OSDN Git Service
Pavlin Radoslavov [Tue, 18 Aug 2015 01:54:22 +0000 (18:54 -0700)]
Disable remote TCP connections
For security reasons, TCP sockets now listen on the loopback
IPv4 address 127.0.0.1 for incoming TCP connections.
Bug:
23272146
Change-Id: I88523f643f305f2281740575d7011b6077bf0843
Iliyan Malchev [Fri, 14 Aug 2015 05:38:26 +0000 (05:38 +0000)]
Merge "[DS] BTM_VSC_CHIP_CAPABILITY_M_VERSION doesn't match" into mnc-dev
Satya Calloji [Fri, 7 Aug 2015 17:56:12 +0000 (10:56 -0700)]
Allocate large enough buffers when copying AVRC packets
AVRC response is created by copying the original received packet.
When allocating a buffer for the response, the buffer length
should be large enough to contain the response.
Bug:
22437809
Change-Id: I862d633e76d3c5221582459f19935a45e53577c7
Jacob Lee [Fri, 7 Aug 2015 03:17:28 +0000 (11:17 +0800)]
[DS] BTM_VSC_CHIP_CAPABILITY_M_VERSION doesn't match
In the document, the supported version is 96.
But, the defined supported version is 95 in the code.
The callback function btm_ble_vendor_capability_vsc_cmpl_cback
can not read number of track entries when it compare with 95
and supported version from firmware.
Bug:
22906552
Change-Id: I64e6f14f34ef3ed0ddc3fee2fad05eb03e5938f1
Signed-off-by: Jacob Lee <jacob.lee@mediatek.com>
Ajay Panicker [Tue, 28 Jul 2015 23:54:53 +0000 (16:54 -0700)]
Implement Bluetooth settings factory reset (3/5)
Implemented the factory reset function to be used to reset all bluetooth
settings on device to factory default
Bug:
16161518
Nitin Arora [Tue, 28 Jul 2015 23:00:55 +0000 (16:00 -0700)]
Add Dialog mouse & KB to blacklist for LE secure connections
This change allows the host to mask the Cross key bit in
the key distribution fields of the pairing request and
response while pairing with the Dialog keyboard and mouse
to prevent the remote from rejecting the DUT's pairing request.
Bug:
22799966
Change-Id: I89420e77875957c78e915c508de311d779fd03df
Pavlin Radoslavov [Tue, 4 Aug 2015 16:05:39 +0000 (09:05 -0700)]
Add an explicit check for AVRCP vendor data
Add an explicit check for AVRCP vendor data when parsing received vendor
commands or responses.
Bug:
21768387
Change-Id: I715de6fc7348d063c448971a8dae6dd1b00c7062
Pavlin Radoslavov [Tue, 4 Aug 2015 04:58:45 +0000 (21:58 -0700)]
Fix a crash for a race condition during Bluetooth shutdown
This is same race condition observed in btif_media_task_aa_tx_flush_req()
because btif_media_task_aa_tx_flush_req() and btif_media_task_stop_aa_req()
are called back-to-bach.
This race condition is triggered when A2DP audio is streaming on shutdown:
"btif_a2dp_on_stopped() -> btif_media_task_stop_aa_req()" is called
to stop the particular audio stream, and this happens right after
the "cleanup() -> btif_a2dp_stop_media_task()" processing during
the shutdown of the Bluetooth stack.
Bug:
22700411
Change-Id: Ia0c98d44a108cf0f57731ac8129e4d76c9934542
Sharvil Nanavati [Fri, 31 Jul 2015 21:22:08 +0000 (14:22 -0700)]
Fix CTS Verifier test for insecure RFCOMM connection.
Closing an RFCOMM server socket does not remove the corresponding
service record from the security database. However, the RFCOMM
channel becomes free for reuse. The next RFCOMM server socket will
therefore "inherit" the service record for the closed one if it
happens to reuse the same channel.
Bug:
22880207
Change-Id: Ida3fee49e5f40667d9992dc4c4442f9289adae9e
Pavlin Radoslavov [Wed, 29 Jul 2015 23:52:47 +0000 (16:52 -0700)]
Fix a NULL-pointer crash
It seems that the current implementation of btm_sec_encrypt_change()
does not handle the case when it is called with an invalid handle,
such as inside file btu_hcif.c :
case HCI_SET_CONN_ENCRYPTION:
/* Device refused to start encryption. ... */
btm_sec_encrypt_change(BTM_INVALID_HCI_HANDLE, ...)
Bug:
22791224
Change-Id: Ide9404d0c82819399cf258ae3f90c25b352f1e20
Andre Eisenbach [Wed, 29 Jul 2015 19:36:06 +0000 (12:36 -0700)]
Assign pseudo address for host-based RPA resolution matches
Bug:
21963935
Change-Id: Id72001ce17996ea04c3eba32cebcac4dbbe317bc
Andre Eisenbach [Wed, 29 Jul 2015 18:57:50 +0000 (11:57 -0700)]
Fix memory leak in A2DP event handler
btif_av_event_free_data() was not called in all states (idle state only)
leading to potential memory leaks.
Bug:
22822688
Change-Id: I40520c605c9a806e6cd5ee6e36c101d0aa8d4355
Nitin Arora [Thu, 2 Jul 2015 21:08:39 +0000 (14:08 -0700)]
Reset LE encryption key size at LE disconnection only
This change checks the transport type on receiving the disconnection
and resets the encryption key size only if the LE disconnection
has taken place.
This fixes the issue where read request to characteristics that
require encryption, fails after cross key derivation due to
disconnection of BR/EDR transport.
Bug:
22515016
Change-Id: If6aad91a628eabbb5a4b7f5c22812fe94d4c5db2
Anubhav Gupta [Tue, 28 Jul 2015 06:32:57 +0000 (12:02 +0530)]
Promote AVCTP version to 1.4
Promoting AVCTP version to 1.4 from 1.2 as Bluedroid stack
already has got support for the same.
Below changes are incorporated as part of this:
- AVCTP version in SDP entry is upgraded to 1.4 for both AVRCP
Target and controller role.
- Service class #1 is added in extra for AVRCP Controller SDP
entry to be in sync with AVCTP version change.
- Browsing support is not enabled as that needs corresponding
profile level implementation, which is currently unavailable.
Change-Id: I72f7f67eb0a789fd321e9468f2a51bb5e9385a89
Anubhav Gupta [Fri, 24 Jul 2015 17:14:00 +0000 (10:14 -0700)]
Fix a bug allocating buffers for fragmented AVRC packets
Use the correct offset_len when allocating buffers for AVRC
packets that need to be fragmented.
Bug:
22156175
Change-Id: I7db12474c84edacb4f0739d50a43e8cebdcca676
Amirhossein Simjour [Mon, 20 Jul 2015 18:29:19 +0000 (14:29 -0400)]
Fix for uhid_event size check
The uhid_event function used to expect that the return value of each
read function call to match with the size of the struct uhid_event.
Since the header file doesn't match the kernel driver, these two size
don't always match. The exact size check is replaced with expecting
the minimum required size.
Bug:
20108348
Change-Id: Ib61537092b109296f8290d802b68fc2efe78888c
Casper Bonde [Fri, 3 Oct 2014 08:01:36 +0000 (10:01 +0200)]
Unpair HID device cleanup
When unparing HID devices, the attr_mask was not cleared.
By not clearing this data, some HID device will never be able
to connect again. (E.g. the Apple Magic Mouse)
Bug:
15566403
Change-Id: Ic80909dcecdf48d967c1a936b31554653761fa42
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Pavlin Radoslavov [Sat, 25 Jul 2015 06:41:55 +0000 (23:41 -0700)]
Fix the logic for stopping the Power Management timers.
Previously, the logic for stopping the timers didn't take
into account whether each timer was already running.
Bug:
22666419
Change-Id: Ia99bf8be917e9ea69f478a954085336fc899040a
Andre Eisenbach [Wed, 22 Jul 2015 20:47:28 +0000 (13:47 -0700)]
Fix TX queue overflow detection
- Prevent possible endless loop if |nb_frame| is too high
- Remove off-by-one calculation before sending frames
- Remove log spam and add better debug info
Bug:
22658329
Change-Id: I374ee980aec48763beb49b4f6f8b076124cadf40
Pavlin Radoslavov [Thu, 23 Jul 2015 05:49:26 +0000 (22:49 -0700)]
Customize Bluetooth sniff interval
Fix an earlier commit that prevents from customizing some of
the Bluetooth sniff parameters - those cannot be overwritten
anymore in the bdroid_buildcfg.h file.
Also, fixed the indexing in tables bta_dm_pm_cfg[]
and bta_dm_pm_spec[]
Bug:
22676670
Change-Id: I3a7074b9a9c91d312dc5d4314b7c304baf4ae20d
Pavlin Radoslavov [Wed, 22 Jul 2015 01:09:19 +0000 (18:09 -0700)]
Fix a crash for a race condition during Bluetooth shutdown
This race condition is triggered when A2DP audio is streaming on shutdown:
"btif_a2dp_on_stopped() -> btif_media_task_aa_tx_flush_req()" is called
to stop the particular audio stream, and this happens right after
the "cleanup() -> btif_a2dp_stop_media_task()" processing during
the shutdown of the Bluetooth stack.
Bug:
22602117
Change-Id: I5de6a8f15b6a2771dde2e299a5b60554063696a2
Nitin Arora [Sat, 27 Jun 2015 01:09:37 +0000 (18:09 -0700)]
Update device type correctly in the NVRAM at inquiry result
This patch checks for the NVRAM data when inquiry result
is received from the remote device. In case the device is
marked as LE only or BR/EDR only, and inquiry result is
received from the alternate transport, the device type is
marked as Dual mode in the NVRAM
Bug:
22604450
Change-Id: Id925e8bad152a33c2bd3c371ca42a6f9c694e3b0
Nitin Arora [Sat, 18 Jul 2015 01:38:01 +0000 (18:38 -0700)]
Use pseudo address while re-pairing peripheral
In case of pairing to an already paired device (in an instance
where the central remote has removed the keys), the change
makes sure that the correct address is used when LTK key
request occurs at the peripheral.
Bug:
22605510
Change-Id: I959003f39f70281ff1e6af8d4c4549138bc1682c
Nitin Arora [Fri, 26 Jun 2015 01:30:09 +0000 (18:30 -0700)]
Adding transport type while initiating remote discovery
This change ensures that the completion of SMP pairing for LE
devices specifically requests remote device discovery based on
transport type set to LE to prevent initiation of BR/EDR
connection due to incorrect transport type info
Bug:
22515456
Change-Id: Id1e5603d3cc53ca3dff427b93059a00f8d9150a7
Andre Eisenbach [Tue, 21 Jul 2015 20:02:57 +0000 (13:02 -0700)]
Fix potential crash when transcoding legacy config files
Bug:
22634292
Change-Id: I64745671f3b69fc7e6913213aeec55267e9bc49b
Nitin Arora [Thu, 2 Jul 2015 21:13:45 +0000 (14:13 -0700)]
Enable enhanced connection complete event
This change enables the enhanced connection complete event in order
to receive the local rpa address while connection is completed
with a paired peripheral. This is required if central tries to
repair or key upgrade an already paired device so that the confirm
or the DHKey Check values match during the pairing process
Bug:
22515703
Change-Id: If27f3b22bc568df6f081f8ad13dfc6783a83ae47
Pavlin Radoslavov [Fri, 17 Jul 2015 00:40:28 +0000 (17:40 -0700)]
Fix the logic for removing bonded devices
* Removed btif_storage_is_device_bonded(), because it is not needed,
and it was giving the wrong answer in use cases like Smart Setup
with BR/EDR connections.
* Added a call to btif_storage_remove_ble_bonding_keys()
within btif_storage_remove_bonded_device() so the bonded device
state is properly removed.
* Don't save the BLE bonding keys if it is temporary bonding
Bug:
22233299
Change-Id: I33d9f76a124acc60173f0acaa517bc29ee6603e8
tturney [Tue, 21 Jul 2015 02:28:40 +0000 (19:28 -0700)]
Exclude Polar HR Monitor from secure conn
Bug:
22473630
Change-Id: I1168444a6969532377e1bbcb2b1058d768099c20
Arman Uguray [Sat, 18 Jul 2015 07:00:50 +0000 (00:00 -0700)]
Fix multi-advertising when LE Privacy is not available
This patch fixes a bug that caused all multi-advertising instances to be
initialized with Instance ID 0 (which is not allowed by the stack), if LE
privacy is not available. The problem was that the internal data structures that
represent advertising instances were not getting their |inst_id| field
initialized where it's supposed to.
Although far from clean, this code worked before. The culprit for the regression
is "
f9fdf890 Random address does not get written properly", which moved the
initialization of instance IDs from the loop in BTM_BleEnableAdvInstance to
btm_ble_multi_adv_enb_privacy. The latter never gets called if privacy is not
available, which leads to partially initialized structures.
Obviously both of these places were wrong to begin with. I saw the word
"init" in a function called btm_ble_multi_adv_init. I figured this might have
something to do with initializing, so I moved the logic there.
Bug:
21267281
Change-Id: I38b9a2a71cd3f45feb267a13bf29f93564ee6075
Nitin Arora [Fri, 10 Jul 2015 18:24:47 +0000 (11:24 -0700)]
Add Moto Key Link to blacklist for LE secure connections
This change allows the host to mask the Cross key bit in
the key distribution fields of the pairing request and
response while pairing with the Moto key link. This is
needed since this specific remote device performs
calculations of the pairing confirm after masking the
cross key bit in the key distribtuin field which results
in a mismatch of the pairing confirm calcualted by the host
DUT and the remote.
Bug:
22539807
Change-Id: I7d758b05023cf346c97939883edda9d3adb08e1a
Arman Uguray [Wed, 15 Jul 2015 23:05:32 +0000 (16:05 -0700)]
Properly disconnect GATT connection during noisy scans
This patch fixes an issue that is reproducible in highly noisy environments
(massive deployment of BLE beacons), through repeated connect/disconnect
attempts on a remote peripheral while scanning for beacons in the background.
The state machine in bta/gatt has a special control flow for handling disconnect
requests during discovery, which in this case failed to resolve the original
request by issuing an HCI_Disconnect command. This is now fixed by always
explicitly triggering the connection close sequence once the discovery state has
been cleaned up.
This patch also includes a fix for a crash that occurred as a side-effect of the
scenario described above.
Bug:
22350508
Change-Id: Ie9cbd3c8f54239b142bfb8dde80d9581ae70ed43
Andre Eisenbach [Wed, 15 Jul 2015 19:35:15 +0000 (12:35 -0700)]
Cleanup alarm_get_remaining_ms
This function is used for PM sniff mode timers - at least until we can
re-factor those not to rely on this function.
Bug:
22040710
Change-Id: Ibe6f49440228732b2bd8242db4a44e481b00b62e
Nitin Arora [Fri, 19 Jun 2015 02:09:01 +0000 (19:09 -0700)]
Use correct own address type for batch scan
This patch ignores the input parameter and used the own
address type from address management block while setting
the batch scan parameters.
Bug:
22227689
Change-Id: I23fc80b68cfbd91d718c1094ef2483eaccda3ae1
VenkatRaghavan VijayaRaghavan [Tue, 21 Apr 2015 18:32:29 +0000 (11:32 -0700)]
Bug fix PM changes and LE connectivity mode fixes
Allow PM to support multiple delay timer for different profiles and
power mode requests. And set correct connectivity mode.
Bug:
22040710
Change-Id: Idabd9ea944f0c5a89ce542d85db9f103fa7d1816
Srinu Jella [Tue, 16 Jun 2015 14:08:45 +0000 (19:38 +0530)]
Store the link key derived from cross tranport link key
Use case: PTS test case for cross transport link key
derivation
Steps to reproduce:
1. Start Test case GAP TP/LEP/DM/BV-15 in PTSv6.0
Failure: PTS test case TP/LEP/DM/BV-15 fails as the link
key is not stored when the key is derived from other
transport key. So it will again go for pairing even though
it has link key but not stored.
Root cause: Link key is stored only when bond type is
presistent, but it sets the bond type to persistent only
when it receives SSP request but not link key is derived.
Fix: So making the solution generic to store always when the
link key type is authenticated combination key with P-256.
Bug:
22486860
Change-Id: I3eb201262f72c86a9438351cad14a6698065fa90
Andre Eisenbach [Tue, 14 Jul 2015 16:49:37 +0000 (09:49 -0700)]
Add additional BDA ranges for Nexus Remote workaround
As per feedback from manufacturer.
Bug:
21817410
Change-Id: I4b5b3d8d99f9299754221968a5e1ca5f21cb9478
Andre Eisenbach [Mon, 13 Jul 2015 16:36:03 +0000 (09:36 -0700)]
Additional BDA range for Nexus Remote secure connections blacklist
Bug:
21817410
Change-Id: I5c5f6da9e8326e4c9424907337331b39fb67b444
Andre Eisenbach [Mon, 6 Jul 2015 22:43:15 +0000 (15:43 -0700)]
Move pairing auto-retry workaround to new interop db
Change-Id: I7177aaa0e2d0c3b0fa79ae655c0171f0703c54f3
Andre Eisenbach [Fri, 10 Jul 2015 07:37:45 +0000 (00:37 -0700)]
Do not reject valid connection parameter updates
As a side-effect to increasing BTM_BLE_CONN_INT_MIN, valid connection
parameter updates can be rejected if the requested minimum is < 11.25ms,
but the requested maximum is >= 11.25ms.
This patch introduces a new parameter "BTM_BLE_CONN_INT_LIMIT" and
resets BTM_BLE_CONN_INT_MIN to the HCI spec defined minimum.
Bug:
22245224
Change-Id: I6a2e4d18488b63570f7d0070413d00f16a7fdba1
Pavlin Radoslavov [Fri, 10 Jul 2015 00:57:20 +0000 (17:57 -0700)]
Fix a bug when responding to AVRCP UNIT_INFO and SUBUNIT_INFO
Assign appropriately the p_rsp_data pointer to point in the
buffer with the response.
Bug:
22307858
Change-Id: I2f77f290ff2c62c09b3be18ff047167a48c7c9d4
Nitin Arora [Thu, 25 Jun 2015 17:48:56 +0000 (10:48 -0700)]
Fail LE secure pairing for secure only peripherals
This change allows the host peripheral which initiates the pairing
to reject the pairing in case the remote does not support
secure LE connections and the host DUT is in secure connections
only mode.
Bug:
22203134
Change-Id: If58f791cb575d6b66c361f58e574b613d5686047
Srinu Jella [Fri, 3 Jul 2015 10:01:11 +0000 (15:31 +0530)]
Reset the ACL connection data on ACL disconnection
Use case: Reconnection of legacy mouse.
Failure: Not able to reconnect with mouse if the previous
connection rejected was with SC enabled device.
Test Steps:
1. Pair and connect remote devices.
2. Start streaming music over headset and Disconnect HID
mouse.
3. Inquire and try to pair with any DUT which supports
secure connection.
4. Cancel pairing and Turn OFF remote headset.
5. Now try reconnection from HID mouse.
Root Cause: When the secure connection is established, it will
have the 3 pages filled, and when the same acl entry is reused
for next mouse reconnection, only one page is getting over
written because legacy HID will have only one page supported
and remaining 2 pages still holds the previous device's data.
Fix: Fixed it by resetting the ACL entry when the ACL is
disconnected so that even though one page is copied and
remaining pages will not contain valid data.
Bug:
22249108
Change-Id: Icd96f22fe0787ef5845ee02940c2b0eacf7a2bbd
Miao Chou [Thu, 9 Jul 2015 19:21:27 +0000 (12:21 -0700)]
Fix security vulnerabilities in string operations
This CL prevents functions, bta_ag_hfp_result and bta_hf_client_send_atd, from
the potential strings overflowing.
Bug:
20674686,
20677309
Change-Id: Iaef720fc784e020f237feb86e17857bddf57bbfc
Pavlin Radoslavov [Thu, 9 Jul 2015 06:17:44 +0000 (23:17 -0700)]
Add missing data initialization
A local struct variable is not initialized (memset to 0)
when sending GET_REPORT_EVT to an application.
As a result, field hs_data.rsp_data.p_rpt_data might be used
uninitialized.
Bug:
22352578
Change-Id: I72141117187c392bc0502a17bf71859e67c8da54
Anubhav Gupta [Wed, 4 Sep 2013 10:20:39 +0000 (15:50 +0530)]
Properly handle outgoing connection requests in opening/opened state
This happens in race conditions when we try to connect to a remote
A2DP device from Bluetooth Settings UI and simultaneously there is incoming
connection request from previously connected remote. This fix addresses
the scenario where because of first A2DP connection btif moves to opening/
opened state and then the second connect request is received.
This scenario is handled by gracefully rejecting the second connect request
from btif layer if it is already connected or about to be connected by the
first connect request.
Bug:
22028876
Change-Id: I53be400d1d7c9a84ca9d9a75b6b6f010975cf0cf
Satya Calloji [Tue, 23 Jun 2015 22:21:19 +0000 (15:21 -0700)]
Incorrect address type in ADV end on reconnection
Handled the issue of incorrect address type and value
(on Privacy 1.1 chipsets) on reconnection by setting
the correct device type and address value on advertiser end
Original author: Chaojing Sun <cjsun@broadcom.com>
Bug:
22100659
Change-Id: I009888cc9ebd0b631543027d6e34b6c7ecbd0ce8
Anubhav Gupta [Sat, 27 Jul 2013 09:16:29 +0000 (14:46 +0530)]
Override remote suspend flag on local play state changes
- Remote device may initiate AVDTP Suspend within 3s of AVRCP pause,
which sets remote suspend flag. Later on resumption of local playback
A2DP packets can not be processed further as Remote suspend flag
remains set. current change overrides remote suspend flag if local
suspend is triggered later.
- This change covers the usecase where play is pressed from DUT UI
before local suspend triggers in such scenarios current change takes
care of resetitng remote suspend flag on AVRCP play state change event.
- Moreover this change will drop A2DP packets when the setparameter
is called with A2dpSuspended=true and resumes when the mentioned parameter
is reset.
This change along with corresponding app change helps mitigating
issues reported due to A2Dp, HFP synchronizations and local and remote
device initiated AVDTP suspend handling.
Bug:
22028876
Change-Id: I3bb334373414170254744d9233cbd2e66219bfa0
Srinu Jella [Thu, 24 Jul 2014 14:24:32 +0000 (19:54 +0530)]
SDP: Validate input UUID's length
Use case: Crash observed during BT IOT testing
1. Try to pair to the remote device.
2. Connect to the remote device's audio profiles.
3. Remote device has given the wrong UUID's length.This will leads to crash.
Failure: crash observed during profile connection
Root cause: Remote sent invalid UUID length,which is causing crash
in comparison logic.
Fix: Validate input UUID's length before going for actual comparison.
Bug:
19417758
Change-Id: I8216d17e3f6cc22dfbeca4b31972b5b5584a73ea
Andre Eisenbach [Tue, 7 Jul 2015 05:27:00 +0000 (22:27 -0700)]
Remove extraneous patch from secure connections workaround
Bug:
21817410
Change-Id: I55b3753b0ae9f389f1531bb588c4868e96842aeb
Srinu Jella [Tue, 2 Sep 2014 10:12:11 +0000 (15:42 +0530)]
Remove stored link key for temporarily paired devices
Problem: Device shows up in paired list during just work pairing
1. Create a connection from DUT to remote.
2. Remove the link key in remote.
3. Send a file from remote to DUT.
4. Turn OFF BT. Turn ON.
Failure: Device should not move to paired list after BT on/off
as device removed from UI during just work pairing
Root cause: remote device is not removed from btif but
its removed from UI during justworks pairing
Fix: remote device is removed from btif during justworks
pairing to sync up UI and btif paired list
Bug:
19417758
Change-Id: I73de0a94c4f7ada644d258790a9e3e4bf11fc4e5
Tucker Sylvestro [Mon, 6 Jul 2015 23:29:06 +0000 (19:29 -0400)]
Save all snoop logs when BtSnoopSaveLog=true
Previously, only the last snoop log was saved, which was often not
enough if the bluetooth stack was in a crash loop or an app was
resetting it frequently.
Bug:
22202788
Change-Id: I74622ceabe9ce12d5ba03c640c37f697d5a5bb01
Andre Eisenbach [Thu, 2 Jul 2015 23:14:28 +0000 (16:14 -0700)]
Blacklist Nexus Remote for LE secure connections
The Nexus remote will disconnect during encryption when paired with the
secure connections feature enabled. This patch will blacklist the remote
and mask out the feature during pairing.
This patch introduces a new interop database with the aim of
consolodating various blacklists and interop workarounds into a single
database for code readability and maintainability of the list.
Bug:
21817410
Change-Id: I6f510e1c8c6050ab4e313209122d028e12e5f54f
Nitin Arora [Tue, 9 Jun 2015 22:30:18 +0000 (15:30 -0700)]
Use correct transport type while encrypting link
This patch uses the transport type from the GATT event instead
of using the device type stored in NVRAM, to determine the
transport type while encrypting the link. The issue is seen
with dual mode devices, when the connection on LE transport
causes encryption request on the BR/EDR transport
Bug:
21652097
Change-Id: I895756f9c0048b5a559ea00f633b1100109e52b8
Andre Eisenbach [Mon, 6 Jul 2015 16:45:30 +0000 (16:45 +0000)]
Merge "Prevent LE remote name request during inquiry" into mnc-dev
Nitin Arora [Fri, 11 Jul 2014 21:33:05 +0000 (14:33 -0700)]
Prevent LE remote name request during inquiry
This change prevents the LE RNR at the end of inquiry. This prevents
extra LE connections created during BT scan, to fetch remote name,
which will be performed later during connections.
Bug:
22228981
Change-Id: Ied61bc192cec611e7b2f41e474c5f032ed9f0981
Priti Aghera [Wed, 1 Jul 2015 20:27:57 +0000 (13:27 -0700)]
Set random identity only if enhanced privacy is supported
Change Own address type to Random identity only if controller supports enhanced
privacy. Check if controller supports enhanced privacy before changing own adress type
and peer address type to 0x02 or 0x03 in auto connection.
Privacy 4.1 only supports Public and Random address.
Bug:
20817308
Change-Id: I9f5531e4e41c824426cd64de517b44355ac2655d
Pavlin Radoslavov [Wed, 1 Jul 2015 04:39:11 +0000 (21:39 -0700)]
Use the correct memory free function within HCI layer shutdown
The entries on the "command_queue" are allocated by osi_calloc()
hence they should be deallocated by osi_free()
Bug:
21784321
Change-Id: Ic6e13dbafef2c6ac79ce74ebfc4db702c9ef04c5
Andre Eisenbach [Sat, 27 Jun 2015 05:30:33 +0000 (22:30 -0700)]
Fix possible null-pointer de-reference in bta_gattc_util
Bug:
21756298
Change-Id: I4bd38f6fa594ccb4dd9f23f3887484743a3bc451
Pavlin Radoslavov [Fri, 26 Jun 2015 21:44:12 +0000 (14:44 -0700)]
Copy an AVRC packet before sending a response back
Don't reuse AVRC buffers for responding back. Apparently,
in the AVRC packets we transmit the offset with the payload must
be at least 15 octets. If the original buffer is not large enough,
this results in memory corruption.
Also, use an explicit check for 'bt_rc_ctrl_callbacks' as a workaround
until the upper layer does the right thing with the callbacks registration.
Bug:
22006014
Change-Id: I28c248d1580bdddbda76298d19faadf8985187fc
Tucker Sylvestro [Thu, 18 Jun 2015 22:14:25 +0000 (18:14 -0400)]
Always ACK indications in the event of an error
This works around a race condition in which the just-connected remote
device sends the local device an indication before the appropriate
handle/device/etc. has been added to the cache. Previously we were
dropping that indication, which led to the remote device timing out
and disconnecting some time after the connection had been successfully
established.
Bug:
21026847
Change-Id: Iea43e7c93e48b5e7a7e78a1c3fb591d6fe972fc3
Pradeep Panigrahi [Tue, 16 Jun 2015 04:32:50 +0000 (10:02 +0530)]
Set idle timeout to zero when removing fixed channel
Use Case:
1) pair and Connect to HOGP mouse
2) Disconnect from setting menu.
Failure:
Disconnect is not sent immediately
Root Cause:
While disconnecting we start lcb's default timeout of 4 seconds before
disconnecting the link. Since we are removing fixed channels associated
to a remote, setting idle timeout to 0 for immediate disconnection.
Bug:
21877809
Change-Id: I39fedb6cac6f952149cb2722d028115fbdc20b70
Avish Shah [Thu, 25 Jun 2015 12:31:33 +0000 (18:01 +0530)]
Resolved incorrect AV startup sequence
Issue:
-> In AV start-up sequence, State machine initialization was being
called after enabling Btif A2dp service.
-> In that case, State machine handle will be empty and it will
prevent enable and register events to enter into BTIF.
-> Because of the absence of enable/register events, AV module in
stack will be unaware of upper layer registration and will not
proceed for connection.
Fix:
-> Changed the sequence in AV start-up, initialized State machine
first before dispatching any events to State machine.
-> So, the handle will not be empty and will not block events like
BTA_AV_ENABLE_EVT and BTA_AV_REGISTER_EVT to enter into BTIF.
Bug:
21451237
Change-Id: I5d47e20ed68ea5730a7c149c316446eb8a1d41af
Subramanian Srinivasan [Thu, 12 Feb 2015 00:55:12 +0000 (16:55 -0800)]
HOGP: Clear allocated memory for unmatched HID reports
Prevents GKI Exception in BT stack when phone enters suspended state
after performing HOGP device connection by clearing the allocated
memory when write to an unmatched report is done.
Bug:
22028876
Change-Id: Ia6ca9405142410e894c7ebe84d8827ffdc7659ba
Nitin Arora [Mon, 1 Jun 2015 12:24:10 +0000 (05:24 -0700)]
SMP state machine fix for passkey entry
The SMP slave state machine goes on to generate local nonce
after a successful commit, and ignores any commit from the
remote master if received during the generation process.
This change fixes that race condition
Bug:
21896912
Change-Id: I0cc2f1d20f6754d19f8b39fd62e3176007c50f1b
Nitin Arora [Tue, 30 Sep 2014 01:43:27 +0000 (18:43 -0700)]
Configure Bluetooth Low Energy scan parameters correctly
This patch ensures that Bluetooth Inquiry uses the low latency
scan parameters, and the scan params set by the Apps for LE scan
are retained and set at the end of a BT inquiry.
Bug:
21896912
Change-Id: Iaf9e47330393cc1e0c21c625e8e07ce933506983
Satya Calloji [Fri, 19 Jun 2015 17:46:03 +0000 (10:46 -0700)]
Incorrect address type in LE connected event
Enable address resolution to resolve the incoming connection details
to provide the correct address type as part of the LE connection
event.
Bug:
21751039
Change-Id: I148b0ffbfa1a39a32d90f5607362754d1901203f
Srinu Jella [Fri, 19 Jun 2015 12:20:40 +0000 (17:50 +0530)]
Set the security mode to secure connections only mode
Use case: Test the secure connections only mode PTS test cases.
Test Steps:
1. Call the API BTM_SetSecureConnectionsOnly from BT-IF layer to
put the DUT is under secure connections only mode to execute
the PTS test case TP/SEC/SEM/BV-11-C.
2. Run the required steps for PTS test case.
Failure: Failed to enter into secure connections only mode.
Root Cause: The function BTM_SetSecureConnectionsOnly doesn't set
btm layer security mode variable to only mode and all further checks
are based on that variable.
Fix: Fixed it by setting the security mode variable properly
in the API function.
Bug:
21896912
Change-Id: I21d37e7d24c443c2cbcd72d6f62f5e31fa7cf107
Srinu Jella [Tue, 12 May 2015 14:48:43 +0000 (20:18 +0530)]
Correct the logic of UIPC thread id check
Use case: Check the A2dp play , pause from headset
STR:
Connect to the headset from DUT
Try play , pause from Headset once the song is started playing from headset.
Failure: Bluetooth process crashed due to invalid fd descriptor while
clearing fds using FD_CLR
Root cause: Root cause for this issue is pthread join mechanism for
UIPC thread is not proper ( incorrect logic ), as a result UIPC thread
still running, and A2DP media task will try to start a new UIPC thread
before the previous UIPC read thread is closed, finally sometimes
this scenario leads to this issue. This issue doesn't come always,
if the media task is in process of initiating the fds before staring
the new UIPC thread, and previous UIPC thread is in exiting state.
Fix: Correct the logic of UIPC thread id check while joining the UIPC thread.
Thread id might hold pointer value where it's value is negative vaule with
singed bit is set,so corrected the logic to check against zero or non zero.
Bug:
21896912
Change-Id: I1307d848958656e718e95a972f258526470b1974
Srinu Jella [Mon, 13 Oct 2014 12:36:01 +0000 (18:06 +0530)]
Reset the pairing state on pairing failure
Use case: Test the paring scenario with remote device with security mode 3.
STR:
1. Create a connection from Remove dev with Security Mode-3 to DUT.
2. Enter pin key in remote, when pin key pop-up comes in DUT, reject the same.
3. Try to create connection from DUT to Remote dev-2, within 30 seconds.
Failure: Create connection not sent from DUT to remote, even though
there was no pairing taking place
Root cause: As the pairing state is not reset properly it disturbs
the next pairing process.
Reproducible using MecApp test application.
Fix: Reset the pairing state to idle in case stored paring
device matches with the device for which the pairing
failure happened.
Bug:
21896912
Change-Id: I0a9e143a44bb2ae7e296d7d76c1323e517f9cc42
Srinu Jella [Wed, 15 Oct 2014 11:10:02 +0000 (16:40 +0530)]
Handle connection request to already connected device.
Use case: Test the connect collision scenario from DUT and Headset.
STR:
1. Create a connection from DUT to headset, disconnect and unpair the link.
2. Turn OFF and turn ON headset, keep in pairing mode, headset keeps trying
to connect back to DUT.
3. Inquiry in DUT, and connect to headset.
Failure: DUT gets stuck in pairing, whenever there is a clash in
accept_connection and create_connection.
Root cause: When DUT and remote try to connect to each other simultaneously,
an ACL handle is created with first connect request and the second connect
request is also processed.DUT doesn't check whether there is already a
ACL handle present between the devices.
Fix: Fixed the issue by reusing the existing handle and
discarding the second connect request.
Bug:
21896912
Change-Id: I2001bc3b2fa50f827a4e3b41cde91af1ea106c54
Srinu Jella [Mon, 22 Dec 2014 14:16:28 +0000 (19:46 +0530)]
Allocated requested buffer size in SDP attribute request
Use case: Allocated required GKI buf in sdp attr req
1. Enter UUID - 0100 for L2CAP or 110C for AVRCP Target so DUT sends
continuation frame for TSPX_sdp_service_search_pattern on PTS
2. Start Test case TP/SSA/BV-06 in PTSv6.0
Failure: Some PTS test cases request less attributes in first packet
and request more attributes in continuation packets.
As stack allocates the buf in start packet and using the same
buf in continuation packets, it's causing buffer corruption and crash
Root cause: Buffer allocated for start packet is not sufficient
in continuation packets
Fix: Fixing this issue by dynamically allocating buffer in continuation
packets of service_search_attr_req and service_attr_req
Bug:
21896912
Change-Id: I8daeffb7d6486c7b916ad2f0505ad422d91a613c
Srinu Jella [Wed, 18 Jun 2014 15:45:55 +0000 (21:15 +0530)]
NULL pointer check in sdpu_build_attrib_entry
Use case: NULL pointer check in sdpu_build_attrib_entry
Crash observed during BT stability test
Failure: Crash observed while accessing p_attr->value_ptr
Root cause: There is no null check for p_attr->value_ptr while
accessing it in sdpu_build_attrib_entry
Fix: Fixing this issue by adding null check for p_attr->value_ptr
while accessing it in sdpu_build_attrib_entry
Bug:
21896912
Change-Id: I1dd352a33ff6f86add7d1b1bfdf240d1b7992b83
Hemant Gupta [Mon, 4 Aug 2014 12:37:41 +0000 (18:07 +0530)]
HID: Allow reconnection from Host on paired HID Devices.
Host can send connection request when paired HID device
is in disconnected state. We are not checking the
NORMALLY_CONNECTABLE flags from sdp record, and by default
sending this request from host, for subsequent user initiated
connection to paired remote HID Devices.
If the remote HID is in page scan mode, it will get connected
and if not, connection will fail after retrying until
HID_HOST_MAX_CONN_RETRY times.
Without this patch, if remote hid device sdp record shows that
device's NORMALLY_CONNECTABLE flag is false, host will not be
able to create outgoing connection to remote device even if the
device is in pairing mode until device is unpaired giving bad
user experience.
Bug:
22028876
Change-Id: I2b3c5c25dc7b08ab6ed0c3667897e5ea0f05f914
Nitin Shivpure [Tue, 15 Jul 2014 12:30:21 +0000 (18:00 +0530)]
PAN: Fix to avoid buffer corruption while rebuilding the Bnep header
A case, where 3 remote device (PANU role) is connected with DUT (NAP role).
the one remote (PANU role) send BNEP_COMPRESSED_ETHERNET_DEST_ONLY
packet to DUT (NAP role), which is for another remote device (PANU role).
So DUT (NAP role) forwards this packet to another remote device (PANU role).
As same pbuf is used across the L2CAP/BNEP/PAN layer since reception from
L2CAP to writing on L2CAP CID of another PANU. Sometimes buffer (p_buf) gets
corrupted, when required buffer size is greater than actual buffer size,
while rebuilding the Bnep header.
Using bnep_write instead of bnep_writeBuf to solve the buffer corruption
issue, which allocates the new buffer & append data into it.
This patch also add TRC_BNEP & TRC_PAN into conf file.
Bug:
22028876
Change-Id: I125cab6d3da0f8126605bc7e9f764a27ee72fb1f
Anubhav Gupta [Wed, 12 Nov 2014 14:25:00 +0000 (19:55 +0530)]
Proper construction of AVDTP general reject message
Build AVDTP general reject message as per AVDTP Specification.
Resolves issue with PTS AVDTP case TP/SIG/SMG/BI-28.
Bug:
21896912
Change-Id: I10e729f099898096f666081f5e5cd8e4a9dc3ae7
Anubhav Gupta [Mon, 14 Apr 2014 08:59:25 +0000 (14:29 +0530)]
Delay A2DP HAL out stream open process
Delay A2DP HAL out stream open process to ensure that the
Headset is in proper state when START is initiated from DUT
immediately after the connection due to ongoing music playback.
Jawbone speaker goes to bad state unless it gets enough time
between AVDTP OPEN and START.
Bug:
22028876
Change-Id: I79a895a85ac7d37208192acf9064fd5c979dd28b
Anubhav Gupta [Mon, 12 Aug 2013 20:07:22 +0000 (01:37 +0530)]
Suspend AVDTP link in remote initiated AVDTP Start
As media player is not started as part of remote initiated
AVDTP start, hence if link is kept in Started state when
remote initiated START is received it unncessarily blocks
power manager to trigger sniff on that link which increases
power number.
Related issue is seen with Moto HS820, Denso08.
These peer devices send AVDTP start on AVDTP connect and
does not suspend causing link not to go to sniff.
This change takes care of sending suspend in such scenarios
DUT initiated start gets triggered when local playback starts.
Moreover this change helps in suspending streaming if remote
initiates avdtp start during an ongoing call. This helps
remote and DUT's a2dp state to be in sync.
Bug:
22028876
Change-Id: I8ebee009c95148cf733e39d897bc8ffe5af7791e
Anubhav Gupta [Thu, 4 Jun 2015 11:24:37 +0000 (16:54 +0530)]
A2DP: Use mutex to only to check and set HAL state
In multi-threaded env A2DP state gets updated to suspended
after checking and before acquiring mutex lock. A2DP State
should be checked inside mutex lock to avoid checking against
inconsistent state.
Moreover this change prevents overwriting of state
from AUDIO_A2DP_STATE_SUSPENDED to AUDIO_A2DP_STATE_STOPPED
which would start the data path when there is data inflow
from audio in suspended state, which is not intended.
This change helps avoiding above wrong actions.
Bug:
22028876
Change-Id: I4fb73c1a6851fa97d539860d5fc0b8022b019bc1
Pavlin Radoslavov [Sat, 20 Jun 2015 02:21:47 +0000 (19:21 -0700)]
Fix the file permissions of /data/misc/bluedroid/bt_config.conf
Fix the file access permissions and group ownership of
"/data/misc/bluedroid/bt_config.conf" so the file can be reused when
switching users on the device.
For that purpose, we need to do the following:
1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid"
so the files created in that directory will have group-id of
"net_bt_stack" .
2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf"
to Read/Write by User and Group.
Bug:
21493919
Change-Id: I48b73711789734b5221231729f8cd9ff9bb94be7
Anubhav Gupta [Thu, 13 Nov 2014 14:28:09 +0000 (19:58 +0530)]
Property based change to qualify TC_INT_SRC_SIG_SMG_BV_23_C
As Bluedroid AVDTP solution does not use ABORT command
in any of the usecases hence this property based change
is made to pass AVDTP ABORT mandatory TC using PTS.
Affected PTS TC: TC_INT_SRC_SIG_SMG_BV_23_C.
System Property to enable sending ABORT to pass the TC is:
bluetooth.pts.force_a2dp_abort
Bug:
21896912
Change-Id: I71bd11de07b9d8fb15a933712db25f0a93e10dd5
Andre Eisenbach [Tue, 16 Jun 2015 13:58:20 +0000 (19:28 +0530)]
Add deep copy of AVRCP metadata commands
The data structure for RC metadata event contains pointers within.
Added deep copy of the data structures to avoid memory corruption.
Bug:
20017069
Change-Id: Ibc5bc75cfd62abda9611060b5b435bed9e472376
Nitin Arora [Fri, 20 Mar 2015 01:06:41 +0000 (18:06 -0700)]
Disconnect Gatt during failure of service changed discovery process
Gatt service changed discovery holds link till it completes discovery of service,
characteristics, descriptots and writing notification for characteristic descriptor,
this change takes care of removing the link if service discovery fails during any
stage of this process.
Bug:
21896912
Change-Id: Ie97a039568fedc66403895e7e917e4d72a5419e1
Anubhav Gupta [Wed, 23 Oct 2013 12:23:09 +0000 (17:53 +0530)]
Not Implemented response for unsupported AVRCP commands.
Ensure DUT responds as not implemented for AVRCP
pass-through commands which are not supported by DUT.
This gives right impression to peer device on the correct
set of pass-thorugh commands supported by DUT.
Bug:
21896912
Change-Id: Ie10e74e2a399bb420f55c55005600c945b53bfc2
Nitin Arora [Wed, 10 Jun 2015 23:46:45 +0000 (16:46 -0700)]
Use correct UUID for Central Address Resolution characteristic
This patch rectifies the UUID used for Central Address resolution
characteristic which was earlier assigned the same value as
UUID for service change indication
Bug:
21896912
Change-Id: I2b341413d0a4331584844b54971f7645fd7e438e
Anubhav Gupta [Wed, 6 May 2015 10:54:10 +0000 (16:24 +0530)]
Reject AVDTP START and SUSPEND request in invalid state
Reject remote initiated AVDTP START and SUSPEND request
in invalid state. This helps passing the below PTS cases.
TC_ACP_SRC_SIG_SMG_BI_20
TC_ACP_SRC_SIG_SMG_BI_26
Change-Id: I177456389246df89e7d7560555ffffde0639e618
Sharvil Nanavati [Sat, 13 Jun 2015 09:12:08 +0000 (02:12 -0700)]
Reduce CPU utilization from ~60% to ~10% on busy HCI reads.
This patch improves RFCOMM throughput and reduces CPU utilization.
Instead of using a counting semaphore to measure bytes and reading
one at a time from the eager reader's buffer, read in bulk based
on the incoming read request size.
Change-Id: I17046bfbc3ca49576a9c82b38911aeb84234881a
Mudumba Ananth [Thu, 4 Jun 2015 13:00:48 +0000 (06:00 -0700)]
Fix insufficient buffer size allocation in hci_inject
A bug in the hci_inject when requesting a buffer to carry the
injected HCI packet. The allocated size should include the BT_HDR
header size.
Change-Id: Ic1fd41264249103140ce50dff843a99a6bd7dbd8
Pavlin Radoslavov [Thu, 11 Jun 2015 09:09:01 +0000 (02:09 -0700)]
Re-enable the OSI memory allocation tracker.
Previously, the OSI memory allocation tracker was disabled as
a temporary workaround for Bug
21561735.
The root cause for the original issue is now addressed by using the
appropriate linker flags when generating the bluetooth.default.so
shared library:
LOCAL_LDLIBS := -Wl,-Bsymbolic,-Bsymbolic-functions
Also, added missing #include in file "btif/src/btif_sock_sco.c"
Bug:
21561735
Change-Id: I384a6f3d1d03c74f8d1e3c96bf7e0b5961206feb
Andre Eisenbach [Tue, 9 Jun 2015 03:43:00 +0000 (20:43 -0700)]
Do not ask for confirmation for temporary pairing
Bug:
20187234
Change-Id: I4213a3c2cafecdb39fcf3f19464c91776180267a
Dan Albert [Tue, 9 Jun 2015 23:53:45 +0000 (16:53 -0700)]
Add missing include.
osi_malloc was never included, so it was implicitly defined as
returning an integer (thank you, C). Clang caught the int to pointer
conversion error.
Change-Id: I0d8a3363d92cb72a22780d049a53e193d2e50ec5
Casper Bonde [Thu, 21 May 2015 09:08:45 +0000 (11:08 +0200)]
SAP: Make it possible to enforce a 16-digit pin code (1/5)
This change enable the posibility to enforce using a
16-digit pin or MITM for a RFCOMM or L2CAP connection.
This is needed for the SIM access profile.
Change-Id: I02886ce284f27295205def3c66fb76372f5dab4f
Signed-off-by: Casper Bonde <c.bonde@samsung.com>
Eric Laurent [Fri, 5 Jun 2015 18:55:24 +0000 (11:55 -0700)]
Revert "A2DP audio HAL: implement get_presentation_position()"
This reverts commit
0b6c835cab0391f73a453686f4e665dd02661d77.
Bug:
21660426.
Mallikarjuna GB [Thu, 21 May 2015 08:54:05 +0000 (14:24 +0530)]
Initialize btif_max_hf_clients with proper value
btif_max_hf_clients which is an unsigned 16bit integer is
initialized with -1(0xFFFF) in btif_hf.c. Later on, when
application calls init with max_hf_clients as 1, btif_max_hf_clients
will be set to 1. But, before this happens, context switch happened
from application context to btif context with btif_max_hf_clients as -1.
In the btif context, BTA_AgRegister gets called in for loop for 0xFFFF
times. We are running out of scbs due to this.
Initialize btif_max_hf_clients with 1. Assign it to max_hf_clients
before context switch happens.
Change-Id: Ibde1bebbab2eb64442027164236f1d82e4269d23
Mallikarjuna GB [Fri, 7 Nov 2014 11:22:25 +0000 (16:52 +0530)]
Fix issues in A2dp, Avrcp, HF and AG reported by static analysis tool
- Fixes to validate Array Index Value and Null Pointer
Dereference reported by static analysis tool.
Change-Id: Id1492315f68378fdcfa517bd0a5cacefc8ebfddb
Anubhav Gupta [Mon, 17 Nov 2014 01:02:45 +0000 (17:02 -0800)]
Ignore STOP command if A2DP stream is suspended
Ignore STOP command if A2DP stream is already suspended.
Some carkits send STOP command before VOIP call initiation
but don't send PLAY when call ends which hinders DUT to resume
audio playback after call termination.
Change-Id: I41cc1fc6f4b6cfaa1560d729baa0ca27f6dfe8c8
Anubhav Gupta [Tue, 7 Oct 2014 12:58:19 +0000 (18:28 +0530)]
Remove check for stream type in a2dp hal_callbacks.
Stream type is invalid till signalling channel
connection establishment is completed. Do not
check stream type while calling HAL callback.
Change-Id: I69fb19636f3e9bb72202c450dcef9e7bc2e53731
Mallikarjuna GB [Mon, 22 Sep 2014 04:30:36 +0000 (10:00 +0530)]
Clear remote BD address information.
This change makes sure that when RFCOMM
connection fails for HFP, AG control block
clears the remote bd address. This will prevent
the misuse of remote bd address.
Change-Id: I9b14cfe7ae18e72f0972704ac3aa5e915f70ddb3
Mallikarjuna GB [Fri, 22 May 2015 09:44:25 +0000 (15:14 +0530)]
Don't stop sniff timer before checking for service ID entry
- Avoid stopping sniff timer before checking for service
ID entry for which bta_sys_conn_close is called since if
entry is not present we return without re-starting timer
and ACL doesn't go into sniff.
Change-Id: I063da8e58e067ade5d646debf086bb443066106c
Mallikarjuna GB [Thu, 21 May 2015 13:37:30 +0000 (19:07 +0530)]
Don't initiate sniff in sniff mode
This change makes sure that AG does not retry
to intiate sniff if device is already in remote
initiated sniff mode.
Change-Id: I77a0c4c0aaf2e93e3168f49998fe22a971d46212
Mallikarjuna GB [Thu, 21 May 2015 13:47:06 +0000 (19:17 +0530)]
Updated ATD string parsing
This change makes sure that the Dial string
parsing accepts 'pause' and 'wait' characters
too.
Change-Id: Ie56b355199a3d4292d0ee9913852292147ccf55f