Bug: 282851784
Test: Pair only left bud
(cherry picked from https://android-review.googlesource.com/q/commit:e1175892b5f6d6d215f42d4b052258b3d5e2ce94)
Merged-In: Ib4fac3bd7c54ec5fe868804fb32ca94f2e15928c
Change-Id: Ib4fac3bd7c54ec5fe868804fb32ca94f2e15928c

After pairing over BR/EDR transport, service search is scheduled over the transport depending upon device type. If device type is not correct for any reason, service search may get started over LE transport. In such case, btif_dm may continue to wait for SDP search results for reseting pairing state, thus blocking further pairing attempts.

Bug: 282733852
Test: Pair with dual mode devices
(cherry picked from https://android-review.googlesource.com/q/commit:d6c6d68524ec26b0f9c243a7a6e9066f40a6aeee)
Merged-In: Ib5124fcf334a357495a57abee5bd6050248c7eb2
Change-Id: Ib5124fcf334a357495a57abee5bd6050248c7eb2

With this patch p_dev_rec will have updated device type based on the
inquire database.
This is needed for dual mode bonding, when first bond over LE and later
it triest to bond over BR/EDR.
Note: At that time BTM_GetPeerDeviceTypeFromFeatures will not return any
type as it is working only when BR/EDR is connected

Bug: 282733852
Test: manual
Tag: feature
(cherry picked from https://android-review.googlesource.com/q/commit:f6a115c6f386de1f40781eb12daeb84b434a947b)
Merged-In: I69d708153de45c9c503eb71915ac6ccdddf98c12
Change-Id: I69d708153de45c9c503eb71915ac6ccdddf98c12

Right now, if GATT discovery fails, we would prevent any services from
being connected in Settings on dual mode device.

After this patch, if LE GATT discovery fails, we will fall back to
SDP only services, which should keep the audio devices usable.

Bug: 278804760
Test: pair with LE Audio capable device that would fail to establish LE
connection, or time out during GATT service discovery
(cherry picked from https://android-review.googlesource.com/q/commit:4d5d871ab40ab59e25332be14e8d7187a7f95450)
Merged-In: I734f792cb841d44e04748fd421fbfe458bb4ff41
Change-Id: I734f792cb841d44e04748fd421fbfe458bb4ff41

We should remove CIG only when there is no active ASEs.
In this patch we also add a guard which block creating CIS when CIG is
not exist.

Bug: 282506986
Test: atest bluetooth_le_audio_test bluetooth_le_audio_client_test
Test: BluetoothInstrumentationTests
Tag: #feature
(cherry picked from https://android-review.googlesource.com/q/commit:ada7d88af8b646cf0cccd226480ea0242a5818c1)
Merged-In: I4943ed9869945f6d63c4f77c8f9c199aaa345a08
Change-Id: I4943ed9869945f6d63c4f77c8f9c199aaa345a08

(cherry picked from https://android-review.googlesource.com/q/commit:c4b6d03982a04e9b42c02273b4b07a647884d3ba)
Bug: 285958436
Merged-In: Idecd58c6b8e2ad17e074cef82f04255910fc3c10
Change-Id: Idecd58c6b8e2ad17e074cef82f04255910fc3c10

Legacy stack kept Identity Address Type without the identity bit set.
It is later passed without any masking to "Add to accept list", "add to
resolving list", and VSC filter command. All these commands specify that
the identity bit should not be set in related specifications.

This is a CP with partial revert of aosp/2030646.

Test: manual test with DCK application
Bug: 201255908
Bug: 280811285
(cherry picked from https://android-review.googlesource.com/q/commit:081966285a12d053e1410868afef4edb575a2fc8)
Merged-In: Id68e81a6706ac40d7394e2803ec3339a7bc44a0a
Change-Id: Id68e81a6706ac40d7394e2803ec3339a7bc44a0a

Bug: 201255908
Bug: 280811285
Test: manually tested against phone with sample IRK scanning app
(cherry picked from https://android-review.googlesource.com/q/commit:fe2d40d739f225cdef2bcae2666f40977ebdb1e6)
Merged-In: I58f8caf2c29bf2b12db2e595d42295b65dc4fa13
Change-Id: I58f8caf2c29bf2b12db2e595d42295b65dc4fa13

Bug: 282824342
Test: Manual
(cherry picked from https://android-review.googlesource.com/q/commit:41000d71011aa5d0e5b293f38a5a5cb2c38c69d9)
Merged-In: I7378459c3a7738b22e53bf8c5d3bdda417c288ef
Change-Id: I7378459c3a7738b22e53bf8c5d3bdda417c288ef

have more control on possible phy update collision

Test: manual
Bug: 280693404
(cherry picked from https://android-review.googlesource.com/q/commit:5674f0de5dd5370de3a6134bd2d7e36e68b2ab33)
Merged-In: Ib57abf4887310ca704b94f3b9938d339f6e194b3
Change-Id: Ib57abf4887310ca704b94f3b9938d339f6e194b3

Some HA companies need packet sequence number to align with real world time.
Limit drop frequency to decrease clock drift heuristic's impact.

Test: manual
Bug: 233715486
(cherry picked from https://android-review.googlesource.com/q/commit:15bfb90d87623d387f1a6d504e47092e4988b663)
Merged-In: Ie698626e27aa28d02a775287e68173e8e79c249e
Change-Id: Ie698626e27aa28d02a775287e68173e8e79c249e

Bug: 282731464
Test: net_test_stack_smp
(cherry picked from https://android-review.googlesource.com/q/commit:7a639a84b58e349628916fd44db6da2ead3aeb89)
Merged-In: I15f52663b0a63399bbb37fdd278cd97a8d84bdbf
Change-Id: I15f52663b0a63399bbb37fdd278cd97a8d84bdbf

This reverts commit ff263c53.

Reason for revert: b/283393411
(cherry picked from https://android-review.googlesource.com/q/commit:4ff9b6513dcce62f3e81b8f8cd6ecffb1d7a7459)
Merged-In: Idb4bea1b68c543891cfc7ebb953f1ebfd081e8af
Change-Id: Idb4bea1b68c543891cfc7ebb953f1ebfd081e8af

Reason for revert: libbitflags 2.2.1 is not in udc-dev

This reverts commit e53ccc57.

Bug: 279460991

Change-Id: I7bf47376b709b21d0451afd07748bcedc7507592
Merged-In: I67a64634a5f1bd320f983154c25ba2b7e2a813dc

Caused crashlooping on MTE builds.

Ignore-AOSP-First: security
Test: manual
Bug: 281346084
(cherry picked from commit 063d2966)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:152913742eedf1cab590c76f4dddf3b4e686994a)
Merged-In: I94ecdfe3f091a2b2969471c316035e3cea64773c
Change-Id: I94ecdfe3f091a2b2969471c316035e3cea64773c

Bug: 280633699
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: Iaa4d603921fc4ffb8cfb5783f99ec0963affd6a2

Local variables tracking structure size in build_read_multi_rsp are of
uint16 type but accept a full uint16 range from function arguments while
appending a fixed-length offset.  This can lead to an integer overflow
and unexpected behavior.

Change the locals to size_t, and add a check during reasssignment.

Bug: 273966636
Test: atest bluetooth_test_gd_unit, net_test_stack_btm
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I3a74bdb0d003cb6bf4f282615be8c68836676715
(cherry picked from commit 70a4d628)

Bug: 281421902
Test: Manual

Change-Id: Ifd259484628175f30e400cfa490b8086a841a0e2

When GATT service search is triggered on LTK derivation, bta_dm tries to connect over LE if LE ACL does not exists already. If the remote device is removed before LE ACL could be established, service search state is not reset. This blocks furthers requests for device or service discovery.

Change-Id: Ie080940179ba51edf3a223fbe3e896ef78c720cf
Test: Remove the bond within 30 seconds of pairing, try finding new devices
Bug: 281449565

Bug: 281418648
Test: None

Change-Id: I33dfadbdbade96e06e45d3a5491f196f83c9849d

The tx mtu in EATT can be controlled by remote device. With malicious
mtu values, it is possible to trigger integer overflow and
OOB write at multiple places (see the bug below).

This fix enforces a max tx mtu in EATT.

Bug: 271335899
Test: manual
Ignore-AOSP-First: security
Tag: #security
Merged-In: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31
Change-Id: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31

The tx mtu in EATT can be controlled by remote device. With malicious
mtu values, it is possible to trigger integer overflow and
OOB write at multiple places (see the bug below).

This fix enforces a max tx mtu in EATT.

Bug: 271335899
Test: manual
Ignore-AOSP-First: security
Tag: #security
Change-Id: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31

Test: compile
Bug: 274000898
Change-Id: I226774470ee60596f184c529fff60cff42cd7b71

Bug: 260006855
Test: atest bluetooth_unit_test_gd
Change-Id: Ia89d59762a045dc18993ee252676dd0e7ba29549

Bug: 260006855
Test: atest bluetooth_unit_test_gd
Change-Id: Ifbc7bc4eadfd2eda8ad7d501895d76043466eb73

The storage layer already saves the config when it is modified.

Bug: 260006855
Test: atest BluetoothInstrumentationTests
Change-Id: I61100b3fcfe2ca4b71a61286b8f0f4ba5575b3bc

Add tests to bluetooth_test_gd_unit
Use FakeTime for timing dependent tests
Test that modifications cause writes

Bug: 260006855
Test: atest bluetooth_test_gd_unit
Change-Id: Ic4ae9c8f84a69fa903d033b113b7125d9b3f6acc

Bug: 260006855
Test: atest bluetooth_test_gd_unit
Change-Id: I704b13adb260669ff46948bc9254fea5b6fae1f0

Bug: 260006855
Test: atest bluetooth_unit_test_gd
Change-Id: I25282fe9da887d642a19f2b0486dcb2578bdcbbd

After the file is loaded from storage, each change to the storage calls
SaveDelayed through the persistent_config_changed_callback.  If that has
been called, write the config to disk when shutting down the storage
module, otherwise do nothing.

Bug: 260006855
Test: atest bluetooth_unit_test_gd
Change-Id: I7b653032aa3398d2f95236065572ba7fe733ed9c

Bug: 281763015
Test: Manual

Change-Id: I320d7ed678028df3014c338a85504a4e231cd4ee

Bug: 281498218
Test: net_test_main_shim

Change-Id: I5212fa766c6f709b708fa3f3f65d0e2b71bfa6aa

android.hardware.bluetooth.audio-V3-ndk.so is not present on the system
image if neither the APEX or the HAL bring it in.

Make the test able to work on system image without this library
by linking it statically.

Bug: 279502784
Fix: 267212763

Test: mma
Change-Id: I3ea3fc11d57b7c8149c87608d2149dbe306a5cb8

Bug: 279502784
Bug: 267212763

Test: mma
Change-Id: Idbe70708f65a1e8d7abf2715f3d2ac694e8a2a98

Currently, libchrome logs are discarded entirely. In this CL, we hijack
the messages and send them to syslog before they are gone.

Note that `TraceConf` needs to be set in `bt_stack.conf` before this
takes effect.

Bug: 279873537
Tag: #floss
Test: Build and verify
Change-Id: I9189946aed140dc185d8a8965609e57b31f1b1d8

If connection attempt fails (e.g. due to peer is offline), the
already allocated pending SDP calls are not cleared. This causes
the profiles not getting the proper failure events.

This CL clears the pending SDP connections.

Bug: 256217912
Tag: #floss
Test: Manual test in comment#6 and comment#11 of the bug
(cherry picked from https://android-review.googlesource.com/q/commit:c4df2ef1cd2cbcf998157c558a619f84c7f3e266)
Merged-In: I27fd91e0b2e80531cad1d334001e86ea2960b9b1
Change-Id: I27fd91e0b2e80531cad1d334001e86ea2960b9b1
Bug: 263323082

The bit-flip seems to have broken the authentication sequence
for incoming RFCOMM connections.

Bug: 268273571
Test: atest BluetoothInstrumentationTests
Test: Manual (see comment#1 in bug)
Ignore-AOSP-First: Security fix.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f0cbbdde0f34dc866cc756f4ee70d371ada33e4c)
Merged-In: I52b4c2f8d595e3d7be3fb18818f8b7f93271fb32
Change-Id: I52b4c2f8d595e3d7be3fb18818f8b7f93271fb32

For compatibility with the new version of libbitflags (2.2.1), implement
Copy, Clone, Debug, PartialEq, Eq for AttPermissions.

Test: Build
(cherry picked from https://android-review.googlesource.com/q/commit:0914969eaf6593391c8fdd75e8cade1c0efda752)
Merged-In: I67a64634a5f1bd320f983154c25ba2b7e2a813dc
Change-Id: I67a64634a5f1bd320f983154c25ba2b7e2a813dc

Bug: 279502784
Bug: 267212763

Test: Presubmit
Change-Id: Ibb11f95739fcd86d5ec7239c747449d5cf86724b

If we hit an LMP timeout, we may have pending security operations while
in the IDLE state. If we then get an encryption change event while in
IDLE, we should handle it, as otherwise these security operations will
be unhandled.

Test: manual
Bug: 267672620
(cherry picked from https://android-review.googlesource.com/q/commit:ddb86a183f311f8f6f82178d011a18fe2d2cc1b1)
Merged-In: I61c6eb5bd72ba6c3dac1186de1b893e5b461e368
Change-Id: I61c6eb5bd72ba6c3dac1186de1b893e5b461e368
Bug: 263323082