1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains GATT utility functions
22 *
23 ******************************************************************************/
24 #include "bt_target.h"
25 #include "bt_utils.h"
26 #include "osi/include/osi.h"
27
28 #include <string.h>
29 #include "bt_common.h"
30 #include "stdio.h"
31
32 #include "btm_int.h"
33 #include "connection_manager.h"
34 #include "gatt_api.h"
35 #include "gatt_int.h"
36 #include "gattdefs.h"
37 #include "l2cdefs.h"
38 #include "sdp_api.h"
39 #include "stack/gatt/connection_manager.h"
40
41 using base::StringPrintf;
42 using bluetooth::Uuid;
43
44 /* check if [x, y] and [a, b] have overlapping range */
45 #define GATT_VALIDATE_HANDLE_RANGE(x, y, a, b) ((y) >= (a) && (x) <= (b))
46
47 #define GATT_GET_NEXT_VALID_HANDLE(x) (((x) / 10 + 1) * 10)
48
49 const char* const op_code_name[] = {"UNKNOWN",
50 "ATT_RSP_ERROR",
51 "ATT_REQ_MTU",
52 "ATT_RSP_MTU",
53 "ATT_REQ_READ_INFO",
54 "ATT_RSP_READ_INFO",
55 "ATT_REQ_FIND_TYPE_VALUE",
56 "ATT_RSP_FIND_TYPE_VALUE",
57 "ATT_REQ_READ_BY_TYPE",
58 "ATT_RSP_READ_BY_TYPE",
59 "ATT_REQ_READ",
60 "ATT_RSP_READ",
61 "ATT_REQ_READ_BLOB",
62 "ATT_RSP_READ_BLOB",
63 "GATT_REQ_READ_MULTI",
64 "GATT_RSP_READ_MULTI",
65 "GATT_REQ_READ_BY_GRP_TYPE",
66 "GATT_RSP_READ_BY_GRP_TYPE",
67 "ATT_REQ_WRITE",
68 "ATT_RSP_WRITE",
69 "ATT_CMD_WRITE",
70 "ATT_SIGN_CMD_WRITE",
71 "ATT_REQ_PREPARE_WRITE",
72 "ATT_RSP_PREPARE_WRITE",
73 "ATT_REQ_EXEC_WRITE",
74 "ATT_RSP_EXEC_WRITE",
75 "Reserved",
76 "ATT_HANDLE_VALUE_NOTIF",
77 "Reserved",
78 "ATT_HANDLE_VALUE_IND",
79 "ATT_HANDLE_VALUE_CONF",
80 "ATT_OP_CODE_MAX"};
81
82 /*******************************************************************************
83 *
84 * Function gatt_free_pending_ind
85 *
86 * Description Free all pending indications
87 *
88 * Returns None
89 *
90 ******************************************************************************/
gatt_free_pending_ind(tGATT_TCB * p_tcb)91 void gatt_free_pending_ind(tGATT_TCB* p_tcb) {
92 VLOG(1) << __func__;
93
94 if (p_tcb->pending_ind_q == NULL) return;
95
96 /* release all queued indications */
97 while (!fixed_queue_is_empty(p_tcb->pending_ind_q))
98 osi_free(fixed_queue_try_dequeue(p_tcb->pending_ind_q));
99 fixed_queue_free(p_tcb->pending_ind_q, NULL);
100 p_tcb->pending_ind_q = NULL;
101 }
102
103 /*******************************************************************************
104 *
105 * Function gatt_delete_dev_from_srv_chg_clt_list
106 *
107 * Description Delete a device from the service changed client lit
108 *
109 * Returns None
110 *
111 ******************************************************************************/
gatt_delete_dev_from_srv_chg_clt_list(const RawAddress & bd_addr)112 void gatt_delete_dev_from_srv_chg_clt_list(const RawAddress& bd_addr) {
113 VLOG(1) << __func__;
114
115 tGATTS_SRV_CHG* p_buf = gatt_is_bda_in_the_srv_chg_clt_list(bd_addr);
116 if (p_buf != NULL) {
117 if (gatt_cb.cb_info.p_srv_chg_callback) {
118 /* delete from NV */
119 tGATTS_SRV_CHG_REQ req;
120 req.srv_chg.bda = bd_addr;
121 (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_REMOVE_CLIENT,
122 &req, NULL);
123 }
124 osi_free(fixed_queue_try_remove_from_queue(gatt_cb.srv_chg_clt_q, p_buf));
125 }
126 }
127
128 /*******************************************************************************
129 *
130 * Function gatt_set_srv_chg
131 *
132 * Description Set the service changed flag to true
133 *
134 * Returns None
135 *
136 ******************************************************************************/
gatt_set_srv_chg(void)137 void gatt_set_srv_chg(void) {
138 VLOG(1) << __func__;
139
140 if (fixed_queue_is_empty(gatt_cb.srv_chg_clt_q)) return;
141
142 list_t* list = fixed_queue_get_list(gatt_cb.srv_chg_clt_q);
143 for (const list_node_t* node = list_begin(list); node != list_end(list);
144 node = list_next(node)) {
145 VLOG(1) << "found a srv_chg clt";
146
147 tGATTS_SRV_CHG* p_buf = (tGATTS_SRV_CHG*)list_node(node);
148 if (!p_buf->srv_changed) {
149 VLOG(1) << "set srv_changed to true";
150 p_buf->srv_changed = true;
151 tGATTS_SRV_CHG_REQ req;
152 memcpy(&req.srv_chg, p_buf, sizeof(tGATTS_SRV_CHG));
153 if (gatt_cb.cb_info.p_srv_chg_callback)
154 (*gatt_cb.cb_info.p_srv_chg_callback)(GATTS_SRV_CHG_CMD_UPDATE_CLIENT,
155 &req, NULL);
156 }
157 }
158 }
159
160 /** Add a pending indication */
gatt_add_pending_ind(tGATT_TCB * p_tcb,tGATT_VALUE * p_ind)161 void gatt_add_pending_ind(tGATT_TCB* p_tcb, tGATT_VALUE* p_ind) {
162 VLOG(1) << __func__ << "enqueue a pending indication";
163
164 tGATT_VALUE* p_buf = (tGATT_VALUE*)osi_malloc(sizeof(tGATT_VALUE));
165 memcpy(p_buf, p_ind, sizeof(tGATT_VALUE));
166 fixed_queue_enqueue(p_tcb->pending_ind_q, p_buf);
167 }
168
169 /*******************************************************************************
170 *
171 * Function gatt_add_srv_chg_clt
172 *
173 * Description Add a service chnage client to the service change client queue
174 *
175 * Returns Pointer to the service change client buffer; Null no buffer
176 * available
177 *
178 ******************************************************************************/
gatt_add_srv_chg_clt(tGATTS_SRV_CHG * p_srv_chg)179 tGATTS_SRV_CHG* gatt_add_srv_chg_clt(tGATTS_SRV_CHG* p_srv_chg) {
180 tGATTS_SRV_CHG* p_buf = (tGATTS_SRV_CHG*)osi_malloc(sizeof(tGATTS_SRV_CHG));
181 VLOG(1) << __func__ << "enqueue a srv chg client";
182
183 memcpy(p_buf, p_srv_chg, sizeof(tGATTS_SRV_CHG));
184 fixed_queue_enqueue(gatt_cb.srv_chg_clt_q, p_buf);
185
186 return p_buf;
187 }
188
189 /**
190 * Returns pointer to the handle range buffer starting at handle |handle|,
191 * nullptr
192 * if no buffer available
193 */
gatt_find_hdl_buffer_by_handle(uint16_t handle)194 tGATT_HDL_LIST_ELEM* gatt_find_hdl_buffer_by_handle(uint16_t handle) {
195 for (auto& elem : *gatt_cb.hdl_list_info) {
196 if (elem.asgn_range.s_handle == handle) return &elem;
197 }
198
199 return nullptr;
200 }
201 /*******************************************************************************
202 *
203 * Description Find handle range buffer by app ID, service and service instance
204 * ID.
205 *
206 * Returns Pointer to the buffer, NULL no buffer available
207 *
208 ******************************************************************************/
gatt_find_hdl_buffer_by_app_id(const Uuid & app_uuid128,Uuid * p_svc_uuid,uint16_t start_handle)209 std::list<tGATT_HDL_LIST_ELEM>::iterator gatt_find_hdl_buffer_by_app_id(
210 const Uuid& app_uuid128, Uuid* p_svc_uuid, uint16_t start_handle) {
211 auto end_it = gatt_cb.hdl_list_info->end();
212 auto it = gatt_cb.hdl_list_info->begin();
213 for (; it != end_it; it++) {
214 if (app_uuid128 == it->asgn_range.app_uuid128 &&
215 *p_svc_uuid == it->asgn_range.svc_uuid &&
216 (start_handle == it->asgn_range.s_handle)) {
217 return it;
218 }
219 }
220
221 return it;
222 }
223
224 /**
225 * free the service attribute database buffers by the owner of the service app
226 * ID.
227 */
gatt_free_srvc_db_buffer_app_id(const Uuid & app_id)228 void gatt_free_srvc_db_buffer_app_id(const Uuid& app_id) {
229 auto it = gatt_cb.hdl_list_info->begin();
230 auto end = gatt_cb.hdl_list_info->end();
231 while (it != end) {
232 if (app_id == it->asgn_range.app_uuid128) {
233 it = gatt_cb.hdl_list_info->erase(it);
234 } else {
235 it++;
236 }
237 }
238 }
239
240 /*******************************************************************************
241 *
242 * Function gatt_find_the_connected_bda
243 *
244 * Description This function find the connected bda
245 *
246 * Returns true if found
247 *
248 ******************************************************************************/
gatt_find_the_connected_bda(uint8_t start_idx,RawAddress & bda,uint8_t * p_found_idx,tBT_TRANSPORT * p_transport)249 bool gatt_find_the_connected_bda(uint8_t start_idx, RawAddress& bda,
250 uint8_t* p_found_idx,
251 tBT_TRANSPORT* p_transport) {
252 uint8_t i;
253 bool found = false;
254 VLOG(1) << __func__ << " start_idx=" << +start_idx;
255
256 for (i = start_idx; i < GATT_MAX_PHY_CHANNEL; i++) {
257 if (gatt_cb.tcb[i].in_use && gatt_cb.tcb[i].ch_state == GATT_CH_OPEN) {
258 bda = gatt_cb.tcb[i].peer_bda;
259 *p_found_idx = i;
260 *p_transport = gatt_cb.tcb[i].transport;
261 found = true;
262 VLOG(1) << " bda :" << bda;
263 break;
264 }
265 }
266 VLOG(1) << StringPrintf(" found=%d found_idx=%d", found, i);
267 return found;
268 }
269
270 /*******************************************************************************
271 *
272 * Function gatt_is_srv_chg_ind_pending
273 *
274 * Description Check whether a service chnaged is in the indication pending
275 * queue or waiting for an Ack already
276 *
277 * Returns bool
278 *
279 ******************************************************************************/
gatt_is_srv_chg_ind_pending(tGATT_TCB * p_tcb)280 bool gatt_is_srv_chg_ind_pending(tGATT_TCB* p_tcb) {
281 VLOG(1) << __func__
282 << " is_queue_empty=" << fixed_queue_is_empty(p_tcb->pending_ind_q);
283
284 if (p_tcb->indicate_handle == gatt_cb.handle_of_h_r) return true;
285
286 if (fixed_queue_is_empty(p_tcb->pending_ind_q)) return false;
287
288 list_t* list = fixed_queue_get_list(p_tcb->pending_ind_q);
289 for (const list_node_t* node = list_begin(list); node != list_end(list);
290 node = list_next(node)) {
291 tGATT_VALUE* p_buf = (tGATT_VALUE*)list_node(node);
292 if (p_buf->handle == gatt_cb.handle_of_h_r) {
293 return true;
294 }
295 }
296
297 return false;
298 }
299
300 /*******************************************************************************
301 *
302 * Function gatt_is_bda_in_the_srv_chg_clt_list
303 *
304 * Description This function check the specified bda is in the srv chg
305 * client list or not
306 *
307 * Returns pointer to the found elemenet otherwise NULL
308 *
309 ******************************************************************************/
gatt_is_bda_in_the_srv_chg_clt_list(const RawAddress & bda)310 tGATTS_SRV_CHG* gatt_is_bda_in_the_srv_chg_clt_list(const RawAddress& bda) {
311
312 VLOG(1) << __func__ << ": " << bda;
313
314 if (fixed_queue_is_empty(gatt_cb.srv_chg_clt_q)) return NULL;
315
316 list_t* list = fixed_queue_get_list(gatt_cb.srv_chg_clt_q);
317 for (const list_node_t* node = list_begin(list); node != list_end(list);
318 node = list_next(node)) {
319 tGATTS_SRV_CHG* p_buf = (tGATTS_SRV_CHG*)list_node(node);
320 if (bda == p_buf->bda) {
321 VLOG(1) << "bda is in the srv chg clt list";
322 return p_buf;
323 }
324 }
325
326 return NULL;
327 }
328
329 /*******************************************************************************
330 *
331 * Function gatt_is_bda_connected
332 *
333 * Description
334 *
335 * Returns GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
336 *
337 ******************************************************************************/
gatt_is_bda_connected(const RawAddress & bda)338 bool gatt_is_bda_connected(const RawAddress& bda) {
339 uint8_t i = 0;
340 bool connected = false;
341
342 for (i = 0; i < GATT_MAX_PHY_CHANNEL; i++) {
343 if (gatt_cb.tcb[i].in_use && gatt_cb.tcb[i].peer_bda == bda) {
344 connected = true;
345 break;
346 }
347 }
348 return connected;
349 }
350
351 /*******************************************************************************
352 *
353 * Function gatt_find_i_tcb_by_addr
354 *
355 * Description Search for an empty tcb entry, and return the index.
356 *
357 * Returns GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
358 *
359 ******************************************************************************/
gatt_find_i_tcb_by_addr(const RawAddress & bda,tBT_TRANSPORT transport)360 uint8_t gatt_find_i_tcb_by_addr(const RawAddress& bda,
361 tBT_TRANSPORT transport) {
362 uint8_t i = 0;
363
364 for (; i < GATT_MAX_PHY_CHANNEL; i++) {
365 if (gatt_cb.tcb[i].peer_bda == bda &&
366 gatt_cb.tcb[i].transport == transport) {
367 return i;
368 }
369 }
370 return GATT_INDEX_INVALID;
371 }
372
373 /*******************************************************************************
374 *
375 * Function gatt_get_tcb_by_idx
376 *
377 * Description The function get TCB using the TCB index
378 *
379 * Returns NULL if not found. Otherwise index to the tcb.
380 *
381 ******************************************************************************/
gatt_get_tcb_by_idx(uint8_t tcb_idx)382 tGATT_TCB* gatt_get_tcb_by_idx(uint8_t tcb_idx) {
383 tGATT_TCB* p_tcb = NULL;
384
385 if ((tcb_idx < GATT_MAX_PHY_CHANNEL) && gatt_cb.tcb[tcb_idx].in_use)
386 p_tcb = &gatt_cb.tcb[tcb_idx];
387
388 return p_tcb;
389 }
390
391 /*******************************************************************************
392 *
393 * Function gatt_find_tcb_by_addr
394 *
395 * Description Search for an empty tcb entry, and return pointer.
396 *
397 * Returns NULL if not found. Otherwise index to the tcb.
398 *
399 ******************************************************************************/
gatt_find_tcb_by_addr(const RawAddress & bda,tBT_TRANSPORT transport)400 tGATT_TCB* gatt_find_tcb_by_addr(const RawAddress& bda,
401 tBT_TRANSPORT transport) {
402 tGATT_TCB* p_tcb = NULL;
403 uint8_t i = 0;
404
405 i = gatt_find_i_tcb_by_addr(bda, transport);
406 if (i != GATT_INDEX_INVALID) p_tcb = &gatt_cb.tcb[i];
407
408 return p_tcb;
409 }
410
411 /*******************************************************************************
412 *
413 * Function gatt_allocate_tcb_by_bdaddr
414 *
415 * Description Locate or allocate a new tcb entry for matching bda.
416 *
417 * Returns GATT_INDEX_INVALID if not found. Otherwise index to the tcb.
418 *
419 ******************************************************************************/
gatt_allocate_tcb_by_bdaddr(const RawAddress & bda,tBT_TRANSPORT transport)420 tGATT_TCB* gatt_allocate_tcb_by_bdaddr(const RawAddress& bda,
421 tBT_TRANSPORT transport) {
422 /* search for existing tcb with matching bda */
423 uint8_t j = gatt_find_i_tcb_by_addr(bda, transport);
424 if (j != GATT_INDEX_INVALID) return &gatt_cb.tcb[j];
425
426 /* find free tcb */
427 for (int i = 0; i < GATT_MAX_PHY_CHANNEL; i++) {
428 tGATT_TCB* p_tcb = &gatt_cb.tcb[i];
429 if (p_tcb->in_use) continue;
430
431 *p_tcb = tGATT_TCB();
432
433 p_tcb->pending_ind_q = fixed_queue_new(SIZE_MAX);
434 p_tcb->conf_timer = alarm_new("gatt.conf_timer");
435 p_tcb->ind_ack_timer = alarm_new("gatt.ind_ack_timer");
436 p_tcb->in_use = true;
437 p_tcb->tcb_idx = i;
438 p_tcb->transport = transport;
439 p_tcb->peer_bda = bda;
440 return p_tcb;
441 }
442
443 return NULL;
444 }
445
446 /** gatt_build_uuid_to_stream will convert 32bit UUIDs to 128bit. This function
447 * will return lenght required to build uuid, either |UUID:kNumBytes16| or
448 * |UUID::kNumBytes128| */
gatt_build_uuid_to_stream_len(const Uuid & uuid)449 uint8_t gatt_build_uuid_to_stream_len(const Uuid& uuid) {
450 size_t len = uuid.GetShortestRepresentationSize();
451 return len == Uuid::kNumBytes32 ? Uuid::kNumBytes128 : len;
452 }
453
454 /** Add UUID into stream. Returns UUID length. */
gatt_build_uuid_to_stream(uint8_t ** p_dst,const Uuid & uuid)455 uint8_t gatt_build_uuid_to_stream(uint8_t** p_dst, const Uuid& uuid) {
456 uint8_t* p = *p_dst;
457 size_t len = uuid.GetShortestRepresentationSize();
458
459 if (uuid.IsEmpty()) {
460 return 0;
461 }
462
463 if (len == Uuid::kNumBytes16) {
464 UINT16_TO_STREAM(p, uuid.As16Bit());
465 } else if (len == Uuid::kNumBytes32) {
466 /* always convert 32 bits into 128 bits */
467 ARRAY_TO_STREAM(p, uuid.To128BitLE(), (int)Uuid::kNumBytes128);
468 len = Uuid::kNumBytes128;
469 } else if (len == Uuid::kNumBytes128) {
470 ARRAY_TO_STREAM(p, uuid.To128BitLE(), (int)Uuid::kNumBytes128);
471 }
472
473 *p_dst = p;
474 return len;
475 }
476
gatt_parse_uuid_from_cmd(Uuid * p_uuid_rec,uint16_t uuid_size,uint8_t ** p_data)477 bool gatt_parse_uuid_from_cmd(Uuid* p_uuid_rec, uint16_t uuid_size,
478 uint8_t** p_data) {
479 bool ret = true;
480 uint8_t* p_uuid = *p_data;
481
482 switch (uuid_size) {
483 case Uuid::kNumBytes16: {
484 uint16_t val;
485 STREAM_TO_UINT16(val, p_uuid);
486 *p_uuid_rec = Uuid::From16Bit(val);
487 *p_data += Uuid::kNumBytes16;
488 return true;
489 }
490
491 case Uuid::kNumBytes128: {
492 *p_uuid_rec = Uuid::From128BitLE(p_uuid);
493 *p_data += Uuid::kNumBytes128;
494 return true;
495 }
496
497 /* do not allow 32 bits UUID in ATT PDU now */
498 case Uuid::kNumBytes32:
499 LOG(ERROR) << "DO NOT ALLOW 32 BITS UUID IN ATT PDU";
500 return false;
501 case 0:
502 default:
503 if (uuid_size != 0) ret = false;
504 LOG(WARNING) << __func__ << ": invalid uuid size";
505 break;
506 }
507
508 return (ret);
509 }
510
511 /*******************************************************************************
512 *
513 * Function gatt_start_rsp_timer
514 *
515 * Description Start a wait_for_response timer.
516 *
517 * Returns void
518 *
519 ******************************************************************************/
gatt_start_rsp_timer(tGATT_CLCB * p_clcb)520 void gatt_start_rsp_timer(tGATT_CLCB* p_clcb) {
521 uint64_t timeout_ms = GATT_WAIT_FOR_RSP_TIMEOUT_MS;
522
523 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
524 p_clcb->op_subtype == GATT_DISC_SRVC_ALL) {
525 timeout_ms = GATT_WAIT_FOR_DISC_RSP_TIMEOUT_MS;
526 }
527
528 // TODO: The tGATT_CLCB memory and state management needs cleanup,
529 // and then the timers can be allocated elsewhere.
530 if (p_clcb->gatt_rsp_timer_ent == NULL) {
531 p_clcb->gatt_rsp_timer_ent = alarm_new("gatt.gatt_rsp_timer_ent");
532 }
533 alarm_set_on_mloop(p_clcb->gatt_rsp_timer_ent, timeout_ms, gatt_rsp_timeout,
534 p_clcb);
535 }
536
537 /*******************************************************************************
538 *
539 * Function gatt_start_conf_timer
540 *
541 * Description Start a wait_for_confirmation timer.
542 *
543 * Returns void
544 *
545 ******************************************************************************/
gatt_start_conf_timer(tGATT_TCB * p_tcb)546 void gatt_start_conf_timer(tGATT_TCB* p_tcb) {
547 alarm_set_on_mloop(p_tcb->conf_timer, GATT_WAIT_FOR_RSP_TIMEOUT_MS,
548 gatt_indication_confirmation_timeout, p_tcb);
549 }
550
551 /*******************************************************************************
552 *
553 * Function gatt_start_ind_ack_timer
554 *
555 * Description start the application ack timer
556 *
557 * Returns void
558 *
559 ******************************************************************************/
gatt_start_ind_ack_timer(tGATT_TCB & tcb)560 void gatt_start_ind_ack_timer(tGATT_TCB& tcb) {
561 /* start notification cache timer */
562 alarm_set_on_mloop(tcb.ind_ack_timer, GATT_WAIT_FOR_RSP_TIMEOUT_MS,
563 gatt_ind_ack_timeout, &tcb);
564 }
565
566 /*******************************************************************************
567 *
568 * Function gatt_rsp_timeout
569 *
570 * Description Called when GATT wait for ATT command response timer expires
571 *
572 * Returns void
573 *
574 ******************************************************************************/
gatt_rsp_timeout(void * data)575 void gatt_rsp_timeout(void* data) {
576 tGATT_CLCB* p_clcb = (tGATT_CLCB*)data;
577
578 if (p_clcb == NULL || p_clcb->p_tcb == NULL) {
579 LOG(WARNING) << __func__ << " clcb is already deleted";
580 return;
581 }
582 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
583 p_clcb->op_subtype == GATT_DISC_SRVC_ALL &&
584 p_clcb->retry_count < GATT_REQ_RETRY_LIMIT) {
585 uint8_t rsp_code;
586 LOG(WARNING) << __func__ << " retry discovery primary service";
587 if (p_clcb != gatt_cmd_dequeue(*p_clcb->p_tcb, &rsp_code)) {
588 LOG(ERROR) << __func__ << " command queue out of sync, disconnect";
589 } else {
590 p_clcb->retry_count++;
591 gatt_act_discovery(p_clcb);
592 return;
593 }
594 }
595
596 LOG(WARNING) << __func__ << " disconnecting...";
597 gatt_disconnect(p_clcb->p_tcb);
598 }
599
600 extern void gatts_proc_srv_chg_ind_ack(tGATT_TCB tcb);
601
602 /*******************************************************************************
603 *
604 * Function gatt_indication_confirmation_timeout
605 *
606 * Description Called when the indication confirmation timer expires
607 *
608 * Returns void
609 *
610 ******************************************************************************/
gatt_indication_confirmation_timeout(void * data)611 void gatt_indication_confirmation_timeout(void* data) {
612 tGATT_TCB* p_tcb = (tGATT_TCB*)data;
613
614 if (p_tcb->indicate_handle == gatt_cb.handle_of_h_r) {
615 /* There are some GATT Server only devices, that don't implement GATT client
616 * functionalities, and ignore "Service Changed" indication. Android does
617 * not have CCC in "Service Changed" characteristic, and sends it to all
618 * bonded devices. This leads to situation where remote can ignore the
619 * indication, and trigger 30s timeout, then reconnection in a loop.
620 *
621 * Since chances of healthy Client device keeping connection for 30 seconds
622 * and not responding to "Service Changed" indication are very low, assume
623 * we are dealing with Server only device, and don't trigger disconnection.
624 *
625 * TODO: In future, we should properly expose CCC, and send indication only
626 * to devices that register for it.
627 */
628 LOG(WARNING) << " Service Changed notification timed out in 30 "
629 "seconds, assuming server-only remote, not disconnecting";
630 gatts_proc_srv_chg_ind_ack(*p_tcb);
631 return;
632 }
633
634 LOG(WARNING) << __func__ << " disconnecting...";
635 gatt_disconnect(p_tcb);
636 }
637
638 /*******************************************************************************
639 *
640 * Function gatt_ind_ack_timeout
641 *
642 * Description Called when GATT wait for ATT handle confirmation timeout
643 *
644 * Returns void
645 *
646 ******************************************************************************/
gatt_ind_ack_timeout(void * data)647 void gatt_ind_ack_timeout(void* data) {
648 tGATT_TCB* p_tcb = (tGATT_TCB*)data;
649 CHECK(p_tcb);
650
651 LOG(WARNING) << __func__ << ": send ack now";
652 p_tcb->ind_count = 0;
653 attp_send_cl_msg(*p_tcb, nullptr, GATT_HANDLE_VALUE_CONF, NULL);
654 }
655 /*******************************************************************************
656 *
657 * Description Search for a service that owns a specific handle.
658 *
659 * Returns GATT_MAX_SR_PROFILES if not found. Otherwise the index of
660 * the service.
661 *
662 ******************************************************************************/
gatt_sr_find_i_rcb_by_handle(uint16_t handle)663 std::list<tGATT_SRV_LIST_ELEM>::iterator gatt_sr_find_i_rcb_by_handle(
664 uint16_t handle) {
665 auto it = gatt_cb.srv_list_info->begin();
666
667 for (; it != gatt_cb.srv_list_info->end(); it++) {
668 if (it->s_hdl <= handle && it->e_hdl >= handle) {
669 return it;
670 }
671 }
672
673 return it;
674 }
675
676 /*******************************************************************************
677 *
678 * Function gatt_sr_get_sec_info
679 *
680 * Description Get the security flag and key size information for the peer
681 * device.
682 *
683 * Returns void
684 *
685 ******************************************************************************/
gatt_sr_get_sec_info(const RawAddress & rem_bda,tBT_TRANSPORT transport,uint8_t * p_sec_flag,uint8_t * p_key_size)686 void gatt_sr_get_sec_info(const RawAddress& rem_bda, tBT_TRANSPORT transport,
687 uint8_t* p_sec_flag, uint8_t* p_key_size) {
688 uint8_t sec_flag = 0;
689
690 BTM_GetSecurityFlagsByTransport(rem_bda, &sec_flag, transport);
691
692 sec_flag &= (GATT_SEC_FLAG_LKEY_UNAUTHED | GATT_SEC_FLAG_LKEY_AUTHED |
693 GATT_SEC_FLAG_ENCRYPTED);
694
695 *p_key_size = btm_ble_read_sec_key_size(rem_bda);
696 *p_sec_flag = sec_flag;
697 }
698 /*******************************************************************************
699 *
700 * Function gatt_sr_send_req_callback
701 *
702 * Description
703 *
704 *
705 * Returns void
706 *
707 ******************************************************************************/
gatt_sr_send_req_callback(uint16_t conn_id,uint32_t trans_id,tGATTS_REQ_TYPE type,tGATTS_DATA * p_data)708 void gatt_sr_send_req_callback(uint16_t conn_id, uint32_t trans_id,
709 tGATTS_REQ_TYPE type, tGATTS_DATA* p_data) {
710 tGATT_IF gatt_if = GATT_GET_GATT_IF(conn_id);
711 tGATT_REG* p_reg = gatt_get_regcb(gatt_if);
712
713 if (!p_reg) {
714 LOG(ERROR) << "p_reg not found discard request";
715 return;
716 }
717
718 if (p_reg->in_use && p_reg->app_cb.p_req_cb) {
719 (*p_reg->app_cb.p_req_cb)(conn_id, trans_id, type, p_data);
720 } else {
721 LOG(WARNING) << "Call back not found for application conn_id=" << conn_id;
722 }
723 }
724
725 /*******************************************************************************
726 *
727 * Function gatt_send_error_rsp
728 *
729 * Description This function sends an error response.
730 *
731 * Returns void
732 *
733 ******************************************************************************/
gatt_send_error_rsp(tGATT_TCB & tcb,uint8_t err_code,uint8_t op_code,uint16_t handle,bool deq)734 tGATT_STATUS gatt_send_error_rsp(tGATT_TCB& tcb, uint8_t err_code,
735 uint8_t op_code, uint16_t handle, bool deq) {
736 tGATT_STATUS status;
737 BT_HDR* p_buf;
738
739 tGATT_SR_MSG msg;
740 msg.error.cmd_code = op_code;
741 msg.error.reason = err_code;
742 msg.error.handle = handle;
743
744 p_buf = attp_build_sr_msg(tcb, GATT_RSP_ERROR, &msg);
745 if (p_buf != NULL) {
746 status = attp_send_sr_msg(tcb, p_buf);
747 } else
748 status = GATT_INSUF_RESOURCE;
749
750 if (deq) gatt_dequeue_sr_cmd(tcb);
751
752 return status;
753 }
754
755 /*******************************************************************************
756 *
757 * Function gatt_add_sdp_record
758 *
759 * Description This function add a SDP record for a GATT primary service
760 *
761 * Returns 0 if error else sdp handle for the record.
762 *
763 ******************************************************************************/
gatt_add_sdp_record(const Uuid & uuid,uint16_t start_hdl,uint16_t end_hdl)764 uint32_t gatt_add_sdp_record(const Uuid& uuid, uint16_t start_hdl,
765 uint16_t end_hdl) {
766 uint8_t buff[60];
767 uint8_t* p = buff;
768
769 VLOG(1) << __func__
770 << StringPrintf(" s_hdl=0x%x s_hdl=0x%x", start_hdl, end_hdl);
771
772 uint32_t sdp_handle = SDP_CreateRecord();
773 if (sdp_handle == 0) return 0;
774
775 switch (uuid.GetShortestRepresentationSize()) {
776 case Uuid::kNumBytes16: {
777 uint16_t tmp = uuid.As16Bit();
778 SDP_AddServiceClassIdList(sdp_handle, 1, &tmp);
779 break;
780 }
781
782 case Uuid::kNumBytes32: {
783 UINT8_TO_BE_STREAM(p, (UUID_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
784 uint32_t tmp = uuid.As32Bit();
785 UINT32_TO_BE_STREAM(p, tmp);
786 SDP_AddAttribute(sdp_handle, ATTR_ID_SERVICE_CLASS_ID_LIST,
787 DATA_ELE_SEQ_DESC_TYPE, (uint32_t)(p - buff), buff);
788 break;
789 }
790
791 case Uuid::kNumBytes128:
792 UINT8_TO_BE_STREAM(p, (UUID_DESC_TYPE << 3) | SIZE_SIXTEEN_BYTES);
793 ARRAY_TO_BE_STREAM(p, uuid.To128BitBE().data(), (int)Uuid::kNumBytes128);
794 SDP_AddAttribute(sdp_handle, ATTR_ID_SERVICE_CLASS_ID_LIST,
795 DATA_ELE_SEQ_DESC_TYPE, (uint32_t)(p - buff), buff);
796 break;
797 }
798
799 /*** Fill out the protocol element sequence for SDP ***/
800 tSDP_PROTOCOL_ELEM proto_elem_list[2];
801 proto_elem_list[0].protocol_uuid = UUID_PROTOCOL_L2CAP;
802 proto_elem_list[0].num_params = 1;
803 proto_elem_list[0].params[0] = BT_PSM_ATT;
804 proto_elem_list[1].protocol_uuid = UUID_PROTOCOL_ATT;
805 proto_elem_list[1].num_params = 2;
806 proto_elem_list[1].params[0] = start_hdl;
807 proto_elem_list[1].params[1] = end_hdl;
808
809 SDP_AddProtocolList(sdp_handle, 2, proto_elem_list);
810
811 /* Make the service browseable */
812 uint16_t list = UUID_SERVCLASS_PUBLIC_BROWSE_GROUP;
813 SDP_AddUuidSequence(sdp_handle, ATTR_ID_BROWSE_GROUP_LIST, 1, &list);
814
815 return (sdp_handle);
816 }
817
818 #if GATT_CONFORMANCE_TESTING == TRUE
819 /*******************************************************************************
820 *
821 * Function gatt_set_err_rsp
822 *
823 * Description This function is called to set the test confirm value
824 *
825 * Returns void
826 *
827 ******************************************************************************/
gatt_set_err_rsp(bool enable,uint8_t req_op_code,uint8_t err_status)828 void gatt_set_err_rsp(bool enable, uint8_t req_op_code, uint8_t err_status) {
829 VLOG(1) << __func__
830 << StringPrintf(" enable=%d op_code=%d, err_status=%d", enable,
831 req_op_code, err_status);
832 gatt_cb.enable_err_rsp = enable;
833 gatt_cb.req_op_code = req_op_code;
834 gatt_cb.err_status = err_status;
835 }
836 #endif
837
838 /*******************************************************************************
839 *
840 * Function gatt_get_regcb
841 *
842 * Description The function returns the registration control block.
843 *
844 * Returns pointer to the registration control block or NULL
845 *
846 ******************************************************************************/
gatt_get_regcb(tGATT_IF gatt_if)847 tGATT_REG* gatt_get_regcb(tGATT_IF gatt_if) {
848 uint8_t ii = (uint8_t)gatt_if;
849 tGATT_REG* p_reg = NULL;
850
851 if (ii < 1 || ii > GATT_MAX_APPS) {
852 LOG(WARNING) << "gatt_if out of range = " << +ii;
853 return NULL;
854 }
855
856 // Index for cl_rcb is always 1 less than gatt_if.
857 p_reg = &gatt_cb.cl_rcb[ii - 1];
858
859 if (!p_reg->in_use) {
860 LOG(WARNING) << "gatt_if found but not in use.";
861 return NULL;
862 }
863
864 return p_reg;
865 }
866
867 /*******************************************************************************
868 *
869 * Function gatt_is_clcb_allocated
870 *
871 * Description The function check clcb for conn_id is allocated or not
872 *
873 * Returns True already allocated
874 *
875 ******************************************************************************/
876
gatt_is_clcb_allocated(uint16_t conn_id)877 bool gatt_is_clcb_allocated(uint16_t conn_id) {
878 uint8_t i = 0;
879 bool is_allocated = false;
880
881 for (i = 0; i < GATT_CL_MAX_LCB; i++) {
882 if (gatt_cb.clcb[i].in_use && (gatt_cb.clcb[i].conn_id == conn_id)) {
883 is_allocated = true;
884 break;
885 }
886 }
887
888 return is_allocated;
889 }
890
891 /*******************************************************************************
892 *
893 * Function gatt_clcb_alloc
894 *
895 * Description The function allocates a GATT connection link control block
896 *
897 * Returns NULL if not found. Otherwise pointer to the connection link
898 * block.
899 *
900 ******************************************************************************/
gatt_clcb_alloc(uint16_t conn_id)901 tGATT_CLCB* gatt_clcb_alloc(uint16_t conn_id) {
902 uint8_t i = 0;
903 tGATT_CLCB* p_clcb = NULL;
904 tGATT_IF gatt_if = GATT_GET_GATT_IF(conn_id);
905 uint8_t tcb_idx = GATT_GET_TCB_IDX(conn_id);
906 tGATT_TCB* p_tcb = gatt_get_tcb_by_idx(tcb_idx);
907 tGATT_REG* p_reg = gatt_get_regcb(gatt_if);
908
909 for (i = 0; i < GATT_CL_MAX_LCB; i++) {
910 if (!gatt_cb.clcb[i].in_use) {
911 p_clcb = &gatt_cb.clcb[i];
912
913 p_clcb->in_use = true;
914 p_clcb->conn_id = conn_id;
915 p_clcb->p_reg = p_reg;
916 p_clcb->p_tcb = p_tcb;
917 break;
918 }
919 }
920
921 return p_clcb;
922 }
923
924 /*******************************************************************************
925 *
926 * Function gatt_clcb_dealloc
927 *
928 * Description The function de-allocates a GATT connection link control
929 * block
930 *
931 * Returns None
932 *
933 ******************************************************************************/
gatt_clcb_dealloc(tGATT_CLCB * p_clcb)934 void gatt_clcb_dealloc(tGATT_CLCB* p_clcb) {
935 if (p_clcb && p_clcb->in_use) {
936 alarm_free(p_clcb->gatt_rsp_timer_ent);
937 memset(p_clcb, 0, sizeof(tGATT_CLCB));
938 }
939 }
940
941 /*******************************************************************************
942 *
943 * Function gatt_find_tcb_by_cid
944 *
945 * Description The function searches for an empty entry
946 * in registration info table for GATT client
947 *
948 * Returns NULL if not found. Otherwise pointer to the rcb.
949 *
950 ******************************************************************************/
gatt_find_tcb_by_cid(uint16_t lcid)951 tGATT_TCB* gatt_find_tcb_by_cid(uint16_t lcid) {
952 uint16_t xx = 0;
953 tGATT_TCB* p_tcb = NULL;
954
955 for (xx = 0; xx < GATT_MAX_PHY_CHANNEL; xx++) {
956 if (gatt_cb.tcb[xx].in_use && gatt_cb.tcb[xx].att_lcid == lcid) {
957 p_tcb = &gatt_cb.tcb[xx];
958 break;
959 }
960 }
961 return p_tcb;
962 }
963
964 /*******************************************************************************
965 *
966 * Function gatt_num_clcb_by_bd_addr
967 *
968 * Description The function searches all LCB with macthing bd address
969 *
970 * Returns total number of clcb found.
971 *
972 ******************************************************************************/
gatt_num_clcb_by_bd_addr(const RawAddress & bda)973 uint8_t gatt_num_clcb_by_bd_addr(const RawAddress& bda) {
974 uint8_t i, num = 0;
975
976 for (i = 0; i < GATT_CL_MAX_LCB; i++) {
977 if (gatt_cb.clcb[i].in_use && gatt_cb.clcb[i].p_tcb->peer_bda == bda) num++;
978 }
979 return num;
980 }
981
gatt_sr_copy_prep_cnt_to_cback_cnt(tGATT_TCB & tcb)982 void gatt_sr_copy_prep_cnt_to_cback_cnt(tGATT_TCB& tcb) {
983 for (uint8_t i = 0; i < GATT_MAX_APPS; i++) {
984 if (tcb.prep_cnt[i]) {
985 tcb.sr_cmd.cback_cnt[i] = 1;
986 }
987 }
988 }
989
990 /*******************************************************************************
991 *
992 * Function gatt_sr_is_cback_cnt_zero
993 *
994 * Description The function searches all LCB with macthing bd address
995 *
996 * Returns True if thetotal application callback count is zero
997 *
998 ******************************************************************************/
gatt_sr_is_cback_cnt_zero(tGATT_TCB & tcb)999 bool gatt_sr_is_cback_cnt_zero(tGATT_TCB& tcb) {
1000 for (uint8_t i = 0; i < GATT_MAX_APPS; i++) {
1001 if (tcb.sr_cmd.cback_cnt[i]) {
1002 return false;
1003 }
1004 }
1005 return true;
1006 }
1007
1008 /*******************************************************************************
1009 *
1010 * Function gatt_sr_is_prep_cnt_zero
1011 *
1012 * Description Check the prepare write request count is zero or not
1013 *
1014 * Returns True no prepare write request
1015 *
1016 ******************************************************************************/
gatt_sr_is_prep_cnt_zero(tGATT_TCB & tcb)1017 bool gatt_sr_is_prep_cnt_zero(tGATT_TCB& tcb) {
1018 for (uint8_t i = 0; i < GATT_MAX_APPS; i++) {
1019 if (tcb.prep_cnt[i]) {
1020 return false;
1021 }
1022 }
1023 return true;
1024 }
1025
1026 /*******************************************************************************
1027 *
1028 * Function gatt_sr_reset_cback_cnt
1029 *
1030 * Description Reset the application callback count to zero
1031 *
1032 * Returns None
1033 *
1034 ******************************************************************************/
gatt_sr_reset_cback_cnt(tGATT_TCB & tcb)1035 void gatt_sr_reset_cback_cnt(tGATT_TCB& tcb) {
1036 for (uint8_t i = 0; i < GATT_MAX_APPS; i++) {
1037 tcb.sr_cmd.cback_cnt[i] = 0;
1038 }
1039 }
1040
1041 /*******************************************************************************
1042 *
1043 * Function gatt_sr_reset_prep_cnt
1044 *
1045 * Description Reset the prep write count to zero
1046 *
1047 * Returns None
1048 *
1049 ******************************************************************************/
gatt_sr_reset_prep_cnt(tGATT_TCB & tcb)1050 void gatt_sr_reset_prep_cnt(tGATT_TCB& tcb) {
1051 for (uint8_t i = 0; i < GATT_MAX_APPS; i++) {
1052 tcb.prep_cnt[i] = 0;
1053 }
1054 }
1055
1056 /*******************************************************************************
1057 *
1058 * Function gatt_sr_update_cback_cnt
1059 *
1060 * Description Update the teh applicaiton callback count
1061 *
1062 * Returns None
1063 *
1064 ******************************************************************************/
gatt_sr_update_cback_cnt(tGATT_TCB & tcb,tGATT_IF gatt_if,bool is_inc,bool is_reset_first)1065 void gatt_sr_update_cback_cnt(tGATT_TCB& tcb, tGATT_IF gatt_if, bool is_inc,
1066 bool is_reset_first) {
1067 uint8_t idx = ((uint8_t)gatt_if) - 1;
1068
1069 if (is_reset_first) {
1070 gatt_sr_reset_cback_cnt(tcb);
1071 }
1072 if (is_inc) {
1073 tcb.sr_cmd.cback_cnt[idx]++;
1074 } else {
1075 if (tcb.sr_cmd.cback_cnt[idx]) {
1076 tcb.sr_cmd.cback_cnt[idx]--;
1077 }
1078 }
1079 }
1080
1081 /*******************************************************************************
1082 *
1083 * Function gatt_sr_update_prep_cnt
1084 *
1085 * Description Update the teh prepare write request count
1086 *
1087 * Returns None
1088 *
1089 ******************************************************************************/
gatt_sr_update_prep_cnt(tGATT_TCB & tcb,tGATT_IF gatt_if,bool is_inc,bool is_reset_first)1090 void gatt_sr_update_prep_cnt(tGATT_TCB& tcb, tGATT_IF gatt_if, bool is_inc,
1091 bool is_reset_first) {
1092 uint8_t idx = ((uint8_t)gatt_if) - 1;
1093
1094 VLOG(1) << StringPrintf(
1095 "%s tcb idx=%d gatt_if=%d is_inc=%d is_reset_first=%d", __func__,
1096 tcb.tcb_idx, gatt_if, is_inc, is_reset_first);
1097
1098 if (is_reset_first) {
1099 gatt_sr_reset_prep_cnt(tcb);
1100 }
1101 if (is_inc) {
1102 tcb.prep_cnt[idx]++;
1103 } else {
1104 if (tcb.prep_cnt[idx]) {
1105 tcb.prep_cnt[idx]--;
1106 }
1107 }
1108 }
1109
1110 /** Cancel LE Create Connection request */
gatt_cancel_open(tGATT_IF gatt_if,const RawAddress & bda)1111 bool gatt_cancel_open(tGATT_IF gatt_if, const RawAddress& bda) {
1112 tGATT_TCB* p_tcb = gatt_find_tcb_by_addr(bda, BT_TRANSPORT_LE);
1113 if (!p_tcb) return true;
1114
1115 if (gatt_get_ch_state(p_tcb) == GATT_CH_OPEN) {
1116 LOG(ERROR) << __func__ << ": link connected Too late to cancel";
1117 return false;
1118 }
1119
1120 gatt_update_app_use_link_flag(gatt_if, p_tcb, false, false);
1121
1122 if (p_tcb->app_hold_link.empty()) gatt_disconnect(p_tcb);
1123
1124 connection_manager::direct_connect_remove(gatt_if, bda);
1125 return true;
1126 }
1127
1128 /** Enqueue this command */
gatt_cmd_enq(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,bool to_send,uint8_t op_code,BT_HDR * p_buf)1129 void gatt_cmd_enq(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, bool to_send,
1130 uint8_t op_code, BT_HDR* p_buf) {
1131 tGATT_CMD_Q cmd;
1132 cmd.to_send = to_send; /* waiting to be sent */
1133 cmd.op_code = op_code;
1134 cmd.p_cmd = p_buf;
1135 cmd.p_clcb = p_clcb;
1136
1137 if (!to_send) {
1138 // TODO: WTF why do we clear the queue here ?!
1139 tcb.cl_cmd_q = std::queue<tGATT_CMD_Q>();
1140 }
1141
1142 tcb.cl_cmd_q.push(cmd);
1143 }
1144
1145 /** dequeue the command in the client CCB command queue */
gatt_cmd_dequeue(tGATT_TCB & tcb,uint8_t * p_op_code)1146 tGATT_CLCB* gatt_cmd_dequeue(tGATT_TCB& tcb, uint8_t* p_op_code) {
1147 if (tcb.cl_cmd_q.empty()) return nullptr;
1148
1149 tGATT_CMD_Q cmd = tcb.cl_cmd_q.front();
1150 tGATT_CLCB* p_clcb = cmd.p_clcb;
1151 *p_op_code = cmd.op_code;
1152 tcb.cl_cmd_q.pop();
1153
1154 return p_clcb;
1155 }
1156
1157 /** Send out the ATT message for write */
gatt_send_write_msg(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,uint8_t op_code,uint16_t handle,uint16_t len,uint16_t offset,uint8_t * p_data)1158 uint8_t gatt_send_write_msg(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, uint8_t op_code,
1159 uint16_t handle, uint16_t len, uint16_t offset,
1160 uint8_t* p_data) {
1161 tGATT_CL_MSG msg;
1162 msg.attr_value.handle = handle;
1163 msg.attr_value.len = len;
1164 msg.attr_value.offset = offset;
1165 memcpy(msg.attr_value.value, p_data, len);
1166
1167 /* write by handle */
1168 return attp_send_cl_msg(tcb, p_clcb, op_code, &msg);
1169 }
1170
1171 /*******************************************************************************
1172 *
1173 * Function gatt_end_operation
1174 *
1175 * Description This function ends a discovery, send callback and finalize
1176 * some control value.
1177 *
1178 * Returns 16 bits uuid.
1179 *
1180 ******************************************************************************/
gatt_end_operation(tGATT_CLCB * p_clcb,tGATT_STATUS status,void * p_data)1181 void gatt_end_operation(tGATT_CLCB* p_clcb, tGATT_STATUS status, void* p_data) {
1182 tGATT_CL_COMPLETE cb_data;
1183 tGATT_CMPL_CBACK* p_cmpl_cb =
1184 (p_clcb->p_reg) ? p_clcb->p_reg->app_cb.p_cmpl_cb : NULL;
1185 uint8_t op = p_clcb->operation, disc_type = GATT_DISC_MAX;
1186 tGATT_DISC_CMPL_CB* p_disc_cmpl_cb =
1187 (p_clcb->p_reg) ? p_clcb->p_reg->app_cb.p_disc_cmpl_cb : NULL;
1188 uint16_t conn_id;
1189 uint8_t operation;
1190
1191 VLOG(1) << __func__
1192 << StringPrintf(" status=%d op=%d subtype=%d", status,
1193 p_clcb->operation, p_clcb->op_subtype);
1194 memset(&cb_data.att_value, 0, sizeof(tGATT_VALUE));
1195
1196 if (p_cmpl_cb != NULL && p_clcb->operation != 0) {
1197 if (p_clcb->operation == GATTC_OPTYPE_READ) {
1198 cb_data.att_value.handle = p_clcb->s_handle;
1199 cb_data.att_value.len = p_clcb->counter;
1200
1201 if (p_data && p_clcb->counter)
1202 memcpy(cb_data.att_value.value, p_data, cb_data.att_value.len);
1203 }
1204
1205 if (p_clcb->operation == GATTC_OPTYPE_WRITE) {
1206 memset(&cb_data.att_value, 0, sizeof(tGATT_VALUE));
1207 cb_data.handle = cb_data.att_value.handle = p_clcb->s_handle;
1208 if (p_clcb->op_subtype == GATT_WRITE_PREPARE) {
1209 if (p_data) {
1210 cb_data.att_value = *((tGATT_VALUE*)p_data);
1211 } else {
1212 VLOG(1) << "Rcv Prepare write rsp but no data";
1213 }
1214 }
1215 }
1216
1217 if (p_clcb->operation == GATTC_OPTYPE_CONFIG)
1218 cb_data.mtu = p_clcb->p_tcb->payload_size;
1219
1220 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY) {
1221 disc_type = p_clcb->op_subtype;
1222 }
1223 }
1224
1225 osi_free_and_reset((void**)&p_clcb->p_attr_buf);
1226
1227 operation = p_clcb->operation;
1228 conn_id = p_clcb->conn_id;
1229 alarm_cancel(p_clcb->gatt_rsp_timer_ent);
1230
1231 gatt_clcb_dealloc(p_clcb);
1232
1233 if (p_disc_cmpl_cb && (op == GATTC_OPTYPE_DISCOVERY))
1234 (*p_disc_cmpl_cb)(conn_id, disc_type, status);
1235 else if (p_cmpl_cb && op)
1236 (*p_cmpl_cb)(conn_id, op, status, &cb_data);
1237 else
1238 LOG(WARNING) << __func__
1239 << StringPrintf(
1240 ": not sent out op=%d p_disc_cmpl_cb:%p p_cmpl_cb:%p",
1241 operation, p_disc_cmpl_cb, p_cmpl_cb);
1242 }
1243
1244 /** This function cleans up the control blocks when L2CAP channel disconnect */
gatt_cleanup_upon_disc(const RawAddress & bda,uint16_t reason,tBT_TRANSPORT transport)1245 void gatt_cleanup_upon_disc(const RawAddress& bda, uint16_t reason,
1246 tBT_TRANSPORT transport) {
1247 VLOG(1) << __func__;
1248
1249 tGATT_TCB* p_tcb = gatt_find_tcb_by_addr(bda, transport);
1250 if (!p_tcb) return;
1251
1252 gatt_set_ch_state(p_tcb, GATT_CH_CLOSE);
1253 for (uint8_t i = 0; i < GATT_CL_MAX_LCB; i++) {
1254 tGATT_CLCB* p_clcb = &gatt_cb.clcb[i];
1255 if (!p_clcb->in_use || p_clcb->p_tcb != p_tcb) continue;
1256
1257 alarm_cancel(p_clcb->gatt_rsp_timer_ent);
1258 VLOG(1) << "found p_clcb conn_id=" << +p_clcb->conn_id;
1259 if (p_clcb->operation == GATTC_OPTYPE_NONE) {
1260 gatt_clcb_dealloc(p_clcb);
1261 continue;
1262 }
1263
1264 gatt_end_operation(p_clcb, GATT_ERROR, NULL);
1265 }
1266
1267 alarm_free(p_tcb->ind_ack_timer);
1268 p_tcb->ind_ack_timer = NULL;
1269 alarm_free(p_tcb->conf_timer);
1270 p_tcb->conf_timer = NULL;
1271 gatt_free_pending_ind(p_tcb);
1272 fixed_queue_free(p_tcb->sr_cmd.multi_rsp_q, NULL);
1273 p_tcb->sr_cmd.multi_rsp_q = NULL;
1274
1275 for (uint8_t i = 0; i < GATT_MAX_APPS; i++) {
1276 tGATT_REG* p_reg = &gatt_cb.cl_rcb[i];
1277 if (p_reg->in_use && p_reg->app_cb.p_conn_cb) {
1278 uint16_t conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_reg->gatt_if);
1279 VLOG(1) << StringPrintf("found p_reg tcb_idx=%d gatt_if=%d conn_id=0x%x",
1280 p_tcb->tcb_idx, p_reg->gatt_if, conn_id);
1281 (*p_reg->app_cb.p_conn_cb)(p_reg->gatt_if, bda, conn_id, false, reason,
1282 transport);
1283 }
1284 }
1285
1286 *p_tcb = tGATT_TCB();
1287 VLOG(1) << __func__ << ": exit";
1288 }
1289 /*******************************************************************************
1290 *
1291 * Function gatt_dbg_req_op_name
1292 *
1293 * Description Get op code description name, for debug information.
1294 *
1295 * Returns uint8_t *: name of the operation.
1296 *
1297 ******************************************************************************/
gatt_dbg_op_name(uint8_t op_code)1298 uint8_t* gatt_dbg_op_name(uint8_t op_code) {
1299 uint8_t pseduo_op_code_idx = op_code & (~GATT_WRITE_CMD_MASK);
1300
1301 if (op_code == GATT_CMD_WRITE) {
1302 pseduo_op_code_idx = 0x14; /* just an index to op_code_name */
1303 }
1304
1305 if (op_code == GATT_SIGN_CMD_WRITE) {
1306 pseduo_op_code_idx = 0x15; /* just an index to op_code_name */
1307 }
1308
1309 if (pseduo_op_code_idx <= GATT_OP_CODE_MAX)
1310 return (uint8_t*)op_code_name[pseduo_op_code_idx];
1311 else
1312 return (uint8_t*)"Op Code Exceed Max";
1313 }
1314
1315 /** Remove the application interface for the specified background device */
gatt_auto_connect_dev_remove(tGATT_IF gatt_if,const RawAddress & bd_addr)1316 bool gatt_auto_connect_dev_remove(tGATT_IF gatt_if, const RawAddress& bd_addr) {
1317 tGATT_TCB* p_tcb = gatt_find_tcb_by_addr(bd_addr, BT_TRANSPORT_LE);
1318 if (p_tcb) gatt_update_app_use_link_flag(gatt_if, p_tcb, false, false);
1319 return connection_manager::background_connect_remove(gatt_if, bd_addr);
1320 }
1321