1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include <cstdint>
29
30 #include "bt_target.h" // Must be first to define build configuration
31 #include "bta/av/bta_av_int.h"
32 #include "bta/include/bta_ar_api.h"
33 #include "bta/include/utl.h"
34 #include "btif/avrcp/avrcp_service.h"
35 #include "osi/include/allocator.h"
36 #include "osi/include/log.h"
37 #include "osi/include/osi.h" // UNUSED_ATTR
38 #include "osi/include/properties.h"
39 #include "stack/include/acl_api.h"
40 #include "stack/include/bt_hdr.h"
41 #include "stack/include/l2c_api.h"
42 #include "types/raw_address.h"
43
44 /*****************************************************************************
45 * Constants
46 ****************************************************************************/
47 /* the timeout to wait for open req after setconfig for incoming connections */
48 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
49 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
50 #endif
51
52 /* Time to wait for signalling from SNK when it is initiated from SNK. */
53 /* If not, we will start signalling from SRC. */
54 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
55 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
56 #endif
57
58 static void bta_av_accept_signalling_timer_cback(void* data);
59
60 #ifndef AVRC_MIN_META_CMD_LEN
61 #define AVRC_MIN_META_CMD_LEN 20
62 #endif
63
64 /*******************************************************************************
65 *
66 * Function bta_av_get_rcb_by_shdl
67 *
68 * Description find the RCB associated with the given SCB handle.
69 *
70 * Returns tBTA_AV_RCB
71 *
72 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)73 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
74 tBTA_AV_RCB* p_rcb = NULL;
75 int i;
76
77 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
78 if (bta_av_cb.rcb[i].shdl == shdl &&
79 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
80 p_rcb = &bta_av_cb.rcb[i];
81 break;
82 }
83 }
84 return p_rcb;
85 }
86 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
87
88 /*******************************************************************************
89 *
90 * Function bta_av_del_rc
91 *
92 * Description delete the given AVRC handle.
93 *
94 * Returns void
95 *
96 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)97 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
98 tBTA_AV_SCB* p_scb;
99 uint8_t rc_handle; /* connected AVRCP handle */
100
101 p_scb = NULL;
102 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
103 if (p_rcb->shdl) {
104 /* Validate array index*/
105 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
106 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
107 }
108 if (p_scb) {
109 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
110 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
111 if (p_scb->rc_handle == p_rcb->handle)
112 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
113 /* just in case the RC timer is active
114 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
115 BTA_AV_CHNL_AUDIO) */
116 alarm_cancel(p_scb->avrc_ct_timer);
117 }
118 }
119
120 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
121 __func__, p_rcb->handle, p_rcb->status,
122 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
123 rc_handle = p_rcb->handle;
124 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
125 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
126 p_rcb->status = 0;
127 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
128 p_rcb->shdl = 0;
129 p_rcb->lidx = 0;
130 }
131 /* else ACP && connected. do not clear the handle yet */
132 AVRC_Close(rc_handle);
133 if (rc_handle == bta_av_cb.rc_acp_handle)
134 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
135 APPL_TRACE_EVENT(
136 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
137 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
138 p_rcb->lidx);
139 }
140 }
141
142 /*******************************************************************************
143 *
144 * Function bta_av_close_all_rc
145 *
146 * Description close the all AVRC handle.
147 *
148 * Returns void
149 *
150 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)151 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
152 int i;
153
154 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
155 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
156 bta_av_del_rc(&bta_av_cb.rcb[i]);
157 }
158 }
159
160 /*******************************************************************************
161 *
162 * Function bta_av_del_sdp_rec
163 *
164 * Description delete the given SDP record handle.
165 *
166 * Returns void
167 *
168 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)169 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
170 if (*p_sdp_handle != 0) {
171 SDP_DeleteRecord(*p_sdp_handle);
172 *p_sdp_handle = 0;
173 }
174 }
175
176 /*******************************************************************************
177 *
178 * Function bta_av_avrc_sdp_cback
179 *
180 * Description AVRCP service discovery callback.
181 *
182 * Returns void
183 *
184 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)185 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
186 BT_HDR_RIGID* p_msg = (BT_HDR_RIGID*)osi_malloc(sizeof(BT_HDR_RIGID));
187
188 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
189
190 bta_sys_sendmsg(p_msg);
191 }
192
193 /*******************************************************************************
194 *
195 * Function bta_av_rc_ctrl_cback
196 *
197 * Description AVRCP control callback.
198 *
199 * Returns void
200 *
201 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,const RawAddress * peer_addr)202 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
203 UNUSED_ATTR uint16_t result,
204 const RawAddress* peer_addr) {
205 uint16_t msg_event = 0;
206
207 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
208 if (event == AVRC_OPEN_IND_EVT) {
209 /* save handle of opened connection
210 bta_av_cb.rc_handle = handle;*/
211
212 msg_event = BTA_AV_AVRC_OPEN_EVT;
213 } else if (event == AVRC_CLOSE_IND_EVT) {
214 msg_event = BTA_AV_AVRC_CLOSE_EVT;
215 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
216 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
217 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
218 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
219 }
220
221 if (msg_event) {
222 tBTA_AV_RC_CONN_CHG* p_msg =
223 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
224 p_msg->hdr.event = msg_event;
225 p_msg->handle = handle;
226 p_msg->peer_addr = (peer_addr) ? (*peer_addr) : RawAddress::kEmpty;
227 bta_sys_sendmsg(p_msg);
228 }
229 }
230
231 /*******************************************************************************
232 *
233 * Function bta_av_rc_msg_cback
234 *
235 * Description AVRCP message callback.
236 *
237 * Returns void
238 *
239 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)240 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
241 tAVRC_MSG* p_msg) {
242 uint8_t* p_data_src = NULL;
243 uint16_t data_len = 0;
244
245 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
246
247 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
248 */
249
250 /* Get size of payload data (for vendor and passthrough messages only; for
251 * browsing
252 * messages, use zero-copy) */
253 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
254 p_data_src = p_msg->vendor.p_vendor_data;
255 data_len = (uint16_t)p_msg->vendor.vendor_len;
256 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
257 p_data_src = p_msg->pass.p_pass_data;
258 data_len = (uint16_t)p_msg->pass.pass_len;
259 }
260
261 /* Create a copy of the message */
262 tBTA_AV_RC_MSG* p_buf =
263 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
264
265 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
266 p_buf->handle = handle;
267 p_buf->label = label;
268 p_buf->opcode = opcode;
269 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
270 /* Copy the data payload, and set the pointer to it */
271 if (p_data_src != NULL) {
272 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
273 memcpy(p_data_dst, p_data_src, data_len);
274
275 /* Update bta message buffer to point to payload data */
276 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
277 * already points to original avrc buffer) */
278 if (opcode == AVRC_OP_VENDOR)
279 p_buf->msg.vendor.p_vendor_data = p_data_dst;
280 else if (opcode == AVRC_OP_PASS_THRU)
281 p_buf->msg.pass.p_pass_data = p_data_dst;
282 }
283
284 if (opcode == AVRC_OP_BROWSE) {
285 /* set p_pkt to NULL, so avrc would not free the buffer */
286 p_msg->browse.p_browse_pkt = NULL;
287 }
288
289 bta_sys_sendmsg(p_buf);
290 }
291
292 /*******************************************************************************
293 *
294 * Function bta_av_rc_create
295 *
296 * Description alloc RCB and call AVRC_Open
297 *
298 * Returns the created rc handle
299 *
300 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)301 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
302 uint8_t lidx) {
303 if (is_new_avrcp_enabled()) {
304 LOG_INFO("Skipping RC creation for the old AVRCP profile");
305 return BTA_AV_RC_HANDLE_NONE;
306 }
307
308 tAVRC_CONN_CB ccb;
309 RawAddress bda = RawAddress::kAny;
310 uint8_t status = BTA_AV_RC_ROLE_ACP;
311 int i;
312 uint8_t rc_handle;
313 tBTA_AV_RCB* p_rcb;
314
315 if (role == AVCT_INT) {
316 // Can't grab a stream control block that doesn't have a valid handle
317 if (!shdl) {
318 APPL_TRACE_ERROR(
319 "%s: Can't grab stream control block for shdl = %d -> index = %d",
320 __func__, shdl, shdl - 1);
321 return BTA_AV_RC_HANDLE_NONE;
322 }
323 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
324 bda = p_scb->PeerAddress();
325 status = BTA_AV_RC_ROLE_INT;
326 } else {
327 p_rcb = bta_av_get_rcb_by_shdl(shdl);
328 if (p_rcb != NULL) {
329 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
330 p_rcb->lidx = lidx;
331 return p_rcb->handle;
332 }
333 }
334
335 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
336 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
337 ccb.company_id = p_bta_av_cfg->company_id;
338 ccb.conn = role;
339 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
340 */
341 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
342 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
343
344 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
345 return BTA_AV_RC_HANDLE_NONE;
346
347 i = rc_handle;
348 p_rcb = &p_cb->rcb[i];
349
350 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
351 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
352 }
353
354 p_rcb->handle = rc_handle;
355 p_rcb->status = status;
356 p_rcb->shdl = shdl;
357 p_rcb->lidx = lidx;
358 p_rcb->peer_features = 0;
359 p_rcb->cover_art_psm = 0;
360 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
361 /* this LIDX is reserved for the AVRCP ACP connection */
362 p_cb->rc_acp_handle = p_rcb->handle;
363 p_cb->rc_acp_idx = (i + 1);
364 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
365 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
366 }
367 APPL_TRACE_DEBUG(
368 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
369 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
370
371 return rc_handle;
372 }
373
374 /*******************************************************************************
375 *
376 * Function bta_av_valid_group_navi_msg
377 *
378 * Description Check if it is Group Navigation Msg for Metadata
379 *
380 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
381 *
382 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)383 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
384 bool is_inquiry) {
385 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
386 uint8_t* p_ptr = p_data;
387 uint16_t u16;
388 uint32_t u32;
389
390 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
391 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
392 BE_STREAM_TO_UINT16(u16, p_ptr);
393
394 if (u32 == AVRC_CO_METADATA) {
395 if (is_inquiry) {
396 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
397 } else {
398 if (u16 <= AVRC_PDU_PREV_GROUP)
399 ret = AVRC_RSP_ACCEPT;
400 else
401 ret = AVRC_RSP_REJ;
402 }
403 }
404 }
405
406 return ret;
407 }
408
409 /*******************************************************************************
410 *
411 * Function bta_av_op_supported
412 *
413 * Description Check if remote control operation is supported.
414 *
415 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
416 *
417 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)418 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
419 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
420
421 if (p_bta_av_rc_id) {
422 if (is_inquiry) {
423 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
424 ret_code = AVRC_RSP_IMPL_STBL;
425 }
426 } else {
427 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
428 ret_code = AVRC_RSP_ACCEPT;
429 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
430 p_bta_av_rc_id_ac) {
431 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
432 ret_code = AVRC_RSP_INTERIM;
433 }
434 }
435 }
436 }
437 return ret_code;
438 }
439
440 /*******************************************************************************
441 *
442 * Function bta_av_find_lcb
443 *
444 * Description Given BD_addr, find the associated LCB.
445 *
446 * Returns NULL, if not found.
447 *
448 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)449 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
450 tBTA_AV_CB* p_cb = &bta_av_cb;
451 int xx;
452 uint8_t mask;
453 tBTA_AV_LCB* p_lcb = NULL;
454
455 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__, addr.ToString().c_str(),
456 op);
457 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
458 mask = 1 << xx; /* the used mask for this lcb */
459 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
460 p_lcb = &p_cb->lcb[xx];
461 if (op == BTA_AV_LCB_FREE) {
462 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
463 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
464 }
465 break;
466 }
467 }
468 return p_lcb;
469 }
470
471 /*******************************************************************************
472 *
473 * Function bta_av_rc_opened
474 *
475 * Description Set AVRCP state to opened.
476 *
477 * Returns void
478 *
479 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)480 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
481 tBTA_AV_RC_OPEN rc_open;
482 tBTA_AV_SCB* p_scb;
483 int i;
484 uint8_t shdl = 0;
485 tBTA_AV_LCB* p_lcb;
486 tBTA_AV_RCB* p_rcb;
487 uint8_t tmp;
488 uint8_t disc = 0;
489
490 /* find the SCB & stop the timer */
491 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
492 p_scb = p_cb->p_scb[i];
493 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
494 p_scb->rc_handle = p_data->rc_conn_chg.handle;
495 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
496 p_scb->rc_handle);
497 shdl = i + 1;
498 LOG_INFO("%s: allow incoming AVRCP connections:%d", __func__,
499 p_scb->use_rc);
500 alarm_cancel(p_scb->avrc_ct_timer);
501 disc = p_scb->hndl;
502 break;
503 }
504 }
505
506 i = p_data->rc_conn_chg.handle;
507 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
508 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
509 return;
510 }
511
512 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
513 p_cb->features, p_cb->rcb[i].peer_features);
514
515 /* listen to browsing channel when the connection is open,
516 * if peer initiated AVRCP connection and local device supports browsing
517 * channel */
518 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
519
520 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
521 /* rc is opened on the RC only ACP channel, but is for a specific
522 * SCB -> need to switch RCBs */
523 p_rcb = bta_av_get_rcb_by_shdl(shdl);
524 if (p_rcb) {
525 p_rcb->shdl = p_cb->rcb[i].shdl;
526 tmp = p_rcb->lidx;
527 p_rcb->lidx = p_cb->rcb[i].lidx;
528 p_cb->rcb[i].lidx = tmp;
529 p_cb->rc_acp_handle = p_rcb->handle;
530 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
531 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
532 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
533 }
534 }
535
536 p_cb->rcb[i].shdl = shdl;
537 rc_open.rc_handle = i;
538 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
539 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
540 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
541
542 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
543 /* no associated SCB -> connected to an RC only device
544 * update the index to the extra LCB */
545 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
546 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
547 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
548 p_cb->rcb[i].lidx = p_lcb->lidx;
549 p_lcb->conn_msk = 1;
550 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
551 __func__, p_lcb->addr.ToString().c_str(), i,
552 p_cb->rcb[i].lidx, p_lcb->conn_msk);
553 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
554 }
555
556 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
557 rc_open.peer_features = p_cb->rcb[i].peer_features;
558 rc_open.cover_art_psm = p_cb->rcb[i].cover_art_psm;
559 rc_open.status = BTA_AV_SUCCESS;
560 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
561 p_cb->features, rc_open.peer_features);
562 APPL_TRACE_DEBUG("%s: cover art psm:x%x", __func__, rc_open.cover_art_psm);
563 if (rc_open.peer_features == 0) {
564 /* we have not done SDP on peer RC capabilities.
565 * peer must have initiated the RC connection */
566 if (p_cb->features & BTA_AV_FEAT_RCCT)
567 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
568 if (p_cb->features & BTA_AV_FEAT_RCTG)
569 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
570
571 bta_av_rc_disc(disc);
572 }
573 tBTA_AV bta_av_data;
574 bta_av_data.rc_open = rc_open;
575 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
576
577 /* if local initiated AVRCP connection and both peer and locals device support
578 * browsing channel, open the browsing channel now
579 * TODO (sanketa): Some TG would not broadcast browse feature hence check
580 * inter-op. */
581 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
582 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
583 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
584 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
585 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
586 }
587 }
588
589 /*******************************************************************************
590 *
591 * Function bta_av_rc_remote_cmd
592 *
593 * Description Send an AVRCP remote control command.
594 *
595 * Returns void
596 *
597 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)598 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
599 tBTA_AV_RCB* p_rcb;
600 if (p_cb->features & BTA_AV_FEAT_RCCT) {
601 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
602 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
603 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
604 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
605 &p_data->api_remote_cmd.msg);
606 }
607 }
608 }
609 }
610
611 /*******************************************************************************
612 *
613 * Function bta_av_rc_vendor_cmd
614 *
615 * Description Send an AVRCP vendor specific command.
616 *
617 * Returns void
618 *
619 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)620 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
621 tBTA_AV_RCB* p_rcb;
622 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
623 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
624 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
625 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
626 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
627 &p_data->api_vendor.msg);
628 }
629 }
630 }
631
632 /*******************************************************************************
633 *
634 * Function bta_av_rc_vendor_rsp
635 *
636 * Description Send an AVRCP vendor specific response.
637 *
638 * Returns void
639 *
640 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)641 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
642 tBTA_AV_RCB* p_rcb;
643 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
644 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
645 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
646 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
647 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
648 &p_data->api_vendor.msg);
649 }
650 }
651 }
652
653 /*******************************************************************************
654 *
655 * Function bta_av_rc_meta_rsp
656 *
657 * Description Send an AVRCP metadata/advanced control command/response.
658 *
659 * Returns void
660 *
661 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)662 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
663 tBTA_AV_RCB* p_rcb;
664 bool do_free = true;
665
666 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
667 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
668 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
669 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
670 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
671 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
672 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
673 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
674 do_free = false;
675 }
676 }
677 }
678
679 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
680 }
681
682 /*******************************************************************************
683 *
684 * Function bta_av_rc_free_rsp
685 *
686 * Description free an AVRCP metadata command buffer.
687 *
688 * Returns void
689 *
690 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)691 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
692 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
693 }
694
695 /*******************************************************************************
696 *
697 * Function bta_av_rc_free_browse_msg
698 *
699 * Description free an AVRCP browse message buffer.
700 *
701 * Returns void
702 *
703 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)704 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
705 tBTA_AV_DATA* p_data) {
706 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
707 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
708 }
709 }
710
711 /*******************************************************************************
712 *
713 * Function bta_av_chk_notif_evt_id
714 *
715 * Description make sure the requested player id is valid.
716 *
717 * Returns BTA_AV_STS_NO_RSP, if no error
718 *
719 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)720 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
721 tAVRC_STS status = BTA_AV_STS_NO_RSP;
722 uint8_t xx;
723 uint16_t u16;
724 uint8_t* p = p_vendor->p_vendor_data + 2;
725
726 BE_STREAM_TO_UINT16(u16, p);
727 /* double check the fixed length */
728 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
729 status = AVRC_STS_INTERNAL_ERR;
730 } else {
731 /* make sure the player_id is valid */
732 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
733 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
734 break;
735 }
736 }
737 if (xx == p_bta_av_cfg->num_evt_ids) {
738 status = AVRC_STS_BAD_PARAM;
739 }
740 }
741
742 return status;
743 }
744
745 /*******************************************************************************
746 *
747 * Function bta_av_proc_meta_cmd
748 *
749 * Description Process an AVRCP metadata command from the peer.
750 *
751 * Returns true to respond immediately
752 *
753 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)754 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
755 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
756 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
757 uint8_t u8, pdu, *p;
758 uint16_t u16;
759 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
760
761 pdu = *(p_vendor->p_vendor_data);
762 p_rc_rsp->pdu = pdu;
763 *p_ctype = AVRC_RSP_REJ;
764
765 /* Check to ansure a valid minimum meta data length */
766 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
767 /* reject it */
768 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
769 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
770 p_vendor->vendor_len);
771 return 0;
772 }
773
774 /* Metadata messages only use PANEL sub-unit type */
775 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
776 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
777 /* reject it */
778 evt = 0;
779 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
780 p_vendor->vendor_len = 0;
781 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
782 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
783 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
784 p_vendor->hdr.ctype);
785 /* reject invalid message without reporting to app */
786 evt = 0;
787 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
788 } else {
789 switch (pdu) {
790 case AVRC_PDU_GET_CAPABILITIES:
791 /* process GetCapabilities command without reporting the event to app */
792 evt = 0;
793 if (p_vendor->vendor_len != 5) {
794 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
795 break;
796 }
797 u8 = *(p_vendor->p_vendor_data + 4);
798 p = p_vendor->p_vendor_data + 2;
799 p_rc_rsp->get_caps.capability_id = u8;
800 BE_STREAM_TO_UINT16(u16, p);
801 if (u16 != 1) {
802 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
803 } else {
804 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
805 if (u8 == AVRC_CAP_COMPANY_ID) {
806 *p_ctype = AVRC_RSP_IMPL_STBL;
807 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
808 memcpy(p_rc_rsp->get_caps.param.company_id,
809 p_bta_av_cfg->p_meta_co_ids,
810 (p_bta_av_cfg->num_co_ids << 2));
811 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
812 *p_ctype = AVRC_RSP_IMPL_STBL;
813 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
814 memcpy(p_rc_rsp->get_caps.param.event_id,
815 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
816 } else {
817 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
818 /* reject - unknown capability ID */
819 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
820 }
821 }
822 break;
823
824 case AVRC_PDU_REGISTER_NOTIFICATION:
825 /* make sure the event_id is implemented */
826 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
827 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
828 break;
829 }
830 }
831
832 return evt;
833 }
834
835 /*******************************************************************************
836 *
837 * Function bta_av_rc_msg
838 *
839 * Description Process an AVRCP message from the peer.
840 *
841 * Returns void
842 *
843 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)844 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
845 tBTA_AV_EVT evt = 0;
846 tBTA_AV av;
847 BT_HDR* p_pkt = NULL;
848 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
849 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
850 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
851 uint8_t ctype = 0;
852 tAVRC_RESPONSE rc_rsp;
853
854 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
855
856 if (NULL == p_data) {
857 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
858 return;
859 }
860
861 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
862 p_data->rc_msg.msg.hdr.ctype);
863
864 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
865 /* if this is a pass thru command */
866 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
867 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
868 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
869 /* check if operation is supported */
870 char avrcp_ct_support[PROPERTY_VALUE_MAX];
871 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
872 "false");
873 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
874 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
875 if (p_cb->features & BTA_AV_FEAT_METADATA)
876 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
877 p_data->rc_msg.msg.pass.pass_len,
878 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
879 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
880 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
881 !strcmp(avrcp_ct_support, "true")) {
882 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
883 } else {
884 p_data->rc_msg.msg.hdr.ctype =
885 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
886 }
887
888 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
889
890 /* send response */
891 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
892 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
893 &p_data->rc_msg.msg.pass);
894
895 /* set up for callback if supported */
896 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
897 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
898 evt = BTA_AV_REMOTE_CMD_EVT;
899 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
900 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
901 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
902 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
903 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
904 av.remote_cmd.label = p_data->rc_msg.label;
905 }
906 }
907 /* else if this is a pass thru response */
908 /* id response type is not impl, we have to release label */
909 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
910 /* set up for callback */
911 evt = BTA_AV_REMOTE_RSP_EVT;
912 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
913 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
914 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
915 av.remote_rsp.label = p_data->rc_msg.label;
916
917 /* If this response is for vendor unique command */
918 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
919 (p_data->rc_msg.msg.pass.pass_len > 0)) {
920 av.remote_rsp.p_data =
921 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
922 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
923 p_data->rc_msg.msg.pass.pass_len);
924 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
925 p_data->rc_msg.msg.pass.pass_len);
926 }
927 }
928 /* must be a bad ctype -> reject*/
929 else {
930 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
931 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
932 &p_data->rc_msg.msg.pass);
933 }
934 }
935 /* else if this is a vendor specific command or response */
936 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
937 /* set up for callback */
938 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
939 av.vendor_cmd.company_id = p_vendor->company_id;
940 av.vendor_cmd.label = p_data->rc_msg.label;
941 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
942 av.vendor_cmd.len = p_vendor->vendor_len;
943
944 /* if configured to support vendor specific and it's a command */
945 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
946 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
947 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
948 (p_vendor->company_id == AVRC_CO_METADATA)) {
949 av.meta_msg.p_msg = &p_data->rc_msg.msg;
950 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
951 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
952 } else {
953 evt = BTA_AV_VENDOR_CMD_EVT;
954 }
955 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
956 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
957 /* else if configured to support vendor specific and it's a response */
958 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
959 (p_vendor->company_id == AVRC_CO_METADATA)) {
960 av.meta_msg.p_msg = &p_data->rc_msg.msg;
961 evt = BTA_AV_META_MSG_EVT;
962 } else {
963 evt = BTA_AV_VENDOR_RSP_EVT;
964 }
965 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
966 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
967 /* else if not configured to support vendor specific and it's a command */
968 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
969 /* reject it */
970 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
971 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
972 } else {
973 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
974 }
975 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
976 &p_data->rc_msg.msg.vendor);
977 }
978 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
979 /* set up for callback */
980 av.meta_msg.rc_handle = p_data->rc_msg.handle;
981 av.meta_msg.company_id = p_vendor->company_id;
982 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
983 av.meta_msg.label = p_data->rc_msg.label;
984 av.meta_msg.p_msg = &p_data->rc_msg.msg;
985 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
986 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
987 evt = BTA_AV_META_MSG_EVT;
988 }
989
990 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
991 if (!p_pkt) {
992 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
993 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
994 }
995 if (p_pkt)
996 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
997 }
998
999 /* call callback */
1000 if (evt != 0) {
1001 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1002 (*p_cb->p_cback)(evt, &av);
1003 /* If browsing message, then free the browse message buffer */
1004 bta_av_rc_free_browse_msg(p_cb, p_data);
1005 }
1006 }
1007
1008 /*******************************************************************************
1009 *
1010 * Function bta_av_rc_close
1011 *
1012 * Description close the specified AVRC handle.
1013 *
1014 * Returns void
1015 *
1016 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1017 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1018 uint16_t handle = p_data->hdr.layer_specific;
1019 tBTA_AV_SCB* p_scb;
1020 tBTA_AV_RCB* p_rcb;
1021
1022 if (handle < BTA_AV_NUM_RCB) {
1023 p_rcb = &p_cb->rcb[handle];
1024
1025 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1026 p_rcb->status);
1027 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1028 if (p_rcb->shdl) {
1029 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1030 if (p_scb) {
1031 /* just in case the RC timer is active
1032 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1033 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1034 alarm_cancel(p_scb->avrc_ct_timer);
1035 }
1036 }
1037
1038 AVRC_Close(p_rcb->handle);
1039 }
1040 }
1041 }
1042
1043 /*******************************************************************************
1044 *
1045 * Function bta_av_rc_browse_close
1046 *
1047 * Description Empty placeholder.
1048 *
1049 * Returns void
1050 *
1051 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1052 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1053 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1054 }
1055
1056 /*******************************************************************************
1057 *
1058 * Function bta_av_get_shdl
1059 *
1060 * Returns The index to p_scb[]
1061 *
1062 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1063 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1064 int i;
1065 uint8_t shdl = 0;
1066 /* find the SCB & stop the timer */
1067 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1068 if (p_scb == bta_av_cb.p_scb[i]) {
1069 shdl = i + 1;
1070 break;
1071 }
1072 }
1073 return shdl;
1074 }
1075
1076 /*******************************************************************************
1077 *
1078 * Function bta_av_stream_chg
1079 *
1080 * Description audio streaming status changed.
1081 *
1082 * Returns void
1083 *
1084 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1085 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1086 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1087
1088 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1089 p_scb->PeerAddress().ToString().c_str(),
1090 logbool(started).c_str(), started_msk);
1091
1092 if (started) {
1093 /* Let L2CAP know this channel is processed with high priority */
1094 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1095 } else {
1096 /* Let L2CAP know this channel is processed with low priority */
1097 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1098 }
1099 }
1100
1101 /*******************************************************************************
1102 *
1103 * Function bta_av_conn_chg
1104 *
1105 * Description connetion status changed.
1106 * Open an AVRCP acceptor channel, if new conn.
1107 *
1108 * Returns void
1109 *
1110 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1111 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1112 tBTA_AV_CB* p_cb = &bta_av_cb;
1113 tBTA_AV_SCB* p_scb = NULL;
1114 tBTA_AV_SCB* p_scbi;
1115 uint8_t mask;
1116 uint8_t conn_msk;
1117 uint8_t old_msk;
1118 int i;
1119 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1120 tBTA_AV_LCB* p_lcb;
1121 tBTA_AV_LCB* p_lcb_rc;
1122 tBTA_AV_RCB *p_rcb, *p_rcb2;
1123 bool chk_restore = false;
1124
1125 /* Validate array index*/
1126 if (index < BTA_AV_NUM_STRS) {
1127 p_scb = p_cb->p_scb[index];
1128 }
1129 mask = BTA_AV_HNDL_TO_MSK(index);
1130 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1131 conn_msk = 1 << (index + 1);
1132 if (p_data->conn_chg.is_up) {
1133 /* set the conned mask for this channel */
1134 if (p_scb) {
1135 if (p_lcb) {
1136 p_lcb->conn_msk |= conn_msk;
1137 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1138 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1139 bta_av_cb.rcb[i].shdl = index + 1;
1140 APPL_TRACE_DEBUG(
1141 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1142 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1143 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1144 break;
1145 }
1146 }
1147 }
1148 old_msk = p_cb->conn_audio;
1149 p_cb->conn_audio |= mask;
1150
1151 if ((old_msk & mask) == 0) {
1152 /* increase the audio open count, if not set yet */
1153 bta_av_cb.audio_open_cnt++;
1154 }
1155
1156 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1157 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1158 /* check if the AVRCP ACP channel is already connected */
1159 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1160 p_cb->rc_acp_idx) {
1161 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1162 APPL_TRACE_DEBUG(
1163 "%s: rc_acp is connected && conn_chg on same addr "
1164 "p_lcb_rc->conn_msk:x%x",
1165 __func__, p_lcb_rc->conn_msk);
1166 /* check if the RC is connected to the scb addr */
1167 LOG_INFO("%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s", __func__,
1168 p_lcb_rc->addr.ToString().c_str(),
1169 p_data->conn_chg.peer_addr.ToString().c_str());
1170
1171 if (p_lcb_rc->conn_msk &&
1172 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1173 /* AVRCP is already connected.
1174 * need to update the association betwen SCB and RCB */
1175 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1176 p_lcb_rc->lidx = 0;
1177 p_scb->rc_handle = p_cb->rc_acp_handle;
1178 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1179 p_rcb->shdl = bta_av_get_shdl(p_scb);
1180 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1181 index + 1, p_rcb->shdl, p_scb->rc_handle);
1182
1183 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1184 if (p_rcb2) {
1185 /* found the RCB that was created to associated with this SCB */
1186 p_cb->rc_acp_handle = p_rcb2->handle;
1187 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1188 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1189 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1190 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1191 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1192 p_rcb2->handle, p_rcb2->lidx,
1193 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1194 }
1195 p_rcb->lidx = p_lcb->lidx;
1196 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1197 p_rcb->handle, p_rcb->lidx,
1198 p_cb->lcb[p_rcb->lidx - 1].lidx);
1199 }
1200 }
1201 }
1202 } else {
1203 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1204 /* this channel is still marked as open. decrease the count */
1205 bta_av_cb.audio_open_cnt--;
1206 }
1207
1208 /* clear the conned mask for this channel */
1209 p_cb->conn_audio &= ~mask;
1210 if (p_scb) {
1211 // The stream is closed. Clear the state.
1212 p_scb->OnDisconnected();
1213 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1214 if (p_lcb) {
1215 p_lcb->conn_msk &= ~conn_msk;
1216 }
1217 /* audio channel is down. make sure the INT channel is down */
1218 /* just in case the RC timer is active
1219 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1220 { alarm_cancel(p_scb->avrc_ct_timer); }
1221 /* one audio channel goes down. check if we need to restore high
1222 * priority */
1223 chk_restore = true;
1224 }
1225 }
1226
1227 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1228 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1229 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1230 __func__, i, bta_av_cb.rcb[i].handle,
1231 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1232 bta_av_cb.rcb[i].lidx);
1233 if (bta_av_cb.rcb[i].shdl == index + 1) {
1234 bta_av_del_rc(&bta_av_cb.rcb[i]);
1235 /* since the connection is already down and info was removed, clean
1236 * reference */
1237 bta_av_cb.rcb[i].shdl = 0;
1238 break;
1239 }
1240 }
1241
1242 if (p_cb->conn_audio == 0) {
1243 /* if both channels are not connected,
1244 * close all RC channels */
1245 bta_av_close_all_rc(p_cb);
1246 }
1247
1248 /* if the AVRCP is no longer listening, create the listening channel */
1249 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1250 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1251 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1252 }
1253
1254 APPL_TRACE_DEBUG(
1255 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1256 "audio_open_cnt:%d",
1257 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1258 p_cb->audio_open_cnt);
1259
1260 if (chk_restore) {
1261 if (p_cb->audio_open_cnt == 1) {
1262 /* one audio channel goes down and there's one audio channel remains open.
1263 * restore the switch role in default link policy */
1264 BTM_default_unblock_role_switch();
1265 bta_av_restore_switch();
1266 }
1267 if (p_cb->audio_open_cnt) {
1268 /* adjust flush timeout settings to longer period */
1269 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1270 p_scbi = bta_av_cb.p_scb[i];
1271 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1272 /* may need to update the flush timeout of this already started stream
1273 */
1274 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1275 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1276 }
1277 }
1278 }
1279 }
1280 }
1281 }
1282
1283 /*******************************************************************************
1284 *
1285 * Function bta_av_disable
1286 *
1287 * Description disable AV.
1288 *
1289 * Returns void
1290 *
1291 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1292 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1293 BT_HDR_RIGID hdr;
1294 bool disabling_in_progress = false;
1295 uint16_t xx;
1296
1297 p_cb->disabling = true;
1298
1299 bta_av_close_all_rc(p_cb);
1300
1301 osi_free_and_reset((void**)&p_cb->p_disc_db);
1302
1303 /* disable audio/video - de-register all channels,
1304 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1305 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1306 if (p_cb->p_scb[xx] != NULL) {
1307 // Free signalling timers
1308 alarm_free(p_cb->p_scb[xx]->link_signalling_timer);
1309 p_cb->p_scb[xx]->link_signalling_timer = NULL;
1310 alarm_free(p_cb->p_scb[xx]->accept_signalling_timer);
1311 p_cb->p_scb[xx]->accept_signalling_timer = NULL;
1312
1313 hdr.layer_specific = xx + 1;
1314 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1315 disabling_in_progress = true;
1316 }
1317 }
1318 // Since All channels are deregistering by API_DEREGISTER, the DEREG_COMP_EVT
1319 // would come first before API_DISABLE if there is no connections, and it is
1320 // no needed to setup this disabling flag.
1321 p_cb->disabling = disabling_in_progress;
1322
1323 }
1324
1325 /*******************************************************************************
1326 *
1327 * Function bta_av_api_disconnect
1328 *
1329 * Description .
1330 *
1331 * Returns void
1332 *
1333 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1334 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1335 tBTA_AV_SCB* p_scb =
1336 bta_av_hndl_to_scb(p_data->api_discnt.hdr.layer_specific);
1337 AVDT_DisconnectReq(p_scb->PeerAddress(), bta_av_conn_cback);
1338 alarm_cancel(p_scb->link_signalling_timer);
1339 }
1340
1341 /*******************************************************************************
1342 *
1343 * Function bta_av_set_use_latency_mode
1344 *
1345 * Description Sets stream use latency mode.
1346 *
1347 * Returns void
1348 *
1349 ******************************************************************************/
bta_av_set_use_latency_mode(tBTA_AV_SCB * p_scb,bool use_latency_mode)1350 void bta_av_set_use_latency_mode(tBTA_AV_SCB* p_scb, bool use_latency_mode) {
1351 L2CA_UseLatencyMode(p_scb->PeerAddress(), use_latency_mode);
1352 }
1353
1354 /*******************************************************************************
1355 *
1356 * Function bta_av_api_set_latency
1357 *
1358 * Description set stream latency.
1359 *
1360 * Returns void
1361 *
1362 ******************************************************************************/
bta_av_api_set_latency(tBTA_AV_DATA * p_data)1363 void bta_av_api_set_latency(tBTA_AV_DATA* p_data) {
1364 tBTA_AV_SCB* p_scb =
1365 bta_av_hndl_to_scb(p_data->api_set_latency.hdr.layer_specific);
1366
1367 tL2CAP_LATENCY latency = p_data->api_set_latency.is_low_latency
1368 ? L2CAP_LATENCY_LOW
1369 : L2CAP_LATENCY_NORMAL;
1370 L2CA_SetAclLatency(p_scb->PeerAddress(), latency);
1371 }
1372
1373 /**
1374 * Find the index for the free LCB entry to use.
1375 *
1376 * The selection order is:
1377 * (1) Find the index if there is already SCB entry for the peer address
1378 * (2) If there is no SCB entry for the peer address, find the first
1379 * SCB entry that is not assigned.
1380 *
1381 * @param peer_address the peer address to use
1382 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1383 * if no entry is found
1384 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1385 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1386 const RawAddress& peer_address) {
1387 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1388 peer_address.ToString().c_str(), bta_av_cb.conn_lcb);
1389
1390 // Find the index if there is already SCB entry for the peer address
1391 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1392 uint8_t mask = 1 << index;
1393 if (mask & bta_av_cb.conn_lcb) {
1394 continue;
1395 }
1396 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1397 if (p_scb == nullptr) {
1398 continue;
1399 }
1400 if (p_scb->PeerAddress() == peer_address) {
1401 return index;
1402 }
1403 }
1404
1405 // Find the first SCB entry that is not assigned.
1406 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1407 uint8_t mask = 1 << index;
1408 if (mask & bta_av_cb.conn_lcb) {
1409 continue;
1410 }
1411 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1412 if (p_scb == nullptr) {
1413 continue;
1414 }
1415 if (!p_scb->IsAssigned()) {
1416 return index;
1417 }
1418 }
1419
1420 return BTA_AV_NUM_LINKS;
1421 }
1422
1423 /*******************************************************************************
1424 *
1425 * Function bta_av_sig_chg
1426 *
1427 * Description process AVDT signal channel up/down.
1428 *
1429 * Returns void
1430 *
1431 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1432 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1433 uint16_t event = p_data->str_msg.hdr.layer_specific;
1434 tBTA_AV_CB* p_cb = &bta_av_cb;
1435 uint32_t xx;
1436 uint8_t mask;
1437 tBTA_AV_LCB* p_lcb = NULL;
1438
1439 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1440 if (event == AVDT_CONNECT_IND_EVT) {
1441 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1442 p_data->str_msg.bd_addr.ToString().c_str());
1443
1444 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1445 if (!p_lcb) {
1446 /* if the address does not have an LCB yet, alloc one */
1447 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1448
1449 /* check if we found something */
1450 if (xx >= BTA_AV_NUM_LINKS) {
1451 /* We do not have scb for this avdt connection. */
1452 /* Silently close the connection. */
1453 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1454 __func__, p_data->str_msg.bd_addr.ToString().c_str());
1455 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1456 return;
1457 }
1458 LOG_INFO("%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1459 __func__, p_data->str_msg.bd_addr.ToString().c_str(), xx);
1460
1461 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1462 mask = 1 << xx;
1463 p_lcb = &p_cb->lcb[xx];
1464 p_lcb->lidx = xx + 1;
1465 p_lcb->addr = p_data->str_msg.bd_addr;
1466 p_lcb->conn_msk = 0; /* clear the connect mask */
1467 /* start listening when the signal channel is open */
1468 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1469 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1470 }
1471 /* this entry is not used yet. */
1472 p_cb->conn_lcb |= mask; /* mark it as used */
1473 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1474 if (p_data->hdr.offset == AVDT_ACP) {
1475 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1476 __func__);
1477 p_scb->OnConnected(p_data->str_msg.bd_addr);
1478 p_scb->use_rc = true; /* allowing RC for incoming connection */
1479 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1480
1481 /* The Pending Event should be sent as soon as the L2CAP signalling
1482 * channel
1483 * is set up, which is NOW. Earlier this was done only after
1484 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1485 * The following function shall send the event and start the
1486 * recurring timer
1487 */
1488 if (!p_scb->link_signalling_timer) {
1489 p_scb->link_signalling_timer = alarm_new("link_signalling_timer");
1490 }
1491 BT_HDR hdr;
1492 hdr.layer_specific = p_scb->hndl;
1493 bta_av_signalling_timer((tBTA_AV_DATA*)&hdr);
1494
1495 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1496 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1497 /* Possible collision : need to avoid outgoing processing while the
1498 * timer is running */
1499 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1500 if (!p_scb->accept_signalling_timer) {
1501 p_scb->accept_signalling_timer = alarm_new("accept_signalling_timer");
1502 }
1503 alarm_set_on_mloop(
1504 p_scb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1505 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1506 }
1507 }
1508 }
1509 else if (event == BTA_AR_AVDT_CONN_EVT) {
1510 uint8_t scb_index = p_data->str_msg.scb_index;
1511 alarm_cancel(p_cb->p_scb[scb_index]->link_signalling_timer);
1512 }
1513 else {
1514 /* disconnected. */
1515 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x", __func__,
1516 bta_av_cb.conn_lcb);
1517
1518 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1519 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1520 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1521 /* clean up ssm */
1522 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1523 if (p_cb->p_scb[xx] &&
1524 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1525 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1526 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1527 p_cb->p_scb[xx]->PeerAddress());
1528 }
1529 mask = 1 << (xx + 1);
1530 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1531 p_cb->p_scb[xx] &&
1532 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1533 APPL_TRACE_WARNING("%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s",
1534 __func__,
1535 p_cb->p_scb[xx]->PeerAddress().ToString().c_str());
1536 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1537 }
1538 }
1539 }
1540 }
1541 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x after sig_chg", __func__,
1542 p_cb->conn_lcb);
1543 }
1544
1545 /*******************************************************************************
1546 *
1547 * Function bta_av_signalling_timer
1548 *
1549 * Description process the signal channel timer. This timer is started
1550 * when the AVDTP signal channel is connected. If no profile
1551 * is connected, the timer goes off every
1552 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1553 *
1554 * Returns void
1555 *
1556 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1557 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1558 tBTA_AV_HNDL hndl = p_data->hdr.layer_specific;
1559 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(hndl);
1560
1561 tBTA_AV_CB* p_cb = &bta_av_cb;
1562 int xx;
1563 uint8_t mask;
1564 tBTA_AV_LCB* p_lcb = NULL;
1565
1566 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1567 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1568 p_lcb = &p_cb->lcb[xx];
1569 mask = 1 << xx;
1570 APPL_TRACE_DEBUG(
1571 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1572 xx, p_cb->conn_lcb, p_lcb->addr.ToString().c_str(), p_lcb->conn_msk,
1573 p_lcb->lidx);
1574 if (mask & p_cb->conn_lcb) {
1575 /* this entry is used. check if it is connected */
1576 if (!p_lcb->conn_msk) {
1577 APPL_TRACE_DEBUG("%s hndl 0x%x", __func__, p_scb->hndl);
1578 bta_sys_start_timer(p_scb->link_signalling_timer,
1579 BTA_AV_SIGNALLING_TIMEOUT_MS,
1580 BTA_AV_SIGNALLING_TIMER_EVT, hndl);
1581 tBTA_AV_PEND pend;
1582 pend.bd_addr = p_lcb->addr;
1583 tBTA_AV bta_av_data;
1584 bta_av_data.pend = pend;
1585 APPL_TRACE_DEBUG(
1586 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1587 __func__, pend.bd_addr.ToString().c_str(), xx, p_lcb->conn_msk,
1588 p_lcb->lidx);
1589 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1590 }
1591 }
1592 }
1593 }
1594
1595 /*******************************************************************************
1596 *
1597 * Function bta_av_accept_signalling_timer_cback
1598 *
1599 * Description Process the timeout when SRC is accepting connection
1600 * and SNK did not start signalling.
1601 *
1602 * Returns void
1603 *
1604 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1605 static void bta_av_accept_signalling_timer_cback(void* data) {
1606 uint32_t inx = PTR_TO_UINT(data);
1607 tBTA_AV_CB* p_cb = &bta_av_cb;
1608 tBTA_AV_SCB* p_scb = NULL;
1609 if (inx < BTA_AV_NUM_STRS) {
1610 p_scb = p_cb->p_scb[inx];
1611 }
1612 if (p_scb) {
1613 APPL_TRACE_DEBUG("%s: coll_mask=0x%02x", __func__, p_scb->coll_mask);
1614
1615 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1616 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1617
1618 if (bta_av_is_scb_opening(p_scb)) {
1619 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1620 p_scb->sdp_discovery_started);
1621 if (p_scb->sdp_discovery_started) {
1622 /* We are still doing SDP. Run the timer again. */
1623 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1624
1625 alarm_set_on_mloop(p_scb->accept_signalling_timer,
1626 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1627 bta_av_accept_signalling_timer_cback,
1628 UINT_TO_PTR(inx));
1629 } else {
1630 /* SNK did not start signalling, resume signalling process. */
1631 bta_av_discover_req(p_scb, NULL);
1632 }
1633 } else if (bta_av_is_scb_incoming(p_scb)) {
1634 /* Stay in incoming state if SNK does not start signalling */
1635
1636 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1637 /* API open was called right after SNK opened L2C connection. */
1638 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1639 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1640
1641 /* BTA_AV_API_OPEN_EVT */
1642 tBTA_AV_API_OPEN* p_buf =
1643 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1644 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1645 bta_sys_sendmsg(p_buf);
1646 }
1647 }
1648 }
1649 }
1650 }
1651
1652 /*******************************************************************************
1653 *
1654 * Function bta_av_check_peer_features
1655 *
1656 * Description check supported features on the peer device from the SDP
1657 * record and return the feature mask
1658 *
1659 * Returns tBTA_AV_FEAT peer device feature mask
1660 *
1661 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1662 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1663 tBTA_AV_FEAT peer_features = 0;
1664 tBTA_AV_CB* p_cb = &bta_av_cb;
1665 tSDP_DISC_REC* p_rec = NULL;
1666 tSDP_DISC_ATTR* p_attr;
1667 uint16_t peer_rc_version = 0;
1668 uint16_t categories = 0;
1669
1670 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1671 /* loop through all records we found */
1672 while (true) {
1673 /* get next record; if none found, we're done */
1674 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1675 if (p_rec == NULL) {
1676 break;
1677 }
1678
1679 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1680 NULL) {
1681 /* find peer features */
1682 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1683 NULL)) {
1684 peer_features |= BTA_AV_FEAT_RCCT;
1685 }
1686 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1687 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1688 peer_features |= BTA_AV_FEAT_RCTG;
1689 }
1690 }
1691
1692 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1693 /* get profile version (if failure, version parameter is not updated) */
1694 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1695 &peer_rc_version);
1696 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1697
1698 if (peer_rc_version >= AVRC_REV_1_3)
1699 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1700
1701 if (peer_rc_version >= AVRC_REV_1_4) {
1702 /* get supported categories */
1703 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1704 if (p_attr != NULL) {
1705 categories = p_attr->attr_value.v.u16;
1706 if (categories & AVRC_SUPF_CT_CAT2)
1707 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1708 if (categories & AVRC_SUPF_CT_BROWSE)
1709 peer_features |= (BTA_AV_FEAT_BROWSE);
1710 }
1711 }
1712 }
1713 }
1714 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1715 return peer_features;
1716 }
1717
1718 /*******************************************************************************
1719 *
1720 * Function bta_avk_check_peer_features
1721 *
1722 * Description check supported features on the peer device from the SDP
1723 * record and return the feature mask
1724 *
1725 * Returns tBTA_AV_FEAT peer device feature mask
1726 *
1727 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1728 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1729 tBTA_AV_FEAT peer_features = 0;
1730 tBTA_AV_CB* p_cb = &bta_av_cb;
1731
1732 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1733
1734 /* loop through all records we found */
1735 tSDP_DISC_REC* p_rec =
1736 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1737 while (p_rec) {
1738 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1739 service_uuid);
1740
1741 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1742 NULL) {
1743 /* find peer features */
1744 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1745 NULL)) {
1746 peer_features |= BTA_AV_FEAT_RCCT;
1747 }
1748 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1749 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1750 peer_features |= BTA_AV_FEAT_RCTG;
1751 }
1752 }
1753
1754 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1755 /* get profile version (if failure, version parameter is not updated) */
1756 uint16_t peer_rc_version = 0;
1757 bool val = SDP_FindProfileVersionInRec(
1758 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1759 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1760 __func__, peer_rc_version, val);
1761
1762 if (peer_rc_version >= AVRC_REV_1_3)
1763 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1764
1765 /* Get supported features */
1766 tSDP_DISC_ATTR* p_attr =
1767 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1768 if (p_attr != NULL) {
1769 uint16_t categories = p_attr->attr_value.v.u16;
1770 /*
1771 * Though Absolute Volume came after in 1.4 and above, but there are
1772 * few devices in market which supports absolute Volume and they are
1773 * still 1.3. To avoid IOP issuses with those devices, we check for
1774 * 1.3 as minimum version
1775 */
1776 if (peer_rc_version >= AVRC_REV_1_3) {
1777 if (categories & AVRC_SUPF_TG_CAT2)
1778 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1779 if (categories & AVRC_SUPF_TG_APP_SETTINGS)
1780 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1781 if (categories & AVRC_SUPF_TG_BROWSE)
1782 peer_features |= (BTA_AV_FEAT_BROWSE);
1783 }
1784
1785 /* AVRCP Cover Artwork over BIP */
1786 if (peer_rc_version >= AVRC_REV_1_6) {
1787 if (service_uuid == UUID_SERVCLASS_AV_REM_CTRL_TARGET &&
1788 categories & AVRC_SUPF_TG_PLAYER_COVER_ART)
1789 peer_features |= (BTA_AV_FEAT_COVER_ARTWORK);
1790 }
1791 }
1792 }
1793 /* get next record; if none found, we're done */
1794 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1795 }
1796 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1797 return peer_features;
1798 }
1799
1800 /******************************************************************************
1801 *
1802 * Function bta_avk_get_cover_art_psm
1803 *
1804 * Description Get the PSM associated with the AVRCP Target cover art
1805 * feature
1806 *
1807 * Returns uint16_t PSM value used to get cover artwork, or 0x0000 if
1808 * one does not exist.
1809 *
1810 *****************************************************************************/
bta_avk_get_cover_art_psm()1811 uint16_t bta_avk_get_cover_art_psm() {
1812 APPL_TRACE_DEBUG("%s: searching for cover art psm", __func__);
1813 /* Cover Art L2CAP PSM is only available on a target device */
1814 tBTA_AV_CB* p_cb = &bta_av_cb;
1815 tSDP_DISC_REC* p_rec =
1816 SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET,
1817 NULL);
1818 while (p_rec) {
1819 tSDP_DISC_ATTR* p_attr =
1820 (SDP_FindAttributeInRec(p_rec, ATTR_ID_ADDITION_PROTO_DESC_LISTS));
1821 /*
1822 * If we have the Additional Protocol Description Lists attribute then we
1823 * specifically want the list that is an L2CAP protocol leading to OBEX.
1824 * Because the is a case where cover art is supported and browsing isn't
1825 * we need to check each list for the one we want.
1826 *
1827 * This means we need to do drop down into the protocol list and do a
1828 * "for each protocol, for each protocol element, for each protocol element
1829 * list parameter, if the parameter is L2CAP then find the PSM associated
1830 * with it, then make sure we see OBEX in that same protocol"
1831 */
1832 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type)
1833 == DATA_ELE_SEQ_DESC_TYPE) {
1834 // Point to first in List of protocols (i.e [(L2CAP -> AVCTP),
1835 // (L2CAP -> OBEX)])
1836 tSDP_DISC_ATTR* p_protocol_list = p_attr->attr_value.v.p_sub_attr;
1837 while (p_protocol_list != NULL) {
1838 if (SDP_DISC_ATTR_TYPE(p_protocol_list->attr_len_type)
1839 == DATA_ELE_SEQ_DESC_TYPE) {
1840 // Point to fist in list of protocol elements (i.e. [L2CAP, AVCTP])
1841 tSDP_DISC_ATTR* p_protocol =
1842 p_protocol_list->attr_value.v.p_sub_attr;
1843 bool protocol_has_obex = false;
1844 bool protocol_has_l2cap = false;
1845 uint16_t psm = 0x0000;
1846 while (p_protocol) {
1847 if (SDP_DISC_ATTR_TYPE(p_protocol->attr_len_type)
1848 == DATA_ELE_SEQ_DESC_TYPE) {
1849 // Point to first item protocol parameters list (i.e [UUID=L2CAP,
1850 // PSM=0x1234])
1851 tSDP_DISC_ATTR* p_protocol_param =
1852 p_protocol->attr_value.v.p_sub_attr;
1853 /*
1854 * Currently there's only ever one UUID and one parameter. L2cap
1855 * has a single PSM, AVCTP has a version and OBEX has nothing.
1856 * Change this if that ever changes.
1857 */
1858 uint16_t protocol_uuid = 0;
1859 uint16_t protocol_param = 0;
1860 while (p_protocol_param) {
1861 uint16_t param_type =
1862 SDP_DISC_ATTR_TYPE(p_protocol_param->attr_len_type);
1863 uint16_t param_len =
1864 SDP_DISC_ATTR_LEN(p_protocol_param->attr_len_type);
1865 if (param_type == UUID_DESC_TYPE) {
1866 protocol_uuid = p_protocol_param->attr_value.v.u16;
1867 } else if (param_type == UINT_DESC_TYPE) {
1868 protocol_param = (param_len == 2)
1869 ? p_protocol_param->attr_value.v.u16
1870 : p_protocol_param->attr_value.v.u8;
1871 } /* else dont care */
1872 p_protocol_param = p_protocol_param->p_next_attr; // next
1873 }
1874 // If we've found L2CAP then the parameter is a PSM
1875 if (protocol_uuid == UUID_PROTOCOL_L2CAP) {
1876 protocol_has_l2cap = true;
1877 psm = protocol_param;
1878 } else if (protocol_uuid == UUID_PROTOCOL_OBEX) {
1879 protocol_has_obex = true;
1880 }
1881 }
1882 // If this protocol has l2cap and obex then we're found the BIP PSM
1883 if (protocol_has_l2cap && protocol_has_obex) {
1884 APPL_TRACE_DEBUG("%s: found psm 0x%x", __func__, psm);
1885 return psm;
1886 }
1887 p_protocol = p_protocol->p_next_attr; // next protocol element
1888 }
1889 }
1890 p_protocol_list = p_protocol_list->p_next_attr; // next protocol
1891 }
1892 }
1893 /* get next record; if none found, we're done */
1894 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1895 UUID_SERVCLASS_AV_REM_CTRL_TARGET, p_rec);
1896 }
1897 /* L2CAP PSM range is 0x1000-0xFFFF so 0x0000 is safe default invalid */
1898 APPL_TRACE_DEBUG("%s: could not find a BIP psm", __func__);
1899 return 0x0000;
1900 }
1901
1902 /*******************************************************************************
1903 *
1904 * Function bta_av_rc_disc_done
1905 *
1906 * Description Handle AVRCP service discovery results. If matching
1907 * service found, open AVRCP connection.
1908 *
1909 * Returns void
1910 *
1911 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1912 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1913 tBTA_AV_CB* p_cb = &bta_av_cb;
1914 tBTA_AV_SCB* p_scb = NULL;
1915 tBTA_AV_LCB* p_lcb;
1916 uint8_t rc_handle;
1917 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1918 uint16_t cover_art_psm = 0x0000;
1919
1920 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1921 if (!p_cb->disc) {
1922 return;
1923 }
1924
1925 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1926 /* this is the rc handle/index to tBTA_AV_RCB */
1927 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1928 } else {
1929 /* Validate array index*/
1930 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1931 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1932 }
1933 if (p_scb) {
1934 rc_handle = p_scb->rc_handle;
1935 } else {
1936 p_cb->disc = 0;
1937 return;
1938 }
1939 }
1940
1941 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1942 if (p_cb->sdp_a2dp_snk_handle) {
1943 /* This is Sink + CT + TG(Abs Vol) */
1944 peer_features =
1945 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1946 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
1947 peer_features);
1948 if (BTA_AV_FEAT_ADV_CTRL &
1949 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1950 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1951
1952 if (peer_features & BTA_AV_FEAT_COVER_ARTWORK)
1953 cover_art_psm = bta_avk_get_cover_art_psm();
1954
1955 APPL_TRACE_DEBUG("%s: populating rem ctrl target bip psm 0x%x", __func__,
1956 cover_art_psm);
1957 } else if (p_cb->sdp_a2dp_handle) {
1958 /* check peer version and whether support CT and TG role */
1959 peer_features =
1960 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1961 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1962 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1963 /* if we support advance control and peer does not, check their support on
1964 * TG role
1965 * some implementation uses 1.3 on CT ans 1.4 on TG */
1966 peer_features |=
1967 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1968 }
1969
1970 /* Change our features if the remote AVRCP version is 1.3 or less */
1971 tSDP_DISC_REC* p_rec = nullptr;
1972 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1973 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
1974 if (p_rec != NULL &&
1975 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
1976 /* get profile version (if failure, version parameter is not updated) */
1977 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
1978 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1979 &peer_rc_version);
1980 if (peer_rc_version <= AVRC_REV_1_3) {
1981 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
1982 __func__);
1983 p_bta_av_cfg = &bta_av_cfg_compatibility;
1984 }
1985 }
1986 }
1987
1988 p_cb->disc = 0;
1989 osi_free_and_reset((void**)&p_cb->p_disc_db);
1990
1991 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
1992 peer_features, p_cb->features);
1993
1994 /* if we have no rc connection */
1995 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1996 if (p_scb) {
1997 /* if peer remote control service matches ours and USE_RC is true */
1998 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1999 (peer_features & BTA_AV_FEAT_RCTG)) ||
2000 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
2001 (peer_features & BTA_AV_FEAT_RCCT)))) {
2002 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
2003 if (p_lcb) {
2004 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
2005 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
2006 if (rc_handle < BTA_AV_NUM_RCB) {
2007 p_cb->rcb[rc_handle].peer_features = peer_features;
2008 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2009 } else {
2010 /* cannot create valid rc_handle for current device. report failure
2011 */
2012 APPL_TRACE_ERROR("%s: no link resources available", __func__);
2013 p_scb->use_rc = false;
2014 tBTA_AV_RC_OPEN rc_open;
2015 rc_open.peer_addr = p_scb->PeerAddress();
2016 rc_open.peer_features = 0;
2017 rc_open.cover_art_psm = 0;
2018 rc_open.status = BTA_AV_FAIL_RESOURCES;
2019 tBTA_AV bta_av_data;
2020 bta_av_data.rc_open = rc_open;
2021 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2022 }
2023 } else {
2024 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
2025 }
2026 } else if (p_scb->use_rc) {
2027 /* can not find AVRC on peer device. report failure */
2028 p_scb->use_rc = false;
2029 tBTA_AV_RC_OPEN rc_open;
2030 rc_open.peer_addr = p_scb->PeerAddress();
2031 rc_open.peer_features = 0;
2032 rc_open.cover_art_psm = 0;
2033 rc_open.status = BTA_AV_FAIL_SDP;
2034 tBTA_AV bta_av_data;
2035 bta_av_data.rc_open = rc_open;
2036 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2037 }
2038 }
2039 } else {
2040 tBTA_AV_RC_FEAT rc_feat;
2041 p_cb->rcb[rc_handle].peer_features = peer_features;
2042 rc_feat.rc_handle = rc_handle;
2043 rc_feat.peer_features = peer_features;
2044 if (p_scb == NULL) {
2045 /*
2046 * In case scb is not created by the time we are done with SDP
2047 * we still need to send RC feature event. So we need to get BD
2048 * from Message. Note that lidx is 1 based not 0 based
2049 */
2050 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2051 } else {
2052 rc_feat.peer_addr = p_scb->PeerAddress();
2053 }
2054
2055 tBTA_AV bta_av_feat;
2056 bta_av_feat.rc_feat = rc_feat;
2057 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2058
2059 // Send PSM data
2060 APPL_TRACE_DEBUG("%s: Send PSM data", __func__);
2061 tBTA_AV_RC_PSM rc_psm;
2062 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2063 rc_psm.rc_handle = rc_handle;
2064 rc_psm.cover_art_psm = cover_art_psm;
2065 if (p_scb == NULL) {
2066 rc_psm.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2067 } else {
2068 rc_psm.peer_addr = p_scb->PeerAddress();
2069 }
2070
2071 APPL_TRACE_DEBUG("%s: rc_psm = 0x%x", __func__, rc_psm.cover_art_psm);
2072
2073 tBTA_AV bta_av_psm;
2074 bta_av_psm.rc_cover_art_psm = rc_psm;
2075 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2076 }
2077 }
2078
2079 /*******************************************************************************
2080 *
2081 * Function bta_av_rc_closed
2082 *
2083 * Description Set AVRCP state to closed.
2084 *
2085 * Returns void
2086 *
2087 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)2088 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
2089 tBTA_AV_CB* p_cb = &bta_av_cb;
2090 tBTA_AV_RC_CLOSE rc_close;
2091 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2092 tBTA_AV_RCB* p_rcb;
2093 tBTA_AV_SCB* p_scb;
2094 int i;
2095 bool conn = false;
2096 tBTA_AV_LCB* p_lcb;
2097
2098 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
2099 p_scb = NULL;
2100 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
2101 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
2102 p_rcb = &p_cb->rcb[i];
2103 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
2104 p_rcb->handle, p_rcb->status);
2105 if (p_rcb->handle == p_msg->handle) {
2106 rc_close.rc_handle = i;
2107 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
2108 p_rcb->peer_features = 0;
2109 p_rcb->cover_art_psm = 0;
2110 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
2111 p_rcb->lidx);
2112 if (p_rcb->shdl) {
2113 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2114 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2115 }
2116 if (p_scb) {
2117 rc_close.peer_addr = p_scb->PeerAddress();
2118 if (p_scb->rc_handle == p_rcb->handle)
2119 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
2120 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
2121 p_scb->rc_handle);
2122 }
2123 p_rcb->shdl = 0;
2124 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
2125 /* if the RCB uses the extra LCB, use the addr for event and clean it */
2126 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
2127 rc_close.peer_addr = p_msg->peer_addr;
2128 LOG_INFO("%s: rc_only closed bd_addr: %s", __func__,
2129 p_msg->peer_addr.ToString().c_str());
2130 p_lcb->conn_msk = 0;
2131 p_lcb->lidx = 0;
2132 }
2133 p_rcb->lidx = 0;
2134
2135 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
2136 /* AVCT CCB is deallocated */
2137 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
2138 p_rcb->status = 0;
2139 } else {
2140 /* AVCT CCB is still there. dealloc */
2141 bta_av_del_rc(p_rcb);
2142 }
2143 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
2144 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
2145 /* at least one channel is still connected */
2146 conn = true;
2147 }
2148 }
2149
2150 if (!conn) {
2151 /* no AVRC channels are connected, go back to INIT state */
2152 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
2153 }
2154
2155 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
2156 rc_close.rc_handle = p_msg->handle;
2157 rc_close.peer_addr = p_msg->peer_addr;
2158 }
2159 tBTA_AV bta_av_data;
2160 bta_av_data.rc_close = rc_close;
2161 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
2162 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE
2163 && bta_av_cb.features & BTA_AV_FEAT_RCTG)
2164 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
2165 }
2166
2167 /*******************************************************************************
2168 *
2169 * Function bta_av_rc_browse_opened
2170 *
2171 * Description AVRC browsing channel is opened
2172 *
2173 * Returns void
2174 *
2175 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)2176 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
2177 tBTA_AV_CB* p_cb = &bta_av_cb;
2178 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2179 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
2180
2181 LOG_INFO("%s: peer_addr: %s rc_handle:%d", __func__,
2182 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2183
2184 rc_browse_open.status = BTA_AV_SUCCESS;
2185 rc_browse_open.rc_handle = p_msg->handle;
2186 rc_browse_open.peer_addr = p_msg->peer_addr;
2187
2188 tBTA_AV bta_av_data;
2189 bta_av_data.rc_browse_open = rc_browse_open;
2190 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
2191 }
2192
2193 /*******************************************************************************
2194 *
2195 * Function bta_av_rc_browse_closed
2196 *
2197 * Description AVRC browsing channel is closed
2198 *
2199 * Returns void
2200 *
2201 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2202 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2203 tBTA_AV_CB* p_cb = &bta_av_cb;
2204 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2205 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2206
2207 LOG_INFO("%s: peer_addr: %s rc_handle:%d", __func__,
2208 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2209
2210 rc_browse_close.rc_handle = p_msg->handle;
2211 rc_browse_close.peer_addr = p_msg->peer_addr;
2212
2213 tBTA_AV bta_av_data;
2214 bta_av_data.rc_browse_close = rc_browse_close;
2215 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2216 }
2217
2218 /*******************************************************************************
2219 *
2220 * Function bta_av_rc_disc
2221 *
2222 * Description start AVRC SDP discovery.
2223 *
2224 * Returns void
2225 *
2226 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2227 void bta_av_rc_disc(uint8_t disc) {
2228 tBTA_AV_CB* p_cb = &bta_av_cb;
2229 tAVRC_SDP_DB_PARAMS db_params;
2230 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2231 ATTR_ID_BT_PROFILE_DESC_LIST,
2232 ATTR_ID_SUPPORTED_FEATURES,
2233 ATTR_ID_ADDITION_PROTO_DESC_LISTS};
2234 uint8_t hdi;
2235 tBTA_AV_SCB* p_scb;
2236 RawAddress peer_addr = RawAddress::kEmpty;
2237 uint8_t rc_handle;
2238
2239 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2240 bta_av_cb.disc);
2241 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2242
2243 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2244 /* this is the rc handle/index to tBTA_AV_RCB */
2245 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2246 if (p_cb->rcb[rc_handle].lidx) {
2247 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2248 }
2249 } else {
2250 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2251 p_scb = p_cb->p_scb[hdi];
2252
2253 if (p_scb) {
2254 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2255 peer_addr = p_scb->PeerAddress();
2256 }
2257 }
2258
2259 if (!peer_addr.IsEmpty()) {
2260 /* allocate discovery database */
2261 if (p_cb->p_disc_db == NULL)
2262 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2263
2264 /* set up parameters */
2265 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2266 db_params.num_attr = sizeof(attr_list) / sizeof(uint16_t);
2267 db_params.p_db = p_cb->p_disc_db;
2268 db_params.p_attrs = attr_list;
2269
2270 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2271 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2272 &db_params,
2273 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2274 p_cb->disc = disc;
2275 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2276 }
2277 }
2278 }
2279
2280 /*******************************************************************************
2281 *
2282 * Function bta_av_dereg_comp
2283 *
2284 * Description deregister complete. free the stream control block.
2285 *
2286 * Returns void
2287 *
2288 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2289 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2290 tBTA_AV_CB* p_cb = &bta_av_cb;
2291 tBTA_AV_SCB* p_scb;
2292 tBTA_UTL_COD cod;
2293 uint8_t mask;
2294 BT_HDR* p_buf;
2295
2296 /* find the stream control block */
2297 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2298
2299 if (p_scb) {
2300 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2301 p_scb->hndl);
2302 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2303 p_cb->reg_audio &= ~mask;
2304 if ((p_cb->conn_audio & mask) && p_cb->audio_open_cnt) {
2305 /* this channel is still marked as open. decrease the count */
2306 p_cb->audio_open_cnt--;
2307 }
2308 p_cb->conn_audio &= ~mask;
2309
2310 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2311 /* make sure no buffers are in a2dp_list */
2312 while (!list_is_empty(p_scb->a2dp_list)) {
2313 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2314 list_remove(p_scb->a2dp_list, p_buf);
2315 osi_free(p_buf);
2316 }
2317 }
2318
2319 /* remove the A2DP SDP record, if no more audio stream is left */
2320 if (!p_cb->reg_audio) {
2321
2322 /* Only remove the SDP record if we're the ones that created it */
2323 if (is_new_avrcp_enabled()) {
2324 APPL_TRACE_DEBUG("%s: newavrcp is the owner of the AVRCP Target SDP "
2325 "record. Don't dereg the SDP record", __func__);
2326 } else {
2327 APPL_TRACE_DEBUG("%s: newavrcp is not enabled. Remove SDP record",
2328 __func__);
2329 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2330 }
2331
2332 if (p_cb->sdp_a2dp_handle) {
2333 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2334 p_cb->sdp_a2dp_handle = 0;
2335 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2336 }
2337
2338 if (p_cb->sdp_a2dp_snk_handle) {
2339 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2340 p_cb->sdp_a2dp_snk_handle = 0;
2341 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2342 }
2343 }
2344
2345 bta_av_free_scb(p_scb);
2346 }
2347
2348 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2349 p_cb->disabling);
2350 /* if no stream control block is active */
2351 if (p_cb->reg_audio == 0) {
2352 /* deregister from AVDT */
2353 bta_ar_dereg_avdt();
2354
2355 /* deregister from AVCT */
2356 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2357 bta_ar_dereg_avct();
2358
2359 if (p_cb->disabling) {
2360 p_cb->disabling = false;
2361 // reset enabling parameters
2362 p_cb->features = 0;
2363 p_cb->sec_mask = 0;
2364 }
2365
2366 /* Clear the Capturing service class bit */
2367 cod.service = BTM_COD_SERVICE_CAPTURING;
2368 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2369 }
2370 }
2371