| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* Need to explicitly cast the int to btm_inq_state enum value
after incrementing.
Change-Id: I984341ad6b09fadb8cb37e360e3ea37b029bafd4
|
|
|
|
|
|
|
|
| |
In case of command timeout, if we have crash SOC and collect ram
dumps, then we do not need to call abort() anymore.
CRs-fixed: 2074622
Change-Id: I13a0fc0fbaa21ee2ef400d6295eecad0865ffcad
|
|
|
|
|
|
|
|
|
|
|
| |
- Read BLE vendor capability to proceed on enablement of
secure connection support from Host.
- If BLE vendor capability is supported from the controller
then secure connection is enabled from Host.
CRs-Fixed: 1041642
Change-Id: I64e79d4e6fff7d9f1b0ea7272250e8155f5888e2
|
|\
| |
| |
| | |
Change-Id: I025c64d825a510806bd292a5555aedc594372284
|
| |
| |
| |
| |
| |
| |
| | |
Bug: 67774334
Test: compilation
Change-Id: I42ec986c6c5f3fe81f507596bf1df05dcf3ec0ba
(cherry picked from 5e8d54e6c26c3bc8ced932bb9c455bbbad57a9db)
|
|\|
| |
| |
| | |
Change-Id: Ibde49a2937e4c8dc8b16161c551012d4fa95955e
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
57f958e7e3 am: e69e6e0fab am: 1e67cf4b2e am: 930d16464f
am: 4010328f80
Change-Id: Ic069690e99651d756f923f6b276f0de85c2ac2c8
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
57f958e7e3 am: e69e6e0fab am: 1e67cf4b2e
am: 930d16464f
Change-Id: I99851e43afe1fa26d9efa4eccea583250586dc0d
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
57f958e7e3 am: e69e6e0fab
am: 1e67cf4b2e
Change-Id: Ic0858b82dd5c15b824a74e53817e42e1945d1a7d
|
| | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
57f958e7e3
am: e69e6e0fab
Change-Id: I4a4802e3bf181f09d8de652d991cc26686e467e4
|
| | | | | |\
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
am: 57f958e7e3
Change-Id: I3a664ecfa9eebde0459f299fa3a26c70c528e3b8
|
| | | | | | |\
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
am: 48e5396b99
Change-Id: I93404b4895d4609e9f0afbc9d020cfae20f4f820
|
| | | | | | | |\
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 4d1470eb54
Change-Id: I153a91a1aba1a78837c397d4ee01bea2d1696e4e
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
bta_gattc_cache_load currently attempts to read 0xFF attributes into an
allocation sized to num_attr attributes, which can be smaller than 0xFF.
There aren't more than num_attr bytes in correct data, but this breaks
with dynamic buffer overflow checking in CopperheadOS for the read
system call since fread ends up calling read, which obtains the size of
the allocation from the malloc implementation and then aborts due to the
(potential) overflow.
This would also fail with the default enabled _FORTIFY_SOURCE=2 feature
in the Android Open Source Project if osi_malloc was marked with the
alloc_size attribute. The way it wraps malloc loses that information so
fortify checks aren't done for calls like this.
Bug: 37160362
Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
[migrated to C++ file, added 0xFFFF limit and wrote commit message]
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
|
| |\| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
6e7c360c85 am: a51aaf2366
am: 15ce434f4b
Change-Id: Ib890b147a7bd77c4987503d8b62400a5735ad036
|
| | |\| | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
6e7c360c85
am: a51aaf2366
Change-Id: Ie8dfa4cff72aef91a87b4dbbc5b82f88213994e2
|
| | | |\| | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 6e7c360c85
Change-Id: Icb1240a22b2cfc7fa32b3ab23652fa1510b3c590
|
| | | | |\| | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 5ec93991d7
Change-Id: I69bd3d4e294765feade3840d9f1710cfa1cdc69b
|
| | | | | |\| | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 636b754cfa
Change-Id: I43948bbb53b3075e7e7b016b9127f38245a8f9da
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
bta_gattc_cache_load currently attempts to read 0xFF attributes into an
allocation sized to num_attr attributes, which can be smaller than 0xFF.
There aren't more than num_attr bytes in correct data, but this breaks
with dynamic buffer overflow checking in CopperheadOS for the read
system call since fread ends up calling read, which obtains the size of
the allocation from the malloc implementation and then aborts due to the
(potential) overflow.
This would also fail with the default enabled _FORTIFY_SOURCE=2 feature
in the Android Open Source Project if osi_malloc was marked with the
alloc_size attribute. The way it wraps malloc loses that information so
fortify checks aren't done for calls like this.
Bug: 37160362
Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
[migrated to C++ file, added 0xFFFF limit and wrote commit message]
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
|
| |\| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: f00207c227
Change-Id: I4128915b2b6e914a7798c9e4fa885cddce4d28a1
|
| | |\| | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 95b2e35d5d
Change-Id: I0956d72a77cfd13dd6dca526cad54c402991ab44
|
| | | |\| | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 8eb6493ad5 -s ours
Change-Id: I73a8ff63af23863be10d8cdd4da73234fcd25e3d
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
bta_gattc_cache_load currently attempts to read 0xFF attributes into an
allocation sized to num_attr attributes, which can be smaller than 0xFF.
There aren't more than num_attr bytes in correct data, but this breaks
with dynamic buffer overflow checking in CopperheadOS for the read
system call since fread ends up calling read, which obtains the size of
the allocation from the malloc implementation and then aborts due to the
(potential) overflow.
This would also fail with the default enabled _FORTIFY_SOURCE=2 feature
in the Android Open Source Project if osi_malloc was marked with the
alloc_size attribute. The way it wraps malloc loses that information so
fortify checks aren't done for calls like this.
Bug: 37160362
Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
[migrated to C++ file, added 0xFFFF limit and wrote commit message]
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
|
| |\| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: c7706eef3e
Change-Id: Icede213590da36c16291cfa0fd001265f2728da4
|
| | |\| | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 83aee7b3ba
Change-Id: I633e4d7fbcb48387ca092e5e19a6f5c0ba015072
|
| | | |\ \ \ \ \ \ |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
bta_gattc_cache_load currently attempts to read 0xFF attributes into an
allocation sized to num_attr attributes, which can be smaller than 0xFF.
There aren't more than num_attr bytes in correct data, but this breaks
with dynamic buffer overflow checking in CopperheadOS for the read
system call since fread ends up calling read, which obtains the size of
the allocation from the malloc implementation and then aborts due to the
(potential) overflow.
This would also fail with the default enabled _FORTIFY_SOURCE=2 feature
in the Android Open Source Project if osi_malloc was marked with the
alloc_size attribute. The way it wraps malloc loses that information so
fortify checks aren't done for calls like this.
Bug: 37160362
Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c
Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
[migrated to C++ file, added 0xFFFF limit and wrote commit message]
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Bug: 67209266
Test: build
Change-Id: I69a4a17382742327268a80dbc5c5be49059ecb3c
(cherry picked from commit d48d32d04ae9f4d81012f2146f8e746c4a05a0f9)
Merged-In: I69a4a17382742327268a80dbc5c5be49059ecb3c
|
|\| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: I7290b613682720610124ac524226614be6c02af8
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
* Entering BTIF_AV_STATE_OPENING is only possible through
BTIF_AV_CONNECT_REQ_EVT (initiated by us) OR
BTA_AV_PENDING_EVT (initiated by remote)
from BTIF_AV_STATE_IDLE
* If we go from BTIF_AV_CONNECT_REQ_EVT, we must have a pending
connection request in btif_profile_queue that should be advanced when
we quit BTIF_AV_STATE_OPENING state
* This CL adds a flag to indicate whether an AV connection is initiated
by us and only advance queue when it is
* Also add queue advancement in BTA_AV_REJECT_EVT and BTA_AV_CLOSE_EVT
Bug: 67317954
Test: make
Change-Id: I16dc8ebf76c6edaacb1f7a4a44e604170ff9a8b0
(cherry picked from commit a3626477587e99347dcf966087497e9a1c4732a4)
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Usecase:
1. Uncheck media from settings UI
2. initiate A2dp connection from remote, send AVRCP play from remote
Failure:
A2dp connection stuck in opening state.
Rootcause:
When A2dp is unchecked from settings UI and remote initiated
a2dp connection and AVRCP play, music starts streaming on DUT
since A2dp connection disconnected. As A2dp connection was not
completed, btif state stuck in opening state.
Fix:
Handled the disconnection request in the opening state
so that AV state machine moves to proper state before
processing AVRCP Play.
Test: 1. Uncheck media from settings UI
2. initiate A2dp connection from remote, send AVRCP play
Bug: 35415160
Change-Id: If1cda5b78100419fdc60c97349efafdd4a18d40c
(cherry picked from commit ff1b9d26ca9a5a25d45bab09df1c0346104051a9)
|
|\| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: I47b2e8bb61812659d1ea36957abf2a718cf14e9b
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
When BT is shutdown, multi advertisement instance pointer is made
null by BleAdvertisingManager::CleanUp function.
Any subsequent BleAdvertisingManager::Get function call made at
this point(eg during suspension and resumption of resolving list
activity)leads to a crash as the instance pointer is null.
Hence, use BleAdvertisingManager::IsInitialized function instead
of BleAdvertisingManager::Get function to check the validity of
multi advertisement instance.
Bug: 67325491
Change-Id: Ibbae7fa546bb52494be78eaff6d4b7b15614ab15
|
| |\ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Bug: 64159791
Test: Manual
Change-Id: Ic1001892b7abc9784a21a183d141df51b1b92fc0
|
| |/ / / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Bug: 64159791
Test: Manual
Change-Id: Ida10f5d2aa6643df136a41891d7775e175c06570
|
|\| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: Ibc175b5417c3bbd074c79ef7341dbba5d4e2d5bb
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Bug: 65381426
Test: unit tests
Change-Id: I37e89ec7187ab1c61be4c736385a9fc5ec88d737
(cherry picked from commit b147c652e90c60daa7113933c48a465491707213)
|
| |\| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
am: eb9ba99523 -s ours
Change-Id: Ib581c7f9b6474c68956de8a41efadff9f8572545
|
| | |\| | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
am: 181144a501
Change-Id: Ic8e35d75ebe14eccd7fd169572fe5bff39d150f6
|
| | | |/ / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Now we correctly suppress the processing of repetitive
BLE scan results.
Test: Manual with extra log messages
Bug: 65174158
Bug: 64975965
Change-Id: Ic4386c5e2fbabdc218f6ec675c5b298a7af41e5a
Merged-In: Ie0694843ad5fbd2a80b310c5f532e5e5a9548043
|
|\| | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Change-Id: I6676010766f362dd3512533f650f75be0e2519d5
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Bug: 65392204
Test: sanity
Change-Id: I2886cc02289b68710e83147ba4d7715a32a4fc55
(cherry picked from commit 8d749047a084b2d8a18fcaaac5c585e97a16f58d)
Merged-In: I2886cc02289b68710e83147ba4d7715a32a4fc55
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Usecase:
1) Perform BT on/off stress test
2) Check for memory leakage in code in subsequent BT on/off usecase
Expectation
No memory leak during BT on/off stress test
Observed result
Memory leakage in hid code where alarm process_repage_timer is not freed
and only cancelled
Fix:
Free alarm process_repage_timer during HID Host deregstration
Test: Checked with BT on/off usecase, and alarm process_repage_timer is now
freed in every BT on/off usecase.
Bug: 65657207
Change-Id: Iccecd126716a5660f4c37ddc917bacee84342297
(cherry picked from commit e6b15cf8251643aced0baf716939a6d0857fccfb)
|
|\| | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
4365318 snap-temp-L33600000106883904
Change-Id: I04fd6616c6453f1c5646e46ef0fa191a98f5a739
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Prior to 5.0 spec, CT2 bit in AuthReq was reserved. Setting it cause
bonding failure with devices that handle it incorrectly.
Bug: 66179701
Bug: 66931978
Test: Bond with device that have 4.2 chip
Change-Id: Idbbf2c39c499698844218059a35cb686996c136a
|
| |\| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 7b1e826e9c
Change-Id: I5813e2869be1b9ef4e1e36b92a6da96a38948fd9
|
| | |\| | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
am: 544f7e1be9
Change-Id: I4acd192aea9c8c72d3ad1ab6c7b3f3ccf9bb868f
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Bug: 37943083
Test: manual
Change-Id: I3974192dd007804f90f35a724a39824ed093a633
Merged-In: I6d041590dc51d7e8711b17fb1cb9c880b640052a
|