1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2013 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include "bt_target.h" 20 #include "bt_utils.h" 21 #include "gatt_api.h" 22 #include "gatt_int.h" 23 #include "srvc_eng_int.h" 24 #include "srvc_dis_int.h" 25 26 #define LOG_TAG "bt_srvc" 27 #include "osi/include/log.h" 28 29 #if BLE_INCLUDED == TRUE 30 31 #define DIS_MAX_NUM_INC_SVR 0 32 #define DIS_MAX_CHAR_NUM 9 33 #define DIS_MAX_ATTR_NUM (DIS_MAX_CHAR_NUM * 2 + DIS_MAX_NUM_INC_SVR + 1) 34 35 #ifndef DIS_ATTR_DB_SIZE 36 #define DIS_ATTR_DB_SIZE GATT_DB_MEM_SIZE(DIS_MAX_NUM_INC_SVR, DIS_MAX_CHAR_NUM, 0) 37 #endif 38 39 #define UINT64_TO_STREAM(p, u64) {*(p)++ = (UINT8)(u64); *(p)++ = (UINT8)((u64) >> 8);*(p)++ = (UINT8)((u64) >> 16); *(p)++ = (UINT8)((u64) >> 24); \ 40 *(p)++ = (UINT8)((u64) >> 32); *(p)++ = (UINT8)((u64) >> 40);*(p)++ = (UINT8)((u64) >> 48); *(p)++ = (UINT8)((u64) >> 56);} 41 42 #define STREAM_TO_UINT64(u64, p) {u64 = (((UINT64)(*(p))) + ((((UINT64)(*((p) + 1)))) << 8) + ((((UINT64)(*((p) + 2)))) << 16) + ((((UINT64)(*((p) + 3)))) << 24) \ 43 + ((((UINT64)(*((p) + 4)))) << 32) + ((((UINT64)(*((p) + 5)))) << 40) + ((((UINT64)(*((p) + 6)))) << 48) + ((((UINT64)(*((p) + 7)))) << 56)); (p) += 8;} 44 45 46 47 static const UINT16 dis_attr_uuid[DIS_MAX_CHAR_NUM] = 48 { 49 GATT_UUID_SYSTEM_ID, 50 GATT_UUID_MODEL_NUMBER_STR, 51 GATT_UUID_SERIAL_NUMBER_STR, 52 GATT_UUID_FW_VERSION_STR, 53 GATT_UUID_HW_VERSION_STR, 54 GATT_UUID_SW_VERSION_STR, 55 GATT_UUID_MANU_NAME, 56 GATT_UUID_IEEE_DATA, 57 GATT_UUID_PNP_ID 58 }; 59 60 tDIS_CB dis_cb; 61 62 static tDIS_ATTR_MASK dis_uuid_to_attr(UINT16 uuid) 63 { 64 switch (uuid) 65 { 66 case GATT_UUID_SYSTEM_ID: 67 return DIS_ATTR_SYS_ID_BIT; 68 case GATT_UUID_MODEL_NUMBER_STR: 69 return DIS_ATTR_MODEL_NUM_BIT; 70 case GATT_UUID_SERIAL_NUMBER_STR: 71 return DIS_ATTR_SERIAL_NUM_BIT; 72 case GATT_UUID_FW_VERSION_STR: 73 return DIS_ATTR_FW_NUM_BIT; 74 case GATT_UUID_HW_VERSION_STR: 75 return DIS_ATTR_HW_NUM_BIT; 76 case GATT_UUID_SW_VERSION_STR: 77 return DIS_ATTR_SW_NUM_BIT; 78 case GATT_UUID_MANU_NAME: 79 return DIS_ATTR_MANU_NAME_BIT; 80 case GATT_UUID_IEEE_DATA: 81 return DIS_ATTR_IEEE_DATA_BIT; 82 case GATT_UUID_PNP_ID: 83 return DIS_ATTR_PNP_ID_BIT; 84 default: 85 return 0; 86 }; 87 } 88 89 /******************************************************************************* 90 ** dis_valid_handle_range 91 ** 92 ** validate a handle to be a DIS attribute handle or not. 93 *******************************************************************************/ 94 BOOLEAN dis_valid_handle_range(UINT16 handle) 95 { 96 if (handle >= dis_cb.service_handle && handle <= dis_cb.max_handle) 97 return TRUE; 98 else 99 return FALSE; 100 } 101 /******************************************************************************* 102 ** dis_write_attr_value 103 ** 104 ** Process write DIS attribute request. 105 *******************************************************************************/ 106 UINT8 dis_write_attr_value(tGATT_WRITE_REQ * p_data, tGATT_STATUS *p_status) 107 { 108 UNUSED(p_data); 109 110 *p_status = GATT_WRITE_NOT_PERMIT; 111 return SRVC_ACT_RSP; 112 } 113 /******************************************************************************* 114 ** DIS Attributes Database Server Request callback 115 *******************************************************************************/ 116 UINT8 dis_read_attr_value (UINT8 clcb_idx, UINT16 handle, tGATT_VALUE *p_value, 117 BOOLEAN is_long, tGATT_STATUS *p_status) 118 { 119 tDIS_DB_ENTRY *p_db_attr = dis_cb.dis_attr; 120 UINT8 *p = p_value->value, i, *pp; 121 UINT16 offset = p_value->offset; 122 UINT8 act = SRVC_ACT_RSP; 123 tGATT_STATUS st = GATT_NOT_FOUND; 124 UNUSED(clcb_idx); 125 126 for (i = 0; i < DIS_MAX_CHAR_NUM; i ++, p_db_attr ++) 127 { 128 if (handle == p_db_attr->handle) 129 { 130 if ((p_db_attr->uuid == GATT_UUID_PNP_ID || p_db_attr->uuid == GATT_UUID_SYSTEM_ID)&& 131 is_long == TRUE) 132 { 133 st = GATT_NOT_LONG; 134 break; 135 } 136 st = GATT_SUCCESS; 137 138 switch (p_db_attr->uuid) 139 { 140 case GATT_UUID_MANU_NAME: 141 case GATT_UUID_MODEL_NUMBER_STR: 142 case GATT_UUID_SERIAL_NUMBER_STR: 143 case GATT_UUID_FW_VERSION_STR: 144 case GATT_UUID_HW_VERSION_STR: 145 case GATT_UUID_SW_VERSION_STR: 146 case GATT_UUID_IEEE_DATA: 147 pp = dis_cb.dis_value.data_string[p_db_attr->uuid - GATT_UUID_MODEL_NUMBER_STR]; 148 if (pp != NULL) 149 { 150 if (strlen ((char *)pp) > GATT_MAX_ATTR_LEN) 151 p_value->len = GATT_MAX_ATTR_LEN; 152 else 153 p_value->len = (UINT16)strlen ((char *)pp); 154 } 155 else 156 p_value->len = 0; 157 158 if (offset > p_value->len) 159 { 160 st = GATT_INVALID_OFFSET; 161 break; 162 } 163 else 164 { 165 p_value->len -= offset; 166 pp += offset; 167 ARRAY_TO_STREAM(p, pp, p_value->len); 168 GATT_TRACE_EVENT("GATT_UUID_MANU_NAME len=0x%04x", p_value->len); 169 } 170 break; 171 172 173 case GATT_UUID_SYSTEM_ID: 174 UINT64_TO_STREAM(p, dis_cb.dis_value.system_id); /* int_min */ 175 p_value->len = DIS_SYSTEM_ID_SIZE; 176 break; 177 178 case GATT_UUID_PNP_ID: 179 UINT8_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id_src); 180 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id); 181 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_id); 182 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_version); 183 p_value->len = DIS_PNP_ID_SIZE; 184 break; 185 186 } 187 break; 188 } 189 } 190 *p_status = st; 191 return act; 192 } 193 194 /******************************************************************************* 195 ** 196 ** Function dis_gatt_c_read_dis_value_cmpl 197 ** 198 ** Description Client read DIS database complete callback. 199 ** 200 ** Returns void 201 ** 202 *******************************************************************************/ 203 static void dis_gatt_c_read_dis_value_cmpl(UINT16 conn_id) 204 { 205 tSRVC_CLCB *p_clcb = srvc_eng_find_clcb_by_conn_id(conn_id); 206 207 dis_cb.dis_read_uuid_idx = 0xff; 208 209 srvc_eng_release_channel(conn_id); 210 211 if (dis_cb.p_read_dis_cback && p_clcb) 212 { 213 LOG_INFO("%s conn_id:%d attr_mask = 0x%04x", __func__, conn_id, 214 p_clcb->dis_value.attr_mask); 215 216 (*dis_cb.p_read_dis_cback)(p_clcb->bda, &p_clcb->dis_value); 217 dis_cb.p_read_dis_cback = NULL; 218 } 219 } 220 221 /******************************************************************************* 222 ** 223 ** Function dis_gatt_c_read_dis_req 224 ** 225 ** Description Read remote device DIS attribute request. 226 ** 227 ** Returns void 228 ** 229 *******************************************************************************/ 230 BOOLEAN dis_gatt_c_read_dis_req(UINT16 conn_id) 231 { 232 tGATT_READ_PARAM param; 233 234 memset(¶m, 0, sizeof(tGATT_READ_PARAM)); 235 236 param.service.uuid.len = LEN_UUID_16; 237 param.service.s_handle = 1; 238 param.service.e_handle = 0xFFFF; 239 param.service.auth_req = 0; 240 241 while (dis_cb.dis_read_uuid_idx < DIS_MAX_CHAR_NUM) 242 { 243 if (dis_uuid_to_attr(dis_attr_uuid[dis_cb.dis_read_uuid_idx]) & 244 dis_cb.request_mask) 245 { 246 param.service.uuid.uu.uuid16 = dis_attr_uuid[dis_cb.dis_read_uuid_idx]; 247 248 if (GATTC_Read(conn_id, GATT_READ_BY_TYPE, ¶m) == GATT_SUCCESS) 249 return TRUE; 250 251 GATT_TRACE_ERROR ("Read DISInfo: 0x%04x GATT_Read Failed", param.service.uuid.uu.uuid16); 252 } 253 254 dis_cb.dis_read_uuid_idx++; 255 } 256 257 dis_gatt_c_read_dis_value_cmpl(conn_id); 258 259 return(FALSE); 260 } 261 262 /******************************************************************************* 263 ** 264 ** Function dis_c_cmpl_cback 265 ** 266 ** Description Client operation complete callback. 267 ** 268 ** Returns void 269 ** 270 *******************************************************************************/ 271 void dis_c_cmpl_cback (tSRVC_CLCB *p_clcb, tGATTC_OPTYPE op, 272 tGATT_STATUS status, tGATT_CL_COMPLETE *p_data) 273 { 274 UINT16 read_type = dis_attr_uuid[dis_cb.dis_read_uuid_idx]; 275 UINT8 *pp = NULL, *p_str; 276 UINT16 conn_id = p_clcb->conn_id; 277 278 GATT_TRACE_EVENT ("dis_c_cmpl_cback() - op_code: 0x%02x status: 0x%02x \ 279 read_type: 0x%04x", op, status, read_type); 280 281 if (op != GATTC_OPTYPE_READ) 282 return; 283 284 if (p_data != NULL && status == GATT_SUCCESS) 285 { 286 pp = p_data->att_value.value; 287 288 switch (read_type) 289 { 290 case GATT_UUID_SYSTEM_ID: 291 GATT_TRACE_EVENT ("DIS_ATTR_SYS_ID_BIT"); 292 if (p_data->att_value.len == DIS_SYSTEM_ID_SIZE) 293 { 294 p_clcb->dis_value.attr_mask |= DIS_ATTR_SYS_ID_BIT; 295 /* save system ID*/ 296 STREAM_TO_UINT64 (p_clcb->dis_value.system_id, pp); 297 } 298 break; 299 300 case GATT_UUID_PNP_ID: 301 if (p_data->att_value.len == DIS_PNP_ID_SIZE) 302 { 303 p_clcb->dis_value.attr_mask |= DIS_ATTR_PNP_ID_BIT; 304 STREAM_TO_UINT8 (p_clcb->dis_value.pnp_id.vendor_id_src, pp); 305 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.vendor_id, pp); 306 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.product_id, pp); 307 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.product_version, pp); 308 } 309 break; 310 311 case GATT_UUID_MODEL_NUMBER_STR: 312 case GATT_UUID_SERIAL_NUMBER_STR: 313 case GATT_UUID_FW_VERSION_STR: 314 case GATT_UUID_HW_VERSION_STR: 315 case GATT_UUID_SW_VERSION_STR: 316 case GATT_UUID_MANU_NAME: 317 case GATT_UUID_IEEE_DATA: 318 p_str = p_clcb->dis_value.data_string[read_type - GATT_UUID_MODEL_NUMBER_STR]; 319 if (p_str != NULL) 320 GKI_freebuf(p_str); 321 if ((p_str = (UINT8 *)GKI_getbuf((UINT16)(p_data->att_value.len + 1))) != NULL) 322 { 323 p_clcb->dis_value.attr_mask |= dis_uuid_to_attr(read_type); 324 memcpy(p_str, p_data->att_value.value, p_data->att_value.len); 325 p_str[p_data->att_value.len] = 0; 326 p_clcb->dis_value.data_string[read_type - GATT_UUID_MODEL_NUMBER_STR] = p_str; 327 } 328 break; 329 330 default: 331 break; 332 333 break; 334 }/* end switch */ 335 }/* end if */ 336 337 dis_cb.dis_read_uuid_idx ++; 338 339 dis_gatt_c_read_dis_req(conn_id); 340 } 341 342 343 /******************************************************************************* 344 ** 345 ** Function DIS_SrInit 346 ** 347 ** Description Initialize the Device Information Service Server. 348 ** 349 *******************************************************************************/ 350 tDIS_STATUS DIS_SrInit (tDIS_ATTR_MASK dis_attr_mask) 351 { 352 tBT_UUID uuid = {LEN_UUID_16, {UUID_SERVCLASS_DEVICE_INFO}}; 353 UINT16 i = 0; 354 tGATT_STATUS status; 355 tDIS_DB_ENTRY *p_db_attr = &dis_cb.dis_attr[0]; 356 357 if (dis_cb.enabled) 358 { 359 GATT_TRACE_ERROR("DIS already initalized"); 360 return DIS_SUCCESS; 361 } 362 363 memset(&dis_cb, 0, sizeof(tDIS_CB)); 364 365 dis_cb.service_handle = GATTS_CreateService (srvc_eng_cb.gatt_if , &uuid, 0, DIS_MAX_ATTR_NUM, TRUE); 366 367 if (dis_cb.service_handle == 0) 368 { 369 GATT_TRACE_ERROR("Can not create service, DIS_Init failed!"); 370 return GATT_ERROR; 371 } 372 dis_cb.max_handle = dis_cb.service_handle + DIS_MAX_ATTR_NUM; 373 374 while (dis_attr_mask != 0 && i < DIS_MAX_CHAR_NUM) 375 { 376 /* add Manufacturer name 377 */ 378 uuid.uu.uuid16 = p_db_attr->uuid = dis_attr_uuid[i]; 379 p_db_attr->handle = GATTS_AddCharacteristic(dis_cb.service_handle, &uuid, GATT_PERM_READ, GATT_CHAR_PROP_BIT_READ); 380 GATT_TRACE_DEBUG ("DIS_SrInit: handle of new attribute 0x%04 = x%d", uuid.uu.uuid16, p_db_attr->handle ); 381 p_db_attr ++; 382 i ++; 383 dis_attr_mask >>= 1; 384 } 385 386 /* start service 387 */ 388 status = GATTS_StartService (srvc_eng_cb.gatt_if, dis_cb.service_handle, GATT_TRANSPORT_LE_BR_EDR); 389 390 dis_cb.enabled = TRUE; 391 392 return (tDIS_STATUS) status; 393 } 394 /******************************************************************************* 395 ** 396 ** Function DIS_SrUpdate 397 ** 398 ** Description Update the DIS server attribute values 399 ** 400 *******************************************************************************/ 401 tDIS_STATUS DIS_SrUpdate(tDIS_ATTR_BIT dis_attr_bit, tDIS_ATTR *p_info) 402 { 403 UINT8 i = 1; 404 tDIS_STATUS st = DIS_SUCCESS; 405 406 if (dis_attr_bit & DIS_ATTR_SYS_ID_BIT) 407 { 408 dis_cb.dis_value.system_id = p_info->system_id; 409 } 410 else if (dis_attr_bit & DIS_ATTR_PNP_ID_BIT) 411 { 412 dis_cb.dis_value.pnp_id.vendor_id = p_info->pnp_id.vendor_id; 413 dis_cb.dis_value.pnp_id.vendor_id_src = p_info->pnp_id.vendor_id_src; 414 dis_cb.dis_value.pnp_id.product_id = p_info->pnp_id.product_id; 415 dis_cb.dis_value.pnp_id.product_version = p_info->pnp_id.product_version; 416 } 417 else 418 { 419 st = DIS_ILLEGAL_PARAM; 420 421 while (dis_attr_bit && i < (DIS_MAX_CHAR_NUM -1 )) 422 { 423 if (dis_attr_bit & (UINT16)(1 << i)) 424 { 425 if (dis_cb.dis_value.data_string[i - 1] != NULL) 426 GKI_freebuf(dis_cb.dis_value.data_string[i - 1]); 427 /* coverity[OVERRUN-STATIC] False-positive : when i = 8, (1 << i) == DIS_ATTR_PNP_ID_BIT, and it will never come down here 428 CID 49902: Out-of-bounds read (OVERRUN_STATIC) 429 Overrunning static array "dis_cb.dis_value.data_string", with 7 elements, at position 7 with index variable "i". 430 */ 431 if ((dis_cb.dis_value.data_string[i - 1] = (UINT8 *)GKI_getbuf((UINT16)(p_info->data_str.len + 1))) != NULL) 432 { 433 434 memcpy(dis_cb.dis_value.data_string[i - 1], p_info->data_str.p_data, p_info->data_str.len); 435 dis_cb.dis_value.data_string[i - 1][p_info->data_str.len] = 0; /* make sure null terminate */ 436 st = DIS_SUCCESS; 437 } 438 else 439 st = DIS_NO_RESOURCES; 440 441 break; 442 } 443 i ++; 444 } 445 } 446 return st; 447 } 448 /******************************************************************************* 449 ** 450 ** Function DIS_ReadDISInfo 451 ** 452 ** Description Read remote device DIS information. 453 ** 454 ** Returns void 455 ** 456 *******************************************************************************/ 457 BOOLEAN DIS_ReadDISInfo(BD_ADDR peer_bda, tDIS_READ_CBACK *p_cback, tDIS_ATTR_MASK mask) 458 { 459 UINT16 conn_id; 460 461 /* Initialize the DIS client if it hasn't been initialized already. */ 462 srvc_eng_init(); 463 464 /* For now we only handle one at a time */ 465 if (dis_cb.dis_read_uuid_idx != 0xff) 466 return(FALSE); 467 468 if (p_cback == NULL) 469 return(FALSE); 470 471 dis_cb.p_read_dis_cback = p_cback; 472 /* Mark currently active operation */ 473 dis_cb.dis_read_uuid_idx = 0; 474 475 dis_cb.request_mask = mask; 476 477 GATT_TRACE_EVENT ("DIS_ReadDISInfo() - BDA: %08x%04x cl_read_uuid: 0x%04x", 478 (peer_bda[0]<<24)+(peer_bda[1]<<16)+(peer_bda[2]<<8)+peer_bda[3], 479 (peer_bda[4]<<8)+peer_bda[5], dis_attr_uuid[dis_cb.dis_read_uuid_idx]); 480 481 482 GATT_GetConnIdIfConnected(srvc_eng_cb.gatt_if, peer_bda, &conn_id, BT_TRANSPORT_LE); 483 484 /* need to enhance it as multiple service is needed */ 485 srvc_eng_request_channel(peer_bda, SRVC_ID_DIS); 486 487 if (conn_id == GATT_INVALID_CONN_ID) 488 { 489 return GATT_Connect(srvc_eng_cb.gatt_if, peer_bda, TRUE, BT_TRANSPORT_LE); 490 } 491 492 return dis_gatt_c_read_dis_req(conn_id); 493 494 } 495 #endif /* BLE_INCLUDED */ 496 497 498
