gatt_db.c revision 4dcde90649cc51ca815a50d338a73adb408ab258
1/******************************************************************************
2 *
3 *  Copyright (C) 2009-2012 Broadcom Corporation
4 *
5 *  Licensed under the Apache License, Version 2.0 (the "License");
6 *  you may not use this file except in compliance with the License.
7 *  You may obtain a copy of the License at:
8 *
9 *  http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 *
17 ******************************************************************************/
18
19/******************************************************************************
20 *
21 *  this file contains GATT database building and query functions
22 *
23 ******************************************************************************/
24
25#include "bt_target.h"
26
27#if BLE_INCLUDED == TRUE
28
29#include "bt_trace.h"
30#include "bt_utils.h"
31
32#include <stdio.h>
33#include <string.h>
34#include "gatt_int.h"
35#include "l2c_api.h"
36#include "btm_int.h"
37
38/********************************************************************************
39**              L O C A L    F U N C T I O N     P R O T O T Y P E S            *
40*********************************************************************************/
41static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
42static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm);
43static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
44static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
45
46static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri);
47static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
48                                                UINT16 handle, UINT16 offset, UINT32 trans_id);
49
50/*******************************************************************************
51**
52** Function         gatts_init_service_db
53**
54** Description      This function initialize a memory space to be a service database.
55**
56** Parameter        p_db: database pointer.
57**                  len: size of the memory space.
58**
59** Returns          Status of te operation.
60**
61*******************************************************************************/
62BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID *p_service,  BOOLEAN is_pri,
63                               UINT16 s_hdl, UINT16 num_handle)
64{
65    if (!allocate_svc_db_buf(p_db))
66    {
67        GATT_TRACE_ERROR("gatts_init_service_db failed, no resources");
68        return FALSE;
69    }
70
71    GATT_TRACE_DEBUG("gatts_init_service_db");
72    GATT_TRACE_DEBUG("s_hdl = %d num_handle = %d", s_hdl, num_handle );
73
74    /* update service database information */
75    p_db->next_handle   = s_hdl;
76    p_db->end_handle    = s_hdl + num_handle;
77
78    return gatts_db_add_service_declaration(p_db, p_service, is_pri);
79}
80
81/*******************************************************************************
82**
83** Function         gatts_init_service_db
84**
85** Description      This function initialize a memory space to be a service database.
86**
87** Parameter        p_db: database pointer.
88**                  len: size of the memory space.
89**
90** Returns          Status of te operation.
91**
92*******************************************************************************/
93tBT_UUID * gatts_get_service_uuid (tGATT_SVC_DB *p_db)
94{
95    if (!p_db || !p_db->p_attr_list)
96    {
97        GATT_TRACE_ERROR("service DB empty");
98
99        return NULL;
100    }
101    else
102    {
103        return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
104    }
105}
106
107/*******************************************************************************
108**
109** Function         gatts_check_attr_readability
110**
111** Description      check attribute readability
112**
113** Returns          status of operation.
114**
115*******************************************************************************/
116static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
117                                                 UINT16 offset,
118                                                 BOOLEAN read_long,
119                                                 tGATT_SEC_FLAG sec_flag,
120                                                 UINT8 key_size)
121{
122    UINT16          min_key_size;
123    tGATT_PERM      perm = p_attr->permission;
124
125    UNUSED(offset);
126    min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
127    if (min_key_size != 0 )
128    {
129        min_key_size +=6;
130    }
131
132    if (!(perm & GATT_READ_ALLOWED))
133    {
134        GATT_TRACE_ERROR( "GATT_READ_NOT_PERMIT");
135        return GATT_READ_NOT_PERMIT;
136    }
137
138    if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
139        !(sec_flag & BTM_SEC_FLAG_ENCRYPTED))
140    {
141        GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION");
142        return GATT_INSUF_AUTHENTICATION;
143    }
144
145    if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
146    {
147        GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION: MITM Required");
148        return GATT_INSUF_AUTHENTICATION;
149    }
150
151    if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
152    {
153        GATT_TRACE_ERROR( "GATT_INSUF_ENCRYPTION");
154        return GATT_INSUF_ENCRYPTION;
155    }
156
157    if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
158    {
159        GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE");
160        return GATT_INSUF_KEY_SIZE;
161    }
162
163
164    if (read_long)
165    {
166        switch (p_attr->uuid)
167        {
168            case GATT_UUID_PRI_SERVICE:
169            case GATT_UUID_SEC_SERVICE:
170            case GATT_UUID_CHAR_DECLARE:
171            case GATT_UUID_INCLUDE_SERVICE:
172            case GATT_UUID_CHAR_EXT_PROP:
173            case GATT_UUID_CHAR_CLIENT_CONFIG:
174            case GATT_UUID_CHAR_SRVR_CONFIG:
175            case GATT_UUID_CHAR_PRESENT_FORMAT:
176                GATT_TRACE_ERROR("GATT_NOT_LONG");
177                return GATT_NOT_LONG;
178
179            default:
180                break;
181        }
182    }
183
184    return GATT_SUCCESS;
185}
186
187/*******************************************************************************
188**
189** Function         read_attr_value
190**
191** Description      Utility function to read an attribute value.
192**
193** Parameter        p_attr: pointer to the attribute to read.
194**                  offset: read offset.
195**                  p_value: output parameter to carry out the attribute value.
196**                  p_len: output parameter to carry out the attribute length.
197**                  read_long: this is a read blob request.
198**                  mtu: MTU
199**                  sec_flag: current link security status.
200**                  key_size: encryption key size.
201**
202** Returns          status of operation.
203**
204*******************************************************************************/
205static tGATT_STATUS read_attr_value (void *p_attr,
206                                     UINT16 offset,
207                                     UINT8 **p_data,
208                                     BOOLEAN read_long,
209                                     UINT16 mtu,
210                                     UINT16 *p_len,
211                                     tGATT_SEC_FLAG sec_flag,
212                                     UINT8 key_size)
213{
214    UINT16          len = 0, uuid16 = 0;
215    UINT8           *p = *p_data;
216    tGATT_STATUS    status;
217    UINT16          read_long_uuid=0;
218    tGATT_ATTR16    *p_attr16  = (tGATT_ATTR16  *)p_attr;
219
220    GATT_TRACE_DEBUG("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d",
221                      p_attr16->uuid,
222                      p_attr16->permission,
223                      sec_flag,
224                      offset,
225                      read_long);
226
227    status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
228
229    if (status != GATT_SUCCESS)
230        return status;
231
232    if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
233        uuid16 = p_attr16->uuid;
234
235    status = GATT_NO_RESOURCES;
236
237    if (read_long &&
238        (uuid16 == GATT_UUID_CHAR_DESCRIPTION || uuid16 == GATT_UUID_CHAR_AGG_FORMAT))
239    {
240        read_long_uuid = p_attr16->uuid;
241    }
242
243    if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE)
244    {
245        len = p_attr16->p_value->uuid.len;
246        if (mtu >= p_attr16->p_value->uuid.len)
247        {
248            gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
249            status = GATT_SUCCESS;
250        }
251    }
252    else if (uuid16 == GATT_UUID_CHAR_DECLARE)
253    {
254        len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 :19;
255
256        if (mtu >= len)
257        {
258            UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
259            UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
260
261            if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16)
262            {
263                UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
264            }
265            /* convert a 32bits UUID to 128 bits */
266            else if (((tGATT_ATTR32 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_32)
267            {
268                gatt_convert_uuid32_to_uuid128 (p, ((tGATT_ATTR32 *)(p_attr16->p_next))->uuid);
269                p += LEN_UUID_128;
270            }
271            else
272            {
273                ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
274            }
275            status = GATT_SUCCESS;
276        }
277
278    }
279    else if (uuid16 == GATT_UUID_INCLUDE_SERVICE)
280    {
281        if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16)
282            len = 6;
283        else
284            len = 4;
285
286        if (mtu >= len)
287        {
288            UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
289            UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
290
291            if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16)
292            {
293                UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
294            }
295            status = GATT_SUCCESS;
296        }
297    }
298    else /* characteristic description or characteristic value */
299    {
300        status = GATT_PENDING;
301    }
302
303    *p_len = len;
304    *p_data = p;
305    return status;
306}
307
308/*******************************************************************************
309**
310** Function         gatts_db_read_attr_value_by_type
311**
312** Description      Query attribute value by attribute type.
313**
314** Parameter        p_db: pointer to the attribute database.
315**                  p_rsp: Read By type response data.
316**                  s_handle: starting handle of the range we are looking for.
317**                  e_handle: ending handle of the range we are looking for.
318**                  type: Attribute type.
319**                  mtu: MTU.
320**                  sec_flag: current link security status.
321**                  key_size: encryption key size.
322**
323** Returns          Status of the operation.
324**
325*******************************************************************************/
326tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB   *p_tcb,
327                                               tGATT_SVC_DB    *p_db,
328                                               UINT8        op_code,
329                                               BT_HDR      *p_rsp,
330                                               UINT16       s_handle,
331                                               UINT16       e_handle,
332                                               tBT_UUID     type,
333                                               UINT16      *p_len,
334                                               tGATT_SEC_FLAG sec_flag,
335                                               UINT8        key_size,
336                                               UINT32       trans_id,
337                                               UINT16       *p_cur_handle)
338{
339    tGATT_STATUS status = GATT_NOT_FOUND;
340    tGATT_ATTR16  *p_attr;
341    UINT16      len = 0;
342    UINT8       *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
343    tBT_UUID    attr_uuid;
344#if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
345    UINT8       flag;
346#endif
347
348    if (p_db && p_db->p_attr_list)
349    {
350        p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
351
352        while (p_attr && p_attr->handle <= e_handle)
353        {
354            if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
355            {
356                attr_uuid.len = LEN_UUID_16;
357                attr_uuid.uu.uuid16 = p_attr->uuid;
358            }
359            else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32)
360            {
361                attr_uuid.len = LEN_UUID_32;
362                attr_uuid.uu.uuid32 = ((tGATT_ATTR32 *)p_attr)->uuid;
363            }
364            else
365            {
366                attr_uuid.len = LEN_UUID_128;
367                memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
368            }
369
370            if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid))
371            {
372                if (*p_len <= 2)
373                {
374                    status = GATT_NO_RESOURCES;
375                    break;
376                }
377
378                UINT16_TO_STREAM (p, p_attr->handle);
379
380                status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len -2), &len, sec_flag, key_size);
381
382                if (status == GATT_PENDING)
383                {
384                    status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id);
385
386                    /* one callback at a time */
387                    break;
388                }
389                else if (status == GATT_SUCCESS)
390                {
391                    if (p_rsp->offset == 0)
392                        p_rsp->offset = len + 2;
393
394                    if (p_rsp->offset == len + 2)
395                    {
396                        p_rsp->len += (len  + 2);
397                        *p_len -= (len + 2);
398                    }
399                    else
400                    {
401                        GATT_TRACE_ERROR("format mismatch");
402                        status = GATT_NO_RESOURCES;
403                        break;
404                    }
405                }
406                else
407                {
408                    *p_cur_handle = p_attr->handle;
409                    break;
410                }
411            }
412            p_attr = (tGATT_ATTR16 *)p_attr->p_next;
413        }
414    }
415
416#if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
417    if (BTM_GetSecurityFlags(p_tcb->peer_bda, &flag))
418    {
419        if ((p_tcb->att_lcid == L2CAP_ATT_CID) && (status == GATT_PENDING) &&
420            (type.uu.uuid16 == GATT_UUID_GAP_DEVICE_NAME))
421        {
422            if ((flag & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_FLAG_ENCRYPTED)) ==
423                 BTM_SEC_LINK_KEY_KNOWN)
424            {
425                tACL_CONN         *p;
426                p = btm_bda_to_acl(p_tcb->peer_bda, BT_TRANSPORT_LE);
427                if ((p != NULL) && (p->link_role == BTM_ROLE_MASTER))
428                {
429                    tBTM_BLE_SEC_ACT sec_act = BTM_BLE_SEC_ENCRYPT;
430                    btm_ble_set_encryption(p_tcb->peer_bda, &sec_act, p->link_role);
431                }
432            }
433        }
434    }
435#endif
436    return status;
437}
438
439/*******************************************************************************
440**
441** Function         gatts_add_included_service
442**
443** Description      This function adds an included service into a database.
444**
445** Parameter        p_db: database pointer.
446**                  inc_srvc_type: included service type.
447**
448** Returns          Status of the operation.
449**
450*******************************************************************************/
451UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
452                                   tBT_UUID service)
453{
454    tGATT_ATTR16      *p_attr;
455    tBT_UUID         uuid = {LEN_UUID_16, {GATT_UUID_INCLUDE_SERVICE}};
456
457    GATT_TRACE_DEBUG("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
458                      s_handle, e_handle, service.uu.uuid16);
459
460    if (service.len == 0 || s_handle == 0 || e_handle == 0)
461    {
462        GATT_TRACE_ERROR("gatts_add_included_service Illegal Params.");
463        return 0;
464    }
465
466    if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL)
467    {
468        if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC)))
469        {
470            p_attr->p_value->incl_handle.s_handle = s_handle;
471            p_attr->p_value->incl_handle.e_handle = e_handle;
472            memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
473
474            return p_attr->handle;
475        }
476        else
477        {
478            deallocate_attr_in_db(p_db, p_attr);
479        }
480    }
481
482    return 0;
483}
484
485/*******************************************************************************
486**
487** Function         gatts_add_characteristic
488**
489** Description      This function add a characteristics and its descriptor into
490**                  a servce identified by the service database pointer.
491**
492** Parameter        p_db: database pointer.
493**                  perm: permission (authentication and key size requirements)
494**                  property: property of the characteristic.
495**                  p_char: characteristic value information.
496**
497** Returns          Status of te operation.
498**
499*******************************************************************************/
500UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
501                                 tGATT_CHAR_PROP property,
502                                 tBT_UUID * p_char_uuid)
503{
504    tGATT_ATTR16     *p_char_decl, *p_char_val;
505    tBT_UUID        uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}};
506
507    GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x", perm, property);
508
509    if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL)
510    {
511        if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL)))
512        {
513            deallocate_attr_in_db(p_db, p_char_decl);
514            return 0;
515        }
516
517        p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_char_uuid, perm);
518
519        if (p_char_val == NULL)
520        {
521            deallocate_attr_in_db(p_db, p_char_decl);
522            return 0;
523        }
524
525        p_char_decl->p_value->char_decl.property = property;
526        p_char_decl->p_value->char_decl.char_val_handle  = p_char_val->handle;
527
528        p_char_val->p_value = NULL;
529
530        return p_char_val->handle;
531    }
532
533    return 0;
534}
535
536/*******************************************************************************
537**
538** Function         gatt_convertchar_descr_type
539**
540** Description      This function convert a char descript UUID into descriptor type.
541**
542** Returns          descriptor type.
543**
544*******************************************************************************/
545UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
546{
547    tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
548
549    if (gatt_uuid_compare(std_descr, * p_descr_uuid))
550        return GATT_DESCR_EXT_DSCPTOR;
551
552    std_descr.uu.uuid16 ++;
553    if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
554        return GATT_DESCR_USER_DSCPTOR;
555
556    std_descr.uu.uuid16 ++;
557    if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
558        return GATT_DESCR_CLT_CONFIG;
559
560    std_descr.uu.uuid16 ++;
561    if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
562        return GATT_DESCR_SVR_CONFIG;
563
564    std_descr.uu.uuid16 ++;
565    if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
566        return GATT_DESCR_PRES_FORMAT;
567
568    std_descr.uu.uuid16 ++;
569    if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
570        return GATT_DESCR_AGGR_FORMAT;
571
572    std_descr.uu.uuid16 ++;
573    if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
574        return GATT_DESCR_VALID_RANGE;
575
576
577    return GATT_DESCR_UNKNOWN;
578}
579
580/*******************************************************************************
581**
582** Function         gatts_add_char_descr
583**
584** Description      This function add a characteristics descriptor.
585**
586** Parameter        p_db: database pointer.
587**                  perm: characteristic descriptor permission type.
588**                  char_dscp_tpye: the characteristic descriptor masks.
589**                  p_dscp_params: characteristic descriptors values.
590**
591** Returns          Status of the operation.
592**
593*******************************************************************************/
594UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
595                             tBT_UUID *     p_descr_uuid)
596{
597    tGATT_ATTR16    *p_char_dscptr;
598
599    GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x", p_descr_uuid->uu.uuid16);
600
601    /* Add characteristic descriptors */
602    if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db,
603                                                             p_descr_uuid,
604                                                             perm))
605        == NULL)
606    {
607        GATT_TRACE_DEBUG("gatts_add_char_descr Fail for adding char descriptors.");
608        return 0;
609    }
610    else
611    {
612        return p_char_dscptr->handle;
613    }
614}
615
616/*******************************************************************************/
617/* Service Attribute Database Query Utility Functions */
618/*******************************************************************************/
619/*******************************************************************************
620**
621** Function         gatts_read_attr_value_by_handle
622**
623** Description      Query attribute value by attribute handle.
624**
625** Parameter        p_db: pointer to the attribute database.
626**                  handle: Attribute handle to read.
627**                  offset: Read offset.
628**                  p_value: output parameter to carry out the attribute value.
629**                  p_len: output parameter as attribute length read.
630**                  read_long: this is a read blob request.
631**                  mtu: MTU.
632**                  sec_flag: current link security status.
633**                  key_size: encryption key size
634**
635** Returns          Status of operation.
636**
637*******************************************************************************/
638tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
639                                             tGATT_SVC_DB *p_db,
640                                             UINT8 op_code,
641                                             UINT16 handle, UINT16 offset,
642                                             UINT8 *p_value, UINT16 *p_len,
643                                             UINT16 mtu,
644                                             tGATT_SEC_FLAG sec_flag,
645                                             UINT8 key_size,
646                                             UINT32 trans_id)
647{
648    tGATT_STATUS status = GATT_NOT_FOUND;
649    tGATT_ATTR16  *p_attr;
650    UINT8       *pp = p_value;
651
652    if (p_db && p_db->p_attr_list)
653    {
654        p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
655
656        while (p_attr && handle >= p_attr->handle)
657        {
658            if (p_attr->handle == handle)
659            {
660                status = read_attr_value (p_attr, offset, &pp,
661                                          (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
662                                          mtu, p_len, sec_flag, key_size);
663
664                if (status == GATT_PENDING)
665                {
666                    status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id);
667                }
668                break;
669            }
670            p_attr = (tGATT_ATTR16 *)p_attr->p_next;
671        }
672    }
673
674    return status;
675}
676
677/*******************************************************************************
678**
679** Function         gatts_read_attr_perm_check
680**
681** Description      Check attribute readability.
682**
683** Parameter        p_db: pointer to the attribute database.
684**                  handle: Attribute handle to read.
685**                  offset: Read offset.
686**                  p_value: output parameter to carry out the attribute value.
687**                  p_len: output parameter as attribute length read.
688**                  read_long: this is a read blob request.
689**                  mtu: MTU.
690**                  sec_flag: current link security status.
691**                  key_size: encryption key size
692**
693** Returns          Status of operation.
694**
695*******************************************************************************/
696tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
697                                        BOOLEAN is_long,
698                                        UINT16 handle,
699                                        tGATT_SEC_FLAG sec_flag,
700                                        UINT8 key_size)
701{
702    tGATT_STATUS status = GATT_NOT_FOUND;
703    tGATT_ATTR16  *p_attr;
704
705    if (p_db && p_db->p_attr_list)
706    {
707        p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
708
709        while (p_attr && handle >= p_attr->handle)
710        {
711            if (p_attr->handle == handle)
712            {
713                status = gatts_check_attr_readability (p_attr, 0,
714                                                       is_long,
715                                                       sec_flag, key_size);
716                break;
717            }
718            p_attr = (tGATT_ATTR16 *) p_attr->p_next;
719        }
720    }
721
722    return status;
723}
724/*******************************************************************************
725**
726** Function         gatts_write_attr_perm_check
727**
728** Description      Write attribute value into database.
729**
730** Parameter        p_db: pointer to the attribute database.
731**                  op_code:op code of this write.
732**                  handle: handle of the attribute to write.
733**                  offset: Write offset if write op code is write blob.
734**                  p_data: Attribute value to write.
735**                  len: attribute data length.
736**                  sec_flag: current link security status.
737**                  key_size: encryption key size
738**
739** Returns          Status of the operation.
740**
741*******************************************************************************/
742tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
743                                          UINT16 handle, UINT16 offset, UINT8 *p_data,
744                                          UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
745{
746    tGATT_STATUS    status = GATT_NOT_FOUND;
747    tGATT_ATTR16    *p_attr;
748    UINT16          max_size = 0;
749    tGATT_PERM      perm;
750    UINT16          min_key_size;
751
752    GATT_TRACE_DEBUG( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
753                       op_code, handle, offset, len, sec_flag, key_size);
754
755    if (p_db != NULL)
756    {
757        p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
758
759        while (p_attr != NULL)
760        {
761            if (p_attr->handle == handle)
762            {
763                perm = p_attr->permission;
764                min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
765                if (min_key_size != 0 )
766                {
767                    min_key_size +=6;
768                }
769                GATT_TRACE_DEBUG( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
770                                   p_attr->permission,
771                                   min_key_size);
772
773                if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE)
774                    && (perm & GATT_WRITE_SIGNED_PERM))
775                {
776                    /* use the rules for the mixed security see section 10.2.3*/
777                    /* use security mode 1 level 2 when the following condition follows */
778                    /* LE security mode 2 level 1 and LE security mode 1 level 2 */
779                    if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED))
780                    {
781                        perm = GATT_PERM_WRITE_ENCRYPTED;
782                    }
783                    /* use security mode 1 level 3 when the following condition follows */
784                    /* LE security mode 2 level 2 and security mode 1 and LE */
785                    else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
786                              /* LE security mode 2 and security mode 1 level 3 */
787                             ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM)))
788                    {
789                        perm = GATT_PERM_WRITE_ENC_MITM;
790                    }
791                }
792
793                if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM))
794                {
795                    status = GATT_WRITE_NOT_PERMIT;
796                    GATT_TRACE_DEBUG( "gatts_write_attr_perm_check - sign cmd write not allowed");
797                }
798                 if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED))
799                {
800                    status = GATT_INVALID_PDU;
801                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
802                }
803                else if (!(perm & GATT_WRITE_ALLOWED))
804                {
805                    status = GATT_WRITE_NOT_PERMIT;
806                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
807                }
808                /* require authentication, but not been authenticated */
809                else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED))
810                {
811                    status = GATT_INSUF_AUTHENTICATION;
812                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
813                }
814                else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
815                {
816                    status = GATT_INSUF_AUTHENTICATION;
817                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
818                }
819                else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
820                {
821                    status = GATT_INSUF_ENCRYPTION;
822                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
823                }
824                else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
825                {
826                    status = GATT_INSUF_KEY_SIZE;
827                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
828                }
829                /* LE security mode 2 attribute  */
830                else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)
831                    &&  (perm & GATT_WRITE_ALLOWED) == 0)
832                {
833                    status = GATT_INSUF_AUTHENTICATION;
834                    GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required");
835                }
836                else /* writable: must be char value declaration or char descritpors */
837                {
838                    if(p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
839                    {
840                    switch (p_attr->uuid)
841                    {
842                        case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
843                        case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
844                        case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
845                            case GATT_UUID_CHAR_VALID_RANGE:
846                            status = GATT_WRITE_NOT_PERMIT;
847                            break;
848
849                        case GATT_UUID_CHAR_CLIENT_CONFIG:
850/* coverity[MISSING_BREAK] */
851/* intnended fall through, ignored */
852                            /* fall through */
853                        case GATT_UUID_CHAR_SRVR_CONFIG:
854                            max_size = 2;
855                        case GATT_UUID_CHAR_DESCRIPTION:
856                        default: /* any other must be character value declaration */
857                            status = GATT_SUCCESS;
858                            break;
859                        }
860                    }
861                    else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128 ||
862				              p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32)
863                    {
864                         status = GATT_SUCCESS;
865                    }
866                    else
867                    {
868                        status = GATT_INVALID_PDU;
869                    }
870
871                    if (p_data == NULL && len  > 0)
872                    {
873                        status = GATT_INVALID_PDU;
874                    }
875                    /* these attribute does not allow write blob */
876// btla-specific ++
877                    else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
878                              (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
879                               p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
880// btla-specific --
881                    {
882                        if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) /* does not allow write blob */
883                        {
884                            status = GATT_NOT_LONG;
885                            GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_NOT_LONG");
886                        }
887                        else if (len != max_size)    /* data does not match the required format */
888                        {
889                            status = GATT_INVALID_ATTR_LEN;
890                            GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
891                        }
892                        else
893                        {
894                            status = GATT_SUCCESS;
895                        }
896                    }
897                }
898                break;
899            }
900            else
901                p_attr = (tGATT_ATTR16 *)p_attr->p_next;
902        }
903    }
904
905    return status;
906}
907
908/*******************************************************************************
909**
910** Function         allocate_attr_in_db
911**
912** Description      Allocate a memory space for a new attribute, and link this
913**                  attribute into the database attribute list.
914**
915**
916** Parameter        p_db    : database pointer.
917**                  p_uuid:     pointer to attribute UUID
918**                  service : type of attribute to be added.
919**
920** Returns          pointer to the newly allocated attribute.
921**
922*******************************************************************************/
923static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm)
924{
925    tGATT_ATTR16    *p_attr16 = NULL, *p_last;
926    tGATT_ATTR32    *p_attr32 = NULL;
927    tGATT_ATTR128   *p_attr128 = NULL;
928    UINT16      len = sizeof(tGATT_ATTR128);
929
930    if (p_uuid == NULL)
931    {
932        GATT_TRACE_ERROR("illegal UUID");
933        return NULL;
934    }
935
936    if (p_uuid->len == LEN_UUID_16)
937        len = sizeof(tGATT_ATTR16);
938    else if (p_uuid->len == LEN_UUID_32)
939        len = sizeof(tGATT_ATTR32);
940
941    GATT_TRACE_DEBUG("allocate attr %d bytes ",len);
942
943    if (p_db->end_handle <= p_db->next_handle)
944    {
945        GATT_TRACE_DEBUG("handle space full. handle_max = %d next_handle = %d",
946                          p_db->end_handle, p_db->next_handle);
947        return NULL;
948    }
949
950    if (p_db->mem_free < len)
951    {
952        if (!allocate_svc_db_buf(p_db))
953        {
954            GATT_TRACE_ERROR("allocate_attr_in_db failed, no resources");
955            return NULL;
956        }
957    }
958    memset(p_db->p_free_mem, 0, len);
959    p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
960
961    if (p_uuid->len == LEN_UUID_16 && p_uuid->uu.uuid16 != GATT_ILLEGAL_UUID)
962    {
963        p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
964        p_attr16->uuid = p_uuid->uu.uuid16;
965    }
966    else if (p_uuid->len == LEN_UUID_32)
967    {
968        p_attr32 = (tGATT_ATTR32 *) p_db->p_free_mem;
969        p_attr32->uuid_type = GATT_ATTR_UUID_TYPE_32;
970        p_attr32->uuid = p_uuid->uu.uuid32;
971    }
972    else if (p_uuid->len == LEN_UUID_128)
973    {
974        p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
975        p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
976        memcpy(p_attr128->uuid, p_uuid->uu.uuid128, LEN_UUID_128);
977    }
978
979    p_db->p_free_mem += len;
980    p_db->mem_free -= len;
981
982    p_attr16->handle = p_db->next_handle++;
983    p_attr16->permission = perm;
984    p_attr16->p_next = NULL;
985
986    /* link the attribute record into the end of DB */
987    if (p_db->p_attr_list == NULL)
988        p_db->p_attr_list = p_attr16;
989    else
990    {
991        p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
992
993        while (p_last != NULL && p_last->p_next != NULL)
994            p_last = (tGATT_ATTR16 *)p_last->p_next;
995
996        p_last->p_next = p_attr16;
997    }
998
999    if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
1000    {
1001        GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid16 = [0x%04x] perm=0x%02x ",
1002                          p_attr16->handle, p_attr16->uuid, p_attr16->permission);
1003    }
1004    else if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_32)
1005    {
1006        GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid32 = [0x%08x] perm=0x%02x ",
1007                          p_attr32->handle, p_attr32->uuid, p_attr32->permission);
1008    }
1009    else
1010    {
1011        GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x ",
1012                          p_attr128->handle, p_attr128->uuid[0],p_attr128->uuid[1],
1013                          p_attr128->permission);
1014    }
1015    return(void *)p_attr16;
1016}
1017
1018/*******************************************************************************
1019**
1020** Function         deallocate_attr_in_db
1021**
1022** Description      Free an attribute within the database.
1023**
1024** Parameter        p_db: database pointer.
1025**                  p_attr: pointer to the attribute record to be freed.
1026**
1027** Returns          BOOLEAN: success
1028**
1029*******************************************************************************/
1030static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
1031{
1032    tGATT_ATTR16  *p_cur, *p_next;
1033    BOOLEAN     found = FALSE;
1034
1035    if (p_db->p_attr_list == NULL)
1036        return found;
1037
1038    p_cur   = (tGATT_ATTR16 *) p_db->p_attr_list;
1039    p_next  = (tGATT_ATTR16 *) p_cur->p_next;
1040
1041    for (; p_cur != NULL && p_next != NULL;
1042        p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next)
1043    {
1044        if (p_next == p_attr)
1045        {
1046            p_cur->p_next = p_next->p_next;
1047            found = TRUE;
1048        }
1049    }
1050    if (p_cur == p_attr && p_cur == p_db->p_attr_list)
1051    {
1052        p_db->p_attr_list = p_cur->p_next;
1053        found = TRUE;
1054    }
1055    /* else attr not found */
1056    if ( found)
1057        p_db->next_handle --;
1058
1059    return found;
1060}
1061
1062/*******************************************************************************
1063**
1064** Function         copy_extra_byte_in_db
1065**
1066** Description      Utility function to allocate extra bytes memory in DB and copy
1067**                  the value from a source place.
1068**
1069**
1070** Parameter        p_db: database pointer.
1071**                  p_dst: destination data pointer.
1072**                  p_src: source data pointer.
1073**                  len: data length to be copied.
1074**
1075** Returns          None.
1076**
1077*******************************************************************************/
1078static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1079{
1080    UINT8 *p = (UINT8 *)*p_dst;
1081
1082    if (p_db->mem_free < len)
1083    {
1084        if (!allocate_svc_db_buf(p_db))
1085        {
1086            GATT_TRACE_ERROR("copy_extra_byte_in_db failed, no resources");
1087            return FALSE;
1088        }
1089    }
1090
1091    p = p_db->p_free_mem;
1092    p_db->p_free_mem += len;
1093    p_db->mem_free -= len;
1094    memset((void *)p, 0, len);
1095    *p_dst = (void *)p;
1096
1097    return TRUE;
1098}
1099
1100/*******************************************************************************
1101**
1102** Function         allocate_svc_db_buf
1103**
1104** Description      Utility function to allocate extra buffer for service database.
1105**
1106** Returns          TRUE if allocation succeed, otherwise FALSE.
1107**
1108*******************************************************************************/
1109static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1110{
1111    BT_HDR  *p_buf;
1112
1113    GATT_TRACE_DEBUG("allocate_svc_db_buf allocating extra buffer");
1114
1115    if ((p_buf = (BT_HDR *)GKI_getpoolbuf(GATT_DB_POOL_ID)) == NULL)
1116    {
1117        GATT_TRACE_ERROR("allocate_svc_db_buf failed, no resources");
1118        return FALSE;
1119    }
1120
1121    memset(p_buf, 0, GKI_get_buf_size(p_buf));
1122    p_db->p_free_mem    = (UINT8 *) p_buf;
1123    p_db->mem_free      = GKI_get_buf_size(p_buf);
1124
1125    GKI_enqueue(&p_db->svc_buffer, p_buf);
1126
1127    return TRUE;
1128
1129}
1130
1131/*******************************************************************************
1132**
1133** Function         gatts_send_app_read_request
1134**
1135** Description      Send application read request callback
1136**
1137** Returns          status of operation.
1138**
1139*******************************************************************************/
1140static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1141                                                UINT16 handle, UINT16 offset, UINT32 trans_id)
1142{
1143    tGATTS_DATA   sr_data;
1144    UINT8       i_rcb;
1145    tGATT_SR_REG *p_sreg;
1146    UINT16   conn_id;
1147
1148    i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1149    p_sreg = &gatt_cb.sr_reg[i_rcb];
1150    conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1151
1152    if (trans_id == 0)
1153    {
1154        trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1155        gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1156    }
1157
1158    if (trans_id != 0 )
1159    {
1160        memset(&sr_data, 0, sizeof(tGATTS_DATA));
1161
1162        sr_data.read_req.handle = handle;
1163        sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1164        sr_data.read_req.offset = offset;
1165
1166        gatt_sr_send_req_callback(conn_id,
1167                                  trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1168        return(tGATT_STATUS) GATT_PENDING;
1169    }
1170    else
1171        return(tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1172
1173}
1174
1175/*******************************************************************************
1176**
1177** Function         gatts_db_add_service_declaration
1178**
1179** Description      Update a service database service declaration record.
1180**
1181** Parameter        p_db: database pointer.
1182**                  service: UUID of the service.
1183**
1184** Returns          void
1185**
1186*******************************************************************************/
1187static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri)
1188{
1189    tGATT_ATTR16  *p_attr;
1190    tBT_UUID    uuid = {LEN_UUID_16, {0}};
1191    BOOLEAN     rt = FALSE;
1192
1193    GATT_TRACE_DEBUG( "add_service_declaration");
1194
1195    if (is_pri)
1196        uuid.uu.uuid16 = GATT_UUID_PRI_SERVICE;
1197    else
1198        uuid.uu.uuid16 = GATT_UUID_SEC_SERVICE;
1199
1200    /* add service declration record */
1201    if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ))) != NULL)
1202    {
1203        if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID)))
1204        {
1205            if (p_service->len == LEN_UUID_16)
1206            {
1207                p_attr->p_value->uuid.len = LEN_UUID_16;
1208                p_attr->p_value->uuid.uu.uuid16 = p_service->uu.uuid16;
1209            }
1210            else if (p_service->len == LEN_UUID_32)
1211            {
1212                p_attr->p_value->uuid.len = LEN_UUID_128;
1213                gatt_convert_uuid32_to_uuid128(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid32);
1214            }
1215            else
1216            {
1217                p_attr->p_value->uuid.len = LEN_UUID_128;
1218                memcpy(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid128, LEN_UUID_128);
1219            }
1220            rt = TRUE;
1221        }
1222
1223    }
1224    return rt;
1225}
1226
1227#endif /* BLE_INCLUDED */
1228