1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bluetooth-a2dp"
27
28 #include <bluetooth/log.h>
29 #include <com_android_bluetooth_flags.h>
30
31 #include <cstddef>
32 #include <cstdint>
33 #include <cstring>
34
35 #include "avct_api.h"
36 #include "avdt_api.h"
37 #include "avrc_api.h"
38 #include "avrc_defs.h"
39 #include "bt_dev_class.h"
40 #include "bta/av/bta_av_int.h"
41 #include "bta/include/bta_ar_api.h"
42 #include "bta/include/utl.h"
43 #include "bta_av_api.h"
44 #include "bta_sys.h"
45 #include "btif/avrcp/avrcp_service.h"
46 #include "btif/include/btif_av.h"
47 #include "common/bind.h"
48 #include "device/include/device_iot_conf_defs.h"
49 #include "device/include/device_iot_config.h"
50 #include "device/include/interop.h"
51 #include "internal_include/bt_target.h"
52 #include "l2cap_types.h"
53 #include "osi/include/alarm.h"
54 #include "osi/include/allocator.h"
55 #include "osi/include/list.h"
56 #include "osi/include/osi.h" // UINT_TO_PTR PTR_TO_UINT
57 #include "osi/include/properties.h"
58 #include "sdpdefs.h"
59 #include "stack/include/bt_hdr.h"
60 #include "stack/include/bt_types.h"
61 #include "stack/include/bt_uuid16.h"
62 #include "stack/include/btm_client_interface.h"
63 #include "stack/include/l2cap_interface.h"
64 #include "stack/include/sdp_api.h"
65 #include "stack/include/sdp_status.h"
66 #include "stack/sdp/sdp_discovery_db.h"
67 #include "types/raw_address.h"
68
69 using namespace bluetooth::legacy::stack::sdp;
70 using namespace bluetooth;
71
72 /*****************************************************************************
73 * Constants
74 ****************************************************************************/
75 /* the timeout to wait for open req after setconfig for incoming connections */
76 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
77 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
78 #endif
79
80 /* Time to wait for signalling from SNK when it is initiated from SNK. */
81 /* If not, we will start signalling from SRC. */
82 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
83 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
84 #endif
85
86 static void bta_av_accept_signalling_timer_cback(void* data);
87
88 #ifndef AVRC_MIN_META_CMD_LEN
89 #define AVRC_MIN_META_CMD_LEN 20
90 #endif
91
92 /*******************************************************************************
93 *
94 * Function bta_av_get_rcb_by_shdl
95 *
96 * Description find the RCB associated with the given SCB handle.
97 *
98 * Returns tBTA_AV_RCB
99 *
100 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)101 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
102 tBTA_AV_RCB* p_rcb = NULL;
103 int i;
104
105 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
106 if (bta_av_cb.rcb[i].shdl == shdl && bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
107 p_rcb = &bta_av_cb.rcb[i];
108 break;
109 }
110 }
111 return p_rcb;
112 }
113 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
114
115 /*******************************************************************************
116 *
117 * Function bta_av_del_rc
118 *
119 * Description delete the given AVRC handle.
120 *
121 * Returns void
122 *
123 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)124 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
125 tBTA_AV_SCB* p_scb;
126 uint8_t rc_handle; /* connected AVRCP handle */
127
128 p_scb = NULL;
129 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
130 if (p_rcb->shdl) {
131 /* Validate array index*/
132 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
133 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
134 }
135 if (p_scb) {
136 log::verbose("shdl:{}, srch:{} rc_handle:{}", p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
137 if (p_scb->rc_handle == p_rcb->handle) {
138 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
139 }
140 /* just in case the RC timer is active
141 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
142 BTA_AV_CHNL_AUDIO) */
143 alarm_cancel(p_scb->avrc_ct_timer);
144 }
145 }
146
147 log::verbose("handle: {} status=0x{:x}, rc_acp_handle:{}, idx:{}", p_rcb->handle, p_rcb->status,
148 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
149 rc_handle = p_rcb->handle;
150 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
151 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
152 p_rcb->status = 0;
153 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
154 p_rcb->shdl = 0;
155 p_rcb->lidx = 0;
156 }
157 /* else ACP && connected. do not clear the handle yet */
158 AVRC_Close(rc_handle);
159 if (rc_handle == bta_av_cb.rc_acp_handle) {
160 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
161 }
162 log::verbose("end del_rc handle: {} status=0x{:x}, rc_acp_handle:{}, lidx:{}", p_rcb->handle,
163 p_rcb->status, bta_av_cb.rc_acp_handle, p_rcb->lidx);
164 }
165 }
166
167 /*******************************************************************************
168 *
169 * Function bta_av_close_all_rc
170 *
171 * Description close the all AVRC handle.
172 *
173 * Returns void
174 *
175 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)176 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
177 int i;
178
179 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
180 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0)) {
181 bta_av_del_rc(&bta_av_cb.rcb[i]);
182 }
183 }
184 }
185
186 /*******************************************************************************
187 *
188 * Function bta_av_del_sdp_rec
189 *
190 * Description delete the given SDP record handle.
191 *
192 * Returns void
193 *
194 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)195 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
196 if (*p_sdp_handle != 0) {
197 if (!get_legacy_stack_sdp_api()->handle.SDP_DeleteRecord(*p_sdp_handle)) {
198 log::warn("Unable to delete SDP record:{}", *p_sdp_handle);
199 }
200 *p_sdp_handle = 0;
201 }
202 }
203
204 /*******************************************************************************
205 *
206 * Function bta_av_avrc_sdp_cback
207 *
208 * Description AVRCP service discovery callback.
209 *
210 * Returns void
211 *
212 ******************************************************************************/
bta_av_avrc_sdp_cback(tSDP_STATUS)213 static void bta_av_avrc_sdp_cback(tSDP_STATUS /* status */) {
214 BT_HDR_RIGID* p_msg = (BT_HDR_RIGID*)osi_malloc(sizeof(BT_HDR_RIGID));
215
216 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
217
218 bta_sys_sendmsg(p_msg);
219 }
220
221 /*******************************************************************************
222 *
223 * Function bta_av_rc_ctrl_cback
224 *
225 * Description AVRCP control callback.
226 *
227 * Returns void
228 *
229 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,uint16_t,const RawAddress * peer_addr)230 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event, uint16_t /* result */,
231 const RawAddress* peer_addr) {
232 uint16_t msg_event = 0;
233
234 if (btif_av_both_enable() && peer_addr != NULL && btif_av_peer_is_connected_sink(*peer_addr)) {
235 log::warn("not cback legacy cback, and close the handle");
236
237 if (event == AVRC_CLOSE_IND_EVT || event == AVRC_OPEN_IND_EVT) {
238 log::verbose("resend close event");
239 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
240 p_msg->hdr.event = BTA_AV_AVRC_CLOSE_EVT;
241 p_msg->handle = handle;
242 p_msg->peer_addr = *peer_addr;
243 bta_sys_sendmsg(p_msg);
244 }
245 return;
246 }
247
248 log::verbose("handle: {} event=0x{:x}", handle, event);
249 if (event == AVRC_OPEN_IND_EVT) {
250 /* save handle of opened connection
251 bta_av_cb.rc_handle = handle;*/
252
253 msg_event = BTA_AV_AVRC_OPEN_EVT;
254 } else if (event == AVRC_CLOSE_IND_EVT) {
255 msg_event = BTA_AV_AVRC_CLOSE_EVT;
256 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
257 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
258 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
259 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
260 }
261
262 if (msg_event) {
263 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
264 p_msg->hdr.event = msg_event;
265 p_msg->handle = handle;
266 p_msg->peer_addr = (peer_addr) ? (*peer_addr) : RawAddress::kEmpty;
267 bta_sys_sendmsg(p_msg);
268 }
269 }
270
271 /*******************************************************************************
272 *
273 * Function bta_av_rc_msg_cback
274 *
275 * Description AVRCP message callback.
276 *
277 * Returns void
278 *
279 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)280 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode, tAVRC_MSG* p_msg) {
281 uint8_t* p_data_src = NULL;
282 uint16_t data_len = 0;
283
284 log::verbose("handle: {} opcode=0x{:x}", handle, opcode);
285
286 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
287 */
288
289 /* Get size of payload data (for vendor and passthrough messages only; for
290 * browsing
291 * messages, use zero-copy) */
292 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
293 p_data_src = p_msg->vendor.p_vendor_data;
294 data_len = (uint16_t)p_msg->vendor.vendor_len;
295 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
296 p_data_src = p_msg->pass.p_pass_data;
297 data_len = (uint16_t)p_msg->pass.pass_len;
298 }
299
300 /* Create a copy of the message */
301 tBTA_AV_RC_MSG* p_buf = (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
302
303 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
304 p_buf->handle = handle;
305 p_buf->label = label;
306 p_buf->opcode = opcode;
307 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
308 /* Copy the data payload, and set the pointer to it */
309 if (p_data_src != NULL) {
310 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
311 memcpy(p_data_dst, p_data_src, data_len);
312
313 /* Update bta message buffer to point to payload data */
314 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
315 * already points to original avrc buffer) */
316 if (opcode == AVRC_OP_VENDOR) {
317 p_buf->msg.vendor.p_vendor_data = p_data_dst;
318 } else if (opcode == AVRC_OP_PASS_THRU) {
319 p_buf->msg.pass.p_pass_data = p_data_dst;
320 }
321 }
322
323 if (opcode == AVRC_OP_BROWSE) {
324 /* set p_pkt to NULL, so avrc would not free the buffer */
325 p_msg->browse.p_browse_pkt = NULL;
326 }
327
328 bta_sys_sendmsg(p_buf);
329 }
330
331 /*******************************************************************************
332 *
333 * Function bta_av_rc_create
334 *
335 * Description alloc RCB and call AVRC_Open
336 *
337 * Returns the created rc handle
338 *
339 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,tAVCT_ROLE role,uint8_t shdl,uint8_t lidx)340 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, tAVCT_ROLE role, uint8_t shdl, uint8_t lidx) {
341 if ((!btif_av_src_sink_coexist_enabled() ||
342 (btif_av_src_sink_coexist_enabled() && !btif_av_is_sink_enabled() &&
343 btif_av_is_source_enabled())) &&
344 is_new_avrcp_enabled()) {
345 log::info("Skipping RC creation for the old AVRCP profile");
346 return BTA_AV_RC_HANDLE_NONE;
347 }
348
349 RawAddress bda = RawAddress::kAny;
350 uint8_t status = BTA_AV_RC_ROLE_ACP;
351 int i;
352 uint8_t rc_handle;
353 tBTA_AV_RCB* p_rcb{nullptr};
354
355 if (role == AVCT_ROLE_INITIATOR) {
356 // Can't grab a stream control block that doesn't have a valid handle
357 if (!shdl) {
358 log::error("Can't grab stream control block for shdl = {} -> index = {}", shdl, shdl - 1);
359 return BTA_AV_RC_HANDLE_NONE;
360 }
361 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
362 bda = p_scb->PeerAddress();
363 status = BTA_AV_RC_ROLE_INT;
364 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_scb->PeerAddress(), IOT_CONF_KEY_AVRCP_CONN_COUNT);
365
366 } else {
367 p_rcb = bta_av_get_rcb_by_shdl(shdl);
368 if (p_rcb != NULL) {
369 log::error("ACP handle exist for shdl:{}", shdl);
370 p_rcb->lidx = lidx;
371 return p_rcb->handle;
372 }
373 }
374
375 tAVRC_CONN_CB ccb = {
376 .ctrl_cback = base::Bind(bta_av_rc_ctrl_cback),
377 .msg_cback = base::Bind(bta_av_rc_msg_cback),
378 .company_id = p_bta_av_cfg->company_id,
379 .conn = role,
380 // note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
381 .control =
382 static_cast<uint8_t>(p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
383 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE)),
384 };
385
386 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS) {
387 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(bda, IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
388 return BTA_AV_RC_HANDLE_NONE;
389 }
390
391 i = rc_handle;
392 p_rcb = &p_cb->rcb[i];
393
394 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
395 log::error("found duplicated handle:{}", rc_handle);
396 }
397
398 p_rcb->handle = rc_handle;
399 p_rcb->status = status;
400 p_rcb->shdl = shdl;
401 p_rcb->lidx = lidx;
402 p_rcb->peer_features = 0;
403 p_rcb->peer_ct_features = 0;
404 p_rcb->peer_tg_features = 0;
405 p_rcb->cover_art_psm = 0;
406 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
407 /* this LIDX is reserved for the AVRCP ACP connection */
408 p_cb->rc_acp_handle = p_rcb->handle;
409 p_cb->rc_acp_idx = (i + 1);
410 log::verbose("rc_acp_handle:{} idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
411 }
412 log::verbose("create {}, role: {}, shdl:{}, rc_handle:{}, lidx:{}, status:0x{:x}", i,
413 avct_role_text(role), shdl, p_rcb->handle, lidx, p_rcb->status);
414
415 return rc_handle;
416 }
417
418 /*******************************************************************************
419 *
420 * Function bta_av_valid_group_navi_msg
421 *
422 * Description Check if it is Group Navigation Msg for Metadata
423 *
424 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
425 *
426 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)427 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data, bool is_inquiry) {
428 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
429 uint8_t* p_ptr = p_data;
430 uint16_t u16;
431 uint32_t u32;
432
433 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
434 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
435 BE_STREAM_TO_UINT16(u16, p_ptr);
436
437 if (u32 == AVRC_CO_METADATA) {
438 if (is_inquiry) {
439 if (u16 <= AVRC_PDU_PREV_GROUP) {
440 ret = AVRC_RSP_IMPL_STBL;
441 }
442 } else {
443 if (u16 <= AVRC_PDU_PREV_GROUP) {
444 ret = AVRC_RSP_ACCEPT;
445 } else {
446 ret = AVRC_RSP_REJ;
447 }
448 }
449 }
450 }
451
452 return ret;
453 }
454
455 /*******************************************************************************
456 *
457 * Function bta_av_op_supported
458 *
459 * Description Check if remote control operation is supported.
460 *
461 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
462 *
463 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)464 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
465 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
466
467 if (p_bta_av_rc_id) {
468 if (is_inquiry) {
469 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
470 ret_code = AVRC_RSP_IMPL_STBL;
471 }
472 } else {
473 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
474 ret_code = AVRC_RSP_ACCEPT;
475 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) && p_bta_av_rc_id_ac) {
476 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
477 ret_code = AVRC_RSP_INTERIM;
478 }
479 }
480 }
481 }
482 return ret_code;
483 }
484
485 /*******************************************************************************
486 *
487 * Function bta_av_find_lcb
488 *
489 * Description Given BD_addr, find the associated LCB.
490 *
491 * Returns NULL, if not found.
492 *
493 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)494 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
495 tBTA_AV_CB* p_cb = &bta_av_cb;
496 int xx;
497 uint8_t mask;
498 tBTA_AV_LCB* p_lcb = NULL;
499
500 log::verbose("address: {} op:{}", addr, op);
501 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
502 mask = 1 << xx; /* the used mask for this lcb */
503 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
504 p_lcb = &p_cb->lcb[xx];
505 if (op == BTA_AV_LCB_FREE) {
506 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
507 log::verbose("conn_lcb: 0x{:x}", p_cb->conn_lcb);
508 }
509 break;
510 }
511 }
512 return p_lcb;
513 }
514
515 /*******************************************************************************
516 *
517 * Function bta_av_rc_opened
518 *
519 * Description Set AVRCP state to opened.
520 *
521 * Returns void
522 *
523 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)524 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
525 tBTA_AV_RC_OPEN rc_open;
526 tBTA_AV_SCB* p_scb;
527 int i;
528 uint8_t shdl = 0;
529 tBTA_AV_LCB* p_lcb;
530 tBTA_AV_RCB* p_rcb;
531 uint8_t tmp;
532 uint8_t disc = 0;
533
534 /* find the SCB & stop the timer */
535 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
536 p_scb = p_cb->p_scb[i];
537 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
538 p_scb->rc_handle = p_data->rc_conn_chg.handle;
539 log::verbose("shdl:{}, srch {}", i + 1, p_scb->rc_handle);
540 shdl = i + 1;
541 log::info("allow incoming AVRCP connections:{}", p_scb->use_rc);
542 alarm_cancel(p_scb->avrc_ct_timer);
543 disc = p_scb->hndl;
544 break;
545 }
546 }
547
548 i = p_data->rc_conn_chg.handle;
549 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
550 log::error("not a valid handle:{} any more", i);
551 return;
552 }
553
554 log::verbose("local features {} peer features {}", p_cb->features, p_cb->rcb[i].peer_features);
555
556 /* listen to browsing channel when the connection is open,
557 * if peer initiated AVRCP connection and local device supports browsing
558 * channel */
559 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ROLE_ACCEPTOR);
560
561 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
562 /* rc is opened on the RC only ACP channel, but is for a specific
563 * SCB -> need to switch RCBs */
564 p_rcb = bta_av_get_rcb_by_shdl(shdl);
565 if (p_rcb) {
566 p_rcb->shdl = p_cb->rcb[i].shdl;
567 tmp = p_rcb->lidx;
568 p_rcb->lidx = p_cb->rcb[i].lidx;
569 p_cb->rcb[i].lidx = tmp;
570 p_cb->rc_acp_handle = p_rcb->handle;
571 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
572 log::verbose("switching RCB rc_acp_handle:{} idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
573 }
574 }
575
576 p_cb->rcb[i].shdl = shdl;
577 rc_open.rc_handle = i;
578 log::error("rcb[{}] shdl:{} lidx:{}/{}", i, shdl, p_cb->rcb[i].lidx,
579 p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
580 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
581
582 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
583 /* no associated SCB -> connected to an RC only device
584 * update the index to the extra LCB */
585 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
586 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
587 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
588 p_cb->rcb[i].lidx = p_lcb->lidx;
589 p_lcb->conn_msk = 1;
590 log::error("bd_addr: {} rcb[{}].lidx={}, lcb.conn_msk=x{:x}", p_lcb->addr, i, p_cb->rcb[i].lidx,
591 p_lcb->conn_msk);
592 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
593 }
594
595 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
596 rc_open.peer_features = p_cb->rcb[i].peer_features;
597 rc_open.cover_art_psm = p_cb->rcb[i].cover_art_psm;
598 if (btif_av_both_enable()) {
599 if (rc_open.peer_addr == p_cb->rc_feature.peer_addr) {
600 rc_open.peer_features = p_cb->rc_feature.peer_features;
601 rc_open.peer_ct_features = p_cb->rc_feature.peer_ct_features;
602 rc_open.peer_tg_features = p_cb->rc_feature.peer_tg_features;
603 } else {
604 rc_open.peer_features = p_cb->rcb[i].peer_features;
605 rc_open.peer_ct_features = p_cb->rcb[i].peer_ct_features;
606 rc_open.peer_tg_features = p_cb->rcb[i].peer_tg_features;
607 }
608 rc_open.status = BTA_AV_SUCCESS;
609 log::verbose(
610 "local features:0x{:x} peer_features:0x{:x}, peer_ct_feature:0x{:x}, "
611 "peer_tg_feature:0x{:x}",
612 p_cb->features, rc_open.peer_features, rc_open.peer_ct_features,
613 rc_open.peer_tg_features);
614 if (rc_open.peer_features == 0 && rc_open.peer_ct_features == 0 &&
615 rc_open.peer_tg_features == 0) {
616 /* we have not done SDP on peer RC capabilities.
617 * peer must have initiated the RC connection
618 * We Don't have SDP records of Peer, so we by
619 * default will take values depending upon registered
620 * features */
621 if (p_cb->features & BTA_AV_FEAT_RCTG) {
622 rc_open.peer_ct_features |= BTA_AV_FEAT_RCCT;
623 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
624 }
625 bta_av_rc_disc(disc);
626 }
627 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, (tBTA_AV*)&rc_open);
628
629 /* if local initiated AVRCP connection and both peer and locals device
630 * support
631 * browsing channel, open the browsing channel now
632 * Some TG would not broadcast browse feature hence check inter-op. */
633 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
634 ((rc_open.peer_ct_features & BTA_AV_FEAT_BROWSE) ||
635 (rc_open.peer_tg_features & BTA_AV_FEAT_BROWSE))) {
636 if ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
637 log::verbose("opening AVRC Browse channel");
638 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ROLE_INITIATOR);
639 }
640 }
641 return;
642 }
643 rc_open.status = BTA_AV_SUCCESS;
644 log::verbose("local features:x{:x} peer_features:x{:x}", p_cb->features, rc_open.peer_features);
645 log::verbose("cover art psm:x{:x}", rc_open.cover_art_psm);
646 if (rc_open.peer_features == 0) {
647 /* we have not done SDP on peer RC capabilities.
648 * peer must have initiated the RC connection */
649 if (p_cb->features & BTA_AV_FEAT_RCCT) {
650 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
651 }
652 if (p_cb->features & BTA_AV_FEAT_RCTG) {
653 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
654 }
655
656 bta_av_rc_disc(disc);
657 }
658 tBTA_AV bta_av_data;
659 bta_av_data.rc_open = rc_open;
660 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
661
662 /* if local initiated AVRCP connection and both peer and locals device support
663 * browsing channel, open the browsing channel now
664 * TODO (sanketa): Some TG would not broadcast browse feature hence check
665 * inter-op. */
666 if ((p_cb->features & BTA_AV_FEAT_BROWSE) && (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
667 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
668 log::verbose("opening AVRC Browse channel");
669 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ROLE_INITIATOR);
670 }
671 }
672
673 /*******************************************************************************
674 *
675 * Function bta_av_rc_remote_cmd
676 *
677 * Description Send an AVRCP remote control command.
678 *
679 * Returns void
680 *
681 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)682 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
683 tBTA_AV_RCB* p_rcb;
684 if (p_cb->features & BTA_AV_FEAT_RCCT) {
685 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
686 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
687 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
688 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label, &p_data->api_remote_cmd.msg);
689 }
690 }
691 }
692 }
693
694 /*******************************************************************************
695 *
696 * Function bta_av_rc_vendor_cmd
697 *
698 * Description Send an AVRCP vendor specific command.
699 *
700 * Returns void
701 *
702 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)703 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
704 tBTA_AV_RCB* p_rcb;
705 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
706 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
707 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
708 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
709 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label, &p_data->api_vendor.msg);
710 }
711 }
712 }
713
714 /*******************************************************************************
715 *
716 * Function bta_av_rc_vendor_rsp
717 *
718 * Description Send an AVRCP vendor specific response.
719 *
720 * Returns void
721 *
722 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)723 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
724 tBTA_AV_RCB* p_rcb;
725 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
726 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
727 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
728 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
729 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label, &p_data->api_vendor.msg);
730 }
731 }
732 }
733
734 /*******************************************************************************
735 *
736 * Function bta_av_rc_meta_rsp
737 *
738 * Description Send an AVRCP metadata/advanced control command/response.
739 *
740 * Returns void
741 *
742 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)743 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
744 tBTA_AV_RCB* p_rcb;
745 bool do_free = true;
746
747 if ((p_cb->features & BTA_AV_FEAT_METADATA) && (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
748 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
749 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
750 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
751 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
752 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label, p_data->api_meta_rsp.rsp_code,
753 p_data->api_meta_rsp.p_pkt, false);
754 do_free = false;
755 }
756 }
757 }
758
759 if (do_free) {
760 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
761 }
762 }
763
764 /*******************************************************************************
765 *
766 * Function bta_av_rc_free_rsp
767 *
768 * Description free an AVRCP metadata command buffer.
769 *
770 * Returns void
771 *
772 ******************************************************************************/
bta_av_rc_free_rsp(tBTA_AV_CB *,tBTA_AV_DATA * p_data)773 void bta_av_rc_free_rsp(tBTA_AV_CB* /* p_cb */, tBTA_AV_DATA* p_data) {
774 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
775 }
776
777 /*******************************************************************************
778 *
779 * Function bta_av_rc_free_browse_msg
780 *
781 * Description free an AVRCP browse message buffer.
782 *
783 * Returns void
784 *
785 ******************************************************************************/
bta_av_rc_free_browse_msg(tBTA_AV_CB *,tBTA_AV_DATA * p_data)786 void bta_av_rc_free_browse_msg(tBTA_AV_CB* /* p_cb */, tBTA_AV_DATA* p_data) {
787 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
788 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
789 }
790 }
791
792 /*******************************************************************************
793 *
794 * Function bta_av_chk_notif_evt_id
795 *
796 * Description make sure the requested player id is valid.
797 *
798 * Returns BTA_AV_STS_NO_RSP, if no error
799 *
800 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)801 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
802 tAVRC_STS status = BTA_AV_STS_NO_RSP;
803 uint8_t xx;
804 uint16_t u16;
805 uint8_t* p = p_vendor->p_vendor_data + 2;
806
807 BE_STREAM_TO_UINT16(u16, p);
808 /* double check the fixed length */
809 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
810 status = AVRC_STS_INTERNAL_ERR;
811 } else {
812 if (btif_av_both_enable()) {
813 for (xx = 0; xx < bta_av_cfg.num_evt_ids; xx++) {
814 if (*p == bta_av_cfg.p_meta_evt_ids[xx]) {
815 return status;
816 }
817 }
818 for (xx = 0; xx < get_bta_avk_cfg()->num_evt_ids; xx++) {
819 if (*p == get_bta_avk_cfg()->p_meta_evt_ids[xx]) {
820 return status;
821 }
822 }
823 return AVRC_STS_BAD_PARAM;
824 }
825 /* make sure the player_id is valid */
826 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
827 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
828 break;
829 }
830 }
831 if (xx == p_bta_av_cfg->num_evt_ids) {
832 status = AVRC_STS_BAD_PARAM;
833 }
834 }
835
836 return status;
837 }
838
bta_av_proc_rsp(tAVRC_RESPONSE * p_rc_rsp)839 static void bta_av_proc_rsp(tAVRC_RESPONSE* p_rc_rsp) {
840 uint16_t rc_ver = 0x105;
841 const tBTA_AV_CFG* p_src_cfg = NULL;
842 if (rc_ver != 0x103) {
843 p_src_cfg = &bta_av_cfg;
844 } else {
845 p_src_cfg = &bta_av_cfg_compatibility;
846 }
847 p_rc_rsp->get_caps.count = p_src_cfg->num_evt_ids;
848 memcpy(p_rc_rsp->get_caps.param.event_id, p_src_cfg->p_meta_evt_ids, p_src_cfg->num_evt_ids);
849 log::verbose("ver: 0x{:x}", rc_ver);
850 /* if it's not 1.3, then there should be a absolute volume */
851 if (rc_ver != 0x103) {
852 uint8_t evt_cnt = p_rc_rsp->get_caps.count;
853 p_rc_rsp->get_caps.count += get_bta_avk_cfg()->num_evt_ids;
854 if (evt_cnt < AVRC_CAP_MAX_NUM_EVT_ID) {
855 uint32_t i = 0;
856 for (i = 0; i < get_bta_avk_cfg()->num_evt_ids && i + evt_cnt < AVRC_CAP_MAX_NUM_EVT_ID;
857 i++) {
858 p_rc_rsp->get_caps.param.event_id[evt_cnt + i] = get_bta_avk_cfg()->p_meta_evt_ids[i];
859 }
860 }
861 }
862 }
863
864 /*******************************************************************************
865 *
866 * Function bta_av_proc_meta_cmd
867 *
868 * Description Process an AVRCP metadata command from the peer.
869 *
870 * Returns true to respond immediately
871 *
872 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)873 static tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp, tBTA_AV_RC_MSG* p_msg,
874 uint8_t* p_ctype) {
875 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
876 uint8_t u8, pdu, *p;
877 uint16_t u16;
878 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
879
880 if (p_vendor->vendor_len == 0) {
881 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
882 log::verbose("p_vendor->vendor_len == 0");
883 // the caller of this function assume 0 to be an invalid event
884 return 0;
885 }
886
887 pdu = *(p_vendor->p_vendor_data);
888 p_rc_rsp->pdu = pdu;
889 *p_ctype = AVRC_RSP_REJ;
890
891 /* Check to ansure a valid minimum meta data length */
892 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
893 /* reject it */
894 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
895 log::error("Invalid meta-command length: {}", p_vendor->vendor_len);
896 return 0;
897 }
898
899 /* Metadata messages only use PANEL sub-unit type */
900 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
901 log::verbose("SUBUNIT must be PANEL");
902 /* reject it */
903 evt = 0;
904 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
905 p_vendor->vendor_len = 0;
906 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
907 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
908 log::verbose("Invalid pdu/ctype: 0x{:x}, {}", pdu, p_vendor->hdr.ctype);
909 /* reject invalid message without reporting to app */
910 evt = 0;
911 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
912 } else {
913 switch (pdu) {
914 case AVRC_PDU_GET_CAPABILITIES:
915 /* process GetCapabilities command without reporting the event to app */
916 evt = 0;
917 if (p_vendor->vendor_len != 5) {
918 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
919 break;
920 }
921 u8 = *(p_vendor->p_vendor_data + 4);
922 p = p_vendor->p_vendor_data + 2;
923 p_rc_rsp->get_caps.capability_id = u8;
924 BE_STREAM_TO_UINT16(u16, p);
925 if (u16 != 1) {
926 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
927 } else {
928 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
929 if (u8 == AVRC_CAP_COMPANY_ID) {
930 *p_ctype = AVRC_RSP_IMPL_STBL;
931 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
932 memcpy(p_rc_rsp->get_caps.param.company_id, p_bta_av_cfg->p_meta_co_ids,
933 (p_bta_av_cfg->num_co_ids << 2));
934 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
935 *p_ctype = AVRC_RSP_IMPL_STBL;
936 if (btif_av_src_sink_coexist_enabled() && btif_av_both_enable()) {
937 bta_av_proc_rsp(p_rc_rsp);
938 break;
939 }
940 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
941 memcpy(p_rc_rsp->get_caps.param.event_id, p_bta_av_cfg->p_meta_evt_ids,
942 p_bta_av_cfg->num_evt_ids);
943 } else {
944 log::verbose("Invalid capability ID: 0x{:x}", u8);
945 /* reject - unknown capability ID */
946 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
947 }
948 }
949 break;
950
951 case AVRC_PDU_REGISTER_NOTIFICATION:
952 /* make sure the event_id is implemented */
953 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
954 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) {
955 evt = 0;
956 }
957 break;
958 }
959 }
960
961 return evt;
962 }
963
964 /*******************************************************************************
965 *
966 * Function bta_av_rc_msg
967 *
968 * Description Process an AVRCP message from the peer.
969 *
970 * Returns void
971 *
972 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)973 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
974 tBTA_AV_EVT evt = 0;
975 tBTA_AV av;
976 BT_HDR* p_pkt = NULL;
977 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
978 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
979 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
980 uint8_t ctype = 0;
981 tAVRC_RESPONSE rc_rsp;
982
983 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
984
985 if (NULL == p_data) {
986 log::error("Message from peer with no data");
987 return;
988 }
989
990 log::verbose("opcode={:x}, ctype={:x}", p_data->rc_msg.opcode, p_data->rc_msg.msg.hdr.ctype);
991
992 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
993 /* if this is a pass thru command */
994 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
995 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
996 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
997 /* check if operation is supported */
998 char avrcp_ct_support[PROPERTY_VALUE_MAX];
999 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support, "false");
1000 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
1001 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
1002 if (p_cb->features & BTA_AV_FEAT_METADATA) {
1003 p_data->rc_msg.msg.hdr.ctype =
1004 bta_av_group_navi_supported(p_data->rc_msg.msg.pass.pass_len,
1005 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
1006 }
1007 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
1008 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
1009 !strcmp(avrcp_ct_support, "true")) {
1010 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
1011 } else {
1012 p_data->rc_msg.msg.hdr.ctype =
1013 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
1014 }
1015
1016 log::verbose("ctype {}", p_data->rc_msg.msg.hdr.ctype);
1017
1018 /* send response */
1019 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM) {
1020 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label, &p_data->rc_msg.msg.pass);
1021 }
1022
1023 /* set up for callback if supported */
1024 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
1025 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
1026 evt = BTA_AV_REMOTE_CMD_EVT;
1027 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
1028 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
1029 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
1030 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
1031 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
1032 av.remote_cmd.label = p_data->rc_msg.label;
1033 }
1034 } else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
1035 /* else if this is a pass thru response */
1036 /* id response type is not impl, we have to release label */
1037 /* set up for callback */
1038 evt = BTA_AV_REMOTE_RSP_EVT;
1039 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
1040 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
1041 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
1042 av.remote_rsp.label = p_data->rc_msg.label;
1043 av.remote_rsp.len = p_data->rc_msg.msg.pass.pass_len;
1044 av.remote_rsp.p_data = NULL;
1045
1046 /* If this response is for vendor unique command */
1047 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
1048 (p_data->rc_msg.msg.pass.pass_len > 0)) {
1049 av.remote_rsp.p_data = (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
1050 log::verbose("Vendor Unique data len = {}", p_data->rc_msg.msg.pass.pass_len);
1051 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
1052 p_data->rc_msg.msg.pass.pass_len);
1053 }
1054 } else {
1055 /* must be a bad ctype -> reject*/
1056 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
1057 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label, &p_data->rc_msg.msg.pass);
1058 }
1059 } else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
1060 /* else if this is a vendor specific command or response */
1061 /* set up for callback */
1062 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
1063 av.vendor_cmd.company_id = p_vendor->company_id;
1064 av.vendor_cmd.label = p_data->rc_msg.label;
1065 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
1066 av.vendor_cmd.len = p_vendor->vendor_len;
1067
1068 /* if configured to support vendor specific and it's a command */
1069 if ((p_cb->features & BTA_AV_FEAT_VENDOR) && p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
1070 if ((p_cb->features & BTA_AV_FEAT_METADATA) && (p_vendor->company_id == AVRC_CO_METADATA)) {
1071 av.meta_msg.p_msg = &p_data->rc_msg.msg;
1072 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
1073 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
1074 } else {
1075 evt = BTA_AV_VENDOR_CMD_EVT;
1076 }
1077 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
1078 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
1079 /* else if configured to support vendor specific and it's a response */
1080 if ((p_cb->features & BTA_AV_FEAT_METADATA) && (p_vendor->company_id == AVRC_CO_METADATA)) {
1081 av.meta_msg.p_msg = &p_data->rc_msg.msg;
1082 evt = BTA_AV_META_MSG_EVT;
1083 } else {
1084 evt = BTA_AV_VENDOR_RSP_EVT;
1085 }
1086 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
1087 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
1088 /* else if not configured to support vendor specific and it's a command */
1089 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
1090 /* reject it */
1091 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
1092 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
1093 } else {
1094 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
1095 }
1096 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label, &p_data->rc_msg.msg.vendor);
1097 }
1098 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
1099 /* set up for callback */
1100 av.meta_msg.rc_handle = p_data->rc_msg.handle;
1101 av.meta_msg.company_id = p_vendor->company_id;
1102 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
1103 av.meta_msg.label = p_data->rc_msg.label;
1104 av.meta_msg.p_msg = &p_data->rc_msg.msg;
1105 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
1106 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
1107 evt = BTA_AV_META_MSG_EVT;
1108 }
1109
1110 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
1111 if (!p_pkt) {
1112 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
1113 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
1114 }
1115 if (p_pkt) {
1116 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt, false);
1117 }
1118 }
1119
1120 /* call callback */
1121 if (evt != 0) {
1122 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1123 (*p_cb->p_cback)(evt, &av);
1124 /* If browsing message, then free the browse message buffer */
1125 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE && p_data->rc_msg.msg.browse.p_browse_pkt != NULL) {
1126 bta_av_rc_free_browse_msg(p_cb, p_data);
1127 }
1128 }
1129 }
1130
1131 /*******************************************************************************
1132 *
1133 * Function bta_av_rc_close
1134 *
1135 * Description close the specified AVRC handle.
1136 *
1137 * Returns void
1138 *
1139 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1140 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1141 uint16_t handle = p_data->hdr.layer_specific;
1142 tBTA_AV_SCB* p_scb;
1143 tBTA_AV_RCB* p_rcb;
1144
1145 if (handle < BTA_AV_NUM_RCB) {
1146 p_rcb = &p_cb->rcb[handle];
1147
1148 log::verbose("handle: {}, status=0x{:x}", p_rcb->handle, p_rcb->status);
1149 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1150 if (p_rcb->shdl) {
1151 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1152 if (p_scb) {
1153 /* just in case the RC timer is active
1154 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1155 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1156 alarm_cancel(p_scb->avrc_ct_timer);
1157 }
1158 }
1159
1160 AVRC_Close(p_rcb->handle);
1161 }
1162 }
1163 }
1164
1165 /*******************************************************************************
1166 *
1167 * Function bta_av_get_shdl
1168 *
1169 * Returns The index to p_scb[]
1170 *
1171 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1172 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1173 int i;
1174 uint8_t shdl = 0;
1175 /* find the SCB & stop the timer */
1176 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1177 if (p_scb == bta_av_cb.p_scb[i]) {
1178 shdl = i + 1;
1179 break;
1180 }
1181 }
1182 return shdl;
1183 }
1184
1185 /*******************************************************************************
1186 *
1187 * Function bta_av_stream_chg
1188 *
1189 * Description audio streaming status changed.
1190 *
1191 * Returns void
1192 *
1193 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1194 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1195 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1196
1197 log::verbose("peer {} started:{} started_msk:0x{:x}", p_scb->PeerAddress(), started, started_msk);
1198
1199 if (started) {
1200 /* Let L2CAP know this channel is processed with high priority */
1201 if (!stack::l2cap::get_interface().L2CA_SetAclPriority(p_scb->PeerAddress(),
1202 L2CAP_PRIORITY_HIGH)) {
1203 log::warn("Unable to set L2CAP acl high priority peer:{}", p_scb->PeerAddress());
1204 }
1205 } else {
1206 /* Let L2CAP know this channel is processed with low priority */
1207 if (!stack::l2cap::get_interface().L2CA_SetAclPriority(p_scb->PeerAddress(),
1208 L2CAP_PRIORITY_NORMAL)) {
1209 log::warn("Unable to set L2CAP acl normal priority peer:{}", p_scb->PeerAddress());
1210 }
1211 }
1212 }
1213
1214 /*******************************************************************************
1215 *
1216 * Function bta_av_conn_chg
1217 *
1218 * Description connetion status changed.
1219 * Open an AVRCP acceptor channel, if new conn.
1220 *
1221 * Returns void
1222 *
1223 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1224 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1225 tBTA_AV_CB* p_cb = &bta_av_cb;
1226 tBTA_AV_SCB* p_scb = NULL;
1227 tBTA_AV_SCB* p_scbi;
1228 uint8_t mask;
1229 uint8_t conn_msk;
1230 uint8_t old_msk;
1231 int i;
1232 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1233 tBTA_AV_LCB* p_lcb;
1234 tBTA_AV_LCB* p_lcb_rc;
1235 tBTA_AV_RCB *p_rcb, *p_rcb2;
1236 bool chk_restore = false;
1237
1238 /* Validate array index*/
1239 if (index < BTA_AV_NUM_STRS) {
1240 p_scb = p_cb->p_scb[index];
1241 }
1242 mask = BTA_AV_HNDL_TO_MSK(index);
1243 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1244 conn_msk = 1 << (index + 1);
1245 if (p_data->conn_chg.is_up) {
1246 /* set the conned mask for this channel */
1247 if (p_scb) {
1248 if (p_lcb) {
1249 p_lcb->conn_msk |= conn_msk;
1250 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1251 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1252 bta_av_cb.rcb[i].shdl = index + 1;
1253 log::verbose("conn_chg up[{}]: {}, status=0x{:x}, shdl:{}, lidx:{}", i,
1254 bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1255 bta_av_cb.rcb[i].lidx);
1256 break;
1257 }
1258 }
1259 }
1260 old_msk = p_cb->conn_audio;
1261 p_cb->conn_audio |= mask;
1262
1263 if ((old_msk & mask) == 0) {
1264 /* increase the audio open count, if not set yet */
1265 bta_av_cb.audio_open_cnt++;
1266 }
1267
1268 log::verbose("rc_acp_handle:{} rc_acp_idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1269 /* check if the AVRCP ACP channel is already connected */
1270 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE && p_cb->rc_acp_idx) {
1271 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1272 log::verbose("rc_acp is connected && conn_chg on same addr p_lcb_rc->conn_msk:x{:x}",
1273 p_lcb_rc->conn_msk);
1274 /* check if the RC is connected to the scb addr */
1275 log::info("p_lcb_rc->addr: {} conn_chg.peer_addr: {}", p_lcb_rc->addr,
1276 p_data->conn_chg.peer_addr);
1277
1278 if (p_lcb_rc->conn_msk && p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1279 /* AVRCP is already connected.
1280 * need to update the association between SCB and RCB */
1281 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1282 p_lcb_rc->lidx = 0;
1283 p_scb->rc_handle = p_cb->rc_acp_handle;
1284 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1285 p_rcb->shdl = bta_av_get_shdl(p_scb);
1286 log::verbose("update rc_acp shdl:{}/{} srch:{}", index + 1, p_rcb->shdl,
1287 p_scb->rc_handle);
1288
1289 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1290 if (p_rcb2) {
1291 /* found the RCB that was created to associated with this SCB */
1292 p_cb->rc_acp_handle = p_rcb2->handle;
1293 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1294 log::verbose("new rc_acp_handle:{}, idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1295 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1296 log::verbose("rc2 handle:{} lidx:{}/{}", p_rcb2->handle, p_rcb2->lidx,
1297 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1298 }
1299 p_rcb->lidx = p_lcb->lidx;
1300 log::verbose("rc handle:{} lidx:{}/{}", p_rcb->handle, p_rcb->lidx,
1301 p_cb->lcb[p_rcb->lidx - 1].lidx);
1302 }
1303 }
1304 }
1305 } else {
1306 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1307 /* this channel is still marked as open. decrease the count */
1308 bta_av_cb.audio_open_cnt--;
1309 }
1310
1311 /* clear the conned mask for this channel */
1312 p_cb->conn_audio &= ~mask;
1313 if (p_scb) {
1314 // The stream is closed. Clear the state.
1315 p_scb->OnDisconnected();
1316 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1317 if (p_lcb) {
1318 p_lcb->conn_msk &= ~conn_msk;
1319 }
1320 /* audio channel is down. make sure the INT channel is down */
1321 /* just in case the RC timer is active
1322 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1323 { alarm_cancel(p_scb->avrc_ct_timer); }
1324 /* one audio channel goes down. check if we need to restore high
1325 * priority */
1326 chk_restore = true;
1327 }
1328 }
1329
1330 log::verbose("shdl:{}", index + 1);
1331 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1332 log::verbose("conn_chg dn[{}]: {}, status=0x{:x}, shdl:{}, lidx:{}", i,
1333 bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1334 bta_av_cb.rcb[i].lidx);
1335 if (bta_av_cb.rcb[i].shdl == index + 1) {
1336 bta_av_del_rc(&bta_av_cb.rcb[i]);
1337 /* since the connection is already down and info was removed, clean
1338 * reference */
1339 bta_av_cb.rcb[i].shdl = 0;
1340 break;
1341 }
1342 }
1343
1344 if (p_cb->conn_audio == 0) {
1345 /* if both channels are not connected,
1346 * close all RC channels */
1347 bta_av_close_all_rc(p_cb);
1348 }
1349
1350 /* if the AVRCP is no longer listening, create the listening channel */
1351 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE && bta_av_cb.features & BTA_AV_FEAT_RCTG) {
1352 bta_av_rc_create(&bta_av_cb, AVCT_ROLE_ACCEPTOR, 0, BTA_AV_NUM_LINKS + 1);
1353 }
1354 }
1355
1356 log::verbose("audio:{:x} up:{} conn_msk:0x{:x} chk_restore:{} audio_open_cnt:{}",
1357 p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1358 p_cb->audio_open_cnt);
1359
1360 if (chk_restore) {
1361 if (p_cb->audio_open_cnt == 1) {
1362 /* one audio channel goes down and there's one audio channel remains open.
1363 * restore the switch role in default link policy */
1364 get_btm_client_interface().link_policy.BTM_default_unblock_role_switch();
1365 bta_av_restore_switch();
1366 }
1367 if (p_cb->audio_open_cnt) {
1368 /* adjust flush timeout settings to longer period */
1369 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1370 p_scbi = bta_av_cb.p_scb[i];
1371 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1372 /* may need to update the flush timeout of this already started stream
1373 */
1374 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1375 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1376 }
1377 }
1378 }
1379 }
1380 }
1381 }
1382
1383 /*******************************************************************************
1384 *
1385 * Function bta_av_disable
1386 *
1387 * Description disable AV.
1388 *
1389 * Returns void
1390 *
1391 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,tBTA_AV_DATA *)1392 void bta_av_disable(tBTA_AV_CB* p_cb, tBTA_AV_DATA* /* p_data */) {
1393 BT_HDR_RIGID hdr;
1394 bool disabling_in_progress = false;
1395 uint16_t xx;
1396
1397 p_cb->disabling = true;
1398
1399 bta_av_close_all_rc(p_cb);
1400
1401 osi_free_and_reset((void**)&p_cb->p_disc_db);
1402
1403 /* disable audio/video - de-register all channels,
1404 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1405 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1406 if (p_cb->p_scb[xx] != NULL) {
1407 // Free signalling timers
1408 alarm_free(p_cb->p_scb[xx]->link_signalling_timer);
1409 p_cb->p_scb[xx]->link_signalling_timer = NULL;
1410 alarm_free(p_cb->p_scb[xx]->accept_signalling_timer);
1411 p_cb->p_scb[xx]->accept_signalling_timer = NULL;
1412 if (com::android::bluetooth::flags::avdt_handle_signaling_on_peer_failure()) {
1413 alarm_free(p_cb->p_scb[xx]->accept_open_timer);
1414 p_cb->p_scb[xx]->accept_open_timer = NULL;
1415 }
1416 hdr.layer_specific = xx + 1;
1417 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1418 disabling_in_progress = true;
1419 }
1420 }
1421 // Since All channels are deregistering by API_DEREGISTER, the DEREG_COMP_EVT
1422 // would come first before API_DISABLE if there is no connections, and it is
1423 // no needed to setup this disabling flag.
1424 p_cb->disabling = disabling_in_progress;
1425 }
1426
1427 /*******************************************************************************
1428 *
1429 * Function bta_av_api_disconnect
1430 *
1431 * Description .
1432 *
1433 * Returns void
1434 *
1435 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1436 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1437 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(p_data->api_discnt.hdr.layer_specific);
1438 AVDT_DisconnectReq(p_scb->PeerAddress(), bta_av_conn_cback);
1439 alarm_cancel(p_scb->link_signalling_timer);
1440 }
1441
1442 /*******************************************************************************
1443 *
1444 * Function bta_av_set_use_latency_mode
1445 *
1446 * Description Sets stream use latency mode.
1447 *
1448 * Returns void
1449 *
1450 ******************************************************************************/
bta_av_set_use_latency_mode(tBTA_AV_SCB * p_scb,bool use_latency_mode)1451 void bta_av_set_use_latency_mode(tBTA_AV_SCB* p_scb, bool use_latency_mode) {
1452 if (!stack::l2cap::get_interface().L2CA_UseLatencyMode(p_scb->PeerAddress(), use_latency_mode)) {
1453 log::warn("Unable to set L2CAP latenty mode peer:{} use_latency_mode:{}", p_scb->PeerAddress(),
1454 use_latency_mode);
1455 }
1456 }
1457
1458 /*******************************************************************************
1459 *
1460 * Function bta_av_api_set_latency
1461 *
1462 * Description set stream latency.
1463 *
1464 * Returns void
1465 *
1466 ******************************************************************************/
bta_av_api_set_latency(tBTA_AV_DATA * p_data)1467 void bta_av_api_set_latency(tBTA_AV_DATA* p_data) {
1468 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(p_data->api_set_latency.hdr.layer_specific);
1469
1470 tL2CAP_LATENCY latency =
1471 p_data->api_set_latency.is_low_latency ? L2CAP_LATENCY_LOW : L2CAP_LATENCY_NORMAL;
1472 if (!stack::l2cap::get_interface().L2CA_SetAclLatency(p_scb->PeerAddress(), latency)) {
1473 log::warn("Unable to set L2CAP latenty mode peer:{} use_latency_mode:{}", p_scb->PeerAddress(),
1474 latency);
1475 }
1476 }
1477
1478 /**
1479 * Find the index for the free LCB entry to use.
1480 *
1481 * The selection order is:
1482 * (1) Find the index if there is already SCB entry for the peer address
1483 * (2) If there is no SCB entry for the peer address, find the first
1484 * SCB entry that is not assigned.
1485 *
1486 * @param peer_address the peer address to use
1487 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1488 * if no entry is found
1489 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1490 static uint8_t bta_av_find_lcb_index_by_scb_and_address(const RawAddress& peer_address) {
1491 log::verbose("peer_address: {} conn_lcb: 0x{:x}", peer_address, bta_av_cb.conn_lcb);
1492
1493 // Find the index if there is already SCB entry for the peer address
1494 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1495 uint8_t mask = 1 << index;
1496 if (mask & bta_av_cb.conn_lcb) {
1497 continue;
1498 }
1499 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1500 if (p_scb == nullptr) {
1501 continue;
1502 }
1503 if (p_scb->PeerAddress() == peer_address) {
1504 return index;
1505 }
1506 }
1507
1508 // Find the first SCB entry that is not assigned.
1509 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1510 uint8_t mask = 1 << index;
1511 if (mask & bta_av_cb.conn_lcb) {
1512 continue;
1513 }
1514 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1515 if (p_scb == nullptr) {
1516 continue;
1517 }
1518 if (!p_scb->IsAssigned()) {
1519 const RawAddress& btif_addr = btif_av_find_by_handle(p_scb->hndl);
1520 if (!btif_addr.IsEmpty() && btif_addr != peer_address) {
1521 log::debug("btif_addr = {}, index={}!", btif_addr, index);
1522 continue;
1523 }
1524 return index;
1525 }
1526 }
1527
1528 return BTA_AV_NUM_LINKS;
1529 }
1530
1531 /*******************************************************************************
1532 *
1533 * Function bta_av_sig_chg
1534 *
1535 * Description process AVDT signal channel up/down.
1536 *
1537 * Returns void
1538 *
1539 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1540 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1541 uint16_t event = p_data->str_msg.hdr.layer_specific;
1542 tBTA_AV_CB* p_cb = &bta_av_cb;
1543 uint32_t xx;
1544 uint8_t mask;
1545 tBTA_AV_LCB* p_lcb = NULL;
1546
1547 log::verbose("event: {}", event);
1548 if (event == AVDT_CONNECT_IND_EVT) {
1549 log::verbose("AVDT_CONNECT_IND_EVT: peer {}", p_data->str_msg.bd_addr);
1550
1551 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1552 if (!p_lcb) {
1553 /* if the address does not have an LCB yet, alloc one */
1554 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1555
1556 /* check if we found something */
1557 if (xx >= BTA_AV_NUM_LINKS) {
1558 /* We do not have scb for this avdt connection. */
1559 /* Silently close the connection. */
1560 log::error("av scb not available for avdt connection for {}", p_data->str_msg.bd_addr);
1561 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1562 return;
1563 }
1564 log::info("AVDT_CONNECT_IND_EVT: peer {} selected lcb_index {}", p_data->str_msg.bd_addr, xx);
1565
1566 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1567 mask = 1 << xx;
1568 p_lcb = &p_cb->lcb[xx];
1569 p_lcb->lidx = xx + 1;
1570 p_lcb->addr = p_data->str_msg.bd_addr;
1571 p_lcb->conn_msk = 0; /* clear the connect mask */
1572 /* start listening when the signal channel is open */
1573 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1574 bta_av_rc_create(p_cb, AVCT_ROLE_ACCEPTOR, 0, p_lcb->lidx);
1575 }
1576 /* this entry is not used yet. */
1577 p_cb->conn_lcb |= mask; /* mark it as used */
1578 log::verbose("start sig timer {}", p_data->hdr.offset);
1579 if (p_data->hdr.offset == static_cast<uint16_t>(tAVDT_ROLE::AVDT_ACP)) {
1580 log::verbose("Incoming L2CAP acquired, set state as incoming");
1581 p_scb->OnConnected(p_data->str_msg.bd_addr);
1582 p_scb->use_rc = true; /* allowing RC for incoming connection */
1583 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1584
1585 /* The Pending Event should be sent as soon as the L2CAP signalling
1586 * channel
1587 * is set up, which is NOW. Earlier this was done only after
1588 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1589 * The following function shall send the event and start the
1590 * recurring timer
1591 */
1592 if (!p_scb->link_signalling_timer) {
1593 p_scb->link_signalling_timer = alarm_new("link_signalling_timer");
1594 }
1595 BT_HDR hdr;
1596 hdr.layer_specific = p_scb->hndl;
1597 bta_av_signalling_timer((tBTA_AV_DATA*)&hdr);
1598
1599 log::verbose("Re-start timer for AVDTP service");
1600 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1601 /* Possible collision : need to avoid outgoing processing while the
1602 * timer is running */
1603 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1604 if (!p_scb->accept_signalling_timer) {
1605 p_scb->accept_signalling_timer = alarm_new("accept_signalling_timer");
1606 }
1607 alarm_set_on_mloop(p_scb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1608 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1609 }
1610 }
1611 } else if (event == BTA_AR_AVDT_CONN_EVT) {
1612 uint8_t scb_index = p_data->str_msg.scb_index;
1613 alarm_cancel(p_cb->p_scb[scb_index]->link_signalling_timer);
1614 } else {
1615 /* disconnected. */
1616 log::verbose("bta_av_cb.conn_lcb=0x{:x}", bta_av_cb.conn_lcb);
1617
1618 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1619 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1620 log::verbose("conn_msk: 0x{:x}", p_lcb->conn_msk);
1621 /* clean up ssm */
1622 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1623 if (p_cb->p_scb[xx] && p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1624 if ((p_cb->p_scb[xx]->state == 1) &&
1625 alarm_is_scheduled(p_cb->p_scb[xx]->accept_signalling_timer) &&
1626 interop_match_addr(INTEROP_IGNORE_DISC_BEFORE_SIGNALLING_TIMEOUT,
1627 &(p_data->str_msg.bd_addr))) {
1628 continue;
1629 }
1630 log::verbose("Closing timer for AVDTP service");
1631 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id, p_cb->p_scb[xx]->PeerAddress());
1632 }
1633 mask = 1 << (xx + 1);
1634 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) && p_cb->p_scb[xx] &&
1635 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1636 log::warn("Sending AVDT_DISCONNECT_EVT peer_addr={}", p_cb->p_scb[xx]->PeerAddress());
1637 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1638 }
1639 }
1640 }
1641 }
1642 log::verbose("bta_av_cb.conn_lcb=0x{:x} after sig_chg", p_cb->conn_lcb);
1643 }
1644
1645 /*******************************************************************************
1646 *
1647 * Function bta_av_signalling_timer
1648 *
1649 * Description process the signal channel timer. This timer is started
1650 * when the AVDTP signal channel is connected. If no profile
1651 * is connected, the timer goes off every
1652 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1653 *
1654 * Returns void
1655 *
1656 ******************************************************************************/
bta_av_signalling_timer(tBTA_AV_DATA * p_data)1657 void bta_av_signalling_timer(tBTA_AV_DATA* p_data) {
1658 tBTA_AV_HNDL hndl = p_data->hdr.layer_specific;
1659 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(hndl);
1660
1661 tBTA_AV_CB* p_cb = &bta_av_cb;
1662 int xx;
1663 uint8_t mask;
1664 tBTA_AV_LCB* p_lcb = NULL;
1665
1666 log::verbose("conn_lcb=0x{:x}", p_cb->conn_lcb);
1667 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1668 p_lcb = &p_cb->lcb[xx];
1669 mask = 1 << xx;
1670 log::verbose("index={} conn_lcb=0x{:x} peer={} conn_mask=0x{:x} lidx={}", xx, p_cb->conn_lcb,
1671 p_lcb->addr, p_lcb->conn_msk, p_lcb->lidx);
1672 if (mask & p_cb->conn_lcb) {
1673 /* this entry is used. check if it is connected */
1674 if (!p_lcb->conn_msk) {
1675 log::verbose("hndl 0x{:x}", p_scb->hndl);
1676 bta_sys_start_timer(p_scb->link_signalling_timer, BTA_AV_SIGNALLING_TIMEOUT_MS,
1677 BTA_AV_SIGNALLING_TIMER_EVT, hndl);
1678 tBTA_AV bta_av_data = {
1679 .pend =
1680 {
1681 .bd_addr = p_lcb->addr,
1682 },
1683 };
1684 log::verbose("BTA_AV_PENDING_EVT for {} index={} conn_mask=0x{:x} lidx={}", p_lcb->addr, xx,
1685 p_lcb->conn_msk, p_lcb->lidx);
1686 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1687 }
1688 }
1689 }
1690 }
1691
1692 /*******************************************************************************
1693 *
1694 * Function bta_av_accept_signalling_timer_cback
1695 *
1696 * Description Process the timeout when SRC is accepting connection
1697 * and SNK did not start signalling.
1698 *
1699 * Returns void
1700 *
1701 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1702 static void bta_av_accept_signalling_timer_cback(void* data) {
1703 uint32_t inx = PTR_TO_UINT(data);
1704 tBTA_AV_CB* p_cb = &bta_av_cb;
1705 tBTA_AV_SCB* p_scb = NULL;
1706 if (inx < BTA_AV_NUM_STRS) {
1707 p_scb = p_cb->p_scb[inx];
1708 }
1709 if (p_scb) {
1710 log::verbose("coll_mask=0x{:02x}", p_scb->coll_mask);
1711
1712 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1713 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1714
1715 if (bta_av_is_scb_opening(p_scb)) {
1716 log::verbose("stream state opening: SDP started = {}", p_scb->sdp_discovery_started);
1717 if (p_scb->sdp_discovery_started) {
1718 /* We are still doing SDP. Run the timer again. */
1719 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1720
1721 alarm_set_on_mloop(p_scb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1722 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(inx));
1723 } else {
1724 /* SNK did not start signalling, resume signalling process. */
1725 bta_av_discover_req(p_scb, NULL);
1726 }
1727 } else if (bta_av_is_scb_incoming(p_scb)) {
1728 /* Stay in incoming state if SNK does not start signalling */
1729
1730 log::verbose("stream state incoming");
1731 /* API open was called right after SNK opened L2C connection. */
1732 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1733 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1734
1735 /* BTA_AV_API_OPEN_EVT */
1736 tBTA_AV_API_OPEN* p_buf = (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1737 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1738 bta_sys_sendmsg(p_buf);
1739 }
1740 }
1741 }
1742 }
1743 }
1744
bta_av_store_peer_rc_version()1745 static void bta_av_store_peer_rc_version() {
1746 tBTA_AV_CB* p_cb = &bta_av_cb;
1747 tSDP_DISC_REC* p_rec = NULL;
1748 uint16_t peer_rc_version = 0; /*Assuming Default peer version as 1.3*/
1749
1750 if ((p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1751 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) != NULL) {
1752 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1753 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1754 /* get profile version (if failure, version parameter is not updated) */
1755 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1756 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
1757 log::warn("Unable to find AVRC profile version in record peer:{}", p_rec->remote_bd_addr);
1758 }
1759 }
1760 if (peer_rc_version != 0) {
1761 DEVICE_IOT_CONFIG_ADDR_SET_HEX_IF_GREATER(p_rec->remote_bd_addr,
1762 IOT_CONF_KEY_AVRCP_CTRL_VERSION, peer_rc_version,
1763 IOT_CONF_BYTE_NUM_2);
1764 }
1765 }
1766
1767 peer_rc_version = 0;
1768 if ((p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1769 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) != NULL) {
1770 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1771 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1772 /* get profile version (if failure, version parameter is not updated) */
1773 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1774 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
1775 log::warn("Unable to find SDP profile version in record peer:{}", p_rec->remote_bd_addr);
1776 }
1777 }
1778 if (peer_rc_version != 0) {
1779 DEVICE_IOT_CONFIG_ADDR_SET_HEX_IF_GREATER(p_rec->remote_bd_addr,
1780 IOT_CONF_KEY_AVRCP_TG_VERSION, peer_rc_version,
1781 IOT_CONF_BYTE_NUM_2);
1782 }
1783 }
1784 }
1785
1786 /*******************************************************************************
1787 *
1788 * Function bta_av_check_peer_features
1789 *
1790 * Description check supported features on the peer device from the SDP
1791 * record and return the feature mask
1792 *
1793 * Returns tBTA_AV_FEAT peer device feature mask
1794 *
1795 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1796 static tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1797 tBTA_AV_FEAT peer_features = 0;
1798 tBTA_AV_CB* p_cb = &bta_av_cb;
1799 tSDP_DISC_REC* p_rec = NULL;
1800 tSDP_DISC_ATTR* p_attr;
1801 uint16_t peer_rc_version = 0;
1802 uint16_t categories = 0;
1803
1804 log::verbose("service_uuid:x{:x}", service_uuid);
1805 /* loop through all records we found */
1806 while (true) {
1807 /* get next record; if none found, we're done */
1808 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid,
1809 p_rec);
1810 if (p_rec == NULL) {
1811 break;
1812 }
1813
1814 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1815 p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) != NULL) {
1816 /* find peer features */
1817 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1818 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) {
1819 peer_features |= BTA_AV_FEAT_RCCT;
1820 }
1821 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1822 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1823 peer_features |= BTA_AV_FEAT_RCTG;
1824 }
1825 }
1826
1827 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1828 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1829 /* get profile version (if failure, version parameter is not updated) */
1830 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1831 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
1832 log::warn("Unable to find AVRC profile version in record peer:{}", p_rec->remote_bd_addr);
1833 }
1834 log::verbose("peer_rc_version 0x{:x}", peer_rc_version);
1835
1836 if (peer_rc_version >= AVRC_REV_1_3) {
1837 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1838 }
1839
1840 if (peer_rc_version >= AVRC_REV_1_4) {
1841 /* get supported categories */
1842 p_attr = get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1843 p_rec, ATTR_ID_SUPPORTED_FEATURES);
1844 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&
1845 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {
1846 categories = p_attr->attr_value.v.u16;
1847 if (categories & AVRC_SUPF_CT_CAT2) {
1848 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1849 }
1850 if (categories & AVRC_SUPF_CT_BROWSE) {
1851 peer_features |= (BTA_AV_FEAT_BROWSE);
1852 }
1853 }
1854 }
1855 }
1856 }
1857 log::verbose("peer_features:x{:x}", peer_features);
1858 return peer_features;
1859 }
1860
1861 /*******************************************************************************
1862 *
1863 * Function bta_avk_check_peer_features
1864 *
1865 * Description check supported features on the peer device from the SDP
1866 * record and return the feature mask
1867 *
1868 * Returns tBTA_AV_FEAT peer device feature mask
1869 *
1870 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1871 static tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1872 tBTA_AV_FEAT peer_features = 0;
1873 tBTA_AV_CB* p_cb = &bta_av_cb;
1874
1875 log::verbose("service_uuid:x{:x}", service_uuid);
1876
1877 /* loop through all records we found */
1878 tSDP_DISC_REC* p_rec =
1879 get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1880 while (p_rec) {
1881 log::verbose("found Service record for x{:x}", service_uuid);
1882
1883 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1884 p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) != NULL) {
1885 /* find peer features */
1886 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1887 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) {
1888 peer_features |= BTA_AV_FEAT_RCCT;
1889 }
1890 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1891 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1892 peer_features |= BTA_AV_FEAT_RCTG;
1893 }
1894 }
1895
1896 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1897 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1898 /* get profile version (if failure, version parameter is not updated) */
1899 uint16_t peer_rc_version = 0;
1900 bool val = get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1901 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1902 log::verbose("peer_rc_version for TG 0x{:x}, profile_found {}", peer_rc_version, val);
1903
1904 if (peer_rc_version >= AVRC_REV_1_3) {
1905 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1906 }
1907
1908 /* Get supported features */
1909 tSDP_DISC_ATTR* p_attr = get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1910 p_rec, ATTR_ID_SUPPORTED_FEATURES);
1911 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&
1912 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {
1913 uint16_t categories = p_attr->attr_value.v.u16;
1914 /*
1915 * Though Absolute Volume came after in 1.4 and above, but there are
1916 * few devices in market which supports absolute Volume and they are
1917 * still 1.3. To avoid IOP issuses with those devices, we check for
1918 * 1.3 as minimum version
1919 */
1920 if (peer_rc_version >= AVRC_REV_1_3) {
1921 if (categories & AVRC_SUPF_TG_CAT2) {
1922 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1923 }
1924 if (categories & AVRC_SUPF_TG_APP_SETTINGS) {
1925 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1926 }
1927 if (categories & AVRC_SUPF_TG_BROWSE) {
1928 peer_features |= (BTA_AV_FEAT_BROWSE);
1929 }
1930 }
1931
1932 /* AVRCP Cover Artwork over BIP */
1933 if (peer_rc_version >= AVRC_REV_1_6) {
1934 if (service_uuid == UUID_SERVCLASS_AV_REM_CTRL_TARGET &&
1935 categories & AVRC_SUPF_TG_PLAYER_COVER_ART) {
1936 peer_features |= (BTA_AV_FEAT_COVER_ARTWORK);
1937 }
1938 }
1939 }
1940 }
1941 /* get next record; if none found, we're done */
1942 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid,
1943 p_rec);
1944 }
1945 log::verbose("peer_features:x{:x}", peer_features);
1946 return peer_features;
1947 }
1948
1949 /******************************************************************************
1950 *
1951 * Function bta_avk_get_cover_art_psm
1952 *
1953 * Description Get the PSM associated with the AVRCP Target cover art
1954 * feature
1955 *
1956 * Returns uint16_t PSM value used to get cover artwork, or 0x0000 if
1957 * one does not exist.
1958 *
1959 *****************************************************************************/
bta_avk_get_cover_art_psm()1960 static uint16_t bta_avk_get_cover_art_psm() {
1961 log::verbose("searching for cover art psm");
1962 /* Cover Art L2CAP PSM is only available on a target device */
1963 tBTA_AV_CB* p_cb = &bta_av_cb;
1964 tSDP_DISC_REC* p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1965 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL);
1966 while (p_rec) {
1967 tSDP_DISC_ATTR* p_attr = (get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1968 p_rec, ATTR_ID_ADDITION_PROTO_DESC_LISTS));
1969 /*
1970 * If we have the Additional Protocol Description Lists attribute then we
1971 * specifically want the list that is an L2CAP protocol leading to OBEX.
1972 * Because the is a case where cover art is supported and browsing isn't
1973 * we need to check each list for the one we want.
1974 *
1975 * This means we need to do drop down into the protocol list and do a
1976 * "for each protocol, for each protocol element, for each protocol element
1977 * list parameter, if the parameter is L2CAP then find the PSM associated
1978 * with it, then make sure we see OBEX in that same protocol"
1979 */
1980 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
1981 // Point to first in List of protocols (i.e [(L2CAP -> AVCTP),
1982 // (L2CAP -> OBEX)])
1983 tSDP_DISC_ATTR* p_protocol_list = p_attr->attr_value.v.p_sub_attr;
1984 while (p_protocol_list != NULL) {
1985 if (SDP_DISC_ATTR_TYPE(p_protocol_list->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
1986 // Point to fist in list of protocol elements (i.e. [L2CAP, AVCTP])
1987 tSDP_DISC_ATTR* p_protocol = p_protocol_list->attr_value.v.p_sub_attr;
1988 bool protocol_has_obex = false;
1989 bool protocol_has_l2cap = false;
1990 uint16_t psm = 0x0000;
1991 while (p_protocol) {
1992 if (SDP_DISC_ATTR_TYPE(p_protocol->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
1993 // Point to first item protocol parameters list (i.e [UUID=L2CAP,
1994 // PSM=0x1234])
1995 tSDP_DISC_ATTR* p_protocol_param = p_protocol->attr_value.v.p_sub_attr;
1996 /*
1997 * Currently there's only ever one UUID and one parameter. L2cap
1998 * has a single PSM, AVCTP has a version and OBEX has nothing.
1999 * Change this if that ever changes.
2000 */
2001 uint16_t protocol_uuid = 0;
2002 uint16_t protocol_param = 0;
2003 while (p_protocol_param) {
2004 uint16_t param_type = SDP_DISC_ATTR_TYPE(p_protocol_param->attr_len_type);
2005 uint16_t param_len = SDP_DISC_ATTR_LEN(p_protocol_param->attr_len_type);
2006 if (param_type == UUID_DESC_TYPE) {
2007 protocol_uuid = p_protocol_param->attr_value.v.u16;
2008 } else if (param_type == UINT_DESC_TYPE) {
2009 protocol_param = (param_len == 2) ? p_protocol_param->attr_value.v.u16
2010 : p_protocol_param->attr_value.v.u8;
2011 } /* else dont care */
2012 p_protocol_param = p_protocol_param->p_next_attr; // next
2013 }
2014 // If we've found L2CAP then the parameter is a PSM
2015 if (protocol_uuid == UUID_PROTOCOL_L2CAP) {
2016 protocol_has_l2cap = true;
2017 psm = protocol_param;
2018 } else if (protocol_uuid == UUID_PROTOCOL_OBEX) {
2019 protocol_has_obex = true;
2020 }
2021 }
2022 // If this protocol has l2cap and obex then we're found the BIP PSM
2023 if (protocol_has_l2cap && protocol_has_obex) {
2024 log::verbose("found psm 0x{:x}", psm);
2025 return psm;
2026 }
2027 p_protocol = p_protocol->p_next_attr; // next protocol element
2028 }
2029 }
2030 p_protocol_list = p_protocol_list->p_next_attr; // next protocol
2031 }
2032 }
2033 /* get next record; if none found, we're done */
2034 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
2035 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, p_rec);
2036 }
2037 /* L2CAP PSM range is 0x1000-0xFFFF so 0x0000 is safe default invalid */
2038 log::verbose("could not find a BIP psm");
2039 return 0x0000;
2040 }
2041
bta_av_rc_disc_done_all(tBTA_AV_DATA *)2042 static void bta_av_rc_disc_done_all(tBTA_AV_DATA* /* p_data */) {
2043 tBTA_AV_CB* p_cb = &bta_av_cb;
2044 tBTA_AV_SCB* p_scb = NULL;
2045 tBTA_AV_LCB* p_lcb;
2046 uint8_t rc_handle = BTA_AV_RC_HANDLE_NONE;
2047 tBTA_AV_FEAT peer_tg_features = 0;
2048 tBTA_AV_FEAT peer_ct_features = 0;
2049 uint16_t cover_art_psm = 0x0000;
2050
2051 log::verbose("bta_av_rc_disc_done disc:x{:x}", p_cb->disc);
2052 if (!p_cb->disc) {
2053 return;
2054 }
2055
2056 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2057 /* this is the rc handle/index to tBTA_AV_RCB */
2058 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
2059 log::error("WRONG MASK A2dp not connect");
2060 } else {
2061 /* Validate array index*/
2062 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
2063 log::verbose("wrong data bta_av_rc_disc_done disc:x{:x}", p_cb->disc);
2064 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
2065 }
2066 if (p_scb) {
2067 rc_handle = p_scb->rc_handle;
2068 } else {
2069 p_cb->disc = 0;
2070 return;
2071 }
2072 }
2073
2074 log::verbose("rc_handle {}", rc_handle);
2075 if (p_cb->sdp_a2dp_snk_handle) {
2076 /* This is Sink + CT + TG(Abs Vol) */
2077 peer_tg_features = bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2078 log::verbose("populating rem ctrl target features {}", peer_tg_features);
2079 if (BTA_AV_FEAT_ADV_CTRL & bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL)) {
2080 peer_tg_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
2081 }
2082
2083 if (peer_tg_features & BTA_AV_FEAT_COVER_ARTWORK) {
2084 cover_art_psm = bta_avk_get_cover_art_psm();
2085 }
2086
2087 log::verbose("populating rem ctrl target bip psm 0x{:x}", cover_art_psm);
2088 } else if (p_cb->sdp_a2dp_handle) {
2089 /* check peer version and whether support CT and TG role */
2090 peer_ct_features = bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2091 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
2092 ((peer_ct_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
2093 /* if we support advance control and peer does not, check their support on
2094 * TG role
2095 * some implementation uses 1.3 on CT ans 1.4 on TG */
2096 peer_ct_features |= bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2097 }
2098
2099 /* Change our features if the remote AVRCP version is 1.3 or less */
2100 tSDP_DISC_REC* p_rec = nullptr;
2101 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
2102 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
2103 if (p_rec != NULL && get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
2104 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
2105 /* get profile version (if failure, version parameter is not updated) */
2106 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
2107 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
2108 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
2109 log::warn("Unable to find SDP in record peer:{}", p_rec->remote_bd_addr);
2110 }
2111 if (peer_rc_version <= AVRC_REV_1_3) {
2112 log::verbose("Using AVRCP 1.3 Capabilities with remote device");
2113 p_bta_av_cfg = &bta_av_cfg_compatibility;
2114 }
2115 }
2116 }
2117
2118 p_cb->disc = 0;
2119 osi_free_and_reset((void**)&p_cb->p_disc_db);
2120 p_cb->rc_feature.peer_ct_features = peer_ct_features;
2121 p_cb->rc_feature.peer_tg_features = peer_tg_features;
2122 p_cb->rc_feature.rc_handle = rc_handle;
2123 if (p_scb) {
2124 p_cb->rc_feature.peer_addr = p_scb->PeerAddress();
2125 }
2126
2127 log::verbose("peer_tg_features 0x{:x}, peer_ct_features 0x{:x}, features 0x{:x}",
2128 peer_tg_features, peer_ct_features, p_cb->features);
2129
2130 /* if we have no rc connection */
2131 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
2132 if (p_scb) {
2133 /* if peer remote control service matches ours and USE_RC is true */
2134 if (((p_cb->features & BTA_AV_FEAT_RCCT) && (peer_tg_features & BTA_AV_FEAT_RCTG)) ||
2135 ((p_cb->features & BTA_AV_FEAT_RCTG) && (peer_ct_features & BTA_AV_FEAT_RCCT))) {
2136 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
2137 if (p_lcb) {
2138 rc_handle = bta_av_rc_create(p_cb, AVCT_ROLE_INITIATOR, (uint8_t)(p_scb->hdi + 1),
2139 p_lcb->lidx);
2140 if (rc_handle != BTA_AV_RC_HANDLE_NONE) {
2141 p_cb->rcb[rc_handle].peer_ct_features = peer_ct_features;
2142 p_cb->rcb[rc_handle].peer_tg_features = peer_tg_features;
2143 p_cb->rcb[rc_handle].peer_features = 0;
2144 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2145 } else {
2146 /* cannot create valid rc_handle for current device. report failure
2147 */
2148 log::error("no link resources available");
2149 p_scb->use_rc = false;
2150 tBTA_AV bta_av_data = {
2151 .rc_open =
2152 {
2153 .peer_addr = p_scb->PeerAddress(),
2154 .status = BTA_AV_FAIL_RESOURCES,
2155 },
2156 };
2157 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2158 }
2159 } else {
2160 log::error("can not find LCB!!");
2161 }
2162 } else if (p_scb->use_rc) {
2163 /* can not find AVRC on peer device. report failure */
2164 p_scb->use_rc = false;
2165 tBTA_AV bta_av_data = {
2166 .rc_open =
2167 {
2168 .peer_ct_features = peer_ct_features,
2169 .peer_tg_features = peer_tg_features,
2170 .peer_addr = p_scb->PeerAddress(),
2171 .status = BTA_AV_FAIL_SDP,
2172 },
2173 };
2174 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2175 }
2176 }
2177 } else {
2178 p_cb->rcb[rc_handle].peer_ct_features = peer_ct_features;
2179 p_cb->rcb[rc_handle].peer_tg_features = peer_tg_features;
2180 p_cb->rcb[rc_handle].peer_features = 0;
2181
2182 RawAddress peer_addr = RawAddress::kEmpty;
2183 if (p_scb == NULL) {
2184 /*
2185 * In case scb is not created by the time we are done with SDP
2186 * we still need to send RC feature event. So we need to get BD
2187 * from Message. Note that lidx is 1 based not 0 based
2188 */
2189 if (p_cb->rcb[rc_handle].lidx > 0) {
2190 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2191 } else {
2192 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx].addr;
2193 }
2194 } else {
2195 peer_addr = p_scb->PeerAddress();
2196 }
2197
2198 tBTA_AV bta_av_feat = {.rc_feat = {
2199 .rc_handle = rc_handle,
2200 .peer_ct_features = peer_ct_features,
2201 .peer_tg_features = peer_tg_features,
2202 .peer_addr = peer_addr,
2203 }};
2204 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2205
2206 // Send PSM data
2207 log::verbose("Send PSM data. rc_psm = {:#x}", cover_art_psm);
2208 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2209 tBTA_AV bta_av_psm = {
2210 .rc_cover_art_psm =
2211 {
2212 .rc_handle = rc_handle,
2213 .cover_art_psm = cover_art_psm,
2214 .peer_addr = peer_addr,
2215 },
2216 };
2217 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2218 }
2219 }
2220
2221 /*******************************************************************************
2222 *
2223 * Function bta_av_rc_disc_done
2224 *
2225 * Description Handle AVRCP service discovery results. If matching
2226 * service found, open AVRCP connection.
2227 *
2228 * Returns void
2229 *
2230 ******************************************************************************/
bta_av_rc_disc_done(tBTA_AV_DATA * p_data)2231 void bta_av_rc_disc_done(tBTA_AV_DATA* p_data) {
2232 tBTA_AV_CB* p_cb = &bta_av_cb;
2233 tBTA_AV_SCB* p_scb = NULL;
2234 tBTA_AV_LCB* p_lcb;
2235 uint8_t rc_handle;
2236 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
2237 uint16_t cover_art_psm = 0x0000;
2238
2239 if (btif_av_both_enable()) {
2240 bta_av_rc_disc_done_all(p_data);
2241 return;
2242 }
2243
2244 log::verbose("bta_av_rc_disc_done disc:x{:x}", p_cb->disc);
2245 if (!p_cb->disc) {
2246 return;
2247 }
2248
2249 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2250 /* this is the rc handle/index to tBTA_AV_RCB */
2251 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
2252 } else {
2253 /* Validate array index*/
2254 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
2255 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
2256 }
2257 if (p_scb) {
2258 rc_handle = p_scb->rc_handle;
2259 } else {
2260 p_cb->disc = 0;
2261 return;
2262 }
2263 }
2264
2265 log::verbose("rc_handle {}", rc_handle);
2266 if (p_cb->sdp_a2dp_snk_handle) {
2267 /* This is Sink + CT + TG(Abs Vol) */
2268 peer_features = bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2269 log::verbose("populating rem ctrl target features {}", peer_features);
2270 if (BTA_AV_FEAT_ADV_CTRL & bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL)) {
2271 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
2272 }
2273
2274 if (peer_features & BTA_AV_FEAT_COVER_ARTWORK) {
2275 cover_art_psm = bta_avk_get_cover_art_psm();
2276 }
2277
2278 log::verbose("populating rem ctrl target bip psm 0x{:x}", cover_art_psm);
2279 } else if (p_cb->sdp_a2dp_handle) {
2280 /* check peer version and whether support CT and TG role */
2281 peer_features = bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2282 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) && ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
2283 /* if we support advance control and peer does not, check their support on
2284 * TG role
2285 * some implementation uses 1.3 on CT ans 1.4 on TG */
2286 peer_features |= bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2287 }
2288
2289 /* Change our features if the remote AVRCP version is 1.3 or less */
2290 tSDP_DISC_REC* p_rec = nullptr;
2291 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
2292 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
2293 if (p_rec != NULL && get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
2294 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
2295 /* get profile version (if failure, version parameter is not updated) */
2296 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
2297 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
2298 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
2299 log::warn("Unable to find AVRCP version peer:{}", p_rec->remote_bd_addr);
2300 }
2301 if (peer_rc_version <= AVRC_REV_1_3) {
2302 log::verbose("Using AVRCP 1.3 Capabilities with remote device");
2303 p_bta_av_cfg = &bta_av_cfg_compatibility;
2304 }
2305 }
2306 }
2307
2308 bta_av_store_peer_rc_version();
2309
2310 p_cb->disc = 0;
2311 osi_free_and_reset((void**)&p_cb->p_disc_db);
2312
2313 log::verbose("peer_features 0x{:x}, features 0x{:x}", peer_features, p_cb->features);
2314
2315 /* if we have no rc connection */
2316 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
2317 if (p_scb) {
2318 /* if peer remote control service matches ours and USE_RC is true */
2319 if (((p_cb->features & BTA_AV_FEAT_RCCT) && (peer_features & BTA_AV_FEAT_RCTG)) ||
2320 ((p_cb->features & BTA_AV_FEAT_RCTG) && (peer_features & BTA_AV_FEAT_RCCT))) {
2321 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
2322 if (p_lcb) {
2323 rc_handle = bta_av_rc_create(p_cb, AVCT_ROLE_INITIATOR, (uint8_t)(p_scb->hdi + 1),
2324 p_lcb->lidx);
2325 if (rc_handle < BTA_AV_NUM_RCB) {
2326 p_cb->rcb[rc_handle].peer_features = peer_features;
2327 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2328 } else {
2329 /* cannot create valid rc_handle for current device. report failure
2330 */
2331 log::error("no link resources available");
2332 p_scb->use_rc = false;
2333 tBTA_AV bta_av_data = {
2334 .rc_open =
2335 {
2336 .cover_art_psm = 0,
2337 .peer_features = 0,
2338 .peer_addr = p_scb->PeerAddress(),
2339 .status = BTA_AV_FAIL_RESOURCES,
2340 },
2341 };
2342 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2343 }
2344 } else {
2345 log::error("can not find LCB!!");
2346 }
2347 } else if (p_scb->use_rc) {
2348 /* can not find AVRC on peer device. report failure */
2349 p_scb->use_rc = false;
2350 tBTA_AV bta_av_data = {
2351 .rc_open =
2352 {
2353 .rc_handle = BTA_AV_RC_HANDLE_NONE,
2354 .cover_art_psm = 0,
2355 .peer_features = 0,
2356 .peer_addr = p_scb->PeerAddress(),
2357 .status = BTA_AV_FAIL_SDP,
2358 },
2359 };
2360 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2361 }
2362 if (peer_features != 0) {
2363 DEVICE_IOT_CONFIG_ADDR_SET_HEX(p_scb->PeerAddress(), IOT_CONF_KEY_AVRCP_FEATURES,
2364 peer_features, IOT_CONF_BYTE_NUM_2);
2365 }
2366 }
2367 } else {
2368 tBTA_AV_RC_FEAT rc_feat;
2369 p_cb->rcb[rc_handle].peer_features = peer_features;
2370 rc_feat.rc_handle = rc_handle;
2371 rc_feat.peer_features = peer_features;
2372 if (p_scb == NULL) {
2373 /*
2374 * In case scb is not created by the time we are done with SDP
2375 * we still need to send RC feature event. So we need to get BD
2376 * from Message. Note that lidx is 1 based not 0 based
2377 */
2378 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2379 } else {
2380 rc_feat.peer_addr = p_scb->PeerAddress();
2381 }
2382
2383 tBTA_AV bta_av_feat;
2384 bta_av_feat.rc_feat = rc_feat;
2385 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2386
2387 if (peer_features != 0) {
2388 DEVICE_IOT_CONFIG_ADDR_SET_HEX(rc_feat.peer_addr, IOT_CONF_KEY_AVRCP_FEATURES, peer_features,
2389 IOT_CONF_BYTE_NUM_2);
2390 }
2391
2392 // Send PSM data
2393 log::verbose("Send PSM data");
2394 tBTA_AV_RC_PSM rc_psm;
2395 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2396 rc_psm.rc_handle = rc_handle;
2397 rc_psm.cover_art_psm = cover_art_psm;
2398 if (p_scb == NULL) {
2399 rc_psm.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2400 } else {
2401 rc_psm.peer_addr = p_scb->PeerAddress();
2402 }
2403
2404 log::verbose("rc_psm = 0x{:x}", rc_psm.cover_art_psm);
2405
2406 tBTA_AV bta_av_psm;
2407 bta_av_psm.rc_cover_art_psm = rc_psm;
2408 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2409 }
2410 }
2411
2412 /*******************************************************************************
2413 *
2414 * Function bta_av_rc_closed
2415 *
2416 * Description Set AVRCP state to closed.
2417 *
2418 * Returns void
2419 *
2420 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)2421 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
2422 tBTA_AV_CB* p_cb = &bta_av_cb;
2423 tBTA_AV_RC_CLOSE rc_close;
2424 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2425 tBTA_AV_RCB* p_rcb;
2426 tBTA_AV_SCB* p_scb;
2427 int i;
2428 bool conn = false;
2429 tBTA_AV_LCB* p_lcb;
2430
2431 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
2432 rc_close.peer_addr = RawAddress::kEmpty;
2433 p_scb = NULL;
2434 log::verbose("rc_handle:{}, address:{}", p_msg->handle, p_msg->peer_addr);
2435 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
2436 p_rcb = &p_cb->rcb[i];
2437 log::verbose("rcb[{}] rc_handle:{}, status=0x{:x}, shdl:{}, lidx:{}", i, p_rcb->handle,
2438 p_rcb->status, p_rcb->shdl, p_rcb->lidx);
2439 if (p_rcb->handle == p_msg->handle) {
2440 if (btif_av_src_sink_coexist_enabled() && p_rcb->shdl &&
2441 (p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2442 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2443 if (p_scb && !(p_scb->PeerAddress() == p_msg->peer_addr)) {
2444 log::verbose("handle{} {} error p_scb or addr", i, p_scb->PeerAddress());
2445 conn = true;
2446 continue;
2447 }
2448 }
2449 rc_close.rc_handle = i;
2450 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
2451 p_rcb->peer_features = 0;
2452 p_rcb->cover_art_psm = 0;
2453 p_rcb->peer_ct_features = 0;
2454 p_rcb->peer_tg_features = 0;
2455 p_cb->rc_feature = {};
2456 log::verbose("shdl:{}, lidx:{}", p_rcb->shdl, p_rcb->lidx);
2457 if (p_rcb->shdl) {
2458 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2459 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2460 }
2461 if (p_scb) {
2462 rc_close.peer_addr = p_scb->PeerAddress();
2463 if (p_scb->rc_handle == p_rcb->handle) {
2464 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
2465 }
2466 log::verbose("shdl:{}, srch:{}", p_rcb->shdl, p_scb->rc_handle);
2467 }
2468 p_rcb->shdl = 0;
2469 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
2470 /* if the RCB uses the extra LCB, use the addr for event and clean it */
2471 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
2472 rc_close.peer_addr = p_msg->peer_addr;
2473 log::info("rc_only closed bd_addr: {}", p_msg->peer_addr);
2474 p_lcb->conn_msk = 0;
2475 p_lcb->lidx = 0;
2476 }
2477 p_rcb->lidx = 0;
2478
2479 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
2480 /* AVCT CCB is deallocated */
2481 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
2482 p_rcb->status = 0;
2483 } else {
2484 /* AVCT CCB is still there. dealloc */
2485 bta_av_del_rc(p_rcb);
2486 }
2487 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) && (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
2488 /* at least one channel is still connected */
2489 conn = true;
2490 }
2491 }
2492
2493 if (!conn) {
2494 /* no AVRC channels are connected, go back to INIT state */
2495 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
2496 }
2497
2498 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
2499 rc_close.rc_handle = p_msg->handle;
2500 rc_close.peer_addr = p_msg->peer_addr;
2501 }
2502 tBTA_AV bta_av_data;
2503 bta_av_data.rc_close = rc_close;
2504 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
2505 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE && bta_av_cb.features & BTA_AV_FEAT_RCTG) {
2506 bta_av_rc_create(&bta_av_cb, AVCT_ROLE_ACCEPTOR, 0, BTA_AV_NUM_LINKS + 1);
2507 }
2508 }
2509
2510 /*******************************************************************************
2511 *
2512 * Function bta_av_rc_browse_opened
2513 *
2514 * Description AVRC browsing channel is opened
2515 *
2516 * Returns void
2517 *
2518 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)2519 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
2520 tBTA_AV_CB* p_cb = &bta_av_cb;
2521 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2522
2523 log::info("peer_addr: {} rc_handle:{}", p_msg->peer_addr, p_msg->handle);
2524
2525 tBTA_AV bta_av_data = {
2526 .rc_browse_open =
2527 {
2528 .rc_handle = p_msg->handle,
2529 .peer_addr = p_msg->peer_addr,
2530 .status = BTA_AV_SUCCESS,
2531 },
2532 };
2533
2534 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
2535 }
2536
2537 /*******************************************************************************
2538 *
2539 * Function bta_av_rc_browse_closed
2540 *
2541 * Description AVRC browsing channel is closed
2542 *
2543 * Returns void
2544 *
2545 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2546 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2547 tBTA_AV_CB* p_cb = &bta_av_cb;
2548 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2549
2550 log::info("peer_addr: {} rc_handle:{}", p_msg->peer_addr, p_msg->handle);
2551
2552 tBTA_AV bta_av_data = {
2553 .rc_browse_close =
2554 {
2555 .rc_handle = p_msg->handle,
2556 .peer_addr = p_msg->peer_addr,
2557 },
2558 };
2559
2560 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2561 }
2562
2563 /*******************************************************************************
2564 *
2565 * Function bta_av_rc_disc
2566 *
2567 * Description start AVRC SDP discovery.
2568 *
2569 * Returns void
2570 *
2571 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2572 void bta_av_rc_disc(uint8_t disc) {
2573 tBTA_AV_CB* p_cb = &bta_av_cb;
2574 tAVRC_SDP_DB_PARAMS db_params;
2575 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST, ATTR_ID_BT_PROFILE_DESC_LIST,
2576 ATTR_ID_SUPPORTED_FEATURES, ATTR_ID_ADDITION_PROTO_DESC_LISTS};
2577 uint8_t hdi;
2578 tBTA_AV_SCB* p_scb;
2579 RawAddress peer_addr = RawAddress::kEmpty;
2580 uint8_t rc_handle;
2581
2582 log::verbose("disc: 0x{:x}, bta_av_cb.disc: 0x{:x}", disc, bta_av_cb.disc);
2583 if ((bta_av_cb.disc != 0) || (disc == 0)) {
2584 return;
2585 }
2586
2587 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2588 /* this is the rc handle/index to tBTA_AV_RCB */
2589 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2590 if (p_cb->rcb[rc_handle].lidx) {
2591 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2592 }
2593 } else {
2594 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2595 p_scb = p_cb->p_scb[hdi];
2596
2597 if (p_scb) {
2598 log::verbose("rc_handle {}", p_scb->rc_handle);
2599 peer_addr = p_scb->PeerAddress();
2600 }
2601 }
2602
2603 if (!peer_addr.IsEmpty()) {
2604 /* allocate discovery database */
2605 if (p_cb->p_disc_db == NULL) {
2606 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2607 }
2608
2609 /* set up parameters */
2610 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2611 db_params.num_attr = sizeof(attr_list) / sizeof(uint16_t);
2612 db_params.p_db = p_cb->p_disc_db;
2613 db_params.p_attrs = attr_list;
2614
2615 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2616 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr, &db_params,
2617 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2618 p_cb->disc = disc;
2619 log::verbose("disc 0x{:x}", p_cb->disc);
2620 }
2621 }
2622 }
2623
2624 /*******************************************************************************
2625 *
2626 * Function bta_av_dereg_comp
2627 *
2628 * Description deregister complete. free the stream control block.
2629 *
2630 * Returns void
2631 *
2632 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2633 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2634 tBTA_AV_CB* p_cb = &bta_av_cb;
2635 tBTA_AV_SCB* p_scb;
2636 tBTA_UTL_COD cod = {
2637 .minor = BTM_COD_MINOR_UNCLASSIFIED,
2638 .major = BTM_COD_MAJOR_UNCLASSIFIED,
2639 .service = 0,
2640 };
2641
2642 uint8_t mask;
2643 BT_HDR* p_buf;
2644
2645 /* find the stream control block */
2646 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2647
2648 if (p_scb) {
2649 log::verbose("deregistered {}(h{})", p_scb->chnl, p_scb->hndl);
2650 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2651 p_cb->reg_audio &= ~mask;
2652 if ((p_cb->conn_audio & mask) && p_cb->audio_open_cnt) {
2653 /* this channel is still marked as open. decrease the count */
2654 p_cb->audio_open_cnt--;
2655 }
2656 p_cb->conn_audio &= ~mask;
2657
2658 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2659 /* make sure no buffers are in a2dp_list */
2660 while (!list_is_empty(p_scb->a2dp_list)) {
2661 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2662 list_remove(p_scb->a2dp_list, p_buf);
2663 osi_free(p_buf);
2664 }
2665 }
2666
2667 /* remove the A2DP SDP record, if no more audio stream is left */
2668 if (!p_cb->reg_audio) {
2669 /* Only remove the SDP record if we're the ones that created it */
2670 if (is_new_avrcp_enabled()) {
2671 log::verbose(
2672 "newavrcp is the owner of the AVRCP Target SDP record. Don't dereg the SDP record");
2673 } else {
2674 log::verbose("newavrcp is not enabled. Remove SDP record");
2675 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2676 }
2677
2678 if (p_cb->sdp_a2dp_handle) {
2679 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2680 p_cb->sdp_a2dp_handle = 0;
2681 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2682 }
2683
2684 if (p_cb->sdp_a2dp_snk_handle) {
2685 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2686 p_cb->sdp_a2dp_snk_handle = 0;
2687 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2688 }
2689 }
2690
2691 bta_av_free_scb(p_scb);
2692 }
2693
2694 log::verbose("audio 0x{:x}, disable:{}", p_cb->reg_audio, p_cb->disabling);
2695 /* if no stream control block is active */
2696 if (p_cb->reg_audio == 0) {
2697 /* deregister from AVDT */
2698 bta_ar_dereg_avdt();
2699
2700 /* deregister from AVCT */
2701 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2702 bta_ar_dereg_avct();
2703
2704 if (p_cb->disabling) {
2705 p_cb->disabling = false;
2706 // reset enabling parameters
2707 p_cb->features = 0;
2708 p_cb->sec_mask = 0;
2709 bta_av_cb.sink_features = 0;
2710 bta_av_cb.reg_role = 0;
2711 }
2712
2713 /* Clear the Capturing service class bit */
2714 cod.service = BTM_COD_SERVICE_CAPTURING;
2715 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2716 }
2717 }
2718