1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the NFC NCI transport.
22 * On the receive side, it routes events to the appropriate handler
23 * (callback). On the transmit side, it manages the command transmission.
24 *
25 ******************************************************************************/
26 #include <android-base/stringprintf.h>
27 #include <base/logging.h>
28 #include <log/log.h>
29
30 #include "nfc_target.h"
31
32 #include "include/debug_nfcsnoop.h"
33 #include "nci_defs.h"
34 #include "nci_hmsgs.h"
35 #include "nfc_api.h"
36 #include "nfc_int.h"
37 #include "rw_api.h"
38 #include "rw_int.h"
39
40 #include <statslog.h>
41 #include "metrics.h"
42
43 using android::base::StringPrintf;
44
45 #if (NFC_RW_ONLY == FALSE)
46 static const uint8_t nfc_mpl_code_to_size[] = {64, 128, 192, 254};
47
48 #endif /* NFC_RW_ONLY */
49 #if (APPL_DTA_MODE == TRUE)
50 // Global Structure varibale for FW Version
51 static tNFC_FW_VERSION nfc_fw_version;
52 #endif
53 #define NFC_PB_ATTRIB_REQ_FIXED_BYTES 1
54 #define NFC_LB_ATTRIB_REQ_FIXED_BYTES 8
55
56 extern unsigned char appl_dta_mode_flag;
57 extern bool nfc_debug_enabled;
58
59 static struct timeval timer_start;
60 static struct timeval timer_end;
61
62 /*******************************************************************************
63 **
64 ** Function nfc_ncif_update_window
65 **
66 ** Description Update tx cmd window to indicate that NFCC can received
67 **
68 ** Returns void
69 **
70 *******************************************************************************/
nfc_ncif_update_window(void)71 void nfc_ncif_update_window(void) {
72 /* Sanity check - see if we were expecting a update_window */
73 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
74 if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE) {
75 LOG(ERROR) << StringPrintf("nfc_ncif_update_window: Unexpected call");
76 }
77 return;
78 }
79
80 /* Stop command-pending timer */
81 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
82
83 nfc_cb.p_vsc_cback = nullptr;
84 nfc_cb.nci_cmd_window++;
85
86 /* Check if there were any commands waiting to be sent */
87 nfc_ncif_check_cmd_queue(nullptr);
88 }
89
90 /*******************************************************************************
91 **
92 ** Function nfc_ncif_cmd_timeout
93 **
94 ** Description Handle a command timeout
95 **
96 ** Returns void
97 **
98 *******************************************************************************/
nfc_ncif_cmd_timeout(void)99 void nfc_ncif_cmd_timeout(void) {
100 LOG(ERROR) << StringPrintf("nfc_ncif_cmd_timeout");
101
102 /* report an error */
103 nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
104 nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
105
106 /* if enabling NFC, notify upper layer of failure */
107 if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
108 nfc_enabled(NFC_STATUS_FAILED, nullptr);
109 }
110
111 /* XXX maco since this failure is unrecoverable, abort the process */
112 abort();
113 }
114
115 /*******************************************************************************
116 **
117 ** Function nfc_wait_2_deactivate_timeout
118 **
119 ** Description Handle a command timeout
120 **
121 ** Returns void
122 **
123 *******************************************************************************/
nfc_wait_2_deactivate_timeout(void)124 void nfc_wait_2_deactivate_timeout(void) {
125 LOG(ERROR) << StringPrintf("nfc_wait_2_deactivate_timeout");
126 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
127 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
128 }
129
130 /*******************************************************************************
131 **
132 ** Function nfc_ncif_send_data
133 **
134 ** Description This function is called to add the NCI data header
135 ** and send it to NCIT task for sending it to transport
136 ** as credits are available.
137 **
138 ** Returns void
139 **
140 *******************************************************************************/
nfc_ncif_send_data(tNFC_CONN_CB * p_cb,NFC_HDR * p_data)141 uint8_t nfc_ncif_send_data(tNFC_CONN_CB* p_cb, NFC_HDR* p_data) {
142 uint8_t* pp;
143 uint8_t* ps;
144 uint8_t ulen = NCI_MAX_PAYLOAD_SIZE;
145 NFC_HDR* p;
146 uint8_t pbf = 1;
147 uint8_t buffer_size = p_cb->buff_size;
148 uint8_t hdr0 = p_cb->conn_id;
149 bool fragmented = false;
150
151 DLOG_IF(INFO, nfc_debug_enabled)
152 << StringPrintf("nfc_ncif_send_data :%d, num_buff:%d qc:%d",
153 p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
154 if (p_cb->id == NFC_RF_CONN_ID) {
155 if (nfc_cb.nfc_state != NFC_STATE_OPEN) {
156 if (nfc_cb.nfc_state == NFC_STATE_CLOSING) {
157 if ((p_data == nullptr) && /* called because credit from NFCC */
158 (nfc_cb.flags & NFC_FL_DEACTIVATING)) {
159 if (p_cb->init_credits == p_cb->num_buff) {
160 /* all the credits are back */
161 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
162 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
163 "deactivating NFC-DEP init_credits:%d, num_buff:%d",
164 p_cb->init_credits, p_cb->num_buff);
165 nfc_stop_timer(&nfc_cb.deactivate_timer);
166 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
167 }
168 }
169 }
170 return NCI_STATUS_FAILED;
171 }
172 }
173
174 if (p_data) {
175 /* always enqueue the data to the tx queue */
176 GKI_enqueue(&p_cb->tx_q, p_data);
177 }
178
179 /* try to send the first data packet in the tx queue */
180 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
181
182 /* post data fragment to NCIT task as credits are available */
183 while (p_data && (p_cb->num_buff > 0)) {
184 if (p_data->len <= buffer_size) {
185 pbf = 0; /* last fragment */
186 ulen = (uint8_t)(p_data->len);
187 fragmented = false;
188 } else {
189 fragmented = true;
190 ulen = buffer_size;
191 }
192
193 if (!fragmented) {
194 /* if data packet is not fragmented, use the original buffer */
195 p = p_data;
196 p_data = (NFC_HDR*)GKI_dequeue(&p_cb->tx_q);
197 } else {
198 /* the data packet is too big and need to be fragmented
199 * prepare a new GKI buffer
200 * (even the last fragment to avoid issues) */
201 p = NCI_GET_CMD_BUF(ulen);
202 if (p == nullptr) return (NCI_STATUS_BUFFER_FULL);
203 p->len = ulen;
204 p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
205 if (p->len) {
206 pp = (uint8_t*)(p + 1) + p->offset;
207 ps = (uint8_t*)(p_data + 1) + p_data->offset;
208 memcpy(pp, ps, ulen);
209 }
210 /* adjust the NFC_HDR on the old fragment */
211 p_data->len -= ulen;
212 p_data->offset += ulen;
213 }
214
215 p->event = BT_EVT_TO_NFC_NCI;
216 p->layer_specific = pbf;
217 p->len += NCI_DATA_HDR_SIZE;
218 p->offset -= NCI_DATA_HDR_SIZE;
219 pp = (uint8_t*)(p + 1) + p->offset;
220 /* build NCI Data packet header */
221 NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
222
223 if (p_cb->num_buff != NFC_CONN_NO_FC) p_cb->num_buff--;
224
225 /* send to HAL */
226 HAL_WRITE(p);
227 nfcsnoop_capture(p, false);
228
229 if (!fragmented) {
230 /* check if there are more data to send */
231 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
232 }
233 }
234
235 // log duration for the first hce data response
236 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
237 gettimeofday(&timer_end, nullptr);
238 uint32_t delta_time_ms = (timer_end.tv_sec - timer_start.tv_sec) * 1000 +
239 (timer_end.tv_usec - timer_start.tv_usec) / 1000;
240 memset(&timer_start, 0, sizeof(timer_start));
241 memset(&timer_end, 0, sizeof(timer_end));
242 android::util::stats_write(android::util::NFC_HCE_TRANSACTION_OCCURRED,
243 (int32_t)delta_time_ms);
244 }
245 return (NCI_STATUS_OK);
246 }
247
248 /*******************************************************************************
249 **
250 ** Function nfc_ncif_check_cmd_queue
251 **
252 ** Description Send NCI command to the transport
253 **
254 ** Returns void
255 **
256 *******************************************************************************/
nfc_ncif_check_cmd_queue(NFC_HDR * p_buf)257 void nfc_ncif_check_cmd_queue(NFC_HDR* p_buf) {
258 uint8_t* ps;
259 /* If there are commands waiting in the xmit queue, or if the controller
260 * cannot accept any more commands, */
261 /* then enqueue this command */
262 if (p_buf) {
263 if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0)) {
264 GKI_enqueue(&nfc_cb.nci_cmd_xmit_q, p_buf);
265 p_buf = nullptr;
266 }
267 }
268
269 /* If controller can accept another command, then send the next command */
270 if (nfc_cb.nci_cmd_window > 0) {
271 /* If no command was provided, or if older commands were in the queue, then
272 * get cmd from the queue */
273 if (!p_buf) p_buf = (NFC_HDR*)GKI_dequeue(&nfc_cb.nci_cmd_xmit_q);
274
275 if (p_buf) {
276 /* save the message header to double check the response */
277 ps = (uint8_t*)(p_buf + 1) + p_buf->offset;
278 memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
279 memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
280 if (p_buf->layer_specific == NFC_WAIT_RSP_VSC) {
281 /* save the callback for NCI VSCs) */
282 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
283 } else if (p_buf->layer_specific == NFC_WAIT_RSP_RAW_VS) {
284 /* save the callback for RAW VS */
285 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
286 nfc_cb.rawVsCbflag = true;
287 }
288
289 /* Indicate command is pending */
290 nfc_cb.nci_cmd_window--;
291
292 /* send to HAL */
293 HAL_WRITE(p_buf);
294 /* start NFC command-timeout timer */
295 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
296 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
297 nfc_cb.nci_wait_rsp_tout);
298 }
299 }
300
301 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
302 /* the command queue must be empty now */
303 if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED) {
304 /* HAL requested control or stack needs to handle pre-discover */
305 nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
306 if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
307 if (nfc_cb.p_hal->prediscover()) {
308 /* HAL has the command window now */
309 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
310 nfc_cb.nci_cmd_window = 0;
311 } else {
312 /* HAL does not need to send command,
313 * - restore the command window and issue the discovery command now */
314 nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
315 ps = (uint8_t*)nfc_cb.p_disc_pending;
316 nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
317 GKI_freebuf(nfc_cb.p_disc_pending);
318 nfc_cb.p_disc_pending = nullptr;
319 }
320 } else if (nfc_cb.flags & NFC_FL_HAL_REQUESTED) {
321 /* grant the control to HAL */
322 nfc_cb.flags &= ~NFC_FL_HAL_REQUESTED;
323 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
324 nfc_cb.nci_cmd_window = 0;
325 nfc_cb.p_hal->control_granted();
326 }
327 }
328 }
329 }
330
331 #if (APPL_DTA_MODE == TRUE)
332 /*******************************************************************************
333 **
334 ** Function nfc_ncif_getFWVersion
335 **
336 ** Description This function is called to fet the FW Version
337 **
338 ** Returns tNFC_FW_VERSION
339 **
340 *******************************************************************************/
nfc_ncif_getFWVersion()341 tNFC_FW_VERSION nfc_ncif_getFWVersion() { return nfc_fw_version; }
342 #endif
343
344 /*******************************************************************************
345 **
346 ** Function nfc_ncif_send_cmd
347 **
348 ** Description Send NCI command to the NCIT task
349 **
350 ** Returns void
351 **
352 *******************************************************************************/
nfc_ncif_send_cmd(NFC_HDR * p_buf)353 void nfc_ncif_send_cmd(NFC_HDR* p_buf) {
354 /* post the p_buf to NCIT task */
355 p_buf->event = BT_EVT_TO_NFC_NCI;
356 p_buf->layer_specific = 0;
357 nfcsnoop_capture(p_buf, false);
358 nfc_ncif_check_cmd_queue(p_buf);
359 }
360
361 /*******************************************************************************
362 **
363 ** Function nfc_ncif_process_event
364 **
365 ** Description This function is called to process the
366 ** data/response/notification from NFCC
367 **
368 ** Returns TRUE if need to free buffer
369 **
370 *******************************************************************************/
nfc_ncif_process_event(NFC_HDR * p_msg)371 bool nfc_ncif_process_event(NFC_HDR* p_msg) {
372 uint8_t mt, pbf, gid, *p;
373 bool free = true;
374 uint8_t oid;
375 uint16_t len;
376 uint8_t *p_old, old_gid, old_oid, old_mt;
377
378 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
379
380 if (p_msg->len < 3) {
381 // Per NCI spec, every packets should have at least 3 bytes: HDR0, HDR1, and
382 // LEN field.
383 LOG(ERROR) << StringPrintf("Invalid NCI packet: p_msg->len: %d",
384 p_msg->len);
385 return free;
386 }
387
388 // LEN field contains the size of the payload, not including the 3-byte packet
389 // header.
390 len = p[2] + 3;
391 if (p_msg->len < len) {
392 // Making sure the packet holds enough data than it claims.
393 LOG(ERROR) << StringPrintf("Invalid NCI packet: p_msg->len (%d) < len (%d)",
394 p_msg->len, len);
395 return free;
396 }
397
398 NCI_MSG_PRS_HDR0(p, mt, pbf, gid);
399 oid = ((*p) & NCI_OID_MASK);
400 if (nfc_cb.rawVsCbflag == true &&
401 nfc_ncif_proc_proprietary_rsp(mt, gid, oid) == true) {
402 nci_proc_prop_raw_vs_rsp(p_msg);
403 nfc_cb.rawVsCbflag = false;
404 return free;
405 }
406
407 nfcsnoop_capture(p_msg, true);
408 switch (mt) {
409 case NCI_MT_DATA:
410 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("NFC received data");
411 nfc_ncif_proc_data(p_msg);
412 free = false;
413 break;
414
415 case NCI_MT_RSP:
416 DLOG_IF(INFO, nfc_debug_enabled)
417 << StringPrintf("NFC received rsp gid:%d", gid);
418 oid = ((*p) & NCI_OID_MASK);
419 p_old = nfc_cb.last_hdr;
420 NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
421 old_oid = ((*p_old) & NCI_OID_MASK);
422 /* make sure this is the RSP we are waiting for before updating the
423 * command window */
424 if ((old_gid != gid) || (old_oid != oid)) {
425 LOG(ERROR) << StringPrintf(
426 "nfc_ncif_process_event unexpected rsp: gid:0x%x, oid:0x%x", gid,
427 oid);
428 return true;
429 }
430
431 switch (gid) {
432 case NCI_GID_CORE: /* 0000b NCI Core group */
433 free = nci_proc_core_rsp(p_msg);
434 break;
435 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
436 nci_proc_rf_management_rsp(p_msg);
437 break;
438 #if (NFC_NFCEE_INCLUDED == TRUE)
439 #if (NFC_RW_ONLY == FALSE)
440 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
441 nci_proc_ee_management_rsp(p_msg);
442 break;
443 #endif
444 #endif
445 case NCI_GID_PROP: /* 1111b Proprietary */
446 nci_proc_prop_rsp(p_msg);
447 break;
448 default:
449 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
450 break;
451 }
452
453 nfc_ncif_update_window();
454 break;
455
456 case NCI_MT_NTF:
457 DLOG_IF(INFO, nfc_debug_enabled)
458 << StringPrintf("NFC received ntf gid:%d", gid);
459 switch (gid) {
460 case NCI_GID_CORE: /* 0000b NCI Core group */
461 nci_proc_core_ntf(p_msg);
462 break;
463 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
464 nci_proc_rf_management_ntf(p_msg);
465 break;
466 #if (NFC_NFCEE_INCLUDED == TRUE)
467 #if (NFC_RW_ONLY == FALSE)
468 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
469 nci_proc_ee_management_ntf(p_msg);
470 break;
471 #endif
472 #endif
473 case NCI_GID_PROP: /* 1111b Proprietary */
474 nci_proc_prop_ntf(p_msg);
475 break;
476 default:
477 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
478 break;
479 }
480 break;
481
482 default:
483 DLOG_IF(INFO, nfc_debug_enabled)
484 << StringPrintf("NFC received unknown mt:0x%x, gid:%d", mt, gid);
485 }
486
487 return (free);
488 }
489
490 /*******************************************************************************
491 **
492 ** Function nfc_ncif_rf_management_status
493 **
494 ** Description This function is called to report an event
495 **
496 ** Returns void
497 **
498 *******************************************************************************/
nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event,uint8_t status)499 void nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event, uint8_t status) {
500 tNFC_DISCOVER evt_data;
501 if (nfc_cb.p_discv_cback) {
502 evt_data.status = (tNFC_STATUS)status;
503 (*nfc_cb.p_discv_cback)(event, &evt_data);
504 }
505 }
506
507 /*******************************************************************************
508 **
509 ** Function nfc_ncif_set_config_status
510 **
511 ** Description This function is called to report NFC_SET_CONFIG_REVT
512 **
513 ** Returns void
514 **
515 *******************************************************************************/
nfc_ncif_set_config_status(uint8_t * p,uint8_t len)516 void nfc_ncif_set_config_status(uint8_t* p, uint8_t len) {
517 tNFC_RESPONSE evt_data;
518 if (nfc_cb.p_resp_cback) {
519 evt_data.set_config.num_param_id = 0;
520 if (len == 0) {
521 LOG(ERROR) << StringPrintf("Insufficient RSP length");
522 evt_data.set_config.status = NFC_STATUS_SYNTAX_ERROR;
523 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
524 return;
525 }
526 evt_data.set_config.status = (tNFC_STATUS)*p++;
527 if (evt_data.set_config.status != NFC_STATUS_OK && len > 1) {
528 evt_data.set_config.num_param_id = *p++;
529 if (evt_data.set_config.num_param_id > NFC_MAX_NUM_IDS) {
530 android_errorWriteLog(0x534e4554, "114047681");
531 LOG(ERROR) << StringPrintf("OOB write num_param_id %d",
532 evt_data.set_config.num_param_id);
533 evt_data.set_config.num_param_id = 0;
534 } else if (evt_data.set_config.num_param_id <= len - 2) {
535 STREAM_TO_ARRAY(evt_data.set_config.param_ids, p,
536 evt_data.set_config.num_param_id);
537 } else {
538 LOG(ERROR) << StringPrintf("Insufficient RSP length %d,num_param_id %d",
539 len, evt_data.set_config.num_param_id);
540 evt_data.set_config.num_param_id = 0;
541 }
542 }
543 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
544 }
545 }
546
547 /*******************************************************************************
548 **
549 ** Function nfc_ncif_event_status
550 **
551 ** Description This function is called to report an event
552 **
553 ** Returns void
554 **
555 *******************************************************************************/
nfc_ncif_event_status(tNFC_RESPONSE_EVT event,uint8_t status)556 void nfc_ncif_event_status(tNFC_RESPONSE_EVT event, uint8_t status) {
557 tNFC_RESPONSE evt_data;
558 if (event == NFC_NFCC_TIMEOUT_REVT && status == NFC_STATUS_HW_TIMEOUT) {
559 uint32_t cmd_hdr = (nfc_cb.last_hdr[0] << 8) | nfc_cb.last_hdr[1];
560 android::util::stats_write(android::util::NFC_ERROR_OCCURRED,
561 (int32_t)NCI_TIMEOUT, (int32_t)cmd_hdr,
562 (int32_t)status);
563 }
564 if (nfc_cb.p_resp_cback) {
565 evt_data.status = (tNFC_STATUS)status;
566 (*nfc_cb.p_resp_cback)(event, &evt_data);
567 }
568 }
569
570 /*******************************************************************************
571 **
572 ** Function nfc_ncif_error_status
573 **
574 ** Description This function is called to report an error event to data
575 ** cback
576 **
577 ** Returns void
578 **
579 *******************************************************************************/
nfc_ncif_error_status(uint8_t conn_id,uint8_t status)580 void nfc_ncif_error_status(uint8_t conn_id, uint8_t status) {
581 tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
582 if (p_cb && p_cb->p_cback) {
583 tNFC_CONN nfc_conn;
584 nfc_conn.status = status;
585 (*p_cb->p_cback)(conn_id, NFC_ERROR_CEVT, &nfc_conn);
586 }
587 android::util::stats_write(android::util::NFC_ERROR_OCCURRED,
588 (int32_t)ERROR_NTF, (int32_t)0, (int32_t)status);
589 }
590
591 /*******************************************************************************
592 **
593 ** Function nfc_ncif_proc_rf_field_ntf
594 **
595 ** Description This function is called to process RF field notification
596 **
597 ** Returns void
598 **
599 *******************************************************************************/
600 #if (NFC_RW_ONLY == FALSE)
nfc_ncif_proc_rf_field_ntf(uint8_t rf_status)601 void nfc_ncif_proc_rf_field_ntf(uint8_t rf_status) {
602 tNFC_RESPONSE evt_data;
603 if (nfc_cb.p_resp_cback) {
604 evt_data.status = (tNFC_STATUS)NFC_STATUS_OK;
605 evt_data.rf_field.rf_field = rf_status;
606 (*nfc_cb.p_resp_cback)(NFC_RF_FIELD_REVT, &evt_data);
607 }
608 }
609 #endif
610
611 /*******************************************************************************
612 **
613 ** Function nfc_ncif_proc_credits
614 **
615 ** Description This function is called to process data credits
616 **
617 ** Returns void
618 **
619 *******************************************************************************/
nfc_ncif_proc_credits(uint8_t * p,uint16_t plen)620 void nfc_ncif_proc_credits(uint8_t* p, uint16_t plen) {
621 uint8_t num, xx;
622 tNFC_CONN_CB* p_cb;
623
624 if (plen != 0) {
625 num = *p++;
626 plen--;
627 if (num > plen) {
628 android_errorWriteLog(0x534e4554, "118148142");
629 return;
630 }
631 for (xx = 0; xx < num; xx++) {
632 p_cb = nfc_find_conn_cb_by_conn_id(*p++);
633 if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC) {
634 p_cb->num_buff += (*p);
635 #if (BT_USE_TRACES == TRUE)
636 if (p_cb->num_buff > p_cb->init_credits) {
637 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
638 /* if this happens in activated state, it's very likely that our
639 * NFCC has issues */
640 /* However, credit may be returned after deactivation */
641 LOG(ERROR) << StringPrintf("num_buff:0x%x, init_credits:0x%x",
642 p_cb->num_buff, p_cb->init_credits);
643 }
644 p_cb->num_buff = p_cb->init_credits;
645 }
646 #endif
647 /* check if there's nay data in tx q to be sent */
648 nfc_ncif_send_data(p_cb, nullptr);
649 }
650 p++;
651 }
652 }
653 }
654 /*******************************************************************************
655 **
656 ** Function nfc_ncif_decode_rf_params
657 **
658 ** Description This function is called to process the detected technology
659 ** and mode and the associated parameters for DISCOVER_NTF and
660 ** ACTIVATE_NTF
661 **
662 ** Returns void
663 **
664 *******************************************************************************/
nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS * p_param,uint8_t * p)665 uint8_t* nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS* p_param, uint8_t* p) {
666 tNFC_RF_PA_PARAMS* p_pa;
667 uint8_t len, *p_start, u8;
668 tNFC_RF_PB_PARAMS* p_pb;
669 tNFC_RF_LF_PARAMS* p_lf;
670 tNFC_RF_PF_PARAMS* p_pf;
671 tNFC_RF_PISO15693_PARAMS* p_i93;
672 tNFC_RF_ACM_P_PARAMS* acm_p;
673 uint8_t mpl_idx = 0;
674 uint8_t gb_idx = 0, mpl;
675 len = *p++;
676 p_start = p;
677 memset(&p_param->param, 0, sizeof(tNFC_RF_TECH_PARAMU));
678
679 if (NCI_DISCOVERY_TYPE_POLL_A == p_param->mode ||
680 (NCI_DISCOVERY_TYPE_POLL_A_ACTIVE == p_param->mode &&
681 NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
682 p_pa = &p_param->param.pa;
683 /*
684 SENS_RES Response 2 bytes Defined in [DIGPROT] Available after Technology
685 Detection
686 NFCID1 length 1 byte Length of NFCID1 Available after Collision Resolution
687 NFCID1 4, 7, or 10 bytes Defined in [DIGPROT]Available after Collision
688 Resolution
689 SEL_RES Response 1 byte Defined in [DIGPROT]Available after Collision
690 Resolution
691 HRx Length 1 Octets Length of HRx Parameters collected from the response to
692 the T1T RID command.
693 HRx 0 or 2 Octets If present, the first byte SHALL contain HR0 and the second
694 byte SHALL contain HR1 as defined in [DIGITAL].
695 */
696 STREAM_TO_ARRAY(p_pa->sens_res, p, 2);
697 p_pa->nfcid1_len = *p++;
698 if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
699 p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
700 STREAM_TO_ARRAY(p_pa->nfcid1, p, p_pa->nfcid1_len);
701 u8 = *p++;
702 if (u8) p_pa->sel_rsp = *p++;
703 if (len ==
704 (7 + p_pa->nfcid1_len + u8)) /* 2(sens_res) + 1(len) +
705 p_pa->nfcid1_len + 1(len) + u8 + hr
706 (1:len + 2) */
707 {
708 p_pa->hr_len = *p++;
709 if (p_pa->hr_len == NCI_T1T_HR_LEN) {
710 p_pa->hr[0] = *p++;
711 p_pa->hr[1] = *p;
712 }
713 }
714 } else if (NCI_DISCOVERY_TYPE_POLL_B == p_param->mode) {
715 /*
716 SENSB_RES Response length (n) 1 byte Length of SENSB_RES Response (Byte 2 -
717 Byte 12 or 13)Available after Technology Detection
718 SENSB_RES Response Byte 2 - Byte 12 or 13 11 or 12 bytes Defined in [DIGPROT]
719 Available after Technology Detection
720 */
721 p_pb = &p_param->param.pb;
722 p_pb->sensb_res_len = *p++;
723 if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
724 p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
725 STREAM_TO_ARRAY(p_pb->sensb_res, p, p_pb->sensb_res_len);
726 memcpy(p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
727 } else if (NCI_DISCOVERY_TYPE_POLL_F == p_param->mode ||
728 (NCI_DISCOVERY_TYPE_POLL_F_ACTIVE == p_param->mode &&
729 NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
730 /*
731 Bit Rate 1 byte 1 212 kbps/2 424 kbps/0 and 3 to 255 RFU
732 SENSF_RES Response length.(n) 1 byte Length of SENSF_RES (Byte 2 - Byte 17 or
733 19).Available after Technology Detection
734 SENSF_RES Response Byte 2 - Byte 17 or 19 n bytes Defined in [DIGPROT]
735 Available after Technology Detection
736 */
737 p_pf = &p_param->param.pf;
738 p_pf->bit_rate = *p++;
739 p_pf->sensf_res_len = *p++;
740 if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
741 p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
742 STREAM_TO_ARRAY(p_pf->sensf_res, p, p_pf->sensf_res_len);
743 memcpy(p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
744 p_pf->mrti_check = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
745 p_pf->mrti_update = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
746 } else if (NCI_DISCOVERY_TYPE_LISTEN_F == p_param->mode ||
747 (NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE == p_param->mode &&
748 NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
749 p_lf = &p_param->param.lf;
750 u8 = *p++;
751 if (u8) {
752 STREAM_TO_ARRAY(p_lf->nfcid2, p, NCI_NFCID2_LEN);
753 }
754 } else if (NCI_DISCOVERY_TYPE_POLL_V == p_param->mode) {
755 p_i93 = &p_param->param.pi93;
756 p_i93->flag = *p++;
757 p_i93->dsfid = *p++;
758 STREAM_TO_ARRAY(p_i93->uid, p, NFC_ISO15693_UID_LEN);
759 } else if (NCI_DISCOVERY_TYPE_POLL_KOVIO == p_param->mode) {
760 p_param->param.pk.uid_len = len;
761 if (p_param->param.pk.uid_len > NFC_KOVIO_MAX_LEN) {
762 LOG(ERROR) << StringPrintf("Kovio UID len:0x%x exceeds max(0x%x)",
763 p_param->param.pk.uid_len, NFC_KOVIO_MAX_LEN);
764 p_param->param.pk.uid_len = NFC_KOVIO_MAX_LEN;
765 }
766 STREAM_TO_ARRAY(p_param->param.pk.uid, p, p_param->param.pk.uid_len);
767 } else if (NCI_DISCOVERY_TYPE_POLL_ACTIVE == p_param->mode) {
768 acm_p = &p_param->param.acm_p;
769 acm_p->atr_res_len = *p++;
770 if (acm_p->atr_res_len > 0) {
771 if (acm_p->atr_res_len > NFC_MAX_ATS_LEN)
772 acm_p->atr_res_len = NFC_MAX_ATS_LEN;
773 STREAM_TO_ARRAY(acm_p->atr_res, p, acm_p->atr_res_len);
774 /* ATR_RES
775 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
776 NFCID3T DIDT BST BRT TO PPT [GT0 ... GTn] */
777 mpl_idx = 14;
778 gb_idx = NCI_P_GEN_BYTE_INDEX;
779 acm_p->waiting_time = acm_p->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
780 mpl = ((acm_p->atr_res[mpl_idx]) >> 4) & 0x03;
781 acm_p->max_payload_size = nfc_mpl_code_to_size[mpl];
782 if (acm_p->atr_res_len > gb_idx) {
783 acm_p->gen_bytes_len = acm_p->atr_res_len - gb_idx;
784 if (acm_p->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
785 acm_p->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
786 memcpy(acm_p->gen_bytes, &acm_p->atr_res[gb_idx], acm_p->gen_bytes_len);
787 }
788 }
789 } else if (NCI_DISCOVERY_TYPE_LISTEN_ACTIVE == p_param->mode) {
790 acm_p = &p_param->param.acm_p;
791 acm_p->atr_res_len = *p++;
792 if (acm_p->atr_res_len > 0) {
793 if (acm_p->atr_res_len > NFC_MAX_ATS_LEN)
794 acm_p->atr_res_len = NFC_MAX_ATS_LEN;
795 STREAM_TO_ARRAY(acm_p->atr_res, p, acm_p->atr_res_len);
796 /* ATR_REQ
797 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
798 NFCID3I DIDI BSI BRI PPI [GI0 ... GIn] */
799 mpl_idx = 13;
800 gb_idx = NCI_L_GEN_BYTE_INDEX;
801 mpl = ((acm_p->atr_res[mpl_idx]) >> 4) & 0x03;
802 acm_p->max_payload_size = nfc_mpl_code_to_size[mpl];
803 if (acm_p->atr_res_len > gb_idx) {
804 acm_p->gen_bytes_len = acm_p->atr_res_len - gb_idx;
805 if (acm_p->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
806 acm_p->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
807 memcpy(acm_p->gen_bytes, &acm_p->atr_res[gb_idx], acm_p->gen_bytes_len);
808 }
809 }
810 }
811
812 return (p_start + len);
813 }
814
815 /*******************************************************************************
816 **
817 ** Function nfc_ncif_proc_discover_ntf
818 **
819 ** Description This function is called to process discover notification
820 **
821 ** Returns void
822 **
823 *******************************************************************************/
nfc_ncif_proc_discover_ntf(uint8_t * p,uint16_t plen)824 void nfc_ncif_proc_discover_ntf(uint8_t* p,
825 __attribute__((unused)) uint16_t plen) {
826 tNFC_DISCOVER evt_data;
827
828 if (nfc_cb.p_discv_cback) {
829 p += NCI_MSG_HDR_SIZE;
830 evt_data.status = NCI_STATUS_OK;
831 evt_data.result.rf_disc_id = *p++;
832 evt_data.result.protocol = *p++;
833
834 /* fill in tNFC_RESULT_DEVT */
835 evt_data.result.rf_tech_param.mode = *p++;
836 p = nfc_ncif_decode_rf_params(&evt_data.result.rf_tech_param, p);
837
838 evt_data.result.more = *p++;
839 (*nfc_cb.p_discv_cback)(NFC_RESULT_DEVT, &evt_data);
840 }
841 }
842
843 /*******************************************************************************
844 **
845 ** Function nfc_ncif_proc_isodep_nak_presence_check_status
846 **
847 ** Description This function is called to handle response and notification
848 ** for presence check nak command
849 **
850 ** Returns void
851 **
852 *******************************************************************************/
nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,bool is_ntf)853 void nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,
854 bool is_ntf) {
855 rw_t4t_handle_isodep_nak_rsp(status, is_ntf);
856 }
857 /*******************************************************************************
858 **
859 ** Function nfc_ncif_proc_activate
860 **
861 ** Description This function is called to process de-activate
862 ** response and notification
863 **
864 ** Returns void
865 **
866 *******************************************************************************/
nfc_ncif_proc_activate(uint8_t * p,uint8_t len)867 void nfc_ncif_proc_activate(uint8_t* p, uint8_t len) {
868 tNFC_DISCOVER evt_data;
869 tNFC_INTF_PARAMS* p_intf = &evt_data.activate.intf_param;
870 tNFC_INTF_PA_ISO_DEP* p_pa_iso;
871 tNFC_INTF_LB_ISO_DEP* p_lb_iso;
872 tNFC_INTF_PB_ISO_DEP* p_pb_iso;
873 #if (NFC_RW_ONLY == FALSE)
874 tNFC_INTF_PA_NFC_DEP* p_pa_nfc;
875 int mpl_idx = 0;
876 uint8_t gb_idx = 0, mpl;
877 #endif
878 uint8_t t0;
879 tNCI_DISCOVERY_TYPE mode;
880 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
881 uint8_t *pp, len_act;
882 uint8_t buff_size, num_buff;
883 tNFC_RF_PA_PARAMS* p_pa;
884
885 nfc_set_state(NFC_STATE_OPEN);
886
887 memset(p_intf, 0, sizeof(tNFC_INTF_PARAMS));
888 evt_data.activate.rf_disc_id = *p++;
889 p_intf->type = *p++;
890 evt_data.activate.protocol = *p++;
891
892 if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
893 evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
894
895 evt_data.activate.rf_tech_param.mode = *p++;
896 buff_size = *p++;
897 num_buff = *p++;
898 /* fill in tNFC_activate_DEVT */
899 p = nfc_ncif_decode_rf_params(&evt_data.activate.rf_tech_param, p);
900
901 evt_data.activate.data_mode = *p++;
902 evt_data.activate.tx_bitrate = *p++;
903 evt_data.activate.rx_bitrate = *p++;
904 mode = evt_data.activate.rf_tech_param.mode;
905 len_act = *p++;
906 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
907 "nfc_ncif_proc_activate:%d %d, mode:0x%02x", len, len_act, mode);
908 /* just in case the interface reports activation parameters not defined in the
909 * NCI spec */
910 p_intf->intf_param.frame.param_len = len_act;
911 if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
912 p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
913 pp = p;
914 STREAM_TO_ARRAY(p_intf->intf_param.frame.param, pp,
915 p_intf->intf_param.frame.param_len);
916 if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP) {
917 /* Make max payload of NCI aligned to max payload of ISO-DEP for better
918 * performance */
919 if (buff_size > NCI_ISO_DEP_MAX_INFO) buff_size = NCI_ISO_DEP_MAX_INFO;
920
921 switch (mode) {
922 case NCI_DISCOVERY_TYPE_POLL_A:
923 p_pa_iso = &p_intf->intf_param.pa_iso;
924 p_pa_iso->ats_res_len = *p++;
925
926 if (p_pa_iso->ats_res_len == 0) break;
927
928 if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
929 p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
930 STREAM_TO_ARRAY(p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
931 pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
932 t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
933 pp++; /* T0 */
934 if (t0 & NCI_ATS_TA_MASK) pp++; /* TA */
935 if (t0 & NCI_ATS_TB_MASK) {
936 /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time
937 * Integer) */
938 p_pa_iso->fwi = (((*pp) >> 4) & 0x0F);
939 p_pa_iso->sfgi = ((*pp) & 0x0F);
940 pp++; /* TB */
941 }
942 if (t0 & NCI_ATS_TC_MASK) {
943 p_pa_iso->nad_used = ((*pp) & 0x01);
944 pp++; /* TC */
945 }
946 p_pa_iso->his_byte_len =
947 (uint8_t)(p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
948 if (p_pa_iso->his_byte_len > NFC_MAX_HIS_BYTES_LEN)
949 p_pa_iso->his_byte_len = NFC_MAX_HIS_BYTES_LEN;
950 memcpy(p_pa_iso->his_byte, pp, p_pa_iso->his_byte_len);
951 break;
952
953 case NCI_DISCOVERY_TYPE_LISTEN_A:
954 p_intf->intf_param.la_iso.rats = *p++;
955 gettimeofday(&timer_start, nullptr);
956 break;
957
958 case NCI_DISCOVERY_TYPE_POLL_B:
959 /* ATTRIB RSP
960 Byte 1 Byte 2 ~ 2+n-1
961 MBLI/DID Higher layer - Response
962 */
963 p_pb_iso = &p_intf->intf_param.pb_iso;
964 p_pb_iso->attrib_res_len = *p++;
965
966 if (p_pb_iso->attrib_res_len == 0) break;
967
968 if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
969 p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
970 STREAM_TO_ARRAY(p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
971 p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
972 if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES) {
973 p_pb_iso->hi_info_len =
974 p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
975 if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
976 p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
977 memcpy(p_pb_iso->hi_info,
978 &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES],
979 p_pb_iso->hi_info_len);
980 }
981 break;
982
983 case NCI_DISCOVERY_TYPE_LISTEN_B:
984 /* ATTRIB CMD
985 Byte 2~5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 ~ 10+k-1
986 NFCID0 Param 1 Param 2 Param 3 Param 4 Higher layer - INF
987 */
988 p_lb_iso = &p_intf->intf_param.lb_iso;
989 p_lb_iso->attrib_req_len = *p++;
990
991 if (p_lb_iso->attrib_req_len == 0) break;
992
993 if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
994 p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
995 STREAM_TO_ARRAY(p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
996 memcpy(p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
997 if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES) {
998 p_lb_iso->hi_info_len =
999 p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
1000 if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1001 p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1002 memcpy(p_lb_iso->hi_info,
1003 &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES],
1004 p_lb_iso->hi_info_len);
1005 }
1006 gettimeofday(&timer_start, nullptr);
1007 break;
1008 }
1009
1010 }
1011 #if (NFC_RW_ONLY == FALSE)
1012 else if (evt_data.activate.intf_param.type == NCI_INTERFACE_NFC_DEP) {
1013 /* Make max payload of NCI aligned to max payload of NFC-DEP for better
1014 * performance */
1015 if (buff_size > NCI_NFC_DEP_MAX_DATA) buff_size = NCI_NFC_DEP_MAX_DATA;
1016
1017 p_pa_nfc = &p_intf->intf_param.pa_nfc;
1018
1019 /* Active mode, no info in activation parameters (NCI 2.0) */
1020 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1021 ((mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE) ||
1022 (mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE))) {
1023 p_pa_nfc->atr_res_len =
1024 evt_data.activate.rf_tech_param.param.acm_p.atr_res_len;
1025 } else {
1026 p_pa_nfc->atr_res_len = *p++;
1027 }
1028
1029 if (p_pa_nfc->atr_res_len > 0) {
1030 if (p_pa_nfc->atr_res_len > NFC_MAX_ATS_LEN)
1031 p_pa_nfc->atr_res_len = NFC_MAX_ATS_LEN;
1032
1033 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1034 ((mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE) ||
1035 (mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE))) {
1036 /* NCI 2.0 : ATR_RES is included in RF technology parameters in active mode */
1037 memcpy(p_pa_nfc->atr_res,
1038 evt_data.activate.rf_tech_param.param.acm_p.atr_res,
1039 p_pa_nfc->atr_res_len);
1040 } else {
1041 STREAM_TO_ARRAY(p_pa_nfc->atr_res, p, p_pa_nfc->atr_res_len);
1042 }
1043
1044 if ((mode == NCI_DISCOVERY_TYPE_POLL_A) ||
1045 (mode == NCI_DISCOVERY_TYPE_POLL_F) ||
1046 ((mode == NCI_DISCOVERY_TYPE_POLL_A_ACTIVE ||
1047 mode == NCI_DISCOVERY_TYPE_POLL_F_ACTIVE) &&
1048 NFC_GetNCIVersion() != NCI_VERSION_2_0) ||
1049 (NFC_GetNCIVersion() == NCI_VERSION_2_0 &&
1050 mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE)) {
1051 /* ATR_RES
1052 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
1053 NFCID3T DIDT BST BRT TO PPT [GT0 ... GTn] */
1054 mpl_idx = 14;
1055 gb_idx = NCI_P_GEN_BYTE_INDEX;
1056 p_pa_nfc->waiting_time =
1057 p_pa_nfc->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
1058 } else if ((mode == NCI_DISCOVERY_TYPE_LISTEN_A) ||
1059 (mode == NCI_DISCOVERY_TYPE_LISTEN_F) ||
1060 (NFC_GetNCIVersion() != NCI_VERSION_2_0 &&
1061 (mode == NCI_DISCOVERY_TYPE_LISTEN_A_ACTIVE ||
1062 mode == NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE)) ||
1063 (NFC_GetNCIVersion() == NCI_VERSION_2_0 &&
1064 mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE)) {
1065 /* ATR_REQ
1066 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
1067 NFCID3I DIDI BSI BRI PPI [GI0 ... GIn] */
1068 mpl_idx = 13;
1069 gb_idx = NCI_L_GEN_BYTE_INDEX;
1070 }
1071
1072 mpl = ((p_pa_nfc->atr_res[mpl_idx]) >> 4) & 0x03;
1073 p_pa_nfc->max_payload_size = nfc_mpl_code_to_size[mpl];
1074 if (p_pa_nfc->atr_res_len > gb_idx) {
1075 p_pa_nfc->gen_bytes_len = p_pa_nfc->atr_res_len - gb_idx;
1076 if (p_pa_nfc->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
1077 p_pa_nfc->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
1078 memcpy(p_pa_nfc->gen_bytes, &p_pa_nfc->atr_res[gb_idx],
1079 p_pa_nfc->gen_bytes_len);
1080 }
1081 }
1082 }
1083 #endif
1084 else if ((evt_data.activate.intf_param.type == NCI_INTERFACE_FRAME) &&
1085 (evt_data.activate.protocol == NCI_PROTOCOL_T1T)) {
1086 p_pa = &evt_data.activate.rf_tech_param.param.pa;
1087 if ((len_act == NCI_T1T_HR_LEN) && (p_pa->hr_len == 0)) {
1088 p_pa->hr_len = NCI_T1T_HR_LEN;
1089 p_pa->hr[0] = *p++;
1090 p_pa->hr[1] = *p++;
1091 }
1092 }
1093
1094 p_cb->act_protocol = evt_data.activate.protocol;
1095 p_cb->act_interface = evt_data.activate.intf_param.type;
1096 p_cb->buff_size = buff_size;
1097 p_cb->num_buff = num_buff;
1098 p_cb->init_credits = num_buff;
1099
1100 if (nfc_cb.p_discv_cback) {
1101 (*nfc_cb.p_discv_cback)(NFC_ACTIVATE_DEVT, &evt_data);
1102 }
1103 }
1104
1105 /*******************************************************************************
1106 **
1107 ** Function nfc_ncif_proc_deactivate
1108 **
1109 ** Description This function is called to process de-activate
1110 ** response and notification
1111 **
1112 ** Returns void
1113 **
1114 *******************************************************************************/
nfc_ncif_proc_deactivate(uint8_t status,uint8_t deact_type,bool is_ntf)1115 void nfc_ncif_proc_deactivate(uint8_t status, uint8_t deact_type, bool is_ntf) {
1116 tNFC_DISCOVER evt_data;
1117 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1118 void* p_data;
1119
1120 nfc_set_state(NFC_STATE_IDLE);
1121 evt_data.deactivate.status = status;
1122 evt_data.deactivate.type = deact_type;
1123 evt_data.deactivate.is_ntf = is_ntf;
1124 if (NFC_GetNCIVersion() == NCI_VERSION_2_0) {
1125 evt_data.deactivate.reason = nfc_cb.deact_reason;
1126 }
1127
1128 while ((p_data = GKI_dequeue(&p_cb->rx_q)) != nullptr) {
1129 GKI_freebuf(p_data);
1130 }
1131
1132 while ((p_data = GKI_dequeue(&p_cb->tx_q)) != nullptr) {
1133 GKI_freebuf(p_data);
1134 }
1135
1136 if (p_cb->p_cback) {
1137 tNFC_CONN nfc_conn;
1138 nfc_conn.deactivate = evt_data.deactivate;
1139 (*p_cb->p_cback)(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &nfc_conn);
1140 }
1141
1142 if (nfc_cb.p_discv_cback) {
1143 (*nfc_cb.p_discv_cback)(NFC_DEACTIVATE_DEVT, &evt_data);
1144 }
1145
1146 // clear previous stored tick count if not comsumed
1147 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
1148 memset(&timer_start, 0, sizeof(timer_start));
1149 }
1150 }
1151 /*******************************************************************************
1152 **
1153 ** Function nfc_ncif_proc_ee_action
1154 **
1155 ** Description This function is called to process NFCEE ACTION NTF
1156 **
1157 ** Returns void
1158 **
1159 *******************************************************************************/
1160 #if (NFC_NFCEE_INCLUDED == TRUE && NFC_RW_ONLY == FALSE)
nfc_ncif_proc_ee_action(uint8_t * p,uint16_t plen)1161 void nfc_ncif_proc_ee_action(uint8_t* p, uint16_t plen) {
1162 tNFC_EE_ACTION_REVT evt_data;
1163 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1164 uint8_t data_len, ulen, tag, *p_data;
1165 uint8_t max_len;
1166
1167 if (p_cback) {
1168 memset(&evt_data.act_data, 0, sizeof(tNFC_ACTION_DATA));
1169 evt_data.status = NFC_STATUS_OK;
1170 evt_data.nfcee_id = *p++;
1171 evt_data.act_data.trigger = *p++;
1172 data_len = *p++;
1173 if (plen >= 3) plen -= 3;
1174 if (data_len > plen) data_len = (uint8_t)plen;
1175
1176 switch (evt_data.act_data.trigger) {
1177 case NCI_EE_TRIG_7816_SELECT:
1178 if (data_len > NFC_MAX_AID_LEN) data_len = NFC_MAX_AID_LEN;
1179 evt_data.act_data.param.aid.len_aid = data_len;
1180 STREAM_TO_ARRAY(evt_data.act_data.param.aid.aid, p, data_len);
1181 break;
1182 case NCI_EE_TRIG_RF_PROTOCOL:
1183 evt_data.act_data.param.protocol = *p++;
1184 break;
1185 case NCI_EE_TRIG_RF_TECHNOLOGY:
1186 evt_data.act_data.param.technology = *p++;
1187 break;
1188 case NCI_EE_TRIG_APP_INIT:
1189 while (data_len > NFC_TL_SIZE) {
1190 data_len -= NFC_TL_SIZE;
1191 tag = *p++;
1192 ulen = *p++;
1193 if (ulen > data_len) ulen = data_len;
1194 p_data = nullptr;
1195 max_len = ulen;
1196 switch (tag) {
1197 case NCI_EE_ACT_TAG_AID: /* AID */
1198 if (max_len > NFC_MAX_AID_LEN) max_len = NFC_MAX_AID_LEN;
1199 evt_data.act_data.param.app_init.len_aid = max_len;
1200 p_data = evt_data.act_data.param.app_init.aid;
1201 break;
1202 case NCI_EE_ACT_TAG_DATA: /* hex data for app */
1203 if (max_len > NFC_MAX_APP_DATA_LEN)
1204 max_len = NFC_MAX_APP_DATA_LEN;
1205 evt_data.act_data.param.app_init.len_data = max_len;
1206 p_data = evt_data.act_data.param.app_init.data;
1207 break;
1208 }
1209 if (p_data) {
1210 STREAM_TO_ARRAY(p_data, p, max_len);
1211 }
1212 data_len -= ulen;
1213 }
1214 break;
1215 }
1216 tNFC_RESPONSE nfc_response;
1217 nfc_response.ee_action = evt_data;
1218 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1219 }
1220 }
1221
1222 /*******************************************************************************
1223 **
1224 ** Function nfc_ncif_proc_ee_discover_req
1225 **
1226 ** Description This function is called to process NFCEE DISCOVER REQ NTF
1227 **
1228 ** Returns void
1229 **
1230 *******************************************************************************/
nfc_ncif_proc_ee_discover_req(uint8_t * p,uint16_t plen)1231 void nfc_ncif_proc_ee_discover_req(uint8_t* p, uint16_t plen) {
1232 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1233 tNFC_EE_DISCOVER_REQ_REVT ee_disc_req;
1234 tNFC_EE_DISCOVER_INFO* p_info;
1235 uint8_t u8;
1236
1237 DLOG_IF(INFO, nfc_debug_enabled)
1238 << StringPrintf("nfc_ncif_proc_ee_discover_req %d len:%d", *p, plen);
1239
1240 if (*p > NFC_MAX_EE_DISC_ENTRIES) {
1241 android_errorWriteLog(0x534e4554, "122361874");
1242 LOG(ERROR) << __func__ << "Exceed NFC_MAX_EE_DISC_ENTRIES";
1243 return;
1244 }
1245
1246 if (p_cback) {
1247 u8 = *p;
1248 ee_disc_req.status = NFC_STATUS_OK;
1249 ee_disc_req.num_info = *p++;
1250 p_info = ee_disc_req.info;
1251 if (plen) plen--;
1252 while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN)) {
1253 p_info->op = *p++; /* T */
1254 if (*p != NFC_EE_DISCOVER_INFO_LEN) /* L */
1255 {
1256 DLOG_IF(INFO, nfc_debug_enabled)
1257 << StringPrintf("bad entry len:%d", *p);
1258 return;
1259 }
1260 p++;
1261 /* V */
1262 p_info->nfcee_id = *p++;
1263 p_info->tech_n_mode = *p++;
1264 p_info->protocol = *p++;
1265 u8--;
1266 plen -= NFC_EE_DISCOVER_ENTRY_LEN;
1267 p_info++;
1268 }
1269 tNFC_RESPONSE nfc_response;
1270 nfc_response.ee_discover_req = ee_disc_req;
1271 (*p_cback)(NFC_EE_DISCOVER_REQ_REVT, &nfc_response);
1272 }
1273 }
1274
1275 /*******************************************************************************
1276 **
1277 ** Function nfc_ncif_proc_get_routing
1278 **
1279 ** Description This function is called to process get routing notification
1280 **
1281 ** Returns void
1282 **
1283 *******************************************************************************/
nfc_ncif_proc_get_routing(uint8_t * p,uint8_t len)1284 void nfc_ncif_proc_get_routing(uint8_t* p,
1285 __attribute__((unused)) uint8_t len) {
1286 tNFC_GET_ROUTING_REVT evt_data;
1287 uint8_t more, num_entries, xx, yy, *pn, tl;
1288 tNFC_STATUS status = NFC_STATUS_CONTINUE;
1289
1290 if (nfc_cb.p_resp_cback) {
1291 more = *p++;
1292 num_entries = *p++;
1293 for (xx = 0; xx < num_entries; xx++) {
1294 if ((more == false) && (xx == (num_entries - 1))) status = NFC_STATUS_OK;
1295 evt_data.status = (tNFC_STATUS)status;
1296 evt_data.nfcee_id = *p++;
1297 evt_data.num_tlvs = *p++;
1298 evt_data.tlv_size = 0;
1299 pn = evt_data.param_tlvs;
1300 for (yy = 0; yy < evt_data.num_tlvs; yy++) {
1301 tl = *(p + 1);
1302 tl += NFC_TL_SIZE;
1303 evt_data.tlv_size += tl;
1304 if (evt_data.tlv_size > NFC_MAX_EE_TLV_SIZE) {
1305 android_errorWriteLog(0x534e4554, "117554809");
1306 LOG(ERROR) << __func__ << "Invalid data format";
1307 return;
1308 }
1309 STREAM_TO_ARRAY(pn, p, tl);
1310 pn += tl;
1311 }
1312 tNFC_RESPONSE nfc_response;
1313 nfc_response.get_routing = evt_data;
1314 (*nfc_cb.p_resp_cback)(NFC_GET_ROUTING_REVT, &nfc_response);
1315 }
1316 }
1317 }
1318 #endif
1319
1320 /*******************************************************************************
1321 **
1322 ** Function nfc_ncif_proc_conn_create_rsp
1323 **
1324 ** Description This function is called to process connection create
1325 ** response
1326 **
1327 ** Returns void
1328 **
1329 *******************************************************************************/
nfc_ncif_proc_conn_create_rsp(uint8_t * p,uint16_t plen,uint8_t dest_type)1330 void nfc_ncif_proc_conn_create_rsp(uint8_t* p,
1331 __attribute__((unused)) uint16_t plen,
1332 uint8_t dest_type) {
1333 tNFC_CONN_CB* p_cb;
1334 tNFC_STATUS status;
1335 tNFC_CONN_CBACK* p_cback;
1336 tNFC_CONN evt_data;
1337 uint8_t conn_id;
1338
1339 /* find the pending connection control block */
1340 p_cb = nfc_find_conn_cb_by_conn_id(NFC_PEND_CONN_ID);
1341 if (p_cb) {
1342 p += NCI_MSG_HDR_SIZE;
1343 status = *p++;
1344 p_cb->buff_size = *p++;
1345 p_cb->num_buff = p_cb->init_credits = *p++;
1346 conn_id = *p++;
1347 evt_data.conn_create.status = status;
1348 evt_data.conn_create.dest_type = dest_type;
1349 evt_data.conn_create.id = p_cb->id;
1350 evt_data.conn_create.buff_size = p_cb->buff_size;
1351 evt_data.conn_create.num_buffs = p_cb->num_buff;
1352 p_cback = p_cb->p_cback;
1353 if (status == NCI_STATUS_OK) {
1354 nfc_set_conn_id(p_cb, conn_id);
1355 } else {
1356 nfc_free_conn_cb(p_cb);
1357 }
1358
1359 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
1360 }
1361 }
1362
1363 /*******************************************************************************
1364 **
1365 ** Function nfc_ncif_report_conn_close_evt
1366 **
1367 ** Description This function is called to report connection close event
1368 **
1369 ** Returns void
1370 **
1371 *******************************************************************************/
nfc_ncif_report_conn_close_evt(uint8_t conn_id,tNFC_STATUS status)1372 void nfc_ncif_report_conn_close_evt(uint8_t conn_id, tNFC_STATUS status) {
1373 tNFC_CONN evt_data;
1374 tNFC_CONN_CBACK* p_cback;
1375 tNFC_CONN_CB* p_cb;
1376
1377 p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1378 if (p_cb) {
1379 p_cback = p_cb->p_cback;
1380 nfc_free_conn_cb(p_cb);
1381 evt_data.status = status;
1382 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
1383 }
1384 }
1385
1386 /*******************************************************************************
1387 **
1388 ** Function nfc_ncif_proc_reset_rsp
1389 **
1390 ** Description This function is called to process reset
1391 ** response/notification
1392 **
1393 ** Returns void
1394 **
1395 *******************************************************************************/
nfc_ncif_proc_reset_rsp(uint8_t * p,bool is_ntf)1396 void nfc_ncif_proc_reset_rsp(uint8_t* p, bool is_ntf) {
1397 uint8_t* p_len = p - 1;
1398 uint8_t status = *p++;
1399 uint8_t wait_for_ntf = FALSE;
1400 if (is_ntf) {
1401 LOG(ERROR) << StringPrintf("reset notification!!:0x%x ", status);
1402 /* clean up, if the state is OPEN
1403 * FW does not report reset ntf right now */
1404 if (status == NCI2_0_RESET_TRIGGER_TYPE_CORE_RESET_CMD_RECEIVED ||
1405 status == NCI2_0_RESET_TRIGGER_TYPE_POWERED_ON) {
1406 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1407 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1408 nfc_cb.nfc_state);
1409 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
1410 p++;
1411 STREAM_TO_UINT8(nfc_cb.nci_version, p);
1412 DLOG_IF(INFO, nfc_debug_enabled)
1413 << StringPrintf(" CORE_RESET_NTF nci_version%x", nfc_cb.nci_version);
1414 status = NCI_STATUS_OK;
1415 } else {
1416 /* CORE_RESET_NTF received error case , trigger recovery*/
1417 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1418 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1419 nfc_cb.nfc_state);
1420 nfc_ncif_cmd_timeout();
1421 status = NCI_STATUS_FAILED;
1422 }
1423 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
1424 /*if any conn_cb is connected, close it.
1425 if any pending outgoing packets are dropped.*/
1426 nfc_reset_all_conn_cbs();
1427 }
1428 } else {
1429 DLOG_IF(INFO, nfc_debug_enabled)
1430 << StringPrintf("CORE_RESET_RSP len :0x%x ", *p_len);
1431 if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_2_0)) {
1432 wait_for_ntf = TRUE;
1433 } else if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_1_0)) {
1434 nfc_cb.nci_version = NCI_VERSION_1_0;
1435 }
1436 }
1437
1438 if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
1439 nfc_reset_all_conn_cbs();
1440 }
1441
1442 if (status == NCI_STATUS_OK) {
1443 if (wait_for_ntf == TRUE) {
1444 /* reset version reported by NFCC is NCI2.0 , start a timer for 2000ms to
1445 * wait for NTF*/
1446 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
1447 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
1448 nfc_cb.nci_wait_rsp_tout);
1449 } else {
1450 if (nfc_cb.nci_version == NCI_VERSION_1_0)
1451 nci_snd_core_init(NCI_VERSION_1_0);
1452 else
1453 nci_snd_core_init(NCI_VERSION_2_0);
1454 }
1455 } else {
1456 LOG(ERROR) << StringPrintf("Failed to reset NFCC");
1457 nfc_enabled(status, nullptr);
1458 }
1459 }
1460
1461 /*******************************************************************************
1462 **
1463 ** Function nfc_ncif_proc_init_rsp
1464 **
1465 ** Description This function is called to process init response
1466 **
1467 ** Returns void
1468 **
1469 *******************************************************************************/
nfc_ncif_proc_init_rsp(NFC_HDR * p_msg)1470 void nfc_ncif_proc_init_rsp(NFC_HDR* p_msg) {
1471 uint8_t *p, status;
1472 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1473
1474 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1475
1476 /* handle init params in nfc_enabled */
1477 status = *(p + NCI_MSG_HDR_SIZE);
1478 if (status == NCI_STATUS_OK) {
1479 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1480 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1481 } else {
1482 p_cb->id = NFC_RF_CONN_ID;
1483 // check scbr bit as per NCI 2.0 spec
1484 nfc_cb.isScbrSupported = p[5] & NCI_SCBR_MASK;
1485 DLOG_IF(INFO, nfc_debug_enabled)
1486 << StringPrintf("scbr support: 0x%x", nfc_cb.isScbrSupported);
1487 p_cb->act_protocol = NCI_PROTOCOL_UNKNOWN;
1488
1489 nfc_set_state(NFC_STATE_W4_POST_INIT_CPLT);
1490
1491 nfc_cb.p_nci_init_rsp = p_msg;
1492 nfc_cb.p_hal->core_initialized(p_msg->len, p);
1493 }
1494 } else {
1495 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1496 nfc_cb.nci_version = NCI_VERSION_1_0;
1497 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1498 } else {
1499 nfc_enabled(status, nullptr);
1500 GKI_freebuf(p_msg);
1501 }
1502 }
1503 }
1504
1505 /*******************************************************************************
1506 **
1507 ** Function nfc_ncif_proc_get_config_rsp
1508 **
1509 ** Description This function is called to process get config response
1510 **
1511 ** Returns void
1512 **
1513 *******************************************************************************/
nfc_ncif_proc_get_config_rsp(NFC_HDR * p_evt)1514 void nfc_ncif_proc_get_config_rsp(NFC_HDR* p_evt) {
1515 uint8_t* p;
1516 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1517 tNFC_RESPONSE evt_data;
1518
1519 p_evt->offset += NCI_MSG_HDR_SIZE;
1520 p_evt->len -= NCI_MSG_HDR_SIZE;
1521 if (p_cback) {
1522 p = (uint8_t*)(p_evt + 1) + p_evt->offset;
1523 evt_data.get_config.status = *p++;
1524 evt_data.get_config.tlv_size = p_evt->len;
1525 evt_data.get_config.p_param_tlvs = p;
1526 (*p_cback)(NFC_GET_CONFIG_REVT, &evt_data);
1527 }
1528 }
1529
1530 /*******************************************************************************
1531 **
1532 ** Function nfc_ncif_proc_t3t_polling_ntf
1533 **
1534 ** Description Handle NCI_MSG_RF_T3T_POLLING NTF
1535 **
1536 ** Returns void
1537 **
1538 *******************************************************************************/
nfc_ncif_proc_t3t_polling_ntf(uint8_t * p,uint16_t plen)1539 void nfc_ncif_proc_t3t_polling_ntf(uint8_t* p, uint16_t plen) {
1540 uint8_t status;
1541 uint8_t num_responses;
1542
1543 if (plen < NFC_TL_SIZE) {
1544 return;
1545 }
1546
1547 /* Pass result to RW_T3T for processing */
1548 STREAM_TO_UINT8(status, p);
1549 STREAM_TO_UINT8(num_responses, p);
1550 plen -= NFC_TL_SIZE;
1551 rw_t3t_handle_nci_poll_ntf(status, num_responses, (uint8_t)plen, p);
1552 }
1553
1554 /*******************************************************************************
1555 **
1556 ** Function nfc_data_event
1557 **
1558 ** Description Report Data event on the given connection control block
1559 **
1560 ** Returns void
1561 **
1562 *******************************************************************************/
nfc_data_event(tNFC_CONN_CB * p_cb)1563 void nfc_data_event(tNFC_CONN_CB* p_cb) {
1564 NFC_HDR* p_evt;
1565 tNFC_DATA_CEVT data_cevt;
1566 uint8_t* p;
1567
1568 if (p_cb->p_cback) {
1569 while ((p_evt = (NFC_HDR*)GKI_getfirst(&p_cb->rx_q)) != nullptr) {
1570 if (p_evt->layer_specific & NFC_RAS_FRAGMENTED) {
1571 /* Not the last fragment */
1572 if (!(p_evt->layer_specific & NFC_RAS_TOO_BIG)) {
1573 /* buffer can hold more */
1574 if ((p_cb->conn_id != NFC_RF_CONN_ID) || (nfc_cb.reassembly)) {
1575 /* If not rf connection or If rf connection and reassembly
1576 * requested,
1577 * try to Reassemble next packet */
1578 break;
1579 }
1580 }
1581 }
1582
1583 p_evt = (NFC_HDR*)GKI_dequeue(&p_cb->rx_q);
1584 /* report data event */
1585 p_evt->offset += NCI_MSG_HDR_SIZE;
1586 p_evt->len -= NCI_MSG_HDR_SIZE;
1587
1588 if (p_evt->layer_specific)
1589 data_cevt.status = NFC_STATUS_CONTINUE;
1590 else {
1591 nfc_cb.reassembly = true;
1592 data_cevt.status = NFC_STATUS_OK;
1593 }
1594
1595 data_cevt.p_data = p_evt;
1596 /* adjust payload, if needed */
1597 if (p_cb->conn_id == NFC_RF_CONN_ID) {
1598 /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status
1599 * byte needs to be removed
1600 */
1601 if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) &&
1602 (p_cb->act_protocol <= NCI_PROTOCOL_T3T)) {
1603 p_evt->len--;
1604 p = (uint8_t*)(p_evt + 1);
1605 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1606 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1607 (p_cb->act_protocol == NCI_PROTOCOL_T2T) &&
1608 (p_cb->act_interface == NCI_INTERFACE_FRAME)) {
1609 if ((data_cevt.status != NFC_STATUS_OK) &&
1610 ((data_cevt.status >= T2T_STATUS_OK_1_BIT) &&
1611 (data_cevt.status <= T2T_STATUS_OK_7_BIT))) {
1612 DLOG_IF(INFO, nfc_debug_enabled)
1613 << StringPrintf("%s: T2T tag data xchange", __func__);
1614 data_cevt.status = NFC_STATUS_OK;
1615 }
1616 }
1617 }
1618 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1619 (p_cb->act_protocol == NCI_PROTOCOL_T5T)) {
1620 p_evt->len--;
1621 p = (uint8_t*)(p_evt + 1);
1622 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1623 }
1624 }
1625 tNFC_CONN nfc_conn;
1626 nfc_conn.data = data_cevt;
1627 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_CEVT, &nfc_conn);
1628 p_evt = nullptr;
1629 }
1630 }
1631 }
1632
1633 /*******************************************************************************
1634 **
1635 ** Function nfc_ncif_proc_data
1636 **
1637 ** Description Find the connection control block associated with the data
1638 ** packet. Assemble the data packet, if needed.
1639 ** Report the Data event.
1640 **
1641 ** Returns void
1642 **
1643 *******************************************************************************/
nfc_ncif_proc_data(NFC_HDR * p_msg)1644 void nfc_ncif_proc_data(NFC_HDR* p_msg) {
1645 uint8_t *pp, cid;
1646 tNFC_CONN_CB* p_cb;
1647 uint8_t pbf;
1648 NFC_HDR* p_last;
1649 uint8_t *ps, *pd;
1650 uint16_t size;
1651 NFC_HDR* p_max = nullptr;
1652 uint16_t len;
1653
1654 pp = (uint8_t*)(p_msg + 1) + p_msg->offset;
1655 DLOG_IF(INFO, nfc_debug_enabled)
1656 << StringPrintf("nfc_ncif_proc_data 0x%02x%02x%02x", pp[0], pp[1], pp[2]);
1657 NCI_DATA_PRS_HDR(pp, pbf, cid, len);
1658 p_cb = nfc_find_conn_cb_by_conn_id(cid);
1659 if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE)) {
1660 DLOG_IF(INFO, nfc_debug_enabled)
1661 << StringPrintf("nfc_ncif_proc_data len:%d", len);
1662
1663 p_msg->layer_specific = 0;
1664 if (pbf) {
1665 NFC_SetReassemblyFlag(true);
1666 p_msg->layer_specific = NFC_RAS_FRAGMENTED;
1667 }
1668 p_last = (NFC_HDR*)GKI_getlast(&p_cb->rx_q);
1669 if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
1670 /* last data buffer is not last fragment, append this new packet to the
1671 * last */
1672 size = GKI_get_buf_size(p_last);
1673 if (size < (NFC_HDR_SIZE + p_last->len + p_last->offset + len)) {
1674 /* the current size of p_last is not big enough to hold the new
1675 * fragment, p_msg */
1676 if (size != GKI_MAX_BUF_SIZE) {
1677 /* try the biggest GKI pool */
1678 p_max = (NFC_HDR*)GKI_getpoolbuf(GKI_MAX_BUF_SIZE_POOL_ID);
1679 if (p_max) {
1680 /* copy the content of last buffer to the new buffer */
1681 memcpy(p_max, p_last, NFC_HDR_SIZE);
1682 pd = (uint8_t*)(p_max + 1) + p_max->offset;
1683 ps = (uint8_t*)(p_last + 1) + p_last->offset;
1684 memcpy(pd, ps, p_last->len);
1685
1686 /* place the new buffer in the queue instead */
1687 GKI_remove_from_queue(&p_cb->rx_q, p_last);
1688 GKI_freebuf(p_last);
1689 GKI_enqueue(&p_cb->rx_q, p_max);
1690 p_last = p_max;
1691 }
1692 }
1693 if (p_max == nullptr) {
1694 /* Biggest GKI Pool not available (or)
1695 * Biggest available GKI Pool is not big enough to hold the new
1696 * fragment, p_msg */
1697 p_last->layer_specific |= NFC_RAS_TOO_BIG;
1698 }
1699 }
1700
1701 ps = (uint8_t*)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
1702 len = p_msg->len - NCI_MSG_HDR_SIZE;
1703
1704 if (!(p_last->layer_specific & NFC_RAS_TOO_BIG)) {
1705 pd = (uint8_t*)(p_last + 1) + p_last->offset + p_last->len;
1706 memcpy(pd, ps, len);
1707 p_last->len += len;
1708 /* do not need to update pbf and len in NCI header.
1709 * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
1710 DLOG_IF(INFO, nfc_debug_enabled)
1711 << StringPrintf("nfc_ncif_proc_data len:%d", p_last->len);
1712 p_last->layer_specific = p_msg->layer_specific;
1713 GKI_freebuf(p_msg);
1714 nfc_data_event(p_cb);
1715 } else {
1716 /* Not enough memory to add new buffer
1717 * Send data already in queue first with status Continue */
1718 nfc_data_event(p_cb);
1719 /* now enqueue the new buffer to the rx queue */
1720 GKI_enqueue(&p_cb->rx_q, p_msg);
1721 }
1722 } else {
1723 /* if this is the first fragment on RF link */
1724 if ((p_msg->layer_specific & NFC_RAS_FRAGMENTED) &&
1725 (p_cb->conn_id == NFC_RF_CONN_ID) && (p_cb->p_cback)) {
1726 /* Indicate upper layer that local device started receiving data */
1727 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_START_CEVT, nullptr);
1728 }
1729 /* enqueue the new buffer to the rx queue */
1730 GKI_enqueue(&p_cb->rx_q, p_msg);
1731 nfc_data_event(p_cb);
1732 }
1733 return;
1734 }
1735 GKI_freebuf(p_msg);
1736 }
1737
1738 /*******************************************************************************
1739 **
1740 ** Function nfc_ncif_process_proprietary_rsp
1741 **
1742 ** Description Process the response to avoid collision
1743 ** while rawVsCbflag is set
1744 **
1745 ** Returns true if proprietary response else false
1746 **
1747 *******************************************************************************/
nfc_ncif_proc_proprietary_rsp(uint8_t mt,uint8_t gid,uint8_t oid)1748 bool nfc_ncif_proc_proprietary_rsp(uint8_t mt, uint8_t gid, uint8_t oid) {
1749 bool stat = FALSE;
1750 DLOG_IF(INFO, nfc_debug_enabled)
1751 << StringPrintf("%s: mt=%u, gid=%u, oid=%u", __func__, mt, gid, oid);
1752
1753 switch (mt) {
1754 case NCI_MT_DATA:
1755 /* check for Data Response */
1756 if (gid != 0x03 && oid != 0x00) stat = TRUE;
1757 break;
1758
1759 case NCI_MT_NTF:
1760 switch (gid) {
1761 case NCI_GID_CORE:
1762 /* check for CORE_RESET_NTF or CORE_CONN_CREDITS_NTF */
1763 if (oid != 0x00 && oid != 0x06) stat = TRUE;
1764 break;
1765 case NCI_GID_RF_MANAGE:
1766 /* check for CORE_CONN_CREDITS_NTF or NFA_EE_ACTION_NTF or
1767 * NFA_EE_DISCOVERY_REQ_NTF */
1768 if (oid != 0x06 && oid != 0x09 && oid != 0x0A) stat = TRUE;
1769 break;
1770 case NCI_GID_EE_MANAGE:
1771 if (oid != 0x00) stat = TRUE;
1772 break;
1773 default:
1774 stat = TRUE;
1775 break;
1776 }
1777 break;
1778
1779 default:
1780 stat = TRUE;
1781 break;
1782 }
1783 DLOG_IF(INFO, nfc_debug_enabled)
1784 << StringPrintf("%s: exit status=%u", __func__, stat);
1785 return stat;
1786 }
1787
1788 /*******************************************************************************
1789 ** Function nfc_mode_set_ntf_timeout
1790 **
1791 ** Description This function is invoked on mode set ntf timeout
1792 **
1793 ** Returns void
1794 **
1795 *******************************************************************************/
nfc_mode_set_ntf_timeout()1796 void nfc_mode_set_ntf_timeout() {
1797 LOG(ERROR) << StringPrintf("%s", __func__);
1798 tNFC_RESPONSE nfc_response;
1799 nfc_response.mode_set.status = NCI_STATUS_FAILED;
1800 nfc_response.mode_set.nfcee_id = *nfc_cb.last_cmd;
1801 nfc_response.mode_set.mode = NCI_NFCEE_MD_DEACTIVATE;
1802
1803 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1804 tNFC_RESPONSE_EVT event = NFC_NFCEE_MODE_SET_REVT;
1805 if (p_cback) (*p_cback)(event, &nfc_response);
1806 }
1807