1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains GATT database building and query functions
22 *
23 ******************************************************************************/
24
25 #include "bt_target.h"
26
27 #include "bt_trace.h"
28 #include "bt_utils.h"
29
30 #include <stdio.h>
31 #include <string.h>
32 #include "gatt_int.h"
33 #include "l2c_api.h"
34 #include "osi/include/osi.h"
35 #include "stack/btm/btm_ble_int.h"
36 #include "stack/btm/btm_sec.h"
37 #include "stack/include/acl_api.h"
38
39 using base::StringPrintf;
40 using bluetooth::Uuid;
41
42 /*******************************************************************************
43 * L O C A L F U N C T I O N P R O T O T Y P E S *
44 ******************************************************************************/
45 static tGATT_ATTR& allocate_attr_in_db(tGATT_SVC_DB& db, const Uuid& uuid,
46 tGATT_PERM perm);
47 static tGATT_STATUS gatts_send_app_read_request(
48 tGATT_TCB& tcb, uint16_t cid, uint8_t op_code, uint16_t handle,
49 uint16_t offset, uint32_t trans_id, bt_gatt_db_attribute_type_t gatt_type);
50
51 /**
52 * Initialize a memory space to be a service database.
53 */
gatts_init_service_db(tGATT_SVC_DB & db,const Uuid & service_uuid,bool is_pri,uint16_t s_hdl,uint16_t num_handle)54 void gatts_init_service_db(tGATT_SVC_DB& db, const Uuid& service_uuid,
55 bool is_pri, uint16_t s_hdl, uint16_t num_handle) {
56 db.attr_list.reserve(num_handle);
57
58 VLOG(1) << StringPrintf("%s: s_hdl= %d num_handle= %d", __func__, s_hdl,
59 num_handle);
60
61 /* update service database information */
62 db.next_handle = s_hdl;
63 db.end_handle = s_hdl + num_handle;
64
65 /* add service declration record */
66 Uuid uuid =
67 Uuid::From16Bit(is_pri ? GATT_UUID_PRI_SERVICE : GATT_UUID_SEC_SERVICE);
68 tGATT_ATTR& attr = allocate_attr_in_db(db, uuid, GATT_PERM_READ);
69 attr.p_value.reset(new tGATT_ATTR_VALUE);
70 attr.p_value->uuid = service_uuid;
71 }
72
gatts_get_service_uuid(tGATT_SVC_DB * p_db)73 Uuid* gatts_get_service_uuid(tGATT_SVC_DB* p_db) {
74 if (!p_db || p_db->attr_list.empty()) {
75 LOG(ERROR) << "service DB empty";
76 return NULL;
77 } else {
78 return &p_db->attr_list[0].p_value->uuid;
79 }
80 }
81
82 /** Check attribute readability. Returns status of operation. */
gatts_check_attr_readability(const tGATT_ATTR & attr,UNUSED_ATTR uint16_t offset,bool read_long,tGATT_SEC_FLAG sec_flag,uint8_t key_size)83 static tGATT_STATUS gatts_check_attr_readability(const tGATT_ATTR& attr,
84 UNUSED_ATTR uint16_t offset,
85 bool read_long,
86 tGATT_SEC_FLAG sec_flag,
87 uint8_t key_size) {
88 uint16_t min_key_size;
89 tGATT_PERM perm = attr.permission;
90
91 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
92 if (min_key_size != 0) {
93 min_key_size += 6;
94 }
95
96 if (!(perm & GATT_READ_ALLOWED)) {
97 LOG(ERROR) << __func__ << ": GATT_READ_NOT_PERMIT";
98 return GATT_READ_NOT_PERMIT;
99 }
100
101 if ((perm & GATT_READ_AUTH_REQUIRED) &&
102 !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
103 !(sec_flag & BTM_SEC_FLAG_ENCRYPTED)) {
104 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION";
105 return GATT_INSUF_AUTHENTICATION;
106 }
107
108 if ((perm & GATT_READ_MITM_REQUIRED) &&
109 !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) {
110 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM Required";
111 return GATT_INSUF_AUTHENTICATION;
112 }
113
114 if ((perm & GATT_READ_ENCRYPTED_REQUIRED) &&
115 !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
116 LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION";
117 return GATT_INSUF_ENCRYPTION;
118 }
119
120 if ((perm & GATT_READ_ENCRYPTED_REQUIRED) &&
121 (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) {
122 LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE";
123 return GATT_INSUF_KEY_SIZE;
124 }
125
126 if (read_long && attr.uuid.Is16Bit()) {
127 switch (attr.uuid.As16Bit()) {
128 case GATT_UUID_PRI_SERVICE:
129 case GATT_UUID_SEC_SERVICE:
130 case GATT_UUID_CHAR_DECLARE:
131 case GATT_UUID_INCLUDE_SERVICE:
132 case GATT_UUID_CHAR_EXT_PROP:
133 case GATT_UUID_CHAR_CLIENT_CONFIG:
134 case GATT_UUID_CHAR_SRVR_CONFIG:
135 case GATT_UUID_CHAR_PRESENT_FORMAT:
136 LOG(ERROR) << __func__ << ": GATT_NOT_LONG";
137 return GATT_NOT_LONG;
138
139 default:
140 break;
141 }
142 }
143
144 return GATT_SUCCESS;
145 }
146
147 /*******************************************************************************
148 *
149 * Function read_attr_value
150 *
151 * Description Utility function to read an attribute value.
152 *
153 * Parameter attr16: pointer to the attribute to read.
154 * offset: read offset.
155 * p_data: output parameter to carry out the attribute value.
156 * read_long: this is a read blob request.
157 * mtu: MTU
158 * p_len: output parameter to carry out the attribute length.
159 * sec_flag: current link security status.
160 * key_size: encryption key size.
161 *
162 * Returns status of operation.
163 *
164 ******************************************************************************/
read_attr_value(tGATT_ATTR & attr16,uint16_t offset,uint8_t ** p_data,bool read_long,uint16_t mtu,uint16_t * p_len,tGATT_SEC_FLAG sec_flag,uint8_t key_size)165 static tGATT_STATUS read_attr_value(tGATT_ATTR& attr16, uint16_t offset,
166 uint8_t** p_data, bool read_long,
167 uint16_t mtu, uint16_t* p_len,
168 tGATT_SEC_FLAG sec_flag, uint8_t key_size) {
169 uint8_t* p = *p_data;
170
171 VLOG(1) << __func__ << " uuid=" << attr16.uuid
172 << StringPrintf(" perm=0x%02x sec_flag=0x%x offset=%d read_long=%d",
173 attr16.permission, sec_flag, offset, read_long);
174
175 tGATT_STATUS status = gatts_check_attr_readability(attr16, offset, read_long,
176 sec_flag, key_size);
177 if (status != GATT_SUCCESS) return status;
178
179 if (!attr16.uuid.Is16Bit()) {
180 /* characteristic description or characteristic value */
181 return GATT_PENDING;
182 }
183
184 uint16_t uuid16 = attr16.uuid.As16Bit();
185
186 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE) {
187 *p_len = gatt_build_uuid_to_stream_len(attr16.p_value->uuid);
188 if (mtu < *p_len) return GATT_NO_RESOURCES;
189
190 gatt_build_uuid_to_stream(&p, attr16.p_value->uuid);
191 *p_data = p;
192 return GATT_SUCCESS;
193 }
194
195 if (uuid16 == GATT_UUID_CHAR_DECLARE) {
196 tGATT_ATTR* val_attr = &attr16 + 1;
197 uint8_t val_len = val_attr->uuid.GetShortestRepresentationSize();
198 *p_len = (val_len == Uuid::kNumBytes16) ? 5 : 19;
199
200 if (mtu < *p_len) return GATT_NO_RESOURCES;
201
202 UINT8_TO_STREAM(p, attr16.p_value->char_decl.property);
203 UINT16_TO_STREAM(p, attr16.p_value->char_decl.char_val_handle);
204
205 if (val_len == Uuid::kNumBytes16) {
206 UINT16_TO_STREAM(p, val_attr->uuid.As16Bit());
207 } else {
208 /* if 32 bit UUID, convert to 128 bit */
209 ARRAY_TO_STREAM(p, val_attr->uuid.To128BitLE(), (int)Uuid::kNumBytes128);
210 }
211 *p_data = p;
212 return GATT_SUCCESS;
213 }
214
215 if (uuid16 == GATT_UUID_INCLUDE_SERVICE) {
216 tGATT_INCL_SRVC& incl_handle = attr16.p_value->incl_handle;
217 if (incl_handle.service_type.Is16Bit())
218 *p_len = 6;
219 else
220 *p_len = 4;
221
222 if (mtu < *p_len) return GATT_NO_RESOURCES;
223
224 UINT16_TO_STREAM(p, incl_handle.s_handle);
225 UINT16_TO_STREAM(p, incl_handle.e_handle);
226
227 if (incl_handle.service_type.Is16Bit()) {
228 UINT16_TO_STREAM(p, incl_handle.service_type.As16Bit());
229 }
230 *p_data = p;
231 return GATT_SUCCESS;
232 }
233
234 if (uuid16 == GATT_UUID_CHAR_EXT_PROP) {
235 // sometimes this descriptor is added by users manually, we need to check if
236 // the p_value is nullptr.
237 uint16_t char_ext_prop =
238 attr16.p_value ? attr16.p_value->char_ext_prop : 0x0000;
239 *p_len = 2;
240 UINT16_TO_STREAM(p, char_ext_prop);
241 *p_data = p;
242 return GATT_SUCCESS;
243 }
244
245 /* characteristic descriptor or characteristic value (again) */
246 return GATT_PENDING;
247 }
248
249 /*******************************************************************************
250 *
251 * Function gatts_db_read_attr_value_by_type
252 *
253 * Description Query attribute value by attribute type.
254 *
255 * Parameter p_db: pointer to the attribute database.
256 * p_rsp: Read By type response data.
257 * s_handle: starting handle of the range we are looking for.
258 * e_handle: ending handle of the range we are looking for.
259 * type: Attribute type.
260 * mtu: MTU.
261 * sec_flag: current link security status.
262 * key_size: encryption key size.
263 *
264 * Returns Status of the operation.
265 *
266 ******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB & tcb,uint16_t cid,tGATT_SVC_DB * p_db,uint8_t op_code,BT_HDR * p_rsp,uint16_t s_handle,uint16_t e_handle,const Uuid & type,uint16_t * p_len,tGATT_SEC_FLAG sec_flag,uint8_t key_size,uint32_t trans_id,uint16_t * p_cur_handle)267 tGATT_STATUS gatts_db_read_attr_value_by_type(
268 tGATT_TCB& tcb, uint16_t cid, tGATT_SVC_DB* p_db, uint8_t op_code,
269 BT_HDR* p_rsp, uint16_t s_handle, uint16_t e_handle, const Uuid& type,
270 uint16_t* p_len, tGATT_SEC_FLAG sec_flag, uint8_t key_size,
271 uint32_t trans_id, uint16_t* p_cur_handle) {
272 tGATT_STATUS status = GATT_NOT_FOUND;
273 uint16_t len = 0;
274 uint8_t* p = (uint8_t*)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
275
276 if (p_db) {
277 for (tGATT_ATTR& attr : p_db->attr_list) {
278 if (attr.handle >= s_handle && type == attr.uuid) {
279 if (*p_len <= 2) {
280 status = GATT_NO_RESOURCES;
281 break;
282 }
283
284 UINT16_TO_STREAM(p, attr.handle);
285
286 status = read_attr_value(attr, 0, &p, false, (uint16_t)(*p_len - 2),
287 &len, sec_flag, key_size);
288
289 if (status == GATT_PENDING) {
290 status = gatts_send_app_read_request(tcb, cid, op_code, attr.handle,
291 0, trans_id, attr.gatt_type);
292
293 /* one callback at a time */
294 break;
295 } else if (status == GATT_SUCCESS) {
296 if (p_rsp->offset == 0) p_rsp->offset = len + 2;
297
298 if (p_rsp->offset == len + 2) {
299 p_rsp->len += (len + 2);
300 *p_len -= (len + 2);
301 } else {
302 LOG(ERROR) << "format mismatch";
303 status = GATT_NO_RESOURCES;
304 break;
305 }
306 } else {
307 *p_cur_handle = attr.handle;
308 break;
309 }
310 }
311 }
312 }
313
314 return status;
315 }
316
317 /**
318 * This function adds an included service into a database.
319 *
320 * Parameter db: database pointer.
321 * inc_srvc_type: included service type.
322 *
323 * Returns Status of the operation.
324 *
325 */
gatts_add_included_service(tGATT_SVC_DB & db,uint16_t s_handle,uint16_t e_handle,const Uuid & service)326 uint16_t gatts_add_included_service(tGATT_SVC_DB& db, uint16_t s_handle,
327 uint16_t e_handle, const Uuid& service) {
328 Uuid uuid = Uuid::From16Bit(GATT_UUID_INCLUDE_SERVICE);
329
330 VLOG(1) << __func__
331 << StringPrintf(": s_hdl=0x%04x e_hdl=0x%04x ", s_handle, e_handle)
332 << "service uuid = " << service;
333
334 if (service.IsEmpty() || s_handle == 0 || e_handle == 0) {
335 LOG(ERROR) << __func__ << ": Illegal Params.";
336 return 0;
337 }
338
339 tGATT_ATTR& attr = allocate_attr_in_db(db, uuid, GATT_PERM_READ);
340
341 attr.p_value.reset(new tGATT_ATTR_VALUE);
342 attr.p_value->incl_handle.s_handle = s_handle;
343 attr.p_value->incl_handle.e_handle = e_handle;
344 attr.p_value->incl_handle.service_type = service;
345
346 return attr.handle;
347 }
348
349 /*******************************************************************************
350 *
351 * Function gatts_add_characteristic
352 *
353 * Description This function add a characteristics and its descriptor into
354 * a servce identified by the service database pointer.
355 *
356 * Parameter db: database.
357 * perm: permission (authentication and key size requirements)
358 * property: property of the characteristic.
359 * extended_properties: characteristic extended properties.
360 * p_char: characteristic value information.
361 *
362 * Returns Status of te operation.
363 *
364 ******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB & db,tGATT_PERM perm,tGATT_CHAR_PROP property,const Uuid & char_uuid)365 uint16_t gatts_add_characteristic(tGATT_SVC_DB& db, tGATT_PERM perm,
366 tGATT_CHAR_PROP property,
367 const Uuid& char_uuid) {
368 Uuid uuid = Uuid::From16Bit(GATT_UUID_CHAR_DECLARE);
369
370 VLOG(1) << StringPrintf("%s: perm=0x%0x property=0x%0x", __func__, perm,
371 property);
372
373 tGATT_ATTR& char_decl = allocate_attr_in_db(db, uuid, GATT_PERM_READ);
374 tGATT_ATTR& char_val = allocate_attr_in_db(db, char_uuid, perm);
375
376 char_decl.p_value.reset(new tGATT_ATTR_VALUE);
377 char_decl.p_value->char_decl.property = property;
378 char_decl.p_value->char_decl.char_val_handle = char_val.handle;
379 char_val.gatt_type = BTGATT_DB_CHARACTERISTIC;
380
381 return char_val.handle;
382 }
383
384 /*******************************************************************************
385 *
386 * Function gatts_add_char_ext_prop_descr
387 *
388 * Description add a characteristics extended properties descriptor.
389 *
390 * Parameter db: database pointer.
391 * extended_properties: characteristic descriptors values.
392 *
393 * Returns Status of the operation.
394 *
395 ******************************************************************************/
gatts_add_char_ext_prop_descr(tGATT_SVC_DB & db,uint16_t extended_properties)396 uint16_t gatts_add_char_ext_prop_descr(
397 tGATT_SVC_DB& db, uint16_t extended_properties) {
398 Uuid descr_uuid = Uuid::From16Bit(GATT_UUID_CHAR_EXT_PROP);
399
400 VLOG(1) << StringPrintf("gatts_add_char_ext_prop_descr uuid=%s",
401 descr_uuid.ToString().c_str());
402
403 tGATT_ATTR& char_dscptr = allocate_attr_in_db(db, descr_uuid, GATT_PERM_READ);
404 char_dscptr.gatt_type = BTGATT_DB_DESCRIPTOR;
405 char_dscptr.p_value.reset(new tGATT_ATTR_VALUE);
406 char_dscptr.p_value->char_ext_prop = extended_properties;
407
408 return char_dscptr.handle;
409 }
410
411 /*******************************************************************************
412 *
413 * Function gatts_add_char_descr
414 *
415 * Description This function add a characteristics descriptor.
416 *
417 * Parameter p_db: database pointer.
418 * perm: characteristic descriptor permission type.
419 * char_dscp_tpye: the characteristic descriptor masks.
420 * p_dscp_params: characteristic descriptors values.
421 *
422 * Returns Status of the operation.
423 *
424 ******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB & db,tGATT_PERM perm,const Uuid & descr_uuid)425 uint16_t gatts_add_char_descr(tGATT_SVC_DB& db, tGATT_PERM perm,
426 const Uuid& descr_uuid) {
427 VLOG(1) << StringPrintf("gatts_add_char_descr uuid=%s",
428 descr_uuid.ToString().c_str());
429
430 /* Add characteristic descriptors */
431 tGATT_ATTR& char_dscptr = allocate_attr_in_db(db, descr_uuid, perm);
432 char_dscptr.gatt_type = BTGATT_DB_DESCRIPTOR;
433 return char_dscptr.handle;
434 }
435
436 /******************************************************************************/
437 /* Service Attribute Database Query Utility Functions */
438 /******************************************************************************/
find_attr_by_handle(tGATT_SVC_DB * p_db,uint16_t handle)439 tGATT_ATTR* find_attr_by_handle(tGATT_SVC_DB* p_db, uint16_t handle) {
440 if (!p_db) return nullptr;
441
442 for (auto& attr : p_db->attr_list) {
443 if (attr.handle == handle) return &attr;
444 if (attr.handle > handle) return nullptr;
445 }
446
447 return nullptr;
448 }
449
450 /*******************************************************************************
451 *
452 * Function gatts_read_attr_value_by_handle
453 *
454 * Description Query attribute value by attribute handle.
455 *
456 * Parameter p_db: pointer to the attribute database.
457 * handle: Attribute handle to read.
458 * offset: Read offset.
459 * p_value: output parameter to carry out the attribute value.
460 * p_len: output parameter as attribute length read.
461 * read_long: this is a read blob request.
462 * mtu: MTU.
463 * sec_flag: current link security status.
464 * key_size: encryption key size
465 *
466 * Returns Status of operation.
467 *
468 ******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB & tcb,uint16_t cid,tGATT_SVC_DB * p_db,uint8_t op_code,uint16_t handle,uint16_t offset,uint8_t * p_value,uint16_t * p_len,uint16_t mtu,tGATT_SEC_FLAG sec_flag,uint8_t key_size,uint32_t trans_id)469 tGATT_STATUS gatts_read_attr_value_by_handle(
470 tGATT_TCB& tcb, uint16_t cid, tGATT_SVC_DB* p_db, uint8_t op_code,
471 uint16_t handle, uint16_t offset, uint8_t* p_value, uint16_t* p_len,
472 uint16_t mtu, tGATT_SEC_FLAG sec_flag, uint8_t key_size,
473 uint32_t trans_id) {
474 tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle);
475 if (!p_attr) return GATT_NOT_FOUND;
476
477 uint8_t* pp = p_value;
478 tGATT_STATUS status = read_attr_value(*p_attr, offset, &pp,
479 (bool)(op_code == GATT_REQ_READ_BLOB),
480 mtu, p_len, sec_flag, key_size);
481
482 if (status == GATT_PENDING) {
483 status = gatts_send_app_read_request(tcb, cid, op_code, p_attr->handle,
484 offset, trans_id, p_attr->gatt_type);
485 }
486 return status;
487 }
488
489 /*******************************************************************************
490 *
491 * Function gatts_read_attr_perm_check
492 *
493 * Description Check attribute readability.
494 *
495 * Parameter p_db: pointer to the attribute database.
496 * handle: Attribute handle to read.
497 * offset: Read offset.
498 * p_value: output parameter to carry out the attribute value.
499 * p_len: output parameter as attribute length read.
500 * read_long: this is a read blob request.
501 * mtu: MTU.
502 * sec_flag: current link security status.
503 * key_size: encryption key size
504 *
505 * Returns Status of operation.
506 *
507 ******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,bool is_long,uint16_t handle,tGATT_SEC_FLAG sec_flag,uint8_t key_size)508 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB* p_db, bool is_long,
509 uint16_t handle,
510 tGATT_SEC_FLAG sec_flag,
511 uint8_t key_size) {
512 tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle);
513 if (!p_attr) return GATT_NOT_FOUND;
514
515 return gatts_check_attr_readability(*p_attr, 0, is_long, sec_flag, key_size);
516 }
517
518 /*******************************************************************************
519 *
520 * Function gatts_write_attr_perm_check
521 *
522 * Description Write attribute value into database.
523 *
524 * Parameter p_db: pointer to the attribute database.
525 * op_code:op code of this write.
526 * handle: handle of the attribute to write.
527 * offset: Write offset if write op code is write blob.
528 * p_data: Attribute value to write.
529 * len: attribute data length.
530 * sec_flag: current link security status.
531 * key_size: encryption key size
532 *
533 * Returns Status of the operation.
534 *
535 ******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,uint8_t op_code,uint16_t handle,uint16_t offset,uint8_t * p_data,uint16_t len,tGATT_SEC_FLAG sec_flag,uint8_t key_size)536 tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code,
537 uint16_t handle, uint16_t offset,
538 uint8_t* p_data, uint16_t len,
539 tGATT_SEC_FLAG sec_flag,
540 uint8_t key_size) {
541 VLOG(1) << StringPrintf(
542 "%s: op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x "
543 "key_size=%d",
544 __func__, op_code, handle, offset, len, sec_flag, key_size);
545
546 tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle);
547 if (!p_attr) return GATT_NOT_FOUND;
548
549 tGATT_PERM perm = p_attr->permission;
550 uint16_t min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
551 if (min_key_size != 0) {
552 min_key_size += 6;
553 }
554 VLOG(1) << StringPrintf("%s: p_attr->permission =0x%04x min_key_size==0x%04x",
555 __func__, p_attr->permission, min_key_size);
556
557 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE) &&
558 (perm & GATT_WRITE_SIGNED_PERM)) {
559 /* use the rules for the mixed security see section 10.2.3*/
560 /* use security mode 1 level 2 when the following condition follows */
561 /* LE security mode 2 level 1 and LE security mode 1 level 2 */
562 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED)) {
563 perm = GATT_PERM_WRITE_ENCRYPTED;
564 }
565 /* use security mode 1 level 3 when the following condition follows */
566 /* LE security mode 2 level 2 and security mode 1 and LE */
567 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) &&
568 (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
569 /* LE security mode 2 and security mode 1 level 3 */
570 ((perm & GATT_WRITE_SIGNED_PERM) &&
571 (perm & GATT_PERM_WRITE_ENC_MITM))) {
572 perm = GATT_PERM_WRITE_ENC_MITM;
573 }
574 }
575
576 tGATT_STATUS status = GATT_NOT_FOUND;
577 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM)) {
578 status = GATT_WRITE_NOT_PERMIT;
579 VLOG(1) << __func__ << ": sign cmd write not allowed";
580 }
581 if ((op_code == GATT_SIGN_CMD_WRITE) &&
582 (sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
583 status = GATT_INVALID_PDU;
584 LOG(ERROR) << __func__
585 << ": Error!! sign cmd write sent on a encypted link";
586 } else if (!(perm & GATT_WRITE_ALLOWED)) {
587 status = GATT_WRITE_NOT_PERMIT;
588 LOG(ERROR) << __func__ << ": GATT_WRITE_NOT_PERMIT";
589 }
590 /* require authentication, but not been authenticated */
591 else if ((perm & GATT_WRITE_AUTH_REQUIRED) &&
592 !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED)) {
593 status = GATT_INSUF_AUTHENTICATION;
594 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION";
595 } else if ((perm & GATT_WRITE_MITM_REQUIRED) &&
596 !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) {
597 status = GATT_INSUF_AUTHENTICATION;
598 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM required";
599 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) &&
600 !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) {
601 status = GATT_INSUF_ENCRYPTION;
602 LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION";
603 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) &&
604 (sec_flag & GATT_SEC_FLAG_ENCRYPTED) &&
605 (key_size < min_key_size)) {
606 status = GATT_INSUF_KEY_SIZE;
607 LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE";
608 }
609 /* LE security mode 2 attribute */
610 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE &&
611 !(sec_flag & GATT_SEC_FLAG_ENCRYPTED) &&
612 (perm & GATT_WRITE_ALLOWED) == 0) {
613 status = GATT_INSUF_AUTHENTICATION;
614 LOG(ERROR) << __func__
615 << ": GATT_INSUF_AUTHENTICATION: LE security mode 2 required";
616 } else /* writable: must be char value declaration or char descritpors */
617 {
618 uint16_t max_size = 0;
619
620 if (p_attr->uuid.IsEmpty()) {
621 status = GATT_INVALID_PDU;
622 } else if (p_attr->uuid.Is16Bit()) {
623 switch (p_attr->uuid.As16Bit()) {
624 case GATT_UUID_CHAR_PRESENT_FORMAT: /* should be readable only */
625 case GATT_UUID_CHAR_EXT_PROP: /* should be readable only */
626 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
627 case GATT_UUID_CHAR_VALID_RANGE:
628 status = GATT_WRITE_NOT_PERMIT;
629 break;
630
631 case GATT_UUID_CHAR_CLIENT_CONFIG:
632 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
633 case GATT_UUID_CHAR_SRVR_CONFIG:
634 max_size = 2;
635 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
636 case GATT_UUID_CHAR_DESCRIPTION:
637 default: /* any other must be character value declaration */
638 status = GATT_SUCCESS;
639 break;
640 }
641 } else { // 32 or 128 bit UUID
642 status = GATT_SUCCESS;
643 }
644
645 if (p_data == NULL && len > 0) {
646 return GATT_INVALID_PDU;
647 }
648
649 /* these attribute does not allow write blob */
650 if (p_attr->uuid.Is16Bit() &&
651 (p_attr->uuid.As16Bit() == GATT_UUID_CHAR_CLIENT_CONFIG ||
652 p_attr->uuid.As16Bit() == GATT_UUID_CHAR_SRVR_CONFIG)) {
653 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) {
654 /* does not allow write blob */
655 status = GATT_NOT_LONG;
656 LOG(ERROR) << __func__ << ": GATT_NOT_LONG";
657 } else if (len != max_size) {
658 /* data does not match the required format */
659 status = GATT_INVALID_ATTR_LEN;
660 LOG(ERROR) << __func__ << ": GATT_INVALID_PDU";
661 } else {
662 return GATT_SUCCESS;
663 }
664 }
665 }
666
667 return status;
668 }
669
670 /**
671 * Description Allocate a memory space for a new attribute, and link this
672 * attribute into the database attribute list.
673 *
674 *
675 * Parameter p_db : database pointer.
676 * uuid: attribute UUID
677 *
678 * Returns pointer to the newly allocated attribute.
679 *
680 */
allocate_attr_in_db(tGATT_SVC_DB & db,const Uuid & uuid,tGATT_PERM perm)681 static tGATT_ATTR& allocate_attr_in_db(tGATT_SVC_DB& db, const Uuid& uuid,
682 tGATT_PERM perm) {
683 if (db.next_handle >= db.end_handle) {
684 LOG(FATAL) << __func__
685 << " wrong number of handles! handle_max = " << +db.end_handle
686 << ", next_handle = " << +db.next_handle;
687 }
688
689 db.attr_list.emplace_back();
690 tGATT_ATTR& attr = db.attr_list.back();
691 attr.handle = db.next_handle++;
692 attr.uuid = uuid;
693 attr.permission = perm;
694 return attr;
695 }
696
697 /*******************************************************************************
698 *
699 * Function gatts_send_app_read_request
700 *
701 * Description Send application read request callback
702 *
703 * Returns status of operation.
704 *
705 ******************************************************************************/
gatts_send_app_read_request(tGATT_TCB & tcb,uint16_t cid,uint8_t op_code,uint16_t handle,uint16_t offset,uint32_t trans_id,bt_gatt_db_attribute_type_t gatt_type)706 static tGATT_STATUS gatts_send_app_read_request(
707 tGATT_TCB& tcb, uint16_t cid, uint8_t op_code, uint16_t handle,
708 uint16_t offset, uint32_t trans_id, bt_gatt_db_attribute_type_t gatt_type) {
709 tGATT_SRV_LIST_ELEM& el = *gatt_sr_find_i_rcb_by_handle(handle);
710 uint16_t conn_id = GATT_CREATE_CONN_ID(tcb.tcb_idx, el.gatt_if);
711
712 if (trans_id == 0) {
713 trans_id = gatt_sr_enqueue_cmd(tcb, cid, op_code, handle);
714 gatt_sr_update_cback_cnt(tcb, cid, el.gatt_if, true, true);
715 }
716
717 if (trans_id != 0) {
718 tGATTS_DATA sr_data;
719 memset(&sr_data, 0, sizeof(tGATTS_DATA));
720
721 sr_data.read_req.handle = handle;
722 sr_data.read_req.is_long = (bool)(op_code == GATT_REQ_READ_BLOB);
723 sr_data.read_req.offset = offset;
724
725 uint8_t opcode;
726 if (gatt_type == BTGATT_DB_DESCRIPTOR) {
727 opcode = GATTS_REQ_TYPE_READ_DESCRIPTOR;
728 } else if (gatt_type == BTGATT_DB_CHARACTERISTIC) {
729 opcode = GATTS_REQ_TYPE_READ_CHARACTERISTIC;
730 } else {
731 LOG(ERROR) << __func__
732 << ": Attempt to read attribute that's not tied with "
733 "characteristic or descriptor value.";
734 return GATT_ERROR;
735 }
736
737 gatt_sr_send_req_callback(conn_id, trans_id, opcode, &sr_data);
738 return (tGATT_STATUS)GATT_PENDING;
739 } else
740 return (tGATT_STATUS)GATT_BUSY; /* max pending command, application error */
741 }
742