1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2014 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions that interface with the NFC NCI transport.
22 * On the receive side, it routes events to the appropriate handler
23 * (callback). On the transmit side, it manages the command transmission.
24 *
25 ******************************************************************************/
26 #include <android-base/logging.h>
27 #include <android-base/stringprintf.h>
28 #include <fcntl.h>
29 #include <log/log.h>
30 #include <pthread.h>
31 #include <statslog_nfc.h>
32 #include <sys/stat.h>
33 #include <sys/time.h>
34
35 #include "include/debug_nfcsnoop.h"
36 #include "metrics.h"
37 #include "nci_defs.h"
38 #include "nci_hmsgs.h"
39 #include "nfc_api.h"
40 #include "nfc_int.h"
41 #include "nfc_target.h"
42 #include "rw_api.h"
43 #include "rw_int.h"
44
45 using android::base::StringPrintf;
46
47 #if (APPL_DTA_MODE == TRUE)
48 // Global Structure varibale for FW Version
49 static tNFC_FW_VERSION nfc_fw_version;
50 #endif
51 #define NFC_PB_ATTRIB_REQ_FIXED_BYTES 1
52 #define NFC_LB_ATTRIB_REQ_FIXED_BYTES 8
53
54 extern unsigned char appl_dta_mode_flag;
55
56 extern std::string nfc_storage_path;
57
58 static struct timeval timer_start;
59 static struct timeval timer_end;
60 static pthread_mutex_t cache_flush = PTHREAD_MUTEX_INITIALIZER;
61
62 /*******************************************************************************
63 **
64 ** Function nfc_ncif_update_window
65 **
66 ** Description Update tx cmd window to indicate that NFCC can received
67 **
68 ** Returns void
69 **
70 *******************************************************************************/
nfc_ncif_update_window(void)71 void nfc_ncif_update_window(void) {
72 /* Sanity check - see if we were expecting a update_window */
73 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
74 if (nfc_cb.nfc_state != NFC_STATE_W4_HAL_CLOSE) {
75 LOG(ERROR) << StringPrintf("nfc_ncif_update_window: Unexpected call");
76 }
77 return;
78 }
79
80 /* Stop command-pending timer */
81 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
82
83 nfc_cb.p_vsc_cback = nullptr;
84 nfc_cb.nci_cmd_window++;
85
86 /* Check if there were any commands waiting to be sent */
87 nfc_ncif_check_cmd_queue(nullptr);
88 }
89
90 /*******************************************************************************
91 **
92 ** Function nfc_ncif_cmd_timeout
93 **
94 ** Description Handle a command timeout
95 **
96 ** Returns void
97 **
98 *******************************************************************************/
nfc_ncif_cmd_timeout(void)99 void nfc_ncif_cmd_timeout(void) {
100 LOG(ERROR) << StringPrintf("nfc_ncif_cmd_timeout");
101
102 /* report an error */
103 nfc_ncif_event_status(NFC_GEN_ERROR_REVT, NFC_STATUS_HW_TIMEOUT);
104 nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
105
106 /* if enabling NFC, notify upper layer of failure */
107 if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
108 nfc_enabled(NFC_STATUS_FAILED, nullptr);
109 }
110 }
111
112 /*******************************************************************************
113 **
114 ** Function nfc_wait_2_deactivate_timeout
115 **
116 ** Description Handle a command timeout
117 **
118 ** Returns void
119 **
120 *******************************************************************************/
nfc_wait_2_deactivate_timeout(void)121 void nfc_wait_2_deactivate_timeout(void) {
122 LOG(ERROR) << StringPrintf("nfc_wait_2_deactivate_timeout");
123 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
124 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
125 }
126
127 /*******************************************************************************
128 **
129 ** Function nfc_ncif_send_data
130 **
131 ** Description This function is called to add the NCI data header
132 ** and send it to NCIT task for sending it to transport
133 ** as credits are available.
134 **
135 ** Returns void
136 **
137 *******************************************************************************/
nfc_ncif_send_data(tNFC_CONN_CB * p_cb,NFC_HDR * p_data)138 uint8_t nfc_ncif_send_data(tNFC_CONN_CB* p_cb, NFC_HDR* p_data) {
139 uint8_t* pp;
140 uint8_t* ps;
141 uint8_t ulen = NCI_MAX_PAYLOAD_SIZE;
142 NFC_HDR* p;
143 uint8_t pbf = 1;
144 uint8_t buffer_size = p_cb->buff_size;
145 uint8_t hdr0 = p_cb->conn_id;
146 bool fragmented = false;
147 bool empty_p_data = p_data == nullptr;
148
149 LOG(VERBOSE) << StringPrintf("nfc_ncif_send_data :%d, num_buff:%d qc:%d",
150 p_cb->conn_id, p_cb->num_buff, p_cb->tx_q.count);
151 if (p_cb->id == NFC_RF_CONN_ID) {
152 if (nfc_cb.nfc_state != NFC_STATE_OPEN) {
153 if (nfc_cb.nfc_state == NFC_STATE_CLOSING) {
154 if ((p_data == nullptr) && /* called because credit from NFCC */
155 (nfc_cb.flags & NFC_FL_DEACTIVATING)) {
156 if (p_cb->init_credits == p_cb->num_buff) {
157 /* all the credits are back */
158 nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
159 LOG(VERBOSE) << StringPrintf(
160 "deactivating NFC-DEP init_credits:%d, num_buff:%d",
161 p_cb->init_credits, p_cb->num_buff);
162 nfc_stop_timer(&nfc_cb.deactivate_timer);
163 nci_snd_deactivate_cmd((uint8_t)nfc_cb.deactivate_timer.param);
164 }
165 }
166 }
167 return NCI_STATUS_FAILED;
168 }
169 }
170
171 if (p_data) {
172 /* always enqueue the data to the tx queue */
173 GKI_enqueue(&p_cb->tx_q, p_data);
174 }
175
176 /* try to send the first data packet in the tx queue */
177 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
178
179 /* post data fragment to NCIT task as credits are available */
180 while (p_data && (p_cb->num_buff > 0)) {
181 if (p_data->len <= buffer_size) {
182 pbf = 0; /* last fragment */
183 ulen = (uint8_t)(p_data->len);
184 fragmented = false;
185 } else {
186 fragmented = true;
187 ulen = buffer_size;
188 }
189
190 if (!fragmented) {
191 /* if data packet is not fragmented, use the original buffer */
192 p = p_data;
193 p_data = (NFC_HDR*)GKI_dequeue(&p_cb->tx_q);
194 } else {
195 /* the data packet is too big and need to be fragmented
196 * prepare a new GKI buffer
197 * (even the last fragment to avoid issues) */
198 p = NCI_GET_CMD_BUF(ulen);
199 if (p == nullptr) return (NCI_STATUS_BUFFER_FULL);
200 p->len = ulen;
201 p->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE + 1;
202 if (p->len) {
203 pp = (uint8_t*)(p + 1) + p->offset;
204 ps = (uint8_t*)(p_data + 1) + p_data->offset;
205 memcpy(pp, ps, ulen);
206 }
207 /* adjust the NFC_HDR on the old fragment */
208 p_data->len -= ulen;
209 p_data->offset += ulen;
210 }
211
212 p->event = BT_EVT_TO_NFC_NCI;
213 p->layer_specific = pbf;
214 p->len += NCI_DATA_HDR_SIZE;
215 p->offset -= NCI_DATA_HDR_SIZE;
216 pp = (uint8_t*)(p + 1) + p->offset;
217 /* build NCI Data packet header */
218 NCI_DATA_PBLD_HDR(pp, pbf, hdr0, ulen);
219
220 if (p_cb->num_buff != NFC_CONN_NO_FC) p_cb->num_buff--;
221
222 /* send to HAL */
223 nfcsnoop_capture(p, false);
224 HAL_WRITE(p);
225
226 if (!fragmented) {
227 /* check if there are more data to send */
228 p_data = (NFC_HDR*)GKI_getfirst(&p_cb->tx_q);
229 }
230 }
231
232 // log duration for the first hce data response
233 if (!empty_p_data && (timer_start.tv_sec != 0 || timer_start.tv_usec != 0)) {
234 gettimeofday(&timer_end, nullptr);
235 uint32_t delta_time_ms = (timer_end.tv_sec - timer_start.tv_sec) * 1000 +
236 (timer_end.tv_usec - timer_start.tv_usec) / 1000;
237 memset(&timer_start, 0, sizeof(timer_start));
238 memset(&timer_end, 0, sizeof(timer_end));
239 nfc::stats::stats_write(nfc::stats::NFC_HCE_TRANSACTION_OCCURRED,
240 (int32_t)delta_time_ms);
241 LOG(VERBOSE) << StringPrintf("nfc_ncif_send_data delta_time:%d",
242 delta_time_ms);
243 }
244 return (NCI_STATUS_OK);
245 }
246
247 /*******************************************************************************
248 **
249 ** Function nfc_ncif_check_cmd_queue
250 **
251 ** Description Send NCI command to the transport
252 **
253 ** Returns void
254 **
255 *******************************************************************************/
nfc_ncif_check_cmd_queue(NFC_HDR * p_buf)256 void nfc_ncif_check_cmd_queue(NFC_HDR* p_buf) {
257 uint8_t* ps;
258 /* If there are commands waiting in the xmit queue, or if the controller
259 * cannot accept any more commands, */
260 /* then enqueue this command */
261 if (p_buf) {
262 if ((nfc_cb.nci_cmd_xmit_q.count) || (nfc_cb.nci_cmd_window == 0)) {
263 GKI_enqueue(&nfc_cb.nci_cmd_xmit_q, p_buf);
264 p_buf = nullptr;
265 }
266 }
267
268 /* If controller can accept another command, then send the next command */
269 if (nfc_cb.nci_cmd_window > 0) {
270 /* If no command was provided, or if older commands were in the queue, then
271 * get cmd from the queue */
272 if (!p_buf) p_buf = (NFC_HDR*)GKI_dequeue(&nfc_cb.nci_cmd_xmit_q);
273
274 if (p_buf) {
275 /* save the message header to double check the response */
276 ps = (uint8_t*)(p_buf + 1) + p_buf->offset;
277 memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
278 memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
279 // Check first byte to check if this is an NFCEE command
280 if (*ps == ((NCI_MT_CMD << NCI_MT_SHIFT) | NCI_GID_EE_MANAGE)) {
281 memcpy(nfc_cb.last_nfcee_cmd, ps + NCI_MSG_HDR_SIZE,
282 NFC_SAVED_CMD_SIZE);
283 }
284 if (p_buf->layer_specific == NFC_WAIT_RSP_VSC) {
285 /* save the callback for NCI VSCs) */
286 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
287 } else if (p_buf->layer_specific == NFC_WAIT_RSP_RAW_VS) {
288 /* save the callback for RAW VS */
289 nfc_cb.p_vsc_cback = (void*)((tNFC_NCI_VS_MSG*)p_buf)->p_cback;
290 nfc_cb.rawVsCbflag = true;
291 }
292
293 /* Indicate command is pending */
294 nfc_cb.nci_cmd_window--;
295
296 // Make sure the caches are consistent with other threads here.
297 (void)pthread_mutex_lock(&cache_flush);
298 (void)pthread_mutex_unlock(&cache_flush);
299
300 /* send to HAL */
301 nfcsnoop_capture(p_buf, false);
302 HAL_WRITE(p_buf);
303 /* start NFC command-timeout timer */
304 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
305 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
306 nfc_cb.nci_wait_rsp_tout);
307 }
308 }
309
310 if (nfc_cb.nci_cmd_window == NCI_MAX_CMD_WINDOW) {
311 /* the command queue must be empty now */
312 if (nfc_cb.flags & NFC_FL_CONTROL_REQUESTED) {
313 /* HAL requested control or stack needs to handle pre-discover */
314 nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
315 if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
316 if (nfc_cb.p_hal->prediscover()) {
317 /* HAL has the command window now */
318 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
319 nfc_cb.nci_cmd_window = 0;
320 } else {
321 /* HAL does not need to send command,
322 * - restore the command window and issue the discovery command now */
323 nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
324 ps = (uint8_t*)nfc_cb.p_disc_pending;
325 nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
326 GKI_freebuf(nfc_cb.p_disc_pending);
327 nfc_cb.p_disc_pending = nullptr;
328 }
329 } else if (nfc_cb.flags & NFC_FL_HAL_REQUESTED) {
330 /* grant the control to HAL */
331 nfc_cb.flags &= ~NFC_FL_HAL_REQUESTED;
332 nfc_cb.flags |= NFC_FL_CONTROL_GRANTED;
333 nfc_cb.nci_cmd_window = 0;
334 nfc_cb.p_hal->control_granted();
335 }
336 }
337 }
338 }
339
340 #if (APPL_DTA_MODE == TRUE)
341 /*******************************************************************************
342 **
343 ** Function nfc_ncif_getFWVersion
344 **
345 ** Description This function is called to fet the FW Version
346 **
347 ** Returns tNFC_FW_VERSION
348 **
349 *******************************************************************************/
nfc_ncif_getFWVersion()350 tNFC_FW_VERSION nfc_ncif_getFWVersion() { return nfc_fw_version; }
351 #endif
352
353 /*******************************************************************************
354 **
355 ** Function nfc_ncif_send_cmd
356 **
357 ** Description Send NCI command to the NCIT task
358 **
359 ** Returns void
360 **
361 *******************************************************************************/
nfc_ncif_send_cmd(NFC_HDR * p_buf)362 void nfc_ncif_send_cmd(NFC_HDR* p_buf) {
363 /* post the p_buf to NCIT task */
364 p_buf->event = BT_EVT_TO_NFC_NCI;
365 p_buf->layer_specific = 0;
366 nfc_ncif_check_cmd_queue(p_buf);
367 }
368
369 /*******************************************************************************
370 **
371 ** Function nfc_ncif_process_event
372 **
373 ** Description This function is called to process the
374 ** data/response/notification from NFCC
375 **
376 ** Returns TRUE if need to free buffer
377 **
378 *******************************************************************************/
nfc_ncif_process_event(NFC_HDR * p_msg)379 bool nfc_ncif_process_event(NFC_HDR* p_msg) {
380 uint8_t mt, pbf, gid, *p;
381 bool free = true;
382 uint8_t oid;
383 uint16_t len;
384 uint8_t *p_old, old_gid, old_oid, old_mt;
385
386 /* ignore all data while shutting down NFCC */
387 if (nfc_cb.nfc_state == NFC_STATE_W4_HAL_CLOSE) {
388 return free;
389 }
390
391 // Make sure the caches are consistent with other threads here.
392 (void)pthread_mutex_lock(&cache_flush);
393 (void)pthread_mutex_unlock(&cache_flush);
394
395 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
396
397 if (p_msg->len < 3) {
398 // Per NCI spec, every packets should have at least 3 bytes: HDR0, HDR1, and
399 // LEN field.
400 LOG(ERROR) << StringPrintf("Invalid NCI packet: p_msg->len: %d",
401 p_msg->len);
402 return free;
403 }
404
405 // LEN field contains the size of the payload, not including the 3-byte packet
406 // header.
407 len = p[2] + 3;
408 if (p_msg->len < len) {
409 // Making sure the packet holds enough data than it claims.
410 LOG(ERROR) << StringPrintf("Invalid NCI packet: p_msg->len (%d) < len (%d)",
411 p_msg->len, len);
412 return free;
413 }
414
415 nfcsnoop_capture(p_msg, true);
416
417 NCI_MSG_PRS_HDR0(p, mt, pbf, gid);
418 oid = ((*p) & NCI_OID_MASK);
419 if (nfc_cb.rawVsCbflag == true &&
420 nfc_ncif_proc_proprietary_rsp(mt, gid, oid) == true) {
421 nci_proc_prop_raw_vs_rsp(p_msg);
422 nfc_cb.rawVsCbflag = false;
423 return free;
424 }
425
426 switch (mt) {
427 case NCI_MT_DATA:
428 LOG(VERBOSE) << StringPrintf("NFC received data");
429 nfc_ncif_proc_data(p_msg);
430 free = false;
431 break;
432
433 case NCI_MT_RSP:
434 LOG(VERBOSE) << StringPrintf("NFC received rsp gid:%d", gid);
435 oid = ((*p) & NCI_OID_MASK);
436 p_old = nfc_cb.last_hdr;
437 NCI_MSG_PRS_HDR0(p_old, old_mt, pbf, old_gid);
438 old_oid = ((*p_old) & NCI_OID_MASK);
439 /* make sure this is the RSP we are waiting for before updating the
440 * command window */
441 if ((old_gid != gid) || (old_oid != oid)) {
442 LOG(ERROR) << StringPrintf(
443 "nfc_ncif_process_event unexpected rsp: gid:0x%x, oid:0x%x", gid,
444 oid);
445 return true;
446 }
447
448 switch (gid) {
449 case NCI_GID_CORE: /* 0000b NCI Core group */
450 free = nci_proc_core_rsp(p_msg);
451 break;
452 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
453 nci_proc_rf_management_rsp(p_msg);
454 break;
455 #if (NFC_NFCEE_INCLUDED == TRUE)
456 #if (NFC_RW_ONLY == FALSE)
457 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
458 nci_proc_ee_management_rsp(p_msg);
459 break;
460 #endif
461 #endif
462 case NCI_GID_PROP: /* 1111b Proprietary */
463 nci_proc_prop_rsp(p_msg);
464 break;
465 default:
466 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
467 break;
468 }
469
470 nfc_ncif_update_window();
471 break;
472
473 case NCI_MT_NTF:
474 LOG(VERBOSE) << StringPrintf("NFC received ntf gid:%d", gid);
475 switch (gid) {
476 case NCI_GID_CORE: /* 0000b NCI Core group */
477 nci_proc_core_ntf(p_msg);
478 break;
479 case NCI_GID_RF_MANAGE: /* 0001b NCI Discovery group */
480 nci_proc_rf_management_ntf(p_msg);
481 break;
482 #if (NFC_NFCEE_INCLUDED == TRUE)
483 #if (NFC_RW_ONLY == FALSE)
484 case NCI_GID_EE_MANAGE: /* 0x02 0010b NFCEE Discovery group */
485 nci_proc_ee_management_ntf(p_msg);
486 break;
487 #endif
488 #endif
489 case NCI_GID_PROP: /* 1111b Proprietary */
490 nci_proc_prop_ntf(p_msg);
491 break;
492 default:
493 LOG(ERROR) << StringPrintf("NFC: Unknown gid:%d", gid);
494 break;
495 }
496 break;
497
498 default:
499 LOG(VERBOSE) << StringPrintf("NFC received unknown mt:0x%x, gid:%d", mt,
500 gid);
501 }
502
503 return (free);
504 }
505
506 /*******************************************************************************
507 **
508 ** Function nfc_ncif_rf_management_status
509 **
510 ** Description This function is called to report an event
511 **
512 ** Returns void
513 **
514 *******************************************************************************/
nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event,uint8_t status)515 void nfc_ncif_rf_management_status(tNFC_DISCOVER_EVT event, uint8_t status) {
516 tNFC_DISCOVER evt_data;
517 if (nfc_cb.p_discv_cback) {
518 evt_data.status = (tNFC_STATUS)status;
519 (*nfc_cb.p_discv_cback)(event, &evt_data);
520 }
521 }
522
523 /*******************************************************************************
524 **
525 ** Function nfc_ncif_set_config_status
526 **
527 ** Description This function is called to report NFC_SET_CONFIG_REVT
528 **
529 ** Returns void
530 **
531 *******************************************************************************/
nfc_ncif_set_config_status(uint8_t * p,uint8_t len)532 void nfc_ncif_set_config_status(uint8_t* p, uint8_t len) {
533 tNFC_RESPONSE evt_data;
534 if (nfc_cb.p_resp_cback) {
535 evt_data.set_config.num_param_id = 0;
536 if (len == 0) {
537 LOG(ERROR) << StringPrintf("Insufficient RSP length");
538 evt_data.set_config.status = NFC_STATUS_SYNTAX_ERROR;
539 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
540 return;
541 }
542 evt_data.set_config.status = (tNFC_STATUS)*p++;
543 if (evt_data.set_config.status != NFC_STATUS_OK && len > 1) {
544 evt_data.set_config.num_param_id = *p++;
545 if (evt_data.set_config.num_param_id > NFC_MAX_NUM_IDS) {
546 android_errorWriteLog(0x534e4554, "114047681");
547 LOG(ERROR) << StringPrintf("OOB write num_param_id %d",
548 evt_data.set_config.num_param_id);
549 evt_data.set_config.num_param_id = 0;
550 } else if (evt_data.set_config.num_param_id <= len - 2) {
551 STREAM_TO_ARRAY(evt_data.set_config.param_ids, p,
552 evt_data.set_config.num_param_id);
553 } else {
554 LOG(ERROR) << StringPrintf("Insufficient RSP length %d,num_param_id %d",
555 len, evt_data.set_config.num_param_id);
556 evt_data.set_config.num_param_id = 0;
557 }
558 }
559 (*nfc_cb.p_resp_cback)(NFC_SET_CONFIG_REVT, &evt_data);
560 }
561 }
562
563 /*******************************************************************************
564 **
565 ** Function nfc_ncif_event_status
566 **
567 ** Description This function is called to report an event
568 **
569 ** Returns void
570 **
571 *******************************************************************************/
nfc_ncif_event_status(tNFC_RESPONSE_EVT event,uint8_t status)572 void nfc_ncif_event_status(tNFC_RESPONSE_EVT event, uint8_t status) {
573 tNFC_RESPONSE evt_data;
574 if (event == NFC_NFCC_TIMEOUT_REVT && status == NFC_STATUS_HW_TIMEOUT) {
575 uint32_t cmd_hdr = (nfc_cb.last_hdr[0] << 8) | nfc_cb.last_hdr[1];
576 nfc::stats::stats_write(nfc::stats::NFC_ERROR_OCCURRED,
577 (int32_t)NCI_TIMEOUT, (int32_t)cmd_hdr,
578 (int32_t)status);
579 }
580 if (nfc_cb.p_resp_cback) {
581 evt_data.status = (tNFC_STATUS)status;
582 (*nfc_cb.p_resp_cback)(event, &evt_data);
583 }
584 }
585
586 /*******************************************************************************
587 **
588 ** Function nfc_ncif_error_status
589 **
590 ** Description This function is called to report an error event to data
591 ** cback
592 **
593 ** Returns void
594 **
595 *******************************************************************************/
nfc_ncif_error_status(uint8_t conn_id,uint8_t status)596 void nfc_ncif_error_status(uint8_t conn_id, uint8_t status) {
597 tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
598 if (p_cb && p_cb->p_cback) {
599 tNFC_CONN nfc_conn;
600 nfc_conn.status = status;
601 (*p_cb->p_cback)(conn_id, NFC_ERROR_CEVT, &nfc_conn);
602 }
603 nfc::stats::stats_write(nfc::stats::NFC_ERROR_OCCURRED, (int32_t)ERROR_NTF,
604 (int32_t)0, (int32_t)status);
605 }
606
607 /*******************************************************************************
608 **
609 ** Function nfc_ncif_proc_rf_field_ntf
610 **
611 ** Description This function is called to process RF field notification
612 **
613 ** Returns void
614 **
615 *******************************************************************************/
616 #if (NFC_RW_ONLY == FALSE)
nfc_ncif_proc_rf_field_ntf(uint8_t rf_status)617 void nfc_ncif_proc_rf_field_ntf(uint8_t rf_status) {
618 tNFC_RESPONSE evt_data;
619 if (nfc_cb.p_resp_cback) {
620 evt_data.status = (tNFC_STATUS)NFC_STATUS_OK;
621 evt_data.rf_field.rf_field = rf_status;
622 (*nfc_cb.p_resp_cback)(NFC_RF_FIELD_REVT, &evt_data);
623 }
624 }
625 #endif
626
627 /*******************************************************************************
628 **
629 ** Function nfc_ncif_proc_credits
630 **
631 ** Description This function is called to process data credits
632 **
633 ** Returns void
634 **
635 *******************************************************************************/
nfc_ncif_proc_credits(uint8_t * p,uint16_t plen)636 void nfc_ncif_proc_credits(uint8_t* p, uint16_t plen) {
637 uint8_t num, xx;
638 tNFC_CONN_CB* p_cb;
639
640 if (plen != 0) {
641 num = *p++;
642 plen--;
643 if (num * 2 > plen) {
644 android_errorWriteLog(0x534e4554, "118148142");
645 return;
646 }
647 for (xx = 0; xx < num; xx++) {
648 p_cb = nfc_find_conn_cb_by_conn_id(*p++);
649 if (p_cb && p_cb->num_buff != NFC_CONN_NO_FC) {
650 p_cb->num_buff += (*p);
651 #if (BT_USE_TRACES == TRUE)
652 if (p_cb->num_buff > p_cb->init_credits) {
653 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
654 /* if this happens in activated state, it's very likely that our
655 * NFCC has issues */
656 /* However, credit may be returned after deactivation */
657 LOG(ERROR) << StringPrintf("num_buff:0x%x, init_credits:0x%x",
658 p_cb->num_buff, p_cb->init_credits);
659 }
660 p_cb->num_buff = p_cb->init_credits;
661 }
662 #endif
663 /* check if there's nay data in tx q to be sent */
664 nfc_ncif_send_data(p_cb, nullptr);
665 }
666 p++;
667 }
668 }
669 }
670 /*******************************************************************************
671 **
672 ** Function nfc_ncif_decode_rf_params
673 **
674 ** Description This function is called to process the detected technology
675 ** and mode and the associated parameters for DISCOVER_NTF and
676 ** ACTIVATE_NTF
677 **
678 ** Returns void
679 **
680 *******************************************************************************/
nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS * p_param,uint8_t * p)681 uint8_t* nfc_ncif_decode_rf_params(tNFC_RF_TECH_PARAMS* p_param, uint8_t* p) {
682 tNFC_RF_PA_PARAMS* p_pa;
683 uint8_t len, *p_start, u8;
684 tNFC_RF_PB_PARAMS* p_pb;
685 tNFC_RF_LF_PARAMS* p_lf;
686 tNFC_RF_PF_PARAMS* p_pf;
687 tNFC_RF_PISO15693_PARAMS* p_i93;
688 uint8_t plen;
689 plen = len = *p++;
690 p_start = p;
691 memset(&p_param->param, 0, sizeof(tNFC_RF_TECH_PARAMU));
692
693 if (NCI_DISCOVERY_TYPE_POLL_A == p_param->mode) {
694 p_pa = &p_param->param.pa;
695 /*
696 SENS_RES Response 2 bytes Defined in [DIGPROT] Available after Technology
697 Detection
698 NFCID1 length 1 byte Length of NFCID1 Available after Collision Resolution
699 NFCID1 4, 7, or 10 bytes Defined in [DIGPROT]Available after Collision
700 Resolution
701 SEL_RES Response 1 byte Defined in [DIGPROT]Available after Collision
702 Resolution
703 HRx Length 1 Octets Length of HRx Parameters collected from the response to
704 the T1T RID command.
705 HRx 0 or 2 Octets If present, the first byte SHALL contain HR0 and the second
706 byte SHALL contain HR1 as defined in [DIGITAL].
707 */
708 if (plen < 3) {
709 goto invalid_packet;
710 }
711 plen -= 3;
712 STREAM_TO_ARRAY(p_pa->sens_res, p, 2);
713 p_pa->nfcid1_len = *p++;
714 if (p_pa->nfcid1_len > NCI_NFCID1_MAX_LEN)
715 p_pa->nfcid1_len = NCI_NFCID1_MAX_LEN;
716
717 if (plen < p_pa->nfcid1_len + 1) {
718 goto invalid_packet;
719 }
720 plen -= (p_pa->nfcid1_len + 1);
721 STREAM_TO_ARRAY(p_pa->nfcid1, p, p_pa->nfcid1_len);
722 u8 = *p++;
723
724 if (u8) {
725 if (plen < 1) {
726 goto invalid_packet;
727 }
728 plen--;
729 p_pa->sel_rsp = *p++;
730 }
731
732 if (len ==
733 (7 + p_pa->nfcid1_len + u8)) /* 2(sens_res) + 1(len) +
734 p_pa->nfcid1_len + 1(len) + u8 + hr
735 (1:len + 2) */
736 {
737 p_pa->hr_len = *p++;
738 if (p_pa->hr_len == NCI_T1T_HR_LEN) {
739 p_pa->hr[0] = *p++;
740 p_pa->hr[1] = *p;
741 }
742 }
743 } else if (NCI_DISCOVERY_TYPE_POLL_B == p_param->mode) {
744 /*
745 SENSB_RES Response length (n) 1 byte Length of SENSB_RES Response (Byte 2 -
746 Byte 12 or 13)Available after Technology Detection
747 SENSB_RES Response Byte 2 - Byte 12 or 13 11 or 12 bytes Defined in [DIGPROT]
748 Available after Technology Detection
749 */
750 p_pb = &p_param->param.pb;
751
752 if (plen < 1) {
753 goto invalid_packet;
754 }
755 plen--;
756 p_pb->sensb_res_len = *p++;
757 if (p_pb->sensb_res_len > NCI_MAX_SENSB_RES_LEN)
758 p_pb->sensb_res_len = NCI_MAX_SENSB_RES_LEN;
759
760 if (plen < p_pb->sensb_res_len) {
761 goto invalid_packet;
762 }
763 plen -= p_pb->sensb_res_len;
764 STREAM_TO_ARRAY(p_pb->sensb_res, p, p_pb->sensb_res_len);
765 memcpy(p_pb->nfcid0, p_pb->sensb_res, NFC_NFCID0_MAX_LEN);
766 p_pb->fwi = p_pb->sensb_res[10] >> 4;
767 } else if (NCI_DISCOVERY_TYPE_POLL_F == p_param->mode) {
768 /*
769 Bit Rate 1 byte 1 212 kbps/2 424 kbps/0 and 3 to 255 RFU
770 SENSF_RES Response length.(n) 1 byte Length of SENSF_RES (Byte 2 - Byte 17 or
771 19).Available after Technology Detection
772 SENSF_RES Response Byte 2 - Byte 17 or 19 n bytes Defined in [DIGPROT]
773 Available after Technology Detection
774 */
775 p_pf = &p_param->param.pf;
776
777 if (plen < 2) {
778 goto invalid_packet;
779 }
780 plen -= 2;
781 p_pf->bit_rate = *p++;
782 p_pf->sensf_res_len = *p++;
783 if (p_pf->sensf_res_len > NCI_MAX_SENSF_RES_LEN)
784 p_pf->sensf_res_len = NCI_MAX_SENSF_RES_LEN;
785
786 if (plen < p_pf->sensf_res_len) {
787 goto invalid_packet;
788 }
789 plen -= p_pf->sensf_res_len;
790 STREAM_TO_ARRAY(p_pf->sensf_res, p, p_pf->sensf_res_len);
791
792 if (p_pf->sensf_res_len < NCI_MRTI_UPDATE_INDEX + 1) {
793 goto invalid_packet;
794 }
795 memcpy(p_pf->nfcid2, p_pf->sensf_res, NCI_NFCID2_LEN);
796 p_pf->mrti_check = p_pf->sensf_res[NCI_MRTI_CHECK_INDEX];
797 p_pf->mrti_update = p_pf->sensf_res[NCI_MRTI_UPDATE_INDEX];
798 } else if (NCI_DISCOVERY_TYPE_LISTEN_F == p_param->mode) {
799 p_lf = &p_param->param.lf;
800
801 if (plen < 1) {
802 goto invalid_packet;
803 }
804 plen--;
805 u8 = *p++;
806 if (u8) {
807 if (plen < NCI_NFCID2_LEN) {
808 goto invalid_packet;
809 }
810 plen -= NCI_NFCID2_LEN;
811 STREAM_TO_ARRAY(p_lf->nfcid2, p, NCI_NFCID2_LEN);
812 }
813 } else if (NCI_DISCOVERY_TYPE_POLL_V == p_param->mode) {
814 p_i93 = &p_param->param.pi93;
815
816 if (plen < 2) {
817 goto invalid_packet;
818 }
819 plen -= 2;
820 p_i93->flag = *p++;
821 p_i93->dsfid = *p++;
822
823 if (plen < NFC_ISO15693_UID_LEN) {
824 goto invalid_packet;
825 }
826 plen -= NFC_ISO15693_UID_LEN;
827 STREAM_TO_ARRAY(p_i93->uid, p, NFC_ISO15693_UID_LEN);
828 } else if (NCI_DISCOVERY_TYPE_POLL_KOVIO == p_param->mode) {
829 p_param->param.pk.uid_len = len;
830 if (p_param->param.pk.uid_len > NFC_KOVIO_MAX_LEN) {
831 LOG(ERROR) << StringPrintf("Kovio UID len:0x%x exceeds max(0x%x)",
832 p_param->param.pk.uid_len, NFC_KOVIO_MAX_LEN);
833 p_param->param.pk.uid_len = NFC_KOVIO_MAX_LEN;
834 }
835 STREAM_TO_ARRAY(p_param->param.pk.uid, p, p_param->param.pk.uid_len);
836 }
837
838 invalid_packet:
839 return (p_start + len);
840 }
841
842 /*******************************************************************************
843 **
844 ** Function nfc_ncif_proc_discover_ntf
845 **
846 ** Description This function is called to process discover notification
847 **
848 ** Returns void
849 **
850 *******************************************************************************/
nfc_ncif_proc_discover_ntf(uint8_t * p,uint16_t plen)851 void nfc_ncif_proc_discover_ntf(uint8_t* p, uint16_t plen) {
852 tNFC_DISCOVER evt_data;
853
854 if (nfc_cb.p_discv_cback) {
855 // validate packet length should be larger than (NCI header + rf_disc_id +
856 // protocol + mode + length of rf parameters).
857 if (plen < NCI_MSG_HDR_SIZE + 4) {
858 evt_data.status = NCI_STATUS_FAILED;
859 goto invalid_packet;
860 }
861 plen -= (NCI_MSG_HDR_SIZE + 4);
862 p += NCI_MSG_HDR_SIZE;
863 evt_data.status = NCI_STATUS_OK;
864 evt_data.result.rf_disc_id = *p++;
865 evt_data.result.protocol = *p++;
866
867 /* fill in tNFC_RESULT_DEVT */
868 evt_data.result.rf_tech_param.mode = *p++;
869
870 // validate packet length should be larger than (rf_tech_param + ntf_type)
871 if (plen < *p + 1) {
872 evt_data.status = NCI_STATUS_FAILED;
873 goto invalid_packet;
874 }
875 plen -= (*p + 1);
876 p = nfc_ncif_decode_rf_params(&evt_data.result.rf_tech_param, p);
877
878 evt_data.result.more = *p++;
879
880 invalid_packet:
881 (*nfc_cb.p_discv_cback)(NFC_RESULT_DEVT, &evt_data);
882 }
883 }
884
885 /*******************************************************************************
886 **
887 ** Function nfc_ncif_proc_isodep_nak_presence_check_status
888 **
889 ** Description This function is called to handle response and notification
890 ** for presence check nak command
891 **
892 ** Returns void
893 **
894 *******************************************************************************/
nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,bool is_ntf)895 void nfc_ncif_proc_isodep_nak_presence_check_status(uint8_t status,
896 bool is_ntf) {
897 rw_t4t_handle_isodep_nak_rsp(status, is_ntf);
898 }
899
900 /*******************************************************************************
901 **
902 ** Function nfc_ncif_proc_charging_status
903 **
904 ** Description This function is called to process WPT start response
905 **
906 ** Returns void
907 **
908 *******************************************************************************/
nfc_ncif_proc_charging_status(uint8_t * p,uint8_t len)909 void nfc_ncif_proc_charging_status(uint8_t* p, uint8_t len) {
910 tNFC_DISCOVER evt_data;
911
912 if (len != 1) {
913 evt_data.status = NCI_STATUS_FAILED;
914 LOG(ERROR) << StringPrintf("%s; bad len:0x%x", __func__, len);
915 goto invalid_packet;
916 }
917
918 evt_data.status = NCI_STATUS_OK;
919 /* Return WPT End Condition */
920 evt_data.wpt_result = *p;
921
922 LOG(VERBOSE) << StringPrintf("%s; wpt_result=%d", __func__,
923 evt_data.wpt_result);
924
925 invalid_packet:
926 if (nfc_cb.p_discv_cback) {
927 (*nfc_cb.p_discv_cback)(NFC_WPT_RESULT_DEVT, &evt_data);
928 }
929 }
930
931 /*******************************************************************************
932 **
933 ** Function nfc_ncif_proc_activate
934 **
935 ** Description This function is called to process de-activate
936 ** response and notification
937 **
938 ** Returns void
939 **
940 *******************************************************************************/
nfc_ncif_proc_activate(uint8_t * p,uint8_t len)941 void nfc_ncif_proc_activate(uint8_t* p, uint8_t len) {
942 tNFC_DISCOVER evt_data;
943 tNFC_INTF_PARAMS* p_intf = &evt_data.activate.intf_param;
944 tNFC_INTF_PA_ISO_DEP* p_pa_iso;
945 tNFC_INTF_LB_ISO_DEP* p_lb_iso;
946 tNFC_INTF_PB_ISO_DEP* p_pb_iso;
947 uint8_t t0;
948 tNCI_DISCOVERY_TYPE mode;
949 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
950 uint8_t *pp, len_act;
951 uint8_t buff_size, num_buff;
952 tNFC_RF_PA_PARAMS* p_pa;
953 uint8_t plen = len, pplen = 0;
954
955 nfc_set_state(NFC_STATE_OPEN);
956
957 memset(p_intf, 0, sizeof(tNFC_INTF_PARAMS));
958 // validate packet length should be larger than (rf_disc_id + type +
959 // protocol + mode + buff_size + num_buff + length of rf parameters).
960 if (plen < 7) {
961 evt_data.status = NCI_STATUS_FAILED;
962 goto invalid_packet;
963 }
964 plen -= 7;
965
966 evt_data.activate.rf_disc_id = *p++;
967 p_intf->type = *p++;
968 evt_data.activate.protocol = *p++;
969
970 if (evt_data.activate.protocol == NCI_PROTOCOL_18092_ACTIVE)
971 evt_data.activate.protocol = NCI_PROTOCOL_NFC_DEP;
972
973 evt_data.activate.rf_tech_param.mode = *p++;
974 buff_size = *p++;
975 num_buff = *p++;
976 /* fill in tNFC_activate_DEVT */
977 // validate remaining packet length should be larger than (rf_tech_param +
978 // data_mode + tx_bitrate + rx_bitrte + len_act).
979 if (plen < *p + 4) {
980 evt_data.status = NCI_STATUS_FAILED;
981 goto invalid_packet;
982 }
983 plen -= (*p + 4);
984 p = nfc_ncif_decode_rf_params(&evt_data.activate.rf_tech_param, p);
985
986 evt_data.activate.data_mode = *p++;
987 evt_data.activate.tx_bitrate = *p++;
988 evt_data.activate.rx_bitrate = *p++;
989 mode = evt_data.activate.rf_tech_param.mode;
990 len_act = *p++;
991 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_activate:%d %d, mode:0x%02x", len,
992 len_act, mode);
993 /* just in case the interface reports activation parameters not defined in the
994 * NCI spec */
995 p_intf->intf_param.frame.param_len = len_act;
996 if (p_intf->intf_param.frame.param_len > NFC_MAX_RAW_PARAMS)
997 p_intf->intf_param.frame.param_len = NFC_MAX_RAW_PARAMS;
998 pp = p;
999
1000 if (plen < p_intf->intf_param.frame.param_len) {
1001 evt_data.status = NCI_STATUS_FAILED;
1002 goto invalid_packet;
1003 }
1004 STREAM_TO_ARRAY(p_intf->intf_param.frame.param, pp,
1005 p_intf->intf_param.frame.param_len);
1006 if (evt_data.activate.intf_param.type == NCI_INTERFACE_ISO_DEP) {
1007 /* Make max payload of NCI aligned to max payload of ISO-DEP for better
1008 * performance */
1009 if (buff_size > NCI_ISO_DEP_MAX_INFO) buff_size = NCI_ISO_DEP_MAX_INFO;
1010
1011 switch (mode) {
1012 case NCI_DISCOVERY_TYPE_POLL_A:
1013 p_pa_iso = &p_intf->intf_param.pa_iso;
1014
1015 if (plen < 1) {
1016 evt_data.status = NCI_STATUS_FAILED;
1017 goto invalid_packet;
1018 }
1019 plen--;
1020 p_pa_iso->ats_res_len = *p++;
1021
1022 if (p_pa_iso->ats_res_len == 0) break;
1023
1024 if (p_pa_iso->ats_res_len > NFC_MAX_ATS_LEN)
1025 p_pa_iso->ats_res_len = NFC_MAX_ATS_LEN;
1026
1027 if (plen < p_pa_iso->ats_res_len) {
1028 evt_data.status = NCI_STATUS_FAILED;
1029 goto invalid_packet;
1030 }
1031 plen -= p_pa_iso->ats_res_len;
1032 STREAM_TO_ARRAY(p_pa_iso->ats_res, p, p_pa_iso->ats_res_len);
1033
1034 pplen = p_pa_iso->ats_res_len;
1035 pp = &p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
1036 t0 = p_pa_iso->ats_res[NCI_ATS_T0_INDEX];
1037 pp++; /* T0 */
1038 pplen--;
1039 if (t0 & NCI_ATS_TA_MASK) {
1040 if (pplen < 1) {
1041 evt_data.status = NCI_STATUS_FAILED;
1042 goto invalid_packet;
1043 }
1044 pplen--;
1045 pp++; /* TA */
1046 }
1047 if (t0 & NCI_ATS_TB_MASK) {
1048 /* FWI (Frame Waiting time Integer) & SPGI (Start-up Frame Guard time
1049 * Integer) */
1050 if (pplen < 1) {
1051 evt_data.status = NCI_STATUS_FAILED;
1052 goto invalid_packet;
1053 }
1054 pplen--;
1055 p_pa_iso->fwi = (((*pp) >> 4) & 0x0F);
1056 p_pa_iso->sfgi = ((*pp) & 0x0F);
1057 pp++; /* TB */
1058 }
1059 if (t0 & NCI_ATS_TC_MASK) {
1060 if (pplen < 1) {
1061 evt_data.status = NCI_STATUS_FAILED;
1062 goto invalid_packet;
1063 }
1064 pplen--;
1065 p_pa_iso->nad_used = ((*pp) & 0x01);
1066 pp++; /* TC */
1067 }
1068 p_pa_iso->his_byte_len =
1069 (uint8_t)(p_pa_iso->ats_res_len - (pp - p_pa_iso->ats_res));
1070 if (p_pa_iso->his_byte_len > NFC_MAX_HIS_BYTES_LEN)
1071 p_pa_iso->his_byte_len = NFC_MAX_HIS_BYTES_LEN;
1072 if (pplen < p_pa_iso->his_byte_len) {
1073 evt_data.status = NCI_STATUS_FAILED;
1074 goto invalid_packet;
1075 }
1076 memcpy(p_pa_iso->his_byte, pp, p_pa_iso->his_byte_len);
1077 break;
1078
1079 case NCI_DISCOVERY_TYPE_LISTEN_A:
1080 if (plen < 1) {
1081 evt_data.status = NCI_STATUS_FAILED;
1082 goto invalid_packet;
1083 }
1084 plen--;
1085 p_intf->intf_param.la_iso.rats = *p++;
1086 gettimeofday(&timer_start, nullptr);
1087 break;
1088
1089 case NCI_DISCOVERY_TYPE_POLL_B:
1090 /* ATTRIB RSP
1091 Byte 1 Byte 2 ~ 2+n-1
1092 MBLI/DID Higher layer - Response
1093 */
1094 p_pb_iso = &p_intf->intf_param.pb_iso;
1095
1096 if (plen < 1) {
1097 evt_data.status = NCI_STATUS_FAILED;
1098 goto invalid_packet;
1099 }
1100 plen--;
1101 p_pb_iso->attrib_res_len = *p++;
1102
1103 if (p_pb_iso->attrib_res_len == 0) break;
1104
1105 if (p_pb_iso->attrib_res_len > NFC_MAX_ATTRIB_LEN)
1106 p_pb_iso->attrib_res_len = NFC_MAX_ATTRIB_LEN;
1107
1108 if (plen < p_pb_iso->attrib_res_len) {
1109 evt_data.status = NCI_STATUS_FAILED;
1110 goto invalid_packet;
1111 }
1112 plen -= p_pb_iso->attrib_res_len;
1113 STREAM_TO_ARRAY(p_pb_iso->attrib_res, p, p_pb_iso->attrib_res_len);
1114 p_pb_iso->mbli = (p_pb_iso->attrib_res[0]) >> 4;
1115 if (p_pb_iso->attrib_res_len > NFC_PB_ATTRIB_REQ_FIXED_BYTES) {
1116 p_pb_iso->hi_info_len =
1117 p_pb_iso->attrib_res_len - NFC_PB_ATTRIB_REQ_FIXED_BYTES;
1118 if (p_pb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1119 p_pb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1120 memcpy(p_pb_iso->hi_info,
1121 &p_pb_iso->attrib_res[NFC_PB_ATTRIB_REQ_FIXED_BYTES],
1122 p_pb_iso->hi_info_len);
1123 }
1124 break;
1125
1126 case NCI_DISCOVERY_TYPE_LISTEN_B:
1127 /* ATTRIB CMD
1128 Byte 2~5 Byte 6 Byte 7 Byte 8 Byte 9 Byte 10 ~ 10+k-1
1129 NFCID0 Param 1 Param 2 Param 3 Param 4 Higher layer - INF
1130 */
1131 p_lb_iso = &p_intf->intf_param.lb_iso;
1132
1133 if (plen < 1) {
1134 evt_data.status = NCI_STATUS_FAILED;
1135 goto invalid_packet;
1136 }
1137 plen--;
1138 p_lb_iso->attrib_req_len = *p++;
1139
1140 if (p_lb_iso->attrib_req_len == 0) break;
1141
1142 if (p_lb_iso->attrib_req_len > NFC_MAX_ATTRIB_LEN)
1143 p_lb_iso->attrib_req_len = NFC_MAX_ATTRIB_LEN;
1144
1145 if (plen < p_lb_iso->attrib_req_len) {
1146 evt_data.status = NCI_STATUS_FAILED;
1147 goto invalid_packet;
1148 }
1149 plen -= p_lb_iso->attrib_req_len;
1150 STREAM_TO_ARRAY(p_lb_iso->attrib_req, p, p_lb_iso->attrib_req_len);
1151
1152 if (p_lb_iso->attrib_req_len < NFC_NFCID0_MAX_LEN) {
1153 evt_data.status = NCI_STATUS_FAILED;
1154 goto invalid_packet;
1155 }
1156 memcpy(p_lb_iso->nfcid0, p_lb_iso->attrib_req, NFC_NFCID0_MAX_LEN);
1157 if (p_lb_iso->attrib_req_len > NFC_LB_ATTRIB_REQ_FIXED_BYTES) {
1158 p_lb_iso->hi_info_len =
1159 p_lb_iso->attrib_req_len - NFC_LB_ATTRIB_REQ_FIXED_BYTES;
1160 if (p_lb_iso->hi_info_len > NFC_MAX_GEN_BYTES_LEN)
1161 p_lb_iso->hi_info_len = NFC_MAX_GEN_BYTES_LEN;
1162 memcpy(p_lb_iso->hi_info,
1163 &p_lb_iso->attrib_req[NFC_LB_ATTRIB_REQ_FIXED_BYTES],
1164 p_lb_iso->hi_info_len);
1165 }
1166 gettimeofday(&timer_start, nullptr);
1167 break;
1168 }
1169
1170 } else if ((evt_data.activate.intf_param.type == NCI_INTERFACE_FRAME) &&
1171 (evt_data.activate.protocol == NCI_PROTOCOL_T1T)) {
1172 p_pa = &evt_data.activate.rf_tech_param.param.pa;
1173 if ((len_act == NCI_T1T_HR_LEN) && (p_pa->hr_len == 0)) {
1174 p_pa->hr_len = NCI_T1T_HR_LEN;
1175
1176 if (plen < 2) {
1177 evt_data.status = NCI_STATUS_FAILED;
1178 goto invalid_packet;
1179 }
1180 plen -= 2;
1181 p_pa->hr[0] = *p++;
1182 p_pa->hr[1] = *p++;
1183 }
1184 }
1185
1186 p_cb->act_protocol = evt_data.activate.protocol;
1187 p_cb->act_interface = evt_data.activate.intf_param.type;
1188 p_cb->buff_size = buff_size;
1189 p_cb->num_buff = num_buff;
1190 p_cb->init_credits = num_buff;
1191
1192 invalid_packet:
1193 if (nfc_cb.p_discv_cback) {
1194 (*nfc_cb.p_discv_cback)(NFC_ACTIVATE_DEVT, &evt_data);
1195 }
1196 }
1197
1198 /*******************************************************************************
1199 **
1200 ** Function nfc_ncif_proc_deactivate
1201 **
1202 ** Description This function is called to process de-activate
1203 ** response and notification
1204 **
1205 ** Returns void
1206 **
1207 *******************************************************************************/
nfc_ncif_proc_deactivate(uint8_t status,uint8_t deact_type,bool is_ntf)1208 void nfc_ncif_proc_deactivate(uint8_t status, uint8_t deact_type, bool is_ntf) {
1209 tNFC_DISCOVER evt_data;
1210 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1211 void* p_data;
1212
1213 nfc_set_state(NFC_STATE_IDLE);
1214 evt_data.deactivate.status = status;
1215 evt_data.deactivate.type = deact_type;
1216 evt_data.deactivate.is_ntf = is_ntf;
1217 if (NFC_GetNCIVersion() >= NCI_VERSION_2_0) {
1218 evt_data.deactivate.reason = nfc_cb.deact_reason;
1219 }
1220
1221 while ((p_data = GKI_dequeue(&p_cb->rx_q)) != nullptr) {
1222 GKI_freebuf(p_data);
1223 }
1224
1225 while ((p_data = GKI_dequeue(&p_cb->tx_q)) != nullptr) {
1226 GKI_freebuf(p_data);
1227 }
1228
1229 if (p_cb->p_cback) {
1230 tNFC_CONN nfc_conn;
1231 nfc_conn.deactivate = evt_data.deactivate;
1232 (*p_cb->p_cback)(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &nfc_conn);
1233 }
1234
1235 if (nfc_cb.p_discv_cback) {
1236 (*nfc_cb.p_discv_cback)(NFC_DEACTIVATE_DEVT, &evt_data);
1237 }
1238
1239 // clear previous stored tick count if not comsumed
1240 if (timer_start.tv_sec != 0 || timer_start.tv_usec != 0) {
1241 memset(&timer_start, 0, sizeof(timer_start));
1242 }
1243 }
1244 /*******************************************************************************
1245 **
1246 ** Function nfc_ncif_proc_ee_action
1247 **
1248 ** Description This function is called to process NFCEE ACTION NTF
1249 **
1250 ** Returns void
1251 **
1252 *******************************************************************************/
1253 #if (NFC_NFCEE_INCLUDED == TRUE && NFC_RW_ONLY == FALSE)
nfc_ncif_proc_ee_action(uint8_t * p,uint16_t plen)1254 void nfc_ncif_proc_ee_action(uint8_t* p, uint16_t plen) {
1255 tNFC_EE_ACTION_REVT evt_data;
1256 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1257 tNFC_RESPONSE nfc_response;
1258 uint8_t data_len, ulen, tag, *p_data;
1259 uint8_t max_len;
1260
1261 if (p_cback) {
1262 memset(&evt_data.act_data, 0, sizeof(tNFC_ACTION_DATA));
1263 if (plen > 3) {
1264 plen -= 3;
1265 } else {
1266 evt_data.status = NFC_STATUS_FAILED;
1267 evt_data.nfcee_id = 0;
1268 nfc_response.ee_action = evt_data;
1269 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1270 android_errorWriteLog(0x534e4554, "157649306");
1271 return;
1272 }
1273 evt_data.status = NFC_STATUS_OK;
1274 evt_data.nfcee_id = *p++;
1275 evt_data.act_data.trigger = *p++;
1276 data_len = *p++;
1277 if (data_len > plen) data_len = (uint8_t)plen;
1278
1279 switch (evt_data.act_data.trigger) {
1280 case NCI_EE_TRIG_7816_SELECT:
1281 if (data_len > NFC_MAX_AID_LEN) data_len = NFC_MAX_AID_LEN;
1282 evt_data.act_data.param.aid.len_aid = data_len;
1283 STREAM_TO_ARRAY(evt_data.act_data.param.aid.aid, p, data_len);
1284 break;
1285 case NCI_EE_TRIG_RF_PROTOCOL:
1286 evt_data.act_data.param.protocol = *p++;
1287 break;
1288 case NCI_EE_TRIG_RF_TECHNOLOGY:
1289 evt_data.act_data.param.technology = *p++;
1290 break;
1291 case NCI_EE_TRIG_APP_INIT:
1292 while (data_len > NFC_TL_SIZE) {
1293 data_len -= NFC_TL_SIZE;
1294 tag = *p++;
1295 ulen = *p++;
1296 if (ulen > data_len) ulen = data_len;
1297 p_data = nullptr;
1298 max_len = ulen;
1299 switch (tag) {
1300 case NCI_EE_ACT_TAG_AID: /* AID */
1301 if (max_len > NFC_MAX_AID_LEN) max_len = NFC_MAX_AID_LEN;
1302 evt_data.act_data.param.app_init.len_aid = max_len;
1303 p_data = evt_data.act_data.param.app_init.aid;
1304 break;
1305 case NCI_EE_ACT_TAG_DATA: /* hex data for app */
1306 if (max_len > NFC_MAX_APP_DATA_LEN)
1307 max_len = NFC_MAX_APP_DATA_LEN;
1308 evt_data.act_data.param.app_init.len_data = max_len;
1309 p_data = evt_data.act_data.param.app_init.data;
1310 break;
1311 }
1312 if (p_data) {
1313 STREAM_TO_ARRAY(p_data, p, max_len);
1314 }
1315 data_len -= ulen;
1316 }
1317 break;
1318 }
1319 nfc_response.ee_action = evt_data;
1320 (*p_cback)(NFC_EE_ACTION_REVT, &nfc_response);
1321 }
1322 }
1323
1324 /*******************************************************************************
1325 **
1326 ** Function nfc_ncif_proc_ee_discover_req
1327 **
1328 ** Description This function is called to process NFCEE DISCOVER REQ NTF
1329 **
1330 ** Returns void
1331 **
1332 *******************************************************************************/
nfc_ncif_proc_ee_discover_req(uint8_t * p,uint16_t plen)1333 void nfc_ncif_proc_ee_discover_req(uint8_t* p, uint16_t plen) {
1334 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1335 tNFC_EE_DISCOVER_REQ_REVT ee_disc_req;
1336 tNFC_EE_DISCOVER_INFO* p_info;
1337 uint8_t u8;
1338
1339 if (!plen) {
1340 android_errorWriteLog(0x534e4554, "221856662");
1341 return;
1342 }
1343
1344 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_ee_discover_req %d len:%d", *p,
1345 plen);
1346
1347 if (!plen) {
1348 android_errorWriteLog(0x534e4554, "221856662");
1349 return;
1350 }
1351
1352 if (*p > NFC_MAX_EE_DISC_ENTRIES) {
1353 android_errorWriteLog(0x534e4554, "122361874");
1354 LOG(ERROR) << __func__ << "Exceed NFC_MAX_EE_DISC_ENTRIES";
1355 return;
1356 }
1357
1358 if (p_cback) {
1359 u8 = *p;
1360 ee_disc_req.status = NFC_STATUS_OK;
1361 ee_disc_req.num_info = *p++;
1362 p_info = ee_disc_req.info;
1363 if (plen) plen--;
1364 while ((u8 > 0) && (plen >= NFC_EE_DISCOVER_ENTRY_LEN)) {
1365 p_info->op = *p++; /* T */
1366 if (*p != NFC_EE_DISCOVER_INFO_LEN) /* L */
1367 {
1368 LOG(VERBOSE) << StringPrintf("bad entry len:%d", *p);
1369 return;
1370 }
1371 p++;
1372 /* V */
1373 p_info->nfcee_id = *p++;
1374 p_info->tech_n_mode = *p++;
1375 p_info->protocol = *p++;
1376 u8--;
1377 plen -= NFC_EE_DISCOVER_ENTRY_LEN;
1378 p_info++;
1379 }
1380 tNFC_RESPONSE nfc_response;
1381 nfc_response.ee_discover_req = ee_disc_req;
1382 (*p_cback)(NFC_EE_DISCOVER_REQ_REVT, &nfc_response);
1383 }
1384 }
1385
1386 /*******************************************************************************
1387 **
1388 ** Function nfc_ncif_proc_get_routing
1389 **
1390 ** Description This function is called to process get routing notification
1391 **
1392 ** Returns void
1393 **
1394 *******************************************************************************/
nfc_ncif_proc_get_routing(uint8_t * p,uint8_t len)1395 void nfc_ncif_proc_get_routing(uint8_t* p, uint8_t len) {
1396 tNFC_GET_ROUTING_REVT evt_data;
1397 uint8_t more, num_entries, xx, *pn;
1398 tNFC_STATUS status = NFC_STATUS_CONTINUE;
1399
1400 if (len >= 2 && nfc_cb.p_resp_cback) {
1401 more = *p++;
1402 num_entries = *p++;
1403 if (num_entries == 0) return;
1404 len -= 2;
1405 if (len < 2) {
1406 LOG(ERROR) << StringPrintf("Invalid len=%d", len);
1407 return;
1408 }
1409 for (xx = 0; xx < num_entries; xx++) {
1410 if ((more == false) && (xx == (num_entries - 1))) status = NFC_STATUS_OK;
1411 evt_data.status = (tNFC_STATUS)status;
1412 if (len >= 2)
1413 len -= 2;
1414 else
1415 return;
1416 evt_data.qualifier_type = *p++;
1417 evt_data.num_tlvs = 1;
1418 evt_data.tlv_size = *p++;
1419 if (evt_data.tlv_size > NFC_MAX_EE_TLV_SIZE) {
1420 android_errorWriteLog(0x534e4554, "117554809");
1421 LOG(ERROR) << __func__ << "Invalid data format";
1422 return;
1423 }
1424 if (evt_data.tlv_size > len) {
1425 LOG(ERROR) << StringPrintf("Invalid evt_data.tlv_size");
1426 return;
1427 } else
1428 len -= evt_data.tlv_size;
1429 pn = evt_data.param_tlvs;
1430 STREAM_TO_ARRAY(pn, p, evt_data.tlv_size);
1431 tNFC_RESPONSE nfc_response;
1432 nfc_response.get_routing = evt_data;
1433 (*nfc_cb.p_resp_cback)(NFC_GET_ROUTING_REVT, &nfc_response);
1434 }
1435 }
1436 }
1437 #endif
1438
1439 /*******************************************************************************
1440 **
1441 ** Function nfc_ncif_proc_conn_create_rsp
1442 **
1443 ** Description This function is called to process connection create
1444 ** response
1445 **
1446 ** Returns void
1447 **
1448 *******************************************************************************/
nfc_ncif_proc_conn_create_rsp(uint8_t * p,uint16_t plen,uint8_t dest_type)1449 void nfc_ncif_proc_conn_create_rsp(uint8_t* p,
1450 __attribute__((unused)) uint16_t plen,
1451 uint8_t dest_type) {
1452 tNFC_CONN_CB* p_cb;
1453 tNFC_STATUS status;
1454 tNFC_CONN_CBACK* p_cback;
1455 tNFC_CONN evt_data;
1456 uint8_t conn_id;
1457
1458 /* find the pending connection control block */
1459 p_cb = nfc_find_conn_cb_by_conn_id(NFC_PEND_CONN_ID);
1460 if (p_cb) {
1461 p += NCI_MSG_HDR_SIZE;
1462 status = *p++;
1463 p_cb->buff_size = *p++;
1464 p_cb->num_buff = p_cb->init_credits = *p++;
1465 conn_id = *p++;
1466 if (conn_id > NFC_MAX_CONN_ID) {
1467 status = NCI_STATUS_FAILED;
1468 conn_id = NFC_ILLEGAL_CONN_ID;
1469 }
1470 evt_data.conn_create.status = status;
1471 evt_data.conn_create.dest_type = dest_type;
1472 evt_data.conn_create.id = p_cb->id;
1473 evt_data.conn_create.buff_size = p_cb->buff_size;
1474 evt_data.conn_create.num_buffs = p_cb->num_buff;
1475 p_cback = p_cb->p_cback;
1476 if (status == NCI_STATUS_OK) {
1477 nfc_set_conn_id(p_cb, conn_id);
1478 } else {
1479 nfc_free_conn_cb(p_cb);
1480 }
1481
1482 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CREATE_CEVT, &evt_data);
1483 }
1484 }
1485
1486 /*******************************************************************************
1487 **
1488 ** Function nfc_ncif_report_conn_close_evt
1489 **
1490 ** Description This function is called to report connection close event
1491 **
1492 ** Returns void
1493 **
1494 *******************************************************************************/
nfc_ncif_report_conn_close_evt(uint8_t conn_id,tNFC_STATUS status)1495 void nfc_ncif_report_conn_close_evt(uint8_t conn_id, tNFC_STATUS status) {
1496 tNFC_CONN evt_data;
1497 tNFC_CONN_CBACK* p_cback;
1498 tNFC_CONN_CB* p_cb;
1499
1500 p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1501 if (p_cb) {
1502 p_cback = p_cb->p_cback;
1503 nfc_free_conn_cb(p_cb);
1504 evt_data.status = status;
1505 if (p_cback) (*p_cback)(conn_id, NFC_CONN_CLOSE_CEVT, &evt_data);
1506 }
1507 }
1508
1509 /*******************************************************************************
1510 **
1511 ** Function nfc_ncif_proc_reset_rsp
1512 **
1513 ** Description This function is called to process reset
1514 ** response/notification
1515 **
1516 ** Returns void
1517 **
1518 *******************************************************************************/
nfc_ncif_proc_reset_rsp(uint8_t * p,bool is_ntf)1519 void nfc_ncif_proc_reset_rsp(uint8_t* p, bool is_ntf) {
1520 uint8_t* p_len = p - 1;
1521 uint8_t status = NCI_STATUS_FAILED;
1522 uint8_t wait_for_ntf = FALSE;
1523
1524 status = *p_len > 0 ? *p++ : NCI_STATUS_FAILED;
1525 if (*p_len > 2 && is_ntf) {
1526 LOG(WARNING) << StringPrintf("reset notification!!:0x%x ", status);
1527 /* clean up, if the state is OPEN
1528 * FW does not report reset ntf right now */
1529 if (status == NCI2_X_RESET_TRIGGER_TYPE_CORE_RESET_CMD_RECEIVED ||
1530 status == NCI2_X_RESET_TRIGGER_TYPE_POWERED_ON) {
1531 LOG(VERBOSE) << StringPrintf(
1532 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1533 nfc_cb.nfc_state);
1534 nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
1535 p++;
1536 STREAM_TO_UINT8(nfc_cb.nci_version, p);
1537 LOG(VERBOSE) << StringPrintf(" CORE_RESET_NTF nci_version%x",
1538 nfc_cb.nci_version);
1539 status = NCI_STATUS_OK;
1540 } else {
1541 /* CORE_RESET_NTF received error case , trigger recovery*/
1542 LOG(ERROR) << StringPrintf(
1543 "CORE_RESET_NTF Received status nfc_state : 0x%x : 0x%x", status,
1544 nfc_cb.nfc_state);
1545 nfc_ncif_cmd_timeout();
1546 status = NCI_STATUS_FAILED;
1547 }
1548 if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
1549 /*if any conn_cb is connected, close it.
1550 if any pending outgoing packets are dropped.*/
1551 nfc_reset_all_conn_cbs();
1552 }
1553 } else {
1554 LOG(VERBOSE) << StringPrintf("CORE_RESET_RSP len :0x%x ", *p_len);
1555 if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_2_0)) {
1556 wait_for_ntf = TRUE;
1557 } else if ((*p_len) == NCI_CORE_RESET_RSP_LEN(NCI_VERSION_1_0)) {
1558 nfc_cb.nci_version = NCI_VERSION_1_0;
1559 }
1560 }
1561
1562 if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
1563 nfc_reset_all_conn_cbs();
1564 }
1565
1566 if (status == NCI_STATUS_OK) {
1567 if (wait_for_ntf == TRUE) {
1568 /* reset version reported by NFCC is NCI2.0 , start a timer for 2000ms to
1569 * wait for NTF*/
1570 nfc_start_timer(&nfc_cb.nci_wait_rsp_timer,
1571 (uint16_t)(NFC_TTYPE_NCI_WAIT_RSP),
1572 nfc_cb.nci_wait_rsp_tout);
1573 } else {
1574 if (nfc_cb.nci_version == NCI_VERSION_1_0)
1575 nci_snd_core_init(NCI_VERSION_1_0);
1576 else
1577 nci_snd_core_init(NCI_VERSION_2_0);
1578 }
1579 } else {
1580 LOG(ERROR) << StringPrintf("Failed to reset NFCC");
1581 nfc_enabled(status, nullptr);
1582 }
1583 }
1584
1585 /*******************************************************************************
1586 **
1587 ** Function nfc_ncif_proc_init_rsp
1588 **
1589 ** Description This function is called to process init response
1590 **
1591 ** Returns void
1592 **
1593 *******************************************************************************/
nfc_ncif_proc_init_rsp(NFC_HDR * p_msg)1594 void nfc_ncif_proc_init_rsp(NFC_HDR* p_msg) {
1595 uint8_t *p, status;
1596 tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1597
1598 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1599
1600 /* handle init params in nfc_enabled */
1601 status = *(p + NCI_MSG_HDR_SIZE);
1602 if (status == NCI_STATUS_OK) {
1603 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1604 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1605 } else {
1606 p_cb->id = NFC_RF_CONN_ID;
1607 // check scbr bit as per NCI 2.0 spec
1608 nfc_cb.isScbrSupported = p[5] & NCI_SCBR_MASK;
1609 LOG(VERBOSE) << StringPrintf("scbr support: 0x%x", nfc_cb.isScbrSupported);
1610 p_cb->act_protocol = NCI_PROTOCOL_UNKNOWN;
1611
1612 nfc_set_state(NFC_STATE_W4_POST_INIT_CPLT);
1613
1614 nfc_cb.p_nci_init_rsp = p_msg;
1615 nfc_cb.p_hal->core_initialized(p_msg->len, p);
1616 }
1617 } else {
1618 if (nfc_cb.nci_version == NCI_VERSION_UNKNOWN) {
1619 nfc_cb.nci_version = NCI_VERSION_1_0;
1620 nci_snd_core_reset(NCI_RESET_TYPE_RESET_CFG);
1621 } else {
1622 nfc_enabled(status, nullptr);
1623 GKI_freebuf(p_msg);
1624 }
1625 }
1626 }
1627
1628 /*******************************************************************************
1629 **
1630 ** Function nfc_ncif_proc_get_config_rsp
1631 **
1632 ** Description This function is called to process get config response
1633 **
1634 ** Returns void
1635 **
1636 *******************************************************************************/
nfc_ncif_proc_get_config_rsp(NFC_HDR * p_evt)1637 void nfc_ncif_proc_get_config_rsp(NFC_HDR* p_evt) {
1638 uint8_t* p;
1639 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1640 tNFC_RESPONSE evt_data;
1641
1642 p_evt->offset += NCI_MSG_HDR_SIZE;
1643 p_evt->len -= NCI_MSG_HDR_SIZE;
1644 if (p_cback) {
1645 p = (uint8_t*)(p_evt + 1) + p_evt->offset;
1646 evt_data.get_config.status = *p++;
1647 evt_data.get_config.tlv_size = p_evt->len;
1648 evt_data.get_config.p_param_tlvs = p;
1649 (*p_cback)(NFC_GET_CONFIG_REVT, &evt_data);
1650 }
1651 }
1652
1653 /*******************************************************************************
1654 **
1655 ** Function nfc_ncif_proc_t3t_polling_rsp
1656 **
1657 ** Description Handle NCI_MSG_RF_T3T_POLLING RSP
1658 **
1659 ** Returns void
1660 **
1661 *******************************************************************************/
nfc_ncif_proc_t3t_polling_rsp(uint8_t status)1662 void nfc_ncif_proc_t3t_polling_rsp(uint8_t status) {
1663 rw_t3t_handle_nci_poll_rsp(status);
1664 }
1665
1666 /*******************************************************************************
1667 **
1668 ** Function nfc_ncif_proc_t3t_polling_ntf
1669 **
1670 ** Description Handle NCI_MSG_RF_T3T_POLLING NTF
1671 **
1672 ** Returns void
1673 **
1674 *******************************************************************************/
nfc_ncif_proc_t3t_polling_ntf(uint8_t * p,uint16_t plen)1675 void nfc_ncif_proc_t3t_polling_ntf(uint8_t* p, uint16_t plen) {
1676 uint8_t status;
1677 uint8_t num_responses;
1678
1679 if (plen < NFC_TL_SIZE) {
1680 return;
1681 }
1682
1683 /* Pass result to RW_T3T for processing */
1684 STREAM_TO_UINT8(status, p);
1685 STREAM_TO_UINT8(num_responses, p);
1686 plen -= NFC_TL_SIZE;
1687 rw_t3t_handle_nci_poll_ntf(status, num_responses, (uint8_t)plen, p);
1688 }
1689
1690 /*******************************************************************************
1691 **
1692 ** Function nfc_data_event
1693 **
1694 ** Description Report Data event on the given connection control block
1695 **
1696 ** Returns void
1697 **
1698 *******************************************************************************/
nfc_data_event(tNFC_CONN_CB * p_cb)1699 void nfc_data_event(tNFC_CONN_CB* p_cb) {
1700 NFC_HDR* p_evt;
1701 tNFC_DATA_CEVT data_cevt;
1702 uint8_t* p;
1703
1704 if (p_cb->p_cback) {
1705 while ((p_evt = (NFC_HDR*)GKI_getfirst(&p_cb->rx_q)) != nullptr) {
1706 if (p_evt->layer_specific & NFC_RAS_FRAGMENTED) {
1707 /* Not the last fragment */
1708 if (!(p_evt->layer_specific & NFC_RAS_TOO_BIG)) {
1709 /* buffer can hold more */
1710 if ((p_cb->conn_id != NFC_RF_CONN_ID) || (nfc_cb.reassembly)) {
1711 /* If not rf connection or If rf connection and reassembly
1712 * requested,
1713 * try to Reassemble next packet */
1714 break;
1715 }
1716 }
1717 }
1718
1719 p_evt = (NFC_HDR*)GKI_dequeue(&p_cb->rx_q);
1720 if (p_evt == nullptr) {
1721 LOG(ERROR) << StringPrintf("%s; p_evt is null", __func__);
1722 return;
1723 }
1724 /* report data event */
1725 p_evt->offset += NCI_MSG_HDR_SIZE;
1726 p_evt->len -= NCI_MSG_HDR_SIZE;
1727
1728 if (p_evt->layer_specific)
1729 data_cevt.status = NFC_STATUS_CONTINUE;
1730 else {
1731 nfc_cb.reassembly = true;
1732 data_cevt.status = NFC_STATUS_OK;
1733 }
1734
1735 data_cevt.p_data = p_evt;
1736 /* adjust payload, if needed */
1737 if (p_cb->conn_id == NFC_RF_CONN_ID && p_evt->len) {
1738 /* if NCI_PROTOCOL_T1T/NCI_PROTOCOL_T2T/NCI_PROTOCOL_T3T, the status
1739 * byte needs to be removed
1740 */
1741 if ((p_cb->act_protocol >= NCI_PROTOCOL_T1T) &&
1742 (p_cb->act_protocol <= NCI_PROTOCOL_T3T)) {
1743 p_evt->len--;
1744 p = (uint8_t*)(p_evt + 1);
1745 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1746 if ((NFC_GetNCIVersion() >= NCI_VERSION_2_0) &&
1747 (p_cb->act_protocol == NCI_PROTOCOL_T2T) &&
1748 (p_cb->act_interface == NCI_INTERFACE_FRAME)) {
1749 if ((data_cevt.status != NFC_STATUS_OK) &&
1750 ((data_cevt.status >= T2T_STATUS_OK_1_BIT) &&
1751 (data_cevt.status <= T2T_STATUS_OK_7_BIT))) {
1752 LOG(VERBOSE) << StringPrintf("%s: T2T tag data xchange", __func__);
1753 data_cevt.status = NFC_STATUS_OK;
1754 }
1755 }
1756 }
1757 if ((NFC_GetNCIVersion() >= NCI_VERSION_2_0) &&
1758 (p_cb->act_protocol == NCI_PROTOCOL_T5T)) {
1759 p_evt->len--;
1760 p = (uint8_t*)(p_evt + 1);
1761 data_cevt.status = *(p + p_evt->offset + p_evt->len);
1762 }
1763 }
1764 tNFC_CONN nfc_conn;
1765 nfc_conn.data = data_cevt;
1766 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_CEVT, &nfc_conn);
1767 p_evt = nullptr;
1768 }
1769 }
1770 }
1771
1772 /*******************************************************************************
1773 **
1774 ** Function nfc_ncif_proc_data
1775 **
1776 ** Description Find the connection control block associated with the data
1777 ** packet. Assemble the data packet, if needed.
1778 ** Report the Data event.
1779 **
1780 ** Returns void
1781 **
1782 *******************************************************************************/
nfc_ncif_proc_data(NFC_HDR * p_msg)1783 void nfc_ncif_proc_data(NFC_HDR* p_msg) {
1784 uint8_t *pp, cid;
1785 tNFC_CONN_CB* p_cb;
1786 uint8_t pbf;
1787 NFC_HDR* p_last;
1788 uint8_t *ps, *pd;
1789 uint16_t size;
1790 NFC_HDR* p_max = nullptr;
1791 uint16_t len;
1792
1793 pp = (uint8_t*)(p_msg + 1) + p_msg->offset;
1794 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_data 0x%02x%02x%02x", pp[0], pp[1],
1795 pp[2]);
1796 NCI_DATA_PRS_HDR(pp, pbf, cid, len);
1797 p_cb = nfc_find_conn_cb_by_conn_id(cid);
1798 if (p_cb && (p_msg->len >= NCI_DATA_HDR_SIZE)) {
1799 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_data len:%d", len);
1800
1801 len = p_msg->len - NCI_MSG_HDR_SIZE;
1802 p_msg->layer_specific = 0;
1803 if (pbf) {
1804 NFC_SetReassemblyFlag(true);
1805 p_msg->layer_specific = NFC_RAS_FRAGMENTED;
1806 }
1807 p_last = (NFC_HDR*)GKI_getlast(&p_cb->rx_q);
1808 if (p_last && (p_last->layer_specific & NFC_RAS_FRAGMENTED)) {
1809 /* last data buffer is not last fragment, append this new packet to the
1810 * last */
1811 size = GKI_get_buf_size(p_last);
1812 if (size < (NFC_HDR_SIZE + p_last->len + p_last->offset + len)) {
1813 /* the current size of p_last is not big enough to hold the new
1814 * fragment, p_msg */
1815 if (size != GKI_MAX_BUF_SIZE) {
1816 /* try the biggest GKI pool */
1817 p_max = (NFC_HDR*)GKI_getpoolbuf(GKI_MAX_BUF_SIZE_POOL_ID);
1818 if (p_max) {
1819 /* copy the content of last buffer to the new buffer */
1820 memcpy(p_max, p_last, NFC_HDR_SIZE);
1821 pd = (uint8_t*)(p_max + 1) + p_max->offset;
1822 ps = (uint8_t*)(p_last + 1) + p_last->offset;
1823 memcpy(pd, ps, p_last->len);
1824
1825 /* place the new buffer in the queue instead */
1826 GKI_remove_from_queue(&p_cb->rx_q, p_last);
1827 GKI_freebuf(p_last);
1828 GKI_enqueue(&p_cb->rx_q, p_max);
1829 p_last = p_max;
1830 }
1831 }
1832 if (p_max == nullptr) {
1833 /* Biggest GKI Pool not available (or)
1834 * Biggest available GKI Pool is not big enough to hold the new
1835 * fragment, p_msg */
1836 p_last->layer_specific |= NFC_RAS_TOO_BIG;
1837 }
1838 }
1839
1840 ps = (uint8_t*)(p_msg + 1) + p_msg->offset + NCI_MSG_HDR_SIZE;
1841
1842 if (!(p_last->layer_specific & NFC_RAS_TOO_BIG)) {
1843 pd = (uint8_t*)(p_last + 1) + p_last->offset + p_last->len;
1844 memcpy(pd, ps, len);
1845 p_last->len += len;
1846 /* do not need to update pbf and len in NCI header.
1847 * They are stripped off at NFC_DATA_CEVT and len may exceed 255 */
1848 LOG(VERBOSE) << StringPrintf("nfc_ncif_proc_data len:%d", p_last->len);
1849 p_last->layer_specific = p_msg->layer_specific;
1850 GKI_freebuf(p_msg);
1851 nfc_data_event(p_cb);
1852 } else {
1853 /* Not enough memory to add new buffer
1854 * Send data already in queue first with status Continue */
1855 nfc_data_event(p_cb);
1856 /* now enqueue the new buffer to the rx queue */
1857 GKI_enqueue(&p_cb->rx_q, p_msg);
1858 }
1859 } else {
1860 /* if this is the first fragment on RF link */
1861 if ((p_msg->layer_specific & NFC_RAS_FRAGMENTED) &&
1862 (p_cb->conn_id == NFC_RF_CONN_ID) && (p_cb->p_cback)) {
1863 /* Indicate upper layer that local device started receiving data */
1864 (*p_cb->p_cback)(p_cb->conn_id, NFC_DATA_START_CEVT, nullptr);
1865 }
1866 /* enqueue the new buffer to the rx queue */
1867 GKI_enqueue(&p_cb->rx_q, p_msg);
1868 nfc_data_event(p_cb);
1869 }
1870 return;
1871 }
1872 GKI_freebuf(p_msg);
1873 }
1874
1875 /*******************************************************************************
1876 **
1877 ** Function nfc_ncif_process_proprietary_rsp
1878 **
1879 ** Description Process the response to avoid collision
1880 ** while rawVsCbflag is set
1881 **
1882 ** Returns true if proprietary response else false
1883 **
1884 *******************************************************************************/
nfc_ncif_proc_proprietary_rsp(uint8_t mt,uint8_t gid,uint8_t oid)1885 bool nfc_ncif_proc_proprietary_rsp(uint8_t mt, uint8_t gid, uint8_t oid) {
1886 bool stat = FALSE;
1887 LOG(VERBOSE) << StringPrintf("%s: mt=%u, gid=%u, oid=%u", __func__, mt, gid,
1888 oid);
1889
1890 switch (mt) {
1891 case NCI_MT_DATA:
1892 /* check for Data Response */
1893 if (gid != 0x03 && oid != 0x00) stat = TRUE;
1894 break;
1895
1896 case NCI_MT_NTF:
1897 switch (gid) {
1898 case NCI_GID_CORE:
1899 /* check for CORE_RESET_NTF or CORE_CONN_CREDITS_NTF */
1900 if (oid != 0x00 && oid != 0x06) stat = TRUE;
1901 break;
1902 case NCI_GID_RF_MANAGE:
1903 /* check for CORE_CONN_CREDITS_NTF or NFA_EE_ACTION_NTF or
1904 * NFA_EE_DISCOVERY_REQ_NTF */
1905 if (oid != 0x06 && oid != 0x09 && oid != 0x0A) stat = TRUE;
1906 break;
1907 case NCI_GID_EE_MANAGE:
1908 if (oid != 0x00) stat = TRUE;
1909 break;
1910 case NCI_GID_PROP:
1911 if (oid != 0x02) stat = TRUE;
1912 break;
1913 default:
1914 stat = TRUE;
1915 break;
1916 }
1917 break;
1918
1919 default:
1920 stat = TRUE;
1921 break;
1922 }
1923 LOG(VERBOSE) << StringPrintf("%s: exit status=%u", __func__, stat);
1924 return stat;
1925 }
1926
1927 /*******************************************************************************
1928 ** Function nfc_mode_set_ntf_timeout
1929 **
1930 ** Description This function is invoked on mode set ntf timeout
1931 **
1932 ** Returns void
1933 **
1934 *******************************************************************************/
nfc_mode_set_ntf_timeout()1935 void nfc_mode_set_ntf_timeout() {
1936 LOG(ERROR) << StringPrintf("%s", __func__);
1937 tNFC_RESPONSE nfc_response;
1938 nfc_response.mode_set.status = NCI_STATUS_FAILED;
1939 nfc_response.mode_set.nfcee_id = *nfc_cb.last_nfcee_cmd;
1940 nfc_response.mode_set.mode = NCI_NFCEE_MD_DEACTIVATE;
1941
1942 tNFC_RESPONSE_CBACK* p_cback = nfc_cb.p_resp_cback;
1943 tNFC_RESPONSE_EVT event = NFC_NFCEE_MODE_SET_REVT;
1944 if (p_cback) (*p_cback)(event, &nfc_response);
1945 }
1946