1 /******************************************************************************
2  *
3  *  Copyright 2003-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains the audio gateway functions performing SDP
22  *  operations.
23  *
24  ******************************************************************************/
25 
26 #include <cstring>
27 
28 #include <base/bind.h>
29 
30 #include "bt_common.h"
31 #include "bta_ag_api.h"
32 #include "bta_ag_int.h"
33 #include "bta_api.h"
34 #include "bta_sys.h"
35 #include "btif_config.h"
36 #include "btm_api.h"
37 #include "osi/include/osi.h"
38 #include "sdp_api.h"
39 #include "stack/include/btu.h"
40 #include "utl.h"
41 
42 using bluetooth::Uuid;
43 
44 /* Number of protocol elements in protocol element list. */
45 #define BTA_AG_NUM_PROTO_ELEMS 2
46 
47 /* Number of elements in service class id list. */
48 #define BTA_AG_NUM_SVC_ELEMS 2
49 
50 /* size of database for service discovery */
51 #ifndef BTA_AG_DISC_BUF_SIZE
52 #define BTA_AG_DISC_BUF_SIZE BT_DEFAULT_BUFFER_SIZE
53 #endif
54 
55 /* declare sdp callback functions */
56 void bta_ag_sdp_cback_1(uint16_t status);
57 void bta_ag_sdp_cback_2(uint16_t status);
58 void bta_ag_sdp_cback_3(uint16_t status);
59 void bta_ag_sdp_cback_4(uint16_t status);
60 void bta_ag_sdp_cback_5(uint16_t status);
61 void bta_ag_sdp_cback_6(uint16_t status);
62 
63 /* SDP callback function table */
64 typedef tSDP_DISC_CMPL_CB* tBTA_AG_SDP_CBACK;
65 const tBTA_AG_SDP_CBACK bta_ag_sdp_cback_tbl[] = {
66     bta_ag_sdp_cback_1, bta_ag_sdp_cback_2, bta_ag_sdp_cback_3,
67     bta_ag_sdp_cback_4, bta_ag_sdp_cback_5, bta_ag_sdp_cback_6};
68 
69 /*******************************************************************************
70  *
71  * Function         bta_ag_sdp_cback
72  *
73  * Description      SDP callback function.
74  *
75  *
76  * Returns          void
77  *
78  ******************************************************************************/
bta_ag_sdp_cback(uint16_t status,uint8_t idx)79 static void bta_ag_sdp_cback(uint16_t status, uint8_t idx) {
80   APPL_TRACE_DEBUG("%s status:0x%x", __func__, status);
81   tBTA_AG_SCB* p_scb = bta_ag_scb_by_idx(idx);
82   if (p_scb) {
83     uint16_t event;
84     /* set event according to int/acp */
85     if (p_scb->role == BTA_AG_ACP) {
86       event = BTA_AG_DISC_ACP_RES_EVT;
87     } else {
88       event = BTA_AG_DISC_INT_RES_EVT;
89     }
90     tBTA_AG_DATA disc_result = {.disc_result = {.status = status}};
91     do_in_main_thread(FROM_HERE, base::Bind(&bta_ag_sm_execute_by_handle, idx,
92                                             event, disc_result));
93   }
94 }
95 
96 /*******************************************************************************
97  *
98  * Function         bta_ag_sdp_cback_1 to 6
99  *
100  * Description      SDP callback functions.  Since there is no way to
101  *                  distinguish scb from the callback we need separate
102  *                  callbacks for each scb.
103  *
104  *
105  * Returns          void
106  *
107  ******************************************************************************/
bta_ag_sdp_cback_1(uint16_t status)108 void bta_ag_sdp_cback_1(uint16_t status) { bta_ag_sdp_cback(status, 1); }
bta_ag_sdp_cback_2(uint16_t status)109 void bta_ag_sdp_cback_2(uint16_t status) { bta_ag_sdp_cback(status, 2); }
bta_ag_sdp_cback_3(uint16_t status)110 void bta_ag_sdp_cback_3(uint16_t status) { bta_ag_sdp_cback(status, 3); }
bta_ag_sdp_cback_4(uint16_t status)111 void bta_ag_sdp_cback_4(uint16_t status) { bta_ag_sdp_cback(status, 4); }
bta_ag_sdp_cback_5(uint16_t status)112 void bta_ag_sdp_cback_5(uint16_t status) { bta_ag_sdp_cback(status, 5); }
bta_ag_sdp_cback_6(uint16_t status)113 void bta_ag_sdp_cback_6(uint16_t status) { bta_ag_sdp_cback(status, 6); }
114 
115 /******************************************************************************
116  *
117  * Function         bta_ag_add_record
118  *
119  * Description      This function is called by a server application to add
120  *                  HSP or HFP information to an SDP record.  Prior to
121  *                  calling this function the application must call
122  *                  SDP_CreateRecord() to create an SDP record.
123  *
124  * Returns          true if function execution succeeded,
125  *                  false if function execution failed.
126  *
127  *****************************************************************************/
bta_ag_add_record(uint16_t service_uuid,const char * p_service_name,uint8_t scn,tBTA_AG_FEAT features,uint32_t sdp_handle)128 bool bta_ag_add_record(uint16_t service_uuid, const char* p_service_name,
129                        uint8_t scn, tBTA_AG_FEAT features,
130                        uint32_t sdp_handle) {
131   tSDP_PROTOCOL_ELEM proto_elem_list[BTA_AG_NUM_PROTO_ELEMS];
132   uint16_t svc_class_id_list[BTA_AG_NUM_SVC_ELEMS];
133   uint16_t browse_list[] = {UUID_SERVCLASS_PUBLIC_BROWSE_GROUP};
134   uint16_t version;
135   uint16_t profile_uuid;
136   uint8_t network;
137   bool result = true;
138   bool codec_supported = false;
139   uint8_t buf[2];
140 
141   APPL_TRACE_DEBUG("%s uuid: %x", __func__, service_uuid);
142 
143   for (auto& proto_element : proto_elem_list) {
144     proto_element = {};
145   }
146 
147   /* add the protocol element sequence */
148   proto_elem_list[0].protocol_uuid = UUID_PROTOCOL_L2CAP;
149   proto_elem_list[0].num_params = 0;
150   proto_elem_list[1].protocol_uuid = UUID_PROTOCOL_RFCOMM;
151   proto_elem_list[1].num_params = 1;
152   proto_elem_list[1].params[0] = scn;
153   result &=
154       SDP_AddProtocolList(sdp_handle, BTA_AG_NUM_PROTO_ELEMS, proto_elem_list);
155 
156   /* add service class id list */
157   svc_class_id_list[0] = service_uuid;
158   svc_class_id_list[1] = UUID_SERVCLASS_GENERIC_AUDIO;
159   result &= SDP_AddServiceClassIdList(sdp_handle, BTA_AG_NUM_SVC_ELEMS,
160                                       svc_class_id_list);
161 
162   /* add profile descriptor list */
163   if (service_uuid == UUID_SERVCLASS_AG_HANDSFREE) {
164     profile_uuid = UUID_SERVCLASS_HF_HANDSFREE;
165     version = BTA_HFP_VERSION;
166   } else {
167     profile_uuid = UUID_SERVCLASS_HEADSET;
168     version = HSP_VERSION_1_2;
169   }
170   result &= SDP_AddProfileDescriptorList(sdp_handle, profile_uuid, version);
171 
172   /* add service name */
173   if (p_service_name != nullptr && p_service_name[0] != 0) {
174     result &= SDP_AddAttribute(
175         sdp_handle, ATTR_ID_SERVICE_NAME, TEXT_STR_DESC_TYPE,
176         (uint32_t)(strlen(p_service_name) + 1), (uint8_t*)p_service_name);
177   }
178 
179   /* add features and network */
180   if (service_uuid == UUID_SERVCLASS_AG_HANDSFREE) {
181     network = (features & BTA_AG_FEAT_REJECT) ? 1 : 0;
182     result &= SDP_AddAttribute(sdp_handle, ATTR_ID_DATA_STORES_OR_NETWORK,
183                                UINT_DESC_TYPE, 1, &network);
184 
185     if (features & BTA_AG_FEAT_CODEC) codec_supported = true;
186 
187     features &= BTA_AG_SDP_FEAT_SPEC;
188 
189     /* Codec bit position is different in SDP and in BRSF */
190     if (codec_supported) features |= 0x0020;
191 
192     UINT16_TO_BE_FIELD(buf, features);
193     result &= SDP_AddAttribute(sdp_handle, ATTR_ID_SUPPORTED_FEATURES,
194                                UINT_DESC_TYPE, 2, buf);
195   }
196 
197   /* add browse group list */
198   result &= SDP_AddUuidSequence(sdp_handle, ATTR_ID_BROWSE_GROUP_LIST, 1,
199                                 browse_list);
200 
201   return result;
202 }
203 
204 /*******************************************************************************
205  *
206  * Function         bta_ag_create_records
207  *
208  * Description      Create SDP records for registered services.
209  *
210  *
211  * Returns          void
212  *
213  ******************************************************************************/
bta_ag_create_records(tBTA_AG_SCB * p_scb,const tBTA_AG_DATA & data)214 void bta_ag_create_records(tBTA_AG_SCB* p_scb, const tBTA_AG_DATA& data) {
215   int i;
216   tBTA_SERVICE_MASK services;
217 
218   services = p_scb->reg_services >> BTA_HSP_SERVICE_ID;
219   for (i = 0; i < BTA_AG_NUM_IDX && services != 0; i++, services >>= 1) {
220     /* if service is set in mask */
221     if (services & 1) {
222       /* add sdp record if not already registered */
223       if (bta_ag_cb.profile[i].sdp_handle == 0) {
224         bta_ag_cb.profile[i].sdp_handle = SDP_CreateRecord();
225         bta_ag_cb.profile[i].scn = BTM_AllocateSCN();
226         bta_ag_add_record(bta_ag_uuid[i], data.api_register.p_name[i],
227                           bta_ag_cb.profile[i].scn, data.api_register.features,
228                           bta_ag_cb.profile[i].sdp_handle);
229         bta_sys_add_uuid(bta_ag_uuid[i]);
230       }
231     }
232   }
233 }
234 
235 /*******************************************************************************
236  *
237  * Function         bta_ag_del_records
238  *
239  * Description      Delete SDP records for any registered services.
240  *
241  *
242  * Returns          void
243  *
244  ******************************************************************************/
bta_ag_del_records(tBTA_AG_SCB * p_scb)245 void bta_ag_del_records(tBTA_AG_SCB* p_scb) {
246   tBTA_AG_SCB* p = &bta_ag_cb.scb[0];
247   tBTA_SERVICE_MASK services;
248   tBTA_SERVICE_MASK others = 0;
249   int i;
250 
251   /* get services of all other registered servers */
252   for (i = 0; i < BTA_AG_NUM_IDX; i++, p++) {
253     if (p_scb == p) {
254       continue;
255     }
256 
257     if (p->in_use && !p->dealloc) {
258       others |= p->reg_services;
259     }
260   }
261 
262   others >>= BTA_HSP_SERVICE_ID;
263   services = p_scb->reg_services >> BTA_HSP_SERVICE_ID;
264   for (i = 0; i < BTA_AG_NUM_IDX && services != 0;
265        i++, services >>= 1, others >>= 1) {
266     /* if service registered for this scb and not registered for any other scb
267      */
268     if (((services & 1) == 1) && ((others & 1) == 0)) {
269       APPL_TRACE_DEBUG("bta_ag_del_records %d", i);
270       if (bta_ag_cb.profile[i].sdp_handle != 0) {
271         SDP_DeleteRecord(bta_ag_cb.profile[i].sdp_handle);
272         bta_ag_cb.profile[i].sdp_handle = 0;
273       }
274       BTM_FreeSCN(bta_ag_cb.profile[i].scn);
275       BTM_SecClrService(bta_ag_sec_id[i]);
276       bta_sys_remove_uuid(bta_ag_uuid[i]);
277     }
278   }
279 }
280 
281 /*******************************************************************************
282  *
283  * Function         bta_ag_sdp_find_attr
284  *
285  * Description      Process SDP discovery results to find requested attributes
286  *                  for requested service.
287  *
288  *
289  * Returns          true if results found, false otherwise.
290  *
291  ******************************************************************************/
bta_ag_sdp_find_attr(tBTA_AG_SCB * p_scb,tBTA_SERVICE_MASK service)292 bool bta_ag_sdp_find_attr(tBTA_AG_SCB* p_scb, tBTA_SERVICE_MASK service) {
293   tSDP_DISC_REC* p_rec = nullptr;
294   tSDP_DISC_ATTR* p_attr;
295   tSDP_PROTOCOL_ELEM pe;
296   uint16_t uuid;
297   bool result = false;
298 
299   if (service & BTA_HFP_SERVICE_MASK) {
300     uuid = UUID_SERVCLASS_HF_HANDSFREE;
301     /* If there is no cached peer version, use default one */
302     if (p_scb->peer_version == HFP_HSP_VERSION_UNKNOWN) {
303       p_scb->peer_version = HFP_VERSION_1_1; /* Default version */
304     }
305   } else if (service & BTA_HSP_SERVICE_MASK && p_scb->role == BTA_AG_INT) {
306     uuid = UUID_SERVCLASS_HEADSET_HS;
307     p_scb->peer_version = HSP_VERSION_1_2; /* Default version */
308   } else {
309     uuid = UUID_SERVCLASS_HEADSET_HS;
310     p_scb->peer_version = HSP_VERSION_1_0;
311   }
312 
313   /* loop through all records we found */
314   while (true) {
315     /* get next record; if none found, we're done */
316     p_rec = SDP_FindServiceInDb(p_scb->p_disc_db, uuid, p_rec);
317     if (p_rec == nullptr) {
318       if (uuid == UUID_SERVCLASS_HEADSET_HS) {
319         /* Search again in case the peer device uses the old HSP UUID */
320         uuid = UUID_SERVCLASS_HEADSET;
321         p_scb->peer_version = HSP_VERSION_1_0;
322         p_rec = SDP_FindServiceInDb(p_scb->p_disc_db, uuid, p_rec);
323         if (p_rec == nullptr) {
324           break;
325         }
326       } else
327         break;
328     }
329 
330     /* get scn from proto desc list if initiator */
331     if (p_scb->role == BTA_AG_INT) {
332       if (SDP_FindProtocolListElemInRec(p_rec, UUID_PROTOCOL_RFCOMM, &pe)) {
333         p_scb->peer_scn = (uint8_t)pe.params[0];
334       } else {
335         continue;
336       }
337     }
338 
339     /* get profile version (if failure, version parameter is not updated) */
340     uint16_t peer_version = HFP_HSP_VERSION_UNKNOWN;
341     if (!SDP_FindProfileVersionInRec(p_rec, uuid, &peer_version)) {
342       APPL_TRACE_WARNING("%s: Get peer_version failed, using default 0x%04x",
343                          __func__, p_scb->peer_version);
344       peer_version = p_scb->peer_version;
345     }
346 
347     if (service & BTA_HFP_SERVICE_MASK) {
348       /* Update cached peer version if the new one is different */
349       if (peer_version != p_scb->peer_version) {
350         p_scb->peer_version = peer_version;
351         if (btif_config_set_bin(
352                 p_scb->peer_addr.ToString(), HFP_VERSION_CONFIG_KEY,
353                 (const uint8_t*)&peer_version, sizeof(peer_version))) {
354           btif_config_save();
355         } else {
356           APPL_TRACE_WARNING("%s: Failed to store peer HFP version for %s",
357                              __func__, p_scb->peer_addr.ToString().c_str());
358         }
359       }
360       /* get features if HFP */
361       p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
362       if (p_attr != nullptr) {
363         /* Found attribute. Get value. */
364         /* There might be race condition between SDP and BRSF.  */
365         /* Do not update if we already received BRSF.           */
366         uint16_t sdp_features = p_attr->attr_value.v.u16;
367         bool sdp_wbs_support = sdp_features & BTA_AG_FEAT_WBS_SUPPORT;
368         if (!p_scb->received_at_bac && sdp_wbs_support) {
369           // Workaround for misbehaving HFs (e.g. some Hyundai car kit) that:
370           // 1. Indicate WBS support in SDP and codec negotiation in BRSF
371           // 2. But do not send required AT+BAC command
372           // Will assume mSBC is enabled and try codec negotiation by default
373           p_scb->codec_updated = true;
374           p_scb->peer_codecs = BTA_AG_CODEC_CVSD & BTA_AG_CODEC_MSBC;
375           p_scb->sco_codec = UUID_CODEC_MSBC;
376         }
377         if (sdp_features != p_scb->peer_sdp_features) {
378           p_scb->peer_sdp_features = sdp_features;
379           if (btif_config_set_bin(
380                   p_scb->peer_addr.ToString(), HFP_SDP_FEATURES_CONFIG_KEY,
381                   (const uint8_t*)&sdp_features, sizeof(sdp_features))) {
382             btif_config_save();
383           } else {
384             APPL_TRACE_WARNING(
385                 "%s: Failed to store peer HFP SDP Features for %s", __func__,
386                 p_scb->peer_addr.ToString().c_str());
387           }
388         }
389         if (p_scb->peer_features == 0) {
390           p_scb->peer_features = sdp_features & HFP_SDP_BRSF_FEATURES_MASK;
391         }
392       }
393     } else {
394       /* No peer version caching for HSP, use discovered one directly */
395       p_scb->peer_version = peer_version;
396       /* get features if HSP */
397       p_attr =
398           SDP_FindAttributeInRec(p_rec, ATTR_ID_REMOTE_AUDIO_VOLUME_CONTROL);
399       if (p_attr != nullptr) {
400         /* Remote volume control of HSP */
401         if (p_attr->attr_value.v.u8)
402           p_scb->peer_features |= BTA_AG_PEER_FEAT_VOL;
403         else
404           p_scb->peer_features &= ~BTA_AG_PEER_FEAT_VOL;
405       }
406     }
407 
408     /* found what we needed */
409     result = true;
410     break;
411   }
412   return result;
413 }
414 
415 /*******************************************************************************
416  *
417  * Function         bta_ag_do_disc
418  *
419  * Description      Do service discovery.
420  *
421  *
422  * Returns          void
423  *
424  ******************************************************************************/
bta_ag_do_disc(tBTA_AG_SCB * p_scb,tBTA_SERVICE_MASK service)425 void bta_ag_do_disc(tBTA_AG_SCB* p_scb, tBTA_SERVICE_MASK service) {
426   Uuid uuid_list[1];
427   uint16_t num_uuid = 1;
428   uint16_t attr_list[4];
429   uint8_t num_attr;
430 
431   /* HFP initiator; get proto list and features */
432   if (service & BTA_HFP_SERVICE_MASK && p_scb->role == BTA_AG_INT) {
433     attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
434     attr_list[1] = ATTR_ID_PROTOCOL_DESC_LIST;
435     attr_list[2] = ATTR_ID_BT_PROFILE_DESC_LIST;
436     attr_list[3] = ATTR_ID_SUPPORTED_FEATURES;
437     num_attr = 4;
438     uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HF_HANDSFREE);
439   }
440   /* HFP acceptor; get features */
441   else if (service & BTA_HFP_SERVICE_MASK && p_scb->role == BTA_AG_ACP) {
442     attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
443     attr_list[1] = ATTR_ID_BT_PROFILE_DESC_LIST;
444     attr_list[2] = ATTR_ID_SUPPORTED_FEATURES;
445     num_attr = 3;
446     uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HF_HANDSFREE);
447   }
448   /* HSP initiator; get proto list */
449   else if (service & BTA_HSP_SERVICE_MASK && p_scb->role == BTA_AG_INT) {
450     attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
451     attr_list[1] = ATTR_ID_PROTOCOL_DESC_LIST;
452     attr_list[2] = ATTR_ID_BT_PROFILE_DESC_LIST;
453     attr_list[3] = ATTR_ID_REMOTE_AUDIO_VOLUME_CONTROL;
454     num_attr = 4;
455     // Although UUID_SERVCLASS_HEADSET_HS (0x1131) is to be used in HSP 1.2,
456     // some HSP 1.2 implementations, such as PTS, still use
457     // UUID_SERVCLASS_HEADSET (0x1108) to store its service record. However,
458     // most of such devices are HSP 1.0 devices.
459     if (p_scb->hsp_version >= HSP_VERSION_1_2) {
460       uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET_HS);
461     } else {
462       uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET);
463     }
464   } else {
465     /* HSP acceptor; get features */
466     attr_list[0] = ATTR_ID_SERVICE_CLASS_ID_LIST;
467     attr_list[1] = ATTR_ID_PROTOCOL_DESC_LIST;
468     attr_list[2] = ATTR_ID_BT_PROFILE_DESC_LIST;
469     attr_list[3] = ATTR_ID_REMOTE_AUDIO_VOLUME_CONTROL;
470     num_attr = 4;
471 
472     if (p_scb->hsp_version >= HSP_VERSION_1_2) {
473       uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET_HS);
474     } else {
475       /* Legacy from HSP v1.0 */
476       uuid_list[0] = Uuid::From16Bit(UUID_SERVCLASS_HEADSET);
477     }
478   }
479 
480   /* allocate buffer for sdp database */
481   p_scb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AG_DISC_BUF_SIZE);
482   /* set up service discovery database; attr happens to be attr_list len */
483   if (SDP_InitDiscoveryDb(p_scb->p_disc_db, BTA_AG_DISC_BUF_SIZE, num_uuid,
484                           uuid_list, num_attr, attr_list)) {
485     if (SDP_ServiceSearchAttributeRequest(
486             p_scb->peer_addr, p_scb->p_disc_db,
487             bta_ag_sdp_cback_tbl[bta_ag_scb_to_idx(p_scb) - 1])) {
488       return;
489     } else {
490       LOG(ERROR) << __func__ << ": failed to start SDP discovery for "
491                  << p_scb->peer_addr;
492     }
493   } else {
494     LOG(ERROR) << __func__ << ": failed to init SDP discovery database for "
495                << p_scb->peer_addr;
496   }
497   // Failure actions
498   bta_ag_free_db(p_scb, tBTA_AG_DATA::kEmpty);
499   bta_ag_sm_execute(p_scb, BTA_AG_DISC_FAIL_EVT, tBTA_AG_DATA::kEmpty);
500 }
501 
502 /*******************************************************************************
503  *
504  * Function         bta_ag_free_db
505  *
506  * Description      Free discovery database.
507  *
508  *
509  * Returns          void
510  *
511  ******************************************************************************/
bta_ag_free_db(tBTA_AG_SCB * p_scb,const tBTA_AG_DATA & data)512 void bta_ag_free_db(tBTA_AG_SCB* p_scb, const tBTA_AG_DATA& data) {
513   osi_free_and_reset((void**)&p_scb->p_disc_db);
514 }
515