btif_dm.c revision c7503db23f91676b2df732becb9579d5ccdcc7a7
1/******************************************************************************
2 *
3 *  Copyright (C) 2009-2012 Broadcom Corporation
4 *
5 *  Licensed under the Apache License, Version 2.0 (the "License");
6 *  you may not use this file except in compliance with the License.
7 *  You may obtain a copy of the License at:
8 *
9 *  http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 *
17 ******************************************************************************/
18
19/************************************************************************************
20 *
21 *  Filename:      btif_dm.c
22 *
23 *  Description:   Contains Device Management (DM) related functionality
24 *
25 *
26 ***********************************************************************************/
27#include <signal.h>
28#include <stdio.h>
29#include <stdlib.h>
30#include <string.h>
31#include <unistd.h>
32
33#include <hardware/bluetooth.h>
34
35#include <utils/Log.h>
36#include <cutils/properties.h>
37#include "gki.h"
38#include "btu.h"
39#include "bd.h"
40#include "bta_api.h"
41#include "btif_api.h"
42#include "btif_util.h"
43#include "btif_dm.h"
44#include "btif_storage.h"
45#include "btif_hh.h"
46#include "btif_config.h"
47
48#include "bta_gatt_api.h"
49
50/******************************************************************************
51**  Device specific workarounds
52******************************************************************************/
53
54/**
55 * The devices below have proven problematic during the pairing process, often
56 * requiring multiple retries to complete pairing. To avoid degrading the user
57 * experience for other devices, explicitely blacklist troubled devices here.
58 */
59static const UINT8 blacklist_pairing_retries[][3] = {
60    {0x9C, 0xDF, 0x03} // BMW car kits (Harman/Becker)
61};
62
63BOOLEAN blacklistPairingRetries(BD_ADDR bd_addr)
64{
65    const unsigned blacklist_size = sizeof(blacklist_pairing_retries)
66        / sizeof(blacklist_pairing_retries[0]);
67    for (unsigned i = 0; i != blacklist_size; ++i)
68    {
69        if (blacklist_pairing_retries[i][0] == bd_addr[0] &&
70            blacklist_pairing_retries[i][1] == bd_addr[1] &&
71            blacklist_pairing_retries[i][2] == bd_addr[2])
72            return TRUE;
73    }
74    return FALSE;
75}
76
77/******************************************************************************
78**  Constants & Macros
79******************************************************************************/
80
81#define COD_UNCLASSIFIED ((0x1F) << 8)
82#define COD_HID_KEYBOARD                    0x0540
83#define COD_HID_POINTING                    0x0580
84#define COD_HID_COMBO                       0x05C0
85#define COD_HID_MAJOR                       0x0500
86#define COD_AV_HEADSETS                     0x0404
87#define COD_AV_HANDSFREE                    0x0408
88#define COD_AV_HEADPHONES                   0x0418
89#define COD_AV_PORTABLE_AUDIO               0x041C
90#define COD_AV_HIFI_AUDIO                   0x0428
91
92
93#define BTIF_DM_DEFAULT_INQ_MAX_RESULTS     0
94#define BTIF_DM_DEFAULT_INQ_MAX_DURATION    10
95#define BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING 2
96
97#define NUM_TIMEOUT_RETRIES                 5
98
99#define PROPERTY_PRODUCT_MODEL "ro.product.model"
100#define DEFAULT_LOCAL_NAME_MAX  31
101#if (DEFAULT_LOCAL_NAME_MAX > BTM_MAX_LOC_BD_NAME_LEN)
102    #error "default btif local name size exceeds stack supported length"
103#endif
104
105#if (defined(BTA_HOST_INTERLEAVE_SEARCH) && BTA_HOST_INTERLEAVE_SEARCH == TRUE)
106#define BTIF_DM_INTERLEAVE_DURATION_BR_ONE    2
107#define BTIF_DM_INTERLEAVE_DURATION_LE_ONE    2
108#define BTIF_DM_INTERLEAVE_DURATION_BR_TWO    3
109#define BTIF_DM_INTERLEAVE_DURATION_LE_TWO    4
110#endif
111
112#define MAX_SDP_BL_ENTRIES 3
113
114typedef struct
115{
116    bt_bond_state_t state;
117    BD_ADDR bd_addr;
118    UINT8   is_temp;
119    UINT8   pin_code_len;
120    UINT8   is_ssp;
121    UINT8   auth_req;
122    UINT8   io_cap;
123    UINT8   autopair_attempts;
124    UINT8   timeout_retries;
125    UINT8   is_local_initiated;
126    UINT8   sdp_attempts;
127#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
128    BOOLEAN          is_le_only;
129    btif_dm_ble_cb_t ble;
130#endif
131} btif_dm_pairing_cb_t;
132
133
134typedef struct
135{
136    UINT8       ir[BT_OCTET16_LEN];
137    UINT8       irk[BT_OCTET16_LEN];
138    UINT8       dhk[BT_OCTET16_LEN];
139}btif_dm_local_key_id_t;
140
141typedef struct
142{
143    BOOLEAN                 is_er_rcvd;
144    UINT8                   er[BT_OCTET16_LEN];
145    BOOLEAN                 is_id_keys_rcvd;
146    btif_dm_local_key_id_t  id_keys;  /* ID kyes */
147
148}btif_dm_local_key_cb_t;
149
150typedef struct
151{
152    BD_ADDR bd_addr;
153    BD_NAME bd_name;
154} btif_dm_remote_name_t;
155
156typedef struct
157{
158    BT_OCTET16 sp_c;
159    BT_OCTET16 sp_r;
160    BD_ADDR  oob_bdaddr;  /* peer bdaddr*/
161} btif_dm_oob_cb_t;
162
163typedef struct
164{
165    bt_bdaddr_t  bdaddr;
166    UINT8        transport; /* 0=Unknown, 1=BR/EDR, 2=LE */
167} btif_dm_create_bond_cb_t;
168
169typedef struct
170{
171    uint8_t  status;
172    uint8_t  ctrl_state;
173    uint64_t tx_time;
174    uint64_t rx_time;
175    uint64_t idle_time;
176    uint64_t energy_used;
177} btif_activity_energy_info_cb_t;
178
179typedef struct
180{
181    unsigned int   manufact_id;
182}skip_sdp_entry_t;
183
184#define BTA_SERVICE_ID_TO_SERVICE_MASK(id)       (1 << (id))
185
186#define MAX_SDP_BL_ENTRIES 3
187#define UUID_HUMAN_INTERFACE_DEVICE "00001124-0000-1000-8000-00805f9b34fb"
188
189static skip_sdp_entry_t sdp_blacklist[] = {{76}}; //Apple Mouse and Keyboard
190
191
192/* This flag will be true if HCI_Inquiry is in progress */
193static BOOLEAN btif_dm_inquiry_in_progress = FALSE;
194
195
196
197/************************************************************************************
198**  Static variables
199************************************************************************************/
200static char btif_default_local_name[DEFAULT_LOCAL_NAME_MAX+1] = {'\0'};
201
202/******************************************************************************
203**  Static functions
204******************************************************************************/
205static btif_dm_pairing_cb_t pairing_cb;
206static btif_dm_oob_cb_t     oob_cb;
207static void btif_dm_generic_evt(UINT16 event, char* p_param);
208static void btif_dm_cb_create_bond(bt_bdaddr_t *bd_addr, tBTA_TRANSPORT transport);
209static void btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME *p_remote_name);
210static void btif_update_remote_properties(BD_ADDR bd_addr, BD_NAME bd_name,
211                                          DEV_CLASS dev_class, tBT_DEVICE_TYPE dev_type);
212#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
213static btif_dm_local_key_cb_t ble_local_key_cb;
214static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF *p_ssp_key_notif);
215static void btif_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl);
216static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ *p_pin_req);
217#endif
218
219static void bte_scan_filt_param_cfg_evt(UINT8 action_type,
220                                           tBTA_DM_BLE_PF_AVBL_SPACE avbl_space,
221                                           tBTA_DM_BLE_REF_VALUE ref_value, tBTA_STATUS status);
222
223static char* btif_get_default_local_name();
224/******************************************************************************
225**  Externs
226******************************************************************************/
227extern UINT16 bta_service_id_to_uuid_lkup_tbl [BTA_MAX_SERVICE_ID];
228extern bt_status_t btif_hf_execute_service(BOOLEAN b_enable);
229extern bt_status_t btif_av_execute_service(BOOLEAN b_enable);
230extern bt_status_t btif_hh_execute_service(BOOLEAN b_enable);
231extern bt_status_t btif_hf_client_execute_service(BOOLEAN b_enable);
232extern bt_status_t btif_mce_execute_service(BOOLEAN b_enable);
233extern int btif_hh_connect(bt_bdaddr_t *bd_addr);
234extern void bta_gatt_convert_uuid16_to_uuid128(UINT8 uuid_128[LEN_UUID_128], UINT16 uuid_16);
235
236
237/******************************************************************************
238**  Functions
239******************************************************************************/
240
241bt_status_t btif_in_execute_service_request(tBTA_SERVICE_ID service_id,
242                                                BOOLEAN b_enable)
243{
244    /* Check the service_ID and invoke the profile's BT state changed API */
245    switch (service_id)
246    {
247         case BTA_HFP_SERVICE_ID:
248         case BTA_HSP_SERVICE_ID:
249         {
250              btif_hf_execute_service(b_enable);
251         }break;
252         case BTA_A2DP_SERVICE_ID:
253         {
254              btif_av_execute_service(b_enable);
255         }break;
256         case BTA_HID_SERVICE_ID:
257         {
258              btif_hh_execute_service(b_enable);
259         }break;
260         case BTA_HFP_HS_SERVICE_ID:
261         {
262             btif_hf_client_execute_service(b_enable);
263         }break;
264         case BTA_MAP_SERVICE_ID:
265         {
266             btif_mce_execute_service(b_enable);
267         }break;
268         default:
269              BTIF_TRACE_ERROR("%s: Unknown service being enabled", __FUNCTION__);
270              return BT_STATUS_FAIL;
271    }
272    return BT_STATUS_SUCCESS;
273}
274
275/*******************************************************************************
276**
277** Function         check_eir_remote_name
278**
279** Description      Check if remote name is in the EIR data
280**
281** Returns          TRUE if remote name found
282**                  Populate p_remote_name, if provided and remote name found
283**
284*******************************************************************************/
285static BOOLEAN check_eir_remote_name(tBTA_DM_SEARCH *p_search_data,
286                            UINT8 *p_remote_name, UINT8 *p_remote_name_len)
287{
288    UINT8 *p_eir_remote_name = NULL;
289    UINT8 remote_name_len = 0;
290
291    /* Check EIR for remote name and services */
292    if (p_search_data->inq_res.p_eir)
293    {
294        p_eir_remote_name = BTA_CheckEirData(p_search_data->inq_res.p_eir,
295                BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, &remote_name_len);
296        if (!p_eir_remote_name)
297        {
298            p_eir_remote_name = BTA_CheckEirData(p_search_data->inq_res.p_eir,
299                    BTM_EIR_SHORTENED_LOCAL_NAME_TYPE, &remote_name_len);
300        }
301
302        if (p_eir_remote_name)
303        {
304            if (remote_name_len > BD_NAME_LEN)
305                remote_name_len = BD_NAME_LEN;
306
307            if (p_remote_name && p_remote_name_len)
308            {
309                memcpy(p_remote_name, p_eir_remote_name, remote_name_len);
310                *(p_remote_name + remote_name_len) = 0;
311                *p_remote_name_len = remote_name_len;
312            }
313
314            return TRUE;
315        }
316    }
317
318    return FALSE;
319
320}
321
322/*******************************************************************************
323**
324** Function         check_cached_remote_name
325**
326** Description      Check if remote name is in the NVRAM cache
327**
328** Returns          TRUE if remote name found
329**                  Populate p_remote_name, if provided and remote name found
330**
331*******************************************************************************/
332static BOOLEAN check_cached_remote_name(tBTA_DM_SEARCH *p_search_data,
333                                UINT8 *p_remote_name, UINT8 *p_remote_name_len)
334{
335    bt_bdname_t bdname;
336    bt_bdaddr_t remote_bdaddr;
337    bt_property_t prop_name;
338
339    /* check if we already have it in our btif_storage cache */
340    bdcpy(remote_bdaddr.address, p_search_data->inq_res.bd_addr);
341    BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_BDNAME,
342                               sizeof(bt_bdname_t), &bdname);
343    if (btif_storage_get_remote_device_property(
344        &remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS)
345    {
346        if (p_remote_name && p_remote_name_len)
347        {
348            strcpy((char *)p_remote_name, (char *)bdname.name);
349            *p_remote_name_len = strlen((char *)p_remote_name);
350        }
351        return TRUE;
352    }
353
354    return FALSE;
355}
356
357BOOLEAN check_cod(const bt_bdaddr_t *remote_bdaddr, uint32_t cod)
358{
359    uint32_t    remote_cod;
360    bt_property_t prop_name;
361
362    /* check if we already have it in our btif_storage cache */
363    BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
364                               sizeof(uint32_t), &remote_cod);
365    if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr, &prop_name) == BT_STATUS_SUCCESS)
366    {
367        BTIF_TRACE_ERROR("%s: remote_cod = 0x%06x", __FUNCTION__, remote_cod);
368        if ((remote_cod & 0x7ff) == cod)
369            return TRUE;
370    }
371
372    return FALSE;
373}
374
375BOOLEAN check_cod_hid(const bt_bdaddr_t *remote_bdaddr, uint32_t cod)
376{
377    uint32_t    remote_cod;
378    bt_property_t prop_name;
379
380    /* check if we already have it in our btif_storage cache */
381    BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_CLASS_OF_DEVICE,
382                               sizeof(uint32_t), &remote_cod);
383    if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr,
384                                &prop_name) == BT_STATUS_SUCCESS)
385    {
386        BTIF_TRACE_DEBUG("%s: remote_cod = 0x%06x", __FUNCTION__, remote_cod);
387        if ((remote_cod & 0x700) == cod)
388            return TRUE;
389    }
390    return FALSE;
391}
392
393BOOLEAN check_hid_le(const bt_bdaddr_t *remote_bdaddr)
394{
395    uint32_t    remote_dev_type;
396    bt_property_t prop_name;
397
398    /* check if we already have it in our btif_storage cache */
399    BTIF_STORAGE_FILL_PROPERTY(&prop_name,BT_PROPERTY_TYPE_OF_DEVICE,
400                               sizeof(uint32_t), &remote_dev_type);
401    if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr,
402                                &prop_name) == BT_STATUS_SUCCESS)
403    {
404        if (remote_dev_type == BT_DEVICE_DEVTYPE_BLE)
405        {
406            bdstr_t bdstr;
407            bd2str(remote_bdaddr, &bdstr);
408            if(btif_config_exist("Remote", bdstr, "HidAppId"))
409                return TRUE;
410        }
411    }
412    return FALSE;
413}
414
415/*****************************************************************************
416**
417** Function        check_sdp_bl
418**
419** Description     Checks if a given device is blacklisted to skip sdp
420**
421** Parameters     skip_sdp_entry
422**
423** Returns         TRUE if the device is present in blacklist, else FALSE
424**
425*******************************************************************************/
426BOOLEAN check_sdp_bl(const bt_bdaddr_t *remote_bdaddr)
427{
428    UINT16 manufacturer = 0;
429    UINT8 lmp_ver = 0;
430    UINT16 lmp_subver = 0;
431    tBTM_STATUS btm_status;
432    bt_property_t prop_name;
433    bt_remote_version_t info;
434
435
436    if (remote_bdaddr == NULL)
437        return FALSE;
438
439/* fetch additional info about remote device used in iop query */
440    btm_status = BTM_ReadRemoteVersion(*(BD_ADDR*)remote_bdaddr, &lmp_ver,
441                    &manufacturer, &lmp_subver);
442
443
444
445 /* if not available yet, try fetching from config database */
446    BTIF_STORAGE_FILL_PROPERTY(&prop_name, BT_PROPERTY_REMOTE_VERSION_INFO,
447                            sizeof(bt_remote_version_t), &info);
448
449    if (btif_storage_get_remote_device_property((bt_bdaddr_t *)remote_bdaddr,
450                                              &prop_name) != BT_STATUS_SUCCESS)
451    {
452
453        return FALSE;
454    }
455    manufacturer = info.manufacturer;
456
457    for (int i = 0; i < MAX_SDP_BL_ENTRIES; i++)
458    {
459        if (manufacturer == sdp_blacklist[i].manufact_id)
460            return TRUE;
461    }
462    return FALSE;
463}
464
465
466static void bond_state_changed(bt_status_t status, bt_bdaddr_t *bd_addr, bt_bond_state_t state)
467{
468    /* Send bonding state only once - based on outgoing/incoming we may receive duplicates */
469    if ( (pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING) )
470        return;
471
472    if (pairing_cb.is_temp)
473    {
474       state = BT_BOND_STATE_NONE;
475    }
476    BTIF_TRACE_DEBUG("%s: state=%d prev_state=%d", __FUNCTION__, state, pairing_cb.state);
477
478    HAL_CBACK(bt_hal_cbacks, bond_state_changed_cb, status, bd_addr, state);
479
480    if (state == BT_BOND_STATE_BONDING)
481    {
482        pairing_cb.state = state;
483        bdcpy(pairing_cb.bd_addr, bd_addr->address);
484    }
485    else
486    {
487        memset(&pairing_cb, 0, sizeof(pairing_cb));
488    }
489
490}
491
492/* store remote version in bt config to always have access
493   to it post pairing*/
494static void btif_update_remote_version_property(bt_bdaddr_t *p_bd)
495{
496    bt_property_t property;
497    UINT8 lmp_ver = 0;
498    UINT16 lmp_subver = 0;
499    UINT16 mfct_set = 0;
500    tBTM_STATUS btm_status;
501    bt_remote_version_t info;
502    bt_status_t status;
503    bdstr_t bdstr;
504
505    btm_status = BTM_ReadRemoteVersion(*(BD_ADDR*)p_bd, &lmp_ver,
506                          &mfct_set, &lmp_subver);
507
508    ALOGD("remote version info [%s]: %x, %x, %x", bd2str(p_bd, &bdstr),
509               lmp_ver, mfct_set, lmp_subver);
510
511    if (btm_status == BTM_SUCCESS)
512    {
513        /* always update cache to ensure we have availability whenever BTM API
514           is not populated */
515        info.manufacturer = mfct_set;
516        info.sub_ver = lmp_subver;
517        info.version = lmp_ver;
518        BTIF_STORAGE_FILL_PROPERTY(&property,
519                            BT_PROPERTY_REMOTE_VERSION_INFO, sizeof(bt_remote_version_t),
520                            &info);
521        status = btif_storage_set_remote_device_property(p_bd, &property);
522        ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote version", status);
523    }
524}
525
526
527static void btif_update_remote_properties(BD_ADDR bd_addr, BD_NAME bd_name,
528                                          DEV_CLASS dev_class, tBT_DEVICE_TYPE device_type)
529{
530    int num_properties = 0;
531    bt_property_t properties[3];
532    bt_bdaddr_t bdaddr;
533    bt_status_t status;
534    UINT32 cod;
535    bt_device_type_t dev_type;
536
537    memset(properties, 0, sizeof(properties));
538    bdcpy(bdaddr.address, bd_addr);
539
540    /* remote name */
541    if (strlen((const char *) bd_name))
542    {
543        BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
544                            BT_PROPERTY_BDNAME, strlen((char *)bd_name), bd_name);
545        status = btif_storage_set_remote_device_property(&bdaddr, &properties[num_properties]);
546        ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device name", status);
547        num_properties++;
548    }
549
550    /* class of device */
551    cod = devclass2uint(dev_class);
552    BTIF_TRACE_DEBUG("%s():cod is 0x%06x", __FUNCTION__, cod);
553    if ( cod == 0) {
554       /* Try to retrieve cod from storage */
555        BTIF_TRACE_DEBUG("%s():cod is 0, checking cod from storage", __FUNCTION__);
556        BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
557            BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
558        status = btif_storage_get_remote_device_property(&bdaddr, &properties[num_properties]);
559        BTIF_TRACE_DEBUG("%s():cod retreived from storage is 0x%06x", __FUNCTION__, cod);
560        if ( cod == 0) {
561            BTIF_TRACE_DEBUG("%s():cod is again 0, set as unclassified", __FUNCTION__);
562            cod = COD_UNCLASSIFIED;
563        }
564    }
565
566    BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
567                        BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
568    status = btif_storage_set_remote_device_property(&bdaddr, &properties[num_properties]);
569    ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device class", status);
570    num_properties++;
571
572    /* device type */
573    dev_type = device_type;
574    BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
575                        BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type), &dev_type);
576    status = btif_storage_set_remote_device_property(&bdaddr, &properties[num_properties]);
577    ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device type", status);
578    num_properties++;
579
580    HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
581                     status, &bdaddr, num_properties, properties);
582}
583
584/*******************************************************************************
585**
586** Function         btif_dm_cb_hid_remote_name
587**
588** Description      Remote name callback for HID device. Called in btif context
589**                  Special handling for HID devices
590**
591** Returns          void
592**
593*******************************************************************************/
594static void btif_dm_cb_hid_remote_name(tBTM_REMOTE_DEV_NAME *p_remote_name)
595{
596    BTIF_TRACE_DEBUG("%s: status=%d pairing_cb.state=%d", __FUNCTION__, p_remote_name->status, pairing_cb.state);
597    if (pairing_cb.state == BT_BOND_STATE_BONDING)
598    {
599        bt_bdaddr_t remote_bd;
600
601        bdcpy(remote_bd.address, pairing_cb.bd_addr);
602
603        if (p_remote_name->status == BTM_SUCCESS)
604        {
605            bond_state_changed(BT_STATUS_SUCCESS, &remote_bd, BT_BOND_STATE_BONDED);
606        }
607        else
608            bond_state_changed(BT_STATUS_FAIL, &remote_bd, BT_BOND_STATE_NONE);
609    }
610}
611
612/*******************************************************************************
613**
614** Function         btif_dm_cb_create_bond
615**
616** Description      Create bond initiated from the BTIF thread context
617**                  Special handling for HID devices
618**
619** Returns          void
620**
621*******************************************************************************/
622static void btif_dm_cb_create_bond(bt_bdaddr_t *bd_addr, tBTA_TRANSPORT transport)
623{
624    BOOLEAN is_hid = check_cod(bd_addr, COD_HID_POINTING);
625    bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING);
626
627#if BLE_INCLUDED == TRUE
628    int device_type;
629    int addr_type;
630    bdstr_t bdstr;
631    bd2str(bd_addr, &bdstr);
632    if (transport == BT_TRANSPORT_LE)
633    {
634        if (!btif_config_get_int("Remote", (char const *)&bdstr,"DevType", &device_type))
635        {
636            btif_config_set_int("Remote", bdstr, "DevType", BT_DEVICE_TYPE_BLE);
637        }
638        if (btif_storage_get_remote_addr_type(bd_addr, &addr_type) != BT_STATUS_SUCCESS)
639        {
640            btif_storage_set_remote_addr_type(bd_addr, BLE_ADDR_PUBLIC);
641        }
642    }
643    if((btif_config_get_int("Remote", (char const *)&bdstr,"DevType", &device_type) &&
644       (btif_storage_get_remote_addr_type(bd_addr, &addr_type) == BT_STATUS_SUCCESS) &&
645       (device_type == BT_DEVICE_TYPE_BLE)) || (transport == BT_TRANSPORT_LE))
646    {
647        BTA_DmAddBleDevice(bd_addr->address, addr_type, BT_DEVICE_TYPE_BLE);
648    }
649#endif
650
651#if BLE_INCLUDED == TRUE
652    if(is_hid && device_type != BT_DEVICE_TYPE_BLE)
653#else
654    if(is_hid)
655#endif
656    {
657        int status;
658        status = btif_hh_connect(bd_addr);
659        if(status != BT_STATUS_SUCCESS)
660            bond_state_changed(status, bd_addr, BT_BOND_STATE_NONE);
661    }
662    else
663    {
664        BTA_DmBondByTransport((UINT8 *)bd_addr->address, transport);
665    }
666    /*  Track  originator of bond creation  */
667    pairing_cb.is_local_initiated = TRUE;
668
669}
670
671/*******************************************************************************
672**
673** Function         btif_dm_cb_remove_bond
674**
675** Description      remove bond initiated from the BTIF thread context
676**                  Special handling for HID devices
677**
678** Returns          void
679**
680*******************************************************************************/
681void btif_dm_cb_remove_bond(bt_bdaddr_t *bd_addr)
682{
683     /*special handling for HID devices */
684     /*  VUP needs to be sent if its a HID Device. The HID HOST module will check if there
685     is a valid hid connection with this bd_addr. If yes VUP will be issued.*/
686#if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
687    if (btif_hh_virtual_unplug(bd_addr) != BT_STATUS_SUCCESS)
688#endif
689    {
690         BTA_DmRemoveDevice((UINT8 *)bd_addr->address);
691    }
692}
693
694/*******************************************************************************
695**
696** Function         btif_dm_get_connection_state
697**
698** Description      Returns whether the remote device is currently connected
699**
700** Returns          0 if not connected
701**
702*******************************************************************************/
703uint16_t btif_dm_get_connection_state(const bt_bdaddr_t *bd_addr)
704{
705    return BTA_DmGetConnectionState((UINT8 *)bd_addr->address);
706}
707
708/*******************************************************************************
709**
710** Function         search_devices_copy_cb
711**
712** Description      Deep copy callback for search devices event
713**
714** Returns          void
715**
716*******************************************************************************/
717static void search_devices_copy_cb(UINT16 event, char *p_dest, char *p_src)
718{
719    tBTA_DM_SEARCH *p_dest_data =  (tBTA_DM_SEARCH *) p_dest;
720    tBTA_DM_SEARCH *p_src_data =  (tBTA_DM_SEARCH *) p_src;
721
722    if (!p_src)
723        return;
724
725    BTIF_TRACE_DEBUG("%s: event=%s", __FUNCTION__, dump_dm_search_event(event));
726    memcpy(p_dest_data, p_src_data, sizeof(tBTA_DM_SEARCH));
727    switch (event)
728    {
729        case BTA_DM_INQ_RES_EVT:
730        {
731            if (p_src_data->inq_res.p_eir)
732            {
733                p_dest_data->inq_res.p_eir = (UINT8 *)(p_dest + sizeof(tBTA_DM_SEARCH));
734                memcpy(p_dest_data->inq_res.p_eir, p_src_data->inq_res.p_eir, HCI_EXT_INQ_RESPONSE_LEN);
735            }
736        }
737        break;
738
739        case BTA_DM_DISC_RES_EVT:
740        {
741            if (p_src_data->disc_res.raw_data_size && p_src_data->disc_res.p_raw_data)
742            {
743                p_dest_data->disc_res.p_raw_data = (UINT8 *)(p_dest + sizeof(tBTA_DM_SEARCH));
744                memcpy(p_dest_data->disc_res.p_raw_data,
745                    p_src_data->disc_res.p_raw_data, p_src_data->disc_res.raw_data_size);
746            }
747        }
748        break;
749    }
750}
751
752static void search_services_copy_cb(UINT16 event, char *p_dest, char *p_src)
753{
754    tBTA_DM_SEARCH *p_dest_data =  (tBTA_DM_SEARCH *) p_dest;
755    tBTA_DM_SEARCH *p_src_data =  (tBTA_DM_SEARCH *) p_src;
756
757    if (!p_src)
758        return;
759    memcpy(p_dest_data, p_src_data, sizeof(tBTA_DM_SEARCH));
760    switch (event)
761    {
762         case BTA_DM_DISC_RES_EVT:
763         {
764              if (p_src_data->disc_res.result == BTA_SUCCESS)
765              {
766                  if (p_src_data->disc_res.num_uuids > 0)
767                  {
768                       p_dest_data->disc_res.p_uuid_list =
769                                                        (UINT8*)(p_dest + sizeof(tBTA_DM_SEARCH));
770                       memcpy(p_dest_data->disc_res.p_uuid_list, p_src_data->disc_res.p_uuid_list,
771                              p_src_data->disc_res.num_uuids*MAX_UUID_SIZE);
772                       GKI_freebuf(p_src_data->disc_res.p_uuid_list);
773                  }
774                  if (p_src_data->disc_res.p_raw_data != NULL)
775                  {
776                      GKI_freebuf(p_src_data->disc_res.p_raw_data);
777                  }
778              }
779         } break;
780    }
781}
782/******************************************************************************
783**
784**  BTIF DM callback events
785**
786*****************************************************************************/
787
788/*******************************************************************************
789**
790** Function         btif_dm_pin_req_evt
791**
792** Description      Executes pin request event in btif context
793**
794** Returns          void
795**
796*******************************************************************************/
797static void btif_dm_pin_req_evt(tBTA_DM_PIN_REQ *p_pin_req)
798{
799    bt_bdaddr_t bd_addr;
800    bt_bdname_t bd_name;
801    UINT32 cod;
802    bt_pin_code_t pin_code;
803
804    /* Remote properties update */
805    btif_update_remote_properties(p_pin_req->bd_addr, p_pin_req->bd_name,
806                                  p_pin_req->dev_class, BT_DEVICE_TYPE_BREDR);
807
808    bdcpy(bd_addr.address, p_pin_req->bd_addr);
809    memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
810
811    bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
812
813    cod = devclass2uint(p_pin_req->dev_class);
814
815    if ( cod == 0) {
816        BTIF_TRACE_DEBUG("%s():cod is 0, set as unclassified", __FUNCTION__);
817        cod = COD_UNCLASSIFIED;
818    }
819
820    /* check for auto pair possiblity only if bond was initiated by local device */
821    if (pairing_cb.is_local_initiated)
822    {
823        if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
824            check_cod(&bd_addr, COD_AV_HANDSFREE) ||
825            check_cod(&bd_addr, COD_AV_HEADPHONES) ||
826            check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
827            check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
828            check_cod(&bd_addr, COD_HID_POINTING))
829        {
830            BTIF_TRACE_DEBUG("%s()cod matches for auto pair", __FUNCTION__);
831            /*  Check if this device can be auto paired  */
832            if ((btif_storage_is_device_autopair_blacklisted(&bd_addr) == FALSE) &&
833                (pairing_cb.autopair_attempts == 0))
834            {
835                BTIF_TRACE_DEBUG("%s() Attempting auto pair", __FUNCTION__);
836                pin_code.pin[0] = 0x30;
837                pin_code.pin[1] = 0x30;
838                pin_code.pin[2] = 0x30;
839                pin_code.pin[3] = 0x30;
840
841                pairing_cb.autopair_attempts++;
842                BTA_DmPinReply( (UINT8*)bd_addr.address, TRUE, 4, pin_code.pin);
843                return;
844            }
845        }
846        else if (check_cod(&bd_addr, COD_HID_KEYBOARD) ||
847                 check_cod(&bd_addr, COD_HID_COMBO))
848        {
849            if(( btif_storage_is_fixed_pin_zeros_keyboard (&bd_addr) == TRUE) &&
850               (pairing_cb.autopair_attempts == 0))
851            {
852                BTIF_TRACE_DEBUG("%s() Attempting auto pair", __FUNCTION__);
853                pin_code.pin[0] = 0x30;
854                pin_code.pin[1] = 0x30;
855                pin_code.pin[2] = 0x30;
856                pin_code.pin[3] = 0x30;
857
858                pairing_cb.autopair_attempts++;
859                BTA_DmPinReply( (UINT8*)bd_addr.address, TRUE, 4, pin_code.pin);
860                return;
861            }
862        }
863    }
864    HAL_CBACK(bt_hal_cbacks, pin_request_cb,
865                     &bd_addr, &bd_name, cod);
866}
867
868/*******************************************************************************
869**
870** Function         btif_dm_ssp_cfm_req_evt
871**
872** Description      Executes SSP confirm request event in btif context
873**
874** Returns          void
875**
876*******************************************************************************/
877static void btif_dm_ssp_cfm_req_evt(tBTA_DM_SP_CFM_REQ *p_ssp_cfm_req)
878{
879    bt_bdaddr_t bd_addr;
880    bt_bdname_t bd_name;
881    UINT32 cod;
882    BOOLEAN is_incoming = !(pairing_cb.state == BT_BOND_STATE_BONDING);
883
884    BTIF_TRACE_DEBUG("%s", __FUNCTION__);
885
886    /* Remote properties update */
887    btif_update_remote_properties(p_ssp_cfm_req->bd_addr, p_ssp_cfm_req->bd_name,
888                                  p_ssp_cfm_req->dev_class, BT_DEVICE_TYPE_BREDR);
889
890    bdcpy(bd_addr.address, p_ssp_cfm_req->bd_addr);
891    memcpy(bd_name.name, p_ssp_cfm_req->bd_name, BD_NAME_LEN);
892
893    /* Set the pairing_cb based on the local & remote authentication requirements */
894    bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
895
896    /* if just_works and bonding bit is not set treat this as temporary */
897    if (p_ssp_cfm_req->just_works && !(p_ssp_cfm_req->loc_auth_req & BTM_AUTH_BONDS) &&
898        !(p_ssp_cfm_req->rmt_auth_req & BTM_AUTH_BONDS) &&
899        !(check_cod((bt_bdaddr_t*)&p_ssp_cfm_req->bd_addr, COD_HID_POINTING)))
900        pairing_cb.is_temp = TRUE;
901    else
902        pairing_cb.is_temp = FALSE;
903
904    pairing_cb.is_ssp = TRUE;
905
906    /* If JustWorks auto-accept */
907    if (p_ssp_cfm_req->just_works)
908    {
909        /* Pairing consent for JustWorks needed if:
910         * 1. Incoming pairing is detected AND
911         * 2. local IO capabilities are DisplayYesNo AND
912         * 3. remote IO capabiltiies are DisplayOnly or NoInputNoOutput;
913         */
914        if ((is_incoming) && ((p_ssp_cfm_req->loc_io_caps == 0x01) &&
915                (p_ssp_cfm_req->rmt_io_caps == 0x00 || p_ssp_cfm_req->rmt_io_caps == 0x03)))
916        {
917            BTIF_TRACE_EVENT("%s: User consent needed for incoming pairing request. loc_io_caps: %d, rmt_io_caps: %d",
918                __FUNCTION__, p_ssp_cfm_req->loc_io_caps, p_ssp_cfm_req->rmt_io_caps);
919        }
920        else
921        {
922            BTIF_TRACE_EVENT("%s: Auto-accept JustWorks pairing", __FUNCTION__);
923            btif_dm_ssp_reply(&bd_addr, BT_SSP_VARIANT_CONSENT, TRUE, 0);
924            return;
925        }
926    }
927
928    cod = devclass2uint(p_ssp_cfm_req->dev_class);
929
930    if ( cod == 0) {
931        ALOGD("cod is 0, set as unclassified");
932        cod = COD_UNCLASSIFIED;
933    }
934
935    pairing_cb.sdp_attempts = 0;
936    HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
937                     (p_ssp_cfm_req->just_works ? BT_SSP_VARIANT_CONSENT : BT_SSP_VARIANT_PASSKEY_CONFIRMATION),
938                     p_ssp_cfm_req->num_val);
939}
940
941static void btif_dm_ssp_key_notif_evt(tBTA_DM_SP_KEY_NOTIF *p_ssp_key_notif)
942{
943    bt_bdaddr_t bd_addr;
944    bt_bdname_t bd_name;
945    UINT32 cod;
946
947    BTIF_TRACE_DEBUG("%s", __FUNCTION__);
948
949    /* Remote properties update */
950    btif_update_remote_properties(p_ssp_key_notif->bd_addr, p_ssp_key_notif->bd_name,
951                                  p_ssp_key_notif->dev_class, BT_DEVICE_TYPE_BREDR);
952
953    bdcpy(bd_addr.address, p_ssp_key_notif->bd_addr);
954    memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
955
956    bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
957    pairing_cb.is_ssp = TRUE;
958    cod = devclass2uint(p_ssp_key_notif->dev_class);
959
960    if ( cod == 0) {
961        ALOGD("cod is 0, set as unclassified");
962        cod = COD_UNCLASSIFIED;
963    }
964
965    HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name,
966                     cod, BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
967                     p_ssp_key_notif->passkey);
968}
969/*******************************************************************************
970**
971** Function         btif_dm_auth_cmpl_evt
972**
973** Description      Executes authentication complete event in btif context
974**
975** Returns          void
976**
977*******************************************************************************/
978static void btif_dm_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
979{
980    /* Save link key, if not temporary */
981    bt_bdaddr_t bd_addr;
982    bt_status_t status = BT_STATUS_FAIL;
983    bt_bond_state_t state = BT_BOND_STATE_NONE;
984    BOOLEAN skip_sdp = FALSE;
985
986    bdcpy(bd_addr.address, p_auth_cmpl->bd_addr);
987    if ( (p_auth_cmpl->success == TRUE) && (p_auth_cmpl->key_present) )
988    {
989        if ((p_auth_cmpl->key_type < HCI_LKEY_TYPE_DEBUG_COMB)  || (p_auth_cmpl->key_type == HCI_LKEY_TYPE_AUTH_COMB) ||
990            (p_auth_cmpl->key_type == HCI_LKEY_TYPE_CHANGED_COMB) || (!pairing_cb.is_temp))
991        {
992            bt_status_t ret;
993            BTIF_TRACE_DEBUG("%s: Storing link key. key_type=0x%x, is_temp=%d",
994                __FUNCTION__, p_auth_cmpl->key_type, pairing_cb.is_temp);
995            ret = btif_storage_add_bonded_device(&bd_addr,
996                                p_auth_cmpl->key, p_auth_cmpl->key_type,
997                                pairing_cb.pin_code_len);
998            ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
999        }
1000        else
1001        {
1002            BTIF_TRACE_DEBUG("%s: Temporary key. Not storing. key_type=0x%x, is_temp=%d",
1003                __FUNCTION__, p_auth_cmpl->key_type, pairing_cb.is_temp);
1004            if(pairing_cb.is_temp)
1005            {
1006                BTIF_TRACE_DEBUG("%s: sending BT_BOND_STATE_NONE for Temp pairing",
1007                        __FUNCTION__);
1008                bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_NONE);
1009                return;
1010            }
1011        }
1012    }
1013
1014    // Skip SDP for certain  HID Devices
1015    if (p_auth_cmpl->success)
1016    {
1017        pairing_cb.timeout_retries = 0;
1018        status = BT_STATUS_SUCCESS;
1019        state = BT_BOND_STATE_BONDED;
1020        bdcpy(bd_addr.address, p_auth_cmpl->bd_addr);
1021
1022        if (check_sdp_bl(&bd_addr) && check_cod_hid(&bd_addr, COD_HID_MAJOR))
1023        {
1024            ALOGW("%s:skip SDP",
1025                              __FUNCTION__);
1026            skip_sdp = TRUE;
1027        }
1028        if(!pairing_cb.is_local_initiated && skip_sdp)
1029        {
1030            bond_state_changed(status, &bd_addr, state);
1031
1032            ALOGW("%s: Incoming HID Connection",__FUNCTION__);
1033            bt_property_t prop;
1034            bt_bdaddr_t bd_addr;
1035            bt_uuid_t  uuid;
1036            char uuid_str[128] = UUID_HUMAN_INTERFACE_DEVICE;
1037
1038            string_to_uuid(uuid_str, &uuid);
1039
1040            prop.type = BT_PROPERTY_UUIDS;
1041            prop.val = uuid.uu;
1042            prop.len = MAX_UUID_SIZE;
1043
1044            /* Send the event to the BTIF */
1045            HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1046                             BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1047        }
1048        else
1049        {
1050            /* Trigger SDP on the device */
1051            pairing_cb.sdp_attempts = 1;;
1052
1053            if(btif_dm_inquiry_in_progress)
1054                btif_dm_cancel_discovery();
1055
1056            btif_dm_get_remote_services(&bd_addr);
1057            }
1058            /* Do not call bond_state_changed_cb yet. Wait till fetch remote service is complete */
1059    }
1060    else
1061    {
1062         /*Map the HCI fail reason  to  bt status  */
1063        switch(p_auth_cmpl->fail_reason)
1064        {
1065            case HCI_ERR_PAGE_TIMEOUT:
1066                if (blacklistPairingRetries(bd_addr.address) && pairing_cb.timeout_retries)
1067                {
1068                    BTIF_TRACE_WARNING("%s() - Pairing timeout; retrying (%d) ...", __FUNCTION__, pairing_cb.timeout_retries);
1069                    --pairing_cb.timeout_retries;
1070                    btif_dm_cb_create_bond (&bd_addr, BTA_TRANSPORT_UNKNOWN);
1071                    return;
1072                }
1073                /* Fall-through */
1074            case HCI_ERR_CONNECTION_TOUT:
1075                status =  BT_STATUS_RMT_DEV_DOWN;
1076                break;
1077
1078            case HCI_ERR_PAIRING_NOT_ALLOWED:
1079                status = BT_STATUS_AUTH_REJECTED;
1080                break;
1081
1082            case HCI_ERR_LMP_RESPONSE_TIMEOUT:
1083                status =  BT_STATUS_AUTH_FAILURE;
1084                break;
1085
1086            /* map the auth failure codes, so we can retry pairing if necessary */
1087            case HCI_ERR_AUTH_FAILURE:
1088            case HCI_ERR_KEY_MISSING:
1089                btif_storage_remove_bonded_device(&bd_addr);
1090            case HCI_ERR_HOST_REJECT_SECURITY:
1091            case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
1092            case HCI_ERR_UNIT_KEY_USED:
1093            case HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED:
1094            case HCI_ERR_INSUFFCIENT_SECURITY:
1095            case HCI_ERR_PEER_USER:
1096            case HCI_ERR_UNSPECIFIED:
1097                BTIF_TRACE_DEBUG(" %s() Authentication fail reason %d",
1098                    __FUNCTION__, p_auth_cmpl->fail_reason);
1099                if (pairing_cb.autopair_attempts  == 1)
1100                {
1101                    BTIF_TRACE_DEBUG("%s(): Adding device to blacklist ", __FUNCTION__);
1102
1103                    /* Add the device to dynamic black list only if this device belongs to Audio/pointing dev class  */
1104                    if (check_cod(&bd_addr, COD_AV_HEADSETS) ||
1105                        check_cod(&bd_addr, COD_AV_HANDSFREE) ||
1106                        check_cod(&bd_addr, COD_AV_HEADPHONES) ||
1107                        check_cod(&bd_addr, COD_AV_PORTABLE_AUDIO) ||
1108                        check_cod(&bd_addr, COD_AV_HIFI_AUDIO) ||
1109                        check_cod(&bd_addr, COD_HID_POINTING))
1110                    {
1111                        btif_storage_add_device_to_autopair_blacklist (&bd_addr);
1112                    }
1113                    pairing_cb.autopair_attempts++;
1114
1115                    /* Create the Bond once again */
1116                    BTIF_TRACE_DEBUG("%s() auto pair failed. Reinitiate Bond", __FUNCTION__);
1117                    btif_dm_cb_create_bond (&bd_addr, BTA_TRANSPORT_UNKNOWN);
1118                    return;
1119                }
1120                else
1121                {
1122                    /* if autopair attempts are more than 1, or not attempted */
1123                    status =  BT_STATUS_AUTH_FAILURE;
1124                }
1125                break;
1126
1127            default:
1128                status =  BT_STATUS_FAIL;
1129        }
1130        /* Special Handling for HID Devices */
1131        if (check_cod(&bd_addr, COD_HID_POINTING)) {
1132            /* Remove Device as bonded in nvram as authentication failed */
1133            BTIF_TRACE_DEBUG("%s(): removing hid pointing device from nvram", __FUNCTION__);
1134            btif_storage_remove_bonded_device(&bd_addr);
1135        }
1136        bond_state_changed(status, &bd_addr, state);
1137    }
1138}
1139
1140/******************************************************************************
1141**
1142** Function         btif_dm_search_devices_evt
1143**
1144** Description      Executes search devices callback events in btif context
1145**
1146** Returns          void
1147**
1148******************************************************************************/
1149static void btif_dm_search_devices_evt (UINT16 event, char *p_param)
1150{
1151    tBTA_DM_SEARCH *p_search_data;
1152    BTIF_TRACE_EVENT("%s event=%s", __FUNCTION__, dump_dm_search_event(event));
1153
1154    switch (event)
1155    {
1156        case BTA_DM_DISC_RES_EVT:
1157        {
1158            p_search_data = (tBTA_DM_SEARCH *)p_param;
1159            /* Remote name update */
1160            if (strlen((const char *) p_search_data->disc_res.bd_name))
1161            {
1162                bt_property_t properties[1];
1163                bt_bdaddr_t bdaddr;
1164                bt_status_t status;
1165
1166                properties[0].type = BT_PROPERTY_BDNAME;
1167                properties[0].val = p_search_data->disc_res.bd_name;
1168                properties[0].len = strlen((char *)p_search_data->disc_res.bd_name);
1169                bdcpy(bdaddr.address, p_search_data->disc_res.bd_addr);
1170
1171                status = btif_storage_set_remote_device_property(&bdaddr, &properties[0]);
1172                ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device property", status);
1173                HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1174                                 status, &bdaddr, 1, properties);
1175            }
1176            /* TODO: Services? */
1177        }
1178        break;
1179
1180        case BTA_DM_INQ_RES_EVT:
1181        {
1182            /* inquiry result */
1183            UINT32 cod;
1184            bt_bdname_t bdname;
1185            bt_bdaddr_t bdaddr;
1186            UINT8 remote_name_len;
1187            tBTA_SERVICE_MASK services = 0;
1188            bdstr_t bdstr;
1189
1190            p_search_data = (tBTA_DM_SEARCH *)p_param;
1191            bdcpy(bdaddr.address, p_search_data->inq_res.bd_addr);
1192
1193            BTIF_TRACE_DEBUG("%s() %s device_type = 0x%x\n", __FUNCTION__, bd2str(&bdaddr, &bdstr),
1194#if (BLE_INCLUDED == TRUE)
1195                    p_search_data->inq_res.device_type);
1196#else
1197                    BT_DEVICE_TYPE_BREDR);
1198#endif
1199            bdname.name[0] = 0;
1200
1201            cod = devclass2uint (p_search_data->inq_res.dev_class);
1202
1203            if ( cod == 0) {
1204                ALOGD("cod is 0, set as unclassified");
1205                cod = COD_UNCLASSIFIED;
1206            }
1207
1208            if (!check_eir_remote_name(p_search_data, bdname.name, &remote_name_len))
1209                check_cached_remote_name(p_search_data, bdname.name, &remote_name_len);
1210
1211            /* Check EIR for remote name and services */
1212            if (p_search_data->inq_res.p_eir)
1213            {
1214                BTA_GetEirService(p_search_data->inq_res.p_eir, &services);
1215                BTIF_TRACE_DEBUG("%s()EIR BTA services = %08X", __FUNCTION__, (UINT32)services);
1216                /* TODO:  Get the service list and check to see which uuids we got and send it back to the client. */
1217            }
1218
1219
1220            {
1221                bt_property_t properties[5];
1222                bt_device_type_t dev_type;
1223                UINT8 addr_type;
1224                uint32_t num_properties = 0;
1225                bt_status_t status;
1226
1227                memset(properties, 0, sizeof(properties));
1228                /* BD_ADDR */
1229                BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1230                                    BT_PROPERTY_BDADDR, sizeof(bdaddr), &bdaddr);
1231                num_properties++;
1232                /* BD_NAME */
1233                /* Don't send BDNAME if it is empty */
1234                if (bdname.name[0])
1235                {
1236                    BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1237                                               BT_PROPERTY_BDNAME,
1238                                               strlen((char *)bdname.name), &bdname);
1239                    num_properties++;
1240                }
1241
1242                /* DEV_CLASS */
1243                BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1244                                    BT_PROPERTY_CLASS_OF_DEVICE, sizeof(cod), &cod);
1245                num_properties++;
1246                /* DEV_TYPE */
1247#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1248                /* FixMe: Assumption is that bluetooth.h and BTE enums match */
1249                dev_type = p_search_data->inq_res.device_type;
1250                addr_type = p_search_data->inq_res.ble_addr_type;
1251#else
1252                dev_type = BT_DEVICE_TYPE_BREDR;
1253#endif
1254                BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1255                                    BT_PROPERTY_TYPE_OF_DEVICE, sizeof(dev_type), &dev_type);
1256                num_properties++;
1257                /* RSSI */
1258                BTIF_STORAGE_FILL_PROPERTY(&properties[num_properties],
1259                                    BT_PROPERTY_REMOTE_RSSI, sizeof(int8_t),
1260                                    &(p_search_data->inq_res.rssi));
1261                num_properties++;
1262
1263                status = btif_storage_add_remote_device(&bdaddr, num_properties, properties);
1264                ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote device (inquiry)", status);
1265#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1266                status = btif_storage_set_remote_addr_type(&bdaddr, addr_type);
1267                if (( dev_type == BT_DEVICE_TYPE_DUMO)&&
1268                   (p_search_data->inq_res.flag & BTA_BLE_DMT_CONTROLLER_SPT) &&
1269                   (p_search_data->inq_res.flag & BTA_BLE_DMT_HOST_SPT))
1270                 {
1271                    btif_storage_set_dmt_support_type (&bdaddr, TRUE);
1272                 }
1273                ASSERTC(status == BT_STATUS_SUCCESS, "failed to save remote addr type (inquiry)", status);
1274#endif
1275                /* Callback to notify upper layer of device */
1276                HAL_CBACK(bt_hal_cbacks, device_found_cb,
1277                                 num_properties, properties);
1278            }
1279        }
1280        break;
1281
1282        case BTA_DM_INQ_CMPL_EVT:
1283        {
1284#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1285            tBTA_DM_BLE_PF_FILT_PARAMS adv_filt_param;
1286            memset(&adv_filt_param, 0, sizeof(tBTA_DM_BLE_PF_FILT_PARAMS));
1287            BTA_DmBleScanFilterSetup(BTA_DM_BLE_SCAN_COND_DELETE, 0, &adv_filt_param, NULL,
1288                                     bte_scan_filt_param_cfg_evt, 0);
1289#endif
1290        }
1291        break;
1292        case BTA_DM_DISC_CMPL_EVT:
1293        {
1294            HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb, BT_DISCOVERY_STOPPED);
1295        }
1296        break;
1297        case BTA_DM_SEARCH_CANCEL_CMPL_EVT:
1298        {
1299           /* if inquiry is not in progress and we get a cancel event, then
1300            * it means we are done with inquiry, but remote_name fetches are in
1301            * progress
1302            *
1303            * if inquiry  is in progress, then we don't want to act on this cancel_cmpl_evt
1304            * but instead wait for the cancel_cmpl_evt via the Busy Level
1305            *
1306            */
1307           if (btif_dm_inquiry_in_progress == FALSE)
1308           {
1309               HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb, BT_DISCOVERY_STOPPED);
1310           }
1311        }
1312        break;
1313    }
1314}
1315
1316/*******************************************************************************
1317**
1318** Function         btif_dm_search_services_evt
1319**
1320** Description      Executes search services event in btif context
1321**
1322** Returns          void
1323**
1324*******************************************************************************/
1325static void btif_dm_search_services_evt(UINT16 event, char *p_param)
1326{
1327    tBTA_DM_SEARCH *p_data = (tBTA_DM_SEARCH*)p_param;
1328
1329    BTIF_TRACE_EVENT("%s:  event = %d", __FUNCTION__, event);
1330    switch (event)
1331    {
1332        case BTA_DM_DISC_RES_EVT:
1333        {
1334            bt_property_t prop;
1335            uint32_t i = 0;
1336            bt_bdaddr_t bd_addr;
1337            bt_status_t ret;
1338
1339            bdcpy(bd_addr.address, p_data->disc_res.bd_addr);
1340
1341            BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __FUNCTION__,
1342                    p_data->disc_res.result, p_data->disc_res.services);
1343            if  ((p_data->disc_res.result != BTA_SUCCESS) &&
1344                 (pairing_cb.state == BT_BOND_STATE_BONDING ) &&
1345                 (pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING))
1346            {
1347                BTIF_TRACE_WARNING("%s:SDP failed after bonding re-attempting", __FUNCTION__);
1348                pairing_cb.sdp_attempts++;
1349                btif_dm_get_remote_services(&bd_addr);
1350                return;
1351            }
1352            prop.type = BT_PROPERTY_UUIDS;
1353            prop.len = 0;
1354            if ((p_data->disc_res.result == BTA_SUCCESS) && (p_data->disc_res.num_uuids > 0))
1355            {
1356                 prop.val = p_data->disc_res.p_uuid_list;
1357                 prop.len = p_data->disc_res.num_uuids * MAX_UUID_SIZE;
1358                 for (i=0; i < p_data->disc_res.num_uuids; i++)
1359                 {
1360                      char temp[256];
1361                      uuid_to_string((bt_uuid_t*)(p_data->disc_res.p_uuid_list + (i*MAX_UUID_SIZE)), temp);
1362                      BTIF_TRACE_ERROR("Index: %d uuid:%s", i, temp);
1363                 }
1364            }
1365
1366            /* onUuidChanged requires getBondedDevices to be populated.
1367            ** bond_state_changed needs to be sent prior to remote_device_property
1368            */
1369            if ((pairing_cb.state == BT_BOND_STATE_BONDING) &&
1370                (bdcmp(p_data->disc_res.bd_addr, pairing_cb.bd_addr) == 0)&&
1371                pairing_cb.sdp_attempts > 0)
1372            {
1373                 BTIF_TRACE_DEBUG("%s Remote Service SDP done. Call bond_state_changed_cb BONDED",
1374                                   __FUNCTION__);
1375                 pairing_cb.sdp_attempts  = 0;
1376                 bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDED);
1377            }
1378
1379            if(p_data->disc_res.num_uuids != 0)
1380            {
1381                /* Also write this to the NVRAM */
1382                ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1383                ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1384                /* Send the event to the BTIF */
1385                HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1386                                 BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1387            }
1388        }
1389        break;
1390
1391        case BTA_DM_DISC_CMPL_EVT:
1392            /* fixme */
1393        break;
1394
1395#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1396        case BTA_DM_DISC_BLE_RES_EVT:
1397             BTIF_TRACE_DEBUG("%s:, services 0x%x)", __FUNCTION__,
1398                                p_data->disc_ble_res.service.uu.uuid16);
1399             bt_uuid_t  uuid;
1400             int i = 0;
1401             int j = 15;
1402             if (p_data->disc_ble_res.service.uu.uuid16 == UUID_SERVCLASS_LE_HID)
1403             {
1404                BTIF_TRACE_DEBUG("%s: Found HOGP UUID",__FUNCTION__);
1405                bt_property_t prop;
1406                bt_bdaddr_t bd_addr;
1407                char temp[256];
1408                bt_status_t ret;
1409
1410                bta_gatt_convert_uuid16_to_uuid128(uuid.uu,p_data->disc_ble_res.service.uu.uuid16);
1411
1412                while(i < j )
1413                {
1414                    unsigned char c = uuid.uu[j];
1415                    uuid.uu[j] = uuid.uu[i];
1416                    uuid.uu[i] = c;
1417                    i++;
1418                    j--;
1419                }
1420
1421                uuid_to_string(&uuid, temp);
1422                BTIF_TRACE_ERROR(" uuid:%s", temp);
1423
1424                bdcpy(bd_addr.address, p_data->disc_ble_res.bd_addr);
1425                prop.type = BT_PROPERTY_UUIDS;
1426                prop.val = uuid.uu;
1427                prop.len = MAX_UUID_SIZE;
1428
1429                /* Also write this to the NVRAM */
1430                ret = btif_storage_set_remote_device_property(&bd_addr, &prop);
1431                ASSERTC(ret == BT_STATUS_SUCCESS, "storing remote services failed", ret);
1432
1433                /* Send the event to the BTIF */
1434                HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1435                                 BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1436
1437            }
1438        break;
1439#endif /* BLE_INCLUDED */
1440
1441        default:
1442        {
1443            ASSERTC(0, "unhandled search services event", event);
1444        }
1445        break;
1446    }
1447}
1448
1449/*******************************************************************************
1450**
1451** Function         btif_dm_remote_service_record_evt
1452**
1453** Description      Executes search service record event in btif context
1454**
1455** Returns          void
1456**
1457*******************************************************************************/
1458static void btif_dm_remote_service_record_evt(UINT16 event, char *p_param)
1459{
1460    tBTA_DM_SEARCH *p_data = (tBTA_DM_SEARCH*)p_param;
1461
1462    BTIF_TRACE_EVENT("%s:  event = %d", __FUNCTION__, event);
1463    switch (event)
1464    {
1465        case BTA_DM_DISC_RES_EVT:
1466        {
1467            bt_service_record_t rec;
1468            bt_property_t prop;
1469            bt_bdaddr_t bd_addr;
1470
1471            memset(&rec, 0, sizeof(bt_service_record_t));
1472            bdcpy(bd_addr.address, p_data->disc_res.bd_addr);
1473
1474            BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __FUNCTION__,
1475                    p_data->disc_res.result, p_data->disc_res.services);
1476            prop.type = BT_PROPERTY_SERVICE_RECORD;
1477            prop.val = (void*)&rec;
1478            prop.len = sizeof(rec);
1479
1480            /* disc_res.result is overloaded with SCN. Cannot check result */
1481            p_data->disc_res.services &= ~BTA_USER_SERVICE_MASK;
1482            /* TODO: Get the UUID as well */
1483            rec.channel = p_data->disc_res.result - 3;
1484            /* TODO: Need to get the service name using p_raw_data */
1485            rec.name[0] = 0;
1486
1487            HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb,
1488                             BT_STATUS_SUCCESS, &bd_addr, 1, &prop);
1489        }
1490        break;
1491
1492        default:
1493        {
1494           ASSERTC(0, "unhandled remote service record event", event);
1495        }
1496        break;
1497    }
1498}
1499
1500/*******************************************************************************
1501**
1502** Function         btif_dm_upstreams_cback
1503**
1504** Description      Executes UPSTREAMS events in btif context
1505**
1506** Returns          void
1507**
1508*******************************************************************************/
1509static void btif_dm_upstreams_evt(UINT16 event, char* p_param)
1510{
1511    tBTA_DM_SEC *p_data = (tBTA_DM_SEC*)p_param;
1512    tBTA_SERVICE_MASK service_mask;
1513    uint32_t i;
1514    bt_bdaddr_t bd_addr;
1515
1516    BTIF_TRACE_EVENT("btif_dm_upstreams_cback  ev: %s", dump_dm_event(event));
1517
1518    switch (event)
1519    {
1520        case BTA_DM_ENABLE_EVT:
1521        {
1522             BD_NAME bdname;
1523             bt_status_t status;
1524             bt_property_t prop;
1525             prop.type = BT_PROPERTY_BDNAME;
1526             prop.len = BD_NAME_LEN;
1527             prop.val = (void*)bdname;
1528
1529             status = btif_storage_get_adapter_property(&prop);
1530             if (status == BT_STATUS_SUCCESS)
1531             {
1532                 /* A name exists in the storage. Make this the device name */
1533                 BTA_DmSetDeviceName((char*)prop.val);
1534             }
1535             else
1536             {
1537                 /* Storage does not have a name yet.
1538                  * Use the default name and write it to the chip
1539                  */
1540                 BTA_DmSetDeviceName(btif_get_default_local_name());
1541             }
1542
1543#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1544             /* Enable local privacy */
1545             BTA_DmBleConfigLocalPrivacy(TRUE);
1546#endif
1547
1548             /* for each of the enabled services in the mask, trigger the profile
1549              * enable */
1550             service_mask = btif_get_enabled_services_mask();
1551             for (i=0; i <= BTA_MAX_SERVICE_ID; i++)
1552             {
1553                 if (service_mask &
1554                     (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i)))
1555                 {
1556                     btif_in_execute_service_request(i, TRUE);
1557                 }
1558             }
1559             /* clear control blocks */
1560             memset(&pairing_cb, 0, sizeof(btif_dm_pairing_cb_t));
1561
1562             /* This function will also trigger the adapter_properties_cb
1563             ** and bonded_devices_info_cb
1564             */
1565             btif_storage_load_bonded_devices();
1566
1567             btif_storage_load_autopair_device_list();
1568
1569             btif_enable_bluetooth_evt(p_data->enable.status, p_data->enable.bd_addr);
1570        }
1571        break;
1572
1573        case BTA_DM_DISABLE_EVT:
1574            /* for each of the enabled services in the mask, trigger the profile
1575             * disable */
1576            service_mask = btif_get_enabled_services_mask();
1577            for (i=0; i <= BTA_MAX_SERVICE_ID; i++)
1578            {
1579                if (service_mask &
1580                    (tBTA_SERVICE_MASK)(BTA_SERVICE_ID_TO_SERVICE_MASK(i)))
1581                {
1582                    btif_in_execute_service_request(i, FALSE);
1583                }
1584            }
1585            btif_disable_bluetooth_evt();
1586            break;
1587
1588        case BTA_DM_PIN_REQ_EVT:
1589            btif_dm_pin_req_evt(&p_data->pin_req);
1590            break;
1591
1592        case BTA_DM_AUTH_CMPL_EVT:
1593            btif_dm_auth_cmpl_evt(&p_data->auth_cmpl);
1594            break;
1595
1596        case BTA_DM_BOND_CANCEL_CMPL_EVT:
1597            if (pairing_cb.state == BT_BOND_STATE_BONDING)
1598            {
1599                bdcpy(bd_addr.address, pairing_cb.bd_addr);
1600                bond_state_changed(p_data->bond_cancel_cmpl.result, &bd_addr, BT_BOND_STATE_NONE);
1601            }
1602            break;
1603
1604        case BTA_DM_SP_CFM_REQ_EVT:
1605            btif_dm_ssp_cfm_req_evt(&p_data->cfm_req);
1606            break;
1607        case BTA_DM_SP_KEY_NOTIF_EVT:
1608            btif_dm_ssp_key_notif_evt(&p_data->key_notif);
1609            break;
1610
1611        case BTA_DM_DEV_UNPAIRED_EVT:
1612            bdcpy(bd_addr.address, p_data->link_down.bd_addr);
1613
1614            /*special handling for HID devices */
1615            #if (defined(BTA_HH_INCLUDED) && (BTA_HH_INCLUDED == TRUE))
1616            btif_hh_remove_device(bd_addr);
1617            #endif
1618            #if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1619            btif_storage_remove_ble_bonding_keys(&bd_addr);
1620            #endif
1621            btif_storage_remove_bonded_device(&bd_addr);
1622            bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_NONE);
1623            break;
1624
1625        case BTA_DM_BUSY_LEVEL_EVT:
1626        {
1627
1628            if (p_data->busy_level.level_flags & BTM_BL_INQUIRY_PAGING_MASK)
1629            {
1630                if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_STARTED)
1631                {
1632                       HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1633                                                BT_DISCOVERY_STARTED);
1634                       btif_dm_inquiry_in_progress = TRUE;
1635                }
1636                else if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_CANCELLED)
1637                {
1638                       HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb,
1639                                                BT_DISCOVERY_STOPPED);
1640                       btif_dm_inquiry_in_progress = FALSE;
1641                }
1642                else if (p_data->busy_level.level_flags == BTM_BL_INQUIRY_COMPLETE)
1643                {
1644                       btif_dm_inquiry_in_progress = FALSE;
1645                }
1646            }
1647        }break;
1648
1649        case BTA_DM_LINK_UP_EVT:
1650            bdcpy(bd_addr.address, p_data->link_up.bd_addr);
1651            BTIF_TRACE_DEBUG("BTA_DM_LINK_UP_EVT. Sending BT_ACL_STATE_CONNECTED");
1652
1653            btif_update_remote_version_property(&bd_addr);
1654
1655            HAL_CBACK(bt_hal_cbacks, acl_state_changed_cb, BT_STATUS_SUCCESS,
1656                      &bd_addr, BT_ACL_STATE_CONNECTED);
1657            break;
1658
1659        case BTA_DM_LINK_DOWN_EVT:
1660            bdcpy(bd_addr.address, p_data->link_down.bd_addr);
1661            BTIF_TRACE_DEBUG("BTA_DM_LINK_DOWN_EVT. Sending BT_ACL_STATE_DISCONNECTED");
1662            HAL_CBACK(bt_hal_cbacks, acl_state_changed_cb, BT_STATUS_SUCCESS,
1663                      &bd_addr, BT_ACL_STATE_DISCONNECTED);
1664            break;
1665
1666        case BTA_DM_HW_ERROR_EVT:
1667            BTIF_TRACE_ERROR("Received H/W Error. ");
1668            /* Flush storage data */
1669            btif_config_flush();
1670            usleep(100000); /* 100milliseconds */
1671            /* Killing the process to force a restart as part of fault tolerance */
1672            kill(getpid(), SIGKILL);
1673            break;
1674
1675#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
1676        case BTA_DM_BLE_KEY_EVT:
1677            BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT key_type=0x%02x ", p_data->ble_key.key_type);
1678
1679            /* If this pairing is by-product of local initiated GATT client Read or Write,
1680            BTA would not have sent BTA_DM_BLE_SEC_REQ_EVT event and Bond state would not
1681            have setup properly. Setup pairing_cb and notify App about Bonding state now*/
1682            if (pairing_cb.state != BT_BOND_STATE_BONDING)
1683            {
1684                BTIF_TRACE_DEBUG("Bond state not sent to App so far.Notify the app now");
1685                bond_state_changed(BT_STATUS_SUCCESS, (bt_bdaddr_t*)p_data->ble_key.bd_addr,
1686                                   BT_BOND_STATE_BONDING);
1687            }
1688            else if (memcmp (pairing_cb.bd_addr, p_data->ble_key.bd_addr, BD_ADDR_LEN)!=0)
1689            {
1690                BTIF_TRACE_ERROR("BD mismatch discard BLE key_type=%d ",p_data->ble_key.key_type);
1691                break;
1692            }
1693
1694            switch (p_data->ble_key.key_type)
1695            {
1696                case BTA_LE_KEY_PENC:
1697                    BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PENC");
1698                    pairing_cb.ble.is_penc_key_rcvd = TRUE;
1699                    memcpy(pairing_cb.ble.penc_key.ltk,p_data->ble_key.key_value.penc_key.ltk, 16);
1700                    memcpy(pairing_cb.ble.penc_key.rand, p_data->ble_key.key_value.penc_key.rand,8);
1701                    pairing_cb.ble.penc_key.ediv = p_data->ble_key.key_value.penc_key.ediv;
1702                    pairing_cb.ble.penc_key.sec_level = p_data->ble_key.key_value.penc_key.sec_level;
1703
1704                    for (i=0; i<16; i++)
1705                    {
1706                        BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.ltk[%d]=0x%02x",i,pairing_cb.ble.penc_key.ltk[i]);
1707                    }
1708                    for (i=0; i<8; i++)
1709                    {
1710                        BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.rand[%d]=0x%02x",i,pairing_cb.ble.penc_key.rand[i]);
1711                    }
1712                    BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.ediv=0x%04x",pairing_cb.ble.penc_key.ediv);
1713                    BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.sec_level=0x%02x",pairing_cb.ble.penc_key.sec_level);
1714                    BTIF_TRACE_DEBUG("pairing_cb.ble.penc_key.key_size=0x%02x",pairing_cb.ble.penc_key.key_size);
1715                    break;
1716
1717                case BTA_LE_KEY_PID:
1718                    BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PID");
1719                    pairing_cb.ble.is_pid_key_rcvd = TRUE;
1720                    memcpy(pairing_cb.ble.pid_key, p_data->ble_key.key_value.pid_key.irk, 16);
1721                    for (i=0; i<16; i++)
1722                    {
1723                        BTIF_TRACE_DEBUG("pairing_cb.ble.pid_key[%d]=0x%02x",i,pairing_cb.ble.pid_key[i]);
1724                    }
1725                    break;
1726
1727                case BTA_LE_KEY_PCSRK:
1728                    BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_PCSRK");
1729                    pairing_cb.ble.is_pcsrk_key_rcvd = TRUE;
1730                    pairing_cb.ble.pcsrk_key.counter = p_data->ble_key.key_value.pcsrk_key.counter;
1731                    pairing_cb.ble.pcsrk_key.sec_level = p_data->ble_key.key_value.pcsrk_key.sec_level;
1732                    memcpy(pairing_cb.ble.pcsrk_key.csrk,p_data->ble_key.key_value.pcsrk_key.csrk,16);
1733
1734                    for (i=0; i<16; i++)
1735                    {
1736                        BTIF_TRACE_DEBUG("pairing_cb.ble.pcsrk_key.csrk[%d]=0x%02x",i,pairing_cb.ble.pcsrk_key.csrk[i]);
1737                    }
1738                    BTIF_TRACE_DEBUG("pairing_cb.ble.pcsrk_key.counter=0x%08x",pairing_cb.ble.pcsrk_key.counter);
1739                    BTIF_TRACE_DEBUG("pairing_cb.ble.pcsrk_key.sec_level=0x%02x",pairing_cb.ble.pcsrk_key.sec_level);
1740                    break;
1741
1742                case BTA_LE_KEY_LENC:
1743                    BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LENC");
1744                    pairing_cb.ble.is_lenc_key_rcvd = TRUE;
1745                    pairing_cb.ble.lenc_key.div = p_data->ble_key.key_value.lenc_key.div;
1746                    pairing_cb.ble.lenc_key.key_size = p_data->ble_key.key_value.lenc_key.key_size;
1747                    pairing_cb.ble.lenc_key.sec_level = p_data->ble_key.key_value.lenc_key.sec_level;
1748
1749                    BTIF_TRACE_DEBUG("pairing_cb.ble.lenc_key.div=0x%04x",pairing_cb.ble.lenc_key.div);
1750                    BTIF_TRACE_DEBUG("pairing_cb.ble.lenc_key.key_size=0x%02x",pairing_cb.ble.lenc_key.key_size);
1751                    BTIF_TRACE_DEBUG("pairing_cb.ble.lenc_key.sec_level=0x%02x",pairing_cb.ble.lenc_key.sec_level);
1752                    break;
1753
1754
1755
1756                case BTA_LE_KEY_LCSRK:
1757                    BTIF_TRACE_DEBUG("Rcv BTA_LE_KEY_LCSRK");
1758                    pairing_cb.ble.is_lcsrk_key_rcvd = TRUE;
1759                    pairing_cb.ble.lcsrk_key.counter = p_data->ble_key.key_value.lcsrk_key.counter;
1760                    pairing_cb.ble.lcsrk_key.div = p_data->ble_key.key_value.lcsrk_key.div;
1761                    pairing_cb.ble.lcsrk_key.sec_level = p_data->ble_key.key_value.lcsrk_key.sec_level;
1762
1763                    BTIF_TRACE_DEBUG("pairing_cb.ble.lcsrk_key.div=0x%04x",pairing_cb.ble.lcsrk_key.div);
1764                    BTIF_TRACE_DEBUG("pairing_cb.ble.lcsrk_key.counter=0x%08x",pairing_cb.ble.lcsrk_key.counter);
1765                    BTIF_TRACE_DEBUG("pairing_cb.ble.lcsrk_key.sec_level=0x%02x",pairing_cb.ble.lcsrk_key.sec_level);
1766
1767                    break;
1768
1769                default:
1770                    BTIF_TRACE_ERROR("unknown BLE key type (0x%02x)", p_data->ble_key.key_type);
1771                    break;
1772            }
1773
1774            break;
1775        case BTA_DM_BLE_SEC_REQ_EVT:
1776            BTIF_TRACE_DEBUG("BTA_DM_BLE_SEC_REQ_EVT. ");
1777            btif_dm_ble_sec_req_evt(&p_data->ble_req);
1778            break;
1779        case BTA_DM_BLE_PASSKEY_NOTIF_EVT:
1780            BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_NOTIF_EVT. ");
1781            btif_dm_ble_key_notif_evt(&p_data->key_notif);
1782            break;
1783        case BTA_DM_BLE_PASSKEY_REQ_EVT:
1784            BTIF_TRACE_DEBUG("BTA_DM_BLE_PASSKEY_REQ_EVT. ");
1785            btif_dm_ble_passkey_req_evt(&p_data->pin_req);
1786            break;
1787        case BTA_DM_BLE_OOB_REQ_EVT:
1788            BTIF_TRACE_DEBUG("BTA_DM_BLE_OOB_REQ_EVT. ");
1789            break;
1790        case BTA_DM_BLE_LOCAL_IR_EVT:
1791            BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_IR_EVT. ");
1792            ble_local_key_cb.is_id_keys_rcvd = TRUE;
1793            memcpy(&ble_local_key_cb.id_keys.irk[0], &p_data->ble_id_keys.irk[0], sizeof(BT_OCTET16));
1794            memcpy(&ble_local_key_cb.id_keys.ir[0], &p_data->ble_id_keys.ir[0], sizeof(BT_OCTET16));
1795            memcpy(&ble_local_key_cb.id_keys.dhk[0], &p_data->ble_id_keys.dhk[0], sizeof(BT_OCTET16));
1796            btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.id_keys.irk[0],
1797                                            BTIF_DM_LE_LOCAL_KEY_IR,
1798                                            BT_OCTET16_LEN);
1799            btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.id_keys.ir[0],
1800                                            BTIF_DM_LE_LOCAL_KEY_IRK,
1801                                            BT_OCTET16_LEN);
1802            btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.id_keys.dhk[0],
1803                                            BTIF_DM_LE_LOCAL_KEY_DHK,
1804                                            BT_OCTET16_LEN);
1805            break;
1806        case BTA_DM_BLE_LOCAL_ER_EVT:
1807            BTIF_TRACE_DEBUG("BTA_DM_BLE_LOCAL_ER_EVT. ");
1808            ble_local_key_cb.is_er_rcvd = TRUE;
1809            memcpy(&ble_local_key_cb.er[0], &p_data->ble_er[0], sizeof(BT_OCTET16));
1810            btif_storage_add_ble_local_key( (char *)&ble_local_key_cb.er[0],
1811                                            BTIF_DM_LE_LOCAL_KEY_ER,
1812                                            BT_OCTET16_LEN);
1813            break;
1814
1815        case BTA_DM_BLE_AUTH_CMPL_EVT:
1816            BTIF_TRACE_DEBUG("BTA_DM_BLE_KEY_EVT. ");
1817            btif_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl);
1818            break;
1819
1820        case BTA_DM_LE_FEATURES_READ:
1821        {
1822            tBTM_BLE_VSC_CB cmn_vsc_cb;
1823            bt_local_le_features_t local_le_features;
1824            char buf[512];
1825            bt_property_t prop;
1826            prop.type = BT_PROPERTY_LOCAL_LE_FEATURES;
1827            prop.val = (void*)buf;
1828            prop.len = sizeof(buf);
1829
1830           /* LE features are not stored in storage. Should be retrived from stack */
1831            BTM_BleGetVendorCapabilities(&cmn_vsc_cb);
1832            local_le_features.local_privacy_enabled = BTM_BleLocalPrivacyEnabled();
1833
1834            prop.len = sizeof (bt_local_le_features_t);
1835            if (cmn_vsc_cb.filter_support == 1)
1836                local_le_features.max_adv_filter_supported = cmn_vsc_cb.max_filter;
1837             else
1838                local_le_features.max_adv_filter_supported = 0;
1839            local_le_features.max_adv_instance = cmn_vsc_cb.adv_inst_max;
1840            local_le_features.max_irk_list_size = cmn_vsc_cb.max_irk_list_sz;
1841            local_le_features.rpa_offload_supported = cmn_vsc_cb.rpa_offloading;
1842            local_le_features.scan_result_storage_size_hibyte =
1843                (cmn_vsc_cb.tot_scan_results_strg >> 8) & (0xFF);
1844            local_le_features.scan_result_storage_size_lobyte =
1845                (cmn_vsc_cb.tot_scan_results_strg) & (0xFF);
1846            local_le_features.activity_energy_info_supported = cmn_vsc_cb.energy_support;
1847            memcpy(prop.val, &local_le_features, prop.len);
1848            HAL_CBACK(bt_hal_cbacks, adapter_properties_cb, BT_STATUS_SUCCESS, 1, &prop);
1849            break;
1850         }
1851
1852        case BTA_DM_ENER_INFO_READ:
1853        {
1854            btif_activity_energy_info_cb_t *p_ener_data = (btif_activity_energy_info_cb_t*) p_param;
1855            bt_activity_energy_info energy_info;
1856            energy_info.status = p_ener_data->status;
1857            energy_info.ctrl_state = p_ener_data->ctrl_state;
1858            energy_info.rx_time = p_ener_data->rx_time;
1859            energy_info.tx_time = p_ener_data->tx_time;
1860            energy_info.idle_time = p_ener_data->idle_time;
1861            energy_info.energy_used = p_ener_data->energy_used;
1862            HAL_CBACK(bt_hal_cbacks, energy_info_cb, &energy_info);
1863            break;
1864        }
1865#endif
1866
1867        case BTA_DM_AUTHORIZE_EVT:
1868        case BTA_DM_SIG_STRENGTH_EVT:
1869        case BTA_DM_SP_RMT_OOB_EVT:
1870        case BTA_DM_SP_KEYPRESS_EVT:
1871        case BTA_DM_ROLE_CHG_EVT:
1872
1873        default:
1874            BTIF_TRACE_WARNING( "btif_dm_cback : unhandled event (%d)", event );
1875            break;
1876    }
1877} /* btui_security_cback() */
1878
1879
1880/*******************************************************************************
1881**
1882** Function         btif_dm_generic_evt
1883**
1884** Description      Executes non-BTA upstream events in BTIF context
1885**
1886** Returns          void
1887**
1888*******************************************************************************/
1889static void btif_dm_generic_evt(UINT16 event, char* p_param)
1890{
1891    BTIF_TRACE_EVENT("%s: event=%d", __FUNCTION__, event);
1892    switch(event)
1893    {
1894        case BTIF_DM_CB_DISCOVERY_STARTED:
1895        {
1896            HAL_CBACK(bt_hal_cbacks, discovery_state_changed_cb, BT_DISCOVERY_STARTED);
1897        }
1898        break;
1899
1900        case BTIF_DM_CB_CREATE_BOND:
1901        {
1902            pairing_cb.timeout_retries = NUM_TIMEOUT_RETRIES;
1903            btif_dm_create_bond_cb_t *create_bond_cb = (btif_dm_create_bond_cb_t*)p_param;
1904            btif_dm_cb_create_bond(&create_bond_cb->bdaddr, create_bond_cb->transport);
1905        }
1906        break;
1907
1908        case BTIF_DM_CB_REMOVE_BOND:
1909        {
1910            btif_dm_cb_remove_bond((bt_bdaddr_t *)p_param);
1911        }
1912        break;
1913
1914        case BTIF_DM_CB_HID_REMOTE_NAME:
1915        {
1916            btif_dm_cb_hid_remote_name((tBTM_REMOTE_DEV_NAME *)p_param);
1917        }
1918        break;
1919
1920        case BTIF_DM_CB_BOND_STATE_BONDING:
1921            {
1922                bond_state_changed(BT_STATUS_SUCCESS, (bt_bdaddr_t *)p_param, BT_BOND_STATE_BONDING);
1923            }
1924            break;
1925        case BTIF_DM_CB_LE_TX_TEST:
1926        case BTIF_DM_CB_LE_RX_TEST:
1927            {
1928                uint8_t status;
1929                STREAM_TO_UINT8(status, p_param);
1930                HAL_CBACK(bt_hal_cbacks, le_test_mode_cb,
1931                      (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, 0);
1932            }
1933            break;
1934        case BTIF_DM_CB_LE_TEST_END:
1935            {
1936                uint8_t status;
1937                uint16_t count = 0;
1938                STREAM_TO_UINT8(status, p_param);
1939                if (status == 0)
1940                    STREAM_TO_UINT16(count, p_param);
1941                HAL_CBACK(bt_hal_cbacks, le_test_mode_cb,
1942                      (status == 0) ? BT_STATUS_SUCCESS : BT_STATUS_FAIL, count);
1943            }
1944            break;
1945        default:
1946        {
1947            BTIF_TRACE_WARNING("%s : Unknown event 0x%x", __FUNCTION__, event);
1948        }
1949        break;
1950    }
1951}
1952
1953/*******************************************************************************
1954**
1955** Function         bte_dm_evt
1956**
1957** Description      Switches context from BTE to BTIF for all DM events
1958**
1959** Returns          void
1960**
1961*******************************************************************************/
1962
1963void bte_dm_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC *p_data)
1964{
1965    bt_status_t status;
1966
1967    /* switch context to btif task context (copy full union size for convenience) */
1968    status = btif_transfer_context(btif_dm_upstreams_evt, (uint16_t)event, (void*)p_data, sizeof(tBTA_DM_SEC), NULL);
1969
1970    /* catch any failed context transfers */
1971    ASSERTC(status == BT_STATUS_SUCCESS, "context transfer failed", status);
1972}
1973
1974/*******************************************************************************
1975**
1976** Function         bte_search_devices_evt
1977**
1978** Description      Switches context from BTE to BTIF for DM search events
1979**
1980** Returns          void
1981**
1982*******************************************************************************/
1983static void bte_search_devices_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
1984{
1985    UINT16 param_len = 0;
1986
1987    if (p_data)
1988        param_len += sizeof(tBTA_DM_SEARCH);
1989    /* Allocate buffer to hold the pointers (deep copy). The pointers will point to the end of the tBTA_DM_SEARCH */
1990    switch (event)
1991    {
1992        case BTA_DM_INQ_RES_EVT:
1993        {
1994            if (p_data->inq_res.p_eir)
1995                param_len += HCI_EXT_INQ_RESPONSE_LEN;
1996        }
1997        break;
1998
1999        case BTA_DM_DISC_RES_EVT:
2000        {
2001            if (p_data->disc_res.raw_data_size && p_data->disc_res.p_raw_data)
2002                param_len += p_data->disc_res.raw_data_size;
2003        }
2004        break;
2005    }
2006    BTIF_TRACE_DEBUG("%s event=%s param_len=%d", __FUNCTION__, dump_dm_search_event(event), param_len);
2007
2008    /* if remote name is available in EIR, set teh flag so that stack doesnt trigger RNR */
2009    if (event == BTA_DM_INQ_RES_EVT)
2010        p_data->inq_res.remt_name_not_required = check_eir_remote_name(p_data, NULL, NULL);
2011
2012    btif_transfer_context (btif_dm_search_devices_evt , (UINT16) event, (void *)p_data, param_len,
2013        (param_len > sizeof(tBTA_DM_SEARCH)) ? search_devices_copy_cb : NULL);
2014}
2015
2016/*******************************************************************************
2017**
2018** Function         bte_dm_search_services_evt
2019**
2020** Description      Switches context from BTE to BTIF for DM search services
2021**                  event
2022**
2023** Returns          void
2024**
2025*******************************************************************************/
2026static void bte_dm_search_services_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
2027{
2028    UINT16 param_len = 0;
2029   if (p_data)
2030       param_len += sizeof(tBTA_DM_SEARCH);
2031   switch (event)
2032   {
2033         case BTA_DM_DISC_RES_EVT:
2034         {
2035             if ((p_data->disc_res.result == BTA_SUCCESS) && (p_data->disc_res.num_uuids > 0)) {
2036                  param_len += (p_data->disc_res.num_uuids * MAX_UUID_SIZE);
2037             }
2038         } break;
2039   }
2040   /* TODO: The only other member that needs a deep copy is the p_raw_data. But not sure
2041    * if raw_data is needed. */
2042   btif_transfer_context(btif_dm_search_services_evt, event, (char*)p_data, param_len,
2043         (param_len > sizeof(tBTA_DM_SEARCH)) ? search_services_copy_cb : NULL);
2044}
2045
2046/*******************************************************************************
2047**
2048** Function         bte_dm_remote_service_record_evt
2049**
2050** Description      Switches context from BTE to BTIF for DM search service
2051**                  record event
2052**
2053** Returns          void
2054**
2055*******************************************************************************/
2056static void bte_dm_remote_service_record_evt(tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
2057{
2058   /* TODO: The only member that needs a deep copy is the p_raw_data. But not sure yet if this is needed. */
2059   btif_transfer_context(btif_dm_remote_service_record_evt, event, (char*)p_data, sizeof(tBTA_DM_SEARCH), NULL);
2060}
2061
2062#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2063/*******************************************************************************
2064**
2065** Function         bta_energy_info_cb
2066**
2067** Description      Switches context from BTE to BTIF for DM energy info event
2068**
2069** Returns          void
2070**
2071*******************************************************************************/
2072static void bta_energy_info_cb(tBTA_DM_BLE_TX_TIME_MS tx_time, tBTA_DM_BLE_RX_TIME_MS rx_time,
2073                                    tBTA_DM_BLE_IDLE_TIME_MS idle_time,
2074                                    tBTA_DM_BLE_ENERGY_USED energy_used,
2075                                    tBTA_DM_CONTRL_STATE ctrl_state, tBTA_STATUS status)
2076{
2077    BTIF_TRACE_DEBUG("energy_info_cb-Status:%d,state=%d,tx_t=%ld, rx_t=%ld, idle_time=%ld,used=%ld",
2078        status, ctrl_state, tx_time, rx_time, idle_time, energy_used);
2079
2080    btif_activity_energy_info_cb_t btif_cb;
2081    btif_cb.status = status;
2082    btif_cb.ctrl_state = ctrl_state;
2083    btif_cb.tx_time = (uint64_t) tx_time;
2084    btif_cb.rx_time = (uint64_t) rx_time;
2085    btif_cb.idle_time =(uint64_t) idle_time;
2086    btif_cb.energy_used =(uint64_t) energy_used;
2087    btif_transfer_context(btif_dm_upstreams_evt, BTA_DM_ENER_INFO_READ,
2088                          (char*) &btif_cb, sizeof(btif_activity_energy_info_cb_t), NULL);
2089}
2090#endif
2091
2092/*******************************************************************************
2093**
2094** Function         bte_scan_filt_param_cfg_evt
2095**
2096** Description      Scan filter param config event
2097**
2098** Returns          void
2099**
2100*******************************************************************************/
2101static void bte_scan_filt_param_cfg_evt(UINT8 action_type,
2102                                        tBTA_DM_BLE_PF_AVBL_SPACE avbl_space,
2103                                        tBTA_DM_BLE_REF_VALUE ref_value, tBTA_STATUS status)
2104{
2105    /* This event occurs on calling BTA_DmBleCfgFilterCondition internally,
2106    ** and that is why there is no HAL callback
2107    */
2108    if(BTA_SUCCESS != status)
2109    {
2110        BTIF_TRACE_ERROR("%s, %d", __FUNCTION__, status);
2111    }
2112    else
2113    {
2114        BTIF_TRACE_DEBUG("%s", __FUNCTION__);
2115    }
2116}
2117
2118/*****************************************************************************
2119**
2120**   btif api functions (no context switch)
2121**
2122*****************************************************************************/
2123
2124/*******************************************************************************
2125**
2126** Function         btif_dm_start_discovery
2127**
2128** Description      Start device discovery/inquiry
2129**
2130** Returns          bt_status_t
2131**
2132*******************************************************************************/
2133bt_status_t btif_dm_start_discovery(void)
2134{
2135    tBTA_DM_INQ inq_params;
2136    tBTA_SERVICE_MASK services = 0;
2137    tBTA_DM_BLE_PF_FILT_PARAMS adv_filt_param;
2138
2139    BTIF_TRACE_EVENT("%s", __FUNCTION__);
2140
2141#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2142    memset(&adv_filt_param, 0, sizeof(tBTA_DM_BLE_PF_FILT_PARAMS));
2143    /* Cleanup anything remaining on index 0 */
2144    BTA_DmBleScanFilterSetup(BTA_DM_BLE_SCAN_COND_DELETE, 0, &adv_filt_param, NULL,
2145                             bte_scan_filt_param_cfg_evt, 0);
2146
2147    /* Add an allow-all filter on index 0*/
2148    adv_filt_param.dely_mode = IMMEDIATE_DELY_MODE;
2149    adv_filt_param.feat_seln = ALLOW_ALL_FILTER;
2150    adv_filt_param.filt_logic_type = BTA_DM_BLE_PF_FILT_LOGIC_OR;
2151    adv_filt_param.list_logic_type = BTA_DM_BLE_PF_LIST_LOGIC_OR;
2152    adv_filt_param.rssi_low_thres = LOWEST_RSSI_VALUE;
2153    adv_filt_param.rssi_high_thres = LOWEST_RSSI_VALUE;
2154    BTA_DmBleScanFilterSetup(BTA_DM_BLE_SCAN_COND_ADD, 0, &adv_filt_param, NULL,
2155                             bte_scan_filt_param_cfg_evt, 0);
2156
2157    /* TODO: Do we need to handle multiple inquiries at the same time? */
2158
2159    /* Set inquiry params and call API */
2160    inq_params.mode = BTA_DM_GENERAL_INQUIRY|BTA_BLE_GENERAL_INQUIRY;
2161#if (defined(BTA_HOST_INTERLEAVE_SEARCH) && BTA_HOST_INTERLEAVE_SEARCH == TRUE)
2162    inq_params.intl_duration[0]= BTIF_DM_INTERLEAVE_DURATION_BR_ONE;
2163    inq_params.intl_duration[1]= BTIF_DM_INTERLEAVE_DURATION_LE_ONE;
2164    inq_params.intl_duration[2]= BTIF_DM_INTERLEAVE_DURATION_BR_TWO;
2165    inq_params.intl_duration[3]= BTIF_DM_INTERLEAVE_DURATION_LE_TWO;
2166#endif
2167#else
2168    inq_params.mode = BTA_DM_GENERAL_INQUIRY;
2169#endif
2170    inq_params.duration = BTIF_DM_DEFAULT_INQ_MAX_DURATION;
2171
2172    inq_params.max_resps = BTIF_DM_DEFAULT_INQ_MAX_RESULTS;
2173    inq_params.report_dup = TRUE;
2174
2175    inq_params.filter_type = BTA_DM_INQ_CLR;
2176    /* TODO: Filter device by BDA needs to be implemented here */
2177
2178    /* Will be enabled to TRUE once inquiry busy level has been received */
2179    btif_dm_inquiry_in_progress = FALSE;
2180    /* find nearby devices */
2181    BTA_DmSearch(&inq_params, services, bte_search_devices_evt);
2182
2183    return BT_STATUS_SUCCESS;
2184}
2185
2186/*******************************************************************************
2187**
2188** Function         btif_dm_cancel_discovery
2189**
2190** Description      Cancels search
2191**
2192** Returns          bt_status_t
2193**
2194*******************************************************************************/
2195bt_status_t btif_dm_cancel_discovery(void)
2196{
2197    BTIF_TRACE_EVENT("%s", __FUNCTION__);
2198    BTA_DmSearchCancel();
2199    return BT_STATUS_SUCCESS;
2200}
2201
2202/*******************************************************************************
2203**
2204** Function         btif_dm_create_bond
2205**
2206** Description      Initiate bonding with the specified device
2207**
2208** Returns          bt_status_t
2209**
2210*******************************************************************************/
2211bt_status_t btif_dm_create_bond(const bt_bdaddr_t *bd_addr, int transport)
2212{
2213    btif_dm_create_bond_cb_t create_bond_cb;
2214    create_bond_cb.transport = transport;
2215    bdcpy(create_bond_cb.bdaddr.address, bd_addr->address);
2216
2217    bdstr_t bdstr;
2218    BTIF_TRACE_EVENT("%s: bd_addr=%s, transport=%d", __FUNCTION__,
2219            bd2str((bt_bdaddr_t *) bd_addr, &bdstr), transport);
2220    if (pairing_cb.state != BT_BOND_STATE_NONE)
2221        return BT_STATUS_BUSY;
2222
2223    btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_CREATE_BOND,
2224                          (char *)&create_bond_cb, sizeof(btif_dm_create_bond_cb_t), NULL);
2225
2226    return BT_STATUS_SUCCESS;
2227}
2228
2229/*******************************************************************************
2230**
2231** Function         btif_dm_cancel_bond
2232**
2233** Description      Initiate bonding with the specified device
2234**
2235** Returns          bt_status_t
2236**
2237*******************************************************************************/
2238
2239bt_status_t btif_dm_cancel_bond(const bt_bdaddr_t *bd_addr)
2240{
2241    bdstr_t bdstr;
2242
2243    BTIF_TRACE_EVENT("%s: bd_addr=%s", __FUNCTION__, bd2str((bt_bdaddr_t *)bd_addr, &bdstr));
2244
2245    /* TODO:
2246    **  1. Restore scan modes
2247    **  2. special handling for HID devices
2248    */
2249    if (pairing_cb.state == BT_BOND_STATE_BONDING)
2250    {
2251
2252#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2253
2254        if (pairing_cb.is_ssp)
2255        {
2256            if (pairing_cb.is_le_only)
2257            {
2258                BTA_DmBleSecurityGrant((UINT8 *)bd_addr->address,BTA_DM_SEC_PAIR_NOT_SPT);
2259            }
2260            else
2261            {
2262                BTA_DmConfirm( (UINT8 *)bd_addr->address, FALSE);
2263                BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2264                btif_storage_remove_bonded_device((bt_bdaddr_t *)bd_addr);
2265            }
2266        }
2267        else
2268        {
2269            if (pairing_cb.is_le_only)
2270            {
2271                BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2272            }
2273            else
2274            {
2275                BTA_DmPinReply( (UINT8 *)bd_addr->address, FALSE, 0, NULL);
2276            }
2277        /* Cancel bonding, in case it is in ACL connection setup state */
2278        BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2279        }
2280
2281#else
2282        if (pairing_cb.is_ssp)
2283        {
2284            BTA_DmConfirm( (UINT8 *)bd_addr->address, FALSE);
2285        }
2286        else
2287        {
2288            BTA_DmPinReply( (UINT8 *)bd_addr->address, FALSE, 0, NULL);
2289        }
2290        /* Cancel bonding, in case it is in ACL connection setup state */
2291        BTA_DmBondCancel ((UINT8 *)bd_addr->address);
2292        btif_storage_remove_bonded_device((bt_bdaddr_t *)bd_addr);
2293#endif
2294    }
2295
2296    return BT_STATUS_SUCCESS;
2297}
2298
2299/*******************************************************************************
2300**
2301** Function         btif_dm_hh_open_failed
2302**
2303** Description      informs the upper layers if the HH have failed during bonding
2304**
2305** Returns          none
2306**
2307*******************************************************************************/
2308
2309void btif_dm_hh_open_failed(bt_bdaddr_t *bdaddr)
2310{
2311    if (pairing_cb.state == BT_BOND_STATE_BONDING &&
2312            bdcmp(bdaddr->address, pairing_cb.bd_addr) == 0)
2313    {
2314        bond_state_changed(BT_STATUS_FAIL, bdaddr, BT_BOND_STATE_NONE);
2315    }
2316}
2317
2318/*******************************************************************************
2319**
2320** Function         btif_dm_remove_bond
2321**
2322** Description      Removes bonding with the specified device
2323**
2324** Returns          bt_status_t
2325**
2326*******************************************************************************/
2327
2328bt_status_t btif_dm_remove_bond(const bt_bdaddr_t *bd_addr)
2329{
2330    bdstr_t bdstr;
2331
2332    BTIF_TRACE_EVENT("%s: bd_addr=%s", __FUNCTION__, bd2str((bt_bdaddr_t *)bd_addr, &bdstr));
2333    btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_REMOVE_BOND,
2334                          (char *)bd_addr, sizeof(bt_bdaddr_t), NULL);
2335
2336    return BT_STATUS_SUCCESS;
2337}
2338
2339/*******************************************************************************
2340**
2341** Function         btif_dm_pin_reply
2342**
2343** Description      BT legacy pairing - PIN code reply
2344**
2345** Returns          bt_status_t
2346**
2347*******************************************************************************/
2348
2349bt_status_t btif_dm_pin_reply( const bt_bdaddr_t *bd_addr, uint8_t accept,
2350                               uint8_t pin_len, bt_pin_code_t *pin_code)
2351{
2352    BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
2353    if (pin_code == NULL)
2354        return BT_STATUS_FAIL;
2355#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2356
2357    if (pairing_cb.is_le_only)
2358    {
2359        int i;
2360        UINT32 passkey = 0;
2361        int multi[] = {100000, 10000, 1000, 100, 10,1};
2362        BD_ADDR remote_bd_addr;
2363        bdcpy(remote_bd_addr, bd_addr->address);
2364        for (i = 0; i < 6; i++)
2365        {
2366            passkey += (multi[i] * (pin_code->pin[i] - '0'));
2367        }
2368        BTIF_TRACE_DEBUG("btif_dm_pin_reply: passkey: %d", passkey);
2369        BTA_DmBlePasskeyReply(remote_bd_addr, accept, passkey);
2370
2371    }
2372    else
2373    {
2374        BTA_DmPinReply( (UINT8 *)bd_addr->address, accept, pin_len, pin_code->pin);
2375        if (accept)
2376            pairing_cb.pin_code_len = pin_len;
2377    }
2378#else
2379    BTA_DmPinReply( (UINT8 *)bd_addr->address, accept, pin_len, pin_code->pin);
2380
2381    if (accept)
2382        pairing_cb.pin_code_len = pin_len;
2383#endif
2384    return BT_STATUS_SUCCESS;
2385}
2386
2387/*******************************************************************************
2388**
2389** Function         btif_dm_ssp_reply
2390**
2391** Description      BT SSP Reply - Just Works, Numeric Comparison & Passkey Entry
2392**
2393** Returns          bt_status_t
2394**
2395*******************************************************************************/
2396bt_status_t btif_dm_ssp_reply(const bt_bdaddr_t *bd_addr,
2397                                 bt_ssp_variant_t variant, uint8_t accept,
2398                                 uint32_t passkey)
2399{
2400    UNUSED(passkey);
2401
2402    if (variant == BT_SSP_VARIANT_PASSKEY_ENTRY)
2403    {
2404        /* This is not implemented in the stack.
2405         * For devices with display, this is not needed
2406        */
2407        BTIF_TRACE_WARNING("%s: Not implemented", __FUNCTION__);
2408        return BT_STATUS_FAIL;
2409    }
2410    /* BT_SSP_VARIANT_CONSENT & BT_SSP_VARIANT_PASSKEY_CONFIRMATION supported */
2411    BTIF_TRACE_EVENT("%s: accept=%d", __FUNCTION__, accept);
2412#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2413    if (pairing_cb.is_le_only)
2414    {
2415        if (accept)
2416            BTA_DmBleSecurityGrant((UINT8 *)bd_addr->address,BTA_DM_SEC_GRANTED);
2417        else
2418            BTA_DmBleSecurityGrant((UINT8 *)bd_addr->address,BTA_DM_SEC_PAIR_NOT_SPT);
2419    }
2420    else
2421        BTA_DmConfirm( (UINT8 *)bd_addr->address, accept);
2422
2423#else
2424    BTA_DmConfirm( (UINT8 *)bd_addr->address, accept);
2425#endif
2426    return BT_STATUS_SUCCESS;
2427}
2428
2429/*******************************************************************************
2430**
2431** Function         btif_dm_get_adapter_property
2432**
2433** Description     Queries the BTA for the adapter property
2434**
2435** Returns          bt_status_t
2436**
2437*******************************************************************************/
2438bt_status_t btif_dm_get_adapter_property(bt_property_t *prop)
2439{
2440    BTIF_TRACE_EVENT("%s: type=0x%x", __FUNCTION__, prop->type);
2441    switch (prop->type)
2442    {
2443        case BT_PROPERTY_BDNAME:
2444        {
2445            bt_bdname_t *bd_name = (bt_bdname_t*)prop->val;
2446            strcpy((char *)bd_name->name, btif_get_default_local_name());
2447            prop->len = strlen((char *)bd_name->name);
2448        }
2449        break;
2450
2451        case BT_PROPERTY_ADAPTER_SCAN_MODE:
2452        {
2453            /* if the storage does not have it. Most likely app never set it. Default is NONE */
2454            bt_scan_mode_t *mode = (bt_scan_mode_t*)prop->val;
2455            *mode = BT_SCAN_MODE_NONE;
2456            prop->len = sizeof(bt_scan_mode_t);
2457        }
2458        break;
2459
2460        case BT_PROPERTY_ADAPTER_DISCOVERY_TIMEOUT:
2461        {
2462            uint32_t *tmt = (uint32_t*)prop->val;
2463            *tmt = 120; /* default to 120s, if not found in NV */
2464            prop->len = sizeof(uint32_t);
2465        }
2466        break;
2467
2468        default:
2469            prop->len = 0;
2470            return BT_STATUS_FAIL;
2471    }
2472    return BT_STATUS_SUCCESS;
2473}
2474
2475/*******************************************************************************
2476**
2477** Function         btif_dm_get_remote_services
2478**
2479** Description      Start SDP to get remote services
2480**
2481** Returns          bt_status_t
2482**
2483*******************************************************************************/
2484bt_status_t btif_dm_get_remote_services(bt_bdaddr_t *remote_addr)
2485{
2486    bdstr_t bdstr;
2487
2488    BTIF_TRACE_EVENT("%s: remote_addr=%s", __FUNCTION__, bd2str(remote_addr, &bdstr));
2489
2490    BTA_DmDiscover(remote_addr->address, BTA_ALL_SERVICE_MASK,
2491                   bte_dm_search_services_evt, TRUE);
2492
2493    return BT_STATUS_SUCCESS;
2494}
2495
2496/*******************************************************************************
2497**
2498** Function         btif_dm_get_remote_service_record
2499**
2500** Description      Start SDP to get remote service record
2501**
2502**
2503** Returns          bt_status_t
2504*******************************************************************************/
2505bt_status_t btif_dm_get_remote_service_record(bt_bdaddr_t *remote_addr,
2506                                                    bt_uuid_t *uuid)
2507{
2508    tSDP_UUID sdp_uuid;
2509    bdstr_t bdstr;
2510
2511    BTIF_TRACE_EVENT("%s: remote_addr=%s", __FUNCTION__, bd2str(remote_addr, &bdstr));
2512
2513    sdp_uuid.len = MAX_UUID_SIZE;
2514    memcpy(sdp_uuid.uu.uuid128, uuid->uu, MAX_UUID_SIZE);
2515
2516    BTA_DmDiscoverUUID(remote_addr->address, &sdp_uuid,
2517                       bte_dm_remote_service_record_evt, TRUE);
2518
2519    return BT_STATUS_SUCCESS;
2520}
2521
2522void btif_dm_execute_service_request(UINT16 event, char *p_param)
2523{
2524    BOOLEAN b_enable = FALSE;
2525    bt_status_t status;
2526    if (event == BTIF_DM_ENABLE_SERVICE)
2527    {
2528        b_enable = TRUE;
2529    }
2530    status = btif_in_execute_service_request(*((tBTA_SERVICE_ID*)p_param), b_enable);
2531    if (status == BT_STATUS_SUCCESS)
2532    {
2533        bt_property_t property;
2534        bt_uuid_t local_uuids[BT_MAX_NUM_UUIDS];
2535
2536        /* Now send the UUID_PROPERTY_CHANGED event to the upper layer */
2537        BTIF_STORAGE_FILL_PROPERTY(&property, BT_PROPERTY_UUIDS,
2538                                    sizeof(local_uuids), local_uuids);
2539        btif_storage_get_adapter_property(&property);
2540        HAL_CBACK(bt_hal_cbacks, adapter_properties_cb,
2541                          BT_STATUS_SUCCESS, 1, &property);
2542    }
2543    return;
2544}
2545
2546void btif_dm_proc_io_req(BD_ADDR bd_addr, tBTA_IO_CAP *p_io_cap, tBTA_OOB_DATA *p_oob_data,
2547                      tBTA_AUTH_REQ *p_auth_req, BOOLEAN is_orig)
2548{
2549    UINT8   yes_no_bit = BTA_AUTH_SP_YES & *p_auth_req;
2550    /* if local initiated:
2551    **      1. set DD + MITM
2552    ** if remote initiated:
2553    **      1. Copy over the auth_req from peer's io_rsp
2554    **      2. Set the MITM if peer has it set or if peer has DisplayYesNo (iPhone)
2555    ** as a fallback set MITM+GB if peer had MITM set
2556    */
2557    UNUSED (bd_addr);
2558    UNUSED (p_io_cap);
2559    UNUSED (p_oob_data);
2560
2561
2562    BTIF_TRACE_DEBUG("+%s: p_auth_req=%d", __FUNCTION__, *p_auth_req);
2563    if(pairing_cb.is_local_initiated)
2564    {
2565        /* if initing/responding to a dedicated bonding, use dedicate bonding bit */
2566        *p_auth_req = BTA_AUTH_DD_BOND | BTA_AUTH_SP_YES;
2567    }
2568    else if (!is_orig)
2569    {
2570        /* peer initiated paring. They probably know what they want.
2571        ** Copy the mitm from peer device.
2572        */
2573        BTIF_TRACE_DEBUG("%s: setting p_auth_req to peer's: %d",
2574                __FUNCTION__, pairing_cb.auth_req);
2575        *p_auth_req = (pairing_cb.auth_req & BTA_AUTH_BONDS);
2576
2577        /* copy over the MITM bit as well. In addition if the peer has DisplayYesNo, force MITM */
2578        if ((yes_no_bit) || (pairing_cb.io_cap & BTM_IO_CAP_IO) )
2579            *p_auth_req |= BTA_AUTH_SP_YES;
2580    }
2581    else if (yes_no_bit)
2582    {
2583        /* set the general bonding bit for stored device */
2584        *p_auth_req = BTA_AUTH_GEN_BOND | yes_no_bit;
2585    }
2586    BTIF_TRACE_DEBUG("-%s: p_auth_req=%d", __FUNCTION__, *p_auth_req);
2587}
2588
2589void btif_dm_proc_io_rsp(BD_ADDR bd_addr, tBTA_IO_CAP io_cap,
2590                      tBTA_OOB_DATA oob_data, tBTA_AUTH_REQ auth_req)
2591{
2592    UNUSED (bd_addr);
2593    UNUSED (oob_data);
2594
2595    if(auth_req & BTA_AUTH_BONDS)
2596    {
2597        BTIF_TRACE_DEBUG("%s auth_req:%d", __FUNCTION__, auth_req);
2598        pairing_cb.auth_req = auth_req;
2599        pairing_cb.io_cap = io_cap;
2600    }
2601}
2602
2603#if (BTM_OOB_INCLUDED == TRUE)
2604void btif_dm_set_oob_for_io_req(tBTA_OOB_DATA  *p_oob_data)
2605{
2606    if (oob_cb.sp_c[0] == 0 && oob_cb.sp_c[1] == 0 &&
2607        oob_cb.sp_c[2] == 0 && oob_cb.sp_c[3] == 0 )
2608    {
2609        *p_oob_data = FALSE;
2610    }
2611    else
2612    {
2613        *p_oob_data = TRUE;
2614    }
2615    BTIF_TRACE_DEBUG("btif_dm_set_oob_for_io_req *p_oob_data=%d", *p_oob_data);
2616}
2617#endif /* BTM_OOB_INCLUDED */
2618
2619#ifdef BTIF_DM_OOB_TEST
2620void btif_dm_load_local_oob(void)
2621{
2622    char prop_oob[PROPERTY_VALUE_MAX];
2623    property_get("service.brcm.bt.oob", prop_oob, "3");
2624    BTIF_TRACE_DEBUG("btif_dm_load_local_oob prop_oob = %s",prop_oob);
2625    if (prop_oob[0] != '3')
2626    {
2627#if (BTM_OOB_INCLUDED == TRUE)
2628        if (oob_cb.sp_c[0] == 0 && oob_cb.sp_c[1] == 0 &&
2629            oob_cb.sp_c[2] == 0 && oob_cb.sp_c[3] == 0 )
2630        {
2631            BTIF_TRACE_DEBUG("btif_dm_load_local_oob: read OOB, call BTA_DmLocalOob()");
2632            BTA_DmLocalOob();
2633        }
2634#else
2635        BTIF_TRACE_ERROR("BTM_OOB_INCLUDED is FALSE!!(btif_dm_load_local_oob)");
2636#endif
2637    }
2638}
2639
2640void btif_dm_proc_loc_oob(BOOLEAN valid, BT_OCTET16 c, BT_OCTET16 r)
2641{
2642    FILE *fp;
2643    char *path_a = "/data/misc/bluedroid/LOCAL/a.key";
2644    char *path_b = "/data/misc/bluedroid/LOCAL/b.key";
2645    char *path = NULL;
2646    char prop_oob[PROPERTY_VALUE_MAX];
2647    BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob: valid=%d", valid);
2648    if (oob_cb.sp_c[0] == 0 && oob_cb.sp_c[1] == 0 &&
2649        oob_cb.sp_c[2] == 0 && oob_cb.sp_c[3] == 0 &&
2650        valid)
2651    {
2652        BTIF_TRACE_DEBUG("save local OOB data in memory");
2653        memcpy(oob_cb.sp_c, c, BT_OCTET16_LEN);
2654        memcpy(oob_cb.sp_r, r, BT_OCTET16_LEN);
2655        property_get("service.brcm.bt.oob", prop_oob, "3");
2656        BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob prop_oob = %s",prop_oob);
2657        if (prop_oob[0] == '1')
2658            path = path_a;
2659        else if (prop_oob[0] == '2')
2660            path = path_b;
2661        if (path)
2662        {
2663            fp = fopen(path, "wb+");
2664            if (fp == NULL)
2665            {
2666                BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob: failed to save local OOB data to %s", path);
2667            }
2668            else
2669            {
2670                BTIF_TRACE_DEBUG("btif_dm_proc_loc_oob: save local OOB data into file %s",path);
2671                fwrite (c , 1 , BT_OCTET16_LEN , fp );
2672                fwrite (r , 1 , BT_OCTET16_LEN , fp );
2673                fclose(fp);
2674            }
2675        }
2676    }
2677}
2678BOOLEAN btif_dm_proc_rmt_oob(BD_ADDR bd_addr,  BT_OCTET16 p_c, BT_OCTET16 p_r)
2679{
2680    char t[128];
2681    FILE *fp;
2682    char *path_a = "/data/misc/bluedroid/LOCAL/a.key";
2683    char *path_b = "/data/misc/bluedroid/LOCAL/b.key";
2684    char *path = NULL;
2685    char prop_oob[PROPERTY_VALUE_MAX];
2686    BOOLEAN result = FALSE;
2687    bt_bdaddr_t bt_bd_addr;
2688    bdcpy(oob_cb.oob_bdaddr, bd_addr);
2689    property_get("service.brcm.bt.oob", prop_oob, "3");
2690    BTIF_TRACE_DEBUG("btif_dm_proc_rmt_oob prop_oob = %s",prop_oob);
2691    if (prop_oob[0] == '1')
2692        path = path_b;
2693    else if (prop_oob[0] == '2')
2694        path = path_a;
2695    if (path)
2696    {
2697        fp = fopen(path, "rb");
2698        if (fp == NULL)
2699        {
2700            BTIF_TRACE_DEBUG("btapp_dm_rmt_oob_reply: failed to read OOB keys from %s",path);
2701            return FALSE;
2702        }
2703        else
2704        {
2705            BTIF_TRACE_DEBUG("btif_dm_proc_rmt_oob: read OOB data from %s",path);
2706            fread (p_c , 1 , BT_OCTET16_LEN , fp );
2707            fread (p_r , 1 , BT_OCTET16_LEN , fp );
2708            fclose(fp);
2709        }
2710        BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: TRUE");
2711        sprintf(t, "%02x:%02x:%02x:%02x:%02x:%02x",
2712                oob_cb.oob_bdaddr[0], oob_cb.oob_bdaddr[1], oob_cb.oob_bdaddr[2],
2713                oob_cb.oob_bdaddr[3], oob_cb.oob_bdaddr[4], oob_cb.oob_bdaddr[5]);
2714        BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: peer_bdaddr = %s", t);
2715        sprintf(t, "%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
2716                p_c[0], p_c[1], p_c[2],  p_c[3],  p_c[4],  p_c[5],  p_c[6],  p_c[7],
2717                p_c[8], p_c[9], p_c[10], p_c[11], p_c[12], p_c[13], p_c[14], p_c[15]);
2718        BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: c = %s",t);
2719        sprintf(t, "%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
2720                p_r[0], p_r[1], p_r[2],  p_r[3],  p_r[4],  p_r[5],  p_r[6],  p_r[7],
2721                p_r[8], p_r[9], p_r[10], p_r[11], p_r[12], p_r[13], p_r[14], p_r[15]);
2722        BTIF_TRACE_DEBUG("----btif_dm_proc_rmt_oob: r = %s",t);
2723        bdcpy(bt_bd_addr.address, bd_addr);
2724        btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_BOND_STATE_BONDING,
2725                              (char *)&bt_bd_addr, sizeof(bt_bdaddr_t), NULL);
2726        result = TRUE;
2727    }
2728    BTIF_TRACE_DEBUG("btif_dm_proc_rmt_oob result=%d",result);
2729    return result;
2730}
2731#endif /*  BTIF_DM_OOB_TEST */
2732#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
2733
2734static void btif_dm_ble_key_notif_evt(tBTA_DM_SP_KEY_NOTIF *p_ssp_key_notif)
2735{
2736    bt_bdaddr_t bd_addr;
2737    bt_bdname_t bd_name;
2738    UINT32 cod;
2739
2740    BTIF_TRACE_DEBUG("%s", __FUNCTION__);
2741
2742    /* Remote name update */
2743    btif_update_remote_properties(p_ssp_key_notif->bd_addr , p_ssp_key_notif->bd_name,
2744                                          NULL, BT_DEVICE_TYPE_BLE);
2745    bdcpy(bd_addr.address, p_ssp_key_notif->bd_addr);
2746    memcpy(bd_name.name, p_ssp_key_notif->bd_name, BD_NAME_LEN);
2747
2748    bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
2749    pairing_cb.is_ssp = FALSE;
2750    cod = COD_UNCLASSIFIED;
2751
2752    HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name,
2753              cod, BT_SSP_VARIANT_PASSKEY_NOTIFICATION,
2754              p_ssp_key_notif->passkey);
2755}
2756
2757/*******************************************************************************
2758**
2759** Function         btif_dm_ble_auth_cmpl_evt
2760**
2761** Description      Executes authentication complete event in btif context
2762**
2763** Returns          void
2764**
2765*******************************************************************************/
2766static void btif_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
2767{
2768    /* Save link key, if not temporary */
2769    bt_bdaddr_t bd_addr;
2770    bt_status_t status = BT_STATUS_FAIL;
2771    bt_bond_state_t state = BT_BOND_STATE_NONE;
2772
2773    bdcpy(bd_addr.address, p_auth_cmpl->bd_addr);
2774    if ( (p_auth_cmpl->success == TRUE) && (p_auth_cmpl->key_present) )
2775    {
2776        /* store keys */
2777    }
2778    if (p_auth_cmpl->success)
2779    {
2780        status = BT_STATUS_SUCCESS;
2781        state = BT_BOND_STATE_BONDED;
2782
2783        btif_dm_save_ble_bonding_keys();
2784        BTA_GATTC_Refresh(bd_addr.address);
2785        btif_dm_get_remote_services(&bd_addr);
2786    }
2787    else
2788    {
2789        /*Map the HCI fail reason  to  bt status  */
2790        switch (p_auth_cmpl->fail_reason)
2791        {
2792            case BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL:
2793            case BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL:
2794                btif_dm_remove_ble_bonding_keys();
2795                status = BT_STATUS_AUTH_FAILURE;
2796                break;
2797            case BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT:
2798                status = BT_STATUS_AUTH_REJECTED;
2799                break;
2800            default:
2801                btif_dm_remove_ble_bonding_keys();
2802                status =  BT_STATUS_FAIL;
2803                break;
2804        }
2805    }
2806    bond_state_changed(status, &bd_addr, state);
2807}
2808
2809
2810
2811void    btif_dm_load_ble_local_keys(void)
2812{
2813    memset(&ble_local_key_cb, 0, sizeof(btif_dm_local_key_cb_t));
2814
2815    if (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_ER,(char*)&ble_local_key_cb.er[0],
2816                                       BT_OCTET16_LEN)== BT_STATUS_SUCCESS)
2817    {
2818        ble_local_key_cb.is_er_rcvd = TRUE;
2819        BTIF_TRACE_DEBUG("%s BLE ER key loaded",__FUNCTION__ );
2820    }
2821
2822    if ((btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IR,(char*)&ble_local_key_cb.id_keys.ir[0],
2823                                        BT_OCTET16_LEN)== BT_STATUS_SUCCESS )&&
2824        (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_IRK, (char*)&ble_local_key_cb.id_keys.irk[0],
2825                                        BT_OCTET16_LEN)== BT_STATUS_SUCCESS)&&
2826        (btif_storage_get_ble_local_key(BTIF_DM_LE_LOCAL_KEY_DHK,(char*)&ble_local_key_cb.id_keys.dhk[0],
2827                                        BT_OCTET16_LEN)== BT_STATUS_SUCCESS))
2828    {
2829        ble_local_key_cb.is_id_keys_rcvd = TRUE;
2830        BTIF_TRACE_DEBUG("%s BLE ID keys loaded",__FUNCTION__ );
2831    }
2832
2833}
2834void    btif_dm_get_ble_local_keys(tBTA_DM_BLE_LOCAL_KEY_MASK *p_key_mask, BT_OCTET16 er,
2835                                   tBTA_BLE_LOCAL_ID_KEYS *p_id_keys)
2836{
2837    if (ble_local_key_cb.is_er_rcvd )
2838    {
2839        memcpy(&er[0], &ble_local_key_cb.er[0], sizeof(BT_OCTET16));
2840        *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ER;
2841    }
2842
2843    if (ble_local_key_cb.is_id_keys_rcvd)
2844    {
2845        memcpy(&p_id_keys->ir[0], &ble_local_key_cb.id_keys.ir[0], sizeof(BT_OCTET16));
2846        memcpy(&p_id_keys->irk[0],  &ble_local_key_cb.id_keys.irk[0], sizeof(BT_OCTET16));
2847        memcpy(&p_id_keys->dhk[0],  &ble_local_key_cb.id_keys.dhk[0], sizeof(BT_OCTET16));
2848        *p_key_mask |= BTA_BLE_LOCAL_KEY_TYPE_ID;
2849    }
2850    BTIF_TRACE_DEBUG("%s  *p_key_mask=0x%02x",__FUNCTION__,   *p_key_mask);
2851}
2852
2853void btif_dm_save_ble_bonding_keys(void)
2854{
2855
2856    bt_bdaddr_t bd_addr;
2857
2858    BTIF_TRACE_DEBUG("%s",__FUNCTION__ );
2859
2860    bdcpy(bd_addr.address, pairing_cb.bd_addr);
2861
2862    if (pairing_cb.ble.is_penc_key_rcvd)
2863    {
2864        btif_storage_add_ble_bonding_key(&bd_addr,
2865                                         (char *) &pairing_cb.ble.penc_key,
2866                                         BTIF_DM_LE_KEY_PENC,
2867                                         sizeof(btif_dm_ble_penc_keys_t));
2868    }
2869
2870    if (pairing_cb.ble.is_pid_key_rcvd)
2871    {
2872        btif_storage_add_ble_bonding_key(&bd_addr,
2873                                         (char *) &pairing_cb.ble.pid_key[0],
2874                                         BTIF_DM_LE_KEY_PID,
2875                                         BT_OCTET16_LEN);
2876    }
2877
2878
2879    if (pairing_cb.ble.is_pcsrk_key_rcvd)
2880    {
2881        btif_storage_add_ble_bonding_key(&bd_addr,
2882                                         (char *) &pairing_cb.ble.pcsrk_key,
2883                                         BTIF_DM_LE_KEY_PCSRK,
2884                                         sizeof(btif_dm_ble_pcsrk_keys_t));
2885    }
2886
2887
2888    if (pairing_cb.ble.is_lenc_key_rcvd)
2889    {
2890        btif_storage_add_ble_bonding_key(&bd_addr,
2891                                         (char *) &pairing_cb.ble.lenc_key,
2892                                         BTIF_DM_LE_KEY_LENC,
2893                                         sizeof(btif_dm_ble_lenc_keys_t));
2894    }
2895
2896    if (pairing_cb.ble.is_lcsrk_key_rcvd)
2897    {
2898        btif_storage_add_ble_bonding_key(&bd_addr,
2899                                         (char *) &pairing_cb.ble.lcsrk_key,
2900                                         BTIF_DM_LE_KEY_LCSRK,
2901                                         sizeof(btif_dm_ble_lcsrk_keys_t));
2902    }
2903
2904}
2905
2906
2907void btif_dm_remove_ble_bonding_keys(void)
2908{
2909    bt_bdaddr_t bd_addr;
2910
2911    BTIF_TRACE_DEBUG("%s",__FUNCTION__ );
2912
2913    bdcpy(bd_addr.address, pairing_cb.bd_addr);
2914    btif_storage_remove_ble_bonding_keys(&bd_addr);
2915}
2916
2917
2918/*******************************************************************************
2919**
2920** Function         btif_dm_ble_sec_req_evt
2921**
2922** Description      Eprocess security request event in btif context
2923**
2924** Returns          void
2925**
2926*******************************************************************************/
2927void btif_dm_ble_sec_req_evt(tBTA_DM_BLE_SEC_REQ *p_ble_req)
2928{
2929    bt_bdaddr_t bd_addr;
2930    bt_bdname_t bd_name;
2931    UINT32 cod;
2932    BTIF_TRACE_DEBUG("%s", __FUNCTION__);
2933
2934    if (pairing_cb.state == BT_BOND_STATE_BONDING)
2935    {
2936        BTIF_TRACE_DEBUG("%s Discard security request", __FUNCTION__);
2937        return;
2938    }
2939
2940    /* Remote name update */
2941    btif_update_remote_properties(p_ble_req->bd_addr,p_ble_req->bd_name,NULL,BT_DEVICE_TYPE_BLE);
2942
2943    bdcpy(bd_addr.address, p_ble_req->bd_addr);
2944    memcpy(bd_name.name, p_ble_req->bd_name, BD_NAME_LEN);
2945
2946    bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
2947
2948    pairing_cb.is_temp = FALSE;
2949    pairing_cb.is_le_only = TRUE;
2950    pairing_cb.is_ssp = TRUE;
2951
2952    cod = COD_UNCLASSIFIED;
2953
2954    HAL_CBACK(bt_hal_cbacks, ssp_request_cb, &bd_addr, &bd_name, cod,
2955              BT_SSP_VARIANT_CONSENT, 0);
2956}
2957
2958
2959
2960/*******************************************************************************
2961**
2962** Function         btif_dm_ble_passkey_req_evt
2963**
2964** Description      Executes pin request event in btif context
2965**
2966** Returns          void
2967**
2968*******************************************************************************/
2969static void btif_dm_ble_passkey_req_evt(tBTA_DM_PIN_REQ *p_pin_req)
2970{
2971    bt_bdaddr_t bd_addr;
2972    bt_bdname_t bd_name;
2973    UINT32 cod;
2974
2975    /* Remote name update */
2976    btif_update_remote_properties(p_pin_req->bd_addr,p_pin_req->bd_name,NULL,BT_DEVICE_TYPE_BLE);
2977
2978    bdcpy(bd_addr.address, p_pin_req->bd_addr);
2979    memcpy(bd_name.name, p_pin_req->bd_name, BD_NAME_LEN);
2980
2981    bond_state_changed(BT_STATUS_SUCCESS, &bd_addr, BT_BOND_STATE_BONDING);
2982    pairing_cb.is_le_only = TRUE;
2983
2984    cod = COD_UNCLASSIFIED;
2985
2986    HAL_CBACK(bt_hal_cbacks, pin_request_cb,
2987              &bd_addr, &bd_name, cod);
2988}
2989
2990
2991void btif_dm_update_ble_remote_properties( BD_ADDR bd_addr, BD_NAME bd_name,
2992                                           tBT_DEVICE_TYPE dev_type)
2993{
2994   btif_update_remote_properties(bd_addr,bd_name,NULL,dev_type);
2995}
2996
2997static void btif_dm_ble_tx_test_cback(void *p)
2998{
2999    btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_TX_TEST,
3000                          (char *)p, 1, NULL);
3001}
3002
3003static void btif_dm_ble_rx_test_cback(void *p)
3004{
3005    btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_RX_TEST,
3006                          (char *)p, 1, NULL);
3007}
3008
3009static void btif_dm_ble_test_end_cback(void *p)
3010{
3011    btif_transfer_context(btif_dm_generic_evt, BTIF_DM_CB_LE_TEST_END,
3012                          (char *)p, 3, NULL);
3013}
3014/*******************************************************************************
3015**
3016** Function         btif_le_test_mode
3017**
3018** Description     Sends a HCI BLE Test command to the Controller
3019**
3020** Returns          BT_STATUS_SUCCESS on success
3021**
3022*******************************************************************************/
3023bt_status_t btif_le_test_mode(uint16_t opcode, uint8_t *buf, uint8_t len)
3024{
3025     switch (opcode) {
3026         case HCI_BLE_TRANSMITTER_TEST:
3027             if (len != 3) return BT_STATUS_PARM_INVALID;
3028             BTM_BleTransmitterTest(buf[0],buf[1],buf[2], btif_dm_ble_tx_test_cback);
3029             break;
3030         case HCI_BLE_RECEIVER_TEST:
3031             if (len != 1) return BT_STATUS_PARM_INVALID;
3032             BTM_BleReceiverTest(buf[0], btif_dm_ble_rx_test_cback);
3033             break;
3034         case HCI_BLE_TEST_END:
3035             BTM_BleTestEnd((tBTM_CMPL_CB*) btif_dm_ble_test_end_cback);
3036             break;
3037         default:
3038             BTIF_TRACE_ERROR("%s: Unknown LE Test Mode Command 0x%x", __FUNCTION__, opcode);
3039             return BT_STATUS_UNSUPPORTED;
3040     }
3041     return BT_STATUS_SUCCESS;
3042}
3043
3044#endif
3045
3046void btif_dm_on_disable()
3047{
3048    /* cancel any pending pairing requests */
3049    if (pairing_cb.state == BT_BOND_STATE_BONDING)
3050    {
3051        bt_bdaddr_t bd_addr;
3052
3053        BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __FUNCTION__);
3054        bdcpy(bd_addr.address, pairing_cb.bd_addr);
3055        btif_dm_cancel_bond(&bd_addr);
3056    }
3057}
3058
3059/*******************************************************************************
3060**
3061** Function         btif_dm_read_energy_info
3062**
3063** Description     Reads the energy info from controller
3064**
3065** Returns         void
3066**
3067*******************************************************************************/
3068void btif_dm_read_energy_info()
3069{
3070#if (defined(BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
3071    BTA_DmBleGetEnergyInfo(bta_energy_info_cb);
3072#endif
3073}
3074
3075static char* btif_get_default_local_name() {
3076    if (btif_default_local_name[0] == '\0')
3077    {
3078        int max_len = sizeof(btif_default_local_name) - 1;
3079        if (BTM_DEF_LOCAL_NAME[0] != '\0')
3080        {
3081            strncpy(btif_default_local_name, BTM_DEF_LOCAL_NAME, max_len);
3082        }
3083        else
3084        {
3085            char prop_model[PROPERTY_VALUE_MAX];
3086            property_get(PROPERTY_PRODUCT_MODEL, prop_model, "");
3087            strncpy(btif_default_local_name, prop_model, max_len);
3088        }
3089        btif_default_local_name[max_len] = '\0';
3090    }
3091    return btif_default_local_name;
3092}
3093