1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include "bt_target.h"
29
30 #include <base/logging.h>
31 #include <string.h>
32
33 #include "avdt_api.h"
34 #include "avrcp_service.h"
35 #include "bta_av_api.h"
36 #include "bta_av_int.h"
37 #include "l2c_api.h"
38 #include "log/log.h"
39 #include "osi/include/list.h"
40 #include "osi/include/log.h"
41 #include "osi/include/osi.h"
42 #include "osi/include/properties.h"
43 #include "utl.h"
44
45 #if (BTA_AR_INCLUDED == TRUE)
46 #include "bta_ar_api.h"
47 #endif
48
49 /*****************************************************************************
50 * Constants
51 ****************************************************************************/
52 /* the timeout to wait for open req after setconfig for incoming connections */
53 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
54 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
55 #endif
56
57 /* Time to wait for signalling from SNK when it is initiated from SNK. */
58 /* If not, we will start signalling from SRC. */
59 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
60 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
61 #endif
62
63 static void bta_av_accept_signalling_timer_cback(void* data);
64
65 #ifndef AVRC_MIN_META_CMD_LEN
66 #define AVRC_MIN_META_CMD_LEN 20
67 #endif
68
69 /*******************************************************************************
70 *
71 * Function bta_av_get_rcb_by_shdl
72 *
73 * Description find the RCB associated with the given SCB handle.
74 *
75 * Returns tBTA_AV_RCB
76 *
77 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)78 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
79 tBTA_AV_RCB* p_rcb = NULL;
80 int i;
81
82 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
83 if (bta_av_cb.rcb[i].shdl == shdl &&
84 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
85 p_rcb = &bta_av_cb.rcb[i];
86 break;
87 }
88 }
89 return p_rcb;
90 }
91 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
92
93 /*******************************************************************************
94 *
95 * Function bta_av_del_rc
96 *
97 * Description delete the given AVRC handle.
98 *
99 * Returns void
100 *
101 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)102 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
103 tBTA_AV_SCB* p_scb;
104 uint8_t rc_handle; /* connected AVRCP handle */
105
106 p_scb = NULL;
107 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
108 if (p_rcb->shdl) {
109 /* Validate array index*/
110 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
111 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
112 }
113 if (p_scb) {
114 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
115 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
116 if (p_scb->rc_handle == p_rcb->handle)
117 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
118 /* just in case the RC timer is active
119 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
120 BTA_AV_CHNL_AUDIO) */
121 alarm_cancel(p_scb->avrc_ct_timer);
122 }
123 }
124
125 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
126 __func__, p_rcb->handle, p_rcb->status,
127 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
128 rc_handle = p_rcb->handle;
129 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
130 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
131 p_rcb->status = 0;
132 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
133 p_rcb->shdl = 0;
134 p_rcb->lidx = 0;
135 }
136 /* else ACP && connected. do not clear the handle yet */
137 AVRC_Close(rc_handle);
138 if (rc_handle == bta_av_cb.rc_acp_handle)
139 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
140 APPL_TRACE_EVENT(
141 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
142 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
143 p_rcb->lidx);
144 }
145 }
146
147 /*******************************************************************************
148 *
149 * Function bta_av_close_all_rc
150 *
151 * Description close the all AVRC handle.
152 *
153 * Returns void
154 *
155 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)156 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
157 int i;
158
159 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
160 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
161 bta_av_del_rc(&bta_av_cb.rcb[i]);
162 }
163 }
164
165 /*******************************************************************************
166 *
167 * Function bta_av_del_sdp_rec
168 *
169 * Description delete the given SDP record handle.
170 *
171 * Returns void
172 *
173 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)174 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
175 if (*p_sdp_handle != 0) {
176 SDP_DeleteRecord(*p_sdp_handle);
177 *p_sdp_handle = 0;
178 }
179 }
180
181 /*******************************************************************************
182 *
183 * Function bta_av_avrc_sdp_cback
184 *
185 * Description AVRCP service discovery callback.
186 *
187 * Returns void
188 *
189 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)190 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
191 BT_HDR* p_msg = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
192
193 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
194
195 bta_sys_sendmsg(p_msg);
196 }
197
198 /*******************************************************************************
199 *
200 * Function bta_av_rc_ctrl_cback
201 *
202 * Description AVRCP control callback.
203 *
204 * Returns void
205 *
206 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,const RawAddress * peer_addr)207 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
208 UNUSED_ATTR uint16_t result,
209 const RawAddress* peer_addr) {
210 uint16_t msg_event = 0;
211
212 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
213 if (event == AVRC_OPEN_IND_EVT) {
214 /* save handle of opened connection
215 bta_av_cb.rc_handle = handle;*/
216
217 msg_event = BTA_AV_AVRC_OPEN_EVT;
218 } else if (event == AVRC_CLOSE_IND_EVT) {
219 msg_event = BTA_AV_AVRC_CLOSE_EVT;
220 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
221 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
222 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
223 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
224 }
225
226 if (msg_event) {
227 tBTA_AV_RC_CONN_CHG* p_msg =
228 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
229 p_msg->hdr.event = msg_event;
230 p_msg->handle = handle;
231 if (peer_addr) p_msg->peer_addr = *peer_addr;
232 bta_sys_sendmsg(p_msg);
233 }
234 }
235
236 /*******************************************************************************
237 *
238 * Function bta_av_rc_msg_cback
239 *
240 * Description AVRCP message callback.
241 *
242 * Returns void
243 *
244 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)245 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
246 tAVRC_MSG* p_msg) {
247 uint8_t* p_data_src = NULL;
248 uint16_t data_len = 0;
249
250 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
251
252 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
253 */
254
255 /* Get size of payload data (for vendor and passthrough messages only; for
256 * browsing
257 * messages, use zero-copy) */
258 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
259 p_data_src = p_msg->vendor.p_vendor_data;
260 data_len = (uint16_t)p_msg->vendor.vendor_len;
261 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
262 p_data_src = p_msg->pass.p_pass_data;
263 data_len = (uint16_t)p_msg->pass.pass_len;
264 }
265
266 /* Create a copy of the message */
267 tBTA_AV_RC_MSG* p_buf =
268 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
269
270 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
271 p_buf->handle = handle;
272 p_buf->label = label;
273 p_buf->opcode = opcode;
274 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
275 /* Copy the data payload, and set the pointer to it */
276 if (p_data_src != NULL) {
277 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
278 memcpy(p_data_dst, p_data_src, data_len);
279
280 /* Update bta message buffer to point to payload data */
281 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
282 * already points to original avrc buffer) */
283 if (opcode == AVRC_OP_VENDOR)
284 p_buf->msg.vendor.p_vendor_data = p_data_dst;
285 else if (opcode == AVRC_OP_PASS_THRU)
286 p_buf->msg.pass.p_pass_data = p_data_dst;
287 }
288
289 if (opcode == AVRC_OP_BROWSE) {
290 /* set p_pkt to NULL, so avrc would not free the buffer */
291 p_msg->browse.p_browse_pkt = NULL;
292 }
293
294 bta_sys_sendmsg(p_buf);
295 }
296
297 /*******************************************************************************
298 *
299 * Function bta_av_rc_create
300 *
301 * Description alloc RCB and call AVRC_Open
302 *
303 * Returns the created rc handle
304 *
305 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)306 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
307 uint8_t lidx) {
308 if (is_new_avrcp_enabled()) {
309 APPL_TRACE_WARNING("%s: Skipping RC creation for the old AVRCP profile",
310 __func__);
311 return BTA_AV_RC_HANDLE_NONE;
312 }
313
314 tAVRC_CONN_CB ccb;
315 RawAddress bda = RawAddress::kAny;
316 uint8_t status = BTA_AV_RC_ROLE_ACP;
317 int i;
318 uint8_t rc_handle;
319 tBTA_AV_RCB* p_rcb;
320
321 if (role == AVCT_INT) {
322 // Can't grab a stream control block that doesn't have a valid handle
323 if (!shdl) {
324 APPL_TRACE_ERROR(
325 "%s: Can't grab stream control block for shdl = %d -> index = %d",
326 __func__, shdl, shdl - 1);
327 return BTA_AV_RC_HANDLE_NONE;
328 }
329 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
330 bda = p_scb->PeerAddress();
331 status = BTA_AV_RC_ROLE_INT;
332 } else {
333 p_rcb = bta_av_get_rcb_by_shdl(shdl);
334 if (p_rcb != NULL) {
335 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
336 p_rcb->lidx = lidx;
337 return p_rcb->handle;
338 }
339 }
340
341 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
342 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
343 ccb.company_id = p_bta_av_cfg->company_id;
344 ccb.conn = role;
345 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
346 */
347 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
348 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
349
350 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
351 return BTA_AV_RC_HANDLE_NONE;
352
353 i = rc_handle;
354 p_rcb = &p_cb->rcb[i];
355
356 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
357 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
358 }
359
360 p_rcb->handle = rc_handle;
361 p_rcb->status = status;
362 p_rcb->shdl = shdl;
363 p_rcb->lidx = lidx;
364 p_rcb->peer_features = 0;
365 p_rcb->cover_art_psm = 0;
366 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
367 /* this LIDX is reserved for the AVRCP ACP connection */
368 p_cb->rc_acp_handle = p_rcb->handle;
369 p_cb->rc_acp_idx = (i + 1);
370 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
371 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
372 }
373 APPL_TRACE_DEBUG(
374 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
375 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
376
377 return rc_handle;
378 }
379
380 /*******************************************************************************
381 *
382 * Function bta_av_valid_group_navi_msg
383 *
384 * Description Check if it is Group Navigation Msg for Metadata
385 *
386 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
387 *
388 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)389 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
390 bool is_inquiry) {
391 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
392 uint8_t* p_ptr = p_data;
393 uint16_t u16;
394 uint32_t u32;
395
396 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
397 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
398 BE_STREAM_TO_UINT16(u16, p_ptr);
399
400 if (u32 == AVRC_CO_METADATA) {
401 if (is_inquiry) {
402 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
403 } else {
404 if (u16 <= AVRC_PDU_PREV_GROUP)
405 ret = AVRC_RSP_ACCEPT;
406 else
407 ret = AVRC_RSP_REJ;
408 }
409 }
410 }
411
412 return ret;
413 }
414
415 /*******************************************************************************
416 *
417 * Function bta_av_op_supported
418 *
419 * Description Check if remote control operation is supported.
420 *
421 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
422 *
423 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)424 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
425 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
426
427 if (p_bta_av_rc_id) {
428 if (is_inquiry) {
429 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
430 ret_code = AVRC_RSP_IMPL_STBL;
431 }
432 } else {
433 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
434 ret_code = AVRC_RSP_ACCEPT;
435 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
436 p_bta_av_rc_id_ac) {
437 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
438 ret_code = AVRC_RSP_INTERIM;
439 }
440 }
441 }
442 }
443 return ret_code;
444 }
445
446 /*******************************************************************************
447 *
448 * Function bta_av_find_lcb
449 *
450 * Description Given BD_addr, find the associated LCB.
451 *
452 * Returns NULL, if not found.
453 *
454 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)455 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
456 tBTA_AV_CB* p_cb = &bta_av_cb;
457 int xx;
458 uint8_t mask;
459 tBTA_AV_LCB* p_lcb = NULL;
460
461 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__, addr.ToString().c_str(),
462 op);
463 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
464 mask = 1 << xx; /* the used mask for this lcb */
465 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
466 p_lcb = &p_cb->lcb[xx];
467 if (op == BTA_AV_LCB_FREE) {
468 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
469 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
470 }
471 break;
472 }
473 }
474 return p_lcb;
475 }
476
477 /*******************************************************************************
478 *
479 * Function bta_av_rc_opened
480 *
481 * Description Set AVRCP state to opened.
482 *
483 * Returns void
484 *
485 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)486 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
487 tBTA_AV_RC_OPEN rc_open;
488 tBTA_AV_SCB* p_scb;
489 int i;
490 uint8_t shdl = 0;
491 tBTA_AV_LCB* p_lcb;
492 tBTA_AV_RCB* p_rcb;
493 uint8_t tmp;
494 uint8_t disc = 0;
495
496 /* find the SCB & stop the timer */
497 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
498 p_scb = p_cb->p_scb[i];
499 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
500 p_scb->rc_handle = p_data->rc_conn_chg.handle;
501 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
502 p_scb->rc_handle);
503 shdl = i + 1;
504 LOG_INFO(LOG_TAG, "%s: allow incoming AVRCP connections:%d", __func__,
505 p_scb->use_rc);
506 alarm_cancel(p_scb->avrc_ct_timer);
507 disc = p_scb->hndl;
508 break;
509 }
510 }
511
512 i = p_data->rc_conn_chg.handle;
513 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
514 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
515 return;
516 }
517
518 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
519 p_cb->features, p_cb->rcb[i].peer_features);
520
521 /* listen to browsing channel when the connection is open,
522 * if peer initiated AVRCP connection and local device supports browsing
523 * channel */
524 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
525
526 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
527 /* rc is opened on the RC only ACP channel, but is for a specific
528 * SCB -> need to switch RCBs */
529 p_rcb = bta_av_get_rcb_by_shdl(shdl);
530 if (p_rcb) {
531 p_rcb->shdl = p_cb->rcb[i].shdl;
532 tmp = p_rcb->lidx;
533 p_rcb->lidx = p_cb->rcb[i].lidx;
534 p_cb->rcb[i].lidx = tmp;
535 p_cb->rc_acp_handle = p_rcb->handle;
536 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
537 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
538 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
539 }
540 }
541
542 p_cb->rcb[i].shdl = shdl;
543 rc_open.rc_handle = i;
544 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
545 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
546 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
547
548 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
549 /* no associated SCB -> connected to an RC only device
550 * update the index to the extra LCB */
551 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
552 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
553 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
554 p_cb->rcb[i].lidx = p_lcb->lidx;
555 p_lcb->conn_msk = 1;
556 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
557 __func__, p_lcb->addr.ToString().c_str(), i,
558 p_cb->rcb[i].lidx, p_lcb->conn_msk);
559 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
560 }
561
562 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
563 rc_open.peer_features = p_cb->rcb[i].peer_features;
564 rc_open.cover_art_psm = p_cb->rcb[i].cover_art_psm;
565 rc_open.status = BTA_AV_SUCCESS;
566 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
567 p_cb->features, rc_open.peer_features);
568 APPL_TRACE_DEBUG("%s: cover art psm:x%x", __func__, rc_open.cover_art_psm);
569 if (rc_open.peer_features == 0) {
570 /* we have not done SDP on peer RC capabilities.
571 * peer must have initiated the RC connection */
572 if (p_cb->features & BTA_AV_FEAT_RCCT)
573 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
574 if (p_cb->features & BTA_AV_FEAT_RCTG)
575 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
576
577 bta_av_rc_disc(disc);
578 }
579 tBTA_AV bta_av_data;
580 bta_av_data.rc_open = rc_open;
581 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
582
583 /* if local initiated AVRCP connection and both peer and locals device support
584 * browsing channel, open the browsing channel now
585 * TODO (sanketa): Some TG would not broadcast browse feature hence check
586 * inter-op. */
587 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
588 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
589 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
590 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
591 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
592 }
593 }
594
595 /*******************************************************************************
596 *
597 * Function bta_av_rc_remote_cmd
598 *
599 * Description Send an AVRCP remote control command.
600 *
601 * Returns void
602 *
603 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)604 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
605 tBTA_AV_RCB* p_rcb;
606 if (p_cb->features & BTA_AV_FEAT_RCCT) {
607 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
608 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
609 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
610 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
611 &p_data->api_remote_cmd.msg);
612 }
613 }
614 }
615 }
616
617 /*******************************************************************************
618 *
619 * Function bta_av_rc_vendor_cmd
620 *
621 * Description Send an AVRCP vendor specific command.
622 *
623 * Returns void
624 *
625 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)626 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
627 tBTA_AV_RCB* p_rcb;
628 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
629 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
630 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
631 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
632 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
633 &p_data->api_vendor.msg);
634 }
635 }
636 }
637
638 /*******************************************************************************
639 *
640 * Function bta_av_rc_vendor_rsp
641 *
642 * Description Send an AVRCP vendor specific response.
643 *
644 * Returns void
645 *
646 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)647 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
648 tBTA_AV_RCB* p_rcb;
649 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
650 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
651 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
652 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
653 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
654 &p_data->api_vendor.msg);
655 }
656 }
657 }
658
659 /*******************************************************************************
660 *
661 * Function bta_av_rc_meta_rsp
662 *
663 * Description Send an AVRCP metadata/advanced control command/response.
664 *
665 * Returns void
666 *
667 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)668 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
669 tBTA_AV_RCB* p_rcb;
670 bool do_free = true;
671
672 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
673 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
674 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
675 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
676 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
677 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
678 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
679 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
680 do_free = false;
681 }
682 }
683 }
684
685 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
686 }
687
688 /*******************************************************************************
689 *
690 * Function bta_av_rc_free_rsp
691 *
692 * Description free an AVRCP metadata command buffer.
693 *
694 * Returns void
695 *
696 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)697 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
698 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
699 }
700
701 /*******************************************************************************
702 *
703 * Function bta_av_rc_free_browse_msg
704 *
705 * Description free an AVRCP browse message buffer.
706 *
707 * Returns void
708 *
709 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)710 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
711 tBTA_AV_DATA* p_data) {
712 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
713 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
714 }
715 }
716
717 /*******************************************************************************
718 *
719 * Function bta_av_chk_notif_evt_id
720 *
721 * Description make sure the requested player id is valid.
722 *
723 * Returns BTA_AV_STS_NO_RSP, if no error
724 *
725 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)726 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
727 tAVRC_STS status = BTA_AV_STS_NO_RSP;
728 uint8_t xx;
729 uint16_t u16;
730 uint8_t* p = p_vendor->p_vendor_data + 2;
731
732 BE_STREAM_TO_UINT16(u16, p);
733 /* double check the fixed length */
734 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
735 status = AVRC_STS_INTERNAL_ERR;
736 } else {
737 /* make sure the player_id is valid */
738 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
739 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
740 break;
741 }
742 }
743 if (xx == p_bta_av_cfg->num_evt_ids) {
744 status = AVRC_STS_BAD_PARAM;
745 }
746 }
747
748 return status;
749 }
750
751 /*******************************************************************************
752 *
753 * Function bta_av_proc_meta_cmd
754 *
755 * Description Process an AVRCP metadata command from the peer.
756 *
757 * Returns true to respond immediately
758 *
759 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)760 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
761 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
762 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
763 uint8_t u8, pdu, *p;
764 uint16_t u16;
765 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
766
767 pdu = *(p_vendor->p_vendor_data);
768 p_rc_rsp->pdu = pdu;
769 *p_ctype = AVRC_RSP_REJ;
770
771 /* Check to ansure a valid minimum meta data length */
772 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
773 /* reject it */
774 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
775 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
776 p_vendor->vendor_len);
777 return 0;
778 }
779
780 /* Metadata messages only use PANEL sub-unit type */
781 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
782 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
783 /* reject it */
784 evt = 0;
785 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
786 p_vendor->vendor_len = 0;
787 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
788 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
789 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
790 p_vendor->hdr.ctype);
791 /* reject invalid message without reporting to app */
792 evt = 0;
793 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
794 } else {
795 switch (pdu) {
796 case AVRC_PDU_GET_CAPABILITIES:
797 /* process GetCapabilities command without reporting the event to app */
798 evt = 0;
799 if (p_vendor->vendor_len != 5) {
800 android_errorWriteLog(0x534e4554, "111893951");
801 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
802 break;
803 }
804 u8 = *(p_vendor->p_vendor_data + 4);
805 p = p_vendor->p_vendor_data + 2;
806 p_rc_rsp->get_caps.capability_id = u8;
807 BE_STREAM_TO_UINT16(u16, p);
808 if (u16 != 1) {
809 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
810 } else {
811 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
812 if (u8 == AVRC_CAP_COMPANY_ID) {
813 *p_ctype = AVRC_RSP_IMPL_STBL;
814 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
815 memcpy(p_rc_rsp->get_caps.param.company_id,
816 p_bta_av_cfg->p_meta_co_ids,
817 (p_bta_av_cfg->num_co_ids << 2));
818 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
819 *p_ctype = AVRC_RSP_IMPL_STBL;
820 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
821 memcpy(p_rc_rsp->get_caps.param.event_id,
822 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
823 } else {
824 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
825 /* reject - unknown capability ID */
826 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
827 }
828 }
829 break;
830
831 case AVRC_PDU_REGISTER_NOTIFICATION:
832 /* make sure the event_id is implemented */
833 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
834 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
835 break;
836 }
837 }
838
839 return evt;
840 }
841
842 /*******************************************************************************
843 *
844 * Function bta_av_rc_msg
845 *
846 * Description Process an AVRCP message from the peer.
847 *
848 * Returns void
849 *
850 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)851 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
852 tBTA_AV_EVT evt = 0;
853 tBTA_AV av;
854 BT_HDR* p_pkt = NULL;
855 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
856 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
857 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
858 uint8_t ctype = 0;
859 tAVRC_RESPONSE rc_rsp;
860
861 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
862
863 if (NULL == p_data) {
864 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
865 return;
866 }
867
868 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
869 p_data->rc_msg.msg.hdr.ctype);
870
871 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
872 /* if this is a pass thru command */
873 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
874 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
875 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
876 /* check if operation is supported */
877 char avrcp_ct_support[PROPERTY_VALUE_MAX];
878 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
879 "false");
880 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
881 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
882 if (p_cb->features & BTA_AV_FEAT_METADATA)
883 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
884 p_data->rc_msg.msg.pass.pass_len,
885 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
886 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
887 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
888 !strcmp(avrcp_ct_support, "true")) {
889 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
890 } else {
891 p_data->rc_msg.msg.hdr.ctype =
892 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
893 }
894
895 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
896
897 /* send response */
898 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
899 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
900 &p_data->rc_msg.msg.pass);
901
902 /* set up for callback if supported */
903 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
904 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
905 evt = BTA_AV_REMOTE_CMD_EVT;
906 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
907 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
908 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
909 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
910 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
911 av.remote_cmd.label = p_data->rc_msg.label;
912 }
913 }
914 /* else if this is a pass thru response */
915 /* id response type is not impl, we have to release label */
916 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
917 /* set up for callback */
918 evt = BTA_AV_REMOTE_RSP_EVT;
919 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
920 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
921 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
922 av.remote_rsp.label = p_data->rc_msg.label;
923
924 /* If this response is for vendor unique command */
925 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
926 (p_data->rc_msg.msg.pass.pass_len > 0)) {
927 av.remote_rsp.p_data =
928 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
929 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
930 p_data->rc_msg.msg.pass.pass_len);
931 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
932 p_data->rc_msg.msg.pass.pass_len);
933 }
934 }
935 /* must be a bad ctype -> reject*/
936 else {
937 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
938 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
939 &p_data->rc_msg.msg.pass);
940 }
941 }
942 /* else if this is a vendor specific command or response */
943 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
944 /* set up for callback */
945 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
946 av.vendor_cmd.company_id = p_vendor->company_id;
947 av.vendor_cmd.label = p_data->rc_msg.label;
948 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
949 av.vendor_cmd.len = p_vendor->vendor_len;
950
951 /* if configured to support vendor specific and it's a command */
952 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
953 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
954 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
955 (p_vendor->company_id == AVRC_CO_METADATA)) {
956 av.meta_msg.p_msg = &p_data->rc_msg.msg;
957 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
958 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
959 } else {
960 evt = BTA_AV_VENDOR_CMD_EVT;
961 }
962 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
963 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
964 /* else if configured to support vendor specific and it's a response */
965 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
966 (p_vendor->company_id == AVRC_CO_METADATA)) {
967 av.meta_msg.p_msg = &p_data->rc_msg.msg;
968 evt = BTA_AV_META_MSG_EVT;
969 } else {
970 evt = BTA_AV_VENDOR_RSP_EVT;
971 }
972 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
973 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
974 /* else if not configured to support vendor specific and it's a command */
975 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
976 /* reject it */
977 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
978 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
979 } else {
980 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
981 }
982 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
983 &p_data->rc_msg.msg.vendor);
984 }
985 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
986 /* set up for callback */
987 av.meta_msg.rc_handle = p_data->rc_msg.handle;
988 av.meta_msg.company_id = p_vendor->company_id;
989 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
990 av.meta_msg.label = p_data->rc_msg.label;
991 av.meta_msg.p_msg = &p_data->rc_msg.msg;
992 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
993 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
994 evt = BTA_AV_META_MSG_EVT;
995 }
996
997 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
998 if (!p_pkt) {
999 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
1000 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
1001 }
1002 if (p_pkt)
1003 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
1004 }
1005
1006 /* call callback */
1007 if (evt != 0) {
1008 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1009 (*p_cb->p_cback)(evt, &av);
1010 /* If browsing message, then free the browse message buffer */
1011 bta_av_rc_free_browse_msg(p_cb, p_data);
1012 }
1013 }
1014
1015 /*******************************************************************************
1016 *
1017 * Function bta_av_rc_close
1018 *
1019 * Description close the specified AVRC handle.
1020 *
1021 * Returns void
1022 *
1023 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1024 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1025 uint16_t handle = p_data->hdr.layer_specific;
1026 tBTA_AV_SCB* p_scb;
1027 tBTA_AV_RCB* p_rcb;
1028
1029 if (handle < BTA_AV_NUM_RCB) {
1030 p_rcb = &p_cb->rcb[handle];
1031
1032 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1033 p_rcb->status);
1034 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1035 if (p_rcb->shdl) {
1036 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1037 if (p_scb) {
1038 /* just in case the RC timer is active
1039 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1040 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1041 alarm_cancel(p_scb->avrc_ct_timer);
1042 }
1043 }
1044
1045 AVRC_Close(p_rcb->handle);
1046 }
1047 }
1048 }
1049
1050 /*******************************************************************************
1051 *
1052 * Function bta_av_rc_browse_close
1053 *
1054 * Description Empty placeholder.
1055 *
1056 * Returns void
1057 *
1058 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1059 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1060 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1061 }
1062
1063 /*******************************************************************************
1064 *
1065 * Function bta_av_get_shdl
1066 *
1067 * Returns The index to p_scb[]
1068 *
1069 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1070 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1071 int i;
1072 uint8_t shdl = 0;
1073 /* find the SCB & stop the timer */
1074 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1075 if (p_scb == bta_av_cb.p_scb[i]) {
1076 shdl = i + 1;
1077 break;
1078 }
1079 }
1080 return shdl;
1081 }
1082
1083 /*******************************************************************************
1084 *
1085 * Function bta_av_stream_chg
1086 *
1087 * Description audio streaming status changed.
1088 *
1089 * Returns void
1090 *
1091 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1092 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1093 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1094
1095 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1096 p_scb->PeerAddress().ToString().c_str(),
1097 logbool(started).c_str(), started_msk);
1098
1099 if (started) {
1100 bta_av_cb.audio_streams |= started_msk;
1101 /* Let L2CAP know this channel is processed with high priority */
1102 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1103 } else {
1104 bta_av_cb.audio_streams &= ~started_msk;
1105 /* Let L2CAP know this channel is processed with low priority */
1106 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1107 }
1108 }
1109
1110 /*******************************************************************************
1111 *
1112 * Function bta_av_conn_chg
1113 *
1114 * Description connetion status changed.
1115 * Open an AVRCP acceptor channel, if new conn.
1116 *
1117 * Returns void
1118 *
1119 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1120 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1121 tBTA_AV_CB* p_cb = &bta_av_cb;
1122 tBTA_AV_SCB* p_scb = NULL;
1123 tBTA_AV_SCB* p_scbi;
1124 uint8_t mask;
1125 uint8_t conn_msk;
1126 uint8_t old_msk;
1127 int i;
1128 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1129 tBTA_AV_LCB* p_lcb;
1130 tBTA_AV_LCB* p_lcb_rc;
1131 tBTA_AV_RCB *p_rcb, *p_rcb2;
1132 bool chk_restore = false;
1133
1134 /* Validate array index*/
1135 if (index < BTA_AV_NUM_STRS) {
1136 p_scb = p_cb->p_scb[index];
1137 }
1138 mask = BTA_AV_HNDL_TO_MSK(index);
1139 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1140 conn_msk = 1 << (index + 1);
1141 if (p_data->conn_chg.is_up) {
1142 /* set the conned mask for this channel */
1143 if (p_scb) {
1144 if (p_lcb) {
1145 p_lcb->conn_msk |= conn_msk;
1146 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1147 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1148 bta_av_cb.rcb[i].shdl = index + 1;
1149 APPL_TRACE_DEBUG(
1150 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1151 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1152 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1153 break;
1154 }
1155 }
1156 }
1157 old_msk = p_cb->conn_audio;
1158 p_cb->conn_audio |= mask;
1159
1160 if ((old_msk & mask) == 0) {
1161 /* increase the audio open count, if not set yet */
1162 bta_av_cb.audio_open_cnt++;
1163 }
1164
1165 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1166 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1167 /* check if the AVRCP ACP channel is already connected */
1168 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1169 p_cb->rc_acp_idx) {
1170 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1171 APPL_TRACE_DEBUG(
1172 "%s: rc_acp is connected && conn_chg on same addr "
1173 "p_lcb_rc->conn_msk:x%x",
1174 __func__, p_lcb_rc->conn_msk);
1175 /* check if the RC is connected to the scb addr */
1176 LOG_INFO(LOG_TAG, "%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s",
1177 __func__, p_lcb_rc->addr.ToString().c_str(),
1178 p_data->conn_chg.peer_addr.ToString().c_str());
1179
1180 if (p_lcb_rc->conn_msk &&
1181 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1182 /* AVRCP is already connected.
1183 * need to update the association betwen SCB and RCB */
1184 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1185 p_lcb_rc->lidx = 0;
1186 p_scb->rc_handle = p_cb->rc_acp_handle;
1187 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1188 p_rcb->shdl = bta_av_get_shdl(p_scb);
1189 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1190 index + 1, p_rcb->shdl, p_scb->rc_handle);
1191
1192 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1193 if (p_rcb2) {
1194 /* found the RCB that was created to associated with this SCB */
1195 p_cb->rc_acp_handle = p_rcb2->handle;
1196 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1197 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1198 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1199 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1200 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1201 p_rcb2->handle, p_rcb2->lidx,
1202 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1203 }
1204 p_rcb->lidx = p_lcb->lidx;
1205 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1206 p_rcb->handle, p_rcb->lidx,
1207 p_cb->lcb[p_rcb->lidx - 1].lidx);
1208 }
1209 }
1210 }
1211 } else {
1212 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1213 /* this channel is still marked as open. decrease the count */
1214 bta_av_cb.audio_open_cnt--;
1215 }
1216
1217 /* clear the conned mask for this channel */
1218 p_cb->conn_audio &= ~mask;
1219 if (p_scb) {
1220 // The stream is closed. Clear the state.
1221 p_scb->OnDisconnected();
1222 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1223 if (p_lcb) {
1224 p_lcb->conn_msk &= ~conn_msk;
1225 }
1226 /* audio channel is down. make sure the INT channel is down */
1227 /* just in case the RC timer is active
1228 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1229 { alarm_cancel(p_scb->avrc_ct_timer); }
1230 /* one audio channel goes down. check if we need to restore high
1231 * priority */
1232 chk_restore = true;
1233 }
1234 }
1235
1236 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1237 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1238 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1239 __func__, i, bta_av_cb.rcb[i].handle,
1240 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1241 bta_av_cb.rcb[i].lidx);
1242 if (bta_av_cb.rcb[i].shdl == index + 1) {
1243 bta_av_del_rc(&bta_av_cb.rcb[i]);
1244 /* since the connection is already down and info was removed, clean
1245 * reference */
1246 bta_av_cb.rcb[i].shdl = 0;
1247 break;
1248 }
1249 }
1250
1251 if (p_cb->conn_audio == 0) {
1252 /* if both channels are not connected,
1253 * close all RC channels */
1254 bta_av_close_all_rc(p_cb);
1255 }
1256
1257 /* if the AVRCP is no longer listening, create the listening channel */
1258 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1259 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1260 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1261 }
1262
1263 APPL_TRACE_DEBUG(
1264 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1265 "audio_open_cnt:%d",
1266 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1267 p_cb->audio_open_cnt);
1268
1269 if (chk_restore) {
1270 if (p_cb->audio_open_cnt == 1) {
1271 /* one audio channel goes down and there's one audio channel remains open.
1272 * restore the switch role in default link policy */
1273 bta_sys_set_default_policy(BTA_ID_AV, HCI_ENABLE_MASTER_SLAVE_SWITCH);
1274 /* allow role switch, if this is the last connection */
1275 bta_av_restore_switch();
1276 }
1277 if (p_cb->audio_open_cnt) {
1278 /* adjust flush timeout settings to longer period */
1279 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1280 p_scbi = bta_av_cb.p_scb[i];
1281 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1282 /* may need to update the flush timeout of this already started stream
1283 */
1284 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1285 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1286 L2CA_SetFlushTimeout(
1287 p_scbi->PeerAddress(),
1288 p_bta_av_cfg->p_audio_flush_to[p_scbi->co_started - 1]);
1289 }
1290 }
1291 }
1292 }
1293 }
1294 }
1295
1296 /*******************************************************************************
1297 *
1298 * Function bta_av_disable
1299 *
1300 * Description disable AV.
1301 *
1302 * Returns void
1303 *
1304 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1305 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1306 BT_HDR hdr;
1307 bool disabling_in_progress = false;
1308 uint16_t xx;
1309
1310 p_cb->disabling = true;
1311
1312 bta_av_close_all_rc(p_cb);
1313
1314 osi_free_and_reset((void**)&p_cb->p_disc_db);
1315
1316 /* disable audio/video - de-register all channels,
1317 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1318 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1319 if (p_cb->p_scb[xx] != NULL) {
1320 hdr.layer_specific = xx + 1;
1321 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1322 disabling_in_progress = true;
1323 }
1324 }
1325 // Since All channels are deregistering by API_DEREGISTER, the DEREG_COMP_EVT
1326 // would come first before API_DISABLE if there is no connections, and it is
1327 // no needed to setup this disabling flag.
1328 p_cb->disabling = disabling_in_progress;
1329
1330 alarm_free(p_cb->link_signalling_timer);
1331 p_cb->link_signalling_timer = NULL;
1332 alarm_free(p_cb->accept_signalling_timer);
1333 p_cb->accept_signalling_timer = NULL;
1334 }
1335
1336 /*******************************************************************************
1337 *
1338 * Function bta_av_api_disconnect
1339 *
1340 * Description .
1341 *
1342 * Returns void
1343 *
1344 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1345 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1346 AVDT_DisconnectReq(p_data->api_discnt.bd_addr, bta_av_conn_cback);
1347 alarm_cancel(bta_av_cb.link_signalling_timer);
1348 }
1349
1350 /**
1351 * Find the index for the free LCB entry to use.
1352 *
1353 * The selection order is:
1354 * (1) Find the index if there is already SCB entry for the peer address
1355 * (2) If there is no SCB entry for the peer address, find the first
1356 * SCB entry that is not assigned.
1357 *
1358 * @param peer_address the peer address to use
1359 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1360 * if no entry is found
1361 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1362 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1363 const RawAddress& peer_address) {
1364 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1365 peer_address.ToString().c_str(), bta_av_cb.conn_lcb);
1366
1367 // Find the index if there is already SCB entry for the peer address
1368 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1369 uint8_t mask = 1 << index;
1370 if (mask & bta_av_cb.conn_lcb) {
1371 continue;
1372 }
1373 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1374 if (p_scb == nullptr) {
1375 continue;
1376 }
1377 if (p_scb->PeerAddress() == peer_address) {
1378 return index;
1379 }
1380 }
1381
1382 // Find the first SCB entry that is not assigned.
1383 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1384 uint8_t mask = 1 << index;
1385 if (mask & bta_av_cb.conn_lcb) {
1386 continue;
1387 }
1388 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1389 if (p_scb == nullptr) {
1390 continue;
1391 }
1392 if (!p_scb->IsAssigned()) {
1393 return index;
1394 }
1395 }
1396
1397 return BTA_AV_NUM_LINKS;
1398 }
1399
1400 /*******************************************************************************
1401 *
1402 * Function bta_av_sig_chg
1403 *
1404 * Description process AVDT signal channel up/down.
1405 *
1406 * Returns void
1407 *
1408 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1409 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1410 uint16_t event = p_data->str_msg.hdr.layer_specific;
1411 tBTA_AV_CB* p_cb = &bta_av_cb;
1412 uint32_t xx;
1413 uint8_t mask;
1414 tBTA_AV_LCB* p_lcb = NULL;
1415
1416 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1417 if (event == AVDT_CONNECT_IND_EVT) {
1418 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1419 p_data->str_msg.bd_addr.ToString().c_str());
1420
1421 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1422 if (!p_lcb) {
1423 /* if the address does not have an LCB yet, alloc one */
1424 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1425
1426 /* check if we found something */
1427 if (xx >= BTA_AV_NUM_LINKS) {
1428 /* We do not have scb for this avdt connection. */
1429 /* Silently close the connection. */
1430 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1431 __func__, p_data->str_msg.bd_addr.ToString().c_str());
1432 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1433 return;
1434 }
1435 LOG_INFO(LOG_TAG,
1436 "%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1437 __func__, p_data->str_msg.bd_addr.ToString().c_str(), xx);
1438
1439 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1440 mask = 1 << xx;
1441 p_lcb = &p_cb->lcb[xx];
1442 p_lcb->lidx = xx + 1;
1443 p_lcb->addr = p_data->str_msg.bd_addr;
1444 p_lcb->conn_msk = 0; /* clear the connect mask */
1445 /* start listening when the signal channel is open */
1446 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1447 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1448 }
1449 /* this entry is not used yet. */
1450 p_cb->conn_lcb |= mask; /* mark it as used */
1451 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1452 if (p_data->hdr.offset == AVDT_ACP) {
1453 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1454 __func__);
1455 p_scb->OnConnected(p_data->str_msg.bd_addr);
1456 p_scb->use_rc = true; /* allowing RC for incoming connection */
1457 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1458
1459 /* The Pending Event should be sent as soon as the L2CAP signalling
1460 * channel
1461 * is set up, which is NOW. Earlier this was done only after
1462 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1463 * The following function shall send the event and start the
1464 * recurring timer
1465 */
1466 bta_av_signalling_timer(NULL);
1467
1468 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1469 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1470 /* Possible collision : need to avoid outgoing processing while the
1471 * timer is running */
1472 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1473 alarm_set_on_mloop(
1474 p_cb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1475 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1476 }
1477 }
1478 }
1479 #if (BTA_AR_INCLUDED == TRUE)
1480 else if (event == BTA_AR_AVDT_CONN_EVT) {
1481 alarm_cancel(bta_av_cb.link_signalling_timer);
1482 }
1483 #endif
1484 else {
1485 /* disconnected. */
1486 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x", __func__,
1487 bta_av_cb.conn_lcb);
1488
1489 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1490 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1491 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1492 /* clean up ssm */
1493 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1494 if (p_cb->p_scb[xx] &&
1495 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1496 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1497 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1498 p_cb->p_scb[xx]->PeerAddress());
1499 }
1500 mask = 1 << (xx + 1);
1501 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1502 p_cb->p_scb[xx] &&
1503 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1504 APPL_TRACE_WARNING("%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s",
1505 __func__,
1506 p_cb->p_scb[xx]->PeerAddress().ToString().c_str());
1507 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1508 }
1509 }
1510 }
1511 }
1512 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x after sig_chg", __func__,
1513 p_cb->conn_lcb);
1514 }
1515
1516 /*******************************************************************************
1517 *
1518 * Function bta_av_signalling_timer
1519 *
1520 * Description process the signal channel timer. This timer is started
1521 * when the AVDTP signal channel is connected. If no profile
1522 * is connected, the timer goes off every
1523 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1524 *
1525 * Returns void
1526 *
1527 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1528 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1529 tBTA_AV_CB* p_cb = &bta_av_cb;
1530 int xx;
1531 uint8_t mask;
1532 tBTA_AV_LCB* p_lcb = NULL;
1533
1534 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1535 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1536 p_lcb = &p_cb->lcb[xx];
1537 mask = 1 << xx;
1538 APPL_TRACE_DEBUG(
1539 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1540 xx, p_cb->conn_lcb, p_lcb->addr.ToString().c_str(), p_lcb->conn_msk,
1541 p_lcb->lidx);
1542 if (mask & p_cb->conn_lcb) {
1543 /* this entry is used. check if it is connected */
1544 if (!p_lcb->conn_msk) {
1545 bta_sys_start_timer(p_cb->link_signalling_timer,
1546 BTA_AV_SIGNALLING_TIMEOUT_MS,
1547 BTA_AV_SIGNALLING_TIMER_EVT, 0);
1548 tBTA_AV_PEND pend;
1549 pend.bd_addr = p_lcb->addr;
1550 tBTA_AV bta_av_data;
1551 bta_av_data.pend = pend;
1552 APPL_TRACE_DEBUG(
1553 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1554 __func__, pend.bd_addr.ToString().c_str(), xx, p_lcb->conn_msk,
1555 p_lcb->lidx);
1556 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1557 }
1558 }
1559 }
1560 }
1561
1562 /*******************************************************************************
1563 *
1564 * Function bta_av_accept_signalling_timer_cback
1565 *
1566 * Description Process the timeout when SRC is accepting connection
1567 * and SNK did not start signalling.
1568 *
1569 * Returns void
1570 *
1571 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1572 static void bta_av_accept_signalling_timer_cback(void* data) {
1573 uint32_t inx = PTR_TO_UINT(data);
1574 tBTA_AV_CB* p_cb = &bta_av_cb;
1575 tBTA_AV_SCB* p_scb = NULL;
1576 if (inx < BTA_AV_NUM_STRS) {
1577 p_scb = p_cb->p_scb[inx];
1578 }
1579 if (p_scb) {
1580 APPL_TRACE_DEBUG("%s: coll_mask=0x%02x", __func__, p_scb->coll_mask);
1581
1582 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1583 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1584
1585 if (bta_av_is_scb_opening(p_scb)) {
1586 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1587 p_scb->sdp_discovery_started);
1588 if (p_scb->sdp_discovery_started) {
1589 /* We are still doing SDP. Run the timer again. */
1590 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1591
1592 alarm_set_on_mloop(p_cb->accept_signalling_timer,
1593 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1594 bta_av_accept_signalling_timer_cback,
1595 UINT_TO_PTR(inx));
1596 } else {
1597 /* SNK did not start signalling, resume signalling process. */
1598 bta_av_discover_req(p_scb, NULL);
1599 }
1600 } else if (bta_av_is_scb_incoming(p_scb)) {
1601 /* Stay in incoming state if SNK does not start signalling */
1602
1603 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1604 /* API open was called right after SNK opened L2C connection. */
1605 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1606 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1607
1608 /* BTA_AV_API_OPEN_EVT */
1609 tBTA_AV_API_OPEN* p_buf =
1610 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1611 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1612 bta_sys_sendmsg(p_buf);
1613 }
1614 }
1615 }
1616 }
1617 }
1618
1619 /*******************************************************************************
1620 *
1621 * Function bta_av_check_peer_features
1622 *
1623 * Description check supported features on the peer device from the SDP
1624 * record and return the feature mask
1625 *
1626 * Returns tBTA_AV_FEAT peer device feature mask
1627 *
1628 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1629 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1630 tBTA_AV_FEAT peer_features = 0;
1631 tBTA_AV_CB* p_cb = &bta_av_cb;
1632 tSDP_DISC_REC* p_rec = NULL;
1633 tSDP_DISC_ATTR* p_attr;
1634 uint16_t peer_rc_version = 0;
1635 uint16_t categories = 0;
1636
1637 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1638 /* loop through all records we found */
1639 while (true) {
1640 /* get next record; if none found, we're done */
1641 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1642 if (p_rec == NULL) {
1643 break;
1644 }
1645
1646 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1647 NULL) {
1648 /* find peer features */
1649 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1650 NULL)) {
1651 peer_features |= BTA_AV_FEAT_RCCT;
1652 }
1653 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1654 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1655 peer_features |= BTA_AV_FEAT_RCTG;
1656 }
1657 }
1658
1659 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1660 /* get profile version (if failure, version parameter is not updated) */
1661 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1662 &peer_rc_version);
1663 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1664
1665 if (peer_rc_version >= AVRC_REV_1_3)
1666 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1667
1668 if (peer_rc_version >= AVRC_REV_1_4) {
1669 /* get supported categories */
1670 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1671 if (p_attr != NULL) {
1672 categories = p_attr->attr_value.v.u16;
1673 if (categories & AVRC_SUPF_CT_CAT2)
1674 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1675 if (categories & AVRC_SUPF_CT_BROWSE)
1676 peer_features |= (BTA_AV_FEAT_BROWSE);
1677 }
1678 }
1679 }
1680 }
1681 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1682 return peer_features;
1683 }
1684
1685 /*******************************************************************************
1686 *
1687 * Function bta_avk_check_peer_features
1688 *
1689 * Description check supported features on the peer device from the SDP
1690 * record and return the feature mask
1691 *
1692 * Returns tBTA_AV_FEAT peer device feature mask
1693 *
1694 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1695 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1696 tBTA_AV_FEAT peer_features = 0;
1697 tBTA_AV_CB* p_cb = &bta_av_cb;
1698
1699 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1700
1701 /* loop through all records we found */
1702 tSDP_DISC_REC* p_rec =
1703 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1704 while (p_rec) {
1705 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1706 service_uuid);
1707
1708 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1709 NULL) {
1710 /* find peer features */
1711 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1712 NULL)) {
1713 peer_features |= BTA_AV_FEAT_RCCT;
1714 }
1715 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1716 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1717 peer_features |= BTA_AV_FEAT_RCTG;
1718 }
1719 }
1720
1721 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1722 /* get profile version (if failure, version parameter is not updated) */
1723 uint16_t peer_rc_version = 0;
1724 bool val = SDP_FindProfileVersionInRec(
1725 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1726 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1727 __func__, peer_rc_version, val);
1728
1729 if (peer_rc_version >= AVRC_REV_1_3)
1730 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1731
1732 /* Get supported features */
1733 tSDP_DISC_ATTR* p_attr =
1734 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1735 if (p_attr != NULL) {
1736 uint16_t categories = p_attr->attr_value.v.u16;
1737 /*
1738 * Though Absolute Volume came after in 1.4 and above, but there are
1739 * few devices in market which supports absolute Volume and they are
1740 * still 1.3. To avoid IOP issuses with those devices, we check for
1741 * 1.3 as minimum version
1742 */
1743 if (peer_rc_version >= AVRC_REV_1_3) {
1744 if (categories & AVRC_SUPF_TG_CAT2)
1745 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1746 if (categories & AVRC_SUPF_TG_APP_SETTINGS)
1747 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1748 if (categories & AVRC_SUPF_TG_BROWSE)
1749 peer_features |= (BTA_AV_FEAT_BROWSE);
1750 }
1751
1752 /* AVRCP Cover Artwork over BIP */
1753 if (peer_rc_version >= AVRC_REV_1_6) {
1754 if (service_uuid == UUID_SERVCLASS_AV_REM_CTRL_TARGET &&
1755 categories & AVRC_SUPF_TG_PLAYER_COVER_ART)
1756 peer_features |= (BTA_AV_FEAT_COVER_ARTWORK);
1757 }
1758 }
1759 }
1760 /* get next record; if none found, we're done */
1761 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1762 }
1763 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1764 return peer_features;
1765 }
1766
1767 /******************************************************************************
1768 *
1769 * Function bta_avk_get_cover_art_psm
1770 *
1771 * Description Get the PSM associated with the AVRCP Target cover art
1772 * feature
1773 *
1774 * Returns uint16_t PSM value used to get cover artwork, or 0x0000 if
1775 * one does not exist.
1776 *
1777 *****************************************************************************/
bta_avk_get_cover_art_psm()1778 uint16_t bta_avk_get_cover_art_psm() {
1779 APPL_TRACE_DEBUG("%s: searching for cover art psm", __func__);
1780 /* Cover Art L2CAP PSM is only available on a target device */
1781 tBTA_AV_CB* p_cb = &bta_av_cb;
1782 tSDP_DISC_REC* p_rec =
1783 SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET,
1784 NULL);
1785 while (p_rec) {
1786 tSDP_DISC_ATTR* p_attr =
1787 (SDP_FindAttributeInRec(p_rec, ATTR_ID_ADDITION_PROTO_DESC_LISTS));
1788 /*
1789 * If we have the Additional Protocol Description Lists attribute then we
1790 * specifically want the list that is an L2CAP protocol leading to OBEX.
1791 * Because the is a case where cover art is supported and browsing isn't
1792 * we need to check each list for the one we want.
1793 *
1794 * This means we need to do drop down into the protocol list and do a
1795 * "for each protocol, for each protocol element, for each protocol element
1796 * list parameter, if the parameter is L2CAP then find the PSM associated
1797 * with it, then make sure we see OBEX in that same protocol"
1798 */
1799 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type)
1800 == DATA_ELE_SEQ_DESC_TYPE) {
1801 // Point to first in List of protocols (i.e [(L2CAP -> AVCTP),
1802 // (L2CAP -> OBEX)])
1803 tSDP_DISC_ATTR* p_protocol_list = p_attr->attr_value.v.p_sub_attr;
1804 while (p_protocol_list != NULL) {
1805 if (SDP_DISC_ATTR_TYPE(p_protocol_list->attr_len_type)
1806 == DATA_ELE_SEQ_DESC_TYPE) {
1807 // Point to fist in list of protocol elements (i.e. [L2CAP, AVCTP])
1808 tSDP_DISC_ATTR* p_protocol =
1809 p_protocol_list->attr_value.v.p_sub_attr;
1810 bool protocol_has_obex = false;
1811 bool protocol_has_l2cap = false;
1812 uint16_t psm = 0x0000;
1813 while (p_protocol) {
1814 if (SDP_DISC_ATTR_TYPE(p_protocol->attr_len_type)
1815 == DATA_ELE_SEQ_DESC_TYPE) {
1816 // Point to first item protocol parameters list (i.e [UUID=L2CAP,
1817 // PSM=0x1234])
1818 tSDP_DISC_ATTR* p_protocol_param =
1819 p_protocol->attr_value.v.p_sub_attr;
1820 /*
1821 * Currently there's only ever one UUID and one parameter. L2cap
1822 * has a single PSM, AVCTP has a version and OBEX has nothing.
1823 * Change this if that ever changes.
1824 */
1825 uint16_t protocol_uuid = 0;
1826 uint16_t protocol_param = 0;
1827 while (p_protocol_param) {
1828 uint16_t param_type =
1829 SDP_DISC_ATTR_TYPE(p_protocol_param->attr_len_type);
1830 uint16_t param_len =
1831 SDP_DISC_ATTR_LEN(p_protocol_param->attr_len_type);
1832 if (param_type == UUID_DESC_TYPE) {
1833 protocol_uuid = p_protocol_param->attr_value.v.u16;
1834 } else if (param_type == UINT_DESC_TYPE) {
1835 protocol_param = (param_len == 2)
1836 ? p_protocol_param->attr_value.v.u16
1837 : p_protocol_param->attr_value.v.u8;
1838 } /* else dont care */
1839 p_protocol_param = p_protocol_param->p_next_attr; // next
1840 }
1841 // If we've found L2CAP then the parameter is a PSM
1842 if (protocol_uuid == UUID_PROTOCOL_L2CAP) {
1843 protocol_has_l2cap = true;
1844 psm = protocol_param;
1845 } else if (protocol_uuid == UUID_PROTOCOL_OBEX) {
1846 protocol_has_obex = true;
1847 }
1848 }
1849 // If this protocol has l2cap and obex then we're found the BIP PSM
1850 if (protocol_has_l2cap && protocol_has_obex) {
1851 APPL_TRACE_DEBUG("%s: found psm 0x%x", __func__, psm);
1852 return psm;
1853 }
1854 p_protocol = p_protocol->p_next_attr; // next protocol element
1855 }
1856 }
1857 p_protocol_list = p_protocol_list->p_next_attr; // next protocol
1858 }
1859 }
1860 /* get next record; if none found, we're done */
1861 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1862 UUID_SERVCLASS_AV_REM_CTRL_TARGET, p_rec);
1863 }
1864 /* L2CAP PSM range is 0x1000-0xFFFF so 0x0000 is safe default invalid */
1865 APPL_TRACE_DEBUG("%s: could not find a BIP psm", __func__);
1866 return 0x0000;
1867 }
1868
1869 /*******************************************************************************
1870 *
1871 * Function bta_av_rc_disc_done
1872 *
1873 * Description Handle AVRCP service discovery results. If matching
1874 * service found, open AVRCP connection.
1875 *
1876 * Returns void
1877 *
1878 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1879 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1880 tBTA_AV_CB* p_cb = &bta_av_cb;
1881 tBTA_AV_SCB* p_scb = NULL;
1882 tBTA_AV_LCB* p_lcb;
1883 uint8_t rc_handle;
1884 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1885 uint16_t cover_art_psm = 0x0000;
1886
1887 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1888 if (!p_cb->disc) {
1889 return;
1890 }
1891
1892 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1893 /* this is the rc handle/index to tBTA_AV_RCB */
1894 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1895 } else {
1896 /* Validate array index*/
1897 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1898 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1899 }
1900 if (p_scb) {
1901 rc_handle = p_scb->rc_handle;
1902 } else {
1903 p_cb->disc = 0;
1904 return;
1905 }
1906 }
1907
1908 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1909 #if (BTA_AV_SINK_INCLUDED == TRUE)
1910 if (p_cb->sdp_a2dp_snk_handle) {
1911 /* This is Sink + CT + TG(Abs Vol) */
1912 peer_features =
1913 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1914 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
1915 peer_features);
1916 if (BTA_AV_FEAT_ADV_CTRL &
1917 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1918 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1919
1920 if (peer_features & BTA_AV_FEAT_COVER_ARTWORK)
1921 cover_art_psm = bta_avk_get_cover_art_psm();
1922
1923 APPL_TRACE_DEBUG("%s: populating rem ctrl target bip psm 0x%x", __func__,
1924 cover_art_psm);
1925 } else
1926 #endif
1927 if (p_cb->sdp_a2dp_handle) {
1928 /* check peer version and whether support CT and TG role */
1929 peer_features =
1930 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1931 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1932 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1933 /* if we support advance control and peer does not, check their support on
1934 * TG role
1935 * some implementation uses 1.3 on CT ans 1.4 on TG */
1936 peer_features |=
1937 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1938 }
1939
1940 /* Change our features if the remote AVRCP version is 1.3 or less */
1941 tSDP_DISC_REC* p_rec = nullptr;
1942 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1943 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
1944 if (p_rec != NULL &&
1945 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
1946 /* get profile version (if failure, version parameter is not updated) */
1947 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
1948 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1949 &peer_rc_version);
1950 if (peer_rc_version <= AVRC_REV_1_3) {
1951 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
1952 __func__);
1953 p_bta_av_cfg = &bta_av_cfg_compatibility;
1954 }
1955 }
1956 }
1957
1958 p_cb->disc = 0;
1959 osi_free_and_reset((void**)&p_cb->p_disc_db);
1960
1961 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
1962 peer_features, p_cb->features);
1963
1964 /* if we have no rc connection */
1965 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1966 if (p_scb) {
1967 /* if peer remote control service matches ours and USE_RC is true */
1968 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1969 (peer_features & BTA_AV_FEAT_RCTG)) ||
1970 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
1971 (peer_features & BTA_AV_FEAT_RCCT)))) {
1972 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
1973 if (p_lcb) {
1974 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
1975 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
1976 p_cb->rcb[rc_handle].peer_features = peer_features;
1977 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
1978 } else {
1979 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
1980 }
1981 } else if (p_scb->use_rc) {
1982 /* can not find AVRC on peer device. report failure */
1983 p_scb->use_rc = false;
1984 tBTA_AV_RC_OPEN rc_open;
1985 rc_open.peer_addr = p_scb->PeerAddress();
1986 rc_open.peer_features = 0;
1987 rc_open.cover_art_psm = 0;
1988 rc_open.status = BTA_AV_FAIL_SDP;
1989 tBTA_AV bta_av_data;
1990 bta_av_data.rc_open = rc_open;
1991 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
1992 }
1993 }
1994 } else {
1995 tBTA_AV_RC_FEAT rc_feat;
1996 p_cb->rcb[rc_handle].peer_features = peer_features;
1997 rc_feat.rc_handle = rc_handle;
1998 rc_feat.peer_features = peer_features;
1999 if (p_scb == NULL) {
2000 /*
2001 * In case scb is not created by the time we are done with SDP
2002 * we still need to send RC feature event. So we need to get BD
2003 * from Message. Note that lidx is 1 based not 0 based
2004 */
2005 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2006 } else {
2007 rc_feat.peer_addr = p_scb->PeerAddress();
2008 }
2009
2010 tBTA_AV bta_av_feat;
2011 bta_av_feat.rc_feat = rc_feat;
2012 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2013
2014 // Send PSM data
2015 APPL_TRACE_DEBUG("%s: Send PSM data", __func__);
2016 tBTA_AV_RC_PSM rc_psm;
2017 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2018 rc_psm.rc_handle = rc_handle;
2019 rc_psm.cover_art_psm = cover_art_psm;
2020 if (p_scb == NULL) {
2021 rc_psm.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2022 } else {
2023 rc_psm.peer_addr = p_scb->PeerAddress();
2024 }
2025
2026 APPL_TRACE_DEBUG("%s: rc_psm = 0x%x", __func__, rc_psm.cover_art_psm);
2027
2028 tBTA_AV bta_av_psm;
2029 bta_av_psm.rc_cover_art_psm = rc_psm;
2030 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2031 }
2032 }
2033
2034 /*******************************************************************************
2035 *
2036 * Function bta_av_rc_closed
2037 *
2038 * Description Set AVRCP state to closed.
2039 *
2040 * Returns void
2041 *
2042 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)2043 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
2044 tBTA_AV_CB* p_cb = &bta_av_cb;
2045 tBTA_AV_RC_CLOSE rc_close;
2046 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2047 tBTA_AV_RCB* p_rcb;
2048 tBTA_AV_SCB* p_scb;
2049 int i;
2050 bool conn = false;
2051 tBTA_AV_LCB* p_lcb;
2052
2053 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
2054 p_scb = NULL;
2055 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
2056 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
2057 p_rcb = &p_cb->rcb[i];
2058 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
2059 p_rcb->handle, p_rcb->status);
2060 if (p_rcb->handle == p_msg->handle) {
2061 rc_close.rc_handle = i;
2062 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
2063 p_rcb->peer_features = 0;
2064 p_rcb->cover_art_psm = 0;
2065 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
2066 p_rcb->lidx);
2067 if (p_rcb->shdl) {
2068 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2069 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2070 }
2071 if (p_scb) {
2072 rc_close.peer_addr = p_scb->PeerAddress();
2073 if (p_scb->rc_handle == p_rcb->handle)
2074 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
2075 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
2076 p_scb->rc_handle);
2077 }
2078 p_rcb->shdl = 0;
2079 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
2080 /* if the RCB uses the extra LCB, use the addr for event and clean it */
2081 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
2082 rc_close.peer_addr = p_msg->peer_addr;
2083 LOG_INFO(LOG_TAG, "%s: rc_only closed bd_addr: %s", __func__,
2084 p_msg->peer_addr.ToString().c_str());
2085 p_lcb->conn_msk = 0;
2086 p_lcb->lidx = 0;
2087 }
2088 p_rcb->lidx = 0;
2089
2090 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
2091 /* AVCT CCB is deallocated */
2092 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
2093 p_rcb->status = 0;
2094 } else {
2095 /* AVCT CCB is still there. dealloc */
2096 bta_av_del_rc(p_rcb);
2097 }
2098 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
2099 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
2100 /* at least one channel is still connected */
2101 conn = true;
2102 }
2103 }
2104
2105 if (!conn) {
2106 /* no AVRC channels are connected, go back to INIT state */
2107 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
2108 }
2109
2110 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
2111 rc_close.rc_handle = p_msg->handle;
2112 rc_close.peer_addr = p_msg->peer_addr;
2113 }
2114 tBTA_AV bta_av_data;
2115 bta_av_data.rc_close = rc_close;
2116 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
2117 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE
2118 && bta_av_cb.features & BTA_AV_FEAT_RCTG)
2119 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
2120 }
2121
2122 /*******************************************************************************
2123 *
2124 * Function bta_av_rc_browse_opened
2125 *
2126 * Description AVRC browsing channel is opened
2127 *
2128 * Returns void
2129 *
2130 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)2131 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
2132 tBTA_AV_CB* p_cb = &bta_av_cb;
2133 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2134 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
2135
2136 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
2137 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2138
2139 rc_browse_open.status = BTA_AV_SUCCESS;
2140 rc_browse_open.rc_handle = p_msg->handle;
2141 rc_browse_open.peer_addr = p_msg->peer_addr;
2142
2143 tBTA_AV bta_av_data;
2144 bta_av_data.rc_browse_open = rc_browse_open;
2145 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
2146 }
2147
2148 /*******************************************************************************
2149 *
2150 * Function bta_av_rc_browse_closed
2151 *
2152 * Description AVRC browsing channel is closed
2153 *
2154 * Returns void
2155 *
2156 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2157 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2158 tBTA_AV_CB* p_cb = &bta_av_cb;
2159 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2160 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2161
2162 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
2163 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2164
2165 rc_browse_close.rc_handle = p_msg->handle;
2166 rc_browse_close.peer_addr = p_msg->peer_addr;
2167
2168 tBTA_AV bta_av_data;
2169 bta_av_data.rc_browse_close = rc_browse_close;
2170 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2171 }
2172
2173 /*******************************************************************************
2174 *
2175 * Function bta_av_rc_disc
2176 *
2177 * Description start AVRC SDP discovery.
2178 *
2179 * Returns void
2180 *
2181 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2182 void bta_av_rc_disc(uint8_t disc) {
2183 tBTA_AV_CB* p_cb = &bta_av_cb;
2184 tAVRC_SDP_DB_PARAMS db_params;
2185 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2186 ATTR_ID_BT_PROFILE_DESC_LIST,
2187 ATTR_ID_SUPPORTED_FEATURES,
2188 ATTR_ID_ADDITION_PROTO_DESC_LISTS};
2189 uint8_t hdi;
2190 tBTA_AV_SCB* p_scb;
2191 RawAddress peer_addr = RawAddress::kEmpty;
2192 uint8_t rc_handle;
2193
2194 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2195 bta_av_cb.disc);
2196 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2197
2198 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2199 /* this is the rc handle/index to tBTA_AV_RCB */
2200 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2201 if (p_cb->rcb[rc_handle].lidx) {
2202 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2203 }
2204 } else {
2205 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2206 p_scb = p_cb->p_scb[hdi];
2207
2208 if (p_scb) {
2209 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2210 peer_addr = p_scb->PeerAddress();
2211 }
2212 }
2213
2214 if (!peer_addr.IsEmpty()) {
2215 /* allocate discovery database */
2216 if (p_cb->p_disc_db == NULL)
2217 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2218
2219 /* set up parameters */
2220 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2221 db_params.num_attr = sizeof(attr_list) / sizeof(uint16_t);
2222 db_params.p_db = p_cb->p_disc_db;
2223 db_params.p_attrs = attr_list;
2224
2225 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2226 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2227 &db_params,
2228 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2229 p_cb->disc = disc;
2230 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2231 }
2232 }
2233 }
2234
2235 /*******************************************************************************
2236 *
2237 * Function bta_av_dereg_comp
2238 *
2239 * Description deregister complete. free the stream control block.
2240 *
2241 * Returns void
2242 *
2243 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2244 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2245 tBTA_AV_CB* p_cb = &bta_av_cb;
2246 tBTA_AV_SCB* p_scb;
2247 tBTA_UTL_COD cod;
2248 uint8_t mask;
2249 BT_HDR* p_buf;
2250
2251 /* find the stream control block */
2252 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2253
2254 if (p_scb) {
2255 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2256 p_scb->hndl);
2257 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2258 p_cb->reg_audio &= ~mask;
2259 if ((p_cb->conn_audio & mask) && p_cb->audio_open_cnt) {
2260 /* this channel is still marked as open. decrease the count */
2261 p_cb->audio_open_cnt--;
2262 }
2263 p_cb->conn_audio &= ~mask;
2264
2265 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2266 /* make sure no buffers are in a2dp_list */
2267 while (!list_is_empty(p_scb->a2dp_list)) {
2268 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2269 list_remove(p_scb->a2dp_list, p_buf);
2270 osi_free(p_buf);
2271 }
2272 }
2273
2274 /* remove the A2DP SDP record, if no more audio stream is left */
2275 if (!p_cb->reg_audio) {
2276 #if (BTA_AR_INCLUDED == TRUE)
2277 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL, BTA_ID_AV);
2278 #endif
2279 if (p_cb->sdp_a2dp_handle) {
2280 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2281 p_cb->sdp_a2dp_handle = 0;
2282 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2283 }
2284
2285 #if (BTA_AV_SINK_INCLUDED == TRUE)
2286 if (p_cb->sdp_a2dp_snk_handle) {
2287 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2288 p_cb->sdp_a2dp_snk_handle = 0;
2289 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2290 }
2291 #endif
2292 }
2293
2294 bta_av_free_scb(p_scb);
2295 }
2296
2297 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2298 p_cb->disabling);
2299 /* if no stream control block is active */
2300 if (p_cb->reg_audio == 0) {
2301 #if (BTA_AR_INCLUDED == TRUE)
2302 /* deregister from AVDT */
2303 bta_ar_dereg_avdt(BTA_ID_AV);
2304
2305 /* deregister from AVCT */
2306 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET, BTA_ID_AV);
2307 bta_ar_dereg_avct(BTA_ID_AV);
2308 #endif
2309
2310 if (p_cb->disabling) {
2311 p_cb->disabling = false;
2312 // reset enabling parameters
2313 p_cb->features = 0;
2314 p_cb->sec_mask = 0;
2315 }
2316
2317 /* Clear the Capturing service class bit */
2318 cod.service = BTM_COD_SERVICE_CAPTURING;
2319 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2320 }
2321 }
2322