Support Qualcomm (QTI) Bluetooth Stack

[dtrunk90]

Some users experiencing a crash once Bluetooth is enabled.

Currently confirmed to happen on the following devices:

• OnePlus 7 Pro
  • running LineageOS 18.1 (Android 11) - Reference link - ROM link
  • running Stock (Oxygen OS 10.3.8.GM21) - Reference link
• Xiaomi Redmi K20 Pro/Mi 9T Pro
  • running Pixel Experience (Android 10) - Reference link - ROM link
• Sony Xperia X Compact
  • running LineageOS 16.0 (Android 9) - ROM link

Stacktrace:

05-06 20:31:34.767 23523 23523 E AndroidRuntime: java.lang.RuntimeException: Failure delivering result ResultInfo{who=null, request=65537, result=-1, data=null} to activity {com.github.teamjcd.bpp/com.github.teamjcd.bpp.BluetoothDeviceClassSettingsActivity}: java.lang.NullPointerException: Attempt to invoke virtual method 'int android.bluetooth.BluetoothClass.getClassOfDevice()' on a null object reference
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.ActivityThread.deliverResults(ActivityThread.java:5009)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.ActivityThread.handleSendResult(ActivityThread.java:5050)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.servertransaction.ActivityResultItem.execute(ActivityResultItem.java:51)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2066)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.os.Handler.dispatchMessage(Handler.java:106)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.os.Looper.loop(Looper.java:223)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.ActivityThread.main(ActivityThread.java:7660)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at java.lang.reflect.Method.invoke(Native Method)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
05-06 20:31:34.767 23523 23523 E AndroidRuntime: Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'int android.bluetooth.BluetoothClass.getClassOfDevice()' on a null object reference
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at com.github.teamjcd.bpp.BluetoothDeviceClassSettings.saveInitialValue(BluetoothDeviceClassSettings.java:168)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at com.github.teamjcd.bpp.BluetoothDeviceClassSettings.onActivityResult(BluetoothDeviceClassSettings.java:92)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at androidx.fragment.app.FragmentActivity.onActivityResult(FragmentActivity.java:170)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.Activity.dispatchActivityResult(Activity.java:8310)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        at android.app.ActivityThread.deliverResults(ActivityThread.java:5002)
05-06 20:31:34.767 23523 23523 E AndroidRuntime:        ... 11 more

[Moranic]

Can confirm this happens on OnePlus 9 running Oxygen OS 11.2.4.4LE25BA. App crashes on startup if Bluetooth is enabled, if it isn't the app will load, request that Bluetooth is enabled and then immediately crash.

EDIT: Also crashes on Oxygen OS 11.2.5.5LE25BA. Tried updating Magisk to v23, but that did nothing either (unsurprisingly).

[dtrunk90]

Crash is fixed but it doesn't seem to forward setting the device class to the bt stack layer. Need to check again.

[dtrunk90]

Even using the JNI layer to dlopen libbluetooth.so and call set_adapter_property wouldn't work cause the Qualcomm Bluetooth stack doesn't implement the device class case.

AOSP: https://cs.android.com/android/platform/superproject/+/master:system/bt/btif/src/btif_core.cc;l=690-699;drc=master?q=btif_core.cc&ss=android%2Fplatform%2Fsuperproject
QTI: https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/system/bt/tree/btif/src/btif_core.cc?h=LA.AU.0.1.0.r6#n1050 (there is no case BT_PROPERTY_CLASS_OF_DEVICE)

As we can only use exported symbols like bluetoothInterface and only use the methods from those exported symbols like set_adapter_property which is calling btif_set_adapter_property there's no chance of getting it to work.

I need to try library injection instead as it is described here: https://fadeevab.com/shared-library-injection-on-android-8/

[dtrunk90]

There's no way to fix this. But Qualcomm finally added the missing code: https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/system/bt/tree/btif/src/btif_core.cc?h=system/bt/LA.AU.1.2.2.r1#n952

So this issue only persists for older qti bt stacks. Closing now.