1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2013 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include "bt_target.h" 20 21 #include "gatt_api.h" 22 #include "gatt_int.h" 23 #include "srvc_eng_int.h" 24 #include "srvc_dis_int.h" 25 26 #if BLE_INCLUDED == TRUE 27 28 #define DIS_UUID_TO_ATTR_MASK(x) (UINT16)(1 << ((x) - GATT_UUID_SYSTEM_ID)) 29 30 #define DIS_MAX_NUM_INC_SVR 0 31 #define DIS_MAX_CHAR_NUM 9 32 #define DIS_MAX_ATTR_NUM (DIS_MAX_CHAR_NUM * 2 + DIS_MAX_NUM_INC_SVR + 1) 33 34 #ifndef DIS_ATTR_DB_SIZE 35 #define DIS_ATTR_DB_SIZE GATT_DB_MEM_SIZE(DIS_MAX_NUM_INC_SVR, DIS_MAX_CHAR_NUM, 0) 36 #endif 37 38 #define UINT64_TO_STREAM(p, u64) {*(p)++ = (UINT8)(u64); *(p)++ = (UINT8)((u64) >> 8);*(p)++ = (UINT8)((u64) >> 16); *(p)++ = (UINT8)((u64) >> 24); \ 39 *(p)++ = (UINT8)((u64) >> 32); *(p)++ = (UINT8)((u64) >> 40);*(p)++ = (UINT8)((u64) >> 48); *(p)++ = (UINT8)((u64) >> 56);} 40 41 #define STREAM_TO_UINT64(u64, p) {u64 = (((UINT64)(*(p))) + ((((UINT64)(*((p) + 1)))) << 8) + ((((UINT64)(*((p) + 2)))) << 16) + ((((UINT64)(*((p) + 3)))) << 24) \ 42 + ((((UINT64)(*((p) + 4)))) << 32) + ((((UINT64)(*((p) + 5)))) << 40) + ((((UINT64)(*((p) + 6)))) << 48) + ((((UINT64)(*((p) + 7)))) << 56)); (p) += 8;} 43 44 45 46 static const UINT16 dis_attr_uuid[DIS_MAX_CHAR_NUM] = 47 { 48 GATT_UUID_SYSTEM_ID, 49 GATT_UUID_MODEL_NUMBER_STR, 50 GATT_UUID_SERIAL_NUMBER_STR, 51 GATT_UUID_FW_VERSION_STR, 52 GATT_UUID_HW_VERSION_STR, 53 GATT_UUID_SW_VERSION_STR, 54 GATT_UUID_MANU_NAME, 55 GATT_UUID_IEEE_DATA, 56 GATT_UUID_PNP_ID 57 }; 58 59 tDIS_CB dis_cb; 60 /******************************************************************************* 61 ** dis_valid_handle_range 62 ** 63 ** validate a handle to be a DIS attribute handle or not. 64 *******************************************************************************/ 65 BOOLEAN dis_valid_handle_range(UINT16 handle) 66 { 67 if (handle >= dis_cb.service_handle && handle <= dis_cb.max_handle) 68 return TRUE; 69 else 70 return FALSE; 71 } 72 /******************************************************************************* 73 ** dis_write_attr_value 74 ** 75 ** Process write DIS attribute request. 76 *******************************************************************************/ 77 UINT8 dis_write_attr_value(tGATT_WRITE_REQ * p_data, tGATT_STATUS *p_status) 78 { 79 *p_status = GATT_WRITE_NOT_PERMIT; 80 return SRVC_ACT_RSP; 81 } 82 /******************************************************************************* 83 ** DIS Attributes Database Server Request callback 84 *******************************************************************************/ 85 UINT8 dis_read_attr_value (UINT8 clcb_idx, UINT16 handle, tGATT_VALUE *p_value, 86 BOOLEAN is_long, tGATT_STATUS *p_status) 87 { 88 tDIS_DB_ENTRY *p_db_attr = dis_cb.dis_attr; 89 UINT8 *p = p_value->value, i, *pp; 90 UINT16 offset = p_value->offset; 91 UINT8 act = SRVC_ACT_RSP; 92 tGATT_STATUS st = GATT_NOT_FOUND; 93 94 for (i = 0; i < DIS_MAX_CHAR_NUM; i ++, p_db_attr ++) 95 { 96 if (handle == p_db_attr->handle) 97 { 98 if ((p_db_attr->uuid == GATT_UUID_PNP_ID || p_db_attr->uuid == GATT_UUID_SYSTEM_ID)&& 99 is_long == TRUE) 100 { 101 st = GATT_NOT_LONG; 102 break; 103 } 104 st = GATT_SUCCESS; 105 106 switch (p_db_attr->uuid) 107 { 108 case GATT_UUID_MANU_NAME: 109 case GATT_UUID_MODEL_NUMBER_STR: 110 case GATT_UUID_SERIAL_NUMBER_STR: 111 case GATT_UUID_FW_VERSION_STR: 112 case GATT_UUID_HW_VERSION_STR: 113 case GATT_UUID_SW_VERSION_STR: 114 case GATT_UUID_IEEE_DATA: 115 pp = dis_cb.dis_value.data_string[p_db_attr->uuid - GATT_UUID_MODEL_NUMBER_STR]; 116 if (pp != NULL) 117 { 118 if (strlen ((char *)pp) > GATT_MAX_ATTR_LEN) 119 p_value->len = GATT_MAX_ATTR_LEN; 120 else 121 p_value->len = (UINT16)strlen ((char *)pp); 122 } 123 else 124 p_value->len = 0; 125 126 if (offset > p_value->len) 127 { 128 st = GATT_INVALID_OFFSET; 129 break; 130 } 131 else 132 { 133 p_value->len -= offset; 134 pp += offset; 135 ARRAY_TO_STREAM(p, pp, p_value->len); 136 GATT_TRACE_EVENT1("GATT_UUID_MANU_NAME len=0x%04x", p_value->len); 137 } 138 break; 139 140 141 case GATT_UUID_SYSTEM_ID: 142 UINT64_TO_STREAM(p, dis_cb.dis_value.system_id); /* int_min */ 143 p_value->len = DIS_SYSTEM_ID_SIZE; 144 break; 145 146 case GATT_UUID_PNP_ID: 147 UINT8_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id_src); 148 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id); 149 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_id); 150 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_version); 151 p_value->len = DIS_PNP_ID_SIZE; 152 break; 153 154 } 155 break; 156 } 157 } 158 *p_status = st; 159 return act; 160 } 161 162 /******************************************************************************* 163 ** 164 ** Function dis_gatt_c_read_dis_value_cmpl 165 ** 166 ** Description Client read DIS database complete callback. 167 ** 168 ** Returns void 169 ** 170 *******************************************************************************/ 171 void dis_gatt_c_read_dis_value_cmpl(UINT16 conn_id) 172 { 173 tSRVC_CLCB *p_clcb = srvc_eng_find_clcb_by_conn_id(conn_id); 174 175 dis_cb.dis_read_uuid_idx = 0xff; 176 177 srvc_eng_release_channel(conn_id); 178 179 if (dis_cb.p_read_dis_cback && p_clcb) 180 { 181 GATT_TRACE_ERROR1("dis_gatt_c_read_dis_value_cmpl: attr_mask = 0x%04x", p_clcb->dis_value.attr_mask); 182 GATT_TRACE_EVENT0("calling p_read_dis_cbackd"); 183 184 (*dis_cb.p_read_dis_cback)(p_clcb->bda, &p_clcb->dis_value); 185 dis_cb.p_read_dis_cback=NULL; 186 } 187 188 } 189 190 /******************************************************************************* 191 ** 192 ** Function dis_gatt_c_read_dis_req 193 ** 194 ** Description Read remote device DIS attribute request. 195 ** 196 ** Returns void 197 ** 198 *******************************************************************************/ 199 BOOLEAN dis_gatt_c_read_dis_req(UINT16 conn_id) 200 { 201 tGATT_READ_PARAM param; 202 203 memset(¶m, 0, sizeof(tGATT_READ_PARAM)); 204 205 param.service.uuid.len = LEN_UUID_16; 206 param.service.s_handle = 1; 207 param.service.e_handle = 0xFFFF; 208 param.service.auth_req = 0; 209 210 while (dis_cb.dis_read_uuid_idx < DIS_MAX_CHAR_NUM) 211 { 212 param.service.uuid.uu.uuid16 = dis_attr_uuid[dis_cb.dis_read_uuid_idx]; 213 214 if (GATTC_Read(conn_id, GATT_READ_BY_TYPE, ¶m) == GATT_SUCCESS) 215 { 216 return(TRUE); 217 } 218 else 219 { 220 GATT_TRACE_ERROR1 ("Read DISInfo: 0x%04x GATT_Read Failed", param.service.uuid.uu.uuid16); 221 dis_cb.dis_read_uuid_idx ++; 222 } 223 } 224 225 dis_gatt_c_read_dis_value_cmpl(conn_id); 226 227 return(FALSE); 228 } 229 230 /******************************************************************************* 231 ** 232 ** Function dis_c_cmpl_cback 233 ** 234 ** Description Client operation complete callback. 235 ** 236 ** Returns void 237 ** 238 *******************************************************************************/ 239 void dis_c_cmpl_cback (tSRVC_CLCB *p_clcb, tGATTC_OPTYPE op, 240 tGATT_STATUS status, tGATT_CL_COMPLETE *p_data) 241 { 242 UINT16 read_type = dis_attr_uuid[dis_cb.dis_read_uuid_idx]; 243 UINT8 *pp = NULL, *p_str; 244 UINT16 conn_id = p_clcb->conn_id; 245 246 GATT_TRACE_EVENT3 ("dis_c_cmpl_cback() - op_code: 0x%02x status: 0x%02x \ 247 read_type: 0x%04x", op, status, read_type); 248 249 if (op != GATTC_OPTYPE_READ) 250 return; 251 252 if (p_data != NULL && status == GATT_SUCCESS) 253 { 254 pp = p_data->att_value.value; 255 256 switch (read_type) 257 { 258 case GATT_UUID_SYSTEM_ID: 259 GATT_TRACE_EVENT0 ("DIS_ATTR_SYS_ID_BIT"); 260 if (p_data->att_value.len == DIS_SYSTEM_ID_SIZE) 261 { 262 p_clcb->dis_value.attr_mask |= DIS_ATTR_SYS_ID_BIT; 263 /* save system ID*/ 264 STREAM_TO_UINT64 (p_clcb->dis_value.system_id, pp); 265 } 266 break; 267 268 case GATT_UUID_PNP_ID: 269 if (p_data->att_value.len == DIS_PNP_ID_SIZE) 270 { 271 p_clcb->dis_value.attr_mask |= DIS_ATTR_PNP_ID_BIT; 272 STREAM_TO_UINT8 (p_clcb->dis_value.pnp_id.vendor_id_src, pp); 273 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.vendor_id, pp); 274 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.product_id, pp); 275 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.product_version, pp); 276 } 277 break; 278 279 case GATT_UUID_MODEL_NUMBER_STR: 280 case GATT_UUID_SERIAL_NUMBER_STR: 281 case GATT_UUID_FW_VERSION_STR: 282 case GATT_UUID_HW_VERSION_STR: 283 case GATT_UUID_SW_VERSION_STR: 284 case GATT_UUID_MANU_NAME: 285 case GATT_UUID_IEEE_DATA: 286 p_str = p_clcb->dis_value.data_string[read_type - GATT_UUID_MODEL_NUMBER_STR]; 287 if (p_str != NULL) 288 GKI_freebuf(p_str); 289 if ((p_str = (UINT8 *)GKI_getbuf((UINT16)(p_data->att_value.len + 1))) != NULL) 290 { 291 memset(p_str, 0, p_data->att_value.len + 1); 292 p_clcb->dis_value.attr_mask |= DIS_UUID_TO_ATTR_MASK (read_type); 293 memcpy(p_str, p_data->att_value.value, p_data->att_value.len); 294 } 295 break; 296 297 default: 298 break; 299 300 break; 301 }/* end switch */ 302 }/* end if */ 303 304 dis_cb.dis_read_uuid_idx ++; 305 306 dis_gatt_c_read_dis_req(conn_id); 307 } 308 309 310 /******************************************************************************* 311 ** 312 ** Function DIS_SrInit 313 ** 314 ** Description Initializa the Device Information Service Server. 315 ** 316 *******************************************************************************/ 317 tDIS_STATUS DIS_SrInit (tDIS_ATTR_MASK dis_attr_mask) 318 { 319 tBT_UUID uuid = {LEN_UUID_16, {UUID_SERVCLASS_DEVICE_INFO}}; 320 UINT16 i = 0; 321 tGATT_STATUS status; 322 tDIS_DB_ENTRY *p_db_attr = &dis_cb.dis_attr[0]; 323 324 if (dis_cb.enabled) 325 { 326 GATT_TRACE_ERROR0("DIS already initalized"); 327 return DIS_SUCCESS; 328 } 329 330 memset(&dis_cb, 0, sizeof(tDIS_CB)); 331 332 dis_cb.service_handle = GATTS_CreateService (srvc_eng_cb.gatt_if , &uuid, 0, DIS_MAX_ATTR_NUM, TRUE); 333 334 if (dis_cb.service_handle == 0) 335 { 336 GATT_TRACE_ERROR0("Can not create service, DIS_Init failed!"); 337 return GATT_ERROR; 338 } 339 dis_cb.max_handle = dis_cb.service_handle + DIS_MAX_ATTR_NUM; 340 341 while (dis_attr_mask != 0 && i < DIS_MAX_CHAR_NUM) 342 { 343 /* add Manufacturer name 344 */ 345 uuid.uu.uuid16 = p_db_attr->uuid = dis_attr_uuid[i]; 346 p_db_attr->handle = GATTS_AddCharacteristic(dis_cb.service_handle, &uuid, GATT_PERM_READ, GATT_CHAR_PROP_BIT_READ); 347 GATT_TRACE_DEBUG2 ("DIS_SrInit: handle of new attribute 0x%04 = x%d", uuid.uu.uuid16, p_db_attr->handle ); 348 p_db_attr ++; 349 i ++; 350 dis_attr_mask >>= 1; 351 } 352 353 /* start service 354 */ 355 status = GATTS_StartService (srvc_eng_cb.gatt_if, dis_cb.service_handle, GATT_TRANSPORT_LE_BR_EDR); 356 357 dis_cb.enabled = TRUE; 358 359 return (tDIS_STATUS) status; 360 } 361 /******************************************************************************* 362 ** 363 ** Function DIS_SrUpdate 364 ** 365 ** Description Update the DIS server attribute values 366 ** 367 *******************************************************************************/ 368 tDIS_STATUS DIS_SrUpdate(tDIS_ATTR_BIT dis_attr_bit, tDIS_ATTR *p_info) 369 { 370 UINT8 i = 1; 371 tDIS_STATUS st = DIS_SUCCESS; 372 373 if (dis_attr_bit & DIS_ATTR_SYS_ID_BIT) 374 { 375 dis_cb.dis_value.system_id = p_info->system_id; 376 } 377 else if (dis_attr_bit & DIS_ATTR_PNP_ID_BIT) 378 { 379 dis_cb.dis_value.pnp_id.vendor_id = p_info->pnp_id.vendor_id; 380 dis_cb.dis_value.pnp_id.vendor_id_src = p_info->pnp_id.vendor_id_src; 381 dis_cb.dis_value.pnp_id.product_id = p_info->pnp_id.product_id; 382 dis_cb.dis_value.pnp_id.product_version = p_info->pnp_id.product_version; 383 } 384 else 385 { 386 st = DIS_ILLEGAL_PARAM; 387 388 while (dis_attr_bit && i < (DIS_MAX_CHAR_NUM -1 )) 389 { 390 if (dis_attr_bit & (UINT16)(1 << i)) 391 { 392 if (dis_cb.dis_value.data_string[i - 1] != NULL) 393 GKI_freebuf(dis_cb.dis_value.data_string[i]); 394 /* coverity[OVERRUN-STATIC] False-positive : when i = 8, (1 << i) == DIS_ATTR_PNP_ID_BIT, and it will never come down here 395 CID 49902: Out-of-bounds read (OVERRUN_STATIC) 396 Overrunning static array "dis_cb.dis_value.data_string", with 7 elements, at position 7 with index variable "i". 397 */ 398 if ((dis_cb.dis_value.data_string[i - 1] = (UINT8 *)GKI_getbuf((UINT16)(p_info->data_str.len + 1))) != NULL) 399 { 400 memset(dis_cb.dis_value.data_string[i - 1], 0, p_info->data_str.len + 1); /* make sure null terminate */ 401 memcpy(dis_cb.dis_value.data_string[i - 1], p_info->data_str.p_data, p_info->data_str.len); 402 st = DIS_SUCCESS; 403 } 404 else 405 st = DIS_NO_RESOURCES; 406 407 break; 408 } 409 i ++; 410 } 411 } 412 return st; 413 } 414 /******************************************************************************* 415 ** 416 ** Function DIS_ReadDISInfo 417 ** 418 ** Description Read remote device DIS information. 419 ** 420 ** Returns void 421 ** 422 *******************************************************************************/ 423 BOOLEAN DIS_ReadDISInfo(BD_ADDR peer_bda, tDIS_READ_CBACK *p_cback) 424 { 425 UINT16 conn_id; 426 427 /* For now we only handle one at a time */ 428 if (dis_cb.dis_read_uuid_idx != 0xff) 429 return(FALSE); 430 431 if (p_cback == NULL) 432 return(FALSE); 433 434 dis_cb.p_read_dis_cback = p_cback; 435 /* Mark currently active operation */ 436 dis_cb.dis_read_uuid_idx = 0; 437 438 GATT_TRACE_EVENT3 ("DIS_ReadDISInfo() - BDA: %08x%04x cl_read_uuid: 0x%04x", 439 (peer_bda[0]<<24)+(peer_bda[1]<<16)+(peer_bda[2]<<8)+peer_bda[3], 440 (peer_bda[4]<<8)+peer_bda[5], dis_attr_uuid[dis_cb.dis_read_uuid_idx]); 441 442 443 GATT_GetConnIdIfConnected(srvc_eng_cb.gatt_if, peer_bda, &conn_id); 444 445 /* need to enhance it as multiple service is needed */ 446 srvc_eng_request_channel(peer_bda, SRVC_ID_DIS); 447 448 if (conn_id == GATT_INVALID_CONN_ID) 449 { 450 return GATT_Connect(srvc_eng_cb.gatt_if, peer_bda, TRUE); 451 } 452 453 return dis_gatt_c_read_dis_req(conn_id); 454 455 } 456 #endif /* BLE_INCLUDED */ 457 458 459
