1 /* Bluetooth BAP Broadcast Assistant */
2
3 /*
4 * Copyright (c) 2019 Bose Corporation
5 * Copyright (c) 2022-2023 Nordic Semiconductor ASA
6 * Copyright (c) 2024 Demant A/S
7 *
8 * SPDX-License-Identifier: Apache-2.0
9 */
10
11 #include <errno.h>
12 #include <stdbool.h>
13 #include <stddef.h>
14 #include <stdint.h>
15 #include <string.h>
16
17 #include <zephyr/autoconf.h>
18 #include <zephyr/bluetooth/addr.h>
19 #include <zephyr/bluetooth/audio/audio.h>
20 #include <zephyr/bluetooth/audio/bap.h>
21 #include <zephyr/bluetooth/bluetooth.h>
22 #include <zephyr/bluetooth/conn.h>
23 #include <zephyr/bluetooth/gap.h>
24 #include <zephyr/bluetooth/gatt.h>
25 #include <zephyr/bluetooth/att.h>
26 #include <zephyr/bluetooth/hci_types.h>
27 #include <zephyr/bluetooth/iso.h>
28 #include <zephyr/bluetooth/l2cap.h>
29 #include <zephyr/bluetooth/buf.h>
30 #include <zephyr/bluetooth/uuid.h>
31 #include <zephyr/device.h>
32 #include <zephyr/init.h>
33 #include <zephyr/kernel.h>
34 #include <zephyr/net_buf.h>
35 #include <zephyr/sys/__assert.h>
36 #include <zephyr/sys/atomic.h>
37 #include <zephyr/sys/byteorder.h>
38 #include <zephyr/sys/check.h>
39 #include <zephyr/sys/slist.h>
40 #include <zephyr/sys/util.h>
41 #include <zephyr/sys/util_macro.h>
42 #include <zephyr/types.h>
43
44 #include <zephyr/logging/log.h>
45 #include <sys/errno.h>
46
47 LOG_MODULE_REGISTER(bt_bap_broadcast_assistant, CONFIG_BT_BAP_BROADCAST_ASSISTANT_LOG_LEVEL);
48
49 #include "common/bt_str.h"
50
51 #include "bap_internal.h"
52 #include "../host/conn_internal.h"
53 #include "../host/hci_core.h"
54
55 #define MINIMUM_RECV_STATE_LEN 15
56
57 struct bap_broadcast_assistant_recv_state_info {
58 uint8_t src_id;
59 /** Cached PAST available */
60 bool past_avail;
61 uint8_t adv_sid;
62 uint32_t broadcast_id;
63 bt_addr_le_t addr;
64 };
65
66 enum bap_broadcast_assistant_flag {
67 BAP_BA_FLAG_BUSY,
68 BAP_BA_FLAG_DISCOVER_IN_PROGRESS,
69 BAP_BA_FLAG_SCANNING,
70
71 BAP_BA_FLAG_NUM_FLAGS, /* keep as last */
72 };
73
74 struct bap_broadcast_assistant_instance {
75 struct bt_conn *conn;
76 bool scanning;
77 uint8_t pa_sync;
78 uint8_t recv_state_cnt;
79
80 uint16_t start_handle;
81 uint16_t end_handle;
82 uint16_t cp_handle;
83 uint16_t recv_state_handles[CONFIG_BT_BAP_BROADCAST_ASSISTANT_RECV_STATE_COUNT];
84
85 struct bt_gatt_subscribe_params recv_state_sub_params
86 [CONFIG_BT_BAP_BROADCAST_ASSISTANT_RECV_STATE_COUNT];
87 struct bt_gatt_discover_params
88 recv_state_disc_params[CONFIG_BT_BAP_BROADCAST_ASSISTANT_RECV_STATE_COUNT];
89
90 /* We ever only allow a single outstanding operation per instance, so we can resuse the
91 * memory for the GATT params
92 */
93 union {
94 struct bt_gatt_read_params read_params;
95 struct bt_gatt_write_params write_params;
96 struct bt_gatt_discover_params disc_params;
97 };
98
99 struct k_work_delayable bap_read_work;
100 uint16_t long_read_handle;
101
102 struct bap_broadcast_assistant_recv_state_info
103 recv_states[CONFIG_BT_BAP_BROADCAST_ASSISTANT_RECV_STATE_COUNT];
104
105 ATOMIC_DEFINE(flags, BAP_BA_FLAG_NUM_FLAGS);
106 };
107
108 static sys_slist_t broadcast_assistant_cbs = SYS_SLIST_STATIC_INIT(&broadcast_assistant_cbs);
109
110 static struct bap_broadcast_assistant_instance broadcast_assistants[CONFIG_BT_MAX_CONN];
111 static struct bt_uuid_16 uuid = BT_UUID_INIT_16(0);
112
113 #define ATT_BUF_SIZE BT_ATT_MAX_ATTRIBUTE_LEN
114 NET_BUF_SIMPLE_DEFINE_STATIC(att_buf, ATT_BUF_SIZE);
115
116 static int read_recv_state(struct bap_broadcast_assistant_instance *inst, uint8_t idx);
117
lookup_index_by_handle(struct bap_broadcast_assistant_instance * inst,uint16_t handle)118 static int16_t lookup_index_by_handle(struct bap_broadcast_assistant_instance *inst,
119 uint16_t handle)
120 {
121 for (size_t i = 0U; i < ARRAY_SIZE(inst->recv_state_handles); i++) {
122 if (inst->recv_state_handles[i] == handle) {
123 return i;
124 }
125 }
126
127 LOG_ERR("Unknown handle 0x%04x", handle);
128
129 return -1;
130 }
131
inst_by_conn(struct bt_conn * conn)132 static struct bap_broadcast_assistant_instance *inst_by_conn(struct bt_conn *conn)
133 {
134 struct bap_broadcast_assistant_instance *inst;
135
136 if (conn == NULL) {
137 LOG_DBG("NULL conn");
138 return NULL;
139 }
140
141 inst = &broadcast_assistants[bt_conn_index(conn)];
142
143 if (inst->conn == conn) {
144 return inst;
145 }
146
147 return NULL;
148 }
149
bap_broadcast_assistant_discover_complete(struct bt_conn * conn,int err,uint8_t recv_state_count)150 static void bap_broadcast_assistant_discover_complete(struct bt_conn *conn, int err,
151 uint8_t recv_state_count)
152 {
153 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
154 struct bt_bap_broadcast_assistant_cb *listener, *next;
155
156 net_buf_simple_reset(&att_buf);
157 if (inst != NULL) {
158 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
159 atomic_clear_bit(inst->flags, BAP_BA_FLAG_DISCOVER_IN_PROGRESS);
160 }
161
162 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&broadcast_assistant_cbs,
163 listener, next, _node) {
164 if (listener->discover) {
165 listener->discover(conn, err, recv_state_count);
166 }
167 }
168 }
169
bap_broadcast_assistant_recv_state_changed(struct bt_conn * conn,int err,const struct bt_bap_scan_delegator_recv_state * state)170 static void bap_broadcast_assistant_recv_state_changed(
171 struct bt_conn *conn, int err, const struct bt_bap_scan_delegator_recv_state *state)
172 {
173 struct bt_bap_broadcast_assistant_cb *listener, *next;
174
175 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&broadcast_assistant_cbs,
176 listener, next, _node) {
177 if (listener->recv_state) {
178 listener->recv_state(conn, err, state);
179 }
180 }
181 }
182
bap_broadcast_assistant_recv_state_removed(struct bt_conn * conn,uint8_t src_id)183 static void bap_broadcast_assistant_recv_state_removed(struct bt_conn *conn, uint8_t src_id)
184 {
185 struct bt_bap_broadcast_assistant_cb *listener, *next;
186
187 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&broadcast_assistant_cbs,
188 listener, next, _node) {
189 if (listener->recv_state_removed) {
190 listener->recv_state_removed(conn, src_id);
191 }
192 }
193 }
194
bap_broadcast_assistant_scan_results(const struct bt_le_scan_recv_info * info,uint32_t broadcast_id)195 static void bap_broadcast_assistant_scan_results(const struct bt_le_scan_recv_info *info,
196 uint32_t broadcast_id)
197 {
198 struct bt_bap_broadcast_assistant_cb *listener, *next;
199
200 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&broadcast_assistant_cbs, listener, next, _node) {
201 if (listener->scan) {
202 listener->scan(info, broadcast_id);
203 }
204 }
205 }
206
past_available(const struct bt_conn * conn,const bt_addr_le_t * adv_addr,uint8_t sid)207 static bool past_available(const struct bt_conn *conn,
208 const bt_addr_le_t *adv_addr,
209 uint8_t sid)
210 {
211 if (IS_ENABLED(CONFIG_BT_PER_ADV_SYNC_TRANSFER_SENDER)) {
212 LOG_DBG("%p remote %s PAST, local %s PAST", (void *)conn,
213 BT_FEAT_LE_PAST_RECV(conn->le.features) ? "supports" : "does not support",
214 BT_FEAT_LE_PAST_SEND(bt_dev.le.features) ? "supports" : "does not support");
215
216 return BT_FEAT_LE_PAST_RECV(conn->le.features) &&
217 BT_FEAT_LE_PAST_SEND(bt_dev.le.features) &&
218 bt_le_per_adv_sync_lookup_addr(adv_addr, sid) != NULL;
219 } else {
220 return false;
221 }
222 }
223
parse_recv_state(const void * data,uint16_t length,struct bt_bap_scan_delegator_recv_state * recv_state)224 static int parse_recv_state(const void *data, uint16_t length,
225 struct bt_bap_scan_delegator_recv_state *recv_state)
226 {
227 struct net_buf_simple buf;
228 bt_addr_t *addr;
229
230 __ASSERT(recv_state, "NULL receive state");
231
232 if (data == NULL || length == 0) {
233 LOG_DBG("NULL data");
234 return -EINVAL;
235 }
236
237 if (length < MINIMUM_RECV_STATE_LEN) {
238 LOG_DBG("Invalid receive state length %u, expected at least %u",
239 length, MINIMUM_RECV_STATE_LEN);
240 return -EINVAL;
241 }
242
243 net_buf_simple_init_with_data(&buf, (void *)data, length);
244
245 (void)memset(recv_state, 0, sizeof(*recv_state));
246
247 recv_state->src_id = net_buf_simple_pull_u8(&buf);
248 recv_state->addr.type = net_buf_simple_pull_u8(&buf);
249 addr = net_buf_simple_pull_mem(&buf, sizeof(*addr));
250 bt_addr_copy(&recv_state->addr.a, addr);
251 recv_state->adv_sid = net_buf_simple_pull_u8(&buf);
252 recv_state->broadcast_id = net_buf_simple_pull_le24(&buf);
253 recv_state->pa_sync_state = net_buf_simple_pull_u8(&buf);
254 recv_state->encrypt_state = net_buf_simple_pull_u8(&buf);
255 if (recv_state->encrypt_state == BT_BAP_BIG_ENC_STATE_BAD_CODE) {
256 uint8_t *broadcast_code;
257 const size_t minimum_size = sizeof(recv_state->bad_code) +
258 sizeof(recv_state->num_subgroups);
259
260 if (buf.len < minimum_size) {
261 LOG_DBG("Invalid receive state length %u, expected at least %zu",
262 buf.len, minimum_size);
263 return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
264 }
265
266 broadcast_code = net_buf_simple_pull_mem(&buf, BT_ISO_BROADCAST_CODE_SIZE);
267 (void)memcpy(recv_state->bad_code, broadcast_code,
268 sizeof(recv_state->bad_code));
269 }
270
271 recv_state->num_subgroups = net_buf_simple_pull_u8(&buf);
272 if (recv_state->num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
273 LOG_DBG("Cannot parse %u subgroups (max %d)", recv_state->num_subgroups,
274 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
275
276 return -ENOMEM;
277 }
278
279 for (int i = 0; i < recv_state->num_subgroups; i++) {
280 struct bt_bap_bass_subgroup *subgroup = &recv_state->subgroups[i];
281 uint8_t *metadata;
282
283 if (buf.len < sizeof(subgroup->bis_sync)) {
284 LOG_DBG("Invalid receive state length %u, expected at least %zu",
285 buf.len, buf.len + sizeof(subgroup->bis_sync));
286 return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
287 }
288
289 subgroup->bis_sync = net_buf_simple_pull_le32(&buf);
290
291 if (buf.len < sizeof(subgroup->metadata_len)) {
292 LOG_DBG("Invalid receive state length %u, expected at least %zu",
293 buf.len, buf.len + sizeof(subgroup->metadata_len));
294 return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
295 }
296 subgroup->metadata_len = net_buf_simple_pull_u8(&buf);
297
298 if (buf.len < subgroup->metadata_len) {
299 LOG_DBG("Invalid receive state length %u, expected at least %u",
300 buf.len, buf.len + subgroup->metadata_len);
301 return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
302 }
303
304 if (subgroup->metadata_len > sizeof(subgroup->metadata)) {
305 LOG_DBG("Metadata too long: %u/%zu",
306 subgroup->metadata_len,
307 sizeof(subgroup->metadata));
308 return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
309 }
310
311 metadata = net_buf_simple_pull_mem(&buf,
312 subgroup->metadata_len);
313 (void)memcpy(subgroup->metadata, metadata,
314 subgroup->metadata_len);
315 }
316
317 if (buf.len != 0) {
318 LOG_DBG("Invalid receive state length %u, but only %u was parsed",
319 length, length - buf.len);
320 return BT_GATT_ERR(BT_ATT_ERR_INVALID_ATTRIBUTE_LEN);
321 }
322
323 return 0;
324 }
325
bap_long_read_reset(struct bap_broadcast_assistant_instance * inst)326 static void bap_long_read_reset(struct bap_broadcast_assistant_instance *inst)
327 {
328 inst->long_read_handle = 0;
329 net_buf_simple_reset(&att_buf);
330 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
331 }
332
parse_and_send_recv_state(struct bt_conn * conn,uint16_t handle,const void * data,uint16_t length,struct bt_bap_scan_delegator_recv_state * recv_state)333 static uint8_t parse_and_send_recv_state(struct bt_conn *conn, uint16_t handle,
334 const void *data, uint16_t length,
335 struct bt_bap_scan_delegator_recv_state *recv_state)
336 {
337 int err;
338 int16_t index;
339 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
340
341 if (inst == NULL) {
342 return BT_GATT_ITER_STOP;
343 }
344
345 err = parse_recv_state(data, length, recv_state);
346 if (err != 0) {
347 LOG_WRN("Invalid receive state received");
348
349 return BT_GATT_ITER_STOP;
350 }
351
352 index = lookup_index_by_handle(inst, handle);
353 if (index < 0) {
354 LOG_DBG("Invalid index");
355
356 return BT_GATT_ITER_STOP;
357 }
358
359 inst->recv_states[index].src_id = recv_state->src_id;
360 inst->recv_states[index].past_avail = past_available(conn, &recv_state->addr,
361 recv_state->adv_sid);
362
363 bap_broadcast_assistant_recv_state_changed(conn, 0, recv_state);
364
365 return BT_GATT_ITER_CONTINUE;
366 }
367
broadcast_assistant_bap_ntf_read_func(struct bt_conn * conn,uint8_t err,struct bt_gatt_read_params * read,const void * data,uint16_t length)368 static uint8_t broadcast_assistant_bap_ntf_read_func(struct bt_conn *conn, uint8_t err,
369 struct bt_gatt_read_params *read,
370 const void *data, uint16_t length)
371 {
372 struct bt_bap_scan_delegator_recv_state recv_state;
373 uint16_t handle = read->single.handle;
374 uint16_t data_length;
375 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
376
377 if (inst == NULL) {
378 return BT_GATT_ITER_STOP;
379 }
380
381 LOG_DBG("conn %p err 0x%02x len %u", conn, err, length);
382
383 if (err) {
384 LOG_DBG("Failed to read: %u", err);
385 memset(read, 0, sizeof(*read));
386 bap_long_read_reset(inst);
387
388 return BT_GATT_ITER_STOP;
389 }
390
391 LOG_DBG("handle 0x%04x", handle);
392
393 if (data != NULL) {
394 if (net_buf_simple_tailroom(&att_buf) < length) {
395 LOG_DBG("Buffer full, invalid server response of size %u",
396 length + att_buf.len);
397 memset(read, 0, sizeof(*read));
398 bap_long_read_reset(inst);
399
400 return BT_GATT_ITER_STOP;
401 }
402
403 /* store data*/
404 net_buf_simple_add_mem(&att_buf, data, length);
405
406 return BT_GATT_ITER_CONTINUE;
407 }
408
409 /* we reset the buffer so that it is ready for new data */
410 memset(read, 0, sizeof(*read));
411 data_length = att_buf.len;
412 bap_long_read_reset(inst);
413
414 /* do the parse and callback to send notify to application*/
415 parse_and_send_recv_state(conn, handle, att_buf.data, data_length, &recv_state);
416
417 return BT_GATT_ITER_STOP;
418 }
419
long_bap_read(struct bt_conn * conn,uint16_t handle)420 static void long_bap_read(struct bt_conn *conn, uint16_t handle)
421 {
422 int err;
423 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
424
425 if (inst == NULL) {
426 return;
427 }
428
429 if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
430 LOG_DBG("conn %p", conn);
431
432 /* If the client is busy reading reschedule the long read */
433 struct bt_conn_info conn_info;
434
435 err = bt_conn_get_info(conn, &conn_info);
436 if (err != 0) {
437 LOG_DBG("Failed to get conn info, use default interval");
438
439 conn_info.le.interval = BT_GAP_INIT_CONN_INT_MIN;
440 }
441
442 /* Wait a connection interval to retry */
443 err = k_work_reschedule(&inst->bap_read_work,
444 K_USEC(BT_CONN_INTERVAL_TO_US(conn_info.le.interval)));
445 if (err < 0) {
446 LOG_DBG("Failed to reschedule read work: %d", err);
447 bap_long_read_reset(inst);
448 }
449
450 return;
451 }
452
453 inst->read_params.func = broadcast_assistant_bap_ntf_read_func;
454 inst->read_params.handle_count = 1U;
455 inst->read_params.single.handle = handle;
456 inst->read_params.single.offset = att_buf.len;
457
458 err = bt_gatt_read(conn, &inst->read_params);
459 if (err != 0) {
460 /* TODO: If read failed due to buffers, retry */
461 LOG_DBG("Failed to read: %d", err);
462 bap_long_read_reset(inst);
463 }
464 }
465
delayed_bap_read_handler(struct k_work * work)466 static void delayed_bap_read_handler(struct k_work *work)
467 {
468 struct bap_broadcast_assistant_instance *inst =
469 CONTAINER_OF((struct k_work_delayable *)work,
470 struct bap_broadcast_assistant_instance, bap_read_work);
471 long_bap_read(inst->conn, inst->long_read_handle);
472 }
473
474 /** @brief Handles notifications and indications from the server */
notify_handler(struct bt_conn * conn,struct bt_gatt_subscribe_params * params,const void * data,uint16_t length)475 static uint8_t notify_handler(struct bt_conn *conn,
476 struct bt_gatt_subscribe_params *params,
477 const void *data, uint16_t length)
478 {
479 uint16_t handle = params->value_handle;
480 struct bt_bap_scan_delegator_recv_state recv_state;
481 int16_t index;
482 struct bap_broadcast_assistant_instance *inst;
483
484 if (conn == NULL) {
485 /* Indicates that the CCC has been removed - no-op */
486 return BT_GATT_ITER_CONTINUE;
487 }
488
489 inst = inst_by_conn(conn);
490
491 if (inst == NULL) {
492 return BT_GATT_ITER_STOP;
493 }
494
495 if (atomic_test_bit(inst->flags, BAP_BA_FLAG_DISCOVER_IN_PROGRESS)) {
496 /* If we are discovering then we ignore notifications as the handles may change */
497 return BT_GATT_ITER_CONTINUE;
498 }
499
500 if (data == NULL) {
501 LOG_DBG("[UNSUBSCRIBED] %u", handle);
502 params->value_handle = 0U;
503
504 return BT_GATT_ITER_STOP;
505 }
506
507 LOG_HEXDUMP_DBG(data, length, "Receive state notification:");
508
509 index = lookup_index_by_handle(inst, handle);
510 if (index < 0) {
511 LOG_DBG("Invalid index");
512
513 return BT_GATT_ITER_STOP;
514 }
515
516 if (length != 0) {
517 const uint8_t att_ntf_header_size = 3; /* opcode (1) + handle (2) */
518 const uint16_t max_ntf_size = bt_gatt_get_mtu(conn) - att_ntf_header_size;
519
520 /* Cancel any pending long reads containing now obsolete information */
521 (void)k_work_cancel_delayable(&inst->bap_read_work);
522
523 if (length == max_ntf_size) {
524 /* TODO: if we are busy we should not overwrite the long_read_handle,
525 * we'll have to keep track of the handle and parameters separately
526 * for each characteristic, similar to the bt_bap_unicast_client_ep
527 * struct for the unicast client
528 */
529 inst->long_read_handle = handle;
530
531 if (!atomic_test_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
532 net_buf_simple_add_mem(&att_buf, data, length);
533 }
534
535 long_bap_read(conn, handle);
536 } else {
537 return parse_and_send_recv_state(conn, handle, data, length, &recv_state);
538 }
539 } else {
540 inst->recv_states[index].past_avail = false;
541 bap_broadcast_assistant_recv_state_removed(conn, inst->recv_states[index].src_id);
542 }
543
544 return BT_GATT_ITER_CONTINUE;
545 }
546
read_recv_state_cb(struct bt_conn * conn,uint8_t err,struct bt_gatt_read_params * params,const void * data,uint16_t length)547 static uint8_t read_recv_state_cb(struct bt_conn *conn, uint8_t err,
548 struct bt_gatt_read_params *params,
549 const void *data, uint16_t length)
550 {
551 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
552
553 if (inst == NULL) {
554 return BT_GATT_ITER_STOP;
555 }
556
557 uint16_t handle = params->single.handle;
558 uint8_t last_handle_index = inst->recv_state_cnt - 1;
559 uint16_t last_handle = inst->recv_state_handles[last_handle_index];
560 struct bt_bap_scan_delegator_recv_state recv_state;
561 int cb_err = err;
562 bool active_recv_state = data != NULL && length != 0;
563
564 /* TODO: Split discovery and receive state characteristic read */
565
566 (void)memset(params, 0, sizeof(*params));
567
568 LOG_DBG("%s receive state", active_recv_state ? "Active " : "Inactive");
569
570 if (cb_err == 0 && active_recv_state) {
571 int16_t index;
572
573 index = lookup_index_by_handle(inst, handle);
574 if (index < 0) {
575 cb_err = BT_GATT_ERR(BT_ATT_ERR_INVALID_HANDLE);
576 } else {
577 cb_err = parse_recv_state(data, length, &recv_state);
578
579 if (cb_err != 0) {
580 LOG_DBG("Invalid receive state");
581 } else {
582 struct bap_broadcast_assistant_recv_state_info *stored_state =
583 &inst->recv_states[index];
584
585 stored_state->src_id = recv_state.src_id;
586 stored_state->adv_sid = recv_state.adv_sid;
587 stored_state->broadcast_id = recv_state.broadcast_id;
588 bt_addr_le_copy(&stored_state->addr, &recv_state.addr);
589 inst->recv_states[index].past_avail =
590 past_available(conn, &recv_state.addr,
591 recv_state.adv_sid);
592 }
593 }
594 }
595
596 if (cb_err != 0) {
597 LOG_DBG("err %d", cb_err);
598
599 if (atomic_test_bit(inst->flags, BAP_BA_FLAG_DISCOVER_IN_PROGRESS)) {
600 bap_broadcast_assistant_discover_complete(conn, cb_err, 0);
601 } else {
602 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
603 bap_broadcast_assistant_recv_state_changed(conn, cb_err, NULL);
604 }
605 } else if (handle == last_handle) {
606 if (atomic_test_bit(inst->flags, BAP_BA_FLAG_DISCOVER_IN_PROGRESS)) {
607 const uint8_t recv_state_cnt = inst->recv_state_cnt;
608
609 bap_broadcast_assistant_discover_complete(conn, cb_err, recv_state_cnt);
610 } else {
611 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
612 bap_broadcast_assistant_recv_state_changed(conn, cb_err,
613 active_recv_state ?
614 &recv_state : NULL);
615 }
616 } else {
617 for (uint8_t i = 0U; i < inst->recv_state_cnt; i++) {
618 if (handle != inst->recv_state_handles[i]) {
619 continue;
620 }
621
622 if (i + 1 < ARRAY_SIZE(inst->recv_state_handles)) {
623 cb_err = read_recv_state(inst, i + 1);
624 if (cb_err != 0) {
625 LOG_DBG("Failed to read receive state: %d", cb_err);
626
627 if (atomic_test_bit(inst->flags,
628 BAP_BA_FLAG_DISCOVER_IN_PROGRESS)) {
629 bap_broadcast_assistant_discover_complete(
630 conn, cb_err, 0);
631 } else {
632 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
633 bap_broadcast_assistant_recv_state_changed(
634 conn, cb_err, NULL);
635 }
636 }
637 }
638 break;
639 }
640 }
641
642 return BT_GATT_ITER_STOP;
643 }
644
discover_init(struct bap_broadcast_assistant_instance * inst)645 static void discover_init(struct bap_broadcast_assistant_instance *inst)
646 {
647 k_work_init_delayable(&inst->bap_read_work, delayed_bap_read_handler);
648 net_buf_simple_reset(&att_buf);
649 atomic_set_bit(inst->flags, BAP_BA_FLAG_DISCOVER_IN_PROGRESS);
650 }
651
652 /**
653 * @brief This will discover all characteristics on the server, retrieving the
654 * handles of the writeable characteristics and subscribing to all notify and
655 * indicate characteristics.
656 */
char_discover_func(struct bt_conn * conn,const struct bt_gatt_attr * attr,struct bt_gatt_discover_params * params)657 static uint8_t char_discover_func(struct bt_conn *conn,
658 const struct bt_gatt_attr *attr,
659 struct bt_gatt_discover_params *params)
660 {
661 struct bt_gatt_subscribe_params *sub_params = NULL;
662 int err;
663 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
664
665 if (inst == NULL) {
666 return BT_GATT_ITER_STOP;
667 }
668
669 if (attr == NULL) {
670 LOG_DBG("Found %u BASS receive states", inst->recv_state_cnt);
671 (void)memset(params, 0, sizeof(*params));
672
673 err = read_recv_state(inst, 0);
674 if (err != 0) {
675 bap_broadcast_assistant_discover_complete(conn, err, 0);
676 }
677
678 return BT_GATT_ITER_STOP;
679 }
680
681 LOG_DBG("[ATTRIBUTE] handle 0x%04X", attr->handle);
682
683 if (params->type == BT_GATT_DISCOVER_CHARACTERISTIC) {
684 struct bt_gatt_chrc *chrc =
685 (struct bt_gatt_chrc *)attr->user_data;
686
687 if (bt_uuid_cmp(chrc->uuid, BT_UUID_BASS_CONTROL_POINT) == 0) {
688 LOG_DBG("Control Point");
689 inst->cp_handle = attr->handle + 1;
690 } else if (bt_uuid_cmp(chrc->uuid, BT_UUID_BASS_RECV_STATE) == 0) {
691 if (inst->recv_state_cnt <
692 CONFIG_BT_BAP_BROADCAST_ASSISTANT_RECV_STATE_COUNT) {
693 uint8_t idx = inst->recv_state_cnt++;
694
695 LOG_DBG("Receive State %u", inst->recv_state_cnt);
696 inst->recv_state_handles[idx] =
697 attr->handle + 1;
698 sub_params = &inst->recv_state_sub_params[idx];
699 sub_params->disc_params = &inst->recv_state_disc_params[idx];
700 }
701 }
702
703 if (sub_params != NULL) {
704 sub_params->end_handle = inst->end_handle;
705 sub_params->ccc_handle = BT_GATT_AUTO_DISCOVER_CCC_HANDLE;
706 sub_params->value = BT_GATT_CCC_NOTIFY;
707 sub_params->value_handle = attr->handle + 1;
708 sub_params->notify = notify_handler;
709 atomic_set_bit(sub_params->flags, BT_GATT_SUBSCRIBE_FLAG_VOLATILE);
710
711 err = bt_gatt_subscribe(conn, sub_params);
712 if (err != 0) {
713 LOG_DBG("Could not subscribe to handle 0x%04x: %d",
714 sub_params->value_handle, err);
715
716 bap_broadcast_assistant_discover_complete(conn, err, 0);
717
718 return BT_GATT_ITER_STOP;
719 }
720 }
721 }
722
723 return BT_GATT_ITER_CONTINUE;
724 }
725
service_discover_func(struct bt_conn * conn,const struct bt_gatt_attr * attr,struct bt_gatt_discover_params * params)726 static uint8_t service_discover_func(struct bt_conn *conn,
727 const struct bt_gatt_attr *attr,
728 struct bt_gatt_discover_params *params)
729 {
730 int err;
731 struct bt_gatt_service_val *prim_service;
732 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
733
734 if (inst == NULL) {
735 return BT_GATT_ITER_STOP;
736 }
737
738 if (attr == NULL) {
739 LOG_DBG("Could not discover BASS");
740 (void)memset(params, 0, sizeof(*params));
741
742 err = BT_GATT_ERR(BT_ATT_ERR_NOT_SUPPORTED);
743
744 bap_broadcast_assistant_discover_complete(conn, err, 0);
745
746 return BT_GATT_ITER_STOP;
747 }
748
749 LOG_DBG("[ATTRIBUTE] handle 0x%04X", attr->handle);
750
751 if (params->type == BT_GATT_DISCOVER_PRIMARY) {
752 prim_service = (struct bt_gatt_service_val *)attr->user_data;
753 inst->start_handle = attr->handle + 1;
754 inst->end_handle = prim_service->end_handle;
755
756 inst->disc_params.uuid = NULL;
757 inst->disc_params.start_handle = inst->start_handle;
758 inst->disc_params.end_handle = inst->end_handle;
759 inst->disc_params.type = BT_GATT_DISCOVER_CHARACTERISTIC;
760 inst->disc_params.func = char_discover_func;
761
762 err = bt_gatt_discover(conn, &inst->disc_params);
763 if (err != 0) {
764 LOG_DBG("Discover failed (err %d)", err);
765 bap_broadcast_assistant_discover_complete(conn, err, 0);
766 }
767 }
768
769 return BT_GATT_ITER_STOP;
770 }
771
bap_broadcast_assistant_write_cp_cb(struct bt_conn * conn,uint8_t err,struct bt_gatt_write_params * params)772 static void bap_broadcast_assistant_write_cp_cb(struct bt_conn *conn, uint8_t err,
773 struct bt_gatt_write_params *params)
774 {
775 struct bt_bap_broadcast_assistant_cb *listener, *next;
776 uint8_t opcode = net_buf_simple_pull_u8(&att_buf);
777 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
778
779 if (inst == NULL) {
780 return;
781 }
782
783 /* we reset the buffer, so that we are ready for new notifications and writes */
784 net_buf_simple_reset(&att_buf);
785
786 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
787
788 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&broadcast_assistant_cbs, listener, next, _node) {
789 switch (opcode) {
790 case BT_BAP_BASS_OP_SCAN_STOP:
791 if (listener->scan_stop != NULL) {
792 listener->scan_stop(conn, err);
793 }
794 break;
795 case BT_BAP_BASS_OP_SCAN_START:
796 if (listener->scan_start != NULL) {
797 listener->scan_start(conn, err);
798 }
799 break;
800 case BT_BAP_BASS_OP_ADD_SRC:
801 if (listener->add_src != NULL) {
802 listener->add_src(conn, err);
803 }
804 break;
805 case BT_BAP_BASS_OP_MOD_SRC:
806 if (listener->mod_src != NULL) {
807 listener->mod_src(conn, err);
808 }
809 break;
810 case BT_BAP_BASS_OP_BROADCAST_CODE:
811 if (listener->broadcast_code != NULL) {
812 listener->broadcast_code(conn, err);
813 }
814 break;
815 case BT_BAP_BASS_OP_REM_SRC:
816 if (listener->rem_src != NULL) {
817 listener->rem_src(conn, err);
818 }
819 break;
820 default:
821 LOG_DBG("Unknown opcode 0x%02x", opcode);
822 break;
823 }
824 }
825 }
826
bt_bap_broadcast_assistant_common_cp(struct bt_conn * conn,const struct net_buf_simple * buf)827 static int bt_bap_broadcast_assistant_common_cp(struct bt_conn *conn,
828 const struct net_buf_simple *buf)
829 {
830 int err;
831 struct bap_broadcast_assistant_instance *inst;
832
833 if (conn == NULL) {
834 LOG_DBG("conn is NULL");
835
836 return -EINVAL;
837 }
838
839 inst = inst_by_conn(conn);
840
841 if (inst == NULL) {
842 return -EINVAL;
843 }
844
845 if (inst->cp_handle == 0) {
846 LOG_DBG("Handle not set");
847 return -EINVAL;
848 }
849
850 inst->write_params.offset = 0;
851 inst->write_params.data = buf->data;
852 inst->write_params.length = buf->len;
853 inst->write_params.handle = inst->cp_handle;
854 inst->write_params.func = bap_broadcast_assistant_write_cp_cb;
855
856 err = bt_gatt_write(conn, &inst->write_params);
857 if (err != 0) {
858 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
859
860 /* Report expected possible errors */
861 if (err == -ENOTCONN || err == -ENOMEM) {
862 return err;
863 }
864
865 return -ENOEXEC;
866 }
867
868 return 0;
869 }
870
871
broadcast_source_found(struct bt_data * data,void * user_data)872 static bool broadcast_source_found(struct bt_data *data, void *user_data)
873 {
874 const struct bt_le_scan_recv_info *info = user_data;
875 struct bt_uuid_16 adv_uuid;
876 uint32_t broadcast_id;
877
878 if (data->type != BT_DATA_SVC_DATA16) {
879 return true;
880 }
881
882 if (data->data_len < BT_UUID_SIZE_16 + BT_AUDIO_BROADCAST_ID_SIZE) {
883 return true;
884 }
885
886 if (!bt_uuid_create(&adv_uuid.uuid, data->data, BT_UUID_SIZE_16)) {
887 return true;
888 }
889
890 if (bt_uuid_cmp(&adv_uuid.uuid, BT_UUID_BROADCAST_AUDIO) != 0) {
891 return true;
892 }
893
894 broadcast_id = sys_get_le24(data->data + BT_UUID_SIZE_16);
895
896 LOG_DBG("Found BIS advertiser with address %s SID 0x%02X and broadcast_id 0x%06X",
897 bt_addr_le_str(info->addr), info->sid, broadcast_id);
898
899 bap_broadcast_assistant_scan_results(info, broadcast_id);
900
901 return false;
902 }
903
scan_recv(const struct bt_le_scan_recv_info * info,struct net_buf_simple * ad)904 void scan_recv(const struct bt_le_scan_recv_info *info,
905 struct net_buf_simple *ad)
906 {
907 /* We are only interested in non-connectable periodic advertisers */
908 if ((info->adv_props & BT_GAP_ADV_PROP_CONNECTABLE) != 0 ||
909 info->interval == 0) {
910 return;
911 }
912
913 bt_data_parse(ad, broadcast_source_found, (void *)info);
914 }
915
916 static struct bt_le_scan_cb scan_cb = {
917 .recv = scan_recv
918 };
919
920 /* BAP 6.5.4 states that the Broadcast Assistant shall not initiate the Add Source operation
921 * if the operation would result in duplicate values for the combined Source_Address_Type,
922 * Source_Adv_SID, and Broadcast_ID fields of any Broadcast Receive State characteristic exposed
923 * by the Scan Delegator.
924 */
broadcast_src_is_duplicate(struct bap_broadcast_assistant_instance * inst,uint32_t broadcast_id,uint8_t adv_sid,uint8_t addr_type)925 static bool broadcast_src_is_duplicate(struct bap_broadcast_assistant_instance *inst,
926 uint32_t broadcast_id, uint8_t adv_sid, uint8_t addr_type)
927 {
928 for (size_t i = 0; i < ARRAY_SIZE(inst->recv_states); i++) {
929 const struct bap_broadcast_assistant_recv_state_info *state =
930 &inst->recv_states[i];
931
932 if (state != NULL && state->broadcast_id == broadcast_id &&
933 state->adv_sid == adv_sid && state->addr.type == addr_type) {
934 LOG_DBG("recv_state already exists at src_id=0x%02X", state->src_id);
935
936 return true;
937 }
938 }
939
940 return false;
941 }
942
943 /****************************** PUBLIC API ******************************/
944
broadcast_assistant_reset(struct bap_broadcast_assistant_instance * inst)945 static int broadcast_assistant_reset(struct bap_broadcast_assistant_instance *inst)
946 {
947 inst->scanning = false;
948 inst->pa_sync = 0U;
949 inst->recv_state_cnt = 0U;
950 inst->start_handle = 0U;
951 inst->end_handle = 0U;
952 inst->cp_handle = 0U;
953 inst->long_read_handle = 0;
954 (void)k_work_cancel_delayable(&inst->bap_read_work);
955
956 for (int i = 0U; i < CONFIG_BT_BAP_BROADCAST_ASSISTANT_RECV_STATE_COUNT; i++) {
957 memset(&inst->recv_states[i], 0, sizeof(inst->recv_states[i]));
958 inst->recv_states[i].broadcast_id = BT_BAP_INVALID_BROADCAST_ID;
959 inst->recv_states[i].adv_sid = BT_HCI_LE_EXT_ADV_SID_INVALID;
960 inst->recv_states[i].past_avail = false;
961 inst->recv_state_handles[i] = 0U;
962 }
963
964 if (inst->conn != NULL) {
965 struct bt_conn *conn = inst->conn;
966 struct bt_conn_info info;
967 int err;
968
969 err = bt_conn_get_info(conn, &info);
970 if (err != 0) {
971 return err;
972 }
973
974 if (info.state == BT_CONN_STATE_CONNECTED) {
975 for (size_t i = 0U; i < ARRAY_SIZE(inst->recv_state_sub_params); i++) {
976 /* It's okay if this fail with -EINVAL as that means that they are
977 * not currently subscribed
978 */
979 err = bt_gatt_unsubscribe(conn, &inst->recv_state_sub_params[i]);
980 if (err != 0 && err != -EINVAL) {
981 LOG_DBG("Failed to unsubscribe to state: %d", err);
982
983 return err;
984 }
985 }
986 }
987
988 bt_conn_unref(conn);
989 inst->conn = NULL;
990 }
991
992 /* The subscribe parameters must remain instact so they can get cleaned up by GATT */
993 memset(&inst->disc_params, 0, sizeof(inst->disc_params));
994 memset(&inst->recv_state_disc_params, 0, sizeof(inst->recv_state_disc_params));
995 memset(&inst->read_params, 0, sizeof(inst->read_params));
996 memset(&inst->write_params, 0, sizeof(inst->write_params));
997
998 return 0;
999 }
1000
disconnected_cb(struct bt_conn * conn,uint8_t reason)1001 static void disconnected_cb(struct bt_conn *conn, uint8_t reason)
1002 {
1003 struct bap_broadcast_assistant_instance *inst = inst_by_conn(conn);
1004
1005 if (inst) {
1006 (void)broadcast_assistant_reset(inst);
1007 }
1008 }
1009
1010 BT_CONN_CB_DEFINE(conn_callbacks) = {
1011 .disconnected = disconnected_cb,
1012 };
1013
bt_bap_broadcast_assistant_discover(struct bt_conn * conn)1014 int bt_bap_broadcast_assistant_discover(struct bt_conn *conn)
1015 {
1016 int err;
1017 struct bap_broadcast_assistant_instance *inst;
1018
1019 if (conn == NULL) {
1020 LOG_DBG("conn is NULL");
1021
1022 return -EINVAL;
1023 }
1024
1025 inst = &broadcast_assistants[bt_conn_index(conn)];
1026
1027 /* Do not allow new discoveries while we are reading or writing */
1028 if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1029 LOG_DBG("Instance is busy");
1030 return -EBUSY;
1031 }
1032
1033 err = broadcast_assistant_reset(inst);
1034 if (err != 0) {
1035 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1036
1037 LOG_DBG("Failed to reset broadcast assistant: %d", err);
1038
1039 return -ENOEXEC;
1040 }
1041
1042 inst->conn = bt_conn_ref(conn);
1043
1044 /* Discover BASS on peer, setup handles and notify */
1045 discover_init(inst);
1046
1047 (void)memcpy(&uuid, BT_UUID_BASS, sizeof(uuid));
1048 inst->disc_params.func = service_discover_func;
1049 inst->disc_params.uuid = &uuid.uuid;
1050 inst->disc_params.type = BT_GATT_DISCOVER_PRIMARY;
1051 inst->disc_params.start_handle = BT_ATT_FIRST_ATTRIBUTE_HANDLE;
1052 inst->disc_params.end_handle = BT_ATT_LAST_ATTRIBUTE_HANDLE;
1053 err = bt_gatt_discover(conn, &inst->disc_params);
1054 if (err != 0) {
1055 atomic_clear_bit(inst->flags, BAP_BA_FLAG_DISCOVER_IN_PROGRESS);
1056 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1057
1058 /* Report expected possible errors */
1059 if (err == -ENOTCONN || err == -ENOMEM) {
1060 return err;
1061 }
1062
1063 LOG_DBG("Unexpected err %d from bt_gatt_discover", err);
1064
1065 return -ENOEXEC;
1066 }
1067
1068 return 0;
1069 }
1070
1071 /* TODO: naming is different from e.g. bt_vcp_vol_ctrl_cb_register */
bt_bap_broadcast_assistant_register_cb(struct bt_bap_broadcast_assistant_cb * cb)1072 int bt_bap_broadcast_assistant_register_cb(struct bt_bap_broadcast_assistant_cb *cb)
1073 {
1074 struct bt_bap_broadcast_assistant_cb *tmp;
1075
1076 CHECKIF(cb == NULL) {
1077 return -EINVAL;
1078 }
1079
1080 SYS_SLIST_FOR_EACH_CONTAINER(&broadcast_assistant_cbs, tmp, _node) {
1081 if (tmp == cb) {
1082 LOG_DBG("Already registered");
1083 return -EALREADY;
1084 }
1085 }
1086
1087 sys_slist_append(&broadcast_assistant_cbs, &cb->_node);
1088
1089 return 0;
1090 }
1091
bt_bap_broadcast_assistant_unregister_cb(struct bt_bap_broadcast_assistant_cb * cb)1092 int bt_bap_broadcast_assistant_unregister_cb(struct bt_bap_broadcast_assistant_cb *cb)
1093 {
1094 CHECKIF(cb == NULL) {
1095 return -EINVAL;
1096 }
1097
1098 if (!sys_slist_find_and_remove(&broadcast_assistant_cbs, &cb->_node)) {
1099 return -EALREADY;
1100 }
1101
1102 return 0;
1103 }
1104
bt_bap_broadcast_assistant_scan_start(struct bt_conn * conn,bool start_scan)1105 int bt_bap_broadcast_assistant_scan_start(struct bt_conn *conn, bool start_scan)
1106 {
1107 struct bt_bap_bass_cp_scan_start *cp;
1108 int err;
1109 struct bap_broadcast_assistant_instance *inst;
1110
1111 if (conn == NULL) {
1112 LOG_DBG("conn is NULL");
1113
1114 return -EINVAL;
1115 }
1116
1117 inst = inst_by_conn(conn);
1118 if (inst == NULL) {
1119 return -EINVAL;
1120 }
1121
1122 if (inst->cp_handle == 0) {
1123 LOG_DBG("handle not set");
1124
1125 return -EINVAL;
1126 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1127 /* Do not allow writes while we are discovering as the handles may change */
1128
1129 LOG_DBG("instance busy");
1130
1131 return -EBUSY;
1132 }
1133
1134 /* TODO: Remove the start_scan parameter and support from the assistant */
1135 if (start_scan) {
1136 static bool cb_registered;
1137
1138 if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_SCANNING)) {
1139 LOG_DBG("Already scanning");
1140
1141 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1142
1143 return -EALREADY;
1144 }
1145
1146 if (!cb_registered) {
1147 bt_le_scan_cb_register(&scan_cb);
1148 cb_registered = true;
1149 }
1150
1151 err = bt_le_scan_start(BT_LE_SCAN_PASSIVE, NULL);
1152 if (err != 0) {
1153 LOG_DBG("Could not start scan (%d)", err);
1154
1155 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1156 atomic_clear_bit(inst->flags, BAP_BA_FLAG_SCANNING);
1157
1158 /* Report expected possible errors */
1159 if (err == -EAGAIN) {
1160 return err;
1161 }
1162
1163 LOG_DBG("Unexpected err %d from bt_le_scan_start", err);
1164
1165 return -ENOEXEC;
1166 }
1167 }
1168
1169 /* Reset buffer before using */
1170 net_buf_simple_reset(&att_buf);
1171 cp = net_buf_simple_add(&att_buf, sizeof(*cp));
1172
1173 cp->opcode = BT_BAP_BASS_OP_SCAN_START;
1174
1175 atomic_clear_bit(inst->flags, BAP_BA_FLAG_SCANNING);
1176 err = bt_bap_broadcast_assistant_common_cp(conn, &att_buf);
1177 if (err != 0 && start_scan) {
1178 /* bt_bap_broadcast_assistant_common_cp clears the busy flag on error */
1179 err = bt_le_scan_stop();
1180 if (err != 0) {
1181 LOG_DBG("Could not stop scan (%d)", err);
1182
1183 return -ENOEXEC;
1184 }
1185
1186 atomic_clear_bit(inst->flags, BAP_BA_FLAG_SCANNING);
1187 }
1188
1189 return err;
1190 }
1191
bt_bap_broadcast_assistant_scan_stop(struct bt_conn * conn)1192 int bt_bap_broadcast_assistant_scan_stop(struct bt_conn *conn)
1193 {
1194 struct bt_bap_bass_cp_scan_stop *cp;
1195 int err;
1196 struct bap_broadcast_assistant_instance *inst;
1197
1198 if (conn == NULL) {
1199 LOG_DBG("conn is NULL");
1200
1201 return -EINVAL;
1202 }
1203
1204 inst = inst_by_conn(conn);
1205 if (inst == NULL) {
1206 return -EINVAL;
1207 }
1208
1209 if (inst->cp_handle == 0) {
1210 LOG_DBG("handle not set");
1211
1212 return -EINVAL;
1213 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1214 LOG_DBG("instance busy");
1215
1216 return -EBUSY;
1217 }
1218
1219 if (atomic_test_bit(inst->flags, BAP_BA_FLAG_SCANNING)) {
1220 err = bt_le_scan_stop();
1221 if (err != 0) {
1222 LOG_DBG("Could not stop scan (%d)", err);
1223
1224 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1225
1226 return err;
1227 }
1228
1229 atomic_clear_bit(inst->flags, BAP_BA_FLAG_SCANNING);
1230 }
1231
1232 /* Reset buffer before using */
1233 net_buf_simple_reset(&att_buf);
1234 cp = net_buf_simple_add(&att_buf, sizeof(*cp));
1235
1236 cp->opcode = BT_BAP_BASS_OP_SCAN_STOP;
1237
1238 return bt_bap_broadcast_assistant_common_cp(conn, &att_buf);
1239 }
1240
bis_syncs_unique_or_no_pref(uint32_t requested_bis_syncs,uint32_t aggregated_bis_syncs)1241 static bool bis_syncs_unique_or_no_pref(uint32_t requested_bis_syncs, uint32_t aggregated_bis_syncs)
1242 {
1243 if (requested_bis_syncs == 0U || aggregated_bis_syncs == 0U) {
1244 return true;
1245 }
1246
1247 if (requested_bis_syncs == BT_BAP_BIS_SYNC_NO_PREF &&
1248 aggregated_bis_syncs == BT_BAP_BIS_SYNC_NO_PREF) {
1249 return true;
1250 }
1251
1252 return (requested_bis_syncs & aggregated_bis_syncs) != 0U;
1253 }
1254
valid_subgroup_params(uint8_t pa_sync,const struct bt_bap_bass_subgroup subgroups[],uint8_t num_subgroups)1255 static bool valid_subgroup_params(uint8_t pa_sync, const struct bt_bap_bass_subgroup subgroups[],
1256 uint8_t num_subgroups)
1257 {
1258 uint32_t aggregated_bis_syncs = 0U;
1259
1260 for (uint8_t i = 0U; i < num_subgroups; i++) {
1261 /* BIS sync values of 0 and BT_BAP_BIS_SYNC_NO_PREF are allowed at any time, but any
1262 * other values are only allowed if PA sync state is also set
1263 */
1264 CHECKIF(pa_sync == 0 && (subgroups[i].bis_sync != 0U &&
1265 subgroups[i].bis_sync != BT_BAP_BIS_SYNC_NO_PREF)) {
1266 LOG_DBG("[%u]: Only syncing to BIS is not allowed", i);
1267
1268 return false;
1269 }
1270
1271 /* Verify that the request BIS sync indexes are unique or no preference */
1272 if (!bis_syncs_unique_or_no_pref(subgroups[i].bis_sync, aggregated_bis_syncs)) {
1273 LOG_DBG("[%u]: Duplicate BIS index 0x%08x (aggregated 0x%08x)", i,
1274 subgroups[i].bis_sync, aggregated_bis_syncs);
1275
1276 return false;
1277 }
1278
1279 /* Keep track of BIS sync values to ensure that we do not have duplicates */
1280 if (subgroups[i].bis_sync != BT_BAP_BIS_SYNC_NO_PREF) {
1281 aggregated_bis_syncs |= subgroups[i].bis_sync;
1282 }
1283
1284 #if defined(CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE)
1285 if (subgroups[i].metadata_len > CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE) {
1286 LOG_DBG("[%u]: Invalid metadata_len: %u", i, subgroups[i].metadata_len);
1287
1288 return false;
1289 }
1290 }
1291 #endif /* CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE */
1292
1293 return true;
1294 }
1295
valid_add_src_param(const struct bt_bap_broadcast_assistant_add_src_param * param)1296 static bool valid_add_src_param(const struct bt_bap_broadcast_assistant_add_src_param *param)
1297 {
1298 CHECKIF(param == NULL) {
1299 LOG_DBG("param is NULL");
1300 return false;
1301 }
1302
1303 CHECKIF(param->addr.type > BT_ADDR_LE_RANDOM) {
1304 LOG_DBG("Invalid address type %u", param->addr.type);
1305 return false;
1306 }
1307
1308 CHECKIF(param->adv_sid > BT_GAP_SID_MAX) {
1309 LOG_DBG("Invalid adv_sid %u", param->adv_sid);
1310 return false;
1311 }
1312
1313 CHECKIF(!(param->pa_interval != BT_BAP_PA_INTERVAL_UNKNOWN) &&
1314 !IN_RANGE(param->pa_interval, BT_GAP_PER_ADV_MIN_INTERVAL,
1315 BT_GAP_PER_ADV_MAX_INTERVAL)) {
1316 LOG_DBG("Invalid pa_interval 0x%04X", param->pa_interval);
1317 return false;
1318 }
1319
1320 CHECKIF(param->broadcast_id > BT_AUDIO_BROADCAST_ID_MAX) {
1321 LOG_DBG("Invalid broadcast_id 0x%08X", param->broadcast_id);
1322 return false;
1323 }
1324
1325 CHECKIF(param->num_subgroups != 0 && param->subgroups == NULL) {
1326 LOG_DBG("Subgroups are NULL when num_subgroups = %u", param->num_subgroups);
1327 return false;
1328 }
1329
1330 CHECKIF(param->num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
1331 LOG_DBG("Too many subgroups %u/%u", param->num_subgroups,
1332 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
1333
1334 return false;
1335 }
1336
1337 CHECKIF(param->subgroups != NULL) {
1338 if (!valid_subgroup_params(param->pa_sync, param->subgroups,
1339 param->num_subgroups)) {
1340 return false;
1341 }
1342 }
1343
1344 return true;
1345 }
1346
bt_bap_broadcast_assistant_add_src(struct bt_conn * conn,const struct bt_bap_broadcast_assistant_add_src_param * param)1347 int bt_bap_broadcast_assistant_add_src(struct bt_conn *conn,
1348 const struct bt_bap_broadcast_assistant_add_src_param *param)
1349 {
1350 struct bt_bap_bass_cp_add_src *cp;
1351 struct bap_broadcast_assistant_instance *inst;
1352
1353 if (conn == NULL) {
1354 LOG_DBG("conn is NULL");
1355
1356 return -EINVAL;
1357 }
1358
1359 inst = inst_by_conn(conn);
1360
1361 if (inst == NULL) {
1362 return -EINVAL;
1363 }
1364
1365 /* Check if this operation would result in a duplicate before proceeding */
1366 if (broadcast_src_is_duplicate(inst, param->broadcast_id, param->adv_sid,
1367 param->addr.type)) {
1368 LOG_DBG("Broadcast source already exists");
1369
1370 return -EINVAL;
1371 }
1372
1373 if (!valid_add_src_param(param)) {
1374 return -EINVAL;
1375 }
1376
1377 if (inst->cp_handle == 0) {
1378 LOG_DBG("handle not set");
1379
1380 return -EINVAL;
1381 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1382 LOG_DBG("instance busy");
1383
1384 return -EBUSY;
1385 }
1386 /* Reset buffer before using */
1387 net_buf_simple_reset(&att_buf);
1388 cp = net_buf_simple_add(&att_buf, sizeof(*cp));
1389
1390 cp->opcode = BT_BAP_BASS_OP_ADD_SRC;
1391 cp->adv_sid = param->adv_sid;
1392 bt_addr_le_copy(&cp->addr, ¶m->addr);
1393
1394 sys_put_le24(param->broadcast_id, cp->broadcast_id);
1395
1396 if (param->pa_sync) {
1397 if (past_available(conn, ¶m->addr, param->adv_sid)) {
1398 cp->pa_sync = BT_BAP_BASS_PA_REQ_SYNC_PAST;
1399 } else {
1400 cp->pa_sync = BT_BAP_BASS_PA_REQ_SYNC;
1401 }
1402 } else {
1403 cp->pa_sync = BT_BAP_BASS_PA_REQ_NO_SYNC;
1404 }
1405 cp->pa_interval = sys_cpu_to_le16(param->pa_interval);
1406
1407 cp->num_subgroups = param->num_subgroups;
1408 for (int i = 0; i < param->num_subgroups; i++) {
1409 struct bt_bap_bass_cp_subgroup *subgroup;
1410 const size_t subgroup_size = sizeof(subgroup->bis_sync) +
1411 sizeof(subgroup->metadata_len) +
1412 param->subgroups[i].metadata_len;
1413
1414 if (att_buf.len + subgroup_size > att_buf.size) {
1415 LOG_DBG("MTU is too small to send %zu octets", att_buf.len + subgroup_size);
1416
1417 /* TODO: Validate parameters before setting the busy flag to reduce cleanup
1418 */
1419 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1420
1421 return -EINVAL;
1422 }
1423
1424 subgroup = net_buf_simple_add(&att_buf, subgroup_size);
1425
1426 subgroup->bis_sync = param->subgroups[i].bis_sync;
1427
1428 #if defined(CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE)
1429 if (param->subgroups[i].metadata_len != 0) {
1430 (void)memcpy(subgroup->metadata, param->subgroups[i].metadata,
1431 param->subgroups[i].metadata_len);
1432 subgroup->metadata_len = param->subgroups[i].metadata_len;
1433 } else {
1434 subgroup->metadata_len = 0U;
1435 }
1436 #else
1437 subgroup->metadata_len = 0U;
1438 #endif /* CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE */
1439 }
1440
1441 return bt_bap_broadcast_assistant_common_cp(conn, &att_buf);
1442 }
1443
valid_add_mod_param(const struct bt_bap_broadcast_assistant_mod_src_param * param)1444 static bool valid_add_mod_param(const struct bt_bap_broadcast_assistant_mod_src_param *param)
1445 {
1446 CHECKIF(param == NULL) {
1447 LOG_DBG("param is NULL");
1448 return false;
1449 }
1450
1451 CHECKIF(!(param->pa_interval != BT_BAP_PA_INTERVAL_UNKNOWN) &&
1452 !IN_RANGE(param->pa_interval, BT_GAP_PER_ADV_MIN_INTERVAL,
1453 BT_GAP_PER_ADV_MAX_INTERVAL)) {
1454 LOG_DBG("Invalid pa_interval 0x%04X", param->pa_interval);
1455 return false;
1456 }
1457
1458 CHECKIF(param->num_subgroups != 0 && param->subgroups == NULL) {
1459 LOG_DBG("Subgroups are NULL when num_subgroups = %u", param->num_subgroups);
1460 return false;
1461 }
1462
1463 CHECKIF(param->num_subgroups > CONFIG_BT_BAP_BASS_MAX_SUBGROUPS) {
1464 LOG_DBG("Too many subgroups %u/%u", param->num_subgroups,
1465 CONFIG_BT_BAP_BASS_MAX_SUBGROUPS);
1466
1467 return false;
1468 }
1469
1470 CHECKIF(param->subgroups != NULL) {
1471 if (!valid_subgroup_params(param->pa_sync, param->subgroups,
1472 param->num_subgroups)) {
1473 return false;
1474 }
1475 }
1476
1477 return true;
1478 }
1479
bt_bap_broadcast_assistant_mod_src(struct bt_conn * conn,const struct bt_bap_broadcast_assistant_mod_src_param * param)1480 int bt_bap_broadcast_assistant_mod_src(struct bt_conn *conn,
1481 const struct bt_bap_broadcast_assistant_mod_src_param *param)
1482 {
1483 struct bt_bap_bass_cp_mod_src *cp;
1484 bool known_recv_state;
1485 bool past_avail;
1486 struct bap_broadcast_assistant_instance *inst;
1487
1488 if (conn == NULL) {
1489 LOG_DBG("conn is NULL");
1490
1491 return -EINVAL;
1492 }
1493
1494 if (!valid_add_mod_param(param)) {
1495 return -EINVAL;
1496 }
1497
1498 inst = inst_by_conn(conn);
1499 if (inst == NULL) {
1500 return -EINVAL;
1501 }
1502
1503 if (inst->cp_handle == 0) {
1504 LOG_DBG("handle not set");
1505
1506 return -EINVAL;
1507 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1508 LOG_DBG("instance busy");
1509
1510 return -EBUSY;
1511 }
1512
1513 /* Reset buffer before using */
1514 net_buf_simple_reset(&att_buf);
1515 cp = net_buf_simple_add(&att_buf, sizeof(*cp));
1516
1517 cp->opcode = BT_BAP_BASS_OP_MOD_SRC;
1518 cp->src_id = param->src_id;
1519
1520 /* Since we do not have the address and SID in this function, we
1521 * rely on cached PAST support information
1522 */
1523 known_recv_state = false;
1524 past_avail = false;
1525 for (size_t i = 0; i < ARRAY_SIZE(inst->recv_states); i++) {
1526 if (inst->recv_states[i].src_id == param->src_id) {
1527 known_recv_state = true;
1528 past_avail = inst->recv_states[i].past_avail;
1529 break;
1530 }
1531 }
1532
1533 if (!known_recv_state) {
1534 LOG_WRN("Attempting to modify unknown receive state: %u",
1535 param->src_id);
1536 }
1537
1538 if (param->pa_sync) {
1539 if (known_recv_state && past_avail) {
1540 cp->pa_sync = BT_BAP_BASS_PA_REQ_SYNC_PAST;
1541 } else {
1542 cp->pa_sync = BT_BAP_BASS_PA_REQ_SYNC;
1543 }
1544 } else {
1545 cp->pa_sync = BT_BAP_BASS_PA_REQ_NO_SYNC;
1546 }
1547
1548 cp->pa_interval = sys_cpu_to_le16(param->pa_interval);
1549
1550 cp->num_subgroups = param->num_subgroups;
1551 for (int i = 0; i < param->num_subgroups; i++) {
1552 struct bt_bap_bass_cp_subgroup *subgroup;
1553 const size_t subgroup_size = sizeof(subgroup->bis_sync) +
1554 sizeof(subgroup->metadata_len) +
1555 param->subgroups[i].metadata_len;
1556
1557 if (att_buf.len + subgroup_size > att_buf.size) {
1558 LOG_DBG("MTU is too small to send %zu octets", att_buf.len + subgroup_size);
1559
1560 /* TODO: Validate parameters before setting the busy flag to reduce cleanup
1561 */
1562 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1563
1564 return -EINVAL;
1565 }
1566 subgroup = net_buf_simple_add(&att_buf, subgroup_size);
1567
1568 subgroup->bis_sync = param->subgroups[i].bis_sync;
1569
1570 #if defined(CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE)
1571 if (param->subgroups[i].metadata_len != 0) {
1572 (void)memcpy(subgroup->metadata,
1573 param->subgroups[i].metadata,
1574 param->subgroups[i].metadata_len);
1575 subgroup->metadata_len = param->subgroups[i].metadata_len;
1576 } else {
1577 subgroup->metadata_len = 0U;
1578 }
1579 #else
1580 subgroup->metadata_len = 0U;
1581 #endif /* CONFIG_BT_AUDIO_CODEC_CFG_MAX_METADATA_SIZE */
1582 }
1583
1584 return bt_bap_broadcast_assistant_common_cp(conn, &att_buf);
1585 }
1586
bt_bap_broadcast_assistant_set_broadcast_code(struct bt_conn * conn,uint8_t src_id,const uint8_t broadcast_code[BT_ISO_BROADCAST_CODE_SIZE])1587 int bt_bap_broadcast_assistant_set_broadcast_code(
1588 struct bt_conn *conn, uint8_t src_id,
1589 const uint8_t broadcast_code[BT_ISO_BROADCAST_CODE_SIZE])
1590 {
1591 struct bt_bap_bass_cp_broadcase_code *cp;
1592 struct bap_broadcast_assistant_instance *inst;
1593
1594 if (conn == NULL) {
1595 LOG_DBG("conn is NULL");
1596
1597 return -EINVAL;
1598 }
1599
1600 inst = inst_by_conn(conn);
1601 if (inst == NULL) {
1602 return -EINVAL;
1603 }
1604
1605 if (inst->cp_handle == 0) {
1606 LOG_DBG("handle not set");
1607
1608 return -EINVAL;
1609 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1610 LOG_DBG("instance busy");
1611
1612 return -EBUSY;
1613 }
1614
1615 /* Reset buffer before using */
1616 net_buf_simple_reset(&att_buf);
1617 cp = net_buf_simple_add(&att_buf, sizeof(*cp));
1618
1619 cp->opcode = BT_BAP_BASS_OP_BROADCAST_CODE;
1620 cp->src_id = src_id;
1621
1622 (void)memcpy(cp->broadcast_code, broadcast_code, BT_ISO_BROADCAST_CODE_SIZE);
1623
1624 LOG_HEXDUMP_DBG(cp->broadcast_code, BT_ISO_BROADCAST_CODE_SIZE, "broadcast code:");
1625
1626 return bt_bap_broadcast_assistant_common_cp(conn, &att_buf);
1627 }
1628
bt_bap_broadcast_assistant_rem_src(struct bt_conn * conn,uint8_t src_id)1629 int bt_bap_broadcast_assistant_rem_src(struct bt_conn *conn, uint8_t src_id)
1630 {
1631 struct bt_bap_bass_cp_rem_src *cp;
1632 struct bap_broadcast_assistant_instance *inst;
1633
1634 if (conn == NULL) {
1635 LOG_DBG("conn is NULL");
1636
1637 return -EINVAL;
1638 }
1639
1640 inst = inst_by_conn(conn);
1641 if (inst == NULL) {
1642 return -EINVAL;
1643 }
1644
1645 if (inst->cp_handle == 0) {
1646 LOG_DBG("handle not set");
1647
1648 return -EINVAL;
1649 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1650 LOG_DBG("instance busy");
1651
1652 return -EBUSY;
1653 }
1654
1655 /* Reset buffer before using */
1656 net_buf_simple_reset(&att_buf);
1657 cp = net_buf_simple_add(&att_buf, sizeof(*cp));
1658
1659 cp->opcode = BT_BAP_BASS_OP_REM_SRC;
1660 cp->src_id = src_id;
1661
1662 return bt_bap_broadcast_assistant_common_cp(conn, &att_buf);
1663 }
1664
read_recv_state(struct bap_broadcast_assistant_instance * inst,uint8_t idx)1665 static int read_recv_state(struct bap_broadcast_assistant_instance *inst, uint8_t idx)
1666 {
1667 int err;
1668
1669 inst->read_params.func = read_recv_state_cb;
1670 inst->read_params.handle_count = 1;
1671 inst->read_params.single.handle = inst->recv_state_handles[idx];
1672
1673 err = bt_gatt_read(inst->conn, &inst->read_params);
1674 if (err != 0) {
1675 (void)memset(&inst->read_params, 0, sizeof(inst->read_params));
1676 }
1677
1678 return err;
1679 }
1680
bt_bap_broadcast_assistant_read_recv_state(struct bt_conn * conn,uint8_t idx)1681 int bt_bap_broadcast_assistant_read_recv_state(struct bt_conn *conn,
1682 uint8_t idx)
1683 {
1684 int err;
1685 struct bap_broadcast_assistant_instance *inst;
1686
1687 if (conn == NULL) {
1688 LOG_DBG("conn is NULL");
1689
1690 return -EINVAL;
1691 }
1692
1693 inst = inst_by_conn(conn);
1694 if (inst == NULL) {
1695 return -EINVAL;
1696 }
1697
1698 CHECKIF(idx >= ARRAY_SIZE(inst->recv_state_handles)) {
1699 LOG_DBG("Invalid idx: %u", idx);
1700
1701 return -EINVAL;
1702 }
1703
1704 if (inst->recv_state_handles[idx] == 0) {
1705 LOG_DBG("handle not set");
1706
1707 return -EINVAL;
1708 } else if (atomic_test_and_set_bit(inst->flags, BAP_BA_FLAG_BUSY)) {
1709 LOG_DBG("instance busy");
1710
1711 return -EBUSY;
1712 }
1713
1714 err = read_recv_state(inst, idx);
1715 if (err != 0) {
1716 (void)memset(&inst->read_params, 0,
1717 sizeof(inst->read_params));
1718 atomic_clear_bit(inst->flags, BAP_BA_FLAG_BUSY);
1719 }
1720
1721 return err;
1722 }
1723
