summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndre Eisenbach <eisenbach@google.com>2016-09-27 18:07:58 -0700
committerAndre Eisenbach <eisenbach@google.com>2016-09-28 00:05:16 -0700
commit013c32bf98b8d511dc29fcd7de7578a421a52590 (patch)
tree888148aeb4d656d6ac6c77dd98899832693a1235
parentf2e3bea844ea343c80c219f2dc59a75ea57f50c2 (diff)
downloadandroid-system-bt-013c32bf98b8d511dc29fcd7de7578a421a52590.tar.gz
android-system-bt-013c32bf98b8d511dc29fcd7de7578a421a52590.tar.xz
Fix 100 LE device connection limitation
Currently after 100 devices are added to the device security database, any subsequent LE connection to a newly discovered LE device address will fail as entries in the security record database are not reused. This patch removes a device record if the device itself is removed and also ensures that the oldest device security record is deleted if the limit is reached to ensure a new record can be allocated. Bug: 31625900 Change-Id: I22f6c82c64a9a9bfb2a16d79182903e5aa011355
-rw-r--r--stack/btm/btm_ble.c14
-rw-r--r--stack/btm/btm_dev.c148
-rw-r--r--stack/btm/btm_int.h1
3 files changed, 81 insertions, 82 deletions
diff --git a/stack/btm/btm_ble.c b/stack/btm/btm_ble.c
index d612a85..d6d8d60 100644
--- a/stack/btm/btm_ble.c
+++ b/stack/btm/btm_ble.c
@@ -50,6 +50,7 @@ extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
#endif
extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
+
/*******************************************************************************/
/* External Function to be called by other modules */
/*******************************************************************************/
@@ -73,16 +74,11 @@ BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE d
tBLE_ADDR_TYPE addr_type)
{
BTM_TRACE_DEBUG ("%s: dev_type=0x%x", __func__, dev_type);
- tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
-
- if (!p_dev_rec) {
- if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) {
- BTM_TRACE_ERROR("%s: %d max devices reached!", __func__, BTM_SEC_MAX_DEVICE_RECORDS);
- return FALSE;
- }
- p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC));
- list_append(btm_cb.sec_dev_rec, p_dev_rec);
+ tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
+ if (!p_dev_rec)
+ {
+ p_dev_rec = btm_sec_allocate_dev_rec();
memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR);
diff --git a/stack/btm/btm_dev.c b/stack/btm/btm_dev.c
index 1d79caa..9087e52 100644
--- a/stack/btm/btm_dev.c
+++ b/stack/btm/btm_dev.c
@@ -37,8 +37,6 @@
#include "hcidefs.h"
#include "l2c_api.h"
-static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void);
-
/*******************************************************************************
**
** Function BTM_SecAddDevice
@@ -63,22 +61,12 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
UINT8 pin_length)
{
- tBTM_SEC_DEV_REC *p_dev_rec;
- int i, j;
- BOOLEAN found = FALSE;
-
BTM_TRACE_API("%s: link key type:%x", __func__, key_type);
- p_dev_rec = btm_find_dev (bd_addr);
+
+ tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
if (!p_dev_rec)
{
- if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) {
- BTM_TRACE_DEBUG("%s: Max devices reached!", __func__);
- return FALSE;
- }
-
- BTM_TRACE_DEBUG ("%s: allocate a new dev rec", __func__);
- p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC));
- list_append(btm_cb.sec_dev_rec, p_dev_rec);
+ p_dev_rec = btm_sec_allocate_dev_rec();
memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
@@ -88,11 +76,19 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
/* update conn params, use default value for background connection params */
memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
#endif
+ } else {
+ /* "Bump" timestamp for existing record */
+ p_dev_rec->timestamp = btm_cb.dev_rec_count++;
+
+ /* TODO(eisenbach):
+ * Small refactor, but leaving original logic for now.
+ * On the surface, this does not make any sense at all. Why change the
+ * bond state for an existing device here? This logic should be verified
+ * as part of a larger refactor.
+ */
+ p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
}
- p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
- p_dev_rec->timestamp = btm_cb.dev_rec_count++;
-
if (dev_class)
memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
@@ -108,26 +104,23 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
p_dev_rec->num_read_pages = 0;
if (features)
{
+ BOOLEAN found = FALSE;
memcpy (p_dev_rec->features, features, sizeof (p_dev_rec->features));
- for (i = HCI_EXT_FEATURES_PAGE_MAX; i >= 0; i--)
+ for (int i = HCI_EXT_FEATURES_PAGE_MAX; !found && i >= 0; i--)
{
- for (j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++)
+ for (int j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++)
{
if (p_dev_rec->features[i][j] != 0)
{
found = TRUE;
+ p_dev_rec->num_read_pages = i + 1;
break;
}
}
- if (found)
- {
- p_dev_rec->num_read_pages = i + 1;
- break;
- }
}
- }
- else
+ } else {
memset (p_dev_rec->features, 0, sizeof (p_dev_rec->features));
+ }
BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask);
@@ -177,8 +170,6 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
*******************************************************************************/
BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr)
{
- tBTM_SEC_DEV_REC *p_dev_rec;
-
if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR))
{
@@ -186,7 +177,8 @@ BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr)
return FALSE;
}
- if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL)
+ tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
+ if (p_dev_rec != NULL)
{
btm_sec_free_dev(p_dev_rec);
/* Tell controller to get rid of the link key, if it has one stored */
@@ -240,20 +232,10 @@ bool is_bd_addr_equal(void *data, void *context)
*******************************************************************************/
tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
{
- tBTM_SEC_DEV_REC *p_dev_rec = NULL;
tBTM_INQ_INFO *p_inq_info;
BTM_TRACE_EVENT ("btm_sec_alloc_dev");
- if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) {
- p_dev_rec = btm_find_oldest_dev();
- } else {
- BTM_TRACE_DEBUG ("allocate a new dev rec");
- p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC));
- list_append(btm_cb.sec_dev_rec, p_dev_rec);
- }
-
- p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
- p_dev_rec->sec_flags = BTM_SEC_IN_USE;
+ tBTM_SEC_DEV_REC *p_dev_rec = btm_sec_allocate_dev_rec();
/* Check with the BT manager if details about remote device are known */
/* outgoing connection */
@@ -280,7 +262,6 @@ tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
#endif
p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
- p_dev_rec->timestamp = btm_cb.dev_rec_count++;
return(p_dev_rec);
}
@@ -295,17 +276,11 @@ tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
*******************************************************************************/
void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec)
{
- p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
- p_dev_rec->sec_flags = 0;
-
#if BLE_INCLUDED == TRUE
/* Clear out any saved BLE keys */
btm_sec_clear_ble_keys (p_dev_rec);
- /* clear the ble block */
- memset(&p_dev_rec->ble, 0, sizeof(tBTM_SEC_BLE));
#endif
-
-
+ list_remove(btm_cb.sec_dev_rec, p_dev_rec);
}
/*******************************************************************************
@@ -475,8 +450,6 @@ void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
/* remove the combined record */
list_remove(btm_cb.sec_dev_rec, p_dev_rec);
-
- p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
break;
}
@@ -490,8 +463,6 @@ void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
/* remove the combined record */
list_remove(btm_cb.sec_dev_rec, p_dev_rec);
-
- p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
}
break;
}
@@ -524,48 +495,79 @@ tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr)
/*******************************************************************************
**
-** Function btm_find_oldest_dev
+** Function btm_find_oldest_dev_rec
**
** Description Locates the oldest device in use. It first looks for
** the oldest non-paired device. If all devices are paired it
-** deletes the oldest paired device.
+** returns the oldest paired device.
**
** Returns Pointer to the record or NULL
**
*******************************************************************************/
-tBTM_SEC_DEV_REC *btm_find_oldest_dev (void)
+static tBTM_SEC_DEV_REC* btm_find_oldest_dev_rec (void)
{
tBTM_SEC_DEV_REC *p_oldest = NULL;
- UINT32 ot = 0xFFFFFFFF;
+ UINT32 ts_oldest = 0xFFFFFFFF;
tBTM_SEC_DEV_REC *p_oldest_paired = NULL;
- UINT32 ot_paired = 0xFFFFFFFF;
+ UINT32 ts_oldest_paired = 0xFFFFFFFF;
- /* First look for the non-paired devices for the oldest entry */
list_node_t *end = list_end(btm_cb.sec_dev_rec);
for (list_node_t *node = list_begin(btm_cb.sec_dev_rec); node != end; node = list_next(node)) {
tBTM_SEC_DEV_REC *p_dev_rec = list_node(node);
- /* Device is not paired */
- if ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN |BTM_SEC_LE_LINK_KEY_KNOWN)) == 0) {
- if (p_dev_rec->timestamp < ot) {
+
+ if ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN)) == 0) {
+ // Device is not paired
+ if (p_dev_rec->timestamp < ts_oldest) {
p_oldest = p_dev_rec;
- ot = p_dev_rec->timestamp;
+ ts_oldest = p_dev_rec->timestamp;
+ }
+ } else {
+ // Paired device
+ if (p_dev_rec->timestamp < ts_oldest_paired) {
+ p_oldest_paired = p_dev_rec;
+ ts_oldest_paired = p_dev_rec->timestamp;
}
- continue;
}
+ }
- if (p_dev_rec->timestamp < ot_paired) {
- p_oldest_paired = p_dev_rec;
- ot_paired = p_dev_rec->timestamp;
- }
+ // If we did not find any non-paired devices, use the oldest paired one...
+ if (ts_oldest == 0xFFFFFFFF)
+ p_oldest = p_oldest_paired;
+
+ return p_oldest;
+}
+
+/*******************************************************************************
+**
+** Function btm_sec_allocate_dev_rec
+**
+** Description Attempts to allocate a new device record. If we have
+** exceeded the maximum number of allowable records to
+** allocate, the oldest record will be deleted to make room
+** for the new record.
+**
+** Returns Pointer to the newly allocated record
+**
+*******************************************************************************/
+tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void)
+{
+ tBTM_SEC_DEV_REC *p_dev_rec = NULL;
+ if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS)
+ {
+ p_dev_rec = btm_find_oldest_dev_rec();
+ list_remove(btm_cb.sec_dev_rec, p_dev_rec);
}
- /* if non-paired device return oldest */
- if (ot != 0xFFFFFFFF)
- return(p_oldest);
+ p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC));
+ list_append(btm_cb.sec_dev_rec, p_dev_rec);
+
+ // Initialize defaults
+ p_dev_rec->sec_flags = BTM_SEC_IN_USE;
+ p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
+ p_dev_rec->timestamp = btm_cb.dev_rec_count++;
- /* only paired devices present, return oldest */
- return p_oldest_paired;
+ return p_dev_rec;
}
/*******************************************************************************
diff --git a/stack/btm/btm_int.h b/stack/btm/btm_int.h
index 4bbc656..88e20ab 100644
--- a/stack/btm/btm_int.h
+++ b/stack/btm/btm_int.h
@@ -1057,6 +1057,7 @@ extern void btm_report_device_status (tBTM_DEV_STATUS status);
*/
extern BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr);
+extern tBTM_SEC_DEV_REC *btm_sec_allocate_dev_rec(void);
extern tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr);
extern void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec);
extern tBTM_SEC_DEV_REC *btm_find_dev (BD_ADDR bd_addr);