1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains functions for the Bluetooth Device Manager
22  *
23  ******************************************************************************/
24 
25 #include <stdlib.h>
26 #include <string.h>
27 //#include <stdio.h>
28 #include <stddef.h>
29 
30 #include "stack/bt_types.h"
31 #include "device/controller.h"
32 #include "stack/hcimsgs.h"
33 #include "stack/btu.h"
34 #include "stack/btm_api.h"
35 #include "btm_int.h"
36 #include "stack/hcidefs.h"
37 #include "stack/l2c_api.h"
38 
39 static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void);
40 
41 /*******************************************************************************
42 **
43 ** Function         BTM_SecAddDevice
44 **
45 ** Description      Add/modify device.  This function will be normally called
46 **                  during host startup to restore all required information
47 **                  stored in the NVRAM.
48 **
49 ** Parameters:      bd_addr          - BD address of the peer
50 **                  dev_class        - Device Class
51 **                  bd_name          - Name of the peer device.  NULL if unknown.
52 **                  features         - Remote device's features (up to 3 pages). NULL if not known
53 **                  trusted_mask     - Bitwise OR of services that do not
54 **                                     require authorization. (array of UINT32)
55 **                  link_key         - Connection link key. NULL if unknown.
56 **
57 ** Returns          TRUE if added OK, else FALSE
58 **
59 *******************************************************************************/
BTM_SecAddDevice(BD_ADDR bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,UINT8 * features,UINT32 trusted_mask[],LINK_KEY link_key,UINT8 key_type,tBTM_IO_CAP io_cap,UINT8 pin_length,UINT8 sc_support)60 BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
61                           UINT8 *features, UINT32 trusted_mask[],
62                           LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
63                           UINT8 pin_length, UINT8 sc_support)
64 {
65 #if (SMP_INCLUDED == TRUE)
66     tBTM_SEC_DEV_REC  *p_dev_rec;
67     int               i, j;
68     BOOLEAN           found = FALSE;
69 
70     BTM_TRACE_API("%s, link key type:%x\n", __FUNCTION__, key_type);
71     p_dev_rec = btm_find_dev (bd_addr);
72     if (!p_dev_rec) {
73         /* There is no device record, allocate one.
74          * If we can not find an empty spot for this one, let it fail. */
75         if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS) {
76 	    p_dev_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
77 	    if(p_dev_rec) {
78 	        list_append(btm_cb.p_sec_dev_rec_list, p_dev_rec);
79                 /* Mark this record as in use and initialize */
80                 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
81                 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
82                 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
83                 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
84                 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
85 
86 #if BLE_INCLUDED == TRUE
87                 /* use default value for background connection params */
88                 /* update conn params, use default value for background connection params */
89                 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
90 #endif
91             }
92         }
93 
94         if (!p_dev_rec) {
95             return (FALSE);
96         }
97     }
98     p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;           /* Default value */
99     p_dev_rec->timestamp = btm_cb.dev_rec_count++;
100     p_dev_rec->remote_secure_connection_previous_state = sc_support;
101 
102     if (dev_class) {
103         memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
104     }
105 
106     memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
107 
108     if (bd_name && bd_name[0]) {
109         p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
110         BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
111     }
112 
113     p_dev_rec->num_read_pages = 0;
114     if (features) {
115         memcpy (p_dev_rec->features, features, sizeof (p_dev_rec->features));
116         for (i = HCI_EXT_FEATURES_PAGE_MAX; i >= 0; i--) {
117             for (j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++) {
118                 if (p_dev_rec->features[i][j] != 0) {
119                     found = TRUE;
120                     break;
121                 }
122             }
123             if (found) {
124                 p_dev_rec->num_read_pages = i + 1;
125                 break;
126             }
127         }
128     } else {
129         memset (p_dev_rec->features, 0, sizeof (p_dev_rec->features));
130     }
131 
132     BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask);
133 
134     if (link_key) {
135         BTM_TRACE_EVENT ("BTM_SecAddDevice()  BDA: %02x:%02x:%02x:%02x:%02x:%02x\n",
136                          bd_addr[0], bd_addr[1], bd_addr[2],
137                          bd_addr[3], bd_addr[4], bd_addr[5]);
138         p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
139         memcpy (p_dev_rec->link_key, link_key, LINK_KEY_LEN);
140         p_dev_rec->link_key_type = key_type;
141         p_dev_rec->pin_code_length = pin_length;
142 
143         if (pin_length >= 16 ||
144                 key_type == BTM_LKEY_TYPE_AUTH_COMB ||
145                 key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) {
146             // Set the fiag if the link key was made by using either a 16 digit
147             // pin or MITM.
148             p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED;
149         }
150     }
151 
152 #if defined(BTIF_MIXED_MODE_INCLUDED) && (BTIF_MIXED_MODE_INCLUDED == TRUE)
153     if (key_type  < BTM_MAX_PRE_SM4_LKEY_TYPE) {
154         p_dev_rec->sm4 = BTM_SM4_KNOWN;
155     } else {
156         p_dev_rec->sm4 = BTM_SM4_TRUE;
157     }
158 #endif
159 
160     p_dev_rec->rmt_io_caps = io_cap;
161     p_dev_rec->device_type |= BT_DEVICE_TYPE_BREDR;
162 #endif  ///SMP_INCLUDED == TRUE
163     return (TRUE);
164 }
165 
166 
167 /*******************************************************************************
168 **
169 ** Function         BTM_SecDeleteDevice
170 **
171 ** Description      Free resources associated with the device.
172 **
173 ** Parameters:      bd_addr          - BD address of the peer
174 **                  transport        - BT_TRANSPORT_BR_EDR or BT_TRANSPORT_LE
175 **
176 ** Returns          TRUE if removed OK, FALSE if not found or ACL link is active
177 **
178 *******************************************************************************/
BTM_SecDeleteDevice(BD_ADDR bd_addr,tBT_TRANSPORT transport)179 BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr, tBT_TRANSPORT transport)
180 {
181 
182     tBTM_SEC_DEV_REC *p_dev_rec;
183 
184     if (BTM_IsAclConnectionUp(bd_addr, transport)) {
185         BTM_TRACE_WARNING("%s FAILED: Cannot Delete when connection is active\n", __func__);
186         return FALSE;
187     }
188     if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL) {
189         /* Tell controller to get rid of the link key, if it has one stored */
190         BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL);
191 
192 	btm_sec_free_dev(p_dev_rec, transport);
193     }
194 
195     return TRUE;
196 }
197 
198 /*******************************************************************************
199 **
200 ** Function         BTM_SecClearSecurityFlags
201 **
202 ** Description      Reset the security flags (mark as not-paired) for a given
203 **                  remove device.
204 **
205 *******************************************************************************/
BTM_SecClearSecurityFlags(BD_ADDR bd_addr)206 extern void BTM_SecClearSecurityFlags (BD_ADDR bd_addr)
207 {
208     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
209     if (p_dev_rec == NULL) {
210         return;
211     }
212 
213     p_dev_rec->sec_flags = 0;
214     p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
215     p_dev_rec->sm4 = BTM_SM4_UNKNOWN;
216 }
217 
218 
219 /*******************************************************************************
220 **
221 ** Function         BTM_SecReadDevName
222 **
223 ** Description      Looks for the device name in the security database for the
224 **                  specified BD address.
225 **
226 ** Returns          Pointer to the name or NULL
227 **
228 *******************************************************************************/
BTM_SecReadDevName(BD_ADDR bd_addr)229 char *BTM_SecReadDevName (BD_ADDR bd_addr)
230 {
231     char *p_name = NULL;
232     tBTM_SEC_DEV_REC *p_srec;
233 
234     if ((p_srec = btm_find_dev(bd_addr)) != NULL) {
235         p_name = (char *)p_srec->sec_bd_name;
236     }
237 
238     return (p_name);
239 }
240 
241 
242 /*******************************************************************************
243 **
244 ** Function         btm_find_sec_dev_in_list
245 **
246 ** Description      Look for the record in the device database for the record
247 **                  with specified address
248 **
249 ** Returns          Pointer to the record or NULL
250 **
251 *******************************************************************************/
btm_find_sec_dev_in_list(void * p_node_data,void * context)252 BOOLEAN btm_find_sec_dev_in_list (void *p_node_data, void *context)
253 {
254     tBTM_SEC_DEV_REC *p_sec_dev = (tBTM_SEC_DEV_REC *)p_node_data;
255     BOOLEAN ret = TRUE;
256     BOOLEAN dev_free = !(p_sec_dev->sec_flags & BTM_SEC_IN_USE);
257     tSecDevContext *p_context = (tSecDevContext *)context;
258 
259     if (dev_free == p_context->free_check) {
260         switch (p_context->type) {
261             case SEC_DEV_BDA:
262 	        if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->bd_addr, BD_ADDR_LEN)) {
263 		    ret = FALSE;
264 		}
265 	    break;
266             case SEC_DEV_HDL:
267 	        if (p_context->context.handle == p_sec_dev->hci_handle
268 #if BLE_INCLUDED == TRUE
269                     || (p_context->context.handle == p_sec_dev->ble_hci_handle)
270 #endif
271 		    ) {
272 		    ret = FALSE;
273 		}
274 	    break;
275 #if BLE_PRIVACY_SPT == TRUE
276 	    case SEC_DEV_ID_ADDR:
277 	        if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->ble.static_addr, BD_ADDR_LEN)) {
278 		    ret = FALSE;
279 		}
280 	    break;
281 #endif //BLE_PRIVACY_SPT == TRUE
282             case SEC_DEV_BTDM_BDA:
283 	       if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->bd_addr, BD_ADDR_LEN)) {
284 	           ret = FALSE;
285 	       }
286 #if BLE_INCLUDED == TRUE
287                // If a LE random address is looking for device record
288                if (!memcmp(p_sec_dev->ble.pseudo_addr, p_context->context.p_bd_addr, BD_ADDR_LEN)) {
289                    ret = FALSE;
290                }
291 
292                if (btm_ble_addr_resolvable(p_context->context.p_bd_addr, p_sec_dev)) {
293                    ret = FALSE;
294                }
295 #endif
296 	    break;
297 	default:
298 	    break;
299 	}
300     }
301     return ret;
302 }
303 
304 /*******************************************************************************
305 **
306 ** Function         btm_sec_alloc_dev
307 **
308 ** Description      Look for the record in the device database for the record
309 **                  with specified address
310 **
311 ** Returns          Pointer to the record or NULL
312 **
313 *******************************************************************************/
btm_sec_alloc_dev(BD_ADDR bd_addr)314 tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
315 {
316     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
317     tBTM_INQ_INFO    *p_inq_info;
318     BTM_TRACE_EVENT ("btm_sec_alloc_dev\n");
319 
320     /* Old devices which are not in use are deleted already */
321     /* Allocate new device or reuse the oldest device */
322     if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS) {
323         //Max number of devices is not exceeded, allocate new device
324         p_dev_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
325         if (p_dev_rec) {
326             list_append(btm_cb.p_sec_dev_rec_list, p_dev_rec);
327         } else {
328             return NULL;
329         }
330     }
331     else {
332         //Find and reuse the oldest device
333         p_dev_rec = btm_find_oldest_dev();
334     }
335 
336     memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
337 
338     p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;           /* Default value */
339     p_dev_rec->sec_flags = BTM_SEC_IN_USE;
340 
341     /* Check with the BT manager if details about remote device are known */
342     /* outgoing connection */
343     if ((p_inq_info = BTM_InqDbRead(bd_addr)) != NULL) {
344         memcpy (p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN);
345 
346 #if BLE_INCLUDED == TRUE
347         p_dev_rec->device_type = p_inq_info->results.device_type;
348         p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
349 
350         /* update conn params, use default value for background connection params */
351         memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
352 #endif
353     } else {
354 #if BLE_INCLUDED == TRUE
355         /* update conn params, use default value for background connection params */
356         memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
357 #endif
358 
359         if (!memcmp (bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) {
360             memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN);
361         }
362     }
363 
364     memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
365 
366 #if BLE_INCLUDED == TRUE
367     p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
368 #endif
369     p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
370     p_dev_rec->timestamp = btm_cb.dev_rec_count++;
371 
372     return (p_dev_rec);
373 }
374 
375 
376 /*******************************************************************************
377 **
378 ** Function         btm_sec_free_dev
379 **
380 ** Description      Mark device record as not used
381 **
382 *******************************************************************************/
btm_sec_free_dev(tBTM_SEC_DEV_REC * p_dev_rec,tBT_TRANSPORT transport)383 void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec, tBT_TRANSPORT transport)
384 {
385     if (transport == BT_TRANSPORT_BR_EDR) {
386         memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
387         p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
388                                 | BTM_SEC_ENCRYPTED | BTM_SEC_NAME_KNOWN
389                                 | BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LINK_KEY_AUTHED
390                                 | BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);
391     } else if (transport == BT_TRANSPORT_LE) {
392         p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
393         p_dev_rec->sec_flags &= ~(BTM_SEC_LE_AUTHENTICATED | BTM_SEC_LE_ENCRYPTED
394                                 | BTM_SEC_LE_NAME_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN
395                                 | BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_ROLE_SWITCHED);
396 #if BLE_INCLUDED == TRUE
397         /* Clear out any saved BLE keys */
398         btm_sec_clear_ble_keys (p_dev_rec);
399 #endif
400     } else {
401         p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
402         memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
403         p_dev_rec->sec_flags = 0;
404 
405 #if BLE_INCLUDED == TRUE
406         /* Clear out any saved BLE keys */
407         btm_sec_clear_ble_keys (p_dev_rec);
408 #endif
409     }
410     /* No BLE keys and BT keys, clear the sec_flags */
411     if(p_dev_rec->sec_flags == BTM_SEC_IN_USE) {
412         p_dev_rec->sec_flags = 0;
413     }
414     list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
415 }
416 
417 /*******************************************************************************
418 **
419 ** Function         btm_dev_support_switch
420 **
421 ** Description      This function is called by the L2CAP to check if remote
422 **                  device supports role switch
423 **
424 ** Parameters:      bd_addr       - Address of the peer device
425 **
426 ** Returns          TRUE if device is known and role switch is supported
427 **
428 *******************************************************************************/
btm_dev_support_switch(BD_ADDR bd_addr)429 BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr)
430 {
431     tBTM_SEC_DEV_REC  *p_dev_rec;
432     UINT8   xx;
433     BOOLEAN feature_empty = TRUE;
434 
435 #if BTM_SCO_INCLUDED == TRUE
436     /* Role switch is not allowed if a SCO is up */
437     if (btm_is_sco_active_by_bdaddr(bd_addr)) {
438         return (FALSE);
439     }
440 #endif
441     p_dev_rec = btm_find_dev (bd_addr);
442     if (p_dev_rec && controller_get_interface()->supports_master_slave_role_switch()) {
443         if (HCI_SWITCH_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0])) {
444             BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature found)\n");
445             return (TRUE);
446         }
447 
448         /* If the feature field is all zero, we never received them */
449         for (xx = 0 ; xx < BD_FEATURES_LEN ; xx++) {
450             if (p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0][xx] != 0x00) {
451                 feature_empty = FALSE; /* at least one is != 0 */
452                 break;
453             }
454         }
455 
456         /* If we don't know peer's capabilities, assume it supports Role-switch */
457         if (feature_empty) {
458             BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature empty)\n");
459             return (TRUE);
460         }
461     }
462 
463     BTM_TRACE_DEBUG("btm_dev_support_switch return FALSE\n");
464     return (FALSE);
465 }
466 
467 /*******************************************************************************
468 **
469 ** Function         btm_find_dev_by_handle
470 **
471 ** Description      Look for the record in the device database for the record
472 **                  with specified handle
473 **
474 ** Returns          Pointer to the record or NULL
475 **
476 *******************************************************************************/
btm_find_dev_by_handle(UINT16 handle)477 tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle)
478 {
479     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
480     list_node_t *p_node         = NULL;
481     tSecDevContext context;
482     context.type                = SEC_DEV_HDL;
483     context.context.handle      = handle;
484     context.free_check          = FALSE;
485 
486     p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
487     if (p_node) {
488         p_dev_rec = list_node(p_node);
489     }
490     return (p_dev_rec);
491 }
492 /*******************************************************************************
493 **
494 ** Function         btm_find_dev
495 **
496 ** Description      Look for the record in the device database for the record
497 **                  with specified BD address
498 **
499 ** Returns          Pointer to the record or NULL
500 **
501 *******************************************************************************/
btm_find_dev(BD_ADDR bd_addr)502 tBTM_SEC_DEV_REC *btm_find_dev(BD_ADDR bd_addr)
503 {
504     if(bd_addr) {
505         list_node_t *p_node        = NULL;
506         tSecDevContext context;
507         context.type               = SEC_DEV_BTDM_BDA;
508         context.context.p_bd_addr  = bd_addr;
509         context.free_check         = FALSE;
510         p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
511 	if (p_node) {
512 	    return(list_node(p_node));
513 	}
514     }
515     return (NULL);
516 }
517 /*******************************************************************************
518 **
519 ** Function         btm_consolidate_dev
520 **
521 ** Description      combine security records if identified as same peer
522 **
523 ** Returns          none
524 **
525 *******************************************************************************/
btm_consolidate_dev(tBTM_SEC_DEV_REC * p_target_rec)526 void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
527 {
528 #if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE
529     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
530     tBTM_SEC_DEV_REC temp_rec = *p_target_rec;
531     list_node_t *p_node = NULL;
532     BTM_TRACE_DEBUG("%s\n", __func__);
533 
534     for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
535         p_dev_rec = list_node(p_node);
536         if (p_target_rec != p_dev_rec && p_dev_rec->sec_flags & BTM_SEC_IN_USE) {
537             if (!memcmp (p_dev_rec->bd_addr, p_target_rec->bd_addr, BD_ADDR_LEN)) {
538                 memcpy(p_target_rec, p_dev_rec, sizeof(tBTM_SEC_DEV_REC));
539                 p_target_rec->ble = temp_rec.ble;
540                 p_target_rec->ble_hci_handle = temp_rec.ble_hci_handle;
541                 p_target_rec->enc_key_size = temp_rec.enc_key_size;
542                 p_target_rec->conn_params = temp_rec.conn_params;
543                 p_target_rec->device_type |= temp_rec.device_type;
544                 p_target_rec->sec_flags |= temp_rec.sec_flags;
545 
546                 p_target_rec->new_encryption_key_is_p256 = temp_rec.new_encryption_key_is_p256;
547                 p_target_rec->no_smp_on_br = temp_rec.no_smp_on_br;
548                 p_target_rec->bond_type = temp_rec.bond_type;
549                 /* Remove the unused device from the list */
550                 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
551                 break;
552             }
553 
554             /* an RPA device entry is a duplicate of the target record */
555             if (btm_ble_addr_resolvable(p_dev_rec->bd_addr, p_target_rec)) {
556                 if (memcmp(p_target_rec->ble.pseudo_addr, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0) {
557                     p_target_rec->ble.ble_addr_type = p_dev_rec->ble.ble_addr_type;
558                     p_target_rec->device_type |= p_dev_rec->device_type;
559                     /* Remove the unused device from the list */
560 		    list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
561 		}
562                 break;
563             }
564         }
565     }
566 #endif
567 }
568 
569 /*******************************************************************************
570 **
571 ** Function         btm_find_or_alloc_dev
572 **
573 ** Description      Look for the record in the device database for the record
574 **                  with specified BD address
575 **
576 ** Returns          Pointer to the record or NULL
577 **
578 *******************************************************************************/
btm_find_or_alloc_dev(BD_ADDR bd_addr)579 tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr)
580 {
581     tBTM_SEC_DEV_REC *p_dev_rec;
582     BTM_TRACE_EVENT ("btm_find_or_alloc_dev\n");
583     if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) {
584 
585         /* Allocate a new device record or reuse the oldest one */
586         p_dev_rec = btm_sec_alloc_dev (bd_addr);
587     }
588     return (p_dev_rec);
589 }
590 
591 /*******************************************************************************
592 **
593 ** Function         btm_find_oldest_dev
594 **
595 ** Description      Locates the oldest device in use. It first looks for
596 **                  the oldest non-paired device.  If all devices are paired it
597 **                  deletes the oldest paired device.
598 **
599 ** Returns          Pointer to the record or NULL
600 **
601 *******************************************************************************/
btm_find_oldest_dev(void)602 tBTM_SEC_DEV_REC *btm_find_oldest_dev (void)
603 {
604     tBTM_SEC_DEV_REC *p_dev_rec = NULL;
605     tBTM_SEC_DEV_REC *p_oldest  = NULL;
606     list_node_t *p_node              = NULL;
607     UINT32 ot                   = 0xFFFFFFFF;
608 
609     /* First look for the non-paired devices for the oldest entry */
610     for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
611 	p_dev_rec = list_node(p_node);
612         if (((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0)
613                 || ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN)) != 0)) {
614             continue;    /* Device is paired so skip it */
615         }
616 
617         if (p_dev_rec->timestamp < ot) {
618             p_oldest = p_dev_rec;
619             ot       = p_dev_rec->timestamp;
620         }
621     }
622 
623     if (ot != 0xFFFFFFFF) {
624         return (p_oldest);
625     }
626 
627     /* All devices are paired; find the oldest */
628     for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
629         if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0) {
630             continue;
631         }
632 
633         if (p_dev_rec->timestamp < ot) {
634             p_oldest = p_dev_rec;
635             ot       = p_dev_rec->timestamp;
636         }
637     }
638     return (p_oldest);
639 }
640 /*******************************************************************************
641 **
642 ** Function         btm_get_bond_type_dev
643 **
644 ** Description      Get the bond type for a device in the device database
645 **                  with specified BD address
646 **
647 ** Returns          The device bond type if known, otherwise BOND_TYPE_UNKNOWN
648 **
649 *******************************************************************************/
btm_get_bond_type_dev(BD_ADDR bd_addr)650 tBTM_BOND_TYPE btm_get_bond_type_dev(BD_ADDR bd_addr)
651 {
652     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
653 
654     if (p_dev_rec == NULL) {
655         return BOND_TYPE_UNKNOWN;
656     }
657 
658     return p_dev_rec->bond_type;
659 }
660 
661 /*******************************************************************************
662 **
663 ** Function         btm_set_bond_type_dev
664 **
665 ** Description      Set the bond type for a device in the device database
666 **                  with specified BD address
667 **
668 ** Returns          TRUE on success, otherwise FALSE
669 **
670 *******************************************************************************/
btm_set_bond_type_dev(BD_ADDR bd_addr,tBTM_BOND_TYPE bond_type)671 BOOLEAN btm_set_bond_type_dev(BD_ADDR bd_addr, tBTM_BOND_TYPE bond_type)
672 {
673     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
674 
675     if (p_dev_rec == NULL) {
676         return FALSE;
677     }
678 
679     p_dev_rec->bond_type = bond_type;
680     return TRUE;
681 }
682 
683 /*******************************************************************************
684 **
685 ** Function         btm_sec_dev_init
686 **
687 ** Description      Create new linked list for dynamic allocation on sec_dev_rec
688 **
689 *******************************************************************************/
btm_sec_dev_init(void)690 void btm_sec_dev_init(void)
691 {
692     btm_cb.p_sec_dev_rec_list = list_new(osi_free_func);
693 }
694 
695 /*******************************************************************************
696 **
697 ** Function         btm_sec_dev_free
698 **
699 ** Description      Delete sec_dev_rec list when btm_cb is being released
700 **
701 *******************************************************************************/
btm_sec_dev_free(void)702 void btm_sec_dev_free(void)
703 {
704     list_free(btm_cb.p_sec_dev_rec_list);
705 }
706