From f3681c8616af4d052c410ba3e88747541a974bf5 Mon Sep 17 00:00:00 2001 From: Ugo Yu Date: Fri, 2 Nov 2018 20:32:14 +0800 Subject: [PATCH] DO NOT MERGE Separate SDP procedure from bonding state (1/2) - Do not stay in bonding state if the device is paried but still discovering service. - Report BOND_BONDED to Java after authentication is completed. - Report empty UUID to Java if a classic Bluetooth device SDP failed while pairing. - Hold BOND_BONDED intent util SDP is findished. - Only accept profile connection for the device is at bonded state. Any attempt to connect while bonding would potentially lead to an unauthorized connection. Bug: 79703832 Test: runtest bluetooth Change-Id: I023713e07308bfc0e5bb8d67f386bcc50f6a0f85 (cherry picked from commit 122e115b87fe98ca5e5e65b9765c146f9e52b65e) --- btif/src/btif_dm.cc | 81 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 24 deletions(-) diff --git a/btif/src/btif_dm.cc b/btif/src/btif_dm.cc index eceab109d..767cc4ca9 100644 --- a/btif/src/btif_dm.cc +++ b/btif/src/btif_dm.cc @@ -183,6 +183,7 @@ typedef struct { #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id)) #define UUID_HUMAN_INTERFACE_DEVICE "00001124-0000-1000-8000-00805f9b34fb" +#define UUID_EMPTY "00000000-0000-0000-0000-000000000000" #define MAX_BTIF_BOND_EVENT_ENTRIES 15 @@ -261,6 +262,11 @@ static bool is_empty_128bit(uint8_t* data) { return !memcmp(zero, data, sizeof(zero)); } +static bool is_bonding_or_sdp() { + return pairing_cb.state == BT_BOND_STATE_BONDING || + (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts); +} + static void btif_dm_data_copy(uint16_t event, char* dst, char* src) { tBTA_DM_SEC* dst_dm_sec = (tBTA_DM_SEC*)dst; tBTA_DM_SEC* src_dm_sec = (tBTA_DM_SEC*)src; @@ -487,8 +493,6 @@ static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr, bt_bond_state_t state) { btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_BOND_STATE_CHANGED, state); - // Send bonding state only once - based on outgoing/incoming we may receive - // duplicates if ((pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING)) { // Cross key pairing so send callback for static address if (!pairing_cb.static_bdaddr.IsEmpty()) { @@ -506,14 +510,18 @@ static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr, auto tmp = bd_addr; HAL_CBACK(bt_hal_cbacks, bond_state_changed_cb, status, &tmp, state); - if (state == BT_BOND_STATE_BONDING) { + int dev_type; + if (!btif_get_device_type(bd_addr, &dev_type)) { + dev_type = BT_DEVICE_TYPE_BREDR; + } + + if (state == BT_BOND_STATE_BONDING || + (state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts > 0)) { + // Save state for the device is bonding or SDP. pairing_cb.state = state; pairing_cb.bd_addr = bd_addr; } else { - if (!pairing_cb.sdp_attempts) - memset(&pairing_cb, 0, sizeof(pairing_cb)); - else - BTIF_TRACE_DEBUG("%s: BR-EDR service discovery active", __func__); + pairing_cb = {}; } } @@ -1121,6 +1129,10 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) { /* Trigger SDP on the device */ pairing_cb.sdp_attempts = 1; + + // Report bonded to Java before start SDP + bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED); + btif_dm_get_remote_services(bd_addr); } } @@ -1378,9 +1390,9 @@ static void btif_dm_search_services_evt(uint16_t event, char* p_param) { BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __func__, p_data->disc_res.result, p_data->disc_res.services); - if ((p_data->disc_res.result != BTA_SUCCESS) && - (pairing_cb.state == BT_BOND_STATE_BONDING) && - (pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING)) { + if (p_data->disc_res.result != BTA_SUCCESS && + pairing_cb.state == BT_BOND_STATE_BONDED && + pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING) { BTIF_TRACE_WARNING("%s:SDP failed after bonding re-attempting", __func__); pairing_cb.sdp_attempts++; @@ -1405,21 +1417,42 @@ static void btif_dm_search_services_evt(uint16_t event, char* p_param) { /* onUuidChanged requires getBondedDevices to be populated. ** bond_state_changed needs to be sent prior to remote_device_property */ - if ((pairing_cb.state == BT_BOND_STATE_BONDING) && + if ((pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts) && (p_data->disc_res.bd_addr == pairing_cb.bd_addr || - p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) && - pairing_cb.sdp_attempts > 0) { - BTIF_TRACE_DEBUG( - "%s Remote Service SDP done. Call bond_state_changed_cb BONDED", - __func__); + p_data->disc_res.bd_addr == pairing_cb.static_bdaddr)) { + LOG_INFO(LOG_TAG, "%s Remote Service SDP done.", __func__); pairing_cb.sdp_attempts = 0; - // If bonding occured due to cross-key pairing, send bonding callback + // If bond occured due to cross-key pairing, send bond state callback // for static address now - if (p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) + if (p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) { bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING); - - bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED); + bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED); + } + if (pairing_cb.state == BT_BOND_STATE_BONDED) { + if (p_data->disc_res.result == BTA_SUCCESS) { + // Device is bonded and SDP completed. Clear the pairing control + // block. + pairing_cb = {}; + } else { + // Report empty UUID to Java if SDP report negative result while + // pairing. + bt_property_t prop; + bt_uuid_t uuid; + char uuid_str[128] = UUID_EMPTY; + + string_to_uuid(uuid_str, &uuid); + + prop.type = BT_PROPERTY_UUIDS; + prop.val = uuid.uu; + prop.len = MAX_UUID_SIZE; + + /* Send the event to the BTIF */ + HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, + BT_STATUS_SUCCESS, &bd_addr, 1, &prop); + break; + } + } } if (p_data->disc_res.num_uuids != 0) { @@ -1629,7 +1662,7 @@ static void btif_dm_upstreams_evt(uint16_t event, char* p_param) { break; case BTA_DM_BOND_CANCEL_CMPL_EVT: - if (pairing_cb.state == BT_BOND_STATE_BONDING) { + if (is_bonding_or_sdp()) { bd_addr = pairing_cb.bd_addr; btm_set_bond_type_dev(pairing_cb.bd_addr, BOND_TYPE_UNKNOWN); bond_state_changed((bt_status_t)p_data->bond_cancel_cmpl.result, @@ -2277,7 +2310,7 @@ bt_status_t btif_dm_cancel_bond(const RawAddress* bd_addr) { ** 1. Restore scan modes ** 2. special handling for HID devices */ - if (pairing_cb.state == BT_BOND_STATE_BONDING) { + if (is_bonding_or_sdp()) { if (pairing_cb.is_ssp) { if (pairing_cb.is_le_only) { BTA_DmBleSecurityGrant(*bd_addr, BTA_DM_SEC_PAIR_NOT_SPT); @@ -2469,7 +2502,7 @@ bt_status_t btif_dm_get_remote_services(const RawAddress& remote_addr) { /******************************************************************************* * - * Function btif_dm_get_remote_services_transport + * Function btif_dm_get_remote_services_by_transport * * Description Start SDP to get remote services by transport * @@ -3171,7 +3204,7 @@ bt_status_t btif_le_test_mode(uint16_t opcode, uint8_t* buf, uint8_t len) { void btif_dm_on_disable() { /* cancel any pending pairing requests */ - if (pairing_cb.state == BT_BOND_STATE_BONDING) { + if (is_bonding_or_sdp()) { BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __func__); btif_dm_cancel_bond(&pairing_cb.bd_addr); } -- 2.11.0