Home | History | Annotate | Download | only in nfc
      1 /******************************************************************************
      2  *
      3  *  Copyright (C) 1999-2014 Broadcom Corporation
      4  *
      5  *  Licensed under the Apache License, Version 2.0 (the "License");
      6  *  you may not use this file except in compliance with the License.
      7  *  You may obtain a copy of the License at:
      8  *
      9  *  http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  *
     17  ******************************************************************************/
     18 
     19 /******************************************************************************
     20  *
     21  *  This file contains functions that interface with the NFC NCI transport.
     22  *  On the receive side, it routes events to the appropriate handler
     23  *  (callback). On the transmit side, it manages the command transmission.
     24  *
     25  ******************************************************************************/
     26 #include <android-base/stringprintf.h>
     27 #include <base/logging.h>
     28 #include <metricslogger/metrics_logger.h>
     29 
     30 #include "nfc_target.h"
     31 
     32 #include "include/debug_nfcsnoop.h"
     33 #include "nci_defs.h"
     34 #include "nci_hmsgs.h"
     35 #include "nfc_api.h"
     36 #include "nfc_int.h"
     37 #include "rw_api.h"
     38 #include "rw_int.h"
     39 
     40 using android::base::StringPrintf;
     41 
     42 #if (NFC_RW_ONLY == FALSE)
     43 static const uint8_t nfc_mpl_code_to_size[] = {64, 128, 192, 254};
     44 
     45 #endif /* NFC_RW_ONLY */
     46 #if (APPL_DTA_MODE == TRUE)
     47 // Global Structure varibale for FW Version
     48 static tNFC_FW_VERSION nfc_fw_version;
     49 #endif
     50 #define NFC_PB_ATTRIB_REQ_FIXED_BYTES 1
     51 #define NFC_LB_ATTRIB_REQ_FIXED_BYTES 8
     52 
     53 extern unsigned char appl_dta_mode_flag;
     54 extern bool nfc_debug_enabled;
     55 
     56 /*******************************************************************************
     57 **
     58 ** Function         nfc_ncif_update_window
     59 **
     60 ** Description      Update tx cmd window to indicate that NFCC can received
     61 **
     62 ** Returns          void
     63 **
     64 *******************************************************************************/
     65 void nfc_ncif_update_window(void) {
     66   /* Sanity check - see if we were expecting a update_window */
     67   if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
     68     if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE) {
     69       LOG(ERROR) << StringPrintf("nfc_ncif_update_window: Unexpected call");
     70     }
     71     return;
     72   }
     73 
     74   /* Stop command-pending timer */
     75   nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
     76 
     77   nfc_cb.p_vsc_cback = NULL;
     78   nfc_cb.nci_cmd_window++;
     79 
     80   /* Check if there were any commands waiting to be sent */
     81   nfc_ncif_check_cmd_queue(NULL);
     82 }
     83 
     84 /*******************************************************************************
     85 **
     86 ** Function         nfc_ncif_cmd_timeout
     87 **
     88 ** Description      Handle a command timeout
     89 **
     90 ** Returns          void
     91 **
     92 *******************************************************************************/
     93 void nfc_ncif_cmd_timeout(void) {
     94   LOG(ERROR) << StringPrintf("nfc_ncif_cmd_timeout");
     95 
     96   /* report an error */
     97   nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
     98   nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
     99 
    100   /* if enabling NFC, notify upper layer of failure */
    101   if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
    102     nfc_enabled(NFC_STATUS_FAILED, NULL);
    103   }
    104 
    105   /* XXX maco since this failure is unrecoverable, abort the process */
    106   abort();
    107 }
    108 
    109 /*******************************************************************************
    110 **
    111 ** Function         nfc_wait_2_deactivate_timeout
    112 **
    113 ** Description      Handle a command timeout
    114 **
    115 ** Returns          void
    116 **
    117 *******************************************************************************/
    118 void nfc_wait_2_deactivate_timeout(void) {
    119   LOG(ERROR) << StringPrintf("nfc_wait_2_deactivate_timeout");
    120   nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
    121   nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
    122 }
    123 
    124 /*******************************************************************************
    125 **
    126 ** Function         nfc_ncif_send_data
    127 **
    128 ** Description      This function is called to add the NCI data header
    129 **                  and send it to NCIT task for sending it to transport
    130 **                  as credits are available.
    131 **
    132 ** Returns          void
    133 **
    134 *******************************************************************************/
    135 uint8_t nfc_ncif_send_data(tNFC_CONN_CB* p_cb, NFC_HDR* p_data) {
    136   uint8_t* pp;
    137   uint8_t* ps;
    138   uint8_t ulen = NCI_MAX_PAYLOAD_SIZE;
    139   NFC_HDR* p;
    140   uint8_t pbf = 1;
    141   uint8_t buffer_size = p_cb->buff_size;
    142   uint8_t hdr0 = p_cb->conn_id;
    143   bool fragmented = false;
    144 
    145   DLOG_IF(INFO, nfc_debug_enabled)
    146       << StringPrintf("nfc_ncif_send_data :%d, num_buff:%d qc:%d",
    147                       p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
    148   if (p_cb->id == NFC_RF_CONN_ID) {
    149     if (nfc_cb.nfc_state != NFC_STATE_OPEN) {
    150       if (nfc_cb.nfc_state == NFC_STATE_CLOSING) {
    151         if ((p_data == NULL) && /* called because credit from NFCC */
    152             (nfc_cb.flags & NFC_FL_DEACTIVATING)) {
    153           if (p_cb->init_credits == p_cb->num_buff) {
    154             /* all the credits are back */
    155             nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
    156             DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
    157                 "deactivating NFC-DEP init_credits:%d, num_buff:%d",
    158                 p_cb->init_credits, p_cb->num_buff);
    159             nfc_stop_timer(&nfc_cb.deactivate_timer);
    160             nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
    161           }
    162         }
    163       }
    164       return NCI_STATUS_FAILED;
    165     }
    166   }
    167 
    168   if (p_data) {
    169     /* always enqueue the data to the tx queue */
    170     GKI_enqueue(&p_cb->tx_q, p_data);
    171   }
    172 
    173   /* try to send the first data packet in the tx queue  */
    174   p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
    175 
    176   /* post data fragment to NCIT task as credits are available */
    177   while (p_data && (p_data->len >= 0) && (p_cb->num_buff > 0)) {
    178     if (p_data->len <= buffer_size) {
    179       pbf = 0; /* last fragment */
    180       ulen = (uint8_t)(p_data->len);
    181       fragmented = false;
    182     } else {
    183       fragmented = true;
    184       ulen = buffer_size;
    185     }
    186 
    187     if (!fragmented) {
    188       /* if data packet is not fragmented, use the original buffer */
    189       p = p_data;
    190       p_data = (NFC_HDR*)GKI_dequeue(&p_cb->tx_q);
    191     } else {
    192       /* the data packet is too big and need to be fragmented
    193        * prepare a new GKI buffer
    194        * (even the last fragment to avoid issues) */
    195       p = NCI_GET_CMD_BUF(ulen);
    196       if (p == NULL) return (NCI_STATUS_BUFFER_FULL);
    197       p->len = ulen;
    198       p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
    199       if (p->len) {
    200         pp = (uint8_t*)(p + 1) + p->offset;
    201         ps = (uint8_t*)(p_data + 1) + p_data->offset;
    202         memcpy(pp, ps, ulen);
    203       }
    204       /* adjust the NFC_HDR on the old fragment */
    205       p_data->len -= ulen;
    206       p_data->offset += ulen;
    207     }
    208 
    209     p->event = BT_EVT_TO_NFC_NCI;
    210     p->layer_specific = pbf;
    211     p->len += NCI_DATA_HDR_SIZE;
    212     p->offset -= NCI_DATA_HDR_SIZE;
    213     pp = (uint8_t*)(p + 1) + p->offset;
    214     /* build NCI Data packet header */
    215     NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
    216 
    217     if (p_cb->num_buff != NFC_CONN_NO_FC) p_cb->num_buff--;
    218 
    219     /* send to HAL */
    220     HAL_WRITE(p);
    221     nfcsnoop_capture(p, false);
    222 
    223     if (!fragmented) {
    224       /* check if there are more data to send */
    225       p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
    226     }
    227   }
    228 
    229   return (NCI_STATUS_OK);
    230 }
    231 
    232 /*******************************************************************************
    233 **
    234 ** Function         nfc_ncif_check_cmd_queue
    235 **
    236 ** Description      Send NCI command to the transport
    237 **
    238 ** Returns          void
    239 **
    240 *******************************************************************************/
    241 void nfc_ncif_check_cmd_queue(NFC_HDR* p_buf) {
    242   uint8_t* ps;
    243   /* If there are commands waiting in the xmit queue, or if the controller
    244    * cannot accept any more commands, */
    245   /* then enqueue this command */
    246   if (p_buf) {
    247     if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0)) {
    248       GKI_enqueue(&nfc_cb.nci_cmd_xmit_q, p_buf);
    249       p_buf = NULL;
    250     }
    251   }
    252 
    253   /* If controller can accept another command, then send the next command */
    254   if (nfc_cb.nci_cmd_window > 0) {
    255     /* If no command was provided, or if older commands were in the queue, then
    256      * get cmd from the queue */
    257     if (!p_buf) p_buf = (NFC_HDR*)GKI_dequeue(&nfc_cb.nci_cmd_xmit_q);
    258 
    259     if (p_buf) {
    260       /* save the message header to double check the response */
    261       ps = (uint8_t*)(p_buf + 1) + p_buf->offset;
    262       memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
    263       memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
    264       if (p_buf->layer_specific == NFC_WAIT_RSP_VSC) {
    265         /* save the callback for NCI VSCs)  */
    266         nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
    267       } else if (p_buf->layer_specific == NFC_WAIT_RSP_RAW_VS) {
    268         /* save the callback for RAW VS */
    269         nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
    270         nfc_cb.rawVsCbflag = true;
    271       }
    272 
    273       /* Indicate command is pending */
    274       nfc_cb.nci_cmd_window--;
    275 
    276       /* send to HAL */
    277       HAL_WRITE(p_buf);
    278       /* start NFC command-timeout timer */
    279       nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
    280                       (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
    281                       nfc_cb.nci_wait_rsp_tout);
    282     }
    283   }
    284 
    285   if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
    286     /* the command queue must be empty now */
    287     if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED) {
    288       /* HAL requested control or stack needs to handle pre-discover */
    289       nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
    290       if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
    291         if (nfc_cb.p_hal->prediscover()) {
    292           /* HAL has the command window now */
    293           nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
    294           nfc_cb.nci_cmd_window = 0;
    295         } else {
    296           /* HAL does not need to send command,
    297            * - restore the command window and issue the discovery command now */
    298           nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
    299           ps = (uint8_t*)nfc_cb.p_disc_pending;
    300           nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
    301           GKI_freebuf(nfc_cb.p_disc_pending);
    302           nfc_cb.p_disc_pending = NULL;
    303         }
    304       } else if (nfc_cb.flags & NFC_FL_HAL_REQUESTED) {
    305         /* grant the control to HAL */
    306         nfc_cb.flags &= ~NFC_FL_HAL_REQUESTED;
    307         nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
    308         nfc_cb.nci_cmd_window = 0;
    309         nfc_cb.p_hal->control_granted();
    310       }
    311     }
    312   }
    313 }
    314 
    315 #if (APPL_DTA_MODE == TRUE)
    316 /*******************************************************************************
    317 **
    318 ** Function         nfc_ncif_getFWVersion
    319 **
    320 ** Description      This function is called to fet the FW Version
    321 **
    322 ** Returns          tNFC_FW_VERSION
    323 **
    324 *******************************************************************************/
    325 tNFC_FW_VERSION nfc_ncif_getFWVersion() { return nfc_fw_version; }
    326 #endif
    327 
    328 /*******************************************************************************
    329 **
    330 ** Function         nfc_ncif_send_cmd
    331 **
    332 ** Description      Send NCI command to the NCIT task
    333 **
    334 ** Returns          void
    335 **
    336 *******************************************************************************/
    337 void nfc_ncif_send_cmd(NFC_HDR* p_buf) {
    338   /* post the p_buf to NCIT task */
    339   p_buf->event = BT_EVT_TO_NFC_NCI;
    340   p_buf->layer_specific = 0;
    341   nfcsnoop_capture(p_buf, false);
    342   nfc_ncif_check_cmd_queue(p_buf);
    343 }
    344 
    345 /*******************************************************************************
    346 **
    347 ** Function         nfc_ncif_process_event
    348 **
    349 ** Description      This function is called to process the
    350 **                  data/response/notification from NFCC
    351 **
    352 ** Returns          TRUE if need to free buffer
    353 **
    354 *******************************************************************************/
    355 bool nfc_ncif_process_event(NFC_HDR* p_msg) {
    356   uint8_t mt, pbf, gid, *p, *pp;
    357   bool free = true;
    358   uint8_t oid;
    359   uint8_t *p_old, old_gid, old_oid, old_mt;
    360 
    361   p = (uint8_t*)(p_msg + 1) + p_msg->offset;
    362 
    363   pp = p;
    364   NCI_MSG_PRS_HDR0(pp, mt, pbf, gid);
    365   oid = ((*pp) & NCI_OID_MASK);
    366   if (nfc_cb.rawVsCbflag == true &&
    367       nfc_ncif_proc_proprietary_rsp(mt, gid, oid) == true) {
    368     nci_proc_prop_raw_vs_rsp(p_msg);
    369     nfc_cb.rawVsCbflag = false;
    370     return free;
    371   }
    372 
    373   nfcsnoop_capture(p_msg, true);
    374   switch (mt) {
    375     case NCI_MT_DATA:
    376       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("NFC received data");
    377       nfc_ncif_proc_data(p_msg);
    378       free = false;
    379       break;
    380 
    381     case NCI_MT_RSP:
    382       DLOG_IF(INFO, nfc_debug_enabled)
    383           << StringPrintf("NFC received rsp gid:%d", gid);
    384       oid = ((*pp) & NCI_OID_MASK);
    385       p_old = nfc_cb.last_hdr;
    386       NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
    387       old_oid = ((*p_old) & NCI_OID_MASK);
    388       /* make sure this is the RSP we are waiting for before updating the
    389        * command window */
    390       if ((old_gid != gid) || (old_oid != oid)) {
    391         LOG(ERROR) << StringPrintf(
    392             "nfc_ncif_process_event unexpected rsp: gid:0x%x, oid:0x%x", gid,
    393             oid);
    394         return true;
    395       }
    396 
    397       switch (gid) {
    398         case NCI_GID_CORE: /* 0000b NCI Core group */
    399           free = nci_proc_core_rsp(p_msg);
    400           break;
    401         case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
    402           nci_proc_rf_management_rsp(p_msg);
    403           break;
    404 #if (NFC_NFCEE_INCLUDED == TRUE)
    405 #if (NFC_RW_ONLY == FALSE)
    406         case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
    407           nci_proc_ee_management_rsp(p_msg);
    408           break;
    409 #endif
    410 #endif
    411         case NCI_GID_PROP: /* 1111b Proprietary */
    412           nci_proc_prop_rsp(p_msg);
    413           break;
    414         default:
    415           LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
    416           break;
    417       }
    418 
    419       nfc_ncif_update_window();
    420       break;
    421 
    422     case NCI_MT_NTF:
    423       DLOG_IF(INFO, nfc_debug_enabled)
    424           << StringPrintf("NFC received ntf gid:%d", gid);
    425       switch (gid) {
    426         case NCI_GID_CORE: /* 0000b NCI Core group */
    427           nci_proc_core_ntf(p_msg);
    428           break;
    429         case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
    430           nci_proc_rf_management_ntf(p_msg);
    431           break;
    432 #if (NFC_NFCEE_INCLUDED == TRUE)
    433 #if (NFC_RW_ONLY == FALSE)
    434         case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
    435           nci_proc_ee_management_ntf(p_msg);
    436           break;
    437 #endif
    438 #endif
    439         case NCI_GID_PROP: /* 1111b Proprietary */
    440           nci_proc_prop_ntf(p_msg);
    441           break;
    442         default:
    443           LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
    444           break;
    445       }
    446       break;
    447 
    448     default:
    449       DLOG_IF(INFO, nfc_debug_enabled)
    450           << StringPrintf("NFC received unknown mt:0x%x, gid:%d", mt, gid);
    451   }
    452 
    453   return (free);
    454 }
    455 
    456 /*******************************************************************************
    457 **
    458 ** Function         nfc_ncif_rf_management_status
    459 **
    460 ** Description      This function is called to report an event
    461 **
    462 ** Returns          void
    463 **
    464 *******************************************************************************/
    465 void nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event, uint8_t status) {
    466   tNFC_DISCOVER evt_data;
    467   if (nfc_cb.p_discv_cback) {
    468     evt_data.status = (tNFC_STATUS)status;
    469     (*nfc_cb.p_discv_cback)(event, &evt_data);
    470   }
    471 }
    472 
    473 /*******************************************************************************
    474 **
    475 ** Function         nfc_ncif_set_config_status
    476 **
    477 ** Description      This function is called to report NFC_SET_CONFIG_REVT
    478 **
    479 ** Returns          void
    480 **
    481 *******************************************************************************/
    482 void nfc_ncif_set_config_status(uint8_t* p,
    483                                 __attribute__((unused)) uint8_t len) {
    484   tNFC_RESPONSE evt_data;
    485   if (nfc_cb.p_resp_cback) {
    486     evt_data.set_config.status = (tNFC_STATUS)*p++;
    487     evt_data.set_config.num_param_id = NFC_STATUS_OK;
    488     if (evt_data.set_config.status != NFC_STATUS_OK) {
    489       evt_data.set_config.num_param_id = *p++;
    490       STREAM_TO_ARRAY(evt_data.set_config.param_ids, p,
    491                       evt_data.set_config.num_param_id);
    492     }
    493 
    494     (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
    495   }
    496 }
    497 
    498 /*******************************************************************************
    499 **
    500 ** Function         nfc_ncif_event_status
    501 **
    502 ** Description      This function is called to report an event
    503 **
    504 ** Returns          void
    505 **
    506 *******************************************************************************/
    507 void nfc_ncif_event_status(tNFC_RESPONSE_EVT event, uint8_t status) {
    508   tNFC_RESPONSE evt_data;
    509   if (event == NFC_NFCC_TIMEOUT_REVT && status == NFC_STATUS_HW_TIMEOUT)
    510     android::metricslogger::LogCounter("nfc_hw_timeout_error", 1);
    511   if (nfc_cb.p_resp_cback) {
    512     evt_data.status = (tNFC_STATUS)status;
    513     (*nfc_cb.p_resp_cback)(event, &evt_data);
    514   }
    515 }
    516 
    517 /*******************************************************************************
    518 **
    519 ** Function         nfc_ncif_error_status
    520 **
    521 ** Description      This function is called to report an error event to data
    522 **                  cback
    523 **
    524 ** Returns          void
    525 **
    526 *******************************************************************************/
    527 void nfc_ncif_error_status(uint8_t conn_id, uint8_t status) {
    528   tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
    529   if (p_cb && p_cb->p_cback) {
    530     tNFC_CONN nfc_conn;
    531     nfc_conn.status = status;
    532     (*p_cb->p_cback)(conn_id, NFC_ERROR_CEVT, &nfc_conn);
    533   }
    534   if (status == NFC_STATUS_TIMEOUT)
    535     android::metricslogger::LogCounter("nfc_rf_timeout_error", 1);
    536   else if (status == NFC_STATUS_EE_TIMEOUT)
    537     android::metricslogger::LogCounter("nfc_ee_timeout_error", 1);
    538   else if (status == NFC_STATUS_ACTIVATION_FAILED)
    539     android::metricslogger::LogCounter("nfc_rf_activation_failed", 1);
    540   else if (status == NFC_STATUS_EE_INTF_ACTIVE_FAIL)
    541     android::metricslogger::LogCounter("nfc_ee_activation_failed", 1);
    542   else if (status == NFC_STATUS_RF_TRANSMISSION_ERR)
    543     android::metricslogger::LogCounter("nfc_rf_transmission_error", 1);
    544   else if (status == NFC_STATUS_EE_TRANSMISSION_ERR)
    545     android::metricslogger::LogCounter("nfc_ee_transmission_error", 1);
    546   else if (status == NFC_STATUS_RF_PROTOCOL_ERR)
    547     android::metricslogger::LogCounter("nfc_rf_protocol_error", 1);
    548   else if (status == NFC_STATUS_EE_PROTOCOL_ERR)
    549     android::metricslogger::LogCounter("nfc_ee_protocol_error", 1);
    550 }
    551 
    552 /*******************************************************************************
    553 **
    554 ** Function         nfc_ncif_proc_rf_field_ntf
    555 **
    556 ** Description      This function is called to process RF field notification
    557 **
    558 ** Returns          void
    559 **
    560 *******************************************************************************/
    561 #if (NFC_RW_ONLY == FALSE)
    562 void nfc_ncif_proc_rf_field_ntf(uint8_t rf_status) {
    563   tNFC_RESPONSE evt_data;
    564   if (nfc_cb.p_resp_cback) {
    565     evt_data.status = (tNFC_STATUS)NFC_STATUS_OK;
    566     evt_data.rf_field.rf_field = rf_status;
    567     (*nfc_cb.p_resp_cback)(NFC_RF_FIELD_REVT, &evt_data);
    568   }
    569 }
    570 #endif
    571 
    572 /*******************************************************************************
    573 **
    574 ** Function         nfc_ncif_proc_credits
    575 **
    576 ** Description      This function is called to process data credits
    577 **
    578 ** Returns          void
    579 **
    580 *******************************************************************************/
    581 void nfc_ncif_proc_credits(uint8_t* p, __attribute__((unused)) uint16_t plen) {
    582   uint8_t num, xx;
    583   tNFC_CONN_CB* p_cb;
    584 
    585   num = *p++;
    586   for (xx = 0; xx < num; xx++) {
    587     p_cb = nfc_find_conn_cb_by_conn_id(*p++);
    588     if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC) {
    589       p_cb->num_buff += (*p);
    590 #if (BT_USE_TRACES == TRUE)
    591       if (p_cb->num_buff > p_cb->init_credits) {
    592         if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
    593           /* if this happens in activated state, it's very likely that our NFCC
    594            * has issues */
    595           /* However, credit may be returned after deactivation */
    596           LOG(ERROR) << StringPrintf("num_buff:0x%x, init_credits:0x%x",
    597                                      p_cb->num_buff, p_cb->init_credits);
    598         }
    599         p_cb->num_buff = p_cb->init_credits;
    600       }
    601 #endif
    602       /* check if there's nay data in tx q to be sent */
    603       nfc_ncif_send_data(p_cb, NULL);
    604     }
    605     p++;
    606   }
    607 }
    608 /*******************************************************************************
    609 **
    610 ** Function         nfc_ncif_decode_rf_params
    611 **
    612 ** Description      This function is called to process the detected technology
    613 **                  and mode and the associated parameters for DISCOVER_NTF and
    614 **                  ACTIVATE_NTF
    615 **
    616 ** Returns          void
    617 **
    618 *******************************************************************************/
    619 uint8_t* nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS* p_param, uint8_t* p) {
    620   tNFC_RF_PA_PARAMS* p_pa;
    621   uint8_t len, *p_start, u8;
    622   tNFC_RF_PB_PARAMS* p_pb;
    623   tNFC_RF_LF_PARAMS* p_lf;
    624   tNFC_RF_PF_PARAMS* p_pf;
    625   tNFC_RF_PISO15693_PARAMS* p_i93;
    626   tNFC_RF_ACM_P_PARAMS* acm_p;
    627   uint8_t mpl_idx = 0;
    628   uint8_t gb_idx = 0, mpl;
    629   len = *p++;
    630   p_start = p;
    631   memset(&p_param->param, 0, sizeof(tNFC_RF_TECH_PARAMU));
    632 
    633   if (NCI_DISCOVERY_TYPE_POLL_A == p_param->mode ||
    634       (NCI_DISCOVERY_TYPE_POLL_A_ACTIVE == p_param->mode &&
    635        NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
    636     p_pa = &p_param->param.pa;
    637     /*
    638 SENS_RES Response   2 bytes Defined in [DIGPROT] Available after Technology
    639 Detection
    640 NFCID1 length   1 byte  Length of NFCID1 Available after Collision Resolution
    641 NFCID1  4, 7, or 10 bytes   Defined in [DIGPROT]Available after Collision
    642 Resolution
    643 SEL_RES Response    1 byte  Defined in [DIGPROT]Available after Collision
    644 Resolution
    645 HRx Length  1 Octets    Length of HRx Parameters collected from the response to
    646 the T1T RID command.
    647 HRx 0 or 2 Octets   If present, the first byte SHALL contain HR0 and the second
    648 byte SHALL contain HR1 as defined in [DIGITAL].
    649     */
    650     STREAM_TO_ARRAY(p_pa->sens_res, p, 2);
    651     p_pa->nfcid1_len = *p++;
    652     if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
    653       p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
    654     STREAM_TO_ARRAY(p_pa->nfcid1, p, p_pa->nfcid1_len);
    655     u8 = *p++;
    656     if (u8) p_pa->sel_rsp = *p++;
    657     if (len ==
    658         (7 + p_pa->nfcid1_len + u8)) /* 2(sens_res) + 1(len) +
    659                                         p_pa->nfcid1_len + 1(len) + u8 + hr
    660                                         (1:len + 2) */
    661     {
    662       p_pa->hr_len = *p++;
    663       if (p_pa->hr_len == NCI_T1T_HR_LEN) {
    664         p_pa->hr[0] = *p++;
    665         p_pa->hr[1] = *p;
    666       }
    667     }
    668   } else if (NCI_DISCOVERY_TYPE_POLL_B == p_param->mode) {
    669     /*
    670 SENSB_RES Response length (n)   1 byte  Length of SENSB_RES Response (Byte 2 -
    671 Byte 12 or 13)Available after Technology Detection
    672 SENSB_RES Response Byte 2 - Byte 12 or 13   11 or 12 bytes  Defined in [DIGPROT]
    673 Available after Technology Detection
    674     */
    675     p_pb = &p_param->param.pb;
    676     p_pb->sensb_res_len = *p++;
    677     if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
    678       p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
    679     STREAM_TO_ARRAY(p_pb->sensb_res, p, p_pb->sensb_res_len);
    680     memcpy(p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
    681   } else if (NCI_DISCOVERY_TYPE_POLL_F == p_param->mode ||
    682              (NCI_DISCOVERY_TYPE_POLL_F_ACTIVE == p_param->mode &&
    683               NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
    684     /*
    685 Bit Rate    1 byte  1   212 kbps/2   424 kbps/0 and 3 to 255  RFU
    686 SENSF_RES Response length.(n) 1 byte  Length of SENSF_RES (Byte 2 - Byte 17 or
    687 19).Available after Technology Detection
    688 SENSF_RES Response Byte 2 - Byte 17 or 19  n bytes Defined in [DIGPROT]
    689 Available after Technology Detection
    690     */
    691     p_pf = &p_param->param.pf;
    692     p_pf->bit_rate = *p++;
    693     p_pf->sensf_res_len = *p++;
    694     if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
    695       p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
    696     STREAM_TO_ARRAY(p_pf->sensf_res, p, p_pf->sensf_res_len);
    697     memcpy(p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
    698     p_pf->mrti_check = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
    699     p_pf->mrti_update = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
    700   } else if (NCI_DISCOVERY_TYPE_LISTEN_F == p_param->mode ||
    701              (NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE == p_param->mode &&
    702               NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
    703     p_lf = &p_param->param.lf;
    704     u8 = *p++;
    705     if (u8) {
    706       STREAM_TO_ARRAY(p_lf->nfcid2, p, NCI_NFCID2_LEN);
    707     }
    708   } else if (NCI_DISCOVERY_TYPE_POLL_V == p_param->mode) {
    709     p_i93 = &p_param->param.pi93;
    710     p_i93->flag = *p++;
    711     p_i93->dsfid = *p++;
    712     STREAM_TO_ARRAY(p_i93->uid, p, NFC_ISO15693_UID_LEN);
    713   } else if (NCI_DISCOVERY_TYPE_POLL_KOVIO == p_param->mode) {
    714     p_param->param.pk.uid_len = len;
    715     if (p_param->param.pk.uid_len > NFC_KOVIO_MAX_LEN) {
    716       LOG(ERROR) << StringPrintf("Kovio UID len:0x%x exceeds max(0x%x)",
    717                                  p_param->param.pk.uid_len, NFC_KOVIO_MAX_LEN);
    718       p_param->param.pk.uid_len = NFC_KOVIO_MAX_LEN;
    719     }
    720     STREAM_TO_ARRAY(p_param->param.pk.uid, p, p_param->param.pk.uid_len);
    721   } else if (NCI_DISCOVERY_TYPE_POLL_ACTIVE == p_param->mode) {
    722     acm_p = &p_param->param.acm_p;
    723     acm_p->atr_res_len = *p++;
    724     if (acm_p->atr_res_len > 0) {
    725       if (acm_p->atr_res_len > NFC_MAX_ATS_LEN)
    726         acm_p->atr_res_len = NFC_MAX_ATS_LEN;
    727       STREAM_TO_ARRAY(acm_p->atr_res, p, acm_p->atr_res_len);
    728       /* ATR_RES
    729       Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
    730       NFCID3T   DIDT    BST     BRT     TO      PPT     [GT0 ... GTn] */
    731       mpl_idx = 14;
    732       gb_idx = NCI_P_GEN_BYTE_INDEX;
    733       acm_p->waiting_time = acm_p->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
    734       mpl = ((acm_p->atr_res[mpl_idx]) >> 4) & 0x03;
    735       acm_p->max_payload_size = nfc_mpl_code_to_size[mpl];
    736       if (acm_p->atr_res_len > gb_idx) {
    737         acm_p->gen_bytes_len = acm_p->atr_res_len - gb_idx;
    738         if (acm_p->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
    739           acm_p->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
    740         memcpy(acm_p->gen_bytes, &acm_p->atr_res[gb_idx], acm_p->gen_bytes_len);
    741       }
    742     }
    743   } else if (NCI_DISCOVERY_TYPE_LISTEN_ACTIVE == p_param->mode) {
    744     acm_p = &p_param->param.acm_p;
    745     acm_p->atr_res_len = *p++;
    746     if (acm_p->atr_res_len > 0) {
    747       if (acm_p->atr_res_len > NFC_MAX_ATS_LEN)
    748         acm_p->atr_res_len = NFC_MAX_ATS_LEN;
    749       STREAM_TO_ARRAY(acm_p->atr_res, p, acm_p->atr_res_len);
    750       /* ATR_REQ
    751       Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
    752       NFCID3I   DIDI    BSI     BRI     PPI     [GI0 ... GIn] */
    753       mpl_idx = 13;
    754       gb_idx = NCI_L_GEN_BYTE_INDEX;
    755       mpl = ((acm_p->atr_res[mpl_idx]) >> 4) & 0x03;
    756       acm_p->max_payload_size = nfc_mpl_code_to_size[mpl];
    757       if (acm_p->atr_res_len > gb_idx) {
    758         acm_p->gen_bytes_len = acm_p->atr_res_len - gb_idx;
    759         if (acm_p->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
    760           acm_p->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
    761         memcpy(acm_p->gen_bytes, &acm_p->atr_res[gb_idx], acm_p->gen_bytes_len);
    762       }
    763     }
    764   }
    765 
    766   return (p_start + len);
    767 }
    768 
    769 /*******************************************************************************
    770 **
    771 ** Function         nfc_ncif_proc_discover_ntf
    772 **
    773 ** Description      This function is called to process discover notification
    774 **
    775 ** Returns          void
    776 **
    777 *******************************************************************************/
    778 void nfc_ncif_proc_discover_ntf(uint8_t* p,
    779                                 __attribute__((unused)) uint16_t plen) {
    780   tNFC_DISCOVER evt_data;
    781 
    782   if (nfc_cb.p_discv_cback) {
    783     p += NCI_MSG_HDR_SIZE;
    784     evt_data.status = NCI_STATUS_OK;
    785     evt_data.result.rf_disc_id = *p++;
    786     evt_data.result.protocol = *p++;
    787 
    788     /* fill in tNFC_RESULT_DEVT */
    789     evt_data.result.rf_tech_param.mode = *p++;
    790     p = nfc_ncif_decode_rf_params(&evt_data.result.rf_tech_param, p);
    791 
    792     evt_data.result.more = *p++;
    793     (*nfc_cb.p_discv_cback)(NFC_RESULT_DEVT, &evt_data);
    794   }
    795 }
    796 
    797 /*******************************************************************************
    798 **
    799 ** Function         nfc_ncif_proc_isodep_nak_presence_check_status
    800 **
    801 ** Description      This function is called to handle response and notification
    802 **                  for presence check nak command
    803 **
    804 ** Returns          void
    805 **
    806 *******************************************************************************/
    807 void nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,
    808                                                     bool is_ntf) {
    809   rw_t4t_handle_isodep_nak_rsp(status, is_ntf);
    810 }
    811 /*******************************************************************************
    812 **
    813 ** Function         nfc_ncif_proc_activate
    814 **
    815 ** Description      This function is called to process de-activate
    816 **                  response and notification
    817 **
    818 ** Returns          void
    819 **
    820 *******************************************************************************/
    821 void nfc_ncif_proc_activate(uint8_t* p, uint8_t len) {
    822   tNFC_DISCOVER evt_data;
    823   tNFC_INTF_PARAMS* p_intf = &evt_data.activate.intf_param;
    824   tNFC_INTF_PA_ISO_DEP* p_pa_iso;
    825   tNFC_INTF_LB_ISO_DEP* p_lb_iso;
    826   tNFC_INTF_PB_ISO_DEP* p_pb_iso;
    827 #if (NFC_RW_ONLY == FALSE)
    828   tNFC_INTF_PA_NFC_DEP* p_pa_nfc;
    829   int mpl_idx = 0;
    830   uint8_t gb_idx = 0, mpl;
    831 #endif
    832   uint8_t t0;
    833   tNCI_DISCOVERY_TYPE mode;
    834   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
    835   uint8_t *pp, len_act;
    836   uint8_t buff_size, num_buff;
    837   tNFC_RF_PA_PARAMS* p_pa;
    838 
    839   nfc_set_state(NFC_STATE_OPEN);
    840 
    841   memset(p_intf, 0, sizeof(tNFC_INTF_PARAMS));
    842   evt_data.activate.rf_disc_id = *p++;
    843   p_intf->type = *p++;
    844   evt_data.activate.protocol = *p++;
    845 
    846   if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
    847     evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
    848 
    849   evt_data.activate.rf_tech_param.mode = *p++;
    850   buff_size = *p++;
    851   num_buff = *p++;
    852   /* fill in tNFC_activate_DEVT */
    853   p = nfc_ncif_decode_rf_params(&evt_data.activate.rf_tech_param, p);
    854 
    855   evt_data.activate.data_mode = *p++;
    856   evt_data.activate.tx_bitrate = *p++;
    857   evt_data.activate.rx_bitrate = *p++;
    858   mode = evt_data.activate.rf_tech_param.mode;
    859   len_act = *p++;
    860   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
    861       "nfc_ncif_proc_activate:%d %d, mode:0x%02x", len, len_act, mode);
    862   /* just in case the interface reports activation parameters not defined in the
    863    * NCI spec */
    864   p_intf->intf_param.frame.param_len = len_act;
    865   if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
    866     p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
    867   pp = p;
    868   STREAM_TO_ARRAY(p_intf->intf_param.frame.param, pp,
    869                   p_intf->intf_param.frame.param_len);
    870   if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP) {
    871     /* Make max payload of NCI aligned to max payload of ISO-DEP for better
    872      * performance */
    873     if (buff_size > NCI_ISO_DEP_MAX_INFO) buff_size = NCI_ISO_DEP_MAX_INFO;
    874 
    875     switch (mode) {
    876       case NCI_DISCOVERY_TYPE_POLL_A:
    877         p_pa_iso = &p_intf->intf_param.pa_iso;
    878         p_pa_iso->ats_res_len = *p++;
    879 
    880         if (p_pa_iso->ats_res_len == 0) break;
    881 
    882         if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
    883           p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
    884         STREAM_TO_ARRAY(p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
    885         pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
    886         t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
    887         pp++;                           /* T0 */
    888         if (t0 & NCI_ATS_TA_MASK) pp++; /* TA */
    889         if (t0 & NCI_ATS_TB_MASK) {
    890           /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time
    891            * Integer) */
    892           p_pa_iso->fwi = (((*pp) >> 4) & 0x0F);
    893           p_pa_iso->sfgi = ((*pp) & 0x0F);
    894           pp++; /* TB */
    895         }
    896         if (t0 & NCI_ATS_TC_MASK) {
    897           p_pa_iso->nad_used = ((*pp) & 0x01);
    898           pp++; /* TC */
    899         }
    900         p_pa_iso->his_byte_len =
    901             (uint8_t)(p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
    902         if (p_pa_iso->his_byte_len > NFC_MAX_HIS_BYTES_LEN)
    903           p_pa_iso->his_byte_len = NFC_MAX_HIS_BYTES_LEN;
    904         memcpy(p_pa_iso->his_byte, pp, p_pa_iso->his_byte_len);
    905         break;
    906 
    907       case NCI_DISCOVERY_TYPE_LISTEN_A:
    908         p_intf->intf_param.la_iso.rats = *p++;
    909         break;
    910 
    911       case NCI_DISCOVERY_TYPE_POLL_B:
    912         /* ATTRIB RSP
    913         Byte 1   Byte 2 ~ 2+n-1
    914         MBLI/DID Higher layer - Response
    915         */
    916         p_pb_iso = &p_intf->intf_param.pb_iso;
    917         p_pb_iso->attrib_res_len = *p++;
    918 
    919         if (p_pb_iso->attrib_res_len == 0) break;
    920 
    921         if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
    922           p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
    923         STREAM_TO_ARRAY(p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
    924         p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
    925         if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES) {
    926           p_pb_iso->hi_info_len =
    927               p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
    928           if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
    929             p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
    930           memcpy(p_pb_iso->hi_info,
    931                  &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES],
    932                  p_pb_iso->hi_info_len);
    933         }
    934         break;
    935 
    936       case NCI_DISCOVERY_TYPE_LISTEN_B:
    937         /* ATTRIB CMD
    938         Byte 2~5 Byte 6  Byte 7  Byte 8  Byte 9  Byte 10 ~ 10+k-1
    939         NFCID0   Param 1 Param 2 Param 3 Param 4 Higher layer - INF
    940         */
    941         p_lb_iso = &p_intf->intf_param.lb_iso;
    942         p_lb_iso->attrib_req_len = *p++;
    943 
    944         if (p_lb_iso->attrib_req_len == 0) break;
    945 
    946         if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
    947           p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
    948         STREAM_TO_ARRAY(p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
    949         memcpy(p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
    950         if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES) {
    951           p_lb_iso->hi_info_len =
    952               p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
    953           if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
    954             p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
    955           memcpy(p_lb_iso->hi_info,
    956                  &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES],
    957                  p_lb_iso->hi_info_len);
    958         }
    959         break;
    960     }
    961 
    962   }
    963 #if (NFC_RW_ONLY == FALSE)
    964   else if (evt_data.activate.intf_param.type == NCI_INTERFACE_NFC_DEP) {
    965     /* Make max payload of NCI aligned to max payload of NFC-DEP for better
    966      * performance */
    967     if (buff_size > NCI_NFC_DEP_MAX_DATA) buff_size = NCI_NFC_DEP_MAX_DATA;
    968 
    969     p_pa_nfc = &p_intf->intf_param.pa_nfc;
    970     p_pa_nfc->atr_res_len = *p++;
    971 
    972     if (p_pa_nfc->atr_res_len > 0) {
    973       if (p_pa_nfc->atr_res_len > NFC_MAX_ATS_LEN)
    974         p_pa_nfc->atr_res_len = NFC_MAX_ATS_LEN;
    975       STREAM_TO_ARRAY(p_pa_nfc->atr_res, p, p_pa_nfc->atr_res_len);
    976       if ((mode == NCI_DISCOVERY_TYPE_POLL_A) ||
    977           (mode == NCI_DISCOVERY_TYPE_POLL_F) ||
    978           ((mode == NCI_DISCOVERY_TYPE_POLL_A_ACTIVE ||
    979             mode == NCI_DISCOVERY_TYPE_POLL_F_ACTIVE) &&
    980            NFC_GetNCIVersion() != NCI_VERSION_2_0) ||
    981           (NFC_GetNCIVersion() == NCI_VERSION_2_0 &&
    982            mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE)) {
    983         /* ATR_RES
    984         Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
    985         NFCID3T   DIDT    BST     BRT     TO      PPT     [GT0 ... GTn] */
    986         mpl_idx = 14;
    987         gb_idx = NCI_P_GEN_BYTE_INDEX;
    988         p_pa_nfc->waiting_time =
    989             p_pa_nfc->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
    990       } else if ((mode == NCI_DISCOVERY_TYPE_LISTEN_A) ||
    991                  (mode == NCI_DISCOVERY_TYPE_LISTEN_F) ||
    992                  (NFC_GetNCIVersion() != NCI_VERSION_2_0 &&
    993                   (mode == NCI_DISCOVERY_TYPE_LISTEN_A_ACTIVE ||
    994                    mode == NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE)) ||
    995                  (NFC_GetNCIVersion() == NCI_VERSION_2_0 &&
    996                   mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE)) {
    997         /* ATR_REQ
    998         Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
    999         NFCID3I   DIDI    BSI     BRI     PPI     [GI0 ... GIn] */
   1000         mpl_idx = 13;
   1001         gb_idx = NCI_L_GEN_BYTE_INDEX;
   1002       }
   1003 
   1004       mpl = ((p_pa_nfc->atr_res[mpl_idx]) >> 4) & 0x03;
   1005       p_pa_nfc->max_payload_size = nfc_mpl_code_to_size[mpl];
   1006       if (p_pa_nfc->atr_res_len > gb_idx) {
   1007         p_pa_nfc->gen_bytes_len = p_pa_nfc->atr_res_len - gb_idx;
   1008         if (p_pa_nfc->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
   1009           p_pa_nfc->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
   1010         memcpy(p_pa_nfc->gen_bytes, &p_pa_nfc->atr_res[gb_idx],
   1011                p_pa_nfc->gen_bytes_len);
   1012       }
   1013     }
   1014   }
   1015 #endif
   1016   else if ((evt_data.activate.intf_param.type == NCI_INTERFACE_FRAME) &&
   1017            (evt_data.activate.protocol == NCI_PROTOCOL_T1T)) {
   1018     p_pa = &evt_data.activate.rf_tech_param.param.pa;
   1019     if ((len_act == NCI_T1T_HR_LEN) && (p_pa->hr_len == 0)) {
   1020       p_pa->hr_len = NCI_T1T_HR_LEN;
   1021       p_pa->hr[0] = *p++;
   1022       p_pa->hr[1] = *p++;
   1023     }
   1024   }
   1025 
   1026   p_cb->act_protocol = evt_data.activate.protocol;
   1027   p_cb->act_interface = evt_data.activate.intf_param.type;
   1028   p_cb->buff_size = buff_size;
   1029   p_cb->num_buff = num_buff;
   1030   p_cb->init_credits = num_buff;
   1031 
   1032   if (nfc_cb.p_discv_cback) {
   1033     (*nfc_cb.p_discv_cback)(NFC_ACTIVATE_DEVT, &evt_data);
   1034   }
   1035 }
   1036 
   1037 /*******************************************************************************
   1038 **
   1039 ** Function         nfc_ncif_proc_deactivate
   1040 **
   1041 ** Description      This function is called to process de-activate
   1042 **                  response and notification
   1043 **
   1044 ** Returns          void
   1045 **
   1046 *******************************************************************************/
   1047 void nfc_ncif_proc_deactivate(uint8_t status, uint8_t deact_type, bool is_ntf) {
   1048   tNFC_DISCOVER evt_data;
   1049   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
   1050   void* p_data;
   1051 
   1052   nfc_set_state(NFC_STATE_IDLE);
   1053   evt_data.deactivate.status = status;
   1054   evt_data.deactivate.type = deact_type;
   1055   evt_data.deactivate.is_ntf = is_ntf;
   1056   if (NFC_GetNCIVersion() == NCI_VERSION_2_0) {
   1057     evt_data.deactivate.reason = nfc_cb.deact_reason;
   1058   }
   1059 
   1060   while ((p_data = GKI_dequeue(&p_cb->rx_q)) != NULL) {
   1061     GKI_freebuf(p_data);
   1062   }
   1063 
   1064   while ((p_data = GKI_dequeue(&p_cb->tx_q)) != NULL) {
   1065     GKI_freebuf(p_data);
   1066   }
   1067 
   1068   if (p_cb->p_cback) {
   1069     tNFC_CONN nfc_conn;
   1070     nfc_conn.deactivate = evt_data.deactivate;
   1071     (*p_cb->p_cback)(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &nfc_conn);
   1072   }
   1073 
   1074   if (nfc_cb.p_discv_cback) {
   1075     (*nfc_cb.p_discv_cback)(NFC_DEACTIVATE_DEVT, &evt_data);
   1076   }
   1077 }
   1078 /*******************************************************************************
   1079 **
   1080 ** Function         nfc_ncif_proc_ee_action
   1081 **
   1082 ** Description      This function is called to process NFCEE ACTION NTF
   1083 **
   1084 ** Returns          void
   1085 **
   1086 *******************************************************************************/
   1087 #if (NFC_NFCEE_INCLUDED == TRUE && NFC_RW_ONLY == FALSE)
   1088 void nfc_ncif_proc_ee_action(uint8_t* p, uint16_t plen) {
   1089   tNFC_EE_ACTION_REVT evt_data;
   1090   tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
   1091   uint8_t data_len, ulen, tag, *p_data;
   1092   uint8_t max_len;
   1093 
   1094   if (p_cback) {
   1095     memset(&evt_data.act_data, 0, sizeof(tNFC_ACTION_DATA));
   1096     evt_data.status = NFC_STATUS_OK;
   1097     evt_data.nfcee_id = *p++;
   1098     evt_data.act_data.trigger = *p++;
   1099     data_len = *p++;
   1100     if (plen >= 3) plen -= 3;
   1101     if (data_len > plen) data_len = (uint8_t)plen;
   1102 
   1103     switch (evt_data.act_data.trigger) {
   1104       case NCI_EE_TRIG_7816_SELECT:
   1105         if (data_len > NFC_MAX_AID_LEN) data_len = NFC_MAX_AID_LEN;
   1106         evt_data.act_data.param.aid.len_aid = data_len;
   1107         STREAM_TO_ARRAY(evt_data.act_data.param.aid.aid, p, data_len);
   1108         break;
   1109       case NCI_EE_TRIG_RF_PROTOCOL:
   1110         evt_data.act_data.param.protocol = *p++;
   1111         break;
   1112       case NCI_EE_TRIG_RF_TECHNOLOGY:
   1113         evt_data.act_data.param.technology = *p++;
   1114         break;
   1115       case NCI_EE_TRIG_APP_INIT:
   1116         while (data_len > NFC_TL_SIZE) {
   1117           data_len -= NFC_TL_SIZE;
   1118           tag = *p++;
   1119           ulen = *p++;
   1120           if (ulen > data_len) ulen = data_len;
   1121           p_data = NULL;
   1122           max_len = ulen;
   1123           switch (tag) {
   1124             case NCI_EE_ACT_TAG_AID: /* AID                 */
   1125               if (max_len > NFC_MAX_AID_LEN) max_len = NFC_MAX_AID_LEN;
   1126               evt_data.act_data.param.app_init.len_aid = max_len;
   1127               p_data = evt_data.act_data.param.app_init.aid;
   1128               break;
   1129             case NCI_EE_ACT_TAG_DATA: /* hex data for app    */
   1130               if (max_len > NFC_MAX_APP_DATA_LEN)
   1131                 max_len = NFC_MAX_APP_DATA_LEN;
   1132               evt_data.act_data.param.app_init.len_data = max_len;
   1133               p_data = evt_data.act_data.param.app_init.data;
   1134               break;
   1135           }
   1136           if (p_data) {
   1137             STREAM_TO_ARRAY(p_data, p, max_len);
   1138           }
   1139           data_len -= ulen;
   1140         }
   1141         break;
   1142     }
   1143     tNFC_RESPONSE nfc_response;
   1144     nfc_response.ee_action = evt_data;
   1145     (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
   1146   }
   1147 }
   1148 
   1149 /*******************************************************************************
   1150 **
   1151 ** Function         nfc_ncif_proc_ee_discover_req
   1152 **
   1153 ** Description      This function is called to process NFCEE DISCOVER REQ NTF
   1154 **
   1155 ** Returns          void
   1156 **
   1157 *******************************************************************************/
   1158 void nfc_ncif_proc_ee_discover_req(uint8_t* p, uint16_t plen) {
   1159   tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
   1160   tNFC_EE_DISCOVER_REQ_REVT ee_disc_req;
   1161   tNFC_EE_DISCOVER_INFO* p_info;
   1162   uint8_t u8;
   1163 
   1164   DLOG_IF(INFO, nfc_debug_enabled)
   1165       << StringPrintf("nfc_ncif_proc_ee_discover_req %d len:%d", *p, plen);
   1166   if (p_cback) {
   1167     u8 = *p;
   1168     ee_disc_req.status = NFC_STATUS_OK;
   1169     ee_disc_req.num_info = *p++;
   1170     p_info = ee_disc_req.info;
   1171     if (plen) plen--;
   1172     while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN)) {
   1173       p_info->op = *p++;                  /* T */
   1174       if (*p != NFC_EE_DISCOVER_INFO_LEN) /* L */
   1175       {
   1176         DLOG_IF(INFO, nfc_debug_enabled)
   1177             << StringPrintf("bad entry len:%d", *p);
   1178         return;
   1179       }
   1180       p++;
   1181       /* V */
   1182       p_info->nfcee_id = *p++;
   1183       p_info->tech_n_mode = *p++;
   1184       p_info->protocol = *p++;
   1185       u8--;
   1186       plen -= NFC_EE_DISCOVER_ENTRY_LEN;
   1187       p_info++;
   1188     }
   1189     tNFC_RESPONSE nfc_response;
   1190     nfc_response.ee_discover_req = ee_disc_req;
   1191     (*p_cback)(NFC_EE_DISCOVER_REQ_REVT, &nfc_response);
   1192   }
   1193 }
   1194 
   1195 /*******************************************************************************
   1196 **
   1197 ** Function         nfc_ncif_proc_get_routing
   1198 **
   1199 ** Description      This function is called to process get routing notification
   1200 **
   1201 ** Returns          void
   1202 **
   1203 *******************************************************************************/
   1204 void nfc_ncif_proc_get_routing(uint8_t* p,
   1205                                __attribute__((unused)) uint8_t len) {
   1206   tNFC_GET_ROUTING_REVT evt_data;
   1207   uint8_t more, num_entries, xx, yy, *pn, tl;
   1208   tNFC_STATUS status = NFC_STATUS_CONTINUE;
   1209 
   1210   if (nfc_cb.p_resp_cback) {
   1211     more = *p++;
   1212     num_entries = *p++;
   1213     for (xx = 0; xx < num_entries; xx++) {
   1214       if ((more == false) && (xx == (num_entries - 1))) status = NFC_STATUS_OK;
   1215       evt_data.status = (tNFC_STATUS)status;
   1216       evt_data.nfcee_id = *p++;
   1217       evt_data.num_tlvs = *p++;
   1218       evt_data.tlv_size = 0;
   1219       pn = evt_data.param_tlvs;
   1220       for (yy = 0; yy < evt_data.num_tlvs; yy++) {
   1221         tl = *(p + 1);
   1222         tl += NFC_TL_SIZE;
   1223         STREAM_TO_ARRAY(pn, p, tl);
   1224         evt_data.tlv_size += tl;
   1225         pn += tl;
   1226       }
   1227       tNFC_RESPONSE nfc_response;
   1228       nfc_response.get_routing = evt_data;
   1229       (*nfc_cb.p_resp_cback)(NFC_GET_ROUTING_REVT, &nfc_response);
   1230     }
   1231   }
   1232 }
   1233 #endif
   1234 
   1235 /*******************************************************************************
   1236 **
   1237 ** Function         nfc_ncif_proc_conn_create_rsp
   1238 **
   1239 ** Description      This function is called to process connection create
   1240 **                  response
   1241 **
   1242 ** Returns          void
   1243 **
   1244 *******************************************************************************/
   1245 void nfc_ncif_proc_conn_create_rsp(uint8_t* p,
   1246                                    __attribute__((unused)) uint16_t plen,
   1247                                    uint8_t dest_type) {
   1248   tNFC_CONN_CB* p_cb;
   1249   tNFC_STATUS status;
   1250   tNFC_CONN_CBACK* p_cback;
   1251   tNFC_CONN evt_data;
   1252   uint8_t conn_id;
   1253 
   1254   /* find the pending connection control block */
   1255   p_cb = nfc_find_conn_cb_by_conn_id(NFC_PEND_CONN_ID);
   1256   if (p_cb) {
   1257     p += NCI_MSG_HDR_SIZE;
   1258     status = *p++;
   1259     p_cb->buff_size = *p++;
   1260     p_cb->num_buff = p_cb->init_credits = *p++;
   1261     conn_id = *p++;
   1262     evt_data.conn_create.status = status;
   1263     evt_data.conn_create.dest_type = dest_type;
   1264     evt_data.conn_create.id = p_cb->id;
   1265     evt_data.conn_create.buff_size = p_cb->buff_size;
   1266     evt_data.conn_create.num_buffs = p_cb->num_buff;
   1267     p_cback = p_cb->p_cback;
   1268     if (status == NCI_STATUS_OK) {
   1269       nfc_set_conn_id(p_cb, conn_id);
   1270     } else {
   1271       nfc_free_conn_cb(p_cb);
   1272     }
   1273 
   1274     if (p_cback) (*p_cback)(conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
   1275   }
   1276 }
   1277 
   1278 /*******************************************************************************
   1279 **
   1280 ** Function         nfc_ncif_report_conn_close_evt
   1281 **
   1282 ** Description      This function is called to report connection close event
   1283 **
   1284 ** Returns          void
   1285 **
   1286 *******************************************************************************/
   1287 void nfc_ncif_report_conn_close_evt(uint8_t conn_id, tNFC_STATUS status) {
   1288   tNFC_CONN evt_data;
   1289   tNFC_CONN_CBACK* p_cback;
   1290   tNFC_CONN_CB* p_cb;
   1291 
   1292   p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
   1293   if (p_cb) {
   1294     p_cback = p_cb->p_cback;
   1295     nfc_free_conn_cb(p_cb);
   1296     evt_data.status = status;
   1297     if (p_cback) (*p_cback)(conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
   1298   }
   1299 }
   1300 
   1301 /*******************************************************************************
   1302 **
   1303 ** Function         nfc_ncif_proc_reset_rsp
   1304 **
   1305 ** Description      This function is called to process reset
   1306 **                  response/notification
   1307 **
   1308 ** Returns          void
   1309 **
   1310 *******************************************************************************/
   1311 void nfc_ncif_proc_reset_rsp(uint8_t* p, bool is_ntf) {
   1312   uint8_t* p_len = p - 1;
   1313   uint8_t status = *p++;
   1314   uint8_t wait_for_ntf = FALSE;
   1315   if (is_ntf) {
   1316     LOG(ERROR) << StringPrintf("reset notification!!:0x%x ", status);
   1317     /* clean up, if the state is OPEN
   1318      * FW does not report reset ntf right now */
   1319     if (status == NCI2_0_RESET_TRIGGER_TYPE_CORE_RESET_CMD_RECEIVED ||
   1320         status == NCI2_0_RESET_TRIGGER_TYPE_POWERED_ON) {
   1321       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
   1322           "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
   1323           nfc_cb.nfc_state);
   1324       nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
   1325       p++;
   1326       STREAM_TO_UINT8(nfc_cb.nci_version, p);
   1327       DLOG_IF(INFO, nfc_debug_enabled)
   1328           << StringPrintf(" CORE_RESET_NTF nci_version%x", nfc_cb.nci_version);
   1329       status = NCI_STATUS_OK;
   1330     } else {
   1331       /* CORE_RESET_NTF received error case , trigger recovery*/
   1332       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
   1333           "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
   1334           nfc_cb.nfc_state);
   1335       nfc_ncif_cmd_timeout();
   1336       status = NCI_STATUS_FAILED;
   1337     }
   1338     if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
   1339       /*if any conn_cb is connected, close it.
   1340         if any pending outgoing packets are dropped.*/
   1341       nfc_reset_all_conn_cbs();
   1342     }
   1343   } else {
   1344     DLOG_IF(INFO, nfc_debug_enabled)
   1345         << StringPrintf("CORE_RESET_RSP len :0x%x ", *p_len);
   1346     if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_2_0)) {
   1347       wait_for_ntf = TRUE;
   1348     } else if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_1_0)) {
   1349       nfc_cb.nci_version = NCI_VERSION_1_0;
   1350     }
   1351   }
   1352 
   1353   if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
   1354     nfc_reset_all_conn_cbs();
   1355   }
   1356 
   1357   if (status == NCI_STATUS_OK) {
   1358     if (wait_for_ntf == TRUE) {
   1359       /* reset version reported by NFCC is NCI2.0 , start a timer for 2000ms to
   1360        * wait for NTF*/
   1361       nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
   1362                       (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
   1363                       nfc_cb.nci_wait_rsp_tout);
   1364     } else {
   1365       if (nfc_cb.nci_version == NCI_VERSION_1_0)
   1366         nci_snd_core_init(NCI_VERSION_1_0);
   1367       else
   1368         nci_snd_core_init(NCI_VERSION_2_0);
   1369     }
   1370   } else {
   1371     LOG(ERROR) << StringPrintf("Failed to reset NFCC");
   1372     nfc_enabled(status, NULL);
   1373   }
   1374 }
   1375 
   1376 /*******************************************************************************
   1377 **
   1378 ** Function         nfc_ncif_proc_init_rsp
   1379 **
   1380 ** Description      This function is called to process init response
   1381 **
   1382 ** Returns          void
   1383 **
   1384 *******************************************************************************/
   1385 void nfc_ncif_proc_init_rsp(NFC_HDR* p_msg) {
   1386   uint8_t *p, status;
   1387   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
   1388 
   1389   p = (uint8_t*)(p_msg + 1) + p_msg->offset;
   1390 
   1391   /* handle init params in nfc_enabled */
   1392   status = *(p + NCI_MSG_HDR_SIZE);
   1393   if (status == NCI_STATUS_OK) {
   1394     if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
   1395       nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
   1396     } else {
   1397       p_cb->id = NFC_RF_CONN_ID;
   1398       // check scbr bit as per NCI 2.0 spec
   1399       nfc_cb.isScbrSupported = p[5] & NCI_SCBR_MASK;
   1400       DLOG_IF(INFO, nfc_debug_enabled)
   1401           << StringPrintf("scbr support: 0x%x", nfc_cb.isScbrSupported);
   1402       p_cb->act_protocol = NCI_PROTOCOL_UNKNOWN;
   1403 
   1404       nfc_set_state(NFC_STATE_W4_POST_INIT_CPLT);
   1405 
   1406       nfc_cb.p_nci_init_rsp = p_msg;
   1407       nfc_cb.p_hal->core_initialized(p_msg->len, p);
   1408     }
   1409   } else {
   1410     if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
   1411       nfc_cb.nci_version = NCI_VERSION_1_0;
   1412       nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
   1413     } else {
   1414       nfc_enabled(status, NULL);
   1415       GKI_freebuf(p_msg);
   1416     }
   1417   }
   1418 }
   1419 
   1420 /*******************************************************************************
   1421 **
   1422 ** Function         nfc_ncif_proc_get_config_rsp
   1423 **
   1424 ** Description      This function is called to process get config response
   1425 **
   1426 ** Returns          void
   1427 **
   1428 *******************************************************************************/
   1429 void nfc_ncif_proc_get_config_rsp(NFC_HDR* p_evt) {
   1430   uint8_t* p;
   1431   tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
   1432   tNFC_RESPONSE evt_data;
   1433 
   1434   p_evt->offset += NCI_MSG_HDR_SIZE;
   1435   p_evt->len -= NCI_MSG_HDR_SIZE;
   1436   if (p_cback) {
   1437     p = (uint8_t*)(p_evt + 1) + p_evt->offset;
   1438     evt_data.get_config.status = *p++;
   1439     evt_data.get_config.tlv_size = p_evt->len;
   1440     evt_data.get_config.p_param_tlvs = p;
   1441     (*p_cback)(NFC_GET_CONFIG_REVT, &evt_data);
   1442   }
   1443 }
   1444 
   1445 /*******************************************************************************
   1446 **
   1447 ** Function         nfc_ncif_proc_t3t_polling_ntf
   1448 **
   1449 ** Description      Handle NCI_MSG_RF_T3T_POLLING NTF
   1450 **
   1451 ** Returns          void
   1452 **
   1453 *******************************************************************************/
   1454 void nfc_ncif_proc_t3t_polling_ntf(uint8_t* p, uint16_t plen) {
   1455   uint8_t status;
   1456   uint8_t num_responses;
   1457 
   1458   /* Pass result to RW_T3T for processing */
   1459   STREAM_TO_UINT8(status, p);
   1460   STREAM_TO_UINT8(num_responses, p);
   1461   plen -= NFC_TL_SIZE;
   1462   rw_t3t_handle_nci_poll_ntf(status, num_responses, (uint8_t)plen, p);
   1463 }
   1464 
   1465 /*******************************************************************************
   1466 **
   1467 ** Function         nfc_data_event
   1468 **
   1469 ** Description      Report Data event on the given connection control block
   1470 **
   1471 ** Returns          void
   1472 **
   1473 *******************************************************************************/
   1474 void nfc_data_event(tNFC_CONN_CB* p_cb) {
   1475   NFC_HDR* p_evt;
   1476   tNFC_DATA_CEVT data_cevt;
   1477   uint8_t* p;
   1478 
   1479   if (p_cb->p_cback) {
   1480     while ((p_evt = (NFC_HDR*)GKI_getfirst(&p_cb->rx_q)) != NULL) {
   1481       if (p_evt->layer_specific & NFC_RAS_FRAGMENTED) {
   1482         /* Not the last fragment */
   1483         if (!(p_evt->layer_specific & NFC_RAS_TOO_BIG)) {
   1484           /* buffer can hold more */
   1485           if ((p_cb->conn_id != NFC_RF_CONN_ID) || (nfc_cb.reassembly)) {
   1486             /* If not rf connection or If rf connection and reassembly
   1487              * requested,
   1488              * try to Reassemble next packet */
   1489             break;
   1490           }
   1491         }
   1492       }
   1493 
   1494       p_evt = (NFC_HDR*)GKI_dequeue(&p_cb->rx_q);
   1495       /* report data event */
   1496       p_evt->offset += NCI_MSG_HDR_SIZE;
   1497       p_evt->len -= NCI_MSG_HDR_SIZE;
   1498 
   1499       if (p_evt->layer_specific)
   1500         data_cevt.status = NFC_STATUS_CONTINUE;
   1501       else {
   1502         nfc_cb.reassembly = true;
   1503         data_cevt.status = NFC_STATUS_OK;
   1504       }
   1505 
   1506       data_cevt.p_data = p_evt;
   1507       /* adjust payload, if needed */
   1508       if (p_cb->conn_id == NFC_RF_CONN_ID) {
   1509         /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status
   1510          * byte needs to be removed
   1511          */
   1512         if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) &&
   1513             (p_cb->act_protocol <= NCI_PROTOCOL_T3T)) {
   1514           p_evt->len--;
   1515           p = (uint8_t*)(p_evt + 1);
   1516           data_cevt.status = *(p + p_evt->offset + p_evt->len);
   1517           if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
   1518               (p_cb->act_protocol == NCI_PROTOCOL_T2T) &&
   1519               (p_cb->act_interface == NCI_INTERFACE_FRAME)) {
   1520             if ((data_cevt.status != NFC_STATUS_OK) &&
   1521                 ((data_cevt.status >= T2T_STATUS_OK_1_BIT) &&
   1522                  (data_cevt.status <= T2T_STATUS_OK_7_BIT))) {
   1523               DLOG_IF(INFO, nfc_debug_enabled)
   1524                   << StringPrintf("%s: T2T tag data xchange", __func__);
   1525               data_cevt.status = NFC_STATUS_OK;
   1526             }
   1527           }
   1528         }
   1529         if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
   1530             (p_cb->act_protocol == NCI_PROTOCOL_T5T)) {
   1531           p_evt->len--;
   1532           p = (uint8_t*)(p_evt + 1);
   1533           data_cevt.status = *(p + p_evt->offset + p_evt->len);
   1534         }
   1535       }
   1536       tNFC_CONN nfc_conn;
   1537       nfc_conn.data = data_cevt;
   1538       (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_CEVT, &nfc_conn);
   1539       p_evt = NULL;
   1540     }
   1541   }
   1542 }
   1543 
   1544 /*******************************************************************************
   1545 **
   1546 ** Function         nfc_ncif_proc_data
   1547 **
   1548 ** Description      Find the connection control block associated with the data
   1549 **                  packet. Assemble the data packet, if needed.
   1550 **                  Report the Data event.
   1551 **
   1552 ** Returns          void
   1553 **
   1554 *******************************************************************************/
   1555 void nfc_ncif_proc_data(NFC_HDR* p_msg) {
   1556   uint8_t *pp, cid;
   1557   tNFC_CONN_CB* p_cb;
   1558   uint8_t pbf;
   1559   NFC_HDR* p_last;
   1560   uint8_t *ps, *pd;
   1561   uint16_t size;
   1562   NFC_HDR* p_max = NULL;
   1563   uint16_t len;
   1564 
   1565   pp = (uint8_t*)(p_msg + 1) + p_msg->offset;
   1566   DLOG_IF(INFO, nfc_debug_enabled)
   1567       << StringPrintf("nfc_ncif_proc_data 0x%02x%02x%02x", pp[0], pp[1], pp[2]);
   1568   NCI_DATA_PRS_HDR(pp, pbf, cid, len);
   1569   p_cb = nfc_find_conn_cb_by_conn_id(cid);
   1570   if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE)) {
   1571     DLOG_IF(INFO, nfc_debug_enabled)
   1572         << StringPrintf("nfc_ncif_proc_data len:%d", len);
   1573 
   1574     p_msg->layer_specific = 0;
   1575     if (pbf) {
   1576       NFC_SetReassemblyFlag(true);
   1577       p_msg->layer_specific = NFC_RAS_FRAGMENTED;
   1578     }
   1579     p_last = (NFC_HDR*)GKI_getlast(&p_cb->rx_q);
   1580     if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
   1581       /* last data buffer is not last fragment, append this new packet to the
   1582        * last */
   1583       size = GKI_get_buf_size(p_last);
   1584       if (size < (NFC_HDR_SIZE + p_last->len + p_last->offset + len)) {
   1585         /* the current size of p_last is not big enough to hold the new
   1586          * fragment, p_msg */
   1587         if (size != GKI_MAX_BUF_SIZE) {
   1588           /* try the biggest GKI pool */
   1589           p_max = (NFC_HDR*)GKI_getpoolbuf(GKI_MAX_BUF_SIZE_POOL_ID);
   1590           if (p_max) {
   1591             /* copy the content of last buffer to the new buffer */
   1592             memcpy(p_max, p_last, NFC_HDR_SIZE);
   1593             pd = (uint8_t*)(p_max + 1) + p_max->offset;
   1594             ps = (uint8_t*)(p_last + 1) + p_last->offset;
   1595             memcpy(pd, ps, p_last->len);
   1596 
   1597             /* place the new buffer in the queue instead */
   1598             GKI_remove_from_queue(&p_cb->rx_q, p_last);
   1599             GKI_freebuf(p_last);
   1600             GKI_enqueue(&p_cb->rx_q, p_max);
   1601             p_last = p_max;
   1602           }
   1603         }
   1604         if (p_max == NULL) {
   1605           /* Biggest GKI Pool not available (or)
   1606            * Biggest available GKI Pool is not big enough to hold the new
   1607            * fragment, p_msg */
   1608           p_last->layer_specific |= NFC_RAS_TOO_BIG;
   1609         }
   1610       }
   1611 
   1612       ps = (uint8_t*)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
   1613       len = p_msg->len - NCI_MSG_HDR_SIZE;
   1614 
   1615       if (!(p_last->layer_specific & NFC_RAS_TOO_BIG)) {
   1616         pd = (uint8_t*)(p_last + 1) + p_last->offset + p_last->len;
   1617         memcpy(pd, ps, len);
   1618         p_last->len += len;
   1619         /* do not need to update pbf and len in NCI header.
   1620          * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
   1621         DLOG_IF(INFO, nfc_debug_enabled)
   1622             << StringPrintf("nfc_ncif_proc_data len:%d", p_last->len);
   1623         p_last->layer_specific = p_msg->layer_specific;
   1624         GKI_freebuf(p_msg);
   1625 #ifdef DISP_NCI
   1626         if (!(p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
   1627           /* this packet was reassembled. display the complete packet */
   1628           DISP_NCI((uint8_t*)(p_last + 1) + p_last->offset, p_last->len, true);
   1629         }
   1630 #endif
   1631         nfc_data_event(p_cb);
   1632       } else {
   1633         /* Not enough memory to add new buffer
   1634          * Send data already in queue first with status Continue */
   1635         nfc_data_event(p_cb);
   1636         /* now enqueue the new buffer to the rx queue */
   1637         GKI_enqueue(&p_cb->rx_q, p_msg);
   1638       }
   1639     } else {
   1640       /* if this is the first fragment on RF link */
   1641       if ((p_msg->layer_specific & NFC_RAS_FRAGMENTED) &&
   1642           (p_cb->conn_id == NFC_RF_CONN_ID) && (p_cb->p_cback)) {
   1643         /* Indicate upper layer that local device started receiving data */
   1644         (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_START_CEVT, NULL);
   1645       }
   1646       /* enqueue the new buffer to the rx queue */
   1647       GKI_enqueue(&p_cb->rx_q, p_msg);
   1648       nfc_data_event(p_cb);
   1649     }
   1650     return;
   1651   }
   1652   GKI_freebuf(p_msg);
   1653 }
   1654 
   1655 /*******************************************************************************
   1656 **
   1657 ** Function         nfc_ncif_process_proprietary_rsp
   1658 **
   1659 ** Description      Process the response to avoid collision
   1660 **                  while rawVsCbflag is set
   1661 **
   1662 ** Returns          true if proprietary response else false
   1663 **
   1664 *******************************************************************************/
   1665 bool nfc_ncif_proc_proprietary_rsp(uint8_t mt, uint8_t gid, uint8_t oid) {
   1666   bool stat = FALSE;
   1667   DLOG_IF(INFO, nfc_debug_enabled)
   1668       << StringPrintf("%s: mt=%u, gid=%u, oid=%u", __func__, mt, gid, oid);
   1669 
   1670   switch (mt) {
   1671     case NCI_MT_DATA:
   1672       /* check for Data Response */
   1673       if (gid != 0x03 && oid != 0x00) stat = TRUE;
   1674       break;
   1675 
   1676     case NCI_MT_NTF:
   1677       switch (gid) {
   1678         case NCI_GID_CORE:
   1679           /* check for CORE_RESET_NTF or CORE_CONN_CREDITS_NTF */
   1680           if (oid != 0x00 && oid != 0x06) stat = TRUE;
   1681           break;
   1682         case NCI_GID_RF_MANAGE:
   1683           /* check for CORE_CONN_CREDITS_NTF or NFA_EE_ACTION_NTF or
   1684            * NFA_EE_DISCOVERY_REQ_NTF */
   1685           if (oid != 0x06 && oid != 0x09 && oid != 0x0A) stat = TRUE;
   1686           break;
   1687         case NCI_GID_EE_MANAGE:
   1688           if (oid != 0x00) stat = TRUE;
   1689           break;
   1690         default:
   1691           stat = TRUE;
   1692           break;
   1693       }
   1694       break;
   1695 
   1696     default:
   1697       stat = TRUE;
   1698       break;
   1699   }
   1700   DLOG_IF(INFO, nfc_debug_enabled)
   1701       << StringPrintf("%s: exit status=%u", __func__, stat);
   1702   return stat;
   1703 }
   1704 
   1705 /*******************************************************************************
   1706 ** Function         nfc_mode_set_ntf_timeout
   1707 **
   1708 ** Description      This function is invoked on mode set ntf timeout
   1709 **
   1710 ** Returns          void
   1711 **
   1712 *******************************************************************************/
   1713 void nfc_mode_set_ntf_timeout() {
   1714   LOG(ERROR) << StringPrintf("%s", __func__);
   1715   tNFC_RESPONSE nfc_response;
   1716   nfc_response.mode_set.status = NCI_STATUS_FAILED;
   1717   nfc_response.mode_set.nfcee_id = *nfc_cb.last_cmd;
   1718   nfc_response.mode_set.mode = NCI_NFCEE_MD_DEACTIVATE;
   1719 
   1720   tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
   1721   tNFC_RESPONSE_EVT event = NFC_NFCEE_MODE_SET_REVT;
   1722   if (p_cback) (*p_cback)(event, &nfc_response);
   1723 }
   1724