1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * this file contains SDP discovery functions
23 ******************************************************************************/
29 #include "bt_common.h"
30 #include "bt_target.h"
41 #define SDP_DEBUG_RAW false
44 /******************************************************************************/
45 /* L O C A L F U N C T I O N P R O T O T Y P E S */
46 /******************************************************************************/
47 static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
48 uint8_t* p_reply_end);
49 static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
50 uint8_t* p_reply_end);
51 static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
52 uint8_t* p_reply_end);
53 static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end);
54 static tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db,
55 const RawAddress& p_bda);
56 static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,
57 tSDP_DISC_REC* p_rec, uint16_t attr_id,
58 tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level);
60 /* Safety check in case we go crazy */
61 #define MAX_NEST_LEVELS 5
63 /*******************************************************************************
65 * Function sdpu_build_uuid_seq
67 * Description This function builds a UUID sequence from the list of
68 * passed UUIDs. It is also passed the address of the output
71 * Returns Pointer to next byte in the output buffer.
73 ******************************************************************************/
74 static uint8_t* sdpu_build_uuid_seq(uint8_t* p_out, uint16_t num_uuids,
75 tSDP_UUID* p_uuid_list) {
79 /* First thing is the data element header */
80 UINT8_TO_BE_STREAM(p_out, (DATA_ELE_SEQ_DESC_TYPE << 3) | SIZE_IN_NEXT_BYTE);
82 /* Remember where the length goes. Leave space for it. */
86 /* Now, loop through and put in all the UUID(s) */
87 for (xx = 0; xx < num_uuids; xx++, p_uuid_list++) {
88 if (p_uuid_list->len == LEN_UUID_16) {
89 UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_TWO_BYTES);
90 UINT16_TO_BE_STREAM(p_out, p_uuid_list->uu.uuid16);
91 } else if (p_uuid_list->len == LEN_UUID_32) {
92 UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_FOUR_BYTES);
93 UINT32_TO_BE_STREAM(p_out, p_uuid_list->uu.uuid32);
94 } else if (p_uuid_list->len == LEN_UUID_128) {
95 UINT8_TO_BE_STREAM(p_out, (UUID_DESC_TYPE << 3) | SIZE_SIXTEEN_BYTES);
96 ARRAY_TO_BE_STREAM(p_out, p_uuid_list->uu.uuid128, p_uuid_list->len);
98 SDP_TRACE_ERROR("SDP: Passed UUID has invalid length %x",
103 /* Now, put in the length */
104 xx = (uint16_t)(p_out - p_len - 1);
105 UINT8_TO_BE_STREAM(p_len, xx);
110 /*******************************************************************************
112 * Function sdp_snd_service_search_req
114 * Description Send a service search request to the SDP server.
118 ******************************************************************************/
119 static void sdp_snd_service_search_req(tCONN_CB* p_ccb, uint8_t cont_len,
121 uint8_t *p, *p_start, *p_param_len;
122 BT_HDR* p_cmd = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
125 /* Prepare the buffer for sending the packet to L2CAP */
126 p_cmd->offset = L2CAP_MIN_OFFSET;
127 p = p_start = (uint8_t*)(p_cmd + 1) + L2CAP_MIN_OFFSET;
129 /* Build a service search request packet */
130 UINT8_TO_BE_STREAM(p, SDP_PDU_SERVICE_SEARCH_REQ);
131 UINT16_TO_BE_STREAM(p, p_ccb->transaction_id);
132 p_ccb->transaction_id++;
134 /* Skip the length, we need to add it at the end */
138 /* Build the UID sequence. */
139 #if (SDP_BROWSE_PLUS == TRUE)
140 p = sdpu_build_uuid_seq(p, 1,
141 &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
143 p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
144 p_ccb->p_db->uuid_filters);
147 /* Set max service record count */
148 UINT16_TO_BE_STREAM(p, sdp_cb.max_recs_per_search);
150 /* Set continuation state */
151 UINT8_TO_BE_STREAM(p, cont_len);
153 /* if this is not the first request */
154 if (cont_len && p_cont) {
155 memcpy(p, p_cont, cont_len);
159 /* Go back and put the parameter length into the buffer */
160 param_len = (uint16_t)(p - p_param_len - 2);
161 UINT16_TO_BE_STREAM(p_param_len, param_len);
163 p_ccb->disc_state = SDP_DISC_WAIT_HANDLES;
165 /* Set the length of the SDP data in the buffer */
166 p_cmd->len = (uint16_t)(p - p_start);
168 #if (SDP_DEBUG_RAW == TRUE)
169 SDP_TRACE_WARNING("sdp_snd_service_search_req cont_len :%d disc_state:%d",
170 cont_len, p_ccb->disc_state);
173 L2CA_DataWrite(p_ccb->connection_id, p_cmd);
175 /* Start inactivity timer */
176 alarm_set_on_mloop(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
177 sdp_conn_timer_timeout, p_ccb);
180 /*******************************************************************************
182 * Function sdp_disc_connected
184 * Description This function is called when an SDP discovery attempt is
189 ******************************************************************************/
190 void sdp_disc_connected(tCONN_CB* p_ccb) {
191 if (p_ccb->is_attr_search) {
192 p_ccb->disc_state = SDP_DISC_WAIT_SEARCH_ATTR;
194 process_service_search_attr_rsp(p_ccb, NULL, NULL);
196 /* First step is to get a list of the handles from the server. */
197 /* We are not searching for a specific attribute, so we will */
198 /* first search for the service, then get all attributes of it */
200 p_ccb->num_handles = 0;
201 sdp_snd_service_search_req(p_ccb, 0, NULL);
205 /*******************************************************************************
207 * Function sdp_disc_server_rsp
209 * Description This function is called when there is a response from
214 ******************************************************************************/
215 void sdp_disc_server_rsp(tCONN_CB* p_ccb, BT_HDR* p_msg) {
217 bool invalid_pdu = true;
219 #if (SDP_DEBUG_RAW == TRUE)
220 SDP_TRACE_WARNING("sdp_disc_server_rsp disc_state:%d", p_ccb->disc_state);
223 /* stop inactivity timer when we receive a response */
224 alarm_cancel(p_ccb->sdp_conn_timer);
226 /* Got a reply!! Check what we got back */
227 p = (uint8_t*)(p_msg + 1) + p_msg->offset;
228 uint8_t* p_end = p + p_msg->len;
230 BE_STREAM_TO_UINT8(rsp_pdu, p);
235 case SDP_PDU_SERVICE_SEARCH_RSP:
236 if (p_ccb->disc_state == SDP_DISC_WAIT_HANDLES) {
237 process_service_search_rsp(p_ccb, p, p_end);
242 case SDP_PDU_SERVICE_ATTR_RSP:
243 if (p_ccb->disc_state == SDP_DISC_WAIT_ATTR) {
244 process_service_attr_rsp(p_ccb, p, p_end);
249 case SDP_PDU_SERVICE_SEARCH_ATTR_RSP:
250 if (p_ccb->disc_state == SDP_DISC_WAIT_SEARCH_ATTR) {
251 process_service_search_attr_rsp(p_ccb, p, p_end);
258 SDP_TRACE_WARNING("SDP - Unexp. PDU: %d in state: %d", rsp_pdu,
260 sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
264 /******************************************************************************
266 * Function process_service_search_rsp
268 * Description This function is called when there is a search response from
273 ******************************************************************************/
274 static void process_service_search_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
275 uint8_t* p_reply_end) {
277 uint16_t total, cur_handles, orig;
280 if (p_reply + 8 > p_reply_end) {
281 android_errorWriteLog(0x534e4554, "74249842");
282 sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
285 /* Skip transaction, and param len */
287 BE_STREAM_TO_UINT16(total, p_reply);
288 BE_STREAM_TO_UINT16(cur_handles, p_reply);
290 orig = p_ccb->num_handles;
291 p_ccb->num_handles += cur_handles;
292 if (p_ccb->num_handles == 0) {
293 SDP_TRACE_WARNING("SDP - Rcvd ServiceSearchRsp, no matches");
294 sdp_disconnect(p_ccb, SDP_NO_RECS_MATCH);
298 /* Save the handles that match. We will can only process a certain number. */
299 if (total > sdp_cb.max_recs_per_search) total = sdp_cb.max_recs_per_search;
300 if (p_ccb->num_handles > sdp_cb.max_recs_per_search)
301 p_ccb->num_handles = sdp_cb.max_recs_per_search;
303 if (p_reply + ((p_ccb->num_handles - orig) * 4) + 1 > p_reply_end) {
304 android_errorWriteLog(0x534e4554, "74249842");
305 sdp_disconnect(p_ccb, SDP_GENERIC_ERROR);
309 for (xx = orig; xx < p_ccb->num_handles; xx++)
310 BE_STREAM_TO_UINT32(p_ccb->handles[xx], p_reply);
312 BE_STREAM_TO_UINT8(cont_len, p_reply);
314 if (cont_len > SDP_MAX_CONTINUATION_LEN) {
315 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
318 if (p_reply + cont_len > p_reply_end) {
319 android_errorWriteLog(0x534e4554, "68161546");
320 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
323 /* stay in the same state */
324 sdp_snd_service_search_req(p_ccb, cont_len, p_reply);
327 p_ccb->disc_state = SDP_DISC_WAIT_ATTR;
329 /* Kick off the first attribute request */
330 process_service_attr_rsp(p_ccb, NULL, NULL);
334 /*******************************************************************************
336 * Function sdp_copy_raw_data
338 * Description copy the raw data
343 ******************************************************************************/
344 #if (SDP_RAW_DATA_INCLUDED == TRUE)
345 static void sdp_copy_raw_data(tCONN_CB* p_ccb, bool offset) {
346 unsigned int cpy_len, rem_len;
351 #if (SDP_DEBUG_RAW == TRUE)
352 uint8_t num_array[SDP_MAX_LIST_BYTE_COUNT];
355 for (i = 0; i < p_ccb->list_len; i++) {
356 snprintf((char*)&num_array[i * 2], sizeof(num_array) - i * 2, "%02X",
357 (uint8_t)(p_ccb->rsp_list[i]));
359 SDP_TRACE_WARNING("result :%s", num_array);
362 if (p_ccb->p_db->raw_data) {
363 cpy_len = p_ccb->p_db->raw_size - p_ccb->p_db->raw_used;
364 list_len = p_ccb->list_len;
365 p = &p_ccb->rsp_list[0];
371 p = sdpu_get_len_from_type(p, type, &list_len);
372 if ((int)cpy_len < (p - old_p)) {
373 SDP_TRACE_WARNING("%s: no bytes left for data", __func__);
376 cpy_len -= (p - old_p);
378 if (list_len < cpy_len) {
381 rem_len = SDP_MAX_LIST_BYTE_COUNT - (unsigned int)(p - &p_ccb->rsp_list[0]);
382 if (cpy_len > rem_len) {
383 SDP_TRACE_WARNING("rem_len :%d less than cpy_len:%d", rem_len, cpy_len);
387 "%s: list_len:%d cpy_len:%d p:%p p_ccb:%p p_db:%p raw_size:%d "
388 "raw_used:%d raw_data:%p",
389 __func__, list_len, cpy_len, p, p_ccb, p_ccb->p_db,
390 p_ccb->p_db->raw_size, p_ccb->p_db->raw_used, p_ccb->p_db->raw_data);
391 memcpy(&p_ccb->p_db->raw_data[p_ccb->p_db->raw_used], p, cpy_len);
392 p_ccb->p_db->raw_used += cpy_len;
397 /*******************************************************************************
399 * Function process_service_attr_rsp
401 * Description This function is called when there is a attribute response
406 ******************************************************************************/
407 static void process_service_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
408 uint8_t* p_reply_end) {
409 uint8_t *p_start, *p_param_len;
410 uint16_t param_len, list_byte_count;
411 bool cont_request_needed = false;
413 #if (SDP_DEBUG_RAW == TRUE)
414 SDP_TRACE_WARNING("process_service_attr_rsp raw inc:%d",
415 SDP_RAW_DATA_INCLUDED);
417 /* If p_reply is NULL, we were called after the records handles were read */
419 #if (SDP_DEBUG_RAW == TRUE)
420 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x", p_reply[0], p_reply[1],
421 p_reply[2], p_reply[3]);
423 /* Skip transaction ID and length */
426 BE_STREAM_TO_UINT16(list_byte_count, p_reply);
427 #if (SDP_DEBUG_RAW == TRUE)
428 SDP_TRACE_WARNING("list_byte_count:%d", list_byte_count);
431 /* Copy the response to the scratchpad. First, a safety check on the length
433 if ((p_ccb->list_len + list_byte_count) > SDP_MAX_LIST_BYTE_COUNT) {
434 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
438 #if (SDP_DEBUG_RAW == TRUE)
439 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d", p_ccb->list_len,
442 if (p_ccb->rsp_list == NULL)
443 p_ccb->rsp_list = (uint8_t*)osi_malloc(SDP_MAX_LIST_BYTE_COUNT);
444 memcpy(&p_ccb->rsp_list[p_ccb->list_len], p_reply, list_byte_count);
445 p_ccb->list_len += list_byte_count;
446 p_reply += list_byte_count;
447 #if (SDP_DEBUG_RAW == TRUE)
448 SDP_TRACE_WARNING("list_len: %d(attr_rsp)", p_ccb->list_len);
450 /* Check if we need to request a continuation */
451 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
454 if (*p_reply > SDP_MAX_CONTINUATION_LEN) {
455 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
458 cont_request_needed = true;
460 #if (SDP_RAW_DATA_INCLUDED == TRUE)
461 SDP_TRACE_WARNING("process_service_attr_rsp");
462 sdp_copy_raw_data(p_ccb, false);
465 /* Save the response in the database. Stop on any error */
466 if (!save_attr_seq(p_ccb, &p_ccb->rsp_list[0],
467 &p_ccb->rsp_list[p_ccb->list_len])) {
468 sdp_disconnect(p_ccb, SDP_DB_FULL);
476 /* Now, ask for the next handle. Re-use the buffer we just got. */
477 if (p_ccb->cur_handle < p_ccb->num_handles) {
478 BT_HDR* p_msg = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
481 p_msg->offset = L2CAP_MIN_OFFSET;
482 p = p_start = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET;
484 /* Get all the attributes from the server */
485 UINT8_TO_BE_STREAM(p, SDP_PDU_SERVICE_ATTR_REQ);
486 UINT16_TO_BE_STREAM(p, p_ccb->transaction_id);
487 p_ccb->transaction_id++;
489 /* Skip the length, we need to add it at the end */
493 UINT32_TO_BE_STREAM(p, p_ccb->handles[p_ccb->cur_handle]);
495 /* Max attribute byte count */
496 UINT16_TO_BE_STREAM(p, sdp_cb.max_attr_list_size);
498 /* If no attribute filters, build a wildcard attribute sequence */
499 if (p_ccb->p_db->num_attr_filters)
500 p = sdpu_build_attrib_seq(p, p_ccb->p_db->attr_filters,
501 p_ccb->p_db->num_attr_filters);
503 p = sdpu_build_attrib_seq(p, NULL, 0);
505 /* Was this a continuation request ? */
506 if (cont_request_needed) {
507 if ((p_reply + *p_reply + 1) <= p_reply_end) {
508 memcpy(p, p_reply, *p_reply + 1);
511 android_errorWriteLog(0x534e4554, "68161546");
514 UINT8_TO_BE_STREAM(p, 0);
516 /* Go back and put the parameter length into the buffer */
517 param_len = (uint16_t)(p - p_param_len - 2);
518 UINT16_TO_BE_STREAM(p_param_len, param_len);
520 /* Set the length of the SDP data in the buffer */
521 p_msg->len = (uint16_t)(p - p_start);
523 L2CA_DataWrite(p_ccb->connection_id, p_msg);
525 /* Start inactivity timer */
526 alarm_set_on_mloop(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
527 sdp_conn_timer_timeout, p_ccb);
529 sdp_disconnect(p_ccb, SDP_SUCCESS);
534 /*******************************************************************************
536 * Function process_service_search_attr_rsp
538 * Description This function is called when there is a search attribute
539 * response from the server.
543 ******************************************************************************/
544 static void process_service_search_attr_rsp(tCONN_CB* p_ccb, uint8_t* p_reply,
545 uint8_t* p_reply_end) {
546 uint8_t *p, *p_start, *p_end, *p_param_len;
549 uint16_t param_len, lists_byte_count = 0;
550 bool cont_request_needed = false;
552 #if (SDP_DEBUG_RAW == TRUE)
553 SDP_TRACE_WARNING("process_service_search_attr_rsp");
555 /* If p_reply is NULL, we were called for the initial read */
557 if (p_reply + 4 /* transaction ID and length */ + sizeof(lists_byte_count) >
559 android_errorWriteLog(0x534e4554, "79884292");
560 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
564 #if (SDP_DEBUG_RAW == TRUE)
565 SDP_TRACE_WARNING("ID & len: 0x%02x-%02x-%02x-%02x", p_reply[0], p_reply[1],
566 p_reply[2], p_reply[3]);
568 /* Skip transaction ID and length */
571 BE_STREAM_TO_UINT16(lists_byte_count, p_reply);
572 #if (SDP_DEBUG_RAW == TRUE)
573 SDP_TRACE_WARNING("lists_byte_count:%d", lists_byte_count);
576 /* Copy the response to the scratchpad. First, a safety check on the length
578 if ((p_ccb->list_len + lists_byte_count) > SDP_MAX_LIST_BYTE_COUNT) {
579 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
583 #if (SDP_DEBUG_RAW == TRUE)
584 SDP_TRACE_WARNING("list_len: %d, list_byte_count: %d", p_ccb->list_len,
588 if (p_reply + lists_byte_count + 1 /* continuation */ > p_reply_end) {
589 android_errorWriteLog(0x534e4554, "79884292");
590 sdp_disconnect(p_ccb, SDP_INVALID_PDU_SIZE);
594 if (p_ccb->rsp_list == NULL)
595 p_ccb->rsp_list = (uint8_t*)osi_malloc(SDP_MAX_LIST_BYTE_COUNT);
596 memcpy(&p_ccb->rsp_list[p_ccb->list_len], p_reply, lists_byte_count);
597 p_ccb->list_len += lists_byte_count;
598 p_reply += lists_byte_count;
599 #if (SDP_DEBUG_RAW == TRUE)
600 SDP_TRACE_WARNING("list_len: %d(search_attr_rsp)", p_ccb->list_len);
602 /* Check if we need to request a continuation */
603 SDP_TRACE_WARNING("*p_reply:%d(%d)", *p_reply, SDP_MAX_CONTINUATION_LEN);
606 if (*p_reply > SDP_MAX_CONTINUATION_LEN) {
607 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
611 cont_request_needed = true;
615 #if (SDP_DEBUG_RAW == TRUE)
616 SDP_TRACE_WARNING("cont_request_needed:%d", cont_request_needed);
618 /* If continuation request (or first time request) */
619 if ((cont_request_needed) || (!p_reply)) {
620 BT_HDR* p_msg = (BT_HDR*)osi_malloc(SDP_DATA_BUF_SIZE);
623 p_msg->offset = L2CAP_MIN_OFFSET;
624 p = p_start = (uint8_t*)(p_msg + 1) + L2CAP_MIN_OFFSET;
626 /* Build a service search request packet */
627 UINT8_TO_BE_STREAM(p, SDP_PDU_SERVICE_SEARCH_ATTR_REQ);
628 UINT16_TO_BE_STREAM(p, p_ccb->transaction_id);
629 p_ccb->transaction_id++;
631 /* Skip the length, we need to add it at the end */
635 /* Build the UID sequence. */
636 #if (SDP_BROWSE_PLUS == TRUE)
637 p = sdpu_build_uuid_seq(p, 1,
638 &p_ccb->p_db->uuid_filters[p_ccb->cur_uuid_idx]);
640 p = sdpu_build_uuid_seq(p, p_ccb->p_db->num_uuid_filters,
641 p_ccb->p_db->uuid_filters);
644 /* Max attribute byte count */
645 UINT16_TO_BE_STREAM(p, sdp_cb.max_attr_list_size);
647 /* If no attribute filters, build a wildcard attribute sequence */
648 if (p_ccb->p_db->num_attr_filters)
649 p = sdpu_build_attrib_seq(p, p_ccb->p_db->attr_filters,
650 p_ccb->p_db->num_attr_filters);
652 p = sdpu_build_attrib_seq(p, NULL, 0);
654 /* No continuation for first request */
656 if ((p_reply + *p_reply + 1) <= p_reply_end) {
657 memcpy(p, p_reply, *p_reply + 1);
660 android_errorWriteLog(0x534e4554, "68161546");
663 UINT8_TO_BE_STREAM(p, 0);
665 /* Go back and put the parameter length into the buffer */
666 param_len = p - p_param_len - 2;
667 UINT16_TO_BE_STREAM(p_param_len, param_len);
669 /* Set the length of the SDP data in the buffer */
670 p_msg->len = p - p_start;
672 L2CA_DataWrite(p_ccb->connection_id, p_msg);
674 /* Start inactivity timer */
675 alarm_set_on_mloop(p_ccb->sdp_conn_timer, SDP_INACT_TIMEOUT_MS,
676 sdp_conn_timer_timeout, p_ccb);
681 /*******************************************************************/
682 /* We now have the full response, which is a sequence of sequences */
683 /*******************************************************************/
685 #if (SDP_RAW_DATA_INCLUDED == TRUE)
686 SDP_TRACE_WARNING("process_service_search_attr_rsp");
687 sdp_copy_raw_data(p_ccb, true);
690 p = &p_ccb->rsp_list[0];
692 /* The contents is a sequence of attribute sequences */
695 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE) {
696 SDP_TRACE_WARNING("SDP - Wrong type: 0x%02x in attr_rsp", type);
699 p = sdpu_get_len_from_type(p, type, &seq_len);
701 p_end = &p_ccb->rsp_list[p_ccb->list_len];
703 if ((p + seq_len) != p_end) {
704 sdp_disconnect(p_ccb, SDP_INVALID_CONT_STATE);
709 p = save_attr_seq(p_ccb, p, &p_ccb->rsp_list[p_ccb->list_len]);
711 sdp_disconnect(p_ccb, SDP_DB_FULL);
716 /* Since we got everything we need, disconnect the call */
717 sdp_disconnect(p_ccb, SDP_SUCCESS);
720 /*******************************************************************************
722 * Function save_attr_seq
724 * Description This function is called when there is a response from
727 * Returns pointer to next byte or NULL if error
729 ******************************************************************************/
730 static uint8_t* save_attr_seq(tCONN_CB* p_ccb, uint8_t* p, uint8_t* p_msg_end) {
731 uint32_t seq_len, attr_len;
733 uint8_t type, *p_seq_end;
734 tSDP_DISC_REC* p_rec;
738 if ((type >> 3) != DATA_ELE_SEQ_DESC_TYPE) {
739 SDP_TRACE_WARNING("SDP - Wrong type: 0x%02x in attr_rsp", type);
743 p = sdpu_get_len_from_type(p, type, &seq_len);
744 if ((p + seq_len) > p_msg_end) {
745 SDP_TRACE_WARNING("SDP - Bad len in attr_rsp %d", seq_len);
749 /* Create a record */
750 p_rec = add_record(p_ccb->p_db, p_ccb->device_address);
752 SDP_TRACE_WARNING("SDP - DB full add_record");
756 p_seq_end = p + seq_len;
758 while (p < p_seq_end) {
759 /* First get the attribute ID */
761 p = sdpu_get_len_from_type(p, type, &attr_len);
762 if (((type >> 3) != UINT_DESC_TYPE) || (attr_len != 2)) {
763 SDP_TRACE_WARNING("SDP - Bad type: 0x%02x or len: %d in attr_rsp", type,
767 BE_STREAM_TO_UINT16(attr_id, p);
769 /* Now, add the attribute value */
770 p = add_attr(p, p_seq_end, p_ccb->p_db, p_rec, attr_id, NULL, 0);
773 SDP_TRACE_WARNING("SDP - DB full add_attr");
781 /*******************************************************************************
783 * Function add_record
785 * Description This function allocates space for a record from the DB.
787 * Returns pointer to next byte in data stream
789 ******************************************************************************/
790 tSDP_DISC_REC* add_record(tSDP_DISCOVERY_DB* p_db, const RawAddress& p_bda) {
791 tSDP_DISC_REC* p_rec;
793 /* See if there is enough space in the database */
794 if (p_db->mem_free < sizeof(tSDP_DISC_REC)) return (NULL);
796 p_rec = (tSDP_DISC_REC*)p_db->p_free_mem;
797 p_db->p_free_mem += sizeof(tSDP_DISC_REC);
798 p_db->mem_free -= sizeof(tSDP_DISC_REC);
800 p_rec->p_first_attr = NULL;
801 p_rec->p_next_rec = NULL;
803 p_rec->remote_bd_addr = p_bda;
805 /* Add the record to the end of chain */
806 if (!p_db->p_first_rec)
807 p_db->p_first_rec = p_rec;
809 tSDP_DISC_REC* p_rec1 = p_db->p_first_rec;
811 while (p_rec1->p_next_rec) p_rec1 = p_rec1->p_next_rec;
813 p_rec1->p_next_rec = p_rec;
819 #define SDP_ADDITIONAL_LIST_MASK 0x80
820 /*******************************************************************************
824 * Description This function allocates space for an attribute from the DB
825 * and copies the data into it.
827 * Returns pointer to next byte in data stream
829 ******************************************************************************/
830 static uint8_t* add_attr(uint8_t* p, uint8_t* p_end, tSDP_DISCOVERY_DB* p_db,
831 tSDP_DISC_REC* p_rec, uint16_t attr_id,
832 tSDP_DISC_ATTR* p_parent_attr, uint8_t nest_level) {
833 tSDP_DISC_ATTR* p_attr;
840 uint8_t is_additional_list = nest_level & SDP_ADDITIONAL_LIST_MASK;
842 nest_level &= ~(SDP_ADDITIONAL_LIST_MASK);
845 p = sdpu_get_len_from_type(p, type, &attr_len);
847 attr_len &= SDP_DISC_ATTR_LEN_MASK;
848 attr_type = (type >> 3) & 0x0f;
850 /* See if there is enough space in the database */
852 total_len = attr_len - 4 + (uint16_t)sizeof(tSDP_DISC_ATTR);
854 total_len = sizeof(tSDP_DISC_ATTR);
856 p_attr_end = p + attr_len;
857 if (p_attr_end > p_end) {
858 android_errorWriteLog(0x534e4554, "115900043");
859 SDP_TRACE_WARNING("%s: SDP - Attribute length beyond p_end", __func__);
863 /* Ensure it is a multiple of 4 */
864 total_len = (total_len + 3) & ~3;
866 /* See if there is enough space in the database */
867 if (p_db->mem_free < total_len) return (NULL);
869 p_attr = (tSDP_DISC_ATTR*)p_db->p_free_mem;
870 p_attr->attr_id = attr_id;
871 p_attr->attr_len_type = (uint16_t)attr_len | (attr_type << 12);
872 p_attr->p_next_attr = NULL;
874 /* Store the attribute value */
877 if ((is_additional_list != 0) && (attr_len == 2)) {
878 BE_STREAM_TO_UINT16(id, p);
879 if (id != ATTR_ID_PROTOCOL_DESC_LIST)
882 /* Reserve the memory for the attribute now, as we need to add
884 p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);
885 p_db->mem_free -= sizeof(tSDP_DISC_ATTR);
888 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d(list)", nest_level); */
889 if (nest_level >= MAX_NEST_LEVELS) {
890 SDP_TRACE_ERROR("SDP - attr nesting too deep");
894 /* Now, add the list entry */
895 p = add_attr(p, p_end, p_db, p_rec, ATTR_ID_PROTOCOL_DESC_LIST,
896 p_attr, (uint8_t)(nest_level + 1));
901 /* Case falls through */
903 case TWO_COMP_INT_DESC_TYPE:
906 p_attr->attr_value.v.u8 = *p++;
909 BE_STREAM_TO_UINT16(p_attr->attr_value.v.u16, p);
912 BE_STREAM_TO_UINT32(p_attr->attr_value.v.u32, p);
915 BE_STREAM_TO_ARRAY(p, p_attr->attr_value.v.array, (int32_t)attr_len);
923 BE_STREAM_TO_UINT16(p_attr->attr_value.v.u16, p);
926 BE_STREAM_TO_UINT32(p_attr->attr_value.v.u32, p);
927 if (p_attr->attr_value.v.u32 < 0x10000) {
929 p_attr->attr_len_type = (uint16_t)attr_len | (attr_type << 12);
930 p_attr->attr_value.v.u16 = (uint16_t)p_attr->attr_value.v.u32;
934 /* See if we can compress his UUID down to 16 or 32bit UUIDs */
935 if (sdpu_is_base_uuid(p)) {
936 if ((p[0] == 0) && (p[1] == 0)) {
937 p_attr->attr_len_type =
938 (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 2;
940 BE_STREAM_TO_UINT16(p_attr->attr_value.v.u16, p);
941 p += MAX_UUID_SIZE - 4;
943 p_attr->attr_len_type =
944 (p_attr->attr_len_type & ~SDP_DISC_ATTR_LEN_MASK) | 4;
945 BE_STREAM_TO_UINT32(p_attr->attr_value.v.u32, p);
946 p += MAX_UUID_SIZE - 4;
949 BE_STREAM_TO_ARRAY(p, p_attr->attr_value.v.array,
954 SDP_TRACE_WARNING("SDP - bad len in UUID attr: %d", attr_len);
959 case DATA_ELE_SEQ_DESC_TYPE:
960 case DATA_ELE_ALT_DESC_TYPE:
961 /* Reserve the memory for the attribute now, as we need to add
963 p_db->p_free_mem += sizeof(tSDP_DISC_ATTR);
964 p_db->mem_free -= sizeof(tSDP_DISC_ATTR);
967 /* SDP_TRACE_DEBUG ("SDP - attr nest level:%d", nest_level); */
968 if (nest_level >= MAX_NEST_LEVELS) {
969 SDP_TRACE_ERROR("SDP - attr nesting too deep");
972 if (is_additional_list != 0 ||
973 attr_id == ATTR_ID_ADDITION_PROTO_DESC_LISTS)
974 nest_level |= SDP_ADDITIONAL_LIST_MASK;
975 /* SDP_TRACE_DEBUG ("SDP - attr nest level:0x%x(finish)", nest_level); */
977 while (p < p_attr_end) {
978 /* Now, add the list entry */
979 p = add_attr(p, p_end, p_db, p_rec, 0, p_attr,
980 (uint8_t)(nest_level + 1));
982 if (!p) return (NULL);
986 case TEXT_STR_DESC_TYPE:
988 BE_STREAM_TO_ARRAY(p, p_attr->attr_value.v.array, (int32_t)attr_len);
991 case BOOLEAN_DESC_TYPE:
994 p_attr->attr_value.v.u8 = *p++;
997 SDP_TRACE_WARNING("SDP - bad len in boolean attr: %d", attr_len);
1002 default: /* switch (attr_type) */
1006 p_db->p_free_mem += total_len;
1007 p_db->mem_free -= total_len;
1009 /* Add the attribute to the end of the chain */
1010 if (!p_parent_attr) {
1011 if (!p_rec->p_first_attr)
1012 p_rec->p_first_attr = p_attr;
1014 tSDP_DISC_ATTR* p_attr1 = p_rec->p_first_attr;
1016 while (p_attr1->p_next_attr) p_attr1 = p_attr1->p_next_attr;
1018 p_attr1->p_next_attr = p_attr;
1021 if (!p_parent_attr->attr_value.v.p_sub_attr) {
1022 p_parent_attr->attr_value.v.p_sub_attr = p_attr;
1023 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch:0x%x(id:%d)",
1024 p_parent_attr, p_parent_attr->attr_id, p_attr, p_attr->attr_id); */
1026 tSDP_DISC_ATTR* p_attr1 = p_parent_attr->attr_value.v.p_sub_attr;
1027 /* SDP_TRACE_DEBUG ("parent:0x%x(id:%d), ch1:0x%x(id:%d)",
1028 p_parent_attr, p_parent_attr->attr_id, p_attr1, p_attr1->attr_id); */
1030 while (p_attr1->p_next_attr) p_attr1 = p_attr1->p_next_attr;
1032 p_attr1->p_next_attr = p_attr;
1033 /* SDP_TRACE_DEBUG ("new ch:0x%x(id:%d)", p_attr, p_attr->attr_id); */