1 /******************************************************************************
2 *
3 * Copyright 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains the audio gateway functions performing SDP
22 * operations.
23 *
24 ******************************************************************************/
25
26 #include <base/bind.h>
27 #include <base/location.h>
28
29 #include "bt_target.h" // Legacy stack config
30 #include "bt_trace.h" // Legacy trace logging
31
32 #include "bta/ag/bta_ag_int.h"
33 #include "btif/include/btif_config.h"
34 #include "stack/include/btm_api.h"
35 #include "stack/include/btu.h" // do_in_main_thread
36 #include "stack/include/port_api.h"
37 #include "types/bluetooth/uuid.h"
38
39 using bluetooth::Uuid;
40
41 /* Number of protocol elements in protocol element list. */
42 #define BTA_AG_NUM_PROTO_ELEMS 2
43
44 /* Number of elements in service class id list. */
45 #define BTA_AG_NUM_SVC_ELEMS 2
46
47 /* size of database for service discovery */
48 #ifndef BTA_AG_DISC_BUF_SIZE
49 #define BTA_AG_DISC_BUF_SIZE BT_DEFAULT_BUFFER_SIZE
50 #endif
51
52 /* declare sdp callback functions */
53 void bta_ag_sdp_cback_1(tSDP_RESULT);
54 void bta_ag_sdp_cback_2(tSDP_RESULT);
55 void bta_ag_sdp_cback_3(tSDP_RESULT);
56 void bta_ag_sdp_cback_4(tSDP_RESULT);
57 void bta_ag_sdp_cback_5(tSDP_RESULT);
58 void bta_ag_sdp_cback_6(tSDP_RESULT);
59
60 /* SDP callback function table */
61 typedef tSDP_DISC_CMPL_CB* tBTA_AG_SDP_CBACK;
62 const tBTA_AG_SDP_CBACK bta_ag_sdp_cback_tbl[] = {
63 bta_ag_sdp_cback_1, bta_ag_sdp_cback_2, bta_ag_sdp_cback_3,
64 bta_ag_sdp_cback_4, bta_ag_sdp_cback_5, bta_ag_sdp_cback_6};
65
66 /*******************************************************************************
67 *
68 * Function bta_ag_sdp_cback
69 *
70 * Description SDP callback function.
71 *
72 *
73 * Returns void
74 *
75 ******************************************************************************/
bta_ag_sdp_cback(uint16_t status,uint8_t idx)76 static void bta_ag_sdp_cback(uint16_t status, uint8_t idx) {
77 APPL_TRACE_DEBUG("%s status:0x%x", __func__, status);
78 tBTA_AG_SCB* p_scb = bta_ag_scb_by_idx(idx);
79 if (p_scb) {
80 uint16_t event;
81 /* set event according to int/acp */
82 if (p_scb->role == BTA_AG_ACP) {
83 event = BTA_AG_DISC_ACP_RES_EVT;
84 } else {
85 event = BTA_AG_DISC_INT_RES_EVT;
86 }
87 tBTA_AG_DATA disc_result = {.disc_result = {.status = status}};
88 do_in_main_thread(FROM_HERE, base::Bind(&bta_ag_sm_execute_by_handle, idx,
89 event, disc_result));
90 }
91 }
92
93 /*******************************************************************************
94 *
95 * Function bta_ag_sdp_cback_1 to 6
96 *
97 * Description SDP callback functions. Since there is no way to
98 * distinguish scb from the callback we need separate
99 * callbacks for each scb.
100 *
101 *
102 * Returns void
103 *
104 ******************************************************************************/
bta_ag_sdp_cback_1(tSDP_STATUS status)105 void bta_ag_sdp_cback_1(tSDP_STATUS status) { bta_ag_sdp_cback(status, 1); }
bta_ag_sdp_cback_2(tSDP_STATUS status)106 void bta_ag_sdp_cback_2(tSDP_STATUS status) { bta_ag_sdp_cback(status, 2); }
bta_ag_sdp_cback_3(tSDP_STATUS status)107 void bta_ag_sdp_cback_3(tSDP_STATUS status) { bta_ag_sdp_cback(status, 3); }
bta_ag_sdp_cback_4(tSDP_STATUS status)108 void bta_ag_sdp_cback_4(tSDP_STATUS status) { bta_ag_sdp_cback(status, 4); }
bta_ag_sdp_cback_5(tSDP_STATUS status)109 void bta_ag_sdp_cback_5(tSDP_STATUS status) { bta_ag_sdp_cback(status, 5); }
bta_ag_sdp_cback_6(tSDP_STATUS status)110 void bta_ag_sdp_cback_6(tSDP_STATUS status) { bta_ag_sdp_cback(status, 6); }
111
112 /******************************************************************************
113 *
114 * Function bta_ag_add_record
115 *
116 * Description This function is called by a server application to add
117 * HSP or HFP information to an SDP record. Prior to
118 * calling this function the application must call
119 * SDP_CreateRecord() to create an SDP record.
120 *
121 * Returns true if function execution succeeded,
122 * false if function execution failed.
123 *
124 *****************************************************************************/
bta_ag_add_record(uint16_t service_uuid,const char * p_service_name,uint8_t scn,tBTA_AG_FEAT features,uint32_t sdp_handle)125 bool bta_ag_add_record(uint16_t service_uuid, const char* p_service_name,
126 uint8_t scn, tBTA_AG_FEAT features,
127 uint32_t sdp_handle) {
128 tSDP_PROTOCOL_ELEM proto_elem_list[BTA_AG_NUM_PROTO_ELEMS];
129 uint16_t svc_class_id_list[BTA_AG_NUM_SVC_ELEMS];
130 uint16_t browse_list[] = {UUID_SERVCLASS_PUBLIC_BROWSE_GROUP};
131 uint16_t version;
132 uint16_t profile_uuid;
133 uint8_t network;
134 bool result = true;
135 bool codec_supported = false;
136 uint8_t buf[2];
137
138 APPL_TRACE_DEBUG("%s uuid: %x", __func__, service_uuid);
139
140 for (auto& proto_element : proto_elem_list) {
141 proto_element = {};
142 }
143
144 /* add the protocol element sequence */
145 proto_elem_list[0].protocol_uuid = UUID_PROTOCOL_L2CAP;
146 proto_elem_list[0].num_params = 0;
147 proto_elem_list[1].protocol_uuid = UUID_PROTOCOL_RFCOMM;
148 proto_elem_list[1].num_params = 1;
149 proto_elem_list[1].params[0] = scn;
150 result &=
151 SDP_AddProtocolList(sdp_handle, BTA_AG_NUM_PROTO_ELEMS, proto_elem_list);
152
153 /* add service class id list */
154 svc_class_id_list[0] = service_uuid;
155 svc_class_id_list[1] = UUID_SERVCLASS_GENERIC_AUDIO;
156 result &= SDP_AddServiceClassIdList(sdp_handle, BTA_AG_NUM_SVC_ELEMS,
157 svc_class_id_list);
158
159 /* add profile descriptor list */
160 if (service_uuid == UUID_SERVCLASS_AG_HANDSFREE) {
161 profile_uuid = UUID_SERVCLASS_HF_HANDSFREE;
162 version = BTA_HFP_VERSION;
163 } else {
164 profile_uuid = UUID_SERVCLASS_HEADSET;
165 version = HSP_VERSION_1_2;
166 }
167 result &= SDP_AddProfileDescriptorList(sdp_handle, profile_uuid, version);
168
169 /* add service name */
170 if (p_service_name != nullptr && p_service_name[0] != 0) {
171 result &= SDP_AddAttribute(
172 sdp_handle, ATTR_ID_SERVICE_NAME, TEXT_STR_DESC_TYPE,
173 (uint32_t)(strlen(p_service_name) + 1), (uint8_t*)p_service_name);
174 }
175
176 /* add features and network */
177 if (service_uuid == UUID_SERVCLASS_AG_HANDSFREE) {
178 network = (features & BTA_AG_FEAT_REJECT) ? 1 : 0;
179 result &= SDP_AddAttribute(sdp_handle, ATTR_ID_DATA_STORES_OR_NETWORK,
180 UINT_DESC_TYPE, 1, &network);
181
182 if (features & BTA_AG_FEAT_CODEC) codec_supported = true;
183
184 features &= BTA_AG_SDP_FEAT_SPEC;
185
186 /* Codec bit position is different in SDP and in BRSF */
187 if (codec_supported) features |= 0x0020;
188
189 UINT16_TO_BE_FIELD(buf, features);
190 result &= SDP_AddAttribute(sdp_handle, ATTR_ID_SUPPORTED_FEATURES,
191 UINT_DESC_TYPE, 2, buf);
192 }
193
194 /* add browse group list */
195 result &= SDP_AddUuidSequence(sdp_handle, ATTR_ID_BROWSE_GROUP_LIST, 1,
196 browse_list);
197
198 return result;
199 }
200
201 /*******************************************************************************
202 *
203 * Function bta_ag_create_records
204 *
205 * Description Create SDP records for registered services.
206 *
207 *
208 * Returns void
209 *
210 ******************************************************************************/
bta_ag_create_records(tBTA_AG_SCB * p_scb,const tBTA_AG_DATA & data)211 void bta_ag_create_records(tBTA_AG_SCB* p_scb, const tBTA_AG_DATA& data) {
212 int i;
213 tBTA_SERVICE_MASK services;
214
215 services = p_scb->reg_services >> BTA_HSP_SERVICE_ID;
216 for (i = 0; i < BTA_AG_NUM_IDX && services != 0; i++, services >>= 1) {
217 /* if service is set in mask */
218 if (services & 1) {
219 /* add sdp record if not already registered */
220 if (bta_ag_cb.profile[i].sdp_handle == 0) {
221 bta_ag_cb.profile[i].sdp_handle = SDP_CreateRecord();
222 bta_ag_cb.profile[i].scn = BTM_AllocateSCN();
223 bta_ag_add_record(bta_ag_uuid[i], data.api_register.p_name[i],
224 bta_ag_cb.profile[i].scn, data.api_register.features,
225 bta_ag_cb.profile[i].sdp_handle);
226 bta_sys_add_uuid(bta_ag_uuid[i]);
227 }
228 }
229 }
230 }
231
232 /*******************************************************************************
233 *
234 * Function bta_ag_del_records
235 *
236 * Description Delete SDP records for any registered services.
237 *
238 *
239 * Returns void
240 *
241 ******************************************************************************/
bta_ag_del_records(tBTA_AG_SCB * p_scb)242 void bta_ag_del_records(tBTA_AG_SCB* p_scb) {
243 tBTA_AG_SCB* p = &bta_ag_cb.scb[0];
244 tBTA_SERVICE_MASK services;
245 tBTA_SERVICE_MASK others = 0;
246 int i;
247
248 /* get services of all other registered servers */
249 for (i = 0; i < BTA_AG_NUM_IDX; i++, p++) {
250 if (p_scb == p) {
251 continue;
252 }
253
254 if (p->in_use && !p->dealloc) {
255 others |= p->reg_services;
256 }
257 }
258
259 others >>= BTA_HSP_SERVICE_ID;
260 services = p_scb->reg_services >> BTA_HSP_SERVICE_ID;
261 for (i = 0; i < BTA_AG_NUM_IDX && services != 0;
262 i++, services >>= 1, others >>= 1) {
263 /* if service registered for this scb and not registered for any other scb
264 */
265 if (((services & 1) == 1) && ((others & 1) == 0)) {
266 APPL_TRACE_DEBUG("bta_ag_del_records %d", i);
267 if (bta_ag_cb.profile[i].sdp_handle != 0) {
268 SDP_DeleteRecord(bta_ag_cb.profile[i].sdp_handle);
269 bta_ag_cb.profile[i].sdp_handle = 0;
270 }
271 BTM_FreeSCN(bta_ag_cb.profile[i].scn);
272 RFCOMM_ClearSecurityRecord(bta_ag_cb.profile[i].scn);
273 bta_sys_remove_uuid(bta_ag_uuid[i]);
274 }
275 }
276 }
277
278 /*******************************************************************************
279 *
280 * Function bta_ag_sdp_find_attr
281 *
282 * Description Process SDP discovery results to find requested attributes
283 * for requested service.
284 *
285 *
286 * Returns true if results found, false otherwise.
287 *
288 ******************************************************************************/
bta_ag_sdp_find_attr(tBTA_AG_SCB * p_scb,tBTA_SERVICE_MASK service)289 bool bta_ag_sdp_find_attr(tBTA_AG_SCB* p_scb, tBTA_SERVICE_MASK service) {
290 tSDP_DISC_REC* p_rec = nullptr;
291 tSDP_DISC_ATTR* p_attr;
292 tSDP_PROTOCOL_ELEM pe;
293 uint16_t uuid;
294 bool result = false;
295
296 if (service & BTA_HFP_SERVICE_MASK) {
297 uuid = UUID_SERVCLASS_HF_HANDSFREE;
298 /* If there is no cached peer version, use default one */
299 if (p_scb->peer_version == HFP_HSP_VERSION_UNKNOWN) {
300 p_scb->peer_version = HFP_VERSION_1_1; /* Default version */
301 }
302 } else if (service & BTA_HSP_SERVICE_MASK && p_scb->role == BTA_AG_INT) {
303 uuid = UUID_SERVCLASS_HEADSET_HS;
304 p_scb->peer_version = HSP_VERSION_1_2; /* Default version */
305 } else {
306 uuid = UUID_SERVCLASS_HEADSET_HS;
307 p_scb->peer_version = HSP_VERSION_1_0;
308 }
309
310 /* loop through all records we found */
311 while (true) {
312 /* get next record; if none found, we're done */
313 p_rec = SDP_FindServiceInDb(p_scb->p_disc_db, uuid, p_rec);
314 if (p_rec == nullptr) {
315 if (uuid == UUID_SERVCLASS_HEADSET_HS) {
316 /* Search again in case the peer device uses the old HSP UUID */
317 uuid = UUID_SERVCLASS_HEADSET;
318 p_scb->peer_version = HSP_VERSION_1_0;
319 p_rec = SDP_FindServiceInDb(p_scb->p_disc_db, uuid, p_rec);
320 if (p_rec == nullptr) {
321 break;
322 }
323 } else
324 break;
325 }
326
327 /* get scn from proto desc list if initiator */
328 if (p_scb->role == BTA_AG_INT) {
329 if (SDP_FindProtocolListElemInRec(p_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
330 p_scb->peer_scn = (uint8_t)pe.params[0];
331 } else {
332 continue;
333 }
334 }
335
336 /* get profile version (if failure, version parameter is not updated) */
337 uint16_t peer_version = HFP_HSP_VERSION_UNKNOWN;
338 if (!SDP_FindProfileVersionInRec(p_rec, uuid, &peer_version)) {
339 APPL_TRACE_WARNING("%s: Get peer_version failed, using default 0x%04x",
340 __func__, p_scb->peer_version);
341 peer_version = p_scb->peer_version;
342 }
343
344 if (service & BTA_HFP_SERVICE_MASK) {
345 /* Update cached peer version if the new one is different */
346 if (peer_version != p_scb->peer_version) {
347 p_scb->peer_version = peer_version;
348 if (btif_config_set_bin(
349 p_scb->peer_addr.ToString(), HFP_VERSION_CONFIG_KEY,
350 (const uint8_t*)&peer_version, sizeof(peer_version))) {
351 btif_config_save();
352 } else {
353 APPL_TRACE_WARNING("%s: Failed to store peer HFP version for %s",
354 __func__, p_scb->peer_addr.ToString().c_str());
355 }
356 }
357 /* get features if HFP */
358 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
359 if (p_attr != nullptr) {
360 /* Found attribute. Get value. */
361 /* There might be race condition between SDP and BRSF. */
362 /* Do not update if we already received BRSF. */
363 uint16_t sdp_features = p_attr->attr_value.v.u16;
364 bool sdp_wbs_support = sdp_features & BTA_AG_FEAT_WBS_SUPPORT;
365 if (!p_scb->received_at_bac && sdp_wbs_support) {
366 // Workaround for misbehaving HFs (e.g. some Hyundai car kit) that:
367 // 1. Indicate WBS support in SDP and codec negotiation in BRSF
368 // 2. But do not send required AT+BAC command
369 // Will assume mSBC is enabled and try codec negotiation by default
370 p_scb->codec_updated = true;
371 p_scb->peer_codecs = BTA_AG_CODEC_CVSD & BTA_AG_CODEC_MSBC;
372 p_scb->sco_codec = UUID_CODEC_MSBC;
373 }
374 if (sdp_features != p_scb->peer_sdp_features) {
375 p_scb->peer_sdp_features = sdp_features;
376 if (btif_config_set_bin(
377 p_scb->peer_addr.ToString(), HFP_SDP_FEATURES_CONFIG_KEY,
378 (const uint8_t*)&sdp_features, sizeof(sdp_features))) {
379 btif_config_save();
380 } else {
381 APPL_TRACE_WARNING(
382 "%s: Failed to store peer HFP SDP Features for %s", __func__,
383 p_scb->peer_addr.ToString().c_str());
384 }
385 }
386 if (p_scb->peer_features == 0) {
387 p_scb->peer_features = sdp_features & HFP_SDP_BRSF_FEATURES_MASK;
388 }
389 }
390 } else {
391 /* No peer version caching for HSP, use discovered one directly */
392 p_scb->peer_version = peer_version;
393 /* get features if HSP */
394 p_attr =
395 SDP_FindAttributeInRec(p_rec, ATTR_ID_REMOTE_AUDIO_VOLUME_CONTROL);
396 if (p_attr != nullptr) {
397 /* Remote volume control of HSP */
398 if (p_attr->attr_value.v.u8)
399 p_scb->peer_features |= BTA_AG_PEER_FEAT_VOL;
400 else
401 p_scb->peer_features &= ~BTA_AG_PEER_FEAT_VOL;
402 }
403 }
404
405 /* found what we needed */
406 result = true;
407 break;
408 }
409 return result;
410 }
411
412 /*******************************************************************************
413 *
414 * Function bta_ag_do_disc
415 *
416 * Description Do service discovery.
417 *
418 *
419 * Returns void
420 *
421 ******************************************************************************/
bta_ag_do_disc(tBTA_AG_SCB * p_scb,tBTA_SERVICE_MASK service)422 void bta_ag_do_disc(tBTA_AG_SCB* p_scb, tBTA_SERVICE_MASK service) {
423 Uuid uuid_list[1];
424 uint16_t num_uuid = 1;
425 uint16_t attr_list[4];
426 uint8_t num_attr;
427
428 /* HFP initiator; get proto list and features */
429 if (service & BTA_HFP_SERVICE_MASK && p_scb->role == BTA_AG_INT) {
430 attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
431 attr_list[1] = ATTR_ID_PROTOCOL_DESC_LIST;
432 attr_list[2] = ATTR_ID_BT_PROFILE_DESC_LIST;
433 attr_list[3] = ATTR_ID_SUPPORTED_FEATURES;
434 num_attr = 4;
435 uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HF_HANDSFREE);
436 }
437 /* HFP acceptor; get features */
438 else if (service & BTA_HFP_SERVICE_MASK && p_scb->role == BTA_AG_ACP) {
439 attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
440 attr_list[1] = ATTR_ID_BT_PROFILE_DESC_LIST;
441 attr_list[2] = ATTR_ID_SUPPORTED_FEATURES;
442 num_attr = 3;
443 uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HF_HANDSFREE);
444 }
445 /* HSP initiator; get proto list */
446 else if (service & BTA_HSP_SERVICE_MASK && p_scb->role == BTA_AG_INT) {
447 attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
448 attr_list[1] = ATTR_ID_PROTOCOL_DESC_LIST;
449 attr_list[2] = ATTR_ID_BT_PROFILE_DESC_LIST;
450 attr_list[3] = ATTR_ID_REMOTE_AUDIO_VOLUME_CONTROL;
451 num_attr = 4;
452 // Although UUID_SERVCLASS_HEADSET_HS (0x1131) is to be used in HSP 1.2,
453 // some HSP 1.2 implementations, such as PTS, still use
454 // UUID_SERVCLASS_HEADSET (0x1108) to store its service record. However,
455 // most of such devices are HSP 1.0 devices.
456 if (p_scb->hsp_version >= HSP_VERSION_1_2) {
457 uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET_HS);
458 } else {
459 uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET);
460 }
461 } else {
462 /* HSP acceptor; get features */
463 attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
464 attr_list[1] = ATTR_ID_PROTOCOL_DESC_LIST;
465 attr_list[2] = ATTR_ID_BT_PROFILE_DESC_LIST;
466 attr_list[3] = ATTR_ID_REMOTE_AUDIO_VOLUME_CONTROL;
467 num_attr = 4;
468
469 if (p_scb->hsp_version >= HSP_VERSION_1_2) {
470 uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET_HS);
471 } else {
472 /* Legacy from HSP v1.0 */
473 uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET);
474 }
475 }
476
477 if (p_scb->p_disc_db != nullptr) {
478 android_errorWriteLog(0x534e4554, "174052148");
479 LOG_ERROR("Discovery already in progress... returning.");
480 return;
481 }
482
483 /* allocate buffer for sdp database */
484 p_scb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AG_DISC_BUF_SIZE);
485 /* set up service discovery database; attr happens to be attr_list len */
486 if (SDP_InitDiscoveryDb(p_scb->p_disc_db, BTA_AG_DISC_BUF_SIZE, num_uuid,
487 uuid_list, num_attr, attr_list)) {
488 if (SDP_ServiceSearchAttributeRequest(
489 p_scb->peer_addr, p_scb->p_disc_db,
490 bta_ag_sdp_cback_tbl[bta_ag_scb_to_idx(p_scb) - 1])) {
491 return;
492 } else {
493 LOG(ERROR) << __func__ << ": failed to start SDP discovery for "
494 << p_scb->peer_addr;
495 }
496 } else {
497 LOG(ERROR) << __func__ << ": failed to init SDP discovery database for "
498 << p_scb->peer_addr;
499 }
500 // Failure actions
501 bta_ag_free_db(p_scb, tBTA_AG_DATA::kEmpty);
502 bta_ag_sm_execute(p_scb, BTA_AG_DISC_FAIL_EVT, tBTA_AG_DATA::kEmpty);
503 }
504
505 /*******************************************************************************
506 *
507 * Function bta_ag_free_db
508 *
509 * Description Free discovery database.
510 *
511 *
512 * Returns void
513 *
514 ******************************************************************************/
bta_ag_free_db(tBTA_AG_SCB * p_scb,const tBTA_AG_DATA & data)515 void bta_ag_free_db(tBTA_AG_SCB* p_scb, const tBTA_AG_DATA& data) {
516 osi_free_and_reset((void**)&p_scb->p_disc_db);
517 }
518