system-bt

Fork

hci_packetizer: fix unused building errors

Fixes the following building errors:

system/bt/vendor_libs/linux/interface/hci_packetizer.cc:28:14:
error: unused variable 'preamble_size_for_type' [-Werror,-Wunused-const-variable]
const size_t preamble_size_for_type[] = {
^
system/bt/vendor_libs/linux/interface/hci_packetizer.cc:35:8:
error: unused function 'HciGetPacketLengthForType' [-Werror,-Wunused-function]
size_t HciGetPacketLengthForType(HciPacketType type, const uint8_t* preamble) {
^
2 errors generated.

Add back libbt-vendor

Fix for multiple com.android.bluetooth crash issues.

Issue 1: com.android.bluetooth crash was seen due to invalid/
out of bound index while creating Listening Channel for AVRCP.

Reason: AVRCP creates the listening channel using
bta_av_rc_create, this function expects RC Channel Handle to be
passed as it will fetch the index for RC handle using
tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];

But we are passing 0 i.e. index for RC handle directly. Due to
which above statement will throw exception for out of bound
index and crash is observed.

Fix: Updated the bta_av_rc_create calls with RC handle value
instead of index.

Issue 2: com.android.bluetooth crash was seen due to failed
check for parameter length for vendor capabilities as:
CHECK(p_vcs_cplt_params->param_len >
BTM_VSC_CHIP_CAPABILITY_RSP_LEN)

Reason: We always receive param_len for vendor capabilities as
9. Also BTM_VSC_CHIP_CAPABILITY_RSP_LEN is defined as 9. But as
per the check param_len is expected to be greater than 9. As the
check fails, exception is seen and crash is observed.

Fix: Changed the CHECK on param_len for Vendor Capabilities as:
CHECK(p_vcs_cplt_params->param_len >=
BTM_VSC_CHIP_CAPABILITY_RSP_LEN)

Change-Id: Ic11c58e8193c0d8252e569fee2bc99d30abb7aae
Tracked-On:
Signed-off-by: Gaganpreet kaur <gaganpreetx.kaur@intel.com>

A work around fix for incorrect controller response.

Reason: The controller did not send correct response
for read remote extended features for "page 1" request.
Since lmp extended features ssp was not true, the sm4
was not enabled. Therefore host did not initiate
authentication request. When L2CAP AVDTP connection
was established, the controller returned disconnect
complete with authentication failed reason.

Fix: Provided a retry of read remote extended features
request from host, when response for 'page 1' was
incorrect. This enabled authentication from host and
hence L2CAP AVDTP connection was successful.
Revert the changes, once contoller fix is available

Tracked-On: OAM-69566

Signed-off-by: anitha3x <anithax.h.chandrasekar@intel.com>

Avoid annoying crashing on VMware

Remove the unused function

HCI: don't abort on timeout

Timeout is normal. Especially when the device is suspending.
Don't abort it stupidly.

Merge cherrypicks of [10301183, 10301340, 10301110, 10299537, 10300908, 10301450, 10300619, 10301451, 10301654, 10301341, 10301342, 10301343, 10301344, 10301508, 10301184, 10301185, 10301309, 10301290, 10301310, 10301345, 10301346, 10301464, 10301291, 10300931, 10301382, 10301383, 10301465, 10301384, 10301385, 10301408, 10301386, 10299538, 10301387, 10301388, 10301389, 10301390, 10301391, 10301292, 10301392, 10301393, 10301694, 10301695, 10301489, 10299807, 10299808, 10299809, 10300620, 10301491, 10301111, 10301348] into qt-qpr2-release

Change-Id: I0cfb719c6af78bb1bb752f29e2950fcf20e1ad24

L2CAP socket: Stop L2CAP server by ID instead of PSM

* There could be multiple L2CAP socket control blocks with the same PSM
* The unique identifier for a L2CAP socket control block should be the
unique ID allocated during control block initialization
* Use this ID to track L2CAP socket control block instead of PSM ensure
that we close the correct socket
* Reset GAP handle and L2CAP socket ID to 0 when calling
bta_jv_free_l2c_cb() so that disconnected L2CAP control blocks does
not count

Test: CtsVerifier
Bug: 147997447
Bug: 144148429
Change-Id: Ideb428bc73aa0b36b8deb20fac280e44c8fe7db1
(cherry picked from commit ad23e6b2f473829b1819918cd3f927d1134c83b3)
(cherry picked from commit 7c901002dcf856c0102425631da3475364ac4129)

L2CAP Socket: Keep track of last allocated socket ID

* Keep track of last allocated socket ID in L2CAP socket stack
* Use last_sock_id + 1 as new IDs when allocating new socket blocks
* The de-dupe and overflow detection mechanism in btsock_l2cap_alloc_l()
would handle the uint32_t overflow and duplicate ID cases

Test: CtsBluetoothTestCases
Bug: 144148429
Change-Id: Ieb9791ffa34eef919a32e4aff6f4b514859c69c0
(cherry picked from commit 79eda3270bbd23814b5ec73ee3fd96ac80222db8)
(cherry picked from commit eb4e9162b91995ae8318745c42dad32e972a8bbd)

LE-COC: Free LE-COC server resource when BluetoothServerSocket is closed

* When BluetoothServerSocket is closed in the Java layer, the native
layer should respond by freeing all resources used by the server
including file descriptors, structs, PSMs, and security IDs
* We did this correctly for BR_EDR L2CAP COC channels after
I4e37dcd858af258fbd64fbfb2fbf0083bd743e06, but the same fix did not
apply to LE COC
* This CL make sure LE COC server resources are freed propertly upon
server fd closure

Test: open and close LE COC server repeatedly on an Android phone
Fixes: 144148429
Change-Id: I16fa10e77612105d23848f71925ff6efc95bc75a
(cherry picked from commit d3c9966624530772fbdc469179726bd9191314c5)
(cherry picked from commit 8d2c8ba5739432e8104b6aa6d8e64fe407f9b974)

Snap for 6091187 from fb4b5ebf1dd89ca8f3903a436e39e803949735ea to qt-qpr2-release

Change-Id: I529c233bc91e51349fa2bee5cef27644ea867bf7

Merge "L2CAP: Check length for packet before connection complete" into qt-qpr1-dev

Merge "HCI: Check length of connection complete event" into qt-qpr1-dev

Merge "L2CAP: Bounds check num_handles in NumCompletedPackets" into qt-qpr1-dev

Merge "Fix potential OOB when parsing inquiry results" into qt-qpr1-dev

Merge "VSC batch scan: Check packet length" into qt-qpr1-dev

L2CAP: Check length for packet before connection complete

Bug: 141745011
Test: Run POC
Change-Id: I9dc27521fa2e7f6ea345ec65dc9d3e873d71ef0f

VSC batch scan: Check packet length

Bug: 142543524
Test: POC
Merged-In: I32633d5e6dfdd17b00d468cfd29ad081ae91f0e4
Change-Id: I32633d5e6dfdd17b00d468cfd29ad081ae91f0e4

Merge changes from topic "NIAP_patch" into qt-qpr1-dev

* changes:
DO NOT MERGE: NIAP: Use AES-GCM 256 bits to encrypt key.
DO NOT MERGE: NIAP: Use keystore to encrypt KEY

Snap for 6087694 from 7e0b7d04688aafc192b579ba11868ee6bd0cf33c to qt-qpr2-release

Change-Id: I8e3dc07f7580b30b6ae73e13528d21bcd6ae2a2c

L2CAP: Bounds check num_handles in NumCompletedPackets

Bug: 141617601
Test: Pair and connect
Change-Id: I1a8ff39f677c6957e99a4d3cbd278720dd273a83
(cherry picked from commit 2506db7d01939b286e34e404b80a73e6f4dc8593)

HCI: Check length of connection complete event

Fixes: 141619686
Test: Pair and connect
Change-Id: Ib15d6a8cbb8c6a7404bf1afa023277429029867d
(cherry picked from commit 7ee6458cf4939ad78dbebd70c2520ad56c31f4a9)

Fix potential OOB when parsing inquiry results

Bug: 141620271
Change-Id: I30c7558b1ae1a77d0004760ef831480347a06e11
(cherry picked from commit c44516749af81bc5fc79afc0772f42bf0ec37bd4)

Merge "Handle BQR root inflammation event" into qt-qpr1-dev

Handle BQR root inflammation event

* When Bluetooth process recieves BQR root inflammation event, wait
5 seconds for possible DEBUG_INFO events, then abort.
* Fix the DEBUG_INFO not working problem.
* Do not immediately abort when HAL service dies if abort_timer has
already started, so we won't interrupt log collecting procedure.

Bug: 145568772
Bug: 144572644
Bug: 144592765
Test: Manual
Change-Id: Ibe6c341a3e9aabec33de8d3f90c4a6a3403d06bc
Merged-In: Ibe6c341a3e9aabec33de8d3f90c4a6a3403d06bc

DO NOT MERGE: NIAP: Use AES-GCM 256 bits to encrypt key.

use AES-GCM 256 bits to encrypt key.

Bug: 140483038
Test: NA
Change-Id: Ie5e85edf4fd8dbd9120ea383fd3b9214b6026816

DO NOT MERGE: NIAP: Use keystore to encrypt KEY

Encrypt Classic and LE key via kerstore.

Bug: 140483038
Test: Manual
- Pair a device after OOBE
- adb shell settings put global niap_mode 1
- Re-enable Bluetooth
- Ensured that the Key was read correctly
- Ensured that the Key was encrypted when stored on disk

Change-Id: I6ece990135fb0a16eef3ecf6508ca759eee2c4c6

Snap for 6049975 from a6a11e2bb9eaa952a9757042ff7c805efb327d03 to qt-qpr2-release

Change-Id: I45ce6df67738a25e73b52d7d88b60948193b5a9b

[automerger skipped] Merge "Fix potential OOB write in btm_read_remote_ext_features_complete" into oc-mr1-dev am: 561bf0a604 -s ours am: ad6365c078 -s ours am: d0afd04b43 -s ours am: 81882c385d -s ours
am skip reason: Change-Id Iaca4db4ee9bf27362f62aba0da088727e98955d1 with SHA-1 291307f66c is in history

Change-Id: I0724d8046c8f5c53d5284a7fbf294acf25172d43