1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #define LOG_TAG "stack::sdp"
20
21 /******************************************************************************
22 *
23 * This file contains SDP utility functions
24 *
25 ******************************************************************************/
26 #include <bluetooth/log.h>
27 #include <com_android_bluetooth_flags.h>
28
29 #include <array>
30 #include <cstdint>
31 #include <cstring>
32 #include <ostream>
33 #include <type_traits>
34 #include <utility>
35 #include <vector>
36
37 #include "btif/include/btif_config.h"
38 #include "btif/include/stack_manager_t.h"
39 #include "device/include/interop.h"
40 #include "internal_include/bt_target.h"
41 #include "internal_include/bt_trace.h"
42 #include "osi/include/allocator.h"
43 #include "osi/include/properties.h"
44 #include "stack/include/avrc_api.h"
45 #include "stack/include/avrc_defs.h"
46 #include "stack/include/bt_hdr.h"
47 #include "stack/include/bt_psm_types.h"
48 #include "stack/include/bt_types.h"
49 #include "stack/include/bt_uuid16.h"
50 #include "stack/include/btm_sec_api_types.h"
51 #include "stack/include/l2cap_interface.h"
52 #include "stack/include/sdpdefs.h"
53 #include "stack/include/stack_metrics_logging.h"
54 #include "stack/sdp/internal/sdp_api.h"
55 #include "stack/sdp/sdpint.h"
56 #include "storage/config_keys.h"
57 #include "types/bluetooth/uuid.h"
58 #include "types/raw_address.h"
59
60 using bluetooth::Uuid;
61 using namespace bluetooth;
62
63 static const uint8_t sdp_base_uuid[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,
64 0x80, 0x00, 0x00, 0x80, 0x5F, 0x9B, 0x34, 0xFB};
65
66 template <typename T>
to_little_endian_array(T x)67 static std::array<char, sizeof(T)> to_little_endian_array(T x) {
68 static_assert(std::is_integral<T>::value, "to_little_endian_array parameter must be integral.");
69 std::array<char, sizeof(T)> array = {};
70 for (size_t i = 0; i < array.size(); i++) {
71 array[i] = static_cast<char>((x >> (8 * i)) & 0xFF);
72 }
73 return array;
74 }
75
76 /**
77 * Find the list of profile versions from Bluetooth Profile Descriptor list
78 * attribute in a SDP record
79 *
80 * @param p_rec SDP record to search
81 * @return a vector of <UUID, VERSION> pairs, empty if not found
82 */
sdpu_find_profile_version(tSDP_DISC_REC * p_rec)83 static std::vector<std::pair<uint16_t, uint16_t>> sdpu_find_profile_version(tSDP_DISC_REC* p_rec) {
84 std::vector<std::pair<uint16_t, uint16_t>> result;
85 for (tSDP_DISC_ATTR* p_attr = p_rec->p_first_attr; p_attr != nullptr;
86 p_attr = p_attr->p_next_attr) {
87 // Find the profile descriptor list */
88 if (p_attr->attr_id != ATTR_ID_BT_PROFILE_DESC_LIST ||
89 SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != DATA_ELE_SEQ_DESC_TYPE) {
90 continue;
91 }
92 // Walk through the protocol descriptor list
93 for (tSDP_DISC_ATTR* p_sattr = p_attr->attr_value.v.p_sub_attr; p_sattr != nullptr;
94 p_sattr = p_sattr->p_next_attr) {
95 // Safety check - each entry should itself be a sequence
96 if (SDP_DISC_ATTR_TYPE(p_sattr->attr_len_type) != DATA_ELE_SEQ_DESC_TYPE) {
97 log::warn("Descriptor type is not sequence: 0x{:x}",
98 SDP_DISC_ATTR_TYPE(p_sattr->attr_len_type));
99 return std::vector<std::pair<uint16_t, uint16_t>>();
100 }
101 // Now, see if the entry contains the profile UUID we are interested in
102 for (tSDP_DISC_ATTR* p_ssattr = p_sattr->attr_value.v.p_sub_attr; p_ssattr != nullptr;
103 p_ssattr = p_ssattr->p_next_attr) {
104 if (SDP_DISC_ATTR_TYPE(p_ssattr->attr_len_type) != UUID_DESC_TYPE ||
105 SDP_DISC_ATTR_LEN(p_ssattr->attr_len_type) != 2) {
106 continue;
107 }
108 uint16_t uuid = p_ssattr->attr_value.v.u16;
109 // Next attribute should be the version attribute
110 tSDP_DISC_ATTR* version_attr = p_ssattr->p_next_attr;
111 if (version_attr == nullptr ||
112 SDP_DISC_ATTR_TYPE(version_attr->attr_len_type) != UINT_DESC_TYPE ||
113 SDP_DISC_ATTR_LEN(version_attr->attr_len_type) != 2) {
114 if (version_attr == nullptr) {
115 log::warn("version attr not found");
116 } else {
117 log::warn("Bad version type 0x{:x}, or length {}",
118 SDP_DISC_ATTR_TYPE(version_attr->attr_len_type),
119 SDP_DISC_ATTR_LEN(version_attr->attr_len_type));
120 }
121 return std::vector<std::pair<uint16_t, uint16_t>>();
122 }
123 // High order 8 bits is the major number, low order is the
124 // minor number (big endian)
125 uint16_t version = version_attr->attr_value.v.u16;
126 result.emplace_back(uuid, version);
127 }
128 }
129 }
130 return result;
131 }
132
133 /**
134 * Find the most specific 16-bit service uuid represented by a SDP record
135 *
136 * @param p_rec pointer to a SDP record
137 * @return most specific 16-bit service uuid, 0 if not found
138 */
sdpu_find_most_specific_service_uuid(tSDP_DISC_REC * p_rec)139 static uint16_t sdpu_find_most_specific_service_uuid(tSDP_DISC_REC* p_rec) {
140 for (tSDP_DISC_ATTR* p_attr = p_rec->p_first_attr; p_attr != nullptr;
141 p_attr = p_attr->p_next_attr) {
142 if (p_attr->attr_id == ATTR_ID_SERVICE_CLASS_ID_LIST &&
143 SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
144 tSDP_DISC_ATTR* p_first_attr = p_attr->attr_value.v.p_sub_attr;
145 if (p_first_attr == nullptr) {
146 return 0;
147 }
148 if (SDP_DISC_ATTR_TYPE(p_first_attr->attr_len_type) == UUID_DESC_TYPE &&
149 SDP_DISC_ATTR_LEN(p_first_attr->attr_len_type) == 2) {
150 return p_first_attr->attr_value.v.u16;
151 } else if (SDP_DISC_ATTR_TYPE(p_first_attr->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
152 // Workaround for Toyota G Block car kit:
153 // It incorrectly puts an extra data element sequence in this attribute
154 for (tSDP_DISC_ATTR* p_extra_sattr = p_first_attr->attr_value.v.p_sub_attr;
155 p_extra_sattr != nullptr; p_extra_sattr = p_extra_sattr->p_next_attr) {
156 // Return the first UUID data element
157 if (SDP_DISC_ATTR_TYPE(p_extra_sattr->attr_len_type) == UUID_DESC_TYPE &&
158 SDP_DISC_ATTR_LEN(p_extra_sattr->attr_len_type) == 2) {
159 return p_extra_sattr->attr_value.v.u16;
160 }
161 }
162 } else {
163 log::warn("Bad Service Class ID list attribute");
164 return 0;
165 }
166 } else if (p_attr->attr_id == ATTR_ID_SERVICE_ID) {
167 if (SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UUID_DESC_TYPE &&
168 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == 2) {
169 return p_attr->attr_value.v.u16;
170 }
171 }
172 }
173 return 0;
174 }
175
sdpu_log_attribute_metrics(const RawAddress & bda,tSDP_DISCOVERY_DB * p_db)176 void sdpu_log_attribute_metrics(const RawAddress& bda, tSDP_DISCOVERY_DB* p_db) {
177 log::assert_that(p_db != nullptr, "assert failed: p_db != nullptr");
178 bool has_di_record = false;
179 for (tSDP_DISC_REC* p_rec = p_db->p_first_rec; p_rec != nullptr; p_rec = p_rec->p_next_rec) {
180 uint16_t service_uuid = sdpu_find_most_specific_service_uuid(p_rec);
181 if (service_uuid == 0) {
182 log::info("skipping record without service uuid {}", bda);
183 continue;
184 }
185 // Log the existence of a profile role
186 // This can be different from Bluetooth Profile Descriptor List
187 log_sdp_attribute(bda, service_uuid, 0, 0, nullptr);
188 // Log profile version from Bluetooth Profile Descriptor List
189 auto uuid_version_array = sdpu_find_profile_version(p_rec);
190 for (const auto& uuid_version_pair : uuid_version_array) {
191 uint16_t profile_uuid = uuid_version_pair.first;
192 uint16_t version = uuid_version_pair.second;
193 auto version_array = to_little_endian_array(version);
194 log_sdp_attribute(bda, profile_uuid, ATTR_ID_BT_PROFILE_DESC_LIST, version_array.size(),
195 version_array.data());
196 }
197 // Log protocol version from Protocol Descriptor List
198 uint16_t protocol_uuid = 0;
199 switch (service_uuid) {
200 case UUID_SERVCLASS_AUDIO_SOURCE:
201 case UUID_SERVCLASS_AUDIO_SINK:
202 protocol_uuid = UUID_PROTOCOL_AVDTP;
203 break;
204 case UUID_SERVCLASS_AV_REMOTE_CONTROL:
205 case UUID_SERVCLASS_AV_REM_CTRL_CONTROL:
206 case UUID_SERVCLASS_AV_REM_CTRL_TARGET:
207 protocol_uuid = UUID_PROTOCOL_AVCTP;
208 break;
209 case UUID_SERVCLASS_PANU:
210 case UUID_SERVCLASS_GN:
211 protocol_uuid = UUID_PROTOCOL_BNEP;
212 break;
213 }
214 if (protocol_uuid != 0) {
215 tSDP_PROTOCOL_ELEM protocol_elements = {};
216 if (SDP_FindProtocolListElemInRec(p_rec, protocol_uuid, &protocol_elements)) {
217 if (protocol_elements.num_params >= 1) {
218 uint16_t version = protocol_elements.params[0];
219 auto version_array = to_little_endian_array(version);
220 log_sdp_attribute(bda, protocol_uuid, ATTR_ID_PROTOCOL_DESC_LIST, version_array.size(),
221 version_array.data());
222 }
223 }
224 }
225 // Log profile supported features from various supported feature attributes
226 switch (service_uuid) {
227 case UUID_SERVCLASS_AG_HANDSFREE:
228 case UUID_SERVCLASS_HF_HANDSFREE:
229 case UUID_SERVCLASS_AV_REMOTE_CONTROL:
230 case UUID_SERVCLASS_AV_REM_CTRL_CONTROL:
231 case UUID_SERVCLASS_AV_REM_CTRL_TARGET:
232 case UUID_SERVCLASS_AUDIO_SOURCE:
233 case UUID_SERVCLASS_AUDIO_SINK: {
234 tSDP_DISC_ATTR* p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
235 if (p_attr == nullptr || SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != UINT_DESC_TYPE ||
236 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) < 2) {
237 break;
238 }
239 uint16_t supported_features = p_attr->attr_value.v.u16;
240 auto version_array = to_little_endian_array(supported_features);
241 log_sdp_attribute(bda, service_uuid, ATTR_ID_SUPPORTED_FEATURES, version_array.size(),
242 version_array.data());
243 break;
244 }
245 case UUID_SERVCLASS_MESSAGE_NOTIFICATION:
246 case UUID_SERVCLASS_MESSAGE_ACCESS: {
247 tSDP_DISC_ATTR* p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_MAP_SUPPORTED_FEATURES);
248 if (p_attr == nullptr || SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != UINT_DESC_TYPE ||
249 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) < 4) {
250 break;
251 }
252 uint32_t map_supported_features = p_attr->attr_value.v.u32;
253 auto features_array = to_little_endian_array(map_supported_features);
254 log_sdp_attribute(bda, service_uuid, ATTR_ID_MAP_SUPPORTED_FEATURES, features_array.size(),
255 features_array.data());
256 break;
257 }
258 case UUID_SERVCLASS_PBAP_PCE:
259 case UUID_SERVCLASS_PBAP_PSE: {
260 tSDP_DISC_ATTR* p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_PBAP_SUPPORTED_FEATURES);
261 if (p_attr == nullptr || SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) != UINT_DESC_TYPE ||
262 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) < 4) {
263 break;
264 }
265 uint32_t pbap_supported_features = p_attr->attr_value.v.u32;
266 auto features_array = to_little_endian_array(pbap_supported_features);
267 log_sdp_attribute(bda, service_uuid, ATTR_ID_PBAP_SUPPORTED_FEATURES, features_array.size(),
268 features_array.data());
269 break;
270 }
271 }
272 if (service_uuid == UUID_SERVCLASS_PNP_INFORMATION) {
273 has_di_record = true;
274 }
275 }
276 // Log the first DI record if there is one
277 if (has_di_record) {
278 tSDP_DI_GET_RECORD di_record = {};
279 if (SDP_GetDiRecord(1, &di_record, p_db) == tSDP_STATUS::SDP_SUCCESS) {
280 auto version_array = to_little_endian_array(di_record.spec_id);
281 log_sdp_attribute(bda, UUID_SERVCLASS_PNP_INFORMATION, ATTR_ID_SPECIFICATION_ID,
282 version_array.size(), version_array.data());
283 std::stringstream ss;
284 // [N - native]::SDP::[DIP - Device ID Profile]
285 ss << "N:SDP::DIP::" << loghex(di_record.rec.vendor_id_source);
286 log_manufacturer_info(bda, android::bluetooth::AddressTypeEnum::ADDRESS_TYPE_PUBLIC,
287 android::bluetooth::DeviceInfoSrcEnum::DEVICE_INFO_INTERNAL, ss.str(),
288 loghex(di_record.rec.vendor), loghex(di_record.rec.product),
289 loghex(di_record.rec.version), "");
290
291 std::string bda_string = bda.ToString();
292 // write manufacturer, model, HW version to config
293 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_MANUFACTURER, di_record.rec.vendor);
294 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_MODEL, di_record.rec.product);
295 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_HW_VERSION, di_record.rec.version);
296 btif_config_set_int(bda_string, BTIF_STORAGE_KEY_SDP_DI_VENDOR_ID_SRC,
297 di_record.rec.vendor_id_source);
298 }
299 }
300 }
301
302 /*******************************************************************************
303 *
304 * Function sdpu_find_ccb_by_cid
305 *
306 * Description This function searches the CCB table for an entry with the
307 * passed CID.
308 *
309 * Returns the CCB address, or NULL if not found.
310 *
311 ******************************************************************************/
sdpu_find_ccb_by_cid(uint16_t cid)312 tCONN_CB* sdpu_find_ccb_by_cid(uint16_t cid) {
313 uint16_t xx;
314 tCONN_CB* p_ccb{};
315
316 /* Look through each connection control block */
317 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
318 if ((p_ccb->con_state != tSDP_STATE::IDLE) && (p_ccb->con_state != tSDP_STATE::CONN_PEND) &&
319 (p_ccb->connection_id == cid)) {
320 return p_ccb;
321 }
322 }
323
324 /* If here, not found */
325 return NULL;
326 }
327
328 /*******************************************************************************
329 *
330 * Function sdpu_find_ccb_by_db
331 *
332 * Description This function searches the CCB table for an entry with the
333 * passed discovery db.
334 *
335 * Returns the CCB address, or NULL if not found.
336 *
337 ******************************************************************************/
sdpu_find_ccb_by_db(const tSDP_DISCOVERY_DB * p_db)338 tCONN_CB* sdpu_find_ccb_by_db(const tSDP_DISCOVERY_DB* p_db) {
339 uint16_t xx;
340 tCONN_CB* p_ccb{};
341
342 if (p_db) {
343 /* Look through each connection control block */
344 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
345 if ((p_ccb->con_state != tSDP_STATE::IDLE) && (p_ccb->p_db == p_db)) {
346 return p_ccb;
347 }
348 }
349 }
350 /* If here, not found */
351 return NULL;
352 }
353
354 /*******************************************************************************
355 *
356 * Function sdpu_allocate_ccb
357 *
358 * Description This function allocates a new CCB.
359 *
360 * Returns CCB address, or NULL if none available.
361 *
362 ******************************************************************************/
sdpu_allocate_ccb(void)363 tCONN_CB* sdpu_allocate_ccb(void) {
364 uint16_t xx;
365 tCONN_CB* p_ccb{};
366
367 /* Look through each connection control block for a free one */
368 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
369 if (p_ccb->con_state == tSDP_STATE::IDLE) {
370 alarm_t* alarm = p_ccb->sdp_conn_timer;
371 *p_ccb = {};
372 p_ccb->sdp_conn_timer = alarm;
373 return p_ccb;
374 }
375 }
376
377 /* If here, no free CCB found */
378 return NULL;
379 }
380
381 /*******************************************************************************
382 *
383 * Function sdpu_callback
384 *
385 * Description Tell the user if they have a callback
386 *
387 * Returns void
388 *
389 ******************************************************************************/
sdpu_callback(const tCONN_CB & ccb,tSDP_REASON reason)390 void sdpu_callback(const tCONN_CB& ccb, tSDP_REASON reason) {
391 if (ccb.p_cb) {
392 (ccb.p_cb)(ccb.device_address, reason);
393 } else if (ccb.complete_callback) {
394 ccb.complete_callback.Run(ccb.device_address, reason);
395 }
396 }
397
398 /*******************************************************************************
399 *
400 * Function sdpu_release_ccb
401 *
402 * Description This function releases a CCB.
403 *
404 * Returns void
405 *
406 ******************************************************************************/
sdpu_release_ccb(tCONN_CB & ccb)407 void sdpu_release_ccb(tCONN_CB& ccb) {
408 /* Ensure timer is stopped */
409 alarm_cancel(ccb.sdp_conn_timer);
410
411 /* Drop any response pointer we may be holding */
412 ccb.con_state = tSDP_STATE::IDLE;
413 ccb.is_attr_search = false;
414
415 /* Free the response buffer */
416 if (ccb.rsp_list) {
417 log::verbose("releasing SDP rsp_list");
418 }
419 osi_free_and_reset(reinterpret_cast<void**>(&ccb.rsp_list));
420 }
421
422 /*******************************************************************************
423 *
424 * Function sdpu_dump_all_ccb
425 *
426 * Description Dump relevant data for all control blocks.
427 *
428 * Returns void
429 *
430 ******************************************************************************/
sdpu_dump_all_ccb()431 void sdpu_dump_all_ccb() {
432 uint16_t xx{};
433 tCONN_CB* p_ccb{};
434
435 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
436 log::info("peer:{} cid:{} state:{} flags:{} ", p_ccb->device_address, p_ccb->connection_id,
437 sdp_state_text(p_ccb->con_state), sdp_flags_text(p_ccb->con_flags));
438 }
439 }
440
441 /*******************************************************************************
442 *
443 * Function sdpu_get_active_ccb_cid
444 *
445 * Description This function checks if any sdp connecting is there for
446 * same remote and returns cid if its available
447 *
448 * RawAddress : Remote address
449 *
450 * Returns returns cid if any active sdp connection, else 0.
451 *
452 ******************************************************************************/
sdpu_get_active_ccb_cid(const RawAddress & bd_addr)453 uint16_t sdpu_get_active_ccb_cid(const RawAddress& bd_addr) {
454 uint16_t xx;
455 tCONN_CB* p_ccb{};
456
457 // Look through each connection control block for active sdp on given remote
458 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
459 if ((p_ccb->con_state == tSDP_STATE::CONN_SETUP) ||
460 (p_ccb->con_state == tSDP_STATE::CFG_SETUP) ||
461 (p_ccb->con_state == tSDP_STATE::CONNECTED)) {
462 if (p_ccb->con_flags & SDP_FLAGS_IS_ORIG && p_ccb->device_address == bd_addr) {
463 return p_ccb->connection_id;
464 }
465 }
466 }
467
468 // No active sdp channel for this remote
469 return 0;
470 }
471
472 /*******************************************************************************
473 *
474 * Function sdpu_process_pend_ccb
475 *
476 * Description This function process if any sdp ccb pending for connection
477 * and reuse the same connection id
478 *
479 * tCONN_CB&: connection control block that trigget the process
480 *
481 * Returns returns true if any pending ccb, else false.
482 *
483 ******************************************************************************/
sdpu_process_pend_ccb_same_cid(const tCONN_CB & ccb)484 bool sdpu_process_pend_ccb_same_cid(const tCONN_CB& ccb) {
485 uint16_t xx;
486 tCONN_CB* p_ccb{};
487
488 // Look through each connection control block for active sdp on given remote
489 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
490 if ((p_ccb->con_state == tSDP_STATE::CONN_PEND) &&
491 (p_ccb->connection_id == ccb.connection_id) && (p_ccb->con_flags & SDP_FLAGS_IS_ORIG)) {
492 p_ccb->con_state = tSDP_STATE::CONNECTED;
493 sdp_disc_connected(p_ccb);
494 return true;
495 }
496 }
497 // No pending SDP channel for this remote
498 return false;
499 }
500
501 /*******************************************************************************
502 *
503 * Function sdpu_process_pend_ccb_new_cid
504 *
505 * Description This function process if any sdp ccb pending for connection
506 * and update their connection id with a new L2CA connection
507 *
508 * tCONN_CB&: connection control block that trigget the process
509 *
510 * Returns returns true if any pending ccb, else false.
511 *
512 ******************************************************************************/
sdpu_process_pend_ccb_new_cid(const tCONN_CB & ccb)513 bool sdpu_process_pend_ccb_new_cid(const tCONN_CB& ccb) {
514 uint16_t xx;
515 tCONN_CB* p_ccb{};
516 uint16_t new_cid = 0;
517 bool new_conn = false;
518
519 // Look through each ccb to replace the obsolete cid with a new one.
520 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
521 if ((p_ccb->con_state == tSDP_STATE::CONN_PEND) &&
522 (p_ccb->connection_id == ccb.connection_id) && (p_ccb->con_flags & SDP_FLAGS_IS_ORIG)) {
523 if (!new_conn) {
524 // Only change state of the first ccb
525 p_ccb->con_state = tSDP_STATE::CONN_SETUP;
526 new_cid = stack::l2cap::get_interface().L2CA_ConnectReqWithSecurity(
527 BT_PSM_SDP, p_ccb->device_address, BTM_SEC_NONE);
528 new_conn = true;
529 }
530 // Check if L2CAP started the connection process
531 if (new_cid != 0) {
532 // update alls cid to the new one for future reference
533 p_ccb->connection_id = new_cid;
534 } else {
535 sdpu_callback(*p_ccb, tSDP_STATUS::SDP_CONN_FAILED);
536 sdpu_release_ccb(*p_ccb);
537 }
538 }
539 }
540 return new_conn && new_cid != 0;
541 }
542
543 /*******************************************************************************
544 *
545 * Function sdpu_clear_pend_ccb
546 *
547 * Description This function releases if any sdp ccb pending for connection
548 *
549 * uint16_t : Remote CID
550 *
551 * Returns returns none.
552 *
553 ******************************************************************************/
sdpu_clear_pend_ccb(const tCONN_CB & ccb)554 void sdpu_clear_pend_ccb(const tCONN_CB& ccb) {
555 uint16_t xx;
556 tCONN_CB* p_ccb{};
557
558 // Look through each connection control block for active sdp on given remote
559 for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
560 if ((p_ccb->con_state == tSDP_STATE::CONN_PEND) &&
561 (p_ccb->connection_id == ccb.connection_id) && (p_ccb->con_flags & SDP_FLAGS_IS_ORIG)) {
562 sdpu_callback(*p_ccb, tSDP_STATUS::SDP_CONN_FAILED);
563 sdpu_release_ccb(*p_ccb);
564 }
565 }
566 return;
567 }
568
569 /*******************************************************************************
570 *
571 * Function sdpu_build_attrib_seq
572 *
573 * Description This function builds an attribute sequence from the list of
574 * passed attributes. It is also passed the address of the
575 * output buffer.
576 *
577 * Returns Pointer to next byte in the output buffer.
578 *
579 ******************************************************************************/
sdpu_build_attrib_seq(uint8_t * p_out,uint16_t * p_attr,uint16_t num_attrs)580 uint8_t* sdpu_build_attrib_seq(uint8_t* p_out, uint16_t* p_attr, uint16_t num_attrs) {
581 uint16_t xx;
582
583 /* First thing is the data element header. See if the length fits 1 byte */
584 /* If no attributes, assume a 4-byte wildcard */
585 if (!p_attr) {
586 xx = 5;
587 } else {
588 xx = num_attrs * 3;
589 }
590
591 if (xx > 255) {
592 UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_WORD);
593 UINT16_TO_BE_STREAM(p_out, xx);
594 } else {
595 UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
596 UINT8_TO_BE_STREAM(p_out, xx);
597 }
598
599 /* If there are no attributes specified, assume caller wants wildcard */
600 if (!p_attr) {
601 UINT8_TO_BE_STREAM(p_out, (UINT_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
602 UINT16_TO_BE_STREAM(p_out, 0);
603 UINT16_TO_BE_STREAM(p_out, 0xFFFF);
604 } else {
605 /* Loop through and put in all the attributes(s) */
606 for (xx = 0; xx < num_attrs; xx++, p_attr++) {
607 UINT8_TO_BE_STREAM(p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
608 UINT16_TO_BE_STREAM(p_out, *p_attr);
609 }
610 }
611
612 return p_out;
613 }
614
615 /*******************************************************************************
616 *
617 * Function sdpu_build_attrib_entry
618 *
619 * Description This function builds an attribute entry from the passed
620 * attribute record. It is also passed the address of the
621 * output buffer.
622 *
623 * Returns Pointer to next byte in the output buffer.
624 *
625 ******************************************************************************/
sdpu_build_attrib_entry(uint8_t * p_out,const tSDP_ATTRIBUTE * p_attr)626 uint8_t* sdpu_build_attrib_entry(uint8_t* p_out, const tSDP_ATTRIBUTE* p_attr) {
627 /* First, store the attribute ID. Goes as a UINT */
628 UINT8_TO_BE_STREAM(p_out, (UINT_DESC_TYPE << 3) | SIZE_TWO_BYTES);
629 UINT16_TO_BE_STREAM(p_out, p_attr->id);
630
631 /* the attribute is in the db record.
632 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
633 switch (p_attr->type) {
634 case TEXT_STR_DESC_TYPE: /* 4 */
635 case DATA_ELE_SEQ_DESC_TYPE: /* 6 */
636 case DATA_ELE_ALT_DESC_TYPE: /* 7 */
637 case URL_DESC_TYPE: /* 8 */
638 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
639 if (p_attr->len > 0xFFFF) {
640 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_LONG);
641 UINT32_TO_BE_STREAM(p_out, p_attr->len);
642 } else
643 #endif /* 0xFFFF - 0xFF */
644 #if (SDP_MAX_ATTR_LEN > 0xFF)
645 if (p_attr->len > 0xFF) {
646 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_WORD);
647 UINT16_TO_BE_STREAM(p_out, p_attr->len);
648 } else
649 #endif /* 0xFF and less*/
650 {
651 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
652 UINT8_TO_BE_STREAM(p_out, p_attr->len);
653 }
654
655 if (p_attr->value_ptr != NULL) {
656 ARRAY_TO_BE_STREAM(p_out, p_attr->value_ptr, (int)p_attr->len);
657 }
658
659 return p_out;
660 }
661
662 /* Now, store the attribute value */
663 switch (p_attr->len) {
664 case 1:
665 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_ONE_BYTE);
666 break;
667 case 2:
668 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_TWO_BYTES);
669 break;
670 case 4:
671 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_FOUR_BYTES);
672 break;
673 case 8:
674 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_EIGHT_BYTES);
675 break;
676 case 16:
677 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_SIXTEEN_BYTES);
678 break;
679 default:
680 UINT8_TO_BE_STREAM(p_out, (p_attr->type << 3) | SIZE_IN_NEXT_BYTE);
681 UINT8_TO_BE_STREAM(p_out, p_attr->len);
682 break;
683 }
684
685 if (p_attr->value_ptr != NULL) {
686 ARRAY_TO_BE_STREAM(p_out, p_attr->value_ptr, (int)p_attr->len);
687 }
688
689 return p_out;
690 }
691
692 /*******************************************************************************
693 *
694 * Function sdpu_build_n_send_error
695 *
696 * Description This function builds and sends an error packet.
697 *
698 * Returns void
699 *
700 ******************************************************************************/
sdpu_build_n_send_error(tCONN_CB * p_ccb,uint16_t trans_num,tSDP_STATUS error_code,char * p_error_text)701 void sdpu_build_n_send_error(tCONN_CB* p_ccb, uint16_t trans_num, tSDP_STATUS error_code,
702 char* p_error_text) {
703 uint8_t *p_rsp, *p_rsp_start, *p_rsp_param_len;
704 uint16_t rsp_param_len;
705 BT_HDR* p_buf = reinterpret_cast<BT_HDR*>(osi_malloc(SDP_DATA_BUF_SIZE));
706
707 log::warn("SDP - sdpu_build_n_send_error code: 0x{:x} CID: 0x{:x}", error_code,
708 p_ccb->connection_id);
709
710 /* Send the packet to L2CAP */
711 p_buf->offset = L2CAP_MIN_OFFSET;
712 p_rsp = p_rsp_start = reinterpret_cast<uint8_t*>(p_buf + 1) + L2CAP_MIN_OFFSET;
713
714 UINT8_TO_BE_STREAM(p_rsp, SDP_PDU_ERROR_RESPONSE);
715 UINT16_TO_BE_STREAM(p_rsp, trans_num);
716
717 /* Skip the parameter length, we need to add it at the end */
718 p_rsp_param_len = p_rsp;
719 p_rsp += 2;
720
721 const uint16_t response = static_cast<uint16_t>(error_code);
722 UINT16_TO_BE_STREAM(p_rsp, response);
723
724 /* Unplugfest example traces do not have any error text */
725 if (p_error_text) {
726 ARRAY_TO_BE_STREAM(p_rsp, p_error_text, (int)strlen(p_error_text));
727 }
728
729 /* Go back and put the parameter length into the buffer */
730 rsp_param_len = p_rsp - p_rsp_param_len - 2;
731 UINT16_TO_BE_STREAM(p_rsp_param_len, rsp_param_len);
732
733 /* Set the length of the SDP data in the buffer */
734 p_buf->len = p_rsp - p_rsp_start;
735
736 /* Send the buffer through L2CAP */
737 if (stack::l2cap::get_interface().L2CA_DataWrite(p_ccb->connection_id, p_buf) !=
738 tL2CAP_DW_RESULT::SUCCESS) {
739 log::warn("Unable to write L2CAP data cid:{}", p_ccb->connection_id);
740 }
741 }
742
743 /*******************************************************************************
744 *
745 * Function sdpu_extract_uid_seq
746 *
747 * Description This function extracts a UUID sequence from the passed input
748 * buffer, and puts it into the passed output list.
749 *
750 * Returns Pointer to next byte in the input buffer after the sequence.
751 *
752 ******************************************************************************/
sdpu_extract_uid_seq(uint8_t * p,uint16_t param_len,tSDP_UUID_SEQ * p_seq)753 uint8_t* sdpu_extract_uid_seq(uint8_t* p, uint16_t param_len, tSDP_UUID_SEQ* p_seq) {
754 uint8_t* p_seq_end;
755 uint8_t descr, type, size;
756 uint32_t seq_len, uuid_len;
757
758 /* Assume none found */
759 p_seq->num_uids = 0;
760
761 /* A UID sequence is composed of a bunch of UIDs. */
762 if (sizeof(descr) > param_len) {
763 return NULL;
764 }
765 param_len -= sizeof(descr);
766
767 BE_STREAM_TO_UINT8(descr, p);
768 type = descr >> 3;
769 size = descr & 7;
770
771 if (type != DATA_ELE_SEQ_DESC_TYPE) {
772 return NULL;
773 }
774
775 switch (size) {
776 case SIZE_TWO_BYTES:
777 seq_len = 2;
778 break;
779 case SIZE_FOUR_BYTES:
780 seq_len = 4;
781 break;
782 case SIZE_SIXTEEN_BYTES:
783 seq_len = 16;
784 break;
785 case SIZE_IN_NEXT_BYTE:
786 if (sizeof(uint8_t) > param_len) {
787 return NULL;
788 }
789 param_len -= sizeof(uint8_t);
790 BE_STREAM_TO_UINT8(seq_len, p);
791 break;
792 case SIZE_IN_NEXT_WORD:
793 if (sizeof(uint16_t) > param_len) {
794 return NULL;
795 }
796 param_len -= sizeof(uint16_t);
797 BE_STREAM_TO_UINT16(seq_len, p);
798 break;
799 case SIZE_IN_NEXT_LONG:
800 if (sizeof(uint32_t) > param_len) {
801 return NULL;
802 }
803 param_len -= sizeof(uint32_t);
804 BE_STREAM_TO_UINT32(seq_len, p);
805 break;
806 default:
807 return NULL;
808 }
809
810 if (seq_len > param_len) {
811 return NULL;
812 }
813
814 p_seq_end = p + seq_len;
815
816 /* Loop through, extracting the UIDs */
817 for (; p < p_seq_end;) {
818 BE_STREAM_TO_UINT8(descr, p);
819 type = descr >> 3;
820 size = descr & 7;
821
822 if (type != UUID_DESC_TYPE) {
823 return NULL;
824 }
825
826 switch (size) {
827 case SIZE_TWO_BYTES:
828 uuid_len = 2;
829 break;
830 case SIZE_FOUR_BYTES:
831 uuid_len = 4;
832 break;
833 case SIZE_SIXTEEN_BYTES:
834 uuid_len = 16;
835 break;
836 case SIZE_IN_NEXT_BYTE:
837 if (p + sizeof(uint8_t) > p_seq_end) {
838 return NULL;
839 }
840 BE_STREAM_TO_UINT8(uuid_len, p);
841 break;
842 case SIZE_IN_NEXT_WORD:
843 if (p + sizeof(uint16_t) > p_seq_end) {
844 return NULL;
845 }
846 BE_STREAM_TO_UINT16(uuid_len, p);
847 break;
848 case SIZE_IN_NEXT_LONG:
849 if (p + sizeof(uint32_t) > p_seq_end) {
850 return NULL;
851 }
852 BE_STREAM_TO_UINT32(uuid_len, p);
853 break;
854 default:
855 return NULL;
856 }
857
858 /* If UUID length is valid, copy it across */
859 if (((uuid_len == 2) || (uuid_len == 4) || (uuid_len == 16)) && (p + uuid_len <= p_seq_end)) {
860 p_seq->uuid_entry[p_seq->num_uids].len = (uint16_t)uuid_len;
861 BE_STREAM_TO_ARRAY(p, p_seq->uuid_entry[p_seq->num_uids].value, (int)uuid_len);
862 p_seq->num_uids++;
863 } else {
864 return NULL;
865 }
866
867 /* We can only do so many */
868 if (p_seq->num_uids >= MAX_UUIDS_PER_SEQ) {
869 return NULL;
870 }
871 }
872
873 if (p != p_seq_end) {
874 return NULL;
875 }
876
877 return p;
878 }
879
880 /*******************************************************************************
881 *
882 * Function sdpu_extract_attr_seq
883 *
884 * Description This function extracts an attribute sequence from the passed
885 * input buffer, and puts it into the passed output list.
886 *
887 * Returns Pointer to next byte in the input buffer after the sequence.
888 *
889 ******************************************************************************/
sdpu_extract_attr_seq(uint8_t * p,uint16_t param_len,tSDP_ATTR_SEQ * p_seq)890 uint8_t* sdpu_extract_attr_seq(uint8_t* p, uint16_t param_len, tSDP_ATTR_SEQ* p_seq) {
891 uint8_t* p_end_list;
892 uint8_t descr, type, size;
893 uint32_t list_len, attr_len;
894
895 /* Assume none found */
896 p_seq->num_attr = 0;
897
898 /* Get attribute sequence info */
899 if (param_len < sizeof(descr)) {
900 return NULL;
901 }
902 param_len -= sizeof(descr);
903 BE_STREAM_TO_UINT8(descr, p);
904 type = descr >> 3;
905 size = descr & 7;
906
907 if (type != DATA_ELE_SEQ_DESC_TYPE) {
908 return NULL;
909 }
910
911 switch (size) {
912 case SIZE_IN_NEXT_BYTE:
913 if (param_len < sizeof(uint8_t)) {
914 return NULL;
915 }
916 param_len -= sizeof(uint8_t);
917 BE_STREAM_TO_UINT8(list_len, p);
918 break;
919
920 case SIZE_IN_NEXT_WORD:
921 if (param_len < sizeof(uint16_t)) {
922 return NULL;
923 }
924 param_len -= sizeof(uint16_t);
925 BE_STREAM_TO_UINT16(list_len, p);
926 break;
927
928 case SIZE_IN_NEXT_LONG:
929 if (param_len < sizeof(uint32_t)) {
930 return NULL;
931 }
932 param_len -= sizeof(uint32_t);
933 BE_STREAM_TO_UINT32(list_len, p);
934 break;
935
936 default:
937 return NULL;
938 }
939
940 if (list_len > param_len) {
941 return NULL;
942 }
943
944 p_end_list = p + list_len;
945
946 /* Loop through, extracting the attribute IDs */
947 for (; p < p_end_list;) {
948 BE_STREAM_TO_UINT8(descr, p);
949 type = descr >> 3;
950 size = descr & 7;
951
952 if (type != UINT_DESC_TYPE) {
953 return NULL;
954 }
955
956 switch (size) {
957 case SIZE_TWO_BYTES:
958 attr_len = 2;
959 break;
960 case SIZE_FOUR_BYTES:
961 attr_len = 4;
962 break;
963 case SIZE_IN_NEXT_BYTE:
964 if (p + sizeof(uint8_t) > p_end_list) {
965 return NULL;
966 }
967 BE_STREAM_TO_UINT8(attr_len, p);
968 break;
969 case SIZE_IN_NEXT_WORD:
970 if (p + sizeof(uint16_t) > p_end_list) {
971 return NULL;
972 }
973 BE_STREAM_TO_UINT16(attr_len, p);
974 break;
975 case SIZE_IN_NEXT_LONG:
976 if (p + sizeof(uint32_t) > p_end_list) {
977 return NULL;
978 }
979 BE_STREAM_TO_UINT32(attr_len, p);
980 break;
981 default:
982 return NULL;
983 break;
984 }
985
986 /* Attribute length must be 2-bytes or 4-bytes for a paired entry. */
987 if (p + attr_len > p_end_list) {
988 return NULL;
989 }
990 if (attr_len == 2) {
991 BE_STREAM_TO_UINT16(p_seq->attr_entry[p_seq->num_attr].start, p);
992 p_seq->attr_entry[p_seq->num_attr].end = p_seq->attr_entry[p_seq->num_attr].start;
993 } else if (attr_len == 4) {
994 BE_STREAM_TO_UINT16(p_seq->attr_entry[p_seq->num_attr].start, p);
995 BE_STREAM_TO_UINT16(p_seq->attr_entry[p_seq->num_attr].end, p);
996 } else {
997 return NULL;
998 }
999
1000 /* We can only do so many */
1001 if (++p_seq->num_attr >= MAX_ATTR_PER_SEQ) {
1002 return NULL;
1003 }
1004 }
1005
1006 return p;
1007 }
1008
1009 /*******************************************************************************
1010 *
1011 * Function sdpu_get_len_from_type
1012 *
1013 * Description This function gets the data length given the element
1014 * header.
1015 *
1016 * @param p Start of the SDP attribute bytestream
1017 * p_end End of the SDP attribute bytestream
1018 * type Attribute element header
1019 * p_len Data size indicated by element header
1020 *
1021 * @return pointer to the start of the data or nullptr on failure
1022 *
1023 ******************************************************************************/
sdpu_get_len_from_type(uint8_t * p,uint8_t * p_end,uint8_t type,uint32_t * p_len)1024 uint8_t* sdpu_get_len_from_type(uint8_t* p, uint8_t* p_end, uint8_t type, uint32_t* p_len) {
1025 uint8_t u8;
1026 uint16_t u16;
1027 uint32_t u32;
1028
1029 switch (type & 7) {
1030 case SIZE_ONE_BYTE:
1031 if (com::android::bluetooth::flags::stack_sdp_detect_nil_property_type()) {
1032 // Return NIL type if appropriate
1033 *p_len = (type == 0) ? 0 : sizeof(uint8_t);
1034 } else {
1035 *p_len = 1;
1036 }
1037 break;
1038 case SIZE_TWO_BYTES:
1039 *p_len = 2;
1040 break;
1041 case SIZE_FOUR_BYTES:
1042 *p_len = 4;
1043 break;
1044 case SIZE_EIGHT_BYTES:
1045 *p_len = 8;
1046 break;
1047 case SIZE_SIXTEEN_BYTES:
1048 *p_len = 16;
1049 break;
1050 case SIZE_IN_NEXT_BYTE:
1051 if (p + 1 > p_end) {
1052 *p_len = 0;
1053 return NULL;
1054 }
1055 BE_STREAM_TO_UINT8(u8, p);
1056 *p_len = u8;
1057 break;
1058 case SIZE_IN_NEXT_WORD:
1059 if (p + 2 > p_end) {
1060 *p_len = 0;
1061 return NULL;
1062 }
1063 BE_STREAM_TO_UINT16(u16, p);
1064 *p_len = u16;
1065 break;
1066 case SIZE_IN_NEXT_LONG:
1067 if (p + 4 > p_end) {
1068 *p_len = 0;
1069 return NULL;
1070 }
1071 BE_STREAM_TO_UINT32(u32, p);
1072 *p_len = (uint16_t)u32;
1073 break;
1074 }
1075
1076 return p;
1077 }
1078
1079 /*******************************************************************************
1080 *
1081 * Function sdpu_is_base_uuid
1082 *
1083 * Description This function checks a 128-bit UUID with the base to see if
1084 * it matches. Only the last 12 bytes are compared.
1085 *
1086 * Returns true if matched, else false
1087 *
1088 ******************************************************************************/
sdpu_is_base_uuid(uint8_t * p_uuid)1089 bool sdpu_is_base_uuid(uint8_t* p_uuid) {
1090 uint16_t xx;
1091
1092 for (xx = 4; xx < Uuid::kNumBytes128; xx++) {
1093 if (p_uuid[xx] != sdp_base_uuid[xx]) {
1094 return false;
1095 }
1096 }
1097
1098 /* If here, matched */
1099 return true;
1100 }
1101
1102 /*******************************************************************************
1103 *
1104 * Function sdpu_compare_uuid_arrays
1105 *
1106 * Description This function compares 2 BE UUIDs. If needed, they are
1107 * expanded to 128-bit UUIDs, then compared.
1108 *
1109 * NOTE it is assumed that the arrays are in Big Endian format
1110 *
1111 * Returns true if matched, else false
1112 *
1113 ******************************************************************************/
sdpu_compare_uuid_arrays(const uint8_t * p_uuid1,uint32_t len1,const uint8_t * p_uuid2,uint16_t len2)1114 bool sdpu_compare_uuid_arrays(const uint8_t* p_uuid1, uint32_t len1, const uint8_t* p_uuid2,
1115 uint16_t len2) {
1116 uint8_t nu1[Uuid::kNumBytes128];
1117 uint8_t nu2[Uuid::kNumBytes128];
1118
1119 if (((len1 != 2) && (len1 != 4) && (len1 != 16)) ||
1120 ((len2 != 2) && (len2 != 4) && (len2 != 16))) {
1121 log::error("invalid length");
1122 return false;
1123 }
1124
1125 /* If lengths match, do a straight compare */
1126 if (len1 == len2) {
1127 if (len1 == 2) {
1128 return (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]);
1129 }
1130 if (len1 == 4) {
1131 return (p_uuid1[0] == p_uuid2[0]) && (p_uuid1[1] == p_uuid2[1]) &&
1132 (p_uuid1[2] == p_uuid2[2]) && (p_uuid1[3] == p_uuid2[3]);
1133 } else {
1134 return memcmp(p_uuid1, p_uuid2, static_cast<size_t>(len1)) == 0;
1135 }
1136 } else if (len1 > len2) {
1137 /* If the len1 was 4-byte, (so len2 is 2-byte), compare on the fly */
1138 if (len1 == 4) {
1139 return (p_uuid1[0] == 0) && (p_uuid1[1] == 0) && (p_uuid1[2] == p_uuid2[0]) &&
1140 (p_uuid1[3] == p_uuid2[1]);
1141 } else {
1142 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
1143 memcpy(nu1, p_uuid1, Uuid::kNumBytes128);
1144 memcpy(nu2, sdp_base_uuid, Uuid::kNumBytes128);
1145
1146 if (len2 == 4) {
1147 memcpy(nu2, p_uuid2, len2);
1148 } else if (len2 == 2) {
1149 memcpy(nu2 + 2, p_uuid2, len2);
1150 }
1151
1152 return memcmp(nu1, nu2, Uuid::kNumBytes128) == 0;
1153 }
1154 } else {
1155 /* len2 is greater than len1 */
1156 /* If the len2 was 4-byte, (so len1 is 2-byte), compare on the fly */
1157 if (len2 == 4) {
1158 return (p_uuid2[0] == 0) && (p_uuid2[1] == 0) && (p_uuid2[2] == p_uuid1[0]) &&
1159 (p_uuid2[3] == p_uuid1[1]);
1160 } else {
1161 /* Normalize UUIDs to 16-byte form, then compare. Len1 must be 16 */
1162 memcpy(nu2, p_uuid2, Uuid::kNumBytes128);
1163 memcpy(nu1, sdp_base_uuid, Uuid::kNumBytes128);
1164
1165 if (len1 == 4) {
1166 memcpy(nu1, p_uuid1, static_cast<size_t>(len1));
1167 } else if (len1 == 2) {
1168 memcpy(nu1 + 2, p_uuid1, static_cast<size_t>(len1));
1169 }
1170
1171 return memcmp(nu1, nu2, Uuid::kNumBytes128) == 0;
1172 }
1173 }
1174 }
1175
1176 /*******************************************************************************
1177 *
1178 * Function sdpu_compare_uuid_with_attr
1179 *
1180 * Description This function compares a BT UUID structure with the UUID in
1181 * an SDP attribute record. If needed, they are expanded to
1182 * 128-bit UUIDs, then compared.
1183 *
1184 * NOTE - it is assumed that BT UUID structures are compressed to the
1185 * smallest possible UUIDs (by removing the base SDP UUID).
1186 * - it is also assumed that the discovery atribute is compressed
1187 * to the smallest possible
1188 *
1189 * Returns true if matched, else false
1190 *
1191 ******************************************************************************/
sdpu_compare_uuid_with_attr(const Uuid & uuid,tSDP_DISC_ATTR * p_attr)1192 bool sdpu_compare_uuid_with_attr(const Uuid& uuid, tSDP_DISC_ATTR* p_attr) {
1193 int len = uuid.GetShortestRepresentationSize();
1194 if (len == 2) {
1195 if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == Uuid::kNumBytes16) {
1196 return uuid.As16Bit() == p_attr->attr_value.v.u16;
1197 } else {
1198 log::error("invalid length for 16bit discovery attribute len:{}", len);
1199 return false;
1200 }
1201 }
1202 if (len == 4) {
1203 if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) == Uuid::kNumBytes32) {
1204 return uuid.As32Bit() == p_attr->attr_value.v.u32;
1205 } else {
1206 log::error("invalid length for 32bit discovery attribute len:{}", len);
1207 return false;
1208 }
1209 }
1210
1211 if (SDP_DISC_ATTR_LEN(p_attr->attr_len_type) != Uuid::kNumBytes128) {
1212 log::error("invalid length for 128bit discovery attribute len:{}", len);
1213 return false;
1214 }
1215
1216 if (memcmp(uuid.To128BitBE().data(), static_cast<void*>(p_attr->attr_value.v.array),
1217 Uuid::kNumBytes128) == 0) {
1218 return true;
1219 }
1220
1221 return false;
1222 }
1223
1224 /*******************************************************************************
1225 *
1226 * Function sdpu_sort_attr_list
1227 *
1228 * Description sorts a list of attributes in numeric order from lowest to
1229 * highest to conform to SDP specification
1230 *
1231 * Returns void
1232 *
1233 ******************************************************************************/
sdpu_sort_attr_list(uint16_t num_attr,tSDP_DISCOVERY_DB * p_db)1234 void sdpu_sort_attr_list(uint16_t num_attr, tSDP_DISCOVERY_DB* p_db) {
1235 uint16_t i;
1236 uint16_t x;
1237
1238 /* Done if no attributes to sort */
1239 if (num_attr <= 1) {
1240 return;
1241 } else if (num_attr > SDP_MAX_ATTR_FILTERS) {
1242 num_attr = SDP_MAX_ATTR_FILTERS;
1243 }
1244
1245 num_attr--; /* for the for-loop */
1246 for (i = 0; i < num_attr;) {
1247 if (p_db->attr_filters[i] > p_db->attr_filters[i + 1]) {
1248 /* swap the attribute IDs and start from the beginning */
1249 x = p_db->attr_filters[i];
1250 p_db->attr_filters[i] = p_db->attr_filters[i + 1];
1251 p_db->attr_filters[i + 1] = x;
1252
1253 i = 0;
1254 } else {
1255 i++;
1256 }
1257 }
1258 }
1259
1260 /*******************************************************************************
1261 *
1262 * Function sdpu_get_list_len
1263 *
1264 * Description gets the total list length in the sdp database for a given
1265 * uid sequence and attr sequence
1266 *
1267 * Returns void
1268 *
1269 ******************************************************************************/
sdpu_get_list_len(tSDP_UUID_SEQ * uid_seq,tSDP_ATTR_SEQ * attr_seq)1270 uint16_t sdpu_get_list_len(tSDP_UUID_SEQ* uid_seq, tSDP_ATTR_SEQ* attr_seq) {
1271 const tSDP_RECORD* p_rec;
1272 uint16_t len = 0;
1273 uint16_t len1;
1274
1275 for (p_rec = sdp_db_service_search(NULL, uid_seq); p_rec;
1276 p_rec = sdp_db_service_search(p_rec, uid_seq)) {
1277 len += 3;
1278
1279 len1 = sdpu_get_attrib_seq_len(p_rec, attr_seq);
1280
1281 if (len1 != 0) {
1282 len += len1;
1283 } else {
1284 len -= 3;
1285 }
1286 }
1287 return len;
1288 }
1289
1290 /*******************************************************************************
1291 *
1292 * Function sdpu_get_attrib_seq_len
1293 *
1294 * Description gets the length of the specific attributes in a given
1295 * sdp record
1296 *
1297 * Returns void
1298 *
1299 ******************************************************************************/
sdpu_get_attrib_seq_len(const tSDP_RECORD * p_rec,const tSDP_ATTR_SEQ * attr_seq)1300 uint16_t sdpu_get_attrib_seq_len(const tSDP_RECORD* p_rec, const tSDP_ATTR_SEQ* attr_seq) {
1301 const tSDP_ATTRIBUTE* p_attr;
1302 uint16_t len1 = 0;
1303 uint16_t xx;
1304 bool is_range = false;
1305 uint16_t start_id = 0, end_id = 0;
1306
1307 for (xx = 0; xx < attr_seq->num_attr; xx++) {
1308 if (!is_range) {
1309 start_id = attr_seq->attr_entry[xx].start;
1310 end_id = attr_seq->attr_entry[xx].end;
1311 }
1312 p_attr = sdp_db_find_attr_in_rec(p_rec, start_id, end_id);
1313 if (p_attr) {
1314 len1 += sdpu_get_attrib_entry_len(p_attr);
1315
1316 /* If doing a range, stick with this one till no more attributes found */
1317 if (start_id != end_id) {
1318 /* Update for next time through */
1319 start_id = p_attr->id + 1;
1320 xx--;
1321 is_range = true;
1322 } else {
1323 is_range = false;
1324 }
1325 } else {
1326 is_range = false;
1327 }
1328 }
1329 return len1;
1330 }
1331
1332 /*******************************************************************************
1333 *
1334 * Function sdpu_get_attrib_entry_len
1335 *
1336 * Description gets the length of a specific attribute
1337 *
1338 * Returns void
1339 *
1340 ******************************************************************************/
sdpu_get_attrib_entry_len(const tSDP_ATTRIBUTE * p_attr)1341 uint16_t sdpu_get_attrib_entry_len(const tSDP_ATTRIBUTE* p_attr) {
1342 uint16_t len = 3;
1343
1344 /* the attribute is in the db record.
1345 * assuming the attribute len is less than SDP_MAX_ATTR_LEN */
1346 switch (p_attr->type) {
1347 case TEXT_STR_DESC_TYPE: /* 4 */
1348 case DATA_ELE_SEQ_DESC_TYPE: /* 6 */
1349 case DATA_ELE_ALT_DESC_TYPE: /* 7 */
1350 case URL_DESC_TYPE: /* 8 */
1351 #if (SDP_MAX_ATTR_LEN > 0xFFFF)
1352 if (p_attr->len > 0xFFFF) {
1353 len += 5;
1354 } else
1355 #endif /* 0xFFFF - 0xFF */
1356 #if (SDP_MAX_ATTR_LEN > 0xFF)
1357 if (p_attr->len > 0xFF) {
1358 len += 3;
1359 } else
1360 #endif /* 0xFF and less*/
1361 {
1362 len += 2;
1363 }
1364 len += p_attr->len;
1365 return len;
1366 }
1367
1368 /* Now, the attribute value */
1369 switch (p_attr->len) {
1370 case 1:
1371 case 2:
1372 case 4:
1373 case 8:
1374 case 16:
1375 len += 1;
1376 break;
1377 default:
1378 len += 2;
1379 break;
1380 }
1381
1382 len += p_attr->len;
1383 return len;
1384 }
1385
1386 /*******************************************************************************
1387 *
1388 * Function sdpu_build_partial_attrib_entry
1389 *
1390 * Description This function fills a buffer with partial attribute. It is
1391 * assumed that the maximum size of any attribute is 256 bytes.
1392 *
1393 * p_out: output buffer
1394 * p_attr: attribute to be copied partially into p_out
1395 * rem_len: num bytes to copy into p_out
1396 * offset: current start offset within the attr that needs to
1397 * be copied
1398 *
1399 * Returns Pointer to next byte in the output buffer.
1400 * offset is also updated
1401 *
1402 ******************************************************************************/
sdpu_build_partial_attrib_entry(uint8_t * p_out,const tSDP_ATTRIBUTE * p_attr,uint16_t len,uint16_t * offset)1403 uint8_t* sdpu_build_partial_attrib_entry(uint8_t* p_out, const tSDP_ATTRIBUTE* p_attr, uint16_t len,
1404 uint16_t* offset) {
1405 uint8_t* p_attr_buff = reinterpret_cast<uint8_t*>(osi_malloc(sizeof(uint8_t) * SDP_MAX_ATTR_LEN));
1406 sdpu_build_attrib_entry(p_attr_buff, p_attr);
1407
1408 uint16_t attr_len = sdpu_get_attrib_entry_len(p_attr);
1409
1410 if (len > SDP_MAX_ATTR_LEN) {
1411 log::error("len {} exceeds SDP_MAX_ATTR_LEN", len);
1412 len = SDP_MAX_ATTR_LEN;
1413 }
1414
1415 size_t len_to_copy = ((attr_len - *offset) < len) ? (attr_len - *offset) : len;
1416 memcpy(p_out, &p_attr_buff[*offset], len_to_copy);
1417
1418 p_out = &p_out[len_to_copy];
1419 *offset += len_to_copy;
1420
1421 osi_free(p_attr_buff);
1422 return p_out;
1423 }
1424 /*******************************************************************************
1425 *
1426 * Function sdpu_is_avrcp_profile_description_list
1427 *
1428 * Description This function is to check if attirbute contain AVRCP profile
1429 * description list
1430 *
1431 * p_attr: attibute to be check
1432 *
1433 * Returns AVRCP profile version if matched, else 0
1434 *
1435 ******************************************************************************/
sdpu_is_avrcp_profile_description_list(const tSDP_ATTRIBUTE * p_attr)1436 uint16_t sdpu_is_avrcp_profile_description_list(const tSDP_ATTRIBUTE* p_attr) {
1437 if (p_attr->id != ATTR_ID_BT_PROFILE_DESC_LIST || p_attr->len != 8) {
1438 return 0;
1439 }
1440
1441 uint8_t* p_uuid = p_attr->value_ptr + 3;
1442 // Check if AVRCP profile UUID
1443 if (p_uuid[0] != 0x11 || p_uuid[1] != 0xe) {
1444 return 0;
1445 }
1446 uint8_t p_version = *(p_uuid + 4);
1447 switch (p_version) {
1448 case 0x0:
1449 return AVRC_REV_1_0;
1450 case 0x3:
1451 return AVRC_REV_1_3;
1452 case 0x4:
1453 return AVRC_REV_1_4;
1454 case 0x5:
1455 return AVRC_REV_1_5;
1456 case 0x6:
1457 return AVRC_REV_1_6;
1458 default:
1459 return 0;
1460 }
1461 }
1462 /*******************************************************************************
1463 *
1464 * Function sdpu_is_service_id_avrc_target
1465 *
1466 * Description This function is to check if attirbute is A/V Remote Control
1467 * Target
1468 *
1469 * p_attr: attribute to be checked
1470 *
1471 * Returns true if service id of attirbute is A/V Remote Control
1472 * Target, else false
1473 *
1474 ******************************************************************************/
sdpu_is_service_id_avrc_target(const tSDP_ATTRIBUTE * p_attr)1475 bool sdpu_is_service_id_avrc_target(const tSDP_ATTRIBUTE* p_attr) {
1476 if (p_attr->id != ATTR_ID_SERVICE_CLASS_ID_LIST || p_attr->len != 3) {
1477 return false;
1478 }
1479
1480 uint8_t* p_uuid = p_attr->value_ptr + 1;
1481 // check UUID of A/V Remote Control Target
1482 if (p_uuid[0] != 0x11 || p_uuid[1] != 0xc) {
1483 return false;
1484 }
1485
1486 return true;
1487 }
1488 /*******************************************************************************
1489 *
1490 * Function spdu_is_avrcp_version_valid
1491 *
1492 * Description Check avrcp version is valid
1493 *
1494 * version: the avrcp version to check
1495 *
1496 * Returns true if avrcp version is valid, else false
1497 *
1498 ******************************************************************************/
spdu_is_avrcp_version_valid(const uint16_t version)1499 bool spdu_is_avrcp_version_valid(const uint16_t version) {
1500 return version == AVRC_REV_1_0 || version == AVRC_REV_1_3 || version == AVRC_REV_1_4 ||
1501 version == AVRC_REV_1_5 || version == AVRC_REV_1_6;
1502 }
1503 /*******************************************************************************
1504 *
1505 * Function sdpu_set_avrc_target_version
1506 *
1507 * Description This function is to set AVRCP version of A/V Remote Control
1508 * Target according to IOP table and cached Bluetooth config
1509 *
1510 * p_attr: attribute to be modified
1511 * bdaddr: for searching IOP table and BT config
1512 *
1513 * Returns void
1514 *
1515 ******************************************************************************/
sdpu_set_avrc_target_version(const tSDP_ATTRIBUTE * p_attr,const RawAddress * bdaddr)1516 void sdpu_set_avrc_target_version(const tSDP_ATTRIBUTE* p_attr, const RawAddress* bdaddr) {
1517 // Check attribute is AVRCP profile description list and get AVRC Target
1518 // version
1519 uint16_t avrcp_version = sdpu_is_avrcp_profile_description_list(p_attr);
1520 log::info("SDP AVRCP DB Version {:x}", avrcp_version);
1521 if (avrcp_version == 0) {
1522 log::info("Not AVRCP version attribute or version not valid for device {}", *bdaddr);
1523 return;
1524 }
1525
1526 uint16_t dut_avrcp_version =
1527 GetInterfaceToProfiles()->profileSpecific_HACK->AVRC_GetProfileVersion();
1528
1529 log::info("Current DUT AVRCP Version {:x}", dut_avrcp_version);
1530 // Some remote devices will have interoperation issue when receive higher
1531 // AVRCP version. If those devices are in IOP database and our version higher
1532 // than device, we reply a lower version to them.
1533 uint16_t iop_version = 0;
1534 if (dut_avrcp_version > AVRC_REV_1_4 && interop_match_addr(INTEROP_AVRCP_1_4_ONLY, bdaddr)) {
1535 iop_version = AVRC_REV_1_4;
1536 } else if (dut_avrcp_version > AVRC_REV_1_3 &&
1537 interop_match_addr(INTEROP_AVRCP_1_3_ONLY, bdaddr)) {
1538 iop_version = AVRC_REV_1_3;
1539 }
1540
1541 if (iop_version != 0) {
1542 log::info(
1543 "device={} is in IOP database. Reply AVRC Target version {:x} instead "
1544 "of {:x}.",
1545 *bdaddr, iop_version, avrcp_version);
1546 uint8_t* p_version = p_attr->value_ptr + 6;
1547 UINT16_TO_BE_FIELD(p_version, iop_version);
1548 return;
1549 }
1550
1551 // Dynamic AVRCP version. If our version high than remote device's version,
1552 // reply version same as its. Otherwise, reply default version.
1553 if (!osi_property_get_bool(AVRC_DYNAMIC_AVRCP_ENABLE_PROPERTY, true)) {
1554 log::info("Dynamic AVRCP version feature is not enabled, skipping this method");
1555 return;
1556 }
1557
1558 // Read the remote device's AVRC Controller version from local storage
1559 uint16_t cached_version = 0;
1560 size_t version_value_size =
1561 btif_config_get_bin_length(bdaddr->ToString(), BTIF_STORAGE_KEY_AVRCP_CONTROLLER_VERSION);
1562 if (version_value_size != sizeof(cached_version)) {
1563 log::error("cached value len wrong, bdaddr={}. Len is {} but should be {}.", *bdaddr,
1564 version_value_size, sizeof(cached_version));
1565 return;
1566 }
1567
1568 if (!btif_config_get_bin(bdaddr->ToString(), BTIF_STORAGE_KEY_AVRCP_CONTROLLER_VERSION,
1569 reinterpret_cast<uint8_t*>(&cached_version), &version_value_size)) {
1570 log::info(
1571 "no cached AVRC Controller version for {}. Reply default AVRC Target "
1572 "version {:x}.DUT AVRC Target version {:x}.",
1573 *bdaddr, avrcp_version, dut_avrcp_version);
1574 return;
1575 }
1576
1577 if (!spdu_is_avrcp_version_valid(cached_version)) {
1578 log::error(
1579 "cached AVRC Controller version {:x} of {} is not valid. Reply default "
1580 "AVRC Target version {:x}.",
1581 cached_version, *bdaddr, avrcp_version);
1582 return;
1583 }
1584
1585 uint16_t negotiated_avrcp_version = std::min(dut_avrcp_version, cached_version);
1586 log::info(
1587 "read cached AVRC Controller version {:x} of {}. DUT AVRC Target version "
1588 "{:x}.Negotiated AVRCP version to update peer {:x}.",
1589 cached_version, *bdaddr, dut_avrcp_version, negotiated_avrcp_version);
1590 uint8_t* p_version = p_attr->value_ptr + 6;
1591 UINT16_TO_BE_FIELD(p_version, negotiated_avrcp_version);
1592 }
1593 /*******************************************************************************
1594 *
1595 * Function sdpu_set_avrc_target_features
1596 *
1597 * Description This function is to set AVRCP version of A/V Remote Control
1598 * Target according to IOP table and cached Bluetooth config
1599 *
1600 * p_attr: attribute to be modified
1601 * bdaddr: for searching IOP table and BT config
1602 *
1603 * Returns void
1604 *
1605 ******************************************************************************/
sdpu_set_avrc_target_features(const tSDP_ATTRIBUTE * p_attr,const RawAddress * bdaddr,uint16_t avrcp_version)1606 void sdpu_set_avrc_target_features(const tSDP_ATTRIBUTE* p_attr, const RawAddress* bdaddr,
1607 uint16_t avrcp_version) {
1608 log::info("SDP AVRCP Version {:x}", avrcp_version);
1609
1610 if ((p_attr->id != ATTR_ID_SUPPORTED_FEATURES) || (p_attr->len != 2) ||
1611 (p_attr->value_ptr == nullptr)) {
1612 log::info("Invalid request for AVRC feature ignore");
1613 return;
1614 }
1615
1616 if (avrcp_version == 0) {
1617 log::info("AVRCP version not valid for device {}", *bdaddr);
1618 return;
1619 }
1620
1621 // Dynamic AVRCP version. If our version high than remote device's version,
1622 // reply version same as its. Otherwise, reply default version.
1623 if (!osi_property_get_bool(AVRC_DYNAMIC_AVRCP_ENABLE_PROPERTY, false)) {
1624 log::info("Dynamic AVRCP version feature is not enabled, skipping this method");
1625 return;
1626 }
1627 // Read the remote device's AVRC Controller version from local storage
1628 uint16_t avrcp_peer_features = 0;
1629 size_t version_value_size =
1630 btif_config_get_bin_length(bdaddr->ToString(), BTIF_STORAGE_KEY_AV_REM_CTRL_FEATURES);
1631 if (version_value_size != sizeof(avrcp_peer_features)) {
1632 log::error("cached value len wrong, bdaddr={}. Len is {} but should be {}.", *bdaddr,
1633 version_value_size, sizeof(avrcp_peer_features));
1634 return;
1635 }
1636
1637 if (!btif_config_get_bin(bdaddr->ToString(), BTIF_STORAGE_KEY_AV_REM_CTRL_FEATURES,
1638 reinterpret_cast<uint8_t*>(&avrcp_peer_features), &version_value_size)) {
1639 log::error("Unable to fetch cached AVRC features");
1640 return;
1641 }
1642
1643 bool browsing_supported = ((AVRCP_FEAT_BRW_BIT & avrcp_peer_features) == AVRCP_FEAT_BRW_BIT);
1644 bool coverart_supported = ((AVRCP_FEAT_CA_BIT & avrcp_peer_features) == AVRCP_FEAT_CA_BIT);
1645
1646 log::info(
1647 "SDP AVRCP DB Version 0x{:x}, browse supported {}, cover art supported "
1648 "{}",
1649 avrcp_peer_features, browsing_supported, coverart_supported);
1650 if (avrcp_version < AVRC_REV_1_4 || !browsing_supported) {
1651 log::info("Reset Browsing Feature");
1652 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] &= ~AVRCP_BROWSE_SUPPORT_BITMASK;
1653 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] &= ~AVRCP_MULTI_PLAYER_SUPPORT_BITMASK;
1654 }
1655
1656 if (avrcp_version < AVRC_REV_1_6 || !coverart_supported) {
1657 log::info("Reset CoverArt Feature");
1658 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION - 1] &= ~AVRCP_CA_SUPPORT_BITMASK;
1659 }
1660
1661 if (avrcp_version >= AVRC_REV_1_4 && browsing_supported) {
1662 log::info("Set Browsing Feature");
1663 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] |= AVRCP_BROWSE_SUPPORT_BITMASK;
1664 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION] |= AVRCP_MULTI_PLAYER_SUPPORT_BITMASK;
1665 }
1666
1667 if (avrcp_version == AVRC_REV_1_6 && coverart_supported) {
1668 log::info("Set CoverArt Feature");
1669 p_attr->value_ptr[AVRCP_SUPPORTED_FEATURES_POSITION - 1] |= AVRCP_CA_SUPPORT_BITMASK;
1670 }
1671 }
1672
sdp_get_num_records(const tSDP_DISCOVERY_DB & db)1673 size_t sdp_get_num_records(const tSDP_DISCOVERY_DB& db) {
1674 size_t num_sdp_records{0};
1675 const tSDP_DISC_REC* p_rec = db.p_first_rec;
1676 while (p_rec != nullptr) {
1677 num_sdp_records++;
1678 p_rec = p_rec->p_next_rec;
1679 }
1680 return num_sdp_records;
1681 }
1682
sdp_get_num_attributes(const tSDP_DISC_REC & sdp_disc_rec)1683 size_t sdp_get_num_attributes(const tSDP_DISC_REC& sdp_disc_rec) {
1684 size_t num_sdp_attributes{0};
1685 tSDP_DISC_ATTR* p_attr = sdp_disc_rec.p_first_attr;
1686 while (p_attr != nullptr) {
1687 num_sdp_attributes++;
1688 p_attr = p_attr->p_next_attr;
1689 }
1690 return num_sdp_attributes;
1691 }
1692