qcacld-2.0: Add access policy for vendor IE

User configures vendor IE and access policy to allow or deny
association. PE should allow or deny connection based on access
policy and presence of vendor ie in probe request/association
request frame.

Change-Id: Ia2714ba07a67602e552a6f43928f02de0d4d0b9b
CRs-Fixed: 1020078

11 files changed, 180 insertions, 1 deletions

diff --git a/CORE/MAC/inc/sirApi.h b/CORE/MAC/inc/sirApi.h
index 311f5d805810..86a7cc0bd2ac 100644
--- a/CORE/MAC/inc/sirApi.h
+++ b/CORE/MAC/inc/sirApi.h
@@ -7470,4 +7470,20 @@ struct sir_set_tx_rx_aggregation_size {
 	uint32_t rx_aggregation_size;
 };
 
+/**
+ * struct sme_update_access_policy_vendor_ie - update vendor ie and access
+ * policy
+ * @msg_type: message id
+ * @msg_len: message length
+ * @sme_session_id: sme session id
+ * @ie: vendor ie
+ * @access_policy: access policy for vendor ie
+ */
+struct sme_update_access_policy_vendor_ie {
+	uint16_t             msg_type;
+	uint16_t             length;
+	uint32_t             sme_session_id;
+	uint8_t              ie[SIR_MAC_MAX_IE_LENGTH];
+	uint8_t              access_policy;
+};
 #endif /* __SIR_API_H */
diff --git a/CORE/MAC/inc/wniApi.h b/CORE/MAC/inc/wniApi.h
index 3fc70f4f59f0..ee0e37bfcddb 100644
--- a/CORE/MAC/inc/wniApi.h
+++ b/CORE/MAC/inc/wniApi.h
@@ -418,6 +418,7 @@ enum eWniMsgTypes
     eWNI_SME_NDP_PEER_DEPARTED_IND,
     eWNI_SME_NDP_END_IND,
     eWNI_SME_REGISTER_P2P_ACK_CB,
+    eWNI_SME_UPDATE_ACCESS_POLICY_VENDOR_IE,
 
     eWNI_SME_MSG_TYPES_END
 };
diff --git a/CORE/MAC/src/pe/include/limApi.h b/CORE/MAC/src/pe/include/limApi.h
index 5c9fc02e4a1c..05c1921a4786 100644
--- a/CORE/MAC/src/pe/include/limApi.h
+++ b/CORE/MAC/src/pe/include/limApi.h
@@ -95,6 +95,22 @@
 #define LIM_SET_RADAR_DETECTED(pMac, val)   (pMac->lim.gLimSpecMgmt.fRadarDetCurOperChan = val)
 #define LIM_MIN_BCN_PR_LENGTH  12
 #define LIM_BCN_PR_CAPABILITY_OFFSET 10
+#define LIM_ASSOC_REQ_IE_OFFSET      4
+
+/**
+ * enum lim_vendor_ie_access_policy - vendor ie access policy
+ * @LIM_ACCESS_POLICY_NONE: access policy not valid
+ * @LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT: respond only if vendor ie
+ *         is present in probe request and assoc request frames
+ * @LIM_ACCESS_POLICY_DONOT_RESPOND_IF_IE_IS_PRESENT: do not respond if vendor
+ *         ie is present in probe request or assoc request frames
+ */
+enum lim_vendor_ie_access_policy {
+	LIM_ACCESS_POLICY_NONE,
+	LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT,
+	LIM_ACCESS_POLICY_DONOT_RESPOND_IF_IE_IS_PRESENT,
+};
+
 typedef enum eMgmtFrmDropReason
 {
     eMGMT_DROP_NO_DROP,
diff --git a/CORE/MAC/src/pe/include/limSession.h b/CORE/MAC/src/pe/include/limSession.h
index b59f3dc5dd9e..b085edb4f27f 100644
--- a/CORE/MAC/src/pe/include/limSession.h
+++ b/CORE/MAC/src/pe/include/limSession.h
@@ -506,7 +506,7 @@ typedef struct sPESession           // Added to Support BT-AMP
     uint8_t vendor_specific_vht_ie_sub_type;
     bool vendor_vht_for_24ghz_sap;
     uint16_t beacon_tx_rate;
-    uint8_t *vendor_ie;
+    uint8_t *access_policy_vendor_ie;
     uint8_t access_policy;
 
 } tPESession, *tpPESession;
diff --git a/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c b/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
index c3934ef6bd0d..29774ea19e73 100644
--- a/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessAssocReqFrame.c
@@ -368,6 +368,24 @@ limProcessAssocReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,
         return;
     }
 
+    /* check for the presence of vendor IE */
+    if ((psessionEntry->access_policy_vendor_ie) &&
+            (psessionEntry->access_policy ==
+             LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT)) {
+        if (!cfg_get_vendor_ie_ptr_from_oui(pMac,
+                    &psessionEntry->access_policy_vendor_ie[2],
+                    3, pBody + LIM_ASSOC_REQ_IE_OFFSET, framelen)) {
+            limLog(pMac, LOGE,
+                    FL("Vendor ie not present and access policy is %x, Rejected association"),
+                    psessionEntry->access_policy);
+            limSendAssocRspMgmtFrame(pMac,
+                    eSIR_MAC_UNSPEC_FAILURE_STATUS,
+                    1,
+                    pHdr->sa,
+                    subType, 0,psessionEntry);
+            return;
+        }
+    }
     // Allocate memory for the Assoc Request frame
     pAssocReq = vos_mem_malloc(sizeof(*pAssocReq));
     if (NULL == pAssocReq)
diff --git a/CORE/MAC/src/pe/lim/limProcessMessageQueue.c b/CORE/MAC/src/pe/lim/limProcessMessageQueue.c
index 67bb2110a1e2..582219163cc6 100644
--- a/CORE/MAC/src/pe/lim/limProcessMessageQueue.c
+++ b/CORE/MAC/src/pe/lim/limProcessMessageQueue.c
@@ -1386,6 +1386,7 @@ limProcessMessages(tpAniSirGlobal pMac, tpSirMsgQ  limMsg)
         case eWNI_SME_TDLS_LINK_ESTABLISH_REQ:
 #endif
         case eWNI_SME_RESET_AP_CAPS_CHANGED:
+        case eWNI_SME_UPDATE_ACCESS_POLICY_VENDOR_IE:
             // These messages are from HDD
             limProcessNormalHddMsg(pMac, limMsg, true);  //need to response to hdd
             break;
diff --git a/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c b/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
index a00327363d16..4cef79044b99 100644
--- a/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
@@ -391,6 +391,20 @@ limProcessProbeReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,tpPESession
             // Get pointer to Probe Request frame body
            pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
 
+            /* check for vendor IE presence */
+            if ((psessionEntry->access_policy_vendor_ie) &&
+                    (psessionEntry->access_policy ==
+                     LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT)) {
+                if (!cfg_get_vendor_ie_ptr_from_oui(pMac,
+                            &psessionEntry->access_policy_vendor_ie[2],
+                            3, pBody, frameLen)) {
+                    limLog(pMac, LOG1, FL(
+                                "Vendor IE is not present and access policy is %x, dropping probe request"),
+                            psessionEntry->access_policy);
+                    break;
+                }
+            }
+
             // Parse Probe Request frame
             if (sirConvertProbeReqFrame2Struct(pMac, pBody, frameLen, &probeReq)==eSIR_FAILURE)
             {
@@ -552,6 +566,7 @@ limProcessProbeReqFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo,tpPESession
                       /*We are returning from here as probe request contains the broadcast SSID.
                         So no need to send the probe resp*/
                            return;
+
                     limSendProbeRspMgmtFrame(pMac, pHdr->sa, &ssId, DPH_USE_MGMT_STAID,
                                              DPH_NON_KEEPALIVE_FRAME, psessionEntry,
                                              probeReq.p2pIePresent);
diff --git a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
index c03a833856ae..47572ad2ed18 100644
--- a/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
+++ b/CORE/MAC/src/pe/lim/limProcessSmeReqMessages.c
@@ -5943,6 +5943,60 @@ static void __lim_process_send_disassoc_frame(tpAniSirGlobal mac_ctx,
 }
 
 /**
+ * lim_process_sme_update_access_policy_vendor_ie: function updates vendor IE
+ * access policy
+ * @mac_ctx: pointer to mac context
+ * @msg: message buffer
+ *
+ * function processes vendor IE and access policy from SME and updates PE
+ * session entry
+ *
+ * return: none
+ */
+static void lim_process_sme_update_access_policy_vendor_ie(
+					tpAniSirGlobal mac_ctx,
+					uint32_t *msg)
+{
+	struct sme_update_access_policy_vendor_ie *update_vendor_ie;
+	struct sPESession *pe_session_entry;
+	uint8_t num_bytes;
+
+	if (!msg) {
+		limLog(mac_ctx, LOGE,FL("Buffer is Pointing to NULL"));
+		return;
+	}
+
+	update_vendor_ie = (struct sme_update_access_policy_vendor_ie*) msg;
+
+	pe_session_entry = pe_find_session_by_sme_session_id(mac_ctx,
+			update_vendor_ie->sme_session_id);
+	if (!pe_session_entry) {
+		limLog(mac_ctx, LOGE,
+				FL("Session does not exist for given sme session id(%hu)"),
+				update_vendor_ie->sme_session_id);
+		return;
+	}
+
+	if (pe_session_entry->access_policy_vendor_ie)
+		vos_mem_free(pe_session_entry->access_policy_vendor_ie);
+
+	num_bytes = update_vendor_ie->ie[1] + 2;
+	pe_session_entry->access_policy_vendor_ie = vos_mem_malloc(num_bytes);
+
+	if (!pe_session_entry->access_policy_vendor_ie) {
+		limLog(mac_ctx, LOGE,
+				FL("Failed to allocate memory for vendor ie"));
+		return;
+	}
+
+	vos_mem_copy(pe_session_entry->access_policy_vendor_ie,
+			&update_vendor_ie->ie[0], num_bytes);
+	pe_session_entry->access_policy = update_vendor_ie->access_policy;
+
+	return;
+}
+
+/**
  * limProcessSmeReqMessages()
  *
  *FUNCTION:
@@ -6295,6 +6349,9 @@ limProcessSmeReqMessages(tpAniSirGlobal pMac, tpSirMsgQ pMsg)
         case eWNI_SME_REGISTER_P2P_ACK_CB:
             lim_register_p2p_ack_ind_cb(pMac, pMsgBuf);
             break;
+        case eWNI_SME_UPDATE_ACCESS_POLICY_VENDOR_IE:
+            lim_process_sme_update_access_policy_vendor_ie(pMac, pMsgBuf);
+            break;
         default:
             vos_mem_free((v_VOID_t*)pMsg->bodyptr);
             pMsg->bodyptr = NULL;
diff --git a/CORE/MAC/src/pe/lim/limSession.c b/CORE/MAC/src/pe/lim/limSession.c
index 6fe267edca26..9a5096a195b6 100644
--- a/CORE/MAC/src/pe/lim/limSession.c
+++ b/CORE/MAC/src/pe/lim/limSession.c
@@ -803,6 +803,11 @@ void peDeleteSession(tpAniSirGlobal pMac, tpPESession psessionEntry)
     }
 #endif
 
+    if (psessionEntry->access_policy_vendor_ie)
+        vos_mem_free(psessionEntry->access_policy_vendor_ie);
+
+    psessionEntry->access_policy_vendor_ie = NULL;
+
     psessionEntry->valid = FALSE;
 
     if (LIM_IS_AP_ROLE(psessionEntry))
diff --git a/CORE/SME/inc/sme_Api.h b/CORE/SME/inc/sme_Api.h
index 1fd6aa541408..796fb5e5accc 100644
--- a/CORE/SME/inc/sme_Api.h
+++ b/CORE/SME/inc/sme_Api.h
@@ -4584,5 +4584,9 @@ eHalStatus sme_update_sta_roam_policy(tHalHandle hal_handle,
 		uint8_t session_id);
 eHalStatus sme_register_p2p_ack_ind_callback(tHalHandle hal,
 					sir_p2p_ack_ind_callback callback);
+
 void sme_set_allowed_action_frames(tHalHandle hal, uint32_t bitmap0);
+
+eHalStatus sme_update_access_policy_vendor_ie(tHalHandle hal,
+		uint8_t session_id, uint8_t *vendor_ie, int access_policy);
 #endif //#if !defined( __SME_API_H )
diff --git a/CORE/SME/src/sme_common/sme_Api.c b/CORE/SME/src/sme_common/sme_Api.c
index 3030059a2dad..a3813c53a9fe 100644
--- a/CORE/SME/src/sme_common/sme_Api.c
+++ b/CORE/SME/src/sme_common/sme_Api.c
@@ -19190,3 +19190,49 @@ eHalStatus sme_update_sta_roam_policy(tHalHandle hal_handle,
 	sme_sta_roam_offload_scan(mac_ctx, session_id, reason);
 	return status;
 }
+
+/**
+ * sme_update_access_policy_vendor_ie() - update vendor ie and access policy.
+ * @hal: Pointer to the mac context
+ * @session_id: sme session id
+ * @vendor_ie: vendor ie
+ * @access_policy: vendor ie access policy
+ *
+ * This function updates the vendor ie and access policy to lim.
+ *
+ * Return: success or failure.
+ */
+eHalStatus sme_update_access_policy_vendor_ie(tHalHandle hal,
+		uint8_t session_id, uint8_t *vendor_ie, int access_policy)
+{
+	struct sme_update_access_policy_vendor_ie *msg;
+	uint16_t msg_len;
+	eHalStatus status = eHAL_STATUS_FAILURE;
+	tpAniSirGlobal mac = PMAC_STRUCT(hal);
+
+	msg_len  = sizeof(*msg);
+
+	msg = vos_mem_malloc(msg_len);
+	if (!msg) {
+		smsLog(mac, LOGE,
+			"failed to allocate memory for sme_update_access_policy_vendor_ie");
+		return eHAL_STATUS_FAILURE;
+	}
+
+	vos_mem_set(msg, msg_len, 0);
+	msg->msg_type = pal_cpu_to_be16(
+			(tANI_U16)eWNI_SME_UPDATE_ACCESS_POLICY_VENDOR_IE);
+	msg->length = pal_cpu_to_be16(msg_len);
+
+	vos_mem_copy(&msg->ie[0], vendor_ie, sizeof(msg->ie));
+
+	msg->sme_session_id = session_id;
+	msg->access_policy = access_policy;
+
+	smsLog(mac, LOG1, "sme_session_id %hu, access_policy %d", session_id,
+			access_policy);
+
+	status = palSendMBMessage(mac->hHdd, msg);
+
+	return status;
+}