1 /******************************************************************************
2 *
3 * Copyright (C) 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains GATT database building and query functions
22 *
23 ******************************************************************************/
24
25 #include "common/bt_target.h"
26
27 #if BLE_INCLUDED == TRUE && GATTS_INCLUDED == TRUE
28
29 #include "common/bt_trace.h"
30 #include "osi/allocator.h"
31
32 //#include <stdio.h>
33 #include <string.h>
34 #include "gatt_int.h"
35 #include "stack/l2c_api.h"
36 #include "btm_int.h"
37 #include "common/bte_appl.h"
38
39 /********************************************************************************
40 ** L O C A L F U N C T I O N P R O T O T Y P E S *
41 *********************************************************************************/
42 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
43 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm);
44 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
45 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
46
47 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri);
48 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
49 UINT16 handle, UINT16 offset, UINT32 trans_id, BOOLEAN need_rsp);
50 static BOOLEAN gatts_add_char_desc_value_check (tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control);
51
52 /*******************************************************************************
53 **
54 ** Function gatts_init_service_db
55 **
56 ** Description This function initialize a memory space to be a service database.
57 **
58 ** Parameter p_db: database pointer.
59 ** len: size of the memory space.
60 **
61 ** Returns Status of te operation.
62 **
63 *******************************************************************************/
gatts_init_service_db(tGATT_SVC_DB * p_db,tBT_UUID * p_service,BOOLEAN is_pri,UINT16 s_hdl,UINT16 num_handle)64 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri,
65 UINT16 s_hdl, UINT16 num_handle)
66 {
67 if (p_db->svc_buffer == NULL) { //in case already alloc
68 p_db->svc_buffer = fixed_queue_new(QUEUE_SIZE_MAX);
69 }
70
71 if (!allocate_svc_db_buf(p_db)) {
72 GATT_TRACE_ERROR("gatts_init_service_db failed, no resources\n");
73 return FALSE;
74 }
75
76 GATT_TRACE_DEBUG("gatts_init_service_db\n");
77 GATT_TRACE_DEBUG("s_hdl = %d num_handle = %d\n", s_hdl, num_handle );
78
79 /* update service database information */
80 p_db->next_handle = s_hdl;
81 p_db->end_handle = s_hdl + num_handle;
82
83 return gatts_db_add_service_declaration(p_db, p_service, is_pri);
84 }
85
86 /*******************************************************************************
87 **
88 ** Function gatts_init_service_db
89 **
90 ** Description This function initialize a memory space to be a service database.
91 **
92 ** Parameter p_db: database pointer.
93 ** len: size of the memory space.
94 **
95 ** Returns Status of te operation.
96 **
97 *******************************************************************************/
gatts_get_service_uuid(tGATT_SVC_DB * p_db)98 tBT_UUID *gatts_get_service_uuid (tGATT_SVC_DB *p_db)
99 {
100 if (!p_db || !p_db->p_attr_list) {
101 GATT_TRACE_ERROR("service DB empty\n");
102
103 return NULL;
104 } else {
105 return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
106 }
107 }
108
109 /*******************************************************************************
110 **
111 ** Function gatts_check_attr_readability
112 **
113 ** Description check attribute readability
114 **
115 ** Returns status of operation.
116 **
117 *******************************************************************************/
gatts_check_attr_readability(tGATT_ATTR16 * p_attr,UINT16 offset,BOOLEAN read_long,tGATT_SEC_FLAG sec_flag,UINT8 key_size)118 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
119 UINT16 offset,
120 BOOLEAN read_long,
121 tGATT_SEC_FLAG sec_flag,
122 UINT8 key_size)
123 {
124 UINT16 min_key_size;
125 tGATT_PERM perm = p_attr->permission;
126
127 UNUSED(offset);
128 #if SMP_INCLUDED == TRUE
129 min_key_size = bte_appl_cfg.ble_appl_enc_key_size;
130 #else
131 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
132 if (min_key_size != 0 ) {
133 min_key_size += 6;
134 }
135 #endif
136
137 if (!(perm & GATT_READ_ALLOWED)) {
138 GATT_TRACE_ERROR( "GATT_READ_NOT_PERMIT\n");
139 return GATT_READ_NOT_PERMIT;
140 }
141
142 if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
143 !(sec_flag & BTM_SEC_FLAG_ENCRYPTED)) {
144 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION\n");
145 return GATT_INSUF_AUTHENTICATION;
146 }
147
148 if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) {
149 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION: MITM Required\n");
150 return GATT_INSUF_AUTHENTICATION;
151 }
152
153 if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
154 GATT_TRACE_ERROR( "GATT_INSUF_ENCRYPTION\n");
155 return GATT_INSUF_ENCRYPTION;
156 }
157
158 if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) {
159 GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE\n");
160 return GATT_INSUF_KEY_SIZE;
161 }
162 /* LE Authorization check*/
163 if ((perm & GATT_READ_AUTHORIZATION) && (!(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED) || !(sec_flag & GATT_SEC_FLAG_AUTHORIZATION))) {
164 GATT_TRACE_ERROR( "GATT_INSUF_AUTHORIZATION\n");
165 return GATT_INSUF_AUTHORIZATION;
166 }
167
168 if (read_long) {
169 switch (p_attr->uuid) {
170 case GATT_UUID_PRI_SERVICE:
171 case GATT_UUID_SEC_SERVICE:
172 case GATT_UUID_CHAR_DECLARE:
173 case GATT_UUID_INCLUDE_SERVICE:
174 case GATT_UUID_CHAR_EXT_PROP:
175 case GATT_UUID_CHAR_CLIENT_CONFIG:
176 case GATT_UUID_CHAR_SRVR_CONFIG:
177 case GATT_UUID_CHAR_PRESENT_FORMAT:
178 GATT_TRACE_ERROR("GATT_NOT_LONG\n");
179 return GATT_NOT_LONG;
180
181 default:
182 break;
183 }
184 }
185
186 return GATT_SUCCESS;
187 }
188
189 /*******************************************************************************
190 **
191 ** Function read_attr_value
192 **
193 ** Description Utility function to read an attribute value.
194 **
195 ** Parameter p_attr: pointer to the attribute to read.
196 ** offset: read offset.
197 ** p_value: output parameter to carry out the attribute value.
198 ** p_len: output parameter to carry out the attribute length.
199 ** read_long: this is a read blob request.
200 ** mtu: MTU
201 ** sec_flag: current link security status.
202 ** key_size: encryption key size.
203 **
204 ** Returns status of operation.
205 **
206 *******************************************************************************/
read_attr_value(void * p_attr,UINT16 offset,UINT8 ** p_data,BOOLEAN read_long,UINT16 mtu,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)207 static tGATT_STATUS read_attr_value (void *p_attr,
208 UINT16 offset,
209 UINT8 **p_data,
210 BOOLEAN read_long,
211 UINT16 mtu,
212 UINT16 *p_len,
213 tGATT_SEC_FLAG sec_flag,
214 UINT8 key_size)
215 {
216 UINT16 len = 0, uuid16 = 0;
217 UINT8 *p = *p_data;
218 tGATT_STATUS status;
219 tGATT_ATTR16 *p_attr16 = (tGATT_ATTR16 *)p_attr;
220
221 GATT_TRACE_DEBUG("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d\n",
222 p_attr16->uuid,
223 p_attr16->permission,
224 sec_flag,
225 offset,
226 read_long);
227
228 status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
229
230 if (status != GATT_SUCCESS) {
231 return status;
232 }
233
234 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16) {
235 uuid16 = p_attr16->uuid;
236 }
237
238 status = GATT_NO_RESOURCES;
239
240 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE) {
241 len = p_attr16->p_value->uuid.len;
242 if (mtu >= p_attr16->p_value->uuid.len) {
243 gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
244 status = GATT_SUCCESS;
245 }
246 } else if (uuid16 == GATT_UUID_CHAR_DECLARE) {
247 len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 : 19;
248
249 if (mtu >= len) {
250 UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
251 UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
252
253 if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) {
254 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
255 }
256 /* convert a 32bits UUID to 128 bits */
257 else if (((tGATT_ATTR32 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_32) {
258 gatt_convert_uuid32_to_uuid128 (p, ((tGATT_ATTR32 *)(p_attr16->p_next))->uuid);
259 p += LEN_UUID_128;
260 } else {
261 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
262 }
263 status = GATT_SUCCESS;
264 }
265
266 } else if (uuid16 == GATT_UUID_INCLUDE_SERVICE) {
267 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16) {
268 len = 6;
269 } else {
270 len = 4;
271 }
272
273 if (mtu >= len) {
274 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
275 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
276
277 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16) {
278 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
279 }
280 status = GATT_SUCCESS;
281 }
282 } else { /* characteristic description or characteristic value */
283 if (p_attr16->control.auto_rsp == GATT_RSP_BY_STACK) {
284 if (p_attr16->p_value == NULL || p_attr16->p_value->attr_val.attr_val == NULL) {
285 status = GATT_UNKNOWN_ERROR;
286 }
287 else if (offset > p_attr16->p_value->attr_val.attr_len){
288 /*if offset equal to max_len, should respond with zero byte value
289 //if offset is greater than max_len, should respond with an error*/
290 status = GATT_INVALID_OFFSET;
291 } else {
292 UINT8 *value = (UINT8 *)(p_attr16->p_value->attr_val.attr_val) + offset;
293 UINT16 len_left = p_attr16->p_value->attr_val.attr_len - offset;
294 len = (mtu >= len_left) ? (len_left) : mtu;
295 ARRAY_TO_STREAM(p, value, len);
296 status = GATT_STACK_RSP;
297 }
298
299 } else {
300 status = GATT_PENDING;
301 }
302 }
303
304 *p_len = len;
305 *p_data = p;
306 return status;
307 }
308
309 /*******************************************************************************
310 **
311 ** Function gatts_db_read_attr_value_by_type
312 **
313 ** Description Query attribute value by attribute type.
314 **
315 ** Parameter p_db: pointer to the attribute database.
316 ** p_rsp: Read By type response data.
317 ** s_handle: starting handle of the range we are looking for.
318 ** e_handle: ending handle of the range we are looking for.
319 ** type: Attribute type.
320 ** mtu: MTU.
321 ** sec_flag: current link security status.
322 ** key_size: encryption key size.
323 **
324 ** Returns Status of the operation.
325 **
326 *******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,BT_HDR * p_rsp,UINT16 s_handle,UINT16 e_handle,tBT_UUID type,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id,UINT16 * p_cur_handle)327 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB *p_tcb,
328 tGATT_SVC_DB *p_db,
329 UINT8 op_code,
330 BT_HDR *p_rsp,
331 UINT16 s_handle,
332 UINT16 e_handle,
333 tBT_UUID type,
334 UINT16 *p_len,
335 tGATT_SEC_FLAG sec_flag,
336 UINT8 key_size,
337 UINT32 trans_id,
338 UINT16 *p_cur_handle)
339 {
340 tGATT_STATUS status = GATT_NOT_FOUND;
341 tGATT_ATTR16 *p_attr;
342 UINT16 len = 0;
343 UINT8 *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
344 tBT_UUID attr_uuid;
345 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
346 UINT8 flag;
347 #endif
348 BOOLEAN need_rsp;
349 BOOLEAN have_send_request = false;
350
351 if (p_db && p_db->p_attr_list) {
352 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
353
354 while (p_attr && p_attr->handle <= e_handle) {
355 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) {
356 attr_uuid.len = LEN_UUID_16;
357 attr_uuid.uu.uuid16 = p_attr->uuid;
358 } else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32) {
359 attr_uuid.len = LEN_UUID_32;
360 attr_uuid.uu.uuid32 = ((tGATT_ATTR32 *)p_attr)->uuid;
361 } else {
362 attr_uuid.len = LEN_UUID_128;
363 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
364 }
365
366 if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid)) {
367 if (*p_len <= 2) {
368 status = GATT_NO_RESOURCES;
369 break;
370 }
371
372 UINT16_TO_STREAM (p, p_attr->handle);
373
374 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len - 2), &len, sec_flag, key_size);
375 if (status == GATT_PENDING) {
376
377
378 need_rsp = TRUE;
379 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id, need_rsp);
380
381 /* one callback at a time */
382 break;
383 } else if (status == GATT_SUCCESS || status == GATT_STACK_RSP) {
384 if (status == GATT_STACK_RSP){
385 need_rsp = FALSE;
386 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id, need_rsp);
387 if(status == GATT_BUSY)
388 break;
389
390 if (!have_send_request){
391 have_send_request = true;
392 trans_id = p_tcb->sr_cmd.trans_id;
393 }
394 }
395
396 if (p_rsp->offset == 0) {
397 p_rsp->offset = len + 2;
398 }
399
400 if (p_rsp->offset == len + 2) {
401 p_rsp->len += (len + 2);
402 *p_len -= (len + 2);
403 } else {
404 GATT_TRACE_WARNING("format mismatch");
405 status = GATT_NO_RESOURCES;
406 break;
407 }
408 } else {
409 *p_cur_handle = p_attr->handle;
410 break;
411 }
412 }
413 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
414 }
415 }
416
417 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
418 if (BTM_GetSecurityFlags(p_tcb->peer_bda, &flag)) {
419 if ((p_tcb->att_lcid == L2CAP_ATT_CID) && (status == GATT_PENDING) &&
420 (type.uu.uuid16 == GATT_UUID_GAP_DEVICE_NAME)) {
421 if ((flag & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_FLAG_ENCRYPTED)) ==
422 BTM_SEC_LINK_KEY_KNOWN) {
423 tACL_CONN *p;
424 p = btm_bda_to_acl(p_tcb->peer_bda, BT_TRANSPORT_LE);
425 if ((p != NULL) && (p->link_role == BTM_ROLE_MASTER)) {
426 tBTM_BLE_SEC_ACT sec_act = BTM_BLE_SEC_ENCRYPT;
427 btm_ble_set_encryption(p_tcb->peer_bda, &sec_act, p->link_role);
428 }
429 }
430 }
431 }
432 #endif
433 return status;
434 }
435
436 /*******************************************************************************
437 **
438 ** Function gatts_add_included_service
439 **
440 ** Description This function adds an included service into a database.
441 **
442 ** Parameter p_db: database pointer.
443 ** inc_srvc_type: included service type.
444 **
445 ** Returns Status of the operation.
446 **
447 *******************************************************************************/
gatts_add_included_service(tGATT_SVC_DB * p_db,UINT16 s_handle,UINT16 e_handle,tBT_UUID service)448 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
449 tBT_UUID service)
450 {
451 tGATT_ATTR16 *p_attr;
452 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_INCLUDE_SERVICE}};
453
454 GATT_TRACE_DEBUG("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
455 s_handle, e_handle, service.uu.uuid16);
456
457 if (service.len == 0 || s_handle == 0 || e_handle == 0) {
458 GATT_TRACE_ERROR("gatts_add_included_service Illegal Params.");
459 return 0;
460 }
461
462 BOOLEAN is_include_service_allowed = TRUE;
463 // service declaration
464 tGATT_ATTR16 *first_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
465 if (p_db->p_attr_list != NULL) {
466 tGATT_ATTR16 *next_attr = (tGATT_ATTR16 *)first_attr->p_next;
467 /* This service already has other attributes */
468 while (next_attr != NULL) {
469 if (!(next_attr->uuid_type == GATT_ATTR_UUID_TYPE_16 && next_attr->uuid == GATT_UUID_INCLUDE_SERVICE)) {
470 is_include_service_allowed = FALSE;
471 break;
472 }
473 next_attr = (tGATT_ATTR16 *)next_attr->p_next;
474 }
475
476 }
477 if (!is_include_service_allowed) {
478 GATT_TRACE_ERROR("%s error, The include service should be added before adding the characteristics", __func__);
479 return 0;
480 }
481
482 if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL) {
483 if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC))) {
484 p_attr->p_value->incl_handle.s_handle = s_handle;
485 p_attr->p_value->incl_handle.e_handle = e_handle;
486 memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
487
488 return p_attr->handle;
489 } else {
490 deallocate_attr_in_db(p_db, p_attr);
491 }
492 }
493
494 return 0;
495 }
496
497 /*******************************************************************************
498 **
499 ** Function gatts_add_characteristic
500 **
501 ** Description This function add a characteristics and its descriptor into
502 ** a servce identified by the service database pointer.
503 **
504 ** Parameter p_db: database pointer.
505 ** perm: permission (authentication and key size requirements)
506 ** property: property of the characteristic.
507 ** p_char: characteristic value information.
508 **
509 ** Returns Status of te operation.
510 **
511 *******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB * p_db,tGATT_PERM perm,tGATT_CHAR_PROP property,tBT_UUID * p_char_uuid,tGATT_ATTR_VAL * attr_val,tGATTS_ATTR_CONTROL * control)512 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
513 tGATT_CHAR_PROP property,
514 tBT_UUID *p_char_uuid, tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
515 {
516 tGATT_ATTR16 *p_char_decl, *p_char_val;
517 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}};
518 BOOLEAN status;
519
520 GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x\n", perm, property);
521 /* parameter validation check */
522 status = gatts_add_char_desc_value_check(attr_val, control);
523 if (status == FALSE){
524 return 0;
525 }
526
527
528 if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL) {
529 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL))) {
530 deallocate_attr_in_db(p_db, p_char_decl);
531 return 0;
532 }
533
534 p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_char_uuid, perm);
535
536 if (p_char_val == NULL) {
537 deallocate_attr_in_db(p_db, p_char_decl);
538 return 0;
539 }
540
541 p_char_decl->p_value->char_decl.property = property;
542 p_char_decl->p_value->char_decl.char_val_handle = p_char_val->handle;
543 if (control != NULL) {
544 p_char_val->control.auto_rsp = control->auto_rsp;
545 } else {
546 p_char_val->control.auto_rsp = GATT_RSP_DEFAULT;
547 }
548
549 if (attr_val != NULL) {
550 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_val->p_value, sizeof(tGATT_ATTR_VAL))) {
551 deallocate_attr_in_db(p_db, p_char_val);
552 return 0;
553 }
554 GATT_TRACE_DEBUG("attr_val->attr_len = %x, attr_val->attr_max_len = %x\n", attr_val->attr_len, attr_val->attr_max_len);
555 GATT_TRACE_DEBUG("attribute handle = %x\n", p_char_val->handle);
556 p_char_val->p_value->attr_val.attr_len = attr_val->attr_len;
557 p_char_val->p_value->attr_val.attr_max_len = attr_val->attr_max_len;
558 p_char_val->p_value->attr_val.attr_val = osi_malloc(attr_val->attr_max_len);
559 if (p_char_val->p_value->attr_val.attr_val == NULL) {
560 deallocate_attr_in_db(p_db, p_char_decl);
561 deallocate_attr_in_db(p_db, p_char_val);
562 GATT_TRACE_WARNING("Warning in %s, line=%d, insufficient resource to allocate for attribute value\n", __func__, __LINE__);
563 return 0;
564 }
565 else {
566 //add mask to indicate that p_value->attr_val.attr_val is dynamic allocated
567 p_char_val->mask |= GATT_ATTR_VALUE_ALLOCATED;
568 }
569
570 //initiate characteristic attribute value part
571 memset(p_char_val->p_value->attr_val.attr_val, 0, attr_val->attr_max_len);
572 if (attr_val->attr_val != NULL) {
573 if (attr_val->attr_max_len < attr_val->attr_len){
574 GATT_TRACE_ERROR("Error in %s, Line=%d, attribute actual length (%d) should not larger than max size (%d)\n",
575 __func__, __LINE__, attr_val->attr_len, attr_val->attr_max_len);
576 }
577 UINT16 actual_len = (attr_val->attr_max_len < attr_val->attr_len) ? (attr_val->attr_max_len) : (attr_val->attr_len);
578 memcpy(p_char_val->p_value->attr_val.attr_val, attr_val->attr_val, actual_len);
579 }
580 }
581
582 return p_char_val->handle;
583 }
584
585 return 0;
586 }
587
588 /*******************************************************************************
589 **
590 ** Function gatt_convertchar_descr_type
591 **
592 ** Description This function convert a char descript UUID into descriptor type.
593 **
594 ** Returns descriptor type.
595 **
596 *******************************************************************************/
gatt_convertchar_descr_type(tBT_UUID * p_descr_uuid)597 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
598 {
599 tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
600
601 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
602 return GATT_DESCR_EXT_DSCPTOR;
603 }
604
605 std_descr.uu.uuid16 ++;
606 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
607 return GATT_DESCR_USER_DSCPTOR;
608 }
609
610 std_descr.uu.uuid16 ++;
611 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
612 return GATT_DESCR_CLT_CONFIG;
613 }
614
615 std_descr.uu.uuid16 ++;
616 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
617 return GATT_DESCR_SVR_CONFIG;
618 }
619
620 std_descr.uu.uuid16 ++;
621 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
622 return GATT_DESCR_PRES_FORMAT;
623 }
624
625 std_descr.uu.uuid16 ++;
626 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
627 return GATT_DESCR_AGGR_FORMAT;
628 }
629
630 std_descr.uu.uuid16 ++;
631 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
632 return GATT_DESCR_VALID_RANGE;
633 }
634
635
636 return GATT_DESCR_UNKNOWN;
637 }
638
639 /*******************************************************************************
640 **
641 ** Function gatts_add_char_descr
642 **
643 ** Description This function add a characteristics descriptor.
644 **
645 ** Parameter p_db: database pointer.
646 ** perm: characteristic descriptor permission type.
647 ** char_dscp_tpye: the characteristic descriptor masks.
648 ** p_dscp_params: characteristic descriptors values.
649 **
650 ** Returns Status of the operation.
651 **
652 *******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB * p_db,tGATT_PERM perm,tBT_UUID * p_descr_uuid,tGATT_ATTR_VAL * attr_val,tGATTS_ATTR_CONTROL * control)653 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
654 tBT_UUID *p_descr_uuid, tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
655 {
656 tGATT_ATTR16 *p_char_dscptr;
657 BOOLEAN status;
658
659 GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x\n", p_descr_uuid->uu.uuid16);
660
661 /* parameter validation check */
662 status = gatts_add_char_desc_value_check(attr_val, control);
663 if (status == FALSE){
664 return 0;
665 }
666
667 /* Add characteristic descriptors */
668 if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_descr_uuid, perm)) == NULL) {
669 deallocate_attr_in_db(p_db, p_char_dscptr);
670 GATT_TRACE_DEBUG("gatts_add_char_descr Fail for adding char descriptors.");
671 return 0;
672 } else {
673 p_char_dscptr->control.auto_rsp = (control == NULL) ? GATT_RSP_DEFAULT : (control->auto_rsp);
674 if (attr_val != NULL) {
675 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_dscptr->p_value, sizeof(tGATT_ATTR_VAL))) {
676 deallocate_attr_in_db(p_db, p_char_dscptr);
677 return 0;
678 }
679 p_char_dscptr->p_value->attr_val.attr_len = attr_val->attr_len;
680 p_char_dscptr->p_value->attr_val.attr_max_len = attr_val->attr_max_len;
681 if (attr_val->attr_max_len != 0) {
682 p_char_dscptr->p_value->attr_val.attr_val = osi_malloc(attr_val->attr_max_len);
683 if (p_char_dscptr->p_value->attr_val.attr_val == NULL) {
684 deallocate_attr_in_db(p_db, p_char_dscptr);
685 GATT_TRACE_WARNING("Warning in %s, line=%d, insufficient resource to allocate for descriptor value\n", __func__, __LINE__);
686 return 0;
687 }
688 else {
689 //add mask to indicate that p_value->attr_val.attr_val is dynamic allocated
690 p_char_dscptr->mask |= GATT_ATTR_VALUE_ALLOCATED;
691 }
692
693 //initiate characteristic attribute value part
694 memset(p_char_dscptr->p_value->attr_val.attr_val, 0, attr_val->attr_max_len);
695 if(attr_val->attr_val != NULL) {
696 memcpy(p_char_dscptr->p_value->attr_val.attr_val, attr_val->attr_val, attr_val->attr_len);
697 }
698 }
699 }
700 return p_char_dscptr->handle;
701 }
702 }
703
704
705 /*******************************************************************************
706 **
707 ** Function gatts_set_attribute_value
708 **
709 ** Description This function add the attribute value in the database
710 **
711 ** Parameter p_db: database pointer.
712 ** attr_handle: the attribute handle
713 ** length: the attribute value length
714 ** value: the pointer to the data to be set to the attribute value in the database
715 **
716 ** Returns Status of the operation.
717 **
718 *******************************************************************************/
gatts_set_attribute_value(tGATT_SVC_DB * p_db,UINT16 attr_handle,UINT16 length,UINT8 * value)719 tGATT_STATUS gatts_set_attribute_value(tGATT_SVC_DB *p_db, UINT16 attr_handle,
720 UINT16 length, UINT8 *value)
721 {
722 tGATT_ATTR16 *p_cur;
723
724 if (p_db == NULL) {
725 GATT_TRACE_DEBUG("gatts_set_attribute_value Fail:p_db is NULL.\n");
726 return GATT_INVALID_PDU;
727 }
728 if (p_db->p_attr_list == NULL) {
729 GATT_TRACE_DEBUG("gatts_set_attribute_value Fail:p_db->p_attr_list is NULL.\n");
730 return GATT_INVALID_PDU;
731 }
732 if ((length > 0) && (value == NULL)){
733 GATT_TRACE_ERROR("Error in %s, line=%d, value should not be NULL here\n",__func__, __LINE__);
734 return GATT_INVALID_PDU;
735 }
736
737 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
738
739 while (p_cur != NULL) {
740 if (p_cur->handle == attr_handle) {
741 /* for characteristic should not be set, return GATT_NOT_FOUND */
742 if (p_cur->uuid_type == GATT_ATTR_UUID_TYPE_16) {
743 switch (p_cur->uuid) {
744 case GATT_UUID_PRI_SERVICE:
745 case GATT_UUID_SEC_SERVICE:
746 case GATT_UUID_CHAR_DECLARE:
747 return GATT_NOT_FOUND;
748 break;
749 }
750 }
751
752 /* in other cases, value can be set*/
753 if ((p_cur->p_value == NULL) || (p_cur->p_value->attr_val.attr_val == NULL) \
754 || (p_cur->p_value->attr_val.attr_max_len == 0)){
755 GATT_TRACE_ERROR("Error in %s, line=%d, attribute value should not be NULL here\n", __func__, __LINE__);
756 return GATT_NOT_FOUND;
757 } else if (p_cur->p_value->attr_val.attr_max_len < length) {
758 GATT_TRACE_ERROR("gatts_set_attribute_value failed:Invalid value length");
759 return GATT_INVALID_ATTR_LEN;
760 } else{
761 memcpy(p_cur->p_value->attr_val.attr_val, value, length);
762 p_cur->p_value->attr_val.attr_len = length;
763 }
764 break;
765 }
766 p_cur = p_cur->p_next;
767 }
768
769 return GATT_SUCCESS;
770 }
771
772 /*******************************************************************************
773 **
774 ** Function gatts_get_attribute_value
775 **
776 ** Description This function get the attribute value in the database
777 **
778 ** Parameter p_db: database pointer.
779 ** attr_handle: the attribute handle
780 ** length: the attribute value length
781 ** value: the pointer to the data to be get to the attribute value in the database
782 **
783 ** Returns Status of the operation.
784 **
785 *******************************************************************************/
gatts_get_attribute_value(tGATT_SVC_DB * p_db,UINT16 attr_handle,UINT16 * length,UINT8 ** value)786 tGATT_STATUS gatts_get_attribute_value(tGATT_SVC_DB *p_db, UINT16 attr_handle,
787 UINT16 *length, UINT8 **value)
788 {
789 tGATT_ATTR16 *p_cur;
790
791 GATT_TRACE_DEBUG("attr_handle = %x\n", attr_handle);
792
793 if (p_db == NULL) {
794 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:p_db is NULL.\n");
795 *length = 0;
796 return GATT_INVALID_PDU;
797 }
798 if (p_db->p_attr_list == NULL) {
799 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:p_db->p_attr_list is NULL.\n");
800 *length = 0;
801 return GATT_INVALID_PDU;
802 }
803 if (length == NULL){
804 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:length is NULL.\n");
805 return GATT_INVALID_PDU;
806 }
807 if (value == NULL){
808 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:value is NULL.\n");
809 *length = 0;
810 return GATT_INVALID_PDU;
811 }
812
813 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
814
815 while (p_cur != NULL) {
816 if (p_cur->handle == attr_handle) {
817
818 if (p_cur->uuid_type == GATT_ATTR_UUID_TYPE_16) {
819 switch (p_cur->uuid) {
820 case GATT_UUID_CHAR_DECLARE:
821 case GATT_UUID_INCLUDE_SERVICE:
822 break;
823 default:
824 if (p_cur->p_value && p_cur->p_value->attr_val.attr_len != 0) {
825 *length = p_cur->p_value->attr_val.attr_len;
826 *value = p_cur->p_value->attr_val.attr_val;
827 return GATT_SUCCESS;
828 } else {
829 *length = 0;
830 return GATT_SUCCESS;
831 }
832 break;
833 }
834 } else {
835 if (p_cur->p_value && p_cur->p_value->attr_val.attr_len != 0) {
836 *length = p_cur->p_value->attr_val.attr_len;
837 *value = p_cur->p_value->attr_val.attr_val;
838 return GATT_SUCCESS;
839 } else {
840 *length = 0;
841 return GATT_SUCCESS;
842 }
843
844 }
845
846 break;
847
848 }
849
850 p_cur = p_cur->p_next;
851 }
852
853 return GATT_NOT_FOUND;
854 }
855
gatts_is_auto_response(UINT16 attr_handle)856 BOOLEAN gatts_is_auto_response(UINT16 attr_handle)
857 {
858 tGATT_HDL_LIST_ELEM *p_decl = NULL;
859 BOOLEAN rsp = FALSE;
860 tGATT_SVC_DB *p_db = NULL;
861 if ((p_decl = gatt_find_hdl_buffer_by_attr_handle(attr_handle)) == NULL) {
862 GATT_TRACE_DEBUG("Service not created\n");
863 return rsp;
864 }
865
866 p_db = &p_decl->svc_db;
867
868 tGATT_ATTR16 *p_cur, *p_next;
869
870 if (p_db == NULL) {
871 GATT_TRACE_DEBUG("gatts_get_attribute_value Fail:p_db is NULL.\n");
872 return rsp;
873 }
874 if (p_db->p_attr_list == NULL) {
875 GATT_TRACE_DEBUG("gatts_get_attribute_value Fail:p_db->p_attr_list is NULL.\n");
876 return rsp;
877 }
878
879 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
880 p_next = (tGATT_ATTR16 *) p_cur->p_next;
881
882 for (; p_cur != NULL && p_next != NULL;
883 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next) {
884 if (p_cur->handle == attr_handle) {
885 if (p_cur->p_value != NULL && p_cur->control.auto_rsp == GATT_RSP_BY_STACK) {
886 rsp = true;
887 return rsp;
888 }
889
890 }
891
892 }
893
894 return rsp;
895
896 }
897
898 /*******************************************************************************/
899 /* Service Attribute Database Query Utility Functions */
900 /*******************************************************************************/
901 /*******************************************************************************
902 **
903 ** Function gatts_read_attr_value_by_handle
904 **
905 ** Description Query attribute value by attribute handle.
906 **
907 ** Parameter p_db: pointer to the attribute database.
908 ** handle: Attribute handle to read.
909 ** offset: Read offset.
910 ** p_value: output parameter to carry out the attribute value.
911 ** p_len: output parameter as attribute length read.
912 ** read_long: this is a read blob request.
913 ** mtu: MTU.
914 ** sec_flag: current link security status.
915 ** key_size: encryption key size
916 **
917 ** Returns Status of operation.
918 **
919 *******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 * p_len,UINT16 mtu,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id)920 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
921 tGATT_SVC_DB *p_db,
922 UINT8 op_code,
923 UINT16 handle, UINT16 offset,
924 UINT8 *p_value, UINT16 *p_len,
925 UINT16 mtu,
926 tGATT_SEC_FLAG sec_flag,
927 UINT8 key_size,
928 UINT32 trans_id)
929 {
930 tGATT_STATUS status = GATT_NOT_FOUND;
931 tGATT_ATTR16 *p_attr;
932 UINT8 *pp = p_value;
933
934 if (p_db && p_db->p_attr_list) {
935 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
936
937 while (p_attr && handle >= p_attr->handle) {
938 if (p_attr->handle == handle) {
939 status = read_attr_value (p_attr, offset, &pp,
940 (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
941 mtu, p_len, sec_flag, key_size);
942
943 if ((status == GATT_PENDING) || (status == GATT_STACK_RSP)) {
944 BOOLEAN need_rsp = (status != GATT_STACK_RSP);
945 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id, need_rsp);
946 }
947 break;
948 }
949 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
950 }
951 }
952
953
954 return status;
955 }
956
gatts_write_attr_value_by_handle(tGATT_SVC_DB * p_db,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 len)957 tGATT_STATUS gatts_write_attr_value_by_handle(tGATT_SVC_DB *p_db,
958 UINT16 handle, UINT16 offset,
959 UINT8 *p_value, UINT16 len)
960 {
961 tGATT_STATUS status = GATT_NOT_FOUND;
962 tGATT_ATTR16 *p_attr;
963
964 if (p_db && p_db->p_attr_list) {
965 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
966
967 while (p_attr && handle >= p_attr->handle) {
968 if (p_attr->handle == handle ) {
969 if (p_attr->control.auto_rsp == GATT_RSP_BY_APP) {
970 return GATT_APP_RSP;
971 }
972
973 if ((p_attr->p_value != NULL) &&
974 (p_attr->p_value->attr_val.attr_max_len >= offset + len) &&
975 p_attr->p_value->attr_val.attr_val != NULL) {
976 memcpy(p_attr->p_value->attr_val.attr_val + offset, p_value, len);
977 p_attr->p_value->attr_val.attr_len = len + offset;
978 return GATT_SUCCESS;
979 } else if (p_attr->p_value->attr_val.attr_max_len < offset + len){
980 GATT_TRACE_DEBUG("Remote device try to write with a length larger then attribute's max length\n");
981 return GATT_INVALID_ATTR_LEN;
982 } else if ((p_attr->p_value == NULL) || (p_attr->p_value->attr_val.attr_val == NULL)){
983 GATT_TRACE_ERROR("Error in %s, line=%d, %s should not be NULL here\n", __func__, __LINE__, \
984 (p_attr->p_value == NULL) ? "p_value" : "attr_val.attr_val");
985 return GATT_UNKNOWN_ERROR;
986 }
987 }
988
989 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
990
991 }
992 }
993
994 return status;
995 }
996
997 /*******************************************************************************
998 **
999 ** Function gatts_read_attr_perm_check
1000 **
1001 ** Description Check attribute readability.
1002 **
1003 ** Parameter p_db: pointer to the attribute database.
1004 ** handle: Attribute handle to read.
1005 ** offset: Read offset.
1006 ** p_value: output parameter to carry out the attribute value.
1007 ** p_len: output parameter as attribute length read.
1008 ** read_long: this is a read blob request.
1009 ** mtu: MTU.
1010 ** sec_flag: current link security status.
1011 ** key_size: encryption key size
1012 **
1013 ** Returns Status of operation.
1014 **
1015 *******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,BOOLEAN is_long,UINT16 handle,tGATT_SEC_FLAG sec_flag,UINT8 key_size)1016 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
1017 BOOLEAN is_long,
1018 UINT16 handle,
1019 tGATT_SEC_FLAG sec_flag,
1020 UINT8 key_size)
1021 {
1022 tGATT_STATUS status = GATT_NOT_FOUND;
1023 tGATT_ATTR16 *p_attr;
1024
1025 if (p_db && p_db->p_attr_list) {
1026 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
1027
1028 while (p_attr && handle >= p_attr->handle) {
1029 if (p_attr->handle == handle) {
1030 status = gatts_check_attr_readability (p_attr, 0,
1031 is_long,
1032 sec_flag, key_size);
1033 break;
1034 }
1035 p_attr = (tGATT_ATTR16 *) p_attr->p_next;
1036 }
1037 }
1038
1039 return status;
1040 }
1041
1042
1043 /*******************************************************************************
1044 **
1045 ** Function gatts_write_attr_perm_check
1046 **
1047 ** Description Write attribute value into database.
1048 **
1049 ** Parameter p_db: pointer to the attribute database.
1050 ** op_code:op code of this write.
1051 ** handle: handle of the attribute to write.
1052 ** offset: Write offset if write op code is write blob.
1053 ** p_data: Attribute value to write.
1054 ** len: attribute data length.
1055 ** sec_flag: current link security status.
1056 ** key_size: encryption key size
1057 **
1058 ** Returns Status of the operation.
1059 **
1060 *******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_data,UINT16 len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)1061 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
1062 UINT16 handle, UINT16 offset, UINT8 *p_data,
1063 UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
1064 {
1065 tGATT_STATUS status = GATT_NOT_FOUND;
1066 tGATT_ATTR16 *p_attr;
1067 UINT16 max_size = 0;
1068 tGATT_PERM perm;
1069 UINT16 min_key_size;
1070
1071 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
1072 op_code, handle, offset, len, sec_flag, key_size);
1073
1074 if (p_db != NULL) {
1075 p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
1076
1077 while (p_attr != NULL) {
1078 if (p_attr->handle == handle) {
1079 perm = p_attr->permission;
1080 #if SMP_INCLUDED == TRUE
1081 min_key_size = bte_appl_cfg.ble_appl_enc_key_size;
1082 #else
1083 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
1084 if (min_key_size != 0 ) {
1085 min_key_size += 6;
1086 }
1087 #endif
1088 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
1089 p_attr->permission,
1090 min_key_size);
1091
1092 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE)
1093 && (perm & GATT_WRITE_SIGNED_PERM)) {
1094 /* use the rules for the mixed security see section 10.2.3*/
1095 /* use security mode 1 level 2 when the following condition follows */
1096 /* LE security mode 2 level 1 and LE security mode 1 level 2 */
1097 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED)) {
1098 perm = GATT_PERM_WRITE_ENCRYPTED;
1099 }
1100 /* use security mode 1 level 3 when the following condition follows */
1101 /* LE security mode 2 level 2 and security mode 1 and LE */
1102 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
1103 /* LE security mode 2 and security mode 1 level 3 */
1104 ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM))) {
1105 perm = GATT_PERM_WRITE_ENC_MITM;
1106 }
1107 }
1108
1109 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM)) {
1110 status = GATT_WRITE_NOT_PERMIT;
1111 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check - sign cmd write not allowed");
1112 }
1113 if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
1114 status = GATT_INVALID_PDU;
1115 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
1116 } else if (!(perm & GATT_WRITE_ALLOWED)) {
1117 status = GATT_WRITE_NOT_PERMIT;
1118 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
1119 }
1120 /* require authentication, but not been authenticated */
1121 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED)) {
1122 status = GATT_INSUF_AUTHENTICATION;
1123 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
1124 } else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) {
1125 status = GATT_INSUF_AUTHENTICATION;
1126 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
1127 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
1128 status = GATT_INSUF_ENCRYPTION;
1129 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
1130 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) {
1131 status = GATT_INSUF_KEY_SIZE;
1132 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
1133 }
1134 /* LE Authorization check*/
1135 else if ((perm & GATT_WRITE_AUTHORIZATION) && (!(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED) || !(sec_flag & GATT_SEC_FLAG_AUTHORIZATION))){
1136 status = GATT_INSUF_AUTHORIZATION;
1137 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHORIZATION");
1138 }
1139 /* LE security mode 2 attribute */
1140 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)
1141 && (perm & GATT_WRITE_ALLOWED) == 0) {
1142 status = GATT_INSUF_AUTHENTICATION;
1143 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required");
1144 } else { /* writable: must be char value declaration or char descritpors */
1145 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) {
1146 switch (p_attr->uuid) {
1147 case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
1148 case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
1149 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
1150 case GATT_UUID_CHAR_VALID_RANGE:
1151 status = GATT_WRITE_NOT_PERMIT;
1152 break;
1153
1154 case GATT_UUID_CHAR_CLIENT_CONFIG:
1155 /* coverity[MISSING_BREAK] */
1156 /* intnended fall through, ignored */
1157 /* fall through */
1158 case GATT_UUID_CHAR_SRVR_CONFIG:
1159 max_size = 2;
1160 case GATT_UUID_CHAR_DESCRIPTION:
1161 default: /* any other must be character value declaration */
1162 status = GATT_SUCCESS;
1163 break;
1164 }
1165 } else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128 ||
1166 p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32) {
1167 status = GATT_SUCCESS;
1168 } else {
1169 status = GATT_INVALID_PDU;
1170 }
1171
1172 if (p_data == NULL && len > 0) {
1173 status = GATT_INVALID_PDU;
1174 }
1175 /* these attribute does not allow write blob */
1176 // btla-specific ++
1177 else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
1178 (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
1179 p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
1180 // btla-specific --
1181 {
1182 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) { /* does not allow write blob */
1183 status = GATT_NOT_LONG;
1184 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_NOT_LONG");
1185 } else if (len != max_size) { /* data does not match the required format */
1186 status = GATT_INVALID_ATTR_LEN;
1187 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
1188 } else {
1189 status = GATT_SUCCESS;
1190 }
1191 }
1192 }
1193 break;
1194 } else {
1195 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
1196 }
1197 }
1198 }
1199
1200 return status;
1201 }
1202
1203 /*******************************************************************************
1204 **
1205 ** Function allocate_attr_in_db
1206 **
1207 ** Description Allocate a memory space for a new attribute, and link this
1208 ** attribute into the database attribute list.
1209 **
1210 **
1211 ** Parameter p_db : database pointer.
1212 ** p_uuid: pointer to attribute UUID
1213 ** service : type of attribute to be added.
1214 **
1215 ** Returns pointer to the newly allocated attribute.
1216 **
1217 *******************************************************************************/
allocate_attr_in_db(tGATT_SVC_DB * p_db,tBT_UUID * p_uuid,tGATT_PERM perm)1218 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm)
1219 {
1220 tGATT_ATTR16 *p_attr16 = NULL, *p_last;
1221 tGATT_ATTR32 *p_attr32 = NULL;
1222 tGATT_ATTR128 *p_attr128 = NULL;
1223 UINT16 len = sizeof(tGATT_ATTR128);
1224
1225 if (p_uuid == NULL) {
1226 GATT_TRACE_ERROR("illegal UUID\n");
1227 return NULL;
1228 }
1229
1230 if (p_uuid->len == LEN_UUID_16) {
1231 len = sizeof(tGATT_ATTR16);
1232 } else if (p_uuid->len == LEN_UUID_32) {
1233 len = sizeof(tGATT_ATTR32);
1234 }
1235
1236 GATT_TRACE_DEBUG("allocate attr %d bytes\n", len);
1237
1238 if (p_db->end_handle <= p_db->next_handle) {
1239 GATT_TRACE_DEBUG("handle space full. handle_max = %d next_handle = %d\n",
1240 p_db->end_handle, p_db->next_handle);
1241 return NULL;
1242 }
1243
1244 if (p_db->mem_free < len) {
1245 if (!allocate_svc_db_buf(p_db)) {
1246 GATT_TRACE_ERROR("allocate_attr_in_db failed, no resources\n");
1247 return NULL;
1248 }
1249 }
1250 memset(p_db->p_free_mem, 0, len);
1251 p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
1252
1253 if (p_uuid->len == LEN_UUID_16 && p_uuid->uu.uuid16 != GATT_ILLEGAL_UUID) {
1254 p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
1255 p_attr16->uuid = p_uuid->uu.uuid16;
1256 } else if (p_uuid->len == LEN_UUID_32) {
1257 p_attr32 = (tGATT_ATTR32 *) p_db->p_free_mem;
1258 p_attr32->uuid_type = GATT_ATTR_UUID_TYPE_32;
1259 p_attr32->uuid = p_uuid->uu.uuid32;
1260 } else if (p_uuid->len == LEN_UUID_128) {
1261 p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
1262 p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
1263 memcpy(p_attr128->uuid, p_uuid->uu.uuid128, LEN_UUID_128);
1264 }
1265
1266 p_db->p_free_mem += len;
1267 p_db->mem_free -= len;
1268
1269 p_attr16->handle = p_db->next_handle++;
1270 p_attr16->permission = perm;
1271 p_attr16->p_next = NULL;
1272
1273 /* link the attribute record into the end of DB */
1274 if (p_db->p_attr_list == NULL) {
1275 p_db->p_attr_list = p_attr16;
1276 } else {
1277 p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
1278
1279 while (p_last != NULL && p_last->p_next != NULL) {
1280 p_last = (tGATT_ATTR16 *)p_last->p_next;
1281 }
1282
1283 p_last->p_next = p_attr16;
1284 }
1285
1286 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16) {
1287 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid16 = [0x%04x] perm=0x%02x\n",
1288 p_attr16->handle, p_attr16->uuid, p_attr16->permission);
1289 } else if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_32) {
1290 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid32 = [0x%08x] perm=0x%02x\n",
1291 p_attr32->handle, p_attr32->uuid, p_attr32->permission);
1292 } else {
1293 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x\n",
1294 p_attr128->handle, p_attr128->uuid[0], p_attr128->uuid[1],
1295 p_attr128->permission);
1296 }
1297 return (void *)p_attr16;
1298 }
1299
1300
1301
1302 /*******************************************************************************
1303 **
1304 ** Function deallocate_attr_in_db
1305 **
1306 ** Description Free an attribute within the database.
1307 **
1308 ** Parameter p_db: database pointer.
1309 ** p_attr: pointer to the attribute record to be freed.
1310 **
1311 ** Returns BOOLEAN: success
1312 **
1313 *******************************************************************************/
deallocate_attr_in_db(tGATT_SVC_DB * p_db,void * p_attr)1314 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
1315 {
1316 tGATT_ATTR16 *p_cur, *p_next;
1317 BOOLEAN found = FALSE;
1318
1319 if (p_db->p_attr_list == NULL) {
1320 return found;
1321 }
1322
1323 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
1324 p_next = (tGATT_ATTR16 *) p_cur->p_next;
1325
1326 for (; p_cur != NULL && p_next != NULL;
1327 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next) {
1328 if (p_next == p_attr) {
1329 p_cur->p_next = p_next->p_next;
1330 found = TRUE;
1331 }
1332 }
1333 if (p_cur == p_attr && p_cur == p_db->p_attr_list) {
1334 p_db->p_attr_list = p_cur->p_next;
1335 found = TRUE;
1336 }
1337 /* else attr not found */
1338 if ( found) {
1339 p_db->next_handle --;
1340 }
1341
1342 return found;
1343 }
1344
1345 /*******************************************************************************
1346 **
1347 ** Function copy_extra_byte_in_db
1348 **
1349 ** Description Utility function to allocate extra bytes memory in DB and copy
1350 ** the value from a source place.
1351 **
1352 **
1353 ** Parameter p_db: database pointer.
1354 ** p_dst: destination data pointer.
1355 ** p_src: source data pointer.
1356 ** len: data length to be copied.
1357 **
1358 ** Returns None.
1359 **
1360 *******************************************************************************/
copy_extra_byte_in_db(tGATT_SVC_DB * p_db,void ** p_dst,UINT16 len)1361 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1362 {
1363 UINT8 *p = (UINT8 *)*p_dst;
1364
1365 if (p_db->mem_free < len) {
1366 if (!allocate_svc_db_buf(p_db)) {
1367 GATT_TRACE_ERROR("copy_extra_byte_in_db failed, no resources\n");
1368 return FALSE;
1369 }
1370 }
1371
1372 p = p_db->p_free_mem;
1373 p_db->p_free_mem += len;
1374 p_db->mem_free -= len;
1375 memset((void *)p, 0, len);
1376 *p_dst = (void *)p;
1377
1378 return TRUE;
1379 }
1380
1381 /*******************************************************************************
1382 **
1383 ** Function allocate_svc_db_buf
1384 **
1385 ** Description Utility function to allocate extra buffer for service database.
1386 **
1387 ** Returns TRUE if allocation succeed, otherwise FALSE.
1388 **
1389 *******************************************************************************/
allocate_svc_db_buf(tGATT_SVC_DB * p_db)1390 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1391 {
1392 BT_HDR *p_buf;
1393
1394 GATT_TRACE_DEBUG("allocate_svc_db_buf allocating extra buffer");
1395
1396 if ((p_buf = (BT_HDR *)osi_calloc(GATT_DB_BUF_SIZE)) == NULL) {
1397 GATT_TRACE_ERROR("allocate_svc_db_buf failed, no resources");
1398 return FALSE;
1399 }
1400
1401 p_db->p_free_mem = (UINT8 *) p_buf;
1402 p_db->mem_free = GATT_DB_BUF_SIZE;
1403
1404 fixed_queue_enqueue(p_db->svc_buffer, p_buf, FIXED_QUEUE_MAX_TIMEOUT);
1405
1406 return TRUE;
1407
1408 }
1409
1410 /*******************************************************************************
1411 **
1412 ** Function gatts_send_app_read_request
1413 **
1414 ** Description Send application read request callback
1415 **
1416 ** Returns status of operation.
1417 **
1418 *******************************************************************************/
gatts_send_app_read_request(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 handle,UINT16 offset,UINT32 trans_id,BOOLEAN need_rsp)1419 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1420 UINT16 handle, UINT16 offset, UINT32 trans_id, BOOLEAN need_rsp)
1421 {
1422 tGATTS_DATA sr_data;
1423 UINT8 i_rcb;
1424 tGATT_SR_REG *p_sreg;
1425 UINT16 conn_id;
1426
1427 i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1428 if (i_rcb == GATT_MAX_SR_PROFILES) {
1429 GATT_TRACE_ERROR("Failed to find i_rcb,Error in %s, line=%d, \n", __func__, __LINE__);
1430 return (tGATT_STATUS) GATT_ERROR;
1431 }
1432 p_sreg = &gatt_cb.sr_reg[i_rcb];
1433 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1434
1435 if (trans_id == 0) {
1436 trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1437 gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1438 }
1439
1440 if (trans_id != 0 ) {
1441 memset(&sr_data, 0, sizeof(tGATTS_DATA));
1442
1443 sr_data.read_req.handle = handle;
1444 sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1445 sr_data.read_req.offset = offset;
1446 sr_data.read_req.need_rsp = need_rsp;
1447
1448 gatt_sr_send_req_callback(conn_id,
1449 trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1450
1451 if (need_rsp) {
1452 return (tGATT_STATUS) GATT_PENDING;
1453 }
1454 else{
1455 return (tGATT_STATUS) GATT_STACK_RSP;
1456 }
1457 } else {
1458 return (tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1459 }
1460
1461 }
1462
1463 /*******************************************************************************
1464 **
1465 ** Function gatts_db_add_service_declaration
1466 **
1467 ** Description Update a service database service declaration record.
1468 **
1469 ** Parameter p_db: database pointer.
1470 ** service: UUID of the service.
1471 **
1472 ** Returns void
1473 **
1474 *******************************************************************************/
gatts_db_add_service_declaration(tGATT_SVC_DB * p_db,tBT_UUID * p_service,BOOLEAN is_pri)1475 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri)
1476 {
1477 tGATT_ATTR16 *p_attr;
1478 tBT_UUID uuid = {LEN_UUID_16, {0}};
1479 BOOLEAN rt = FALSE;
1480
1481 GATT_TRACE_DEBUG( "add_service_declaration");
1482
1483 if (is_pri) {
1484 uuid.uu.uuid16 = GATT_UUID_PRI_SERVICE;
1485 } else {
1486 uuid.uu.uuid16 = GATT_UUID_SEC_SERVICE;
1487 }
1488
1489 /* add service declration record */
1490 if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ))) != NULL) {
1491 if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID))) {
1492 if (p_service->len == LEN_UUID_16) {
1493 p_attr->p_value->uuid.len = LEN_UUID_16;
1494 p_attr->p_value->uuid.uu.uuid16 = p_service->uu.uuid16;
1495 } else if (p_service->len == LEN_UUID_32) {
1496 p_attr->p_value->uuid.len = LEN_UUID_128;
1497 gatt_convert_uuid32_to_uuid128(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid32);
1498 } else {
1499 p_attr->p_value->uuid.len = LEN_UUID_128;
1500 memcpy(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid128, LEN_UUID_128);
1501 }
1502 rt = TRUE;
1503 }
1504
1505 }
1506 return rt;
1507 }
1508
1509 /*******************************************************************************
1510 **
1511 ** Function gatts_add_char_desc_value_check
1512 **
1513 ** Description parameters validation check for gatts add char/descriptor functions
1514 **
1515 ** Parameter attr_val: attribute value for char/descriptor.
1516 ** control: control variable for char/descriptor.
1517 **
1518 ** Returns void
1519 **
1520 *******************************************************************************/
gatts_add_char_desc_value_check(tGATT_ATTR_VAL * attr_val,tGATTS_ATTR_CONTROL * control)1521 static BOOLEAN gatts_add_char_desc_value_check (tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
1522 {
1523 if ((control != NULL) && ((control->auto_rsp != GATT_RSP_BY_APP) && (control->auto_rsp != GATT_RSP_BY_STACK))){
1524 GATT_TRACE_ERROR("Error in %s, line=%d, control->auto_rsp should be set to GATT_RSP_BY_APP or GATT_RSP_BY_STACK here\n",\
1525 __func__, __LINE__);
1526 return FALSE;
1527 }
1528
1529 if ((control != NULL) && (control->auto_rsp == GATT_RSP_BY_STACK)){
1530 if (attr_val == NULL){
1531 GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attr_val should not be NULL here\n",\
1532 __func__, __LINE__);
1533 return FALSE;
1534 } else if (attr_val->attr_max_len == 0){
1535 GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
1536 __func__, __LINE__);
1537 return FALSE;
1538 }
1539 }
1540
1541 if (attr_val != NULL){
1542 if (attr_val->attr_len > attr_val->attr_max_len){
1543 GATT_TRACE_ERROR("Error in %s, line=%d,attribute actual length should not be larger than max length\n",\
1544 __func__, __LINE__);
1545 return FALSE;
1546 }
1547 }
1548
1549 return TRUE ;
1550 }
1551
1552 #endif /* BLE_INCLUDED == TRUE && GATTS_INCLUDED == TRUE */
1553
