1 /******************************************************************************
3 * Copyright (C) 2009-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /************************************************************************************
23 * Description: Contains Device Management (DM) related functionality
26 ***********************************************************************************/
31 #include <hardware/bluetooth.h>
33 #include <utils/Log.h>
34 #include <cutils/properties.h>
40 #include "btif_util.h"
42 #include "btif_storage.h"
44 #include "btif_config.h"
46 #include "bta_gatt_api.h"
48 /******************************************************************************
49 ** Device specific workarounds
50 ******************************************************************************/
53 * The devices below have proven problematic during the pairing process, often
54 * requiring multiple retries to complete pairing. To avoid degrading the user
55 * experience for other devices, explicitely blacklist troubled devices here.
57 static const UINT8 blacklist_pairing_retries[][3] = {
58 {0x9C, 0xDF, 0x03} // BMW car kits (Harman/Becker)
61 BOOLEAN blacklistPairingRetries(BD_ADDR bd_addr)
63 const unsigned blacklist_size = sizeof(blacklist_pairing_retries)
64 / sizeof(blacklist_pairing_retries[0]);
65 for (unsigned i = 0; i != blacklist_size; ++i)
67 if (blacklist_pairing_retries[i][0] == bd_addr[0] &&
68 blacklist_pairing_retries[i][1] == bd_addr[1] &&
69 blacklist_pairing_retries[i][2] == bd_addr[2])
75 /******************************************************************************
77 ******************************************************************************/
79 #define COD_UNCLASSIFIED ((0x1F) << 8)
80 #define COD_HID_KEYBOARD 0x0540
81 #define COD_HID_POINTING 0x0580
82 #define COD_HID_COMBO 0x05C0
83 #define COD_HID_MAJOR 0x0500
84 #define COD_AV_HEADSETS 0x0404
85 #define COD_AV_HANDSFREE 0x0408
86 #define COD_AV_HEADPHONES 0x0418
87 #define COD_AV_PORTABLE_AUDIO 0x041C
88 #define COD_AV_HIFI_AUDIO 0x0428
91 #define BTIF_DM_DEFAULT_INQ_MAX_RESULTS 0
92 #define BTIF_DM_DEFAULT_INQ_MAX_DURATION 10
93 #define BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING 2
95 #define NUM_TIMEOUT_RETRIES 5
97 #define PROPERTY_PRODUCT_MODEL "ro.product.model"
98 #define DEFAULT_LOCAL_NAME_MAX 31
99 #if (DEFAULT_LOCAL_NAME_MAX > BTM_MAX_LOC_BD_NAME_LEN)
100 #error "default btif local name size exceeds stack supported length"
103 #if (defined(BTA_HOST_INTERLEAVE_SEARCH) && BTA_HOST_INTERLEAVE_SEARCH == TRUE)
104 #define BTIF_DM_INTERLEAVE_DURATION_BR_ONE 2
105 #define BTIF_DM_INTERLEAVE_DURATION_LE_ONE 2
106 #define BTIF_DM_INTERLEAVE_DURATION_BR_TWO 3
107 #define BTIF_DM_INTERLEAVE_DURATION_LE_TWO 4
110 #define MAX_SDP_BL_ENTRIES 3
112 #define BOND_TYPE_UNKNOWN 0
113 #define BOND_TYPE_PERSISTENT 1
114 #define BOND_TYPE_TEMPORARY 2
118 bt_bond_state_t state;
125 UINT8 autopair_attempts;
126 UINT8 timeout_retries;
127 UINT8 is_local_initiated;
129 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
131 btif_dm_ble_cb_t ble;
133 } btif_dm_pairing_cb_t;
138 UINT8 ir[BT_OCTET16_LEN];
139 UINT8 irk[BT_OCTET16_LEN];
140 UINT8 dhk[BT_OCTET16_LEN];
141 }btif_dm_local_key_id_t;
146 UINT8 er[BT_OCTET16_LEN];
147 BOOLEAN is_id_keys_rcvd;
148 btif_dm_local_key_id_t id_keys; /* ID kyes */
150 }btif_dm_local_key_cb_t;
156 } btif_dm_remote_name_t;
162 BD_ADDR oob_bdaddr; /* peer bdaddr*/
168 UINT8 transport; /* 0=Unknown, 1=BR/EDR, 2=LE */
169 } btif_dm_create_bond_cb_t;
178 uint64_t energy_used;
179 } btif_activity_energy_info_cb_t;
183 unsigned int manufact_id;
186 #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id))
188 #define MAX_SDP_BL_ENTRIES 3
189 #define UUID_HUMAN_INTERFACE_DEVICE "00001124-0000-1000-8000-00805f9b34fb"
191 static skip_sdp_entry_t sdp_blacklist[] = {{76}}; //Apple Mouse and Keyboard
194 /* This flag will be true if HCI_Inquiry is in progress */
195 static BOOLEAN btif_dm_inquiry_in_progress = FALSE;
199 /************************************************************************************
201 ************************************************************************************/
202 static char btif_default_local_name[DEFAULT_LOCAL_NAME_MAX+1] = {'\0'};
204 /******************************************************************************
206 ******************************************************************************/
207 static btif_dm_pairing_cb_t pairing_cb;
208 static btif_dm_oob_cb_t oob_cb;
209 static void btif_dm_generic_evt(UINT16 event, char* p_param);
210 static void btif_dm_cb_create_bond(bt_bdaddr_t *bd_addr, tBTA_TRANSPORT transport);
211 static void btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME *p_remote_name);
212 static void btif_update_remote_properties(BD_ADDR bd_addr, BD_NAME bd_name,
213 DEV_CLASS dev_class, tBT_DEVICE_TYPE dev_type);
214 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
215 static btif_dm_local_key_cb_t ble_local_key_cb;
216 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF *p_ssp_key_notif);
217 static void btif_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl);
218 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ *p_pin_req);
221 static void bte_scan_filt_param_cfg_evt(UINT8 action_type,
222 tBTA_DM_BLE_PF_AVBL_SPACE avbl_space,
223 tBTA_DM_BLE_REF_VALUE ref_value, tBTA_STATUS status);
225 static char* btif_get_default_local_name();
226 /******************************************************************************
228 ******************************************************************************/
229 extern UINT16 bta_service_id_to_uuid_lkup_tbl [BTA_MAX_SERVICE_ID];
230 extern bt_status_t btif_hf_execute_service(BOOLEAN b_enable);
231 extern bt_status_t btif_av_execute_service(BOOLEAN b_enable);
232 extern bt_status_t btif_hh_execute_service(BOOLEAN b_enable);
233 extern bt_status_t btif_hf_client_execute_service(BOOLEAN b_enable);
234 extern bt_status_t btif_mce_execute_service(BOOLEAN b_enable);
235 extern int btif_hh_connect(bt_bdaddr_t *bd_addr);
236 extern void bta_gatt_convert_uuid16_to_uuid128(UINT8 uuid_128[LEN_UUID_128], UINT16 uuid_16);
239 /******************************************************************************
241 ******************************************************************************/
243 bt_status_t btif_in_execute_service_request(tBTA_SERVICE_ID service_id,
246 /* Check the service_ID and invoke the profile's BT state changed API */
249 case BTA_HFP_SERVICE_ID:
250 case BTA_HSP_SERVICE_ID:
252 btif_hf_execute_service(b_enable);
254 case BTA_A2DP_SERVICE_ID:
256 btif_av_execute_service(b_enable);
258 case BTA_HID_SERVICE_ID:
260 btif_hh_execute_service(b_enable);
262 case BTA_HFP_HS_SERVICE_ID:
264 btif_hf_client_execute_service(b_enable);
266 case BTA_MAP_SERVICE_ID:
268 btif_mce_execute_service(b_enable);
271 BTIF_TRACE_ERROR("%s: Unknown service being enabled", __FUNCTION__);
272 return BT_STATUS_FAIL;
274 return BT_STATUS_SUCCESS;
277 /*******************************************************************************
279 ** Function check_eir_remote_name
281 ** Description Check if remote name is in the EIR data
283 ** Returns TRUE if remote name found
284 ** Populate p_remote_name, if provided and remote name found
286 *******************************************************************************/
287 static BOOLEAN check_eir_remote_name(tBTA_DM_SEARCH *p_search_data,
288 UINT8 *p_remote_name, UINT8 *p_remote_name_len)
290 UINT8 *p_eir_remote_name = NULL;
291 UINT8 remote_name_len = 0;
293 /* Check EIR for remote name and services */
294 if (p_search_data->inq_res.p_eir)
296 p_eir_remote_name = BTA_CheckEirData(p_search_data->inq_res.p_eir,
297 BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
298 if (!p_eir_remote_name)
300 p_eir_remote_name = BTA_CheckEirData(p_search_data->inq_res.p_eir,
301 BTM_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
304 if (p_eir_remote_name)
306 if (remote_name_len > BD_NAME_LEN)
307 remote_name_len = BD_NAME_LEN;
309 if (p_remote_name && p_remote_name_len)
311 memcpy(p_remote_name, p_eir_remote_name, remote_name_len);
312 *(p_remote_name + remote_name_len) = 0;
313 *p_remote_name_len = remote_name_len;
324 /*******************************************************************************
326 ** Function check_cached_remote_name
328 ** Description Check if remote name is in the NVRAM cache
330 ** Returns TRUE if remote name found
331 ** Populate p_remote_name, if provided and remote name found
333 *******************************************************************************/
334 static BOOLEAN check_cached_remote_name(tBTA_DM_SEARCH *p_search_data,
335 UINT8 *p_remote_name, UINT8 *p_remote_name_len)
338 bt_bdaddr_t remote_bdaddr;
339 bt_property_t prop_name;
341 /* check if we already have it in our btif_storage cache */
342 bdcpy(remote_bdaddr.address, p_search_data->inq_res.bd_addr);
343 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_BDNAME,
344 sizeof(bt_bdname_t), &bdname);
345 if (btif_storage_get_remote_device_property(
346 &remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS)
348 if (p_remote_name && p_remote_name_len)
350 strcpy((char *)p_remote_name, (char *)bdname.name);
351 *p_remote_name_len = strlen((char *)p_remote_name);
359 BOOLEAN check_cod(const bt_bdaddr_t *remote_bdaddr, uint32_t cod)
362 bt_property_t prop_name;
364 /* check if we already have it in our btif_storage cache */
365 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
366 sizeof(uint32_t), &remote_cod);
367 if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS)
369 BTIF_TRACE_ERROR("%s: remote_cod = 0x%06x", __FUNCTION__, remote_cod);
370 if ((remote_cod & 0x7ff) == cod)
377 BOOLEAN check_cod_hid(const bt_bdaddr_t *remote_bdaddr, uint32_t cod)
380 bt_property_t prop_name;
382 /* check if we already have it in our btif_storage cache */
383 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
384 sizeof(uint32_t), &remote_cod);
385 if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr,
386 &prop_name) == BT_STATUS_SUCCESS)
388 BTIF_TRACE_DEBUG("%s: remote_cod = 0x%06x", __FUNCTION__, remote_cod);
389 if ((remote_cod & 0x700) == cod)
395 BOOLEAN check_hid_le(const bt_bdaddr_t *remote_bdaddr)
397 uint32_t remote_dev_type;
398 bt_property_t prop_name;
400 /* check if we already have it in our btif_storage cache */
401 BTIF_STORAGE_FILL_PROPERTY(&prop_name,BT_PROPERTY_TYPE_OF_DEVICE,
402 sizeof(uint32_t), &remote_dev_type);
403 if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr,
404 &prop_name) == BT_STATUS_SUCCESS)
406 if (remote_dev_type == BT_DEVICE_DEVTYPE_BLE)
409 bd2str(remote_bdaddr, &bdstr);
410 if(btif_config_exist("Remote", bdstr, "HidAppId"))
417 /*****************************************************************************
419 ** Function check_sdp_bl
421 ** Description Checks if a given device is blacklisted to skip sdp
423 ** Parameters skip_sdp_entry
425 ** Returns TRUE if the device is present in blacklist, else FALSE
427 *******************************************************************************/
428 BOOLEAN check_sdp_bl(const bt_bdaddr_t *remote_bdaddr)
431 UINT16 manufacturer = 0;
433 UINT16 lmp_subver = 0;
434 tBTM_STATUS btm_status;
435 bt_property_t prop_name;
436 bt_remote_version_t info;
440 if (remote_bdaddr == NULL)
443 /* fetch additional info about remote device used in iop query */
444 btm_status = BTM_ReadRemoteVersion(*(BD_ADDR*)remote_bdaddr, &lmp_ver,
445 &manufacturer, &lmp_subver);
449 /* if not available yet, try fetching from config database */
450 BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_REMOTE_VERSION_INFO,
451 sizeof(bt_remote_version_t), &info);
453 if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr,
454 &prop_name) != BT_STATUS_SUCCESS)
459 manufacturer = info.manufacturer;
461 for (int i = 0; i < MAX_SDP_BL_ENTRIES; i++)
463 if (manufacturer == sdp_blacklist[i].manufact_id)
470 static void bond_state_changed(bt_status_t status, bt_bdaddr_t *bd_addr, bt_bond_state_t state)
472 /* Send bonding state only once - based on outgoing/incoming we may receive duplicates */
473 if ( (pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING) )
476 if (pairing_cb.bond_type == BOND_TYPE_TEMPORARY)
478 state = BT_BOND_STATE_NONE;
480 BTIF_TRACE_DEBUG("%s: state=%d prev_state=%d", __FUNCTION__, state, pairing_cb.state);
482 HAL_CBACK(bt_hal_cbacks, bond_state_changed_cb, status, bd_addr, state);
484 if (state == BT_BOND_STATE_BONDING)
486 pairing_cb.state = state;
487 bdcpy(pairing_cb.bd_addr, bd_addr->address);
491 memset(&pairing_cb, 0, sizeof(pairing_cb));
496 /* store remote version in bt config to always have access
498 static void btif_update_remote_version_property(bt_bdaddr_t *p_bd)
500 bt_property_t property;
502 UINT16 lmp_subver = 0;
504 tBTM_STATUS btm_status;
505 bt_remote_version_t info;
509 btm_status = BTM_ReadRemoteVersion(*(BD_ADDR*)p_bd, &lmp_ver,
510 &mfct_set, &lmp_subver);
512 ALOGD("remote version info [%s]: %x, %x, %x", bd2str(p_bd, &bdstr),
513 lmp_ver, mfct_set, lmp_subver);
515 if (btm_status == BTM_SUCCESS)
517 /* always update cache to ensure we have availability whenever BTM API
519 info.manufacturer = mfct_set;
520 info.sub_ver = lmp_subver;
521 info.version = lmp_ver;
522 BTIF_STORAGE_FILL_PROPERTY(&property,
523 BT_PROPERTY_REMOTE_VERSION_INFO, sizeof(bt_remote_version_t),
525 status = btif_storage_set_remote_device_property(p_bd, &property);
526 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote version", status);
531 static void btif_update_remote_properties(BD_ADDR bd_addr, BD_NAME bd_name,
532 DEV_CLASS dev_class, tBT_DEVICE_TYPE device_type)
534 int num_properties = 0;
535 bt_property_t properties[3];
539 bt_device_type_t dev_type;
541 memset(properties, 0, sizeof(properties));
542 bdcpy(bdaddr.address, bd_addr);
545 if (strlen((const char *) bd_name))
547 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
548 BT_PROPERTY_BDNAME, strlen((char *)bd_name), bd_name);
549 status = btif_storage_set_remote_device_property(&bdaddr, &properties[num_properties]);
550 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device name", status);
554 /* class of device */
555 cod = devclass2uint(dev_class);
556 BTIF_TRACE_DEBUG("%s():cod is 0x%06x", __FUNCTION__, cod);
558 /* Try to retrieve cod from storage */
559 BTIF_TRACE_DEBUG("%s():cod is 0, checking cod from storage", __FUNCTION__);
560 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
561 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
562 status = btif_storage_get_remote_device_property(&bdaddr, &properties[num_properties]);
563 BTIF_TRACE_DEBUG("%s():cod retreived from storage is 0x%06x", __FUNCTION__, cod);
565 BTIF_TRACE_DEBUG("%s():cod is again 0, set as unclassified", __FUNCTION__);
566 cod = COD_UNCLASSIFIED;
570 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
571 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
572 status = btif_storage_set_remote_device_property(&bdaddr, &properties[num_properties]);
573 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device class", status);
577 dev_type = device_type;
578 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
579 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type), &dev_type);
580 status = btif_storage_set_remote_device_property(&bdaddr, &properties[num_properties]);
581 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device type", status);
584 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
585 status, &bdaddr, num_properties, properties);
588 /*******************************************************************************
590 ** Function btif_dm_cb_hid_remote_name
592 ** Description Remote name callback for HID device. Called in btif context
593 ** Special handling for HID devices
597 *******************************************************************************/
598 static void btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME *p_remote_name)
600 BTIF_TRACE_DEBUG("%s: status=%d pairing_cb.state=%d", __FUNCTION__, p_remote_name->status, pairing_cb.state);
601 if (pairing_cb.state == BT_BOND_STATE_BONDING)
603 bt_bdaddr_t remote_bd;
605 bdcpy(remote_bd.address, pairing_cb.bd_addr);
607 if (p_remote_name->status == BTM_SUCCESS)
609 bond_state_changed(BT_STATUS_SUCCESS, &remote_bd, BT_BOND_STATE_BONDED);
612 bond_state_changed(BT_STATUS_FAIL, &remote_bd, BT_BOND_STATE_NONE);
616 /*******************************************************************************
618 ** Function btif_dm_cb_create_bond
620 ** Description Create bond initiated from the BTIF thread context
621 ** Special handling for HID devices
625 *******************************************************************************/
626 static void btif_dm_cb_create_bond(bt_bdaddr_t *bd_addr, tBTA_TRANSPORT transport)
628 BOOLEAN is_hid = check_cod(bd_addr, COD_HID_POINTING);
629 bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
631 #if BLE_INCLUDED == TRUE
635 bd2str(bd_addr, &bdstr);
636 if (transport == BT_TRANSPORT_LE)
638 if (!btif_config_get_int("Remote", (char const *)&bdstr,"DevType", &device_type))
640 btif_config_set_int("Remote", bdstr, "DevType", BT_DEVICE_TYPE_BLE);
642 if (btif_storage_get_remote_addr_type(bd_addr, &addr_type) != BT_STATUS_SUCCESS)
644 btif_storage_set_remote_addr_type(bd_addr, BLE_ADDR_PUBLIC);
647 if((btif_config_get_int("Remote", (char const *)&bdstr,"DevType", &device_type) &&
648 (btif_storage_get_remote_addr_type(bd_addr, &addr_type) == BT_STATUS_SUCCESS) &&
649 (device_type == BT_DEVICE_TYPE_BLE)) || (transport == BT_TRANSPORT_LE))
651 BTA_DmAddBleDevice(bd_addr->address, addr_type, BT_DEVICE_TYPE_BLE);
655 #if BLE_INCLUDED == TRUE
656 if(is_hid && device_type != BT_DEVICE_TYPE_BLE)
662 status = btif_hh_connect(bd_addr);
663 if(status != BT_STATUS_SUCCESS)
664 bond_state_changed(status, bd_addr, BT_BOND_STATE_NONE);
668 BTA_DmBondByTransport((UINT8 *)bd_addr->address, transport);
670 /* Track originator of bond creation */
671 pairing_cb.is_local_initiated = TRUE;
675 /*******************************************************************************
677 ** Function btif_dm_cb_remove_bond
679 ** Description remove bond initiated from the BTIF thread context
680 ** Special handling for HID devices
684 *******************************************************************************/
685 void btif_dm_cb_remove_bond(bt_bdaddr_t *bd_addr)
688 /*special handling for HID devices */
689 /* VUP needs to be sent if its a HID Device. The HID HOST module will check if there
690 is a valid hid connection with this bd_addr. If yes VUP will be issued.*/
691 #if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
692 if (btif_hh_virtual_unplug(bd_addr) != BT_STATUS_SUCCESS)
695 BTA_DmRemoveDevice((UINT8 *)bd_addr->address);
699 /*******************************************************************************
701 ** Function btif_dm_get_connection_state
703 ** Description Returns whether the remote device is currently connected
705 ** Returns 0 if not connected
707 *******************************************************************************/
708 uint16_t btif_dm_get_connection_state(const bt_bdaddr_t *bd_addr)
710 return BTA_DmGetConnectionState((UINT8 *)bd_addr->address);
713 /*******************************************************************************
715 ** Function search_devices_copy_cb
717 ** Description Deep copy callback for search devices event
721 *******************************************************************************/
722 static void search_devices_copy_cb(UINT16 event, char *p_dest, char *p_src)
724 tBTA_DM_SEARCH *p_dest_data = (tBTA_DM_SEARCH *) p_dest;
725 tBTA_DM_SEARCH *p_src_data = (tBTA_DM_SEARCH *) p_src;
730 BTIF_TRACE_DEBUG("%s: event=%s", __FUNCTION__, dump_dm_search_event(event));
731 memcpy(p_dest_data, p_src_data, sizeof(tBTA_DM_SEARCH));
734 case BTA_DM_INQ_RES_EVT:
736 if (p_src_data->inq_res.p_eir)
738 p_dest_data->inq_res.p_eir = (UINT8 *)(p_dest + sizeof(tBTA_DM_SEARCH));
739 memcpy(p_dest_data->inq_res.p_eir, p_src_data->inq_res.p_eir, HCI_EXT_INQ_RESPONSE_LEN);
744 case BTA_DM_DISC_RES_EVT:
746 if (p_src_data->disc_res.raw_data_size && p_src_data->disc_res.p_raw_data)
748 p_dest_data->disc_res.p_raw_data = (UINT8 *)(p_dest + sizeof(tBTA_DM_SEARCH));
749 memcpy(p_dest_data->disc_res.p_raw_data,
750 p_src_data->disc_res.p_raw_data, p_src_data->disc_res.raw_data_size);
757 static void search_services_copy_cb(UINT16 event, char *p_dest, char *p_src)
759 tBTA_DM_SEARCH *p_dest_data = (tBTA_DM_SEARCH *) p_dest;
760 tBTA_DM_SEARCH *p_src_data = (tBTA_DM_SEARCH *) p_src;
764 memcpy(p_dest_data, p_src_data, sizeof(tBTA_DM_SEARCH));
767 case BTA_DM_DISC_RES_EVT:
769 if (p_src_data->disc_res.result == BTA_SUCCESS)
771 if (p_src_data->disc_res.num_uuids > 0)
773 p_dest_data->disc_res.p_uuid_list =
774 (UINT8*)(p_dest + sizeof(tBTA_DM_SEARCH));
775 memcpy(p_dest_data->disc_res.p_uuid_list, p_src_data->disc_res.p_uuid_list,
776 p_src_data->disc_res.num_uuids*MAX_UUID_SIZE);
777 GKI_freebuf(p_src_data->disc_res.p_uuid_list);
779 if (p_src_data->disc_res.p_raw_data != NULL)
781 GKI_freebuf(p_src_data->disc_res.p_raw_data);
787 /******************************************************************************
789 ** BTIF DM callback events
791 *****************************************************************************/
793 /*******************************************************************************
795 ** Function btif_dm_pin_req_evt
797 ** Description Executes pin request event in btif context
801 *******************************************************************************/
802 static void btif_dm_pin_req_evt(tBTA_DM_PIN_REQ *p_pin_req)
807 bt_pin_code_t pin_code;
809 /* Remote properties update */
810 btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
811 p_pin_req->dev_class, BT_DEVICE_TYPE_BREDR);
813 bdcpy(bd_addr.address, p_pin_req->bd_addr);
814 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
816 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
818 cod = devclass2uint(p_pin_req->dev_class);
821 BTIF_TRACE_DEBUG("%s():cod is 0, set as unclassified", __FUNCTION__);
822 cod = COD_UNCLASSIFIED;
825 /* check for auto pair possiblity only if bond was initiated by local device */
826 if (pairing_cb.is_local_initiated)
828 if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
829 check_cod(&bd_addr, COD_AV_HANDSFREE) ||
830 check_cod(&bd_addr, COD_AV_HEADPHONES) ||
831 check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
832 check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
833 check_cod(&bd_addr, COD_HID_POINTING))
835 BTIF_TRACE_DEBUG("%s()cod matches for auto pair", __FUNCTION__);
836 /* Check if this device can be auto paired */
837 if ((btif_storage_is_device_autopair_blacklisted(&bd_addr) == FALSE) &&
838 (pairing_cb.autopair_attempts == 0))
840 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __FUNCTION__);
841 pin_code.pin[0] = 0x30;
842 pin_code.pin[1] = 0x30;
843 pin_code.pin[2] = 0x30;
844 pin_code.pin[3] = 0x30;
846 pairing_cb.autopair_attempts++;
847 BTA_DmPinReply( (UINT8*)bd_addr.address, TRUE, 4, pin_code.pin);
851 else if (check_cod(&bd_addr, COD_HID_KEYBOARD) ||
852 check_cod(&bd_addr, COD_HID_COMBO))
854 if(( btif_storage_is_fixed_pin_zeros_keyboard (&bd_addr) == TRUE) &&
855 (pairing_cb.autopair_attempts == 0))
857 BTIF_TRACE_DEBUG("%s() Attempting auto pair", __FUNCTION__);
858 pin_code.pin[0] = 0x30;
859 pin_code.pin[1] = 0x30;
860 pin_code.pin[2] = 0x30;
861 pin_code.pin[3] = 0x30;
863 pairing_cb.autopair_attempts++;
864 BTA_DmPinReply( (UINT8*)bd_addr.address, TRUE, 4, pin_code.pin);
869 HAL_CBACK(bt_hal_cbacks, pin_request_cb,
870 &bd_addr, &bd_name, cod);
873 /*******************************************************************************
875 ** Function btif_dm_ssp_cfm_req_evt
877 ** Description Executes SSP confirm request event in btif context
881 *******************************************************************************/
882 static void btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ *p_ssp_cfm_req)
887 BOOLEAN is_incoming = !(pairing_cb.state == BT_BOND_STATE_BONDING);
889 BTIF_TRACE_DEBUG("%s", __FUNCTION__);
891 /* Remote properties update */
892 btif_update_remote_properties(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->bd_name,
893 p_ssp_cfm_req->dev_class, BT_DEVICE_TYPE_BREDR);
895 bdcpy(bd_addr.address, p_ssp_cfm_req->bd_addr);
896 memcpy(bd_name.name, p_ssp_cfm_req->bd_name, BD_NAME_LEN);
898 /* Set the pairing_cb based on the local & remote authentication requirements */
899 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
901 /* if just_works and bonding bit is not set treat this as temporary */
902 if (p_ssp_cfm_req->just_works && !(p_ssp_cfm_req->loc_auth_req & BTM_AUTH_BONDS) &&
903 !(p_ssp_cfm_req->rmt_auth_req & BTM_AUTH_BONDS) &&
904 !(check_cod((bt_bdaddr_t*)&p_ssp_cfm_req->bd_addr, COD_HID_POINTING)))
905 pairing_cb.bond_type = BOND_TYPE_TEMPORARY;
907 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
909 pairing_cb.is_ssp = TRUE;
911 /* If JustWorks auto-accept */
912 if (p_ssp_cfm_req->just_works)
914 /* Pairing consent for JustWorks needed if:
915 * 1. Incoming pairing is detected AND
916 * 2. local IO capabilities are DisplayYesNo AND
917 * 3. remote IO capabiltiies are DisplayOnly or NoInputNoOutput;
919 if ((is_incoming) && ((p_ssp_cfm_req->loc_io_caps == 0x01) &&
920 (p_ssp_cfm_req->rmt_io_caps == 0x00 || p_ssp_cfm_req->rmt_io_caps == 0x03)))
922 BTIF_TRACE_EVENT("%s: User consent needed for incoming pairing request. loc_io_caps: %d, rmt_io_caps: %d",
923 __FUNCTION__, p_ssp_cfm_req->loc_io_caps, p_ssp_cfm_req->rmt_io_caps);
927 BTIF_TRACE_EVENT("%s: Auto-accept JustWorks pairing", __FUNCTION__);
928 btif_dm_ssp_reply(&bd_addr, BT_SSP_VARIANT_CONSENT, TRUE, 0);
933 cod = devclass2uint(p_ssp_cfm_req->dev_class);
936 ALOGD("cod is 0, set as unclassified");
937 cod = COD_UNCLASSIFIED;
940 pairing_cb.sdp_attempts = 0;
941 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
942 (p_ssp_cfm_req->just_works ? BT_SSP_VARIANT_CONSENT : BT_SSP_VARIANT_PASSKEY_CONFIRMATION),
943 p_ssp_cfm_req->num_val);
946 static void btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF *p_ssp_key_notif)
952 BTIF_TRACE_DEBUG("%s", __FUNCTION__);
954 /* Remote properties update */
955 btif_update_remote_properties(p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
956 p_ssp_key_notif->dev_class, BT_DEVICE_TYPE_BREDR);
958 bdcpy(bd_addr.address, p_ssp_key_notif->bd_addr);
959 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
961 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
962 pairing_cb.is_ssp = TRUE;
963 cod = devclass2uint(p_ssp_key_notif->dev_class);
966 ALOGD("cod is 0, set as unclassified");
967 cod = COD_UNCLASSIFIED;
970 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name,
971 cod, BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
972 p_ssp_key_notif->passkey);
974 /*******************************************************************************
976 ** Function btif_dm_auth_cmpl_evt
978 ** Description Executes authentication complete event in btif context
982 *******************************************************************************/
983 static void btif_dm_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
985 /* Save link key, if not temporary */
987 bt_status_t status = BT_STATUS_FAIL;
988 bt_bond_state_t state = BT_BOND_STATE_NONE;
989 BOOLEAN skip_sdp = FALSE;
991 bdcpy(bd_addr.address, p_auth_cmpl->bd_addr);
992 if ( (p_auth_cmpl->success == TRUE) && (p_auth_cmpl->key_present) )
994 if ((p_auth_cmpl->key_type < HCI_LKEY_TYPE_DEBUG_COMB) || (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB) ||
995 (p_auth_cmpl->key_type == HCI_LKEY_TYPE_CHANGED_COMB) || pairing_cb.bond_type == BOND_TYPE_PERSISTENT)
998 BTIF_TRACE_DEBUG("%s: Storing link key. key_type=0x%x, bond_type=%d",
999 __FUNCTION__, p_auth_cmpl->key_type, pairing_cb.bond_type);
1000 ret = btif_storage_add_bonded_device(&bd_addr,
1001 p_auth_cmpl->key, p_auth_cmpl->key_type,
1002 pairing_cb.pin_code_len);
1003 ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
1007 BTIF_TRACE_DEBUG("%s: Temporary key. Not storing. key_type=0x%x, bond_type=%d",
1008 __FUNCTION__, p_auth_cmpl->key_type, pairing_cb.bond_type);
1009 if(pairing_cb.bond_type == BOND_TYPE_TEMPORARY)
1011 BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
1013 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_NONE);
1019 // Skip SDP for certain HID Devices
1020 if (p_auth_cmpl->success)
1022 pairing_cb.timeout_retries = 0;
1023 status = BT_STATUS_SUCCESS;
1024 state = BT_BOND_STATE_BONDED;
1025 bdcpy(bd_addr.address, p_auth_cmpl->bd_addr);
1027 if (check_sdp_bl(&bd_addr) && check_cod_hid(&bd_addr, COD_HID_MAJOR))
1029 ALOGW("%s:skip SDP",
1033 if(!pairing_cb.is_local_initiated && skip_sdp)
1035 bond_state_changed(status, &bd_addr, state);
1037 ALOGW("%s: Incoming HID Connection",__FUNCTION__);
1039 bt_bdaddr_t bd_addr;
1041 char uuid_str[128] = UUID_HUMAN_INTERFACE_DEVICE;
1043 string_to_uuid(uuid_str, &uuid);
1045 prop.type = BT_PROPERTY_UUIDS;
1047 prop.len = MAX_UUID_SIZE;
1049 /* Send the event to the BTIF */
1050 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1051 BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1055 /* Trigger SDP on the device */
1056 pairing_cb.sdp_attempts = 1;;
1058 if(btif_dm_inquiry_in_progress)
1059 btif_dm_cancel_discovery();
1061 btif_dm_get_remote_services(&bd_addr);
1063 /* Do not call bond_state_changed_cb yet. Wait till fetch remote service is complete */
1067 /*Map the HCI fail reason to bt status */
1068 switch(p_auth_cmpl->fail_reason)
1070 case HCI_ERR_PAGE_TIMEOUT:
1071 if (blacklistPairingRetries(bd_addr.address) && pairing_cb.timeout_retries)
1073 BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...", __FUNCTION__, pairing_cb.timeout_retries);
1074 --pairing_cb.timeout_retries;
1075 btif_dm_cb_create_bond (&bd_addr, BTA_TRANSPORT_UNKNOWN);
1079 case HCI_ERR_CONNECTION_TOUT:
1080 status = BT_STATUS_RMT_DEV_DOWN;
1083 case HCI_ERR_PAIRING_NOT_ALLOWED:
1084 status = BT_STATUS_AUTH_REJECTED;
1087 case HCI_ERR_LMP_RESPONSE_TIMEOUT:
1088 status = BT_STATUS_AUTH_FAILURE;
1091 /* map the auth failure codes, so we can retry pairing if necessary */
1092 case HCI_ERR_AUTH_FAILURE:
1093 case HCI_ERR_KEY_MISSING:
1094 btif_storage_remove_bonded_device(&bd_addr);
1095 case HCI_ERR_HOST_REJECT_SECURITY:
1096 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
1097 case HCI_ERR_UNIT_KEY_USED:
1098 case HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED:
1099 case HCI_ERR_INSUFFCIENT_SECURITY:
1100 case HCI_ERR_PEER_USER:
1101 case HCI_ERR_UNSPECIFIED:
1102 BTIF_TRACE_DEBUG(" %s() Authentication fail reason %d",
1103 __FUNCTION__, p_auth_cmpl->fail_reason);
1104 if (pairing_cb.autopair_attempts == 1)
1106 BTIF_TRACE_DEBUG("%s(): Adding device to blacklist ", __FUNCTION__);
1108 /* Add the device to dynamic black list only if this device belongs to Audio/pointing dev class */
1109 if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
1110 check_cod(&bd_addr, COD_AV_HANDSFREE) ||
1111 check_cod(&bd_addr, COD_AV_HEADPHONES) ||
1112 check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
1113 check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
1114 check_cod(&bd_addr, COD_HID_POINTING))
1116 btif_storage_add_device_to_autopair_blacklist (&bd_addr);
1118 pairing_cb.autopair_attempts++;
1120 /* Create the Bond once again */
1121 BTIF_TRACE_DEBUG("%s() auto pair failed. Reinitiate Bond", __FUNCTION__);
1122 btif_dm_cb_create_bond (&bd_addr, BTA_TRANSPORT_UNKNOWN);
1127 /* if autopair attempts are more than 1, or not attempted */
1128 status = BT_STATUS_AUTH_FAILURE;
1133 status = BT_STATUS_FAIL;
1135 /* Special Handling for HID Devices */
1136 if (check_cod(&bd_addr, COD_HID_POINTING)) {
1137 /* Remove Device as bonded in nvram as authentication failed */
1138 BTIF_TRACE_DEBUG("%s(): removing hid pointing device from nvram", __FUNCTION__);
1139 btif_storage_remove_bonded_device(&bd_addr);
1141 bond_state_changed(status, &bd_addr, state);
1145 /******************************************************************************
1147 ** Function btif_dm_search_devices_evt
1149 ** Description Executes search devices callback events in btif context
1153 ******************************************************************************/
1154 static void btif_dm_search_devices_evt (UINT16 event, char *p_param)
1156 tBTA_DM_SEARCH *p_search_data;
1157 BTIF_TRACE_EVENT("%s event=%s", __FUNCTION__, dump_dm_search_event(event));
1161 case BTA_DM_DISC_RES_EVT:
1163 p_search_data = (tBTA_DM_SEARCH *)p_param;
1164 /* Remote name update */
1165 if (strlen((const char *) p_search_data->disc_res.bd_name))
1167 bt_property_t properties[1];
1171 properties[0].type = BT_PROPERTY_BDNAME;
1172 properties[0].val = p_search_data->disc_res.bd_name;
1173 properties[0].len = strlen((char *)p_search_data->disc_res.bd_name);
1174 bdcpy(bdaddr.address, p_search_data->disc_res.bd_addr);
1176 status = btif_storage_set_remote_device_property(&bdaddr, &properties[0]);
1177 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device property", status);
1178 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1179 status, &bdaddr, 1, properties);
1181 /* TODO: Services? */
1185 case BTA_DM_INQ_RES_EVT:
1187 /* inquiry result */
1189 UINT8 *p_eir_remote_name = NULL;
1192 UINT8 remote_name_len;
1193 UINT8 *p_cached_name = NULL;
1194 tBTA_SERVICE_MASK services = 0;
1197 p_search_data = (tBTA_DM_SEARCH *)p_param;
1198 bdcpy(bdaddr.address, p_search_data->inq_res.bd_addr);
1200 BTIF_TRACE_DEBUG("%s() %s device_type = 0x%x\n", __FUNCTION__, bd2str(&bdaddr, &bdstr),
1201 #if (BLE_INCLUDED == TRUE)
1202 p_search_data->inq_res.device_type);
1204 BT_DEVICE_TYPE_BREDR);
1208 cod = devclass2uint (p_search_data->inq_res.dev_class);
1211 ALOGD("cod is 0, set as unclassified");
1212 cod = COD_UNCLASSIFIED;
1215 if (!check_eir_remote_name(p_search_data, bdname.name, &remote_name_len))
1216 check_cached_remote_name(p_search_data, bdname.name, &remote_name_len);
1218 /* Check EIR for remote name and services */
1219 if (p_search_data->inq_res.p_eir)
1221 BTA_GetEirService(p_search_data->inq_res.p_eir, &services);
1222 BTIF_TRACE_DEBUG("%s()EIR BTA services = %08X", __FUNCTION__, (UINT32)services);
1223 /* TODO: Get the service list and check to see which uuids we got and send it back to the client. */
1228 bt_property_t properties[5];
1229 bt_device_type_t dev_type;
1231 uint32_t num_properties = 0;
1234 memset(properties, 0, sizeof(properties));
1236 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1237 BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr);
1240 /* Don't send BDNAME if it is empty */
1243 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1245 strlen((char *)bdname.name), &bdname);
1250 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1251 BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
1254 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1255 /* FixMe: Assumption is that bluetooth.h and BTE enums match */
1256 dev_type = p_search_data->inq_res.device_type;
1257 addr_type = p_search_data->inq_res.ble_addr_type;
1259 dev_type = BT_DEVICE_TYPE_BREDR;
1261 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1262 BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type), &dev_type);
1265 BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1266 BT_PROPERTY_REMOTE_RSSI, sizeof(int8_t),
1267 &(p_search_data->inq_res.rssi));
1270 status = btif_storage_add_remote_device(&bdaddr, num_properties, properties);
1271 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device (inquiry)", status);
1272 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1273 status = btif_storage_set_remote_addr_type(&bdaddr, addr_type);
1274 if (( dev_type == BT_DEVICE_TYPE_DUMO)&&
1275 (p_search_data->inq_res.flag & BTA_BLE_DMT_CONTROLLER_SPT) &&
1276 (p_search_data->inq_res.flag & BTA_BLE_DMT_HOST_SPT))
1278 btif_storage_set_dmt_support_type (&bdaddr, TRUE);
1280 ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote addr type (inquiry)", status);
1282 /* Callback to notify upper layer of device */
1283 HAL_CBACK(bt_hal_cbacks, device_found_cb,
1284 num_properties, properties);
1289 case BTA_DM_INQ_CMPL_EVT:
1291 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1292 tBTA_DM_BLE_PF_FILT_PARAMS adv_filt_param;
1293 memset(&adv_filt_param, 0, sizeof(tBTA_DM_BLE_PF_FILT_PARAMS));
1294 BTA_DmBleScanFilterSetup(BTA_DM_BLE_SCAN_COND_DELETE, 0, &adv_filt_param, NULL,
1295 bte_scan_filt_param_cfg_evt, 0);
1299 case BTA_DM_DISC_CMPL_EVT:
1301 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb, BT_DISCOVERY_STOPPED);
1304 case BTA_DM_SEARCH_CANCEL_CMPL_EVT:
1306 /* if inquiry is not in progress and we get a cancel event, then
1307 * it means we are done with inquiry, but remote_name fetches are in
1310 * if inquiry is in progress, then we don't want to act on this cancel_cmpl_evt
1311 * but instead wait for the cancel_cmpl_evt via the Busy Level
1314 if (btif_dm_inquiry_in_progress == FALSE)
1316 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb, BT_DISCOVERY_STOPPED);
1323 /*******************************************************************************
1325 ** Function btif_dm_search_services_evt
1327 ** Description Executes search services event in btif context
1331 *******************************************************************************/
1332 static void btif_dm_search_services_evt(UINT16 event, char *p_param)
1334 tBTA_DM_SEARCH *p_data = (tBTA_DM_SEARCH*)p_param;
1336 BTIF_TRACE_EVENT("%s: event = %d", __FUNCTION__, event);
1339 case BTA_DM_DISC_RES_EVT:
1341 bt_uuid_t uuid_arr[BT_MAX_NUM_UUIDS]; /* Max 32 services */
1343 uint32_t i = 0, j = 0;
1344 bt_bdaddr_t bd_addr;
1347 bdcpy(bd_addr.address, p_data->disc_res.bd_addr);
1349 BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __FUNCTION__,
1350 p_data->disc_res.result, p_data->disc_res.services);
1351 if ((p_data->disc_res.result != BTA_SUCCESS) &&
1352 (pairing_cb.state == BT_BOND_STATE_BONDING ) &&
1353 (pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING))
1355 BTIF_TRACE_WARNING("%s:SDP failed after bonding re-attempting", __FUNCTION__);
1356 pairing_cb.sdp_attempts++;
1357 btif_dm_get_remote_services(&bd_addr);
1360 prop.type = BT_PROPERTY_UUIDS;
1362 if ((p_data->disc_res.result == BTA_SUCCESS) && (p_data->disc_res.num_uuids > 0))
1364 prop.val = p_data->disc_res.p_uuid_list;
1365 prop.len = p_data->disc_res.num_uuids * MAX_UUID_SIZE;
1366 for (i=0; i < p_data->disc_res.num_uuids; i++)
1369 uuid_to_string((bt_uuid_t*)(p_data->disc_res.p_uuid_list + (i*MAX_UUID_SIZE)), temp);
1370 BTIF_TRACE_ERROR("Index: %d uuid:%s", i, temp);
1374 /* onUuidChanged requires getBondedDevices to be populated.
1375 ** bond_state_changed needs to be sent prior to remote_device_property
1377 if ((pairing_cb.state == BT_BOND_STATE_BONDING) &&
1378 (bdcmp(p_data->disc_res.bd_addr, pairing_cb.bd_addr) == 0)&&
1379 pairing_cb.sdp_attempts > 0)
1381 BTIF_TRACE_DEBUG("%s Remote Service SDP done. Call bond_state_changed_cb BONDED",
1383 pairing_cb.sdp_attempts = 0;
1384 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDED);
1387 if(p_data->disc_res.num_uuids != 0)
1389 /* Also write this to the NVRAM */
1390 ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1391 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1392 /* Send the event to the BTIF */
1393 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1394 BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1399 case BTA_DM_DISC_CMPL_EVT:
1403 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1404 case BTA_DM_DISC_BLE_RES_EVT:
1405 BTIF_TRACE_DEBUG("%s:, services 0x%x)", __FUNCTION__,
1406 p_data->disc_ble_res.service.uu.uuid16);
1410 if (p_data->disc_ble_res.service.uu.uuid16 == UUID_SERVCLASS_LE_HID)
1412 BTIF_TRACE_DEBUG("%s: Found HOGP UUID",__FUNCTION__);
1414 bt_bdaddr_t bd_addr;
1418 bta_gatt_convert_uuid16_to_uuid128(uuid.uu,p_data->disc_ble_res.service.uu.uuid16);
1422 unsigned char c = uuid.uu[j];
1423 uuid.uu[j] = uuid.uu[i];
1429 uuid_to_string(&uuid, temp);
1430 BTIF_TRACE_ERROR(" uuid:%s", temp);
1432 bdcpy(bd_addr.address, p_data->disc_ble_res.bd_addr);
1433 prop.type = BT_PROPERTY_UUIDS;
1435 prop.len = MAX_UUID_SIZE;
1437 /* Also write this to the NVRAM */
1438 ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1439 ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1441 /* Send the event to the BTIF */
1442 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1443 BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1447 #endif /* BLE_INCLUDED */
1451 ASSERTC(0, "unhandled search services event", event);
1457 /*******************************************************************************
1459 ** Function btif_dm_remote_service_record_evt
1461 ** Description Executes search service record event in btif context
1465 *******************************************************************************/
1466 static void btif_dm_remote_service_record_evt(UINT16 event, char *p_param)
1468 tBTA_DM_SEARCH *p_data = (tBTA_DM_SEARCH*)p_param;
1470 BTIF_TRACE_EVENT("%s: event = %d", __FUNCTION__, event);
1473 case BTA_DM_DISC_RES_EVT:
1475 bt_service_record_t rec;
1478 bt_bdaddr_t bd_addr;
1480 memset(&rec, 0, sizeof(bt_service_record_t));
1481 bdcpy(bd_addr.address, p_data->disc_res.bd_addr);
1483 BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __FUNCTION__,
1484 p_data->disc_res.result, p_data->disc_res.services);
1485 prop.type = BT_PROPERTY_SERVICE_RECORD;
1486 prop.val = (void*)&rec;
1487 prop.len = sizeof(rec);
1489 /* disc_res.result is overloaded with SCN. Cannot check result */
1490 p_data->disc_res.services &= ~BTA_USER_SERVICE_MASK;
1491 /* TODO: Get the UUID as well */
1492 rec.channel = p_data->disc_res.result - 3;
1493 /* TODO: Need to get the service name using p_raw_data */
1496 HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1497 BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1503 ASSERTC(0, "unhandled remote service record event", event);
1509 /*******************************************************************************
1511 ** Function btif_dm_upstreams_cback
1513 ** Description Executes UPSTREAMS events in btif context
1517 *******************************************************************************/
1518 static void btif_dm_upstreams_evt(UINT16 event, char* p_param)
1520 tBTA_DM_SEC_EVT dm_event = (tBTA_DM_SEC_EVT)event;
1521 tBTA_DM_SEC *p_data = (tBTA_DM_SEC*)p_param;
1522 tBTA_SERVICE_MASK service_mask;
1524 bt_bdaddr_t bd_addr;
1526 BTIF_TRACE_EVENT("btif_dm_upstreams_cback ev: %s", dump_dm_event(event));
1530 case BTA_DM_ENABLE_EVT:
1535 prop.type = BT_PROPERTY_BDNAME;
1536 prop.len = BD_NAME_LEN;
1537 prop.val = (void*)bdname;
1539 status = btif_storage_get_adapter_property(&prop);
1540 if (status == BT_STATUS_SUCCESS)
1542 /* A name exists in the storage. Make this the device name */
1543 BTA_DmSetDeviceName((char*)prop.val);
1547 /* Storage does not have a name yet.
1548 * Use the default name and write it to the chip
1550 BTA_DmSetDeviceName(btif_get_default_local_name());
1553 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1554 /* Enable local privacy */
1555 BTA_DmBleConfigLocalPrivacy(TRUE);
1558 /* for each of the enabled services in the mask, trigger the profile
1560 service_mask = btif_get_enabled_services_mask();
1561 for (i=0; i <= BTA_MAX_SERVICE_ID; i++)
1564 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i)))
1566 btif_in_execute_service_request(i, TRUE);
1569 /* clear control blocks */
1570 memset(&pairing_cb, 0, sizeof(btif_dm_pairing_cb_t));
1572 /* This function will also trigger the adapter_properties_cb
1573 ** and bonded_devices_info_cb
1575 btif_storage_load_bonded_devices();
1577 btif_storage_load_autopair_device_list();
1579 btif_enable_bluetooth_evt(p_data->enable.status, p_data->enable.bd_addr);
1583 case BTA_DM_DISABLE_EVT:
1584 /* for each of the enabled services in the mask, trigger the profile
1586 service_mask = btif_get_enabled_services_mask();
1587 for (i=0; i <= BTA_MAX_SERVICE_ID; i++)
1590 (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i)))
1592 btif_in_execute_service_request(i, FALSE);
1595 btif_disable_bluetooth_evt();
1598 case BTA_DM_PIN_REQ_EVT:
1599 btif_dm_pin_req_evt(&p_data->pin_req);
1602 case BTA_DM_AUTH_CMPL_EVT:
1603 btif_dm_auth_cmpl_evt(&p_data->auth_cmpl);
1606 case BTA_DM_BOND_CANCEL_CMPL_EVT:
1607 if (pairing_cb.state == BT_BOND_STATE_BONDING)
1609 bdcpy(bd_addr.address, pairing_cb.bd_addr);
1610 bond_state_changed(p_data->bond_cancel_cmpl.result, &bd_addr, BT_BOND_STATE_NONE);
1614 case BTA_DM_SP_CFM_REQ_EVT:
1615 btif_dm_ssp_cfm_req_evt(&p_data->cfm_req);
1617 case BTA_DM_SP_KEY_NOTIF_EVT:
1618 btif_dm_ssp_key_notif_evt(&p_data->key_notif);
1621 case BTA_DM_DEV_UNPAIRED_EVT:
1622 bdcpy(bd_addr.address, p_data->link_down.bd_addr);
1624 /*special handling for HID devices */
1625 #if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
1626 btif_hh_remove_device(bd_addr);
1628 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1629 btif_storage_remove_ble_bonding_keys(&bd_addr);
1631 btif_storage_remove_bonded_device(&bd_addr);
1632 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_NONE);
1635 case BTA_DM_BUSY_LEVEL_EVT:
1638 if (p_data->busy_level.level_flags & BTM_BL_INQUIRY_PAGING_MASK)
1640 if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_STARTED)
1642 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1643 BT_DISCOVERY_STARTED);
1644 btif_dm_inquiry_in_progress = TRUE;
1646 else if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_CANCELLED)
1648 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1649 BT_DISCOVERY_STOPPED);
1650 btif_dm_inquiry_in_progress = FALSE;
1652 else if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_COMPLETE)
1654 btif_dm_inquiry_in_progress = FALSE;
1659 case BTA_DM_LINK_UP_EVT:
1660 bdcpy(bd_addr.address, p_data->link_up.bd_addr);
1661 BTIF_TRACE_DEBUG("BTA_DM_LINK_UP_EVT. Sending BT_ACL_STATE_CONNECTED");
1663 btif_update_remote_version_property(&bd_addr);
1665 HAL_CBACK(bt_hal_cbacks, acl_state_changed_cb, BT_STATUS_SUCCESS,
1666 &bd_addr, BT_ACL_STATE_CONNECTED);
1669 case BTA_DM_LINK_DOWN_EVT:
1670 bdcpy(bd_addr.address, p_data->link_down.bd_addr);
1671 BTIF_TRACE_DEBUG("BTA_DM_LINK_DOWN_EVT. Sending BT_ACL_STATE_DISCONNECTED");
1672 HAL_CBACK(bt_hal_cbacks, acl_state_changed_cb, BT_STATUS_SUCCESS,
1673 &bd_addr, BT_ACL_STATE_DISCONNECTED);
1676 case BTA_DM_HW_ERROR_EVT:
1677 BTIF_TRACE_ERROR("Received H/W Error. ");
1678 /* Flush storage data */
1679 btif_config_flush();
1680 usleep(100000); /* 100milliseconds */
1681 /* Killing the process to force a restart as part of fault tolerance */
1682 kill(getpid(), SIGKILL);
1685 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1686 case BTA_DM_BLE_KEY_EVT:
1687 BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT key_type=0x%02x ", p_data->ble_key.key_type);
1689 /* If this pairing is by-product of local initiated GATT client Read or Write,
1690 BTA would not have sent BTA_DM_BLE_SEC_REQ_EVT event and Bond state would not
1691 have setup properly. Setup pairing_cb and notify App about Bonding state now*/
1692 if (pairing_cb.state != BT_BOND_STATE_BONDING)
1694 BTIF_TRACE_DEBUG("Bond state not sent to App so far.Notify the app now");
1695 bond_state_changed(BT_STATUS_SUCCESS, (bt_bdaddr_t*)p_data->ble_key.bd_addr,
1696 BT_BOND_STATE_BONDING);
1698 else if (memcmp (pairing_cb.bd_addr, p_data->ble_key.bd_addr, BD_ADDR_LEN)!=0)
1700 BTIF_TRACE_ERROR("BD mismatch discard BLE key_type=%d ",p_data->ble_key.key_type);
1704 switch (p_data->ble_key.key_type)
1706 case BTA_LE_KEY_PENC:
1707 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PENC");
1708 pairing_cb.ble.is_penc_key_rcvd = TRUE;
1709 memcpy(pairing_cb.ble.penc_key.ltk,p_data->ble_key.key_value.penc_key.ltk, 16);
1710 memcpy(pairing_cb.ble.penc_key.rand, p_data->ble_key.key_value.penc_key.rand,8);
1711 pairing_cb.ble.penc_key.ediv = p_data->ble_key.key_value.penc_key.ediv;
1712 pairing_cb.ble.penc_key.sec_level = p_data->ble_key.key_value.penc_key.sec_level;
1714 for (i=0; i<16; i++)
1716 BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.ltk[%d]=0x%02x",i,pairing_cb.ble.penc_key.ltk[i]);
1720 BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.rand[%d]=0x%02x",i,pairing_cb.ble.penc_key.rand[i]);
1722 BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.ediv=0x%04x",pairing_cb.ble.penc_key.ediv);
1723 BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.sec_level=0x%02x",pairing_cb.ble.penc_key.sec_level);
1724 BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.key_size=0x%02x",pairing_cb.ble.penc_key.key_size);
1727 case BTA_LE_KEY_PID:
1728 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PID");
1729 pairing_cb.ble.is_pid_key_rcvd = TRUE;
1730 pairing_cb.ble.pid_key.addr_type = p_data->ble_key.key_value.pid_key.addr_type;
1731 memcpy(pairing_cb.ble.pid_key.irk, p_data->ble_key.key_value.pid_key.irk, 16);
1732 memcpy(pairing_cb.ble.pid_key.static_addr,
1733 p_data->ble_key.key_value.pid_key.static_addr,BD_ADDR_LEN);
1734 for (i=0; i<16; i++)
1736 BTIF_TRACE_DEBUG("pairing_cb.ble.pid_key.irk[%d]=0x%02x"
1737 ,i,pairing_cb.ble.pid_key.irk[i]);
1739 for (i=0; i<BD_ADDR_LEN; i++)
1741 BTIF_TRACE_DEBUG("piaring_cb.ble.pid_address[%d] = %x"
1742 ,i, pairing_cb.ble.pid_key.static_addr[i]);
1746 case BTA_LE_KEY_PCSRK:
1747 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PCSRK");
1748 pairing_cb.ble.is_pcsrk_key_rcvd = TRUE;
1749 pairing_cb.ble.pcsrk_key.counter = p_data->ble_key.key_value.pcsrk_key.counter;
1750 pairing_cb.ble.pcsrk_key.sec_level = p_data->ble_key.key_value.pcsrk_key.sec_level;
1751 memcpy(pairing_cb.ble.pcsrk_key.csrk,p_data->ble_key.key_value.pcsrk_key.csrk,16);
1753 for (i=0; i<16; i++)
1755 BTIF_TRACE_DEBUG("pairing_cb.ble.pcsrk_key.csrk[%d]=0x%02x",i,pairing_cb.ble.pcsrk_key.csrk[i]);
1757 BTIF_TRACE_DEBUG("pairing_cb.ble.pcsrk_key.counter=0x%08x",pairing_cb.ble.pcsrk_key.counter);
1758 BTIF_TRACE_DEBUG("pairing_cb.ble.pcsrk_key.sec_level=0x%02x",pairing_cb.ble.pcsrk_key.sec_level);
1761 case BTA_LE_KEY_LENC:
1762 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LENC");
1763 pairing_cb.ble.is_lenc_key_rcvd = TRUE;
1764 pairing_cb.ble.lenc_key.div = p_data->ble_key.key_value.lenc_key.div;
1765 pairing_cb.ble.lenc_key.key_size = p_data->ble_key.key_value.lenc_key.key_size;
1766 pairing_cb.ble.lenc_key.sec_level = p_data->ble_key.key_value.lenc_key.sec_level;
1768 BTIF_TRACE_DEBUG("pairing_cb.ble.lenc_key.div=0x%04x",pairing_cb.ble.lenc_key.div);
1769 BTIF_TRACE_DEBUG("pairing_cb.ble.lenc_key.key_size=0x%02x",pairing_cb.ble.lenc_key.key_size);
1770 BTIF_TRACE_DEBUG("pairing_cb.ble.lenc_key.sec_level=0x%02x",pairing_cb.ble.lenc_key.sec_level);
1775 case BTA_LE_KEY_LCSRK:
1776 BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LCSRK");
1777 pairing_cb.ble.is_lcsrk_key_rcvd = TRUE;
1778 pairing_cb.ble.lcsrk_key.counter = p_data->ble_key.key_value.lcsrk_key.counter;
1779 pairing_cb.ble.lcsrk_key.div = p_data->ble_key.key_value.lcsrk_key.div;
1780 pairing_cb.ble.lcsrk_key.sec_level = p_data->ble_key.key_value.lcsrk_key.sec_level;
1782 BTIF_TRACE_DEBUG("pairing_cb.ble.lcsrk_key.div=0x%04x",pairing_cb.ble.lcsrk_key.div);
1783 BTIF_TRACE_DEBUG("pairing_cb.ble.lcsrk_key.counter=0x%08x",pairing_cb.ble.lcsrk_key.counter);
1784 BTIF_TRACE_DEBUG("pairing_cb.ble.lcsrk_key.sec_level=0x%02x",pairing_cb.ble.lcsrk_key.sec_level);
1789 BTIF_TRACE_ERROR("unknown BLE key type (0x%02x)", p_data->ble_key.key_type);
1794 case BTA_DM_BLE_SEC_REQ_EVT:
1795 BTIF_TRACE_DEBUG("BTA_DM_BLE_SEC_REQ_EVT. ");
1796 btif_dm_ble_sec_req_evt(&p_data->ble_req);
1798 case BTA_DM_BLE_PASSKEY_NOTIF_EVT:
1799 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_NOTIF_EVT. ");
1800 btif_dm_ble_key_notif_evt(&p_data->key_notif);
1802 case BTA_DM_BLE_PASSKEY_REQ_EVT:
1803 BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1804 btif_dm_ble_passkey_req_evt(&p_data->pin_req);
1806 case BTA_DM_BLE_OOB_REQ_EVT:
1807 BTIF_TRACE_DEBUG("BTA_DM_BLE_OOB_REQ_EVT. ");
1809 case BTA_DM_BLE_LOCAL_IR_EVT:
1810 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_IR_EVT. ");
1811 ble_local_key_cb.is_id_keys_rcvd = TRUE;
1812 memcpy(&ble_local_key_cb.id_keys.irk[0], &p_data->ble_id_keys.irk[0], sizeof(BT_OCTET16));
1813 memcpy(&ble_local_key_cb.id_keys.ir[0], &p_data->ble_id_keys.ir[0], sizeof(BT_OCTET16));
1814 memcpy(&ble_local_key_cb.id_keys.dhk[0], &p_data->ble_id_keys.dhk[0], sizeof(BT_OCTET16));
1815 btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.id_keys.irk[0],
1816 BTIF_DM_LE_LOCAL_KEY_IR,
1818 btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.id_keys.ir[0],
1819 BTIF_DM_LE_LOCAL_KEY_IRK,
1821 btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.id_keys.dhk[0],
1822 BTIF_DM_LE_LOCAL_KEY_DHK,
1825 case BTA_DM_BLE_LOCAL_ER_EVT:
1826 BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_ER_EVT. ");
1827 ble_local_key_cb.is_er_rcvd = TRUE;
1828 memcpy(&ble_local_key_cb.er[0], &p_data->ble_er[0], sizeof(BT_OCTET16));
1829 btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.er[0],
1830 BTIF_DM_LE_LOCAL_KEY_ER,
1834 case BTA_DM_BLE_AUTH_CMPL_EVT:
1835 BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT. ");
1836 btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl);
1839 case BTA_DM_LE_FEATURES_READ:
1841 tBTM_BLE_VSC_CB cmn_vsc_cb;
1842 bt_local_le_features_t local_le_features;
1845 prop.type = BT_PROPERTY_LOCAL_LE_FEATURES;
1846 prop.val = (void*)buf;
1847 prop.len = sizeof(buf);
1849 /* LE features are not stored in storage. Should be retrived from stack */
1850 BTM_BleGetVendorCapabilities(&cmn_vsc_cb);
1851 local_le_features.local_privacy_enabled = BTM_BleLocalPrivacyEnabled();
1853 prop.len = sizeof (bt_local_le_features_t);
1854 if (cmn_vsc_cb.filter_support == 1)
1855 local_le_features.max_adv_filter_supported = cmn_vsc_cb.max_filter;
1857 local_le_features.max_adv_filter_supported = 0;
1858 local_le_features.max_adv_instance = cmn_vsc_cb.adv_inst_max;
1859 local_le_features.max_irk_list_size = cmn_vsc_cb.max_irk_list_sz;
1860 local_le_features.rpa_offload_supported = cmn_vsc_cb.rpa_offloading;
1861 local_le_features.scan_result_storage_size_hibyte =
1862 (cmn_vsc_cb.tot_scan_results_strg >> 8) & (0xFF);
1863 local_le_features.scan_result_storage_size_lobyte =
1864 (cmn_vsc_cb.tot_scan_results_strg) & (0xFF);
1865 local_le_features.activity_energy_info_supported = cmn_vsc_cb.energy_support;
1866 memcpy(prop.val, &local_le_features, prop.len);
1867 HAL_CBACK(bt_hal_cbacks, adapter_properties_cb, BT_STATUS_SUCCESS, 1, &prop);
1871 case BTA_DM_ENER_INFO_READ:
1873 btif_activity_energy_info_cb_t *p_ener_data = (btif_activity_energy_info_cb_t*) p_param;
1874 bt_activity_energy_info energy_info;
1875 energy_info.status = p_ener_data->status;
1876 energy_info.ctrl_state = p_ener_data->ctrl_state;
1877 energy_info.rx_time = p_ener_data->rx_time;
1878 energy_info.tx_time = p_ener_data->tx_time;
1879 energy_info.idle_time = p_ener_data->idle_time;
1880 energy_info.energy_used = p_ener_data->energy_used;
1881 HAL_CBACK(bt_hal_cbacks, energy_info_cb, &energy_info);
1886 case BTA_DM_AUTHORIZE_EVT:
1887 case BTA_DM_SIG_STRENGTH_EVT:
1888 case BTA_DM_SP_RMT_OOB_EVT:
1889 case BTA_DM_SP_KEYPRESS_EVT:
1890 case BTA_DM_ROLE_CHG_EVT:
1893 BTIF_TRACE_WARNING( "btif_dm_cback : unhandled event (%d)", event );
1896 } /* btui_security_cback() */
1899 /*******************************************************************************
1901 ** Function btif_dm_generic_evt
1903 ** Description Executes non-BTA upstream events in BTIF context
1907 *******************************************************************************/
1908 static void btif_dm_generic_evt(UINT16 event, char* p_param)
1910 BTIF_TRACE_EVENT("%s: event=%d", __FUNCTION__, event);
1913 case BTIF_DM_CB_DISCOVERY_STARTED:
1915 HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb, BT_DISCOVERY_STARTED);
1919 case BTIF_DM_CB_CREATE_BOND:
1921 pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
1922 btif_dm_create_bond_cb_t *create_bond_cb = (btif_dm_create_bond_cb_t*)p_param;
1923 btif_dm_cb_create_bond(&create_bond_cb->bdaddr, create_bond_cb->transport);
1927 case BTIF_DM_CB_REMOVE_BOND:
1929 btif_dm_cb_remove_bond((bt_bdaddr_t *)p_param);
1933 case BTIF_DM_CB_HID_REMOTE_NAME:
1935 btif_dm_cb_hid_remote_name((tBTM_REMOTE_DEV_NAME *)p_param);
1939 case BTIF_DM_CB_BOND_STATE_BONDING:
1941 bond_state_changed(BT_STATUS_SUCCESS, (bt_bdaddr_t *)p_param, BT_BOND_STATE_BONDING);
1944 case BTIF_DM_CB_LE_TX_TEST:
1945 case BTIF_DM_CB_LE_RX_TEST:
1948 STREAM_TO_UINT8(status, p_param);
1949 HAL_CBACK(bt_hal_cbacks, le_test_mode_cb,
1950 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
1953 case BTIF_DM_CB_LE_TEST_END:
1957 STREAM_TO_UINT8(status, p_param);
1959 STREAM_TO_UINT16(count, p_param);
1960 HAL_CBACK(bt_hal_cbacks, le_test_mode_cb,
1961 (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, count);
1966 BTIF_TRACE_WARNING("%s : Unknown event 0x%x", __FUNCTION__, event);
1972 /*******************************************************************************
1974 ** Function bte_dm_evt
1976 ** Description Switches context from BTE to BTIF for all DM events
1980 *******************************************************************************/
1982 void bte_dm_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC *p_data)
1986 /* switch context to btif task context (copy full union size for convenience) */
1987 status = btif_transfer_context(btif_dm_upstreams_evt, (uint16_t)event, (void*)p_data, sizeof(tBTA_DM_SEC), NULL);
1989 /* catch any failed context transfers */
1990 ASSERTC(status == BT_STATUS_SUCCESS, "context transfer failed", status);
1993 /*******************************************************************************
1995 ** Function bte_search_devices_evt
1997 ** Description Switches context from BTE to BTIF for DM search events
2001 *******************************************************************************/
2002 static void bte_search_devices_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
2004 UINT16 param_len = 0;
2007 param_len += sizeof(tBTA_DM_SEARCH);
2008 /* Allocate buffer to hold the pointers (deep copy). The pointers will point to the end of the tBTA_DM_SEARCH */
2011 case BTA_DM_INQ_RES_EVT:
2013 if (p_data->inq_res.p_eir)
2014 param_len += HCI_EXT_INQ_RESPONSE_LEN;
2018 case BTA_DM_DISC_RES_EVT:
2020 if (p_data->disc_res.raw_data_size && p_data->disc_res.p_raw_data)
2021 param_len += p_data->disc_res.raw_data_size;
2025 BTIF_TRACE_DEBUG("%s event=%s param_len=%d", __FUNCTION__, dump_dm_search_event(event), param_len);
2027 /* if remote name is available in EIR, set teh flag so that stack doesnt trigger RNR */
2028 if (event == BTA_DM_INQ_RES_EVT)
2029 p_data->inq_res.remt_name_not_required = check_eir_remote_name(p_data, NULL, NULL);
2031 btif_transfer_context (btif_dm_search_devices_evt , (UINT16) event, (void *)p_data, param_len,
2032 (param_len > sizeof(tBTA_DM_SEARCH)) ? search_devices_copy_cb : NULL);
2035 /*******************************************************************************
2037 ** Function bte_dm_search_services_evt
2039 ** Description Switches context from BTE to BTIF for DM search services
2044 *******************************************************************************/
2045 static void bte_dm_search_services_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
2047 UINT16 param_len = 0;
2049 param_len += sizeof(tBTA_DM_SEARCH);
2052 case BTA_DM_DISC_RES_EVT:
2054 if ((p_data->disc_res.result == BTA_SUCCESS) && (p_data->disc_res.num_uuids > 0)) {
2055 param_len += (p_data->disc_res.num_uuids * MAX_UUID_SIZE);
2059 /* TODO: The only other member that needs a deep copy is the p_raw_data. But not sure
2060 * if raw_data is needed. */
2061 btif_transfer_context(btif_dm_search_services_evt, event, (char*)p_data, param_len,
2062 (param_len > sizeof(tBTA_DM_SEARCH)) ? search_services_copy_cb : NULL);
2065 /*******************************************************************************
2067 ** Function bte_dm_remote_service_record_evt
2069 ** Description Switches context from BTE to BTIF for DM search service
2074 *******************************************************************************/
2075 static void bte_dm_remote_service_record_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
2077 /* TODO: The only member that needs a deep copy is the p_raw_data. But not sure yet if this is needed. */
2078 btif_transfer_context(btif_dm_remote_service_record_evt, event, (char*)p_data, sizeof(tBTA_DM_SEARCH), NULL);
2081 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2082 /*******************************************************************************
2084 ** Function bta_energy_info_cb
2086 ** Description Switches context from BTE to BTIF for DM energy info event
2090 *******************************************************************************/
2091 static void bta_energy_info_cb(tBTA_DM_BLE_TX_TIME_MS tx_time, tBTA_DM_BLE_RX_TIME_MS rx_time,
2092 tBTA_DM_BLE_IDLE_TIME_MS idle_time,
2093 tBTA_DM_BLE_ENERGY_USED energy_used,
2094 tBTA_DM_CONTRL_STATE ctrl_state, tBTA_STATUS status)
2096 BTIF_TRACE_DEBUG("energy_info_cb-Status:%d,state=%d,tx_t=%ld, rx_t=%ld, idle_time=%ld,used=%ld",
2097 status, ctrl_state, tx_time, rx_time, idle_time, energy_used);
2099 btif_activity_energy_info_cb_t btif_cb;
2100 btif_cb.status = status;
2101 btif_cb.ctrl_state = ctrl_state;
2102 btif_cb.tx_time = (uint64_t) tx_time;
2103 btif_cb.rx_time = (uint64_t) rx_time;
2104 btif_cb.idle_time =(uint64_t) idle_time;
2105 btif_cb.energy_used =(uint64_t) energy_used;
2106 btif_transfer_context(btif_dm_upstreams_evt, BTA_DM_ENER_INFO_READ,
2107 (char*) &btif_cb, sizeof(btif_activity_energy_info_cb_t), NULL);
2111 /*******************************************************************************
2113 ** Function bte_scan_filt_param_cfg_evt
2115 ** Description Scan filter param config event
2119 *******************************************************************************/
2120 static void bte_scan_filt_param_cfg_evt(UINT8 action_type,
2121 tBTA_DM_BLE_PF_AVBL_SPACE avbl_space,
2122 tBTA_DM_BLE_REF_VALUE ref_value, tBTA_STATUS status)
2124 /* This event occurs on calling BTA_DmBleCfgFilterCondition internally,
2125 ** and that is why there is no HAL callback
2127 if(BTA_SUCCESS != status)
2129 BTIF_TRACE_ERROR("%s, %d", __FUNCTION__, status);
2133 BTIF_TRACE_DEBUG("%s", __FUNCTION__);
2137 /*****************************************************************************
2139 ** btif api functions (no context switch)
2141 *****************************************************************************/
2143 /*******************************************************************************
2145 ** Function btif_dm_start_discovery
2147 ** Description Start device discovery/inquiry
2149 ** Returns bt_status_t
2151 *******************************************************************************/
2152 bt_status_t btif_dm_start_discovery(void)
2154 tBTA_DM_INQ inq_params;
2155 tBTA_SERVICE_MASK services = 0;
2156 tBTA_DM_BLE_PF_FILT_PARAMS adv_filt_param;
2158 BTIF_TRACE_EVENT("%s", __FUNCTION__);
2160 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2161 memset(&adv_filt_param, 0, sizeof(tBTA_DM_BLE_PF_FILT_PARAMS));
2162 /* Cleanup anything remaining on index 0 */
2163 BTA_DmBleScanFilterSetup(BTA_DM_BLE_SCAN_COND_DELETE, 0, &adv_filt_param, NULL,
2164 bte_scan_filt_param_cfg_evt, 0);
2166 /* Add an allow-all filter on index 0*/
2167 adv_filt_param.dely_mode = IMMEDIATE_DELY_MODE;
2168 adv_filt_param.feat_seln = ALLOW_ALL_FILTER;
2169 adv_filt_param.filt_logic_type = BTA_DM_BLE_PF_FILT_LOGIC_OR;
2170 adv_filt_param.list_logic_type = BTA_DM_BLE_PF_LIST_LOGIC_OR;
2171 adv_filt_param.rssi_low_thres = LOWEST_RSSI_VALUE;
2172 adv_filt_param.rssi_high_thres = LOWEST_RSSI_VALUE;
2173 BTA_DmBleScanFilterSetup(BTA_DM_BLE_SCAN_COND_ADD, 0, &adv_filt_param, NULL,
2174 bte_scan_filt_param_cfg_evt, 0);
2176 /* TODO: Do we need to handle multiple inquiries at the same time? */
2178 /* Set inquiry params and call API */
2179 inq_params.mode = BTA_DM_GENERAL_INQUIRY|BTA_BLE_GENERAL_INQUIRY;
2180 #if (defined(BTA_HOST_INTERLEAVE_SEARCH) && BTA_HOST_INTERLEAVE_SEARCH == TRUE)
2181 inq_params.intl_duration[0]= BTIF_DM_INTERLEAVE_DURATION_BR_ONE;
2182 inq_params.intl_duration[1]= BTIF_DM_INTERLEAVE_DURATION_LE_ONE;
2183 inq_params.intl_duration[2]= BTIF_DM_INTERLEAVE_DURATION_BR_TWO;
2184 inq_params.intl_duration[3]= BTIF_DM_INTERLEAVE_DURATION_LE_TWO;
2187 inq_params.mode = BTA_DM_GENERAL_INQUIRY;
2189 inq_params.duration = BTIF_DM_DEFAULT_INQ_MAX_DURATION;
2191 inq_params.max_resps = BTIF_DM_DEFAULT_INQ_MAX_RESULTS;
2192 inq_params.report_dup = TRUE;
2194 inq_params.filter_type = BTA_DM_INQ_CLR;
2195 /* TODO: Filter device by BDA needs to be implemented here */
2197 /* Will be enabled to TRUE once inquiry busy level has been received */
2198 btif_dm_inquiry_in_progress = FALSE;
2199 /* find nearby devices */
2200 BTA_DmSearch(&inq_params, services, bte_search_devices_evt);
2202 return BT_STATUS_SUCCESS;
2205 /*******************************************************************************
2207 ** Function btif_dm_cancel_discovery
2209 ** Description Cancels search
2211 ** Returns bt_status_t
2213 *******************************************************************************/
2214 bt_status_t btif_dm_cancel_discovery(void)
2216 BTIF_TRACE_EVENT("%s", __FUNCTION__);
2217 BTA_DmSearchCancel();
2218 return BT_STATUS_SUCCESS;
2221 /*******************************************************************************
2223 ** Function btif_dm_create_bond
2225 ** Description Initiate bonding with the specified device
2227 ** Returns bt_status_t
2229 *******************************************************************************/
2230 bt_status_t btif_dm_create_bond(const bt_bdaddr_t *bd_addr, int transport)
2232 btif_dm_create_bond_cb_t create_bond_cb;
2233 create_bond_cb.transport = transport;
2234 bdcpy(create_bond_cb.bdaddr.address, bd_addr->address);
2237 BTIF_TRACE_EVENT("%s: bd_addr=%s, transport=%d", __FUNCTION__,
2238 bd2str((bt_bdaddr_t *) bd_addr, &bdstr), transport);
2239 if (pairing_cb.state != BT_BOND_STATE_NONE)
2240 return BT_STATUS_BUSY;
2242 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_CREATE_BOND,
2243 (char *)&create_bond_cb, sizeof(btif_dm_create_bond_cb_t), NULL);
2245 return BT_STATUS_SUCCESS;
2248 /*******************************************************************************
2250 ** Function btif_dm_cancel_bond
2252 ** Description Initiate bonding with the specified device
2254 ** Returns bt_status_t
2256 *******************************************************************************/
2258 bt_status_t btif_dm_cancel_bond(const bt_bdaddr_t *bd_addr)
2262 BTIF_TRACE_EVENT("%s: bd_addr=%s", __FUNCTION__, bd2str((bt_bdaddr_t *)bd_addr, &bdstr));
2265 ** 1. Restore scan modes
2266 ** 2. special handling for HID devices
2268 if (pairing_cb.state == BT_BOND_STATE_BONDING)
2271 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2273 if (pairing_cb.is_ssp)
2275 if (pairing_cb.is_le_only)
2277 BTA_DmBleSecurityGrant((UINT8 *)bd_addr->address,BTA_DM_SEC_PAIR_NOT_SPT);
2281 BTA_DmConfirm( (UINT8 *)bd_addr->address, FALSE);
2282 BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2283 btif_storage_remove_bonded_device((bt_bdaddr_t *)bd_addr);
2288 if (pairing_cb.is_le_only)
2290 BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2294 BTA_DmPinReply( (UINT8 *)bd_addr->address, FALSE, 0, NULL);
2296 /* Cancel bonding, in case it is in ACL connection setup state */
2297 BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2301 if (pairing_cb.is_ssp)
2303 BTA_DmConfirm( (UINT8 *)bd_addr->address, FALSE);
2307 BTA_DmPinReply( (UINT8 *)bd_addr->address, FALSE, 0, NULL);
2309 /* Cancel bonding, in case it is in ACL connection setup state */
2310 BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2311 btif_storage_remove_bonded_device((bt_bdaddr_t *)bd_addr);
2315 return BT_STATUS_SUCCESS;
2318 /*******************************************************************************
2320 ** Function btif_dm_hh_open_failed
2322 ** Description informs the upper layers if the HH have failed during bonding
2326 *******************************************************************************/
2328 void btif_dm_hh_open_failed(bt_bdaddr_t *bdaddr)
2330 if (pairing_cb.state == BT_BOND_STATE_BONDING &&
2331 bdcmp(bdaddr->address, pairing_cb.bd_addr) == 0)
2333 bond_state_changed(BT_STATUS_FAIL, bdaddr, BT_BOND_STATE_NONE);
2337 /*******************************************************************************
2339 ** Function btif_dm_remove_bond
2341 ** Description Removes bonding with the specified device
2343 ** Returns bt_status_t
2345 *******************************************************************************/
2347 bt_status_t btif_dm_remove_bond(const bt_bdaddr_t *bd_addr)
2351 BTIF_TRACE_EVENT("%s: bd_addr=%s", __FUNCTION__, bd2str((bt_bdaddr_t *)bd_addr, &bdstr));
2352 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_REMOVE_BOND,
2353 (char *)bd_addr, sizeof(bt_bdaddr_t), NULL);
2355 return BT_STATUS_SUCCESS;
2358 /*******************************************************************************
2360 ** Function btif_dm_pin_reply
2362 ** Description BT legacy pairing - PIN code reply
2364 ** Returns bt_status_t
2366 *******************************************************************************/
2368 bt_status_t btif_dm_pin_reply( const bt_bdaddr_t *bd_addr, uint8_t accept,
2369 uint8_t pin_len, bt_pin_code_t *pin_code)
2371 BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
2372 if (pin_code == NULL)
2373 return BT_STATUS_FAIL;
2374 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2376 if (pairing_cb.is_le_only)
2380 int multi[] = {100000, 10000, 1000, 100, 10,1};
2381 BD_ADDR remote_bd_addr;
2382 bdcpy(remote_bd_addr, bd_addr->address);
2383 for (i = 0; i < 6; i++)
2385 passkey += (multi[i] * (pin_code->pin[i] - '0'));
2387 BTIF_TRACE_DEBUG("btif_dm_pin_reply: passkey: %d", passkey);
2388 BTA_DmBlePasskeyReply(remote_bd_addr, accept, passkey);
2393 BTA_DmPinReply( (UINT8 *)bd_addr->address, accept, pin_len, pin_code->pin);
2395 pairing_cb.pin_code_len = pin_len;
2398 BTA_DmPinReply( (UINT8 *)bd_addr->address, accept, pin_len, pin_code->pin);
2401 pairing_cb.pin_code_len = pin_len;
2403 return BT_STATUS_SUCCESS;
2406 /*******************************************************************************
2408 ** Function btif_dm_ssp_reply
2410 ** Description BT SSP Reply - Just Works, Numeric Comparison & Passkey Entry
2412 ** Returns bt_status_t
2414 *******************************************************************************/
2415 bt_status_t btif_dm_ssp_reply(const bt_bdaddr_t *bd_addr,
2416 bt_ssp_variant_t variant, uint8_t accept,
2421 if (variant == BT_SSP_VARIANT_PASSKEY_ENTRY)
2423 /* This is not implemented in the stack.
2424 * For devices with display, this is not needed
2426 BTIF_TRACE_WARNING("%s: Not implemented", __FUNCTION__);
2427 return BT_STATUS_FAIL;
2429 /* BT_SSP_VARIANT_CONSENT & BT_SSP_VARIANT_PASSKEY_CONFIRMATION supported */
2430 BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
2431 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2432 if (pairing_cb.is_le_only)
2435 BTA_DmBleSecurityGrant((UINT8 *)bd_addr->address,BTA_DM_SEC_GRANTED);
2437 BTA_DmBleSecurityGrant((UINT8 *)bd_addr->address,BTA_DM_SEC_PAIR_NOT_SPT);
2440 BTA_DmConfirm( (UINT8 *)bd_addr->address, accept);
2443 BTA_DmConfirm( (UINT8 *)bd_addr->address, accept);
2445 return BT_STATUS_SUCCESS;
2448 /*******************************************************************************
2450 ** Function btif_dm_get_adapter_property
2452 ** Description Queries the BTA for the adapter property
2454 ** Returns bt_status_t
2456 *******************************************************************************/
2457 bt_status_t btif_dm_get_adapter_property(bt_property_t *prop)
2461 BTIF_TRACE_EVENT("%s: type=0x%x", __FUNCTION__, prop->type);
2464 case BT_PROPERTY_BDNAME:
2466 bt_bdname_t *bd_name = (bt_bdname_t*)prop->val;
2467 strcpy((char *)bd_name->name, btif_get_default_local_name());
2468 prop->len = strlen((char *)bd_name->name);
2472 case BT_PROPERTY_ADAPTER_SCAN_MODE:
2474 /* if the storage does not have it. Most likely app never set it. Default is NONE */
2475 bt_scan_mode_t *mode = (bt_scan_mode_t*)prop->val;
2476 *mode = BT_SCAN_MODE_NONE;
2477 prop->len = sizeof(bt_scan_mode_t);
2481 case BT_PROPERTY_ADAPTER_DISCOVERY_TIMEOUT:
2483 uint32_t *tmt = (uint32_t*)prop->val;
2484 *tmt = 120; /* default to 120s, if not found in NV */
2485 prop->len = sizeof(uint32_t);
2491 return BT_STATUS_FAIL;
2493 return BT_STATUS_SUCCESS;
2496 /*******************************************************************************
2498 ** Function btif_dm_get_remote_services
2500 ** Description Start SDP to get remote services
2502 ** Returns bt_status_t
2504 *******************************************************************************/
2505 bt_status_t btif_dm_get_remote_services(bt_bdaddr_t *remote_addr)
2509 BTIF_TRACE_EVENT("%s: remote_addr=%s", __FUNCTION__, bd2str(remote_addr, &bdstr));
2511 BTA_DmDiscover(remote_addr->address, BTA_ALL_SERVICE_MASK,
2512 bte_dm_search_services_evt, TRUE);
2514 return BT_STATUS_SUCCESS;
2517 /*******************************************************************************
2519 ** Function btif_dm_get_remote_service_record
2521 ** Description Start SDP to get remote service record
2524 ** Returns bt_status_t
2525 *******************************************************************************/
2526 bt_status_t btif_dm_get_remote_service_record(bt_bdaddr_t *remote_addr,
2532 BTIF_TRACE_EVENT("%s: remote_addr=%s", __FUNCTION__, bd2str(remote_addr, &bdstr));
2534 sdp_uuid.len = MAX_UUID_SIZE;
2535 memcpy(sdp_uuid.uu.uuid128, uuid->uu, MAX_UUID_SIZE);
2537 BTA_DmDiscoverUUID(remote_addr->address, &sdp_uuid,
2538 bte_dm_remote_service_record_evt, TRUE);
2540 return BT_STATUS_SUCCESS;
2543 void btif_dm_execute_service_request(UINT16 event, char *p_param)
2545 BOOLEAN b_enable = FALSE;
2547 if (event == BTIF_DM_ENABLE_SERVICE)
2551 status = btif_in_execute_service_request(*((tBTA_SERVICE_ID*)p_param), b_enable);
2552 if (status == BT_STATUS_SUCCESS)
2554 bt_property_t property;
2555 bt_uuid_t local_uuids[BT_MAX_NUM_UUIDS];
2557 /* Now send the UUID_PROPERTY_CHANGED event to the upper layer */
2558 BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_UUIDS,
2559 sizeof(local_uuids), local_uuids);
2560 btif_storage_get_adapter_property(&property);
2561 HAL_CBACK(bt_hal_cbacks, adapter_properties_cb,
2562 BT_STATUS_SUCCESS, 1, &property);
2567 void btif_dm_proc_io_req(BD_ADDR bd_addr, tBTA_IO_CAP *p_io_cap, tBTA_OOB_DATA *p_oob_data,
2568 tBTA_AUTH_REQ *p_auth_req, BOOLEAN is_orig)
2570 UINT8 yes_no_bit = BTA_AUTH_SP_YES & *p_auth_req;
2571 /* if local initiated:
2573 ** if remote initiated:
2574 ** 1. Copy over the auth_req from peer's io_rsp
2575 ** 2. Set the MITM if peer has it set or if peer has DisplayYesNo (iPhone)
2576 ** as a fallback set MITM+GB if peer had MITM set
2580 UNUSED (p_oob_data);
2583 BTIF_TRACE_DEBUG("+%s: p_auth_req=%d", __FUNCTION__, *p_auth_req);
2584 if(pairing_cb.is_local_initiated)
2586 /* if initing/responding to a dedicated bonding, use dedicate bonding bit */
2587 *p_auth_req = BTA_AUTH_DD_BOND | BTA_AUTH_SP_YES;
2591 /* peer initiated paring. They probably know what they want.
2592 ** Copy the mitm from peer device.
2594 BTIF_TRACE_DEBUG("%s: setting p_auth_req to peer's: %d",
2595 __FUNCTION__, pairing_cb.auth_req);
2596 *p_auth_req = (pairing_cb.auth_req & BTA_AUTH_BONDS);
2598 /* copy over the MITM bit as well. In addition if the peer has DisplayYesNo, force MITM */
2599 if ((yes_no_bit) || (pairing_cb.io_cap & BTM_IO_CAP_IO) )
2600 *p_auth_req |= BTA_AUTH_SP_YES;
2602 else if (yes_no_bit)
2604 /* set the general bonding bit for stored device */
2605 *p_auth_req = BTA_AUTH_GEN_BOND | yes_no_bit;
2607 BTIF_TRACE_DEBUG("-%s: p_auth_req=%d", __FUNCTION__, *p_auth_req);
2610 void btif_dm_proc_io_rsp(BD_ADDR bd_addr, tBTA_IO_CAP io_cap,
2611 tBTA_OOB_DATA oob_data, tBTA_AUTH_REQ auth_req)
2616 if(auth_req & BTA_AUTH_BONDS)
2618 BTIF_TRACE_DEBUG("%s auth_req:%d", __FUNCTION__, auth_req);
2619 pairing_cb.auth_req = auth_req;
2620 pairing_cb.io_cap = io_cap;
2624 #if (BTM_OOB_INCLUDED == TRUE)
2625 void btif_dm_set_oob_for_io_req(tBTA_OOB_DATA *p_oob_data)
2627 if (oob_cb.sp_c[0] == 0 && oob_cb.sp_c[1] == 0 &&
2628 oob_cb.sp_c[2] == 0 && oob_cb.sp_c[3] == 0 )
2630 *p_oob_data = FALSE;
2636 BTIF_TRACE_DEBUG("btif_dm_set_oob_for_io_req *p_oob_data=%d", *p_oob_data);
2638 #endif /* BTM_OOB_INCLUDED */
2640 #ifdef BTIF_DM_OOB_TEST
2641 void btif_dm_load_local_oob(void)
2643 char prop_oob[PROPERTY_VALUE_MAX];
2644 property_get("service.brcm.bt.oob", prop_oob, "3");
2645 BTIF_TRACE_DEBUG("btif_dm_load_local_oob prop_oob = %s",prop_oob);
2646 if (prop_oob[0] != '3')
2648 #if (BTM_OOB_INCLUDED == TRUE)
2649 if (oob_cb.sp_c[0] == 0 && oob_cb.sp_c[1] == 0 &&
2650 oob_cb.sp_c[2] == 0 && oob_cb.sp_c[3] == 0 )
2652 BTIF_TRACE_DEBUG("btif_dm_load_local_oob: read OOB, call BTA_DmLocalOob()");
2656 BTIF_TRACE_ERROR("BTM_OOB_INCLUDED is FALSE!!(btif_dm_load_local_oob)");
2661 void btif_dm_proc_loc_oob(BOOLEAN valid, BT_OCTET16 c, BT_OCTET16 r)
2664 char *path_a = "/data/misc/bluedroid/LOCAL/a.key";
2665 char *path_b = "/data/misc/bluedroid/LOCAL/b.key";
2667 char prop_oob[PROPERTY_VALUE_MAX];
2668 BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob: valid=%d", valid);
2669 if (oob_cb.sp_c[0] == 0 && oob_cb.sp_c[1] == 0 &&
2670 oob_cb.sp_c[2] == 0 && oob_cb.sp_c[3] == 0 &&
2673 BTIF_TRACE_DEBUG("save local OOB data in memory");
2674 memcpy(oob_cb.sp_c, c, BT_OCTET16_LEN);
2675 memcpy(oob_cb.sp_r, r, BT_OCTET16_LEN);
2676 property_get("service.brcm.bt.oob", prop_oob, "3");
2677 BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob prop_oob = %s",prop_oob);
2678 if (prop_oob[0] == '1')
2680 else if (prop_oob[0] == '2')
2684 fp = fopen(path, "wb+");
2687 BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob: failed to save local OOB data to %s", path);
2691 BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob: save local OOB data into file %s",path);
2692 fwrite (c , 1 , BT_OCTET16_LEN , fp );
2693 fwrite (r , 1 , BT_OCTET16_LEN , fp );
2699 BOOLEAN btif_dm_proc_rmt_oob(BD_ADDR bd_addr, BT_OCTET16 p_c, BT_OCTET16 p_r)
2703 char *path_a = "/data/misc/bluedroid/LOCAL/a.key";
2704 char *path_b = "/data/misc/bluedroid/LOCAL/b.key";
2706 char prop_oob[PROPERTY_VALUE_MAX];
2707 BOOLEAN result = FALSE;
2708 bt_bdaddr_t bt_bd_addr;
2709 bdcpy(oob_cb.oob_bdaddr, bd_addr);
2710 property_get("service.brcm.bt.oob", prop_oob, "3");
2711 BTIF_TRACE_DEBUG("btif_dm_proc_rmt_oob prop_oob = %s",prop_oob);
2712 if (prop_oob[0] == '1')
2714 else if (prop_oob[0] == '2')
2718 fp = fopen(path, "rb");
2721 BTIF_TRACE_DEBUG("btapp_dm_rmt_oob_reply: failed to read OOB keys from %s",path);
2726 BTIF_TRACE_DEBUG("btif_dm_proc_rmt_oob: read OOB data from %s",path);
2727 fread (p_c , 1 , BT_OCTET16_LEN , fp );
2728 fread (p_r , 1 , BT_OCTET16_LEN , fp );
2731 BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: TRUE");
2732 sprintf(t, "%02x:%02x:%02x:%02x:%02x:%02x",
2733 oob_cb.oob_bdaddr[0], oob_cb.oob_bdaddr[1], oob_cb.oob_bdaddr[2],
2734 oob_cb.oob_bdaddr[3], oob_cb.oob_bdaddr[4], oob_cb.oob_bdaddr[5]);
2735 BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: peer_bdaddr = %s", t);
2736 sprintf(t, "%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
2737 p_c[0], p_c[1], p_c[2], p_c[3], p_c[4], p_c[5], p_c[6], p_c[7],
2738 p_c[8], p_c[9], p_c[10], p_c[11], p_c[12], p_c[13], p_c[14], p_c[15]);
2739 BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: c = %s",t);
2740 sprintf(t, "%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
2741 p_r[0], p_r[1], p_r[2], p_r[3], p_r[4], p_r[5], p_r[6], p_r[7],
2742 p_r[8], p_r[9], p_r[10], p_r[11], p_r[12], p_r[13], p_r[14], p_r[15]);
2743 BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: r = %s",t);
2744 bdcpy(bt_bd_addr.address, bd_addr);
2745 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_BOND_STATE_BONDING,
2746 (char *)&bt_bd_addr, sizeof(bt_bdaddr_t), NULL);
2749 BTIF_TRACE_DEBUG("btif_dm_proc_rmt_oob result=%d",result);
2752 #endif /* BTIF_DM_OOB_TEST */
2753 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2755 static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF *p_ssp_key_notif)
2757 bt_bdaddr_t bd_addr;
2758 bt_bdname_t bd_name;
2761 BTIF_TRACE_DEBUG("%s", __FUNCTION__);
2763 /* Remote name update */
2764 btif_update_remote_properties(p_ssp_key_notif->bd_addr , p_ssp_key_notif->bd_name,
2765 NULL, BT_DEVICE_TYPE_BLE);
2766 bdcpy(bd_addr.address, p_ssp_key_notif->bd_addr);
2767 memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
2769 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
2770 pairing_cb.is_ssp = FALSE;
2771 cod = COD_UNCLASSIFIED;
2773 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name,
2774 cod, BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
2775 p_ssp_key_notif->passkey);
2778 /*******************************************************************************
2780 ** Function btif_dm_ble_auth_cmpl_evt
2782 ** Description Executes authentication complete event in btif context
2786 *******************************************************************************/
2787 static void btif_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
2789 /* Save link key, if not temporary */
2790 bt_bdaddr_t bd_addr;
2791 bt_status_t status = BT_STATUS_FAIL;
2792 bt_bond_state_t state = BT_BOND_STATE_NONE;
2794 bdcpy(bd_addr.address, p_auth_cmpl->bd_addr);
2795 if ( (p_auth_cmpl->success == TRUE) && (p_auth_cmpl->key_present) )
2799 if (p_auth_cmpl->success)
2801 status = BT_STATUS_SUCCESS;
2802 state = BT_BOND_STATE_BONDED;
2804 btif_dm_save_ble_bonding_keys();
2805 BTA_GATTC_Refresh(bd_addr.address);
2806 btif_dm_get_remote_services(&bd_addr);
2810 /*Map the HCI fail reason to bt status */
2811 switch (p_auth_cmpl->fail_reason)
2813 case BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL:
2814 case BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL:
2815 btif_dm_remove_ble_bonding_keys();
2816 status = BT_STATUS_AUTH_FAILURE;
2818 case BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT:
2819 status = BT_STATUS_AUTH_REJECTED;
2822 btif_dm_remove_ble_bonding_keys();
2823 status = BT_STATUS_FAIL;
2827 bond_state_changed(status, &bd_addr, state);
2832 void btif_dm_load_ble_local_keys(void)
2834 bt_status_t bt_status;
2836 memset(&ble_local_key_cb, 0, sizeof(btif_dm_local_key_cb_t));
2838 if (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_ER,(char*)&ble_local_key_cb.er[0],
2839 BT_OCTET16_LEN)== BT_STATUS_SUCCESS)
2841 ble_local_key_cb.is_er_rcvd = TRUE;
2842 BTIF_TRACE_DEBUG("%s BLE ER key loaded",__FUNCTION__ );
2845 if ((btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IR,(char*)&ble_local_key_cb.id_keys.ir[0],
2846 BT_OCTET16_LEN)== BT_STATUS_SUCCESS )&&
2847 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IRK, (char*)&ble_local_key_cb.id_keys.irk[0],
2848 BT_OCTET16_LEN)== BT_STATUS_SUCCESS)&&
2849 (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_DHK,(char*)&ble_local_key_cb.id_keys.dhk[0],
2850 BT_OCTET16_LEN)== BT_STATUS_SUCCESS))
2852 ble_local_key_cb.is_id_keys_rcvd = TRUE;
2853 BTIF_TRACE_DEBUG("%s BLE ID keys loaded",__FUNCTION__ );
2857 void btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK *p_key_mask, BT_OCTET16 er,
2858 tBTA_BLE_LOCAL_ID_KEYS *p_id_keys)
2860 if (ble_local_key_cb.is_er_rcvd )
2862 memcpy(&er[0], &ble_local_key_cb.er[0], sizeof(BT_OCTET16));
2863 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ER;
2866 if (ble_local_key_cb.is_id_keys_rcvd)
2868 memcpy(&p_id_keys->ir[0], &ble_local_key_cb.id_keys.ir[0], sizeof(BT_OCTET16));
2869 memcpy(&p_id_keys->irk[0], &ble_local_key_cb.id_keys.irk[0], sizeof(BT_OCTET16));
2870 memcpy(&p_id_keys->dhk[0], &ble_local_key_cb.id_keys.dhk[0], sizeof(BT_OCTET16));
2871 *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ID;
2873 BTIF_TRACE_DEBUG("%s *p_key_mask=0x%02x",__FUNCTION__, *p_key_mask);
2876 void btif_dm_save_ble_bonding_keys(void)
2879 bt_bdaddr_t bd_addr;
2881 BTIF_TRACE_DEBUG("%s",__FUNCTION__ );
2883 bdcpy(bd_addr.address, pairing_cb.bd_addr);
2885 if (pairing_cb.ble.is_penc_key_rcvd)
2887 btif_storage_add_ble_bonding_key(&bd_addr,
2888 (char *) &pairing_cb.ble.penc_key,
2889 BTIF_DM_LE_KEY_PENC,
2890 sizeof(btif_dm_ble_penc_keys_t));
2893 if (pairing_cb.ble.is_pid_key_rcvd)
2895 btif_storage_add_ble_bonding_key(&bd_addr,
2896 (char *) &pairing_cb.ble.pid_key,
2898 sizeof(btif_dm_ble_pid_keys_t));
2902 if (pairing_cb.ble.is_pcsrk_key_rcvd)
2904 btif_storage_add_ble_bonding_key(&bd_addr,
2905 (char *) &pairing_cb.ble.pcsrk_key,
2906 BTIF_DM_LE_KEY_PCSRK,
2907 sizeof(btif_dm_ble_pcsrk_keys_t));
2911 if (pairing_cb.ble.is_lenc_key_rcvd)
2913 btif_storage_add_ble_bonding_key(&bd_addr,
2914 (char *) &pairing_cb.ble.lenc_key,
2915 BTIF_DM_LE_KEY_LENC,
2916 sizeof(btif_dm_ble_lenc_keys_t));
2919 if (pairing_cb.ble.is_lcsrk_key_rcvd)
2921 btif_storage_add_ble_bonding_key(&bd_addr,
2922 (char *) &pairing_cb.ble.lcsrk_key,
2923 BTIF_DM_LE_KEY_LCSRK,
2924 sizeof(btif_dm_ble_lcsrk_keys_t));
2930 void btif_dm_remove_ble_bonding_keys(void)
2932 bt_bdaddr_t bd_addr;
2934 BTIF_TRACE_DEBUG("%s",__FUNCTION__ );
2936 bdcpy(bd_addr.address, pairing_cb.bd_addr);
2937 btif_storage_remove_ble_bonding_keys(&bd_addr);
2941 /*******************************************************************************
2943 ** Function btif_dm_ble_sec_req_evt
2945 ** Description Eprocess security request event in btif context
2949 *******************************************************************************/
2950 void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ *p_ble_req)
2952 bt_bdaddr_t bd_addr;
2953 bt_bdname_t bd_name;
2955 BTIF_TRACE_DEBUG("%s", __FUNCTION__);
2957 if (pairing_cb.state == BT_BOND_STATE_BONDING)
2959 BTIF_TRACE_DEBUG("%s Discard security request", __FUNCTION__);
2963 /* Remote name update */
2964 btif_update_remote_properties(p_ble_req->bd_addr,p_ble_req->bd_name,NULL,BT_DEVICE_TYPE_BLE);
2966 bdcpy(bd_addr.address, p_ble_req->bd_addr);
2967 memcpy(bd_name.name, p_ble_req->bd_name, BD_NAME_LEN);
2969 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
2971 pairing_cb.bond_type = BOND_TYPE_PERSISTENT;
2972 pairing_cb.is_le_only = TRUE;
2973 pairing_cb.is_ssp = TRUE;
2975 cod = COD_UNCLASSIFIED;
2977 HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
2978 BT_SSP_VARIANT_CONSENT, 0);
2983 /*******************************************************************************
2985 ** Function btif_dm_ble_passkey_req_evt
2987 ** Description Executes pin request event in btif context
2991 *******************************************************************************/
2992 static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ *p_pin_req)
2994 bt_bdaddr_t bd_addr;
2995 bt_bdname_t bd_name;
2998 /* Remote name update */
2999 btif_update_remote_properties(p_pin_req->bd_addr,p_pin_req->bd_name,NULL,BT_DEVICE_TYPE_BLE);
3001 bdcpy(bd_addr.address, p_pin_req->bd_addr);
3002 memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
3004 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
3005 pairing_cb.is_le_only = TRUE;
3007 cod = COD_UNCLASSIFIED;
3009 HAL_CBACK(bt_hal_cbacks, pin_request_cb,
3010 &bd_addr, &bd_name, cod);
3014 void btif_dm_update_ble_remote_properties( BD_ADDR bd_addr, BD_NAME bd_name,
3015 tBT_DEVICE_TYPE dev_type)
3017 btif_update_remote_properties(bd_addr,bd_name,NULL,dev_type);
3020 static void btif_dm_ble_tx_test_cback(void *p)
3022 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_TX_TEST,
3023 (char *)p, 1, NULL);
3026 static void btif_dm_ble_rx_test_cback(void *p)
3028 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_RX_TEST,
3029 (char *)p, 1, NULL);
3032 static void btif_dm_ble_test_end_cback(void *p)
3034 btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_TEST_END,
3035 (char *)p, 3, NULL);
3037 /*******************************************************************************
3039 ** Function btif_le_test_mode
3041 ** Description Sends a HCI BLE Test command to the Controller
3043 ** Returns BT_STATUS_SUCCESS on success
3045 *******************************************************************************/
3046 bt_status_t btif_le_test_mode(uint16_t opcode, uint8_t *buf, uint8_t len)
3049 case HCI_BLE_TRANSMITTER_TEST:
3050 if (len != 3) return BT_STATUS_PARM_INVALID;
3051 BTM_BleTransmitterTest(buf[0],buf[1],buf[2], btif_dm_ble_tx_test_cback);
3053 case HCI_BLE_RECEIVER_TEST:
3054 if (len != 1) return BT_STATUS_PARM_INVALID;
3055 BTM_BleReceiverTest(buf[0], btif_dm_ble_rx_test_cback);
3057 case HCI_BLE_TEST_END:
3058 BTM_BleTestEnd((tBTM_CMPL_CB*) btif_dm_ble_test_end_cback);
3061 BTIF_TRACE_ERROR("%s: Unknown LE Test Mode Command 0x%x", __FUNCTION__, opcode);
3062 return BT_STATUS_UNSUPPORTED;
3064 return BT_STATUS_SUCCESS;
3069 void btif_dm_on_disable()
3071 /* cancel any pending pairing requests */
3072 if (pairing_cb.state == BT_BOND_STATE_BONDING)
3074 bt_bdaddr_t bd_addr;
3076 BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __FUNCTION__);
3077 bdcpy(bd_addr.address, pairing_cb.bd_addr);
3078 btif_dm_cancel_bond(&bd_addr);
3082 /*******************************************************************************
3084 ** Function btif_dm_read_energy_info
3086 ** Description Reads the energy info from controller
3090 *******************************************************************************/
3091 void btif_dm_read_energy_info()
3093 #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
3094 BTA_DmBleGetEnergyInfo(bta_energy_info_cb);
3098 static char* btif_get_default_local_name() {
3099 if (btif_default_local_name[0] == '\0')
3101 int max_len = sizeof(btif_default_local_name) - 1;
3102 if (BTM_DEF_LOCAL_NAME[0] != '\0')
3104 strncpy(btif_default_local_name, BTM_DEF_LOCAL_NAME, max_len);
3108 char prop_model[PROPERTY_VALUE_MAX];
3109 property_get(PROPERTY_PRODUCT_MODEL, prop_model, "");
3110 strncpy(btif_default_local_name, prop_model, max_len);
3112 btif_default_local_name[max_len] = '\0';
3114 return btif_default_local_name;