// SPDX-License-Identifier: LGPL-2.1-or-later /* * * BlueZ - Bluetooth protocol stack for Linux * * Copyright (C) 2013-2014 Intel Corporation. All rights reserved. * * */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include "btio/btio.h" #include "lib/bluetooth.h" #include "lib/sdp.h" #include "lib/sdp_lib.h" #include "lib/uuid.h" #include "src/shared/mgmt.h" #include "src/shared/util.h" #include "src/shared/uhid.h" #include "src/shared/queue.h" #include "src/shared/att.h" #include "src/shared/gatt-db.h" #include "src/sdp-client.h" #include "src/uuid-helper.h" #include "src/log.h" #include "profiles/input/hog-lib.h" #include "hal-msg.h" #include "ipc-common.h" #include "ipc.h" #include "bluetooth.h" #include "gatt.h" #include "hidhost.h" #include "utils.h" #define L2CAP_PSM_HIDP_CTRL 0x11 #define L2CAP_PSM_HIDP_INTR 0x13 /* HID message types */ #define HID_MSG_HANDSHAKE 0x00 #define HID_MSG_CONTROL 0x10 #define HID_MSG_GET_REPORT 0x40 #define HID_MSG_SET_REPORT 0x50 #define HID_MSG_GET_PROTOCOL 0x60 #define HID_MSG_SET_PROTOCOL 0x70 #define HID_MSG_DATA 0xa0 #define HID_MSG_TYPE_MASK 0xf0 /* HID data types */ #define HID_DATA_TYPE_INPUT 0x01 #define HID_DATA_TYPE_OUTPUT 0x02 #define HID_DATA_TYPE_FEATURE 0x03 /* HID protocol header parameters */ #define HID_PROTO_BOOT 0x00 #define HID_PROTO_REPORT 0x01 /* HID GET REPORT Size Field */ #define HID_GET_REPORT_SIZE_FIELD 0x08 /* HID Virtual Cable Unplug */ #define HID_VIRTUAL_CABLE_UNPLUG 0x05 static bdaddr_t adapter_addr; static GIOChannel *ctrl_io = NULL; static GIOChannel *intr_io = NULL; static GSList *devices = NULL; static unsigned int hog_app = 0; static struct ipc *hal_ipc = NULL; struct hid_device { bdaddr_t dst; uint8_t state; uint8_t subclass; uint16_t vendor; uint16_t product; uint16_t version; uint8_t country; int rd_size; void *rd_data; uint8_t boot_dev; GIOChannel *ctrl_io; GIOChannel *intr_io; guint ctrl_watch; guint intr_watch; struct bt_uhid *uhid; uint8_t last_hid_msg; struct bt_hog *hog; int sec_level; }; static int device_cmp(gconstpointer s, gconstpointer user_data) { const struct hid_device *dev = s; const bdaddr_t *dst = user_data; return bacmp(&dev->dst, dst); } static void hid_device_free(void *data) { struct hid_device *dev = data; if (dev->ctrl_watch > 0) g_source_remove(dev->ctrl_watch); if (dev->intr_watch > 0) g_source_remove(dev->intr_watch); if (dev->intr_io) g_io_channel_unref(dev->intr_io); if (dev->ctrl_io) g_io_channel_unref(dev->ctrl_io); if (dev->uhid) bt_uhid_unref(dev->uhid); if (dev->hog) bt_hog_unref(dev->hog); g_free(dev->rd_data); g_free(dev); } static void hid_device_remove(struct hid_device *dev) { devices = g_slist_remove(devices, dev); hid_device_free(dev); } static struct hid_device *hid_device_new(const bdaddr_t *addr) { struct hid_device *dev; dev = g_new0(struct hid_device, 1); bacpy(&dev->dst, addr); dev->state = HAL_HIDHOST_STATE_DISCONNECTED; dev->sec_level = BT_IO_SEC_LOW; devices = g_slist_append(devices, dev); return dev; } static bool hex2buf(const uint8_t *hex, uint8_t *buf, int buf_size) { int i, j; char c; uint8_t b; for (i = 0, j = 0; i < buf_size; i++, j++) { c = toupper(hex[j]); if (c >= '0' && c <= '9') b = c - '0'; else if (c >= 'A' && c <= 'F') b = 10 + c - 'A'; else return false; j++; c = toupper(hex[j]); if (c >= '0' && c <= '9') b = b * 16 + c - '0'; else if (c >= 'A' && c <= 'F') b = b * 16 + 10 + c - 'A'; else return false; buf[i] = b; } return true; } static void handle_uhid_output(struct uhid_event *event, void *user_data) { struct uhid_output_req *output = &event->u.output; struct hid_device *dev = user_data; int fd, req_size; uint8_t *req; if (!dev->ctrl_io) return; req_size = 1 + output->size; req = malloc0(req_size); if (!req) return; req[0] = HID_MSG_SET_REPORT | output->rtype; memcpy(req + 1, output->data, req_size - 1); fd = g_io_channel_unix_get_fd(dev->ctrl_io); if (write(fd, req, req_size) < 0) error("hidhost: error writing set_report: %s (%d)", strerror(errno), errno); free(req); } static gboolean intr_io_watch_cb(GIOChannel *chan, gpointer data) { struct hid_device *dev = data; uint8_t buf[UHID_DATA_MAX]; struct uhid_event ev; int fd, bread, err; /* Wait uHID if not ready */ if (!dev->uhid) return TRUE; fd = g_io_channel_unix_get_fd(chan); bread = read(fd, buf, sizeof(buf)); if (bread < 0) { error("hidhost: read from interrupt failed: %s(%d)", strerror(errno), -errno); return TRUE; } /* Discard non-data packets */ if (bread == 0 || buf[0] != (HID_MSG_DATA | HID_DATA_TYPE_INPUT)) return TRUE; /* send data to uHID device skipping HIDP header byte */ memset(&ev, 0, sizeof(ev)); ev.type = UHID_INPUT; ev.u.input.size = bread - 1; memcpy(ev.u.input.data, &buf[1], ev.u.input.size); err = bt_uhid_send(dev->uhid, &ev); if (err < 0) DBG("bt_uhid_send: %s (%d)", strerror(-err), -err); return TRUE; } static void bt_hid_notify_state(struct hid_device *dev, uint8_t state) { struct hal_ev_hidhost_conn_state ev; char address[18]; if (dev->state == state) return; dev->state = state; ba2str(&dev->dst, address); DBG("device %s state %u", address, state); bdaddr2android(&dev->dst, ev.bdaddr); ev.state = state; ipc_send_notif(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_EV_HIDHOST_CONN_STATE, sizeof(ev), &ev); } static gboolean intr_watch_cb(GIOChannel *chan, GIOCondition cond, gpointer data) { struct hid_device *dev = data; if (cond & (G_IO_HUP | G_IO_ERR | G_IO_NVAL)) goto error; if (cond & G_IO_IN) return intr_io_watch_cb(chan, data); error: bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); /* * Checking for ctrl_watch avoids a double g_io_channel_shutdown since * it's likely that ctrl_watch_cb has been queued for dispatching in * this mainloop iteration */ if ((cond & (G_IO_HUP | G_IO_ERR)) && dev->ctrl_watch) g_io_channel_shutdown(chan, TRUE, NULL); /* Close control channel */ if (dev->ctrl_io && !(cond & G_IO_NVAL)) g_io_channel_shutdown(dev->ctrl_io, TRUE, NULL); hid_device_remove(dev); return FALSE; } static void bt_hid_notify_proto_mode(struct hid_device *dev, uint8_t *buf, int len) { struct hal_ev_hidhost_proto_mode ev; char address[18]; ba2str(&dev->dst, address); DBG("device %s", address); memset(&ev, 0, sizeof(ev)); bdaddr2android(&dev->dst, ev.bdaddr); if (buf[0] == HID_MSG_DATA) { ev.status = HAL_HIDHOST_STATUS_OK; if (buf[1] == HID_PROTO_REPORT) ev.mode = HAL_HIDHOST_REPORT_PROTOCOL; else if (buf[1] == HID_PROTO_BOOT) ev.mode = HAL_HIDHOST_BOOT_PROTOCOL; else ev.mode = HAL_HIDHOST_UNSUPPORTED_PROTOCOL; } else { ev.status = buf[0]; ev.mode = HAL_HIDHOST_UNSUPPORTED_PROTOCOL; } ipc_send_notif(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_EV_HIDHOST_PROTO_MODE, sizeof(ev), &ev); } static void bt_hid_notify_get_report(struct hid_device *dev, uint8_t *buf, int len) { struct hal_ev_hidhost_get_report *ev; int ev_len; char address[18]; ba2str(&dev->dst, address); DBG("device %s", address); ev_len = sizeof(*ev); if (!((buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_INPUT)) || (buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_OUTPUT)) || (buf[0] == (HID_MSG_DATA | HID_DATA_TYPE_FEATURE)))) { ev = g_malloc0(ev_len); ev->status = buf[0]; bdaddr2android(&dev->dst, ev->bdaddr); goto send; } /* * Report porotocol mode reply contains id after hdr, in boot * protocol mode id doesn't exist */ ev_len += (dev->boot_dev) ? (len - 1) : (len - 2); ev = g_malloc0(ev_len); ev->status = HAL_HIDHOST_STATUS_OK; bdaddr2android(&dev->dst, ev->bdaddr); /* * Report porotocol mode reply contains id after hdr, in boot * protocol mode id doesn't exist */ if (dev->boot_dev) { ev->len = len - 1; memcpy(ev->data, buf + 1, ev->len); } else { ev->len = len - 2; memcpy(ev->data, buf + 2, ev->len); } send: ipc_send_notif(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_EV_HIDHOST_GET_REPORT, ev_len, ev); g_free(ev); } static void bt_hid_notify_handshake(struct hid_device *dev, uint8_t *buf, int len) { struct hal_ev_hidhost_handshake ev; bdaddr2android(&dev->dst, ev.bdaddr); /* crop result code to handshake status range from HAL */ ev.status = buf[0]; if (ev.status > HAL_HIDHOST_HS_ERROR) ev.status = HAL_HIDHOST_HS_ERROR; ipc_send_notif(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_EV_HIDHOST_HANDSHAKE, sizeof(ev), &ev); } static void bt_hid_notify_virtual_unplug(struct hid_device *dev, uint8_t *buf, int len) { struct hal_ev_hidhost_virtual_unplug ev; char address[18]; ba2str(&dev->dst, address); DBG("device %s", address); bdaddr2android(&dev->dst, ev.bdaddr); ev.status = HAL_HIDHOST_GENERAL_ERROR; /* Wait either channels to HUP */ if (dev->intr_io && dev->ctrl_io) { g_io_channel_shutdown(dev->intr_io, TRUE, NULL); g_io_channel_shutdown(dev->ctrl_io, TRUE, NULL); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTING); ev.status = HAL_HIDHOST_STATUS_OK; } ipc_send_notif(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_EV_HIDHOST_VIRTUAL_UNPLUG, sizeof(ev), &ev); } static gboolean ctrl_io_watch_cb(GIOChannel *chan, gpointer data) { struct hid_device *dev = data; int fd, bread; uint8_t buf[UHID_DATA_MAX]; DBG(""); fd = g_io_channel_unix_get_fd(chan); bread = read(fd, buf, sizeof(buf)); if (bread < 0) { error("hidhost: read from control failed: %s(%d)", strerror(errno), -errno); return TRUE; } switch (dev->last_hid_msg) { case HID_MSG_GET_PROTOCOL: case HID_MSG_SET_PROTOCOL: bt_hid_notify_proto_mode(dev, buf, bread); break; case HID_MSG_GET_REPORT: bt_hid_notify_get_report(dev, buf, bread); break; } switch (buf[0] & HID_MSG_TYPE_MASK) { case HID_MSG_HANDSHAKE: bt_hid_notify_handshake(dev, buf, bread); break; case HID_MSG_CONTROL: if ((buf[0] & ~HID_MSG_TYPE_MASK) == HID_VIRTUAL_CABLE_UNPLUG) bt_hid_notify_virtual_unplug(dev, buf, bread); break; default: break; } /* reset msg type request */ dev->last_hid_msg = 0; return TRUE; } static gboolean ctrl_watch_cb(GIOChannel *chan, GIOCondition cond, gpointer data) { struct hid_device *dev = data; if (cond & (G_IO_HUP | G_IO_ERR | G_IO_NVAL)) goto error; if (cond & G_IO_IN) return ctrl_io_watch_cb(chan, data); error: bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); /* * Checking for intr_watch avoids a double g_io_channel_shutdown since * it's likely that intr_watch_cb has been queued for dispatching in * this mainloop iteration */ if ((cond & (G_IO_HUP | G_IO_ERR)) && dev->intr_watch) g_io_channel_shutdown(chan, TRUE, NULL); if (dev->intr_io && !(cond & G_IO_NVAL)) g_io_channel_shutdown(dev->intr_io, TRUE, NULL); hid_device_remove(dev); return FALSE; } static void bt_hid_set_info(struct hid_device *dev) { struct hal_ev_hidhost_info ev; DBG(""); bdaddr2android(&dev->dst, ev.bdaddr); ev.attr = 0; /* TODO: Check what is this field */ ev.subclass = dev->subclass; ev.app_id = 0; /* TODO: Check what is this field */ ev.vendor = dev->vendor; ev.product = dev->product; ev.version = dev->version; ev.country = dev->country; ev.descr_len = dev->rd_size; memset(ev.descr, 0, sizeof(ev.descr)); memcpy(ev.descr, dev->rd_data, ev.descr_len); ipc_send_notif(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_EV_HIDHOST_INFO, sizeof(ev), &ev); } static int uhid_create(struct hid_device *dev) { struct uhid_event ev; int err; dev->uhid = bt_uhid_new_default(); if (!dev->uhid) { err = -errno; error("hidhost: Failed to create bt_uhid instance"); return err; } memset(&ev, 0, sizeof(ev)); ev.type = UHID_CREATE; strcpy((char *) ev.u.create.name, "bluez-input-device"); ev.u.create.bus = BUS_BLUETOOTH; ev.u.create.vendor = dev->vendor; ev.u.create.product = dev->product; ev.u.create.version = dev->version; ev.u.create.country = dev->country; ev.u.create.rd_size = dev->rd_size; ev.u.create.rd_data = dev->rd_data; err = bt_uhid_send(dev->uhid, &ev); if (err < 0) { error("hidhost: Failed to create uHID device: %s", strerror(-err)); bt_uhid_unref(dev->uhid); dev->uhid = NULL; return err; } bt_uhid_register(dev->uhid, UHID_OUTPUT, handle_uhid_output, dev); bt_hid_set_info(dev); return 0; } static void interrupt_connect_cb(GIOChannel *chan, GError *conn_err, gpointer user_data) { struct hid_device *dev = user_data; uint8_t state; DBG(""); if (conn_err) { error("hidhost: Failed to connect interrupt channel (%s)", conn_err->message); state = HAL_HIDHOST_STATE_FAILED; goto failed; } if (uhid_create(dev) < 0) { state = HAL_HIDHOST_STATE_NO_HID; goto failed; } dev->intr_watch = g_io_add_watch(dev->intr_io, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_NVAL, intr_watch_cb, dev); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_CONNECTED); return; failed: bt_hid_notify_state(dev, state); hid_device_remove(dev); } static void control_connect_cb(GIOChannel *chan, GError *conn_err, gpointer user_data) { struct hid_device *dev = user_data; GError *err = NULL; DBG(""); if (conn_err) { bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); error("hidhost: Failed to connect control channel (%s)", conn_err->message); goto failed; } /* Connect to the HID interrupt channel */ dev->intr_io = bt_io_connect(interrupt_connect_cb, dev, NULL, &err, BT_IO_OPT_SOURCE_BDADDR, &adapter_addr, BT_IO_OPT_DEST_BDADDR, &dev->dst, BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR, BT_IO_OPT_SEC_LEVEL, dev->sec_level, BT_IO_OPT_INVALID); if (!dev->intr_io) { error("hidhost: Failed to connect interrupt channel (%s)", err->message); g_error_free(err); goto failed; } dev->ctrl_watch = g_io_add_watch(dev->ctrl_io, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_NVAL, ctrl_watch_cb, dev); return; failed: hid_device_remove(dev); } static void hid_sdp_search_cb(sdp_list_t *recs, int err, gpointer data) { struct hid_device *dev = data; sdp_list_t *list; GError *gerr = NULL; DBG(""); if (err < 0) { error("hidhost: Unable to get SDP record: %s", strerror(-err)); goto fail; } if (!recs || !recs->data) { error("hidhost: No SDP records found"); goto fail; } for (list = recs; list != NULL; list = list->next) { sdp_record_t *rec = list->data; sdp_data_t *data; data = sdp_data_get(rec, SDP_ATTR_HID_COUNTRY_CODE); if (data) dev->country = data->val.uint8; data = sdp_data_get(rec, SDP_ATTR_HID_DEVICE_SUBCLASS); if (data) { dev->subclass = data->val.uint8; /* Encryption is mandatory for keyboards */ if (dev->subclass & 0x40) dev->sec_level = BT_IO_SEC_MEDIUM; } data = sdp_data_get(rec, SDP_ATTR_HID_BOOT_DEVICE); if (data) dev->boot_dev = data->val.uint8; data = sdp_data_get(rec, SDP_ATTR_HID_DESCRIPTOR_LIST); if (data) { if (!SDP_IS_SEQ(data->dtd)) goto fail; /* First HIDDescriptor */ data = data->val.dataseq; if (!SDP_IS_SEQ(data->dtd)) goto fail; /* ClassDescriptorType */ data = data->val.dataseq; if (data->dtd != SDP_UINT8) goto fail; /* ClassDescriptorData */ data = data->next; if (!data || !SDP_IS_TEXT_STR(data->dtd)) goto fail; dev->rd_size = data->unitSize; dev->rd_data = util_memdup(data->val.str, data->unitSize); } } if (dev->ctrl_io) { /* Raise the security level for this device if needed. */ if ((dev->sec_level > BT_IO_SEC_LOW) && !bt_io_set(dev->ctrl_io, &gerr, BT_IO_OPT_SEC_LEVEL, dev->sec_level, BT_IO_OPT_INVALID)) { error("hidhost: Cannot raise security level: %s", gerr->message); g_error_free(gerr); goto fail; } if (uhid_create(dev) < 0) goto fail; return; } dev->ctrl_io = bt_io_connect(control_connect_cb, dev, NULL, &gerr, BT_IO_OPT_SOURCE_BDADDR, &adapter_addr, BT_IO_OPT_DEST_BDADDR, &dev->dst, BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL, BT_IO_OPT_SEC_LEVEL, dev->sec_level, BT_IO_OPT_INVALID); if (gerr) { error("hidhost: Failed to connect control channel (%s)", gerr->message); g_error_free(gerr); goto fail; } return; fail: bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); hid_device_remove(dev); } static void hid_sdp_did_search_cb(sdp_list_t *recs, int err, gpointer data) { struct hid_device *dev = data; sdp_list_t *list; uuid_t uuid; DBG(""); if (err < 0) { error("hidhost: Unable to get Device ID SDP record: %s", strerror(-err)); goto fail; } if (!recs || !recs->data) { error("hidhost: No Device ID SDP records found"); goto fail; } for (list = recs; list; list = list->next) { sdp_record_t *rec = list->data; sdp_data_t *data; data = sdp_data_get(rec, SDP_ATTR_VENDOR_ID); if (data) dev->vendor = data->val.uint16; data = sdp_data_get(rec, SDP_ATTR_PRODUCT_ID); if (data) dev->product = data->val.uint16; data = sdp_data_get(rec, SDP_ATTR_VERSION); if (data) dev->version = data->val.uint16; } sdp_uuid16_create(&uuid, HID_SVCLASS_ID); if (bt_search_service(&adapter_addr, &dev->dst, &uuid, hid_sdp_search_cb, dev, NULL, 0) < 0) { error("hidhost: Failed to search SDP details"); goto fail; } return; fail: bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); hid_device_remove(dev); } static void hog_conn_cb(const bdaddr_t *addr, int err, void *attrib) { GSList *l; struct hid_device *dev; l = g_slist_find_custom(devices, addr, device_cmp); dev = l ? l->data : NULL; if (err < 0) { if (!dev) return; if (dev->hog) { bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); bt_hog_detach(dev->hog); return; } goto fail; } if (!dev) dev = hid_device_new(addr); if (!dev->hog) { /* TODO: Get device details and primary */ dev->hog = bt_hog_new_default("bluez-input-device", dev->vendor, dev->product, dev->version, NULL); if (!dev->hog) { error("HoG: unable to create session"); goto fail; } } if (!bt_hog_attach(dev->hog, attrib)) { error("HoG: unable to attach"); goto fail; } if (!bt_gatt_set_security(addr, BT_IO_SEC_MEDIUM)) { error("Failed to set security level"); goto fail; } DBG(""); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_CONNECTED); if (!bt_gatt_add_autoconnect(hog_app, &dev->dst)) error("hidhost: Could not add to autoconnect list"); return; fail: bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); hid_device_remove(dev); } static bool hog_connect(struct hid_device *dev) { DBG(""); if (hog_app) return bt_gatt_connect_app(hog_app, &dev->dst); hog_app = bt_gatt_register_app(HOG_UUID, GATT_CLIENT, hog_conn_cb); if (!hog_app) { error("hidhost: bt_gatt_register_app failed"); return false; } return bt_gatt_connect_app(hog_app, &dev->dst); } static void bt_hid_connect(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_connect *cmd = buf; struct hid_device *dev; uint8_t status; char addr[18]; bdaddr_t dst; GSList *l; uuid_t uuid; DBG(""); android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (l) dev = l->data; else dev = hid_device_new(&dst); if (dev->state != HAL_HIDHOST_STATE_DISCONNECTED) goto done; ba2str(&dev->dst, addr); DBG("connecting to %s", addr); if (bt_device_last_seen_bearer(&dev->dst) != BDADDR_BREDR) { if (!hog_connect(dev)) { status = HAL_STATUS_FAILED; hid_device_remove(dev); goto failed; } goto done; } sdp_uuid16_create(&uuid, PNP_INFO_SVCLASS_ID); if (bt_search_service(&adapter_addr, &dev->dst, &uuid, hid_sdp_did_search_cb, dev, NULL, 0) < 0) { error("hidhost: Failed to search DeviceID SDP details"); hid_device_remove(dev); status = HAL_STATUS_FAILED; goto failed; } done: if (dev->state == HAL_HIDHOST_STATE_DISCONNECTED) bt_hid_notify_state(dev, HAL_HIDHOST_STATE_CONNECTING); status = HAL_STATUS_SUCCESS; failed: ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_CONNECT, status); } static bool hog_disconnect(struct hid_device *dev) { DBG(""); if (dev->state == HAL_HIDHOST_STATE_DISCONNECTED) return false; bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTING); if (!bt_gatt_disconnect_app(hog_app, &dev->dst)) { bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTED); hid_device_remove(dev); } return true; } static void bt_hid_disconnect(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_disconnect *cmd = buf; struct hid_device *dev; uint8_t status; GSList *l; bdaddr_t dst; DBG(""); android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; if (bt_is_device_le(&dst)) { if (!hog_disconnect(dev)) { status = HAL_STATUS_FAILED; goto failed; } goto done; } /* Wait either channels to HUP */ if (dev->intr_io) g_io_channel_shutdown(dev->intr_io, TRUE, NULL); if (dev->ctrl_io) g_io_channel_shutdown(dev->ctrl_io, TRUE, NULL); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTING); done: status = HAL_STATUS_SUCCESS; failed: ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_DISCONNECT, status); } static bool bt_hid_write_virtual_unplug(GIOChannel *chan) { uint8_t hdr = HID_MSG_CONTROL | HID_VIRTUAL_CABLE_UNPLUG; int fd = g_io_channel_unix_get_fd(chan); if (write(fd, &hdr, sizeof(hdr)) == sizeof(hdr)) return true; error("hidhost: Error writing virtual unplug command: %s (%d)", strerror(errno), errno); return false; } static void bt_hid_virtual_unplug(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_virtual_unplug *cmd = buf; struct hid_device *dev; GSList *l; uint8_t status; bdaddr_t dst; DBG(""); android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; if (!(dev->ctrl_io)) { status = HAL_STATUS_FAILED; goto failed; } if (!bt_hid_write_virtual_unplug(dev->ctrl_io)) { status = HAL_STATUS_FAILED; goto failed; } /* Wait either channels to HUP */ if (dev->intr_io) g_io_channel_shutdown(dev->intr_io, TRUE, NULL); if (dev->ctrl_io) g_io_channel_shutdown(dev->ctrl_io, TRUE, NULL); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_DISCONNECTING); status = HAL_STATUS_SUCCESS; failed: ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_VIRTUAL_UNPLUG, status); } static void bt_hid_info(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_set_info *cmd = buf; if (len != sizeof(*cmd) + cmd->descr_len) { error("Invalid hid set info size (%u bytes), terminating", len); raise(SIGTERM); return; } /* * Data from hal_cmd_hidhost_set_info is usefull only when we create * UHID device. Once device is created all the transactions will be * done through the fd. There is no way to use this information * once device is created with HID internals. */ DBG("Not supported"); ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_SET_INFO, HAL_STATUS_UNSUPPORTED); } static void bt_hid_get_protocol(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_get_protocol *cmd = buf; struct hid_device *dev; GSList *l; bdaddr_t dst; int fd; uint8_t hdr; uint8_t status; DBG(""); switch (cmd->mode) { case HAL_HIDHOST_REPORT_PROTOCOL: case HAL_HIDHOST_BOOT_PROTOCOL: break; default: status = HAL_STATUS_INVALID; goto failed; } android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; hdr = HID_MSG_GET_PROTOCOL | cmd->mode; fd = g_io_channel_unix_get_fd(dev->ctrl_io); if (write(fd, &hdr, sizeof(hdr)) < 0) { error("hidhost: Error writing device_get_protocol: %s (%d)", strerror(errno), errno); status = HAL_STATUS_FAILED; goto failed; } dev->last_hid_msg = HID_MSG_GET_PROTOCOL; status = HAL_STATUS_SUCCESS; failed: ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_GET_PROTOCOL, status); } static void bt_hid_set_protocol(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_set_protocol *cmd = buf; struct hid_device *dev; GSList *l; bdaddr_t dst; int fd; uint8_t hdr; uint8_t status; DBG(""); switch (cmd->mode) { case HAL_HIDHOST_REPORT_PROTOCOL: case HAL_HIDHOST_BOOT_PROTOCOL: break; default: status = HAL_STATUS_INVALID; goto failed; } android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; hdr = HID_MSG_SET_PROTOCOL | cmd->mode; fd = g_io_channel_unix_get_fd(dev->ctrl_io); if (write(fd, &hdr, sizeof(hdr)) < 0) { error("hidhost: error writing device_set_protocol: %s (%d)", strerror(errno), errno); status = HAL_STATUS_FAILED; goto failed; } dev->last_hid_msg = HID_MSG_SET_PROTOCOL; status = HAL_STATUS_SUCCESS; failed: ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_SET_PROTOCOL, status); } static void bt_hid_get_report(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_get_report *cmd = buf; struct hid_device *dev; GSList *l; bdaddr_t dst; int fd; uint8_t *req; uint8_t req_size; uint8_t status; DBG(""); switch (cmd->type) { case HAL_HIDHOST_INPUT_REPORT: case HAL_HIDHOST_OUTPUT_REPORT: case HAL_HIDHOST_FEATURE_REPORT: break; default: status = HAL_STATUS_INVALID; goto failed; } android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; req_size = (cmd->buf_size > 0) ? 4 : 2; req = g_try_malloc0(req_size); if (!req) { status = HAL_STATUS_NOMEM; goto failed; } req[0] = HID_MSG_GET_REPORT | cmd->type; req[1] = cmd->id; if (cmd->buf_size > 0) { req[0] = req[0] | HID_GET_REPORT_SIZE_FIELD; put_le16(cmd->buf_size, &req[2]); } fd = g_io_channel_unix_get_fd(dev->ctrl_io); if (write(fd, req, req_size) < 0) { error("hidhost: error writing hid_get_report: %s (%d)", strerror(errno), errno); g_free(req); status = HAL_STATUS_FAILED; goto failed; } dev->last_hid_msg = HID_MSG_GET_REPORT; g_free(req); status = HAL_STATUS_SUCCESS; failed: ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_GET_REPORT, status); } static void bt_hid_set_report(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_set_report *cmd = buf; struct hid_device *dev; GSList *l; bdaddr_t dst; int fd; uint8_t *req = NULL; uint8_t req_size; uint8_t status; DBG(""); if (len != sizeof(*cmd) + cmd->len) { error("Invalid hid set report size (%u bytes), terminating", len); raise(SIGTERM); return; } switch (cmd->type) { case HAL_HIDHOST_INPUT_REPORT: case HAL_HIDHOST_OUTPUT_REPORT: case HAL_HIDHOST_FEATURE_REPORT: break; default: status = HAL_STATUS_INVALID; goto failed; } android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; if (!dev->ctrl_io && !dev->hog) { status = HAL_STATUS_FAILED; goto failed; } req_size = 1 + (cmd->len / 2); req = g_try_malloc0(req_size); if (!req) { status = HAL_STATUS_NOMEM; goto failed; } req[0] = HID_MSG_SET_REPORT | cmd->type; /* * Report data coming to HAL is in ascii format, HAL sends * data in hex to daemon, so convert to binary. */ if (!hex2buf(cmd->data, req + 1, req_size - 1)) { status = HAL_STATUS_INVALID; goto failed; } if (dev->hog) { if (bt_hog_send_report(dev->hog, req + 1, req_size - 1, cmd->type) < 0) { status = HAL_STATUS_FAILED; goto failed; } goto done; } fd = g_io_channel_unix_get_fd(dev->ctrl_io); if (write(fd, req, req_size) < 0) { error("hidhost: error writing hid_set_report: %s (%d)", strerror(errno), errno); status = HAL_STATUS_FAILED; goto failed; } dev->last_hid_msg = HID_MSG_SET_REPORT; done: status = HAL_STATUS_SUCCESS; failed: g_free(req); ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_SET_REPORT, status); } static void bt_hid_send_data(const void *buf, uint16_t len) { const struct hal_cmd_hidhost_send_data *cmd = buf; struct hid_device *dev; GSList *l; bdaddr_t dst; int fd; uint8_t *req = NULL; uint8_t req_size; uint8_t status; DBG(""); if (len != sizeof(*cmd) + cmd->len) { error("Invalid hid send data size (%u bytes), terminating", len); raise(SIGTERM); return; } android2bdaddr(&cmd->bdaddr, &dst); l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) { status = HAL_STATUS_FAILED; goto failed; } dev = l->data; if (!(dev->intr_io)) { status = HAL_STATUS_FAILED; goto failed; } req_size = 1 + (cmd->len / 2); req = g_try_malloc0(req_size); if (!req) { status = HAL_STATUS_NOMEM; goto failed; } req[0] = HID_MSG_DATA | HID_DATA_TYPE_OUTPUT; /* * Report data coming to HAL is in ascii format, HAL sends * data in hex to daemon, so convert to binary. */ if (!hex2buf(cmd->data, req + 1, req_size - 1)) { status = HAL_STATUS_INVALID; goto failed; } fd = g_io_channel_unix_get_fd(dev->intr_io); if (write(fd, req, req_size) < 0) { error("hidhost: error writing data to HID device: %s (%d)", strerror(errno), errno); status = HAL_STATUS_FAILED; goto failed; } status = HAL_STATUS_SUCCESS; failed: g_free(req); ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_HIDHOST, HAL_OP_HIDHOST_SEND_DATA, status); } static const struct ipc_handler cmd_handlers[] = { /* HAL_OP_HIDHOST_CONNECT */ { bt_hid_connect, false, sizeof(struct hal_cmd_hidhost_connect) }, /* HAL_OP_HIDHOST_DISCONNECT */ { bt_hid_disconnect, false, sizeof(struct hal_cmd_hidhost_disconnect) }, /* HAL_OP_HIDHOST_VIRTUAL_UNPLUG */ { bt_hid_virtual_unplug, false, sizeof(struct hal_cmd_hidhost_virtual_unplug) }, /* HAL_OP_HIDHOST_SET_INFO */ { bt_hid_info, true, sizeof(struct hal_cmd_hidhost_set_info) }, /* HAL_OP_HIDHOST_GET_PROTOCOL */ { bt_hid_get_protocol, false, sizeof(struct hal_cmd_hidhost_get_protocol) }, /* HAL_OP_HIDHOST_SET_PROTOCOL */ { bt_hid_set_protocol, false, sizeof(struct hal_cmd_hidhost_get_protocol) }, /* HAL_OP_HIDHOST_GET_REPORT */ { bt_hid_get_report, false, sizeof(struct hal_cmd_hidhost_get_report) }, /* HAL_OP_HIDHOST_SET_REPORT */ { bt_hid_set_report, true, sizeof(struct hal_cmd_hidhost_set_report) }, /* HAL_OP_HIDHOST_SEND_DATA */ { bt_hid_send_data, true, sizeof(struct hal_cmd_hidhost_send_data) }, }; static void connect_cb(GIOChannel *chan, GError *err, gpointer user_data) { struct hid_device *dev; bdaddr_t dst; char address[18]; uint16_t psm; GError *gerr = NULL; GSList *l; uuid_t uuid; if (err) { error("hidhost: Connect failed (%s)", err->message); return; } bt_io_get(chan, &gerr, BT_IO_OPT_DEST_BDADDR, &dst, BT_IO_OPT_PSM, &psm, BT_IO_OPT_INVALID); if (gerr) { error("hidhost: Failed to read remote address (%s)", gerr->message); g_io_channel_shutdown(chan, TRUE, NULL); g_error_free(gerr); return; } ba2str(&dst, address); DBG("Incoming connection from %s on PSM %d", address, psm); if (!bt_device_is_bonded(&dst)) { warn("hidhost: Rejecting connection from unknown device %s", address); if (psm == L2CAP_PSM_HIDP_CTRL) bt_hid_write_virtual_unplug(chan); g_io_channel_shutdown(chan, TRUE, NULL); return; } switch (psm) { case L2CAP_PSM_HIDP_CTRL: l = g_slist_find_custom(devices, &dst, device_cmp); if (l) return; dev = hid_device_new(&dst); dev->ctrl_io = g_io_channel_ref(chan); sdp_uuid16_create(&uuid, PNP_INFO_SVCLASS_ID); if (bt_search_service(&adapter_addr, &dev->dst, &uuid, hid_sdp_did_search_cb, dev, NULL, 0) < 0) { error("hidhost: Failed to search DID SDP details"); hid_device_remove(dev); return; } dev->ctrl_watch = g_io_add_watch(dev->ctrl_io, G_IO_HUP | G_IO_ERR | G_IO_NVAL, ctrl_watch_cb, dev); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_CONNECTING); break; case L2CAP_PSM_HIDP_INTR: l = g_slist_find_custom(devices, &dst, device_cmp); if (!l) return; dev = l->data; dev->intr_io = g_io_channel_ref(chan); dev->intr_watch = g_io_add_watch(dev->intr_io, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_NVAL, intr_watch_cb, dev); bt_hid_notify_state(dev, HAL_HIDHOST_STATE_CONNECTED); break; } } static void hid_unpaired_cb(const bdaddr_t *addr) { GSList *l; struct hid_device *dev; char address[18]; l = g_slist_find_custom(devices, addr, device_cmp); if (!l) return; dev = l->data; ba2str(addr, address); DBG("Unpaired device %s", address); if (hog_app) bt_gatt_remove_autoconnect(hog_app, addr); hid_device_remove(dev); } bool bt_hid_register(struct ipc *ipc, const bdaddr_t *addr, uint8_t mode) { GError *err = NULL; DBG(""); if (!bt_unpaired_register(hid_unpaired_cb)) { error("hidhost: Could not register unpaired callback"); return false; } bacpy(&adapter_addr, addr); ctrl_io = bt_io_listen(connect_cb, NULL, NULL, NULL, &err, BT_IO_OPT_SOURCE_BDADDR, &adapter_addr, BT_IO_OPT_PSM, L2CAP_PSM_HIDP_CTRL, BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW, BT_IO_OPT_INVALID); if (!ctrl_io) { error("hidhost: Failed to listen on control channel: %s", err->message); g_error_free(err); return false; } intr_io = bt_io_listen(connect_cb, NULL, NULL, NULL, &err, BT_IO_OPT_SOURCE_BDADDR, &adapter_addr, BT_IO_OPT_PSM, L2CAP_PSM_HIDP_INTR, BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW, BT_IO_OPT_INVALID); if (!intr_io) { error("hidhost: Failed to listen on interrupt channel: %s", err->message); g_error_free(err); g_io_channel_shutdown(ctrl_io, TRUE, NULL); g_io_channel_unref(ctrl_io); ctrl_io = NULL; return false; } hal_ipc = ipc; ipc_register(hal_ipc, HAL_SERVICE_ID_HIDHOST, cmd_handlers, G_N_ELEMENTS(cmd_handlers)); return true; } void bt_hid_unregister(void) { DBG(""); if (hog_app > 0) bt_gatt_unregister_app(hog_app); g_slist_free_full(devices, hid_device_free); devices = NULL; if (ctrl_io) { g_io_channel_shutdown(ctrl_io, TRUE, NULL); g_io_channel_unref(ctrl_io); ctrl_io = NULL; } if (intr_io) { g_io_channel_shutdown(intr_io, TRUE, NULL); g_io_channel_unref(intr_io); intr_io = NULL; } ipc_unregister(hal_ipc, HAL_SERVICE_ID_HIDHOST); hal_ipc = NULL; bt_unpaired_unregister(hid_unpaired_cb); }