1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include "bt_target.h"
29
30 #include <base/logging.h>
31 #include <string.h>
32
33 #include "avdt_api.h"
34 #include "avrcp_service.h"
35 #include "bta_av_api.h"
36 #include "bta_av_int.h"
37 #include "l2c_api.h"
38 #include "log/log.h"
39 #include "osi/include/list.h"
40 #include "osi/include/log.h"
41 #include "osi/include/osi.h"
42 #include "osi/include/properties.h"
43 #include "utl.h"
44
45 #if (BTA_AR_INCLUDED == TRUE)
46 #include "bta_ar_api.h"
47 #endif
48
49 /*****************************************************************************
50 * Constants
51 ****************************************************************************/
52 /* the timeout to wait for open req after setconfig for incoming connections */
53 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
54 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
55 #endif
56
57 /* Time to wait for signalling from SNK when it is initiated from SNK. */
58 /* If not, we will start signalling from SRC. */
59 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
60 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
61 #endif
62
63 static void bta_av_accept_signalling_timer_cback(void* data);
64
65 #ifndef AVRC_MIN_META_CMD_LEN
66 #define AVRC_MIN_META_CMD_LEN 20
67 #endif
68
69 /*******************************************************************************
70 *
71 * Function bta_av_get_rcb_by_shdl
72 *
73 * Description find the RCB associated with the given SCB handle.
74 *
75 * Returns tBTA_AV_RCB
76 *
77 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)78 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
79 tBTA_AV_RCB* p_rcb = NULL;
80 int i;
81
82 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
83 if (bta_av_cb.rcb[i].shdl == shdl &&
84 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
85 p_rcb = &bta_av_cb.rcb[i];
86 break;
87 }
88 }
89 return p_rcb;
90 }
91 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
92
93 /*******************************************************************************
94 *
95 * Function bta_av_del_rc
96 *
97 * Description delete the given AVRC handle.
98 *
99 * Returns void
100 *
101 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)102 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
103 tBTA_AV_SCB* p_scb;
104 uint8_t rc_handle; /* connected AVRCP handle */
105
106 p_scb = NULL;
107 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
108 if (p_rcb->shdl) {
109 /* Validate array index*/
110 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
111 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
112 }
113 if (p_scb) {
114 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
115 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
116 if (p_scb->rc_handle == p_rcb->handle)
117 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
118 /* just in case the RC timer is active
119 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
120 BTA_AV_CHNL_AUDIO) */
121 alarm_cancel(p_scb->avrc_ct_timer);
122 }
123 }
124
125 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
126 __func__, p_rcb->handle, p_rcb->status,
127 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
128 rc_handle = p_rcb->handle;
129 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
130 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
131 p_rcb->status = 0;
132 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
133 p_rcb->shdl = 0;
134 p_rcb->lidx = 0;
135 }
136 /* else ACP && connected. do not clear the handle yet */
137 AVRC_Close(rc_handle);
138 if (rc_handle == bta_av_cb.rc_acp_handle)
139 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
140 APPL_TRACE_EVENT(
141 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
142 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
143 p_rcb->lidx);
144 }
145 }
146
147 /*******************************************************************************
148 *
149 * Function bta_av_close_all_rc
150 *
151 * Description close the all AVRC handle.
152 *
153 * Returns void
154 *
155 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)156 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
157 int i;
158
159 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
160 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
161 bta_av_del_rc(&bta_av_cb.rcb[i]);
162 }
163 }
164
165 /*******************************************************************************
166 *
167 * Function bta_av_del_sdp_rec
168 *
169 * Description delete the given SDP record handle.
170 *
171 * Returns void
172 *
173 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)174 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
175 if (*p_sdp_handle != 0) {
176 SDP_DeleteRecord(*p_sdp_handle);
177 *p_sdp_handle = 0;
178 }
179 }
180
181 /*******************************************************************************
182 *
183 * Function bta_av_avrc_sdp_cback
184 *
185 * Description AVRCP service discovery callback.
186 *
187 * Returns void
188 *
189 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)190 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
191 BT_HDR* p_msg = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
192
193 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
194
195 bta_sys_sendmsg(p_msg);
196 }
197
198 /*******************************************************************************
199 *
200 * Function bta_av_rc_ctrl_cback
201 *
202 * Description AVRCP control callback.
203 *
204 * Returns void
205 *
206 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,const RawAddress * peer_addr)207 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
208 UNUSED_ATTR uint16_t result,
209 const RawAddress* peer_addr) {
210 uint16_t msg_event = 0;
211
212 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
213 if (event == AVRC_OPEN_IND_EVT) {
214 /* save handle of opened connection
215 bta_av_cb.rc_handle = handle;*/
216
217 msg_event = BTA_AV_AVRC_OPEN_EVT;
218 } else if (event == AVRC_CLOSE_IND_EVT) {
219 msg_event = BTA_AV_AVRC_CLOSE_EVT;
220 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
221 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
222 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
223 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
224 }
225
226 if (msg_event) {
227 tBTA_AV_RC_CONN_CHG* p_msg =
228 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
229 p_msg->hdr.event = msg_event;
230 p_msg->handle = handle;
231 if (peer_addr) p_msg->peer_addr = *peer_addr;
232 bta_sys_sendmsg(p_msg);
233 }
234 }
235
236 /*******************************************************************************
237 *
238 * Function bta_av_rc_msg_cback
239 *
240 * Description AVRCP message callback.
241 *
242 * Returns void
243 *
244 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)245 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
246 tAVRC_MSG* p_msg) {
247 uint8_t* p_data_src = NULL;
248 uint16_t data_len = 0;
249
250 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
251
252 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
253 */
254
255 /* Get size of payload data (for vendor and passthrough messages only; for
256 * browsing
257 * messages, use zero-copy) */
258 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
259 p_data_src = p_msg->vendor.p_vendor_data;
260 data_len = (uint16_t)p_msg->vendor.vendor_len;
261 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
262 p_data_src = p_msg->pass.p_pass_data;
263 data_len = (uint16_t)p_msg->pass.pass_len;
264 }
265
266 /* Create a copy of the message */
267 tBTA_AV_RC_MSG* p_buf =
268 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
269
270 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
271 p_buf->handle = handle;
272 p_buf->label = label;
273 p_buf->opcode = opcode;
274 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
275 /* Copy the data payload, and set the pointer to it */
276 if (p_data_src != NULL) {
277 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
278 memcpy(p_data_dst, p_data_src, data_len);
279
280 /* Update bta message buffer to point to payload data */
281 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
282 * already points to original avrc buffer) */
283 if (opcode == AVRC_OP_VENDOR)
284 p_buf->msg.vendor.p_vendor_data = p_data_dst;
285 else if (opcode == AVRC_OP_PASS_THRU)
286 p_buf->msg.pass.p_pass_data = p_data_dst;
287 }
288
289 if (opcode == AVRC_OP_BROWSE) {
290 /* set p_pkt to NULL, so avrc would not free the buffer */
291 p_msg->browse.p_browse_pkt = NULL;
292 }
293
294 bta_sys_sendmsg(p_buf);
295 }
296
297 /*******************************************************************************
298 *
299 * Function bta_av_rc_create
300 *
301 * Description alloc RCB and call AVRC_Open
302 *
303 * Returns the created rc handle
304 *
305 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)306 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
307 uint8_t lidx) {
308 if (is_new_avrcp_enabled()) {
309 APPL_TRACE_WARNING("%s: Skipping RC creation for the old AVRCP profile",
310 __func__);
311 return BTA_AV_RC_HANDLE_NONE;
312 }
313
314 tAVRC_CONN_CB ccb;
315 RawAddress bda = RawAddress::kAny;
316 uint8_t status = BTA_AV_RC_ROLE_ACP;
317 int i;
318 uint8_t rc_handle;
319 tBTA_AV_RCB* p_rcb;
320
321 if (role == AVCT_INT) {
322 // Can't grab a stream control block that doesn't have a valid handle
323 if (!shdl) {
324 APPL_TRACE_ERROR(
325 "%s: Can't grab stream control block for shdl = %d -> index = %d",
326 __func__, shdl, shdl - 1);
327 return BTA_AV_RC_HANDLE_NONE;
328 }
329 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
330 bda = p_scb->PeerAddress();
331 status = BTA_AV_RC_ROLE_INT;
332 } else {
333 p_rcb = bta_av_get_rcb_by_shdl(shdl);
334 if (p_rcb != NULL) {
335 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
336 p_rcb->lidx = lidx;
337 return p_rcb->handle;
338 }
339 }
340
341 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
342 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
343 ccb.company_id = p_bta_av_cfg->company_id;
344 ccb.conn = role;
345 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
346 */
347 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
348 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
349
350 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
351 return BTA_AV_RC_HANDLE_NONE;
352
353 i = rc_handle;
354 p_rcb = &p_cb->rcb[i];
355
356 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
357 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
358 }
359
360 p_rcb->handle = rc_handle;
361 p_rcb->status = status;
362 p_rcb->shdl = shdl;
363 p_rcb->lidx = lidx;
364 p_rcb->peer_features = 0;
365 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
366 /* this LIDX is reserved for the AVRCP ACP connection */
367 p_cb->rc_acp_handle = p_rcb->handle;
368 p_cb->rc_acp_idx = (i + 1);
369 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
370 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
371 }
372 APPL_TRACE_DEBUG(
373 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
374 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
375
376 return rc_handle;
377 }
378
379 /*******************************************************************************
380 *
381 * Function bta_av_valid_group_navi_msg
382 *
383 * Description Check if it is Group Navigation Msg for Metadata
384 *
385 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
386 *
387 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)388 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
389 bool is_inquiry) {
390 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
391 uint8_t* p_ptr = p_data;
392 uint16_t u16;
393 uint32_t u32;
394
395 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
396 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
397 BE_STREAM_TO_UINT16(u16, p_ptr);
398
399 if (u32 == AVRC_CO_METADATA) {
400 if (is_inquiry) {
401 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
402 } else {
403 if (u16 <= AVRC_PDU_PREV_GROUP)
404 ret = AVRC_RSP_ACCEPT;
405 else
406 ret = AVRC_RSP_REJ;
407 }
408 }
409 }
410
411 return ret;
412 }
413
414 /*******************************************************************************
415 *
416 * Function bta_av_op_supported
417 *
418 * Description Check if remote control operation is supported.
419 *
420 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
421 *
422 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)423 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
424 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
425
426 if (p_bta_av_rc_id) {
427 if (is_inquiry) {
428 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
429 ret_code = AVRC_RSP_IMPL_STBL;
430 }
431 } else {
432 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
433 ret_code = AVRC_RSP_ACCEPT;
434 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
435 p_bta_av_rc_id_ac) {
436 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
437 ret_code = AVRC_RSP_INTERIM;
438 }
439 }
440 }
441 }
442 return ret_code;
443 }
444
445 /*******************************************************************************
446 *
447 * Function bta_av_find_lcb
448 *
449 * Description Given BD_addr, find the associated LCB.
450 *
451 * Returns NULL, if not found.
452 *
453 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)454 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
455 tBTA_AV_CB* p_cb = &bta_av_cb;
456 int xx;
457 uint8_t mask;
458 tBTA_AV_LCB* p_lcb = NULL;
459
460 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__, addr.ToString().c_str(),
461 op);
462 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
463 mask = 1 << xx; /* the used mask for this lcb */
464 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
465 p_lcb = &p_cb->lcb[xx];
466 if (op == BTA_AV_LCB_FREE) {
467 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
468 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
469 }
470 break;
471 }
472 }
473 return p_lcb;
474 }
475
476 /*******************************************************************************
477 *
478 * Function bta_av_rc_opened
479 *
480 * Description Set AVRCP state to opened.
481 *
482 * Returns void
483 *
484 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)485 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
486 tBTA_AV_RC_OPEN rc_open;
487 tBTA_AV_SCB* p_scb;
488 int i;
489 uint8_t shdl = 0;
490 tBTA_AV_LCB* p_lcb;
491 tBTA_AV_RCB* p_rcb;
492 uint8_t tmp;
493 uint8_t disc = 0;
494
495 /* find the SCB & stop the timer */
496 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
497 p_scb = p_cb->p_scb[i];
498 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
499 p_scb->rc_handle = p_data->rc_conn_chg.handle;
500 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
501 p_scb->rc_handle);
502 shdl = i + 1;
503 LOG_INFO(LOG_TAG, "%s: allow incoming AVRCP connections:%d", __func__,
504 p_scb->use_rc);
505 alarm_cancel(p_scb->avrc_ct_timer);
506 disc = p_scb->hndl;
507 break;
508 }
509 }
510
511 i = p_data->rc_conn_chg.handle;
512 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
513 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
514 return;
515 }
516
517 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
518 p_cb->features, p_cb->rcb[i].peer_features);
519
520 /* listen to browsing channel when the connection is open,
521 * if peer initiated AVRCP connection and local device supports browsing
522 * channel */
523 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
524
525 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
526 /* rc is opened on the RC only ACP channel, but is for a specific
527 * SCB -> need to switch RCBs */
528 p_rcb = bta_av_get_rcb_by_shdl(shdl);
529 if (p_rcb) {
530 p_rcb->shdl = p_cb->rcb[i].shdl;
531 tmp = p_rcb->lidx;
532 p_rcb->lidx = p_cb->rcb[i].lidx;
533 p_cb->rcb[i].lidx = tmp;
534 p_cb->rc_acp_handle = p_rcb->handle;
535 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
536 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
537 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
538 }
539 }
540
541 p_cb->rcb[i].shdl = shdl;
542 rc_open.rc_handle = i;
543 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
544 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
545 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
546
547 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
548 /* no associated SCB -> connected to an RC only device
549 * update the index to the extra LCB */
550 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
551 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
552 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
553 p_cb->rcb[i].lidx = p_lcb->lidx;
554 p_lcb->conn_msk = 1;
555 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
556 __func__, p_lcb->addr.ToString().c_str(), i,
557 p_cb->rcb[i].lidx, p_lcb->conn_msk);
558 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
559 }
560
561 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
562 rc_open.peer_features = p_cb->rcb[i].peer_features;
563 rc_open.status = BTA_AV_SUCCESS;
564 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
565 p_cb->features, rc_open.peer_features);
566 if (rc_open.peer_features == 0) {
567 /* we have not done SDP on peer RC capabilities.
568 * peer must have initiated the RC connection */
569 if (p_cb->features & BTA_AV_FEAT_RCCT)
570 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
571 if (p_cb->features & BTA_AV_FEAT_RCTG)
572 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
573
574 bta_av_rc_disc(disc);
575 }
576 tBTA_AV bta_av_data;
577 bta_av_data.rc_open = rc_open;
578 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
579
580 /* if local initiated AVRCP connection and both peer and locals device support
581 * browsing channel, open the browsing channel now
582 * TODO (sanketa): Some TG would not broadcast browse feature hence check
583 * inter-op. */
584 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
585 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
586 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
587 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
588 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
589 }
590 }
591
592 /*******************************************************************************
593 *
594 * Function bta_av_rc_remote_cmd
595 *
596 * Description Send an AVRCP remote control command.
597 *
598 * Returns void
599 *
600 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)601 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
602 tBTA_AV_RCB* p_rcb;
603 if (p_cb->features & BTA_AV_FEAT_RCCT) {
604 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
605 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
606 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
607 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
608 &p_data->api_remote_cmd.msg);
609 }
610 }
611 }
612 }
613
614 /*******************************************************************************
615 *
616 * Function bta_av_rc_vendor_cmd
617 *
618 * Description Send an AVRCP vendor specific command.
619 *
620 * Returns void
621 *
622 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)623 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
624 tBTA_AV_RCB* p_rcb;
625 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
626 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
627 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
628 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
629 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
630 &p_data->api_vendor.msg);
631 }
632 }
633 }
634
635 /*******************************************************************************
636 *
637 * Function bta_av_rc_vendor_rsp
638 *
639 * Description Send an AVRCP vendor specific response.
640 *
641 * Returns void
642 *
643 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)644 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
645 tBTA_AV_RCB* p_rcb;
646 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
647 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
648 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
649 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
650 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
651 &p_data->api_vendor.msg);
652 }
653 }
654 }
655
656 /*******************************************************************************
657 *
658 * Function bta_av_rc_meta_rsp
659 *
660 * Description Send an AVRCP metadata/advanced control command/response.
661 *
662 * Returns void
663 *
664 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)665 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
666 tBTA_AV_RCB* p_rcb;
667 bool do_free = true;
668
669 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
670 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
671 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
672 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
673 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
674 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
675 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
676 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
677 do_free = false;
678 }
679 }
680 }
681
682 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
683 }
684
685 /*******************************************************************************
686 *
687 * Function bta_av_rc_free_rsp
688 *
689 * Description free an AVRCP metadata command buffer.
690 *
691 * Returns void
692 *
693 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)694 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
695 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
696 }
697
698 /*******************************************************************************
699 *
700 * Function bta_av_rc_free_browse_msg
701 *
702 * Description free an AVRCP browse message buffer.
703 *
704 * Returns void
705 *
706 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)707 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
708 tBTA_AV_DATA* p_data) {
709 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
710 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
711 }
712 }
713
714 /*******************************************************************************
715 *
716 * Function bta_av_chk_notif_evt_id
717 *
718 * Description make sure the requested player id is valid.
719 *
720 * Returns BTA_AV_STS_NO_RSP, if no error
721 *
722 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)723 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
724 tAVRC_STS status = BTA_AV_STS_NO_RSP;
725 uint8_t xx;
726 uint16_t u16;
727 uint8_t* p = p_vendor->p_vendor_data + 2;
728
729 BE_STREAM_TO_UINT16(u16, p);
730 /* double check the fixed length */
731 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
732 status = AVRC_STS_INTERNAL_ERR;
733 } else {
734 /* make sure the player_id is valid */
735 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
736 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
737 break;
738 }
739 }
740 if (xx == p_bta_av_cfg->num_evt_ids) {
741 status = AVRC_STS_BAD_PARAM;
742 }
743 }
744
745 return status;
746 }
747
748 /*******************************************************************************
749 *
750 * Function bta_av_proc_meta_cmd
751 *
752 * Description Process an AVRCP metadata command from the peer.
753 *
754 * Returns true to respond immediately
755 *
756 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)757 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
758 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
759 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
760 uint8_t u8, pdu, *p;
761 uint16_t u16;
762 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
763
764 pdu = *(p_vendor->p_vendor_data);
765 p_rc_rsp->pdu = pdu;
766 *p_ctype = AVRC_RSP_REJ;
767
768 /* Check to ansure a valid minimum meta data length */
769 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
770 /* reject it */
771 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
772 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
773 p_vendor->vendor_len);
774 return 0;
775 }
776
777 /* Metadata messages only use PANEL sub-unit type */
778 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
779 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
780 /* reject it */
781 evt = 0;
782 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
783 p_vendor->vendor_len = 0;
784 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
785 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
786 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
787 p_vendor->hdr.ctype);
788 /* reject invalid message without reporting to app */
789 evt = 0;
790 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
791 } else {
792 switch (pdu) {
793 case AVRC_PDU_GET_CAPABILITIES:
794 /* process GetCapabilities command without reporting the event to app */
795 evt = 0;
796 if (p_vendor->vendor_len != 5) {
797 android_errorWriteLog(0x534e4554, "111893951");
798 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
799 break;
800 }
801 u8 = *(p_vendor->p_vendor_data + 4);
802 p = p_vendor->p_vendor_data + 2;
803 p_rc_rsp->get_caps.capability_id = u8;
804 BE_STREAM_TO_UINT16(u16, p);
805 if (u16 != 1) {
806 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
807 } else {
808 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
809 if (u8 == AVRC_CAP_COMPANY_ID) {
810 *p_ctype = AVRC_RSP_IMPL_STBL;
811 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
812 memcpy(p_rc_rsp->get_caps.param.company_id,
813 p_bta_av_cfg->p_meta_co_ids,
814 (p_bta_av_cfg->num_co_ids << 2));
815 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
816 *p_ctype = AVRC_RSP_IMPL_STBL;
817 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
818 memcpy(p_rc_rsp->get_caps.param.event_id,
819 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
820 } else {
821 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
822 /* reject - unknown capability ID */
823 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
824 }
825 }
826 break;
827
828 case AVRC_PDU_REGISTER_NOTIFICATION:
829 /* make sure the event_id is implemented */
830 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
831 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
832 break;
833 }
834 }
835
836 return evt;
837 }
838
839 /*******************************************************************************
840 *
841 * Function bta_av_rc_msg
842 *
843 * Description Process an AVRCP message from the peer.
844 *
845 * Returns void
846 *
847 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)848 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
849 tBTA_AV_EVT evt = 0;
850 tBTA_AV av;
851 BT_HDR* p_pkt = NULL;
852 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
853 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
854 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
855 uint8_t ctype = 0;
856 tAVRC_RESPONSE rc_rsp;
857
858 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
859
860 if (NULL == p_data) {
861 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
862 return;
863 }
864
865 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
866 p_data->rc_msg.msg.hdr.ctype);
867
868 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
869 /* if this is a pass thru command */
870 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
871 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
872 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
873 /* check if operation is supported */
874 char avrcp_ct_support[PROPERTY_VALUE_MAX];
875 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
876 "false");
877 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
878 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
879 if (p_cb->features & BTA_AV_FEAT_METADATA)
880 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
881 p_data->rc_msg.msg.pass.pass_len,
882 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
883 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
884 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
885 !strcmp(avrcp_ct_support, "true")) {
886 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
887 } else {
888 p_data->rc_msg.msg.hdr.ctype =
889 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
890 }
891
892 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
893
894 /* send response */
895 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
896 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
897 &p_data->rc_msg.msg.pass);
898
899 /* set up for callback if supported */
900 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
901 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
902 evt = BTA_AV_REMOTE_CMD_EVT;
903 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
904 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
905 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
906 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
907 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
908 av.remote_cmd.label = p_data->rc_msg.label;
909 }
910 }
911 /* else if this is a pass thru response */
912 /* id response type is not impl, we have to release label */
913 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
914 /* set up for callback */
915 evt = BTA_AV_REMOTE_RSP_EVT;
916 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
917 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
918 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
919 av.remote_rsp.label = p_data->rc_msg.label;
920
921 /* If this response is for vendor unique command */
922 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
923 (p_data->rc_msg.msg.pass.pass_len > 0)) {
924 av.remote_rsp.p_data =
925 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
926 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
927 p_data->rc_msg.msg.pass.pass_len);
928 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
929 p_data->rc_msg.msg.pass.pass_len);
930 }
931 }
932 /* must be a bad ctype -> reject*/
933 else {
934 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
935 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
936 &p_data->rc_msg.msg.pass);
937 }
938 }
939 /* else if this is a vendor specific command or response */
940 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
941 /* set up for callback */
942 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
943 av.vendor_cmd.company_id = p_vendor->company_id;
944 av.vendor_cmd.label = p_data->rc_msg.label;
945 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
946 av.vendor_cmd.len = p_vendor->vendor_len;
947
948 /* if configured to support vendor specific and it's a command */
949 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
950 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
951 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
952 (p_vendor->company_id == AVRC_CO_METADATA)) {
953 av.meta_msg.p_msg = &p_data->rc_msg.msg;
954 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
955 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
956 } else {
957 evt = BTA_AV_VENDOR_CMD_EVT;
958 }
959 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
960 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
961 /* else if configured to support vendor specific and it's a response */
962 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
963 (p_vendor->company_id == AVRC_CO_METADATA)) {
964 av.meta_msg.p_msg = &p_data->rc_msg.msg;
965 evt = BTA_AV_META_MSG_EVT;
966 } else {
967 evt = BTA_AV_VENDOR_RSP_EVT;
968 }
969 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
970 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
971 /* else if not configured to support vendor specific and it's a command */
972 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
973 /* reject it */
974 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
975 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
976 } else {
977 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
978 }
979 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
980 &p_data->rc_msg.msg.vendor);
981 }
982 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
983 /* set up for callback */
984 av.meta_msg.rc_handle = p_data->rc_msg.handle;
985 av.meta_msg.company_id = p_vendor->company_id;
986 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
987 av.meta_msg.label = p_data->rc_msg.label;
988 av.meta_msg.p_msg = &p_data->rc_msg.msg;
989 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
990 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
991 evt = BTA_AV_META_MSG_EVT;
992 }
993
994 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
995 if (!p_pkt) {
996 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
997 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
998 }
999 if (p_pkt)
1000 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
1001 }
1002
1003 /* call callback */
1004 if (evt != 0) {
1005 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1006 (*p_cb->p_cback)(evt, &av);
1007 /* If browsing message, then free the browse message buffer */
1008 bta_av_rc_free_browse_msg(p_cb, p_data);
1009 }
1010 }
1011
1012 /*******************************************************************************
1013 *
1014 * Function bta_av_rc_close
1015 *
1016 * Description close the specified AVRC handle.
1017 *
1018 * Returns void
1019 *
1020 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1021 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1022 uint16_t handle = p_data->hdr.layer_specific;
1023 tBTA_AV_SCB* p_scb;
1024 tBTA_AV_RCB* p_rcb;
1025
1026 if (handle < BTA_AV_NUM_RCB) {
1027 p_rcb = &p_cb->rcb[handle];
1028
1029 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1030 p_rcb->status);
1031 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1032 if (p_rcb->shdl) {
1033 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1034 if (p_scb) {
1035 /* just in case the RC timer is active
1036 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1037 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1038 alarm_cancel(p_scb->avrc_ct_timer);
1039 }
1040 }
1041
1042 AVRC_Close(p_rcb->handle);
1043 }
1044 }
1045 }
1046
1047 /*******************************************************************************
1048 *
1049 * Function bta_av_rc_browse_close
1050 *
1051 * Description Empty placeholder.
1052 *
1053 * Returns void
1054 *
1055 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1056 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1057 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1058 }
1059
1060 /*******************************************************************************
1061 *
1062 * Function bta_av_get_shdl
1063 *
1064 * Returns The index to p_scb[]
1065 *
1066 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1067 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1068 int i;
1069 uint8_t shdl = 0;
1070 /* find the SCB & stop the timer */
1071 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1072 if (p_scb == bta_av_cb.p_scb[i]) {
1073 shdl = i + 1;
1074 break;
1075 }
1076 }
1077 return shdl;
1078 }
1079
1080 /*******************************************************************************
1081 *
1082 * Function bta_av_stream_chg
1083 *
1084 * Description audio streaming status changed.
1085 *
1086 * Returns void
1087 *
1088 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1089 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1090 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1091
1092 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1093 p_scb->PeerAddress().ToString().c_str(),
1094 logbool(started).c_str(), started_msk);
1095
1096 if (started) {
1097 bta_av_cb.audio_streams |= started_msk;
1098 /* Let L2CAP know this channel is processed with high priority */
1099 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1100 } else {
1101 bta_av_cb.audio_streams &= ~started_msk;
1102 /* Let L2CAP know this channel is processed with low priority */
1103 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1104 }
1105 }
1106
1107 /*******************************************************************************
1108 *
1109 * Function bta_av_conn_chg
1110 *
1111 * Description connetion status changed.
1112 * Open an AVRCP acceptor channel, if new conn.
1113 *
1114 * Returns void
1115 *
1116 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1117 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1118 tBTA_AV_CB* p_cb = &bta_av_cb;
1119 tBTA_AV_SCB* p_scb = NULL;
1120 tBTA_AV_SCB* p_scbi;
1121 uint8_t mask;
1122 uint8_t conn_msk;
1123 uint8_t old_msk;
1124 int i;
1125 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1126 tBTA_AV_LCB* p_lcb;
1127 tBTA_AV_LCB* p_lcb_rc;
1128 tBTA_AV_RCB *p_rcb, *p_rcb2;
1129 bool chk_restore = false;
1130
1131 /* Validate array index*/
1132 if (index < BTA_AV_NUM_STRS) {
1133 p_scb = p_cb->p_scb[index];
1134 }
1135 mask = BTA_AV_HNDL_TO_MSK(index);
1136 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1137 conn_msk = 1 << (index + 1);
1138 if (p_data->conn_chg.is_up) {
1139 /* set the conned mask for this channel */
1140 if (p_scb) {
1141 if (p_lcb) {
1142 p_lcb->conn_msk |= conn_msk;
1143 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1144 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1145 bta_av_cb.rcb[i].shdl = index + 1;
1146 APPL_TRACE_DEBUG(
1147 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1148 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1149 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1150 break;
1151 }
1152 }
1153 }
1154 old_msk = p_cb->conn_audio;
1155 p_cb->conn_audio |= mask;
1156
1157 if ((old_msk & mask) == 0) {
1158 /* increase the audio open count, if not set yet */
1159 bta_av_cb.audio_open_cnt++;
1160 }
1161
1162 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1163 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1164 /* check if the AVRCP ACP channel is already connected */
1165 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1166 p_cb->rc_acp_idx) {
1167 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1168 APPL_TRACE_DEBUG(
1169 "%s: rc_acp is connected && conn_chg on same addr "
1170 "p_lcb_rc->conn_msk:x%x",
1171 __func__, p_lcb_rc->conn_msk);
1172 /* check if the RC is connected to the scb addr */
1173 LOG_INFO(LOG_TAG, "%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s",
1174 __func__, p_lcb_rc->addr.ToString().c_str(),
1175 p_data->conn_chg.peer_addr.ToString().c_str());
1176
1177 if (p_lcb_rc->conn_msk &&
1178 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1179 /* AVRCP is already connected.
1180 * need to update the association betwen SCB and RCB */
1181 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1182 p_lcb_rc->lidx = 0;
1183 p_scb->rc_handle = p_cb->rc_acp_handle;
1184 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1185 p_rcb->shdl = bta_av_get_shdl(p_scb);
1186 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1187 index + 1, p_rcb->shdl, p_scb->rc_handle);
1188
1189 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1190 if (p_rcb2) {
1191 /* found the RCB that was created to associated with this SCB */
1192 p_cb->rc_acp_handle = p_rcb2->handle;
1193 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1194 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1195 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1196 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1197 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1198 p_rcb2->handle, p_rcb2->lidx,
1199 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1200 }
1201 p_rcb->lidx = p_lcb->lidx;
1202 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1203 p_rcb->handle, p_rcb->lidx,
1204 p_cb->lcb[p_rcb->lidx - 1].lidx);
1205 }
1206 }
1207 }
1208 } else {
1209 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1210 /* this channel is still marked as open. decrease the count */
1211 bta_av_cb.audio_open_cnt--;
1212 }
1213
1214 /* clear the conned mask for this channel */
1215 p_cb->conn_audio &= ~mask;
1216 if (p_scb) {
1217 // The stream is closed. Clear the state.
1218 p_scb->OnDisconnected();
1219 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1220 if (p_lcb) {
1221 p_lcb->conn_msk &= ~conn_msk;
1222 }
1223 /* audio channel is down. make sure the INT channel is down */
1224 /* just in case the RC timer is active
1225 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1226 { alarm_cancel(p_scb->avrc_ct_timer); }
1227 /* one audio channel goes down. check if we need to restore high
1228 * priority */
1229 chk_restore = true;
1230 }
1231 }
1232
1233 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1234 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1235 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1236 __func__, i, bta_av_cb.rcb[i].handle,
1237 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1238 bta_av_cb.rcb[i].lidx);
1239 if (bta_av_cb.rcb[i].shdl == index + 1) {
1240 bta_av_del_rc(&bta_av_cb.rcb[i]);
1241 /* since the connection is already down and info was removed, clean
1242 * reference */
1243 bta_av_cb.rcb[i].shdl = 0;
1244 break;
1245 }
1246 }
1247
1248 if (p_cb->conn_audio == 0) {
1249 /* if both channels are not connected,
1250 * close all RC channels */
1251 bta_av_close_all_rc(p_cb);
1252 }
1253
1254 /* if the AVRCP is no longer listening, create the listening channel */
1255 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1256 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1257 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1258 }
1259
1260 APPL_TRACE_DEBUG(
1261 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1262 "audio_open_cnt:%d",
1263 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1264 p_cb->audio_open_cnt);
1265
1266 if (chk_restore) {
1267 if (p_cb->audio_open_cnt == 1) {
1268 /* one audio channel goes down and there's one audio channel remains open.
1269 * restore the switch role in default link policy */
1270 bta_sys_set_default_policy(BTA_ID_AV, HCI_ENABLE_MASTER_SLAVE_SWITCH);
1271 /* allow role switch, if this is the last connection */
1272 bta_av_restore_switch();
1273 }
1274 if (p_cb->audio_open_cnt) {
1275 /* adjust flush timeout settings to longer period */
1276 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1277 p_scbi = bta_av_cb.p_scb[i];
1278 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1279 /* may need to update the flush timeout of this already started stream
1280 */
1281 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1282 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1283 L2CA_SetFlushTimeout(
1284 p_scbi->PeerAddress(),
1285 p_bta_av_cfg->p_audio_flush_to[p_scbi->co_started - 1]);
1286 }
1287 }
1288 }
1289 }
1290 }
1291 }
1292
1293 /*******************************************************************************
1294 *
1295 * Function bta_av_disable
1296 *
1297 * Description disable AV.
1298 *
1299 * Returns void
1300 *
1301 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1302 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1303 BT_HDR hdr;
1304 uint16_t xx;
1305
1306 p_cb->disabling = true;
1307
1308 bta_av_close_all_rc(p_cb);
1309
1310 osi_free_and_reset((void**)&p_cb->p_disc_db);
1311
1312 /* disable audio/video - de-register all channels,
1313 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1314 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1315 if (p_cb->p_scb[xx] != NULL) {
1316 hdr.layer_specific = xx + 1;
1317 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1318 }
1319 }
1320
1321 alarm_free(p_cb->link_signalling_timer);
1322 p_cb->link_signalling_timer = NULL;
1323 alarm_free(p_cb->accept_signalling_timer);
1324 p_cb->accept_signalling_timer = NULL;
1325 }
1326
1327 /*******************************************************************************
1328 *
1329 * Function bta_av_api_disconnect
1330 *
1331 * Description .
1332 *
1333 * Returns void
1334 *
1335 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1336 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1337 AVDT_DisconnectReq(p_data->api_discnt.bd_addr, bta_av_conn_cback);
1338 alarm_cancel(bta_av_cb.link_signalling_timer);
1339 }
1340
1341 /**
1342 * Find the index for the free LCB entry to use.
1343 *
1344 * The selection order is:
1345 * (1) Find the index if there is already SCB entry for the peer address
1346 * (2) If there is no SCB entry for the peer address, find the first
1347 * SCB entry that is not assigned.
1348 *
1349 * @param peer_address the peer address to use
1350 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1351 * if no entry is found
1352 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1353 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1354 const RawAddress& peer_address) {
1355 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1356 peer_address.ToString().c_str(), bta_av_cb.conn_lcb);
1357
1358 // Find the index if there is already SCB entry for the peer address
1359 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1360 uint8_t mask = 1 << index;
1361 if (mask & bta_av_cb.conn_lcb) {
1362 continue;
1363 }
1364 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1365 if (p_scb == nullptr) {
1366 continue;
1367 }
1368 if (p_scb->PeerAddress() == peer_address) {
1369 return index;
1370 }
1371 }
1372
1373 // Find the first SCB entry that is not assigned.
1374 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1375 uint8_t mask = 1 << index;
1376 if (mask & bta_av_cb.conn_lcb) {
1377 continue;
1378 }
1379 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1380 if (p_scb == nullptr) {
1381 continue;
1382 }
1383 if (!p_scb->IsAssigned()) {
1384 return index;
1385 }
1386 }
1387
1388 return BTA_AV_NUM_LINKS;
1389 }
1390
1391 /*******************************************************************************
1392 *
1393 * Function bta_av_sig_chg
1394 *
1395 * Description process AVDT signal channel up/down.
1396 *
1397 * Returns void
1398 *
1399 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1400 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1401 uint16_t event = p_data->str_msg.hdr.layer_specific;
1402 tBTA_AV_CB* p_cb = &bta_av_cb;
1403 uint32_t xx;
1404 uint8_t mask;
1405 tBTA_AV_LCB* p_lcb = NULL;
1406
1407 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1408 if (event == AVDT_CONNECT_IND_EVT) {
1409 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1410 p_data->str_msg.bd_addr.ToString().c_str());
1411
1412 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1413 if (!p_lcb) {
1414 /* if the address does not have an LCB yet, alloc one */
1415 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1416
1417 /* check if we found something */
1418 if (xx >= BTA_AV_NUM_LINKS) {
1419 /* We do not have scb for this avdt connection. */
1420 /* Silently close the connection. */
1421 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1422 __func__, p_data->str_msg.bd_addr.ToString().c_str());
1423 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1424 return;
1425 }
1426 LOG_INFO(LOG_TAG,
1427 "%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1428 __func__, p_data->str_msg.bd_addr.ToString().c_str(), xx);
1429
1430 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1431 mask = 1 << xx;
1432 p_lcb = &p_cb->lcb[xx];
1433 p_lcb->lidx = xx + 1;
1434 p_lcb->addr = p_data->str_msg.bd_addr;
1435 p_lcb->conn_msk = 0; /* clear the connect mask */
1436 /* start listening when the signal channel is open */
1437 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1438 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1439 }
1440 /* this entry is not used yet. */
1441 p_cb->conn_lcb |= mask; /* mark it as used */
1442 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1443 if (p_data->hdr.offset == AVDT_ACP) {
1444 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1445 __func__);
1446 p_scb->OnConnected(p_data->str_msg.bd_addr);
1447 p_scb->use_rc = true; /* allowing RC for incoming connection */
1448 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1449
1450 /* The Pending Event should be sent as soon as the L2CAP signalling
1451 * channel
1452 * is set up, which is NOW. Earlier this was done only after
1453 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1454 * The following function shall send the event and start the
1455 * recurring timer
1456 */
1457 bta_av_signalling_timer(NULL);
1458
1459 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1460 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1461 /* Possible collision : need to avoid outgoing processing while the
1462 * timer is running */
1463 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1464 alarm_set_on_mloop(
1465 p_cb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1466 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1467 }
1468 }
1469 }
1470 #if (BTA_AR_INCLUDED == TRUE)
1471 else if (event == BTA_AR_AVDT_CONN_EVT) {
1472 alarm_cancel(bta_av_cb.link_signalling_timer);
1473 }
1474 #endif
1475 else {
1476 /* disconnected. */
1477 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb is %d", __func__,
1478 bta_av_cb.conn_lcb);
1479
1480 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1481 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1482 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1483 /* clean up ssm */
1484 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1485 if (p_cb->p_scb[xx] &&
1486 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1487 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1488 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1489 p_cb->p_scb[xx]->PeerAddress());
1490 }
1491 mask = 1 << (xx + 1);
1492 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1493 p_cb->p_scb[xx] &&
1494 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1495 APPL_TRACE_WARNING("%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s",
1496 __func__,
1497 p_cb->p_scb[xx]->PeerAddress().ToString().c_str());
1498 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1499 }
1500 }
1501 }
1502 }
1503 APPL_TRACE_DEBUG("%s: sig_chg conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
1504 }
1505
1506 /*******************************************************************************
1507 *
1508 * Function bta_av_signalling_timer
1509 *
1510 * Description process the signal channel timer. This timer is started
1511 * when the AVDTP signal channel is connected. If no profile
1512 * is connected, the timer goes off every
1513 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1514 *
1515 * Returns void
1516 *
1517 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1518 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1519 tBTA_AV_CB* p_cb = &bta_av_cb;
1520 int xx;
1521 uint8_t mask;
1522 tBTA_AV_LCB* p_lcb = NULL;
1523
1524 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1525 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1526 p_lcb = &p_cb->lcb[xx];
1527 mask = 1 << xx;
1528 APPL_TRACE_DEBUG(
1529 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1530 xx, p_cb->conn_lcb, p_lcb->addr.ToString().c_str(), p_lcb->conn_msk,
1531 p_lcb->lidx);
1532 if (mask & p_cb->conn_lcb) {
1533 /* this entry is used. check if it is connected */
1534 if (!p_lcb->conn_msk) {
1535 bta_sys_start_timer(p_cb->link_signalling_timer,
1536 BTA_AV_SIGNALLING_TIMEOUT_MS,
1537 BTA_AV_SIGNALLING_TIMER_EVT, 0);
1538 tBTA_AV_PEND pend;
1539 pend.bd_addr = p_lcb->addr;
1540 tBTA_AV bta_av_data;
1541 bta_av_data.pend = pend;
1542 APPL_TRACE_DEBUG(
1543 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1544 __func__, pend.bd_addr.ToString().c_str(), xx, p_lcb->conn_msk,
1545 p_lcb->lidx);
1546 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1547 }
1548 }
1549 }
1550 }
1551
1552 /*******************************************************************************
1553 *
1554 * Function bta_av_accept_signalling_timer_cback
1555 *
1556 * Description Process the timeout when SRC is accepting connection
1557 * and SNK did not start signalling.
1558 *
1559 * Returns void
1560 *
1561 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1562 static void bta_av_accept_signalling_timer_cback(void* data) {
1563 uint32_t inx = PTR_TO_UINT(data);
1564 tBTA_AV_CB* p_cb = &bta_av_cb;
1565 tBTA_AV_SCB* p_scb = NULL;
1566 if (inx < BTA_AV_NUM_STRS) {
1567 p_scb = p_cb->p_scb[inx];
1568 }
1569 if (p_scb) {
1570 APPL_TRACE_DEBUG("%s: coll_mask = 0x%02X", __func__, p_scb->coll_mask);
1571
1572 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1573 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1574
1575 if (bta_av_is_scb_opening(p_scb)) {
1576 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1577 p_scb->sdp_discovery_started);
1578 if (p_scb->sdp_discovery_started) {
1579 /* We are still doing SDP. Run the timer again. */
1580 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1581
1582 alarm_set_on_mloop(p_cb->accept_signalling_timer,
1583 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1584 bta_av_accept_signalling_timer_cback,
1585 UINT_TO_PTR(inx));
1586 } else {
1587 /* SNK did not start signalling, resume signalling process. */
1588 bta_av_discover_req(p_scb, NULL);
1589 }
1590 } else if (bta_av_is_scb_incoming(p_scb)) {
1591 /* Stay in incoming state if SNK does not start signalling */
1592
1593 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1594 /* API open was called right after SNK opened L2C connection. */
1595 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1596 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1597
1598 /* BTA_AV_API_OPEN_EVT */
1599 tBTA_AV_API_OPEN* p_buf =
1600 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1601 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1602 bta_sys_sendmsg(p_buf);
1603 }
1604 }
1605 }
1606 }
1607 }
1608
1609 /*******************************************************************************
1610 *
1611 * Function bta_av_check_peer_features
1612 *
1613 * Description check supported features on the peer device from the SDP
1614 * record and return the feature mask
1615 *
1616 * Returns tBTA_AV_FEAT peer device feature mask
1617 *
1618 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1619 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1620 tBTA_AV_FEAT peer_features = 0;
1621 tBTA_AV_CB* p_cb = &bta_av_cb;
1622 tSDP_DISC_REC* p_rec = NULL;
1623 tSDP_DISC_ATTR* p_attr;
1624 uint16_t peer_rc_version = 0;
1625 uint16_t categories = 0;
1626
1627 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1628 /* loop through all records we found */
1629 while (true) {
1630 /* get next record; if none found, we're done */
1631 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1632 if (p_rec == NULL) {
1633 break;
1634 }
1635
1636 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1637 NULL) {
1638 /* find peer features */
1639 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1640 NULL)) {
1641 peer_features |= BTA_AV_FEAT_RCCT;
1642 }
1643 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1644 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1645 peer_features |= BTA_AV_FEAT_RCTG;
1646 }
1647 }
1648
1649 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1650 /* get profile version (if failure, version parameter is not updated) */
1651 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1652 &peer_rc_version);
1653 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1654
1655 if (peer_rc_version >= AVRC_REV_1_3)
1656 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1657
1658 if (peer_rc_version >= AVRC_REV_1_4) {
1659 /* get supported categories */
1660 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1661 if (p_attr != NULL) {
1662 categories = p_attr->attr_value.v.u16;
1663 if (categories & AVRC_SUPF_CT_CAT2)
1664 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1665 if (categories & AVRC_SUPF_CT_BROWSE)
1666 peer_features |= (BTA_AV_FEAT_BROWSE);
1667 }
1668 }
1669 }
1670 }
1671 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1672 return peer_features;
1673 }
1674
1675 /*******************************************************************************
1676 *
1677 * Function bta_avk_check_peer_features
1678 *
1679 * Description check supported features on the peer device from the SDP
1680 * record and return the feature mask
1681 *
1682 * Returns tBTA_AV_FEAT peer device feature mask
1683 *
1684 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1685 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1686 tBTA_AV_FEAT peer_features = 0;
1687 tBTA_AV_CB* p_cb = &bta_av_cb;
1688
1689 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1690
1691 /* loop through all records we found */
1692 tSDP_DISC_REC* p_rec =
1693 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1694 while (p_rec) {
1695 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1696 service_uuid);
1697
1698 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1699 NULL) {
1700 /* find peer features */
1701 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1702 NULL)) {
1703 peer_features |= BTA_AV_FEAT_RCCT;
1704 }
1705 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1706 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1707 peer_features |= BTA_AV_FEAT_RCTG;
1708 }
1709 }
1710
1711 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1712 /* get profile version (if failure, version parameter is not updated) */
1713 uint16_t peer_rc_version = 0;
1714 bool val = SDP_FindProfileVersionInRec(
1715 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1716 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1717 __func__, peer_rc_version, val);
1718
1719 if (peer_rc_version >= AVRC_REV_1_3)
1720 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1721
1722 /*
1723 * Though Absolute Volume came after in 1.4 and above, but there are few
1724 * devices
1725 * in market which supports absolute Volume and they are still 1.3
1726 * TO avoid IOT issuses with those devices, we check for 1.3 as minimum
1727 * version
1728 */
1729 if (peer_rc_version >= AVRC_REV_1_3) {
1730 /* get supported features */
1731 tSDP_DISC_ATTR* p_attr =
1732 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1733 if (p_attr != NULL) {
1734 uint16_t categories = p_attr->attr_value.v.u16;
1735 if (categories & AVRC_SUPF_CT_CAT2)
1736 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1737 if (categories & AVRC_SUPF_CT_APP_SETTINGS)
1738 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1739 if (categories & AVRC_SUPF_CT_BROWSE)
1740 peer_features |= (BTA_AV_FEAT_BROWSE);
1741 }
1742 }
1743 }
1744 /* get next record; if none found, we're done */
1745 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1746 }
1747 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1748 return peer_features;
1749 }
1750
1751 /*******************************************************************************
1752 *
1753 * Function bta_av_rc_disc_done
1754 *
1755 * Description Handle AVRCP service discovery results. If matching
1756 * service found, open AVRCP connection.
1757 *
1758 * Returns void
1759 *
1760 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1761 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1762 tBTA_AV_CB* p_cb = &bta_av_cb;
1763 tBTA_AV_SCB* p_scb = NULL;
1764 tBTA_AV_LCB* p_lcb;
1765 uint8_t rc_handle;
1766 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1767
1768 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1769 if (!p_cb->disc) {
1770 return;
1771 }
1772
1773 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1774 /* this is the rc handle/index to tBTA_AV_RCB */
1775 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1776 } else {
1777 /* Validate array index*/
1778 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1779 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1780 }
1781 if (p_scb) {
1782 rc_handle = p_scb->rc_handle;
1783 } else {
1784 p_cb->disc = 0;
1785 return;
1786 }
1787 }
1788
1789 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1790 #if (BTA_AV_SINK_INCLUDED == TRUE)
1791 if (p_cb->sdp_a2dp_snk_handle) {
1792 /* This is Sink + CT + TG(Abs Vol) */
1793 peer_features =
1794 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1795 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
1796 peer_features);
1797 if (BTA_AV_FEAT_ADV_CTRL &
1798 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1799 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1800 } else
1801 #endif
1802 if (p_cb->sdp_a2dp_handle) {
1803 /* check peer version and whether support CT and TG role */
1804 peer_features =
1805 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1806 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1807 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1808 /* if we support advance control and peer does not, check their support on
1809 * TG role
1810 * some implementation uses 1.3 on CT ans 1.4 on TG */
1811 peer_features |=
1812 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1813 }
1814
1815 /* Change our features if the remote AVRCP version is 1.3 or less */
1816 tSDP_DISC_REC* p_rec = nullptr;
1817 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1818 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
1819 if (p_rec != NULL &&
1820 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
1821 /* get profile version (if failure, version parameter is not updated) */
1822 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
1823 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1824 &peer_rc_version);
1825 if (peer_rc_version <= AVRC_REV_1_3) {
1826 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
1827 __func__);
1828 p_bta_av_cfg = &bta_av_cfg_compatibility;
1829 }
1830 }
1831 }
1832
1833 p_cb->disc = 0;
1834 osi_free_and_reset((void**)&p_cb->p_disc_db);
1835
1836 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
1837 peer_features, p_cb->features);
1838
1839 /* if we have no rc connection */
1840 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1841 if (p_scb) {
1842 /* if peer remote control service matches ours and USE_RC is true */
1843 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1844 (peer_features & BTA_AV_FEAT_RCTG)) ||
1845 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
1846 (peer_features & BTA_AV_FEAT_RCCT)))) {
1847 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
1848 if (p_lcb) {
1849 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
1850 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
1851 p_cb->rcb[rc_handle].peer_features = peer_features;
1852 } else {
1853 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
1854 }
1855 } else if (p_scb->use_rc) {
1856 /* can not find AVRC on peer device. report failure */
1857 p_scb->use_rc = false;
1858 tBTA_AV_RC_OPEN rc_open;
1859 rc_open.peer_addr = p_scb->PeerAddress();
1860 rc_open.peer_features = 0;
1861 rc_open.status = BTA_AV_FAIL_SDP;
1862 tBTA_AV bta_av_data;
1863 bta_av_data.rc_open = rc_open;
1864 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
1865 }
1866 }
1867 } else {
1868 tBTA_AV_RC_FEAT rc_feat;
1869 p_cb->rcb[rc_handle].peer_features = peer_features;
1870 rc_feat.rc_handle = rc_handle;
1871 rc_feat.peer_features = peer_features;
1872 if (p_scb == NULL) {
1873 /*
1874 * In case scb is not created by the time we are done with SDP
1875 * we still need to send RC feature event. So we need to get BD
1876 * from Message. Note that lidx is 1 based not 0 based
1877 */
1878 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
1879 } else {
1880 rc_feat.peer_addr = p_scb->PeerAddress();
1881 }
1882 tBTA_AV bta_av_data;
1883 bta_av_data.rc_feat = rc_feat;
1884 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_data);
1885 }
1886 }
1887
1888 /*******************************************************************************
1889 *
1890 * Function bta_av_rc_closed
1891 *
1892 * Description Set AVRCP state to closed.
1893 *
1894 * Returns void
1895 *
1896 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)1897 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
1898 tBTA_AV_CB* p_cb = &bta_av_cb;
1899 tBTA_AV_RC_CLOSE rc_close;
1900 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1901 tBTA_AV_RCB* p_rcb;
1902 tBTA_AV_SCB* p_scb;
1903 int i;
1904 bool conn = false;
1905 tBTA_AV_LCB* p_lcb;
1906
1907 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
1908 p_scb = NULL;
1909 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
1910 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1911 p_rcb = &p_cb->rcb[i];
1912 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
1913 p_rcb->handle, p_rcb->status);
1914 if (p_rcb->handle == p_msg->handle) {
1915 rc_close.rc_handle = i;
1916 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
1917 p_rcb->peer_features = 0;
1918 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
1919 p_rcb->lidx);
1920 if (p_rcb->shdl) {
1921 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
1922 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1923 }
1924 if (p_scb) {
1925 rc_close.peer_addr = p_scb->PeerAddress();
1926 if (p_scb->rc_handle == p_rcb->handle)
1927 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
1928 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
1929 p_scb->rc_handle);
1930 }
1931 p_rcb->shdl = 0;
1932 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
1933 /* if the RCB uses the extra LCB, use the addr for event and clean it */
1934 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
1935 rc_close.peer_addr = p_msg->peer_addr;
1936 LOG_INFO(LOG_TAG, "%s: rc_only closed bd_addr: %s", __func__,
1937 p_msg->peer_addr.ToString().c_str());
1938 p_lcb->conn_msk = 0;
1939 p_lcb->lidx = 0;
1940 }
1941 p_rcb->lidx = 0;
1942
1943 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
1944 /* AVCT CCB is deallocated */
1945 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
1946 p_rcb->status = 0;
1947 } else {
1948 /* AVCT CCB is still there. dealloc */
1949 bta_av_del_rc(p_rcb);
1950 }
1951 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
1952 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
1953 /* at least one channel is still connected */
1954 conn = true;
1955 }
1956 }
1957
1958 if (!conn) {
1959 /* no AVRC channels are connected, go back to INIT state */
1960 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
1961 }
1962
1963 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
1964 rc_close.rc_handle = p_msg->handle;
1965 rc_close.peer_addr = p_msg->peer_addr;
1966 }
1967 tBTA_AV bta_av_data;
1968 bta_av_data.rc_close = rc_close;
1969 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
1970 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE
1971 && bta_av_cb.features & BTA_AV_FEAT_RCTG)
1972 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1973 }
1974
1975 /*******************************************************************************
1976 *
1977 * Function bta_av_rc_browse_opened
1978 *
1979 * Description AVRC browsing channel is opened
1980 *
1981 * Returns void
1982 *
1983 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)1984 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
1985 tBTA_AV_CB* p_cb = &bta_av_cb;
1986 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1987 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
1988
1989 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
1990 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
1991
1992 rc_browse_open.status = BTA_AV_SUCCESS;
1993 rc_browse_open.rc_handle = p_msg->handle;
1994 rc_browse_open.peer_addr = p_msg->peer_addr;
1995
1996 tBTA_AV bta_av_data;
1997 bta_av_data.rc_browse_open = rc_browse_open;
1998 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
1999 }
2000
2001 /*******************************************************************************
2002 *
2003 * Function bta_av_rc_browse_closed
2004 *
2005 * Description AVRC browsing channel is closed
2006 *
2007 * Returns void
2008 *
2009 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2010 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2011 tBTA_AV_CB* p_cb = &bta_av_cb;
2012 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2013 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2014
2015 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
2016 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2017
2018 rc_browse_close.rc_handle = p_msg->handle;
2019 rc_browse_close.peer_addr = p_msg->peer_addr;
2020
2021 tBTA_AV bta_av_data;
2022 bta_av_data.rc_browse_close = rc_browse_close;
2023 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2024 }
2025
2026 /*******************************************************************************
2027 *
2028 * Function bta_av_rc_disc
2029 *
2030 * Description start AVRC SDP discovery.
2031 *
2032 * Returns void
2033 *
2034 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2035 void bta_av_rc_disc(uint8_t disc) {
2036 tBTA_AV_CB* p_cb = &bta_av_cb;
2037 tAVRC_SDP_DB_PARAMS db_params;
2038 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2039 ATTR_ID_BT_PROFILE_DESC_LIST,
2040 ATTR_ID_SUPPORTED_FEATURES};
2041 uint8_t hdi;
2042 tBTA_AV_SCB* p_scb;
2043 RawAddress peer_addr = RawAddress::kEmpty;
2044 uint8_t rc_handle;
2045
2046 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2047 bta_av_cb.disc);
2048 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2049
2050 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2051 /* this is the rc handle/index to tBTA_AV_RCB */
2052 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2053 if (p_cb->rcb[rc_handle].lidx) {
2054 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2055 }
2056 } else {
2057 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2058 p_scb = p_cb->p_scb[hdi];
2059
2060 if (p_scb) {
2061 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2062 peer_addr = p_scb->PeerAddress();
2063 }
2064 }
2065
2066 if (!peer_addr.IsEmpty()) {
2067 /* allocate discovery database */
2068 if (p_cb->p_disc_db == NULL)
2069 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2070
2071 /* set up parameters */
2072 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2073 db_params.num_attr = 3;
2074 db_params.p_db = p_cb->p_disc_db;
2075 db_params.p_attrs = attr_list;
2076
2077 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2078 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2079 &db_params,
2080 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2081 p_cb->disc = disc;
2082 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2083 }
2084 }
2085 }
2086
2087 /*******************************************************************************
2088 *
2089 * Function bta_av_dereg_comp
2090 *
2091 * Description deregister complete. free the stream control block.
2092 *
2093 * Returns void
2094 *
2095 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2096 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2097 tBTA_AV_CB* p_cb = &bta_av_cb;
2098 tBTA_AV_SCB* p_scb;
2099 tBTA_UTL_COD cod;
2100 uint8_t mask;
2101 BT_HDR* p_buf;
2102
2103 /* find the stream control block */
2104 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2105
2106 if (p_scb) {
2107 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2108 p_scb->hndl);
2109 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2110 p_cb->reg_audio &= ~mask;
2111 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
2112 /* this channel is still marked as open. decrease the count */
2113 bta_av_cb.audio_open_cnt--;
2114 }
2115 p_cb->conn_audio &= ~mask;
2116
2117 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2118 /* make sure no buffers are in a2dp_list */
2119 while (!list_is_empty(p_scb->a2dp_list)) {
2120 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2121 list_remove(p_scb->a2dp_list, p_buf);
2122 osi_free(p_buf);
2123 }
2124 }
2125
2126 /* remove the A2DP SDP record, if no more audio stream is left */
2127 if (!p_cb->reg_audio) {
2128 #if (BTA_AR_INCLUDED == TRUE)
2129 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL, BTA_ID_AV);
2130 #endif
2131 if (p_cb->sdp_a2dp_handle) {
2132 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2133 p_cb->sdp_a2dp_handle = 0;
2134 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2135 }
2136
2137 #if (BTA_AV_SINK_INCLUDED == TRUE)
2138 if (p_cb->sdp_a2dp_snk_handle) {
2139 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2140 p_cb->sdp_a2dp_snk_handle = 0;
2141 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2142 }
2143 #endif
2144 }
2145
2146 bta_av_free_scb(p_scb);
2147 }
2148
2149 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2150 p_cb->disabling);
2151 /* if no stream control block is active */
2152 if (p_cb->reg_audio == 0) {
2153 #if (BTA_AR_INCLUDED == TRUE)
2154 /* deregister from AVDT */
2155 bta_ar_dereg_avdt(BTA_ID_AV);
2156
2157 /* deregister from AVCT */
2158 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET, BTA_ID_AV);
2159 bta_ar_dereg_avct(BTA_ID_AV);
2160 #endif
2161
2162 if (p_cb->disabling) {
2163 p_cb->disabling = false;
2164 bta_av_cb.features = 0;
2165 }
2166
2167 /* Clear the Capturing service class bit */
2168 cod.service = BTM_COD_SERVICE_CAPTURING;
2169 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2170 }
2171 }
2172