From ee02e1ce774777e85b10be6d1ad5c6083fa08c18 Mon Sep 17 00:00:00 2001
From: Jakub Pawlowski <jpawlowski@google.com>
Date: Mon, 28 Aug 2017 04:12:49 -0700
Subject: [PATCH] Fix GATT client leakage when scan is throttled (1/2)

Currently, scan throttling happens after client is registered, but
before the scan is started. This might lead to scan client being leaked.
This patch fixed that by moving check before client registration.

Bug: 64887233
Test: manual
Change-Id: I22ae624a0c51110cb69679f796926e3b2b36d0ac
---
 core/java/android/bluetooth/le/BluetoothLeScanner.java | 10 +++++++++-
 core/java/android/bluetooth/le/ScanCallback.java       |  6 ++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/core/java/android/bluetooth/le/BluetoothLeScanner.java b/core/java/android/bluetooth/le/BluetoothLeScanner.java
index 19fab37a10978..ad9e20b9292cb 100644
--- a/core/java/android/bluetooth/le/BluetoothLeScanner.java
+++ b/core/java/android/bluetooth/le/BluetoothLeScanner.java
@@ -344,6 +344,7 @@ public final class BluetoothLeScanner {
         private List<List<ResultStorageDescriptor>> mResultStorages;
 
         // mLeHandle 0: not registered
+        // -2: registration failed because app is scanning to frequently
         // -1: scan stopped or registration failed
         // > 0: registered and scan started
         private int mScannerId;
@@ -364,7 +365,7 @@ public final class BluetoothLeScanner {
         public void startRegistration() {
             synchronized (this) {
                 // Scan stopped.
-                if (mScannerId == -1) return;
+                if (mScannerId == -1 || mScannerId == -2) return;
                 try {
                     mBluetoothGatt.registerScanner(this, mWorkSource);
                     wait(REGISTRATION_CALLBACK_TIMEOUT_MILLIS);
@@ -378,6 +379,10 @@ public final class BluetoothLeScanner {
                     // Registration timed out or got exception, reset scannerId to -1 so no
                     // subsequent operations can proceed.
                     if (mScannerId == 0) mScannerId = -1;
+
+                    // If scanning too frequently, don't report anything to the app.
+                    if (mScannerId == -2) return;
+
                     postCallbackError(mScanCallback,
                             ScanCallback.SCAN_FAILED_APPLICATION_REGISTRATION_FAILED);
                 }
@@ -437,6 +442,9 @@ public final class BluetoothLeScanner {
                         Log.e(TAG, "fail to start le scan: " + e);
                         mScannerId = -1;
                     }
+                } else if (status == ScanCallback.SCAN_FAILED_SCANNING_TOO_FREQUENTLY) {
+                    // applicaiton was scanning too frequently
+                    mScannerId = -2;
                 } else {
                     // registration failed
                     mScannerId = -1;
diff --git a/core/java/android/bluetooth/le/ScanCallback.java b/core/java/android/bluetooth/le/ScanCallback.java
index fcbc2c74f0dd6..53d9310a12366 100644
--- a/core/java/android/bluetooth/le/ScanCallback.java
+++ b/core/java/android/bluetooth/le/ScanCallback.java
@@ -51,6 +51,12 @@ public abstract class ScanCallback {
      */
     public static final int SCAN_FAILED_OUT_OF_HARDWARE_RESOURCES = 5;
 
+    /**
+     * Fails to start scan as application tries to scan too frequently.
+     * @hide
+     */
+    public static final int SCAN_FAILED_SCANNING_TOO_FREQUENTLY = 6;
+
     static final int NO_ERROR = 0;
 
     /**