3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2014 Intel Corporation. All rights reserved.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
33 #include <sys/socket.h>
36 #include "ipc-common.h"
38 #include "lib/sdp_lib.h"
40 #include "bluetooth.h"
45 #include "src/shared/util.h"
46 #include "src/shared/queue.h"
47 #include "src/shared/att.h"
48 #include "src/shared/gatt-db.h"
49 #include "attrib/gattrib.h"
50 #include "attrib/att.h"
51 #include "attrib/gatt.h"
52 #include "btio/btio.h"
54 /* set according to Android bt_gatt_client.h */
55 #define GATT_MAX_ATTR_LEN 600
57 #define GATT_SUCCESS 0x00000000
58 #define GATT_FAILURE 0x00000101
60 #define BASE_UUID16_OFFSET 12
62 #define GATT_PERM_READ 0x00000001
63 #define GATT_PERM_READ_ENCRYPTED 0x00000002
64 #define GATT_PERM_READ_MITM 0x00000004
65 #define GATT_PERM_READ_AUTHORIZATION 0x00000008
66 #define GATT_PERM_WRITE 0x00000100
67 #define GATT_PERM_WRITE_ENCRYPTED 0x00000200
68 #define GATT_PERM_WRITE_MITM 0x00000400
69 #define GATT_PERM_WRITE_AUTHORIZATION 0x00000800
70 #define GATT_PERM_WRITE_SIGNED 0x00010000
71 #define GATT_PERM_WRITE_SIGNED_MITM 0x00020000
72 #define GATT_PERM_NONE 0x10000000
74 #define GATT_PAIR_CONN_TIMEOUT 30
75 #define GATT_CONN_TIMEOUT 2
77 static const uint8_t BLUETOOTH_UUID[] = {
78 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
79 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
83 DEVICE_DISCONNECTED = 0,
84 DEVICE_CONNECT_INIT, /* connection procedure initiated */
85 DEVICE_CONNECT_READY, /* dev found during LE scan */
86 DEVICE_CONNECTED, /* connection has been established */
87 } gatt_device_state_t;
89 static const char *device_state_str[] = {
96 struct pending_trans_data {
99 struct gatt_db_attribute *attrib;
100 unsigned int serial_id;
109 /* Valid for client applications */
110 struct queue *notifications;
121 struct element_id id;
125 struct characteristic {
126 struct element_id id;
130 struct queue *descriptors;
134 struct element_id id;
135 struct gatt_primary prim;
136 struct gatt_included incl;
141 struct queue *included; /* Valid only for primary services */
142 bool incl_search_done;
145 struct notification_data {
146 struct hal_gatt_srvc_id service;
147 struct hal_gatt_gatt_id ch;
148 struct app_connection *conn;
157 gatt_device_state_t state;
161 struct queue *services;
162 bool partial_srvc_search;
170 struct queue *autoconnect_apps;
172 struct queue *pending_requests;
175 struct app_connection {
176 struct gatt_device *device;
177 struct gatt_app *app;
178 struct queue *transactions;
183 bool wait_execute_write;
187 int32_t service_handle;
191 static struct ipc *hal_ipc = NULL;
192 static bdaddr_t adapter_addr;
193 static bool scanning = false;
194 static unsigned int advertising_cnt = 0;
196 static struct queue *gatt_apps = NULL;
197 static struct queue *gatt_devices = NULL;
198 static struct queue *app_connections = NULL;
200 static struct queue *services_sdp = NULL;
202 static struct queue *listen_apps = NULL;
203 static struct gatt_db *gatt_db = NULL;
205 static struct gatt_db_attribute *service_changed_attrib = NULL;
207 static GIOChannel *le_io = NULL;
208 static GIOChannel *bredr_io = NULL;
210 static uint32_t gatt_sdp_handle = 0;
211 static uint32_t gap_sdp_handle = 0;
212 static uint32_t dis_sdp_handle = 0;
214 static struct bt_crypto *crypto = NULL;
216 static int test_client_if = 0;
217 static const uint8_t TEST_UUID[] = {
218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
219 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04
222 static bool is_bluetooth_uuid(const uint8_t *uuid)
226 for (i = 0; i < 16; i++) {
227 /* ignore minimal uuid (16) value */
228 if (i == 12 || i == 13)
231 if (uuid[i] != BLUETOOTH_UUID[i])
238 static void android2uuid(const uint8_t *uuid, bt_uuid_t *dst)
240 if (is_bluetooth_uuid(uuid)) {
241 /* copy 16 bit uuid value from full android 128bit uuid */
242 dst->type = BT_UUID16;
243 dst->value.u16 = (uuid[13] << 8) + uuid[12];
247 dst->type = BT_UUID128;
248 for (i = 0; i < 16; i++)
249 dst->value.u128.data[i] = uuid[15 - i];
253 static void uuid2android(const bt_uuid_t *src, uint8_t *uuid)
258 if (src->type != BT_UUID128) {
259 bt_uuid_to_uuid128(src, &uu128);
263 for (i = 0; i < 16; i++)
264 uuid[15 - i] = src->value.u128.data[i];
267 static void hal_srvc_id_to_element_id(const struct hal_gatt_srvc_id *from,
268 struct element_id *to)
270 to->instance = from->inst_id;
271 android2uuid(from->uuid, &to->uuid);
274 static void element_id_to_hal_srvc_id(const struct element_id *from,
276 struct hal_gatt_srvc_id *to)
278 to->is_primary = primary;
279 to->inst_id = from->instance;
280 uuid2android(&from->uuid, to->uuid);
283 static void hal_gatt_id_to_element_id(const struct hal_gatt_gatt_id *from,
284 struct element_id *to)
286 to->instance = from->inst_id;
287 android2uuid(from->uuid, &to->uuid);
290 static void element_id_to_hal_gatt_id(const struct element_id *from,
291 struct hal_gatt_gatt_id *to)
293 to->inst_id = from->instance;
294 uuid2android(&from->uuid, to->uuid);
297 static void destroy_characteristic(void *data)
299 struct characteristic *chars = data;
304 queue_destroy(chars->descriptors, free);
308 static void destroy_service(void *data)
310 struct service *srvc = data;
315 queue_destroy(srvc->chars, destroy_characteristic);
318 * Included services we keep on two queues.
319 * 1. On the same queue with primary services.
320 * 2. On the queue inside primary service.
321 * So we need to free service memory only once but we need to destroy
324 queue_destroy(srvc->included, NULL);
329 static bool match_app_by_uuid(const void *data, const void *user_data)
331 const uint8_t *exp_uuid = user_data;
332 const struct gatt_app *client = data;
334 return !memcmp(exp_uuid, client->uuid, sizeof(client->uuid));
337 static bool match_app_by_id(const void *data, const void *user_data)
339 int32_t exp_id = PTR_TO_INT(user_data);
340 const struct gatt_app *client = data;
342 return client->id == exp_id;
345 static struct gatt_app *find_app_by_id(int32_t id)
347 return queue_find(gatt_apps, match_app_by_id, INT_TO_PTR(id));
350 static bool match_device_by_bdaddr(const void *data, const void *user_data)
352 const struct gatt_device *dev = data;
353 const bdaddr_t *addr = user_data;
355 return !bacmp(&dev->bdaddr, addr);
358 static bool match_device_by_state(const void *data, const void *user_data)
360 const struct gatt_device *dev = data;
362 if (dev->state != PTR_TO_UINT(user_data))
368 static bool match_pending_device(const void *data, const void *user_data)
370 const struct gatt_device *dev = data;
372 if ((dev->state == DEVICE_CONNECT_INIT) ||
373 (dev->state == DEVICE_CONNECT_READY))
379 static bool match_connection_by_id(const void *data, const void *user_data)
381 const struct app_connection *conn = data;
382 const int32_t id = PTR_TO_INT(user_data);
384 return conn->id == id;
387 static bool match_connection_by_device_and_app(const void *data,
388 const void *user_data)
390 const struct app_connection *conn = data;
391 const struct app_connection *match = user_data;
393 return conn->device == match->device && conn->app == match->app;
396 static struct app_connection *find_connection_by_id(int32_t conn_id)
398 struct app_connection *conn;
400 conn = queue_find(app_connections, match_connection_by_id,
401 INT_TO_PTR(conn_id));
402 if (conn && conn->device->state == DEVICE_CONNECTED)
408 static bool match_connection_by_device(const void *data, const void *user_data)
410 const struct app_connection *conn = data;
411 const struct gatt_device *dev = user_data;
413 return conn->device == dev;
416 static bool match_connection_by_app(const void *data, const void *user_data)
418 const struct app_connection *conn = data;
419 const struct gatt_app *app = user_data;
421 return conn->app == app;
424 static struct gatt_device *find_device_by_addr(const bdaddr_t *addr)
426 return queue_find(gatt_devices, match_device_by_bdaddr, addr);
429 static struct gatt_device *find_pending_device(void)
431 return queue_find(gatt_devices, match_pending_device, NULL);
434 static struct gatt_device *find_device_by_state(uint32_t state)
436 return queue_find(gatt_devices, match_device_by_state,
440 static bool match_srvc_by_element_id(const void *data, const void *user_data)
442 const struct element_id *exp_id = user_data;
443 const struct service *service = data;
445 if (service->id.instance == exp_id->instance)
446 return !bt_uuid_cmp(&service->id.uuid, &exp_id->uuid);
451 static bool match_srvc_by_higher_inst_id(const void *data,
452 const void *user_data)
454 const struct service *s = data;
455 uint8_t inst_id = PTR_TO_INT(user_data);
457 /* For now we match inst_id as it is unique */
458 return inst_id < s->id.instance;
461 static bool match_srvc_by_bt_uuid(const void *data, const void *user_data)
463 const bt_uuid_t *exp_uuid = user_data;
464 const struct service *service = data;
466 return !bt_uuid_cmp(exp_uuid, &service->id.uuid);
469 static bool match_srvc_by_range(const void *data, const void *user_data)
471 const struct service *srvc = data;
472 const struct att_range *range = user_data;
474 return !memcmp(&srvc->prim.range, range, sizeof(srvc->prim.range));
477 static bool match_char_by_higher_inst_id(const void *data,
478 const void *user_data)
480 const struct characteristic *ch = data;
481 uint8_t inst_id = PTR_TO_INT(user_data);
483 /* For now we match inst_id as it is unique, we'll match uuids later */
484 return inst_id < ch->id.instance;
487 static bool match_descr_by_element_id(const void *data, const void *user_data)
489 const struct element_id *exp_id = user_data;
490 const struct descriptor *descr = data;
492 if (exp_id->instance == descr->id.instance)
493 return !bt_uuid_cmp(&descr->id.uuid, &exp_id->uuid);
498 static bool match_descr_by_higher_inst_id(const void *data,
499 const void *user_data)
501 const struct descriptor *descr = data;
502 uint8_t instance = PTR_TO_INT(user_data);
504 /* For now we match instance as it is unique */
505 return instance < descr->id.instance;
508 static bool match_notification(const void *a, const void *b)
510 const struct notification_data *a1 = a;
511 const struct notification_data *b1 = b;
513 if (a1->conn != b1->conn)
516 if (memcmp(&a1->ch, &b1->ch, sizeof(a1->ch)))
519 if (memcmp(&a1->service, &b1->service, sizeof(a1->service)))
525 static bool match_char_by_element_id(const void *data, const void *user_data)
527 const struct element_id *exp_id = user_data;
528 const struct characteristic *chars = data;
530 if (exp_id->instance == chars->id.instance)
531 return !bt_uuid_cmp(&chars->id.uuid, &exp_id->uuid);
536 static void destroy_notification(void *data)
538 struct notification_data *notification = data;
539 struct gatt_app *app;
544 if (--notification->ref)
547 app = notification->conn->app;
548 queue_remove_if(app->notifications, match_notification, notification);
552 static void unregister_notification(void *data)
554 struct notification_data *notification = data;
555 struct gatt_device *dev = notification->conn->device;
558 * No device means it was already disconnected and client cleanup was
559 * triggered afterwards, but once client unregisters, device stays if
560 * used by others. Then just unregister single handle.
562 if (!queue_find(gatt_devices, NULL, dev))
565 if (notification->notif_id && dev)
566 g_attrib_unregister(dev->attrib, notification->notif_id);
568 if (notification->ind_id && dev)
569 g_attrib_unregister(dev->attrib, notification->ind_id);
572 static void device_set_state(struct gatt_device *dev, uint32_t state)
576 if (dev->state == state)
579 ba2str(&dev->bdaddr, bda);
580 DBG("gatt: Device %s state changed %s -> %s", bda,
581 device_state_str[dev->state], device_state_str[state]);
586 static bool auto_connect_le(struct gatt_device *dev)
588 /* For LE devices use auto connect feature if possible */
589 if (bt_kernel_conn_control()) {
590 if (!bt_auto_connect_add(bt_get_id_addr(&dev->bdaddr, NULL)))
593 /* Trigger discovery if not already started */
594 if (!scanning && !bt_le_discovery_start()) {
595 error("gatt: Could not start scan");
600 device_set_state(dev, DEVICE_CONNECT_INIT);
604 static void connection_cleanup(struct gatt_device *device)
606 if (device->watch_id) {
607 g_source_remove(device->watch_id);
608 device->watch_id = 0;
611 if (device->att_io) {
612 g_io_channel_shutdown(device->att_io, FALSE, NULL);
613 g_io_channel_unref(device->att_io);
614 device->att_io = NULL;
617 if (device->attrib) {
618 GAttrib *attrib = device->attrib;
620 if (device->server_id > 0)
621 g_attrib_unregister(device->attrib, device->server_id);
623 if (device->ind_id > 0)
624 g_attrib_unregister(device->attrib, device->ind_id);
626 device->attrib = NULL;
627 g_attrib_cancel_all(attrib);
628 g_attrib_unref(attrib);
632 * If device was in connection_pending or connectable state we
633 * search device list if we should stop the scan.
635 if (!scanning && (device->state == DEVICE_CONNECT_INIT ||
636 device->state == DEVICE_CONNECT_READY)) {
637 if (!find_pending_device())
638 bt_le_discovery_stop(NULL);
641 /* If device is not bonded service cache should be refreshed */
642 if (!bt_device_is_bonded(&device->bdaddr))
643 queue_remove_all(device->services, NULL, NULL, destroy_service);
645 device_set_state(device, DEVICE_DISCONNECTED);
647 if (!queue_isempty(device->autoconnect_apps))
648 auto_connect_le(device);
650 bt_auto_connect_remove(&device->bdaddr);
653 static void destroy_gatt_app(void *data)
655 struct gatt_app *app = data;
661 * First we want to get all notifications and unregister them.
662 * We don't pass unregister_notification to queue_destroy,
663 * because destroy notification performs operations on queue
664 * too. So remove all elements and then destroy queue.
667 if (app->type == GATT_CLIENT)
668 while (queue_peek_head(app->notifications)) {
669 struct notification_data *notification;
671 notification = queue_pop_head(app->notifications);
672 unregister_notification(notification);
675 queue_destroy(app->notifications, free);
680 struct pending_request {
681 struct gatt_db_attribute *attrib;
686 uint8_t *filter_value;
687 uint16_t filter_vlen;
693 static void destroy_pending_request(void *data)
695 struct pending_request *entry = data;
701 free(entry->filter_value);
705 static void destroy_device(void *data)
707 struct gatt_device *dev = data;
712 queue_destroy(dev->services, destroy_service);
713 queue_destroy(dev->pending_requests, destroy_pending_request);
714 queue_destroy(dev->autoconnect_apps, NULL);
716 bt_auto_connect_remove(&dev->bdaddr);
721 static struct gatt_device *device_ref(struct gatt_device *device)
731 static void device_unref(struct gatt_device *device)
739 destroy_device(device);
742 static struct gatt_device *create_device(const bdaddr_t *addr)
744 struct gatt_device *dev;
746 dev = new0(struct gatt_device, 1);
748 bacpy(&dev->bdaddr, addr);
750 dev->services = queue_new();
751 dev->autoconnect_apps = queue_new();
752 dev->pending_requests = queue_new();
754 queue_push_head(gatt_devices, dev);
756 return device_ref(dev);
759 static void send_client_connect_status_notify(struct app_connection *conn,
762 struct hal_ev_gatt_client_connect ev;
764 if (conn->app->func) {
765 conn->app->func(&conn->device->bdaddr,
766 status == GATT_SUCCESS ? 0 : -ENOTCONN,
767 conn->device->attrib);
771 ev.client_if = conn->app->id;
772 ev.conn_id = conn->id;
775 bdaddr2android(&conn->device->bdaddr, &ev.bda);
777 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT, HAL_EV_GATT_CLIENT_CONNECT,
781 static void send_server_connection_state_notify(struct app_connection *conn,
784 struct hal_ev_gatt_server_connection ev;
786 if (conn->app->func) {
787 conn->app->func(&conn->device->bdaddr,
788 connected ? 0 : -ENOTCONN,
789 conn->device->attrib);
793 ev.server_if = conn->app->id;
794 ev.conn_id = conn->id;
795 ev.connected = connected;
797 bdaddr2android(&conn->device->bdaddr, &ev.bdaddr);
799 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
800 HAL_EV_GATT_SERVER_CONNECTION, sizeof(ev), &ev);
803 static void send_client_disconnect_status_notify(struct app_connection *conn,
806 struct hal_ev_gatt_client_disconnect ev;
808 if (conn->app->func) {
809 conn->app->func(&conn->device->bdaddr, -ENOTCONN,
810 conn->device->attrib);
814 ev.client_if = conn->app->id;
815 ev.conn_id = conn->id;
818 bdaddr2android(&conn->device->bdaddr, &ev.bda);
820 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
821 HAL_EV_GATT_CLIENT_DISCONNECT, sizeof(ev), &ev);
825 static void notify_app_disconnect_status(struct app_connection *conn,
831 if (conn->app->type == GATT_CLIENT)
832 send_client_disconnect_status_notify(conn, status);
834 send_server_connection_state_notify(conn, !!status);
837 static void notify_app_connect_status(struct app_connection *conn,
843 if (conn->app->type == GATT_CLIENT)
844 send_client_connect_status_notify(conn, status);
846 send_server_connection_state_notify(conn, !status);
849 static void destroy_connection(void *data)
851 struct app_connection *conn = data;
856 if (conn->timeout_id > 0)
857 g_source_remove(conn->timeout_id);
859 switch (conn->device->state) {
860 case DEVICE_CONNECTED:
861 notify_app_disconnect_status(conn, GATT_SUCCESS);
863 case DEVICE_CONNECT_INIT:
864 case DEVICE_CONNECT_READY:
865 notify_app_connect_status(conn, GATT_FAILURE);
867 case DEVICE_DISCONNECTED:
871 if (!queue_find(app_connections, match_connection_by_device,
873 connection_cleanup(conn->device);
875 queue_destroy(conn->transactions, free);
876 device_unref(conn->device);
880 static gboolean disconnected_cb(GIOChannel *io, GIOCondition cond,
883 struct gatt_device *dev = user_data;
887 sock = g_io_channel_unix_get_fd(io);
889 if (!getsockopt(sock, SOL_SOCKET, SO_ERROR, &err, &len))
890 DBG("%s (%d)", strerror(err), err);
892 queue_remove_all(app_connections, match_connection_by_device, dev,
898 static bool get_local_mtu(struct gatt_device *dev, uint16_t *mtu)
903 io = g_attrib_get_channel(dev->attrib);
905 if (!bt_io_get(io, NULL, BT_IO_OPT_IMTU, &imtu, BT_IO_OPT_OMTU, &omtu,
906 BT_IO_OPT_INVALID)) {
907 error("gatt: Failed to get local MTU");
912 * Limit MTU to MIN(IMTU, OMTU). This is to avoid situation where
913 * local OMTU < MIN(remote MTU, IMTU)
916 *mtu = MIN(imtu, omtu);
921 static void notify_client_mtu_change(struct app_connection *conn, bool success)
923 struct hal_ev_gatt_client_configure_mtu ev;
926 g_attrib_get_buffer(conn->device->attrib, &mtu);
928 ev.conn_id = conn->id;
929 ev.status = success ? GATT_SUCCESS : GATT_FAILURE;
932 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
933 HAL_EV_GATT_CLIENT_CONFIGURE_MTU, sizeof(ev), &ev);
936 static void notify_server_mtu(struct app_connection *conn)
938 struct hal_ev_gatt_server_mtu_changed ev;
941 g_attrib_get_buffer(conn->device->attrib, &mtu);
943 ev.conn_id = conn->id;
946 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
947 HAL_EV_GATT_SERVER_MTU_CHANGED, sizeof(ev), &ev);
950 static void notify_mtu_change(void *data, void *user_data)
952 struct gatt_device *device = user_data;
953 struct app_connection *conn = data;
955 if (conn->device != device)
959 error("gatt: can't notify mtu - no app registered for conn");
963 switch (conn->app->type) {
965 notify_client_mtu_change(conn, true);
968 notify_server_mtu(conn);
975 static bool update_mtu(struct gatt_device *device, uint16_t rmtu)
979 if (!get_local_mtu(device, &lmtu))
982 DBG("remote_mtu:%d local_mtu:%d", rmtu, lmtu);
984 if (rmtu < ATT_DEFAULT_LE_MTU) {
985 error("gatt: remote MTU invalid (%u bytes)", rmtu);
989 mtu = MIN(lmtu, rmtu);
991 if (mtu == ATT_DEFAULT_LE_MTU)
994 if (!g_attrib_set_mtu(device->attrib, mtu)) {
995 error("gatt: Failed to set MTU");
999 queue_foreach(app_connections, notify_mtu_change, device);
1004 static void att_handler(const uint8_t *ipdu, uint16_t len, gpointer user_data);
1006 static void exchange_mtu_cb(guint8 status, const guint8 *pdu, guint16 plen,
1009 struct gatt_device *device = user_data;
1015 error("gatt: MTU exchange: %s", att_ecode2str(status));
1019 if (!dec_mtu_resp(pdu, plen, &rmtu)) {
1020 error("gatt: MTU exchange: protocol error");
1024 update_mtu(device, rmtu);
1027 device_unref(device);
1030 static void send_exchange_mtu_request(struct gatt_device *device)
1034 if (!get_local_mtu(device, &mtu))
1039 if (!gatt_exchange_mtu(device->attrib, mtu, exchange_mtu_cb,
1040 device_ref(device)))
1041 device_unref(device);
1044 static void ignore_confirmation_cb(guint8 status, const guint8 *pdu,
1045 guint16 len, gpointer user_data)
1050 static void notify_att_range_change(struct gatt_device *dev,
1051 struct att_range *range)
1054 uint16_t length = 0;
1058 GAttribResultFunc confirmation_cb = NULL;
1060 handle = gatt_db_attribute_get_handle(service_changed_attrib);
1064 ccc = bt_get_gatt_ccc(&dev->bdaddr);
1068 pdu = g_attrib_get_buffer(dev->attrib, &mtu);
1072 length = enc_notification(handle, (uint8_t *) range,
1073 sizeof(*range), pdu, mtu);
1076 length = enc_indication(handle, (uint8_t *) range,
1077 sizeof(*range), pdu, mtu);
1078 confirmation_cb = ignore_confirmation_cb;
1081 /* 0xfff4 reserved for future use */
1085 g_attrib_send(dev->attrib, 0, pdu, length, confirmation_cb, NULL, NULL);
1088 static struct app_connection *create_connection(struct gatt_device *device,
1089 struct gatt_app *app)
1091 struct app_connection *new_conn;
1092 static int32_t last_conn_id = 1;
1094 /* Check if already connected */
1095 new_conn = new0(struct app_connection, 1);
1097 /* Make connection id unique to connection record (app, device) pair */
1098 new_conn->app = app;
1099 new_conn->id = last_conn_id++;
1100 new_conn->transactions = queue_new();
1102 queue_push_head(app_connections, new_conn);
1104 new_conn->device = device_ref(device);
1109 static struct service *create_service(uint8_t id, bool primary, char *uuid,
1114 s = new0(struct service, 1);
1116 if (bt_string_to_uuid(&s->id.uuid, uuid) < 0) {
1117 error("gatt: Cannot convert string to uuid");
1122 s->chars = queue_new();
1123 s->included = queue_new();
1124 s->id.instance = id;
1126 /* Put primary service to our local list */
1127 s->primary = primary;
1129 memcpy(&s->prim, data, sizeof(s->prim));
1131 memcpy(&s->incl, data, sizeof(s->incl));
1136 static void send_client_primary_notify(void *data, void *user_data)
1138 struct hal_ev_gatt_client_search_result ev;
1139 struct service *p = data;
1140 int32_t conn_id = PTR_TO_INT(user_data);
1142 /* In service queue we will have also included services */
1146 ev.conn_id = conn_id;
1147 element_id_to_hal_srvc_id(&p->id, 1, &ev.srvc_id);
1149 uuid2android(&p->id.uuid, ev.srvc_id.uuid);
1151 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
1152 HAL_EV_GATT_CLIENT_SEARCH_RESULT, sizeof(ev), &ev);
1155 static void send_client_search_complete_notify(int32_t status, int32_t conn_id)
1157 struct hal_ev_gatt_client_search_complete ev;
1160 ev.conn_id = conn_id;
1161 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
1162 HAL_EV_GATT_CLIENT_SEARCH_COMPLETE, sizeof(ev), &ev);
1165 struct discover_srvc_data {
1167 struct app_connection *conn;
1170 static void discover_srvc_by_uuid_cb(uint8_t status, GSList *ranges,
1173 struct discover_srvc_data *cb_data = user_data;
1174 struct gatt_primary prim;
1176 int32_t gatt_status;
1177 struct gatt_device *dev = cb_data->conn->device;
1178 uint8_t instance_id = queue_length(dev->services);
1180 DBG("Status %d", status);
1183 error("gatt: Discover pri srvc filtered by uuid failed: %s",
1184 att_ecode2str(status));
1185 gatt_status = GATT_FAILURE;
1190 info("gatt: No primary services searched by uuid found");
1191 gatt_status = GATT_SUCCESS;
1195 bt_uuid_to_string(&cb_data->uuid, prim.uuid, sizeof(prim.uuid));
1197 for (; ranges; ranges = ranges->next) {
1198 memcpy(&prim.range, ranges->data, sizeof(prim.range));
1200 s = create_service(instance_id++, true, prim.uuid, &prim);
1202 gatt_status = GATT_FAILURE;
1206 queue_push_tail(dev->services, s);
1208 send_client_primary_notify(s, INT_TO_PTR(cb_data->conn->id));
1210 DBG("attr handle = 0x%04x, end grp handle = 0x%04x uuid: %s",
1211 prim.range.start, prim.range.end, prim.uuid);
1214 /* Partial search service scanning was performed */
1215 dev->partial_srvc_search = true;
1216 gatt_status = GATT_SUCCESS;
1219 send_client_search_complete_notify(gatt_status, cb_data->conn->id);
1223 static void discover_srvc_all_cb(uint8_t status, GSList *services,
1226 struct discover_srvc_data *cb_data = user_data;
1227 struct gatt_device *dev = cb_data->conn->device;
1228 int32_t gatt_status;
1231 * There might be multiply services with same uuid. Therefore make sure
1232 * each primary service one has unique instance_id
1234 uint8_t instance_id = queue_length(dev->services);
1236 DBG("Status %d", status);
1239 error("gatt: Discover all primary services failed: %s",
1240 att_ecode2str(status));
1241 gatt_status = GATT_FAILURE;
1246 info("gatt: No primary services found");
1247 gatt_status = GATT_SUCCESS;
1251 for (l = services; l; l = l->next) {
1252 struct gatt_primary *prim = l->data;
1255 if (queue_find(dev->services, match_srvc_by_range,
1259 p = create_service(instance_id++, true, prim->uuid, prim);
1263 queue_push_tail(dev->services, p);
1265 DBG("attr handle = 0x%04x, end grp handle = 0x%04x uuid: %s",
1266 prim->range.start, prim->range.end, prim->uuid);
1270 * Send all found services notifications - first cache,
1271 * then send notifies
1273 queue_foreach(dev->services, send_client_primary_notify,
1274 INT_TO_PTR(cb_data->conn->id));
1276 /* Full search service scanning was performed */
1277 dev->partial_srvc_search = false;
1278 gatt_status = GATT_SUCCESS;
1281 send_client_search_complete_notify(gatt_status, cb_data->conn->id);
1285 static gboolean connection_timeout(void *user_data)
1287 struct app_connection *conn = user_data;
1289 conn->timeout_id = 0;
1291 queue_remove(app_connections, conn);
1292 destroy_connection(conn);
1297 static void discover_primary_cb(uint8_t status, GSList *services,
1300 struct discover_srvc_data *cb_data = user_data;
1301 struct app_connection *conn = cb_data->conn;
1302 struct gatt_device *dev = conn->device;
1303 GSList *l, *uuids = NULL;
1305 DBG("Status %d", status);
1308 error("gatt: Discover all primary services failed: %s",
1309 att_ecode2str(status));
1316 info("gatt: No primary services found");
1322 for (l = services; l; l = l->next) {
1323 struct gatt_primary *prim = l->data;
1325 bt_uuid_t uuid, u128;
1327 DBG("uuid: %s", prim->uuid);
1329 if (bt_string_to_uuid(&uuid, prim->uuid) < 0) {
1330 error("gatt: Cannot convert string to uuid");
1334 bt_uuid_to_uuid128(&uuid, &u128);
1335 new_uuid = g_memdup(&u128.value.u128, sizeof(u128.value.u128));
1337 uuids = g_slist_prepend(uuids, new_uuid);
1340 bt_device_set_uuids(&dev->bdaddr, uuids);
1344 conn->timeout_id = g_timeout_add_seconds(GATT_CONN_TIMEOUT,
1345 connection_timeout, conn);
1348 static guint search_dev_for_srvc(struct app_connection *conn, bt_uuid_t *uuid)
1350 struct discover_srvc_data *cb_data;
1352 cb_data = new0(struct discover_srvc_data, 1);
1353 cb_data->conn = conn;
1356 memcpy(&cb_data->uuid, uuid, sizeof(cb_data->uuid));
1357 return gatt_discover_primary(conn->device->attrib, uuid,
1358 discover_srvc_by_uuid_cb, cb_data);
1362 return gatt_discover_primary(conn->device->attrib, NULL,
1363 discover_srvc_all_cb, cb_data);
1365 return gatt_discover_primary(conn->device->attrib, NULL,
1366 discover_primary_cb, cb_data);
1369 struct connect_data {
1370 struct gatt_device *dev;
1374 static void notify_app_connect_status_by_device(void *data, void *user_data)
1376 struct app_connection *conn = data;
1377 struct connect_data *con_data = user_data;
1379 if (conn->device == con_data->dev)
1380 notify_app_connect_status(conn, con_data->status);
1383 static struct app_connection *find_conn_without_app(struct gatt_device *dev)
1385 struct app_connection conn_match;
1387 conn_match.device = dev;
1388 conn_match.app = NULL;
1390 return queue_find(app_connections, match_connection_by_device_and_app,
1394 static struct app_connection *find_conn(const bdaddr_t *addr, int32_t app_id)
1396 struct app_connection conn_match;
1397 struct gatt_device *dev;
1398 struct gatt_app *app;
1400 /* Check if app is registered */
1401 app = find_app_by_id(app_id);
1403 error("gatt: Client id %d not found", app_id);
1407 /* Check if device is known */
1408 dev = find_device_by_addr(addr);
1410 error("gatt: Client id %d not found", app_id);
1414 conn_match.device = dev;
1415 conn_match.app = app;
1417 return queue_find(app_connections, match_connection_by_device_and_app,
1421 static void create_app_connection(void *data, void *user_data)
1423 struct gatt_device *dev = user_data;
1424 struct gatt_app *app;
1426 app = find_app_by_id(PTR_TO_INT(data));
1430 DBG("Autoconnect application id=%d", app->id);
1432 if (!find_conn(&dev->bdaddr, PTR_TO_INT(data)))
1433 create_connection(dev, app);
1436 static void ind_handler(const uint8_t *cmd, uint16_t cmd_len,
1439 struct gatt_device *dev = user_data;
1440 uint16_t resp_length = 0;
1442 uint8_t *opdu = g_attrib_get_buffer(dev->attrib, &length);
1445 * We have to send confirmation here. If some client is
1446 * registered for this indication, event will be send in
1447 * handle_notification
1450 resp_length = enc_confirmation(opdu, length);
1451 g_attrib_send(dev->attrib, 0, opdu, resp_length, NULL, NULL, NULL);
1454 static void connect_cb(GIOChannel *io, GError *gerr, gpointer user_data)
1456 struct gatt_device *dev = user_data;
1457 struct connect_data data;
1458 struct att_range range;
1464 if (dev->state != DEVICE_CONNECT_READY) {
1465 error("gatt: Device not in a connecting state!?");
1466 g_io_channel_shutdown(io, TRUE, NULL);
1471 g_io_channel_unref(dev->att_io);
1476 error("gatt: connection failed %s", gerr->message);
1477 device_set_state(dev, DEVICE_DISCONNECTED);
1478 status = GATT_FAILURE;
1482 if (!bt_io_get(io, &err, BT_IO_OPT_IMTU, &mtu, BT_IO_OPT_CID, &cid,
1483 BT_IO_OPT_INVALID)) {
1484 error("gatt: Could not get imtu or cid: %s", err->message);
1485 device_set_state(dev, DEVICE_DISCONNECTED);
1486 status = GATT_FAILURE;
1491 /* on BR/EDR MTU must not be less then minimal allowed MTU */
1492 if (cid != ATT_CID && mtu < ATT_DEFAULT_L2CAP_MTU) {
1493 error("gatt: MTU too small (%u bytes)", mtu);
1494 device_set_state(dev, DEVICE_DISCONNECTED);
1495 status = GATT_FAILURE;
1499 DBG("mtu %u cid %u", mtu, cid);
1501 /* on LE we always start with default MTU */
1503 mtu = ATT_DEFAULT_LE_MTU;
1505 attrib = g_attrib_new(io, mtu, true);
1507 error("gatt: unable to create new GAttrib instance");
1508 device_set_state(dev, DEVICE_DISCONNECTED);
1509 status = GATT_FAILURE;
1513 dev->attrib = attrib;
1514 dev->watch_id = g_io_add_watch(io, G_IO_HUP | G_IO_ERR | G_IO_NVAL,
1515 disconnected_cb, dev);
1517 dev->server_id = g_attrib_register(attrib, GATTRIB_ALL_REQS,
1518 GATTRIB_ALL_HANDLES,
1519 att_handler, dev, NULL);
1520 dev->ind_id = g_attrib_register(attrib, ATT_OP_HANDLE_IND,
1521 GATTRIB_ALL_HANDLES,
1522 ind_handler, dev, NULL);
1523 if ((dev->server_id && dev->ind_id) == 0)
1524 error("gatt: Could not attach to server");
1526 device_set_state(dev, DEVICE_CONNECTED);
1528 /* Send exchange mtu request as we assume being client and server */
1529 /* TODO: Dont exchange mtu if no client apps */
1531 /* MTU exchange shall not be used on BR/EDR - Vol 3. Part G. 4.3.1 */
1533 send_exchange_mtu_request(dev);
1536 * Service Changed Characteristic and CCC Descriptor handles
1537 * should not change if there are bonded devices. We have them
1538 * constant all the time, thus they should be excluded from
1539 * range indicating changes.
1541 range.start = gatt_db_attribute_get_handle(service_changed_attrib) + 2;
1545 * If there is ccc stored for that device we were acting as server for
1546 * it, and as we dont have last connect and last services (de)activation
1547 * timestamps we should always assume something has changed.
1549 notify_att_range_change(dev, &range);
1551 status = GATT_SUCCESS;
1555 * Make sure there are app_connections for all apps interested in auto
1556 * connect to that device
1558 queue_foreach(dev->autoconnect_apps, create_app_connection, dev);
1560 if (!queue_find(app_connections, match_connection_by_device, dev)) {
1561 struct app_connection *conn;
1566 conn = create_connection(dev, NULL);
1570 if (bt_is_pairing(&dev->bdaddr))
1572 * If there is bonding ongoing lets wait for paired
1573 * callback. Once we get that we can start search
1576 conn->timeout_id = g_timeout_add_seconds(
1577 GATT_PAIR_CONN_TIMEOUT,
1578 connection_timeout, conn);
1581 * There is no ongoing bonding, lets search for primary
1584 search_dev_for_srvc(conn, NULL);
1588 data.status = status;
1589 queue_foreach(app_connections, notify_app_connect_status_by_device,
1592 /* For BR/EDR notify about MTU since it is not negotiable*/
1593 if (cid != ATT_CID && status == GATT_SUCCESS)
1594 queue_foreach(app_connections, notify_mtu_change, dev);
1598 /* Check if we should restart scan */
1600 bt_le_discovery_start();
1602 /* FIXME: What to do if discovery won't start here. */
1605 static int connect_le(struct gatt_device *dev)
1608 GError *gerr = NULL;
1610 const bdaddr_t *bdaddr;
1611 uint8_t bdaddr_type;
1613 ba2str(&dev->bdaddr, addr);
1615 /* There is one connection attempt going on */
1617 info("gatt: connection to dev %s is ongoing", addr);
1621 DBG("Connection attempt to: %s", addr);
1623 bdaddr = bt_get_id_addr(&dev->bdaddr, &bdaddr_type);
1626 * This connection will help us catch any PDUs that comes before
1629 io = bt_io_connect(connect_cb, device_ref(dev), NULL, &gerr,
1630 BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
1631 BT_IO_OPT_SOURCE_TYPE, BDADDR_LE_PUBLIC,
1632 BT_IO_OPT_DEST_BDADDR, bdaddr,
1633 BT_IO_OPT_DEST_TYPE, bdaddr_type,
1634 BT_IO_OPT_CID, ATT_CID,
1635 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
1638 error("gatt: Failed bt_io_connect(%s): %s", addr,
1644 /* Keep this, so we can cancel the connection */
1647 device_set_state(dev, DEVICE_CONNECT_READY);
1652 static int connect_next_dev(void)
1654 struct gatt_device *dev;
1658 dev = find_device_by_state(DEVICE_CONNECT_READY);
1662 return connect_le(dev);
1665 static void bt_le_discovery_stop_cb(void)
1669 /* Check now if there is any device ready to connect */
1670 if (connect_next_dev() < 0)
1671 bt_le_discovery_start();
1674 static void le_device_found_handler(const bdaddr_t *addr, int rssi,
1675 uint16_t eir_len, const void *eir,
1676 bool connectable, bool bonded)
1678 uint8_t buf[IPC_MTU];
1679 struct hal_ev_gatt_client_scan_result *ev = (void *) buf;
1680 struct gatt_device *dev;
1687 DBG("LE Device found: %s, rssi: %d, adv_data: %d", bda, rssi, !!eir);
1689 bdaddr2android(addr, ev->bda);
1693 memcpy(ev->adv_data, eir, ev->len);
1695 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
1696 HAL_EV_GATT_CLIENT_SCAN_RESULT,
1697 sizeof(*ev) + ev->len, ev);
1703 /* We use auto connect feature from kernel if possible */
1704 if (bt_kernel_conn_control())
1707 dev = find_device_by_addr(addr);
1712 dev = create_device(addr);
1715 if (dev->state != DEVICE_CONNECT_INIT)
1718 device_set_state(dev, DEVICE_CONNECT_READY);
1721 * We are ok to perform connect now. Stop discovery
1722 * and once it is stopped continue with creating ACL
1724 bt_le_discovery_stop(bt_le_discovery_stop_cb);
1727 static struct gatt_app *register_app(const uint8_t *uuid, gatt_type_t type)
1729 static int32_t application_id = 1;
1730 struct gatt_app *app;
1732 if (queue_find(gatt_apps, match_app_by_uuid, uuid)) {
1733 error("gatt: app uuid is already on list");
1737 app = new0(struct gatt_app, 1);
1741 if (app->type == GATT_CLIENT)
1742 app->notifications = queue_new();
1744 memcpy(app->uuid, uuid, sizeof(app->uuid));
1746 app->id = application_id++;
1748 queue_push_head(gatt_apps, app);
1750 if (app->type == GATT_SERVER)
1751 queue_push_tail(listen_apps, INT_TO_PTR(app->id));
1756 static void handle_client_register(const void *buf, uint16_t len)
1758 const struct hal_cmd_gatt_client_register *cmd = buf;
1759 struct hal_ev_gatt_client_register_client ev;
1760 struct gatt_app *app;
1764 memset(&ev, 0, sizeof(ev));
1766 app = register_app(cmd->uuid, GATT_CLIENT);
1769 ev.client_if = app->id;
1770 ev.status = GATT_SUCCESS;
1772 ev.status = GATT_FAILURE;
1775 /* We should send notification with given in cmd UUID */
1776 memcpy(ev.app_uuid, cmd->uuid, sizeof(ev.app_uuid));
1778 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
1779 HAL_EV_GATT_CLIENT_REGISTER_CLIENT, sizeof(ev), &ev);
1781 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_CLIENT_REGISTER,
1782 HAL_STATUS_SUCCESS);
1785 static void handle_client_scan(const void *buf, uint16_t len)
1787 const struct hal_cmd_gatt_client_scan *cmd = buf;
1790 DBG("new state %d", cmd->start);
1792 if (cmd->client_if != 0) {
1793 void *registered = find_app_by_id(cmd->client_if);
1796 error("gatt: Client not registered");
1797 status = HAL_STATUS_FAILED;
1804 DBG("Stopping LE SCAN");
1807 bt_le_discovery_stop(NULL);
1811 status = HAL_STATUS_SUCCESS;
1815 /* Reply success if we already do scan */
1817 status = HAL_STATUS_SUCCESS;
1822 if (!bt_le_discovery_start()) {
1823 error("gatt: LE scan switch failed");
1824 status = HAL_STATUS_FAILED;
1829 status = HAL_STATUS_SUCCESS;
1832 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_CLIENT_SCAN,
1836 static int connect_bredr(struct gatt_device *dev)
1838 BtIOSecLevel sec_level;
1840 GError *gerr = NULL;
1843 ba2str(&dev->bdaddr, addr);
1845 /* There is one connection attempt going on */
1847 info("gatt: connection to dev %s is ongoing", addr);
1851 DBG("Connection attempt to: %s", addr);
1853 sec_level = bt_device_is_bonded(&dev->bdaddr) ? BT_IO_SEC_MEDIUM :
1856 io = bt_io_connect(connect_cb, device_ref(dev), NULL, &gerr,
1857 BT_IO_OPT_SOURCE_BDADDR, &adapter_addr,
1858 BT_IO_OPT_SOURCE_TYPE, BDADDR_BREDR,
1859 BT_IO_OPT_DEST_BDADDR, &dev->bdaddr,
1860 BT_IO_OPT_DEST_TYPE, BDADDR_BREDR,
1861 BT_IO_OPT_PSM, ATT_PSM,
1862 BT_IO_OPT_SEC_LEVEL, sec_level,
1865 error("gatt: Failed bt_io_connect(%s): %s", addr,
1871 device_set_state(dev, DEVICE_CONNECT_READY);
1873 /* Keep this, so we can cancel the connection */
1879 static bool trigger_connection(struct app_connection *conn, bool direct)
1881 switch (conn->device->state) {
1882 case DEVICE_DISCONNECTED:
1884 * If device was last seen over BR/EDR connect over it.
1885 * Note: Connection state is handled in connect_bredr() func
1887 if (bt_device_last_seen_bearer(&conn->device->bdaddr) ==
1889 return connect_bredr(conn->device) == 0;
1892 return connect_le(conn->device) == 0;
1894 bt_gatt_add_autoconnect(conn->app->id, &conn->device->bdaddr);
1895 return auto_connect_le(conn->device);
1896 case DEVICE_CONNECTED:
1897 notify_app_connect_status(conn, GATT_SUCCESS);
1899 case DEVICE_CONNECT_READY:
1900 case DEVICE_CONNECT_INIT:
1902 /* In those cases connection is already triggered. */
1907 static void remove_autoconnect_device(struct gatt_device *dev)
1909 bt_auto_connect_remove(&dev->bdaddr);
1911 if (dev->state == DEVICE_CONNECT_INIT)
1912 device_set_state(dev, DEVICE_DISCONNECTED);
1917 static void clear_autoconnect_devices(void *data, void *user_data)
1919 struct gatt_device *dev = data;
1921 if (queue_remove(dev->autoconnect_apps, user_data))
1922 if (queue_isempty(dev->autoconnect_apps))
1923 remove_autoconnect_device(dev);
1926 static uint8_t unregister_app(int client_if)
1928 struct gatt_app *cl;
1931 * Make sure that there is no devices in auto connect list for this
1934 queue_foreach(gatt_devices, clear_autoconnect_devices,
1935 INT_TO_PTR(client_if));
1937 cl = queue_remove_if(gatt_apps, match_app_by_id, INT_TO_PTR(client_if));
1939 error("gatt: client_if=%d not found", client_if);
1941 return HAL_STATUS_FAILED;
1944 /* Destroy app connections with proper notifications for this app. */
1945 queue_remove_all(app_connections, match_connection_by_app, cl,
1946 destroy_connection);
1947 destroy_gatt_app(cl);
1949 return HAL_STATUS_SUCCESS;
1952 static void send_client_listen_notify(int32_t id, int32_t status)
1954 struct hal_ev_gatt_client_listen ev;
1956 /* Server if because of typo in android headers */
1960 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT, HAL_EV_GATT_CLIENT_LISTEN,
1964 struct listen_data {
1969 static struct listen_data *create_listen_data(int32_t client_id, bool start)
1971 struct listen_data *d;
1973 d = new0(struct listen_data, 1);
1974 d->client_id = client_id;
1980 static void set_advertising_cb(uint8_t status, void *user_data)
1982 struct listen_data *l = user_data;
1984 send_client_listen_notify(l->client_id, status);
1986 /* In case of success update advertising state*/
1988 advertising_cnt = l->start ? 1 : 0;
1991 * Let's remove client from the list in two cases
1995 if ((l->start && status) || (!l->start && !status))
1996 queue_remove(listen_apps, INT_TO_PTR(l->client_id));
2001 static void handle_client_unregister(const void *buf, uint16_t len)
2003 const struct hal_cmd_gatt_client_unregister *cmd = buf;
2005 void *listening_client;
2006 struct listen_data *data;
2010 listening_client = queue_find(listen_apps, NULL,
2011 INT_TO_PTR(cmd->client_if));
2013 if (listening_client) {
2015 queue_remove(listen_apps, INT_TO_PTR(cmd->client_if));
2017 status = unregister_app(cmd->client_if);
2021 if (!advertising_cnt) {
2022 data = create_listen_data(cmd->client_if, false);
2024 if (!bt_le_set_advertising(data->start, set_advertising_cb,
2026 error("gatt: Could not set advertising");
2027 status = HAL_STATUS_FAILED;
2033 status = unregister_app(cmd->client_if);
2036 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2037 HAL_OP_GATT_CLIENT_UNREGISTER, status);
2040 static uint8_t handle_connect(int32_t app_id, const bdaddr_t *addr, bool direct)
2042 struct app_connection conn_match;
2043 struct app_connection *conn;
2044 struct gatt_device *device;
2045 struct gatt_app *app;
2049 app = find_app_by_id(app_id);
2051 return HAL_STATUS_FAILED;
2053 device = find_device_by_addr(addr);
2055 device = create_device(addr);
2057 conn_match.device = device;
2058 conn_match.app = app;
2060 conn = queue_find(app_connections, match_connection_by_device_and_app,
2063 conn = create_connection(device, app);
2065 return HAL_STATUS_NOMEM;
2068 if (!trigger_connection(conn, direct))
2069 return HAL_STATUS_FAILED;
2071 return HAL_STATUS_SUCCESS;
2074 static void handle_client_connect(const void *buf, uint16_t len)
2076 const struct hal_cmd_gatt_client_connect *cmd = buf;
2080 DBG("is_direct:%u transport:%u", cmd->is_direct, cmd->transport);
2082 android2bdaddr(&cmd->bdaddr, &addr);
2084 /* TODO handle transport flag */
2086 status = handle_connect(cmd->client_if, &addr, cmd->is_direct);
2088 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_CLIENT_CONNECT,
2092 static void handle_client_disconnect(const void *buf, uint16_t len)
2094 const struct hal_cmd_gatt_client_disconnect *cmd = buf;
2095 struct app_connection *conn;
2100 /* TODO: should we care to match also bdaddr when conn_id is unique? */
2101 conn = queue_remove_if(app_connections, match_connection_by_id,
2102 INT_TO_PTR(cmd->conn_id));
2103 destroy_connection(conn);
2105 status = HAL_STATUS_SUCCESS;
2107 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2108 HAL_OP_GATT_CLIENT_DISCONNECT, status);
2111 static void handle_client_listen(const void *buf, uint16_t len)
2113 const struct hal_cmd_gatt_client_listen *cmd = buf;
2115 struct listen_data *data;
2116 bool req_sent = false;
2117 void *listening_client;
2121 if (!find_app_by_id(cmd->client_if)) {
2122 error("gatt: Client not registered");
2123 status = HAL_STATUS_FAILED;
2127 listening_client = queue_find(listen_apps, NULL,
2128 INT_TO_PTR(cmd->client_if));
2129 /* Start listening */
2131 if (listening_client) {
2132 status = HAL_STATUS_SUCCESS;
2136 queue_push_tail(listen_apps, INT_TO_PTR(cmd->client_if));
2138 /* If listen is already on just return success*/
2139 if (advertising_cnt > 0) {
2141 status = HAL_STATUS_SUCCESS;
2145 /* Stop listening. Check if client was listening */
2146 if (!listening_client) {
2147 error("gatt: This client %d does not listen",
2149 status = HAL_STATUS_FAILED;
2154 * In case there is more listening clients don't stop
2157 if (advertising_cnt > 1) {
2159 queue_remove(listen_apps, INT_TO_PTR(cmd->client_if));
2160 status = HAL_STATUS_SUCCESS;
2165 data = create_listen_data(cmd->client_if, cmd->start);
2167 if (!bt_le_set_advertising(cmd->start, set_advertising_cb, data)) {
2168 error("gatt: Could not set advertising");
2169 status = HAL_STATUS_FAILED;
2175 * Use this flag to keep in mind that we are waiting for callback with
2180 status = HAL_STATUS_SUCCESS;
2183 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_CLIENT_LISTEN,
2186 /* In case of early success or error, just send notification up */
2188 int32_t gatt_status = status == HAL_STATUS_SUCCESS ?
2189 GATT_SUCCESS : GATT_FAILURE;
2190 send_client_listen_notify(cmd->client_if, gatt_status);
2194 static void handle_client_refresh(const void *buf, uint16_t len)
2196 const struct hal_cmd_gatt_client_refresh *cmd = buf;
2197 struct gatt_device *dev;
2202 * This is Android's framework hidden API call. It seams that no
2203 * notification is expected and Bluedroid silently updates device's
2204 * cache under the hood. As we use lazy caching ,we can just clear the
2205 * cache and we're done.
2210 android2bdaddr(&cmd->bdaddr, &bda);
2211 dev = find_device_by_addr(&bda);
2213 status = HAL_STATUS_FAILED;
2217 queue_remove_all(dev->services, NULL, NULL, destroy_service);
2219 status = HAL_STATUS_SUCCESS;
2222 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_CLIENT_REFRESH,
2226 static void handle_client_search_service(const void *buf, uint16_t len)
2228 const struct hal_cmd_gatt_client_search_service *cmd = buf;
2229 struct app_connection *conn;
2233 guint srvc_search_success;
2237 if (len != sizeof(*cmd) + (cmd->filtered ? 16 : 0)) {
2238 error("Invalid search service size (%u bytes), terminating",
2244 conn = find_connection_by_id(cmd->conn_id);
2246 error("gatt: dev with conn_id=%d not found", cmd->conn_id);
2248 status = HAL_STATUS_FAILED;
2252 if (conn->device->state != DEVICE_CONNECTED) {
2255 ba2str(&conn->device->bdaddr, bda);
2256 error("gatt: device %s not connected", bda);
2258 status = HAL_STATUS_FAILED;
2263 android2uuid(cmd->filter_uuid, &uuid);
2265 /* Services not cached yet */
2266 if (queue_isempty(conn->device->services)) {
2268 srvc_search_success = search_dev_for_srvc(conn, &uuid);
2270 srvc_search_success = search_dev_for_srvc(conn, NULL);
2272 if (!srvc_search_success) {
2273 status = HAL_STATUS_FAILED;
2277 status = HAL_STATUS_SUCCESS;
2281 /* Search in cached services for given service */
2282 if (cmd->filtered) {
2283 /* Search in cache for service by uuid */
2284 s = queue_find(conn->device->services, match_srvc_by_bt_uuid,
2288 send_client_primary_notify(s, INT_TO_PTR(conn->id));
2290 if (!search_dev_for_srvc(conn, &uuid)) {
2291 status = HAL_STATUS_FAILED;
2295 status = HAL_STATUS_SUCCESS;
2299 /* Refresh service cache if only partial search was performed */
2300 if (conn->device->partial_srvc_search) {
2301 srvc_search_success = search_dev_for_srvc(conn, NULL);
2302 if (!srvc_search_success) {
2303 status = HAL_STATUS_FAILED;
2307 queue_foreach(conn->device->services,
2308 send_client_primary_notify,
2309 INT_TO_PTR(cmd->conn_id));
2312 send_client_search_complete_notify(GATT_SUCCESS, conn->id);
2314 status = HAL_STATUS_SUCCESS;
2317 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2318 HAL_OP_GATT_CLIENT_SEARCH_SERVICE, status);
2321 static void send_client_incl_service_notify(const struct element_id *srvc_id,
2322 const struct service *incl,
2325 struct hal_ev_gatt_client_get_inc_service ev;
2327 memset(&ev, 0, sizeof(ev));
2329 ev.conn_id = conn_id;
2331 element_id_to_hal_srvc_id(srvc_id, 1, &ev.srvc_id);
2334 element_id_to_hal_srvc_id(&incl->id, 0, &ev.incl_srvc_id);
2335 ev.status = GATT_SUCCESS;
2337 ev.status = GATT_FAILURE;
2340 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT ,
2341 HAL_EV_GATT_CLIENT_GET_INC_SERVICE,
2345 struct get_included_data {
2346 struct service *prim;
2347 struct app_connection *conn;
2350 static int get_inst_id_of_prim_services(const struct gatt_device *dev)
2352 struct service *s = queue_peek_tail(dev->services);
2355 return s->id.instance;
2360 static void get_included_cb(uint8_t status, GSList *included, void *user_data)
2362 struct get_included_data *data = user_data;
2363 struct app_connection *conn = data->conn;
2364 struct service *service = data->prim;
2365 struct service *incl = NULL;
2373 error("gatt: no included services found");
2377 /* Remember that we already search included services.*/
2378 service->incl_search_done = true;
2381 * There might be multiply services with same uuid. Therefore make sure
2382 * each service has unique instance id. Let's take the latest instance
2383 * id of primary service and start iterate included services from this
2386 instance_id = get_inst_id_of_prim_services(conn->device);
2387 if (instance_id < 0)
2390 for (; included; included = included->next) {
2391 struct gatt_included *included_service = included->data;
2393 incl = create_service(++instance_id, false,
2394 included_service->uuid,
2400 * Lets keep included service on two queues.
2401 * 1. on services queue together with primary service
2402 * 2. on special queue inside primary service
2404 queue_push_tail(service->included, incl);
2405 queue_push_tail(conn->device->services, incl);
2409 * Notify upper layer about first included service.
2410 * Android framework will iterate for next one.
2412 incl = queue_peek_head(service->included);
2415 send_client_incl_service_notify(&service->id, incl, conn->id);
2418 static void search_included_services(struct app_connection *conn,
2419 struct service *service)
2421 struct get_included_data *data;
2422 uint16_t start, end;
2424 data = new0(struct get_included_data, 1);
2425 data->prim = service;
2428 if (service->primary) {
2429 start = service->prim.range.start;
2430 end = service->prim.range.end;
2432 start = service->incl.range.start;
2433 end = service->incl.range.end;
2436 gatt_find_included(conn->device->attrib, start, end, get_included_cb,
2440 static bool find_service(int32_t conn_id, struct element_id *service_id,
2441 struct app_connection **connection,
2442 struct service **service)
2444 struct service *srvc;
2445 struct app_connection *conn;
2447 conn = find_connection_by_id(conn_id);
2449 error("gatt: conn_id=%d not found", conn_id);
2453 srvc = queue_find(conn->device->services, match_srvc_by_element_id,
2456 error("gatt: Service with inst_id: %d not found",
2457 service_id->instance);
2467 static void handle_client_get_included_service(const void *buf, uint16_t len)
2469 const struct hal_cmd_gatt_client_get_included_service *cmd = buf;
2470 struct app_connection *conn;
2471 struct service *prim_service;
2472 struct service *incl_service = NULL;
2473 struct element_id match_id;
2474 struct element_id srvc_id;
2479 hal_srvc_id_to_element_id(&cmd->srvc_id, &srvc_id);
2481 if (len != sizeof(*cmd) +
2482 (cmd->continuation ? sizeof(cmd->incl_srvc_id[0]) : 0)) {
2483 error("Invalid get incl services size (%u bytes), terminating",
2489 hal_srvc_id_to_element_id(&cmd->srvc_id, &match_id);
2490 if (!find_service(cmd->conn_id, &match_id, &conn, &prim_service)) {
2491 status = HAL_STATUS_FAILED;
2495 if (!prim_service->incl_search_done) {
2496 search_included_services(conn, prim_service);
2497 status = HAL_STATUS_SUCCESS;
2501 /* Try to use cache here */
2502 if (!cmd->continuation) {
2503 incl_service = queue_peek_head(prim_service->included);
2505 uint8_t inst_id = cmd->incl_srvc_id[0].inst_id;
2507 incl_service = queue_find(prim_service->included,
2508 match_srvc_by_higher_inst_id,
2509 INT_TO_PTR(inst_id));
2512 status = HAL_STATUS_SUCCESS;
2516 * In case of error in handling request we need to send event with
2517 * service id of cmd and gatt failure status.
2519 send_client_incl_service_notify(&srvc_id, incl_service, cmd->conn_id);
2522 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2523 HAL_OP_GATT_CLIENT_GET_INCLUDED_SERVICE, status);
2526 static void send_client_char_notify(const struct hal_gatt_srvc_id *service,
2527 const struct hal_gatt_gatt_id *charac,
2528 int32_t char_prop, int32_t conn_id)
2530 struct hal_ev_gatt_client_get_characteristic ev;
2532 ev.conn_id = conn_id;
2535 memcpy(&ev.char_id, charac, sizeof(struct hal_gatt_gatt_id));
2536 ev.char_prop = char_prop;
2537 ev.status = GATT_SUCCESS;
2539 memset(&ev.char_id, 0, sizeof(struct hal_gatt_gatt_id));
2541 ev.status = GATT_FAILURE;
2544 memcpy(&ev.srvc_id, service, sizeof(struct hal_gatt_srvc_id));
2546 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
2547 HAL_EV_GATT_CLIENT_GET_CHARACTERISTIC,
2551 static void convert_send_client_char_notify(const struct characteristic *ch,
2553 const struct service *service)
2555 struct hal_gatt_srvc_id srvc;
2556 struct hal_gatt_gatt_id charac;
2558 element_id_to_hal_srvc_id(&service->id, service->primary, &srvc);
2561 element_id_to_hal_gatt_id(&ch->id, &charac);
2562 send_client_char_notify(&srvc, &charac, ch->ch.properties,
2565 send_client_char_notify(&srvc, NULL, 0, conn_id);
2569 static void cache_all_srvc_chars(struct service *srvc, GSList *characteristics)
2571 uint16_t inst_id = 0;
2574 for (; characteristics; characteristics = characteristics->next) {
2575 struct characteristic *ch;
2577 ch = new0(struct characteristic, 1);
2578 ch->descriptors = queue_new();
2580 memcpy(&ch->ch, characteristics->data, sizeof(ch->ch));
2582 bt_string_to_uuid(&uuid, ch->ch.uuid);
2583 bt_uuid_to_uuid128(&uuid, &ch->id.uuid);
2586 * For now we increment inst_id and use it as characteristic
2589 ch->id.instance = ++inst_id;
2591 /* Store end handle to use later for descriptors discovery */
2592 if (characteristics->next) {
2593 struct gatt_char *next = characteristics->next->data;
2595 ch->end_handle = next->handle - 1;
2597 ch->end_handle = srvc->primary ? srvc->prim.range.end :
2598 srvc->incl.range.end;
2601 DBG("attr handle = 0x%04x, end handle = 0x%04x uuid: %s",
2602 ch->ch.handle, ch->end_handle, ch->ch.uuid);
2604 queue_push_tail(srvc->chars, ch);
2608 struct discover_char_data {
2610 struct service *service;
2613 static void discover_char_cb(uint8_t status, GSList *characteristics,
2616 struct discover_char_data *data = user_data;
2617 struct service *srvc = data->service;
2620 error("gatt: Failed to get characteristics: %s",
2621 att_ecode2str(status));
2622 convert_send_client_char_notify(NULL, data->conn_id, srvc);
2626 if (queue_isempty(srvc->chars))
2627 cache_all_srvc_chars(srvc, characteristics);
2629 convert_send_client_char_notify(queue_peek_head(srvc->chars),
2630 data->conn_id, srvc);
2636 static void handle_client_get_characteristic(const void *buf, uint16_t len)
2638 const struct hal_cmd_gatt_client_get_characteristic *cmd = buf;
2639 struct characteristic *ch;
2640 struct element_id match_id;
2641 struct app_connection *conn;
2642 struct service *srvc;
2647 if (len != sizeof(*cmd) + (cmd->continuation ? sizeof(cmd->char_id[0]) : 0)) {
2648 error("Invalid get characteristic size (%u bytes), terminating",
2654 hal_srvc_id_to_element_id(&cmd->srvc_id, &match_id);
2655 if (!find_service(cmd->conn_id, &match_id, &conn, &srvc)) {
2656 status = HAL_STATUS_FAILED;
2660 /* Discover all characteristics for services if not cached yet */
2661 if (queue_isempty(srvc->chars)) {
2662 struct discover_char_data *cb_data;
2663 struct att_range range;
2665 cb_data = new0(struct discover_char_data, 1);
2666 cb_data->service = srvc;
2667 cb_data->conn_id = conn->id;
2669 range = srvc->primary ? srvc->prim.range : srvc->incl.range;
2671 if (!gatt_discover_char(conn->device->attrib, range.start,
2673 discover_char_cb, cb_data)) {
2676 status = HAL_STATUS_FAILED;
2680 status = HAL_STATUS_SUCCESS;
2684 if (cmd->continuation)
2685 ch = queue_find(srvc->chars, match_char_by_higher_inst_id,
2686 INT_TO_PTR(cmd->char_id[0].inst_id));
2688 ch = queue_peek_head(srvc->chars);
2690 convert_send_client_char_notify(ch, conn->id, srvc);
2692 status = HAL_STATUS_SUCCESS;
2695 if (status != HAL_STATUS_SUCCESS)
2696 send_client_char_notify(&cmd->srvc_id, NULL, 0, cmd->conn_id);
2698 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2699 HAL_OP_GATT_CLIENT_GET_CHARACTERISTIC, status);
2702 static void send_client_descr_notify(int32_t status, int32_t conn_id,
2704 const struct element_id *srvc,
2705 const struct element_id *ch,
2706 const struct element_id *opt_descr)
2708 struct hal_ev_gatt_client_get_descriptor ev;
2710 memset(&ev, 0, sizeof(ev));
2713 ev.conn_id = conn_id;
2715 element_id_to_hal_srvc_id(srvc, primary, &ev.srvc_id);
2716 element_id_to_hal_gatt_id(ch, &ev.char_id);
2719 element_id_to_hal_gatt_id(opt_descr, &ev.descr_id);
2721 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
2722 HAL_EV_GATT_CLIENT_GET_DESCRIPTOR, sizeof(ev), &ev);
2725 struct discover_desc_data {
2726 struct app_connection *conn;
2727 struct service *srvc;
2728 struct characteristic *ch;
2731 static void gatt_discover_desc_cb(guint8 status, GSList *descs,
2734 struct discover_desc_data *data = user_data;
2735 struct app_connection *conn = data->conn;
2736 struct service *srvc = data->srvc;
2737 struct characteristic *ch = data->ch;
2738 struct descriptor *descr;
2742 error("Discover all characteristic descriptors failed [%s]: %s",
2743 ch->ch.uuid, att_ecode2str(status));
2747 for ( ; descs; descs = descs->next) {
2748 struct gatt_desc *desc = descs->data;
2751 descr = new0(struct descriptor, 1);
2753 bt_string_to_uuid(&uuid, desc->uuid);
2754 bt_uuid_to_uuid128(&uuid, &descr->id.uuid);
2756 descr->id.instance = ++i;
2757 descr->handle = desc->handle;
2759 DBG("attr handle = 0x%04x, uuid: %s", desc->handle, desc->uuid);
2761 queue_push_tail(ch->descriptors, descr);
2765 descr = queue_peek_head(ch->descriptors);
2767 send_client_descr_notify(status ? GATT_FAILURE : GATT_SUCCESS, conn->id,
2768 srvc->primary, &srvc->id, &ch->id,
2769 descr ? &descr->id : NULL);
2774 static bool build_descr_cache(struct app_connection *conn, struct service *srvc,
2775 struct characteristic *ch)
2777 struct discover_desc_data *cb_data;
2778 uint16_t start, end;
2780 /* Clip range to given characteristic */
2781 start = ch->ch.value_handle + 1;
2782 end = ch->end_handle;
2784 /* If there are no descriptors, notify with fail status. */
2788 cb_data = new0(struct discover_desc_data, 1);
2789 cb_data->conn = conn;
2790 cb_data->srvc = srvc;
2793 if (!gatt_discover_desc(conn->device->attrib, start, end, NULL,
2794 gatt_discover_desc_cb, cb_data)) {
2802 static void handle_client_get_descriptor(const void *buf, uint16_t len)
2804 const struct hal_cmd_gatt_client_get_descriptor *cmd = buf;
2805 struct descriptor *descr = NULL;
2806 struct characteristic *ch;
2807 struct service *srvc;
2808 struct element_id srvc_id;
2809 struct element_id char_id;
2810 struct app_connection *conn;
2817 if (len != sizeof(*cmd) +
2818 (cmd->continuation ? sizeof(cmd->descr_id[0]) : 0)) {
2819 error("gatt: Invalid get descr command (%u bytes), terminating",
2826 conn_id = cmd->conn_id;
2827 primary = cmd->srvc_id.is_primary;
2829 hal_srvc_id_to_element_id(&cmd->srvc_id, &srvc_id);
2830 hal_gatt_id_to_element_id(&cmd->char_id, &char_id);
2832 if (!find_service(conn_id, &srvc_id, &conn, &srvc)) {
2833 error("gatt: Get descr. could not find service");
2835 status = HAL_STATUS_FAILED;
2839 ch = queue_find(srvc->chars, match_char_by_element_id, &char_id);
2841 error("gatt: Get descr. could not find characteristic");
2843 status = HAL_STATUS_FAILED;
2847 if (queue_isempty(ch->descriptors)) {
2848 if (build_descr_cache(conn, srvc, ch)) {
2849 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2850 HAL_OP_GATT_CLIENT_GET_DESCRIPTOR,
2851 HAL_STATUS_SUCCESS);
2856 status = HAL_STATUS_SUCCESS;
2858 /* Send from cache */
2859 if (cmd->continuation)
2860 descr = queue_find(ch->descriptors,
2861 match_descr_by_higher_inst_id,
2862 INT_TO_PTR(cmd->descr_id[0].inst_id));
2864 descr = queue_peek_head(ch->descriptors);
2867 send_client_descr_notify(descr ? GATT_SUCCESS : GATT_FAILURE, conn_id,
2868 primary, &srvc_id, &char_id,
2871 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
2872 HAL_OP_GATT_CLIENT_GET_DESCRIPTOR, status);
2875 struct char_op_data {
2877 const struct element_id *srvc_id;
2878 const struct element_id *char_id;
2882 static struct char_op_data *create_char_op_data(int32_t conn_id,
2883 const struct element_id *s_id,
2884 const struct element_id *ch_id,
2887 struct char_op_data *d;
2889 d = new0(struct char_op_data, 1);
2890 d->conn_id = conn_id;
2893 d->primary = primary;
2898 static void send_client_read_char_notify(int32_t status, const uint8_t *pdu,
2899 uint16_t len, int32_t conn_id,
2900 const struct element_id *s_id,
2901 const struct element_id *ch_id,
2904 uint8_t buf[IPC_MTU];
2905 struct hal_ev_gatt_client_read_characteristic *ev = (void *) buf;
2908 memset(buf, 0, sizeof(buf));
2910 ev->conn_id = conn_id;
2911 ev->status = status;
2912 ev->data.status = status;
2914 element_id_to_hal_srvc_id(s_id, primary, &ev->data.srvc_id);
2915 element_id_to_hal_gatt_id(ch_id, &ev->data.char_id);
2917 if (status == 0 && pdu) {
2918 vlen = dec_read_resp(pdu, len, ev->data.value, sizeof(buf));
2920 error("gatt: Protocol error");
2921 ev->status = GATT_FAILURE;
2923 ev->data.len = vlen;
2927 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
2928 HAL_EV_GATT_CLIENT_READ_CHARACTERISTIC,
2929 sizeof(*ev) + ev->data.len, ev);
2932 static void read_char_cb(guint8 status, const guint8 *pdu, guint16 len,
2935 struct char_op_data *data = user_data;
2937 send_client_read_char_notify(status, pdu, len, data->conn_id,
2938 data->srvc_id, data->char_id,
2944 static int get_cid(struct gatt_device *dev)
2949 io = g_attrib_get_channel(dev->attrib);
2951 if (!bt_io_get(io, NULL, BT_IO_OPT_CID, &cid, BT_IO_OPT_INVALID)) {
2952 error("gatt: Failed to get CID");
2959 static int get_sec_level(struct gatt_device *dev)
2964 io = g_attrib_get_channel(dev->attrib);
2966 if (!bt_io_get(io, NULL, BT_IO_OPT_SEC_LEVEL, &sec_level,
2967 BT_IO_OPT_INVALID)) {
2968 error("gatt: Failed to get sec_level");
2975 static bool set_security(struct gatt_device *device, int req_sec_level)
2978 GError *gerr = NULL;
2981 sec_level = get_sec_level(device);
2985 if (req_sec_level <= sec_level)
2988 io = g_attrib_get_channel(device->attrib);
2992 bt_io_set(io, &gerr, BT_IO_OPT_SEC_LEVEL, req_sec_level,
2995 error("gatt: Failed to set security level: %s", gerr->message);
3003 bool bt_gatt_set_security(const bdaddr_t *bdaddr, int sec_level)
3005 struct gatt_device *device;
3007 device = find_device_by_addr(bdaddr);
3011 return set_security(device, sec_level);
3014 static bool set_auth_type(struct gatt_device *device, int auth_type)
3018 switch (auth_type) {
3019 case HAL_GATT_AUTHENTICATION_MITM:
3020 sec_level = BT_SECURITY_HIGH;
3022 case HAL_GATT_AUTHENTICATION_NO_MITM:
3023 sec_level = BT_SECURITY_MEDIUM;
3025 case HAL_GATT_AUTHENTICATION_NONE:
3026 sec_level = BT_SECURITY_LOW;
3029 error("gatt: Invalid auth_type value: %d", auth_type);
3033 return set_security(device, sec_level);
3036 static void handle_client_read_characteristic(const void *buf, uint16_t len)
3038 const struct hal_cmd_gatt_client_read_characteristic *cmd = buf;
3039 struct char_op_data *cb_data;
3040 struct characteristic *ch;
3041 struct app_connection *conn;
3042 struct service *srvc;
3043 struct element_id srvc_id;
3044 struct element_id char_id;
3049 /* TODO authorization needs to be handled */
3051 hal_srvc_id_to_element_id(&cmd->srvc_id, &srvc_id);
3052 hal_gatt_id_to_element_id(&cmd->char_id, &char_id);
3054 if (!find_service(cmd->conn_id, &srvc_id, &conn, &srvc)) {
3055 status = HAL_STATUS_FAILED;
3059 /* search characteristics by element id */
3060 ch = queue_find(srvc->chars, match_char_by_element_id, &char_id);
3062 error("gatt: Characteristic with inst_id: %d not found",
3063 cmd->char_id.inst_id);
3064 status = HAL_STATUS_FAILED;
3068 cb_data = create_char_op_data(cmd->conn_id, &srvc->id, &ch->id,
3069 cmd->srvc_id.is_primary);
3071 if (!set_auth_type(conn->device, cmd->auth_req)) {
3072 error("gatt: Failed to set security %d", cmd->auth_req);
3073 status = HAL_STATUS_FAILED;
3078 if (!gatt_read_char(conn->device->attrib, ch->ch.value_handle,
3079 read_char_cb, cb_data)) {
3080 error("gatt: Cannot read characteristic with inst_id: %d",
3081 cmd->char_id.inst_id);
3082 status = HAL_STATUS_FAILED;
3087 status = HAL_STATUS_SUCCESS;
3090 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3091 HAL_OP_GATT_CLIENT_READ_CHARACTERISTIC, status);
3094 * We should send notification with service, characteristic id in case
3097 if (status != HAL_STATUS_SUCCESS)
3098 send_client_read_char_notify(GATT_FAILURE, NULL, 0,
3099 cmd->conn_id, &srvc_id,
3101 cmd->srvc_id.is_primary);
3104 static void send_client_write_char_notify(int32_t status, int32_t conn_id,
3105 const struct element_id *srvc_id,
3106 const struct element_id *char_id,
3109 struct hal_ev_gatt_client_write_characteristic ev;
3111 memset(&ev, 0, sizeof(ev));
3113 ev.conn_id = conn_id;
3115 ev.data.status = status;
3117 element_id_to_hal_srvc_id(srvc_id, primary, &ev.data.srvc_id);
3118 element_id_to_hal_gatt_id(char_id, &ev.data.char_id);
3120 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
3121 HAL_EV_GATT_CLIENT_WRITE_CHARACTERISTIC,
3125 static void write_char_cb(guint8 status, const guint8 *pdu, guint16 len,
3128 struct char_op_data *data = user_data;
3130 send_client_write_char_notify(status, data->conn_id, data->srvc_id,
3131 data->char_id, data->primary);
3136 static guint signed_write_cmd(struct gatt_device *dev, uint16_t handle,
3137 const uint8_t *value, uint16_t vlen)
3143 memset(csrk, 0, 16);
3145 if (!bt_get_csrk(&dev->bdaddr, true, csrk, &sign_cnt, NULL)) {
3146 error("gatt: Could not get csrk key");
3150 res = gatt_signed_write_cmd(dev->attrib, handle, value, vlen, crypto,
3151 csrk, sign_cnt, NULL, NULL);
3153 error("gatt: Signed write command failed");
3157 bt_update_sign_counter(&dev->bdaddr, true, ++sign_cnt);
3162 static void handle_client_write_characteristic(const void *buf, uint16_t len)
3164 const struct hal_cmd_gatt_client_write_characteristic *cmd = buf;
3165 struct char_op_data *cb_data = NULL;
3166 struct characteristic *ch;
3167 struct app_connection *conn;
3168 struct service *srvc;
3169 struct element_id srvc_id;
3170 struct element_id char_id;
3176 if (len != sizeof(*cmd) + cmd->len) {
3177 error("Invalid write char size (%u bytes), terminating", len);
3182 hal_srvc_id_to_element_id(&cmd->srvc_id, &srvc_id);
3183 hal_gatt_id_to_element_id(&cmd->char_id, &char_id);
3185 if (!find_service(cmd->conn_id, &srvc_id, &conn, &srvc)) {
3186 status = HAL_STATUS_FAILED;
3190 /* search characteristics by instance id */
3191 ch = queue_find(srvc->chars, match_char_by_element_id, &char_id);
3193 error("gatt: Characteristic with inst_id: %d not found",
3194 cmd->char_id.inst_id);
3195 status = HAL_STATUS_FAILED;
3199 if (cmd->write_type == GATT_WRITE_TYPE_PREPARE ||
3200 cmd->write_type == GATT_WRITE_TYPE_DEFAULT) {
3201 cb_data = create_char_op_data(cmd->conn_id, &srvc->id, &ch->id,
3202 cmd->srvc_id.is_primary);
3205 if (!set_auth_type(conn->device, cmd->auth_req)) {
3206 error("gatt: Failed to set security %d", cmd->auth_req);
3207 status = HAL_STATUS_FAILED;
3211 switch (cmd->write_type) {
3212 case GATT_WRITE_TYPE_NO_RESPONSE:
3213 res = gatt_write_cmd(conn->device->attrib, ch->ch.value_handle,
3214 cmd->value, cmd->len,
3217 case GATT_WRITE_TYPE_PREPARE:
3218 res = gatt_reliable_write_char(conn->device->attrib,
3219 ch->ch.value_handle,
3220 cmd->value, cmd->len,
3221 write_char_cb, cb_data);
3223 case GATT_WRITE_TYPE_DEFAULT:
3224 res = gatt_write_char(conn->device->attrib, ch->ch.value_handle,
3225 cmd->value, cmd->len,
3226 write_char_cb, cb_data);
3228 case GATT_WRITE_TYPE_SIGNED:
3229 if (get_cid(conn->device) != ATT_CID) {
3230 error("gatt: Cannot write signed on BR/EDR bearer");
3231 status = HAL_STATUS_FAILED;
3235 if (get_sec_level(conn->device) > BT_SECURITY_LOW)
3236 res = gatt_write_cmd(conn->device->attrib,
3237 ch->ch.value_handle, cmd->value,
3238 cmd->len, NULL, NULL);
3240 res = signed_write_cmd(conn->device,
3241 ch->ch.value_handle, cmd->value,
3245 error("gatt: Write type %d unsupported", cmd->write_type);
3246 status = HAL_STATUS_UNSUPPORTED;
3251 error("gatt: Cannot write char. with inst_id: %d",
3252 cmd->char_id.inst_id);
3253 status = HAL_STATUS_FAILED;
3257 status = HAL_STATUS_SUCCESS;
3260 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3261 HAL_OP_GATT_CLIENT_WRITE_CHARACTERISTIC, status);
3264 * We should send notification with service, characteristic id in case
3265 * of error and write with no response
3267 if (status != HAL_STATUS_SUCCESS ||
3268 cmd->write_type == GATT_WRITE_TYPE_NO_RESPONSE ||
3269 cmd->write_type == GATT_WRITE_TYPE_SIGNED) {
3270 int32_t gatt_status = (status == HAL_STATUS_SUCCESS) ?
3271 GATT_SUCCESS : GATT_FAILURE;
3273 send_client_write_char_notify(gatt_status, cmd->conn_id,
3275 cmd->srvc_id.is_primary);
3280 static void send_client_descr_read_notify(int32_t status, const uint8_t *pdu,
3281 guint16 len, int32_t conn_id,
3282 const struct element_id *srvc,
3283 const struct element_id *ch,
3284 const struct element_id *descr,
3287 uint8_t buf[IPC_MTU];
3288 struct hal_ev_gatt_client_read_descriptor *ev = (void *) buf;
3290 memset(buf, 0, sizeof(buf));
3292 ev->status = status;
3293 ev->conn_id = conn_id;
3294 ev->data.status = ev->status;
3296 element_id_to_hal_srvc_id(srvc, primary, &ev->data.srvc_id);
3297 element_id_to_hal_gatt_id(ch, &ev->data.char_id);
3298 element_id_to_hal_gatt_id(descr, &ev->data.descr_id);
3300 if (status == 0 && pdu) {
3303 ret = dec_read_resp(pdu, len, ev->data.value,
3306 error("gatt: Protocol error");
3307 ev->status = GATT_FAILURE;
3313 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
3314 HAL_EV_GATT_CLIENT_READ_DESCRIPTOR,
3315 sizeof(*ev) + ev->data.len, ev);
3320 const struct element_id *srvc_id;
3321 const struct element_id *char_id;
3322 const struct element_id *descr_id;
3326 static void read_desc_cb(guint8 status, const guint8 *pdu, guint16 len,
3329 struct desc_data *cb_data = user_data;
3332 error("gatt: Discover all char descriptors failed: %s",
3333 att_ecode2str(status));
3335 send_client_descr_read_notify(status, pdu, len, cb_data->conn_id,
3336 cb_data->srvc_id, cb_data->char_id,
3337 cb_data->descr_id, cb_data->primary);
3342 static struct desc_data *create_desc_data(int32_t conn_id,
3343 const struct element_id *s_id,
3344 const struct element_id *ch_id,
3345 const struct element_id *d_id,
3348 struct desc_data *d;
3350 d = new0(struct desc_data, 1);
3351 d->conn_id = conn_id;
3355 d->primary = primary;
3360 static void handle_client_read_descriptor(const void *buf, uint16_t len)
3362 const struct hal_cmd_gatt_client_read_descriptor *cmd = buf;
3363 struct desc_data *cb_data;
3364 struct characteristic *ch;
3365 struct descriptor *descr;
3366 struct service *srvc;
3367 struct element_id char_id;
3368 struct element_id descr_id;
3369 struct element_id srvc_id;
3370 struct app_connection *conn;
3371 int32_t conn_id = 0;
3377 conn_id = cmd->conn_id;
3378 primary = cmd->srvc_id.is_primary;
3380 hal_srvc_id_to_element_id(&cmd->srvc_id, &srvc_id);
3381 hal_gatt_id_to_element_id(&cmd->char_id, &char_id);
3382 hal_gatt_id_to_element_id(&cmd->descr_id, &descr_id);
3384 if (!find_service(conn_id, &srvc_id, &conn, &srvc)) {
3385 error("gatt: Read descr. could not find service");
3387 status = HAL_STATUS_FAILED;
3391 ch = queue_find(srvc->chars, match_char_by_element_id, &char_id);
3393 error("gatt: Read descr. could not find characteristic");
3395 status = HAL_STATUS_FAILED;
3399 descr = queue_find(ch->descriptors, match_descr_by_element_id,
3402 error("gatt: Read descr. could not find descriptor");
3404 status = HAL_STATUS_FAILED;
3408 cb_data = create_desc_data(conn_id, &srvc->id, &ch->id, &descr->id,
3411 if (!set_auth_type(conn->device, cmd->auth_req)) {
3412 error("gatt: Failed to set security %d", cmd->auth_req);
3413 status = HAL_STATUS_FAILED;
3418 if (!gatt_read_char(conn->device->attrib, descr->handle, read_desc_cb,
3422 status = HAL_STATUS_FAILED;
3426 status = HAL_STATUS_SUCCESS;
3429 if (status != HAL_STATUS_SUCCESS)
3430 send_client_descr_read_notify(GATT_FAILURE, NULL, 0, conn_id,
3431 &srvc_id, &char_id, &descr_id,
3434 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3435 HAL_OP_GATT_CLIENT_READ_DESCRIPTOR, status);
3438 static void send_client_descr_write_notify(int32_t status, int32_t conn_id,
3439 const struct element_id *srvc,
3440 const struct element_id *ch,
3441 const struct element_id *descr,
3443 uint8_t buf[IPC_MTU];
3444 struct hal_ev_gatt_client_write_descriptor *ev = (void *) buf;
3446 memset(buf, 0, sizeof(buf));
3448 ev->status = status;
3449 ev->conn_id = conn_id;
3451 element_id_to_hal_srvc_id(srvc, primary, &ev->data.srvc_id);
3452 element_id_to_hal_gatt_id(ch, &ev->data.char_id);
3453 element_id_to_hal_gatt_id(descr, &ev->data.descr_id);
3454 ev->data.status = status;
3456 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
3457 HAL_EV_GATT_CLIENT_WRITE_DESCRIPTOR,
3461 static void write_descr_cb(guint8 status, const guint8 *pdu, guint16 len,
3464 struct desc_data *cb_data = user_data;
3467 error("gatt: Write descriptors failed: %s",
3468 att_ecode2str(status));
3470 send_client_descr_write_notify(status, cb_data->conn_id,
3471 cb_data->srvc_id, cb_data->char_id,
3472 cb_data->descr_id, cb_data->primary);
3477 static void handle_client_write_descriptor(const void *buf, uint16_t len)
3479 const struct hal_cmd_gatt_client_write_descriptor *cmd = buf;
3480 struct desc_data *cb_data = NULL;
3481 struct characteristic *ch;
3482 struct descriptor *descr;
3483 struct service *srvc;
3484 struct element_id srvc_id;
3485 struct element_id char_id;
3486 struct element_id descr_id;
3487 struct app_connection *conn;
3495 if (len != sizeof(*cmd) + cmd->len) {
3496 error("Invalid write desriptor command (%u bytes), terminating",
3502 primary = cmd->srvc_id.is_primary;
3503 conn_id = cmd->conn_id;
3505 hal_srvc_id_to_element_id(&cmd->srvc_id, &srvc_id);
3506 hal_gatt_id_to_element_id(&cmd->char_id, &char_id);
3507 hal_gatt_id_to_element_id(&cmd->descr_id, &descr_id);
3509 if (!find_service(cmd->conn_id, &srvc_id, &conn, &srvc)) {
3510 error("gatt: Write descr. could not find service");
3512 status = HAL_STATUS_FAILED;
3516 ch = queue_find(srvc->chars, match_char_by_element_id, &char_id);
3518 error("gatt: Write descr. could not find characteristic");
3520 status = HAL_STATUS_FAILED;
3524 descr = queue_find(ch->descriptors, match_descr_by_element_id,
3527 error("gatt: Write descr. could not find descriptor");
3529 status = HAL_STATUS_FAILED;
3533 if (cmd->write_type != GATT_WRITE_TYPE_NO_RESPONSE)
3534 cb_data = create_desc_data(conn_id, &srvc->id, &ch->id,
3535 &descr->id, primary);
3537 if (!set_auth_type(conn->device, cmd->auth_req)) {
3538 error("gatt: Failed to set security %d", cmd->auth_req);
3539 status = HAL_STATUS_FAILED;
3543 switch (cmd->write_type) {
3544 case GATT_WRITE_TYPE_NO_RESPONSE:
3545 res = gatt_write_cmd(conn->device->attrib, descr->handle,
3546 cmd->value, cmd->len, NULL , NULL);
3548 case GATT_WRITE_TYPE_PREPARE:
3549 res = gatt_reliable_write_char(conn->device->attrib,
3550 descr->handle, cmd->value,
3551 cmd->len, write_descr_cb,
3554 case GATT_WRITE_TYPE_DEFAULT:
3555 res = gatt_write_char(conn->device->attrib, descr->handle,
3556 cmd->value, cmd->len,
3557 write_descr_cb, cb_data);
3560 error("gatt: Write type %d unsupported", cmd->write_type);
3561 status = HAL_STATUS_UNSUPPORTED;
3566 error("gatt: Write desc, could not write desc");
3567 status = HAL_STATUS_FAILED;
3571 status = HAL_STATUS_SUCCESS;
3574 if (status != HAL_STATUS_SUCCESS ||
3575 cmd->write_type == GATT_WRITE_TYPE_NO_RESPONSE) {
3576 int32_t gatt_status = (status == HAL_STATUS_SUCCESS) ?
3577 GATT_SUCCESS : GATT_FAILURE;
3579 send_client_descr_write_notify(gatt_status, conn_id, &srvc_id,
3580 &char_id, &descr_id, primary);
3584 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3585 HAL_OP_GATT_CLIENT_WRITE_DESCRIPTOR, status);
3588 static void send_client_write_execute_notify(int32_t id, int32_t status)
3590 struct hal_ev_gatt_client_exec_write ev;
3595 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
3596 HAL_EV_GATT_CLIENT_EXEC_WRITE,
3600 static void write_execute_cb(guint8 status, const guint8 *pdu, guint16 len,
3603 send_client_write_execute_notify(PTR_TO_INT(user_data), status);
3606 static void handle_client_execute_write(const void *buf, uint16_t len)
3608 const struct hal_cmd_gatt_client_execute_write *cmd = buf;
3609 struct app_connection *conn;
3615 conn = find_connection_by_id(cmd->conn_id);
3617 status = HAL_STATUS_FAILED;
3621 flags = cmd->execute ? ATT_WRITE_ALL_PREP_WRITES :
3622 ATT_CANCEL_ALL_PREP_WRITES;
3624 if (!gatt_execute_write(conn->device->attrib, flags, write_execute_cb,
3625 INT_TO_PTR(cmd->conn_id))) {
3626 error("gatt: Could not send execute write");
3627 status = HAL_STATUS_FAILED;
3631 status = HAL_STATUS_SUCCESS;
3633 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3634 HAL_OP_GATT_CLIENT_EXECUTE_WRITE, status);
3636 /* In case of early error send also notification.*/
3637 if (status != HAL_STATUS_SUCCESS)
3638 send_client_write_execute_notify(cmd->conn_id, GATT_FAILURE);
3641 static void handle_notification(const uint8_t *pdu, uint16_t len,
3644 uint8_t buf[IPC_MTU];
3645 struct hal_ev_gatt_client_notify *ev = (void *) buf;
3646 struct notification_data *notification = user_data;
3647 uint8_t data_offset = sizeof(uint8_t) + sizeof(uint16_t);
3649 if (len < data_offset)
3652 memcpy(&ev->char_id, ¬ification->ch, sizeof(ev->char_id));
3653 memcpy(&ev->srvc_id, ¬ification->service, sizeof(ev->srvc_id));
3654 bdaddr2android(¬ification->conn->device->bdaddr, &ev->bda);
3655 ev->conn_id = notification->conn->id;
3656 ev->is_notify = pdu[0] == ATT_OP_HANDLE_NOTIFY;
3658 /* We have to cut opcode and handle from data */
3659 ev->len = len - data_offset;
3660 memcpy(ev->value, pdu + data_offset, len - data_offset);
3662 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT, HAL_EV_GATT_CLIENT_NOTIFY,
3663 sizeof(*ev) + ev->len, ev);
3666 static void send_register_for_notification_ev(int32_t id, int32_t registered,
3668 const struct hal_gatt_srvc_id *srvc,
3669 const struct hal_gatt_gatt_id *ch)
3671 struct hal_ev_gatt_client_reg_for_notif ev;
3675 ev.registered = registered;
3676 memcpy(&ev.srvc_id, srvc, sizeof(ev.srvc_id));
3677 memcpy(&ev.char_id, ch, sizeof(ev.char_id));
3679 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
3680 HAL_EV_GATT_CLIENT_REGISTER_FOR_NOTIF, sizeof(ev), &ev);
3683 static void handle_client_register_for_notification(const void *buf,
3686 const struct hal_cmd_gatt_client_register_for_notification *cmd = buf;
3687 struct notification_data *notification;
3688 struct characteristic *c;
3689 struct element_id match_id;
3690 struct app_connection *conn;
3691 int32_t conn_id = 0;
3692 struct service *service;
3694 int32_t gatt_status;
3699 android2bdaddr(&cmd->bdaddr, &addr);
3701 conn = find_conn(&addr, cmd->client_if);
3703 status = HAL_STATUS_FAILED;
3709 hal_srvc_id_to_element_id(&cmd->srvc_id, &match_id);
3710 service = queue_find(conn->device->services, match_srvc_by_element_id,
3713 status = HAL_STATUS_FAILED;
3717 hal_gatt_id_to_element_id(&cmd->char_id, &match_id);
3718 c = queue_find(service->chars, match_char_by_element_id, &match_id);
3720 status = HAL_STATUS_FAILED;
3724 notification = new0(struct notification_data, 1);
3726 memcpy(¬ification->ch, &cmd->char_id, sizeof(notification->ch));
3727 memcpy(¬ification->service, &cmd->srvc_id,
3728 sizeof(notification->service));
3729 notification->conn = conn;
3731 if (queue_find(conn->app->notifications, match_notification,
3734 status = HAL_STATUS_SUCCESS;
3738 notification->notif_id = g_attrib_register(conn->device->attrib,
3739 ATT_OP_HANDLE_NOTIFY,
3741 handle_notification,
3743 destroy_notification);
3744 if (!notification->notif_id) {
3746 status = HAL_STATUS_FAILED;
3750 notification->ind_id = g_attrib_register(conn->device->attrib,
3753 handle_notification,
3755 destroy_notification);
3756 if (!notification->ind_id) {
3757 g_attrib_unregister(conn->device->attrib,
3758 notification->notif_id);
3760 status = HAL_STATUS_FAILED;
3765 * Because same data - notification - is shared by two handlers, we
3766 * introduce ref counter to be sure that data can be freed with no risk.
3767 * Counter is decremented in destroy_notification.
3769 notification->ref = 2;
3771 queue_push_tail(conn->app->notifications, notification);
3773 status = HAL_STATUS_SUCCESS;
3776 gatt_status = status ? GATT_FAILURE : GATT_SUCCESS;
3777 send_register_for_notification_ev(conn_id, 1, gatt_status,
3778 &cmd->srvc_id, &cmd->char_id);
3779 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3780 HAL_OP_GATT_CLIENT_REGISTER_FOR_NOTIFICATION, status);
3783 static void handle_client_deregister_for_notification(const void *buf,
3786 const struct hal_cmd_gatt_client_deregister_for_notification *cmd = buf;
3787 struct notification_data *notification, notif;
3788 struct app_connection *conn;
3789 int32_t conn_id = 0;
3791 int32_t gatt_status;
3796 android2bdaddr(&cmd->bdaddr, &addr);
3798 conn = find_conn(&addr, cmd->client_if);
3800 status = HAL_STATUS_FAILED;
3806 memcpy(¬if.ch, &cmd->char_id, sizeof(notif.ch));
3807 memcpy(¬if.service, &cmd->srvc_id, sizeof(notif.service));
3810 notification = queue_find(conn->app->notifications,
3811 match_notification, ¬if);
3812 if (!notification) {
3813 status = HAL_STATUS_FAILED;
3817 unregister_notification(notification);
3819 status = HAL_STATUS_SUCCESS;
3822 gatt_status = status ? GATT_FAILURE : GATT_SUCCESS;
3823 send_register_for_notification_ev(conn_id, 0, gatt_status,
3824 &cmd->srvc_id, &cmd->char_id);
3826 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3827 HAL_OP_GATT_CLIENT_DEREGISTER_FOR_NOTIFICATION, status);
3830 static void send_client_remote_rssi_notify(int32_t client_if,
3831 const bdaddr_t *addr,
3832 int32_t rssi, int32_t status)
3834 struct hal_ev_gatt_client_read_remote_rssi ev;
3836 ev.client_if = client_if;
3837 bdaddr2android(addr, &ev.address);
3841 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
3842 HAL_EV_GATT_CLIENT_READ_REMOTE_RSSI, sizeof(ev), &ev);
3845 static void read_remote_rssi_cb(uint8_t status, const bdaddr_t *addr,
3846 int8_t rssi, void *user_data)
3848 int32_t client_if = PTR_TO_INT(user_data);
3849 int32_t gatt_status = status ? GATT_FAILURE : GATT_SUCCESS;
3851 send_client_remote_rssi_notify(client_if, addr, rssi, gatt_status);
3854 static void handle_client_read_remote_rssi(const void *buf, uint16_t len)
3856 const struct hal_cmd_gatt_client_read_remote_rssi *cmd = buf;
3862 if (!find_app_by_id(cmd->client_if)) {
3863 status = HAL_STATUS_FAILED;
3867 android2bdaddr(cmd->bdaddr, &bdaddr);
3868 if (!bt_read_device_rssi(&bdaddr, read_remote_rssi_cb,
3869 INT_TO_PTR(cmd->client_if))) {
3870 error("gatt: Could not read RSSI");
3871 status = HAL_STATUS_FAILED;
3875 status = HAL_STATUS_SUCCESS;
3878 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3879 HAL_OP_GATT_CLIENT_READ_REMOTE_RSSI, status);
3881 if (status != HAL_STATUS_SUCCESS)
3882 send_client_remote_rssi_notify(cmd->client_if, &bdaddr, 0,
3886 static void handle_client_get_device_type(const void *buf, uint16_t len)
3888 const struct hal_cmd_gatt_client_get_device_type *cmd = buf;
3889 struct hal_rsp_gatt_client_get_device_type rsp;
3894 android2bdaddr(cmd->bdaddr, &bdaddr);
3896 rsp.type = bt_get_device_android_type(&bdaddr);
3898 ipc_send_rsp_full(hal_ipc, HAL_SERVICE_ID_GATT,
3899 HAL_OP_GATT_CLIENT_GET_DEVICE_TYPE,
3900 sizeof(rsp), &rsp, -1);
3903 static void handle_client_set_adv_data(const void *buf, uint16_t len)
3905 const struct hal_cmd_gatt_client_set_adv_data *cmd = buf;
3908 if (len != sizeof(*cmd) + cmd->manufacturer_len) {
3909 error("Invalid set adv data command (%u bytes), terminating",
3915 DBG("scan_rsp=%u name=%u tx=%u min=%d max=%d app=%d",
3916 cmd->set_scan_rsp, cmd->include_name, cmd->include_txpower,
3917 cmd->min_interval, cmd->max_interval, cmd->appearance);
3919 DBG("manufacturer=%u service_data=%u service_uuid=%u",
3920 cmd->manufacturer_len, cmd->service_data_len,
3921 cmd->service_uuid_len);
3923 /* TODO This should be implemented when kernel supports it */
3924 if (cmd->manufacturer_len || cmd->service_data_len ||
3925 cmd->service_uuid_len) {
3926 error("gatt: Extra advertising data not supported");
3927 status = HAL_STATUS_FAILED;
3931 status = HAL_STATUS_SUCCESS;
3934 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
3935 HAL_OP_GATT_CLIENT_SET_ADV_DATA, status);
3938 static void test_command_result(guint8 status, const guint8 *pdu,
3939 guint16 len, gpointer user_data)
3941 DBG("status: %d", status);
3944 static uint8_t test_read_write(bdaddr_t *bdaddr, bt_uuid_t *uuid, uint16_t op,
3945 uint16_t u2, uint16_t u3,
3946 uint16_t u4, uint16_t u5)
3949 struct gatt_device *dev;
3953 dev = find_device_by_addr(bdaddr);
3954 if (!dev || dev->state != DEVICE_CONNECTED)
3955 return HAL_STATUS_FAILED;
3957 pdu = g_attrib_get_buffer(dev->attrib, &mtu);
3959 return HAL_STATUS_FAILED;
3962 case ATT_OP_READ_REQ:
3963 length = enc_read_req(u2, pdu, mtu);
3965 case ATT_OP_READ_BY_TYPE_REQ:
3966 length = enc_read_by_type_req(u2, u3, uuid, pdu, mtu);
3968 case ATT_OP_READ_BLOB_REQ:
3969 length = enc_read_blob_req(u2, u3, pdu, mtu);
3971 case ATT_OP_READ_BY_GROUP_REQ:
3972 length = enc_read_by_grp_req(u2, u3, uuid, pdu, mtu);
3974 case ATT_OP_READ_MULTI_REQ:
3975 return HAL_STATUS_UNSUPPORTED;
3976 case ATT_OP_WRITE_REQ:
3977 length = enc_write_req(u2, (uint8_t *) &u3, sizeof(u3), pdu,
3980 case ATT_OP_WRITE_CMD:
3981 length = enc_write_cmd(u2, (uint8_t *) &u3, sizeof(u3), pdu,
3984 case ATT_OP_PREP_WRITE_REQ:
3985 length = enc_prep_write_req(u2, u3, (uint8_t *) &u4, sizeof(u4),
3988 case ATT_OP_EXEC_WRITE_REQ:
3989 length = enc_exec_write_req(u2, pdu, mtu);
3991 case ATT_OP_SIGNED_WRITE_CMD:
3992 if (signed_write_cmd(dev, u2, (uint8_t *) &u3, sizeof(u3)))
3993 return HAL_STATUS_SUCCESS;
3995 return HAL_STATUS_FAILED;
3997 error("gatt: Unknown operation type");
3999 return HAL_STATUS_UNSUPPORTED;
4002 if (!g_attrib_send(dev->attrib, 0, pdu, length, test_command_result,
4004 return HAL_STATUS_FAILED;
4006 return HAL_STATUS_SUCCESS;
4009 static uint8_t test_increase_security(bdaddr_t *bdaddr, uint16_t u1)
4011 struct gatt_device *device;
4013 device = find_device_by_addr(bdaddr);
4015 return HAL_STATUS_FAILED;
4017 if (!set_auth_type(device, u1))
4018 return HAL_STATUS_FAILED;
4020 return HAL_STATUS_SUCCESS;
4023 static void handle_client_test_command(const void *buf, uint16_t len)
4025 const struct hal_cmd_gatt_client_test_command *cmd = buf;
4026 struct gatt_app *app;
4033 android2bdaddr(cmd->bda1, &bdaddr);
4034 android2uuid(cmd->uuid1, &uuid);
4036 switch (cmd->command) {
4037 case GATT_CLIENT_TEST_CMD_ENABLE:
4039 if (!test_client_if) {
4040 app = register_app(TEST_UUID, GATT_CLIENT);
4042 test_client_if = app->id;
4046 status = HAL_STATUS_SUCCESS;
4048 status = HAL_STATUS_FAILED;
4050 status = unregister_app(test_client_if);
4054 case GATT_CLIENT_TEST_CMD_CONNECT:
4055 /* TODO u1 holds device type, for now assume BLE */
4056 status = handle_connect(test_client_if, &bdaddr, false);
4058 case GATT_CLIENT_TEST_CMD_DISCONNECT:
4059 app = queue_find(gatt_apps, match_app_by_id,
4060 INT_TO_PTR(test_client_if));
4061 queue_remove_all(app_connections, match_connection_by_app, app,
4062 destroy_connection);
4064 status = HAL_STATUS_SUCCESS;
4066 case GATT_CLIENT_TEST_CMD_DISCOVER:
4067 status = HAL_STATUS_FAILED;
4069 case GATT_CLIENT_TEST_CMD_READ:
4070 case GATT_CLIENT_TEST_CMD_WRITE:
4071 status = test_read_write(&bdaddr, &uuid, cmd->u1, cmd->u2,
4072 cmd->u3, cmd->u4, cmd->u5);
4074 case GATT_CLIENT_TEST_CMD_INCREASE_SECURITY:
4075 status = test_increase_security(&bdaddr, cmd->u1);
4077 case GATT_CLIENT_TEST_CMD_PAIRING_CONFIG:
4079 status = HAL_STATUS_FAILED;
4083 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4084 HAL_OP_GATT_CLIENT_TEST_COMMAND, status);
4087 static void handle_server_register(const void *buf, uint16_t len)
4089 const struct hal_cmd_gatt_server_register *cmd = buf;
4090 struct hal_ev_gatt_server_register ev;
4091 struct gatt_app *app;
4095 memset(&ev, 0, sizeof(ev));
4097 app = register_app(cmd->uuid, GATT_SERVER);
4100 ev.server_if = app->id;
4101 ev.status = GATT_SUCCESS;
4103 ev.status = GATT_FAILURE;
4106 memcpy(ev.uuid, cmd->uuid, sizeof(ev.uuid));
4108 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4109 HAL_EV_GATT_SERVER_REGISTER, sizeof(ev), &ev);
4111 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_SERVER_REGISTER,
4112 HAL_STATUS_SUCCESS);
4115 static void handle_server_unregister(const void *buf, uint16_t len)
4117 const struct hal_cmd_gatt_server_unregister *cmd = buf;
4122 status = unregister_app(cmd->server_if);
4124 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4125 HAL_OP_GATT_SERVER_UNREGISTER, status);
4128 static void handle_server_connect(const void *buf, uint16_t len)
4130 const struct hal_cmd_gatt_server_connect *cmd = buf;
4136 android2bdaddr(&cmd->bdaddr, &addr);
4138 /* TODO: Handle transport flag */
4140 status = handle_connect(cmd->server_if, &addr, cmd->is_direct);
4142 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT, HAL_OP_GATT_SERVER_CONNECT,
4146 static void handle_server_disconnect(const void *buf, uint16_t len)
4148 const struct hal_cmd_gatt_server_disconnect *cmd = buf;
4149 struct app_connection *conn;
4154 /* TODO: should we care to match also bdaddr when conn_id is unique? */
4155 conn = queue_remove_if(app_connections, match_connection_by_id,
4156 INT_TO_PTR(cmd->conn_id));
4157 destroy_connection(conn);
4159 status = HAL_STATUS_SUCCESS;
4161 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4162 HAL_OP_GATT_SERVER_DISCONNECT, status);
4165 static void handle_server_add_service(const void *buf, uint16_t len)
4167 const struct hal_cmd_gatt_server_add_service *cmd = buf;
4168 struct hal_ev_gatt_server_service_added ev;
4169 struct gatt_app *server;
4170 struct gatt_db_attribute *service;
4176 memset(&ev, 0, sizeof(ev));
4178 server = find_app_by_id(cmd->server_if);
4180 status = HAL_STATUS_FAILED;
4184 android2uuid(cmd->srvc_id.uuid, &uuid);
4186 service = gatt_db_add_service(gatt_db, &uuid, cmd->srvc_id.is_primary,
4189 status = HAL_STATUS_FAILED;
4193 ev.srvc_handle = gatt_db_attribute_get_handle(service);
4194 if (!ev.srvc_handle) {
4195 status = HAL_STATUS_FAILED;
4199 status = HAL_STATUS_SUCCESS;
4202 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
4203 ev.srvc_id = cmd->srvc_id;
4204 ev.server_if = cmd->server_if;
4206 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4207 HAL_EV_GATT_SERVER_SERVICE_ADDED, sizeof(ev), &ev);
4209 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4210 HAL_OP_GATT_SERVER_ADD_SERVICE, status);
4213 static void handle_server_add_included_service(const void *buf, uint16_t len)
4215 const struct hal_cmd_gatt_server_add_inc_service *cmd = buf;
4216 struct hal_ev_gatt_server_inc_srvc_added ev;
4217 struct gatt_app *server;
4218 struct gatt_db_attribute *service, *include;
4223 memset(&ev, 0, sizeof(ev));
4225 server = find_app_by_id(cmd->server_if);
4227 status = HAL_STATUS_FAILED;
4231 service = gatt_db_get_attribute(gatt_db, cmd->service_handle);
4233 status = HAL_STATUS_FAILED;
4237 include = gatt_db_get_attribute(gatt_db, cmd->included_handle);
4239 status = HAL_STATUS_FAILED;
4243 service = gatt_db_service_add_included(service, include);
4245 status = HAL_STATUS_FAILED;
4249 ev.incl_srvc_handle = gatt_db_attribute_get_handle(service);
4250 status = HAL_STATUS_SUCCESS;
4252 ev.srvc_handle = cmd->service_handle;
4254 ev.server_if = cmd->server_if;
4255 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
4257 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4258 HAL_EV_GATT_SERVER_INC_SRVC_ADDED, sizeof(ev), &ev);
4260 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4261 HAL_OP_GATT_SERVER_ADD_INC_SERVICE, status);
4264 static bool is_service(const bt_uuid_t *type)
4268 bt_uuid16_create(&uuid, GATT_PRIM_SVC_UUID);
4269 if (!bt_uuid_cmp(&uuid, type))
4272 bt_uuid16_create(&uuid, GATT_SND_SVC_UUID);
4273 if (!bt_uuid_cmp(&uuid, type))
4279 static bool match_pending_dev_request(const void *data, const void *user_data)
4281 const struct pending_request *pending_request = data;
4283 return !pending_request->completed;
4286 static void send_dev_complete_response(struct gatt_device *device,
4290 uint8_t *rsp = g_attrib_get_buffer(device->attrib, &mtu);
4291 struct pending_request *val;
4295 if (queue_isempty(device->pending_requests))
4298 if (queue_find(device->pending_requests, match_pending_dev_request,
4300 DBG("Still pending requests");
4304 val = queue_peek_head(device->pending_requests);
4306 error = ATT_ECODE_ATTR_NOT_FOUND;
4316 case ATT_OP_READ_BY_TYPE_REQ: {
4317 struct att_data_list *adl;
4324 val = queue_pop_head(device->pending_requests);
4326 queue_destroy(temp, NULL);
4327 error = ATT_ECODE_ATTR_NOT_FOUND;
4332 queue_destroy(temp, NULL);
4334 destroy_pending_request(val);
4338 length = val->length;
4340 while (val && val->length == length && val->error == 0) {
4341 queue_push_tail(temp, val);
4342 val = queue_pop_head(device->pending_requests);
4345 adl = att_data_list_alloc(queue_length(temp),
4346 sizeof(uint16_t) + length);
4348 destroy_pending_request(val);
4350 val = queue_pop_head(temp);
4352 uint8_t *value = adl->data[iterator++];
4355 handle = gatt_db_attribute_get_handle(val->attrib);
4357 put_le16(handle, value);
4358 memcpy(&value[2], val->value, val->length);
4360 destroy_pending_request(val);
4361 val = queue_pop_head(temp);
4364 len = enc_read_by_type_resp(adl, rsp, mtu);
4366 att_data_list_free(adl);
4367 queue_destroy(temp, destroy_pending_request);
4371 case ATT_OP_READ_BLOB_REQ:
4372 len = enc_read_blob_resp(val->value, val->length, val->offset,
4375 case ATT_OP_READ_REQ:
4376 len = enc_read_resp(val->value, val->length, rsp, mtu);
4378 case ATT_OP_READ_BY_GROUP_REQ: {
4379 struct att_data_list *adl;
4386 val = queue_pop_head(device->pending_requests);
4388 queue_destroy(temp, NULL);
4389 error = ATT_ECODE_ATTR_NOT_FOUND;
4393 length = val->length;
4395 while (val && val->length == length) {
4396 queue_push_tail(temp, val);
4397 val = queue_pop_head(device->pending_requests);
4400 adl = att_data_list_alloc(queue_length(temp),
4401 2 * sizeof(uint16_t) + length);
4403 val = queue_pop_head(temp);
4405 uint8_t *value = adl->data[iterator++];
4406 uint16_t start_handle, end_handle;
4408 gatt_db_attribute_get_service_handles(val->attrib,
4412 put_le16(start_handle, value);
4413 put_le16(end_handle, &value[2]);
4414 memcpy(&value[4], val->value, val->length);
4416 destroy_pending_request(val);
4417 val = queue_pop_head(temp);
4420 len = enc_read_by_grp_resp(adl, rsp, mtu);
4422 att_data_list_free(adl);
4423 queue_destroy(temp, destroy_pending_request);
4427 case ATT_OP_FIND_BY_TYPE_REQ: {
4428 GSList *list = NULL;
4430 val = queue_pop_head(device->pending_requests);
4432 struct att_range *range;
4433 const bt_uuid_t *type;
4435 /* Its find by type and value - filter by value here */
4436 if ((val->length != val->filter_vlen) ||
4437 memcmp(val->value, val->filter_value,
4440 destroy_pending_request(val);
4441 val = queue_pop_head(device->pending_requests);
4445 range = new0(struct att_range, 1);
4446 range->start = gatt_db_attribute_get_handle(
4449 type = gatt_db_attribute_get_type(val->attrib);
4450 if (is_service(type))
4451 gatt_db_attribute_get_service_handles(
4456 range->end = range->start;
4458 list = g_slist_append(list, range);
4460 destroy_pending_request(val);
4461 val = queue_pop_head(device->pending_requests);
4465 len = enc_find_by_type_resp(list, rsp, mtu);
4467 error = ATT_ECODE_ATTR_NOT_FOUND;
4469 g_slist_free_full(list, free);
4473 case ATT_OP_EXEC_WRITE_REQ:
4474 len = enc_exec_write_resp(rsp);
4476 case ATT_OP_WRITE_REQ:
4477 len = enc_write_resp(rsp);
4479 case ATT_OP_PREP_WRITE_REQ: {
4482 handle = gatt_db_attribute_get_handle(val->attrib);
4483 len = enc_prep_write_resp(handle, val->offset, val->value,
4484 val->length, rsp, mtu);
4493 len = enc_error_resp(opcode, 0x0000, error, rsp, mtu);
4495 g_attrib_send(device->attrib, 0, rsp, len, NULL, NULL, NULL);
4497 queue_remove_all(device->pending_requests, NULL, NULL,
4498 destroy_pending_request);
4501 struct request_processing_data {
4503 struct gatt_device *device;
4506 static uint8_t check_device_permissions(struct gatt_device *device,
4507 uint8_t opcode, uint32_t permissions)
4512 io = g_attrib_get_channel(device->attrib);
4514 if (!bt_io_get(io, NULL, BT_IO_OPT_SEC_LEVEL, &sec_level,
4516 return ATT_ECODE_UNLIKELY;
4518 DBG("opcode 0x%02x permissions %u sec_level %u", opcode, permissions,
4522 case ATT_OP_SIGNED_WRITE_CMD:
4523 if (!(permissions & GATT_PERM_WRITE_SIGNED))
4524 return ATT_ECODE_WRITE_NOT_PERM;
4526 if (permissions & GATT_PERM_WRITE_SIGNED_MITM) {
4529 if (bt_get_csrk(&device->bdaddr, true, NULL, NULL,
4533 return ATT_ECODE_AUTHENTICATION;
4536 case ATT_OP_READ_BY_TYPE_REQ:
4537 case ATT_OP_READ_REQ:
4538 case ATT_OP_READ_BLOB_REQ:
4539 case ATT_OP_READ_MULTI_REQ:
4540 case ATT_OP_READ_BY_GROUP_REQ:
4541 case ATT_OP_FIND_BY_TYPE_REQ:
4542 case ATT_OP_FIND_INFO_REQ:
4543 if (!(permissions & GATT_PERM_READ))
4544 return ATT_ECODE_READ_NOT_PERM;
4546 if ((permissions & GATT_PERM_READ_MITM) &&
4547 sec_level < BT_SECURITY_HIGH)
4548 return ATT_ECODE_AUTHENTICATION;
4550 if ((permissions & GATT_PERM_READ_ENCRYPTED) &&
4551 sec_level < BT_SECURITY_MEDIUM)
4552 return ATT_ECODE_INSUFF_ENC;
4554 if (permissions & GATT_PERM_READ_AUTHORIZATION)
4555 return ATT_ECODE_AUTHORIZATION;
4557 case ATT_OP_WRITE_REQ:
4558 case ATT_OP_WRITE_CMD:
4559 case ATT_OP_PREP_WRITE_REQ:
4560 case ATT_OP_EXEC_WRITE_REQ:
4561 if (!(permissions & GATT_PERM_WRITE))
4562 return ATT_ECODE_WRITE_NOT_PERM;
4564 if ((permissions & GATT_PERM_WRITE_MITM) &&
4565 sec_level < BT_SECURITY_HIGH)
4566 return ATT_ECODE_AUTHENTICATION;
4568 if ((permissions & GATT_PERM_WRITE_ENCRYPTED) &&
4569 sec_level < BT_SECURITY_MEDIUM)
4570 return ATT_ECODE_INSUFF_ENC;
4572 if (permissions & GATT_PERM_WRITE_AUTHORIZATION)
4573 return ATT_ECODE_AUTHORIZATION;
4576 return ATT_ECODE_UNLIKELY;
4582 static uint8_t err_to_att(int err)
4584 if (!err || (err > 0 && err < UINT8_MAX))
4589 return ATT_ECODE_INVALID_HANDLE;
4591 return ATT_ECODE_INSUFF_RESOURCES;
4593 return ATT_ECODE_UNLIKELY;
4597 static void attribute_read_cb(struct gatt_db_attribute *attrib, int err,
4598 const uint8_t *value, size_t length,
4601 struct pending_request *resp_data = user_data;
4602 uint8_t error = err_to_att(err);
4604 resp_data->attrib = attrib;
4605 resp_data->length = length;
4606 resp_data->error = error;
4608 resp_data->completed = true;
4613 resp_data->value = malloc0(length);
4614 if (!resp_data->value) {
4615 resp_data->error = ATT_ECODE_INSUFF_RESOURCES;
4620 memcpy(resp_data->value, value, length);
4623 static void read_requested_attributes(void *data, void *user_data)
4625 struct pending_request *resp_data = data;
4626 struct request_processing_data *process_data = user_data;
4627 struct bt_att *att = g_attrib_get_att(process_data->device->attrib);
4628 struct gatt_db_attribute *attrib;
4629 uint32_t permissions;
4632 attrib = resp_data->attrib;
4634 resp_data->error = ATT_ECODE_ATTR_NOT_FOUND;
4635 resp_data->completed = true;
4639 permissions = gatt_db_attribute_get_permissions(attrib);
4642 * Check if it is attribute we didn't declare permissions, like service
4643 * declaration or included service. Set permissions to read only
4645 if (permissions == 0)
4646 permissions = GATT_PERM_READ;
4648 error = check_device_permissions(process_data->device,
4649 process_data->opcode,
4652 resp_data->error = error;
4653 resp_data->completed = true;
4657 gatt_db_attribute_read(attrib, resp_data->offset, process_data->opcode,
4658 att, attribute_read_cb, resp_data);
4661 static void process_dev_pending_requests(struct gatt_device *device,
4664 struct request_processing_data process_data;
4666 if (queue_isempty(device->pending_requests))
4669 process_data.device = device;
4670 process_data.opcode = att_opcode;
4672 /* Process pending requests and prepare response */
4673 queue_foreach(device->pending_requests, read_requested_attributes,
4676 send_dev_complete_response(device, att_opcode);
4679 static struct pending_trans_data *conn_add_transact(struct app_connection *conn,
4681 struct gatt_db_attribute *attrib,
4682 unsigned int serial_id)
4684 struct pending_trans_data *transaction;
4685 static int32_t trans_id = 1;
4687 transaction = new0(struct pending_trans_data, 1);
4688 transaction->id = trans_id++;
4689 transaction->opcode = opcode;
4690 transaction->attrib = attrib;
4691 transaction->serial_id = serial_id;
4693 queue_push_tail(conn->transactions, transaction);
4698 static bool get_dst_addr(struct bt_att *att, bdaddr_t *dst)
4700 GIOChannel *io = NULL;
4701 GError *gerr = NULL;
4703 io = g_io_channel_unix_new(bt_att_get_fd(att));
4707 bt_io_get(io, &gerr, BT_IO_OPT_DEST_BDADDR, dst, BT_IO_OPT_INVALID);
4709 error("gatt: bt_io_get: %s", gerr->message);
4711 g_io_channel_unref(io);
4715 g_io_channel_unref(io);
4719 static void read_cb(struct gatt_db_attribute *attrib, unsigned int id,
4720 uint16_t offset, uint8_t opcode, struct bt_att *att,
4723 struct pending_trans_data *transaction;
4724 struct hal_ev_gatt_server_request_read ev;
4725 struct gatt_app *app;
4726 struct app_connection *conn;
4727 int32_t app_id = PTR_TO_INT(user_data);
4732 app = find_app_by_id(app_id);
4734 error("gatt: read_cb, cound not found app id");
4738 if (!get_dst_addr(att, &bdaddr)) {
4739 error("gatt: read_cb, could not obtain dst BDADDR");
4743 conn = find_conn(&bdaddr, app->id);
4745 error("gatt: read_cb, cound not found connection");
4749 memset(&ev, 0, sizeof(ev));
4751 /* Store the request data, complete callback and transaction id */
4752 transaction = conn_add_transact(conn, opcode, attrib, id);
4754 bdaddr2android(&bdaddr, ev.bdaddr);
4755 ev.conn_id = conn->id;
4756 ev.attr_handle = gatt_db_attribute_get_handle(attrib);
4758 ev.is_long = opcode == ATT_OP_READ_BLOB_REQ;
4759 ev.trans_id = transaction->id;
4761 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4762 HAL_EV_GATT_SERVER_REQUEST_READ,
4768 gatt_db_attribute_read_result(attrib, id, -ENOENT, NULL, 0);
4771 static void write_cb(struct gatt_db_attribute *attrib, unsigned int id,
4772 uint16_t offset, const uint8_t *value, size_t len,
4773 uint8_t opcode, struct bt_att *att, void *user_data)
4775 uint8_t buf[IPC_MTU];
4776 struct hal_ev_gatt_server_request_write *ev = (void *) buf;
4777 struct pending_trans_data *transaction;
4778 struct gatt_app *app;
4779 int32_t app_id = PTR_TO_INT(user_data);
4780 struct app_connection *conn;
4785 app = find_app_by_id(app_id);
4787 error("gatt: write_cb could not found app id");
4791 if (!get_dst_addr(att, &bdaddr)) {
4792 error("gatt: write_cb, could not obtain dst BDADDR");
4796 conn = find_conn(&bdaddr, app->id);
4798 error("gatt: write_cb could not found connection");
4803 * Remember that this application has ongoing prep write
4804 * Need it later to find out where to send execute write
4806 if (opcode == ATT_OP_PREP_WRITE_REQ)
4807 conn->wait_execute_write = true;
4809 /* Store the request data, complete callback and transaction id */
4810 transaction = conn_add_transact(conn, opcode, attrib, id);
4812 memset(ev, 0, sizeof(*ev));
4814 bdaddr2android(&bdaddr, &ev->bdaddr);
4815 ev->attr_handle = gatt_db_attribute_get_handle(attrib);
4816 ev->offset = offset;
4818 ev->conn_id = conn->id;
4819 ev->trans_id = transaction->id;
4821 ev->is_prep = opcode == ATT_OP_PREP_WRITE_REQ;
4823 if (opcode == ATT_OP_WRITE_REQ || opcode == ATT_OP_PREP_WRITE_REQ)
4824 ev->need_rsp = 0x01;
4826 gatt_db_attribute_write_result(attrib, id, 0);
4829 memcpy(ev->value, value, len);
4831 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4832 HAL_EV_GATT_SERVER_REQUEST_WRITE,
4833 sizeof(*ev) + ev->length , ev);
4837 gatt_db_attribute_write_result(attrib, id, ATT_ECODE_UNLIKELY);
4840 static uint32_t android_to_gatt_permissions(int32_t hal_permissions)
4842 uint32_t permissions = 0;
4844 if (hal_permissions & HAL_GATT_PERMISSION_READ)
4845 permissions |= GATT_PERM_READ;
4847 if (hal_permissions & HAL_GATT_PERMISSION_READ_ENCRYPTED)
4848 permissions |= GATT_PERM_READ_ENCRYPTED | GATT_PERM_READ;
4850 if (hal_permissions & HAL_GATT_PERMISSION_READ_ENCRYPTED_MITM)
4851 permissions |= GATT_PERM_READ_MITM | GATT_PERM_READ_ENCRYPTED |
4854 if (hal_permissions & HAL_GATT_PERMISSION_WRITE)
4855 permissions |= GATT_PERM_WRITE;
4857 if (hal_permissions & HAL_GATT_PERMISSION_WRITE_ENCRYPTED)
4858 permissions |= GATT_PERM_WRITE_ENCRYPTED | GATT_PERM_WRITE;
4860 if (hal_permissions & HAL_GATT_PERMISSION_WRITE_ENCRYPTED_MITM)
4861 permissions |= GATT_PERM_WRITE_MITM |
4862 GATT_PERM_WRITE_ENCRYPTED | GATT_PERM_WRITE;
4864 if (hal_permissions & HAL_GATT_PERMISSION_WRITE_SIGNED)
4865 permissions |= GATT_PERM_WRITE_SIGNED;
4867 if (hal_permissions & HAL_GATT_PERMISSION_WRITE_SIGNED_MITM)
4868 permissions |= GATT_PERM_WRITE_SIGNED_MITM |
4869 GATT_PERM_WRITE_SIGNED;
4874 static void handle_server_add_characteristic(const void *buf, uint16_t len)
4876 const struct hal_cmd_gatt_server_add_characteristic *cmd = buf;
4877 struct hal_ev_gatt_server_characteristic_added ev;
4878 struct gatt_app *server;
4879 struct gatt_db_attribute *attrib;
4882 uint32_t permissions;
4883 int32_t app_id = cmd->server_if;
4887 memset(&ev, 0, sizeof(ev));
4889 server = find_app_by_id(app_id);
4891 status = HAL_STATUS_FAILED;
4895 attrib = gatt_db_get_attribute(gatt_db, cmd->service_handle);
4897 status = HAL_STATUS_FAILED;
4901 android2uuid(cmd->uuid, &uuid);
4902 permissions = android_to_gatt_permissions(cmd->permissions);
4904 attrib = gatt_db_service_add_characteristic(attrib,
4908 INT_TO_PTR(app_id));
4910 status = HAL_STATUS_FAILED;
4914 ev.char_handle = gatt_db_attribute_get_handle(attrib);
4915 status = HAL_STATUS_SUCCESS;
4918 ev.srvc_handle = cmd->service_handle;
4920 ev.server_if = app_id;
4921 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
4922 memcpy(ev.uuid, cmd->uuid, sizeof(cmd->uuid));
4924 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4925 HAL_EV_GATT_SERVER_CHAR_ADDED, sizeof(ev), &ev);
4927 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4928 HAL_OP_GATT_SERVER_ADD_CHARACTERISTIC, status);
4931 static void handle_server_add_descriptor(const void *buf, uint16_t len)
4933 const struct hal_cmd_gatt_server_add_descriptor *cmd = buf;
4934 struct hal_ev_gatt_server_descriptor_added ev;
4935 struct gatt_app *server;
4936 struct gatt_db_attribute *attrib;
4939 uint32_t permissions;
4940 int32_t app_id = cmd->server_if;
4944 memset(&ev, 0, sizeof(ev));
4946 server = find_app_by_id(app_id);
4948 status = HAL_STATUS_FAILED;
4952 android2uuid(cmd->uuid, &uuid);
4953 permissions = android_to_gatt_permissions(cmd->permissions);
4955 attrib = gatt_db_get_attribute(gatt_db, cmd->service_handle);
4957 status = HAL_STATUS_FAILED;
4961 attrib = gatt_db_service_add_descriptor(attrib, &uuid, permissions,
4963 INT_TO_PTR(app_id));
4965 status = HAL_STATUS_FAILED;
4969 ev.descr_handle = gatt_db_attribute_get_handle(attrib);
4970 status = HAL_STATUS_SUCCESS;
4973 ev.server_if = app_id;
4974 ev.srvc_handle = cmd->service_handle;
4975 memcpy(ev.uuid, cmd->uuid, sizeof(cmd->uuid));
4976 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
4978 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
4979 HAL_EV_GATT_SERVER_DESCRIPTOR_ADDED, sizeof(ev), &ev);
4981 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
4982 HAL_OP_GATT_SERVER_ADD_DESCRIPTOR, status);
4985 static void notify_service_change(void *data, void *user_data)
4987 struct att_range range;
4988 struct gatt_db_attribute *attrib = user_data;
4990 gatt_db_attribute_get_service_handles(attrib, &range.start, &range.end);
4992 /* In case of db error */
4996 notify_att_range_change(data, &range);
4999 static sdp_record_t *get_sdp_record(uuid_t *uuid, uint16_t start, uint16_t end,
5002 sdp_list_t *svclass_id, *apseq, *proto[2], *root, *aproto;
5003 uuid_t root_uuid, proto_uuid, l2cap;
5004 sdp_record_t *record;
5005 sdp_data_t *psm, *sh, *eh;
5006 uint16_t lp = ATT_PSM;
5008 record = sdp_record_alloc();
5012 sdp_uuid16_create(&root_uuid, PUBLIC_BROWSE_GROUP);
5013 root = sdp_list_append(NULL, &root_uuid);
5014 sdp_set_browse_groups(record, root);
5015 sdp_list_free(root, NULL);
5017 svclass_id = sdp_list_append(NULL, uuid);
5018 sdp_set_service_classes(record, svclass_id);
5019 sdp_list_free(svclass_id, NULL);
5021 sdp_uuid16_create(&l2cap, L2CAP_UUID);
5022 proto[0] = sdp_list_append(NULL, &l2cap);
5023 psm = sdp_data_alloc(SDP_UINT16, &lp);
5024 proto[0] = sdp_list_append(proto[0], psm);
5025 apseq = sdp_list_append(NULL, proto[0]);
5027 sdp_uuid16_create(&proto_uuid, ATT_UUID);
5028 proto[1] = sdp_list_append(NULL, &proto_uuid);
5029 sh = sdp_data_alloc(SDP_UINT16, &start);
5030 proto[1] = sdp_list_append(proto[1], sh);
5031 eh = sdp_data_alloc(SDP_UINT16, &end);
5032 proto[1] = sdp_list_append(proto[1], eh);
5033 apseq = sdp_list_append(apseq, proto[1]);
5035 aproto = sdp_list_append(NULL, apseq);
5036 sdp_set_access_protos(record, aproto);
5039 sdp_set_info_attr(record, name, "BlueZ for Android", NULL);
5044 sdp_list_free(proto[0], NULL);
5045 sdp_list_free(proto[1], NULL);
5046 sdp_list_free(apseq, NULL);
5047 sdp_list_free(aproto, NULL);
5052 static uint32_t add_sdp_record(const bt_uuid_t *uuid, uint16_t start,
5053 uint16_t end, const char *name)
5058 switch (uuid->type) {
5060 sdp_uuid16_create(&u, uuid->value.u16);
5063 sdp_uuid32_create(&u32, uuid->value.u32);
5064 sdp_uuid32_to_uuid128(&u, &u32);
5067 sdp_uuid128_create(&u, &uuid->value.u128);
5069 case BT_UUID_UNSPEC:
5074 rec = get_sdp_record(&u, start, end, name);
5078 if (bt_adapter_add_record(rec, 0) < 0) {
5079 error("gatt: Failed to register SDP record");
5080 sdp_record_free(rec);
5087 static bool match_service_sdp(const void *data, const void *user_data)
5089 const struct service_sdp *s = data;
5091 return s->service_handle == PTR_TO_INT(user_data);
5094 static struct service_sdp *new_service_sdp_record(int32_t service_handle)
5097 struct service_sdp *s;
5098 struct gatt_db_attribute *attrib;
5099 uint16_t end_handle;
5101 attrib = gatt_db_get_attribute(gatt_db, service_handle);
5105 gatt_db_attribute_get_service_handles(attrib, NULL, &end_handle);
5109 if (!gatt_db_attribute_get_service_uuid(attrib, &uuid))
5112 s = new0(struct service_sdp, 1);
5113 s->service_handle = service_handle;
5114 s->sdp_handle = add_sdp_record(&uuid, service_handle, end_handle, NULL);
5115 if (!s->sdp_handle) {
5123 static void free_service_sdp_record(void *data)
5125 struct service_sdp *s = data;
5130 bt_adapter_remove_record(s->sdp_handle);
5134 static bool add_service_sdp_record(int32_t service_handle)
5136 struct service_sdp *s;
5138 s = queue_find(services_sdp, match_service_sdp,
5139 INT_TO_PTR(service_handle));
5143 s = new_service_sdp_record(service_handle);
5147 queue_push_tail(services_sdp, s);
5152 static void remove_service_sdp_record(int32_t service_handle)
5154 struct service_sdp *s;
5156 s = queue_remove_if(services_sdp, match_service_sdp,
5157 INT_TO_PTR(service_handle));
5161 free_service_sdp_record(s);
5164 static void handle_server_start_service(const void *buf, uint16_t len)
5166 const struct hal_cmd_gatt_server_start_service *cmd = buf;
5167 struct hal_ev_gatt_server_service_started ev;
5168 struct gatt_app *server;
5169 struct gatt_db_attribute *attrib;
5172 DBG("transport 0x%02x", cmd->transport);
5174 memset(&ev, 0, sizeof(ev));
5176 if (cmd->transport == 0) {
5177 status = HAL_STATUS_FAILED;
5181 server = find_app_by_id(cmd->server_if);
5183 status = HAL_STATUS_FAILED;
5187 if (cmd->transport & GATT_SERVER_TRANSPORT_BREDR_BIT) {
5188 if (!add_service_sdp_record(cmd->service_handle)) {
5189 status = HAL_STATUS_FAILED;
5193 /* TODO: Handle BREDR only */
5195 attrib = gatt_db_get_attribute(gatt_db, cmd->service_handle);
5197 status = HAL_STATUS_FAILED;
5201 if (!gatt_db_service_set_active(attrib, true)) {
5203 * no need to clean SDP since this can fail only if service
5204 * handle is invalid in which case add_sdp_record() also fails
5206 status = HAL_STATUS_FAILED;
5210 queue_foreach(gatt_devices, notify_service_change, attrib);
5212 status = HAL_STATUS_SUCCESS;
5215 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
5216 ev.server_if = cmd->server_if;
5217 ev.srvc_handle = cmd->service_handle;
5219 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
5220 HAL_EV_GATT_SERVER_SERVICE_STARTED, sizeof(ev), &ev);
5222 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5223 HAL_OP_GATT_SERVER_START_SERVICE, status);
5226 static void handle_server_stop_service(const void *buf, uint16_t len)
5228 const struct hal_cmd_gatt_server_stop_service *cmd = buf;
5229 struct hal_ev_gatt_server_service_stopped ev;
5230 struct gatt_app *server;
5231 struct gatt_db_attribute *attrib;
5236 memset(&ev, 0, sizeof(ev));
5238 server = find_app_by_id(cmd->server_if);
5240 status = HAL_STATUS_FAILED;
5244 attrib = gatt_db_get_attribute(gatt_db, cmd->service_handle);
5246 status = HAL_STATUS_FAILED;
5250 if (!gatt_db_service_set_active(attrib, false)) {
5251 status = HAL_STATUS_FAILED;
5255 remove_service_sdp_record(cmd->service_handle);
5257 status = HAL_STATUS_SUCCESS;
5259 queue_foreach(gatt_devices, notify_service_change, attrib);
5262 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
5263 ev.server_if = cmd->server_if;
5264 ev.srvc_handle = cmd->service_handle;
5266 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
5267 HAL_EV_GATT_SERVER_SERVICE_STOPPED, sizeof(ev), &ev);
5269 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5270 HAL_OP_GATT_SERVER_STOP_SERVICE, status);
5273 static void handle_server_delete_service(const void *buf, uint16_t len)
5275 const struct hal_cmd_gatt_server_delete_service *cmd = buf;
5276 struct hal_ev_gatt_server_service_deleted ev;
5277 struct gatt_app *server;
5278 struct gatt_db_attribute *attrib;
5283 memset(&ev, 0, sizeof(ev));
5285 server = find_app_by_id(cmd->server_if);
5287 status = HAL_STATUS_FAILED;
5291 attrib = gatt_db_get_attribute(gatt_db, cmd->service_handle);
5293 status = HAL_STATUS_FAILED;
5297 if (!gatt_db_remove_service(gatt_db, attrib)) {
5298 status = HAL_STATUS_FAILED;
5302 remove_service_sdp_record(cmd->service_handle);
5304 status = HAL_STATUS_SUCCESS;
5307 ev.status = status == HAL_STATUS_SUCCESS ? GATT_SUCCESS : GATT_FAILURE;
5308 ev.srvc_handle = cmd->service_handle;
5309 ev.server_if = cmd->server_if;
5311 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
5312 HAL_EV_GATT_SERVER_SERVICE_DELETED, sizeof(ev), &ev);
5314 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5315 HAL_OP_GATT_SERVER_DELETE_SERVICE, status);
5318 static void indication_confirmation_cb(guint8 status, const guint8 *pdu,
5319 guint16 len, gpointer user_data)
5321 struct hal_ev_gatt_server_indication_sent ev;
5324 ev.conn_id = PTR_TO_UINT(user_data);
5326 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
5327 HAL_EV_GATT_SERVER_INDICATION_SENT, sizeof(ev), &ev);
5330 static void handle_server_send_indication(const void *buf, uint16_t len)
5332 const struct hal_cmd_gatt_server_send_indication *cmd = buf;
5333 struct app_connection *conn;
5338 GAttribResultFunc confirmation_cb = NULL;
5342 conn = find_connection_by_id(cmd->conn_id);
5344 error("gatt: Could not find connection");
5345 status = HAL_STATUS_FAILED;
5349 pdu = g_attrib_get_buffer(conn->device->attrib, &mtu);
5352 length = enc_indication(cmd->attribute_handle,
5353 (uint8_t *) cmd->value, cmd->len, pdu,
5355 confirmation_cb = indication_confirmation_cb;
5357 length = enc_notification(cmd->attribute_handle,
5358 (uint8_t *) cmd->value,
5359 cmd->len, pdu, mtu);
5362 if (!g_attrib_send(conn->device->attrib, 0, pdu, length,
5363 confirmation_cb, UINT_TO_PTR(conn->id), NULL)) {
5364 error("gatt: Failed to send indication");
5365 status = HAL_STATUS_FAILED;
5367 status = HAL_STATUS_SUCCESS;
5370 /* Here we confirm failed indications and all notifications */
5371 if (status || !confirmation_cb)
5372 indication_confirmation_cb(status, NULL, 0,
5373 UINT_TO_PTR(conn->id));
5376 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5377 HAL_OP_GATT_SERVER_SEND_INDICATION, status);
5380 static bool match_trans_id(const void *data, const void *user_data)
5382 const struct pending_trans_data *transaction = data;
5384 return transaction->id == PTR_TO_UINT(user_data);
5387 static bool find_conn_waiting_exec_write(const void *data,
5388 const void *user_data)
5390 const struct app_connection *conn = data;
5392 return conn->wait_execute_write;
5395 static bool pending_execute_write(void)
5397 return queue_find(app_connections, find_conn_waiting_exec_write, NULL);
5400 static void handle_server_send_response(const void *buf, uint16_t len)
5402 const struct hal_cmd_gatt_server_send_response *cmd = buf;
5403 struct pending_trans_data *transaction;
5404 struct app_connection *conn;
5409 conn = find_connection_by_id(cmd->conn_id);
5411 error("gatt: could not found connection");
5412 status = HAL_STATUS_FAILED;
5416 transaction = queue_remove_if(conn->transactions, match_trans_id,
5417 UINT_TO_PTR(cmd->trans_id));
5419 error("gatt: transaction ID = %d not found", cmd->trans_id);
5420 status = HAL_STATUS_FAILED;
5424 if (transaction->opcode == ATT_OP_EXEC_WRITE_REQ) {
5425 struct pending_request *req;
5427 conn->wait_execute_write = false;
5429 /* Check for execute response from all server applications */
5430 if (pending_execute_write())
5434 * This is usually done through db write callback but for
5435 * execute write we dont have the attribute or handle to call
5436 * gatt_db_attribute_write().
5438 req = queue_peek_head(conn->device->pending_requests);
5442 /* Cast status to uint8_t, due to (byte) cast in java layer. */
5443 req->error = err_to_att((uint8_t) cmd->status);
5444 req->completed = true;
5447 * FIXME: Handle situation when not all server applications
5448 * respond with a success.
5452 /* Cast status to uint8_t, due to (byte) cast in java layer. */
5453 if (transaction->opcode < ATT_OP_WRITE_REQ)
5454 gatt_db_attribute_read_result(transaction->attrib,
5455 transaction->serial_id,
5456 err_to_att((uint8_t) cmd->status),
5457 cmd->data, cmd->len);
5459 gatt_db_attribute_write_result(transaction->attrib,
5460 transaction->serial_id,
5461 err_to_att((uint8_t) cmd->status));
5463 send_dev_complete_response(conn->device, transaction->opcode);
5466 /* Clean request data */
5469 status = HAL_STATUS_SUCCESS;
5472 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5473 HAL_OP_GATT_SERVER_SEND_RESPONSE, status);
5476 static void handle_client_scan_filter_setup(const void *buf, uint16_t len)
5478 const struct hal_cmd_gatt_client_scan_filter_setup *cmd = buf;
5480 DBG("client_if %u", cmd->client_if);
5484 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5485 HAL_OP_GATT_CLIENT_SCAN_FILTER_SETUP,
5486 HAL_STATUS_UNSUPPORTED);
5489 static void handle_client_scan_filter_add_remove(const void *buf, uint16_t len)
5491 const struct hal_cmd_gatt_client_scan_filter_add_remove *cmd = buf;
5493 DBG("client_if %u", cmd->client_if);
5497 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5498 HAL_OP_GATT_CLIENT_SCAN_FILTER_ADD_REMOVE,
5499 HAL_STATUS_UNSUPPORTED);
5502 static void handle_client_scan_filter_clear(const void *buf, uint16_t len)
5504 const struct hal_cmd_gatt_client_scan_filter_clear *cmd = buf;
5506 DBG("client_if %u", cmd->client_if);
5510 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5511 HAL_OP_GATT_CLIENT_SCAN_FILTER_CLEAR,
5512 HAL_STATUS_UNSUPPORTED);
5515 static void handle_client_scan_filter_enable(const void *buf, uint16_t len)
5517 const struct hal_cmd_gatt_client_scan_filter_enable *cmd = buf;
5519 DBG("client_if %u", cmd->client_if);
5523 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5524 HAL_OP_GATT_CLIENT_SCAN_FILTER_ENABLE,
5525 HAL_STATUS_UNSUPPORTED);
5528 static void handle_client_configure_mtu(const void *buf, uint16_t len)
5530 const struct hal_cmd_gatt_client_configure_mtu *cmd = buf;
5531 static struct app_connection *conn;
5534 DBG("conn_id %u mtu %d", cmd->conn_id, cmd->mtu);
5536 conn = find_connection_by_id(cmd->conn_id);
5538 status = HAL_STATUS_FAILED;
5543 * currently MTU is always exchanged on connection, just report current
5546 * TODO figure out when send failed status in notification
5547 * TODO should we fail for BR/EDR?
5549 notify_client_mtu_change(conn, false);
5550 status = HAL_STATUS_SUCCESS;
5553 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5554 HAL_OP_GATT_CLIENT_CONFIGURE_MTU,
5558 static void handle_client_conn_param_update(const void *buf, uint16_t len)
5560 const struct hal_cmd_gatt_client_conn_param_update *cmd = buf;
5564 android2bdaddr(cmd->address, &bdaddr);
5565 ba2str(&bdaddr, address);
5571 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5572 HAL_OP_GATT_CLIENT_CONN_PARAM_UPDATE,
5573 HAL_STATUS_UNSUPPORTED);
5576 static void handle_client_set_scan_param(const void *buf, uint16_t len)
5578 const struct hal_cmd_gatt_client_set_scan_param *cmd = buf;
5580 DBG("interval %d window %d", cmd->interval, cmd->window);
5584 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5585 HAL_OP_GATT_CLIENT_SET_SCAN_PARAM,
5586 HAL_STATUS_UNSUPPORTED);
5589 static void handle_client_setup_multi_adv(const void *buf, uint16_t len)
5591 const struct hal_cmd_gatt_client_setup_multi_adv *cmd = buf;
5593 DBG("client_if %d", cmd->client_if);
5597 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5598 HAL_OP_GATT_CLIENT_SETUP_MULTI_ADV,
5599 HAL_STATUS_UNSUPPORTED);
5602 static void handle_client_update_multi_adv(const void *buf, uint16_t len)
5604 const struct hal_cmd_gatt_client_update_multi_adv *cmd = buf;
5606 DBG("client_if %d", cmd->client_if);
5610 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5611 HAL_OP_GATT_CLIENT_UPDATE_MULTI_ADV,
5612 HAL_STATUS_UNSUPPORTED);
5615 static void handle_client_setup_multi_adv_inst(const void *buf, uint16_t len)
5617 const struct hal_cmd_gatt_client_setup_multi_adv_inst *cmd = buf;
5619 DBG("client_if %d", cmd->client_if);
5623 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5624 HAL_OP_GATT_CLIENT_SETUP_MULTI_ADV_INST,
5625 HAL_STATUS_UNSUPPORTED);
5628 static void handle_client_disable_multi_adv_inst(const void *buf, uint16_t len)
5630 const struct hal_cmd_gatt_client_disable_multi_adv_inst *cmd = buf;
5632 DBG("client_if %d", cmd->client_if);
5636 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5637 HAL_OP_GATT_CLIENT_DISABLE_MULTI_ADV_INST,
5638 HAL_STATUS_UNSUPPORTED);
5641 static void handle_client_configure_batchscan(const void *buf, uint16_t len)
5643 const struct hal_cmd_gatt_client_configure_batchscan *cmd = buf;
5645 DBG("client_if %d", cmd->client_if);
5649 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5650 HAL_OP_GATT_CLIENT_CONFIGURE_BATCHSCAN,
5651 HAL_STATUS_UNSUPPORTED);
5654 static void handle_client_enable_batchscan(const void *buf, uint16_t len)
5656 const struct hal_cmd_gatt_client_enable_batchscan *cmd = buf;
5658 DBG("client_if %d", cmd->client_if);
5662 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5663 HAL_OP_GATT_CLIENT_ENABLE_BATCHSCAN,
5664 HAL_STATUS_UNSUPPORTED);
5667 static void handle_client_disable_batchscan(const void *buf, uint16_t len)
5669 const struct hal_cmd_gatt_client_disable_batchscan *cmd = buf;
5671 DBG("client_if %d", cmd->client_if);
5675 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5676 HAL_OP_GATT_CLIENT_DISABLE_BATCHSCAN,
5677 HAL_STATUS_UNSUPPORTED);
5680 static void handle_client_read_batchscan_reports(const void *buf, uint16_t len)
5682 const struct hal_cmd_gatt_client_read_batchscan_reports *cmd = buf;
5684 DBG("client_if %d", cmd->client_if);
5688 ipc_send_rsp(hal_ipc, HAL_SERVICE_ID_GATT,
5689 HAL_OP_GATT_CLIENT_READ_BATCHSCAN_REPORTS,
5690 HAL_STATUS_UNSUPPORTED);
5693 static const struct ipc_handler cmd_handlers[] = {
5694 /* HAL_OP_GATT_CLIENT_REGISTER */
5695 { handle_client_register, false,
5696 sizeof(struct hal_cmd_gatt_client_register) },
5697 /* HAL_OP_GATT_CLIENT_UNREGISTER */
5698 { handle_client_unregister, false,
5699 sizeof(struct hal_cmd_gatt_client_unregister) },
5700 /* HAL_OP_GATT_CLIENT_SCAN */
5701 { handle_client_scan, false,
5702 sizeof(struct hal_cmd_gatt_client_scan) },
5703 /* HAL_OP_GATT_CLIENT_CONNECT */
5704 { handle_client_connect, false,
5705 sizeof(struct hal_cmd_gatt_client_connect) },
5706 /* HAL_OP_GATT_CLIENT_DISCONNECT */
5707 { handle_client_disconnect, false,
5708 sizeof(struct hal_cmd_gatt_client_disconnect) },
5709 /* HAL_OP_GATT_CLIENT_LISTEN */
5710 { handle_client_listen, false,
5711 sizeof(struct hal_cmd_gatt_client_listen) },
5712 /* HAL_OP_GATT_CLIENT_REFRESH */
5713 { handle_client_refresh, false,
5714 sizeof(struct hal_cmd_gatt_client_refresh) },
5715 /* HAL_OP_GATT_CLIENT_SEARCH_SERVICE */
5716 { handle_client_search_service, true,
5717 sizeof(struct hal_cmd_gatt_client_search_service) },
5718 /* HAL_OP_GATT_CLIENT_GET_INCLUDED_SERVICE */
5719 { handle_client_get_included_service, true,
5720 sizeof(struct hal_cmd_gatt_client_get_included_service) },
5721 /* HAL_OP_GATT_CLIENT_GET_CHARACTERISTIC */
5722 { handle_client_get_characteristic, true,
5723 sizeof(struct hal_cmd_gatt_client_get_characteristic) },
5724 /* HAL_OP_GATT_CLIENT_GET_DESCRIPTOR */
5725 { handle_client_get_descriptor, true,
5726 sizeof(struct hal_cmd_gatt_client_get_descriptor) },
5727 /* HAL_OP_GATT_CLIENT_READ_CHARACTERISTIC */
5728 { handle_client_read_characteristic, false,
5729 sizeof(struct hal_cmd_gatt_client_read_characteristic) },
5730 /* HAL_OP_GATT_CLIENT_WRITE_CHARACTERISTIC */
5731 { handle_client_write_characteristic, true,
5732 sizeof(struct hal_cmd_gatt_client_write_characteristic) },
5733 /* HAL_OP_GATT_CLIENT_READ_DESCRIPTOR */
5734 { handle_client_read_descriptor, false,
5735 sizeof(struct hal_cmd_gatt_client_read_descriptor) },
5736 /* HAL_OP_GATT_CLIENT_WRITE_DESCRIPTOR */
5737 { handle_client_write_descriptor, true,
5738 sizeof(struct hal_cmd_gatt_client_write_descriptor) },
5739 /* HAL_OP_GATT_CLIENT_EXECUTE_WRITE */
5740 { handle_client_execute_write, false,
5741 sizeof(struct hal_cmd_gatt_client_execute_write)},
5742 /* HAL_OP_GATT_CLIENT_REGISTER_FOR_NOTIFICATION */
5743 { handle_client_register_for_notification, false,
5744 sizeof(struct hal_cmd_gatt_client_register_for_notification) },
5745 /* HAL_OP_GATT_CLIENT_DEREGISTER_FOR_NOTIFICATION */
5746 { handle_client_deregister_for_notification, false,
5747 sizeof(struct hal_cmd_gatt_client_deregister_for_notification) },
5748 /* HAL_OP_GATT_CLIENT_READ_REMOTE_RSSI */
5749 { handle_client_read_remote_rssi, false,
5750 sizeof(struct hal_cmd_gatt_client_read_remote_rssi) },
5751 /* HAL_OP_GATT_CLIENT_GET_DEVICE_TYPE */
5752 { handle_client_get_device_type, false,
5753 sizeof(struct hal_cmd_gatt_client_get_device_type) },
5754 /* HAL_OP_GATT_CLIENT_SET_ADV_DATA */
5755 { handle_client_set_adv_data, true,
5756 sizeof(struct hal_cmd_gatt_client_set_adv_data) },
5757 /* HAL_OP_GATT_CLIENT_TEST_COMMAND */
5758 { handle_client_test_command, false,
5759 sizeof(struct hal_cmd_gatt_client_test_command) },
5760 /* HAL_OP_GATT_SERVER_REGISTER */
5761 { handle_server_register, false,
5762 sizeof(struct hal_cmd_gatt_server_register) },
5763 /* HAL_OP_GATT_SERVER_UNREGISTER */
5764 { handle_server_unregister, false,
5765 sizeof(struct hal_cmd_gatt_server_unregister) },
5766 /* HAL_OP_GATT_SERVER_CONNECT */
5767 { handle_server_connect, false,
5768 sizeof(struct hal_cmd_gatt_server_connect) },
5769 /* HAL_OP_GATT_SERVER_DISCONNECT */
5770 { handle_server_disconnect, false,
5771 sizeof(struct hal_cmd_gatt_server_disconnect) },
5772 /* HAL_OP_GATT_SERVER_ADD_SERVICE */
5773 { handle_server_add_service, false,
5774 sizeof(struct hal_cmd_gatt_server_add_service) },
5775 /* HAL_OP_GATT_SERVER_ADD_INC_SERVICE */
5776 { handle_server_add_included_service, false,
5777 sizeof(struct hal_cmd_gatt_server_add_inc_service) },
5778 /* HAL_OP_GATT_SERVER_ADD_CHARACTERISTIC */
5779 { handle_server_add_characteristic, false,
5780 sizeof(struct hal_cmd_gatt_server_add_characteristic) },
5781 /* HAL_OP_GATT_SERVER_ADD_DESCRIPTOR */
5782 { handle_server_add_descriptor, false,
5783 sizeof(struct hal_cmd_gatt_server_add_descriptor) },
5784 /* HAL_OP_GATT_SERVER_START_SERVICE */
5785 { handle_server_start_service, false,
5786 sizeof(struct hal_cmd_gatt_server_start_service) },
5787 /* HAL_OP_GATT_SERVER_STOP_SERVICE */
5788 { handle_server_stop_service, false,
5789 sizeof(struct hal_cmd_gatt_server_stop_service) },
5790 /* HAL_OP_GATT_SERVER_DELETE_SERVICE */
5791 { handle_server_delete_service, false,
5792 sizeof(struct hal_cmd_gatt_server_delete_service) },
5793 /* HAL_OP_GATT_SERVER_SEND_INDICATION */
5794 { handle_server_send_indication, true,
5795 sizeof(struct hal_cmd_gatt_server_send_indication) },
5796 /* HAL_OP_GATT_SERVER_SEND_RESPONSE */
5797 { handle_server_send_response, true,
5798 sizeof(struct hal_cmd_gatt_server_send_response) },
5799 /* HAL_OP_GATT_CLIENT_SCAN_FILTER_SETUP */
5800 { handle_client_scan_filter_setup, false,
5801 sizeof(struct hal_cmd_gatt_client_scan_filter_setup) },
5802 /* HAL_OP_GATT_CLIENT_SCAN_FILTER_ADD_REMOVE */
5803 { handle_client_scan_filter_add_remove, true,
5804 sizeof(struct hal_cmd_gatt_client_scan_filter_add_remove) },
5805 /* HAL_OP_GATT_CLIENT_SCAN_FILTER_CLEAR */
5806 { handle_client_scan_filter_clear, false,
5807 sizeof(struct hal_cmd_gatt_client_scan_filter_clear) },
5808 /* HAL_OP_GATT_CLIENT_SCAN_FILTER_ENABLE */
5809 { handle_client_scan_filter_enable, false,
5810 sizeof(struct hal_cmd_gatt_client_scan_filter_enable) },
5811 /* HAL_OP_GATT_CLIENT_CONFIGURE_MTU */
5812 { handle_client_configure_mtu, false,
5813 sizeof(struct hal_cmd_gatt_client_configure_mtu) },
5814 /* HAL_OP_GATT_CLIENT_CONN_PARAM_UPDATE */
5815 { handle_client_conn_param_update, false,
5816 sizeof(struct hal_cmd_gatt_client_conn_param_update) },
5817 /* HAL_OP_GATT_CLIENT_SET_SCAN_PARAM */
5818 { handle_client_set_scan_param, false,
5819 sizeof(struct hal_cmd_gatt_client_set_scan_param) },
5820 /* HAL_OP_GATT_CLIENT_SETUP_MULTI_ADV */
5821 { handle_client_setup_multi_adv, false,
5822 sizeof(struct hal_cmd_gatt_client_setup_multi_adv) },
5823 /* HAL_OP_GATT_CLIENT_UPDATE_MULTI_ADV */
5824 { handle_client_update_multi_adv, false,
5825 sizeof(struct hal_cmd_gatt_client_update_multi_adv) },
5826 /* HAL_OP_GATT_CLIENT_SETUP_MULTI_ADV_INST */
5827 { handle_client_setup_multi_adv_inst, false,
5828 sizeof(struct hal_cmd_gatt_client_setup_multi_adv_inst) },
5829 /* HAL_OP_GATT_CLIENT_DISABLE_MULTI_ADV_INST */
5830 { handle_client_disable_multi_adv_inst, false,
5831 sizeof(struct hal_cmd_gatt_client_disable_multi_adv_inst) },
5832 /* HAL_OP_GATT_CLIENT_CONFIGURE_BATCHSCAN */
5833 { handle_client_configure_batchscan, false,
5834 sizeof(struct hal_cmd_gatt_client_configure_batchscan) },
5835 /* HAL_OP_GATT_CLIENT_ENABLE_BATCHSCAN */
5836 { handle_client_enable_batchscan, false,
5837 sizeof(struct hal_cmd_gatt_client_enable_batchscan) },
5838 /* HAL_OP_GATT_CLIENT_DISABLE_BATCHSCAN */
5839 { handle_client_disable_batchscan, false,
5840 sizeof(struct hal_cmd_gatt_client_disable_batchscan) },
5841 /* HAL_OP_GATT_CLIENT_READ_BATCHSCAN_REPORTS */
5842 { handle_client_read_batchscan_reports, false,
5843 sizeof(struct hal_cmd_gatt_client_read_batchscan_reports) },
5846 static uint8_t read_by_type(const uint8_t *cmd, uint16_t cmd_len,
5847 struct gatt_device *device)
5849 uint16_t start, end;
5857 case ATT_OP_READ_BY_TYPE_REQ:
5858 len = dec_read_by_type_req(cmd, cmd_len, &start, &end, &uuid);
5860 case ATT_OP_READ_BY_GROUP_REQ:
5861 len = dec_read_by_grp_req(cmd, cmd_len, &start, &end, &uuid);
5868 return ATT_ECODE_INVALID_PDU;
5870 if (start > end || start == 0)
5871 return ATT_ECODE_INVALID_HANDLE;
5876 case ATT_OP_READ_BY_TYPE_REQ:
5877 gatt_db_read_by_type(gatt_db, start, end, uuid, q);
5879 case ATT_OP_READ_BY_GROUP_REQ:
5880 gatt_db_read_by_group_type(gatt_db, start, end, uuid, q);
5886 if (queue_isempty(q)) {
5887 queue_destroy(q, NULL);
5888 return ATT_ECODE_ATTR_NOT_FOUND;
5891 while (queue_peek_head(q)) {
5892 struct pending_request *data;
5893 struct gatt_db_attribute *attrib = queue_pop_head(q);
5895 data = new0(struct pending_request, 1);
5896 data->attrib = attrib;
5897 queue_push_tail(device->pending_requests, data);
5900 queue_destroy(q, NULL);
5901 process_dev_pending_requests(device, cmd[0]);
5906 static uint8_t read_request(const uint8_t *cmd, uint16_t cmd_len,
5907 struct gatt_device *dev)
5909 struct gatt_db_attribute *attrib;
5913 struct pending_request *data;
5918 case ATT_OP_READ_BLOB_REQ:
5919 len = dec_read_blob_req(cmd, cmd_len, &handle, &offset);
5921 return ATT_ECODE_INVALID_PDU;
5923 case ATT_OP_READ_REQ:
5924 len = dec_read_req(cmd, cmd_len, &handle);
5926 return ATT_ECODE_INVALID_PDU;
5930 error("gatt: Unexpected read type 0x%02x", cmd[0]);
5931 return ATT_ECODE_REQ_NOT_SUPP;
5934 attrib = gatt_db_get_attribute(gatt_db, handle);
5936 return ATT_ECODE_INVALID_HANDLE;
5938 data = new0(struct pending_request, 1);
5939 data->offset = offset;
5940 data->attrib = attrib;
5941 queue_push_tail(dev->pending_requests, data);
5943 process_dev_pending_requests(dev, cmd[0]);
5948 static uint8_t mtu_att_handle(const uint8_t *cmd, uint16_t cmd_len,
5949 struct gatt_device *dev)
5951 uint16_t rmtu, mtu, len;
5957 len = dec_mtu_req(cmd, cmd_len, &rmtu);
5959 return ATT_ECODE_INVALID_PDU;
5961 /* MTU exchange shall not be used on BR/EDR - Vol 3. Part G. 4.3.1 */
5962 if (get_cid(dev) != ATT_CID)
5963 return ATT_ECODE_UNLIKELY;
5965 if (!get_local_mtu(dev, &mtu))
5966 return ATT_ECODE_UNLIKELY;
5968 if (!update_mtu(dev, rmtu))
5969 return ATT_ECODE_UNLIKELY;
5971 rsp = g_attrib_get_buffer(dev->attrib, &length);
5973 /* Respond with our MTU */
5974 len = enc_mtu_resp(mtu, rsp, length);
5975 if (!g_attrib_send(dev->attrib, 0, rsp, len, NULL, NULL, NULL))
5976 return ATT_ECODE_UNLIKELY;
5981 static uint8_t find_info_handle(const uint8_t *cmd, uint16_t cmd_len,
5982 uint8_t *rsp, size_t rsp_size, uint16_t *length)
5984 struct gatt_db_attribute *attrib;
5985 struct queue *q, *temp;
5986 struct att_data_list *adl;
5988 uint16_t start, end;
5989 uint16_t len, queue_len;
5995 len = dec_find_info_req(cmd, cmd_len, &start, &end);
5997 return ATT_ECODE_INVALID_PDU;
5999 if (start > end || start == 0)
6000 return ATT_ECODE_INVALID_HANDLE;
6004 gatt_db_find_information(gatt_db, start, end, q);
6006 if (queue_isempty(q)) {
6007 queue_destroy(q, NULL);
6008 return ATT_ECODE_ATTR_NOT_FOUND;
6013 attrib = queue_peek_head(q);
6014 /* UUIDS can be only 128 bit and 16 bit */
6015 len = bt_uuid_len(gatt_db_attribute_get_type(attrib));
6016 if (len != 2 && len != 16) {
6017 queue_destroy(q, NULL);
6018 queue_destroy(temp, NULL);
6019 return ATT_ECODE_UNLIKELY;
6023 const bt_uuid_t *type;
6025 type = gatt_db_attribute_get_type(attrib);
6026 if (bt_uuid_len(type) != len)
6029 queue_push_tail(temp, queue_pop_head(q));
6030 attrib = queue_peek_head(q);
6033 queue_destroy(q, NULL);
6035 queue_len = queue_length(temp);
6036 adl = att_data_list_alloc(queue_len, len + sizeof(uint16_t));
6038 queue_destroy(temp, NULL);
6039 return ATT_ECODE_INSUFF_RESOURCES;
6042 while (queue_peek_head(temp)) {
6044 const bt_uuid_t *type;
6045 struct gatt_db_attribute *attrib = queue_pop_head(temp);
6048 type = gatt_db_attribute_get_type(attrib);
6052 value = adl->data[iterator++];
6054 handle = gatt_db_attribute_get_handle(attrib);
6055 put_le16(handle, value);
6056 memcpy(&value[2], &type->value, len);
6060 format = ATT_FIND_INFO_RESP_FMT_16BIT;
6062 format = ATT_FIND_INFO_RESP_FMT_128BIT;
6064 len = enc_find_info_resp(format, adl, rsp, rsp_size);
6066 ret = ATT_ECODE_UNLIKELY;
6069 att_data_list_free(adl);
6070 queue_destroy(temp, NULL);
6075 struct find_by_type_request_data {
6076 struct gatt_device *device;
6077 uint8_t *search_value;
6082 static void find_by_type_request_cb(struct gatt_db_attribute *attrib,
6085 struct find_by_type_request_data *find_data = user_data;
6086 struct pending_request *request_data;
6088 if (find_data->error)
6091 request_data = new0(struct pending_request, 1);
6092 request_data->filter_value = malloc0(find_data->search_vlen);
6093 if (!request_data->filter_value) {
6094 destroy_pending_request(request_data);
6095 find_data->error = ATT_ECODE_INSUFF_RESOURCES;
6099 request_data->attrib = attrib;
6100 request_data->filter_vlen = find_data->search_vlen;
6101 memcpy(request_data->filter_value, find_data->search_value,
6102 find_data->search_vlen);
6104 queue_push_tail(find_data->device->pending_requests, request_data);
6107 static uint8_t find_by_type_request(const uint8_t *cmd, uint16_t cmd_len,
6108 struct gatt_device *device)
6110 uint8_t search_value[cmd_len];
6112 uint16_t start, end;
6115 struct find_by_type_request_data data;
6119 len = dec_find_by_type_req(cmd, cmd_len, &start, &end, &uuid,
6120 search_value, &search_vlen);
6122 return ATT_ECODE_INVALID_PDU;
6124 if (start > end || start == 0)
6125 return ATT_ECODE_INVALID_HANDLE;
6128 data.search_vlen = search_vlen;
6129 data.search_value = search_value;
6130 data.device = device;
6132 if (gatt_db_find_by_type(gatt_db, start, end, &uuid,
6133 find_by_type_request_cb, &data) == 0) {
6135 uint8_t *rsp = g_attrib_get_buffer(device->attrib, &mtu);
6137 len = enc_error_resp(ATT_OP_FIND_BY_TYPE_REQ, start,
6138 ATT_ECODE_ATTR_NOT_FOUND, rsp, mtu);
6139 g_attrib_send(device->attrib, 0, rsp, len, NULL, NULL, NULL);
6144 process_dev_pending_requests(device, ATT_OP_FIND_BY_TYPE_REQ);
6149 static void write_confirm(struct gatt_db_attribute *attrib,
6150 int err, void *user_data)
6155 error("Error writting attribute %p", attrib);
6158 static void write_cmd_request(const uint8_t *cmd, uint16_t cmd_len,
6159 struct gatt_device *dev)
6161 uint8_t value[cmd_len];
6162 struct gatt_db_attribute *attrib;
6163 uint32_t permissions;
6168 len = dec_write_cmd(cmd, cmd_len, &handle, value, &vlen);
6175 attrib = gatt_db_get_attribute(gatt_db, handle);
6179 permissions = gatt_db_attribute_get_permissions(attrib);
6181 if (check_device_permissions(dev, cmd[0], permissions))
6184 gatt_db_attribute_write(attrib, 0, value, vlen, cmd[0],
6185 g_attrib_get_att(dev->attrib),
6186 write_confirm, NULL);
6189 static void write_signed_cmd_request(const uint8_t *cmd, uint16_t cmd_len,
6190 struct gatt_device *dev)
6192 uint8_t value[cmd_len];
6193 uint8_t s[ATT_SIGNATURE_LEN];
6194 struct gatt_db_attribute *attrib;
6195 uint32_t permissions;
6202 if (get_cid(dev) != ATT_CID) {
6203 error("gatt: Remote tries write signed on BR/EDR bearer");
6204 connection_cleanup(dev);
6208 if (get_sec_level(dev) != BT_SECURITY_LOW) {
6209 error("gatt: Remote tries write signed on encrypted link");
6210 connection_cleanup(dev);
6214 if (!bt_get_csrk(&dev->bdaddr, false, csrk, &sign_cnt, NULL)) {
6215 error("gatt: No valid csrk from remote device");
6219 len = dec_signed_write_cmd(cmd, cmd_len, &handle, value, &vlen, s);
6224 attrib = gatt_db_get_attribute(gatt_db, handle);
6228 permissions = gatt_db_attribute_get_permissions(attrib);
6230 if (check_device_permissions(dev, cmd[0], permissions))
6234 uint8_t t[ATT_SIGNATURE_LEN];
6235 uint32_t r_sign_cnt = get_le32(s);
6237 if (r_sign_cnt < sign_cnt) {
6238 error("gatt: Invalid sign counter (%d<%d)",
6239 r_sign_cnt, sign_cnt);
6243 /* Generate signature and verify it */
6244 if (!bt_crypto_sign_att(crypto, csrk, cmd,
6245 cmd_len - ATT_SIGNATURE_LEN,
6247 error("gatt: Error when generating att signature");
6251 if (memcmp(t, s, ATT_SIGNATURE_LEN)) {
6252 error("gatt: signature does not match");
6255 /* Signature OK, proceed with write */
6256 bt_update_sign_counter(&dev->bdaddr, false, r_sign_cnt);
6257 gatt_db_attribute_write(attrib, 0, value, vlen, cmd[0],
6258 g_attrib_get_att(dev->attrib),
6259 write_confirm, NULL);
6263 static void attribute_write_cb(struct gatt_db_attribute *attrib, int err,
6266 struct pending_request *data = user_data;
6267 uint8_t error = err_to_att(err);
6271 data->attrib = attrib;
6272 data->error = error;
6273 data->completed = true;
6276 static uint8_t write_req_request(const uint8_t *cmd, uint16_t cmd_len,
6277 struct gatt_device *dev)
6279 uint8_t value[cmd_len];
6280 struct pending_request *data;
6281 struct gatt_db_attribute *attrib;
6282 uint32_t permissions;
6288 len = dec_write_req(cmd, cmd_len, &handle, value, &vlen);
6290 return ATT_ECODE_INVALID_PDU;
6293 return ATT_ECODE_INVALID_HANDLE;
6295 attrib = gatt_db_get_attribute(gatt_db, handle);
6297 return ATT_ECODE_ATTR_NOT_FOUND;
6299 permissions = gatt_db_attribute_get_permissions(attrib);
6301 error = check_device_permissions(dev, cmd[0], permissions);
6305 data = new0(struct pending_request, 1);
6306 data->attrib = attrib;
6308 queue_push_tail(dev->pending_requests, data);
6310 if (!gatt_db_attribute_write(attrib, 0, value, vlen, cmd[0],
6311 g_attrib_get_att(dev->attrib),
6312 attribute_write_cb, data)) {
6313 queue_remove(dev->pending_requests, data);
6315 return ATT_ECODE_UNLIKELY;
6318 send_dev_complete_response(dev, cmd[0]);
6323 static uint8_t write_prep_request(const uint8_t *cmd, uint16_t cmd_len,
6324 struct gatt_device *dev)
6326 uint8_t value[cmd_len];
6327 struct pending_request *data;
6328 struct gatt_db_attribute *attrib;
6329 uint32_t permissions;
6336 len = dec_prep_write_req(cmd, cmd_len, &handle, &offset,
6339 return ATT_ECODE_INVALID_PDU;
6342 return ATT_ECODE_INVALID_HANDLE;
6344 attrib = gatt_db_get_attribute(gatt_db, handle);
6346 return ATT_ECODE_ATTR_NOT_FOUND;
6348 permissions = gatt_db_attribute_get_permissions(attrib);
6350 error = check_device_permissions(dev, cmd[0], permissions);
6354 data = new0(struct pending_request, 1);
6355 data->attrib = attrib;
6356 data->offset = offset;
6358 queue_push_tail(dev->pending_requests, data);
6360 data->value = g_memdup(value, vlen);
6361 data->length = vlen;
6363 if (!gatt_db_attribute_write(attrib, offset, value, vlen, cmd[0],
6364 g_attrib_get_att(dev->attrib),
6365 attribute_write_cb, data)) {
6366 queue_remove(dev->pending_requests, data);
6367 g_free(data->value);
6370 return ATT_ECODE_UNLIKELY;
6373 send_dev_complete_response(dev, cmd[0]);
6378 static void send_server_write_execute_notify(void *data, void *user_data)
6380 struct hal_ev_gatt_server_request_exec_write *ev = user_data;
6381 struct pending_trans_data *transaction;
6382 struct app_connection *conn = data;
6384 if (!conn->wait_execute_write)
6387 ev->conn_id = conn->id;
6389 transaction = conn_add_transact(conn, ATT_OP_EXEC_WRITE_REQ, NULL, 0);
6391 ev->trans_id = transaction->id;
6393 ipc_send_notif(hal_ipc, HAL_SERVICE_ID_GATT,
6394 HAL_EV_GATT_SERVER_REQUEST_EXEC_WRITE, sizeof(*ev), ev);
6397 static uint8_t write_execute_request(const uint8_t *cmd, uint16_t cmd_len,
6398 struct gatt_device *dev)
6400 struct hal_ev_gatt_server_request_exec_write ev;
6402 struct pending_request *data;
6405 * Check if there was any write prep before.
6406 * TODO: Try to find better error code if possible
6408 if (!pending_execute_write())
6409 return ATT_ECODE_UNLIKELY;
6411 if (!dec_exec_write_req(cmd, cmd_len, &value))
6412 return ATT_ECODE_INVALID_PDU;
6414 memset(&ev, 0, sizeof(ev));
6415 bdaddr2android(&dev->bdaddr, &ev.bdaddr);
6416 ev.exec_write = value;
6418 data = new0(struct pending_request, 1);
6420 queue_push_tail(dev->pending_requests, data);
6422 queue_foreach(app_connections, send_server_write_execute_notify, &ev);
6423 send_dev_complete_response(dev, cmd[0]);
6428 static void att_handler(const uint8_t *ipdu, uint16_t len, gpointer user_data)
6430 struct gatt_device *dev = user_data;
6432 uint16_t resp_length = 0;
6434 uint8_t *opdu = g_attrib_get_buffer(dev->attrib, &length);
6436 DBG("op 0x%02x", ipdu[0]);
6439 error("gatt: Too much data on ATT socket %p", opdu);
6440 status = ATT_ECODE_INVALID_PDU;
6445 case ATT_OP_READ_BY_GROUP_REQ:
6446 case ATT_OP_READ_BY_TYPE_REQ:
6447 status = read_by_type(ipdu, len, dev);
6449 case ATT_OP_READ_REQ:
6450 case ATT_OP_READ_BLOB_REQ:
6451 status = read_request(ipdu, len, dev);
6453 case ATT_OP_MTU_REQ:
6454 status = mtu_att_handle(ipdu, len, dev);
6456 case ATT_OP_FIND_INFO_REQ:
6457 status = find_info_handle(ipdu, len, opdu, length,
6460 case ATT_OP_WRITE_REQ:
6461 status = write_req_request(ipdu, len, dev);
6463 case ATT_OP_WRITE_CMD:
6464 write_cmd_request(ipdu, len, dev);
6465 /* No response on write cmd */
6467 case ATT_OP_SIGNED_WRITE_CMD:
6468 write_signed_cmd_request(ipdu, len, dev);
6469 /* No response on write signed cmd */
6471 case ATT_OP_PREP_WRITE_REQ:
6472 status = write_prep_request(ipdu, len, dev);
6474 case ATT_OP_FIND_BY_TYPE_REQ:
6475 status = find_by_type_request(ipdu, len, dev);
6477 case ATT_OP_EXEC_WRITE_REQ:
6478 status = write_execute_request(ipdu, len, dev);
6480 case ATT_OP_READ_MULTI_REQ:
6482 DBG("Unsupported request 0x%02x", ipdu[0]);
6483 status = ATT_ECODE_REQ_NOT_SUPP;
6489 resp_length = enc_error_resp(ipdu[0], 0x0000, status, opdu,
6492 g_attrib_send(dev->attrib, 0, opdu, resp_length, NULL, NULL, NULL);
6495 static void connect_confirm(GIOChannel *io, void *user_data)
6497 struct gatt_device *dev;
6499 GError *gerr = NULL;
6503 bt_io_get(io, &gerr, BT_IO_OPT_DEST_BDADDR, &dst, BT_IO_OPT_INVALID);
6505 error("gatt: bt_io_get: %s", gerr->message);
6510 /* TODO Handle collision */
6511 dev = find_device_by_addr(&dst);
6513 dev = create_device(&dst);
6515 if ((dev->state != DEVICE_DISCONNECTED) &&
6516 !(dev->state == DEVICE_CONNECT_INIT &&
6517 bt_kernel_conn_control())) {
6521 info("gatt: Rejecting incoming connection from %s",
6527 if (!bt_io_accept(io, connect_cb, device_ref(dev), NULL, NULL)) {
6528 error("gatt: failed to accept connection");
6533 queue_foreach(listen_apps, create_app_connection, dev);
6534 device_set_state(dev, DEVICE_CONNECT_READY);
6539 g_io_channel_shutdown(io, TRUE, NULL);
6542 struct gap_srvc_handles {
6543 struct gatt_db_attribute *srvc;
6545 /* Characteristics */
6546 struct gatt_db_attribute *dev_name;
6547 struct gatt_db_attribute *appear;
6548 struct gatt_db_attribute *priv;
6551 static struct gap_srvc_handles gap_srvc_data;
6553 #define APPEARANCE_GENERIC_PHONE 0x0040
6554 #define PERIPHERAL_PRIVACY_DISABLE 0x00
6556 static void device_name_read_cb(struct gatt_db_attribute *attrib,
6557 unsigned int id, uint16_t offset,
6558 uint8_t opcode, struct bt_att *att,
6561 const char *name = bt_get_adapter_name();
6563 gatt_db_attribute_read_result(attrib, id, 0, (void *) name,
6567 static void register_gap_service(void)
6569 uint16_t start, end;
6573 bt_uuid16_create(&uuid, 0x1800);
6574 gap_srvc_data.srvc = gatt_db_add_service(gatt_db, &uuid, true, 7);
6576 /* Device name characteristic */
6577 bt_uuid16_create(&uuid, GATT_CHARAC_DEVICE_NAME);
6578 gap_srvc_data.dev_name =
6579 gatt_db_service_add_characteristic(gap_srvc_data.srvc,
6580 &uuid, GATT_PERM_READ,
6582 device_name_read_cb,
6586 bt_uuid16_create(&uuid, GATT_CHARAC_APPEARANCE);
6588 gap_srvc_data.appear =
6589 gatt_db_service_add_characteristic(gap_srvc_data.srvc,
6590 &uuid, GATT_PERM_READ,
6593 if (gap_srvc_data.appear) {
6595 /* Store appearance into db */
6596 value = cpu_to_le16(APPEARANCE_GENERIC_PHONE);
6597 gatt_db_attribute_write(gap_srvc_data.appear, 0,
6598 (void *) &value, sizeof(value),
6599 ATT_OP_WRITE_REQ, NULL,
6600 write_confirm, NULL);
6603 /* Pripheral privacy flag */
6604 bt_uuid16_create(&uuid, GATT_CHARAC_PERIPHERAL_PRIV_FLAG);
6605 gap_srvc_data.priv =
6606 gatt_db_service_add_characteristic(gap_srvc_data.srvc,
6607 &uuid, GATT_PERM_READ,
6610 if (gap_srvc_data.priv) {
6613 /* Store privacy into db */
6614 value = PERIPHERAL_PRIVACY_DISABLE;
6615 gatt_db_attribute_write(gap_srvc_data.priv, 0,
6616 &value, sizeof(value),
6617 ATT_OP_WRITE_REQ, NULL,
6618 write_confirm, NULL);
6621 gatt_db_service_set_active(gap_srvc_data.srvc , true);
6624 bt_uuid16_create(&uuid, 0x1800);
6625 gatt_db_attribute_get_service_handles(gap_srvc_data.srvc, &start, &end);
6626 gap_sdp_handle = add_sdp_record(&uuid, start, end,
6627 "Generic Access Profile");
6628 if (!gap_sdp_handle)
6629 error("gatt: Failed to register GAP SDP record");
6632 static void device_info_read_cb(struct gatt_db_attribute *attrib,
6633 unsigned int id, uint16_t offset,
6634 uint8_t opcode, struct bt_att *att,
6637 char *buf = user_data;
6639 gatt_db_attribute_read_result(attrib, id, 0, user_data, strlen(buf));
6642 static void device_info_read_system_id_cb(struct gatt_db_attribute *attrib,
6643 unsigned int id, uint16_t offset,
6644 uint8_t opcode, struct bt_att *att,
6649 put_le64(bt_config_get_system_id(), pdu);
6651 gatt_db_attribute_read_result(attrib, id, 0, pdu, sizeof(pdu));
6654 static void device_info_read_pnp_id_cb(struct gatt_db_attribute *attrib,
6655 unsigned int id, uint16_t offset,
6656 uint8_t opcode, struct bt_att *att,
6661 pdu[0] = bt_config_get_pnp_source();
6662 put_le16(bt_config_get_pnp_vendor(), &pdu[1]);
6663 put_le16(bt_config_get_pnp_product(), &pdu[3]);
6664 put_le16(bt_config_get_pnp_version(), &pdu[5]);
6666 gatt_db_attribute_read_result(attrib, id, 0, pdu, sizeof(pdu));
6669 static void register_device_info_service(void)
6672 struct gatt_db_attribute *service;
6673 uint16_t start_handle, end_handle;
6675 uint32_t enc_perm = GATT_PERM_READ | GATT_PERM_READ_ENCRYPTED;
6679 /* Device Information Service */
6680 bt_uuid16_create(&uuid, 0x180a);
6681 service = gatt_db_add_service(gatt_db, &uuid, true, 17);
6683 /* User data are not const hence (void *) cast is used */
6684 data = bt_config_get_name();
6686 bt_uuid16_create(&uuid, GATT_CHARAC_MODEL_NUMBER_STRING);
6687 gatt_db_service_add_characteristic(service, &uuid,
6690 device_info_read_cb, NULL,
6694 data = bt_config_get_serial();
6696 bt_uuid16_create(&uuid, GATT_CHARAC_SERIAL_NUMBER_STRING);
6697 gatt_db_service_add_characteristic(service, &uuid,
6698 enc_perm, GATT_CHR_PROP_READ,
6699 device_info_read_cb, NULL,
6703 if (bt_config_get_system_id()) {
6704 bt_uuid16_create(&uuid, GATT_CHARAC_SYSTEM_ID);
6705 gatt_db_service_add_characteristic(service, &uuid,
6706 enc_perm, GATT_CHR_PROP_READ,
6707 device_info_read_system_id_cb,
6711 data = bt_config_get_fw_rev();
6713 bt_uuid16_create(&uuid, GATT_CHARAC_FIRMWARE_REVISION_STRING);
6714 gatt_db_service_add_characteristic(service, &uuid,
6717 device_info_read_cb, NULL,
6721 data = bt_config_get_hw_rev();
6723 bt_uuid16_create(&uuid, GATT_CHARAC_HARDWARE_REVISION_STRING);
6724 gatt_db_service_add_characteristic(service, &uuid,
6727 device_info_read_cb, NULL,
6731 bt_uuid16_create(&uuid, GATT_CHARAC_SOFTWARE_REVISION_STRING);
6732 gatt_db_service_add_characteristic(service, &uuid, GATT_PERM_READ,
6733 GATT_CHR_PROP_READ, device_info_read_cb,
6736 data = bt_config_get_vendor();
6738 bt_uuid16_create(&uuid, GATT_CHARAC_MANUFACTURER_NAME_STRING);
6739 gatt_db_service_add_characteristic(service, &uuid,
6742 device_info_read_cb, NULL,
6746 if (bt_config_get_pnp_source()) {
6747 bt_uuid16_create(&uuid, GATT_CHARAC_PNP_ID);
6748 gatt_db_service_add_characteristic(service, &uuid,
6751 device_info_read_pnp_id_cb,
6755 gatt_db_service_set_active(service, true);
6758 bt_uuid16_create(&uuid, 0x180a);
6759 gatt_db_attribute_get_service_handles(service, &start_handle,
6761 dis_sdp_handle = add_sdp_record(&uuid, start_handle, end_handle,
6762 "Device Information Service");
6763 if (!dis_sdp_handle)
6764 error("gatt: Failed to register DIS SDP record");
6767 static void gatt_srvc_change_write_cb(struct gatt_db_attribute *attrib,
6768 unsigned int id, uint16_t offset,
6769 const uint8_t *value, size_t len,
6770 uint8_t opcode, struct bt_att *att,
6773 struct gatt_device *dev;
6776 if (!get_dst_addr(att, &bdaddr)) {
6777 error("gatt: srvc_change_write_cb, could not obtain BDADDR");
6781 dev = find_device_by_addr(&bdaddr);
6783 error("gatt: Could not find device ?!");
6787 if (!bt_device_is_bonded(&bdaddr)) {
6788 gatt_db_attribute_write_result(attrib, id,
6789 ATT_ECODE_AUTHORIZATION);
6793 /* 2 octets are expected as CCC value */
6795 gatt_db_attribute_write_result(attrib, id,
6796 ATT_ECODE_INVAL_ATTR_VALUE_LEN);
6800 /* Set services changed indication value */
6801 bt_store_gatt_ccc(&bdaddr, get_le16(value));
6803 gatt_db_attribute_write_result(attrib, id, 0);
6806 static void gatt_srvc_change_read_cb(struct gatt_db_attribute *attrib,
6807 unsigned int id, uint16_t offset,
6808 uint8_t opcode, struct bt_att *att,
6811 struct gatt_device *dev;
6815 if (!get_dst_addr(att, &bdaddr)) {
6816 error("gatt: srvc_change_read_cb, could not obtain BDADDR");
6820 dev = find_device_by_addr(&bdaddr);
6822 error("gatt: Could not find device ?!");
6826 put_le16(bt_get_gatt_ccc(&dev->bdaddr), pdu);
6828 gatt_db_attribute_read_result(attrib, id, 0, pdu, sizeof(pdu));
6831 static void register_gatt_service(void)
6833 struct gatt_db_attribute *service;
6834 uint16_t start_handle, end_handle;
6839 bt_uuid16_create(&uuid, 0x1801);
6840 service = gatt_db_add_service(gatt_db, &uuid, true, 4);
6842 bt_uuid16_create(&uuid, GATT_CHARAC_SERVICE_CHANGED);
6843 service_changed_attrib = gatt_db_service_add_characteristic(service,
6844 &uuid, GATT_PERM_NONE,
6845 GATT_CHR_PROP_INDICATE,
6848 bt_uuid16_create(&uuid, GATT_CLIENT_CHARAC_CFG_UUID);
6849 gatt_db_service_add_descriptor(service, &uuid,
6850 GATT_PERM_READ | GATT_PERM_WRITE,
6851 gatt_srvc_change_read_cb,
6852 gatt_srvc_change_write_cb, NULL);
6854 gatt_db_service_set_active(service, true);
6857 bt_uuid16_create(&uuid, 0x1801);
6858 gatt_db_attribute_get_service_handles(service, &start_handle,
6860 gatt_sdp_handle = add_sdp_record(&uuid, start_handle, end_handle,
6861 "Generic Attribute Profile");
6863 if (!gatt_sdp_handle)
6864 error("gatt: Failed to register GATT SDP record");
6867 static bool start_listening(void)
6870 bredr_io = bt_io_listen(NULL, connect_confirm, NULL, NULL, NULL,
6871 BT_IO_OPT_SOURCE_TYPE, BDADDR_BREDR,
6872 BT_IO_OPT_PSM, ATT_PSM,
6873 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
6877 le_io = bt_io_listen(NULL, connect_confirm, NULL, NULL, NULL,
6878 BT_IO_OPT_SOURCE_TYPE, BDADDR_LE_PUBLIC,
6879 BT_IO_OPT_CID, ATT_CID,
6880 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_LOW,
6883 if (!le_io && !bredr_io) {
6884 error("gatt: Failed to start listening IO");
6891 static void gatt_paired_cb(const bdaddr_t *addr)
6893 struct gatt_device *dev;
6895 struct app_connection *conn;
6897 dev = find_device_by_addr(addr);
6901 ba2str(addr, address);
6902 DBG("Paired device %s", address);
6904 /* conn without app is internal one used for search primary services */
6905 conn = find_conn_without_app(dev);
6909 if (conn->timeout_id > 0) {
6910 g_source_remove(conn->timeout_id);
6911 conn->timeout_id = 0;
6914 search_dev_for_srvc(conn, NULL);
6917 static void gatt_unpaired_cb(const bdaddr_t *addr)
6919 struct gatt_device *dev;
6922 dev = find_device_by_addr(addr);
6926 ba2str(addr, address);
6927 DBG("Unpaired device %s", address);
6929 queue_remove(gatt_devices, dev);
6930 destroy_device(dev);
6933 bool bt_gatt_register(struct ipc *ipc, const bdaddr_t *addr)
6937 if (!bt_paired_register(gatt_paired_cb)) {
6938 error("gatt: Could not register paired callback");
6942 if (!bt_unpaired_register(gatt_unpaired_cb)) {
6943 error("gatt: Could not register unpaired callback");
6947 if (!start_listening())
6950 crypto = bt_crypto_new();
6952 error("gatt: Failed to setup crypto");
6956 gatt_devices = queue_new();
6957 gatt_apps = queue_new();
6958 app_connections = queue_new();
6959 listen_apps = queue_new();
6960 services_sdp = queue_new();
6961 gatt_db = gatt_db_new();
6964 error("gatt: Failed to allocate memory for database");
6968 if (!bt_le_register(le_device_found_handler)) {
6969 error("gatt: bt_le_register failed");
6973 bacpy(&adapter_addr, addr);
6977 ipc_register(hal_ipc, HAL_SERVICE_ID_GATT, cmd_handlers,
6978 G_N_ELEMENTS(cmd_handlers));
6980 register_gap_service();
6981 register_device_info_service();
6982 register_gatt_service();
6984 info("gatt: LE: %s BR/EDR: %s", le_io ? "enabled" : "disabled",
6985 bredr_io ? "enabled" : "disabled");
6991 bt_paired_unregister(gatt_paired_cb);
6992 bt_unpaired_unregister(gatt_unpaired_cb);
6994 queue_destroy(gatt_apps, NULL);
6997 queue_destroy(gatt_devices, NULL);
6998 gatt_devices = NULL;
7000 queue_destroy(app_connections, NULL);
7001 app_connections = NULL;
7003 queue_destroy(listen_apps, NULL);
7006 queue_destroy(services_sdp, NULL);
7007 services_sdp = NULL;
7009 gatt_db_unref(gatt_db);
7012 bt_crypto_unref(crypto);
7016 g_io_channel_unref(le_io);
7021 g_io_channel_unref(bredr_io);
7028 void bt_gatt_unregister(void)
7032 ipc_unregister(hal_ipc, HAL_SERVICE_ID_GATT);
7035 queue_destroy(app_connections, destroy_connection);
7036 app_connections = NULL;
7038 queue_destroy(gatt_apps, destroy_gatt_app);
7041 queue_destroy(gatt_devices, destroy_device);
7042 gatt_devices = NULL;
7044 queue_destroy(services_sdp, free_service_sdp_record);
7045 services_sdp = NULL;
7047 queue_destroy(listen_apps, NULL);
7050 gatt_db_unref(gatt_db);
7054 g_io_channel_unref(le_io);
7059 g_io_channel_unref(bredr_io);
7063 if (gap_sdp_handle) {
7064 bt_adapter_remove_record(gap_sdp_handle);
7068 if (gatt_sdp_handle) {
7069 bt_adapter_remove_record(gatt_sdp_handle);
7070 gatt_sdp_handle = 0;
7073 if (dis_sdp_handle) {
7074 bt_adapter_remove_record(dis_sdp_handle);
7078 bt_crypto_unref(crypto);
7082 bt_unpaired_unregister(gatt_unpaired_cb);
7085 unsigned int bt_gatt_register_app(const char *uuid, gatt_type_t type,
7086 gatt_conn_cb_t func)
7088 struct gatt_app *app;
7091 bt_string_to_uuid(&u, uuid);
7092 bt_uuid_to_uuid128(&u, &u128);
7093 app = register_app((void *) &u128.value.u128, type);
7102 bool bt_gatt_unregister_app(unsigned int id)
7106 status = unregister_app(id);
7108 return status != HAL_STATUS_FAILED;
7111 bool bt_gatt_connect_app(unsigned int id, const bdaddr_t *addr)
7115 status = handle_connect(id, addr, false);
7117 return status != HAL_STATUS_FAILED;
7120 bool bt_gatt_disconnect_app(unsigned int id, const bdaddr_t *addr)
7122 struct app_connection match;
7123 struct app_connection *conn;
7124 struct gatt_device *device;
7125 struct gatt_app *app;
7127 app = find_app_by_id(id);
7131 device = find_device_by_addr(addr);
7135 match.device = device;
7138 conn = queue_remove_if(app_connections,
7139 match_connection_by_device_and_app, &match);
7143 destroy_connection(conn);
7148 bool bt_gatt_add_autoconnect(unsigned int id, const bdaddr_t *addr)
7150 struct gatt_device *dev;
7151 struct gatt_app *app;
7155 app = find_app_by_id(id);
7157 error("gatt: App ID=%d not found", id);
7161 dev = find_device_by_addr(addr);
7163 error("gatt: Device not found");
7167 /* Take reference of device for auto connect purpose */
7168 if (queue_isempty(dev->autoconnect_apps))
7171 if (!queue_find(dev->autoconnect_apps, NULL, INT_TO_PTR(id)))
7172 return queue_push_head(dev->autoconnect_apps, INT_TO_PTR(id));
7177 void bt_gatt_remove_autoconnect(unsigned int id, const bdaddr_t *addr)
7179 struct gatt_device *dev;
7183 dev = find_device_by_addr(addr);
7185 error("gatt: Device not found");
7189 queue_remove(dev->autoconnect_apps, INT_TO_PTR(id));
7191 if (queue_isempty(dev->autoconnect_apps))
7192 remove_autoconnect_device(dev);