This adds support for vendor commands reserving a single opcode (0xfc10)
so it can be extended using subcommands, similar to how MSFT works.
The first subcommand (0x00) enables the emulator to generate arbitrary
events using the commands parameters:
> tools/hcitool cmd 3f 10 00 22 24 d0 d0 d0 d0 d0 d0 ff ff
< HCI Command: Vendor (0x3f|0x0010) plen 11
00 22 24 d0 d0 d0 d0 d0 d0 ff ff
."$........
Bluetooth: hci0: Malformed HCI Event: 0x22
> HCI Event: Inquiry Result with R.. (0x22) plen 9
Num responses: 36
Page scan repetition mode: Reserved (0xff)
Page period mode: Reserved (0xff)
Class: 0xffffd0
Major class: Uncategorized, specific device code not specified
Minor class: 0x34
Limited Discoverable Mode
invalid service class
Clock offset: 0x6368
RSSI: 105 dBm (0x69)
> HCI Event: Command Complete (0x0e) plen 4
Vendor (0x3f|0x0010) ncmd 1
Status: Success (0x00)
Build using Address Sanitizer (asan), Leak Sanitizer (lsan), or
Undefined Behavior Sanitizer (ubsan) by using one of these options for
the configure script:
--enable-asan
--enable-lsan
--enable-ubsan
For each of these to work, the compiler must support the requested
sanitizer and the requisite libraries must be installed (libasan,
liblsan, libubsan).
This adds monitor support so data can properly be decoded by the likes
of btmon:
= test-hog: /TP/HGRF/RH/BV-01-I - init
= test-hog: /TP/HGRF/RH/BV-01-I - setup
= test-hog: /TP/HGRF/RH/BV-01-I - setup complete
= test-hog: /TP/HGRF/RH/BV-01-I - run
> test-hog: User Data RX
ATT: Read By Group Type Request (0x10) len 6
Handle range: 0x0001-0xffff
Attribute group type: Primary Service (0x2800)
load_att_info would attempt to load attributes file from the storage but
in case it doesn't exists it would print an error instead of just
bailing out as attributes file is created on demand when there are
something to be stored.
InterfacesAdded signal for LEAdvertisingManager1 might be emitted
containing initial/default properties values and property changed is
not emitted after reading advertising features. This patch registers
the interface (LEAdvertisingManager1) after reading advertising features
from kernel.
Instead of failing if the included service cannot be resolved just
skip it so doesn't fail and the discovery is stop due to a possible
application error.
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
After the MTU dbus property patches in 5.62 we are seeing bluetoothd
terminate frequently with "Disconnected from D-Bus. Exiting." msgs.
Apparently this is because bluetoothd sent an invalid reply to a D-Bus
Property Get (for GattCharacteristic1's MTU).
Multiple issues in bluez Github.com project reported similar behavior;
at least #235 (see Fixes:), #219, and likely #238.
When the Characteristic1 object is still cached/alive, but the
underlying att connection is not (e.g. someone just called Disconnect),
the property getter (characteristic_get_mtu) right now returns false.
However, gdbus seems to ignore the return value and sends the empty reply
message anyway (rather than a dbus error?), and this seems to cause
the dbus connection to be terminated (due to the ill-formed reply?).
bluetoothd then aborts.
This patch makes the property value BT_ATT_DEFAULT_LE_MTU if the
underlying att object does not exist, rather than returning an invalid
message. This is consistent with the existing PropertyChanged signal
behavior (we will emit a PropertyChange only if a larger MTU is
exchanged), and fixes the issue on my machines.
An alternative could be to change gdbus behavior, but I'm not sure if we
are allowed to return an error here anyway without causing problems in
other dbus libraries/wrappers.
Fixes: aaa0c4996a ("gatt: Add implementation of GattCharacteristic1.MTU")
Fixes: https://github.com/bluez/bluez/issues/235
This specifies how long will the userspace ignore a peer with an
unknown name after a failed remote name resolving procedure.
The peer device can still be connected, this only prevents the remote
name resolving procedure retry.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
Since a peer device is potentially removed if not discovered for more
than 30 seconds, we would lost the remote name request activity when
the device is rediscovered. This could end up with a remote name
request much sooner than we intend it to be.
Therefore, put the RNR record into a cache file, so we can recover it
when the peer device is rediscovered.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
When Remote Name Resolve ends with failure, record this occurrence and
prevent remote name resolving for the same device for some time.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
Report failure when resolving remote name to userspace. This is useful
so the userspace can make an informed decision when to retry name
resolving procedure.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
This makes configure to check the presence of linux/uinput.h and
linux/uhid.h kernel uapi headers since the code no longer contain copies
of them and otherwise the code cannot be build without them:
checking linux/uinput.h usability... yes
checking linux/uinput.h presence... yes
checking for linux/uinput.h... yes
checking linux/uhid.h usability... yes
checking linux/uhid.h presence... yes
checking for linux/uhid.h... yes
Update default Advertisemet Monitor Sampling_Period to 0xFF. It
indicates that controller will report only one advertisement per
monitoring period for a device. This will help reduce the power
consumption drastically.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
In the Advertisement Monitor API, RSSISamplingPeriod is an unsigned
value. Change sampling_period variable to uint16_t in the code.
More info: doc/advertisement-monitor-api.txt
Reviewed-by: Archie Pusaka <apusaka@google.com>
Reviewed-by: Miao-chen Chou <mcchou@google.com>
This patch delivers DeviceFound/DeviceLost events to apps over D-Bus
whenever controller starts/stops tracking a device.
Tests performed:
- Add a monitor and verify that DeviceFound/DeviceLost events are
received whenever controller starts/stops monitoring.
- Verify from logs that only one Adv Report is received from the
controller when Sampling_Period is set to 0xFF and the
DeviceFound/DeviceLost functionality still works as intended.
- Verify that DeviceFound/DeviceLost is reported appropriately even
when the Active Scanning is in progress.
- Verify that the reconnection also works properly with and without
any active Advertisement Monitor.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
This patch registers callback functions to receive the Advertisement
Monitor Device Found and Device Lost events. It also disables software
based filtering whenever controller offloading support is available.
Test performed:
- Verified by logs that the MSFT Monitor Device is received from the
controller and the bluetoothd is notified whenever the controller
starts/stops monitoring a device.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
This patch adds definitions of the new Advertisement Monitor Device
Found and Device Lost events to indicate that the controller has
started/stopped tracking a particular device.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
This patch introduces two new MGMT events
MGMT_EV_ADV_MONITOR_DEVICE_FOUND and MGMT_EV_ADV_MONITOR_DEVICE_LOST to
indicate that the controller has started/stopped tracking a particular
device matching one of the already added Advertisement Monitor.
If the controller offloading support is not available,
MGMT_EV_ADV_MONITOR_DEVICE_FOUND event is also used to report all
advertisements to perform software based filtering whenever we are not
active scanning.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
When |admin_policy_remove| is called, we set |devices| to NULL but never
set it back until |admin_init|. This makes admin lost track of current
registered device interface, so the next |admin_policy_removed| will not
be able to unregister those interfaces.
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
These buffer shall only be keep in cache for as long as they are
needed so this would cleanup any client cstates in the following
conditions:
- There is no cstate on the response
- No continuation can be found for cstate
- Different request opcode
- Respond with an error
- Client disconnect
Fixes: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
This adds a new flag to Get/Set Device Flag commands so it is possible
to set the Device Privacy Mode which allows to connect when the
remote device uses either identity or random address.
