1 /******************************************************************************
2 *
3 * Copyright (C) 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains GATT database building and query functions
22 *
23 ******************************************************************************/
24
25 #include "common/bt_target.h"
26
27 #if BLE_INCLUDED == TRUE && GATTS_INCLUDED == TRUE
28
29 #include "common/bt_trace.h"
30 #include "osi/allocator.h"
31
32 //#include <stdio.h>
33 #include <string.h>
34 #include "gatt_int.h"
35 #include "stack/l2c_api.h"
36 #include "btm_int.h"
37
38 extern tGATT_STATUS gap_proc_read(tGATTS_REQ_TYPE type, tGATT_READ_REQ *p_data, tGATTS_RSP *p_rsp);
39 extern tGATT_STATUS gatt_proc_read(UINT16 conn_id, tGATTS_REQ_TYPE type, tGATT_READ_REQ *p_data, tGATTS_RSP *p_rsp);
40
41 /********************************************************************************
42 ** L O C A L F U N C T I O N P R O T O T Y P E S *
43 *********************************************************************************/
44 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
45 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm);
46 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
47 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
48
49 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri);
50 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
51 UINT16 handle, UINT16 offset, UINT32 trans_id, BOOLEAN need_rsp);
52 static BOOLEAN gatts_add_char_desc_value_check (tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control);
53
54 /*******************************************************************************
55 **
56 ** Function gatts_init_service_db
57 **
58 ** Description This function initialize a memory space to be a service database.
59 **
60 ** Parameter p_db: database pointer.
61 ** len: size of the memory space.
62 **
63 ** Returns Status of te operation.
64 **
65 *******************************************************************************/
gatts_init_service_db(tGATT_SVC_DB * p_db,tBT_UUID * p_service,BOOLEAN is_pri,UINT16 s_hdl,UINT16 num_handle)66 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri,
67 UINT16 s_hdl, UINT16 num_handle)
68 {
69 if (p_db->svc_buffer == NULL) { //in case already alloc
70 p_db->svc_buffer = fixed_queue_new(QUEUE_SIZE_MAX);
71 }
72
73 if (!allocate_svc_db_buf(p_db)) {
74 GATT_TRACE_ERROR("gatts_init_service_db failed, no resources\n");
75 return FALSE;
76 }
77
78 GATT_TRACE_DEBUG("gatts_init_service_db\n");
79 GATT_TRACE_DEBUG("s_hdl = %d num_handle = %d\n", s_hdl, num_handle );
80
81 /* update service database information */
82 p_db->next_handle = s_hdl;
83 p_db->end_handle = s_hdl + num_handle;
84
85 return gatts_db_add_service_declaration(p_db, p_service, is_pri);
86 }
87
88 /*******************************************************************************
89 **
90 ** Function gatts_init_service_db
91 **
92 ** Description This function initialize a memory space to be a service database.
93 **
94 ** Parameter p_db: database pointer.
95 ** len: size of the memory space.
96 **
97 ** Returns Status of te operation.
98 **
99 *******************************************************************************/
gatts_get_service_uuid(tGATT_SVC_DB * p_db)100 tBT_UUID *gatts_get_service_uuid (tGATT_SVC_DB *p_db)
101 {
102 if (!p_db || !p_db->p_attr_list) {
103 GATT_TRACE_ERROR("service DB empty\n");
104
105 return NULL;
106 } else {
107 return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
108 }
109 }
110
111 /*******************************************************************************
112 **
113 ** Function gatts_check_attr_readability
114 **
115 ** Description check attribute readability
116 **
117 ** Returns status of operation.
118 **
119 *******************************************************************************/
gatts_check_attr_readability(tGATT_ATTR16 * p_attr,UINT16 offset,BOOLEAN read_long,tGATT_SEC_FLAG sec_flag,UINT8 key_size)120 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
121 UINT16 offset,
122 BOOLEAN read_long,
123 tGATT_SEC_FLAG sec_flag,
124 UINT8 key_size)
125 {
126 UINT16 min_key_size;
127 tGATT_PERM perm = p_attr->permission;
128
129 UNUSED(offset);
130 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
131 if (min_key_size != 0 ) {
132 min_key_size += 6;
133 }
134
135 if (!(perm & GATT_READ_ALLOWED)) {
136 GATT_TRACE_ERROR( "GATT_READ_NOT_PERMIT\n");
137 return GATT_READ_NOT_PERMIT;
138 }
139
140 if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
141 !(sec_flag & BTM_SEC_FLAG_ENCRYPTED)) {
142 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION\n");
143 return GATT_INSUF_AUTHENTICATION;
144 }
145
146 if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) {
147 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION: MITM Required\n");
148 return GATT_INSUF_AUTHENTICATION;
149 }
150
151 if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
152 GATT_TRACE_ERROR( "GATT_INSUF_ENCRYPTION\n");
153 return GATT_INSUF_ENCRYPTION;
154 }
155
156 if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) {
157 GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE\n");
158 return GATT_INSUF_KEY_SIZE;
159 }
160 /* LE Authorization check*/
161 if ((perm & GATT_READ_AUTHORIZATION) && (!(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED) || !(sec_flag & GATT_SEC_FLAG_AUTHORIZATION))) {
162 GATT_TRACE_ERROR( "GATT_INSUF_AUTHORIZATION\n");
163 return GATT_INSUF_AUTHORIZATION;
164 }
165
166 if (read_long) {
167 switch (p_attr->uuid) {
168 case GATT_UUID_PRI_SERVICE:
169 case GATT_UUID_SEC_SERVICE:
170 case GATT_UUID_CHAR_DECLARE:
171 case GATT_UUID_INCLUDE_SERVICE:
172 case GATT_UUID_CHAR_EXT_PROP:
173 case GATT_UUID_CHAR_CLIENT_CONFIG:
174 case GATT_UUID_CHAR_SRVR_CONFIG:
175 case GATT_UUID_CHAR_PRESENT_FORMAT:
176 GATT_TRACE_ERROR("GATT_NOT_LONG\n");
177 return GATT_NOT_LONG;
178
179 default:
180 break;
181 }
182 }
183
184 return GATT_SUCCESS;
185 }
186
187 /*******************************************************************************
188 **
189 ** Function read_attr_value
190 **
191 ** Description Utility function to read an attribute value.
192 **
193 ** Parameter p_attr: pointer to the attribute to read.
194 ** offset: read offset.
195 ** p_value: output parameter to carry out the attribute value.
196 ** p_len: output parameter to carry out the attribute length.
197 ** read_long: this is a read blob request.
198 ** mtu: MTU
199 ** sec_flag: current link security status.
200 ** key_size: encryption key size.
201 **
202 ** Returns status of operation.
203 **
204 *******************************************************************************/
read_attr_value(void * p_attr,UINT16 offset,UINT8 ** p_data,BOOLEAN read_long,UINT16 mtu,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)205 static tGATT_STATUS read_attr_value (void *p_attr,
206 UINT16 offset,
207 UINT8 **p_data,
208 BOOLEAN read_long,
209 UINT16 mtu,
210 UINT16 *p_len,
211 tGATT_SEC_FLAG sec_flag,
212 UINT8 key_size)
213 {
214 UINT16 len = 0, uuid16 = 0;
215 UINT8 *p = *p_data;
216 tGATT_STATUS status;
217 tGATT_ATTR16 *p_attr16 = (tGATT_ATTR16 *)p_attr;
218
219 GATT_TRACE_DEBUG("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d\n",
220 p_attr16->uuid,
221 p_attr16->permission,
222 sec_flag,
223 offset,
224 read_long);
225
226 status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
227
228 if (status != GATT_SUCCESS) {
229 return status;
230 }
231
232 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16) {
233 uuid16 = p_attr16->uuid;
234 }
235
236 status = GATT_NO_RESOURCES;
237
238 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE) {
239 len = p_attr16->p_value->uuid.len;
240 if (mtu >= p_attr16->p_value->uuid.len) {
241 gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
242 status = GATT_SUCCESS;
243 }
244 } else if (uuid16 == GATT_UUID_CHAR_DECLARE) {
245 len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 : 19;
246
247 if (mtu >= len) {
248 UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
249 UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
250
251 if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) {
252 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
253 }
254 /* convert a 32bits UUID to 128 bits */
255 else if (((tGATT_ATTR32 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_32) {
256 gatt_convert_uuid32_to_uuid128 (p, ((tGATT_ATTR32 *)(p_attr16->p_next))->uuid);
257 p += LEN_UUID_128;
258 } else {
259 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
260 }
261 status = GATT_SUCCESS;
262 }
263
264 } else if (uuid16 == GATT_UUID_INCLUDE_SERVICE) {
265 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16) {
266 len = 6;
267 } else {
268 len = 4;
269 }
270
271 if (mtu >= len) {
272 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
273 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
274
275 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16) {
276 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
277 }
278 status = GATT_SUCCESS;
279 }
280 } else { /* characteristic description or characteristic value */
281 if (p_attr16->control.auto_rsp == GATT_RSP_BY_STACK) {
282 if (p_attr16->p_value == NULL || p_attr16->p_value->attr_val.attr_val == NULL) {
283 status = GATT_UNKNOWN_ERROR;
284 }
285 else if (offset > p_attr16->p_value->attr_val.attr_len){
286 /*if offset equal to max_len, should respond with zero byte value
287 //if offset is greater than max_len, should respond with an error*/
288 status = GATT_INVALID_OFFSET;
289 } else {
290 UINT8 *value = (UINT8 *)(p_attr16->p_value->attr_val.attr_val) + offset;
291 UINT16 len_left = p_attr16->p_value->attr_val.attr_len - offset;
292 len = (mtu >= len_left) ? (len_left) : mtu;
293 ARRAY_TO_STREAM(p, value, len);
294 status = GATT_STACK_RSP;
295 }
296
297 } else {
298 status = GATT_PENDING;
299 }
300 }
301
302 *p_len = len;
303 *p_data = p;
304 return status;
305 }
306
307 /*******************************************************************************
308 **
309 ** Function gatts_db_read_attr_value_by_type
310 **
311 ** Description Query attribute value by attribute type.
312 **
313 ** Parameter p_db: pointer to the attribute database.
314 ** p_rsp: Read By type response data.
315 ** s_handle: starting handle of the range we are looking for.
316 ** e_handle: ending handle of the range we are looking for.
317 ** type: Attribute type.
318 ** mtu: MTU.
319 ** sec_flag: current link security status.
320 ** key_size: encryption key size.
321 **
322 ** Returns Status of the operation.
323 **
324 *******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,BT_HDR * p_rsp,UINT16 s_handle,UINT16 e_handle,tBT_UUID type,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id,UINT16 * p_cur_handle)325 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB *p_tcb,
326 tGATT_SVC_DB *p_db,
327 UINT8 op_code,
328 BT_HDR *p_rsp,
329 UINT16 s_handle,
330 UINT16 e_handle,
331 tBT_UUID type,
332 UINT16 *p_len,
333 tGATT_SEC_FLAG sec_flag,
334 UINT8 key_size,
335 UINT32 trans_id,
336 UINT16 *p_cur_handle)
337 {
338 tGATT_STATUS status = GATT_NOT_FOUND;
339 tGATT_ATTR16 *p_attr;
340 UINT16 len = 0;
341 UINT8 *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
342 tBT_UUID attr_uuid;
343 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
344 UINT8 flag;
345 #endif
346 BOOLEAN need_rsp;
347 BOOLEAN have_send_request = false;
348
349 if (p_db && p_db->p_attr_list) {
350 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
351
352 while (p_attr && p_attr->handle <= e_handle) {
353 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) {
354 attr_uuid.len = LEN_UUID_16;
355 attr_uuid.uu.uuid16 = p_attr->uuid;
356 } else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32) {
357 attr_uuid.len = LEN_UUID_32;
358 attr_uuid.uu.uuid32 = ((tGATT_ATTR32 *)p_attr)->uuid;
359 } else {
360 attr_uuid.len = LEN_UUID_128;
361 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
362 }
363
364 if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid)) {
365 if (*p_len <= 2) {
366 status = GATT_NO_RESOURCES;
367 break;
368 }
369
370 UINT16_TO_STREAM (p, p_attr->handle);
371
372 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len - 2), &len, sec_flag, key_size);
373 if (status == GATT_PENDING) {
374
375
376 need_rsp = TRUE;
377 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id, need_rsp);
378
379 /* one callback at a time */
380 break;
381 } else if (status == GATT_SUCCESS || status == GATT_STACK_RSP) {
382 if (status == GATT_STACK_RSP){
383 need_rsp = FALSE;
384 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id, need_rsp);
385 if(status == GATT_BUSY)
386 break;
387
388 if (!have_send_request){
389 have_send_request = true;
390 trans_id = p_tcb->sr_cmd.trans_id;
391 }
392 }
393
394 if (p_rsp->offset == 0) {
395 p_rsp->offset = len + 2;
396 }
397
398 if (p_rsp->offset == len + 2) {
399 p_rsp->len += (len + 2);
400 *p_len -= (len + 2);
401 } else {
402 GATT_TRACE_WARNING("format mismatch");
403 status = GATT_NO_RESOURCES;
404 break;
405 }
406 } else {
407 *p_cur_handle = p_attr->handle;
408 break;
409 }
410 }
411 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
412 }
413 }
414
415 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
416 if (BTM_GetSecurityFlags(p_tcb->peer_bda, &flag)) {
417 if ((p_tcb->att_lcid == L2CAP_ATT_CID) && (status == GATT_PENDING) &&
418 (type.uu.uuid16 == GATT_UUID_GAP_DEVICE_NAME)) {
419 if ((flag & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_FLAG_ENCRYPTED)) ==
420 BTM_SEC_LINK_KEY_KNOWN) {
421 tACL_CONN *p;
422 p = btm_bda_to_acl(p_tcb->peer_bda, BT_TRANSPORT_LE);
423 if ((p != NULL) && (p->link_role == BTM_ROLE_MASTER)) {
424 tBTM_BLE_SEC_ACT sec_act = BTM_BLE_SEC_ENCRYPT;
425 btm_ble_set_encryption(p_tcb->peer_bda, &sec_act, p->link_role);
426 }
427 }
428 }
429 }
430 #endif
431 return status;
432 }
433
434 /*******************************************************************************
435 **
436 ** Function gatts_add_included_service
437 **
438 ** Description This function adds an included service into a database.
439 **
440 ** Parameter p_db: database pointer.
441 ** inc_srvc_type: included service type.
442 **
443 ** Returns Status of the operation.
444 **
445 *******************************************************************************/
gatts_add_included_service(tGATT_SVC_DB * p_db,UINT16 s_handle,UINT16 e_handle,tBT_UUID service)446 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
447 tBT_UUID service)
448 {
449 tGATT_ATTR16 *p_attr;
450 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_INCLUDE_SERVICE}};
451
452 GATT_TRACE_DEBUG("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
453 s_handle, e_handle, service.uu.uuid16);
454
455 if (service.len == 0 || s_handle == 0 || e_handle == 0) {
456 GATT_TRACE_ERROR("gatts_add_included_service Illegal Params.");
457 return 0;
458 }
459
460 BOOLEAN is_include_service_allowed = TRUE;
461 // service declaration
462 tGATT_ATTR16 *first_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
463 if (p_db->p_attr_list != NULL) {
464 tGATT_ATTR16 *next_attr = (tGATT_ATTR16 *)first_attr->p_next;
465 /* This service already has other attributes */
466 while (next_attr != NULL) {
467 if (!(next_attr->uuid_type == GATT_ATTR_UUID_TYPE_16 && next_attr->uuid == GATT_UUID_INCLUDE_SERVICE)) {
468 is_include_service_allowed = FALSE;
469 break;
470 }
471 next_attr = (tGATT_ATTR16 *)next_attr->p_next;
472 }
473
474 }
475 if (!is_include_service_allowed) {
476 GATT_TRACE_ERROR("%s error, The include service should be added before adding the characteristics", __func__);
477 return 0;
478 }
479
480 if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL) {
481 if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC))) {
482 p_attr->p_value->incl_handle.s_handle = s_handle;
483 p_attr->p_value->incl_handle.e_handle = e_handle;
484 memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
485
486 return p_attr->handle;
487 } else {
488 deallocate_attr_in_db(p_db, p_attr);
489 }
490 }
491
492 return 0;
493 }
494
495 /*******************************************************************************
496 **
497 ** Function gatts_add_characteristic
498 **
499 ** Description This function add a characteristics and its descriptor into
500 ** a servce identified by the service database pointer.
501 **
502 ** Parameter p_db: database pointer.
503 ** perm: permission (authentication and key size requirements)
504 ** property: property of the characteristic.
505 ** p_char: characteristic value information.
506 **
507 ** Returns Status of te operation.
508 **
509 *******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB * p_db,tGATT_PERM perm,tGATT_CHAR_PROP property,tBT_UUID * p_char_uuid,tGATT_ATTR_VAL * attr_val,tGATTS_ATTR_CONTROL * control)510 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
511 tGATT_CHAR_PROP property,
512 tBT_UUID *p_char_uuid, tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
513 {
514 tGATT_ATTR16 *p_char_decl, *p_char_val;
515 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}};
516 BOOLEAN status;
517
518 GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x\n", perm, property);
519 /* parameter validation check */
520 status = gatts_add_char_desc_value_check(attr_val, control);
521 if (status == FALSE){
522 return 0;
523 }
524
525
526 if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL) {
527 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL))) {
528 deallocate_attr_in_db(p_db, p_char_decl);
529 return 0;
530 }
531
532 p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_char_uuid, perm);
533
534 if (p_char_val == NULL) {
535 deallocate_attr_in_db(p_db, p_char_decl);
536 return 0;
537 }
538
539 p_char_decl->p_value->char_decl.property = property;
540 p_char_decl->p_value->char_decl.char_val_handle = p_char_val->handle;
541 if (control != NULL) {
542 p_char_val->control.auto_rsp = control->auto_rsp;
543 } else {
544 p_char_val->control.auto_rsp = GATT_RSP_DEFAULT;
545 }
546
547 if (attr_val != NULL) {
548 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_val->p_value, sizeof(tGATT_ATTR_VAL))) {
549 deallocate_attr_in_db(p_db, p_char_val);
550 return 0;
551 }
552 GATT_TRACE_DEBUG("attr_val->attr_len = %x, attr_val->attr_max_len = %x\n", attr_val->attr_len, attr_val->attr_max_len);
553 GATT_TRACE_DEBUG("attribute handle = %x\n", p_char_val->handle);
554 p_char_val->p_value->attr_val.attr_len = attr_val->attr_len;
555 p_char_val->p_value->attr_val.attr_max_len = attr_val->attr_max_len;
556 p_char_val->p_value->attr_val.attr_val = osi_malloc(attr_val->attr_max_len);
557 if (p_char_val->p_value->attr_val.attr_val == NULL) {
558 deallocate_attr_in_db(p_db, p_char_decl);
559 deallocate_attr_in_db(p_db, p_char_val);
560 GATT_TRACE_WARNING("Warning in %s, line=%d, insufficient resource to allocate for attribute value\n", __func__, __LINE__);
561 return 0;
562 }
563 else {
564 //add mask to indicate that p_value->attr_val.attr_val is dynamic allocated
565 p_char_val->mask |= GATT_ATTR_VALUE_ALLOCATED;
566 }
567
568 //initiate characteristic attribute value part
569 memset(p_char_val->p_value->attr_val.attr_val, 0, attr_val->attr_max_len);
570 if (attr_val->attr_val != NULL) {
571 if (attr_val->attr_max_len < attr_val->attr_len){
572 GATT_TRACE_ERROR("Error in %s, Line=%d, attribute actual length (%d) should not larger than max size (%d)\n",
573 __func__, __LINE__, attr_val->attr_len, attr_val->attr_max_len);
574 }
575 UINT16 actual_len = (attr_val->attr_max_len < attr_val->attr_len) ? (attr_val->attr_max_len) : (attr_val->attr_len);
576 memcpy(p_char_val->p_value->attr_val.attr_val, attr_val->attr_val, actual_len);
577 }
578 }
579
580 return p_char_val->handle;
581 }
582
583 return 0;
584 }
585
586 /*******************************************************************************
587 **
588 ** Function gatt_convertchar_descr_type
589 **
590 ** Description This function convert a char descript UUID into descriptor type.
591 **
592 ** Returns descriptor type.
593 **
594 *******************************************************************************/
gatt_convertchar_descr_type(tBT_UUID * p_descr_uuid)595 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
596 {
597 tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
598
599 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
600 return GATT_DESCR_EXT_DSCPTOR;
601 }
602
603 std_descr.uu.uuid16 ++;
604 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
605 return GATT_DESCR_USER_DSCPTOR;
606 }
607
608 std_descr.uu.uuid16 ++;
609 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
610 return GATT_DESCR_CLT_CONFIG;
611 }
612
613 std_descr.uu.uuid16 ++;
614 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
615 return GATT_DESCR_SVR_CONFIG;
616 }
617
618 std_descr.uu.uuid16 ++;
619 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
620 return GATT_DESCR_PRES_FORMAT;
621 }
622
623 std_descr.uu.uuid16 ++;
624 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
625 return GATT_DESCR_AGGR_FORMAT;
626 }
627
628 std_descr.uu.uuid16 ++;
629 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) {
630 return GATT_DESCR_VALID_RANGE;
631 }
632
633
634 return GATT_DESCR_UNKNOWN;
635 }
636
637 /*******************************************************************************
638 **
639 ** Function gatts_add_char_descr
640 **
641 ** Description This function add a characteristics descriptor.
642 **
643 ** Parameter p_db: database pointer.
644 ** perm: characteristic descriptor permission type.
645 ** char_dscp_tpye: the characteristic descriptor masks.
646 ** p_dscp_params: characteristic descriptors values.
647 **
648 ** Returns Status of the operation.
649 **
650 *******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB * p_db,tGATT_PERM perm,tBT_UUID * p_descr_uuid,tGATT_ATTR_VAL * attr_val,tGATTS_ATTR_CONTROL * control)651 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
652 tBT_UUID *p_descr_uuid, tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
653 {
654 tGATT_ATTR16 *p_char_dscptr;
655 BOOLEAN status;
656
657 GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x\n", p_descr_uuid->uu.uuid16);
658
659 /* parameter validation check */
660 status = gatts_add_char_desc_value_check(attr_val, control);
661 if (status == FALSE){
662 return 0;
663 }
664
665 /* Add characteristic descriptors */
666 if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_descr_uuid, perm)) == NULL) {
667 deallocate_attr_in_db(p_db, p_char_dscptr);
668 GATT_TRACE_DEBUG("gatts_add_char_descr Fail for adding char descriptors.");
669 return 0;
670 } else {
671 p_char_dscptr->control.auto_rsp = (control == NULL) ? GATT_RSP_DEFAULT : (control->auto_rsp);
672 if (attr_val != NULL) {
673 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_dscptr->p_value, sizeof(tGATT_ATTR_VAL))) {
674 deallocate_attr_in_db(p_db, p_char_dscptr);
675 return 0;
676 }
677 p_char_dscptr->p_value->attr_val.attr_len = attr_val->attr_len;
678 p_char_dscptr->p_value->attr_val.attr_max_len = attr_val->attr_max_len;
679 if (attr_val->attr_max_len != 0) {
680 p_char_dscptr->p_value->attr_val.attr_val = osi_malloc(attr_val->attr_max_len);
681 if (p_char_dscptr->p_value->attr_val.attr_val == NULL) {
682 deallocate_attr_in_db(p_db, p_char_dscptr);
683 GATT_TRACE_WARNING("Warning in %s, line=%d, insufficient resource to allocate for descriptor value\n", __func__, __LINE__);
684 return 0;
685 }
686 else {
687 //add mask to indicate that p_value->attr_val.attr_val is dynamic allocated
688 p_char_dscptr->mask |= GATT_ATTR_VALUE_ALLOCATED;
689 }
690
691 //initiate characteristic attribute value part
692 memset(p_char_dscptr->p_value->attr_val.attr_val, 0, attr_val->attr_max_len);
693 if(attr_val->attr_val != NULL) {
694 memcpy(p_char_dscptr->p_value->attr_val.attr_val, attr_val->attr_val, attr_val->attr_len);
695 }
696 }
697 }
698 return p_char_dscptr->handle;
699 }
700 }
701
702
703 /*******************************************************************************
704 **
705 ** Function gatts_set_attribute_value
706 **
707 ** Description This function add the attribute value in the database
708 **
709 ** Parameter p_db: database pointer.
710 ** attr_handle: the attribute handle
711 ** length: the attribute value length
712 ** value: the pointer to the data to be set to the attribute value in the database
713 **
714 ** Returns Status of the operation.
715 **
716 *******************************************************************************/
gatts_set_attribute_value(tGATT_SVC_DB * p_db,UINT16 attr_handle,UINT16 length,UINT8 * value)717 tGATT_STATUS gatts_set_attribute_value(tGATT_SVC_DB *p_db, UINT16 attr_handle,
718 UINT16 length, UINT8 *value)
719 {
720 tGATT_ATTR16 *p_cur;
721
722 if (p_db == NULL) {
723 GATT_TRACE_DEBUG("gatts_set_attribute_value Fail:p_db is NULL.\n");
724 return GATT_INVALID_PDU;
725 }
726 if (p_db->p_attr_list == NULL) {
727 GATT_TRACE_DEBUG("gatts_set_attribute_value Fail:p_db->p_attr_list is NULL.\n");
728 return GATT_INVALID_PDU;
729 }
730 if ((length > 0) && (value == NULL)){
731 GATT_TRACE_ERROR("Error in %s, line=%d, value should not be NULL here\n",__func__, __LINE__);
732 return GATT_INVALID_PDU;
733 }
734
735 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
736
737 while (p_cur != NULL) {
738 if (p_cur->handle == attr_handle) {
739 /* for characteristic should not be set, return GATT_NOT_FOUND */
740 if (p_cur->uuid_type == GATT_ATTR_UUID_TYPE_16) {
741 switch (p_cur->uuid) {
742 case GATT_UUID_PRI_SERVICE:
743 case GATT_UUID_SEC_SERVICE:
744 case GATT_UUID_CHAR_DECLARE:
745 return GATT_NOT_FOUND;
746 break;
747 }
748 }
749
750 /* in other cases, value can be set*/
751 if ((p_cur->p_value == NULL) || (p_cur->p_value->attr_val.attr_val == NULL) \
752 || (p_cur->p_value->attr_val.attr_max_len == 0)){
753 GATT_TRACE_ERROR("Error in %s, line=%d, attribute value should not be NULL here\n", __func__, __LINE__);
754 return GATT_NOT_FOUND;
755 } else if (p_cur->p_value->attr_val.attr_max_len < length) {
756 GATT_TRACE_ERROR("gatts_set_attribute_value failed:Invalid value length");
757 return GATT_INVALID_ATTR_LEN;
758 } else{
759 memcpy(p_cur->p_value->attr_val.attr_val, value, length);
760 p_cur->p_value->attr_val.attr_len = length;
761 }
762 break;
763 }
764 p_cur = p_cur->p_next;
765 }
766
767 return GATT_SUCCESS;
768 }
769
770 /*******************************************************************************
771 **
772 ** Function gatts_get_attr_value_internal
773 **
774 ** Description This function get the attribute value in gap service and gatt service
775 **
776 ** Parameter attr_handle: the attribute handle
777 ** length: the attribute value length
778 ** value: the pointer to the data to be get to the attribute value in the database
779 **
780 ** Returns Status of the operation.
781 **
782 *******************************************************************************/
gatts_get_attr_value_internal(UINT16 attr_handle,UINT16 * length,UINT8 ** value)783 static tGATT_STATUS gatts_get_attr_value_internal(UINT16 attr_handle, UINT16 *length, UINT8 **value)
784 {
785 UINT8 i;
786 tGATT_READ_REQ read_req;
787 tGATT_STATUS status = GATT_NOT_FOUND;
788 tGATT_SR_REG *p_rcb = gatt_cb.sr_reg;
789 UINT8 service_uuid[LEN_UUID_128] = {0};
790
791 // find the service by handle
792 for (i = 0; i < GATT_MAX_SR_PROFILES; i++, p_rcb++) {
793 if (p_rcb->in_use && p_rcb->s_hdl <= attr_handle && p_rcb->e_hdl >= attr_handle) {
794 break;
795 }
796 }
797
798 // service cb not found
799 if (i == GATT_MAX_SR_PROFILES) {
800 return status;
801 }
802
803 if (p_rcb->app_uuid.len != LEN_UUID_128) {
804 return status;
805 }
806
807 memset(&read_req, 0, sizeof(tGATT_READ_REQ));
808 read_req.handle = attr_handle;
809
810 // read gatt service attribute value
811 memset(service_uuid, 0x81, LEN_UUID_128);
812 if (!memcmp(p_rcb->app_uuid.uu.uuid128, service_uuid, LEN_UUID_128)) {
813 status = gatt_proc_read(0, GATTS_REQ_TYPE_READ, &read_req, &gatt_cb.rsp);
814 }
815
816 // read gap service attribute value
817 memset(service_uuid, 0x82, LEN_UUID_128);
818 if (!memcmp(p_rcb->app_uuid.uu.uuid128, service_uuid, LEN_UUID_128)) {
819 status = gap_proc_read(GATTS_REQ_TYPE_READ, &read_req, &gatt_cb.rsp);
820 }
821
822 if (status == GATT_SUCCESS) {
823 *length = gatt_cb.rsp.attr_value.len;
824 *value = gatt_cb.rsp.attr_value.value;
825 }
826
827 return status;
828 }
829
830 /*******************************************************************************
831 **
832 ** Function gatts_get_attribute_value
833 **
834 ** Description This function get the attribute value in the database
835 **
836 ** Parameter p_db: database pointer.
837 ** attr_handle: the attribute handle
838 ** length: the attribute value length
839 ** value: the pointer to the data to be get to the attribute value in the database
840 **
841 ** Returns Status of the operation.
842 **
843 *******************************************************************************/
gatts_get_attribute_value(tGATT_SVC_DB * p_db,UINT16 attr_handle,UINT16 * length,UINT8 ** value)844 tGATT_STATUS gatts_get_attribute_value(tGATT_SVC_DB *p_db, UINT16 attr_handle,
845 UINT16 *length, UINT8 **value)
846 {
847 tGATT_ATTR16 *p_cur;
848
849 GATT_TRACE_DEBUG("attr_handle = %x\n", attr_handle);
850
851 if (p_db == NULL) {
852 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:p_db is NULL.\n");
853 *length = 0;
854 return GATT_INVALID_PDU;
855 }
856 if (p_db->p_attr_list == NULL) {
857 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:p_db->p_attr_list is NULL.\n");
858 *length = 0;
859 return GATT_INVALID_PDU;
860 }
861 if (length == NULL){
862 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:length is NULL.\n");
863 return GATT_INVALID_PDU;
864 }
865 if (value == NULL){
866 GATT_TRACE_ERROR("gatts_get_attribute_value Fail:value is NULL.\n");
867 *length = 0;
868 return GATT_INVALID_PDU;
869 }
870
871 if (gatts_get_attr_value_internal(attr_handle, length, value) == GATT_SUCCESS) {
872 return GATT_SUCCESS;
873 }
874
875 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
876
877 while (p_cur != NULL) {
878 if (p_cur->handle == attr_handle) {
879
880 if (p_cur->uuid_type == GATT_ATTR_UUID_TYPE_16) {
881 switch (p_cur->uuid) {
882 case GATT_UUID_CHAR_DECLARE:
883 case GATT_UUID_INCLUDE_SERVICE:
884 break;
885 default:
886 if (p_cur->p_value && p_cur->p_value->attr_val.attr_len != 0) {
887 *length = p_cur->p_value->attr_val.attr_len;
888 *value = p_cur->p_value->attr_val.attr_val;
889 return GATT_SUCCESS;
890 } else {
891 *length = 0;
892 return GATT_SUCCESS;
893 }
894 break;
895 }
896 } else {
897 if (p_cur->p_value && p_cur->p_value->attr_val.attr_len != 0) {
898 *length = p_cur->p_value->attr_val.attr_len;
899 *value = p_cur->p_value->attr_val.attr_val;
900 return GATT_SUCCESS;
901 } else {
902 *length = 0;
903 return GATT_SUCCESS;
904 }
905
906 }
907
908 break;
909
910 }
911
912 p_cur = p_cur->p_next;
913 }
914
915 return GATT_NOT_FOUND;
916 }
917
gatts_is_auto_response(UINT16 attr_handle)918 BOOLEAN gatts_is_auto_response(UINT16 attr_handle)
919 {
920 tGATT_HDL_LIST_ELEM *p_decl = NULL;
921 BOOLEAN rsp = FALSE;
922 tGATT_SVC_DB *p_db = NULL;
923 if ((p_decl = gatt_find_hdl_buffer_by_attr_handle(attr_handle)) == NULL) {
924 GATT_TRACE_DEBUG("Service not created\n");
925 return rsp;
926 }
927
928 p_db = &p_decl->svc_db;
929
930 tGATT_ATTR16 *p_cur, *p_next;
931
932 if (p_db == NULL) {
933 GATT_TRACE_DEBUG("gatts_get_attribute_value Fail:p_db is NULL.\n");
934 return rsp;
935 }
936 if (p_db->p_attr_list == NULL) {
937 GATT_TRACE_DEBUG("gatts_get_attribute_value Fail:p_db->p_attr_list is NULL.\n");
938 return rsp;
939 }
940
941 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
942 p_next = (tGATT_ATTR16 *) p_cur->p_next;
943
944 for (; p_cur != NULL && p_next != NULL;
945 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next) {
946 if (p_cur->handle == attr_handle) {
947 if (p_cur->p_value != NULL && p_cur->control.auto_rsp == GATT_RSP_BY_STACK) {
948 rsp = true;
949 return rsp;
950 }
951
952 }
953
954 }
955
956 return rsp;
957
958 }
959
960 /*******************************************************************************/
961 /* Service Attribute Database Query Utility Functions */
962 /*******************************************************************************/
963 /*******************************************************************************
964 **
965 ** Function gatts_read_attr_value_by_handle
966 **
967 ** Description Query attribute value by attribute handle.
968 **
969 ** Parameter p_db: pointer to the attribute database.
970 ** handle: Attribute handle to read.
971 ** offset: Read offset.
972 ** p_value: output parameter to carry out the attribute value.
973 ** p_len: output parameter as attribute length read.
974 ** read_long: this is a read blob request.
975 ** mtu: MTU.
976 ** sec_flag: current link security status.
977 ** key_size: encryption key size
978 **
979 ** Returns Status of operation.
980 **
981 *******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 * p_len,UINT16 mtu,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id)982 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
983 tGATT_SVC_DB *p_db,
984 UINT8 op_code,
985 UINT16 handle, UINT16 offset,
986 UINT8 *p_value, UINT16 *p_len,
987 UINT16 mtu,
988 tGATT_SEC_FLAG sec_flag,
989 UINT8 key_size,
990 UINT32 trans_id)
991 {
992 tGATT_STATUS status = GATT_NOT_FOUND;
993 tGATT_ATTR16 *p_attr;
994 UINT8 *pp = p_value;
995
996 if (p_db && p_db->p_attr_list) {
997 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
998
999 while (p_attr && handle >= p_attr->handle) {
1000 if (p_attr->handle == handle) {
1001 status = read_attr_value (p_attr, offset, &pp,
1002 (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
1003 mtu, p_len, sec_flag, key_size);
1004
1005 if ((status == GATT_PENDING) || (status == GATT_STACK_RSP)) {
1006 BOOLEAN need_rsp = (status != GATT_STACK_RSP);
1007 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id, need_rsp);
1008 }
1009 break;
1010 }
1011 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
1012 }
1013 }
1014
1015
1016 return status;
1017 }
1018
gatts_write_attr_value_by_handle(tGATT_SVC_DB * p_db,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 len)1019 tGATT_STATUS gatts_write_attr_value_by_handle(tGATT_SVC_DB *p_db,
1020 UINT16 handle, UINT16 offset,
1021 UINT8 *p_value, UINT16 len)
1022 {
1023 tGATT_STATUS status = GATT_NOT_FOUND;
1024 tGATT_ATTR16 *p_attr;
1025
1026 if (p_db && p_db->p_attr_list) {
1027 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
1028
1029 while (p_attr && handle >= p_attr->handle) {
1030 if (p_attr->handle == handle ) {
1031 if (p_attr->control.auto_rsp == GATT_RSP_BY_APP) {
1032 return GATT_APP_RSP;
1033 }
1034
1035 if ((p_attr->p_value != NULL) &&
1036 (p_attr->p_value->attr_val.attr_max_len >= offset + len) &&
1037 p_attr->p_value->attr_val.attr_val != NULL) {
1038 memcpy(p_attr->p_value->attr_val.attr_val + offset, p_value, len);
1039 p_attr->p_value->attr_val.attr_len = len + offset;
1040 return GATT_SUCCESS;
1041 } else if (p_attr->p_value && p_attr->p_value->attr_val.attr_max_len < offset + len){
1042 GATT_TRACE_DEBUG("Remote device try to write with a length larger then attribute's max length\n");
1043 return GATT_INVALID_ATTR_LEN;
1044 } else if ((p_attr->p_value == NULL) || (p_attr->p_value->attr_val.attr_val == NULL)){
1045 GATT_TRACE_ERROR("Error in %s, line=%d, %s should not be NULL here\n", __func__, __LINE__, \
1046 (p_attr->p_value == NULL) ? "p_value" : "attr_val.attr_val");
1047 return GATT_UNKNOWN_ERROR;
1048 }
1049 }
1050
1051 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
1052
1053 }
1054 }
1055
1056 return status;
1057 }
1058
1059 /*******************************************************************************
1060 **
1061 ** Function gatts_read_attr_perm_check
1062 **
1063 ** Description Check attribute readability.
1064 **
1065 ** Parameter p_db: pointer to the attribute database.
1066 ** handle: Attribute handle to read.
1067 ** offset: Read offset.
1068 ** p_value: output parameter to carry out the attribute value.
1069 ** p_len: output parameter as attribute length read.
1070 ** read_long: this is a read blob request.
1071 ** mtu: MTU.
1072 ** sec_flag: current link security status.
1073 ** key_size: encryption key size
1074 **
1075 ** Returns Status of operation.
1076 **
1077 *******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,BOOLEAN is_long,UINT16 handle,tGATT_SEC_FLAG sec_flag,UINT8 key_size)1078 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
1079 BOOLEAN is_long,
1080 UINT16 handle,
1081 tGATT_SEC_FLAG sec_flag,
1082 UINT8 key_size)
1083 {
1084 tGATT_STATUS status = GATT_NOT_FOUND;
1085 tGATT_ATTR16 *p_attr;
1086
1087 if (p_db && p_db->p_attr_list) {
1088 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
1089
1090 while (p_attr && handle >= p_attr->handle) {
1091 if (p_attr->handle == handle) {
1092 status = gatts_check_attr_readability (p_attr, 0,
1093 is_long,
1094 sec_flag, key_size);
1095 break;
1096 }
1097 p_attr = (tGATT_ATTR16 *) p_attr->p_next;
1098 }
1099 }
1100
1101 return status;
1102 }
1103
1104
1105 /*******************************************************************************
1106 **
1107 ** Function gatts_write_attr_perm_check
1108 **
1109 ** Description Write attribute value into database.
1110 **
1111 ** Parameter p_db: pointer to the attribute database.
1112 ** op_code:op code of this write.
1113 ** handle: handle of the attribute to write.
1114 ** offset: Write offset if write op code is write blob.
1115 ** p_data: Attribute value to write.
1116 ** len: attribute data length.
1117 ** sec_flag: current link security status.
1118 ** key_size: encryption key size
1119 **
1120 ** Returns Status of the operation.
1121 **
1122 *******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_data,UINT16 len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)1123 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
1124 UINT16 handle, UINT16 offset, UINT8 *p_data,
1125 UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
1126 {
1127 tGATT_STATUS status = GATT_NOT_FOUND;
1128 tGATT_ATTR16 *p_attr;
1129 UINT16 max_size = 0;
1130 tGATT_PERM perm;
1131 UINT16 min_key_size;
1132
1133 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
1134 op_code, handle, offset, len, sec_flag, key_size);
1135
1136 if (p_db != NULL) {
1137 p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
1138
1139 while (p_attr != NULL) {
1140 if (p_attr->handle == handle) {
1141 perm = p_attr->permission;
1142 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
1143 if (min_key_size != 0 ) {
1144 min_key_size += 6;
1145 }
1146 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
1147 p_attr->permission,
1148 min_key_size);
1149
1150 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE)
1151 && (perm & GATT_WRITE_SIGNED_PERM)) {
1152 /* use the rules for the mixed security see section 10.2.3*/
1153 /* use security mode 1 level 2 when the following condition follows */
1154 /* LE security mode 2 level 1 and LE security mode 1 level 2 */
1155 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED)) {
1156 perm = GATT_PERM_WRITE_ENCRYPTED;
1157 }
1158 /* use security mode 1 level 3 when the following condition follows */
1159 /* LE security mode 2 level 2 and security mode 1 and LE */
1160 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
1161 /* LE security mode 2 and security mode 1 level 3 */
1162 ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM))) {
1163 perm = GATT_PERM_WRITE_ENC_MITM;
1164 }
1165 }
1166
1167 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM)) {
1168 status = GATT_WRITE_NOT_PERMIT;
1169 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check - sign cmd write not allowed");
1170 }
1171 if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
1172 status = GATT_INVALID_PDU;
1173 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
1174 } else if (!(perm & GATT_WRITE_ALLOWED)) {
1175 status = GATT_WRITE_NOT_PERMIT;
1176 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
1177 }
1178 /* require authentication, but not been authenticated */
1179 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED)) {
1180 status = GATT_INSUF_AUTHENTICATION;
1181 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
1182 } else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) {
1183 status = GATT_INSUF_AUTHENTICATION;
1184 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
1185 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
1186 status = GATT_INSUF_ENCRYPTION;
1187 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
1188 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) {
1189 status = GATT_INSUF_KEY_SIZE;
1190 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
1191 }
1192 /* LE Authorization check*/
1193 else if ((perm & GATT_WRITE_AUTHORIZATION) && (!(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED) || !(sec_flag & GATT_SEC_FLAG_AUTHORIZATION))){
1194 status = GATT_INSUF_AUTHORIZATION;
1195 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHORIZATION");
1196 }
1197 /* LE security mode 2 attribute */
1198 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)
1199 && (perm & GATT_WRITE_ALLOWED) == 0) {
1200 status = GATT_INSUF_AUTHENTICATION;
1201 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required");
1202 } else { /* writable: must be char value declaration or char descritpors */
1203 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) {
1204 switch (p_attr->uuid) {
1205 case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
1206 case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
1207 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
1208 case GATT_UUID_CHAR_VALID_RANGE:
1209 status = GATT_WRITE_NOT_PERMIT;
1210 break;
1211
1212 case GATT_UUID_CHAR_CLIENT_CONFIG:
1213 /* coverity[MISSING_BREAK] */
1214 /* intnended fall through, ignored */
1215 /* fall through */
1216 case GATT_UUID_CHAR_SRVR_CONFIG:
1217 max_size = 2;
1218 case GATT_UUID_CHAR_DESCRIPTION:
1219 default: /* any other must be character value declaration */
1220 status = GATT_SUCCESS;
1221 break;
1222 }
1223 } else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128 ||
1224 p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32) {
1225 status = GATT_SUCCESS;
1226 } else {
1227 status = GATT_INVALID_PDU;
1228 }
1229
1230 if (p_data == NULL && len > 0) {
1231 status = GATT_INVALID_PDU;
1232 }
1233 /* these attribute does not allow write blob */
1234 // btla-specific ++
1235 else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
1236 (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
1237 p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
1238 // btla-specific --
1239 {
1240 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) { /* does not allow write blob */
1241 status = GATT_NOT_LONG;
1242 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_NOT_LONG");
1243 } else if (len != max_size) { /* data does not match the required format */
1244 status = GATT_INVALID_ATTR_LEN;
1245 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
1246 } else {
1247 status = GATT_SUCCESS;
1248 }
1249 }
1250 }
1251 break;
1252 } else {
1253 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
1254 }
1255 }
1256 }
1257
1258 return status;
1259 }
1260
1261 /*******************************************************************************
1262 **
1263 ** Function allocate_attr_in_db
1264 **
1265 ** Description Allocate a memory space for a new attribute, and link this
1266 ** attribute into the database attribute list.
1267 **
1268 **
1269 ** Parameter p_db : database pointer.
1270 ** p_uuid: pointer to attribute UUID
1271 ** service : type of attribute to be added.
1272 **
1273 ** Returns pointer to the newly allocated attribute.
1274 **
1275 *******************************************************************************/
allocate_attr_in_db(tGATT_SVC_DB * p_db,tBT_UUID * p_uuid,tGATT_PERM perm)1276 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm)
1277 {
1278 tGATT_ATTR16 *p_attr16 = NULL, *p_last;
1279 tGATT_ATTR32 *p_attr32 = NULL;
1280 tGATT_ATTR128 *p_attr128 = NULL;
1281 UINT16 len = sizeof(tGATT_ATTR128);
1282
1283 if (p_uuid == NULL) {
1284 GATT_TRACE_ERROR("illegal UUID\n");
1285 return NULL;
1286 }
1287
1288 if (p_uuid->len == LEN_UUID_16) {
1289 len = sizeof(tGATT_ATTR16);
1290 } else if (p_uuid->len == LEN_UUID_32) {
1291 len = sizeof(tGATT_ATTR32);
1292 }
1293
1294 GATT_TRACE_DEBUG("allocate attr %d bytes\n", len);
1295
1296 if (p_db->end_handle <= p_db->next_handle) {
1297 GATT_TRACE_DEBUG("handle space full. handle_max = %d next_handle = %d\n",
1298 p_db->end_handle, p_db->next_handle);
1299 return NULL;
1300 }
1301
1302 if (p_db->mem_free < len) {
1303 if (!allocate_svc_db_buf(p_db)) {
1304 GATT_TRACE_ERROR("allocate_attr_in_db failed, no resources\n");
1305 return NULL;
1306 }
1307 }
1308 memset(p_db->p_free_mem, 0, len);
1309 p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
1310
1311 if (p_uuid->len == LEN_UUID_16 && p_uuid->uu.uuid16 != GATT_ILLEGAL_UUID) {
1312 p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
1313 p_attr16->uuid = p_uuid->uu.uuid16;
1314 } else if (p_uuid->len == LEN_UUID_32) {
1315 p_attr32 = (tGATT_ATTR32 *) p_db->p_free_mem;
1316 p_attr32->uuid_type = GATT_ATTR_UUID_TYPE_32;
1317 p_attr32->uuid = p_uuid->uu.uuid32;
1318 } else if (p_uuid->len == LEN_UUID_128) {
1319 p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
1320 p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
1321 memcpy(p_attr128->uuid, p_uuid->uu.uuid128, LEN_UUID_128);
1322 }
1323
1324 p_db->p_free_mem += len;
1325 p_db->mem_free -= len;
1326
1327 p_attr16->handle = p_db->next_handle++;
1328 p_attr16->permission = perm;
1329 p_attr16->p_next = NULL;
1330
1331 /* link the attribute record into the end of DB */
1332 if (p_db->p_attr_list == NULL) {
1333 p_db->p_attr_list = p_attr16;
1334 } else {
1335 p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
1336
1337 while (p_last != NULL && p_last->p_next != NULL) {
1338 p_last = (tGATT_ATTR16 *)p_last->p_next;
1339 }
1340
1341 p_last->p_next = p_attr16;
1342 }
1343
1344 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16) {
1345 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid16 = [0x%04x] perm=0x%02x\n",
1346 p_attr16->handle, p_attr16->uuid, p_attr16->permission);
1347 } else if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_32) {
1348 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid32 = [0x%08x] perm=0x%02x\n",
1349 p_attr32->handle, p_attr32->uuid, p_attr32->permission);
1350 } else {
1351 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x\n",
1352 p_attr128->handle, p_attr128->uuid[0], p_attr128->uuid[1],
1353 p_attr128->permission);
1354 }
1355 return (void *)p_attr16;
1356 }
1357
1358
1359
1360 /*******************************************************************************
1361 **
1362 ** Function deallocate_attr_in_db
1363 **
1364 ** Description Free an attribute within the database.
1365 **
1366 ** Parameter p_db: database pointer.
1367 ** p_attr: pointer to the attribute record to be freed.
1368 **
1369 ** Returns BOOLEAN: success
1370 **
1371 *******************************************************************************/
deallocate_attr_in_db(tGATT_SVC_DB * p_db,void * p_attr)1372 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
1373 {
1374 tGATT_ATTR16 *p_cur, *p_next;
1375 BOOLEAN found = FALSE;
1376
1377 if (p_db->p_attr_list == NULL) {
1378 return found;
1379 }
1380
1381 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
1382 p_next = (tGATT_ATTR16 *) p_cur->p_next;
1383
1384 for (; p_cur != NULL && p_next != NULL;
1385 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next) {
1386 if (p_next == p_attr) {
1387 p_cur->p_next = p_next->p_next;
1388 found = TRUE;
1389 }
1390 }
1391 if (p_cur == p_attr && p_cur == p_db->p_attr_list) {
1392 p_db->p_attr_list = p_cur->p_next;
1393 found = TRUE;
1394 }
1395 /* else attr not found */
1396 if ( found) {
1397 p_db->next_handle --;
1398 }
1399
1400 return found;
1401 }
1402
1403 /*******************************************************************************
1404 **
1405 ** Function copy_extra_byte_in_db
1406 **
1407 ** Description Utility function to allocate extra bytes memory in DB and copy
1408 ** the value from a source place.
1409 **
1410 **
1411 ** Parameter p_db: database pointer.
1412 ** p_dst: destination data pointer.
1413 ** p_src: source data pointer.
1414 ** len: data length to be copied.
1415 **
1416 ** Returns None.
1417 **
1418 *******************************************************************************/
copy_extra_byte_in_db(tGATT_SVC_DB * p_db,void ** p_dst,UINT16 len)1419 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1420 {
1421 UINT8 *p = (UINT8 *)*p_dst;
1422
1423 if (p_db->mem_free < len) {
1424 if (!allocate_svc_db_buf(p_db)) {
1425 GATT_TRACE_ERROR("copy_extra_byte_in_db failed, no resources\n");
1426 return FALSE;
1427 }
1428 }
1429
1430 p = p_db->p_free_mem;
1431 p_db->p_free_mem += len;
1432 p_db->mem_free -= len;
1433 memset((void *)p, 0, len);
1434 *p_dst = (void *)p;
1435
1436 return TRUE;
1437 }
1438
1439 /*******************************************************************************
1440 **
1441 ** Function allocate_svc_db_buf
1442 **
1443 ** Description Utility function to allocate extra buffer for service database.
1444 **
1445 ** Returns TRUE if allocation succeed, otherwise FALSE.
1446 **
1447 *******************************************************************************/
allocate_svc_db_buf(tGATT_SVC_DB * p_db)1448 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1449 {
1450 BT_HDR *p_buf;
1451
1452 GATT_TRACE_DEBUG("allocate_svc_db_buf allocating extra buffer");
1453
1454 if ((p_buf = (BT_HDR *)osi_calloc(GATT_DB_BUF_SIZE)) == NULL) {
1455 GATT_TRACE_ERROR("allocate_svc_db_buf failed, no resources");
1456 return FALSE;
1457 }
1458
1459 p_db->p_free_mem = (UINT8 *) p_buf;
1460 p_db->mem_free = GATT_DB_BUF_SIZE;
1461
1462 fixed_queue_enqueue(p_db->svc_buffer, p_buf, FIXED_QUEUE_MAX_TIMEOUT);
1463
1464 return TRUE;
1465
1466 }
1467
1468 /*******************************************************************************
1469 **
1470 ** Function gatts_send_app_read_request
1471 **
1472 ** Description Send application read request callback
1473 **
1474 ** Returns status of operation.
1475 **
1476 *******************************************************************************/
gatts_send_app_read_request(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 handle,UINT16 offset,UINT32 trans_id,BOOLEAN need_rsp)1477 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1478 UINT16 handle, UINT16 offset, UINT32 trans_id, BOOLEAN need_rsp)
1479 {
1480 tGATTS_DATA sr_data;
1481 UINT8 i_rcb;
1482 tGATT_SR_REG *p_sreg;
1483 UINT16 conn_id;
1484
1485 i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1486 if (i_rcb == GATT_MAX_SR_PROFILES) {
1487 GATT_TRACE_ERROR("Failed to find i_rcb,Error in %s, line=%d, \n", __func__, __LINE__);
1488 return (tGATT_STATUS) GATT_ERROR;
1489 }
1490 p_sreg = &gatt_cb.sr_reg[i_rcb];
1491 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1492
1493 if (trans_id == 0) {
1494 trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1495 gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1496 }
1497
1498 if (trans_id != 0 ) {
1499 memset(&sr_data, 0, sizeof(tGATTS_DATA));
1500
1501 sr_data.read_req.handle = handle;
1502 sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1503 sr_data.read_req.offset = offset;
1504 sr_data.read_req.need_rsp = need_rsp;
1505
1506 gatt_sr_send_req_callback(conn_id,
1507 trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1508
1509 if (need_rsp) {
1510 return (tGATT_STATUS) GATT_PENDING;
1511 }
1512 else{
1513 return (tGATT_STATUS) GATT_STACK_RSP;
1514 }
1515 } else {
1516 return (tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1517 }
1518
1519 }
1520
1521 /*******************************************************************************
1522 **
1523 ** Function gatts_db_add_service_declaration
1524 **
1525 ** Description Update a service database service declaration record.
1526 **
1527 ** Parameter p_db: database pointer.
1528 ** service: UUID of the service.
1529 **
1530 ** Returns void
1531 **
1532 *******************************************************************************/
gatts_db_add_service_declaration(tGATT_SVC_DB * p_db,tBT_UUID * p_service,BOOLEAN is_pri)1533 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri)
1534 {
1535 tGATT_ATTR16 *p_attr;
1536 tBT_UUID uuid = {LEN_UUID_16, {0}};
1537 BOOLEAN rt = FALSE;
1538
1539 GATT_TRACE_DEBUG( "add_service_declaration");
1540
1541 if (is_pri) {
1542 uuid.uu.uuid16 = GATT_UUID_PRI_SERVICE;
1543 } else {
1544 uuid.uu.uuid16 = GATT_UUID_SEC_SERVICE;
1545 }
1546
1547 /* add service declration record */
1548 if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ))) != NULL) {
1549 if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID))) {
1550 if (p_service->len == LEN_UUID_16) {
1551 p_attr->p_value->uuid.len = LEN_UUID_16;
1552 p_attr->p_value->uuid.uu.uuid16 = p_service->uu.uuid16;
1553 } else if (p_service->len == LEN_UUID_32) {
1554 p_attr->p_value->uuid.len = LEN_UUID_128;
1555 gatt_convert_uuid32_to_uuid128(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid32);
1556 } else {
1557 p_attr->p_value->uuid.len = LEN_UUID_128;
1558 memcpy(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid128, LEN_UUID_128);
1559 }
1560 rt = TRUE;
1561 }
1562
1563 }
1564 return rt;
1565 }
1566
1567 /*******************************************************************************
1568 **
1569 ** Function gatts_add_char_desc_value_check
1570 **
1571 ** Description parameters validation check for gatts add char/descriptor functions
1572 **
1573 ** Parameter attr_val: attribute value for char/descriptor.
1574 ** control: control variable for char/descriptor.
1575 **
1576 ** Returns void
1577 **
1578 *******************************************************************************/
gatts_add_char_desc_value_check(tGATT_ATTR_VAL * attr_val,tGATTS_ATTR_CONTROL * control)1579 static BOOLEAN gatts_add_char_desc_value_check (tGATT_ATTR_VAL *attr_val, tGATTS_ATTR_CONTROL *control)
1580 {
1581 if ((control != NULL) && ((control->auto_rsp != GATT_RSP_BY_APP) && (control->auto_rsp != GATT_RSP_BY_STACK))){
1582 GATT_TRACE_ERROR("Error in %s, line=%d, control->auto_rsp should be set to GATT_RSP_BY_APP or GATT_RSP_BY_STACK here\n",\
1583 __func__, __LINE__);
1584 return FALSE;
1585 }
1586
1587 if ((control != NULL) && (control->auto_rsp == GATT_RSP_BY_STACK)){
1588 if (attr_val == NULL){
1589 GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attr_val should not be NULL here\n",\
1590 __func__, __LINE__);
1591 return FALSE;
1592 } else if (attr_val->attr_max_len == 0){
1593 GATT_TRACE_ERROR("Error in %s, line=%d, for stack respond attribute, attribute max length should not be 0\n",\
1594 __func__, __LINE__);
1595 return FALSE;
1596 }
1597 }
1598
1599 if (attr_val != NULL){
1600 if (attr_val->attr_len > attr_val->attr_max_len){
1601 GATT_TRACE_ERROR("Error in %s, line=%d,attribute actual length should not be larger than max length\n",\
1602 __func__, __LINE__);
1603 return FALSE;
1604 }
1605 }
1606
1607 return TRUE ;
1608 }
1609
1610 #endif /* BLE_INCLUDED == TRUE && GATTS_INCLUDED == TRUE */
1611
