1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the NFC NCI transport.
22 * On the receive side, it routes events to the appropriate handler
23 * (callback). On the transmit side, it manages the command transmission.
24 *
25 ******************************************************************************/
26 #include <android-base/logging.h>
27 #include <android-base/stringprintf.h>
28 #include <fcntl.h>
29 #include <log/log.h>
30 #include <pthread.h>
31 #include <statslog_nfc.h>
32 #include <sys/stat.h>
33 #include <sys/time.h>
34
35 #include "include/debug_nfcsnoop.h"
36 #include "metrics.h"
37 #include "nci_defs.h"
38 #include "nci_hmsgs.h"
39 #include "nfc_api.h"
40 #include "nfc_int.h"
41 #include "nfc_target.h"
42 #include "rw_api.h"
43 #include "rw_int.h"
44
45 using android::base::StringPrintf;
46
47 #if (APPL_DTA_MODE == TRUE)
48 // Global Structure varibale for FW Version
49 static tNFC_FW_VERSION nfc_fw_version;
50 #endif
51 #define NFC_PB_ATTRIB_REQ_FIXED_BYTES 1
52 #define NFC_LB_ATTRIB_REQ_FIXED_BYTES 8
53
54 extern unsigned char appl_dta_mode_flag;
55
56 extern std::string nfc_storage_path;
57
58 static struct timeval timer_start;
59 static struct timeval timer_end;
60 static pthread_mutex_t cache_flush = PTHREAD_MUTEX_INITIALIZER;
61
62 /*******************************************************************************
63 **
64 ** Function nfc_ncif_update_window
65 **
66 ** Description Update tx cmd window to indicate that NFCC can received
67 **
68 ** Returns void
69 **
70 *******************************************************************************/
nfc_ncif_update_window(void)71 void nfc_ncif_update_window(void) {
72 /* Sanity check - see if we were expecting a update_window */
73 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
74 if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE) {
75 LOG(ERROR) << StringPrintf("%s: Unexpected call", __func__);
76 }
77 return;
78 }
79
80 /* Stop command-pending timer */
81 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
82
83 nfc_cb.p_vsc_cback = nullptr;
84 nfc_cb.nci_cmd_window++;
85
86 /* Check if there were any commands waiting to be sent */
87 nfc_ncif_check_cmd_queue(nullptr);
88 }
89
90 /*******************************************************************************
91 **
92 ** Function nfc_ncif_cmd_timeout
93 **
94 ** Description Handle a command timeout
95 **
96 ** Returns void
97 **
98 *******************************************************************************/
nfc_ncif_cmd_timeout(void)99 void nfc_ncif_cmd_timeout(void) {
100 LOG(ERROR) << __func__;
101
102 /* report an error */
103 nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
104 nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
105
106 /* if enabling NFC, notify upper layer of failure */
107 if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
108 nfc_enabled(NFC_STATUS_FAILED, nullptr);
109 }
110 }
111
112 /*******************************************************************************
113 **
114 ** Function nfc_wait_2_deactivate_timeout
115 **
116 ** Description Handle a command timeout
117 **
118 ** Returns void
119 **
120 *******************************************************************************/
nfc_wait_2_deactivate_timeout(void)121 void nfc_wait_2_deactivate_timeout(void) {
122 LOG(ERROR) << __func__;
123 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
124 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
125 }
126
127 /*******************************************************************************
128 **
129 ** Function nfc_ncif_send_data
130 **
131 ** Description This function is called to add the NCI data header
132 ** and send it to NCIT task for sending it to transport
133 ** as credits are available.
134 **
135 ** Returns void
136 **
137 *******************************************************************************/
nfc_ncif_send_data(tNFC_CONN_CB * p_cb,NFC_HDR * p_data)138 uint8_t nfc_ncif_send_data(tNFC_CONN_CB* p_cb, NFC_HDR* p_data) {
139 uint8_t* pp;
140 uint8_t* ps;
141 uint8_t ulen = NCI_MAX_PAYLOAD_SIZE;
142 NFC_HDR* p;
143 uint8_t pbf = 1;
144 uint8_t buffer_size = p_cb->buff_size;
145 uint8_t hdr0 = p_cb->conn_id;
146 bool fragmented = false;
147 bool empty_p_data = p_data == nullptr;
148
149 if (!gki_utils) {
150 gki_utils = new GkiUtils();
151 }
152
153 LOG(VERBOSE) << StringPrintf("%s :%d, num_buff=%d qc=%d", __func__,
154 p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
155 if (p_cb->id == NFC_RF_CONN_ID) {
156 if (nfc_cb.nfc_state != NFC_STATE_OPEN) {
157 if (nfc_cb.nfc_state == NFC_STATE_CLOSING) {
158 if ((p_data == nullptr) && /* called because credit from NFCC */
159 (nfc_cb.flags & NFC_FL_DEACTIVATING)) {
160 if (p_cb->init_credits == p_cb->num_buff) {
161 /* all the credits are back */
162 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
163 LOG(VERBOSE) << StringPrintf(
164 "%s: deactivating NFC-DEP init_credits=%d, num_buff=%d",
165 __func__, p_cb->init_credits, p_cb->num_buff);
166 nfc_stop_timer(&nfc_cb.deactivate_timer);
167 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
168 }
169 }
170 }
171 return NCI_STATUS_FAILED;
172 }
173 }
174 if (nfc_cb.flags & NFC_FL_WAIT_RF_INTF_EXT_RSP) {
175 LOG(VERBOSE) << StringPrintf(
176 "%s: fail to send NCI data while waiting response for RF interface"
177 " extension command",
178 __func__);
179 return NCI_STATUS_FAILED;
180 }
181
182 if (p_data) {
183 /* always enqueue the data to the tx queue */
184 gki_utils->enqueue(&p_cb->tx_q, p_data);
185 }
186
187 /* try to send the first data packet in the tx queue */
188 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
189
190 /* post data fragment to NCIT task as credits are available */
191 while (p_data && (p_cb->num_buff > 0)) {
192 if (p_data->len <= buffer_size) {
193 pbf = 0; /* last fragment */
194 ulen = (uint8_t)(p_data->len);
195 fragmented = false;
196 } else {
197 fragmented = true;
198 ulen = buffer_size;
199 }
200
201 if (!fragmented) {
202 /* if data packet is not fragmented, use the original buffer */
203 p = p_data;
204 p_data = (NFC_HDR*)gki_utils->dequeue(&p_cb->tx_q);
205 } else {
206 /* the data packet is too big and need to be fragmented
207 * prepare a new GKI buffer
208 * (even the last fragment to avoid issues) */
209 p = NCI_GET_CMD_BUF(ulen);
210 if (p == nullptr) return (NCI_STATUS_BUFFER_FULL);
211 p->len = ulen;
212 p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
213 if (p->len) {
214 pp = (uint8_t*)(p + 1) + p->offset;
215 ps = (uint8_t*)(p_data + 1) + p_data->offset;
216 memcpy(pp, ps, ulen);
217 }
218 /* adjust the NFC_HDR on the old fragment */
219 p_data->len -= ulen;
220 p_data->offset += ulen;
221 }
222
223 p->event = BT_EVT_TO_NFC_NCI;
224 p->layer_specific = pbf;
225 p->len += NCI_DATA_HDR_SIZE;
226 p->offset -= NCI_DATA_HDR_SIZE;
227 pp = (uint8_t*)(p + 1) + p->offset;
228 /* build NCI Data packet header */
229 NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
230
231 if (p_cb->num_buff != NFC_CONN_NO_FC) p_cb->num_buff--;
232
233 /* send to HAL */
234 nfcsnoop_capture(p, false);
235 HAL_WRITE(p);
236
237 if (!fragmented) {
238 /* check if there are more data to send */
239 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
240 }
241 }
242
243 // log duration for the first hce data response
244 if (!empty_p_data && (timer_start.tv_sec != 0 || timer_start.tv_usec != 0)) {
245 gettimeofday(&timer_end, nullptr);
246 uint32_t delta_time_ms = (timer_end.tv_sec - timer_start.tv_sec) * 1000 +
247 (timer_end.tv_usec - timer_start.tv_usec) / 1000;
248 memset(&timer_start, 0, sizeof(timer_start));
249 memset(&timer_end, 0, sizeof(timer_end));
250 nfc::stats::stats_write(nfc::stats::NFC_HCE_TRANSACTION_OCCURRED,
251 (int32_t)delta_time_ms);
252 LOG(VERBOSE) << StringPrintf("%s: delta_time=%d", __func__, delta_time_ms);
253 }
254 return (NCI_STATUS_OK);
255 }
256
257 /*******************************************************************************
258 **
259 ** Function nfc_ncif_check_cmd_queue
260 **
261 ** Description Send NCI command to the transport
262 **
263 ** Returns void
264 **
265 *******************************************************************************/
nfc_ncif_check_cmd_queue(NFC_HDR * p_buf)266 void nfc_ncif_check_cmd_queue(NFC_HDR* p_buf) {
267 if (!gki_utils) {
268 gki_utils = new GkiUtils();
269 }
270 uint8_t* ps;
271 /* If there are commands waiting in the xmit queue, or if the controller
272 * cannot accept any more commands, */
273 /* then enqueue this command */
274 if (p_buf) {
275 if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0)) {
276 gki_utils->enqueue(&nfc_cb.nci_cmd_xmit_q, p_buf);
277 p_buf = nullptr;
278 }
279 }
280
281 /* If controller can accept another command, then send the next command */
282 if (nfc_cb.nci_cmd_window > 0) {
283 /* If no command was provided, or if older commands were in the queue, then
284 * get cmd from the queue */
285 if (!p_buf) p_buf = (NFC_HDR*)gki_utils->dequeue(&nfc_cb.nci_cmd_xmit_q);
286
287 if (p_buf) {
288 /* save the message header to double check the response */
289 ps = (uint8_t*)(p_buf + 1) + p_buf->offset;
290 memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
291 memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
292 // Check first byte to check if this is an NFCEE command
293 if (*ps == ((NCI_MT_CMD << NCI_MT_SHIFT) | NCI_GID_EE_MANAGE)) {
294 memcpy(nfc_cb.last_nfcee_cmd, ps + NCI_MSG_HDR_SIZE,
295 NFC_SAVED_CMD_SIZE);
296 }
297 if (p_buf->layer_specific == NFC_WAIT_RSP_VSC) {
298 /* save the callback for NCI VSCs) */
299 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
300 } else if (p_buf->layer_specific == NFC_WAIT_RSP_RAW_VS) {
301 /* save the callback for RAW VS */
302 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
303 nfc_cb.rawVsCbflag = true;
304 }
305
306 /* Indicate command is pending */
307 nfc_cb.nci_cmd_window--;
308
309 // Make sure the caches are consistent with other threads here.
310 (void)pthread_mutex_lock(&cache_flush);
311 (void)pthread_mutex_unlock(&cache_flush);
312
313 /* send to HAL */
314 nfcsnoop_capture(p_buf, false);
315 HAL_WRITE(p_buf);
316 /* start NFC command-timeout timer */
317 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
318 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
319 nfc_cb.nci_wait_rsp_tout);
320 }
321 }
322
323 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
324 /* the command queue must be empty now */
325 if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED) {
326 /* HAL requested control or stack needs to handle pre-discover */
327 nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
328 if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
329 if (nfc_cb.p_hal->prediscover()) {
330 /* HAL has the command window now */
331 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
332 nfc_cb.nci_cmd_window = 0;
333 } else {
334 /* HAL does not need to send command,
335 * - restore the command window and issue the discovery command now */
336 nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
337 ps = (uint8_t*)nfc_cb.p_disc_pending;
338 nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
339 gki_utils->freebuf(nfc_cb.p_disc_pending);
340 nfc_cb.p_disc_pending = nullptr;
341 }
342 } else if (nfc_cb.flags & NFC_FL_HAL_REQUESTED) {
343 /* grant the control to HAL */
344 nfc_cb.flags &= ~NFC_FL_HAL_REQUESTED;
345 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
346 nfc_cb.nci_cmd_window = 0;
347 nfc_cb.p_hal->control_granted();
348 }
349 }
350 }
351 }
352
353 #if (APPL_DTA_MODE == TRUE)
354 /*******************************************************************************
355 **
356 ** Function nfc_ncif_getFWVersion
357 **
358 ** Description This function is called to fet the FW Version
359 **
360 ** Returns tNFC_FW_VERSION
361 **
362 *******************************************************************************/
nfc_ncif_getFWVersion()363 tNFC_FW_VERSION nfc_ncif_getFWVersion() { return nfc_fw_version; }
364 #endif
365
366 /*******************************************************************************
367 **
368 ** Function nfc_ncif_send_cmd
369 **
370 ** Description Send NCI command to the NCIT task
371 **
372 ** Returns void
373 **
374 *******************************************************************************/
nfc_ncif_send_cmd(NFC_HDR * p_buf)375 void nfc_ncif_send_cmd(NFC_HDR* p_buf) {
376 /* post the p_buf to NCIT task */
377 p_buf->event = BT_EVT_TO_NFC_NCI;
378 p_buf->layer_specific = 0;
379 nfc_ncif_check_cmd_queue(p_buf);
380 }
381
382 /*******************************************************************************
383 **
384 ** Function nfc_ncif_process_event
385 **
386 ** Description This function is called to process the
387 ** data/response/notification from NFCC
388 **
389 ** Returns TRUE if need to free buffer
390 **
391 *******************************************************************************/
nfc_ncif_process_event(NFC_HDR * p_msg)392 bool nfc_ncif_process_event(NFC_HDR* p_msg) {
393 uint8_t mt, pbf, gid, *p;
394 bool free = true;
395 uint8_t oid;
396 uint16_t len;
397 uint8_t *p_old, old_gid, old_oid, old_mt;
398
399 /* ignore all data while shutting down NFCC */
400 if (nfc_cb.nfc_state == NFC_STATE_W4_HAL_CLOSE) {
401 return free;
402 }
403
404 // Make sure the caches are consistent with other threads here.
405 (void)pthread_mutex_lock(&cache_flush);
406 (void)pthread_mutex_unlock(&cache_flush);
407
408 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
409
410 if (p_msg->len < 3) {
411 // Per NCI spec, every packets should have at least 3 bytes: HDR0, HDR1, and
412 // LEN field.
413 LOG(ERROR) << StringPrintf("%s: Invalid NCI packet: p_msg->len=%d",
414 __func__, p_msg->len);
415 return free;
416 }
417
418 // LEN field contains the size of the payload, not including the 3-byte packet
419 // header.
420 len = p[2] + 3;
421 if (p_msg->len < len) {
422 // Making sure the packet holds enough data than it claims.
423 LOG(ERROR) << StringPrintf(
424 "%s: Invalid NCI packet: p_msg->len (%d) < len (%d)", __func__,
425 p_msg->len, len);
426 return free;
427 }
428
429 nfcsnoop_capture(p_msg, true);
430
431 NCI_MSG_PRS_HDR0(p, mt, pbf, gid);
432 oid = ((*p) & NCI_OID_MASK);
433 if (nfc_cb.rawVsCbflag == true &&
434 nfc_ncif_proc_proprietary_rsp(mt, gid, oid) == true) {
435 nci_proc_prop_raw_vs_rsp(p_msg);
436 nfc_cb.rawVsCbflag = false;
437 return free;
438 }
439
440 switch (mt) {
441 case NCI_MT_DATA:
442 LOG(VERBOSE) << StringPrintf("%s: NFC received data", __func__);
443 nfc_ncif_proc_data(p_msg);
444 free = false;
445 break;
446
447 case NCI_MT_RSP:
448 LOG(VERBOSE) << StringPrintf("%s: NFC received rsp gid=%d", __func__,
449 gid);
450 oid = ((*p) & NCI_OID_MASK);
451 p_old = nfc_cb.last_hdr;
452 NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
453 old_oid = ((*p_old) & NCI_OID_MASK);
454 /* make sure this is the RSP we are waiting for before updating the
455 * command window */
456 if ((old_gid != gid) || (old_oid != oid)) {
457 LOG(ERROR) << StringPrintf("%s: unexpected rsp: gid=0x%x, oid=0x%x",
458 __func__, gid, oid);
459 return true;
460 }
461
462 switch (gid) {
463 case NCI_GID_CORE: /* 0000b NCI Core group */
464 free = nci_proc_core_rsp(p_msg);
465 break;
466 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
467 nci_proc_rf_management_rsp(p_msg);
468 break;
469 #if (NFC_NFCEE_INCLUDED == TRUE)
470 #if (NFC_RW_ONLY == FALSE)
471 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
472 nci_proc_ee_management_rsp(p_msg);
473 break;
474 #endif
475 #endif
476 case NCI_GID_PROP: /* 1111b Proprietary */
477 nci_proc_prop_rsp(p_msg);
478 break;
479 default:
480 LOG(ERROR) << StringPrintf("%s: Unknown gid=%d", __func__, gid);
481 break;
482 }
483
484 nfc_ncif_update_window();
485 break;
486
487 case NCI_MT_NTF:
488 LOG(VERBOSE) << StringPrintf("%s: NFC received ntf gid=%d", __func__,
489 gid);
490 switch (gid) {
491 case NCI_GID_CORE: /* 0000b NCI Core group */
492 nci_proc_core_ntf(p_msg);
493 break;
494 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
495 nci_proc_rf_management_ntf(p_msg);
496 break;
497 #if (NFC_NFCEE_INCLUDED == TRUE)
498 #if (NFC_RW_ONLY == FALSE)
499 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
500 nci_proc_ee_management_ntf(p_msg);
501 break;
502 #endif
503 #endif
504 case NCI_GID_PROP: /* 1111b Proprietary */
505 nci_proc_prop_ntf(p_msg);
506 break;
507 default:
508 LOG(ERROR) << StringPrintf("%s: Unknown gid=%d", __func__, gid);
509 break;
510 }
511 break;
512
513 default:
514 LOG(VERBOSE) << StringPrintf("%s: received unknown mt=0x%x, gid=%d",
515 __func__, mt, gid);
516 }
517
518 return (free);
519 }
520
521 /*******************************************************************************
522 **
523 ** Function nfc_ncif_rf_management_status
524 **
525 ** Description This function is called to report an event
526 **
527 ** Returns void
528 **
529 *******************************************************************************/
nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event,uint8_t status)530 void nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event, uint8_t status) {
531 tNFC_DISCOVER evt_data;
532 if (nfc_cb.p_discv_cback) {
533 evt_data.status = (tNFC_STATUS)status;
534 (*nfc_cb.p_discv_cback)(event, &evt_data);
535 }
536 }
537
538 /*******************************************************************************
539 **
540 ** Function nfc_ncif_set_config_status
541 **
542 ** Description This function is called to report NFC_SET_CONFIG_REVT
543 **
544 ** Returns void
545 **
546 *******************************************************************************/
nfc_ncif_set_config_status(uint8_t * p,uint8_t len)547 void nfc_ncif_set_config_status(uint8_t* p, uint8_t len) {
548 tNFC_RESPONSE evt_data;
549 if (nfc_cb.p_resp_cback) {
550 evt_data.set_config.num_param_id = 0;
551 if (len == 0) {
552 LOG(ERROR) << StringPrintf("%s: Insufficient RSP length", __func__);
553 evt_data.set_config.status = NFC_STATUS_SYNTAX_ERROR;
554 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
555 return;
556 }
557 evt_data.set_config.status = (tNFC_STATUS)*p++;
558 if (evt_data.set_config.status != NFC_STATUS_OK && len > 1) {
559 evt_data.set_config.num_param_id = *p++;
560 if (evt_data.set_config.num_param_id > NFC_MAX_NUM_IDS) {
561 android_errorWriteLog(0x534e4554, "114047681");
562 LOG(ERROR) << StringPrintf("%s: OOB write num_param_id %d", __func__,
563 evt_data.set_config.num_param_id);
564 evt_data.set_config.num_param_id = 0;
565 } else if (evt_data.set_config.num_param_id <= len - 2) {
566 STREAM_TO_ARRAY(evt_data.set_config.param_ids, p,
567 evt_data.set_config.num_param_id);
568 } else {
569 LOG(ERROR) << StringPrintf(
570 "%s: Insufficient RSP length %d,num_param_id %d", __func__, len,
571 evt_data.set_config.num_param_id);
572 evt_data.set_config.num_param_id = 0;
573 }
574 }
575 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
576 }
577 }
578
579 /*******************************************************************************
580 **
581 ** Function nfc_ncif_event_status
582 **
583 ** Description This function is called to report an event
584 **
585 ** Returns void
586 **
587 *******************************************************************************/
nfc_ncif_event_status(tNFC_RESPONSE_EVT event,uint8_t status)588 void nfc_ncif_event_status(tNFC_RESPONSE_EVT event, uint8_t status) {
589 tNFC_RESPONSE evt_data;
590 if (event == NFC_NFCC_TIMEOUT_REVT && status == NFC_STATUS_HW_TIMEOUT) {
591 uint32_t cmd_hdr = (nfc_cb.last_hdr[0] << 8) | nfc_cb.last_hdr[1];
592 nfc::stats::stats_write(nfc::stats::NFC_ERROR_OCCURRED,
593 (int32_t)NCI_TIMEOUT, (int32_t)cmd_hdr,
594 (int32_t)status);
595 }
596 if (nfc_cb.p_resp_cback) {
597 evt_data.status = (tNFC_STATUS)status;
598 (*nfc_cb.p_resp_cback)(event, &evt_data);
599 }
600 }
601
602 /*******************************************************************************
603 **
604 ** Function nfc_ncif_error_status
605 **
606 ** Description This function is called to report an error event to data
607 ** cback
608 **
609 ** Returns void
610 **
611 *******************************************************************************/
nfc_ncif_error_status(uint8_t conn_id,uint8_t status)612 void nfc_ncif_error_status(uint8_t conn_id, uint8_t status) {
613 tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
614 if (p_cb && p_cb->p_cback) {
615 tNFC_CONN nfc_conn;
616 nfc_conn.status = status;
617 (*p_cb->p_cback)(conn_id, NFC_ERROR_CEVT, &nfc_conn);
618 }
619 nfc::stats::stats_write(nfc::stats::NFC_ERROR_OCCURRED, (int32_t)ERROR_NTF,
620 (int32_t)0, (int32_t)status);
621 }
622
623 /*******************************************************************************
624 **
625 ** Function nfc_ncif_proc_rf_field_ntf
626 **
627 ** Description This function is called to process RF field notification
628 **
629 ** Returns void
630 **
631 *******************************************************************************/
632 #if (NFC_RW_ONLY == FALSE)
nfc_ncif_proc_rf_field_ntf(uint8_t rf_status)633 void nfc_ncif_proc_rf_field_ntf(uint8_t rf_status) {
634 tNFC_RESPONSE evt_data;
635 if (nfc_cb.p_resp_cback) {
636 evt_data.status = (tNFC_STATUS)NFC_STATUS_OK;
637 evt_data.rf_field.rf_field = rf_status;
638 (*nfc_cb.p_resp_cback)(NFC_RF_FIELD_REVT, &evt_data);
639 }
640 }
641 #endif
642
643 /*******************************************************************************
644 **
645 ** Function nfc_ncif_proc_credits
646 **
647 ** Description This function is called to process data credits
648 **
649 ** Returns void
650 **
651 *******************************************************************************/
nfc_ncif_proc_credits(uint8_t * p,uint16_t plen)652 void nfc_ncif_proc_credits(uint8_t* p, uint16_t plen) {
653 uint8_t num, xx;
654 tNFC_CONN_CB* p_cb;
655
656 if (plen != 0) {
657 num = *p++;
658 plen--;
659 if (num * 2 > plen) {
660 android_errorWriteLog(0x534e4554, "118148142");
661 return;
662 }
663 for (xx = 0; xx < num; xx++) {
664 p_cb = nfc_find_conn_cb_by_conn_id(*p++);
665 if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC) {
666 p_cb->num_buff += (*p);
667 #if (BT_USE_TRACES == TRUE)
668 if (p_cb->num_buff > p_cb->init_credits) {
669 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
670 /* if this happens in activated state, it's very likely that our
671 * NFCC has issues */
672 /* However, credit may be returned after deactivation */
673 LOG(ERROR) << StringPrintf("%s: num_buff=0x%x, init_credits=0x%x",
674 __func__, p_cb->num_buff,
675 p_cb->init_credits);
676 }
677 p_cb->num_buff = p_cb->init_credits;
678 }
679 #endif
680 /* check if there's nay data in tx q to be sent */
681 nfc_ncif_send_data(p_cb, nullptr);
682 }
683 p++;
684 }
685 }
686 }
687 /*******************************************************************************
688 **
689 ** Function nfc_ncif_decode_rf_params
690 **
691 ** Description This function is called to process the detected technology
692 ** and mode and the associated parameters for DISCOVER_NTF and
693 ** ACTIVATE_NTF
694 **
695 ** Returns void
696 **
697 *******************************************************************************/
nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS * p_param,uint8_t * p)698 uint8_t* nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS* p_param, uint8_t* p) {
699 tNFC_RF_PA_PARAMS* p_pa;
700 uint8_t len, *p_start, u8;
701 tNFC_RF_PB_PARAMS* p_pb;
702 tNFC_RF_LF_PARAMS* p_lf;
703 tNFC_RF_PF_PARAMS* p_pf;
704 tNFC_RF_PISO15693_PARAMS* p_i93;
705 uint8_t plen;
706 plen = len = *p++;
707 p_start = p;
708 memset(&p_param->param, 0, sizeof(tNFC_RF_TECH_PARAMU));
709
710 if (NCI_DISCOVERY_TYPE_POLL_A == p_param->mode) {
711 p_pa = &p_param->param.pa;
712 /*
713 SENS_RES Response 2 bytes Defined in [DIGPROT] Available after Technology
714 Detection
715 NFCID1 length 1 byte Length of NFCID1 Available after Collision Resolution
716 NFCID1 4, 7, or 10 bytes Defined in [DIGPROT]Available after Collision
717 Resolution
718 SEL_RES Response 1 byte Defined in [DIGPROT]Available after Collision
719 Resolution
720 HRx Length 1 Octets Length of HRx Parameters collected from the response to
721 the T1T RID command.
722 HRx 0 or 2 Octets If present, the first byte SHALL contain HR0 and the second
723 byte SHALL contain HR1 as defined in [DIGITAL].
724 */
725 if (plen < 3) {
726 goto invalid_packet;
727 }
728 plen -= 3;
729 STREAM_TO_ARRAY(p_pa->sens_res, p, 2);
730 p_pa->nfcid1_len = *p++;
731 if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
732 p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
733
734 if (plen < p_pa->nfcid1_len + 1) {
735 goto invalid_packet;
736 }
737 plen -= (p_pa->nfcid1_len + 1);
738 STREAM_TO_ARRAY(p_pa->nfcid1, p, p_pa->nfcid1_len);
739 u8 = *p++;
740
741 if (u8) {
742 if (plen < 1) {
743 goto invalid_packet;
744 }
745 plen--;
746 p_pa->sel_rsp = *p++;
747 }
748
749 if (len ==
750 (7 + p_pa->nfcid1_len + u8)) /* 2(sens_res) + 1(len) +
751 p_pa->nfcid1_len + 1(len) + u8 + hr
752 (1:len + 2) */
753 {
754 p_pa->hr_len = *p++;
755 if (p_pa->hr_len == NCI_T1T_HR_LEN) {
756 p_pa->hr[0] = *p++;
757 p_pa->hr[1] = *p;
758 }
759 }
760 } else if (NCI_DISCOVERY_TYPE_POLL_B == p_param->mode) {
761 /*
762 SENSB_RES Response length (n) 1 byte Length of SENSB_RES Response (Byte 2 -
763 Byte 12 or 13)Available after Technology Detection
764 SENSB_RES Response Byte 2 - Byte 12 or 13 11 or 12 bytes Defined in [DIGPROT]
765 Available after Technology Detection
766 */
767 p_pb = &p_param->param.pb;
768
769 if (plen < 1) {
770 goto invalid_packet;
771 }
772 plen--;
773 p_pb->sensb_res_len = *p++;
774 if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
775 p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
776
777 if (plen < p_pb->sensb_res_len) {
778 goto invalid_packet;
779 }
780 plen -= p_pb->sensb_res_len;
781 STREAM_TO_ARRAY(p_pb->sensb_res, p, p_pb->sensb_res_len);
782 memcpy(p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
783 p_pb->fwi = p_pb->sensb_res[10] >> 4;
784 } else if (NCI_DISCOVERY_TYPE_POLL_F == p_param->mode) {
785 /*
786 Bit Rate 1 byte 1 212 kbps/2 424 kbps/0 and 3 to 255 RFU
787 SENSF_RES Response length.(n) 1 byte Length of SENSF_RES (Byte 2 - Byte 17 or
788 19).Available after Technology Detection
789 SENSF_RES Response Byte 2 - Byte 17 or 19 n bytes Defined in [DIGPROT]
790 Available after Technology Detection
791 */
792 p_pf = &p_param->param.pf;
793
794 if (plen < 2) {
795 goto invalid_packet;
796 }
797 plen -= 2;
798 p_pf->bit_rate = *p++;
799 p_pf->sensf_res_len = *p++;
800 if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
801 p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
802
803 if (plen < p_pf->sensf_res_len) {
804 goto invalid_packet;
805 }
806 plen -= p_pf->sensf_res_len;
807 STREAM_TO_ARRAY(p_pf->sensf_res, p, p_pf->sensf_res_len);
808
809 if (p_pf->sensf_res_len < NCI_MRTI_UPDATE_INDEX + 1) {
810 goto invalid_packet;
811 }
812 memcpy(p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
813 p_pf->mrti_check = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
814 p_pf->mrti_update = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
815 } else if (NCI_DISCOVERY_TYPE_LISTEN_F == p_param->mode) {
816 p_lf = &p_param->param.lf;
817
818 if (plen < 1) {
819 goto invalid_packet;
820 }
821 plen--;
822 u8 = *p++;
823 if (u8) {
824 if (plen < NCI_NFCID2_LEN) {
825 goto invalid_packet;
826 }
827 plen -= NCI_NFCID2_LEN;
828 STREAM_TO_ARRAY(p_lf->nfcid2, p, NCI_NFCID2_LEN);
829 }
830 } else if (NCI_DISCOVERY_TYPE_POLL_V == p_param->mode) {
831 p_i93 = &p_param->param.pi93;
832
833 if (plen < 2) {
834 goto invalid_packet;
835 }
836 plen -= 2;
837 p_i93->flag = *p++;
838 p_i93->dsfid = *p++;
839
840 if (plen < NFC_ISO15693_UID_LEN) {
841 goto invalid_packet;
842 }
843 plen -= NFC_ISO15693_UID_LEN;
844 STREAM_TO_ARRAY(p_i93->uid, p, NFC_ISO15693_UID_LEN);
845 } else if (NCI_DISCOVERY_TYPE_POLL_KOVIO == p_param->mode) {
846 p_param->param.pk.uid_len = len;
847 if (p_param->param.pk.uid_len > NFC_KOVIO_MAX_LEN) {
848 LOG(ERROR) << StringPrintf("%s: Kovio UID len=0x%x exceeds max(0x%x)",
849 __func__, p_param->param.pk.uid_len,
850 NFC_KOVIO_MAX_LEN);
851 p_param->param.pk.uid_len = NFC_KOVIO_MAX_LEN;
852 }
853 STREAM_TO_ARRAY(p_param->param.pk.uid, p, p_param->param.pk.uid_len);
854 }
855
856 invalid_packet:
857 return (p_start + len);
858 }
859
860 /*******************************************************************************
861 **
862 ** Function nfc_ncif_proc_discover_ntf
863 **
864 ** Description This function is called to process discover notification
865 **
866 ** Returns void
867 **
868 *******************************************************************************/
nfc_ncif_proc_discover_ntf(uint8_t * p,uint16_t plen)869 void nfc_ncif_proc_discover_ntf(uint8_t* p, uint16_t plen) {
870 tNFC_DISCOVER evt_data;
871
872 if (nfc_cb.p_discv_cback) {
873 // validate packet length should be larger than (NCI header + rf_disc_id +
874 // protocol + mode + length of rf parameters).
875 if (plen < NCI_MSG_HDR_SIZE + 4) {
876 evt_data.status = NCI_STATUS_FAILED;
877 goto invalid_packet;
878 }
879 plen -= (NCI_MSG_HDR_SIZE + 4);
880 p += NCI_MSG_HDR_SIZE;
881 evt_data.status = NCI_STATUS_OK;
882 evt_data.result.rf_disc_id = *p++;
883 evt_data.result.protocol = *p++;
884
885 /* fill in tNFC_RESULT_DEVT */
886 evt_data.result.rf_tech_param.mode = *p++;
887
888 // validate packet length should be larger than (rf_tech_param + ntf_type)
889 if (plen < *p + 1) {
890 evt_data.status = NCI_STATUS_FAILED;
891 goto invalid_packet;
892 }
893 plen -= (*p + 1);
894 p = nfc_ncif_decode_rf_params(&evt_data.result.rf_tech_param, p);
895
896 evt_data.result.more = *p++;
897
898 invalid_packet:
899 (*nfc_cb.p_discv_cback)(NFC_RESULT_DEVT, &evt_data);
900 }
901 }
902
903 /*******************************************************************************
904 **
905 ** Function nfc_ncif_proc_isodep_nak_presence_check_status
906 **
907 ** Description This function is called to handle response and notification
908 ** for presence check nak command
909 **
910 ** Returns void
911 **
912 *******************************************************************************/
nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,bool is_ntf)913 void nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,
914 bool is_ntf) {
915 rw_t4t_handle_isodep_nak_rsp(status, is_ntf);
916 }
917
918 /*******************************************************************************
919 **
920 ** Function nfc_ncif_proc_removal_status
921 **
922 ** Description This function is called to process removal detection
923 ** notification
924 **
925 ** Returns void
926 **
927 *******************************************************************************/
nfc_ncif_proc_removal_status(uint8_t * p)928 void nfc_ncif_proc_removal_status(uint8_t* p) {
929 tNFC_DISCOVER evt_data;
930
931 evt_data.status = *p;
932 LOG(VERBOSE) << StringPrintf("%s: status=%d", __func__, evt_data.status);
933
934 if (nfc_cb.p_discv_cback) {
935 (*nfc_cb.p_discv_cback)(NFC_DETECTION_RESULT_DEVT, &evt_data);
936 }
937 }
938
939 /*******************************************************************************
940 **
941 ** Function nfc_ncif_proc_charging_status
942 **
943 ** Description This function is called to process WPT start response
944 **
945 ** Returns void
946 **
947 *******************************************************************************/
nfc_ncif_proc_charging_status(uint8_t * p,uint8_t len)948 void nfc_ncif_proc_charging_status(uint8_t* p, uint8_t len) {
949 tNFC_DISCOVER evt_data;
950
951 if (len != 1) {
952 evt_data.status = NCI_STATUS_FAILED;
953 LOG(ERROR) << StringPrintf("%s: bad len=0x%x", __func__, len);
954 goto invalid_packet;
955 }
956
957 evt_data.status = NCI_STATUS_OK;
958 /* Return WPT End Condition */
959 evt_data.wpt_result = *p;
960
961 LOG(VERBOSE) << StringPrintf("%s: wpt_result=%d", __func__,
962 evt_data.wpt_result);
963
964 invalid_packet:
965 if (nfc_cb.p_discv_cback) {
966 (*nfc_cb.p_discv_cback)(NFC_WPT_RESULT_DEVT, &evt_data);
967 }
968 }
969
970 /*******************************************************************************
971 **
972 ** Function nfc_ncif_proc_activate
973 **
974 ** Description This function is called to process de-activate
975 ** response and notification
976 **
977 ** Returns void
978 **
979 *******************************************************************************/
nfc_ncif_proc_activate(uint8_t * p,uint8_t len)980 void nfc_ncif_proc_activate(uint8_t* p, uint8_t len) {
981 tNFC_DISCOVER evt_data;
982 tNFC_INTF_PARAMS* p_intf = &evt_data.activate.intf_param;
983 tNFC_INTF_PA_ISO_DEP* p_pa_iso;
984 tNFC_INTF_LB_ISO_DEP* p_lb_iso;
985 tNFC_INTF_PB_ISO_DEP* p_pb_iso;
986 uint8_t t0;
987 tNCI_DISCOVERY_TYPE mode;
988 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
989 uint8_t *pp, len_act;
990 uint8_t buff_size, num_buff;
991 tNFC_RF_PA_PARAMS* p_pa;
992 uint8_t plen = len, pplen = 0;
993
994 nfc_set_state(NFC_STATE_OPEN);
995
996 memset(p_intf, 0, sizeof(tNFC_INTF_PARAMS));
997 // validate packet length should be larger than (rf_disc_id + type +
998 // protocol + mode + buff_size + num_buff + length of rf parameters).
999 if (plen < 7) {
1000 evt_data.status = NCI_STATUS_FAILED;
1001 goto invalid_packet;
1002 }
1003 plen -= 7;
1004
1005 evt_data.activate.rf_disc_id = *p++;
1006 p_intf->type = *p++;
1007 evt_data.activate.protocol = *p++;
1008
1009 if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
1010 evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
1011
1012 evt_data.activate.rf_tech_param.mode = *p++;
1013 buff_size = *p++;
1014 num_buff = *p++;
1015 /* fill in tNFC_activate_DEVT */
1016 // validate remaining packet length should be larger than (rf_tech_param +
1017 // data_mode + tx_bitrate + rx_bitrte + len_act).
1018 if (plen < *p + 4) {
1019 evt_data.status = NCI_STATUS_FAILED;
1020 goto invalid_packet;
1021 }
1022 plen -= (*p + 4);
1023 p = nfc_ncif_decode_rf_params(&evt_data.activate.rf_tech_param, p);
1024
1025 evt_data.activate.data_mode = *p++;
1026 evt_data.activate.tx_bitrate = *p++;
1027 evt_data.activate.rx_bitrate = *p++;
1028 mode = evt_data.activate.rf_tech_param.mode;
1029 len_act = *p++;
1030 LOG(VERBOSE) << StringPrintf("%s:%d %d, mode=0x%02x", __func__, len, len_act,
1031 mode);
1032 /* just in case the interface reports activation parameters not defined in the
1033 * NCI spec */
1034 p_intf->intf_param.frame.param_len = len_act;
1035 if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
1036 p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
1037 pp = p;
1038
1039 if (plen < p_intf->intf_param.frame.param_len) {
1040 evt_data.status = NCI_STATUS_FAILED;
1041 goto invalid_packet;
1042 }
1043 STREAM_TO_ARRAY(p_intf->intf_param.frame.param, pp,
1044 p_intf->intf_param.frame.param_len);
1045 if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP) {
1046 /* Make max payload of NCI aligned to max payload of ISO-DEP for better
1047 * performance */
1048 if (buff_size > NCI_ISO_DEP_MAX_INFO) buff_size = NCI_ISO_DEP_MAX_INFO;
1049
1050 switch (mode) {
1051 case NCI_DISCOVERY_TYPE_POLL_A:
1052 p_pa_iso = &p_intf->intf_param.pa_iso;
1053
1054 if (plen < 1) {
1055 evt_data.status = NCI_STATUS_FAILED;
1056 goto invalid_packet;
1057 }
1058 plen--;
1059 p_pa_iso->ats_res_len = *p++;
1060
1061 if (p_pa_iso->ats_res_len == 0) break;
1062
1063 if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
1064 p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
1065
1066 if (plen < p_pa_iso->ats_res_len) {
1067 evt_data.status = NCI_STATUS_FAILED;
1068 goto invalid_packet;
1069 }
1070 plen -= p_pa_iso->ats_res_len;
1071 STREAM_TO_ARRAY(p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
1072
1073 pplen = p_pa_iso->ats_res_len;
1074 pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
1075 t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
1076 pp++; /* T0 */
1077 pplen--;
1078 if (t0 & NCI_ATS_TA_MASK) {
1079 if (pplen < 1) {
1080 evt_data.status = NCI_STATUS_FAILED;
1081 goto invalid_packet;
1082 }
1083 pplen--;
1084 pp++; /* TA */
1085 }
1086 if (t0 & NCI_ATS_TB_MASK) {
1087 /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time
1088 * Integer) */
1089 if (pplen < 1) {
1090 evt_data.status = NCI_STATUS_FAILED;
1091 goto invalid_packet;
1092 }
1093 pplen--;
1094 p_pa_iso->fwi = (((*pp) >> 4) & 0x0F);
1095 p_pa_iso->sfgi = ((*pp) & 0x0F);
1096 pp++; /* TB */
1097 }
1098 if (t0 & NCI_ATS_TC_MASK) {
1099 if (pplen < 1) {
1100 evt_data.status = NCI_STATUS_FAILED;
1101 goto invalid_packet;
1102 }
1103 pplen--;
1104 p_pa_iso->nad_used = ((*pp) & 0x01);
1105 pp++; /* TC */
1106 }
1107 p_pa_iso->his_byte_len =
1108 (uint8_t)(p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
1109 if (p_pa_iso->his_byte_len > NFC_MAX_HIS_BYTES_LEN)
1110 p_pa_iso->his_byte_len = NFC_MAX_HIS_BYTES_LEN;
1111 if (pplen < p_pa_iso->his_byte_len) {
1112 evt_data.status = NCI_STATUS_FAILED;
1113 goto invalid_packet;
1114 }
1115 memcpy(p_pa_iso->his_byte, pp, p_pa_iso->his_byte_len);
1116 break;
1117
1118 case NCI_DISCOVERY_TYPE_LISTEN_A:
1119 if (plen < 1) {
1120 evt_data.status = NCI_STATUS_FAILED;
1121 goto invalid_packet;
1122 }
1123 plen--;
1124 p_intf->intf_param.la_iso.rats = *p++;
1125 gettimeofday(&timer_start, nullptr);
1126 break;
1127
1128 case NCI_DISCOVERY_TYPE_POLL_B:
1129 /* ATTRIB RSP
1130 Byte 1 Byte 2 ~ 2+n-1
1131 MBLI/DID Higher layer - Response
1132 */
1133 p_pb_iso = &p_intf->intf_param.pb_iso;
1134
1135 if (plen < 1) {
1136 evt_data.status = NCI_STATUS_FAILED;
1137 goto invalid_packet;
1138 }
1139 plen--;
1140 p_pb_iso->attrib_res_len = *p++;
1141
1142 if (p_pb_iso->attrib_res_len == 0) break;
1143
1144 if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
1145 p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
1146
1147 if (plen < p_pb_iso->attrib_res_len) {
1148 evt_data.status = NCI_STATUS_FAILED;
1149 goto invalid_packet;
1150 }
1151 plen -= p_pb_iso->attrib_res_len;
1152 STREAM_TO_ARRAY(p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
1153 p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
1154 if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES) {
1155 p_pb_iso->hi_info_len =
1156 p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
1157 if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1158 p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1159 memcpy(p_pb_iso->hi_info,
1160 &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES],
1161 p_pb_iso->hi_info_len);
1162 }
1163 break;
1164
1165 case NCI_DISCOVERY_TYPE_LISTEN_B:
1166 /* ATTRIB CMD
1167 Byte 2~5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 ~ 10+k-1
1168 NFCID0 Param 1 Param 2 Param 3 Param 4 Higher layer - INF
1169 */
1170 p_lb_iso = &p_intf->intf_param.lb_iso;
1171
1172 if (plen < 1) {
1173 evt_data.status = NCI_STATUS_FAILED;
1174 goto invalid_packet;
1175 }
1176 plen--;
1177 p_lb_iso->attrib_req_len = *p++;
1178
1179 if (p_lb_iso->attrib_req_len == 0) break;
1180
1181 if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
1182 p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
1183
1184 if (plen < p_lb_iso->attrib_req_len) {
1185 evt_data.status = NCI_STATUS_FAILED;
1186 goto invalid_packet;
1187 }
1188 plen -= p_lb_iso->attrib_req_len;
1189 STREAM_TO_ARRAY(p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
1190
1191 if (p_lb_iso->attrib_req_len < NFC_NFCID0_MAX_LEN) {
1192 evt_data.status = NCI_STATUS_FAILED;
1193 goto invalid_packet;
1194 }
1195 memcpy(p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
1196 if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES) {
1197 p_lb_iso->hi_info_len =
1198 p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
1199 if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1200 p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1201 memcpy(p_lb_iso->hi_info,
1202 &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES],
1203 p_lb_iso->hi_info_len);
1204 }
1205 gettimeofday(&timer_start, nullptr);
1206 break;
1207 }
1208
1209 } else if ((evt_data.activate.intf_param.type == NCI_INTERFACE_FRAME) &&
1210 (evt_data.activate.protocol == NCI_PROTOCOL_T1T)) {
1211 p_pa = &evt_data.activate.rf_tech_param.param.pa;
1212 if ((len_act == NCI_T1T_HR_LEN) && (p_pa->hr_len == 0)) {
1213 p_pa->hr_len = NCI_T1T_HR_LEN;
1214
1215 if (plen < 2) {
1216 evt_data.status = NCI_STATUS_FAILED;
1217 goto invalid_packet;
1218 }
1219 plen -= 2;
1220 p_pa->hr[0] = *p++;
1221 p_pa->hr[1] = *p++;
1222 }
1223 }
1224
1225 p_cb->act_protocol = evt_data.activate.protocol;
1226 p_cb->act_interface = evt_data.activate.intf_param.type;
1227 p_cb->buff_size = buff_size;
1228 p_cb->num_buff = num_buff;
1229 p_cb->init_credits = num_buff;
1230
1231 invalid_packet:
1232 if (nfc_cb.p_discv_cback) {
1233 (*nfc_cb.p_discv_cback)(NFC_ACTIVATE_DEVT, &evt_data);
1234 }
1235 }
1236
1237 /*******************************************************************************
1238 **
1239 ** Function nfc_ncif_proc_deactivate
1240 **
1241 ** Description This function is called to process de-activate
1242 ** response and notification
1243 **
1244 ** Returns void
1245 **
1246 *******************************************************************************/
nfc_ncif_proc_deactivate(uint8_t status,uint8_t deact_type,bool is_ntf)1247 void nfc_ncif_proc_deactivate(uint8_t status, uint8_t deact_type, bool is_ntf) {
1248 tNFC_DISCOVER evt_data;
1249 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1250 void* p_data;
1251
1252 nfc_set_state(NFC_STATE_IDLE);
1253 evt_data.deactivate.status = status;
1254 evt_data.deactivate.type = deact_type;
1255 evt_data.deactivate.is_ntf = is_ntf;
1256 if (NFC_GetNCIVersion() >= NCI_VERSION_2_0) {
1257 evt_data.deactivate.reason = nfc_cb.deact_reason;
1258 }
1259
1260 while ((p_data = GKI_dequeue(&p_cb->rx_q)) != nullptr) {
1261 GKI_freebuf(p_data);
1262 }
1263
1264 while ((p_data = GKI_dequeue(&p_cb->tx_q)) != nullptr) {
1265 GKI_freebuf(p_data);
1266 }
1267
1268 if (p_cb->p_cback) {
1269 tNFC_CONN nfc_conn;
1270 nfc_conn.deactivate = evt_data.deactivate;
1271 (*p_cb->p_cback)(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &nfc_conn);
1272 }
1273
1274 if (nfc_cb.p_discv_cback) {
1275 (*nfc_cb.p_discv_cback)(NFC_DEACTIVATE_DEVT, &evt_data);
1276 }
1277
1278 // clear previous stored tick count if not comsumed
1279 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
1280 memset(&timer_start, 0, sizeof(timer_start));
1281 }
1282 }
1283 /*******************************************************************************
1284 **
1285 ** Function nfc_ncif_proc_ee_action
1286 **
1287 ** Description This function is called to process NFCEE ACTION NTF
1288 **
1289 ** Returns void
1290 **
1291 *******************************************************************************/
1292 #if (NFC_NFCEE_INCLUDED == TRUE && NFC_RW_ONLY == FALSE)
nfc_ncif_proc_ee_action(uint8_t * p,uint16_t plen)1293 void nfc_ncif_proc_ee_action(uint8_t* p, uint16_t plen) {
1294 tNFC_EE_ACTION_REVT evt_data;
1295 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1296 tNFC_RESPONSE nfc_response;
1297 uint8_t data_len, ulen, tag, *p_data;
1298 uint8_t max_len;
1299
1300 if (p_cback) {
1301 memset(&evt_data.act_data, 0, sizeof(tNFC_ACTION_DATA));
1302 if (plen > 3) {
1303 plen -= 3;
1304 } else {
1305 evt_data.status = NFC_STATUS_FAILED;
1306 evt_data.nfcee_id = 0;
1307 nfc_response.ee_action = evt_data;
1308 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1309 android_errorWriteLog(0x534e4554, "157649306");
1310 return;
1311 }
1312 evt_data.status = NFC_STATUS_OK;
1313 evt_data.nfcee_id = *p++;
1314 evt_data.act_data.trigger = *p++;
1315 data_len = *p++;
1316 if (data_len > plen) data_len = (uint8_t)plen;
1317
1318 switch (evt_data.act_data.trigger) {
1319 case NCI_EE_TRIG_7816_SELECT:
1320 if (data_len > NFC_MAX_AID_LEN) data_len = NFC_MAX_AID_LEN;
1321 evt_data.act_data.param.aid.len_aid = data_len;
1322 STREAM_TO_ARRAY(evt_data.act_data.param.aid.aid, p, data_len);
1323 break;
1324 case NCI_EE_TRIG_RF_PROTOCOL:
1325 evt_data.act_data.param.protocol = *p++;
1326 break;
1327 case NCI_EE_TRIG_RF_TECHNOLOGY:
1328 evt_data.act_data.param.technology = *p++;
1329 break;
1330 case NCI_EE_TRIG_APP_INIT:
1331 while (data_len > NFC_TL_SIZE) {
1332 data_len -= NFC_TL_SIZE;
1333 tag = *p++;
1334 ulen = *p++;
1335 if (ulen > data_len) ulen = data_len;
1336 p_data = nullptr;
1337 max_len = ulen;
1338 switch (tag) {
1339 case NCI_EE_ACT_TAG_AID: /* AID */
1340 if (max_len > NFC_MAX_AID_LEN) max_len = NFC_MAX_AID_LEN;
1341 evt_data.act_data.param.app_init.len_aid = max_len;
1342 p_data = evt_data.act_data.param.app_init.aid;
1343 break;
1344 case NCI_EE_ACT_TAG_DATA: /* hex data for app */
1345 if (max_len > NFC_MAX_APP_DATA_LEN)
1346 max_len = NFC_MAX_APP_DATA_LEN;
1347 evt_data.act_data.param.app_init.len_data = max_len;
1348 p_data = evt_data.act_data.param.app_init.data;
1349 break;
1350 }
1351 if (p_data) {
1352 STREAM_TO_ARRAY(p_data, p, max_len);
1353 }
1354 data_len -= ulen;
1355 }
1356 break;
1357 }
1358 nfc_response.ee_action = evt_data;
1359 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1360 }
1361 }
1362
1363 /*******************************************************************************
1364 **
1365 ** Function nfc_ncif_proc_ee_discover_req
1366 **
1367 ** Description This function is called to process NFCEE DISCOVER REQ NTF
1368 **
1369 ** Returns void
1370 **
1371 *******************************************************************************/
nfc_ncif_proc_ee_discover_req(uint8_t * p,uint16_t plen)1372 void nfc_ncif_proc_ee_discover_req(uint8_t* p, uint16_t plen) {
1373 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1374 tNFC_EE_DISCOVER_REQ_REVT ee_disc_req;
1375 tNFC_EE_DISCOVER_INFO* p_info;
1376 uint8_t u8;
1377
1378 if (!plen) {
1379 android_errorWriteLog(0x534e4554, "221856662");
1380 return;
1381 }
1382
1383 if (!plen) {
1384 android_errorWriteLog(0x534e4554, "221856662");
1385 return;
1386 }
1387
1388 if (*p > NFC_MAX_EE_DISC_ENTRIES) {
1389 android_errorWriteLog(0x534e4554, "122361874");
1390 LOG(ERROR) << __func__ << ": Exceed NFC_MAX_EE_DISC_ENTRIES";
1391 return;
1392 }
1393
1394 LOG(VERBOSE) << StringPrintf("%s: %d len=%d", __func__, *p, plen);
1395
1396 if (p_cback) {
1397 u8 = *p;
1398 ee_disc_req.status = NFC_STATUS_OK;
1399 ee_disc_req.num_info = *p++;
1400 p_info = ee_disc_req.info;
1401 if (plen) plen--;
1402 while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN)) {
1403 p_info->op = *p++; /* T */
1404 if (*p != NFC_EE_DISCOVER_INFO_LEN) /* L */
1405 {
1406 LOG(VERBOSE) << StringPrintf("%s: bad entry len=%d", __func__, *p);
1407 return;
1408 }
1409 p++;
1410 /* V */
1411 p_info->nfcee_id = *p++;
1412 p_info->tech_n_mode = *p++;
1413 p_info->protocol = *p++;
1414 u8--;
1415 plen -= NFC_EE_DISCOVER_ENTRY_LEN;
1416 p_info++;
1417 }
1418 tNFC_RESPONSE nfc_response;
1419 nfc_response.ee_discover_req = ee_disc_req;
1420 (*p_cback)(NFC_EE_DISCOVER_REQ_REVT, &nfc_response);
1421 }
1422 }
1423
1424 /*******************************************************************************
1425 **
1426 ** Function nfc_ncif_proc_get_routing
1427 **
1428 ** Description This function is called to process get routing notification
1429 **
1430 ** Returns void
1431 **
1432 *******************************************************************************/
nfc_ncif_proc_get_routing(uint8_t * p,uint8_t len)1433 void nfc_ncif_proc_get_routing(uint8_t* p, uint8_t len) {
1434 tNFC_GET_ROUTING_REVT evt_data;
1435 uint8_t more, num_entries, xx, *pn;
1436 tNFC_STATUS status = NFC_STATUS_CONTINUE;
1437
1438 if (len >= 2 && nfc_cb.p_resp_cback) {
1439 more = *p++;
1440 num_entries = *p++;
1441 if (num_entries == 0) return;
1442 len -= 2;
1443 if (len < 2) {
1444 LOG(ERROR) << StringPrintf("%s: Invalid len=%d", __func__, len);
1445 return;
1446 }
1447 for (xx = 0; xx < num_entries; xx++) {
1448 if ((more == false) && (xx == (num_entries - 1))) status = NFC_STATUS_OK;
1449 evt_data.status = (tNFC_STATUS)status;
1450 if (len >= 2)
1451 len -= 2;
1452 else
1453 return;
1454 evt_data.qualifier_type = *p++;
1455 evt_data.num_tlvs = 1;
1456 evt_data.tlv_size = *p++;
1457 if (evt_data.tlv_size > NFC_MAX_EE_TLV_SIZE) {
1458 android_errorWriteLog(0x534e4554, "117554809");
1459 LOG(ERROR) << __func__ << ": Invalid data format";
1460 return;
1461 }
1462 if (evt_data.tlv_size > len) {
1463 LOG(ERROR) << StringPrintf("%s: Invalid evt_data.tlv_size", __func__);
1464 return;
1465 } else
1466 len -= evt_data.tlv_size;
1467 pn = evt_data.param_tlvs;
1468 STREAM_TO_ARRAY(pn, p, evt_data.tlv_size);
1469 tNFC_RESPONSE nfc_response;
1470 nfc_response.get_routing = evt_data;
1471 (*nfc_cb.p_resp_cback)(NFC_GET_ROUTING_REVT, &nfc_response);
1472 }
1473 }
1474 }
1475 #endif
1476
1477 /*******************************************************************************
1478 **
1479 ** Function nfc_ncif_proc_conn_create_rsp
1480 **
1481 ** Description This function is called to process connection create
1482 ** response
1483 **
1484 ** Returns void
1485 **
1486 *******************************************************************************/
nfc_ncif_proc_conn_create_rsp(uint8_t * p,uint16_t plen,uint8_t dest_type)1487 void nfc_ncif_proc_conn_create_rsp(uint8_t* p,
1488 __attribute__((unused)) uint16_t plen,
1489 uint8_t dest_type) {
1490 tNFC_CONN_CB* p_cb;
1491 tNFC_STATUS status;
1492 tNFC_CONN_CBACK* p_cback;
1493 tNFC_CONN evt_data;
1494 uint8_t conn_id;
1495
1496 /* find the pending connection control block */
1497 p_cb = nfc_find_conn_cb_by_conn_id(NFC_PEND_CONN_ID);
1498 if (p_cb) {
1499 p += NCI_MSG_HDR_SIZE;
1500 status = *p++;
1501 p_cb->buff_size = *p++;
1502 p_cb->num_buff = p_cb->init_credits = *p++;
1503 conn_id = *p++;
1504 if (conn_id > NFC_MAX_CONN_ID) {
1505 status = NCI_STATUS_FAILED;
1506 conn_id = NFC_ILLEGAL_CONN_ID;
1507 }
1508 evt_data.conn_create.status = status;
1509 evt_data.conn_create.dest_type = dest_type;
1510 evt_data.conn_create.id = p_cb->id;
1511 evt_data.conn_create.buff_size = p_cb->buff_size;
1512 evt_data.conn_create.num_buffs = p_cb->num_buff;
1513 p_cback = p_cb->p_cback;
1514 if (status == NCI_STATUS_OK) {
1515 nfc_set_conn_id(p_cb, conn_id);
1516 } else {
1517 nfc_free_conn_cb(p_cb);
1518 }
1519
1520 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
1521 }
1522 }
1523
1524 /*******************************************************************************
1525 **
1526 ** Function nfc_ncif_report_conn_close_evt
1527 **
1528 ** Description This function is called to report connection close event
1529 **
1530 ** Returns void
1531 **
1532 *******************************************************************************/
nfc_ncif_report_conn_close_evt(uint8_t conn_id,tNFC_STATUS status)1533 void nfc_ncif_report_conn_close_evt(uint8_t conn_id, tNFC_STATUS status) {
1534 tNFC_CONN evt_data;
1535 tNFC_CONN_CBACK* p_cback;
1536 tNFC_CONN_CB* p_cb;
1537
1538 p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1539 if (p_cb) {
1540 p_cback = p_cb->p_cback;
1541 nfc_free_conn_cb(p_cb);
1542 evt_data.status = status;
1543 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
1544 }
1545 }
1546
1547 /*******************************************************************************
1548 **
1549 ** Function nfc_ncif_proc_reset_rsp
1550 **
1551 ** Description This function is called to process reset
1552 ** response/notification
1553 **
1554 ** Returns void
1555 **
1556 *******************************************************************************/
nfc_ncif_proc_reset_rsp(uint8_t * p,bool is_ntf)1557 void nfc_ncif_proc_reset_rsp(uint8_t* p, bool is_ntf) {
1558 uint8_t* p_len = p - 1;
1559 uint8_t status = NCI_STATUS_FAILED;
1560 uint8_t wait_for_ntf = FALSE;
1561
1562 status = *p_len > 0 ? *p++ : NCI_STATUS_FAILED;
1563 if (*p_len > 2 && is_ntf) {
1564 LOG(WARNING) << StringPrintf("%s: reset notification!!=0x%x ", __func__,
1565 status);
1566 /* clean up, if the state is OPEN
1567 * FW does not report reset ntf right now */
1568 if (status == NCI2_X_RESET_TRIGGER_TYPE_CORE_RESET_CMD_RECEIVED ||
1569 status == NCI2_X_RESET_TRIGGER_TYPE_POWERED_ON) {
1570 LOG(VERBOSE) << StringPrintf("%s: status=0x%x nfc_state=0x%x", __func__,
1571 status, nfc_cb.nfc_state);
1572 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
1573 p++;
1574 STREAM_TO_UINT8(nfc_cb.nci_version, p);
1575 LOG(VERBOSE) << StringPrintf("%s: nci_version%x", __func__,
1576 nfc_cb.nci_version);
1577 status = NCI_STATUS_OK;
1578 } else {
1579 /* CORE_RESET_NTF received error case , trigger recovery*/
1580 LOG(ERROR) << StringPrintf("%s: status=0x%x nfc_state=0x%x", __func__,
1581 status, nfc_cb.nfc_state);
1582 nfc_ncif_cmd_timeout();
1583 status = NCI_STATUS_FAILED;
1584 }
1585 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
1586 /*if any conn_cb is connected, close it.
1587 if any pending outgoing packets are dropped.*/
1588 nfc_reset_all_conn_cbs();
1589 }
1590 } else {
1591 LOG(VERBOSE) << StringPrintf("%s: len =0x%x ", __func__, *p_len);
1592 if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_2_0)) {
1593 wait_for_ntf = TRUE;
1594 } else if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_1_0)) {
1595 nfc_cb.nci_version = NCI_VERSION_1_0;
1596 }
1597 }
1598
1599 if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
1600 nfc_reset_all_conn_cbs();
1601 }
1602
1603 if (status == NCI_STATUS_OK) {
1604 if (wait_for_ntf == TRUE) {
1605 /* reset version reported by NFCC is NCI2.0 , start a timer for 2000ms to
1606 * wait for NTF*/
1607 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
1608 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
1609 nfc_cb.nci_wait_rsp_tout);
1610 } else {
1611 if (nfc_cb.nci_version == NCI_VERSION_1_0)
1612 nci_snd_core_init(NCI_VERSION_1_0);
1613 else
1614 nci_snd_core_init(NCI_VERSION_2_0);
1615 }
1616 } else {
1617 LOG(ERROR) << StringPrintf("%s: Failed to reset NFCC", __func__);
1618 nfc_enabled(status, nullptr);
1619 }
1620 }
1621
1622 /*******************************************************************************
1623 **
1624 ** Function nfc_ncif_proc_init_rsp
1625 **
1626 ** Description This function is called to process init response
1627 **
1628 ** Returns void
1629 **
1630 *******************************************************************************/
nfc_ncif_proc_init_rsp(NFC_HDR * p_msg)1631 void nfc_ncif_proc_init_rsp(NFC_HDR* p_msg) {
1632 uint8_t *p, status;
1633 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1634
1635 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1636
1637 /* handle init params in nfc_enabled */
1638 status = *(p + NCI_MSG_HDR_SIZE);
1639 if (status == NCI_STATUS_OK) {
1640 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1641 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1642 } else {
1643 p_cb->id = NFC_RF_CONN_ID;
1644 // check scbr bit as per NCI 2.0 spec
1645 nfc_cb.isScbrSupported = p[5] & NCI_SCBR_MASK;
1646 LOG(VERBOSE) << StringPrintf("%s: scbr support=0x%x", __func__,
1647 nfc_cb.isScbrSupported);
1648 p_cb->act_protocol = NCI_PROTOCOL_UNKNOWN;
1649
1650 nfc_set_state(NFC_STATE_W4_POST_INIT_CPLT);
1651
1652 nfc_cb.p_nci_init_rsp = p_msg;
1653 nfc_cb.p_hal->core_initialized(p_msg->len, p);
1654 }
1655 } else {
1656 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1657 nfc_cb.nci_version = NCI_VERSION_1_0;
1658 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1659 } else {
1660 nfc_enabled(status, nullptr);
1661 GKI_freebuf(p_msg);
1662 }
1663 }
1664 }
1665
1666 /*******************************************************************************
1667 **
1668 ** Function nfc_ncif_proc_get_config_rsp
1669 **
1670 ** Description This function is called to process get config response
1671 **
1672 ** Returns void
1673 **
1674 *******************************************************************************/
nfc_ncif_proc_get_config_rsp(NFC_HDR * p_evt)1675 void nfc_ncif_proc_get_config_rsp(NFC_HDR* p_evt) {
1676 uint8_t* p;
1677 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1678 tNFC_RESPONSE evt_data;
1679
1680 p_evt->offset += NCI_MSG_HDR_SIZE;
1681 p_evt->len -= NCI_MSG_HDR_SIZE;
1682 if (p_cback) {
1683 p = (uint8_t*)(p_evt + 1) + p_evt->offset;
1684 evt_data.get_config.status = *p++;
1685 evt_data.get_config.tlv_size = p_evt->len;
1686 evt_data.get_config.p_param_tlvs = p;
1687 (*p_cback)(NFC_GET_CONFIG_REVT, &evt_data);
1688 }
1689 }
1690
1691 /*******************************************************************************
1692 **
1693 ** Function nfc_ncif_proc_t3t_polling_rsp
1694 **
1695 ** Description Handle NCI_MSG_RF_T3T_POLLING RSP
1696 **
1697 ** Returns void
1698 **
1699 *******************************************************************************/
nfc_ncif_proc_t3t_polling_rsp(uint8_t status)1700 void nfc_ncif_proc_t3t_polling_rsp(uint8_t status) {
1701 rw_t3t_handle_nci_poll_rsp(status);
1702 }
1703
1704 /*******************************************************************************
1705 **
1706 ** Function nfc_ncif_proc_t3t_polling_ntf
1707 **
1708 ** Description Handle NCI_MSG_RF_T3T_POLLING NTF
1709 **
1710 ** Returns void
1711 **
1712 *******************************************************************************/
nfc_ncif_proc_t3t_polling_ntf(uint8_t * p,uint16_t plen)1713 void nfc_ncif_proc_t3t_polling_ntf(uint8_t* p, uint16_t plen) {
1714 uint8_t status;
1715 uint8_t num_responses;
1716
1717 if (plen < NFC_TL_SIZE) {
1718 return;
1719 }
1720
1721 /* Pass result to RW_T3T for processing */
1722 STREAM_TO_UINT8(status, p);
1723 STREAM_TO_UINT8(num_responses, p);
1724 plen -= NFC_TL_SIZE;
1725 rw_t3t_handle_nci_poll_ntf(status, num_responses, (uint8_t)plen, p);
1726 }
1727
1728 /*******************************************************************************
1729 **
1730 ** Function nfc_data_event
1731 **
1732 ** Description Report Data event on the given connection control block
1733 **
1734 ** Returns void
1735 **
1736 *******************************************************************************/
nfc_data_event(tNFC_CONN_CB * p_cb)1737 void nfc_data_event(tNFC_CONN_CB* p_cb) {
1738 NFC_HDR* p_evt;
1739 tNFC_DATA_CEVT data_cevt;
1740 uint8_t* p;
1741 if (!gki_utils) {
1742 gki_utils = new GkiUtils();
1743 }
1744
1745 if (p_cb->p_cback) {
1746 while ((p_evt = (NFC_HDR*)GKI_getfirst(&p_cb->rx_q)) != nullptr) {
1747 if (p_evt->layer_specific & NFC_RAS_FRAGMENTED) {
1748 /* Not the last fragment */
1749 if (!(p_evt->layer_specific & NFC_RAS_TOO_BIG)) {
1750 /* buffer can hold more */
1751 if ((p_cb->conn_id != NFC_RF_CONN_ID) || (nfc_cb.reassembly)) {
1752 /* If not rf connection or If rf connection and reassembly
1753 * requested,
1754 * try to Reassemble next packet */
1755 break;
1756 }
1757 }
1758 }
1759
1760 p_evt = (NFC_HDR*)GKI_dequeue(&p_cb->rx_q);
1761 if (p_evt == nullptr) {
1762 LOG(ERROR) << StringPrintf("%s: p_evt is null", __func__);
1763 return;
1764 }
1765 /* report data event */
1766 p_evt->offset += NCI_MSG_HDR_SIZE;
1767 p_evt->len -= NCI_MSG_HDR_SIZE;
1768
1769 if (p_evt->layer_specific)
1770 data_cevt.status = NFC_STATUS_CONTINUE;
1771 else {
1772 nfc_cb.reassembly = true;
1773 data_cevt.status = NFC_STATUS_OK;
1774 }
1775
1776 data_cevt.p_data = p_evt;
1777 /* adjust payload, if needed */
1778 if (p_cb->conn_id == NFC_RF_CONN_ID && p_evt->len) {
1779 /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status
1780 * byte needs to be removed
1781 */
1782 if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) &&
1783 (p_cb->act_protocol <= NCI_PROTOCOL_T3T)) {
1784 p_evt->len--;
1785 p = (uint8_t*)(p_evt + 1);
1786 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1787 if ((NFC_GetNCIVersion() >= NCI_VERSION_2_0) &&
1788 (p_cb->act_protocol == NCI_PROTOCOL_T2T) &&
1789 (p_cb->act_interface == NCI_INTERFACE_FRAME)) {
1790 if ((data_cevt.status != NFC_STATUS_OK) &&
1791 ((data_cevt.status >= T2T_STATUS_OK_1_BIT) &&
1792 (data_cevt.status <= T2T_STATUS_OK_7_BIT))) {
1793 LOG(VERBOSE) << StringPrintf("%s: T2T tag data xchange", __func__);
1794 data_cevt.status = NFC_STATUS_OK;
1795 }
1796 }
1797 }
1798 if ((NFC_GetNCIVersion() >= NCI_VERSION_2_0) &&
1799 (p_cb->act_protocol == NCI_PROTOCOL_T5T)) {
1800 p_evt->len--;
1801 p = (uint8_t*)(p_evt + 1);
1802 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1803 }
1804 }
1805 tNFC_CONN nfc_conn;
1806 nfc_conn.data = data_cevt;
1807 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_CEVT, &nfc_conn);
1808 p_evt = nullptr;
1809 }
1810 }
1811 }
1812
1813 /*******************************************************************************
1814 **
1815 ** Function nfc_ncif_proc_data
1816 **
1817 ** Description Find the connection control block associated with the data
1818 ** packet. Assemble the data packet, if needed.
1819 ** Report the Data event.
1820 **
1821 ** Returns void
1822 **
1823 *******************************************************************************/
nfc_ncif_proc_data(NFC_HDR * p_msg)1824 void nfc_ncif_proc_data(NFC_HDR* p_msg) {
1825 uint8_t *pp, cid;
1826 tNFC_CONN_CB* p_cb;
1827 uint8_t pbf;
1828 NFC_HDR* p_last;
1829 uint8_t *ps, *pd;
1830 uint16_t size;
1831 NFC_HDR* p_max = nullptr;
1832 uint16_t len;
1833 if (!gki_utils) {
1834 gki_utils = new GkiUtils();
1835 }
1836
1837 pp = (uint8_t*)(p_msg + 1) + p_msg->offset;
1838 LOG(VERBOSE) << StringPrintf("%s: 0x%02x%02x%02x", __func__, pp[0], pp[1],
1839 pp[2]);
1840 NCI_DATA_PRS_HDR(pp, pbf, cid, len);
1841 p_cb = nfc_find_conn_cb_by_conn_id(cid);
1842 if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE)) {
1843 LOG(VERBOSE) << StringPrintf("%s: len=%d", __func__, len);
1844
1845 len = p_msg->len - NCI_MSG_HDR_SIZE;
1846 p_msg->layer_specific = 0;
1847 if (pbf) {
1848 NFC_SetReassemblyFlag(true);
1849 p_msg->layer_specific = NFC_RAS_FRAGMENTED;
1850 }
1851 p_last = (NFC_HDR*)gki_utils->getlast(&p_cb->rx_q);
1852 if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
1853 /* last data buffer is not last fragment, append this new packet to the
1854 * last */
1855 size = GKI_get_buf_size(p_last);
1856 if (size < (NFC_HDR_SIZE + p_last->len + p_last->offset + len)) {
1857 /* the current size of p_last is not big enough to hold the new
1858 * fragment, p_msg */
1859 if (size != GKI_MAX_BUF_SIZE) {
1860 /* try the biggest GKI pool */
1861 p_max = (NFC_HDR*)gki_utils->getpoolbuf(GKI_MAX_BUF_SIZE_POOL_ID);
1862 if (p_max) {
1863 /* copy the content of last buffer to the new buffer */
1864 memcpy(p_max, p_last, NFC_HDR_SIZE);
1865 pd = (uint8_t*)(p_max + 1) + p_max->offset;
1866 ps = (uint8_t*)(p_last + 1) + p_last->offset;
1867 memcpy(pd, ps, p_last->len);
1868
1869 /* place the new buffer in the queue instead */
1870 gki_utils->remove_from_queue(&p_cb->rx_q, p_last);
1871 gki_utils->freebuf(p_last);
1872 gki_utils->enqueue(&p_cb->rx_q, p_max);
1873 p_last = p_max;
1874 }
1875 }
1876 if (p_max == nullptr) {
1877 /* Biggest GKI Pool not available (or)
1878 * Biggest available GKI Pool is not big enough to hold the new
1879 * fragment, p_msg */
1880 p_last->layer_specific |= NFC_RAS_TOO_BIG;
1881 }
1882 }
1883
1884 ps = (uint8_t*)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
1885
1886 if (!(p_last->layer_specific & NFC_RAS_TOO_BIG)) {
1887 pd = (uint8_t*)(p_last + 1) + p_last->offset + p_last->len;
1888 memcpy(pd, ps, len);
1889 p_last->len += len;
1890 /* do not need to update pbf and len in NCI header.
1891 * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
1892 LOG(VERBOSE) << StringPrintf("%s: len=%d", __func__, p_last->len);
1893 p_last->layer_specific = p_msg->layer_specific;
1894 gki_utils->freebuf(p_msg);
1895 nfc_data_event(p_cb);
1896 } else {
1897 /* Not enough memory to add new buffer
1898 * Send data already in queue first with status Continue */
1899 nfc_data_event(p_cb);
1900 /* now enqueue the new buffer to the rx queue */
1901 gki_utils->enqueue(&p_cb->rx_q, p_msg);
1902 }
1903 } else {
1904 /* if this is the first fragment on RF link */
1905 if ((p_msg->layer_specific & NFC_RAS_FRAGMENTED) &&
1906 (p_cb->conn_id == NFC_RF_CONN_ID) && (p_cb->p_cback)) {
1907 /* Indicate upper layer that local device started receiving data */
1908 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_START_CEVT, nullptr);
1909 }
1910 /* enqueue the new buffer to the rx queue */
1911 gki_utils->enqueue(&p_cb->rx_q, p_msg);
1912 nfc_data_event(p_cb);
1913 }
1914 return;
1915 }
1916 gki_utils->freebuf(p_msg);
1917 }
1918
1919 /*******************************************************************************
1920 **
1921 ** Function nfc_ncif_process_proprietary_rsp
1922 **
1923 ** Description Process the response to avoid collision
1924 ** while rawVsCbflag is set
1925 **
1926 ** Returns true if proprietary response else false
1927 **
1928 *******************************************************************************/
nfc_ncif_proc_proprietary_rsp(uint8_t mt,uint8_t gid,uint8_t oid)1929 bool nfc_ncif_proc_proprietary_rsp(uint8_t mt, uint8_t gid, uint8_t oid) {
1930 bool stat = FALSE;
1931 LOG(VERBOSE) << StringPrintf("%s: mt=%u, gid=%u, oid=%u", __func__, mt, gid,
1932 oid);
1933
1934 switch (mt) {
1935 case NCI_MT_DATA:
1936 /* check for Data Response */
1937 if (gid != 0x03 && oid != 0x00) stat = TRUE;
1938 break;
1939
1940 case NCI_MT_NTF:
1941 stat = FALSE;
1942 break;
1943
1944 default:
1945 stat = TRUE;
1946 break;
1947 }
1948 LOG(VERBOSE) << StringPrintf("%s: exit status=%u", __func__, stat);
1949 return stat;
1950 }
1951
1952 /*******************************************************************************
1953 ** Function nfc_mode_set_ntf_timeout
1954 **
1955 ** Description This function is invoked on mode set ntf timeout
1956 **
1957 ** Returns void
1958 **
1959 *******************************************************************************/
nfc_mode_set_ntf_timeout()1960 void nfc_mode_set_ntf_timeout() {
1961 LOG(ERROR) << StringPrintf("%s", __func__);
1962 tNFC_RESPONSE nfc_response;
1963 nfc_response.mode_set.status = NCI_STATUS_FAILED;
1964 nfc_response.mode_set.nfcee_id = *nfc_cb.last_nfcee_cmd;
1965 nfc_response.mode_set.mode = NCI_NFCEE_MD_DEACTIVATE;
1966
1967 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1968 tNFC_RESPONSE_EVT event = NFC_NFCEE_MODE_SET_REVT;
1969 if (p_cback) (*p_cback)(event, &nfc_response);
1970 }
1971