1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <algorithm>
18 #include <android-base/logging.h>
19 #include <android-base/properties.h>
20 #include <chrono>
21 #include <dirent.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <inttypes.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <sys/stat.h>
30 #include <sys/time.h>
31
32 #define LOG_TAG "MtpServer"
33
34 #include "MtpDebug.h"
35 #include "IMtpDatabase.h"
36 #include "MtpDescriptors.h"
37 #include "MtpDevHandle.h"
38 #include "MtpFfsCompatHandle.h"
39 #include "MtpFfsHandle.h"
40 #include "MtpObjectInfo.h"
41 #include "MtpProperty.h"
42 #include "MtpServer.h"
43 #include "MtpStorage.h"
44 #include "MtpStringBuffer.h"
45 #include "android-base/strings.h"
46
47 namespace android {
48 static const int SN_EVENT_LOG_ID = 0x534e4554;
49
50 static const MtpOperationCode kSupportedOperationCodes[] = {
51 MTP_OPERATION_GET_DEVICE_INFO,
52 MTP_OPERATION_OPEN_SESSION,
53 MTP_OPERATION_CLOSE_SESSION,
54 MTP_OPERATION_GET_STORAGE_IDS,
55 MTP_OPERATION_GET_STORAGE_INFO,
56 MTP_OPERATION_GET_NUM_OBJECTS,
57 MTP_OPERATION_GET_OBJECT_HANDLES,
58 MTP_OPERATION_GET_OBJECT_INFO,
59 MTP_OPERATION_GET_OBJECT,
60 MTP_OPERATION_GET_THUMB,
61 MTP_OPERATION_DELETE_OBJECT,
62 MTP_OPERATION_SEND_OBJECT_INFO,
63 MTP_OPERATION_SEND_OBJECT,
64 // MTP_OPERATION_INITIATE_CAPTURE,
65 // MTP_OPERATION_FORMAT_STORE,
66 MTP_OPERATION_RESET_DEVICE,
67 // MTP_OPERATION_SELF_TEST,
68 // MTP_OPERATION_SET_OBJECT_PROTECTION,
69 // MTP_OPERATION_POWER_DOWN,
70 MTP_OPERATION_GET_DEVICE_PROP_DESC,
71 MTP_OPERATION_GET_DEVICE_PROP_VALUE,
72 MTP_OPERATION_SET_DEVICE_PROP_VALUE,
73 MTP_OPERATION_RESET_DEVICE_PROP_VALUE,
74 // MTP_OPERATION_TERMINATE_OPEN_CAPTURE,
75 MTP_OPERATION_MOVE_OBJECT,
76 MTP_OPERATION_COPY_OBJECT,
77 MTP_OPERATION_GET_PARTIAL_OBJECT,
78 // MTP_OPERATION_INITIATE_OPEN_CAPTURE,
79 MTP_OPERATION_GET_OBJECT_PROPS_SUPPORTED,
80 MTP_OPERATION_GET_OBJECT_PROP_DESC,
81 MTP_OPERATION_GET_OBJECT_PROP_VALUE,
82 MTP_OPERATION_SET_OBJECT_PROP_VALUE,
83 MTP_OPERATION_GET_OBJECT_PROP_LIST,
84 // MTP_OPERATION_SET_OBJECT_PROP_LIST,
85 // MTP_OPERATION_GET_INTERDEPENDENT_PROP_DESC,
86 // MTP_OPERATION_SEND_OBJECT_PROP_LIST,
87 // MTP_OPERATION_GET_OBJECT_REFERENCES,
88 // MTP_OPERATION_SET_OBJECT_REFERENCES,
89 // MTP_OPERATION_SKIP,
90 // Android extension for direct file IO
91 MTP_OPERATION_GET_PARTIAL_OBJECT_64,
92 MTP_OPERATION_SEND_PARTIAL_OBJECT,
93 MTP_OPERATION_TRUNCATE_OBJECT,
94 MTP_OPERATION_BEGIN_EDIT_OBJECT,
95 MTP_OPERATION_END_EDIT_OBJECT,
96 };
97
98 static const MtpEventCode kSupportedEventCodes[] = {
99 MTP_EVENT_OBJECT_ADDED,
100 MTP_EVENT_OBJECT_REMOVED,
101 MTP_EVENT_STORE_ADDED,
102 MTP_EVENT_STORE_REMOVED,
103 MTP_EVENT_DEVICE_PROP_CHANGED,
104 MTP_EVENT_OBJECT_INFO_CHANGED,
105 };
106
MtpServer(IMtpDatabase * database,int controlFd,bool ptp,const char * deviceInfoManufacturer,const char * deviceInfoModel,const char * deviceInfoDeviceVersion,const char * deviceInfoSerialNumber)107 MtpServer::MtpServer(IMtpDatabase* database, int controlFd, bool ptp,
108 const char *deviceInfoManufacturer,
109 const char *deviceInfoModel,
110 const char *deviceInfoDeviceVersion,
111 const char *deviceInfoSerialNumber)
112 : mDatabase(database),
113 mPtp(ptp),
114 mDeviceInfoManufacturer(deviceInfoManufacturer),
115 mDeviceInfoModel(deviceInfoModel),
116 mDeviceInfoDeviceVersion(deviceInfoDeviceVersion),
117 mDeviceInfoSerialNumber(deviceInfoSerialNumber),
118 mSessionID(0),
119 mSessionOpen(false),
120 mSendObjectHandle(kInvalidObjectHandle),
121 mSendObjectFormat(0),
122 mSendObjectFileSize(0),
123 mSendObjectModifiedTime(0)
124 {
125 bool ffs_ok = access(FFS_MTP_EP0, W_OK) == 0;
126 if (ffs_ok) {
127 bool aio_compat = android::base::GetBoolProperty("sys.usb.ffs.aio_compat", false);
128 mHandle = aio_compat ? new MtpFfsCompatHandle(controlFd) : new MtpFfsHandle(controlFd);
129 } else {
130 mHandle = new MtpDevHandle();
131 }
132 }
133
~MtpServer()134 MtpServer::~MtpServer() {
135 }
136
addStorage(MtpStorage * storage)137 void MtpServer::addStorage(MtpStorage* storage) {
138 std::lock_guard<std::mutex> lg(mMutex);
139
140 mStorages.push_back(storage);
141 sendStoreAdded(storage->getStorageID());
142 }
143
removeStorage(MtpStorage * storage)144 void MtpServer::removeStorage(MtpStorage* storage) {
145 std::lock_guard<std::mutex> lg(mMutex);
146 auto iter = std::find(mStorages.begin(), mStorages.end(), storage);
147 if (iter != mStorages.end()) {
148 sendStoreRemoved(storage->getStorageID());
149 mStorages.erase(iter);
150 }
151 }
152
getStorage(MtpStorageID id)153 MtpStorage* MtpServer::getStorage(MtpStorageID id) {
154 if (id == 0)
155 return mStorages[0];
156 for (MtpStorage *storage : mStorages) {
157 if (storage->getStorageID() == id)
158 return storage;
159 }
160 return nullptr;
161 }
162
hasStorage(MtpStorageID id)163 bool MtpServer::hasStorage(MtpStorageID id) {
164 if (id == 0 || id == 0xFFFFFFFF)
165 return mStorages.size() > 0;
166 return (getStorage(id) != nullptr);
167 }
168
run()169 void MtpServer::run() {
170 if (mHandle->start(mPtp)) {
171 ALOGE("Failed to start usb driver!");
172 mHandle->close();
173 return;
174 }
175
176 while (1) {
177 int ret = mRequest.read(mHandle);
178 if (ret < 0) {
179 ALOGE("request read returned %d, errno: %d", ret, errno);
180 if (errno == ECANCELED) {
181 // return to top of loop and wait for next command
182 continue;
183 }
184 break;
185 }
186 MtpOperationCode operation = mRequest.getOperationCode();
187 MtpTransactionID transaction = mRequest.getTransactionID();
188
189 ALOGV("operation: %s", MtpDebug::getOperationCodeName(operation));
190 // FIXME need to generalize this
191 bool dataIn = (operation == MTP_OPERATION_SEND_OBJECT_INFO
192 || operation == MTP_OPERATION_SET_OBJECT_REFERENCES
193 || operation == MTP_OPERATION_SET_OBJECT_PROP_VALUE
194 || operation == MTP_OPERATION_SET_DEVICE_PROP_VALUE);
195 if (dataIn) {
196 int ret = mData.read(mHandle);
197 if (ret < 0) {
198 ALOGE("data read returned %d, errno: %d", ret, errno);
199 if (errno == ECANCELED) {
200 // return to top of loop and wait for next command
201 continue;
202 }
203 break;
204 }
205 ALOGV("received data:");
206 } else {
207 mData.reset();
208 }
209
210 if (handleRequest()) {
211 if (!dataIn && mData.hasData()) {
212 mData.setOperationCode(operation);
213 mData.setTransactionID(transaction);
214 ALOGV("sending data:");
215 ret = mData.write(mHandle);
216 if (ret < 0) {
217 ALOGE("request write returned %d, errno: %d", ret, errno);
218 if (errno == ECANCELED) {
219 // return to top of loop and wait for next command
220 continue;
221 }
222 break;
223 }
224 }
225
226 mResponse.setTransactionID(transaction);
227 ALOGV("sending response %04X", mResponse.getResponseCode());
228 ret = mResponse.write(mHandle);
229 const int savedErrno = errno;
230 if (ret < 0) {
231 ALOGE("request write returned %d, errno: %d", ret, errno);
232 if (savedErrno == ECANCELED) {
233 // return to top of loop and wait for next command
234 continue;
235 }
236 break;
237 }
238 } else {
239 ALOGV("skipping response\n");
240 }
241 }
242
243 // commit any open edits
244 int count = mObjectEditList.size();
245 for (int i = 0; i < count; i++) {
246 ObjectEdit* edit = mObjectEditList[i];
247 commitEdit(edit);
248 delete edit;
249 }
250 mObjectEditList.clear();
251
252 mHandle->close();
253 }
254
sendObjectAdded(MtpObjectHandle handle)255 void MtpServer::sendObjectAdded(MtpObjectHandle handle) {
256 ALOGV("sendObjectAdded %d\n", handle);
257 sendEvent(MTP_EVENT_OBJECT_ADDED, handle);
258 }
259
sendObjectRemoved(MtpObjectHandle handle)260 void MtpServer::sendObjectRemoved(MtpObjectHandle handle) {
261 ALOGV("sendObjectRemoved %d\n", handle);
262 sendEvent(MTP_EVENT_OBJECT_REMOVED, handle);
263 }
264
sendObjectInfoChanged(MtpObjectHandle handle)265 void MtpServer::sendObjectInfoChanged(MtpObjectHandle handle) {
266 ALOGV("sendObjectInfoChanged %d\n", handle);
267 sendEvent(MTP_EVENT_OBJECT_INFO_CHANGED, handle);
268 }
269
sendStoreAdded(MtpStorageID id)270 void MtpServer::sendStoreAdded(MtpStorageID id) {
271 ALOGV("sendStoreAdded %08X\n", id);
272 sendEvent(MTP_EVENT_STORE_ADDED, id);
273 }
274
sendStoreRemoved(MtpStorageID id)275 void MtpServer::sendStoreRemoved(MtpStorageID id) {
276 ALOGV("sendStoreRemoved %08X\n", id);
277 sendEvent(MTP_EVENT_STORE_REMOVED, id);
278 }
279
sendDevicePropertyChanged(MtpDeviceProperty property)280 void MtpServer::sendDevicePropertyChanged(MtpDeviceProperty property) {
281 ALOGV("sendDevicePropertyChanged %d\n", property);
282 sendEvent(MTP_EVENT_DEVICE_PROP_CHANGED, property);
283 }
284
sendEvent(MtpEventCode code,uint32_t param1)285 void MtpServer::sendEvent(MtpEventCode code, uint32_t param1) {
286 if (mSessionOpen) {
287 mEvent.setEventCode(code);
288 mEvent.setTransactionID(mRequest.getTransactionID());
289 mEvent.setParameter(1, param1);
290 if (mEvent.write(mHandle))
291 ALOGE("Mtp send event failed: %s", strerror(errno));
292 }
293 }
294
addEditObject(MtpObjectHandle handle,MtpStringBuffer & path,uint64_t size,MtpObjectFormat format,int fd)295 void MtpServer::addEditObject(MtpObjectHandle handle, MtpStringBuffer& path,
296 uint64_t size, MtpObjectFormat format, int fd) {
297 ObjectEdit* edit = new ObjectEdit(handle, path, size, format, fd);
298 mObjectEditList.push_back(edit);
299 }
300
getEditObject(MtpObjectHandle handle)301 MtpServer::ObjectEdit* MtpServer::getEditObject(MtpObjectHandle handle) {
302 int count = mObjectEditList.size();
303 for (int i = 0; i < count; i++) {
304 ObjectEdit* edit = mObjectEditList[i];
305 if (edit->mHandle == handle) return edit;
306 }
307 return nullptr;
308 }
309
removeEditObject(MtpObjectHandle handle)310 void MtpServer::removeEditObject(MtpObjectHandle handle) {
311 int count = mObjectEditList.size();
312 for (int i = 0; i < count; i++) {
313 ObjectEdit* edit = mObjectEditList[i];
314 if (edit->mHandle == handle) {
315 delete edit;
316 mObjectEditList.erase(mObjectEditList.begin() + i);
317 return;
318 }
319 }
320 ALOGE("ObjectEdit not found in removeEditObject");
321 }
322
commitEdit(ObjectEdit * edit)323 void MtpServer::commitEdit(ObjectEdit* edit) {
324 mDatabase->rescanFile((const char *)edit->mPath, edit->mHandle, edit->mFormat);
325 }
326
327
handleRequest()328 bool MtpServer::handleRequest() {
329 std::lock_guard<std::mutex> lg(mMutex);
330
331 MtpOperationCode operation = mRequest.getOperationCode();
332 MtpResponseCode response;
333
334 mResponse.reset();
335
336 if (mSendObjectHandle != kInvalidObjectHandle && operation != MTP_OPERATION_SEND_OBJECT) {
337 mSendObjectHandle = kInvalidObjectHandle;
338 mSendObjectFormat = 0;
339 mSendObjectModifiedTime = 0;
340 }
341
342 int containertype = mRequest.getContainerType();
343 if (containertype != MTP_CONTAINER_TYPE_COMMAND) {
344 ALOGE("wrong container type %d", containertype);
345 return false;
346 }
347
348 ALOGV("got command %s (%x)", MtpDebug::getOperationCodeName(operation), operation);
349
350 switch (operation) {
351 case MTP_OPERATION_GET_DEVICE_INFO:
352 response = doGetDeviceInfo();
353 break;
354 case MTP_OPERATION_OPEN_SESSION:
355 response = doOpenSession();
356 break;
357 case MTP_OPERATION_RESET_DEVICE:
358 case MTP_OPERATION_CLOSE_SESSION:
359 response = doCloseSession();
360 break;
361 case MTP_OPERATION_GET_STORAGE_IDS:
362 response = doGetStorageIDs();
363 break;
364 case MTP_OPERATION_GET_STORAGE_INFO:
365 response = doGetStorageInfo();
366 break;
367 case MTP_OPERATION_GET_OBJECT_PROPS_SUPPORTED:
368 response = doGetObjectPropsSupported();
369 break;
370 case MTP_OPERATION_GET_OBJECT_HANDLES:
371 response = doGetObjectHandles();
372 break;
373 case MTP_OPERATION_GET_NUM_OBJECTS:
374 response = doGetNumObjects();
375 break;
376 case MTP_OPERATION_GET_OBJECT_REFERENCES:
377 response = doGetObjectReferences();
378 break;
379 case MTP_OPERATION_SET_OBJECT_REFERENCES:
380 response = doSetObjectReferences();
381 break;
382 case MTP_OPERATION_GET_OBJECT_PROP_VALUE:
383 response = doGetObjectPropValue();
384 break;
385 case MTP_OPERATION_SET_OBJECT_PROP_VALUE:
386 response = doSetObjectPropValue();
387 break;
388 case MTP_OPERATION_GET_DEVICE_PROP_VALUE:
389 response = doGetDevicePropValue();
390 break;
391 case MTP_OPERATION_SET_DEVICE_PROP_VALUE:
392 response = doSetDevicePropValue();
393 break;
394 case MTP_OPERATION_RESET_DEVICE_PROP_VALUE:
395 response = doResetDevicePropValue();
396 break;
397 case MTP_OPERATION_GET_OBJECT_PROP_LIST:
398 response = doGetObjectPropList();
399 break;
400 case MTP_OPERATION_GET_OBJECT_INFO:
401 response = doGetObjectInfo();
402 break;
403 case MTP_OPERATION_GET_OBJECT:
404 response = doGetObject();
405 break;
406 case MTP_OPERATION_GET_THUMB:
407 response = doGetThumb();
408 break;
409 case MTP_OPERATION_GET_PARTIAL_OBJECT:
410 case MTP_OPERATION_GET_PARTIAL_OBJECT_64:
411 response = doGetPartialObject(operation);
412 break;
413 case MTP_OPERATION_SEND_OBJECT_INFO:
414 response = doSendObjectInfo();
415 break;
416 case MTP_OPERATION_SEND_OBJECT:
417 response = doSendObject();
418 break;
419 case MTP_OPERATION_DELETE_OBJECT:
420 response = doDeleteObject();
421 break;
422 case MTP_OPERATION_COPY_OBJECT:
423 response = doCopyObject();
424 break;
425 case MTP_OPERATION_MOVE_OBJECT:
426 response = doMoveObject();
427 break;
428 case MTP_OPERATION_GET_OBJECT_PROP_DESC:
429 response = doGetObjectPropDesc();
430 break;
431 case MTP_OPERATION_GET_DEVICE_PROP_DESC:
432 response = doGetDevicePropDesc();
433 break;
434 case MTP_OPERATION_SEND_PARTIAL_OBJECT:
435 response = doSendPartialObject();
436 break;
437 case MTP_OPERATION_TRUNCATE_OBJECT:
438 response = doTruncateObject();
439 break;
440 case MTP_OPERATION_BEGIN_EDIT_OBJECT:
441 response = doBeginEditObject();
442 break;
443 case MTP_OPERATION_END_EDIT_OBJECT:
444 response = doEndEditObject();
445 break;
446 default:
447 ALOGE("got unsupported command %s (%x)",
448 MtpDebug::getOperationCodeName(operation), operation);
449 response = MTP_RESPONSE_OPERATION_NOT_SUPPORTED;
450 break;
451 }
452
453 if (response != MTP_RESPONSE_OK)
454 ALOGW("[MTP] got response 0x%X in command %s (%x)", response,
455 MtpDebug::getOperationCodeName(operation), operation);
456 if (response == MTP_RESPONSE_TRANSACTION_CANCELLED)
457 return false;
458 mResponse.setResponseCode(response);
459 return true;
460 }
461
doGetDeviceInfo()462 MtpResponseCode MtpServer::doGetDeviceInfo() {
463 MtpStringBuffer string;
464
465 MtpObjectFormatList* playbackFormats = mDatabase->getSupportedPlaybackFormats();
466 MtpObjectFormatList* captureFormats = mDatabase->getSupportedCaptureFormats();
467 MtpDevicePropertyList* deviceProperties = mDatabase->getSupportedDeviceProperties();
468
469 // fill in device info
470 mData.putUInt16(MTP_STANDARD_VERSION);
471 if (mPtp) {
472 mData.putUInt32(0);
473 } else {
474 // MTP Vendor Extension ID
475 mData.putUInt32(6);
476 }
477 mData.putUInt16(MTP_STANDARD_VERSION);
478 if (mPtp) {
479 // no extensions
480 string.set("");
481 } else {
482 // MTP extensions
483 string.set("microsoft.com: 1.0; android.com: 1.0;");
484 }
485 mData.putString(string); // MTP Extensions
486 mData.putUInt16(0); //Functional Mode
487 mData.putAUInt16(kSupportedOperationCodes,
488 sizeof(kSupportedOperationCodes) / sizeof(uint16_t)); // Operations Supported
489 mData.putAUInt16(kSupportedEventCodes,
490 sizeof(kSupportedEventCodes) / sizeof(uint16_t)); // Events Supported
491 mData.putAUInt16(deviceProperties); // Device Properties Supported
492 mData.putAUInt16(captureFormats); // Capture Formats
493 mData.putAUInt16(playbackFormats); // Playback Formats
494
495 mData.putString(mDeviceInfoManufacturer); // Manufacturer
496 mData.putString(mDeviceInfoModel); // Model
497 mData.putString(mDeviceInfoDeviceVersion); // Device Version
498 mData.putString(mDeviceInfoSerialNumber); // Serial Number
499
500 delete playbackFormats;
501 delete captureFormats;
502 delete deviceProperties;
503
504 return MTP_RESPONSE_OK;
505 }
506
doOpenSession()507 MtpResponseCode MtpServer::doOpenSession() {
508 if (mSessionOpen) {
509 mResponse.setParameter(1, mSessionID);
510 return MTP_RESPONSE_SESSION_ALREADY_OPEN;
511 }
512 if (mRequest.getParameterCount() < 1)
513 return MTP_RESPONSE_INVALID_PARAMETER;
514
515 mSessionID = mRequest.getParameter(1);
516 mSessionOpen = true;
517
518 return MTP_RESPONSE_OK;
519 }
520
doCloseSession()521 MtpResponseCode MtpServer::doCloseSession() {
522 if (!mSessionOpen)
523 return MTP_RESPONSE_SESSION_NOT_OPEN;
524 mSessionID = 0;
525 mSessionOpen = false;
526 return MTP_RESPONSE_OK;
527 }
528
doGetStorageIDs()529 MtpResponseCode MtpServer::doGetStorageIDs() {
530 if (!mSessionOpen)
531 return MTP_RESPONSE_SESSION_NOT_OPEN;
532
533 int count = mStorages.size();
534 mData.putUInt32(count);
535 for (int i = 0; i < count; i++)
536 mData.putUInt32(mStorages[i]->getStorageID());
537
538 return MTP_RESPONSE_OK;
539 }
540
doGetStorageInfo()541 MtpResponseCode MtpServer::doGetStorageInfo() {
542 MtpStringBuffer string;
543
544 if (!mSessionOpen)
545 return MTP_RESPONSE_SESSION_NOT_OPEN;
546 if (mRequest.getParameterCount() < 1)
547 return MTP_RESPONSE_INVALID_PARAMETER;
548
549 MtpStorageID id = mRequest.getParameter(1);
550 MtpStorage* storage = getStorage(id);
551 if (!storage)
552 return MTP_RESPONSE_INVALID_STORAGE_ID;
553
554 mData.putUInt16(storage->getType());
555 mData.putUInt16(storage->getFileSystemType());
556 mData.putUInt16(storage->getAccessCapability());
557 mData.putUInt64(storage->getMaxCapacity());
558 mData.putUInt64(storage->getFreeSpace());
559 mData.putUInt32(1024*1024*1024); // Free Space in Objects
560 string.set(storage->getDescription());
561 mData.putString(string);
562 mData.putEmptyString(); // Volume Identifier
563
564 return MTP_RESPONSE_OK;
565 }
566
doGetObjectPropsSupported()567 MtpResponseCode MtpServer::doGetObjectPropsSupported() {
568 if (!mSessionOpen)
569 return MTP_RESPONSE_SESSION_NOT_OPEN;
570 if (mRequest.getParameterCount() < 1)
571 return MTP_RESPONSE_INVALID_PARAMETER;
572 MtpObjectFormat format = mRequest.getParameter(1);
573 MtpObjectPropertyList* properties = mDatabase->getSupportedObjectProperties(format);
574 mData.putAUInt16(properties);
575 delete properties;
576 return MTP_RESPONSE_OK;
577 }
578
doGetObjectHandles()579 MtpResponseCode MtpServer::doGetObjectHandles() {
580 if (!mSessionOpen)
581 return MTP_RESPONSE_SESSION_NOT_OPEN;
582 if (mRequest.getParameterCount() < 3)
583 return MTP_RESPONSE_INVALID_PARAMETER;
584 MtpStorageID storageID = mRequest.getParameter(1); // 0xFFFFFFFF for all storage
585 MtpObjectFormat format = mRequest.getParameter(2); // 0 for all formats
586 MtpObjectHandle parent = mRequest.getParameter(3); // 0xFFFFFFFF for objects with no parent
587 // 0x00000000 for all objects
588
589 if (!hasStorage(storageID))
590 return MTP_RESPONSE_INVALID_STORAGE_ID;
591
592 MtpObjectHandleList* handles = mDatabase->getObjectList(storageID, format, parent);
593 if (handles == NULL)
594 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
595 mData.putAUInt32(handles);
596 delete handles;
597 return MTP_RESPONSE_OK;
598 }
599
doGetNumObjects()600 MtpResponseCode MtpServer::doGetNumObjects() {
601 if (!mSessionOpen)
602 return MTP_RESPONSE_SESSION_NOT_OPEN;
603 if (mRequest.getParameterCount() < 3)
604 return MTP_RESPONSE_INVALID_PARAMETER;
605 MtpStorageID storageID = mRequest.getParameter(1); // 0xFFFFFFFF for all storage
606 MtpObjectFormat format = mRequest.getParameter(2); // 0 for all formats
607 MtpObjectHandle parent = mRequest.getParameter(3); // 0xFFFFFFFF for objects with no parent
608 // 0x00000000 for all objects
609 if (!hasStorage(storageID))
610 return MTP_RESPONSE_INVALID_STORAGE_ID;
611
612 int count = mDatabase->getNumObjects(storageID, format, parent);
613 if (count >= 0) {
614 mResponse.setParameter(1, count);
615 return MTP_RESPONSE_OK;
616 } else {
617 mResponse.setParameter(1, 0);
618 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
619 }
620 }
621
doGetObjectReferences()622 MtpResponseCode MtpServer::doGetObjectReferences() {
623 if (!mSessionOpen)
624 return MTP_RESPONSE_SESSION_NOT_OPEN;
625 if (!hasStorage())
626 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
627 if (mRequest.getParameterCount() < 1)
628 return MTP_RESPONSE_INVALID_PARAMETER;
629 MtpObjectHandle handle = mRequest.getParameter(1);
630
631 // FIXME - check for invalid object handle
632 MtpObjectHandleList* handles = mDatabase->getObjectReferences(handle);
633 if (handles) {
634 mData.putAUInt32(handles);
635 delete handles;
636 } else {
637 mData.putEmptyArray();
638 }
639 return MTP_RESPONSE_OK;
640 }
641
doSetObjectReferences()642 MtpResponseCode MtpServer::doSetObjectReferences() {
643 if (!mSessionOpen)
644 return MTP_RESPONSE_SESSION_NOT_OPEN;
645 if (!hasStorage())
646 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
647 if (mRequest.getParameterCount() < 1)
648 return MTP_RESPONSE_INVALID_PARAMETER;
649 MtpStorageID handle = mRequest.getParameter(1);
650
651 MtpObjectHandleList* references = mData.getAUInt32();
652 if (!references)
653 return MTP_RESPONSE_INVALID_PARAMETER;
654 MtpResponseCode result = mDatabase->setObjectReferences(handle, references);
655 delete references;
656 return result;
657 }
658
doGetObjectPropValue()659 MtpResponseCode MtpServer::doGetObjectPropValue() {
660 if (!hasStorage())
661 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
662 if (mRequest.getParameterCount() < 2)
663 return MTP_RESPONSE_INVALID_PARAMETER;
664 MtpObjectHandle handle = mRequest.getParameter(1);
665 MtpObjectProperty property = mRequest.getParameter(2);
666 ALOGV("GetObjectPropValue %d %s (0x%04X)\n", handle,
667 MtpDebug::getObjectPropCodeName(property), property);
668
669 return mDatabase->getObjectPropertyValue(handle, property, mData);
670 }
671
doSetObjectPropValue()672 MtpResponseCode MtpServer::doSetObjectPropValue() {
673 if (!hasStorage())
674 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
675 if (mRequest.getParameterCount() < 2)
676 return MTP_RESPONSE_INVALID_PARAMETER;
677 MtpObjectHandle handle = mRequest.getParameter(1);
678 MtpObjectProperty property = mRequest.getParameter(2);
679 ALOGV("SetObjectPropValue %d %s\n", handle,
680 MtpDebug::getObjectPropCodeName(property));
681
682 return mDatabase->setObjectPropertyValue(handle, property, mData);
683 }
684
doGetDevicePropValue()685 MtpResponseCode MtpServer::doGetDevicePropValue() {
686 if (mRequest.getParameterCount() < 1)
687 return MTP_RESPONSE_INVALID_PARAMETER;
688 MtpDeviceProperty property = mRequest.getParameter(1);
689 ALOGV("GetDevicePropValue %s\n",
690 MtpDebug::getDevicePropCodeName(property));
691
692 return mDatabase->getDevicePropertyValue(property, mData);
693 }
694
doSetDevicePropValue()695 MtpResponseCode MtpServer::doSetDevicePropValue() {
696 if (mRequest.getParameterCount() < 1)
697 return MTP_RESPONSE_INVALID_PARAMETER;
698 MtpDeviceProperty property = mRequest.getParameter(1);
699 ALOGV("SetDevicePropValue %s\n",
700 MtpDebug::getDevicePropCodeName(property));
701
702 return mDatabase->setDevicePropertyValue(property, mData);
703 }
704
doResetDevicePropValue()705 MtpResponseCode MtpServer::doResetDevicePropValue() {
706 if (mRequest.getParameterCount() < 1)
707 return MTP_RESPONSE_INVALID_PARAMETER;
708 MtpDeviceProperty property = mRequest.getParameter(1);
709 ALOGV("ResetDevicePropValue %s\n",
710 MtpDebug::getDevicePropCodeName(property));
711
712 return mDatabase->resetDeviceProperty(property);
713 }
714
doGetObjectPropList()715 MtpResponseCode MtpServer::doGetObjectPropList() {
716 if (!hasStorage())
717 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
718 if (mRequest.getParameterCount() < 5)
719 return MTP_RESPONSE_INVALID_PARAMETER;
720
721 MtpObjectHandle handle = mRequest.getParameter(1);
722 // use uint32_t so we can support 0xFFFFFFFF
723 uint32_t format = mRequest.getParameter(2);
724 uint32_t property = mRequest.getParameter(3);
725 int groupCode = mRequest.getParameter(4);
726 int depth = mRequest.getParameter(5);
727 ALOGV("GetObjectPropList %d format: %s property: %s group: %d depth: %d\n",
728 handle, MtpDebug::getFormatCodeName(format),
729 MtpDebug::getObjectPropCodeName(property), groupCode, depth);
730
731 return mDatabase->getObjectPropertyList(handle, format, property, groupCode, depth, mData);
732 }
733
doGetObjectInfo()734 MtpResponseCode MtpServer::doGetObjectInfo() {
735 if (!hasStorage())
736 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
737 if (mRequest.getParameterCount() < 1)
738 return MTP_RESPONSE_INVALID_PARAMETER;
739 MtpObjectHandle handle = mRequest.getParameter(1);
740 MtpObjectInfo info(handle);
741 MtpResponseCode result = mDatabase->getObjectInfo(handle, info);
742 if (result == MTP_RESPONSE_OK) {
743 char date[20];
744
745 mData.putUInt32(info.mStorageID);
746 mData.putUInt16(info.mFormat);
747 mData.putUInt16(info.mProtectionStatus);
748
749 // if object is being edited the database size may be out of date
750 uint32_t size = info.mCompressedSize;
751 ObjectEdit* edit = getEditObject(handle);
752 if (edit)
753 size = (edit->mSize > 0xFFFFFFFFLL ? 0xFFFFFFFF : (uint32_t)edit->mSize);
754 mData.putUInt32(size);
755
756 mData.putUInt16(info.mThumbFormat);
757 mData.putUInt32(info.mThumbCompressedSize);
758 mData.putUInt32(info.mThumbPixWidth);
759 mData.putUInt32(info.mThumbPixHeight);
760 mData.putUInt32(info.mImagePixWidth);
761 mData.putUInt32(info.mImagePixHeight);
762 mData.putUInt32(info.mImagePixDepth);
763 mData.putUInt32(info.mParent);
764 mData.putUInt16(info.mAssociationType);
765 mData.putUInt32(info.mAssociationDesc);
766 mData.putUInt32(info.mSequenceNumber);
767 mData.putString(info.mName);
768 formatDateTime(info.mDateCreated, date, sizeof(date));
769 mData.putString(date); // date created
770 formatDateTime(info.mDateModified, date, sizeof(date));
771 mData.putString(date); // date modified
772 mData.putEmptyString(); // keywords
773 }
774 return result;
775 }
776
doGetObject()777 MtpResponseCode MtpServer::doGetObject() {
778 if (!hasStorage())
779 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
780 if (mRequest.getParameterCount() < 1)
781 return MTP_RESPONSE_INVALID_PARAMETER;
782 MtpObjectHandle handle = mRequest.getParameter(1);
783 MtpStringBuffer pathBuf;
784 int64_t fileLength;
785 MtpObjectFormat format;
786 int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength, format);
787 if (result != MTP_RESPONSE_OK)
788 return result;
789
790 auto start = std::chrono::steady_clock::now();
791
792 const char* filePath = (const char *)pathBuf;
793 mtp_file_range mfr;
794 struct stat sstat;
795 uint64_t finalsize;
796 bool transcode = android::base::GetBoolProperty("sys.fuse.transcode_mtp", false);
797 bool filePathAccess = true;
798 ALOGD("Mtp transcode = %d", transcode);
799
800 // For performance reasons, only attempt a ContentResolver open when transcode is required.
801 // This is fine as long as we don't transcode by default on the device. If we suddenly
802 // transcode by default, we'll need to ensure that MTP doesn't transcode by default and we
803 // might need to make a binder call to avoid transcoding or come up with a better strategy.
804 if (transcode) {
805 mfr.fd = mDatabase->openFilePath(filePath, true);
806 fstat(mfr.fd, &sstat);
807 finalsize = sstat.st_size;
808 fileLength = finalsize;
809 if (mfr.fd < 0) {
810 ALOGW("Mtp open via IMtpDatabase failed for %s. Falling back to the original",
811 filePath);
812 filePathAccess = true;
813 } else {
814 filePathAccess = false;
815 }
816 }
817
818 if (filePathAccess) {
819 mfr.fd = open(filePath, O_RDONLY);
820 if (mfr.fd < 0) {
821 return MTP_RESPONSE_GENERAL_ERROR;
822 }
823 fstat(mfr.fd, &sstat);
824 finalsize = sstat.st_size;
825 }
826
827 mfr.offset = 0;
828 mfr.length = fileLength;
829 mfr.command = mRequest.getOperationCode();
830 mfr.transaction_id = mRequest.getTransactionID();
831
832 // then transfer the file
833 int ret = mHandle->sendFile(mfr);
834 if (ret < 0) {
835 ALOGE("Mtp send file got error %s", strerror(errno));
836 if (errno == ECANCELED) {
837 result = MTP_RESPONSE_TRANSACTION_CANCELLED;
838 } else {
839 result = MTP_RESPONSE_GENERAL_ERROR;
840 }
841 } else {
842 result = MTP_RESPONSE_OK;
843 }
844
845 auto end = std::chrono::steady_clock::now();
846 std::chrono::duration<double> diff = end - start;
847 ALOGV("Sent a file over MTP. Time: %f s, Size: %" PRIu64 ", Rate: %f bytes/s",
848 diff.count(), finalsize, ((double) finalsize) / diff.count());
849 closeObjFd(mfr.fd, filePath);
850 return result;
851 }
852
doGetThumb()853 MtpResponseCode MtpServer::doGetThumb() {
854 if (mRequest.getParameterCount() < 1)
855 return MTP_RESPONSE_INVALID_PARAMETER;
856 MtpObjectHandle handle = mRequest.getParameter(1);
857 size_t thumbSize;
858 void* thumb = mDatabase->getThumbnail(handle, thumbSize);
859 if (thumb) {
860 // send data
861 mData.setOperationCode(mRequest.getOperationCode());
862 mData.setTransactionID(mRequest.getTransactionID());
863 mData.writeData(mHandle, thumb, thumbSize);
864 free(thumb);
865 return MTP_RESPONSE_OK;
866 } else {
867 return MTP_RESPONSE_GENERAL_ERROR;
868 }
869 }
870
doGetPartialObject(MtpOperationCode operation)871 MtpResponseCode MtpServer::doGetPartialObject(MtpOperationCode operation) {
872 if (!hasStorage())
873 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
874 MtpObjectHandle handle = mRequest.getParameter(1);
875 uint64_t offset;
876 uint32_t length;
877 offset = mRequest.getParameter(2);
878 if (operation == MTP_OPERATION_GET_PARTIAL_OBJECT_64) {
879 // MTP_OPERATION_GET_PARTIAL_OBJECT_64 takes 4 arguments
880 if (mRequest.getParameterCount() < 4)
881 return MTP_RESPONSE_INVALID_PARAMETER;
882
883 // android extension with 64 bit offset
884 uint64_t offset2 = mRequest.getParameter(3);
885 offset = offset | (offset2 << 32);
886 length = mRequest.getParameter(4);
887 } else {
888 // MTP_OPERATION_GET_PARTIAL_OBJECT takes 3 arguments
889 if (mRequest.getParameterCount() < 3)
890 return MTP_RESPONSE_INVALID_PARAMETER;
891
892 // standard GetPartialObject
893 length = mRequest.getParameter(3);
894 }
895 MtpStringBuffer pathBuf;
896 int64_t fileLength;
897 MtpObjectFormat format;
898 int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength, format);
899 if (result != MTP_RESPONSE_OK)
900 return result;
901 if (offset + length > (uint64_t)fileLength)
902 length = fileLength - offset;
903
904 const char* filePath = (const char *)pathBuf;
905 ALOGV("sending partial %s %" PRIu64 " %" PRIu32, filePath, offset, length);
906 mtp_file_range mfr;
907 mfr.fd = open(filePath, O_RDONLY);
908 if (mfr.fd < 0) {
909 return MTP_RESPONSE_GENERAL_ERROR;
910 }
911 mfr.offset = offset;
912 mfr.length = length;
913 mfr.command = mRequest.getOperationCode();
914 mfr.transaction_id = mRequest.getTransactionID();
915 mResponse.setParameter(1, length);
916
917 // transfer the file
918 int ret = mHandle->sendFile(mfr);
919 ALOGV("MTP_SEND_FILE_WITH_HEADER returned %d\n", ret);
920 result = MTP_RESPONSE_OK;
921 if (ret < 0) {
922 if (errno == ECANCELED)
923 result = MTP_RESPONSE_TRANSACTION_CANCELLED;
924 else
925 result = MTP_RESPONSE_GENERAL_ERROR;
926 }
927 closeObjFd(mfr.fd, filePath);
928 return result;
929 }
930
doSendObjectInfo()931 MtpResponseCode MtpServer::doSendObjectInfo() {
932 MtpStringBuffer path;
933 uint16_t temp16;
934 uint32_t temp32;
935
936 if (mRequest.getParameterCount() < 2)
937 return MTP_RESPONSE_INVALID_PARAMETER;
938 MtpStorageID storageID = mRequest.getParameter(1);
939 MtpStorage* storage = getStorage(storageID);
940 MtpObjectHandle parent = mRequest.getParameter(2);
941 if (!storage)
942 return MTP_RESPONSE_INVALID_STORAGE_ID;
943
944 // special case the root
945 if (parent == MTP_PARENT_ROOT) {
946 path.set(storage->getPath());
947 parent = 0;
948 } else {
949 int64_t length;
950 MtpObjectFormat format;
951 int result = mDatabase->getObjectFilePath(parent, path, length, format);
952 if (result != MTP_RESPONSE_OK)
953 return result;
954 if (format != MTP_FORMAT_ASSOCIATION)
955 return MTP_RESPONSE_INVALID_PARENT_OBJECT;
956 }
957
958 // read only the fields we need
959 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // storage ID
960 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER;
961 MtpObjectFormat format = temp16;
962 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER; // protection status
963 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER;
964 mSendObjectFileSize = temp32;
965 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb format
966 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb compressed size
967 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb pix width
968 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb pix height
969 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // image pix width
970 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // image pix height
971 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // image bit depth
972 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // parent
973 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER;
974 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER;
975 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // sequence number
976 MtpStringBuffer name, created, modified;
977 if (!mData.getString(name)) return MTP_RESPONSE_INVALID_PARAMETER; // file name
978 if (name.isEmpty()) {
979 ALOGE("empty name");
980 return MTP_RESPONSE_INVALID_PARAMETER;
981 }
982 if (!mData.getString(created)) return MTP_RESPONSE_INVALID_PARAMETER; // date created
983 if (!mData.getString(modified)) return MTP_RESPONSE_INVALID_PARAMETER; // date modified
984 // keywords follow
985
986 int type = storage->getType();
987 if (type == MTP_STORAGE_REMOVABLE_RAM) {
988 std::string str = android::base::Trim((const char*)name);
989 name.set(str.c_str());
990 }
991 ALOGV("name: %s format: 0x%04X (%s)\n", (const char*)name, format,
992 MtpDebug::getFormatCodeName(format));
993 time_t modifiedTime;
994 if (!parseDateTime(modified, modifiedTime))
995 modifiedTime = 0;
996
997 if ((strcmp(name, ".") == 0) || (strcmp(name, "..") == 0) ||
998 (strchr(name, '/') != NULL)) {
999 char errMsg[80];
1000
1001 snprintf(errMsg, sizeof(errMsg), "Invalid name: %s", (const char *) name);
1002 ALOGE("%s (b/130656917)", errMsg);
1003 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "130656917", -1, errMsg,
1004 strlen(errMsg));
1005
1006 return MTP_RESPONSE_INVALID_PARAMETER;
1007 }
1008 if (path[path.size() - 1] != '/')
1009 path.append("/");
1010 path.append(name);
1011
1012 // check space first
1013 if (mSendObjectFileSize > storage->getFreeSpace())
1014 return MTP_RESPONSE_STORAGE_FULL;
1015 uint64_t maxFileSize = storage->getMaxFileSize();
1016 // check storage max file size
1017 if (maxFileSize != 0) {
1018 // if mSendObjectFileSize is 0xFFFFFFFF, then all we know is the file size
1019 // is >= 0xFFFFFFFF
1020 if (mSendObjectFileSize > maxFileSize || mSendObjectFileSize == 0xFFFFFFFF)
1021 return MTP_RESPONSE_OBJECT_TOO_LARGE;
1022 }
1023
1024 ALOGV("path: %s parent: %d storageID: %08X", (const char*)path, parent, storageID);
1025 MtpObjectHandle handle = mDatabase->beginSendObject((const char*)path, format,
1026 parent, storageID);
1027 ALOGD("handle: %d, parent: %d, storageID: %08X", handle, parent, storageID);
1028 if (handle == kInvalidObjectHandle) {
1029 return MTP_RESPONSE_GENERAL_ERROR;
1030 }
1031
1032 if (format == MTP_FORMAT_ASSOCIATION) {
1033 int ret = makeFolder((const char *)path);
1034 if (ret)
1035 return MTP_RESPONSE_GENERAL_ERROR;
1036
1037 // SendObject does not get sent for directories, so call endSendObject here instead
1038 mDatabase->endSendObject(handle, MTP_RESPONSE_OK);
1039 }
1040 mSendObjectFilePath = path;
1041 // save the handle for the SendObject call, which should follow
1042 mSendObjectHandle = handle;
1043 mSendObjectFormat = format;
1044 mSendObjectModifiedTime = modifiedTime;
1045
1046 mResponse.setParameter(1, storageID);
1047 mResponse.setParameter(2, parent);
1048 mResponse.setParameter(3, handle);
1049
1050 return MTP_RESPONSE_OK;
1051 }
1052
doMoveObject()1053 MtpResponseCode MtpServer::doMoveObject() {
1054 if (!hasStorage())
1055 return MTP_RESPONSE_GENERAL_ERROR;
1056 if (mRequest.getParameterCount() < 3)
1057 return MTP_RESPONSE_INVALID_PARAMETER;
1058 MtpObjectHandle objectHandle = mRequest.getParameter(1);
1059 MtpStorageID storageID = mRequest.getParameter(2);
1060 MtpStorage* storage = getStorage(storageID);
1061 MtpObjectHandle parent = mRequest.getParameter(3);
1062 if (!storage)
1063 return MTP_RESPONSE_INVALID_STORAGE_ID;
1064 MtpStringBuffer path;
1065 MtpResponseCode result;
1066
1067 MtpStringBuffer fromPath;
1068 int64_t fileLength;
1069 MtpObjectFormat format;
1070 MtpObjectInfo info(objectHandle);
1071 result = mDatabase->getObjectInfo(objectHandle, info);
1072 if (result != MTP_RESPONSE_OK)
1073 return result;
1074 result = mDatabase->getObjectFilePath(objectHandle, fromPath, fileLength, format);
1075 if (result != MTP_RESPONSE_OK)
1076 return result;
1077
1078 // special case the root
1079 if (parent == 0) {
1080 path.set(storage->getPath());
1081 } else {
1082 int64_t parentLength;
1083 MtpObjectFormat parentFormat;
1084 result = mDatabase->getObjectFilePath(parent, path, parentLength, parentFormat);
1085 if (result != MTP_RESPONSE_OK)
1086 return result;
1087 if (parentFormat != MTP_FORMAT_ASSOCIATION)
1088 return MTP_RESPONSE_INVALID_PARENT_OBJECT;
1089 }
1090
1091 if (path[path.size() - 1] != '/')
1092 path.append("/");
1093 path.append(info.mName);
1094
1095 result = mDatabase->beginMoveObject(objectHandle, parent, storageID);
1096 if (result != MTP_RESPONSE_OK)
1097 return result;
1098
1099 if (info.mStorageID == storageID) {
1100 ALOGV("Moving file from %s to %s", (const char*)fromPath, (const char*)path);
1101 if (renameTo(fromPath, path)) {
1102 PLOG(ERROR) << "rename() failed from " << fromPath << " to " << path;
1103 result = MTP_RESPONSE_GENERAL_ERROR;
1104 }
1105 } else {
1106 ALOGV("Moving across storages from %s to %s", (const char*)fromPath, (const char*)path);
1107 if (format == MTP_FORMAT_ASSOCIATION) {
1108 int ret = makeFolder((const char *)path);
1109 ret += copyRecursive(fromPath, path);
1110 if (ret) {
1111 result = MTP_RESPONSE_GENERAL_ERROR;
1112 } else {
1113 deletePath(fromPath);
1114 }
1115 } else {
1116 if (copyFile(fromPath, path)) {
1117 result = MTP_RESPONSE_GENERAL_ERROR;
1118 } else {
1119 deletePath(fromPath);
1120 }
1121 }
1122 }
1123
1124 // If the move failed, undo the database change
1125 mDatabase->endMoveObject(info.mParent, parent, info.mStorageID, storageID, objectHandle,
1126 result == MTP_RESPONSE_OK);
1127
1128 return result;
1129 }
1130
doCopyObject()1131 MtpResponseCode MtpServer::doCopyObject() {
1132 if (!hasStorage())
1133 return MTP_RESPONSE_GENERAL_ERROR;
1134 MtpResponseCode result = MTP_RESPONSE_OK;
1135 if (mRequest.getParameterCount() < 3)
1136 return MTP_RESPONSE_INVALID_PARAMETER;
1137 MtpObjectHandle objectHandle = mRequest.getParameter(1);
1138 MtpStorageID storageID = mRequest.getParameter(2);
1139 MtpStorage* storage = getStorage(storageID);
1140 MtpObjectHandle parent = mRequest.getParameter(3);
1141 if (!storage)
1142 return MTP_RESPONSE_INVALID_STORAGE_ID;
1143 MtpStringBuffer path;
1144
1145 MtpStringBuffer fromPath;
1146 int64_t fileLength;
1147 MtpObjectFormat format;
1148 MtpObjectInfo info(objectHandle);
1149 result = mDatabase->getObjectInfo(objectHandle, info);
1150 if (result != MTP_RESPONSE_OK)
1151 return result;
1152 result = mDatabase->getObjectFilePath(objectHandle, fromPath, fileLength, format);
1153 if (result != MTP_RESPONSE_OK)
1154 return result;
1155
1156 // special case the root
1157 if (parent == 0) {
1158 path.set(storage->getPath());
1159 } else {
1160 int64_t parentLength;
1161 MtpObjectFormat parentFormat;
1162 result = mDatabase->getObjectFilePath(parent, path, parentLength, parentFormat);
1163 if (result != MTP_RESPONSE_OK)
1164 return result;
1165 if (parentFormat != MTP_FORMAT_ASSOCIATION)
1166 return MTP_RESPONSE_INVALID_PARENT_OBJECT;
1167 }
1168
1169 // check space first
1170 if ((uint64_t) fileLength > storage->getFreeSpace())
1171 return MTP_RESPONSE_STORAGE_FULL;
1172
1173 if (path[path.size() - 1] != '/')
1174 path.append("/");
1175 path.append(info.mName);
1176
1177 MtpObjectHandle handle = mDatabase->beginCopyObject(objectHandle, parent, storageID);
1178 if (handle == kInvalidObjectHandle) {
1179 return MTP_RESPONSE_GENERAL_ERROR;
1180 }
1181
1182 ALOGV("Copying file from %s to %s", (const char*)fromPath, (const char*)path);
1183 if (format == MTP_FORMAT_ASSOCIATION) {
1184 int ret = makeFolder((const char *)path);
1185 ret += copyRecursive(fromPath, path);
1186 if (ret) {
1187 result = MTP_RESPONSE_GENERAL_ERROR;
1188 }
1189 } else {
1190 if (copyFile(fromPath, path)) {
1191 result = MTP_RESPONSE_GENERAL_ERROR;
1192 }
1193 }
1194
1195 mDatabase->endCopyObject(handle, result);
1196 mResponse.setParameter(1, handle);
1197 return result;
1198 }
1199
doSendObject()1200 MtpResponseCode MtpServer::doSendObject() {
1201 if (!hasStorage())
1202 return MTP_RESPONSE_GENERAL_ERROR;
1203 MtpResponseCode result = MTP_RESPONSE_OK;
1204 mode_t mask;
1205 int ret, initialData;
1206 bool isCanceled = false;
1207 struct stat sstat = {};
1208
1209 auto start = std::chrono::steady_clock::now();
1210
1211 if (mSendObjectHandle == kInvalidObjectHandle) {
1212 ALOGE("Expected SendObjectInfo before SendObject");
1213 result = MTP_RESPONSE_NO_VALID_OBJECT_INFO;
1214 goto done;
1215 }
1216
1217 // read the header, and possibly some data
1218 ret = mData.read(mHandle);
1219 if (ret < MTP_CONTAINER_HEADER_SIZE) {
1220 result = MTP_RESPONSE_GENERAL_ERROR;
1221 goto done;
1222 }
1223 initialData = ret - MTP_CONTAINER_HEADER_SIZE;
1224
1225 if (mSendObjectFormat == MTP_FORMAT_ASSOCIATION) {
1226 if (initialData != 0)
1227 ALOGE("Expected folder size to be 0!");
1228 mSendObjectHandle = kInvalidObjectHandle;
1229 mSendObjectFormat = 0;
1230 mSendObjectModifiedTime = 0;
1231 return result;
1232 }
1233
1234 mtp_file_range mfr;
1235 mfr.fd = open(mSendObjectFilePath, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
1236 if (mfr.fd < 0) {
1237 result = MTP_RESPONSE_GENERAL_ERROR;
1238 goto done;
1239 }
1240 fchown(mfr.fd, getuid(), FILE_GROUP);
1241 // set permissions
1242 mask = umask(0);
1243 fchmod(mfr.fd, FILE_PERM);
1244 umask(mask);
1245
1246 if (initialData > 0) {
1247 ret = write(mfr.fd, mData.getData(), initialData);
1248 }
1249
1250 if (ret < 0) {
1251 ALOGE("failed to write initial data");
1252 result = MTP_RESPONSE_GENERAL_ERROR;
1253 } else {
1254 mfr.offset = initialData;
1255 if (mSendObjectFileSize == 0xFFFFFFFF) {
1256 // tell driver to read until it receives a short packet
1257 mfr.length = 0xFFFFFFFF;
1258 } else {
1259 mfr.length = mSendObjectFileSize - initialData;
1260 }
1261
1262 mfr.command = 0;
1263 mfr.transaction_id = 0;
1264
1265 // transfer the file
1266 ret = mHandle->receiveFile(mfr, mfr.length == 0 &&
1267 initialData == MTP_BUFFER_SIZE - MTP_CONTAINER_HEADER_SIZE);
1268 if ((ret < 0) && (errno == ECANCELED)) {
1269 isCanceled = true;
1270 }
1271 }
1272
1273 if (mSendObjectModifiedTime) {
1274 struct timespec newTime[2];
1275 newTime[0].tv_nsec = UTIME_NOW;
1276 newTime[1].tv_sec = mSendObjectModifiedTime;
1277 newTime[1].tv_nsec = 0;
1278 if (futimens(mfr.fd, newTime) < 0) {
1279 ALOGW("changing modified time failed, %s", strerror(errno));
1280 }
1281 }
1282
1283 fstat(mfr.fd, &sstat);
1284 closeObjFd(mfr.fd, mSendObjectFilePath);
1285
1286 if (ret < 0) {
1287 ALOGE("Mtp receive file got error %s", strerror(errno));
1288 unlink(mSendObjectFilePath);
1289 if (isCanceled)
1290 result = MTP_RESPONSE_TRANSACTION_CANCELLED;
1291 else
1292 result = MTP_RESPONSE_GENERAL_ERROR;
1293 }
1294
1295 done:
1296 // reset so we don't attempt to send the data back
1297 mData.reset();
1298
1299 mDatabase->endSendObject(mSendObjectHandle, result == MTP_RESPONSE_OK);
1300 mSendObjectHandle = kInvalidObjectHandle;
1301 mSendObjectFormat = 0;
1302 mSendObjectModifiedTime = 0;
1303
1304 auto end = std::chrono::steady_clock::now();
1305 std::chrono::duration<double> diff = end - start;
1306 uint64_t finalsize = sstat.st_size;
1307 ALOGV("Got a file over MTP. Time: %fs, Size: %" PRIu64 ", Rate: %f bytes/s",
1308 diff.count(), finalsize, ((double) finalsize) / diff.count());
1309 return result;
1310 }
1311
doDeleteObject()1312 MtpResponseCode MtpServer::doDeleteObject() {
1313 if (!hasStorage())
1314 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
1315 if (mRequest.getParameterCount() < 1)
1316 return MTP_RESPONSE_INVALID_PARAMETER;
1317 MtpObjectHandle handle = mRequest.getParameter(1);
1318 MtpObjectFormat format;
1319 // FIXME - support deleting all objects if handle is 0xFFFFFFFF
1320 // FIXME - implement deleting objects by format
1321
1322 MtpStringBuffer filePath;
1323 int64_t fileLength;
1324 int result = mDatabase->getObjectFilePath(handle, filePath, fileLength, format);
1325 if (result != MTP_RESPONSE_OK)
1326 return result;
1327
1328 // Don't delete the actual files unless the database deletion is allowed
1329 result = mDatabase->beginDeleteObject(handle);
1330 if (result != MTP_RESPONSE_OK)
1331 return result;
1332
1333 bool success = deletePath((const char *)filePath);
1334
1335 mDatabase->endDeleteObject(handle, success);
1336 return success ? result : MTP_RESPONSE_PARTIAL_DELETION;
1337 }
1338
doGetObjectPropDesc()1339 MtpResponseCode MtpServer::doGetObjectPropDesc() {
1340 if (mRequest.getParameterCount() < 2)
1341 return MTP_RESPONSE_INVALID_PARAMETER;
1342 MtpObjectProperty propCode = mRequest.getParameter(1);
1343 MtpObjectFormat format = mRequest.getParameter(2);
1344 ALOGV("GetObjectPropDesc %s %s\n", MtpDebug::getObjectPropCodeName(propCode),
1345 MtpDebug::getFormatCodeName(format));
1346 MtpProperty* property = mDatabase->getObjectPropertyDesc(propCode, format);
1347 if (!property)
1348 return MTP_RESPONSE_OBJECT_PROP_NOT_SUPPORTED;
1349 property->write(mData);
1350 delete property;
1351 return MTP_RESPONSE_OK;
1352 }
1353
doGetDevicePropDesc()1354 MtpResponseCode MtpServer::doGetDevicePropDesc() {
1355 if (mRequest.getParameterCount() < 1)
1356 return MTP_RESPONSE_INVALID_PARAMETER;
1357 MtpDeviceProperty propCode = mRequest.getParameter(1);
1358 ALOGV("GetDevicePropDesc %s\n", MtpDebug::getDevicePropCodeName(propCode));
1359 MtpProperty* property = mDatabase->getDevicePropertyDesc(propCode);
1360 if (!property)
1361 return MTP_RESPONSE_DEVICE_PROP_NOT_SUPPORTED;
1362 property->write(mData);
1363 delete property;
1364 return MTP_RESPONSE_OK;
1365 }
1366
doSendPartialObject()1367 MtpResponseCode MtpServer::doSendPartialObject() {
1368 if (!hasStorage())
1369 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
1370 if (mRequest.getParameterCount() < 4)
1371 return MTP_RESPONSE_INVALID_PARAMETER;
1372 MtpObjectHandle handle = mRequest.getParameter(1);
1373 uint64_t offset = mRequest.getParameter(2);
1374 uint64_t offset2 = mRequest.getParameter(3);
1375 offset = offset | (offset2 << 32);
1376 uint32_t length = mRequest.getParameter(4);
1377
1378 ObjectEdit* edit = getEditObject(handle);
1379 if (!edit) {
1380 ALOGE("object not open for edit in doSendPartialObject");
1381 return MTP_RESPONSE_GENERAL_ERROR;
1382 }
1383
1384 // can't start writing past the end of the file
1385 if (offset > edit->mSize) {
1386 ALOGD("writing past end of object, offset: %" PRIu64 ", edit->mSize: %" PRIu64,
1387 offset, edit->mSize);
1388 return MTP_RESPONSE_GENERAL_ERROR;
1389 }
1390
1391 const char* filePath = (const char *)edit->mPath;
1392 ALOGV("receiving partial %s %" PRIu64 " %" PRIu32, filePath, offset, length);
1393
1394 // read the header, and possibly some data
1395 int ret = mData.read(mHandle);
1396 if (ret < MTP_CONTAINER_HEADER_SIZE)
1397 return MTP_RESPONSE_GENERAL_ERROR;
1398 int initialData = ret - MTP_CONTAINER_HEADER_SIZE;
1399
1400 if (initialData > 0) {
1401 ret = pwrite(edit->mFD, mData.getData(), initialData, offset);
1402 offset += initialData;
1403 length -= initialData;
1404 }
1405
1406 bool isCanceled = false;
1407 if (ret < 0) {
1408 ALOGE("failed to write initial data");
1409 } else {
1410 mtp_file_range mfr;
1411 mfr.fd = edit->mFD;
1412 mfr.offset = offset;
1413 mfr.length = length;
1414 mfr.command = 0;
1415 mfr.transaction_id = 0;
1416
1417 // transfer the file
1418 ret = mHandle->receiveFile(mfr, mfr.length == 0 &&
1419 initialData == MTP_BUFFER_SIZE - MTP_CONTAINER_HEADER_SIZE);
1420 if ((ret < 0) && (errno == ECANCELED)) {
1421 isCanceled = true;
1422 }
1423 }
1424 if (ret < 0) {
1425 mResponse.setParameter(1, 0);
1426 if (isCanceled)
1427 return MTP_RESPONSE_TRANSACTION_CANCELLED;
1428 else
1429 return MTP_RESPONSE_GENERAL_ERROR;
1430 }
1431
1432 // reset so we don't attempt to send this back
1433 mData.reset();
1434 mResponse.setParameter(1, length);
1435 uint64_t end = offset + length;
1436 if (end > edit->mSize) {
1437 edit->mSize = end;
1438 }
1439 return MTP_RESPONSE_OK;
1440 }
1441
doTruncateObject()1442 MtpResponseCode MtpServer::doTruncateObject() {
1443 if (mRequest.getParameterCount() < 3)
1444 return MTP_RESPONSE_INVALID_PARAMETER;
1445 MtpObjectHandle handle = mRequest.getParameter(1);
1446 ObjectEdit* edit = getEditObject(handle);
1447 if (!edit) {
1448 ALOGE("object not open for edit in doTruncateObject");
1449 return MTP_RESPONSE_GENERAL_ERROR;
1450 }
1451
1452 uint64_t offset = mRequest.getParameter(2);
1453 uint64_t offset2 = mRequest.getParameter(3);
1454 offset |= (offset2 << 32);
1455 if (ftruncate(edit->mFD, offset) != 0) {
1456 return MTP_RESPONSE_GENERAL_ERROR;
1457 } else {
1458 edit->mSize = offset;
1459 return MTP_RESPONSE_OK;
1460 }
1461 }
1462
doBeginEditObject()1463 MtpResponseCode MtpServer::doBeginEditObject() {
1464 if (mRequest.getParameterCount() < 1)
1465 return MTP_RESPONSE_INVALID_PARAMETER;
1466 MtpObjectHandle handle = mRequest.getParameter(1);
1467 if (getEditObject(handle)) {
1468 ALOGE("object already open for edit in doBeginEditObject");
1469 return MTP_RESPONSE_GENERAL_ERROR;
1470 }
1471
1472 MtpStringBuffer path;
1473 int64_t fileLength;
1474 MtpObjectFormat format;
1475 int result = mDatabase->getObjectFilePath(handle, path, fileLength, format);
1476 if (result != MTP_RESPONSE_OK)
1477 return result;
1478
1479 int fd = open((const char *)path, O_RDWR | O_EXCL);
1480 if (fd < 0) {
1481 ALOGE("open failed for %s in doBeginEditObject (%d)", (const char *)path, errno);
1482 return MTP_RESPONSE_GENERAL_ERROR;
1483 }
1484
1485 addEditObject(handle, path, fileLength, format, fd);
1486 return MTP_RESPONSE_OK;
1487 }
1488
doEndEditObject()1489 MtpResponseCode MtpServer::doEndEditObject() {
1490 if (mRequest.getParameterCount() < 1)
1491 return MTP_RESPONSE_INVALID_PARAMETER;
1492 MtpObjectHandle handle = mRequest.getParameter(1);
1493 ObjectEdit* edit = getEditObject(handle);
1494 if (!edit) {
1495 ALOGE("object not open for edit in doEndEditObject");
1496 return MTP_RESPONSE_GENERAL_ERROR;
1497 }
1498
1499 commitEdit(edit);
1500 removeEditObject(handle);
1501 return MTP_RESPONSE_OK;
1502 }
1503
1504 } // namespace android
1505