OSDN Git Service
Marie Janssen [Wed, 23 Mar 2016 20:40:07 +0000 (20:40 +0000)]
DO NOT MERGE Check size of pin before replying
am:
f0a69c3
* commit '
f0a69c392117c69c5f66dd239f5a5cfd89a7331e':
DO NOT MERGE Check size of pin before replying
Marie Janssen [Wed, 9 Mar 2016 23:31:48 +0000 (15:31 -0800)]
DO NOT MERGE Check size of pin before replying
If a malicious client set a pin that was too long it would overflow
the pin code memory.
Bug:
27411268
Change-Id: I9197ac6fdaa92a4799dacb6364e04671a39450cc
Andre Eisenbach [Fri, 11 Dec 2015 20:32:21 +0000 (12:32 -0800)]
DO NOT MERGE Blacklist devices for absolute volume control
Some devices do not play well with absolute volume control. They either
play back music at unacceptably loud volume levels or provide
insufficiently granular volume control where a single "step" of volume
change results in unexpectedly large jumps in volume.
Bug:
26070064,
26060431
Change-Id: I5a336fba87119325b47a5ad385e9c48a631f2121
Andre Eisenbach [Wed, 24 Feb 2016 18:35:37 +0000 (18:35 +0000)]
Merge "DO NOT MERGE Add ability to add interop entries dynamically (2/2)" into mnc-dr-dev
Andre Eisenbach [Thu, 14 Jan 2016 10:00:24 +0000 (02:00 -0800)]
DO NOT MERGE Add ability to add interop entries dynamically (2/2)
Add ability and interface for adding dynamic entries to the interop
workaround database.
Bug:
26548845
Change-Id: Id886e4233fc1548727e79f1581cdc0c6f0738d59
Andre Eisenbach [Tue, 23 Feb 2016 22:55:32 +0000 (22:55 +0000)]
DO NOT MERGE Remove Porsche car-kit pairing workaround
am:
ed01581886
* commit '
ed01581886db949a8ff6d9178077353e5bc43b5b':
DO NOT MERGE Remove Porsche car-kit pairing workaround
Andre Eisenbach [Thu, 4 Feb 2016 21:19:32 +0000 (13:19 -0800)]
DO NOT MERGE Remove Porsche car-kit pairing workaround
Bug:
26551752
Change-Id: I14c5e3fcda0849874c8a94e48aeb7d09585617e1
Marie Janssen [Tue, 12 Jan 2016 18:47:46 +0000 (18:47 +0000)]
Fix crashes with lots of discovered LE devices
am:
05419c8b96
* commit '
05419c8b96ff9cf61c257aec6ae0aeabcfcc2636':
Fix crashes with lots of discovered LE devices
Marie Janssen [Wed, 9 Dec 2015 18:08:25 +0000 (10:08 -0800)]
Fix crashes with lots of discovered LE devices
When loads of devices are discovered a config file which is too large
can be written out, which causes the BT daemon to crash on startup.
This limits the number of config entries for unpaired devices which
are initialized, and prevents a large number from being saved to the
filesystem.
Bug:
26071376
Change-Id: I4a74094f57a82b17f94e99a819974b8bc8082184
(cherry picked from commit
d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5)
Andre Eisenbach [Thu, 5 Nov 2015 23:38:36 +0000 (15:38 -0800)]
Always update remote address type during LE scan
This will ensure that devices which do not contain a device name in the
advertising record are stored with the correct address type to ensure
re-connection to the device succeeds.
Bug:
25499163
Change-Id: I85f18ce2de267844c5d5ed49beeb448b9b074d74
Andre Eisenbach [Wed, 4 Nov 2015 17:32:48 +0000 (17:32 +0000)]
Merge "Do not mask out secure connections (SC) bit for BT <4.2" into mnc-dr-dev
Andre Eisenbach [Wed, 4 Nov 2015 16:28:30 +0000 (08:28 -0800)]
Fix bug in SDP 128-bit UUID lookup
Bug:
24344122
Change-Id: I7b7ed4459c4f377d97b608bfe2e0c13aac31680e
Andre Eisenbach [Wed, 4 Nov 2015 16:20:22 +0000 (08:20 -0800)]
Do not mask out secure connections (SC) bit for BT <4.2
Bug:
25467621
Change-Id: Ifdb52295fa5b8c5a39524a722dc044227c735240
Andre Eisenbach [Thu, 29 Oct 2015 22:48:06 +0000 (15:48 -0700)]
Serialize remote version query over LE
Some devices (ex. Nexus Player remote) do not take well to having the
remote version queried while a remote feature request is also sent and
subsequently fail encryption.
This patch serializes the query of the remote version and requires both
remote features and the remote version to be read before calling a
connection established.
Bug:
25357767
Change-Id: Ie70eea241b47b81778d8e0df47f3a8f376316932
Andre Eisenbach [Mon, 26 Oct 2015 20:49:17 +0000 (13:49 -0700)]
Check remote LMP version before enabling secure connections
Request remote version information for LE links when connecting and
ensure LMP version is >= 8 (Bluetooth 4.2) before setting the LinkKey
bits in the pairing request.
This is to ensure older remote devices do not get confused by the
additional bit(s) in the pairing request.
Bug:
25277879
Change-Id: I25424e541fa5244d8f522dffc62cdedc24f4f35b
Ajay Panicker [Fri, 23 Oct 2015 23:49:11 +0000 (16:49 -0700)]
Prevent integer overflows during GATT signing
Bug:
17901099
Change-Id: Ib61113b19c9c9798b9ea992fad0ce997dcc2e2f8
Andre Eisenbach [Fri, 23 Oct 2015 23:51:19 +0000 (23:51 +0000)]
Merge "Raise alarm callback thread priority" into mnc-dr-dev
Mattias Agren [Wed, 14 Oct 2015 15:05:58 +0000 (17:05 +0200)]
Reduce persistence on aquiring master role
Whenever a device has more than 1 ACL link active and transferring
data on one of its links via PAN, HH or JV (RFCOMM) the sys busy/idle
state toggles frequently. To avoid triggering role switches for each
of these events we filter this out and let the other SYS events handle
it in combination with other role policy management code. Ideally we
should revert the toggling to properly reflect the busy/idle state of
each profile but to limit risk of side effects at this stage we will
make this intermittent change.
This also affects audio streaming in certain cases.
Bug:
24570959,
25129209
Change-Id: I141e17ee069c82624e153fd8de5db90ae93724b9
Andre Eisenbach [Fri, 23 Oct 2015 17:40:36 +0000 (10:40 -0700)]
Raise alarm callback thread priority
Since alarms [/callbacks] are used in the critical audio path, raising
the thread priority is required to ensure timely encoding/transmission
of audio packets and avoiding thread pre-emption.
This patch indiscriminatly raises the (single) callback thread priority,
affecting all alarm callbacks. In the future, thread priotiry should be
adjusted based on the alarms pending in the queue.
Bug:
24570959
Change-Id: I64928fd7325f1d6f76815a185dbccf1e01ae30d2
Andre Eisenbach [Wed, 21 Oct 2015 01:03:30 +0000 (18:03 -0700)]
Fix 128-bit UUID byte order for GATT-over-BR/EDR
128-bit UUIDs for GATT services discovered using SDP are byte-ordered
incorrectly. This patch fixes both the SDP discovery as well as the SDP
record creation code.
Bug:
24344122
Change-Id: Iee4bf33dcbbc5ee0f2380b48330107232bd0401b
Andre Eisenbach [Wed, 21 Oct 2015 01:33:07 +0000 (01:33 +0000)]
Merge "Workaround for H4 HCI stream corruption during LE scans" into mnc-dr-dev
Andre Eisenbach [Fri, 11 Sep 2015 04:41:39 +0000 (21:41 -0700)]
Workaround for H4 HCI stream corruption during LE scans
Sometimes, during result-heavy LE scans, the UART byte stream can become
corrupted, leading to assertions caused by mis-interpreting the bytes
following the corruption.
This workaround looks for tell-tale signs of a BLE event and attempts to
skip the correct amount of bytes in the stream to re-synchronize onto a
packet boundary.
Bug:
23934838
Change-Id: Ifadaecf8077cb1defc7134c59c97302fca660f81
Andre Eisenbach [Mon, 19 Oct 2015 23:06:20 +0000 (16:06 -0700)]
Remove absolute volume control whitelist
Remove the absolute volume control whitelist to enable absolute volume
control for all compatible devices.
Bug:
25081918
Change-Id: Iab0e4b4c4fd3dac0fefdf62ec80419dd64b56c0c
Andre Eisenbach [Mon, 5 Oct 2015 20:25:14 +0000 (13:25 -0700)]
Add Flic smart button to interop database
Bug:
24737963
Change-Id: If3b59437439305b490c5fc260a7080cee04f09c5
Andre Eisenbach [Wed, 7 Oct 2015 18:16:37 +0000 (11:16 -0700)]
Raise BTU and HCI thread priorities
The audio sub-system and audio related tasks run at elevated thread
priorities in order to ensure timely handling of audio packets. This
patch raises the thread priority of lower layer Bluetooth tasks involved
in delivering audio packets to avoid thread pre-emption and subsequent
audio skipping.
Bug:
24570959
Change-Id: I5e19ee4590207df753f7b8bfc22174959722ec2d
Pavlin Radoslavov [Fri, 25 Sep 2015 22:13:37 +0000 (22:13 +0000)]
am
74dad515: Disable opening network debug ports for security reasons
* commit '
74dad51510f7d7b05c6617ef88168bf0bbdf3fcd':
Disable opening network debug ports for security reasons
Pavlin Radoslavov [Thu, 24 Sep 2015 20:34:35 +0000 (13:34 -0700)]
Disable opening network debug ports for security reasons
By default, we open up to three TCP ports that are used
for debugging purpose:
* TCP port 8872 - used for forwarding btsnoop logs at real time
Note: the port is open only if "Bluetooth HCI snoop log" is enabled
in the Developer options
* TCP port 8873 - used for HCI debugging
* TCP port 8879 - used for debugging the Bluetooth counters
Those ports are disabled by default.
To enable, the following #define should be added at the top of the
corresponding file(s): btcore/src/counter.c hci/src/btsnoop_net.c
hci/src/hci_inject.c
#define BT_NET_DEBUG TRUE
Bug:
24371736
Change-Id: I5cb43af1a5d29c331eb5ef61a24dccbe95df6f40
Pavlin Radoslavov [Thu, 24 Sep 2015 20:34:35 +0000 (13:34 -0700)]
Disable opening network debug ports for security reasons
By default, we open up to three TCP ports that are used
for debugging purpose:
* TCP port 8872 - used for forwarding btsnoop logs at real time
Note: the port is open only if "Bluetooth HCI snoop log" is enabled
in the Developer options
* TCP port 8873 - used for HCI debugging
* TCP port 8879 - used for debugging the Bluetooth counters
Those ports are disabled by default.
To enable, the following #define should be added at the top of the
corresponding file(s): btcore/src/counter.c hci/src/btsnoop_net.c
hci/src/hci_inject.c
#define BT_NET_DEBUG TRUE
Bug:
24371736
Change-Id: I5cb43af1a5d29c331eb5ef61a24dccbe95df6f40
Nitin Shivpure [Sun, 6 Sep 2015 09:34:01 +0000 (15:04 +0530)]
Fix PAN crash due to fd mismatch
A case, where tap read thread is always exist, Sometimes
data packets get recieved on older fd, which is not available.
which is causing assert due to fd mismatch in race condition.
when next pan connection is immediately available. If last pan
connection gets disconnected, then tap_read_thread should be
destroyed in btif context to fix this issue.
Bug:
24093456
Change-Id: Ic1053200a7be4c2091d6c394634831ca3fbd61df
Andy Hung [Tue, 22 Sep 2015 18:26:32 +0000 (18:26 +0000)]
Merge "DO NOT MERGE - A2DP audio HAL: implement out_get_presentation_position()" into mnc-dr-dev
Pankaj Kanwar [Tue, 22 Sep 2015 16:37:36 +0000 (16:37 +0000)]
Merge "Check BR device count before initiating role switch" into mnc-dr-dev
tturney [Mon, 21 Sep 2015 17:49:09 +0000 (10:49 -0700)]
Fix PAN and AV role switch war
Bug:
23740164
Change-Id: Ib26a64b624c711443201adc4fde6b041ecb0dde1
Andre Eisenbach [Sat, 19 Sep 2015 03:13:53 +0000 (20:13 -0700)]
Ensure thread priority is raised for media task / UIPC
Bug:
23978964
Change-Id: I36b6d05bb82eb0283eed3b465038d65890c4c245
Andre Eisenbach [Thu, 17 Sep 2015 22:16:20 +0000 (15:16 -0700)]
Change UHID socket to be non-blocking
On some platforms, the logs indicate that the BTU task is stalled by
UHID driver when writing the HID descriptor to the kernel. This patch
converts the UHID socket to non-blocking to avoid stalling the main
BTU task.
Bug:
23978964
Change-Id: I5a7a3e106fb2c967d68f077faedcd4fe62bbd912
Nitin Shivpure [Wed, 12 Aug 2015 12:45:11 +0000 (18:15 +0530)]
Check BR device count before initiating role switch
A case where DUT is acting as PANU device on BR/EDR link & also
acting as central on LE link. As LE link & PANU link need not to
be master & it's not a scatter-net scenario, because there is only
a BR link. So checking for BR device count before initiating role
switch to avoid continuous loop of role switches.
Cherry-picked from: https://partner-android-review.googlesource.com/#/c/376058/
Change-Id: I70e4041a71ba965f1f9e25729c3cfd20ae03d6b4
Bug:
23290136
Eric Laurent [Tue, 26 May 2015 22:50:29 +0000 (15:50 -0700)]
DO NOT MERGE - A2DP audio HAL: implement out_get_presentation_position()
And complete implementation of out_get_render_position()
Bug:
21199150
Bug:
24042067
Change-Id: I95038ad68433e401b096a0159282a2ae372570e1
Andre Eisenbach [Wed, 9 Sep 2015 18:10:57 +0000 (18:10 +0000)]
Merge "Allow BT inquiry while discovery is in progress." into mnc-dr-dev
Andre Eisenbach [Wed, 9 Sep 2015 17:55:55 +0000 (17:55 +0000)]
Merge "Eliminate recursive calling when handling GATT related errors" into mnc-dr-dev
tturney [Tue, 8 Sep 2015 21:42:09 +0000 (14:42 -0700)]
Allow BT inquiry while discovery is in progress.
BT Inquiry is disallowed when service discovery
is in progress. Innitially when GATT discovery
is in progress (crosskey pairing), it resulted
in inquiry requests being rejected. During an
insecure connection like OPP, bonding link key
is not stored. In an earlier patch (
b820aec7),
BR/EDR discovery was bypassed if the bonding was
temporary. However, this was not done for LE.
Applying the same logic to LE, resolved the
inquiry issue reported in this bug.
Bug:
23468169
Change-Id: I6111c80a420aeb0bc36a0393eb215c112512d251
Pavlin Radoslavov [Sat, 5 Sep 2015 00:55:09 +0000 (17:55 -0700)]
Eliminate recursive calling when handling GATT related errors
If there are errors when processing GATT related events (e.g.,
configuring the MTU), don't use recursive calls into
bta_gattc_sm_execute(), because it breaks the free-ing of some
of the memory.
Bug:
23756301
Change-Id: I3c685170e868ffbf4e488d2bb5a31904e3f7b39d
wang ping [Sat, 5 Sep 2015 17:48:09 +0000 (10:48 -0700)]
Fix issue where bluesleep idle timer is not started
Sometimes allow_device_sleep() is called before wake_assert, this result in transmit_done
does not start idle timer. This is because the "wake_state" does not match while
allow_device_sleep() is called before wake_assert() is called. So start idle timer
anyway when transmit_done is called.
Bug:
23754156
Change-Id: I5437aea0abc4b7f5cf847701e2d0a889c6823fcb
tturney [Mon, 31 Aug 2015 22:16:59 +0000 (15:16 -0700)]
Fix btwrite timer timeout for Angler (2/2)
When calculating the appropriate LPM's idle timeout,
the local chip name was NULL. This is fixed by calculating
LMP's idle timeout when the chip is enabling.
Bug:
23248798
Change-Id: I8ee2b28fb4363359e035e242fdcff8a736ee448c
Jacob Lee [Sat, 29 Aug 2015 00:04:35 +0000 (00:04 +0000)]
am
24923939: LE Multi-Advertising State Change Sub-event Wrong Variable Type
* commit '
249239391c732c25c5edb62636cfe188131af3a4':
LE Multi-Advertising State Change Sub-event Wrong Variable Type
Jacob Lee [Wed, 26 Aug 2015 06:43:59 +0000 (14:43 +0800)]
LE Multi-Advertising State Change Sub-event Wrong Variable Type
Wrong connection handle type in multi-adv event parsing,
causing random address (confirm value) mismatch and pairing failure.
Bug id:
23201007
Change-Id: I13ce231360937e711f61eb0777805b07bcde7074
Sunny Kapdi [Fri, 28 Aug 2015 21:16:26 +0000 (21:16 +0000)]
am
dcfafe9a: Fix incorrect SetConnScanParam function mapping
* commit '
dcfafe9af755c06bc64fd7ad072233ceb7a1abc6':
Fix incorrect SetConnScanParam function mapping
Sunny Kapdi [Thu, 27 Aug 2015 07:37:31 +0000 (00:37 -0700)]
Fix incorrect SetConnScanParam function mapping
BTA_DM_API_BLE_CONN_SCAN_PARAM_EVT is defined before
BTA_DM_API_BLE_SCAN_PARAM_EVT in the enum but the corresponding
entries in bta_dm_action were inverted. This resulted in incorrect
invocation of set_conn_scan_params while trying to set parameters
for scanning. The call was hence failing here and was not
resulting in setting of the new scan parameters in the Controller
irrespective of the scan mode selected from the App. This would
essentially result in the breakage of ScanSettings.SCAN_MODE_<xx>
Android SDK APIs.
Bug:
23602042
Change-Id: I17e1b14a32250e3ccb7631a67690ec2e0a6bc321
Nitin Arora [Tue, 25 Aug 2015 23:18:06 +0000 (23:18 +0000)]
am
b7460434: Fix memory corruption of BLE whitelist hashmap
* commit '
b74604341c60628dc7bc8e8e69e3ce2acb4a5373':
Fix memory corruption of BLE whitelist hashmap
Nitin Arora [Fri, 21 Aug 2015 19:34:14 +0000 (12:34 -0700)]
Fix memory corruption of BLE whitelist hashmap
When adding devices to the whitelist for LE background connections, a
local variable is used as the hashmap key, preventing any successful
lookups going forward. Thus the device will repeatedly add the same
device to the whitelist and preventing successful connections going
forward.
Bug:
23423602
Change-Id: I3d2590c0a1dd66c6e1864ea53f875a713660b645
Pavlin Radoslavov [Mon, 24 Aug 2015 05:00:20 +0000 (05:00 +0000)]
am
aa41fec0: Check the return value when reading HCI type byte
* commit '
aa41fec0e36653e828bfc2a54fca11447ed56cc5':
Check the return value when reading HCI type byte
Pavlin Radoslavov [Thu, 20 Aug 2015 23:53:16 +0000 (16:53 -0700)]
Check the return value when reading HCI type byte
Add missing return value check when reading the HCI type byte.
This check is needed as a safeguard. For example, function
event_uart_has_bytes() could be called (indirectly)
within the run_reactor() loop not only when there are bytes to read,
but also if there is an error (e.g., EPOLLHUP | EPOLLRDHUP | EPOLLERR).
Bug:
23105107
Change-Id: Ic3b6e4d656406949e384c8106b0c607f7c221759
Pavlin Radoslavov [Wed, 19 Aug 2015 01:48:29 +0000 (01:48 +0000)]
am
d2199cbb: Disable remote TCP connections
* commit '
d2199cbb8f361772819402b56e6fa46587a31c56':
Disable remote TCP connections
Pavlin Radoslavov [Tue, 18 Aug 2015 01:54:22 +0000 (18:54 -0700)]
Disable remote TCP connections
For security reasons, TCP sockets now listen on the loopback
IPv4 address 127.0.0.1 for incoming TCP connections.
Bug:
23272146
Change-Id: I88523f643f305f2281740575d7011b6077bf0843
Iliyan Malchev [Fri, 14 Aug 2015 05:43:55 +0000 (05:43 +0000)]
am
1e1f1598: Merge "[DS] BTM_VSC_CHIP_CAPABILITY_M_VERSION doesn\'t match" into mnc-dev
* commit '
1e1f1598c0574ccda0978bc31bf759708c33a0c9':
[DS] BTM_VSC_CHIP_CAPABILITY_M_VERSION doesn't match
Iliyan Malchev [Fri, 14 Aug 2015 05:38:26 +0000 (05:38 +0000)]
Merge "[DS] BTM_VSC_CHIP_CAPABILITY_M_VERSION doesn't match" into mnc-dev
Satya Calloji [Sat, 8 Aug 2015 01:06:46 +0000 (01:06 +0000)]
am
8d88b1b7: Allocate large enough buffers when copying AVRC packets
* commit '
8d88b1b75c665772f714643a71e5974c7f6dd02c':
Allocate large enough buffers when copying AVRC packets
Satya Calloji [Fri, 7 Aug 2015 17:56:12 +0000 (10:56 -0700)]
Allocate large enough buffers when copying AVRC packets
AVRC response is created by copying the original received packet.
When allocating a buffer for the response, the buffer length
should be large enough to contain the response.
Bug:
22437809
Change-Id: I862d633e76d3c5221582459f19935a45e53577c7
Jacob Lee [Fri, 7 Aug 2015 03:17:28 +0000 (11:17 +0800)]
[DS] BTM_VSC_CHIP_CAPABILITY_M_VERSION doesn't match
In the document, the supported version is 96.
But, the defined supported version is 95 in the code.
The callback function btm_ble_vendor_capability_vsc_cmpl_cback
can not read number of track entries when it compare with 95
and supported version from firmware.
Bug:
22906552
Change-Id: I64e6f14f34ef3ed0ddc3fee2fad05eb03e5938f1
Signed-off-by: Jacob Lee <jacob.lee@mediatek.com>
Ajay Panicker [Mon, 3 Aug 2015 23:29:31 +0000 (16:29 -0700)]
Load factory Bluetooth address from system property
Implemented a check to grab the ro.boot.btmacaddr property in case the
device fails to receive an address beforehand.
Bug:
22618015
Change-Id: Ie322888e114a732f8e85c81793e3e5e5eacffc7a
Ajay Panicker [Wed, 5 Aug 2015 17:55:36 +0000 (17:55 +0000)]
am
aa3be1a6: Implement Bluetooth settings factory reset (3/5)
* commit '
aa3be1a696b9ae1142fe9f358ad5f97e99da7892':
Implement Bluetooth settings factory reset (3/5)
Ajay Panicker [Tue, 28 Jul 2015 23:54:53 +0000 (16:54 -0700)]
Implement Bluetooth settings factory reset (3/5)
Implemented the factory reset function to be used to reset all bluetooth
settings on device to factory default
Bug:
16161518
Nitin Arora [Tue, 4 Aug 2015 16:39:38 +0000 (16:39 +0000)]
am
d63f7c0b: Add Dialog mouse & KB to blacklist for LE secure connections
* commit '
d63f7c0b26057f650fd30526758cd259c0b3480a':
Add Dialog mouse & KB to blacklist for LE secure connections
Pavlin Radoslavov [Tue, 4 Aug 2015 16:39:36 +0000 (16:39 +0000)]
am
84d13eda: Add an explicit check for AVRCP vendor data
* commit '
84d13edac39c51290e858a71fea58925db3844bc':
Add an explicit check for AVRCP vendor data
Nitin Arora [Tue, 28 Jul 2015 23:00:55 +0000 (16:00 -0700)]
Add Dialog mouse & KB to blacklist for LE secure connections
This change allows the host to mask the Cross key bit in
the key distribution fields of the pairing request and
response while pairing with the Dialog keyboard and mouse
to prevent the remote from rejecting the DUT's pairing request.
Bug:
22799966
Change-Id: I89420e77875957c78e915c508de311d779fd03df
Pavlin Radoslavov [Tue, 4 Aug 2015 16:05:39 +0000 (09:05 -0700)]
Add an explicit check for AVRCP vendor data
Add an explicit check for AVRCP vendor data when parsing received vendor
commands or responses.
Bug:
21768387
Change-Id: I715de6fc7348d063c448971a8dae6dd1b00c7062
Pavlin Radoslavov [Tue, 4 Aug 2015 05:31:09 +0000 (05:31 +0000)]
am
caaa00f5: Fix a crash for a race condition during Bluetooth shutdown
* commit '
caaa00f5ede96461e11de866ac15f5224442d1eb':
Fix a crash for a race condition during Bluetooth shutdown
Pavlin Radoslavov [Tue, 4 Aug 2015 04:58:45 +0000 (21:58 -0700)]
Fix a crash for a race condition during Bluetooth shutdown
This is same race condition observed in btif_media_task_aa_tx_flush_req()
because btif_media_task_aa_tx_flush_req() and btif_media_task_stop_aa_req()
are called back-to-bach.
This race condition is triggered when A2DP audio is streaming on shutdown:
"btif_a2dp_on_stopped() -> btif_media_task_stop_aa_req()" is called
to stop the particular audio stream, and this happens right after
the "cleanup() -> btif_a2dp_stop_media_task()" processing during
the shutdown of the Bluetooth stack.
Bug:
22700411
Change-Id: Ia0c98d44a108cf0f57731ac8129e4d76c9934542
Sharvil Nanavati [Fri, 31 Jul 2015 23:42:06 +0000 (23:42 +0000)]
am
9de273d9: Fix CTS Verifier test for insecure RFCOMM connection.
* commit '
9de273d9fb99b9f612b8acd50e09225f60444363':
Fix CTS Verifier test for insecure RFCOMM connection.
Sharvil Nanavati [Fri, 31 Jul 2015 21:22:08 +0000 (14:22 -0700)]
Fix CTS Verifier test for insecure RFCOMM connection.
Closing an RFCOMM server socket does not remove the corresponding
service record from the security database. However, the RFCOMM
channel becomes free for reuse. The next RFCOMM server socket will
therefore "inherit" the service record for the closed one if it
happens to reuse the same channel.
Bug:
22880207
Change-Id: Ida3fee49e5f40667d9992dc4c4442f9289adae9e
Pavlin Radoslavov [Thu, 30 Jul 2015 00:36:30 +0000 (00:36 +0000)]
am
efa5991f: Fix a NULL-pointer crash
* commit '
efa5991fc7dc3b9b74b73966a4bf5cd5aad9f06a':
Fix a NULL-pointer crash
Pavlin Radoslavov [Wed, 29 Jul 2015 23:52:47 +0000 (16:52 -0700)]
Fix a NULL-pointer crash
It seems that the current implementation of btm_sec_encrypt_change()
does not handle the case when it is called with an invalid handle,
such as inside file btu_hcif.c :
case HCI_SET_CONN_ENCRYPTION:
/* Device refused to start encryption. ... */
btm_sec_encrypt_change(BTM_INVALID_HCI_HANDLE, ...)
Bug:
22791224
Change-Id: Ide9404d0c82819399cf258ae3f90c25b352f1e20
Andre Eisenbach [Wed, 29 Jul 2015 22:08:16 +0000 (22:08 +0000)]
am
48a4b9cd: Assign pseudo address for host-based RPA resolution matches
* commit '
48a4b9cd18a306a45249898008c73f80fb3b9d48':
Assign pseudo address for host-based RPA resolution matches
Andre Eisenbach [Wed, 29 Jul 2015 19:36:06 +0000 (12:36 -0700)]
Assign pseudo address for host-based RPA resolution matches
Bug:
21963935
Change-Id: Id72001ce17996ea04c3eba32cebcac4dbbe317bc
Andre Eisenbach [Wed, 29 Jul 2015 19:37:57 +0000 (19:37 +0000)]
am
b61d25c5: Fix memory leak in A2DP event handler
* commit '
b61d25c52fcfa1853c7555acda61d848ef6be3e9':
Fix memory leak in A2DP event handler
Andre Eisenbach [Wed, 29 Jul 2015 18:57:50 +0000 (11:57 -0700)]
Fix memory leak in A2DP event handler
btif_av_event_free_data() was not called in all states (idle state only)
leading to potential memory leaks.
Bug:
22822688
Change-Id: I40520c605c9a806e6cd5ee6e36c101d0aa8d4355
Nitin Arora [Wed, 29 Jul 2015 08:15:32 +0000 (08:15 +0000)]
am
82c8b927: Reset LE encryption key size at LE disconnection only
* commit '
82c8b9270ba962d5f271a833a3454baddbc063aa':
Reset LE encryption key size at LE disconnection only
Nitin Arora [Thu, 2 Jul 2015 21:08:39 +0000 (14:08 -0700)]
Reset LE encryption key size at LE disconnection only
This change checks the transport type on receiving the disconnection
and resets the encryption key size only if the LE disconnection
has taken place.
This fixes the issue where read request to characteristics that
require encryption, fails after cross key derivation due to
disconnection of BR/EDR transport.
Bug:
22515016
Change-Id: If6aad91a628eabbb5a4b7f5c22812fe94d4c5db2
Anubhav Gupta [Wed, 29 Jul 2015 07:12:35 +0000 (07:12 +0000)]
am
dab356e3: Promote AVCTP version to 1.4
* commit '
dab356e3b0573303840e63cbafb1065d57a11e2c':
Promote AVCTP version to 1.4
Anubhav Gupta [Tue, 28 Jul 2015 06:32:57 +0000 (12:02 +0530)]
Promote AVCTP version to 1.4
Promoting AVCTP version to 1.4 from 1.2 as Bluedroid stack
already has got support for the same.
Below changes are incorporated as part of this:
- AVCTP version in SDP entry is upgraded to 1.4 for both AVRCP
Target and controller role.
- Service class #1 is added in extra for AVRCP Controller SDP
entry to be in sync with AVCTP version change.
- Browsing support is not enabled as that needs corresponding
profile level implementation, which is currently unavailable.
Change-Id: I72f7f67eb0a789fd321e9468f2a51bb5e9385a89
Anubhav Gupta [Tue, 28 Jul 2015 18:08:54 +0000 (18:08 +0000)]
am
2ac9ae06: Fix a bug allocating buffers for fragmented AVRC packets
* commit '
2ac9ae06be5091f6f2eef0022a3810752f127d04':
Fix a bug allocating buffers for fragmented AVRC packets
Anubhav Gupta [Fri, 24 Jul 2015 17:14:00 +0000 (10:14 -0700)]
Fix a bug allocating buffers for fragmented AVRC packets
Use the correct offset_len when allocating buffers for AVRC
packets that need to be fragmented.
Bug:
22156175
Change-Id: I7db12474c84edacb4f0739d50a43e8cebdcca676
Amirhossein Simjour [Mon, 27 Jul 2015 23:21:16 +0000 (23:21 +0000)]
am
1500b8d9: Fix for uhid_event size check
* commit '
1500b8d9b301d8d68b2910692ec47d0e5b42c129':
Fix for uhid_event size check
Amirhossein Simjour [Mon, 20 Jul 2015 18:29:19 +0000 (14:29 -0400)]
Fix for uhid_event size check
The uhid_event function used to expect that the return value of each
read function call to match with the size of the struct uhid_event.
Since the header file doesn't match the kernel driver, these two size
don't always match. The exact size check is replaced with expecting
the minimum required size.
Bug:
20108348
Change-Id: Ib61537092b109296f8290d802b68fc2efe78888c
Casper Bonde [Mon, 27 Jul 2015 18:05:45 +0000 (18:05 +0000)]
am
760aa99b: Unpair HID device cleanup
* commit '
760aa99b0f1fb7830dd5ff23ec8f5c5630b15989':
Unpair HID device cleanup
Pavlin Radoslavov [Mon, 27 Jul 2015 18:05:44 +0000 (18:05 +0000)]
am
c6137426: Fix the logic for stopping the Power Management timers.
* commit '
c6137426081fc55d8c94cd0e6b55cd0d0a52f12d':
Fix the logic for stopping the Power Management timers.
Casper Bonde [Fri, 3 Oct 2014 08:01:36 +0000 (10:01 +0200)]
Unpair HID device cleanup
When unparing HID devices, the attr_mask was not cleared.
By not clearing this data, some HID device will never be able
to connect again. (E.g. the Apple Magic Mouse)
Bug:
15566403
Change-Id: Ic80909dcecdf48d967c1a936b31554653761fa42
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Pavlin Radoslavov [Sat, 25 Jul 2015 06:41:55 +0000 (23:41 -0700)]
Fix the logic for stopping the Power Management timers.
Previously, the logic for stopping the timers didn't take
into account whether each timer was already running.
Bug:
22666419
Change-Id: Ia99bf8be917e9ea69f478a954085336fc899040a
Andre Eisenbach [Fri, 24 Jul 2015 19:37:52 +0000 (19:37 +0000)]
am
196413f5: Fix TX queue overflow detection
* commit '
196413f5ca088ef97866092f02bb7571d2a44390':
Fix TX queue overflow detection
Andre Eisenbach [Wed, 22 Jul 2015 20:47:28 +0000 (13:47 -0700)]
Fix TX queue overflow detection
- Prevent possible endless loop if |nb_frame| is too high
- Remove off-by-one calculation before sending frames
- Remove log spam and add better debug info
Bug:
22658329
Change-Id: I374ee980aec48763beb49b4f6f8b076124cadf40
Pavlin Radoslavov [Thu, 23 Jul 2015 19:21:32 +0000 (19:21 +0000)]
am
1076b7b0: Customize Bluetooth sniff interval
* commit '
1076b7b0a642d0f5c5948819bcd07e4bc0fb2738':
Customize Bluetooth sniff interval
Pavlin Radoslavov [Thu, 23 Jul 2015 05:49:26 +0000 (22:49 -0700)]
Customize Bluetooth sniff interval
Fix an earlier commit that prevents from customizing some of
the Bluetooth sniff parameters - those cannot be overwritten
anymore in the bdroid_buildcfg.h file.
Also, fixed the indexing in tables bta_dm_pm_cfg[]
and bta_dm_pm_spec[]
Bug:
22676670
Change-Id: I3a7074b9a9c91d312dc5d4314b7c304baf4ae20d
Pavlin Radoslavov [Wed, 22 Jul 2015 20:24:37 +0000 (20:24 +0000)]
am
197ee685: Fix a crash for a race condition during Bluetooth shutdown
* commit '
197ee6856b43d8eea137a7f37798ee2a012ce518':
Fix a crash for a race condition during Bluetooth shutdown
Nitin Arora [Wed, 22 Jul 2015 20:23:42 +0000 (20:23 +0000)]
am
ac72840a: Update device type correctly in the NVRAM at inquiry result
* commit '
ac72840a3d7409adbb3ee4904ab1ed5de2d66586':
Update device type correctly in the NVRAM at inquiry result
Pavlin Radoslavov [Wed, 22 Jul 2015 01:09:19 +0000 (18:09 -0700)]
Fix a crash for a race condition during Bluetooth shutdown
This race condition is triggered when A2DP audio is streaming on shutdown:
"btif_a2dp_on_stopped() -> btif_media_task_aa_tx_flush_req()" is called
to stop the particular audio stream, and this happens right after
the "cleanup() -> btif_a2dp_stop_media_task()" processing during
the shutdown of the Bluetooth stack.
Bug:
22602117
Change-Id: I5de6a8f15b6a2771dde2e299a5b60554063696a2
Amirhossein Simjour [Wed, 22 Jul 2015 14:20:25 +0000 (14:20 +0000)]
Merge "Fix for uhid_event size check" into mnc-dr-dev
Nitin Arora [Sat, 27 Jun 2015 01:09:37 +0000 (18:09 -0700)]
Update device type correctly in the NVRAM at inquiry result
This patch checks for the NVRAM data when inquiry result
is received from the remote device. In case the device is
marked as LE only or BR/EDR only, and inquiry result is
received from the alternate transport, the device type is
marked as Dual mode in the NVRAM
Bug:
22604450
Change-Id: Id925e8bad152a33c2bd3c371ca42a6f9c694e3b0
Nitin Arora [Sat, 18 Jul 2015 01:38:01 +0000 (18:38 -0700)]
Use pseudo address while re-pairing peripheral
In case of pairing to an already paired device (in an instance
where the central remote has removed the keys), the change
makes sure that the correct address is used when LTK key
request occurs at the peripheral.
Bug:
22605510
Change-Id: I959003f39f70281ff1e6af8d4c4549138bc1682c
Nitin Arora [Fri, 26 Jun 2015 01:30:09 +0000 (18:30 -0700)]
Adding transport type while initiating remote discovery
This change ensures that the completion of SMP pairing for LE
devices specifically requests remote device discovery based on
transport type set to LE to prevent initiation of BR/EDR
connection due to incorrect transport type info
Bug:
22515456
Change-Id: Id1e5603d3cc53ca3dff427b93059a00f8d9150a7
Andre Eisenbach [Tue, 21 Jul 2015 20:02:57 +0000 (13:02 -0700)]
Fix potential crash when transcoding legacy config files
Bug:
22634292
Change-Id: I64745671f3b69fc7e6913213aeec55267e9bc49b
Nitin Arora [Thu, 2 Jul 2015 21:13:45 +0000 (14:13 -0700)]
Enable enhanced connection complete event
This change enables the enhanced connection complete event in order
to receive the local rpa address while connection is completed
with a paired peripheral. This is required if central tries to
repair or key upgrade an already paired device so that the confirm
or the DHKey Check values match during the pairing process
Bug:
22515703
Change-Id: If27f3b22bc568df6f081f8ad13dfc6783a83ae47
Amirhossein Simjour [Mon, 20 Jul 2015 18:29:19 +0000 (14:29 -0400)]
Fix for uhid_event size check
The uhid_event function used to expect that the return value of each
read function call to match with the size of the struct uhid_event.
Since the header file doesn't match the kernel driver, these two size
don't always match. The exact size check is replaced with expecting
the minimum required size.
Bug:
20108348
Change-Id: Ib61537092b109296f8290d802b68fc2efe78888c