1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains GATT database building and query functions
22 *
23 ******************************************************************************/
24
25 #include <base/logging.h>
26 #include <log/log.h>
27 #include <stdio.h>
28 #include <string.h>
29
30 #include "bt_target.h"
31 #include "bt_trace.h"
32 #include "bt_utils.h"
33 #include "gatt_int.h"
34 #include "l2c_api.h"
35 #include "osi/include/osi.h"
36 #include "stack/btm/btm_ble_int.h"
37 #include "stack/btm/btm_sec.h"
38 #include "stack/include/acl_api.h"
39 #include "stack/include/bt_hdr.h"
40 #include "types/bluetooth/uuid.h"
41
42 using base::StringPrintf;
43 using bluetooth::Uuid;
44
45 /*******************************************************************************
46 * L O C A L F U N C T I O N P R O T O T Y P E S *
47 ******************************************************************************/
48 static tGATT_ATTR& allocate_attr_in_db(tGATT_SVC_DB& db, const Uuid& uuid,
49 tGATT_PERM perm);
50 static tGATT_STATUS gatts_send_app_read_request(
51 tGATT_TCB& tcb, uint16_t cid, uint8_t op_code, uint16_t handle,
52 uint16_t offset, uint32_t trans_id, bt_gatt_db_attribute_type_t gatt_type);
53
54 /**
55 * Initialize a memory space to be a service database.
56 */
gatts_init_service_db(tGATT_SVC_DB & db,const Uuid & service_uuid,bool is_pri,uint16_t s_hdl,uint16_t num_handle)57 void gatts_init_service_db(tGATT_SVC_DB& db, const Uuid& service_uuid,
58 bool is_pri, uint16_t s_hdl, uint16_t num_handle) {
59 db.attr_list.reserve(num_handle);
60
61 VLOG(1) << StringPrintf("%s: s_hdl= %d num_handle= %d", __func__, s_hdl,
62 num_handle);
63
64 /* update service database information */
65 db.next_handle = s_hdl;
66 db.end_handle = s_hdl + num_handle;
67
68 /* add service declration record */
69 Uuid uuid =
70 Uuid::From16Bit(is_pri ? GATT_UUID_PRI_SERVICE : GATT_UUID_SEC_SERVICE);
71 tGATT_ATTR& attr = allocate_attr_in_db(db, uuid, GATT_PERM_READ);
72 attr.p_value.reset(new tGATT_ATTR_VALUE);
73 attr.p_value->uuid = service_uuid;
74 }
75
gatts_get_service_uuid(tGATT_SVC_DB * p_db)76 Uuid* gatts_get_service_uuid(tGATT_SVC_DB* p_db) {
77 if (!p_db || p_db->attr_list.empty()) {
78 LOG(ERROR) << "service DB empty";
79 return NULL;
80 } else {
81 return &p_db->attr_list[0].p_value->uuid;
82 }
83 }
84
85 /** Check attribute readability. Returns status of operation. */
gatts_check_attr_readability(const tGATT_ATTR & attr,UNUSED_ATTR uint16_t offset,bool read_long,tGATT_SEC_FLAG sec_flag,uint8_t key_size)86 static tGATT_STATUS gatts_check_attr_readability(const tGATT_ATTR& attr,
87 UNUSED_ATTR uint16_t offset,
88 bool read_long,
89 tGATT_SEC_FLAG sec_flag,
90 uint8_t key_size) {
91 uint16_t min_key_size;
92 tGATT_PERM perm = attr.permission;
93
94 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
95 if (min_key_size != 0) {
96 min_key_size += 6;
97 }
98
99 if (!(perm & GATT_READ_ALLOWED)) {
100 LOG(ERROR) << __func__ << ": GATT_READ_NOT_PERMIT";
101 return GATT_READ_NOT_PERMIT;
102 }
103
104 if ((perm & GATT_READ_AUTH_REQUIRED) && !sec_flag.is_link_key_known &&
105 !sec_flag.is_encrypted) {
106 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION";
107 return GATT_INSUF_AUTHENTICATION;
108 }
109
110 if ((perm & GATT_READ_MITM_REQUIRED) && !sec_flag.is_link_key_authed) {
111 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM Required";
112 return GATT_INSUF_AUTHENTICATION;
113 }
114
115 if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && !sec_flag.is_encrypted) {
116 LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION";
117 return GATT_INSUF_ENCRYPTION;
118 }
119
120 if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && sec_flag.is_encrypted &&
121 (key_size < min_key_size)) {
122 LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE";
123 return GATT_INSUF_KEY_SIZE;
124 }
125
126 if (read_long && attr.uuid.Is16Bit()) {
127 switch (attr.uuid.As16Bit()) {
128 case GATT_UUID_PRI_SERVICE:
129 case GATT_UUID_SEC_SERVICE:
130 case GATT_UUID_CHAR_DECLARE:
131 case GATT_UUID_INCLUDE_SERVICE:
132 case GATT_UUID_CHAR_EXT_PROP:
133 case GATT_UUID_CHAR_CLIENT_CONFIG:
134 case GATT_UUID_CHAR_SRVR_CONFIG:
135 case GATT_UUID_CHAR_PRESENT_FORMAT:
136 LOG(ERROR) << __func__ << ": GATT_NOT_LONG";
137 return GATT_NOT_LONG;
138
139 default:
140 break;
141 }
142 }
143
144 return GATT_SUCCESS;
145 }
146
147 /*******************************************************************************
148 *
149 * Function read_attr_value
150 *
151 * Description Utility function to read an attribute value.
152 *
153 * Parameter attr16: pointer to the attribute to read.
154 * offset: read offset.
155 * p_data: output parameter to carry out the attribute value.
156 * read_long: this is a read blob request.
157 * mtu: MTU
158 * p_len: output parameter to carry out the attribute length.
159 * sec_flag: current link security status.
160 * key_size: encryption key size.
161 *
162 * Returns status of operation.
163 *
164 ******************************************************************************/
read_attr_value(tGATT_ATTR & attr16,uint16_t offset,uint8_t ** p_data,bool read_long,uint16_t mtu,uint16_t * p_len,tGATT_SEC_FLAG sec_flag,uint8_t key_size)165 static tGATT_STATUS read_attr_value(tGATT_ATTR& attr16, uint16_t offset,
166 uint8_t** p_data, bool read_long,
167 uint16_t mtu, uint16_t* p_len,
168 tGATT_SEC_FLAG sec_flag, uint8_t key_size) {
169 uint8_t* p = *p_data;
170
171 VLOG(1) << __func__ << " uuid=" << attr16.uuid
172 << StringPrintf(" perm=0x%02x offset=%d read_long=%d",
173 attr16.permission, offset, read_long);
174
175 tGATT_STATUS status = gatts_check_attr_readability(attr16, offset, read_long,
176 sec_flag, key_size);
177 if (status != GATT_SUCCESS) return status;
178
179 if (!attr16.uuid.Is16Bit()) {
180 /* characteristic description or characteristic value */
181 return GATT_PENDING;
182 }
183
184 uint16_t uuid16 = attr16.uuid.As16Bit();
185
186 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE) {
187 *p_len = gatt_build_uuid_to_stream_len(attr16.p_value->uuid);
188 if (mtu < *p_len) return GATT_NO_RESOURCES;
189
190 gatt_build_uuid_to_stream(&p, attr16.p_value->uuid);
191 *p_data = p;
192 return GATT_SUCCESS;
193 }
194
195 if (uuid16 == GATT_UUID_CHAR_DECLARE) {
196 tGATT_ATTR* val_attr = &attr16 + 1;
197 uint8_t val_len = val_attr->uuid.GetShortestRepresentationSize();
198 *p_len = (val_len == Uuid::kNumBytes16) ? 5 : 19;
199
200 if (mtu < *p_len) return GATT_NO_RESOURCES;
201
202 UINT8_TO_STREAM(p, attr16.p_value->char_decl.property);
203 UINT16_TO_STREAM(p, attr16.p_value->char_decl.char_val_handle);
204
205 if (val_len == Uuid::kNumBytes16) {
206 UINT16_TO_STREAM(p, val_attr->uuid.As16Bit());
207 } else {
208 /* if 32 bit UUID, convert to 128 bit */
209 ARRAY_TO_STREAM(p, val_attr->uuid.To128BitLE(), (int)Uuid::kNumBytes128);
210 }
211 *p_data = p;
212 return GATT_SUCCESS;
213 }
214
215 if (uuid16 == GATT_UUID_INCLUDE_SERVICE) {
216 tGATT_INCL_SRVC& incl_handle = attr16.p_value->incl_handle;
217 if (incl_handle.service_type.Is16Bit())
218 *p_len = 6;
219 else
220 *p_len = 4;
221
222 if (mtu < *p_len) return GATT_NO_RESOURCES;
223
224 UINT16_TO_STREAM(p, incl_handle.s_handle);
225 UINT16_TO_STREAM(p, incl_handle.e_handle);
226
227 if (incl_handle.service_type.Is16Bit()) {
228 UINT16_TO_STREAM(p, incl_handle.service_type.As16Bit());
229 }
230 *p_data = p;
231 return GATT_SUCCESS;
232 }
233
234 if (uuid16 == GATT_UUID_CHAR_EXT_PROP) {
235 // sometimes this descriptor is added by users manually, we need to check if
236 // the p_value is nullptr.
237 uint16_t char_ext_prop =
238 attr16.p_value ? attr16.p_value->char_ext_prop : 0x0000;
239 *p_len = 2;
240
241 if (mtu < *p_len) {
242 return GATT_NO_RESOURCES;
243 }
244
245 UINT16_TO_STREAM(p, char_ext_prop);
246 *p_data = p;
247 return GATT_SUCCESS;
248 }
249
250 /* characteristic descriptor or characteristic value (again) */
251 return GATT_PENDING;
252 }
253
254 /*******************************************************************************
255 *
256 * Function gatts_db_read_attr_value_by_type
257 *
258 * Description Query attribute value by attribute type.
259 *
260 * Parameter p_db: pointer to the attribute database.
261 * p_rsp: Read By type response data.
262 * s_handle: starting handle of the range we are looking for.
263 * e_handle: ending handle of the range we are looking for.
264 * type: Attribute type.
265 * mtu: MTU.
266 * sec_flag: current link security status.
267 * key_size: encryption key size.
268 *
269 * Returns Status of the operation.
270 *
271 ******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB & tcb,uint16_t cid,tGATT_SVC_DB * p_db,uint8_t op_code,BT_HDR * p_rsp,uint16_t s_handle,uint16_t e_handle,const Uuid & type,uint16_t * p_len,tGATT_SEC_FLAG sec_flag,uint8_t key_size,uint32_t trans_id,uint16_t * p_cur_handle)272 tGATT_STATUS gatts_db_read_attr_value_by_type(
273 tGATT_TCB& tcb, uint16_t cid, tGATT_SVC_DB* p_db, uint8_t op_code,
274 BT_HDR* p_rsp, uint16_t s_handle, uint16_t e_handle, const Uuid& type,
275 uint16_t* p_len, tGATT_SEC_FLAG sec_flag, uint8_t key_size,
276 uint32_t trans_id, uint16_t* p_cur_handle) {
277 tGATT_STATUS status = GATT_NOT_FOUND;
278 uint16_t len = 0;
279 uint8_t* p = (uint8_t*)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
280
281 if (p_db) {
282 for (tGATT_ATTR& attr : p_db->attr_list) {
283 if (attr.handle >= s_handle && type == attr.uuid) {
284 if (*p_len <= 2) {
285 status = GATT_NO_RESOURCES;
286 break;
287 }
288
289 UINT16_TO_STREAM(p, attr.handle);
290
291 status = read_attr_value(attr, 0, &p, false, (uint16_t)(*p_len - 2),
292 &len, sec_flag, key_size);
293
294 if (status == GATT_PENDING) {
295 status = gatts_send_app_read_request(tcb, cid, op_code, attr.handle,
296 0, trans_id, attr.gatt_type);
297
298 /* one callback at a time */
299 break;
300 } else if (status == GATT_SUCCESS) {
301 if (p_rsp->offset == 0) p_rsp->offset = len + 2;
302
303 if (p_rsp->offset == len + 2) {
304 p_rsp->len += (len + 2);
305 *p_len -= (len + 2);
306 } else {
307 LOG(ERROR) << "format mismatch";
308 status = GATT_NO_RESOURCES;
309 break;
310 }
311 } else {
312 *p_cur_handle = attr.handle;
313 break;
314 }
315 }
316 }
317 }
318
319 return status;
320 }
321
322 /**
323 * This function adds an included service into a database.
324 *
325 * Parameter db: database pointer.
326 * inc_srvc_type: included service type.
327 *
328 * Returns Status of the operation.
329 *
330 */
gatts_add_included_service(tGATT_SVC_DB & db,uint16_t s_handle,uint16_t e_handle,const Uuid & service)331 uint16_t gatts_add_included_service(tGATT_SVC_DB& db, uint16_t s_handle,
332 uint16_t e_handle, const Uuid& service) {
333 Uuid uuid = Uuid::From16Bit(GATT_UUID_INCLUDE_SERVICE);
334
335 VLOG(1) << __func__
336 << StringPrintf(": s_hdl=0x%04x e_hdl=0x%04x ", s_handle, e_handle)
337 << "service uuid = " << service;
338
339 if (service.IsEmpty() || s_handle == 0 || e_handle == 0) {
340 LOG(ERROR) << __func__ << ": Illegal Params.";
341 return 0;
342 }
343
344 tGATT_ATTR& attr = allocate_attr_in_db(db, uuid, GATT_PERM_READ);
345
346 attr.p_value.reset(new tGATT_ATTR_VALUE);
347 attr.p_value->incl_handle.s_handle = s_handle;
348 attr.p_value->incl_handle.e_handle = e_handle;
349 attr.p_value->incl_handle.service_type = service;
350
351 return attr.handle;
352 }
353
354 /*******************************************************************************
355 *
356 * Function gatts_add_characteristic
357 *
358 * Description This function add a characteristics and its descriptor into
359 * a servce identified by the service database pointer.
360 *
361 * Parameter db: database.
362 * perm: permission (authentication and key size requirements)
363 * property: property of the characteristic.
364 * extended_properties: characteristic extended properties.
365 * p_char: characteristic value information.
366 *
367 * Returns Status of te operation.
368 *
369 ******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB & db,tGATT_PERM perm,tGATT_CHAR_PROP property,const Uuid & char_uuid)370 uint16_t gatts_add_characteristic(tGATT_SVC_DB& db, tGATT_PERM perm,
371 tGATT_CHAR_PROP property,
372 const Uuid& char_uuid) {
373 Uuid uuid = Uuid::From16Bit(GATT_UUID_CHAR_DECLARE);
374
375 VLOG(1) << StringPrintf("%s: perm=0x%0x property=0x%0x", __func__, perm,
376 property);
377
378 tGATT_ATTR& char_decl = allocate_attr_in_db(db, uuid, GATT_PERM_READ);
379 tGATT_ATTR& char_val = allocate_attr_in_db(db, char_uuid, perm);
380
381 char_decl.p_value.reset(new tGATT_ATTR_VALUE);
382 char_decl.p_value->char_decl.property = property;
383 char_decl.p_value->char_decl.char_val_handle = char_val.handle;
384 char_val.gatt_type = BTGATT_DB_CHARACTERISTIC;
385
386 return char_val.handle;
387 }
388
389 /*******************************************************************************
390 *
391 * Function gatts_add_char_ext_prop_descr
392 *
393 * Description add a characteristics extended properties descriptor.
394 *
395 * Parameter db: database pointer.
396 * extended_properties: characteristic descriptors values.
397 *
398 * Returns Status of the operation.
399 *
400 ******************************************************************************/
gatts_add_char_ext_prop_descr(tGATT_SVC_DB & db,uint16_t extended_properties)401 uint16_t gatts_add_char_ext_prop_descr(
402 tGATT_SVC_DB& db, uint16_t extended_properties) {
403 Uuid descr_uuid = Uuid::From16Bit(GATT_UUID_CHAR_EXT_PROP);
404
405 VLOG(1) << StringPrintf("gatts_add_char_ext_prop_descr uuid=%s",
406 descr_uuid.ToString().c_str());
407
408 tGATT_ATTR& char_dscptr = allocate_attr_in_db(db, descr_uuid, GATT_PERM_READ);
409 char_dscptr.gatt_type = BTGATT_DB_DESCRIPTOR;
410 char_dscptr.p_value.reset(new tGATT_ATTR_VALUE);
411 char_dscptr.p_value->char_ext_prop = extended_properties;
412
413 return char_dscptr.handle;
414 }
415
416 /*******************************************************************************
417 *
418 * Function gatts_add_char_descr
419 *
420 * Description This function add a characteristics descriptor.
421 *
422 * Parameter p_db: database pointer.
423 * perm: characteristic descriptor permission type.
424 * char_dscp_tpye: the characteristic descriptor masks.
425 * p_dscp_params: characteristic descriptors values.
426 *
427 * Returns Status of the operation.
428 *
429 ******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB & db,tGATT_PERM perm,const Uuid & descr_uuid)430 uint16_t gatts_add_char_descr(tGATT_SVC_DB& db, tGATT_PERM perm,
431 const Uuid& descr_uuid) {
432 VLOG(1) << StringPrintf("gatts_add_char_descr uuid=%s",
433 descr_uuid.ToString().c_str());
434
435 /* Add characteristic descriptors */
436 tGATT_ATTR& char_dscptr = allocate_attr_in_db(db, descr_uuid, perm);
437 char_dscptr.gatt_type = BTGATT_DB_DESCRIPTOR;
438 return char_dscptr.handle;
439 }
440
441 /******************************************************************************/
442 /* Service Attribute Database Query Utility Functions */
443 /******************************************************************************/
find_attr_by_handle(tGATT_SVC_DB * p_db,uint16_t handle)444 tGATT_ATTR* find_attr_by_handle(tGATT_SVC_DB* p_db, uint16_t handle) {
445 if (!p_db) return nullptr;
446
447 for (auto& attr : p_db->attr_list) {
448 if (attr.handle == handle) return &attr;
449 if (attr.handle > handle) return nullptr;
450 }
451
452 return nullptr;
453 }
454
455 /*******************************************************************************
456 *
457 * Function gatts_read_attr_value_by_handle
458 *
459 * Description Query attribute value by attribute handle.
460 *
461 * Parameter p_db: pointer to the attribute database.
462 * handle: Attribute handle to read.
463 * offset: Read offset.
464 * p_value: output parameter to carry out the attribute value.
465 * p_len: output parameter as attribute length read.
466 * read_long: this is a read blob request.
467 * mtu: MTU.
468 * sec_flag: current link security status.
469 * key_size: encryption key size
470 *
471 * Returns Status of operation.
472 *
473 ******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB & tcb,uint16_t cid,tGATT_SVC_DB * p_db,uint8_t op_code,uint16_t handle,uint16_t offset,uint8_t * p_value,uint16_t * p_len,uint16_t mtu,tGATT_SEC_FLAG sec_flag,uint8_t key_size,uint32_t trans_id)474 tGATT_STATUS gatts_read_attr_value_by_handle(
475 tGATT_TCB& tcb, uint16_t cid, tGATT_SVC_DB* p_db, uint8_t op_code,
476 uint16_t handle, uint16_t offset, uint8_t* p_value, uint16_t* p_len,
477 uint16_t mtu, tGATT_SEC_FLAG sec_flag, uint8_t key_size,
478 uint32_t trans_id) {
479 tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle);
480 if (!p_attr) return GATT_NOT_FOUND;
481
482 uint8_t* pp = p_value;
483 tGATT_STATUS status = read_attr_value(*p_attr, offset, &pp,
484 (bool)(op_code == GATT_REQ_READ_BLOB),
485 mtu, p_len, sec_flag, key_size);
486
487 if (status == GATT_PENDING) {
488 status = gatts_send_app_read_request(tcb, cid, op_code, p_attr->handle,
489 offset, trans_id, p_attr->gatt_type);
490 }
491 return status;
492 }
493
494 /*******************************************************************************
495 *
496 * Function gatts_read_attr_perm_check
497 *
498 * Description Check attribute readability.
499 *
500 * Parameter p_db: pointer to the attribute database.
501 * handle: Attribute handle to read.
502 * offset: Read offset.
503 * p_value: output parameter to carry out the attribute value.
504 * p_len: output parameter as attribute length read.
505 * read_long: this is a read blob request.
506 * mtu: MTU.
507 * sec_flag: current link security status.
508 * key_size: encryption key size
509 *
510 * Returns Status of operation.
511 *
512 ******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,bool is_long,uint16_t handle,tGATT_SEC_FLAG sec_flag,uint8_t key_size)513 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB* p_db, bool is_long,
514 uint16_t handle,
515 tGATT_SEC_FLAG sec_flag,
516 uint8_t key_size) {
517 tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle);
518 if (!p_attr) return GATT_NOT_FOUND;
519
520 return gatts_check_attr_readability(*p_attr, 0, is_long, sec_flag, key_size);
521 }
522
523 /*******************************************************************************
524 *
525 * Function gatts_write_attr_perm_check
526 *
527 * Description Write attribute value into database.
528 *
529 * Parameter p_db: pointer to the attribute database.
530 * op_code:op code of this write.
531 * handle: handle of the attribute to write.
532 * offset: Write offset if write op code is write blob.
533 * p_data: Attribute value to write.
534 * len: attribute data length.
535 * sec_flag: current link security status.
536 * key_size: encryption key size
537 *
538 * Returns Status of the operation.
539 *
540 ******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,uint8_t op_code,uint16_t handle,uint16_t offset,uint8_t * p_data,uint16_t len,tGATT_SEC_FLAG sec_flag,uint8_t key_size)541 tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code,
542 uint16_t handle, uint16_t offset,
543 uint8_t* p_data, uint16_t len,
544 tGATT_SEC_FLAG sec_flag,
545 uint8_t key_size) {
546 VLOG(1) << StringPrintf(
547 "%s: op_code=0x%0x handle=0x%04x offset=%d len=%d "
548 "key_size=%d",
549 __func__, op_code, handle, offset, len, key_size);
550
551 tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle);
552 if (!p_attr) return GATT_NOT_FOUND;
553
554 tGATT_PERM perm = p_attr->permission;
555 uint16_t min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
556 if (min_key_size != 0) {
557 min_key_size += 6;
558 }
559 VLOG(1) << StringPrintf("%s: p_attr->permission =0x%04x min_key_size==0x%04x",
560 __func__, p_attr->permission, min_key_size);
561
562 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE) &&
563 (perm & GATT_WRITE_SIGNED_PERM)) {
564 /* use the rules for the mixed security see section 10.2.3*/
565 /* use security mode 1 level 2 when the following condition follows */
566 /* LE security mode 2 level 1 and LE security mode 1 level 2 */
567 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED)) {
568 perm = GATT_PERM_WRITE_ENCRYPTED;
569 }
570 /* use security mode 1 level 3 when the following condition follows */
571 /* LE security mode 2 level 2 and security mode 1 and LE */
572 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) &&
573 (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
574 /* LE security mode 2 and security mode 1 level 3 */
575 ((perm & GATT_WRITE_SIGNED_PERM) &&
576 (perm & GATT_PERM_WRITE_ENC_MITM))) {
577 perm = GATT_PERM_WRITE_ENC_MITM;
578 }
579 }
580
581 tGATT_STATUS status = GATT_NOT_FOUND;
582 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM)) {
583 status = GATT_WRITE_NOT_PERMIT;
584 VLOG(1) << __func__ << ": sign cmd write not allowed";
585 }
586 if ((op_code == GATT_SIGN_CMD_WRITE) && sec_flag.is_encrypted) {
587 status = GATT_INVALID_PDU;
588 LOG(ERROR) << __func__
589 << ": Error!! sign cmd write sent on a encypted link";
590 } else if (!(perm & GATT_WRITE_ALLOWED)) {
591 status = GATT_WRITE_NOT_PERMIT;
592 LOG(ERROR) << __func__ << ": GATT_WRITE_NOT_PERMIT";
593 }
594 /* require authentication, but not been authenticated */
595 else if ((perm & GATT_WRITE_AUTH_REQUIRED) && !sec_flag.is_link_key_known) {
596 status = GATT_INSUF_AUTHENTICATION;
597 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION";
598 } else if ((perm & GATT_WRITE_MITM_REQUIRED) &&
599 !sec_flag.is_link_key_authed) {
600 status = GATT_INSUF_AUTHENTICATION;
601 LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM required";
602 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && !sec_flag.is_encrypted) {
603 status = GATT_INSUF_ENCRYPTION;
604 LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION";
605 } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && sec_flag.is_encrypted &&
606 (key_size < min_key_size)) {
607 status = GATT_INSUF_KEY_SIZE;
608 LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE";
609 }
610 /* LE security mode 2 attribute */
611 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE &&
612 !sec_flag.is_encrypted && (perm & GATT_WRITE_ALLOWED) == 0) {
613 status = GATT_INSUF_AUTHENTICATION;
614 LOG(ERROR) << __func__
615 << ": GATT_INSUF_AUTHENTICATION: LE security mode 2 required";
616 } else /* writable: must be char value declaration or char descritpors */
617 {
618 uint16_t max_size = 0;
619
620 if (p_attr->uuid.IsEmpty()) {
621 status = GATT_INVALID_PDU;
622 } else if (p_attr->uuid.Is16Bit()) {
623 switch (p_attr->uuid.As16Bit()) {
624 case GATT_UUID_CHAR_PRESENT_FORMAT: /* should be readable only */
625 case GATT_UUID_CHAR_EXT_PROP: /* should be readable only */
626 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
627 case GATT_UUID_CHAR_VALID_RANGE:
628 status = GATT_WRITE_NOT_PERMIT;
629 break;
630
631 case GATT_UUID_CHAR_CLIENT_CONFIG:
632 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
633 case GATT_UUID_CHAR_SRVR_CONFIG:
634 max_size = 2;
635 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
636 case GATT_UUID_CHAR_DESCRIPTION:
637 default: /* any other must be character value declaration */
638 status = GATT_SUCCESS;
639 break;
640 }
641 } else { // 32 or 128 bit UUID
642 status = GATT_SUCCESS;
643 }
644
645 if (p_data == NULL && len > 0) {
646 return GATT_INVALID_PDU;
647 }
648
649 /* these attribute does not allow write blob */
650 if (p_attr->uuid.Is16Bit() &&
651 (p_attr->uuid.As16Bit() == GATT_UUID_CHAR_CLIENT_CONFIG ||
652 p_attr->uuid.As16Bit() == GATT_UUID_CHAR_SRVR_CONFIG)) {
653 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) {
654 /* does not allow write blob */
655 status = GATT_NOT_LONG;
656 LOG(ERROR) << __func__ << ": GATT_NOT_LONG";
657 } else if (len != max_size) {
658 /* data does not match the required format */
659 status = GATT_INVALID_ATTR_LEN;
660 LOG(ERROR) << __func__ << ": GATT_INVALID_PDU";
661 } else {
662 return GATT_SUCCESS;
663 }
664 }
665 }
666
667 return status;
668 }
669
670 /**
671 * Description Allocate a memory space for a new attribute, and link this
672 * attribute into the database attribute list.
673 *
674 *
675 * Parameter p_db : database pointer.
676 * uuid: attribute UUID
677 *
678 * Returns pointer to the newly allocated attribute.
679 *
680 */
allocate_attr_in_db(tGATT_SVC_DB & db,const Uuid & uuid,tGATT_PERM perm)681 static tGATT_ATTR& allocate_attr_in_db(tGATT_SVC_DB& db, const Uuid& uuid,
682 tGATT_PERM perm) {
683 if (db.next_handle >= db.end_handle) {
684 LOG(FATAL) << __func__
685 << " wrong number of handles! handle_max = " << +db.end_handle
686 << ", next_handle = " << +db.next_handle;
687 }
688
689 db.attr_list.emplace_back();
690 tGATT_ATTR& attr = db.attr_list.back();
691 attr.handle = db.next_handle++;
692 attr.uuid = uuid;
693 attr.permission = perm;
694 return attr;
695 }
696
697 /*******************************************************************************
698 *
699 * Function gatts_send_app_read_request
700 *
701 * Description Send application read request callback
702 *
703 * Returns status of operation.
704 *
705 ******************************************************************************/
gatts_send_app_read_request(tGATT_TCB & tcb,uint16_t cid,uint8_t op_code,uint16_t handle,uint16_t offset,uint32_t trans_id,bt_gatt_db_attribute_type_t gatt_type)706 static tGATT_STATUS gatts_send_app_read_request(
707 tGATT_TCB& tcb, uint16_t cid, uint8_t op_code, uint16_t handle,
708 uint16_t offset, uint32_t trans_id, bt_gatt_db_attribute_type_t gatt_type) {
709 tGATT_SRV_LIST_ELEM& el = *gatt_sr_find_i_rcb_by_handle(handle);
710 uint16_t conn_id = GATT_CREATE_CONN_ID(tcb.tcb_idx, el.gatt_if);
711
712 if (trans_id == 0) {
713 trans_id = gatt_sr_enqueue_cmd(tcb, cid, op_code, handle);
714 gatt_sr_update_cback_cnt(tcb, cid, el.gatt_if, true, true);
715 }
716
717 if (trans_id != 0) {
718 tGATTS_DATA sr_data;
719 memset(&sr_data, 0, sizeof(tGATTS_DATA));
720
721 sr_data.read_req.handle = handle;
722 sr_data.read_req.is_long = (bool)(op_code == GATT_REQ_READ_BLOB);
723 sr_data.read_req.offset = offset;
724
725 uint8_t opcode;
726 if (gatt_type == BTGATT_DB_DESCRIPTOR) {
727 opcode = GATTS_REQ_TYPE_READ_DESCRIPTOR;
728 } else if (gatt_type == BTGATT_DB_CHARACTERISTIC) {
729 opcode = GATTS_REQ_TYPE_READ_CHARACTERISTIC;
730 } else {
731 LOG(ERROR) << __func__
732 << ": Attempt to read attribute that's not tied with "
733 "characteristic or descriptor value.";
734 return GATT_ERROR;
735 }
736
737 gatt_sr_send_req_callback(conn_id, trans_id, opcode, &sr_data);
738 return (tGATT_STATUS)GATT_PENDING;
739 } else
740 return (tGATT_STATUS)GATT_BUSY; /* max pending command, application error */
741 }
742