1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * this file contains SDP discovery functions
23 ******************************************************************************/
29 #include "bt_common.h"
30 #include "bt_target.h"
41 #define SDP_DEBUG_RAW false
44 /******************************************************************************/
45 /* L O C A L F U N C T I O N P R O T O T Y P E S */
46 /******************************************************************************/
47 static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
48 uint8_t* p_reply_end);
49 static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
50 uint8_t* p_reply_end);
51 static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
52 uint8_t* p_reply_end);
53 static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end);
54 static tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db, BD_ADDR p_bda);
55 static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,
56 tSDP_DISC_REC* p_rec, uint16_t attr_id,
57 tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level);
59 /* Safety check in case we go crazy */
60 #define MAX_NEST_LEVELS 5
62 extern fixed_queue_t* btu_general_alarm_queue;
64 /*******************************************************************************
66 * Function sdpu_build_uuid_seq
68 * Description This function builds a UUID sequence from the list of
69 * passed UUIDs. It is also passed the address of the output
72 * Returns Pointer to next byte in the output buffer.
74 ******************************************************************************/
75 static uint8_t* sdpu_build_uuid_seq(uint8_t* p_out, uint16_t num_uuids,
76 tSDP_UUID* p_uuid_list) {
80 /* First thing is the data element header */
81 UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
83 /* Remember where the length goes. Leave space for it. */
87 /* Now, loop through and put in all the UUID(s) */
88 for (xx = 0; xx < num_uuids; xx++, p_uuid_list++) {
89 if (p_uuid_list->len == 2) {
90 UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_TWO_BYTES);
91 UINT16_TO_BE_STREAM(p_out, p_uuid_list->uu.uuid16);
92 } else if (p_uuid_list->len == 4) {
93 UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
94 UINT32_TO_BE_STREAM(p_out, p_uuid_list->uu.uuid32);
96 UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_SIXTEEN_BYTES);
97 ARRAY_TO_BE_STREAM(p_out, p_uuid_list->uu.uuid128, p_uuid_list->len);
101 /* Now, put in the length */
102 xx = (uint16_t)(p_out - p_len - 1);
103 UINT8_TO_BE_STREAM(p_len, xx);
108 /*******************************************************************************
110 * Function sdp_snd_service_search_req
112 * Description Send a service search request to the SDP server.
116 ******************************************************************************/
117 static void sdp_snd_service_search_req(tCONN_CB* p_ccb, uint8_t cont_len,
119 uint8_t *p, *p_start, *p_param_len;
120 BT_HDR* p_cmd = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
123 /* Prepare the buffer for sending the packet to L2CAP */
124 p_cmd->offset = L2CAP_MIN_OFFSET;
125 p = p_start = (uint8_t*)(p_cmd + 1) + L2CAP_MIN_OFFSET;
127 /* Build a service search request packet */
128 UINT8_TO_BE_STREAM(p, SDP_PDU_SERVICE_SEARCH_REQ);
129 UINT16_TO_BE_STREAM(p, p_ccb->transaction_id);
130 p_ccb->transaction_id++;
132 /* Skip the length, we need to add it at the end */
136 /* Build the UID sequence. */
137 #if (SDP_BROWSE_PLUS == TRUE)
138 p = sdpu_build_uuid_seq(p, 1,
139 &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
141 p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
142 p_ccb->p_db->uuid_filters);
145 /* Set max service record count */
146 UINT16_TO_BE_STREAM(p, sdp_cb.max_recs_per_search);
148 /* Set continuation state */
149 UINT8_TO_BE_STREAM(p, cont_len);
151 /* if this is not the first request */
152 if (cont_len && p_cont) {
153 memcpy(p, p_cont, cont_len);
157 /* Go back and put the parameter length into the buffer */
158 param_len = (uint16_t)(p - p_param_len - 2);
159 UINT16_TO_BE_STREAM(p_param_len, param_len);
161 p_ccb->disc_state = SDP_DISC_WAIT_HANDLES;
163 /* Set the length of the SDP data in the buffer */
164 p_cmd->len = (uint16_t)(p - p_start);
166 #if (SDP_DEBUG_RAW == TRUE)
167 SDP_TRACE_WARNING("sdp_snd_service_search_req cont_len :%d disc_state:%d",
168 cont_len, p_ccb->disc_state);
171 L2CA_DataWrite(p_ccb->connection_id, p_cmd);
173 /* Start inactivity timer */
174 alarm_set_on_queue(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
175 sdp_conn_timer_timeout, p_ccb, btu_general_alarm_queue);
178 /*******************************************************************************
180 * Function sdp_disc_connected
182 * Description This function is called when an SDP discovery attempt is
187 ******************************************************************************/
188 void sdp_disc_connected(tCONN_CB* p_ccb) {
189 if (p_ccb->is_attr_search) {
190 p_ccb->disc_state = SDP_DISC_WAIT_SEARCH_ATTR;
192 process_service_search_attr_rsp(p_ccb, NULL, NULL);
194 /* First step is to get a list of the handles from the server. */
195 /* We are not searching for a specific attribute, so we will */
196 /* first search for the service, then get all attributes of it */
198 p_ccb->num_handles = 0;
199 sdp_snd_service_search_req(p_ccb, 0, NULL);
203 /*******************************************************************************
205 * Function sdp_disc_server_rsp
207 * Description This function is called when there is a response from
212 ******************************************************************************/
213 void sdp_disc_server_rsp(tCONN_CB* p_ccb, BT_HDR* p_msg) {
215 bool invalid_pdu = true;
217 #if (SDP_DEBUG_RAW == TRUE)
218 SDP_TRACE_WARNING("sdp_disc_server_rsp disc_state:%d", p_ccb->disc_state);
221 /* stop inactivity timer when we receive a response */
222 alarm_cancel(p_ccb->sdp_conn_timer);
224 /* Got a reply!! Check what we got back */
225 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
226 uint8_t* p_end = p + p_msg->len;
228 BE_STREAM_TO_UINT8(rsp_pdu, p);
233 case SDP_PDU_SERVICE_SEARCH_RSP:
234 if (p_ccb->disc_state == SDP_DISC_WAIT_HANDLES) {
235 process_service_search_rsp(p_ccb, p, p_end);
240 case SDP_PDU_SERVICE_ATTR_RSP:
241 if (p_ccb->disc_state == SDP_DISC_WAIT_ATTR) {
242 process_service_attr_rsp(p_ccb, p, p_end);
247 case SDP_PDU_SERVICE_SEARCH_ATTR_RSP:
248 if (p_ccb->disc_state == SDP_DISC_WAIT_SEARCH_ATTR) {
249 process_service_search_attr_rsp(p_ccb, p, p_end);
256 SDP_TRACE_WARNING("SDP - Unexp. PDU: %d in state: %d", rsp_pdu,
258 sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
262 /******************************************************************************
264 * Function process_service_search_rsp
266 * Description This function is called when there is a search response from
271 ******************************************************************************/
272 static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
273 uint8_t* p_reply_end) {
275 uint16_t total, cur_handles, orig;
278 if (p_reply + 8 > p_reply_end) {
279 android_errorWriteLog(0x534e4554, "74249842");
280 sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
283 /* Skip transaction, and param len */
285 BE_STREAM_TO_UINT16(total, p_reply);
286 BE_STREAM_TO_UINT16(cur_handles, p_reply);
288 orig = p_ccb->num_handles;
289 p_ccb->num_handles += cur_handles;
290 if (p_ccb->num_handles == 0) {
291 SDP_TRACE_WARNING("SDP - Rcvd ServiceSearchRsp, no matches");
292 sdp_disconnect(p_ccb, SDP_NO_RECS_MATCH);
296 /* Save the handles that match. We will can only process a certain number. */
297 if (total > sdp_cb.max_recs_per_search) total = sdp_cb.max_recs_per_search;
298 if (p_ccb->num_handles > sdp_cb.max_recs_per_search)
299 p_ccb->num_handles = sdp_cb.max_recs_per_search;
301 if (p_reply + ((p_ccb->num_handles - orig) * 4) + 1 > p_reply_end) {
302 android_errorWriteLog(0x534e4554, "74249842");
303 sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
307 for (xx = orig; xx < p_ccb->num_handles; xx++)
308 BE_STREAM_TO_UINT32(p_ccb->handles[xx], p_reply);
310 BE_STREAM_TO_UINT8(cont_len, p_reply);
312 if (cont_len > SDP_MAX_CONTINUATION_LEN) {
313 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
316 if (p_reply + cont_len > p_reply_end) {
317 android_errorWriteLog(0x534e4554, "68161546");
318 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
321 /* stay in the same state */
322 sdp_snd_service_search_req(p_ccb, cont_len, p_reply);
325 p_ccb->disc_state = SDP_DISC_WAIT_ATTR;
327 /* Kick off the first attribute request */
328 process_service_attr_rsp(p_ccb, NULL, NULL);
332 /*******************************************************************************
334 * Function sdp_copy_raw_data
336 * Description copy the raw data
341 ******************************************************************************/
342 #if (SDP_RAW_DATA_INCLUDED == TRUE)
343 static void sdp_copy_raw_data(tCONN_CB* p_ccb, bool offset) {
344 unsigned int cpy_len, rem_len;
350 #if (SDP_DEBUG_RAW == TRUE)
351 uint8_t num_array[SDP_MAX_LIST_BYTE_COUNT];
354 for (i = 0; i < p_ccb->list_len; i++) {
355 snprintf((char*)&num_array[i * 2], sizeof(num_array) - i * 2, "%02X",
356 (uint8_t)(p_ccb->rsp_list[i]));
358 SDP_TRACE_WARNING("result :%s", num_array);
361 if (p_ccb->p_db->raw_data) {
362 cpy_len = p_ccb->p_db->raw_size - p_ccb->p_db->raw_used;
363 list_len = p_ccb->list_len;
364 p = &p_ccb->rsp_list[0];
365 p_end = &p_ccb->rsp_list[0] + list_len;
371 p = sdpu_get_len_from_type(p, p_end, type, &list_len);
372 if (p == NULL || (p + list_len) > p_end) {
373 SDP_TRACE_WARNING("%s: bad length", __func__);
376 if ((int)cpy_len < (p - old_p)) {
377 SDP_TRACE_WARNING("%s: no bytes left for data", __func__);
380 cpy_len -= (p - old_p);
382 if (list_len < cpy_len) {
385 rem_len = SDP_MAX_LIST_BYTE_COUNT - (unsigned int)(p - &p_ccb->rsp_list[0]);
386 if (cpy_len > rem_len) {
387 SDP_TRACE_WARNING("rem_len :%d less than cpy_len:%d", rem_len, cpy_len);
391 "%s: list_len:%d cpy_len:%d p:%p p_ccb:%p p_db:%p raw_size:%d "
392 "raw_used:%d raw_data:%p",
393 __func__, list_len, cpy_len, p, p_ccb, p_ccb->p_db,
394 p_ccb->p_db->raw_size, p_ccb->p_db->raw_used, p_ccb->p_db->raw_data);
395 memcpy(&p_ccb->p_db->raw_data[p_ccb->p_db->raw_used], p, cpy_len);
396 p_ccb->p_db->raw_used += cpy_len;
401 /*******************************************************************************
403 * Function process_service_attr_rsp
405 * Description This function is called when there is a attribute response
410 ******************************************************************************/
411 static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
412 uint8_t* p_reply_end) {
413 uint8_t *p_start, *p_param_len;
414 uint16_t param_len, list_byte_count;
415 bool cont_request_needed = false;
417 #if (SDP_DEBUG_RAW == TRUE)
418 SDP_TRACE_WARNING("process_service_attr_rsp raw inc:%d",
419 SDP_RAW_DATA_INCLUDED);
421 /* If p_reply is NULL, we were called after the records handles were read */
423 #if (SDP_DEBUG_RAW == TRUE)
424 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x", p_reply[0], p_reply[1],
425 p_reply[2], p_reply[3]);
427 /* Skip transaction ID and length */
430 BE_STREAM_TO_UINT16(list_byte_count, p_reply);
431 #if (SDP_DEBUG_RAW == TRUE)
432 SDP_TRACE_WARNING("list_byte_count:%d", list_byte_count);
435 /* Copy the response to the scratchpad. First, a safety check on the length
437 if ((p_ccb->list_len + list_byte_count) > SDP_MAX_LIST_BYTE_COUNT) {
438 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
442 #if (SDP_DEBUG_RAW == TRUE)
443 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d", p_ccb->list_len,
446 if (p_ccb->rsp_list == NULL)
447 p_ccb->rsp_list = (uint8_t*)osi_malloc(SDP_MAX_LIST_BYTE_COUNT);
448 memcpy(&p_ccb->rsp_list[p_ccb->list_len], p_reply, list_byte_count);
449 p_ccb->list_len += list_byte_count;
450 p_reply += list_byte_count;
451 #if (SDP_DEBUG_RAW == TRUE)
452 SDP_TRACE_WARNING("list_len: %d(attr_rsp)", p_ccb->list_len);
454 /* Check if we need to request a continuation */
455 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
458 if (*p_reply > SDP_MAX_CONTINUATION_LEN) {
459 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
462 cont_request_needed = true;
464 #if (SDP_RAW_DATA_INCLUDED == TRUE)
465 SDP_TRACE_WARNING("process_service_attr_rsp");
466 sdp_copy_raw_data(p_ccb, false);
469 /* Save the response in the database. Stop on any error */
470 if (!save_attr_seq(p_ccb, &p_ccb->rsp_list[0],
471 &p_ccb->rsp_list[p_ccb->list_len])) {
472 sdp_disconnect(p_ccb, SDP_DB_FULL);
480 /* Now, ask for the next handle. Re-use the buffer we just got. */
481 if (p_ccb->cur_handle < p_ccb->num_handles) {
482 BT_HDR* p_msg = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
485 p_msg->offset = L2CAP_MIN_OFFSET;
486 p = p_start = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET;
488 /* Get all the attributes from the server */
489 UINT8_TO_BE_STREAM(p, SDP_PDU_SERVICE_ATTR_REQ);
490 UINT16_TO_BE_STREAM(p, p_ccb->transaction_id);
491 p_ccb->transaction_id++;
493 /* Skip the length, we need to add it at the end */
497 UINT32_TO_BE_STREAM(p, p_ccb->handles[p_ccb->cur_handle]);
499 /* Max attribute byte count */
500 UINT16_TO_BE_STREAM(p, sdp_cb.max_attr_list_size);
502 /* If no attribute filters, build a wildcard attribute sequence */
503 if (p_ccb->p_db->num_attr_filters)
504 p = sdpu_build_attrib_seq(p, p_ccb->p_db->attr_filters,
505 p_ccb->p_db->num_attr_filters);
507 p = sdpu_build_attrib_seq(p, NULL, 0);
509 /* Was this a continuation request ? */
510 if (cont_request_needed) {
511 if ((p_reply + *p_reply + 1) <= p_reply_end) {
512 memcpy(p, p_reply, *p_reply + 1);
515 android_errorWriteLog(0x534e4554, "68161546");
518 UINT8_TO_BE_STREAM(p, 0);
520 /* Go back and put the parameter length into the buffer */
521 param_len = (uint16_t)(p - p_param_len - 2);
522 UINT16_TO_BE_STREAM(p_param_len, param_len);
524 /* Set the length of the SDP data in the buffer */
525 p_msg->len = (uint16_t)(p - p_start);
527 L2CA_DataWrite(p_ccb->connection_id, p_msg);
529 /* Start inactivity timer */
530 alarm_set_on_queue(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
531 sdp_conn_timer_timeout, p_ccb, btu_general_alarm_queue);
533 sdp_disconnect(p_ccb, SDP_SUCCESS);
538 /*******************************************************************************
540 * Function process_service_search_attr_rsp
542 * Description This function is called when there is a search attribute
543 * response from the server.
547 ******************************************************************************/
548 static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
549 uint8_t* p_reply_end) {
550 uint8_t *p, *p_start, *p_end, *p_param_len;
553 uint16_t param_len, lists_byte_count = 0;
554 bool cont_request_needed = false;
556 #if (SDP_DEBUG_RAW == TRUE)
557 SDP_TRACE_WARNING("process_service_search_attr_rsp");
559 /* If p_reply is NULL, we were called for the initial read */
561 if (p_reply + 4 /* transaction ID and length */ + sizeof(lists_byte_count) >
563 android_errorWriteLog(0x534e4554, "79884292");
564 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
568 #if (SDP_DEBUG_RAW == TRUE)
569 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x", p_reply[0], p_reply[1],
570 p_reply[2], p_reply[3]);
572 /* Skip transaction ID and length */
575 BE_STREAM_TO_UINT16(lists_byte_count, p_reply);
576 #if (SDP_DEBUG_RAW == TRUE)
577 SDP_TRACE_WARNING("lists_byte_count:%d", lists_byte_count);
580 /* Copy the response to the scratchpad. First, a safety check on the length
582 if ((p_ccb->list_len + lists_byte_count) > SDP_MAX_LIST_BYTE_COUNT) {
583 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
587 #if (SDP_DEBUG_RAW == TRUE)
588 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d", p_ccb->list_len,
592 if (p_reply + lists_byte_count + 1 /* continuation */ > p_reply_end) {
593 android_errorWriteLog(0x534e4554, "79884292");
594 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
598 if (p_ccb->rsp_list == NULL)
599 p_ccb->rsp_list = (uint8_t*)osi_malloc(SDP_MAX_LIST_BYTE_COUNT);
600 memcpy(&p_ccb->rsp_list[p_ccb->list_len], p_reply, lists_byte_count);
601 p_ccb->list_len += lists_byte_count;
602 p_reply += lists_byte_count;
603 #if (SDP_DEBUG_RAW == TRUE)
604 SDP_TRACE_WARNING("list_len: %d(search_attr_rsp)", p_ccb->list_len);
606 /* Check if we need to request a continuation */
607 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
610 if (*p_reply > SDP_MAX_CONTINUATION_LEN) {
611 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
615 cont_request_needed = true;
619 #if (SDP_DEBUG_RAW == TRUE)
620 SDP_TRACE_WARNING("cont_request_needed:%d", cont_request_needed);
622 /* If continuation request (or first time request) */
623 if ((cont_request_needed) || (!p_reply)) {
624 BT_HDR* p_msg = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
627 p_msg->offset = L2CAP_MIN_OFFSET;
628 p = p_start = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET;
630 /* Build a service search request packet */
631 UINT8_TO_BE_STREAM(p, SDP_PDU_SERVICE_SEARCH_ATTR_REQ);
632 UINT16_TO_BE_STREAM(p, p_ccb->transaction_id);
633 p_ccb->transaction_id++;
635 /* Skip the length, we need to add it at the end */
639 /* Build the UID sequence. */
640 #if (SDP_BROWSE_PLUS == TRUE)
641 p = sdpu_build_uuid_seq(p, 1,
642 &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
644 p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
645 p_ccb->p_db->uuid_filters);
648 /* Max attribute byte count */
649 UINT16_TO_BE_STREAM(p, sdp_cb.max_attr_list_size);
651 /* If no attribute filters, build a wildcard attribute sequence */
652 if (p_ccb->p_db->num_attr_filters)
653 p = sdpu_build_attrib_seq(p, p_ccb->p_db->attr_filters,
654 p_ccb->p_db->num_attr_filters);
656 p = sdpu_build_attrib_seq(p, NULL, 0);
658 /* No continuation for first request */
660 if ((p_reply + *p_reply + 1) <= p_reply_end) {
661 memcpy(p, p_reply, *p_reply + 1);
664 android_errorWriteLog(0x534e4554, "68161546");
667 UINT8_TO_BE_STREAM(p, 0);
669 /* Go back and put the parameter length into the buffer */
670 param_len = p - p_param_len - 2;
671 UINT16_TO_BE_STREAM(p_param_len, param_len);
673 /* Set the length of the SDP data in the buffer */
674 p_msg->len = p - p_start;
676 L2CA_DataWrite(p_ccb->connection_id, p_msg);
678 /* Start inactivity timer */
679 alarm_set_on_queue(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
680 sdp_conn_timer_timeout, p_ccb, btu_general_alarm_queue);
685 /*******************************************************************/
686 /* We now have the full response, which is a sequence of sequences */
687 /*******************************************************************/
689 #if (SDP_RAW_DATA_INCLUDED == TRUE)
690 SDP_TRACE_WARNING("process_service_search_attr_rsp");
691 sdp_copy_raw_data(p_ccb, true);
694 p = &p_ccb->rsp_list[0];
696 /* The contents is a sequence of attribute sequences */
699 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE) {
700 SDP_TRACE_WARNING("SDP - Wrong type: 0x%02x in attr_rsp", type);
703 p = sdpu_get_len_from_type(p, p + p_ccb->list_len, type, &seq_len);
704 if (p == NULL || (p + seq_len) > (p + p_ccb->list_len)) {
705 SDP_TRACE_WARNING("%s: bad length", __func__);
708 p_end = &p_ccb->rsp_list[p_ccb->list_len];
710 if ((p + seq_len) != p_end) {
711 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
716 p = save_attr_seq(p_ccb, p, &p_ccb->rsp_list[p_ccb->list_len]);
718 sdp_disconnect(p_ccb, SDP_DB_FULL);
723 /* Since we got everything we need, disconnect the call */
724 sdp_disconnect(p_ccb, SDP_SUCCESS);
727 /*******************************************************************************
729 * Function save_attr_seq
731 * Description This function is called when there is a response from
734 * Returns pointer to next byte or NULL if error
736 ******************************************************************************/
737 static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end) {
738 uint32_t seq_len, attr_len;
740 uint8_t type, *p_seq_end;
741 tSDP_DISC_REC* p_rec;
745 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE) {
746 SDP_TRACE_WARNING("SDP - Wrong type: 0x%02x in attr_rsp", type);
749 p = sdpu_get_len_from_type(p, p_msg_end, type, &seq_len);
750 if (p == NULL || (p + seq_len) > p_msg_end) {
751 SDP_TRACE_WARNING("SDP - Bad len in attr_rsp %d", seq_len);
755 /* Create a record */
756 p_rec = add_record(p_ccb->p_db, p_ccb->device_address);
758 SDP_TRACE_WARNING("SDP - DB full add_record");
762 p_seq_end = p + seq_len;
764 while (p < p_seq_end) {
765 /* First get the attribute ID */
767 p = sdpu_get_len_from_type(p, p_msg_end, type, &attr_len);
768 if (p == NULL || (p + attr_len) > p_seq_end) {
769 SDP_TRACE_WARNING("%s: Bad len in attr_rsp %d", __func__, attr_len);
772 if (((type >> 3) != UINT_DESC_TYPE) || (attr_len != 2)) {
773 SDP_TRACE_WARNING("SDP - Bad type: 0x%02x or len: %d in attr_rsp", type,
777 BE_STREAM_TO_UINT16(attr_id, p);
779 /* Now, add the attribute value */
780 p = add_attr(p, p_seq_end, p_ccb->p_db, p_rec, attr_id, NULL, 0);
783 SDP_TRACE_WARNING("SDP - DB full add_attr");
791 /*******************************************************************************
793 * Function add_record
795 * Description This function allocates space for a record from the DB.
797 * Returns pointer to next byte in data stream
799 ******************************************************************************/
800 tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db, BD_ADDR p_bda) {
801 tSDP_DISC_REC* p_rec;
803 /* See if there is enough space in the database */
804 if (p_db->mem_free < sizeof(tSDP_DISC_REC)) return (NULL);
806 p_rec = (tSDP_DISC_REC*)p_db->p_free_mem;
807 p_db->p_free_mem += sizeof(tSDP_DISC_REC);
808 p_db->mem_free -= sizeof(tSDP_DISC_REC);
810 p_rec->p_first_attr = NULL;
811 p_rec->p_next_rec = NULL;
813 memcpy(p_rec->remote_bd_addr, p_bda, BD_ADDR_LEN);
815 /* Add the record to the end of chain */
816 if (!p_db->p_first_rec)
817 p_db->p_first_rec = p_rec;
819 tSDP_DISC_REC* p_rec1 = p_db->p_first_rec;
821 while (p_rec1->p_next_rec) p_rec1 = p_rec1->p_next_rec;
823 p_rec1->p_next_rec = p_rec;
829 #define SDP_ADDITIONAL_LIST_MASK 0x80
830 /*******************************************************************************
834 * Description This function allocates space for an attribute from the DB
835 * and copies the data into it.
837 * Returns pointer to next byte in data stream
839 ******************************************************************************/
840 static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,
841 tSDP_DISC_REC* p_rec, uint16_t attr_id,
842 tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level) {
843 tSDP_DISC_ATTR* p_attr;
850 uint8_t is_additional_list = nest_level & SDP_ADDITIONAL_LIST_MASK;
852 nest_level &= ~(SDP_ADDITIONAL_LIST_MASK);
855 p = sdpu_get_len_from_type(p, p_end, type, &attr_len);
856 if (p == NULL || (p + attr_len) > p_end) {
857 SDP_TRACE_WARNING("%s: bad length in attr_rsp", __func__);
860 attr_len &= SDP_DISC_ATTR_LEN_MASK;
861 attr_type = (type >> 3) & 0x0f;
863 /* See if there is enough space in the database */
865 total_len = attr_len - 4 + (uint16_t)sizeof(tSDP_DISC_ATTR);
867 total_len = sizeof(tSDP_DISC_ATTR);
869 p_attr_end = p + attr_len;
870 if (p_attr_end > p_end) {
871 android_errorWriteLog(0x534e4554, "115900043");
872 SDP_TRACE_WARNING("%s: SDP - Attribute length beyond p_end", __func__);
876 /* Ensure it is a multiple of 4 */
877 total_len = (total_len + 3) & ~3;
879 /* See if there is enough space in the database */
880 if (p_db->mem_free < total_len) return (NULL);
882 p_attr = (tSDP_DISC_ATTR*)p_db->p_free_mem;
883 p_attr->attr_id = attr_id;
884 p_attr->attr_len_type = (uint16_t)attr_len | (attr_type << 12);
885 p_attr->p_next_attr = NULL;
887 /* Store the attribute value */
890 if ((is_additional_list != 0) && (attr_len == 2)) {
891 BE_STREAM_TO_UINT16(id, p);
892 if (id != ATTR_ID_PROTOCOL_DESC_LIST)
895 /* Reserve the memory for the attribute now, as we need to add
897 p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);
898 p_db->mem_free -= sizeof(tSDP_DISC_ATTR);
901 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d(list)", nest_level); */
902 if (nest_level >= MAX_NEST_LEVELS) {
903 SDP_TRACE_ERROR("SDP - attr nesting too deep");
907 /* Now, add the list entry */
908 p = add_attr(p, p_end, p_db, p_rec, ATTR_ID_PROTOCOL_DESC_LIST,
909 p_attr, (uint8_t)(nest_level + 1));
914 /* Case falls through */
916 case TWO_COMP_INT_DESC_TYPE:
919 p_attr->attr_value.v.u8 = *p++;
922 BE_STREAM_TO_UINT16(p_attr->attr_value.v.u16, p);
925 BE_STREAM_TO_UINT32(p_attr->attr_value.v.u32, p);
928 BE_STREAM_TO_ARRAY(p, p_attr->attr_value.v.array, (int32_t)attr_len);
936 BE_STREAM_TO_UINT16(p_attr->attr_value.v.u16, p);
939 BE_STREAM_TO_UINT32(p_attr->attr_value.v.u32, p);
940 if (p_attr->attr_value.v.u32 < 0x10000) {
942 p_attr->attr_len_type = (uint16_t)attr_len | (attr_type << 12);
943 p_attr->attr_value.v.u16 = (uint16_t)p_attr->attr_value.v.u32;
947 /* See if we can compress his UUID down to 16 or 32bit UUIDs */
948 if (sdpu_is_base_uuid(p)) {
949 if ((p[0] == 0) && (p[1] == 0)) {
950 p_attr->attr_len_type =
951 (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 2;
953 BE_STREAM_TO_UINT16(p_attr->attr_value.v.u16, p);
954 p += MAX_UUID_SIZE - 4;
956 p_attr->attr_len_type =
957 (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 4;
958 BE_STREAM_TO_UINT32(p_attr->attr_value.v.u32, p);
959 p += MAX_UUID_SIZE - 4;
962 BE_STREAM_TO_ARRAY(p, p_attr->attr_value.v.array,
967 SDP_TRACE_WARNING("SDP - bad len in UUID attr: %d", attr_len);
972 case DATA_ELE_SEQ_DESC_TYPE:
973 case DATA_ELE_ALT_DESC_TYPE:
974 /* Reserve the memory for the attribute now, as we need to add
976 p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);
977 p_db->mem_free -= sizeof(tSDP_DISC_ATTR);
980 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d", nest_level); */
981 if (nest_level >= MAX_NEST_LEVELS) {
982 SDP_TRACE_ERROR("SDP - attr nesting too deep");
985 if (is_additional_list != 0 ||
986 attr_id == ATTR_ID_ADDITION_PROTO_DESC_LISTS)
987 nest_level |= SDP_ADDITIONAL_LIST_MASK;
988 /* SDP_TRACE_DEBUG ("SDP - attr nest level:0x%x(finish)", nest_level); */
990 while (p < p_attr_end) {
991 /* Now, add the list entry */
992 p = add_attr(p, p_end, p_db, p_rec, 0, p_attr,
993 (uint8_t)(nest_level + 1));
995 if (!p) return (NULL);
999 case TEXT_STR_DESC_TYPE:
1001 BE_STREAM_TO_ARRAY(p, p_attr->attr_value.v.array, (int32_t)attr_len);
1004 case BOOLEAN_DESC_TYPE:
1007 p_attr->attr_value.v.u8 = *p++;
1010 SDP_TRACE_WARNING("SDP - bad len in boolean attr: %d", attr_len);
1015 default: /* switch (attr_type) */
1019 p_db->p_free_mem += total_len;
1020 p_db->mem_free -= total_len;
1022 /* Add the attribute to the end of the chain */
1023 if (!p_parent_attr) {
1024 if (!p_rec->p_first_attr)
1025 p_rec->p_first_attr = p_attr;
1027 tSDP_DISC_ATTR* p_attr1 = p_rec->p_first_attr;
1029 while (p_attr1->p_next_attr) p_attr1 = p_attr1->p_next_attr;
1031 p_attr1->p_next_attr = p_attr;
1034 if (!p_parent_attr->attr_value.v.p_sub_attr) {
1035 p_parent_attr->attr_value.v.p_sub_attr = p_attr;
1036 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch:0x%x(id:%d)",
1037 p_parent_attr, p_parent_attr->attr_id, p_attr, p_attr->attr_id); */
1039 tSDP_DISC_ATTR* p_attr1 = p_parent_attr->attr_value.v.p_sub_attr;
1040 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch1:0x%x(id:%d)",
1041 p_parent_attr, p_parent_attr->attr_id, p_attr1, p_attr1->attr_id); */
1043 while (p_attr1->p_next_attr) p_attr1 = p_attr1->p_next_attr;
1045 p_attr1->p_next_attr = p_attr;
1046 /* SDP_TRACE_DEBUG ("new ch:0x%x(id:%d)", p_attr, p_attr->attr_id); */
OSDN Git Service
