1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #define LOG_TAG "stack::sdp"
20
21 /******************************************************************************
22 *
23 * This file contains SDP utility functions
24 *
25 ******************************************************************************/
26 #include <bluetooth/log.h>
27 #include <com_android_bluetooth_flags.h>
28
29 #include <array>
30 #include <cstdint>
31 #include <cstring>
32 #include <ostream>
33 #include <type_traits>
34 #include <utility>
35 #include <vector>
36
37 #include "btif/include/btif_config.h"
38 #include "btif/include/stack_manager_t.h"
39 #include "device/include/interop.h"
40 #include "internal_include/bt_target.h"
41 #include "internal_include/bt_trace.h"
42 #include "main/shim/metrics_api.h"
43 #include "osi/include/allocator.h"
44 #include "osi/include/properties.h"
45 #include "stack/include/avrc_api.h"
46 #include "stack/include/avrc_defs.h"
47 #include "stack/include/bt_hdr.h"
48 #include "stack/include/bt_psm_types.h"
49 #include "stack/include/bt_types.h"
50 #include "stack/include/bt_uuid16.h"
51 #include "stack/include/btm_sec_api_types.h"
52 #include "stack/include/l2cap_interface.h"
53 #include "stack/include/sdpdefs.h"
54 #include "stack/sdp/internal/sdp_api.h"
55 #include "stack/sdp/sdpint.h"
56 #include "storage/config_keys.h"
57 #include "types/bluetooth/uuid.h"
58 #include "types/raw_address.h"
59
60 using bluetooth::Uuid;
61 using namespace bluetooth;
62
63 static const uint8_t sdp_base_uuid[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,
64 0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB};
65
66 template <typename T>
to_little_endian_array(T x)67 static std::array<char, sizeof(T)> to_little_endian_array(T x) {
68 static_assert(std::is_integral<T>::value, "to_little_endian_array parameter must be integral.");
69 std::array<char, sizeof(T)> array = {};
70 for (size_t i = 0; i < array.size(); i++) {
71 array[i] = static_cast<char>((x >> (8 * i)) & 0xFF);
72 }
73 return array;
74 }
75
76 /**
77 * Find the list of profile versions from Bluetooth Profile Descriptor list
78 * attribute in a SDP record
79 *
80 * @param p_rec SDP record to search
81 * @return a vector of <UUID, VERSION> pairs, empty if not found
82 */
sdpu_find_profile_version(tSDP_DISC_REC * p_rec)83 static std::vector<std::pair<uint16_t, uint16_t>> sdpu_find_profile_version(tSDP_DISC_REC* p_rec) {
84 std::vector<std::pair<uint16_t, uint16_t>> result;
85 for (tSDP_DISC_ATTR* p_attr = p_rec->p_first_attr; p_attr != nullptr;
86 p_attr = p_attr->p_next_attr) {
87 // Find the profile descriptor list */
88 if (p_attr->attr_id != ATTR_ID_BT_PROFILE_DESC_LIST ||
89 SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != DATA_ELE_SEQ_DESC_TYPE) {
90 continue;
91 }
92 // Walk through the protocol descriptor list
93 for (tSDP_DISC_ATTR* p_sattr = p_attr->attr_value.v.p_sub_attr; p_sattr != nullptr;
94 p_sattr = p_sattr->p_next_attr) {
95 // Safety check - each entry should itself be a sequence
96 if (SDP_DISC_ATTR_TYPE(p_sattr->attr_len_type) != DATA_ELE_SEQ_DESC_TYPE) {
97 log::warn("Descriptor type is not sequence: 0x{:x}",
98 SDP_DISC_ATTR_TYPE(p_sattr->attr_len_type));
99 return std::vector<std::pair<uint16_t, uint16_t>>();
100 }
101 // Now, see if the entry contains the profile UUID we are interested in
102 for (tSDP_DISC_ATTR* p_ssattr = p_sattr->attr_value.v.p_sub_attr; p_ssattr != nullptr;
103 p_ssattr = p_ssattr->p_next_attr) {
104 if (SDP_DISC_ATTR_TYPE(p_ssattr->attr_len_type) != UUID_DESC_TYPE ||
105 SDP_DISC_ATTR_LEN(p_ssattr->attr_len_type) != 2) {
106 continue;
107 }
108 uint16_t uuid = p_ssattr->attr_value.v.u16;
109 // Next attribute should be the version attribute
110 tSDP_DISC_ATTR* version_attr = p_ssattr->p_next_attr;
111 if (version_attr == nullptr ||
112 SDP_DISC_ATTR_TYPE(version_attr->attr_len_type) != UINT_DESC_TYPE ||
113 SDP_DISC_ATTR_LEN(version_attr->attr_len_type) != 2) {
114 if (version_attr == nullptr) {
115 log::warn("version attr not found");
116 } else {
117 log::warn("Bad version type 0x{:x}, or length {}",
118 SDP_DISC_ATTR_TYPE(version_attr->attr_len_type),
119 SDP_DISC_ATTR_LEN(version_attr->attr_len_type));
120 }
121 return std::vector<std::pair<uint16_t, uint16_t>>();
122 }
123 // High order 8 bits is the major number, low order is the
124 // minor number (big endian)
125 uint16_t version = version_attr->attr_value.v.u16;
126 result.emplace_back(uuid, version);
127 }
128 }
129 }
130 return result;
131 }
132
133 /**
134 * Find the most specific 16-bit service uuid represented by a SDP record
135 *
136 * @param p_rec pointer to a SDP record
137 * @return most specific 16-bit service uuid, 0 if not found
138 */
sdpu_find_most_specific_service_uuid(tSDP_DISC_REC * p_rec)139 static uint16_t sdpu_find_most_specific_service_uuid(tSDP_DISC_REC* p_rec) {
140 for (tSDP_DISC_ATTR* p_attr = p_rec->p_first_attr; p_attr != nullptr;
141 p_attr = p_attr->p_next_attr) {
142 if (p_attr->attr_id == ATTR_ID_SERVICE_CLASS_ID_LIST &&
143 SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
144 tSDP_DISC_ATTR* p_first_attr = p_attr->attr_value.v.p_sub_attr;
145 if (p_first_attr == nullptr) {
146 return 0;
147 }
148 if (SDP_DISC_ATTR_TYPE(p_first_attr->attr_len_type) == UUID_DESC_TYPE &&
149 SDP_DISC_ATTR_LEN(p_first_attr->attr_len_type) == 2) {
150 return p_first_attr->attr_value.v.u16;
151 } else if (SDP_DISC_ATTR_TYPE(p_first_attr->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
152 // Workaround for Toyota G Block car kit:
153 // It incorrectly puts an extra data element sequence in this attribute
154 for (tSDP_DISC_ATTR* p_extra_sattr = p_first_attr->attr_value.v.p_sub_attr;
155 p_extra_sattr != nullptr; p_extra_sattr = p_extra_sattr->p_next_attr) {
156 // Return the first UUID data element
157 if (SDP_DISC_ATTR_TYPE(p_extra_sattr->attr_len_type) == UUID_DESC_TYPE &&
158 SDP_DISC_ATTR_LEN(p_extra_sattr->attr_len_type) == 2) {
159 return p_extra_sattr->attr_value.v.u16;
160 }
161 }
162 } else {
163 log::warn("Bad Service Class ID list attribute");
164 return 0;
165 }
166 } else if (p_attr->attr_id == ATTR_ID_SERVICE_ID) {
167 if (SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UUID_DESC_TYPE &&
168 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == 2) {
169 return p_attr->attr_value.v.u16;
170 }
171 }
172 }
173 return 0;
174 }
175
sdpu_log_attribute_metrics(const RawAddress & bda,tSDP_DISCOVERY_DB * p_db)176 void sdpu_log_attribute_metrics(const RawAddress& bda, tSDP_DISCOVERY_DB* p_db) {
177 log::assert_that(p_db != nullptr, "assert failed: p_db != nullptr");
178 bool has_di_record = false;
179 for (tSDP_DISC_REC* p_rec = p_db->p_first_rec; p_rec != nullptr; p_rec = p_rec->p_next_rec) {
180 uint16_t service_uuid = sdpu_find_most_specific_service_uuid(p_rec);
181 if (service_uuid == 0) {
182 log::info("skipping record without service uuid {}", bda);
183 continue;
184 }
185 // Log the existence of a profile role
186 // This can be different from Bluetooth Profile Descriptor List
187 bluetooth::shim::LogMetricSdpAttribute(bda, service_uuid, 0, 0, nullptr);
188 // Log profile version from Bluetooth Profile Descriptor List
189 auto uuid_version_array = sdpu_find_profile_version(p_rec);
190 for (const auto& uuid_version_pair : uuid_version_array) {
191 uint16_t profile_uuid = uuid_version_pair.first;
192 uint16_t version = uuid_version_pair.second;
193 auto version_array = to_little_endian_array(version);
194 bluetooth::shim::LogMetricSdpAttribute(bda, profile_uuid, ATTR_ID_BT_PROFILE_DESC_LIST,
195 version_array.size(), version_array.data());
196 }
197 // Log protocol version from Protocol Descriptor List
198 uint16_t protocol_uuid = 0;
199 switch (service_uuid) {
200 case UUID_SERVCLASS_AUDIO_SOURCE:
201 case UUID_SERVCLASS_AUDIO_SINK:
202 protocol_uuid = UUID_PROTOCOL_AVDTP;
203 break;
204 case UUID_SERVCLASS_AV_REMOTE_CONTROL:
205 case UUID_SERVCLASS_AV_REM_CTRL_CONTROL:
206 case UUID_SERVCLASS_AV_REM_CTRL_TARGET:
207 protocol_uuid = UUID_PROTOCOL_AVCTP;
208 break;
209 case UUID_SERVCLASS_PANU:
210 case UUID_SERVCLASS_GN:
211 protocol_uuid = UUID_PROTOCOL_BNEP;
212 break;
213 }
214 if (protocol_uuid != 0) {
215 tSDP_PROTOCOL_ELEM protocol_elements = {};
216 if (SDP_FindProtocolListElemInRec(p_rec, protocol_uuid, &protocol_elements)) {
217 if (protocol_elements.num_params >= 1) {
218 uint16_t version = protocol_elements.params[0];
219 auto version_array = to_little_endian_array(version);
220 bluetooth::shim::LogMetricSdpAttribute(bda, protocol_uuid, ATTR_ID_PROTOCOL_DESC_LIST,
221 version_array.size(), version_array.data());
222 }
223 }
224 }
225 // Log profile supported features from various supported feature attributes
226 switch (service_uuid) {
227 case UUID_SERVCLASS_AG_HANDSFREE:
228 case UUID_SERVCLASS_HF_HANDSFREE:
229 case UUID_SERVCLASS_AV_REMOTE_CONTROL:
230 case UUID_SERVCLASS_AV_REM_CTRL_CONTROL:
231 case UUID_SERVCLASS_AV_REM_CTRL_TARGET:
232 case UUID_SERVCLASS_AUDIO_SOURCE:
233 case UUID_SERVCLASS_AUDIO_SINK: {
234 tSDP_DISC_ATTR* p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
235 if (p_attr == nullptr || SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != UINT_DESC_TYPE ||
236 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) < 2) {
237 break;
238 }
239 uint16_t supported_features = p_attr->attr_value.v.u16;
240 auto version_array = to_little_endian_array(supported_features);
241 bluetooth::shim::LogMetricSdpAttribute(bda, service_uuid, ATTR_ID_SUPPORTED_FEATURES,
242 version_array.size(), version_array.data());
243 break;
244 }
245 case UUID_SERVCLASS_MESSAGE_NOTIFICATION:
246 case UUID_SERVCLASS_MESSAGE_ACCESS: {
247 tSDP_DISC_ATTR* p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_MAP_SUPPORTED_FEATURES);
248 if (p_attr == nullptr || SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != UINT_DESC_TYPE ||
249 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) < 4) {
250 break;
251 }
252 uint32_t map_supported_features = p_attr->attr_value.v.u32;
253 auto features_array = to_little_endian_array(map_supported_features);
254 bluetooth::shim::LogMetricSdpAttribute(bda, service_uuid, ATTR_ID_MAP_SUPPORTED_FEATURES,
255 features_array.size(), features_array.data());
256 break;
257 }
258 case UUID_SERVCLASS_PBAP_PCE:
259 case UUID_SERVCLASS_PBAP_PSE: {
260 tSDP_DISC_ATTR* p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_PBAP_SUPPORTED_FEATURES);
261 if (p_attr == nullptr || SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != UINT_DESC_TYPE ||
262 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) < 4) {
263 break;
264 }
265 uint32_t pbap_supported_features = p_attr->attr_value.v.u32;
266 auto features_array = to_little_endian_array(pbap_supported_features);
267 bluetooth::shim::LogMetricSdpAttribute(bda, service_uuid, ATTR_ID_PBAP_SUPPORTED_FEATURES,
268 features_array.size(), features_array.data());
269 break;
270 }
271 }
272 if (service_uuid == UUID_SERVCLASS_PNP_INFORMATION) {
273 has_di_record = true;
274 }
275 }
276 // Log the first DI record if there is one
277 if (has_di_record) {
278 tSDP_DI_GET_RECORD di_record = {};
279 if (SDP_GetDiRecord(1, &di_record, p_db) == tSDP_STATUS::SDP_SUCCESS) {
280 auto version_array = to_little_endian_array(di_record.spec_id);
281 bluetooth::shim::LogMetricSdpAttribute(bda, UUID_SERVCLASS_PNP_INFORMATION,
282 ATTR_ID_SPECIFICATION_ID, version_array.size(),
283 version_array.data());
284 std::stringstream ss;
285 // [N - native]::SDP::[DIP - Device ID Profile]
286 ss << "N:SDP::DIP::" << loghex(di_record.rec.vendor_id_source);
287 bluetooth::shim::LogMetricManufacturerInfo(
288 bda, android::bluetooth::AddressTypeEnum::ADDRESS_TYPE_PUBLIC,
289 android::bluetooth::DeviceInfoSrcEnum::DEVICE_INFO_INTERNAL, ss.str(),
290 loghex(di_record.rec.vendor), loghex(di_record.rec.product),
291 loghex(di_record.rec.version), "");
292
293 std::string bda_string = bda.ToString();
294 // write manufacturer, model, HW version to config
295 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_MANUFACTURER, di_record.rec.vendor);
296 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_MODEL, di_record.rec.product);
297 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_HW_VERSION, di_record.rec.version);
298 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_VENDOR_ID_SRC,
299 di_record.rec.vendor_id_source);
300 }
301 }
302 }
303
304 /*******************************************************************************
305 *
306 * Function sdpu_find_ccb_by_cid
307 *
308 * Description This function searches the CCB table for an entry with the
309 * passed CID.
310 *
311 * Returns the CCB address, or NULL if not found.
312 *
313 ******************************************************************************/
sdpu_find_ccb_by_cid(uint16_t cid)314 tCONN_CB* sdpu_find_ccb_by_cid(uint16_t cid) {
315 uint16_t xx;
316 tCONN_CB* p_ccb{};
317
318 /* Look through each connection control block */
319 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
320 if ((p_ccb->con_state != tSDP_STATE::IDLE) && (p_ccb->con_state != tSDP_STATE::CONN_PEND) &&
321 (p_ccb->connection_id == cid)) {
322 return p_ccb;
323 }
324 }
325
326 /* If here, not found */
327 return NULL;
328 }
329
330 /*******************************************************************************
331 *
332 * Function sdpu_find_ccb_by_db
333 *
334 * Description This function searches the CCB table for an entry with the
335 * passed discovery db.
336 *
337 * Returns the CCB address, or NULL if not found.
338 *
339 ******************************************************************************/
sdpu_find_ccb_by_db(const tSDP_DISCOVERY_DB * p_db)340 tCONN_CB* sdpu_find_ccb_by_db(const tSDP_DISCOVERY_DB* p_db) {
341 uint16_t xx;
342 tCONN_CB* p_ccb{};
343
344 if (p_db) {
345 /* Look through each connection control block */
346 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
347 if ((p_ccb->con_state != tSDP_STATE::IDLE) && (p_ccb->p_db == p_db)) {
348 return p_ccb;
349 }
350 }
351 }
352 /* If here, not found */
353 return NULL;
354 }
355
356 /*******************************************************************************
357 *
358 * Function sdpu_allocate_ccb
359 *
360 * Description This function allocates a new CCB.
361 *
362 * Returns CCB address, or NULL if none available.
363 *
364 ******************************************************************************/
sdpu_allocate_ccb(void)365 tCONN_CB* sdpu_allocate_ccb(void) {
366 uint16_t xx;
367 tCONN_CB* p_ccb{};
368
369 /* Look through each connection control block for a free one */
370 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
371 if (p_ccb->con_state == tSDP_STATE::IDLE) {
372 alarm_t* alarm = p_ccb->sdp_conn_timer;
373 *p_ccb = {};
374 p_ccb->sdp_conn_timer = alarm;
375 return p_ccb;
376 }
377 }
378
379 /* If here, no free CCB found */
380 return NULL;
381 }
382
383 /*******************************************************************************
384 *
385 * Function sdpu_callback
386 *
387 * Description Tell the user if they have a callback
388 *
389 * Returns void
390 *
391 ******************************************************************************/
sdpu_callback(const tCONN_CB & ccb,tSDP_REASON reason)392 void sdpu_callback(const tCONN_CB& ccb, tSDP_REASON reason) {
393 if (ccb.p_cb) {
394 (ccb.p_cb)(ccb.device_address, reason);
395 } else if (ccb.complete_callback) {
396 ccb.complete_callback.Run(ccb.device_address, reason);
397 }
398 }
399
400 /*******************************************************************************
401 *
402 * Function sdpu_release_ccb
403 *
404 * Description This function releases a CCB.
405 *
406 * Returns void
407 *
408 ******************************************************************************/
sdpu_release_ccb(tCONN_CB & ccb)409 void sdpu_release_ccb(tCONN_CB& ccb) {
410 /* Ensure timer is stopped */
411 alarm_cancel(ccb.sdp_conn_timer);
412
413 /* Drop any response pointer we may be holding */
414 ccb.con_state = tSDP_STATE::IDLE;
415 ccb.is_attr_search = false;
416
417 /* Free the response buffer */
418 if (ccb.rsp_list) {
419 log::verbose("releasing SDP rsp_list");
420 }
421 osi_free_and_reset(reinterpret_cast<void**>(&ccb.rsp_list));
422 }
423
424 /*******************************************************************************
425 *
426 * Function sdpu_dump_all_ccb
427 *
428 * Description Dump relevant data for all control blocks.
429 *
430 * Returns void
431 *
432 ******************************************************************************/
sdpu_dump_all_ccb()433 void sdpu_dump_all_ccb() {
434 uint16_t xx{};
435 tCONN_CB* p_ccb{};
436
437 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
438 log::info("peer:{} cid:{} state:{} flags:{} ", p_ccb->device_address, p_ccb->connection_id,
439 sdp_state_text(p_ccb->con_state), sdp_flags_text(p_ccb->con_flags));
440 }
441 }
442
443 /*******************************************************************************
444 *
445 * Function sdpu_get_active_ccb_cid
446 *
447 * Description This function checks if any sdp connecting is there for
448 * same remote and returns cid if its available
449 *
450 * RawAddress : Remote address
451 *
452 * Returns returns cid if any active sdp connection, else 0.
453 *
454 ******************************************************************************/
sdpu_get_active_ccb_cid(const RawAddress & bd_addr)455 uint16_t sdpu_get_active_ccb_cid(const RawAddress& bd_addr) {
456 uint16_t xx;
457 tCONN_CB* p_ccb{};
458
459 // Look through each connection control block for active sdp on given remote
460 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
461 if ((p_ccb->con_state == tSDP_STATE::CONN_SETUP) ||
462 (p_ccb->con_state == tSDP_STATE::CFG_SETUP) ||
463 (p_ccb->con_state == tSDP_STATE::CONNECTED)) {
464 if (p_ccb->con_flags & SDP_FLAGS_IS_ORIG && p_ccb->device_address == bd_addr) {
465 return p_ccb->connection_id;
466 }
467 }
468 }
469
470 // No active sdp channel for this remote
471 return 0;
472 }
473
474 /*******************************************************************************
475 *
476 * Function sdpu_process_pend_ccb
477 *
478 * Description This function process if any sdp ccb pending for connection
479 * and reuse the same connection id
480 *
481 * tCONN_CB&: connection control block that trigget the process
482 *
483 * Returns returns true if any pending ccb, else false.
484 *
485 ******************************************************************************/
sdpu_process_pend_ccb_same_cid(const tCONN_CB & ccb)486 bool sdpu_process_pend_ccb_same_cid(const tCONN_CB& ccb) {
487 uint16_t xx;
488 tCONN_CB* p_ccb{};
489
490 // Look through each connection control block for active sdp on given remote
491 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
492 if ((p_ccb->con_state == tSDP_STATE::CONN_PEND) &&
493 (p_ccb->connection_id == ccb.connection_id) && (p_ccb->con_flags & SDP_FLAGS_IS_ORIG)) {
494 p_ccb->con_state = tSDP_STATE::CONNECTED;
495 sdp_disc_connected(p_ccb);
496 return true;
497 }
498 }
499 // No pending SDP channel for this remote
500 return false;
501 }
502
503 /*******************************************************************************
504 *
505 * Function sdpu_process_pend_ccb_new_cid
506 *
507 * Description This function process if any sdp ccb pending for connection
508 * and update their connection id with a new L2CA connection
509 *
510 * tCONN_CB&: connection control block that trigget the process
511 *
512 * Returns returns true if any pending ccb, else false.
513 *
514 ******************************************************************************/
sdpu_process_pend_ccb_new_cid(const tCONN_CB & ccb)515 bool sdpu_process_pend_ccb_new_cid(const tCONN_CB& ccb) {
516 uint16_t xx;
517 tCONN_CB* p_ccb{};
518 uint16_t new_cid = 0;
519 bool new_conn = false;
520
521 // Look through each ccb to replace the obsolete cid with a new one.
522 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
523 if ((p_ccb->con_state == tSDP_STATE::CONN_PEND) &&
524 (p_ccb->connection_id == ccb.connection_id) && (p_ccb->con_flags & SDP_FLAGS_IS_ORIG)) {
525 if (!new_conn) {
526 // Only change state of the first ccb
527 p_ccb->con_state = tSDP_STATE::CONN_SETUP;
528 new_cid = stack::l2cap::get_interface().L2CA_ConnectReqWithSecurity(
529 BT_PSM_SDP, p_ccb->device_address, BTM_SEC_NONE);
530 new_conn = true;
531 }
532 // Check if L2CAP started the connection process
533 if (new_cid != 0) {
534 // update alls cid to the new one for future reference
535 p_ccb->connection_id = new_cid;
536 } else {
537 sdpu_callback(*p_ccb, tSDP_STATUS::SDP_CONN_FAILED);
538 sdpu_release_ccb(*p_ccb);
539 }
540 }
541 }
542 return new_conn && new_cid != 0;
543 }
544
545 /*******************************************************************************
546 *
547 * Function sdpu_clear_pend_ccb
548 *
549 * Description This function releases if any sdp ccb pending for connection
550 *
551 * uint16_t : Remote CID
552 *
553 * Returns returns none.
554 *
555 ******************************************************************************/
sdpu_clear_pend_ccb(const tCONN_CB & ccb)556 void sdpu_clear_pend_ccb(const tCONN_CB& ccb) {
557 uint16_t xx;
558 tCONN_CB* p_ccb{};
559
560 // Look through each connection control block for active sdp on given remote
561 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
562 if ((p_ccb->con_state == tSDP_STATE::CONN_PEND) &&
563 (p_ccb->connection_id == ccb.connection_id) && (p_ccb->con_flags & SDP_FLAGS_IS_ORIG)) {
564 sdpu_callback(*p_ccb, tSDP_STATUS::SDP_CONN_FAILED);
565 sdpu_release_ccb(*p_ccb);
566 }
567 }
568 return;
569 }
570
571 /*******************************************************************************
572 *
573 * Function sdpu_build_attrib_seq
574 *
575 * Description This function builds an attribute sequence from the list of
576 * passed attributes. It is also passed the address of the
577 * output buffer.
578 *
579 * Returns Pointer to next byte in the output buffer.
580 *
581 ******************************************************************************/
sdpu_build_attrib_seq(uint8_t * p_out,uint16_t * p_attr,uint16_t num_attrs)582 uint8_t* sdpu_build_attrib_seq(uint8_t* p_out, uint16_t* p_attr, uint16_t num_attrs) {
583 uint16_t xx;
584
585 /* First thing is the data element header. See if the length fits 1 byte */
586 /* If no attributes, assume a 4-byte wildcard */
587 if (!p_attr) {
588 xx = 5;
589 } else {
590 xx = num_attrs * 3;
591 }
592
593 if (xx > 255) {
594 UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_WORD);
595 UINT16_TO_BE_STREAM(p_out, xx);
596 } else {
597 UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
598 UINT8_TO_BE_STREAM(p_out, xx);
599 }
600
601 /* If there are no attributes specified, assume caller wants wildcard */
602 if (!p_attr) {
603 UINT8_TO_BE_STREAM(p_out, (UINT_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
604 UINT16_TO_BE_STREAM(p_out, 0);
605 UINT16_TO_BE_STREAM(p_out, 0xFFFF);
606 } else {
607 /* Loop through and put in all the attributes(s) */
608 for (xx = 0; xx < num_attrs; xx++, p_attr++) {
609 UINT8_TO_BE_STREAM(p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
610 UINT16_TO_BE_STREAM(p_out, *p_attr);
611 }
612 }
613
614 return p_out;
615 }
616
617 /*******************************************************************************
618 *
619 * Function sdpu_build_attrib_entry
620 *
621 * Description This function builds an attribute entry from the passed
622 * attribute record. It is also passed the address of the
623 * output buffer.
624 *
625 * Returns Pointer to next byte in the output buffer.
626 *
627 ******************************************************************************/
sdpu_build_attrib_entry(uint8_t * p_out,const tSDP_ATTRIBUTE * p_attr)628 uint8_t* sdpu_build_attrib_entry(uint8_t* p_out, const tSDP_ATTRIBUTE* p_attr) {
629 /* First, store the attribute ID. Goes as a UINT */
630 UINT8_TO_BE_STREAM(p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
631 UINT16_TO_BE_STREAM(p_out, p_attr->id);
632
633 /* the attribute is in the db record.
634 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
635 switch (p_attr->type) {
636 case TEXT_STR_DESC_TYPE: /* 4 */
637 case DATA_ELE_SEQ_DESC_TYPE: /* 6 */
638 case DATA_ELE_ALT_DESC_TYPE: /* 7 */
639 case URL_DESC_TYPE: /* 8 */
640 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
641 if (p_attr->len > 0xFFFF) {
642 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_LONG);
643 UINT32_TO_BE_STREAM(p_out, p_attr->len);
644 } else
645 #endif /* 0xFFFF - 0xFF */
646 #if (SDP_MAX_ATTR_LEN > 0xFF)
647 if (p_attr->len > 0xFF) {
648 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_WORD);
649 UINT16_TO_BE_STREAM(p_out, p_attr->len);
650 } else
651 #endif /* 0xFF and less*/
652 {
653 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
654 UINT8_TO_BE_STREAM(p_out, p_attr->len);
655 }
656
657 if (p_attr->value_ptr != NULL) {
658 ARRAY_TO_BE_STREAM(p_out, p_attr->value_ptr, (int)p_attr->len);
659 }
660
661 return p_out;
662 }
663
664 /* Now, store the attribute value */
665 switch (p_attr->len) {
666 case 1:
667 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_ONE_BYTE);
668 break;
669 case 2:
670 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_TWO_BYTES);
671 break;
672 case 4:
673 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_FOUR_BYTES);
674 break;
675 case 8:
676 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_EIGHT_BYTES);
677 break;
678 case 16:
679 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_SIXTEEN_BYTES);
680 break;
681 default:
682 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
683 UINT8_TO_BE_STREAM(p_out, p_attr->len);
684 break;
685 }
686
687 if (p_attr->value_ptr != NULL) {
688 ARRAY_TO_BE_STREAM(p_out, p_attr->value_ptr, (int)p_attr->len);
689 }
690
691 return p_out;
692 }
693
694 /*******************************************************************************
695 *
696 * Function sdpu_build_n_send_error
697 *
698 * Description This function builds and sends an error packet.
699 *
700 * Returns void
701 *
702 ******************************************************************************/
sdpu_build_n_send_error(tCONN_CB * p_ccb,uint16_t trans_num,tSDP_STATUS error_code,char * p_error_text)703 void sdpu_build_n_send_error(tCONN_CB* p_ccb, uint16_t trans_num, tSDP_STATUS error_code,
704 char* p_error_text) {
705 uint8_t *p_rsp, *p_rsp_start, *p_rsp_param_len;
706 uint16_t rsp_param_len;
707 BT_HDR* p_buf = reinterpret_cast<BT_HDR*>(osi_malloc(SDP_DATA_BUF_SIZE));
708
709 log::warn("SDP - sdpu_build_n_send_error code: 0x{:x} CID: 0x{:x}", error_code,
710 p_ccb->connection_id);
711
712 /* Send the packet to L2CAP */
713 p_buf->offset = L2CAP_MIN_OFFSET;
714 p_rsp = p_rsp_start = reinterpret_cast<uint8_t*>(p_buf + 1) + L2CAP_MIN_OFFSET;
715
716 UINT8_TO_BE_STREAM(p_rsp, SDP_PDU_ERROR_RESPONSE);
717 UINT16_TO_BE_STREAM(p_rsp, trans_num);
718
719 /* Skip the parameter length, we need to add it at the end */
720 p_rsp_param_len = p_rsp;
721 p_rsp += 2;
722
723 const uint16_t response = static_cast<uint16_t>(error_code);
724 UINT16_TO_BE_STREAM(p_rsp, response);
725
726 /* Unplugfest example traces do not have any error text */
727 if (p_error_text) {
728 ARRAY_TO_BE_STREAM(p_rsp, p_error_text, (int)strlen(p_error_text));
729 }
730
731 /* Go back and put the parameter length into the buffer */
732 rsp_param_len = p_rsp - p_rsp_param_len - 2;
733 UINT16_TO_BE_STREAM(p_rsp_param_len, rsp_param_len);
734
735 /* Set the length of the SDP data in the buffer */
736 p_buf->len = p_rsp - p_rsp_start;
737
738 /* Send the buffer through L2CAP */
739 if (stack::l2cap::get_interface().L2CA_DataWrite(p_ccb->connection_id, p_buf) !=
740 tL2CAP_DW_RESULT::SUCCESS) {
741 log::warn("Unable to write L2CAP data cid:{}", p_ccb->connection_id);
742 }
743 }
744
745 /*******************************************************************************
746 *
747 * Function sdpu_extract_uid_seq
748 *
749 * Description This function extracts a UUID sequence from the passed input
750 * buffer, and puts it into the passed output list.
751 *
752 * Returns Pointer to next byte in the input buffer after the sequence.
753 *
754 ******************************************************************************/
sdpu_extract_uid_seq(uint8_t * p,uint16_t param_len,tSDP_UUID_SEQ * p_seq)755 uint8_t* sdpu_extract_uid_seq(uint8_t* p, uint16_t param_len, tSDP_UUID_SEQ* p_seq) {
756 uint8_t* p_seq_end;
757 uint8_t descr, type, size;
758 uint32_t seq_len, uuid_len;
759
760 /* Assume none found */
761 p_seq->num_uids = 0;
762
763 /* A UID sequence is composed of a bunch of UIDs. */
764 if (sizeof(descr) > param_len) {
765 return NULL;
766 }
767 param_len -= sizeof(descr);
768
769 BE_STREAM_TO_UINT8(descr, p);
770 type = descr >> 3;
771 size = descr & 7;
772
773 if (type != DATA_ELE_SEQ_DESC_TYPE) {
774 return NULL;
775 }
776
777 switch (size) {
778 case SIZE_TWO_BYTES:
779 seq_len = 2;
780 break;
781 case SIZE_FOUR_BYTES:
782 seq_len = 4;
783 break;
784 case SIZE_SIXTEEN_BYTES:
785 seq_len = 16;
786 break;
787 case SIZE_IN_NEXT_BYTE:
788 if (sizeof(uint8_t) > param_len) {
789 return NULL;
790 }
791 param_len -= sizeof(uint8_t);
792 BE_STREAM_TO_UINT8(seq_len, p);
793 break;
794 case SIZE_IN_NEXT_WORD:
795 if (sizeof(uint16_t) > param_len) {
796 return NULL;
797 }
798 param_len -= sizeof(uint16_t);
799 BE_STREAM_TO_UINT16(seq_len, p);
800 break;
801 case SIZE_IN_NEXT_LONG:
802 if (sizeof(uint32_t) > param_len) {
803 return NULL;
804 }
805 param_len -= sizeof(uint32_t);
806 BE_STREAM_TO_UINT32(seq_len, p);
807 break;
808 default:
809 return NULL;
810 }
811
812 if (seq_len > param_len) {
813 return NULL;
814 }
815
816 p_seq_end = p + seq_len;
817
818 /* Loop through, extracting the UIDs */
819 for (; p < p_seq_end;) {
820 BE_STREAM_TO_UINT8(descr, p);
821 type = descr >> 3;
822 size = descr & 7;
823
824 if (type != UUID_DESC_TYPE) {
825 return NULL;
826 }
827
828 switch (size) {
829 case SIZE_TWO_BYTES:
830 uuid_len = 2;
831 break;
832 case SIZE_FOUR_BYTES:
833 uuid_len = 4;
834 break;
835 case SIZE_SIXTEEN_BYTES:
836 uuid_len = 16;
837 break;
838 case SIZE_IN_NEXT_BYTE:
839 if (p + sizeof(uint8_t) > p_seq_end) {
840 return NULL;
841 }
842 BE_STREAM_TO_UINT8(uuid_len, p);
843 break;
844 case SIZE_IN_NEXT_WORD:
845 if (p + sizeof(uint16_t) > p_seq_end) {
846 return NULL;
847 }
848 BE_STREAM_TO_UINT16(uuid_len, p);
849 break;
850 case SIZE_IN_NEXT_LONG:
851 if (p + sizeof(uint32_t) > p_seq_end) {
852 return NULL;
853 }
854 BE_STREAM_TO_UINT32(uuid_len, p);
855 break;
856 default:
857 return NULL;
858 }
859
860 /* If UUID length is valid, copy it across */
861 if (((uuid_len == 2) || (uuid_len == 4) || (uuid_len == 16)) && (p + uuid_len <= p_seq_end)) {
862 p_seq->uuid_entry[p_seq->num_uids].len = (uint16_t)uuid_len;
863 BE_STREAM_TO_ARRAY(p, p_seq->uuid_entry[p_seq->num_uids].value, (int)uuid_len);
864 p_seq->num_uids++;
865 } else {
866 return NULL;
867 }
868
869 /* We can only do so many */
870 if (p_seq->num_uids >= MAX_UUIDS_PER_SEQ) {
871 return NULL;
872 }
873 }
874
875 if (p != p_seq_end) {
876 return NULL;
877 }
878
879 return p;
880 }
881
882 /*******************************************************************************
883 *
884 * Function sdpu_extract_attr_seq
885 *
886 * Description This function extracts an attribute sequence from the passed
887 * input buffer, and puts it into the passed output list.
888 *
889 * Returns Pointer to next byte in the input buffer after the sequence.
890 *
891 ******************************************************************************/
sdpu_extract_attr_seq(uint8_t * p,uint16_t param_len,tSDP_ATTR_SEQ * p_seq)892 uint8_t* sdpu_extract_attr_seq(uint8_t* p, uint16_t param_len, tSDP_ATTR_SEQ* p_seq) {
893 uint8_t* p_end_list;
894 uint8_t descr, type, size;
895 uint32_t list_len, attr_len;
896
897 /* Assume none found */
898 p_seq->num_attr = 0;
899
900 /* Get attribute sequence info */
901 if (param_len < sizeof(descr)) {
902 return NULL;
903 }
904 param_len -= sizeof(descr);
905 BE_STREAM_TO_UINT8(descr, p);
906 type = descr >> 3;
907 size = descr & 7;
908
909 if (type != DATA_ELE_SEQ_DESC_TYPE) {
910 return NULL;
911 }
912
913 switch (size) {
914 case SIZE_IN_NEXT_BYTE:
915 if (param_len < sizeof(uint8_t)) {
916 return NULL;
917 }
918 param_len -= sizeof(uint8_t);
919 BE_STREAM_TO_UINT8(list_len, p);
920 break;
921
922 case SIZE_IN_NEXT_WORD:
923 if (param_len < sizeof(uint16_t)) {
924 return NULL;
925 }
926 param_len -= sizeof(uint16_t);
927 BE_STREAM_TO_UINT16(list_len, p);
928 break;
929
930 case SIZE_IN_NEXT_LONG:
931 if (param_len < sizeof(uint32_t)) {
932 return NULL;
933 }
934 param_len -= sizeof(uint32_t);
935 BE_STREAM_TO_UINT32(list_len, p);
936 break;
937
938 default:
939 return NULL;
940 }
941
942 if (list_len > param_len) {
943 return NULL;
944 }
945
946 p_end_list = p + list_len;
947
948 /* Loop through, extracting the attribute IDs */
949 for (; p < p_end_list;) {
950 BE_STREAM_TO_UINT8(descr, p);
951 type = descr >> 3;
952 size = descr & 7;
953
954 if (type != UINT_DESC_TYPE) {
955 return NULL;
956 }
957
958 switch (size) {
959 case SIZE_TWO_BYTES:
960 attr_len = 2;
961 break;
962 case SIZE_FOUR_BYTES:
963 attr_len = 4;
964 break;
965 case SIZE_IN_NEXT_BYTE:
966 if (p + sizeof(uint8_t) > p_end_list) {
967 return NULL;
968 }
969 BE_STREAM_TO_UINT8(attr_len, p);
970 break;
971 case SIZE_IN_NEXT_WORD:
972 if (p + sizeof(uint16_t) > p_end_list) {
973 return NULL;
974 }
975 BE_STREAM_TO_UINT16(attr_len, p);
976 break;
977 case SIZE_IN_NEXT_LONG:
978 if (p + sizeof(uint32_t) > p_end_list) {
979 return NULL;
980 }
981 BE_STREAM_TO_UINT32(attr_len, p);
982 break;
983 default:
984 return NULL;
985 break;
986 }
987
988 /* Attribute length must be 2-bytes or 4-bytes for a paired entry. */
989 if (p + attr_len > p_end_list) {
990 return NULL;
991 }
992 if (attr_len == 2) {
993 BE_STREAM_TO_UINT16(p_seq->attr_entry[p_seq->num_attr].start, p);
994 p_seq->attr_entry[p_seq->num_attr].end = p_seq->attr_entry[p_seq->num_attr].start;
995 } else if (attr_len == 4) {
996 BE_STREAM_TO_UINT16(p_seq->attr_entry[p_seq->num_attr].start, p);
997 BE_STREAM_TO_UINT16(p_seq->attr_entry[p_seq->num_attr].end, p);
998 } else {
999 return NULL;
1000 }
1001
1002 /* We can only do so many */
1003 if (++p_seq->num_attr >= MAX_ATTR_PER_SEQ) {
1004 return NULL;
1005 }
1006 }
1007
1008 return p;
1009 }
1010
1011 /*******************************************************************************
1012 *
1013 * Function sdpu_get_len_from_type
1014 *
1015 * Description This function gets the data length given the element
1016 * header.
1017 *
1018 * @param p Start of the SDP attribute bytestream
1019 * p_end End of the SDP attribute bytestream
1020 * type Attribute element header
1021 * p_len Data size indicated by element header
1022 *
1023 * @return pointer to the start of the data or nullptr on failure
1024 *
1025 ******************************************************************************/
sdpu_get_len_from_type(uint8_t * p,uint8_t * p_end,uint8_t type,uint32_t * p_len)1026 uint8_t* sdpu_get_len_from_type(uint8_t* p, uint8_t* p_end, uint8_t type, uint32_t* p_len) {
1027 uint8_t u8;
1028 uint16_t u16;
1029 uint32_t u32;
1030
1031 switch (type & 7) {
1032 case SIZE_ONE_BYTE:
1033 if (com::android::bluetooth::flags::stack_sdp_detect_nil_property_type()) {
1034 // Return NIL type if appropriate
1035 *p_len = (type == 0) ? 0 : sizeof(uint8_t);
1036 } else {
1037 *p_len = 1;
1038 }
1039 break;
1040 case SIZE_TWO_BYTES:
1041 *p_len = 2;
1042 break;
1043 case SIZE_FOUR_BYTES:
1044 *p_len = 4;
1045 break;
1046 case SIZE_EIGHT_BYTES:
1047 *p_len = 8;
1048 break;
1049 case SIZE_SIXTEEN_BYTES:
1050 *p_len = 16;
1051 break;
1052 case SIZE_IN_NEXT_BYTE:
1053 if (p + 1 > p_end) {
1054 *p_len = 0;
1055 return NULL;
1056 }
1057 BE_STREAM_TO_UINT8(u8, p);
1058 *p_len = u8;
1059 break;
1060 case SIZE_IN_NEXT_WORD:
1061 if (p + 2 > p_end) {
1062 *p_len = 0;
1063 return NULL;
1064 }
1065 BE_STREAM_TO_UINT16(u16, p);
1066 *p_len = u16;
1067 break;
1068 case SIZE_IN_NEXT_LONG:
1069 if (p + 4 > p_end) {
1070 *p_len = 0;
1071 return NULL;
1072 }
1073 BE_STREAM_TO_UINT32(u32, p);
1074 *p_len = (uint16_t)u32;
1075 break;
1076 }
1077
1078 return p;
1079 }
1080
1081 /*******************************************************************************
1082 *
1083 * Function sdpu_is_base_uuid
1084 *
1085 * Description This function checks a 128-bit UUID with the base to see if
1086 * it matches. Only the last 12 bytes are compared.
1087 *
1088 * Returns true if matched, else false
1089 *
1090 ******************************************************************************/
sdpu_is_base_uuid(uint8_t * p_uuid)1091 bool sdpu_is_base_uuid(uint8_t* p_uuid) {
1092 uint16_t xx;
1093
1094 for (xx = 4; xx < Uuid::kNumBytes128; xx++) {
1095 if (p_uuid[xx] != sdp_base_uuid[xx]) {
1096 return false;
1097 }
1098 }
1099
1100 /* If here, matched */
1101 return true;
1102 }
1103
1104 /*******************************************************************************
1105 *
1106 * Function sdpu_compare_uuid_arrays
1107 *
1108 * Description This function compares 2 BE UUIDs. If needed, they are
1109 * expanded to 128-bit UUIDs, then compared.
1110 *
1111 * NOTE it is assumed that the arrays are in Big Endian format
1112 *
1113 * Returns true if matched, else false
1114 *
1115 ******************************************************************************/
sdpu_compare_uuid_arrays(const uint8_t * p_uuid1,uint32_t len1,const uint8_t * p_uuid2,uint16_t len2)1116 bool sdpu_compare_uuid_arrays(const uint8_t* p_uuid1, uint32_t len1, const uint8_t* p_uuid2,
1117 uint16_t len2) {
1118 uint8_t nu1[Uuid::kNumBytes128];
1119 uint8_t nu2[Uuid::kNumBytes128];
1120
1121 if (((len1 != 2) && (len1 != 4) && (len1 != 16)) ||
1122 ((len2 != 2) && (len2 != 4) && (len2 != 16))) {
1123 log::error("invalid length");
1124 return false;
1125 }
1126
1127 /* If lengths match, do a straight compare */
1128 if (len1 == len2) {
1129 if (len1 == 2) {
1130 return (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]);
1131 }
1132 if (len1 == 4) {
1133 return (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]) &&
1134 (p_uuid1[2] == p_uuid2[2]) && (p_uuid1[3] == p_uuid2[3]);
1135 } else {
1136 return memcmp(p_uuid1, p_uuid2, static_cast<size_t>(len1)) == 0;
1137 }
1138 } else if (len1 > len2) {
1139 /* If the len1 was 4-byte, (so len2 is 2-byte), compare on the fly */
1140 if (len1 == 4) {
1141 return (p_uuid1[0] == 0) && (p_uuid1[1] == 0) && (p_uuid1[2] == p_uuid2[0]) &&
1142 (p_uuid1[3] == p_uuid2[1]);
1143 } else {
1144 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
1145 memcpy(nu1, p_uuid1, Uuid::kNumBytes128);
1146 memcpy(nu2, sdp_base_uuid, Uuid::kNumBytes128);
1147
1148 if (len2 == 4) {
1149 memcpy(nu2, p_uuid2, len2);
1150 } else if (len2 == 2) {
1151 memcpy(nu2 + 2, p_uuid2, len2);
1152 }
1153
1154 return memcmp(nu1, nu2, Uuid::kNumBytes128) == 0;
1155 }
1156 } else {
1157 /* len2 is greater than len1 */
1158 /* If the len2 was 4-byte, (so len1 is 2-byte), compare on the fly */
1159 if (len2 == 4) {
1160 return (p_uuid2[0] == 0) && (p_uuid2[1] == 0) && (p_uuid2[2] == p_uuid1[0]) &&
1161 (p_uuid2[3] == p_uuid1[1]);
1162 } else {
1163 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
1164 memcpy(nu2, p_uuid2, Uuid::kNumBytes128);
1165 memcpy(nu1, sdp_base_uuid, Uuid::kNumBytes128);
1166
1167 if (len1 == 4) {
1168 memcpy(nu1, p_uuid1, static_cast<size_t>(len1));
1169 } else if (len1 == 2) {
1170 memcpy(nu1 + 2, p_uuid1, static_cast<size_t>(len1));
1171 }
1172
1173 return memcmp(nu1, nu2, Uuid::kNumBytes128) == 0;
1174 }
1175 }
1176 }
1177
1178 /*******************************************************************************
1179 *
1180 * Function sdpu_compare_uuid_with_attr
1181 *
1182 * Description This function compares a BT UUID structure with the UUID in
1183 * an SDP attribute record. If needed, they are expanded to
1184 * 128-bit UUIDs, then compared.
1185 *
1186 * NOTE - it is assumed that BT UUID structures are compressed to the
1187 * smallest possible UUIDs (by removing the base SDP UUID).
1188 * - it is also assumed that the discovery atribute is compressed
1189 * to the smallest possible
1190 *
1191 * Returns true if matched, else false
1192 *
1193 ******************************************************************************/
sdpu_compare_uuid_with_attr(const Uuid & uuid,tSDP_DISC_ATTR * p_attr)1194 bool sdpu_compare_uuid_with_attr(const Uuid& uuid, tSDP_DISC_ATTR* p_attr) {
1195 int len = uuid.GetShortestRepresentationSize();
1196 if (len == 2) {
1197 if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == Uuid::kNumBytes16) {
1198 return uuid.As16Bit() == p_attr->attr_value.v.u16;
1199 } else {
1200 log::error("invalid length for 16bit discovery attribute len:{}", len);
1201 return false;
1202 }
1203 }
1204 if (len == 4) {
1205 if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == Uuid::kNumBytes32) {
1206 return uuid.As32Bit() == p_attr->attr_value.v.u32;
1207 } else {
1208 log::error("invalid length for 32bit discovery attribute len:{}", len);
1209 return false;
1210 }
1211 }
1212
1213 if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) != Uuid::kNumBytes128) {
1214 log::error("invalid length for 128bit discovery attribute len:{}", len);
1215 return false;
1216 }
1217
1218 if (memcmp(uuid.To128BitBE().data(), static_cast<void*>(p_attr->attr_value.v.array),
1219 Uuid::kNumBytes128) == 0) {
1220 return true;
1221 }
1222
1223 return false;
1224 }
1225
1226 /*******************************************************************************
1227 *
1228 * Function sdpu_sort_attr_list
1229 *
1230 * Description sorts a list of attributes in numeric order from lowest to
1231 * highest to conform to SDP specification
1232 *
1233 * Returns void
1234 *
1235 ******************************************************************************/
sdpu_sort_attr_list(uint16_t num_attr,tSDP_DISCOVERY_DB * p_db)1236 void sdpu_sort_attr_list(uint16_t num_attr, tSDP_DISCOVERY_DB* p_db) {
1237 uint16_t i;
1238 uint16_t x;
1239
1240 /* Done if no attributes to sort */
1241 if (num_attr <= 1) {
1242 return;
1243 } else if (num_attr > SDP_MAX_ATTR_FILTERS) {
1244 num_attr = SDP_MAX_ATTR_FILTERS;
1245 }
1246
1247 num_attr--; /* for the for-loop */
1248 for (i = 0; i < num_attr;) {
1249 if (p_db->attr_filters[i] > p_db->attr_filters[i + 1]) {
1250 /* swap the attribute IDs and start from the beginning */
1251 x = p_db->attr_filters[i];
1252 p_db->attr_filters[i] = p_db->attr_filters[i + 1];
1253 p_db->attr_filters[i + 1] = x;
1254
1255 i = 0;
1256 } else {
1257 i++;
1258 }
1259 }
1260 }
1261
1262 /*******************************************************************************
1263 *
1264 * Function sdpu_get_list_len
1265 *
1266 * Description gets the total list length in the sdp database for a given
1267 * uid sequence and attr sequence
1268 *
1269 * Returns void
1270 *
1271 ******************************************************************************/
sdpu_get_list_len(tSDP_UUID_SEQ * uid_seq,tSDP_ATTR_SEQ * attr_seq)1272 uint16_t sdpu_get_list_len(tSDP_UUID_SEQ* uid_seq, tSDP_ATTR_SEQ* attr_seq) {
1273 const tSDP_RECORD* p_rec;
1274 uint16_t len = 0;
1275 uint16_t len1;
1276
1277 for (p_rec = sdp_db_service_search(NULL, uid_seq); p_rec;
1278 p_rec = sdp_db_service_search(p_rec, uid_seq)) {
1279 len += 3;
1280
1281 len1 = sdpu_get_attrib_seq_len(p_rec, attr_seq);
1282
1283 if (len1 != 0) {
1284 len += len1;
1285 } else {
1286 len -= 3;
1287 }
1288 }
1289 return len;
1290 }
1291
1292 /*******************************************************************************
1293 *
1294 * Function sdpu_get_attrib_seq_len
1295 *
1296 * Description gets the length of the specific attributes in a given
1297 * sdp record
1298 *
1299 * Returns void
1300 *
1301 ******************************************************************************/
sdpu_get_attrib_seq_len(const tSDP_RECORD * p_rec,const tSDP_ATTR_SEQ * attr_seq)1302 uint16_t sdpu_get_attrib_seq_len(const tSDP_RECORD* p_rec, const tSDP_ATTR_SEQ* attr_seq) {
1303 const tSDP_ATTRIBUTE* p_attr;
1304 uint16_t len1 = 0;
1305 uint16_t xx;
1306 bool is_range = false;
1307 uint16_t start_id = 0, end_id = 0;
1308
1309 for (xx = 0; xx < attr_seq->num_attr; xx++) {
1310 if (!is_range) {
1311 start_id = attr_seq->attr_entry[xx].start;
1312 end_id = attr_seq->attr_entry[xx].end;
1313 }
1314 p_attr = sdp_db_find_attr_in_rec(p_rec, start_id, end_id);
1315 if (p_attr) {
1316 len1 += sdpu_get_attrib_entry_len(p_attr);
1317
1318 /* If doing a range, stick with this one till no more attributes found */
1319 if (start_id != end_id) {
1320 /* Update for next time through */
1321 start_id = p_attr->id + 1;
1322 xx--;
1323 is_range = true;
1324 } else {
1325 is_range = false;
1326 }
1327 } else {
1328 is_range = false;
1329 }
1330 }
1331 return len1;
1332 }
1333
1334 /*******************************************************************************
1335 *
1336 * Function sdpu_get_attrib_entry_len
1337 *
1338 * Description gets the length of a specific attribute
1339 *
1340 * Returns void
1341 *
1342 ******************************************************************************/
sdpu_get_attrib_entry_len(const tSDP_ATTRIBUTE * p_attr)1343 uint16_t sdpu_get_attrib_entry_len(const tSDP_ATTRIBUTE* p_attr) {
1344 uint16_t len = 3;
1345
1346 /* the attribute is in the db record.
1347 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
1348 switch (p_attr->type) {
1349 case TEXT_STR_DESC_TYPE: /* 4 */
1350 case DATA_ELE_SEQ_DESC_TYPE: /* 6 */
1351 case DATA_ELE_ALT_DESC_TYPE: /* 7 */
1352 case URL_DESC_TYPE: /* 8 */
1353 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
1354 if (p_attr->len > 0xFFFF) {
1355 len += 5;
1356 } else
1357 #endif /* 0xFFFF - 0xFF */
1358 #if (SDP_MAX_ATTR_LEN > 0xFF)
1359 if (p_attr->len > 0xFF) {
1360 len += 3;
1361 } else
1362 #endif /* 0xFF and less*/
1363 {
1364 len += 2;
1365 }
1366 len += p_attr->len;
1367 return len;
1368 }
1369
1370 /* Now, the attribute value */
1371 switch (p_attr->len) {
1372 case 1:
1373 case 2:
1374 case 4:
1375 case 8:
1376 case 16:
1377 len += 1;
1378 break;
1379 default:
1380 len += 2;
1381 break;
1382 }
1383
1384 len += p_attr->len;
1385 return len;
1386 }
1387
1388 /*******************************************************************************
1389 *
1390 * Function sdpu_build_partial_attrib_entry
1391 *
1392 * Description This function fills a buffer with partial attribute. It is
1393 * assumed that the maximum size of any attribute is 256 bytes.
1394 *
1395 * p_out: output buffer
1396 * p_attr: attribute to be copied partially into p_out
1397 * rem_len: num bytes to copy into p_out
1398 * offset: current start offset within the attr that needs to
1399 * be copied
1400 *
1401 * Returns Pointer to next byte in the output buffer.
1402 * offset is also updated
1403 *
1404 ******************************************************************************/
sdpu_build_partial_attrib_entry(uint8_t * p_out,const tSDP_ATTRIBUTE * p_attr,uint16_t len,uint16_t * offset)1405 uint8_t* sdpu_build_partial_attrib_entry(uint8_t* p_out, const tSDP_ATTRIBUTE* p_attr, uint16_t len,
1406 uint16_t* offset) {
1407 uint8_t* p_attr_buff = reinterpret_cast<uint8_t*>(osi_malloc(sizeof(uint8_t) * SDP_MAX_ATTR_LEN));
1408 sdpu_build_attrib_entry(p_attr_buff, p_attr);
1409
1410 uint16_t attr_len = sdpu_get_attrib_entry_len(p_attr);
1411
1412 if (len > SDP_MAX_ATTR_LEN) {
1413 log::error("len {} exceeds SDP_MAX_ATTR_LEN", len);
1414 len = SDP_MAX_ATTR_LEN;
1415 }
1416
1417 size_t len_to_copy = ((attr_len - *offset) < len) ? (attr_len - *offset) : len;
1418 memcpy(p_out, &p_attr_buff[*offset], len_to_copy);
1419
1420 p_out = &p_out[len_to_copy];
1421 *offset += len_to_copy;
1422
1423 osi_free(p_attr_buff);
1424 return p_out;
1425 }
1426 /*******************************************************************************
1427 *
1428 * Function sdpu_is_avrcp_profile_description_list
1429 *
1430 * Description This function is to check if attirbute contain AVRCP profile
1431 * description list
1432 *
1433 * p_attr: attibute to be check
1434 *
1435 * Returns AVRCP profile version if matched, else 0
1436 *
1437 ******************************************************************************/
sdpu_is_avrcp_profile_description_list(const tSDP_ATTRIBUTE * p_attr)1438 uint16_t sdpu_is_avrcp_profile_description_list(const tSDP_ATTRIBUTE* p_attr) {
1439 if (p_attr->id != ATTR_ID_BT_PROFILE_DESC_LIST || p_attr->len != 8) {
1440 return 0;
1441 }
1442
1443 uint8_t* p_uuid = p_attr->value_ptr + 3;
1444 // Check if AVRCP profile UUID
1445 if (p_uuid[0] != 0x11 || p_uuid[1] != 0xe) {
1446 return 0;
1447 }
1448 uint8_t p_version = *(p_uuid + 4);
1449 switch (p_version) {
1450 case 0x0:
1451 return AVRC_REV_1_0;
1452 case 0x3:
1453 return AVRC_REV_1_3;
1454 case 0x4:
1455 return AVRC_REV_1_4;
1456 case 0x5:
1457 return AVRC_REV_1_5;
1458 case 0x6:
1459 return AVRC_REV_1_6;
1460 default:
1461 return 0;
1462 }
1463 }
1464 /*******************************************************************************
1465 *
1466 * Function sdpu_is_service_id_avrc_target
1467 *
1468 * Description This function is to check if attirbute is A/V Remote Control
1469 * Target
1470 *
1471 * p_attr: attribute to be checked
1472 *
1473 * Returns true if service id of attirbute is A/V Remote Control
1474 * Target, else false
1475 *
1476 ******************************************************************************/
sdpu_is_service_id_avrc_target(const tSDP_ATTRIBUTE * p_attr)1477 bool sdpu_is_service_id_avrc_target(const tSDP_ATTRIBUTE* p_attr) {
1478 if (p_attr->id != ATTR_ID_SERVICE_CLASS_ID_LIST || p_attr->len != 3) {
1479 return false;
1480 }
1481
1482 uint8_t* p_uuid = p_attr->value_ptr + 1;
1483 // check UUID of A/V Remote Control Target
1484 if (p_uuid[0] != 0x11 || p_uuid[1] != 0xc) {
1485 return false;
1486 }
1487
1488 return true;
1489 }
1490 /*******************************************************************************
1491 *
1492 * Function spdu_is_avrcp_version_valid
1493 *
1494 * Description Check avrcp version is valid
1495 *
1496 * version: the avrcp version to check
1497 *
1498 * Returns true if avrcp version is valid, else false
1499 *
1500 ******************************************************************************/
spdu_is_avrcp_version_valid(const uint16_t version)1501 bool spdu_is_avrcp_version_valid(const uint16_t version) {
1502 return version == AVRC_REV_1_0 || version == AVRC_REV_1_3 || version == AVRC_REV_1_4 ||
1503 version == AVRC_REV_1_5 || version == AVRC_REV_1_6;
1504 }
1505 /*******************************************************************************
1506 *
1507 * Function sdpu_set_avrc_target_version
1508 *
1509 * Description This function is to set AVRCP version of A/V Remote Control
1510 * Target according to IOP table and cached Bluetooth config
1511 *
1512 * p_attr: attribute to be modified
1513 * bdaddr: for searching IOP table and BT config
1514 *
1515 * Returns void
1516 *
1517 ******************************************************************************/
sdpu_set_avrc_target_version(const tSDP_ATTRIBUTE * p_attr,const RawAddress * bdaddr)1518 void sdpu_set_avrc_target_version(const tSDP_ATTRIBUTE* p_attr, const RawAddress* bdaddr) {
1519 // Check attribute is AVRCP profile description list and get AVRC Target
1520 // version
1521 uint16_t avrcp_version = sdpu_is_avrcp_profile_description_list(p_attr);
1522 log::info("SDP AVRCP DB Version {:x}", avrcp_version);
1523 if (avrcp_version == 0) {
1524 log::info("Not AVRCP version attribute or version not valid for device {}", *bdaddr);
1525 return;
1526 }
1527
1528 uint16_t dut_avrcp_version =
1529 GetInterfaceToProfiles()->profileSpecific_HACK->AVRC_GetProfileVersion();
1530
1531 log::info("Current DUT AVRCP Version {:x}", dut_avrcp_version);
1532 // Some remote devices will have interoperation issue when receive higher
1533 // AVRCP version. If those devices are in IOP database and our version higher
1534 // than device, we reply a lower version to them.
1535 uint16_t iop_version = 0;
1536 if (dut_avrcp_version > AVRC_REV_1_4 && interop_match_addr(INTEROP_AVRCP_1_4_ONLY, bdaddr)) {
1537 iop_version = AVRC_REV_1_4;
1538 } else if (dut_avrcp_version > AVRC_REV_1_3 &&
1539 interop_match_addr(INTEROP_AVRCP_1_3_ONLY, bdaddr)) {
1540 iop_version = AVRC_REV_1_3;
1541 }
1542
1543 if (iop_version != 0) {
1544 log::info(
1545 "device={} is in IOP database. Reply AVRC Target version {:x} instead "
1546 "of {:x}.",
1547 *bdaddr, iop_version, avrcp_version);
1548 uint8_t* p_version = p_attr->value_ptr + 6;
1549 UINT16_TO_BE_FIELD(p_version, iop_version);
1550 return;
1551 }
1552
1553 // Dynamic AVRCP version. If our version high than remote device's version,
1554 // reply version same as its. Otherwise, reply default version.
1555 if (!osi_property_get_bool(AVRC_DYNAMIC_AVRCP_ENABLE_PROPERTY, true)) {
1556 log::info("Dynamic AVRCP version feature is not enabled, skipping this method");
1557 return;
1558 }
1559
1560 // Read the remote device's AVRC Controller version from local storage
1561 uint16_t cached_version = 0;
1562 size_t version_value_size =
1563 btif_config_get_bin_length(bdaddr->ToString(), BTIF_STORAGE_KEY_AVRCP_CONTROLLER_VERSION);
1564 if (version_value_size != sizeof(cached_version)) {
1565 log::error("cached value len wrong, bdaddr={}. Len is {} but should be {}.", *bdaddr,
1566 version_value_size, sizeof(cached_version));
1567 return;
1568 }
1569
1570 if (!btif_config_get_bin(bdaddr->ToString(), BTIF_STORAGE_KEY_AVRCP_CONTROLLER_VERSION,
1571 reinterpret_cast<uint8_t*>(&cached_version), &version_value_size)) {
1572 log::info(
1573 "no cached AVRC Controller version for {}. Reply default AVRC Target "
1574 "version {:x}.DUT AVRC Target version {:x}.",
1575 *bdaddr, avrcp_version, dut_avrcp_version);
1576 return;
1577 }
1578
1579 if (!spdu_is_avrcp_version_valid(cached_version)) {
1580 log::error(
1581 "cached AVRC Controller version {:x} of {} is not valid. Reply default "
1582 "AVRC Target version {:x}.",
1583 cached_version, *bdaddr, avrcp_version);
1584 return;
1585 }
1586
1587 uint16_t negotiated_avrcp_version = std::min(dut_avrcp_version, cached_version);
1588 log::info(
1589 "read cached AVRC Controller version {:x} of {}. DUT AVRC Target version "
1590 "{:x}.Negotiated AVRCP version to update peer {:x}.",
1591 cached_version, *bdaddr, dut_avrcp_version, negotiated_avrcp_version);
1592 uint8_t* p_version = p_attr->value_ptr + 6;
1593 UINT16_TO_BE_FIELD(p_version, negotiated_avrcp_version);
1594 }
1595 /*******************************************************************************
1596 *
1597 * Function sdpu_set_avrc_target_features
1598 *
1599 * Description This function is to set AVRCP version of A/V Remote Control
1600 * Target according to IOP table and cached Bluetooth config
1601 *
1602 * p_attr: attribute to be modified
1603 * bdaddr: for searching IOP table and BT config
1604 *
1605 * Returns void
1606 *
1607 ******************************************************************************/
sdpu_set_avrc_target_features(const tSDP_ATTRIBUTE * p_attr,const RawAddress * bdaddr,uint16_t avrcp_version)1608 void sdpu_set_avrc_target_features(const tSDP_ATTRIBUTE* p_attr, const RawAddress* bdaddr,
1609 uint16_t avrcp_version) {
1610 log::info("SDP AVRCP Version {:x}", avrcp_version);
1611
1612 if ((p_attr->id != ATTR_ID_SUPPORTED_FEATURES) || (p_attr->len != 2) ||
1613 (p_attr->value_ptr == nullptr)) {
1614 log::info("Invalid request for AVRC feature ignore");
1615 return;
1616 }
1617
1618 if (avrcp_version == 0) {
1619 log::info("AVRCP version not valid for device {}", *bdaddr);
1620 return;
1621 }
1622
1623 // Dynamic AVRCP version. If our version high than remote device's version,
1624 // reply version same as its. Otherwise, reply default version.
1625 if (!osi_property_get_bool(AVRC_DYNAMIC_AVRCP_ENABLE_PROPERTY, false)) {
1626 log::info("Dynamic AVRCP version feature is not enabled, skipping this method");
1627 return;
1628 }
1629 // Read the remote device's AVRC Controller version from local storage
1630 uint16_t avrcp_peer_features = 0;
1631 size_t version_value_size =
1632 btif_config_get_bin_length(bdaddr->ToString(), BTIF_STORAGE_KEY_AV_REM_CTRL_FEATURES);
1633 if (version_value_size != sizeof(avrcp_peer_features)) {
1634 log::error("cached value len wrong, bdaddr={}. Len is {} but should be {}.", *bdaddr,
1635 version_value_size, sizeof(avrcp_peer_features));
1636 return;
1637 }
1638
1639 if (!btif_config_get_bin(bdaddr->ToString(), BTIF_STORAGE_KEY_AV_REM_CTRL_FEATURES,
1640 reinterpret_cast<uint8_t*>(&avrcp_peer_features), &version_value_size)) {
1641 log::error("Unable to fetch cached AVRC features");
1642 return;
1643 }
1644
1645 bool browsing_supported = ((AVRCP_FEAT_BRW_BIT & avrcp_peer_features) == AVRCP_FEAT_BRW_BIT);
1646 bool coverart_supported = ((AVRCP_FEAT_CA_BIT & avrcp_peer_features) == AVRCP_FEAT_CA_BIT);
1647
1648 log::info(
1649 "SDP AVRCP DB Version 0x{:x}, browse supported {}, cover art supported "
1650 "{}",
1651 avrcp_peer_features, browsing_supported, coverart_supported);
1652 if (avrcp_version < AVRC_REV_1_4 || !browsing_supported) {
1653 log::info("Reset Browsing Feature");
1654 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] &= ~AVRCP_BROWSE_SUPPORT_BITMASK;
1655 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] &= ~AVRCP_MULTI_PLAYER_SUPPORT_BITMASK;
1656 }
1657
1658 if (avrcp_version < AVRC_REV_1_6 || !coverart_supported) {
1659 log::info("Reset CoverArt Feature");
1660 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION - 1] &= ~AVRCP_CA_SUPPORT_BITMASK;
1661 }
1662
1663 if (avrcp_version >= AVRC_REV_1_4 && browsing_supported) {
1664 log::info("Set Browsing Feature");
1665 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] |= AVRCP_BROWSE_SUPPORT_BITMASK;
1666 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] |= AVRCP_MULTI_PLAYER_SUPPORT_BITMASK;
1667 }
1668
1669 if (avrcp_version == AVRC_REV_1_6 && coverart_supported) {
1670 log::info("Set CoverArt Feature");
1671 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION - 1] |= AVRCP_CA_SUPPORT_BITMASK;
1672 }
1673 }
1674
sdp_get_num_records(const tSDP_DISCOVERY_DB & db)1675 size_t sdp_get_num_records(const tSDP_DISCOVERY_DB& db) {
1676 size_t num_sdp_records{0};
1677 const tSDP_DISC_REC* p_rec = db.p_first_rec;
1678 while (p_rec != nullptr) {
1679 num_sdp_records++;
1680 p_rec = p_rec->p_next_rec;
1681 }
1682 return num_sdp_records;
1683 }
1684
sdp_get_num_attributes(const tSDP_DISC_REC & sdp_disc_rec)1685 size_t sdp_get_num_attributes(const tSDP_DISC_REC& sdp_disc_rec) {
1686 size_t num_sdp_attributes{0};
1687 tSDP_DISC_ATTR* p_attr = sdp_disc_rec.p_first_attr;
1688 while (p_attr != nullptr) {
1689 num_sdp_attributes++;
1690 p_attr = p_attr->p_next_attr;
1691 }
1692 return num_sdp_attributes;
1693 }
1694