1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include "bt_target.h"
29
30 #include <base/logging.h>
31 #include <string.h>
32
33 #include "avdt_api.h"
34 #include "avrcp_service.h"
35 #include "bta_av_api.h"
36 #include "bta_av_int.h"
37 #include "l2c_api.h"
38 #include "log/log.h"
39 #include "osi/include/list.h"
40 #include "osi/include/log.h"
41 #include "osi/include/osi.h"
42 #include "osi/include/properties.h"
43 #include "utl.h"
44
45 #if (BTA_AR_INCLUDED == TRUE)
46 #include "bta_ar_api.h"
47 #endif
48
49 /*****************************************************************************
50 * Constants
51 ****************************************************************************/
52 /* the timeout to wait for open req after setconfig for incoming connections */
53 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
54 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
55 #endif
56
57 /* Time to wait for signalling from SNK when it is initiated from SNK. */
58 /* If not, we will start signalling from SRC. */
59 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
60 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
61 #endif
62
63 static void bta_av_accept_signalling_timer_cback(void* data);
64
65 #ifndef AVRC_MIN_META_CMD_LEN
66 #define AVRC_MIN_META_CMD_LEN 20
67 #endif
68
69 /*******************************************************************************
70 *
71 * Function bta_av_get_rcb_by_shdl
72 *
73 * Description find the RCB associated with the given SCB handle.
74 *
75 * Returns tBTA_AV_RCB
76 *
77 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)78 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
79 tBTA_AV_RCB* p_rcb = NULL;
80 int i;
81
82 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
83 if (bta_av_cb.rcb[i].shdl == shdl &&
84 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
85 p_rcb = &bta_av_cb.rcb[i];
86 break;
87 }
88 }
89 return p_rcb;
90 }
91 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
92
93 /*******************************************************************************
94 *
95 * Function bta_av_del_rc
96 *
97 * Description delete the given AVRC handle.
98 *
99 * Returns void
100 *
101 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)102 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
103 tBTA_AV_SCB* p_scb;
104 uint8_t rc_handle; /* connected AVRCP handle */
105
106 p_scb = NULL;
107 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
108 if (p_rcb->shdl) {
109 /* Validate array index*/
110 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
111 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
112 }
113 if (p_scb) {
114 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
115 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
116 if (p_scb->rc_handle == p_rcb->handle)
117 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
118 /* just in case the RC timer is active
119 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
120 BTA_AV_CHNL_AUDIO) */
121 alarm_cancel(p_scb->avrc_ct_timer);
122 }
123 }
124
125 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
126 __func__, p_rcb->handle, p_rcb->status,
127 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
128 rc_handle = p_rcb->handle;
129 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
130 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
131 p_rcb->status = 0;
132 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
133 p_rcb->shdl = 0;
134 p_rcb->lidx = 0;
135 }
136 /* else ACP && connected. do not clear the handle yet */
137 AVRC_Close(rc_handle);
138 if (rc_handle == bta_av_cb.rc_acp_handle)
139 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
140 APPL_TRACE_EVENT(
141 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
142 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
143 p_rcb->lidx);
144 }
145 }
146
147 /*******************************************************************************
148 *
149 * Function bta_av_close_all_rc
150 *
151 * Description close the all AVRC handle.
152 *
153 * Returns void
154 *
155 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)156 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
157 int i;
158
159 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
160 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
161 bta_av_del_rc(&bta_av_cb.rcb[i]);
162 }
163 }
164
165 /*******************************************************************************
166 *
167 * Function bta_av_del_sdp_rec
168 *
169 * Description delete the given SDP record handle.
170 *
171 * Returns void
172 *
173 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)174 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
175 if (*p_sdp_handle != 0) {
176 SDP_DeleteRecord(*p_sdp_handle);
177 *p_sdp_handle = 0;
178 }
179 }
180
181 /*******************************************************************************
182 *
183 * Function bta_av_avrc_sdp_cback
184 *
185 * Description AVRCP service discovery callback.
186 *
187 * Returns void
188 *
189 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)190 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
191 BT_HDR* p_msg = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
192
193 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
194
195 bta_sys_sendmsg(p_msg);
196 }
197
198 /*******************************************************************************
199 *
200 * Function bta_av_rc_ctrl_cback
201 *
202 * Description AVRCP control callback.
203 *
204 * Returns void
205 *
206 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,const RawAddress * peer_addr)207 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
208 UNUSED_ATTR uint16_t result,
209 const RawAddress* peer_addr) {
210 uint16_t msg_event = 0;
211
212 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
213 if (event == AVRC_OPEN_IND_EVT) {
214 /* save handle of opened connection
215 bta_av_cb.rc_handle = handle;*/
216
217 msg_event = BTA_AV_AVRC_OPEN_EVT;
218 } else if (event == AVRC_CLOSE_IND_EVT) {
219 msg_event = BTA_AV_AVRC_CLOSE_EVT;
220 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
221 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
222 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
223 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
224 }
225
226 if (msg_event) {
227 tBTA_AV_RC_CONN_CHG* p_msg =
228 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
229 p_msg->hdr.event = msg_event;
230 p_msg->handle = handle;
231 if (peer_addr) p_msg->peer_addr = *peer_addr;
232 bta_sys_sendmsg(p_msg);
233 }
234 }
235
236 /*******************************************************************************
237 *
238 * Function bta_av_rc_msg_cback
239 *
240 * Description AVRCP message callback.
241 *
242 * Returns void
243 *
244 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)245 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
246 tAVRC_MSG* p_msg) {
247 uint8_t* p_data_src = NULL;
248 uint16_t data_len = 0;
249
250 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
251
252 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
253 */
254
255 /* Get size of payload data (for vendor and passthrough messages only; for
256 * browsing
257 * messages, use zero-copy) */
258 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
259 p_data_src = p_msg->vendor.p_vendor_data;
260 data_len = (uint16_t)p_msg->vendor.vendor_len;
261 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
262 p_data_src = p_msg->pass.p_pass_data;
263 data_len = (uint16_t)p_msg->pass.pass_len;
264 }
265
266 /* Create a copy of the message */
267 tBTA_AV_RC_MSG* p_buf =
268 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
269
270 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
271 p_buf->handle = handle;
272 p_buf->label = label;
273 p_buf->opcode = opcode;
274 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
275 /* Copy the data payload, and set the pointer to it */
276 if (p_data_src != NULL) {
277 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
278 memcpy(p_data_dst, p_data_src, data_len);
279
280 /* Update bta message buffer to point to payload data */
281 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
282 * already points to original avrc buffer) */
283 if (opcode == AVRC_OP_VENDOR)
284 p_buf->msg.vendor.p_vendor_data = p_data_dst;
285 else if (opcode == AVRC_OP_PASS_THRU)
286 p_buf->msg.pass.p_pass_data = p_data_dst;
287 }
288
289 if (opcode == AVRC_OP_BROWSE) {
290 /* set p_pkt to NULL, so avrc would not free the buffer */
291 p_msg->browse.p_browse_pkt = NULL;
292 }
293
294 bta_sys_sendmsg(p_buf);
295 }
296
297 /*******************************************************************************
298 *
299 * Function bta_av_rc_create
300 *
301 * Description alloc RCB and call AVRC_Open
302 *
303 * Returns the created rc handle
304 *
305 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)306 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
307 uint8_t lidx) {
308 if (is_new_avrcp_enabled()) {
309 APPL_TRACE_WARNING("%s: Skipping RC creation for the old AVRCP profile",
310 __func__);
311 return BTA_AV_RC_HANDLE_NONE;
312 }
313
314 tAVRC_CONN_CB ccb;
315 RawAddress bda = RawAddress::kAny;
316 uint8_t status = BTA_AV_RC_ROLE_ACP;
317 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
318 int i;
319 uint8_t rc_handle;
320 tBTA_AV_RCB* p_rcb;
321
322 if (role == AVCT_INT) {
323 bda = p_scb->PeerAddress();
324 status = BTA_AV_RC_ROLE_INT;
325 } else {
326 p_rcb = bta_av_get_rcb_by_shdl(shdl);
327 if (p_rcb != NULL) {
328 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
329 return p_rcb->handle;
330 }
331 }
332
333 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
334 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
335 ccb.company_id = p_bta_av_cfg->company_id;
336 ccb.conn = role;
337 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
338 */
339 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
340 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
341
342 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
343 return BTA_AV_RC_HANDLE_NONE;
344
345 i = rc_handle;
346 p_rcb = &p_cb->rcb[i];
347
348 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
349 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
350 }
351
352 p_rcb->handle = rc_handle;
353 p_rcb->status = status;
354 p_rcb->shdl = shdl;
355 p_rcb->lidx = lidx;
356 p_rcb->peer_features = 0;
357 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
358 /* this LIDX is reserved for the AVRCP ACP connection */
359 p_cb->rc_acp_handle = p_rcb->handle;
360 p_cb->rc_acp_idx = (i + 1);
361 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
362 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
363 }
364 APPL_TRACE_DEBUG(
365 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
366 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
367
368 return rc_handle;
369 }
370
371 /*******************************************************************************
372 *
373 * Function bta_av_valid_group_navi_msg
374 *
375 * Description Check if it is Group Navigation Msg for Metadata
376 *
377 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
378 *
379 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)380 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
381 bool is_inquiry) {
382 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
383 uint8_t* p_ptr = p_data;
384 uint16_t u16;
385 uint32_t u32;
386
387 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
388 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
389 BE_STREAM_TO_UINT16(u16, p_ptr);
390
391 if (u32 == AVRC_CO_METADATA) {
392 if (is_inquiry) {
393 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
394 } else {
395 if (u16 <= AVRC_PDU_PREV_GROUP)
396 ret = AVRC_RSP_ACCEPT;
397 else
398 ret = AVRC_RSP_REJ;
399 }
400 }
401 }
402
403 return ret;
404 }
405
406 /*******************************************************************************
407 *
408 * Function bta_av_op_supported
409 *
410 * Description Check if remote control operation is supported.
411 *
412 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
413 *
414 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)415 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
416 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
417
418 if (p_bta_av_rc_id) {
419 if (is_inquiry) {
420 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
421 ret_code = AVRC_RSP_IMPL_STBL;
422 }
423 } else {
424 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
425 ret_code = AVRC_RSP_ACCEPT;
426 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
427 p_bta_av_rc_id_ac) {
428 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
429 ret_code = AVRC_RSP_INTERIM;
430 }
431 }
432 }
433 }
434 return ret_code;
435 }
436
437 /*******************************************************************************
438 *
439 * Function bta_av_find_lcb
440 *
441 * Description Given BD_addr, find the associated LCB.
442 *
443 * Returns NULL, if not found.
444 *
445 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)446 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
447 tBTA_AV_CB* p_cb = &bta_av_cb;
448 int xx;
449 uint8_t mask;
450 tBTA_AV_LCB* p_lcb = NULL;
451
452 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__, addr.ToString().c_str(),
453 op);
454 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
455 mask = 1 << xx; /* the used mask for this lcb */
456 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
457 p_lcb = &p_cb->lcb[xx];
458 if (op == BTA_AV_LCB_FREE) {
459 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
460 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
461 }
462 break;
463 }
464 }
465 return p_lcb;
466 }
467
468 /*******************************************************************************
469 *
470 * Function bta_av_rc_opened
471 *
472 * Description Set AVRCP state to opened.
473 *
474 * Returns void
475 *
476 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)477 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
478 tBTA_AV_RC_OPEN rc_open;
479 tBTA_AV_SCB* p_scb;
480 int i;
481 uint8_t shdl = 0;
482 tBTA_AV_LCB* p_lcb;
483 tBTA_AV_RCB* p_rcb;
484 uint8_t tmp;
485 uint8_t disc = 0;
486
487 /* find the SCB & stop the timer */
488 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
489 p_scb = p_cb->p_scb[i];
490 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
491 p_scb->rc_handle = p_data->rc_conn_chg.handle;
492 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
493 p_scb->rc_handle);
494 shdl = i + 1;
495 LOG_INFO(LOG_TAG, "%s: allow incoming AVRCP connections:%d", __func__,
496 p_scb->use_rc);
497 alarm_cancel(p_scb->avrc_ct_timer);
498 disc = p_scb->hndl;
499 break;
500 }
501 }
502
503 i = p_data->rc_conn_chg.handle;
504 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
505 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
506 return;
507 }
508
509 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
510 p_cb->features, p_cb->rcb[i].peer_features);
511
512 /* listen to browsing channel when the connection is open,
513 * if peer initiated AVRCP connection and local device supports browsing
514 * channel */
515 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
516
517 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
518 /* rc is opened on the RC only ACP channel, but is for a specific
519 * SCB -> need to switch RCBs */
520 p_rcb = bta_av_get_rcb_by_shdl(shdl);
521 if (p_rcb) {
522 p_rcb->shdl = p_cb->rcb[i].shdl;
523 tmp = p_rcb->lidx;
524 p_rcb->lidx = p_cb->rcb[i].lidx;
525 p_cb->rcb[i].lidx = tmp;
526 p_cb->rc_acp_handle = p_rcb->handle;
527 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
528 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
529 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
530 }
531 }
532
533 p_cb->rcb[i].shdl = shdl;
534 rc_open.rc_handle = i;
535 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
536 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
537 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
538
539 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
540 /* no associated SCB -> connected to an RC only device
541 * update the index to the extra LCB */
542 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
543 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
544 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
545 p_cb->rcb[i].lidx = p_lcb->lidx;
546 p_lcb->conn_msk = 1;
547 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
548 __func__, p_lcb->addr.ToString().c_str(), i,
549 p_cb->rcb[i].lidx, p_lcb->conn_msk);
550 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
551 }
552
553 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
554 rc_open.peer_features = p_cb->rcb[i].peer_features;
555 rc_open.status = BTA_AV_SUCCESS;
556 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
557 p_cb->features, rc_open.peer_features);
558 if (rc_open.peer_features == 0) {
559 /* we have not done SDP on peer RC capabilities.
560 * peer must have initiated the RC connection */
561 if (p_cb->features & BTA_AV_FEAT_RCCT)
562 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
563 if (p_cb->features & BTA_AV_FEAT_RCTG)
564 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
565
566 bta_av_rc_disc(disc);
567 }
568 tBTA_AV bta_av_data;
569 bta_av_data.rc_open = rc_open;
570 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
571
572 /* if local initiated AVRCP connection and both peer and locals device support
573 * browsing channel, open the browsing channel now
574 * TODO (sanketa): Some TG would not broadcast browse feature hence check
575 * inter-op. */
576 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
577 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
578 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
579 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
580 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
581 }
582 }
583
584 /*******************************************************************************
585 *
586 * Function bta_av_rc_remote_cmd
587 *
588 * Description Send an AVRCP remote control command.
589 *
590 * Returns void
591 *
592 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)593 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
594 tBTA_AV_RCB* p_rcb;
595 if (p_cb->features & BTA_AV_FEAT_RCCT) {
596 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
597 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
598 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
599 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
600 &p_data->api_remote_cmd.msg);
601 }
602 }
603 }
604 }
605
606 /*******************************************************************************
607 *
608 * Function bta_av_rc_vendor_cmd
609 *
610 * Description Send an AVRCP vendor specific command.
611 *
612 * Returns void
613 *
614 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)615 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
616 tBTA_AV_RCB* p_rcb;
617 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
618 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
619 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
620 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
621 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
622 &p_data->api_vendor.msg);
623 }
624 }
625 }
626
627 /*******************************************************************************
628 *
629 * Function bta_av_rc_vendor_rsp
630 *
631 * Description Send an AVRCP vendor specific response.
632 *
633 * Returns void
634 *
635 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)636 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
637 tBTA_AV_RCB* p_rcb;
638 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
639 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
640 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
641 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
642 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
643 &p_data->api_vendor.msg);
644 }
645 }
646 }
647
648 /*******************************************************************************
649 *
650 * Function bta_av_rc_meta_rsp
651 *
652 * Description Send an AVRCP metadata/advanced control command/response.
653 *
654 * Returns void
655 *
656 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)657 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
658 tBTA_AV_RCB* p_rcb;
659 bool do_free = true;
660
661 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
662 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
663 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
664 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
665 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
666 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
667 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
668 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
669 do_free = false;
670 }
671 }
672 }
673
674 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
675 }
676
677 /*******************************************************************************
678 *
679 * Function bta_av_rc_free_rsp
680 *
681 * Description free an AVRCP metadata command buffer.
682 *
683 * Returns void
684 *
685 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)686 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
687 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
688 }
689
690 /*******************************************************************************
691 *
692 * Function bta_av_rc_free_browse_msg
693 *
694 * Description free an AVRCP browse message buffer.
695 *
696 * Returns void
697 *
698 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)699 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
700 tBTA_AV_DATA* p_data) {
701 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
702 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
703 }
704 }
705
706 /*******************************************************************************
707 *
708 * Function bta_av_chk_notif_evt_id
709 *
710 * Description make sure the requested player id is valid.
711 *
712 * Returns BTA_AV_STS_NO_RSP, if no error
713 *
714 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)715 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
716 tAVRC_STS status = BTA_AV_STS_NO_RSP;
717 uint8_t xx;
718 uint16_t u16;
719 uint8_t* p = p_vendor->p_vendor_data + 2;
720
721 BE_STREAM_TO_UINT16(u16, p);
722 /* double check the fixed length */
723 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
724 status = AVRC_STS_INTERNAL_ERR;
725 } else {
726 /* make sure the player_id is valid */
727 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
728 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
729 break;
730 }
731 }
732 if (xx == p_bta_av_cfg->num_evt_ids) {
733 status = AVRC_STS_BAD_PARAM;
734 }
735 }
736
737 return status;
738 }
739
740 /*******************************************************************************
741 *
742 * Function bta_av_proc_meta_cmd
743 *
744 * Description Process an AVRCP metadata command from the peer.
745 *
746 * Returns true to respond immediately
747 *
748 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)749 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
750 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
751 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
752 uint8_t u8, pdu, *p;
753 uint16_t u16;
754 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
755
756 pdu = *(p_vendor->p_vendor_data);
757 p_rc_rsp->pdu = pdu;
758 *p_ctype = AVRC_RSP_REJ;
759
760 /* Check to ansure a valid minimum meta data length */
761 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
762 /* reject it */
763 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
764 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
765 p_vendor->vendor_len);
766 return 0;
767 }
768
769 /* Metadata messages only use PANEL sub-unit type */
770 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
771 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
772 /* reject it */
773 evt = 0;
774 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
775 p_vendor->vendor_len = 0;
776 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
777 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
778 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
779 p_vendor->hdr.ctype);
780 /* reject invalid message without reporting to app */
781 evt = 0;
782 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
783 } else {
784 switch (pdu) {
785 case AVRC_PDU_GET_CAPABILITIES:
786 /* process GetCapabilities command without reporting the event to app */
787 evt = 0;
788 if (p_vendor->vendor_len != 5) {
789 android_errorWriteLog(0x534e4554, "111893951");
790 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
791 break;
792 }
793 u8 = *(p_vendor->p_vendor_data + 4);
794 p = p_vendor->p_vendor_data + 2;
795 p_rc_rsp->get_caps.capability_id = u8;
796 BE_STREAM_TO_UINT16(u16, p);
797 if (u16 != 1) {
798 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
799 } else {
800 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
801 if (u8 == AVRC_CAP_COMPANY_ID) {
802 *p_ctype = AVRC_RSP_IMPL_STBL;
803 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
804 memcpy(p_rc_rsp->get_caps.param.company_id,
805 p_bta_av_cfg->p_meta_co_ids,
806 (p_bta_av_cfg->num_co_ids << 2));
807 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
808 *p_ctype = AVRC_RSP_IMPL_STBL;
809 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
810 memcpy(p_rc_rsp->get_caps.param.event_id,
811 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
812 } else {
813 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
814 /* reject - unknown capability ID */
815 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
816 }
817 }
818 break;
819
820 case AVRC_PDU_REGISTER_NOTIFICATION:
821 /* make sure the event_id is implemented */
822 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
823 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
824 break;
825 }
826 }
827
828 return evt;
829 }
830
831 /*******************************************************************************
832 *
833 * Function bta_av_rc_msg
834 *
835 * Description Process an AVRCP message from the peer.
836 *
837 * Returns void
838 *
839 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)840 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
841 tBTA_AV_EVT evt = 0;
842 tBTA_AV av;
843 BT_HDR* p_pkt = NULL;
844 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
845 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
846 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
847 uint8_t ctype = 0;
848 tAVRC_RESPONSE rc_rsp;
849
850 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
851
852 if (NULL == p_data) {
853 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
854 return;
855 }
856
857 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
858 p_data->rc_msg.msg.hdr.ctype);
859
860 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
861 /* if this is a pass thru command */
862 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
863 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
864 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
865 /* check if operation is supported */
866 char avrcp_ct_support[PROPERTY_VALUE_MAX];
867 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
868 "false");
869 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
870 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
871 if (p_cb->features & BTA_AV_FEAT_METADATA)
872 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
873 p_data->rc_msg.msg.pass.pass_len,
874 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
875 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
876 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
877 !strcmp(avrcp_ct_support, "true")) {
878 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
879 } else {
880 p_data->rc_msg.msg.hdr.ctype =
881 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
882 }
883
884 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
885
886 /* send response */
887 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
888 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
889 &p_data->rc_msg.msg.pass);
890
891 /* set up for callback if supported */
892 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
893 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
894 evt = BTA_AV_REMOTE_CMD_EVT;
895 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
896 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
897 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
898 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
899 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
900 av.remote_cmd.label = p_data->rc_msg.label;
901 }
902 }
903 /* else if this is a pass thru response */
904 /* id response type is not impl, we have to release label */
905 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
906 /* set up for callback */
907 evt = BTA_AV_REMOTE_RSP_EVT;
908 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
909 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
910 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
911 av.remote_rsp.label = p_data->rc_msg.label;
912
913 /* If this response is for vendor unique command */
914 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
915 (p_data->rc_msg.msg.pass.pass_len > 0)) {
916 av.remote_rsp.p_data =
917 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
918 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
919 p_data->rc_msg.msg.pass.pass_len);
920 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
921 p_data->rc_msg.msg.pass.pass_len);
922 }
923 }
924 /* must be a bad ctype -> reject*/
925 else {
926 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
927 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
928 &p_data->rc_msg.msg.pass);
929 }
930 }
931 /* else if this is a vendor specific command or response */
932 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
933 /* set up for callback */
934 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
935 av.vendor_cmd.company_id = p_vendor->company_id;
936 av.vendor_cmd.label = p_data->rc_msg.label;
937 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
938 av.vendor_cmd.len = p_vendor->vendor_len;
939
940 /* if configured to support vendor specific and it's a command */
941 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
942 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
943 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
944 (p_vendor->company_id == AVRC_CO_METADATA)) {
945 av.meta_msg.p_msg = &p_data->rc_msg.msg;
946 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
947 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
948 } else {
949 evt = BTA_AV_VENDOR_CMD_EVT;
950 }
951 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
952 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
953 /* else if configured to support vendor specific and it's a response */
954 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
955 (p_vendor->company_id == AVRC_CO_METADATA)) {
956 av.meta_msg.p_msg = &p_data->rc_msg.msg;
957 evt = BTA_AV_META_MSG_EVT;
958 } else {
959 evt = BTA_AV_VENDOR_RSP_EVT;
960 }
961 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
962 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
963 /* else if not configured to support vendor specific and it's a command */
964 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
965 /* reject it */
966 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
967 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
968 } else {
969 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
970 }
971 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
972 &p_data->rc_msg.msg.vendor);
973 }
974 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
975 /* set up for callback */
976 av.meta_msg.rc_handle = p_data->rc_msg.handle;
977 av.meta_msg.company_id = p_vendor->company_id;
978 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
979 av.meta_msg.label = p_data->rc_msg.label;
980 av.meta_msg.p_msg = &p_data->rc_msg.msg;
981 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
982 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
983 evt = BTA_AV_META_MSG_EVT;
984 }
985
986 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
987 if (!p_pkt) {
988 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
989 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
990 }
991 if (p_pkt)
992 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
993 }
994
995 /* call callback */
996 if (evt != 0) {
997 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
998 (*p_cb->p_cback)(evt, &av);
999 /* If browsing message, then free the browse message buffer */
1000 bta_av_rc_free_browse_msg(p_cb, p_data);
1001 }
1002 }
1003
1004 /*******************************************************************************
1005 *
1006 * Function bta_av_rc_close
1007 *
1008 * Description close the specified AVRC handle.
1009 *
1010 * Returns void
1011 *
1012 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1013 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1014 uint16_t handle = p_data->hdr.layer_specific;
1015 tBTA_AV_SCB* p_scb;
1016 tBTA_AV_RCB* p_rcb;
1017
1018 if (handle < BTA_AV_NUM_RCB) {
1019 p_rcb = &p_cb->rcb[handle];
1020
1021 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1022 p_rcb->status);
1023 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1024 if (p_rcb->shdl) {
1025 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1026 if (p_scb) {
1027 /* just in case the RC timer is active
1028 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1029 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1030 alarm_cancel(p_scb->avrc_ct_timer);
1031 }
1032 }
1033
1034 AVRC_Close(p_rcb->handle);
1035 }
1036 }
1037 }
1038
1039 /*******************************************************************************
1040 *
1041 * Function bta_av_rc_browse_close
1042 *
1043 * Description Empty placeholder.
1044 *
1045 * Returns void
1046 *
1047 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1048 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1049 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1050 }
1051
1052 /*******************************************************************************
1053 *
1054 * Function bta_av_get_shdl
1055 *
1056 * Returns The index to p_scb[]
1057 *
1058 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1059 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1060 int i;
1061 uint8_t shdl = 0;
1062 /* find the SCB & stop the timer */
1063 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1064 if (p_scb == bta_av_cb.p_scb[i]) {
1065 shdl = i + 1;
1066 break;
1067 }
1068 }
1069 return shdl;
1070 }
1071
1072 /*******************************************************************************
1073 *
1074 * Function bta_av_stream_chg
1075 *
1076 * Description audio streaming status changed.
1077 *
1078 * Returns void
1079 *
1080 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1081 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1082 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1083
1084 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1085 p_scb->PeerAddress().ToString().c_str(),
1086 logbool(started).c_str(), started_msk);
1087
1088 if (started) {
1089 bta_av_cb.audio_streams |= started_msk;
1090 /* Let L2CAP know this channel is processed with high priority */
1091 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1092 } else {
1093 bta_av_cb.audio_streams &= ~started_msk;
1094 /* Let L2CAP know this channel is processed with low priority */
1095 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1096 }
1097 }
1098
1099 /*******************************************************************************
1100 *
1101 * Function bta_av_conn_chg
1102 *
1103 * Description connetion status changed.
1104 * Open an AVRCP acceptor channel, if new conn.
1105 *
1106 * Returns void
1107 *
1108 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1109 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1110 tBTA_AV_CB* p_cb = &bta_av_cb;
1111 tBTA_AV_SCB* p_scb = NULL;
1112 tBTA_AV_SCB* p_scbi;
1113 uint8_t mask;
1114 uint8_t conn_msk;
1115 uint8_t old_msk;
1116 int i;
1117 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1118 tBTA_AV_LCB* p_lcb;
1119 tBTA_AV_LCB* p_lcb_rc;
1120 tBTA_AV_RCB *p_rcb, *p_rcb2;
1121 bool chk_restore = false;
1122
1123 /* Validate array index*/
1124 if (index < BTA_AV_NUM_STRS) {
1125 p_scb = p_cb->p_scb[index];
1126 }
1127 mask = BTA_AV_HNDL_TO_MSK(index);
1128 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1129 conn_msk = 1 << (index + 1);
1130 if (p_data->conn_chg.is_up) {
1131 /* set the conned mask for this channel */
1132 if (p_scb) {
1133 if (p_lcb) {
1134 p_lcb->conn_msk |= conn_msk;
1135 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1136 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1137 bta_av_cb.rcb[i].shdl = index + 1;
1138 APPL_TRACE_DEBUG(
1139 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1140 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1141 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1142 break;
1143 }
1144 }
1145 }
1146 old_msk = p_cb->conn_audio;
1147 p_cb->conn_audio |= mask;
1148
1149 if ((old_msk & mask) == 0) {
1150 /* increase the audio open count, if not set yet */
1151 bta_av_cb.audio_open_cnt++;
1152 }
1153
1154 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1155 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1156 /* check if the AVRCP ACP channel is already connected */
1157 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1158 p_cb->rc_acp_idx) {
1159 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1160 APPL_TRACE_DEBUG(
1161 "%s: rc_acp is connected && conn_chg on same addr "
1162 "p_lcb_rc->conn_msk:x%x",
1163 __func__, p_lcb_rc->conn_msk);
1164 /* check if the RC is connected to the scb addr */
1165 LOG_INFO(LOG_TAG, "%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s",
1166 __func__, p_lcb_rc->addr.ToString().c_str(),
1167 p_data->conn_chg.peer_addr.ToString().c_str());
1168
1169 if (p_lcb_rc->conn_msk &&
1170 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1171 /* AVRCP is already connected.
1172 * need to update the association betwen SCB and RCB */
1173 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1174 p_lcb_rc->lidx = 0;
1175 p_scb->rc_handle = p_cb->rc_acp_handle;
1176 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1177 p_rcb->shdl = bta_av_get_shdl(p_scb);
1178 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1179 index + 1, p_rcb->shdl, p_scb->rc_handle);
1180
1181 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1182 if (p_rcb2) {
1183 /* found the RCB that was created to associated with this SCB */
1184 p_cb->rc_acp_handle = p_rcb2->handle;
1185 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1186 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1187 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1188 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1189 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1190 p_rcb2->handle, p_rcb2->lidx,
1191 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1192 }
1193 p_rcb->lidx = p_lcb->lidx;
1194 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1195 p_rcb->handle, p_rcb->lidx,
1196 p_cb->lcb[p_rcb->lidx - 1].lidx);
1197 }
1198 }
1199 }
1200 } else {
1201 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1202 /* this channel is still marked as open. decrease the count */
1203 bta_av_cb.audio_open_cnt--;
1204 }
1205
1206 /* clear the conned mask for this channel */
1207 p_cb->conn_audio &= ~mask;
1208 if (p_scb) {
1209 // The stream is closed. Clear the state.
1210 p_scb->OnDisconnected();
1211 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1212 if (p_lcb) {
1213 p_lcb->conn_msk &= ~conn_msk;
1214 }
1215 /* audio channel is down. make sure the INT channel is down */
1216 /* just in case the RC timer is active
1217 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1218 { alarm_cancel(p_scb->avrc_ct_timer); }
1219 /* one audio channel goes down. check if we need to restore high
1220 * priority */
1221 chk_restore = true;
1222 }
1223 }
1224
1225 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1226 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1227 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1228 __func__, i, bta_av_cb.rcb[i].handle,
1229 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1230 bta_av_cb.rcb[i].lidx);
1231 if (bta_av_cb.rcb[i].shdl == index + 1) {
1232 bta_av_del_rc(&bta_av_cb.rcb[i]);
1233 /* since the connection is already down and info was removed, clean
1234 * reference */
1235 bta_av_cb.rcb[i].shdl = 0;
1236 break;
1237 }
1238 }
1239
1240 if (p_cb->conn_audio == 0) {
1241 /* if both channels are not connected,
1242 * close all RC channels */
1243 bta_av_close_all_rc(p_cb);
1244 }
1245
1246 /* if the AVRCP is no longer listening, create the listening channel */
1247 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1248 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1249 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1250 }
1251
1252 APPL_TRACE_DEBUG(
1253 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1254 "audio_open_cnt:%d",
1255 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1256 p_cb->audio_open_cnt);
1257
1258 if (chk_restore) {
1259 if (p_cb->audio_open_cnt == 1) {
1260 /* one audio channel goes down and there's one audio channel remains open.
1261 * restore the switch role in default link policy */
1262 bta_sys_set_default_policy(BTA_ID_AV, HCI_ENABLE_MASTER_SLAVE_SWITCH);
1263 /* allow role switch, if this is the last connection */
1264 bta_av_restore_switch();
1265 }
1266 if (p_cb->audio_open_cnt) {
1267 /* adjust flush timeout settings to longer period */
1268 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1269 p_scbi = bta_av_cb.p_scb[i];
1270 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1271 /* may need to update the flush timeout of this already started stream
1272 */
1273 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1274 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1275 L2CA_SetFlushTimeout(
1276 p_scbi->PeerAddress(),
1277 p_bta_av_cfg->p_audio_flush_to[p_scbi->co_started - 1]);
1278 }
1279 }
1280 }
1281 }
1282 }
1283 }
1284
1285 /*******************************************************************************
1286 *
1287 * Function bta_av_disable
1288 *
1289 * Description disable AV.
1290 *
1291 * Returns void
1292 *
1293 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1294 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1295 BT_HDR hdr;
1296 uint16_t xx;
1297
1298 p_cb->disabling = true;
1299
1300 bta_av_close_all_rc(p_cb);
1301
1302 osi_free_and_reset((void**)&p_cb->p_disc_db);
1303
1304 /* disable audio/video - de-register all channels,
1305 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1306 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1307 if (p_cb->p_scb[xx] != NULL) {
1308 hdr.layer_specific = xx + 1;
1309 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1310 }
1311 }
1312
1313 alarm_free(p_cb->link_signalling_timer);
1314 p_cb->link_signalling_timer = NULL;
1315 alarm_free(p_cb->accept_signalling_timer);
1316 p_cb->accept_signalling_timer = NULL;
1317 }
1318
1319 /*******************************************************************************
1320 *
1321 * Function bta_av_api_disconnect
1322 *
1323 * Description .
1324 *
1325 * Returns void
1326 *
1327 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1328 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1329 AVDT_DisconnectReq(p_data->api_discnt.bd_addr, bta_av_conn_cback);
1330 alarm_cancel(bta_av_cb.link_signalling_timer);
1331 }
1332
1333 /**
1334 * Find the index for the free LCB entry to use.
1335 *
1336 * The selection order is:
1337 * (1) Find the index if there is already SCB entry for the peer address
1338 * (2) If there is no SCB entry for the peer address, find the first
1339 * SCB entry that is not assigned.
1340 *
1341 * @param peer_address the peer address to use
1342 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1343 * if no entry is found
1344 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1345 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1346 const RawAddress& peer_address) {
1347 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1348 peer_address.ToString().c_str(), bta_av_cb.conn_lcb);
1349
1350 // Find the index if there is already SCB entry for the peer address
1351 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1352 uint8_t mask = 1 << index;
1353 if (mask & bta_av_cb.conn_lcb) {
1354 continue;
1355 }
1356 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1357 if (p_scb == nullptr) {
1358 continue;
1359 }
1360 if (p_scb->PeerAddress() == peer_address) {
1361 return index;
1362 }
1363 }
1364
1365 // Find the first SCB entry that is not assigned.
1366 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1367 uint8_t mask = 1 << index;
1368 if (mask & bta_av_cb.conn_lcb) {
1369 continue;
1370 }
1371 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1372 if (p_scb == nullptr) {
1373 continue;
1374 }
1375 if (!p_scb->IsAssigned()) {
1376 return index;
1377 }
1378 }
1379
1380 return BTA_AV_NUM_LINKS;
1381 }
1382
1383 /*******************************************************************************
1384 *
1385 * Function bta_av_sig_chg
1386 *
1387 * Description process AVDT signal channel up/down.
1388 *
1389 * Returns void
1390 *
1391 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1392 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1393 uint16_t event = p_data->str_msg.hdr.layer_specific;
1394 tBTA_AV_CB* p_cb = &bta_av_cb;
1395 uint32_t xx;
1396 uint8_t mask;
1397 tBTA_AV_LCB* p_lcb = NULL;
1398
1399 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1400 if (event == AVDT_CONNECT_IND_EVT) {
1401 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1402 p_data->str_msg.bd_addr.ToString().c_str());
1403
1404 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1405 if (!p_lcb) {
1406 /* if the address does not have an LCB yet, alloc one */
1407 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1408
1409 /* check if we found something */
1410 if (xx >= BTA_AV_NUM_LINKS) {
1411 /* We do not have scb for this avdt connection. */
1412 /* Silently close the connection. */
1413 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1414 __func__, p_data->str_msg.bd_addr.ToString().c_str());
1415 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1416 return;
1417 }
1418 LOG_INFO(LOG_TAG,
1419 "%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1420 __func__, p_data->str_msg.bd_addr.ToString().c_str(), xx);
1421
1422 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1423 mask = 1 << xx;
1424 p_lcb = &p_cb->lcb[xx];
1425 p_lcb->lidx = xx + 1;
1426 p_lcb->addr = p_data->str_msg.bd_addr;
1427 p_lcb->conn_msk = 0; /* clear the connect mask */
1428 /* start listening when the signal channel is open */
1429 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1430 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1431 }
1432 /* this entry is not used yet. */
1433 p_cb->conn_lcb |= mask; /* mark it as used */
1434 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1435 if (p_data->hdr.offset == AVDT_ACP) {
1436 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1437 __func__);
1438 p_scb->OnConnected(p_data->str_msg.bd_addr);
1439 p_scb->use_rc = true; /* allowing RC for incoming connection */
1440 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1441
1442 /* The Pending Event should be sent as soon as the L2CAP signalling
1443 * channel
1444 * is set up, which is NOW. Earlier this was done only after
1445 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1446 * The following function shall send the event and start the
1447 * recurring timer
1448 */
1449 bta_av_signalling_timer(NULL);
1450
1451 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1452 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1453 /* Possible collision : need to avoid outgoing processing while the
1454 * timer is running */
1455 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1456 alarm_set_on_mloop(
1457 p_cb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1458 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1459 }
1460 }
1461 }
1462 #if (BTA_AR_INCLUDED == TRUE)
1463 else if (event == BTA_AR_AVDT_CONN_EVT) {
1464 alarm_cancel(bta_av_cb.link_signalling_timer);
1465 }
1466 #endif
1467 else {
1468 /* disconnected. */
1469 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb is %d", __func__,
1470 bta_av_cb.conn_lcb);
1471
1472 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1473 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1474 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1475 /* clean up ssm */
1476 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1477 if (p_cb->p_scb[xx] &&
1478 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1479 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1480 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1481 p_cb->p_scb[xx]->PeerAddress());
1482 }
1483 mask = 1 << (xx + 1);
1484 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1485 p_cb->p_scb[xx] &&
1486 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1487 APPL_TRACE_WARNING("%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s",
1488 __func__,
1489 p_cb->p_scb[xx]->PeerAddress().ToString().c_str());
1490 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1491 }
1492 }
1493 }
1494 }
1495 APPL_TRACE_DEBUG("%s: sig_chg conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
1496 }
1497
1498 /*******************************************************************************
1499 *
1500 * Function bta_av_signalling_timer
1501 *
1502 * Description process the signal channel timer. This timer is started
1503 * when the AVDTP signal channel is connected. If no profile
1504 * is connected, the timer goes off every
1505 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1506 *
1507 * Returns void
1508 *
1509 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1510 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1511 tBTA_AV_CB* p_cb = &bta_av_cb;
1512 int xx;
1513 uint8_t mask;
1514 tBTA_AV_LCB* p_lcb = NULL;
1515
1516 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1517 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1518 p_lcb = &p_cb->lcb[xx];
1519 mask = 1 << xx;
1520 APPL_TRACE_DEBUG(
1521 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1522 xx, p_cb->conn_lcb, p_lcb->addr.ToString().c_str(), p_lcb->conn_msk,
1523 p_lcb->lidx);
1524 if (mask & p_cb->conn_lcb) {
1525 /* this entry is used. check if it is connected */
1526 if (!p_lcb->conn_msk) {
1527 bta_sys_start_timer(p_cb->link_signalling_timer,
1528 BTA_AV_SIGNALLING_TIMEOUT_MS,
1529 BTA_AV_SIGNALLING_TIMER_EVT, 0);
1530 tBTA_AV_PEND pend;
1531 pend.bd_addr = p_lcb->addr;
1532 tBTA_AV bta_av_data;
1533 bta_av_data.pend = pend;
1534 APPL_TRACE_DEBUG(
1535 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1536 __func__, pend.bd_addr.ToString().c_str(), xx, p_lcb->conn_msk,
1537 p_lcb->lidx);
1538 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1539 }
1540 }
1541 }
1542 }
1543
1544 /*******************************************************************************
1545 *
1546 * Function bta_av_accept_signalling_timer_cback
1547 *
1548 * Description Process the timeout when SRC is accepting connection
1549 * and SNK did not start signalling.
1550 *
1551 * Returns void
1552 *
1553 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1554 static void bta_av_accept_signalling_timer_cback(void* data) {
1555 uint32_t inx = PTR_TO_UINT(data);
1556 tBTA_AV_CB* p_cb = &bta_av_cb;
1557 tBTA_AV_SCB* p_scb = NULL;
1558 if (inx < BTA_AV_NUM_STRS) {
1559 p_scb = p_cb->p_scb[inx];
1560 }
1561 if (p_scb) {
1562 APPL_TRACE_DEBUG("%s: coll_mask = 0x%02X", __func__, p_scb->coll_mask);
1563
1564 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1565 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1566
1567 if (bta_av_is_scb_opening(p_scb)) {
1568 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1569 p_scb->sdp_discovery_started);
1570 if (p_scb->sdp_discovery_started) {
1571 /* We are still doing SDP. Run the timer again. */
1572 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1573
1574 alarm_set_on_mloop(p_cb->accept_signalling_timer,
1575 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1576 bta_av_accept_signalling_timer_cback,
1577 UINT_TO_PTR(inx));
1578 } else {
1579 /* SNK did not start signalling, resume signalling process. */
1580 bta_av_discover_req(p_scb, NULL);
1581 }
1582 } else if (bta_av_is_scb_incoming(p_scb)) {
1583 /* Stay in incoming state if SNK does not start signalling */
1584
1585 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1586 /* API open was called right after SNK opened L2C connection. */
1587 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1588 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1589
1590 /* BTA_AV_API_OPEN_EVT */
1591 tBTA_AV_API_OPEN* p_buf =
1592 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1593 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1594 bta_sys_sendmsg(p_buf);
1595 }
1596 }
1597 }
1598 }
1599 }
1600
1601 /*******************************************************************************
1602 *
1603 * Function bta_av_check_peer_features
1604 *
1605 * Description check supported features on the peer device from the SDP
1606 * record and return the feature mask
1607 *
1608 * Returns tBTA_AV_FEAT peer device feature mask
1609 *
1610 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1611 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1612 tBTA_AV_FEAT peer_features = 0;
1613 tBTA_AV_CB* p_cb = &bta_av_cb;
1614 tSDP_DISC_REC* p_rec = NULL;
1615 tSDP_DISC_ATTR* p_attr;
1616 uint16_t peer_rc_version = 0;
1617 uint16_t categories = 0;
1618
1619 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1620 /* loop through all records we found */
1621 while (true) {
1622 /* get next record; if none found, we're done */
1623 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1624 if (p_rec == NULL) {
1625 break;
1626 }
1627
1628 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1629 NULL) {
1630 /* find peer features */
1631 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1632 NULL)) {
1633 peer_features |= BTA_AV_FEAT_RCCT;
1634 }
1635 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1636 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1637 peer_features |= BTA_AV_FEAT_RCTG;
1638 }
1639 }
1640
1641 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1642 /* get profile version (if failure, version parameter is not updated) */
1643 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1644 &peer_rc_version);
1645 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1646
1647 if (peer_rc_version >= AVRC_REV_1_3)
1648 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1649
1650 if (peer_rc_version >= AVRC_REV_1_4) {
1651 /* get supported categories */
1652 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1653 if (p_attr != NULL) {
1654 categories = p_attr->attr_value.v.u16;
1655 if (categories & AVRC_SUPF_CT_CAT2)
1656 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1657 if (categories & AVRC_SUPF_CT_BROWSE)
1658 peer_features |= (BTA_AV_FEAT_BROWSE);
1659 }
1660 }
1661 }
1662 }
1663 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1664 return peer_features;
1665 }
1666
1667 /*******************************************************************************
1668 *
1669 * Function bta_avk_check_peer_features
1670 *
1671 * Description check supported features on the peer device from the SDP
1672 * record and return the feature mask
1673 *
1674 * Returns tBTA_AV_FEAT peer device feature mask
1675 *
1676 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1677 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1678 tBTA_AV_FEAT peer_features = 0;
1679 tBTA_AV_CB* p_cb = &bta_av_cb;
1680
1681 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1682
1683 /* loop through all records we found */
1684 tSDP_DISC_REC* p_rec =
1685 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1686 while (p_rec) {
1687 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1688 service_uuid);
1689
1690 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1691 NULL) {
1692 /* find peer features */
1693 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1694 NULL)) {
1695 peer_features |= BTA_AV_FEAT_RCCT;
1696 }
1697 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1698 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1699 peer_features |= BTA_AV_FEAT_RCTG;
1700 }
1701 }
1702
1703 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1704 /* get profile version (if failure, version parameter is not updated) */
1705 uint16_t peer_rc_version = 0;
1706 bool val = SDP_FindProfileVersionInRec(
1707 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1708 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1709 __func__, peer_rc_version, val);
1710
1711 if (peer_rc_version >= AVRC_REV_1_3)
1712 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1713
1714 /*
1715 * Though Absolute Volume came after in 1.4 and above, but there are few
1716 * devices
1717 * in market which supports absolute Volume and they are still 1.3
1718 * TO avoid IOT issuses with those devices, we check for 1.3 as minimum
1719 * version
1720 */
1721 if (peer_rc_version >= AVRC_REV_1_3) {
1722 /* get supported features */
1723 tSDP_DISC_ATTR* p_attr =
1724 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1725 if (p_attr != NULL) {
1726 uint16_t categories = p_attr->attr_value.v.u16;
1727 if (categories & AVRC_SUPF_CT_CAT2)
1728 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1729 if (categories & AVRC_SUPF_CT_APP_SETTINGS)
1730 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1731 if (categories & AVRC_SUPF_CT_BROWSE)
1732 peer_features |= (BTA_AV_FEAT_BROWSE);
1733 }
1734 }
1735 }
1736 /* get next record; if none found, we're done */
1737 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1738 }
1739 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1740 return peer_features;
1741 }
1742
1743 /*******************************************************************************
1744 *
1745 * Function bta_av_rc_disc_done
1746 *
1747 * Description Handle AVRCP service discovery results. If matching
1748 * service found, open AVRCP connection.
1749 *
1750 * Returns void
1751 *
1752 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1753 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1754 tBTA_AV_CB* p_cb = &bta_av_cb;
1755 tBTA_AV_SCB* p_scb = NULL;
1756 tBTA_AV_LCB* p_lcb;
1757 uint8_t rc_handle;
1758 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1759
1760 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1761 if (!p_cb->disc) {
1762 return;
1763 }
1764
1765 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1766 /* this is the rc handle/index to tBTA_AV_RCB */
1767 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1768 } else {
1769 /* Validate array index*/
1770 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1771 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1772 }
1773 if (p_scb) {
1774 rc_handle = p_scb->rc_handle;
1775 } else {
1776 p_cb->disc = 0;
1777 return;
1778 }
1779 }
1780
1781 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1782 #if (BTA_AV_SINK_INCLUDED == TRUE)
1783 if (p_cb->sdp_a2dp_snk_handle) {
1784 /* This is Sink + CT + TG(Abs Vol) */
1785 peer_features =
1786 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1787 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
1788 peer_features);
1789 if (BTA_AV_FEAT_ADV_CTRL &
1790 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1791 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1792 } else
1793 #endif
1794 if (p_cb->sdp_a2dp_handle) {
1795 /* check peer version and whether support CT and TG role */
1796 peer_features =
1797 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1798 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1799 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1800 /* if we support advance control and peer does not, check their support on
1801 * TG role
1802 * some implementation uses 1.3 on CT ans 1.4 on TG */
1803 peer_features |=
1804 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1805 }
1806
1807 /* Change our features if the remote AVRCP version is 1.3 or less */
1808 tSDP_DISC_REC* p_rec = nullptr;
1809 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1810 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
1811 if (p_rec != NULL &&
1812 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
1813 /* get profile version (if failure, version parameter is not updated) */
1814 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
1815 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1816 &peer_rc_version);
1817 if (peer_rc_version <= AVRC_REV_1_3) {
1818 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
1819 __func__);
1820 p_bta_av_cfg = &bta_av_cfg_compatibility;
1821 }
1822 }
1823 }
1824
1825 p_cb->disc = 0;
1826 osi_free_and_reset((void**)&p_cb->p_disc_db);
1827
1828 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
1829 peer_features, p_cb->features);
1830
1831 /* if we have no rc connection */
1832 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1833 if (p_scb) {
1834 /* if peer remote control service matches ours and USE_RC is true */
1835 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1836 (peer_features & BTA_AV_FEAT_RCTG)) ||
1837 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
1838 (peer_features & BTA_AV_FEAT_RCCT)))) {
1839 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
1840 if (p_lcb) {
1841 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
1842 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
1843 p_cb->rcb[rc_handle].peer_features = peer_features;
1844 } else {
1845 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
1846 }
1847 } else if (p_scb->use_rc) {
1848 /* can not find AVRC on peer device. report failure */
1849 p_scb->use_rc = false;
1850 tBTA_AV_RC_OPEN rc_open;
1851 rc_open.peer_addr = p_scb->PeerAddress();
1852 rc_open.peer_features = 0;
1853 rc_open.status = BTA_AV_FAIL_SDP;
1854 tBTA_AV bta_av_data;
1855 bta_av_data.rc_open = rc_open;
1856 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
1857 }
1858 }
1859 } else {
1860 tBTA_AV_RC_FEAT rc_feat;
1861 p_cb->rcb[rc_handle].peer_features = peer_features;
1862 rc_feat.rc_handle = rc_handle;
1863 rc_feat.peer_features = peer_features;
1864 if (p_scb == NULL) {
1865 /*
1866 * In case scb is not created by the time we are done with SDP
1867 * we still need to send RC feature event. So we need to get BD
1868 * from Message
1869 */
1870 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx].addr;
1871 } else {
1872 rc_feat.peer_addr = p_scb->PeerAddress();
1873 }
1874 tBTA_AV bta_av_data;
1875 bta_av_data.rc_feat = rc_feat;
1876 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_data);
1877 }
1878 }
1879
1880 /*******************************************************************************
1881 *
1882 * Function bta_av_rc_closed
1883 *
1884 * Description Set AVRCP state to closed.
1885 *
1886 * Returns void
1887 *
1888 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)1889 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
1890 tBTA_AV_CB* p_cb = &bta_av_cb;
1891 tBTA_AV_RC_CLOSE rc_close;
1892 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1893 tBTA_AV_RCB* p_rcb;
1894 tBTA_AV_SCB* p_scb;
1895 int i;
1896 bool conn = false;
1897 tBTA_AV_LCB* p_lcb;
1898
1899 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
1900 p_scb = NULL;
1901 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
1902 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1903 p_rcb = &p_cb->rcb[i];
1904 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
1905 p_rcb->handle, p_rcb->status);
1906 if (p_rcb->handle == p_msg->handle) {
1907 rc_close.rc_handle = i;
1908 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
1909 p_rcb->peer_features = 0;
1910 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
1911 p_rcb->lidx);
1912 if (p_rcb->shdl) {
1913 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
1914 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1915 }
1916 if (p_scb) {
1917 rc_close.peer_addr = p_scb->PeerAddress();
1918 if (p_scb->rc_handle == p_rcb->handle)
1919 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
1920 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
1921 p_scb->rc_handle);
1922 }
1923 p_rcb->shdl = 0;
1924 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
1925 /* if the RCB uses the extra LCB, use the addr for event and clean it */
1926 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
1927 rc_close.peer_addr = p_msg->peer_addr;
1928 LOG_INFO(LOG_TAG, "%s: rc_only closed bd_addr: %s", __func__,
1929 p_msg->peer_addr.ToString().c_str());
1930 p_lcb->conn_msk = 0;
1931 p_lcb->lidx = 0;
1932 }
1933 p_rcb->lidx = 0;
1934
1935 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
1936 /* AVCT CCB is deallocated */
1937 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
1938 p_rcb->status = 0;
1939 } else {
1940 /* AVCT CCB is still there. dealloc */
1941 bta_av_del_rc(p_rcb);
1942
1943 /* if the AVRCP is no longer listening, create the listening channel */
1944 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1945 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1946 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1947 }
1948 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
1949 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
1950 /* at least one channel is still connected */
1951 conn = true;
1952 }
1953 }
1954
1955 if (!conn) {
1956 /* no AVRC channels are connected, go back to INIT state */
1957 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
1958 }
1959
1960 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
1961 rc_close.rc_handle = p_msg->handle;
1962 rc_close.peer_addr = p_msg->peer_addr;
1963 }
1964 tBTA_AV bta_av_data;
1965 bta_av_data.rc_close = rc_close;
1966 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
1967 }
1968
1969 /*******************************************************************************
1970 *
1971 * Function bta_av_rc_browse_opened
1972 *
1973 * Description AVRC browsing channel is opened
1974 *
1975 * Returns void
1976 *
1977 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)1978 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
1979 tBTA_AV_CB* p_cb = &bta_av_cb;
1980 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1981 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
1982
1983 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
1984 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
1985
1986 rc_browse_open.status = BTA_AV_SUCCESS;
1987 rc_browse_open.rc_handle = p_msg->handle;
1988 rc_browse_open.peer_addr = p_msg->peer_addr;
1989
1990 tBTA_AV bta_av_data;
1991 bta_av_data.rc_browse_open = rc_browse_open;
1992 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
1993 }
1994
1995 /*******************************************************************************
1996 *
1997 * Function bta_av_rc_browse_closed
1998 *
1999 * Description AVRC browsing channel is closed
2000 *
2001 * Returns void
2002 *
2003 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2004 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2005 tBTA_AV_CB* p_cb = &bta_av_cb;
2006 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2007 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2008
2009 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
2010 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2011
2012 rc_browse_close.rc_handle = p_msg->handle;
2013 rc_browse_close.peer_addr = p_msg->peer_addr;
2014
2015 tBTA_AV bta_av_data;
2016 bta_av_data.rc_browse_close = rc_browse_close;
2017 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2018 }
2019
2020 /*******************************************************************************
2021 *
2022 * Function bta_av_rc_disc
2023 *
2024 * Description start AVRC SDP discovery.
2025 *
2026 * Returns void
2027 *
2028 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2029 void bta_av_rc_disc(uint8_t disc) {
2030 tBTA_AV_CB* p_cb = &bta_av_cb;
2031 tAVRC_SDP_DB_PARAMS db_params;
2032 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2033 ATTR_ID_BT_PROFILE_DESC_LIST,
2034 ATTR_ID_SUPPORTED_FEATURES};
2035 uint8_t hdi;
2036 tBTA_AV_SCB* p_scb;
2037 RawAddress peer_addr = RawAddress::kEmpty;
2038 uint8_t rc_handle;
2039
2040 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2041 bta_av_cb.disc);
2042 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2043
2044 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2045 /* this is the rc handle/index to tBTA_AV_RCB */
2046 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2047 if (p_cb->rcb[rc_handle].lidx) {
2048 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2049 }
2050 } else {
2051 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2052 p_scb = p_cb->p_scb[hdi];
2053
2054 if (p_scb) {
2055 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2056 peer_addr = p_scb->PeerAddress();
2057 }
2058 }
2059
2060 if (!peer_addr.IsEmpty()) {
2061 /* allocate discovery database */
2062 if (p_cb->p_disc_db == NULL)
2063 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2064
2065 /* set up parameters */
2066 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2067 db_params.num_attr = 3;
2068 db_params.p_db = p_cb->p_disc_db;
2069 db_params.p_attrs = attr_list;
2070
2071 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2072 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2073 &db_params,
2074 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2075 p_cb->disc = disc;
2076 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2077 }
2078 }
2079 }
2080
2081 /*******************************************************************************
2082 *
2083 * Function bta_av_dereg_comp
2084 *
2085 * Description deregister complete. free the stream control block.
2086 *
2087 * Returns void
2088 *
2089 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2090 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2091 tBTA_AV_CB* p_cb = &bta_av_cb;
2092 tBTA_AV_SCB* p_scb;
2093 tBTA_UTL_COD cod;
2094 uint8_t mask;
2095 BT_HDR* p_buf;
2096
2097 /* find the stream control block */
2098 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2099
2100 if (p_scb) {
2101 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2102 p_scb->hndl);
2103 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2104 p_cb->reg_audio &= ~mask;
2105 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
2106 /* this channel is still marked as open. decrease the count */
2107 bta_av_cb.audio_open_cnt--;
2108 }
2109 p_cb->conn_audio &= ~mask;
2110
2111 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2112 /* make sure no buffers are in a2dp_list */
2113 while (!list_is_empty(p_scb->a2dp_list)) {
2114 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2115 list_remove(p_scb->a2dp_list, p_buf);
2116 osi_free(p_buf);
2117 }
2118 }
2119
2120 /* remove the A2DP SDP record, if no more audio stream is left */
2121 if (!p_cb->reg_audio) {
2122 #if (BTA_AR_INCLUDED == TRUE)
2123 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL, BTA_ID_AV);
2124 #endif
2125 if (p_cb->sdp_a2dp_handle) {
2126 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2127 p_cb->sdp_a2dp_handle = 0;
2128 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2129 }
2130
2131 #if (BTA_AV_SINK_INCLUDED == TRUE)
2132 if (p_cb->sdp_a2dp_snk_handle) {
2133 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2134 p_cb->sdp_a2dp_snk_handle = 0;
2135 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2136 }
2137 #endif
2138 }
2139
2140 bta_av_free_scb(p_scb);
2141 }
2142
2143 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2144 p_cb->disabling);
2145 /* if no stream control block is active */
2146 if (p_cb->reg_audio == 0) {
2147 #if (BTA_AR_INCLUDED == TRUE)
2148 /* deregister from AVDT */
2149 bta_ar_dereg_avdt(BTA_ID_AV);
2150
2151 /* deregister from AVCT */
2152 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET, BTA_ID_AV);
2153 bta_ar_dereg_avct(BTA_ID_AV);
2154 #endif
2155
2156 if (p_cb->disabling) {
2157 p_cb->disabling = false;
2158 bta_av_cb.features = 0;
2159 }
2160
2161 /* Clear the Capturing service class bit */
2162 cod.service = BTM_COD_SERVICE_CAPTURING;
2163 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2164 }
2165 }
2166