1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2013 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include "bt_target.h"
20 #include "bt_utils.h"
21 #include "gatt_api.h"
22 #include "gatt_int.h"
23 #include "srvc_eng_int.h"
24 #include "srvc_dis_int.h"
25
26 #define LOG_TAG "bt_srvc"
27 #include "osi/include/log.h"
28
29 #if BLE_INCLUDED == TRUE
30
31 #define DIS_MAX_NUM_INC_SVR 0
32 #define DIS_MAX_CHAR_NUM 9
33 #define DIS_MAX_ATTR_NUM (DIS_MAX_CHAR_NUM * 2 + DIS_MAX_NUM_INC_SVR + 1)
34
35 #ifndef DIS_ATTR_DB_SIZE
36 #define DIS_ATTR_DB_SIZE GATT_DB_MEM_SIZE(DIS_MAX_NUM_INC_SVR, DIS_MAX_CHAR_NUM, 0)
37 #endif
38
39 #define UINT64_TO_STREAM(p, u64) {*(p)++ = (UINT8)(u64); *(p)++ = (UINT8)((u64) >> 8);*(p)++ = (UINT8)((u64) >> 16); *(p)++ = (UINT8)((u64) >> 24); \
40 *(p)++ = (UINT8)((u64) >> 32); *(p)++ = (UINT8)((u64) >> 40);*(p)++ = (UINT8)((u64) >> 48); *(p)++ = (UINT8)((u64) >> 56);}
41
42 #define STREAM_TO_UINT64(u64, p) {u64 = (((UINT64)(*(p))) + ((((UINT64)(*((p) + 1)))) << 8) + ((((UINT64)(*((p) + 2)))) << 16) + ((((UINT64)(*((p) + 3)))) << 24) \
43 + ((((UINT64)(*((p) + 4)))) << 32) + ((((UINT64)(*((p) + 5)))) << 40) + ((((UINT64)(*((p) + 6)))) << 48) + ((((UINT64)(*((p) + 7)))) << 56)); (p) += 8;}
44
45
46
47 static const UINT16 dis_attr_uuid[DIS_MAX_CHAR_NUM] =
48 {
49 GATT_UUID_SYSTEM_ID,
50 GATT_UUID_MODEL_NUMBER_STR,
51 GATT_UUID_SERIAL_NUMBER_STR,
52 GATT_UUID_FW_VERSION_STR,
53 GATT_UUID_HW_VERSION_STR,
54 GATT_UUID_SW_VERSION_STR,
55 GATT_UUID_MANU_NAME,
56 GATT_UUID_IEEE_DATA,
57 GATT_UUID_PNP_ID
58 };
59
60 tDIS_CB dis_cb;
61
dis_uuid_to_attr(UINT16 uuid)62 static tDIS_ATTR_MASK dis_uuid_to_attr(UINT16 uuid)
63 {
64 switch (uuid)
65 {
66 case GATT_UUID_SYSTEM_ID:
67 return DIS_ATTR_SYS_ID_BIT;
68 case GATT_UUID_MODEL_NUMBER_STR:
69 return DIS_ATTR_MODEL_NUM_BIT;
70 case GATT_UUID_SERIAL_NUMBER_STR:
71 return DIS_ATTR_SERIAL_NUM_BIT;
72 case GATT_UUID_FW_VERSION_STR:
73 return DIS_ATTR_FW_NUM_BIT;
74 case GATT_UUID_HW_VERSION_STR:
75 return DIS_ATTR_HW_NUM_BIT;
76 case GATT_UUID_SW_VERSION_STR:
77 return DIS_ATTR_SW_NUM_BIT;
78 case GATT_UUID_MANU_NAME:
79 return DIS_ATTR_MANU_NAME_BIT;
80 case GATT_UUID_IEEE_DATA:
81 return DIS_ATTR_IEEE_DATA_BIT;
82 case GATT_UUID_PNP_ID:
83 return DIS_ATTR_PNP_ID_BIT;
84 default:
85 return 0;
86 };
87 }
88
89 /*******************************************************************************
90 ** dis_valid_handle_range
91 **
92 ** validate a handle to be a DIS attribute handle or not.
93 *******************************************************************************/
dis_valid_handle_range(UINT16 handle)94 BOOLEAN dis_valid_handle_range(UINT16 handle)
95 {
96 if (handle >= dis_cb.service_handle && handle <= dis_cb.max_handle)
97 return TRUE;
98 else
99 return FALSE;
100 }
101 /*******************************************************************************
102 ** dis_write_attr_value
103 **
104 ** Process write DIS attribute request.
105 *******************************************************************************/
dis_write_attr_value(tGATT_WRITE_REQ * p_data,tGATT_STATUS * p_status)106 UINT8 dis_write_attr_value(tGATT_WRITE_REQ * p_data, tGATT_STATUS *p_status)
107 {
108 UNUSED(p_data);
109
110 *p_status = GATT_WRITE_NOT_PERMIT;
111 return SRVC_ACT_RSP;
112 }
113 /*******************************************************************************
114 ** DIS Attributes Database Server Request callback
115 *******************************************************************************/
dis_read_attr_value(UINT8 clcb_idx,UINT16 handle,tGATT_VALUE * p_value,BOOLEAN is_long,tGATT_STATUS * p_status)116 UINT8 dis_read_attr_value (UINT8 clcb_idx, UINT16 handle, tGATT_VALUE *p_value,
117 BOOLEAN is_long, tGATT_STATUS *p_status)
118 {
119 tDIS_DB_ENTRY *p_db_attr = dis_cb.dis_attr;
120 UINT8 *p = p_value->value, i, *pp;
121 UINT16 offset = p_value->offset;
122 UINT8 act = SRVC_ACT_RSP;
123 tGATT_STATUS st = GATT_NOT_FOUND;
124 UNUSED(clcb_idx);
125
126 for (i = 0; i < DIS_MAX_CHAR_NUM; i ++, p_db_attr ++)
127 {
128 if (handle == p_db_attr->handle)
129 {
130 if ((p_db_attr->uuid == GATT_UUID_PNP_ID || p_db_attr->uuid == GATT_UUID_SYSTEM_ID)&&
131 is_long == TRUE)
132 {
133 st = GATT_NOT_LONG;
134 break;
135 }
136 st = GATT_SUCCESS;
137
138 switch (p_db_attr->uuid)
139 {
140 case GATT_UUID_MANU_NAME:
141 case GATT_UUID_MODEL_NUMBER_STR:
142 case GATT_UUID_SERIAL_NUMBER_STR:
143 case GATT_UUID_FW_VERSION_STR:
144 case GATT_UUID_HW_VERSION_STR:
145 case GATT_UUID_SW_VERSION_STR:
146 case GATT_UUID_IEEE_DATA:
147 pp = dis_cb.dis_value.data_string[p_db_attr->uuid - GATT_UUID_MODEL_NUMBER_STR];
148 if (pp != NULL)
149 {
150 if (strlen ((char *)pp) > GATT_MAX_ATTR_LEN)
151 p_value->len = GATT_MAX_ATTR_LEN;
152 else
153 p_value->len = (UINT16)strlen ((char *)pp);
154 }
155 else
156 p_value->len = 0;
157
158 if (offset > p_value->len)
159 {
160 st = GATT_INVALID_OFFSET;
161 break;
162 }
163 else
164 {
165 p_value->len -= offset;
166 pp += offset;
167 ARRAY_TO_STREAM(p, pp, p_value->len);
168 GATT_TRACE_EVENT("GATT_UUID_MANU_NAME len=0x%04x", p_value->len);
169 }
170 break;
171
172
173 case GATT_UUID_SYSTEM_ID:
174 UINT64_TO_STREAM(p, dis_cb.dis_value.system_id); /* int_min */
175 p_value->len = DIS_SYSTEM_ID_SIZE;
176 break;
177
178 case GATT_UUID_PNP_ID:
179 UINT8_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id_src);
180 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id);
181 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_id);
182 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_version);
183 p_value->len = DIS_PNP_ID_SIZE;
184 break;
185
186 }
187 break;
188 }
189 }
190 *p_status = st;
191 return act;
192 }
193
194 /*******************************************************************************
195 **
196 ** Function dis_gatt_c_read_dis_value_cmpl
197 **
198 ** Description Client read DIS database complete callback.
199 **
200 ** Returns void
201 **
202 *******************************************************************************/
dis_gatt_c_read_dis_value_cmpl(UINT16 conn_id)203 static void dis_gatt_c_read_dis_value_cmpl(UINT16 conn_id)
204 {
205 tSRVC_CLCB *p_clcb = srvc_eng_find_clcb_by_conn_id(conn_id);
206
207 dis_cb.dis_read_uuid_idx = 0xff;
208
209 srvc_eng_release_channel(conn_id);
210
211 if (dis_cb.p_read_dis_cback && p_clcb)
212 {
213 LOG_INFO("%s conn_id:%d attr_mask = 0x%04x", __func__, conn_id,
214 p_clcb->dis_value.attr_mask);
215
216 (*dis_cb.p_read_dis_cback)(p_clcb->bda, &p_clcb->dis_value);
217 dis_cb.p_read_dis_cback = NULL;
218 }
219 }
220
221 /*******************************************************************************
222 **
223 ** Function dis_gatt_c_read_dis_req
224 **
225 ** Description Read remote device DIS attribute request.
226 **
227 ** Returns void
228 **
229 *******************************************************************************/
dis_gatt_c_read_dis_req(UINT16 conn_id)230 BOOLEAN dis_gatt_c_read_dis_req(UINT16 conn_id)
231 {
232 tGATT_READ_PARAM param;
233
234 memset(¶m, 0, sizeof(tGATT_READ_PARAM));
235
236 param.service.uuid.len = LEN_UUID_16;
237 param.service.s_handle = 1;
238 param.service.e_handle = 0xFFFF;
239 param.service.auth_req = 0;
240
241 while (dis_cb.dis_read_uuid_idx < DIS_MAX_CHAR_NUM)
242 {
243 if (dis_uuid_to_attr(dis_attr_uuid[dis_cb.dis_read_uuid_idx]) &
244 dis_cb.request_mask)
245 {
246 param.service.uuid.uu.uuid16 = dis_attr_uuid[dis_cb.dis_read_uuid_idx];
247
248 if (GATTC_Read(conn_id, GATT_READ_BY_TYPE, ¶m) == GATT_SUCCESS)
249 return TRUE;
250
251 GATT_TRACE_ERROR ("Read DISInfo: 0x%04x GATT_Read Failed", param.service.uuid.uu.uuid16);
252 }
253
254 dis_cb.dis_read_uuid_idx++;
255 }
256
257 dis_gatt_c_read_dis_value_cmpl(conn_id);
258
259 return(FALSE);
260 }
261
262 /*******************************************************************************
263 **
264 ** Function dis_c_cmpl_cback
265 **
266 ** Description Client operation complete callback.
267 **
268 ** Returns void
269 **
270 *******************************************************************************/
dis_c_cmpl_cback(tSRVC_CLCB * p_clcb,tGATTC_OPTYPE op,tGATT_STATUS status,tGATT_CL_COMPLETE * p_data)271 void dis_c_cmpl_cback (tSRVC_CLCB *p_clcb, tGATTC_OPTYPE op,
272 tGATT_STATUS status, tGATT_CL_COMPLETE *p_data)
273 {
274 UINT16 read_type = dis_attr_uuid[dis_cb.dis_read_uuid_idx];
275 UINT8 *pp = NULL, *p_str;
276 UINT16 conn_id = p_clcb->conn_id;
277
278 GATT_TRACE_EVENT ("dis_c_cmpl_cback() - op_code: 0x%02x status: 0x%02x \
279 read_type: 0x%04x", op, status, read_type);
280
281 if (op != GATTC_OPTYPE_READ)
282 return;
283
284 if (p_data != NULL && status == GATT_SUCCESS)
285 {
286 pp = p_data->att_value.value;
287
288 switch (read_type)
289 {
290 case GATT_UUID_SYSTEM_ID:
291 GATT_TRACE_EVENT ("DIS_ATTR_SYS_ID_BIT");
292 if (p_data->att_value.len == DIS_SYSTEM_ID_SIZE)
293 {
294 p_clcb->dis_value.attr_mask |= DIS_ATTR_SYS_ID_BIT;
295 /* save system ID*/
296 STREAM_TO_UINT64 (p_clcb->dis_value.system_id, pp);
297 }
298 break;
299
300 case GATT_UUID_PNP_ID:
301 if (p_data->att_value.len == DIS_PNP_ID_SIZE)
302 {
303 p_clcb->dis_value.attr_mask |= DIS_ATTR_PNP_ID_BIT;
304 STREAM_TO_UINT8 (p_clcb->dis_value.pnp_id.vendor_id_src, pp);
305 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.vendor_id, pp);
306 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.product_id, pp);
307 STREAM_TO_UINT16 (p_clcb->dis_value.pnp_id.product_version, pp);
308 }
309 break;
310
311 case GATT_UUID_MODEL_NUMBER_STR:
312 case GATT_UUID_SERIAL_NUMBER_STR:
313 case GATT_UUID_FW_VERSION_STR:
314 case GATT_UUID_HW_VERSION_STR:
315 case GATT_UUID_SW_VERSION_STR:
316 case GATT_UUID_MANU_NAME:
317 case GATT_UUID_IEEE_DATA:
318 p_str = p_clcb->dis_value.data_string[read_type - GATT_UUID_MODEL_NUMBER_STR];
319 if (p_str != NULL)
320 GKI_freebuf(p_str);
321 if ((p_str = (UINT8 *)GKI_getbuf((UINT16)(p_data->att_value.len + 1))) != NULL)
322 {
323 p_clcb->dis_value.attr_mask |= dis_uuid_to_attr(read_type);
324 memcpy(p_str, p_data->att_value.value, p_data->att_value.len);
325 p_str[p_data->att_value.len] = 0;
326 p_clcb->dis_value.data_string[read_type - GATT_UUID_MODEL_NUMBER_STR] = p_str;
327 }
328 break;
329
330 default:
331 break;
332
333 break;
334 }/* end switch */
335 }/* end if */
336
337 dis_cb.dis_read_uuid_idx ++;
338
339 dis_gatt_c_read_dis_req(conn_id);
340 }
341
342
343 /*******************************************************************************
344 **
345 ** Function DIS_SrInit
346 **
347 ** Description Initialize the Device Information Service Server.
348 **
349 *******************************************************************************/
DIS_SrInit(tDIS_ATTR_MASK dis_attr_mask)350 tDIS_STATUS DIS_SrInit (tDIS_ATTR_MASK dis_attr_mask)
351 {
352 tBT_UUID uuid = {LEN_UUID_16, {UUID_SERVCLASS_DEVICE_INFO}};
353 UINT16 i = 0;
354 tGATT_STATUS status;
355 tDIS_DB_ENTRY *p_db_attr = &dis_cb.dis_attr[0];
356
357 if (dis_cb.enabled)
358 {
359 GATT_TRACE_ERROR("DIS already initalized");
360 return DIS_SUCCESS;
361 }
362
363 memset(&dis_cb, 0, sizeof(tDIS_CB));
364
365 dis_cb.service_handle = GATTS_CreateService (srvc_eng_cb.gatt_if , &uuid, 0, DIS_MAX_ATTR_NUM, TRUE);
366
367 if (dis_cb.service_handle == 0)
368 {
369 GATT_TRACE_ERROR("Can not create service, DIS_Init failed!");
370 return GATT_ERROR;
371 }
372 dis_cb.max_handle = dis_cb.service_handle + DIS_MAX_ATTR_NUM;
373
374 while (dis_attr_mask != 0 && i < DIS_MAX_CHAR_NUM)
375 {
376 /* add Manufacturer name
377 */
378 uuid.uu.uuid16 = p_db_attr->uuid = dis_attr_uuid[i];
379 p_db_attr->handle = GATTS_AddCharacteristic(dis_cb.service_handle, &uuid, GATT_PERM_READ, GATT_CHAR_PROP_BIT_READ);
380 GATT_TRACE_DEBUG ("DIS_SrInit: handle of new attribute 0x%04 = x%d", uuid.uu.uuid16, p_db_attr->handle );
381 p_db_attr ++;
382 i ++;
383 dis_attr_mask >>= 1;
384 }
385
386 /* start service
387 */
388 status = GATTS_StartService (srvc_eng_cb.gatt_if, dis_cb.service_handle, GATT_TRANSPORT_LE_BR_EDR);
389
390 dis_cb.enabled = TRUE;
391
392 return (tDIS_STATUS) status;
393 }
394 /*******************************************************************************
395 **
396 ** Function DIS_SrUpdate
397 **
398 ** Description Update the DIS server attribute values
399 **
400 *******************************************************************************/
DIS_SrUpdate(tDIS_ATTR_BIT dis_attr_bit,tDIS_ATTR * p_info)401 tDIS_STATUS DIS_SrUpdate(tDIS_ATTR_BIT dis_attr_bit, tDIS_ATTR *p_info)
402 {
403 UINT8 i = 1;
404 tDIS_STATUS st = DIS_SUCCESS;
405
406 if (dis_attr_bit & DIS_ATTR_SYS_ID_BIT)
407 {
408 dis_cb.dis_value.system_id = p_info->system_id;
409 }
410 else if (dis_attr_bit & DIS_ATTR_PNP_ID_BIT)
411 {
412 dis_cb.dis_value.pnp_id.vendor_id = p_info->pnp_id.vendor_id;
413 dis_cb.dis_value.pnp_id.vendor_id_src = p_info->pnp_id.vendor_id_src;
414 dis_cb.dis_value.pnp_id.product_id = p_info->pnp_id.product_id;
415 dis_cb.dis_value.pnp_id.product_version = p_info->pnp_id.product_version;
416 }
417 else
418 {
419 st = DIS_ILLEGAL_PARAM;
420
421 while (dis_attr_bit && i < (DIS_MAX_CHAR_NUM -1 ))
422 {
423 if (dis_attr_bit & (UINT16)(1 << i))
424 {
425 if (dis_cb.dis_value.data_string[i - 1] != NULL)
426 GKI_freebuf(dis_cb.dis_value.data_string[i - 1]);
427 /* coverity[OVERRUN-STATIC] False-positive : when i = 8, (1 << i) == DIS_ATTR_PNP_ID_BIT, and it will never come down here
428 CID 49902: Out-of-bounds read (OVERRUN_STATIC)
429 Overrunning static array "dis_cb.dis_value.data_string", with 7 elements, at position 7 with index variable "i".
430 */
431 if ((dis_cb.dis_value.data_string[i - 1] = (UINT8 *)GKI_getbuf((UINT16)(p_info->data_str.len + 1))) != NULL)
432 {
433
434 memcpy(dis_cb.dis_value.data_string[i - 1], p_info->data_str.p_data, p_info->data_str.len);
435 dis_cb.dis_value.data_string[i - 1][p_info->data_str.len] = 0; /* make sure null terminate */
436 st = DIS_SUCCESS;
437 }
438 else
439 st = DIS_NO_RESOURCES;
440
441 break;
442 }
443 i ++;
444 }
445 }
446 return st;
447 }
448 /*******************************************************************************
449 **
450 ** Function DIS_ReadDISInfo
451 **
452 ** Description Read remote device DIS information.
453 **
454 ** Returns void
455 **
456 *******************************************************************************/
DIS_ReadDISInfo(BD_ADDR peer_bda,tDIS_READ_CBACK * p_cback,tDIS_ATTR_MASK mask)457 BOOLEAN DIS_ReadDISInfo(BD_ADDR peer_bda, tDIS_READ_CBACK *p_cback, tDIS_ATTR_MASK mask)
458 {
459 UINT16 conn_id;
460
461 /* Initialize the DIS client if it hasn't been initialized already. */
462 srvc_eng_init();
463
464 /* For now we only handle one at a time */
465 if (dis_cb.dis_read_uuid_idx != 0xff)
466 return(FALSE);
467
468 if (p_cback == NULL)
469 return(FALSE);
470
471 dis_cb.p_read_dis_cback = p_cback;
472 /* Mark currently active operation */
473 dis_cb.dis_read_uuid_idx = 0;
474
475 dis_cb.request_mask = mask;
476
477 GATT_TRACE_EVENT ("DIS_ReadDISInfo() - BDA: %08x%04x cl_read_uuid: 0x%04x",
478 (peer_bda[0]<<24)+(peer_bda[1]<<16)+(peer_bda[2]<<8)+peer_bda[3],
479 (peer_bda[4]<<8)+peer_bda[5], dis_attr_uuid[dis_cb.dis_read_uuid_idx]);
480
481
482 GATT_GetConnIdIfConnected(srvc_eng_cb.gatt_if, peer_bda, &conn_id, BT_TRANSPORT_LE);
483
484 /* need to enhance it as multiple service is needed */
485 srvc_eng_request_channel(peer_bda, SRVC_ID_DIS);
486
487 if (conn_id == GATT_INVALID_CONN_ID)
488 {
489 return GATT_Connect(srvc_eng_cb.gatt_if, peer_bda, TRUE, BT_TRANSPORT_LE);
490 }
491
492 return dis_gatt_c_read_dis_req(conn_id);
493
494 }
495 #endif /* BLE_INCLUDED */
496
497
498