1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the NFC NCI transport.
22 * On the receive side, it routes events to the appropriate handler
23 * (callback). On the transmit side, it manages the command transmission.
24 *
25 ******************************************************************************/
26 #include <android-base/stringprintf.h>
27 #include <base/logging.h>
28 #include <log/log.h>
29 #include <metricslogger/metrics_logger.h>
30
31 #include "nfc_target.h"
32
33 #include "include/debug_nfcsnoop.h"
34 #include "nci_defs.h"
35 #include "nci_hmsgs.h"
36 #include "nfc_api.h"
37 #include "nfc_int.h"
38 #include "rw_api.h"
39 #include "rw_int.h"
40
41 #include <statslog.h>
42 #include "metrics.h"
43
44 using android::base::StringPrintf;
45
46 #if (NFC_RW_ONLY == FALSE)
47 static const uint8_t nfc_mpl_code_to_size[] = {64, 128, 192, 254};
48
49 #endif /* NFC_RW_ONLY */
50 #if (APPL_DTA_MODE == TRUE)
51 // Global Structure varibale for FW Version
52 static tNFC_FW_VERSION nfc_fw_version;
53 #endif
54 #define NFC_PB_ATTRIB_REQ_FIXED_BYTES 1
55 #define NFC_LB_ATTRIB_REQ_FIXED_BYTES 8
56
57 extern unsigned char appl_dta_mode_flag;
58 extern bool nfc_debug_enabled;
59
60 static struct timeval timer_start;
61 static struct timeval timer_end;
62
63 /*******************************************************************************
64 **
65 ** Function nfc_ncif_update_window
66 **
67 ** Description Update tx cmd window to indicate that NFCC can received
68 **
69 ** Returns void
70 **
71 *******************************************************************************/
nfc_ncif_update_window(void)72 void nfc_ncif_update_window(void) {
73 /* Sanity check - see if we were expecting a update_window */
74 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
75 if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE) {
76 LOG(ERROR) << StringPrintf("nfc_ncif_update_window: Unexpected call");
77 }
78 return;
79 }
80
81 /* Stop command-pending timer */
82 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
83
84 nfc_cb.p_vsc_cback = nullptr;
85 nfc_cb.nci_cmd_window++;
86
87 /* Check if there were any commands waiting to be sent */
88 nfc_ncif_check_cmd_queue(nullptr);
89 }
90
91 /*******************************************************************************
92 **
93 ** Function nfc_ncif_cmd_timeout
94 **
95 ** Description Handle a command timeout
96 **
97 ** Returns void
98 **
99 *******************************************************************************/
nfc_ncif_cmd_timeout(void)100 void nfc_ncif_cmd_timeout(void) {
101 LOG(ERROR) << StringPrintf("nfc_ncif_cmd_timeout");
102
103 /* report an error */
104 nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
105 nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
106
107 /* if enabling NFC, notify upper layer of failure */
108 if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
109 nfc_enabled(NFC_STATUS_FAILED, nullptr);
110 }
111
112 /* XXX maco since this failure is unrecoverable, abort the process */
113 abort();
114 }
115
116 /*******************************************************************************
117 **
118 ** Function nfc_wait_2_deactivate_timeout
119 **
120 ** Description Handle a command timeout
121 **
122 ** Returns void
123 **
124 *******************************************************************************/
nfc_wait_2_deactivate_timeout(void)125 void nfc_wait_2_deactivate_timeout(void) {
126 LOG(ERROR) << StringPrintf("nfc_wait_2_deactivate_timeout");
127 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
128 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
129 }
130
131 /*******************************************************************************
132 **
133 ** Function nfc_ncif_send_data
134 **
135 ** Description This function is called to add the NCI data header
136 ** and send it to NCIT task for sending it to transport
137 ** as credits are available.
138 **
139 ** Returns void
140 **
141 *******************************************************************************/
nfc_ncif_send_data(tNFC_CONN_CB * p_cb,NFC_HDR * p_data)142 uint8_t nfc_ncif_send_data(tNFC_CONN_CB* p_cb, NFC_HDR* p_data) {
143 uint8_t* pp;
144 uint8_t* ps;
145 uint8_t ulen = NCI_MAX_PAYLOAD_SIZE;
146 NFC_HDR* p;
147 uint8_t pbf = 1;
148 uint8_t buffer_size = p_cb->buff_size;
149 uint8_t hdr0 = p_cb->conn_id;
150 bool fragmented = false;
151
152 DLOG_IF(INFO, nfc_debug_enabled)
153 << StringPrintf("nfc_ncif_send_data :%d, num_buff:%d qc:%d",
154 p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
155 if (p_cb->id == NFC_RF_CONN_ID) {
156 if (nfc_cb.nfc_state != NFC_STATE_OPEN) {
157 if (nfc_cb.nfc_state == NFC_STATE_CLOSING) {
158 if ((p_data == nullptr) && /* called because credit from NFCC */
159 (nfc_cb.flags & NFC_FL_DEACTIVATING)) {
160 if (p_cb->init_credits == p_cb->num_buff) {
161 /* all the credits are back */
162 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
163 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
164 "deactivating NFC-DEP init_credits:%d, num_buff:%d",
165 p_cb->init_credits, p_cb->num_buff);
166 nfc_stop_timer(&nfc_cb.deactivate_timer);
167 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
168 }
169 }
170 }
171 return NCI_STATUS_FAILED;
172 }
173 }
174
175 if (p_data) {
176 /* always enqueue the data to the tx queue */
177 GKI_enqueue(&p_cb->tx_q, p_data);
178 }
179
180 /* try to send the first data packet in the tx queue */
181 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
182
183 /* post data fragment to NCIT task as credits are available */
184 while (p_data && (p_data->len >= 0) && (p_cb->num_buff > 0)) {
185 if (p_data->len <= buffer_size) {
186 pbf = 0; /* last fragment */
187 ulen = (uint8_t)(p_data->len);
188 fragmented = false;
189 } else {
190 fragmented = true;
191 ulen = buffer_size;
192 }
193
194 if (!fragmented) {
195 /* if data packet is not fragmented, use the original buffer */
196 p = p_data;
197 p_data = (NFC_HDR*)GKI_dequeue(&p_cb->tx_q);
198 } else {
199 /* the data packet is too big and need to be fragmented
200 * prepare a new GKI buffer
201 * (even the last fragment to avoid issues) */
202 p = NCI_GET_CMD_BUF(ulen);
203 if (p == nullptr) return (NCI_STATUS_BUFFER_FULL);
204 p->len = ulen;
205 p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
206 if (p->len) {
207 pp = (uint8_t*)(p + 1) + p->offset;
208 ps = (uint8_t*)(p_data + 1) + p_data->offset;
209 memcpy(pp, ps, ulen);
210 }
211 /* adjust the NFC_HDR on the old fragment */
212 p_data->len -= ulen;
213 p_data->offset += ulen;
214 }
215
216 p->event = BT_EVT_TO_NFC_NCI;
217 p->layer_specific = pbf;
218 p->len += NCI_DATA_HDR_SIZE;
219 p->offset -= NCI_DATA_HDR_SIZE;
220 pp = (uint8_t*)(p + 1) + p->offset;
221 /* build NCI Data packet header */
222 NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
223
224 if (p_cb->num_buff != NFC_CONN_NO_FC) p_cb->num_buff--;
225
226 /* send to HAL */
227 HAL_WRITE(p);
228 nfcsnoop_capture(p, false);
229
230 if (!fragmented) {
231 /* check if there are more data to send */
232 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
233 }
234 }
235
236 // log duration for the first hce data response
237 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
238 gettimeofday(&timer_end, nullptr);
239 uint32_t delta_time_ms = (timer_end.tv_sec - timer_start.tv_sec) * 1000 +
240 (timer_end.tv_usec - timer_start.tv_usec) / 1000;
241 memset(&timer_start, 0, sizeof(timer_start));
242 memset(&timer_end, 0, sizeof(timer_end));
243 android::util::stats_write(android::util::NFC_HCE_TRANSACTION_OCCURRED,
244 (int32_t)delta_time_ms);
245 }
246 return (NCI_STATUS_OK);
247 }
248
249 /*******************************************************************************
250 **
251 ** Function nfc_ncif_check_cmd_queue
252 **
253 ** Description Send NCI command to the transport
254 **
255 ** Returns void
256 **
257 *******************************************************************************/
nfc_ncif_check_cmd_queue(NFC_HDR * p_buf)258 void nfc_ncif_check_cmd_queue(NFC_HDR* p_buf) {
259 uint8_t* ps;
260 /* If there are commands waiting in the xmit queue, or if the controller
261 * cannot accept any more commands, */
262 /* then enqueue this command */
263 if (p_buf) {
264 if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0)) {
265 GKI_enqueue(&nfc_cb.nci_cmd_xmit_q, p_buf);
266 p_buf = nullptr;
267 }
268 }
269
270 /* If controller can accept another command, then send the next command */
271 if (nfc_cb.nci_cmd_window > 0) {
272 /* If no command was provided, or if older commands were in the queue, then
273 * get cmd from the queue */
274 if (!p_buf) p_buf = (NFC_HDR*)GKI_dequeue(&nfc_cb.nci_cmd_xmit_q);
275
276 if (p_buf) {
277 /* save the message header to double check the response */
278 ps = (uint8_t*)(p_buf + 1) + p_buf->offset;
279 memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
280 memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
281 if (p_buf->layer_specific == NFC_WAIT_RSP_VSC) {
282 /* save the callback for NCI VSCs) */
283 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
284 } else if (p_buf->layer_specific == NFC_WAIT_RSP_RAW_VS) {
285 /* save the callback for RAW VS */
286 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
287 nfc_cb.rawVsCbflag = true;
288 }
289
290 /* Indicate command is pending */
291 nfc_cb.nci_cmd_window--;
292
293 /* send to HAL */
294 HAL_WRITE(p_buf);
295 /* start NFC command-timeout timer */
296 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
297 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
298 nfc_cb.nci_wait_rsp_tout);
299 }
300 }
301
302 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
303 /* the command queue must be empty now */
304 if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED) {
305 /* HAL requested control or stack needs to handle pre-discover */
306 nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
307 if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
308 if (nfc_cb.p_hal->prediscover()) {
309 /* HAL has the command window now */
310 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
311 nfc_cb.nci_cmd_window = 0;
312 } else {
313 /* HAL does not need to send command,
314 * - restore the command window and issue the discovery command now */
315 nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
316 ps = (uint8_t*)nfc_cb.p_disc_pending;
317 nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
318 GKI_freebuf(nfc_cb.p_disc_pending);
319 nfc_cb.p_disc_pending = nullptr;
320 }
321 } else if (nfc_cb.flags & NFC_FL_HAL_REQUESTED) {
322 /* grant the control to HAL */
323 nfc_cb.flags &= ~NFC_FL_HAL_REQUESTED;
324 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
325 nfc_cb.nci_cmd_window = 0;
326 nfc_cb.p_hal->control_granted();
327 }
328 }
329 }
330 }
331
332 #if (APPL_DTA_MODE == TRUE)
333 /*******************************************************************************
334 **
335 ** Function nfc_ncif_getFWVersion
336 **
337 ** Description This function is called to fet the FW Version
338 **
339 ** Returns tNFC_FW_VERSION
340 **
341 *******************************************************************************/
nfc_ncif_getFWVersion()342 tNFC_FW_VERSION nfc_ncif_getFWVersion() { return nfc_fw_version; }
343 #endif
344
345 /*******************************************************************************
346 **
347 ** Function nfc_ncif_send_cmd
348 **
349 ** Description Send NCI command to the NCIT task
350 **
351 ** Returns void
352 **
353 *******************************************************************************/
nfc_ncif_send_cmd(NFC_HDR * p_buf)354 void nfc_ncif_send_cmd(NFC_HDR* p_buf) {
355 /* post the p_buf to NCIT task */
356 p_buf->event = BT_EVT_TO_NFC_NCI;
357 p_buf->layer_specific = 0;
358 nfcsnoop_capture(p_buf, false);
359 nfc_ncif_check_cmd_queue(p_buf);
360 }
361
362 /*******************************************************************************
363 **
364 ** Function nfc_ncif_process_event
365 **
366 ** Description This function is called to process the
367 ** data/response/notification from NFCC
368 **
369 ** Returns TRUE if need to free buffer
370 **
371 *******************************************************************************/
nfc_ncif_process_event(NFC_HDR * p_msg)372 bool nfc_ncif_process_event(NFC_HDR* p_msg) {
373 uint8_t mt, pbf, gid, *p, *pp;
374 bool free = true;
375 uint8_t oid;
376 uint8_t *p_old, old_gid, old_oid, old_mt;
377
378 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
379
380 pp = p;
381 NCI_MSG_PRS_HDR0(pp, mt, pbf, gid);
382 oid = ((*pp) & NCI_OID_MASK);
383 if (nfc_cb.rawVsCbflag == true &&
384 nfc_ncif_proc_proprietary_rsp(mt, gid, oid) == true) {
385 nci_proc_prop_raw_vs_rsp(p_msg);
386 nfc_cb.rawVsCbflag = false;
387 return free;
388 }
389
390 nfcsnoop_capture(p_msg, true);
391 switch (mt) {
392 case NCI_MT_DATA:
393 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf("NFC received data");
394 nfc_ncif_proc_data(p_msg);
395 free = false;
396 break;
397
398 case NCI_MT_RSP:
399 DLOG_IF(INFO, nfc_debug_enabled)
400 << StringPrintf("NFC received rsp gid:%d", gid);
401 oid = ((*pp) & NCI_OID_MASK);
402 p_old = nfc_cb.last_hdr;
403 NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
404 old_oid = ((*p_old) & NCI_OID_MASK);
405 /* make sure this is the RSP we are waiting for before updating the
406 * command window */
407 if ((old_gid != gid) || (old_oid != oid)) {
408 LOG(ERROR) << StringPrintf(
409 "nfc_ncif_process_event unexpected rsp: gid:0x%x, oid:0x%x", gid,
410 oid);
411 return true;
412 }
413
414 switch (gid) {
415 case NCI_GID_CORE: /* 0000b NCI Core group */
416 free = nci_proc_core_rsp(p_msg);
417 break;
418 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
419 nci_proc_rf_management_rsp(p_msg);
420 break;
421 #if (NFC_NFCEE_INCLUDED == TRUE)
422 #if (NFC_RW_ONLY == FALSE)
423 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
424 nci_proc_ee_management_rsp(p_msg);
425 break;
426 #endif
427 #endif
428 case NCI_GID_PROP: /* 1111b Proprietary */
429 nci_proc_prop_rsp(p_msg);
430 break;
431 default:
432 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
433 break;
434 }
435
436 nfc_ncif_update_window();
437 break;
438
439 case NCI_MT_NTF:
440 DLOG_IF(INFO, nfc_debug_enabled)
441 << StringPrintf("NFC received ntf gid:%d", gid);
442 switch (gid) {
443 case NCI_GID_CORE: /* 0000b NCI Core group */
444 nci_proc_core_ntf(p_msg);
445 break;
446 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
447 nci_proc_rf_management_ntf(p_msg);
448 break;
449 #if (NFC_NFCEE_INCLUDED == TRUE)
450 #if (NFC_RW_ONLY == FALSE)
451 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
452 nci_proc_ee_management_ntf(p_msg);
453 break;
454 #endif
455 #endif
456 case NCI_GID_PROP: /* 1111b Proprietary */
457 nci_proc_prop_ntf(p_msg);
458 break;
459 default:
460 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
461 break;
462 }
463 break;
464
465 default:
466 DLOG_IF(INFO, nfc_debug_enabled)
467 << StringPrintf("NFC received unknown mt:0x%x, gid:%d", mt, gid);
468 }
469
470 return (free);
471 }
472
473 /*******************************************************************************
474 **
475 ** Function nfc_ncif_rf_management_status
476 **
477 ** Description This function is called to report an event
478 **
479 ** Returns void
480 **
481 *******************************************************************************/
nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event,uint8_t status)482 void nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event, uint8_t status) {
483 tNFC_DISCOVER evt_data;
484 if (nfc_cb.p_discv_cback) {
485 evt_data.status = (tNFC_STATUS)status;
486 (*nfc_cb.p_discv_cback)(event, &evt_data);
487 }
488 }
489
490 /*******************************************************************************
491 **
492 ** Function nfc_ncif_set_config_status
493 **
494 ** Description This function is called to report NFC_SET_CONFIG_REVT
495 **
496 ** Returns void
497 **
498 *******************************************************************************/
nfc_ncif_set_config_status(uint8_t * p,uint8_t len)499 void nfc_ncif_set_config_status(uint8_t* p, uint8_t len) {
500 tNFC_RESPONSE evt_data;
501 if (nfc_cb.p_resp_cback) {
502 evt_data.set_config.num_param_id = 0;
503 if (len == 0) {
504 LOG(ERROR) << StringPrintf("Insufficient RSP length");
505 evt_data.set_config.status = NFC_STATUS_SYNTAX_ERROR;
506 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
507 return;
508 }
509 evt_data.set_config.status = (tNFC_STATUS)*p++;
510 if (evt_data.set_config.status != NFC_STATUS_OK && len > 1) {
511 evt_data.set_config.num_param_id = *p++;
512 if (evt_data.set_config.num_param_id > NFC_MAX_NUM_IDS) {
513 android_errorWriteLog(0x534e4554, "114047681");
514 LOG(ERROR) << StringPrintf("OOB write num_param_id %d",
515 evt_data.set_config.num_param_id);
516 evt_data.set_config.num_param_id = 0;
517 } else if (evt_data.set_config.num_param_id <= len - 2) {
518 STREAM_TO_ARRAY(evt_data.set_config.param_ids, p,
519 evt_data.set_config.num_param_id);
520 } else {
521 LOG(ERROR) << StringPrintf("Insufficient RSP length %d,num_param_id %d",
522 len, evt_data.set_config.num_param_id);
523 evt_data.set_config.num_param_id = 0;
524 }
525 }
526 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
527 }
528 }
529
530 /*******************************************************************************
531 **
532 ** Function nfc_ncif_event_status
533 **
534 ** Description This function is called to report an event
535 **
536 ** Returns void
537 **
538 *******************************************************************************/
nfc_ncif_event_status(tNFC_RESPONSE_EVT event,uint8_t status)539 void nfc_ncif_event_status(tNFC_RESPONSE_EVT event, uint8_t status) {
540 tNFC_RESPONSE evt_data;
541 if (event == NFC_NFCC_TIMEOUT_REVT && status == NFC_STATUS_HW_TIMEOUT) {
542 android::metricslogger::LogCounter("nfc_hw_timeout_error", 1);
543 uint32_t cmd_hdr = (nfc_cb.last_hdr[0] << 8) | nfc_cb.last_hdr[1];
544 android::util::stats_write(android::util::NFC_ERROR_OCCURRED,
545 (int32_t)NCI_TIMEOUT, (int32_t)cmd_hdr,
546 (int32_t)status);
547 }
548 if (nfc_cb.p_resp_cback) {
549 evt_data.status = (tNFC_STATUS)status;
550 (*nfc_cb.p_resp_cback)(event, &evt_data);
551 }
552 }
553
554 /*******************************************************************************
555 **
556 ** Function nfc_ncif_error_status
557 **
558 ** Description This function is called to report an error event to data
559 ** cback
560 **
561 ** Returns void
562 **
563 *******************************************************************************/
nfc_ncif_error_status(uint8_t conn_id,uint8_t status)564 void nfc_ncif_error_status(uint8_t conn_id, uint8_t status) {
565 tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
566 if (p_cb && p_cb->p_cback) {
567 tNFC_CONN nfc_conn;
568 nfc_conn.status = status;
569 (*p_cb->p_cback)(conn_id, NFC_ERROR_CEVT, &nfc_conn);
570 }
571 android::util::stats_write(android::util::NFC_ERROR_OCCURRED,
572 (int32_t)ERROR_NTF, (int32_t)0, (int32_t)status);
573
574 if (status == NFC_STATUS_TIMEOUT)
575 android::metricslogger::LogCounter("nfc_rf_timeout_error", 1);
576 else if (status == NFC_STATUS_EE_TIMEOUT)
577 android::metricslogger::LogCounter("nfc_ee_timeout_error", 1);
578 else if (status == NFC_STATUS_ACTIVATION_FAILED)
579 android::metricslogger::LogCounter("nfc_rf_activation_failed", 1);
580 else if (status == NFC_STATUS_EE_INTF_ACTIVE_FAIL)
581 android::metricslogger::LogCounter("nfc_ee_activation_failed", 1);
582 else if (status == NFC_STATUS_RF_TRANSMISSION_ERR)
583 android::metricslogger::LogCounter("nfc_rf_transmission_error", 1);
584 else if (status == NFC_STATUS_EE_TRANSMISSION_ERR)
585 android::metricslogger::LogCounter("nfc_ee_transmission_error", 1);
586 else if (status == NFC_STATUS_RF_PROTOCOL_ERR)
587 android::metricslogger::LogCounter("nfc_rf_protocol_error", 1);
588 else if (status == NFC_STATUS_EE_PROTOCOL_ERR)
589 android::metricslogger::LogCounter("nfc_ee_protocol_error", 1);
590 }
591
592 /*******************************************************************************
593 **
594 ** Function nfc_ncif_proc_rf_field_ntf
595 **
596 ** Description This function is called to process RF field notification
597 **
598 ** Returns void
599 **
600 *******************************************************************************/
601 #if (NFC_RW_ONLY == FALSE)
nfc_ncif_proc_rf_field_ntf(uint8_t rf_status)602 void nfc_ncif_proc_rf_field_ntf(uint8_t rf_status) {
603 tNFC_RESPONSE evt_data;
604 if (nfc_cb.p_resp_cback) {
605 evt_data.status = (tNFC_STATUS)NFC_STATUS_OK;
606 evt_data.rf_field.rf_field = rf_status;
607 (*nfc_cb.p_resp_cback)(NFC_RF_FIELD_REVT, &evt_data);
608 }
609 }
610 #endif
611
612 /*******************************************************************************
613 **
614 ** Function nfc_ncif_proc_credits
615 **
616 ** Description This function is called to process data credits
617 **
618 ** Returns void
619 **
620 *******************************************************************************/
nfc_ncif_proc_credits(uint8_t * p,uint16_t plen)621 void nfc_ncif_proc_credits(uint8_t* p, uint16_t plen) {
622 uint8_t num, xx;
623 tNFC_CONN_CB* p_cb;
624
625 if (plen != 0) {
626 num = *p++;
627 plen--;
628 if (num > plen) {
629 android_errorWriteLog(0x534e4554, "118148142");
630 return;
631 }
632 for (xx = 0; xx < num; xx++) {
633 p_cb = nfc_find_conn_cb_by_conn_id(*p++);
634 if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC) {
635 p_cb->num_buff += (*p);
636 #if (BT_USE_TRACES == TRUE)
637 if (p_cb->num_buff > p_cb->init_credits) {
638 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
639 /* if this happens in activated state, it's very likely that our
640 * NFCC has issues */
641 /* However, credit may be returned after deactivation */
642 LOG(ERROR) << StringPrintf("num_buff:0x%x, init_credits:0x%x",
643 p_cb->num_buff, p_cb->init_credits);
644 }
645 p_cb->num_buff = p_cb->init_credits;
646 }
647 #endif
648 /* check if there's nay data in tx q to be sent */
649 nfc_ncif_send_data(p_cb, nullptr);
650 }
651 p++;
652 }
653 }
654 }
655 /*******************************************************************************
656 **
657 ** Function nfc_ncif_decode_rf_params
658 **
659 ** Description This function is called to process the detected technology
660 ** and mode and the associated parameters for DISCOVER_NTF and
661 ** ACTIVATE_NTF
662 **
663 ** Returns void
664 **
665 *******************************************************************************/
nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS * p_param,uint8_t * p)666 uint8_t* nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS* p_param, uint8_t* p) {
667 tNFC_RF_PA_PARAMS* p_pa;
668 uint8_t len, *p_start, u8;
669 tNFC_RF_PB_PARAMS* p_pb;
670 tNFC_RF_LF_PARAMS* p_lf;
671 tNFC_RF_PF_PARAMS* p_pf;
672 tNFC_RF_PISO15693_PARAMS* p_i93;
673 tNFC_RF_ACM_P_PARAMS* acm_p;
674 uint8_t mpl_idx = 0;
675 uint8_t gb_idx = 0, mpl;
676 len = *p++;
677 p_start = p;
678 memset(&p_param->param, 0, sizeof(tNFC_RF_TECH_PARAMU));
679
680 if (NCI_DISCOVERY_TYPE_POLL_A == p_param->mode ||
681 (NCI_DISCOVERY_TYPE_POLL_A_ACTIVE == p_param->mode &&
682 NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
683 p_pa = &p_param->param.pa;
684 /*
685 SENS_RES Response 2 bytes Defined in [DIGPROT] Available after Technology
686 Detection
687 NFCID1 length 1 byte Length of NFCID1 Available after Collision Resolution
688 NFCID1 4, 7, or 10 bytes Defined in [DIGPROT]Available after Collision
689 Resolution
690 SEL_RES Response 1 byte Defined in [DIGPROT]Available after Collision
691 Resolution
692 HRx Length 1 Octets Length of HRx Parameters collected from the response to
693 the T1T RID command.
694 HRx 0 or 2 Octets If present, the first byte SHALL contain HR0 and the second
695 byte SHALL contain HR1 as defined in [DIGITAL].
696 */
697 STREAM_TO_ARRAY(p_pa->sens_res, p, 2);
698 p_pa->nfcid1_len = *p++;
699 if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
700 p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
701 STREAM_TO_ARRAY(p_pa->nfcid1, p, p_pa->nfcid1_len);
702 u8 = *p++;
703 if (u8) p_pa->sel_rsp = *p++;
704 if (len ==
705 (7 + p_pa->nfcid1_len + u8)) /* 2(sens_res) + 1(len) +
706 p_pa->nfcid1_len + 1(len) + u8 + hr
707 (1:len + 2) */
708 {
709 p_pa->hr_len = *p++;
710 if (p_pa->hr_len == NCI_T1T_HR_LEN) {
711 p_pa->hr[0] = *p++;
712 p_pa->hr[1] = *p;
713 }
714 }
715 } else if (NCI_DISCOVERY_TYPE_POLL_B == p_param->mode) {
716 /*
717 SENSB_RES Response length (n) 1 byte Length of SENSB_RES Response (Byte 2 -
718 Byte 12 or 13)Available after Technology Detection
719 SENSB_RES Response Byte 2 - Byte 12 or 13 11 or 12 bytes Defined in [DIGPROT]
720 Available after Technology Detection
721 */
722 p_pb = &p_param->param.pb;
723 p_pb->sensb_res_len = *p++;
724 if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
725 p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
726 STREAM_TO_ARRAY(p_pb->sensb_res, p, p_pb->sensb_res_len);
727 memcpy(p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
728 } else if (NCI_DISCOVERY_TYPE_POLL_F == p_param->mode ||
729 (NCI_DISCOVERY_TYPE_POLL_F_ACTIVE == p_param->mode &&
730 NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
731 /*
732 Bit Rate 1 byte 1 212 kbps/2 424 kbps/0 and 3 to 255 RFU
733 SENSF_RES Response length.(n) 1 byte Length of SENSF_RES (Byte 2 - Byte 17 or
734 19).Available after Technology Detection
735 SENSF_RES Response Byte 2 - Byte 17 or 19 n bytes Defined in [DIGPROT]
736 Available after Technology Detection
737 */
738 p_pf = &p_param->param.pf;
739 p_pf->bit_rate = *p++;
740 p_pf->sensf_res_len = *p++;
741 if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
742 p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
743 STREAM_TO_ARRAY(p_pf->sensf_res, p, p_pf->sensf_res_len);
744 memcpy(p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
745 p_pf->mrti_check = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
746 p_pf->mrti_update = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
747 } else if (NCI_DISCOVERY_TYPE_LISTEN_F == p_param->mode ||
748 (NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE == p_param->mode &&
749 NFC_GetNCIVersion() != NCI_VERSION_2_0)) {
750 p_lf = &p_param->param.lf;
751 u8 = *p++;
752 if (u8) {
753 STREAM_TO_ARRAY(p_lf->nfcid2, p, NCI_NFCID2_LEN);
754 }
755 } else if (NCI_DISCOVERY_TYPE_POLL_V == p_param->mode) {
756 p_i93 = &p_param->param.pi93;
757 p_i93->flag = *p++;
758 p_i93->dsfid = *p++;
759 STREAM_TO_ARRAY(p_i93->uid, p, NFC_ISO15693_UID_LEN);
760 } else if (NCI_DISCOVERY_TYPE_POLL_KOVIO == p_param->mode) {
761 p_param->param.pk.uid_len = len;
762 if (p_param->param.pk.uid_len > NFC_KOVIO_MAX_LEN) {
763 LOG(ERROR) << StringPrintf("Kovio UID len:0x%x exceeds max(0x%x)",
764 p_param->param.pk.uid_len, NFC_KOVIO_MAX_LEN);
765 p_param->param.pk.uid_len = NFC_KOVIO_MAX_LEN;
766 }
767 STREAM_TO_ARRAY(p_param->param.pk.uid, p, p_param->param.pk.uid_len);
768 } else if (NCI_DISCOVERY_TYPE_POLL_ACTIVE == p_param->mode) {
769 acm_p = &p_param->param.acm_p;
770 acm_p->atr_res_len = *p++;
771 if (acm_p->atr_res_len > 0) {
772 if (acm_p->atr_res_len > NFC_MAX_ATS_LEN)
773 acm_p->atr_res_len = NFC_MAX_ATS_LEN;
774 STREAM_TO_ARRAY(acm_p->atr_res, p, acm_p->atr_res_len);
775 /* ATR_RES
776 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
777 NFCID3T DIDT BST BRT TO PPT [GT0 ... GTn] */
778 mpl_idx = 14;
779 gb_idx = NCI_P_GEN_BYTE_INDEX;
780 acm_p->waiting_time = acm_p->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
781 mpl = ((acm_p->atr_res[mpl_idx]) >> 4) & 0x03;
782 acm_p->max_payload_size = nfc_mpl_code_to_size[mpl];
783 if (acm_p->atr_res_len > gb_idx) {
784 acm_p->gen_bytes_len = acm_p->atr_res_len - gb_idx;
785 if (acm_p->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
786 acm_p->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
787 memcpy(acm_p->gen_bytes, &acm_p->atr_res[gb_idx], acm_p->gen_bytes_len);
788 }
789 }
790 } else if (NCI_DISCOVERY_TYPE_LISTEN_ACTIVE == p_param->mode) {
791 acm_p = &p_param->param.acm_p;
792 acm_p->atr_res_len = *p++;
793 if (acm_p->atr_res_len > 0) {
794 if (acm_p->atr_res_len > NFC_MAX_ATS_LEN)
795 acm_p->atr_res_len = NFC_MAX_ATS_LEN;
796 STREAM_TO_ARRAY(acm_p->atr_res, p, acm_p->atr_res_len);
797 /* ATR_REQ
798 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
799 NFCID3I DIDI BSI BRI PPI [GI0 ... GIn] */
800 mpl_idx = 13;
801 gb_idx = NCI_L_GEN_BYTE_INDEX;
802 mpl = ((acm_p->atr_res[mpl_idx]) >> 4) & 0x03;
803 acm_p->max_payload_size = nfc_mpl_code_to_size[mpl];
804 if (acm_p->atr_res_len > gb_idx) {
805 acm_p->gen_bytes_len = acm_p->atr_res_len - gb_idx;
806 if (acm_p->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
807 acm_p->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
808 memcpy(acm_p->gen_bytes, &acm_p->atr_res[gb_idx], acm_p->gen_bytes_len);
809 }
810 }
811 }
812
813 return (p_start + len);
814 }
815
816 /*******************************************************************************
817 **
818 ** Function nfc_ncif_proc_discover_ntf
819 **
820 ** Description This function is called to process discover notification
821 **
822 ** Returns void
823 **
824 *******************************************************************************/
nfc_ncif_proc_discover_ntf(uint8_t * p,uint16_t plen)825 void nfc_ncif_proc_discover_ntf(uint8_t* p,
826 __attribute__((unused)) uint16_t plen) {
827 tNFC_DISCOVER evt_data;
828
829 if (nfc_cb.p_discv_cback) {
830 p += NCI_MSG_HDR_SIZE;
831 evt_data.status = NCI_STATUS_OK;
832 evt_data.result.rf_disc_id = *p++;
833 evt_data.result.protocol = *p++;
834
835 /* fill in tNFC_RESULT_DEVT */
836 evt_data.result.rf_tech_param.mode = *p++;
837 p = nfc_ncif_decode_rf_params(&evt_data.result.rf_tech_param, p);
838
839 evt_data.result.more = *p++;
840 (*nfc_cb.p_discv_cback)(NFC_RESULT_DEVT, &evt_data);
841 }
842 }
843
844 /*******************************************************************************
845 **
846 ** Function nfc_ncif_proc_isodep_nak_presence_check_status
847 **
848 ** Description This function is called to handle response and notification
849 ** for presence check nak command
850 **
851 ** Returns void
852 **
853 *******************************************************************************/
nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,bool is_ntf)854 void nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,
855 bool is_ntf) {
856 rw_t4t_handle_isodep_nak_rsp(status, is_ntf);
857 }
858 /*******************************************************************************
859 **
860 ** Function nfc_ncif_proc_activate
861 **
862 ** Description This function is called to process de-activate
863 ** response and notification
864 **
865 ** Returns void
866 **
867 *******************************************************************************/
nfc_ncif_proc_activate(uint8_t * p,uint8_t len)868 void nfc_ncif_proc_activate(uint8_t* p, uint8_t len) {
869 tNFC_DISCOVER evt_data;
870 tNFC_INTF_PARAMS* p_intf = &evt_data.activate.intf_param;
871 tNFC_INTF_PA_ISO_DEP* p_pa_iso;
872 tNFC_INTF_LB_ISO_DEP* p_lb_iso;
873 tNFC_INTF_PB_ISO_DEP* p_pb_iso;
874 #if (NFC_RW_ONLY == FALSE)
875 tNFC_INTF_PA_NFC_DEP* p_pa_nfc;
876 int mpl_idx = 0;
877 uint8_t gb_idx = 0, mpl;
878 #endif
879 uint8_t t0;
880 tNCI_DISCOVERY_TYPE mode;
881 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
882 uint8_t *pp, len_act;
883 uint8_t buff_size, num_buff;
884 tNFC_RF_PA_PARAMS* p_pa;
885
886 nfc_set_state(NFC_STATE_OPEN);
887
888 memset(p_intf, 0, sizeof(tNFC_INTF_PARAMS));
889 evt_data.activate.rf_disc_id = *p++;
890 p_intf->type = *p++;
891 evt_data.activate.protocol = *p++;
892
893 if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
894 evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
895
896 evt_data.activate.rf_tech_param.mode = *p++;
897 buff_size = *p++;
898 num_buff = *p++;
899 /* fill in tNFC_activate_DEVT */
900 p = nfc_ncif_decode_rf_params(&evt_data.activate.rf_tech_param, p);
901
902 evt_data.activate.data_mode = *p++;
903 evt_data.activate.tx_bitrate = *p++;
904 evt_data.activate.rx_bitrate = *p++;
905 mode = evt_data.activate.rf_tech_param.mode;
906 len_act = *p++;
907 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
908 "nfc_ncif_proc_activate:%d %d, mode:0x%02x", len, len_act, mode);
909 /* just in case the interface reports activation parameters not defined in the
910 * NCI spec */
911 p_intf->intf_param.frame.param_len = len_act;
912 if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
913 p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
914 pp = p;
915 STREAM_TO_ARRAY(p_intf->intf_param.frame.param, pp,
916 p_intf->intf_param.frame.param_len);
917 if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP) {
918 /* Make max payload of NCI aligned to max payload of ISO-DEP for better
919 * performance */
920 if (buff_size > NCI_ISO_DEP_MAX_INFO) buff_size = NCI_ISO_DEP_MAX_INFO;
921
922 switch (mode) {
923 case NCI_DISCOVERY_TYPE_POLL_A:
924 p_pa_iso = &p_intf->intf_param.pa_iso;
925 p_pa_iso->ats_res_len = *p++;
926
927 if (p_pa_iso->ats_res_len == 0) break;
928
929 if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
930 p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
931 STREAM_TO_ARRAY(p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
932 pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
933 t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
934 pp++; /* T0 */
935 if (t0 & NCI_ATS_TA_MASK) pp++; /* TA */
936 if (t0 & NCI_ATS_TB_MASK) {
937 /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time
938 * Integer) */
939 p_pa_iso->fwi = (((*pp) >> 4) & 0x0F);
940 p_pa_iso->sfgi = ((*pp) & 0x0F);
941 pp++; /* TB */
942 }
943 if (t0 & NCI_ATS_TC_MASK) {
944 p_pa_iso->nad_used = ((*pp) & 0x01);
945 pp++; /* TC */
946 }
947 p_pa_iso->his_byte_len =
948 (uint8_t)(p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
949 if (p_pa_iso->his_byte_len > NFC_MAX_HIS_BYTES_LEN)
950 p_pa_iso->his_byte_len = NFC_MAX_HIS_BYTES_LEN;
951 memcpy(p_pa_iso->his_byte, pp, p_pa_iso->his_byte_len);
952 break;
953
954 case NCI_DISCOVERY_TYPE_LISTEN_A:
955 p_intf->intf_param.la_iso.rats = *p++;
956 gettimeofday(&timer_start, nullptr);
957 break;
958
959 case NCI_DISCOVERY_TYPE_POLL_B:
960 /* ATTRIB RSP
961 Byte 1 Byte 2 ~ 2+n-1
962 MBLI/DID Higher layer - Response
963 */
964 p_pb_iso = &p_intf->intf_param.pb_iso;
965 p_pb_iso->attrib_res_len = *p++;
966
967 if (p_pb_iso->attrib_res_len == 0) break;
968
969 if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
970 p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
971 STREAM_TO_ARRAY(p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
972 p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
973 if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES) {
974 p_pb_iso->hi_info_len =
975 p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
976 if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
977 p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
978 memcpy(p_pb_iso->hi_info,
979 &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES],
980 p_pb_iso->hi_info_len);
981 }
982 break;
983
984 case NCI_DISCOVERY_TYPE_LISTEN_B:
985 /* ATTRIB CMD
986 Byte 2~5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 ~ 10+k-1
987 NFCID0 Param 1 Param 2 Param 3 Param 4 Higher layer - INF
988 */
989 p_lb_iso = &p_intf->intf_param.lb_iso;
990 p_lb_iso->attrib_req_len = *p++;
991
992 if (p_lb_iso->attrib_req_len == 0) break;
993
994 if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
995 p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
996 STREAM_TO_ARRAY(p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
997 memcpy(p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
998 if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES) {
999 p_lb_iso->hi_info_len =
1000 p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
1001 if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1002 p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1003 memcpy(p_lb_iso->hi_info,
1004 &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES],
1005 p_lb_iso->hi_info_len);
1006 }
1007 gettimeofday(&timer_start, nullptr);
1008 break;
1009 }
1010
1011 }
1012 #if (NFC_RW_ONLY == FALSE)
1013 else if (evt_data.activate.intf_param.type == NCI_INTERFACE_NFC_DEP) {
1014 /* Make max payload of NCI aligned to max payload of NFC-DEP for better
1015 * performance */
1016 if (buff_size > NCI_NFC_DEP_MAX_DATA) buff_size = NCI_NFC_DEP_MAX_DATA;
1017
1018 p_pa_nfc = &p_intf->intf_param.pa_nfc;
1019
1020 /* Active mode, no info in activation parameters (NCI 2.0) */
1021 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1022 ((mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE) ||
1023 (mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE))) {
1024 p_pa_nfc->atr_res_len =
1025 evt_data.activate.rf_tech_param.param.acm_p.atr_res_len;
1026 } else {
1027 p_pa_nfc->atr_res_len = *p++;
1028 }
1029
1030 if (p_pa_nfc->atr_res_len > 0) {
1031 if (p_pa_nfc->atr_res_len > NFC_MAX_ATS_LEN)
1032 p_pa_nfc->atr_res_len = NFC_MAX_ATS_LEN;
1033
1034 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1035 ((mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE) ||
1036 (mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE))) {
1037 /* NCI 2.0 : ATR_RES is included in RF technology parameters in active mode */
1038 memcpy(p_pa_nfc->atr_res,
1039 evt_data.activate.rf_tech_param.param.acm_p.atr_res,
1040 p_pa_nfc->atr_res_len);
1041 } else {
1042 STREAM_TO_ARRAY(p_pa_nfc->atr_res, p, p_pa_nfc->atr_res_len);
1043 }
1044
1045 if ((mode == NCI_DISCOVERY_TYPE_POLL_A) ||
1046 (mode == NCI_DISCOVERY_TYPE_POLL_F) ||
1047 ((mode == NCI_DISCOVERY_TYPE_POLL_A_ACTIVE ||
1048 mode == NCI_DISCOVERY_TYPE_POLL_F_ACTIVE) &&
1049 NFC_GetNCIVersion() != NCI_VERSION_2_0) ||
1050 (NFC_GetNCIVersion() == NCI_VERSION_2_0 &&
1051 mode == NCI_DISCOVERY_TYPE_POLL_ACTIVE)) {
1052 /* ATR_RES
1053 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
1054 NFCID3T DIDT BST BRT TO PPT [GT0 ... GTn] */
1055 mpl_idx = 14;
1056 gb_idx = NCI_P_GEN_BYTE_INDEX;
1057 p_pa_nfc->waiting_time =
1058 p_pa_nfc->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
1059 } else if ((mode == NCI_DISCOVERY_TYPE_LISTEN_A) ||
1060 (mode == NCI_DISCOVERY_TYPE_LISTEN_F) ||
1061 (NFC_GetNCIVersion() != NCI_VERSION_2_0 &&
1062 (mode == NCI_DISCOVERY_TYPE_LISTEN_A_ACTIVE ||
1063 mode == NCI_DISCOVERY_TYPE_LISTEN_F_ACTIVE)) ||
1064 (NFC_GetNCIVersion() == NCI_VERSION_2_0 &&
1065 mode == NCI_DISCOVERY_TYPE_LISTEN_ACTIVE)) {
1066 /* ATR_REQ
1067 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
1068 NFCID3I DIDI BSI BRI PPI [GI0 ... GIn] */
1069 mpl_idx = 13;
1070 gb_idx = NCI_L_GEN_BYTE_INDEX;
1071 }
1072
1073 mpl = ((p_pa_nfc->atr_res[mpl_idx]) >> 4) & 0x03;
1074 p_pa_nfc->max_payload_size = nfc_mpl_code_to_size[mpl];
1075 if (p_pa_nfc->atr_res_len > gb_idx) {
1076 p_pa_nfc->gen_bytes_len = p_pa_nfc->atr_res_len - gb_idx;
1077 if (p_pa_nfc->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
1078 p_pa_nfc->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
1079 memcpy(p_pa_nfc->gen_bytes, &p_pa_nfc->atr_res[gb_idx],
1080 p_pa_nfc->gen_bytes_len);
1081 }
1082 }
1083 }
1084 #endif
1085 else if ((evt_data.activate.intf_param.type == NCI_INTERFACE_FRAME) &&
1086 (evt_data.activate.protocol == NCI_PROTOCOL_T1T)) {
1087 p_pa = &evt_data.activate.rf_tech_param.param.pa;
1088 if ((len_act == NCI_T1T_HR_LEN) && (p_pa->hr_len == 0)) {
1089 p_pa->hr_len = NCI_T1T_HR_LEN;
1090 p_pa->hr[0] = *p++;
1091 p_pa->hr[1] = *p++;
1092 }
1093 }
1094
1095 p_cb->act_protocol = evt_data.activate.protocol;
1096 p_cb->act_interface = evt_data.activate.intf_param.type;
1097 p_cb->buff_size = buff_size;
1098 p_cb->num_buff = num_buff;
1099 p_cb->init_credits = num_buff;
1100
1101 if (nfc_cb.p_discv_cback) {
1102 (*nfc_cb.p_discv_cback)(NFC_ACTIVATE_DEVT, &evt_data);
1103 }
1104 }
1105
1106 /*******************************************************************************
1107 **
1108 ** Function nfc_ncif_proc_deactivate
1109 **
1110 ** Description This function is called to process de-activate
1111 ** response and notification
1112 **
1113 ** Returns void
1114 **
1115 *******************************************************************************/
nfc_ncif_proc_deactivate(uint8_t status,uint8_t deact_type,bool is_ntf)1116 void nfc_ncif_proc_deactivate(uint8_t status, uint8_t deact_type, bool is_ntf) {
1117 tNFC_DISCOVER evt_data;
1118 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1119 void* p_data;
1120
1121 nfc_set_state(NFC_STATE_IDLE);
1122 evt_data.deactivate.status = status;
1123 evt_data.deactivate.type = deact_type;
1124 evt_data.deactivate.is_ntf = is_ntf;
1125 if (NFC_GetNCIVersion() == NCI_VERSION_2_0) {
1126 evt_data.deactivate.reason = nfc_cb.deact_reason;
1127 }
1128
1129 while ((p_data = GKI_dequeue(&p_cb->rx_q)) != nullptr) {
1130 GKI_freebuf(p_data);
1131 }
1132
1133 while ((p_data = GKI_dequeue(&p_cb->tx_q)) != nullptr) {
1134 GKI_freebuf(p_data);
1135 }
1136
1137 if (p_cb->p_cback) {
1138 tNFC_CONN nfc_conn;
1139 nfc_conn.deactivate = evt_data.deactivate;
1140 (*p_cb->p_cback)(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &nfc_conn);
1141 }
1142
1143 if (nfc_cb.p_discv_cback) {
1144 (*nfc_cb.p_discv_cback)(NFC_DEACTIVATE_DEVT, &evt_data);
1145 }
1146
1147 // clear previous stored tick count if not comsumed
1148 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
1149 memset(&timer_start, 0, sizeof(timer_start));
1150 }
1151 }
1152 /*******************************************************************************
1153 **
1154 ** Function nfc_ncif_proc_ee_action
1155 **
1156 ** Description This function is called to process NFCEE ACTION NTF
1157 **
1158 ** Returns void
1159 **
1160 *******************************************************************************/
1161 #if (NFC_NFCEE_INCLUDED == TRUE && NFC_RW_ONLY == FALSE)
nfc_ncif_proc_ee_action(uint8_t * p,uint16_t plen)1162 void nfc_ncif_proc_ee_action(uint8_t* p, uint16_t plen) {
1163 tNFC_EE_ACTION_REVT evt_data;
1164 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1165 uint8_t data_len, ulen, tag, *p_data;
1166 uint8_t max_len;
1167
1168 if (p_cback) {
1169 memset(&evt_data.act_data, 0, sizeof(tNFC_ACTION_DATA));
1170 evt_data.status = NFC_STATUS_OK;
1171 evt_data.nfcee_id = *p++;
1172 evt_data.act_data.trigger = *p++;
1173 data_len = *p++;
1174 if (plen >= 3) plen -= 3;
1175 if (data_len > plen) data_len = (uint8_t)plen;
1176
1177 switch (evt_data.act_data.trigger) {
1178 case NCI_EE_TRIG_7816_SELECT:
1179 if (data_len > NFC_MAX_AID_LEN) data_len = NFC_MAX_AID_LEN;
1180 evt_data.act_data.param.aid.len_aid = data_len;
1181 STREAM_TO_ARRAY(evt_data.act_data.param.aid.aid, p, data_len);
1182 break;
1183 case NCI_EE_TRIG_RF_PROTOCOL:
1184 evt_data.act_data.param.protocol = *p++;
1185 break;
1186 case NCI_EE_TRIG_RF_TECHNOLOGY:
1187 evt_data.act_data.param.technology = *p++;
1188 break;
1189 case NCI_EE_TRIG_APP_INIT:
1190 while (data_len > NFC_TL_SIZE) {
1191 data_len -= NFC_TL_SIZE;
1192 tag = *p++;
1193 ulen = *p++;
1194 if (ulen > data_len) ulen = data_len;
1195 p_data = nullptr;
1196 max_len = ulen;
1197 switch (tag) {
1198 case NCI_EE_ACT_TAG_AID: /* AID */
1199 if (max_len > NFC_MAX_AID_LEN) max_len = NFC_MAX_AID_LEN;
1200 evt_data.act_data.param.app_init.len_aid = max_len;
1201 p_data = evt_data.act_data.param.app_init.aid;
1202 break;
1203 case NCI_EE_ACT_TAG_DATA: /* hex data for app */
1204 if (max_len > NFC_MAX_APP_DATA_LEN)
1205 max_len = NFC_MAX_APP_DATA_LEN;
1206 evt_data.act_data.param.app_init.len_data = max_len;
1207 p_data = evt_data.act_data.param.app_init.data;
1208 break;
1209 }
1210 if (p_data) {
1211 STREAM_TO_ARRAY(p_data, p, max_len);
1212 }
1213 data_len -= ulen;
1214 }
1215 break;
1216 }
1217 tNFC_RESPONSE nfc_response;
1218 nfc_response.ee_action = evt_data;
1219 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1220 }
1221 }
1222
1223 /*******************************************************************************
1224 **
1225 ** Function nfc_ncif_proc_ee_discover_req
1226 **
1227 ** Description This function is called to process NFCEE DISCOVER REQ NTF
1228 **
1229 ** Returns void
1230 **
1231 *******************************************************************************/
nfc_ncif_proc_ee_discover_req(uint8_t * p,uint16_t plen)1232 void nfc_ncif_proc_ee_discover_req(uint8_t* p, uint16_t plen) {
1233 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1234 tNFC_EE_DISCOVER_REQ_REVT ee_disc_req;
1235 tNFC_EE_DISCOVER_INFO* p_info;
1236 uint8_t u8;
1237
1238 DLOG_IF(INFO, nfc_debug_enabled)
1239 << StringPrintf("nfc_ncif_proc_ee_discover_req %d len:%d", *p, plen);
1240
1241 if (*p > NFC_MAX_EE_DISC_ENTRIES) {
1242 android_errorWriteLog(0x534e4554, "122361874");
1243 LOG(ERROR) << __func__ << "Exceed NFC_MAX_EE_DISC_ENTRIES";
1244 return;
1245 }
1246
1247 if (p_cback) {
1248 u8 = *p;
1249 ee_disc_req.status = NFC_STATUS_OK;
1250 ee_disc_req.num_info = *p++;
1251 p_info = ee_disc_req.info;
1252 if (plen) plen--;
1253 while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN)) {
1254 p_info->op = *p++; /* T */
1255 if (*p != NFC_EE_DISCOVER_INFO_LEN) /* L */
1256 {
1257 DLOG_IF(INFO, nfc_debug_enabled)
1258 << StringPrintf("bad entry len:%d", *p);
1259 return;
1260 }
1261 p++;
1262 /* V */
1263 p_info->nfcee_id = *p++;
1264 p_info->tech_n_mode = *p++;
1265 p_info->protocol = *p++;
1266 u8--;
1267 plen -= NFC_EE_DISCOVER_ENTRY_LEN;
1268 p_info++;
1269 }
1270 tNFC_RESPONSE nfc_response;
1271 nfc_response.ee_discover_req = ee_disc_req;
1272 (*p_cback)(NFC_EE_DISCOVER_REQ_REVT, &nfc_response);
1273 }
1274 }
1275
1276 /*******************************************************************************
1277 **
1278 ** Function nfc_ncif_proc_get_routing
1279 **
1280 ** Description This function is called to process get routing notification
1281 **
1282 ** Returns void
1283 **
1284 *******************************************************************************/
nfc_ncif_proc_get_routing(uint8_t * p,uint8_t len)1285 void nfc_ncif_proc_get_routing(uint8_t* p,
1286 __attribute__((unused)) uint8_t len) {
1287 tNFC_GET_ROUTING_REVT evt_data;
1288 uint8_t more, num_entries, xx, yy, *pn, tl;
1289 tNFC_STATUS status = NFC_STATUS_CONTINUE;
1290
1291 if (nfc_cb.p_resp_cback) {
1292 more = *p++;
1293 num_entries = *p++;
1294 for (xx = 0; xx < num_entries; xx++) {
1295 if ((more == false) && (xx == (num_entries - 1))) status = NFC_STATUS_OK;
1296 evt_data.status = (tNFC_STATUS)status;
1297 evt_data.nfcee_id = *p++;
1298 evt_data.num_tlvs = *p++;
1299 evt_data.tlv_size = 0;
1300 pn = evt_data.param_tlvs;
1301 for (yy = 0; yy < evt_data.num_tlvs; yy++) {
1302 tl = *(p + 1);
1303 tl += NFC_TL_SIZE;
1304 evt_data.tlv_size += tl;
1305 if (evt_data.tlv_size > NFC_MAX_EE_TLV_SIZE) {
1306 android_errorWriteLog(0x534e4554, "117554809");
1307 LOG(ERROR) << __func__ << "Invalid data format";
1308 return;
1309 }
1310 STREAM_TO_ARRAY(pn, p, tl);
1311 pn += tl;
1312 }
1313 tNFC_RESPONSE nfc_response;
1314 nfc_response.get_routing = evt_data;
1315 (*nfc_cb.p_resp_cback)(NFC_GET_ROUTING_REVT, &nfc_response);
1316 }
1317 }
1318 }
1319 #endif
1320
1321 /*******************************************************************************
1322 **
1323 ** Function nfc_ncif_proc_conn_create_rsp
1324 **
1325 ** Description This function is called to process connection create
1326 ** response
1327 **
1328 ** Returns void
1329 **
1330 *******************************************************************************/
nfc_ncif_proc_conn_create_rsp(uint8_t * p,uint16_t plen,uint8_t dest_type)1331 void nfc_ncif_proc_conn_create_rsp(uint8_t* p,
1332 __attribute__((unused)) uint16_t plen,
1333 uint8_t dest_type) {
1334 tNFC_CONN_CB* p_cb;
1335 tNFC_STATUS status;
1336 tNFC_CONN_CBACK* p_cback;
1337 tNFC_CONN evt_data;
1338 uint8_t conn_id;
1339
1340 /* find the pending connection control block */
1341 p_cb = nfc_find_conn_cb_by_conn_id(NFC_PEND_CONN_ID);
1342 if (p_cb) {
1343 p += NCI_MSG_HDR_SIZE;
1344 status = *p++;
1345 p_cb->buff_size = *p++;
1346 p_cb->num_buff = p_cb->init_credits = *p++;
1347 conn_id = *p++;
1348 evt_data.conn_create.status = status;
1349 evt_data.conn_create.dest_type = dest_type;
1350 evt_data.conn_create.id = p_cb->id;
1351 evt_data.conn_create.buff_size = p_cb->buff_size;
1352 evt_data.conn_create.num_buffs = p_cb->num_buff;
1353 p_cback = p_cb->p_cback;
1354 if (status == NCI_STATUS_OK) {
1355 nfc_set_conn_id(p_cb, conn_id);
1356 } else {
1357 nfc_free_conn_cb(p_cb);
1358 }
1359
1360 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
1361 }
1362 }
1363
1364 /*******************************************************************************
1365 **
1366 ** Function nfc_ncif_report_conn_close_evt
1367 **
1368 ** Description This function is called to report connection close event
1369 **
1370 ** Returns void
1371 **
1372 *******************************************************************************/
nfc_ncif_report_conn_close_evt(uint8_t conn_id,tNFC_STATUS status)1373 void nfc_ncif_report_conn_close_evt(uint8_t conn_id, tNFC_STATUS status) {
1374 tNFC_CONN evt_data;
1375 tNFC_CONN_CBACK* p_cback;
1376 tNFC_CONN_CB* p_cb;
1377
1378 p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1379 if (p_cb) {
1380 p_cback = p_cb->p_cback;
1381 nfc_free_conn_cb(p_cb);
1382 evt_data.status = status;
1383 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
1384 }
1385 }
1386
1387 /*******************************************************************************
1388 **
1389 ** Function nfc_ncif_proc_reset_rsp
1390 **
1391 ** Description This function is called to process reset
1392 ** response/notification
1393 **
1394 ** Returns void
1395 **
1396 *******************************************************************************/
nfc_ncif_proc_reset_rsp(uint8_t * p,bool is_ntf)1397 void nfc_ncif_proc_reset_rsp(uint8_t* p, bool is_ntf) {
1398 uint8_t* p_len = p - 1;
1399 uint8_t status = *p++;
1400 uint8_t wait_for_ntf = FALSE;
1401 if (is_ntf) {
1402 LOG(ERROR) << StringPrintf("reset notification!!:0x%x ", status);
1403 /* clean up, if the state is OPEN
1404 * FW does not report reset ntf right now */
1405 if (status == NCI2_0_RESET_TRIGGER_TYPE_CORE_RESET_CMD_RECEIVED ||
1406 status == NCI2_0_RESET_TRIGGER_TYPE_POWERED_ON) {
1407 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1408 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1409 nfc_cb.nfc_state);
1410 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
1411 p++;
1412 STREAM_TO_UINT8(nfc_cb.nci_version, p);
1413 DLOG_IF(INFO, nfc_debug_enabled)
1414 << StringPrintf(" CORE_RESET_NTF nci_version%x", nfc_cb.nci_version);
1415 status = NCI_STATUS_OK;
1416 } else {
1417 /* CORE_RESET_NTF received error case , trigger recovery*/
1418 DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
1419 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1420 nfc_cb.nfc_state);
1421 nfc_ncif_cmd_timeout();
1422 status = NCI_STATUS_FAILED;
1423 }
1424 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
1425 /*if any conn_cb is connected, close it.
1426 if any pending outgoing packets are dropped.*/
1427 nfc_reset_all_conn_cbs();
1428 }
1429 } else {
1430 DLOG_IF(INFO, nfc_debug_enabled)
1431 << StringPrintf("CORE_RESET_RSP len :0x%x ", *p_len);
1432 if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_2_0)) {
1433 wait_for_ntf = TRUE;
1434 } else if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_1_0)) {
1435 nfc_cb.nci_version = NCI_VERSION_1_0;
1436 }
1437 }
1438
1439 if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
1440 nfc_reset_all_conn_cbs();
1441 }
1442
1443 if (status == NCI_STATUS_OK) {
1444 if (wait_for_ntf == TRUE) {
1445 /* reset version reported by NFCC is NCI2.0 , start a timer for 2000ms to
1446 * wait for NTF*/
1447 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
1448 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
1449 nfc_cb.nci_wait_rsp_tout);
1450 } else {
1451 if (nfc_cb.nci_version == NCI_VERSION_1_0)
1452 nci_snd_core_init(NCI_VERSION_1_0);
1453 else
1454 nci_snd_core_init(NCI_VERSION_2_0);
1455 }
1456 } else {
1457 LOG(ERROR) << StringPrintf("Failed to reset NFCC");
1458 nfc_enabled(status, nullptr);
1459 }
1460 }
1461
1462 /*******************************************************************************
1463 **
1464 ** Function nfc_ncif_proc_init_rsp
1465 **
1466 ** Description This function is called to process init response
1467 **
1468 ** Returns void
1469 **
1470 *******************************************************************************/
nfc_ncif_proc_init_rsp(NFC_HDR * p_msg)1471 void nfc_ncif_proc_init_rsp(NFC_HDR* p_msg) {
1472 uint8_t *p, status;
1473 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1474
1475 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1476
1477 /* handle init params in nfc_enabled */
1478 status = *(p + NCI_MSG_HDR_SIZE);
1479 if (status == NCI_STATUS_OK) {
1480 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1481 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1482 } else {
1483 p_cb->id = NFC_RF_CONN_ID;
1484 // check scbr bit as per NCI 2.0 spec
1485 nfc_cb.isScbrSupported = p[5] & NCI_SCBR_MASK;
1486 DLOG_IF(INFO, nfc_debug_enabled)
1487 << StringPrintf("scbr support: 0x%x", nfc_cb.isScbrSupported);
1488 p_cb->act_protocol = NCI_PROTOCOL_UNKNOWN;
1489
1490 nfc_set_state(NFC_STATE_W4_POST_INIT_CPLT);
1491
1492 nfc_cb.p_nci_init_rsp = p_msg;
1493 nfc_cb.p_hal->core_initialized(p_msg->len, p);
1494 }
1495 } else {
1496 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1497 nfc_cb.nci_version = NCI_VERSION_1_0;
1498 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1499 } else {
1500 nfc_enabled(status, nullptr);
1501 GKI_freebuf(p_msg);
1502 }
1503 }
1504 }
1505
1506 /*******************************************************************************
1507 **
1508 ** Function nfc_ncif_proc_get_config_rsp
1509 **
1510 ** Description This function is called to process get config response
1511 **
1512 ** Returns void
1513 **
1514 *******************************************************************************/
nfc_ncif_proc_get_config_rsp(NFC_HDR * p_evt)1515 void nfc_ncif_proc_get_config_rsp(NFC_HDR* p_evt) {
1516 uint8_t* p;
1517 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1518 tNFC_RESPONSE evt_data;
1519
1520 p_evt->offset += NCI_MSG_HDR_SIZE;
1521 p_evt->len -= NCI_MSG_HDR_SIZE;
1522 if (p_cback) {
1523 p = (uint8_t*)(p_evt + 1) + p_evt->offset;
1524 evt_data.get_config.status = *p++;
1525 evt_data.get_config.tlv_size = p_evt->len;
1526 evt_data.get_config.p_param_tlvs = p;
1527 (*p_cback)(NFC_GET_CONFIG_REVT, &evt_data);
1528 }
1529 }
1530
1531 /*******************************************************************************
1532 **
1533 ** Function nfc_ncif_proc_t3t_polling_ntf
1534 **
1535 ** Description Handle NCI_MSG_RF_T3T_POLLING NTF
1536 **
1537 ** Returns void
1538 **
1539 *******************************************************************************/
nfc_ncif_proc_t3t_polling_ntf(uint8_t * p,uint16_t plen)1540 void nfc_ncif_proc_t3t_polling_ntf(uint8_t* p, uint16_t plen) {
1541 uint8_t status;
1542 uint8_t num_responses;
1543
1544 /* Pass result to RW_T3T for processing */
1545 STREAM_TO_UINT8(status, p);
1546 STREAM_TO_UINT8(num_responses, p);
1547 plen -= NFC_TL_SIZE;
1548 rw_t3t_handle_nci_poll_ntf(status, num_responses, (uint8_t)plen, p);
1549 }
1550
1551 /*******************************************************************************
1552 **
1553 ** Function nfc_data_event
1554 **
1555 ** Description Report Data event on the given connection control block
1556 **
1557 ** Returns void
1558 **
1559 *******************************************************************************/
nfc_data_event(tNFC_CONN_CB * p_cb)1560 void nfc_data_event(tNFC_CONN_CB* p_cb) {
1561 NFC_HDR* p_evt;
1562 tNFC_DATA_CEVT data_cevt;
1563 uint8_t* p;
1564
1565 if (p_cb->p_cback) {
1566 while ((p_evt = (NFC_HDR*)GKI_getfirst(&p_cb->rx_q)) != nullptr) {
1567 if (p_evt->layer_specific & NFC_RAS_FRAGMENTED) {
1568 /* Not the last fragment */
1569 if (!(p_evt->layer_specific & NFC_RAS_TOO_BIG)) {
1570 /* buffer can hold more */
1571 if ((p_cb->conn_id != NFC_RF_CONN_ID) || (nfc_cb.reassembly)) {
1572 /* If not rf connection or If rf connection and reassembly
1573 * requested,
1574 * try to Reassemble next packet */
1575 break;
1576 }
1577 }
1578 }
1579
1580 p_evt = (NFC_HDR*)GKI_dequeue(&p_cb->rx_q);
1581 /* report data event */
1582 p_evt->offset += NCI_MSG_HDR_SIZE;
1583 p_evt->len -= NCI_MSG_HDR_SIZE;
1584
1585 if (p_evt->layer_specific)
1586 data_cevt.status = NFC_STATUS_CONTINUE;
1587 else {
1588 nfc_cb.reassembly = true;
1589 data_cevt.status = NFC_STATUS_OK;
1590 }
1591
1592 data_cevt.p_data = p_evt;
1593 /* adjust payload, if needed */
1594 if (p_cb->conn_id == NFC_RF_CONN_ID) {
1595 /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status
1596 * byte needs to be removed
1597 */
1598 if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) &&
1599 (p_cb->act_protocol <= NCI_PROTOCOL_T3T)) {
1600 p_evt->len--;
1601 p = (uint8_t*)(p_evt + 1);
1602 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1603 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1604 (p_cb->act_protocol == NCI_PROTOCOL_T2T) &&
1605 (p_cb->act_interface == NCI_INTERFACE_FRAME)) {
1606 if ((data_cevt.status != NFC_STATUS_OK) &&
1607 ((data_cevt.status >= T2T_STATUS_OK_1_BIT) &&
1608 (data_cevt.status <= T2T_STATUS_OK_7_BIT))) {
1609 DLOG_IF(INFO, nfc_debug_enabled)
1610 << StringPrintf("%s: T2T tag data xchange", __func__);
1611 data_cevt.status = NFC_STATUS_OK;
1612 }
1613 }
1614 }
1615 if ((NFC_GetNCIVersion() == NCI_VERSION_2_0) &&
1616 (p_cb->act_protocol == NCI_PROTOCOL_T5T)) {
1617 p_evt->len--;
1618 p = (uint8_t*)(p_evt + 1);
1619 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1620 }
1621 }
1622 tNFC_CONN nfc_conn;
1623 nfc_conn.data = data_cevt;
1624 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_CEVT, &nfc_conn);
1625 p_evt = nullptr;
1626 }
1627 }
1628 }
1629
1630 /*******************************************************************************
1631 **
1632 ** Function nfc_ncif_proc_data
1633 **
1634 ** Description Find the connection control block associated with the data
1635 ** packet. Assemble the data packet, if needed.
1636 ** Report the Data event.
1637 **
1638 ** Returns void
1639 **
1640 *******************************************************************************/
nfc_ncif_proc_data(NFC_HDR * p_msg)1641 void nfc_ncif_proc_data(NFC_HDR* p_msg) {
1642 uint8_t *pp, cid;
1643 tNFC_CONN_CB* p_cb;
1644 uint8_t pbf;
1645 NFC_HDR* p_last;
1646 uint8_t *ps, *pd;
1647 uint16_t size;
1648 NFC_HDR* p_max = nullptr;
1649 uint16_t len;
1650
1651 pp = (uint8_t*)(p_msg + 1) + p_msg->offset;
1652 DLOG_IF(INFO, nfc_debug_enabled)
1653 << StringPrintf("nfc_ncif_proc_data 0x%02x%02x%02x", pp[0], pp[1], pp[2]);
1654 NCI_DATA_PRS_HDR(pp, pbf, cid, len);
1655 p_cb = nfc_find_conn_cb_by_conn_id(cid);
1656 if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE)) {
1657 DLOG_IF(INFO, nfc_debug_enabled)
1658 << StringPrintf("nfc_ncif_proc_data len:%d", len);
1659
1660 p_msg->layer_specific = 0;
1661 if (pbf) {
1662 NFC_SetReassemblyFlag(true);
1663 p_msg->layer_specific = NFC_RAS_FRAGMENTED;
1664 }
1665 p_last = (NFC_HDR*)GKI_getlast(&p_cb->rx_q);
1666 if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
1667 /* last data buffer is not last fragment, append this new packet to the
1668 * last */
1669 size = GKI_get_buf_size(p_last);
1670 if (size < (NFC_HDR_SIZE + p_last->len + p_last->offset + len)) {
1671 /* the current size of p_last is not big enough to hold the new
1672 * fragment, p_msg */
1673 if (size != GKI_MAX_BUF_SIZE) {
1674 /* try the biggest GKI pool */
1675 p_max = (NFC_HDR*)GKI_getpoolbuf(GKI_MAX_BUF_SIZE_POOL_ID);
1676 if (p_max) {
1677 /* copy the content of last buffer to the new buffer */
1678 memcpy(p_max, p_last, NFC_HDR_SIZE);
1679 pd = (uint8_t*)(p_max + 1) + p_max->offset;
1680 ps = (uint8_t*)(p_last + 1) + p_last->offset;
1681 memcpy(pd, ps, p_last->len);
1682
1683 /* place the new buffer in the queue instead */
1684 GKI_remove_from_queue(&p_cb->rx_q, p_last);
1685 GKI_freebuf(p_last);
1686 GKI_enqueue(&p_cb->rx_q, p_max);
1687 p_last = p_max;
1688 }
1689 }
1690 if (p_max == nullptr) {
1691 /* Biggest GKI Pool not available (or)
1692 * Biggest available GKI Pool is not big enough to hold the new
1693 * fragment, p_msg */
1694 p_last->layer_specific |= NFC_RAS_TOO_BIG;
1695 }
1696 }
1697
1698 ps = (uint8_t*)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
1699 len = p_msg->len - NCI_MSG_HDR_SIZE;
1700
1701 if (!(p_last->layer_specific & NFC_RAS_TOO_BIG)) {
1702 pd = (uint8_t*)(p_last + 1) + p_last->offset + p_last->len;
1703 memcpy(pd, ps, len);
1704 p_last->len += len;
1705 /* do not need to update pbf and len in NCI header.
1706 * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
1707 DLOG_IF(INFO, nfc_debug_enabled)
1708 << StringPrintf("nfc_ncif_proc_data len:%d", p_last->len);
1709 p_last->layer_specific = p_msg->layer_specific;
1710 GKI_freebuf(p_msg);
1711 nfc_data_event(p_cb);
1712 } else {
1713 /* Not enough memory to add new buffer
1714 * Send data already in queue first with status Continue */
1715 nfc_data_event(p_cb);
1716 /* now enqueue the new buffer to the rx queue */
1717 GKI_enqueue(&p_cb->rx_q, p_msg);
1718 }
1719 } else {
1720 /* if this is the first fragment on RF link */
1721 if ((p_msg->layer_specific & NFC_RAS_FRAGMENTED) &&
1722 (p_cb->conn_id == NFC_RF_CONN_ID) && (p_cb->p_cback)) {
1723 /* Indicate upper layer that local device started receiving data */
1724 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_START_CEVT, nullptr);
1725 }
1726 /* enqueue the new buffer to the rx queue */
1727 GKI_enqueue(&p_cb->rx_q, p_msg);
1728 nfc_data_event(p_cb);
1729 }
1730 return;
1731 }
1732 GKI_freebuf(p_msg);
1733 }
1734
1735 /*******************************************************************************
1736 **
1737 ** Function nfc_ncif_process_proprietary_rsp
1738 **
1739 ** Description Process the response to avoid collision
1740 ** while rawVsCbflag is set
1741 **
1742 ** Returns true if proprietary response else false
1743 **
1744 *******************************************************************************/
nfc_ncif_proc_proprietary_rsp(uint8_t mt,uint8_t gid,uint8_t oid)1745 bool nfc_ncif_proc_proprietary_rsp(uint8_t mt, uint8_t gid, uint8_t oid) {
1746 bool stat = FALSE;
1747 DLOG_IF(INFO, nfc_debug_enabled)
1748 << StringPrintf("%s: mt=%u, gid=%u, oid=%u", __func__, mt, gid, oid);
1749
1750 switch (mt) {
1751 case NCI_MT_DATA:
1752 /* check for Data Response */
1753 if (gid != 0x03 && oid != 0x00) stat = TRUE;
1754 break;
1755
1756 case NCI_MT_NTF:
1757 switch (gid) {
1758 case NCI_GID_CORE:
1759 /* check for CORE_RESET_NTF or CORE_CONN_CREDITS_NTF */
1760 if (oid != 0x00 && oid != 0x06) stat = TRUE;
1761 break;
1762 case NCI_GID_RF_MANAGE:
1763 /* check for CORE_CONN_CREDITS_NTF or NFA_EE_ACTION_NTF or
1764 * NFA_EE_DISCOVERY_REQ_NTF */
1765 if (oid != 0x06 && oid != 0x09 && oid != 0x0A) stat = TRUE;
1766 break;
1767 case NCI_GID_EE_MANAGE:
1768 if (oid != 0x00) stat = TRUE;
1769 break;
1770 default:
1771 stat = TRUE;
1772 break;
1773 }
1774 break;
1775
1776 default:
1777 stat = TRUE;
1778 break;
1779 }
1780 DLOG_IF(INFO, nfc_debug_enabled)
1781 << StringPrintf("%s: exit status=%u", __func__, stat);
1782 return stat;
1783 }
1784
1785 /*******************************************************************************
1786 ** Function nfc_mode_set_ntf_timeout
1787 **
1788 ** Description This function is invoked on mode set ntf timeout
1789 **
1790 ** Returns void
1791 **
1792 *******************************************************************************/
nfc_mode_set_ntf_timeout()1793 void nfc_mode_set_ntf_timeout() {
1794 LOG(ERROR) << StringPrintf("%s", __func__);
1795 tNFC_RESPONSE nfc_response;
1796 nfc_response.mode_set.status = NCI_STATUS_FAILED;
1797 nfc_response.mode_set.nfcee_id = *nfc_cb.last_cmd;
1798 nfc_response.mode_set.mode = NCI_NFCEE_MD_DEACTIVATE;
1799
1800 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1801 tNFC_RESPONSE_EVT event = NFC_NFCEE_MODE_SET_REVT;
1802 if (p_cback) (*p_cback)(event, &nfc_response);
1803 }
1804