OSDN Git Service
Priti Aghera [Wed, 1 Jul 2015 20:27:57 +0000 (13:27 -0700)]
Set random identity only if enhanced privacy is supported
Change Own address type to Random identity only if controller supports enhanced
privacy. Check if controller supports enhanced privacy before changing own adress type
and peer address type to 0x02 or 0x03 in auto connection.
Privacy 4.1 only supports Public and Random address.
Bug:
20817308
Change-Id: I9f5531e4e41c824426cd64de517b44355ac2655d
Pavlin Radoslavov [Wed, 1 Jul 2015 04:39:11 +0000 (21:39 -0700)]
Use the correct memory free function within HCI layer shutdown
The entries on the "command_queue" are allocated by osi_calloc()
hence they should be deallocated by osi_free()
Bug:
21784321
Change-Id: Ic6e13dbafef2c6ac79ce74ebfc4db702c9ef04c5
Andre Eisenbach [Sat, 27 Jun 2015 05:30:33 +0000 (22:30 -0700)]
Fix possible null-pointer de-reference in bta_gattc_util
Bug:
21756298
Change-Id: I4bd38f6fa594ccb4dd9f23f3887484743a3bc451
Pavlin Radoslavov [Fri, 26 Jun 2015 21:44:12 +0000 (14:44 -0700)]
Copy an AVRC packet before sending a response back
Don't reuse AVRC buffers for responding back. Apparently,
in the AVRC packets we transmit the offset with the payload must
be at least 15 octets. If the original buffer is not large enough,
this results in memory corruption.
Also, use an explicit check for 'bt_rc_ctrl_callbacks' as a workaround
until the upper layer does the right thing with the callbacks registration.
Bug:
22006014
Change-Id: I28c248d1580bdddbda76298d19faadf8985187fc
Tucker Sylvestro [Thu, 18 Jun 2015 22:14:25 +0000 (18:14 -0400)]
Always ACK indications in the event of an error
This works around a race condition in which the just-connected remote
device sends the local device an indication before the appropriate
handle/device/etc. has been added to the cache. Previously we were
dropping that indication, which led to the remote device timing out
and disconnecting some time after the connection had been successfully
established.
Bug:
21026847
Change-Id: Iea43e7c93e48b5e7a7e78a1c3fb591d6fe972fc3
Pradeep Panigrahi [Tue, 16 Jun 2015 04:32:50 +0000 (10:02 +0530)]
Set idle timeout to zero when removing fixed channel
Use Case:
1) pair and Connect to HOGP mouse
2) Disconnect from setting menu.
Failure:
Disconnect is not sent immediately
Root Cause:
While disconnecting we start lcb's default timeout of 4 seconds before
disconnecting the link. Since we are removing fixed channels associated
to a remote, setting idle timeout to 0 for immediate disconnection.
Bug:
21877809
Change-Id: I39fedb6cac6f952149cb2722d028115fbdc20b70
Avish Shah [Thu, 25 Jun 2015 12:31:33 +0000 (18:01 +0530)]
Resolved incorrect AV startup sequence
Issue:
-> In AV start-up sequence, State machine initialization was being
called after enabling Btif A2dp service.
-> In that case, State machine handle will be empty and it will
prevent enable and register events to enter into BTIF.
-> Because of the absence of enable/register events, AV module in
stack will be unaware of upper layer registration and will not
proceed for connection.
Fix:
-> Changed the sequence in AV start-up, initialized State machine
first before dispatching any events to State machine.
-> So, the handle will not be empty and will not block events like
BTA_AV_ENABLE_EVT and BTA_AV_REGISTER_EVT to enter into BTIF.
Bug:
21451237
Change-Id: I5d47e20ed68ea5730a7c149c316446eb8a1d41af
Subramanian Srinivasan [Thu, 12 Feb 2015 00:55:12 +0000 (16:55 -0800)]
HOGP: Clear allocated memory for unmatched HID reports
Prevents GKI Exception in BT stack when phone enters suspended state
after performing HOGP device connection by clearing the allocated
memory when write to an unmatched report is done.
Bug:
22028876
Change-Id: Ia6ca9405142410e894c7ebe84d8827ffdc7659ba
Nitin Arora [Mon, 1 Jun 2015 12:24:10 +0000 (05:24 -0700)]
SMP state machine fix for passkey entry
The SMP slave state machine goes on to generate local nonce
after a successful commit, and ignores any commit from the
remote master if received during the generation process.
This change fixes that race condition
Bug:
21896912
Change-Id: I0cc2f1d20f6754d19f8b39fd62e3176007c50f1b
Nitin Arora [Tue, 30 Sep 2014 01:43:27 +0000 (18:43 -0700)]
Configure Bluetooth Low Energy scan parameters correctly
This patch ensures that Bluetooth Inquiry uses the low latency
scan parameters, and the scan params set by the Apps for LE scan
are retained and set at the end of a BT inquiry.
Bug:
21896912
Change-Id: Iaf9e47330393cc1e0c21c625e8e07ce933506983
Satya Calloji [Fri, 19 Jun 2015 17:46:03 +0000 (10:46 -0700)]
Incorrect address type in LE connected event
Enable address resolution to resolve the incoming connection details
to provide the correct address type as part of the LE connection
event.
Bug:
21751039
Change-Id: I148b0ffbfa1a39a32d90f5607362754d1901203f
Srinu Jella [Fri, 19 Jun 2015 12:20:40 +0000 (17:50 +0530)]
Set the security mode to secure connections only mode
Use case: Test the secure connections only mode PTS test cases.
Test Steps:
1. Call the API BTM_SetSecureConnectionsOnly from BT-IF layer to
put the DUT is under secure connections only mode to execute
the PTS test case TP/SEC/SEM/BV-11-C.
2. Run the required steps for PTS test case.
Failure: Failed to enter into secure connections only mode.
Root Cause: The function BTM_SetSecureConnectionsOnly doesn't set
btm layer security mode variable to only mode and all further checks
are based on that variable.
Fix: Fixed it by setting the security mode variable properly
in the API function.
Bug:
21896912
Change-Id: I21d37e7d24c443c2cbcd72d6f62f5e31fa7cf107
Srinu Jella [Tue, 12 May 2015 14:48:43 +0000 (20:18 +0530)]
Correct the logic of UIPC thread id check
Use case: Check the A2dp play , pause from headset
STR:
Connect to the headset from DUT
Try play , pause from Headset once the song is started playing from headset.
Failure: Bluetooth process crashed due to invalid fd descriptor while
clearing fds using FD_CLR
Root cause: Root cause for this issue is pthread join mechanism for
UIPC thread is not proper ( incorrect logic ), as a result UIPC thread
still running, and A2DP media task will try to start a new UIPC thread
before the previous UIPC read thread is closed, finally sometimes
this scenario leads to this issue. This issue doesn't come always,
if the media task is in process of initiating the fds before staring
the new UIPC thread, and previous UIPC thread is in exiting state.
Fix: Correct the logic of UIPC thread id check while joining the UIPC thread.
Thread id might hold pointer value where it's value is negative vaule with
singed bit is set,so corrected the logic to check against zero or non zero.
Bug:
21896912
Change-Id: I1307d848958656e718e95a972f258526470b1974
Srinu Jella [Mon, 13 Oct 2014 12:36:01 +0000 (18:06 +0530)]
Reset the pairing state on pairing failure
Use case: Test the paring scenario with remote device with security mode 3.
STR:
1. Create a connection from Remove dev with Security Mode-3 to DUT.
2. Enter pin key in remote, when pin key pop-up comes in DUT, reject the same.
3. Try to create connection from DUT to Remote dev-2, within 30 seconds.
Failure: Create connection not sent from DUT to remote, even though
there was no pairing taking place
Root cause: As the pairing state is not reset properly it disturbs
the next pairing process.
Reproducible using MecApp test application.
Fix: Reset the pairing state to idle in case stored paring
device matches with the device for which the pairing
failure happened.
Bug:
21896912
Change-Id: I0a9e143a44bb2ae7e296d7d76c1323e517f9cc42
Srinu Jella [Wed, 15 Oct 2014 11:10:02 +0000 (16:40 +0530)]
Handle connection request to already connected device.
Use case: Test the connect collision scenario from DUT and Headset.
STR:
1. Create a connection from DUT to headset, disconnect and unpair the link.
2. Turn OFF and turn ON headset, keep in pairing mode, headset keeps trying
to connect back to DUT.
3. Inquiry in DUT, and connect to headset.
Failure: DUT gets stuck in pairing, whenever there is a clash in
accept_connection and create_connection.
Root cause: When DUT and remote try to connect to each other simultaneously,
an ACL handle is created with first connect request and the second connect
request is also processed.DUT doesn't check whether there is already a
ACL handle present between the devices.
Fix: Fixed the issue by reusing the existing handle and
discarding the second connect request.
Bug:
21896912
Change-Id: I2001bc3b2fa50f827a4e3b41cde91af1ea106c54
Srinu Jella [Mon, 22 Dec 2014 14:16:28 +0000 (19:46 +0530)]
Allocated requested buffer size in SDP attribute request
Use case: Allocated required GKI buf in sdp attr req
1. Enter UUID - 0100 for L2CAP or 110C for AVRCP Target so DUT sends
continuation frame for TSPX_sdp_service_search_pattern on PTS
2. Start Test case TP/SSA/BV-06 in PTSv6.0
Failure: Some PTS test cases request less attributes in first packet
and request more attributes in continuation packets.
As stack allocates the buf in start packet and using the same
buf in continuation packets, it's causing buffer corruption and crash
Root cause: Buffer allocated for start packet is not sufficient
in continuation packets
Fix: Fixing this issue by dynamically allocating buffer in continuation
packets of service_search_attr_req and service_attr_req
Bug:
21896912
Change-Id: I8daeffb7d6486c7b916ad2f0505ad422d91a613c
Srinu Jella [Wed, 18 Jun 2014 15:45:55 +0000 (21:15 +0530)]
NULL pointer check in sdpu_build_attrib_entry
Use case: NULL pointer check in sdpu_build_attrib_entry
Crash observed during BT stability test
Failure: Crash observed while accessing p_attr->value_ptr
Root cause: There is no null check for p_attr->value_ptr while
accessing it in sdpu_build_attrib_entry
Fix: Fixing this issue by adding null check for p_attr->value_ptr
while accessing it in sdpu_build_attrib_entry
Bug:
21896912
Change-Id: I1dd352a33ff6f86add7d1b1bfdf240d1b7992b83
Hemant Gupta [Mon, 4 Aug 2014 12:37:41 +0000 (18:07 +0530)]
HID: Allow reconnection from Host on paired HID Devices.
Host can send connection request when paired HID device
is in disconnected state. We are not checking the
NORMALLY_CONNECTABLE flags from sdp record, and by default
sending this request from host, for subsequent user initiated
connection to paired remote HID Devices.
If the remote HID is in page scan mode, it will get connected
and if not, connection will fail after retrying until
HID_HOST_MAX_CONN_RETRY times.
Without this patch, if remote hid device sdp record shows that
device's NORMALLY_CONNECTABLE flag is false, host will not be
able to create outgoing connection to remote device even if the
device is in pairing mode until device is unpaired giving bad
user experience.
Bug:
22028876
Change-Id: I2b3c5c25dc7b08ab6ed0c3667897e5ea0f05f914
Nitin Shivpure [Tue, 15 Jul 2014 12:30:21 +0000 (18:00 +0530)]
PAN: Fix to avoid buffer corruption while rebuilding the Bnep header
A case, where 3 remote device (PANU role) is connected with DUT (NAP role).
the one remote (PANU role) send BNEP_COMPRESSED_ETHERNET_DEST_ONLY
packet to DUT (NAP role), which is for another remote device (PANU role).
So DUT (NAP role) forwards this packet to another remote device (PANU role).
As same pbuf is used across the L2CAP/BNEP/PAN layer since reception from
L2CAP to writing on L2CAP CID of another PANU. Sometimes buffer (p_buf) gets
corrupted, when required buffer size is greater than actual buffer size,
while rebuilding the Bnep header.
Using bnep_write instead of bnep_writeBuf to solve the buffer corruption
issue, which allocates the new buffer & append data into it.
This patch also add TRC_BNEP & TRC_PAN into conf file.
Bug:
22028876
Change-Id: I125cab6d3da0f8126605bc7e9f764a27ee72fb1f
Anubhav Gupta [Wed, 12 Nov 2014 14:25:00 +0000 (19:55 +0530)]
Proper construction of AVDTP general reject message
Build AVDTP general reject message as per AVDTP Specification.
Resolves issue with PTS AVDTP case TP/SIG/SMG/BI-28.
Bug:
21896912
Change-Id: I10e729f099898096f666081f5e5cd8e4a9dc3ae7
Anubhav Gupta [Mon, 14 Apr 2014 08:59:25 +0000 (14:29 +0530)]
Delay A2DP HAL out stream open process
Delay A2DP HAL out stream open process to ensure that the
Headset is in proper state when START is initiated from DUT
immediately after the connection due to ongoing music playback.
Jawbone speaker goes to bad state unless it gets enough time
between AVDTP OPEN and START.
Bug:
22028876
Change-Id: I79a895a85ac7d37208192acf9064fd5c979dd28b
Anubhav Gupta [Mon, 12 Aug 2013 20:07:22 +0000 (01:37 +0530)]
Suspend AVDTP link in remote initiated AVDTP Start
As media player is not started as part of remote initiated
AVDTP start, hence if link is kept in Started state when
remote initiated START is received it unncessarily blocks
power manager to trigger sniff on that link which increases
power number.
Related issue is seen with Moto HS820, Denso08.
These peer devices send AVDTP start on AVDTP connect and
does not suspend causing link not to go to sniff.
This change takes care of sending suspend in such scenarios
DUT initiated start gets triggered when local playback starts.
Moreover this change helps in suspending streaming if remote
initiates avdtp start during an ongoing call. This helps
remote and DUT's a2dp state to be in sync.
Bug:
22028876
Change-Id: I8ebee009c95148cf733e39d897bc8ffe5af7791e
Anubhav Gupta [Thu, 4 Jun 2015 11:24:37 +0000 (16:54 +0530)]
A2DP: Use mutex to only to check and set HAL state
In multi-threaded env A2DP state gets updated to suspended
after checking and before acquiring mutex lock. A2DP State
should be checked inside mutex lock to avoid checking against
inconsistent state.
Moreover this change prevents overwriting of state
from AUDIO_A2DP_STATE_SUSPENDED to AUDIO_A2DP_STATE_STOPPED
which would start the data path when there is data inflow
from audio in suspended state, which is not intended.
This change helps avoiding above wrong actions.
Bug:
22028876
Change-Id: I4fb73c1a6851fa97d539860d5fc0b8022b019bc1
Pavlin Radoslavov [Sat, 20 Jun 2015 02:21:47 +0000 (19:21 -0700)]
Fix the file permissions of /data/misc/bluedroid/bt_config.conf
Fix the file access permissions and group ownership of
"/data/misc/bluedroid/bt_config.conf" so the file can be reused when
switching users on the device.
For that purpose, we need to do the following:
1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid"
so the files created in that directory will have group-id of
"net_bt_stack" .
2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf"
to Read/Write by User and Group.
Bug:
21493919
Change-Id: I48b73711789734b5221231729f8cd9ff9bb94be7
Anubhav Gupta [Thu, 13 Nov 2014 14:28:09 +0000 (19:58 +0530)]
Property based change to qualify TC_INT_SRC_SIG_SMG_BV_23_C
As Bluedroid AVDTP solution does not use ABORT command
in any of the usecases hence this property based change
is made to pass AVDTP ABORT mandatory TC using PTS.
Affected PTS TC: TC_INT_SRC_SIG_SMG_BV_23_C.
System Property to enable sending ABORT to pass the TC is:
bluetooth.pts.force_a2dp_abort
Bug:
21896912
Change-Id: I71bd11de07b9d8fb15a933712db25f0a93e10dd5
Andre Eisenbach [Tue, 16 Jun 2015 13:58:20 +0000 (19:28 +0530)]
Add deep copy of AVRCP metadata commands
The data structure for RC metadata event contains pointers within.
Added deep copy of the data structures to avoid memory corruption.
Bug:
20017069
Change-Id: Ibc5bc75cfd62abda9611060b5b435bed9e472376
Nitin Arora [Fri, 20 Mar 2015 01:06:41 +0000 (18:06 -0700)]
Disconnect Gatt during failure of service changed discovery process
Gatt service changed discovery holds link till it completes discovery of service,
characteristics, descriptots and writing notification for characteristic descriptor,
this change takes care of removing the link if service discovery fails during any
stage of this process.
Bug:
21896912
Change-Id: Ie97a039568fedc66403895e7e917e4d72a5419e1
Anubhav Gupta [Wed, 23 Oct 2013 12:23:09 +0000 (17:53 +0530)]
Not Implemented response for unsupported AVRCP commands.
Ensure DUT responds as not implemented for AVRCP
pass-through commands which are not supported by DUT.
This gives right impression to peer device on the correct
set of pass-thorugh commands supported by DUT.
Bug:
21896912
Change-Id: Ie10e74e2a399bb420f55c55005600c945b53bfc2
Nitin Arora [Wed, 10 Jun 2015 23:46:45 +0000 (16:46 -0700)]
Use correct UUID for Central Address Resolution characteristic
This patch rectifies the UUID used for Central Address resolution
characteristic which was earlier assigned the same value as
UUID for service change indication
Bug:
21896912
Change-Id: I2b341413d0a4331584844b54971f7645fd7e438e
Anubhav Gupta [Wed, 6 May 2015 10:54:10 +0000 (16:24 +0530)]
Reject AVDTP START and SUSPEND request in invalid state
Reject remote initiated AVDTP START and SUSPEND request
in invalid state. This helps passing the below PTS cases.
TC_ACP_SRC_SIG_SMG_BI_20
TC_ACP_SRC_SIG_SMG_BI_26
Change-Id: I177456389246df89e7d7560555ffffde0639e618
Sharvil Nanavati [Sat, 13 Jun 2015 09:12:08 +0000 (02:12 -0700)]
Reduce CPU utilization from ~60% to ~10% on busy HCI reads.
This patch improves RFCOMM throughput and reduces CPU utilization.
Instead of using a counting semaphore to measure bytes and reading
one at a time from the eager reader's buffer, read in bulk based
on the incoming read request size.
Change-Id: I17046bfbc3ca49576a9c82b38911aeb84234881a
Mudumba Ananth [Thu, 4 Jun 2015 13:00:48 +0000 (06:00 -0700)]
Fix insufficient buffer size allocation in hci_inject
A bug in the hci_inject when requesting a buffer to carry the
injected HCI packet. The allocated size should include the BT_HDR
header size.
Change-Id: Ic1fd41264249103140ce50dff843a99a6bd7dbd8
Pavlin Radoslavov [Thu, 11 Jun 2015 09:09:01 +0000 (02:09 -0700)]
Re-enable the OSI memory allocation tracker.
Previously, the OSI memory allocation tracker was disabled as
a temporary workaround for Bug
21561735.
The root cause for the original issue is now addressed by using the
appropriate linker flags when generating the bluetooth.default.so
shared library:
LOCAL_LDLIBS := -Wl,-Bsymbolic,-Bsymbolic-functions
Also, added missing #include in file "btif/src/btif_sock_sco.c"
Bug:
21561735
Change-Id: I384a6f3d1d03c74f8d1e3c96bf7e0b5961206feb
Andre Eisenbach [Tue, 9 Jun 2015 03:43:00 +0000 (20:43 -0700)]
Do not ask for confirmation for temporary pairing
Bug:
20187234
Change-Id: I4213a3c2cafecdb39fcf3f19464c91776180267a
Dan Albert [Tue, 9 Jun 2015 23:53:45 +0000 (16:53 -0700)]
Add missing include.
osi_malloc was never included, so it was implicitly defined as
returning an integer (thank you, C). Clang caught the int to pointer
conversion error.
Change-Id: I0d8a3363d92cb72a22780d049a53e193d2e50ec5
Casper Bonde [Thu, 21 May 2015 09:08:45 +0000 (11:08 +0200)]
SAP: Make it possible to enforce a 16-digit pin code (1/5)
This change enable the posibility to enforce using a
16-digit pin or MITM for a RFCOMM or L2CAP connection.
This is needed for the SIM access profile.
Change-Id: I02886ce284f27295205def3c66fb76372f5dab4f
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Eric Laurent [Fri, 5 Jun 2015 18:55:24 +0000 (11:55 -0700)]
Revert "A2DP audio HAL: implement get_presentation_position()"
This reverts commit
0b6c835cab0391f73a453686f4e665dd02661d77.
Bug:
21660426.
Mallikarjuna GB [Thu, 21 May 2015 08:54:05 +0000 (14:24 +0530)]
Initialize btif_max_hf_clients with proper value
btif_max_hf_clients which is an unsigned 16bit integer is
initialized with -1(0xFFFF) in btif_hf.c. Later on, when
application calls init with max_hf_clients as 1, btif_max_hf_clients
will be set to 1. But, before this happens, context switch happened
from application context to btif context with btif_max_hf_clients as -1.
In the btif context, BTA_AgRegister gets called in for loop for 0xFFFF
times. We are running out of scbs due to this.
Initialize btif_max_hf_clients with 1. Assign it to max_hf_clients
before context switch happens.
Change-Id: Ibde1bebbab2eb64442027164236f1d82e4269d23
Mallikarjuna GB [Fri, 7 Nov 2014 11:22:25 +0000 (16:52 +0530)]
Fix issues in A2dp, Avrcp, HF and AG reported by static analysis tool
- Fixes to validate Array Index Value and Null Pointer
Dereference reported by static analysis tool.
Change-Id: Id1492315f68378fdcfa517bd0a5cacefc8ebfddb
Anubhav Gupta [Mon, 17 Nov 2014 01:02:45 +0000 (17:02 -0800)]
Ignore STOP command if A2DP stream is suspended
Ignore STOP command if A2DP stream is already suspended.
Some carkits send STOP command before VOIP call initiation
but don't send PLAY when call ends which hinders DUT to resume
audio playback after call termination.
Change-Id: I41cc1fc6f4b6cfaa1560d729baa0ca27f6dfe8c8
Anubhav Gupta [Tue, 7 Oct 2014 12:58:19 +0000 (18:28 +0530)]
Remove check for stream type in a2dp hal_callbacks.
Stream type is invalid till signalling channel
connection establishment is completed. Do not
check stream type while calling HAL callback.
Change-Id: I69fb19636f3e9bb72202c450dcef9e7bc2e53731
Mallikarjuna GB [Mon, 22 Sep 2014 04:30:36 +0000 (10:00 +0530)]
Clear remote BD address information.
This change makes sure that when RFCOMM
connection fails for HFP, AG control block
clears the remote bd address. This will prevent
the misuse of remote bd address.
Change-Id: I9b14cfe7ae18e72f0972704ac3aa5e915f70ddb3
Mallikarjuna GB [Fri, 22 May 2015 09:44:25 +0000 (15:14 +0530)]
Don't stop sniff timer before checking for service ID entry
- Avoid stopping sniff timer before checking for service
ID entry for which bta_sys_conn_close is called since if
entry is not present we return without re-starting timer
and ACL doesn't go into sniff.
Change-Id: I063da8e58e067ade5d646debf086bb443066106c
Mallikarjuna GB [Thu, 21 May 2015 13:37:30 +0000 (19:07 +0530)]
Don't initiate sniff in sniff mode
This change makes sure that AG does not retry
to intiate sniff if device is already in remote
initiated sniff mode.
Change-Id: I77a0c4c0aaf2e93e3168f49998fe22a971d46212
Mallikarjuna GB [Thu, 21 May 2015 13:47:06 +0000 (19:17 +0530)]
Updated ATD string parsing
This change makes sure that the Dial string
parsing accepts 'pause' and 'wait' characters
too.
Change-Id: Ie56b355199a3d4292d0ee9913852292147ccf55f
Mallikarjuna GB [Wed, 22 Oct 2014 13:56:41 +0000 (19:26 +0530)]
Stop AG collision timer.
This change makes sure to stop collision
timer of AG when cleanup is happening
while BT turn off.
Change-Id: Ia877f98ba3136ec3278cbec5ab0d7ef2abfc6ed5
Mallikarjuna GB [Thu, 21 May 2015 13:32:39 +0000 (19:02 +0530)]
Return ERROR for invalid CHLD command arguments
Return ERROR for invalid chld commands like "AT+CHLD=!"
or "AT+CHLD=0a" etc. In such cases, held call was getting
terminated.
Change-Id: I93d159b20da7086fac3374ce2e163d1309680045
Anubhav Gupta [Thu, 13 Mar 2014 13:46:29 +0000 (19:16 +0530)]
Reject second AVRCP connection.
This change rejects the RC connection from
second device if the DUT is already connected
to RC of first device.
This addresses the problem of improper closure
of Uinput device on disconnection of Avrcp
to make sure Avrcp passthrough commands work
as desired.
Change-Id: If2e39cd90575baffd0e4442b8e7cd2a91eebdf56
Anubhav Gupta [Thu, 19 Jun 2014 11:20:11 +0000 (16:50 +0530)]
Disable SCMST feature for A2DP Sink
Do not send SCMST enabled in GetCapabilities
for A2dp sink role.
Change-Id: I2bff7e04d852c6d3c8c1b7e1c41ae50ef3ff0543
Mallikarjuna GB [Fri, 22 May 2015 08:31:19 +0000 (14:01 +0530)]
Restarting PM timer for AG while reading OR writing
- Once AG receives any data(eg. AT commands) from
remote device(HF) and sending the response to remote
device, PM(Bluedroid power Manager) timer should be restarted
(stop & start) for AG.
- Increased the sniff timer value to 7 seconds for AV & AG
profiles to avoid sniff related IOT issues.
Change-Id: I8c1b79d272391b3fa34b193477a34d561f4c508d
Anubhav Gupta [Mon, 14 Jul 2014 13:23:37 +0000 (18:53 +0530)]
Set the proper authentication level for AvOpen
During Avopen security was made none hence A2DP
connection was happening without bonding when
DUT is paired with DUT and then pairing entry
is deleted from remote and then only A2dp is
tried to be reconnected from DUT. A2dp appears
to be connected in this usecase but the device
entry is shown in available devices list instead
of paired one.
Changes made from No security to SEC Authenticate
Change-Id: I7fc39fe8acef874f0031c9b78d4269a62b94e4b0
Mallikarjuna GB [Fri, 19 Sep 2014 14:57:17 +0000 (20:27 +0530)]
Don't open SCO for 2nd MO call if a call is active
When user dials a 2nd call, do not open SCO if 1st call was
active on DUT earpiece or speaker.
Change-Id: I974f5bcf917e6972705e60cf1da195eae23f885a
Mallikarjuna GB [Tue, 28 Oct 2014 17:43:51 +0000 (23:13 +0530)]
Don't close SCO for MO calls
This change removes condition to disconnect SCO
when MO call process is started.
Change-Id: I2af4ab82c097c7d9ce1bc892bdf40cc09ff6d97e
Mallikarjuna GB [Wed, 8 Oct 2014 08:31:16 +0000 (14:01 +0530)]
SCO connection should happen after SLC.
This change makes sure that SCO audio
connection request is not processed until
HFP SLC connection is done.
Change-Id: Ia2fcad49882deaaf049ae190d90442e5ca7ad71b
Andre Eisenbach [Thu, 4 Jun 2015 18:43:57 +0000 (11:43 -0700)]
Fix compile error in bta_ag_sco.c
Change-Id: I8839ba732560a31a5e8a2351ea4bfb16999cf5ea
Mallikarjuna GB [Thu, 21 May 2015 14:34:46 +0000 (20:04 +0530)]
Create listen SCO for HS1 if HS2 disconnects during SCO xfer
During SCO transfer process from HS1 to HS2, firstly active SCO for
HS1 is disconnected. However, if suddenly HS2 disconnects even
before SCO transfer is complete, listen SCO for HS1 is not created.
This causes further incoming SCO connections from HS1 to be rejected.
The change creates listen SCO for HS1 and moves SCO state properly
to LISTEN.
Change-Id: I0993c1ba1c24b3b7e9c243d179a913d7a0c40446
Mallikarjuna GB [Thu, 21 May 2015 14:20:27 +0000 (19:50 +0530)]
Don't open SCO on state change for multi party call on DUT.
When multi party calls(1 active, 1 held) are ongoing on phone
speaker and any of these call drops, do not open SCO for
other call since user expects call to still remain on phone
speaker.
Change-Id: I9079c809ac665fc1c6e890302e37d23a12f8d4f4
Mallikarjuna GB [Thu, 21 May 2015 13:11:03 +0000 (18:41 +0530)]
Reset sniff subrating while in SCO
Sniff subrating should not be used when link is
in SCO connection. Since the subrating value is
higher, the link would take more time to process
ACL data while in SCO connection causing unwanted
results like delay in SCO disconnects.
Change-Id: I7b964faa397624b65e0158209b8743efe13a6075
Mallikarjuna GB [Sat, 30 May 2015 17:25:18 +0000 (22:55 +0530)]
Open SCO for held call.
Use case:
1. Connect to headset/carkit
2. Make an outgoing call from AG
3. Turn off BT on AG
4. Hold the call from AG
5. Turn on BT on AG (No SCO link is established here)
6. Unhold call from AG (still no SCO link is established)
Failure:
No SCO connection established when held call is there
during headset connection.
Root cause:
SCO is not initiated when SLC is done during held call.
Fix:
AG opens SCO connection when HF connected while in call and
the call was in held state.
Change-Id: I63d7655d26ddbf68cbf94c745df745cffa917b5e
Mallikarjuna GB [Fri, 28 Nov 2014 04:51:15 +0000 (10:21 +0530)]
Update call state before opening SCO.
This change makes sure to update the current
call state before opening SCO connection when
incoming call is answered. Some car kits are
strict in checking this sequence and go in
bad state if not done this way.
Change-Id: Ie744dc26c02d897eaf016ee73022bfc2a0db067e
Mallikarjuna GB [Fri, 22 May 2015 06:26:48 +0000 (11:56 +0530)]
Handle multi party call states
UseCase:
1. Set up Bluetooth connection between phone and remote device.
2. Disconnect BT link by turning off remote device.
3. Start Mo call from phone.
4. Receive MT call from far end.
5. Turn on remote device.
6. BT connection gets established successfully, but audio
doesn't get transferred to headset.
Failure:
Call audio not routed to BT HS. SCO not established.
Root cause:
When a HS connects while in an active call and 2nd call
(incoming/outgoing/alerting) setup ongoing, incorrect post SLC
call setup updates might cause HS to get confused as phone had
already updated correct call states in CIND response during SLC.
This may cause HS to behave abnormally like delayed response to
BCS as seen with jabra wave +.
Fix:
Avoid sending incorrect call updates post SLC since we already
have sent correct updates during SLC as reponse to CIND.
Change-Id: I53e57baf7cca782af6f374a043667971c66a956d
Mallikarjuna GB [Thu, 21 May 2015 12:28:12 +0000 (17:58 +0530)]
Update held call state to connected headset
In a three way call scenario, when an active
call is dropped by remote, the single held call
state is not updated to the connected headset.
This change will make sure that it is updated
properly.
Change-Id: I558602e791279d510edb23989b125cd8f7a7ebde
Casper Bonde [Thu, 21 May 2015 09:07:52 +0000 (11:07 +0200)]
Add support for MITM for BluetoothSockets (4/4)
This change adds an option to enforce Man-in-the-middle protection
for the authentication process. This feature is needed for the Sim
Access Profile.
Change-Id: I2eda507ffdcb4a194434adedf207e1e9951b80c3
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Pavlin Radoslavov [Tue, 2 Jun 2015 20:54:58 +0000 (13:54 -0700)]
Replace malloc/calloc/free with osi_malloc/osi_calloc/osi_free
There were several leftover places that were still using
malloc/calloc/free .
Those are replaced to use osi_malloc/osi_calloc/osi_free like
majority of the rest of the code.
Note: There are few remaining places that are still using
malloc/calloc/free:
* Some of the unit tests
* audio_a2dp_hw/audio_a2dp_hw.c
It is used as part of the audio.a2dp.default.so library,
and the bluetooth.default.so library
Its usage of malloc/calloc/free should be refactored
independently.
Change-Id: Iafbed996e5f1ae8eb1343fb2acfadf32e515e419
Casper Bonde [Thu, 16 Apr 2015 13:21:27 +0000 (15:21 +0200)]
SAP: Change to use new SDP Api (1/4)
Added support for Sim Access Profile (SAP) in the SDPManager.
To make it easier to test, both SDP record creation and seach
is added.
Change-Id: Idae480fb64224e0e5dec7fb07ff4efb9312a5461
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Sunny Kapdi [Tue, 2 Jun 2015 05:21:28 +0000 (22:21 -0700)]
Fix memory corruption due to BLE multi-adv macro
INST_ID_IDX_MAX macro was not protected with parenthesis, resulting
in incorrect calculation of the size needed to allocate memory for
the client_if map.
Change-Id: Ib3591f4f9ac7288f2191e9078a71aab431ca7130
Hemant Gupta [Wed, 19 Nov 2014 13:39:54 +0000 (19:09 +0530)]
HID: Handle closing of uhid driver in case failure
This patch handles closure of the uhid driver in case of following:
- Due to concurrency of disconnection from a conencted device
and an incoming connection request from another device, the error
code for the ACL disconnection becomes HCI_ERR_HOST_REJECT_SECURITY
in the stack.
- On reception of disconnection with that error codes, the uhid driver
was not closed from the btif layer leading to issues in reconnection
with same device that got disconnected.
Change-Id: I13c83757051850cc631aa1c24a036a2e1a4d0087
Hemant Gupta [Wed, 15 Oct 2014 14:29:23 +0000 (19:59 +0530)]
Add proper checks for PAN & BNEP in BD stack
This patch fixes issues for PAN & BNEP in BD stack identified
by static analysis tool.
Change-Id: I29417dae982abb5cef11379f8d03baad11ffde8b
Srinu Jella [Thu, 13 Nov 2014 11:52:28 +0000 (17:22 +0530)]
Reset pairing state to idle only for the current device
Reset the pair state during auth complete for the BD_ADDR of the pairing
device only. The authentication complete event may come for profile level
authetication also. In such cases, if device already in paired state,
there is no need to reset the pairing state.
Change-Id: Id0ef9127895177527a6d4559ad873aa1c62a56bb
Pavlin Radoslavov [Mon, 1 Jun 2015 23:08:18 +0000 (16:08 -0700)]
Moved the OSI alarm_shutdown() operations to alarm_cleanup()
Also, removed the OSI module's start_up and shut_down steps,
because now they are no-op.
Bug:
21558791
Change-Id: I24259b327f399af57c37937111158baa9704f644
Pavlin Radoslavov [Mon, 1 Jun 2015 18:42:39 +0000 (11:42 -0700)]
Disable the OSI allocation tracker.
Temporary disable the allocation tracker initialization
(even for BLUEDROID_DEBUG) when initializing Bluetooth.
This is a short-term workaround solution for several issues related to
the usage of the allocation tracker.
* Inconsistent usage of osi_malloc()/osi_calloc() and osi_free()
- Within some of the Bluetooth-related unit tests we have two copies
of the same libosi library: one copy statically linked against the
unit test, and another dlopen() at runtime as part of bluetooth.default.so
Each of those copy has its own static variables.
- For the dlopen() copy we do call allocation_tracker_init(), while for the
static copy within the unit test we don't call allocation_tracker_init()
- Occasionally, there is a memory allocation via osi_calloc()
within the dlopen()-ed library, and then it is osi_free()-ed
within the statically linked library.
Such (mis)usage creates issues in two ways: (1) free()-ing incorrect
pointer, and (2) the osi hash_map() in the dlopen()-ed library still considers
the osi-tracked memory as allocated.
NOTE: (1) could trigger random crashes, while (2) is the reason the unit
test triggers an assert
* Avoid potential issues that could result from the fact that calling
allocation_tracker_init() is not mandatory; i.e., the same
issue described above could be triggered if osi_malloc()/osi_callod()
was called before the call to allocation_tracker_init()
* There is still code that uses malloc(3)/calloc(3) and free(3) instead
of osi_malloc()/osi_calloc() and osi_free()
Also, add missing pthread_mutex_lock()/pthread_mutex_unlock() guards,
and fix the allocation_tracker_uninit() implementation so it works
properly even if void allocation_tracker_init() wasn't called.
Bug:
21561735
Change-Id: Ic83d6cd40af1189c4ee9c1dbfd0ad8e4666e1502
Andre Eisenbach [Fri, 29 May 2015 21:05:30 +0000 (14:05 -0700)]
Check transport before subscribing for service changes
Don't subscribe to the service changed characteristic if SMP pairing
was a result of cross-key pairing.
Change-Id: Ieb4901e82060e2fa2d9d0e909e384de5f6890222
Author: Chaojing Sun <cjsun@broadcom.com>
Bug:
20894154
Srinu Jella [Wed, 8 Oct 2014 11:06:43 +0000 (16:36 +0530)]
Handle pairing timeout during remote name request
If a remote name request is in progress and a pairing timeout is
triggered, the host needs to post the bond failure to the UI and
needs to reset the pairing cb state, otherwise the UI will be stuck
in pairing mode and scanning won't work until Bluetooth is cycled
OFF->ON.
Change-Id: I76d9a83b1db7236db51617da998b5857b0de39f0
Andre Eisenbach [Thu, 28 May 2015 18:16:52 +0000 (11:16 -0700)]
Reduce GATT log verbosity
Change-Id: I55e6ec1afdd8a13f4401809ef89ef2d80efb7f66
Srinu Jella [Fri, 30 May 2014 15:45:01 +0000 (21:15 +0530)]
Avoid null pointer exception for invalid L2CAP channels
Change-Id: I8ac40e9cfe6dd015f40c6f493727e123a0d247e6
Pavlin Radoslavov [Sat, 23 May 2015 02:47:49 +0000 (19:47 -0700)]
Add missing clean_up step for the OSI module.
Now the OSI module's shut_down processing is split into "shut_down"
and "clean_up".
Previously, there was an ordering issue manipulating some of the
internal state during graceful shutdown/cleanup. Some of the modules
had two steps: shut_down, followed by clean_up, while other had only
shut_down step. This triggered the following assert in file alarm.c
alarm_cancel: assertion "alarms != NULL" failed
Bug:
21406940
Change-Id: Iab1f033a69cbff646a6b0f346760ae82f8b00b8f
Ian Coolidge [Thu, 21 May 2015 02:59:10 +0000 (19:59 -0700)]
DO NOT MERGE Fix use-after-free while setting advertisement data.
Producer context was freeing data buffers without
performing a deep copy on the passed structure.
Also added some const correctness so we can reason
about the state of btif_adv_data_t as its data
gets associated with the advertising instance.
Bug:
21343750
Change-Id: Ifea0209e8426b61d8456c299c836ba640bd30f31
Andre Eisenbach [Thu, 28 May 2015 16:18:46 +0000 (16:18 +0000)]
Merge "Sniff: Use correct sniff configuration for PAN & HS" into mnc-dev
Hemant Gupta [Thu, 15 Jan 2015 14:45:07 +0000 (20:15 +0530)]
Sniff: Use correct sniff configuration for PAN & HS
Change-Id: I95c302dd46cdcc63058c9cb3de17fdfd6ffe8d2e
Eric Laurent [Thu, 28 May 2015 01:08:35 +0000 (01:08 +0000)]
Merge "A2DP audio HAL: implement get_presentation_position()" into mnc-dev
Prerepa Viswanadham [Wed, 27 May 2015 01:03:37 +0000 (01:03 +0000)]
Merge "Increase the min LE connection interval to 11.25ms" into mnc-dev
Andre Eisenbach [Wed, 27 May 2015 00:40:12 +0000 (17:40 -0700)]
Make secure connections mode configurable
Change-Id: Id6101abc1fc339147c8b55023c7426ec1c807ee6
Prerepa Viswanadham [Wed, 27 May 2015 00:25:38 +0000 (17:25 -0700)]
Increase the min LE connection interval to 11.25ms
To reduce audio choppiness, increase the min LE connection interval
to 11.25ms from 7.5ms
Bug:
18776956
Change-Id: I8404ebe2f9562d555a2131ae30dd63b74bb362a4
Eric Laurent [Tue, 26 May 2015 22:50:29 +0000 (15:50 -0700)]
A2DP audio HAL: implement get_presentation_position()
Bug:
21199150.
Change-Id: If8e95645b636be82a32420cad1ca6a3993e14f1c
Satya Calloji [Thu, 21 May 2015 23:44:06 +0000 (16:44 -0700)]
Pairing is prompted with a wrong bd-address
Slave initiated encryption was not being notified on the correct
address and causes the key to be lost on slave device triggering
new pairing once in a while.
Change-Id: I5441a9e0bcf8ba45199483ccd02f207892ec296e
Andre Eisenbach [Fri, 22 May 2015 23:38:54 +0000 (16:38 -0700)]
Fix problem where multi-adv instances cannot be re-used
After using all multi-adv instances and stopping them, the instance ID
for each instance is incorrectly reset, causing the instance to be not
usable anymore.
Bug:
21404808
Change-Id: Ie3a3f07bc2204c7268567cb56248cd3eb7751742
Nitin Arora [Fri, 22 May 2015 00:58:36 +0000 (17:58 -0700)]
Recitfy condition when removing device from IRK resolving list
This patch corrects the conditional logic before sending HCI
command to remove the IRK list entry from the IRK resolving
list based on the max size of resolving list
Change-Id: I9adc933f0988ae907b3e218ba63814d106784787
Andre Eisenbach [Thu, 21 May 2015 06:55:13 +0000 (23:55 -0700)]
Fix build after cross-key issues broke non privacy enabled builds
Change-Id: Idef7239b07115be9290d7cca6610c603ffb3afa5
Satya Calloji [Tue, 19 May 2015 23:08:40 +0000 (16:08 -0700)]
Fix device/address types and IRK value handling
Handles the device and address types based on BD address
and provides the IRK values as available.
Change-Id: I351e0aea7f5e55caefa405b34261c75e78306552
Satya Calloji [Thu, 30 Apr 2015 20:58:59 +0000 (13:58 -0700)]
Fixed cross key for LE when paired over BR-EDR
SMP state machine was resending security request and waiting for a response
when paired over BR-EDR. The state machine state timed out due to this and
SMP failed while doing cross key pairing. Thus, user was asked for pairing
again.
Original author: Priti Aghera <paghera@broadcom.com>
Change-Id: I568f936bb7bee21fb78e8454469ecad3445f026f
Satya Calloji [Wed, 6 May 2015 16:24:06 +0000 (09:24 -0700)]
Fix SMP pairing request issue on LE
The cause of the failure:
- the master device sent the three keys to slave, but slave only receive
two and got the link drop before the third key is received.
- the slave device treats it as pairing failure due to the key missing.
SMP should wait for all keys been sent to controller before dropping the link.
Implement L2CAP fix channel tx_complete callback for this reason,
and it has been applied on the channel 6 (SMP).
Channel 7 (BR_SMP channel) was not keeping track of total_tx_unacked
number and closed the link too early. Added check in the
smp_br_key_distribution() and the ACL data tracking there before
posting SMP_BR_AUTH_CMPL_EVT.
Original author: Chaojing Sun <cjsun@broadcom.com>
Change-Id: If48a4c5e28b1d177f14ff089e8dfa3ace41eba83
Satya Calloji [Tue, 21 Apr 2015 23:34:54 +0000 (16:34 -0700)]
Unpair the other transport on a device paired
When unpair is initiated for LE or BR-EDR transport for a device,
close the link for other transport and unpair the device on
both transports, since both transports on a device are paired
due to cross key.
Original author: Priti Aghera <paghera@broadcom.com>
Change-Id: I13d4757eb056c4bd4c7cc0699ec61a28852702c5
Satya Calloji [Fri, 24 Apr 2015 06:39:49 +0000 (23:39 -0700)]
Static address is seen on scanner after unpairing
Fix for bonded devices that cannot be removed from resolving list when
scanning, advertising or when a connection is being initiated.
Suspend all active adv, scanning or connection initiation upon
completion of any resolving list operation.
Original author: Chaojing Sun <cjsun@broadcom.com>
Change-Id: Id104dace2944b1878eaf65b93aba3d01e477191d
Satya Calloji [Thu, 7 May 2015 21:06:37 +0000 (14:06 -0700)]
Fix for chip capability version check
Fixes the issue of extended scan command being sent out
for non-capable chipsets
Bug:
20916419
Change-Id: Ib5d848f49c34a3fc9c053a7488e12fb0c252587c
Nitin Arora [Fri, 12 Sep 2014 01:35:55 +0000 (18:35 -0700)]
Fix allocation for LE scan filter parameters
This change allocates memory for LE scan filter parameters
to copy filter params set by btif inquiry process initiated
using Settings UI
Change-Id: I56ed33b80af3f26ddc8a83edb807f88048503fa7
Nitin Arora [Wed, 11 Mar 2015 17:40:59 +0000 (10:40 -0700)]
Fix for premature BLE RPA timeout
RPA timeout expires prematurely when multiple FindMe server
instances start and stop advertisiment continuously. During start
adv TIMER3 is started using oneshot timer and during stop adv
same TIMER0 is stopped, so the TIMER3 is still running and expires
prematurely. This fix stops TIMER3 during disable adv and when RPA
is sent to controller.
Change-Id: I336f84043e5e0e8a833cc6080f8bcc0c1665893e
Satya Calloji [Thu, 7 May 2015 16:45:00 +0000 (09:45 -0700)]
Fix GATT connection failure after BT reset
Handles the address type incorrect value storage issue
and removes usage of DMT supported flag which was based
on legacy code
Bug:
20912064
Change-Id: I5bd20dc9cd0997ac3dbd4b346cc0513f1809f241
Nitin Arora [Thu, 31 Jul 2014 20:00:21 +0000 (13:00 -0700)]
Use correct structure to read LE connection handle
This patch corrects the retrieval of the connection handle
after the gatt write operation has succeeded successfully.
Change-Id: Iac79a64d6c626c2349b6f1a3744ea49a521a45f4
Zach Johnson [Tue, 19 May 2015 21:49:37 +0000 (14:49 -0700)]
Build the shared library with --whole-archive
For stack static libraries, use LOCAL_WHOLE_STATIC_LIBRARIES
to ensure they get --whole-archive applied to them.
This means module symbols in static libraries won't be
removed by the linker and dlsym will find them.
This patch also removes the code hacks we needed to
trick the linker into including the module symbols in
the final shared library.
Change-Id: I2463d0e6fb38f1e75c8293179cf9d4ca33eda84e
Satya Calloji [Tue, 19 May 2015 21:42:32 +0000 (14:42 -0700)]
Fix for IRK and IR key write issue
Fixes the incorrect flipping of values
for IRK and IR keys in bt_config.conf file
Change-Id: Ia4f9c274b6a3f7594ec31d8bd89b27d1ae54ac78