Merge remote-tracking branch 'origin/LA.QSSI.11.0.R1.11.00.00.668.170.00' into fp4t-target-0414
diff --git a/binder/Android.bp b/binder/Android.bp
index adc27c4..35c3e86 100644
--- a/binder/Android.bp
+++ b/binder/Android.bp
@@ -85,6 +85,7 @@
name: "libbluetooth-binder-aidl",
srcs: [
"android/bluetooth/IBluetooth.aidl",
+ "android/bluetooth/TctExtIBluetooth.aidl",
"android/bluetooth/IBluetoothA2dp.aidl",
"android/bluetooth/IBluetoothA2dpSink.aidl",
"android/bluetooth/IBluetoothAvrcpController.aidl",
diff --git a/binder/android/bluetooth/IBluetooth.aidl b/binder/android/bluetooth/IBluetooth.aidl
index 3591589..fb4f2f5 100644
--- a/binder/android/bluetooth/IBluetooth.aidl
+++ b/binder/android/bluetooth/IBluetooth.aidl
@@ -61,7 +61,7 @@
import android.os.ParcelUuid;
import android.os.ParcelFileDescriptor;
import android.os.ResultReceiver;
-
+import android.bluetooth.TctExtIBluetooth;
/**
* System private API for talking with the Bluetooth service.
*
@@ -192,5 +192,6 @@
int getDeviceType(in BluetoothDevice device);
boolean isBroadcastActive();
+ TctExtIBluetooth getTctExtIBluetoothInterface();
}
diff --git a/binder/android/bluetooth/TctExtIBluetooth.aidl b/binder/android/bluetooth/TctExtIBluetooth.aidl
new file mode 100644
index 0000000..023869e
--- /dev/null
+++ b/binder/android/bluetooth/TctExtIBluetooth.aidl
@@ -0,0 +1,20 @@
+package android.bluetooth;
+
+import android.bluetooth.IBluetoothCallback;
+import android.bluetooth.IBluetoothStateChangeCallback;
+import android.bluetooth.BluetoothActivityEnergyInfo;
+import android.bluetooth.BluetoothDevice;
+import android.os.ParcelUuid;
+import android.os.ParcelFileDescriptor;
+
+/**
+ * System private API for talking with the Bluetooth service.
+ *
+ * {@hide}
+ */
+interface TctExtIBluetooth
+{
+ int tct_setBtTestMode(int mode);
+ //int tct_setBtChannel(int position);
+ int tct_sendDutMode(int power);
+}
diff --git a/stack/bnep/bnep_api.cc b/stack/bnep/bnep_api.cc
index 809d0b2..3cd8153 100644
--- a/stack/bnep/bnep_api.cc
+++ b/stack/bnep/bnep_api.cc
@@ -344,6 +344,12 @@
BNEP_MTU_SIZE);
osi_free(p_buf);
return (BNEP_MTU_EXCEDED);
+ } else if (p_buf->len < 2) {
+ BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
+ p_buf->len);
+ osi_free(p_buf);
+ return BNEP_IGNORE_CMD;
+
}
/* Check if the packet should be filtered out */
@@ -445,6 +451,11 @@
BNEP_TRACE_ERROR("%s length %d exceeded MTU %d", __func__, len,
BNEP_MTU_SIZE);
return (BNEP_MTU_EXCEDED);
+ } else if (len < 2) {
+ BNEP_TRACE_ERROR("%s length %d too short, must be at least 2", __func__,
+ len);
+ return BNEP_IGNORE_CMD;
+
}
if ((!handle) || (handle > BNEP_MAX_CONNECTIONS)) return (BNEP_WRONG_HANDLE);