Issue found while writing end2end tests. Usually profile unregister is
called when final cleanup of bluetoothd. Freeing connected hid devices
through g_slist_foreach is a asynchronous call. Profile is cleaned up
and and ipc also complete cleanup. But free_hid_devices tries to notify
hal which doesn't exist that time. So behaviour is unexpected.
This patch fixes the following issue:
bluetoothd[10552]: android/pan.c:register_nap_server()
bluetoothd[10552]: android/pan.c:nap_create_bridge() bnep
(bluetoothd:10552): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory.
This indicates a bug in someone's code. You must ensure an error is NULL before it's set.
The overwriting error message was: l2cap_bind: Address already in use (98)
bluetoothd[10552]: android/pan.c:destroy_nap_device()
According to definition from hardware/bluetooth.h, the "val" field does
not have const modifier.
Fix clang errors like:
android/android-tester.c:760:14: error: initializing 'void *' with an
expression of type 'const char (*)[18]' discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers]
We need to return some valid values for buffer size and latency so
AudioFlinger does not crash. For now just use some dummy values until
codec implementation is in place.
This patch adds handling of audio preset received after stream is
opened. Preset is used to initialize codec and then to set input
configuration so audio subsystem can write data in a format that
codec can handle later.
This patch adds support to suspend output stream via Audio IPC.
>From HAL perspective stream can be either in standby or suspended -
the former is default one and can be auto-resumed on write while the
latter cannot be resumed only after explicitly going into standby
on audio code request.
This patch adds support to open output stream via Audio IPC.
Since only SBC is supported, we always try to open stream for first
endpoint only which is enough.
This patch adds support to register audio enpoints via Audio IPC.
Endpoints are registered based on predefined codecs table and for
each defined codec one endpoint is registered. By default, only
SBC will be supported.
For SBC bitpool range may not strictly match with presets so it needs to
be adjusted to fit within remote capabilities otherwise the remote device
may reject the configuration.
This changes the connected state to be only sent once a transport is
open, before this was done right after the signalling was connected but
this reflect in the audio HAL side attempting to open a stream while
with possible no transport available.
Add missing monitor/rfcomm.h to android-tester sources. This fix
following build error on make distcheck:
CC emulator/android_android_tester-bthost.o
../emulator/bthost.c:40:28: fatal error: monitor/rfcomm.h: No such
file or directory
#include "monitor/rfcomm.h"
audio_ipc_send_rsp_full() does not free buffer passed as parameter
thus it should be freed by caller.
This fixes following Valgrind report:
==1238== 5 bytes in 1 blocks are definitely lost in loss record 22 of 54
==1238== at 0x4896DC8: calloc (in /system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
==1238== by 0x48C5DB7: g_malloc0 (gmem.c:189)
==1238== by 0x1150EF: bt_stream_open (a2dp.c:1177)
==1238== by 0x1116A7: ipc_handle_msg (ipc.c:95)
==1238== by 0x111C11: audio_watch_cb (audio-ipc.c:66)
==1238== by 0x48BD9C7: g_io_unix_dispatch (giounix.c:166)
==1238== by 0x48C2CCB: g_main_context_dispatch (gmain.c:2539)
==1238== by 0x48C2ED9: g_main_context_iterate.isra.19 (gmain.c:3146)
==1238== by 0x48C3167: g_main_loop_run (gmain.c:3340)
==1238== by 0x10B207: main (main.c:436)
avdtp_service_cap_new() makes own copy of data stored in "codec" thus
it should be freed by caller.
This fixes following Valgrind report:
==1238== 6 bytes in 1 blocks are definitely lost in loss record 27 of 54
==1238== at 0x4896DC8: calloc (in /system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
==1238== by 0x48C5DB7: g_malloc0 (gmem.c:189)
==1238== by 0x115B4B: discover_cb (a2dp.c:303)
==1238== by 0x111DE7: finalize_discovery (avdtp.c:933)
==1238== by 0x114441: session_cb (avdtp.c:2556)
==1238== by 0x48BD9C7: g_io_unix_dispatch (giounix.c:166)
==1238== by 0x48C2CCB: g_main_context_dispatch (gmain.c:2539)
==1238== by 0x48C2ED9: g_main_context_iterate.isra.19 (gmain.c:3146)
==1238== by 0x48C3167: g_main_loop_run (gmain.c:3340)
==1238== by 0x10B207: main (main.c:436)
Already existing snoop file is renamed by adding ".old" suffix before
new one is created. This is useful in case phone is restarted so logs
are not overwritten and for this reason it's only applied in case
default snoop file name is used.
In case SEP was opened from local side, corresponding a2dp_setup
structure has just reference to a2dp_preset which is stored on presets
list. As a result, when closing SEP such preset will be freed leaving
dangling pointer on presets list.
struct audio_rsp_open_stream has only zero-length array member thus its
size equals to 0. We need to explicitly specify size of array element
type here.
This patch fixes checking the state of test case. Due to asynchronous of
callbacks during state check of every single condition, state can be
checked double time by callback condition check with pass status already
set in meantime. Now state is kept as one decremented int.
To pass it must be equal zero and cannot be checked set again.
This removes compatibility with Android 4.3 and older. Android 4.4 is
current target. Due to bug in Audio HAL in 4.2 build was failing on
that version anyway.
This includes:
- sample repository to AOSP 4.4 based repository with support for
Nexus 4 and Nexus 7 2013 devices.
- adds info about snoop service
- other random additions
If callback releases the last reference it can cause the following:
Invalid free() / delete / delete[] / realloc()
at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x386244EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x410356: finalize_discovery (avdtp.c:933)
by 0x414462: session_cb (avdtp.c:2555)
by 0x38624492A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x403A95: main (main.c:439)
Address 0x4cf7af0 is 0 bytes inside a block of size 24 free'd
at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x386244EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x410356: finalize_discovery (avdtp.c:933)
by 0x4110BC: avdtp_unref (avdtp.c:1026)
by 0x416491: a2dp_device_free (a2dp.c:122)
by 0x4165DF: bt_a2dp_notify_state (a2dp.c:166)
by 0x417170: discover_cb (a2dp.c:333)
by 0x41034E: finalize_discovery (avdtp.c:931)
by 0x414462: session_cb (avdtp.c:2555)
by 0x38624492A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
Elements on list are struct device not bdaddr_t so make comparing
function use proper types. This was working so far only due to
bdaddr_t being first element in struct device.
JNI code in Android is mapping returned code to boolean value. Only
SUCCESS status is mapped to true and that value is returned to Java
code. This could result in faultyly triggering error path in Java
when returning DONE in command reply.
Both bluetooth.audio.so and audio.a2dp.default.so should use AM_CFLAGS
ortherwise some quite obvious errors that otherwise would break the
build may be pushed upstream.
This patch allows to check multiple properties for test case. Properties
can be prioritized to allow check if they'll come in right order. Now
properties aren't treated as a "single" callback. In future in one
callback multiple properties can come.
Listen for incoming connections and accept it. Create bnep interface
add it to bridge and notify control and connection state information
through HAL. Remove the device on disconnect request. If android
settings UI does not have bluetooth tethering enabled it immediately
sends disconnect signal.
Register NAP server and adds bnep bridge. Removes bridge
on destroy call. Bridge mechanism is needed when device acting
as a server and listen for incoming connections.
This patch make test state handling more stable by avoiding errors like
i.e. double free of memory in teardown phase. Double state set is
undesirable for test case and may cause errors. Now after every
condition change, test state is checked if it can set test state to pass.
In some places of test fail, returns are added to avoid furhter code
execution.
This patch removes explicit LOCAL_MODULE_PATH definition for bluetoothd
and bluetoothd-snoop modules which caused both binaries to be installed
in /system/xbin instead of /system/bin folder.
This patch add thread which is reponsible for listen on audio HAL
socket, open a2dp endpoint(s) and maintain socket.
When bluetooth daemon goes down, HAL audio plugin starts to listen on
Audio HAL socket again.
Remove not needed headers file in source list (Android build handles
this), explicitly mark packages as optional and fix bluetooth.default
dependencies (it should not depend on haltest as it is optional debug
package and should not be installed in user build).
This reduce logic in HAL to bare minimum e.g. no modifications in
library will be needed to add different socket type support.
Both bdaddr2str and btuuid2str handle NULL pointers so it is safe to
print debug unconditionally.
This reduce logic in HAL to bare minimum e.g. no modifications in
library will be needed to add different socket type support.
Both bdaddr2str and btuuid2str handle NULL pointers so it is safe to
print debug unconditionally.
The value of SYSTEM_SOCKET_PATH is just copied to another memory
location using memcpy() (on the same function), therefore the static
qualifier is unnecessary.
If EXEC() macro is called with the first pointer argument NULL, sock_fd
will not be initialized. Given that the NULL check is not fatal, it is a
good idea to initialize the variable to -1 so the code has defined
behavior on this situation.
Detected by clang:
android/client/if-sock.c:251:7: error: variable 'sock_fd' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
This is how it is done in all other places in BlueZ. Also drop
unnecessary "descs" local variable.
Fixes clang error:
android/client/if-sock.c:164:11: error: cast from 'unsigned char *' to
'int *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
Fixes clang error:
android/client/if-bt.c:313:54: error: implicit conversion from
enumeration type 'bt_status_t' to different enumeration type
'bt_state_t' [-Werror,-Wenum-conversion]
Theres no HAL API exposed to application to register different MAS
instances. Android 4.4 does support only MAS SMS. All Instance ID,
supported msg type and rfcomm channel are hardcoded in the stack.
Unfortunatelly we need to do the same way and wait for new HAL API
which is expected.
This adds SCAN_MODE property set to NONE - done test case.
SCAN_MODE at startup is set to NONE. Bluez return status - done when
requested status is the same as was.
This tool is intended to be run as Android service. It supports
writing HCI snoop data in old btsnoop format only. By default traffic
is stored in /sdcard/btsnoop_hci.log file (can be overridded with
option - mainly for testing on Linux host). Only index 0 is sniffed.
Android build was really broken with additions of functions hwdb_*
...
external/bluetooth/bluez/android/../monitor/packet.c:406: error:
undefined reference to 'hwdb_get_company'
external/bluetooth/bluez/android/../monitor/packet.c:2487: error:
undefined reference to 'hwdb_get_vendor_model'
collect2: error: ld returned 1 exit status
...
This patch removes ID enum in favour of test cases having their own as
implementation of callbacks checking test conditions.
Now each test case uses it own callback function and within it
test conditions are checked, e.g. with property get test case, property
and if it's properly cb is checked.
Count of expected callback is defined as a number and after calling
proper cb, value is decremented.
This also changes to generic - property check used within HAL cb.
This patch correct struct elements initialization. Now test name is
declared as variable before test case struct and its size is calculated
using sizeof(), not by hard coded number.
This patch adds seperate callbacks structure for socket HAL test cases.
Is's needed beceause Socket HAL cb have other purpose than Bluetooth HAL
cb. Callbacks are now initialized outside test setup function and
cb struct depends on HAL type.
Print command opcode in handle_le_test_mode_cmd and
handle_dut_mode_send_cmd. This is valuable information on what kind
of HCI command the Java layer tries to send.
This allows to enable and disable DUT mode. This is special mode so
adding more info from related kernel commit:
"The Device Under Test (DUT) mode is useful for doing certification
testing and so expose this as debugfs option.
This mode is actually special since you can only enter it. Restoring
normal operation means that a HCI Reset is required. The current mode
value gets tracked as a new device flag and when disabling it, the
correct command to reset the controller is sent."
Groups and key file were not free on function return. This fix
following valgrind reports:
34 (16 direct, 18 indirect) bytes in 1 blocks are definitely lost in
loss record 33 of 77
at 0x4C2A2DB: malloc (in /usr/lib/valgrind/vgpreload_memcheck-
amd64-linux.so)
by 0x4E81DD0: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so
.0.3800.1)
by 0x4E74BF1: g_key_file_get_groups (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x40CDFA: read_info_complete (bluetooth.c:1672)
by 0x40827C: request_complete (mgmt.c:221)
by 0x4085E9: received_data (mgmt.c:319)
by 0x4E7C3B5: g_main_context_dispatch (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x4E7C707: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
by 0x4E7CB09: g_main_loop_run (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x403B15: main (main.c:439)
1,633 (72 direct, 1,561 indirect) bytes in 1 blocks are definitely lost
in loss record 75 of 77
at 0x4C2A2DB: malloc (in /usr/lib/valgrind/
vgpreload_memcheck-amd64-linux.so)
by 0x4E81DD0: g_malloc (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x4E9796D: g_slice_alloc (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x4E97EAD: g_slice_alloc0 (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x4E746DA: g_key_file_new (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x40CDD4: read_info_complete (bluetooth.c:1667)
by 0x40827C: request_complete (mgmt.c:221)
by 0x4085E9: received_data (mgmt.c:319)
by 0x4E7C3B5: g_main_context_dispatch (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x4E7C707: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
by 0x4E7CB09: g_main_loop_run (in /lib/x86_64-linux-gnu/
libglib-2.0.so.0.3800.1)
by 0x403B15: main (main.c:439)
This patch changes btmon and l2test module tags from 'eng' to 'debug' so
they are automatically installed also for userdebug variant which is
default for AOSP devices.
Refactored bnep connect and disconnect calls to simplify and
keeping bnep related functionality behind curtains.
bnep_connect calls takes care of bnep_setup until interface up
then connect callback will be called. Set disconnect callback
when connect call succeeds. bnep_disconnect should be
called only when iface is up/connected.
Call del_hook() after add_hook(). This fixes valgrind warnings:
...
==15303==
==15303== HEAP SUMMARY:
==15303== in use at exit: 3,060 bytes in 27 blocks
==15303== total heap usage: 6,410 allocs, 6,383 frees, 332,477 bytes
allocated
==15303==
==15303== 24 bytes in 1 blocks are definitely lost in loss record 9 of
27
==15303== at 0x4C2A2DB: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15303== by 0x406E20: btdev_add_hook (btdev.c:2166)
==15303== by 0x40BFC2: test_discovery_start_done
(android-tester.c:1401)
==15303== by 0x409C65: run_callback (tester.c:385)
==15303== by 0x4E7C3B5: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==15303== by 0x4E7C707: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==15303== by 0x4E7CB09: g_main_loop_run (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==15303== by 0x40A85C: tester_run (tester.c:784)
==15303== by 0x40368B: main (android-tester.c:1654)
==15303==
==15303== 24 bytes in 1 blocks are definitely lost in loss record 10 of
27
==15303== at 0x4C2A2DB: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15303== by 0x406E20: btdev_add_hook (btdev.c:2166)
==15303== by 0x40BF12: test_discovery_stop_success
(android-tester.c:1386)
==15303== by 0x409C65: run_callback (tester.c:385)
==15303== by 0x4E7C3B5: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==15303== by 0x4E7C707: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==15303== by 0x4E7CB09: g_main_loop_run (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==15303== by 0x40A85C: tester_run (tester.c:784)
==15303== by 0x40368B: main (android-tester.c:1654)
==15303==
...
Use device->close() to free device structure. This is the way other
Android devices are closed. Fixes following warnings:
...
==26231== 80 bytes in 1 blocks are definitely lost in loss record 25 of
31
==26231== at 0x4C2A2DB: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26231== by 0x40F153: open_bluetooth (hal-bluetooth.c:800)
==26231== by 0x40C8D8: setup (android-tester.c:835)
==26231== by 0x40CB20: setup_socket_interface_enabled
(android-tester.c:1166)
==26231== by 0x409C15: setup_callback (tester.c:373)
==26231== by 0x4E7C3B5: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==26231== by 0x4E7C707: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==26231== by 0x4E7CB09: g_main_loop_run (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1)
==26231== by 0x40A83C: tester_run (tester.c:784)
==26231== by 0x40362A: main (android-tester.c:1643)
...
