1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include "stack/include/btu_hcif.h"
31
32 #include <base/functional/bind.h>
33 #include <base/location.h>
34 #include <bluetooth/log.h>
35 #include <com_android_bluetooth_flags.h>
36
37 #include <cstdint>
38
39 #include "btm_iso_api.h"
40 #include "common/metrics.h"
41 #include "internal_include/bt_target.h"
42 #include "main/shim/hci_layer.h"
43 #include "osi/include/allocator.h"
44 #include "stack/include/acl_api.h"
45 #include "stack/include/acl_hci_link_interface.h"
46 #include "stack/include/ble_hci_link_interface.h"
47 #include "stack/include/bt_hdr.h"
48 #include "stack/include/bt_types.h"
49 #include "stack/include/btm_ble_addr.h"
50 #include "stack/include/btm_iso_api.h"
51 #include "stack/include/btm_sec_api_types.h"
52 #include "stack/include/btm_status.h"
53 #include "stack/include/btu_hcif.h"
54 #include "stack/include/dev_hci_link_interface.h"
55 #include "stack/include/hci_error_code.h"
56 #include "stack/include/hci_evt_length.h"
57 #include "stack/include/inq_hci_link_interface.h"
58 #include "stack/include/main_thread.h"
59 #include "stack/include/sco_hci_link_interface.h"
60 #include "stack/include/sec_hci_link_interface.h"
61 #include "stack/include/smp_api.h"
62 #include "stack/include/stack_metrics_logging.h"
63 #include "types/hci_role.h"
64 #include "types/raw_address.h"
65
66 using namespace bluetooth;
67 using base::Location;
68 using bluetooth::hci::IsoManager;
69
70 /******************************************************************************/
71 /* L O C A L F U N C T I O N P R O T O T Y P E S */
72 /******************************************************************************/
73 static void btu_hcif_authentication_comp_evt(uint8_t* p);
74 static void btu_hcif_encryption_change_evt(uint8_t* p);
75 static void btu_hcif_encryption_change_evt_v2(uint8_t* p);
76 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p, uint8_t evt_len);
77 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
78 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command, void* context);
79 static void btu_hcif_mode_change_evt(uint8_t* p);
80 static void btu_hcif_link_key_notification_evt(const uint8_t* p);
81 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
82 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p);
83 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
84
85 /* Parsing functions for btm functions */
86
87 static void btu_hcif_sec_pin_code_request(const uint8_t* p);
88 static void btu_hcif_sec_link_key_request(const uint8_t* p);
89 static void btu_hcif_sec_rmt_host_support_feat_evt(const uint8_t* p);
90 static void btu_hcif_proc_sp_req_evt(tBTM_SP_EVT event, const uint8_t* p);
91 static void btu_hcif_rem_oob_req(const uint8_t* p);
92 static void btu_hcif_simple_pair_complete(const uint8_t* p);
93 static void btu_hcif_proc_sp_req_evt(const tBTM_SP_EVT event, const uint8_t* p);
94 static void btu_hcif_create_conn_cancel_complete(const uint8_t* p, uint16_t evt_len);
95 static void btu_hcif_read_local_oob_complete(const uint8_t* p, uint16_t evt_len);
96 static void btu_hcif_read_local_oob_extended_complete(const uint8_t* p, uint16_t evt_len);
97
98 /* Simple Pairing Events */
99 static void btu_hcif_io_cap_request_evt(const uint8_t* p);
100 static void btu_hcif_io_cap_response_evt(const uint8_t* p);
101
102 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len);
103 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
104
105 /**
106 * Log HCI event metrics that are not handled in special functions
107 * @param evt_code event code
108 * @param p_event pointer to event parameter, skipping paremter length
109 */
btu_hcif_log_event_metrics(uint8_t evt_code,const uint8_t * p_event)110 static void btu_hcif_log_event_metrics(uint8_t evt_code, const uint8_t* p_event) {
111 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
112 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
113 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
114 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
115 int64_t value = 0;
116
117 RawAddress bda = RawAddress::kEmpty;
118 switch (evt_code) {
119 case HCI_IO_CAPABILITY_REQUEST_EVT:
120 case HCI_IO_CAPABILITY_RESPONSE_EVT:
121 case HCI_LINK_KEY_REQUEST_EVT:
122 case HCI_LINK_KEY_NOTIFICATION_EVT:
123 case HCI_USER_PASSKEY_REQUEST_EVT:
124 case HCI_USER_PASSKEY_NOTIFY_EVT:
125 case HCI_USER_CONFIRMATION_REQUEST_EVT:
126 case HCI_KEYPRESS_NOTIFY_EVT:
127 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
128 STREAM_TO_BDADDR(bda, p_event);
129 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason, value);
130 break;
131 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
132 STREAM_TO_UINT8(status, p_event);
133 STREAM_TO_BDADDR(bda, p_event);
134 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason, value);
135 break;
136 case HCI_AUTHENTICATION_COMP_EVT:
137 STREAM_TO_UINT8(status, p_event);
138 STREAM_TO_UINT16(handle, p_event);
139 handle = HCID_GET_HANDLE(handle);
140 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason, value);
141 break;
142 case HCI_ENCRYPTION_CHANGE_EVT: {
143 uint8_t encryption_enabled;
144 STREAM_TO_UINT8(status, p_event);
145 STREAM_TO_UINT16(handle, p_event);
146 STREAM_TO_UINT8(encryption_enabled, p_event);
147 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason, encryption_enabled);
148 break;
149 }
150 case HCI_ENCRYPTION_CHANGE_EVT_V2: {
151 uint8_t encryption_enabled;
152 uint8_t key_size;
153 STREAM_TO_UINT8(status, p_event);
154 STREAM_TO_UINT16(handle, p_event);
155 STREAM_TO_UINT8(encryption_enabled, p_event);
156 STREAM_TO_UINT8(key_size, p_event);
157 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason, encryption_enabled);
158 break;
159 }
160 case HCI_ESCO_CONNECTION_COMP_EVT: {
161 uint8_t link_type;
162 STREAM_TO_UINT8(status, p_event);
163 STREAM_TO_UINT16(handle, p_event);
164 STREAM_TO_BDADDR(bda, p_event);
165 STREAM_TO_UINT8(link_type, p_event);
166 handle = HCID_GET_HANDLE(handle);
167 log_link_layer_connection_event(&bda, handle, android::bluetooth::DIRECTION_UNKNOWN,
168 link_type, cmd, evt_code,
169 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
170 break;
171 }
172 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
173 STREAM_TO_UINT8(status, p_event);
174 STREAM_TO_UINT16(handle, p_event);
175 handle = HCID_GET_HANDLE(handle);
176 log_link_layer_connection_event(nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
177 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
178 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
179 break;
180 }
181 // Ignore these events
182 case HCI_BLE_EVENT:
183 break;
184 case HCI_VENDOR_SPECIFIC_EVT:
185 break;
186
187 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
188 case HCI_CONNECTION_REQUEST_EVT: // EventCode::CONNECTION_REQUEST
189 case HCI_DISCONNECTION_COMP_EVT: // EventCode::DISCONNECTION_COMPLETE
190 case HCI_RMT_NAME_REQUEST_COMP_EVT: // EventCode::REMOTE_NAME_REQUEST_COMPLETE
191 default:
192 log::error(
193 "Unexpectedly received event_code:0x{:02x} that should not be "
194 "handled here",
195 evt_code);
196 break;
197 }
198 }
199
200 /*******************************************************************************
201 *
202 * Function btu_hcif_process_event
203 *
204 * Description This function is called when an event is received from
205 * the Host Controller.
206 *
207 * Returns void
208 *
209 ******************************************************************************/
btu_hcif_process_event(uint8_t,const BT_HDR * p_msg)210 static void btu_hcif_process_event(uint8_t /* controller_id */, const BT_HDR* p_msg) {
211 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
212 uint8_t hci_evt_code, hci_evt_len;
213 uint8_t ble_sub_code;
214 STREAM_TO_UINT8(hci_evt_code, p);
215 STREAM_TO_UINT8(hci_evt_len, p);
216
217 // validate event size
218 if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
219 log::warn("evt:0x{:2X}, malformed event of size {}", hci_evt_code, hci_evt_len);
220 return;
221 }
222
223 btu_hcif_log_event_metrics(hci_evt_code, p);
224
225 switch (hci_evt_code) {
226 case HCI_AUTHENTICATION_COMP_EVT:
227 btu_hcif_authentication_comp_evt(p);
228 break;
229 case HCI_ENCRYPTION_CHANGE_EVT:
230 btu_hcif_encryption_change_evt(p);
231 break;
232 case HCI_ENCRYPTION_CHANGE_EVT_V2:
233 btu_hcif_encryption_change_evt_v2(p);
234 break;
235 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
236 btu_hcif_encryption_key_refresh_cmpl_evt(p);
237 break;
238 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
239 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
240 break;
241 case HCI_COMMAND_COMPLETE_EVT:
242 log::error(
243 "should not have received a command complete event. Someone didn't "
244 "go through the hci transmit_command function.");
245 break;
246 case HCI_COMMAND_STATUS_EVT:
247 log::error(
248 "should not have received a command status event. Someone didn't go "
249 "through the hci transmit_command function.");
250 break;
251 case HCI_MODE_CHANGE_EVT:
252 btu_hcif_mode_change_evt(p);
253 break;
254 case HCI_PIN_CODE_REQUEST_EVT:
255 btu_hcif_sec_pin_code_request(p);
256 break;
257 case HCI_LINK_KEY_REQUEST_EVT:
258 btu_hcif_sec_link_key_request(p);
259 break;
260 case HCI_LINK_KEY_NOTIFICATION_EVT:
261 btu_hcif_link_key_notification_evt(p);
262 break;
263 case HCI_READ_CLOCK_OFF_COMP_EVT:
264 btu_hcif_read_clock_off_comp_evt(p);
265 break;
266 case HCI_ESCO_CONNECTION_COMP_EVT:
267 btu_hcif_esco_connection_comp_evt(p);
268 break;
269 case HCI_ESCO_CONNECTION_CHANGED_EVT:
270 btu_hcif_esco_connection_chg_evt(p);
271 break;
272 case HCI_SNIFF_SUB_RATE_EVT:
273 btm_pm_proc_ssr_evt(p, hci_evt_len);
274 break;
275 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
276 btu_hcif_sec_rmt_host_support_feat_evt(p);
277 break;
278 case HCI_IO_CAPABILITY_REQUEST_EVT:
279 btu_hcif_io_cap_request_evt(p);
280 break;
281 case HCI_IO_CAPABILITY_RESPONSE_EVT:
282 btu_hcif_io_cap_response_evt(p);
283 break;
284 case HCI_USER_CONFIRMATION_REQUEST_EVT:
285 btu_hcif_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
286 break;
287 case HCI_USER_PASSKEY_REQUEST_EVT:
288 btu_hcif_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
289 break;
290 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
291 btu_hcif_rem_oob_req(p);
292 break;
293 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
294 btu_hcif_simple_pair_complete(p);
295 break;
296 case HCI_USER_PASSKEY_NOTIFY_EVT:
297 btu_hcif_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
298 break;
299
300 case HCI_BLE_EVENT: {
301 STREAM_TO_UINT8(ble_sub_code, p);
302
303 uint8_t ble_evt_len = hci_evt_len - 1;
304 switch (ble_sub_code) {
305 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
306 btm_ble_read_remote_features_complete(p, ble_evt_len);
307 break;
308 case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */
309 btu_ble_proc_ltk_req(p, ble_evt_len);
310 break;
311
312 case HCI_BLE_REQ_PEER_SCA_CPL_EVT:
313 btm_acl_process_sca_cmpl_pkt(ble_evt_len, p);
314 break;
315
316 case HCI_BLE_CIS_EST_EVT:
317 case HCI_BLE_CREATE_BIG_CPL_EVT:
318 case HCI_BLE_TERM_BIG_CPL_EVT:
319 case HCI_BLE_CIS_REQ_EVT:
320 case HCI_BLE_BIG_SYNC_EST_EVT:
321 case HCI_BLE_BIG_SYNC_LOST_EVT:
322 IsoManager::GetInstance()->HandleHciEvent(ble_sub_code, p, ble_evt_len);
323 break;
324
325 default:
326 log::error(
327 "Unexpectedly received LE sub_event_code:0x{:02x} that should "
328 "not be handled here",
329 ble_sub_code);
330 break;
331 }
332 } break;
333
334 // Events now captured by gd::hci_layer module
335 case HCI_VENDOR_SPECIFIC_EVT:
336 case HCI_HARDWARE_ERROR_EVT:
337 case HCI_NUM_COMPL_DATA_PKTS_EVT: // EventCode::NUMBER_OF_COMPLETED_PACKETS
338 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
339 case HCI_CONNECTION_REQUEST_EVT: // EventCode::CONNECTION_REQUEST
340 case HCI_READ_RMT_FEATURES_COMP_EVT: // EventCode::READ_REMOTE_SUPPORTED_FEATURES_COMPLETE
341 case HCI_READ_RMT_VERSION_COMP_EVT: // EventCode::READ_REMOTE_VERSION_INFORMATION_COMPLETE
342 case HCI_ROLE_CHANGE_EVT: // EventCode::ROLE_CHANGE
343 case HCI_DISCONNECTION_COMP_EVT: // EventCode::DISCONNECTION_COMPLETE
344 case HCI_RMT_NAME_REQUEST_COMP_EVT: // EventCode::REMOTE_NAME_REQUEST_COMPLETE
345 default:
346 log::error(
347 "Unexpectedly received event_code:0x{:02x} that should not be "
348 "handled here",
349 hci_evt_code);
350 break;
351 }
352 }
353
btu_hcif_log_command_metrics(uint16_t opcode,const uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)354 static void btu_hcif_log_command_metrics(uint16_t opcode, const uint8_t* p_cmd, uint16_t cmd_status,
355 bool is_cmd_status) {
356 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
357
358 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
359 if (!is_cmd_status) {
360 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
361 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
362 }
363
364 RawAddress bd_addr;
365 uint16_t handle;
366 uint8_t reason;
367
368 switch (opcode) {
369 case HCI_CREATE_CONNECTION:
370 case HCI_CREATE_CONNECTION_CANCEL:
371 STREAM_TO_BDADDR(bd_addr, p_cmd);
372 log_link_layer_connection_event(
373 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
374 android::bluetooth::DIRECTION_OUTGOING, android::bluetooth::LINK_TYPE_ACL, opcode,
375 hci_event, kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
376 break;
377 case HCI_DISCONNECT:
378 STREAM_TO_UINT16(handle, p_cmd);
379 STREAM_TO_UINT8(reason, p_cmd);
380 log_link_layer_connection_event(nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
381 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
382 kUnknownBleEvt, cmd_status, reason);
383 break;
384 case HCI_SETUP_ESCO_CONNECTION:
385 case HCI_ENH_SETUP_ESCO_CONNECTION:
386 STREAM_TO_UINT16(handle, p_cmd);
387 log_link_layer_connection_event(nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
388 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
389 kUnknownBleEvt, cmd_status,
390 android::bluetooth::hci::STATUS_UNKNOWN);
391 break;
392 case HCI_ACCEPT_CONNECTION_REQUEST:
393 case HCI_ACCEPT_ESCO_CONNECTION:
394 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
395 STREAM_TO_BDADDR(bd_addr, p_cmd);
396 log_link_layer_connection_event(
397 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
398 android::bluetooth::DIRECTION_INCOMING, android::bluetooth::LINK_TYPE_UNKNOWN, opcode,
399 hci_event, kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
400 break;
401 case HCI_REJECT_CONNECTION_REQUEST:
402 case HCI_REJECT_ESCO_CONNECTION:
403 STREAM_TO_BDADDR(bd_addr, p_cmd);
404 STREAM_TO_UINT8(reason, p_cmd);
405 log_link_layer_connection_event(&bd_addr, bluetooth::common::kUnknownConnectionHandle,
406 android::bluetooth::DIRECTION_INCOMING,
407 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
408 kUnknownBleEvt, cmd_status, reason);
409 break;
410
411 // BLE Commands
412 case HCI_BLE_CREATE_LL_CONN: {
413 p_cmd += 2; // Skip LE_Scan_Interval
414 p_cmd += 2; // Skip LE_Scan_Window;
415 uint8_t initiator_filter_policy;
416 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
417 uint8_t peer_address_type;
418 STREAM_TO_UINT8(peer_address_type, p_cmd);
419 STREAM_TO_BDADDR(bd_addr, p_cmd);
420 // Peer address should not be used if initiator filter policy is not 0x00
421 const RawAddress* bd_addr_p = nullptr;
422 if (initiator_filter_policy == 0x00) {
423 bd_addr_p = &bd_addr;
424 if (peer_address_type == BLE_ADDR_PUBLIC_ID || peer_address_type == BLE_ADDR_RANDOM_ID) {
425 // if identity address is not matched, this address is invalid
426 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type, false)) {
427 bd_addr_p = nullptr;
428 }
429 }
430 }
431 if (initiator_filter_policy == 0x00 || (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
432 // Selectively log to avoid log spam due to acceptlist connections:
433 // - When doing non-acceptlist connection
434 // - When there is an error in command status
435 log_link_layer_connection_event(
436 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
437 android::bluetooth::DIRECTION_OUTGOING, android::bluetooth::LINK_TYPE_ACL, opcode,
438 hci_event, kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
439 }
440 break;
441 }
442 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
443 uint8_t initiator_filter_policy;
444 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
445 p_cmd += 1; // Skip Own_Address_Type
446 uint8_t peer_addr_type;
447 STREAM_TO_UINT8(peer_addr_type, p_cmd);
448 STREAM_TO_BDADDR(bd_addr, p_cmd);
449 // Peer address should not be used if initiator filter policy is not 0x00
450 const RawAddress* bd_addr_p = nullptr;
451 if (initiator_filter_policy == 0x00) {
452 bd_addr_p = &bd_addr;
453 // if identity address is not matched, this should be a static address
454 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
455 }
456 if (initiator_filter_policy == 0x00 || (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
457 // Selectively log to avoid log spam due to acceptlist connections:
458 // - When doing non-acceptlist connection
459 // - When there is an error in command status
460 log_link_layer_connection_event(
461 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
462 android::bluetooth::DIRECTION_OUTGOING, android::bluetooth::LINK_TYPE_ACL, opcode,
463 hci_event, kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
464 }
465 break;
466 }
467 case HCI_BLE_CREATE_CONN_CANCEL:
468 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
469 // Only log errors to prevent log spam due to acceptlist connections
470 log_link_layer_connection_event(
471 nullptr, bluetooth::common::kUnknownConnectionHandle,
472 android::bluetooth::DIRECTION_OUTGOING, android::bluetooth::LINK_TYPE_ACL, opcode,
473 hci_event, kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
474 }
475 break;
476 case HCI_READ_LOCAL_OOB_DATA:
477 case HCI_READ_LOCAL_OOB_EXTENDED_DATA:
478 log_classic_pairing_event(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
479 opcode, hci_event, cmd_status,
480 android::bluetooth::hci::STATUS_UNKNOWN, 0);
481 break;
482 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
483 uint8_t simple_pairing_mode;
484 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
485 log_classic_pairing_event(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
486 opcode, hci_event, cmd_status,
487 android::bluetooth::hci::STATUS_UNKNOWN, simple_pairing_mode);
488 break;
489 }
490 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
491 uint8_t secure_conn_host_support;
492 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
493 log_classic_pairing_event(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
494 opcode, hci_event, cmd_status,
495 android::bluetooth::hci::STATUS_UNKNOWN, secure_conn_host_support);
496 break;
497 }
498 case HCI_AUTHENTICATION_REQUESTED:
499 STREAM_TO_UINT16(handle, p_cmd);
500 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
501 android::bluetooth::hci::STATUS_UNKNOWN, 0);
502 break;
503 case HCI_SET_CONN_ENCRYPTION: {
504 STREAM_TO_UINT16(handle, p_cmd);
505 uint8_t encryption_enable;
506 STREAM_TO_UINT8(encryption_enable, p_cmd);
507 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
508 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
509 break;
510 }
511 case HCI_DELETE_STORED_LINK_KEY: {
512 uint8_t delete_all_flag;
513 STREAM_TO_BDADDR(bd_addr, p_cmd);
514 STREAM_TO_UINT8(delete_all_flag, p_cmd);
515 log_classic_pairing_event(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
516 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
517 delete_all_flag);
518 break;
519 }
520 case HCI_RMT_NAME_REQUEST:
521 case HCI_RMT_NAME_REQUEST_CANCEL:
522 case HCI_LINK_KEY_REQUEST_REPLY:
523 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
524 case HCI_IO_CAPABILITY_REQUEST_REPLY:
525 case HCI_USER_CONF_REQUEST_REPLY:
526 case HCI_USER_CONF_VALUE_NEG_REPLY:
527 case HCI_USER_PASSKEY_REQ_REPLY:
528 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
529 case HCI_REM_OOB_DATA_REQ_REPLY:
530 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
531 STREAM_TO_BDADDR(bd_addr, p_cmd);
532 log_classic_pairing_event(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
533 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
534 break;
535 case HCI_IO_CAP_REQ_NEG_REPLY:
536 STREAM_TO_BDADDR(bd_addr, p_cmd);
537 STREAM_TO_UINT8(reason, p_cmd);
538 log_classic_pairing_event(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
539 hci_event, cmd_status, reason, 0);
540 break;
541 }
542 }
543
544 /*******************************************************************************
545 *
546 * Function btu_hcif_send_cmd
547 *
548 * Description This function is called to send commands to the Host
549 * Controller.
550 *
551 * Returns void
552 *
553 ******************************************************************************/
btu_hcif_send_cmd(uint8_t,const BT_HDR * p_buf)554 void btu_hcif_send_cmd(uint8_t /* controller_id */, const BT_HDR* p_buf) {
555 if (!p_buf) {
556 return;
557 }
558
559 uint16_t opcode;
560 const uint8_t* stream = p_buf->data + p_buf->offset;
561
562 STREAM_TO_UINT16(opcode, stream);
563
564 // Skip parameter length before logging
565 stream++;
566 btu_hcif_log_command_metrics(opcode, stream, android::bluetooth::hci::STATUS_UNKNOWN, false);
567
568 bluetooth::shim::hci_layer_get_interface()->transmit_command(p_buf, btu_hcif_command_complete_evt,
569 btu_hcif_command_status_evt, NULL);
570 }
571
572 using hci_cmd_cb = base::OnceCallback<void(uint8_t* /* return_parameters */,
573 uint16_t /* return_parameters_length*/)>;
574
575 struct cmd_with_cb_data {
576 hci_cmd_cb cb;
577 base::Location posted_from;
578 };
579
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)580 static void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
581 new (&cb_wrapper->cb) hci_cmd_cb;
582 new (&cb_wrapper->posted_from) Location;
583 }
584
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)585 static void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
586 cb_wrapper->cb.~hci_cmd_cb();
587 cb_wrapper->posted_from.~Location();
588 }
589
590 /**
591 * Log command complete events that is not handled individually in this file
592 * @param opcode opcode of the command
593 * @param p_return_params pointer to returned parameter after parameter length
594 * field
595 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,const uint8_t * p_return_params)596 static void btu_hcif_log_command_complete_metrics(uint16_t opcode, const uint8_t* p_return_params) {
597 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
598 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
599 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
600 RawAddress bd_addr = RawAddress::kEmpty;
601 switch (opcode) {
602 case HCI_DELETE_STORED_LINK_KEY:
603 case HCI_READ_LOCAL_OOB_DATA:
604 case HCI_READ_LOCAL_OOB_EXTENDED_DATA:
605 case HCI_WRITE_SIMPLE_PAIRING_MODE:
606 case HCI_WRITE_SECURE_CONNS_SUPPORT:
607 STREAM_TO_UINT8(status, p_return_params);
608 log_classic_pairing_event(RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
609 opcode, hci_event, status, reason, 0);
610 break;
611 case HCI_READ_ENCR_KEY_SIZE: {
612 uint16_t handle;
613 uint8_t key_size;
614 STREAM_TO_UINT8(status, p_return_params);
615 STREAM_TO_UINT16(handle, p_return_params);
616 STREAM_TO_UINT8(key_size, p_return_params);
617 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event, status, reason,
618 key_size);
619 break;
620 }
621 case HCI_LINK_KEY_REQUEST_REPLY:
622 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
623 case HCI_IO_CAPABILITY_REQUEST_REPLY:
624 case HCI_IO_CAP_REQ_NEG_REPLY:
625 case HCI_USER_CONF_REQUEST_REPLY:
626 case HCI_USER_CONF_VALUE_NEG_REPLY:
627 case HCI_USER_PASSKEY_REQ_REPLY:
628 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
629 case HCI_REM_OOB_DATA_REQ_REPLY:
630 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
631 STREAM_TO_UINT8(status, p_return_params);
632 STREAM_TO_BDADDR(bd_addr, p_return_params);
633 log_classic_pairing_event(bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
634 hci_event, status, reason, 0);
635 break;
636 }
637 }
638
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)639 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event, void* context) {
640 command_opcode_t opcode;
641 // 2 for event header: event code (1) + parameter length (1)
642 // 1 for num_hci_pkt command credit
643 uint8_t* stream = event->data + event->offset + 3;
644 STREAM_TO_UINT16(opcode, stream);
645
646 btu_hcif_log_command_complete_metrics(opcode, stream);
647
648 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
649 log::verbose("command complete for: {}", cb_wrapper->posted_from.ToString());
650 // 2 for event header: event code (1) + parameter length (1)
651 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
652 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
653 std::move(cb_wrapper->cb).Run(stream, param_len);
654 cmd_with_cb_data_cleanup(cb_wrapper);
655 osi_free(cb_wrapper);
656
657 osi_free(event);
658 }
659
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)660 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response, void* context) {
661 do_in_main_thread(
662 base::BindOnce(btu_hcif_command_complete_evt_with_cb_on_task, response, context));
663 }
664
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)665 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status, BT_HDR* event,
666 void* context) {
667 command_opcode_t opcode;
668 uint8_t* stream = event->data + event->offset;
669 STREAM_TO_UINT16(opcode, stream);
670
671 log::assert_that(status != 0, "assert failed: status != 0");
672
673 // stream + 1 to skip parameter length field
674 // No need to check length since stream is written by us
675 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
676
677 // report command status error
678 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
679 log::verbose("command status for: {}", cb_wrapper->posted_from.ToString());
680 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
681 cmd_with_cb_data_cleanup(cb_wrapper);
682 osi_free(cb_wrapper);
683
684 osi_free(event);
685 }
686
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)687 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command, void* context) {
688 // Command is pending, we report only error.
689 if (!status) {
690 osi_free(command);
691 return;
692 }
693
694 do_in_main_thread(
695 base::BindOnce(btu_hcif_command_status_evt_with_cb_on_task, status, command, context));
696 }
697
698 /* This function is called to send commands to the Host Controller. |cb| is
699 * called when command status event is called with error code, or when the
700 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const base::Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)701 void btu_hcif_send_cmd_with_cb(const base::Location& posted_from, uint16_t opcode, uint8_t* params,
702 uint8_t params_len, hci_cmd_cb cb) {
703 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
704 uint8_t* pp = (uint8_t*)(p + 1);
705
706 p->len = HCIC_PREAMBLE_SIZE + params_len;
707 p->offset = 0;
708
709 UINT16_TO_STREAM(pp, opcode);
710 UINT8_TO_STREAM(pp, params_len);
711 if (params) {
712 memcpy(pp, params, params_len);
713 }
714
715 btu_hcif_log_command_metrics(opcode, pp, android::bluetooth::hci::STATUS_UNKNOWN, false);
716
717 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
718
719 cmd_with_cb_data_init(cb_wrapper);
720 cb_wrapper->cb = std::move(cb);
721 cb_wrapper->posted_from = posted_from;
722
723 bluetooth::shim::hci_layer_get_interface()->transmit_command(
724 p, btu_hcif_command_complete_evt_with_cb, btu_hcif_command_status_evt_with_cb,
725 (void*)cb_wrapper);
726 }
727
728 /*******************************************************************************
729 *
730 * Function btu_hcif_authentication_comp_evt
731 *
732 * Description Process event HCI_AUTHENTICATION_COMP_EVT
733 *
734 * Returns void
735 *
736 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)737 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
738 uint8_t status;
739 uint16_t handle;
740
741 STREAM_TO_UINT8(status, p);
742 STREAM_TO_UINT16(handle, p);
743
744 btm_sec_auth_complete(handle, static_cast<tHCI_STATUS>(status));
745 }
746
747 /*******************************************************************************
748 *
749 * Function btu_hcif_encryption_change_evt
750 *
751 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
752 *
753 * Returns void
754 *
755 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)756 static void btu_hcif_encryption_change_evt(uint8_t* p) {
757 uint8_t status;
758 uint16_t handle;
759 uint8_t encr_enable;
760
761 STREAM_TO_UINT8(status, p);
762 STREAM_TO_UINT16(handle, p);
763 STREAM_TO_UINT8(encr_enable, p);
764
765 btm_sec_encryption_change_evt(handle, static_cast<tHCI_STATUS>(status), encr_enable, 0);
766 }
767
768 /*******************************************************************************
769 *
770 * Function btu_hcif_encryption_change_evt_v2
771 *
772 * Description Process event HCI_ENCRYPTION_CHANGE_EVT_V2
773 *
774 * Returns void
775 *
776 ******************************************************************************/
btu_hcif_encryption_change_evt_v2(uint8_t * p)777 static void btu_hcif_encryption_change_evt_v2(uint8_t* p) {
778 uint8_t status;
779 uint16_t handle;
780 uint8_t encr_enable;
781 uint8_t key_size;
782
783 STREAM_TO_UINT8(status, p);
784 STREAM_TO_UINT16(handle, p);
785 STREAM_TO_UINT8(encr_enable, p);
786 STREAM_TO_UINT8(key_size, p);
787
788 btm_sec_encryption_change_evt(handle, static_cast<tHCI_STATUS>(status), encr_enable, key_size);
789 }
790
791 /*******************************************************************************
792 *
793 * Function btu_hcif_read_rmt_ext_features_comp_evt
794 *
795 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
796 *
797 * Returns void
798 *
799 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)800 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p, uint8_t evt_len) {
801 uint8_t* p_cur = p;
802 uint8_t status;
803 uint16_t handle;
804
805 STREAM_TO_UINT8(status, p_cur);
806
807 if (status == HCI_SUCCESS) {
808 btm_read_remote_ext_features_complete_raw(p, evt_len);
809 } else {
810 STREAM_TO_UINT16(handle, p_cur);
811 btm_read_remote_ext_features_failed(status, handle);
812 }
813 }
814
815 /*******************************************************************************
816 *
817 * Function btu_hcif_esco_connection_comp_evt
818 *
819 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
820 *
821 * Returns void
822 *
823 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(const uint8_t * p)824 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p) {
825 tBTM_ESCO_DATA data;
826 uint16_t handle;
827 RawAddress bda;
828 uint8_t status;
829
830 STREAM_TO_UINT8(status, p);
831 STREAM_TO_UINT16(handle, p);
832 STREAM_TO_BDADDR(bda, p);
833
834 STREAM_TO_UINT8(data.link_type, p);
835 STREAM_SKIP_UINT8(p); // tx_interval
836 STREAM_SKIP_UINT8(p); // retrans_window
837 STREAM_SKIP_UINT16(p); // rx_pkt_len
838 STREAM_SKIP_UINT16(p); // tx_pkt_len
839 STREAM_SKIP_UINT8(p); // air_mode
840
841 handle = HCID_GET_HANDLE(handle);
842 data.bd_addr = bda;
843 if (status == HCI_SUCCESS) {
844 log::assert_that(handle <= HCI_HANDLE_MAX,
845 "Received eSCO connection complete event with invalid "
846 "handle: 0x{:X} that should be <= 0x{:X}",
847 handle, HCI_HANDLE_MAX);
848 btm_sco_connected(bda, handle, &data);
849 } else {
850 btm_sco_connection_failed(static_cast<tHCI_STATUS>(status), bda, handle, &data);
851 }
852 }
853
854 /*******************************************************************************
855 *
856 * Function btu_hcif_esco_connection_chg_evt
857 *
858 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
859 *
860 * Returns void
861 *
862 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)863 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
864 uint16_t handle;
865 uint16_t tx_pkt_len;
866 uint16_t rx_pkt_len;
867 uint8_t status;
868 uint8_t tx_interval;
869 uint8_t retrans_window;
870
871 STREAM_TO_UINT8(status, p);
872 STREAM_TO_UINT16(handle, p);
873
874 STREAM_TO_UINT8(tx_interval, p);
875 STREAM_TO_UINT8(retrans_window, p);
876 STREAM_TO_UINT16(rx_pkt_len, p);
877 STREAM_TO_UINT16(tx_pkt_len, p);
878
879 handle = HCID_GET_HANDLE(handle);
880 }
881
882 /*******************************************************************************
883 *
884 * Function btu_hcif_hdl_command_complete
885 *
886 * Description Handle command complete event
887 *
888 * Returns void
889 *
890 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len)891 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p, uint16_t evt_len) {
892 switch (opcode) {
893 case HCI_SET_EVENT_FILTER:
894 break;
895
896 case HCI_DELETE_STORED_LINK_KEY:
897 btm_delete_stored_link_key_complete(p, evt_len);
898 break;
899
900 case HCI_READ_RSSI:
901 btm_read_rssi_complete(p, evt_len);
902 break;
903
904 case HCI_READ_FAILED_CONTACT_COUNTER:
905 btm_read_failed_contact_counter_complete(p);
906 break;
907
908 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
909 btm_read_automatic_flush_timeout_complete(p);
910 break;
911
912 case HCI_READ_TRANSMIT_POWER_LEVEL:
913 btm_read_tx_power_complete(p, evt_len, false);
914 break;
915
916 case HCI_CREATE_CONNECTION_CANCEL:
917 btu_hcif_create_conn_cancel_complete(p, evt_len);
918 break;
919
920 case HCI_READ_LOCAL_OOB_DATA:
921 btu_hcif_read_local_oob_complete(p, evt_len);
922 break;
923
924 case HCI_READ_LOCAL_OOB_EXTENDED_DATA:
925 btu_hcif_read_local_oob_extended_complete(p, evt_len);
926 break;
927
928 case HCI_READ_INQ_TX_POWER_LEVEL:
929 break;
930
931 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
932 btm_read_tx_power_complete(p, evt_len, true);
933 break;
934
935 case HCI_BLE_WRITE_ADV_ENABLE:
936 btm_ble_write_adv_enable_complete(p, evt_len);
937 break;
938
939 case HCI_BLE_CREATE_LL_CONN:
940 case HCI_LE_EXTENDED_CREATE_CONNECTION:
941 // No command complete event for those commands according to spec
942 log::error("No command complete expected, but received!");
943 break;
944
945 case HCI_BLE_TRANSMITTER_TEST:
946 case HCI_BLE_RECEIVER_TEST:
947 case HCI_BLE_TEST_END:
948 btm_ble_test_command_complete(p);
949 break;
950
951 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
952 btm_ble_add_resolving_list_entry_complete(p, evt_len);
953 break;
954
955 case HCI_BLE_RM_DEV_RESOLVING_LIST:
956 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
957 break;
958
959 case HCI_BLE_CLEAR_RESOLVING_LIST:
960 btm_ble_clear_resolving_list_complete(p, evt_len);
961 break;
962
963 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
964 btm_ble_read_resolving_list_entry_complete(p, evt_len);
965 break;
966
967 // Explicitly handled command complete events
968 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
969 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
970 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMEOUT:
971 case HCI_WRITE_CLASS_OF_DEVICE:
972 case HCI_WRITE_DEF_POLICY_SETTINGS:
973 case HCI_WRITE_EXT_INQ_RESPONSE:
974 case HCI_WRITE_INQSCAN_TYPE:
975 case HCI_WRITE_INQUIRYSCAN_CFG:
976 case HCI_WRITE_INQUIRY_MODE:
977 case HCI_WRITE_LINK_SUPER_TOUT:
978 case HCI_WRITE_PAGESCAN_CFG:
979 case HCI_WRITE_PAGESCAN_TYPE:
980 case HCI_WRITE_PAGE_TOUT:
981 case HCI_WRITE_SCAN_ENABLE:
982 case HCI_WRITE_VOICE_SETTINGS:
983 break;
984
985 default:
986 log::error("Command complete for opcode:0x{:02x} should not be handled here", opcode);
987 break;
988 }
989 }
990
991 /*******************************************************************************
992 *
993 * Function btu_hcif_command_complete_evt
994 *
995 * Description Process event HCI_COMMAND_COMPLETE_EVT
996 *
997 * Returns void
998 *
999 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event)1000 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event) {
1001 command_opcode_t opcode;
1002 // 2 for event header: event code (1) + parameter length (1)
1003 // 1 for num_hci_pkt command credit
1004 uint8_t* stream = event->data + event->offset + 3;
1005 STREAM_TO_UINT16(opcode, stream);
1006
1007 btu_hcif_log_command_complete_metrics(opcode, stream);
1008 // 2 for event header: event code (1) + parameter length (1)
1009 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1010 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1011 btu_hcif_hdl_command_complete(opcode, stream, param_len);
1012
1013 osi_free(event);
1014 }
1015
btu_hcif_command_complete_evt(BT_HDR * response,void *)1016 static void btu_hcif_command_complete_evt(BT_HDR* response, void* /* context */) {
1017 do_in_main_thread(base::BindOnce(btu_hcif_command_complete_evt_on_task, response));
1018 }
1019
1020 /*******************************************************************************
1021 *
1022 * Function btu_hcif_hdl_command_status
1023 *
1024 * Description Handle a command status event
1025 *
1026 * Returns void
1027 *
1028 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd)1029 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status, const uint8_t* p_cmd) {
1030 log::assert_that(p_cmd != nullptr, "Null command for opcode 0x{:x}", opcode);
1031 p_cmd++; // Skip parameter total length
1032
1033 const tHCI_STATUS hci_status = to_hci_status_code(status);
1034
1035 RawAddress bd_addr;
1036 uint16_t handle;
1037
1038 switch (opcode) {
1039 case HCI_SWITCH_ROLE:
1040 if (status != HCI_SUCCESS) {
1041 // Tell BTM that the command failed
1042 STREAM_TO_BDADDR(bd_addr, p_cmd);
1043 btm_acl_role_changed(hci_status, bd_addr, HCI_ROLE_UNKNOWN);
1044 }
1045 break;
1046 case HCI_CREATE_CONNECTION:
1047 if (status != HCI_SUCCESS) {
1048 STREAM_TO_BDADDR(bd_addr, p_cmd);
1049 btm_acl_connected(bd_addr, HCI_INVALID_HANDLE, hci_status, 0);
1050 }
1051 break;
1052 case HCI_AUTHENTICATION_REQUESTED:
1053 if (status != HCI_SUCCESS) {
1054 // Device refused to start authentication
1055 // This is treated as an authentication failure
1056 btm_sec_auth_complete(HCI_INVALID_HANDLE, hci_status);
1057 }
1058 break;
1059 case HCI_SET_CONN_ENCRYPTION:
1060 if (status != HCI_SUCCESS) {
1061 // Device refused to start encryption
1062 // This is treated as an encryption failure
1063 btm_sec_encrypt_change(HCI_INVALID_HANDLE, hci_status, false, 0);
1064 }
1065 break;
1066 case HCI_READ_RMT_EXT_FEATURES:
1067 if (status != HCI_SUCCESS) {
1068 STREAM_TO_UINT16(handle, p_cmd);
1069 btm_read_remote_ext_features_failed(status, handle);
1070 }
1071 break;
1072 case HCI_SETUP_ESCO_CONNECTION:
1073 case HCI_ENH_SETUP_ESCO_CONNECTION:
1074 if (status != HCI_SUCCESS) {
1075 if (com::android::bluetooth::flags::fix_sco_command_status_handling()) {
1076 log::debug("flag: fix_sco_command_status_handling is enabled");
1077 btm_sco_create_command_status_failed(hci_status);
1078 } else {
1079 log::debug("flag: fix_sco_command_status_handling is disabled");
1080 STREAM_TO_UINT16(handle, p_cmd);
1081 RawAddress addr(RawAddress::kEmpty);
1082 btm_sco_connection_failed(hci_status, addr, handle, nullptr);
1083 }
1084 }
1085 break;
1086
1087 case HCI_BLE_START_ENC:
1088 // Race condition: disconnection happened right before we send
1089 // "LE Encrypt", controller responds with no connection, we should
1090 // cancel the encryption attempt, rather than unpair the device.
1091 if (status == HCI_ERR_NO_CONNECTION) {
1092 smp_cancel_start_encryption_attempt();
1093 }
1094 break;
1095
1096 // Link Policy Commands
1097 case HCI_EXIT_SNIFF_MODE:
1098 case HCI_EXIT_PARK_MODE:
1099 if (status != HCI_SUCCESS) {
1100 // Allow SCO initiation to continue if waiting for change mode event
1101 STREAM_TO_UINT16(handle, p_cmd);
1102 btm_sco_chk_pend_unpark(hci_status, handle);
1103 }
1104 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1105 case HCI_HOLD_MODE:
1106 case HCI_SNIFF_MODE:
1107 case HCI_PARK_MODE:
1108 btm_pm_proc_cmd_status(hci_status);
1109 break;
1110
1111 // Command status event not handled by a specialized module
1112 case HCI_READ_RMT_CLOCK_OFFSET: // 0x041f
1113 case HCI_CHANGE_CONN_PACKET_TYPE: // 0x040f
1114 if (hci_status != HCI_SUCCESS) {
1115 log::warn("Received bad command status for opcode:0x{:02x} status:{}", opcode,
1116 hci_status_code_text(hci_status));
1117 }
1118 break;
1119
1120 default:
1121 log::error(
1122 "Command status for opcode:0x{:02x} should not be handled here "
1123 "status:{}",
1124 opcode, hci_status_code_text(hci_status));
1125 }
1126 }
1127
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd)1128 void bluetooth::legacy::testing::btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1129 const uint8_t* p_cmd) {
1130 ::btu_hcif_hdl_command_status(opcode, status, p_cmd);
1131 }
1132
btu_hcif_process_event(uint8_t controller_id,const BT_HDR * p_msg)1133 void bluetooth::legacy::testing::btu_hcif_process_event(uint8_t controller_id,
1134 const BT_HDR* p_msg) {
1135 ::btu_hcif_process_event(controller_id, p_msg);
1136 }
1137
1138 /*******************************************************************************
1139 *
1140 * Function btu_hcif_command_status_evt
1141 *
1142 * Description Process event HCI_COMMAND_STATUS_EVT
1143 *
1144 * Returns void
1145 *
1146 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event)1147 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event) {
1148 command_opcode_t opcode;
1149 uint8_t* stream = event->data + event->offset;
1150 STREAM_TO_UINT16(opcode, stream);
1151
1152 // stream + 1 to skip parameter length field
1153 // No need to check length since stream is written by us
1154 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1155
1156 btu_hcif_hdl_command_status(opcode, status, stream);
1157 osi_free(event);
1158 }
1159
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void *)1160 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command, void* /* context */) {
1161 do_in_main_thread(base::BindOnce(btu_hcif_command_status_evt_on_task, status, command));
1162 }
1163
1164 /*******************************************************************************
1165 *
1166 * Function btu_hcif_mode_change_evt
1167 *
1168 * Description Process event HCI_MODE_CHANGE_EVT
1169 *
1170 * Returns void
1171 *
1172 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1173 static void btu_hcif_mode_change_evt(uint8_t* p) {
1174 uint8_t status;
1175 uint16_t handle;
1176 uint8_t current_mode;
1177 uint16_t interval;
1178
1179 STREAM_TO_UINT8(status, p);
1180
1181 STREAM_TO_UINT16(handle, p);
1182 STREAM_TO_UINT8(current_mode, p);
1183 STREAM_TO_UINT16(interval, p);
1184 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1185 btm_pm_proc_mode_change(static_cast<tHCI_STATUS>(status), handle,
1186 static_cast<tHCI_MODE>(current_mode), interval);
1187
1188 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1189 hidd_pm_proc_mode_change(status, current_mode, interval);
1190 #endif
1191 }
1192
1193 /* Parsing functions for btm functions */
1194
btu_hcif_sec_pin_code_request(const uint8_t * p)1195 void btu_hcif_sec_pin_code_request(const uint8_t* p) {
1196 RawAddress bda;
1197
1198 STREAM_TO_BDADDR(bda, p);
1199 btm_sec_pin_code_request(bda);
1200 }
btu_hcif_sec_link_key_request(const uint8_t * p)1201 void btu_hcif_sec_link_key_request(const uint8_t* p) {
1202 RawAddress bda;
1203 STREAM_TO_BDADDR(bda, p);
1204 btm_sec_link_key_request(bda);
1205 }
btu_hcif_rem_oob_req(const uint8_t * p)1206 void btu_hcif_rem_oob_req(const uint8_t* p) {
1207 RawAddress bda;
1208 STREAM_TO_BDADDR(bda, p);
1209 btm_rem_oob_req(bda);
1210 }
btu_hcif_simple_pair_complete(const uint8_t * p)1211 void btu_hcif_simple_pair_complete(const uint8_t* p) {
1212 RawAddress bd_addr;
1213 uint8_t status;
1214 status = *p++;
1215 STREAM_TO_BDADDR(bd_addr, p);
1216 btm_simple_pair_complete(bd_addr, status);
1217 }
btu_hcif_sec_rmt_host_support_feat_evt(const uint8_t * p)1218 void btu_hcif_sec_rmt_host_support_feat_evt(const uint8_t* p) {
1219 RawAddress bd_addr; /* peer address */
1220 uint8_t features_0;
1221
1222 STREAM_TO_BDADDR(bd_addr, p);
1223 STREAM_TO_UINT8(features_0, p);
1224 btm_sec_rmt_host_support_feat_evt(bd_addr, features_0);
1225 }
btu_hcif_proc_sp_req_evt(tBTM_SP_EVT event,const uint8_t * p)1226 void btu_hcif_proc_sp_req_evt(tBTM_SP_EVT event, const uint8_t* p) {
1227 RawAddress bda;
1228 uint32_t value = 0;
1229
1230 /* All events start with bd_addr */
1231 STREAM_TO_BDADDR(bda, p);
1232 switch (event) {
1233 case BTM_SP_CFM_REQ_EVT:
1234 case BTM_SP_KEY_NOTIF_EVT:
1235 STREAM_TO_UINT32(value, p);
1236 break;
1237 case BTM_SP_KEY_REQ_EVT:
1238 // No value needed.
1239 break;
1240 default:
1241 log::warn("unexpected event:{}", sp_evt_to_text(event));
1242 break;
1243 }
1244 btm_proc_sp_req_evt(event, bda, value);
1245 }
btu_hcif_create_conn_cancel_complete(const uint8_t * p,uint16_t evt_len)1246 void btu_hcif_create_conn_cancel_complete(const uint8_t* p, uint16_t evt_len) {
1247 uint8_t status;
1248
1249 if (evt_len < 1 + BD_ADDR_LEN) {
1250 log::error("malformatted event packet, too short");
1251 return;
1252 }
1253
1254 STREAM_TO_UINT8(status, p);
1255 RawAddress bd_addr;
1256 STREAM_TO_BDADDR(bd_addr, p);
1257 btm_create_conn_cancel_complete(status, bd_addr);
1258 }
btu_hcif_read_local_oob_complete(const uint8_t * p,uint16_t evt_len)1259 void btu_hcif_read_local_oob_complete(const uint8_t* p, uint16_t evt_len) {
1260 tBTM_SP_LOC_OOB evt_data = {};
1261 uint8_t status;
1262 if (evt_len < 1) {
1263 goto err_out;
1264 }
1265 STREAM_TO_UINT8(status, p);
1266 if (status == HCI_SUCCESS) {
1267 evt_data.status = tBTM_STATUS::BTM_SUCCESS;
1268 } else {
1269 evt_data.status = tBTM_STATUS::BTM_ERR_PROCESSING;
1270 }
1271 if (evt_len < 32 + 1) {
1272 goto err_out;
1273 }
1274 STREAM_TO_ARRAY16(evt_data.c_192.data(), p);
1275 STREAM_TO_ARRAY16(evt_data.r_192.data(), p);
1276 btm_read_local_oob_complete(evt_data);
1277 return;
1278
1279 err_out:
1280 log::error("bogus event packet, too short");
1281 }
1282
btu_hcif_read_local_oob_extended_complete(const uint8_t * p,uint16_t evt_len)1283 void btu_hcif_read_local_oob_extended_complete(const uint8_t* p, uint16_t evt_len) {
1284 if (evt_len < 64 + 1) {
1285 log::error("Invalid event length: {}", evt_len);
1286 return;
1287 }
1288
1289 tBTM_SP_LOC_OOB evt_data = {};
1290 uint8_t status;
1291 STREAM_TO_UINT8(status, p);
1292 if (status == HCI_SUCCESS) {
1293 evt_data.status = tBTM_STATUS::BTM_SUCCESS;
1294 } else {
1295 evt_data.status = tBTM_STATUS::BTM_ERR_PROCESSING;
1296 }
1297
1298 STREAM_TO_ARRAY16(evt_data.c_192.data(), p);
1299 STREAM_TO_ARRAY16(evt_data.r_192.data(), p);
1300 STREAM_TO_ARRAY16(evt_data.c_256.data(), p);
1301 STREAM_TO_ARRAY16(evt_data.r_256.data(), p);
1302 btm_read_local_oob_complete(evt_data);
1303 }
1304
1305 /*******************************************************************************
1306 *
1307 * Function btu_hcif_link_key_notification_evt
1308 *
1309 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1310 *
1311 * Returns void
1312 *
1313 ******************************************************************************/
btu_hcif_link_key_notification_evt(const uint8_t * p)1314 static void btu_hcif_link_key_notification_evt(const uint8_t* p) {
1315 RawAddress bda;
1316 Octet16 key;
1317 uint8_t key_type;
1318
1319 STREAM_TO_BDADDR(bda, p);
1320 STREAM_TO_ARRAY16(key.data(), p);
1321 STREAM_TO_UINT8(key_type, p);
1322
1323 btm_sec_link_key_notification(bda, key, key_type);
1324 }
1325
1326 /*******************************************************************************
1327 *
1328 * Function btu_hcif_read_clock_off_comp_evt
1329 *
1330 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1331 *
1332 * Returns void
1333 *
1334 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1335 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1336 uint8_t status;
1337 uint16_t handle;
1338 uint16_t clock_offset;
1339
1340 STREAM_TO_UINT8(status, p);
1341
1342 /* If failed to get clock offset just drop the result */
1343 if (status != HCI_SUCCESS) {
1344 return;
1345 }
1346
1347 STREAM_TO_UINT16(handle, p);
1348 STREAM_TO_UINT16(clock_offset, p);
1349
1350 handle = HCID_GET_HANDLE(handle);
1351
1352 btm_sec_update_clock_offset(handle, clock_offset);
1353 }
1354
1355 /**********************************************
1356 * Simple Pairing Events
1357 **********************************************/
1358
1359 /*******************************************************************************
1360 *
1361 * Function btu_hcif_io_cap_request_evt
1362 *
1363 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1364 *
1365 * Returns void
1366 *
1367 ******************************************************************************/
btu_hcif_io_cap_request_evt(const uint8_t * p)1368 static void btu_hcif_io_cap_request_evt(const uint8_t* p) {
1369 RawAddress bda;
1370 STREAM_TO_BDADDR(bda, p);
1371 btm_io_capabilities_req(bda);
1372 }
1373
1374 /*******************************************************************************
1375 *
1376 * Function btu_hcif_io_cap_request_evt
1377 *
1378 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1379 *
1380 * Returns void
1381 *
1382 ******************************************************************************/
btu_hcif_io_cap_response_evt(const uint8_t * p)1383 static void btu_hcif_io_cap_response_evt(const uint8_t* p) {
1384 tBTM_SP_IO_RSP evt_data;
1385
1386 STREAM_TO_BDADDR(evt_data.bd_addr, p);
1387
1388 uint8_t io_cap;
1389 STREAM_TO_UINT8(io_cap, p);
1390 evt_data.io_cap = static_cast<tBTM_IO_CAP>(io_cap);
1391
1392 STREAM_TO_UINT8(evt_data.oob_data, p);
1393 STREAM_TO_UINT8(evt_data.auth_req, p);
1394 btm_io_capabilities_rsp(evt_data);
1395 }
1396
1397 /**********************************************
1398 * End of Simple Pairing Events
1399 **********************************************/
1400
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)1401 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
1402 uint8_t status;
1403 uint16_t handle;
1404
1405 STREAM_TO_UINT8(status, p);
1406 STREAM_TO_UINT16(handle, p);
1407
1408 btm_sec_encryption_key_refresh_complete(handle, static_cast<tHCI_STATUS>(status));
1409 }
1410
1411 /**********************************************
1412 * BLE Events
1413 **********************************************/
1414
btu_ble_proc_ltk_req(uint8_t * p,uint16_t evt_len)1415 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len) {
1416 uint16_t ediv, handle;
1417 uint8_t* pp;
1418
1419 // following the spec in Core_v5.3/Vol 4/Part E
1420 // / 7.7.65.5 LE Long Term Key Request event
1421 // A BLE Long Term Key Request event contains:
1422 // - 1-byte subevent (already consumed in btu_hcif_process_event)
1423 // - 2-byte connection handler
1424 // - 8-byte random number
1425 // - 2 byte Encrypted_Diversifier
1426 if (evt_len < 2 + 8 + 2) {
1427 log::error("Event packet too short");
1428 return;
1429 }
1430
1431 STREAM_TO_UINT16(handle, p);
1432 pp = p + 8;
1433 STREAM_TO_UINT16(ediv, pp);
1434 btm_ble_ltk_request(handle, p, ediv);
1435 /* This is empty until an upper layer cares about returning event */
1436 }
1437
1438 /**********************************************
1439 * End of BLE Events Handler
1440 **********************************************/
1441
btu_hci_msg_process(BT_HDR * p_msg)1442 void btu_hci_msg_process(BT_HDR* p_msg) {
1443 /* Determine the input message type. */
1444 switch (p_msg->event & BT_EVT_MASK) {
1445 case BT_EVT_TO_BTU_HCI_EVT:
1446 btu_hcif_process_event((uint8_t)(p_msg->event & BT_SUB_EVT_MASK), p_msg);
1447 osi_free(p_msg);
1448 break;
1449
1450 case BT_EVT_TO_BTU_HCI_ISO:
1451 IsoManager::GetInstance()->HandleIsoData(p_msg);
1452 osi_free(p_msg);
1453 break;
1454
1455 default:
1456 osi_free(p_msg);
1457 break;
1458 }
1459 }
1460