feat(nimble): authorization permission on gatt read and write

nimble/host/include/host/ble_gap.h

@@ -159,6 +159,7 @@ struct hci_conn_update;
 #define BLE_GAP_EVENT_TEST_UPDATE           30
 #define BLE_GAP_EVENT_DATA_LEN_CHG          31
 #define BLE_GAP_EVENT_LINK_ESTAB            32
+#define BLE_GAP_EVENT_AUTHORIZE             33
 
 /* DTM events */
 #define BLE_GAP_DTM_TX_START_EVT            0
@@ -194,6 +195,10 @@ struct hci_conn_update;
 
 /** @} */
 
+/* Response values for gatt read/write authorization event */
+#define BLE_GAP_AUTHORIZE_ACCEPT            1
+#define BLE_GAP_AUTHORIZE_REJECT            2
+
 /** Connection security state */
 struct ble_gap_sec_state {
     /** If connection is encrypted */
@@ -1114,6 +1119,31 @@ struct ble_gap_event {
         } subrate_change;
 #endif
 
+        /**
+         * GATT Authorization Event. Ask the user to authorize a GATT
+         * read/write operation.
+         *
+         * Valid for the following event types:
+         * o BLE_GAP_EVENT_AUTHORIZE
+         *
+         * Valid responses from user:
+         * o BLE_GAP_AUTHORIZE_ACCEPT
+         * o BLE_GAP_AUTHORIZE_REJECT
+         */
+        struct {
+            /* Connection Handle */
+            uint16_t conn_handle;
+
+            /* Attribute handle of the attribute being accessed. */
+            uint16_t attr_handle;
+
+            /* Weather the operation is a read or write operation. */
+            int is_read;
+
+            /* User's response */
+            int out_response;
+        } authorize;
+
 #if MYNEWT_VAL(BLE_ENABLE_CONN_REATTEMPT)
 	/**
 	 * Represents a event mentioning connection reattempt

nimble/host/src/ble_att_svr.c

@@ -318,6 +318,14 @@ ble_att_svr_check_perms(uint16_t conn_handle, int is_read,
 
     if (author) {
         /* XXX: Prompt user for authorization. */
+        conn = ble_hs_conn_find(conn_handle);
+        if(!conn->bhc_sec_state.authorize){
+            rc = ble_gap_authorize_event(conn_handle, entry->ha_handle_id, is_read);
+            if (rc == BLE_GAP_AUTHORIZE_REJECT) {
+                *out_att_err = BLE_ATT_ERR_INSUFFICIENT_AUTHOR;
+                return BLE_HS_ATT_ERR(*out_att_err);
+            }
+        }
     }
 
     return 0;

nimble/host/src/ble_gap.c

@@ -7126,6 +7126,32 @@ ble_gap_vs_hci_event(const void *buf, uint8_t len)
 }
 #endif
 
+int
+ble_gap_authorize_event(uint16_t conn_handle, uint16_t attr_handle,
+                        int is_read)
+{
+#if MYNEWT_VAL(BLE_ROLE_PERIPHERAL)
+    struct ble_gap_event event;
+
+    memset(&event, 0, sizeof event);
+    event.type = BLE_GAP_EVENT_AUTHORIZE;
+    event.authorize.conn_handle = conn_handle;
+    event.authorize.attr_handle = attr_handle;
+    event.authorize.is_read = is_read;
+
+    ble_gap_call_conn_event_cb(&event, conn_handle);
+
+    /* Make sure reject is sent back if the application
+     * sets response to anything but accept.
+     */
+    if (event.authorize.out_response != BLE_GAP_AUTHORIZE_ACCEPT) {
+        return BLE_GAP_AUTHORIZE_REJECT;
+    }
+    return event.authorize.out_response;
+#endif
+    return BLE_GAP_AUTHORIZE_REJECT;
+}
+
 /*****************************************************************************
  * $preempt                                                                  *
  *****************************************************************************/

nimble/host/src/ble_gap_priv.h

@@ -138,6 +138,7 @@ void ble_gap_mtu_event(uint16_t conn_handle, uint16_t cid, uint16_t mtu);
 void ble_gap_identity_event(uint16_t conn_handle);
 int ble_gap_repeat_pairing_event(const struct ble_gap_repeat_pairing *rp);
 void ble_gap_vs_hci_event(const void *buf, uint8_t len);
+int ble_gap_authorize_event(uint16_t conn_handle, uint16_t attr_handle, int is_read);
 int ble_gap_master_in_progress(void);
 
 void ble_gap_preempt(void);