 /** Cancels bonding with a peer device */
856 void bta_dm_bond_cancel(const RawAddress& bd_addr) {
858 tBTA_DM_SEC sec_event;
860 APPL_TRACE_EVENT(" bta_dm_bond_cancel ");
861 status = BTM_SecBondCancel(bd_addr);
863 if (bta_dm_cb.p_sec_cback &&
864 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
865 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
867 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
871 /** Send the pin_reply to a request from BTM */
872 void bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg) {
873 uint32_t trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE];
875 uint32_t* current_trusted_mask = BTM_ReadTrustedMask(msg->bd_addr);
876 if (current_trusted_mask) {
877 memcpy(trusted_mask, current_trusted_mask, sizeof(trusted_mask));
879 memset(trusted_mask, 0, sizeof(trusted_mask));
883 BTM_PINCodeReply(msg->bd_addr, BTM_SUCCESS, msg->pin_len, msg->p_pin,
886 BTM_PINCodeReply(msg->bd_addr, BTM_NOT_AUTHORIZED, 0, NULL, trusted_mask);
890 /*******************************************************************************
892 * Function bta_dm_policy_cback
894 * Description process the link policy changes
898 ******************************************************************************/
899 static void bta_dm_policy_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
900 uint8_t app_id, const RawAddress& peer_addr) {
901 tBTA_DM_PEER_DEVICE* p_dev = NULL;
902 uint16_t policy = app_id;
903 uint32_t mask = (uint32_t)(1 << id);
905 if (peer_addr != RawAddress::kEmpty) {
906 p_dev = bta_dm_find_peer_device(peer_addr);
909 APPL_TRACE_DEBUG(" bta_dm_policy_cback cmd:%d, policy:0x%x", status, policy);
911 case BTA_SYS_PLCY_SET:
913 /* restore the default link policy */
914 p_dev->link_policy |= policy;
915 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
918 case BTA_SYS_PLCY_CLR:
920 /* clear the policy from the default link policy */
921 p_dev->link_policy &= (~policy);
922 BTM_SetLinkPolicy(p_dev->peer_bdaddr, &(p_dev->link_policy));
924 if (policy & (HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE)) {
925 /* if clearing sniff/park, wake the link */
926 bta_dm_pm_active(p_dev->peer_bdaddr);
930 case BTA_SYS_PLCY_DEF_SET:
931 /* want to restore/set the role switch policy */
932 bta_dm_cb.role_policy_mask &= ~mask;
933 if (0 == bta_dm_cb.role_policy_mask) {
934 /* if nobody wants to insist on the role */
935 bta_dm_cb.cur_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH;
936 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
940 case BTA_SYS_PLCY_DEF_CLR:
941 /* want to remove the role switch policy */
942 bta_dm_cb.role_policy_mask |= mask;
943 bta_dm_cb.cur_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH;
944 BTM_SetDefaultLinkPolicy(bta_dm_cb.cur_policy);
949 /** Send the user confirm request reply in response to a request from BTM */
950 void bta_dm_confirm(const RawAddress& bd_addr, bool accept) {
951 BTM_ConfirmReqReply(accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, bd_addr);
954 /** respond to the IO capabilities request from BTM */
955 void bta_dm_ci_io_req_act(const RawAddress& bd_addr, tBTA_IO_CAP io_cap,
956 tBTA_OOB_DATA oob_data, tBTA_AUTH_REQ auth_req) {
957 BTM_IoCapRsp(bd_addr, io_cap, oob_data,
958 auth_req ? BTM_AUTH_AP_YES : BTM_AUTH_AP_NO);
961 /** respond to the OOB data request for the remote device from BTM */
962 void bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg) {
963 BTM_RemoteOobDataReply(msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
964 msg->bd_addr, msg->c, msg->r);
967 /*******************************************************************************
969 * Function bta_dm_search_start
971 * Description Starts an inquiry
976 ******************************************************************************/
977 void bta_dm_search_start(tBTA_DM_MSG* p_data) {
978 tBTM_INQUIRY_CMPL result = {};
980 size_t len = sizeof(Uuid) * p_data->search.num_uuid;
981 bta_dm_gattc_register();
983 APPL_TRACE_DEBUG("%s avoid_scatter=%d", __func__,
984 p_bta_dm_cfg->avoid_scatter);
986 if (p_bta_dm_cfg->avoid_scatter &&
987 (p_data->search.rs_res == BTA_DM_RS_NONE) &&
988 bta_dm_check_av(BTA_DM_API_SEARCH_EVT)) {
989 LOG(INFO) << __func__ << ": delay search to avoid scatter";
990 memcpy(&bta_dm_cb.search_msg, &p_data->search, sizeof(tBTA_DM_API_SEARCH));
994 BTM_ClearInqDb(nullptr);
995 /* save search params */
996 bta_dm_search_cb.p_search_cback = p_data->search.p_cback;
997 bta_dm_search_cb.services = p_data->search.services;
999 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1001 if ((bta_dm_search_cb.num_uuid = p_data->search.num_uuid) != 0 &&
1002 p_data->search.p_uuid != nullptr) {
1003 bta_dm_search_cb.p_srvc_uuid = (Uuid*)osi_malloc(len);
1004 *bta_dm_search_cb.p_srvc_uuid = *p_data->search.p_uuid;
1006 result.status = BTM_StartInquiry((tBTM_INQ_PARMS*)&p_data->search.inq_params,
1007 bta_dm_inq_results_cb, bta_dm_inq_cmpl_cb);
1009 APPL_TRACE_EVENT("%s status=%d", __func__, result.status);
1010 if (result.status != BTM_CMD_STARTED) {
1011 LOG(ERROR) << __func__ << ": BTM_StartInquiry returned "
1012 << std::to_string(result.status);
1013 result.num_resp = 0;
1014 bta_dm_inq_cmpl_cb((void*)&result);
1018 /*******************************************************************************
1020 * Function bta_dm_search_cancel
1022 * Description Cancels an ongoing search for devices
1027 ******************************************************************************/
1028 void bta_dm_search_cancel(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1031 if (BTM_IsInquiryActive()) {
1032 if (BTM_CancelInquiry() == BTM_SUCCESS) {
1033 bta_dm_search_cancel_notify(NULL);
1034 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1035 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1036 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1037 bta_sys_sendmsg(p_msg);
1039 /* flag a search cancel is pending */
1040 bta_dm_search_cb.cancel_pending = true;
1043 /* If no Service Search going on then issue cancel remote name in case it is
1045 else if (!bta_dm_search_cb.name_discover_done) {
1046 BTM_CancelRemoteDeviceName();
1048 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1049 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1050 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1051 bta_sys_sendmsg(p_msg);
1053 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1054 p_msg->hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
1055 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1056 bta_sys_sendmsg(p_msg);
1059 if (bta_dm_search_cb.gatt_disc_active) {
1060 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1064 /*******************************************************************************
1066 * Function bta_dm_discover
1068 * Description Discovers services on a remote device
1073 ******************************************************************************/
1074 void bta_dm_discover(tBTA_DM_MSG* p_data) {
1075 size_t len = sizeof(Uuid) * p_data->discover.num_uuid;
1076 APPL_TRACE_EVENT("%s services_to_search=0x%04X, sdp_search=%d", __func__,
1077 p_data->discover.services, p_data->discover.sdp_search);
1079 /* save the search condition */
1080 bta_dm_search_cb.services = p_data->discover.services;
1082 bta_dm_gattc_register();
1083 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1084 if ((bta_dm_search_cb.num_uuid = p_data->discover.num_uuid) != 0 &&
1085 p_data->discover.p_uuid != NULL) {
1086 bta_dm_search_cb.p_srvc_uuid = (Uuid*)osi_malloc(len);
1087 *bta_dm_search_cb.p_srvc_uuid = *p_data->discover.p_uuid;
1089 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1091 bta_dm_search_cb.p_search_cback = p_data->discover.p_cback;
1092 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1093 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1094 bta_dm_search_cb.service_index = 0;
1095 bta_dm_search_cb.services_found = 0;
1096 bta_dm_search_cb.peer_name[0] = 0;
1097 bta_dm_search_cb.sdp_search = p_data->discover.sdp_search;
1098 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbRead(p_data->discover.bd_addr);
1099 bta_dm_search_cb.transport = p_data->discover.transport;
1101 bta_dm_search_cb.name_discover_done = false;
1102 bta_dm_search_cb.uuid = p_data->discover.uuid;
1103 bta_dm_discover_device(p_data->discover.bd_addr);
1106 /*******************************************************************************
1108 * Function bta_dm_di_disc_cmpl
1110 * Description Sends event to application when DI discovery complete
1114 ******************************************************************************/
1115 void bta_dm_di_disc_cmpl(tBTA_DM_MSG* p_data) {
1116 tBTA_DM_DI_DISC_CMPL di_disc;
1118 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1119 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1121 if ((p_data->hdr.offset == SDP_SUCCESS) ||
1122 (p_data->hdr.offset == SDP_DB_FULL)) {
1123 di_disc.num_record = SDP_GetNumDiRecords(bta_dm_di_cb.p_di_db);
1125 di_disc.result = BTA_FAILURE;
1127 bta_dm_di_cb.p_di_db = NULL;
1128 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT,
1129 (tBTA_DM_SEARCH*)&di_disc);
1132 /*******************************************************************************
1134 * Function bta_dm_di_disc_callback
1136 * Description This function queries a remote device for DI information.
1141 ******************************************************************************/
1142 static void bta_dm_di_disc_callback(uint16_t result) {
1143 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1145 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1146 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1147 p_msg->hdr.offset = result;
1149 bta_sys_sendmsg(p_msg);
1152 /*******************************************************************************
1154 * Function bta_dm_disable_search_and_disc
1156 * Description Cancels an ongoing search or discovery for devices in case
1157 * of a Bluetooth disable
1162 ******************************************************************************/
1163 static void bta_dm_disable_search_and_disc(void) {
1164 tBTA_DM_DI_DISC_CMPL di_disc;
1166 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) bta_dm_search_cancel(NULL);
1168 if (bta_dm_di_cb.p_di_db != NULL) {
1169 memset(&di_disc, 0, sizeof(tBTA_DM_DI_DISC_CMPL));
1170 di_disc.bd_addr = bta_dm_search_cb.peer_bdaddr;
1171 di_disc.result = BTA_FAILURE;
1173 bta_dm_di_cb.p_di_db = NULL;
1174 bta_dm_search_cb.p_search_cback(BTA_DM_DI_DISC_CMPL_EVT, NULL);
1178 /*******************************************************************************
1180 * Function bta_dm_di_disc
1182 * Description This function queries a remote device for DI information.
1187 ******************************************************************************/
1188 void bta_dm_di_disc(tBTA_DM_MSG* p_data) {
1189 uint16_t result = BTA_FAILURE;
1191 bta_dm_search_cb.p_search_cback = p_data->di_disc.p_cback;
1192 bta_dm_search_cb.peer_bdaddr = p_data->di_disc.bd_addr;
1193 bta_dm_di_cb.p_di_db = p_data->di_disc.p_sdp_db;
1195 bta_dm_search_cb.p_sdp_db =
1196 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1197 if (SDP_DiDiscover(bta_dm_search_cb.peer_bdaddr, p_data->di_disc.p_sdp_db,
1198 p_data->di_disc.len,
1199 bta_dm_di_disc_callback) == SDP_SUCCESS) {
1200 result = BTA_SUCCESS;
1203 if (result == BTA_FAILURE) {
1204 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1206 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1207 p_msg->hdr.layer_specific = BTA_DM_API_DI_DISCOVER_EVT;
1208 p_data->hdr.offset = result;
1209 bta_sys_sendmsg(p_msg);
1213 /*******************************************************************************
1215 * Function bta_dm_read_remote_device_name
1217 * Description Initiate to get remote device name
1219 * Returns true if started to get remote name
1221 ******************************************************************************/
1222 static bool bta_dm_read_remote_device_name(const RawAddress& bd_addr,
1223 tBT_TRANSPORT transport) {
1224 tBTM_STATUS btm_status;
1226 APPL_TRACE_DEBUG("%s", __func__);
1228 bta_dm_search_cb.peer_bdaddr = bd_addr;
1229 bta_dm_search_cb.peer_name[0] = 0;
1231 btm_status = BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
1232 bta_dm_remname_cback, transport);
1234 if (btm_status == BTM_CMD_STARTED) {
1235 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is started", __func__);
1238 } else if (btm_status == BTM_BUSY) {
1239 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
1241 /* Remote name discovery is on going now so BTM cannot notify through
1242 * "bta_dm_remname_cback" */
1243 /* adding callback to get notified that current reading remore name done */
1244 BTM_SecAddRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1248 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X", __func__,
1255 /*******************************************************************************
1257 * Function bta_dm_inq_cmpl
1259 * Description Process the inquiry complete event from BTM
1263 ******************************************************************************/
1264 void bta_dm_inq_cmpl(tBTA_DM_MSG* p_data) {
1265 tBTA_DM_SEARCH data;
1267 APPL_TRACE_DEBUG("bta_dm_inq_cmpl");
1269 data.inq_cmpl.num_resps = p_data->inq_cmpl.num;
1270 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_CMPL_EVT, &data);
1272 bta_dm_search_cb.p_btm_inq_info = BTM_InqDbFirst();
1273 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1274 /* start name and service discovery from the first device on inquiry result
1276 bta_dm_search_cb.name_discover_done = false;
1277 bta_dm_search_cb.peer_name[0] = 0;
1278 bta_dm_discover_device(
1279 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1281 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1283 /* no devices, search complete */
1284 bta_dm_search_cb.services = 0;
1286 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1287 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1288 bta_sys_sendmsg(p_msg);
1292 /*******************************************************************************
1294 * Function bta_dm_rmt_name
1296 * Description Process the remote name result from BTM
1300 ******************************************************************************/
1301 void bta_dm_rmt_name(tBTA_DM_MSG* p_data) {
1302 APPL_TRACE_DEBUG("bta_dm_rmt_name");
1304 if (p_data->rem_name.result.disc_res.bd_name[0] &&
1305 bta_dm_search_cb.p_btm_inq_info) {
1306 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name = true;
1309 bta_dm_discover_device(bta_dm_search_cb.peer_bdaddr);
1312 /*******************************************************************************
1314 * Function bta_dm_disc_rmt_name
1316 * Description Process the remote name result from BTM when application
1317 * wants to find the name for a bdaddr
1321 ******************************************************************************/
1322 void bta_dm_disc_rmt_name(tBTA_DM_MSG* p_data) {
1323 tBTM_INQ_INFO* p_btm_inq_info;
1325 APPL_TRACE_DEBUG("bta_dm_disc_rmt_name");
1327 p_btm_inq_info = BTM_InqDbRead(p_data->rem_name.result.disc_res.bd_addr);
1328 if (p_btm_inq_info) {
1329 if (p_data->rem_name.result.disc_res.bd_name[0]) {
1330 p_btm_inq_info->appl_knows_rem_name = true;
1334 bta_dm_discover_device(p_data->rem_name.result.disc_res.bd_addr);
1337 /*******************************************************************************
1339 * Function bta_dm_sdp_result
1341 * Description Process the discovery result from sdp
1345 ******************************************************************************/
1346 void bta_dm_sdp_result(tBTA_DM_MSG* p_data) {
1347 tSDP_DISC_REC* p_sdp_rec = NULL;
1349 bool scn_found = false;
1350 uint16_t service = 0xFFFF;
1351 tSDP_PROTOCOL_ELEM pe;
1353 Uuid* p_uuid = bta_dm_search_cb.p_srvc_uuid;
1354 tBTA_DM_SEARCH result;
1356 std::vector<Uuid> uuid_list;
1358 if ((p_data->sdp_event.sdp_result == SDP_SUCCESS) ||
1359 (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH) ||
1360 (p_data->sdp_event.sdp_result == SDP_DB_FULL)) {
1361 APPL_TRACE_DEBUG("sdp_result::0x%x", p_data->sdp_event.sdp_result);
1364 if (bta_dm_search_cb.service_index == (BTA_USER_SERVICE_ID + 1)) {
1365 if (!bta_dm_search_cb.uuid.IsEmpty()) {
1366 p_sdp_rec = SDP_FindServiceUUIDInDb(bta_dm_search_cb.p_sdp_db,
1367 bta_dm_search_cb.uuid, p_sdp_rec);
1370 if (p_sdp_rec && SDP_FindProtocolListElemInRec(
1371 p_sdp_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
1372 bta_dm_search_cb.peer_scn = (uint8_t)pe.params[0];
1377 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index - 1];
1379 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, service, p_sdp_rec);
1381 /* finished with BR/EDR services, now we check the result for GATT based
1383 if (bta_dm_search_cb.service_index == BTA_MAX_SERVICE_ID) {
1384 if (bta_dm_search_cb.uuid_to_search != 0 && p_uuid != NULL) {
1386 (bta_dm_search_cb.num_uuid - bta_dm_search_cb.uuid_to_search);
1387 /* only support 16 bits UUID for now */
1388 service = p_uuid->As16Bit();
1390 /* all GATT based services */
1392 /* find a service record, report it */
1394 SDP_FindServiceInDb(bta_dm_search_cb.p_sdp_db, 0, p_sdp_rec);
1397 if (SDP_FindServiceUUIDInRec(p_sdp_rec, &service_uuid)) {
1398 /* send result back to app now, one by one */
1399 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1400 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
1403 result.disc_ble_res.service = service_uuid;
1404 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
1408 if (bta_dm_search_cb.uuid_to_search > 0) break;
1410 } while (p_sdp_rec);
1412 /* SDP_DB_FULL means some records with the
1413 required attributes were received */
1414 if (((p_data->sdp_event.sdp_result == SDP_DB_FULL) &&
1415 bta_dm_search_cb.services != BTA_ALL_SERVICE_MASK) ||
1416 (p_sdp_rec != NULL)) {
1417 if (service != UUID_SERVCLASS_PNP_INFORMATION) {
1418 bta_dm_search_cb.services_found |=
1419 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(
1420 bta_dm_search_cb.service_index - 1));
1422 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index -
1424 /* Add to the list of UUIDs */
1425 uuid_list.push_back(Uuid::From16Bit(tmp_svc));
1430 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK &&
1431 bta_dm_search_cb.services_to_search == 0) {
1432 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1433 bta_dm_search_cb.uuid_to_search > 0)
1434 bta_dm_search_cb.uuid_to_search--;
1436 if (bta_dm_search_cb.uuid_to_search == 0 ||
1437 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1438 bta_dm_search_cb.service_index++;
1439 } else /* regular one service per search or PNP search */
1442 } while (bta_dm_search_cb.service_index <= BTA_MAX_SERVICE_ID);
1444 APPL_TRACE_DEBUG("%s services_found = %04x", __func__,
1445 bta_dm_search_cb.services_found);
1447 /* Collect the 128-bit services here and put them into the list */
1448 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1451 /* find a service record, report it */
1453 SDP_FindServiceInDb_128bit(bta_dm_search_cb.p_sdp_db, p_sdp_rec);
1455 // SDP_FindServiceUUIDInRec_128bit is used only once, refactor?
1457 if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid)) {
1458 uuid_list.push_back(temp_uuid);
1461 } while (p_sdp_rec);
1463 /* if there are more services to search for */
1464 if (bta_dm_search_cb.services_to_search) {
1465 /* Free up the p_sdp_db before checking the next one */
1466 bta_dm_free_sdp_db(NULL);
1467 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
1470 /* start next bd_addr if necessary */
1472 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1474 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1475 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1476 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
1477 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
1478 p_msg->disc_result.result.disc_res.raw_data_size = 0;
1479 p_msg->disc_result.result.disc_res.num_uuids = uuid_list.size();
1480 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
1481 if (uuid_list.size() > 0) {
1482 // TODO(jpawlowski): make p_uuid_list into vector, and just copy
1483 // vectors, but first get rid of bta_sys_sendmsg below.
1484 p_msg->disc_result.result.disc_res.p_uuid_list =
1485 (Uuid*)osi_malloc(uuid_list.size() * sizeof(Uuid));
1486 memcpy(p_msg->disc_result.result.disc_res.p_uuid_list, uuid_list.data(),
1487 uuid_list.size() * sizeof(Uuid));
1489 // Copy the raw_data to the discovery result structure
1490 if (bta_dm_search_cb.p_sdp_db != NULL &&
1491 bta_dm_search_cb.p_sdp_db->raw_used != 0 &&
1492 bta_dm_search_cb.p_sdp_db->raw_data != NULL) {
1493 APPL_TRACE_DEBUG("%s raw_data used = 0x%x raw_data_ptr = 0x%x",
1494 __func__, bta_dm_search_cb.p_sdp_db->raw_used,
1495 bta_dm_search_cb.p_sdp_db->raw_data);
1497 p_msg->disc_result.result.disc_res.p_raw_data =
1498 (uint8_t*)osi_malloc(bta_dm_search_cb.p_sdp_db->raw_used);
1499 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
1500 bta_dm_search_cb.p_sdp_db->raw_data,
1501 bta_dm_search_cb.p_sdp_db->raw_used);
1503 p_msg->disc_result.result.disc_res.raw_data_size =
1504 bta_dm_search_cb.p_sdp_db->raw_used;
1506 bta_dm_search_cb.p_sdp_db->raw_data =
1507 NULL; // no need to free this - it is a global assigned.
1508 bta_dm_search_cb.p_sdp_db->raw_used = 0;
1509 bta_dm_search_cb.p_sdp_db->raw_size = 0;
1511 APPL_TRACE_DEBUG("%s raw data size is 0 or raw_data is null!!",
1514 /* Done with p_sdp_db. Free it */
1515 bta_dm_free_sdp_db(NULL);
1516 p_msg->disc_result.result.disc_res.services =
1517 bta_dm_search_cb.services_found;
1519 // Piggy back the SCN over result field
1521 p_msg->disc_result.result.disc_res.result =
1522 (3 + bta_dm_search_cb.peer_scn);
1523 p_msg->disc_result.result.disc_res.services |= BTA_USER_SERVICE_MASK;
1525 APPL_TRACE_EVENT(" Piggy back the SCN over result field SCN=%d",
1526 bta_dm_search_cb.peer_scn);
1528 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1529 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1530 bta_dm_get_remname(), BD_NAME_LEN);
1532 bta_sys_sendmsg(p_msg);
1535 /* conn failed. No need for timer */
1536 if (p_data->sdp_event.sdp_result == SDP_CONN_FAILED ||
1537 p_data->sdp_event.sdp_result == SDP_CONN_REJECTED ||
1538 p_data->sdp_event.sdp_result == SDP_SECURITY_ERR)
1539 bta_dm_search_cb.wait_disc = false;
1541 /* not able to connect go to next device */
1542 if (bta_dm_search_cb.p_sdp_db)
1543 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1545 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
1547 p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1548 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1549 p_msg->disc_result.result.disc_res.result = BTA_FAILURE;
1550 p_msg->disc_result.result.disc_res.services =
1551 bta_dm_search_cb.services_found;
1552 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1553 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1554 bta_dm_get_remname(), BD_NAME_LEN);
1556 bta_sys_sendmsg(p_msg);
1560 /*******************************************************************************
1562 * Function bta_dm_search_cmpl
1564 * Description Sends event to application
1568 ******************************************************************************/
1569 void bta_dm_search_cmpl(tBTA_DM_MSG* p_data) {
1570 APPL_TRACE_EVENT("%s", __func__);
1572 osi_free_and_reset((void**)&bta_dm_search_cb.p_srvc_uuid);
1574 if (p_data->hdr.layer_specific == BTA_DM_API_DI_DISCOVER_EVT)
1575 bta_dm_di_disc_cmpl(p_data);
1577 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_CMPL_EVT, NULL);
1580 /*******************************************************************************
1582 * Function bta_dm_disc_result
1584 * Description Service discovery result when discovering services on a
1589 ******************************************************************************/
1590 void bta_dm_disc_result(tBTA_DM_MSG* p_data) {
1591 APPL_TRACE_EVENT("%s", __func__);
1593 /* if any BR/EDR service discovery has been done, report the event */
1594 if ((bta_dm_search_cb.services &
1595 ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK) &
1596 ~BTA_BLE_SERVICE_MASK)))
1597 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1598 &p_data->disc_result.result);
1600 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1602 /* send a message to change state */
1603 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1604 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1605 bta_sys_sendmsg(p_msg);
1608 /*******************************************************************************
1610 * Function bta_dm_search_result
1612 * Description Service discovery result while searching for devices
1616 ******************************************************************************/
1617 void bta_dm_search_result(tBTA_DM_MSG* p_data) {
1618 APPL_TRACE_DEBUG("%s searching:0x%04x, result:0x%04x", __func__,
1619 bta_dm_search_cb.services,
1620 p_data->disc_result.result.disc_res.services);
1622 /* call back if application wants name discovery or found services that
1623 * application is searching */
1624 if ((!bta_dm_search_cb.services) ||
1625 ((bta_dm_search_cb.services) &&
1626 (p_data->disc_result.result.disc_res.services))) {
1627 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT,
1628 &p_data->disc_result.result);
1631 /* if searching did not initiate to create link */
1632 if (!bta_dm_search_cb.wait_disc) {
1633 /* if service searching is done with EIR, don't search next device */
1634 if (bta_dm_search_cb.p_btm_inq_info) bta_dm_discover_next_device();
1636 /* wait until link is disconnected or timeout */
1637 bta_dm_search_cb.sdp_results = true;
1638 alarm_set_on_mloop(bta_dm_search_cb.search_timer,
1639 1000 * (L2CAP_LINK_INACTIVITY_TOUT + 1),
1640 bta_dm_search_timer_cback, NULL);
1644 /*******************************************************************************
1646 * Function bta_dm_search_timer_cback
1648 * Description Called when ACL disconnect time is over
1653 ******************************************************************************/
1654 static void bta_dm_search_timer_cback(UNUSED_ATTR void* data) {
1655 APPL_TRACE_EVENT("%s", __func__);
1656 bta_dm_search_cb.wait_disc = false;
1658 /* proceed with next device */
1659 bta_dm_discover_next_device();
1662 /*******************************************************************************
1664 * Function bta_dm_free_sdp_db
1666 * Description Frees SDP data base
1670 ******************************************************************************/
1671 void bta_dm_free_sdp_db(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1672 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1675 /*******************************************************************************
1677 * Function bta_dm_queue_search
1679 * Description Queues search command while search is being cancelled
1683 ******************************************************************************/
1684 void bta_dm_queue_search(tBTA_DM_MSG* p_data) {
1685 osi_free(bta_dm_search_cb.p_search_queue);
1686 bta_dm_search_cb.p_search_queue =
1687 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_SEARCH));
1688 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_SEARCH));
1691 /*******************************************************************************
1693 * Function bta_dm_queue_disc
1695 * Description Queues discovery command while search is being cancelled
1699 ******************************************************************************/
1700 void bta_dm_queue_disc(tBTA_DM_MSG* p_data) {
1701 osi_free(bta_dm_search_cb.p_search_queue);
1702 bta_dm_search_cb.p_search_queue =
1703 (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_API_DISCOVER));
1704 memcpy(bta_dm_search_cb.p_search_queue, p_data, sizeof(tBTA_DM_API_DISCOVER));
1707 /*******************************************************************************
1709 * Function bta_dm_search_clear_queue
1711 * Description Clears the queue if API search cancel is called
1715 ******************************************************************************/
1716 void bta_dm_search_clear_queue(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1717 osi_free_and_reset((void**)&bta_dm_search_cb.p_search_queue);
1720 /*******************************************************************************
1722 * Function bta_dm_search_cancel_cmpl
1724 * Description Search cancel is complete
1728 ******************************************************************************/
1729 void bta_dm_search_cancel_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1730 if (bta_dm_search_cb.p_search_queue) {
1731 bta_sys_sendmsg(bta_dm_search_cb.p_search_queue);
1732 bta_dm_search_cb.p_search_queue = NULL;
1736 /*******************************************************************************
1738 * Function bta_dm_search_cancel_transac_cmpl
1740 * Description Current Service Discovery or remote name procedure is
1741 * completed after search cancellation
1745 ******************************************************************************/
1746 void bta_dm_search_cancel_transac_cmpl(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1747 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1748 bta_dm_search_cancel_notify(NULL);
1751 /*******************************************************************************
1753 * Function bta_dm_search_cancel_notify
1755 * Description Notify application that search has been cancelled
1759 ******************************************************************************/
1760 void bta_dm_search_cancel_notify(UNUSED_ATTR tBTA_DM_MSG* p_data) {
1761 if (bta_dm_search_cb.p_search_cback) {
1762 bta_dm_search_cb.p_search_cback(BTA_DM_SEARCH_CANCEL_CMPL_EVT, NULL);
1764 if (!bta_dm_search_cb.name_discover_done &&
1765 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE ||
1766 bta_dm_search_cb.state == BTA_DM_SEARCH_CANCELLING)) {
1767 BTM_CancelRemoteDeviceName();
1769 if (bta_dm_search_cb.gatt_disc_active) {
1770 bta_dm_cancel_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
1774 /*******************************************************************************
1776 * Function bta_dm_find_services
1778 * Description Starts discovery on a device
1782 ******************************************************************************/
1783 static void bta_dm_find_services(const RawAddress& bd_addr) {
1784 while (bta_dm_search_cb.service_index < BTA_MAX_SERVICE_ID) {
1785 Uuid uuid = Uuid::kEmpty;
1786 if (bta_dm_search_cb.services_to_search &
1787 (tBTA_SERVICE_MASK)(
1788 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index))) {
1789 bta_dm_search_cb.p_sdp_db =
1790 (tSDP_DISCOVERY_DB*)osi_malloc(BTA_DM_SDP_DB_SIZE);
1791 APPL_TRACE_DEBUG("bta_dm_search_cb.services = %04x***********",
1792 bta_dm_search_cb.services);
1793 /* try to search all services by search based on L2CAP UUID */
1794 if (bta_dm_search_cb.services == BTA_ALL_SERVICE_MASK) {
1795 LOG_INFO(LOG_TAG, "%s services_to_search=%08x", __func__,
1796 bta_dm_search_cb.services_to_search);
1797 if (bta_dm_search_cb.services_to_search & BTA_RES_SERVICE_MASK) {
1798 uuid = Uuid::From16Bit(bta_service_id_to_uuid_lkup_tbl[0]);
1799 bta_dm_search_cb.services_to_search &= ~BTA_RES_SERVICE_MASK;
1801 uuid = Uuid::From16Bit(UUID_PROTOCOL_L2CAP);
1802 bta_dm_search_cb.services_to_search = 0;
1805 /* for LE only profile */
1806 if (bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID) {
1807 if (bta_dm_search_cb.uuid_to_search > 0 &&
1808 bta_dm_search_cb.p_srvc_uuid) {
1809 uuid = *(bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
1810 bta_dm_search_cb.uuid_to_search);
1812 bta_dm_search_cb.uuid_to_search--;
1814 uuid = Uuid::From16Bit(
1815 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb
1819 /* last one? clear the BLE service bit if all discovery has been done
1821 if (bta_dm_search_cb.uuid_to_search == 0)
1822 bta_dm_search_cb.services_to_search &=
1823 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK(
1824 bta_dm_search_cb.service_index)));
1827 /* remove the service from services to be searched */
1828 bta_dm_search_cb.services_to_search &= (tBTA_SERVICE_MASK)(~(
1829 BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
1830 uuid = Uuid::From16Bit(
1831 bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index]);
1835 if (bta_dm_search_cb.service_index == BTA_USER_SERVICE_ID) {
1836 uuid = bta_dm_search_cb.uuid;
1839 LOG_INFO(LOG_TAG, "%s search UUID = %s", __func__,
1840 uuid.ToString().c_str());
1841 SDP_InitDiscoveryDb(bta_dm_search_cb.p_sdp_db, BTA_DM_SDP_DB_SIZE, 1,
1844 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
1845 bta_dm_search_cb.p_sdp_db->raw_data = g_disc_raw_data_buf;
1847 bta_dm_search_cb.p_sdp_db->raw_size = MAX_DISC_RAW_DATA_BUF;
1849 if (!SDP_ServiceSearchAttributeRequest(bd_addr, bta_dm_search_cb.p_sdp_db,
1850 &bta_dm_sdp_callback)) {
1852 * If discovery is not successful with this device, then
1853 * proceed with the next one.
1855 osi_free_and_reset((void**)&bta_dm_search_cb.p_sdp_db);
1856 bta_dm_search_cb.service_index = BTA_MAX_SERVICE_ID;
1859 if ((bta_dm_search_cb.service_index == BTA_BLE_SERVICE_ID &&
1860 bta_dm_search_cb.uuid_to_search == 0) ||
1861 bta_dm_search_cb.service_index != BTA_BLE_SERVICE_ID)
1862 bta_dm_search_cb.service_index++;
1867 bta_dm_search_cb.service_index++;
1870 /* no more services to be discovered */
1871 if (bta_dm_search_cb.service_index >= BTA_MAX_SERVICE_ID) {
1872 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1873 /* initialize the data structure - includes p_raw_data and raw_data_size */
1874 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
1875 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
1876 p_msg->disc_result.result.disc_res.services =
1877 bta_dm_search_cb.services_found;
1878 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
1879 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
1880 bta_dm_get_remname(), BD_NAME_LEN);
1882 bta_sys_sendmsg(p_msg);
1886 /*******************************************************************************
1888 * Function bta_dm_discover_next_device
1890 * Description Starts discovery on the next device in Inquiry data base
1894 ******************************************************************************/
1895 static void bta_dm_discover_next_device(void) {
1896 APPL_TRACE_DEBUG("bta_dm_discover_next_device");
1898 /* searching next device on inquiry result */
1899 bta_dm_search_cb.p_btm_inq_info =
1900 BTM_InqDbNext(bta_dm_search_cb.p_btm_inq_info);
1901 if (bta_dm_search_cb.p_btm_inq_info != NULL) {
1902 bta_dm_search_cb.name_discover_done = false;
1903 bta_dm_search_cb.peer_name[0] = 0;
1904 bta_dm_discover_device(
1905 bta_dm_search_cb.p_btm_inq_info->results.remote_bd_addr);
1907 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
1909 /* no devices, search complete */
1910 bta_dm_search_cb.services = 0;
1912 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
1913 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
1915 bta_sys_sendmsg(p_msg);
1919 /*******************************************************************************
1921 * Function bta_dm_discover_device
1923 * Description Starts name and service discovery on the device
1927 ******************************************************************************/
1928 static void bta_dm_discover_device(const RawAddress& remote_bd_addr) {
1929 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1930 if (bta_dm_search_cb.transport == BTA_TRANSPORT_UNKNOWN) {
1931 tBT_DEVICE_TYPE dev_type;
1932 tBLE_ADDR_TYPE addr_type;
1934 BTM_ReadDevInfo(remote_bd_addr, &dev_type, &addr_type);
1935 if (dev_type == BT_DEVICE_TYPE_BLE || addr_type == BLE_ADDR_RANDOM)
1936 transport = BT_TRANSPORT_LE;
1938 transport = bta_dm_search_cb.transport;
1941 /* Reset transport state for next discovery */
1942 bta_dm_search_cb.transport = BTA_TRANSPORT_UNKNOWN;
1944 VLOG(1) << __func__ << " BDA: " << remote_bd_addr;
1946 bta_dm_search_cb.peer_bdaddr = remote_bd_addr;
1949 "%s name_discover_done = %d p_btm_inq_info 0x%x state = %d, transport=%d",
1950 __func__, bta_dm_search_cb.name_discover_done,
1951 bta_dm_search_cb.p_btm_inq_info, bta_dm_search_cb.state, transport);
1953 if (bta_dm_search_cb.p_btm_inq_info) {
1954 APPL_TRACE_DEBUG("%s appl_knows_rem_name %d", __func__,
1955 bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name);
1957 if (((bta_dm_search_cb.p_btm_inq_info) &&
1958 (bta_dm_search_cb.p_btm_inq_info->results.device_type ==
1959 BT_DEVICE_TYPE_BLE) &&
1960 (bta_dm_search_cb.state == BTA_DM_SEARCH_ACTIVE)) ||
1961 (transport == BT_TRANSPORT_LE &&
1962 interop_match_addr(INTEROP_DISABLE_NAME_REQUEST,
1963 &bta_dm_search_cb.peer_bdaddr))) {
1964 /* Do not perform RNR for LE devices at inquiry complete*/
1965 bta_dm_search_cb.name_discover_done = true;
1967 /* if name discovery is not done and application needs remote name */
1968 if ((!bta_dm_search_cb.name_discover_done) &&
1969 ((bta_dm_search_cb.p_btm_inq_info == NULL) ||
1970 (bta_dm_search_cb.p_btm_inq_info &&
1971 (!bta_dm_search_cb.p_btm_inq_info->appl_knows_rem_name)))) {
1972 if (bta_dm_read_remote_device_name(bta_dm_search_cb.peer_bdaddr, transport))
1975 /* starting name discovery failed */
1976 bta_dm_search_cb.name_discover_done = true;
1979 /* if application wants to discover service */
1980 if (bta_dm_search_cb.services) {
1981 /* initialize variables */
1982 bta_dm_search_cb.service_index = 0;
1983 bta_dm_search_cb.services_found = 0;
1984 bta_dm_search_cb.services_to_search = bta_dm_search_cb.services;
1985 bta_dm_search_cb.uuid_to_search = bta_dm_search_cb.num_uuid;
1986 if ((bta_dm_search_cb.p_btm_inq_info != NULL) &&
1987 bta_dm_search_cb.services != BTA_USER_SERVICE_MASK &&
1988 (!bta_dm_search_cb.sdp_search)) {
1989 /* check if EIR provides the information of supported services */
1990 bta_dm_eir_search_services(&bta_dm_search_cb.p_btm_inq_info->results,
1991 &bta_dm_search_cb.services_to_search,
1992 &bta_dm_search_cb.services_found);
1995 /* if seaching with EIR is not completed */
1996 if (bta_dm_search_cb.services_to_search) {
1997 /* check whether connection already exists to the device
1998 if connection exists, we don't have to wait for ACL
1999 link to go down to start search on next device */
2000 if (transport == BT_TRANSPORT_BR_EDR) {
2001 if (BTM_IsAclConnectionUp(bta_dm_search_cb.peer_bdaddr,
2002 BT_TRANSPORT_BR_EDR))
2003 bta_dm_search_cb.wait_disc = false;
2005 bta_dm_search_cb.wait_disc = true;
2007 if (bta_dm_search_cb.p_btm_inq_info) {
2009 "%s p_btm_inq_info 0x%x results.device_type 0x%x "
2010 "services_to_search 0x%x",
2011 __func__, bta_dm_search_cb.p_btm_inq_info,
2012 bta_dm_search_cb.p_btm_inq_info->results.device_type,
2013 bta_dm_search_cb.services_to_search);
2016 if (transport == BT_TRANSPORT_LE) {
2017 if (bta_dm_search_cb.services_to_search & BTA_BLE_SERVICE_MASK) {
2018 // set the raw data buffer here
2019 memset(g_disc_raw_data_buf, 0, sizeof(g_disc_raw_data_buf));
2020 bta_dm_search_cb.p_ble_rawdata = g_disc_raw_data_buf;
2022 bta_dm_search_cb.ble_raw_size = MAX_DISC_RAW_DATA_BUF;
2023 bta_dm_search_cb.ble_raw_used = 0;
2025 /* start GATT for service discovery */
2026 btm_dm_start_gatt_discovery(bta_dm_search_cb.peer_bdaddr);
2030 bta_dm_search_cb.sdp_results = false;
2031 bta_dm_find_services(bta_dm_search_cb.peer_bdaddr);
2037 /* name discovery and service discovery are done for this device */
2038 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2039 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
2040 /* initialize the data structure - includes p_raw_data and raw_data_size */
2041 memset(&(p_msg->disc_result.result), 0, sizeof(tBTA_DM_DISC_RES));
2042 p_msg->disc_result.result.disc_res.result = BTA_SUCCESS;
2043 p_msg->disc_result.result.disc_res.services = bta_dm_search_cb.services_found;
2044 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2045 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
2046 (char*)bta_dm_search_cb.peer_name, BD_NAME_LEN);
2048 bta_sys_sendmsg(p_msg);
2051 /*******************************************************************************
2053 * Function bta_dm_sdp_callback
2055 * Description Callback from sdp with discovery status
2059 ******************************************************************************/
2060 static void bta_dm_sdp_callback(uint16_t sdp_status) {
2061 tBTA_DM_SDP_RESULT* p_msg =
2062 (tBTA_DM_SDP_RESULT*)osi_malloc(sizeof(tBTA_DM_SDP_RESULT));
2064 p_msg->hdr.event = BTA_DM_SDP_RESULT_EVT;
2065 p_msg->sdp_result = sdp_status;
2067 bta_sys_sendmsg(p_msg);
2070 /*******************************************************************************
2072 * Function bta_dm_inq_results_cb
2074 * Description Inquiry results callback from BTM
2078 ******************************************************************************/
2079 static void bta_dm_inq_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
2081 tBTA_DM_SEARCH result;
2082 tBTM_INQ_INFO* p_inq_info;
2083 uint16_t service_class;
2085 result.inq_res.bd_addr = p_inq->remote_bd_addr;
2086 memcpy(result.inq_res.dev_class, p_inq->dev_class, DEV_CLASS_LEN);
2087 BTM_COD_SERVICE_CLASS(service_class, p_inq->dev_class);
2088 result.inq_res.is_limited =
2089 (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? true : false;
2090 result.inq_res.rssi = p_inq->rssi;
2092 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
2093 result.inq_res.inq_result_type = p_inq->inq_result_type;
2094 result.inq_res.device_type = p_inq->device_type;
2095 result.inq_res.flag = p_inq->flag;
2097 /* application will parse EIR to find out remote device name */
2098 result.inq_res.p_eir = p_eir;
2099 result.inq_res.eir_len = eir_len;
2101 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
2102 if (p_inq_info != NULL) {
2103 /* initialize remt_name_not_required to false so that we get the name by
2105 result.inq_res.remt_name_not_required = false;
2108 if (bta_dm_search_cb.p_search_cback)
2109 bta_dm_search_cb.p_search_cback(BTA_DM_INQ_RES_EVT, &result);
2112 /* application indicates if it knows the remote name, inside the callback
2113 copy that to the inquiry data base*/
2114 if (result.inq_res.remt_name_not_required)
2115 p_inq_info->appl_knows_rem_name = true;
2119 /*******************************************************************************
2121 * Function bta_dm_inq_cmpl_cb
2123 * Description Inquiry complete callback from BTM
2127 ******************************************************************************/
2128 static void bta_dm_inq_cmpl_cb(void* p_result) {
2129 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
2131 APPL_TRACE_DEBUG("%s", __func__);
2133 if (!bta_dm_search_cb.cancel_pending) {
2134 p_msg->inq_cmpl.hdr.event = BTA_DM_INQUIRY_CMPL_EVT;
2135 p_msg->inq_cmpl.num = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
2137 bta_dm_search_cb.cancel_pending = false;
2138 bta_dm_search_cancel_notify(NULL);
2139 p_msg->hdr.event = BTA_DM_SEARCH_CMPL_EVT;
2140 p_msg->hdr.layer_specific = BTA_DM_API_DISCOVER_EVT;
2143 bta_sys_sendmsg(p_msg);
2146 /*******************************************************************************
2148 * Function bta_dm_service_search_remname_cback
2150 * Description Remote name call back from BTM during service discovery
2154 ******************************************************************************/
2155 static void bta_dm_service_search_remname_cback(const RawAddress& bd_addr,
2156 UNUSED_ATTR DEV_CLASS dc,
2158 tBTM_REMOTE_DEV_NAME rem_name;
2159 tBTM_STATUS btm_status;
2161 APPL_TRACE_DEBUG("%s name=<%s>", __func__, bd_name);
2163 /* if this is what we are looking for */
2164 if (bta_dm_search_cb.peer_bdaddr == bd_addr) {
2165 rem_name.length = strlen((char*)bd_name);
2166 if (rem_name.length > (BD_NAME_LEN - 1)) {
2167 rem_name.length = (BD_NAME_LEN - 1);
2168 rem_name.remote_bd_name[(BD_NAME_LEN - 1)] = 0;
2170 strlcpy((char*)rem_name.remote_bd_name, (char*)bd_name, BD_NAME_LEN);
2171 rem_name.status = BTM_SUCCESS;
2173 bta_dm_remname_cback(&rem_name);
2175 /* get name of device */
2177 BTM_ReadRemoteDeviceName(bta_dm_search_cb.peer_bdaddr,
2178 bta_dm_remname_cback, BT_TRANSPORT_BR_EDR);
2179 if (btm_status == BTM_BUSY) {
2180 /* wait for next chance(notification of remote name discovery done) */
2181 APPL_TRACE_DEBUG("%s: BTM_ReadRemoteDeviceName is busy", __func__);
2182 } else if (btm_status != BTM_CMD_STARTED) {
2183 /* if failed to start getting remote name then continue */
2184 APPL_TRACE_WARNING("%s: BTM_ReadRemoteDeviceName returns 0x%02X",
2185 __func__, btm_status);
2187 rem_name.length = 0;
2188 rem_name.remote_bd_name[0] = 0;
2189 rem_name.status = btm_status;
2190 bta_dm_remname_cback(&rem_name);
2195 /*******************************************************************************
2197 * Function bta_dm_remname_cback
2199 * Description Remote name complete call back from BTM
2203 ******************************************************************************/
2204 static void bta_dm_remname_cback(void* p) {
2205 tBTM_REMOTE_DEV_NAME* p_remote_name = (tBTM_REMOTE_DEV_NAME*)p;
2206 APPL_TRACE_DEBUG("bta_dm_remname_cback len = %d name=<%s>",
2207 p_remote_name->length, p_remote_name->remote_bd_name);
2209 /* remote name discovery is done but it could be failed */
2210 bta_dm_search_cb.name_discover_done = true;
2211 strlcpy((char*)bta_dm_search_cb.peer_name,
2212 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2214 BTM_SecDeleteRmtNameNotifyCallback(&bta_dm_service_search_remname_cback);
2216 if (bta_dm_search_cb.transport == BT_TRANSPORT_LE) {
2217 GAP_BleReadPeerPrefConnParams(bta_dm_search_cb.peer_bdaddr);
2220 tBTA_DM_REM_NAME* p_msg =
2221 (tBTA_DM_REM_NAME*)osi_malloc(sizeof(tBTA_DM_REM_NAME));
2222 p_msg->result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
2223 strlcpy((char*)p_msg->result.disc_res.bd_name,
2224 (char*)p_remote_name->remote_bd_name, BD_NAME_LEN);
2225 p_msg->hdr.event = BTA_DM_REMT_NAME_EVT;
2227 bta_sys_sendmsg(p_msg);
2230 /*******************************************************************************
2232 * Function bta_dm_authorize_cback
2234 * Description cback requesting authorization
2238 ******************************************************************************/
2239 static uint8_t bta_dm_authorize_cback(const RawAddress& bd_addr,
2240 DEV_CLASS dev_class, BD_NAME bd_name,
2241 UNUSED_ATTR uint8_t* service_name,
2243 UNUSED_ATTR bool is_originator) {
2244 tBTA_DM_SEC sec_event;
2247 sec_event.authorize.bd_addr = bd_addr;
2248 memcpy(sec_event.authorize.dev_class, dev_class, DEV_CLASS_LEN);
2249 strlcpy((char*)sec_event.authorize.bd_name, (char*)bd_name, BD_NAME_LEN);
2251 #if (BTA_JV_INCLUDED == TRUE)
2252 sec_event.authorize.service = service_id;
2255 while (index < BTA_MAX_SERVICE_ID) {
2256 /* get the BTA service id corresponding to BTM id */
2257 if (bta_service_id_to_btm_srv_id_lkup_tbl[index] == service_id) {
2258 sec_event.authorize.service = index;
2264 /* if supported service callback otherwise not authorized */
2265 if (bta_dm_cb.p_sec_cback && (index < BTA_MAX_SERVICE_ID
2266 #if (BTA_JV_INCLUDED == TRUE)
2267 /* pass through JV service ID */
2268 || (service_id >= BTA_FIRST_JV_SERVICE_ID &&
2269 service_id <= BTA_LAST_JV_SERVICE_ID)
2272 bta_dm_cb.p_sec_cback(BTA_DM_AUTHORIZE_EVT, &sec_event);
2273 return BTM_CMD_STARTED;
2275 return BTM_NOT_AUTHORIZED;
2279 /*******************************************************************************
2281 * Function bta_dm_pinname_cback
2283 * Description Callback requesting pin_key
2287 ******************************************************************************/
2288 static void bta_dm_pinname_cback(void* p_data) {
2289 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
2290 tBTA_DM_SEC sec_event;
2291 uint32_t bytes_to_copy;
2292 tBTA_DM_SEC_EVT event = bta_dm_cb.pin_evt;
2294 if (BTA_DM_SP_CFM_REQ_EVT == event) {
2295 /* Retrieved saved device class and bd_addr */
2296 sec_event.cfm_req.bd_addr = bta_dm_cb.pin_bd_addr;
2297 BTA_COPY_DEVICE_CLASS(sec_event.cfm_req.dev_class, bta_dm_cb.pin_dev_class);
2299 if (p_result && p_result->status == BTM_SUCCESS) {
2300 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2302 : (BD_NAME_LEN - 1);
2303 memcpy(sec_event.cfm_req.bd_name, p_result->remote_bd_name,
2305 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2306 } else /* No name found */
2307 sec_event.cfm_req.bd_name[0] = 0;
2309 sec_event.key_notif.passkey =
2310 bta_dm_cb.num_val; /* get PIN code numeric number */
2312 /* 1 additional event data fields for this event */
2313 sec_event.cfm_req.just_works = bta_dm_cb.just_works;
2314 /* retrieve the loc and rmt caps */
2315 sec_event.cfm_req.loc_io_caps = bta_dm_cb.loc_io_caps;
2316 sec_event.cfm_req.rmt_io_caps = bta_dm_cb.rmt_io_caps;
2317 sec_event.cfm_req.loc_auth_req = bta_dm_cb.loc_auth_req;
2318 sec_event.cfm_req.rmt_auth_req = bta_dm_cb.rmt_auth_req;
2321 /* Retrieved saved device class and bd_addr */
2322 sec_event.pin_req.bd_addr = bta_dm_cb.pin_bd_addr;
2323 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, bta_dm_cb.pin_dev_class);
2325 if (p_result && p_result->status == BTM_SUCCESS) {
2326 bytes_to_copy = (p_result->length < (BD_NAME_LEN - 1))
2328 : (BD_NAME_LEN - 1);
2329 memcpy(sec_event.pin_req.bd_name, p_result->remote_bd_name,
2331 sec_event.pin_req.bd_name[BD_NAME_LEN - 1] = 0;
2332 } else /* No name found */
2333 sec_event.pin_req.bd_name[0] = 0;
2335 event = bta_dm_cb.pin_evt;
2336 sec_event.key_notif.passkey =
2337 bta_dm_cb.num_val; /* get PIN code numeric number */
2340 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2343 /*******************************************************************************
2345 * Function bta_dm_pin_cback
2347 * Description Callback requesting pin_key
2351 ******************************************************************************/
2352 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
2353 BD_NAME bd_name, bool min_16_digit) {
2354 tBTA_DM_SEC sec_event;
2356 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2358 /* If the device name is not known, save bdaddr and devclass and initiate a
2360 if (bd_name[0] == 0) {
2361 bta_dm_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
2362 bta_dm_cb.pin_bd_addr = bd_addr;
2363 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class, dev_class);
2364 if ((BTM_ReadRemoteDeviceName(bd_addr, bta_dm_pinname_cback,
2365 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2366 return BTM_CMD_STARTED;
2369 " bta_dm_pin_cback() -> Failed to start Remote Name Request ");
2372 sec_event.pin_req.bd_addr = bd_addr;
2373 BTA_COPY_DEVICE_CLASS(sec_event.pin_req.dev_class, dev_class);
2374 strlcpy((char*)sec_event.pin_req.bd_name, (char*)bd_name, BD_NAME_LEN);
2375 sec_event.pin_req.min_16_digit = min_16_digit;
2377 bta_dm_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
2378 return BTM_CMD_STARTED;
2381 /*******************************************************************************
2383 * Function bta_dm_new_link_key_cback
2385 * Description Callback from BTM to notify new link key
2389 ******************************************************************************/
2390 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
2391 UNUSED_ATTR DEV_CLASS dev_class,
2392 BD_NAME bd_name, const LinkKey& key,
2394 tBTA_DM_SEC sec_event;
2395 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
2398 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2400 /* Not AMP Key type */
2401 if (key_type != HCI_LKEY_TYPE_AMP_WIFI && key_type != HCI_LKEY_TYPE_AMP_UWB) {
2402 event = BTA_DM_AUTH_CMPL_EVT;
2403 p_auth_cmpl = &sec_event.auth_cmpl;
2405 p_auth_cmpl->bd_addr = bd_addr;
2407 memcpy(p_auth_cmpl->bd_name, bd_name, (BD_NAME_LEN - 1));
2408 p_auth_cmpl->bd_name[BD_NAME_LEN - 1] = 0;
2409 p_auth_cmpl->key_present = true;
2410 p_auth_cmpl->key_type = key_type;
2411 p_auth_cmpl->success = true;
2412 p_auth_cmpl->key = key;
2413 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
2415 // Report the BR link key based on the BR/EDR address and type
2416 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2417 &sec_event.auth_cmpl.addr_type);
2418 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(event, &sec_event);
2420 // Setting remove_dev_pending flag to false, where it will avoid deleting
2422 // security device record when the ACL connection link goes down in case of
2424 if (bta_dm_cb.device_list.count)
2425 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
2427 APPL_TRACE_WARNING("%s() Received AMP Key", __func__);
2430 return BTM_CMD_STARTED;
2433 /*******************************************************************************
2435 * Function bta_dm_authentication_complete_cback
2437 * Description Authentication complete callback from BTM
2441 ******************************************************************************/
2442 static uint8_t bta_dm_authentication_complete_cback(
2443 const RawAddress& bd_addr, UNUSED_ATTR DEV_CLASS dev_class, BD_NAME bd_name,
2445 tBTA_DM_SEC sec_event;
2447 if (result != BTM_SUCCESS) {
2448 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
2449 sec_event.auth_cmpl.bd_addr = bd_addr;
2451 memcpy(sec_event.auth_cmpl.bd_name, bd_name, (BD_NAME_LEN - 1));
2452 sec_event.auth_cmpl.bd_name[BD_NAME_LEN - 1] = 0;
2454 // Report the BR link key based on the BR/EDR address and type
2455 BTM_ReadDevInfo(bd_addr, &sec_event.auth_cmpl.dev_type,
2456 &sec_event.auth_cmpl.addr_type);
2457 sec_event.auth_cmpl.fail_reason = (uint8_t)result;
2459 if (bta_dm_cb.p_sec_cback)
2460 bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
2462 if (result == HCI_ERR_AUTH_FAILURE || result == HCI_ERR_KEY_MISSING ||
2463 result == HCI_ERR_HOST_REJECT_SECURITY ||
2464 result == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) {
2465 APPL_TRACE_WARNING("%s deleting %s - result: 0x%02x", __func__,
2466 bd_addr.ToString().c_str(), result);
2467 bta_dm_remove_sec_dev_entry(bd_addr);
2474 /*******************************************************************************
2476 * Function bta_dm_sp_cback
2478 * Description simple pairing callback from BTM
2482 ******************************************************************************/
2483 static uint8_t bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
2484 tBTM_STATUS status = BTM_CMD_STARTED;
2485 tBTA_DM_SEC sec_event;
2486 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
2488 APPL_TRACE_EVENT("bta_dm_sp_cback: %d", event);
2489 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
2493 case BTM_SP_IO_REQ_EVT:
2494 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2495 /* translate auth_req */
2496 bta_dm_co_io_req(p_data->io_req.bd_addr, &p_data->io_req.io_cap,
2497 &p_data->io_req.oob_data, &p_data->io_req.auth_req,
2498 p_data->io_req.is_orig);
2500 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
2501 p_data->io_req.oob_data);
2503 case BTM_SP_IO_RSP_EVT:
2504 if (btm_local_io_caps != BTM_IO_CAP_NONE) {
2505 bta_dm_co_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
2506 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
2510 case BTM_SP_CFM_REQ_EVT:
2511 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
2512 bta_dm_cb.just_works = sec_event.cfm_req.just_works =
2513 p_data->cfm_req.just_works;
2514 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
2515 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
2516 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
2517 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
2520 /* Passkey entry mode, mobile device with output capability is very
2521 unlikely to receive key request, so skip this event */
2522 /*case BTM_SP_KEY_REQ_EVT: */
2523 case BTM_SP_KEY_NOTIF_EVT:
2524 if (btm_local_io_caps == BTM_IO_CAP_NONE &&
2525 BTM_SP_KEY_NOTIF_EVT == event) {
2526 status = BTM_NOT_AUTHORIZED;
2530 bta_dm_cb.num_val = sec_event.key_notif.passkey =
2531 p_data->key_notif.passkey;
2533 if (BTM_SP_CFM_REQ_EVT == event) {
2534 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
2535 call remote name request using values from cfm_req */
2536 if (p_data->cfm_req.bd_name[0] == 0) {
2537 bta_dm_cb.pin_evt = pin_evt;
2538 bta_dm_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
2539 bta_dm_cb.rmt_io_caps = sec_event.cfm_req.rmt_io_caps;
2540 bta_dm_cb.loc_io_caps = sec_event.cfm_req.loc_io_caps;
2541 bta_dm_cb.rmt_auth_req = sec_event.cfm_req.rmt_auth_req;
2542 bta_dm_cb.loc_auth_req = sec_event.cfm_req.loc_auth_req;
2544 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2545 p_data->cfm_req.dev_class);
2546 if ((BTM_ReadRemoteDeviceName(
2547 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
2548 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2549 return BTM_CMD_STARTED;
2551 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2553 /* Due to the switch case falling through below to
2554 BTM_SP_KEY_NOTIF_EVT,
2555 copy these values into key_notif from cfm_req */
2556 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
2557 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2558 p_data->cfm_req.dev_class);
2559 strlcpy((char*)sec_event.key_notif.bd_name,
2560 (char*)p_data->cfm_req.bd_name, BD_NAME_LEN);
2564 if (BTM_SP_KEY_NOTIF_EVT == event) {
2565 /* If the device name is not known, save bdaddr and devclass
2566 and initiate a name request with values from key_notif */
2567 if (p_data->key_notif.bd_name[0] == 0) {
2568 bta_dm_cb.pin_evt = pin_evt;
2569 bta_dm_cb.pin_bd_addr = p_data->key_notif.bd_addr;
2570 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2571 p_data->key_notif.dev_class);
2572 if ((BTM_ReadRemoteDeviceName(
2573 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
2574 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2575 return BTM_CMD_STARTED;
2577 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2579 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
2580 BTA_COPY_DEVICE_CLASS(sec_event.key_notif.dev_class,
2581 p_data->key_notif.dev_class);
2582 strlcpy((char*)sec_event.key_notif.bd_name,
2583 (char*)p_data->key_notif.bd_name, BD_NAME_LEN);
2584 sec_event.key_notif.bd_name[BD_NAME_LEN - 1] = 0;
2588 bta_dm_cb.p_sec_cback(pin_evt, &sec_event);
2592 case BTM_SP_LOC_OOB_EVT:
2593 bta_dm_co_loc_oob((bool)(p_data->loc_oob.status == BTM_SUCCESS),
2594 p_data->loc_oob.c, p_data->loc_oob.r);
2597 case BTM_SP_RMT_OOB_EVT:
2598 /* If the device name is not known, save bdaddr and devclass and initiate
2600 if (p_data->rmt_oob.bd_name[0] == 0) {
2601 bta_dm_cb.pin_evt = BTA_DM_SP_RMT_OOB_EVT;
2602 bta_dm_cb.pin_bd_addr = p_data->rmt_oob.bd_addr;
2603 BTA_COPY_DEVICE_CLASS(bta_dm_cb.pin_dev_class,
2604 p_data->rmt_oob.dev_class);
2605 if ((BTM_ReadRemoteDeviceName(p_data->rmt_oob.bd_addr,
2606 bta_dm_pinname_cback,
2607 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
2608 return BTM_CMD_STARTED;
2610 " bta_dm_sp_cback() -> Failed to start Remote Name Request ");
2613 sec_event.rmt_oob.bd_addr = p_data->rmt_oob.bd_addr;
2614 BTA_COPY_DEVICE_CLASS(sec_event.rmt_oob.dev_class,
2615 p_data->rmt_oob.dev_class);
2616 strlcpy((char*)sec_event.rmt_oob.bd_name, (char*)p_data->rmt_oob.bd_name,
2619 bta_dm_cb.p_sec_cback(BTA_DM_SP_RMT_OOB_EVT, &sec_event);
2621 bta_dm_co_rmt_oob(p_data->rmt_oob.bd_addr);
2624 case BTM_SP_COMPLT_EVT:
2625 /* do not report this event - handled by link_key_callback or
2626 * auth_complete_callback */
2629 case BTM_SP_KEYPRESS_EVT:
2630 memcpy(&sec_event.key_press, &p_data->key_press,
2631 sizeof(tBTM_SP_KEYPRESS));
2632 bta_dm_cb.p_sec_cback(BTA_DM_SP_KEYPRESS_EVT, &sec_event);
2635 case BTM_SP_UPGRADE_EVT:
2636 bta_dm_co_lk_upgrade(p_data->upgrade.bd_addr, &p_data->upgrade.upgrade);
2640 status = BTM_NOT_AUTHORIZED;
2643 APPL_TRACE_EVENT("dm status: %d", status);
2647 /*******************************************************************************
2649 * Function bta_dm_local_name_cback
2651 * Description Callback from btm after local name is read
2656 ******************************************************************************/
2657 static void bta_dm_local_name_cback(UNUSED_ATTR void* p_name) {
2658 tBTA_DM_SEC sec_event;
2660 sec_event.enable.status = BTA_SUCCESS;
2662 if (bta_dm_cb.p_sec_cback)
2663 bta_dm_cb.p_sec_cback(BTA_DM_ENABLE_EVT, &sec_event);
2666 static void send_busy_level_update(uint8_t busy_level,
2667 uint8_t busy_level_flags) {
2668 if (!bta_dm_cb.p_sec_cback) return;
2671 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2672 conn.busy_level.level = busy_level;
2673 conn.busy_level.level_flags = busy_level_flags;
2674 bta_dm_cb.p_sec_cback(BTA_DM_BUSY_LEVEL_EVT, &conn);
2677 static void handle_role_change(const RawAddress& bd_addr, uint8_t new_role,
2678 uint8_t hci_status) {
2680 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2682 tBTA_DM_PEER_DEVICE* p_dev = bta_dm_find_peer_device(bd_addr);
2685 "%s: peer %s info:0x%x new_role:0x%x dev count:%d hci_status=%d",
2686 __func__, bd_addr.ToString().c_str(), p_dev->info, new_role,
2687 bta_dm_cb.device_list.count, hci_status);
2688 if (p_dev->info & BTA_DM_DI_AV_ACTIVE) {
2689 bool need_policy_change = false;
2691 /* there's AV activity on this link */
2692 if (new_role == HCI_ROLE_SLAVE && bta_dm_cb.device_list.count > 1 &&
2693 hci_status == HCI_SUCCESS) {
2694 /* more than one connections and the AV connection is role switched
2696 * switch it back to master and remove the switch policy */
2697 BTM_SwitchRole(bd_addr, BTM_ROLE_MASTER, NULL);
2698 need_policy_change = true;
2699 } else if (p_bta_dm_cfg->avoid_scatter && (new_role == HCI_ROLE_MASTER)) {
2700 /* if the link updated to be master include AV activities, remove
2701 * the switch policy */
2702 need_policy_change = true;
2705 if (need_policy_change) {
2706 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2707 p_dev->peer_bdaddr);
2710 /* there's AV no activity on this link and role switch happened
2711 * check if AV is active
2712 * if so, make sure the AV link is master */
2715 bta_sys_notify_role_chg(bd_addr, new_role, hci_status);
2716 conn.role_chg.bd_addr = bd_addr;
2717 conn.role_chg.new_role = (uint8_t)new_role;
2718 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(BTA_DM_ROLE_CHG_EVT, &conn);
2721 static void bta_dm_acl_change(bool is_new, const RawAddress& bd_addr,
2722 tBT_TRANSPORT transport, uint16_t handle) {
2723 bool issue_unpair_cb = false;
2726 memset(&conn, 0, sizeof(tBTA_DM_SEC));
2730 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2731 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
2732 bta_dm_cb.device_list.peer_device[i].conn_handle == handle)
2736 if (i == bta_dm_cb.device_list.count) {
2737 if (bta_dm_cb.device_list.count < BTA_DM_NUM_PEER_DEVICE) {
2738 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2739 .peer_bdaddr = bd_addr;
2740 bta_dm_cb.device_list.peer_device[bta_dm_cb.device_list.count]
2741 .link_policy = bta_dm_cb.cur_policy;
2742 bta_dm_cb.device_list.count++;
2743 bta_dm_cb.device_list.peer_device[i].conn_handle = handle;
2744 if (transport == BT_TRANSPORT_LE) bta_dm_cb.device_list.le_count++;
2746 APPL_TRACE_ERROR("%s max active connection reached, no resources",
2752 bta_dm_cb.device_list.peer_device[i].conn_state = BTA_DM_CONNECTED;
2753 bta_dm_cb.device_list.peer_device[i].pref_role = BTA_ANY_ROLE;
2754 conn.link_up.bd_addr = bd_addr;
2755 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_NONE;
2756 conn.link_up.link_type = transport;
2757 bta_dm_cb.device_list.peer_device[i].transport = transport;
2760 if (((NULL != (p = BTM_ReadLocalFeatures())) &&
2761 HCI_SNIFF_SUB_RATE_SUPPORTED(p)) &&
2762 ((NULL != (p = BTM_ReadRemoteFeatures(bd_addr))) &&
2763 HCI_SNIFF_SUB_RATE_SUPPORTED(p))) {
2764 /* both local and remote devices support SSR */
2765 bta_dm_cb.device_list.peer_device[i].info = BTA_DM_DI_USE_SSR;
2767 APPL_TRACE_WARNING("%s info: 0x%x", __func__,
2768 bta_dm_cb.device_list.peer_device[i].info);
2770 if (bta_dm_cb.p_sec_cback) bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, &conn);
2772 for (uint8_t i = 0; i < bta_dm_cb.device_list.count; i++) {
2773 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != bd_addr ||
2774 bta_dm_cb.device_list.peer_device[i].transport != transport)
2777 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_UNPAIRING) {
2778 if (BTM_SecDeleteDevice(
2779 bta_dm_cb.device_list.peer_device[i].peer_bdaddr))
2780 issue_unpair_cb = true;
2782 /* remove all cached GATT information */
2783 BTA_GATTC_Refresh(bd_addr);
2785 APPL_TRACE_DEBUG("%s: Unpairing: issue unpair CB = %d ", __func__,
2789 conn.link_down.is_removed =
2790 bta_dm_cb.device_list.peer_device[i].remove_dev_pending;
2792 // Iterate to the one before the last when shrinking the list,
2793 // otherwise we memcpy garbage data into the record.
2794 // Then clear out the last item in the list since we are shrinking.
2795 for (; i < bta_dm_cb.device_list.count - 1; i++) {
2796 memcpy(&bta_dm_cb.device_list.peer_device[i],
2797 &bta_dm_cb.device_list.peer_device[i + 1],
2798 sizeof(bta_dm_cb.device_list.peer_device[i]));
2800 if (bta_dm_cb.device_list.count > 0) {
2801 int clear_index = bta_dm_cb.device_list.count - 1;
2802 memset(&bta_dm_cb.device_list.peer_device[clear_index], 0,
2803 sizeof(bta_dm_cb.device_list.peer_device[clear_index]));
2807 if (bta_dm_cb.device_list.count) bta_dm_cb.device_list.count--;
2808 if ((transport == BT_TRANSPORT_LE) && (bta_dm_cb.device_list.le_count))
2809 bta_dm_cb.device_list.le_count--;
2810 conn.link_down.link_type = transport;
2812 if ((transport == BT_TRANSPORT_BR_EDR) &&
2813 (bta_dm_search_cb.wait_disc &&
2814 bta_dm_search_cb.peer_bdaddr == bd_addr)) {
2815 bta_dm_search_cb.wait_disc = false;
2817 if (bta_dm_search_cb.sdp_results) {
2818 APPL_TRACE_EVENT(" timer stopped ");
2819 alarm_cancel(bta_dm_search_cb.search_timer);
2820 bta_dm_discover_next_device();
2824 if (bta_dm_cb.disabling) {
2825 if (!BTM_GetNumAclLinks()) {
2827 * Start a timer to make sure that the profiles
2828 * get the disconnect event.
2830 alarm_set_on_mloop(bta_dm_cb.disable_timer,
2831 BTA_DM_DISABLE_CONN_DOWN_TIMER_MS,
2832 bta_dm_disable_conn_down_timer_cback, NULL);
2835 if (conn.link_down.is_removed) {
2836 BTM_SecDeleteDevice(bd_addr);
2837 /* need to remove all pending background connection */
2838 BTA_GATTC_CancelOpen(0, bd_addr, false);
2839 /* remove all cached GATT information */
2840 BTA_GATTC_Refresh(bd_addr);
2843 conn.link_down.bd_addr = bd_addr;
2844 conn.link_down.status = (uint8_t)btm_get_acl_disc_reason_code();
2845 if (bta_dm_cb.p_sec_cback) {
2846 bta_dm_cb.p_sec_cback(BTA_DM_LINK_DOWN_EVT, &conn);
2847 if (issue_unpair_cb)
2848 bta_dm_cb.p_sec_cback(BTA_DM_DEV_UNPAIRED_EVT, &conn);
2852 bta_dm_adjust_roles(true);
2855 /** Callback from btm when acl connection goes up or down */
2856 static void bta_dm_bl_change_cback(tBTM_BL_EVENT_DATA* p_data) {
2857 switch (p_data->event) {
2858 case BTM_BL_CONN_EVT:
2861 FROM_HERE, base::Bind(bta_dm_acl_change, true, *p_data->conn.p_bda,
2862 p_data->conn.transport, p_data->conn.handle));
2864 case BTM_BL_DISCN_EVT:
2865 /* connection down */
2867 FROM_HERE, base::Bind(bta_dm_acl_change, false, *p_data->discn.p_bda,
2868 p_data->discn.transport, p_data->discn.handle));
2871 case BTM_BL_UPDATE_EVT: {
2872 /* busy level update */
2873 do_in_main_thread(FROM_HERE, base::Bind(send_busy_level_update,
2874 p_data->update.busy_level,
2875 p_data->update.busy_level_flags));
2878 case BTM_BL_ROLE_CHG_EVT: {
2879 const auto& tmp = p_data->role_chg;
2880 do_in_main_thread(FROM_HERE, base::Bind(handle_role_change, *tmp.p_bda,
2881 tmp.new_role, tmp.hci_status));
2885 case BTM_BL_COLLISION_EVT:
2886 /* Collision report from Stack: Notify profiles */
2888 FROM_HERE, base::Bind(bta_sys_notify_collision, *p_data->conn.p_bda));
2893 /*******************************************************************************
2895 * Function bta_dm_rs_cback
2897 * Description Receives the role switch complete event
2901 ******************************************************************************/
2902 static void bta_dm_rs_cback(UNUSED_ATTR void* p1) {
2903 APPL_TRACE_WARNING("bta_dm_rs_cback:%d", bta_dm_cb.rs_event);
2904 if (bta_dm_cb.rs_event == BTA_DM_API_SEARCH_EVT) {
2905 bta_dm_cb.search_msg.rs_res =
2906 BTA_DM_RS_OK; /* do not care about the result for now */
2907 bta_dm_cb.rs_event = 0;
2908 bta_dm_search_start((tBTA_DM_MSG*)&bta_dm_cb.search_msg);
2912 /*******************************************************************************
2914 * Function bta_dm_check_av
2916 * Description This function checks if AV is active
2917 * if yes, make sure the AV link is master
2919 * Returns bool - true, if switch is in progress
2921 ******************************************************************************/
2922 static bool bta_dm_check_av(uint16_t event) {
2923 bool avoid_roleswitch = false;
2924 bool switching = false;
2926 tBTA_DM_PEER_DEVICE* p_dev;
2928 #if (BTA_DM_AVOID_A2DP_ROLESWITCH_ON_INQUIRY == TRUE)
2930 /* avoid role switch upon inquiry if a2dp is actively streaming as it
2931 introduces an audioglitch due to FW scheduling delays (unavoidable) */
2932 if (event == BTA_DM_API_SEARCH_EVT) {
2933 avoid_roleswitch = true;
2937 APPL_TRACE_WARNING("bta_dm_check_av:%d", bta_dm_cb.cur_av_count);
2938 if (bta_dm_cb.cur_av_count) {
2939 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
2940 p_dev = &bta_dm_cb.device_list.peer_device[i];
2941 APPL_TRACE_WARNING("[%d]: state:%d, info:x%x, avoid_rs %d", i,
2942 p_dev->conn_state, p_dev->info, avoid_roleswitch);
2943 if ((p_dev->conn_state == BTA_DM_CONNECTED) &&
2944 (p_dev->info & BTA_DM_DI_AV_ACTIVE) && (!avoid_roleswitch)) {
2945 /* make master and take away the role switch policy */
2946 if (BTM_CMD_STARTED == BTM_SwitchRole(p_dev->peer_bdaddr,
2949 /* the role switch command is actually sent */
2950 bta_dm_cb.rs_event = event;
2953 /* else either already master or can not switch for some reasons */
2954 bta_dm_policy_cback(BTA_SYS_PLCY_CLR, 0, HCI_ENABLE_MASTER_SLAVE_SWITCH,
2955 p_dev->peer_bdaddr);
2963 /*******************************************************************************
2965 * Function bta_dm_disable_conn_down_timer_cback
2967 * Description Sends disable event to application
2972 ******************************************************************************/
2973 static void bta_dm_disable_conn_down_timer_cback(UNUSED_ATTR void* data) {
2974 tBTA_SYS_HW_MSG* sys_enable_event =
2975 (tBTA_SYS_HW_MSG*)osi_malloc(sizeof(tBTA_SYS_HW_MSG));
2977 /* disable the power managment module */
2978 bta_dm_disable_pm();
2980 /* register our callback to SYS HW manager */
2981 bta_sys_hw_register(BTA_SYS_HW_BLUETOOTH, bta_dm_sys_hw_cback);
2983 /* send a message to BTA SYS */
2984 sys_enable_event->hdr.event = BTA_SYS_API_DISABLE_EVT;
2985 sys_enable_event->hw_module = BTA_SYS_HW_BLUETOOTH;
2986 bta_sys_sendmsg(sys_enable_event);
2988 bta_dm_cb.disabling = false;
2991 /*******************************************************************************
2993 * Function bta_dm_rm_cback
2995 * Description Role management callback from sys
3000 ******************************************************************************/
3001 static void bta_dm_rm_cback(tBTA_SYS_CONN_STATUS status, uint8_t id,
3002 uint8_t app_id, const RawAddress& peer_addr) {
3004 tBTA_PREF_ROLES role;
3005 tBTA_DM_PEER_DEVICE* p_dev;
3007 p_dev = bta_dm_find_peer_device(peer_addr);
3008 if (status == BTA_SYS_CONN_OPEN) {
3010 /* Do not set to connected if we are in the middle of unpairing. When AV
3012 * started it fakes out a SYS_CONN_OPEN to potentially trigger a role
3014 * But this should not be done if we are in the middle of unpairing.
3016 if (p_dev->conn_state != BTA_DM_UNPAIRING)
3017 p_dev->conn_state = BTA_DM_CONNECTED;
3019 for (j = 1; j <= p_bta_dm_rm_cfg[0].app_id; j++) {
3020 if (((p_bta_dm_rm_cfg[j].app_id == app_id) ||
3021 (p_bta_dm_rm_cfg[j].app_id == BTA_ALL_APP_ID)) &&
3022 (p_bta_dm_rm_cfg[j].id == id)) {
3023 role = p_bta_dm_rm_cfg[j].cfg;
3025 if (role > p_dev->pref_role) p_dev->pref_role = role;
3032 if ((BTA_ID_AV == id) || (BTA_ID_AVK == id)) {
3033 if (status == BTA_SYS_CONN_BUSY) {
3034 if (p_dev) p_dev->info |= BTA_DM_DI_AV_ACTIVE;
3035 /* AV calls bta_sys_conn_open with the A2DP stream count as app_id */
3036 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3037 } else if (status == BTA_SYS_CONN_IDLE) {
3038 if (p_dev) p_dev->info &= ~BTA_DM_DI_AV_ACTIVE;
3040 /* get cur_av_count from connected services */
3041 if (BTA_ID_AV == id) bta_dm_cb.cur_av_count = bta_dm_get_av_count();
3043 APPL_TRACE_WARNING("bta_dm_rm_cback:%d, status:%d", bta_dm_cb.cur_av_count,
3047 /* Don't adjust roles for each busy/idle state transition to avoid
3048 excessive switch requests when individual profile busy/idle status
3050 if ((status != BTA_SYS_CONN_BUSY) && (status != BTA_SYS_CONN_IDLE))
3051 bta_dm_adjust_roles(false);
3054 /*******************************************************************************
3056 * Function bta_dm_delay_role_switch_cback
3058 * Description Callback from btm to delay a role switch
3062 ******************************************************************************/
3063 static void bta_dm_delay_role_switch_cback(UNUSED_ATTR void* data) {
3064 APPL_TRACE_EVENT("%s: initiating Delayed RS", __func__);
3065 bta_dm_adjust_roles(false);
3068 /*******************************************************************************
3070 * Function bta_dm_reset_sec_dev_pending
3072 * Description Setting the remove device pending status to false from
3073 * security device DB, when the link key notification
3078 ******************************************************************************/
3079 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
3080 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
3081 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3082 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = false;
3088 /*******************************************************************************
3090 * Function bta_dm_remove_sec_dev_entry
3092 * Description Removes device entry from Security device DB if ACL
3094 * remtoe device does not exist, else schedule for dev entry
3100 ******************************************************************************/
3101 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
3102 if (BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
3103 BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
3105 "%s ACL is not down. Schedule for Dev Removal when ACL closes",
3107 BTM_SecClearSecurityFlags(remote_bd_addr);
3108 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
3109 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == remote_bd_addr) {
3110 bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
3115 // remote_bd_addr comes from security record, which is removed in
3116 // BTM_SecDeleteDevice.
3117 RawAddress addr_copy = remote_bd_addr;
3118 BTM_SecDeleteDevice(addr_copy);
3119 /* need to remove all pending background connection */
3120 BTA_GATTC_CancelOpen(0, addr_copy, false);
3121 /* remove all cached GATT information */
3122 BTA_GATTC_Refresh(addr_copy);
3126 /*******************************************************************************
3128 * Function bta_dm_adjust_roles
3130 * Description Adjust roles
3135 ******************************************************************************/
3136 static void bta_dm_adjust_roles(bool delay_role_switch) {
3138 bool set_master_role = false;
3140 bta_dm_cb.device_list.count - bta_dm_cb.device_list.le_count;
3142 /* the configuration is no scatternet
3143 * or AV connection exists and there are more than one ACL link */
3144 if ((p_bta_dm_rm_cfg[0].cfg == BTA_DM_NO_SCATTERNET) ||
3145 (bta_dm_cb.cur_av_count && br_count > 1)) {
3146 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3147 set_master_role = true;
3150 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3151 if (bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED &&
3152 bta_dm_cb.device_list.peer_device[i].transport ==
3153 BT_TRANSPORT_BR_EDR) {
3154 if (!set_master_role &&
3155 (bta_dm_cb.device_list.peer_device[i].pref_role != BTA_ANY_ROLE) &&
3156 (p_bta_dm_rm_cfg[0].cfg == BTA_DM_PARTIAL_SCATTERNET)) {
3157 L2CA_SetDesireRole(HCI_ROLE_MASTER);
3158 set_master_role = true;
3161 if ((bta_dm_cb.device_list.peer_device[i].pref_role ==
3162 BTA_MASTER_ROLE_ONLY) ||
3164 /* Initiating immediate role switch with certain remote devices
3165 has caused issues due to role switch colliding with link encryption
3167 causing encryption (and in turn the link) to fail . These device .
3169 versions are stored in a blacklist and role switch with these
3171 delayed to avoid the collision with link encryption setup */
3173 if (bta_dm_cb.device_list.peer_device[i].pref_role !=
3174 BTA_SLAVE_ROLE_ONLY &&
3175 !delay_role_switch) {
3176 BTM_SwitchRole(bta_dm_cb.device_list.peer_device[i].peer_bdaddr,
3177 HCI_ROLE_MASTER, NULL);
3179 alarm_set_on_mloop(bta_dm_cb.switch_delay_timer,
3180 BTA_DM_SWITCH_DELAY_TIMER_MS,
3181 bta_dm_delay_role_switch_cback, NULL);
3187 if (!set_master_role) {
3188 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3192 L2CA_SetDesireRole(L2CAP_DESIRED_LINK_ROLE);
3196 /*******************************************************************************
3198 * Function bta_dm_get_remname
3200 * Description Returns a pointer to the remote name stored in the DM
3201 * control block if it exists, or from the BTM memory.
3203 * Returns char * - Pointer to the remote device name
3204 ******************************************************************************/
3205 static char* bta_dm_get_remname(void) {
3206 char* p_name = (char*)bta_dm_search_cb.peer_name;
3209 /* If the name isn't already stored, try retrieving from BTM */
3210 if (*p_name == '\0') {
3211 p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr);
3212 if (p_temp != NULL) p_name = p_temp;
3218 /*******************************************************************************
3220 * Function bta_dm_bond_cancel_complete_cback
3222 * Description Authentication complete callback from BTM
3226 ******************************************************************************/
3227 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
3228 tBTA_DM_SEC sec_event;
3230 if (result == BTM_SUCCESS)
3231 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
3233 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
3235 if (bta_dm_cb.p_sec_cback) {
3236 bta_dm_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
3240 /*******************************************************************************
3242 * Function find_utf8_char_boundary
3244 * Description This function checks a UTF8 string |utf8str| starting at
3245 * |offset|, moving backwards and returns the offset of the
3246 * next valid UTF8 character boundary found.
3248 * Returns Offset of UTF8 character boundary
3250 ******************************************************************************/
3251 static size_t find_utf8_char_boundary(const char* utf8str, size_t offset) {
3256 uint8_t ch = (uint8_t)utf8str[offset];
3257 if ((ch & 0x80) == 0x00) // ASCII
3259 if ((ch & 0xC0) == 0xC0) // Multi-byte sequence start
3266 /*******************************************************************************
3268 * Function bta_dm_set_eir
3270 * Description This function creates EIR tagged data and writes it to
3275 ******************************************************************************/
3276 static void bta_dm_set_eir(char* local_name) {
3279 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3281 uint8_t max_num_uuid;
3282 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3283 uint8_t custom_uuid_idx;
3284 #endif // BTA_EIR_SERVER_NUM_CUSTOM_UUID
3285 #endif // BTA_EIR_CANNED_UUID_LIST
3286 #if (BTM_EIR_DEFAULT_FEC_REQUIRED == FALSE)
3287 uint8_t free_eir_length = HCI_EXT_INQ_RESPONSE_LEN;
3288 #else // BTM_EIR_DEFAULT_FEC_REQUIRED
3289 uint8_t free_eir_length = HCI_DM5_PACKET_SIZE;
3290 #endif // BTM_EIR_DEFAULT_FEC_REQUIRED
3293 uint8_t local_name_len;
3295 /* wait until complete to disable */
3296 if (alarm_is_scheduled(bta_dm_cb.disable_timer)) return;
3298 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3299 /* if local name is not provided, get it from controller */
3300 if (local_name == NULL) {
3301 if (BTM_ReadLocalDeviceName(&local_name) != BTM_SUCCESS) {
3302 APPL_TRACE_ERROR("Fail to read local device name for EIR");
3305 #endif // BTA_EIR_CANNED_UUID_LIST
3307 /* Allocate a buffer to hold HCI command */
3308 BT_HDR* p_buf = (BT_HDR*)osi_malloc(BTM_CMD_BUF_SIZE);
3309 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET;
3311 memset(p, 0x00, HCI_EXT_INQ_RESPONSE_LEN);
3313 APPL_TRACE_DEBUG("BTA is generating EIR");
3316 local_name_len = strlen(local_name);
3320 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3321 /* if local name is longer than minimum length of shortened name */
3322 /* check whether it needs to be shortened or not */
3323 if (local_name_len > p_bta_dm_eir_cfg->bta_dm_eir_min_name_len) {
3324 /* get number of UUID 16-bit list */
3325 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3326 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3327 #else // BTA_EIR_CANNED_UUID_LIST
3328 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3329 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3330 max_num_uuid, &num_uuid);
3331 p = (uint8_t*)p_buf + BTM_HCI_EIR_OFFSET; /* reset p */
3332 #endif // BTA_EIR_CANNED_UUID_LIST
3334 /* if UUID doesn't fit remaing space, shorten local name */
3335 if (local_name_len > (free_eir_length - 4 - num_uuid * Uuid::kNumBytes16)) {
3336 local_name_len = find_utf8_char_boundary(
3337 local_name, p_bta_dm_eir_cfg->bta_dm_eir_min_name_len);
3338 APPL_TRACE_WARNING("%s local name is shortened (%d)", __func__,
3340 data_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE;
3342 data_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE;
3346 UINT8_TO_STREAM(p, local_name_len + 1);
3347 UINT8_TO_STREAM(p, data_type);
3349 if (local_name != NULL) {
3350 memcpy(p, local_name, local_name_len);
3351 p += local_name_len;
3353 free_eir_length -= local_name_len + 2;
3355 #if (BTA_EIR_CANNED_UUID_LIST == TRUE)
3356 /* if UUID list is provided as static data in configuration */
3357 if ((p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len > 0) &&
3358 (p_bta_dm_eir_cfg->bta_dm_eir_uuid16)) {
3359 if (free_eir_length > Uuid::kNumBytes16 + 2) {
3360 free_eir_length -= 2;
3362 if (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len) {
3363 num_uuid = p_bta_dm_eir_cfg->bta_dm_eir_uuid16_len / Uuid::kNumBytes16;
3364 data_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE;
3365 } else /* not enough room for all UUIDs */
3367 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3368 num_uuid = free_eir_length / Uuid::kNumBytes16;
3369 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3371 UINT8_TO_STREAM(p, num_uuid * Uuid::kNumBytes16 + 1);
3372 UINT8_TO_STREAM(p, data_type);
3373 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_uuid16,
3374 num_uuid * Uuid::kNumBytes16);
3375 p += num_uuid * Uuid::kNumBytes16;
3376 free_eir_length -= num_uuid * Uuid::kNumBytes16;
3379 #else /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3380 /* if UUID list is dynamic */
3381 if (free_eir_length >= 2) {
3386 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes16;
3387 data_type = BTM_GetEirSupportedServices(bta_dm_cb.eir_uuid, &p,
3388 max_num_uuid, &num_uuid);
3390 if (data_type == BTM_EIR_MORE_16BITS_UUID_TYPE) {
3391 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3393 #if (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3395 for (custom_uuid_idx = 0;
3396 custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3397 custom_uuid_idx++) {
3398 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3399 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes16) {
3400 if (num_uuid < max_num_uuid) {
3401 UINT16_TO_STREAM(p, curr.As16Bit());
3404 data_type = BTM_EIR_MORE_16BITS_UUID_TYPE;
3405 APPL_TRACE_WARNING("BTA EIR: UUID 16-bit list is truncated");
3411 #endif /* (BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3413 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes16 + 1);
3414 UINT8_TO_STREAM(p_type, data_type);
3415 free_eir_length -= num_uuid * Uuid::kNumBytes16 + 2;
3417 #endif /* (BTA_EIR_CANNED_UUID_LIST == TRUE) */
3419 #if (BTA_EIR_CANNED_UUID_LIST != TRUE && BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0)
3420 /* Adding 32-bit UUID list */
3421 if (free_eir_length >= 2) {
3425 data_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE;
3427 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes32;
3429 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3430 custom_uuid_idx++) {
3431 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3432 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes32) {
3433 if (num_uuid < max_num_uuid) {
3434 UINT32_TO_STREAM(p, curr.As32Bit());
3437 data_type = BTM_EIR_MORE_32BITS_UUID_TYPE;
3438 APPL_TRACE_WARNING("BTA EIR: UUID 32-bit list is truncated");
3444 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes32 + 1);
3445 UINT8_TO_STREAM(p_type, data_type);
3446 free_eir_length -= num_uuid * Uuid::kNumBytes32 + 2;
3449 /* Adding 128-bit UUID list */
3450 if (free_eir_length >= 2) {
3454 data_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE;
3456 max_num_uuid = (free_eir_length - 2) / Uuid::kNumBytes128;
3458 for (custom_uuid_idx = 0; custom_uuid_idx < BTA_EIR_SERVER_NUM_CUSTOM_UUID;
3459 custom_uuid_idx++) {
3460 const Uuid& curr = bta_dm_cb.custom_uuid[custom_uuid_idx];
3461 if (curr.GetShortestRepresentationSize() == Uuid::kNumBytes128) {
3462 if (num_uuid < max_num_uuid) {
3463 ARRAY16_TO_STREAM(p, curr.To128BitBE().data());
3466 data_type = BTM_EIR_MORE_128BITS_UUID_TYPE;
3467 APPL_TRACE_WARNING("BTA EIR: UUID 128-bit list is truncated");
3473 UINT8_TO_STREAM(p_length, num_uuid * Uuid::kNumBytes128 + 1);
3474 UINT8_TO_STREAM(p_type, data_type);
3475 free_eir_length -= num_uuid * Uuid::kNumBytes128 + 2;
3477 #endif /* ( BTA_EIR_CANNED_UUID_LIST != TRUE \
3478 )&&(BTA_EIR_SERVER_NUM_CUSTOM_UUID > 0) */
3480 /* if Flags are provided in configuration */
3481 if ((p_bta_dm_eir_cfg->bta_dm_eir_flag_len > 0) &&
3482 (p_bta_dm_eir_cfg->bta_dm_eir_flags) &&
3483 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2)) {
3484 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 1);
3485 UINT8_TO_STREAM(p, BTM_EIR_FLAGS_TYPE);
3486 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_flags,
3487 p_bta_dm_eir_cfg->bta_dm_eir_flag_len);
3488 p += p_bta_dm_eir_cfg->bta_dm_eir_flag_len;
3489 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_flag_len + 2;
3492 /* if Manufacturer Specific are provided in configuration */
3493 if ((p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len > 0) &&
3494 (p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec) &&
3495 (free_eir_length >= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2)) {
3498 UINT8_TO_STREAM(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 1);
3499 UINT8_TO_STREAM(p, BTM_EIR_MANUFACTURER_SPECIFIC_TYPE);
3500 memcpy(p, p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec,
3501 p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len);
3502 p += p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len;
3503 free_eir_length -= p_bta_dm_eir_cfg->bta_dm_eir_manufac_spec_len + 2;
3509 /* if Inquiry Tx Resp Power compiled */
3510 if ((p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power) && (free_eir_length >= 3)) {
3511 UINT8_TO_STREAM(p, 2); /* Length field */
3512 UINT8_TO_STREAM(p, BTM_EIR_TX_POWER_LEVEL_TYPE);
3513 UINT8_TO_STREAM(p, *(p_bta_dm_eir_cfg->bta_dm_eir_inq_tx_power));
3514 free_eir_length -= 3;
3517 if (free_eir_length)
3518 UINT8_TO_STREAM(p, 0); /* terminator of significant part */
3520 BTM_WriteEIR(p_buf);
3523 /*******************************************************************************
3525 * Function bta_dm_eir_search_services
3527 * Description This function searches services in received EIR
3531 ******************************************************************************/
3532 static void bta_dm_eir_search_services(tBTM_INQ_RESULTS* p_result,
3533 tBTA_SERVICE_MASK* p_services_to_search,
3534 tBTA_SERVICE_MASK* p_services_found) {
3535 tBTA_SERVICE_MASK service_index = 0;
3536 tBTM_EIR_SEARCH_RESULT result;
3538 VLOG(1) << "BTA searching services in EIR of BDA:"
3539 << p_result->remote_bd_addr;
3541 APPL_TRACE_DEBUG(" with services_to_search=0x%08X", *p_services_to_search);
3543 /* always do GATT based service discovery by SDP instead of from EIR */
3544 /* if GATT based service is also to be put in EIR, need to modify this */
3545 while (service_index < (BTA_MAX_SERVICE_ID - 1)) {
3546 if (*p_services_to_search &
3547 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index))) {
3548 result = BTM_HasInquiryEirService(
3549 p_result, bta_service_id_to_uuid_lkup_tbl[service_index]);
3551 /* Searching for HSP v1.2 only device */
3552 if ((result != BTM_EIR_FOUND) &&
3553 (bta_service_id_to_uuid_lkup_tbl[service_index] ==
3554 UUID_SERVCLASS_HEADSET)) {
3555 result = BTM_HasInquiryEirService(p_result, UUID_SERVCLASS_HEADSET_HS);
3558 if (result == BTM_EIR_FOUND) {
3559 /* If Plug and Play service record, need to check to see if Broadcom
3561 /* However, EIR data doesn't have EXT_BRCM_VERSION so just skip it */
3562 if (bta_service_id_to_uuid_lkup_tbl[service_index] !=
3563 UUID_SERVCLASS_PNP_INFORMATION) {
3564 *p_services_found |= (tBTA_SERVICE_MASK)(
3565 BTA_SERVICE_ID_TO_SERVICE_MASK(service_index));
3566 /* remove the service from services to be searched */
3567 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3568 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3570 } else if (result == BTM_EIR_NOT_FOUND) {
3571 /* remove the service from services to be searched */
3572 *p_services_to_search &= (tBTA_SERVICE_MASK)(
3573 ~(BTA_SERVICE_ID_TO_SERVICE_MASK(service_index)));
3581 "BTA EIR search result, services_to_search=0x%08X, services_found=0x%08X",
3582 *p_services_to_search, *p_services_found);
3585 #if (BTA_EIR_CANNED_UUID_LIST != TRUE)
3586 /*******************************************************************************
3588 * Function bta_dm_eir_update_uuid
3590 * Description This function adds or removes service UUID in EIR database.
3594 ******************************************************************************/
3595 void bta_dm_eir_update_uuid(uint16_t uuid16, bool adding) {
3596 /* if this UUID is not advertised in EIR */
3597 if (!BTM_HasEirService(p_bta_dm_eir_cfg->uuid_mask, uuid16)) return;
3600 APPL_TRACE_EVENT("Adding UUID=0x%04X into EIR", uuid16);
3602 BTM_AddEirService(bta_dm_cb.eir_uuid, uuid16);
3604 APPL_TRACE_EVENT("Removing UUID=0x%04X from EIR", uuid16);
3606 BTM_RemoveEirService(bta_dm_cb.eir_uuid, uuid16);
3609 bta_dm_set_eir(NULL);
3611 APPL_TRACE_EVENT("bta_dm_eir_update_uuid UUID bit mask=0x%08X %08X",
3612 bta_dm_cb.eir_uuid[1], bta_dm_cb.eir_uuid[0]);
3616 /*******************************************************************************
3618 * Function bta_dm_encrypt_cback
3620 * Description link encryption complete callback.
3624 ******************************************************************************/
3625 void bta_dm_encrypt_cback(const RawAddress* bd_addr, tBT_TRANSPORT transport,
3626 UNUSED_ATTR void* p_ref_data, tBTM_STATUS result) {
3627 tBTA_STATUS bta_status = BTA_SUCCESS;
3628 tBTA_DM_ENCRYPT_CBACK* p_callback = NULL;
3631 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3632 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == *bd_addr &&
3633 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3637 if (i < bta_dm_cb.device_list.count) {
3638 p_callback = bta_dm_cb.device_list.peer_device[i].p_encrypt_cback;
3639 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = NULL;
3645 case BTM_WRONG_MODE:
3646 bta_status = BTA_WRONG_MODE;
3648 case BTM_NO_RESOURCES:
3649 bta_status = BTA_NO_RESOURCES;
3652 bta_status = BTA_BUSY;
3655 bta_status = BTA_FAILURE;
3659 APPL_TRACE_DEBUG("bta_dm_encrypt_cback status =%d p_callback=0x%x",
3660 bta_status, p_callback);
3663 (*p_callback)(*bd_addr, transport, bta_status);
3667 /**This function to encrypt the link */
3668 void bta_dm_set_encryption(const RawAddress& bd_addr, tBTA_TRANSPORT transport,
3669 tBTA_DM_ENCRYPT_CBACK* p_callback,
3670 tBTA_DM_BLE_SEC_ACT sec_act) {
3673 APPL_TRACE_DEBUG("bta_dm_set_encryption"); // todo
3675 APPL_TRACE_ERROR("bta_dm_set_encryption callback is not provided");
3678 for (i = 0; i < bta_dm_cb.device_list.count; i++) {
3679 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr == bd_addr &&
3680 bta_dm_cb.device_list.peer_device[i].conn_state == BTA_DM_CONNECTED)
3683 if (i < bta_dm_cb.device_list.count) {
3684 if (bta_dm_cb.device_list.peer_device[i].p_encrypt_cback) {
3685 APPL_TRACE_ERROR("earlier enc was not done for same device");
3686 (*p_callback)(bd_addr, transport, BTA_BUSY);
3690 if (BTM_SetEncryption(bd_addr, transport, bta_dm_encrypt_cback, NULL,
3691 sec_act) == BTM_CMD_STARTED) {
3692 bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = p_callback;
3697 bool bta_dm_check_if_only_hd_connected(const RawAddress& peer_addr) {
3698 APPL_TRACE_DEBUG("%s: count(%d)", __func__, bta_dm_conn_srvcs.count);
3700 for (uint8_t j = 0; j < bta_dm_conn_srvcs.count; j++) {
3701 // Check if profiles other than hid are connected
3702 if ((bta_dm_conn_srvcs.conn_srvc[j].id != BTA_ID_HD) &&
3703 bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr == peer_addr) {
3704 APPL_TRACE_DEBUG("%s: Another profile (id=%d) is connected", __func__,
3705 bta_dm_conn_srvcs.conn_srvc[j].id);
3713 /*******************************************************************************
3715 * Function bta_dm_observe_results_cb
3717 * Description Callback for BLE Observe result
3722 ******************************************************************************/
3723 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS* p_inq, uint8_t* p_eir,
3725 tBTA_DM_SEARCH result;
3726 tBTM_INQ_INFO* p_inq_info;
3727 APPL_TRACE_DEBUG("bta_dm_observe_results_cb");
3729 result.inq_res.bd_addr = p_inq->remote_bd_addr;
3730 result.inq_res.rssi = p_inq->rssi;
3731 result.inq_res.ble_addr_type = p_inq->ble_addr_type;
3732 result.inq_res.inq_result_type = p_inq->inq_result_type;
3733 result.inq_res.device_type = p_inq->device_type;
3734 result.inq_res.flag = p_inq->flag;
3735 result.inq_res.ble_evt_type = p_inq->ble_evt_type;
3736 result.inq_res.ble_primary_phy = p_inq->ble_primary_phy;
3737 result.inq_res.ble_secondary_phy = p_inq->ble_secondary_phy;
3738 result.inq_res.ble_advertising_sid = p_inq->ble_advertising_sid;
3739 result.inq_res.ble_tx_power = p_inq->ble_tx_power;
3740 result.inq_res.ble_periodic_adv_int = p_inq->ble_periodic_adv_int;
3742 /* application will parse EIR to find out remote device name */
3743 result.inq_res.p_eir = p_eir;
3744 result.inq_res.eir_len = eir_len;
3746 p_inq_info = BTM_InqDbRead(p_inq->remote_bd_addr);
3747 if (p_inq_info != NULL) {
3748 /* initialize remt_name_not_required to false so that we get the name by
3750 result.inq_res.remt_name_not_required = false;
3753 if (bta_dm_search_cb.p_scan_cback)
3754 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_RES_EVT, &result);
3757 /* application indicates if it knows the remote name, inside the callback
3758 copy that to the inquiry data base*/
3759 if (result.inq_res.remt_name_not_required)
3760 p_inq_info->appl_knows_rem_name = true;
3764 /*******************************************************************************
3766 * Function bta_dm_observe_cmpl_cb
3768 * Description Callback for BLE Observe complete
3773 ******************************************************************************/
3774 static void bta_dm_observe_cmpl_cb(void* p_result) {
3775 tBTA_DM_SEARCH data;
3777 APPL_TRACE_DEBUG("bta_dm_observe_cmpl_cb");
3779 data.inq_cmpl.num_resps = ((tBTM_INQUIRY_CMPL*)p_result)->num_resp;
3780 if (bta_dm_search_cb.p_scan_cback) {
3781 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
3785 /*******************************************************************************
3787 * Function bta_dm_ble_smp_cback
3789 * Description Callback for BLE SMP
3794 ******************************************************************************/
3795 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
3796 tBTM_LE_EVT_DATA* p_data) {
3797 tBTM_STATUS status = BTM_SUCCESS;
3798 tBTA_DM_SEC sec_event;
3799 char* p_name = NULL;
3801 if (!bta_dm_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
3803 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
3805 case BTM_LE_IO_REQ_EVT:
3806 bta_dm_co_ble_io_req(
3807 bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
3808 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
3809 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
3810 APPL_TRACE_EVENT("io mitm: %d oob_data:%d", p_data->io_req.auth_req,
3811 p_data->io_req.oob_data);
3815 case BTM_LE_CONSENT_REQ_EVT:
3816 sec_event.ble_req.bd_addr = bda;
3817 p_name = BTM_SecReadDevName(bda);
3819 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
3821 sec_event.ble_req.bd_name[0] = 0;
3822 bta_dm_cb.p_sec_cback(BTA_DM_BLE_CONSENT_REQ_EVT, &sec_event);
3825 case BTM_LE_SEC_REQUEST_EVT:
3826 sec_event.ble_req.bd_addr = bda;
3827 p_name = BTM_SecReadDevName(bda);
3829 strlcpy((char*)sec_event.ble_req.bd_name, p_name, BD_NAME_LEN);
3831 sec_event.ble_req.bd_name[0] = 0;
3832 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
3835 case BTM_LE_KEY_NOTIF_EVT:
3836 sec_event.key_notif.bd_addr = bda;
3837 p_name = BTM_SecReadDevName(bda);
3839 strlcpy((char*)sec_event.key_notif.bd_name, p_name, BD_NAME_LEN);
3841 sec_event.key_notif.bd_name[0] = 0;
3842 sec_event.key_notif.passkey = p_data->key_notif;
3843 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
3846 case BTM_LE_KEY_REQ_EVT:
3847 sec_event.ble_req.bd_addr = bda;
3848 bta_dm_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
3851 case BTM_LE_OOB_REQ_EVT:
3852 sec_event.ble_req.bd_addr = bda;
3853 bta_dm_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
3856 case BTM_LE_NC_REQ_EVT:
3857 sec_event.key_notif.bd_addr = bda;
3858 strlcpy((char*)sec_event.key_notif.bd_name, bta_dm_get_remname(),
3860 sec_event.key_notif.passkey = p_data->key_notif;
3861 bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
3864 case BTM_LE_SC_OOB_REQ_EVT:
3865 sec_event.ble_req.bd_addr = bda;
3866 bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
3869 case BTM_LE_KEY_EVT:
3870 sec_event.ble_key.bd_addr = bda;
3871 sec_event.ble_key.key_type = p_data->key.key_type;
3872 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
3873 bta_dm_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
3876 case BTM_LE_COMPLT_EVT:
3877 sec_event.auth_cmpl.bd_addr = bda;
3878 BTM_ReadDevInfo(bda, &sec_event.auth_cmpl.dev_type,
3879 &sec_event.auth_cmpl.addr_type);
3880 p_name = BTM_SecReadDevName(bda);
3882 strlcpy((char*)sec_event.auth_cmpl.bd_name, p_name, (BD_NAME_LEN));
3884 sec_event.auth_cmpl.bd_name[0] = 0;
3886 if (p_data->complt.reason != 0) {
3887 sec_event.auth_cmpl.fail_reason =
3888 BTA_DM_AUTH_CONVERT_SMP_CODE(((uint8_t)p_data->complt.reason));
3890 if (btm_sec_is_a_bonded_dev(bda) &&
3891 p_data->complt.reason == SMP_CONN_TOUT) {
3892 // Bonded device failed to encrypt - to test this remove battery from
3893 // HID device right after connection, but before encryption is
3895 LOG(INFO) << __func__
3896 << ": bonded device disconnected when encrypting - no "
3899 /* delete this device entry from Sec Dev DB */
3900 bta_dm_remove_sec_dev_entry(bda);
3904 sec_event.auth_cmpl.success = true;
3905 if (!p_data->complt.smp_over_br)
3906 GATT_ConfigServiceChangeCCC(bda, true, BT_TRANSPORT_LE);
3909 if (bta_dm_cb.p_sec_cback) {
3910 // bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
3911 bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
3916 status = BTM_NOT_AUTHORIZED;
3922 /*******************************************************************************
3924 * Function bta_dm_ble_id_key_cback
3926 * Description Callback for BLE local ID keys
3931 ******************************************************************************/
3932 static void bta_dm_ble_id_key_cback(uint8_t key_type,
3933 tBTM_BLE_LOCAL_KEYS* p_key) {
3938 case BTM_BLE_KEY_TYPE_ID:
3939 case BTM_BLE_KEY_TYPE_ER:
3940 if (bta_dm_cb.p_sec_cback) {
3941 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
3943 evt = (key_type == BTM_BLE_KEY_TYPE_ID) ? BTA_DM_BLE_LOCAL_IR_EVT
3944 : BTA_DM_BLE_LOCAL_ER_EVT;
3945 bta_dm_cb.p_sec_cback(evt, &dm_key);
3950 APPL_TRACE_DEBUG("Unknown key type %d", key_type);
3956 /*******************************************************************************
3958 * Function bta_dm_add_blekey
3960 * Description This function adds an BLE Key to an security database entry.
3961 * This function shall only be called AFTER BTA_DmAddBleDevice
3963 * It is normally called during host startup to restore all
3964 * required information stored in the NVRAM.
3968 ******************************************************************************/
3969 void bta_dm_add_blekey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE blekey,
3970 tBTA_LE_KEY_TYPE key_type) {
3971 if (!BTM_SecAddBleKey(bd_addr, (tBTM_LE_KEY_VALUE*)&blekey, key_type)) {
3972 LOG(ERROR) << "BTA_DM: Error adding BLE Key for device " << bd_addr;
3976 /*******************************************************************************
3978 * Function bta_dm_add_ble_device
3980 * Description This function adds an BLE device to an security database
3982 * It is normally called during host startup to restore all
3983 * required information stored in the NVRAM.
3987 ******************************************************************************/
3988 void bta_dm_add_ble_device(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
3989 tBT_DEVICE_TYPE dev_type) {
3990 if (!BTM_SecAddBleDevice(bd_addr, NULL, dev_type, addr_type)) {
3991 LOG(ERROR) << "BTA_DM: Error adding BLE Device for device " << bd_addr;
3995 /*******************************************************************************
3997 * Function bta_dm_add_ble_device
3999 * Description This function adds an BLE device to an security database
4001 * It is normally called during host startup to restore all
4002 * required information stored in the NVRAM.
4006 ******************************************************************************/
4007 void bta_dm_ble_passkey_reply(const RawAddress& bd_addr, bool accept,
4009 BTM_BlePasskeyReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED,
4013 /** This is response to SM numeric comparison request submitted to application.
4015 void bta_dm_ble_confirm_reply(const RawAddress& bd_addr, bool accept) {
4016 BTM_BleConfirmReply(bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED);
4019 /** This function set the preferred connection parameters */
4020 void bta_dm_ble_set_conn_params(const RawAddress& bd_addr,
4021 uint16_t conn_int_min, uint16_t conn_int_max,
4022 uint16_t slave_latency,
4023 uint16_t supervision_tout) {
4024 L2CA_AdjustConnectionIntervals(&conn_int_min, &conn_int_max,
4025 BTM_BLE_CONN_INT_MIN);
4027 BTM_BleSetPrefConnParams(bd_addr, conn_int_min, conn_int_max, slave_latency,
4031 /** This function set the preferred connection scan parameters */
4032 void bta_dm_ble_set_conn_scan_params(uint32_t scan_interval,
4033 uint32_t scan_window) {
4034 BTM_BleSetConnScanParams(scan_interval, scan_window);
4037 /** This function update LE connection parameters */
4038 void bta_dm_ble_update_conn_params(const RawAddress& bd_addr, uint16_t min_int,
4039 uint16_t max_int, uint16_t latency,
4040 uint16_t timeout, uint16_t min_ce_len,
4041 uint16_t max_ce_len) {
4042 L2CA_AdjustConnectionIntervals(&min_int, &max_int, BTM_BLE_CONN_INT_MIN);
4044 if (!L2CA_UpdateBleConnParams(bd_addr, min_int, max_int, latency, timeout,
4045 min_ce_len, max_ce_len)) {
4046 APPL_TRACE_ERROR("Update connection parameters failed!");
4050 #if (BLE_PRIVACY_SPT == TRUE)
4051 /** This function set the local device LE privacy settings. */
4052 void bta_dm_ble_config_local_privacy(bool privacy_enable) {
4053 BTM_BleConfigPrivacy(privacy_enable);
4057 void bta_dm_ble_observe(bool start, uint8_t duration,
4058 tBTA_DM_SEARCH_CBACK* p_cback) {
4060 bta_dm_search_cb.p_scan_cback = NULL;
4061 BTM_BleObserve(false, 0, NULL, NULL);
4065 /*Save the callback to be called when a scan results are available */
4066 bta_dm_search_cb.p_scan_cback = p_cback;
4067 tBTM_STATUS status = BTM_BleObserve(true, duration, bta_dm_observe_results_cb,
4068 bta_dm_observe_cmpl_cb);
4069 if (status != BTM_CMD_STARTED) {
4070 tBTA_DM_SEARCH data;
4071 APPL_TRACE_WARNING(" %s BTM_BleObserve failed. status %d", __func__,
4073 data.inq_cmpl.num_resps = 0;
4074 if (bta_dm_search_cb.p_scan_cback) {
4075 bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_CMPL_EVT, &data);
4080 /** This function set the maximum transmission packet size */
4081 void bta_dm_ble_set_data_length(const RawAddress& bd_addr,
4082 uint16_t tx_data_length) {
4083 if (BTM_SetBleDataLength(bd_addr, tx_data_length) != BTM_SUCCESS) {
4084 APPL_TRACE_ERROR("%s failed", __func__);
4088 /*******************************************************************************
4090 * Function bta_ble_enable_scan_cmpl
4092 * Description ADV payload filtering enable / disable complete callback
4097 ******************************************************************************/
4098 static void bta_ble_energy_info_cmpl(tBTM_BLE_TX_TIME_MS tx_time,
4099 tBTM_BLE_RX_TIME_MS rx_time,
4100 tBTM_BLE_IDLE_TIME_MS idle_time,
4101 tBTM_BLE_ENERGY_USED energy_used,
4102 tBTM_STATUS status) {
4103 tBTA_STATUS st = (status == BTM_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4104 tBTA_DM_CONTRL_STATE ctrl_state = 0;
4106 if (BTA_SUCCESS == st) ctrl_state = bta_dm_pm_obtain_controller_state();
4108 if (bta_dm_cb.p_energy_info_cback)
4109 bta_dm_cb.p_energy_info_cback(tx_time, rx_time, idle_time, energy_used,
4113 /** This function obtains the energy info */
4114 void bta_dm_ble_get_energy_info(
4115 tBTA_BLE_ENERGY_INFO_CBACK* p_energy_info_cback) {
4116 bta_dm_cb.p_energy_info_cback = p_energy_info_cback;
4117 tBTM_STATUS btm_status = BTM_BleGetEnergyInfo(bta_ble_energy_info_cmpl);
4118 if (BTM_CMD_STARTED != btm_status)
4119 bta_ble_energy_info_cmpl(0, 0, 0, 0, btm_status);
4122 #ifndef BTA_DM_GATT_CLOSE_DELAY_TOUT
4123 #define BTA_DM_GATT_CLOSE_DELAY_TOUT 1000
4126 /*******************************************************************************
4128 * Function bta_dm_gattc_register
4130 * Description Register with GATTC in DM if BLE is needed.
4135 ******************************************************************************/
4136 static void bta_dm_gattc_register(void) {
4137 if (bta_dm_search_cb.client_if == BTA_GATTS_INVALID_IF) {
4138 BTA_GATTC_AppRegister(bta_dm_gattc_callback,
4139 base::Bind([](uint8_t client_id, uint8_t status) {
4140 if (status == GATT_SUCCESS)
4141 bta_dm_search_cb.client_if = client_id;
4143 bta_dm_search_cb.client_if = BTA_GATTS_INVALID_IF;
4149 /*******************************************************************************
4151 * Function btm_dm_start_disc_gatt_services
4153 * Description This function starts a GATT service search request.
4157 ******************************************************************************/
4158 static void btm_dm_start_disc_gatt_services(uint16_t conn_id) {
4159 Uuid* p_uuid = bta_dm_search_cb.p_srvc_uuid + bta_dm_search_cb.num_uuid -
4160 bta_dm_search_cb.uuid_to_search;
4162 /* always search for all services */
4163 BTA_GATTC_ServiceSearchRequest(conn_id, p_uuid);
4166 /*******************************************************************************
4168 * Function bta_dm_gatt_disc_result
4170 * Description This function process the GATT service search result.
4174 ******************************************************************************/
4175 static void bta_dm_gatt_disc_result(tBTA_GATT_ID service_id) {
4176 tBTA_DM_SEARCH result;
4179 * This logic will not work for gatt case. We are checking against the
4180 * bluetooth profiles here
4181 * just copy the GATTID in raw data field and send it across.
4184 if (bta_dm_search_cb.ble_raw_used + sizeof(tBTA_GATT_ID) <
4185 bta_dm_search_cb.ble_raw_size) {
4187 "ADDING BLE SERVICE uuid=%s, ble_ptr = 0x%x, ble_raw_used = 0x%x",
4188 service_id.uuid.ToString().c_str(), bta_dm_search_cb.p_ble_rawdata,
4189 bta_dm_search_cb.ble_raw_used);
4191 if (bta_dm_search_cb.p_ble_rawdata) {
4192 // TODO(jpawlowski): the p_ble_raw data is only sent to btif_dm.cc, but is
4193 // never used there. Get rid of this code completly, or implement the
4194 // TODOs from btif_dm.cc
4195 memcpy((bta_dm_search_cb.p_ble_rawdata + bta_dm_search_cb.ble_raw_used),
4196 &service_id, sizeof(service_id));
4198 bta_dm_search_cb.ble_raw_used += sizeof(service_id);
4200 APPL_TRACE_ERROR("p_ble_rawdata is NULL");
4205 "%s out of room to accomodate more service ids ble_raw_size = %d "
4206 "ble_raw_used = %d",
4207 __func__, bta_dm_search_cb.ble_raw_size, bta_dm_search_cb.ble_raw_used);
4210 LOG_INFO(LOG_TAG, "%s service_id_uuid_len=%zu", __func__,
4211 service_id.uuid.GetShortestRepresentationSize());
4212 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) {
4213 /* send result back to app now, one by one */
4214 result.disc_ble_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4215 strlcpy((char*)result.disc_ble_res.bd_name, bta_dm_get_remname(),
4217 result.disc_ble_res.service = service_id.uuid;
4219 bta_dm_search_cb.p_search_cback(BTA_DM_DISC_BLE_RES_EVT, &result);
4223 /*******************************************************************************
4225 * Function bta_dm_gatt_disc_complete
4227 * Description This function process the GATT service search complete.
4231 ******************************************************************************/
4232 static void bta_dm_gatt_disc_complete(uint16_t conn_id, tGATT_STATUS status) {
4233 APPL_TRACE_DEBUG("%s conn_id = %d", __func__, conn_id);
4235 if (bta_dm_search_cb.uuid_to_search > 0) bta_dm_search_cb.uuid_to_search--;
4237 if (status == GATT_SUCCESS && bta_dm_search_cb.uuid_to_search > 0) {
4238 btm_dm_start_disc_gatt_services(conn_id);
4240 tBTA_DM_MSG* p_msg = (tBTA_DM_MSG*)osi_malloc(sizeof(tBTA_DM_MSG));
4242 bta_dm_search_cb.uuid_to_search = 0;
4244 /* no more services to be discovered */
4245 p_msg->hdr.event = BTA_DM_DISCOVERY_RESULT_EVT;
4246 p_msg->disc_result.result.disc_res.result =
4247 (status == GATT_SUCCESS) ? BTA_SUCCESS : BTA_FAILURE;
4248 APPL_TRACE_DEBUG("%s service found: 0x%08x", __func__,
4249 bta_dm_search_cb.services_found);
4250 p_msg->disc_result.result.disc_res.services =
4251 bta_dm_search_cb.services_found;
4252 p_msg->disc_result.result.disc_res.num_uuids = 0;
4253 p_msg->disc_result.result.disc_res.p_uuid_list = NULL;
4254 p_msg->disc_result.result.disc_res.bd_addr = bta_dm_search_cb.peer_bdaddr;
4255 strlcpy((char*)p_msg->disc_result.result.disc_res.bd_name,
4256 bta_dm_get_remname(), BD_NAME_LEN);
4258 p_msg->disc_result.result.disc_res.device_type |= BT_DEVICE_TYPE_BLE;
4259 if (bta_dm_search_cb.ble_raw_used > 0) {
4260 p_msg->disc_result.result.disc_res.p_raw_data =
4261 (uint8_t*)osi_malloc(bta_dm_search_cb.ble_raw_used);
4263 memcpy(p_msg->disc_result.result.disc_res.p_raw_data,
4264 bta_dm_search_cb.p_ble_rawdata, bta_dm_search_cb.ble_raw_used);
4266 p_msg->disc_result.result.disc_res.raw_data_size =
4267 bta_dm_search_cb.ble_raw_used;
4269 p_msg->disc_result.result.disc_res.p_raw_data = NULL;
4270 bta_dm_search_cb.p_ble_rawdata = 0;
4273 bta_sys_sendmsg(p_msg);
4275 if (conn_id != GATT_INVALID_CONN_ID) {
4276 /* start a GATT channel close delay timer */
4277 bta_sys_start_timer(bta_dm_search_cb.gatt_close_timer,
4278 BTA_DM_GATT_CLOSE_DELAY_TOUT,
4279 BTA_DM_DISC_CLOSE_TOUT_EVT, 0);
4280 bta_dm_search_cb.pending_close_bda = bta_dm_search_cb.peer_bdaddr;
4282 bta_dm_search_cb.gatt_disc_active = false;
4286 /*******************************************************************************
4288 * Function bta_dm_close_gatt_conn
4290 * Description This function close the GATT connection after delay
4295 ******************************************************************************/
4296 void bta_dm_close_gatt_conn(UNUSED_ATTR tBTA_DM_MSG* p_data) {
4297 if (bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID)
4298 BTA_GATTC_Close(bta_dm_search_cb.conn_id);
4300 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4301 bta_dm_search_cb.conn_id = GATT_INVALID_CONN_ID;
4303 /*******************************************************************************
4305 * Function btm_dm_start_gatt_discovery
4307 * Description This is GATT initiate the service search by open a GATT
4312 ******************************************************************************/
4313 void btm_dm_start_gatt_discovery(const RawAddress& bd_addr) {
4314 bta_dm_search_cb.gatt_disc_active = true;
4316 /* connection is already open */
4317 if (bta_dm_search_cb.pending_close_bda == bd_addr &&
4318 bta_dm_search_cb.conn_id != GATT_INVALID_CONN_ID) {
4319 bta_dm_search_cb.pending_close_bda = RawAddress::kEmpty;
4320 alarm_cancel(bta_dm_search_cb.gatt_close_timer);
4321 btm_dm_start_disc_gatt_services(bta_dm_search_cb.conn_id);
4323 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
4324 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4325 GATT_TRANSPORT_LE, true);
4327 BTA_GATTC_Open(bta_dm_search_cb.client_if, bd_addr, true,
4328 GATT_TRANSPORT_LE, false);
4333 /*******************************************************************************
4335 * Function bta_dm_cancel_gatt_discovery
4337 * Description This is GATT cancel the GATT service search.
4341 ******************************************************************************/
4342 static void bta_dm_cancel_gatt_discovery(const RawAddress& bd_addr) {
4343 if (bta_dm_search_cb.conn_id == GATT_INVALID_CONN_ID) {
4344 BTA_GATTC_CancelOpen(bta_dm_search_cb.client_if, bd_addr, true);
4347 bta_dm_gatt_disc_complete(bta_dm_search_cb.conn_id, (tGATT_STATUS)GATT_ERROR);
4350 /*******************************************************************************
4352 * Function bta_dm_proc_open_evt
4354 * Description process BTA_GATTC_OPEN_EVT in DM.
4358 ******************************************************************************/
4359 void bta_dm_proc_open_evt(tBTA_GATTC_OPEN* p_data) {
4360 VLOG(1) << "DM Search state= " << bta_dm_search_cb.state
4361 << " search_cb.peer_dbaddr:" << bta_dm_search_cb.peer_bdaddr
4362 << " connected_bda=" << p_data->remote_bda.address;
4364 APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d",
4365 p_data->conn_id, p_data->client_if, p_data->status);
4367 bta_dm_search_cb.conn_id = p_data->conn_id;
4369 if (p_data->status == GATT_SUCCESS) {
4370 btm_dm_start_disc_gatt_services(p_data->conn_id);
4372 bta_dm_gatt_disc_complete(GATT_INVALID_CONN_ID, p_data->status);
4376 /*******************************************************************************
4378 * Function bta_dm_gattc_callback
4380 * Description This is GATT client callback function used in DM.
4384 ******************************************************************************/
4385 static void bta_dm_gattc_callback(tBTA_GATTC_EVT event, tBTA_GATTC* p_data) {
4386 APPL_TRACE_DEBUG("bta_dm_gattc_callback event = %d", event);
4389 case BTA_GATTC_OPEN_EVT:
4390 bta_dm_proc_open_evt(&p_data->open);
4393 case BTA_GATTC_SEARCH_RES_EVT:
4394 bta_dm_gatt_disc_result(p_data->srvc_res.service_uuid);
4397 case BTA_GATTC_SEARCH_CMPL_EVT:
4398 if (bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE)
4399 bta_dm_gatt_disc_complete(p_data->search_cmpl.conn_id,
4400 p_data->search_cmpl.status);
4403 case BTA_GATTC_CLOSE_EVT:
4404 APPL_TRACE_DEBUG("BTA_GATTC_CLOSE_EVT reason = %d", p_data->close.reason);
4405 /* in case of disconnect before search is completed */
4406 if ((bta_dm_search_cb.state != BTA_DM_SEARCH_IDLE) &&
4407 (bta_dm_search_cb.state != BTA_DM_SEARCH_ACTIVE) &&
4408 p_data->close.remote_bda == bta_dm_search_cb.peer_bdaddr) {
4409 bta_dm_gatt_disc_complete((uint16_t)GATT_INVALID_CONN_ID,
4410 (tGATT_STATUS)GATT_ERROR);
4419 #if (BLE_VND_INCLUDED == TRUE)
4420 /*******************************************************************************
4422 * Function bta_dm_ctrl_features_rd_cmpl_cback
4424 * Description callback to handle controller feature read complete
4428 ******************************************************************************/
4429 static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result) {
4430 APPL_TRACE_DEBUG("%s status = %d ", __func__, result);
4431 if (result == BTM_SUCCESS) {
4432 if (bta_dm_cb.p_sec_cback)
4433 bta_dm_cb.p_sec_cback(BTA_DM_LE_FEATURES_READ, NULL);
4435 APPL_TRACE_ERROR("%s Ctrl BLE feature read failed: status :%d", __func__,
4439 #endif /* BLE_VND_INCLUDED */