1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the NFC NCI transport.
22 * On the receive side, it routes events to the appropriate handler
23 * (callback). On the transmit side, it manages the command transmission.
24 *
25 ******************************************************************************/
26 #include <android-base/logging.h>
27 #include <android-base/stringprintf.h>
28 #include <fcntl.h>
29 #include <log/log.h>
30 #include <statslog_nfc.h>
31 #include <sys/stat.h>
32 #include <sys/time.h>
33
34 #include "include/debug_nfcsnoop.h"
35 #include "metrics.h"
36 #include "nci_defs.h"
37 #include "nci_hmsgs.h"
38 #include "nfc_api.h"
39 #include "nfc_int.h"
40 #include "nfc_target.h"
41 #include "rw_api.h"
42 #include "rw_int.h"
43
44 using android::base::StringPrintf;
45
46 #if (NFC_RW_ONLY == FALSE)
47 static const uint8_t nfc_mpl_code_to_size[] = {64, 128, 192, 254};
48
49 #endif /* NFC_RW_ONLY */
50 #if (APPL_DTA_MODE == TRUE)
51 // Global Structure varibale for FW Version
52 static tNFC_FW_VERSION nfc_fw_version;
53 #endif
54 #define NFC_PB_ATTRIB_REQ_FIXED_BYTES 1
55 #define NFC_LB_ATTRIB_REQ_FIXED_BYTES 8
56
57 extern unsigned char appl_dta_mode_flag;
58
59 extern std::string nfc_storage_path;
60
61 static struct timeval timer_start;
62 static struct timeval timer_end;
63
64 #define DEFAULT_CRASH_NFCSNOOP_PATH "/data/misc/nfc/logs/native_crash_logs"
65 static const off_t NATIVE_CRASH_FILE_SIZE = (1024 * 1024);
66
67 /*******************************************************************************
68 **
69 ** Function nfc_ncif_update_window
70 **
71 ** Description Update tx cmd window to indicate that NFCC can received
72 **
73 ** Returns void
74 **
75 *******************************************************************************/
nfc_ncif_update_window(void)76 void nfc_ncif_update_window(void) {
77 /* Sanity check - see if we were expecting a update_window */
78 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
79 if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE) {
80 LOG(ERROR) << StringPrintf("nfc_ncif_update_window: Unexpected call");
81 }
82 return;
83 }
84
85 /* Stop command-pending timer */
86 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
87
88 nfc_cb.p_vsc_cback = nullptr;
89 nfc_cb.nci_cmd_window++;
90
91 /* Check if there were any commands waiting to be sent */
92 nfc_ncif_check_cmd_queue(nullptr);
93 }
94
95 /*******************************************************************************
96 **
97 ** Function nfc_ncif_cmd_timeout
98 **
99 ** Description Handle a command timeout
100 **
101 ** Returns void
102 **
103 *******************************************************************************/
nfc_ncif_cmd_timeout(void)104 void nfc_ncif_cmd_timeout(void) {
105 LOG(ERROR) << StringPrintf("nfc_ncif_cmd_timeout");
106
107 /* report an error */
108 nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
109 nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
110
111 /* if enabling NFC, notify upper layer of failure */
112 if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
113 nfc_enabled(NFC_STATUS_FAILED, nullptr);
114 }
115 }
116
117 /*******************************************************************************
118 **
119 ** Function nfc_wait_2_deactivate_timeout
120 **
121 ** Description Handle a command timeout
122 **
123 ** Returns void
124 **
125 *******************************************************************************/
nfc_wait_2_deactivate_timeout(void)126 void nfc_wait_2_deactivate_timeout(void) {
127 LOG(ERROR) << StringPrintf("nfc_wait_2_deactivate_timeout");
128 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
129 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
130 }
131
132 /*******************************************************************************
133 **
134 ** Function nfc_ncif_send_data
135 **
136 ** Description This function is called to add the NCI data header
137 ** and send it to NCIT task for sending it to transport
138 ** as credits are available.
139 **
140 ** Returns void
141 **
142 *******************************************************************************/
nfc_ncif_send_data(tNFC_CONN_CB * p_cb,NFC_HDR * p_data)143 uint8_t nfc_ncif_send_data(tNFC_CONN_CB* p_cb, NFC_HDR* p_data) {
144 uint8_t* pp;
145 uint8_t* ps;
146 uint8_t ulen = NCI_MAX_PAYLOAD_SIZE;
147 NFC_HDR* p;
148 uint8_t pbf = 1;
149 uint8_t buffer_size = p_cb->buff_size;
150 uint8_t hdr0 = p_cb->conn_id;
151 bool fragmented = false;
152 bool empty_p_data = p_data == nullptr;
153
154 LOG(VERBOSE) << StringPrintf("nfc_ncif_send_data :%d, num_buff:%d qc:%d",
155 p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
156 if (p_cb->id == NFC_RF_CONN_ID) {
157 if (nfc_cb.nfc_state != NFC_STATE_OPEN) {
158 if (nfc_cb.nfc_state == NFC_STATE_CLOSING) {
159 if ((p_data == nullptr) && /* called because credit from NFCC */
160 (nfc_cb.flags & NFC_FL_DEACTIVATING)) {
161 if (p_cb->init_credits == p_cb->num_buff) {
162 /* all the credits are back */
163 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
164 LOG(VERBOSE) << StringPrintf(
165 "deactivating NFC-DEP init_credits:%d, num_buff:%d",
166 p_cb->init_credits, p_cb->num_buff);
167 nfc_stop_timer(&nfc_cb.deactivate_timer);
168 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
169 }
170 }
171 }
172 return NCI_STATUS_FAILED;
173 }
174 }
175
176 if (p_data) {
177 /* always enqueue the data to the tx queue */
178 GKI_enqueue(&p_cb->tx_q, p_data);
179 }
180
181 /* try to send the first data packet in the tx queue */
182 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
183
184 /* post data fragment to NCIT task as credits are available */
185 while (p_data && (p_cb->num_buff > 0)) {
186 if (p_data->len <= buffer_size) {
187 pbf = 0; /* last fragment */
188 ulen = (uint8_t)(p_data->len);
189 fragmented = false;
190 } else {
191 fragmented = true;
192 ulen = buffer_size;
193 }
194
195 if (!fragmented) {
196 /* if data packet is not fragmented, use the original buffer */
197 p = p_data;
198 p_data = (NFC_HDR*)GKI_dequeue(&p_cb->tx_q);
199 } else {
200 /* the data packet is too big and need to be fragmented
201 * prepare a new GKI buffer
202 * (even the last fragment to avoid issues) */
203 p = NCI_GET_CMD_BUF(ulen);
204 if (p == nullptr) return (NCI_STATUS_BUFFER_FULL);
205 p->len = ulen;
206 p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
207 if (p->len) {
208 pp = (uint8_t*)(p + 1) + p->offset;
209 ps = (uint8_t*)(p_data + 1) + p_data->offset;
210 memcpy(pp, ps, ulen);
211 }
212 /* adjust the NFC_HDR on the old fragment */
213 p_data->len -= ulen;
214 p_data->offset += ulen;
215 }
216
217 p->event = BT_EVT_TO_NFC_NCI;
218 p->layer_specific = pbf;
219 p->len += NCI_DATA_HDR_SIZE;
220 p->offset -= NCI_DATA_HDR_SIZE;
221 pp = (uint8_t*)(p + 1) + p->offset;
222 /* build NCI Data packet header */
223 NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
224
225 if (p_cb->num_buff != NFC_CONN_NO_FC) p_cb->num_buff--;
226
227 /* send to HAL */
228 nfcsnoop_capture(p, false);
229 HAL_WRITE(p);
230
231 if (!fragmented) {
232 /* check if there are more data to send */
233 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
234 }
235 }
236
237 // log duration for the first hce data response
238 if (!empty_p_data && (timer_start.tv_sec != 0 || timer_start.tv_usec != 0)) {
239 gettimeofday(&timer_end, nullptr);
240 uint32_t delta_time_ms = (timer_end.tv_sec - timer_start.tv_sec) * 1000 +
241 (timer_end.tv_usec - timer_start.tv_usec) / 1000;
242 memset(&timer_start, 0, sizeof(timer_start));
243 memset(&timer_end, 0, sizeof(timer_end));
244 nfc::stats::stats_write(nfc::stats::NFC_HCE_TRANSACTION_OCCURRED,
245 (int32_t)delta_time_ms);
246 LOG(VERBOSE) << StringPrintf("nfc_ncif_send_data delta_time:%d",
247 delta_time_ms);
248 }
249 return (NCI_STATUS_OK);
250 }
251
252 /*******************************************************************************
253 **
254 ** Function nfc_ncif_check_cmd_queue
255 **
256 ** Description Send NCI command to the transport
257 **
258 ** Returns void
259 **
260 *******************************************************************************/
nfc_ncif_check_cmd_queue(NFC_HDR * p_buf)261 void nfc_ncif_check_cmd_queue(NFC_HDR* p_buf) {
262 uint8_t* ps;
263 /* If there are commands waiting in the xmit queue, or if the controller
264 * cannot accept any more commands, */
265 /* then enqueue this command */
266 if (p_buf) {
267 if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0)) {
268 GKI_enqueue(&nfc_cb.nci_cmd_xmit_q, p_buf);
269 p_buf = nullptr;
270 }
271 }
272
273 /* If controller can accept another command, then send the next command */
274 if (nfc_cb.nci_cmd_window > 0) {
275 /* If no command was provided, or if older commands were in the queue, then
276 * get cmd from the queue */
277 if (!p_buf) p_buf = (NFC_HDR*)GKI_dequeue(&nfc_cb.nci_cmd_xmit_q);
278
279 if (p_buf) {
280 /* save the message header to double check the response */
281 ps = (uint8_t*)(p_buf + 1) + p_buf->offset;
282 memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
283 memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
284 // Check first byte to check if this is an NFCEE command
285 if (*ps == ((NCI_MT_CMD << NCI_MT_SHIFT) | NCI_GID_EE_MANAGE)) {
286 memcpy(nfc_cb.last_nfcee_cmd, ps + NCI_MSG_HDR_SIZE,
287 NFC_SAVED_CMD_SIZE);
288 }
289 if (p_buf->layer_specific == NFC_WAIT_RSP_VSC) {
290 /* save the callback for NCI VSCs) */
291 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
292 } else if (p_buf->layer_specific == NFC_WAIT_RSP_RAW_VS) {
293 /* save the callback for RAW VS */
294 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
295 nfc_cb.rawVsCbflag = true;
296 }
297
298 /* Indicate command is pending */
299 nfc_cb.nci_cmd_window--;
300
301 /* send to HAL */
302 nfcsnoop_capture(p_buf, false);
303 HAL_WRITE(p_buf);
304 /* start NFC command-timeout timer */
305 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
306 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
307 nfc_cb.nci_wait_rsp_tout);
308 }
309 }
310
311 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
312 /* the command queue must be empty now */
313 if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED) {
314 /* HAL requested control or stack needs to handle pre-discover */
315 nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
316 if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
317 if (nfc_cb.p_hal->prediscover()) {
318 /* HAL has the command window now */
319 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
320 nfc_cb.nci_cmd_window = 0;
321 } else {
322 /* HAL does not need to send command,
323 * - restore the command window and issue the discovery command now */
324 nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
325 ps = (uint8_t*)nfc_cb.p_disc_pending;
326 nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
327 GKI_freebuf(nfc_cb.p_disc_pending);
328 nfc_cb.p_disc_pending = nullptr;
329 }
330 } else if (nfc_cb.flags & NFC_FL_HAL_REQUESTED) {
331 /* grant the control to HAL */
332 nfc_cb.flags &= ~NFC_FL_HAL_REQUESTED;
333 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
334 nfc_cb.nci_cmd_window = 0;
335 nfc_cb.p_hal->control_granted();
336 }
337 }
338 }
339 }
340
341 #if (APPL_DTA_MODE == TRUE)
342 /*******************************************************************************
343 **
344 ** Function nfc_ncif_getFWVersion
345 **
346 ** Description This function is called to fet the FW Version
347 **
348 ** Returns tNFC_FW_VERSION
349 **
350 *******************************************************************************/
nfc_ncif_getFWVersion()351 tNFC_FW_VERSION nfc_ncif_getFWVersion() { return nfc_fw_version; }
352 #endif
353
354 /*******************************************************************************
355 **
356 ** Function nfc_ncif_send_cmd
357 **
358 ** Description Send NCI command to the NCIT task
359 **
360 ** Returns void
361 **
362 *******************************************************************************/
nfc_ncif_send_cmd(NFC_HDR * p_buf)363 void nfc_ncif_send_cmd(NFC_HDR* p_buf) {
364 /* post the p_buf to NCIT task */
365 p_buf->event = BT_EVT_TO_NFC_NCI;
366 p_buf->layer_specific = 0;
367 nfc_ncif_check_cmd_queue(p_buf);
368 }
369
370 /*******************************************************************************
371 **
372 ** Function nfc_ncif_process_event
373 **
374 ** Description This function is called to process the
375 ** data/response/notification from NFCC
376 **
377 ** Returns TRUE if need to free buffer
378 **
379 *******************************************************************************/
nfc_ncif_process_event(NFC_HDR * p_msg)380 bool nfc_ncif_process_event(NFC_HDR* p_msg) {
381 uint8_t mt, pbf, gid, *p;
382 bool free = true;
383 uint8_t oid;
384 uint16_t len;
385 uint8_t *p_old, old_gid, old_oid, old_mt;
386
387 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
388
389 if (p_msg->len < 3) {
390 // Per NCI spec, every packets should have at least 3 bytes: HDR0, HDR1, and
391 // LEN field.
392 LOG(ERROR) << StringPrintf("Invalid NCI packet: p_msg->len: %d",
393 p_msg->len);
394 return free;
395 }
396
397 // LEN field contains the size of the payload, not including the 3-byte packet
398 // header.
399 len = p[2] + 3;
400 if (p_msg->len < len) {
401 // Making sure the packet holds enough data than it claims.
402 LOG(ERROR) << StringPrintf("Invalid NCI packet: p_msg->len (%d) < len (%d)",
403 p_msg->len, len);
404 return free;
405 }
406
407 nfcsnoop_capture(p_msg, true);
408
409 NCI_MSG_PRS_HDR0(p, mt, pbf, gid);
410 oid = ((*p) & NCI_OID_MASK);
411 if (nfc_cb.rawVsCbflag == true &&
412 nfc_ncif_proc_proprietary_rsp(mt, gid, oid) == true) {
413 nci_proc_prop_raw_vs_rsp(p_msg);
414 nfc_cb.rawVsCbflag = false;
415 return free;
416 }
417
418 switch (mt) {
419 case NCI_MT_DATA:
420 LOG(VERBOSE) << StringPrintf("NFC received data");
421 nfc_ncif_proc_data(p_msg);
422 free = false;
423 break;
424
425 case NCI_MT_RSP:
426 LOG(VERBOSE) << StringPrintf("NFC received rsp gid:%d", gid);
427 oid = ((*p) & NCI_OID_MASK);
428 p_old = nfc_cb.last_hdr;
429 NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
430 old_oid = ((*p_old) & NCI_OID_MASK);
431 /* make sure this is the RSP we are waiting for before updating the
432 * command window */
433 if ((old_gid != gid) || (old_oid != oid)) {
434 LOG(ERROR) << StringPrintf(
435 "nfc_ncif_process_event unexpected rsp: gid:0x%x, oid:0x%x", gid,
436 oid);
437 return true;
438 }
439
440 switch (gid) {
441 case NCI_GID_CORE: /* 0000b NCI Core group */
442 free = nci_proc_core_rsp(p_msg);
443 break;
444 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
445 nci_proc_rf_management_rsp(p_msg);
446 break;
447 #if (NFC_NFCEE_INCLUDED == TRUE)
448 #if (NFC_RW_ONLY == FALSE)
449 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
450 nci_proc_ee_management_rsp(p_msg);
451 break;
452 #endif
453 #endif
454 case NCI_GID_PROP: /* 1111b Proprietary */
455 nci_proc_prop_rsp(p_msg);
456 break;
457 default:
458 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
459 break;
460 }
461
462 nfc_ncif_update_window();
463 break;
464
465 case NCI_MT_NTF:
466 LOG(VERBOSE) << StringPrintf("NFC received ntf gid:%d", gid);
467 switch (gid) {
468 case NCI_GID_CORE: /* 0000b NCI Core group */
469 nci_proc_core_ntf(p_msg);
470 break;
471 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
472 nci_proc_rf_management_ntf(p_msg);
473 break;
474 #if (NFC_NFCEE_INCLUDED == TRUE)
475 #if (NFC_RW_ONLY == FALSE)
476 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
477 nci_proc_ee_management_ntf(p_msg);
478 break;
479 #endif
480 #endif
481 case NCI_GID_PROP: /* 1111b Proprietary */
482 nci_proc_prop_ntf(p_msg);
483 break;
484 default:
485 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
486 break;
487 }
488 break;
489
490 default:
491 LOG(VERBOSE) << StringPrintf("NFC received unknown mt:0x%x, gid:%d", mt,
492 gid);
493 }
494
495 return (free);
496 }
497
498 /*******************************************************************************
499 **
500 ** Function nfc_ncif_rf_management_status
501 **
502 ** Description This function is called to report an event
503 **
504 ** Returns void
505 **
506 *******************************************************************************/
nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event,uint8_t status)507 void nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event, uint8_t status) {
508 tNFC_DISCOVER evt_data;
509 if (nfc_cb.p_discv_cback) {
510 evt_data.status = (tNFC_STATUS)status;
511 (*nfc_cb.p_discv_cback)(event, &evt_data);
512 }
513 }
514
515 /*******************************************************************************
516 **
517 ** Function nfc_ncif_set_config_status
518 **
519 ** Description This function is called to report NFC_SET_CONFIG_REVT
520 **
521 ** Returns void
522 **
523 *******************************************************************************/
nfc_ncif_set_config_status(uint8_t * p,uint8_t len)524 void nfc_ncif_set_config_status(uint8_t* p, uint8_t len) {
525 tNFC_RESPONSE evt_data;
526 if (nfc_cb.p_resp_cback) {
527 evt_data.set_config.num_param_id = 0;
528 if (len == 0) {
529 LOG(ERROR) << StringPrintf("Insufficient RSP length");
530 evt_data.set_config.status = NFC_STATUS_SYNTAX_ERROR;
531 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
532 return;
533 }
534 evt_data.set_config.status = (tNFC_STATUS)*p++;
535 if (evt_data.set_config.status != NFC_STATUS_OK && len > 1) {
536 evt_data.set_config.num_param_id = *p++;
537 if (evt_data.set_config.num_param_id > NFC_MAX_NUM_IDS) {
538 android_errorWriteLog(0x534e4554, "114047681");
539 LOG(ERROR) << StringPrintf("OOB write num_param_id %d",
540 evt_data.set_config.num_param_id);
541 evt_data.set_config.num_param_id = 0;
542 } else if (evt_data.set_config.num_param_id <= len - 2) {
543 STREAM_TO_ARRAY(evt_data.set_config.param_ids, p,
544 evt_data.set_config.num_param_id);
545 } else {
546 LOG(ERROR) << StringPrintf("Insufficient RSP length %d,num_param_id %d",
547 len, evt_data.set_config.num_param_id);
548 evt_data.set_config.num_param_id = 0;
549 }
550 }
551 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
552 }
553 }
554
555 /*******************************************************************************
556 **
557 ** Function nfc_ncif_event_status
558 **
559 ** Description This function is called to report an event
560 **
561 ** Returns void
562 **
563 *******************************************************************************/
nfc_ncif_event_status(tNFC_RESPONSE_EVT event,uint8_t status)564 void nfc_ncif_event_status(tNFC_RESPONSE_EVT event, uint8_t status) {
565 tNFC_RESPONSE evt_data;
566 if (event == NFC_NFCC_TIMEOUT_REVT && status == NFC_STATUS_HW_TIMEOUT) {
567 uint32_t cmd_hdr = (nfc_cb.last_hdr[0] << 8) | nfc_cb.last_hdr[1];
568 nfc::stats::stats_write(nfc::stats::NFC_ERROR_OCCURRED,
569 (int32_t)NCI_TIMEOUT, (int32_t)cmd_hdr,
570 (int32_t)status);
571 }
572 if (nfc_cb.p_resp_cback) {
573 evt_data.status = (tNFC_STATUS)status;
574 (*nfc_cb.p_resp_cback)(event, &evt_data);
575 }
576 }
577
578 /*******************************************************************************
579 **
580 ** Function nfc_ncif_error_status
581 **
582 ** Description This function is called to report an error event to data
583 ** cback
584 **
585 ** Returns void
586 **
587 *******************************************************************************/
nfc_ncif_error_status(uint8_t conn_id,uint8_t status)588 void nfc_ncif_error_status(uint8_t conn_id, uint8_t status) {
589 tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
590 if (p_cb && p_cb->p_cback) {
591 tNFC_CONN nfc_conn;
592 nfc_conn.status = status;
593 (*p_cb->p_cback)(conn_id, NFC_ERROR_CEVT, &nfc_conn);
594 }
595 nfc::stats::stats_write(nfc::stats::NFC_ERROR_OCCURRED, (int32_t)ERROR_NTF,
596 (int32_t)0, (int32_t)status);
597 }
598
599 /*******************************************************************************
600 **
601 ** Function nfc_ncif_proc_rf_field_ntf
602 **
603 ** Description This function is called to process RF field notification
604 **
605 ** Returns void
606 **
607 *******************************************************************************/
608 #if (NFC_RW_ONLY == FALSE)
nfc_ncif_proc_rf_field_ntf(uint8_t rf_status)609 void nfc_ncif_proc_rf_field_ntf(uint8_t rf_status) {
610 tNFC_RESPONSE evt_data;
611 if (nfc_cb.p_resp_cback) {
612 evt_data.status = (tNFC_STATUS)NFC_STATUS_OK;
613 evt_data.rf_field.rf_field = rf_status;
614 (*nfc_cb.p_resp_cback)(NFC_RF_FIELD_REVT, &evt_data);
615 }
616 }
617 #endif
618
619 /*******************************************************************************
620 **
621 ** Function nfc_ncif_proc_credits
622 **
623 ** Description This function is called to process data credits
624 **
625 ** Returns void
626 **
627 *******************************************************************************/
nfc_ncif_proc_credits(uint8_t * p,uint16_t plen)628 void nfc_ncif_proc_credits(uint8_t* p, uint16_t plen) {
629 uint8_t num, xx;
630 tNFC_CONN_CB* p_cb;
631
632 if (plen != 0) {
633 num = *p++;
634 plen--;
635 if (num * 2 > plen) {
636 android_errorWriteLog(0x534e4554, "118148142");
637 return;
638 }
639 for (xx = 0; xx < num; xx++) {
640 p_cb = nfc_find_conn_cb_by_conn_id(*p++);
641 if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC) {
642 p_cb->num_buff += (*p);
643 #if (BT_USE_TRACES == TRUE)
644 if (p_cb->num_buff > p_cb->init_credits) {
645 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
646 /* if this happens in activated state, it's very likely that our
647 * NFCC has issues */
648 /* However, credit may be returned after deactivation */
649 LOG(ERROR) << StringPrintf("num_buff:0x%x, init_credits:0x%x",
650 p_cb->num_buff, p_cb->init_credits);
651 }
652 p_cb->num_buff = p_cb->init_credits;
653 }
654 #endif
655 /* check if there's nay data in tx q to be sent */
656 nfc_ncif_send_data(p_cb, nullptr);
657 }
658 p++;
659 }
660 }
661 }
662 /*******************************************************************************
663 **
664 ** Function nfc_ncif_decode_rf_params
665 **
666 ** Description This function is called to process the detected technology
667 ** and mode and the associated parameters for DISCOVER_NTF and
668 ** ACTIVATE_NTF
669 **
670 ** Returns void
671 **
672 *******************************************************************************/
nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS * p_param,uint8_t * p)673 uint8_t* nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS* p_param, uint8_t* p) {
674 tNFC_RF_PA_PARAMS* p_pa;
675 uint8_t len, *p_start, u8;
676 tNFC_RF_PB_PARAMS* p_pb;
677 tNFC_RF_LF_PARAMS* p_lf;
678 tNFC_RF_PF_PARAMS* p_pf;
679 tNFC_RF_PISO15693_PARAMS* p_i93;
680 tNFC_RF_ACM_P_PARAMS* acm_p;
681 uint8_t mpl_idx = 0;
682 uint8_t gb_idx = 0, mpl;
683 uint8_t plen;
684 plen = len = *p++;
685 p_start = p;
686 memset(&p_param->param, 0, sizeof(tNFC_RF_TECH_PARAMU));
687
688 if (NCI_DISCOVERY_TYPE_POLL_A == p_param->mode) {
689 p_pa = &p_param->param.pa;
690 /*
691 SENS_RES Response 2 bytes Defined in [DIGPROT] Available after Technology
692 Detection
693 NFCID1 length 1 byte Length of NFCID1 Available after Collision Resolution
694 NFCID1 4, 7, or 10 bytes Defined in [DIGPROT]Available after Collision
695 Resolution
696 SEL_RES Response 1 byte Defined in [DIGPROT]Available after Collision
697 Resolution
698 HRx Length 1 Octets Length of HRx Parameters collected from the response to
699 the T1T RID command.
700 HRx 0 or 2 Octets If present, the first byte SHALL contain HR0 and the second
701 byte SHALL contain HR1 as defined in [DIGITAL].
702 */
703 if (plen < 3) {
704 goto invalid_packet;
705 }
706 plen -= 3;
707 STREAM_TO_ARRAY(p_pa->sens_res, p, 2);
708 p_pa->nfcid1_len = *p++;
709 if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
710 p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
711
712 if (plen < p_pa->nfcid1_len + 1) {
713 goto invalid_packet;
714 }
715 plen -= (p_pa->nfcid1_len + 1);
716 STREAM_TO_ARRAY(p_pa->nfcid1, p, p_pa->nfcid1_len);
717 u8 = *p++;
718
719 if (u8) {
720 if (plen < 1) {
721 goto invalid_packet;
722 }
723 plen--;
724 p_pa->sel_rsp = *p++;
725 }
726
727 if (len ==
728 (7 + p_pa->nfcid1_len + u8)) /* 2(sens_res) + 1(len) +
729 p_pa->nfcid1_len + 1(len) + u8 + hr
730 (1:len + 2) */
731 {
732 p_pa->hr_len = *p++;
733 if (p_pa->hr_len == NCI_T1T_HR_LEN) {
734 p_pa->hr[0] = *p++;
735 p_pa->hr[1] = *p;
736 }
737 }
738 } else if (NCI_DISCOVERY_TYPE_POLL_B == p_param->mode) {
739 /*
740 SENSB_RES Response length (n) 1 byte Length of SENSB_RES Response (Byte 2 -
741 Byte 12 or 13)Available after Technology Detection
742 SENSB_RES Response Byte 2 - Byte 12 or 13 11 or 12 bytes Defined in [DIGPROT]
743 Available after Technology Detection
744 */
745 p_pb = &p_param->param.pb;
746
747 if (plen < 1) {
748 goto invalid_packet;
749 }
750 plen--;
751 p_pb->sensb_res_len = *p++;
752 if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
753 p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
754
755 if (plen < p_pb->sensb_res_len) {
756 goto invalid_packet;
757 }
758 plen -= p_pb->sensb_res_len;
759 STREAM_TO_ARRAY(p_pb->sensb_res, p, p_pb->sensb_res_len);
760 memcpy(p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
761 p_pb->fwi = p_pb->sensb_res[10] >> 4;
762 } else if (NCI_DISCOVERY_TYPE_POLL_F == p_param->mode) {
763 /*
764 Bit Rate 1 byte 1 212 kbps/2 424 kbps/0 and 3 to 255 RFU
765 SENSF_RES Response length.(n) 1 byte Length of SENSF_RES (Byte 2 - Byte 17 or
766 19).Available after Technology Detection
767 SENSF_RES Response Byte 2 - Byte 17 or 19 n bytes Defined in [DIGPROT]
768 Available after Technology Detection
769 */
770 p_pf = &p_param->param.pf;
771
772 if (plen < 2) {
773 goto invalid_packet;
774 }
775 plen -= 2;
776 p_pf->bit_rate = *p++;
777 p_pf->sensf_res_len = *p++;
778 if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
779 p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
780
781 if (plen < p_pf->sensf_res_len) {
782 goto invalid_packet;
783 }
784 plen -= p_pf->sensf_res_len;
785 STREAM_TO_ARRAY(p_pf->sensf_res, p, p_pf->sensf_res_len);
786
787 if (p_pf->sensf_res_len < NCI_MRTI_UPDATE_INDEX + 1) {
788 goto invalid_packet;
789 }
790 memcpy(p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
791 p_pf->mrti_check = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
792 p_pf->mrti_update = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
793 } else if (NCI_DISCOVERY_TYPE_LISTEN_F == p_param->mode) {
794 p_lf = &p_param->param.lf;
795
796 if (plen < 1) {
797 goto invalid_packet;
798 }
799 plen--;
800 u8 = *p++;
801 if (u8) {
802 if (plen < NCI_NFCID2_LEN) {
803 goto invalid_packet;
804 }
805 plen -= NCI_NFCID2_LEN;
806 STREAM_TO_ARRAY(p_lf->nfcid2, p, NCI_NFCID2_LEN);
807 }
808 } else if (NCI_DISCOVERY_TYPE_POLL_V == p_param->mode) {
809 p_i93 = &p_param->param.pi93;
810
811 if (plen < 2) {
812 goto invalid_packet;
813 }
814 plen -= 2;
815 p_i93->flag = *p++;
816 p_i93->dsfid = *p++;
817
818 if (plen < NFC_ISO15693_UID_LEN) {
819 goto invalid_packet;
820 }
821 plen -= NFC_ISO15693_UID_LEN;
822 STREAM_TO_ARRAY(p_i93->uid, p, NFC_ISO15693_UID_LEN);
823 } else if (NCI_DISCOVERY_TYPE_POLL_KOVIO == p_param->mode) {
824 p_param->param.pk.uid_len = len;
825 if (p_param->param.pk.uid_len > NFC_KOVIO_MAX_LEN) {
826 LOG(ERROR) << StringPrintf("Kovio UID len:0x%x exceeds max(0x%x)",
827 p_param->param.pk.uid_len, NFC_KOVIO_MAX_LEN);
828 p_param->param.pk.uid_len = NFC_KOVIO_MAX_LEN;
829 }
830 STREAM_TO_ARRAY(p_param->param.pk.uid, p, p_param->param.pk.uid_len);
831 }
832
833 invalid_packet:
834 return (p_start + len);
835 }
836
837 /*******************************************************************************
838 **
839 ** Function nfc_ncif_proc_discover_ntf
840 **
841 ** Description This function is called to process discover notification
842 **
843 ** Returns void
844 **
845 *******************************************************************************/
nfc_ncif_proc_discover_ntf(uint8_t * p,uint16_t plen)846 void nfc_ncif_proc_discover_ntf(uint8_t* p, uint16_t plen) {
847 tNFC_DISCOVER evt_data;
848
849 if (nfc_cb.p_discv_cback) {
850 // validate packet length should be larger than (NCI header + rf_disc_id +
851 // protocol + mode + length of rf parameters).
852 if (plen < NCI_MSG_HDR_SIZE + 4) {
853 evt_data.status = NCI_STATUS_FAILED;
854 goto invalid_packet;
855 }
856 plen -= (NCI_MSG_HDR_SIZE + 4);
857 p += NCI_MSG_HDR_SIZE;
858 evt_data.status = NCI_STATUS_OK;
859 evt_data.result.rf_disc_id = *p++;
860 evt_data.result.protocol = *p++;
861
862 /* fill in tNFC_RESULT_DEVT */
863 evt_data.result.rf_tech_param.mode = *p++;
864
865 // validate packet length should be larger than (rf_tech_param + ntf_type)
866 if (plen < *p + 1) {
867 evt_data.status = NCI_STATUS_FAILED;
868 goto invalid_packet;
869 }
870 plen -= (*p + 1);
871 p = nfc_ncif_decode_rf_params(&evt_data.result.rf_tech_param, p);
872
873 evt_data.result.more = *p++;
874
875 invalid_packet:
876 (*nfc_cb.p_discv_cback)(NFC_RESULT_DEVT, &evt_data);
877 }
878 }
879
880 /*******************************************************************************
881 **
882 ** Function nfc_ncif_proc_isodep_nak_presence_check_status
883 **
884 ** Description This function is called to handle response and notification
885 ** for presence check nak command
886 **
887 ** Returns void
888 **
889 *******************************************************************************/
nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,bool is_ntf)890 void nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,
891 bool is_ntf) {
892 rw_t4t_handle_isodep_nak_rsp(status, is_ntf);
893 }
894
895 /*******************************************************************************
896 **
897 ** Function nfc_ncif_proc_charging_status
898 **
899 ** Description This function is called to process WPT start response
900 **
901 ** Returns void
902 **
903 *******************************************************************************/
nfc_ncif_proc_charging_status(uint8_t * p,uint8_t len)904 void nfc_ncif_proc_charging_status(uint8_t* p, uint8_t len) {
905 tNFC_DISCOVER evt_data;
906
907 if (len != 1) {
908 evt_data.status = NCI_STATUS_FAILED;
909 LOG(ERROR) << StringPrintf("%s; bad len:0x%x", __func__, len);
910 goto invalid_packet;
911 }
912
913 evt_data.status = NCI_STATUS_OK;
914 /* Return WPT End Condition */
915 evt_data.wpt_result = *p;
916
917 LOG(VERBOSE) << StringPrintf("%s; wpt_result=%d", __func__,
918 evt_data.wpt_result);
919
920 invalid_packet:
921 if (nfc_cb.p_discv_cback) {
922 (*nfc_cb.p_discv_cback)(NFC_WPT_RESULT_DEVT, &evt_data);
923 }
924 }
925
926 /*******************************************************************************
927 **
928 ** Function nfc_ncif_proc_activate
929 **
930 ** Description This function is called to process de-activate
931 ** response and notification
932 **
933 ** Returns void
934 **
935 *******************************************************************************/
nfc_ncif_proc_activate(uint8_t * p,uint8_t len)936 void nfc_ncif_proc_activate(uint8_t* p, uint8_t len) {
937 tNFC_DISCOVER evt_data;
938 tNFC_INTF_PARAMS* p_intf = &evt_data.activate.intf_param;
939 tNFC_INTF_PA_ISO_DEP* p_pa_iso;
940 tNFC_INTF_LB_ISO_DEP* p_lb_iso;
941 tNFC_INTF_PB_ISO_DEP* p_pb_iso;
942 #if (NFC_RW_ONLY == FALSE)
943 tNFC_INTF_PA_NFC_DEP* p_pa_nfc;
944 int mpl_idx = 0;
945 uint8_t gb_idx = 0, mpl;
946 #endif
947 uint8_t t0;
948 tNCI_DISCOVERY_TYPE mode;
949 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
950 uint8_t *pp, len_act;
951 uint8_t buff_size, num_buff;
952 tNFC_RF_PA_PARAMS* p_pa;
953 uint8_t plen = len, pplen = 0;
954
955 nfc_set_state(NFC_STATE_OPEN);
956
957 memset(p_intf, 0, sizeof(tNFC_INTF_PARAMS));
958 // validate packet length should be larger than (rf_disc_id + type +
959 // protocol + mode + buff_size + num_buff + length of rf parameters).
960 if (plen < 7) {
961 evt_data.status = NCI_STATUS_FAILED;
962 goto invalid_packet;
963 }
964 plen -= 7;
965
966 evt_data.activate.rf_disc_id = *p++;
967 p_intf->type = *p++;
968 evt_data.activate.protocol = *p++;
969
970 if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
971 evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
972
973 evt_data.activate.rf_tech_param.mode = *p++;
974 buff_size = *p++;
975 num_buff = *p++;
976 /* fill in tNFC_activate_DEVT */
977 // validate remaining packet length should be larger than (rf_tech_param +
978 // data_mode + tx_bitrate + rx_bitrte + len_act).
979 if (plen < *p + 4) {
980 evt_data.status = NCI_STATUS_FAILED;
981 goto invalid_packet;
982 }
983 plen -= (*p + 4);
984 p = nfc_ncif_decode_rf_params(&evt_data.activate.rf_tech_param, p);
985
986 evt_data.activate.data_mode = *p++;
987 evt_data.activate.tx_bitrate = *p++;
988 evt_data.activate.rx_bitrate = *p++;
989 mode = evt_data.activate.rf_tech_param.mode;
990 len_act = *p++;
991 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_activate:%d %d, mode:0x%02x", len,
992 len_act, mode);
993 /* just in case the interface reports activation parameters not defined in the
994 * NCI spec */
995 p_intf->intf_param.frame.param_len = len_act;
996 if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
997 p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
998 pp = p;
999
1000 if (plen < p_intf->intf_param.frame.param_len) {
1001 evt_data.status = NCI_STATUS_FAILED;
1002 goto invalid_packet;
1003 }
1004 STREAM_TO_ARRAY(p_intf->intf_param.frame.param, pp,
1005 p_intf->intf_param.frame.param_len);
1006 if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP) {
1007 /* Make max payload of NCI aligned to max payload of ISO-DEP for better
1008 * performance */
1009 if (buff_size > NCI_ISO_DEP_MAX_INFO) buff_size = NCI_ISO_DEP_MAX_INFO;
1010
1011 switch (mode) {
1012 case NCI_DISCOVERY_TYPE_POLL_A:
1013 p_pa_iso = &p_intf->intf_param.pa_iso;
1014
1015 if (plen < 1) {
1016 evt_data.status = NCI_STATUS_FAILED;
1017 goto invalid_packet;
1018 }
1019 plen--;
1020 p_pa_iso->ats_res_len = *p++;
1021
1022 if (p_pa_iso->ats_res_len == 0) break;
1023
1024 if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
1025 p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
1026
1027 if (plen < p_pa_iso->ats_res_len) {
1028 evt_data.status = NCI_STATUS_FAILED;
1029 goto invalid_packet;
1030 }
1031 plen -= p_pa_iso->ats_res_len;
1032 STREAM_TO_ARRAY(p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
1033
1034 pplen = p_pa_iso->ats_res_len;
1035 pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
1036 t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
1037 pp++; /* T0 */
1038 pplen--;
1039 if (t0 & NCI_ATS_TA_MASK) {
1040 if (pplen < 1) {
1041 evt_data.status = NCI_STATUS_FAILED;
1042 goto invalid_packet;
1043 }
1044 pplen--;
1045 pp++; /* TA */
1046 }
1047 if (t0 & NCI_ATS_TB_MASK) {
1048 /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time
1049 * Integer) */
1050 if (pplen < 1) {
1051 evt_data.status = NCI_STATUS_FAILED;
1052 goto invalid_packet;
1053 }
1054 pplen--;
1055 p_pa_iso->fwi = (((*pp) >> 4) & 0x0F);
1056 p_pa_iso->sfgi = ((*pp) & 0x0F);
1057 pp++; /* TB */
1058 }
1059 if (t0 & NCI_ATS_TC_MASK) {
1060 if (pplen < 1) {
1061 evt_data.status = NCI_STATUS_FAILED;
1062 goto invalid_packet;
1063 }
1064 pplen--;
1065 p_pa_iso->nad_used = ((*pp) & 0x01);
1066 pp++; /* TC */
1067 }
1068 p_pa_iso->his_byte_len =
1069 (uint8_t)(p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
1070 if (p_pa_iso->his_byte_len > NFC_MAX_HIS_BYTES_LEN)
1071 p_pa_iso->his_byte_len = NFC_MAX_HIS_BYTES_LEN;
1072 if (pplen < p_pa_iso->his_byte_len) {
1073 evt_data.status = NCI_STATUS_FAILED;
1074 goto invalid_packet;
1075 }
1076 memcpy(p_pa_iso->his_byte, pp, p_pa_iso->his_byte_len);
1077 break;
1078
1079 case NCI_DISCOVERY_TYPE_LISTEN_A:
1080 if (plen < 1) {
1081 evt_data.status = NCI_STATUS_FAILED;
1082 goto invalid_packet;
1083 }
1084 plen--;
1085 p_intf->intf_param.la_iso.rats = *p++;
1086 gettimeofday(&timer_start, nullptr);
1087 break;
1088
1089 case NCI_DISCOVERY_TYPE_POLL_B:
1090 /* ATTRIB RSP
1091 Byte 1 Byte 2 ~ 2+n-1
1092 MBLI/DID Higher layer - Response
1093 */
1094 p_pb_iso = &p_intf->intf_param.pb_iso;
1095
1096 if (plen < 1) {
1097 evt_data.status = NCI_STATUS_FAILED;
1098 goto invalid_packet;
1099 }
1100 plen--;
1101 p_pb_iso->attrib_res_len = *p++;
1102
1103 if (p_pb_iso->attrib_res_len == 0) break;
1104
1105 if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
1106 p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
1107
1108 if (plen < p_pb_iso->attrib_res_len) {
1109 evt_data.status = NCI_STATUS_FAILED;
1110 goto invalid_packet;
1111 }
1112 plen -= p_pb_iso->attrib_res_len;
1113 STREAM_TO_ARRAY(p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
1114 p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
1115 if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES) {
1116 p_pb_iso->hi_info_len =
1117 p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
1118 if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1119 p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1120 memcpy(p_pb_iso->hi_info,
1121 &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES],
1122 p_pb_iso->hi_info_len);
1123 }
1124 break;
1125
1126 case NCI_DISCOVERY_TYPE_LISTEN_B:
1127 /* ATTRIB CMD
1128 Byte 2~5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 ~ 10+k-1
1129 NFCID0 Param 1 Param 2 Param 3 Param 4 Higher layer - INF
1130 */
1131 p_lb_iso = &p_intf->intf_param.lb_iso;
1132
1133 if (plen < 1) {
1134 evt_data.status = NCI_STATUS_FAILED;
1135 goto invalid_packet;
1136 }
1137 plen--;
1138 p_lb_iso->attrib_req_len = *p++;
1139
1140 if (p_lb_iso->attrib_req_len == 0) break;
1141
1142 if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
1143 p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
1144
1145 if (plen < p_lb_iso->attrib_req_len) {
1146 evt_data.status = NCI_STATUS_FAILED;
1147 goto invalid_packet;
1148 }
1149 plen -= p_lb_iso->attrib_req_len;
1150 STREAM_TO_ARRAY(p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
1151
1152 if (p_lb_iso->attrib_req_len < NFC_NFCID0_MAX_LEN) {
1153 evt_data.status = NCI_STATUS_FAILED;
1154 goto invalid_packet;
1155 }
1156 memcpy(p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
1157 if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES) {
1158 p_lb_iso->hi_info_len =
1159 p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
1160 if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1161 p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1162 memcpy(p_lb_iso->hi_info,
1163 &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES],
1164 p_lb_iso->hi_info_len);
1165 }
1166 gettimeofday(&timer_start, nullptr);
1167 break;
1168 }
1169
1170 }
1171 #if (NFC_RW_ONLY == FALSE)
1172 else if (evt_data.activate.intf_param.type == NCI_INTERFACE_NFC_DEP) {
1173 /* Make max payload of NCI aligned to max payload of NFC-DEP for better
1174 * performance */
1175 if (buff_size > NCI_NFC_DEP_MAX_DATA) buff_size = NCI_NFC_DEP_MAX_DATA;
1176
1177 p_pa_nfc = &p_intf->intf_param.pa_nfc;
1178
1179 if (plen < 1) {
1180 evt_data.status = NCI_STATUS_FAILED;
1181 goto invalid_packet;
1182 }
1183 plen--;
1184 p_pa_nfc->atr_res_len = *p++;
1185
1186 if (p_pa_nfc->atr_res_len > 0) {
1187 if (p_pa_nfc->atr_res_len > NFC_MAX_ATS_LEN)
1188 p_pa_nfc->atr_res_len = NFC_MAX_ATS_LEN;
1189
1190 if (plen < p_pa_nfc->atr_res_len) {
1191 evt_data.status = NCI_STATUS_FAILED;
1192 goto invalid_packet;
1193 }
1194 plen -= p_pa_nfc->atr_res_len;
1195 STREAM_TO_ARRAY(p_pa_nfc->atr_res, p, p_pa_nfc->atr_res_len);
1196
1197 if ((mode == NCI_DISCOVERY_TYPE_POLL_A) ||
1198 (mode == NCI_DISCOVERY_TYPE_POLL_F)) {
1199 /* ATR_RES
1200 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17 Byte 18~18+n
1201 NFCID3T DIDT BST BRT TO PPT [GT0 ... GTn] */
1202 mpl_idx = 14;
1203 gb_idx = NCI_P_GEN_BYTE_INDEX;
1204
1205 if (p_pa_nfc->atr_res_len < NCI_L_NFC_DEP_TO_INDEX + 1) {
1206 evt_data.status = NCI_STATUS_FAILED;
1207 goto invalid_packet;
1208 }
1209 p_pa_nfc->waiting_time =
1210 p_pa_nfc->atr_res[NCI_L_NFC_DEP_TO_INDEX] & 0x0F;
1211 } else if ((mode == NCI_DISCOVERY_TYPE_LISTEN_A) ||
1212 (mode == NCI_DISCOVERY_TYPE_LISTEN_F)) {
1213 /* ATR_REQ
1214 Byte 3~12 Byte 13 Byte 14 Byte 15 Byte 16 Byte 17~17+n
1215 NFCID3I DIDI BSI BRI PPI [GI0 ... GIn] */
1216 mpl_idx = 13;
1217 gb_idx = NCI_L_GEN_BYTE_INDEX;
1218 }
1219
1220 if (p_pa_nfc->atr_res_len < mpl_idx + 1) {
1221 evt_data.status = NCI_STATUS_FAILED;
1222 goto invalid_packet;
1223 }
1224 mpl = ((p_pa_nfc->atr_res[mpl_idx]) >> 4) & 0x03;
1225 p_pa_nfc->max_payload_size = nfc_mpl_code_to_size[mpl];
1226 if (p_pa_nfc->atr_res_len > gb_idx) {
1227 p_pa_nfc->gen_bytes_len = p_pa_nfc->atr_res_len - gb_idx;
1228 if (p_pa_nfc->gen_bytes_len > NFC_MAX_GEN_BYTES_LEN)
1229 p_pa_nfc->gen_bytes_len = NFC_MAX_GEN_BYTES_LEN;
1230 memcpy(p_pa_nfc->gen_bytes, &p_pa_nfc->atr_res[gb_idx],
1231 p_pa_nfc->gen_bytes_len);
1232 }
1233 }
1234 }
1235 #endif
1236 else if ((evt_data.activate.intf_param.type == NCI_INTERFACE_FRAME) &&
1237 (evt_data.activate.protocol == NCI_PROTOCOL_T1T)) {
1238 p_pa = &evt_data.activate.rf_tech_param.param.pa;
1239 if ((len_act == NCI_T1T_HR_LEN) && (p_pa->hr_len == 0)) {
1240 p_pa->hr_len = NCI_T1T_HR_LEN;
1241
1242 if (plen < 2) {
1243 evt_data.status = NCI_STATUS_FAILED;
1244 goto invalid_packet;
1245 }
1246 plen -= 2;
1247 p_pa->hr[0] = *p++;
1248 p_pa->hr[1] = *p++;
1249 }
1250 }
1251
1252 p_cb->act_protocol = evt_data.activate.protocol;
1253 p_cb->act_interface = evt_data.activate.intf_param.type;
1254 p_cb->buff_size = buff_size;
1255 p_cb->num_buff = num_buff;
1256 p_cb->init_credits = num_buff;
1257
1258 invalid_packet:
1259 if (nfc_cb.p_discv_cback) {
1260 (*nfc_cb.p_discv_cback)(NFC_ACTIVATE_DEVT, &evt_data);
1261 }
1262 }
1263
1264 /*******************************************************************************
1265 **
1266 ** Function nfc_ncif_proc_deactivate
1267 **
1268 ** Description This function is called to process de-activate
1269 ** response and notification
1270 **
1271 ** Returns void
1272 **
1273 *******************************************************************************/
nfc_ncif_proc_deactivate(uint8_t status,uint8_t deact_type,bool is_ntf)1274 void nfc_ncif_proc_deactivate(uint8_t status, uint8_t deact_type, bool is_ntf) {
1275 tNFC_DISCOVER evt_data;
1276 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1277 void* p_data;
1278
1279 nfc_set_state(NFC_STATE_IDLE);
1280 evt_data.deactivate.status = status;
1281 evt_data.deactivate.type = deact_type;
1282 evt_data.deactivate.is_ntf = is_ntf;
1283 if (NFC_GetNCIVersion() >= NCI_VERSION_2_0) {
1284 evt_data.deactivate.reason = nfc_cb.deact_reason;
1285 }
1286
1287 while ((p_data = GKI_dequeue(&p_cb->rx_q)) != nullptr) {
1288 GKI_freebuf(p_data);
1289 }
1290
1291 while ((p_data = GKI_dequeue(&p_cb->tx_q)) != nullptr) {
1292 GKI_freebuf(p_data);
1293 }
1294
1295 if (p_cb->p_cback) {
1296 tNFC_CONN nfc_conn;
1297 nfc_conn.deactivate = evt_data.deactivate;
1298 (*p_cb->p_cback)(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &nfc_conn);
1299 }
1300
1301 if (nfc_cb.p_discv_cback) {
1302 (*nfc_cb.p_discv_cback)(NFC_DEACTIVATE_DEVT, &evt_data);
1303 }
1304
1305 // clear previous stored tick count if not comsumed
1306 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
1307 memset(&timer_start, 0, sizeof(timer_start));
1308 }
1309 }
1310 /*******************************************************************************
1311 **
1312 ** Function nfc_ncif_proc_ee_action
1313 **
1314 ** Description This function is called to process NFCEE ACTION NTF
1315 **
1316 ** Returns void
1317 **
1318 *******************************************************************************/
1319 #if (NFC_NFCEE_INCLUDED == TRUE && NFC_RW_ONLY == FALSE)
nfc_ncif_proc_ee_action(uint8_t * p,uint16_t plen)1320 void nfc_ncif_proc_ee_action(uint8_t* p, uint16_t plen) {
1321 tNFC_EE_ACTION_REVT evt_data;
1322 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1323 tNFC_RESPONSE nfc_response;
1324 uint8_t data_len, ulen, tag, *p_data;
1325 uint8_t max_len;
1326
1327 if (p_cback) {
1328 memset(&evt_data.act_data, 0, sizeof(tNFC_ACTION_DATA));
1329 if (plen > 3) {
1330 plen -= 3;
1331 } else {
1332 evt_data.status = NFC_STATUS_FAILED;
1333 evt_data.nfcee_id = 0;
1334 nfc_response.ee_action = evt_data;
1335 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1336 android_errorWriteLog(0x534e4554, "157649306");
1337 return;
1338 }
1339 evt_data.status = NFC_STATUS_OK;
1340 evt_data.nfcee_id = *p++;
1341 evt_data.act_data.trigger = *p++;
1342 data_len = *p++;
1343 if (data_len > plen) data_len = (uint8_t)plen;
1344
1345 switch (evt_data.act_data.trigger) {
1346 case NCI_EE_TRIG_7816_SELECT:
1347 if (data_len > NFC_MAX_AID_LEN) data_len = NFC_MAX_AID_LEN;
1348 evt_data.act_data.param.aid.len_aid = data_len;
1349 STREAM_TO_ARRAY(evt_data.act_data.param.aid.aid, p, data_len);
1350 break;
1351 case NCI_EE_TRIG_RF_PROTOCOL:
1352 evt_data.act_data.param.protocol = *p++;
1353 break;
1354 case NCI_EE_TRIG_RF_TECHNOLOGY:
1355 evt_data.act_data.param.technology = *p++;
1356 break;
1357 case NCI_EE_TRIG_APP_INIT:
1358 while (data_len > NFC_TL_SIZE) {
1359 data_len -= NFC_TL_SIZE;
1360 tag = *p++;
1361 ulen = *p++;
1362 if (ulen > data_len) ulen = data_len;
1363 p_data = nullptr;
1364 max_len = ulen;
1365 switch (tag) {
1366 case NCI_EE_ACT_TAG_AID: /* AID */
1367 if (max_len > NFC_MAX_AID_LEN) max_len = NFC_MAX_AID_LEN;
1368 evt_data.act_data.param.app_init.len_aid = max_len;
1369 p_data = evt_data.act_data.param.app_init.aid;
1370 break;
1371 case NCI_EE_ACT_TAG_DATA: /* hex data for app */
1372 if (max_len > NFC_MAX_APP_DATA_LEN)
1373 max_len = NFC_MAX_APP_DATA_LEN;
1374 evt_data.act_data.param.app_init.len_data = max_len;
1375 p_data = evt_data.act_data.param.app_init.data;
1376 break;
1377 }
1378 if (p_data) {
1379 STREAM_TO_ARRAY(p_data, p, max_len);
1380 }
1381 data_len -= ulen;
1382 }
1383 break;
1384 }
1385 nfc_response.ee_action = evt_data;
1386 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1387 }
1388 }
1389
1390 /*******************************************************************************
1391 **
1392 ** Function nfc_ncif_proc_ee_discover_req
1393 **
1394 ** Description This function is called to process NFCEE DISCOVER REQ NTF
1395 **
1396 ** Returns void
1397 **
1398 *******************************************************************************/
nfc_ncif_proc_ee_discover_req(uint8_t * p,uint16_t plen)1399 void nfc_ncif_proc_ee_discover_req(uint8_t* p, uint16_t plen) {
1400 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1401 tNFC_EE_DISCOVER_REQ_REVT ee_disc_req;
1402 tNFC_EE_DISCOVER_INFO* p_info;
1403 uint8_t u8;
1404
1405 if (!plen) {
1406 android_errorWriteLog(0x534e4554, "221856662");
1407 return;
1408 }
1409
1410 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_ee_discover_req %d len:%d", *p,
1411 plen);
1412
1413 if (!plen) {
1414 android_errorWriteLog(0x534e4554, "221856662");
1415 return;
1416 }
1417
1418 if (*p > NFC_MAX_EE_DISC_ENTRIES) {
1419 android_errorWriteLog(0x534e4554, "122361874");
1420 LOG(ERROR) << __func__ << "Exceed NFC_MAX_EE_DISC_ENTRIES";
1421 return;
1422 }
1423
1424 if (p_cback) {
1425 u8 = *p;
1426 ee_disc_req.status = NFC_STATUS_OK;
1427 ee_disc_req.num_info = *p++;
1428 p_info = ee_disc_req.info;
1429 if (plen) plen--;
1430 while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN)) {
1431 p_info->op = *p++; /* T */
1432 if (*p != NFC_EE_DISCOVER_INFO_LEN) /* L */
1433 {
1434 LOG(VERBOSE) << StringPrintf("bad entry len:%d", *p);
1435 return;
1436 }
1437 p++;
1438 /* V */
1439 p_info->nfcee_id = *p++;
1440 p_info->tech_n_mode = *p++;
1441 p_info->protocol = *p++;
1442 u8--;
1443 plen -= NFC_EE_DISCOVER_ENTRY_LEN;
1444 p_info++;
1445 }
1446 tNFC_RESPONSE nfc_response;
1447 nfc_response.ee_discover_req = ee_disc_req;
1448 (*p_cback)(NFC_EE_DISCOVER_REQ_REVT, &nfc_response);
1449 }
1450 }
1451
1452 /*******************************************************************************
1453 **
1454 ** Function nfc_ncif_proc_get_routing
1455 **
1456 ** Description This function is called to process get routing notification
1457 **
1458 ** Returns void
1459 **
1460 *******************************************************************************/
nfc_ncif_proc_get_routing(uint8_t * p,uint8_t len)1461 void nfc_ncif_proc_get_routing(uint8_t* p, uint8_t len) {
1462 tNFC_GET_ROUTING_REVT evt_data;
1463 uint8_t more, num_entries, xx, *pn;
1464 tNFC_STATUS status = NFC_STATUS_CONTINUE;
1465
1466 if (len >= 2 && nfc_cb.p_resp_cback) {
1467 more = *p++;
1468 num_entries = *p++;
1469 if (num_entries == 0) return;
1470 len -= 2;
1471 if (len < 2) {
1472 LOG(ERROR) << StringPrintf("Invalid len=%d", len);
1473 return;
1474 }
1475 for (xx = 0; xx < num_entries; xx++) {
1476 if ((more == false) && (xx == (num_entries - 1))) status = NFC_STATUS_OK;
1477 evt_data.status = (tNFC_STATUS)status;
1478 if (len >= 2)
1479 len -= 2;
1480 else
1481 return;
1482 evt_data.qualifier_type = *p++;
1483 evt_data.num_tlvs = 1;
1484 evt_data.tlv_size = *p++;
1485 if (evt_data.tlv_size > NFC_MAX_EE_TLV_SIZE) {
1486 android_errorWriteLog(0x534e4554, "117554809");
1487 LOG(ERROR) << __func__ << "Invalid data format";
1488 return;
1489 }
1490 if (evt_data.tlv_size > len) {
1491 LOG(ERROR) << StringPrintf("Invalid evt_data.tlv_size");
1492 return;
1493 } else
1494 len -= evt_data.tlv_size;
1495 pn = evt_data.param_tlvs;
1496 STREAM_TO_ARRAY(pn, p, evt_data.tlv_size);
1497 tNFC_RESPONSE nfc_response;
1498 nfc_response.get_routing = evt_data;
1499 (*nfc_cb.p_resp_cback)(NFC_GET_ROUTING_REVT, &nfc_response);
1500 }
1501 }
1502 }
1503 #endif
1504
1505 /*******************************************************************************
1506 **
1507 ** Function nfc_ncif_proc_conn_create_rsp
1508 **
1509 ** Description This function is called to process connection create
1510 ** response
1511 **
1512 ** Returns void
1513 **
1514 *******************************************************************************/
nfc_ncif_proc_conn_create_rsp(uint8_t * p,uint16_t plen,uint8_t dest_type)1515 void nfc_ncif_proc_conn_create_rsp(uint8_t* p,
1516 __attribute__((unused)) uint16_t plen,
1517 uint8_t dest_type) {
1518 tNFC_CONN_CB* p_cb;
1519 tNFC_STATUS status;
1520 tNFC_CONN_CBACK* p_cback;
1521 tNFC_CONN evt_data;
1522 uint8_t conn_id;
1523
1524 /* find the pending connection control block */
1525 p_cb = nfc_find_conn_cb_by_conn_id(NFC_PEND_CONN_ID);
1526 if (p_cb) {
1527 p += NCI_MSG_HDR_SIZE;
1528 status = *p++;
1529 p_cb->buff_size = *p++;
1530 p_cb->num_buff = p_cb->init_credits = *p++;
1531 conn_id = *p++;
1532 if (conn_id > NFC_MAX_CONN_ID) {
1533 status = NCI_STATUS_FAILED;
1534 conn_id = NFC_ILLEGAL_CONN_ID;
1535 }
1536 evt_data.conn_create.status = status;
1537 evt_data.conn_create.dest_type = dest_type;
1538 evt_data.conn_create.id = p_cb->id;
1539 evt_data.conn_create.buff_size = p_cb->buff_size;
1540 evt_data.conn_create.num_buffs = p_cb->num_buff;
1541 p_cback = p_cb->p_cback;
1542 if (status == NCI_STATUS_OK) {
1543 nfc_set_conn_id(p_cb, conn_id);
1544 } else {
1545 nfc_free_conn_cb(p_cb);
1546 }
1547
1548 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
1549 }
1550 }
1551
1552 /*******************************************************************************
1553 **
1554 ** Function nfc_ncif_report_conn_close_evt
1555 **
1556 ** Description This function is called to report connection close event
1557 **
1558 ** Returns void
1559 **
1560 *******************************************************************************/
nfc_ncif_report_conn_close_evt(uint8_t conn_id,tNFC_STATUS status)1561 void nfc_ncif_report_conn_close_evt(uint8_t conn_id, tNFC_STATUS status) {
1562 tNFC_CONN evt_data;
1563 tNFC_CONN_CBACK* p_cback;
1564 tNFC_CONN_CB* p_cb;
1565
1566 p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1567 if (p_cb) {
1568 p_cback = p_cb->p_cback;
1569 nfc_free_conn_cb(p_cb);
1570 evt_data.status = status;
1571 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
1572 }
1573 }
1574
1575 /*******************************************************************************
1576 **
1577 ** Function nfc_ncif_proc_reset_rsp
1578 **
1579 ** Description This function is called to process reset
1580 ** response/notification
1581 **
1582 ** Returns void
1583 **
1584 *******************************************************************************/
nfc_ncif_proc_reset_rsp(uint8_t * p,bool is_ntf)1585 void nfc_ncif_proc_reset_rsp(uint8_t* p, bool is_ntf) {
1586 uint8_t* p_len = p - 1;
1587 uint8_t status = NCI_STATUS_FAILED;
1588 uint8_t wait_for_ntf = FALSE;
1589
1590 status = *p_len > 0 ? *p++ : NCI_STATUS_FAILED;
1591 if (*p_len > 2 && is_ntf) {
1592 LOG(WARNING) << StringPrintf("reset notification!!:0x%x ", status);
1593 /* clean up, if the state is OPEN
1594 * FW does not report reset ntf right now */
1595 if (status == NCI2_X_RESET_TRIGGER_TYPE_CORE_RESET_CMD_RECEIVED ||
1596 status == NCI2_X_RESET_TRIGGER_TYPE_POWERED_ON) {
1597 LOG(VERBOSE) << StringPrintf(
1598 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1599 nfc_cb.nfc_state);
1600 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
1601 p++;
1602 STREAM_TO_UINT8(nfc_cb.nci_version, p);
1603 LOG(VERBOSE) << StringPrintf(" CORE_RESET_NTF nci_version%x",
1604 nfc_cb.nci_version);
1605 status = NCI_STATUS_OK;
1606 } else {
1607 /* CORE_RESET_NTF received error case , trigger recovery*/
1608 LOG(ERROR) << StringPrintf(
1609 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1610 nfc_cb.nfc_state);
1611 nfc_ncif_cmd_timeout();
1612 status = NCI_STATUS_FAILED;
1613 }
1614 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
1615 /*if any conn_cb is connected, close it.
1616 if any pending outgoing packets are dropped.*/
1617 nfc_reset_all_conn_cbs();
1618 }
1619 } else {
1620 LOG(VERBOSE) << StringPrintf("CORE_RESET_RSP len :0x%x ", *p_len);
1621 if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_2_0)) {
1622 wait_for_ntf = TRUE;
1623 } else if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_1_0)) {
1624 nfc_cb.nci_version = NCI_VERSION_1_0;
1625 }
1626 }
1627
1628 if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
1629 nfc_reset_all_conn_cbs();
1630 }
1631
1632 if (status == NCI_STATUS_OK) {
1633 if (wait_for_ntf == TRUE) {
1634 /* reset version reported by NFCC is NCI2.0 , start a timer for 2000ms to
1635 * wait for NTF*/
1636 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
1637 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
1638 nfc_cb.nci_wait_rsp_tout);
1639 } else {
1640 if (nfc_cb.nci_version == NCI_VERSION_1_0)
1641 nci_snd_core_init(NCI_VERSION_1_0);
1642 else
1643 nci_snd_core_init(NCI_VERSION_2_0);
1644 }
1645 } else {
1646 LOG(ERROR) << StringPrintf("Failed to reset NFCC");
1647 nfc_enabled(status, nullptr);
1648 }
1649 }
1650
1651 /*******************************************************************************
1652 **
1653 ** Function nfc_ncif_proc_init_rsp
1654 **
1655 ** Description This function is called to process init response
1656 **
1657 ** Returns void
1658 **
1659 *******************************************************************************/
nfc_ncif_proc_init_rsp(NFC_HDR * p_msg)1660 void nfc_ncif_proc_init_rsp(NFC_HDR* p_msg) {
1661 uint8_t *p, status;
1662 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1663
1664 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1665
1666 /* handle init params in nfc_enabled */
1667 status = *(p + NCI_MSG_HDR_SIZE);
1668 if (status == NCI_STATUS_OK) {
1669 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1670 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1671 } else {
1672 p_cb->id = NFC_RF_CONN_ID;
1673 // check scbr bit as per NCI 2.0 spec
1674 nfc_cb.isScbrSupported = p[5] & NCI_SCBR_MASK;
1675 LOG(VERBOSE) << StringPrintf("scbr support: 0x%x", nfc_cb.isScbrSupported);
1676 p_cb->act_protocol = NCI_PROTOCOL_UNKNOWN;
1677
1678 nfc_set_state(NFC_STATE_W4_POST_INIT_CPLT);
1679
1680 nfc_cb.p_nci_init_rsp = p_msg;
1681 nfc_cb.p_hal->core_initialized(p_msg->len, p);
1682 }
1683 } else {
1684 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1685 nfc_cb.nci_version = NCI_VERSION_1_0;
1686 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1687 } else {
1688 nfc_enabled(status, nullptr);
1689 GKI_freebuf(p_msg);
1690 }
1691 }
1692 }
1693
1694 /*******************************************************************************
1695 **
1696 ** Function nfc_ncif_proc_get_config_rsp
1697 **
1698 ** Description This function is called to process get config response
1699 **
1700 ** Returns void
1701 **
1702 *******************************************************************************/
nfc_ncif_proc_get_config_rsp(NFC_HDR * p_evt)1703 void nfc_ncif_proc_get_config_rsp(NFC_HDR* p_evt) {
1704 uint8_t* p;
1705 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1706 tNFC_RESPONSE evt_data;
1707
1708 p_evt->offset += NCI_MSG_HDR_SIZE;
1709 p_evt->len -= NCI_MSG_HDR_SIZE;
1710 if (p_cback) {
1711 p = (uint8_t*)(p_evt + 1) + p_evt->offset;
1712 evt_data.get_config.status = *p++;
1713 evt_data.get_config.tlv_size = p_evt->len;
1714 evt_data.get_config.p_param_tlvs = p;
1715 (*p_cback)(NFC_GET_CONFIG_REVT, &evt_data);
1716 }
1717 }
1718
1719 /*******************************************************************************
1720 **
1721 ** Function nfc_ncif_proc_t3t_polling_rsp
1722 **
1723 ** Description Handle NCI_MSG_RF_T3T_POLLING RSP
1724 **
1725 ** Returns void
1726 **
1727 *******************************************************************************/
nfc_ncif_proc_t3t_polling_rsp(uint8_t status)1728 void nfc_ncif_proc_t3t_polling_rsp(uint8_t status) {
1729 rw_t3t_handle_nci_poll_rsp(status);
1730 }
1731
1732 /*******************************************************************************
1733 **
1734 ** Function nfc_ncif_proc_t3t_polling_ntf
1735 **
1736 ** Description Handle NCI_MSG_RF_T3T_POLLING NTF
1737 **
1738 ** Returns void
1739 **
1740 *******************************************************************************/
nfc_ncif_proc_t3t_polling_ntf(uint8_t * p,uint16_t plen)1741 void nfc_ncif_proc_t3t_polling_ntf(uint8_t* p, uint16_t plen) {
1742 uint8_t status;
1743 uint8_t num_responses;
1744
1745 if (plen < NFC_TL_SIZE) {
1746 return;
1747 }
1748
1749 /* Pass result to RW_T3T for processing */
1750 STREAM_TO_UINT8(status, p);
1751 STREAM_TO_UINT8(num_responses, p);
1752 plen -= NFC_TL_SIZE;
1753 rw_t3t_handle_nci_poll_ntf(status, num_responses, (uint8_t)plen, p);
1754 }
1755
1756 /*******************************************************************************
1757 **
1758 ** Function nfc_data_event
1759 **
1760 ** Description Report Data event on the given connection control block
1761 **
1762 ** Returns void
1763 **
1764 *******************************************************************************/
nfc_data_event(tNFC_CONN_CB * p_cb)1765 void nfc_data_event(tNFC_CONN_CB* p_cb) {
1766 NFC_HDR* p_evt;
1767 tNFC_DATA_CEVT data_cevt;
1768 uint8_t* p;
1769
1770 if (p_cb->p_cback) {
1771 while ((p_evt = (NFC_HDR*)GKI_getfirst(&p_cb->rx_q)) != nullptr) {
1772 if (p_evt->layer_specific & NFC_RAS_FRAGMENTED) {
1773 /* Not the last fragment */
1774 if (!(p_evt->layer_specific & NFC_RAS_TOO_BIG)) {
1775 /* buffer can hold more */
1776 if ((p_cb->conn_id != NFC_RF_CONN_ID) || (nfc_cb.reassembly)) {
1777 /* If not rf connection or If rf connection and reassembly
1778 * requested,
1779 * try to Reassemble next packet */
1780 break;
1781 }
1782 }
1783 }
1784
1785 p_evt = (NFC_HDR*)GKI_dequeue(&p_cb->rx_q);
1786 /* report data event */
1787 p_evt->offset += NCI_MSG_HDR_SIZE;
1788 p_evt->len -= NCI_MSG_HDR_SIZE;
1789
1790 if (p_evt->layer_specific)
1791 data_cevt.status = NFC_STATUS_CONTINUE;
1792 else {
1793 nfc_cb.reassembly = true;
1794 data_cevt.status = NFC_STATUS_OK;
1795 }
1796
1797 data_cevt.p_data = p_evt;
1798 /* adjust payload, if needed */
1799 if (p_cb->conn_id == NFC_RF_CONN_ID && p_evt->len) {
1800 /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status
1801 * byte needs to be removed
1802 */
1803 if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) &&
1804 (p_cb->act_protocol <= NCI_PROTOCOL_T3T)) {
1805 p_evt->len--;
1806 p = (uint8_t*)(p_evt + 1);
1807 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1808 if ((NFC_GetNCIVersion() >= NCI_VERSION_2_0) &&
1809 (p_cb->act_protocol == NCI_PROTOCOL_T2T) &&
1810 (p_cb->act_interface == NCI_INTERFACE_FRAME)) {
1811 if ((data_cevt.status != NFC_STATUS_OK) &&
1812 ((data_cevt.status >= T2T_STATUS_OK_1_BIT) &&
1813 (data_cevt.status <= T2T_STATUS_OK_7_BIT))) {
1814 LOG(VERBOSE) << StringPrintf("%s: T2T tag data xchange", __func__);
1815 data_cevt.status = NFC_STATUS_OK;
1816 }
1817 }
1818 }
1819 if ((NFC_GetNCIVersion() >= NCI_VERSION_2_0) &&
1820 (p_cb->act_protocol == NCI_PROTOCOL_T5T)) {
1821 p_evt->len--;
1822 p = (uint8_t*)(p_evt + 1);
1823 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1824 }
1825 }
1826 tNFC_CONN nfc_conn;
1827 nfc_conn.data = data_cevt;
1828 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_CEVT, &nfc_conn);
1829 p_evt = nullptr;
1830 }
1831 }
1832 }
1833
1834 /*******************************************************************************
1835 **
1836 ** Function nfc_ncif_proc_data
1837 **
1838 ** Description Find the connection control block associated with the data
1839 ** packet. Assemble the data packet, if needed.
1840 ** Report the Data event.
1841 **
1842 ** Returns void
1843 **
1844 *******************************************************************************/
nfc_ncif_proc_data(NFC_HDR * p_msg)1845 void nfc_ncif_proc_data(NFC_HDR* p_msg) {
1846 uint8_t *pp, cid;
1847 tNFC_CONN_CB* p_cb;
1848 uint8_t pbf;
1849 NFC_HDR* p_last;
1850 uint8_t *ps, *pd;
1851 uint16_t size;
1852 NFC_HDR* p_max = nullptr;
1853 uint16_t len;
1854
1855 pp = (uint8_t*)(p_msg + 1) + p_msg->offset;
1856 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_data 0x%02x%02x%02x", pp[0], pp[1],
1857 pp[2]);
1858 NCI_DATA_PRS_HDR(pp, pbf, cid, len);
1859 p_cb = nfc_find_conn_cb_by_conn_id(cid);
1860 if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE)) {
1861 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_data len:%d", len);
1862
1863 len = p_msg->len - NCI_MSG_HDR_SIZE;
1864 p_msg->layer_specific = 0;
1865 if (pbf) {
1866 NFC_SetReassemblyFlag(true);
1867 p_msg->layer_specific = NFC_RAS_FRAGMENTED;
1868 }
1869 p_last = (NFC_HDR*)GKI_getlast(&p_cb->rx_q);
1870 if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
1871 /* last data buffer is not last fragment, append this new packet to the
1872 * last */
1873 size = GKI_get_buf_size(p_last);
1874 if (size < (NFC_HDR_SIZE + p_last->len + p_last->offset + len)) {
1875 /* the current size of p_last is not big enough to hold the new
1876 * fragment, p_msg */
1877 if (size != GKI_MAX_BUF_SIZE) {
1878 /* try the biggest GKI pool */
1879 p_max = (NFC_HDR*)GKI_getpoolbuf(GKI_MAX_BUF_SIZE_POOL_ID);
1880 if (p_max) {
1881 /* copy the content of last buffer to the new buffer */
1882 memcpy(p_max, p_last, NFC_HDR_SIZE);
1883 pd = (uint8_t*)(p_max + 1) + p_max->offset;
1884 ps = (uint8_t*)(p_last + 1) + p_last->offset;
1885 memcpy(pd, ps, p_last->len);
1886
1887 /* place the new buffer in the queue instead */
1888 GKI_remove_from_queue(&p_cb->rx_q, p_last);
1889 GKI_freebuf(p_last);
1890 GKI_enqueue(&p_cb->rx_q, p_max);
1891 p_last = p_max;
1892 }
1893 }
1894 if (p_max == nullptr) {
1895 /* Biggest GKI Pool not available (or)
1896 * Biggest available GKI Pool is not big enough to hold the new
1897 * fragment, p_msg */
1898 p_last->layer_specific |= NFC_RAS_TOO_BIG;
1899 }
1900 }
1901
1902 ps = (uint8_t*)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
1903
1904 if (!(p_last->layer_specific & NFC_RAS_TOO_BIG)) {
1905 pd = (uint8_t*)(p_last + 1) + p_last->offset + p_last->len;
1906 memcpy(pd, ps, len);
1907 p_last->len += len;
1908 /* do not need to update pbf and len in NCI header.
1909 * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
1910 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_data len:%d", p_last->len);
1911 p_last->layer_specific = p_msg->layer_specific;
1912 GKI_freebuf(p_msg);
1913 nfc_data_event(p_cb);
1914 } else {
1915 /* Not enough memory to add new buffer
1916 * Send data already in queue first with status Continue */
1917 nfc_data_event(p_cb);
1918 /* now enqueue the new buffer to the rx queue */
1919 GKI_enqueue(&p_cb->rx_q, p_msg);
1920 }
1921 } else {
1922 /* if this is the first fragment on RF link */
1923 if ((p_msg->layer_specific & NFC_RAS_FRAGMENTED) &&
1924 (p_cb->conn_id == NFC_RF_CONN_ID) && (p_cb->p_cback)) {
1925 /* Indicate upper layer that local device started receiving data */
1926 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_START_CEVT, nullptr);
1927 }
1928 /* enqueue the new buffer to the rx queue */
1929 GKI_enqueue(&p_cb->rx_q, p_msg);
1930 nfc_data_event(p_cb);
1931 }
1932 return;
1933 }
1934 GKI_freebuf(p_msg);
1935 }
1936
1937 /*******************************************************************************
1938 **
1939 ** Function nfc_ncif_process_proprietary_rsp
1940 **
1941 ** Description Process the response to avoid collision
1942 ** while rawVsCbflag is set
1943 **
1944 ** Returns true if proprietary response else false
1945 **
1946 *******************************************************************************/
nfc_ncif_proc_proprietary_rsp(uint8_t mt,uint8_t gid,uint8_t oid)1947 bool nfc_ncif_proc_proprietary_rsp(uint8_t mt, uint8_t gid, uint8_t oid) {
1948 bool stat = FALSE;
1949 LOG(VERBOSE) << StringPrintf("%s: mt=%u, gid=%u, oid=%u", __func__, mt, gid,
1950 oid);
1951
1952 switch (mt) {
1953 case NCI_MT_DATA:
1954 /* check for Data Response */
1955 if (gid != 0x03 && oid != 0x00) stat = TRUE;
1956 break;
1957
1958 case NCI_MT_NTF:
1959 switch (gid) {
1960 case NCI_GID_CORE:
1961 /* check for CORE_RESET_NTF or CORE_CONN_CREDITS_NTF */
1962 if (oid != 0x00 && oid != 0x06) stat = TRUE;
1963 break;
1964 case NCI_GID_RF_MANAGE:
1965 /* check for CORE_CONN_CREDITS_NTF or NFA_EE_ACTION_NTF or
1966 * NFA_EE_DISCOVERY_REQ_NTF */
1967 if (oid != 0x06 && oid != 0x09 && oid != 0x0A) stat = TRUE;
1968 break;
1969 case NCI_GID_EE_MANAGE:
1970 if (oid != 0x00) stat = TRUE;
1971 break;
1972 case NCI_GID_PROP:
1973 if (oid != 0x02) stat = TRUE;
1974 break;
1975 default:
1976 stat = TRUE;
1977 break;
1978 }
1979 break;
1980
1981 default:
1982 stat = TRUE;
1983 break;
1984 }
1985 LOG(VERBOSE) << StringPrintf("%s: exit status=%u", __func__, stat);
1986 return stat;
1987 }
1988
1989 /*******************************************************************************
1990 ** Function nfc_mode_set_ntf_timeout
1991 **
1992 ** Description This function is invoked on mode set ntf timeout
1993 **
1994 ** Returns void
1995 **
1996 *******************************************************************************/
nfc_mode_set_ntf_timeout()1997 void nfc_mode_set_ntf_timeout() {
1998 LOG(ERROR) << StringPrintf("%s", __func__);
1999 tNFC_RESPONSE nfc_response;
2000 nfc_response.mode_set.status = NCI_STATUS_FAILED;
2001 nfc_response.mode_set.nfcee_id = *nfc_cb.last_nfcee_cmd;
2002 nfc_response.mode_set.mode = NCI_NFCEE_MD_DEACTIVATE;
2003
2004 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
2005 tNFC_RESPONSE_EVT event = NFC_NFCEE_MODE_SET_REVT;
2006 if (p_cback) (*p_cback)(event, &nfc_response);
2007 }
2008