1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the main GATT client functions
22 *
23 ******************************************************************************/
24
25 #define LOG_TAG "bluetooth"
26
27 #include <string.h>
28
29 #include "bt_common.h"
30 #include "bt_target.h"
31 #include "bt_utils.h"
32 #include "gatt_int.h"
33 #include "l2c_api.h"
34 #include "osi/include/log.h"
35 #include "osi/include/osi.h"
36 #include "stack/eatt/eatt.h"
37
38 #define GATT_WRITE_LONG_HDR_SIZE 5 /* 1 opcode + 2 handle + 2 offset */
39 #define GATT_READ_CHAR_VALUE_HDL (GATT_READ_CHAR_VALUE | 0x80)
40 #define GATT_READ_INC_SRV_UUID128 (GATT_DISC_INC_SRVC | 0x90)
41
42 #define GATT_PREP_WRITE_RSP_MIN_LEN 4
43 #define GATT_NOTIFICATION_MIN_LEN 2
44 #define GATT_WRITE_RSP_MIN_LEN 2
45 #define GATT_INFO_RSP_MIN_LEN 1
46 #define GATT_MTU_RSP_MIN_LEN 2
47 #define GATT_READ_BY_TYPE_RSP_MIN_LEN 1
48
49 using base::StringPrintf;
50 using bluetooth::Uuid;
51 using bluetooth::eatt::EattExtension;
52 using bluetooth::eatt::EattChannel;
53
54 /*******************************************************************************
55 * G L O B A L G A T T D A T A *
56 ******************************************************************************/
57 void gatt_send_prepare_write(tGATT_TCB& tcb, tGATT_CLCB* p_clcb);
58
59 uint8_t disc_type_to_att_opcode[GATT_DISC_MAX] = {
60 0,
61 GATT_REQ_READ_BY_GRP_TYPE, /* GATT_DISC_SRVC_ALL = 1, */
62 GATT_REQ_FIND_TYPE_VALUE, /* GATT_DISC_SRVC_BY_UUID, */
63 GATT_REQ_READ_BY_TYPE, /* GATT_DISC_INC_SRVC, */
64 GATT_REQ_READ_BY_TYPE, /* GATT_DISC_CHAR, */
65 GATT_REQ_FIND_INFO /* GATT_DISC_CHAR_DSCPT, */
66 };
67
68 uint16_t disc_type_to_uuid[GATT_DISC_MAX] = {
69 0, /* reserved */
70 GATT_UUID_PRI_SERVICE, /* <service> DISC_SRVC_ALL */
71 GATT_UUID_PRI_SERVICE, /* <service> for DISC_SERVC_BY_UUID */
72 GATT_UUID_INCLUDE_SERVICE, /* <include_service> for DISC_INC_SRVC */
73 GATT_UUID_CHAR_DECLARE, /* <characteristic> for DISC_CHAR */
74 0 /* no type filtering for DISC_CHAR_DSCPT */
75 };
76
77 /*******************************************************************************
78 *
79 * Function gatt_act_discovery
80 *
81 * Description GATT discovery operation.
82 *
83 * Returns void.
84 *
85 ******************************************************************************/
gatt_act_discovery(tGATT_CLCB * p_clcb)86 void gatt_act_discovery(tGATT_CLCB* p_clcb) {
87 uint8_t op_code = disc_type_to_att_opcode[p_clcb->op_subtype];
88
89 if (p_clcb->s_handle > p_clcb->e_handle || p_clcb->s_handle == 0) {
90 LOG_DEBUG("Completed GATT discovery of all handle ranges");
91 gatt_end_operation(p_clcb, GATT_SUCCESS, NULL);
92 return;
93 }
94
95 tGATT_CL_MSG cl_req;
96 memset(&cl_req, 0, sizeof(tGATT_CL_MSG));
97
98 cl_req.browse.s_handle = p_clcb->s_handle;
99 cl_req.browse.e_handle = p_clcb->e_handle;
100
101 if (disc_type_to_uuid[p_clcb->op_subtype] != 0) {
102 cl_req.browse.uuid =
103 bluetooth::Uuid::From16Bit(disc_type_to_uuid[p_clcb->op_subtype]);
104 }
105
106 if (p_clcb->op_subtype ==
107 GATT_DISC_SRVC_BY_UUID) /* fill in the FindByTypeValue request info*/
108 {
109 cl_req.find_type_value.uuid =
110 bluetooth::Uuid::From16Bit(disc_type_to_uuid[p_clcb->op_subtype]);
111 cl_req.find_type_value.s_handle = p_clcb->s_handle;
112 cl_req.find_type_value.e_handle = p_clcb->e_handle;
113
114 size_t size = p_clcb->uuid.GetShortestRepresentationSize();
115 cl_req.find_type_value.value_len = size;
116 if (size == Uuid::kNumBytes16) {
117 uint8_t* p = cl_req.find_type_value.value;
118 UINT16_TO_STREAM(p, p_clcb->uuid.As16Bit());
119 } else if (size == Uuid::kNumBytes32) {
120 /* if service type is 32 bits UUID, convert it now */
121 memcpy(cl_req.find_type_value.value, p_clcb->uuid.To128BitLE().data(),
122 Uuid::kNumBytes128);
123 cl_req.find_type_value.value_len = Uuid::kNumBytes128;
124 } else
125 memcpy(cl_req.find_type_value.value, p_clcb->uuid.To128BitLE().data(),
126 size);
127 }
128
129 tGATT_STATUS st = attp_send_cl_msg(*p_clcb->p_tcb, p_clcb, op_code, &cl_req);
130 if (st != GATT_SUCCESS && st != GATT_CMD_STARTED) {
131 LOG_WARN("Unable to send ATT message");
132 gatt_end_operation(p_clcb, GATT_ERROR, NULL);
133 }
134 }
135
136 /*******************************************************************************
137 *
138 * Function gatt_act_read
139 *
140 * Description GATT read operation.
141 *
142 * Returns void.
143 *
144 ******************************************************************************/
gatt_act_read(tGATT_CLCB * p_clcb,uint16_t offset)145 void gatt_act_read(tGATT_CLCB* p_clcb, uint16_t offset) {
146 tGATT_TCB& tcb = *p_clcb->p_tcb;
147 tGATT_STATUS rt = GATT_INTERNAL_ERROR;
148 tGATT_CL_MSG msg;
149 uint8_t op_code = 0;
150
151 memset(&msg, 0, sizeof(tGATT_CL_MSG));
152
153 switch (p_clcb->op_subtype) {
154 case GATT_READ_CHAR_VALUE:
155 case GATT_READ_BY_TYPE:
156 op_code = GATT_REQ_READ_BY_TYPE;
157 msg.browse.s_handle = p_clcb->s_handle;
158 msg.browse.e_handle = p_clcb->e_handle;
159 if (p_clcb->op_subtype == GATT_READ_BY_TYPE)
160 msg.browse.uuid = p_clcb->uuid;
161 else {
162 msg.browse.uuid = bluetooth::Uuid::From16Bit(GATT_UUID_CHAR_DECLARE);
163 }
164 break;
165
166 case GATT_READ_CHAR_VALUE_HDL:
167 case GATT_READ_BY_HANDLE:
168 if (!p_clcb->counter) {
169 op_code = GATT_REQ_READ;
170 msg.handle = p_clcb->s_handle;
171 } else {
172 if (!p_clcb->first_read_blob_after_read)
173 p_clcb->first_read_blob_after_read = true;
174 else
175 p_clcb->first_read_blob_after_read = false;
176
177 VLOG(1) << __func__ << ": first_read_blob_after_read="
178 << p_clcb->first_read_blob_after_read;
179 op_code = GATT_REQ_READ_BLOB;
180 msg.read_blob.offset = offset;
181 msg.read_blob.handle = p_clcb->s_handle;
182 }
183 p_clcb->op_subtype &= ~0x80;
184 break;
185
186 case GATT_READ_PARTIAL:
187 op_code = GATT_REQ_READ_BLOB;
188 msg.read_blob.handle = p_clcb->s_handle;
189 msg.read_blob.offset = offset;
190 break;
191
192 case GATT_READ_MULTIPLE:
193 op_code = GATT_REQ_READ_MULTI;
194 memcpy(&msg.read_multi, p_clcb->p_attr_buf, sizeof(tGATT_READ_MULTI));
195 break;
196
197 case GATT_READ_INC_SRV_UUID128:
198 op_code = GATT_REQ_READ;
199 msg.handle = p_clcb->s_handle;
200 p_clcb->op_subtype &= ~0x90;
201 break;
202
203 default:
204 LOG(ERROR) << "Unknown read type:" << +p_clcb->op_subtype;
205 break;
206 }
207
208 if (op_code != 0) rt = attp_send_cl_msg(tcb, p_clcb, op_code, &msg);
209
210 if (op_code == 0 || (rt != GATT_SUCCESS && rt != GATT_CMD_STARTED)) {
211 gatt_end_operation(p_clcb, rt, NULL);
212 }
213 }
214
215 /** GATT write operation */
gatt_act_write(tGATT_CLCB * p_clcb,uint8_t sec_act)216 void gatt_act_write(tGATT_CLCB* p_clcb, uint8_t sec_act) {
217 tGATT_TCB& tcb = *p_clcb->p_tcb;
218
219 CHECK(p_clcb->p_attr_buf);
220 tGATT_VALUE& attr = *((tGATT_VALUE*)p_clcb->p_attr_buf);
221
222 uint16_t payload_size = gatt_tcb_get_payload_size_tx(tcb, p_clcb->cid);
223
224 switch (p_clcb->op_subtype) {
225 case GATT_WRITE_NO_RSP: {
226 p_clcb->s_handle = attr.handle;
227 uint8_t op_code = (sec_act == GATT_SEC_SIGN_DATA) ? GATT_SIGN_CMD_WRITE
228 : GATT_CMD_WRITE;
229 tGATT_STATUS rt = gatt_send_write_msg(tcb, p_clcb, op_code, attr.handle,
230 attr.len, 0, attr.value);
231 if (rt != GATT_CMD_STARTED) {
232 if (rt != GATT_SUCCESS) {
233 LOG(ERROR) << StringPrintf(
234 "gatt_act_write() failed op_code=0x%x rt=%d", op_code, rt);
235 }
236 gatt_end_operation(p_clcb, rt, NULL);
237 }
238 return;
239 }
240
241 case GATT_WRITE: {
242 if (attr.len <= (payload_size - GATT_HDR_SIZE)) {
243 p_clcb->s_handle = attr.handle;
244
245 tGATT_STATUS rt = gatt_send_write_msg(
246 tcb, p_clcb, GATT_REQ_WRITE, attr.handle, attr.len, 0, attr.value);
247 if (rt != GATT_SUCCESS && rt != GATT_CMD_STARTED &&
248 rt != GATT_CONGESTED) {
249 if (rt != GATT_SUCCESS) {
250 LOG(ERROR) << StringPrintf(
251 "gatt_act_write() failed op_code=0x%x rt=%d", GATT_REQ_WRITE,
252 rt);
253 }
254 gatt_end_operation(p_clcb, rt, NULL);
255 }
256
257 } else {
258 /* prepare write for long attribute */
259 gatt_send_prepare_write(tcb, p_clcb);
260 }
261 return;
262 }
263
264 case GATT_WRITE_PREPARE:
265 gatt_send_prepare_write(tcb, p_clcb);
266 return;
267
268 default:
269 CHECK(false) << "Unknown write type" << p_clcb->op_subtype;
270 return;
271 }
272 }
273 /*******************************************************************************
274 *
275 * Function gatt_send_queue_write_cancel
276 *
277 * Description send queue write cancel
278 *
279 * Returns void.
280 *
281 ******************************************************************************/
gatt_send_queue_write_cancel(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,tGATT_EXEC_FLAG flag)282 void gatt_send_queue_write_cancel(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
283 tGATT_EXEC_FLAG flag) {
284 tGATT_STATUS rt;
285
286 VLOG(1) << __func__;
287
288 tGATT_CL_MSG gatt_cl_msg;
289 gatt_cl_msg.exec_write = flag;
290 rt = attp_send_cl_msg(tcb, p_clcb, GATT_REQ_EXEC_WRITE, &gatt_cl_msg);
291
292 if (rt != GATT_SUCCESS) {
293 gatt_end_operation(p_clcb, rt, NULL);
294 }
295 }
296 /*******************************************************************************
297 *
298 * Function gatt_check_write_long_terminate
299 *
300 * Description To terminate write long or not.
301 *
302 * Returns true: write long is terminated; false keep sending.
303 *
304 ******************************************************************************/
gatt_check_write_long_terminate(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,tGATT_VALUE * p_rsp_value)305 bool gatt_check_write_long_terminate(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
306 tGATT_VALUE* p_rsp_value) {
307 tGATT_VALUE* p_attr = (tGATT_VALUE*)p_clcb->p_attr_buf;
308 bool terminate = false;
309 tGATT_EXEC_FLAG flag = GATT_PREP_WRITE_EXEC;
310
311 VLOG(1) << __func__;
312 /* check the first write response status */
313 if (p_rsp_value != NULL) {
314 if (p_rsp_value->handle != p_attr->handle ||
315 p_rsp_value->len != p_clcb->counter ||
316 memcmp(p_rsp_value->value, p_attr->value + p_attr->offset,
317 p_rsp_value->len)) {
318 /* data does not match */
319 p_clcb->status = GATT_ERROR;
320 flag = GATT_PREP_WRITE_CANCEL;
321 terminate = true;
322 } else /* response checking is good */
323 {
324 p_clcb->status = GATT_SUCCESS;
325 /* update write offset and check if end of attribute value */
326 if ((p_attr->offset += p_rsp_value->len) >= p_attr->len) terminate = true;
327 }
328 }
329 if (terminate && p_clcb->op_subtype != GATT_WRITE_PREPARE) {
330 gatt_send_queue_write_cancel(tcb, p_clcb, flag);
331 }
332 return terminate;
333 }
334
335 /** Send prepare write */
gatt_send_prepare_write(tGATT_TCB & tcb,tGATT_CLCB * p_clcb)336 void gatt_send_prepare_write(tGATT_TCB& tcb, tGATT_CLCB* p_clcb) {
337 tGATT_VALUE* p_attr = (tGATT_VALUE*)p_clcb->p_attr_buf;
338 uint8_t type = p_clcb->op_subtype;
339
340 VLOG(1) << __func__ << StringPrintf(" type=0x%x", type);
341 uint16_t to_send = p_attr->len - p_attr->offset;
342
343 uint16_t payload_size = gatt_tcb_get_payload_size_tx(tcb, p_clcb->cid);
344 if (to_send > (payload_size -
345 GATT_WRITE_LONG_HDR_SIZE)) /* 2 = uint16_t offset bytes */
346 to_send = payload_size - GATT_WRITE_LONG_HDR_SIZE;
347
348 p_clcb->s_handle = p_attr->handle;
349
350 uint16_t offset = p_attr->offset;
351 if (type == GATT_WRITE_PREPARE) {
352 offset += p_clcb->start_offset;
353 }
354
355 VLOG(1) << StringPrintf("offset =0x%x len=%d", offset, to_send);
356
357 tGATT_STATUS rt = gatt_send_write_msg(
358 tcb, p_clcb, GATT_REQ_PREPARE_WRITE, p_attr->handle, to_send, /* length */
359 offset, /* used as offset */
360 p_attr->value + p_attr->offset); /* data */
361
362 /* remember the write long attribute length */
363 p_clcb->counter = to_send;
364
365 if (rt != GATT_SUCCESS && rt != GATT_CMD_STARTED && rt != GATT_CONGESTED) {
366 gatt_end_operation(p_clcb, rt, NULL);
367 }
368 }
369
370 /*******************************************************************************
371 *
372 * Function gatt_process_find_type_value_rsp
373 *
374 * Description This function handles the find by type value response.
375 *
376 *
377 * Returns void
378 *
379 ******************************************************************************/
gatt_process_find_type_value_rsp(UNUSED_ATTR tGATT_TCB & tcb,tGATT_CLCB * p_clcb,uint16_t len,uint8_t * p_data)380 void gatt_process_find_type_value_rsp(UNUSED_ATTR tGATT_TCB& tcb,
381 tGATT_CLCB* p_clcb, uint16_t len,
382 uint8_t* p_data) {
383 tGATT_DISC_RES result;
384 uint8_t* p = p_data;
385
386 VLOG(1) << __func__;
387 /* unexpected response */
388 if (p_clcb->operation != GATTC_OPTYPE_DISCOVERY ||
389 p_clcb->op_subtype != GATT_DISC_SRVC_BY_UUID)
390 return;
391
392 memset(&result, 0, sizeof(tGATT_DISC_RES));
393 result.type = bluetooth::Uuid::From16Bit(GATT_UUID_PRI_SERVICE);
394
395 /* returns a series of handle ranges */
396 while (len >= 4) {
397 STREAM_TO_UINT16(result.handle, p);
398 STREAM_TO_UINT16(result.value.group_value.e_handle, p);
399 result.value.group_value.service_type = p_clcb->uuid;
400
401 len -= 4;
402
403 if (p_clcb->p_reg->app_cb.p_disc_res_cb)
404 (*p_clcb->p_reg->app_cb.p_disc_res_cb)(
405 p_clcb->conn_id, static_cast<tGATT_DISC_TYPE>(p_clcb->op_subtype),
406 &result);
407 }
408
409 /* last handle + 1 */
410 p_clcb->s_handle = (result.value.group_value.e_handle == 0)
411 ? 0
412 : (result.value.group_value.e_handle + 1);
413 /* initiate another request */
414 gatt_act_discovery(p_clcb);
415 }
416 /*******************************************************************************
417 *
418 * Function gatt_process_read_info_rsp
419 *
420 * Description This function is called to handle the read information
421 * response.
422 *
423 *
424 * Returns void
425 *
426 ******************************************************************************/
gatt_process_read_info_rsp(UNUSED_ATTR tGATT_TCB & tcb,tGATT_CLCB * p_clcb,UNUSED_ATTR uint8_t op_code,uint16_t len,uint8_t * p_data)427 void gatt_process_read_info_rsp(UNUSED_ATTR tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
428 UNUSED_ATTR uint8_t op_code, uint16_t len,
429 uint8_t* p_data) {
430 tGATT_DISC_RES result;
431 uint8_t *p = p_data, uuid_len = 0, type;
432
433 if (len < GATT_INFO_RSP_MIN_LEN) {
434 LOG(ERROR) << "invalid Info Response PDU received, discard.";
435 gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL);
436 return;
437 }
438 /* unexpected response */
439 if (p_clcb->operation != GATTC_OPTYPE_DISCOVERY ||
440 p_clcb->op_subtype != GATT_DISC_CHAR_DSCPT)
441 return;
442
443 STREAM_TO_UINT8(type, p);
444 len -= 1;
445
446 if (type == GATT_INFO_TYPE_PAIR_16)
447 uuid_len = Uuid::kNumBytes16;
448 else if (type == GATT_INFO_TYPE_PAIR_128)
449 uuid_len = Uuid::kNumBytes128;
450
451 while (len >= uuid_len + 2) {
452 STREAM_TO_UINT16(result.handle, p);
453
454 if (uuid_len > 0) {
455 if (!gatt_parse_uuid_from_cmd(&result.type, uuid_len, &p)) break;
456 } else
457 result.type = p_clcb->uuid;
458
459 len -= (uuid_len + 2);
460
461 if (p_clcb->p_reg->app_cb.p_disc_res_cb)
462 (*p_clcb->p_reg->app_cb.p_disc_res_cb)(
463 p_clcb->conn_id, static_cast<tGATT_DISC_TYPE>(p_clcb->op_subtype),
464 &result);
465 }
466
467 p_clcb->s_handle = (result.handle == 0) ? 0 : (result.handle + 1);
468 /* initiate another request */
469 gatt_act_discovery(p_clcb);
470 }
471 /*******************************************************************************
472 *
473 * Function gatt_proc_disc_error_rsp
474 *
475 * Description Process the read by type response and send another request
476 * if needed.
477 *
478 * Returns void.
479 *
480 ******************************************************************************/
gatt_proc_disc_error_rsp(UNUSED_ATTR tGATT_TCB & tcb,tGATT_CLCB * p_clcb,uint8_t opcode,UNUSED_ATTR uint16_t handle,uint8_t reason)481 void gatt_proc_disc_error_rsp(UNUSED_ATTR tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
482 uint8_t opcode, UNUSED_ATTR uint16_t handle,
483 uint8_t reason) {
484 tGATT_STATUS status = (tGATT_STATUS)reason;
485
486 VLOG(1) << __func__
487 << StringPrintf("reason: %02x cmd_code %04x", reason, opcode);
488
489 switch (opcode) {
490 case GATT_REQ_READ_BY_GRP_TYPE:
491 case GATT_REQ_FIND_TYPE_VALUE:
492 case GATT_REQ_READ_BY_TYPE:
493 case GATT_REQ_FIND_INFO:
494 if (reason == GATT_NOT_FOUND) {
495 status = GATT_SUCCESS;
496 VLOG(1) << "Discovery completed";
497 }
498 break;
499 default:
500 LOG(ERROR) << StringPrintf("Incorrect discovery opcode %04x", opcode);
501 break;
502 }
503
504 gatt_end_operation(p_clcb, status, NULL);
505 }
506
507 /*******************************************************************************
508 *
509 * Function gatt_process_error_rsp
510 *
511 * Description This function is called to handle the error response
512 *
513 *
514 * Returns void
515 *
516 ******************************************************************************/
gatt_process_error_rsp(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,UNUSED_ATTR uint8_t op_code,UNUSED_ATTR uint16_t len,uint8_t * p_data)517 void gatt_process_error_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
518 UNUSED_ATTR uint8_t op_code,
519 UNUSED_ATTR uint16_t len, uint8_t* p_data) {
520 uint8_t opcode, *p = p_data;
521 uint8_t reason;
522 uint16_t handle;
523 tGATT_VALUE* p_attr = (tGATT_VALUE*)p_clcb->p_attr_buf;
524
525 VLOG(1) << __func__;
526
527 if (len < 4) {
528 android_errorWriteLog(0x534e4554, "79591688");
529 LOG(ERROR) << "Error response too short";
530 // Specification does not clearly define what should happen if error
531 // response is too short. General rule in BT Spec 5.0 Vol 3, Part F 3.4.1.1
532 // is: "If an error code is received in the Error Response that is not
533 // understood by the client, for example an error code that was reserved for
534 // future use that is now being used in a future version of this
535 // specification, then the Error Response shall still be considered to state
536 // that the given request cannot be performed for an unknown reason."
537 opcode = handle = 0;
538 reason = static_cast<tGATT_STATUS>(0x7f);
539 } else {
540 STREAM_TO_UINT8(opcode, p);
541 STREAM_TO_UINT16(handle, p);
542 STREAM_TO_UINT8(reason, p);
543 }
544
545 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY) {
546 gatt_proc_disc_error_rsp(tcb, p_clcb, opcode, handle,
547 static_cast<tGATT_STATUS>(reason));
548 } else {
549 if ((p_clcb->operation == GATTC_OPTYPE_WRITE) &&
550 (p_clcb->op_subtype == GATT_WRITE) &&
551 (opcode == GATT_REQ_PREPARE_WRITE) && (p_attr) &&
552 (handle == p_attr->handle)) {
553 p_clcb->status = static_cast<tGATT_STATUS>(reason);
554 gatt_send_queue_write_cancel(tcb, p_clcb, GATT_PREP_WRITE_CANCEL);
555 } else if ((p_clcb->operation == GATTC_OPTYPE_READ) &&
556 ((p_clcb->op_subtype == GATT_READ_CHAR_VALUE_HDL) ||
557 (p_clcb->op_subtype == GATT_READ_BY_HANDLE)) &&
558 (opcode == GATT_REQ_READ_BLOB) &&
559 p_clcb->first_read_blob_after_read &&
560 (reason == GATT_NOT_LONG)) {
561 gatt_end_operation(p_clcb, GATT_SUCCESS, (void*)p_clcb->p_attr_buf);
562 } else
563 gatt_end_operation(p_clcb, static_cast<tGATT_STATUS>(reason), NULL);
564 }
565 }
566 /*******************************************************************************
567 *
568 * Function gatt_process_prep_write_rsp
569 *
570 * Description This function is called to handle the read response
571 *
572 *
573 * Returns void
574 *
575 ******************************************************************************/
gatt_process_prep_write_rsp(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,uint8_t op_code,uint16_t len,uint8_t * p_data)576 void gatt_process_prep_write_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
577 uint8_t op_code, uint16_t len,
578 uint8_t* p_data) {
579 uint8_t* p = p_data;
580
581 tGATT_VALUE value = {
582 .conn_id = p_clcb->conn_id, .auth_req = GATT_AUTH_REQ_NONE,
583 };
584
585 VLOG(1) << StringPrintf("value resp op_code = %s len = %d",
586 gatt_dbg_op_name(op_code), len);
587
588 if (len < GATT_PREP_WRITE_RSP_MIN_LEN) {
589 LOG(ERROR) << "illegal prepare write response length, discard";
590 gatt_end_operation(p_clcb, GATT_INVALID_PDU, &value);
591 return;
592 }
593
594 STREAM_TO_UINT16(value.handle, p);
595 STREAM_TO_UINT16(value.offset, p);
596
597 value.len = len - 4;
598
599 memcpy(value.value, p, value.len);
600
601 if (!gatt_check_write_long_terminate(tcb, p_clcb, &value)) {
602 gatt_send_prepare_write(tcb, p_clcb);
603 return;
604 }
605
606 if (p_clcb->op_subtype == GATT_WRITE_PREPARE) {
607 /* application should verify handle offset
608 and value are matched or not */
609 gatt_end_operation(p_clcb, p_clcb->status, &value);
610 }
611 }
612 /*******************************************************************************
613 *
614 * Function gatt_process_notification
615 *
616 * Description Handle the handle value indication/notification.
617 *
618 * Returns void
619 *
620 ******************************************************************************/
gatt_process_notification(tGATT_TCB & tcb,uint16_t cid,uint8_t op_code,uint16_t len,uint8_t * p_data)621 void gatt_process_notification(tGATT_TCB& tcb, uint16_t cid, uint8_t op_code,
622 uint16_t len, uint8_t* p_data) {
623 tGATT_VALUE value;
624 tGATT_REG* p_reg;
625 uint16_t conn_id;
626 tGATT_STATUS encrypt_status;
627 uint8_t* p = p_data;
628 uint8_t i;
629 tGATTC_OPTYPE event = (op_code == GATT_HANDLE_VALUE_IND)
630 ? GATTC_OPTYPE_INDICATION
631 : GATTC_OPTYPE_NOTIFICATION;
632
633 VLOG(1) << __func__;
634
635 if (len < GATT_NOTIFICATION_MIN_LEN) {
636 LOG(ERROR) << "illegal notification PDU length, discard";
637 return;
638 }
639
640 memset(&value, 0, sizeof(value));
641 STREAM_TO_UINT16(value.handle, p);
642
643 if (op_code == GATT_HANDLE_MULTI_VALUE_NOTIF) {
644 STREAM_TO_UINT16(value.len, p);
645 } else {
646 value.len = len - 2;
647 }
648
649 if (value.len > GATT_MAX_ATTR_LEN) {
650 LOG(ERROR) << "value.len larger than GATT_MAX_ATTR_LEN, discard";
651 return;
652 }
653
654 STREAM_TO_ARRAY(value.value, p, value.len);
655
656 if (!GATT_HANDLE_IS_VALID(value.handle)) {
657 /* illegal handle, send ack now */
658 if (op_code == GATT_HANDLE_VALUE_IND)
659 attp_send_cl_confirmation_msg(tcb, cid);
660 return;
661 }
662
663 if (event == GATTC_OPTYPE_INDICATION) {
664 if (tcb.ind_count) {
665 /* this is an error case that receiving an indication but we
666 still has an indication not being acked yet.
667 For now, just log the error reset the counter.
668 Later we need to disconnect the link unconditionally.
669 */
670 LOG(ERROR) << __func__ << " rcv Ind. but ind_count=" << tcb.ind_count
671 << " (will reset ind_count)";
672 }
673 tcb.ind_count = 0;
674 }
675
676 /* should notify all registered client with the handle value
677 notificaion/indication
678 Note: need to do the indication count and start timer first then do
679 callback
680 */
681
682 for (i = 0, p_reg = gatt_cb.cl_rcb; i < GATT_MAX_APPS; i++, p_reg++) {
683 if (p_reg->in_use && p_reg->app_cb.p_cmpl_cb &&
684 (event == GATTC_OPTYPE_INDICATION))
685 tcb.ind_count++;
686 }
687
688 if (event == GATTC_OPTYPE_INDICATION) {
689 /* start a timer for app confirmation */
690 if (tcb.ind_count > 0)
691 gatt_start_ind_ack_timer(tcb, cid);
692 else /* no app to indicate, or invalid handle */
693 attp_send_cl_confirmation_msg(tcb, cid);
694 }
695
696 encrypt_status = gatt_get_link_encrypt_status(tcb);
697
698 uint16_t rem_len = len;
699 while (rem_len) {
700 tGATT_CL_COMPLETE gatt_cl_complete;
701 gatt_cl_complete.att_value = value;
702 gatt_cl_complete.cid = cid;
703
704 for (i = 0, p_reg = gatt_cb.cl_rcb; i < GATT_MAX_APPS; i++, p_reg++) {
705 if (p_reg->in_use && p_reg->app_cb.p_cmpl_cb) {
706 conn_id = GATT_CREATE_CONN_ID(tcb.tcb_idx, p_reg->gatt_if);
707 (*p_reg->app_cb.p_cmpl_cb)(conn_id, event, encrypt_status,
708 &gatt_cl_complete);
709 }
710 }
711
712 if (op_code != GATT_HANDLE_MULTI_VALUE_NOTIF) return;
713
714 /* 4 stands for 2 octects for handle and 2 octecs for len */
715 rem_len -= (4 + value.len);
716 if (rem_len) {
717 STREAM_TO_UINT16(value.handle, p);
718 STREAM_TO_UINT16(value.len, p);
719 STREAM_TO_ARRAY(value.value, p, value.len);
720 }
721 }
722 }
723
724 /*******************************************************************************
725 *
726 * Function gatt_process_read_by_type_rsp
727 *
728 * Description This function is called to handle the read by type response.
729 * read by type can be used for discovery, or read by type or
730 * read characteristic value.
731 *
732 * Returns void
733 *
734 ******************************************************************************/
gatt_process_read_by_type_rsp(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,uint8_t op_code,uint16_t len,uint8_t * p_data)735 void gatt_process_read_by_type_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
736 uint8_t op_code, uint16_t len,
737 uint8_t* p_data) {
738 tGATT_DISC_RES result;
739 tGATT_DISC_VALUE record_value;
740 uint8_t *p = p_data, value_len, handle_len = 2;
741 uint16_t handle = 0;
742
743 /* discovery procedure and no callback function registered */
744 if (((!p_clcb->p_reg) || (!p_clcb->p_reg->app_cb.p_disc_res_cb)) &&
745 (p_clcb->operation == GATTC_OPTYPE_DISCOVERY))
746 return;
747
748 if (len < GATT_READ_BY_TYPE_RSP_MIN_LEN) {
749 LOG(ERROR) << "Illegal ReadByType/ReadByGroupType Response length, discard";
750 gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL);
751 return;
752 }
753
754 STREAM_TO_UINT8(value_len, p);
755 uint16_t payload_size = gatt_tcb_get_payload_size_rx(tcb, p_clcb->cid);
756 if ((value_len > (payload_size - 2)) || (value_len > (len - 1))) {
757 /* this is an error case that server's response containing a value length
758 which is larger than MTU-2
759 or value_len > message total length -1 */
760 LOG(ERROR) << __func__
761 << StringPrintf(
762 ": Discard response op_code=%d "
763 "vale_len=%d > (MTU-2=%d or msg_len-1=%d)",
764 op_code, value_len, (payload_size - 2), (len - 1));
765 gatt_end_operation(p_clcb, GATT_ERROR, NULL);
766 return;
767 }
768
769 if (op_code == GATT_RSP_READ_BY_GRP_TYPE) handle_len = 4;
770
771 value_len -= handle_len; /* substract the handle pairs bytes */
772 len -= 1;
773
774 while (len >= (handle_len + value_len)) {
775 STREAM_TO_UINT16(handle, p);
776
777 if (!GATT_HANDLE_IS_VALID(handle)) {
778 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
779 return;
780 }
781
782 memset(&result, 0, sizeof(tGATT_DISC_RES));
783 memset(&record_value, 0, sizeof(tGATT_DISC_VALUE));
784
785 result.handle = handle;
786 result.type =
787 bluetooth::Uuid::From16Bit(disc_type_to_uuid[p_clcb->op_subtype]);
788
789 /* discover all services */
790 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
791 p_clcb->op_subtype == GATT_DISC_SRVC_ALL &&
792 op_code == GATT_RSP_READ_BY_GRP_TYPE) {
793 STREAM_TO_UINT16(handle, p);
794
795 if (!GATT_HANDLE_IS_VALID(handle)) {
796 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
797 return;
798 } else {
799 record_value.group_value.e_handle = handle;
800 if (!gatt_parse_uuid_from_cmd(&record_value.group_value.service_type,
801 value_len, &p)) {
802 LOG(ERROR) << "discover all service response parsing failure";
803 break;
804 }
805 }
806 }
807 /* discover included service */
808 else if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
809 p_clcb->op_subtype == GATT_DISC_INC_SRVC) {
810 if (value_len < 4) {
811 android_errorWriteLog(0x534e4554, "158833854");
812 LOG(ERROR) << __func__ << " Illegal Response length, must be at least 4.";
813 gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL);
814 return;
815 }
816 STREAM_TO_UINT16(record_value.incl_service.s_handle, p);
817 STREAM_TO_UINT16(record_value.incl_service.e_handle, p);
818
819 if (!GATT_HANDLE_IS_VALID(record_value.incl_service.s_handle) ||
820 !GATT_HANDLE_IS_VALID(record_value.incl_service.e_handle)) {
821 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
822 return;
823 }
824
825 if (value_len == 6) {
826 uint16_t tmp;
827 STREAM_TO_UINT16(tmp, p);
828 record_value.incl_service.service_type =
829 bluetooth::Uuid::From16Bit(tmp);
830 } else if (value_len == 4) {
831 p_clcb->s_handle = record_value.incl_service.s_handle;
832 p_clcb->read_uuid128.wait_for_read_rsp = true;
833 p_clcb->read_uuid128.next_disc_start_hdl = handle + 1;
834 memcpy(&p_clcb->read_uuid128.result, &result, sizeof(result));
835 memcpy(&p_clcb->read_uuid128.result.value, &record_value,
836 sizeof(result.value));
837 p_clcb->op_subtype |= 0x90;
838 gatt_act_read(p_clcb, 0);
839 return;
840 } else {
841 LOG(ERROR) << __func__
842 << ": INCL_SRVC failed with invalid data value_len="
843 << +value_len;
844 gatt_end_operation(p_clcb, GATT_INVALID_PDU, (void*)p);
845 return;
846 }
847 }
848 /* read by type */
849 else if (p_clcb->operation == GATTC_OPTYPE_READ &&
850 p_clcb->op_subtype == GATT_READ_BY_TYPE) {
851 p_clcb->counter = len - 2;
852 p_clcb->s_handle = handle;
853 if (p_clcb->counter == (payload_size - 4)) {
854 p_clcb->op_subtype = GATT_READ_BY_HANDLE;
855 if (!p_clcb->p_attr_buf)
856 p_clcb->p_attr_buf = (uint8_t*)osi_malloc(GATT_MAX_ATTR_LEN);
857 if (p_clcb->counter <= GATT_MAX_ATTR_LEN) {
858 memcpy(p_clcb->p_attr_buf, p, p_clcb->counter);
859 gatt_act_read(p_clcb, p_clcb->counter);
860 } else {
861 gatt_end_operation(p_clcb, GATT_INTERNAL_ERROR, (void*)p);
862 }
863 } else {
864 gatt_end_operation(p_clcb, GATT_SUCCESS, (void*)p);
865 }
866 return;
867 } else /* discover characterisitic */
868 {
869 if (value_len < 3) {
870 android_errorWriteLog(0x534e4554, "158778659");
871 LOG(ERROR) << __func__ << " Illegal Response length, must be at least 3.";
872 gatt_end_operation(p_clcb, GATT_INVALID_PDU, NULL);
873 return;
874 }
875 STREAM_TO_UINT8(record_value.dclr_value.char_prop, p);
876 STREAM_TO_UINT16(record_value.dclr_value.val_handle, p);
877 if (!GATT_HANDLE_IS_VALID(record_value.dclr_value.val_handle)) {
878 gatt_end_operation(p_clcb, GATT_INVALID_HANDLE, NULL);
879 return;
880 }
881 if (!gatt_parse_uuid_from_cmd(&record_value.dclr_value.char_uuid,
882 (uint16_t)(value_len - 3), &p)) {
883 gatt_end_operation(p_clcb, GATT_SUCCESS, NULL);
884 /* invalid format, and skip the result */
885 return;
886 }
887
888 /* UUID not matching */
889 if (!p_clcb->uuid.IsEmpty() &&
890 !record_value.dclr_value.char_uuid.IsEmpty() &&
891 record_value.dclr_value.char_uuid != p_clcb->uuid) {
892 len -= (value_len + 2);
893 continue; /* skip the result, and look for next one */
894 }
895
896 if (p_clcb->operation == GATTC_OPTYPE_READ)
897 /* UUID match for read characteristic value */
898 {
899 /* only read the first matching UUID characteristic value, and
900 discard the rest results */
901 p_clcb->s_handle = record_value.dclr_value.val_handle;
902 p_clcb->op_subtype |= 0x80;
903 gatt_act_read(p_clcb, 0);
904 return;
905 }
906 }
907 len -= (value_len + handle_len);
908
909 /* result is (handle, 16bits UUID) pairs */
910 memcpy(&result.value, &record_value, sizeof(result.value));
911
912 /* send callback if is discover procedure */
913 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
914 p_clcb->p_reg->app_cb.p_disc_res_cb)
915 (*p_clcb->p_reg->app_cb.p_disc_res_cb)(
916 p_clcb->conn_id, static_cast<tGATT_DISC_TYPE>(p_clcb->op_subtype),
917 &result);
918 }
919
920 p_clcb->s_handle = (handle == 0) ? 0 : (handle + 1);
921
922 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY) {
923 /* initiate another request */
924 gatt_act_discovery(p_clcb);
925 } else /* read characteristic value */
926 {
927 gatt_act_read(p_clcb, 0);
928 }
929 }
930
931 /*******************************************************************************
932 *
933 * Function gatt_process_read_rsp
934 *
935 * Description This function is called to handle the read BLOB response
936 *
937 *
938 * Returns void
939 *
940 ******************************************************************************/
gatt_process_read_rsp(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,UNUSED_ATTR uint8_t op_code,uint16_t len,uint8_t * p_data)941 void gatt_process_read_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
942 UNUSED_ATTR uint8_t op_code, uint16_t len,
943 uint8_t* p_data) {
944 uint16_t offset = p_clcb->counter;
945 uint8_t* p = p_data;
946
947 uint16_t payload_size = gatt_tcb_get_payload_size_rx(tcb, p_clcb->cid);
948
949 if (p_clcb->operation == GATTC_OPTYPE_READ) {
950 if (p_clcb->op_subtype != GATT_READ_BY_HANDLE) {
951 p_clcb->counter = len;
952 gatt_end_operation(p_clcb, GATT_SUCCESS, (void*)p);
953 } else {
954 /* allocate GKI buffer holding up long attribute value */
955 if (!p_clcb->p_attr_buf)
956 p_clcb->p_attr_buf = (uint8_t*)osi_malloc(GATT_MAX_ATTR_LEN);
957
958 /* copy attrobute value into cb buffer */
959 if (offset < GATT_MAX_ATTR_LEN) {
960 if ((len + offset) > GATT_MAX_ATTR_LEN)
961 len = GATT_MAX_ATTR_LEN - offset;
962
963 p_clcb->counter += len;
964
965 memcpy(p_clcb->p_attr_buf + offset, p, len);
966
967 /* full packet for read or read blob rsp */
968 bool packet_is_full;
969 if (payload_size == p_clcb->read_req_current_mtu) {
970 packet_is_full = (len == (payload_size - 1));
971 } else {
972 packet_is_full = (len == (p_clcb->read_req_current_mtu - 1) ||
973 len == (payload_size - 1));
974 p_clcb->read_req_current_mtu = payload_size;
975 }
976
977 /* send next request if needed */
978 if (packet_is_full && (len + offset < GATT_MAX_ATTR_LEN)) {
979 VLOG(1) << StringPrintf(
980 "full pkt issue read blob for remianing bytes old offset=%d "
981 "len=%d new offset=%d",
982 offset, len, p_clcb->counter);
983 gatt_act_read(p_clcb, p_clcb->counter);
984 } else /* end of request, send callback */
985 {
986 gatt_end_operation(p_clcb, GATT_SUCCESS, (void*)p_clcb->p_attr_buf);
987 }
988 } else /* exception, should not happen */
989 {
990 LOG(ERROR) << "attr offset = " << +offset
991 << " p_attr_buf = " << p_clcb->p_attr_buf;
992 gatt_end_operation(p_clcb, GATT_NO_RESOURCES,
993 (void*)p_clcb->p_attr_buf);
994 }
995 }
996 } else {
997 if (p_clcb->operation == GATTC_OPTYPE_DISCOVERY &&
998 p_clcb->op_subtype == GATT_DISC_INC_SRVC &&
999 p_clcb->read_uuid128.wait_for_read_rsp) {
1000 p_clcb->s_handle = p_clcb->read_uuid128.next_disc_start_hdl;
1001 p_clcb->read_uuid128.wait_for_read_rsp = false;
1002 if (len == Uuid::kNumBytes128) {
1003 p_clcb->read_uuid128.result.value.incl_service.service_type =
1004 bluetooth::Uuid::From128BitLE(p);
1005 if (p_clcb->p_reg->app_cb.p_disc_res_cb)
1006 (*p_clcb->p_reg->app_cb.p_disc_res_cb)(
1007 p_clcb->conn_id, static_cast<tGATT_DISC_TYPE>(p_clcb->op_subtype),
1008 &p_clcb->read_uuid128.result);
1009 gatt_act_discovery(p_clcb);
1010 } else {
1011 gatt_end_operation(p_clcb, GATT_INVALID_PDU, (void*)p);
1012 }
1013 }
1014 }
1015 }
1016
1017 /*******************************************************************************
1018 *
1019 * Function gatt_process_handle_rsp
1020 *
1021 * Description This function is called to handle the write response
1022 *
1023 *
1024 * Returns void
1025 *
1026 ******************************************************************************/
gatt_process_handle_rsp(tGATT_CLCB * p_clcb)1027 void gatt_process_handle_rsp(tGATT_CLCB* p_clcb) {
1028 gatt_end_operation(p_clcb, GATT_SUCCESS, NULL);
1029 }
1030 /*******************************************************************************
1031 *
1032 * Function gatt_process_mtu_rsp
1033 *
1034 * Description Process the configure MTU response.
1035 *
1036 *
1037 * Returns void
1038 *
1039 ******************************************************************************/
gatt_process_mtu_rsp(tGATT_TCB & tcb,tGATT_CLCB * p_clcb,uint16_t len,uint8_t * p_data)1040 void gatt_process_mtu_rsp(tGATT_TCB& tcb, tGATT_CLCB* p_clcb, uint16_t len,
1041 uint8_t* p_data) {
1042 uint16_t mtu;
1043 tGATT_STATUS status = GATT_SUCCESS;
1044
1045 if (len < GATT_MTU_RSP_MIN_LEN) {
1046 LOG(ERROR) << "invalid MTU response PDU received, discard.";
1047 status = GATT_INVALID_PDU;
1048 } else {
1049 STREAM_TO_UINT16(mtu, p_data);
1050
1051 if (mtu < tcb.payload_size && mtu >= GATT_DEF_BLE_MTU_SIZE)
1052 tcb.payload_size = mtu;
1053 }
1054
1055 BTM_SetBleDataLength(tcb.peer_bda, tcb.payload_size);
1056
1057 gatt_end_operation(p_clcb, status, NULL);
1058 }
1059 /*******************************************************************************
1060 *
1061 * Function gatt_cmd_to_rsp_code
1062 *
1063 * Description Convert an ATT command op code into the corresponding
1064 * response code assume no error occurs.
1065 *
1066 * Returns response code.
1067 *
1068 ******************************************************************************/
gatt_cmd_to_rsp_code(uint8_t cmd_code)1069 uint8_t gatt_cmd_to_rsp_code(uint8_t cmd_code) {
1070 uint8_t rsp_code = 0;
1071
1072 if (cmd_code > 1 && cmd_code != GATT_CMD_WRITE) {
1073 rsp_code = cmd_code + 1;
1074 }
1075 return rsp_code;
1076 }
1077
1078 /** Find next command in queue and sent to server */
gatt_cl_send_next_cmd_inq(tGATT_TCB & tcb)1079 bool gatt_cl_send_next_cmd_inq(tGATT_TCB& tcb) {
1080 std::queue<tGATT_CMD_Q>* cl_cmd_q;
1081
1082 while (!tcb.cl_cmd_q.empty() ||
1083 EattExtension::GetInstance()->IsOutstandingMsgInSendQueue(tcb.peer_bda)) {
1084 if (!tcb.cl_cmd_q.empty()) {
1085 cl_cmd_q = &tcb.cl_cmd_q;
1086 } else {
1087 EattChannel* channel =
1088 EattExtension::GetInstance()->GetChannelWithQueuedData(tcb.peer_bda);
1089 cl_cmd_q = &channel->cl_cmd_q_;
1090 }
1091
1092 tGATT_CMD_Q& cmd = cl_cmd_q->front();
1093 if (!cmd.to_send || cmd.p_cmd == NULL) {
1094 return false;
1095 }
1096
1097 tGATT_STATUS att_ret;
1098 att_ret = attp_send_msg_to_l2cap(tcb, cmd.cid, cmd.p_cmd);
1099
1100 if (att_ret != GATT_SUCCESS && att_ret != GATT_CONGESTED) {
1101 LOG(ERROR) << __func__ << ": L2CAP sent error";
1102 cl_cmd_q->pop();
1103 continue;
1104 }
1105
1106 cmd.to_send = false;
1107 cmd.p_cmd = NULL;
1108
1109 if (cmd.op_code == GATT_CMD_WRITE || cmd.op_code == GATT_SIGN_CMD_WRITE) {
1110 /* dequeue the request if is write command or sign write */
1111 uint8_t rsp_code;
1112 tGATT_CLCB* p_clcb = gatt_cmd_dequeue(tcb, cmd.cid, &rsp_code);
1113
1114 /* send command complete callback here */
1115 gatt_end_operation(p_clcb, att_ret, NULL);
1116
1117 /* if no ack needed, keep sending */
1118 if (att_ret == GATT_SUCCESS) continue;
1119
1120 return true;
1121 }
1122
1123 gatt_start_rsp_timer(cmd.p_clcb);
1124 return true;
1125 }
1126
1127 return false;
1128 }
1129
1130 /** This function is called to handle the server response to client */
gatt_client_handle_server_rsp(tGATT_TCB & tcb,uint16_t cid,uint8_t op_code,uint16_t len,uint8_t * p_data)1131 void gatt_client_handle_server_rsp(tGATT_TCB& tcb, uint16_t cid,
1132 uint8_t op_code, uint16_t len,
1133 uint8_t* p_data) {
1134 VLOG(1) << __func__ << " opcode: " << loghex(op_code);
1135
1136 uint16_t payload_size = gatt_tcb_get_payload_size_rx(tcb, cid);
1137
1138 if (op_code == GATT_HANDLE_VALUE_IND || op_code == GATT_HANDLE_VALUE_NOTIF ||
1139 op_code == GATT_HANDLE_MULTI_VALUE_NOTIF) {
1140 if (len >= payload_size) {
1141 LOG(ERROR) << StringPrintf(
1142 "%s: invalid indicate pkt size: %d, PDU size: %d", __func__, len + 1,
1143 payload_size);
1144 return;
1145 }
1146
1147 gatt_process_notification(tcb, cid, op_code, len, p_data);
1148 return;
1149 }
1150
1151 uint8_t cmd_code = 0;
1152 tGATT_CLCB* p_clcb = gatt_cmd_dequeue(tcb, cid, &cmd_code);
1153 uint8_t rsp_code = gatt_cmd_to_rsp_code(cmd_code);
1154 if (!p_clcb || (rsp_code != op_code && op_code != GATT_RSP_ERROR)) {
1155 LOG(WARNING) << StringPrintf(
1156 "ATT - Ignore wrong response. Receives (%02x) Request(%02x) Ignored",
1157 op_code, rsp_code);
1158 return;
1159 }
1160
1161 if (!p_clcb->in_use) {
1162 LOG(WARNING) << "ATT - clcb already not in use, ignoring response";
1163 gatt_cl_send_next_cmd_inq(tcb);
1164 return;
1165 }
1166
1167 gatt_stop_rsp_timer(p_clcb);
1168 p_clcb->retry_count = 0;
1169
1170 /* the size of the message may not be bigger than the local max PDU size*/
1171 /* The message has to be smaller than the agreed MTU, len does not count
1172 * op_code */
1173 if (len >= payload_size) {
1174 LOG(ERROR) << StringPrintf(
1175 "%s: invalid response pkt size: %d, PDU size: %d", __func__, len + 1,
1176 payload_size);
1177 gatt_end_operation(p_clcb, GATT_ERROR, NULL);
1178 } else {
1179 switch (op_code) {
1180 case GATT_RSP_ERROR:
1181 gatt_process_error_rsp(tcb, p_clcb, op_code, len, p_data);
1182 break;
1183
1184 case GATT_RSP_MTU: /* 2 bytes mtu */
1185 gatt_process_mtu_rsp(tcb, p_clcb, len, p_data);
1186 break;
1187
1188 case GATT_RSP_FIND_INFO:
1189 gatt_process_read_info_rsp(tcb, p_clcb, op_code, len, p_data);
1190 break;
1191
1192 case GATT_RSP_READ_BY_TYPE:
1193 case GATT_RSP_READ_BY_GRP_TYPE:
1194 gatt_process_read_by_type_rsp(tcb, p_clcb, op_code, len, p_data);
1195 break;
1196
1197 case GATT_RSP_READ:
1198 case GATT_RSP_READ_BLOB:
1199 case GATT_RSP_READ_MULTI:
1200 case GATT_RSP_READ_MULTI_VAR:
1201 gatt_process_read_rsp(tcb, p_clcb, op_code, len, p_data);
1202 break;
1203
1204 case GATT_RSP_FIND_TYPE_VALUE: /* disc service with UUID */
1205 gatt_process_find_type_value_rsp(tcb, p_clcb, len, p_data);
1206 break;
1207
1208 case GATT_RSP_WRITE:
1209 gatt_process_handle_rsp(p_clcb);
1210 break;
1211
1212 case GATT_RSP_PREPARE_WRITE:
1213 gatt_process_prep_write_rsp(tcb, p_clcb, op_code, len, p_data);
1214 break;
1215
1216 case GATT_RSP_EXEC_WRITE:
1217 gatt_end_operation(p_clcb, p_clcb->status, NULL);
1218 break;
1219
1220 default:
1221 LOG(ERROR) << __func__ << ": Unknown opcode = " << std::hex << op_code;
1222 break;
1223 }
1224 }
1225
1226 gatt_cl_send_next_cmd_inq(tcb);
1227 }
1228