OSDN Git Service
TreeHugger Robot [Wed, 8 Dec 2021 22:58:43 +0000 (22:58 +0000)]
[automerger skipped] Merge "Reset the IRK after all devices are unpaired" into rvc-dev am:
02e9ee37f8 -s ours am:
e72af1fde2 -s ours
am skip reason: Merged-In I8e44f010a72dcdec595d81293a05f49ccc054065 with SHA-1
0e5bb13f66 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16232311
Change-Id: I925a143e44b2483733b91ac965b216ec47ca7f66
TreeHugger Robot [Wed, 8 Dec 2021 22:58:17 +0000 (22:58 +0000)]
[automerger skipped] Merge "Reset the IRK after all devices are unpaired" into rvc-qpr-dev am:
c289d8f704 -s ours
am skip reason: Merged-In I8e44f010a72dcdec595d81293a05f49ccc054065 with SHA-1
ea9ce63c51 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16184352
Change-Id: I189e1b841cbce5d840305a1ee13b10a4ebb9a709
TreeHugger Robot [Wed, 8 Dec 2021 22:58:14 +0000 (22:58 +0000)]
[automerger skipped] Merge "Reset the IRK after all devices are unpaired" into rvc-dev am:
02e9ee37f8 -s ours
am skip reason: Merged-In I8e44f010a72dcdec595d81293a05f49ccc054065 with SHA-1
0e5bb13f66 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16232311
Change-Id: I1cf19c8a3a8d94cc61cdaea62fdd2ff42c4be241
TreeHugger Robot [Wed, 8 Dec 2021 21:56:00 +0000 (21:56 +0000)]
Merge "Reset the IRK after all devices are unpaired" into rvc-dev
TreeHugger Robot [Wed, 8 Dec 2021 21:55:42 +0000 (21:55 +0000)]
Merge "Reset the IRK after all devices are unpaired" into rvc-qpr-dev
TreeHugger Robot [Wed, 8 Dec 2021 21:55:27 +0000 (21:55 +0000)]
Merge "Reset the IRK after all devices are unpaired" into sc-dev
Chris Manton [Wed, 8 Dec 2021 02:45:05 +0000 (02:45 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347 am:
6434aef9ce am:
c5d75d4ccc am:
0227d75120 am:
0ae4f050db
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I8129d0e49e8d4ce590cf1962e9fdd43e6ce3cf9e
TreeHugger Robot [Wed, 8 Dec 2021 02:44:57 +0000 (02:44 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-dev am:
e3a9267e29 am:
ff9715fa67
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215817
Change-Id: Ica8934a455aab466ca981ae949af6cccb340dcc5
TreeHugger Robot [Wed, 8 Dec 2021 02:44:48 +0000 (02:44 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-qpr-dev am:
b4a92cca94
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16207306
Change-Id: I16ffb06771a37512694d14bef5cbdcde56d8902e
Chris Manton [Wed, 8 Dec 2021 02:44:38 +0000 (02:44 +0000)]
[automerger skipped] security: Use-After-Free in btm_sec_[dis]connected am:
4f3fdf141b am:
5be9d9d621 am:
d5eda0a6e6 am:
884bfe1918 -s ours
am skip reason: skipped by user cmanton
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215818
Change-Id: Ie017be63fa26f1853a1709e663b0d06c8306feab
Chris Manton [Tue, 7 Dec 2021 23:26:05 +0000 (23:26 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347 am:
6434aef9ce am:
c5d75d4ccc am:
0227d75120 am:
bdbdee6dfd
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I41a25461abdf9eb5acb31f76106204c427ad1a61
TreeHugger Robot [Tue, 7 Dec 2021 23:25:57 +0000 (23:25 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-dev am:
e3a9267e29 am:
1178fa5aa5
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215817
Change-Id: I64dded8817fc77a043feb200b1868004fb2fc8bb
Chris Manton [Tue, 7 Dec 2021 23:25:37 +0000 (23:25 +0000)]
[automerger skipped] security: Use-After-Free in btm_sec_[dis]connected am:
4f3fdf141b am:
5be9d9d621 am:
d5eda0a6e6 am:
fc09ae706e -s ours
am skip reason: skipped by user cmanton
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215818
Change-Id: Ib47f6fa413d3e1e49475880935b92a32dc63453c
Chris Manton [Tue, 7 Dec 2021 22:08:58 +0000 (22:08 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347 am:
6434aef9ce am:
c5d75d4ccc am:
0227d75120
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I4cb9faed1b2099c11a517786082199c9bc9c041a
TreeHugger Robot [Tue, 7 Dec 2021 22:08:53 +0000 (22:08 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-dev am:
e3a9267e29
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215817
Change-Id: I1cdc2ec489a8d8b5a06edc414603470a1c2903df
Chris Manton [Tue, 7 Dec 2021 22:07:28 +0000 (22:07 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347 am:
6434aef9ce am:
c5d75d4ccc am:
0227d75120
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I01ac30b1546276dd352d1504b005c0fb04df3782
TreeHugger Robot [Tue, 7 Dec 2021 22:07:22 +0000 (22:07 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-dev am:
e3a9267e29
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215817
Change-Id: I8156732e845da8df49c84b0b29eb93a6b77760a8
Chris Manton [Tue, 7 Dec 2021 22:01:02 +0000 (22:01 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347 am:
6434aef9ce am:
c5d75d4ccc
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I3dda30c79df98e642d03b983b87e198c746d1f17
TreeHugger Robot [Tue, 7 Dec 2021 21:48:59 +0000 (21:48 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-dev
Chris Manton [Tue, 7 Dec 2021 21:41:16 +0000 (21:41 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347 am:
6434aef9ce
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I8478f605bd57517038ea1b39fccbce004416a82a
TreeHugger Robot [Tue, 7 Dec 2021 21:34:06 +0000 (21:34 +0000)]
Merge "security: Use-After-Free in btm_sec_[dis]connected" into rvc-qpr-dev
Chris Manton [Tue, 7 Dec 2021 21:25:17 +0000 (21:25 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
64f6fb2347
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215819
Change-Id: I62206350a28a7c8b9a6cf9a726f16aa5898e46ba
Chris Manton [Tue, 7 Dec 2021 21:15:42 +0000 (21:15 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
4f3fdf141b am:
5be9d9d621 am:
d5eda0a6e6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215818
Change-Id: Ieaf344f4d3d55403e14fa0a90eed5d5679803c12
Chris Manton [Tue, 7 Dec 2021 21:14:11 +0000 (21:14 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
4f3fdf141b am:
5be9d9d621 am:
d5eda0a6e6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215818
Change-Id: I920888df5698795dc6fd8c7ba07649d6db31f812
Chris Manton [Tue, 7 Dec 2021 20:56:38 +0000 (20:56 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
4f3fdf141b am:
5be9d9d621
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215818
Change-Id: I63645b73ea5aa28038a7ba8d21c31d6016567945
Chris Manton [Tue, 7 Dec 2021 20:39:20 +0000 (20:39 +0000)]
security: Use-After-Free in btm_sec_[dis]connected am:
4f3fdf141b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
16215818
Change-Id: I734c905871627bc0aa6dc177d4ac8b2845cc129a
Martin Brabham [Fri, 29 Oct 2021 21:27:27 +0000 (21:27 +0000)]
Reset the IRK after all devices are unpaired
Bug:
204355134
Bug:
195410559
Test: Check IRK, pair devices, unpair all devices, Check IRK
Tag: #security
Change-Id: I8e44f010a72dcdec595d81293a05f49ccc054065
Merged-In: I8e44f010a72dcdec595d81293a05f49ccc054065
Martin Brabham [Fri, 29 Oct 2021 21:27:27 +0000 (21:27 +0000)]
Reset the IRK after all devices are unpaired
Bug:
204355134
Bug:
195410559
Test: Check IRK, pair devices, unpair all devices, Check IRK
Tag: #security
Change-Id: I8e44f010a72dcdec595d81293a05f49ccc054065
Merged-In: I8e44f010a72dcdec595d81293a05f49ccc054065
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Chris Manton [Tue, 9 Nov 2021 00:45:42 +0000 (16:45 -0800)]
security: Use-After-Free in btm_sec_[dis]connected
Bug:
201083442
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I69c362d1eb644a3b7fd967cd526a8a58c3b4d975
Martin Brabham [Fri, 29 Oct 2021 21:27:27 +0000 (21:27 +0000)]
Reset the IRK after all devices are unpaired
Bug:
204355134
Bug:
195410559
Test: Check IRK, pair devices, unpair all devices, Check IRK
Tag: #security
Change-Id: I8e44f010a72dcdec595d81293a05f49ccc054065
Merged-In: I8e44f010a72dcdec595d81293a05f49ccc054065
Chris Manton [Wed, 6 Oct 2021 19:29:36 +0000 (19:29 +0000)]
Merge "osi: Prevent memory allocations with MSB set" into rvc-qpr-dev am:
3034c96552
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959599
Change-Id: If6a8459b1f86d41c2b7913e5e45ed808884fb553
Chris Manton [Wed, 6 Oct 2021 19:17:56 +0000 (19:17 +0000)]
Merge "osi: Prevent memory allocations with MSB set" into rvc-qpr-dev
Chris Manton [Wed, 6 Oct 2021 19:06:03 +0000 (19:06 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716 am:
2cadbc6377
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I893e25ea34771c4f650ad22f647c03638df77e8d
Chris Manton [Wed, 6 Oct 2021 19:05:16 +0000 (19:05 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e am:
477c78d5e3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I5acb4c7ebd3a994218023aeab327252ed2353484
Chris Manton [Wed, 6 Oct 2021 18:53:45 +0000 (18:53 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716 am:
d2596b6520
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I954eaa7530d6c9f9aa9652cfbcc48cdbbc0a306f
Chris Manton [Wed, 6 Oct 2021 18:53:38 +0000 (18:53 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e am:
e8c11e248e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I5c6e608a88165a6b8e72ecf42717b90212eb0165
Chris Manton [Wed, 6 Oct 2021 18:39:24 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I60ce82f68eb256b8a786f8127fe21c38d0ee1833
Chris Manton [Wed, 6 Oct 2021 18:39:24 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912 am:
7300b01716
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: Ifc1b529263fd24774cef4ffab422bc4bcd334901
Chris Manton [Wed, 6 Oct 2021 18:39:20 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I7c21d6dfe0efe6812259cea7b839120a3cd58ac1
Chris Manton [Wed, 6 Oct 2021 18:39:20 +0000 (18:39 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602 am:
d65173898e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I03b2dbdb3dd187880383a26fedf10cb4f06ff670
Chris Manton [Wed, 6 Oct 2021 18:24:18 +0000 (18:24 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d am:
865d4f4214
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: Ia474ae0cada1cf3966d31851059dfe6bc87f45f2
Chris Manton [Wed, 6 Oct 2021 18:23:49 +0000 (18:23 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793 am:
85a3510912
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: Ice95438b8dbce78342490c360887246f7c5a1cb6
Chris Manton [Wed, 6 Oct 2021 18:23:45 +0000 (18:23 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8 am:
32249b0602
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I169567991117522a820ee5140e8bad2b1444e2e7
Chris Manton [Wed, 6 Oct 2021 18:23:11 +0000 (18:23 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d am:
ec15c0798b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: I109fadf5b18e8796dc683a57897149fff96660ca
Chris Manton [Wed, 6 Oct 2021 18:13:10 +0000 (18:13 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9 am:
1812f99793
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: Ie5cfe615061877d55b80ca411aba92629eb81583
Chris Manton [Wed, 6 Oct 2021 18:09:25 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
cee4d086c9
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959762
Change-Id: I29728cd50670ba60bf42f4142aa302f79d6ed9e3
Chris Manton [Wed, 6 Oct 2021 18:09:15 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: Id94265b102135a390aa798b3b682530bc8c33625
Chris Manton [Wed, 6 Oct 2021 18:09:13 +0000 (18:09 +0000)]
osi: Prevent memory allocations with MSB set am:
e435404a7d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959600
Change-Id: I977f1225ea250ef304b79efd475440f248bd557d
Chris Manton [Wed, 6 Oct 2021 18:08:26 +0000 (18:08 +0000)]
osi: Prevent memory allocations with MSB set am:
1e76ec66d8
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15959601
Change-Id: I3f033ec55080fbb2d924662b20d5e09a89a00c51
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Chris Manton [Thu, 30 Sep 2021 00:49:25 +0000 (17:49 -0700)]
osi: Prevent memory allocations with MSB set
Limit allocations on 32bit to 2 GB
Limit allocations on 64bit to 8 Exabyte
Bug:
197868577
Tag: #refactor
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
Martin Brabham [Mon, 30 Aug 2021 22:23:04 +0000 (15:23 -0700)]
Security Fix: Crafted GATT request causes BT stack crash
A while loop and condition check for the value of a type to be 0
when in fact since the value.len is arbitrary it could make the
remaining length "less than 0" and since the type is unsigned it'll
never be "less than 0."
Use signed type for loop and conditional checking.
Additionally, make sure the value.len when used to read an array is not
more than the remaining length of the data.
Bug:
197536150
Test: poc application
Tag: #security
Change-Id: I20d66ddd1055577d7d39aba447233c19081bb789
TreeHugger Robot [Fri, 13 Aug 2021 17:50:37 +0000 (17:50 +0000)]
Merge "Stop inquiry when inquiry cancelled" into sc-dev
Cheney Ni [Mon, 9 Aug 2021 11:15:20 +0000 (19:15 +0800)]
BluetoothAudioHAL: reset A2DP pending command while ending the session
Bug:
175425864
Tag: #compatibility
Test: Switch A2DP active device manually
Ignore-AOSP-First: cherry-pick from aosp to upstream branch
Change-Id: Icf29d8e5c557c927bffe9d49188bd0cf98b07120
IHLHO KIM [Tue, 3 Aug 2021 04:38:27 +0000 (04:38 +0000)]
Stop inquiry when inquiry cancelled
Inquiry is not stopped cause of clearing of BTM_BLE_INQUIRY_MASK.
This issue came from the follwing patch.
https://android-review.googlesource.com/c/platform/system/bt/+/
1402183
Bug:
195908804
Change-Id: I3361c924c9445d6aae2856f41b732fca22951f76
Tag: #refactor
Ignore-AOSP-First: cherry-pick from aosp to upstream branch
Test: compile & verify basic functions working
TreeHugger Robot [Fri, 6 Aug 2021 16:06:29 +0000 (16:06 +0000)]
Merge "Disable sniff for KDDI carkit" into sc-dev
Patty [Fri, 6 Aug 2021 04:08:00 +0000 (12:08 +0800)]
Disable sniff for KDDI carkit
When sniff is enabled, KDDI car kit may disconnect the ACL connection when SCO connection disconnect.
Tag: #compatibility
Bug:
194029299
Test: 1) Connect with KDDI car kit
2) Check Write Link Policy Command, enable sniff mode should be false
Change-Id: I597684cc2dc709167a789e2a1de3866bf9aab872
Ted Wang [Tue, 3 Aug 2021 07:27:25 +0000 (15:27 +0800)]
Disable sniff mode when AVDTP start
To avoid ACL link go into sniff mode during a2dp streaming by remote
request, disable sniff mode by link policy when AVDTP start, and
enable when AVDTP suspend, stop or disconnect.
Tag: #compatibility
Bug:
193206591
Test: audio resume after MO/MT call
Change-Id: I0af3223e0722b0343e8d091985e3e23606104268
Merged-In: I0af3223e0722b0343e8d091985e3e23606104268
Martin Brabham [Fri, 30 Jul 2021 18:57:19 +0000 (18:57 +0000)]
Merge "Also remove entry during delete in addition to clear" into sc-dev
TreeHugger Robot [Fri, 30 Jul 2021 17:07:18 +0000 (17:07 +0000)]
Merge "Reduce shutdown BTA_DM_DISABLE_TIMER_MS from 5000ms to 2000ms" into sc-dev
Martin Brabham [Thu, 29 Jul 2021 00:48:18 +0000 (17:48 -0700)]
Also remove entry during delete in addition to clear
Bug:
194432570
Test: Manual test app; nRF connect
Tag: #feature
Change-Id: I17a1a8b1ba2b305527ae74bb8ad5f6e1258e870e
Merged-In: I17a1a8b1ba2b305527ae74bb8ad5f6e1258e870e
Chris Manton [Tue, 20 Jul 2021 15:32:48 +0000 (08:32 -0700)]
Reduce shutdown BTA_DM_DISABLE_TIMER_MS from 5000ms to 2000ms
Bug:
192154257
Test: gd/cert/run
Tag: #refactor
Ignore-AOSP-First: Possible CP candidate
Change-Id: Ia916e427cb00e029ecb13a56255219fb2aba8500
Hansong Zhang [Wed, 28 Jul 2021 18:26:28 +0000 (11:26 -0700)]
L2CA_RegisterLECoc fix
We should register security record when we are server, so the condition
should be the same as "vpsm == psm", as in line 412 below. So we should
use "pL2CA_ConnectInd_Cb != nullptr" (server has to have an incoming
connection handler), OR "psm < LE_DYNAMIC_PSM_START" (Fixed PSM service,
as it's treated like this for vpsm).
Tag: #stability
Bug:
193142224
Test: CtsVerifier LE COC client and server
Change-Id: I627e4dcd0aca4c113966952b53fad2be0f9d7104
TreeHugger Robot [Wed, 28 Jul 2021 17:34:20 +0000 (17:34 +0000)]
Merge "Fix L2cap LE COC security record leaks" into sc-dev
Hansong Zhang [Wed, 28 Jul 2021 00:08:00 +0000 (17:08 -0700)]
Fix L2cap LE COC security record leaks
- When we are client, we don't need to register security during L2cap
registration.
- When we are done, we clean up security record by PSM; Service ID might
be invalid.
- Once the btif topshim facade initial commit is done, we can repro this
and verify the fix with test automation.
Tag: #stability
Bug:
193142224
Test: CtsVerifier LE COC Client for many times; later we will have an
automated test for this
Change-Id: I90fd23ce26c65ca3314e0754a2630d3f63c5d5d8
Merged-In: I90fd23ce26c65ca3314e0754a2630d3f63c5d5d8
Hansong Zhang [Fri, 23 Jul 2021 21:38:57 +0000 (14:38 -0700)]
BTM_PM: Try other pending changes when current one failed
When we receive a non-SUCCESS command status for pm change, we should
not stop here; there might be some other pending pm changes in the
queue. We need to try the remaining ones.
Test: Disconnect a device when there is a pending PM change
Tag: #stability
Bug:
180842489
Bug:
184095368
Change-Id: I31a6f96cd3b47e671141c29801f4d7397787fc51
Merged-In: I31a6f96cd3b47e671141c29801f4d7397787fc51
Chris Manton [Sat, 19 Jun 2021 00:17:02 +0000 (00:17 +0000)]
Fix net_test_osi am:
c757c89b20 am:
5ea1923be7 am:
137884f281 am:
d3363286c5
Original change: https://android-review.googlesource.com/c/platform/system/bt/+/
1740854
Bug:
191431228
Tag: #refactor
Test: gd/cert/run --device
Ignore-AOSP-First: Cherry-pick to release branch
(cherry picked from commit
b9eb2c51c7a7af64da6f622efbc2f822c3c000c8)
Merged-In: I25e3a8aa16dce375fed79133b1e1561d914c6a8d
Change-Id: I25e3a8aa16dce375fed79133b1e1561d914c6a8d
Łukasz Rymanowski [Mon, 21 Jun 2021 16:44:14 +0000 (16:44 +0000)]
eatt: Improve handling incoming EATT connection
With this patch we make sure that eatt_dev is created always when EATT
is supported on the peer side, no matter what is the connection role.
It will allow to accept ecoc channels when Android device is peripheral
device
Bug:
159786353
Bug:
191313013
Tag: #feature
Test: atest --host net_test_eatt
Sponsor: jpawlowski@
Merged-In: I4d735bc4a2d74f637e9c7f7819e10659af9b0fbb
Change-Id: I4d735bc4a2d74f637e9c7f7819e10659af9b0fbb
Łukasz Rymanowski [Mon, 21 Jun 2021 16:11:56 +0000 (16:11 +0000)]
eatt: Fix for the crash on incoming channel creation
It fixes:
signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: '[FATAL:eatt_impl.h(142)] Check failed: eatt_dev->eatt_tcb_.
Crash could happen when Android is connects at first as a central device
connection to peer which supports EATT and after reconnection it is peer
initiating ecoc (e.g. Android is peripheral or peer is faster with ecoc
connection request). At that point eatt_dev is there but eatt_tcb_ is
not.
Bug:
159786353
Bug:
191313013
Tag: #feature
Test: atest --host net_test_eatt
Sponsor: jpawlowski@
Merged-In: Ic5e8c027dc45eec942457f09c987ec64cfafb761
Change-Id: Ic5e8c027dc45eec942457f09c987ec64cfafb761
Łukasz Rymanowski [Mon, 11 May 2020 21:20:11 +0000 (23:20 +0200)]
stack/gatt: Store GATT server supported features
Tag: #feature
Bug:
159786353
Sponsor: jpawlowski@
Test: compile & manual testing
Bug:
191313013
Merged-In: Ic16d962949e3aa51ed1ab5ce06cf9aa1acebc726
Change-Id: Ic16d962949e3aa51ed1ab5ce06cf9aa1acebc726
Łukasz Rymanowski [Mon, 11 May 2020 14:30:33 +0000 (16:30 +0200)]
btif_storage: Add way to store GATT server supported features
This is needed for storing Enhanced ATT support.
Tag: #feature
Bug:
159786353
Sponsor: jpawlowski@
Test: compile & manual testing
Bug:
191313013
Merged-In: Ic37b668b91ab6c830d780f70db703a5d9be11677
Change-Id: Ic37b668b91ab6c830d780f70db703a5d9be11677
Łukasz Rymanowski [Wed, 26 May 2021 09:02:38 +0000 (09:02 +0000)]
eatt: Fix crash on double disconnect
Bug:
159786353
Tag: #feature
Test: atest --host net_test_eatt
Sponsor: jpawlowski@
Bug:
191313013
Merged-In: Ie4872f1c51445df59f2f68b127454d5f4d4e9ad0
Change-Id: Ie4872f1c51445df59f2f68b127454d5f4d4e9ad0
Łukasz Rymanowski [Wed, 26 May 2021 09:01:21 +0000 (09:01 +0000)]
eatt: Fix logging
Bug:
159786353
Tag: #feature
Test: compile
Sponsor: jpawlowski@
Bug:
191313013
Merged-In: Ia07b894a37a648d2a8aec0539e6fb75000a2c999
Change-Id: Ia07b894a37a648d2a8aec0539e6fb75000a2c999
TreeHugger Robot [Fri, 2 Jul 2021 23:02:31 +0000 (23:02 +0000)]
Merge "Queue discovery and device inquiry while bonding" into sc-dev
Rahul Sabnis [Thu, 20 May 2021 04:08:18 +0000 (21:08 -0700)]
Queue discovery and device inquiry while bonding
Tag: #feature
Bug:
187165224
Test: Manual
Merged-In: I260c967de0f4656ee852a098a98c9ceb0e6dfbde
Change-Id: I260c967de0f4656ee852a098a98c9ceb0e6dfbde
Martin Brabham [Wed, 30 Jun 2021 19:08:02 +0000 (12:08 -0700)]
OOB: Return local adapter name in generated OOB Data
Bug:
192475074
Test: Manual, test app.
Tag: #feature
Change-Id: I5086cbe6c0d2ab3346a956e22df36725a9e93530
Merged-In: I5086cbe6c0d2ab3346a956e22df36725a9e93530
Sal Savage [Wed, 30 Jun 2021 15:34:03 +0000 (15:34 +0000)]
Merge "Configure newavrcp target to be "passive" when setting up AVCTP" into sc-dev
TreeHugger Robot [Tue, 29 Jun 2021 21:16:55 +0000 (21:16 +0000)]
Merge changes from topic "bluetooth_oob_api" into sc-dev
* changes:
OOB: Replace 'memcpy' with assignments
OOB: Cancel advertiser and replace
OOB: Start advertising when OOB data is generated.
OOB: Connector; Set name of remote from OOB data
OOB: Store keys and data generated for local OOB use.
OOB: Utilize SMP state machine to generate the OOB data.
OOB: Rework create bond out of band flow to not use btif_dm_cb_create_bond
Martin Brabham [Tue, 29 Jun 2021 19:49:41 +0000 (12:49 -0700)]
OOB: Replace 'memcpy' with assignments
Fixes a lint warning
Bug:
178007935
Test: Compiles
Tag: #feature
Change-Id: Id5e0d41085f9415daadb261a01f99200cb8f90e0
Merged-In: Id5e0d41085f9415daadb261a01f99200cb8f90e0
Martin Brabham [Tue, 29 Jun 2021 00:07:10 +0000 (17:07 -0700)]
OOB: Cancel advertiser and replace
Bug:
192298941
Test: Manual, test app and nRF connect.
Tag: #feature
Change-Id: Ia9a538fea6ac58e1487523447b22396c0caead8b
Merged-In: Ia9a538fea6ac58e1487523447b22396c0caead8b
Martin Brabham [Thu, 20 May 2021 21:30:09 +0000 (14:30 -0700)]
OOB: Start advertising when OOB data is generated.
This affords the stack the capability to provide the proper
random address and address type to the user via the OobDataCallback.
Previous to this commit, the data defaults to the public address.
This advertisement will time out, and will clear OOB data upon timeout.
Bug:
192084169
Test: Manual, test app.
Test: m bt_host_test_bta
Test: m net_test_btif_stack
Tag: #feature
Change-Id: Ia24c10e7209027b8b070b9196caba7e394ee6dcb
Merged-In: Ia24c10e7209027b8b070b9196caba7e394ee6dcb
Martin Brabham [Fri, 25 Jun 2021 19:59:22 +0000 (12:59 -0700)]
OOB: Connector; Set name of remote from OOB data
There are 4 total "devices" listed in Settings.
Each shows a mac address, if a name doesn't exist it won't
show in things like the share a file dialog.
This names 1/4 of those addresses. The LE Device (Advertiser)
displayed on the Connector's Settings->Connected devices list.
Bug:
192093473
Test: Manual, test app
Tag: #feature
Change-Id: I94024413e962f4742f6fa71c495d042aaede5ffb
Merged-In: I94024413e962f4742f6fa71c495d042aaede5ffb
Martin Brabham [Fri, 18 Jun 2021 00:06:12 +0000 (17:06 -0700)]
OOB: Store keys and data generated for local OOB use.
Bug:
190395922
Test: Manual, test app
Tag: #feature
Change-Id: Ib88abb866ce08b99c7fbf17ac9cfb85ee0f3441e
Merged-In: Ib88abb866ce08b99c7fbf17ac9cfb85ee0f3441e
Martin Brabham [Thu, 3 Jun 2021 19:07:27 +0000 (12:07 -0700)]
OOB: Utilize SMP state machine to generate the OOB data.
Finish the SMP implemention for OOB in the legacy stack and
connect callback pipeline to return data to the caller.
Bug:
178007935
Test: Manual; test app
Tag: #feature
Change-Id: Id4fe6b29a1db3ec50d37b042ea67cebfa9eba4e1
Merged-In: Id4fe6b29a1db3ec50d37b042ea67cebfa9eba4e1
Martin Brabham [Thu, 13 May 2021 19:04:26 +0000 (12:04 -0700)]
OOB: Rework create bond out of band flow to not use btif_dm_cb_create_bond
Instead we just call BTA_DmBond directly since this is an OOB pairing scenario
Bug:
178007935
Test: Compiles, Manually with test app
Tag: #feature
Change-Id: Ie9d7cf20c18b2ccac322dabad141135e8a18bf93
Merged-In: Ie9d7cf20c18b2ccac322dabad141135e8a18bf93
Sal Savage [Tue, 29 Jun 2021 18:44:06 +0000 (11:44 -0700)]
Configure newavrcp target to be "passive" when setting up AVCTP
As it stands, both newavrcp target and avrcp controller devices are
configured as not "passive." This is an Android BT stack convention that
AVCTP uses as a policy for handling unlikely connection collisions. When
passive, a device will allow an incoming connection to take the place of
it's outgoing connection, assuming the connection. Non-passive devices
are strict in only allowing their outgoing connection to stay up.
When two non-passive devices connect with each other, there's a 10-15%
chance that the timing of events will cause each device to disconnect
each other's connection, resulting in no connection being set up.
AVCTP Section 5.1 says the target should allow the controller's
connection to succeed. Configuring newavrcp target to be passive puts us
more in line with that requirement.
Note this is a temporary work-around for a larger effort around the
AVCTP connection collision handling that will probably need to take
place.
Tag: #stability
Bug:
179292409
Test: atest BluetoothInstrumentationTests; -- Also connect phone to an
AVRCP controller device and wait for an unlikely connection collision.
Ensure the phone allows the CT to connect over its own connection.
Change-Id: I6861c78ba594d4e4ccfcf8ce9adec109f1b2d270
Merged-In: I6861c78ba594d4e4ccfcf8ce9adec109f1b2d270
Chris Manton [Wed, 24 Mar 2021 16:11:26 +0000 (09:11 -0700)]
RESTRICT AUTOMERGE Security fix OOB read vuln stack/avrc/avrc_pars_tg
Bug:
168712382
Tag: #security
Test: gd/cert/run
Ignore-AOSP-First: Security
Change-Id: Iae823e45675d46d8ca037157e516cc2f94fadfab
Jakub Pawlowski [Thu, 10 Jun 2021 20:01:32 +0000 (22:01 +0200)]
Fix potential buffer overflow and uninitialized read in reassemble_and_dispatch_iso
Tag: #security
Test: compilation
Bug:
188673156
Change-Id: Id9f2acfde05da681c82adc25d602cc48a2bc5df9
Hansong Zhang [Fri, 25 Jun 2021 00:52:22 +0000 (00:52 +0000)]
SMP: Reject pairing if public_key.x match am:
9fbf77d1a8 am:
6dd3a7aa69 am:
351d594583 am:
cf11884e7c am:
fb9f699d79 am:
0398829473
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15081352
Change-Id: Ica723c5c0020d152d386edc4a46f7602a90a512a
Hansong Zhang [Fri, 25 Jun 2021 00:51:55 +0000 (00:51 +0000)]
SMP: Reject pairing if public_key.x match am:
9fbf77d1a8 am:
6dd3a7aa69 am:
351d594583 am:
cf11884e7c am:
fb9f699d79 am:
03fbe41891
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15081352
Change-Id: Ie04f037faaa325d91f288bcee0e43dd2286bc328
Hansong Zhang [Fri, 25 Jun 2021 00:39:20 +0000 (00:39 +0000)]
SMP: Reject pairing if public_key.x match am:
9fbf77d1a8 am:
6dd3a7aa69 am:
351d594583 am:
cf11884e7c am:
fb9f699d79
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15081352
Change-Id: I722d373d4c77fd8094bfcd7abed678c89e8d226b
Hansong Zhang [Fri, 25 Jun 2021 00:39:18 +0000 (00:39 +0000)]
SMP: Reject pairing if public_key.x match am:
9fbf77d1a8 am:
6dd3a7aa69 am:
351d594583 am:
cf11884e7c am:
fb9f699d79
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15081352
Change-Id: Ibfab96eaf95bdc3232777dd53a9f7ca7ac924f82
Hansong Zhang [Fri, 25 Jun 2021 00:26:04 +0000 (00:26 +0000)]
SMP: Reject pairing if public_key.x match am:
9fbf77d1a8 am:
6dd3a7aa69 am:
351d594583 am:
cf11884e7c
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/bt/+/
15081352
Change-Id: Ife13fd9bc5326d8ada38cb2f762a70ba79d35752