OSDN Git Service
Chris Manton [Tue, 7 Dec 2021 20:58:25 +0000 (20:58 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
ea8501068c
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16207305
Change-Id: I0b3f7f9849d220beea88182159c9ab704f8deea2
TreeHugger Robot [Tue, 7 Dec 2021 20:56:22 +0000 (20:56 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into sc-qpr1-dev
Johnson Yang [Fri, 19 Nov 2021 15:24:34 +0000 (15:24 +0000)]
Merge "Disable sniff mode for Phonak device" into sc-qpr1-dev
Ted Wang [Thu, 18 Nov 2021 06:38:14 +0000 (14:38 +0800)]
Disable sniff mode for Phonak device
Phonak device does not handling well after entering sniff subrating
mode. Disable sniff mode to avoid this problem.
Tag: #compatibility
Bug:
16240099
Test: manual
Change-Id: I909d1bfe3106749bfa261b3977a207d1880dded0
Merged-In: I909d1bfe3106749bfa261b3977a207d1880dded0
weichinweng [Mon, 15 Nov 2021 02:42:18 +0000 (10:42 +0800)]
HearingAid: set playback_started to true when the start audio command finishes.
Bug:
205679750
Tag: #compatibility
Test: 1. Paring from setting and and streaming play
2. HA battery remove and back reconnect
3. out of range reconnect
4. Paired from APP
Change-Id: I0a3e58b792bb12aa86f8ca9e1fe7a9d7bca58ec7
Merged-In: I0a3e58b792bb12aa86f8ca9e1fe7a9d7bca58ec7
TreeHugger Robot [Fri, 12 Nov 2021 05:35:02 +0000 (05:35 +0000)]
Merge "Disable absolute volume control for Phonak" into sc-qpr1-dev
Ted Wang [Thu, 11 Nov 2021 02:24:44 +0000 (10:24 +0800)]
Disable absolute volume control for Phonak
Phonak does not adjust volume with the level included in set absolute
volume command. Disable absolute volume control for Phonak to avoid
volume keep at max.
Tag: #compatibility
Bug:
204939205
Test: manual
Change-Id: I35d4d4e5231d67c46c2f5ea85f7e4364552892c4
Merged-In: I35d4d4e5231d67c46c2f5ea85f7e4364552892c4
Dowon Park [Tue, 31 Aug 2021 08:17:32 +0000 (17:17 +0900)]
Fix null pointer dereference in HACK_acl_check_sm4
fix to return when p_acl is null to avoid null pointer dereference
problem.
Sponsor: cmanton@gmail.com
Bug:
198338740
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Reliability
Change-Id: I45408a2b024dc424442bf3c2f92293b8942b54bb
Signed-off-by: Dowon Park <dowon.park@samsung.com>
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Ted Wang [Mon, 25 Oct 2021 07:56:42 +0000 (15:56 +0800)]
[DO NOT MERGE]Move offload start related flags from BTA_AV_SCB to
BTA_AV_CB
Ignore a2dp offload start request when offloading already in progress.
Tag: #stability
Bug:
203127797
Test: Force to start offload duplicated
Change-Id: I99858852866e71d60200a798dd31d61a20b2669c
Merged-In: I99858852866e71d60200a798dd31d61a20b2669c
Chris Manton [Wed, 6 Oct 2021 19:39:11 +0000 (19:39 +0000)]
Merge "osi: Prevent memory allocations with MSB set" into rvc-qpr-dev am:
3034c96552 am:
1f5dd6bdba
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959599
Change-Id: Id564bb1c778e2230ea48d76d203e47479216788b
Chris Manton [Wed, 6 Oct 2021 19:29:36 +0000 (19:29 +0000)]
Merge "osi: Prevent memory allocations with MSB set" into rvc-qpr-dev am:
3034c96552
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959599
Change-Id: If6a8459b1f86d41c2b7913e5e45ed808884fb553
Chris Manton [Wed, 6 Oct 2021 19:21:12 +0000 (19:21 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716 am:
2cadbc6377 am:
2a995ed2ee
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I263be25fe5d31705f8b4fd0d907c7c5edda57f3a
Chris Manton [Wed, 6 Oct 2021 19:21:07 +0000 (19:21 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e am:
477c78d5e3 am:
418ede631f
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I496fe0a0941ba593e2148e19005326b81f00e09c
Chris Manton [Wed, 6 Oct 2021 19:21:03 +0000 (19:21 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716 am:
d2596b6520 am:
e430264ba2
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I0f4d512c6d527005d8a194c1da0a1841583317f6
Chris Manton [Wed, 6 Oct 2021 19:20:58 +0000 (19:20 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e am:
e8c11e248e am:
ba7b1b8dc5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I6aa57d04dd4c85c781853d1c8ccec84a042a1d49
Chris Manton [Wed, 6 Oct 2021 19:17:56 +0000 (19:17 +0000)]
Merge "osi: Prevent memory allocations with MSB set" into rvc-qpr-dev
Chris Manton [Wed, 6 Oct 2021 19:06:03 +0000 (19:06 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716 am:
2cadbc6377
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I893e25ea34771c4f650ad22f647c03638df77e8d
Chris Manton [Wed, 6 Oct 2021 19:05:16 +0000 (19:05 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e am:
477c78d5e3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I5acb4c7ebd3a994218023aeab327252ed2353484
Chris Manton [Wed, 6 Oct 2021 18:53:45 +0000 (18:53 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716 am:
d2596b6520
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I954eaa7530d6c9f9aa9652cfbcc48cdbbc0a306f
Chris Manton [Wed, 6 Oct 2021 18:53:38 +0000 (18:53 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e am:
e8c11e248e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I5c6e608a88165a6b8e72ecf42717b90212eb0165
Chris Manton [Wed, 6 Oct 2021 18:39:28 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d am:
865d4f4214 am:
eacac971c2
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: I96ba920ef13a419749253ac136b917e140bfeca7
Chris Manton [Wed, 6 Oct 2021 18:39:26 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d am:
ec15c0798b am:
b4060577b1
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: I6525cdadaa71c2a970d307ff7a37ed8941ab11ca
Chris Manton [Wed, 6 Oct 2021 18:39:24 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: Ifc1b529263fd24774cef4ffab422bc4bcd334901
Chris Manton [Wed, 6 Oct 2021 18:39:24 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I60ce82f68eb256b8a786f8127fe21c38d0ee1833
Chris Manton [Wed, 6 Oct 2021 18:39:20 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I7c21d6dfe0efe6812259cea7b839120a3cd58ac1
Chris Manton [Wed, 6 Oct 2021 18:39:20 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I03b2dbdb3dd187880383a26fedf10cb4f06ff670
Chris Manton [Wed, 6 Oct 2021 18:24:18 +0000 (18:24 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d am:
865d4f4214
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: Ia474ae0cada1cf3966d31851059dfe6bc87f45f2
Chris Manton [Wed, 6 Oct 2021 18:23:49 +0000 (18:23 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: Ice95438b8dbce78342490c360887246f7c5a1cb6
Chris Manton [Wed, 6 Oct 2021 18:23:45 +0000 (18:23 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I169567991117522a820ee5140e8bad2b1444e2e7
Chris Manton [Wed, 6 Oct 2021 18:23:11 +0000 (18:23 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d am:
ec15c0798b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: I109fadf5b18e8796dc683a57897149fff96660ca
Chris Manton [Wed, 6 Oct 2021 18:13:10 +0000 (18:13 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: Ie5cfe615061877d55b80ca411aba92629eb81583
Chris Manton [Wed, 6 Oct 2021 18:09:25 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I29728cd50670ba60bf42f4142aa302f79d6ed9e3
Chris Manton [Wed, 6 Oct 2021 18:09:21 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
a1184057b2
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959598
Change-Id: If7002b1f305358ff40aa174d81442d3b998b5514
Chris Manton [Wed, 6 Oct 2021 18:09:15 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: Id94265b102135a390aa798b3b682530bc8c33625
Chris Manton [Wed, 6 Oct 2021 18:09:13 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: I977f1225ea250ef304b79efd475440f248bd557d
Chris Manton [Wed, 6 Oct 2021 18:08:26 +0000 (18:08 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I3f033ec55080fbb2d924662b20d5e09a89a00c51
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Patty [Fri, 1 Oct 2021 06:52:08 +0000 (14:52 +0800)]
Add BMW Carkit into IOP table to only use AVRCP 1.4
Tag: #compatibility
Bug:
197454708
Test: Manual
Merged-In: Ib9ed8ee8cd9f94fdad206eaba29fad3160ee0c88
Change-Id: Ib9ed8ee8cd9f94fdad206eaba29fad3160ee0c88
Rahul Sabnis [Mon, 27 Sep 2021 23:36:10 +0000 (16:36 -0700)]
Immediately execute instead of queueing request for LE service discovery
if the static address matches that of the actively pairing device
Tag: #feature
Bug:
187157597
Test: Manual
Merged-In: I7a014341bec69f1ef97878e90a11558be5ef70d8
Change-Id: I7a014341bec69f1ef97878e90a11558be5ef70d8
TreeHugger Robot [Fri, 24 Sep 2021 19:43:50 +0000 (19:43 +0000)]
Merge "Make SDP and inquiry request dequeue and execute more comprehensive and cancelDiscovery now removes all queued inquiry requests." into sc-qpr1-dev
Rahul Sabnis [Thu, 16 Sep 2021 21:43:40 +0000 (14:43 -0700)]
Make SDP and inquiry request dequeue and execute more comprehensive and
cancelDiscovery now removes all queued inquiry requests.
Ignore-AOSP-First: Submitting for QPR1 & fix needs to be reworked for AOSP
Tag: #feature
Bug:
198178836
Test: Manual
Merged-In: I7b9fc60f090e507c9905ed98c8d2c82d0a9a1fd2
Change-Id: I7b9fc60f090e507c9905ed98c8d2c82d0a9a1fd2
Chris Manton [Fri, 24 Sep 2021 00:12:29 +0000 (00:12 +0000)]
Merge "Ensure proper hci le meta event length size" into sc-qpr1-dev
Ted Wang [Wed, 22 Sep 2021 07:53:22 +0000 (15:53 +0800)]
Add missing return and test for volume check
feature: #stability
Bug:
167648114
Test: atest net_test_avrcp
Change-Id: I6dce4c7afb78a93dca8ba7fcbd02aa5350f18c1a
Merged-In: I6dce4c7afb78a93dca8ba7fcbd02aa5350f18c1a
Chris Manton [Tue, 21 Sep 2021 21:55:36 +0000 (14:55 -0700)]
Ensure proper hci le meta event length size
Bug:
167759047
Test: gd/cert/run
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I753b12ec123e28d94c6f362c28ff9f2774ec4445
TreeHugger Robot [Tue, 21 Sep 2021 18:04:22 +0000 (18:04 +0000)]
Merge "Update AVRCP default version to 1.5" into sc-qpr1-dev
Ted Wang [Tue, 14 Sep 2021 03:39:28 +0000 (11:39 +0800)]
Avoiding sending set volume to volume level same as current volume level
feature: #stability
Bug:
167648114
Test: Manul
Change-Id: Ifc5e4bfff5c1d1749037fb19f74e2f9c4172bc42
Merged-In: Ifc5e4bfff5c1d1749037fb19f74e2f9c4172bc42
Ted Wang [Thu, 16 Sep 2021 02:34:20 +0000 (10:34 +0800)]
Update AVRCP default version to 1.5
Bug:
190553009
Bug:
190462248
Test: make; Check sdp record
Change-Id: I079edc35f7733f8dd63c4577b72be1320a3de499
Merged-In: I079edc35f7733f8dd63c4577b72be1320a3de499
TreeHugger Robot [Thu, 9 Sep 2021 17:50:22 +0000 (17:50 +0000)]
Merge "GATT: Fix data length parameter" into sc-qpr1-dev
Hansong Zhang [Wed, 8 Sep 2021 17:15:34 +0000 (10:15 -0700)]
GATT: Fix data length parameter
Should also account for L2CAP header size (4)
Bug:
199009840
Tag: #feature
Test: NRF connect
Change-Id: I6b51a8ef046d81836a4ca4850d052b68e0f4dd46
Martin Brabham [Fri, 3 Sep 2021 18:50:35 +0000 (18:50 +0000)]
Security Fix: Crafted GATT request causes BT stack crash am:
1da56d1c81
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15717436
Change-Id: Ifacad9537f67f1d6525203d8799479bf868db6de
TreeHugger Robot [Wed, 1 Sep 2021 17:06:32 +0000 (17:06 +0000)]
Merge "Fix nullptr in btif_hf_client" into sc-qpr1-dev
Martin Brabham [Mon, 30 Aug 2021 22:23:04 +0000 (15:23 -0700)]
Security Fix: Crafted GATT request causes BT stack crash
A while loop and condition check for the value of a type to be 0
when in fact since the value.len is arbitrary it could make the
remaining length "less than 0" and since the type is unsigned it'll
never be "less than 0."
Use signed type for loop and conditional checking.
Additionally, make sure the value.len when used to read an array is not
more than the remaining length of the data.
Bug:
197536150
Test: poc application
Tag: #security
Change-Id: I20d66ddd1055577d7d39aba447233c19081bb789
Chen Chen [Thu, 29 Jul 2021 23:02:37 +0000 (16:02 -0700)]
hci_metrics_logging: check command before ASSERT(complete_view.IsValid())
Bug:
193220499
Test: build
aosp/
1780738
Change-Id: I1ef1ac1582d8d1c2800eb2c3e5e79763e0403714
Merged-In: I1ef1ac1582d8d1c2800eb2c3e5e79763e0403714
(cherry picked from commit
fe82cc9434862623599b439855fb907641357f87)
Hansong Zhang [Mon, 16 Aug 2021 20:10:12 +0000 (13:10 -0700)]
Update default page scan parameters
Set BTM_DEFAULT_CONN_WINDOW/INTERVAL from 11.25ms/1280ms to
11.25ms/640ms which is a known sweet spot.
Test: check new page scan parameters
Bug:
196815018
Tag: #refactor
Ignore-AOSP-First: Already merged in AOSP
Merged-In: I730b12b44dbb0c36a5dc4e4984cc1920b7c1c490
Change-Id: Iac87c23625f5fdf7b66a3e96c98f2be49c482fae
Hansong Zhang [Tue, 17 Aug 2021 19:11:05 +0000 (12:11 -0700)]
Fix nullptr in btif_hf_client
When cb is nullptr, this can cause a crash in lines below.
Test: manual
Bug:
180420059
Tag: #security
Change-Id: I09156852f6a99315bf4aebf948efee21a7bcfa1c
TreeHugger Robot [Fri, 13 Aug 2021 18:01:51 +0000 (18:01 +0000)]
Merge "Stop inquiry when inquiry cancelled" into sc-dev am:
adf74bc915
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15534527
Change-Id: Id185d89ce382234b4a4f8bdf504fc12d64b32a26
TreeHugger Robot [Fri, 13 Aug 2021 17:50:37 +0000 (17:50 +0000)]
Merge "Stop inquiry when inquiry cancelled" into sc-dev
Cheney Ni [Thu, 12 Aug 2021 02:25:46 +0000 (02:25 +0000)]
BluetoothAudioHAL: reset A2DP pending command while ending the session am:
7f79977fcf
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15534526
Change-Id: I41424dee81442b5f7a7dbdcfcda4c87ea0c3d50c
Cheney Ni [Mon, 9 Aug 2021 11:15:20 +0000 (19:15 +0800)]
BluetoothAudioHAL: reset A2DP pending command while ending the session
Bug:
175425864
Tag: #compatibility
Test: Switch A2DP active device manually
Ignore-AOSP-First: cherry-pick from aosp to upstream branch
Change-Id: Icf29d8e5c557c927bffe9d49188bd0cf98b07120
IHLHO KIM [Tue, 3 Aug 2021 04:38:27 +0000 (04:38 +0000)]
Stop inquiry when inquiry cancelled
Inquiry is not stopped cause of clearing of BTM_BLE_INQUIRY_MASK.
This issue came from the follwing patch.
https://android-review.googlesource.com/c/platform/system/bt/+/
1402183
Bug:
195908804
Change-Id: I3361c924c9445d6aae2856f41b732fca22951f76
Tag: #refactor
Ignore-AOSP-First: cherry-pick from aosp to upstream branch
Test: compile & verify basic functions working
TreeHugger Robot [Fri, 6 Aug 2021 16:06:29 +0000 (16:06 +0000)]
Merge "Disable sniff for KDDI carkit" into sc-dev
Patty [Fri, 6 Aug 2021 04:08:00 +0000 (12:08 +0800)]
Disable sniff for KDDI carkit
When sniff is enabled, KDDI car kit may disconnect the ACL connection when SCO connection disconnect.
Tag: #compatibility
Bug:
194029299
Test: 1) Connect with KDDI car kit
2) Check Write Link Policy Command, enable sniff mode should be false
Change-Id: I597684cc2dc709167a789e2a1de3866bf9aab872
Ted Wang [Tue, 3 Aug 2021 07:27:25 +0000 (15:27 +0800)]
Disable sniff mode when AVDTP start
To avoid ACL link go into sniff mode during a2dp streaming by remote
request, disable sniff mode by link policy when AVDTP start, and
enable when AVDTP suspend, stop or disconnect.
Tag: #compatibility
Bug:
193206591
Test: audio resume after MO/MT call
Change-Id: I0af3223e0722b0343e8d091985e3e23606104268
Merged-In: I0af3223e0722b0343e8d091985e3e23606104268
Martin Brabham [Fri, 30 Jul 2021 18:57:19 +0000 (18:57 +0000)]
Merge "Also remove entry during delete in addition to clear" into sc-dev
TreeHugger Robot [Fri, 30 Jul 2021 17:07:18 +0000 (17:07 +0000)]
Merge "Reduce shutdown BTA_DM_DISABLE_TIMER_MS from 5000ms to 2000ms" into sc-dev
Martin Brabham [Thu, 29 Jul 2021 00:48:18 +0000 (17:48 -0700)]
Also remove entry during delete in addition to clear
Bug:
194432570
Test: Manual test app; nRF connect
Tag: #feature
Change-Id: I17a1a8b1ba2b305527ae74bb8ad5f6e1258e870e
Merged-In: I17a1a8b1ba2b305527ae74bb8ad5f6e1258e870e
Chris Manton [Tue, 20 Jul 2021 15:32:48 +0000 (08:32 -0700)]
Reduce shutdown BTA_DM_DISABLE_TIMER_MS from 5000ms to 2000ms
Bug:
192154257
Test: gd/cert/run
Tag: #refactor
Ignore-AOSP-First: Possible CP candidate
Change-Id: Ia916e427cb00e029ecb13a56255219fb2aba8500
Hansong Zhang [Wed, 28 Jul 2021 18:26:28 +0000 (11:26 -0700)]
L2CA_RegisterLECoc fix
We should register security record when we are server, so the condition
should be the same as "vpsm == psm", as in line 412 below. So we should
use "pL2CA_ConnectInd_Cb != nullptr" (server has to have an incoming
connection handler), OR "psm < LE_DYNAMIC_PSM_START" (Fixed PSM service,
as it's treated like this for vpsm).
Tag: #stability
Bug:
193142224
Test: CtsVerifier LE COC client and server
Change-Id: I627e4dcd0aca4c113966952b53fad2be0f9d7104
TreeHugger Robot [Wed, 28 Jul 2021 17:34:20 +0000 (17:34 +0000)]
Merge "Fix L2cap LE COC security record leaks" into sc-dev
Hansong Zhang [Wed, 28 Jul 2021 00:08:00 +0000 (17:08 -0700)]
Fix L2cap LE COC security record leaks
- When we are client, we don't need to register security during L2cap
registration.
- When we are done, we clean up security record by PSM; Service ID might
be invalid.
- Once the btif topshim facade initial commit is done, we can repro this
and verify the fix with test automation.
Tag: #stability
Bug:
193142224
Test: CtsVerifier LE COC Client for many times; later we will have an
automated test for this
Change-Id: I90fd23ce26c65ca3314e0754a2630d3f63c5d5d8
Merged-In: I90fd23ce26c65ca3314e0754a2630d3f63c5d5d8
Hansong Zhang [Fri, 23 Jul 2021 21:38:57 +0000 (14:38 -0700)]
BTM_PM: Try other pending changes when current one failed
When we receive a non-SUCCESS command status for pm change, we should
not stop here; there might be some other pending pm changes in the
queue. We need to try the remaining ones.
Test: Disconnect a device when there is a pending PM change
Tag: #stability
Bug:
180842489
Bug:
184095368
Change-Id: I31a6f96cd3b47e671141c29801f4d7397787fc51
Merged-In: I31a6f96cd3b47e671141c29801f4d7397787fc51
Chris Manton [Sat, 19 Jun 2021 00:17:02 +0000 (00:17 +0000)]
Fix net_test_osi am:
c757c89b20 am:
5ea1923be7 am:
137884f281 am:
d3363286c5
Original change: https://android-review.googlesource.com/c/platform/system/bt/+/
1740854
Bug:
191431228
Tag: #refactor
Test: gd/cert/run --device
Ignore-AOSP-First: Cherry-pick to release branch
(cherry picked from commit
b9eb2c51c7a7af64da6f622efbc2f822c3c000c8)
Merged-In: I25e3a8aa16dce375fed79133b1e1561d914c6a8d
Change-Id: I25e3a8aa16dce375fed79133b1e1561d914c6a8d
Łukasz Rymanowski [Mon, 21 Jun 2021 16:44:14 +0000 (16:44 +0000)]
eatt: Improve handling incoming EATT connection
With this patch we make sure that eatt_dev is created always when EATT
is supported on the peer side, no matter what is the connection role.
It will allow to accept ecoc channels when Android device is peripheral
device
Bug:
159786353
Bug:
191313013
Tag: #feature
Test: atest --host net_test_eatt
Sponsor: jpawlowski@
Merged-In: I4d735bc4a2d74f637e9c7f7819e10659af9b0fbb
Change-Id: I4d735bc4a2d74f637e9c7f7819e10659af9b0fbb
Łukasz Rymanowski [Mon, 21 Jun 2021 16:11:56 +0000 (16:11 +0000)]
eatt: Fix for the crash on incoming channel creation
It fixes:
signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: '[FATAL:eatt_impl.h(142)] Check failed: eatt_dev->eatt_tcb_.
Crash could happen when Android is connects at first as a central device
connection to peer which supports EATT and after reconnection it is peer
initiating ecoc (e.g. Android is peripheral or peer is faster with ecoc
connection request). At that point eatt_dev is there but eatt_tcb_ is
not.
Bug:
159786353
Bug:
191313013
Tag: #feature
Test: atest --host net_test_eatt
Sponsor: jpawlowski@
Merged-In: Ic5e8c027dc45eec942457f09c987ec64cfafb761
Change-Id: Ic5e8c027dc45eec942457f09c987ec64cfafb761
Łukasz Rymanowski [Mon, 11 May 2020 21:20:11 +0000 (23:20 +0200)]
stack/gatt: Store GATT server supported features
Tag: #feature
Bug:
159786353
Sponsor: jpawlowski@
Test: compile & manual testing
Bug:
191313013
Merged-In: Ic16d962949e3aa51ed1ab5ce06cf9aa1acebc726
Change-Id: Ic16d962949e3aa51ed1ab5ce06cf9aa1acebc726
Łukasz Rymanowski [Mon, 11 May 2020 14:30:33 +0000 (16:30 +0200)]
btif_storage: Add way to store GATT server supported features
This is needed for storing Enhanced ATT support.
Tag: #feature
Bug:
159786353
Sponsor: jpawlowski@
Test: compile & manual testing
Bug:
191313013
Merged-In: Ic37b668b91ab6c830d780f70db703a5d9be11677
Change-Id: Ic37b668b91ab6c830d780f70db703a5d9be11677
Łukasz Rymanowski [Wed, 26 May 2021 09:02:38 +0000 (09:02 +0000)]
eatt: Fix crash on double disconnect
Bug:
159786353
Tag: #feature
Test: atest --host net_test_eatt
Sponsor: jpawlowski@
Bug:
191313013
Merged-In: Ie4872f1c51445df59f2f68b127454d5f4d4e9ad0
Change-Id: Ie4872f1c51445df59f2f68b127454d5f4d4e9ad0
Łukasz Rymanowski [Wed, 26 May 2021 09:01:21 +0000 (09:01 +0000)]
eatt: Fix logging
Bug:
159786353
Tag: #feature
Test: compile
Sponsor: jpawlowski@
Bug:
191313013
Merged-In: Ia07b894a37a648d2a8aec0539e6fb75000a2c999
Change-Id: Ia07b894a37a648d2a8aec0539e6fb75000a2c999
TreeHugger Robot [Fri, 2 Jul 2021 23:02:31 +0000 (23:02 +0000)]
Merge "Queue discovery and device inquiry while bonding" into sc-dev
Rahul Sabnis [Thu, 20 May 2021 04:08:18 +0000 (21:08 -0700)]
Queue discovery and device inquiry while bonding
Tag: #feature
Bug:
187165224
Test: Manual
Merged-In: I260c967de0f4656ee852a098a98c9ceb0e6dfbde
Change-Id: I260c967de0f4656ee852a098a98c9ceb0e6dfbde
Martin Brabham [Wed, 30 Jun 2021 19:08:02 +0000 (12:08 -0700)]
OOB: Return local adapter name in generated OOB Data
Bug:
192475074
Test: Manual, test app.
Tag: #feature
Change-Id: I5086cbe6c0d2ab3346a956e22df36725a9e93530
Merged-In: I5086cbe6c0d2ab3346a956e22df36725a9e93530
Sal Savage [Wed, 30 Jun 2021 15:34:03 +0000 (15:34 +0000)]
Merge "Configure newavrcp target to be "passive" when setting up AVCTP" into sc-dev
TreeHugger Robot [Tue, 29 Jun 2021 21:16:55 +0000 (21:16 +0000)]
Merge changes from topic "bluetooth_oob_api" into sc-dev
* changes:
OOB: Replace 'memcpy' with assignments
OOB: Cancel advertiser and replace
OOB: Start advertising when OOB data is generated.
OOB: Connector; Set name of remote from OOB data
OOB: Store keys and data generated for local OOB use.
OOB: Utilize SMP state machine to generate the OOB data.
OOB: Rework create bond out of band flow to not use btif_dm_cb_create_bond
Martin Brabham [Tue, 29 Jun 2021 19:49:41 +0000 (12:49 -0700)]
OOB: Replace 'memcpy' with assignments
Fixes a lint warning
Bug:
178007935
Test: Compiles
Tag: #feature
Change-Id: Id5e0d41085f9415daadb261a01f99200cb8f90e0
Merged-In: Id5e0d41085f9415daadb261a01f99200cb8f90e0
Martin Brabham [Tue, 29 Jun 2021 00:07:10 +0000 (17:07 -0700)]
OOB: Cancel advertiser and replace
Bug:
192298941
Test: Manual, test app and nRF connect.
Tag: #feature
Change-Id: Ia9a538fea6ac58e1487523447b22396c0caead8b
Merged-In: Ia9a538fea6ac58e1487523447b22396c0caead8b
Martin Brabham [Thu, 20 May 2021 21:30:09 +0000 (14:30 -0700)]
OOB: Start advertising when OOB data is generated.
This affords the stack the capability to provide the proper
random address and address type to the user via the OobDataCallback.
Previous to this commit, the data defaults to the public address.
This advertisement will time out, and will clear OOB data upon timeout.
Bug:
192084169
Test: Manual, test app.
Test: m bt_host_test_bta
Test: m net_test_btif_stack
Tag: #feature
Change-Id: Ia24c10e7209027b8b070b9196caba7e394ee6dcb
Merged-In: Ia24c10e7209027b8b070b9196caba7e394ee6dcb
Martin Brabham [Fri, 25 Jun 2021 19:59:22 +0000 (12:59 -0700)]
OOB: Connector; Set name of remote from OOB data
There are 4 total "devices" listed in Settings.
Each shows a mac address, if a name doesn't exist it won't
show in things like the share a file dialog.
This names 1/4 of those addresses. The LE Device (Advertiser)
displayed on the Connector's Settings->Connected devices list.
Bug:
192093473
Test: Manual, test app
Tag: #feature
Change-Id: I94024413e962f4742f6fa71c495d042aaede5ffb
Merged-In: I94024413e962f4742f6fa71c495d042aaede5ffb
Martin Brabham [Fri, 18 Jun 2021 00:06:12 +0000 (17:06 -0700)]
OOB: Store keys and data generated for local OOB use.
Bug:
190395922
Test: Manual, test app
Tag: #feature
Change-Id: Ib88abb866ce08b99c7fbf17ac9cfb85ee0f3441e
Merged-In: Ib88abb866ce08b99c7fbf17ac9cfb85ee0f3441e
Martin Brabham [Thu, 3 Jun 2021 19:07:27 +0000 (12:07 -0700)]
OOB: Utilize SMP state machine to generate the OOB data.
Finish the SMP implemention for OOB in the legacy stack and
connect callback pipeline to return data to the caller.
Bug:
178007935
Test: Manual; test app
Tag: #feature
Change-Id: Id4fe6b29a1db3ec50d37b042ea67cebfa9eba4e1
Merged-In: Id4fe6b29a1db3ec50d37b042ea67cebfa9eba4e1
Martin Brabham [Thu, 13 May 2021 19:04:26 +0000 (12:04 -0700)]
OOB: Rework create bond out of band flow to not use btif_dm_cb_create_bond
Instead we just call BTA_DmBond directly since this is an OOB pairing scenario
Bug:
178007935
Test: Compiles, Manually with test app
Tag: #feature
Change-Id: Ie9d7cf20c18b2ccac322dabad141135e8a18bf93
Merged-In: Ie9d7cf20c18b2ccac322dabad141135e8a18bf93
Sal Savage [Tue, 29 Jun 2021 18:44:06 +0000 (11:44 -0700)]
Configure newavrcp target to be "passive" when setting up AVCTP
As it stands, both newavrcp target and avrcp controller devices are
configured as not "passive." This is an Android BT stack convention that
AVCTP uses as a policy for handling unlikely connection collisions. When
passive, a device will allow an incoming connection to take the place of
it's outgoing connection, assuming the connection. Non-passive devices
are strict in only allowing their outgoing connection to stay up.
When two non-passive devices connect with each other, there's a 10-15%
chance that the timing of events will cause each device to disconnect
each other's connection, resulting in no connection being set up.
AVCTP Section 5.1 says the target should allow the controller's
connection to succeed. Configuring newavrcp target to be passive puts us
more in line with that requirement.
Note this is a temporary work-around for a larger effort around the
AVCTP connection collision handling that will probably need to take
place.
Tag: #stability
Bug:
179292409
Test: atest BluetoothInstrumentationTests; -- Also connect phone to an
AVRCP controller device and wait for an unlikely connection collision.
Ensure the phone allows the CT to connect over its own connection.
Change-Id: I6861c78ba594d4e4ccfcf8ce9adec109f1b2d270
Merged-In: I6861c78ba594d4e4ccfcf8ce9adec109f1b2d270
Chris Manton [Wed, 24 Mar 2021 16:11:26 +0000 (09:11 -0700)]
RESTRICT AUTOMERGE Security fix OOB read vuln stack/avrc/avrc_pars_tg
Bug:
168712382
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: Iae823e45675d46d8ca037157e516cc2f94fadfab
Jakub Pawlowski [Thu, 10 Jun 2021 20:01:32 +0000 (22:01 +0200)]
Fix potential buffer overflow and uninitialized read in reassemble_and_dispatch_iso
Tag: #security
Test: compilation
Bug:
188673156
Change-Id: Id9f2acfde05da681c82adc25d602cc48a2bc5df9