3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2013-2014 Intel Corporation. All rights reserved.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
32 #include <sys/types.h>
38 #include "lib/bluetooth.h"
42 #include "src/shared/util.h"
43 #include "src/shared/mgmt.h"
44 #include "src/shared/queue.h"
47 #include "lib/sdp_lib.h"
48 #include "src/sdp-client.h"
52 #include "ipc-common.h"
55 #include "bluetooth.h"
57 #define DUT_MODE_FILE "/sys/kernel/debug/bluetooth/hci%u/dut_mode"
59 #define SETTINGS_FILE ANDROID_STORAGEDIR"/settings"
60 #define DEVICES_FILE ANDROID_STORAGEDIR"/devices"
61 #define CACHE_FILE ANDROID_STORAGEDIR"/cache"
63 #define ADAPTER_MAJOR_CLASS 0x02 /* Phone */
64 #define ADAPTER_MINOR_CLASS 0x03 /* Smartphone */
66 /* Default to DisplayYesNo */
67 #define DEFAULT_IO_CAPABILITY 0x01
69 /* Default discoverable timeout 120sec as in Android */
70 #define DEFAULT_DISCOVERABLE_TIMEOUT 120
72 #define DEVICES_CACHE_MAX 300
74 #define BASELEN_PROP_CHANGED (sizeof(struct hal_ev_adapter_props_changed) \
75 + sizeof(struct hal_property))
77 #define BASELEN_REMOTE_DEV_PROP (sizeof(struct hal_ev_remote_device_props) \
78 + sizeof(struct hal_property))
80 #define SCAN_TYPE_NONE 0
81 #define SCAN_TYPE_BREDR (1 << BDADDR_BREDR)
82 #define SCAN_TYPE_LE ((1 << BDADDR_LE_PUBLIC) | (1 << BDADDR_LE_RANDOM))
83 #define SCAN_TYPE_DUAL (SCAN_TYPE_BREDR | SCAN_TYPE_LE)
85 #define BDADDR_LE (BDADDR_LE_RANDOM | BDADDR_LE_PUBLIC)
119 bool found; /* if device is found in current discovery session */
120 unsigned int confirm_id; /* mgtm command id if command pending */
122 bool valid_remote_csrk;
123 bool remote_csrk_auth;
124 uint8_t remote_csrk[16];
125 uint32_t remote_sign_cnt;
127 bool valid_local_csrk;
128 bool local_csrk_auth;
129 uint8_t local_csrk[16];
130 uint32_t local_sign_cnt;
138 int reconnect_attempt;
149 uint8_t max_advert_instance;
150 uint8_t rpa_offload_supported;
151 uint8_t max_irk_list_size;
152 uint8_t max_scan_filters_supported;
153 uint16_t scan_result_storage_size;
154 uint8_t activity_energy_info_supported;
156 uint32_t current_settings;
157 uint32_t supported_settings;
160 uint8_t cur_discovery_type;
161 uint8_t exp_discovery_type;
162 uint32_t discoverable_timeout;
166 .index = MGMT_INDEX_NONE,
169 .max_advert_instance = 0,
170 .rpa_offload_supported = 0,
171 .max_irk_list_size = 0,
172 .max_scan_filters_supported = 0,
173 .scan_result_storage_size = 0,
174 .activity_energy_info_supported = 0,
175 .current_settings = 0,
176 .supported_settings = 0,
177 .cur_discovery_type = SCAN_TYPE_NONE,
178 .exp_discovery_type = SCAN_TYPE_NONE,
179 .discoverable_timeout = DEFAULT_DISCOVERABLE_TIMEOUT,
183 static const uint16_t uuid_list[] = {
190 static uint16_t option_index = MGMT_INDEX_NONE;
191 static struct mgmt *mgmt_if = NULL;
193 static GSList *bonded_devices = NULL;
194 static GSList *cached_devices = NULL;
196 static bt_le_device_found gatt_device_found_cb = NULL;
197 static bt_le_discovery_stopped gatt_discovery_stopped_cb = NULL;
199 /* This list contains addresses which are asked for records */
200 static GSList *browse_reqs;
202 static struct ipc *hal_ipc = NULL;
204 static bool kernel_conn_control = false;
206 static struct queue *unpaired_cb_list = NULL;
207 static struct queue *paired_cb_list = NULL;
209 static void get_device_android_addr(struct device *dev, uint8_t *addr)
212 * If RPA is set it means that IRK was received and ID address is being
213 * used. Android Framework is still using old RPA and it needs to be
214 * used in notifications.
216 if (bacmp(&dev->rpa, BDADDR_ANY))
217 bdaddr2android(&dev->rpa, addr);
219 bdaddr2android(&dev->bdaddr, addr);
222 static void mgmt_debug(const char *str, void *user_data)
224 const char *prefix = user_data;
225 info("%s%s", prefix, str);
228 static void store_adapter_config(void)
235 key_file = g_key_file_new();
237 g_key_file_load_from_file(key_file, SETTINGS_FILE, 0, NULL);
239 ba2str(&adapter.bdaddr, addr);
241 g_key_file_set_string(key_file, "General", "Address", addr);
244 g_key_file_set_string(key_file, "General", "Name",
247 g_key_file_set_integer(key_file, "General", "DiscoverableTimeout",
248 adapter.discoverable_timeout);
250 data = g_key_file_to_data(key_file, &length, NULL);
252 g_file_set_contents(SETTINGS_FILE, data, length, NULL);
255 g_key_file_free(key_file);
258 static void load_adapter_config(void)
264 key_file = g_key_file_new();
265 g_key_file_load_from_file(key_file, SETTINGS_FILE, 0, NULL);
267 str = g_key_file_get_string(key_file, "General", "Address", NULL);
269 g_key_file_free(key_file);
273 str2ba(str, &adapter.bdaddr);
276 adapter.name = g_key_file_get_string(key_file, "General", "Name", NULL);
278 adapter.discoverable_timeout = g_key_file_get_integer(key_file,
279 "General", "DiscoverableTimeout", &gerr);
281 adapter.discoverable_timeout = DEFAULT_DISCOVERABLE_TIMEOUT;
282 g_clear_error(&gerr);
285 g_key_file_free(key_file);
288 static void store_device_info(struct device *dev, const char *path)
296 ba2str(&dev->bdaddr, addr);
298 key_file = g_key_file_new();
299 g_key_file_load_from_file(key_file, path, 0, NULL);
301 g_key_file_set_boolean(key_file, addr, "BREDR", dev->bredr);
304 g_key_file_set_integer(key_file, addr, "AddressType",
307 g_key_file_set_string(key_file, addr, "Name", dev->name);
309 if (dev->friendly_name)
310 g_key_file_set_string(key_file, addr, "FriendlyName",
313 g_key_file_remove_key(key_file, addr, "FriendlyName", NULL);
316 g_key_file_set_integer(key_file, addr, "Class", dev->class);
318 g_key_file_remove_key(key_file, addr, "Class", NULL);
320 if (dev->bredr_seen > dev->le_seen)
321 g_key_file_set_integer(key_file, addr, "Timestamp",
324 g_key_file_set_integer(key_file, addr, "Timestamp",
331 uuids = g_new0(char *, g_slist_length(dev->uuids) + 1);
333 for (i = 0, l = dev->uuids; l; l = g_slist_next(l), i++) {
335 uint8_t *u = l->data;
336 char *uuid_str = g_malloc0(33);
338 for (j = 0; j < 16; j++)
339 sprintf(uuid_str + (j * 2), "%2.2X", u[j]);
344 g_key_file_set_string_list(key_file, addr, "Services",
345 (const char **)uuids, i);
347 g_key_file_remove_key(key_file, addr, "Services", NULL);
350 str = g_key_file_to_data(key_file, &length, NULL);
351 g_file_set_contents(path, str, length, NULL);
354 g_key_file_free(key_file);
358 static void remove_device_info(struct device *dev, const char *path)
365 ba2str(&dev->bdaddr, addr);
367 key_file = g_key_file_new();
368 g_key_file_load_from_file(key_file, path, 0, NULL);
370 g_key_file_remove_group(key_file, addr, NULL);
372 str = g_key_file_to_data(key_file, &length, NULL);
373 g_file_set_contents(path, str, length, NULL);
376 g_key_file_free(key_file);
379 static int device_match(gconstpointer a, gconstpointer b)
381 const struct device *dev = a;
382 const bdaddr_t *bdaddr = b;
384 /* Android is using RPA even if IRK was received and ID addr resolved */
385 if (!bacmp(&dev->rpa, bdaddr))
388 return bacmp(&dev->bdaddr, bdaddr);
391 static struct device *find_device(const bdaddr_t *bdaddr)
395 l = g_slist_find_custom(bonded_devices, bdaddr, device_match);
399 l = g_slist_find_custom(cached_devices, bdaddr, device_match);
406 static void free_device(struct device *dev)
409 mgmt_cancel(mgmt_if, dev->confirm_id);
412 g_free(dev->friendly_name);
413 g_slist_free_full(dev->uuids, g_free);
417 static void cache_device(struct device *new_dev)
422 l = g_slist_find(cached_devices, new_dev);
424 cached_devices = g_slist_remove(cached_devices, new_dev);
428 if (g_slist_length(cached_devices) < DEVICES_CACHE_MAX)
431 l = g_slist_last(cached_devices);
434 cached_devices = g_slist_remove(cached_devices, dev);
435 remove_device_info(dev, CACHE_FILE);
439 cached_devices = g_slist_prepend(cached_devices, new_dev);
440 store_device_info(new_dev, CACHE_FILE);
443 static struct device *create_device(const bdaddr_t *bdaddr, uint8_t bdaddr_type)
448 ba2str(bdaddr, addr);
451 dev = g_new0(struct device, 1);
453 bacpy(&dev->bdaddr, bdaddr);
455 if (bdaddr_type == BDADDR_BREDR) {
457 dev->bredr_seen = time(NULL);
460 dev->bdaddr_type = bdaddr_type;
461 dev->le_seen = time(NULL);
465 * Use address for name, will be change if one is present
466 * eg. in EIR or set by set_property.
468 dev->name = g_strdup(addr);
473 static struct device *get_device(const bdaddr_t *bdaddr, uint8_t type)
477 dev = find_device(bdaddr);
481 dev = create_device(bdaddr, type);
488 static struct device *find_device_android(const uint8_t *addr)
492 android2bdaddr(addr, &bdaddr);
494 return find_device(&bdaddr);
497 static struct device *get_device_android(const uint8_t *addr)
501 android2bdaddr(addr, &bdaddr);
503 return get_device(&bdaddr, BDADDR_BREDR);
506 static void send_adapter_property(uint8_t type, uint16_t len, const void *val)
508 uint8_t buf[BASELEN_PROP_CHANGED + len];
509 struct hal_ev_adapter_props_changed *ev = (void *) buf;
511 ev->status = HAL_STATUS_SUCCESS;
513 ev->props[0].type = type;
514 ev->props[0].len = len;
515 memcpy(ev->props[0].val, val, len);
517 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
518 HAL_EV_ADAPTER_PROPS_CHANGED, sizeof(buf), buf);
521 static void adapter_name_changed(const uint8_t *name)
523 /* Android expects string value without NULL terminator */
524 send_adapter_property(HAL_PROP_ADAPTER_NAME,
525 strlen((const char *) name), name);
528 static void adapter_set_name(const uint8_t *name)
530 if (!g_strcmp0(adapter.name, (const char *) name))
535 g_free(adapter.name);
536 adapter.name = g_strdup((const char *) name);
538 store_adapter_config();
540 adapter_name_changed(name);
543 static void mgmt_local_name_changed_event(uint16_t index, uint16_t length,
544 const void *param, void *user_data)
546 const struct mgmt_cp_set_local_name *rp = param;
548 if (length < sizeof(*rp)) {
549 error("Wrong size of local name changed parameters");
553 adapter_set_name(rp->name);
555 /* TODO Update services if needed */
558 static void powered_changed(void)
560 struct hal_ev_adapter_state_changed ev;
562 ev.state = (adapter.current_settings & MGMT_SETTING_POWERED) ?
563 HAL_POWER_ON : HAL_POWER_OFF;
567 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
568 HAL_EV_ADAPTER_STATE_CHANGED, sizeof(ev), &ev);
571 static uint8_t settings2scan_mode(void)
573 bool connectable, discoverable;
575 connectable = adapter.current_settings & MGMT_SETTING_CONNECTABLE;
576 discoverable = adapter.current_settings & MGMT_SETTING_DISCOVERABLE;
578 if (connectable && discoverable)
579 return HAL_ADAPTER_SCAN_MODE_CONN_DISC;
582 return HAL_ADAPTER_SCAN_MODE_CONN;
584 return HAL_ADAPTER_SCAN_MODE_NONE;
587 static void scan_mode_changed(void)
591 mode = settings2scan_mode();
593 DBG("mode %u", mode);
595 send_adapter_property(HAL_PROP_ADAPTER_SCAN_MODE, sizeof(mode), &mode);
598 static void adapter_class_changed(void)
600 send_adapter_property(HAL_PROP_ADAPTER_CLASS, sizeof(adapter.dev_class),
604 static void settings_changed(uint32_t settings)
606 uint32_t changed_mask;
607 uint32_t scan_mode_mask;
609 changed_mask = adapter.current_settings ^ settings;
611 adapter.current_settings = settings;
613 DBG("0x%08x", changed_mask);
615 if (changed_mask & MGMT_SETTING_POWERED)
618 scan_mode_mask = MGMT_SETTING_CONNECTABLE |
619 MGMT_SETTING_DISCOVERABLE;
622 * Only when powered, the connectable and discoverable
623 * state changes should be communicated.
625 if (adapter.current_settings & MGMT_SETTING_POWERED)
626 if (changed_mask & scan_mode_mask)
630 static void new_settings_callback(uint16_t index, uint16_t length,
631 const void *param, void *user_data)
635 if (length < sizeof(settings)) {
636 error("Wrong size of new settings parameters");
640 settings = get_le32(param);
642 DBG("settings: 0x%8.8x -> 0x%8.8x", adapter.current_settings,
645 if (settings == adapter.current_settings)
648 settings_changed(settings);
651 static void mgmt_dev_class_changed_event(uint16_t index, uint16_t length,
652 const void *param, void *user_data)
654 const struct mgmt_cod *rp = param;
657 if (length < sizeof(*rp)) {
658 error("Wrong size of class of device changed parameters");
662 dev_class = rp->val[0] | (rp->val[1] << 8) | (rp->val[2] << 16);
664 if (dev_class == adapter.dev_class)
667 DBG("Class: 0x%06x", dev_class);
669 adapter.dev_class = dev_class;
671 adapter_class_changed();
673 /* TODO: Gatt attrib set*/
676 void bt_store_gatt_ccc(const bdaddr_t *dst, uint16_t value)
684 dev = find_device(dst);
688 key_file = g_key_file_new();
690 if (!g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL)) {
691 g_key_file_free(key_file);
695 ba2str(&dev->bdaddr, addr);
697 DBG("%s Gatt CCC %d", addr, value);
699 g_key_file_set_integer(key_file, addr, "GattCCC", value);
701 data = g_key_file_to_data(key_file, &length, NULL);
702 g_file_set_contents(DEVICES_FILE, data, length, NULL);
705 g_key_file_free(key_file);
707 dev->gatt_ccc = value;
710 uint16_t bt_get_gatt_ccc(const bdaddr_t *addr)
714 dev = find_device(addr);
718 return dev->gatt_ccc;
721 static void store_link_key(const bdaddr_t *dst, const uint8_t *key,
722 uint8_t type, uint8_t pin_length)
731 key_file = g_key_file_new();
733 if (!g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL)) {
734 g_key_file_free(key_file);
740 DBG("%s type %u pin_len %u", addr, type, pin_length);
742 for (i = 0; i < 16; i++)
743 sprintf(key_str + (i * 2), "%2.2X", key[i]);
745 g_key_file_set_string(key_file, addr, "LinkKey", key_str);
746 g_key_file_set_integer(key_file, addr, "LinkKeyType", type);
747 g_key_file_set_integer(key_file, addr, "LinkKeyPinLength", pin_length);
749 data = g_key_file_to_data(key_file, &length, NULL);
750 g_file_set_contents(DEVICES_FILE, data, length, NULL);
753 g_key_file_free(key_file);
756 static void send_bond_state_change(struct device *dev, uint8_t status,
759 struct hal_ev_bond_state_changed ev;
763 get_device_android_addr(dev, ev.bdaddr);
765 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
766 HAL_EV_BOND_STATE_CHANGED, sizeof(ev), &ev);
769 static void update_bredr_state(struct device *dev, bool pairing, bool paired,
772 if (pairing == dev->pairing && paired == dev->bredr_paired &&
773 bonded == dev->bredr_bonded)
776 /* avoid unpairing device on incoming pairing request */
777 if (pairing && dev->bredr_paired)
780 /* avoid unpairing device if pairing failed */
781 if (!pairing && !paired && dev->pairing && dev->bredr_paired)
784 if (paired && !dev->le_paired && !dev->bredr_paired) {
785 cached_devices = g_slist_remove(cached_devices, dev);
786 bonded_devices = g_slist_prepend(bonded_devices, dev);
787 remove_device_info(dev, CACHE_FILE);
788 store_device_info(dev, DEVICES_FILE);
789 } else if (!paired && !dev->le_paired) {
790 bonded_devices = g_slist_remove(bonded_devices, dev);
791 remove_device_info(dev, DEVICES_FILE);
795 dev->bredr_paired = paired;
797 if (dev->bredr_paired)
798 dev->bredr_bonded = dev->bredr_bonded || bonded;
800 dev->bredr_bonded = false;
803 dev->pairing = pairing;
806 static void update_le_state(struct device *dev, bool pairing, bool paired,
809 if (pairing == dev->pairing && paired == dev->le_paired &&
810 bonded == dev->le_bonded)
813 /* avoid unpairing device on incoming pairing request */
814 if (pairing && dev->le_paired)
817 /* avoid unpairing device if pairing failed */
818 if (!pairing && !paired && dev->pairing && dev->le_paired)
821 if (paired && !dev->bredr_paired && !dev->le_paired) {
822 cached_devices = g_slist_remove(cached_devices, dev);
823 bonded_devices = g_slist_prepend(bonded_devices, dev);
824 remove_device_info(dev, CACHE_FILE);
825 store_device_info(dev, DEVICES_FILE);
826 } else if (!paired && !dev->bredr_paired) {
827 bonded_devices = g_slist_remove(bonded_devices, dev);
828 remove_device_info(dev, DEVICES_FILE);
829 dev->valid_local_csrk = false;
830 dev->valid_remote_csrk = false;
831 dev->local_sign_cnt = 0;
832 dev->remote_sign_cnt = 0;
833 memset(dev->local_csrk, 0, sizeof(dev->local_csrk));
834 memset(dev->remote_csrk, 0, sizeof(dev->remote_csrk));
838 dev->le_paired = paired;
841 dev->le_bonded = dev->le_bonded || bonded;
843 dev->le_bonded = false;
846 dev->pairing = pairing;
849 static uint8_t device_bond_state(struct device *dev)
852 return HAL_BOND_STATE_BONDING;
855 * We are checking for paired here instead of bonded as HAL API is
856 * using BOND state also if there was no bonding pairing.
858 if (dev->bredr_paired || dev->le_paired)
859 return HAL_BOND_STATE_BONDED;
861 return HAL_BOND_STATE_NONE;
864 static void update_bond_state(struct device *dev, uint8_t status,
865 uint8_t old_bond, uint8_t new_bond)
867 if (old_bond == new_bond)
871 * When internal bond state changes from bond to non-bond or other way,
872 * BfA needs to send bonding state to Android in the middle. Otherwise
873 * Android will not handle it correctly
875 if ((old_bond == HAL_BOND_STATE_NONE &&
876 new_bond == HAL_BOND_STATE_BONDED) ||
877 (old_bond == HAL_BOND_STATE_BONDED &&
878 new_bond == HAL_BOND_STATE_NONE))
879 send_bond_state_change(dev, HAL_STATUS_SUCCESS,
880 HAL_BOND_STATE_BONDING);
882 send_bond_state_change(dev, status, new_bond);
885 static void send_paired_notification(void *data, void *user_data)
887 bt_paired_device_cb cb = data;
888 struct device *dev = user_data;
893 static void update_device_state(struct device *dev, uint8_t addr_type,
894 uint8_t status, bool pairing, bool paired,
897 uint8_t old_bond, new_bond;
899 old_bond = device_bond_state(dev);
901 if (addr_type == BDADDR_BREDR)
902 update_bredr_state(dev, pairing, paired, bonded);
904 update_le_state(dev, pairing, paired, bonded);
906 new_bond = device_bond_state(dev);
908 update_bond_state(dev, status, old_bond, new_bond);
911 static void send_device_property(struct device *dev, uint8_t type,
912 uint16_t len, const void *val)
914 uint8_t buf[BASELEN_REMOTE_DEV_PROP + len];
915 struct hal_ev_remote_device_props *ev = (void *) buf;
917 ev->status = HAL_STATUS_SUCCESS;
918 get_device_android_addr(dev, ev->bdaddr);
920 ev->props[0].type = type;
921 ev->props[0].len = len;
922 memcpy(ev->props[0].val, val, len);
924 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
925 HAL_EV_REMOTE_DEVICE_PROPS, sizeof(buf), buf);
928 static void send_device_uuids_notif(struct device *dev)
930 uint8_t buf[sizeof(uint128_t) * g_slist_length(dev->uuids)];
934 for (l = dev->uuids; l; l = g_slist_next(l)) {
935 memcpy(ptr, l->data, sizeof(uint128_t));
936 ptr += sizeof(uint128_t);
939 send_device_property(dev, HAL_PROP_DEVICE_UUIDS, sizeof(buf), buf);
942 static void set_device_uuids(struct device *dev, GSList *uuids)
944 g_slist_free_full(dev->uuids, g_free);
947 if (dev->le_paired || dev->bredr_paired)
948 store_device_info(dev, DEVICES_FILE);
950 store_device_info(dev, CACHE_FILE);
952 send_device_uuids_notif(dev);
955 static void browse_req_free(struct browse_req *req)
957 g_slist_free_full(req->uuids, g_free);
961 static int uuid_128_cmp(gconstpointer a, gconstpointer b)
963 return memcmp(a, b, sizeof(uint128_t));
966 static void update_records(struct browse_req *req, sdp_list_t *recs)
968 for (; recs; recs = recs->next) {
969 sdp_record_t *rec = (sdp_record_t *) recs->data;
970 sdp_list_t *svcclass = NULL;
978 if (sdp_get_service_classes(rec, &svcclass) < 0)
984 tmp = svcclass->data;
988 sdp_uuid16_to_uuid128(&uuid128, tmp);
991 sdp_uuid32_to_uuid128(&uuid128, tmp);
994 memcpy(&uuid128, tmp, sizeof(uuid_t));
997 sdp_list_free(svcclass, free);
1001 new_uuid = g_malloc(16);/* size of 128 bit uuid */
1002 memcpy(new_uuid, &uuid128.value.uuid128,
1003 sizeof(uuid128.value.uuid128));
1005 /* Check if uuid is already added */
1006 if (g_slist_find_custom(req->uuids, new_uuid, uuid_128_cmp))
1009 req->uuids = g_slist_append(req->uuids, new_uuid);
1011 sdp_list_free(svcclass, free);
1015 static void browse_cb(sdp_list_t *recs, int err, gpointer user_data)
1017 struct browse_req *req = user_data;
1022 * If we have a valid response and req->search_uuid == 2, then L2CAP
1023 * UUID & PNP searching was successful -- we are done
1025 if (err < 0 || req->search_uuid == 2) {
1026 if (err == -ECONNRESET && req->reconnect_attempt < 1) {
1028 req->reconnect_attempt++;
1034 update_records(req, recs);
1036 /* Search for mandatory uuids */
1037 if (uuid_list[req->search_uuid]) {
1038 sdp_uuid16_create(&uuid, uuid_list[req->search_uuid++]);
1039 bt_search_service(&adapter.bdaddr, &req->bdaddr, &uuid,
1040 browse_cb, user_data, NULL, 0);
1045 dev = find_device(&req->bdaddr);
1047 set_device_uuids(dev, req->uuids);
1051 browse_reqs = g_slist_remove(browse_reqs, req);
1052 browse_req_free(req);
1055 static int req_cmp(gconstpointer a, gconstpointer b)
1057 const struct browse_req *req = a;
1058 const bdaddr_t *bdaddr = b;
1060 return bacmp(&req->bdaddr, bdaddr);
1063 static uint8_t browse_remote_sdp(const bdaddr_t *addr)
1065 struct browse_req *req;
1068 if (g_slist_find_custom(browse_reqs, addr, req_cmp))
1069 return HAL_STATUS_SUCCESS;
1071 req = g_new0(struct browse_req, 1);
1072 bacpy(&req->bdaddr, addr);
1073 sdp_uuid16_create(&uuid, uuid_list[req->search_uuid++]);
1075 if (bt_search_service(&adapter.bdaddr,
1076 &req->bdaddr, &uuid, browse_cb, req, NULL , 0) < 0) {
1077 browse_req_free(req);
1078 return HAL_STATUS_FAILED;
1081 browse_reqs = g_slist_append(browse_reqs, req);
1083 return HAL_STATUS_SUCCESS;
1086 static void send_remote_sdp_rec_notify(bt_uuid_t *uuid, int channel,
1087 char *name, uint8_t name_len,
1088 uint8_t status, bdaddr_t *bdaddr)
1090 struct hal_prop_device_service_rec *prop;
1091 uint8_t buf[BASELEN_REMOTE_DEV_PROP + name_len + sizeof(*prop)];
1092 struct hal_ev_remote_device_props *ev = (void *) buf;
1093 size_t prop_len = sizeof(*prop) + name_len;
1095 memset(buf, 0, sizeof(buf));
1097 if (uuid && status == HAL_STATUS_SUCCESS) {
1098 prop = (void *) &ev->props[0].val;
1099 prop->name_len = name_len;
1100 prop->channel = (uint16_t)channel;
1101 memcpy(prop->name, name, name_len);
1102 memcpy(prop->uuid, &uuid->value.u128, sizeof(prop->uuid));
1106 ev->status = status;
1107 ev->props[0].len = prop_len;
1108 bdaddr2android(bdaddr, ev->bdaddr);
1109 ev->props[0].type = HAL_PROP_DEVICE_SERVICE_REC;
1111 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
1112 HAL_EV_REMOTE_DEVICE_PROPS,
1116 static void find_remote_sdp_rec_cb(sdp_list_t *recs, int err,
1119 bdaddr_t *addr = user_data;
1127 sdp_record_t *sdp_rec;
1130 error("error while search remote sdp records");
1131 status = HAL_STATUS_FAILED;
1132 send_remote_sdp_rec_notify(NULL, 0, NULL, 0, status, addr);
1137 info("No service records found on remote");
1138 status = HAL_STATUS_SUCCESS;
1139 send_remote_sdp_rec_notify(NULL, 0, NULL, 0, status, addr);
1143 for ( ; recs; recs = recs->next) {
1144 sdp_rec = recs->data;
1146 switch (sdp_rec->svclass.type) {
1148 sdp_uuid16_to_uuid128(&uuid128_sdp,
1152 sdp_uuid32_to_uuid128(&uuid128_sdp,
1158 error("wrong sdp uuid type");
1162 if (!sdp_get_access_protos(sdp_rec, &protos)) {
1163 channel = sdp_get_proto_port(protos, RFCOMM_UUID);
1165 sdp_list_foreach(protos,
1166 (sdp_list_func_t) sdp_list_free,
1168 sdp_list_free(protos, NULL);
1173 error("can't get channel for sdp record");
1177 if (!sdp_get_service_name(sdp_rec, name_buf, sizeof(name_buf)))
1178 name_len = strlen(name_buf);
1182 uuid.type = BT_UUID128;
1183 memcpy(&uuid.value.u128, uuid128_sdp.value.uuid128.data,
1184 sizeof(uuid.value.u128));
1185 status = HAL_STATUS_SUCCESS;
1187 send_remote_sdp_rec_notify(&uuid, channel, name_buf, name_len,
1195 static uint8_t find_remote_sdp_rec(const bdaddr_t *addr,
1196 const uint8_t *find_uuid)
1201 /* from android we always get full 128bit length uuid */
1202 sdp_uuid128_create(&uuid, find_uuid);
1204 bdaddr = g_new(bdaddr_t, 1);
1206 return HAL_STATUS_NOMEM;
1208 memcpy(bdaddr, addr, sizeof(*bdaddr));
1210 if (bt_search_service(&adapter.bdaddr, addr, &uuid,
1211 find_remote_sdp_rec_cb, bdaddr, NULL, 0) < 0) {
1213 return HAL_STATUS_FAILED;
1216 return HAL_STATUS_SUCCESS;
1219 static void new_link_key_callback(uint16_t index, uint16_t length,
1220 const void *param, void *user_data)
1222 const struct mgmt_ev_new_link_key *ev = param;
1223 const struct mgmt_addr_info *addr = &ev->key.addr;
1227 if (length < sizeof(*ev)) {
1228 error("Too small new link key event");
1232 ba2str(&addr->bdaddr, dst);
1234 DBG("new key for %s type %u pin_len %u",
1235 dst, ev->key.type, ev->key.pin_len);
1237 if (ev->key.pin_len > 16) {
1238 error("Invalid PIN length (%u) in new_key event",
1243 dev = get_device(&ev->key.addr.bdaddr, ev->key.addr.type);
1247 update_device_state(dev, ev->key.addr.type, HAL_STATUS_SUCCESS, false,
1248 true, !!ev->store_hint);
1250 if (ev->store_hint) {
1251 const struct mgmt_link_key_info *key = &ev->key;
1253 store_link_key(&addr->bdaddr, key->val, key->type,
1257 browse_remote_sdp(&addr->bdaddr);
1260 static uint8_t get_device_name(struct device *dev)
1262 send_device_property(dev, HAL_PROP_DEVICE_NAME,
1263 strlen(dev->name), dev->name);
1265 return HAL_STATUS_SUCCESS;
1268 static void pin_code_request_callback(uint16_t index, uint16_t length,
1269 const void *param, void *user_data)
1271 const struct mgmt_ev_pin_code_request *ev = param;
1272 struct hal_ev_pin_request hal_ev;
1276 if (length < sizeof(*ev)) {
1277 error("Too small PIN code request event");
1281 ba2str(&ev->addr.bdaddr, dst);
1283 dev = get_device(&ev->addr.bdaddr, BDADDR_BREDR);
1286 * Workaround for Android Bluetooth.apk issue: send remote
1289 get_device_name(dev);
1291 update_device_state(dev, ev->addr.type, HAL_STATUS_SUCCESS, true,
1294 DBG("%s type %u secure %u", dst, ev->addr.type, ev->secure);
1296 /* Name already sent in remote device prop */
1297 memset(&hal_ev, 0, sizeof(hal_ev));
1298 get_device_android_addr(dev, hal_ev.bdaddr);
1299 hal_ev.class_of_dev = dev->class;
1301 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_EV_PIN_REQUEST,
1302 sizeof(hal_ev), &hal_ev);
1305 static void send_ssp_request(struct device *dev, uint8_t variant,
1308 struct hal_ev_ssp_request ev;
1310 memset(&ev, 0, sizeof(ev));
1312 get_device_android_addr(dev, ev.bdaddr);
1313 memcpy(ev.name, dev->name, strlen(dev->name));
1314 ev.class_of_dev = dev->class;
1316 ev.pairing_variant = variant;
1317 ev.passkey = passkey;
1319 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_EV_SSP_REQUEST,
1323 static void user_confirm_request_callback(uint16_t index, uint16_t length,
1324 const void *param, void *user_data)
1326 const struct mgmt_ev_user_confirm_request *ev = param;
1330 if (length < sizeof(*ev)) {
1331 error("Too small user confirm request event");
1335 ba2str(&ev->addr.bdaddr, dst);
1336 DBG("%s confirm_hint %u", dst, ev->confirm_hint);
1338 dev = get_device(&ev->addr.bdaddr, ev->addr.type);
1342 update_device_state(dev, ev->addr.type, HAL_STATUS_SUCCESS, true,
1345 if (ev->confirm_hint)
1346 send_ssp_request(dev, HAL_SSP_VARIANT_CONSENT, 0);
1348 send_ssp_request(dev, HAL_SSP_VARIANT_CONFIRM, ev->value);
1351 static void user_passkey_request_callback(uint16_t index, uint16_t length,
1352 const void *param, void *user_data)
1354 const struct mgmt_ev_user_passkey_request *ev = param;
1358 if (length < sizeof(*ev)) {
1359 error("Too small passkey request event");
1363 ba2str(&ev->addr.bdaddr, dst);
1366 dev = get_device(&ev->addr.bdaddr, ev->addr.type);
1370 update_device_state(dev, ev->addr.type, HAL_STATUS_SUCCESS, true,
1373 send_ssp_request(dev, HAL_SSP_VARIANT_ENTRY, 0);
1376 static void user_passkey_notify_callback(uint16_t index, uint16_t length,
1380 const struct mgmt_ev_passkey_notify *ev = param;
1384 if (length < sizeof(*ev)) {
1385 error("Too small passkey notify event");
1389 ba2str(&ev->addr.bdaddr, dst);
1390 DBG("%s entered %u", dst, ev->entered);
1392 /* HAL seems to not support entered characters */
1396 dev = find_device(&ev->addr.bdaddr);
1400 update_device_state(dev, ev->addr.type, HAL_STATUS_SUCCESS, true,
1403 send_ssp_request(dev, HAL_SSP_VARIANT_NOTIF, ev->passkey);
1406 static void clear_device_found(gpointer data, gpointer user_data)
1408 struct device *dev = data;
1413 static uint8_t get_supported_discovery_type(void)
1415 uint8_t type = SCAN_TYPE_NONE;
1417 if (adapter.current_settings & MGMT_SETTING_BREDR)
1418 type |= SCAN_TYPE_BREDR;
1420 if (adapter.current_settings & MGMT_SETTING_LE)
1421 type |= SCAN_TYPE_LE;
1426 static bool start_discovery(uint8_t type)
1428 struct mgmt_cp_start_discovery cp;
1430 cp.type = get_supported_discovery_type() & type;
1432 DBG("type=0x%x", cp.type);
1434 if (cp.type == SCAN_TYPE_NONE)
1437 if (mgmt_send(mgmt_if, MGMT_OP_START_DISCOVERY, adapter.index,
1438 sizeof(cp), &cp, NULL, NULL, NULL) > 0)
1441 error("Failed to start discovery");
1447 * Send discovery state change event only if it is related to dual type
1448 * discovery session (triggered by start/cancel discovery commands)
1450 static void check_discovery_state(uint8_t new_type, uint8_t old_type)
1452 struct hal_ev_discovery_state_changed ev;
1454 DBG("%u %u", new_type, old_type);
1456 if (new_type == get_supported_discovery_type()) {
1457 g_slist_foreach(bonded_devices, clear_device_found, NULL);
1458 g_slist_foreach(cached_devices, clear_device_found, NULL);
1459 ev.state = HAL_DISCOVERY_STATE_STARTED;
1463 if (old_type != get_supported_discovery_type())
1466 ev.state = HAL_DISCOVERY_STATE_STOPPED;
1469 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
1470 HAL_EV_DISCOVERY_STATE_CHANGED, sizeof(ev), &ev);
1473 static void mgmt_discovering_event(uint16_t index, uint16_t length,
1474 const void *param, void *user_data)
1476 const struct mgmt_ev_discovering *ev = param;
1479 if (length < sizeof(*ev)) {
1480 error("Too small discovering event");
1484 DBG("type %u discovering %u", ev->type, ev->discovering);
1486 if (!!adapter.cur_discovery_type == !!ev->discovering)
1489 type = ev->discovering ? ev->type : SCAN_TYPE_NONE;
1491 check_discovery_state(type, adapter.cur_discovery_type);
1493 adapter.cur_discovery_type = type;
1495 if (ev->discovering) {
1496 adapter.exp_discovery_type = adapter.le_scanning ?
1497 SCAN_TYPE_LE : SCAN_TYPE_NONE;
1501 /* One shot notification about discovery stopped */
1502 if (gatt_discovery_stopped_cb) {
1503 gatt_discovery_stopped_cb();
1504 gatt_discovery_stopped_cb = NULL;
1507 type = adapter.exp_discovery_type;
1508 adapter.exp_discovery_type = adapter.le_scanning ? SCAN_TYPE_LE :
1511 if (type != SCAN_TYPE_NONE)
1512 start_discovery(type);
1515 static void confirm_device_name_cb(uint8_t status, uint16_t length,
1516 const void *param, void *user_data)
1518 const struct mgmt_rp_confirm_name *rp = param;
1521 DBG("Confirm name status: %s (0x%02x)", mgmt_errstr(status), status);
1523 if (length < sizeof(*rp)) {
1524 error("Wrong size of confirm name response");
1528 dev = find_device(&rp->addr.bdaddr);
1532 dev->confirm_id = 0;
1535 static unsigned int confirm_device_name(const bdaddr_t *addr, uint8_t addr_type,
1538 struct mgmt_cp_confirm_name cp;
1541 memset(&cp, 0, sizeof(cp));
1542 bacpy(&cp.addr.bdaddr, addr);
1543 cp.addr.type = addr_type;
1548 res = mgmt_send(mgmt_if, MGMT_OP_CONFIRM_NAME, adapter.index,
1549 sizeof(cp), &cp, confirm_device_name_cb,
1552 error("Failed to send confirm name request");
1557 static int fill_hal_prop(void *buf, uint8_t type, uint16_t len,
1560 struct hal_property *prop = buf;
1566 memcpy(prop->val, val, len);
1568 return sizeof(*prop) + len;
1571 static uint8_t get_device_android_type(struct device *dev)
1573 if (dev->bredr && dev->le)
1574 return HAL_TYPE_DUAL;
1579 return HAL_TYPE_BREDR;
1582 uint8_t bt_get_device_android_type(const bdaddr_t *addr)
1586 dev = get_device(addr, BDADDR_BREDR);
1588 return get_device_android_type(dev);
1591 bool bt_is_device_le(const bdaddr_t *addr)
1595 dev = find_device(addr);
1602 const bdaddr_t *bt_get_id_addr(const bdaddr_t *addr, uint8_t *type)
1606 dev = find_device(addr);
1611 *type = dev->bdaddr_type;
1613 return &dev->bdaddr;
1616 const char *bt_get_adapter_name(void)
1618 return adapter.name;
1621 bool bt_device_is_bonded(const bdaddr_t *bdaddr)
1623 if (g_slist_find_custom(bonded_devices, bdaddr, device_match))
1629 bool bt_device_set_uuids(const bdaddr_t *addr, GSList *uuids)
1633 dev = find_device(addr);
1637 set_device_uuids(dev, uuids);
1642 bool bt_kernel_conn_control(void)
1644 return kernel_conn_control;
1647 bool bt_auto_connect_add(const bdaddr_t *addr)
1649 struct mgmt_cp_add_device cp;
1652 if (!kernel_conn_control)
1655 dev = find_device(addr);
1659 if (dev->bdaddr_type == BDADDR_BREDR) {
1660 DBG("auto-connection feature is not available for BR/EDR");
1664 if (dev->in_white_list) {
1665 DBG("Device already in white list");
1669 memset(&cp, 0, sizeof(cp));
1670 bacpy(&cp.addr.bdaddr, addr);
1671 cp.addr.type = dev->bdaddr_type;
1674 if (mgmt_send(mgmt_if, MGMT_OP_ADD_DEVICE, adapter.index, sizeof(cp),
1675 &cp, NULL, NULL, NULL) > 0) {
1676 dev->in_white_list = true;
1680 error("Failed to add device");
1685 void bt_auto_connect_remove(const bdaddr_t *addr)
1687 struct mgmt_cp_remove_device cp;
1690 if (!kernel_conn_control)
1693 dev = find_device(addr);
1697 if (dev->bdaddr_type == BDADDR_BREDR) {
1698 DBG("auto-connection feature is not available for BR/EDR");
1702 if (!dev->in_white_list) {
1703 DBG("Device already removed from white list");
1707 memset(&cp, 0, sizeof(cp));
1708 bacpy(&cp.addr.bdaddr, addr);
1709 cp.addr.type = dev->bdaddr_type;
1711 if (mgmt_send(mgmt_if, MGMT_OP_REMOVE_DEVICE, adapter.index,
1712 sizeof(cp), &cp, NULL, NULL, NULL) > 0) {
1713 dev->in_white_list = false;
1717 error("Failed to remove device");
1720 static bool match_by_value(const void *data, const void *user_data)
1722 return data == user_data;
1725 bool bt_unpaired_register(bt_unpaired_device_cb cb)
1727 if (queue_find(unpaired_cb_list, match_by_value, cb))
1730 return queue_push_head(unpaired_cb_list, cb);
1733 void bt_unpaired_unregister(bt_unpaired_device_cb cb)
1735 queue_remove(unpaired_cb_list, cb);
1738 bool bt_paired_register(bt_paired_device_cb cb)
1740 if (queue_find(paired_cb_list, match_by_value, cb))
1743 return queue_push_head(paired_cb_list, cb);
1746 void bt_paired_unregister(bt_paired_device_cb cb)
1748 queue_remove(paired_cb_list, cb);
1751 bool bt_is_pairing(const bdaddr_t *addr)
1755 dev = find_device(addr);
1759 return dev->pairing;
1762 static bool rssi_above_threshold(int old, int new)
1764 /* only 8 dBm or more */
1765 return abs(old - new) >= 8;
1768 static void update_new_device(struct device *dev, int8_t rssi,
1769 const struct eir_data *eir)
1771 uint8_t buf[IPC_MTU];
1772 struct hal_ev_device_found *ev = (void *) buf;
1773 uint8_t android_bdaddr[6];
1774 uint8_t android_type;
1777 memset(buf, 0, sizeof(buf));
1779 if (adapter.cur_discovery_type)
1784 get_device_android_addr(dev, android_bdaddr);
1785 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_ADDR,
1786 sizeof(android_bdaddr), android_bdaddr);
1789 android_type = get_device_android_type(dev);
1790 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_TYPE,
1791 sizeof(android_type), &android_type);
1795 dev->class = eir->class;
1798 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_CLASS,
1799 sizeof(dev->class), &dev->class);
1803 if (rssi && rssi_above_threshold(dev->rssi, rssi))
1807 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_RSSI,
1808 sizeof(dev->rssi), &dev->rssi);
1812 if (eir->name && strlen(eir->name)) {
1814 dev->name = g_strdup(eir->name);
1818 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_NAME,
1819 strlen(dev->name), dev->name);
1822 /* when updating name also send stored friendly name */
1823 if (dev->friendly_name) {
1824 size += fill_hal_prop(buf + size,
1825 HAL_PROP_DEVICE_FRIENDLY_NAME,
1826 strlen(dev->friendly_name),
1827 dev->friendly_name);
1832 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_EV_DEVICE_FOUND,
1836 static void update_device(struct device *dev, int8_t rssi,
1837 const struct eir_data *eir)
1839 uint8_t buf[IPC_MTU];
1840 struct hal_ev_remote_device_props *ev = (void *) buf;
1841 uint8_t old_type, new_type;
1844 memset(buf, 0, sizeof(buf));
1848 ev->status = HAL_STATUS_SUCCESS;
1849 get_device_android_addr(dev, ev->bdaddr);
1851 old_type = get_device_android_type(dev);
1853 new_type = get_device_android_type(dev);
1855 if (old_type != new_type) {
1856 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_TYPE,
1857 sizeof(new_type), &new_type);
1861 if (eir->class && dev->class != eir->class) {
1862 dev->class = eir->class;
1863 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_CLASS,
1864 sizeof(dev->class), &dev->class);
1868 if (rssi && rssi_above_threshold(dev->rssi, rssi)) {
1870 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_RSSI,
1871 sizeof(dev->rssi), &dev->rssi);
1875 if (eir->name && strlen(eir->name) && strcmp(dev->name, eir->name)) {
1877 dev->name = g_strdup(eir->name);
1878 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_NAME,
1879 strlen(dev->name), dev->name);
1882 /* when updating name also send stored friendly name */
1883 if (dev->friendly_name) {
1884 size += fill_hal_prop(buf + size,
1885 HAL_PROP_DEVICE_FRIENDLY_NAME,
1886 strlen(dev->friendly_name),
1887 dev->friendly_name);
1893 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
1894 HAL_EV_REMOTE_DEVICE_PROPS, size, buf);
1897 static bool is_new_device(const struct device *dev, unsigned int flags,
1898 uint8_t bdaddr_type)
1903 if (dev->bredr_paired || dev->le_paired)
1906 if (bdaddr_type != BDADDR_BREDR &&
1907 !(flags & (EIR_LIM_DISC | EIR_GEN_DISC)))
1913 static void update_found_device(const bdaddr_t *bdaddr, uint8_t bdaddr_type,
1914 int8_t rssi, bool confirm,
1916 const uint8_t *data, uint8_t data_len)
1918 struct eir_data eir;
1921 memset(&eir, 0, sizeof(eir));
1923 eir_parse(&eir, data, data_len);
1925 dev = get_device(bdaddr, bdaddr_type);
1927 if (bdaddr_type == BDADDR_BREDR) {
1929 dev->bredr_seen = time(NULL);
1932 dev->bdaddr_type = bdaddr_type;
1933 dev->le_seen = time(NULL);
1937 * Device found event needs to be send also for known device if this is
1938 * new discovery session. Otherwise framework will ignore it.
1940 if (is_new_device(dev, eir.flags, bdaddr_type))
1941 update_new_device(dev, rssi, &eir);
1943 update_device(dev, rssi, &eir);
1945 eir_data_free(&eir);
1947 /* Notify Gatt if its registered for LE events */
1948 if (bdaddr_type != BDADDR_BREDR && gatt_device_found_cb) {
1949 const bdaddr_t *addr;
1952 * If RPA is set it means that IRK was received and ID address
1953 * is being used. Android Framework is still using old RPA and
1954 * it needs to be used also in GATT notifications. Also GATT
1955 * HAL implementation is using RPA for devices matching.
1957 if (bacmp(&dev->rpa, BDADDR_ANY))
1960 addr = &dev->bdaddr;
1962 gatt_device_found_cb(addr, rssi, data_len, data, connectable,
1966 if (!dev->bredr_paired && !dev->le_paired)
1971 bool resolve_name = true;
1973 ba2str(bdaddr, addr);
1976 * Don't need to confirm name if we have it already in cache
1977 * Just check if device name is different than bdaddr
1979 if (g_strcmp0(dev->name, addr)) {
1980 get_device_name(dev);
1981 resolve_name = false;
1984 info("Device %s needs name confirmation (resolve_name=%d)",
1985 addr, resolve_name);
1986 dev->confirm_id = confirm_device_name(bdaddr, bdaddr_type,
1991 static void mgmt_device_found_event(uint16_t index, uint16_t length,
1992 const void *param, void *user_data)
1994 const struct mgmt_ev_device_found *ev = param;
2002 if (length < sizeof(*ev)) {
2003 error("Too short device found event (%u bytes)", length);
2007 eir_len = le16_to_cpu(ev->eir_len);
2008 if (length != sizeof(*ev) + eir_len) {
2009 error("Device found event size mismatch (%u != %zu)",
2010 length, sizeof(*ev) + eir_len);
2019 flags = le32_to_cpu(ev->flags);
2021 ba2str(&ev->addr.bdaddr, addr);
2022 DBG("hci%u addr %s, rssi %d flags 0x%04x eir_len %u",
2023 index, addr, ev->rssi, flags, eir_len);
2025 confirm_name = flags & MGMT_DEV_FOUND_CONFIRM_NAME;
2026 connectable = !(flags & MGMT_DEV_FOUND_NOT_CONNECTABLE);
2028 update_found_device(&ev->addr.bdaddr, ev->addr.type, ev->rssi,
2029 confirm_name, connectable, eir, eir_len);
2032 static void mgmt_device_connected_event(uint16_t index, uint16_t length,
2033 const void *param, void *user_data)
2035 const struct mgmt_ev_device_connected *ev = param;
2036 struct hal_ev_acl_state_changed hal_ev;
2040 if (length < sizeof(*ev)) {
2041 error("Too short device connected event (%u bytes)", length);
2045 ba2str(&ev->addr.bdaddr, addr);
2046 DBG("%s type %u", addr, ev->addr.type);
2048 update_found_device(&ev->addr.bdaddr, ev->addr.type, 0, false, false,
2049 &ev->eir[0], le16_to_cpu(ev->eir_len));
2051 hal_ev.status = HAL_STATUS_SUCCESS;
2052 hal_ev.state = HAL_ACL_STATE_CONNECTED;
2054 dev = find_device(&ev->addr.bdaddr);
2058 dev->connected = true;
2060 get_device_android_addr(dev, hal_ev.bdaddr);
2062 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
2063 HAL_EV_ACL_STATE_CHANGED, sizeof(hal_ev), &hal_ev);
2066 static bool device_is_paired(struct device *dev, uint8_t addr_type)
2068 if (addr_type == BDADDR_BREDR)
2069 return dev->bredr_paired;
2071 return dev->le_paired;
2074 static bool device_is_bonded(struct device *dev)
2076 return dev->bredr_bonded || dev->le_bonded;
2079 static void mgmt_device_disconnected_event(uint16_t index, uint16_t length,
2083 const struct mgmt_ev_device_disconnected *ev = param;
2084 struct hal_ev_acl_state_changed hal_ev;
2086 uint8_t type = ev->addr.type;
2088 if (length < sizeof(*ev)) {
2089 error("Too short device disconnected event (%u bytes)", length);
2093 dev = find_device(&ev->addr.bdaddr);
2097 hal_ev.status = HAL_STATUS_SUCCESS;
2098 hal_ev.state = HAL_ACL_STATE_DISCONNECTED;
2099 get_device_android_addr(dev, hal_ev.bdaddr);
2101 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
2102 HAL_EV_ACL_STATE_CHANGED, sizeof(hal_ev), &hal_ev);
2104 if (device_is_paired(dev, type) && !device_is_bonded(dev))
2105 update_device_state(dev, type, HAL_STATUS_SUCCESS, false,
2108 dev->connected = false;
2111 static uint8_t status_mgmt2hal(uint8_t mgmt)
2114 case MGMT_STATUS_SUCCESS:
2115 return HAL_STATUS_SUCCESS;
2116 case MGMT_STATUS_NO_RESOURCES:
2117 return HAL_STATUS_NOMEM;
2118 case MGMT_STATUS_BUSY:
2119 return HAL_STATUS_BUSY;
2120 case MGMT_STATUS_NOT_SUPPORTED:
2121 return HAL_STATUS_UNSUPPORTED;
2122 case MGMT_STATUS_INVALID_PARAMS:
2123 return HAL_STATUS_INVALID;
2124 case MGMT_STATUS_AUTH_FAILED:
2125 return HAL_STATUS_AUTH_FAILURE;
2126 case MGMT_STATUS_NOT_CONNECTED:
2127 return HAL_STATUS_REMOTE_DEVICE_DOWN;
2129 return HAL_STATUS_FAILED;
2133 static void mgmt_connect_failed_event(uint16_t index, uint16_t length,
2134 const void *param, void *user_data)
2136 const struct mgmt_ev_connect_failed *ev = param;
2139 if (length < sizeof(*ev)) {
2140 error("Too short connect failed event (%u bytes)", length);
2146 dev = find_device(&ev->addr.bdaddr);
2151 * In case security mode 3 pairing we will get connect failed event
2152 * in case e.g wrong PIN code entered. Let's check if device is
2153 * bonding, if so update bond state
2159 update_device_state(dev, ev->addr.type, status_mgmt2hal(ev->status),
2160 false, false, false);
2163 static void mgmt_auth_failed_event(uint16_t index, uint16_t length,
2164 const void *param, void *user_data)
2166 const struct mgmt_ev_auth_failed *ev = param;
2169 if (length < sizeof(*ev)) {
2170 error("Too small auth failed mgmt event (%u bytes)", length);
2176 dev = find_device(&ev->addr.bdaddr);
2183 update_device_state(dev, ev->addr.type, status_mgmt2hal(ev->status),
2184 false, false, false);
2187 static void mgmt_device_unpaired_event(uint16_t index, uint16_t length,
2188 const void *param, void *user_data)
2190 const struct mgmt_ev_device_unpaired *ev = param;
2193 if (length < sizeof(*ev)) {
2194 error("Too small device unpaired event (%u bytes)", length);
2200 /* TODO should device be disconnected ? */
2202 dev = find_device(&ev->addr.bdaddr);
2206 update_device_state(dev, ev->addr.type, HAL_STATUS_SUCCESS, false,
2209 /* Unpaired device is removed from the white list */
2210 dev->in_white_list = false;
2213 static void store_ltk(const bdaddr_t *dst, uint8_t bdaddr_type, bool master,
2214 const uint8_t *key, uint8_t key_type, uint8_t enc_size,
2215 uint16_t ediv, uint64_t rand)
2217 const char *key_s, *keytype_s, *encsize_s, *ediv_s, *rand_s;
2225 key_file = g_key_file_new();
2226 if (!g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL)) {
2227 g_key_file_free(key_file);
2233 key_s = master ? "LongTermKey" : "SlaveLongTermKey";
2234 keytype_s = master ? "LongTermKeyType" : "SlaveLongTermKeyType";
2235 encsize_s = master ? "LongTermKeyEncSize" : "SlaveLongTermKeyEncSize";
2236 ediv_s = master ? "LongTermKeyEDiv" : "SlaveLongTermKeyEDiv";
2237 rand_s = master ? "LongTermKeyRand" : "SlaveLongTermKeyRand";
2239 for (i = 0; i < 16; i++)
2240 sprintf(key_str + (i * 2), "%2.2X", key[i]);
2242 g_key_file_set_string(key_file, addr, key_s, key_str);
2244 g_key_file_set_integer(key_file, addr, keytype_s, key_type);
2246 g_key_file_set_integer(key_file, addr, encsize_s, enc_size);
2248 g_key_file_set_integer(key_file, addr, ediv_s, ediv);
2250 g_key_file_set_uint64(key_file, addr, rand_s, rand);
2252 data = g_key_file_to_data(key_file, &length, NULL);
2253 g_file_set_contents(DEVICES_FILE, data, length, NULL);
2256 g_key_file_free(key_file);
2259 static void new_long_term_key_event(uint16_t index, uint16_t length,
2260 const void *param, void *user_data)
2262 const struct mgmt_ev_new_long_term_key *ev = param;
2266 if (length < sizeof(*ev)) {
2267 error("Too small long term key event (%u bytes)", length);
2271 ba2str(&ev->key.addr.bdaddr, dst);
2273 DBG("new LTK for %s type %u enc_size %u store_hint %u",
2274 dst, ev->key.type, ev->key.enc_size, ev->store_hint);
2276 dev = find_device(&ev->key.addr.bdaddr);
2280 update_device_state(dev, ev->key.addr.type, HAL_STATUS_SUCCESS, false,
2281 true, !!ev->store_hint);
2283 if (ev->store_hint) {
2284 const struct mgmt_ltk_info *key = &ev->key;
2288 ediv = le16_to_cpu(key->ediv);
2289 rand = le64_to_cpu(key->rand);
2291 store_ltk(&key->addr.bdaddr, key->addr.type, key->master,
2292 key->val, key->type, key->enc_size, ediv, rand);
2295 /* TODO browse services here? */
2298 static void store_csrk(struct device *dev)
2307 ba2str(&dev->bdaddr, addr);
2309 key_file = g_key_file_new();
2310 if (!g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL)) {
2311 g_key_file_free(key_file);
2315 if (dev->valid_local_csrk) {
2316 for (i = 0; i < 16; i++)
2317 sprintf(key_str + (i * 2), "%2.2X",
2318 dev->local_csrk[i]);
2320 g_key_file_set_string(key_file, addr, "LocalCSRK", key_str);
2322 g_key_file_set_boolean(key_file, addr, "LocalCSRKAuthenticated",
2323 dev->local_csrk_auth);
2326 if (dev->valid_remote_csrk) {
2327 for (i = 0; i < 16; i++)
2328 sprintf(key_str + (i * 2), "%2.2X",
2329 dev->remote_csrk[i]);
2331 g_key_file_set_string(key_file, addr, "RemoteCSRK", key_str);
2333 g_key_file_set_boolean(key_file, addr,
2334 "RemoteCSRKAuthenticated",
2335 dev->remote_csrk_auth);
2338 data = g_key_file_to_data(key_file, &length, NULL);
2339 g_file_set_contents(DEVICES_FILE, data, length, NULL);
2342 g_key_file_free(key_file);
2345 static void new_csrk_callback(uint16_t index, uint16_t length,
2346 const void *param, void *user_data)
2348 const struct mgmt_ev_new_csrk *ev = param;
2352 if (length < sizeof(*ev)) {
2353 error("Too small csrk event (%u bytes)", length);
2357 ba2str(&ev->key.addr.bdaddr, dst);
2358 dev = get_device(&ev->key.addr.bdaddr, ev->key.addr.type);
2362 switch (ev->key.type) {
2365 memcpy(dev->local_csrk, ev->key.val, 16);
2366 dev->local_sign_cnt = 0;
2367 dev->valid_local_csrk = true;
2368 dev->local_csrk_auth = ev->key.type == 0x02;
2372 memcpy(dev->remote_csrk, ev->key.val, 16);
2373 dev->remote_sign_cnt = 0;
2374 dev->valid_remote_csrk = true;
2375 dev->remote_csrk_auth = ev->key.type == 0x03;
2378 error("Unknown CSRK key type 02%02x", ev->key.type);
2382 update_device_state(dev, ev->key.addr.type, HAL_STATUS_SUCCESS, false,
2383 true, !!ev->store_hint);
2389 static void store_irk(struct device *dev, const uint8_t *val)
2398 ba2str(&dev->bdaddr, addr);
2400 key_file = g_key_file_new();
2401 if (!g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL)) {
2402 g_key_file_free(key_file);
2406 for (i = 0; i < 16; i++)
2407 sprintf(key_str + (i * 2), "%2.2X", val[i]);
2409 g_key_file_set_string(key_file, addr, "IdentityResolvingKey", key_str);
2411 data = g_key_file_to_data(key_file, &length, NULL);
2412 g_file_set_contents(DEVICES_FILE, data, length, NULL);
2415 g_key_file_free(key_file);
2418 static void new_irk_callback(uint16_t index, uint16_t length,
2419 const void *param, void *user_data)
2421 const struct mgmt_ev_new_irk *ev = param;
2422 const struct mgmt_addr_info *addr = &ev->key.addr;
2424 char dst[18], rpa[18];
2426 if (length < sizeof(*ev)) {
2427 error("To small New Irk Event (%u bytes)", length);
2431 ba2str(&ev->key.addr.bdaddr, dst);
2432 ba2str(&ev->rpa, rpa);
2434 DBG("new IRK for %s, RPA %s", dst, rpa);
2436 if (!bacmp(&ev->rpa, BDADDR_ANY)) {
2437 dev = get_device(&addr->bdaddr, addr->type);
2441 dev = find_device(&addr->bdaddr);
2443 if (dev && dev->bredr_paired) {
2444 bacpy(&dev->rpa, &addr->bdaddr);
2445 dev->rpa_type = addr->type;
2447 /* TODO merge properties ie. UUIDs */
2449 dev = find_device(&ev->rpa);
2453 /* don't leave garbage in cache file */
2454 remove_device_info(dev, CACHE_FILE);
2457 * RPA resolution is transparent for Android Framework
2458 * ie. device is still access by RPA so it need to be
2459 * keep. After bluetoothd restart device is advertised
2460 * to Android with IDA and RPA is not set.
2462 bacpy(&dev->rpa, &dev->bdaddr);
2463 dev->rpa_type = dev->bdaddr_type;
2465 bacpy(&dev->bdaddr, &addr->bdaddr);
2466 dev->bdaddr_type = addr->type;
2470 update_device_state(dev, ev->key.addr.type, HAL_STATUS_SUCCESS, false,
2471 true, !!ev->store_hint);
2474 store_irk(dev, ev->key.val);
2477 static void register_mgmt_handlers(void)
2479 mgmt_register(mgmt_if, MGMT_EV_NEW_SETTINGS, adapter.index,
2480 new_settings_callback, NULL, NULL);
2482 mgmt_register(mgmt_if, MGMT_EV_CLASS_OF_DEV_CHANGED, adapter.index,
2483 mgmt_dev_class_changed_event, NULL, NULL);
2485 mgmt_register(mgmt_if, MGMT_EV_LOCAL_NAME_CHANGED, adapter.index,
2486 mgmt_local_name_changed_event, NULL, NULL);
2488 mgmt_register(mgmt_if, MGMT_EV_NEW_LINK_KEY, adapter.index,
2489 new_link_key_callback, NULL, NULL);
2491 mgmt_register(mgmt_if, MGMT_EV_PIN_CODE_REQUEST, adapter.index,
2492 pin_code_request_callback, NULL, NULL);
2494 mgmt_register(mgmt_if, MGMT_EV_USER_CONFIRM_REQUEST, adapter.index,
2495 user_confirm_request_callback, NULL, NULL);
2497 mgmt_register(mgmt_if, MGMT_EV_USER_PASSKEY_REQUEST, adapter.index,
2498 user_passkey_request_callback, NULL, NULL);
2500 mgmt_register(mgmt_if, MGMT_EV_PASSKEY_NOTIFY, adapter.index,
2501 user_passkey_notify_callback, NULL, NULL);
2503 mgmt_register(mgmt_if, MGMT_EV_DISCOVERING, adapter.index,
2504 mgmt_discovering_event, NULL, NULL);
2506 mgmt_register(mgmt_if, MGMT_EV_DEVICE_FOUND, adapter.index,
2507 mgmt_device_found_event, NULL, NULL);
2509 mgmt_register(mgmt_if, MGMT_EV_DEVICE_CONNECTED, adapter.index,
2510 mgmt_device_connected_event, NULL, NULL);
2512 mgmt_register(mgmt_if, MGMT_EV_DEVICE_DISCONNECTED, adapter.index,
2513 mgmt_device_disconnected_event, NULL, NULL);
2515 mgmt_register(mgmt_if, MGMT_EV_CONNECT_FAILED, adapter.index,
2516 mgmt_connect_failed_event, NULL, NULL);
2518 mgmt_register(mgmt_if, MGMT_EV_AUTH_FAILED, adapter.index,
2519 mgmt_auth_failed_event, NULL, NULL);
2521 mgmt_register(mgmt_if, MGMT_EV_DEVICE_UNPAIRED, adapter.index,
2522 mgmt_device_unpaired_event, NULL, NULL);
2524 mgmt_register(mgmt_if, MGMT_EV_NEW_LONG_TERM_KEY, adapter.index,
2525 new_long_term_key_event, NULL, NULL);
2527 mgmt_register(mgmt_if, MGMT_EV_NEW_CSRK, adapter.index,
2528 new_csrk_callback, NULL, NULL);
2530 mgmt_register(mgmt_if, MGMT_EV_NEW_IRK, adapter.index, new_irk_callback,
2534 static void load_link_keys_complete(uint8_t status, uint16_t length,
2535 const void *param, void *user_data)
2537 bt_bluetooth_ready cb = user_data;
2541 error("Failed to load link keys for index %u: %s (0x%02x)",
2542 adapter.index, mgmt_errstr(status), status);
2547 DBG("status %u", status);
2549 cb(0, &adapter.bdaddr);
2556 static void load_link_keys(GSList *keys, bt_bluetooth_ready cb)
2558 struct mgmt_cp_load_link_keys *cp;
2559 struct mgmt_link_key_info *key;
2560 size_t key_count, cp_size;
2563 key_count = g_slist_length(keys);
2565 DBG("keys %zu ", key_count);
2567 cp_size = sizeof(*cp) + (key_count * sizeof(*key));
2569 cp = g_malloc0(cp_size);
2572 * Even if the list of stored keys is empty, it is important to
2573 * load an empty list into the kernel. That way it is ensured
2574 * that no old keys from a previous daemon are present.
2576 cp->key_count = cpu_to_le16(key_count);
2578 for (key = cp->keys; keys != NULL; keys = g_slist_next(keys), key++)
2579 memcpy(key, keys->data, sizeof(*key));
2581 id = mgmt_send(mgmt_if, MGMT_OP_LOAD_LINK_KEYS, adapter.index,
2582 cp_size, cp, load_link_keys_complete, cb, NULL);
2587 error("Failed to load link keys");
2592 static void load_ltk_complete(uint8_t status, uint16_t length,
2593 const void *param, void *user_data)
2595 if (status == MGMT_STATUS_SUCCESS)
2598 info("Failed to load LTKs: %s (0x%02x)", mgmt_errstr(status), status);
2601 static void load_ltks(GSList *ltks)
2603 struct mgmt_cp_load_long_term_keys *cp;
2604 struct mgmt_ltk_info *ltk;
2605 size_t ltk_count, cp_size;
2608 ltk_count = g_slist_length(ltks);
2610 DBG("ltks %zu", ltk_count);
2612 cp_size = sizeof(*cp) + (ltk_count * sizeof(*ltk));
2614 cp = g_malloc0(cp_size);
2617 * Even if the list of stored keys is empty, it is important to load
2618 * an empty list into the kernel. That way it is ensured that no old
2619 * keys from a previous daemon are present.
2621 cp->key_count = cpu_to_le16(ltk_count);
2623 for (l = ltks, ltk = cp->keys; l != NULL; l = g_slist_next(l), ltk++)
2624 memcpy(ltk, l->data, sizeof(*ltk));
2626 if (mgmt_send(mgmt_if, MGMT_OP_LOAD_LONG_TERM_KEYS, adapter.index,
2627 cp_size, cp, load_ltk_complete, NULL, NULL) == 0)
2628 error("Failed to load LTKs");
2633 static void load_irk_complete(uint8_t status, uint16_t length,
2634 const void *param, void *user_data)
2636 if (status == MGMT_STATUS_SUCCESS)
2639 info("Failed to load IRKs: %s (0x%02x)", mgmt_errstr(status), status);
2642 static void load_irks(GSList *irks)
2644 struct mgmt_cp_load_irks *cp;
2645 struct mgmt_irk_info *irk;
2646 size_t irk_count, cp_size;
2649 irk_count = g_slist_length(irks);
2651 DBG("irks %zu", irk_count);
2653 cp_size = sizeof(*cp) + (irk_count * sizeof(*irk));
2655 cp = g_malloc0(cp_size);
2657 cp->irk_count = cpu_to_le16(irk_count);
2659 for (l = irks, irk = cp->irks; l != NULL; l = g_slist_next(l), irk++)
2660 memcpy(irk, irks->data, sizeof(*irk));
2662 if (mgmt_send(mgmt_if, MGMT_OP_LOAD_IRKS, adapter.index, cp_size, cp,
2663 load_irk_complete, NULL, NULL) == 0)
2664 error("Failed to load IRKs");
2669 static uint8_t get_adapter_uuids(void)
2671 struct hal_ev_adapter_props_changed *ev;
2672 GSList *list = adapter.uuids;
2673 size_t uuid_count = g_slist_length(list);
2674 size_t len = uuid_count * sizeof(uint128_t);
2675 uint8_t buf[BASELEN_PROP_CHANGED + len];
2678 memset(buf, 0, sizeof(buf));
2682 ev->status = HAL_STATUS_SUCCESS;
2684 ev->props[0].type = HAL_PROP_ADAPTER_UUIDS;
2685 ev->props[0].len = len;
2688 for (; list; list = g_slist_next(list)) {
2689 uuid_t *uuid = list->data;
2691 memcpy(p, &uuid->value.uuid128, sizeof(uint128_t));
2693 p += sizeof(uint128_t);
2696 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
2697 HAL_EV_ADAPTER_PROPS_CHANGED, sizeof(buf), ev);
2699 return HAL_STATUS_SUCCESS;
2702 static void remove_uuid_complete(uint8_t status, uint16_t length,
2703 const void *param, void *user_data)
2705 if (status != MGMT_STATUS_SUCCESS) {
2706 error("Failed to remove UUID: %s (0x%02x)", mgmt_errstr(status),
2711 mgmt_dev_class_changed_event(adapter.index, length, param, NULL);
2713 get_adapter_uuids();
2716 static void remove_uuid(uuid_t *uuid)
2719 struct mgmt_cp_remove_uuid cp;
2721 ntoh128((uint128_t *) uuid->value.uuid128.data, &uint128);
2722 htob128(&uint128, (uint128_t *) cp.uuid);
2724 mgmt_send(mgmt_if, MGMT_OP_REMOVE_UUID, adapter.index, sizeof(cp), &cp,
2725 remove_uuid_complete, NULL, NULL);
2728 static void add_uuid_complete(uint8_t status, uint16_t length,
2729 const void *param, void *user_data)
2731 if (status != MGMT_STATUS_SUCCESS) {
2732 error("Failed to add UUID: %s (0x%02x)", mgmt_errstr(status),
2737 mgmt_dev_class_changed_event(adapter.index, length, param, NULL);
2739 get_adapter_uuids();
2742 static void add_uuid(uint8_t svc_hint, uuid_t *uuid)
2745 struct mgmt_cp_add_uuid cp;
2747 ntoh128((uint128_t *) uuid->value.uuid128.data, &uint128);
2748 htob128(&uint128, (uint128_t *) cp.uuid);
2750 cp.svc_hint = svc_hint;
2752 mgmt_send(mgmt_if, MGMT_OP_ADD_UUID, adapter.index, sizeof(cp), &cp,
2753 add_uuid_complete, NULL, NULL);
2756 int bt_adapter_add_record(sdp_record_t *rec, uint8_t svc_hint)
2760 uuid = sdp_uuid_to_uuid128(&rec->svclass);
2762 if (g_slist_find_custom(adapter.uuids, uuid, sdp_uuid_cmp)) {
2765 sdp_uuid2strn(uuid, uuid_str, sizeof(uuid_str));
2766 DBG("UUID %s already added", uuid_str);
2772 adapter.uuids = g_slist_prepend(adapter.uuids, uuid);
2774 add_uuid(svc_hint, uuid);
2776 return add_record_to_server(&adapter.bdaddr, rec);
2779 void bt_adapter_remove_record(uint32_t handle)
2784 rec = sdp_record_find(handle);
2788 uuid_found = g_slist_find_custom(adapter.uuids, &rec->svclass,
2791 uuid_t *uuid = uuid_found->data;
2795 adapter.uuids = g_slist_remove(adapter.uuids, uuid);
2800 remove_record_from_server(handle);
2803 static void set_mode_complete(uint8_t status, uint16_t length,
2804 const void *param, void *user_data)
2806 if (status != MGMT_STATUS_SUCCESS) {
2807 error("Failed to set mode: %s (0x%02x)",
2808 mgmt_errstr(status), status);
2813 * The parameters are identical and also the task that is
2814 * required in both cases. So it is safe to just call the
2815 * event handling functions here.
2817 new_settings_callback(adapter.index, length, param, NULL);
2820 static bool set_mode(uint16_t opcode, uint8_t mode)
2822 struct mgmt_mode cp;
2824 memset(&cp, 0, sizeof(cp));
2827 DBG("opcode=0x%x mode=0x%x", opcode, mode);
2829 if (mgmt_send(mgmt_if, opcode, adapter.index, sizeof(cp), &cp,
2830 set_mode_complete, NULL, NULL) > 0)
2833 error("Failed to set mode");
2838 static void set_io_capability(void)
2840 struct mgmt_cp_set_io_capability cp;
2842 memset(&cp, 0, sizeof(cp));
2843 cp.io_capability = DEFAULT_IO_CAPABILITY;
2845 if (mgmt_send(mgmt_if, MGMT_OP_SET_IO_CAPABILITY, adapter.index,
2846 sizeof(cp), &cp, NULL, NULL, NULL) == 0)
2847 error("Failed to set IO capability");
2850 static void set_device_id(void)
2852 struct mgmt_cp_set_device_id cp;
2854 memset(&cp, 0, sizeof(cp));
2855 cp.source = cpu_to_le16(bt_config_get_pnp_source());
2856 cp.vendor = cpu_to_le16(bt_config_get_pnp_vendor());
2857 cp.product = cpu_to_le16(bt_config_get_pnp_product());
2858 cp.version = cpu_to_le16(bt_config_get_pnp_version());
2860 if (mgmt_send(mgmt_if, MGMT_OP_SET_DEVICE_ID, adapter.index,
2861 sizeof(cp), &cp, NULL, NULL, NULL) == 0)
2862 error("Failed to set device id");
2864 register_device_id(bt_config_get_pnp_source(),
2865 bt_config_get_pnp_vendor(),
2866 bt_config_get_pnp_product(),
2867 bt_config_get_pnp_version());
2869 bt_adapter_add_record(sdp_record_find(0x10000), 0x00);
2872 static void set_adapter_name_complete(uint8_t status, uint16_t length,
2873 const void *param, void *user_data)
2875 const struct mgmt_cp_set_local_name *rp = param;
2877 if (status != MGMT_STATUS_SUCCESS) {
2878 error("Failed to set name: %s (0x%02x)", mgmt_errstr(status),
2883 adapter_set_name(rp->name);
2886 static uint8_t set_adapter_name(const uint8_t *name, uint16_t len)
2888 struct mgmt_cp_set_local_name cp;
2890 memset(&cp, 0, sizeof(cp));
2891 memcpy(cp.name, name, len);
2893 if (mgmt_send(mgmt_if, MGMT_OP_SET_LOCAL_NAME, adapter.index,
2894 sizeof(cp), &cp, set_adapter_name_complete,
2896 return HAL_STATUS_SUCCESS;
2898 error("Failed to set name");
2900 return HAL_STATUS_FAILED;
2903 static uint8_t set_adapter_discoverable_timeout(const void *buf, uint16_t len)
2905 const uint32_t *timeout = buf;
2907 if (len != sizeof(*timeout)) {
2908 error("Invalid set disc timeout size (%u bytes), terminating",
2911 return HAL_STATUS_FAILED;
2915 * Android handles discoverable timeout in Settings app.
2916 * There is no need to use kernel feature for that.
2917 * Just need to store this value here
2920 memcpy(&adapter.discoverable_timeout, timeout, sizeof(uint32_t));
2922 store_adapter_config();
2924 send_adapter_property(HAL_PROP_ADAPTER_DISC_TIMEOUT,
2925 sizeof(adapter.discoverable_timeout),
2926 &adapter.discoverable_timeout);
2928 return HAL_STATUS_SUCCESS;
2931 static void clear_uuids(void)
2933 struct mgmt_cp_remove_uuid cp;
2935 memset(&cp, 0, sizeof(cp));
2937 mgmt_send(mgmt_if, MGMT_OP_REMOVE_UUID, adapter.index, sizeof(cp),
2938 &cp, NULL, NULL, NULL);
2941 static struct device *create_device_from_info(GKeyFile *key_file,
2950 /* BREDR if not present */
2951 type = g_key_file_get_integer(key_file, peer, "AddressType", NULL);
2953 str2ba(peer, &bdaddr);
2954 dev = create_device(&bdaddr, type);
2956 if (type != BDADDR_BREDR)
2957 dev->bredr = g_key_file_get_boolean(key_file, peer, "BREDR",
2960 str = g_key_file_get_string(key_file, peer, "LocalCSRK", NULL);
2964 dev->valid_local_csrk = true;
2965 for (i = 0; i < 16; i++)
2966 sscanf(str + (i * 2), "%02hhX", &dev->local_csrk[i]);
2970 dev->local_sign_cnt = g_key_file_get_integer(key_file, peer,
2971 "LocalCSRKSignCounter", NULL);
2973 dev->local_csrk_auth = g_key_file_get_boolean(key_file, peer,
2974 "LocalCSRKAuthenticated", NULL);
2977 str = g_key_file_get_string(key_file, peer, "RemoteCSRK", NULL);
2981 dev->valid_remote_csrk = true;
2982 for (i = 0; i < 16; i++)
2983 sscanf(str + (i * 2), "%02hhX", &dev->remote_csrk[i]);
2987 dev->remote_sign_cnt = g_key_file_get_integer(key_file, peer,
2988 "RemoteCSRKSignCounter", NULL);
2990 dev->remote_csrk_auth = g_key_file_get_boolean(key_file, peer,
2991 "RemoteCSRKAuthenticated",
2995 str = g_key_file_get_string(key_file, peer, "GattCCC", NULL);
2997 dev->gatt_ccc = atoi(str);
3001 str = g_key_file_get_string(key_file, peer, "Name", NULL);
3007 str = g_key_file_get_string(key_file, peer, "FriendlyName", NULL);
3009 g_free(dev->friendly_name);
3010 dev->friendly_name = str;
3013 dev->class = g_key_file_get_integer(key_file, peer, "Class", NULL);
3016 dev->bredr_seen = g_key_file_get_integer(key_file, peer,
3020 dev->le_seen = g_key_file_get_integer(key_file, peer,
3023 uuids = g_key_file_get_string_list(key_file, peer, "Services", NULL,
3028 for (uuid = uuids; *uuid; uuid++) {
3029 uint8_t *u = g_malloc0(16);
3032 for (i = 0; i < 16; i++)
3033 sscanf((*uuid) + (i * 2), "%02hhX", &u[i]);
3035 dev->uuids = g_slist_append(dev->uuids, u);
3044 static struct mgmt_link_key_info *get_key_info(GKeyFile *key_file,
3047 struct mgmt_link_key_info *info = NULL;
3051 str = g_key_file_get_string(key_file, peer, "LinkKey", NULL);
3052 if (!str || strlen(str) != 32)
3055 info = g_new0(struct mgmt_link_key_info, 1);
3057 str2ba(peer, &info->addr.bdaddr);
3059 for (i = 0; i < sizeof(info->val); i++)
3060 sscanf(str + (i * 2), "%02hhX", &info->val[i]);
3062 info->type = g_key_file_get_integer(key_file, peer, "LinkKeyType",
3064 info->pin_len = g_key_file_get_integer(key_file, peer,
3065 "LinkKeyPinLength", NULL);
3073 static struct mgmt_ltk_info *get_ltk_info(GKeyFile *key_file, const char *peer,
3076 const char *key_s, *keytype_s, *encsize_s, *ediv_s, *rand_s;
3077 struct mgmt_ltk_info *info = NULL;
3081 key_s = master ? "LongTermKey" : "SlaveLongTermKey";
3082 keytype_s = master ? "LongTermKeyType" : "SlaveLongTermKeyType";
3083 encsize_s = master ? "LongTermKeyEncSize" : "SlaveLongTermKeyEncSize";
3084 ediv_s = master ? "LongTermKeyEDiv" : "SlaveLongTermKeyEDiv";
3085 rand_s = master ? "LongTermKeyRand" : "SlaveLongTermKeyRand";
3087 key = g_key_file_get_string(key_file, peer, key_s, NULL);
3088 if (!key || strlen(key) != 32)
3091 info = g_new0(struct mgmt_ltk_info, 1);
3093 str2ba(peer, &info->addr.bdaddr);
3095 info->addr.type = g_key_file_get_integer(key_file, peer, "AddressType",
3098 for (i = 0; i < sizeof(info->val); i++)
3099 sscanf(key + (i * 2), "%02hhX", &info->val[i]);
3101 info->type = g_key_file_get_integer(key_file, peer, keytype_s, NULL);
3103 info->enc_size = g_key_file_get_integer(key_file, peer, encsize_s,
3106 info->rand = g_key_file_get_uint64(key_file, peer, rand_s, NULL);
3107 info->rand = cpu_to_le64(info->rand);
3109 info->ediv = g_key_file_get_integer(key_file, peer, ediv_s, NULL);
3110 info->ediv = cpu_to_le16(info->ediv);
3112 info->master = master;
3120 static struct mgmt_irk_info *get_irk_info(GKeyFile *key_file, const char *peer)
3122 struct mgmt_irk_info *info = NULL;
3126 str = g_key_file_get_string(key_file, peer, "IdentityResolvingKey",
3128 if (!str || strlen(str) != 32)
3131 info = g_new0(struct mgmt_irk_info, 1);
3133 str2ba(peer, &info->addr.bdaddr);
3135 info->addr.type = g_key_file_get_integer(key_file, peer, "AddressType",
3138 for (i = 0; i < sizeof(info->val); i++)
3139 sscanf(str + (i * 2), "%02hhX", &info->val[i]);
3147 static time_t device_timestamp(const struct device *dev)
3149 if (dev->bredr && dev->le) {
3150 if (dev->le_seen > dev->bredr_seen)
3151 return dev->le_seen;
3153 return dev->bredr_seen;
3157 return dev->bredr_seen;
3159 return dev->le_seen;
3162 static int device_timestamp_cmp(gconstpointer a, gconstpointer b)
3164 const struct device *deva = a;
3165 const struct device *devb = b;
3167 return device_timestamp(deva) < device_timestamp(devb);
3170 static void load_devices_cache(void)
3177 key_file = g_key_file_new();
3179 g_key_file_load_from_file(key_file, CACHE_FILE, 0, NULL);
3181 devs = g_key_file_get_groups(key_file, &len);
3183 for (i = 0; i < len; i++) {
3186 dev = create_device_from_info(key_file, devs[i]);
3187 cached_devices = g_slist_prepend(cached_devices, dev);
3190 cached_devices = g_slist_sort(cached_devices, device_timestamp_cmp);
3193 g_key_file_free(key_file);
3196 static void load_devices_info(bt_bluetooth_ready cb)
3202 GSList *keys = NULL;
3203 GSList *ltks = NULL;
3204 GSList *irks = NULL;
3206 key_file = g_key_file_new();
3208 g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL);
3210 devs = g_key_file_get_groups(key_file, &len);
3212 for (i = 0; i < len; i++) {
3213 struct mgmt_link_key_info *key_info;
3214 struct mgmt_ltk_info *ltk_info;
3215 struct mgmt_irk_info *irk_info;
3216 struct mgmt_ltk_info *slave_ltk_info;
3219 dev = create_device_from_info(key_file, devs[i]);
3221 key_info = get_key_info(key_file, devs[i]);
3222 irk_info = get_irk_info(key_file, devs[i]);
3223 ltk_info = get_ltk_info(key_file, devs[i], true);
3224 slave_ltk_info = get_ltk_info(key_file, devs[i], false);
3227 * Skip devices that have no permanent keys
3228 * (CSRKs are loaded by create_device_from_info())
3230 if (!dev->valid_local_csrk && !dev->valid_remote_csrk &&
3231 !key_info && !ltk_info &&
3232 !slave_ltk_info && !irk_info) {
3233 error("Failed to load keys for %s, skipping", devs[i]);
3239 keys = g_slist_prepend(keys, key_info);
3240 dev->bredr_paired = true;
3241 dev->bredr_bonded = true;
3245 irks = g_slist_prepend(irks, irk_info);
3248 ltks = g_slist_prepend(ltks, ltk_info);
3251 ltks = g_slist_prepend(ltks, slave_ltk_info);
3253 if (dev->valid_local_csrk || dev->valid_remote_csrk ||
3254 irk_info || ltk_info || slave_ltk_info) {
3255 dev->le_paired = true;
3256 dev->le_bonded = true;
3259 bonded_devices = g_slist_prepend(bonded_devices, dev);
3263 g_slist_free_full(ltks, g_free);
3266 g_slist_free_full(irks, g_free);
3268 load_link_keys(keys, cb);
3269 g_slist_free_full(keys, g_free);
3272 g_key_file_free(key_file);
3275 static void set_adapter_class(void)
3277 struct mgmt_cp_set_dev_class cp;
3279 memset(&cp, 0, sizeof(cp));
3282 * kernel assign the major and minor numbers straight to dev_class[0]
3283 * and dev_class[1] without considering the proper bit shifting.
3285 cp.major = ADAPTER_MAJOR_CLASS & 0x1f;
3286 cp.minor = ADAPTER_MINOR_CLASS << 2;
3288 if (mgmt_send(mgmt_if, MGMT_OP_SET_DEV_CLASS, adapter.index, sizeof(cp),
3289 &cp, NULL, NULL, NULL) > 0)
3292 error("Failed to set class of device");
3295 static void enable_mps(void)
3297 uuid_t uuid, *uuid128;
3299 sdp_uuid16_create(&uuid, MPS_SVCLASS_ID);
3300 uuid128 = sdp_uuid_to_uuid128(&uuid);
3305 adapter.uuids = g_slist_prepend(adapter.uuids, uuid128);
3306 add_uuid(0, uuid128);
3309 static void clear_auto_connect_list_complete(uint8_t status,
3314 if (status != MGMT_STATUS_SUCCESS)
3315 error("Failed to clear auto connect list: %s (0x%02x)",
3316 mgmt_errstr(status), status);
3319 static void clear_auto_connect_list(void)
3321 struct mgmt_cp_remove_device cp;
3323 if (!kernel_conn_control)
3326 memset(&cp, 0, sizeof(cp));
3328 if (mgmt_send(mgmt_if, MGMT_OP_REMOVE_DEVICE, adapter.index, sizeof(cp),
3329 &cp, clear_auto_connect_list_complete, NULL, NULL) > 0)
3332 error("Could not clear auto connect list");
3335 static void read_info_complete(uint8_t status, uint16_t length,
3336 const void *param, void *user_data)
3338 const struct mgmt_rp_read_info *rp = param;
3339 bt_bluetooth_ready cb = user_data;
3340 uint32_t missing_settings;
3346 error("Failed to read info for index %u: %s (0x%02x)",
3347 adapter.index, mgmt_errstr(status), status);
3352 if (length < sizeof(*rp)) {
3353 error("Too small read info complete response");
3358 if (!bacmp(&rp->bdaddr, BDADDR_ANY)) {
3359 error("No Bluetooth address");
3364 load_adapter_config();
3366 if (!bacmp(&adapter.bdaddr, BDADDR_ANY)) {
3367 bacpy(&adapter.bdaddr, &rp->bdaddr);
3368 store_adapter_config();
3369 } else if (bacmp(&adapter.bdaddr, &rp->bdaddr)) {
3370 error("Bluetooth address mismatch");
3375 if (adapter.name && g_strcmp0(adapter.name, (const char *) rp->name))
3376 set_adapter_name((uint8_t *)adapter.name, strlen(adapter.name));
3378 set_adapter_class();
3380 /* Store adapter information */
3381 adapter.dev_class = rp->dev_class[0] | (rp->dev_class[1] << 8) |
3382 (rp->dev_class[2] << 16);
3384 adapter.supported_settings = le32_to_cpu(rp->supported_settings);
3385 adapter.current_settings = le32_to_cpu(rp->current_settings);
3387 /* TODO: Register all event notification handlers */
3388 register_mgmt_handlers();
3391 clear_auto_connect_list();
3393 set_io_capability();
3397 missing_settings = adapter.current_settings ^
3398 adapter.supported_settings;
3400 if (missing_settings & MGMT_SETTING_SSP)
3401 set_mode(MGMT_OP_SET_SSP, 0x01);
3403 if (missing_settings & MGMT_SETTING_BONDABLE)
3404 set_mode(MGMT_OP_SET_BONDABLE, 0x01);
3406 load_devices_info(cb);
3407 load_devices_cache();
3415 static void mgmt_index_added_event(uint16_t index, uint16_t length,
3416 const void *param, void *user_data)
3418 bt_bluetooth_ready cb = user_data;
3420 DBG("index %u", index);
3422 if (adapter.index != MGMT_INDEX_NONE) {
3423 DBG("skip event for index %u", index);
3427 if (option_index != MGMT_INDEX_NONE && option_index != index) {
3428 DBG("skip event for index %u (option %u)", index, option_index);
3432 adapter.index = index;
3434 if (mgmt_send(mgmt_if, MGMT_OP_READ_INFO, index, 0, NULL,
3435 read_info_complete, cb, NULL) == 0) {
3441 static void mgmt_index_removed_event(uint16_t index, uint16_t length,
3442 const void *param, void *user_data)
3444 DBG("index %u", index);
3446 if (index != adapter.index)
3449 error("Adapter was removed. Exiting.");
3453 static void read_index_list_complete(uint8_t status, uint16_t length,
3454 const void *param, void *user_data)
3456 const struct mgmt_rp_read_index_list *rp = param;
3457 bt_bluetooth_ready cb = user_data;
3464 error("%s: Failed to read index list: %s (0x%02x)", __func__,
3465 mgmt_errstr(status), status);
3469 if (length < sizeof(*rp)) {
3470 error("%s: Wrong size of read index list response", __func__);
3474 num = le16_to_cpu(rp->num_controllers);
3476 DBG("Number of controllers: %u", num);
3478 if (num * sizeof(uint16_t) + sizeof(*rp) != length) {
3479 error("%s: Incorrect pkt size for index list rsp", __func__);
3483 if (adapter.index != MGMT_INDEX_NONE)
3486 for (i = 0; i < num; i++) {
3487 uint16_t index = le16_to_cpu(rp->index[i]);
3489 if (option_index != MGMT_INDEX_NONE && option_index != index)
3492 if (mgmt_send(mgmt_if, MGMT_OP_READ_INFO, index, 0, NULL,
3493 read_info_complete, cb, NULL) == 0)
3496 adapter.index = index;
3506 static void read_version_complete(uint8_t status, uint16_t length,
3507 const void *param, void *user_data)
3509 const struct mgmt_rp_read_version *rp = param;
3510 uint8_t mgmt_version, mgmt_revision;
3511 bt_bluetooth_ready cb = user_data;
3516 error("Failed to read version information: %s (0x%02x)",
3517 mgmt_errstr(status), status);
3521 if (length < sizeof(*rp)) {
3522 error("Wrong size response");
3526 mgmt_version = rp->version;
3527 mgmt_revision = le16_to_cpu(rp->revision);
3529 info("Bluetooth management interface %u.%u initialized",
3530 mgmt_version, mgmt_revision);
3532 if (MGMT_VERSION(mgmt_version, mgmt_revision) < MGMT_VERSION(1, 3)) {
3533 error("Version 1.3 or later of management interface required");
3537 /* Starting from mgmt 1.7, kernel can handle connection control */
3538 if (MGMT_VERSION(mgmt_version, mgmt_revision) >= MGMT_VERSION(1, 7)) {
3539 info("Kernel connection control will be used");
3540 kernel_conn_control = true;
3543 mgmt_register(mgmt_if, MGMT_EV_INDEX_ADDED, MGMT_INDEX_NONE,
3544 mgmt_index_added_event, cb, NULL);
3545 mgmt_register(mgmt_if, MGMT_EV_INDEX_REMOVED, MGMT_INDEX_NONE,
3546 mgmt_index_removed_event, NULL, NULL);
3548 if (mgmt_send(mgmt_if, MGMT_OP_READ_INDEX_LIST, MGMT_INDEX_NONE, 0,
3549 NULL, read_index_list_complete, cb, NULL) > 0)
3552 error("Failed to read controller index list");
3558 bool bt_bluetooth_start(int index, bool mgmt_dbg, bt_bluetooth_ready cb)
3560 DBG("index %d", index);
3562 mgmt_if = mgmt_new_default();
3564 error("Failed to access management interface");
3569 mgmt_set_debug(mgmt_if, mgmt_debug, "mgmt_if: ", NULL);
3571 if (mgmt_send(mgmt_if, MGMT_OP_READ_VERSION, MGMT_INDEX_NONE, 0, NULL,
3572 read_version_complete, cb, NULL) == 0) {
3573 error("Error sending READ_VERSION mgmt command");
3575 mgmt_unref(mgmt_if);
3582 option_index = index;
3587 static void shutdown_complete(uint8_t status, uint16_t length,
3588 const void *param, void *user_data)
3590 bt_bluetooth_stopped cb = user_data;
3592 if (status != MGMT_STATUS_SUCCESS)
3593 error("Clean controller shutdown failed");
3598 bool bt_bluetooth_stop(bt_bluetooth_stopped cb)
3600 struct mgmt_mode cp;
3602 if (adapter.index == MGMT_INDEX_NONE)
3605 info("Switching controller off");
3607 memset(&cp, 0, sizeof(cp));
3609 return mgmt_send(mgmt_if, MGMT_OP_SET_POWERED, adapter.index,
3610 sizeof(cp), &cp, shutdown_complete, (void *)cb,
3614 void bt_bluetooth_cleanup(void)
3616 g_free(adapter.name);
3617 adapter.name = NULL;
3619 mgmt_unref(mgmt_if);
3623 static bool set_discoverable(uint8_t mode, uint16_t timeout)
3625 struct mgmt_cp_set_discoverable cp;
3627 memset(&cp, 0, sizeof(cp));
3629 cp.timeout = cpu_to_le16(timeout);
3631 DBG("mode %u timeout %u", mode, timeout);
3633 if (mgmt_send(mgmt_if, MGMT_OP_SET_DISCOVERABLE, adapter.index,
3634 sizeof(cp), &cp, set_mode_complete, NULL, NULL) > 0)
3637 error("Failed to set mode discoverable");
3642 static uint8_t get_adapter_address(void)
3646 bdaddr2android(&adapter.bdaddr, buf);
3648 send_adapter_property(HAL_PROP_ADAPTER_ADDR, sizeof(buf), buf);
3650 return HAL_STATUS_SUCCESS;
3653 static uint8_t get_adapter_name(void)
3656 return HAL_STATUS_FAILED;
3658 adapter_name_changed((uint8_t *) adapter.name);
3660 return HAL_STATUS_SUCCESS;
3663 static uint8_t get_adapter_class(void)
3667 adapter_class_changed();
3669 return HAL_STATUS_SUCCESS;
3672 static uint8_t settings2type(void)
3676 bredr = adapter.current_settings & MGMT_SETTING_BREDR;
3677 le = adapter.current_settings & MGMT_SETTING_LE;
3680 return HAL_TYPE_DUAL;
3683 return HAL_TYPE_BREDR;
3691 static uint8_t get_adapter_type(void)
3697 type = settings2type();
3700 return HAL_STATUS_FAILED;
3702 send_adapter_property(HAL_PROP_ADAPTER_TYPE, sizeof(type), &type);
3704 return HAL_STATUS_SUCCESS;
3707 static uint8_t get_adapter_service_rec(void)
3709 DBG("Not implemented");
3711 /* TODO: Add implementation */
3713 return HAL_STATUS_FAILED;
3716 static uint8_t get_adapter_scan_mode(void)
3720 scan_mode_changed();
3722 return HAL_STATUS_SUCCESS;
3725 static uint8_t get_adapter_bonded_devices(void)
3727 uint8_t buf[sizeof(bdaddr_t) * g_slist_length(bonded_devices)];
3733 for (l = bonded_devices; l; l = g_slist_next(l)) {
3734 struct device *dev = l->data;
3736 get_device_android_addr(dev, buf + (i * sizeof(bdaddr_t)));
3740 send_adapter_property(HAL_PROP_ADAPTER_BONDED_DEVICES,
3741 i * sizeof(bdaddr_t), buf);
3743 return HAL_STATUS_SUCCESS;
3746 static uint8_t get_adapter_discoverable_timeout(void)
3748 send_adapter_property(HAL_PROP_ADAPTER_DISC_TIMEOUT,
3749 sizeof(adapter.discoverable_timeout),
3750 &adapter.discoverable_timeout);
3752 return HAL_STATUS_SUCCESS;
3755 static void prepare_le_features(uint8_t *le_features)
3757 le_features[0] = !!(adapter.current_settings & MGMT_SETTING_PRIVACY);
3758 le_features[1] = adapter.max_advert_instance;
3759 le_features[2] = adapter.rpa_offload_supported;
3760 le_features[3] = adapter.max_irk_list_size;
3761 le_features[4] = adapter.max_scan_filters_supported;
3763 le_features[5] = adapter.scan_result_storage_size;
3765 le_features[6] = adapter.scan_result_storage_size >> 8;
3766 le_features[7] = adapter.activity_energy_info_supported;
3769 static uint8_t get_adapter_le_features(void)
3771 uint8_t le_features[8];
3773 prepare_le_features(le_features);
3775 send_adapter_property(HAL_PROP_ADAPTER_LOCAL_LE_FEAT,
3776 sizeof(le_features), le_features);
3777 return HAL_STATUS_SUCCESS;
3780 static void handle_get_adapter_prop_cmd(const void *buf, uint16_t len)
3782 const struct hal_cmd_get_adapter_prop *cmd = buf;
3785 switch (cmd->type) {
3786 case HAL_PROP_ADAPTER_ADDR:
3787 status = get_adapter_address();
3789 case HAL_PROP_ADAPTER_NAME:
3790 status = get_adapter_name();
3792 case HAL_PROP_ADAPTER_UUIDS:
3793 status = get_adapter_uuids();
3795 case HAL_PROP_ADAPTER_CLASS:
3796 status = get_adapter_class();
3798 case HAL_PROP_ADAPTER_TYPE:
3799 status = get_adapter_type();
3801 case HAL_PROP_ADAPTER_SERVICE_REC:
3802 status = get_adapter_service_rec();
3804 case HAL_PROP_ADAPTER_SCAN_MODE:
3805 status = get_adapter_scan_mode();
3807 case HAL_PROP_ADAPTER_BONDED_DEVICES:
3808 status = get_adapter_bonded_devices();
3810 case HAL_PROP_ADAPTER_DISC_TIMEOUT:
3811 status = get_adapter_discoverable_timeout();
3813 case HAL_PROP_ADAPTER_LOCAL_LE_FEAT:
3814 status = get_adapter_le_features();
3817 status = HAL_STATUS_FAILED;
3821 if (status != HAL_STATUS_SUCCESS)
3822 error("Failed to get adapter property (type %u status %u)",
3825 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_GET_ADAPTER_PROP,
3829 static void get_adapter_properties(void)
3831 uint8_t buf[IPC_MTU];
3832 struct hal_ev_adapter_props_changed *ev = (void *) buf;
3833 uint8_t bonded[g_slist_length(bonded_devices) * sizeof(bdaddr_t)];
3834 uint128_t uuids[g_slist_length(adapter.uuids)];
3835 uint8_t android_bdaddr[6];
3836 uint8_t le_features[8];
3843 ev->status = HAL_STATUS_SUCCESS;
3846 bdaddr2android(&adapter.bdaddr, &android_bdaddr);
3847 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_ADDR,
3848 sizeof(android_bdaddr), android_bdaddr);
3852 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_NAME,
3853 strlen(adapter.name), adapter.name);
3857 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_CLASS,
3858 sizeof(adapter.dev_class), &adapter.dev_class);
3861 type = settings2type();
3863 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_TYPE,
3864 sizeof(type), &type);
3868 mode = settings2scan_mode();
3869 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_SCAN_MODE,
3870 sizeof(mode), &mode);
3873 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_DISC_TIMEOUT,
3874 sizeof(adapter.discoverable_timeout),
3875 &adapter.discoverable_timeout);
3878 for (i = 0, l = bonded_devices; l; l = g_slist_next(l), i++) {
3879 struct device *dev = l->data;
3881 get_device_android_addr(dev, bonded + (i * sizeof(bdaddr_t)));
3884 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_BONDED_DEVICES,
3885 sizeof(bonded), bonded);
3888 for (i = 0, l = adapter.uuids; l; l = g_slist_next(l), i++) {
3889 uuid_t *uuid = l->data;
3891 memcpy(&uuids[i], &uuid->value.uuid128, sizeof(uint128_t));
3894 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_UUIDS, sizeof(uuids),
3898 prepare_le_features(le_features);
3899 size += fill_hal_prop(buf + size, HAL_PROP_ADAPTER_LOCAL_LE_FEAT,
3900 sizeof(le_features), le_features);
3904 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
3905 HAL_EV_ADAPTER_PROPS_CHANGED, size, buf);
3908 static void cancel_pending_confirm_name(gpointer data, gpointer user_data)
3910 struct device *dev = data;
3912 mgmt_cancel(mgmt_if, dev->confirm_id);
3913 dev->confirm_id = 0;
3916 static bool stop_discovery(uint8_t type)
3918 struct mgmt_cp_stop_discovery cp;
3920 cp.type = get_supported_discovery_type() & type;
3922 DBG("type=0x%x", cp.type);
3924 if (cp.type == SCAN_TYPE_NONE)
3927 /* Lets drop all confirm name request as we don't need it anymore */
3928 g_slist_foreach(cached_devices, cancel_pending_confirm_name, NULL);
3930 if (mgmt_send(mgmt_if, MGMT_OP_STOP_DISCOVERY, adapter.index,
3931 sizeof(cp), &cp, NULL, NULL, NULL) > 0)
3934 error("Failed to stop discovery");
3938 struct adv_user_data {
3939 bt_le_set_advertising_done cb;
3943 static void set_advertising_cb(uint8_t status, uint16_t length,
3944 const void *param, void *user_data)
3946 struct adv_user_data *data = user_data;
3951 error("Failed to set adverising %s (0x%02x))",
3952 mgmt_errstr(status), status);
3954 data->cb(status, data->user_data);
3957 bool bt_le_set_advertising(bool advertising, bt_le_set_advertising_done cb,
3960 struct adv_user_data *data;
3961 uint8_t adv = advertising ? 0x01 : 0x00;
3963 data = new0(struct adv_user_data, 1);
3965 data->user_data = user_data;
3967 if (mgmt_send(mgmt_if, MGMT_OP_SET_ADVERTISING, adapter.index,
3968 sizeof(adv), &adv, set_advertising_cb, data, free) > 0)
3971 error("Failed to set advertising");
3976 bool bt_le_register(bt_le_device_found cb)
3978 if (gatt_device_found_cb)
3981 gatt_device_found_cb = cb;
3986 void bt_le_unregister(void)
3988 gatt_device_found_cb = NULL;
3991 bool bt_le_discovery_stop(bt_le_discovery_stopped cb)
3993 if (!(adapter.current_settings & MGMT_SETTING_POWERED))
3996 adapter.le_scanning = false;
3998 if (adapter.cur_discovery_type != SCAN_TYPE_LE) {
4005 if (!stop_discovery(SCAN_TYPE_LE))
4008 gatt_discovery_stopped_cb = cb;
4009 adapter.exp_discovery_type = SCAN_TYPE_NONE;
4014 bool bt_le_discovery_start(void)
4016 if (!(adapter.current_settings & MGMT_SETTING_POWERED))
4019 adapter.le_scanning = true;
4022 * If core is discovering - just set expected next scan type.
4023 * It will be triggered in case current scan session is almost done
4024 * i.e. we missed LE phase in interleaved scan, or we're trying to
4025 * connect to device that was already discovered.
4027 if (adapter.cur_discovery_type != SCAN_TYPE_NONE) {
4028 adapter.exp_discovery_type = SCAN_TYPE_LE;
4032 if (start_discovery(SCAN_TYPE_LE))
4038 struct read_rssi_user_data {
4039 bt_read_device_rssi_done cb;
4043 static void read_device_rssi_cb(uint8_t status, uint16_t length,
4044 const void *param, void *user_data)
4046 const struct mgmt_rp_get_conn_info *rp = param;
4047 struct read_rssi_user_data *data = user_data;
4052 error("Failed to get conn info: %s (0x%02x))",
4053 mgmt_errstr(status), status);
4055 if (length < sizeof(*rp)) {
4056 error("Wrong size of get conn info response");
4060 data->cb(status, &rp->addr.bdaddr, rp->rssi, data->user_data);
4063 bool bt_read_device_rssi(const bdaddr_t *addr, bt_read_device_rssi_done cb,
4067 struct read_rssi_user_data *data;
4068 struct mgmt_cp_get_conn_info cp;
4070 dev = find_device(addr);
4074 memcpy(&cp.addr.bdaddr, addr, sizeof(cp.addr.bdaddr));
4075 cp.addr.type = dev->bredr ? BDADDR_BREDR : dev->bdaddr_type;
4077 data = new0(struct read_rssi_user_data, 1);
4079 data->user_data = user_data;
4081 if (!mgmt_send(mgmt_if, MGMT_OP_GET_CONN_INFO, adapter.index,
4082 sizeof(cp), &cp, read_device_rssi_cb, data, free)) {
4084 error("Failed to get conn info");
4091 bool bt_get_csrk(const bdaddr_t *addr, bool local, uint8_t key[16],
4092 uint32_t *sign_cnt, bool *authenticated)
4096 dev = find_device(addr);
4100 if (local && dev->valid_local_csrk) {
4102 memcpy(key, dev->local_csrk, 16);
4105 *sign_cnt = dev->local_sign_cnt;
4108 *authenticated = dev->local_csrk_auth;
4109 } else if (!local && dev->valid_remote_csrk) {
4111 memcpy(key, dev->remote_csrk, 16);
4114 *sign_cnt = dev->remote_sign_cnt;
4117 *authenticated = dev->remote_csrk_auth;
4125 static void store_sign_counter(struct device *dev, bool local)
4127 const char *sign_cnt_s;
4135 key_file = g_key_file_new();
4136 if (!g_key_file_load_from_file(key_file, DEVICES_FILE, 0, NULL)) {
4137 g_key_file_free(key_file);
4141 ba2str(&dev->bdaddr, addr);
4143 sign_cnt_s = local ? "LocalCSRKSignCounter" : "RemoteCSRKSignCounter";
4144 sign_cnt = local ? dev->local_sign_cnt : dev->remote_sign_cnt;
4146 g_key_file_set_integer(key_file, addr, sign_cnt_s, sign_cnt);
4148 data = g_key_file_to_data(key_file, &length, NULL);
4149 g_file_set_contents(DEVICES_FILE, data, length, NULL);
4152 g_key_file_free(key_file);
4155 void bt_update_sign_counter(const bdaddr_t *addr, bool local, uint32_t val)
4159 dev = find_device(addr);
4164 dev->local_sign_cnt = val;
4166 dev->remote_sign_cnt = val;
4168 store_sign_counter(dev, local);
4171 static uint8_t set_adapter_scan_mode(const void *buf, uint16_t len)
4173 const uint8_t *mode = buf;
4174 bool conn, disc, cur_conn, cur_disc;
4176 if (len != sizeof(*mode)) {
4177 error("Invalid set scan mode size (%u bytes), terminating",
4180 return HAL_STATUS_FAILED;
4183 cur_conn = adapter.current_settings & MGMT_SETTING_CONNECTABLE;
4184 cur_disc = adapter.current_settings & MGMT_SETTING_DISCOVERABLE;
4186 DBG("connectable %u discoverable %d mode %u", cur_conn, cur_disc,
4190 case HAL_ADAPTER_SCAN_MODE_NONE:
4191 if (!cur_conn && !cur_disc)
4197 case HAL_ADAPTER_SCAN_MODE_CONN:
4198 if (cur_conn && !cur_disc)
4204 case HAL_ADAPTER_SCAN_MODE_CONN_DISC:
4205 if (cur_conn && cur_disc)
4212 return HAL_STATUS_FAILED;
4215 if (cur_conn != conn) {
4216 if (!set_mode(MGMT_OP_SET_CONNECTABLE, conn ? 0x01 : 0x00))
4217 return HAL_STATUS_FAILED;
4220 if (cur_disc != disc && conn) {
4221 if (!set_discoverable(disc ? 0x01 : 0x00, 0))
4222 return HAL_STATUS_FAILED;
4225 return HAL_STATUS_SUCCESS;
4228 /* Android expects property changed callback */
4229 scan_mode_changed();
4231 return HAL_STATUS_SUCCESS;
4234 static void handle_set_adapter_prop_cmd(const void *buf, uint16_t len)
4236 const struct hal_cmd_set_adapter_prop *cmd = buf;
4239 if (len != sizeof(*cmd) + cmd->len) {
4240 error("Invalid set adapter prop cmd (0x%x), terminating",
4246 switch (cmd->type) {
4247 case HAL_PROP_ADAPTER_SCAN_MODE:
4248 status = set_adapter_scan_mode(cmd->val, cmd->len);
4250 case HAL_PROP_ADAPTER_NAME:
4251 status = set_adapter_name(cmd->val, cmd->len);
4253 case HAL_PROP_ADAPTER_DISC_TIMEOUT:
4254 status = set_adapter_discoverable_timeout(cmd->val, cmd->len);
4257 DBG("Unhandled property type 0x%x", cmd->type);
4258 status = HAL_STATUS_FAILED;
4262 if (status != HAL_STATUS_SUCCESS)
4263 error("Failed to set adapter property (type %u status %u)",
4266 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_SET_ADAPTER_PROP,
4270 static void pair_device_complete(uint8_t status, uint16_t length,
4271 const void *param, void *user_data)
4273 const struct mgmt_rp_pair_device *rp = param;
4276 DBG("status %u", status);
4278 dev = find_device(&rp->addr.bdaddr);
4283 * Update pairing and paired status. Bonded status will be updated once
4286 update_device_state(dev, rp->addr.type, status_mgmt2hal(status), false,
4289 if (status == MGMT_STATUS_SUCCESS)
4290 queue_foreach(paired_cb_list, send_paired_notification, dev);
4293 static uint8_t select_device_bearer(struct device *dev)
4297 if (dev->bredr && dev->le) {
4298 if (dev->le_seen > dev->bredr_seen)
4299 res = dev->bdaddr_type;
4303 res = dev->bredr ? BDADDR_BREDR : dev->bdaddr_type;
4306 DBG("Selected bearer %d", res);
4311 uint8_t bt_device_last_seen_bearer(const bdaddr_t *bdaddr)
4315 dev = find_device(bdaddr);
4317 return BDADDR_BREDR;
4319 return select_device_bearer(dev);
4322 static void handle_create_bond_cmd(const void *buf, uint16_t len)
4324 const struct hal_cmd_create_bond *cmd = buf;
4327 struct mgmt_cp_pair_device cp;
4329 dev = get_device_android(cmd->bdaddr);
4331 cp.io_cap = DEFAULT_IO_CAPABILITY;
4332 cp.addr.type = select_device_bearer(dev);
4333 bacpy(&cp.addr.bdaddr, &dev->bdaddr);
4335 /* TODO: Handle transport parameter */
4336 if (cmd->transport > BT_TRANSPORT_LE) {
4337 status = HAL_STATUS_INVALID;
4341 if (device_is_paired(dev, cp.addr.type)) {
4342 status = HAL_STATUS_FAILED;
4346 if (mgmt_send(mgmt_if, MGMT_OP_PAIR_DEVICE, adapter.index, sizeof(cp),
4347 &cp, pair_device_complete, NULL, NULL) == 0) {
4348 status = HAL_STATUS_FAILED;
4352 status = HAL_STATUS_SUCCESS;
4354 update_device_state(dev, cp.addr.type, HAL_STATUS_SUCCESS, true, false,
4358 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_CREATE_BOND,
4362 static void handle_cancel_bond_cmd(const void *buf, uint16_t len)
4364 const struct hal_cmd_cancel_bond *cmd = buf;
4365 struct mgmt_addr_info cp;
4369 dev = find_device_android(cmd->bdaddr);
4371 status = HAL_STATUS_FAILED;
4375 cp.type = select_device_bearer(dev);
4376 bacpy(&cp.bdaddr, &dev->bdaddr);
4378 if (mgmt_reply(mgmt_if, MGMT_OP_CANCEL_PAIR_DEVICE, adapter.index,
4379 sizeof(cp), &cp, NULL, NULL, NULL) == 0) {
4380 status = HAL_STATUS_FAILED;
4384 status = HAL_STATUS_SUCCESS;
4387 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_CANCEL_BOND,
4391 static void send_unpaired_notification(void *data, void *user_data)
4393 bt_unpaired_device_cb cb = data;
4394 struct mgmt_addr_info *addr = user_data;
4399 static void unpair_device_complete(uint8_t status, uint16_t length,
4400 const void *param, void *user_data)
4402 const struct mgmt_rp_unpair_device *rp = param;
4405 DBG("status %u", status);
4407 if (status != MGMT_STATUS_SUCCESS && status != MGMT_STATUS_NOT_PAIRED)
4410 dev = find_device(&rp->addr.bdaddr);
4414 update_device_state(dev, rp->addr.type, HAL_STATUS_SUCCESS, false,
4417 /* Cast rp->addr to (void *) since queue_foreach don't take const */
4419 if (!dev->le_paired && !dev->bredr_paired)
4420 queue_foreach(unpaired_cb_list, send_unpaired_notification,
4424 static void handle_remove_bond_cmd(const void *buf, uint16_t len)
4426 const struct hal_cmd_remove_bond *cmd = buf;
4427 struct mgmt_cp_unpair_device cp;
4431 dev = find_device_android(cmd->bdaddr);
4433 status = HAL_STATUS_FAILED;
4438 bacpy(&cp.addr.bdaddr, &dev->bdaddr);
4440 if (dev->le_paired) {
4441 cp.addr.type = dev->bdaddr_type;
4443 if (mgmt_send(mgmt_if, MGMT_OP_UNPAIR_DEVICE, adapter.index,
4444 sizeof(cp), &cp, unpair_device_complete,
4446 status = HAL_STATUS_FAILED;
4451 if (dev->bredr_paired) {
4452 cp.addr.type = BDADDR_BREDR;
4454 if (mgmt_send(mgmt_if, MGMT_OP_UNPAIR_DEVICE, adapter.index,
4455 sizeof(cp), &cp, unpair_device_complete,
4457 status = HAL_STATUS_FAILED;
4462 status = HAL_STATUS_SUCCESS;
4465 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_REMOVE_BOND,
4469 static void handle_pin_reply_cmd(const void *buf, uint16_t len)
4471 const struct hal_cmd_pin_reply *cmd = buf;
4476 android2bdaddr(cmd->bdaddr, &bdaddr);
4477 ba2str(&bdaddr, addr);
4479 DBG("%s accept %u pin_len %u", addr, cmd->accept, cmd->pin_len);
4481 if (!cmd->accept && cmd->pin_len) {
4482 status = HAL_STATUS_INVALID;
4487 struct mgmt_cp_pin_code_reply rp;
4489 memset(&rp, 0, sizeof(rp));
4491 bacpy(&rp.addr.bdaddr, &bdaddr);
4492 rp.addr.type = BDADDR_BREDR;
4493 rp.pin_len = cmd->pin_len;
4494 memcpy(rp.pin_code, cmd->pin_code, rp.pin_len);
4496 if (mgmt_reply(mgmt_if, MGMT_OP_PIN_CODE_REPLY, adapter.index,
4497 sizeof(rp), &rp, NULL, NULL, NULL) == 0) {
4498 status = HAL_STATUS_FAILED;
4502 struct mgmt_cp_pin_code_neg_reply rp;
4504 bacpy(&rp.addr.bdaddr, &bdaddr);
4505 rp.addr.type = BDADDR_BREDR;
4507 if (mgmt_reply(mgmt_if, MGMT_OP_PIN_CODE_NEG_REPLY,
4508 adapter.index, sizeof(rp), &rp,
4509 NULL, NULL, NULL) == 0) {
4510 status = HAL_STATUS_FAILED;
4515 status = HAL_STATUS_SUCCESS;
4517 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_PIN_REPLY,
4521 static uint8_t user_confirm_reply(const bdaddr_t *bdaddr, uint8_t type,
4524 struct mgmt_addr_info cp;
4528 opcode = MGMT_OP_USER_CONFIRM_REPLY;
4530 opcode = MGMT_OP_USER_CONFIRM_NEG_REPLY;
4532 bacpy(&cp.bdaddr, bdaddr);
4535 if (mgmt_reply(mgmt_if, opcode, adapter.index, sizeof(cp), &cp,
4536 NULL, NULL, NULL) > 0)
4537 return HAL_STATUS_SUCCESS;
4539 return HAL_STATUS_FAILED;
4542 static uint8_t user_passkey_reply(const bdaddr_t *bdaddr, uint8_t type,
4543 bool accept, uint32_t passkey)
4548 struct mgmt_cp_user_passkey_reply cp;
4550 memset(&cp, 0, sizeof(cp));
4551 bacpy(&cp.addr.bdaddr, bdaddr);
4552 cp.addr.type = type;
4553 cp.passkey = cpu_to_le32(passkey);
4555 id = mgmt_reply(mgmt_if, MGMT_OP_USER_PASSKEY_REPLY,
4556 adapter.index, sizeof(cp), &cp,
4559 struct mgmt_cp_user_passkey_neg_reply cp;
4561 memset(&cp, 0, sizeof(cp));
4562 bacpy(&cp.addr.bdaddr, bdaddr);
4563 cp.addr.type = type;
4565 id = mgmt_reply(mgmt_if, MGMT_OP_USER_PASSKEY_NEG_REPLY,
4566 adapter.index, sizeof(cp), &cp,
4571 return HAL_STATUS_FAILED;
4573 return HAL_STATUS_SUCCESS;
4576 static void handle_ssp_reply_cmd(const void *buf, uint16_t len)
4578 const struct hal_cmd_ssp_reply *cmd = buf;
4583 /* TODO should parameters sanity be verified here? */
4585 dev = find_device_android(cmd->bdaddr);
4589 ba2str(&dev->bdaddr, addr);
4591 DBG("%s variant %u accept %u", addr, cmd->ssp_variant, cmd->accept);
4593 switch (cmd->ssp_variant) {
4594 case HAL_SSP_VARIANT_CONFIRM:
4595 case HAL_SSP_VARIANT_CONSENT:
4596 status = user_confirm_reply(&dev->bdaddr,
4597 select_device_bearer(dev),
4600 case HAL_SSP_VARIANT_ENTRY:
4601 status = user_passkey_reply(&dev->bdaddr,
4602 select_device_bearer(dev),
4603 cmd->accept, cmd->passkey);
4605 case HAL_SSP_VARIANT_NOTIF:
4606 status = HAL_STATUS_SUCCESS;
4609 status = HAL_STATUS_INVALID;
4613 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_SSP_REPLY,
4617 static void handle_get_remote_services_cmd(const void *buf, uint16_t len)
4619 const struct hal_cmd_get_remote_services *cmd = buf;
4623 android2bdaddr(&cmd->bdaddr, &addr);
4625 status = browse_remote_sdp(&addr);
4627 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4628 HAL_OP_GET_REMOTE_SERVICES, status);
4631 static uint8_t get_device_uuids(struct device *dev)
4633 send_device_uuids_notif(dev);
4635 return HAL_STATUS_SUCCESS;
4638 static uint8_t get_device_class(struct device *dev)
4640 send_device_property(dev, HAL_PROP_DEVICE_CLASS, sizeof(dev->class),
4643 return HAL_STATUS_SUCCESS;
4646 static uint8_t get_device_type(struct device *dev)
4648 uint8_t type = get_device_android_type(dev);
4650 send_device_property(dev, HAL_PROP_DEVICE_TYPE, sizeof(type), &type);
4652 return HAL_STATUS_SUCCESS;
4655 static uint8_t get_device_service_rec(struct device *dev)
4657 DBG("Not implemented");
4661 return HAL_STATUS_FAILED;
4664 static uint8_t get_device_friendly_name(struct device *dev)
4666 if (!dev->friendly_name)
4667 return HAL_STATUS_FAILED;
4669 send_device_property(dev, HAL_PROP_DEVICE_FRIENDLY_NAME,
4670 strlen(dev->friendly_name), dev->friendly_name);
4672 return HAL_STATUS_SUCCESS;
4675 static uint8_t get_device_rssi(struct device *dev)
4678 return HAL_STATUS_FAILED;
4680 send_device_property(dev, HAL_PROP_DEVICE_RSSI, sizeof(dev->rssi),
4683 return HAL_STATUS_SUCCESS;
4686 static uint8_t get_device_version_info(struct device *dev)
4688 DBG("Not implemented");
4692 return HAL_STATUS_FAILED;
4695 static uint8_t get_device_timestamp(struct device *dev)
4699 timestamp = device_timestamp(dev);
4701 send_device_property(dev, HAL_PROP_DEVICE_TIMESTAMP, sizeof(timestamp),
4704 return HAL_STATUS_SUCCESS;
4707 static void get_remote_device_props(struct device *dev)
4709 uint8_t buf[IPC_MTU];
4710 struct hal_ev_remote_device_props *ev = (void *) buf;
4711 uint128_t uuids[g_slist_length(dev->uuids)];
4712 uint8_t android_type;
4717 memset(buf, 0, sizeof(buf));
4721 ev->status = HAL_STATUS_SUCCESS;
4722 get_device_android_addr(dev, ev->bdaddr);
4724 android_type = get_device_android_type(dev);
4725 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_TYPE,
4726 sizeof(android_type), &android_type);
4729 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_CLASS,
4730 sizeof(dev->class), &dev->class);
4734 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_RSSI,
4735 sizeof(dev->rssi), &dev->rssi);
4739 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_NAME,
4740 strlen(dev->name), dev->name);
4743 if (dev->friendly_name) {
4744 size += fill_hal_prop(buf + size,
4745 HAL_PROP_DEVICE_FRIENDLY_NAME,
4746 strlen(dev->friendly_name),
4747 dev->friendly_name);
4751 for (i = 0, l = dev->uuids; l; l = g_slist_next(l), i++)
4752 memcpy(&uuids[i], l->data, sizeof(uint128_t));
4754 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_UUIDS, sizeof(uuids),
4758 timestamp = get_device_timestamp(dev);
4760 size += fill_hal_prop(buf + size, HAL_PROP_DEVICE_TIMESTAMP,
4761 sizeof(timestamp), ×tamp);
4764 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4765 HAL_EV_REMOTE_DEVICE_PROPS, size, buf);
4768 static void send_bonded_devices_props(void)
4772 for (l = bonded_devices; l; l = g_slist_next(l)) {
4773 struct device *dev = l->data;
4775 get_remote_device_props(dev);
4779 static void handle_enable_cmd(const void *buf, uint16_t len)
4784 * Framework expects all properties to be emitted while enabling
4787 get_adapter_properties();
4789 /* Sent also properties of bonded devices */
4790 send_bonded_devices_props();
4792 if (adapter.current_settings & MGMT_SETTING_POWERED) {
4793 status = HAL_STATUS_SUCCESS;
4797 if (!set_mode(MGMT_OP_SET_POWERED, 0x01)) {
4798 status = HAL_STATUS_FAILED;
4802 status = HAL_STATUS_SUCCESS;
4804 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_ENABLE, status);
4807 static void handle_disable_cmd(const void *buf, uint16_t len)
4811 if (!(adapter.current_settings & MGMT_SETTING_POWERED)) {
4812 status = HAL_STATUS_SUCCESS;
4816 /* Cancel all pending requests. Need it in case of ongoing paring */
4817 mgmt_cancel_index(mgmt_if, adapter.index);
4819 if (!set_mode(MGMT_OP_SET_POWERED, 0x00)) {
4820 status = HAL_STATUS_FAILED;
4824 status = HAL_STATUS_SUCCESS;
4826 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_DISABLE, status);
4829 static void handle_get_adapter_props_cmd(const void *buf, uint16_t len)
4831 get_adapter_properties();
4833 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4834 HAL_OP_GET_ADAPTER_PROPS, HAL_STATUS_SUCCESS);
4837 static void handle_get_remote_device_props_cmd(const void *buf, uint16_t len)
4839 const struct hal_cmd_get_remote_device_props *cmd = buf;
4843 dev = find_device_android(cmd->bdaddr);
4845 status = HAL_STATUS_INVALID;
4849 get_remote_device_props(dev);
4851 status = HAL_STATUS_SUCCESS;
4854 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4855 HAL_OP_GET_REMOTE_DEVICE_PROPS, status);
4858 static void handle_get_remote_device_prop_cmd(const void *buf, uint16_t len)
4860 const struct hal_cmd_get_remote_device_prop *cmd = buf;
4864 dev = find_device_android(cmd->bdaddr);
4866 status = HAL_STATUS_INVALID;
4870 switch (cmd->type) {
4871 case HAL_PROP_DEVICE_NAME:
4872 status = get_device_name(dev);
4874 case HAL_PROP_DEVICE_UUIDS:
4875 status = get_device_uuids(dev);
4877 case HAL_PROP_DEVICE_CLASS:
4878 status = get_device_class(dev);
4880 case HAL_PROP_DEVICE_TYPE:
4881 status = get_device_type(dev);
4883 case HAL_PROP_DEVICE_SERVICE_REC:
4884 status = get_device_service_rec(dev);
4886 case HAL_PROP_DEVICE_FRIENDLY_NAME:
4887 status = get_device_friendly_name(dev);
4889 case HAL_PROP_DEVICE_RSSI:
4890 status = get_device_rssi(dev);
4892 case HAL_PROP_DEVICE_VERSION_INFO:
4893 status = get_device_version_info(dev);
4895 case HAL_PROP_DEVICE_TIMESTAMP:
4896 status = get_device_timestamp(dev);
4899 status = HAL_STATUS_FAILED;
4903 if (status != HAL_STATUS_SUCCESS)
4904 error("Failed to get device property (type %u status %u)",
4908 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4909 HAL_OP_GET_REMOTE_DEVICE_PROP, status);
4912 static uint8_t set_device_friendly_name(struct device *dev, const uint8_t *val,
4917 g_free(dev->friendly_name);
4918 dev->friendly_name = g_strndup((const char *) val, len);
4920 if (dev->bredr_paired || dev->le_paired)
4921 store_device_info(dev, DEVICES_FILE);
4923 store_device_info(dev, CACHE_FILE);
4925 return HAL_STATUS_SUCCESS;
4928 static uint8_t set_device_version_info(struct device *dev)
4930 DBG("Not implemented");
4934 return HAL_STATUS_FAILED;
4937 static void handle_set_remote_device_prop_cmd(const void *buf, uint16_t len)
4939 const struct hal_cmd_set_remote_device_prop *cmd = buf;
4943 if (len != sizeof(*cmd) + cmd->len) {
4944 error("Invalid set remote device prop cmd (0x%x), terminating",
4950 dev = find_device_android(cmd->bdaddr);
4952 status = HAL_STATUS_INVALID;
4956 switch (cmd->type) {
4957 case HAL_PROP_DEVICE_FRIENDLY_NAME:
4958 status = set_device_friendly_name(dev, cmd->val, cmd->len);
4960 case HAL_PROP_DEVICE_VERSION_INFO:
4961 status = set_device_version_info(dev);
4964 status = HAL_STATUS_FAILED;
4968 if (status != HAL_STATUS_SUCCESS)
4969 error("Failed to set device property (type %u status %u)",
4973 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4974 HAL_OP_SET_REMOTE_DEVICE_PROP, status);
4977 static void handle_get_remote_service_rec_cmd(const void *buf, uint16_t len)
4979 const struct hal_cmd_get_remote_service_rec *cmd = buf;
4983 android2bdaddr(&cmd->bdaddr, &addr);
4985 status = find_remote_sdp_rec(&addr, cmd->uuid);
4987 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
4988 HAL_OP_GET_REMOTE_SERVICE_REC, status);
4991 static void handle_start_discovery_cmd(const void *buf, uint16_t len)
4995 if (!(adapter.current_settings & MGMT_SETTING_POWERED)) {
4996 status = HAL_STATUS_NOT_READY;
5000 switch (adapter.cur_discovery_type) {
5001 case SCAN_TYPE_DUAL:
5002 case SCAN_TYPE_BREDR:
5004 case SCAN_TYPE_NONE:
5005 if (!start_discovery(SCAN_TYPE_DUAL)) {
5006 status = HAL_STATUS_FAILED;
5012 if (get_supported_discovery_type() == SCAN_TYPE_LE)
5015 if (!stop_discovery(SCAN_TYPE_LE)) {
5016 status = HAL_STATUS_FAILED;
5020 adapter.exp_discovery_type = SCAN_TYPE_DUAL;
5024 status = HAL_STATUS_SUCCESS;
5027 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_START_DISCOVERY,
5031 static void handle_cancel_discovery_cmd(const void *buf, uint16_t len)
5035 if (!(adapter.current_settings & MGMT_SETTING_POWERED)) {
5036 status = HAL_STATUS_NOT_READY;
5040 switch (adapter.cur_discovery_type) {
5041 case SCAN_TYPE_NONE:
5044 if (get_supported_discovery_type() != SCAN_TYPE_LE)
5047 if (adapter.exp_discovery_type == SCAN_TYPE_LE) {
5048 status = HAL_STATUS_BUSY;
5052 if (!stop_discovery(SCAN_TYPE_LE)) {
5053 status = HAL_STATUS_FAILED;
5058 case SCAN_TYPE_DUAL:
5059 case SCAN_TYPE_BREDR:
5060 if (!stop_discovery(SCAN_TYPE_DUAL)) {
5061 status = HAL_STATUS_FAILED;
5065 if (adapter.exp_discovery_type != SCAN_TYPE_LE)
5066 adapter.exp_discovery_type = SCAN_TYPE_NONE;
5071 status = HAL_STATUS_SUCCESS;
5074 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_CANCEL_DISCOVERY,
5078 static void handle_dut_mode_conf_cmd(const void *buf, uint16_t len)
5080 const struct hal_cmd_dut_mode_conf *cmd = buf;
5081 char path[FILENAME_MAX];
5085 DBG("enable %u", cmd->enable);
5087 snprintf(path, sizeof(path), DUT_MODE_FILE, adapter.index);
5089 fd = open(path, O_WRONLY);
5091 status = HAL_STATUS_FAILED;
5096 ret = write(fd, "1", sizeof("1"));
5098 ret = write(fd, "0", sizeof("0"));
5101 status = HAL_STATUS_FAILED;
5103 status = HAL_STATUS_SUCCESS;
5108 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_DUT_MODE_CONF,
5112 static void handle_dut_mode_send_cmd(const void *buf, uint16_t len)
5114 const struct hal_cmd_dut_mode_send *cmd = buf;
5116 if (len != sizeof(*cmd) + cmd->len) {
5117 error("Invalid dut mode send cmd, terminating");
5122 error("dut_mode_send not supported (cmd opcode %u)", cmd->opcode);
5126 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_DUT_MODE_SEND,
5130 static void handle_le_test_mode_cmd(const void *buf, uint16_t len)
5132 const struct hal_cmd_le_test_mode *cmd = buf;
5134 if (len != sizeof(*cmd) + cmd->len) {
5135 error("Invalid le test mode cmd, terminating");
5140 error("le_test_mode not supported (cmd opcode %u)", cmd->opcode);
5144 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_LE_TEST_MODE,
5148 static void handle_get_connection_state(const void *buf, uint16_t len)
5150 const struct hal_cmd_get_connection_state *cmd = buf;
5151 struct hal_rsp_get_connection_state rsp;
5156 android2bdaddr(cmd->bdaddr, &bdaddr);
5157 ba2str(&bdaddr, address);
5159 dev = find_device_android(cmd->bdaddr);
5160 if (dev && dev->connected)
5161 rsp.connection_state = 1;
5163 rsp.connection_state = 0;
5165 DBG("%s %u", address, rsp.connection_state);
5167 ipc_send_rsp_full(hal_ipc, HAL_SERVICE_ID_BLUETOOTH,
5168 HAL_OP_GET_CONNECTION_STATE, sizeof(rsp), &rsp,
5172 static void handle_read_energy_info(const void *buf, uint16_t len)
5178 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, HAL_OP_READ_ENERGY_INFO,
5179 HAL_STATUS_UNSUPPORTED);
5182 static const struct ipc_handler cmd_handlers[] = {
5184 { handle_enable_cmd, false, 0 },
5185 /* HAL_OP_DISABLE */
5186 { handle_disable_cmd, false, 0 },
5187 /* HAL_OP_GET_ADAPTER_PROPS */
5188 { handle_get_adapter_props_cmd, false, 0 },
5189 /* HAL_OP_GET_ADAPTER_PROP */
5190 { handle_get_adapter_prop_cmd, false,
5191 sizeof(struct hal_cmd_get_adapter_prop) },
5192 /* HAL_OP_SET_ADAPTER_PROP */
5193 { handle_set_adapter_prop_cmd, true,
5194 sizeof(struct hal_cmd_set_adapter_prop) },
5195 /* HAL_OP_GET_REMOTE_DEVICE_PROPS */
5196 { handle_get_remote_device_props_cmd, false,
5197 sizeof(struct hal_cmd_get_remote_device_props) },
5198 /* HAL_OP_GET_REMOTE_DEVICE_PROP */
5199 { handle_get_remote_device_prop_cmd, false,
5200 sizeof(struct hal_cmd_get_remote_device_prop) },
5201 /* HAL_OP_SET_REMOTE_DEVICE_PROP */
5202 { handle_set_remote_device_prop_cmd, true,
5203 sizeof(struct hal_cmd_set_remote_device_prop) },
5204 /* HAL_OP_GET_REMOTE_SERVICE_REC */
5205 { handle_get_remote_service_rec_cmd, false,
5206 sizeof(struct hal_cmd_get_remote_service_rec) },
5207 /* HAL_OP_GET_REMOTE_SERVICES */
5208 { handle_get_remote_services_cmd, false,
5209 sizeof(struct hal_cmd_get_remote_services) },
5210 /* HAL_OP_START_DISCOVERY */
5211 { handle_start_discovery_cmd, false, 0 },
5212 /* HAL_OP_CANCEL_DISCOVERY */
5213 { handle_cancel_discovery_cmd, false, 0 },
5214 /* HAL_OP_CREATE_BOND */
5215 { handle_create_bond_cmd, false, sizeof(struct hal_cmd_create_bond) },
5216 /* HAL_OP_REMOVE_BOND */
5217 { handle_remove_bond_cmd, false, sizeof(struct hal_cmd_remove_bond) },
5218 /* HAL_OP_CANCEL_BOND */
5219 {handle_cancel_bond_cmd, false, sizeof(struct hal_cmd_cancel_bond) },
5220 /* HAL_OP_PIN_REPLY */
5221 { handle_pin_reply_cmd, false, sizeof(struct hal_cmd_pin_reply) },
5222 /* HAL_OP_SSP_REPLY */
5223 { handle_ssp_reply_cmd, false, sizeof(struct hal_cmd_ssp_reply) },
5224 /* HAL_OP_DUT_MODE_CONF */
5225 { handle_dut_mode_conf_cmd, false,
5226 sizeof(struct hal_cmd_dut_mode_conf) },
5227 /* HAL_OP_DUT_MODE_SEND */
5228 { handle_dut_mode_send_cmd, true,
5229 sizeof(struct hal_cmd_dut_mode_send) },
5230 /* HAL_OP_LE_TEST_MODE */
5231 { handle_le_test_mode_cmd, true, sizeof(struct hal_cmd_le_test_mode) },
5232 /* HAL_OP_GET_CONNECTION_STATE */
5233 { handle_get_connection_state, false,
5234 sizeof(struct hal_cmd_get_connection_state) },
5235 /* HAL_OP_READ_ENERGY_INFO */
5236 { handle_read_energy_info, false, 0 },
5239 bool bt_bluetooth_register(struct ipc *ipc, uint8_t mode)
5241 uint32_t missing_settings;
5243 DBG("mode 0x%x", mode);
5245 unpaired_cb_list = queue_new();
5246 paired_cb_list = queue_new();
5248 missing_settings = adapter.current_settings ^
5249 adapter.supported_settings;
5252 case HAL_MODE_DEFAULT:
5253 if (missing_settings & MGMT_SETTING_BREDR)
5254 set_mode(MGMT_OP_SET_BREDR, 0x01);
5256 if (missing_settings & MGMT_SETTING_LE)
5257 set_mode(MGMT_OP_SET_LE, 0x01);
5260 /* Fail if controller does not support LE */
5261 if (!(adapter.supported_settings & MGMT_SETTING_LE)) {
5262 error("LE Mode not supported by controller");
5266 /* If LE it is not yet enabled then enable it */
5267 if (!(adapter.current_settings & MGMT_SETTING_LE))
5268 set_mode(MGMT_OP_SET_LE, 0x01);
5270 /* Disable BR/EDR if it is enabled */
5271 if (adapter.current_settings & MGMT_SETTING_BREDR)
5272 set_mode(MGMT_OP_SET_BREDR, 0x00);
5274 case HAL_MODE_BREDR:
5275 /* Fail if controller does not support BR/EDR */
5276 if (!(adapter.supported_settings & MGMT_SETTING_BREDR)) {
5277 error("BR/EDR Mode not supported");
5281 /* Enable BR/EDR if it is not enabled */
5282 if (missing_settings & MGMT_SETTING_BREDR)
5283 set_mode(MGMT_OP_SET_BREDR, 0x01);
5286 * According to Core Spec 4.0 host should not disable LE in
5287 * controller if it was enabled (Vol 2. Part E. 7.3.79).
5288 * Core Spec 4.1 removed this limitation and chips seem to be
5289 * handling this just fine anyway.
5291 if (adapter.current_settings & MGMT_SETTING_LE)
5292 set_mode(MGMT_OP_SET_LE, 0x00);
5295 error("Unknown mode 0x%x", mode);
5299 /* Requested mode is set now, let's enable secure connection */
5300 if (missing_settings & MGMT_SETTING_SECURE_CONN)
5301 set_mode(MGMT_OP_SET_SECURE_CONN, 0x01);
5303 /* Set initial default name */
5304 if (!adapter.name) {
5305 adapter.name = g_strdup(bt_config_get_model());
5306 set_adapter_name((uint8_t *)adapter.name, strlen(adapter.name));
5311 ipc_register(hal_ipc, HAL_SERVICE_ID_BLUETOOTH, cmd_handlers,
5312 G_N_ELEMENTS(cmd_handlers));
5317 queue_destroy(unpaired_cb_list, NULL);
5318 unpaired_cb_list = NULL;
5319 queue_destroy(paired_cb_list, NULL);
5320 paired_cb_list = NULL;
5325 void bt_bluetooth_unregister(void)
5329 g_slist_free_full(bonded_devices, (GDestroyNotify) free_device);
5330 bonded_devices = NULL;
5332 g_slist_free_full(cached_devices, (GDestroyNotify) free_device);
5333 cached_devices = NULL;
5335 ipc_unregister(hal_ipc, HAL_SERVICE_ID_CORE);
5338 queue_destroy(unpaired_cb_list, NULL);
5339 unpaired_cb_list = NULL;
5341 queue_destroy(paired_cb_list, NULL);
5342 paired_cb_list = NULL;