OSDN Git Service
Myles Watson [Tue, 3 Oct 2017 23:51:30 +0000 (16:51 -0700)]
btm: Return the result in btm_pm_compare_modes
Test: build
Bug:
67383347
Change-Id: Id4407c1a73592674f0d86b1be1152abc088908b5
Jakub Pawlowski [Sat, 9 Sep 2017 19:50:38 +0000 (12:50 -0700)]
Use std::list in GATT related code
Bug:
67057055
Test: sl4a Gatt* tests
Change-Id: I8201ebdad5ba4c3d5d0a2fd3d0fe9dc900b51d60
Treehugger Robot [Wed, 4 Oct 2017 17:22:17 +0000 (17:22 +0000)]
Merge "Run clang format on files touched by CL 488398"
Jack He [Mon, 2 Oct 2017 21:07:33 +0000 (14:07 -0700)]
A2DP: Advance btif profile queue on OPENING->other_state transition
* Entering BTIF_AV_STATE_OPENING is only possible through
BTIF_AV_CONNECT_REQ_EVT (initiated by us) OR
BTA_AV_PENDING_EVT (initiated by remote)
from BTIF_AV_STATE_IDLE
* If we go from BTIF_AV_CONNECT_REQ_EVT, we must have a pending
connection request in btif_profile_queue that should be advanced when
we quit BTIF_AV_STATE_OPENING state
* This CL adds a flag to indicate whether an AV connection is initiated
by us and only advance queue when it is
* Also add queue advancement in BTA_AV_REJECT_EVT and BTA_AV_CLOSE_EVT
Bug:
67317954
Test: make
Change-Id: I16dc8ebf76c6edaacb1f7a4a44e604170ff9a8b0
c_sdamga [Mon, 20 Jul 2015 13:47:04 +0000 (19:17 +0530)]
Handle Disconnect request in AV Opening State handler
Usecase:
1. Uncheck media from settings UI
2. initiate A2dp connection from remote, send AVRCP play from remote
Failure:
A2dp connection stuck in opening state.
Rootcause:
When A2dp is unchecked from settings UI and remote initiated
a2dp connection and AVRCP play, music starts streaming on DUT
since A2dp connection disconnected. As A2dp connection was not
completed, btif state stuck in opening state.
Fix:
Handled the disconnection request in the opening state
so that AV state machine moves to proper state before
processing AVRCP Play.
Test: 1. Uncheck media from settings UI
2. initiate A2dp connection from remote, send AVRCP play
Bug:
35415160
Change-Id: If1cda5b78100419fdc60c97349efafdd4a18d40c
Myles Watson [Tue, 19 Sep 2017 17:01:28 +0000 (10:01 -0700)]
Run clang format on files touched by CL 488398
https://android-review.googlesource.com/#/c/488398/
Test: build
Change-Id: Iefbd5b632087be00a12b1a0c851f9e3f3b514532
Subramanian Srinivasan [Fri, 29 Sep 2017 01:41:03 +0000 (18:41 -0700)]
Fix adv instance validity check during suspend and resume of resolving list
When BT is shutdown, multi advertisement instance pointer is made
null by BleAdvertisingManager::CleanUp function.
Any subsequent BleAdvertisingManager::Get function call made at
this point(eg during suspension and resumption of resolving list
activity)leads to a crash as the instance pointer is null.
Hence, use BleAdvertisingManager::IsInitialized function instead
of BleAdvertisingManager::Get function to check the validity of
multi advertisement instance.
Bug:
67325491
Change-Id: Ibbae7fa546bb52494be78eaff6d4b7b15614ab15
Stanley Tng [Fri, 29 Sep 2017 16:01:25 +0000 (09:01 -0700)]
Add comments to function arrays to indicate usage
No logic change. More comments are added to function arrays to indicate
how each array entry are used.
Test: Manual
Change-Id: I59283cb9786da6f3a4b8a4b36e36e79a25ca6cb8
Dan Willemsen [Tue, 3 Oct 2017 02:30:06 +0000 (02:30 +0000)]
Merge "Rename target.linux[_x86[_64]] to target.linux_glibc[_x86[_64]]"
Treehugger Robot [Mon, 2 Oct 2017 23:02:56 +0000 (23:02 +0000)]
Merge "HID: Free process_repage_timer to prevent leak"
Hemant Gupta [Wed, 13 Sep 2017 12:05:03 +0000 (17:35 +0530)]
HID: Free process_repage_timer to prevent leak
Usecase:
1) Perform BT on/off stress test
2) Check for memory leakage in code in subsequent BT on/off usecase
Expectation
No memory leak during BT on/off stress test
Observed result
Memory leakage in hid code where alarm process_repage_timer is not freed
and only cancelled
Fix:
Free alarm process_repage_timer during HID Host deregstration
Test: Checked with BT on/off usecase, and alarm process_repage_timer is now
freed in every BT on/off usecase.
Bug:
65657207
Change-Id: Iccecd126716a5660f4c37ddc917bacee84342297
Dan Willemsen [Mon, 2 Oct 2017 17:41:11 +0000 (10:41 -0700)]
Rename target.linux[_x86[_64]] to target.linux_glibc[_x86[_64]]
In the future, target.linux will apply to all targets running a linux kernel
(android, linux_glibc, linux_bionic). So move all current users to the specific
linux_glibc.
There will be another cleanup pass later that will move some instances back to
target.linux if the properties should be shared with target.android and
target.linux_bionic, but target.linux needs to be removed first.
Test: out/soong/build.ninja identical before/after
Change-Id: Iadc1ba324e03fd2b1b52bf471ffa2a71e0ec3e61
Exempt-From-Owner-Approval: build system cleanup
Stanley Tng [Thu, 28 Sep 2017 19:55:41 +0000 (12:55 -0700)]
Add more logs for Bluetooth connection errors
Test: manual
Change-Id: I63402ee8ffa8f57a70a9c9aaa0370d8ca599bbea
Treehugger Robot [Fri, 29 Sep 2017 23:17:41 +0000 (23:17 +0000)]
Merge "Remove unused events handler for BLE scan clients"
Pavlin Radoslavov [Fri, 29 Sep 2017 01:11:06 +0000 (18:11 -0700)]
Remove casts to (tBTA_GATTC*) unions to avoid unaligned accesses
Bug:
65381426
Test: unit tests
Change-Id: I37e89ec7187ab1c61be4c736385a9fc5ec88d737
Pavlin Radoslavov [Fri, 29 Sep 2017 21:44:59 +0000 (21:44 +0000)]
Merge "Revert "Fix stack-buffer-overflow in bluetooth service GATT client""
Treehugger Robot [Fri, 29 Sep 2017 21:07:57 +0000 (21:07 +0000)]
Merge "UUID fix string parsing"
Jakub Pawlowski [Fri, 29 Sep 2017 20:48:38 +0000 (13:48 -0700)]
Remove unused events handler for BLE scan clients
These events should be handled only for GATT clients, not for BLE
scanner.
Bug:
67058417
Test: compilation
Change-Id: I70744d3c6fd7eb40d839863f7413a7521ca0b2e9
Pavlin Radoslavov [Fri, 29 Sep 2017 00:30:13 +0000 (17:30 -0700)]
Revert "Fix stack-buffer-overflow in bluetooth service GATT client"
Instead of a calling site fix, a fix will be added to the called
function instead.
This reverts commit
998f78519d4ca9aad5a7105c8064c6a08342e98c.
Jakub Pawlowski [Fri, 29 Sep 2017 19:11:42 +0000 (12:11 -0700)]
UUID fix string parsing
Instead of making assumption about null termination to make sure proper
number of characters were consumed in sscanf, just ask it to provide the
total number of characters parsed
Test: unittest net_test_types net_test_storage
Change-Id: I2a71c6a15774f73e0ed294d2646884e768ff30d2
Dan Willemsen [Fri, 29 Sep 2017 00:12:28 +0000 (17:12 -0700)]
Remove default libraries
libdl is part of system_shared_libs now. -ldl -lpthread -lm are now defaults
for host_ldlibs on Linux and Darwin. -lrt is a default for host_ldlibs on
Linux.
Test: m host
Change-Id: Ie87f6ff4290d18e099e1be92093b86f743296563
Exempt-From-Owner-Approval: build system cleanup
Chao Quan [Thu, 28 Sep 2017 17:15:32 +0000 (10:15 -0700)]
Fix condition of adding device to resloving list
Initial conditions:
1. A phone with a bt controller which doesn't support LE
privacy feature.
2. A HOGP mouse which doesn't exchange identity informatin
(IRK & indentity address)to phone
Reproduce procedure:
1. phone pair with mouse.
2. Disconnect profile link to mouse.
3. re-initiate connect to mouse.
Result: Can't connect to mouse
After bond done, stack will try to add the bonded device
to resolving list. But in the condition that controller
doesn't support LE privacy, stack adds a record with a dummy
static address. When re-initiate connection to this device,
stack will use this dummy static address, and connection
fail.
Fix the related condition
Test: manual
Change-Id: I82621c57c54667294912d4270be10299e8029b4a
Chao Quan [Fri, 11 Aug 2017 03:30:59 +0000 (11:30 +0800)]
Refactor btm_ble_resolving_list_load_dev
Test: compilation
Change-Id: I69fd4d9df63801bcc8b529d95bee74fd06c86249
Treehugger Robot [Thu, 28 Sep 2017 04:16:02 +0000 (04:16 +0000)]
Merge "HIDD: Auto-plug and accept incoming connections"
Jack He [Thu, 28 Sep 2017 01:25:56 +0000 (18:25 -0700)]
Fix Linux build
* UUID source files
* L2CAP UCD source files
Test: build on linux
Change-Id: Iba6d8d082612c62e5a8d552140c86ed242da0e36
Treehugger Robot [Thu, 28 Sep 2017 01:01:30 +0000 (01:01 +0000)]
Merge "Don't set CT2 bit when talking to pre-5.0 devices"
Jakub Pawlowski [Wed, 27 Sep 2017 22:41:13 +0000 (15:41 -0700)]
Don't set CT2 bit when talking to pre-5.0 devices
Prior to 5.0 spec, CT2 bit in AuthReq was reserved. Setting it cause
bonding failure with devices that handle it incorrectly.
Bug:
66179701
Bug:
66931978
Test: Bond with device that have 4.2 chip
Change-Id: Idbbf2c39c499698844218059a35cb686996c136a
Yamei Du [Sat, 27 May 2017 02:41:42 +0000 (10:41 +0800)]
Fix out-of-bounds reading when copy SDP raw data
When no attribute is returned in the SDP response, the cpy_len will be
MAX_DISC_RAW_DATA_BUF, this will cause out-of-bonds reading of source
buffer when copy the response raw data.
Change-Id: I923d8ee7e08f935e13cec38b75a04beca6174452
Myles Watson [Wed, 20 Sep 2017 23:41:19 +0000 (16:41 -0700)]
SMP: Use tSMP_INT_DATA instead of void
Test: pairing sanity
Change-Id: Ie3a2f94ddd718344219760cef7f1477bd4d09e00
Ivan Podogov [Tue, 26 Sep 2017 10:42:41 +0000 (11:42 +0100)]
HIDD: Auto-plug and accept incoming connections
Linux, Windows, and OSX try to connect with HID devices during
pairing. We should auto-plug and accept incoming connections if
there is currently no device connected.
In case of Windows, if it fails to connect the first time right
after pairing, all future connections are guaranteed to fail:
hangs in the "response pending" state at L2CAP connection, right
after SECURITY_COMPLETE, looks like a bug in Windows stack.
Since we always have a plugged, "in_use" device in registered
state, we won't be able to accept a new incoming connection,
unless we don't have any other paired device at all. This check
should be removed to allow smoother pairing experience and fix
Windows compatibility.
Bug:
66940516
Test: manual, with a test app
Change-Id: Ie6ca639cb120b52f59880fadb4d3654a095664d6
Jack He [Thu, 21 Sep 2017 00:06:42 +0000 (17:06 -0700)]
L2CAP: Remove UCD related flags
* L2CAP UCD (Unicast Connectionless Data) is no longer enabled on the
stack
* L2CAP_UCD_INCLUDED is always FALSE, the TRUE case should be removed
* As result, L2CAP_UCD_MTU, L2CAP_UCD_IDLE_TIMEOUT, and
L2CAP_UCD_CH_PRIORITY need to be removed as well
Bug:
66244184
Test: build
Change-Id: Ieee8b3a547653efa3a34a0810c415ba4c32f1be7
Treehugger Robot [Wed, 27 Sep 2017 19:43:18 +0000 (19:43 +0000)]
Merge "Modify Bluetooth Class of Device from Android stack"
Treehugger Robot [Wed, 27 Sep 2017 18:55:30 +0000 (18:55 +0000)]
Merge "Fix GATT Characteristic discovery (server side)"
Jakub Pawlowski [Wed, 27 Sep 2017 16:58:46 +0000 (09:58 -0700)]
Fix GATT Characteristic discovery (server side)
The pointer was not properly incremented, which resulted in trashes
being sent during GATT discovery.
This issue was introduced in commit
819e2ecb84a22d6e03ec9ed67b3260c0dd7e8aba (Use one type for UUID)
Bug:
66912853
Test: sl4a GATT read test
Change-Id: Ib57ad050ff17852f9b2fec9c51cad246235e3e80
Pulkit Bhuwalka [Thu, 14 Sep 2017 02:25:31 +0000 (19:25 -0700)]
Modify Bluetooth Class of Device from Android stack
Adds ability to modify Bluetooth Class of Device from Android stack by
hooking into existing functions to modify adapter properties. This
ensures the hardware HAL bluetooth.h interface does not have to change.
Bug:
36015415
Test: Modified Class of Device using sample app and verified device icon
change when discovering from a remote device.
Change-Id: Ib5f05741480a27431afea882d071ded4a6b1bdb8
Myles Watson [Tue, 19 Sep 2017 17:01:28 +0000 (10:01 -0700)]
Remove casts to unions to avoid unaligned accesses
Bug:
65392204
Test: sanity
Change-Id: I2886cc02289b68710e83147ba4d7715a32a4fc55
Jakub Pawlowski [Tue, 26 Sep 2017 15:45:20 +0000 (08:45 -0700)]
Remove unnecesary BTA redefinitions for GATT part 4
Test: compilation test
Change-Id: Ibe37a1c6506d567b68497e8c7074d90cd73ddf00
Jakub Pawlowski [Tue, 26 Sep 2017 01:47:54 +0000 (18:47 -0700)]
Remove unnecesary BTA redefinitions for GATT part 3
Test: compilation test
Change-Id: I8d4b8cfd35fcb5ccd7067f1e02dedd1a58efa3ad
Jakub Pawlowski [Tue, 26 Sep 2017 00:41:21 +0000 (17:41 -0700)]
Remove unnecesary BTA redefinitions for GATT part 2
Test: compilation test
Change-Id: Iaf81188596c33b92f79f163dc95187ed5c6f52a4
Jakub Pawlowski [Tue, 26 Sep 2017 00:24:46 +0000 (17:24 -0700)]
Remove unnecesary BTA redefinitions for GATT part 1
Test: compilation test
Change-Id: I98ab63a187684ae4ffbb0cb23e5c9e67994be468
Jakub Pawlowski [Tue, 26 Sep 2017 05:19:01 +0000 (22:19 -0700)]
Build fix after UUID refactor for stage branch
Change-Id: Ia01fa17ba40d315a912c391211e101a951eab562
Jakub Pawlowski [Mon, 10 Jul 2017 16:56:09 +0000 (09:56 -0700)]
Use one type for UUID (1/5)
Currently, we have few different representations for UUID in stack:
tBT_UUID, tSDP_UUID, bt_uuid_t, bluetooth:UUID, or uint8_t*.
Additionally, tBT_UUID and bt_uuid_t are used to hold UUID as 128bit
as Little Endian or Big Endian, depending on which part of stack (GATT
or SDP) is using it.
This patch is creating one type, bluetooth::Uuid, that will replace all
other types.
Bug:
66912853
Test: all sl4a tests for GATT and RFCOMM
Merged-In: Ia42d3233146db0488728ed6f878f99b368fe8838
Change-Id: Ia42d3233146db0488728ed6f878f99b368fe8838
Hansong Zhang [Fri, 22 Sep 2017 19:39:05 +0000 (19:39 +0000)]
Merge "Get rid of unused _DYNAMIC_MEMORY"
Treehugger Robot [Fri, 22 Sep 2017 18:32:43 +0000 (18:32 +0000)]
Merge "btlinux: Fix sepolicy for split policy (Treble) builds"
Hansong Zhang [Wed, 20 Sep 2017 16:31:32 +0000 (09:31 -0700)]
Get rid of unused _DYNAMIC_MEMORY
Removed the unused BTA_DYNAMIC_MEMORY and HID_DYNAMIC_LIBRARY
Bug:
27731905
Test: Manual
Change-Id: I6019584b165471c4058a2ec7ef8f278531153d18
Ajay Panicker [Wed, 6 Sep 2017 16:59:51 +0000 (09:59 -0700)]
Change our AVRCP capabilities if the remote device only supports 1.3
This prevents issues with devices that only support 1.3 but can not
handle forward compatability like some Alpine Carkits.
Bug:
37943083
Test: Connect to Alpine carkit that only supports 1.3 and see new features
are used.
Change-Id: I6d041590dc51d7e8711b17fb1cb9c880b640052a
(cherry picked from commit
f9f1c8b449efb9cb7894a64fe2977f875679ba52)
Ajay Panicker [Fri, 1 Sep 2017 19:07:42 +0000 (12:07 -0700)]
Bluetooth: Add AVRCP 1.3 as a developer option for AVRCP version (2/2)
This is requied for the 2012 Mazda 3 carkit as the carkit refuses to send
AVRCP commands other than passthrough commands when the version is anything
else. AVRCP 1.3 is compatible with most carkits on the market and can be
used to get most carkits working at the cost of losing many features.
Bug:
37943083
Test: Set AVRCP 1.3 in developer options and see that SDP and the AVRCP
capabilites have updated to reflect this.
TestTracker: 105915/3975
Change-Id: Iffc7ed1dd91eecb699153125b25451de5826f202
(cherry picked from commit
2369a95e6ed0c16f61237fe9c1fc5a90d97129c1)
Ajay Panicker [Wed, 30 Aug 2017 01:30:43 +0000 (18:30 -0700)]
Don't reject notifications and wait until new addressed player is ready (2/2)
There are some carkits like the ones found in the 2016 Honda CRZ and some
Audi's that do not follow the spec and do not honor reject pending notification
messages after switching players. This causes an issue whenever you switch
players, the metadata freezes due to the fact that the carkit never re-registers
for new track changed notifications. This patch removes the reject notification
and reorders the current notifications.
Bug:
64142363
Test: Test with Audi S7 and 2016 Honda CRZ and see that switching players works
TestTracker: 105391/3975
Change-Id: Iaec70863594e13217916ab740d529f526d27c2d1
(cherry picked from commit
dd535e70c767fe214c1634b46618d0fb5ed4385d)
Jakub Pawlowski [Wed, 20 Sep 2017 20:52:11 +0000 (13:52 -0700)]
Get rid of libhardware dependency in native daemon
Test: compilation test
Bug:
66187274
Change-Id: I97ee33a55315f44dc03083d1a8da9a38d5619725
Jakub Pawlowski [Wed, 20 Sep 2017 20:16:11 +0000 (13:16 -0700)]
Loosen libhardware dependency
In most places we don't really need the libhardware library, just the
headers.
Bug:
66187274
Test: compilation test
Change-Id: Ifa2f547165fcf8b34bc29ab80d2bd12ce02f4ae1
Pavlin Radoslavov [Wed, 20 Sep 2017 03:29:33 +0000 (20:29 -0700)]
Enable extra A2DP control log messages
Also, fixed a log message when failed to accept the
corresponding socket socket.
Test: manual
Bug:
63949429
Change-Id: I6d9af32f61974a739d179c37da36c360aefcca79
Sunny Kapdi [Tue, 19 Sep 2017 01:14:13 +0000 (18:14 -0700)]
BLE Adv RPA is not updated on first timeout
BLE Advertisement RPA is getting updated with the
same RPA instead of the newly generated RPA on the
first timeout. Make sure to send the newly generated
RPA to the Controller.
CRs-Fixed:
2111232
Bug:
65857055
Change-Id: I4d8e95c26fe8e5944fdee32089b8fcaffa238367
Rob Herring [Mon, 18 Sep 2017 14:25:58 +0000 (09:25 -0500)]
btlinux: Fix sepolicy for split policy (Treble) builds
In full Treble builds, the btlinux HAL fails to build the sepolicy:
neverallow check failed at out/target/product/linaro_x86_64/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4518
from system/sepolicy/public/domain.te:673
(neverallow base_typeattr_55 base_typeattr_56 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/linaro_x86_64/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6054
(allow hal_bluetooth_btlinux hal_bluetooth_btlinux_exec (file (read getattr map execute entrypoint open)))
Test: Build completes successfully
Change-Id: Ibb8dbe7f2ca823c87ae4404c40cdc35656c8e0af
Signed-off-by: Rob Herring <robh@kernel.org>
Treehugger Robot [Sat, 16 Sep 2017 06:24:09 +0000 (06:24 +0000)]
Merge "Clean-up BTIF profile queue on profile shutdown"
Jack He [Fri, 15 Sep 2017 00:13:19 +0000 (17:13 -0700)]
Clean-up BTIF profile queue on profile shutdown
* Add btif_profile_cleanup(uuid) method to remove pending connection
requests for individual UUIDs
* Call the above method in each profile's clean-up method
* Add unit tests for btif_profile_queue
Bug:
63790458
Test: make, unit tests, pair and connect car kits
Change-Id: I28288c295b7ca0259b2112c11b4e5a81d6f2e33c
Jakub Pawlowski [Fri, 15 Sep 2017 20:43:40 +0000 (13:43 -0700)]
SetPreferredPhy/ReadPhy callback fix
Bug:
65746728
Test: manual
Change-Id: Ifdd8e7051c953aa1c006abecd62d1af196619d98
Treehugger Robot [Thu, 14 Sep 2017 23:45:01 +0000 (23:45 +0000)]
Merge "GAP: Set service_id before calling gap_release_ccb"
Myles Watson [Thu, 14 Sep 2017 21:13:44 +0000 (14:13 -0700)]
GAP: Set service_id before calling gap_release_ccb
Calling gap_release_ccb with a service_id == 0, which in turn
calls BTM_SecClrService with an ID of 0.
From the documentation for BTM_SecClrService:
Service ID - Id of the service to remove. '0' removes all
service records (except SDP).
Test: BLE connection and characteristic read
Change-Id: Icf309807f02e1faa273cf9bad9c09d9221a8bbfd
Jakub Pawlowski [Thu, 14 Sep 2017 18:40:32 +0000 (11:40 -0700)]
Fix included service parsing (1/3)
Bug:
65637368
Test: sl4a GattIncludedServiceTest
Change-Id: Icb882d411a75a91e3fea050f00c40e76de3539de
Jakub Pawlowski [Mon, 28 Aug 2017 16:56:13 +0000 (09:56 -0700)]
Add Suspend/Resume for advertising
This is needed for resolving list handling.
Bug:
64846264
Test: updated unit tests
Change-Id: I3d9c7b90d3b69d459d33c4ca7a9849ca3a7abc40
Treehugger Robot [Tue, 12 Sep 2017 21:50:08 +0000 (21:50 +0000)]
Merge "btm: Clear LINK_KEY_KNOWN flag for temporary connections"
Myles Watson [Tue, 12 Sep 2017 15:23:23 +0000 (08:23 -0700)]
btm: Clear LINK_KEY_KNOWN flag for temporary connections
Bug:
62561154
Test: Smart Setup, erase target, Smart Setup
Change-Id: Icba672a38772dc99a74f351301c81d66f37ee929
Pavlin Radoslavov [Tue, 12 Sep 2017 19:08:49 +0000 (12:08 -0700)]
Fix ASAN crash inside btif_av_event_deep_copy()
Allocate sufficient data on the stack that can be safely copied inside
btif_av_event_deep_copy()
Bug:
65524264
Test: Run Bluetooth on ASAN enabled build
Change-Id: Ie6d4a28933302131c58eb4aee34161e435634377
Pavlin Radoslavov [Tue, 12 Sep 2017 18:51:21 +0000 (11:51 -0700)]
Return the correct status when BTA_AV Open failed because of role switch
Bug:
65588660
Test: Code compilation
Change-Id: I705ec28c76f2342e18bece193005c962b9febac8
Kim Low [Thu, 6 Apr 2017 01:01:34 +0000 (18:01 -0700)]
Fix MAC address byte ordering in the uniq field
The UNIQ field can be used in the driver to detect duplicate devices.
For example, if a controller is connected via both Bluetooth and USB,
the driver can use the UNIQ field, which typically contains the unique
MAC address to identify that it's the same device.
Test: Connect a Bluetooth device and check its MAC address using
ioctl(EVIOCGUNIQ) call.
Change-Id: I458608e845fcb24c0d615f6aef8d92ccb08d08ec
Myles Watson [Tue, 12 Sep 2017 14:08:13 +0000 (07:08 -0700)]
stack: Fix btm_send_link_key_notif comment
Test: build
Change-Id: I212ac76af9fab7b11d02120cae5f6eeec14baf69
Jakub Pawlowski [Fri, 8 Sep 2017 18:26:25 +0000 (11:26 -0700)]
Fix alarms being posted on wrong thread
Alarms from btu_bta_alarm_queue and btu_generic_alarm_queue should be
processed on the main MessageLoop thread.
Replaced obsoleted alarm_set_on_queue() alarm API with the new
alarm_set_on_mloop() API
Test: manual
Bug:
65078753
Change-Id: I54b472b39b44a6c541dbdcdad7414056d0dd4163
Chao Quan [Mon, 24 Jul 2017 11:46:53 +0000 (19:46 +0800)]
Fix crash during derigister GATT server
When deregister a gatt server, GATT_deregister
will use a loop to stop service one by one and
call std::list::erase in GATTS_StopService to
remove service info. But erase makes iterator lose
efficacy. If the iterator is operated after that,
Bluetooth will crash.
Add the iterator before erase.
Test: manual
Change-Id: I10f9351a95ab4922553d8a77663a0212407607aa
Jeremy Klein [Fri, 8 Sep 2017 21:04:39 +0000 (14:04 -0700)]
Ensure that services are cleaned from the GattServer HandleMap.
The incorrect service handle was being plumbed up to onServiceDeleted.
This was causing stale entries to stick around forever in the HandleMap,
which could later cause failures to find callback references in
ContextMap if the connection ID changed for a given device.
Bug:
65463237
Test: unit tests modified and run
Change-Id: I2e22858b447f4e6b5a4fbceee4c406191c84a67d
Pavlin Radoslavov [Thu, 7 Sep 2017 23:22:53 +0000 (16:22 -0700)]
Use strlcpy() instead of strncpy() to copy string property
Also, allocate property with extra space for the null-termination string.
Test: Unit tests passing
Change-Id: I67452cb640cda752c3094c2b1a47eaa13c24e5c6
Pavlin Radoslavov [Fri, 1 Sep 2017 23:40:59 +0000 (16:40 -0700)]
Read the Tx Power level when flushing the A2DP Tx queue
Also, minor renaming and cleanup (for consistency).
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: Id722342b596e0bf3c9c7664272b6d3e311bb82e9
Pavlin Radoslavov [Fri, 1 Sep 2017 23:09:27 +0000 (16:09 -0700)]
Implement HCI_Read_Automatic_Flush_Timeout mechanism
Also, read the Automatic Flush Timeout when flushing the A2DP Tx queue
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: Ic49b5236328ddacde1d7f2aee131e35e317a14ef
Jakub Pawlowski [Thu, 7 Sep 2017 17:39:09 +0000 (17:39 +0000)]
Merge "Fix GATT log spam"
Jaekyun Seok [Wed, 30 Aug 2017 02:17:08 +0000 (11:17 +0900)]
Add 'vendor.' prefix to a vendor HAL service name
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.
Test: succeeded building gce_x86_phone-userdebug and confirmed that
service names were renamed correctly.
Bug:
36796459
Change-Id: Iedcb3a01e00e80c58dc76653784a3c353f34ce0a
Michael Spang [Wed, 6 Sep 2017 15:44:33 +0000 (11:44 -0400)]
Fix stack-buffer-overflow in bluetooth service GATT client
Use the tBTA_GATTC union for |notify| in bta_gattc_process_indicate() to
avoid a stack-buffer-overflow in btif_transfer_context.
==1410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x0077c8c0c066 at pc 0x0077e50c9ae0 bp 0x0077c8c0bcd0 sp 0x0077c8c0b460
READ of size 616 at 0x0077c8c0c066 thread T38 (btu message loo)
#0 0x77e50c9adf in __interceptor_memcpy external/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:701:5
#1 0x77ca1e838f in memcpy(void*, void const* pass_object_size0, unsigned long) bionic/libc/include/string.h:173:12
#2 0x77ca1e838f in btif_transfer_context(void (*)(unsigned short, char*), unsigned short, char*, int, void (*)(unsigned short, char*, char*)) system/bt/btif/src/btif_core.cc:208:0
#3 0x77ca209853 in (anonymous namespace)::bta_gattc_cback(unsigned char, tBTA_GATTC*) system/bt/btif/src/btif_gatt_client.cc:204:7
#4 0x77ca11455b in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1596:9
#5 0x77ca40b4b7 in gatt_process_notification(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:664:7
#6 0x77ca40d78f in gatt_client_handle_server_rsp(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:1119:9
#7 0x77ca414447 in gatt_le_data_ind(unsigned short, unsigned char*, BT_HDR*) system/bt/stack/gatt/gatt_main.cc:576:7
#8 0x77ca47665b in l2c_rcv_acl_data(BT_HDR*) system/bt/stack/l2cap/l2c_main.cc:211:9
#9 0x77c9da50eb in base::Callback<void (), (base::internal::CopyMode)1>::Run() const external/libchrome/base/callback.h:389:12
#10 0x77c9da50eb in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) external/libchrome/base/debug/task_annotator.cc:51:0
#11 0x77c9df75e3 in base::MessageLoop::RunTask(base::PendingTask const&) external/libchrome/base/message_loop/message_loop.cc:494:19
#12 0x77c9df80b7 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) external/libchrome/base/message_loop/message_loop.cc:503:5
#13 0x77c9df8fb7 in base::MessageLoop::DoWork() external/libchrome/base/message_loop/message_loop.cc:627:13
#14 0x77c9dfd33b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) external/libchrome/base/message_loop/message_pump_default.cc:35:31
#15 0x77c9e4e327 in base::RunLoop::Run() external/libchrome/base/run_loop.cc:35:10
#16 0x77ca3e97ab in btu_message_loop_run(void*) system/bt/stack/btu/btu_task.cc:98:14
#17 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#18 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#19 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#20 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#21 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#22 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 2 lines
Address 0x0077c8c0c066 is located in stack of thread T38 (btu message loo)
at offset 646 in frame
#0 0x77ca114293 in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1538:0
002(bluetooth) btu message loo identical 1 line
This frame has 4 object(s):
[32, 646) 'notify' (line 1543)
[784, 790) 'remote_bda' (line 1544) <== Memory access at offset 646 partially underflows this variable
[816, 817) 'gatt_if' (line 1545) <== Memory access at offset 646 partially underflows this variable
[832, 833) 'transport' (line 1546) <== Memory access at offset 646 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Thread T38 (btu message loo) created by T37 (bt_workqueue) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca3e9a73 in btu_task_start_up(void*) system/bt/stack/btu/btu_task.cc:127:26
#3 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#4 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#5 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#6 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#7 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#8 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 1 line
Thread T37 (bt_workqueue) created by T20 (stack_manager) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca3e936f in BTU_StartUp() system/bt/stack/btu/btu_init.cc:129:25
#3 0x77ca2a513b in event_start_up_stack(void*) system/bt/btif/src/stack_manager.cc:146:3
#4 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#5 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#6 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#7 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#8 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#9 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 1 line
Thread T20 (stack_manager) created by T0 (droid.bluetooth) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca2a4e7f in ensure_manager_initialized() system/bt/btif/src/stack_manager.cc:238:23
#3 0x77ca2a4e7f in stack_manager_get_interface() system/bt/btif/src/stack_manager.cc:251:0
#4 0x77ca1b7927 in init(bt_callbacks_t*) system/bt/btif/src/bluetooth.cc:144:3
#5 0x77ca9899fb in android::initNative(_JNIEnv*, _jobject*) packages/apps/Bluetooth/jni/com_android_bluetooth_btservice_AdapterService.cpp:663:13
#6 0x77e1c87703 in art_quick_generic_jni_trampoline /proc/self/cwd/art/runtime/arch/arm64/quick_entrypoints_arm64.S:2329:0
#6 0x37ab0579318381f (<unknown module>)
002(bluetooth) btu message loo identical 1 line
SUMMARY: AddressSanitizer: stack-buffer-overflow (/system/lib64/libclang_rt.asan-aarch64-android.so+0x31adf)
Shadow bytes around the buggy address:
0x001ef91817b0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x001ef91817c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x001ef9181800: 00 00 00 00 00 00 00 00 00 00 00 00[06]f2 f2 f2
0x001ef9181810: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 06 f2
0x001ef9181820: f2 f2 01 f2 01 f3 f3 f3 00 00 00 00 00 00 00 00
0x001ef9181830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef9181840: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef9181850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1410==ABORTING
Bug:
65381426
Change-Id: Ie632f131b622cc323ce68ec7be152caef23c95ec
Treehugger Robot [Wed, 6 Sep 2017 17:03:37 +0000 (17:03 +0000)]
Merge "Extended Scan HCI definations as per BT 5.0 SIG "
Jakub Pawlowski [Wed, 6 Sep 2017 15:41:46 +0000 (08:41 -0700)]
Fix GATT log spam
Bug:
65255942
Test: manual
Change-Id: I212bc93149dc514517f409edc36f74e1c2895d96
Pavlin Radoslavov [Sun, 19 Mar 2017 02:35:06 +0000 (19:35 -0700)]
Store a name string in property without violating string boundaries
Don't copy data beyond end of string when storing it as BT_PROPERTY_BDNAME
in property.
Also, update an unit test to create a string by considering the property
name length.
Test: Running unit tests with ASAN enabled
Change-Id: Iaa586b4a0942f99ba469d1ed963729e7ad721503
Sagayajayasheelan Thomas [Mon, 17 Jul 2017 09:50:01 +0000 (15:20 +0530)]
Extended Scan HCI definations as per BT 5.0 SIG
Added Ext Scan HCI defination for periodic scan.
Change-Id: Ic7dce5fb5207a22e4b193d84033d84126d780be5
Signed-off-by: Sagayajayasheelan Thomas <sagayajayasheelan.thomas@intel.com>
Srinu Jella [Thu, 17 Nov 2016 09:32:20 +0000 (15:02 +0530)]
Clear IB_CFG_DONE on receiving peer config request when channel open
Root Cause: Configure request fails in CST_OPEN state
after a configure request IB_CFG_DONE and OB_CFG_DONE both are
cleared. Some IOT devices try to configure again in the CST_OPEN
state which fails if OB_CFG_DONE is cleared.
Fix: Clear IB_CFG_DONE and keep OB_CFG_DONE unchanged on receiving
Peer config request when channel open.
Test: Tested with Geely Carkit.
Bug:
35082459
Change-Id: I8deca0c8ff73faafc3da94dcd9ea55e06bd8a31d
Martin Brabham [Wed, 3 May 2017 23:05:47 +0000 (16:05 -0700)]
Avoid lookup on NULL address
Test: Manually watch some debug logs during pairing and auth processes
Change-Id: I6410b8bc00587196392ae787a6aa1d85c0c71967
Pavlin Radoslavov [Fri, 1 Sep 2017 05:06:11 +0000 (22:06 -0700)]
Implement HCI_Read_Failed_Contact_Counter mechanism
Also, read the Failed Contact Counter when flushing the A2DP Tx queue
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: I8ff72560e3840c5c22cfac9613c4be670b8a4cf1
Pavlin Radoslavov [Tue, 29 Aug 2017 17:00:21 +0000 (10:00 -0700)]
Add / update log messages during stack startup / shutdown
Test: manual
Bug:
64975965
Change-Id: I22ae7cad3b0ef3b7eb7ea2b7b6f93449a6363070
Treehugger Robot [Thu, 31 Aug 2017 03:25:30 +0000 (03:25 +0000)]
Merge "BTIF: Add meaningful logging to btif_profile_queue"
Treehugger Robot [Thu, 31 Aug 2017 02:09:22 +0000 (02:09 +0000)]
Merge "Limit the maximum number of entries in the remote bdaddr cache to 1024"
Pavlin Radoslavov [Tue, 29 Aug 2017 00:42:46 +0000 (17:42 -0700)]
Limit the maximum number of entries in the remote bdaddr cache to 1024
Also, renamed p_dev_cb to remote_bdaddr_cache.
Bug:
64975965
Test: BLE scanning
Change-Id: I518390c53c5ff2a24ac9f010464225d763b33228
Jack He [Wed, 30 Aug 2017 19:00:41 +0000 (12:00 -0700)]
RFCOMM: Add more logging during port close
* Log MAC address and UUIDs of closed connections
* Log reasons for RFCOMM closure when generic CLOSE is used
as reason
Bug:
65080465
Test: Use profiles that use RFCOMM
Change-Id: Iff9f7537989e51d7b98f7cf1241db3f196f501d7
Jack He [Wed, 30 Aug 2017 18:13:08 +0000 (11:13 -0700)]
BTIF: Add meaningful logging to btif_profile_queue
* Add INFO logging to add/advance/execute functions in
btif_profile_queue
* Add ERROR logging to add failures
Bug:
65051171
Test: Try connection to multiple profiles
Change-Id: I058ad06a45eeceb4d160af472f317d08843ca6bf
Pavlin Radoslavov [Wed, 30 Aug 2017 18:02:27 +0000 (11:02 -0700)]
Inline comparison operators for RawAddress
Test: Code compilation
Bug:
64975965
Change-Id: I5a7ab7e0cd270c2769a3a471a506fc78a0a94533
Pavlin Radoslavov [Tue, 29 Aug 2017 22:02:44 +0000 (15:02 -0700)]
Add missing comparison operators for RawAddress
Test: Unit tests added
Bug:
64975965
Change-Id: Id27f1ef7ec99f0761d6e2fb40bf38212ab8312a1
Myles Watson [Thu, 4 May 2017 18:13:10 +0000 (11:13 -0700)]
btm: Finish renaming SMP_AUTH_<GEN_>BOND
Test: build, grep for SMP_AUTH_GEN_BOND
Change-Id: Ic9e1950282a60e1d644d79291d9c0822ac6c973e
Jakub Pawlowski [Tue, 22 Aug 2017 10:10:46 +0000 (03:10 -0700)]
Fix crashes in btm_consolidate_dev
It is not safe to do list_next after list_remove.
Test: sl4a BleStressTest:test_le_pairing
Bug:
31442085
Change-Id: Ib4cb02154684b39ebc652d20559e1b07eee2c357
Jakub Pawlowski [Fri, 18 Aug 2017 13:03:55 +0000 (13:03 +0000)]
Fix connection handle data type
am:
73af403370
Change-Id: Ic08764d124def613fcbb52fca68a487ded52390f
Jakub Pawlowski [Fri, 18 Aug 2017 11:14:22 +0000 (04:14 -0700)]
Fix connection handle data type
conn_handle should be uint16_t, not uint8_t.
Test: compilation test
Bug:
64232952
Change-Id: Ibce88e2cf2f74f402ea26f7471e5ac35aef6229b
Jakub Pawlowski [Thu, 17 Aug 2017 23:53:48 +0000 (23:53 +0000)]
Cleanup RawAddress usage
am:
2e05f0dd4f
Change-Id: I76258df03bef16cf4a71f3dab2412b89750e0ab7
Jakub Pawlowski [Wed, 16 Aug 2017 13:41:02 +0000 (06:41 -0700)]
Cleanup RawAddress usage
Use RawAddress::kLength instead of sizeof(RawAddress). When copying
value using memcpy, use "->address" instead of direct instance address.
Bug:
64726342
Change-Id: Iac7e5674f7e32b53162ab734c2251e65e9d4554c
Chih-Hung Hsieh [Thu, 17 Aug 2017 00:09:12 +0000 (00:09 +0000)]
Fix misc-macro-parentheses warnings in system/bt.
am:
fc25b19606
Change-Id: I7ef5175514d7f1483743c20c916854f1e4cce687
Chih-Hung Hsieh [Tue, 1 Aug 2017 22:04:23 +0000 (15:04 -0700)]
Fix misc-macro-parentheses warnings in system/bt.
* Use NOLINT to suppress missing parentheses warnings around bitmask.
Bug:
28705665
Test: make with WITH_TIDY=1 WITH_TIDY_CHECKS=-*,misc-macro-* \
WITH_TIDY_FLAGS=-header-filter=system/bt/.*
Change-Id: I4f095898d49eafdea9eb72f9ffc9eac87f68a4c8
Jack He [Wed, 16 Aug 2017 00:23:04 +0000 (00:23 +0000)]
Fix errors in handling RawAddresses
am:
882aec320e
Change-Id: If23c7e9bf4231ec3398d0de21c0656a240935209
Jack He [Tue, 15 Aug 2017 06:02:16 +0000 (23:02 -0700)]
Fix errors in handling RawAddresses
* In change I8d1bd6914aec55bb53495b1d0d5e3d37b86865e6
memcmp(a, b, LEN) != 0 should be translated to
A != B
* memcpy should not be applied to RawAddress objects.
Assignment operator should be used instead.
* memset should not be applied to RawAddress objects.
Assignment to RawAddress::kEmpty should be used.
* Fixed a crash in GATT
Bug:
64316340
Test: Unit test, pair with device and transmit
Change-Id: Iceefab821c1d45a88194d87a43a192afa5f263fd