1 /******************************************************************************
3 * Copyright 2000-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /*****************************************************************************
23 * Description: This file contains functions that handle ACL connections.
24 * This includes operations such as hold and sniff modes,
25 * supported packet types.
27 * This module contains both internal and external (API)
28 * functions. External (API) functions are distinguishable
29 * by their names beginning with uppercase BTM.
32 *****************************************************************************/
34 #define LOG_TAG "btm_acl"
38 #include "bta/include/bta_dm_acl.h"
39 #include "bta/sys/bta_sys.h"
40 #include "btif/include/btif_acl.h"
41 #include "common/metrics.h"
42 #include "device/include/controller.h"
43 #include "device/include/interop.h"
44 #include "include/l2cap_hci_link_interface.h"
45 #include "main/shim/acl_api.h"
46 #include "main/shim/btm_api.h"
47 #include "main/shim/dumpsys.h"
48 #include "main/shim/l2c_api.h"
49 #include "main/shim/shim.h"
50 #include "osi/include/log.h"
51 #include "stack/acl/acl.h"
52 #include "stack/acl/peer_packet_types.h"
53 #include "stack/btm/btm_dev.h"
54 #include "stack/btm/btm_int_types.h"
55 #include "stack/btm/btm_sec.h"
56 #include "stack/btm/security_device_record.h"
57 #include "stack/gatt/connection_manager.h"
58 #include "stack/include/acl_api.h"
59 #include "stack/include/acl_hci_link_interface.h"
60 #include "stack/include/btm_api.h"
61 #include "stack/include/btm_iso_api.h"
62 #include "stack/include/btu.h"
63 #include "stack/include/hci_error_code.h"
64 #include "stack/include/hcimsgs.h"
65 #include "stack/include/l2cap_acl_interface.h"
66 #include "stack/include/sco_hci_link_interface.h"
67 #include "types/hci_role.h"
68 #include "types/raw_address.h"
70 void BTM_update_version_info(const RawAddress& bd_addr,
71 const remote_version_info& remote_version_info);
73 void gatt_find_in_device_record(const RawAddress& bd_addr,
74 tBLE_BD_ADDR* address_with_type);
75 void l2c_link_hci_conn_comp(tHCI_STATUS status, uint16_t handle,
76 const RawAddress& p_bda);
78 void BTM_db_reset(void);
80 extern tBTM_CB btm_cb;
82 struct StackAclBtmAcl {
83 tACL_CONN* acl_allocate_connection();
84 tACL_CONN* acl_get_connection_from_handle(uint16_t handle);
85 tACL_CONN* btm_bda_to_acl(const RawAddress& bda, tBT_TRANSPORT transport);
86 bool change_connection_packet_types(tACL_CONN& link,
87 const uint16_t new_packet_type_bitmask);
88 void btm_establish_continue(tACL_CONN* p_acl_cb);
89 void btm_read_remote_features(uint16_t handle);
90 void btm_set_default_link_policy(tLINK_POLICY settings);
91 void btm_acl_role_changed(tHCI_STATUS hci_status, const RawAddress& bd_addr,
93 void hci_start_role_switch_to_central(tACL_CONN& p_acl);
94 void set_default_packet_types_supported(uint16_t packet_types_supported) {
95 btm_cb.acl_cb_.btm_acl_pkt_types_supported = packet_types_supported;
99 struct RoleChangeView {
100 tHCI_ROLE new_role = HCI_ROLE_UNKNOWN;
105 StackAclBtmAcl internal_;
106 std::unique_ptr<RoleChangeView> delayed_role_change_ = nullptr;
107 const bluetooth::legacy::hci::Interface& GetLegacyHciInterface() {
108 return bluetooth::legacy::hci::GetInterface();
115 } __attribute__((packed)) acl_header_t;
117 constexpr uint8_t BTM_MAX_SW_ROLE_FAILED_ATTEMPTS = 3;
119 /* Define masks for supported and exception 2.0 ACL packet types
121 constexpr uint16_t BTM_ACL_SUPPORTED_PKTS_MASK =
122 (HCI_PKT_TYPES_MASK_DM1 | HCI_PKT_TYPES_MASK_DH1 | HCI_PKT_TYPES_MASK_DM3 |
123 HCI_PKT_TYPES_MASK_DH3 | HCI_PKT_TYPES_MASK_DM5 | HCI_PKT_TYPES_MASK_DH5);
125 constexpr uint16_t BTM_ACL_EXCEPTION_PKTS_MASK =
126 (HCI_PKT_TYPES_MASK_NO_2_DH1 | HCI_PKT_TYPES_MASK_NO_3_DH1 |
127 HCI_PKT_TYPES_MASK_NO_2_DH3 | HCI_PKT_TYPES_MASK_NO_3_DH3 |
128 HCI_PKT_TYPES_MASK_NO_2_DH5 | HCI_PKT_TYPES_MASK_NO_3_DH5);
130 inline bool IsEprAvailable(const tACL_CONN& p_acl) {
131 if (!p_acl.peer_lmp_feature_valid[0]) {
132 LOG_WARN("Checking incomplete feature page read");
135 return HCI_ATOMIC_ENCRYPT_SUPPORTED(p_acl.peer_lmp_feature_pages[0]) &&
136 controller_get_interface()->supports_encryption_pause();
139 static void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
140 uint8_t max_page_number);
141 static void btm_read_failed_contact_counter_timeout(void* data);
142 static void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number);
143 static void btm_read_rssi_timeout(void* data);
144 static void btm_read_tx_power_timeout(void* data);
145 static void check_link_policy(tLINK_POLICY* settings);
146 void btm_set_link_policy(tACL_CONN* conn, tLINK_POLICY policy);
149 void NotifyAclLinkUp(tACL_CONN& p_acl) {
150 if (p_acl.link_up_issued) {
151 LOG_INFO("Already notified BTA layer that the link is up");
154 p_acl.link_up_issued = true;
155 BTA_dm_acl_up(p_acl.remote_addr, p_acl.transport);
158 void NotifyAclLinkDown(tACL_CONN& p_acl) {
159 /* Only notify if link up has had a chance to be issued */
160 if (p_acl.link_up_issued) {
161 p_acl.link_up_issued = false;
162 BTA_dm_acl_down(p_acl.remote_addr, p_acl.transport);
166 void NotifyAclRoleSwitchComplete(const RawAddress& bda, tHCI_ROLE new_role,
167 tHCI_STATUS hci_status) {
168 BTA_dm_report_role_change(bda, new_role, hci_status);
171 void NotifyAclFeaturesReadComplete(tACL_CONN& p_acl,
172 UNUSED_ATTR uint8_t max_page_number) {
173 ASSERT_LOG(bluetooth::shim::is_gd_acl_enabled(),
174 "For right now only called with gd_acl support");
175 btm_process_remote_ext_features(&p_acl, max_page_number);
176 btm_set_link_policy(&p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
177 BTA_dm_notify_remote_features_complete(p_acl.remote_addr);
182 static void hci_btsnd_hcic_disconnect(tACL_CONN& p_acl, tHCI_STATUS reason) {
183 LOG_INFO("Disconnecting peer:%s reason:%s",
184 PRIVATE_ADDRESS(p_acl.remote_addr),
185 hci_error_code_text(reason).c_str());
186 p_acl.disconnect_reason = reason;
188 if (bluetooth::shim::is_gd_acl_enabled()) {
189 return bluetooth::shim::ACL_Disconnect(p_acl.hci_handle,
190 p_acl.is_transport_br_edr(), reason);
192 GetLegacyHciInterface().Disconnect(p_acl.hci_handle,
193 static_cast<uint16_t>(reason));
197 void StackAclBtmAcl::hci_start_role_switch_to_central(tACL_CONN& p_acl) {
198 GetLegacyHciInterface().StartRoleSwitch(
199 p_acl.remote_addr, static_cast<uint8_t>(HCI_ROLE_CENTRAL));
200 p_acl.set_switch_role_in_progress();
201 p_acl.rs_disc_pending = BTM_SEC_RS_PENDING;
204 void hci_btm_set_link_supervision_timeout(tACL_CONN& link, uint16_t timeout) {
205 if (link.link_role != HCI_ROLE_CENTRAL) {
206 /* Only send if current role is Central; 2.0 spec requires this */
207 LOG_WARN("Can only set link supervision timeout if central role:%s",
208 RoleText(link.link_role).c_str());
212 LOG_DEBUG("Setting link supervision timeout:%.2fs peer:%s",
213 double(timeout) * 0.01, PRIVATE_ADDRESS(link.RemoteAddress()));
214 link.link_super_tout = timeout;
215 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID, link.Handle(),
219 /* 3 seconds timeout waiting for responses */
220 #define BTM_DEV_REPLY_TIMEOUT_MS (3 * 1000)
222 void BTM_acl_after_controller_started(const controller_t* controller) {
223 internal_.btm_set_default_link_policy(
224 HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH | HCI_ENABLE_HOLD_MODE |
225 HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_PARK_MODE);
227 /* Create ACL supported packet types mask */
228 uint16_t btm_acl_pkt_types_supported =
229 (HCI_PKT_TYPES_MASK_DH1 + HCI_PKT_TYPES_MASK_DM1);
231 if (controller->supports_3_slot_packets())
232 btm_acl_pkt_types_supported |=
233 (HCI_PKT_TYPES_MASK_DH3 + HCI_PKT_TYPES_MASK_DM3);
235 if (controller->supports_5_slot_packets())
236 btm_acl_pkt_types_supported |=
237 (HCI_PKT_TYPES_MASK_DH5 + HCI_PKT_TYPES_MASK_DM5);
239 /* Add in EDR related ACL types */
240 if (!controller->supports_classic_2m_phy()) {
241 btm_acl_pkt_types_supported |=
242 (HCI_PKT_TYPES_MASK_NO_2_DH1 + HCI_PKT_TYPES_MASK_NO_2_DH3 +
243 HCI_PKT_TYPES_MASK_NO_2_DH5);
246 if (!controller->supports_classic_3m_phy()) {
247 btm_acl_pkt_types_supported |=
248 (HCI_PKT_TYPES_MASK_NO_3_DH1 + HCI_PKT_TYPES_MASK_NO_3_DH3 +
249 HCI_PKT_TYPES_MASK_NO_3_DH5);
252 /* Check to see if 3 and 5 slot packets are available */
253 if (controller->supports_classic_2m_phy() ||
254 controller->supports_classic_3m_phy()) {
255 if (!controller->supports_3_slot_edr_packets())
256 btm_acl_pkt_types_supported |=
257 (HCI_PKT_TYPES_MASK_NO_2_DH3 + HCI_PKT_TYPES_MASK_NO_3_DH3);
259 if (!controller->supports_5_slot_edr_packets())
260 btm_acl_pkt_types_supported |=
261 (HCI_PKT_TYPES_MASK_NO_2_DH5 + HCI_PKT_TYPES_MASK_NO_3_DH5);
263 internal_.set_default_packet_types_supported(btm_acl_pkt_types_supported);
266 /*******************************************************************************
268 * Function btm_bda_to_acl
270 * Description This function returns the FIRST acl_db entry for the passed
273 * Parameters bda : BD address of the remote device
274 * transport : Physical transport used for ACL connection
277 * Returns Returns pointer to the ACL DB for the requested BDA if found.
278 * nullptr if not found.
280 ******************************************************************************/
281 tACL_CONN* StackAclBtmAcl::btm_bda_to_acl(const RawAddress& bda,
282 tBT_TRANSPORT transport) {
283 tACL_CONN* p_acl = &btm_cb.acl_cb_.acl_db[0];
284 for (uint8_t index = 0; index < MAX_L2CAP_LINKS; index++, p_acl++) {
285 if ((p_acl->in_use) && p_acl->remote_addr == bda &&
286 p_acl->transport == transport) {
293 tACL_CONN* acl_get_connection_from_address(const RawAddress& bd_addr,
294 tBT_TRANSPORT transport) {
295 return internal_.btm_bda_to_acl(bd_addr, transport);
298 /*******************************************************************************
300 * Function btm_handle_to_acl_index
302 * Description This function returns the FIRST acl_db entry for the passed
305 * Returns index to the acl_db or MAX_L2CAP_LINKS.
307 ******************************************************************************/
308 uint8_t btm_handle_to_acl_index(uint16_t hci_handle) {
309 tACL_CONN* p = &btm_cb.acl_cb_.acl_db[0];
311 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
312 if ((p->in_use) && (p->hci_handle == hci_handle)) {
317 /* If here, no BD Addr found */
321 tACL_CONN* StackAclBtmAcl::acl_get_connection_from_handle(uint16_t hci_handle) {
322 uint8_t index = btm_handle_to_acl_index(hci_handle);
323 if (index >= MAX_L2CAP_LINKS) return nullptr;
324 return &btm_cb.acl_cb_.acl_db[index];
327 tACL_CONN* acl_get_connection_from_handle(uint16_t handle) {
328 return internal_.acl_get_connection_from_handle(handle);
331 void btm_acl_process_sca_cmpl_pkt(uint8_t len, uint8_t* data) {
336 STREAM_TO_UINT8(status, data);
338 if (status != HCI_SUCCESS) {
339 LOG_WARN("Peer SCA Command complete failed:%s",
340 hci_error_code_text(static_cast<tHCI_STATUS>(status)).c_str());
344 STREAM_TO_UINT16(handle, data);
345 STREAM_TO_UINT8(sca, data);
347 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
348 if (p_acl == nullptr) {
349 LOG_WARN("Unable to find active acl");
355 tACL_CONN* StackAclBtmAcl::acl_allocate_connection() {
356 tACL_CONN* p_acl = &btm_cb.acl_cb_.acl_db[0];
357 for (uint8_t xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl++) {
358 if (!p_acl->in_use) {
365 void btm_acl_created(const RawAddress& bda, uint16_t hci_handle,
366 tHCI_ROLE link_role, tBT_TRANSPORT transport) {
367 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bda, transport);
368 if (p_acl != (tACL_CONN*)NULL) {
369 p_acl->hci_handle = hci_handle;
370 p_acl->link_role = link_role;
371 p_acl->transport = transport;
372 btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
374 "Unable to create duplicate acl when one already exists handle:%hu"
375 " role:%s transport:%s",
376 hci_handle, RoleText(link_role).c_str(),
377 bt_transport_text(transport).c_str());
381 p_acl = internal_.acl_allocate_connection();
382 if (p_acl == nullptr) {
383 LOG_WARN("Unable to find active acl");
387 p_acl->in_use = true;
388 p_acl->hci_handle = hci_handle;
389 p_acl->link_role = link_role;
390 p_acl->link_up_issued = false;
391 p_acl->remote_addr = bda;
393 p_acl->transport = transport;
394 p_acl->switch_role_failed_attempts = 0;
395 p_acl->reset_switch_role();
396 BTM_PM_OnConnected(hci_handle, bda);
399 "Created new ACL connection peer:%s role:%s handle:0x%04x transport:%s",
400 PRIVATE_ADDRESS(bda), RoleText(p_acl->link_role).c_str(), hci_handle,
401 bt_transport_text(transport).c_str());
402 btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
404 if (transport == BT_TRANSPORT_LE) {
405 btm_ble_refresh_local_resolvable_private_addr(
406 bda, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr);
408 /* if BR/EDR do something more */
409 if (transport == BT_TRANSPORT_BR_EDR) {
410 btsnd_hcic_read_rmt_clk_offset(hci_handle);
411 if (!bluetooth::shim::is_gd_l2cap_enabled() &&
412 !bluetooth::shim::is_gd_acl_enabled()) {
413 // GD L2cap and GD Acl read this automatically
414 btsnd_hcic_rmt_ver_req(hci_handle);
418 if (transport == BT_TRANSPORT_LE) {
419 btm_ble_get_acl_remote_addr(hci_handle, p_acl->active_remote_addr,
420 &p_acl->active_remote_addr_type);
422 if (controller_get_interface()
423 ->supports_ble_peripheral_initiated_feature_exchange() ||
424 link_role == HCI_ROLE_CENTRAL) {
425 btsnd_hcic_ble_read_remote_feat(p_acl->hci_handle);
427 internal_.btm_establish_continue(p_acl);
432 void btm_acl_update_conn_addr(uint16_t handle, const RawAddress& address) {
433 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
434 if (p_acl == nullptr) {
435 LOG_WARN("Unable to find active acl");
438 p_acl->conn_addr = address;
441 /*******************************************************************************
443 * Function btm_acl_removed
445 * Description This function is called by L2CAP when an ACL connection
446 * is removed. Since only L2CAP creates ACL links, we use
447 * the L2CAP link index as our index into the control blocks.
451 ******************************************************************************/
452 void btm_acl_removed(uint16_t handle) {
453 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
454 if (p_acl == nullptr) {
455 LOG_WARN("Unable to find active acl");
458 p_acl->in_use = false;
459 NotifyAclLinkDown(*p_acl);
461 BTM_PM_OnDisconnected(handle);
464 /*******************************************************************************
466 * Function btm_acl_device_down
468 * Description This function is called when the local device is deemed
469 * to be down. It notifies L2CAP of the failure.
473 ******************************************************************************/
474 void btm_acl_device_down(void) {
475 tACL_CONN* p = &btm_cb.acl_cb_.acl_db[0];
477 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) {
479 l2c_link_hci_disc_comp(p->hci_handle, HCI_ERR_HW_FAILURE);
485 void btm_acl_set_paging(bool value) { btm_cb.is_paging = value; }
487 void btm_acl_update_inquiry_status(uint8_t status) {
488 btm_cb.is_inquiry = status == BTM_INQUIRY_STARTED;
489 BTIF_dm_report_inquiry_status_change(status);
492 tBTM_STATUS BTM_GetRole(const RawAddress& remote_bd_addr, tHCI_ROLE* p_role) {
493 if (p_role == nullptr) {
494 return BTM_ILLEGAL_VALUE;
496 *p_role = HCI_ROLE_UNKNOWN;
499 internal_.btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
500 if (p_acl == nullptr) {
501 LOG_WARN("Unable to find active acl");
502 return BTM_UNKNOWN_ADDR;
504 *p_role = p_acl->link_role;
508 /*******************************************************************************
510 * Function BTM_SwitchRoleToCentral
512 * Description This function is called to switch role between central and
513 * peripheral. If role is already set it will do nothing.
515 * Returns BTM_SUCCESS if already in specified role.
516 * BTM_CMD_STARTED if command issued to controller.
517 * BTM_NO_RESOURCES if couldn't allocate memory to issue
519 * BTM_UNKNOWN_ADDR if no active link with bd addr specified
520 * BTM_MODE_UNSUPPORTED if local device does not support role
522 * BTM_BUSY if the previous command is not completed
524 ******************************************************************************/
525 tBTM_STATUS BTM_SwitchRoleToCentral(const RawAddress& remote_bd_addr) {
526 if (bluetooth::shim::is_gd_l2cap_enabled()) {
527 bluetooth::shim::L2CA_SwitchRoleToCentral(remote_bd_addr);
530 if (!controller_get_interface()->supports_central_peripheral_role_switch()) {
531 LOG_INFO("Local controller does not support role switching");
532 return BTM_MODE_UNSUPPORTED;
536 internal_.btm_bda_to_acl(remote_bd_addr, BT_TRANSPORT_BR_EDR);
537 if (p_acl == nullptr) {
538 LOG_WARN("Unable to find active acl");
539 return BTM_UNKNOWN_ADDR;
542 if (p_acl->link_role == HCI_ROLE_CENTRAL) {
543 LOG_INFO("Requested role is already in effect");
547 if (interop_match_addr(INTEROP_DISABLE_ROLE_SWITCH, &remote_bd_addr)) {
548 LOG_INFO("Remote device is on list preventing role switch");
549 return BTM_DEV_RESTRICT_LISTED;
552 if (BTM_IsScoActiveByBdaddr(remote_bd_addr)) {
553 LOG_INFO("An active SCO to device prevents role switch at this time");
554 return BTM_NO_RESOURCES;
557 if (!p_acl->is_switch_role_idle()) {
558 LOG_INFO("Role switch is already progress");
562 tBTM_PM_MODE pwr_mode;
563 if (!BTM_ReadPowerMode(p_acl->remote_addr, &pwr_mode)) {
565 "Unable to find device to read current power mode prior to role "
567 return BTM_UNKNOWN_ADDR;
570 if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF) {
571 if (!BTM_SetLinkPolicyActiveMode(p_acl->remote_addr)) {
572 LOG_WARN("Unable to set link policy active before attempting switch");
573 return BTM_WRONG_MODE;
575 p_acl->set_switch_role_changing();
577 /* some devices do not support switch while encryption is on */
579 if (p_acl->is_encrypted && !IsEprAvailable(*p_acl)) {
580 /* bypass turning off encryption if change link key is already doing it */
581 p_acl->set_encryption_off();
582 p_acl->set_switch_role_encryption_off();
584 internal_.hci_start_role_switch_to_central(*p_acl);
588 return BTM_CMD_STARTED;
591 /*******************************************************************************
593 * Function btm_acl_encrypt_change
595 * Description This function is when encryption of the connection is
596 * completed by the LM. Checks to see if a role switch or
597 * change of link key was active and initiates or continues
602 ******************************************************************************/
603 void btm_acl_encrypt_change(uint16_t handle, uint8_t status,
604 uint8_t encr_enable) {
605 tACL_CONN* p = internal_.acl_get_connection_from_handle(handle);
607 LOG_WARN("Unable to find active acl");
611 p->is_encrypted = encr_enable;
613 /* Process Role Switch if active */
614 if (p->is_switch_role_encryption_off()) {
615 /* if encryption turn off failed we still will try to switch role */
617 p->set_encryption_idle();
618 p->reset_switch_role();
620 p->set_encryption_switching();
621 p->set_switch_role_switching();
623 internal_.hci_start_role_switch_to_central(*p);
625 /* Finished enabling Encryption after role switch */
626 else if (p->is_switch_role_encryption_on()) {
627 p->reset_switch_role();
628 p->set_encryption_idle();
629 NotifyAclRoleSwitchComplete(
630 btm_cb.acl_cb_.switch_role_ref_data.remote_bd_addr,
631 btm_cb.acl_cb_.switch_role_ref_data.role,
632 btm_cb.acl_cb_.switch_role_ref_data.hci_status);
634 /* If a disconnect is pending, issue it now that role switch has completed
636 if (p->rs_disc_pending == BTM_SEC_DISC_PENDING) {
637 hci_btsnd_hcic_disconnect(*p, HCI_ERR_PEER_USER);
639 p->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
643 static void check_link_policy(tLINK_POLICY* settings) {
644 const controller_t* controller = controller_get_interface();
646 if ((*settings & HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH) &&
647 (!controller->supports_role_switch())) {
648 *settings &= (~HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
649 LOG_INFO("Role switch not supported (settings: 0x%04x)", *settings);
651 if ((*settings & HCI_ENABLE_HOLD_MODE) &&
652 (!controller->supports_hold_mode())) {
653 *settings &= (~HCI_ENABLE_HOLD_MODE);
654 LOG_INFO("hold not supported (settings: 0x%04x)", *settings);
656 if ((*settings & HCI_ENABLE_SNIFF_MODE) &&
657 (!controller->supports_sniff_mode())) {
658 *settings &= (~HCI_ENABLE_SNIFF_MODE);
659 LOG_INFO("sniff not supported (settings: 0x%04x)", *settings);
661 if ((*settings & HCI_ENABLE_PARK_MODE) &&
662 (!controller->supports_park_mode())) {
663 *settings &= (~HCI_ENABLE_PARK_MODE);
664 LOG_INFO("park not supported (settings: 0x%04x)", *settings);
668 void btm_set_link_policy(tACL_CONN* conn, tLINK_POLICY policy) {
669 conn->link_policy = policy;
670 check_link_policy(&conn->link_policy);
671 if ((conn->link_policy & HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH) &&
672 interop_match_addr(INTEROP_DISABLE_SNIFF, &(conn->remote_addr))) {
673 conn->link_policy &= (~HCI_ENABLE_SNIFF_MODE);
675 btsnd_hcic_write_policy_set(conn->hci_handle,
676 static_cast<uint16_t>(conn->link_policy));
679 static void btm_toggle_policy_on_for(const RawAddress& peer_addr,
681 auto conn = internal_.btm_bda_to_acl(peer_addr, BT_TRANSPORT_BR_EDR);
683 LOG_WARN("Unable to find active acl");
686 btm_set_link_policy(conn, conn->link_policy | flag);
689 static void btm_toggle_policy_off_for(const RawAddress& peer_addr,
691 auto conn = internal_.btm_bda_to_acl(peer_addr, BT_TRANSPORT_BR_EDR);
693 LOG_WARN("Unable to find active acl");
696 btm_set_link_policy(conn, conn->link_policy & ~flag);
699 bool BTM_is_sniff_allowed_for(const RawAddress& peer_addr) {
700 auto conn = internal_.btm_bda_to_acl(peer_addr, BT_TRANSPORT_BR_EDR);
702 LOG_WARN("Unable to find active acl");
705 return conn->link_policy & HCI_ENABLE_SNIFF_MODE;
708 void BTM_unblock_sniff_mode_for(const RawAddress& peer_addr) {
709 btm_toggle_policy_on_for(peer_addr, HCI_ENABLE_SNIFF_MODE);
712 void BTM_block_sniff_mode_for(const RawAddress& peer_addr) {
713 btm_toggle_policy_off_for(peer_addr, HCI_ENABLE_SNIFF_MODE);
716 void BTM_unblock_role_switch_for(const RawAddress& peer_addr) {
717 btm_toggle_policy_on_for(peer_addr, HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
720 void BTM_block_role_switch_for(const RawAddress& peer_addr) {
721 btm_toggle_policy_off_for(peer_addr, HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
724 void BTM_unblock_role_switch_and_sniff_mode_for(const RawAddress& peer_addr) {
725 btm_toggle_policy_on_for(
726 peer_addr, HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
729 void BTM_block_role_switch_and_sniff_mode_for(const RawAddress& peer_addr) {
730 btm_toggle_policy_off_for(
731 peer_addr, HCI_ENABLE_SNIFF_MODE | HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
734 void StackAclBtmAcl::btm_set_default_link_policy(tLINK_POLICY settings) {
735 check_link_policy(&settings);
736 btm_cb.acl_cb_.btm_def_link_policy = settings;
737 btsnd_hcic_write_def_policy_set(settings);
740 void BTM_default_unblock_role_switch() {
741 internal_.btm_set_default_link_policy(btm_cb.acl_cb_.DefaultLinkPolicy() |
742 HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
745 void BTM_default_block_role_switch() {
746 internal_.btm_set_default_link_policy(btm_cb.acl_cb_.DefaultLinkPolicy() &
747 ~HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH);
750 /*******************************************************************************
752 * Function btm_read_remote_version_complete
754 * Description This function is called when the command complete message
755 * is received from the HCI for the remote version info.
759 ******************************************************************************/
760 static void maybe_chain_more_commands_after_read_remote_version_complete(
761 uint8_t status, uint16_t handle) {
762 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
763 if (p_acl_cb == nullptr) {
764 LOG_WARN("Received remote version complete for unknown device");
768 switch (p_acl_cb->transport) {
769 case BT_TRANSPORT_LE:
770 l2cble_notify_le_connection(p_acl_cb->remote_addr);
771 l2cble_use_preferred_conn_params(p_acl_cb->remote_addr);
773 case BT_TRANSPORT_BR_EDR:
775 * When running legacy stack continue chain of executing various
776 * read commands. Skip when gd_acl is enabled because that
777 * module handles all remote read functionality.
779 if (!bluetooth::shim::is_gd_acl_enabled()) {
780 if (status == HCI_SUCCESS) {
781 internal_.btm_read_remote_features(p_acl_cb->hci_handle);
787 void btm_process_remote_version_complete(uint8_t status, uint16_t handle,
789 uint16_t manufacturer,
790 uint16_t lmp_subversion) {
791 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
792 if (p_acl_cb == nullptr) {
793 LOG_WARN("Received remote version complete for unknown acl");
797 if (status == HCI_SUCCESS) {
798 p_acl_cb->remote_version_info.lmp_version = lmp_version;
799 p_acl_cb->remote_version_info.manufacturer = manufacturer;
800 p_acl_cb->remote_version_info.lmp_subversion = lmp_subversion;
801 p_acl_cb->remote_version_info.valid = true;
802 BTM_update_version_info(p_acl_cb->RemoteAddress(),
803 p_acl_cb->remote_version_info);
805 bluetooth::common::LogRemoteVersionInfo(handle, status, lmp_version,
806 manufacturer, lmp_subversion);
808 bluetooth::common::LogRemoteVersionInfo(handle, status, 0, 0, 0);
812 void btm_read_remote_version_complete_raw(uint8_t* p) {
816 uint16_t manufacturer;
817 uint16_t lmp_subversion;
819 STREAM_TO_UINT8(status, p);
820 STREAM_TO_UINT16(handle, p);
821 STREAM_TO_UINT8(lmp_version, p);
822 STREAM_TO_UINT16(manufacturer, p);
823 STREAM_TO_UINT16(lmp_subversion, p);
825 ASSERT_LOG(!bluetooth::shim::is_gd_acl_enabled(),
826 "gd acl layer should be receiving this completion");
827 btm_read_remote_version_complete(static_cast<tHCI_STATUS>(status), handle,
828 lmp_version, manufacturer, lmp_version);
831 void btm_read_remote_version_complete(tHCI_STATUS status, uint16_t handle,
833 uint16_t manufacturer,
834 uint16_t lmp_subversion) {
835 btm_process_remote_version_complete(status, handle, lmp_version, manufacturer,
837 maybe_chain_more_commands_after_read_remote_version_complete(status, handle);
840 /*******************************************************************************
842 * Function btm_process_remote_ext_features
844 * Description Local function called to process all extended features pages
845 * read from a remote device.
849 ******************************************************************************/
850 void btm_process_remote_ext_features(tACL_CONN* p_acl_cb,
851 uint8_t max_page_number) {
852 CHECK(p_acl_cb != nullptr);
853 if (!p_acl_cb->peer_lmp_feature_valid[max_page_number]) {
855 "Checking remote features but remote feature read is "
860 HCI_SSP_HOST_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[1]);
861 bool secure_connections_supported =
862 HCI_SC_HOST_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[1]);
863 bool role_switch_supported =
864 HCI_SWITCH_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0]);
865 bool br_edr_supported =
866 !HCI_BREDR_NOT_SPT_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0]);
868 HCI_LE_SPT_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0]) &&
869 HCI_LE_HOST_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[1]);
870 btm_sec_set_peer_sec_caps(p_acl_cb->hci_handle, ssp_supported,
871 secure_connections_supported, role_switch_supported,
872 br_edr_supported, le_supported);
875 /*******************************************************************************
877 * Function btm_read_remote_features
879 * Description Local function called to send a read remote supported
880 * features/remote extended features page[0].
884 ******************************************************************************/
885 void StackAclBtmAcl::btm_read_remote_features(uint16_t handle) {
889 acl_idx = btm_handle_to_acl_index(handle);
890 if (acl_idx >= MAX_L2CAP_LINKS) {
891 LOG_WARN("Unable to find active acl");
895 p_acl_cb = &btm_cb.acl_cb_.acl_db[acl_idx];
896 memset(p_acl_cb->peer_lmp_feature_pages, 0,
897 sizeof(p_acl_cb->peer_lmp_feature_pages));
899 /* first send read remote supported features HCI command */
900 /* because we don't know whether the remote support extended feature command
902 if (bluetooth::shim::is_gd_l2cap_enabled()) {
903 // GD L2cap reads this automatically
906 btsnd_hcic_rmt_features_req(handle);
909 /*******************************************************************************
911 * Function btm_read_remote_ext_features
913 * Description Local function called to send a read remote extended
918 ******************************************************************************/
919 void btm_read_remote_ext_features(uint16_t handle, uint8_t page_number) {
920 if (bluetooth::shim::is_gd_l2cap_enabled()) {
921 // GD L2cap reads this automatically
924 btsnd_hcic_rmt_ext_features(handle, page_number);
927 /*******************************************************************************
929 * Function btm_read_remote_features_complete
931 * Description This function is called when the remote supported features
932 * complete event is received from the HCI.
936 ******************************************************************************/
937 void btm_read_remote_features_complete_raw(uint8_t* p) {
941 STREAM_TO_UINT8(status, p);
943 if (status != HCI_SUCCESS) {
944 LOG_WARN("Uanble to read remote features status:%s",
945 hci_error_code_text(static_cast<tHCI_STATUS>(status)).c_str());
949 STREAM_TO_UINT16(handle, p);
951 btm_read_remote_features_complete(handle, p);
954 void btm_read_remote_features_complete(uint16_t handle, uint8_t* features) {
955 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
956 if (p_acl_cb == nullptr) {
957 LOG_WARN("Unable to find active acl");
961 /* Copy the received features page */
962 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[0], features,
963 HCI_FEATURE_BYTES_PER_PAGE);
964 p_acl_cb->peer_lmp_feature_valid[0] = true;
966 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl_cb->peer_lmp_feature_pages[0])) &&
967 (controller_get_interface()
968 ->supports_reading_remote_extended_features())) {
969 /* if the remote controller has extended features and local controller
970 supports HCI_Read_Remote_Extended_Features command then start reading
971 these feature starting with extended features page 1 */
972 LOG_DEBUG("Start reading remote extended features");
973 btm_read_remote_ext_features(handle, 1);
977 /* Remote controller has no extended features. Process remote controller
978 supported features (features page 0). */
979 btm_process_remote_ext_features(p_acl_cb, 0);
981 /* Continue with HCI connection establishment */
982 internal_.btm_establish_continue(p_acl_cb);
985 /*******************************************************************************
987 * Function btm_read_remote_ext_features_complete
989 * Description This function is called when the remote extended features
990 * complete event is received from the HCI.
994 ******************************************************************************/
995 void btm_read_remote_ext_features_complete_raw(uint8_t* p, uint8_t evt_len) {
996 uint8_t page_num, max_page;
999 if (evt_len < HCI_EXT_FEATURES_SUCCESS_EVT_LEN) {
1000 android_errorWriteLog(0x534e4554, "141552859");
1001 LOG_WARN("Remote extended feature length too short. length=%d", evt_len);
1006 STREAM_TO_UINT16(handle, p);
1007 STREAM_TO_UINT8(page_num, p);
1008 STREAM_TO_UINT8(max_page, p);
1010 if (max_page > HCI_EXT_FEATURES_PAGE_MAX) {
1011 LOG_WARN("Too many max pages read page=%d unknown", max_page);
1015 if (page_num > HCI_EXT_FEATURES_PAGE_MAX) {
1016 android_errorWriteLog(0x534e4554, "141552859");
1017 LOG_WARN("Too many received pages num_page=%d invalid", page_num);
1021 if (page_num > max_page) {
1022 LOG_WARN("num_page=%d, max_page=%d invalid", page_num, max_page);
1025 btm_read_remote_ext_features_complete(handle, page_num, max_page, p);
1028 void btm_read_remote_ext_features_complete(uint16_t handle, uint8_t page_num,
1030 uint8_t* features) {
1031 /* Validate parameters */
1032 auto* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1033 if (p_acl_cb == nullptr) {
1034 LOG_WARN("Unable to find active acl");
1038 /* Copy the received features page */
1039 STREAM_TO_ARRAY(p_acl_cb->peer_lmp_feature_pages[page_num], features,
1040 HCI_FEATURE_BYTES_PER_PAGE);
1041 p_acl_cb->peer_lmp_feature_valid[page_num] = true;
1043 /* If there is the next remote features page and
1044 * we have space to keep this page data - read this page */
1045 if ((page_num < max_page) && (page_num < HCI_EXT_FEATURES_PAGE_MAX)) {
1047 LOG_DEBUG("BTM reads next remote extended features page (%d)", page_num);
1048 btm_read_remote_ext_features(handle, page_num);
1052 /* Reading of remote feature pages is complete */
1053 LOG_DEBUG("BTM reached last remote extended features page (%d)", page_num);
1055 /* Process the pages */
1056 btm_process_remote_ext_features(p_acl_cb, max_page);
1058 /* Continue with HCI connection establishment */
1059 internal_.btm_establish_continue(p_acl_cb);
1062 /*******************************************************************************
1064 * Function btm_read_remote_ext_features_failed
1066 * Description This function is called when the remote extended features
1067 * complete event returns a failed status.
1071 ******************************************************************************/
1072 void btm_read_remote_ext_features_failed(uint8_t status, uint16_t handle) {
1073 LOG_WARN("status 0x%02x for handle %d", status, handle);
1075 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1076 if (p_acl_cb == nullptr) {
1077 LOG_WARN("Unable to find active acl");
1081 /* Process supported features only */
1082 btm_process_remote_ext_features(p_acl_cb, 0);
1084 /* Continue HCI connection establishment */
1085 internal_.btm_establish_continue(p_acl_cb);
1088 /*******************************************************************************
1090 * Function btm_establish_continue
1092 * Description This function is called when the command complete message
1093 * is received from the HCI for the read local link policy
1098 ******************************************************************************/
1099 void StackAclBtmAcl::btm_establish_continue(tACL_CONN* p_acl) {
1100 CHECK(p_acl != nullptr);
1102 if (p_acl->is_transport_br_edr()) {
1103 /* For now there are a some devices that do not like sending */
1104 /* commands events and data at the same time. */
1105 /* Set the packet types to the default allowed by the device */
1106 const uint16_t default_packet_type_mask =
1107 btm_cb.acl_cb_.DefaultPacketTypes();
1108 if (!internal_.change_connection_packet_types(*p_acl,
1109 default_packet_type_mask)) {
1110 LOG_ERROR("Unable to change connection packet type types:%04x address:%s",
1111 default_packet_type_mask,
1112 PRIVATE_ADDRESS(p_acl->RemoteAddress()));
1114 btm_set_link_policy(p_acl, btm_cb.acl_cb_.DefaultLinkPolicy());
1116 NotifyAclLinkUp(*p_acl);
1119 void btm_establish_continue_from_address(const RawAddress& bda,
1120 tBT_TRANSPORT transport) {
1121 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bda, transport);
1122 if (p_acl == nullptr) {
1123 LOG_WARN("Unable to find active acl");
1126 internal_.btm_establish_continue(p_acl);
1129 /*******************************************************************************
1131 * Function BTM_GetLinkSuperTout
1133 * Description Read the link supervision timeout value of the connection
1135 * Returns status of the operation
1137 ******************************************************************************/
1138 tBTM_STATUS BTM_GetLinkSuperTout(const RawAddress& remote_bda,
1139 uint16_t* p_timeout) {
1140 CHECK(p_timeout != nullptr);
1141 const tACL_CONN* p_acl =
1142 internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1143 if (p_acl == nullptr) {
1144 LOG_WARN("Unable to find active acl");
1145 return BTM_UNKNOWN_ADDR;
1147 *p_timeout = p_acl->link_super_tout;
1151 /*******************************************************************************
1153 * Function BTM_SetLinkSuperTout
1155 * Description Create and send HCI "Write Link Supervision Timeout" command
1157 * Returns status of the operation
1159 ******************************************************************************/
1160 tBTM_STATUS BTM_SetLinkSuperTout(const RawAddress& remote_bda,
1162 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1163 if (p_acl == nullptr) {
1164 LOG_WARN("Unable to find active acl");
1165 return BTM_UNKNOWN_ADDR;
1168 /* Only send if current role is Central; 2.0 spec requires this */
1169 if (p_acl->link_role == HCI_ROLE_CENTRAL) {
1170 p_acl->link_super_tout = timeout;
1171 btsnd_hcic_write_link_super_tout(LOCAL_BR_EDR_CONTROLLER_ID,
1172 p_acl->hci_handle, timeout);
1173 LOG_DEBUG("Set supervision timeout:%.2fms bd_addr:%s",
1174 supervision_timeout_to_seconds(timeout),
1175 PRIVATE_ADDRESS(remote_bda));
1176 return BTM_CMD_STARTED;
1179 "Role is peripheral so unable to set supervision timeout:%.2fms "
1181 supervision_timeout_to_seconds(timeout), PRIVATE_ADDRESS(remote_bda));
1186 bool BTM_IsAclConnectionUp(const RawAddress& remote_bda,
1187 tBT_TRANSPORT transport) {
1188 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1189 return bluetooth::shim::L2CA_IsLinkEstablished(remote_bda, transport);
1192 return internal_.btm_bda_to_acl(remote_bda, transport) != nullptr;
1195 bool BTM_IsAclConnectionUpAndHandleValid(const RawAddress& remote_bda,
1196 tBT_TRANSPORT transport) {
1197 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1198 return bluetooth::shim::L2CA_IsLinkEstablished(remote_bda, transport);
1201 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, transport);
1202 if (p_acl == nullptr) {
1203 LOG_WARN("Unable to find active acl");
1206 return p_acl->hci_handle != HCI_INVALID_HANDLE;
1209 bool BTM_IsAclConnectionUpFromHandle(uint16_t hci_handle) {
1210 return internal_.acl_get_connection_from_handle(hci_handle) != nullptr;
1213 /*******************************************************************************
1215 * Function BTM_GetNumAclLinks
1217 * Description This function is called to count the number of
1218 * ACL links that are active.
1220 * Returns uint16_t Number of active ACL links
1222 ******************************************************************************/
1223 uint16_t BTM_GetNumAclLinks(void) {
1224 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1225 return bluetooth::shim::L2CA_GetNumLinks();
1227 return static_cast<uint16_t>(btm_cb.acl_cb_.NumberOfActiveLinks());
1230 /*******************************************************************************
1232 * Function btm_get_acl_disc_reason_code
1234 * Description This function is called to get the disconnection reason code
1235 * returned by the HCI at disconnection complete event.
1237 * Returns true if connection is up, else false.
1239 ******************************************************************************/
1240 tHCI_REASON btm_get_acl_disc_reason_code(void) {
1241 return btm_cb.acl_cb_.get_disconnect_reason();
1244 /*******************************************************************************
1246 * Function BTM_GetHCIConnHandle
1248 * Description This function is called to get the handle for an ACL
1249 * connection to a specific remote BD Address.
1251 * Returns the handle of the connection, or HCI_INVALID_HANDLE if none.
1253 ******************************************************************************/
1254 uint16_t BTM_GetHCIConnHandle(const RawAddress& remote_bda,
1255 tBT_TRANSPORT transport) {
1256 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1257 return bluetooth::shim::BTM_GetHCIConnHandle(remote_bda, transport);
1261 p = internal_.btm_bda_to_acl(remote_bda, transport);
1262 if (p != (tACL_CONN*)NULL) {
1263 return (p->hci_handle);
1266 /* If here, no BD Addr found */
1267 return HCI_INVALID_HANDLE;
1270 /*******************************************************************************
1272 * Function BTM_IsPhy2mSupported
1274 * Description This function is called to check PHY 2M support
1276 * Returns True when PHY 2M supported false otherwise
1278 ******************************************************************************/
1279 bool BTM_IsPhy2mSupported(const RawAddress& remote_bda, tBT_TRANSPORT transport) {
1281 BTM_TRACE_DEBUG("BTM_IsPhy2mSupported");
1282 p = internal_.btm_bda_to_acl(remote_bda, transport);
1283 if (p == (tACL_CONN*)NULL) {
1284 BTM_TRACE_DEBUG("BTM_IsPhy2mSupported: no connection");
1288 if (!p->peer_le_features_valid) {
1290 "Checking remote features but remote feature read is "
1293 return HCI_LE_2M_PHY_SUPPORTED(p->peer_le_features);
1296 /*******************************************************************************
1298 * Function BTM_RequestPeerSCA
1300 * Description This function is called to request sleep clock accuracy
1303 ******************************************************************************/
1304 void BTM_RequestPeerSCA(const RawAddress& remote_bda, tBT_TRANSPORT transport) {
1306 p = internal_.btm_bda_to_acl(remote_bda, transport);
1307 if (p == (tACL_CONN*)NULL) {
1308 LOG_WARN("Unable to find active acl");
1312 btsnd_hcic_req_peer_sca(p->hci_handle);
1315 /*******************************************************************************
1317 * Function BTM_GetPeerSCA
1319 * Description This function is called to get peer sleep clock accuracy
1321 * Returns SCA or 0xFF if SCA was never previously requested, request
1322 * is not supported by peer device or ACL does not exist
1324 ******************************************************************************/
1325 uint8_t BTM_GetPeerSCA(const RawAddress& remote_bda, tBT_TRANSPORT transport) {
1327 p = internal_.btm_bda_to_acl(remote_bda, transport);
1328 if (p != (tACL_CONN*)NULL) {
1331 LOG_WARN("Unable to find active acl");
1333 /* If here, no BD Addr found */
1337 /*******************************************************************************
1339 * Function btm_rejectlist_role_change_device
1341 * Description This function is used to rejectlist the device if the role
1342 * switch fails for maximum number of times. It also removes
1343 * the device from the black list if the role switch succeeds.
1345 * Input Parms bd_addr - remote BD addr
1346 * hci_status - role switch status
1350 *******************************************************************************/
1351 void btm_rejectlist_role_change_device(const RawAddress& bd_addr,
1352 uint8_t hci_status) {
1353 tACL_CONN* p = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
1356 LOG_WARN("Unable to find active acl");
1359 if (hci_status == HCI_SUCCESS) {
1360 p->switch_role_failed_attempts = 0;
1364 /* check for carkits */
1365 const uint32_t cod_audio_device =
1366 (BTM_COD_SERVICE_AUDIO | BTM_COD_MAJOR_AUDIO) << 8;
1367 const uint8_t* dev_class = btm_get_dev_class(bd_addr);
1368 if (dev_class == nullptr) return;
1369 const uint32_t cod =
1370 ((dev_class[0] << 16) | (dev_class[1] << 8) | dev_class[2]) & 0xffffff;
1371 if ((hci_status != HCI_SUCCESS) &&
1372 (p->is_switch_role_switching_or_in_progress()) &&
1373 ((cod & cod_audio_device) == cod_audio_device) &&
1374 (!interop_match_addr(INTEROP_DYNAMIC_ROLE_SWITCH, &bd_addr))) {
1375 p->switch_role_failed_attempts++;
1376 if (p->switch_role_failed_attempts == BTM_MAX_SW_ROLE_FAILED_ATTEMPTS) {
1378 "Device %s rejectlisted for role switching - "
1379 "multiple role switch failed attempts: %u",
1380 bd_addr.ToString().c_str(), p->switch_role_failed_attempts);
1381 interop_database_add(INTEROP_DYNAMIC_ROLE_SWITCH, &bd_addr, 3);
1386 /*******************************************************************************
1388 * Function btm_acl_role_changed
1390 * Description This function is called whan a link's central/peripheral
1391 *role change event or command status event (with error) is received. It updates
1392 *the link control block, and calls the registered callback with status and role
1397 ******************************************************************************/
1398 void StackAclBtmAcl::btm_acl_role_changed(tHCI_STATUS hci_status,
1399 const RawAddress& bd_addr,
1400 tHCI_ROLE new_role) {
1401 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
1402 if (p_acl == nullptr) {
1403 // If we get a role change before connection complete, we cache the new
1404 // role here and then propagate it when ACL Link is created.
1405 RoleChangeView role_change;
1406 role_change.new_role = new_role;
1407 role_change.bd_addr = bd_addr;
1408 delayed_role_change_ =
1409 std::make_unique<RoleChangeView>(std::move(role_change));
1410 LOG_WARN("Unable to find active acl");
1414 tBTM_ROLE_SWITCH_CMPL* p_switch_role = &btm_cb.acl_cb_.switch_role_ref_data;
1415 LOG_DEBUG("Role change event received peer:%s hci_status:%s new_role:%s",
1416 PRIVATE_ADDRESS(bd_addr), hci_error_code_text(hci_status).c_str(),
1417 RoleText(new_role).c_str());
1419 p_switch_role->hci_status = hci_status;
1420 if (hci_status == HCI_SUCCESS) {
1421 p_switch_role->role = new_role;
1422 p_switch_role->remote_bd_addr = bd_addr;
1424 /* Update cached value */
1425 p_acl->link_role = new_role;
1427 /* Reload LSTO: link supervision timeout is reset in the LM after a role
1429 if (new_role == HCI_ROLE_CENTRAL) {
1430 constexpr uint16_t link_supervision_timeout = 8000;
1431 BTM_SetLinkSuperTout(bd_addr, link_supervision_timeout);
1434 new_role = p_acl->link_role;
1437 /* Check if any SCO req is pending for role change */
1438 btm_sco_chk_pend_rolechange(p_acl->hci_handle);
1440 /* if switching state is switching we need to turn encryption on */
1441 /* if idle, we did not change encryption */
1442 if (p_acl->is_switch_role_switching()) {
1443 p_acl->set_encryption_on();
1444 p_acl->set_switch_role_encryption_on();
1448 /* Set the switch_role_state to IDLE since the reply received from HCI */
1449 /* regardless of its result either success or failed. */
1450 if (p_acl->is_switch_role_in_progress()) {
1451 p_acl->set_encryption_idle();
1452 p_acl->reset_switch_role();
1455 BTA_dm_report_role_change(bd_addr, new_role, hci_status);
1457 /* If a disconnect is pending, issue it now that role switch has completed */
1458 if (p_acl->rs_disc_pending == BTM_SEC_DISC_PENDING) {
1459 hci_btsnd_hcic_disconnect(*p_acl, HCI_ERR_PEER_USER);
1461 p_acl->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */
1464 void btm_acl_role_changed(tHCI_STATUS hci_status, const RawAddress& bd_addr,
1465 tHCI_ROLE new_role) {
1466 if (hci_status == HCI_SUCCESS) {
1467 l2c_link_role_changed(&bd_addr, new_role, hci_status);
1469 l2c_link_role_changed(nullptr, HCI_ROLE_UNKNOWN,
1470 HCI_ERR_COMMAND_DISALLOWED);
1472 internal_.btm_acl_role_changed(hci_status, bd_addr, new_role);
1475 /*******************************************************************************
1477 * Function change_connection_packet_types
1479 * Description This function sets the packet types used for a specific
1480 * ACL connection. It is called internally by btm_acl_created
1481 * or by an application/profile by BTM_SetPacketTypes.
1483 * Returns status of the operation
1485 ******************************************************************************/
1486 bool StackAclBtmAcl::change_connection_packet_types(
1487 tACL_CONN& link, const uint16_t new_packet_type_mask) {
1488 // Start with the default configured packet types
1489 const uint16_t default_packet_type_mask = btm_cb.acl_cb_.DefaultPacketTypes();
1491 uint16_t packet_type_mask =
1492 default_packet_type_mask &
1493 (new_packet_type_mask & BTM_ACL_SUPPORTED_PKTS_MASK);
1495 /* OR in any exception packet types if at least 2.0 version of spec */
1497 ((new_packet_type_mask & BTM_ACL_EXCEPTION_PKTS_MASK) |
1498 (BTM_ACL_EXCEPTION_PKTS_MASK & default_packet_type_mask));
1500 /* Exclude packet types not supported by the peer */
1501 if (link.peer_lmp_feature_valid[0]) {
1502 PeerPacketTypes peer_packet_types(link.peer_lmp_feature_pages[0]);
1503 packet_type_mask &= peer_packet_types.acl.supported;
1504 packet_type_mask |= peer_packet_types.acl.unsupported;
1507 "Unable to include remote supported packet types as read feature "
1509 LOG_INFO("TIP: Maybe wait until read feature complete beforehand");
1512 if (packet_type_mask == 0) {
1513 LOG_WARN("Unable to send controller illegal change packet mask:0x%04x",
1518 link.pkt_types_mask = packet_type_mask;
1519 bluetooth::legacy::hci::GetInterface().ChangeConnectionPacketType(
1520 link.Handle(), link.pkt_types_mask);
1521 LOG_DEBUG("Started change connection packet type:0x%04x address:%s",
1522 link.pkt_types_mask, PRIVATE_ADDRESS(link.RemoteAddress()));
1526 void btm_set_packet_types_from_address(const RawAddress& bd_addr,
1527 uint16_t pkt_types) {
1528 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
1529 if (p_acl == nullptr) {
1530 LOG_WARN("Unable to find active acl");
1534 if (!internal_.change_connection_packet_types(*p_acl, pkt_types)) {
1535 LOG_ERROR("Unable to change connection packet type types:%04x address:%s",
1536 pkt_types, PRIVATE_ADDRESS(bd_addr));
1540 /*******************************************************************************
1542 * Function BTM_GetMaxPacketSize
1544 * Returns Returns maximum packet size that can be used for current
1545 * connection, 0 if connection is not established
1547 ******************************************************************************/
1548 uint16_t BTM_GetMaxPacketSize(const RawAddress& addr) {
1549 tACL_CONN* p = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1550 uint16_t pkt_types = 0;
1551 uint16_t pkt_size = 0;
1553 pkt_types = p->pkt_types_mask;
1555 /* Special case for when info for the local device is requested */
1556 if (addr == *controller_get_interface()->get_address()) {
1557 pkt_types = btm_cb.acl_cb_.DefaultPacketTypes();
1562 if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_3_DH5))
1563 pkt_size = HCI_EDR3_DH5_PACKET_SIZE;
1564 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_2_DH5))
1565 pkt_size = HCI_EDR2_DH5_PACKET_SIZE;
1566 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_3_DH3))
1567 pkt_size = HCI_EDR3_DH3_PACKET_SIZE;
1568 else if (pkt_types & HCI_PKT_TYPES_MASK_DH5)
1569 pkt_size = HCI_DH5_PACKET_SIZE;
1570 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_2_DH3))
1571 pkt_size = HCI_EDR2_DH3_PACKET_SIZE;
1572 else if (pkt_types & HCI_PKT_TYPES_MASK_DM5)
1573 pkt_size = HCI_DM5_PACKET_SIZE;
1574 else if (pkt_types & HCI_PKT_TYPES_MASK_DH3)
1575 pkt_size = HCI_DH3_PACKET_SIZE;
1576 else if (pkt_types & HCI_PKT_TYPES_MASK_DM3)
1577 pkt_size = HCI_DM3_PACKET_SIZE;
1578 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_3_DH1))
1579 pkt_size = HCI_EDR3_DH1_PACKET_SIZE;
1580 else if (!(pkt_types & HCI_PKT_TYPES_MASK_NO_2_DH1))
1581 pkt_size = HCI_EDR2_DH1_PACKET_SIZE;
1582 else if (pkt_types & HCI_PKT_TYPES_MASK_DH1)
1583 pkt_size = HCI_DH1_PACKET_SIZE;
1584 else if (pkt_types & HCI_PKT_TYPES_MASK_DM1)
1585 pkt_size = HCI_DM1_PACKET_SIZE;
1591 /*******************************************************************************
1593 * Function BTM_ReadRemoteVersion
1595 * Returns If connected report peer device info
1597 ******************************************************************************/
1598 bool BTM_ReadRemoteVersion(const RawAddress& addr, uint8_t* lmp_version,
1599 uint16_t* manufacturer, uint16_t* lmp_sub_version) {
1600 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1601 return bluetooth::shim::L2CA_ReadRemoteVersion(
1602 addr, lmp_version, manufacturer, lmp_sub_version);
1605 const tACL_CONN* p_acl = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1606 if (p_acl == nullptr) {
1607 p_acl = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_LE);
1608 if (p_acl == nullptr) {
1609 LOG_WARN("Unable to find active acl");
1614 if (!p_acl->remote_version_info.valid) {
1615 LOG_WARN("Remote version information is invalid");
1619 if (lmp_version) *lmp_version = p_acl->remote_version_info.lmp_version;
1621 if (manufacturer) *manufacturer = p_acl->remote_version_info.manufacturer;
1623 if (lmp_sub_version)
1624 *lmp_sub_version = p_acl->remote_version_info.lmp_subversion;
1629 /*******************************************************************************
1631 * Function BTM_ReadRemoteFeatures
1633 * Returns pointer to the remote supported features mask (8 bytes)
1635 ******************************************************************************/
1636 uint8_t* BTM_ReadRemoteFeatures(const RawAddress& addr) {
1637 if (bluetooth::shim::is_gd_l2cap_enabled()) {
1638 return bluetooth::shim::L2CA_ReadRemoteFeatures(addr);
1640 tACL_CONN* p = internal_.btm_bda_to_acl(addr, BT_TRANSPORT_BR_EDR);
1642 LOG_WARN("Unable to find active acl");
1646 return (p->peer_lmp_feature_pages[0]);
1649 /*******************************************************************************
1651 * Function BTM_ReadRSSI
1653 * Description This function is called to read the link policy settings.
1654 * The address of link policy results are returned in the
1656 * (tBTM_RSSI_RESULT)
1658 * Returns BTM_CMD_STARTED if successfully initiated or error code
1660 ******************************************************************************/
1661 tBTM_STATUS BTM_ReadRSSI(const RawAddress& remote_bda, tBTM_CMPL_CB* p_cb) {
1662 tACL_CONN* p = NULL;
1663 tBT_DEVICE_TYPE dev_type;
1664 tBLE_ADDR_TYPE addr_type;
1666 /* If someone already waiting on the version, do not allow another */
1667 if (btm_cb.devcb.p_rssi_cmpl_cb) return (BTM_BUSY);
1669 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1671 if (dev_type & BT_DEVICE_TYPE_BLE) {
1672 p = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
1675 if (p == NULL && dev_type & BT_DEVICE_TYPE_BREDR) {
1676 p = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
1680 btm_cb.devcb.p_rssi_cmpl_cb = p_cb;
1681 alarm_set_on_mloop(btm_cb.devcb.read_rssi_timer, BTM_DEV_REPLY_TIMEOUT_MS,
1682 btm_read_rssi_timeout, NULL);
1684 btsnd_hcic_read_rssi(p->hci_handle);
1685 return (BTM_CMD_STARTED);
1687 LOG_WARN("Unable to find active acl");
1689 /* If here, no BD Addr found */
1690 return (BTM_UNKNOWN_ADDR);
1693 /*******************************************************************************
1695 * Function BTM_ReadFailedContactCounter
1697 * Description This function is called to read the failed contact counter.
1698 * The result is returned in the callback.
1699 * (tBTM_FAILED_CONTACT_COUNTER_RESULT)
1701 * Returns BTM_CMD_STARTED if successfully initiated or error code
1703 ******************************************************************************/
1704 tBTM_STATUS BTM_ReadFailedContactCounter(const RawAddress& remote_bda,
1705 tBTM_CMPL_CB* p_cb) {
1707 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
1708 tBT_DEVICE_TYPE dev_type;
1709 tBLE_ADDR_TYPE addr_type;
1711 /* If someone already waiting on the result, do not allow another */
1712 if (btm_cb.devcb.p_failed_contact_counter_cmpl_cb) return (BTM_BUSY);
1714 BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type);
1715 if (dev_type == BT_DEVICE_TYPE_BLE) transport = BT_TRANSPORT_LE;
1717 p = internal_.btm_bda_to_acl(remote_bda, transport);
1718 if (p != (tACL_CONN*)NULL) {
1719 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = p_cb;
1720 alarm_set_on_mloop(btm_cb.devcb.read_failed_contact_counter_timer,
1721 BTM_DEV_REPLY_TIMEOUT_MS,
1722 btm_read_failed_contact_counter_timeout, NULL);
1724 btsnd_hcic_read_failed_contact_counter(p->hci_handle);
1725 return (BTM_CMD_STARTED);
1727 LOG_WARN("Unable to find active acl");
1729 /* If here, no BD Addr found */
1730 return (BTM_UNKNOWN_ADDR);
1733 /*******************************************************************************
1735 * Function BTM_ReadTxPower
1737 * Description This function is called to read the current
1738 * TX power of the connection. The tx power level results
1739 * are returned in the callback.
1740 * (tBTM_RSSI_RESULT)
1742 * Returns BTM_CMD_STARTED if successfully initiated or error code
1744 ******************************************************************************/
1745 tBTM_STATUS BTM_ReadTxPower(const RawAddress& remote_bda,
1746 tBT_TRANSPORT transport, tBTM_CMPL_CB* p_cb) {
1748 #define BTM_READ_RSSI_TYPE_CUR 0x00
1749 #define BTM_READ_RSSI_TYPE_MAX 0X01
1751 VLOG(2) << __func__ << ": RemBdAddr: " << remote_bda;
1753 /* If someone already waiting on the version, do not allow another */
1754 if (btm_cb.devcb.p_tx_power_cmpl_cb) return (BTM_BUSY);
1756 p = internal_.btm_bda_to_acl(remote_bda, transport);
1757 if (p != (tACL_CONN*)NULL) {
1758 btm_cb.devcb.p_tx_power_cmpl_cb = p_cb;
1759 alarm_set_on_mloop(btm_cb.devcb.read_tx_power_timer,
1760 BTM_DEV_REPLY_TIMEOUT_MS, btm_read_tx_power_timeout,
1763 if (p->transport == BT_TRANSPORT_LE) {
1764 btm_cb.devcb.read_tx_pwr_addr = remote_bda;
1765 btsnd_hcic_ble_read_adv_chnl_tx_power();
1767 btsnd_hcic_read_tx_power(p->hci_handle, BTM_READ_RSSI_TYPE_CUR);
1770 return (BTM_CMD_STARTED);
1773 LOG_WARN("Unable to find active acl");
1775 /* If here, no BD Addr found */
1776 return (BTM_UNKNOWN_ADDR);
1779 /*******************************************************************************
1781 * Function btm_read_tx_power_timeout
1783 * Description Callback when reading the tx power times out.
1787 ******************************************************************************/
1788 void btm_read_tx_power_timeout(UNUSED_ATTR void* data) {
1789 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
1790 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
1791 if (p_cb) (*p_cb)((void*)NULL);
1794 /*******************************************************************************
1796 * Function btm_read_tx_power_complete
1798 * Description This function is called when the command complete message
1799 * is received from the HCI for the read tx power request.
1803 ******************************************************************************/
1804 void btm_read_tx_power_complete(uint8_t* p, bool is_ble) {
1805 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_tx_power_cmpl_cb;
1806 tBTM_TX_POWER_RESULT result;
1808 alarm_cancel(btm_cb.devcb.read_tx_power_timer);
1809 btm_cb.devcb.p_tx_power_cmpl_cb = NULL;
1811 /* If there was a registered callback, call it */
1813 STREAM_TO_UINT8(result.hci_status, p);
1815 if (result.hci_status == HCI_SUCCESS) {
1816 result.status = BTM_SUCCESS;
1820 STREAM_TO_UINT16(handle, p);
1821 STREAM_TO_UINT8(result.tx_power, p);
1823 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1824 if (p_acl_cb != nullptr) {
1825 result.rem_bda = p_acl_cb->remote_addr;
1828 STREAM_TO_UINT8(result.tx_power, p);
1829 result.rem_bda = btm_cb.devcb.read_tx_pwr_addr;
1831 LOG_DEBUG("Transmit power complete: tx_power:%d hci status:%s",
1833 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
1836 result.status = BTM_ERR_PROCESSING;
1843 /*******************************************************************************
1845 * Function btm_read_rssi_timeout
1847 * Description Callback when reading the RSSI times out.
1851 ******************************************************************************/
1852 void btm_read_rssi_timeout(UNUSED_ATTR void* data) {
1853 tBTM_RSSI_RESULT result;
1854 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
1855 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
1856 result.status = BTM_DEVICE_TIMEOUT;
1857 if (p_cb) (*p_cb)(&result);
1860 /*******************************************************************************
1862 * Function btm_read_rssi_complete
1864 * Description This function is called when the command complete message
1865 * is received from the HCI for the read rssi request.
1869 ******************************************************************************/
1870 void btm_read_rssi_complete(uint8_t* p) {
1871 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_rssi_cmpl_cb;
1872 tBTM_RSSI_RESULT result;
1874 alarm_cancel(btm_cb.devcb.read_rssi_timer);
1875 btm_cb.devcb.p_rssi_cmpl_cb = NULL;
1877 /* If there was a registered callback, call it */
1879 STREAM_TO_UINT8(result.hci_status, p);
1880 result.status = BTM_ERR_PROCESSING;
1882 if (result.hci_status == HCI_SUCCESS) {
1884 STREAM_TO_UINT16(handle, p);
1886 STREAM_TO_UINT8(result.rssi, p);
1887 LOG_DEBUG("Read rrsi complete rssi:%hhd hci status:%s", result.rssi,
1888 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
1891 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1892 if (p_acl_cb != nullptr) {
1893 result.rem_bda = p_acl_cb->remote_addr;
1894 result.status = BTM_SUCCESS;
1901 /*******************************************************************************
1903 * Function btm_read_failed_contact_counter_timeout
1905 * Description Callback when reading the failed contact counter times out.
1909 ******************************************************************************/
1910 void btm_read_failed_contact_counter_timeout(UNUSED_ATTR void* data) {
1911 tBTM_FAILED_CONTACT_COUNTER_RESULT result;
1912 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_failed_contact_counter_cmpl_cb;
1913 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = NULL;
1914 result.status = BTM_DEVICE_TIMEOUT;
1915 if (p_cb) (*p_cb)(&result);
1918 /*******************************************************************************
1920 * Function btm_read_failed_contact_counter_complete
1922 * Description This function is called when the command complete message
1923 * is received from the HCI for the read failed contact
1928 ******************************************************************************/
1929 void btm_read_failed_contact_counter_complete(uint8_t* p) {
1930 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_failed_contact_counter_cmpl_cb;
1931 tBTM_FAILED_CONTACT_COUNTER_RESULT result;
1933 alarm_cancel(btm_cb.devcb.read_failed_contact_counter_timer);
1934 btm_cb.devcb.p_failed_contact_counter_cmpl_cb = NULL;
1936 /* If there was a registered callback, call it */
1939 STREAM_TO_UINT8(result.hci_status, p);
1941 if (result.hci_status == HCI_SUCCESS) {
1942 result.status = BTM_SUCCESS;
1944 STREAM_TO_UINT16(handle, p);
1946 STREAM_TO_UINT16(result.failed_contact_counter, p);
1948 "Failed contact counter complete: counter %u, hci status:%s",
1949 result.failed_contact_counter,
1950 hci_status_code_text(to_hci_status_code(result.hci_status)).c_str());
1952 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
1953 if (p_acl_cb != nullptr) {
1954 result.rem_bda = p_acl_cb->remote_addr;
1957 result.status = BTM_ERR_PROCESSING;
1964 /*******************************************************************************
1966 * Function btm_read_automatic_flush_timeout_complete
1968 * Description This function is called when the command complete message
1969 * is received from the HCI for the read automatic flush
1974 ******************************************************************************/
1975 void btm_read_automatic_flush_timeout_complete(uint8_t* p) {
1976 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb;
1977 tBTM_AUTOMATIC_FLUSH_TIMEOUT_RESULT result;
1979 alarm_cancel(btm_cb.devcb.read_automatic_flush_timeout_timer);
1980 btm_cb.devcb.p_automatic_flush_timeout_cmpl_cb = nullptr;
1982 /* If there was a registered callback, call it */
1985 STREAM_TO_UINT8(result.hci_status, p);
1986 result.status = BTM_ERR_PROCESSING;
1988 if (result.hci_status == HCI_SUCCESS) {
1989 result.status = BTM_SUCCESS;
1991 STREAM_TO_UINT16(handle, p);
1992 STREAM_TO_UINT16(result.automatic_flush_timeout, p);
1994 "Read automatic flush timeout complete timeout:%hu hci_status:%s",
1995 result.automatic_flush_timeout,
1996 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
1999 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
2000 if (p_acl_cb != nullptr) {
2001 result.rem_bda = p_acl_cb->remote_addr;
2008 /*******************************************************************************
2010 * Function btm_read_link_quality_timeout
2012 * Description Callback when reading the link quality times out.
2016 ******************************************************************************/
2017 void btm_read_link_quality_timeout(UNUSED_ATTR void* data) {
2018 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2019 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2020 if (p_cb) (*p_cb)((void*)NULL);
2023 /*******************************************************************************
2025 * Function btm_read_link_quality_complete
2027 * Description This function is called when the command complete message
2028 * is received from the HCI for the read link quality.
2032 ******************************************************************************/
2033 void btm_read_link_quality_complete(uint8_t* p) {
2034 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_link_qual_cmpl_cb;
2035 tBTM_LINK_QUALITY_RESULT result;
2037 alarm_cancel(btm_cb.devcb.read_link_quality_timer);
2038 btm_cb.devcb.p_link_qual_cmpl_cb = NULL;
2040 /* If there was a registered callback, call it */
2042 STREAM_TO_UINT8(result.hci_status, p);
2044 if (result.hci_status == HCI_SUCCESS) {
2046 result.status = BTM_SUCCESS;
2048 STREAM_TO_UINT16(handle, p);
2050 STREAM_TO_UINT8(result.link_quality, p);
2051 LOG_DEBUG("BTM Link Quality Complete: Link Quality %d, hci status:%s",
2052 result.link_quality,
2053 hci_error_code_text(static_cast<tHCI_STATUS>(result.hci_status))
2056 tACL_CONN* p_acl_cb = internal_.acl_get_connection_from_handle(handle);
2057 if (p_acl_cb != nullptr) {
2058 result.rem_bda = p_acl_cb->remote_addr;
2061 result.status = BTM_ERR_PROCESSING;
2068 /*******************************************************************************
2070 * Function btm_remove_acl
2072 * Description This function is called to disconnect an ACL connection
2074 * Returns BTM_SUCCESS if successfully initiated, otherwise
2077 ******************************************************************************/
2078 tBTM_STATUS btm_remove_acl(const RawAddress& bd_addr, tBT_TRANSPORT transport) {
2079 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2080 if (transport == BT_TRANSPORT_LE) {
2081 LOG(ERROR) << __func__ << ": Unsupported";
2083 bluetooth::shim::L2CA_DisconnectLink(bd_addr);
2087 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, transport);
2088 if (p_acl == nullptr) {
2089 LOG_WARN("Unable to find active acl");
2090 return BTM_UNKNOWN_ADDR;
2093 if (p_acl->Handle() == HCI_INVALID_HANDLE) {
2094 LOG_WARN("Cannot remove unknown acl bd_addr:%s transport:%s",
2095 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
2096 return BTM_UNKNOWN_ADDR;
2099 if (p_acl->rs_disc_pending == BTM_SEC_RS_PENDING) {
2101 "Delay disconnect until role switch is complete bd_addr:%s "
2103 PRIVATE_ADDRESS(bd_addr), bt_transport_text(transport).c_str());
2104 p_acl->rs_disc_pending = BTM_SEC_DISC_PENDING;
2108 hci_btsnd_hcic_disconnect(*p_acl, HCI_ERR_PEER_USER);
2112 /*******************************************************************************
2114 * Function BTM_SetTraceLevel
2116 * Description This function sets the trace level for BTM. If called with
2117 * a value of 0xFF, it simply returns the current trace level.
2119 * Returns The new or current trace level
2121 ******************************************************************************/
2122 uint8_t BTM_SetTraceLevel(uint8_t new_level) {
2123 if (new_level != 0xFF) btm_cb.trace_level = new_level;
2125 return (btm_cb.trace_level);
2128 void btm_cont_rswitch_from_handle(uint16_t hci_handle) {
2129 tACL_CONN* p = internal_.acl_get_connection_from_handle(hci_handle);
2131 LOG_WARN("Role switch received but with no active ACL");
2135 /* Check to see if encryption needs to be turned off if pending
2136 change of link key or role switch */
2137 if (p->is_switch_role_mode_change()) {
2138 /* Must turn off Encryption first if necessary */
2139 /* Some devices do not support switch or change of link key while encryption
2141 if (p->is_encrypted && !IsEprAvailable(*p)) {
2142 p->set_encryption_off();
2143 if (p->is_switch_role_mode_change()) {
2144 p->set_switch_role_encryption_off();
2146 } else /* Encryption not used or EPR supported, continue with switch
2147 and/or change of link key */
2149 if (p->is_switch_role_mode_change()) {
2150 internal_.hci_start_role_switch_to_central(*p);
2156 /*******************************************************************************
2158 * Function btm_acl_resubmit_page
2160 * Description send pending page request
2162 ******************************************************************************/
2163 void btm_acl_resubmit_page(void) {
2166 /* If there were other page request schedule can start the next one */
2167 p_buf = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue);
2168 if (p_buf != NULL) {
2169 /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr
2170 * for both create_conn and rmt_name */
2171 pp = (uint8_t*)(p_buf + 1) + p_buf->offset + 3;
2174 STREAM_TO_BDADDR(bda, pp);
2176 btm_cb.connecting_bda = bda;
2177 memcpy(btm_cb.connecting_dc, btm_get_dev_class(bda), DEV_CLASS_LEN);
2179 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p_buf);
2181 btm_cb.paging = false;
2185 /*******************************************************************************
2187 * Function btm_acl_reset_paging
2189 * Description set paging to false and free the page queue - called at
2192 ******************************************************************************/
2193 void btm_acl_reset_paging(void) {
2195 /* If we sent reset we are definitely not paging any more */
2196 while ((p = (BT_HDR*)fixed_queue_try_dequeue(btm_cb.page_queue)) != NULL)
2199 btm_cb.paging = false;
2202 /*******************************************************************************
2204 * Function btm_acl_paging
2206 * Description send a paging command or queue it in btm_cb
2208 ******************************************************************************/
2209 void btm_acl_paging(BT_HDR* p, const RawAddress& bda) {
2210 // This function is called by the device initiating the connection.
2211 // If no role change is requested from the remote device, we want
2212 // to classify the connection initiator as the central device.
2213 if (delayed_role_change_ == nullptr) {
2214 RoleChangeView role_change;
2215 role_change.bd_addr = bda;
2216 role_change.new_role = HCI_ROLE_CENTRAL;
2217 delayed_role_change_ =
2218 std::make_unique<RoleChangeView>(std::move(role_change));
2220 if (!BTM_IsAclConnectionUp(bda, BT_TRANSPORT_BR_EDR)) {
2221 VLOG(1) << "connecting_bda: " << btm_cb.connecting_bda;
2222 if (btm_cb.paging && bda == btm_cb.connecting_bda) {
2223 fixed_queue_enqueue(btm_cb.page_queue, p);
2225 btm_cb.connecting_bda = bda;
2226 memcpy(btm_cb.connecting_dc, btm_get_dev_class(bda), DEV_CLASS_LEN);
2228 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
2231 btm_cb.paging = true;
2232 } else /* ACL is already up */
2234 btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p);
2238 /*******************************************************************************
2240 * Function btm_acl_notif_conn_collision
2242 * Description Send connection collision event to upper layer if registered
2245 ******************************************************************************/
2246 void btm_acl_notif_conn_collision(const RawAddress& bda) {
2247 do_in_main_thread(FROM_HERE, base::Bind(bta_sys_notify_collision, bda));
2250 bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x) {
2251 return ((x.address)[0] & BLE_RESOLVE_ADDR_MASK) == BLE_RESOLVE_ADDR_MSB;
2254 bool acl_refresh_remote_address(const RawAddress& identity_address,
2255 tBLE_ADDR_TYPE identity_address_type,
2256 const RawAddress& bda, tBLE_ADDR_TYPE rra_type,
2257 const RawAddress& rpa) {
2258 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bda, BT_TRANSPORT_LE);
2259 if (p_acl == nullptr) {
2260 LOG_WARN("Unable to find active acl");
2264 if (rra_type == tBTM_SEC_BLE::BTM_BLE_ADDR_PSEUDO) {
2265 /* use identity address, resolvable_private_addr is empty */
2266 if (rpa.IsEmpty()) {
2267 p_acl->active_remote_addr_type = identity_address_type;
2268 p_acl->active_remote_addr = identity_address;
2270 p_acl->active_remote_addr_type = BLE_ADDR_RANDOM;
2271 p_acl->active_remote_addr = rpa;
2274 p_acl->active_remote_addr_type = rra_type;
2275 p_acl->active_remote_addr = rpa;
2278 LOG_DEBUG("active_remote_addr_type: %d ", p_acl->active_remote_addr_type);
2282 bool acl_peer_supports_ble_connection_parameters_request(
2283 const RawAddress& remote_bda) {
2284 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
2285 if (p_acl == nullptr) {
2286 LOG_WARN("Unable to find active acl");
2289 if (!p_acl->peer_le_features_valid) {
2291 "Checking remote features but remote feature read is "
2294 return HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl->peer_le_features);
2297 bool acl_peer_supports_sniff_subrating(const RawAddress& remote_bda) {
2298 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_BR_EDR);
2299 if (p_acl == nullptr) {
2300 LOG_WARN("Unable to find active acl");
2303 if (!p_acl->peer_lmp_feature_valid[0]) {
2305 "Checking remote features but remote feature read is "
2308 return HCI_SNIFF_SUB_RATE_SUPPORTED(p_acl->peer_lmp_feature_pages[0]);
2311 /*******************************************************************************
2313 * Function BTM_ReadConnectionAddr
2315 * Description This function is called to get the local device address
2320 ******************************************************************************/
2321 void BTM_ReadConnectionAddr(const RawAddress& remote_bda,
2322 RawAddress& local_conn_addr,
2323 tBLE_ADDR_TYPE* p_addr_type) {
2324 if (bluetooth::shim::is_gd_shim_enabled()) {
2325 return bluetooth::shim::BTM_ReadConnectionAddr(remote_bda, local_conn_addr,
2329 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2330 bluetooth::shim::L2CA_ReadConnectionAddr(remote_bda, local_conn_addr,
2333 } else if (bluetooth::shim::is_gd_scanning_enabled()) {
2334 bluetooth::shim::ACL_ReadConnectionAddress(remote_bda, local_conn_addr,
2339 tACL_CONN* p_acl = internal_.btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
2341 if (p_acl == NULL) {
2342 LOG_WARN("Unable to find active acl");
2345 local_conn_addr = p_acl->conn_addr;
2346 *p_addr_type = p_acl->conn_addr_type;
2348 LOG_DEBUG("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
2349 p_acl->conn_addr_type, p_acl->conn_addr.address[0]);
2352 /*******************************************************************************
2354 * Function BTM_IsBleConnection
2356 * Description This function is called to check if the connection handle
2359 * Returns true if connection is LE link, otherwise false.
2361 ******************************************************************************/
2362 bool BTM_IsBleConnection(uint16_t hci_handle) {
2363 if (bluetooth::shim::is_gd_shim_enabled()) {
2364 ASSERT_LOG(false, "This should not be invoked from code path");
2367 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2368 return bluetooth::shim::L2CA_IsLeLink(hci_handle);
2371 const tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2372 if (p_acl == nullptr) return false;
2373 return p_acl->is_transport_ble();
2376 const RawAddress acl_address_from_handle(uint16_t handle) {
2377 tACL_CONN* p_acl = acl_get_connection_from_handle(handle);
2378 if (p_acl == nullptr) {
2379 return RawAddress::kEmpty;
2381 return p_acl->remote_addr;
2384 /*******************************************************************************
2386 * Function btm_ble_refresh_local_resolvable_private_addr
2388 * Description This function refresh the currently used resolvable private
2389 * address for the active link to the remote device
2391 ******************************************************************************/
2392 void btm_ble_refresh_local_resolvable_private_addr(
2393 const RawAddress& pseudo_addr, const RawAddress& local_rpa) {
2394 tACL_CONN* p_acl = internal_.btm_bda_to_acl(pseudo_addr, BT_TRANSPORT_LE);
2395 if (p_acl == nullptr) {
2396 LOG_WARN("Unable to find active acl");
2400 if (btm_cb.ble_ctr_cb.privacy_mode == BTM_PRIVACY_NONE) {
2401 p_acl->conn_addr_type = BLE_ADDR_PUBLIC;
2402 p_acl->conn_addr = *controller_get_interface()->get_address();
2404 p_acl->conn_addr_type = BLE_ADDR_RANDOM;
2405 if (local_rpa.IsEmpty()) {
2406 p_acl->conn_addr = btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr;
2408 p_acl->conn_addr = local_rpa;
2413 bool sco_peer_supports_esco_2m_phy(const RawAddress& remote_bda) {
2414 uint8_t* features = BTM_ReadRemoteFeatures(remote_bda);
2415 if (features == nullptr) {
2417 "Checking remote features but remote feature read is "
2421 return HCI_EDR_ESCO_2MPS_SUPPORTED(features);
2424 bool sco_peer_supports_esco_3m_phy(const RawAddress& remote_bda) {
2425 uint8_t* features = BTM_ReadRemoteFeatures(remote_bda);
2426 if (features == nullptr) {
2428 "Checking remote features but remote feature read is "
2432 return HCI_EDR_ESCO_3MPS_SUPPORTED(features);
2435 bool acl_is_switch_role_idle(const RawAddress& bd_addr,
2436 tBT_TRANSPORT transport) {
2437 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, transport);
2438 if (p_acl == nullptr) {
2439 LOG_WARN("Unable to find active acl");
2442 return p_acl->is_switch_role_idle();
2445 /*******************************************************************************
2447 * Function BTM_ReadRemoteConnectionAddr
2449 * Description This function is read the remote device address currently used
2451 * Parameters pseudo_addr: pseudo random address available
2452 * conn_addr:connection address used
2453 * p_addr_type : BD Address type, Public or Random of the address
2456 * Returns bool, true if connection to remote device exists, else false
2458 ******************************************************************************/
2459 bool BTM_ReadRemoteConnectionAddr(const RawAddress& pseudo_addr,
2460 RawAddress& conn_addr,
2461 tBLE_ADDR_TYPE* p_addr_type) {
2462 if (bluetooth::shim::is_gd_shim_enabled()) {
2463 return bluetooth::shim::BTM_ReadRemoteConnectionAddr(pseudo_addr, conn_addr,
2467 if (bluetooth::shim::is_gd_l2cap_enabled()) {
2468 return bluetooth::shim::L2CA_ReadRemoteConnectionAddr(
2469 pseudo_addr, conn_addr, p_addr_type);
2473 tACL_CONN* p_acl = internal_.btm_bda_to_acl(pseudo_addr, BT_TRANSPORT_LE);
2475 if (p_acl == NULL) {
2476 LOG_WARN("Unable to find active acl");
2480 conn_addr = p_acl->active_remote_addr;
2481 *p_addr_type = p_acl->active_remote_addr_type;
2485 uint8_t acl_link_role_from_handle(uint16_t handle) {
2486 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2487 if (p_acl == nullptr) {
2488 return HCI_ROLE_UNKNOWN;
2490 return p_acl->link_role;
2493 bool acl_peer_supports_ble_packet_extension(uint16_t hci_handle) {
2494 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2495 if (p_acl == nullptr) {
2498 if (!p_acl->peer_le_features_valid) {
2500 "Checking remote features but remote feature read is "
2503 return HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features);
2506 bool acl_peer_supports_ble_2m_phy(uint16_t hci_handle) {
2507 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2508 if (p_acl == nullptr) {
2511 if (!p_acl->peer_le_features_valid) {
2513 "Checking remote features but remote feature read is "
2516 return HCI_LE_2M_PHY_SUPPORTED(p_acl->peer_le_features);
2519 bool acl_peer_supports_ble_coded_phy(uint16_t hci_handle) {
2520 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2521 if (p_acl == nullptr) {
2524 if (!p_acl->peer_le_features_valid) {
2526 "Checking remote features but remote feature read is "
2530 return HCI_LE_CODED_PHY_SUPPORTED(p_acl->peer_le_features);
2533 void acl_set_disconnect_reason(tHCI_STATUS acl_disc_reason) {
2534 btm_cb.acl_cb_.set_disconnect_reason(acl_disc_reason);
2537 bool acl_is_role_switch_allowed() {
2538 return btm_cb.acl_cb_.DefaultLinkPolicy() &
2539 HCI_ENABLE_CENTRAL_PERIPHERAL_SWITCH;
2542 uint16_t acl_get_supported_packet_types() {
2543 return btm_cb.acl_cb_.DefaultPacketTypes();
2546 bool acl_set_peer_le_features_from_handle(uint16_t hci_handle,
2548 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(hci_handle);
2549 if (p_acl == nullptr) {
2552 STREAM_TO_ARRAY(p_acl->peer_le_features, p, BD_FEATURES_LEN);
2553 p_acl->peer_le_features_valid = true;
2554 LOG_DEBUG("Completed le feature read request");
2558 void on_acl_br_edr_connected(const RawAddress& bda, uint16_t handle,
2560 if (delayed_role_change_ != nullptr && delayed_role_change_->bd_addr == bda) {
2561 btm_sec_connected(bda, handle, HCI_SUCCESS, enc_mode,
2562 delayed_role_change_->new_role);
2564 btm_sec_connected(bda, handle, HCI_SUCCESS, enc_mode);
2566 delayed_role_change_ = nullptr;
2567 btm_acl_set_paging(false);
2568 l2c_link_hci_conn_comp(HCI_SUCCESS, handle, bda);
2569 constexpr uint16_t link_supervision_timeout = 8000;
2570 BTM_SetLinkSuperTout(bda, link_supervision_timeout);
2572 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2573 if (p_acl == nullptr) {
2574 LOG_WARN("Unable to find active acl");
2579 * The legacy code path informs the upper layer via the BTA
2580 * layer after all relevant read_remote_ commands are complete.
2581 * The GD code path has ownership of the read_remote_ commands
2582 * and thus may inform the upper layers about the connection.
2584 if (bluetooth::shim::is_gd_acl_enabled()) {
2585 NotifyAclLinkUp(*p_acl);
2589 void on_acl_br_edr_failed(const RawAddress& bda, tHCI_STATUS status) {
2590 ASSERT_LOG(status != HCI_SUCCESS,
2591 "Successful connection entering failing code path");
2592 if (delayed_role_change_ != nullptr && delayed_role_change_->bd_addr == bda) {
2593 btm_sec_connected(bda, HCI_INVALID_HANDLE, status, false,
2594 delayed_role_change_->new_role);
2596 btm_sec_connected(bda, HCI_INVALID_HANDLE, status, false);
2598 delayed_role_change_ = nullptr;
2599 btm_acl_set_paging(false);
2600 l2c_link_hci_conn_comp(status, HCI_INVALID_HANDLE, bda);
2603 void btm_acl_connected(const RawAddress& bda, uint16_t handle,
2604 tHCI_STATUS status, uint8_t enc_mode) {
2607 return on_acl_br_edr_connected(bda, handle, enc_mode);
2609 return on_acl_br_edr_failed(bda, status);
2613 void btm_acl_disconnected(tHCI_STATUS status, uint16_t handle,
2614 tHCI_REASON reason) {
2615 if (status != HCI_SUCCESS) {
2616 LOG_WARN("Received disconnect with error:%s",
2617 hci_error_code_text(status).c_str());
2620 /* There can be a case when we rejected PIN code authentication */
2621 /* otherwise save a new reason */
2622 if (btm_get_acl_disc_reason_code() != HCI_ERR_HOST_REJECT_SECURITY) {
2623 acl_set_disconnect_reason(static_cast<tHCI_STATUS>(reason));
2626 /* If L2CAP or SCO doesn't know about it, send it to ISO */
2627 if (!l2c_link_hci_disc_comp(handle, reason) &&
2628 !btm_sco_removed(handle, reason)) {
2629 bluetooth::hci::IsoManager::GetInstance()->HandleDisconnect(handle, reason);
2632 /* Notify security manager */
2633 btm_sec_disconnected(handle, reason);
2636 constexpr uint16_t kDefaultPacketTypes =
2637 HCI_PKT_TYPES_MASK_DM1 | HCI_PKT_TYPES_MASK_DH1 | HCI_PKT_TYPES_MASK_DM3 |
2638 HCI_PKT_TYPES_MASK_DH3 | HCI_PKT_TYPES_MASK_DM5 | HCI_PKT_TYPES_MASK_DH5;
2640 void acl_create_classic_connection(const RawAddress& bd_addr,
2641 bool there_are_high_priority_channels,
2643 if (bluetooth::shim::is_gd_acl_enabled()) {
2644 return bluetooth::shim::ACL_CreateClassicConnection(bd_addr);
2647 const bool controller_supports_role_switch =
2648 controller_get_interface()->supports_role_switch();
2649 const bool acl_allows_role_switch = acl_is_role_switch_allowed();
2651 /* FW team says that we can participant in 4 piconets
2652 * typically 3 piconet + 1 for scanning.
2653 * We can enhance the code to count the number of piconets later. */
2654 uint8_t allow_role_switch = HCI_CR_CONN_NOT_ALLOW_SWITCH;
2655 if (((acl_allows_role_switch && (BTM_GetNumAclLinks() < 3)) ||
2656 (is_bonding && !there_are_high_priority_channels &&
2657 controller_supports_role_switch)))
2658 allow_role_switch = HCI_CR_CONN_ALLOW_SWITCH;
2660 /* Check with the BT manager if details about remote device are known */
2661 uint8_t page_scan_rep_mode{HCI_PAGE_SCAN_REP_MODE_R1};
2662 uint8_t page_scan_mode{HCI_MANDATARY_PAGE_SCAN_MODE};
2663 uint16_t clock_offset = BTM_GetClockOffset(bd_addr);
2665 tBTM_INQ_INFO* p_inq_info = BTM_InqDbRead(bd_addr);
2666 if (p_inq_info != nullptr &&
2667 (p_inq_info->results.inq_result_type & BTM_INQ_RESULT_BR)) {
2668 page_scan_rep_mode = p_inq_info->results.page_scan_rep_mode;
2669 page_scan_mode = p_inq_info->results.page_scan_mode;
2670 clock_offset = p_inq_info->results.clock_offset;
2673 btsnd_hcic_create_conn(bd_addr, kDefaultPacketTypes, page_scan_rep_mode,
2674 page_scan_mode, clock_offset, allow_role_switch);
2675 btm_acl_set_paging(true);
2678 void btm_acl_connection_request(const RawAddress& bda, uint8_t* dc) {
2679 btm_sec_conn_req(bda, dc);
2680 l2c_link_hci_conn_req(bda);
2683 void acl_accept_connection_request(const RawAddress& bd_addr, uint8_t role) {
2684 btsnd_hcic_accept_conn(bd_addr, role);
2687 void acl_reject_connection_request(const RawAddress& bd_addr, uint8_t reason) {
2688 btsnd_hcic_reject_conn(bd_addr, reason);
2691 void acl_disconnect_from_handle(uint16_t handle, tHCI_STATUS reason) {
2692 acl_disconnect_after_role_switch(handle, reason);
2695 void acl_disconnect_after_role_switch(uint16_t conn_handle,
2696 tHCI_STATUS reason) {
2697 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(conn_handle);
2698 if (p_acl == nullptr) {
2699 LOG_ERROR("Sending disconnect for unknown acl:%hu PLEASE FIX", conn_handle);
2700 GetLegacyHciInterface().Disconnect(conn_handle, reason);
2704 /* If a role switch is in progress, delay the HCI Disconnect to avoid
2705 * controller problem */
2706 if (p_acl->rs_disc_pending == BTM_SEC_RS_PENDING) {
2708 "Role switch in progress - Set DISC Pending flag in "
2709 "btm_sec_send_hci_disconnect "
2710 "to delay disconnect");
2711 p_acl->rs_disc_pending = BTM_SEC_DISC_PENDING;
2713 LOG_DEBUG("Sending acl disconnect reason:%s [%hu]",
2714 hci_error_code_text(reason).c_str(), reason);
2715 hci_btsnd_hcic_disconnect(*p_acl, reason);
2719 constexpr uint16_t kDataPacketEventBrEdr = (BT_EVT_TO_LM_HCI_ACL);
2720 constexpr uint16_t kDataPacketEventBle =
2721 (BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID);
2723 void acl_send_data_packet_br_edr(const RawAddress& bd_addr, BT_HDR* p_buf) {
2724 if (bluetooth::shim::is_gd_acl_enabled()) {
2725 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
2726 if (p_acl == nullptr) {
2727 LOG_WARN("Acl br_edr data write for unknown device:%s",
2728 PRIVATE_ADDRESS(bd_addr));
2732 return bluetooth::shim::ACL_WriteData(p_acl->hci_handle, p_buf);
2734 bte_main_hci_send(p_buf, kDataPacketEventBrEdr);
2737 void acl_send_data_packet_ble(const RawAddress& bd_addr, BT_HDR* p_buf) {
2738 if (bluetooth::shim::is_gd_acl_enabled()) {
2739 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
2740 if (p_acl == nullptr) {
2741 LOG_WARN("Acl le data write for unknown device:%s",
2742 PRIVATE_ADDRESS(bd_addr));
2746 return bluetooth::shim::ACL_WriteData(p_acl->hci_handle, p_buf);
2748 bte_main_hci_send(p_buf, kDataPacketEventBle);
2751 void acl_write_automatic_flush_timeout(const RawAddress& bd_addr,
2752 uint16_t flush_timeout_in_ticks) {
2753 tACL_CONN* p_acl = internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
2754 if (p_acl == nullptr) {
2755 LOG_WARN("Unable to find active acl");
2758 if (p_acl->flush_timeout_in_ticks == flush_timeout_in_ticks) {
2760 "Ignoring since cached value is same as requested flush_timeout:%hd",
2761 flush_timeout_in_ticks);
2764 flush_timeout_in_ticks &= HCI_MAX_AUTOMATIC_FLUSH_TIMEOUT;
2765 p_acl->flush_timeout_in_ticks = flush_timeout_in_ticks;
2766 btsnd_hcic_write_auto_flush_tout(p_acl->hci_handle, flush_timeout_in_ticks);
2769 bool acl_create_le_connection_with_id(uint8_t id, const RawAddress& bd_addr) {
2770 if (bluetooth::shim::is_gd_acl_enabled()) {
2771 tBLE_BD_ADDR address_with_type{
2773 .type = BLE_ADDR_RANDOM,
2775 gatt_find_in_device_record(bd_addr, &address_with_type);
2776 LOG_DEBUG("Creating le connection to:%s",
2777 address_with_type.ToString().c_str());
2778 bluetooth::shim::ACL_AcceptLeConnectionFrom(address_with_type,
2779 /* is_direct */ true);
2782 return connection_manager::direct_connect_add(id, bd_addr);
2785 bool acl_create_le_connection(const RawAddress& bd_addr) {
2786 return acl_create_le_connection_with_id(CONN_MGR_ID_L2CAP, bd_addr);
2789 void acl_rcv_acl_data(BT_HDR* p_msg) {
2790 acl_header_t acl_header{
2791 .handle = HCI_INVALID_HANDLE,
2794 const uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
2796 STREAM_TO_UINT16(acl_header.handle, p);
2797 acl_header.handle = HCID_GET_HANDLE(acl_header.handle);
2799 STREAM_TO_UINT16(acl_header.hci_len, p);
2800 if (acl_header.hci_len < L2CAP_PKT_OVERHEAD ||
2801 acl_header.hci_len != p_msg->len - sizeof(acl_header)) {
2802 LOG_WARN("Received mismatched hci header length:%u data_len:%zu",
2803 acl_header.hci_len, p_msg->len - sizeof(acl_header));
2807 l2c_rcv_acl_data(p_msg);
2810 void acl_link_segments_xmitted(BT_HDR* p_msg) {
2811 l2c_link_segments_xmitted(p_msg);
2814 void acl_packets_completed(uint16_t handle, uint16_t credits) {
2815 l2c_packets_completed(handle, credits);
2818 static void acl_parse_num_completed_pkts(uint8_t* p, uint8_t evt_len) {
2820 LOG_ERROR("Received num completed packets with zero length");
2824 uint8_t num_handles{0};
2825 STREAM_TO_UINT8(num_handles, p);
2827 if (num_handles > evt_len / (2 * sizeof(uint16_t))) {
2828 android_errorWriteLog(0x534e4554, "141617601");
2829 num_handles = evt_len / (2 * sizeof(uint16_t));
2832 for (uint8_t xx = 0; xx < num_handles; xx++) {
2834 uint16_t num_packets{0};
2835 STREAM_TO_UINT16(handle, p);
2836 handle = HCID_GET_HANDLE(handle);
2837 STREAM_TO_UINT16(num_packets, p);
2838 acl_packets_completed(handle, num_packets);
2842 void acl_process_num_completed_pkts(uint8_t* p, uint8_t evt_len) {
2843 if (bluetooth::shim::is_gd_acl_enabled()) {
2844 acl_parse_num_completed_pkts(p, evt_len);
2846 l2c_link_process_num_completed_pkts(p, evt_len);
2848 bluetooth::hci::IsoManager::GetInstance()->HandleNumComplDataPkts(p, evt_len);
2851 void acl_process_supported_features(uint16_t handle, uint64_t features) {
2852 ASSERT_LOG(bluetooth::shim::is_gd_acl_enabled(),
2853 "Should only be called when gd_acl enabled");
2855 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2856 if (p_acl == nullptr) {
2857 LOG_WARN("Unable to find active acl");
2860 const uint8_t current_page_number = 0;
2862 memcpy(p_acl->peer_lmp_feature_pages[current_page_number],
2863 (uint8_t*)&features, sizeof(uint64_t));
2864 p_acl->peer_lmp_feature_valid[current_page_number] = true;
2867 "Copied supported feature pages handle:%hu current_page_number:%hhu "
2869 handle, current_page_number,
2870 bd_features_text(p_acl->peer_lmp_feature_pages[current_page_number])
2873 if ((HCI_LMP_EXTENDED_SUPPORTED(p_acl->peer_lmp_feature_pages[0])) &&
2874 (controller_get_interface()
2875 ->supports_reading_remote_extended_features())) {
2876 LOG_DEBUG("Waiting for remote extended feature response to arrive");
2878 LOG_DEBUG("No more remote features outstanding so notify upper layer");
2879 NotifyAclFeaturesReadComplete(*p_acl, current_page_number);
2883 void acl_process_extended_features(uint16_t handle, uint8_t current_page_number,
2884 uint8_t max_page_number, uint64_t features) {
2885 ASSERT_LOG(bluetooth::shim::is_gd_acl_enabled(),
2886 "Should only be called when gd_acl enabled");
2888 if (current_page_number > HCI_EXT_FEATURES_PAGE_MAX) {
2889 LOG_WARN("Unable to process current_page_number:%hhu", current_page_number);
2892 tACL_CONN* p_acl = internal_.acl_get_connection_from_handle(handle);
2893 if (p_acl == nullptr) {
2894 LOG_WARN("Unable to find active acl");
2897 memcpy(p_acl->peer_lmp_feature_pages[current_page_number],
2898 (uint8_t*)&features, sizeof(uint64_t));
2899 p_acl->peer_lmp_feature_valid[current_page_number] = true;
2902 "Copied extended feature pages handle:%hu current_page_number:%hhu "
2903 "max_page_number:%hhu features:%s",
2904 handle, current_page_number, max_page_number,
2905 bd_features_text(p_acl->peer_lmp_feature_pages[current_page_number])
2908 if (max_page_number == current_page_number) {
2909 NotifyAclFeaturesReadComplete(*p_acl, max_page_number);
2913 void ACL_RegisterClient(struct acl_client_callback_s* callbacks) {
2914 LOG_DEBUG("UNIMPLEMENTED");
2917 void ACL_UnregisterClient(struct acl_client_callback_s* callbacks) {
2918 LOG_DEBUG("UNIMPLEMENTED");
2921 bool ACL_SupportTransparentSynchronousData(const RawAddress& bd_addr) {
2922 const tACL_CONN* p_acl =
2923 internal_.btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR);
2924 if (p_acl == nullptr) {
2925 LOG_WARN("Unable to find active acl");
2929 return HCI_LMP_TRANSPNT_SUPPORTED(p_acl->peer_lmp_feature_pages[0]);
2932 void acl_add_to_ignore_auto_connect_after_disconnect(
2933 const RawAddress& bd_addr) {
2934 btm_cb.acl_cb_.AddToIgnoreAutoConnectAfterDisconnect(bd_addr);
2937 bool acl_check_and_clear_ignore_auto_connect_after_disconnect(
2938 const RawAddress& bd_addr) {
2939 return btm_cb.acl_cb_.CheckAndClearIgnoreAutoConnectAfterDisconnect(bd_addr);
2942 void acl_clear_all_ignore_auto_connect_after_disconnect() {
2943 btm_cb.acl_cb_.ClearAllIgnoreAutoConnectAfterDisconnect();
2947 * Confusingly, immutable device features are stored in the
2948 * ephemeral connection data structure while connection security
2949 * is stored in the device record.
2951 * This HACK allows legacy security protocols to work as intended under
2954 void HACK_acl_check_sm4(tBTM_SEC_DEV_REC& record) {
2955 // Return if we already know this info
2956 if ((record.sm4 & BTM_SM4_TRUE) != BTM_SM4_UNKNOWN) return;
2959 internal_.btm_bda_to_acl(record.RemoteAddress(), BT_TRANSPORT_BR_EDR);
2960 if (p_acl == nullptr) {
2961 LOG_WARN("Unable to find active acl for authentication device:%s",
2962 PRIVATE_ADDRESS(record.RemoteAddress()));
2966 // If we have not received the SSP feature record
2968 if (!p_acl->peer_lmp_feature_valid[1]) {
2970 "Authentication started without extended feature page 1 request "
2974 record.sm4 = (HCI_SSP_HOST_SUPPORTED(p_acl->peer_lmp_feature_pages[1]))