* Add btif_profile_cleanup(uuid) method to remove pending connection
  requests for individual UUIDs
* Call the above method in each profile's clean-up method
* Add unit tests for btif_profile_queue

Bug: 63790458
Test: make, unit tests, pair and connect car kits
Change-Id: I28288c295b7ca0259b2112c11b4e5a81d6f2e33c

Bug: 65637368
Test: sl4a GattIncludedServiceTest
Change-Id: Icb882d411a75a91e3fea050f00c40e76de3539de

This is needed for resolving list handling.

Bug: 64846264
Test: updated unit tests
Change-Id: I3d9c7b90d3b69d459d33c4ca7a9849ca3a7abc40

Bug: 62561154
Test: Smart Setup, erase target, Smart Setup
Change-Id: Icba672a38772dc99a74f351301c81d66f37ee929

Allocate sufficient data on the stack that can be safely copied inside
btif_av_event_deep_copy()

Bug: 65524264
Test: Run Bluetooth on ASAN enabled build
Change-Id: Ie6d4a28933302131c58eb4aee34161e435634377

Bug: 65588660
Test: Code compilation
Change-Id: I705ec28c76f2342e18bece193005c962b9febac8

The UNIQ field can be used in the driver to detect duplicate devices.
For example, if a controller is connected via both Bluetooth and USB,
the driver can use the UNIQ field, which typically contains the unique
MAC address to identify that it's the same device.

Test: Connect a Bluetooth device and check its MAC address using
      ioctl(EVIOCGUNIQ) call.
Change-Id: I458608e845fcb24c0d615f6aef8d92ccb08d08ec

Test: build
Change-Id: I212ac76af9fab7b11d02120cae5f6eeec14baf69

Alarms from btu_bta_alarm_queue and btu_generic_alarm_queue should be
processed on the main MessageLoop thread.
Replaced obsoleted alarm_set_on_queue() alarm API with the new
alarm_set_on_mloop() API

Test: manual
Bug: 65078753
Change-Id: I54b472b39b44a6c541dbdcdad7414056d0dd4163

When deregister a gatt server, GATT_deregister
will use a loop to stop service one by one and
call std::list::erase in GATTS_StopService to
remove service info. But erase makes iterator lose
efficacy. If the iterator is operated after that,
Bluetooth will crash.

Add the iterator before erase.

Test: manual
Change-Id: I10f9351a95ab4922553d8a77663a0212407607aa

The incorrect service handle was being plumbed up to onServiceDeleted.
This was causing stale entries to stick around forever in the HandleMap,
which could later cause failures to find callback references in
ContextMap if the connection ID changed for a given device.

Bug: 65463237
Test: unit tests modified and run
Change-Id: I2e22858b447f4e6b5a4fbceee4c406191c84a67d

Also, allocate property with extra space for the null-termination string.

Test: Unit tests passing
Change-Id: I67452cb640cda752c3094c2b1a47eaa13c24e5c6

Also, minor renaming and cleanup (for consistency).

Test: Streaming A2DP headset and trigger audio stutter
Bug: 64038257
Change-Id: Id722342b596e0bf3c9c7664272b6d3e311bb82e9

Also, read the Automatic Flush Timeout when flushing the A2DP Tx queue

Test: Streaming A2DP headset and trigger audio stutter
Bug: 64038257
Change-Id: Ic49b5236328ddacde1d7f2aee131e35e317a14ef

To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.

Test: succeeded building gce_x86_phone-userdebug and confirmed that
service names were renamed correctly.
Bug: 36796459
Change-Id: Iedcb3a01e00e80c58dc76653784a3c353f34ce0a

Use the tBTA_GATTC union for |notify| in bta_gattc_process_indicate() to
avoid a stack-buffer-overflow in btif_transfer_context.

==1410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x0077c8c0c066 at pc 0x0077e50c9ae0 bp 0x0077c8c0bcd0 sp 0x0077c8c0b460

READ of size 616 at 0x0077c8c0c066 thread T38 (btu message loo)
    #0 0x77e50c9adf in __interceptor_memcpy external/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:701:5
    #1 0x77ca1e838f in memcpy(void*, void const* pass_object_size0, unsigned long) bionic/libc/include/string.h:173:12
    #2 0x77ca1e838f in btif_transfer_context(void (*)(unsigned short, char*), unsigned short, char*, int, void (*)(unsigned short, char*, char*)) system/bt/btif/src/btif_core.cc:208:0
    #3 0x77ca209853 in (anonymous namespace)::bta_gattc_cback(unsigned char, tBTA_GATTC*) system/bt/btif/src/btif_gatt_client.cc:204:7
    #4 0x77ca11455b in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1596:9
    #5 0x77ca40b4b7 in gatt_process_notification(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:664:7
    #6 0x77ca40d78f in gatt_client_handle_server_rsp(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:1119:9
    #7 0x77ca414447 in gatt_le_data_ind(unsigned short, unsigned char*, BT_HDR*) system/bt/stack/gatt/gatt_main.cc:576:7
    #8 0x77ca47665b in l2c_rcv_acl_data(BT_HDR*) system/bt/stack/l2cap/l2c_main.cc:211:9
    #9 0x77c9da50eb in base::Callback<void (), (base::internal::CopyMode)1>::Run() const external/libchrome/base/callback.h:389:12
    #10 0x77c9da50eb in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) external/libchrome/base/debug/task_annotator.cc:51:0
    #11 0x77c9df75e3 in base::MessageLoop::RunTask(base::PendingTask const&) external/libchrome/base/message_loop/message_loop.cc:494:19
    #12 0x77c9df80b7 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) external/libchrome/base/message_loop/message_loop.cc:503:5
    #13 0x77c9df8fb7 in base::MessageLoop::DoWork() external/libchrome/base/message_loop/message_loop.cc:627:13
    #14 0x77c9dfd33b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) external/libchrome/base/message_loop/message_pump_default.cc:35:31
    #15 0x77c9e4e327 in base::RunLoop::Run() external/libchrome/base/run_loop.cc:35:10
    #16 0x77ca3e97ab in btu_message_loop_run(void*) system/bt/stack/btu/btu_task.cc:98:14
    #17 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
    #18 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
    #19 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
    #20 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
    #21 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
    #22 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16

002(bluetooth) btu message loo identical 2 lines

Address 0x0077c8c0c066 is located in stack of thread T38 (btu message loo)
 at offset 646 in frame

    #0 0x77ca114293 in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1538:0

002(bluetooth) btu message loo identical 1 line

  This frame has 4 object(s):

    [32, 646) 'notify' (line 1543)
    [784, 790) 'remote_bda' (line 1544) <== Memory access at offset 646 partially underflows this variable
    [816, 817) 'gatt_if' (line 1545) <== Memory access at offset 646 partially underflows this variable
    [832, 833) 'transport' (line 1546) <== Memory access at offset 646 partially underflows this variable

HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext

      (longjmp and C++ exceptions *are* supported)

Thread T38 (btu message loo) created by T37 (bt_workqueue) here:

    #0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
    #1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
    #2 0x77ca3e9a73 in btu_task_start_up(void*) system/bt/stack/btu/btu_task.cc:127:26
    #3 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
    #4 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
    #5 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
    #6 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
    #7 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
    #8 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16

002(bluetooth) btu message loo identical 1 line

Thread T37 (bt_workqueue) created by T20 (stack_manager) here:

    #0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
    #1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
    #2 0x77ca3e936f in BTU_StartUp() system/bt/stack/btu/btu_init.cc:129:25
    #3 0x77ca2a513b in event_start_up_stack(void*) system/bt/btif/src/stack_manager.cc:146:3
    #4 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
    #5 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
    #6 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
    #7 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
    #8 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
    #9 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16

002(bluetooth) btu message loo identical 1 line

Thread T20 (stack_manager) created by T0 (droid.bluetooth) here:

    #0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
    #1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
    #2 0x77ca2a4e7f in ensure_manager_initialized() system/bt/btif/src/stack_manager.cc:238:23
    #3 0x77ca2a4e7f in stack_manager_get_interface() system/bt/btif/src/stack_manager.cc:251:0
    #4 0x77ca1b7927 in init(bt_callbacks_t*) system/bt/btif/src/bluetooth.cc:144:3
    #5 0x77ca9899fb in android::initNative(_JNIEnv*, _jobject*) packages/apps/Bluetooth/jni/com_android_bluetooth_btservice_AdapterService.cpp:663:13
    #6 0x77e1c87703 in art_quick_generic_jni_trampoline /proc/self/cwd/art/runtime/arch/arm64/quick_entrypoints_arm64.S:2329:0

    #6 0x37ab0579318381f  (<unknown module>)

002(bluetooth) btu message loo identical 1 line

SUMMARY: AddressSanitizer: stack-buffer-overflow (/system/lib64/libclang_rt.asan-aarch64-android.so+0x31adf)

Shadow bytes around the buggy address:
  0x001ef91817b0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
  0x001ef91817c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x001ef91817d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x001ef91817e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x001ef91817f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x001ef9181800: 00 00 00 00 00 00 00 00 00 00 00 00[06]f2 f2 f2
  0x001ef9181810: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 06 f2
  0x001ef9181820: f2 f2 01 f2 01 f3 f3 f3 00 00 00 00 00 00 00 00
  0x001ef9181830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x001ef9181840: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
  0x001ef9181850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb

==1410==ABORTING

Bug: 65381426

Change-Id: Ie632f131b622cc323ce68ec7be152caef23c95ec

Bug: 65255942
Test: manual
Change-Id: I212bc93149dc514517f409edc36f74e1c2895d96

Don't copy data beyond end of string when storing it as BT_PROPERTY_BDNAME
in property.
Also, update an unit test to create a string by considering the property
name length.

Test: Running unit tests with ASAN enabled
Change-Id: Iaa586b4a0942f99ba469d1ed963729e7ad721503

Added Ext Scan HCI defination for periodic scan.

Change-Id: Ic7dce5fb5207a22e4b193d84033d84126d780be5
Signed-off-by: Sagayajayasheelan Thomas <sagayajayasheelan.thomas@intel.com>

Root Cause: Configure request fails in CST_OPEN state
after a configure request IB_CFG_DONE and OB_CFG_DONE both are
cleared. Some IOT devices try to configure again in the CST_OPEN
state which fails if OB_CFG_DONE is cleared.

Fix: Clear IB_CFG_DONE and keep OB_CFG_DONE unchanged on receiving
Peer config request when channel open.

Test: Tested with Geely Carkit.
Bug: 35082459

Change-Id: I8deca0c8ff73faafc3da94dcd9ea55e06bd8a31d

Test: Manually watch some debug logs during pairing and auth processes
Change-Id: I6410b8bc00587196392ae787a6aa1d85c0c71967

Also, read the Failed Contact Counter when flushing the A2DP Tx queue

Test: Streaming A2DP headset and trigger audio stutter
Bug: 64038257
Change-Id: I8ff72560e3840c5c22cfac9613c4be670b8a4cf1

Test: manual
Bug: 64975965
Change-Id: I22ae7cad3b0ef3b7eb7ea2b7b6f93449a6363070

Also, renamed p_dev_cb to remote_bdaddr_cache.

Bug: 64975965
Test: BLE scanning
Change-Id: I518390c53c5ff2a24ac9f010464225d763b33228

* Log MAC address and UUIDs of closed connections
* Log reasons for RFCOMM closure when generic CLOSE is used
  as reason

Bug: 65080465
Test: Use profiles that use RFCOMM
Change-Id: Iff9f7537989e51d7b98f7cf1241db3f196f501d7

* Add INFO logging to add/advance/execute functions in
  btif_profile_queue
* Add ERROR logging to add failures

Bug: 65051171
Test: Try connection to multiple profiles
Change-Id: I058ad06a45eeceb4d160af472f317d08843ca6bf

Test: Code compilation
Bug: 64975965

Change-Id: I5a7ab7e0cd270c2769a3a471a506fc78a0a94533

Test: Unit tests added
Bug: 64975965
Change-Id: Id27f1ef7ec99f0761d6e2fb40bf38212ab8312a1

Test: build, grep for SMP_AUTH_GEN_BOND
Change-Id: Ic9e1950282a60e1d644d79291d9c0822ac6c973e

It is not safe to do list_next after list_remove.

Test: sl4a BleStressTest:test_le_pairing
Bug: 31442085
Change-Id: Ib4cb02154684b39ebc652d20559e1b07eee2c357

am: 797b69fe

Change-Id: Ic08764d124def613fcbb52fca68a487ded52390f

conn_handle should be uint16_t, not uint8_t.

Test: compilation test
Bug: 64232952
Change-Id: Ibce88e2cf2f74f402ea26f7471e5ac35aef6229b

am: 934457d5

Change-Id: I76258df03bef16cf4a71f3dab2412b89750e0ab7

Use RawAddress::kLength instead of sizeof(RawAddress). When copying
value using memcpy, use "->address" instead of direct instance address.

Bug: 64726342
Change-Id: Iac7e5674f7e32b53162ab734c2251e65e9d4554c

am: 75af5357

Change-Id: I7ef5175514d7f1483743c20c916854f1e4cce687