/******************************************************************************
*
* Copyright 1999-2012 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* This file contains functions that interface with the HCI transport. On
* the receive side, it routes events to the appropriate handler, e.g.
* L2CAP, ScoMgr. On the transmit side, it manages the command
* transmission.
*
******************************************************************************/
#define LOG_TAG "bt_btu_hcif"
#include
#include
#include
#include "btif/include/btif_config.h"
#include "common/metrics.h"
#include "device/include/controller.h"
#include "osi/include/log.h"
#include "stack/include/acl_hci_link_interface.h"
#include "stack/include/ble_acl_interface.h"
#include "stack/include/ble_hci_link_interface.h"
#include "stack/include/btm_iso_api.h"
#include "stack/include/btu.h"
#include "stack/include/dev_hci_link_interface.h"
#include "stack/include/gatt_api.h"
#include "stack/include/hci_error_code.h"
#include "stack/include/hci_evt_length.h"
#include "stack/include/hcidefs.h"
#include "stack/include/inq_hci_link_interface.h"
#include "stack/include/l2cap_hci_link_interface.h"
#include "stack/include/sco_hci_link_interface.h"
#include "stack/include/sec_hci_link_interface.h"
#include "stack/include/stack_metrics_logging.h"
#include "types/hci_role.h"
using base::Location;
using bluetooth::hci::IsoManager;
bool l2c_link_hci_disc_comp(uint16_t handle,
tHCI_REASON reason); // TODO remove
bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x); // TODO remove
void BTA_sys_signal_hw_error(); // TODO remove
void smp_cancel_start_encryption_attempt(); // TODO remove
void acl_disconnect_from_handle(uint16_t handle,
tHCI_STATUS reason); // TODO remove
/******************************************************************************/
/* L O C A L F U N C T I O N P R O T O T Y P E S */
/******************************************************************************/
static void btu_hcif_inquiry_comp_evt(uint8_t* p);
static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len);
static void btu_hcif_connection_request_evt(uint8_t* p);
static void btu_hcif_disconnection_comp_evt(uint8_t* p);
static void btu_hcif_authentication_comp_evt(uint8_t* p);
static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len);
static void btu_hcif_encryption_change_evt(uint8_t* p);
static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
uint8_t evt_len);
static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
void* context);
static void btu_hcif_hardware_error_evt(uint8_t* p);
static void btu_hcif_role_change_evt(uint8_t* p);
static void btu_hcif_mode_change_evt(uint8_t* p);
static void btu_hcif_link_key_notification_evt(uint8_t* p);
static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
static void btu_hcif_esco_connection_comp_evt(uint8_t* p);
static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
/* Simple Pairing Events */
static void btu_hcif_io_cap_request_evt(uint8_t* p);
static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len);
static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len);
static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len);
static void btu_ble_rc_param_req_evt(uint8_t* p, uint8_t len);
/**
* Log HCI event metrics that are not handled in special functions
* @param evt_code event code
* @param p_event pointer to event parameter, skipping paremter length
*/
void btu_hcif_log_event_metrics(uint8_t evt_code, uint8_t* p_event) {
uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
int64_t value = 0;
RawAddress bda = RawAddress::kEmpty;
switch (evt_code) {
case HCI_IO_CAPABILITY_REQUEST_EVT:
case HCI_IO_CAPABILITY_RESPONSE_EVT:
case HCI_LINK_KEY_REQUEST_EVT:
case HCI_LINK_KEY_NOTIFICATION_EVT:
case HCI_USER_PASSKEY_REQUEST_EVT:
case HCI_USER_PASSKEY_NOTIFY_EVT:
case HCI_USER_CONFIRMATION_REQUEST_EVT:
case HCI_KEYPRESS_NOTIFY_EVT:
case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
STREAM_TO_BDADDR(bda, p_event);
log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
value);
break;
case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
case HCI_RMT_NAME_REQUEST_COMP_EVT:
STREAM_TO_UINT8(status, p_event);
STREAM_TO_BDADDR(bda, p_event);
log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
value);
break;
case HCI_AUTHENTICATION_COMP_EVT:
STREAM_TO_UINT8(status, p_event);
STREAM_TO_UINT16(handle, p_event);
handle = HCID_GET_HANDLE(handle);
log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
value);
break;
case HCI_ENCRYPTION_CHANGE_EVT: {
uint8_t encryption_enabled;
STREAM_TO_UINT8(status, p_event);
STREAM_TO_UINT16(handle, p_event);
STREAM_TO_UINT8(encryption_enabled, p_event);
log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
encryption_enabled);
break;
}
case HCI_CONNECTION_COMP_EVT: {
uint8_t link_type;
STREAM_TO_UINT8(status, p_event);
STREAM_TO_UINT16(handle, p_event);
STREAM_TO_BDADDR(bda, p_event);
STREAM_TO_UINT8(link_type, p_event);
handle = HCID_GET_HANDLE(handle);
log_link_layer_connection_event(
&bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
// Read SDP_DI manufacturer, model, HW version from config,
// and log them
int sdp_di_manufacturer_id = 0;
int sdp_di_model_id = 0;
int sdp_di_hw_version = 0;
int sdp_di_vendor_id_source = 0;
std::string bda_string = bda.ToString();
btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_MANUFACTURER,
&sdp_di_manufacturer_id);
btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_MODEL,
&sdp_di_model_id);
btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_HW_VERSION,
&sdp_di_hw_version);
btif_config_get_int(bda_string, BT_CONFIG_KEY_SDP_DI_VENDOR_ID_SRC,
&sdp_di_vendor_id_source);
std::stringstream ss;
// [N - native]::SDP::[DIP - Device ID Profile]
ss << "N:SDP::DIP::" << loghex(sdp_di_vendor_id_source);
log_manufacturer_info(
bda, android::bluetooth::DeviceInfoSrcEnum::DEVICE_INFO_INTERNAL,
ss.str(), loghex(sdp_di_manufacturer_id), loghex(sdp_di_model_id),
loghex(sdp_di_hw_version), "");
// Read LMP version, subversion and manufacturer from config,
// and log them
int lmp_version = -1;
int lmp_subversion = -1;
int lmp_manufacturer_id = -1;
btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_VER,
&lmp_version);
btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_SUBVER,
&lmp_subversion);
btif_config_get_int(bda_string, BT_CONFIG_KEY_REMOTE_VER_MFCT,
&lmp_manufacturer_id);
bluetooth::common::LogRemoteVersionInfo(
handle, status, lmp_version, lmp_manufacturer_id, lmp_subversion);
break;
}
case HCI_CONNECTION_REQUEST_EVT: {
DEV_CLASS dc;
uint8_t link_type;
STREAM_TO_BDADDR(bda, p_event);
STREAM_TO_DEVCLASS(dc, p_event);
STREAM_TO_UINT8(link_type, p_event);
log_link_layer_connection_event(
&bda, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_INCOMING, link_type, cmd, evt_code,
android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
break;
}
case HCI_DISCONNECTION_COMP_EVT: {
STREAM_TO_UINT8(status, p_event);
STREAM_TO_UINT16(handle, p_event);
STREAM_TO_UINT8(reason, p_event);
handle = HCID_GET_HANDLE(handle);
log_link_layer_connection_event(
nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
break;
}
case HCI_ESCO_CONNECTION_COMP_EVT: {
uint8_t link_type;
STREAM_TO_UINT8(status, p_event);
STREAM_TO_UINT16(handle, p_event);
STREAM_TO_BDADDR(bda, p_event);
STREAM_TO_UINT8(link_type, p_event);
handle = HCID_GET_HANDLE(handle);
log_link_layer_connection_event(
&bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
break;
}
case HCI_ESCO_CONNECTION_CHANGED_EVT: {
STREAM_TO_UINT8(status, p_event);
STREAM_TO_UINT16(handle, p_event);
handle = HCID_GET_HANDLE(handle);
log_link_layer_connection_event(
nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
break;
}
}
}
/*******************************************************************************
*
* Function btu_hcif_process_event
*
* Description This function is called when an event is received from
* the Host Controller.
*
* Returns void
*
******************************************************************************/
void btu_hcif_process_event(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_msg) {
uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
uint8_t hci_evt_code, hci_evt_len;
uint8_t ble_sub_code;
STREAM_TO_UINT8(hci_evt_code, p);
STREAM_TO_UINT8(hci_evt_len, p);
// validate event size
if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
HCI_TRACE_WARNING("%s: evt:0x%2X, malformed event of size %hhd", __func__,
hci_evt_code, hci_evt_len);
return;
}
btu_hcif_log_event_metrics(hci_evt_code, p);
switch (hci_evt_code) {
case HCI_INQUIRY_COMP_EVT:
btu_hcif_inquiry_comp_evt(p);
break;
case HCI_INQUIRY_RESULT_EVT:
btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_STANDARD);
break;
case HCI_INQUIRY_RSSI_RESULT_EVT:
btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_WITH_RSSI);
break;
case HCI_EXTENDED_INQUIRY_RESULT_EVT:
btm_process_inq_results(p, hci_evt_len, BTM_INQ_RESULT_EXTENDED);
break;
case HCI_CONNECTION_COMP_EVT:
btu_hcif_connection_comp_evt(p, hci_evt_len);
break;
case HCI_CONNECTION_REQUEST_EVT:
btu_hcif_connection_request_evt(p);
break;
case HCI_DISCONNECTION_COMP_EVT:
btu_hcif_disconnection_comp_evt(p);
break;
case HCI_AUTHENTICATION_COMP_EVT:
btu_hcif_authentication_comp_evt(p);
break;
case HCI_RMT_NAME_REQUEST_COMP_EVT:
btu_hcif_rmt_name_request_comp_evt(p, hci_evt_len);
break;
case HCI_ENCRYPTION_CHANGE_EVT:
btu_hcif_encryption_change_evt(p);
break;
case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
btu_hcif_encryption_key_refresh_cmpl_evt(p);
break;
case HCI_READ_RMT_FEATURES_COMP_EVT:
btm_read_remote_features_complete_raw(p);
break;
case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
break;
case HCI_READ_RMT_VERSION_COMP_EVT:
btm_read_remote_version_complete_raw(p);
break;
case HCI_COMMAND_COMPLETE_EVT:
LOG_ERROR(
"%s should not have received a command complete event. "
"Someone didn't go through the hci transmit_command function.",
__func__);
break;
case HCI_COMMAND_STATUS_EVT:
LOG_ERROR(
"%s should not have received a command status event. "
"Someone didn't go through the hci transmit_command function.",
__func__);
break;
case HCI_HARDWARE_ERROR_EVT:
btu_hcif_hardware_error_evt(p);
break;
case HCI_ROLE_CHANGE_EVT:
btu_hcif_role_change_evt(p);
break;
case HCI_NUM_COMPL_DATA_PKTS_EVT:
acl_process_num_completed_pkts(p, hci_evt_len);
break;
case HCI_MODE_CHANGE_EVT:
btu_hcif_mode_change_evt(p);
break;
case HCI_PIN_CODE_REQUEST_EVT:
btm_sec_pin_code_request(p);
break;
case HCI_LINK_KEY_REQUEST_EVT:
btm_sec_link_key_request(p);
break;
case HCI_LINK_KEY_NOTIFICATION_EVT:
btu_hcif_link_key_notification_evt(p);
break;
case HCI_READ_CLOCK_OFF_COMP_EVT:
btu_hcif_read_clock_off_comp_evt(p);
break;
case HCI_ESCO_CONNECTION_COMP_EVT:
btu_hcif_esco_connection_comp_evt(p);
break;
case HCI_ESCO_CONNECTION_CHANGED_EVT:
btu_hcif_esco_connection_chg_evt(p);
break;
case HCI_SNIFF_SUB_RATE_EVT:
btm_pm_proc_ssr_evt(p, hci_evt_len);
break;
case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
btm_sec_rmt_host_support_feat_evt(p);
break;
case HCI_IO_CAPABILITY_REQUEST_EVT:
btu_hcif_io_cap_request_evt(p);
break;
case HCI_IO_CAPABILITY_RESPONSE_EVT:
btm_io_capabilities_rsp(p);
break;
case HCI_USER_CONFIRMATION_REQUEST_EVT:
btm_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
break;
case HCI_USER_PASSKEY_REQUEST_EVT:
btm_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
break;
case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
btm_rem_oob_req(p);
break;
case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
btm_simple_pair_complete(p);
break;
case HCI_USER_PASSKEY_NOTIFY_EVT:
btm_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
break;
case HCI_BLE_EVENT: {
STREAM_TO_UINT8(ble_sub_code, p);
uint8_t ble_evt_len = hci_evt_len - 1;
switch (ble_sub_code) {
case HCI_BLE_ADV_PKT_RPT_EVT: /* result of inquiry */
btm_ble_process_adv_pkt(ble_evt_len, p);
break;
case HCI_BLE_CONN_COMPLETE_EVT:
btm_ble_conn_complete(p, hci_evt_len, false);
break;
case HCI_BLE_LL_CONN_PARAM_UPD_EVT:
btu_ble_ll_conn_param_upd_evt(p, ble_evt_len);
break;
case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
btm_ble_read_remote_features_complete(p, ble_evt_len);
break;
case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */
btu_ble_proc_ltk_req(p, ble_evt_len);
break;
case HCI_BLE_ENHANCED_CONN_COMPLETE_EVT:
btm_ble_conn_complete(p, hci_evt_len, true);
break;
case HCI_BLE_RC_PARAM_REQ_EVT:
btu_ble_rc_param_req_evt(p, ble_evt_len);
break;
case HCI_BLE_DATA_LENGTH_CHANGE_EVT:
btu_ble_data_length_change_evt(p, hci_evt_len);
break;
case HCI_BLE_PHY_UPDATE_COMPLETE_EVT:
btm_ble_process_phy_update_pkt(ble_evt_len, p);
break;
case HCI_LE_EXTENDED_ADVERTISING_REPORT_EVT:
btm_ble_process_ext_adv_pkt(hci_evt_len, p);
break;
case HCI_LE_ADVERTISING_SET_TERMINATED_EVT:
btm_le_on_advertising_set_terminated(p, hci_evt_len);
break;
case HCI_BLE_REQ_PEER_SCA_CPL_EVT:
btm_acl_process_sca_cmpl_pkt(ble_evt_len, p);
break;
case HCI_BLE_PERIODIC_ADV_SYNC_EST_EVT:
btm_ble_process_periodic_adv_sync_est_evt(ble_evt_len, p);
break;
case HCI_BLE_PERIODIC_ADV_REPORT_EVT:
btm_ble_process_periodic_adv_pkt(ble_evt_len, p);
break;
case HCI_BLE_PERIODIC_ADV_SYNC_LOST_EVT:
btm_ble_process_periodic_adv_sync_lost_evt(ble_evt_len, p);
break;
case HCI_BLE_CIS_EST_EVT:
case HCI_BLE_CREATE_BIG_CPL_EVT:
case HCI_BLE_TERM_BIG_CPL_EVT:
case HCI_BLE_CIS_REQ_EVT:
case HCI_BLE_BIG_SYNC_EST_EVT:
case HCI_BLE_BIG_SYNC_LOST_EVT:
IsoManager::GetInstance()->HandleHciEvent(ble_sub_code, p,
ble_evt_len);
break;
}
break;
}
case HCI_VENDOR_SPECIFIC_EVT:
btm_vendor_specific_evt(p, hci_evt_len);
break;
}
}
static void btu_hcif_log_command_metrics(uint16_t opcode, uint8_t* p_cmd,
uint16_t cmd_status,
bool is_cmd_status) {
static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
if (!is_cmd_status) {
hci_event = android::bluetooth::hci::EVT_UNKNOWN;
cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
}
RawAddress bd_addr;
uint16_t handle;
uint8_t reason;
switch (opcode) {
case HCI_CREATE_CONNECTION:
case HCI_CREATE_CONNECTION_CANCEL:
STREAM_TO_BDADDR(bd_addr, p_cmd);
log_link_layer_connection_event(
&bd_addr, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_OUTGOING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
break;
case HCI_DISCONNECT:
STREAM_TO_UINT16(handle, p_cmd);
STREAM_TO_UINT8(reason, p_cmd);
log_link_layer_connection_event(
nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
kUnknownBleEvt, cmd_status, reason);
break;
case HCI_SETUP_ESCO_CONNECTION:
case HCI_ENH_SETUP_ESCO_CONNECTION:
STREAM_TO_UINT16(handle, p_cmd);
log_link_layer_connection_event(
nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
break;
case HCI_ACCEPT_CONNECTION_REQUEST:
case HCI_ACCEPT_ESCO_CONNECTION:
case HCI_ENH_ACCEPT_ESCO_CONNECTION:
STREAM_TO_BDADDR(bd_addr, p_cmd);
log_link_layer_connection_event(
&bd_addr, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_INCOMING,
android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
break;
case HCI_REJECT_CONNECTION_REQUEST:
case HCI_REJECT_ESCO_CONNECTION:
STREAM_TO_BDADDR(bd_addr, p_cmd);
STREAM_TO_UINT8(reason, p_cmd);
log_link_layer_connection_event(
&bd_addr, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_INCOMING,
android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
kUnknownBleEvt, cmd_status, reason);
break;
// BLE Commands
case HCI_BLE_CREATE_LL_CONN: {
p_cmd += 2; // Skip LE_Scan_Interval
p_cmd += 2; // Skip LE_Scan_Window;
uint8_t initiator_filter_policy;
STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
uint8_t peer_address_type;
STREAM_TO_UINT8(peer_address_type, p_cmd);
STREAM_TO_BDADDR(bd_addr, p_cmd);
// Peer address should not be used if initiator filter policy is not 0x00
const RawAddress* bd_addr_p = nullptr;
if (initiator_filter_policy == 0x00) {
bd_addr_p = &bd_addr;
if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
peer_address_type == BLE_ADDR_RANDOM_ID) {
// if identity address is not matched, this address is invalid
if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
false)) {
bd_addr_p = nullptr;
}
}
}
if (initiator_filter_policy == 0x00 ||
(cmd_status != HCI_SUCCESS && !is_cmd_status)) {
// Selectively log to avoid log spam due to acceptlist connections:
// - When doing non-acceptlist connection
// - When there is an error in command status
log_link_layer_connection_event(
bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_OUTGOING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
kUnknownBleEvt, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN);
}
break;
}
case HCI_LE_EXTENDED_CREATE_CONNECTION: {
uint8_t initiator_filter_policy;
STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
p_cmd += 1; // Skip Own_Address_Type
uint8_t peer_addr_type;
STREAM_TO_UINT8(peer_addr_type, p_cmd);
STREAM_TO_BDADDR(bd_addr, p_cmd);
// Peer address should not be used if initiator filter policy is not 0x00
const RawAddress* bd_addr_p = nullptr;
if (initiator_filter_policy == 0x00) {
bd_addr_p = &bd_addr;
// if identity address is not matched, this should be a static address
btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
}
if (initiator_filter_policy == 0x00 ||
(cmd_status != HCI_SUCCESS && !is_cmd_status)) {
// Selectively log to avoid log spam due to acceptlist connections:
// - When doing non-acceptlist connection
// - When there is an error in command status
log_link_layer_connection_event(
bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_OUTGOING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
kUnknownBleEvt, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN);
}
break;
}
case HCI_BLE_CREATE_CONN_CANCEL:
if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
// Only log errors to prevent log spam due to acceptlist connections
log_link_layer_connection_event(
nullptr, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_OUTGOING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
kUnknownBleEvt, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN);
}
break;
case HCI_BLE_CLEAR_ACCEPTLIST:
log_link_layer_connection_event(
nullptr, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_INCOMING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
break;
case HCI_BLE_ADD_ACCEPTLIST:
case HCI_BLE_REMOVE_ACCEPTLIST: {
uint8_t peer_addr_type;
STREAM_TO_UINT8(peer_addr_type, p_cmd);
STREAM_TO_BDADDR(bd_addr, p_cmd);
const RawAddress* bd_addr_p = nullptr;
// When peer_addr_type is 0xFF, bd_addr should be ignored per BT spec
if (peer_addr_type != BLE_ADDR_ANONYMOUS) {
bd_addr_p = &bd_addr;
bool addr_is_rpa = peer_addr_type == BLE_ADDR_RANDOM &&
BTM_BLE_IS_RESOLVE_BDA(bd_addr);
// Only try to match identity address for pseudo if address is not RPA
if (!addr_is_rpa) {
// if identity address is not matched, this should be a static address
btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
}
}
log_link_layer_connection_event(
bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_INCOMING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
break;
}
case HCI_READ_LOCAL_OOB_DATA:
log_classic_pairing_event(RawAddress::kEmpty,
bluetooth::common::kUnknownConnectionHandle,
opcode, hci_event, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN, 0);
break;
case HCI_WRITE_SIMPLE_PAIRING_MODE: {
uint8_t simple_pairing_mode;
STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
log_classic_pairing_event(
RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
opcode, hci_event, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN, simple_pairing_mode);
break;
}
case HCI_WRITE_SECURE_CONNS_SUPPORT: {
uint8_t secure_conn_host_support;
STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
log_classic_pairing_event(
RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
opcode, hci_event, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN, secure_conn_host_support);
break;
}
case HCI_AUTHENTICATION_REQUESTED:
STREAM_TO_UINT16(handle, p_cmd);
log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN, 0);
break;
case HCI_SET_CONN_ENCRYPTION: {
STREAM_TO_UINT16(handle, p_cmd);
uint8_t encryption_enable;
STREAM_TO_UINT8(encryption_enable, p_cmd);
log_classic_pairing_event(
RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
break;
}
case HCI_DELETE_STORED_LINK_KEY: {
uint8_t delete_all_flag;
STREAM_TO_BDADDR(bd_addr, p_cmd);
STREAM_TO_UINT8(delete_all_flag, p_cmd);
log_classic_pairing_event(
bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
delete_all_flag);
break;
}
case HCI_RMT_NAME_REQUEST:
case HCI_RMT_NAME_REQUEST_CANCEL:
case HCI_LINK_KEY_REQUEST_REPLY:
case HCI_LINK_KEY_REQUEST_NEG_REPLY:
case HCI_IO_CAPABILITY_REQUEST_REPLY:
case HCI_USER_CONF_REQUEST_REPLY:
case HCI_USER_CONF_VALUE_NEG_REPLY:
case HCI_USER_PASSKEY_REQ_REPLY:
case HCI_USER_PASSKEY_REQ_NEG_REPLY:
case HCI_REM_OOB_DATA_REQ_REPLY:
case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
STREAM_TO_BDADDR(bd_addr, p_cmd);
log_classic_pairing_event(
bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
break;
case HCI_IO_CAP_REQ_NEG_REPLY:
STREAM_TO_BDADDR(bd_addr, p_cmd);
STREAM_TO_UINT8(reason, p_cmd);
log_classic_pairing_event(bd_addr,
bluetooth::common::kUnknownConnectionHandle,
opcode, hci_event, cmd_status, reason, 0);
break;
}
}
/*******************************************************************************
*
* Function btu_hcif_send_cmd
*
* Description This function is called to send commands to the Host
* Controller.
*
* Returns void
*
******************************************************************************/
void btu_hcif_send_cmd(UNUSED_ATTR uint8_t controller_id, BT_HDR* p_buf) {
if (!p_buf) return;
uint16_t opcode;
uint8_t* stream = p_buf->data + p_buf->offset;
void* vsc_callback = NULL;
STREAM_TO_UINT16(opcode, stream);
// Eww...horrible hackery here
/* If command was a VSC, then extract command_complete callback */
if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC ||
(opcode == HCI_BLE_RAND) || (opcode == HCI_BLE_ENCRYPT)) {
vsc_callback = *((void**)(p_buf + 1));
}
// Skip parameter length before logging
stream++;
btu_hcif_log_command_metrics(opcode, stream,
android::bluetooth::hci::STATUS_UNKNOWN, false);
hci_layer_get_interface()->transmit_command(
p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt,
vsc_callback);
}
using hci_cmd_cb = base::OnceCallback;
struct cmd_with_cb_data {
hci_cmd_cb cb;
base::Location posted_from;
};
void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
new (&cb_wrapper->cb) hci_cmd_cb;
new (&cb_wrapper->posted_from) Location;
}
void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
cb_wrapper->cb.~hci_cmd_cb();
cb_wrapper->posted_from.~Location();
}
/**
* Log command complete events that is not handled individually in this file
* @param opcode opcode of the command
* @param p_return_params pointer to returned parameter after parameter length
* field
*/
static void btu_hcif_log_command_complete_metrics(uint16_t opcode,
uint8_t* p_return_params) {
uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
uint16_t hci_ble_event = android::bluetooth::hci::BLE_EVT_UNKNOWN;
RawAddress bd_addr = RawAddress::kEmpty;
switch (opcode) {
case HCI_BLE_CLEAR_ACCEPTLIST:
case HCI_BLE_ADD_ACCEPTLIST:
case HCI_BLE_REMOVE_ACCEPTLIST: {
STREAM_TO_UINT8(status, p_return_params);
log_link_layer_connection_event(
nullptr, bluetooth::common::kUnknownConnectionHandle,
android::bluetooth::DIRECTION_INCOMING,
android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, hci_ble_event,
status, reason);
break;
}
case HCI_DELETE_STORED_LINK_KEY:
case HCI_READ_LOCAL_OOB_DATA:
case HCI_WRITE_SIMPLE_PAIRING_MODE:
case HCI_WRITE_SECURE_CONNS_SUPPORT:
STREAM_TO_UINT8(status, p_return_params);
log_classic_pairing_event(RawAddress::kEmpty,
bluetooth::common::kUnknownConnectionHandle,
opcode, hci_event, status, reason, 0);
break;
case HCI_READ_ENCR_KEY_SIZE: {
uint16_t handle;
uint8_t key_size;
STREAM_TO_UINT8(status, p_return_params);
STREAM_TO_UINT16(handle, p_return_params);
STREAM_TO_UINT8(key_size, p_return_params);
log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
status, reason, key_size);
break;
}
case HCI_LINK_KEY_REQUEST_REPLY:
case HCI_LINK_KEY_REQUEST_NEG_REPLY:
case HCI_IO_CAPABILITY_REQUEST_REPLY:
case HCI_IO_CAP_REQ_NEG_REPLY:
case HCI_USER_CONF_REQUEST_REPLY:
case HCI_USER_CONF_VALUE_NEG_REPLY:
case HCI_USER_PASSKEY_REQ_REPLY:
case HCI_USER_PASSKEY_REQ_NEG_REPLY:
case HCI_REM_OOB_DATA_REQ_REPLY:
case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
STREAM_TO_UINT8(status, p_return_params);
STREAM_TO_BDADDR(bd_addr, p_return_params);
log_classic_pairing_event(bd_addr,
bluetooth::common::kUnknownConnectionHandle,
opcode, hci_event, status, reason, 0);
break;
}
}
static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
void* context) {
command_opcode_t opcode;
// 2 for event header: event code (1) + parameter length (1)
// 1 for num_hci_pkt command credit
uint8_t* stream = event->data + event->offset + 3;
STREAM_TO_UINT16(opcode, stream);
btu_hcif_log_command_complete_metrics(opcode, stream);
cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
HCI_TRACE_DEBUG("command complete for: %s",
cb_wrapper->posted_from.ToString().c_str());
// 2 for event header: event code (1) + parameter length (1)
// 3 for command complete header: num_hci_pkt (1) + opcode (2)
uint16_t param_len = static_cast(event->len - 5);
std::move(cb_wrapper->cb).Run(stream, param_len);
cmd_with_cb_data_cleanup(cb_wrapper);
osi_free(cb_wrapper);
osi_free(event);
}
static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
void* context) {
do_in_main_thread(FROM_HERE,
base::Bind(btu_hcif_command_complete_evt_with_cb_on_task,
response, context));
}
static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
BT_HDR* event,
void* context) {
command_opcode_t opcode;
uint8_t* stream = event->data + event->offset;
STREAM_TO_UINT16(opcode, stream);
CHECK(status != 0);
// stream + 1 to skip parameter length field
// No need to check length since stream is written by us
btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
// report command status error
cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
HCI_TRACE_DEBUG("command status for: %s",
cb_wrapper->posted_from.ToString().c_str());
std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
cmd_with_cb_data_cleanup(cb_wrapper);
osi_free(cb_wrapper);
osi_free(event);
}
static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
void* context) {
// Command is pending, we report only error.
if (!status) {
osi_free(command);
return;
}
do_in_main_thread(
FROM_HERE, base::Bind(btu_hcif_command_status_evt_with_cb_on_task, status,
command, context));
}
/* This function is called to send commands to the Host Controller. |cb| is
* called when command status event is called with error code, or when the
* command complete event is received. */
void btu_hcif_send_cmd_with_cb(const base::Location& posted_from,
uint16_t opcode, uint8_t* params,
uint8_t params_len, hci_cmd_cb cb) {
BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
uint8_t* pp = (uint8_t*)(p + 1);
p->len = HCIC_PREAMBLE_SIZE + params_len;
p->offset = 0;
UINT16_TO_STREAM(pp, opcode);
UINT8_TO_STREAM(pp, params_len);
if (params) {
memcpy(pp, params, params_len);
}
btu_hcif_log_command_metrics(opcode, pp,
android::bluetooth::hci::STATUS_UNKNOWN, false);
cmd_with_cb_data* cb_wrapper =
(cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
cmd_with_cb_data_init(cb_wrapper);
cb_wrapper->cb = std::move(cb);
cb_wrapper->posted_from = posted_from;
hci_layer_get_interface()->transmit_command(
p, btu_hcif_command_complete_evt_with_cb,
btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
}
/*******************************************************************************
*
* Function btu_hcif_inquiry_comp_evt
*
* Description Process event HCI_INQUIRY_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_inquiry_comp_evt(uint8_t* p) {
uint8_t status;
STREAM_TO_UINT8(status, p);
/* Tell inquiry processing that we are done */
btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
}
/*******************************************************************************
*
* Function btu_hcif_connection_comp_evt
*
* Description Process event HCI_CONNECTION_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_connection_comp_evt(uint8_t* p, uint8_t evt_len) {
uint8_t status;
uint16_t handle;
RawAddress bda;
uint8_t link_type;
uint8_t enc_mode;
tBTM_ESCO_DATA esco_data;
if (evt_len < 11) {
android_errorWriteLog(0x534e4554, "141619686");
HCI_TRACE_WARNING("%s: malformed event of size %hhd", __func__, evt_len);
return;
}
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_BDADDR(bda, p);
STREAM_TO_UINT8(link_type, p);
STREAM_TO_UINT8(enc_mode, p);
handle = HCID_GET_HANDLE(handle);
if (status != HCI_SUCCESS) {
HCI_TRACE_DEBUG(
"%s: Connection failed: status=%d, handle=%d, link_type=%d, "
"enc_mode=%d",
__func__, status, handle, link_type, enc_mode);
}
if (link_type == HCI_LINK_TYPE_ACL) {
btm_acl_connected(bda, handle, static_cast(status), enc_mode);
} else {
memset(&esco_data, 0, sizeof(tBTM_ESCO_DATA));
/* esco_data.link_type = HCI_LINK_TYPE_SCO; already zero */
esco_data.bd_addr = bda;
btm_sco_connected(static_cast(status), bda, handle,
&esco_data);
}
}
/*******************************************************************************
*
* Function btu_hcif_connection_request_evt
*
* Description Process event HCI_CONNECTION_REQUEST_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_connection_request_evt(uint8_t* p) {
RawAddress bda;
DEV_CLASS dc;
uint8_t link_type;
STREAM_TO_BDADDR(bda, p);
STREAM_TO_DEVCLASS(dc, p);
STREAM_TO_UINT8(link_type, p);
if (link_type == HCI_LINK_TYPE_ACL) {
btm_acl_connection_request(bda, dc);
} else {
btm_sco_conn_req(bda, dc, link_type);
}
}
/*******************************************************************************
*
* Function btu_hcif_disconnection_comp_evt
*
* Description Process event HCI_DISCONNECTION_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_disconnection_comp_evt(uint8_t* p) {
uint8_t status;
uint16_t handle;
uint8_t reason;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT8(reason, p);
handle = HCID_GET_HANDLE(handle);
btm_acl_disconnected(static_cast(status), handle,
static_cast(reason));
}
/*******************************************************************************
*
* Function btu_hcif_authentication_comp_evt
*
* Description Process event HCI_AUTHENTICATION_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_authentication_comp_evt(uint8_t* p) {
uint8_t status;
uint16_t handle;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
btm_sec_auth_complete(handle, static_cast(status));
}
/*******************************************************************************
*
* Function btu_hcif_rmt_name_request_comp_evt
*
* Description Process event HCI_RMT_NAME_REQUEST_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len) {
uint8_t status;
RawAddress bd_addr;
STREAM_TO_UINT8(status, p);
STREAM_TO_BDADDR(bd_addr, p);
evt_len -= (1 + BD_ADDR_LEN);
btm_process_remote_name(&bd_addr, p, evt_len, status);
btm_sec_rmt_name_request_complete(&bd_addr, p,
static_cast(status));
}
constexpr uint8_t MIN_KEY_SIZE = 7;
static void read_encryption_key_size_complete_after_encryption_change(uint8_t status, uint16_t handle,
uint8_t key_size) {
if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
/* If remote device stop the encryption before we call "Read Encryption Key
* Size", we might receive Insufficient Security, which means that link is
* no longer encrypted. */
LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
return;
}
if (status != HCI_SUCCESS) {
LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER);
return;
}
if (key_size < MIN_KEY_SIZE) {
android_errorWriteLog(0x534e4554, "124301137");
LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
<< " key_size: " << +key_size;
acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY);
return;
}
// good key size - succeed
btm_acl_encrypt_change(handle, static_cast(status),
1 /* enable */);
btm_sec_encrypt_change(handle, static_cast(status),
1 /* enable */);
}
/*******************************************************************************
*
* Function btu_hcif_encryption_change_evt
*
* Description Process event HCI_ENCRYPTION_CHANGE_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_encryption_change_evt(uint8_t* p) {
uint8_t status;
uint16_t handle;
uint8_t encr_enable;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT8(encr_enable, p);
if (status != HCI_SUCCESS || encr_enable == 0 || BTM_IsBleConnection(handle)) {
if (status == HCI_ERR_CONNECTION_TOUT) {
smp_cancel_start_encryption_attempt();
return;
}
btm_acl_encrypt_change(handle, static_cast(status),
encr_enable);
btm_sec_encrypt_change(handle, static_cast(status),
encr_enable);
} else {
btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_encryption_change));
}
}
/*******************************************************************************
*
* Function btu_hcif_read_rmt_ext_features_comp_evt
*
* Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
uint8_t evt_len) {
uint8_t* p_cur = p;
uint8_t status;
uint16_t handle;
STREAM_TO_UINT8(status, p_cur);
if (status == HCI_SUCCESS)
btm_read_remote_ext_features_complete_raw(p, evt_len);
else {
STREAM_TO_UINT16(handle, p_cur);
btm_read_remote_ext_features_failed(status, handle);
}
}
/*******************************************************************************
*
* Function btu_hcif_esco_connection_comp_evt
*
* Description Process event HCI_ESCO_CONNECTION_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_esco_connection_comp_evt(uint8_t* p) {
tBTM_ESCO_DATA data;
uint16_t handle;
RawAddress bda;
uint8_t status;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_BDADDR(bda, p);
STREAM_TO_UINT8(data.link_type, p);
STREAM_TO_UINT8(data.tx_interval, p);
STREAM_TO_UINT8(data.retrans_window, p);
STREAM_TO_UINT16(data.rx_pkt_len, p);
STREAM_TO_UINT16(data.tx_pkt_len, p);
STREAM_TO_UINT8(data.air_mode, p);
handle = HCID_GET_HANDLE(handle);
data.bd_addr = bda;
btm_sco_connected(static_cast(status), bda, handle, &data);
}
/*******************************************************************************
*
* Function btu_hcif_esco_connection_chg_evt
*
* Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
uint16_t handle;
uint16_t tx_pkt_len;
uint16_t rx_pkt_len;
uint8_t status;
uint8_t tx_interval;
uint8_t retrans_window;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT8(tx_interval, p);
STREAM_TO_UINT8(retrans_window, p);
STREAM_TO_UINT16(rx_pkt_len, p);
STREAM_TO_UINT16(tx_pkt_len, p);
handle = HCID_GET_HANDLE(handle);
btm_esco_proc_conn_chg(status, handle, tx_interval, retrans_window,
rx_pkt_len, tx_pkt_len);
}
/*******************************************************************************
*
* Function btu_hcif_hdl_command_complete
*
* Description Handle command complete event
*
* Returns void
*
******************************************************************************/
static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
uint16_t evt_len,
void* p_cplt_cback) {
switch (opcode) {
case HCI_INQUIRY_CANCEL:
/* Tell inquiry processing that we are done */
btm_process_cancel_complete(HCI_SUCCESS, BTM_BR_INQUIRY_MASK);
break;
case HCI_SET_EVENT_FILTER:
break;
case HCI_DELETE_STORED_LINK_KEY:
btm_delete_stored_link_key_complete(p, evt_len);
break;
case HCI_READ_LOCAL_NAME:
btm_read_local_name_complete(p, evt_len);
break;
case HCI_GET_LINK_QUALITY:
btm_read_link_quality_complete(p);
break;
case HCI_READ_RSSI:
btm_read_rssi_complete(p);
break;
case HCI_READ_FAILED_CONTACT_COUNTER:
btm_read_failed_contact_counter_complete(p);
break;
case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
btm_read_automatic_flush_timeout_complete(p);
break;
case HCI_READ_TRANSMIT_POWER_LEVEL:
btm_read_tx_power_complete(p, false);
break;
case HCI_CREATE_CONNECTION_CANCEL:
btm_create_conn_cancel_complete(p, evt_len);
break;
case HCI_READ_LOCAL_OOB_DATA:
btm_read_local_oob_complete(p, evt_len);
break;
case HCI_READ_INQ_TX_POWER_LEVEL:
break;
/* BLE Commands sComplete*/
case HCI_BLE_RAND:
case HCI_BLE_ENCRYPT:
btm_ble_rand_enc_complete(p, opcode, (tBTM_RAND_ENC_CB*)p_cplt_cback);
break;
case HCI_BLE_READ_ADV_CHNL_TX_POWER:
btm_read_tx_power_complete(p, true);
break;
case HCI_BLE_WRITE_ADV_ENABLE:
btm_ble_write_adv_enable_complete(p, evt_len);
break;
case HCI_BLE_CREATE_LL_CONN:
case HCI_LE_EXTENDED_CREATE_CONNECTION:
// No command complete event for those commands according to spec
LOG(ERROR) << "No command complete expected, but received!";
break;
case HCI_BLE_CREATE_CONN_CANCEL:
btm_ble_create_conn_cancel_complete(p);
break;
case HCI_BLE_TRANSMITTER_TEST:
case HCI_BLE_RECEIVER_TEST:
case HCI_BLE_TEST_END:
btm_ble_test_command_complete(p);
break;
case HCI_BLE_ADD_DEV_RESOLVING_LIST:
btm_ble_add_resolving_list_entry_complete(p, evt_len);
break;
case HCI_BLE_RM_DEV_RESOLVING_LIST:
btm_ble_remove_resolving_list_entry_complete(p, evt_len);
break;
case HCI_BLE_CLEAR_RESOLVING_LIST:
btm_ble_clear_resolving_list_complete(p, evt_len);
break;
case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
btm_ble_read_resolving_list_entry_complete(p, evt_len);
break;
case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
break;
default:
if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC)
btm_vsc_complete(p, opcode, evt_len, (tBTM_VSC_CMPL_CB*)p_cplt_cback);
break;
}
}
/*******************************************************************************
*
* Function btu_hcif_command_complete_evt
*
* Description Process event HCI_COMMAND_COMPLETE_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_command_complete_evt_on_task(BT_HDR* event,
void* context) {
command_opcode_t opcode;
// 2 for event header: event code (1) + parameter length (1)
// 1 for num_hci_pkt command credit
uint8_t* stream = event->data + event->offset + 3;
STREAM_TO_UINT16(opcode, stream);
btu_hcif_log_command_complete_metrics(opcode, stream);
// 2 for event header: event code (1) + parameter length (1)
// 3 for command complete header: num_hci_pkt (1) + opcode (2)
uint16_t param_len = static_cast(event->len - 5);
btu_hcif_hdl_command_complete(opcode, stream, param_len, context);
osi_free(event);
}
static void btu_hcif_command_complete_evt(BT_HDR* response, void* context) {
do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_complete_evt_on_task,
response, context));
}
/*******************************************************************************
*
* Function btu_hcif_hdl_command_status
*
* Description Handle a command status event
*
* Returns void
*
******************************************************************************/
static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
uint8_t* p_cmd,
void* p_vsc_status_cback) {
CHECK_NE(p_cmd, nullptr) << "Null command for opcode 0x" << loghex(opcode);
p_cmd++; // Skip parameter total length
RawAddress bd_addr;
uint16_t handle;
switch (opcode) {
// Link Control Commands
case HCI_INQUIRY:
if (status != HCI_SUCCESS) {
// Tell inquiry processing that we are done
btm_process_inq_complete(status, BTM_BR_INQUIRY_MASK);
}
break;
case HCI_SWITCH_ROLE:
if (status != HCI_SUCCESS) {
// Tell BTM that the command failed
STREAM_TO_BDADDR(bd_addr, p_cmd);
btm_acl_role_changed(static_cast(status), bd_addr,
HCI_ROLE_UNKNOWN);
}
break;
case HCI_CREATE_CONNECTION:
if (status != HCI_SUCCESS) {
STREAM_TO_BDADDR(bd_addr, p_cmd);
btm_acl_connected(bd_addr, HCI_INVALID_HANDLE,
static_cast(status), 0);
}
break;
case HCI_AUTHENTICATION_REQUESTED:
if (status != HCI_SUCCESS) {
// Device refused to start authentication
// This is treated as an authentication failure
btm_sec_auth_complete(HCI_INVALID_HANDLE,
static_cast(status));
}
break;
case HCI_SET_CONN_ENCRYPTION:
if (status != HCI_SUCCESS) {
// Device refused to start encryption
// This is treated as an encryption failure
btm_sec_encrypt_change(HCI_INVALID_HANDLE,
static_cast(status), false);
}
break;
case HCI_RMT_NAME_REQUEST:
if (status != HCI_SUCCESS) {
// Tell inquiry processing that we are done
btm_process_remote_name(nullptr, nullptr, 0, status);
btm_sec_rmt_name_request_complete(nullptr, nullptr,
static_cast(status));
}
break;
case HCI_READ_RMT_EXT_FEATURES:
if (status != HCI_SUCCESS) {
STREAM_TO_UINT16(handle, p_cmd);
btm_read_remote_ext_features_failed(status, handle);
}
break;
case HCI_SETUP_ESCO_CONNECTION:
case HCI_ENH_SETUP_ESCO_CONNECTION:
if (status != HCI_SUCCESS) {
STREAM_TO_UINT16(handle, p_cmd);
// Determine if initial connection failed or is a change of setup
if (btm_is_sco_active(handle)) {
btm_esco_proc_conn_chg(status, handle, 0, 0, 0, 0);
}
}
break;
// BLE Commands
case HCI_BLE_CREATE_LL_CONN:
case HCI_LE_EXTENDED_CREATE_CONNECTION:
if (status != HCI_SUCCESS) {
btm_ble_create_ll_conn_complete(static_cast(status));
}
break;
case HCI_BLE_START_ENC:
// Race condition: disconnection happened right before we send
// "LE Encrypt", controller responds with no connection, we should
// cancel the encryption attempt, rather than unpair the device.
if (status == HCI_ERR_NO_CONNECTION) {
smp_cancel_start_encryption_attempt();
}
break;
// Link Policy Commands
case HCI_EXIT_SNIFF_MODE:
case HCI_EXIT_PARK_MODE:
if (status != HCI_SUCCESS) {
// Allow SCO initiation to continue if waiting for change mode event
STREAM_TO_UINT16(handle, p_cmd);
btm_sco_chk_pend_unpark(static_cast(status), handle);
}
FALLTHROUGH_INTENDED; /* FALLTHROUGH */
case HCI_HOLD_MODE:
case HCI_SNIFF_MODE:
case HCI_PARK_MODE:
btm_pm_proc_cmd_status(static_cast(status));
break;
default:
if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC) {
btm_vsc_complete(&status, opcode, 1,
(tBTM_VSC_CMPL_CB*)p_vsc_status_cback);
}
}
}
/*******************************************************************************
*
* Function btu_hcif_command_status_evt
*
* Description Process event HCI_COMMAND_STATUS_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event,
void* context) {
command_opcode_t opcode;
uint8_t* stream = event->data + event->offset;
STREAM_TO_UINT16(opcode, stream);
// stream + 1 to skip parameter length field
// No need to check length since stream is written by us
btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
btu_hcif_hdl_command_status(opcode, status, stream, context);
osi_free(event);
}
static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
void* context) {
do_in_main_thread(FROM_HERE, base::Bind(btu_hcif_command_status_evt_on_task,
status, command, context));
}
/*******************************************************************************
*
* Function btu_hcif_hardware_error_evt
*
* Description Process event HCI_HARDWARE_ERROR_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_hardware_error_evt(uint8_t* p) {
HCI_TRACE_ERROR("Ctlr H/w error event - code:0x%x", *p);
if (hci_is_root_inflammation_event_received()) {
// Ignore the hardware error event here as we have already received
// root inflammation event earlier.
HCI_TRACE_ERROR("H/w error event after root inflammation event!");
return;
}
BTA_sys_signal_hw_error();
}
/*******************************************************************************
*
* Function btu_hcif_role_change_evt
*
* Description Process event HCI_ROLE_CHANGE_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_role_change_evt(uint8_t* p) {
uint8_t status;
RawAddress bda;
uint8_t role;
STREAM_TO_UINT8(status, p);
STREAM_TO_BDADDR(bda, p);
STREAM_TO_UINT8(role, p);
btm_rejectlist_role_change_device(bda, status);
btm_acl_role_changed(to_hci_status_code(status), bda, to_hci_role(role));
}
/*******************************************************************************
*
* Function btu_hcif_mode_change_evt
*
* Description Process event HCI_MODE_CHANGE_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_mode_change_evt(uint8_t* p) {
uint8_t status;
uint16_t handle;
uint8_t current_mode;
uint16_t interval;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT8(current_mode, p);
STREAM_TO_UINT16(interval, p);
btm_sco_chk_pend_unpark(static_cast(status), handle);
btm_pm_proc_mode_change(static_cast(status), handle,
static_cast(current_mode), interval);
#if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
hidd_pm_proc_mode_change(status, current_mode, interval);
#endif
}
/*******************************************************************************
*
* Function btu_hcif_link_key_notification_evt
*
* Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_link_key_notification_evt(uint8_t* p) {
RawAddress bda;
Octet16 key;
uint8_t key_type;
STREAM_TO_BDADDR(bda, p);
STREAM_TO_ARRAY16(key.data(), p);
STREAM_TO_UINT8(key_type, p);
btm_sec_link_key_notification(bda, key, key_type);
}
/*******************************************************************************
*
* Function btu_hcif_read_clock_off_comp_evt
*
* Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
uint8_t status;
uint16_t handle;
uint16_t clock_offset;
STREAM_TO_UINT8(status, p);
/* If failed to get clock offset just drop the result */
if (status != HCI_SUCCESS) return;
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT16(clock_offset, p);
handle = HCID_GET_HANDLE(handle);
btm_sec_update_clock_offset(handle, clock_offset);
}
/**********************************************
* Simple Pairing Events
**********************************************/
/*******************************************************************************
*
* Function btu_hcif_io_cap_request_evt
*
* Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
*
* Returns void
*
******************************************************************************/
static void btu_hcif_io_cap_request_evt(uint8_t* p) {
RawAddress bda;
STREAM_TO_BDADDR(bda, p);
btm_io_capabilities_req(bda);
}
/**********************************************
* End of Simple Pairing Events
**********************************************/
static void read_encryption_key_size_complete_after_key_refresh(uint8_t status, uint16_t handle, uint8_t key_size) {
if (status == HCI_ERR_INSUFFCIENT_SECURITY) {
/* If remote device stop the encryption before we call "Read Encryption Key
* Size", we might receive Insufficient Security, which means that link is
* no longer encrypted. */
LOG(INFO) << __func__ << ": encryption stopped on link: " << loghex(handle);
return;
}
if (status != HCI_SUCCESS) {
LOG(INFO) << __func__ << ": disconnecting, status: " << loghex(status);
acl_disconnect_from_handle(handle, HCI_ERR_PEER_USER);
return;
}
if (key_size < MIN_KEY_SIZE) {
android_errorWriteLog(0x534e4554, "124301137");
LOG(ERROR) << __func__ << " encryption key too short, disconnecting. handle: " << loghex(handle)
<< " key_size: " << +key_size;
acl_disconnect_from_handle(handle, HCI_ERR_HOST_REJECT_SECURITY);
return;
}
btm_sec_encrypt_change(handle, static_cast(status),
1 /* enc_enable */);
}
static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
uint8_t status;
uint16_t handle;
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
if (status != HCI_SUCCESS || BTM_IsBleConnection(handle)) {
btm_sec_encrypt_change(handle, static_cast(status),
(status == HCI_SUCCESS) ? 1 : 0);
} else {
btsnd_hcic_read_encryption_key_size(handle, base::Bind(&read_encryption_key_size_complete_after_key_refresh));
}
}
/**********************************************
* BLE Events
**********************************************/
extern void gatt_notify_conn_update(const RawAddress& remote, uint16_t interval,
uint16_t latency, uint16_t timeout,
tHCI_STATUS status);
static void btu_ble_ll_conn_param_upd_evt(uint8_t* p, uint16_t evt_len) {
/* LE connection update has completed successfully as a central. */
/* We can enable the update request if the result is a success. */
/* extract the HCI handle first */
uint8_t status;
uint16_t handle;
uint16_t interval;
uint16_t latency;
uint16_t timeout;
if (evt_len < 9) {
LOG_ERROR("Bogus event packet, too short");
return;
}
STREAM_TO_UINT8(status, p);
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT16(interval, p);
STREAM_TO_UINT16(latency, p);
STREAM_TO_UINT16(timeout, p);
acl_ble_update_event_received(static_cast(status), handle,
interval, latency, timeout);
}
static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len) {
uint16_t ediv, handle;
uint8_t* pp;
// following the spec in Core_v5.3/Vol 4/Part E
// / 7.7.65.5 LE Long Term Key Request event
// A BLE Long Term Key Request event contains:
// - 1-byte subevent (already consumed in btu_hcif_process_event)
// - 2-byte connection handler
// - 8-byte random number
// - 2 byte Encrypted_Diversifier
if (evt_len < 2 + 8 + 2) {
LOG_ERROR("Event packet too short");
return;
}
STREAM_TO_UINT16(handle, p);
pp = p + 8;
STREAM_TO_UINT16(ediv, pp);
btm_ble_ltk_request(handle, p, ediv);
/* This is empty until an upper layer cares about returning event */
}
static void btu_ble_data_length_change_evt(uint8_t* p, uint16_t evt_len) {
uint16_t handle;
uint16_t tx_data_len;
uint16_t rx_data_len;
if (!controller_get_interface()->supports_ble_packet_extension()) {
HCI_TRACE_WARNING("%s, request not supported", __func__);
return;
}
// 2 bytes each for handle, tx_data_len, TxTimer, rx_data_len
if (evt_len < 8) {
LOG_ERROR("Event packet too short");
return;
}
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT16(tx_data_len, p);
p += 2; /* Skip the TxTimer */
STREAM_TO_UINT16(rx_data_len, p);
l2cble_process_data_length_change_event(handle, tx_data_len, rx_data_len);
}
/**********************************************
* End of BLE Events Handler
**********************************************/
static void btu_ble_rc_param_req_evt(uint8_t* p, uint8_t len) {
uint16_t handle;
uint16_t int_min, int_max, latency, timeout;
if (len < 10) {
LOG(ERROR) << __func__ << "bogus event packet, too short";
return;
}
STREAM_TO_UINT16(handle, p);
STREAM_TO_UINT16(int_min, p);
STREAM_TO_UINT16(int_max, p);
STREAM_TO_UINT16(latency, p);
STREAM_TO_UINT16(timeout, p);
l2cble_process_rc_param_request_evt(handle, int_min, int_max, latency,
timeout);
}