1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the HCI transport. On
22 * the receive side, it routes events to the appropriate handler, e.g.
23 * L2CAP, ScoMgr. On the transmit side, it manages the command
24 * transmission.
25 *
26 ******************************************************************************/
27
28 #define LOG_TAG "bt_btu_hcif"
29
30 #include "stack/include/btu_hcif.h"
31
32 #include <base/functional/bind.h>
33 #include <base/location.h>
34 #include <bluetooth/log.h>
35
36 #include <cstdint>
37
38 #include "common/init_flags.h"
39 #include "common/metrics.h"
40 #include "hci/controller_interface.h"
41 #include "internal_include/bt_target.h"
42 #include "internal_include/bt_trace.h"
43 #include "main/shim/entry.h"
44 #include "main/shim/hci_layer.h"
45 #include "os/log.h"
46 #include "osi/include/allocator.h"
47 #include "stack/include/acl_hci_link_interface.h"
48 #include "stack/include/ble_acl_interface.h"
49 #include "stack/include/ble_hci_link_interface.h"
50 #include "stack/include/bt_hdr.h"
51 #include "stack/include/bt_types.h"
52 #include "stack/include/btm_ble_addr.h"
53 #include "stack/include/btm_ble_api.h"
54 #include "stack/include/btm_iso_api.h"
55 #include "stack/include/btm_sec_api_types.h"
56 #include "stack/include/dev_hci_link_interface.h"
57 #include "stack/include/hci_error_code.h"
58 #include "stack/include/hci_evt_length.h"
59 #include "stack/include/inq_hci_link_interface.h"
60 #include "stack/include/l2cap_hci_link_interface.h"
61 #include "stack/include/main_thread.h"
62 #include "stack/include/sco_hci_link_interface.h"
63 #include "stack/include/sec_hci_link_interface.h"
64 #include "stack/include/stack_metrics_logging.h"
65 #include "types/hci_role.h"
66 #include "types/raw_address.h"
67
68 using namespace bluetooth;
69 using base::Location;
70 using bluetooth::hci::IsoManager;
71
72 bool BTM_BLE_IS_RESOLVE_BDA(const RawAddress& x); // TODO remove
73 void BTA_sys_signal_hw_error(); // TODO remove
74 void smp_cancel_start_encryption_attempt(); // TODO remove
75 void acl_disconnect_from_handle(uint16_t handle, tHCI_STATUS reason,
76 std::string comment); // TODO remove
77
78 /******************************************************************************/
79 /* L O C A L F U N C T I O N P R O T O T Y P E S */
80 /******************************************************************************/
81 static void btu_hcif_authentication_comp_evt(uint8_t* p);
82 static void btu_hcif_encryption_change_evt(uint8_t* p);
83 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
84 uint8_t evt_len);
85 static void btu_hcif_command_complete_evt(BT_HDR* response, void* context);
86 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
87 void* context);
88 static void btu_hcif_mode_change_evt(uint8_t* p);
89 static void btu_hcif_link_key_notification_evt(const uint8_t* p);
90 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p);
91 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p);
92 static void btu_hcif_esco_connection_chg_evt(uint8_t* p);
93
94 /* Parsing functions for btm functions */
95
96 static void btu_hcif_sec_pin_code_request(const uint8_t* p);
97 static void btu_hcif_sec_link_key_request(const uint8_t* p);
98 static void btu_hcif_sec_rmt_host_support_feat_evt(const uint8_t* p);
99 static void btu_hcif_proc_sp_req_evt(tBTM_SP_EVT event, const uint8_t* p);
100 static void btu_hcif_rem_oob_req(const uint8_t* p);
101 static void btu_hcif_simple_pair_complete(const uint8_t* p);
102 static void btu_hcif_proc_sp_req_evt(const tBTM_SP_EVT event, const uint8_t* p);
103 static void btu_hcif_create_conn_cancel_complete(const uint8_t* p,
104 uint16_t evt_len);
105 static void btu_hcif_read_local_oob_complete(const uint8_t* p,
106 uint16_t evt_len);
107 static void btu_hcif_read_local_oob_extended_complete(const uint8_t* p,
108 uint16_t evt_len);
109
110 /* Simple Pairing Events */
111 static void btu_hcif_io_cap_request_evt(const uint8_t* p);
112 static void btu_hcif_io_cap_response_evt(const uint8_t* p);
113
114 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len);
115 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p);
116
117 /**
118 * Log HCI event metrics that are not handled in special functions
119 * @param evt_code event code
120 * @param p_event pointer to event parameter, skipping paremter length
121 */
btu_hcif_log_event_metrics(uint8_t evt_code,const uint8_t * p_event)122 static void btu_hcif_log_event_metrics(uint8_t evt_code,
123 const uint8_t* p_event) {
124 uint32_t cmd = android::bluetooth::hci::CMD_UNKNOWN;
125 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
126 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
127 uint16_t handle = bluetooth::common::kUnknownConnectionHandle;
128 int64_t value = 0;
129
130 RawAddress bda = RawAddress::kEmpty;
131 switch (evt_code) {
132 case HCI_IO_CAPABILITY_REQUEST_EVT:
133 case HCI_IO_CAPABILITY_RESPONSE_EVT:
134 case HCI_LINK_KEY_REQUEST_EVT:
135 case HCI_LINK_KEY_NOTIFICATION_EVT:
136 case HCI_USER_PASSKEY_REQUEST_EVT:
137 case HCI_USER_PASSKEY_NOTIFY_EVT:
138 case HCI_USER_CONFIRMATION_REQUEST_EVT:
139 case HCI_KEYPRESS_NOTIFY_EVT:
140 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
141 STREAM_TO_BDADDR(bda, p_event);
142 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
143 value);
144 break;
145 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
146 case HCI_RMT_NAME_REQUEST_COMP_EVT:
147 STREAM_TO_UINT8(status, p_event);
148 STREAM_TO_BDADDR(bda, p_event);
149 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
150 value);
151 break;
152 case HCI_AUTHENTICATION_COMP_EVT:
153 STREAM_TO_UINT8(status, p_event);
154 STREAM_TO_UINT16(handle, p_event);
155 handle = HCID_GET_HANDLE(handle);
156 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
157 value);
158 break;
159 case HCI_ENCRYPTION_CHANGE_EVT: {
160 uint8_t encryption_enabled;
161 STREAM_TO_UINT8(status, p_event);
162 STREAM_TO_UINT16(handle, p_event);
163 STREAM_TO_UINT8(encryption_enabled, p_event);
164 log_classic_pairing_event(bda, handle, cmd, evt_code, status, reason,
165 encryption_enabled);
166 break;
167 }
168 case HCI_ESCO_CONNECTION_COMP_EVT: {
169 uint8_t link_type;
170 STREAM_TO_UINT8(status, p_event);
171 STREAM_TO_UINT16(handle, p_event);
172 STREAM_TO_BDADDR(bda, p_event);
173 STREAM_TO_UINT8(link_type, p_event);
174 handle = HCID_GET_HANDLE(handle);
175 log_link_layer_connection_event(
176 &bda, handle, android::bluetooth::DIRECTION_UNKNOWN, link_type, cmd,
177 evt_code, android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
178 break;
179 }
180 case HCI_ESCO_CONNECTION_CHANGED_EVT: {
181 STREAM_TO_UINT8(status, p_event);
182 STREAM_TO_UINT16(handle, p_event);
183 handle = HCID_GET_HANDLE(handle);
184 log_link_layer_connection_event(
185 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
186 android::bluetooth::LINK_TYPE_UNKNOWN, cmd, evt_code,
187 android::bluetooth::hci::BLE_EVT_UNKNOWN, status, reason);
188 break;
189 }
190 // Ignore these events
191 case HCI_BLE_EVENT:
192 break;
193 case HCI_VENDOR_SPECIFIC_EVT:
194 break;
195
196 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
197 case HCI_CONNECTION_REQUEST_EVT: // EventCode::CONNECTION_REQUEST
198 case HCI_DISCONNECTION_COMP_EVT: // EventCode::DISCONNECTION_COMPLETE
199 default:
200 log::error(
201 "Unexpectedly received event_code:0x{:02x} that should not be "
202 "handled here",
203 evt_code);
204 break;
205 }
206 }
207
208 /*******************************************************************************
209 *
210 * Function btu_hcif_process_event
211 *
212 * Description This function is called when an event is received from
213 * the Host Controller.
214 *
215 * Returns void
216 *
217 ******************************************************************************/
btu_hcif_process_event(uint8_t,const BT_HDR * p_msg)218 void btu_hcif_process_event(uint8_t /* controller_id */, const BT_HDR* p_msg) {
219 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
220 uint8_t hci_evt_code, hci_evt_len;
221 uint8_t ble_sub_code;
222 STREAM_TO_UINT8(hci_evt_code, p);
223 STREAM_TO_UINT8(hci_evt_len, p);
224
225 // validate event size
226 if (hci_evt_len < hci_event_parameters_minimum_length[hci_evt_code]) {
227 log::warn("evt:0x{:2X}, malformed event of size {}", hci_evt_code,
228 hci_evt_len);
229 return;
230 }
231
232 btu_hcif_log_event_metrics(hci_evt_code, p);
233
234 switch (hci_evt_code) {
235 case HCI_AUTHENTICATION_COMP_EVT:
236 btu_hcif_authentication_comp_evt(p);
237 break;
238 case HCI_ENCRYPTION_CHANGE_EVT:
239 btu_hcif_encryption_change_evt(p);
240 break;
241 case HCI_ENCRYPTION_KEY_REFRESH_COMP_EVT:
242 btu_hcif_encryption_key_refresh_cmpl_evt(p);
243 break;
244 case HCI_READ_RMT_EXT_FEATURES_COMP_EVT:
245 btu_hcif_read_rmt_ext_features_comp_evt(p, hci_evt_len);
246 break;
247 case HCI_COMMAND_COMPLETE_EVT:
248 log::error(
249 "should not have received a command complete event. Someone didn't "
250 "go through the hci transmit_command function.");
251 break;
252 case HCI_COMMAND_STATUS_EVT:
253 log::error(
254 "should not have received a command status event. Someone didn't go "
255 "through the hci transmit_command function.");
256 break;
257 case HCI_MODE_CHANGE_EVT:
258 btu_hcif_mode_change_evt(p);
259 break;
260 case HCI_PIN_CODE_REQUEST_EVT:
261 btu_hcif_sec_pin_code_request(p);
262 break;
263 case HCI_LINK_KEY_REQUEST_EVT:
264 btu_hcif_sec_link_key_request(p);
265 break;
266 case HCI_LINK_KEY_NOTIFICATION_EVT:
267 btu_hcif_link_key_notification_evt(p);
268 break;
269 case HCI_READ_CLOCK_OFF_COMP_EVT:
270 btu_hcif_read_clock_off_comp_evt(p);
271 break;
272 case HCI_ESCO_CONNECTION_COMP_EVT:
273 btu_hcif_esco_connection_comp_evt(p);
274 break;
275 case HCI_ESCO_CONNECTION_CHANGED_EVT:
276 btu_hcif_esco_connection_chg_evt(p);
277 break;
278 case HCI_SNIFF_SUB_RATE_EVT:
279 btm_pm_proc_ssr_evt(p, hci_evt_len);
280 break;
281 case HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT:
282 btu_hcif_sec_rmt_host_support_feat_evt(p);
283 break;
284 case HCI_IO_CAPABILITY_REQUEST_EVT:
285 btu_hcif_io_cap_request_evt(p);
286 break;
287 case HCI_IO_CAPABILITY_RESPONSE_EVT:
288 btu_hcif_io_cap_response_evt(p);
289 break;
290 case HCI_USER_CONFIRMATION_REQUEST_EVT:
291 btu_hcif_proc_sp_req_evt(BTM_SP_CFM_REQ_EVT, p);
292 break;
293 case HCI_USER_PASSKEY_REQUEST_EVT:
294 btu_hcif_proc_sp_req_evt(BTM_SP_KEY_REQ_EVT, p);
295 break;
296 case HCI_REMOTE_OOB_DATA_REQUEST_EVT:
297 btu_hcif_rem_oob_req(p);
298 break;
299 case HCI_SIMPLE_PAIRING_COMPLETE_EVT:
300 btu_hcif_simple_pair_complete(p);
301 break;
302 case HCI_USER_PASSKEY_NOTIFY_EVT:
303 btu_hcif_proc_sp_req_evt(BTM_SP_KEY_NOTIF_EVT, p);
304 break;
305
306 case HCI_BLE_EVENT: {
307 STREAM_TO_UINT8(ble_sub_code, p);
308
309 uint8_t ble_evt_len = hci_evt_len - 1;
310 switch (ble_sub_code) {
311 case HCI_BLE_READ_REMOTE_FEAT_CMPL_EVT:
312 btm_ble_read_remote_features_complete(p, ble_evt_len);
313 break;
314 case HCI_BLE_LTK_REQ_EVT: /* received only at peripheral device */
315 btu_ble_proc_ltk_req(p, ble_evt_len);
316 break;
317
318 case HCI_BLE_REQ_PEER_SCA_CPL_EVT:
319 btm_acl_process_sca_cmpl_pkt(ble_evt_len, p);
320 break;
321
322 case HCI_BLE_CIS_EST_EVT:
323 case HCI_BLE_CREATE_BIG_CPL_EVT:
324 case HCI_BLE_TERM_BIG_CPL_EVT:
325 case HCI_BLE_CIS_REQ_EVT:
326 case HCI_BLE_BIG_SYNC_EST_EVT:
327 case HCI_BLE_BIG_SYNC_LOST_EVT:
328 IsoManager::GetInstance()->HandleHciEvent(ble_sub_code, p,
329 ble_evt_len);
330 break;
331
332 default:
333 log::error(
334 "Unexpectedly received LE sub_event_code:0x{:02x} that should "
335 "not be handled here",
336 ble_sub_code);
337 break;
338 }
339 } break;
340
341 // Events now captured by gd::hci_layer module
342 case HCI_VENDOR_SPECIFIC_EVT:
343 case HCI_HARDWARE_ERROR_EVT:
344 case HCI_NUM_COMPL_DATA_PKTS_EVT: // EventCode::NUMBER_OF_COMPLETED_PACKETS
345 case HCI_CONNECTION_COMP_EVT: // EventCode::CONNECTION_COMPLETE
346 case HCI_CONNECTION_REQUEST_EVT: // EventCode::CONNECTION_REQUEST
347 case HCI_READ_RMT_FEATURES_COMP_EVT: // EventCode::READ_REMOTE_SUPPORTED_FEATURES_COMPLETE
348 case HCI_READ_RMT_VERSION_COMP_EVT: // EventCode::READ_REMOTE_VERSION_INFORMATION_COMPLETE
349 case HCI_ROLE_CHANGE_EVT: // EventCode::ROLE_CHANGE
350 case HCI_DISCONNECTION_COMP_EVT: // EventCode::DISCONNECTION_COMPLETE
351 case HCI_RMT_NAME_REQUEST_COMP_EVT: // EventCode::REMOTE_NAME_REQUEST_COMPLETE
352 default:
353 log::error(
354 "Unexpectedly received event_code:0x{:02x} that should not be "
355 "handled here",
356 hci_evt_code);
357 break;
358 }
359 }
360
btu_hcif_log_command_metrics(uint16_t opcode,const uint8_t * p_cmd,uint16_t cmd_status,bool is_cmd_status)361 static void btu_hcif_log_command_metrics(uint16_t opcode, const uint8_t* p_cmd,
362 uint16_t cmd_status,
363 bool is_cmd_status) {
364 static uint16_t kUnknownBleEvt = android::bluetooth::hci::BLE_EVT_UNKNOWN;
365
366 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_STATUS;
367 if (!is_cmd_status) {
368 hci_event = android::bluetooth::hci::EVT_UNKNOWN;
369 cmd_status = android::bluetooth::hci::STATUS_UNKNOWN;
370 }
371
372 RawAddress bd_addr;
373 uint16_t handle;
374 uint8_t reason;
375
376 switch (opcode) {
377 case HCI_CREATE_CONNECTION:
378 case HCI_CREATE_CONNECTION_CANCEL:
379 STREAM_TO_BDADDR(bd_addr, p_cmd);
380 log_link_layer_connection_event(
381 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
382 android::bluetooth::DIRECTION_OUTGOING,
383 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event, kUnknownBleEvt,
384 cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
385 break;
386 case HCI_DISCONNECT:
387 STREAM_TO_UINT16(handle, p_cmd);
388 STREAM_TO_UINT8(reason, p_cmd);
389 log_link_layer_connection_event(
390 nullptr, handle, android::bluetooth::DIRECTION_UNKNOWN,
391 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
392 kUnknownBleEvt, cmd_status, reason);
393 break;
394 case HCI_SETUP_ESCO_CONNECTION:
395 case HCI_ENH_SETUP_ESCO_CONNECTION:
396 STREAM_TO_UINT16(handle, p_cmd);
397 log_link_layer_connection_event(
398 nullptr, handle, android::bluetooth::DIRECTION_OUTGOING,
399 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
400 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
401 break;
402 case HCI_ACCEPT_CONNECTION_REQUEST:
403 case HCI_ACCEPT_ESCO_CONNECTION:
404 case HCI_ENH_ACCEPT_ESCO_CONNECTION:
405 STREAM_TO_BDADDR(bd_addr, p_cmd);
406 log_link_layer_connection_event(
407 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
408 android::bluetooth::DIRECTION_INCOMING,
409 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
410 kUnknownBleEvt, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN);
411 break;
412 case HCI_REJECT_CONNECTION_REQUEST:
413 case HCI_REJECT_ESCO_CONNECTION:
414 STREAM_TO_BDADDR(bd_addr, p_cmd);
415 STREAM_TO_UINT8(reason, p_cmd);
416 log_link_layer_connection_event(
417 &bd_addr, bluetooth::common::kUnknownConnectionHandle,
418 android::bluetooth::DIRECTION_INCOMING,
419 android::bluetooth::LINK_TYPE_UNKNOWN, opcode, hci_event,
420 kUnknownBleEvt, cmd_status, reason);
421 break;
422
423 // BLE Commands
424 case HCI_BLE_CREATE_LL_CONN: {
425 p_cmd += 2; // Skip LE_Scan_Interval
426 p_cmd += 2; // Skip LE_Scan_Window;
427 uint8_t initiator_filter_policy;
428 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
429 uint8_t peer_address_type;
430 STREAM_TO_UINT8(peer_address_type, p_cmd);
431 STREAM_TO_BDADDR(bd_addr, p_cmd);
432 // Peer address should not be used if initiator filter policy is not 0x00
433 const RawAddress* bd_addr_p = nullptr;
434 if (initiator_filter_policy == 0x00) {
435 bd_addr_p = &bd_addr;
436 if (peer_address_type == BLE_ADDR_PUBLIC_ID ||
437 peer_address_type == BLE_ADDR_RANDOM_ID) {
438 // if identity address is not matched, this address is invalid
439 if (!btm_identity_addr_to_random_pseudo(&bd_addr, &peer_address_type,
440 false)) {
441 bd_addr_p = nullptr;
442 }
443 }
444 }
445 if (initiator_filter_policy == 0x00 ||
446 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
447 // Selectively log to avoid log spam due to acceptlist connections:
448 // - When doing non-acceptlist connection
449 // - When there is an error in command status
450 log_link_layer_connection_event(
451 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
452 android::bluetooth::DIRECTION_OUTGOING,
453 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
454 kUnknownBleEvt, cmd_status,
455 android::bluetooth::hci::STATUS_UNKNOWN);
456 }
457 break;
458 }
459 case HCI_LE_EXTENDED_CREATE_CONNECTION: {
460 uint8_t initiator_filter_policy;
461 STREAM_TO_UINT8(initiator_filter_policy, p_cmd);
462 p_cmd += 1; // Skip Own_Address_Type
463 uint8_t peer_addr_type;
464 STREAM_TO_UINT8(peer_addr_type, p_cmd);
465 STREAM_TO_BDADDR(bd_addr, p_cmd);
466 // Peer address should not be used if initiator filter policy is not 0x00
467 const RawAddress* bd_addr_p = nullptr;
468 if (initiator_filter_policy == 0x00) {
469 bd_addr_p = &bd_addr;
470 // if identity address is not matched, this should be a static address
471 btm_identity_addr_to_random_pseudo(&bd_addr, &peer_addr_type, false);
472 }
473 if (initiator_filter_policy == 0x00 ||
474 (cmd_status != HCI_SUCCESS && !is_cmd_status)) {
475 // Selectively log to avoid log spam due to acceptlist connections:
476 // - When doing non-acceptlist connection
477 // - When there is an error in command status
478 log_link_layer_connection_event(
479 bd_addr_p, bluetooth::common::kUnknownConnectionHandle,
480 android::bluetooth::DIRECTION_OUTGOING,
481 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
482 kUnknownBleEvt, cmd_status,
483 android::bluetooth::hci::STATUS_UNKNOWN);
484 }
485 break;
486 }
487 case HCI_BLE_CREATE_CONN_CANCEL:
488 if (cmd_status != HCI_SUCCESS && !is_cmd_status) {
489 // Only log errors to prevent log spam due to acceptlist connections
490 log_link_layer_connection_event(
491 nullptr, bluetooth::common::kUnknownConnectionHandle,
492 android::bluetooth::DIRECTION_OUTGOING,
493 android::bluetooth::LINK_TYPE_ACL, opcode, hci_event,
494 kUnknownBleEvt, cmd_status,
495 android::bluetooth::hci::STATUS_UNKNOWN);
496 }
497 break;
498 case HCI_READ_LOCAL_OOB_DATA:
499 case HCI_READ_LOCAL_OOB_EXTENDED_DATA:
500 log_classic_pairing_event(RawAddress::kEmpty,
501 bluetooth::common::kUnknownConnectionHandle,
502 opcode, hci_event, cmd_status,
503 android::bluetooth::hci::STATUS_UNKNOWN, 0);
504 break;
505 case HCI_WRITE_SIMPLE_PAIRING_MODE: {
506 uint8_t simple_pairing_mode;
507 STREAM_TO_UINT8(simple_pairing_mode, p_cmd);
508 log_classic_pairing_event(
509 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
510 opcode, hci_event, cmd_status,
511 android::bluetooth::hci::STATUS_UNKNOWN, simple_pairing_mode);
512 break;
513 }
514 case HCI_WRITE_SECURE_CONNS_SUPPORT: {
515 uint8_t secure_conn_host_support;
516 STREAM_TO_UINT8(secure_conn_host_support, p_cmd);
517 log_classic_pairing_event(
518 RawAddress::kEmpty, bluetooth::common::kUnknownConnectionHandle,
519 opcode, hci_event, cmd_status,
520 android::bluetooth::hci::STATUS_UNKNOWN, secure_conn_host_support);
521 break;
522 }
523 case HCI_AUTHENTICATION_REQUESTED:
524 STREAM_TO_UINT16(handle, p_cmd);
525 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
526 cmd_status,
527 android::bluetooth::hci::STATUS_UNKNOWN, 0);
528 break;
529 case HCI_SET_CONN_ENCRYPTION: {
530 STREAM_TO_UINT16(handle, p_cmd);
531 uint8_t encryption_enable;
532 STREAM_TO_UINT8(encryption_enable, p_cmd);
533 log_classic_pairing_event(
534 RawAddress::kEmpty, handle, opcode, hci_event, cmd_status,
535 android::bluetooth::hci::STATUS_UNKNOWN, encryption_enable);
536 break;
537 }
538 case HCI_DELETE_STORED_LINK_KEY: {
539 uint8_t delete_all_flag;
540 STREAM_TO_BDADDR(bd_addr, p_cmd);
541 STREAM_TO_UINT8(delete_all_flag, p_cmd);
542 log_classic_pairing_event(
543 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
544 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN,
545 delete_all_flag);
546 break;
547 }
548 case HCI_RMT_NAME_REQUEST:
549 case HCI_RMT_NAME_REQUEST_CANCEL:
550 case HCI_LINK_KEY_REQUEST_REPLY:
551 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
552 case HCI_IO_CAPABILITY_REQUEST_REPLY:
553 case HCI_USER_CONF_REQUEST_REPLY:
554 case HCI_USER_CONF_VALUE_NEG_REPLY:
555 case HCI_USER_PASSKEY_REQ_REPLY:
556 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
557 case HCI_REM_OOB_DATA_REQ_REPLY:
558 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
559 STREAM_TO_BDADDR(bd_addr, p_cmd);
560 log_classic_pairing_event(
561 bd_addr, bluetooth::common::kUnknownConnectionHandle, opcode,
562 hci_event, cmd_status, android::bluetooth::hci::STATUS_UNKNOWN, 0);
563 break;
564 case HCI_IO_CAP_REQ_NEG_REPLY:
565 STREAM_TO_BDADDR(bd_addr, p_cmd);
566 STREAM_TO_UINT8(reason, p_cmd);
567 log_classic_pairing_event(bd_addr,
568 bluetooth::common::kUnknownConnectionHandle,
569 opcode, hci_event, cmd_status, reason, 0);
570 break;
571 }
572 }
573
574 /*******************************************************************************
575 *
576 * Function btu_hcif_send_cmd
577 *
578 * Description This function is called to send commands to the Host
579 * Controller.
580 *
581 * Returns void
582 *
583 ******************************************************************************/
btu_hcif_send_cmd(uint8_t,const BT_HDR * p_buf)584 void btu_hcif_send_cmd(uint8_t /* controller_id */, const BT_HDR* p_buf) {
585 if (!p_buf) return;
586
587 uint16_t opcode;
588 const uint8_t* stream = p_buf->data + p_buf->offset;
589
590 STREAM_TO_UINT16(opcode, stream);
591
592 // Skip parameter length before logging
593 stream++;
594 btu_hcif_log_command_metrics(opcode, stream,
595 android::bluetooth::hci::STATUS_UNKNOWN, false);
596
597 bluetooth::shim::hci_layer_get_interface()->transmit_command(
598 p_buf, btu_hcif_command_complete_evt, btu_hcif_command_status_evt, NULL);
599 }
600
601 using hci_cmd_cb = base::OnceCallback<void(
602 uint8_t* /* return_parameters */, uint16_t /* return_parameters_length*/)>;
603
604 struct cmd_with_cb_data {
605 hci_cmd_cb cb;
606 base::Location posted_from;
607 };
608
cmd_with_cb_data_init(cmd_with_cb_data * cb_wrapper)609 void cmd_with_cb_data_init(cmd_with_cb_data* cb_wrapper) {
610 new (&cb_wrapper->cb) hci_cmd_cb;
611 new (&cb_wrapper->posted_from) Location;
612 }
613
cmd_with_cb_data_cleanup(cmd_with_cb_data * cb_wrapper)614 void cmd_with_cb_data_cleanup(cmd_with_cb_data* cb_wrapper) {
615 cb_wrapper->cb.~hci_cmd_cb();
616 cb_wrapper->posted_from.~Location();
617 }
618
619 /**
620 * Log command complete events that is not handled individually in this file
621 * @param opcode opcode of the command
622 * @param p_return_params pointer to returned parameter after parameter length
623 * field
624 */
btu_hcif_log_command_complete_metrics(uint16_t opcode,const uint8_t * p_return_params)625 static void btu_hcif_log_command_complete_metrics(
626 uint16_t opcode, const uint8_t* p_return_params) {
627 uint16_t status = android::bluetooth::hci::STATUS_UNKNOWN;
628 uint16_t reason = android::bluetooth::hci::STATUS_UNKNOWN;
629 uint16_t hci_event = android::bluetooth::hci::EVT_COMMAND_COMPLETE;
630 RawAddress bd_addr = RawAddress::kEmpty;
631 switch (opcode) {
632 case HCI_DELETE_STORED_LINK_KEY:
633 case HCI_READ_LOCAL_OOB_DATA:
634 case HCI_READ_LOCAL_OOB_EXTENDED_DATA:
635 case HCI_WRITE_SIMPLE_PAIRING_MODE:
636 case HCI_WRITE_SECURE_CONNS_SUPPORT:
637 STREAM_TO_UINT8(status, p_return_params);
638 log_classic_pairing_event(RawAddress::kEmpty,
639 bluetooth::common::kUnknownConnectionHandle,
640 opcode, hci_event, status, reason, 0);
641 break;
642 case HCI_READ_ENCR_KEY_SIZE: {
643 uint16_t handle;
644 uint8_t key_size;
645 STREAM_TO_UINT8(status, p_return_params);
646 STREAM_TO_UINT16(handle, p_return_params);
647 STREAM_TO_UINT8(key_size, p_return_params);
648 log_classic_pairing_event(RawAddress::kEmpty, handle, opcode, hci_event,
649 status, reason, key_size);
650 break;
651 }
652 case HCI_LINK_KEY_REQUEST_REPLY:
653 case HCI_LINK_KEY_REQUEST_NEG_REPLY:
654 case HCI_IO_CAPABILITY_REQUEST_REPLY:
655 case HCI_IO_CAP_REQ_NEG_REPLY:
656 case HCI_USER_CONF_REQUEST_REPLY:
657 case HCI_USER_CONF_VALUE_NEG_REPLY:
658 case HCI_USER_PASSKEY_REQ_REPLY:
659 case HCI_USER_PASSKEY_REQ_NEG_REPLY:
660 case HCI_REM_OOB_DATA_REQ_REPLY:
661 case HCI_REM_OOB_DATA_REQ_NEG_REPLY:
662 STREAM_TO_UINT8(status, p_return_params);
663 STREAM_TO_BDADDR(bd_addr, p_return_params);
664 log_classic_pairing_event(bd_addr,
665 bluetooth::common::kUnknownConnectionHandle,
666 opcode, hci_event, status, reason, 0);
667 break;
668 }
669 }
670
btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR * event,void * context)671 static void btu_hcif_command_complete_evt_with_cb_on_task(BT_HDR* event,
672 void* context) {
673 command_opcode_t opcode;
674 // 2 for event header: event code (1) + parameter length (1)
675 // 1 for num_hci_pkt command credit
676 uint8_t* stream = event->data + event->offset + 3;
677 STREAM_TO_UINT16(opcode, stream);
678
679 btu_hcif_log_command_complete_metrics(opcode, stream);
680
681 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
682 log::verbose("command complete for: {}", cb_wrapper->posted_from.ToString());
683 // 2 for event header: event code (1) + parameter length (1)
684 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
685 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
686 std::move(cb_wrapper->cb).Run(stream, param_len);
687 cmd_with_cb_data_cleanup(cb_wrapper);
688 osi_free(cb_wrapper);
689
690 osi_free(event);
691 }
692
btu_hcif_command_complete_evt_with_cb(BT_HDR * response,void * context)693 static void btu_hcif_command_complete_evt_with_cb(BT_HDR* response,
694 void* context) {
695 do_in_main_thread(
696 FROM_HERE, base::BindOnce(btu_hcif_command_complete_evt_with_cb_on_task,
697 response, context));
698 }
699
btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,BT_HDR * event,void * context)700 static void btu_hcif_command_status_evt_with_cb_on_task(uint8_t status,
701 BT_HDR* event,
702 void* context) {
703 command_opcode_t opcode;
704 uint8_t* stream = event->data + event->offset;
705 STREAM_TO_UINT16(opcode, stream);
706
707 log::assert_that(status != 0, "assert failed: status != 0");
708
709 // stream + 1 to skip parameter length field
710 // No need to check length since stream is written by us
711 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
712
713 // report command status error
714 cmd_with_cb_data* cb_wrapper = (cmd_with_cb_data*)context;
715 log::verbose("command status for: {}", cb_wrapper->posted_from.ToString());
716 std::move(cb_wrapper->cb).Run(&status, sizeof(uint16_t));
717 cmd_with_cb_data_cleanup(cb_wrapper);
718 osi_free(cb_wrapper);
719
720 osi_free(event);
721 }
722
btu_hcif_command_status_evt_with_cb(uint8_t status,BT_HDR * command,void * context)723 static void btu_hcif_command_status_evt_with_cb(uint8_t status, BT_HDR* command,
724 void* context) {
725 // Command is pending, we report only error.
726 if (!status) {
727 osi_free(command);
728 return;
729 }
730
731 do_in_main_thread(FROM_HERE,
732 base::BindOnce(btu_hcif_command_status_evt_with_cb_on_task,
733 status, command, context));
734 }
735
736 /* This function is called to send commands to the Host Controller. |cb| is
737 * called when command status event is called with error code, or when the
738 * command complete event is received. */
btu_hcif_send_cmd_with_cb(const base::Location & posted_from,uint16_t opcode,uint8_t * params,uint8_t params_len,hci_cmd_cb cb)739 void btu_hcif_send_cmd_with_cb(const base::Location& posted_from,
740 uint16_t opcode, uint8_t* params,
741 uint8_t params_len, hci_cmd_cb cb) {
742 BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE);
743 uint8_t* pp = (uint8_t*)(p + 1);
744
745 p->len = HCIC_PREAMBLE_SIZE + params_len;
746 p->offset = 0;
747
748 UINT16_TO_STREAM(pp, opcode);
749 UINT8_TO_STREAM(pp, params_len);
750 if (params) {
751 memcpy(pp, params, params_len);
752 }
753
754 btu_hcif_log_command_metrics(opcode, pp,
755 android::bluetooth::hci::STATUS_UNKNOWN, false);
756
757 cmd_with_cb_data* cb_wrapper =
758 (cmd_with_cb_data*)osi_malloc(sizeof(cmd_with_cb_data));
759
760 cmd_with_cb_data_init(cb_wrapper);
761 cb_wrapper->cb = std::move(cb);
762 cb_wrapper->posted_from = posted_from;
763
764 bluetooth::shim::hci_layer_get_interface()->transmit_command(
765 p, btu_hcif_command_complete_evt_with_cb,
766 btu_hcif_command_status_evt_with_cb, (void*)cb_wrapper);
767 }
768
769 /*******************************************************************************
770 *
771 * Function btu_hcif_authentication_comp_evt
772 *
773 * Description Process event HCI_AUTHENTICATION_COMP_EVT
774 *
775 * Returns void
776 *
777 ******************************************************************************/
btu_hcif_authentication_comp_evt(uint8_t * p)778 static void btu_hcif_authentication_comp_evt(uint8_t* p) {
779 uint8_t status;
780 uint16_t handle;
781
782 STREAM_TO_UINT8(status, p);
783 STREAM_TO_UINT16(handle, p);
784
785 btm_sec_auth_complete(handle, static_cast<tHCI_STATUS>(status));
786 }
787
788 /*******************************************************************************
789 *
790 * Function btu_hcif_encryption_change_evt
791 *
792 * Description Process event HCI_ENCRYPTION_CHANGE_EVT
793 *
794 * Returns void
795 *
796 ******************************************************************************/
btu_hcif_encryption_change_evt(uint8_t * p)797 static void btu_hcif_encryption_change_evt(uint8_t* p) {
798 uint8_t status;
799 uint16_t handle;
800 uint8_t encr_enable;
801
802 STREAM_TO_UINT8(status, p);
803 STREAM_TO_UINT16(handle, p);
804 STREAM_TO_UINT8(encr_enable, p);
805
806 btm_sec_encryption_change_evt(handle, static_cast<tHCI_STATUS>(status),
807 encr_enable);
808 }
809
810 /*******************************************************************************
811 *
812 * Function btu_hcif_read_rmt_ext_features_comp_evt
813 *
814 * Description Process event HCI_READ_RMT_EXT_FEATURES_COMP_EVT
815 *
816 * Returns void
817 *
818 ******************************************************************************/
btu_hcif_read_rmt_ext_features_comp_evt(uint8_t * p,uint8_t evt_len)819 static void btu_hcif_read_rmt_ext_features_comp_evt(uint8_t* p,
820 uint8_t evt_len) {
821 uint8_t* p_cur = p;
822 uint8_t status;
823 uint16_t handle;
824
825 STREAM_TO_UINT8(status, p_cur);
826
827 if (status == HCI_SUCCESS)
828 btm_read_remote_ext_features_complete_raw(p, evt_len);
829 else {
830 STREAM_TO_UINT16(handle, p_cur);
831 btm_read_remote_ext_features_failed(status, handle);
832 }
833 }
834
835 /*******************************************************************************
836 *
837 * Function btu_hcif_esco_connection_comp_evt
838 *
839 * Description Process event HCI_ESCO_CONNECTION_COMP_EVT
840 *
841 * Returns void
842 *
843 ******************************************************************************/
btu_hcif_esco_connection_comp_evt(const uint8_t * p)844 static void btu_hcif_esco_connection_comp_evt(const uint8_t* p) {
845 tBTM_ESCO_DATA data;
846 uint16_t handle;
847 RawAddress bda;
848 uint8_t status;
849
850 STREAM_TO_UINT8(status, p);
851 STREAM_TO_UINT16(handle, p);
852 STREAM_TO_BDADDR(bda, p);
853
854 STREAM_TO_UINT8(data.link_type, p);
855 STREAM_SKIP_UINT8(p); // tx_interval
856 STREAM_SKIP_UINT8(p); // retrans_window
857 STREAM_SKIP_UINT16(p); // rx_pkt_len
858 STREAM_SKIP_UINT16(p); // tx_pkt_len
859 STREAM_SKIP_UINT8(p); // air_mode
860
861 handle = HCID_GET_HANDLE(handle);
862 data.bd_addr = bda;
863 if (status == HCI_SUCCESS) {
864 log::assert_that(handle <= HCI_HANDLE_MAX,
865 "Received eSCO connection complete event with invalid "
866 "handle: 0x{:X} that should be <= 0x{:X}",
867 handle, HCI_HANDLE_MAX);
868 btm_sco_connected(bda, handle, &data);
869 } else {
870 btm_sco_connection_failed(static_cast<tHCI_STATUS>(status), bda, handle,
871 &data);
872 }
873 }
874
875 /*******************************************************************************
876 *
877 * Function btu_hcif_esco_connection_chg_evt
878 *
879 * Description Process event HCI_ESCO_CONNECTION_CHANGED_EVT
880 *
881 * Returns void
882 *
883 ******************************************************************************/
btu_hcif_esco_connection_chg_evt(uint8_t * p)884 static void btu_hcif_esco_connection_chg_evt(uint8_t* p) {
885 uint16_t handle;
886 uint16_t tx_pkt_len;
887 uint16_t rx_pkt_len;
888 uint8_t status;
889 uint8_t tx_interval;
890 uint8_t retrans_window;
891
892 STREAM_TO_UINT8(status, p);
893 STREAM_TO_UINT16(handle, p);
894
895 STREAM_TO_UINT8(tx_interval, p);
896 STREAM_TO_UINT8(retrans_window, p);
897 STREAM_TO_UINT16(rx_pkt_len, p);
898 STREAM_TO_UINT16(tx_pkt_len, p);
899
900 handle = HCID_GET_HANDLE(handle);
901 }
902
903 /*******************************************************************************
904 *
905 * Function btu_hcif_hdl_command_complete
906 *
907 * Description Handle command complete event
908 *
909 * Returns void
910 *
911 ******************************************************************************/
btu_hcif_hdl_command_complete(uint16_t opcode,uint8_t * p,uint16_t evt_len)912 static void btu_hcif_hdl_command_complete(uint16_t opcode, uint8_t* p,
913 uint16_t evt_len) {
914 switch (opcode) {
915 case HCI_SET_EVENT_FILTER:
916 break;
917
918 case HCI_DELETE_STORED_LINK_KEY:
919 btm_delete_stored_link_key_complete(p, evt_len);
920 break;
921
922 case HCI_READ_LOCAL_NAME:
923 btm_read_local_name_complete(p, evt_len);
924 break;
925
926 case HCI_READ_RSSI:
927 btm_read_rssi_complete(p, evt_len);
928 break;
929
930 case HCI_READ_FAILED_CONTACT_COUNTER:
931 btm_read_failed_contact_counter_complete(p);
932 break;
933
934 case HCI_READ_AUTOMATIC_FLUSH_TIMEOUT:
935 btm_read_automatic_flush_timeout_complete(p);
936 break;
937
938 case HCI_READ_TRANSMIT_POWER_LEVEL:
939 btm_read_tx_power_complete(p, evt_len, false);
940 break;
941
942 case HCI_CREATE_CONNECTION_CANCEL:
943 btu_hcif_create_conn_cancel_complete(p, evt_len);
944 break;
945
946 case HCI_READ_LOCAL_OOB_DATA:
947 btu_hcif_read_local_oob_complete(p, evt_len);
948 break;
949
950 case HCI_READ_LOCAL_OOB_EXTENDED_DATA:
951 btu_hcif_read_local_oob_extended_complete(p, evt_len);
952 break;
953
954 case HCI_READ_INQ_TX_POWER_LEVEL:
955 break;
956
957 case HCI_BLE_READ_ADV_CHNL_TX_POWER:
958 btm_read_tx_power_complete(p, evt_len, true);
959 break;
960
961 case HCI_BLE_WRITE_ADV_ENABLE:
962 btm_ble_write_adv_enable_complete(p, evt_len);
963 break;
964
965 case HCI_BLE_CREATE_LL_CONN:
966 case HCI_LE_EXTENDED_CREATE_CONNECTION:
967 // No command complete event for those commands according to spec
968 log::error("No command complete expected, but received!");
969 break;
970
971 case HCI_BLE_TRANSMITTER_TEST:
972 case HCI_BLE_RECEIVER_TEST:
973 case HCI_BLE_TEST_END:
974 btm_ble_test_command_complete(p);
975 break;
976
977 case HCI_BLE_ADD_DEV_RESOLVING_LIST:
978 btm_ble_add_resolving_list_entry_complete(p, evt_len);
979 break;
980
981 case HCI_BLE_RM_DEV_RESOLVING_LIST:
982 btm_ble_remove_resolving_list_entry_complete(p, evt_len);
983 break;
984
985 case HCI_BLE_CLEAR_RESOLVING_LIST:
986 btm_ble_clear_resolving_list_complete(p, evt_len);
987 break;
988
989 case HCI_BLE_READ_RESOLVABLE_ADDR_PEER:
990 btm_ble_read_resolving_list_entry_complete(p, evt_len);
991 break;
992
993 // Explicitly handled command complete events
994 case HCI_BLE_READ_RESOLVABLE_ADDR_LOCAL:
995 case HCI_BLE_SET_ADDR_RESOLUTION_ENABLE:
996 case HCI_BLE_SET_RAND_PRIV_ADDR_TIMOUT:
997 case HCI_CHANGE_LOCAL_NAME:
998 case HCI_WRITE_CLASS_OF_DEVICE:
999 case HCI_WRITE_DEF_POLICY_SETTINGS:
1000 case HCI_WRITE_EXT_INQ_RESPONSE:
1001 case HCI_WRITE_INQSCAN_TYPE:
1002 case HCI_WRITE_INQUIRYSCAN_CFG:
1003 case HCI_WRITE_INQUIRY_MODE:
1004 case HCI_WRITE_LINK_SUPER_TOUT:
1005 case HCI_WRITE_PAGESCAN_CFG:
1006 case HCI_WRITE_PAGESCAN_TYPE:
1007 case HCI_WRITE_PAGE_TOUT:
1008 case HCI_WRITE_SCAN_ENABLE:
1009 case HCI_WRITE_VOICE_SETTINGS:
1010 break;
1011
1012 default:
1013 log::error(
1014 "Command complete for opcode:0x{:02x} should not be handled here",
1015 opcode);
1016 break;
1017 }
1018 }
1019
1020 /*******************************************************************************
1021 *
1022 * Function btu_hcif_command_complete_evt
1023 *
1024 * Description Process event HCI_COMMAND_COMPLETE_EVT
1025 *
1026 * Returns void
1027 *
1028 ******************************************************************************/
btu_hcif_command_complete_evt_on_task(BT_HDR * event)1029 static void btu_hcif_command_complete_evt_on_task(BT_HDR* event) {
1030 command_opcode_t opcode;
1031 // 2 for event header: event code (1) + parameter length (1)
1032 // 1 for num_hci_pkt command credit
1033 uint8_t* stream = event->data + event->offset + 3;
1034 STREAM_TO_UINT16(opcode, stream);
1035
1036 btu_hcif_log_command_complete_metrics(opcode, stream);
1037 // 2 for event header: event code (1) + parameter length (1)
1038 // 3 for command complete header: num_hci_pkt (1) + opcode (2)
1039 uint16_t param_len = static_cast<uint16_t>(event->len - 5);
1040 btu_hcif_hdl_command_complete(opcode, stream, param_len);
1041
1042 osi_free(event);
1043 }
1044
btu_hcif_command_complete_evt(BT_HDR * response,void *)1045 static void btu_hcif_command_complete_evt(BT_HDR* response,
1046 void* /* context */) {
1047 do_in_main_thread(
1048 FROM_HERE,
1049 base::BindOnce(btu_hcif_command_complete_evt_on_task, response));
1050 }
1051
1052 /*******************************************************************************
1053 *
1054 * Function btu_hcif_hdl_command_status
1055 *
1056 * Description Handle a command status event
1057 *
1058 * Returns void
1059 *
1060 ******************************************************************************/
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd)1061 static void btu_hcif_hdl_command_status(uint16_t opcode, uint8_t status,
1062 const uint8_t* p_cmd) {
1063 log::assert_that(p_cmd != nullptr, "Null command for opcode 0x{:x}", opcode);
1064 p_cmd++; // Skip parameter total length
1065
1066 const tHCI_STATUS hci_status = to_hci_status_code(status);
1067
1068 RawAddress bd_addr;
1069 uint16_t handle;
1070
1071 switch (opcode) {
1072 case HCI_SWITCH_ROLE:
1073 if (status != HCI_SUCCESS) {
1074 // Tell BTM that the command failed
1075 STREAM_TO_BDADDR(bd_addr, p_cmd);
1076 btm_acl_role_changed(hci_status, bd_addr, HCI_ROLE_UNKNOWN);
1077 }
1078 break;
1079 case HCI_CREATE_CONNECTION:
1080 if (status != HCI_SUCCESS) {
1081 STREAM_TO_BDADDR(bd_addr, p_cmd);
1082 btm_acl_connected(bd_addr, HCI_INVALID_HANDLE, hci_status, 0);
1083 }
1084 break;
1085 case HCI_AUTHENTICATION_REQUESTED:
1086 if (status != HCI_SUCCESS) {
1087 // Device refused to start authentication
1088 // This is treated as an authentication failure
1089 btm_sec_auth_complete(HCI_INVALID_HANDLE, hci_status);
1090 }
1091 break;
1092 case HCI_SET_CONN_ENCRYPTION:
1093 if (status != HCI_SUCCESS) {
1094 // Device refused to start encryption
1095 // This is treated as an encryption failure
1096 btm_sec_encrypt_change(HCI_INVALID_HANDLE, hci_status, false);
1097 }
1098 break;
1099 case HCI_RMT_NAME_REQUEST:
1100 if (status != HCI_SUCCESS) {
1101 // Tell inquiry processing that we are done
1102 btm_process_remote_name(nullptr, nullptr, 0, hci_status);
1103 btm_sec_rmt_name_request_complete(nullptr, nullptr, hci_status);
1104 }
1105 break;
1106 case HCI_READ_RMT_EXT_FEATURES:
1107 if (status != HCI_SUCCESS) {
1108 STREAM_TO_UINT16(handle, p_cmd);
1109 btm_read_remote_ext_features_failed(status, handle);
1110 }
1111 break;
1112 case HCI_SETUP_ESCO_CONNECTION:
1113 case HCI_ENH_SETUP_ESCO_CONNECTION:
1114 if (status != HCI_SUCCESS) {
1115 STREAM_TO_UINT16(handle, p_cmd);
1116 RawAddress addr(RawAddress::kEmpty);
1117 btm_sco_connection_failed(hci_status, addr, handle, nullptr);
1118 }
1119 break;
1120
1121 case HCI_BLE_START_ENC:
1122 // Race condition: disconnection happened right before we send
1123 // "LE Encrypt", controller responds with no connection, we should
1124 // cancel the encryption attempt, rather than unpair the device.
1125 if (status == HCI_ERR_NO_CONNECTION) {
1126 smp_cancel_start_encryption_attempt();
1127 }
1128 break;
1129
1130 // Link Policy Commands
1131 case HCI_EXIT_SNIFF_MODE:
1132 case HCI_EXIT_PARK_MODE:
1133 if (status != HCI_SUCCESS) {
1134 // Allow SCO initiation to continue if waiting for change mode event
1135 STREAM_TO_UINT16(handle, p_cmd);
1136 btm_sco_chk_pend_unpark(hci_status, handle);
1137 }
1138 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1139 case HCI_HOLD_MODE:
1140 case HCI_SNIFF_MODE:
1141 case HCI_PARK_MODE:
1142 btm_pm_proc_cmd_status(hci_status);
1143 break;
1144
1145 // Command status event not handled by a specialized module
1146 case HCI_READ_RMT_CLOCK_OFFSET: // 0x041f
1147 case HCI_CHANGE_CONN_PACKET_TYPE: // 0x040f
1148 if (hci_status != HCI_SUCCESS) {
1149 log::warn("Received bad command status for opcode:0x{:02x} status:{}",
1150 opcode, hci_status_code_text(hci_status));
1151 }
1152 break;
1153
1154 default:
1155 log::error(
1156 "Command status for opcode:0x{:02x} should not be handled here "
1157 "status:{}",
1158 opcode, hci_status_code_text(hci_status));
1159 }
1160 }
1161
btu_hcif_hdl_command_status(uint16_t opcode,uint8_t status,const uint8_t * p_cmd)1162 void bluetooth::legacy::testing::btu_hcif_hdl_command_status(
1163 uint16_t opcode, uint8_t status, const uint8_t* p_cmd) {
1164 ::btu_hcif_hdl_command_status(opcode, status, p_cmd);
1165 }
1166
1167 /*******************************************************************************
1168 *
1169 * Function btu_hcif_command_status_evt
1170 *
1171 * Description Process event HCI_COMMAND_STATUS_EVT
1172 *
1173 * Returns void
1174 *
1175 ******************************************************************************/
btu_hcif_command_status_evt_on_task(uint8_t status,BT_HDR * event)1176 static void btu_hcif_command_status_evt_on_task(uint8_t status, BT_HDR* event) {
1177 command_opcode_t opcode;
1178 uint8_t* stream = event->data + event->offset;
1179 STREAM_TO_UINT16(opcode, stream);
1180
1181 // stream + 1 to skip parameter length field
1182 // No need to check length since stream is written by us
1183 btu_hcif_log_command_metrics(opcode, stream + 1, status, true);
1184
1185 btu_hcif_hdl_command_status(opcode, status, stream);
1186 osi_free(event);
1187 }
1188
btu_hcif_command_status_evt(uint8_t status,BT_HDR * command,void *)1189 static void btu_hcif_command_status_evt(uint8_t status, BT_HDR* command,
1190 void* /* context */) {
1191 do_in_main_thread(
1192 FROM_HERE,
1193 base::BindOnce(btu_hcif_command_status_evt_on_task, status, command));
1194 }
1195
1196 /*******************************************************************************
1197 *
1198 * Function btu_hcif_mode_change_evt
1199 *
1200 * Description Process event HCI_MODE_CHANGE_EVT
1201 *
1202 * Returns void
1203 *
1204 ******************************************************************************/
btu_hcif_mode_change_evt(uint8_t * p)1205 static void btu_hcif_mode_change_evt(uint8_t* p) {
1206 uint8_t status;
1207 uint16_t handle;
1208 uint8_t current_mode;
1209 uint16_t interval;
1210
1211 STREAM_TO_UINT8(status, p);
1212
1213 STREAM_TO_UINT16(handle, p);
1214 STREAM_TO_UINT8(current_mode, p);
1215 STREAM_TO_UINT16(interval, p);
1216 btm_sco_chk_pend_unpark(static_cast<tHCI_STATUS>(status), handle);
1217 btm_pm_proc_mode_change(static_cast<tHCI_STATUS>(status), handle,
1218 static_cast<tHCI_MODE>(current_mode), interval);
1219
1220 #if (HID_DEV_INCLUDED == TRUE && HID_DEV_PM_INCLUDED == TRUE)
1221 hidd_pm_proc_mode_change(status, current_mode, interval);
1222 #endif
1223 }
1224
1225 /* Parsing functions for btm functions */
1226
btu_hcif_sec_pin_code_request(const uint8_t * p)1227 void btu_hcif_sec_pin_code_request(const uint8_t* p) {
1228 RawAddress bda;
1229
1230 STREAM_TO_BDADDR(bda, p);
1231 btm_sec_pin_code_request(bda);
1232 }
btu_hcif_sec_link_key_request(const uint8_t * p)1233 void btu_hcif_sec_link_key_request(const uint8_t* p) {
1234 RawAddress bda;
1235 STREAM_TO_BDADDR(bda, p);
1236 btm_sec_link_key_request(bda);
1237 }
btu_hcif_rem_oob_req(const uint8_t * p)1238 void btu_hcif_rem_oob_req(const uint8_t* p) {
1239 RawAddress bda;
1240 STREAM_TO_BDADDR(bda, p);
1241 btm_rem_oob_req(bda);
1242 }
btu_hcif_simple_pair_complete(const uint8_t * p)1243 void btu_hcif_simple_pair_complete(const uint8_t* p) {
1244 RawAddress bd_addr;
1245 uint8_t status;
1246 status = *p++;
1247 STREAM_TO_BDADDR(bd_addr, p);
1248 btm_simple_pair_complete(bd_addr, status);
1249 }
btu_hcif_sec_rmt_host_support_feat_evt(const uint8_t * p)1250 void btu_hcif_sec_rmt_host_support_feat_evt(const uint8_t* p) {
1251 RawAddress bd_addr; /* peer address */
1252 uint8_t features_0;
1253
1254 STREAM_TO_BDADDR(bd_addr, p);
1255 STREAM_TO_UINT8(features_0, p);
1256 btm_sec_rmt_host_support_feat_evt(bd_addr, features_0);
1257 }
btu_hcif_proc_sp_req_evt(tBTM_SP_EVT event,const uint8_t * p)1258 void btu_hcif_proc_sp_req_evt(tBTM_SP_EVT event, const uint8_t* p) {
1259 RawAddress bda;
1260 uint32_t value = 0;
1261
1262 /* All events start with bd_addr */
1263 STREAM_TO_BDADDR(bda, p);
1264 switch (event) {
1265 case BTM_SP_CFM_REQ_EVT:
1266 case BTM_SP_KEY_NOTIF_EVT:
1267 STREAM_TO_UINT32(value, p);
1268 break;
1269 case BTM_SP_KEY_REQ_EVT:
1270 // No value needed.
1271 break;
1272 default:
1273 log::warn("unexpected event:{}", sp_evt_to_text(event));
1274 break;
1275 }
1276 btm_proc_sp_req_evt(event, bda, value);
1277 }
btu_hcif_create_conn_cancel_complete(const uint8_t * p,uint16_t evt_len)1278 void btu_hcif_create_conn_cancel_complete(const uint8_t* p, uint16_t evt_len) {
1279 uint8_t status;
1280
1281 if (evt_len < 1 + BD_ADDR_LEN) {
1282 log::error("malformatted event packet, too short");
1283 return;
1284 }
1285
1286 STREAM_TO_UINT8(status, p);
1287 RawAddress bd_addr;
1288 STREAM_TO_BDADDR(bd_addr, p);
1289 btm_create_conn_cancel_complete(status, bd_addr);
1290 }
btu_hcif_read_local_oob_complete(const uint8_t * p,uint16_t evt_len)1291 void btu_hcif_read_local_oob_complete(const uint8_t* p, uint16_t evt_len) {
1292 tBTM_SP_LOC_OOB evt_data = {};
1293 uint8_t status;
1294 if (evt_len < 1) {
1295 goto err_out;
1296 }
1297 STREAM_TO_UINT8(status, p);
1298 if (status == HCI_SUCCESS) {
1299 evt_data.status = BTM_SUCCESS;
1300 } else {
1301 evt_data.status = BTM_ERR_PROCESSING;
1302 }
1303 if (evt_len < 32 + 1) {
1304 goto err_out;
1305 }
1306 STREAM_TO_ARRAY16(evt_data.c_192.data(), p);
1307 STREAM_TO_ARRAY16(evt_data.r_192.data(), p);
1308 btm_read_local_oob_complete(evt_data);
1309 return;
1310
1311 err_out:
1312 log::error("bogus event packet, too short");
1313 }
1314
btu_hcif_read_local_oob_extended_complete(const uint8_t * p,uint16_t evt_len)1315 void btu_hcif_read_local_oob_extended_complete(const uint8_t* p,
1316 uint16_t evt_len) {
1317 if (evt_len < 64 + 1) {
1318 log::error("Invalid event length: {}", evt_len);
1319 return;
1320 }
1321
1322 tBTM_SP_LOC_OOB evt_data = {};
1323 uint8_t status;
1324 STREAM_TO_UINT8(status, p);
1325 if (status == HCI_SUCCESS) {
1326 evt_data.status = BTM_SUCCESS;
1327 } else {
1328 evt_data.status = BTM_ERR_PROCESSING;
1329 }
1330
1331 STREAM_TO_ARRAY16(evt_data.c_192.data(), p);
1332 STREAM_TO_ARRAY16(evt_data.r_192.data(), p);
1333 STREAM_TO_ARRAY16(evt_data.c_256.data(), p);
1334 STREAM_TO_ARRAY16(evt_data.r_256.data(), p);
1335 btm_read_local_oob_complete(evt_data);
1336 }
1337
1338 /*******************************************************************************
1339 *
1340 * Function btu_hcif_link_key_notification_evt
1341 *
1342 * Description Process event HCI_LINK_KEY_NOTIFICATION_EVT
1343 *
1344 * Returns void
1345 *
1346 ******************************************************************************/
btu_hcif_link_key_notification_evt(const uint8_t * p)1347 static void btu_hcif_link_key_notification_evt(const uint8_t* p) {
1348 RawAddress bda;
1349 Octet16 key;
1350 uint8_t key_type;
1351
1352 STREAM_TO_BDADDR(bda, p);
1353 STREAM_TO_ARRAY16(key.data(), p);
1354 STREAM_TO_UINT8(key_type, p);
1355
1356 btm_sec_link_key_notification(bda, key, key_type);
1357 }
1358
1359 /*******************************************************************************
1360 *
1361 * Function btu_hcif_read_clock_off_comp_evt
1362 *
1363 * Description Process event HCI_READ_CLOCK_OFF_COMP_EVT
1364 *
1365 * Returns void
1366 *
1367 ******************************************************************************/
btu_hcif_read_clock_off_comp_evt(uint8_t * p)1368 static void btu_hcif_read_clock_off_comp_evt(uint8_t* p) {
1369 uint8_t status;
1370 uint16_t handle;
1371 uint16_t clock_offset;
1372
1373 STREAM_TO_UINT8(status, p);
1374
1375 /* If failed to get clock offset just drop the result */
1376 if (status != HCI_SUCCESS) return;
1377
1378 STREAM_TO_UINT16(handle, p);
1379 STREAM_TO_UINT16(clock_offset, p);
1380
1381 handle = HCID_GET_HANDLE(handle);
1382
1383 btm_sec_update_clock_offset(handle, clock_offset);
1384 }
1385
1386 /**********************************************
1387 * Simple Pairing Events
1388 **********************************************/
1389
1390 /*******************************************************************************
1391 *
1392 * Function btu_hcif_io_cap_request_evt
1393 *
1394 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1395 *
1396 * Returns void
1397 *
1398 ******************************************************************************/
btu_hcif_io_cap_request_evt(const uint8_t * p)1399 static void btu_hcif_io_cap_request_evt(const uint8_t* p) {
1400 RawAddress bda;
1401 STREAM_TO_BDADDR(bda, p);
1402 btm_io_capabilities_req(bda);
1403 }
1404
1405 /*******************************************************************************
1406 *
1407 * Function btu_hcif_io_cap_request_evt
1408 *
1409 * Description Process event HCI_IO_CAPABILITY_REQUEST_EVT
1410 *
1411 * Returns void
1412 *
1413 ******************************************************************************/
btu_hcif_io_cap_response_evt(const uint8_t * p)1414 static void btu_hcif_io_cap_response_evt(const uint8_t* p) {
1415 tBTM_SP_IO_RSP evt_data;
1416
1417 STREAM_TO_BDADDR(evt_data.bd_addr, p);
1418
1419 uint8_t io_cap;
1420 STREAM_TO_UINT8(io_cap, p);
1421 evt_data.io_cap = static_cast<tBTM_IO_CAP>(io_cap);
1422
1423 STREAM_TO_UINT8(evt_data.oob_data, p);
1424 STREAM_TO_UINT8(evt_data.auth_req, p);
1425 btm_io_capabilities_rsp(evt_data);
1426 }
1427
1428 /**********************************************
1429 * End of Simple Pairing Events
1430 **********************************************/
1431
btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t * p)1432 static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) {
1433 uint8_t status;
1434 uint16_t handle;
1435
1436 STREAM_TO_UINT8(status, p);
1437 STREAM_TO_UINT16(handle, p);
1438
1439 btm_sec_encryption_key_refresh_complete(handle,
1440 static_cast<tHCI_STATUS>(status));
1441 }
1442
1443 /**********************************************
1444 * BLE Events
1445 **********************************************/
1446
btu_ble_proc_ltk_req(uint8_t * p,uint16_t evt_len)1447 static void btu_ble_proc_ltk_req(uint8_t* p, uint16_t evt_len) {
1448 uint16_t ediv, handle;
1449 uint8_t* pp;
1450
1451 // following the spec in Core_v5.3/Vol 4/Part E
1452 // / 7.7.65.5 LE Long Term Key Request event
1453 // A BLE Long Term Key Request event contains:
1454 // - 1-byte subevent (already consumed in btu_hcif_process_event)
1455 // - 2-byte connection handler
1456 // - 8-byte random number
1457 // - 2 byte Encrypted_Diversifier
1458 if (evt_len < 2 + 8 + 2) {
1459 log::error("Event packet too short");
1460 return;
1461 }
1462
1463 STREAM_TO_UINT16(handle, p);
1464 pp = p + 8;
1465 STREAM_TO_UINT16(ediv, pp);
1466 btm_ble_ltk_request(handle, p, ediv);
1467 /* This is empty until an upper layer cares about returning event */
1468 }
1469
1470 /**********************************************
1471 * End of BLE Events Handler
1472 **********************************************/
1473