1/******************************************************************************
2 *
3 *  Copyright (C) 2002-2012 Broadcom Corporation
4 *
5 *  Licensed under the Apache License, Version 2.0 (the "License");
6 *  you may not use this file except in compliance with the License.
7 *  You may obtain a copy of the License at:
8 *
9 *  http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 *
17 ******************************************************************************/
18
19/******************************************************************************
20 *
21 *  This file contains the HID HOST API entry points
22 *
23 ******************************************************************************/
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <string.h>
28
29#include "bt_common.h"
30#include "bt_types.h"
31#include "btm_api.h"
32#include "btm_int.h"
33#include "btu.h"
34#include "hiddefs.h"
35#include "hidh_api.h"
36#include "hidh_int.h"
37
38tHID_HOST_CTB hh_cb;
39
40static void hidh_search_callback(uint16_t sdp_result);
41
42/*******************************************************************************
43 *
44 * Function         HID_HostGetSDPRecord
45 *
46 * Description      This function reads the device SDP record
47 *
48 * Returns          tHID_STATUS
49 *
50 ******************************************************************************/
51tHID_STATUS HID_HostGetSDPRecord(const RawAddress& addr,
52                                 tSDP_DISCOVERY_DB* p_db, uint32_t db_len,
53                                 tHID_HOST_SDP_CALLBACK* sdp_cback) {
54  tSDP_UUID uuid_list;
55
56  if (hh_cb.sdp_busy) return HID_ERR_SDP_BUSY;
57
58  uuid_list.len = 2;
59  uuid_list.uu.uuid16 = UUID_SERVCLASS_HUMAN_INTERFACE;
60
61  hh_cb.p_sdp_db = p_db;
62  SDP_InitDiscoveryDb(p_db, db_len, 1, &uuid_list, 0, NULL);
63
64  if (SDP_ServiceSearchRequest(addr, p_db, hidh_search_callback)) {
65    hh_cb.sdp_cback = sdp_cback;
66    hh_cb.sdp_busy = true;
67    return HID_SUCCESS;
68  } else
69    return HID_ERR_NO_RESOURCES;
70}
71
72void hidh_get_str_attr(tSDP_DISC_REC* p_rec, uint16_t attr_id, uint16_t max_len,
73                       char* str) {
74  tSDP_DISC_ATTR* p_attr;
75  uint16_t name_len;
76
77  p_attr = SDP_FindAttributeInRec(p_rec, attr_id);
78  if (p_attr != NULL) {
79    name_len = SDP_DISC_ATTR_LEN(p_attr->attr_len_type);
80    if (name_len < max_len) {
81      memcpy(str, (char*)p_attr->attr_value.v.array, name_len);
82      str[name_len] = '\0';
83    } else {
84      memcpy(str, (char*)p_attr->attr_value.v.array, max_len - 1);
85      str[max_len - 1] = '\0';
86    }
87  } else
88    str[0] = '\0';
89}
90
91static void hidh_search_callback(uint16_t sdp_result) {
92  tSDP_DISCOVERY_DB* p_db = hh_cb.p_sdp_db;
93  tSDP_DISC_REC* p_rec;
94  tSDP_DISC_ATTR *p_attr, *p_subattr1, *p_subattr2, *p_repdesc;
95  tBT_UUID hid_uuid;
96  tHID_DEV_SDP_INFO* p_nvi = &hh_cb.sdp_rec;
97  uint16_t attr_mask = 0;
98
99  hid_uuid.len = LEN_UUID_16;
100  hid_uuid.uu.uuid16 = UUID_SERVCLASS_HUMAN_INTERFACE;
101
102  hh_cb.sdp_busy = false;
103
104  if (sdp_result != SDP_SUCCESS) {
105    hh_cb.sdp_cback(sdp_result, 0, NULL);
106    return;
107  }
108
109  p_rec = SDP_FindServiceUUIDInDb(p_db, &hid_uuid, NULL);
110  if (p_rec == NULL) {
111    hh_cb.sdp_cback(HID_SDP_NO_SERV_UUID, 0, NULL);
112    return;
113  }
114
115  memset(&hh_cb.sdp_rec, 0, sizeof(tHID_DEV_SDP_INFO));
116
117  /* First, verify the mandatory fields we care about */
118  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_DESCRIPTOR_LIST)) ==
119       NULL) ||
120      (SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != DATA_ELE_SEQ_DESC_TYPE) ||
121      ((p_subattr1 = p_attr->attr_value.v.p_sub_attr) == NULL) ||
122      (SDP_DISC_ATTR_TYPE(p_subattr1->attr_len_type) !=
123       DATA_ELE_SEQ_DESC_TYPE) ||
124      ((p_subattr2 = p_subattr1->attr_value.v.p_sub_attr) == NULL) ||
125      ((p_repdesc = p_subattr2->p_next_attr) == NULL) ||
126      (SDP_DISC_ATTR_TYPE(p_repdesc->attr_len_type) != TEXT_STR_DESC_TYPE)) {
127    hh_cb.sdp_cback(HID_SDP_MANDATORY_MISSING, 0, NULL);
128    return;
129  }
130
131  p_nvi->dscp_info.dl_len = SDP_DISC_ATTR_LEN(p_repdesc->attr_len_type);
132  if (p_nvi->dscp_info.dl_len != 0)
133    p_nvi->dscp_info.dsc_list = (uint8_t*)&p_repdesc->attr_value;
134
135  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_VIRTUAL_CABLE)) !=
136       NULL) &&
137      (p_attr->attr_value.v.u8)) {
138    attr_mask |= HID_VIRTUAL_CABLE;
139  }
140
141  if (((p_attr = SDP_FindAttributeInRec(
142            p_rec, ATTR_ID_HID_RECONNECT_INITIATE)) != NULL) &&
143      (p_attr->attr_value.v.u8)) {
144    attr_mask |= HID_RECONN_INIT;
145  }
146
147  if (((p_attr = SDP_FindAttributeInRec(
148            p_rec, ATTR_ID_HID_NORMALLY_CONNECTABLE)) != NULL) &&
149      (p_attr->attr_value.v.u8)) {
150    attr_mask |= HID_NORMALLY_CONNECTABLE;
151  }
152
153  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_SDP_DISABLE)) !=
154       NULL) &&
155      (p_attr->attr_value.v.u8)) {
156    attr_mask |= HID_SDP_DISABLE;
157  }
158
159  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_BATTERY_POWER)) !=
160       NULL) &&
161      (p_attr->attr_value.v.u8)) {
162    attr_mask |= HID_BATTERY_POWER;
163  }
164
165  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_REMOTE_WAKE)) !=
166       NULL) &&
167      (p_attr->attr_value.v.u8)) {
168    attr_mask |= HID_REMOTE_WAKE;
169  }
170
171  hidh_get_str_attr(p_rec, ATTR_ID_SERVICE_NAME, HID_MAX_SVC_NAME_LEN,
172                    p_nvi->svc_name);
173  hidh_get_str_attr(p_rec, ATTR_ID_SERVICE_DESCRIPTION, HID_MAX_SVC_DESCR_LEN,
174                    p_nvi->svc_descr);
175  hidh_get_str_attr(p_rec, ATTR_ID_PROVIDER_NAME, HID_MAX_PROV_NAME_LEN,
176                    p_nvi->prov_name);
177
178  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_DEVICE_RELNUM)) !=
179       NULL)) {
180    p_nvi->rel_num = p_attr->attr_value.v.u16;
181  }
182
183  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_COUNTRY_CODE)) !=
184       NULL)) {
185    p_nvi->ctry_code = p_attr->attr_value.v.u8;
186  }
187
188  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_DEVICE_SUBCLASS)) !=
189       NULL)) {
190    p_nvi->sub_class = p_attr->attr_value.v.u8;
191  }
192
193  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_PARSER_VERSION)) !=
194       NULL)) {
195    p_nvi->hpars_ver = p_attr->attr_value.v.u16;
196  }
197
198  if (((p_attr = SDP_FindAttributeInRec(
199            p_rec, ATTR_ID_HID_LINK_SUPERVISION_TO)) != NULL)) {
200    attr_mask |= HID_SUP_TOUT_AVLBL;
201    p_nvi->sup_timeout = p_attr->attr_value.v.u16;
202  }
203
204  if (((p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_HID_SSR_HOST_MAX_LAT)) !=
205       NULL)) {
206    attr_mask |= HID_SSR_MAX_LATENCY;
207    p_nvi->ssr_max_latency = p_attr->attr_value.v.u16;
208  } else
209    p_nvi->ssr_max_latency = HID_SSR_PARAM_INVALID;
210
211  if (((p_attr = SDP_FindAttributeInRec(
212            p_rec, ATTR_ID_HID_SSR_HOST_MIN_TOUT)) != NULL)) {
213    attr_mask |= HID_SSR_MIN_TOUT;
214    p_nvi->ssr_min_tout = p_attr->attr_value.v.u16;
215  } else
216    p_nvi->ssr_min_tout = HID_SSR_PARAM_INVALID;
217
218  hh_cb.sdp_rec.p_sdp_layer_rec = p_rec;
219  hh_cb.sdp_cback(SDP_SUCCESS, attr_mask, &hh_cb.sdp_rec);
220}
221
222/*******************************************************************************
223 *
224 * Function         HID_HostInit
225 *
226 * Description      This function initializes the control block and trace
227 *                  variable
228 *
229 * Returns          void
230 *
231 ******************************************************************************/
232void HID_HostInit(void) {
233  uint8_t log_level = hh_cb.trace_level;
234  memset(&hh_cb, 0, sizeof(tHID_HOST_CTB));
235  hh_cb.trace_level = log_level;
236}
237
238/*******************************************************************************
239 *
240 * Function         HID_HostSetTraceLevel
241 *
242 * Description      This function sets the trace level for HID Host. If called
243 *                  with 0xFF, it simply reads the current trace level.
244 *
245 * Returns          the new (current) trace level
246 *
247 ******************************************************************************/
248uint8_t HID_HostSetTraceLevel(uint8_t new_level) {
249  if (new_level != 0xFF) hh_cb.trace_level = new_level;
250
251  return (hh_cb.trace_level);
252}
253
254/*******************************************************************************
255 *
256 * Function         HID_HostRegister
257 *
258 * Description      This function registers HID-Host with lower layers
259 *
260 * Returns          tHID_STATUS
261 *
262 ******************************************************************************/
263tHID_STATUS HID_HostRegister(tHID_HOST_DEV_CALLBACK* dev_cback) {
264  tHID_STATUS st;
265
266  if (hh_cb.reg_flag) return HID_ERR_ALREADY_REGISTERED;
267
268  if (dev_cback == NULL) return HID_ERR_INVALID_PARAM;
269
270  /* Register with L2CAP */
271  st = hidh_conn_reg();
272  if (st != HID_SUCCESS) {
273    return st;
274  }
275
276  hh_cb.callback = dev_cback;
277  hh_cb.reg_flag = true;
278
279  for (size_t i = 0; i < HID_HOST_MAX_DEVICES; i++) {
280    hh_cb.devices[i].conn.process_repage_timer =
281        alarm_new("hid_devices_conn.process_repage_timer");
282  }
283  return (HID_SUCCESS);
284}
285
286/*******************************************************************************
287 *
288 * Function         HID_HostDeregister
289 *
290 * Description      This function is called when the host is about power down.
291 *
292 * Returns          tHID_STATUS
293 *
294 ******************************************************************************/
295tHID_STATUS HID_HostDeregister(void) {
296  uint8_t i;
297
298  if (!hh_cb.reg_flag) return (HID_ERR_NOT_REGISTERED);
299
300  for (i = 0; i < HID_HOST_MAX_DEVICES; i++) {
301    alarm_free(hh_cb.devices[i].conn.process_repage_timer);
302    HID_HostRemoveDev(i);
303  }
304
305  hidh_conn_dereg();
306  hh_cb.reg_flag = false;
307
308  return (HID_SUCCESS);
309}
310
311/*******************************************************************************
312 *
313 * Function         HID_HostAddDev
314 *
315 * Description      This is called so HID-host may manage this device.
316 *
317 * Returns          tHID_STATUS
318 *
319 ******************************************************************************/
320tHID_STATUS HID_HostAddDev(const RawAddress& addr, uint16_t attr_mask,
321                           uint8_t* handle) {
322  int i;
323  /* Find an entry for this device in hh_cb.devices array */
324  if (!hh_cb.reg_flag) return (HID_ERR_NOT_REGISTERED);
325
326  for (i = 0; i < HID_HOST_MAX_DEVICES; i++) {
327    if ((hh_cb.devices[i].in_use) && addr == hh_cb.devices[i].addr) break;
328  }
329
330  if (i == HID_HOST_MAX_DEVICES) {
331    for (i = 0; i < HID_HOST_MAX_DEVICES; i++) {
332      if (!hh_cb.devices[i].in_use) break;
333    }
334  }
335
336  if (i == HID_HOST_MAX_DEVICES) return HID_ERR_NO_RESOURCES;
337
338  if (!hh_cb.devices[i].in_use) {
339    hh_cb.devices[i].in_use = true;
340    hh_cb.devices[i].addr = addr;
341    hh_cb.devices[i].state = HID_DEV_NO_CONN;
342    hh_cb.devices[i].conn_tries = 0;
343  }
344
345  if (attr_mask != HID_ATTR_MASK_IGNORE) hh_cb.devices[i].attr_mask = attr_mask;
346
347  *handle = i;
348
349  return (HID_SUCCESS);
350}
351
352/*******************************************************************************
353 *
354 * Function         HID_HostRemoveDev
355 *
356 * Description      This removes the device from the list of devices that the
357 *                  host has to manage.
358 *
359 * Returns          tHID_STATUS
360 *
361 ******************************************************************************/
362tHID_STATUS HID_HostRemoveDev(uint8_t dev_handle) {
363  if (!hh_cb.reg_flag) return (HID_ERR_NOT_REGISTERED);
364
365  if ((dev_handle >= HID_HOST_MAX_DEVICES) ||
366      (!hh_cb.devices[dev_handle].in_use))
367    return HID_ERR_INVALID_PARAM;
368
369  HID_HostCloseDev(dev_handle);
370  hh_cb.devices[dev_handle].in_use = false;
371  hh_cb.devices[dev_handle].conn.conn_state = HID_CONN_STATE_UNUSED;
372  hh_cb.devices[dev_handle].conn.ctrl_cid =
373      hh_cb.devices[dev_handle].conn.intr_cid = 0;
374  hh_cb.devices[dev_handle].attr_mask = 0;
375  return HID_SUCCESS;
376}
377
378/*******************************************************************************
379 *
380 * Function         HID_HostOpenDev
381 *
382 * Description      This function is called when the user wants to initiate a
383 *                  connection attempt to a device.
384 *
385 * Returns          void
386 *
387 ******************************************************************************/
388tHID_STATUS HID_HostOpenDev(uint8_t dev_handle) {
389  if (!hh_cb.reg_flag) return (HID_ERR_NOT_REGISTERED);
390
391  if ((dev_handle >= HID_HOST_MAX_DEVICES) ||
392      (!hh_cb.devices[dev_handle].in_use))
393    return HID_ERR_INVALID_PARAM;
394
395  if (hh_cb.devices[dev_handle].state != HID_DEV_NO_CONN)
396    return HID_ERR_ALREADY_CONN;
397
398  hh_cb.devices[dev_handle].conn_tries = 1;
399  return hidh_conn_initiate(dev_handle);
400}
401
402/*******************************************************************************
403 *
404 * Function         HID_HostWriteDev
405 *
406 * Description      This function is called when the host has a report to send.
407 *
408 *                  report_id: is only used on GET_REPORT transaction if is
409 *                              specified. only valid when it is non-zero.
410 *
411 * Returns          void
412 *
413 ******************************************************************************/
414tHID_STATUS HID_HostWriteDev(uint8_t dev_handle, uint8_t t_type, uint8_t param,
415                             uint16_t data, uint8_t report_id, BT_HDR* pbuf) {
416  tHID_STATUS status = HID_SUCCESS;
417
418  if (!hh_cb.reg_flag) {
419    HIDH_TRACE_ERROR("HID_ERR_NOT_REGISTERED");
420    status = HID_ERR_NOT_REGISTERED;
421  }
422
423  if ((dev_handle >= HID_HOST_MAX_DEVICES) ||
424      (!hh_cb.devices[dev_handle].in_use)) {
425    HIDH_TRACE_ERROR("HID_ERR_INVALID_PARAM");
426    status = HID_ERR_INVALID_PARAM;
427  }
428
429  else if (hh_cb.devices[dev_handle].state != HID_DEV_CONNECTED) {
430    HIDH_TRACE_ERROR("HID_ERR_NO_CONNECTION dev_handle %d", dev_handle);
431    status = HID_ERR_NO_CONNECTION;
432  }
433
434  if (status != HID_SUCCESS)
435    osi_free(pbuf);
436  else
437    status =
438        hidh_conn_snd_data(dev_handle, t_type, param, data, report_id, pbuf);
439
440  return status;
441}
442
443/*******************************************************************************
444 *
445 * Function         HID_HostCloseDev
446 *
447 * Description      This function disconnects the device.
448 *
449 * Returns          void
450 *
451 ******************************************************************************/
452tHID_STATUS HID_HostCloseDev(uint8_t dev_handle) {
453  if (!hh_cb.reg_flag) return (HID_ERR_NOT_REGISTERED);
454
455  if ((dev_handle >= HID_HOST_MAX_DEVICES) ||
456      (!hh_cb.devices[dev_handle].in_use))
457    return HID_ERR_INVALID_PARAM;
458
459  if (hh_cb.devices[dev_handle].state != HID_DEV_CONNECTED)
460    return HID_ERR_NO_CONNECTION;
461
462  alarm_cancel(hh_cb.devices[dev_handle].conn.process_repage_timer);
463  hh_cb.devices[dev_handle].conn_tries = HID_HOST_MAX_CONN_RETRY + 1;
464  return hidh_conn_disconnect(dev_handle);
465}
466
467tHID_STATUS HID_HostSetSecurityLevel(const char serv_name[], uint8_t sec_lvl) {
468  if (!BTM_SetSecurityLevel(false, serv_name, BTM_SEC_SERVICE_HIDH_SEC_CTRL,
469                            sec_lvl, HID_PSM_CONTROL, BTM_SEC_PROTO_HID,
470                            HID_SEC_CHN)) {
471    HIDH_TRACE_ERROR("Security Registration 1 failed");
472    return (HID_ERR_NO_RESOURCES);
473  }
474
475  if (!BTM_SetSecurityLevel(true, serv_name, BTM_SEC_SERVICE_HIDH_SEC_CTRL,
476                            sec_lvl, HID_PSM_CONTROL, BTM_SEC_PROTO_HID,
477                            HID_SEC_CHN)) {
478    HIDH_TRACE_ERROR("Security Registration 2 failed");
479    return (HID_ERR_NO_RESOURCES);
480  }
481
482  if (!BTM_SetSecurityLevel(false, serv_name, BTM_SEC_SERVICE_HIDH_NOSEC_CTRL,
483                            BTM_SEC_NONE, HID_PSM_CONTROL, BTM_SEC_PROTO_HID,
484                            HID_NOSEC_CHN)) {
485    HIDH_TRACE_ERROR("Security Registration 3 failed");
486    return (HID_ERR_NO_RESOURCES);
487  }
488
489  if (!BTM_SetSecurityLevel(true, serv_name, BTM_SEC_SERVICE_HIDH_NOSEC_CTRL,
490                            BTM_SEC_NONE, HID_PSM_CONTROL, BTM_SEC_PROTO_HID,
491                            HID_NOSEC_CHN)) {
492    HIDH_TRACE_ERROR("Security Registration 4 failed");
493    return (HID_ERR_NO_RESOURCES);
494  }
495
496  if (!BTM_SetSecurityLevel(true, serv_name, BTM_SEC_SERVICE_HIDH_INTR,
497                            BTM_SEC_NONE, HID_PSM_INTERRUPT, BTM_SEC_PROTO_HID,
498                            0)) {
499    HIDH_TRACE_ERROR("Security Registration 5 failed");
500    return (HID_ERR_NO_RESOURCES);
501  }
502
503  if (!BTM_SetSecurityLevel(false, serv_name, BTM_SEC_SERVICE_HIDH_INTR,
504                            BTM_SEC_NONE, HID_PSM_INTERRUPT, BTM_SEC_PROTO_HID,
505                            0)) {
506    HIDH_TRACE_ERROR("Security Registration 6 failed");
507    return (HID_ERR_NO_RESOURCES);
508  }
509
510  return (HID_SUCCESS);
511}
512
513/******************************************************************************
514 *
515 * Function         hid_known_hid_device
516 *
517 * Description      check if this device is  of type HID Device
518 *
519 * Returns          true if device is HID Device else false
520 *
521 ******************************************************************************/
522bool hid_known_hid_device(const RawAddress& bd_addr) {
523  uint8_t i;
524  tBTM_INQ_INFO* p_inq_info = BTM_InqDbRead(bd_addr);
525
526  if (!hh_cb.reg_flag) return false;
527
528  /* First  check for class of device , if Inq DB has information about this
529   * device*/
530  if (p_inq_info != NULL) {
531    /* Check if remote major device class is of type BTM_COD_MAJOR_PERIPHERAL */
532    if ((p_inq_info->results.dev_class[1] & BTM_COD_MAJOR_CLASS_MASK) ==
533        BTM_COD_MAJOR_PERIPHERAL) {
534      HIDH_TRACE_DEBUG(
535          "hid_known_hid_device:dev found in InqDB & COD matches HID dev");
536      return true;
537    }
538  } else {
539    /* Look for this device in security device DB */
540    tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
541    if ((p_dev_rec != NULL) &&
542        ((p_dev_rec->dev_class[1] & BTM_COD_MAJOR_CLASS_MASK) ==
543         BTM_COD_MAJOR_PERIPHERAL)) {
544      HIDH_TRACE_DEBUG(
545          "hid_known_hid_device:dev found in SecDevDB & COD matches HID dev");
546      return true;
547    }
548  }
549
550  /* Find an entry for this device in hh_cb.devices array */
551  for (i = 0; i < HID_HOST_MAX_DEVICES; i++) {
552    if ((hh_cb.devices[i].in_use) && bd_addr == hh_cb.devices[i].addr)
553      return true;
554  }
555  /* Check if this device is marked as HID Device in IOP Dev */
556  HIDH_TRACE_DEBUG("hid_known_hid_device:remote is not HID device");
557  return false;
558}
559