1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include <cstdint>
29
30 #include "bt_target.h" // Must be first to define build configuration
31 #include "bta/av/bta_av_int.h"
32 #include "bta/include/bta_ar_api.h"
33 #include "bta/include/utl.h"
34 #include "btif/avrcp/avrcp_service.h"
35 #include "device/include/device_iot_config.h"
36 #include "osi/include/allocator.h"
37 #include "osi/include/log.h"
38 #include "osi/include/osi.h" // UNUSED_ATTR
39 #include "osi/include/properties.h"
40 #include "stack/include/acl_api.h"
41 #include "stack/include/bt_hdr.h"
42 #include "stack/include/l2c_api.h"
43 #include "types/raw_address.h"
44
45 /*****************************************************************************
46 * Constants
47 ****************************************************************************/
48 /* the timeout to wait for open req after setconfig for incoming connections */
49 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
50 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
51 #endif
52
53 /* Time to wait for signalling from SNK when it is initiated from SNK. */
54 /* If not, we will start signalling from SRC. */
55 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
56 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
57 #endif
58
59 static void bta_av_accept_signalling_timer_cback(void* data);
60
61 #ifndef AVRC_MIN_META_CMD_LEN
62 #define AVRC_MIN_META_CMD_LEN 20
63 #endif
64
65 /*******************************************************************************
66 *
67 * Function bta_av_get_rcb_by_shdl
68 *
69 * Description find the RCB associated with the given SCB handle.
70 *
71 * Returns tBTA_AV_RCB
72 *
73 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)74 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
75 tBTA_AV_RCB* p_rcb = NULL;
76 int i;
77
78 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
79 if (bta_av_cb.rcb[i].shdl == shdl &&
80 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
81 p_rcb = &bta_av_cb.rcb[i];
82 break;
83 }
84 }
85 return p_rcb;
86 }
87 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
88
89 /*******************************************************************************
90 *
91 * Function bta_av_del_rc
92 *
93 * Description delete the given AVRC handle.
94 *
95 * Returns void
96 *
97 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)98 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
99 tBTA_AV_SCB* p_scb;
100 uint8_t rc_handle; /* connected AVRCP handle */
101
102 p_scb = NULL;
103 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
104 if (p_rcb->shdl) {
105 /* Validate array index*/
106 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
107 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
108 }
109 if (p_scb) {
110 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
111 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
112 if (p_scb->rc_handle == p_rcb->handle)
113 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
114 /* just in case the RC timer is active
115 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
116 BTA_AV_CHNL_AUDIO) */
117 alarm_cancel(p_scb->avrc_ct_timer);
118 }
119 }
120
121 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
122 __func__, p_rcb->handle, p_rcb->status,
123 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
124 rc_handle = p_rcb->handle;
125 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
126 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
127 p_rcb->status = 0;
128 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
129 p_rcb->shdl = 0;
130 p_rcb->lidx = 0;
131 }
132 /* else ACP && connected. do not clear the handle yet */
133 AVRC_Close(rc_handle);
134 if (rc_handle == bta_av_cb.rc_acp_handle)
135 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
136 APPL_TRACE_EVENT(
137 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
138 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
139 p_rcb->lidx);
140 }
141 }
142
143 /*******************************************************************************
144 *
145 * Function bta_av_close_all_rc
146 *
147 * Description close the all AVRC handle.
148 *
149 * Returns void
150 *
151 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)152 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
153 int i;
154
155 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
156 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
157 bta_av_del_rc(&bta_av_cb.rcb[i]);
158 }
159 }
160
161 /*******************************************************************************
162 *
163 * Function bta_av_del_sdp_rec
164 *
165 * Description delete the given SDP record handle.
166 *
167 * Returns void
168 *
169 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)170 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
171 if (*p_sdp_handle != 0) {
172 SDP_DeleteRecord(*p_sdp_handle);
173 *p_sdp_handle = 0;
174 }
175 }
176
177 /*******************************************************************************
178 *
179 * Function bta_av_avrc_sdp_cback
180 *
181 * Description AVRCP service discovery callback.
182 *
183 * Returns void
184 *
185 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)186 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
187 BT_HDR_RIGID* p_msg = (BT_HDR_RIGID*)osi_malloc(sizeof(BT_HDR_RIGID));
188
189 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
190
191 bta_sys_sendmsg(p_msg);
192 }
193
194 /*******************************************************************************
195 *
196 * Function bta_av_rc_ctrl_cback
197 *
198 * Description AVRCP control callback.
199 *
200 * Returns void
201 *
202 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,const RawAddress * peer_addr)203 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
204 UNUSED_ATTR uint16_t result,
205 const RawAddress* peer_addr) {
206 uint16_t msg_event = 0;
207
208 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
209 if (event == AVRC_OPEN_IND_EVT) {
210 /* save handle of opened connection
211 bta_av_cb.rc_handle = handle;*/
212
213 msg_event = BTA_AV_AVRC_OPEN_EVT;
214 } else if (event == AVRC_CLOSE_IND_EVT) {
215 msg_event = BTA_AV_AVRC_CLOSE_EVT;
216 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
217 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
218 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
219 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
220 }
221
222 if (msg_event) {
223 tBTA_AV_RC_CONN_CHG* p_msg =
224 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
225 p_msg->hdr.event = msg_event;
226 p_msg->handle = handle;
227 p_msg->peer_addr = (peer_addr) ? (*peer_addr) : RawAddress::kEmpty;
228 bta_sys_sendmsg(p_msg);
229 }
230 }
231
232 /*******************************************************************************
233 *
234 * Function bta_av_rc_msg_cback
235 *
236 * Description AVRCP message callback.
237 *
238 * Returns void
239 *
240 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)241 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
242 tAVRC_MSG* p_msg) {
243 uint8_t* p_data_src = NULL;
244 uint16_t data_len = 0;
245
246 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
247
248 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
249 */
250
251 /* Get size of payload data (for vendor and passthrough messages only; for
252 * browsing
253 * messages, use zero-copy) */
254 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
255 p_data_src = p_msg->vendor.p_vendor_data;
256 data_len = (uint16_t)p_msg->vendor.vendor_len;
257 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
258 p_data_src = p_msg->pass.p_pass_data;
259 data_len = (uint16_t)p_msg->pass.pass_len;
260 }
261
262 /* Create a copy of the message */
263 tBTA_AV_RC_MSG* p_buf =
264 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
265
266 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
267 p_buf->handle = handle;
268 p_buf->label = label;
269 p_buf->opcode = opcode;
270 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
271 /* Copy the data payload, and set the pointer to it */
272 if (p_data_src != NULL) {
273 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
274 memcpy(p_data_dst, p_data_src, data_len);
275
276 /* Update bta message buffer to point to payload data */
277 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
278 * already points to original avrc buffer) */
279 if (opcode == AVRC_OP_VENDOR)
280 p_buf->msg.vendor.p_vendor_data = p_data_dst;
281 else if (opcode == AVRC_OP_PASS_THRU)
282 p_buf->msg.pass.p_pass_data = p_data_dst;
283 }
284
285 if (opcode == AVRC_OP_BROWSE) {
286 /* set p_pkt to NULL, so avrc would not free the buffer */
287 p_msg->browse.p_browse_pkt = NULL;
288 }
289
290 bta_sys_sendmsg(p_buf);
291 }
292
293 /*******************************************************************************
294 *
295 * Function bta_av_rc_create
296 *
297 * Description alloc RCB and call AVRC_Open
298 *
299 * Returns the created rc handle
300 *
301 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)302 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
303 uint8_t lidx) {
304 if (is_new_avrcp_enabled()) {
305 LOG_INFO("Skipping RC creation for the old AVRCP profile");
306 return BTA_AV_RC_HANDLE_NONE;
307 }
308
309 tAVRC_CONN_CB ccb;
310 RawAddress bda = RawAddress::kAny;
311 uint8_t status = BTA_AV_RC_ROLE_ACP;
312 int i;
313 uint8_t rc_handle;
314 tBTA_AV_RCB* p_rcb;
315
316 if (role == AVCT_INT) {
317 // Can't grab a stream control block that doesn't have a valid handle
318 if (!shdl) {
319 APPL_TRACE_ERROR(
320 "%s: Can't grab stream control block for shdl = %d -> index = %d",
321 __func__, shdl, shdl - 1);
322 return BTA_AV_RC_HANDLE_NONE;
323 }
324 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
325 bda = p_scb->PeerAddress();
326 status = BTA_AV_RC_ROLE_INT;
327 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_scb->PeerAddress(),
328 IOT_CONF_KEY_AVRCP_CONN_COUNT);
329
330 } else {
331 p_rcb = bta_av_get_rcb_by_shdl(shdl);
332 if (p_rcb != NULL) {
333 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
334 p_rcb->lidx = lidx;
335 return p_rcb->handle;
336 }
337 }
338
339 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
340 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
341 ccb.company_id = p_bta_av_cfg->company_id;
342 ccb.conn = role;
343 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
344 */
345 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
346 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
347
348 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS) {
349 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(bda, IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
350 return BTA_AV_RC_HANDLE_NONE;
351 }
352
353 i = rc_handle;
354 p_rcb = &p_cb->rcb[i];
355
356 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
357 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
358 }
359
360 p_rcb->handle = rc_handle;
361 p_rcb->status = status;
362 p_rcb->shdl = shdl;
363 p_rcb->lidx = lidx;
364 p_rcb->peer_features = 0;
365 p_rcb->cover_art_psm = 0;
366 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
367 /* this LIDX is reserved for the AVRCP ACP connection */
368 p_cb->rc_acp_handle = p_rcb->handle;
369 p_cb->rc_acp_idx = (i + 1);
370 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
371 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
372 }
373 APPL_TRACE_DEBUG(
374 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
375 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
376
377 return rc_handle;
378 }
379
380 /*******************************************************************************
381 *
382 * Function bta_av_valid_group_navi_msg
383 *
384 * Description Check if it is Group Navigation Msg for Metadata
385 *
386 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
387 *
388 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)389 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
390 bool is_inquiry) {
391 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
392 uint8_t* p_ptr = p_data;
393 uint16_t u16;
394 uint32_t u32;
395
396 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
397 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
398 BE_STREAM_TO_UINT16(u16, p_ptr);
399
400 if (u32 == AVRC_CO_METADATA) {
401 if (is_inquiry) {
402 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
403 } else {
404 if (u16 <= AVRC_PDU_PREV_GROUP)
405 ret = AVRC_RSP_ACCEPT;
406 else
407 ret = AVRC_RSP_REJ;
408 }
409 }
410 }
411
412 return ret;
413 }
414
415 /*******************************************************************************
416 *
417 * Function bta_av_op_supported
418 *
419 * Description Check if remote control operation is supported.
420 *
421 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
422 *
423 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)424 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
425 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
426
427 if (p_bta_av_rc_id) {
428 if (is_inquiry) {
429 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
430 ret_code = AVRC_RSP_IMPL_STBL;
431 }
432 } else {
433 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
434 ret_code = AVRC_RSP_ACCEPT;
435 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
436 p_bta_av_rc_id_ac) {
437 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
438 ret_code = AVRC_RSP_INTERIM;
439 }
440 }
441 }
442 }
443 return ret_code;
444 }
445
446 /*******************************************************************************
447 *
448 * Function bta_av_find_lcb
449 *
450 * Description Given BD_addr, find the associated LCB.
451 *
452 * Returns NULL, if not found.
453 *
454 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)455 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
456 tBTA_AV_CB* p_cb = &bta_av_cb;
457 int xx;
458 uint8_t mask;
459 tBTA_AV_LCB* p_lcb = NULL;
460
461 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__,
462 ADDRESS_TO_LOGGABLE_CSTR(addr), op);
463 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
464 mask = 1 << xx; /* the used mask for this lcb */
465 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
466 p_lcb = &p_cb->lcb[xx];
467 if (op == BTA_AV_LCB_FREE) {
468 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
469 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
470 }
471 break;
472 }
473 }
474 return p_lcb;
475 }
476
477 /*******************************************************************************
478 *
479 * Function bta_av_rc_opened
480 *
481 * Description Set AVRCP state to opened.
482 *
483 * Returns void
484 *
485 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)486 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
487 tBTA_AV_RC_OPEN rc_open;
488 tBTA_AV_SCB* p_scb;
489 int i;
490 uint8_t shdl = 0;
491 tBTA_AV_LCB* p_lcb;
492 tBTA_AV_RCB* p_rcb;
493 uint8_t tmp;
494 uint8_t disc = 0;
495
496 /* find the SCB & stop the timer */
497 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
498 p_scb = p_cb->p_scb[i];
499 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
500 p_scb->rc_handle = p_data->rc_conn_chg.handle;
501 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
502 p_scb->rc_handle);
503 shdl = i + 1;
504 LOG_INFO("%s: allow incoming AVRCP connections:%d", __func__,
505 p_scb->use_rc);
506 alarm_cancel(p_scb->avrc_ct_timer);
507 disc = p_scb->hndl;
508 break;
509 }
510 }
511
512 i = p_data->rc_conn_chg.handle;
513 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
514 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
515 return;
516 }
517
518 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
519 p_cb->features, p_cb->rcb[i].peer_features);
520
521 /* listen to browsing channel when the connection is open,
522 * if peer initiated AVRCP connection and local device supports browsing
523 * channel */
524 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
525
526 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
527 /* rc is opened on the RC only ACP channel, but is for a specific
528 * SCB -> need to switch RCBs */
529 p_rcb = bta_av_get_rcb_by_shdl(shdl);
530 if (p_rcb) {
531 p_rcb->shdl = p_cb->rcb[i].shdl;
532 tmp = p_rcb->lidx;
533 p_rcb->lidx = p_cb->rcb[i].lidx;
534 p_cb->rcb[i].lidx = tmp;
535 p_cb->rc_acp_handle = p_rcb->handle;
536 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
537 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
538 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
539 }
540 }
541
542 p_cb->rcb[i].shdl = shdl;
543 rc_open.rc_handle = i;
544 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
545 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
546 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
547
548 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
549 /* no associated SCB -> connected to an RC only device
550 * update the index to the extra LCB */
551 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
552 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
553 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
554 p_cb->rcb[i].lidx = p_lcb->lidx;
555 p_lcb->conn_msk = 1;
556 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
557 __func__, ADDRESS_TO_LOGGABLE_CSTR(p_lcb->addr), i,
558 p_cb->rcb[i].lidx, p_lcb->conn_msk);
559 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
560 }
561
562 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
563 rc_open.peer_features = p_cb->rcb[i].peer_features;
564 rc_open.cover_art_psm = p_cb->rcb[i].cover_art_psm;
565 rc_open.status = BTA_AV_SUCCESS;
566 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
567 p_cb->features, rc_open.peer_features);
568 APPL_TRACE_DEBUG("%s: cover art psm:x%x", __func__, rc_open.cover_art_psm);
569 if (rc_open.peer_features == 0) {
570 /* we have not done SDP on peer RC capabilities.
571 * peer must have initiated the RC connection */
572 if (p_cb->features & BTA_AV_FEAT_RCCT)
573 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
574 if (p_cb->features & BTA_AV_FEAT_RCTG)
575 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
576
577 bta_av_rc_disc(disc);
578 }
579 tBTA_AV bta_av_data;
580 bta_av_data.rc_open = rc_open;
581 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
582
583 /* if local initiated AVRCP connection and both peer and locals device support
584 * browsing channel, open the browsing channel now
585 * TODO (sanketa): Some TG would not broadcast browse feature hence check
586 * inter-op. */
587 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
588 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
589 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
590 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
591 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
592 }
593 }
594
595 /*******************************************************************************
596 *
597 * Function bta_av_rc_remote_cmd
598 *
599 * Description Send an AVRCP remote control command.
600 *
601 * Returns void
602 *
603 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)604 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
605 tBTA_AV_RCB* p_rcb;
606 if (p_cb->features & BTA_AV_FEAT_RCCT) {
607 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
608 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
609 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
610 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
611 &p_data->api_remote_cmd.msg);
612 }
613 }
614 }
615 }
616
617 /*******************************************************************************
618 *
619 * Function bta_av_rc_vendor_cmd
620 *
621 * Description Send an AVRCP vendor specific command.
622 *
623 * Returns void
624 *
625 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)626 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
627 tBTA_AV_RCB* p_rcb;
628 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
629 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
630 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
631 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
632 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
633 &p_data->api_vendor.msg);
634 }
635 }
636 }
637
638 /*******************************************************************************
639 *
640 * Function bta_av_rc_vendor_rsp
641 *
642 * Description Send an AVRCP vendor specific response.
643 *
644 * Returns void
645 *
646 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)647 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
648 tBTA_AV_RCB* p_rcb;
649 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
650 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
651 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
652 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
653 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
654 &p_data->api_vendor.msg);
655 }
656 }
657 }
658
659 /*******************************************************************************
660 *
661 * Function bta_av_rc_meta_rsp
662 *
663 * Description Send an AVRCP metadata/advanced control command/response.
664 *
665 * Returns void
666 *
667 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)668 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
669 tBTA_AV_RCB* p_rcb;
670 bool do_free = true;
671
672 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
673 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
674 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
675 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
676 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
677 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
678 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
679 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
680 do_free = false;
681 }
682 }
683 }
684
685 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
686 }
687
688 /*******************************************************************************
689 *
690 * Function bta_av_rc_free_rsp
691 *
692 * Description free an AVRCP metadata command buffer.
693 *
694 * Returns void
695 *
696 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)697 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
698 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
699 }
700
701 /*******************************************************************************
702 *
703 * Function bta_av_rc_free_browse_msg
704 *
705 * Description free an AVRCP browse message buffer.
706 *
707 * Returns void
708 *
709 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)710 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
711 tBTA_AV_DATA* p_data) {
712 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
713 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
714 }
715 }
716
717 /*******************************************************************************
718 *
719 * Function bta_av_chk_notif_evt_id
720 *
721 * Description make sure the requested player id is valid.
722 *
723 * Returns BTA_AV_STS_NO_RSP, if no error
724 *
725 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)726 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
727 tAVRC_STS status = BTA_AV_STS_NO_RSP;
728 uint8_t xx;
729 uint16_t u16;
730 uint8_t* p = p_vendor->p_vendor_data + 2;
731
732 BE_STREAM_TO_UINT16(u16, p);
733 /* double check the fixed length */
734 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
735 status = AVRC_STS_INTERNAL_ERR;
736 } else {
737 /* make sure the player_id is valid */
738 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
739 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
740 break;
741 }
742 }
743 if (xx == p_bta_av_cfg->num_evt_ids) {
744 status = AVRC_STS_BAD_PARAM;
745 }
746 }
747
748 return status;
749 }
750
751 /*******************************************************************************
752 *
753 * Function bta_av_proc_meta_cmd
754 *
755 * Description Process an AVRCP metadata command from the peer.
756 *
757 * Returns true to respond immediately
758 *
759 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)760 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
761 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
762 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
763 uint8_t u8, pdu, *p;
764 uint16_t u16;
765 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
766
767 if (p_vendor->vendor_len == 0) {
768 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
769 APPL_TRACE_DEBUG("%s: p_vendor->vendor_len == 0", __func__);
770 // the caller of this function assume 0 to be an invalid event
771 return 0;
772 }
773
774 pdu = *(p_vendor->p_vendor_data);
775 p_rc_rsp->pdu = pdu;
776 *p_ctype = AVRC_RSP_REJ;
777
778 /* Check to ansure a valid minimum meta data length */
779 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
780 /* reject it */
781 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
782 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
783 p_vendor->vendor_len);
784 return 0;
785 }
786
787 /* Metadata messages only use PANEL sub-unit type */
788 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
789 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
790 /* reject it */
791 evt = 0;
792 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
793 p_vendor->vendor_len = 0;
794 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
795 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
796 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
797 p_vendor->hdr.ctype);
798 /* reject invalid message without reporting to app */
799 evt = 0;
800 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
801 } else {
802 switch (pdu) {
803 case AVRC_PDU_GET_CAPABILITIES:
804 /* process GetCapabilities command without reporting the event to app */
805 evt = 0;
806 if (p_vendor->vendor_len != 5) {
807 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
808 break;
809 }
810 u8 = *(p_vendor->p_vendor_data + 4);
811 p = p_vendor->p_vendor_data + 2;
812 p_rc_rsp->get_caps.capability_id = u8;
813 BE_STREAM_TO_UINT16(u16, p);
814 if (u16 != 1) {
815 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
816 } else {
817 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
818 if (u8 == AVRC_CAP_COMPANY_ID) {
819 *p_ctype = AVRC_RSP_IMPL_STBL;
820 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
821 memcpy(p_rc_rsp->get_caps.param.company_id,
822 p_bta_av_cfg->p_meta_co_ids,
823 (p_bta_av_cfg->num_co_ids << 2));
824 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
825 *p_ctype = AVRC_RSP_IMPL_STBL;
826 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
827 memcpy(p_rc_rsp->get_caps.param.event_id,
828 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
829 } else {
830 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
831 /* reject - unknown capability ID */
832 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
833 }
834 }
835 break;
836
837 case AVRC_PDU_REGISTER_NOTIFICATION:
838 /* make sure the event_id is implemented */
839 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
840 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
841 break;
842 }
843 }
844
845 return evt;
846 }
847
848 /*******************************************************************************
849 *
850 * Function bta_av_rc_msg
851 *
852 * Description Process an AVRCP message from the peer.
853 *
854 * Returns void
855 *
856 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)857 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
858 tBTA_AV_EVT evt = 0;
859 tBTA_AV av;
860 BT_HDR* p_pkt = NULL;
861 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
862 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
863 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
864 uint8_t ctype = 0;
865 tAVRC_RESPONSE rc_rsp;
866
867 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
868
869 if (NULL == p_data) {
870 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
871 return;
872 }
873
874 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
875 p_data->rc_msg.msg.hdr.ctype);
876
877 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
878 /* if this is a pass thru command */
879 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
880 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
881 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
882 /* check if operation is supported */
883 char avrcp_ct_support[PROPERTY_VALUE_MAX];
884 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
885 "false");
886 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
887 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
888 if (p_cb->features & BTA_AV_FEAT_METADATA)
889 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
890 p_data->rc_msg.msg.pass.pass_len,
891 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
892 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
893 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
894 !strcmp(avrcp_ct_support, "true")) {
895 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
896 } else {
897 p_data->rc_msg.msg.hdr.ctype =
898 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
899 }
900
901 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
902
903 /* send response */
904 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
905 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
906 &p_data->rc_msg.msg.pass);
907
908 /* set up for callback if supported */
909 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
910 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
911 evt = BTA_AV_REMOTE_CMD_EVT;
912 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
913 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
914 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
915 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
916 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
917 av.remote_cmd.label = p_data->rc_msg.label;
918 }
919 }
920 /* else if this is a pass thru response */
921 /* id response type is not impl, we have to release label */
922 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
923 /* set up for callback */
924 evt = BTA_AV_REMOTE_RSP_EVT;
925 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
926 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
927 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
928 av.remote_rsp.label = p_data->rc_msg.label;
929
930 /* If this response is for vendor unique command */
931 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
932 (p_data->rc_msg.msg.pass.pass_len > 0)) {
933 av.remote_rsp.p_data =
934 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
935 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
936 p_data->rc_msg.msg.pass.pass_len);
937 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
938 p_data->rc_msg.msg.pass.pass_len);
939 }
940 }
941 /* must be a bad ctype -> reject*/
942 else {
943 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
944 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
945 &p_data->rc_msg.msg.pass);
946 }
947 }
948 /* else if this is a vendor specific command or response */
949 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
950 /* set up for callback */
951 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
952 av.vendor_cmd.company_id = p_vendor->company_id;
953 av.vendor_cmd.label = p_data->rc_msg.label;
954 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
955 av.vendor_cmd.len = p_vendor->vendor_len;
956
957 /* if configured to support vendor specific and it's a command */
958 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
959 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
960 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
961 (p_vendor->company_id == AVRC_CO_METADATA)) {
962 av.meta_msg.p_msg = &p_data->rc_msg.msg;
963 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
964 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
965 } else {
966 evt = BTA_AV_VENDOR_CMD_EVT;
967 }
968 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
969 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
970 /* else if configured to support vendor specific and it's a response */
971 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
972 (p_vendor->company_id == AVRC_CO_METADATA)) {
973 av.meta_msg.p_msg = &p_data->rc_msg.msg;
974 evt = BTA_AV_META_MSG_EVT;
975 } else {
976 evt = BTA_AV_VENDOR_RSP_EVT;
977 }
978 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
979 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
980 /* else if not configured to support vendor specific and it's a command */
981 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
982 /* reject it */
983 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
984 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
985 } else {
986 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
987 }
988 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
989 &p_data->rc_msg.msg.vendor);
990 }
991 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
992 /* set up for callback */
993 av.meta_msg.rc_handle = p_data->rc_msg.handle;
994 av.meta_msg.company_id = p_vendor->company_id;
995 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
996 av.meta_msg.label = p_data->rc_msg.label;
997 av.meta_msg.p_msg = &p_data->rc_msg.msg;
998 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
999 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
1000 evt = BTA_AV_META_MSG_EVT;
1001 }
1002
1003 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
1004 if (!p_pkt) {
1005 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
1006 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
1007 }
1008 if (p_pkt)
1009 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
1010 }
1011
1012 /* call callback */
1013 if (evt != 0) {
1014 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1015 (*p_cb->p_cback)(evt, &av);
1016 /* If browsing message, then free the browse message buffer */
1017 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE &&
1018 p_data->rc_msg.msg.browse.p_browse_pkt != NULL) {
1019 bta_av_rc_free_browse_msg(p_cb, p_data);
1020 }
1021 }
1022 }
1023
1024 /*******************************************************************************
1025 *
1026 * Function bta_av_rc_close
1027 *
1028 * Description close the specified AVRC handle.
1029 *
1030 * Returns void
1031 *
1032 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1033 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1034 uint16_t handle = p_data->hdr.layer_specific;
1035 tBTA_AV_SCB* p_scb;
1036 tBTA_AV_RCB* p_rcb;
1037
1038 if (handle < BTA_AV_NUM_RCB) {
1039 p_rcb = &p_cb->rcb[handle];
1040
1041 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1042 p_rcb->status);
1043 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1044 if (p_rcb->shdl) {
1045 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1046 if (p_scb) {
1047 /* just in case the RC timer is active
1048 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1049 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1050 alarm_cancel(p_scb->avrc_ct_timer);
1051 }
1052 }
1053
1054 AVRC_Close(p_rcb->handle);
1055 }
1056 }
1057 }
1058
1059 /*******************************************************************************
1060 *
1061 * Function bta_av_rc_browse_close
1062 *
1063 * Description Empty placeholder.
1064 *
1065 * Returns void
1066 *
1067 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1068 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1069 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1070 }
1071
1072 /*******************************************************************************
1073 *
1074 * Function bta_av_get_shdl
1075 *
1076 * Returns The index to p_scb[]
1077 *
1078 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1079 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1080 int i;
1081 uint8_t shdl = 0;
1082 /* find the SCB & stop the timer */
1083 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1084 if (p_scb == bta_av_cb.p_scb[i]) {
1085 shdl = i + 1;
1086 break;
1087 }
1088 }
1089 return shdl;
1090 }
1091
1092 /*******************************************************************************
1093 *
1094 * Function bta_av_stream_chg
1095 *
1096 * Description audio streaming status changed.
1097 *
1098 * Returns void
1099 *
1100 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1101 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1102 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1103
1104 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1105 ADDRESS_TO_LOGGABLE_CSTR(p_scb->PeerAddress()),
1106 logbool(started).c_str(), started_msk);
1107
1108 if (started) {
1109 /* Let L2CAP know this channel is processed with high priority */
1110 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1111 } else {
1112 /* Let L2CAP know this channel is processed with low priority */
1113 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1114 }
1115 }
1116
1117 /*******************************************************************************
1118 *
1119 * Function bta_av_conn_chg
1120 *
1121 * Description connetion status changed.
1122 * Open an AVRCP acceptor channel, if new conn.
1123 *
1124 * Returns void
1125 *
1126 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1127 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1128 tBTA_AV_CB* p_cb = &bta_av_cb;
1129 tBTA_AV_SCB* p_scb = NULL;
1130 tBTA_AV_SCB* p_scbi;
1131 uint8_t mask;
1132 uint8_t conn_msk;
1133 uint8_t old_msk;
1134 int i;
1135 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1136 tBTA_AV_LCB* p_lcb;
1137 tBTA_AV_LCB* p_lcb_rc;
1138 tBTA_AV_RCB *p_rcb, *p_rcb2;
1139 bool chk_restore = false;
1140
1141 /* Validate array index*/
1142 if (index < BTA_AV_NUM_STRS) {
1143 p_scb = p_cb->p_scb[index];
1144 }
1145 mask = BTA_AV_HNDL_TO_MSK(index);
1146 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1147 conn_msk = 1 << (index + 1);
1148 if (p_data->conn_chg.is_up) {
1149 /* set the conned mask for this channel */
1150 if (p_scb) {
1151 if (p_lcb) {
1152 p_lcb->conn_msk |= conn_msk;
1153 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1154 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1155 bta_av_cb.rcb[i].shdl = index + 1;
1156 APPL_TRACE_DEBUG(
1157 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1158 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1159 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1160 break;
1161 }
1162 }
1163 }
1164 old_msk = p_cb->conn_audio;
1165 p_cb->conn_audio |= mask;
1166
1167 if ((old_msk & mask) == 0) {
1168 /* increase the audio open count, if not set yet */
1169 bta_av_cb.audio_open_cnt++;
1170 }
1171
1172 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1173 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1174 /* check if the AVRCP ACP channel is already connected */
1175 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1176 p_cb->rc_acp_idx) {
1177 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1178 APPL_TRACE_DEBUG(
1179 "%s: rc_acp is connected && conn_chg on same addr "
1180 "p_lcb_rc->conn_msk:x%x",
1181 __func__, p_lcb_rc->conn_msk);
1182 /* check if the RC is connected to the scb addr */
1183 LOG_INFO("%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s", __func__,
1184 ADDRESS_TO_LOGGABLE_CSTR(p_lcb_rc->addr),
1185 ADDRESS_TO_LOGGABLE_CSTR(p_data->conn_chg.peer_addr));
1186
1187 if (p_lcb_rc->conn_msk &&
1188 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1189 /* AVRCP is already connected.
1190 * need to update the association betwen SCB and RCB */
1191 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1192 p_lcb_rc->lidx = 0;
1193 p_scb->rc_handle = p_cb->rc_acp_handle;
1194 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1195 p_rcb->shdl = bta_av_get_shdl(p_scb);
1196 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1197 index + 1, p_rcb->shdl, p_scb->rc_handle);
1198
1199 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1200 if (p_rcb2) {
1201 /* found the RCB that was created to associated with this SCB */
1202 p_cb->rc_acp_handle = p_rcb2->handle;
1203 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1204 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1205 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1206 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1207 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1208 p_rcb2->handle, p_rcb2->lidx,
1209 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1210 }
1211 p_rcb->lidx = p_lcb->lidx;
1212 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1213 p_rcb->handle, p_rcb->lidx,
1214 p_cb->lcb[p_rcb->lidx - 1].lidx);
1215 }
1216 }
1217 }
1218 } else {
1219 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1220 /* this channel is still marked as open. decrease the count */
1221 bta_av_cb.audio_open_cnt--;
1222 }
1223
1224 /* clear the conned mask for this channel */
1225 p_cb->conn_audio &= ~mask;
1226 if (p_scb) {
1227 // The stream is closed. Clear the state.
1228 p_scb->OnDisconnected();
1229 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1230 if (p_lcb) {
1231 p_lcb->conn_msk &= ~conn_msk;
1232 }
1233 /* audio channel is down. make sure the INT channel is down */
1234 /* just in case the RC timer is active
1235 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1236 { alarm_cancel(p_scb->avrc_ct_timer); }
1237 /* one audio channel goes down. check if we need to restore high
1238 * priority */
1239 chk_restore = true;
1240 }
1241 }
1242
1243 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1244 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1245 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1246 __func__, i, bta_av_cb.rcb[i].handle,
1247 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1248 bta_av_cb.rcb[i].lidx);
1249 if (bta_av_cb.rcb[i].shdl == index + 1) {
1250 bta_av_del_rc(&bta_av_cb.rcb[i]);
1251 /* since the connection is already down and info was removed, clean
1252 * reference */
1253 bta_av_cb.rcb[i].shdl = 0;
1254 break;
1255 }
1256 }
1257
1258 if (p_cb->conn_audio == 0) {
1259 /* if both channels are not connected,
1260 * close all RC channels */
1261 bta_av_close_all_rc(p_cb);
1262 }
1263
1264 /* if the AVRCP is no longer listening, create the listening channel */
1265 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1266 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1267 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1268 }
1269
1270 APPL_TRACE_DEBUG(
1271 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1272 "audio_open_cnt:%d",
1273 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1274 p_cb->audio_open_cnt);
1275
1276 if (chk_restore) {
1277 if (p_cb->audio_open_cnt == 1) {
1278 /* one audio channel goes down and there's one audio channel remains open.
1279 * restore the switch role in default link policy */
1280 BTM_default_unblock_role_switch();
1281 bta_av_restore_switch();
1282 }
1283 if (p_cb->audio_open_cnt) {
1284 /* adjust flush timeout settings to longer period */
1285 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1286 p_scbi = bta_av_cb.p_scb[i];
1287 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1288 /* may need to update the flush timeout of this already started stream
1289 */
1290 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1291 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1292 }
1293 }
1294 }
1295 }
1296 }
1297 }
1298
1299 /*******************************************************************************
1300 *
1301 * Function bta_av_disable
1302 *
1303 * Description disable AV.
1304 *
1305 * Returns void
1306 *
1307 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1308 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1309 BT_HDR_RIGID hdr;
1310 bool disabling_in_progress = false;
1311 uint16_t xx;
1312
1313 p_cb->disabling = true;
1314
1315 bta_av_close_all_rc(p_cb);
1316
1317 osi_free_and_reset((void**)&p_cb->p_disc_db);
1318
1319 /* disable audio/video - de-register all channels,
1320 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1321 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1322 if (p_cb->p_scb[xx] != NULL) {
1323 // Free signalling timers
1324 alarm_free(p_cb->p_scb[xx]->link_signalling_timer);
1325 p_cb->p_scb[xx]->link_signalling_timer = NULL;
1326 alarm_free(p_cb->p_scb[xx]->accept_signalling_timer);
1327 p_cb->p_scb[xx]->accept_signalling_timer = NULL;
1328
1329 hdr.layer_specific = xx + 1;
1330 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1331 disabling_in_progress = true;
1332 }
1333 }
1334 // Since All channels are deregistering by API_DEREGISTER, the DEREG_COMP_EVT
1335 // would come first before API_DISABLE if there is no connections, and it is
1336 // no needed to setup this disabling flag.
1337 p_cb->disabling = disabling_in_progress;
1338
1339 }
1340
1341 /*******************************************************************************
1342 *
1343 * Function bta_av_api_disconnect
1344 *
1345 * Description .
1346 *
1347 * Returns void
1348 *
1349 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1350 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1351 tBTA_AV_SCB* p_scb =
1352 bta_av_hndl_to_scb(p_data->api_discnt.hdr.layer_specific);
1353 AVDT_DisconnectReq(p_scb->PeerAddress(), bta_av_conn_cback);
1354 alarm_cancel(p_scb->link_signalling_timer);
1355 }
1356
1357 /*******************************************************************************
1358 *
1359 * Function bta_av_set_use_latency_mode
1360 *
1361 * Description Sets stream use latency mode.
1362 *
1363 * Returns void
1364 *
1365 ******************************************************************************/
bta_av_set_use_latency_mode(tBTA_AV_SCB * p_scb,bool use_latency_mode)1366 void bta_av_set_use_latency_mode(tBTA_AV_SCB* p_scb, bool use_latency_mode) {
1367 L2CA_UseLatencyMode(p_scb->PeerAddress(), use_latency_mode);
1368 }
1369
1370 /*******************************************************************************
1371 *
1372 * Function bta_av_api_set_latency
1373 *
1374 * Description set stream latency.
1375 *
1376 * Returns void
1377 *
1378 ******************************************************************************/
bta_av_api_set_latency(tBTA_AV_DATA * p_data)1379 void bta_av_api_set_latency(tBTA_AV_DATA* p_data) {
1380 tBTA_AV_SCB* p_scb =
1381 bta_av_hndl_to_scb(p_data->api_set_latency.hdr.layer_specific);
1382
1383 tL2CAP_LATENCY latency = p_data->api_set_latency.is_low_latency
1384 ? L2CAP_LATENCY_LOW
1385 : L2CAP_LATENCY_NORMAL;
1386 L2CA_SetAclLatency(p_scb->PeerAddress(), latency);
1387 }
1388
1389 /**
1390 * Find the index for the free LCB entry to use.
1391 *
1392 * The selection order is:
1393 * (1) Find the index if there is already SCB entry for the peer address
1394 * (2) If there is no SCB entry for the peer address, find the first
1395 * SCB entry that is not assigned.
1396 *
1397 * @param peer_address the peer address to use
1398 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1399 * if no entry is found
1400 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1401 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1402 const RawAddress& peer_address) {
1403 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1404 ADDRESS_TO_LOGGABLE_CSTR(peer_address), bta_av_cb.conn_lcb);
1405
1406 // Find the index if there is already SCB entry for the peer address
1407 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1408 uint8_t mask = 1 << index;
1409 if (mask & bta_av_cb.conn_lcb) {
1410 continue;
1411 }
1412 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1413 if (p_scb == nullptr) {
1414 continue;
1415 }
1416 if (p_scb->PeerAddress() == peer_address) {
1417 return index;
1418 }
1419 }
1420
1421 // Find the first SCB entry that is not assigned.
1422 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1423 uint8_t mask = 1 << index;
1424 if (mask & bta_av_cb.conn_lcb) {
1425 continue;
1426 }
1427 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1428 if (p_scb == nullptr) {
1429 continue;
1430 }
1431 if (!p_scb->IsAssigned()) {
1432 return index;
1433 }
1434 }
1435
1436 return BTA_AV_NUM_LINKS;
1437 }
1438
1439 /*******************************************************************************
1440 *
1441 * Function bta_av_sig_chg
1442 *
1443 * Description process AVDT signal channel up/down.
1444 *
1445 * Returns void
1446 *
1447 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1448 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1449 uint16_t event = p_data->str_msg.hdr.layer_specific;
1450 tBTA_AV_CB* p_cb = &bta_av_cb;
1451 uint32_t xx;
1452 uint8_t mask;
1453 tBTA_AV_LCB* p_lcb = NULL;
1454
1455 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1456 if (event == AVDT_CONNECT_IND_EVT) {
1457 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1458 ADDRESS_TO_LOGGABLE_CSTR(p_data->str_msg.bd_addr));
1459
1460 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1461 if (!p_lcb) {
1462 /* if the address does not have an LCB yet, alloc one */
1463 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1464
1465 /* check if we found something */
1466 if (xx >= BTA_AV_NUM_LINKS) {
1467 /* We do not have scb for this avdt connection. */
1468 /* Silently close the connection. */
1469 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1470 __func__,
1471 ADDRESS_TO_LOGGABLE_CSTR(p_data->str_msg.bd_addr));
1472 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1473 return;
1474 }
1475 LOG_INFO("%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1476 __func__, ADDRESS_TO_LOGGABLE_CSTR(p_data->str_msg.bd_addr), xx);
1477
1478 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1479 mask = 1 << xx;
1480 p_lcb = &p_cb->lcb[xx];
1481 p_lcb->lidx = xx + 1;
1482 p_lcb->addr = p_data->str_msg.bd_addr;
1483 p_lcb->conn_msk = 0; /* clear the connect mask */
1484 /* start listening when the signal channel is open */
1485 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1486 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1487 }
1488 /* this entry is not used yet. */
1489 p_cb->conn_lcb |= mask; /* mark it as used */
1490 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1491 if (p_data->hdr.offset == AVDT_ACP) {
1492 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1493 __func__);
1494 p_scb->OnConnected(p_data->str_msg.bd_addr);
1495 p_scb->use_rc = true; /* allowing RC for incoming connection */
1496 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1497
1498 /* The Pending Event should be sent as soon as the L2CAP signalling
1499 * channel
1500 * is set up, which is NOW. Earlier this was done only after
1501 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1502 * The following function shall send the event and start the
1503 * recurring timer
1504 */
1505 if (!p_scb->link_signalling_timer) {
1506 p_scb->link_signalling_timer = alarm_new("link_signalling_timer");
1507 }
1508 BT_HDR hdr;
1509 hdr.layer_specific = p_scb->hndl;
1510 bta_av_signalling_timer((tBTA_AV_DATA*)&hdr);
1511
1512 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1513 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1514 /* Possible collision : need to avoid outgoing processing while the
1515 * timer is running */
1516 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1517 if (!p_scb->accept_signalling_timer) {
1518 p_scb->accept_signalling_timer = alarm_new("accept_signalling_timer");
1519 }
1520 alarm_set_on_mloop(
1521 p_scb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1522 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1523 }
1524 }
1525 }
1526 else if (event == BTA_AR_AVDT_CONN_EVT) {
1527 uint8_t scb_index = p_data->str_msg.scb_index;
1528 alarm_cancel(p_cb->p_scb[scb_index]->link_signalling_timer);
1529 }
1530 else {
1531 /* disconnected. */
1532 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x", __func__,
1533 bta_av_cb.conn_lcb);
1534
1535 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1536 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1537 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1538 /* clean up ssm */
1539 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1540 if (p_cb->p_scb[xx] &&
1541 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1542 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1543 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1544 p_cb->p_scb[xx]->PeerAddress());
1545 }
1546 mask = 1 << (xx + 1);
1547 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1548 p_cb->p_scb[xx] &&
1549 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1550 APPL_TRACE_WARNING(
1551 "%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s", __func__,
1552 ADDRESS_TO_LOGGABLE_CSTR(p_cb->p_scb[xx]->PeerAddress()));
1553 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1554 }
1555 }
1556 }
1557 }
1558 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x after sig_chg", __func__,
1559 p_cb->conn_lcb);
1560 }
1561
1562 /*******************************************************************************
1563 *
1564 * Function bta_av_signalling_timer
1565 *
1566 * Description process the signal channel timer. This timer is started
1567 * when the AVDTP signal channel is connected. If no profile
1568 * is connected, the timer goes off every
1569 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1570 *
1571 * Returns void
1572 *
1573 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1574 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1575 tBTA_AV_HNDL hndl = p_data->hdr.layer_specific;
1576 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(hndl);
1577
1578 tBTA_AV_CB* p_cb = &bta_av_cb;
1579 int xx;
1580 uint8_t mask;
1581 tBTA_AV_LCB* p_lcb = NULL;
1582
1583 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1584 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1585 p_lcb = &p_cb->lcb[xx];
1586 mask = 1 << xx;
1587 APPL_TRACE_DEBUG(
1588 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1589 xx, p_cb->conn_lcb, ADDRESS_TO_LOGGABLE_CSTR(p_lcb->addr),
1590 p_lcb->conn_msk, p_lcb->lidx);
1591 if (mask & p_cb->conn_lcb) {
1592 /* this entry is used. check if it is connected */
1593 if (!p_lcb->conn_msk) {
1594 APPL_TRACE_DEBUG("%s hndl 0x%x", __func__, p_scb->hndl);
1595 bta_sys_start_timer(p_scb->link_signalling_timer,
1596 BTA_AV_SIGNALLING_TIMEOUT_MS,
1597 BTA_AV_SIGNALLING_TIMER_EVT, hndl);
1598 tBTA_AV_PEND pend;
1599 pend.bd_addr = p_lcb->addr;
1600 tBTA_AV bta_av_data;
1601 bta_av_data.pend = pend;
1602 APPL_TRACE_DEBUG(
1603 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1604 __func__, ADDRESS_TO_LOGGABLE_CSTR(pend.bd_addr), xx,
1605 p_lcb->conn_msk, p_lcb->lidx);
1606 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1607 }
1608 }
1609 }
1610 }
1611
1612 /*******************************************************************************
1613 *
1614 * Function bta_av_accept_signalling_timer_cback
1615 *
1616 * Description Process the timeout when SRC is accepting connection
1617 * and SNK did not start signalling.
1618 *
1619 * Returns void
1620 *
1621 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1622 static void bta_av_accept_signalling_timer_cback(void* data) {
1623 uint32_t inx = PTR_TO_UINT(data);
1624 tBTA_AV_CB* p_cb = &bta_av_cb;
1625 tBTA_AV_SCB* p_scb = NULL;
1626 if (inx < BTA_AV_NUM_STRS) {
1627 p_scb = p_cb->p_scb[inx];
1628 }
1629 if (p_scb) {
1630 APPL_TRACE_DEBUG("%s: coll_mask=0x%02x", __func__, p_scb->coll_mask);
1631
1632 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1633 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1634
1635 if (bta_av_is_scb_opening(p_scb)) {
1636 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1637 p_scb->sdp_discovery_started);
1638 if (p_scb->sdp_discovery_started) {
1639 /* We are still doing SDP. Run the timer again. */
1640 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1641
1642 alarm_set_on_mloop(p_scb->accept_signalling_timer,
1643 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1644 bta_av_accept_signalling_timer_cback,
1645 UINT_TO_PTR(inx));
1646 } else {
1647 /* SNK did not start signalling, resume signalling process. */
1648 bta_av_discover_req(p_scb, NULL);
1649 }
1650 } else if (bta_av_is_scb_incoming(p_scb)) {
1651 /* Stay in incoming state if SNK does not start signalling */
1652
1653 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1654 /* API open was called right after SNK opened L2C connection. */
1655 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1656 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1657
1658 /* BTA_AV_API_OPEN_EVT */
1659 tBTA_AV_API_OPEN* p_buf =
1660 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1661 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1662 bta_sys_sendmsg(p_buf);
1663 }
1664 }
1665 }
1666 }
1667 }
1668
bta_av_store_peer_rc_version()1669 static void bta_av_store_peer_rc_version() {
1670 tBTA_AV_CB* p_cb = &bta_av_cb;
1671 tSDP_DISC_REC* p_rec = NULL;
1672 uint16_t peer_rc_version = 0; /*Assuming Default peer version as 1.3*/
1673
1674 if ((p_rec = SDP_FindServiceInDb(
1675 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) != NULL) {
1676 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1677 /* get profile version (if failure, version parameter is not updated) */
1678 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1679 &peer_rc_version);
1680 }
1681 if (peer_rc_version != 0)
1682 DEVICE_IOT_CONFIG_ADDR_SET_HEX_IF_GREATER(
1683 p_rec->remote_bd_addr, IOT_CONF_KEY_AVRCP_CTRL_VERSION,
1684 peer_rc_version, IOT_CONF_BYTE_NUM_2);
1685 }
1686
1687 peer_rc_version = 0;
1688 if ((p_rec = SDP_FindServiceInDb(
1689 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) != NULL) {
1690 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1691 /* get profile version (if failure, version parameter is not updated) */
1692 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1693 &peer_rc_version);
1694 }
1695 if (peer_rc_version != 0)
1696 DEVICE_IOT_CONFIG_ADDR_SET_HEX_IF_GREATER(
1697 p_rec->remote_bd_addr, IOT_CONF_KEY_AVRCP_TG_VERSION, peer_rc_version,
1698 IOT_CONF_BYTE_NUM_2);
1699 }
1700 }
1701
1702 /*******************************************************************************
1703 *
1704 * Function bta_av_check_peer_features
1705 *
1706 * Description check supported features on the peer device from the SDP
1707 * record and return the feature mask
1708 *
1709 * Returns tBTA_AV_FEAT peer device feature mask
1710 *
1711 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1712 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1713 tBTA_AV_FEAT peer_features = 0;
1714 tBTA_AV_CB* p_cb = &bta_av_cb;
1715 tSDP_DISC_REC* p_rec = NULL;
1716 tSDP_DISC_ATTR* p_attr;
1717 uint16_t peer_rc_version = 0;
1718 uint16_t categories = 0;
1719
1720 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1721 /* loop through all records we found */
1722 while (true) {
1723 /* get next record; if none found, we're done */
1724 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1725 if (p_rec == NULL) {
1726 break;
1727 }
1728
1729 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1730 NULL) {
1731 /* find peer features */
1732 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1733 NULL)) {
1734 peer_features |= BTA_AV_FEAT_RCCT;
1735 }
1736 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1737 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1738 peer_features |= BTA_AV_FEAT_RCTG;
1739 }
1740 }
1741
1742 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1743 /* get profile version (if failure, version parameter is not updated) */
1744 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1745 &peer_rc_version);
1746 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1747
1748 if (peer_rc_version >= AVRC_REV_1_3)
1749 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1750
1751 if (peer_rc_version >= AVRC_REV_1_4) {
1752 /* get supported categories */
1753 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1754 if (p_attr != NULL &&
1755 SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&
1756 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {
1757 categories = p_attr->attr_value.v.u16;
1758 if (categories & AVRC_SUPF_CT_CAT2)
1759 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1760 if (categories & AVRC_SUPF_CT_BROWSE)
1761 peer_features |= (BTA_AV_FEAT_BROWSE);
1762 }
1763 }
1764 }
1765 }
1766 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1767 return peer_features;
1768 }
1769
1770 /*******************************************************************************
1771 *
1772 * Function bta_avk_check_peer_features
1773 *
1774 * Description check supported features on the peer device from the SDP
1775 * record and return the feature mask
1776 *
1777 * Returns tBTA_AV_FEAT peer device feature mask
1778 *
1779 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1780 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1781 tBTA_AV_FEAT peer_features = 0;
1782 tBTA_AV_CB* p_cb = &bta_av_cb;
1783
1784 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1785
1786 /* loop through all records we found */
1787 tSDP_DISC_REC* p_rec =
1788 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1789 while (p_rec) {
1790 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1791 service_uuid);
1792
1793 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1794 NULL) {
1795 /* find peer features */
1796 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1797 NULL)) {
1798 peer_features |= BTA_AV_FEAT_RCCT;
1799 }
1800 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1801 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1802 peer_features |= BTA_AV_FEAT_RCTG;
1803 }
1804 }
1805
1806 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1807 /* get profile version (if failure, version parameter is not updated) */
1808 uint16_t peer_rc_version = 0;
1809 bool val = SDP_FindProfileVersionInRec(
1810 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1811 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1812 __func__, peer_rc_version, val);
1813
1814 if (peer_rc_version >= AVRC_REV_1_3)
1815 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1816
1817 /* Get supported features */
1818 tSDP_DISC_ATTR* p_attr =
1819 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1820 if (p_attr != NULL &&
1821 SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&
1822 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {
1823 uint16_t categories = p_attr->attr_value.v.u16;
1824 /*
1825 * Though Absolute Volume came after in 1.4 and above, but there are
1826 * few devices in market which supports absolute Volume and they are
1827 * still 1.3. To avoid IOP issuses with those devices, we check for
1828 * 1.3 as minimum version
1829 */
1830 if (peer_rc_version >= AVRC_REV_1_3) {
1831 if (categories & AVRC_SUPF_TG_CAT2)
1832 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1833 if (categories & AVRC_SUPF_TG_APP_SETTINGS)
1834 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1835 if (categories & AVRC_SUPF_TG_BROWSE)
1836 peer_features |= (BTA_AV_FEAT_BROWSE);
1837 }
1838
1839 /* AVRCP Cover Artwork over BIP */
1840 if (peer_rc_version >= AVRC_REV_1_6) {
1841 if (service_uuid == UUID_SERVCLASS_AV_REM_CTRL_TARGET &&
1842 categories & AVRC_SUPF_TG_PLAYER_COVER_ART)
1843 peer_features |= (BTA_AV_FEAT_COVER_ARTWORK);
1844 }
1845 }
1846 }
1847 /* get next record; if none found, we're done */
1848 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1849 }
1850 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1851 return peer_features;
1852 }
1853
1854 /******************************************************************************
1855 *
1856 * Function bta_avk_get_cover_art_psm
1857 *
1858 * Description Get the PSM associated with the AVRCP Target cover art
1859 * feature
1860 *
1861 * Returns uint16_t PSM value used to get cover artwork, or 0x0000 if
1862 * one does not exist.
1863 *
1864 *****************************************************************************/
bta_avk_get_cover_art_psm()1865 uint16_t bta_avk_get_cover_art_psm() {
1866 APPL_TRACE_DEBUG("%s: searching for cover art psm", __func__);
1867 /* Cover Art L2CAP PSM is only available on a target device */
1868 tBTA_AV_CB* p_cb = &bta_av_cb;
1869 tSDP_DISC_REC* p_rec =
1870 SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET,
1871 NULL);
1872 while (p_rec) {
1873 tSDP_DISC_ATTR* p_attr =
1874 (SDP_FindAttributeInRec(p_rec, ATTR_ID_ADDITION_PROTO_DESC_LISTS));
1875 /*
1876 * If we have the Additional Protocol Description Lists attribute then we
1877 * specifically want the list that is an L2CAP protocol leading to OBEX.
1878 * Because the is a case where cover art is supported and browsing isn't
1879 * we need to check each list for the one we want.
1880 *
1881 * This means we need to do drop down into the protocol list and do a
1882 * "for each protocol, for each protocol element, for each protocol element
1883 * list parameter, if the parameter is L2CAP then find the PSM associated
1884 * with it, then make sure we see OBEX in that same protocol"
1885 */
1886 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type)
1887 == DATA_ELE_SEQ_DESC_TYPE) {
1888 // Point to first in List of protocols (i.e [(L2CAP -> AVCTP),
1889 // (L2CAP -> OBEX)])
1890 tSDP_DISC_ATTR* p_protocol_list = p_attr->attr_value.v.p_sub_attr;
1891 while (p_protocol_list != NULL) {
1892 if (SDP_DISC_ATTR_TYPE(p_protocol_list->attr_len_type)
1893 == DATA_ELE_SEQ_DESC_TYPE) {
1894 // Point to fist in list of protocol elements (i.e. [L2CAP, AVCTP])
1895 tSDP_DISC_ATTR* p_protocol =
1896 p_protocol_list->attr_value.v.p_sub_attr;
1897 bool protocol_has_obex = false;
1898 bool protocol_has_l2cap = false;
1899 uint16_t psm = 0x0000;
1900 while (p_protocol) {
1901 if (SDP_DISC_ATTR_TYPE(p_protocol->attr_len_type)
1902 == DATA_ELE_SEQ_DESC_TYPE) {
1903 // Point to first item protocol parameters list (i.e [UUID=L2CAP,
1904 // PSM=0x1234])
1905 tSDP_DISC_ATTR* p_protocol_param =
1906 p_protocol->attr_value.v.p_sub_attr;
1907 /*
1908 * Currently there's only ever one UUID and one parameter. L2cap
1909 * has a single PSM, AVCTP has a version and OBEX has nothing.
1910 * Change this if that ever changes.
1911 */
1912 uint16_t protocol_uuid = 0;
1913 uint16_t protocol_param = 0;
1914 while (p_protocol_param) {
1915 uint16_t param_type =
1916 SDP_DISC_ATTR_TYPE(p_protocol_param->attr_len_type);
1917 uint16_t param_len =
1918 SDP_DISC_ATTR_LEN(p_protocol_param->attr_len_type);
1919 if (param_type == UUID_DESC_TYPE) {
1920 protocol_uuid = p_protocol_param->attr_value.v.u16;
1921 } else if (param_type == UINT_DESC_TYPE) {
1922 protocol_param = (param_len == 2)
1923 ? p_protocol_param->attr_value.v.u16
1924 : p_protocol_param->attr_value.v.u8;
1925 } /* else dont care */
1926 p_protocol_param = p_protocol_param->p_next_attr; // next
1927 }
1928 // If we've found L2CAP then the parameter is a PSM
1929 if (protocol_uuid == UUID_PROTOCOL_L2CAP) {
1930 protocol_has_l2cap = true;
1931 psm = protocol_param;
1932 } else if (protocol_uuid == UUID_PROTOCOL_OBEX) {
1933 protocol_has_obex = true;
1934 }
1935 }
1936 // If this protocol has l2cap and obex then we're found the BIP PSM
1937 if (protocol_has_l2cap && protocol_has_obex) {
1938 APPL_TRACE_DEBUG("%s: found psm 0x%x", __func__, psm);
1939 return psm;
1940 }
1941 p_protocol = p_protocol->p_next_attr; // next protocol element
1942 }
1943 }
1944 p_protocol_list = p_protocol_list->p_next_attr; // next protocol
1945 }
1946 }
1947 /* get next record; if none found, we're done */
1948 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1949 UUID_SERVCLASS_AV_REM_CTRL_TARGET, p_rec);
1950 }
1951 /* L2CAP PSM range is 0x1000-0xFFFF so 0x0000 is safe default invalid */
1952 APPL_TRACE_DEBUG("%s: could not find a BIP psm", __func__);
1953 return 0x0000;
1954 }
1955
1956 /*******************************************************************************
1957 *
1958 * Function bta_av_rc_disc_done
1959 *
1960 * Description Handle AVRCP service discovery results. If matching
1961 * service found, open AVRCP connection.
1962 *
1963 * Returns void
1964 *
1965 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1966 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1967 tBTA_AV_CB* p_cb = &bta_av_cb;
1968 tBTA_AV_SCB* p_scb = NULL;
1969 tBTA_AV_LCB* p_lcb;
1970 uint8_t rc_handle;
1971 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1972 uint16_t cover_art_psm = 0x0000;
1973
1974 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1975 if (!p_cb->disc) {
1976 return;
1977 }
1978
1979 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1980 /* this is the rc handle/index to tBTA_AV_RCB */
1981 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1982 } else {
1983 /* Validate array index*/
1984 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1985 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1986 }
1987 if (p_scb) {
1988 rc_handle = p_scb->rc_handle;
1989 } else {
1990 p_cb->disc = 0;
1991 return;
1992 }
1993 }
1994
1995 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1996 if (p_cb->sdp_a2dp_snk_handle) {
1997 /* This is Sink + CT + TG(Abs Vol) */
1998 peer_features =
1999 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2000 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
2001 peer_features);
2002 if (BTA_AV_FEAT_ADV_CTRL &
2003 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
2004 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
2005
2006 if (peer_features & BTA_AV_FEAT_COVER_ARTWORK)
2007 cover_art_psm = bta_avk_get_cover_art_psm();
2008
2009 APPL_TRACE_DEBUG("%s: populating rem ctrl target bip psm 0x%x", __func__,
2010 cover_art_psm);
2011 } else if (p_cb->sdp_a2dp_handle) {
2012 /* check peer version and whether support CT and TG role */
2013 peer_features =
2014 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2015 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
2016 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
2017 /* if we support advance control and peer does not, check their support on
2018 * TG role
2019 * some implementation uses 1.3 on CT ans 1.4 on TG */
2020 peer_features |=
2021 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2022 }
2023
2024 /* Change our features if the remote AVRCP version is 1.3 or less */
2025 tSDP_DISC_REC* p_rec = nullptr;
2026 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
2027 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
2028 if (p_rec != NULL &&
2029 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
2030 /* get profile version (if failure, version parameter is not updated) */
2031 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
2032 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
2033 &peer_rc_version);
2034 if (peer_rc_version <= AVRC_REV_1_3) {
2035 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
2036 __func__);
2037 p_bta_av_cfg = &bta_av_cfg_compatibility;
2038 }
2039 }
2040 }
2041
2042 bta_av_store_peer_rc_version();
2043
2044 p_cb->disc = 0;
2045 osi_free_and_reset((void**)&p_cb->p_disc_db);
2046
2047 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
2048 peer_features, p_cb->features);
2049
2050 /* if we have no rc connection */
2051 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
2052 if (p_scb) {
2053 /* if peer remote control service matches ours and USE_RC is true */
2054 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
2055 (peer_features & BTA_AV_FEAT_RCTG)) ||
2056 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
2057 (peer_features & BTA_AV_FEAT_RCCT)))) {
2058 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
2059 if (p_lcb) {
2060 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
2061 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
2062 if (rc_handle < BTA_AV_NUM_RCB) {
2063 p_cb->rcb[rc_handle].peer_features = peer_features;
2064 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2065 } else {
2066 /* cannot create valid rc_handle for current device. report failure
2067 */
2068 APPL_TRACE_ERROR("%s: no link resources available", __func__);
2069 p_scb->use_rc = false;
2070 tBTA_AV_RC_OPEN rc_open;
2071 rc_open.peer_addr = p_scb->PeerAddress();
2072 rc_open.peer_features = 0;
2073 rc_open.cover_art_psm = 0;
2074 rc_open.status = BTA_AV_FAIL_RESOURCES;
2075 tBTA_AV bta_av_data;
2076 bta_av_data.rc_open = rc_open;
2077 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2078 }
2079 } else {
2080 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
2081 }
2082 } else if (p_scb->use_rc) {
2083 /* can not find AVRC on peer device. report failure */
2084 p_scb->use_rc = false;
2085 tBTA_AV bta_av_data = {
2086 .rc_open = {
2087 .rc_handle = BTA_AV_RC_HANDLE_NONE,
2088 .cover_art_psm = 0,
2089 .peer_features = 0,
2090 .peer_addr = p_scb->PeerAddress(),
2091 .status = BTA_AV_FAIL_SDP,
2092 },
2093 };
2094 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2095 }
2096 if (peer_features != 0)
2097 DEVICE_IOT_CONFIG_ADDR_SET_HEX(p_scb->PeerAddress(),
2098 IOT_CONF_KEY_AVRCP_FEATURES,
2099 peer_features, IOT_CONF_BYTE_NUM_2);
2100 }
2101 } else {
2102 tBTA_AV_RC_FEAT rc_feat;
2103 p_cb->rcb[rc_handle].peer_features = peer_features;
2104 rc_feat.rc_handle = rc_handle;
2105 rc_feat.peer_features = peer_features;
2106 if (p_scb == NULL) {
2107 /*
2108 * In case scb is not created by the time we are done with SDP
2109 * we still need to send RC feature event. So we need to get BD
2110 * from Message. Note that lidx is 1 based not 0 based
2111 */
2112 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2113 } else {
2114 rc_feat.peer_addr = p_scb->PeerAddress();
2115 }
2116
2117 tBTA_AV bta_av_feat;
2118 bta_av_feat.rc_feat = rc_feat;
2119 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2120
2121 if (peer_features != 0)
2122 DEVICE_IOT_CONFIG_ADDR_SET_HEX(rc_feat.peer_addr,
2123 IOT_CONF_KEY_AVRCP_FEATURES, peer_features,
2124 IOT_CONF_BYTE_NUM_2);
2125
2126 // Send PSM data
2127 APPL_TRACE_DEBUG("%s: Send PSM data", __func__);
2128 tBTA_AV_RC_PSM rc_psm;
2129 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2130 rc_psm.rc_handle = rc_handle;
2131 rc_psm.cover_art_psm = cover_art_psm;
2132 if (p_scb == NULL) {
2133 rc_psm.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2134 } else {
2135 rc_psm.peer_addr = p_scb->PeerAddress();
2136 }
2137
2138 APPL_TRACE_DEBUG("%s: rc_psm = 0x%x", __func__, rc_psm.cover_art_psm);
2139
2140 tBTA_AV bta_av_psm;
2141 bta_av_psm.rc_cover_art_psm = rc_psm;
2142 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2143 }
2144 }
2145
2146 /*******************************************************************************
2147 *
2148 * Function bta_av_rc_closed
2149 *
2150 * Description Set AVRCP state to closed.
2151 *
2152 * Returns void
2153 *
2154 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)2155 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
2156 tBTA_AV_CB* p_cb = &bta_av_cb;
2157 tBTA_AV_RC_CLOSE rc_close;
2158 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2159 tBTA_AV_RCB* p_rcb;
2160 tBTA_AV_SCB* p_scb;
2161 int i;
2162 bool conn = false;
2163 tBTA_AV_LCB* p_lcb;
2164
2165 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
2166 p_scb = NULL;
2167 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
2168 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
2169 p_rcb = &p_cb->rcb[i];
2170 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
2171 p_rcb->handle, p_rcb->status);
2172 if (p_rcb->handle == p_msg->handle) {
2173 rc_close.rc_handle = i;
2174 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
2175 p_rcb->peer_features = 0;
2176 p_rcb->cover_art_psm = 0;
2177 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
2178 p_rcb->lidx);
2179 if (p_rcb->shdl) {
2180 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2181 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2182 }
2183 if (p_scb) {
2184 rc_close.peer_addr = p_scb->PeerAddress();
2185 if (p_scb->rc_handle == p_rcb->handle)
2186 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
2187 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
2188 p_scb->rc_handle);
2189 }
2190 p_rcb->shdl = 0;
2191 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
2192 /* if the RCB uses the extra LCB, use the addr for event and clean it */
2193 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
2194 rc_close.peer_addr = p_msg->peer_addr;
2195 LOG_INFO("%s: rc_only closed bd_addr: %s", __func__,
2196 ADDRESS_TO_LOGGABLE_CSTR(p_msg->peer_addr));
2197 p_lcb->conn_msk = 0;
2198 p_lcb->lidx = 0;
2199 }
2200 p_rcb->lidx = 0;
2201
2202 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
2203 /* AVCT CCB is deallocated */
2204 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
2205 p_rcb->status = 0;
2206 } else {
2207 /* AVCT CCB is still there. dealloc */
2208 bta_av_del_rc(p_rcb);
2209 }
2210 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
2211 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
2212 /* at least one channel is still connected */
2213 conn = true;
2214 }
2215 }
2216
2217 if (!conn) {
2218 /* no AVRC channels are connected, go back to INIT state */
2219 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
2220 }
2221
2222 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
2223 rc_close.rc_handle = p_msg->handle;
2224 rc_close.peer_addr = p_msg->peer_addr;
2225 }
2226 tBTA_AV bta_av_data;
2227 bta_av_data.rc_close = rc_close;
2228 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
2229 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE
2230 && bta_av_cb.features & BTA_AV_FEAT_RCTG)
2231 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
2232 }
2233
2234 /*******************************************************************************
2235 *
2236 * Function bta_av_rc_browse_opened
2237 *
2238 * Description AVRC browsing channel is opened
2239 *
2240 * Returns void
2241 *
2242 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)2243 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
2244 tBTA_AV_CB* p_cb = &bta_av_cb;
2245 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2246 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
2247
2248 LOG_INFO("%s: peer_addr: %s rc_handle:%d", __func__,
2249 ADDRESS_TO_LOGGABLE_CSTR(p_msg->peer_addr), p_msg->handle);
2250
2251 rc_browse_open.status = BTA_AV_SUCCESS;
2252 rc_browse_open.rc_handle = p_msg->handle;
2253 rc_browse_open.peer_addr = p_msg->peer_addr;
2254
2255 tBTA_AV bta_av_data;
2256 bta_av_data.rc_browse_open = rc_browse_open;
2257 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
2258 }
2259
2260 /*******************************************************************************
2261 *
2262 * Function bta_av_rc_browse_closed
2263 *
2264 * Description AVRC browsing channel is closed
2265 *
2266 * Returns void
2267 *
2268 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2269 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2270 tBTA_AV_CB* p_cb = &bta_av_cb;
2271 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2272 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2273
2274 LOG_INFO("%s: peer_addr: %s rc_handle:%d", __func__,
2275 ADDRESS_TO_LOGGABLE_CSTR(p_msg->peer_addr), p_msg->handle);
2276
2277 rc_browse_close.rc_handle = p_msg->handle;
2278 rc_browse_close.peer_addr = p_msg->peer_addr;
2279
2280 tBTA_AV bta_av_data;
2281 bta_av_data.rc_browse_close = rc_browse_close;
2282 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2283 }
2284
2285 /*******************************************************************************
2286 *
2287 * Function bta_av_rc_disc
2288 *
2289 * Description start AVRC SDP discovery.
2290 *
2291 * Returns void
2292 *
2293 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2294 void bta_av_rc_disc(uint8_t disc) {
2295 tBTA_AV_CB* p_cb = &bta_av_cb;
2296 tAVRC_SDP_DB_PARAMS db_params;
2297 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2298 ATTR_ID_BT_PROFILE_DESC_LIST,
2299 ATTR_ID_SUPPORTED_FEATURES,
2300 ATTR_ID_ADDITION_PROTO_DESC_LISTS};
2301 uint8_t hdi;
2302 tBTA_AV_SCB* p_scb;
2303 RawAddress peer_addr = RawAddress::kEmpty;
2304 uint8_t rc_handle;
2305
2306 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2307 bta_av_cb.disc);
2308 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2309
2310 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2311 /* this is the rc handle/index to tBTA_AV_RCB */
2312 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2313 if (p_cb->rcb[rc_handle].lidx) {
2314 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2315 }
2316 } else {
2317 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2318 p_scb = p_cb->p_scb[hdi];
2319
2320 if (p_scb) {
2321 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2322 peer_addr = p_scb->PeerAddress();
2323 }
2324 }
2325
2326 if (!peer_addr.IsEmpty()) {
2327 /* allocate discovery database */
2328 if (p_cb->p_disc_db == NULL)
2329 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2330
2331 /* set up parameters */
2332 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2333 db_params.num_attr = sizeof(attr_list) / sizeof(uint16_t);
2334 db_params.p_db = p_cb->p_disc_db;
2335 db_params.p_attrs = attr_list;
2336
2337 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2338 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2339 &db_params,
2340 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2341 p_cb->disc = disc;
2342 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2343 }
2344 }
2345 }
2346
2347 /*******************************************************************************
2348 *
2349 * Function bta_av_dereg_comp
2350 *
2351 * Description deregister complete. free the stream control block.
2352 *
2353 * Returns void
2354 *
2355 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2356 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2357 tBTA_AV_CB* p_cb = &bta_av_cb;
2358 tBTA_AV_SCB* p_scb;
2359 tBTA_UTL_COD cod = {
2360 .minor = BTM_COD_MINOR_UNCLASSIFIED,
2361 .major = BTM_COD_MAJOR_UNCLASSIFIED,
2362 .service = 0,
2363 };
2364
2365 uint8_t mask;
2366 BT_HDR* p_buf;
2367
2368 /* find the stream control block */
2369 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2370
2371 if (p_scb) {
2372 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2373 p_scb->hndl);
2374 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2375 p_cb->reg_audio &= ~mask;
2376 if ((p_cb->conn_audio & mask) && p_cb->audio_open_cnt) {
2377 /* this channel is still marked as open. decrease the count */
2378 p_cb->audio_open_cnt--;
2379 }
2380 p_cb->conn_audio &= ~mask;
2381
2382 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2383 /* make sure no buffers are in a2dp_list */
2384 while (!list_is_empty(p_scb->a2dp_list)) {
2385 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2386 list_remove(p_scb->a2dp_list, p_buf);
2387 osi_free(p_buf);
2388 }
2389 }
2390
2391 /* remove the A2DP SDP record, if no more audio stream is left */
2392 if (!p_cb->reg_audio) {
2393
2394 /* Only remove the SDP record if we're the ones that created it */
2395 if (is_new_avrcp_enabled()) {
2396 APPL_TRACE_DEBUG("%s: newavrcp is the owner of the AVRCP Target SDP "
2397 "record. Don't dereg the SDP record", __func__);
2398 } else {
2399 APPL_TRACE_DEBUG("%s: newavrcp is not enabled. Remove SDP record",
2400 __func__);
2401 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2402 }
2403
2404 if (p_cb->sdp_a2dp_handle) {
2405 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2406 p_cb->sdp_a2dp_handle = 0;
2407 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2408 }
2409
2410 if (p_cb->sdp_a2dp_snk_handle) {
2411 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2412 p_cb->sdp_a2dp_snk_handle = 0;
2413 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2414 }
2415 }
2416
2417 bta_av_free_scb(p_scb);
2418 }
2419
2420 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2421 p_cb->disabling);
2422 /* if no stream control block is active */
2423 if (p_cb->reg_audio == 0) {
2424 /* deregister from AVDT */
2425 bta_ar_dereg_avdt();
2426
2427 /* deregister from AVCT */
2428 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2429 bta_ar_dereg_avct();
2430
2431 if (p_cb->disabling) {
2432 p_cb->disabling = false;
2433 // reset enabling parameters
2434 p_cb->features = 0;
2435 p_cb->sec_mask = 0;
2436 }
2437
2438 /* Clear the Capturing service class bit */
2439 cod.service = BTM_COD_SERVICE_CAPTURING;
2440 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2441 }
2442 }
2443