1 /* Bluetooth Scan Delegator */
2
3 /*
4 * Copyright (c) 2019 Bose Corporation
5 * Copyright (c) 2021-2023 Nordic Semiconductor ASA
6 *
7 * SPDX-License-Identifier: Apache-2.0
8 */
9
10 #include <errno.h>
11 #include <stdbool.h>
12 #include <stddef.h>
13 #include <stdint.h>
14 #include <string.h>
15 #include <sys/types.h>
16
17 #include <zephyr/autoconf.h>
18 #include <zephyr/bluetooth/addr.h>
19 #include <zephyr/bluetooth/att.h>
20 #include <zephyr/bluetooth/audio/audio.h>
21 #include <zephyr/bluetooth/audio/bap.h>
22 #include <zephyr/bluetooth/bluetooth.h>
23 #include <zephyr/bluetooth/conn.h>
24 #include <zephyr/bluetooth/gap.h>
25 #include <zephyr/bluetooth/gatt.h>
26 #include <zephyr/bluetooth/hci_types.h>
27 #include <zephyr/bluetooth/iso.h>
28 #include <zephyr/bluetooth/l2cap.h>
29 #include <zephyr/bluetooth/buf.h>
30 #include <zephyr/bluetooth/uuid.h>
31 #include <zephyr/init.h>
32 #include <zephyr/kernel.h>
33 #include <zephyr/logging/log.h>
34 #include <zephyr/net_buf.h>
35 #include <zephyr/sys/__assert.h>
36 #include <zephyr/sys/atomic.h>
37 #include <zephyr/sys/byteorder.h>
38 #include <zephyr/sys/check.h>
39 #include <zephyr/sys/util.h>
40 #include <zephyr/sys/util_macro.h>
41
42 LOG_MODULE_REGISTER(bt_bap_scan_delegator, CONFIG_BT_BAP_SCAN_DELEGATOR_LOG_LEVEL);
43
44 #include "common/bt_str.h"
45
46 #include "audio_internal.h"
47 #include "bap_internal.h"
48 #include "../host/conn_internal.h"
49 #include "../host/hci_core.h"
50
51 #define PAST_TIMEOUT K_SECONDS(10)
52
53 #define SCAN_DELEGATOR_BUF_SEM_TIMEOUT K_MSEC(CONFIG_BT_BAP_SCAN_DELEGATOR_BUF_TIMEOUT)
54 static K_SEM_DEFINE(read_buf_sem, 1, 1);
55 NET_BUF_SIMPLE_DEFINE_STATIC(read_buf, BT_ATT_MAX_ATTRIBUTE_LEN);
56
57 enum bass_recv_state_internal_flag {
58 /* TODO: Replace this flag with a k_work_delayable */
59 BASS_RECV_STATE_INTERNAL_FLAG_NOTIFY_PEND,
60
61 BASS_RECV_STATE_INTERNAL_FLAG_NUM,
62 };
63
64 /* TODO: Merge bass_recv_state_internal_t and bt_bap_scan_delegator_recv_state */
65 struct bass_recv_state_internal {
66 const struct bt_gatt_attr *attr;
67
68 bool active;
69 uint8_t index;
70 struct bt_bap_scan_delegator_recv_state state;
71 uint8_t broadcast_code[BT_ISO_BROADCAST_CODE_SIZE];
72 struct bt_le_per_adv_sync *pa_sync;
73 /** Requested BIS sync bitfield for each subgroup */
74 uint32_t requested_bis_sync[CONFIG_BT_BAP_BASS_MAX_SUBGROUPS];
75
76 ATOMIC_DEFINE(flags, BASS_RECV_STATE_INTERNAL_FLAG_NUM);
77 };
78
79 struct bt_bap_scan_delegator_inst {
80 uint8_t next_src_id;
81 struct bass_recv_state_internal recv_states
82 [CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT];
83 };
84
85 enum scan_delegator_flag {
86 SCAN_DELEGATOR_FLAG_REGISTERED_CONN_CB,
87 SCAN_DELEGATOR_FLAG_REGISTERED_SCAN_DELIGATOR,
88 SCAN_DELEGATOR_FLAG_REGISTERED_PA_SYNC_CB,
89
90 SCAN_DELEGATOR_FLAG_NUM,
91 };
92
93 static ATOMIC_DEFINE(scan_delegator_flags, SCAN_DELEGATOR_FLAG_NUM);
94
95 static struct bt_bap_scan_delegator_inst scan_delegator;
96 static struct bt_bap_scan_delegator_cb *scan_delegator_cbs;
97
98 /**
99 * @brief Returns whether a value's bits is a subset of another value's bits
100 *
101 * @param a The subset to check
102 * @param b The bits to check against
103 *
104 * @return True if @p a is a bitwise subset of @p b
105 */
bits_subset_of(uint32_t a,uint32_t b)106 static bool bits_subset_of(uint32_t a, uint32_t b)
107 {
108 return (((a) & (~(b))) == 0);
109 }
110
bis_syncs_unique_or_no_pref(uint32_t requested_bis_syncs,uint32_t aggregated_bis_syncs)111 static bool bis_syncs_unique_or_no_pref(uint32_t requested_bis_syncs,
112 uint32_t aggregated_bis_syncs)
113 {
114 if (requested_bis_syncs == 0U || aggregated_bis_syncs == 0U) {
115 return true;
116 }
117
118 if (requested_bis_syncs == BT_BAP_BIS_SYNC_NO_PREF &&
119 aggregated_bis_syncs == BT_BAP_BIS_SYNC_NO_PREF) {
120 return true;
121 }
122
123 return (requested_bis_syncs & aggregated_bis_syncs) != 0U;
124 }
125
bt_debug_dump_recv_state(const struct bass_recv_state_internal * recv_state)126 static void bt_debug_dump_recv_state(const struct bass_recv_state_internal *recv_state)
127 {
128 if (recv_state->active) {
129 const struct bt_bap_scan_delegator_recv_state *state = &recv_state->state;
130 const bool is_bad_code = state->encrypt_state == BT_BAP_BIG_ENC_STATE_BAD_CODE;
131
132 LOG_DBG("Receive State[%d]: src ID %u, addr %s, adv_sid %u, broadcast_id 0x%06X, "
133 "pa_sync_state %u, encrypt state %u%s%s, num_subgroups %u",
134 recv_state->index, state->src_id, bt_addr_le_str(&state->addr),
135 state->adv_sid, state->broadcast_id, state->pa_sync_state,
136 state->encrypt_state, is_bad_code ? ", bad code" : "",
137 is_bad_code ? bt_hex(state->bad_code, sizeof(state->bad_code)) : "",
138 state->num_subgroups);
139
140 for (uint8_t i = 0U; i < state->num_subgroups; i++) {
141 const struct bt_bap_bass_subgroup *subgroup = &state->subgroups[i];
142
143 LOG_DBG("\tSubgroup[%u]: BIS sync %u (requested %u), metadata_len %zu, "
144 "metadata: %s",
145 i, subgroup->bis_sync, recv_state->requested_bis_sync[i],
146 subgroup->metadata_len,
147 bt_hex(subgroup->metadata, subgroup->metadata_len));
148 }
149 } else {
150 LOG_DBG("Inactive receive state");
151 }
152 }
153
receive_state_notify_cb(struct bt_conn * conn,void * data)154 static void receive_state_notify_cb(struct bt_conn *conn, void *data)
155 {
156 const struct bass_recv_state_internal *internal_state = data;
157 struct bt_conn_info conn_info;
158 uint16_t max_ntf_size;
159 uint16_t ntf_size;
160 int err;
161
162 err = bt_conn_get_info(conn, &conn_info);
163 __ASSERT_NO_MSG(err == 0);
164
165 if (conn_info.state != BT_CONN_STATE_CONNECTED ||
166 !bt_gatt_is_subscribed(conn, internal_state->attr, BT_GATT_CCC_NOTIFY)) {
167 return;
168 }
169
170 max_ntf_size = bt_audio_get_max_ntf_size(conn);
171
172 ntf_size = MIN(max_ntf_size, read_buf.len);
173 if (ntf_size < read_buf.len) {
174 LOG_DBG("Sending truncated notification (%u/%u)", ntf_size, read_buf.len);
175 }
176
177 LOG_DBG("Sending bytes %u for %p", ntf_size, (void *)conn);
178 err = bt_gatt_notify_uuid(conn, BT_UUID_BASS_RECV_STATE, internal_state->attr,
179 read_buf.data, ntf_size);
180 if (err != 0) {
181 LOG_DBG("Could not notify receive state: %d", err);
182 }
183 }
184
bass_notify_receive_state(const struct bass_recv_state_internal * internal_state)185 static void bass_notify_receive_state(const struct bass_recv_state_internal *internal_state)
186 {
187 bt_conn_foreach(BT_CONN_TYPE_LE, receive_state_notify_cb, (void *)internal_state);
188 }
189
net_buf_put_recv_state(const struct bass_recv_state_internal * recv_state)190 static void net_buf_put_recv_state(const struct bass_recv_state_internal *recv_state)
191 {
192 const struct bt_bap_scan_delegator_recv_state *state = &recv_state->state;
193
194 net_buf_simple_reset(&read_buf);
195
196 __ASSERT(recv_state, "NULL receive state");
197
198 if (!recv_state->active) {
199 /* Notify empty */
200
201 return;
202 }
203
204 (void)net_buf_simple_add_u8(&read_buf, state->src_id);
205 (void)net_buf_simple_add_u8(&read_buf, state->addr.type);
206 (void)net_buf_simple_add_mem(&read_buf, &state->addr.a,
207 sizeof(state->addr.a));
208 (void)net_buf_simple_add_u8(&read_buf, state->adv_sid);
209 (void)net_buf_simple_add_le24(&read_buf, state->broadcast_id);
210 (void)net_buf_simple_add_u8(&read_buf, state->pa_sync_state);
211 (void)net_buf_simple_add_u8(&read_buf, state->encrypt_state);
212 if (state->encrypt_state == BT_BAP_BIG_ENC_STATE_BAD_CODE) {
213 (void)net_buf_simple_add_mem(&read_buf, &state->bad_code,
214 sizeof(state->bad_code));
215 }
216 (void)net_buf_simple_add_u8(&read_buf, state->num_subgroups);
217 for (int i = 0; i < state->num_subgroups; i++) {
218 const struct bt_bap_bass_subgroup *subgroup = &state->subgroups[i];
219
220 (void)net_buf_simple_add_le32(&read_buf, subgroup->bis_sync);
221 (void)net_buf_simple_add_u8(&read_buf, subgroup->metadata_len);
222 (void)net_buf_simple_add_mem(&read_buf, subgroup->metadata,
223 subgroup->metadata_len);
224 }
225 }
226
receive_state_updated(struct bt_conn * conn,const struct bass_recv_state_internal * internal_state)227 static void receive_state_updated(struct bt_conn *conn,
228 const struct bass_recv_state_internal *internal_state)
229 {
230 int err;
231
232 /* If something is holding the NOTIFY_PEND flag we should not notify now */
233 if (atomic_test_bit(internal_state->flags,
234 BASS_RECV_STATE_INTERNAL_FLAG_NOTIFY_PEND)) {
235 return;
236 }
237
238 err = k_sem_take(&read_buf_sem, SCAN_DELEGATOR_BUF_SEM_TIMEOUT);
239 if (err != 0) {
240 LOG_DBG("Failed to take read_buf_sem: %d", err);
241
242 return;
243 }
244
245 bt_debug_dump_recv_state(internal_state);
246 net_buf_put_recv_state(internal_state);
247 bass_notify_receive_state(internal_state);
248 if (scan_delegator_cbs != NULL &&
249 scan_delegator_cbs->recv_state_updated != NULL) {
250 scan_delegator_cbs->recv_state_updated(conn,
251 &internal_state->state);
252 }
253
254 k_sem_give(&read_buf_sem);
255 }
256
bis_sync_request_updated(struct bt_conn * conn,const struct bass_recv_state_internal * internal_state)257 static void bis_sync_request_updated(struct bt_conn *conn,
258 const struct bass_recv_state_internal *internal_state)
259 {
260 if (scan_delegator_cbs != NULL &&
261 scan_delegator_cbs->bis_sync_req != NULL) {
262 scan_delegator_cbs->bis_sync_req(conn, &internal_state->state,
263 internal_state->requested_bis_sync);
264 } else {
265 LOG_WRN("bis_sync_req callback is missing");
266 }
267 }
268
scan_delegator_security_changed(struct bt_conn * conn,bt_security_t level,enum bt_security_err err)269 static void scan_delegator_security_changed(struct bt_conn *conn,
270 bt_security_t level,
271 enum bt_security_err err)
272 {
273
274 if (err != 0 || level < BT_SECURITY_L2 || !bt_le_bond_exists(conn->id, &conn->le.dst)) {
275 return;
276 }
277
278 /* Notify all receive states after a bonded device reconnects */
279 for (size_t i = 0; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
280 const struct bass_recv_state_internal *internal_state =
281 &scan_delegator.recv_states[i];
282
283 if (!internal_state->active) {
284 continue;
285 }
286
287 err = k_sem_take(&read_buf_sem, SCAN_DELEGATOR_BUF_SEM_TIMEOUT);
288 if (err != 0) {
289 LOG_DBG("Failed to take read_buf_sem: %d", err);
290
291 return;
292 }
293
294 net_buf_put_recv_state(internal_state);
295 receive_state_notify_cb(conn, (void *)internal_state);
296
297 k_sem_give(&read_buf_sem);
298 }
299 }
300
301 BT_CONN_CB_DEFINE(conn_callbacks) = {
302 .security_changed = scan_delegator_security_changed,
303 };
304
next_src_id(void)305 static uint8_t next_src_id(void)
306 {
307 uint8_t next_src_id;
308 bool unique = false;
309
310 while (!unique) {
311 next_src_id = scan_delegator.next_src_id++;
312 unique = true;
313 for (size_t i = 0; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
314 if (scan_delegator.recv_states[i].active &&
315 scan_delegator.recv_states[i].state.src_id == next_src_id) {
316 unique = false;
317 break;
318 }
319 }
320 }
321
322 return next_src_id;
323 }
324
bass_lookup_src_id(uint8_t src_id)325 static struct bass_recv_state_internal *bass_lookup_src_id(uint8_t src_id)
326 {
327 for (size_t i = 0; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
328 if (scan_delegator.recv_states[i].active &&
329 scan_delegator.recv_states[i].state.src_id == src_id) {
330 return &scan_delegator.recv_states[i];
331 }
332 }
333
334 return NULL;
335 }
336
bass_lookup_pa_sync(struct bt_le_per_adv_sync * sync)337 static struct bass_recv_state_internal *bass_lookup_pa_sync(struct bt_le_per_adv_sync *sync)
338 {
339 for (size_t i = 0; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
340 if (scan_delegator.recv_states[i].pa_sync == sync) {
341 return &scan_delegator.recv_states[i];
342 }
343 }
344
345 return NULL;
346 }
347
bass_lookup_addr(const bt_addr_le_t * addr)348 static struct bass_recv_state_internal *bass_lookup_addr(const bt_addr_le_t *addr)
349 {
350 for (size_t i = 0; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
351 if (bt_addr_le_eq(&scan_delegator.recv_states[i].state.addr,
352 addr)) {
353 return &scan_delegator.recv_states[i];
354 }
355 }
356
357 return NULL;
358 }
359
get_free_recv_state(void)360 static struct bass_recv_state_internal *get_free_recv_state(void)
361 {
362 for (size_t i = 0U; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
363 struct bass_recv_state_internal *free_internal_state =
364 &scan_delegator.recv_states[i];
365
366 if (!free_internal_state->active) {
367 return free_internal_state;
368 }
369 }
370
371 return NULL;
372 }
373
pa_synced(struct bt_le_per_adv_sync * sync,struct bt_le_per_adv_sync_synced_info * info)374 static void pa_synced(struct bt_le_per_adv_sync *sync,
375 struct bt_le_per_adv_sync_synced_info *info)
376 {
377 struct bass_recv_state_internal *internal_state;
378
379 LOG_DBG("Synced%s", info->conn ? " via PAST" : "");
380
381 internal_state = bass_lookup_addr(info->addr);
382 if (internal_state == NULL) {
383 LOG_DBG("BASS receive state not found");
384 return;
385 }
386
387 internal_state->pa_sync = sync;
388
389 if (internal_state->state.pa_sync_state != BT_BAP_PA_STATE_SYNCED) {
390 internal_state->state.pa_sync_state = BT_BAP_PA_STATE_SYNCED;
391 receive_state_updated(info->conn, internal_state);
392 }
393 }
394
pa_terminated(struct bt_le_per_adv_sync * sync,const struct bt_le_per_adv_sync_term_info * info)395 static void pa_terminated(struct bt_le_per_adv_sync *sync,
396 const struct bt_le_per_adv_sync_term_info *info)
397 {
398 struct bass_recv_state_internal *internal_state = bass_lookup_pa_sync(sync);
399
400 LOG_DBG("Terminated");
401 if (internal_state == NULL) {
402 LOG_DBG("BASS receive state not found");
403 return;
404 }
405
406 internal_state->pa_sync = NULL;
407
408 if (internal_state->state.pa_sync_state != BT_BAP_PA_STATE_NOT_SYNCED) {
409 internal_state->state.pa_sync_state = BT_BAP_PA_STATE_NOT_SYNCED;
410 receive_state_updated(NULL, internal_state);
411 }
412 }
413
414 static struct bt_le_per_adv_sync_cb pa_sync_cb = {
415 .synced = pa_synced,
416 .term = pa_terminated,
417 };
418
supports_past(struct bt_conn * conn,uint8_t pa_sync_val)419 static bool supports_past(struct bt_conn *conn, uint8_t pa_sync_val)
420 {
421 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)) {
422 struct bt_le_local_features local_features;
423 struct bt_conn_remote_info remote_info;
424 int err;
425
426 err = bt_le_get_local_features(&local_features);
427 if (err != 0) {
428 LOG_DBG("Failed to get local features: %d", err);
429 return false;
430 }
431
432 err = bt_conn_get_remote_info(conn, &remote_info);
433 if (err != 0) {
434 LOG_DBG("Failed to get remote info: %d", err);
435 return false;
436 }
437
438 LOG_DBG("%p remote %s PAST, local %s PAST (req %u)", (void *)conn,
439 BT_FEAT_LE_PAST_SEND(remote_info.le.features) ? "supports"
440 : "does not support",
441 BT_FEAT_LE_PAST_RECV(local_features.features) ? "supports"
442 : "does not support",
443 pa_sync_val);
444
445 return pa_sync_val == BT_BAP_BASS_PA_REQ_SYNC_PAST &&
446 BT_FEAT_LE_PAST_SEND(remote_info.le.features) &&
447 BT_FEAT_LE_PAST_RECV(local_features.features);
448 } else {
449 return false;
450 }
451 }
452
pa_sync_request(struct bt_conn * conn,const struct bt_bap_scan_delegator_recv_state * state,uint8_t pa_sync_val,uint16_t pa_interval)453 static int pa_sync_request(struct bt_conn *conn,
454 const struct bt_bap_scan_delegator_recv_state *state,
455 uint8_t pa_sync_val, uint16_t pa_interval)
456 {
457 int err = -EACCES;
458
459 if (scan_delegator_cbs != NULL &&
460 scan_delegator_cbs->pa_sync_req != NULL) {
461 const bool past_supported = supports_past(conn, pa_sync_val);
462
463 err = scan_delegator_cbs->pa_sync_req(conn, state,
464 past_supported,
465 pa_interval);
466 } else {
467 LOG_WRN("pa_sync_req callback is missing, rejecting PA sync request");
468 }
469
470 return err;
471 }
472
pa_sync_term_request(struct bt_conn * conn,const struct bt_bap_scan_delegator_recv_state * state)473 static int pa_sync_term_request(struct bt_conn *conn,
474 const struct bt_bap_scan_delegator_recv_state *state)
475 {
476 int err = -EACCES;
477
478 if (scan_delegator_cbs != NULL &&
479 scan_delegator_cbs->pa_sync_req != NULL) {
480 err = scan_delegator_cbs->pa_sync_term_req(conn, state);
481 } else {
482 LOG_WRN("pa_sync_term_req callback is missing, rejecting PA sync term request");
483 }
484
485 return err;
486 }
487
488 /* BAP 6.5.4 states that the Broadcast Assistant shall not initiate the Add Source operation
489 * if the operation would result in duplicate values for the combined Source_Address_Type,
490 * Source_Adv_SID, and Broadcast_ID fields of any Broadcast Receive State characteristic exposed
491 * by the Scan Delegator.
492 */
bass_source_is_duplicate(uint32_t broadcast_id,uint8_t adv_sid,uint8_t addr_type)493 static bool bass_source_is_duplicate(uint32_t broadcast_id, uint8_t adv_sid, uint8_t addr_type)
494 {
495 struct bass_recv_state_internal *state;
496
497 for (size_t i = 0; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
498 state = &scan_delegator.recv_states[i];
499
500 if (state != NULL && state->state.broadcast_id == broadcast_id &&
501 state->state.adv_sid == adv_sid && state->state.addr.type == addr_type) {
502 LOG_DBG("recv_state already exists at src_id=0x%02X", state->state.src_id);
503
504 return true;
505 }
506 }
507
508 return false;
509 }
510
scan_delegator_add_source(struct bt_conn * conn,struct net_buf_simple * buf)511 static int scan_delegator_add_source(struct bt_conn *conn,
512 struct net_buf_simple *buf)
513 {
514 struct bass_recv_state_internal *internal_state = NULL;
515 struct bt_bap_scan_delegator_recv_state *state;
516 bt_addr_t *addr;
517 uint8_t pa_sync;
518 uint16_t pa_interval;
519 uint32_t aggregated_bis_syncs = 0;
520 uint32_t broadcast_id;
521 bool bis_sync_requested;
522 uint16_t total_len;
523 struct bt_bap_bass_cp_add_src *add_src;
524
525 /* subtract 1 as the opcode has already been pulled */
526 if (buf->len < sizeof(struct bt_bap_bass_cp_add_src) - 1) {
527 LOG_DBG("Invalid length %u", buf->size);
528 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
529 }
530
531 add_src = (void *)(buf->data - 1);
532 total_len = sizeof(struct bt_bap_bass_cp_add_src) - 1;
533 for (int i = 0; i < add_src->num_subgroups; i++) {
534 struct bt_bap_bass_cp_subgroup *subgroup;
535 uint16_t index = total_len;
536
537 total_len += sizeof(struct bt_bap_bass_cp_subgroup);
538 if (total_len > buf->len) {
539 LOG_DBG("Invalid length %u", buf->len);
540
541 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
542 }
543
544 subgroup = (void *)&buf->data[index];
545 total_len += subgroup->metadata_len;
546 if (total_len > buf->len) {
547 LOG_DBG("Invalid length %u", buf->len);
548
549 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
550 }
551 }
552
553 if (total_len != buf->len) {
554 LOG_DBG("Invalid length %u", buf->len);
555
556 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
557 }
558
559 internal_state = get_free_recv_state();
560 if (internal_state == NULL) {
561 LOG_DBG("Could not get free receive state");
562
563 return BT_GATT_ERR(BT_ATT_ERR_INSUFFICIENT_RESOURCES);
564 }
565
566 state = &internal_state->state;
567
568 state->src_id = next_src_id();
569 state->addr.type = net_buf_simple_pull_u8(buf);
570 if (state->addr.type > BT_ADDR_LE_RANDOM) {
571 LOG_DBG("Invalid address type %u", state->addr.type);
572 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
573 }
574
575 addr = net_buf_simple_pull_mem(buf, sizeof(*addr));
576 bt_addr_copy(&state->addr.a, addr);
577
578 state->adv_sid = net_buf_simple_pull_u8(buf);
579 if (state->adv_sid > BT_GAP_SID_MAX) {
580 LOG_DBG("Invalid adv SID %u", state->adv_sid);
581 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
582 }
583
584 broadcast_id = net_buf_simple_pull_le24(buf);
585
586 if (bass_source_is_duplicate(broadcast_id, state->adv_sid, state->addr.type)) {
587 LOG_DBG("Adding broadcast_id=0x%06X, adv_sid=0x%02X, and addr.type=0x%02X would "
588 "result in duplication", state->broadcast_id, state->adv_sid,
589 state->addr.type);
590
591 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
592 }
593
594 state->broadcast_id = broadcast_id;
595
596 pa_sync = net_buf_simple_pull_u8(buf);
597 if (pa_sync > BT_BAP_BASS_PA_REQ_SYNC) {
598 LOG_DBG("Invalid PA sync value %u", pa_sync);
599 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
600 }
601
602 pa_interval = net_buf_simple_pull_le16(buf);
603
604 state->num_subgroups = net_buf_simple_pull_u8(buf);
605 if (state->num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
606 LOG_WRN("Too many subgroups %u/%u", state->num_subgroups,
607 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
608 return BT_GATT_ERR(BT_ATT_ERR_INSUFFICIENT_RESOURCES);
609 }
610
611 bis_sync_requested = false;
612 for (int i = 0; i < state->num_subgroups; i++) {
613 struct bt_bap_bass_subgroup *subgroup = &state->subgroups[i];
614 uint8_t *metadata;
615
616 internal_state->requested_bis_sync[i] = net_buf_simple_pull_le32(buf);
617
618 if (internal_state->requested_bis_sync[i] &&
619 pa_sync == BT_BAP_BASS_PA_REQ_NO_SYNC) {
620 LOG_DBG("Cannot sync to BIS without PA");
621 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
622 }
623
624 if (internal_state->requested_bis_sync[i] != 0U) {
625 bis_sync_requested = true;
626 }
627
628 /* Verify that the request BIS sync indexes are unique or no preference */
629 if (!bis_syncs_unique_or_no_pref(internal_state->requested_bis_sync[i],
630 aggregated_bis_syncs)) {
631 LOG_DBG("Duplicate BIS index [%d]%x (aggregated %x)",
632 i, internal_state->requested_bis_sync[i],
633 aggregated_bis_syncs);
634
635 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
636 }
637
638 if (!valid_bis_syncs(internal_state->requested_bis_sync[i])) {
639 LOG_DBG("Invalid BIS sync[%d]: 0x%08X", i,
640 internal_state->requested_bis_sync[i]);
641
642 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
643 }
644
645 aggregated_bis_syncs |= internal_state->requested_bis_sync[i];
646
647 subgroup->metadata_len = net_buf_simple_pull_u8(buf);
648
649 if (subgroup->metadata_len > CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE) {
650 LOG_WRN("Metadata too long %u/%u", subgroup->metadata_len,
651 CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE);
652
653 return BT_GATT_ERR(BT_ATT_ERR_INSUFFICIENT_RESOURCES);
654 }
655
656 metadata = net_buf_simple_pull_mem(buf, subgroup->metadata_len);
657 (void)memcpy(subgroup->metadata, metadata,
658 subgroup->metadata_len);
659 }
660
661 /* The active flag shall be set before any application callbacks, so that any calls for the
662 * receive state can be processed
663 */
664 internal_state->active = true;
665
666 /* Set NOTIFY_PEND flag to ensure that we only send 1 notification in case that the upper
667 * layer calls another function that changes the state in the pa_sync_request callback
668 */
669 atomic_set_bit(internal_state->flags, BASS_RECV_STATE_INTERNAL_FLAG_NOTIFY_PEND);
670
671 if (pa_sync != BT_BAP_BASS_PA_REQ_NO_SYNC) {
672 int err;
673
674 err = pa_sync_request(conn, state, pa_sync, pa_interval);
675
676 if (err != 0) {
677 (void)memset(state, 0, sizeof(*state));
678 internal_state->active = false;
679
680 LOG_DBG("PA sync %u from %p was rejected with reason %d", pa_sync,
681 (void *)conn, err);
682
683 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
684 }
685 }
686
687 LOG_DBG("Index %u: New source added: ID 0x%02x",
688 internal_state->index, state->src_id);
689
690 atomic_clear_bit(internal_state->flags,
691 BASS_RECV_STATE_INTERNAL_FLAG_NOTIFY_PEND);
692
693 receive_state_updated(conn, internal_state);
694
695 if (bis_sync_requested) {
696 bis_sync_request_updated(conn, internal_state);
697 }
698
699 return 0;
700 }
701
scan_delegator_mod_src(struct bt_conn * conn,struct net_buf_simple * buf)702 static int scan_delegator_mod_src(struct bt_conn *conn,
703 struct net_buf_simple *buf)
704 {
705 struct bt_bap_scan_delegator_recv_state backup_state;
706 struct bass_recv_state_internal *internal_state;
707 struct bt_bap_scan_delegator_recv_state *state;
708 uint8_t src_id;
709 bool state_changed = false;
710 uint16_t pa_interval;
711 uint8_t num_subgroups;
712 struct bt_bap_bass_subgroup
713 subgroups[CONFIG_BT_BAP_BASS_MAX_SUBGROUPS] = { 0 };
714 uint8_t pa_sync;
715 uint32_t aggregated_bis_syncs = 0;
716 bool bis_sync_change_requested;
717 uint16_t total_len;
718 struct bt_bap_bass_cp_mod_src *mod_src;
719
720 /* subtract 1 as the opcode has already been pulled */
721 if (buf->len < sizeof(struct bt_bap_bass_cp_mod_src) - 1) {
722 LOG_DBG("Invalid length %u", buf->len);
723
724 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
725 }
726
727 mod_src = (void *)(buf->data - 1);
728 total_len = sizeof(struct bt_bap_bass_cp_mod_src) - 1;
729 for (int i = 0; i < mod_src->num_subgroups; i++) {
730 struct bt_bap_bass_cp_subgroup *subgroup;
731 uint16_t index = total_len;
732
733 total_len += sizeof(struct bt_bap_bass_cp_subgroup);
734 if (total_len > buf->len) {
735 LOG_DBG("Invalid length %u", buf->len);
736
737 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
738 }
739
740 subgroup = (void *)&buf->data[index];
741 total_len += subgroup->metadata_len;
742 if (total_len > buf->len) {
743 LOG_DBG("Invalid length %u", buf->len);
744
745 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
746 }
747 }
748
749 if (total_len != buf->len) {
750 LOG_DBG("Invalid length %u", buf->len);
751
752 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
753 }
754
755 src_id = net_buf_simple_pull_u8(buf);
756 internal_state = bass_lookup_src_id(src_id);
757
758 LOG_DBG("src_id %u", src_id);
759
760 if (internal_state == NULL) {
761 LOG_DBG("Could not find state by src id %u", src_id);
762
763 return BT_GATT_ERR(BT_BAP_BASS_ERR_INVALID_SRC_ID);
764 }
765
766 pa_sync = net_buf_simple_pull_u8(buf);
767 if (pa_sync > BT_BAP_BASS_PA_REQ_SYNC) {
768 LOG_DBG("Invalid PA sync value %u", pa_sync);
769
770 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
771 }
772
773 pa_interval = net_buf_simple_pull_le16(buf);
774
775 num_subgroups = net_buf_simple_pull_u8(buf);
776 if (num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
777 LOG_WRN("Too many subgroups %u/%u", num_subgroups,
778 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
779
780 return BT_GATT_ERR(BT_ATT_ERR_INSUFFICIENT_RESOURCES);
781 }
782
783 bis_sync_change_requested = false;
784 for (int i = 0; i < num_subgroups; i++) {
785 struct bt_bap_bass_subgroup *subgroup = &subgroups[i];
786 uint32_t old_bis_sync_req;
787 uint8_t *metadata;
788
789 old_bis_sync_req = internal_state->requested_bis_sync[i];
790
791 internal_state->requested_bis_sync[i] = net_buf_simple_pull_le32(buf);
792
793 if (internal_state->requested_bis_sync[i] &&
794 pa_sync == BT_BAP_BASS_PA_REQ_NO_SYNC) {
795 LOG_DBG("Cannot sync to BIS without PA");
796 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
797 }
798
799 if (old_bis_sync_req != internal_state->requested_bis_sync[i]) {
800 bis_sync_change_requested = true;
801 }
802
803 /* Verify that the request BIS sync indexes are unique or no preference */
804 if (!bis_syncs_unique_or_no_pref(internal_state->requested_bis_sync[i],
805 aggregated_bis_syncs)) {
806 LOG_DBG("Duplicate BIS index [%d]%x (aggregated %x)",
807 i, internal_state->requested_bis_sync[i],
808 aggregated_bis_syncs);
809
810 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
811 }
812
813 if (!valid_bis_syncs(internal_state->requested_bis_sync[i])) {
814 return BT_GATT_ERR(BT_ATT_ERR_VALUE_NOT_ALLOWED);
815 }
816 aggregated_bis_syncs |= internal_state->requested_bis_sync[i];
817
818 subgroup->metadata_len = net_buf_simple_pull_u8(buf);
819
820 if (subgroup->metadata_len > CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE) {
821 LOG_WRN("Metadata too long %u/%u", subgroup->metadata_len,
822 CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE);
823 return BT_GATT_ERR(BT_ATT_ERR_INSUFFICIENT_RESOURCES);
824 }
825
826 metadata = net_buf_simple_pull_mem(buf, subgroup->metadata_len);
827
828 (void)memcpy(subgroup->metadata, metadata,
829 subgroup->metadata_len);
830 }
831
832 /* All input has been validated; update receive state and check for changes */
833 state = &internal_state->state;
834
835 /* Store backup in case upper layers rejects */
836 (void)memcpy(&backup_state, state, sizeof(backup_state));
837
838 if (state->num_subgroups != num_subgroups) {
839 state->num_subgroups = num_subgroups;
840 state_changed = true;
841 }
842
843 for (int i = 0; i < num_subgroups; i++) {
844 const bool metadata_len_changed =
845 subgroups[i].metadata_len != state->subgroups[i].metadata_len;
846
847 if (metadata_len_changed) {
848 state->subgroups[i].metadata_len = subgroups[i].metadata_len;
849 state_changed = true;
850 }
851
852 if (metadata_len_changed ||
853 memcmp(subgroups[i].metadata, state->subgroups[i].metadata,
854 sizeof(subgroups[i].metadata)) != 0) {
855
856 if (state->subgroups[i].metadata_len == 0U) {
857 memset(state->subgroups[i].metadata, 0,
858 state->subgroups[i].metadata_len);
859 } else {
860 (void)memcpy(state->subgroups[i].metadata, subgroups[i].metadata,
861 state->subgroups[i].metadata_len);
862 }
863
864 state_changed = true;
865 }
866 }
867
868 /* Set NOTIFY_PEND flag to ensure that we only send 1 notification in case that the upper
869 * layer calls another function that changes the state in the pa_sync_request callback
870 */
871 atomic_set_bit(internal_state->flags, BASS_RECV_STATE_INTERNAL_FLAG_NOTIFY_PEND);
872
873 /* Only send the sync request to upper layers if it is requested, and
874 * we are not already synced to the device
875 */
876 if (pa_sync != BT_BAP_BASS_PA_REQ_NO_SYNC &&
877 state->pa_sync_state != BT_BAP_PA_STATE_SYNCED) {
878 const uint8_t pa_sync_state = state->pa_sync_state;
879 const int err = pa_sync_request(conn, state, pa_sync,
880 pa_interval);
881
882 if (err != 0) {
883 /* Restore backup */
884 (void)memcpy(state, &backup_state,
885 sizeof(backup_state));
886
887 LOG_DBG("PA sync %u from %p was rejected with reason %d", pa_sync,
888 (void *)conn, err);
889
890 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
891 } else if (pa_sync_state != state->pa_sync_state) {
892 /* Temporary work around if the state is changed when pa_sync_request is
893 * called. See https://github.com/zephyrproject-rtos/zephyr/issues/79308 for
894 * more information about this issue.
895 */
896 state_changed = true;
897 }
898 } else if (pa_sync == BT_BAP_BASS_PA_REQ_NO_SYNC &&
899 (state->pa_sync_state == BT_BAP_PA_STATE_INFO_REQ ||
900 state->pa_sync_state == BT_BAP_PA_STATE_SYNCED)) {
901 /* Terminate PA sync */
902 const int err = pa_sync_term_request(conn, &internal_state->state);
903
904 if (err != 0) {
905 LOG_DBG("PA sync term from %p was rejected with reason %d", (void *)conn,
906 err);
907
908 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
909 }
910
911 state_changed = true;
912 }
913
914 atomic_clear_bit(internal_state->flags, BASS_RECV_STATE_INTERNAL_FLAG_NOTIFY_PEND);
915
916 /* Notify if changed */
917 if (state_changed) {
918 LOG_DBG("Index %u: Source modified: ID 0x%02x",
919 internal_state->index, state->src_id);
920
921 receive_state_updated(conn, internal_state);
922 }
923
924 if (bis_sync_change_requested) {
925 bis_sync_request_updated(conn, internal_state);
926 }
927
928 return 0;
929 }
930
scan_delegator_broadcast_code(struct bt_conn * conn,struct net_buf_simple * buf)931 static int scan_delegator_broadcast_code(struct bt_conn *conn,
932 struct net_buf_simple *buf)
933 {
934 struct bass_recv_state_internal *internal_state;
935 uint8_t src_id;
936 const uint8_t *broadcast_code;
937
938 /* subtract 1 as the opcode has already been pulled */
939 if (buf->len != sizeof(struct bt_bap_bass_cp_broadcase_code) - 1) {
940 LOG_DBG("Invalid length %u", buf->size);
941 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
942 }
943
944 src_id = net_buf_simple_pull_u8(buf);
945 internal_state = bass_lookup_src_id(src_id);
946
947 if (internal_state == NULL) {
948 LOG_DBG("Could not find state by src id %u", src_id);
949 return BT_GATT_ERR(BT_BAP_BASS_ERR_INVALID_SRC_ID);
950 }
951
952 broadcast_code = net_buf_simple_pull_mem(buf, sizeof(internal_state->broadcast_code));
953
954 (void)memcpy(internal_state->broadcast_code, broadcast_code,
955 sizeof(internal_state->broadcast_code));
956
957 LOG_DBG("Index %u: broadcast code added: %s", internal_state->index,
958 bt_hex(internal_state->broadcast_code, sizeof(internal_state->broadcast_code)));
959
960 if (scan_delegator_cbs != NULL &&
961 scan_delegator_cbs->broadcast_code != NULL) {
962 scan_delegator_cbs->broadcast_code(conn, &internal_state->state,
963 broadcast_code);
964 }
965
966 return 0;
967 }
968
scan_delegator_rem_src(struct bt_conn * conn,struct net_buf_simple * buf)969 static int scan_delegator_rem_src(struct bt_conn *conn,
970 struct net_buf_simple *buf)
971 {
972 struct bass_recv_state_internal *internal_state;
973 struct bt_bap_scan_delegator_recv_state *state;
974 bool bis_sync_was_requested;
975 uint8_t src_id;
976
977 /* subtract 1 as the opcode has already been pulled */
978 if (buf->len != sizeof(struct bt_bap_bass_cp_rem_src) - 1) {
979 LOG_DBG("Invalid length %u", buf->size);
980 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
981 }
982
983 src_id = net_buf_simple_pull_u8(buf);
984 internal_state = bass_lookup_src_id(src_id);
985
986 if (internal_state == NULL) {
987 LOG_DBG("Could not find state by src id %u", src_id);
988 return BT_GATT_ERR(BT_BAP_BASS_ERR_INVALID_SRC_ID);
989 }
990
991 state = &internal_state->state;
992
993 /* If conn == NULL then it's a local operation and we do not need to ask the application */
994 if (conn != NULL && (state->pa_sync_state == BT_BAP_PA_STATE_INFO_REQ ||
995 state->pa_sync_state == BT_BAP_PA_STATE_SYNCED)) {
996 int err;
997
998 /* Terminate PA sync */
999 err = pa_sync_term_request(conn, &internal_state->state);
1000 if (err != 0) {
1001 LOG_DBG("PA sync term from %p was rejected with reason %d", (void *)conn,
1002 err);
1003
1004 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
1005 }
1006 }
1007
1008 bis_sync_was_requested = false;
1009 for (uint8_t i = 0U; i < state->num_subgroups; i++) {
1010 if (internal_state->requested_bis_sync[i] != 0U) {
1011 bis_sync_was_requested = true;
1012 break;
1013 }
1014 }
1015
1016 LOG_DBG("Index %u: Removed source with ID 0x%02x",
1017 internal_state->index, src_id);
1018
1019 internal_state->active = false;
1020 internal_state->pa_sync = NULL;
1021 (void)memset(&internal_state->state, 0, sizeof(internal_state->state));
1022 (void)memset(internal_state->broadcast_code, 0,
1023 sizeof(internal_state->broadcast_code));
1024 (void)memset(internal_state->requested_bis_sync, 0,
1025 sizeof(internal_state->requested_bis_sync));
1026
1027 if (bis_sync_was_requested) {
1028 bis_sync_request_updated(conn, internal_state);
1029 }
1030 receive_state_updated(conn, internal_state);
1031
1032 return 0;
1033 }
1034
write_control_point(struct bt_conn * conn,const struct bt_gatt_attr * attr,const void * data,uint16_t len,uint16_t offset,uint8_t flags)1035 static ssize_t write_control_point(struct bt_conn *conn,
1036 const struct bt_gatt_attr *attr,
1037 const void *data, uint16_t len,
1038 uint16_t offset, uint8_t flags)
1039 {
1040 struct net_buf_simple buf;
1041 uint8_t opcode;
1042 int err;
1043
1044 if (offset != 0) {
1045 return BT_GATT_ERR(BT_ATT_ERR_INVALID_OFFSET);
1046 } else if (len == 0) {
1047 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
1048 }
1049
1050 net_buf_simple_init_with_data(&buf, (void *)data, len);
1051
1052 opcode = net_buf_simple_pull_u8(&buf);
1053
1054 if (!BT_BAP_BASS_VALID_OPCODE(opcode)) {
1055 return BT_GATT_ERR(BT_BAP_BASS_ERR_OPCODE_NOT_SUPPORTED);
1056 }
1057
1058 LOG_HEXDUMP_DBG(data, len, "Data");
1059
1060 switch (opcode) {
1061 case BT_BAP_BASS_OP_SCAN_STOP:
1062 LOG_DBG("Assistant stopping scanning");
1063
1064 if (buf.len != 0) {
1065 LOG_DBG("Invalid length %u", buf.size);
1066 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
1067 }
1068
1069 if (scan_delegator_cbs != NULL && scan_delegator_cbs->scanning_state != NULL) {
1070 scan_delegator_cbs->scanning_state(conn, false);
1071 }
1072
1073 break;
1074 case BT_BAP_BASS_OP_SCAN_START:
1075 LOG_DBG("Assistant starting scanning");
1076
1077 if (buf.len != 0) {
1078 return BT_GATT_ERR(BT_ATT_ERR_WRITE_REQ_REJECTED);
1079 }
1080
1081 if (scan_delegator_cbs != NULL && scan_delegator_cbs->scanning_state != NULL) {
1082 scan_delegator_cbs->scanning_state(conn, true);
1083 }
1084
1085 break;
1086 case BT_BAP_BASS_OP_ADD_SRC:
1087 LOG_DBG("Assistant adding source");
1088
1089 err = scan_delegator_add_source(conn, &buf);
1090 if (err != 0) {
1091 LOG_DBG("Could not add source %d", err);
1092 return err;
1093 }
1094
1095 break;
1096 case BT_BAP_BASS_OP_MOD_SRC:
1097 LOG_DBG("Assistant modifying source");
1098
1099 err = scan_delegator_mod_src(conn, &buf);
1100 if (err != 0) {
1101 LOG_DBG("Could not modify source %d", err);
1102 return err;
1103 }
1104
1105 break;
1106 case BT_BAP_BASS_OP_BROADCAST_CODE:
1107 LOG_DBG("Assistant setting broadcast code");
1108
1109 err = scan_delegator_broadcast_code(conn, &buf);
1110 if (err != 0) {
1111 LOG_DBG("Could not set broadcast code");
1112 return err;
1113 }
1114
1115 break;
1116 case BT_BAP_BASS_OP_REM_SRC:
1117 LOG_DBG("Assistant removing source");
1118
1119 err = scan_delegator_rem_src(conn, &buf);
1120 if (err != 0) {
1121 LOG_DBG("Could not remove source %d", err);
1122 return err;
1123 }
1124
1125 break;
1126 default:
1127 break;
1128 }
1129
1130 return len;
1131 }
1132
recv_state_cfg_changed(const struct bt_gatt_attr * attr,uint16_t value)1133 static void recv_state_cfg_changed(const struct bt_gatt_attr *attr,
1134 uint16_t value)
1135 {
1136 LOG_DBG("value 0x%04x", value);
1137 }
1138
read_recv_state(struct bt_conn * conn,const struct bt_gatt_attr * attr,void * buf,uint16_t len,uint16_t offset)1139 static ssize_t read_recv_state(struct bt_conn *conn,
1140 const struct bt_gatt_attr *attr, void *buf,
1141 uint16_t len, uint16_t offset)
1142 {
1143 uint8_t idx = POINTER_TO_UINT(BT_AUDIO_CHRC_USER_DATA(attr));
1144 struct bass_recv_state_internal *recv_state = &scan_delegator.recv_states[idx];
1145 struct bt_bap_scan_delegator_recv_state *state = &recv_state->state;
1146
1147 if (recv_state->active) {
1148 ssize_t ret_val;
1149 int err;
1150
1151 LOG_DBG("Index %u: Source ID 0x%02x", idx, state->src_id);
1152
1153 err = k_sem_take(&read_buf_sem, SCAN_DELEGATOR_BUF_SEM_TIMEOUT);
1154 if (err != 0) {
1155 LOG_DBG("Failed to take read_buf_sem: %d", err);
1156
1157 return err;
1158 }
1159
1160 bt_debug_dump_recv_state(recv_state);
1161 net_buf_put_recv_state(recv_state);
1162
1163 ret_val = bt_gatt_attr_read(conn, attr, buf, len, offset,
1164 read_buf.data, read_buf.len);
1165
1166 k_sem_give(&read_buf_sem);
1167
1168 return ret_val;
1169 }
1170 LOG_DBG("Index %u: Not active", idx);
1171 return bt_gatt_attr_read(conn, attr, buf, len, offset, NULL, 0);
1172
1173 }
1174
1175 #define RECEIVE_STATE_CHARACTERISTIC(idx) \
1176 BT_AUDIO_CHRC(BT_UUID_BASS_RECV_STATE, \
1177 BT_GATT_CHRC_READ | BT_GATT_CHRC_NOTIFY,\
1178 BT_GATT_PERM_READ_ENCRYPT, \
1179 read_recv_state, NULL, UINT_TO_POINTER(idx)), \
1180 BT_AUDIO_CCC(recv_state_cfg_changed)
1181
1182 static struct bt_gatt_attr attr_bass_svc[] = {
1183 BT_GATT_PRIMARY_SERVICE(BT_UUID_BASS),
1184 BT_AUDIO_CHRC(BT_UUID_BASS_CONTROL_POINT,
1185 BT_GATT_CHRC_WRITE_WITHOUT_RESP | BT_GATT_CHRC_WRITE,
1186 BT_GATT_PERM_WRITE_ENCRYPT,
1187 NULL, write_control_point, NULL),
1188 RECEIVE_STATE_CHARACTERISTIC(0),
1189 #if CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 1
1190 RECEIVE_STATE_CHARACTERISTIC(1),
1191 #if CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 2
1192 RECEIVE_STATE_CHARACTERISTIC(2)
1193 #endif /* CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 2 */
1194 #endif /* CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 1 */
1195 };
1196
1197 static struct bt_gatt_service bass_svc = BT_GATT_SERVICE(attr_bass_svc);
1198
bass_register(void)1199 static int bass_register(void)
1200 {
1201 int err;
1202
1203 err = bt_gatt_service_register(&bass_svc);
1204 if (err) {
1205 LOG_DBG("Failed to register BASS service (err %d)", err);
1206 return err;
1207 }
1208
1209 LOG_DBG("BASS service registered");
1210
1211 return 0;
1212 }
1213
bass_unregister(void)1214 static int bass_unregister(void)
1215 {
1216 int err;
1217
1218 err = bt_gatt_service_unregister(&bass_svc);
1219 if (err) {
1220 LOG_DBG("Failed to unregister BASS service (err %d)", err);
1221 return err;
1222 }
1223
1224 LOG_DBG("BASS service unregistered");
1225
1226 return 0;
1227 }
1228
1229 /****************************** PUBLIC API ******************************/
bt_bap_scan_delegator_register(struct bt_bap_scan_delegator_cb * cb)1230 int bt_bap_scan_delegator_register(struct bt_bap_scan_delegator_cb *cb)
1231 {
1232 int err;
1233
1234 if (atomic_test_and_set_bit(scan_delegator_flags,
1235 SCAN_DELEGATOR_FLAG_REGISTERED_SCAN_DELIGATOR)) {
1236 LOG_DBG("Scan delegator already registered");
1237 return -EALREADY;
1238 }
1239
1240 err = bass_register();
1241 if (err) {
1242 atomic_clear_bit(scan_delegator_flags,
1243 SCAN_DELEGATOR_FLAG_REGISTERED_SCAN_DELIGATOR);
1244 return err;
1245 }
1246
1247 /* Store the pointer to the first characteristic in each receive state */
1248 scan_delegator.recv_states[0].attr = &bass_svc.attrs[3];
1249 scan_delegator.recv_states[0].index = 0;
1250 #if CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 1
1251 scan_delegator.recv_states[1].attr = &bass_svc.attrs[6];
1252 scan_delegator.recv_states[1].index = 1;
1253 #if CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 2
1254 scan_delegator.recv_states[2].attr = &bass_svc.attrs[9];
1255 scan_delegator.recv_states[2].index = 2;
1256 #endif /* CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 2 */
1257 #endif /* CONFIG_BT_BAP_SCAN_DELEGATOR_RECV_STATE_COUNT > 1 */
1258
1259 if (!atomic_test_and_set_bit(scan_delegator_flags,
1260 SCAN_DELEGATOR_FLAG_REGISTERED_PA_SYNC_CB)) {
1261 err = bt_le_per_adv_sync_cb_register(&pa_sync_cb);
1262 if (err) {
1263 atomic_clear_bit(scan_delegator_flags,
1264 SCAN_DELEGATOR_FLAG_REGISTERED_PA_SYNC_CB);
1265 atomic_clear_bit(scan_delegator_flags,
1266 SCAN_DELEGATOR_FLAG_REGISTERED_SCAN_DELIGATOR);
1267 return err;
1268 }
1269 }
1270
1271 scan_delegator_cbs = cb;
1272
1273 return 0;
1274 }
1275
bt_bap_scan_delegator_unregister(void)1276 int bt_bap_scan_delegator_unregister(void)
1277 {
1278 int err;
1279
1280 if (!atomic_test_and_clear_bit(scan_delegator_flags,
1281 SCAN_DELEGATOR_FLAG_REGISTERED_SCAN_DELIGATOR)) {
1282 LOG_DBG("Scan delegator not yet registered");
1283 return -EALREADY;
1284 }
1285
1286 err = bass_unregister();
1287 if (err) {
1288 atomic_set_bit(scan_delegator_flags,
1289 SCAN_DELEGATOR_FLAG_REGISTERED_SCAN_DELIGATOR);
1290 return err;
1291 }
1292
1293 scan_delegator_cbs = NULL;
1294
1295 return 0;
1296 }
1297
bt_bap_scan_delegator_set_pa_state(uint8_t src_id,enum bt_bap_pa_state pa_state)1298 int bt_bap_scan_delegator_set_pa_state(uint8_t src_id,
1299 enum bt_bap_pa_state pa_state)
1300 {
1301 struct bass_recv_state_internal *internal_state = bass_lookup_src_id(src_id);
1302 struct bt_bap_scan_delegator_recv_state *recv_state;
1303
1304 if (internal_state == NULL) {
1305 LOG_DBG("Could not find recv_state by src_id %u", src_id);
1306 return -EINVAL;
1307 }
1308
1309 recv_state = &internal_state->state;
1310
1311 if (recv_state->pa_sync_state != pa_state) {
1312 recv_state->pa_sync_state = pa_state;
1313 receive_state_updated(NULL, internal_state);
1314 }
1315
1316 return 0;
1317 }
1318
bt_bap_scan_delegator_set_bis_sync_state(uint8_t src_id,uint32_t bis_synced[CONFIG_BT_BAP_BASS_MAX_SUBGROUPS])1319 int bt_bap_scan_delegator_set_bis_sync_state(
1320 uint8_t src_id,
1321 uint32_t bis_synced[CONFIG_BT_BAP_BASS_MAX_SUBGROUPS])
1322 {
1323 struct bass_recv_state_internal *internal_state = bass_lookup_src_id(src_id);
1324 bool notify = false;
1325
1326 if (internal_state == NULL) {
1327 LOG_DBG("Could not find recv_state by src_id %u", src_id);
1328 return -EINVAL;
1329 }
1330
1331 if (internal_state->state.pa_sync_state != BT_BAP_PA_STATE_SYNCED) {
1332 LOG_DBG("PA for src_id %u isn't synced, cannot be BIG synced",
1333 src_id);
1334 return -EINVAL;
1335 }
1336
1337 /* Verify state for all subgroups before assigning any data */
1338 for (uint8_t i = 0U; i < internal_state->state.num_subgroups; i++) {
1339 if (i >= CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
1340 break;
1341 }
1342
1343 if (bis_synced[i] == BT_BAP_BIS_SYNC_NO_PREF ||
1344 !bits_subset_of(bis_synced[i],
1345 internal_state->requested_bis_sync[i])) {
1346 LOG_DBG("Subgroup[%u] invalid bis_sync value %x for %x",
1347 i, bis_synced[i], internal_state->requested_bis_sync[i]);
1348
1349 return -EINVAL;
1350 }
1351 }
1352
1353 for (uint8_t i = 0U; i < internal_state->state.num_subgroups; i++) {
1354 struct bt_bap_bass_subgroup *subgroup =
1355 &internal_state->state.subgroups[i];
1356
1357 if (i >= CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
1358 break;
1359 }
1360
1361 if (bis_synced[i] != subgroup->bis_sync) {
1362 notify = true;
1363 subgroup->bis_sync = bis_synced[i];
1364 }
1365 }
1366
1367 LOG_DBG("Index %u: Source ID 0x%02x synced",
1368 internal_state->index, src_id);
1369
1370 if (internal_state->state.encrypt_state == BT_BAP_BIG_ENC_STATE_BAD_CODE) {
1371 (void)memcpy(internal_state->state.bad_code,
1372 internal_state->broadcast_code,
1373 sizeof(internal_state->state.bad_code));
1374 }
1375
1376 if (notify) {
1377 receive_state_updated(NULL, internal_state);
1378 }
1379
1380 return 0;
1381 }
1382
valid_bt_bap_scan_delegator_add_src_param(const struct bt_bap_scan_delegator_add_src_param * param)1383 static bool valid_bt_bap_scan_delegator_add_src_param(
1384 const struct bt_bap_scan_delegator_add_src_param *param)
1385 {
1386 uint32_t aggregated_bis_syncs = 0U;
1387
1388 if (param->broadcast_id > BT_AUDIO_BROADCAST_ID_MAX) {
1389 LOG_DBG("Invalid broadcast_id: %u", param->broadcast_id);
1390
1391 return false;
1392 }
1393
1394 CHECKIF(param->addr.type > BT_ADDR_LE_RANDOM) {
1395 LOG_DBG("param->addr.type %u is invalid", param->addr.type);
1396 return false;
1397 }
1398
1399 CHECKIF(param->sid > BT_GAP_SID_MAX) {
1400 LOG_DBG("param->sid %d is invalid", param->sid);
1401 return false;
1402 }
1403
1404 if (param->num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
1405 LOG_WRN("Too many subgroups %u/%u",
1406 param->num_subgroups,
1407 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
1408
1409 return false;
1410 }
1411
1412 for (uint8_t i = 0U; i < param->num_subgroups; i++) {
1413 const struct bt_bap_bass_subgroup *subgroup = ¶m->subgroups[i];
1414
1415 if (!bis_syncs_unique_or_no_pref(subgroup->bis_sync,
1416 aggregated_bis_syncs)) {
1417 LOG_DBG("Invalid BIS sync: %u", subgroup->bis_sync);
1418
1419 return false;
1420 }
1421
1422 if (subgroup->metadata_len > CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE) {
1423 LOG_DBG("subgroup[%u]: Invalid metadata_len: %u",
1424 i, subgroup->metadata_len);
1425
1426 return false;
1427 }
1428 }
1429
1430 return true;
1431 }
1432
bt_bap_scan_delegator_add_src(const struct bt_bap_scan_delegator_add_src_param * param)1433 int bt_bap_scan_delegator_add_src(const struct bt_bap_scan_delegator_add_src_param *param)
1434 {
1435 struct bass_recv_state_internal *internal_state = NULL;
1436 struct bt_bap_scan_delegator_recv_state *state;
1437 struct bt_le_per_adv_sync *pa_sync;
1438
1439 CHECKIF(!valid_bt_bap_scan_delegator_add_src_param(param)) {
1440 return -EINVAL;
1441 }
1442
1443 pa_sync = bt_le_per_adv_sync_lookup_addr(¶m->addr, param->sid);
1444
1445 if (pa_sync != NULL) {
1446 internal_state = bass_lookup_pa_sync(pa_sync);
1447 if (internal_state != NULL) {
1448 LOG_DBG("PA Sync already in a receive state with src_id %u",
1449 internal_state->state.src_id);
1450
1451 return -EALREADY;
1452 }
1453 }
1454
1455 internal_state = get_free_recv_state();
1456 if (internal_state == NULL) {
1457 LOG_DBG("Could not get free receive state");
1458
1459 return -ENOMEM;
1460 }
1461
1462 state = &internal_state->state;
1463
1464 state->src_id = next_src_id();
1465 bt_addr_le_copy(&state->addr, ¶m->addr);
1466 state->adv_sid = param->sid;
1467 state->broadcast_id = param->broadcast_id;
1468 state->pa_sync_state =
1469 pa_sync == NULL ? BT_BAP_PA_STATE_NOT_SYNCED : BT_BAP_PA_STATE_SYNCED;
1470 state->num_subgroups = param->num_subgroups;
1471 if (state->num_subgroups > 0U) {
1472 (void)memcpy(state->subgroups, param->subgroups,
1473 sizeof(state->subgroups));
1474 } else {
1475 (void)memset(state->subgroups, 0, sizeof(state->subgroups));
1476 }
1477
1478 internal_state->active = true;
1479 internal_state->pa_sync = pa_sync;
1480
1481 /* Set all requested_bis_sync to BT_BAP_BIS_SYNC_NO_PREF, as no
1482 * Broadcast Assistant has set any requests yet
1483 */
1484 for (size_t i = 0U; i < ARRAY_SIZE(internal_state->requested_bis_sync); i++) {
1485 internal_state->requested_bis_sync[i] = BT_BAP_BIS_SYNC_NO_PREF;
1486 }
1487
1488 LOG_DBG("Index %u: New source added: ID 0x%02x",
1489 internal_state->index, state->src_id);
1490
1491 receive_state_updated(NULL, internal_state);
1492
1493 return state->src_id;
1494 }
1495
valid_bt_bap_scan_delegator_mod_src_param(const struct bt_bap_scan_delegator_mod_src_param * param)1496 static bool valid_bt_bap_scan_delegator_mod_src_param(
1497 const struct bt_bap_scan_delegator_mod_src_param *param)
1498 {
1499 uint32_t aggregated_bis_syncs = 0U;
1500
1501 if (param->broadcast_id > BT_AUDIO_BROADCAST_ID_MAX) {
1502 LOG_DBG("Invalid broadcast_id: %u", param->broadcast_id);
1503
1504 return false;
1505 }
1506
1507 if (param->num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
1508 LOG_WRN("Too many subgroups %u/%u",
1509 param->num_subgroups,
1510 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
1511
1512 return false;
1513 }
1514
1515 for (uint8_t i = 0U; i < param->num_subgroups; i++) {
1516 const struct bt_bap_bass_subgroup *subgroup = ¶m->subgroups[i];
1517
1518 if (subgroup->bis_sync != BT_BAP_BIS_SYNC_FAILED &&
1519 !bis_syncs_unique_or_no_pref(subgroup->bis_sync, aggregated_bis_syncs)) {
1520 LOG_DBG("Invalid BIS sync: %u", subgroup->bis_sync);
1521
1522 return false;
1523 }
1524
1525 if (subgroup->metadata_len > CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE) {
1526 LOG_DBG("subgroup[%u]: Invalid metadata_len: %u",
1527 i, subgroup->metadata_len);
1528
1529 return false;
1530 }
1531 }
1532
1533 return true;
1534 }
1535
bt_bap_scan_delegator_mod_src(const struct bt_bap_scan_delegator_mod_src_param * param)1536 int bt_bap_scan_delegator_mod_src(const struct bt_bap_scan_delegator_mod_src_param *param)
1537 {
1538 struct bass_recv_state_internal *internal_state = NULL;
1539 struct bt_bap_scan_delegator_recv_state *state;
1540 bool state_changed = false;
1541
1542 CHECKIF(!valid_bt_bap_scan_delegator_mod_src_param(param)) {
1543 return -EINVAL;
1544 }
1545
1546 internal_state = bass_lookup_src_id(param->src_id);
1547 if (internal_state == NULL) {
1548 LOG_DBG("Could not find receive state with src_id %u", param->src_id);
1549
1550 return -ENOENT;
1551 }
1552
1553 state = &internal_state->state;
1554
1555 if (state->broadcast_id != param->broadcast_id) {
1556 state->broadcast_id = param->broadcast_id;
1557 state_changed = true;
1558 }
1559
1560 if (state->num_subgroups != param->num_subgroups) {
1561 state->num_subgroups = param->num_subgroups;
1562 state_changed = true;
1563 }
1564
1565 if (state->encrypt_state != param->encrypt_state) {
1566 state->encrypt_state = param->encrypt_state;
1567
1568 if (state->encrypt_state == BT_BAP_BIG_ENC_STATE_BAD_CODE) {
1569 (void)memcpy(state->bad_code, internal_state->broadcast_code,
1570 sizeof(internal_state->state.bad_code));
1571 }
1572
1573 state_changed = true;
1574 }
1575
1576 /* Verify that the BIS sync values is acceptable for the receive state */
1577 for (uint8_t i = 0U; i < state->num_subgroups; i++) {
1578 const uint32_t bis_sync = param->subgroups[i].bis_sync;
1579 const uint32_t bis_sync_requested = internal_state->requested_bis_sync[i];
1580
1581 if (bis_sync != BT_BAP_BIS_SYNC_FAILED &&
1582 !bits_subset_of(bis_sync, bis_sync_requested)) {
1583 LOG_DBG("Subgroup[%d] invalid bis_sync value %x for %x",
1584 i, bis_sync, bis_sync_requested);
1585
1586 return -EINVAL;
1587 }
1588 }
1589
1590 for (uint8_t i = 0U; i < state->num_subgroups; i++) {
1591 const struct bt_bap_bass_subgroup *param_subgroup = ¶m->subgroups[i];
1592 struct bt_bap_bass_subgroup *subgroup = &state->subgroups[i];
1593
1594 if (subgroup->bis_sync != param_subgroup->bis_sync) {
1595 subgroup->bis_sync = param_subgroup->bis_sync;
1596 state_changed = true;
1597 }
1598
1599 /* If the metadata len is 0, we shall not overwrite the existing metadata */
1600 if (param_subgroup->metadata_len == 0U) {
1601 continue;
1602 }
1603
1604 if (subgroup->metadata_len != param_subgroup->metadata_len) {
1605 subgroup->metadata_len = param_subgroup->metadata_len;
1606 state_changed = true;
1607 }
1608
1609 if (subgroup->metadata_len != param_subgroup->metadata_len ||
1610 memcmp(subgroup->metadata, param_subgroup->metadata,
1611 param_subgroup->metadata_len) != 0) {
1612 (void)memcpy(subgroup->metadata,
1613 param_subgroup->metadata,
1614 param_subgroup->metadata_len);
1615 subgroup->metadata_len = param_subgroup->metadata_len;
1616 state_changed = true;
1617 }
1618 }
1619
1620 if (state_changed) {
1621 LOG_DBG("Index %u: Source modified: ID 0x%02x",
1622 internal_state->index, state->src_id);
1623
1624 receive_state_updated(NULL, internal_state);
1625 }
1626
1627 return 0;
1628 }
1629
bt_bap_scan_delegator_rem_src(uint8_t src_id)1630 int bt_bap_scan_delegator_rem_src(uint8_t src_id)
1631 {
1632 struct net_buf_simple buf;
1633
1634 net_buf_simple_init_with_data(&buf, (void *)&src_id, sizeof(src_id));
1635
1636 if (scan_delegator_rem_src(NULL, &buf) == 0) {
1637 return 0;
1638 } else {
1639 return -EINVAL;
1640 }
1641 }
1642
bt_bap_scan_delegator_foreach_state(bt_bap_scan_delegator_state_func_t func,void * user_data)1643 void bt_bap_scan_delegator_foreach_state(bt_bap_scan_delegator_state_func_t func, void *user_data)
1644 {
1645 for (size_t i = 0U; i < ARRAY_SIZE(scan_delegator.recv_states); i++) {
1646 if (scan_delegator.recv_states[i].active) {
1647 bool stop;
1648
1649 stop = func(&scan_delegator.recv_states[i].state, user_data);
1650 if (stop) {
1651 return;
1652 }
1653 }
1654 }
1655 }
1656
1657 struct scan_delegator_state_find_state_param {
1658 const struct bt_bap_scan_delegator_recv_state *recv_state;
1659 bt_bap_scan_delegator_state_func_t func;
1660 void *user_data;
1661 };
1662
1663 static bool
scan_delegator_state_find_state_cb(const struct bt_bap_scan_delegator_recv_state * recv_state,void * user_data)1664 scan_delegator_state_find_state_cb(const struct bt_bap_scan_delegator_recv_state *recv_state,
1665 void *user_data)
1666 {
1667 struct scan_delegator_state_find_state_param *param = user_data;
1668 bool found;
1669
1670 found = param->func(recv_state, param->user_data);
1671 if (found) {
1672 param->recv_state = recv_state;
1673
1674 return true;
1675 }
1676
1677 return false;
1678 }
1679
1680 const struct bt_bap_scan_delegator_recv_state *
bt_bap_scan_delegator_find_state(bt_bap_scan_delegator_state_func_t func,void * user_data)1681 bt_bap_scan_delegator_find_state(bt_bap_scan_delegator_state_func_t func, void *user_data)
1682 {
1683 struct scan_delegator_state_find_state_param param = {
1684 .recv_state = NULL,
1685 .func = func,
1686 .user_data = user_data,
1687 };
1688
1689 bt_bap_scan_delegator_foreach_state(scan_delegator_state_find_state_cb, ¶m);
1690
1691 return param.recv_state;
1692 }
1693
bt_bap_scan_delegator_lookup_src_id(uint8_t src_id)1694 const struct bt_bap_scan_delegator_recv_state *bt_bap_scan_delegator_lookup_src_id(uint8_t src_id)
1695 {
1696 const struct bass_recv_state_internal *internal_state = bass_lookup_src_id(src_id);
1697
1698 if (internal_state != NULL) {
1699 return &internal_state->state;
1700 }
1701
1702 return NULL;
1703 }
1704
