OSDN Git Service
Jack He [Thu, 28 Sep 2017 03:25:47 +0000 (03:25 +0000)]
Fix Linux build
am:
fd45611d6c
Change-Id: Iec5f76d31645149f7b81a0f695e808a6ec19a260
Jack He [Thu, 28 Sep 2017 01:25:56 +0000 (18:25 -0700)]
Fix Linux build
* UUID source files
* L2CAP UCD source files
Test: build on linux
Change-Id: Iba6d8d082612c62e5a8d552140c86ed242da0e36
Jakub Pawlowski [Thu, 28 Sep 2017 01:07:48 +0000 (01:07 +0000)]
Merge "Don't set CT2 bit when talking to pre-5.0 devices"
am:
88f7ae508d
Change-Id: I1d1f343ea5fffa7312662670f30079ff7ea9bce9
Treehugger Robot [Thu, 28 Sep 2017 01:01:30 +0000 (01:01 +0000)]
Merge "Don't set CT2 bit when talking to pre-5.0 devices"
Yamei Du [Thu, 28 Sep 2017 00:19:30 +0000 (00:19 +0000)]
Fix out-of-bounds reading when copy SDP raw data
am:
04da67a727
Change-Id: I7b26a6a14ff83632e6f4fe9ad3f0a0a8af80fada
Jakub Pawlowski [Wed, 27 Sep 2017 22:41:13 +0000 (15:41 -0700)]
Don't set CT2 bit when talking to pre-5.0 devices
Prior to 5.0 spec, CT2 bit in AuthReq was reserved. Setting it cause
bonding failure with devices that handle it incorrectly.
Bug:
66179701
Bug:
66931978
Test: Bond with device that have 4.2 chip
Change-Id: Idbbf2c39c499698844218059a35cb686996c136a
Yamei Du [Sat, 27 May 2017 02:41:42 +0000 (10:41 +0800)]
Fix out-of-bounds reading when copy SDP raw data
When no attribute is returned in the SDP response, the cpy_len will be
MAX_DISC_RAW_DATA_BUF, this will cause out-of-bonds reading of source
buffer when copy the response raw data.
Change-Id: I923d8ee7e08f935e13cec38b75a04beca6174452
Myles Watson [Wed, 27 Sep 2017 21:13:21 +0000 (21:13 +0000)]
SMP: Use tSMP_INT_DATA instead of void
am:
5ce55bd2e0
Change-Id: I1f1ff8a75d6766a5b7a7fc0a0d9a100bf5d4a9a4
Myles Watson [Wed, 20 Sep 2017 23:41:19 +0000 (16:41 -0700)]
SMP: Use tSMP_INT_DATA instead of void
Test: pairing sanity
Change-Id: Ie3a2f94ddd718344219760cef7f1477bd4d09e00
Jack He [Wed, 27 Sep 2017 20:09:24 +0000 (20:09 +0000)]
L2CAP: Remove UCD related flags
am:
3992f45f86
Change-Id: I9e040eafa6fb526e32d360c318913454ab2b715d
Pulkit Bhuwalka [Wed, 27 Sep 2017 20:04:43 +0000 (20:04 +0000)]
Merge "Modify Bluetooth Class of Device from Android stack"
am:
d98dac4396
Change-Id: Ie7bb897b534f65503cd626c6c958a16e6b3a7209
Jack He [Thu, 21 Sep 2017 00:06:42 +0000 (17:06 -0700)]
L2CAP: Remove UCD related flags
* L2CAP UCD (Unicast Connectionless Data) is no longer enabled on the
stack
* L2CAP_UCD_INCLUDED is always FALSE, the TRUE case should be removed
* As result, L2CAP_UCD_MTU, L2CAP_UCD_IDLE_TIMEOUT, and
L2CAP_UCD_CH_PRIORITY need to be removed as well
Bug:
66244184
Test: build
Change-Id: Ieee8b3a547653efa3a34a0810c415ba4c32f1be7
Treehugger Robot [Wed, 27 Sep 2017 19:43:18 +0000 (19:43 +0000)]
Merge "Modify Bluetooth Class of Device from Android stack"
Jakub Pawlowski [Wed, 27 Sep 2017 18:59:07 +0000 (18:59 +0000)]
Merge "Fix GATT Characteristic discovery (server side)"
am:
1c0dae6145
Change-Id: Ic0dc0eb7f321db75fd0bfc90bff9423a7b1147c0
Treehugger Robot [Wed, 27 Sep 2017 18:55:30 +0000 (18:55 +0000)]
Merge "Fix GATT Characteristic discovery (server side)"
Myles Watson [Wed, 27 Sep 2017 17:28:19 +0000 (17:28 +0000)]
Remove casts to unions to avoid unaligned accesses
am:
8d749047a0
Change-Id: Ib7bd6211720191bcc0dcbfeb2dcb5495fb55cad8
Jakub Pawlowski [Wed, 27 Sep 2017 16:58:46 +0000 (09:58 -0700)]
Fix GATT Characteristic discovery (server side)
The pointer was not properly incremented, which resulted in trashes
being sent during GATT discovery.
This issue was introduced in commit
819e2ecb84a22d6e03ec9ed67b3260c0dd7e8aba (Use one type for UUID)
Bug:
66912853
Test: sl4a GATT read test
Change-Id: Ib57ad050ff17852f9b2fec9c51cad246235e3e80
Pulkit Bhuwalka [Thu, 14 Sep 2017 02:25:31 +0000 (19:25 -0700)]
Modify Bluetooth Class of Device from Android stack
Adds ability to modify Bluetooth Class of Device from Android stack by
hooking into existing functions to modify adapter properties. This
ensures the hardware HAL bluetooth.h interface does not have to change.
Bug:
36015415
Test: Modified Class of Device using sample app and verified device icon
change when discovering from a remote device.
Change-Id: Ib5f05741480a27431afea882d071ded4a6b1bdb8
Myles Watson [Tue, 19 Sep 2017 17:01:28 +0000 (10:01 -0700)]
Remove casts to unions to avoid unaligned accesses
Bug:
65392204
Test: sanity
Change-Id: I2886cc02289b68710e83147ba4d7715a32a4fc55
Jakub Pawlowski [Tue, 26 Sep 2017 23:08:15 +0000 (23:08 +0000)]
Remove unnecesary BTA redefinitions for GATT part 4
am:
50ba9031b4
Change-Id: Iec52c13db939ccfe3da63034661ef75fcde20265
Jakub Pawlowski [Tue, 26 Sep 2017 23:08:11 +0000 (23:08 +0000)]
Remove unnecesary BTA redefinitions for GATT part 3
am:
ee9a11f903
Change-Id: Ibc1c7a7586b6b1eda5f01be22bddc6447be79133
Jakub Pawlowski [Tue, 26 Sep 2017 23:07:04 +0000 (23:07 +0000)]
Remove unnecesary BTA redefinitions for GATT part 2
am:
e9ef00c3fb
Change-Id: I052607160b33ba78f153b68e018940d602e18254
Jakub Pawlowski [Tue, 26 Sep 2017 23:07:00 +0000 (23:07 +0000)]
Remove unnecesary BTA redefinitions for GATT part 1
am:
ab7a368f3f
Change-Id: Icb345dbfb20e26275cdb77e34f5d9e214d65eb03
Jakub Pawlowski [Tue, 26 Sep 2017 15:45:20 +0000 (08:45 -0700)]
Remove unnecesary BTA redefinitions for GATT part 4
Test: compilation test
Change-Id: Ibe37a1c6506d567b68497e8c7074d90cd73ddf00
Jakub Pawlowski [Tue, 26 Sep 2017 01:47:54 +0000 (18:47 -0700)]
Remove unnecesary BTA redefinitions for GATT part 3
Test: compilation test
Change-Id: I8d4b8cfd35fcb5ccd7067f1e02dedd1a58efa3ad
Jakub Pawlowski [Tue, 26 Sep 2017 00:41:21 +0000 (17:41 -0700)]
Remove unnecesary BTA redefinitions for GATT part 2
Test: compilation test
Change-Id: Iaf81188596c33b92f79f163dc95187ed5c6f52a4
Jakub Pawlowski [Tue, 26 Sep 2017 00:24:46 +0000 (17:24 -0700)]
Remove unnecesary BTA redefinitions for GATT part 1
Test: compilation test
Change-Id: I98ab63a187684ae4ffbb0cb23e5c9e67994be468
Jakub Pawlowski [Tue, 26 Sep 2017 10:55:06 +0000 (10:55 +0000)]
Build fix after UUID refactor for stage branch
am:
30be4b9f9c
Change-Id: I65278615668f57dd0e3f91cfeb726ef291509ea2
Jakub Pawlowski [Tue, 26 Sep 2017 05:19:01 +0000 (22:19 -0700)]
Build fix after UUID refactor for stage branch
Change-Id: Ia01fa17ba40d315a912c391211e101a951eab562
Jakub Pawlowski [Tue, 26 Sep 2017 00:10:29 +0000 (17:10 -0700)]
resolve merge conflicts of
819e2ecb8 to stage-aosp-master
Test: I tested this conflict resolution.
Change-Id: Id915d1a9011dba4b898d47f5e6d6546079733a4c
Jakub Pawlowski [Mon, 10 Jul 2017 16:56:09 +0000 (09:56 -0700)]
Use one type for UUID (1/5)
Currently, we have few different representations for UUID in stack:
tBT_UUID, tSDP_UUID, bt_uuid_t, bluetooth:UUID, or uint8_t*.
Additionally, tBT_UUID and bt_uuid_t are used to hold UUID as 128bit
as Little Endian or Big Endian, depending on which part of stack (GATT
or SDP) is using it.
This patch is creating one type, bluetooth::Uuid, that will replace all
other types.
Bug:
66912853
Test: all sl4a tests for GATT and RFCOMM
Merged-In: Ia42d3233146db0488728ed6f878f99b368fe8838
Change-Id: Ia42d3233146db0488728ed6f878f99b368fe8838
Hansong Zhang [Fri, 22 Sep 2017 19:44:55 +0000 (19:44 +0000)]
Merge "Get rid of unused _DYNAMIC_MEMORY"
am:
9c268d0a54
Change-Id: Ida1e0fb77241f26153648ea325284d39636ba8c2
Hansong Zhang [Fri, 22 Sep 2017 19:39:05 +0000 (19:39 +0000)]
Merge "Get rid of unused _DYNAMIC_MEMORY"
Rob Herring [Fri, 22 Sep 2017 18:39:01 +0000 (18:39 +0000)]
Merge "btlinux: Fix sepolicy for split policy (Treble) builds"
am:
f0c8830387
Change-Id: I96784cd7c6aa31b3638edd27a6bc8437888a95a0
Treehugger Robot [Fri, 22 Sep 2017 18:32:43 +0000 (18:32 +0000)]
Merge "btlinux: Fix sepolicy for split policy (Treble) builds"
Hansong Zhang [Wed, 20 Sep 2017 16:31:32 +0000 (09:31 -0700)]
Get rid of unused _DYNAMIC_MEMORY
Removed the unused BTA_DYNAMIC_MEMORY and HID_DYNAMIC_LIBRARY
Bug:
27731905
Test: Manual
Change-Id: I6019584b165471c4058a2ec7ef8f278531153d18
Ajay Panicker [Fri, 22 Sep 2017 17:16:24 +0000 (17:16 +0000)]
Change our AVRCP capabilities if the remote device only supports 1.3
am:
6575e1630d
Change-Id: I7cd19034fd4bf513c4ec9a5b07b8ac5508651cd7
Ajay Panicker [Fri, 22 Sep 2017 17:16:15 +0000 (17:16 +0000)]
Bluetooth: Add AVRCP 1.3 as a developer option for AVRCP version (2/2)
am:
11b4d12b95
Change-Id: Idda00ee6b53c92c66a9ca4bbb0007319921f0f8a
Ajay Panicker [Fri, 22 Sep 2017 17:16:08 +0000 (17:16 +0000)]
Don't reject notifications and wait until new addressed player is ready (2/2)
am:
b72a002756
Change-Id: Ia004dcaf31a939f58b8624fcb7b2e239df469078
Ajay Panicker [Wed, 6 Sep 2017 16:59:51 +0000 (09:59 -0700)]
Change our AVRCP capabilities if the remote device only supports 1.3
This prevents issues with devices that only support 1.3 but can not
handle forward compatability like some Alpine Carkits.
Bug:
37943083
Test: Connect to Alpine carkit that only supports 1.3 and see new features
are used.
Change-Id: I6d041590dc51d7e8711b17fb1cb9c880b640052a
(cherry picked from commit
f9f1c8b449efb9cb7894a64fe2977f875679ba52)
Ajay Panicker [Fri, 1 Sep 2017 19:07:42 +0000 (12:07 -0700)]
Bluetooth: Add AVRCP 1.3 as a developer option for AVRCP version (2/2)
This is requied for the 2012 Mazda 3 carkit as the carkit refuses to send
AVRCP commands other than passthrough commands when the version is anything
else. AVRCP 1.3 is compatible with most carkits on the market and can be
used to get most carkits working at the cost of losing many features.
Bug:
37943083
Test: Set AVRCP 1.3 in developer options and see that SDP and the AVRCP
capabilites have updated to reflect this.
TestTracker: 105915/3975
Change-Id: Iffc7ed1dd91eecb699153125b25451de5826f202
(cherry picked from commit
2369a95e6ed0c16f61237fe9c1fc5a90d97129c1)
Ajay Panicker [Wed, 30 Aug 2017 01:30:43 +0000 (18:30 -0700)]
Don't reject notifications and wait until new addressed player is ready (2/2)
There are some carkits like the ones found in the 2016 Honda CRZ and some
Audi's that do not follow the spec and do not honor reject pending notification
messages after switching players. This causes an issue whenever you switch
players, the metadata freezes due to the fact that the carkit never re-registers
for new track changed notifications. This patch removes the reject notification
and reorders the current notifications.
Bug:
64142363
Test: Test with Audi S7 and 2016 Honda CRZ and see that switching players works
TestTracker: 105391/3975
Change-Id: Iaec70863594e13217916ab740d529f526d27c2d1
(cherry picked from commit
dd535e70c767fe214c1634b46618d0fb5ed4385d)
Jakub Pawlowski [Wed, 20 Sep 2017 22:32:26 +0000 (22:32 +0000)]
Get rid of libhardware dependency in native daemon
am:
8c273b3700
Change-Id: I9b2d7c3dd6cf7bbd0fcc5c6e39cf9ebf1d68e7aa
Jakub Pawlowski [Wed, 20 Sep 2017 21:53:23 +0000 (21:53 +0000)]
Loosen libhardware dependency
am:
b1aa65fbb3
Change-Id: Icd6842ffc2f5411c5f41c2c811b124b78796d3af
Jakub Pawlowski [Wed, 20 Sep 2017 20:52:11 +0000 (13:52 -0700)]
Get rid of libhardware dependency in native daemon
Test: compilation test
Bug:
66187274
Change-Id: I97ee33a55315f44dc03083d1a8da9a38d5619725
Jakub Pawlowski [Wed, 20 Sep 2017 20:16:11 +0000 (13:16 -0700)]
Loosen libhardware dependency
In most places we don't really need the libhardware library, just the
headers.
Bug:
66187274
Test: compilation test
Change-Id: Ifa2f547165fcf8b34bc29ab80d2bd12ce02f4ae1
Pavlin Radoslavov [Wed, 20 Sep 2017 19:47:14 +0000 (19:47 +0000)]
Enable extra A2DP control log messages
am:
7b67302a28
Change-Id: I0247ee2d4e174b46df2d6c9f37b666fbe3b969f3
Pavlin Radoslavov [Wed, 20 Sep 2017 03:29:33 +0000 (20:29 -0700)]
Enable extra A2DP control log messages
Also, fixed a log message when failed to accept the
corresponding socket socket.
Test: manual
Bug:
63949429
Change-Id: I6d9af32f61974a739d179c37da36c360aefcca79
Sunny Kapdi [Tue, 19 Sep 2017 20:01:39 +0000 (20:01 +0000)]
BLE Adv RPA is not updated on first timeout
am:
de1203d8cc
Change-Id: I20fa5876f0d091a680ae4028e63a50051f390b8e
Sunny Kapdi [Tue, 19 Sep 2017 01:14:13 +0000 (18:14 -0700)]
BLE Adv RPA is not updated on first timeout
BLE Advertisement RPA is getting updated with the
same RPA instead of the newly generated RPA on the
first timeout. Make sure to send the newly generated
RPA to the Controller.
CRs-Fixed:
2111232
Bug:
65857055
Change-Id: I4d8e95c26fe8e5944fdee32089b8fcaffa238367
Rob Herring [Mon, 18 Sep 2017 14:25:58 +0000 (09:25 -0500)]
btlinux: Fix sepolicy for split policy (Treble) builds
In full Treble builds, the btlinux HAL fails to build the sepolicy:
neverallow check failed at out/target/product/linaro_x86_64/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:4518
from system/sepolicy/public/domain.te:673
(neverallow base_typeattr_55 base_typeattr_56 (file (execute execute_no_trans entrypoint)))
<root>
allow at out/target/product/linaro_x86_64/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:6054
(allow hal_bluetooth_btlinux hal_bluetooth_btlinux_exec (file (read getattr map execute entrypoint open)))
Test: Build completes successfully
Change-Id: Ibb8dbe7f2ca823c87ae4404c40cdc35656c8e0af
Signed-off-by: Rob Herring <robh@kernel.org>
Jack He [Sat, 16 Sep 2017 06:27:37 +0000 (06:27 +0000)]
Merge "Clean-up BTIF profile queue on profile shutdown"
am:
643c869ca2
Change-Id: I7c22ae8dd883edacbe532f93d9e6a279f168d5ac
Treehugger Robot [Sat, 16 Sep 2017 06:24:09 +0000 (06:24 +0000)]
Merge "Clean-up BTIF profile queue on profile shutdown"
Jakub Pawlowski [Sat, 16 Sep 2017 00:24:11 +0000 (00:24 +0000)]
SetPreferredPhy/ReadPhy callback fix
am:
d08d44e09b
Change-Id: I81698e198eb7be1e4b11efb16f8c43311ed4a029
Jack He [Fri, 15 Sep 2017 00:13:19 +0000 (17:13 -0700)]
Clean-up BTIF profile queue on profile shutdown
* Add btif_profile_cleanup(uuid) method to remove pending connection
requests for individual UUIDs
* Call the above method in each profile's clean-up method
* Add unit tests for btif_profile_queue
Bug:
63790458
Test: make, unit tests, pair and connect car kits
Change-Id: I28288c295b7ca0259b2112c11b4e5a81d6f2e33c
Jakub Pawlowski [Fri, 15 Sep 2017 20:43:40 +0000 (13:43 -0700)]
SetPreferredPhy/ReadPhy callback fix
Bug:
65746728
Test: manual
Change-Id: Ifdd8e7051c953aa1c006abecd62d1af196619d98
Myles Watson [Fri, 15 Sep 2017 01:31:08 +0000 (01:31 +0000)]
Merge "GAP: Set service_id before calling gap_release_ccb"
am:
57c849d1e5
Change-Id: I9f3a6f08ab43b124d947355e158ee437fdea3bd8
Treehugger Robot [Thu, 14 Sep 2017 23:45:01 +0000 (23:45 +0000)]
Merge "GAP: Set service_id before calling gap_release_ccb"
Jakub Pawlowski [Thu, 14 Sep 2017 23:36:09 +0000 (23:36 +0000)]
Fix included service parsing (1/3)
am:
fae9b2fae0
Change-Id: I0c331c732ad09f3cf06ecaefbc6c5255f82f5b35
Myles Watson [Thu, 14 Sep 2017 21:13:44 +0000 (14:13 -0700)]
GAP: Set service_id before calling gap_release_ccb
Calling gap_release_ccb with a service_id == 0, which in turn
calls BTM_SecClrService with an ID of 0.
From the documentation for BTM_SecClrService:
Service ID - Id of the service to remove. '0' removes all
service records (except SDP).
Test: BLE connection and characteristic read
Change-Id: Icf309807f02e1faa273cf9bad9c09d9221a8bbfd
Jakub Pawlowski [Thu, 14 Sep 2017 18:40:32 +0000 (11:40 -0700)]
Fix included service parsing (1/3)
Bug:
65637368
Test: sl4a GattIncludedServiceTest
Change-Id: Icb882d411a75a91e3fea050f00c40e76de3539de
Jakub Pawlowski [Wed, 13 Sep 2017 22:44:15 +0000 (22:44 +0000)]
Add Suspend/Resume for advertising
am:
757e9b24ed
Change-Id: I11faa51795bc58831781bb229d22b35717018d6c
Jakub Pawlowski [Mon, 28 Aug 2017 16:56:13 +0000 (09:56 -0700)]
Add Suspend/Resume for advertising
This is needed for resolving list handling.
Bug:
64846264
Test: updated unit tests
Change-Id: I3d9c7b90d3b69d459d33c4ca7a9849ca3a7abc40
Myles Watson [Tue, 12 Sep 2017 22:01:28 +0000 (22:01 +0000)]
Merge "btm: Clear LINK_KEY_KNOWN flag for temporary connections"
am:
e5ed4dcc90
Change-Id: I2f01c85dcb9af27ff13d6e129ceb64d62e06774e
Treehugger Robot [Tue, 12 Sep 2017 21:50:08 +0000 (21:50 +0000)]
Merge "btm: Clear LINK_KEY_KNOWN flag for temporary connections"
Pavlin Radoslavov [Tue, 12 Sep 2017 21:11:46 +0000 (21:11 +0000)]
Fix ASAN crash inside btif_av_event_deep_copy()
am:
6d07e45b9a
Change-Id: I67be39dfaa463b7d2ab8124001f8edb342a338e6
Pavlin Radoslavov [Tue, 12 Sep 2017 21:11:25 +0000 (21:11 +0000)]
Return the correct status when BTA_AV Open failed because of role switch
am:
54bdc23b04
Change-Id: I8ad18c4488fbe5c33aaea72b5b113270c974aef3
Myles Watson [Tue, 12 Sep 2017 15:23:23 +0000 (08:23 -0700)]
btm: Clear LINK_KEY_KNOWN flag for temporary connections
Bug:
62561154
Test: Smart Setup, erase target, Smart Setup
Change-Id: Icba672a38772dc99a74f351301c81d66f37ee929
Pavlin Radoslavov [Tue, 12 Sep 2017 19:08:49 +0000 (12:08 -0700)]
Fix ASAN crash inside btif_av_event_deep_copy()
Allocate sufficient data on the stack that can be safely copied inside
btif_av_event_deep_copy()
Bug:
65524264
Test: Run Bluetooth on ASAN enabled build
Change-Id: Ie6d4a28933302131c58eb4aee34161e435634377
Pavlin Radoslavov [Tue, 12 Sep 2017 18:51:21 +0000 (11:51 -0700)]
Return the correct status when BTA_AV Open failed because of role switch
Bug:
65588660
Test: Code compilation
Change-Id: I705ec28c76f2342e18bece193005c962b9febac8
Kim Low [Tue, 12 Sep 2017 19:03:32 +0000 (19:03 +0000)]
Fix MAC address byte ordering in the uniq field
am:
7bc0edda0f
Change-Id: I3696cff5ff5d233823c102024aa1ea34449008c3
Kim Low [Thu, 6 Apr 2017 01:01:34 +0000 (18:01 -0700)]
Fix MAC address byte ordering in the uniq field
The UNIQ field can be used in the driver to detect duplicate devices.
For example, if a controller is connected via both Bluetooth and USB,
the driver can use the UNIQ field, which typically contains the unique
MAC address to identify that it's the same device.
Test: Connect a Bluetooth device and check its MAC address using
ioctl(EVIOCGUNIQ) call.
Change-Id: I458608e845fcb24c0d615f6aef8d92ccb08d08ec
Myles Watson [Tue, 12 Sep 2017 16:03:49 +0000 (16:03 +0000)]
stack: Fix btm_send_link_key_notif comment
am:
8c75f731fe
Change-Id: I578ce4ed7eebb86daf7dc4b3e02a03507e3aae7c
Myles Watson [Tue, 12 Sep 2017 14:08:13 +0000 (07:08 -0700)]
stack: Fix btm_send_link_key_notif comment
Test: build
Change-Id: I212ac76af9fab7b11d02120cae5f6eeec14baf69
Jakub Pawlowski [Mon, 11 Sep 2017 21:03:00 +0000 (21:03 +0000)]
Fix alarms being posted on wrong thread
am:
be8bbd7a83
Change-Id: I6c5148be7a78329cd568f197a28c75c8093da804
Jakub Pawlowski [Fri, 8 Sep 2017 18:26:25 +0000 (11:26 -0700)]
Fix alarms being posted on wrong thread
Alarms from btu_bta_alarm_queue and btu_generic_alarm_queue should be
processed on the main MessageLoop thread.
Replaced obsoleted alarm_set_on_queue() alarm API with the new
alarm_set_on_mloop() API
Test: manual
Bug:
65078753
Change-Id: I54b472b39b44a6c541dbdcdad7414056d0dd4163
Chao Quan [Mon, 11 Sep 2017 17:17:12 +0000 (17:17 +0000)]
Fix crash during derigister GATT server
am:
a5aca8f6de
Change-Id: I39ec65053a6883984c465032ea18ce567b6bfb5e
Chao Quan [Mon, 24 Jul 2017 11:46:53 +0000 (19:46 +0800)]
Fix crash during derigister GATT server
When deregister a gatt server, GATT_deregister
will use a loop to stop service one by one and
call std::list::erase in GATTS_StopService to
remove service info. But erase makes iterator lose
efficacy. If the iterator is operated after that,
Bluetooth will crash.
Add the iterator before erase.
Test: manual
Change-Id: I10f9351a95ab4922553d8a77663a0212407607aa
Jeremy Klein [Fri, 8 Sep 2017 23:40:22 +0000 (23:40 +0000)]
Ensure that services are cleaned from the GattServer HandleMap.
am:
5b96667c28
Change-Id: I55f103e1e0f6a9c91731c3f532160562750386c6
Jeremy Klein [Fri, 8 Sep 2017 21:04:39 +0000 (14:04 -0700)]
Ensure that services are cleaned from the GattServer HandleMap.
The incorrect service handle was being plumbed up to onServiceDeleted.
This was causing stale entries to stick around forever in the HandleMap,
which could later cause failures to find callback references in
ContextMap if the connection ID changed for a given device.
Bug:
65463237
Test: unit tests modified and run
Change-Id: I2e22858b447f4e6b5a4fbceee4c406191c84a67d
Pavlin Radoslavov [Fri, 8 Sep 2017 18:29:00 +0000 (18:29 +0000)]
Use strlcpy() instead of strncpy() to copy string property
am:
c5c668a6d4
Change-Id: I55e6a015219819338aabfbb9a18b459fbaaaa056
Pavlin Radoslavov [Thu, 7 Sep 2017 23:22:53 +0000 (16:22 -0700)]
Use strlcpy() instead of strncpy() to copy string property
Also, allocate property with extra space for the null-termination string.
Test: Unit tests passing
Change-Id: I67452cb640cda752c3094c2b1a47eaa13c24e5c6
Pavlin Radoslavov [Thu, 7 Sep 2017 22:37:08 +0000 (22:37 +0000)]
Read the Tx Power level when flushing the A2DP Tx queue
am:
c7bf47cefc
Change-Id: I009f2e0f1d4d1857d12c3d01f817d83da977d526
Pavlin Radoslavov [Fri, 1 Sep 2017 23:40:59 +0000 (16:40 -0700)]
Read the Tx Power level when flushing the A2DP Tx queue
Also, minor renaming and cleanup (for consistency).
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: Id722342b596e0bf3c9c7664272b6d3e311bb82e9
Pavlin Radoslavov [Thu, 7 Sep 2017 22:22:04 +0000 (22:22 +0000)]
Implement HCI_Read_Automatic_Flush_Timeout mechanism
am:
b8568ae0e1
Change-Id: I064439a79ca43945da7e74885fb9e9b17da804cb
Pavlin Radoslavov [Fri, 1 Sep 2017 23:09:27 +0000 (16:09 -0700)]
Implement HCI_Read_Automatic_Flush_Timeout mechanism
Also, read the Automatic Flush Timeout when flushing the A2DP Tx queue
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: Ic49b5236328ddacde1d7f2aee131e35e317a14ef
Jakub Pawlowski [Thu, 7 Sep 2017 17:46:47 +0000 (17:46 +0000)]
Merge "Fix GATT log spam"
am:
b94c72965a
Change-Id: I74f3628362ae952348bddbb5b435671da4a00592
Jakub Pawlowski [Thu, 7 Sep 2017 17:39:09 +0000 (17:39 +0000)]
Merge "Fix GATT log spam"
Jaekyun Seok [Thu, 7 Sep 2017 02:08:05 +0000 (02:08 +0000)]
Add 'vendor.' prefix to a vendor HAL service name
am:
b7fe6161ad
Change-Id: Id06569074e309f8977751cbe6bf135dc2e525402
Jaekyun Seok [Wed, 30 Aug 2017 02:17:08 +0000 (11:17 +0900)]
Add 'vendor.' prefix to a vendor HAL service name
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.
Test: succeeded building gce_x86_phone-userdebug and confirmed that
service names were renamed correctly.
Bug:
36796459
Change-Id: Iedcb3a01e00e80c58dc76653784a3c353f34ce0a
Michael Spang [Wed, 6 Sep 2017 19:57:08 +0000 (19:57 +0000)]
Fix stack-buffer-overflow in bluetooth service GATT client
am:
998f78519d
Change-Id: I8077302700eea32cd1460870b870aa519699fcc1
Michael Spang [Wed, 6 Sep 2017 15:44:33 +0000 (11:44 -0400)]
Fix stack-buffer-overflow in bluetooth service GATT client
Use the tBTA_GATTC union for |notify| in bta_gattc_process_indicate() to
avoid a stack-buffer-overflow in btif_transfer_context.
==1410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x0077c8c0c066 at pc 0x0077e50c9ae0 bp 0x0077c8c0bcd0 sp 0x0077c8c0b460
READ of size 616 at 0x0077c8c0c066 thread T38 (btu message loo)
#0 0x77e50c9adf in __interceptor_memcpy external/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:701:5
#1 0x77ca1e838f in memcpy(void*, void const* pass_object_size0, unsigned long) bionic/libc/include/string.h:173:12
#2 0x77ca1e838f in btif_transfer_context(void (*)(unsigned short, char*), unsigned short, char*, int, void (*)(unsigned short, char*, char*)) system/bt/btif/src/btif_core.cc:208:0
#3 0x77ca209853 in (anonymous namespace)::bta_gattc_cback(unsigned char, tBTA_GATTC*) system/bt/btif/src/btif_gatt_client.cc:204:7
#4 0x77ca11455b in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1596:9
#5 0x77ca40b4b7 in gatt_process_notification(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:664:7
#6 0x77ca40d78f in gatt_client_handle_server_rsp(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:1119:9
#7 0x77ca414447 in gatt_le_data_ind(unsigned short, unsigned char*, BT_HDR*) system/bt/stack/gatt/gatt_main.cc:576:7
#8 0x77ca47665b in l2c_rcv_acl_data(BT_HDR*) system/bt/stack/l2cap/l2c_main.cc:211:9
#9 0x77c9da50eb in base::Callback<void (), (base::internal::CopyMode)1>::Run() const external/libchrome/base/callback.h:389:12
#10 0x77c9da50eb in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) external/libchrome/base/debug/task_annotator.cc:51:0
#11 0x77c9df75e3 in base::MessageLoop::RunTask(base::PendingTask const&) external/libchrome/base/message_loop/message_loop.cc:494:19
#12 0x77c9df80b7 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) external/libchrome/base/message_loop/message_loop.cc:503:5
#13 0x77c9df8fb7 in base::MessageLoop::DoWork() external/libchrome/base/message_loop/message_loop.cc:627:13
#14 0x77c9dfd33b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) external/libchrome/base/message_loop/message_pump_default.cc:35:31
#15 0x77c9e4e327 in base::RunLoop::Run() external/libchrome/base/run_loop.cc:35:10
#16 0x77ca3e97ab in btu_message_loop_run(void*) system/bt/stack/btu/btu_task.cc:98:14
#17 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#18 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#19 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#20 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#21 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#22 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 2 lines
Address 0x0077c8c0c066 is located in stack of thread T38 (btu message loo)
at offset 646 in frame
#0 0x77ca114293 in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1538:0
002(bluetooth) btu message loo identical 1 line
This frame has 4 object(s):
[32, 646) 'notify' (line 1543)
[784, 790) 'remote_bda' (line 1544) <== Memory access at offset 646 partially underflows this variable
[816, 817) 'gatt_if' (line 1545) <== Memory access at offset 646 partially underflows this variable
[832, 833) 'transport' (line 1546) <== Memory access at offset 646 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Thread T38 (btu message loo) created by T37 (bt_workqueue) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca3e9a73 in btu_task_start_up(void*) system/bt/stack/btu/btu_task.cc:127:26
#3 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#4 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#5 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#6 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#7 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#8 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 1 line
Thread T37 (bt_workqueue) created by T20 (stack_manager) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca3e936f in BTU_StartUp() system/bt/stack/btu/btu_init.cc:129:25
#3 0x77ca2a513b in event_start_up_stack(void*) system/bt/btif/src/stack_manager.cc:146:3
#4 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#5 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#6 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#7 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#8 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#9 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 1 line
Thread T20 (stack_manager) created by T0 (droid.bluetooth) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca2a4e7f in ensure_manager_initialized() system/bt/btif/src/stack_manager.cc:238:23
#3 0x77ca2a4e7f in stack_manager_get_interface() system/bt/btif/src/stack_manager.cc:251:0
#4 0x77ca1b7927 in init(bt_callbacks_t*) system/bt/btif/src/bluetooth.cc:144:3
#5 0x77ca9899fb in android::initNative(_JNIEnv*, _jobject*) packages/apps/Bluetooth/jni/com_android_bluetooth_btservice_AdapterService.cpp:663:13
#6 0x77e1c87703 in art_quick_generic_jni_trampoline /proc/self/cwd/art/runtime/arch/arm64/quick_entrypoints_arm64.S:2329:0
#6 0x37ab0579318381f (<unknown module>)
002(bluetooth) btu message loo identical 1 line
SUMMARY: AddressSanitizer: stack-buffer-overflow (/system/lib64/libclang_rt.asan-aarch64-android.so+0x31adf)
Shadow bytes around the buggy address:
0x001ef91817b0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x001ef91817c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x001ef9181800: 00 00 00 00 00 00 00 00 00 00 00 00[06]f2 f2 f2
0x001ef9181810: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 06 f2
0x001ef9181820: f2 f2 01 f2 01 f3 f3 f3 00 00 00 00 00 00 00 00
0x001ef9181830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef9181840: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef9181850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1410==ABORTING
Bug:
65381426
Change-Id: Ie632f131b622cc323ce68ec7be152caef23c95ec
Sagayajayasheelan Thomas [Wed, 6 Sep 2017 17:08:34 +0000 (17:08 +0000)]
Merge "Extended Scan HCI definations as per BT 5.0 SIG "
am:
62721a272c
Change-Id: I8df6de2371754efa7a76f1aea7f072702257ba9c
Treehugger Robot [Wed, 6 Sep 2017 17:03:37 +0000 (17:03 +0000)]
Merge "Extended Scan HCI definations as per BT 5.0 SIG "
Pavlin Radoslavov [Wed, 6 Sep 2017 16:35:55 +0000 (16:35 +0000)]
Store a name string in property without violating string boundaries
am:
2a874660a9
Change-Id: I4c96e2ac0135c50ef633e86ad93b867de76c753d
Jakub Pawlowski [Wed, 6 Sep 2017 15:41:46 +0000 (08:41 -0700)]
Fix GATT log spam
Bug:
65255942
Test: manual
Change-Id: I212bc93149dc514517f409edc36f74e1c2895d96
Pavlin Radoslavov [Sun, 19 Mar 2017 02:35:06 +0000 (19:35 -0700)]
Store a name string in property without violating string boundaries
Don't copy data beyond end of string when storing it as BT_PROPERTY_BDNAME
in property.
Also, update an unit test to create a string by considering the property
name length.
Test: Running unit tests with ASAN enabled
Change-Id: Iaa586b4a0942f99ba469d1ed963729e7ad721503
Sagayajayasheelan Thomas [Mon, 17 Jul 2017 09:50:01 +0000 (15:20 +0530)]
Extended Scan HCI definations as per BT 5.0 SIG
Added Ext Scan HCI defination for periodic scan.
Change-Id: Ic7dce5fb5207a22e4b193d84033d84126d780be5
Signed-off-by: Sagayajayasheelan Thomas <sagayajayasheelan.thomas@intel.com>
Srinu Jella [Wed, 6 Sep 2017 02:37:59 +0000 (02:37 +0000)]
Clear IB_CFG_DONE on receiving peer config request when channel open
am:
7f1ee9db2d
Change-Id: Ic96d305927361e75bf328eeeaff9d91d96ea9916
Srinu Jella [Thu, 17 Nov 2016 09:32:20 +0000 (15:02 +0530)]
Clear IB_CFG_DONE on receiving peer config request when channel open
Root Cause: Configure request fails in CST_OPEN state
after a configure request IB_CFG_DONE and OB_CFG_DONE both are
cleared. Some IOT devices try to configure again in the CST_OPEN
state which fails if OB_CFG_DONE is cleared.
Fix: Clear IB_CFG_DONE and keep OB_CFG_DONE unchanged on receiving
Peer config request when channel open.
Test: Tested with Geely Carkit.
Bug:
35082459
Change-Id: I8deca0c8ff73faafc3da94dcd9ea55e06bd8a31d