1 /******************************************************************************
2  *
3  *  Copyright (C) 2010-2014 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains functions that interface with the NFC NCI transport.
22  *  On the receive side, it routes events to the appropriate handler
23  *  (callback). On the transmit side, it manages the command transmission.
24  *
25  ******************************************************************************/
26 #include <android-base/logging.h>
27 #include <android-base/stringprintf.h>
28 #include <android/hardware/nfc/1.1/types.h>
29 #include <string.h>
30 
31 #include "bt_types.h"
32 #include "ce_int.h"
33 #include "gki.h"
34 #include "nci_hmsgs.h"
35 #include "nfc_int.h"
36 #include "nfc_target.h"
37 #include "rw_int.h"
38 
39 #if (NFC_RW_ONLY == FALSE)
40 
41 /* NFC mandates support for at least one logical connection;
42  * Update max_conn to the NFCC capability on InitRsp */
43 #define NFC_SET_MAX_CONN_DEFAULT() \
44   { nfc_cb.max_conn = 1; }
45 
46 #else /* NFC_RW_ONLY */
47 #define ce_init()
48 
49 #define NFC_SET_MAX_CONN_DEFAULT()
50 
51 #endif /* NFC_RW_ONLY */
52 
53 using android::base::StringPrintf;
54 using android::hardware::nfc::V1_1::NfcEvent;
55 
56 extern void delete_stack_non_volatile_store(bool forceDelete);
57 
58 /****************************************************************************
59 ** Declarations
60 ****************************************************************************/
61 tNFC_CB nfc_cb;
62 
63 #if (NFC_RW_ONLY == FALSE)
64 #define NFC_NUM_INTERFACE_MAP 2
65 #else
66 #define NFC_NUM_INTERFACE_MAP 1
67 #endif
68 
69 static const tNCI_DISCOVER_MAPS nfc_interface_mapping[NFC_NUM_INTERFACE_MAP] = {
70     /* Protocols that use Frame Interface do not need to be included in the
71        interface mapping */
72     {NCI_PROTOCOL_ISO_DEP, NCI_INTERFACE_MODE_POLL_N_LISTEN,
73      NCI_INTERFACE_ISO_DEP}
74 #if (NFC_RW_ONLY == FALSE)
75     ,
76     /* this can not be set here due to 2079xB0 NFCC issues */
77     {NCI_PROTOCOL_NFC_DEP, NCI_INTERFACE_MODE_POLL_N_LISTEN,
78      NCI_INTERFACE_NFC_DEP}
79 #endif
80 };
81 
82 /*******************************************************************************
83 **
84 ** Function         nfc_state_name
85 **
86 ** Description      This function returns the state name.
87 **
88 ** NOTE             conditionally compiled to save memory.
89 **
90 ** Returns          pointer to the name
91 **
92 *******************************************************************************/
nfc_state_name(uint8_t state)93 static std::string nfc_state_name(uint8_t state) {
94   switch (state) {
95     case NFC_STATE_NONE:
96       return "NONE";
97     case NFC_STATE_W4_HAL_OPEN:
98       return "W4_HAL_OPEN";
99     case NFC_STATE_CORE_INIT:
100       return "CORE_INIT";
101     case NFC_STATE_W4_POST_INIT_CPLT:
102       return "W4_POST_INIT_CPLT";
103     case NFC_STATE_IDLE:
104       return "IDLE";
105     case NFC_STATE_OPEN:
106       return "OPEN";
107     case NFC_STATE_CLOSING:
108       return "CLOSING";
109     case NFC_STATE_W4_HAL_CLOSE:
110       return "W4_HAL_CLOSE";
111     case NFC_STATE_NFCC_POWER_OFF_SLEEP:
112       return "NFCC_POWER_OFF_SLEEP";
113     default:
114       return "???? UNKNOWN STATE";
115   }
116 }
117 
118 /*******************************************************************************
119 **
120 ** Function         nfc_hal_event_name
121 **
122 ** Description      This function returns the HAL event name.
123 **
124 ** NOTE             conditionally compiled to save memory.
125 **
126 ** Returns          pointer to the name
127 **
128 *******************************************************************************/
nfc_hal_event_name(uint8_t event)129 static std::string nfc_hal_event_name(uint8_t event) {
130   switch (event) {
131     case HAL_NFC_OPEN_CPLT_EVT:
132       return "HAL_NFC_OPEN_CPLT_EVT";
133     case HAL_NFC_CLOSE_CPLT_EVT:
134       return "HAL_NFC_CLOSE_CPLT_EVT";
135     case HAL_NFC_POST_INIT_CPLT_EVT:
136       return "HAL_NFC_POST_INIT_CPLT_EVT";
137     case HAL_NFC_PRE_DISCOVER_CPLT_EVT:
138       return "HAL_NFC_PRE_DISCOVER_CPLT_EVT";
139     case HAL_NFC_REQUEST_CONTROL_EVT:
140       return "HAL_NFC_REQUEST_CONTROL_EVT";
141     case HAL_NFC_RELEASE_CONTROL_EVT:
142       return "HAL_NFC_RELEASE_CONTROL_EVT";
143     case HAL_NFC_ERROR_EVT:
144       return "HAL_NFC_ERROR_EVT";
145     case HAL_HCI_NETWORK_RESET:
146       return "HCI_NETWORK_RESET";
147     default:
148       return "???? UNKNOWN EVENT";
149   }
150 }
151 
152 /*******************************************************************************
153 **
154 ** Function         nfc_main_notify_enable_status
155 **
156 ** Description      Notify status of Enable/PowerOffSleep/PowerCycle
157 **
158 *******************************************************************************/
nfc_main_notify_enable_status(tNFC_STATUS nfc_status)159 static void nfc_main_notify_enable_status(tNFC_STATUS nfc_status) {
160   tNFC_RESPONSE evt_data;
161 
162   evt_data.status = nfc_status;
163 
164   if (nfc_cb.p_resp_cback) {
165     /* if getting out of PowerOffSleep mode or restarting NFCC */
166     if (nfc_cb.flags & (NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC)) {
167       nfc_cb.flags &= ~(NFC_FL_RESTARTING | NFC_FL_POWER_CYCLE_NFCC);
168       if (nfc_status != NFC_STATUS_OK) {
169         nfc_cb.flags |= NFC_FL_POWER_OFF_SLEEP;
170       }
171       (*nfc_cb.p_resp_cback)(NFC_NFCC_RESTART_REVT, &evt_data);
172     } else {
173       (*nfc_cb.p_resp_cback)(NFC_ENABLE_REVT, &evt_data);
174     }
175   }
176 }
177 
178 /*******************************************************************************
179 **
180 ** Function         nfc_enabled
181 **
182 ** Description      NFCC enabled, proceed with stack start up.
183 **
184 ** Returns          void
185 **
186 *******************************************************************************/
nfc_enabled(tNFC_STATUS nfc_status,NFC_HDR * p_init_rsp_msg)187 void nfc_enabled(tNFC_STATUS nfc_status, NFC_HDR* p_init_rsp_msg) {
188   tNFC_RESPONSE evt_data;
189   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
190   int16_t lremain = 0;
191   uint8_t* p;
192   uint8_t num_interfaces = 0, xx;
193   uint8_t num_interface_extensions = 0, zz;
194   uint8_t interface_type;
195   int yy = 0;
196   memset(&evt_data, 0, sizeof(tNFC_RESPONSE));
197 
198   if (nfc_status == NCI_STATUS_OK) {
199     nfc_set_state(NFC_STATE_IDLE);
200 
201     p = (uint8_t*)(p_init_rsp_msg + 1) + p_init_rsp_msg->offset +
202         NCI_MSG_HDR_SIZE + 1;
203 
204     lremain = p_init_rsp_msg->len - NCI_MSG_HDR_SIZE - 1 - sizeof(uint32_t) - 5;
205     if (lremain < 0) {
206       nfc_status = NCI_STATUS_FAILED;
207       goto plen_err;
208     }
209     /* we currently only support NCI of the same version.
210     * We may need to change this, when we support multiple version of NFCC */
211 
212     evt_data.enable.nci_version = nfc_cb.nci_version;
213     STREAM_TO_UINT32(evt_data.enable.nci_features, p);
214     if (nfc_cb.nci_version == NCI_VERSION_1_0) {
215       /* this byte is consumed in the top expression */
216       STREAM_TO_UINT8(num_interfaces, p);
217       lremain -= num_interfaces;
218       if (lremain < 0) {
219         nfc_status = NCI_STATUS_FAILED;
220         goto plen_err;
221       }
222       evt_data.enable.nci_interfaces = 0;
223       for (xx = 0; xx < num_interfaces; xx++) {
224         if ((*p) <= NCI_INTERFACE_MAX)
225           evt_data.enable.nci_interfaces |= (1 << (*p));
226         else if (((*p) >= NCI_INTERFACE_FIRST_VS) &&
227                  (yy < NFC_NFCC_MAX_NUM_VS_INTERFACE)) {
228           /* save the VS RF interface in control block, if there's still room */
229           nfc_cb.vs_interface[yy++] = *p;
230         }
231         p++;
232       }
233       nfc_cb.nci_interfaces = evt_data.enable.nci_interfaces;
234       memcpy(evt_data.enable.vs_interface, nfc_cb.vs_interface,
235              NFC_NFCC_MAX_NUM_VS_INTERFACE);
236     }
237     /* four bytes below are consumed in the top expression */
238     evt_data.enable.max_conn = *p++;
239     STREAM_TO_UINT16(evt_data.enable.max_ce_table, p);
240 #if (NFC_RW_ONLY == FALSE)
241     nfc_cb.max_ce_table = evt_data.enable.max_ce_table;
242     nfc_cb.nci_features = evt_data.enable.nci_features;
243     nfc_cb.max_conn = evt_data.enable.max_conn;
244 #endif
245     nfc_cb.nci_ctrl_size = *p++; /* Max Control Packet Payload Length */
246     p_cb->init_credits = p_cb->num_buff = 0;
247     nfc_set_conn_id(p_cb, NFC_RF_CONN_ID);
248     if (nfc_cb.nci_version >= NCI_VERSION_2_0) {
249       /* one byte is consumed in the top expression and
250        * 3 bytes from uit16+uint8 below */
251       lremain -= 4;
252       if (lremain < 0) {
253         nfc_status = NCI_STATUS_FAILED;
254         goto plen_err;
255       }
256       if (evt_data.enable.nci_features & NCI_FEAT_HCI_NETWORK) {
257         p_cb = &nfc_cb.conn_cb[NFC_HCI_CONN_ID];
258         nfc_set_conn_id(p_cb, NFC_HCI_CONN_ID);
259         p_cb->id = NFC_HCI_CONN_ID;
260         STREAM_TO_UINT8(p_cb->buff_size, p);
261         STREAM_TO_UINT8(p_cb->num_buff, p);
262         p_cb->init_credits = p_cb->num_buff;
263         evt_data.enable.hci_packet_size = p_cb->buff_size;
264         evt_data.enable.hci_conn_credits = p_cb->init_credits;
265         LOG(VERBOSE) << StringPrintf("hci num_buf=%d buf_size=%d", p_cb->num_buff,
266                                    p_cb->buff_size);
267       } else {
268         /*HCI n/w not enabled skip data buff size and data credit HCI conn */
269         p += 2;
270       }
271       STREAM_TO_UINT16(evt_data.enable.max_nfc_v_size, p);
272       STREAM_TO_UINT8(num_interfaces, p);
273 #if (NFC_RW_ONLY == FALSE)
274       nfc_cb.hci_packet_size = evt_data.enable.hci_packet_size;
275       nfc_cb.hci_conn_credits = evt_data.enable.hci_conn_credits;
276       nfc_cb.nci_max_v_size = evt_data.enable.max_nfc_v_size;
277 #endif
278       evt_data.enable.nci_interfaces = 0;
279 
280       for (xx = 0; xx < num_interfaces; xx++) {
281         lremain -= 2;
282         if (lremain < 0) {
283           nfc_status = NCI_STATUS_FAILED;
284           goto plen_err;
285         }
286         if ((*p) <= NCI_INTERFACE_MAX)
287           evt_data.enable.nci_interfaces |= (1 << (*p));
288         else if (((*p) >= NCI_INTERFACE_FIRST_VS) &&
289                  (yy < NFC_NFCC_MAX_NUM_VS_INTERFACE)) {
290           /* save the VS RF interface in control block, if there's still room */
291           nfc_cb.vs_interface[yy++] = *p;
292         }
293         interface_type = *p++;
294         num_interface_extensions = *p++;
295         lremain -= num_interface_extensions;
296         if (lremain < 0) {
297           nfc_status = NCI_STATUS_FAILED;
298           goto plen_err;
299         }
300         for (zz = 0; zz < num_interface_extensions; zz++) {
301           if (((*p) < NCI_INTERFACE_EXTENSION_MAX) &&
302               (interface_type <= NCI_INTERFACE_MAX)) {
303             nfc_cb.nci_intf_extensions |= (1 << (*p));
304             nfc_cb.nci_intf_extension_map[*p] = (1 << interface_type);
305           }
306           p++;
307         }
308       }
309 
310       nfc_cb.nci_interfaces = evt_data.enable.nci_interfaces;
311       memcpy(evt_data.enable.vs_interface, nfc_cb.vs_interface,
312              NFC_NFCC_MAX_NUM_VS_INTERFACE);
313     } else {
314       /* For VERSION_UNKNOWN one byte is consumed in the top expression */
315       lremain -= sizeof(uint16_t) + NFC_NFCC_INFO_LEN +
316                  (nfc_cb.nci_version == NCI_VERSION_1_0 ? 1 : 0);
317       if (lremain < 0) {
318         nfc_status = NCI_STATUS_FAILED;
319         goto plen_err;
320       }
321       STREAM_TO_UINT16(evt_data.enable.max_param_size, p);
322       evt_data.enable.manufacture_id = *p++;
323       STREAM_TO_ARRAY(evt_data.enable.nfcc_info, p, NFC_NFCC_INFO_LEN);
324     }
325     NFC_DiscoveryMap(nfc_cb.num_disc_maps,
326                      (tNCI_DISCOVER_MAPS*)nfc_cb.p_disc_maps, nullptr);
327   }
328   /* else not successful. the buffers will be freed in nfc_free_conn_cb () */
329   else {
330   plen_err:
331     if (nfc_cb.flags & NFC_FL_RESTARTING) {
332       nfc_set_state(NFC_STATE_NFCC_POWER_OFF_SLEEP);
333     } else {
334       nfc_free_conn_cb(p_cb);
335 
336       /* if NFCC didn't respond to CORE_RESET or CORE_INIT */
337       if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT) {
338         /* report status after closing HAL */
339         nfc_cb.p_hal->close();
340         return;
341       } else
342         nfc_set_state(NFC_STATE_NONE);
343     }
344   }
345 
346   nfc_main_notify_enable_status(nfc_status);
347 }
348 
349 /*******************************************************************************
350 **
351 ** Function         nfc_set_state
352 **
353 ** Description      Set the state of NFC stack
354 **
355 ** Returns          void
356 **
357 *******************************************************************************/
nfc_set_state(tNFC_STATE nfc_state)358 void nfc_set_state(tNFC_STATE nfc_state) {
359   LOG(VERBOSE) << StringPrintf("nfc_set_state %d (%s)->%d (%s)", nfc_cb.nfc_state,
360                              nfc_state_name(nfc_cb.nfc_state).c_str(),
361                              nfc_state, nfc_state_name(nfc_state).c_str());
362   nfc_cb.nfc_state = nfc_state;
363 }
364 
365 /*******************************************************************************
366 **
367 ** Function         nfc_gen_cleanup
368 **
369 ** Description      Clean up for both going into low power mode and disabling
370 **                  NFC
371 **
372 *******************************************************************************/
nfc_gen_cleanup(void)373 void nfc_gen_cleanup(void) {
374   nfc_cb.flags &= ~NFC_FL_DEACTIVATING;
375 
376   /* the HAL pre-discover is still active - clear the pending flag/free the
377    * buffer */
378   if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
379     nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
380     GKI_freebuf(nfc_cb.p_disc_pending);
381     nfc_cb.p_disc_pending = nullptr;
382   }
383 
384   nfc_cb.flags &= ~(NFC_FL_CONTROL_REQUESTED | NFC_FL_CONTROL_GRANTED |
385                     NFC_FL_HAL_REQUESTED);
386 
387   nfc_stop_timer(&nfc_cb.deactivate_timer);
388 
389   /* Reset the connection control blocks */
390   nfc_reset_all_conn_cbs();
391 
392   if (nfc_cb.p_nci_init_rsp) {
393     GKI_freebuf(nfc_cb.p_nci_init_rsp);
394     nfc_cb.p_nci_init_rsp = nullptr;
395   }
396 
397   /* clear any pending CMD/RSP */
398   nfc_main_flush_cmd_queue();
399 }
400 
401 /*******************************************************************************
402 **
403 ** Function         nfc_main_handle_hal_evt
404 **
405 ** Description      Handle BT_EVT_TO_NFC_MSGS
406 **
407 *******************************************************************************/
nfc_main_handle_hal_evt(tNFC_HAL_EVT_MSG * p_msg)408 void nfc_main_handle_hal_evt(tNFC_HAL_EVT_MSG* p_msg) {
409   uint8_t* ps;
410 
411   LOG(VERBOSE) << StringPrintf("HAL event=0x%x", p_msg->hal_evt);
412 
413   switch (p_msg->hal_evt) {
414     case HAL_NFC_OPEN_CPLT_EVT: /* only for failure case */
415       nfc_enabled(NFC_STATUS_FAILED, nullptr);
416       break;
417 
418     case HAL_NFC_CLOSE_CPLT_EVT:
419       if (nfc_cb.p_resp_cback) {
420         if (nfc_cb.nfc_state == NFC_STATE_W4_HAL_CLOSE) {
421           if (nfc_cb.flags & NFC_FL_POWER_OFF_SLEEP) {
422             nfc_cb.flags &= ~NFC_FL_POWER_OFF_SLEEP;
423             nfc_set_state(NFC_STATE_NFCC_POWER_OFF_SLEEP);
424             (*nfc_cb.p_resp_cback)(NFC_NFCC_POWER_OFF_REVT, nullptr);
425           } else {
426             nfc_set_state(NFC_STATE_NONE);
427             (*nfc_cb.p_resp_cback)(NFC_DISABLE_REVT, nullptr);
428             nfc_cb.p_resp_cback = nullptr;
429           }
430         } else {
431           /* found error during initialization */
432           nfc_set_state(NFC_STATE_NONE);
433           nfc_main_notify_enable_status(NFC_STATUS_FAILED);
434         }
435       }
436       break;
437 
438     case HAL_NFC_POST_INIT_CPLT_EVT:
439       if (nfc_cb.p_nci_init_rsp) {
440         /*
441         ** if NFC_Disable() is called before receiving
442         ** HAL_NFC_POST_INIT_CPLT_EVT, then wait for HAL_NFC_CLOSE_CPLT_EVT.
443         */
444         if (nfc_cb.nfc_state == NFC_STATE_W4_POST_INIT_CPLT) {
445           if (p_msg->status == HAL_NFC_STATUS_OK) {
446             nfc_enabled(NCI_STATUS_OK, nfc_cb.p_nci_init_rsp);
447           } else /* if post initailization failed */
448           {
449             nfc_enabled(NCI_STATUS_FAILED, nullptr);
450           }
451         }
452 
453         GKI_freebuf(nfc_cb.p_nci_init_rsp);
454         nfc_cb.p_nci_init_rsp = nullptr;
455       }
456       break;
457 
458     case HAL_NFC_PRE_DISCOVER_CPLT_EVT:
459       /* restore the command window, no matter if the discover command is still
460        * pending */
461       nfc_cb.nci_cmd_window = NCI_MAX_CMD_WINDOW;
462       nfc_cb.flags &= ~NFC_FL_CONTROL_GRANTED;
463       if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
464         /* issue the discovery command now, if it is still pending */
465         nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
466         ps = (uint8_t*)nfc_cb.p_disc_pending;
467         nci_snd_discover_cmd(*ps, (tNFC_DISCOVER_PARAMS*)(ps + 1));
468         GKI_freebuf(nfc_cb.p_disc_pending);
469         nfc_cb.p_disc_pending = nullptr;
470       } else {
471         /* check if there's other pending commands */
472         nfc_ncif_check_cmd_queue(nullptr);
473       }
474 
475       if (p_msg->status == HAL_NFC_STATUS_ERR_CMD_TIMEOUT)
476         nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
477       break;
478 
479     case HAL_NFC_REQUEST_CONTROL_EVT:
480       nfc_cb.flags |= NFC_FL_CONTROL_REQUESTED;
481       nfc_cb.flags |= NFC_FL_HAL_REQUESTED;
482       nfc_ncif_check_cmd_queue(nullptr);
483       break;
484 
485     case HAL_NFC_RELEASE_CONTROL_EVT:
486       if (nfc_cb.flags & NFC_FL_CONTROL_GRANTED) {
487         nfc_cb.flags &= ~NFC_FL_CONTROL_GRANTED;
488         nfc_cb.nci_cmd_window = NCI_MAX_CMD_WINDOW;
489         nfc_ncif_check_cmd_queue(nullptr);
490 
491         if (p_msg->status == HAL_NFC_STATUS_ERR_CMD_TIMEOUT)
492           nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
493       }
494       break;
495 
496     case HAL_NFC_ERROR_EVT:
497       switch (p_msg->status) {
498         case HAL_NFC_STATUS_ERR_TRANSPORT:
499           /* Notify app of transport error */
500           if (nfc_cb.p_resp_cback) {
501             (*nfc_cb.p_resp_cback)(NFC_NFCC_TRANSPORT_ERR_REVT, nullptr);
502 
503             /* if enabling NFC, notify upper layer of failure after closing HAL
504              */
505             if (nfc_cb.nfc_state < NFC_STATE_IDLE) {
506               nfc_enabled(NFC_STATUS_FAILED, nullptr);
507             }
508           }
509           break;
510 
511         case HAL_NFC_STATUS_ERR_CMD_TIMEOUT:
512           nfc_ncif_event_status(NFC_NFCC_TIMEOUT_REVT, NFC_STATUS_HW_TIMEOUT);
513 
514           /* if enabling NFC, notify upper layer of failure after closing HAL */
515           if (nfc_cb.nfc_state < NFC_STATE_IDLE) {
516             nfc_enabled(NFC_STATUS_FAILED, nullptr);
517             return;
518           }
519           break;
520 
521         case HAL_HCI_NETWORK_RESET:
522           delete_stack_non_volatile_store(true);
523           break;
524 
525         default:
526           break;
527       }
528       break;
529 
530     default:
531       LOG(ERROR) << StringPrintf("unhandled event (0x%x).", p_msg->hal_evt);
532       break;
533   }
534 }
535 
536 /*******************************************************************************
537 **
538 ** Function         nfc_main_flush_cmd_queue
539 **
540 ** Description      This function is called when setting power off sleep state.
541 **
542 ** Returns          void
543 **
544 *******************************************************************************/
nfc_main_flush_cmd_queue(void)545 void nfc_main_flush_cmd_queue(void) {
546   NFC_HDR* p_msg;
547 
548   LOG(VERBOSE) << __func__;
549 
550   /* initialize command window */
551   nfc_cb.nci_cmd_window = NCI_MAX_CMD_WINDOW;
552 
553   /* Stop command-pending timer */
554   nfc_stop_timer(&nfc_cb.nci_wait_rsp_timer);
555 
556   /* dequeue and free buffer */
557   while ((p_msg = (NFC_HDR*)GKI_dequeue(&nfc_cb.nci_cmd_xmit_q)) != nullptr) {
558     GKI_freebuf(p_msg);
559   }
560 }
561 
562 /*******************************************************************************
563 **
564 ** Function         nfc_main_post_hal_evt
565 **
566 ** Description      This function posts HAL event to NFC_TASK
567 **
568 ** Returns          void
569 **
570 *******************************************************************************/
nfc_main_post_hal_evt(uint8_t hal_evt,tHAL_NFC_STATUS status)571 void nfc_main_post_hal_evt(uint8_t hal_evt, tHAL_NFC_STATUS status) {
572   tNFC_HAL_EVT_MSG* p_msg;
573 
574   p_msg = (tNFC_HAL_EVT_MSG*)GKI_getbuf(sizeof(tNFC_HAL_EVT_MSG));
575   if (p_msg != nullptr) {
576     /* Initialize NFC_HDR */
577     p_msg->hdr.len = 0;
578     p_msg->hdr.event = BT_EVT_TO_NFC_MSGS;
579     p_msg->hdr.offset = 0;
580     p_msg->hdr.layer_specific = 0;
581     p_msg->hal_evt = hal_evt;
582     p_msg->status = status;
583     GKI_send_msg(NFC_TASK, NFC_MBOX_ID, p_msg);
584   } else {
585     LOG(ERROR) << StringPrintf("No buffer");
586   }
587 }
588 
589 /*******************************************************************************
590 **
591 ** Function         nfc_main_hal_cback
592 **
593 ** Description      HAL event handler
594 **
595 ** Returns          void
596 **
597 *******************************************************************************/
nfc_main_hal_cback(uint8_t event,tHAL_NFC_STATUS status)598 static void nfc_main_hal_cback(uint8_t event, tHAL_NFC_STATUS status) {
599   LOG(VERBOSE) << StringPrintf("nfc_main_hal_cback event: %s(0x%x), status=%d",
600                              nfc_hal_event_name(event).c_str(), event, status);
601 
602   switch (event) {
603     case HAL_NFC_OPEN_CPLT_EVT:
604       /*
605       ** if NFC_Disable() is called before receiving HAL_NFC_OPEN_CPLT_EVT,
606       ** then wait for HAL_NFC_CLOSE_CPLT_EVT.
607       */
608       if (nfc_cb.nfc_state == NFC_STATE_W4_HAL_OPEN) {
609         if (status == HAL_NFC_STATUS_OK) {
610           /* Notify NFC_TASK that NCI tranport is initialized */
611           GKI_send_event(NFC_TASK, NFC_TASK_EVT_TRANSPORT_READY);
612         } else {
613           nfc_main_post_hal_evt(event, status);
614         }
615       }
616       break;
617 
618     case HAL_NFC_CLOSE_CPLT_EVT:
619     case HAL_NFC_POST_INIT_CPLT_EVT:
620     case HAL_NFC_PRE_DISCOVER_CPLT_EVT:
621     case HAL_NFC_REQUEST_CONTROL_EVT:
622     case HAL_NFC_RELEASE_CONTROL_EVT:
623     case HAL_NFC_ERROR_EVT:
624     case HAL_HCI_NETWORK_RESET:
625       nfc_main_post_hal_evt(event, status);
626       break;
627 
628     default:
629       LOG(VERBOSE) << StringPrintf("nfc_main_hal_cback unhandled event %x",
630                                  event);
631       break;
632   }
633 }
634 
635 /*******************************************************************************
636 **
637 ** Function         nfc_main_hal_data_cback
638 **
639 ** Description      HAL data event handler
640 **
641 ** Returns          void
642 **
643 *******************************************************************************/
nfc_main_hal_data_cback(uint16_t data_len,uint8_t * p_data)644 static void nfc_main_hal_data_cback(uint16_t data_len, uint8_t* p_data) {
645   NFC_HDR* p_msg;
646 
647   /* ignore all data while shutting down NFCC */
648   if (nfc_cb.nfc_state == NFC_STATE_W4_HAL_CLOSE) {
649     return;
650   }
651 
652   if (p_data) {
653 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
654     // GKI_getpoolbuf returns a fixed size of memory buffer, which is usually
655     // bigger than NFC packets. This may hide OOB issues.
656     p_msg = (NFC_HDR*)GKI_getbuf(sizeof(NFC_HDR) + NFC_RECEIVE_MSGS_OFFSET +
657                                  data_len);
658 #else
659     p_msg = (NFC_HDR*)GKI_getpoolbuf(NFC_NCI_POOL_ID);
660 #endif
661     if (p_msg != nullptr) {
662       /* Initialize NFC_HDR */
663       p_msg->len = data_len;
664       p_msg->event = BT_EVT_TO_NFC_NCI;
665       p_msg->offset = NFC_RECEIVE_MSGS_OFFSET;
666 
667       /* no need to check length, it always less than pool size */
668       memcpy((uint8_t*)(p_msg + 1) + p_msg->offset, p_data, p_msg->len);
669 
670       GKI_send_msg(NFC_TASK, NFC_MBOX_ID, p_msg);
671     } else {
672       LOG(ERROR) << StringPrintf("No buffer");
673     }
674   }
675 }
676 
677 /*******************************************************************************
678 **
679 ** Function         NFC_Enable
680 **
681 ** Description      This function enables NFC. Prior to calling NFC_Enable:
682 **                  - the NFCC must be powered up, and ready to receive
683 **                    commands.
684 **                  - GKI must be enabled
685 **                  - NFC_TASK must be started
686 **                  - NCIT_TASK must be started (if using dedicated NCI
687 **                    transport)
688 **
689 **                  This function opens the NCI transport (if applicable),
690 **                  resets the NFC controller, and initializes the NFC
691 **                  subsystems.
692 **
693 **                  When the NFC startup procedure is completed, an
694 **                  NFC_ENABLE_REVT is returned to the application using the
695 **                  tNFC_RESPONSE_CBACK.
696 **
697 ** Returns          tNFC_STATUS
698 **
699 *******************************************************************************/
NFC_Enable(tNFC_RESPONSE_CBACK * p_cback)700 tNFC_STATUS NFC_Enable(tNFC_RESPONSE_CBACK* p_cback) {
701   LOG(VERBOSE) << __func__;
702 
703   /* Validate callback */
704   if (!p_cback) {
705     return (NFC_STATUS_INVALID_PARAM);
706   }
707   nfc_cb.p_resp_cback = p_cback;
708 
709   /* Open HAL transport. */
710   nfc_set_state(NFC_STATE_W4_HAL_OPEN);
711   nfc_cb.p_hal->open(nfc_main_hal_cback, nfc_main_hal_data_cback);
712 
713   return (NFC_STATUS_OK);
714 }
715 
716 /*******************************************************************************
717 **
718 ** Function         NFC_Disable
719 **
720 ** Description      This function performs clean up routines for shutting down
721 **                  NFC and closes the NCI transport (if using dedicated NCI
722 **                  transport).
723 **
724 **                  When the NFC shutdown procedure is completed, an
725 **                  NFC_DISABLED_REVT is returned to the application using the
726 **                  tNFC_RESPONSE_CBACK.
727 **
728 ** Returns          nothing
729 **
730 *******************************************************************************/
NFC_Disable(void)731 void NFC_Disable(void) {
732   LOG(VERBOSE) << StringPrintf("nfc_state = %d", nfc_cb.nfc_state);
733 
734   if ((nfc_cb.nfc_state == NFC_STATE_NONE) ||
735       (nfc_cb.nfc_state == NFC_STATE_NFCC_POWER_OFF_SLEEP)) {
736     nfc_set_state(NFC_STATE_NONE);
737     if (nfc_cb.p_resp_cback) {
738       (*nfc_cb.p_resp_cback)(NFC_DISABLE_REVT, nullptr);
739       nfc_cb.p_resp_cback = nullptr;
740     }
741     return;
742   }
743 
744   /* Close transport and clean up */
745   nfc_task_shutdown_nfcc();
746 }
747 
748 /*******************************************************************************
749 **
750 ** Function         NFC_Init
751 **
752 ** Description      This function initializes control block for NFC
753 **
754 ** Returns          nothing
755 **
756 *******************************************************************************/
NFC_Init(tHAL_NFC_ENTRY * p_hal_entry_tbl)757 void NFC_Init(tHAL_NFC_ENTRY* p_hal_entry_tbl) {
758   int xx;
759 
760   /* Clear nfc control block */
761   memset(&nfc_cb, 0, sizeof(tNFC_CB));
762 
763   /* Reset the nfc control block */
764   for (xx = 0; xx < NCI_MAX_CONN_CBS; xx++) {
765     nfc_cb.conn_cb[xx].conn_id = NFC_ILLEGAL_CONN_ID;
766   }
767 
768   /* NCI init */
769   nfc_cb.p_hal = p_hal_entry_tbl;
770   nfc_cb.nfc_state = NFC_STATE_NONE;
771   nfc_cb.nci_cmd_window = NCI_MAX_CMD_WINDOW;
772   nfc_cb.nci_wait_rsp_tout = NFC_CMD_CMPL_TIMEOUT;
773   nfc_cb.p_disc_maps = nfc_interface_mapping;
774   nfc_cb.num_disc_maps = NFC_NUM_INTERFACE_MAP;
775   nfc_cb.nci_ctrl_size = NCI_CTRL_INIT_SIZE;
776   nfc_cb.reassembly = true;
777   nfc_cb.nci_version = NCI_VERSION_UNKNOWN;
778   GKI_init_timer_list(&nfc_cb.timer_queue);
779   GKI_init_timer_list(&nfc_cb.quick_timer_queue);
780   rw_init();
781   ce_init();
782   NFC_SET_MAX_CONN_DEFAULT();
783 }
784 
785 /*******************************************************************************
786 **
787 ** Function         NFC_GetLmrtSize
788 **
789 ** Description      Called by application wto query the Listen Mode Routing
790 **                  Table size supported by NFCC
791 **
792 ** Returns          Listen Mode Routing Table size
793 **
794 *******************************************************************************/
NFC_GetLmrtSize(void)795 uint16_t NFC_GetLmrtSize(void) {
796   uint16_t size = 0;
797 #if (NFC_RW_ONLY == FALSE)
798   size = nfc_cb.max_ce_table;
799 #endif
800   return size;
801 }
802 
803 /*******************************************************************************
804 **
805 ** Function         NFC_SetConfig
806 **
807 ** Description      This function is called to send the configuration parameter
808 **                  TLV to NFCC. The response from NFCC is reported by
809 **                  tNFC_RESPONSE_CBACK as NFC_SET_CONFIG_REVT.
810 **
811 ** Parameters       tlv_size - the length of p_param_tlvs.
812 **                  p_param_tlvs - the parameter ID/Len/Value list
813 **
814 ** Returns          tNFC_STATUS
815 **
816 *******************************************************************************/
NFC_SetConfig(uint8_t tlv_size,uint8_t * p_param_tlvs)817 tNFC_STATUS NFC_SetConfig(uint8_t tlv_size, uint8_t* p_param_tlvs) {
818   return nci_snd_core_set_config(p_param_tlvs, tlv_size);
819 }
820 
821 /*******************************************************************************
822 **
823 ** Function         NFC_GetConfig
824 **
825 ** Description      This function is called to retrieve the parameter TLV from
826 **                  NFCC. The response from NFCC is reported by
827 **                  tNFC_RESPONSE_CBACK as NFC_GET_CONFIG_REVT.
828 **
829 ** Parameters       num_ids - the number of parameter IDs
830 **                  p_param_ids - the parameter ID list.
831 **
832 ** Returns          tNFC_STATUS
833 **
834 *******************************************************************************/
NFC_GetConfig(uint8_t num_ids,uint8_t * p_param_ids)835 tNFC_STATUS NFC_GetConfig(uint8_t num_ids, uint8_t* p_param_ids) {
836   return nci_snd_core_get_config(p_param_ids, num_ids);
837 }
838 
839 /*******************************************************************************
840 **
841 ** Function         NFC_DiscoveryMap
842 **
843 ** Description      This function is called to set the discovery interface
844 **                  mapping. The response from NFCC is reported by
845 **                  tNFC_DISCOVER_CBACK as NFC_MAP_DEVT.
846 **
847 ** Parameters       num - the number of items in p_params.
848 **                  p_maps - the discovery interface mappings
849 **                  p_cback - the discovery callback function
850 **
851 ** Returns          tNFC_STATUS
852 **
853 *******************************************************************************/
NFC_DiscoveryMap(uint8_t num,tNFC_DISCOVER_MAPS * p_maps,tNFC_DISCOVER_CBACK * p_cback)854 tNFC_STATUS NFC_DiscoveryMap(uint8_t num, tNFC_DISCOVER_MAPS* p_maps,
855                              tNFC_DISCOVER_CBACK* p_cback) {
856   uint8_t num_disc_maps = num;
857   uint8_t xx, yy, num_intf, intf_mask;
858   tNFC_DISCOVER_MAPS
859       max_maps[NFC_NFCC_MAX_NUM_VS_INTERFACE + NCI_INTERFACE_MAX];
860   bool is_supported;
861 
862   nfc_cb.p_discv_cback = p_cback;
863   num_intf = 0;
864   LOG(VERBOSE) << StringPrintf("nci_interfaces supported by NFCC: 0x%x",
865                              nfc_cb.nci_interfaces);
866 
867   for (xx = 0; xx < NFC_NFCC_MAX_NUM_VS_INTERFACE + NCI_INTERFACE_MAX; xx++) {
868     memset(&max_maps[xx], 0x00, sizeof(tNFC_DISCOVER_MAPS));
869   }
870 
871   for (xx = 0; xx < num_disc_maps; xx++) {
872     is_supported = false;
873     if (p_maps[xx].intf_type > NCI_INTERFACE_MAX) {
874       for (yy = 0; yy < NFC_NFCC_MAX_NUM_VS_INTERFACE; yy++) {
875         if (nfc_cb.vs_interface[yy] == p_maps[xx].intf_type)
876           is_supported = true;
877       }
878       LOG(VERBOSE) << StringPrintf("[%d]: vs intf_type:0x%x is_supported:%d", xx,
879                                  p_maps[xx].intf_type, is_supported);
880     } else {
881       intf_mask = (1 << (p_maps[xx].intf_type));
882       if (intf_mask & nfc_cb.nci_interfaces) {
883         is_supported = true;
884       }
885       LOG(VERBOSE) << StringPrintf(
886           "[%d]: intf_type:%d intf_mask: 0x%x is_supported:%d", xx,
887           p_maps[xx].intf_type, intf_mask, is_supported);
888     }
889     if (is_supported)
890       memcpy(&max_maps[num_intf++], &p_maps[xx], sizeof(tNFC_DISCOVER_MAPS));
891     else {
892       LOG(WARNING) << StringPrintf(
893           "NFC_DiscoveryMap interface=0x%x is not supported by NFCC",
894           p_maps[xx].intf_type);
895     }
896   }
897 
898   return nci_snd_discover_map_cmd(num_intf, (tNCI_DISCOVER_MAPS*)max_maps);
899 }
900 
901 /*******************************************************************************
902 **
903 ** Function         NFC_DiscoveryStart
904 **
905 ** Description      This function is called to start Polling and/or Listening.
906 **                  The response from NFCC is reported by tNFC_DISCOVER_CBACK as
907 **                  NFC_START_DEVT. The notification from NFCC is reported by
908 **                  tNFC_DISCOVER_CBACK as NFC_RESULT_DEVT.
909 **
910 ** Parameters       num_params - the number of items in p_params.
911 **                  p_params - the discovery parameters
912 **                  p_cback - the discovery callback function
913 **
914 ** Returns          tNFC_STATUS
915 **
916 *******************************************************************************/
NFC_DiscoveryStart(uint8_t num_params,tNFC_DISCOVER_PARAMS * p_params,tNFC_DISCOVER_CBACK * p_cback)917 tNFC_STATUS NFC_DiscoveryStart(uint8_t num_params,
918                                tNFC_DISCOVER_PARAMS* p_params,
919                                tNFC_DISCOVER_CBACK* p_cback) {
920   uint8_t* p;
921   int params_size;
922   tNFC_STATUS status = NFC_STATUS_NO_BUFFERS;
923 
924   LOG(VERBOSE) << __func__;
925   if (nfc_cb.p_disc_pending) {
926     LOG(ERROR) << StringPrintf("There's pending NFC_DiscoveryStart");
927     status = NFC_STATUS_BUSY;
928   } else {
929     nfc_cb.p_discv_cback = p_cback;
930     nfc_cb.flags |= NFC_FL_DISCOVER_PENDING;
931     nfc_cb.flags |= NFC_FL_CONTROL_REQUESTED;
932     params_size = sizeof(tNFC_DISCOVER_PARAMS) * num_params;
933     nfc_cb.p_disc_pending =
934         GKI_getbuf((uint16_t)(NFC_HDR_SIZE + 1 + params_size));
935     if (nfc_cb.p_disc_pending) {
936       p = (uint8_t*)nfc_cb.p_disc_pending;
937       *p++ = num_params;
938       memcpy(p, p_params, params_size);
939       status = NFC_STATUS_CMD_STARTED;
940       nfc_ncif_check_cmd_queue(nullptr);
941     }
942   }
943 
944   LOG(VERBOSE) << StringPrintf("NFC_DiscoveryStart status: 0x%x", status);
945   return status;
946 }
947 
948 /*******************************************************************************
949 **
950 ** Function         NFC_DiscoverySelect
951 **
952 ** Description      If tNFC_DISCOVER_CBACK reports status=NFC_MULTIPLE_PROT,
953 **                  the application needs to use this function to select the
954 **                  the logical endpoint to continue. The response from NFCC is
955 **                  reported by tNFC_DISCOVER_CBACK as NFC_SELECT_DEVT.
956 **
957 ** Parameters       rf_disc_id - The ID identifies the remote device.
958 **                  protocol - the logical endpoint on the remote device
959 **                  rf_interface - the RF interface to communicate with NFCC
960 **
961 ** Returns          tNFC_STATUS
962 **
963 *******************************************************************************/
NFC_DiscoverySelect(uint8_t rf_disc_id,uint8_t protocol,uint8_t rf_interface)964 tNFC_STATUS NFC_DiscoverySelect(uint8_t rf_disc_id, uint8_t protocol,
965                                 uint8_t rf_interface) {
966   return nci_snd_discover_select_cmd(rf_disc_id, protocol, rf_interface);
967 }
968 
969 /*******************************************************************************
970 **
971 ** Function         NFC_StartPowerTransfert
972 **
973 ** Description      If tNFC_DISCOVER_CBACK reports status=NFC_MULTIPLE_PROT,
974 **                  the application needs to use this function to select the
975 **                  the logical endpoint to continue. The response from NFCC is
976 **                  reported by tNFC_DISCOVER_CBACK as NFC_SELECT_DEVT.
977 **
978 ** Parameters       rf_disc_id - The ID identifies the remote device.
979 **                  protocol - the logical endpoint on the remote device
980 **                  rf_interface - the RF interface to communicate with NFCC
981 **
982 ** Returns          tNFC_STATUS
983 **
984 *******************************************************************************/
NFC_StartPowerTransfert(uint8_t * p_param,uint8_t param_len)985 tNFC_STATUS NFC_StartPowerTransfert(uint8_t* p_param, uint8_t param_len) {
986   return nci_snd_rf_wpt_control_cmd(p_param, param_len);
987 }
988 
989 /*******************************************************************************
990 **
991 ** Function         NFC_ConnCreate
992 **
993 ** Description      This function is called to create a logical connection with
994 **                  NFCC for data exchange.
995 **
996 ** Parameters       dest_type - the destination type
997 **                  id   - the NFCEE ID or RF Discovery ID .
998 **                  protocol   - the protocol.
999 **                  p_cback - the connection callback function
1000 **
1001 ** Returns          tNFC_STATUS
1002 **
1003 *******************************************************************************/
NFC_ConnCreate(uint8_t dest_type,uint8_t id,uint8_t protocol,tNFC_CONN_CBACK * p_cback)1004 tNFC_STATUS NFC_ConnCreate(uint8_t dest_type, uint8_t id, uint8_t protocol,
1005                            tNFC_CONN_CBACK* p_cback) {
1006   tNFC_STATUS status = NFC_STATUS_FAILED;
1007   tNFC_CONN_CB* p_cb;
1008   uint8_t num_tlv = 0, tlv_size = 0;
1009   uint8_t param_tlvs[4], *pp;
1010 
1011   p_cb = nfc_alloc_conn_cb(p_cback);
1012   if (p_cb) {
1013     p_cb->id = id;
1014     pp = param_tlvs;
1015     if (dest_type == NCI_DEST_TYPE_NFCEE) {
1016       num_tlv = 1;
1017       UINT8_TO_STREAM(pp, NCI_CON_CREATE_TAG_NFCEE_VAL);
1018       UINT8_TO_STREAM(pp, 2);
1019       UINT8_TO_STREAM(pp, id);
1020       UINT8_TO_STREAM(pp, protocol);
1021       tlv_size = 4;
1022     } else if (dest_type == NCI_DEST_TYPE_REMOTE) {
1023       num_tlv = 1;
1024       UINT8_TO_STREAM(pp, NCI_CON_CREATE_TAG_RF_DISC_ID);
1025       UINT8_TO_STREAM(pp, 1);
1026       UINT8_TO_STREAM(pp, id);
1027       tlv_size = 3;
1028     } else if (dest_type == NCI_DEST_TYPE_NFCC) {
1029       p_cb->id = NFC_TEST_ID;
1030     }
1031     /* Add handling of NCI_DEST_TYPE_REMOTE when more RF interface definitions
1032      * are added */
1033     p_cb->act_protocol = protocol;
1034     p_cb->p_cback = p_cback;
1035     status = nci_snd_core_conn_create(dest_type, num_tlv, tlv_size, param_tlvs);
1036     if (status == NFC_STATUS_FAILED) nfc_free_conn_cb(p_cb);
1037   }
1038   return status;
1039 }
1040 
1041 /*******************************************************************************
1042 **
1043 ** Function         NFC_ConnClose
1044 **
1045 ** Description      This function is called to close a logical connection with
1046 **                  NFCC.
1047 **
1048 ** Parameters       conn_id - the connection id.
1049 **
1050 ** Returns          tNFC_STATUS
1051 **
1052 *******************************************************************************/
NFC_ConnClose(uint8_t conn_id)1053 tNFC_STATUS NFC_ConnClose(uint8_t conn_id) {
1054   tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1055   tNFC_STATUS status = NFC_STATUS_FAILED;
1056 
1057   if (p_cb) {
1058     status = nci_snd_core_conn_close(conn_id);
1059   }
1060   return status;
1061 }
1062 
1063 /*******************************************************************************
1064 **
1065 ** Function         NFC_SetStaticRfCback
1066 **
1067 ** Description      This function is called to update the data callback function
1068 **                  to receive the data for the given connection id.
1069 **
1070 ** Parameters       p_cback - the connection callback function
1071 **
1072 ** Returns          Nothing
1073 **
1074 *******************************************************************************/
NFC_SetStaticRfCback(tNFC_CONN_CBACK * p_cback)1075 void NFC_SetStaticRfCback(tNFC_CONN_CBACK* p_cback) {
1076   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1077 
1078   p_cb->p_cback = p_cback;
1079   /* just in case DH has received NCI data before the data callback is set
1080    * check if there's any data event to report on this connection id */
1081   nfc_data_event(p_cb);
1082 }
1083 
1084 /*******************************************************************************
1085 **
1086 ** Function         NFC_SetReassemblyFlag
1087 **
1088 ** Description      This function is called to set if nfc will reassemble
1089 **                  nci packet as much as its buffer can hold or it should not
1090 **                  reassemble but forward the fragmented nci packet to layer
1091 **                  above. If nci data pkt is fragmented, nfc may send multiple
1092 **                  NFC_DATA_CEVT with status NFC_STATUS_CONTINUE before sending
1093 **                  NFC_DATA_CEVT with status NFC_STATUS_OK based on reassembly
1094 **                  configuration and reassembly buffer size
1095 **
1096 ** Parameters       reassembly - flag to indicate if nfc may reassemble or not
1097 **
1098 ** Returns          Nothing
1099 **
1100 *******************************************************************************/
NFC_SetReassemblyFlag(bool reassembly)1101 void NFC_SetReassemblyFlag(bool reassembly) { nfc_cb.reassembly = reassembly; }
1102 
1103 /*******************************************************************************
1104 **
1105 ** Function         NFC_SendData
1106 **
1107 ** Description      This function is called to send the given data packet
1108 **                  to the connection identified by the given connection id.
1109 **
1110 ** Parameters       conn_id - the connection id.
1111 **                  p_data - the data packet.
1112 **                  p_data->offset must be >= NCI_MSG_OFFSET_SIZE +
1113 **                  NCI_DATA_HDR_SIZE
1114 **                  The data payload starts at
1115 **                  ((uint8_t *) (p_data + 1) + p_data->offset)
1116 **
1117 ** Returns          tNFC_STATUS
1118 **
1119 *******************************************************************************/
NFC_SendData(uint8_t conn_id,NFC_HDR * p_data)1120 tNFC_STATUS NFC_SendData(uint8_t conn_id, NFC_HDR* p_data) {
1121   tNFC_STATUS status = NFC_STATUS_FAILED;
1122   tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1123 
1124   if (p_cb && p_data &&
1125       p_data->offset >= NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE) {
1126     status = nfc_ncif_send_data(p_cb, p_data);
1127   }
1128 
1129   if (status != NFC_STATUS_OK) GKI_freebuf(p_data);
1130 
1131   return status;
1132 }
1133 
1134 /*******************************************************************************
1135 **
1136 ** Function         NFC_FlushData
1137 **
1138 ** Description      This function is called to discard the tx data queue of
1139 **                  the given connection id.
1140 **
1141 ** Parameters       conn_id - the connection id.
1142 **
1143 ** Returns          tNFC_STATUS
1144 **
1145 *******************************************************************************/
NFC_FlushData(uint8_t conn_id)1146 tNFC_STATUS NFC_FlushData(uint8_t conn_id) {
1147   tNFC_STATUS status = NFC_STATUS_FAILED;
1148   tNFC_CONN_CB* p_cb = nfc_find_conn_cb_by_conn_id(conn_id);
1149   void* p_buf;
1150 
1151   if (p_cb) {
1152     status = NFC_STATUS_OK;
1153     while ((p_buf = GKI_dequeue(&p_cb->tx_q)) != nullptr) GKI_freebuf(p_buf);
1154   }
1155 
1156   return status;
1157 }
1158 
1159 /*******************************************************************************
1160 **
1161 ** Function         NFC_Deactivate
1162 **
1163 ** Description      This function is called to stop the discovery process or
1164 **                  put the listen device in sleep mode or terminate the NFC
1165 **                  link.
1166 **
1167 **                  The response from NFCC is reported by tNFC_DISCOVER_CBACK
1168 **                  as NFC_DEACTIVATE_DEVT.
1169 **
1170 ** Parameters       deactivate_type - NFC_DEACTIVATE_TYPE_IDLE, to IDLE mode.
1171 **                                    NFC_DEACTIVATE_TYPE_SLEEP to SLEEP mode.
1172 **                                    NFC_DEACTIVATE_TYPE_SLEEP_AF to SLEEP_AF
1173 **                                    mode.
1174 **
1175 ** Returns          tNFC_STATUS
1176 **
1177 *******************************************************************************/
NFC_Deactivate(tNFC_DEACT_TYPE deactivate_type)1178 tNFC_STATUS NFC_Deactivate(tNFC_DEACT_TYPE deactivate_type) {
1179   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
1180   tNFC_STATUS status = NFC_STATUS_OK;
1181 
1182   LOG(VERBOSE) << StringPrintf(
1183       "NFC_Deactivate %d (%s) deactivate_type:%d", nfc_cb.nfc_state,
1184       nfc_state_name(nfc_cb.nfc_state).c_str(), deactivate_type);
1185 
1186   if (nfc_cb.flags & NFC_FL_DISCOVER_PENDING) {
1187     /* the HAL pre-discover is still active - clear the pending flag */
1188     nfc_cb.flags &= ~NFC_FL_DISCOVER_PENDING;
1189     if (!(nfc_cb.flags & NFC_FL_HAL_REQUESTED)) {
1190       /* if HAL did not request for control, clear this bit now */
1191       nfc_cb.flags &= ~NFC_FL_CONTROL_REQUESTED;
1192     }
1193     GKI_freebuf(nfc_cb.p_disc_pending);
1194     nfc_cb.p_disc_pending = nullptr;
1195     return NFC_STATUS_OK;
1196   }
1197 
1198   if (nfc_cb.nfc_state == NFC_STATE_OPEN) {
1199     nfc_set_state(NFC_STATE_CLOSING);
1200     LOG(VERBOSE) << StringPrintf("act_protocol %d credits:%d/%d",
1201                                p_cb->act_protocol, p_cb->init_credits,
1202                                p_cb->num_buff);
1203     if ((p_cb->act_protocol == NCI_PROTOCOL_NFC_DEP) &&
1204         (p_cb->init_credits != p_cb->num_buff)) {
1205       nfc_cb.flags |= NFC_FL_DEACTIVATING;
1206       nfc_cb.deactivate_timer.param = (uintptr_t)deactivate_type;
1207       nfc_start_timer(&nfc_cb.deactivate_timer,
1208                       (uint16_t)(NFC_TTYPE_WAIT_2_DEACTIVATE),
1209                       NFC_DEACTIVATE_TIMEOUT);
1210       return status;
1211     }
1212   }
1213 
1214   status = nci_snd_deactivate_cmd(deactivate_type);
1215   return status;
1216 }
1217 /*******************************************************************************
1218 **
1219 ** Function         NFC_SetPowerSubState
1220 **
1221 ** Description      This function is called to send the power sub state (screen
1222 **                  state) to NFCC. The response from NFCC is reported by
1223 **                  tNFC_RESPONSE_CBACK as NFC_SET_POWER_STATE_REVT.
1224 **
1225 ** Parameters       scree_state
1226 **
1227 ** Returns          tNFC_STATUS
1228 **
1229 *******************************************************************************/
NFC_SetPowerSubState(uint8_t screen_state)1230 tNFC_STATUS NFC_SetPowerSubState(uint8_t screen_state) {
1231   return nci_snd_core_set_power_sub_state(screen_state);
1232 }
1233 /*******************************************************************************
1234 **
1235 ** Function         NFC_UpdateRFCommParams
1236 **
1237 ** Description      This function is called to update RF Communication
1238 **                  parameters once the Frame RF Interface has been activated.
1239 **
1240 **                  The response from NFCC is reported by tNFC_RESPONSE_CBACK
1241 **                  as NFC_RF_COMM_PARAMS_UPDATE_REVT.
1242 **
1243 ** Returns          tNFC_STATUS
1244 **
1245 *******************************************************************************/
NFC_UpdateRFCommParams(tNFC_RF_COMM_PARAMS * p_params)1246 tNFC_STATUS NFC_UpdateRFCommParams(tNFC_RF_COMM_PARAMS* p_params) {
1247   uint8_t tlvs[12];
1248   uint8_t* p = tlvs;
1249   uint8_t data_exch_config;
1250 
1251   /* RF Technology and Mode */
1252   if (p_params->include_rf_tech_mode) {
1253     UINT8_TO_STREAM(p, NCI_RF_PARAM_ID_TECH_N_MODE);
1254     UINT8_TO_STREAM(p, 1);
1255     UINT8_TO_STREAM(p, p_params->rf_tech_n_mode);
1256   }
1257 
1258   /* Transmit Bit Rate */
1259   if (p_params->include_tx_bit_rate) {
1260     UINT8_TO_STREAM(p, NCI_RF_PARAM_ID_TX_BIT_RATE);
1261     UINT8_TO_STREAM(p, 1);
1262     UINT8_TO_STREAM(p, p_params->tx_bit_rate);
1263   }
1264 
1265   /* Receive Bit Rate */
1266   if (p_params->include_tx_bit_rate) {
1267     UINT8_TO_STREAM(p, NCI_RF_PARAM_ID_RX_BIT_RATE);
1268     UINT8_TO_STREAM(p, 1);
1269     UINT8_TO_STREAM(p, p_params->rx_bit_rate);
1270   }
1271 
1272   /* NFC-B Data Exchange Configuration */
1273   if (p_params->include_nfc_b_config) {
1274     UINT8_TO_STREAM(p, NCI_RF_PARAM_ID_B_DATA_EX_PARAM);
1275     UINT8_TO_STREAM(p, 1);
1276 
1277     data_exch_config = (p_params->min_tr0 & 0x03) << 6; /* b7b6 : Mininum TR0 */
1278     data_exch_config |= (p_params->min_tr1 & 0x03)
1279                         << 4; /* b5b4 : Mininum TR1 */
1280     data_exch_config |= (p_params->suppression_eos & 0x01)
1281                         << 3; /* b3 :   Suppression of EoS */
1282     data_exch_config |= (p_params->suppression_sos & 0x01)
1283                         << 2; /* b2 :   Suppression of SoS */
1284     data_exch_config |= (p_params->min_tr2 & 0x03); /* b1b0 : Mininum TR2 */
1285 
1286     UINT8_TO_STREAM(p, data_exch_config);
1287   }
1288 
1289   return nci_snd_parameter_update_cmd(tlvs, (uint8_t)(p - tlvs));
1290 }
1291 
1292 /*******************************************************************************
1293 **
1294 ** Function         NFC_SetPowerOffSleep
1295 **
1296 ** Description      This function closes/opens transport and turns off/on NFCC.
1297 **
1298 ** Returns          tNFC_STATUS
1299 **
1300 *******************************************************************************/
NFC_SetPowerOffSleep(bool enable)1301 tNFC_STATUS NFC_SetPowerOffSleep(bool enable) {
1302   LOG(VERBOSE) << StringPrintf("enable = %d", enable);
1303 
1304   if ((enable == false) &&
1305       (nfc_cb.nfc_state == NFC_STATE_NFCC_POWER_OFF_SLEEP)) {
1306     nfc_cb.flags |= NFC_FL_RESTARTING;
1307 
1308     /* open transport */
1309     nfc_set_state(NFC_STATE_W4_HAL_OPEN);
1310     nfc_cb.p_hal->open(nfc_main_hal_cback, nfc_main_hal_data_cback);
1311 
1312     return NFC_STATUS_OK;
1313   } else if ((enable == true) && (nfc_cb.nfc_state == NFC_STATE_IDLE)) {
1314     /* close transport to turn off NFCC and clean up */
1315     nfc_cb.flags |= NFC_FL_POWER_OFF_SLEEP;
1316     nfc_task_shutdown_nfcc();
1317 
1318     return NFC_STATUS_OK;
1319   }
1320 
1321   LOG(ERROR) << StringPrintf("invalid state = %d", nfc_cb.nfc_state);
1322   return NFC_STATUS_FAILED;
1323 }
1324 
1325 /*******************************************************************************
1326 **
1327 ** Function         NFC_PowerCycleNFCC
1328 **
1329 ** Description      This function turns off and then on NFCC.
1330 **
1331 ** Returns          tNFC_STATUS
1332 **
1333 *******************************************************************************/
NFC_PowerCycleNFCC(void)1334 tNFC_STATUS NFC_PowerCycleNFCC(void) {
1335   LOG(VERBOSE) << __func__;
1336 
1337   if (nfc_cb.nfc_state == NFC_STATE_IDLE) {
1338     /* power cycle NFCC */
1339     nfc_cb.flags |= NFC_FL_POWER_CYCLE_NFCC;
1340     nfc_task_shutdown_nfcc();
1341 
1342     return NFC_STATUS_OK;
1343   }
1344 
1345   LOG(ERROR) << StringPrintf("invalid state = %d", nfc_cb.nfc_state);
1346   return NFC_STATUS_FAILED;
1347 }
1348 
1349 /*******************************************************************************
1350 **
1351 ** Function         NFC_GetNCIVersion
1352 **
1353 ** Description      Called by higher layer to get the current nci
1354 **                  version of nfc.
1355 **
1356 ** Returns          NCI version NCI2.0 / NCI1.0
1357 **
1358 *******************************************************************************/
NFC_GetNCIVersion()1359 uint8_t NFC_GetNCIVersion() { return nfc_cb.nci_version; }
1360 
1361 /*******************************************************************************
1362 **
1363 ** Function         NFC_ISODEPNakPresCheck
1364 **
1365 ** Description      This function is called to send the ISO DEP nak presenc
1366 **                  check cmd to check that the remote end point in RF field.
1367 **
1368 **                  The response from NFCC is reported by call back.The ntf
1369 **                  indicates success if card is present in field or failed
1370 **                  if card is lost.
1371 **
1372 ** Returns          tNFC_STATUS
1373 **
1374 *******************************************************************************/
NFC_ISODEPNakPresCheck()1375 tNFC_STATUS NFC_ISODEPNakPresCheck() {
1376   return nci_snd_iso_dep_nak_presence_check_cmd();
1377 }
1378 
1379 /*******************************************************************************
1380 **
1381 ** Function         NFC_SetStaticHciCback
1382 **
1383 ** Description      This function is called to update the data callback function
1384 **                  to receive the data for the static Hci connection id.
1385 **
1386 ** Parameters       p_cback - the connection callback function
1387 **
1388 ** Returns          Nothing
1389 **
1390 *******************************************************************************/
NFC_SetStaticHciCback(tNFC_CONN_CBACK * p_cback)1391 void NFC_SetStaticHciCback(tNFC_CONN_CBACK* p_cback) {
1392   LOG(VERBOSE) << StringPrintf("%s dest: %d", __func__, NCI_DEST_TYPE_NFCEE);
1393   tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_HCI_CONN_ID];
1394   tNFC_CONN evt_data;
1395 
1396   p_cb->p_cback = p_cback;
1397   if (p_cback && p_cb->buff_size && p_cb->num_buff) {
1398     LOG(VERBOSE) << StringPrintf("%s dest: %d", __func__, NCI_DEST_TYPE_NFCEE);
1399     evt_data.conn_create.status = NFC_STATUS_OK;
1400     evt_data.conn_create.dest_type = NCI_DEST_TYPE_NFCEE;
1401     evt_data.conn_create.id = p_cb->id;
1402     evt_data.conn_create.buff_size = p_cb->buff_size;
1403     evt_data.conn_create.num_buffs = p_cb->num_buff;
1404     (*p_cback)(NFC_HCI_CONN_ID, NFC_CONN_CREATE_CEVT, &evt_data);
1405   }
1406 }
1407 
1408 /*******************************************************************************
1409 **
1410 ** Function         NFC_GetStatusName
1411 **
1412 ** Description      This function returns the status name.
1413 **
1414 ** NOTE             conditionally compiled to save memory.
1415 **
1416 ** Returns          pointer to the name
1417 **
1418 *******************************************************************************/
NFC_GetStatusName(tNFC_STATUS status)1419 std::string NFC_GetStatusName(tNFC_STATUS status) {
1420   switch (status) {
1421     case NFC_STATUS_OK:
1422       return "OK";
1423     case NFC_STATUS_REJECTED:
1424       return "REJECTED";
1425     case NFC_STATUS_MSG_CORRUPTED:
1426       return "CORRUPTED";
1427     case NFC_STATUS_BUFFER_FULL:
1428       return "BUFFER_FULL";
1429     case NFC_STATUS_FAILED:
1430       return "FAILED";
1431     case NFC_STATUS_NOT_INITIALIZED:
1432       return "NOT_INITIALIZED";
1433     case NFC_STATUS_SYNTAX_ERROR:
1434       return "SYNTAX_ERROR";
1435     case NFC_STATUS_SEMANTIC_ERROR:
1436       return "SEMANTIC_ERROR";
1437     case NFC_STATUS_UNKNOWN_GID:
1438       return "UNKNOWN_GID";
1439     case NFC_STATUS_UNKNOWN_OID:
1440       return "UNKNOWN_OID";
1441     case NFC_STATUS_INVALID_PARAM:
1442       return "INVALID_PARAM";
1443     case NFC_STATUS_MSG_SIZE_TOO_BIG:
1444       return "MSG_SIZE_TOO_BIG";
1445     case NFC_STATUS_ALREADY_STARTED:
1446       return "ALREADY_STARTED";
1447     case NFC_STATUS_ACTIVATION_FAILED:
1448       return "ACTIVATION_FAILED";
1449     case NFC_STATUS_TEAR_DOWN:
1450       return "TEAR_DOWN";
1451     case NFC_STATUS_RF_TRANSMISSION_ERR:
1452       return "RF_TRANSMISSION_ERR";
1453     case NFC_STATUS_RF_PROTOCOL_ERR:
1454       return "RF_PROTOCOL_ERR";
1455     case NFC_STATUS_TIMEOUT:
1456       return "TIMEOUT";
1457     case NFC_STATUS_EE_INTF_ACTIVE_FAIL:
1458       return "EE_INTF_ACTIVE_FAIL";
1459     case NFC_STATUS_EE_TRANSMISSION_ERR:
1460       return "EE_TRANSMISSION_ERR";
1461     case NFC_STATUS_EE_PROTOCOL_ERR:
1462       return "EE_PROTOCOL_ERR";
1463     case NFC_STATUS_EE_TIMEOUT:
1464       return "EE_TIMEOUT";
1465     case NFC_STATUS_CMD_STARTED:
1466       return "CMD_STARTED";
1467     case NFC_STATUS_HW_TIMEOUT:
1468       return "HW_TIMEOUT";
1469     case NFC_STATUS_CONTINUE:
1470       return "CONTINUE";
1471     case NFC_STATUS_REFUSED:
1472       return "REFUSED";
1473     case NFC_STATUS_BAD_RESP:
1474       return "BAD_RESP";
1475     case NFC_STATUS_CMD_NOT_CMPLTD:
1476       return "CMD_NOT_CMPLTD";
1477     case NFC_STATUS_NO_BUFFERS:
1478       return "NO_BUFFERS";
1479     case NFC_STATUS_WRONG_PROTOCOL:
1480       return "WRONG_PROTOCOL";
1481     case NFC_STATUS_BUSY:
1482       return "BUSY";
1483     case NFC_STATUS_LINK_LOSS:
1484       return "LINK_LOSS";
1485     case NFC_STATUS_BAD_LENGTH:
1486       return "BAD_LENGTH";
1487     case NFC_STATUS_BAD_HANDLE:
1488       return "BAD_HANDLE";
1489     case NFC_STATUS_CONGESTED:
1490       return "CONGESTED";
1491     default:
1492       return "UNKNOWN";
1493   }
1494 }
1495