summaryrefslogtreecommitdiffstats
path: root/bta
Commit message (Collapse)AuthorAgeFilesLines
* PAN: Always allocate in bta_pan_data_buf_ind_cbackMyles Watson2018-06-081-28/+19
| | | | | | | | | | | | | | Change I63b857d031c55d3a0754e4101e330843eb422b2a caused a double free. Move the free call to pan_data_buf_ind_cb(). Free the buffer before every return in pan_data_buf_ind_cb. Bug: 74950468 Test: manual tethering test with DUT sharing its connection Change-Id: If4526f3042699581e2cdde79a362eef0f83768eb Merged-In: If4526f3042699581e2cdde79a362eef0f83768eb (cherry picked from commit 98232b084c66368234d19fafe3076bc1c0f1b578) CVE-2018-9356
* DO NOT MERGE Fix unexpected behavior in bta_dm_sdp_resultHansong Zhang2018-06-081-5/+16
| | | | | | | | | | Check the number of UUIDs from remote device Bug: 74016921 Test: manual Change-Id: I1ca1f66bfc935f5fd219e8147511bdac7d2789ef (cherry picked from commit 67ec216daa43f71adf103de6c4156c5a892c1460) CVE-2018-9355
* PAN: Fix Use-after-free in bta_pan_data_buf_ind_cbackMyles Watson2018-03-301-9/+5
| | | | | | | | | | Patch from b/67078939 Test: build Bug: 67110692 Change-Id: I63b857d031c55d3a0754e4101e330843eb422b2a (cherry picked from commit 2a18e724b2bf101ea38a5b089de56842107c8369) CVE-2017-13257
* Fix changes from September 2017 ASBAndreas Blaesius2018-03-301-7/+8
| | | | | | | | | - fix formatting difference and use official 6.0.1 patches from r81 (e.g. commit 33427d54f31adaf5b9c697f5ce642fda1dc01946 and commit 7f17ba1f8e475706727df7c50bc31ffb191d1f9d don't match googles patches for 6.0.1) Change-Id: I3187d1be2bcbc896a60100eda7c42d0e7bb5131f
* Add a missing check for PAN buffer size before copying dataPavlin Radoslavov2017-09-171-0/+10
| | | | | | | | | Bug: 63146237 Test: External script Change-Id: I3e9c8a767a8a2a80ff56ccb48c56ca0d4b8c3402 Merged-In: I3e9c8a767a8a2a80ff56ccb48c56ca0d4b8c3402 (cherry picked from commit 1d909399cb4259243dac2e531e3ce6ca1afa77e7) CVE-2017-0782
* bta: check if sdp db buffer exists before freeScott Mertz2016-07-181-8/+2
| | | | | | | | | | | | | | | | Fixes the following crash: Stack frame #00 pc 00030370 /system/lib/libc.so (dlfree+59) Stack frame #01 pc 0007ecd7 /system/lib/hw/bluetooth.default.so (bta_dm_sdp_result+942): Routine bta_dm_sdp_result at system/bt/bta/./dm/bta_dm_act.c:1859 Stack frame #02 pc 000816fd /system/lib/hw/bluetooth.default.so (bta_dm_search_sm_execute+92): Routine bta_dm_search_sm_execute at system/bt/bta/./dm/bta_dm_main.c:365 Stack frame #03 pc 000a7729 /system/lib/hw/bluetooth.default.so (bta_sys_event+56): Routine bta_sys_event at system/bt/bta/./sys/bta_sys_main.c:524 Stack frame #04 pc 0010f9ff /system/lib/hw/bluetooth.default.so: Routine run_reactor at system/bt/osi/./src/reactor.c:296 Stack frame #05 pc 0011095f /system/lib/hw/bluetooth.default.so: Routine run_thread at system/bt/osi/./src/thread.c:232 Stack frame #06 pc 000417fb /system/lib/libc.so (_ZL15__pthread_startPv+30) Stack frame #07 pc 00019325 /system/lib/libc.so (__start_thread+6) FEIJ-1578 Change-Id: I5706e4e5379168b24682347086c161e138c7f5cb
* BT-HFP: Add HFP 1.7 features only if supported by peerJean-Bernard Damiano2016-04-281-30/+9
| | | | | | | * Removes the blacklisted device approach in favor of dynamically adding the capabilities when detected. Change-Id: I787eed0edee858c78a83fa65b70e9aaa9f0c5193
* Add Renault MediaNav to HFP 1.7 blacklistjmozmoz2016-04-261-1/+3
| | | | | | Avoids dropping of connection after 5 seconds. Change-Id: I89c531b9343d6b1cc5bb687f3b27ed8908d51ac3
* add medianav to unsupported device for hfp 1.7Jean-Bernard Damiano2016-04-241-1/+3
| | | | Change-Id: I6d3a91d7d7ee906f4a6ad2ee0559f741cebcaf4a
* Merge branch 'LA.BF.1.1.3_rb1.11' of git://codeaurora.org/platform/system/bt ↵Steve Kondik2016-03-306-9/+122
|\ | | | | | | | | | | into cm-13.0 Change-Id: Ib0f8f87bd5655ce85227bfc016044b1daa09ebe7
| * Merge "Bluetooth: GAP: Setting remove device pending status as FALSE"Linux Build Service Account2016-02-261-0/+32
| |\
| | * Bluetooth: GAP: Setting remove device pending status as FALSEBalraj Selvaraj2016-02-111-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue scenario: - Pair the DUT and HS. (Link Keys get established.) - Now Switch OFF BT on DUT. (DUT still has the Link key of HS) - Reset the paired devices memory in HS and keep HS in pairing mode. (HS loses DUT's link key) - Now switch ON BT on DUT. (DUt starts reconnection with HS, but as HS lost DUT's key, PIN or KEY missing event will come to host) - DUT reconnects to HS (Using newly established link keys) - Now power OFF and ON the HS. - HS will try reconnection with DUT. - While there is an incoming connection from HS to DUT, host is giving negative link key reply always for the multiple link key requests from HS. - HS sends disconnection with "Authentication failure" Fix: Setting the remove device pending status to FALSE from security device DB, when the link key notification event comes. Basically it will avoid deleting the device from security device DB, Which is solving the reconnection initated from remote when we remove the link key at remote side. Change-Id: Ic164d8d5b5c2e0b9cc5f04f993047fb0a8e5d9a9
| * | Merge "Bluetooth: Fix to decrease power during OPP TX/RX"Linux Build Service Account2016-02-194-7/+85
| |\ \
| | * | Bluetooth: Fix to decrease power during OPP TX/RXNitin Shivpure2016-02-164-7/+85
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to alarm timer implementation, bta_sys_idle OR bta_sys_busy call was the overhead(eg. 7ms) on every OPP packet(TX/RX), which was causing high power. Below optimization have been done in JV to decrease power during OPP TX/RX - If particular JV acl link is in sniff, only then use bta_sys_busy to trigger unsniff request. - Start intermediate idle timer(1s) before starting actual idle sniff timer(bta_sys_idle). CRs-fixed: 971559 Change-Id: Ied1173776f9bf2dc89b8e84e68d6217932a01607
| * / Cancel SDP if it had been startedJivakDhadse2016-02-081-2/+5
| |/ | | | | | | | | | | | | | | | | - To avoid the crash, cancel SDP if it is started before av_disable free memory for p_disc_db. CRs-Fixed: 932048 Change-Id: If84d4990f17faa0fec9008da14034a8d8475a80a
* | Merge tag 'android-6.0.1_r22' of ↵staging/cm-13.0+r22Steve Kondik2016-03-111-2/+4
|\ \ | | | | | | | | | | | | | | | | | | | | | https://android.googlesource.com/platform/system/bt into cm-13.0 Android 6.0.1 release 22 Change-Id: I2e682780163afc7e9c88865192a6342027c80586
| * \ Do not send AT+CHLD=? if the 3-way call feature is not supportedDevin Kim2016-01-151-1/+2
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | am: 79dc36d01a * commit '79dc36d01aaab9a29cd70a0ff40463102505da4b': Do not send AT+CHLD=? if the 3-way call feature is not supported
| | * | Do not send AT+CHLD=? if the 3-way call feature is not supportedDevin Kim2016-01-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The HF shall not issue the AT+CHLD=? test command in case either the HF or the AG does not support the Three-way calling feature. Currently HF sends AT+CHLD=? to AG device when SLC sequence on going. It affects to SCO statemachine so that after going out of range and coming back in range while active call alives, SCO state goes bad and never comes back. This is out of specification of HFP and it should be fixed by checking peer and local 3way call capability check. Bug: 25703926 Change-Id: I66adac2345c6fb0df6741fdbfa67d9483fc38a00
| * | | Merge "Fix crash in HFP client\'s +COPS parsing code." into cw-e-devSharvil Nanavati2016-01-051-1/+1
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | am: bf8d17ddbb * commit 'bf8d17ddbb64fdc6c252c63f6b9078987f871ba6': Fix crash in HFP client's +COPS parsing code.
| | * | Fix crash in HFP client's +COPS parsing code.Sharvil Nanavati2016-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the Audio Gateway sends a malformed +COPS message (an operator name > 16 characters) then the %n in sscanf format specifier is ignored and sscanf will not assign a value to the appropriate argument. In such a case, the existing code will perform pointer arithmetic using an uninitialized stack variable as an offset which may result in pointing to an invalid memory address. When that memory is subsequently dereferenced, we observe a crash. This change ensures that the stack does not crash even if an invalid +COPS message is sent from the Audio Gateway. Bug: 24871011 Change-Id: I9bb42c75bcd90487831fc6950c571c87098559e7
| * | | Merge "DO NOT MERGE Revert "A2DP SRC offload support"" into mnc-dr1.5-devChris Elliott2015-12-026-221/+9
| |\ \ \
| | * | | DO NOT MERGE Revert "A2DP SRC offload support"Chris Elliott2015-12-026-221/+9
| | |/ / | | | | | | | | | | | | This reverts commit 6ff83ab9dd38bdefc5d252325f0cfbd3f1754d78.
| * / / DO NOT MERGE Revert "Always send a SUSPEND_CFM event when suspended due to ↵Chris Elliott2015-12-021-1/+1
| |/ / | | | | | | | | | | | | | | | A2DP RECONFIGURE." This reverts commit 8b1c7af03a2a8eedd1efd2eddca3ecd4b61bfd95.
| * | Always send a SUSPEND_CFM event when suspended due to A2DP RECONFIGURE.Sridhar Vashist2015-12-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | There appear to be race cases where the peer sends a START before we reconfigure the stream. Avoid btif_av state from getting mismatched by always sending out the SUSPEND_CFM during RECONFIGURE. Change-Id: I2034cd111466f792233cedb60a3a0df11d055962 Signed-off-by: Sridhar Vashist <svashist@motorola.com>
| * | Merge "A2DP SRC offload support" into cw-e-devChris Elliott2015-12-016-9/+221
| |\ \
| | * | A2DP SRC offload supportAbhijit Adsule2015-12-016-9/+221
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bluedroid changes to support A2DP SRC offload to BT FW. add functionality to relay a2dp offload requests and responses between AudioHAL & the BT vendor library. Change-Id: Ie4e5992c48e95b0efb372a405e8537e4fd3ea071 Signed-off-by: Sridhar Vashist <svashist@motorola.com> Conflicts: audio_a2dp_hw/audio_a2dp_hw.h bta/Android.mk bta/av/bta_av_aact.c btif/include/btif_media.h btif/src/btif_av.c btif/src/btif_media_task.c hci/Android.mk hci/src/vendor.c include/bt_target.h stack/include/l2c_api.h
| * | | Only initiate codec negotiation if feature is supportedChenjie Luo2015-11-201-1/+2
| |/ / | | | | | | | | | | | | Bug: 25634250 Change-Id: I97330c853f6cf90673b4ff28c72645f9d1c8ff9d
* | | Merge branch 'LA.BF.1.1.3_rb1.7' of git://codeaurora.org/platform/system/bt ↵Steve Kondik2016-01-087-3/+116
|\ \ \ | | |/ | |/| | | | | | | | | | into cm-13.0 Change-Id: Ic7851f38b6ca4b82ab9a0b96e7e494849944e5c6
| * | git merge android-6.0.1_r3 on to remote branchSudharma Damgatla2015-12-105-51/+126
| |\| | | | | | | | | | Change-Id: I501838b5f3f9d8bf60ab8df59a322a6f1e9199b9
| * | Split A2dp implementationAyan Ghosh2015-12-017-3/+116
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement Split A2dp to process AVDTP Signalling commands from host and media packet handling from Controller. Host uses vendor specific commands to let controller know the media channel configurations for controller to form the media packets accordingly. Change-Id: I7a98177a8125fd70b057bb514f0d870971a45bcf
| * | Avoid indications/notifications without clcb allocationNitin Arora2015-11-091-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change is specifically for certain HOGP device which start sending notifications immidiately on repairing, even before the HH profile connection is made. The check here, prevents the processing of notification/indication sent to the DUT before channel control block is allocated for the specific remote device so that the remote HID device is not stuck in connecting state due to HOGP state machine unable to proceed from the profile connection initiation state. CRs-Fixed: 936100 Change-Id: I77a1a39ea7f1d1344cfcf0fefe1fc0e28c213b60
| * | Bluetooth: Enable scan refresh notificatons for ScPP profileSatish kumar sugasi2015-11-031-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for enable notification of scan refresh value if remote device supports scan parameter services .this also writes scan parameters to remote device whenever scan service client receives notification of scan refresh. CRs-Fixed: 736989 Change-Id: I3e41976cdb1f7fa952e53e33f90d52320d5808f4
| * | Power Manager: Correcting sniff behaviour in multiconnection scenerioHemant Gupta2015-10-301-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When multiple profile connected on same link and if any one profile deregister with powermanager,pm should stop timer for that profile and restart other profile timers.But with out this fix,pm iniatites sniff when it removes timer for one profile,even timeout did not trigger for other profiles. Change-Id: I8e215a9d868291976c70ff32b61145b4360a7f8f
| * | Bluetooth: Hogp fix for certificationSatish kumar sugasi2015-10-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | this fixes crash during read client conf char descriptor value of remote which has multiple instances of hid. Change-Id: I88b6dbbb48037706e3b284450ffac88d7437fad1 CRs-Fixed: 726881
| * | Bluetooth: Fix to increase the PAN throughputNitin Shivpure2015-10-193-6/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to alarm timer implementation, bta_sys_idle OR bta_sys_busy call was the overhead(eg. 7ms) on every pan packet(TX/RX), which was causing low throughput. Below optimization have been done in pan to increase the throughput. - If particular pan acl link is in sniff, only then use bta_sys_busy to trigger unsniff request - Start intermediate idle timer(1s) before starting actual idle sniff timer(bta_sys_idle). CRs-fixed: 926571 Change-Id: If06d52f0460d4ea27fd71f97cea82f2319cd0f86
* | | Merge tag 'android-6.0.1_r3' of ↵Steve Kondik2015-12-071-2/+5
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | https://android.googlesource.com/platform/system/bt into HEAD Android 6.0.1 release 3 Change-Id: I2af2b180c6d1779b7a34d1370cb9c759dd2c3506
| * | Reduce persistence on aquiring master roleMattias Agren2015-10-231-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Whenever a device has more than 1 ACL link active and transferring data on one of its links via PAN, HH or JV (RFCOMM) the sys busy/idle state toggles frequently. To avoid triggering role switches for each of these events we filter this out and let the other SYS events handle it in combination with other role policy management code. Ideally we should revert the toggling to properly reflect the busy/idle state of each profile but to limit risk of side effects at this stage we will make this intermittent change. This also affects audio streaming in certain cases. Bug: 24570959, 25129209 Change-Id: I141e17ee069c82624e153fd8de5db90ae93724b9
* | | bta: Fix device discoverabilityShantur Rathore2015-12-041-2/+8
| | | | | | | | | | | | | | | | | | | | | when using BLE_INCUDED = FALSE and BTA_GATT_INCLUDED = FALSE Change-Id: I3f34d43b6110c725c0d7ecbe394a4d4c90b55f12
* | | Bluetooth losing HF connection to car-kit after 5 secondsMarkus Schmidt2015-11-221-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adresses a change in bluetooth which causes a possible loss of connection within 5 seconds after connecting. This new behavior appeared with android 4.2 (4.1.2 worked fine in this regard). I traced down the disconnects to an BTA_AG_SVC_TOUT_EVT via a timer that checks if a service connection was made within a few seconds. Essentially bta_ag_svc_conn_open() was not called on AT+CMER because android thought the car kit supported 3WAY but the car kit did not set the 3WAY flag via AT commands and did not send AT+CHLD either. Android otoh used the flag obtained by SDP and expected 3WAY behavior and eventually disconnected when AT+CHLD did not arrive. This may be a bordeline case, because in the Bluetooth Specification (page 20), assuming service level initialization via SDP is only mentioned on the HF side while there is no such mention (but could probably be implied) on page 21 for the AG. Fact is however, that the use of SDP features value for peer_features is new since Android 4.2 and breaks existing good behavior on a BMW 2005/E46 car kit (navi professional). This kit never asks for AT+CHLD and never via AT commands suggests it supports 3WAY (although it seems to have the flag set via SDP). Also, having essential behavior (like making the connection or not) depend on circumstances that may be prone to race conditions, may be a good reason to not use the SDP flag also (or at least masking out the 3WAY bit when using it). (An alternative approach could be to hook into bta_ag_timer_cback() and when the timer exipres, but when also AT+CMER has been seen meanwhile, to continue and assume a service level connection without 3WAY, i.e. clearing the 3-way flags but calling bta_ag_svc_conn_open() anyway.) Change-Id: I95dcdc5f46e7af723a655afd3d707764603c96c3 Signed-off-by: Markus Schmidt <shimodax@gmail.com> (cherry picked from commit 662eaddd47bca1de03018fbcbe57ca2bfabaa5ac)
* | | Fix compile when BTM_WBS_INCLUDED true and BLUETOOTH_QTI_SW falsedhacker292015-11-231-2/+1
| | | | | | | | | | | | Change-Id: I59b7eed8be5b76be3e5a2d099e82eb8b691c688c
* | | Add I2S-PCM slave mode for SCOSteve Kondik2015-11-231-0/+7
| | | | | | | | | | | | | | | | | | * M7 needs us to configure I2SPCM for SCO and set the voice mode. Change-Id: I98a9528af62f9c4fef075927f00a8aafdbeb4ee3
* | | bt: Kill some logspamChristopher R. Palmer2015-11-221-1/+1
| | | | | | | | | | | | Change-Id: I652684441160e2f5e806a7053ab9b574b2998356
* | | Merge branch 'LA.BF64.1.2.2_rb4.7' of ↵Steve Kondik2015-11-166-15/+89
|\ \ \ | | | | | | | | | | | | | | | | | | | | git://codeaurora.org/platform/system/bt into cm-13.0 Change-Id: Id03529dec9d120d857b952bbc287df8ef10ef7cc
| * | | Avoid indications/notifications without clcb allocationNitin Arora2015-11-091-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change is specifically for certain HOGP device which start sending notifications immidiately on repairing, even before the HH profile connection is made. The check here, prevents the processing of notification/indication sent to the DUT before channel control block is allocated for the specific remote device so that the remote HID device is not stuck in connecting state due to HOGP state machine unable to proceed from the profile connection initiation state. CRs-Fixed: 936100 Change-Id: I77a1a39ea7f1d1344cfcf0fefe1fc0e28c213b60
| * | | Merge "Bluetooth: Enable scan refresh notificatons for ScPP profile"Linux Build Service Account2015-11-041-2/+9
| |\ \ \
| | * | | Bluetooth: Enable scan refresh notificatons for ScPP profileSatish kumar sugasi2015-11-021-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for enable notification of scan refresh value if remote device supports scan parameter services .this also writes scan parameters to remote device whenever scan service client receives notification of scan refresh. CRs-Fixed: 736989 Change-Id: I3e41976cdb1f7fa952e53e33f90d52320d5808f4
| * | | | Merge "Power Manager: Correcting sniff behaviour in multiconnection scenerio"Linux Build Service Account2015-11-021-1/+8
| |\ \ \ \ | | |/ / / | |/| | |
| | * | | Power Manager: Correcting sniff behaviour in multiconnection scenerioHemant Gupta2015-10-271-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Correcting sniff behaviour in multiconnection scenerio Change-Id: I8e215a9d868291976c70ff32b61145b4360a7f8f
| * | | | Merge "Bluetooth: Hogp fix for certification"Linux Build Service Account2015-10-291-3/+1
| |\ \ \ \
| | * | | | Bluetooth: Hogp fix for certificationSatish kumar sugasi2015-10-271-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this fixes crash during read client conf char descriptor value of remote which has multiple instances of hid. Change-Id: I88b6dbbb48037706e3b284450ffac88d7437fad1 CRs-Fixed: 726881
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-24 06:21:14 +0000