#define LOG_TAG "bt_bta_dm"
#include <assert.h>
+#include <cutils/log.h>
#include <string.h>
#include "bt_target.h"
#define BTA_DM_SWITCH_DELAY_TIMER_MS 500
#endif
+#define BTA_MAX_SERVICES 32
+
static void bta_dm_reset_sec_dev_pending(BD_ADDR remote_bd_addr);
static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr);
static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS *p_inq, UINT8 *p_eir);
#endif
UINT32 num_uuids = 0;
- UINT8 uuid_list[32][MAX_UUID_SIZE]; // assuming a max of 32 services
+ UINT8 uuid_list[BTA_MAX_SERVICES][MAX_UUID_SIZE]; // assuming a max of 32 services
if((p_data->sdp_event.sdp_result == SDP_SUCCESS)
|| (p_data->sdp_event.sdp_result == SDP_NO_RECS_MATCH)
(tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index-1));
tmp_svc = bta_service_id_to_uuid_lkup_tbl[bta_dm_search_cb.service_index-1];
/* Add to the list of UUIDs */
- sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);
- num_uuids++;
+ if (num_uuids < BTA_MAX_SERVICES) {
+ sdpu_uuid16_to_uuid128(tmp_svc, uuid_list[num_uuids]);
+ num_uuids++;
+ } else {
+ android_errorWriteLog(0x534e4554, "74016921");
+ }
}
}
}
{
if (SDP_FindServiceUUIDInRec_128bit(p_sdp_rec, &temp_uuid))
{
- memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);
- num_uuids++;
+ if (num_uuids < BTA_MAX_SERVICES) {
+ memcpy(uuid_list[num_uuids], temp_uuid.uu.uuid128, MAX_UUID_SIZE);
+ num_uuids++;
+ } else {
+ android_errorWriteLog(0x534e4554, "74016921");
+ }
}
}
} while (p_sdp_rec);
/*case BTM_SP_KEY_REQ_EVT: */
case BTM_SP_KEY_NOTIF_EVT:
#endif
+ bta_dm_cb.num_val = sec_event.key_notif.passkey = p_data->key_notif.passkey;
+
if(BTM_SP_CFM_REQ_EVT == event)
{
/* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
}
}
- bta_dm_cb.num_val = sec_event.key_notif.passkey = p_data->key_notif.passkey;
if (BTM_SP_KEY_NOTIF_EVT == event)
{
/* If the device name is not known, save bdaddr and devclass
}
if (conn.link_down.is_removed)
{
- BTM_SecDeleteDevice(p_bda);
+ // p_bda points to security record, which is removed in
+ // BTM_SecDeleteDevice.
+ BD_ADDR addr_copy;
+ memcpy(addr_copy, p_bda, BD_ADDR_LEN);
+ BTM_SecDeleteDevice(addr_copy);
#if (BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE)
/* need to remove all pending background connection */
- BTA_GATTC_CancelOpen(0, p_bda, FALSE);
+ BTA_GATTC_CancelOpen(0, addr_copy, FALSE);
/* remove all cached GATT information */
- BTA_GATTC_Refresh(p_bda);
+ BTA_GATTC_Refresh(addr_copy);
#endif
}
*******************************************************************************/
static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr)
{
- UINT16 index = 0;
if ( BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) ||
BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR))
{
- APPL_TRACE_DEBUG("%s ACL is not down. Schedule for Dev Removal when ACL closes",
- __FUNCTION__);
- for (index = 0; index < bta_dm_cb.device_list.count; index ++)
+ APPL_TRACE_DEBUG("%s ACL is not down. Schedule for Dev Removal when ACL closes",
+ __func__);
+ BTM_SecClearSecurityFlags (remote_bd_addr);
+ for (int i = 0; i < bta_dm_cb.device_list.count; i++)
{
- if (!bdcmp( bta_dm_cb.device_list.peer_device[index].peer_bdaddr, remote_bd_addr))
+ if (!bdcmp( bta_dm_cb.device_list.peer_device[i].peer_bdaddr, remote_bd_addr))
+ {
+ bta_dm_cb.device_list.peer_device[i].remove_dev_pending = TRUE;
break;
- }
- if (index != bta_dm_cb.device_list.count)
- {
- bta_dm_cb.device_list.peer_device[index].remove_dev_pending = TRUE;
- }
- else
- {
- APPL_TRACE_ERROR(" %s Device does not exist in DB", __FUNCTION__);
+ }
}
}
else
bta_dm_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
break;
+ case BTM_LE_SC_OOB_REQ_EVT:
+ bdcpy(sec_event.ble_req.bd_addr, bda);
+ bta_dm_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
+ break;
+
case BTM_LE_KEY_EVT:
bdcpy(sec_event.ble_key.bd_addr, bda);
sec_event.ble_key.key_type = p_data->key.key_type;
else
{
sec_event.auth_cmpl.success = TRUE;
- /* We also register for Service Changed right after connect. */
if (!p_data->complt.smp_over_br)
GATT_ConfigServiceChangeCCC(bda, TRUE, BT_TRANSPORT_LE);
}