1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bluetooth-a2dp"
27
28 #include <bluetooth/log.h>
29
30 #include <cstddef>
31 #include <cstdint>
32 #include <cstring>
33
34 #include "avct_api.h"
35 #include "avdt_api.h"
36 #include "avrc_api.h"
37 #include "avrc_defs.h"
38 #include "bt_dev_class.h"
39 #include "bta/av/bta_av_int.h"
40 #include "bta/include/bta_ar_api.h"
41 #include "bta/include/utl.h"
42 #include "bta_av_api.h"
43 #include "bta_sys.h"
44 #include "btif/avrcp/avrcp_service.h"
45 #include "btif/include/btif_av.h"
46 #include "common/bind.h"
47 #include "device/include/device_iot_conf_defs.h"
48 #include "device/include/device_iot_config.h"
49 #include "device/include/interop.h"
50 #include "internal_include/bt_target.h"
51 #include "l2cap_types.h"
52 #include "osi/include/alarm.h"
53 #include "osi/include/allocator.h"
54 #include "osi/include/list.h"
55 #include "osi/include/osi.h" // UINT_TO_PTR PTR_TO_UINT
56 #include "osi/include/properties.h"
57 #include "sdpdefs.h"
58 #include "stack/include/bt_hdr.h"
59 #include "stack/include/bt_types.h"
60 #include "stack/include/bt_uuid16.h"
61 #include "stack/include/btm_client_interface.h"
62 #include "stack/include/l2cap_interface.h"
63 #include "stack/include/sdp_api.h"
64 #include "stack/include/sdp_status.h"
65 #include "stack/sdp/sdp_discovery_db.h"
66 #include "types/raw_address.h"
67
68 using namespace bluetooth::legacy::stack::sdp;
69 using namespace bluetooth;
70
71 /*****************************************************************************
72 * Constants
73 ****************************************************************************/
74 /* the timeout to wait for open req after setconfig for incoming connections */
75 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
76 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
77 #endif
78
79 /* Time to wait for signalling from SNK when it is initiated from SNK. */
80 /* If not, we will start signalling from SRC. */
81 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
82 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
83 #endif
84
85 static void bta_av_accept_signalling_timer_cback(void* data);
86
87 #ifndef AVRC_MIN_META_CMD_LEN
88 #define AVRC_MIN_META_CMD_LEN 20
89 #endif
90
91 /*******************************************************************************
92 *
93 * Function bta_av_get_rcb_by_shdl
94 *
95 * Description find the RCB associated with the given SCB handle.
96 *
97 * Returns tBTA_AV_RCB
98 *
99 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)100 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
101 tBTA_AV_RCB* p_rcb = NULL;
102 int i;
103
104 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
105 if (bta_av_cb.rcb[i].shdl == shdl && bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
106 p_rcb = &bta_av_cb.rcb[i];
107 break;
108 }
109 }
110 return p_rcb;
111 }
112 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
113
114 /*******************************************************************************
115 *
116 * Function bta_av_del_rc
117 *
118 * Description delete the given AVRC handle.
119 *
120 * Returns void
121 *
122 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)123 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
124 tBTA_AV_SCB* p_scb;
125 uint8_t rc_handle; /* connected AVRCP handle */
126
127 p_scb = NULL;
128 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
129 if (p_rcb->shdl) {
130 /* Validate array index*/
131 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
132 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
133 }
134 if (p_scb) {
135 log::verbose("shdl:{}, srch:{} rc_handle:{}", p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
136 if (p_scb->rc_handle == p_rcb->handle) {
137 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
138 }
139 /* just in case the RC timer is active
140 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
141 BTA_AV_CHNL_AUDIO) */
142 alarm_cancel(p_scb->avrc_ct_timer);
143 }
144 }
145
146 log::verbose("handle: {} status=0x{:x}, rc_acp_handle:{}, idx:{}", p_rcb->handle, p_rcb->status,
147 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
148 rc_handle = p_rcb->handle;
149 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
150 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
151 p_rcb->status = 0;
152 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
153 p_rcb->shdl = 0;
154 p_rcb->lidx = 0;
155 }
156 /* else ACP && connected. do not clear the handle yet */
157 AVRC_Close(rc_handle);
158 if (rc_handle == bta_av_cb.rc_acp_handle) {
159 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
160 }
161 log::verbose("end del_rc handle: {} status=0x{:x}, rc_acp_handle:{}, lidx:{}", p_rcb->handle,
162 p_rcb->status, bta_av_cb.rc_acp_handle, p_rcb->lidx);
163 }
164 }
165
166 /*******************************************************************************
167 *
168 * Function bta_av_close_all_rc
169 *
170 * Description close the all AVRC handle.
171 *
172 * Returns void
173 *
174 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)175 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
176 int i;
177
178 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
179 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0)) {
180 bta_av_del_rc(&bta_av_cb.rcb[i]);
181 }
182 }
183 }
184
185 /*******************************************************************************
186 *
187 * Function bta_av_del_sdp_rec
188 *
189 * Description delete the given SDP record handle.
190 *
191 * Returns void
192 *
193 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)194 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
195 if (*p_sdp_handle != 0) {
196 if (!get_legacy_stack_sdp_api()->handle.SDP_DeleteRecord(*p_sdp_handle)) {
197 log::warn("Unable to delete SDP record:{}", *p_sdp_handle);
198 }
199 *p_sdp_handle = 0;
200 }
201 }
202
203 /*******************************************************************************
204 *
205 * Function bta_av_avrc_sdp_cback
206 *
207 * Description AVRCP service discovery callback.
208 *
209 * Returns void
210 *
211 ******************************************************************************/
bta_av_avrc_sdp_cback(tSDP_STATUS)212 static void bta_av_avrc_sdp_cback(tSDP_STATUS /* status */) {
213 BT_HDR_RIGID* p_msg = (BT_HDR_RIGID*)osi_malloc(sizeof(BT_HDR_RIGID));
214
215 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
216
217 bta_sys_sendmsg(p_msg);
218 }
219
220 /*******************************************************************************
221 *
222 * Function bta_av_rc_ctrl_cback
223 *
224 * Description AVRCP control callback.
225 *
226 * Returns void
227 *
228 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,uint16_t,const RawAddress * peer_addr)229 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event, uint16_t /* result */,
230 const RawAddress* peer_addr) {
231 uint16_t msg_event = 0;
232
233 if (btif_av_both_enable() && peer_addr != NULL && btif_av_peer_is_connected_sink(*peer_addr)) {
234 log::warn("not cback legacy cback, and close the handle");
235
236 if (event == AVRC_CLOSE_IND_EVT || event == AVRC_OPEN_IND_EVT) {
237 log::verbose("resend close event");
238 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
239 p_msg->hdr.event = BTA_AV_AVRC_CLOSE_EVT;
240 p_msg->handle = handle;
241 p_msg->peer_addr = *peer_addr;
242 bta_sys_sendmsg(p_msg);
243 }
244 return;
245 }
246
247 log::verbose("handle: {} event=0x{:x}", handle, event);
248 if (event == AVRC_OPEN_IND_EVT) {
249 /* save handle of opened connection
250 bta_av_cb.rc_handle = handle;*/
251
252 msg_event = BTA_AV_AVRC_OPEN_EVT;
253 } else if (event == AVRC_CLOSE_IND_EVT) {
254 msg_event = BTA_AV_AVRC_CLOSE_EVT;
255 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
256 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
257 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
258 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
259 }
260
261 if (msg_event) {
262 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
263 p_msg->hdr.event = msg_event;
264 p_msg->handle = handle;
265 p_msg->peer_addr = (peer_addr) ? (*peer_addr) : RawAddress::kEmpty;
266 bta_sys_sendmsg(p_msg);
267 }
268 }
269
270 /*******************************************************************************
271 *
272 * Function bta_av_rc_msg_cback
273 *
274 * Description AVRCP message callback.
275 *
276 * Returns void
277 *
278 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)279 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode, tAVRC_MSG* p_msg) {
280 uint8_t* p_data_src = NULL;
281 uint16_t data_len = 0;
282
283 log::verbose("handle: {} opcode=0x{:x}", handle, opcode);
284
285 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
286 */
287
288 /* Get size of payload data (for vendor and passthrough messages only; for
289 * browsing
290 * messages, use zero-copy) */
291 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
292 p_data_src = p_msg->vendor.p_vendor_data;
293 data_len = (uint16_t)p_msg->vendor.vendor_len;
294 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
295 p_data_src = p_msg->pass.p_pass_data;
296 data_len = (uint16_t)p_msg->pass.pass_len;
297 }
298
299 /* Create a copy of the message */
300 tBTA_AV_RC_MSG* p_buf = (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
301
302 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
303 p_buf->handle = handle;
304 p_buf->label = label;
305 p_buf->opcode = opcode;
306 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
307 /* Copy the data payload, and set the pointer to it */
308 if (p_data_src != NULL) {
309 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
310 memcpy(p_data_dst, p_data_src, data_len);
311
312 /* Update bta message buffer to point to payload data */
313 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
314 * already points to original avrc buffer) */
315 if (opcode == AVRC_OP_VENDOR) {
316 p_buf->msg.vendor.p_vendor_data = p_data_dst;
317 } else if (opcode == AVRC_OP_PASS_THRU) {
318 p_buf->msg.pass.p_pass_data = p_data_dst;
319 }
320 }
321
322 if (opcode == AVRC_OP_BROWSE) {
323 /* set p_pkt to NULL, so avrc would not free the buffer */
324 p_msg->browse.p_browse_pkt = NULL;
325 }
326
327 bta_sys_sendmsg(p_buf);
328 }
329
330 /*******************************************************************************
331 *
332 * Function bta_av_rc_create
333 *
334 * Description alloc RCB and call AVRC_Open
335 *
336 * Returns the created rc handle
337 *
338 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,tAVCT_ROLE role,uint8_t shdl,uint8_t lidx)339 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, tAVCT_ROLE role, uint8_t shdl, uint8_t lidx) {
340 if ((!btif_av_src_sink_coexist_enabled() ||
341 (btif_av_src_sink_coexist_enabled() && !btif_av_is_sink_enabled() &&
342 btif_av_is_source_enabled())) &&
343 is_new_avrcp_enabled()) {
344 log::info("Skipping RC creation for the old AVRCP profile");
345 return BTA_AV_RC_HANDLE_NONE;
346 }
347
348 RawAddress bda = RawAddress::kAny;
349 uint8_t status = BTA_AV_RC_ROLE_ACP;
350 int i;
351 uint8_t rc_handle;
352 tBTA_AV_RCB* p_rcb{nullptr};
353
354 if (role == AVCT_ROLE_INITIATOR) {
355 // Can't grab a stream control block that doesn't have a valid handle
356 if (!shdl) {
357 log::error("Can't grab stream control block for shdl = {} -> index = {}", shdl, shdl - 1);
358 return BTA_AV_RC_HANDLE_NONE;
359 }
360 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
361 bda = p_scb->PeerAddress();
362 status = BTA_AV_RC_ROLE_INT;
363 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_scb->PeerAddress(), IOT_CONF_KEY_AVRCP_CONN_COUNT);
364
365 } else {
366 p_rcb = bta_av_get_rcb_by_shdl(shdl);
367 if (p_rcb != NULL) {
368 log::error("ACP handle exist for shdl:{}", shdl);
369 p_rcb->lidx = lidx;
370 return p_rcb->handle;
371 }
372 }
373
374 tAVRC_CONN_CB ccb = {
375 .ctrl_cback = base::Bind(bta_av_rc_ctrl_cback),
376 .msg_cback = base::Bind(bta_av_rc_msg_cback),
377 .company_id = p_bta_av_cfg->company_id,
378 .conn = role,
379 // note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
380 .control =
381 static_cast<uint8_t>(p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
382 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE)),
383 };
384
385 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS) {
386 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(bda, IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
387 return BTA_AV_RC_HANDLE_NONE;
388 }
389
390 i = rc_handle;
391 p_rcb = &p_cb->rcb[i];
392
393 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
394 log::error("found duplicated handle:{}", rc_handle);
395 }
396
397 p_rcb->handle = rc_handle;
398 p_rcb->status = status;
399 p_rcb->shdl = shdl;
400 p_rcb->lidx = lidx;
401 p_rcb->peer_features = 0;
402 p_rcb->peer_ct_features = 0;
403 p_rcb->peer_tg_features = 0;
404 p_rcb->cover_art_psm = 0;
405 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
406 /* this LIDX is reserved for the AVRCP ACP connection */
407 p_cb->rc_acp_handle = p_rcb->handle;
408 p_cb->rc_acp_idx = (i + 1);
409 log::verbose("rc_acp_handle:{} idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
410 }
411 log::verbose("create {}, role: {}, shdl:{}, rc_handle:{}, lidx:{}, status:0x{:x}", i,
412 avct_role_text(role), shdl, p_rcb->handle, lidx, p_rcb->status);
413
414 return rc_handle;
415 }
416
417 /*******************************************************************************
418 *
419 * Function bta_av_valid_group_navi_msg
420 *
421 * Description Check if it is Group Navigation Msg for Metadata
422 *
423 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
424 *
425 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)426 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data, bool is_inquiry) {
427 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
428 uint8_t* p_ptr = p_data;
429 uint16_t u16;
430 uint32_t u32;
431
432 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
433 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
434 BE_STREAM_TO_UINT16(u16, p_ptr);
435
436 if (u32 == AVRC_CO_METADATA) {
437 if (is_inquiry) {
438 if (u16 <= AVRC_PDU_PREV_GROUP) {
439 ret = AVRC_RSP_IMPL_STBL;
440 }
441 } else {
442 if (u16 <= AVRC_PDU_PREV_GROUP) {
443 ret = AVRC_RSP_ACCEPT;
444 } else {
445 ret = AVRC_RSP_REJ;
446 }
447 }
448 }
449 }
450
451 return ret;
452 }
453
454 /*******************************************************************************
455 *
456 * Function bta_av_op_supported
457 *
458 * Description Check if remote control operation is supported.
459 *
460 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
461 *
462 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)463 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
464 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
465
466 if (p_bta_av_rc_id) {
467 if (is_inquiry) {
468 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
469 ret_code = AVRC_RSP_IMPL_STBL;
470 }
471 } else {
472 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
473 ret_code = AVRC_RSP_ACCEPT;
474 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) && p_bta_av_rc_id_ac) {
475 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
476 ret_code = AVRC_RSP_INTERIM;
477 }
478 }
479 }
480 }
481 return ret_code;
482 }
483
484 /*******************************************************************************
485 *
486 * Function bta_av_find_lcb
487 *
488 * Description Given BD_addr, find the associated LCB.
489 *
490 * Returns NULL, if not found.
491 *
492 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)493 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
494 tBTA_AV_CB* p_cb = &bta_av_cb;
495 int xx;
496 uint8_t mask;
497 tBTA_AV_LCB* p_lcb = NULL;
498
499 log::verbose("address: {} op:{}", addr, op);
500 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
501 mask = 1 << xx; /* the used mask for this lcb */
502 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
503 p_lcb = &p_cb->lcb[xx];
504 if (op == BTA_AV_LCB_FREE) {
505 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
506 log::verbose("conn_lcb: 0x{:x}", p_cb->conn_lcb);
507 }
508 break;
509 }
510 }
511 return p_lcb;
512 }
513
514 /*******************************************************************************
515 *
516 * Function bta_av_rc_opened
517 *
518 * Description Set AVRCP state to opened.
519 *
520 * Returns void
521 *
522 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)523 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
524 tBTA_AV_RC_OPEN rc_open;
525 tBTA_AV_SCB* p_scb;
526 int i;
527 uint8_t shdl = 0;
528 tBTA_AV_LCB* p_lcb;
529 tBTA_AV_RCB* p_rcb;
530 uint8_t tmp;
531 uint8_t disc = 0;
532
533 /* find the SCB & stop the timer */
534 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
535 p_scb = p_cb->p_scb[i];
536 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
537 p_scb->rc_handle = p_data->rc_conn_chg.handle;
538 log::verbose("shdl:{}, srch {}", i + 1, p_scb->rc_handle);
539 shdl = i + 1;
540 log::info("allow incoming AVRCP connections:{}", p_scb->use_rc);
541 alarm_cancel(p_scb->avrc_ct_timer);
542 disc = p_scb->hndl;
543 break;
544 }
545 }
546
547 i = p_data->rc_conn_chg.handle;
548 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
549 log::error("not a valid handle:{} any more", i);
550 return;
551 }
552
553 log::verbose("local features {} peer features {}", p_cb->features, p_cb->rcb[i].peer_features);
554
555 /* listen to browsing channel when the connection is open,
556 * if peer initiated AVRCP connection and local device supports browsing
557 * channel */
558 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ROLE_ACCEPTOR);
559
560 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
561 /* rc is opened on the RC only ACP channel, but is for a specific
562 * SCB -> need to switch RCBs */
563 p_rcb = bta_av_get_rcb_by_shdl(shdl);
564 if (p_rcb) {
565 p_rcb->shdl = p_cb->rcb[i].shdl;
566 tmp = p_rcb->lidx;
567 p_rcb->lidx = p_cb->rcb[i].lidx;
568 p_cb->rcb[i].lidx = tmp;
569 p_cb->rc_acp_handle = p_rcb->handle;
570 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
571 log::verbose("switching RCB rc_acp_handle:{} idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
572 }
573 }
574
575 p_cb->rcb[i].shdl = shdl;
576 rc_open.rc_handle = i;
577 log::error("rcb[{}] shdl:{} lidx:{}/{}", i, shdl, p_cb->rcb[i].lidx,
578 p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
579 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
580
581 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
582 /* no associated SCB -> connected to an RC only device
583 * update the index to the extra LCB */
584 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
585 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
586 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
587 p_cb->rcb[i].lidx = p_lcb->lidx;
588 p_lcb->conn_msk = 1;
589 log::error("bd_addr: {} rcb[{}].lidx={}, lcb.conn_msk=x{:x}", p_lcb->addr, i, p_cb->rcb[i].lidx,
590 p_lcb->conn_msk);
591 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
592 }
593
594 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
595 rc_open.peer_features = p_cb->rcb[i].peer_features;
596 rc_open.cover_art_psm = p_cb->rcb[i].cover_art_psm;
597 if (btif_av_both_enable()) {
598 if (rc_open.peer_addr == p_cb->rc_feature.peer_addr) {
599 rc_open.peer_features = p_cb->rc_feature.peer_features;
600 rc_open.peer_ct_features = p_cb->rc_feature.peer_ct_features;
601 rc_open.peer_tg_features = p_cb->rc_feature.peer_tg_features;
602 } else {
603 rc_open.peer_features = p_cb->rcb[i].peer_features;
604 rc_open.peer_ct_features = p_cb->rcb[i].peer_ct_features;
605 rc_open.peer_tg_features = p_cb->rcb[i].peer_tg_features;
606 }
607 rc_open.status = BTA_AV_SUCCESS;
608 log::verbose(
609 "local features:0x{:x} peer_features:0x{:x}, peer_ct_feature:0x{:x}, "
610 "peer_tg_feature:0x{:x}",
611 p_cb->features, rc_open.peer_features, rc_open.peer_ct_features,
612 rc_open.peer_tg_features);
613 if (rc_open.peer_features == 0 && rc_open.peer_ct_features == 0 &&
614 rc_open.peer_tg_features == 0) {
615 /* we have not done SDP on peer RC capabilities.
616 * peer must have initiated the RC connection
617 * We Don't have SDP records of Peer, so we by
618 * default will take values depending upon registered
619 * features */
620 if (p_cb->features & BTA_AV_FEAT_RCTG) {
621 rc_open.peer_ct_features |= BTA_AV_FEAT_RCCT;
622 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
623 }
624 bta_av_rc_disc(disc);
625 }
626 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, (tBTA_AV*)&rc_open);
627
628 /* if local initiated AVRCP connection and both peer and locals device
629 * support
630 * browsing channel, open the browsing channel now
631 * Some TG would not broadcast browse feature hence check inter-op. */
632 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
633 ((rc_open.peer_ct_features & BTA_AV_FEAT_BROWSE) ||
634 (rc_open.peer_tg_features & BTA_AV_FEAT_BROWSE))) {
635 if ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
636 log::verbose("opening AVRC Browse channel");
637 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ROLE_INITIATOR);
638 }
639 }
640 return;
641 }
642 rc_open.status = BTA_AV_SUCCESS;
643 log::verbose("local features:x{:x} peer_features:x{:x}", p_cb->features, rc_open.peer_features);
644 log::verbose("cover art psm:x{:x}", rc_open.cover_art_psm);
645 if (rc_open.peer_features == 0) {
646 /* we have not done SDP on peer RC capabilities.
647 * peer must have initiated the RC connection */
648 if (p_cb->features & BTA_AV_FEAT_RCCT) {
649 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
650 }
651 if (p_cb->features & BTA_AV_FEAT_RCTG) {
652 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
653 }
654
655 bta_av_rc_disc(disc);
656 }
657 tBTA_AV bta_av_data;
658 bta_av_data.rc_open = rc_open;
659 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
660
661 /* if local initiated AVRCP connection and both peer and locals device support
662 * browsing channel, open the browsing channel now
663 * TODO (sanketa): Some TG would not broadcast browse feature hence check
664 * inter-op. */
665 if ((p_cb->features & BTA_AV_FEAT_BROWSE) && (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
666 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
667 log::verbose("opening AVRC Browse channel");
668 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ROLE_INITIATOR);
669 }
670 }
671
672 /*******************************************************************************
673 *
674 * Function bta_av_rc_remote_cmd
675 *
676 * Description Send an AVRCP remote control command.
677 *
678 * Returns void
679 *
680 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)681 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
682 tBTA_AV_RCB* p_rcb;
683 if (p_cb->features & BTA_AV_FEAT_RCCT) {
684 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
685 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
686 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
687 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label, &p_data->api_remote_cmd.msg);
688 }
689 }
690 }
691 }
692
693 /*******************************************************************************
694 *
695 * Function bta_av_rc_vendor_cmd
696 *
697 * Description Send an AVRCP vendor specific command.
698 *
699 * Returns void
700 *
701 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)702 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
703 tBTA_AV_RCB* p_rcb;
704 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
705 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
706 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
707 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
708 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label, &p_data->api_vendor.msg);
709 }
710 }
711 }
712
713 /*******************************************************************************
714 *
715 * Function bta_av_rc_vendor_rsp
716 *
717 * Description Send an AVRCP vendor specific response.
718 *
719 * Returns void
720 *
721 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)722 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
723 tBTA_AV_RCB* p_rcb;
724 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
725 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
726 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
727 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
728 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label, &p_data->api_vendor.msg);
729 }
730 }
731 }
732
733 /*******************************************************************************
734 *
735 * Function bta_av_rc_meta_rsp
736 *
737 * Description Send an AVRCP metadata/advanced control command/response.
738 *
739 * Returns void
740 *
741 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)742 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
743 tBTA_AV_RCB* p_rcb;
744 bool do_free = true;
745
746 if ((p_cb->features & BTA_AV_FEAT_METADATA) && (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
747 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
748 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
749 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
750 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
751 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label, p_data->api_meta_rsp.rsp_code,
752 p_data->api_meta_rsp.p_pkt, false);
753 do_free = false;
754 }
755 }
756 }
757
758 if (do_free) {
759 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
760 }
761 }
762
763 /*******************************************************************************
764 *
765 * Function bta_av_rc_free_rsp
766 *
767 * Description free an AVRCP metadata command buffer.
768 *
769 * Returns void
770 *
771 ******************************************************************************/
bta_av_rc_free_rsp(tBTA_AV_CB *,tBTA_AV_DATA * p_data)772 void bta_av_rc_free_rsp(tBTA_AV_CB* /* p_cb */, tBTA_AV_DATA* p_data) {
773 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
774 }
775
776 /*******************************************************************************
777 *
778 * Function bta_av_rc_free_browse_msg
779 *
780 * Description free an AVRCP browse message buffer.
781 *
782 * Returns void
783 *
784 ******************************************************************************/
bta_av_rc_free_browse_msg(tBTA_AV_CB *,tBTA_AV_DATA * p_data)785 void bta_av_rc_free_browse_msg(tBTA_AV_CB* /* p_cb */, tBTA_AV_DATA* p_data) {
786 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
787 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
788 }
789 }
790
791 /*******************************************************************************
792 *
793 * Function bta_av_chk_notif_evt_id
794 *
795 * Description make sure the requested player id is valid.
796 *
797 * Returns BTA_AV_STS_NO_RSP, if no error
798 *
799 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)800 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
801 tAVRC_STS status = BTA_AV_STS_NO_RSP;
802 uint8_t xx;
803 uint16_t u16;
804 uint8_t* p = p_vendor->p_vendor_data + 2;
805
806 BE_STREAM_TO_UINT16(u16, p);
807 /* double check the fixed length */
808 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
809 status = AVRC_STS_INTERNAL_ERR;
810 } else {
811 if (btif_av_both_enable()) {
812 for (xx = 0; xx < bta_av_cfg.num_evt_ids; xx++) {
813 if (*p == bta_av_cfg.p_meta_evt_ids[xx]) {
814 return status;
815 }
816 }
817 for (xx = 0; xx < get_bta_avk_cfg()->num_evt_ids; xx++) {
818 if (*p == get_bta_avk_cfg()->p_meta_evt_ids[xx]) {
819 return status;
820 }
821 }
822 return AVRC_STS_BAD_PARAM;
823 }
824 /* make sure the player_id is valid */
825 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
826 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
827 break;
828 }
829 }
830 if (xx == p_bta_av_cfg->num_evt_ids) {
831 status = AVRC_STS_BAD_PARAM;
832 }
833 }
834
835 return status;
836 }
837
bta_av_proc_rsp(tAVRC_RESPONSE * p_rc_rsp)838 static void bta_av_proc_rsp(tAVRC_RESPONSE* p_rc_rsp) {
839 uint16_t rc_ver = 0x105;
840 const tBTA_AV_CFG* p_src_cfg = NULL;
841 if (rc_ver != 0x103) {
842 p_src_cfg = &bta_av_cfg;
843 } else {
844 p_src_cfg = &bta_av_cfg_compatibility;
845 }
846 p_rc_rsp->get_caps.count = p_src_cfg->num_evt_ids;
847 memcpy(p_rc_rsp->get_caps.param.event_id, p_src_cfg->p_meta_evt_ids, p_src_cfg->num_evt_ids);
848 log::verbose("ver: 0x{:x}", rc_ver);
849 /* if it's not 1.3, then there should be a absolute volume */
850 if (rc_ver != 0x103) {
851 uint8_t evt_cnt = p_rc_rsp->get_caps.count;
852 p_rc_rsp->get_caps.count += get_bta_avk_cfg()->num_evt_ids;
853 if (evt_cnt < AVRC_CAP_MAX_NUM_EVT_ID) {
854 uint32_t i = 0;
855 for (i = 0; i < get_bta_avk_cfg()->num_evt_ids && i + evt_cnt < AVRC_CAP_MAX_NUM_EVT_ID;
856 i++) {
857 p_rc_rsp->get_caps.param.event_id[evt_cnt + i] = get_bta_avk_cfg()->p_meta_evt_ids[i];
858 }
859 }
860 }
861 }
862
863 /*******************************************************************************
864 *
865 * Function bta_av_proc_meta_cmd
866 *
867 * Description Process an AVRCP metadata command from the peer.
868 *
869 * Returns true to respond immediately
870 *
871 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)872 static tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp, tBTA_AV_RC_MSG* p_msg,
873 uint8_t* p_ctype) {
874 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
875 uint8_t u8, pdu, *p;
876 uint16_t u16;
877 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
878
879 if (p_vendor->vendor_len == 0) {
880 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
881 log::verbose("p_vendor->vendor_len == 0");
882 // the caller of this function assume 0 to be an invalid event
883 return 0;
884 }
885
886 pdu = *(p_vendor->p_vendor_data);
887 p_rc_rsp->pdu = pdu;
888 *p_ctype = AVRC_RSP_REJ;
889
890 /* Check to ansure a valid minimum meta data length */
891 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
892 /* reject it */
893 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
894 log::error("Invalid meta-command length: {}", p_vendor->vendor_len);
895 return 0;
896 }
897
898 /* Metadata messages only use PANEL sub-unit type */
899 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
900 log::verbose("SUBUNIT must be PANEL");
901 /* reject it */
902 evt = 0;
903 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
904 p_vendor->vendor_len = 0;
905 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
906 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
907 log::verbose("Invalid pdu/ctype: 0x{:x}, {}", pdu, p_vendor->hdr.ctype);
908 /* reject invalid message without reporting to app */
909 evt = 0;
910 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
911 } else {
912 switch (pdu) {
913 case AVRC_PDU_GET_CAPABILITIES:
914 /* process GetCapabilities command without reporting the event to app */
915 evt = 0;
916 if (p_vendor->vendor_len != 5) {
917 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
918 break;
919 }
920 u8 = *(p_vendor->p_vendor_data + 4);
921 p = p_vendor->p_vendor_data + 2;
922 p_rc_rsp->get_caps.capability_id = u8;
923 BE_STREAM_TO_UINT16(u16, p);
924 if (u16 != 1) {
925 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
926 } else {
927 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
928 if (u8 == AVRC_CAP_COMPANY_ID) {
929 *p_ctype = AVRC_RSP_IMPL_STBL;
930 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
931 memcpy(p_rc_rsp->get_caps.param.company_id, p_bta_av_cfg->p_meta_co_ids,
932 (p_bta_av_cfg->num_co_ids << 2));
933 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
934 *p_ctype = AVRC_RSP_IMPL_STBL;
935 if (btif_av_src_sink_coexist_enabled() && btif_av_both_enable()) {
936 bta_av_proc_rsp(p_rc_rsp);
937 break;
938 }
939 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
940 memcpy(p_rc_rsp->get_caps.param.event_id, p_bta_av_cfg->p_meta_evt_ids,
941 p_bta_av_cfg->num_evt_ids);
942 } else {
943 log::verbose("Invalid capability ID: 0x{:x}", u8);
944 /* reject - unknown capability ID */
945 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
946 }
947 }
948 break;
949
950 case AVRC_PDU_REGISTER_NOTIFICATION:
951 /* make sure the event_id is implemented */
952 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
953 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) {
954 evt = 0;
955 }
956 break;
957 }
958 }
959
960 return evt;
961 }
962
963 /*******************************************************************************
964 *
965 * Function bta_av_rc_msg
966 *
967 * Description Process an AVRCP message from the peer.
968 *
969 * Returns void
970 *
971 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)972 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
973 tBTA_AV_EVT evt = 0;
974 tBTA_AV av;
975 BT_HDR* p_pkt = NULL;
976 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
977 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
978 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
979 uint8_t ctype = 0;
980 tAVRC_RESPONSE rc_rsp;
981
982 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
983
984 if (NULL == p_data) {
985 log::error("Message from peer with no data");
986 return;
987 }
988
989 log::verbose("opcode={:x}, ctype={:x}", p_data->rc_msg.opcode, p_data->rc_msg.msg.hdr.ctype);
990
991 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
992 /* if this is a pass thru command */
993 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
994 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
995 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
996 /* check if operation is supported */
997 char avrcp_ct_support[PROPERTY_VALUE_MAX];
998 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support, "false");
999 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
1000 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
1001 if (p_cb->features & BTA_AV_FEAT_METADATA) {
1002 p_data->rc_msg.msg.hdr.ctype =
1003 bta_av_group_navi_supported(p_data->rc_msg.msg.pass.pass_len,
1004 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
1005 }
1006 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
1007 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
1008 !strcmp(avrcp_ct_support, "true")) {
1009 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
1010 } else {
1011 p_data->rc_msg.msg.hdr.ctype =
1012 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
1013 }
1014
1015 log::verbose("ctype {}", p_data->rc_msg.msg.hdr.ctype);
1016
1017 /* send response */
1018 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM) {
1019 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label, &p_data->rc_msg.msg.pass);
1020 }
1021
1022 /* set up for callback if supported */
1023 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
1024 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
1025 evt = BTA_AV_REMOTE_CMD_EVT;
1026 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
1027 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
1028 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
1029 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
1030 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
1031 av.remote_cmd.label = p_data->rc_msg.label;
1032 }
1033 } else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
1034 /* else if this is a pass thru response */
1035 /* id response type is not impl, we have to release label */
1036 /* set up for callback */
1037 evt = BTA_AV_REMOTE_RSP_EVT;
1038 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
1039 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
1040 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
1041 av.remote_rsp.label = p_data->rc_msg.label;
1042 av.remote_rsp.len = p_data->rc_msg.msg.pass.pass_len;
1043 av.remote_rsp.p_data = NULL;
1044
1045 /* If this response is for vendor unique command */
1046 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
1047 (p_data->rc_msg.msg.pass.pass_len > 0)) {
1048 av.remote_rsp.p_data = (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
1049 log::verbose("Vendor Unique data len = {}", p_data->rc_msg.msg.pass.pass_len);
1050 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
1051 p_data->rc_msg.msg.pass.pass_len);
1052 }
1053 } else {
1054 /* must be a bad ctype -> reject*/
1055 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
1056 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label, &p_data->rc_msg.msg.pass);
1057 }
1058 } else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
1059 /* else if this is a vendor specific command or response */
1060 /* set up for callback */
1061 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
1062 av.vendor_cmd.company_id = p_vendor->company_id;
1063 av.vendor_cmd.label = p_data->rc_msg.label;
1064 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
1065 av.vendor_cmd.len = p_vendor->vendor_len;
1066
1067 /* if configured to support vendor specific and it's a command */
1068 if ((p_cb->features & BTA_AV_FEAT_VENDOR) && p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
1069 if ((p_cb->features & BTA_AV_FEAT_METADATA) && (p_vendor->company_id == AVRC_CO_METADATA)) {
1070 av.meta_msg.p_msg = &p_data->rc_msg.msg;
1071 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
1072 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
1073 } else {
1074 evt = BTA_AV_VENDOR_CMD_EVT;
1075 }
1076 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
1077 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
1078 /* else if configured to support vendor specific and it's a response */
1079 if ((p_cb->features & BTA_AV_FEAT_METADATA) && (p_vendor->company_id == AVRC_CO_METADATA)) {
1080 av.meta_msg.p_msg = &p_data->rc_msg.msg;
1081 evt = BTA_AV_META_MSG_EVT;
1082 } else {
1083 evt = BTA_AV_VENDOR_RSP_EVT;
1084 }
1085 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
1086 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
1087 /* else if not configured to support vendor specific and it's a command */
1088 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
1089 /* reject it */
1090 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
1091 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
1092 } else {
1093 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
1094 }
1095 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label, &p_data->rc_msg.msg.vendor);
1096 }
1097 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
1098 /* set up for callback */
1099 av.meta_msg.rc_handle = p_data->rc_msg.handle;
1100 av.meta_msg.company_id = p_vendor->company_id;
1101 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
1102 av.meta_msg.label = p_data->rc_msg.label;
1103 av.meta_msg.p_msg = &p_data->rc_msg.msg;
1104 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
1105 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
1106 evt = BTA_AV_META_MSG_EVT;
1107 }
1108
1109 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
1110 if (!p_pkt) {
1111 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
1112 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
1113 }
1114 if (p_pkt) {
1115 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt, false);
1116 }
1117 }
1118
1119 /* call callback */
1120 if (evt != 0) {
1121 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1122 (*p_cb->p_cback)(evt, &av);
1123 /* If browsing message, then free the browse message buffer */
1124 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE && p_data->rc_msg.msg.browse.p_browse_pkt != NULL) {
1125 bta_av_rc_free_browse_msg(p_cb, p_data);
1126 }
1127 }
1128 }
1129
1130 /*******************************************************************************
1131 *
1132 * Function bta_av_rc_close
1133 *
1134 * Description close the specified AVRC handle.
1135 *
1136 * Returns void
1137 *
1138 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1139 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1140 uint16_t handle = p_data->hdr.layer_specific;
1141 tBTA_AV_SCB* p_scb;
1142 tBTA_AV_RCB* p_rcb;
1143
1144 if (handle < BTA_AV_NUM_RCB) {
1145 p_rcb = &p_cb->rcb[handle];
1146
1147 log::verbose("handle: {}, status=0x{:x}", p_rcb->handle, p_rcb->status);
1148 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1149 if (p_rcb->shdl) {
1150 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1151 if (p_scb) {
1152 /* just in case the RC timer is active
1153 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1154 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1155 alarm_cancel(p_scb->avrc_ct_timer);
1156 }
1157 }
1158
1159 AVRC_Close(p_rcb->handle);
1160 }
1161 }
1162 }
1163
1164 /*******************************************************************************
1165 *
1166 * Function bta_av_get_shdl
1167 *
1168 * Returns The index to p_scb[]
1169 *
1170 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1171 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1172 int i;
1173 uint8_t shdl = 0;
1174 /* find the SCB & stop the timer */
1175 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1176 if (p_scb == bta_av_cb.p_scb[i]) {
1177 shdl = i + 1;
1178 break;
1179 }
1180 }
1181 return shdl;
1182 }
1183
1184 /*******************************************************************************
1185 *
1186 * Function bta_av_stream_chg
1187 *
1188 * Description audio streaming status changed.
1189 *
1190 * Returns void
1191 *
1192 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1193 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1194 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1195
1196 log::verbose("peer {} started:{} started_msk:0x{:x}", p_scb->PeerAddress(), started, started_msk);
1197
1198 if (started) {
1199 /* Let L2CAP know this channel is processed with high priority */
1200 if (!stack::l2cap::get_interface().L2CA_SetAclPriority(p_scb->PeerAddress(),
1201 L2CAP_PRIORITY_HIGH)) {
1202 log::warn("Unable to set L2CAP acl high priority peer:{}", p_scb->PeerAddress());
1203 }
1204 } else {
1205 /* Let L2CAP know this channel is processed with low priority */
1206 if (!stack::l2cap::get_interface().L2CA_SetAclPriority(p_scb->PeerAddress(),
1207 L2CAP_PRIORITY_NORMAL)) {
1208 log::warn("Unable to set L2CAP acl normal priority peer:{}", p_scb->PeerAddress());
1209 }
1210 }
1211 }
1212
1213 /*******************************************************************************
1214 *
1215 * Function bta_av_conn_chg
1216 *
1217 * Description connetion status changed.
1218 * Open an AVRCP acceptor channel, if new conn.
1219 *
1220 * Returns void
1221 *
1222 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1223 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1224 tBTA_AV_CB* p_cb = &bta_av_cb;
1225 tBTA_AV_SCB* p_scb = NULL;
1226 tBTA_AV_SCB* p_scbi;
1227 uint8_t mask;
1228 uint8_t conn_msk;
1229 uint8_t old_msk;
1230 int i;
1231 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1232 tBTA_AV_LCB* p_lcb;
1233 tBTA_AV_LCB* p_lcb_rc;
1234 tBTA_AV_RCB *p_rcb, *p_rcb2;
1235 bool chk_restore = false;
1236
1237 /* Validate array index*/
1238 if (index < BTA_AV_NUM_STRS) {
1239 p_scb = p_cb->p_scb[index];
1240 }
1241 mask = BTA_AV_HNDL_TO_MSK(index);
1242 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1243 conn_msk = 1 << (index + 1);
1244 if (p_data->conn_chg.is_up) {
1245 /* set the conned mask for this channel */
1246 if (p_scb) {
1247 if (p_lcb) {
1248 p_lcb->conn_msk |= conn_msk;
1249 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1250 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1251 bta_av_cb.rcb[i].shdl = index + 1;
1252 log::verbose("conn_chg up[{}]: {}, status=0x{:x}, shdl:{}, lidx:{}", i,
1253 bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1254 bta_av_cb.rcb[i].lidx);
1255 break;
1256 }
1257 }
1258 }
1259 old_msk = p_cb->conn_audio;
1260 p_cb->conn_audio |= mask;
1261
1262 if ((old_msk & mask) == 0) {
1263 /* increase the audio open count, if not set yet */
1264 bta_av_cb.audio_open_cnt++;
1265 }
1266
1267 log::verbose("rc_acp_handle:{} rc_acp_idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1268 /* check if the AVRCP ACP channel is already connected */
1269 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE && p_cb->rc_acp_idx) {
1270 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1271 log::verbose("rc_acp is connected && conn_chg on same addr p_lcb_rc->conn_msk:x{:x}",
1272 p_lcb_rc->conn_msk);
1273 /* check if the RC is connected to the scb addr */
1274 log::info("p_lcb_rc->addr: {} conn_chg.peer_addr: {}", p_lcb_rc->addr,
1275 p_data->conn_chg.peer_addr);
1276
1277 if (p_lcb_rc->conn_msk && p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1278 /* AVRCP is already connected.
1279 * need to update the association between SCB and RCB */
1280 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1281 p_lcb_rc->lidx = 0;
1282 p_scb->rc_handle = p_cb->rc_acp_handle;
1283 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1284 p_rcb->shdl = bta_av_get_shdl(p_scb);
1285 log::verbose("update rc_acp shdl:{}/{} srch:{}", index + 1, p_rcb->shdl,
1286 p_scb->rc_handle);
1287
1288 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1289 if (p_rcb2) {
1290 /* found the RCB that was created to associated with this SCB */
1291 p_cb->rc_acp_handle = p_rcb2->handle;
1292 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1293 log::verbose("new rc_acp_handle:{}, idx:{}", p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1294 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1295 log::verbose("rc2 handle:{} lidx:{}/{}", p_rcb2->handle, p_rcb2->lidx,
1296 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1297 }
1298 p_rcb->lidx = p_lcb->lidx;
1299 log::verbose("rc handle:{} lidx:{}/{}", p_rcb->handle, p_rcb->lidx,
1300 p_cb->lcb[p_rcb->lidx - 1].lidx);
1301 }
1302 }
1303 }
1304 } else {
1305 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1306 /* this channel is still marked as open. decrease the count */
1307 bta_av_cb.audio_open_cnt--;
1308 }
1309
1310 /* clear the conned mask for this channel */
1311 p_cb->conn_audio &= ~mask;
1312 if (p_scb) {
1313 // The stream is closed. Clear the state.
1314 p_scb->OnDisconnected();
1315 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1316 if (p_lcb) {
1317 p_lcb->conn_msk &= ~conn_msk;
1318 }
1319 /* audio channel is down. make sure the INT channel is down */
1320 /* just in case the RC timer is active
1321 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1322 { alarm_cancel(p_scb->avrc_ct_timer); }
1323 /* one audio channel goes down. check if we need to restore high
1324 * priority */
1325 chk_restore = true;
1326 }
1327 }
1328
1329 log::verbose("shdl:{}", index + 1);
1330 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1331 log::verbose("conn_chg dn[{}]: {}, status=0x{:x}, shdl:{}, lidx:{}", i,
1332 bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1333 bta_av_cb.rcb[i].lidx);
1334 if (bta_av_cb.rcb[i].shdl == index + 1) {
1335 bta_av_del_rc(&bta_av_cb.rcb[i]);
1336 /* since the connection is already down and info was removed, clean
1337 * reference */
1338 bta_av_cb.rcb[i].shdl = 0;
1339 break;
1340 }
1341 }
1342
1343 if (p_cb->conn_audio == 0) {
1344 /* if both channels are not connected,
1345 * close all RC channels */
1346 bta_av_close_all_rc(p_cb);
1347 }
1348
1349 /* if the AVRCP is no longer listening, create the listening channel */
1350 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE && bta_av_cb.features & BTA_AV_FEAT_RCTG) {
1351 bta_av_rc_create(&bta_av_cb, AVCT_ROLE_ACCEPTOR, 0, BTA_AV_NUM_LINKS + 1);
1352 }
1353 }
1354
1355 log::verbose("audio:{:x} up:{} conn_msk:0x{:x} chk_restore:{} audio_open_cnt:{}",
1356 p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1357 p_cb->audio_open_cnt);
1358
1359 if (chk_restore) {
1360 if (p_cb->audio_open_cnt == 1) {
1361 /* one audio channel goes down and there's one audio channel remains open.
1362 * restore the switch role in default link policy */
1363 get_btm_client_interface().link_policy.BTM_default_unblock_role_switch();
1364 bta_av_restore_switch();
1365 }
1366 if (p_cb->audio_open_cnt) {
1367 /* adjust flush timeout settings to longer period */
1368 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1369 p_scbi = bta_av_cb.p_scb[i];
1370 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1371 /* may need to update the flush timeout of this already started stream
1372 */
1373 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1374 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1375 }
1376 }
1377 }
1378 }
1379 }
1380 }
1381
1382 /*******************************************************************************
1383 *
1384 * Function bta_av_disable
1385 *
1386 * Description disable AV.
1387 *
1388 * Returns void
1389 *
1390 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,tBTA_AV_DATA *)1391 void bta_av_disable(tBTA_AV_CB* p_cb, tBTA_AV_DATA* /* p_data */) {
1392 BT_HDR_RIGID hdr;
1393 bool disabling_in_progress = false;
1394 uint16_t xx;
1395
1396 p_cb->disabling = true;
1397
1398 bta_av_close_all_rc(p_cb);
1399
1400 osi_free_and_reset((void**)&p_cb->p_disc_db);
1401
1402 /* disable audio/video - de-register all channels,
1403 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1404 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1405 if (p_cb->p_scb[xx] != NULL) {
1406 // Free signalling timers
1407 alarm_free(p_cb->p_scb[xx]->link_signalling_timer);
1408 p_cb->p_scb[xx]->link_signalling_timer = NULL;
1409 alarm_free(p_cb->p_scb[xx]->accept_signalling_timer);
1410 p_cb->p_scb[xx]->accept_signalling_timer = NULL;
1411
1412 hdr.layer_specific = xx + 1;
1413 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1414 disabling_in_progress = true;
1415 }
1416 }
1417 // Since All channels are deregistering by API_DEREGISTER, the DEREG_COMP_EVT
1418 // would come first before API_DISABLE if there is no connections, and it is
1419 // no needed to setup this disabling flag.
1420 p_cb->disabling = disabling_in_progress;
1421 }
1422
1423 /*******************************************************************************
1424 *
1425 * Function bta_av_api_disconnect
1426 *
1427 * Description .
1428 *
1429 * Returns void
1430 *
1431 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1432 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1433 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(p_data->api_discnt.hdr.layer_specific);
1434 AVDT_DisconnectReq(p_scb->PeerAddress(), bta_av_conn_cback);
1435 alarm_cancel(p_scb->link_signalling_timer);
1436 }
1437
1438 /*******************************************************************************
1439 *
1440 * Function bta_av_set_use_latency_mode
1441 *
1442 * Description Sets stream use latency mode.
1443 *
1444 * Returns void
1445 *
1446 ******************************************************************************/
bta_av_set_use_latency_mode(tBTA_AV_SCB * p_scb,bool use_latency_mode)1447 void bta_av_set_use_latency_mode(tBTA_AV_SCB* p_scb, bool use_latency_mode) {
1448 if (!stack::l2cap::get_interface().L2CA_UseLatencyMode(p_scb->PeerAddress(), use_latency_mode)) {
1449 log::warn("Unable to set L2CAP latenty mode peer:{} use_latency_mode:{}", p_scb->PeerAddress(),
1450 use_latency_mode);
1451 }
1452 }
1453
1454 /*******************************************************************************
1455 *
1456 * Function bta_av_api_set_latency
1457 *
1458 * Description set stream latency.
1459 *
1460 * Returns void
1461 *
1462 ******************************************************************************/
bta_av_api_set_latency(tBTA_AV_DATA * p_data)1463 void bta_av_api_set_latency(tBTA_AV_DATA* p_data) {
1464 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(p_data->api_set_latency.hdr.layer_specific);
1465
1466 tL2CAP_LATENCY latency =
1467 p_data->api_set_latency.is_low_latency ? L2CAP_LATENCY_LOW : L2CAP_LATENCY_NORMAL;
1468 if (!stack::l2cap::get_interface().L2CA_SetAclLatency(p_scb->PeerAddress(), latency)) {
1469 log::warn("Unable to set L2CAP latenty mode peer:{} use_latency_mode:{}", p_scb->PeerAddress(),
1470 latency);
1471 }
1472 }
1473
1474 /**
1475 * Find the index for the free LCB entry to use.
1476 *
1477 * The selection order is:
1478 * (1) Find the index if there is already SCB entry for the peer address
1479 * (2) If there is no SCB entry for the peer address, find the first
1480 * SCB entry that is not assigned.
1481 *
1482 * @param peer_address the peer address to use
1483 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1484 * if no entry is found
1485 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1486 static uint8_t bta_av_find_lcb_index_by_scb_and_address(const RawAddress& peer_address) {
1487 log::verbose("peer_address: {} conn_lcb: 0x{:x}", peer_address, bta_av_cb.conn_lcb);
1488
1489 // Find the index if there is already SCB entry for the peer address
1490 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1491 uint8_t mask = 1 << index;
1492 if (mask & bta_av_cb.conn_lcb) {
1493 continue;
1494 }
1495 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1496 if (p_scb == nullptr) {
1497 continue;
1498 }
1499 if (p_scb->PeerAddress() == peer_address) {
1500 return index;
1501 }
1502 }
1503
1504 // Find the first SCB entry that is not assigned.
1505 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1506 uint8_t mask = 1 << index;
1507 if (mask & bta_av_cb.conn_lcb) {
1508 continue;
1509 }
1510 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1511 if (p_scb == nullptr) {
1512 continue;
1513 }
1514 if (!p_scb->IsAssigned()) {
1515 const RawAddress& btif_addr = btif_av_find_by_handle(p_scb->hndl);
1516 if (!btif_addr.IsEmpty() && btif_addr != peer_address) {
1517 log::debug("btif_addr = {}, index={}!", btif_addr, index);
1518 continue;
1519 }
1520 return index;
1521 }
1522 }
1523
1524 return BTA_AV_NUM_LINKS;
1525 }
1526
1527 /*******************************************************************************
1528 *
1529 * Function bta_av_sig_chg
1530 *
1531 * Description process AVDT signal channel up/down.
1532 *
1533 * Returns void
1534 *
1535 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1536 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1537 uint16_t event = p_data->str_msg.hdr.layer_specific;
1538 tBTA_AV_CB* p_cb = &bta_av_cb;
1539 uint32_t xx;
1540 uint8_t mask;
1541 tBTA_AV_LCB* p_lcb = NULL;
1542
1543 log::verbose("event: {}", event);
1544 if (event == AVDT_CONNECT_IND_EVT) {
1545 log::verbose("AVDT_CONNECT_IND_EVT: peer {}", p_data->str_msg.bd_addr);
1546
1547 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1548 if (!p_lcb) {
1549 /* if the address does not have an LCB yet, alloc one */
1550 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1551
1552 /* check if we found something */
1553 if (xx >= BTA_AV_NUM_LINKS) {
1554 /* We do not have scb for this avdt connection. */
1555 /* Silently close the connection. */
1556 log::error("av scb not available for avdt connection for {}", p_data->str_msg.bd_addr);
1557 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1558 return;
1559 }
1560 log::info("AVDT_CONNECT_IND_EVT: peer {} selected lcb_index {}", p_data->str_msg.bd_addr, xx);
1561
1562 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1563 mask = 1 << xx;
1564 p_lcb = &p_cb->lcb[xx];
1565 p_lcb->lidx = xx + 1;
1566 p_lcb->addr = p_data->str_msg.bd_addr;
1567 p_lcb->conn_msk = 0; /* clear the connect mask */
1568 /* start listening when the signal channel is open */
1569 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1570 bta_av_rc_create(p_cb, AVCT_ROLE_ACCEPTOR, 0, p_lcb->lidx);
1571 }
1572 /* this entry is not used yet. */
1573 p_cb->conn_lcb |= mask; /* mark it as used */
1574 log::verbose("start sig timer {}", p_data->hdr.offset);
1575 if (p_data->hdr.offset == static_cast<uint16_t>(tAVDT_ROLE::AVDT_ACP)) {
1576 log::verbose("Incoming L2CAP acquired, set state as incoming");
1577 p_scb->OnConnected(p_data->str_msg.bd_addr);
1578 p_scb->use_rc = true; /* allowing RC for incoming connection */
1579 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1580
1581 /* The Pending Event should be sent as soon as the L2CAP signalling
1582 * channel
1583 * is set up, which is NOW. Earlier this was done only after
1584 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1585 * The following function shall send the event and start the
1586 * recurring timer
1587 */
1588 if (!p_scb->link_signalling_timer) {
1589 p_scb->link_signalling_timer = alarm_new("link_signalling_timer");
1590 }
1591 BT_HDR hdr;
1592 hdr.layer_specific = p_scb->hndl;
1593 bta_av_signalling_timer((tBTA_AV_DATA*)&hdr);
1594
1595 log::verbose("Re-start timer for AVDTP service");
1596 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1597 /* Possible collision : need to avoid outgoing processing while the
1598 * timer is running */
1599 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1600 if (!p_scb->accept_signalling_timer) {
1601 p_scb->accept_signalling_timer = alarm_new("accept_signalling_timer");
1602 }
1603 alarm_set_on_mloop(p_scb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1604 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1605 }
1606 }
1607 } else if (event == BTA_AR_AVDT_CONN_EVT) {
1608 uint8_t scb_index = p_data->str_msg.scb_index;
1609 alarm_cancel(p_cb->p_scb[scb_index]->link_signalling_timer);
1610 } else {
1611 /* disconnected. */
1612 log::verbose("bta_av_cb.conn_lcb=0x{:x}", bta_av_cb.conn_lcb);
1613
1614 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1615 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1616 log::verbose("conn_msk: 0x{:x}", p_lcb->conn_msk);
1617 /* clean up ssm */
1618 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1619 if (p_cb->p_scb[xx] && p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1620 if ((p_cb->p_scb[xx]->state == 1) &&
1621 alarm_is_scheduled(p_cb->p_scb[xx]->accept_signalling_timer) &&
1622 interop_match_addr(INTEROP_IGNORE_DISC_BEFORE_SIGNALLING_TIMEOUT,
1623 &(p_data->str_msg.bd_addr))) {
1624 continue;
1625 }
1626 log::verbose("Closing timer for AVDTP service");
1627 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id, p_cb->p_scb[xx]->PeerAddress());
1628 }
1629 mask = 1 << (xx + 1);
1630 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) && p_cb->p_scb[xx] &&
1631 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1632 log::warn("Sending AVDT_DISCONNECT_EVT peer_addr={}", p_cb->p_scb[xx]->PeerAddress());
1633 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1634 }
1635 }
1636 }
1637 }
1638 log::verbose("bta_av_cb.conn_lcb=0x{:x} after sig_chg", p_cb->conn_lcb);
1639 }
1640
1641 /*******************************************************************************
1642 *
1643 * Function bta_av_signalling_timer
1644 *
1645 * Description process the signal channel timer. This timer is started
1646 * when the AVDTP signal channel is connected. If no profile
1647 * is connected, the timer goes off every
1648 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1649 *
1650 * Returns void
1651 *
1652 ******************************************************************************/
bta_av_signalling_timer(tBTA_AV_DATA * p_data)1653 void bta_av_signalling_timer(tBTA_AV_DATA* p_data) {
1654 tBTA_AV_HNDL hndl = p_data->hdr.layer_specific;
1655 tBTA_AV_SCB* p_scb = bta_av_hndl_to_scb(hndl);
1656
1657 tBTA_AV_CB* p_cb = &bta_av_cb;
1658 int xx;
1659 uint8_t mask;
1660 tBTA_AV_LCB* p_lcb = NULL;
1661
1662 log::verbose("conn_lcb=0x{:x}", p_cb->conn_lcb);
1663 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1664 p_lcb = &p_cb->lcb[xx];
1665 mask = 1 << xx;
1666 log::verbose("index={} conn_lcb=0x{:x} peer={} conn_mask=0x{:x} lidx={}", xx, p_cb->conn_lcb,
1667 p_lcb->addr, p_lcb->conn_msk, p_lcb->lidx);
1668 if (mask & p_cb->conn_lcb) {
1669 /* this entry is used. check if it is connected */
1670 if (!p_lcb->conn_msk) {
1671 log::verbose("hndl 0x{:x}", p_scb->hndl);
1672 bta_sys_start_timer(p_scb->link_signalling_timer, BTA_AV_SIGNALLING_TIMEOUT_MS,
1673 BTA_AV_SIGNALLING_TIMER_EVT, hndl);
1674 tBTA_AV bta_av_data = {
1675 .pend =
1676 {
1677 .bd_addr = p_lcb->addr,
1678 },
1679 };
1680 log::verbose("BTA_AV_PENDING_EVT for {} index={} conn_mask=0x{:x} lidx={}", p_lcb->addr, xx,
1681 p_lcb->conn_msk, p_lcb->lidx);
1682 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1683 }
1684 }
1685 }
1686 }
1687
1688 /*******************************************************************************
1689 *
1690 * Function bta_av_accept_signalling_timer_cback
1691 *
1692 * Description Process the timeout when SRC is accepting connection
1693 * and SNK did not start signalling.
1694 *
1695 * Returns void
1696 *
1697 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1698 static void bta_av_accept_signalling_timer_cback(void* data) {
1699 uint32_t inx = PTR_TO_UINT(data);
1700 tBTA_AV_CB* p_cb = &bta_av_cb;
1701 tBTA_AV_SCB* p_scb = NULL;
1702 if (inx < BTA_AV_NUM_STRS) {
1703 p_scb = p_cb->p_scb[inx];
1704 }
1705 if (p_scb) {
1706 log::verbose("coll_mask=0x{:02x}", p_scb->coll_mask);
1707
1708 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1709 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1710
1711 if (bta_av_is_scb_opening(p_scb)) {
1712 log::verbose("stream state opening: SDP started = {}", p_scb->sdp_discovery_started);
1713 if (p_scb->sdp_discovery_started) {
1714 /* We are still doing SDP. Run the timer again. */
1715 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1716
1717 alarm_set_on_mloop(p_scb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1718 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(inx));
1719 } else {
1720 /* SNK did not start signalling, resume signalling process. */
1721 bta_av_discover_req(p_scb, NULL);
1722 }
1723 } else if (bta_av_is_scb_incoming(p_scb)) {
1724 /* Stay in incoming state if SNK does not start signalling */
1725
1726 log::verbose("stream state incoming");
1727 /* API open was called right after SNK opened L2C connection. */
1728 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1729 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1730
1731 /* BTA_AV_API_OPEN_EVT */
1732 tBTA_AV_API_OPEN* p_buf = (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1733 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1734 bta_sys_sendmsg(p_buf);
1735 }
1736 }
1737 }
1738 }
1739 }
1740
bta_av_store_peer_rc_version()1741 static void bta_av_store_peer_rc_version() {
1742 tBTA_AV_CB* p_cb = &bta_av_cb;
1743 tSDP_DISC_REC* p_rec = NULL;
1744 uint16_t peer_rc_version = 0; /*Assuming Default peer version as 1.3*/
1745
1746 if ((p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1747 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) != NULL) {
1748 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1749 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1750 /* get profile version (if failure, version parameter is not updated) */
1751 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1752 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
1753 log::warn("Unable to find AVRC profile version in record peer:{}", p_rec->remote_bd_addr);
1754 }
1755 }
1756 if (peer_rc_version != 0) {
1757 DEVICE_IOT_CONFIG_ADDR_SET_HEX_IF_GREATER(p_rec->remote_bd_addr,
1758 IOT_CONF_KEY_AVRCP_CTRL_VERSION, peer_rc_version,
1759 IOT_CONF_BYTE_NUM_2);
1760 }
1761 }
1762
1763 peer_rc_version = 0;
1764 if ((p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1765 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) != NULL) {
1766 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1767 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1768 /* get profile version (if failure, version parameter is not updated) */
1769 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1770 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
1771 log::warn("Unable to find SDP profile version in record peer:{}", p_rec->remote_bd_addr);
1772 }
1773 }
1774 if (peer_rc_version != 0) {
1775 DEVICE_IOT_CONFIG_ADDR_SET_HEX_IF_GREATER(p_rec->remote_bd_addr,
1776 IOT_CONF_KEY_AVRCP_TG_VERSION, peer_rc_version,
1777 IOT_CONF_BYTE_NUM_2);
1778 }
1779 }
1780 }
1781
1782 /*******************************************************************************
1783 *
1784 * Function bta_av_check_peer_features
1785 *
1786 * Description check supported features on the peer device from the SDP
1787 * record and return the feature mask
1788 *
1789 * Returns tBTA_AV_FEAT peer device feature mask
1790 *
1791 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1792 static tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1793 tBTA_AV_FEAT peer_features = 0;
1794 tBTA_AV_CB* p_cb = &bta_av_cb;
1795 tSDP_DISC_REC* p_rec = NULL;
1796 tSDP_DISC_ATTR* p_attr;
1797 uint16_t peer_rc_version = 0;
1798 uint16_t categories = 0;
1799
1800 log::verbose("service_uuid:x{:x}", service_uuid);
1801 /* loop through all records we found */
1802 while (true) {
1803 /* get next record; if none found, we're done */
1804 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid,
1805 p_rec);
1806 if (p_rec == NULL) {
1807 break;
1808 }
1809
1810 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1811 p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) != NULL) {
1812 /* find peer features */
1813 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1814 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) {
1815 peer_features |= BTA_AV_FEAT_RCCT;
1816 }
1817 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1818 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1819 peer_features |= BTA_AV_FEAT_RCTG;
1820 }
1821 }
1822
1823 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1824 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1825 /* get profile version (if failure, version parameter is not updated) */
1826 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1827 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
1828 log::warn("Unable to find AVRC profile version in record peer:{}", p_rec->remote_bd_addr);
1829 }
1830 log::verbose("peer_rc_version 0x{:x}", peer_rc_version);
1831
1832 if (peer_rc_version >= AVRC_REV_1_3) {
1833 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1834 }
1835
1836 if (peer_rc_version >= AVRC_REV_1_4) {
1837 /* get supported categories */
1838 p_attr = get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1839 p_rec, ATTR_ID_SUPPORTED_FEATURES);
1840 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&
1841 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {
1842 categories = p_attr->attr_value.v.u16;
1843 if (categories & AVRC_SUPF_CT_CAT2) {
1844 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1845 }
1846 if (categories & AVRC_SUPF_CT_BROWSE) {
1847 peer_features |= (BTA_AV_FEAT_BROWSE);
1848 }
1849 }
1850 }
1851 }
1852 }
1853 log::verbose("peer_features:x{:x}", peer_features);
1854 return peer_features;
1855 }
1856
1857 /*******************************************************************************
1858 *
1859 * Function bta_avk_check_peer_features
1860 *
1861 * Description check supported features on the peer device from the SDP
1862 * record and return the feature mask
1863 *
1864 * Returns tBTA_AV_FEAT peer device feature mask
1865 *
1866 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1867 static tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1868 tBTA_AV_FEAT peer_features = 0;
1869 tBTA_AV_CB* p_cb = &bta_av_cb;
1870
1871 log::verbose("service_uuid:x{:x}", service_uuid);
1872
1873 /* loop through all records we found */
1874 tSDP_DISC_REC* p_rec =
1875 get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1876 while (p_rec) {
1877 log::verbose("found Service record for x{:x}", service_uuid);
1878
1879 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1880 p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) != NULL) {
1881 /* find peer features */
1882 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1883 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, NULL)) {
1884 peer_features |= BTA_AV_FEAT_RCCT;
1885 }
1886 if (get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1887 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1888 peer_features |= BTA_AV_FEAT_RCTG;
1889 }
1890 }
1891
1892 if ((get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1893 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1894 /* get profile version (if failure, version parameter is not updated) */
1895 uint16_t peer_rc_version = 0;
1896 bool val = get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
1897 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1898 log::verbose("peer_rc_version for TG 0x{:x}, profile_found {}", peer_rc_version, val);
1899
1900 if (peer_rc_version >= AVRC_REV_1_3) {
1901 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1902 }
1903
1904 /* Get supported features */
1905 tSDP_DISC_ATTR* p_attr = get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1906 p_rec, ATTR_ID_SUPPORTED_FEATURES);
1907 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == UINT_DESC_TYPE &&
1908 SDP_DISC_ATTR_LEN(p_attr->attr_len_type) >= 2) {
1909 uint16_t categories = p_attr->attr_value.v.u16;
1910 /*
1911 * Though Absolute Volume came after in 1.4 and above, but there are
1912 * few devices in market which supports absolute Volume and they are
1913 * still 1.3. To avoid IOP issuses with those devices, we check for
1914 * 1.3 as minimum version
1915 */
1916 if (peer_rc_version >= AVRC_REV_1_3) {
1917 if (categories & AVRC_SUPF_TG_CAT2) {
1918 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1919 }
1920 if (categories & AVRC_SUPF_TG_APP_SETTINGS) {
1921 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1922 }
1923 if (categories & AVRC_SUPF_TG_BROWSE) {
1924 peer_features |= (BTA_AV_FEAT_BROWSE);
1925 }
1926 }
1927
1928 /* AVRCP Cover Artwork over BIP */
1929 if (peer_rc_version >= AVRC_REV_1_6) {
1930 if (service_uuid == UUID_SERVCLASS_AV_REM_CTRL_TARGET &&
1931 categories & AVRC_SUPF_TG_PLAYER_COVER_ART) {
1932 peer_features |= (BTA_AV_FEAT_COVER_ARTWORK);
1933 }
1934 }
1935 }
1936 }
1937 /* get next record; if none found, we're done */
1938 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid,
1939 p_rec);
1940 }
1941 log::verbose("peer_features:x{:x}", peer_features);
1942 return peer_features;
1943 }
1944
1945 /******************************************************************************
1946 *
1947 * Function bta_avk_get_cover_art_psm
1948 *
1949 * Description Get the PSM associated with the AVRCP Target cover art
1950 * feature
1951 *
1952 * Returns uint16_t PSM value used to get cover artwork, or 0x0000 if
1953 * one does not exist.
1954 *
1955 *****************************************************************************/
bta_avk_get_cover_art_psm()1956 static uint16_t bta_avk_get_cover_art_psm() {
1957 log::verbose("searching for cover art psm");
1958 /* Cover Art L2CAP PSM is only available on a target device */
1959 tBTA_AV_CB* p_cb = &bta_av_cb;
1960 tSDP_DISC_REC* p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
1961 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL);
1962 while (p_rec) {
1963 tSDP_DISC_ATTR* p_attr = (get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
1964 p_rec, ATTR_ID_ADDITION_PROTO_DESC_LISTS));
1965 /*
1966 * If we have the Additional Protocol Description Lists attribute then we
1967 * specifically want the list that is an L2CAP protocol leading to OBEX.
1968 * Because the is a case where cover art is supported and browsing isn't
1969 * we need to check each list for the one we want.
1970 *
1971 * This means we need to do drop down into the protocol list and do a
1972 * "for each protocol, for each protocol element, for each protocol element
1973 * list parameter, if the parameter is L2CAP then find the PSM associated
1974 * with it, then make sure we see OBEX in that same protocol"
1975 */
1976 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
1977 // Point to first in List of protocols (i.e [(L2CAP -> AVCTP),
1978 // (L2CAP -> OBEX)])
1979 tSDP_DISC_ATTR* p_protocol_list = p_attr->attr_value.v.p_sub_attr;
1980 while (p_protocol_list != NULL) {
1981 if (SDP_DISC_ATTR_TYPE(p_protocol_list->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
1982 // Point to fist in list of protocol elements (i.e. [L2CAP, AVCTP])
1983 tSDP_DISC_ATTR* p_protocol = p_protocol_list->attr_value.v.p_sub_attr;
1984 bool protocol_has_obex = false;
1985 bool protocol_has_l2cap = false;
1986 uint16_t psm = 0x0000;
1987 while (p_protocol) {
1988 if (SDP_DISC_ATTR_TYPE(p_protocol->attr_len_type) == DATA_ELE_SEQ_DESC_TYPE) {
1989 // Point to first item protocol parameters list (i.e [UUID=L2CAP,
1990 // PSM=0x1234])
1991 tSDP_DISC_ATTR* p_protocol_param = p_protocol->attr_value.v.p_sub_attr;
1992 /*
1993 * Currently there's only ever one UUID and one parameter. L2cap
1994 * has a single PSM, AVCTP has a version and OBEX has nothing.
1995 * Change this if that ever changes.
1996 */
1997 uint16_t protocol_uuid = 0;
1998 uint16_t protocol_param = 0;
1999 while (p_protocol_param) {
2000 uint16_t param_type = SDP_DISC_ATTR_TYPE(p_protocol_param->attr_len_type);
2001 uint16_t param_len = SDP_DISC_ATTR_LEN(p_protocol_param->attr_len_type);
2002 if (param_type == UUID_DESC_TYPE) {
2003 protocol_uuid = p_protocol_param->attr_value.v.u16;
2004 } else if (param_type == UINT_DESC_TYPE) {
2005 protocol_param = (param_len == 2) ? p_protocol_param->attr_value.v.u16
2006 : p_protocol_param->attr_value.v.u8;
2007 } /* else dont care */
2008 p_protocol_param = p_protocol_param->p_next_attr; // next
2009 }
2010 // If we've found L2CAP then the parameter is a PSM
2011 if (protocol_uuid == UUID_PROTOCOL_L2CAP) {
2012 protocol_has_l2cap = true;
2013 psm = protocol_param;
2014 } else if (protocol_uuid == UUID_PROTOCOL_OBEX) {
2015 protocol_has_obex = true;
2016 }
2017 }
2018 // If this protocol has l2cap and obex then we're found the BIP PSM
2019 if (protocol_has_l2cap && protocol_has_obex) {
2020 log::verbose("found psm 0x{:x}", psm);
2021 return psm;
2022 }
2023 p_protocol = p_protocol->p_next_attr; // next protocol element
2024 }
2025 }
2026 p_protocol_list = p_protocol_list->p_next_attr; // next protocol
2027 }
2028 }
2029 /* get next record; if none found, we're done */
2030 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
2031 p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET, p_rec);
2032 }
2033 /* L2CAP PSM range is 0x1000-0xFFFF so 0x0000 is safe default invalid */
2034 log::verbose("could not find a BIP psm");
2035 return 0x0000;
2036 }
2037
bta_av_rc_disc_done_all(tBTA_AV_DATA *)2038 static void bta_av_rc_disc_done_all(tBTA_AV_DATA* /* p_data */) {
2039 tBTA_AV_CB* p_cb = &bta_av_cb;
2040 tBTA_AV_SCB* p_scb = NULL;
2041 tBTA_AV_LCB* p_lcb;
2042 uint8_t rc_handle = BTA_AV_RC_HANDLE_NONE;
2043 tBTA_AV_FEAT peer_tg_features = 0;
2044 tBTA_AV_FEAT peer_ct_features = 0;
2045 uint16_t cover_art_psm = 0x0000;
2046
2047 log::verbose("bta_av_rc_disc_done disc:x{:x}", p_cb->disc);
2048 if (!p_cb->disc) {
2049 return;
2050 }
2051
2052 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2053 /* this is the rc handle/index to tBTA_AV_RCB */
2054 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
2055 log::error("WRONG MASK A2dp not connect");
2056 } else {
2057 /* Validate array index*/
2058 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
2059 log::verbose("wrong data bta_av_rc_disc_done disc:x{:x}", p_cb->disc);
2060 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
2061 }
2062 if (p_scb) {
2063 rc_handle = p_scb->rc_handle;
2064 } else {
2065 p_cb->disc = 0;
2066 return;
2067 }
2068 }
2069
2070 log::verbose("rc_handle {}", rc_handle);
2071 if (p_cb->sdp_a2dp_snk_handle) {
2072 /* This is Sink + CT + TG(Abs Vol) */
2073 peer_tg_features = bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2074 log::verbose("populating rem ctrl target features {}", peer_tg_features);
2075 if (BTA_AV_FEAT_ADV_CTRL & bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL)) {
2076 peer_tg_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
2077 }
2078
2079 if (peer_tg_features & BTA_AV_FEAT_COVER_ARTWORK) {
2080 cover_art_psm = bta_avk_get_cover_art_psm();
2081 }
2082
2083 log::verbose("populating rem ctrl target bip psm 0x{:x}", cover_art_psm);
2084 } else if (p_cb->sdp_a2dp_handle) {
2085 /* check peer version and whether support CT and TG role */
2086 peer_ct_features = bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2087 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
2088 ((peer_ct_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
2089 /* if we support advance control and peer does not, check their support on
2090 * TG role
2091 * some implementation uses 1.3 on CT ans 1.4 on TG */
2092 peer_ct_features |= bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2093 }
2094
2095 /* Change our features if the remote AVRCP version is 1.3 or less */
2096 tSDP_DISC_REC* p_rec = nullptr;
2097 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
2098 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
2099 if (p_rec != NULL && get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
2100 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
2101 /* get profile version (if failure, version parameter is not updated) */
2102 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
2103 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
2104 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
2105 log::warn("Unable to find SDP in record peer:{}", p_rec->remote_bd_addr);
2106 }
2107 if (peer_rc_version <= AVRC_REV_1_3) {
2108 log::verbose("Using AVRCP 1.3 Capabilities with remote device");
2109 p_bta_av_cfg = &bta_av_cfg_compatibility;
2110 }
2111 }
2112 }
2113
2114 p_cb->disc = 0;
2115 osi_free_and_reset((void**)&p_cb->p_disc_db);
2116 p_cb->rc_feature.peer_ct_features = peer_ct_features;
2117 p_cb->rc_feature.peer_tg_features = peer_tg_features;
2118 p_cb->rc_feature.rc_handle = rc_handle;
2119 if (p_scb) {
2120 p_cb->rc_feature.peer_addr = p_scb->PeerAddress();
2121 }
2122
2123 log::verbose("peer_tg_features 0x{:x}, peer_ct_features 0x{:x}, features 0x{:x}",
2124 peer_tg_features, peer_ct_features, p_cb->features);
2125
2126 /* if we have no rc connection */
2127 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
2128 if (p_scb) {
2129 /* if peer remote control service matches ours and USE_RC is true */
2130 if (((p_cb->features & BTA_AV_FEAT_RCCT) && (peer_tg_features & BTA_AV_FEAT_RCTG)) ||
2131 ((p_cb->features & BTA_AV_FEAT_RCTG) && (peer_ct_features & BTA_AV_FEAT_RCCT))) {
2132 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
2133 if (p_lcb) {
2134 rc_handle = bta_av_rc_create(p_cb, AVCT_ROLE_INITIATOR, (uint8_t)(p_scb->hdi + 1),
2135 p_lcb->lidx);
2136 if (rc_handle != BTA_AV_RC_HANDLE_NONE) {
2137 p_cb->rcb[rc_handle].peer_ct_features = peer_ct_features;
2138 p_cb->rcb[rc_handle].peer_tg_features = peer_tg_features;
2139 p_cb->rcb[rc_handle].peer_features = 0;
2140 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2141 } else {
2142 /* cannot create valid rc_handle for current device. report failure
2143 */
2144 log::error("no link resources available");
2145 p_scb->use_rc = false;
2146 tBTA_AV bta_av_data = {
2147 .rc_open =
2148 {
2149 .peer_addr = p_scb->PeerAddress(),
2150 .status = BTA_AV_FAIL_RESOURCES,
2151 },
2152 };
2153 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2154 }
2155 } else {
2156 log::error("can not find LCB!!");
2157 }
2158 } else if (p_scb->use_rc) {
2159 /* can not find AVRC on peer device. report failure */
2160 p_scb->use_rc = false;
2161 tBTA_AV bta_av_data = {
2162 .rc_open =
2163 {
2164 .peer_ct_features = peer_ct_features,
2165 .peer_tg_features = peer_tg_features,
2166 .peer_addr = p_scb->PeerAddress(),
2167 .status = BTA_AV_FAIL_SDP,
2168 },
2169 };
2170 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2171 }
2172 }
2173 } else {
2174 p_cb->rcb[rc_handle].peer_ct_features = peer_ct_features;
2175 p_cb->rcb[rc_handle].peer_tg_features = peer_tg_features;
2176 p_cb->rcb[rc_handle].peer_features = 0;
2177
2178 RawAddress peer_addr = RawAddress::kEmpty;
2179 if (p_scb == NULL) {
2180 /*
2181 * In case scb is not created by the time we are done with SDP
2182 * we still need to send RC feature event. So we need to get BD
2183 * from Message. Note that lidx is 1 based not 0 based
2184 */
2185 if (p_cb->rcb[rc_handle].lidx > 0) {
2186 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2187 } else {
2188 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx].addr;
2189 }
2190 } else {
2191 peer_addr = p_scb->PeerAddress();
2192 }
2193
2194 tBTA_AV bta_av_feat = {.rc_feat = {
2195 .rc_handle = rc_handle,
2196 .peer_ct_features = peer_ct_features,
2197 .peer_tg_features = peer_tg_features,
2198 .peer_addr = peer_addr,
2199 }};
2200 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2201
2202 // Send PSM data
2203 log::verbose("Send PSM data. rc_psm = {:#x}", cover_art_psm);
2204 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2205 tBTA_AV bta_av_psm = {
2206 .rc_cover_art_psm =
2207 {
2208 .rc_handle = rc_handle,
2209 .cover_art_psm = cover_art_psm,
2210 .peer_addr = peer_addr,
2211 },
2212 };
2213 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2214 }
2215 }
2216
2217 /*******************************************************************************
2218 *
2219 * Function bta_av_rc_disc_done
2220 *
2221 * Description Handle AVRCP service discovery results. If matching
2222 * service found, open AVRCP connection.
2223 *
2224 * Returns void
2225 *
2226 ******************************************************************************/
bta_av_rc_disc_done(tBTA_AV_DATA * p_data)2227 void bta_av_rc_disc_done(tBTA_AV_DATA* p_data) {
2228 tBTA_AV_CB* p_cb = &bta_av_cb;
2229 tBTA_AV_SCB* p_scb = NULL;
2230 tBTA_AV_LCB* p_lcb;
2231 uint8_t rc_handle;
2232 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
2233 uint16_t cover_art_psm = 0x0000;
2234
2235 if (btif_av_both_enable()) {
2236 bta_av_rc_disc_done_all(p_data);
2237 return;
2238 }
2239
2240 log::verbose("bta_av_rc_disc_done disc:x{:x}", p_cb->disc);
2241 if (!p_cb->disc) {
2242 return;
2243 }
2244
2245 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2246 /* this is the rc handle/index to tBTA_AV_RCB */
2247 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
2248 } else {
2249 /* Validate array index*/
2250 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
2251 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
2252 }
2253 if (p_scb) {
2254 rc_handle = p_scb->rc_handle;
2255 } else {
2256 p_cb->disc = 0;
2257 return;
2258 }
2259 }
2260
2261 log::verbose("rc_handle {}", rc_handle);
2262 if (p_cb->sdp_a2dp_snk_handle) {
2263 /* This is Sink + CT + TG(Abs Vol) */
2264 peer_features = bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2265 log::verbose("populating rem ctrl target features {}", peer_features);
2266 if (BTA_AV_FEAT_ADV_CTRL & bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL)) {
2267 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
2268 }
2269
2270 if (peer_features & BTA_AV_FEAT_COVER_ARTWORK) {
2271 cover_art_psm = bta_avk_get_cover_art_psm();
2272 }
2273
2274 log::verbose("populating rem ctrl target bip psm 0x{:x}", cover_art_psm);
2275 } else if (p_cb->sdp_a2dp_handle) {
2276 /* check peer version and whether support CT and TG role */
2277 peer_features = bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2278 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) && ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
2279 /* if we support advance control and peer does not, check their support on
2280 * TG role
2281 * some implementation uses 1.3 on CT ans 1.4 on TG */
2282 peer_features |= bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2283 }
2284
2285 /* Change our features if the remote AVRCP version is 1.3 or less */
2286 tSDP_DISC_REC* p_rec = nullptr;
2287 p_rec = get_legacy_stack_sdp_api()->db.SDP_FindServiceInDb(
2288 p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
2289 if (p_rec != NULL && get_legacy_stack_sdp_api()->record.SDP_FindAttributeInRec(
2290 p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
2291 /* get profile version (if failure, version parameter is not updated) */
2292 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
2293 if (!get_legacy_stack_sdp_api()->record.SDP_FindProfileVersionInRec(
2294 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version)) {
2295 log::warn("Unable to find AVRCP version peer:{}", p_rec->remote_bd_addr);
2296 }
2297 if (peer_rc_version <= AVRC_REV_1_3) {
2298 log::verbose("Using AVRCP 1.3 Capabilities with remote device");
2299 p_bta_av_cfg = &bta_av_cfg_compatibility;
2300 }
2301 }
2302 }
2303
2304 bta_av_store_peer_rc_version();
2305
2306 p_cb->disc = 0;
2307 osi_free_and_reset((void**)&p_cb->p_disc_db);
2308
2309 log::verbose("peer_features 0x{:x}, features 0x{:x}", peer_features, p_cb->features);
2310
2311 /* if we have no rc connection */
2312 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
2313 if (p_scb) {
2314 /* if peer remote control service matches ours and USE_RC is true */
2315 if (((p_cb->features & BTA_AV_FEAT_RCCT) && (peer_features & BTA_AV_FEAT_RCTG)) ||
2316 ((p_cb->features & BTA_AV_FEAT_RCTG) && (peer_features & BTA_AV_FEAT_RCCT))) {
2317 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
2318 if (p_lcb) {
2319 rc_handle = bta_av_rc_create(p_cb, AVCT_ROLE_INITIATOR, (uint8_t)(p_scb->hdi + 1),
2320 p_lcb->lidx);
2321 if (rc_handle < BTA_AV_NUM_RCB) {
2322 p_cb->rcb[rc_handle].peer_features = peer_features;
2323 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2324 } else {
2325 /* cannot create valid rc_handle for current device. report failure
2326 */
2327 log::error("no link resources available");
2328 p_scb->use_rc = false;
2329 tBTA_AV bta_av_data = {
2330 .rc_open =
2331 {
2332 .cover_art_psm = 0,
2333 .peer_features = 0,
2334 .peer_addr = p_scb->PeerAddress(),
2335 .status = BTA_AV_FAIL_RESOURCES,
2336 },
2337 };
2338 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2339 }
2340 } else {
2341 log::error("can not find LCB!!");
2342 }
2343 } else if (p_scb->use_rc) {
2344 /* can not find AVRC on peer device. report failure */
2345 p_scb->use_rc = false;
2346 tBTA_AV bta_av_data = {
2347 .rc_open =
2348 {
2349 .rc_handle = BTA_AV_RC_HANDLE_NONE,
2350 .cover_art_psm = 0,
2351 .peer_features = 0,
2352 .peer_addr = p_scb->PeerAddress(),
2353 .status = BTA_AV_FAIL_SDP,
2354 },
2355 };
2356 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
2357 }
2358 if (peer_features != 0) {
2359 DEVICE_IOT_CONFIG_ADDR_SET_HEX(p_scb->PeerAddress(), IOT_CONF_KEY_AVRCP_FEATURES,
2360 peer_features, IOT_CONF_BYTE_NUM_2);
2361 }
2362 }
2363 } else {
2364 tBTA_AV_RC_FEAT rc_feat;
2365 p_cb->rcb[rc_handle].peer_features = peer_features;
2366 rc_feat.rc_handle = rc_handle;
2367 rc_feat.peer_features = peer_features;
2368 if (p_scb == NULL) {
2369 /*
2370 * In case scb is not created by the time we are done with SDP
2371 * we still need to send RC feature event. So we need to get BD
2372 * from Message. Note that lidx is 1 based not 0 based
2373 */
2374 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2375 } else {
2376 rc_feat.peer_addr = p_scb->PeerAddress();
2377 }
2378
2379 tBTA_AV bta_av_feat;
2380 bta_av_feat.rc_feat = rc_feat;
2381 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2382
2383 if (peer_features != 0) {
2384 DEVICE_IOT_CONFIG_ADDR_SET_HEX(rc_feat.peer_addr, IOT_CONF_KEY_AVRCP_FEATURES, peer_features,
2385 IOT_CONF_BYTE_NUM_2);
2386 }
2387
2388 // Send PSM data
2389 log::verbose("Send PSM data");
2390 tBTA_AV_RC_PSM rc_psm;
2391 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2392 rc_psm.rc_handle = rc_handle;
2393 rc_psm.cover_art_psm = cover_art_psm;
2394 if (p_scb == NULL) {
2395 rc_psm.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2396 } else {
2397 rc_psm.peer_addr = p_scb->PeerAddress();
2398 }
2399
2400 log::verbose("rc_psm = 0x{:x}", rc_psm.cover_art_psm);
2401
2402 tBTA_AV bta_av_psm;
2403 bta_av_psm.rc_cover_art_psm = rc_psm;
2404 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2405 }
2406 }
2407
2408 /*******************************************************************************
2409 *
2410 * Function bta_av_rc_closed
2411 *
2412 * Description Set AVRCP state to closed.
2413 *
2414 * Returns void
2415 *
2416 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)2417 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
2418 tBTA_AV_CB* p_cb = &bta_av_cb;
2419 tBTA_AV_RC_CLOSE rc_close;
2420 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2421 tBTA_AV_RCB* p_rcb;
2422 tBTA_AV_SCB* p_scb;
2423 int i;
2424 bool conn = false;
2425 tBTA_AV_LCB* p_lcb;
2426
2427 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
2428 rc_close.peer_addr = RawAddress::kEmpty;
2429 p_scb = NULL;
2430 log::verbose("rc_handle:{}, address:{}", p_msg->handle, p_msg->peer_addr);
2431 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
2432 p_rcb = &p_cb->rcb[i];
2433 log::verbose("rcb[{}] rc_handle:{}, status=0x{:x}, shdl:{}, lidx:{}", i, p_rcb->handle,
2434 p_rcb->status, p_rcb->shdl, p_rcb->lidx);
2435 if (p_rcb->handle == p_msg->handle) {
2436 if (btif_av_src_sink_coexist_enabled() && p_rcb->shdl &&
2437 (p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2438 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2439 if (p_scb && !(p_scb->PeerAddress() == p_msg->peer_addr)) {
2440 log::verbose("handle{} {} error p_scb or addr", i, p_scb->PeerAddress());
2441 conn = true;
2442 continue;
2443 }
2444 }
2445 rc_close.rc_handle = i;
2446 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
2447 p_rcb->peer_features = 0;
2448 p_rcb->cover_art_psm = 0;
2449 p_rcb->peer_ct_features = 0;
2450 p_rcb->peer_tg_features = 0;
2451 p_cb->rc_feature = {};
2452 log::verbose("shdl:{}, lidx:{}", p_rcb->shdl, p_rcb->lidx);
2453 if (p_rcb->shdl) {
2454 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2455 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2456 }
2457 if (p_scb) {
2458 rc_close.peer_addr = p_scb->PeerAddress();
2459 if (p_scb->rc_handle == p_rcb->handle) {
2460 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
2461 }
2462 log::verbose("shdl:{}, srch:{}", p_rcb->shdl, p_scb->rc_handle);
2463 }
2464 p_rcb->shdl = 0;
2465 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
2466 /* if the RCB uses the extra LCB, use the addr for event and clean it */
2467 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
2468 rc_close.peer_addr = p_msg->peer_addr;
2469 log::info("rc_only closed bd_addr: {}", p_msg->peer_addr);
2470 p_lcb->conn_msk = 0;
2471 p_lcb->lidx = 0;
2472 }
2473 p_rcb->lidx = 0;
2474
2475 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
2476 /* AVCT CCB is deallocated */
2477 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
2478 p_rcb->status = 0;
2479 } else {
2480 /* AVCT CCB is still there. dealloc */
2481 bta_av_del_rc(p_rcb);
2482 }
2483 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) && (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
2484 /* at least one channel is still connected */
2485 conn = true;
2486 }
2487 }
2488
2489 if (!conn) {
2490 /* no AVRC channels are connected, go back to INIT state */
2491 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
2492 }
2493
2494 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
2495 rc_close.rc_handle = p_msg->handle;
2496 rc_close.peer_addr = p_msg->peer_addr;
2497 }
2498 tBTA_AV bta_av_data;
2499 bta_av_data.rc_close = rc_close;
2500 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
2501 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE && bta_av_cb.features & BTA_AV_FEAT_RCTG) {
2502 bta_av_rc_create(&bta_av_cb, AVCT_ROLE_ACCEPTOR, 0, BTA_AV_NUM_LINKS + 1);
2503 }
2504 }
2505
2506 /*******************************************************************************
2507 *
2508 * Function bta_av_rc_browse_opened
2509 *
2510 * Description AVRC browsing channel is opened
2511 *
2512 * Returns void
2513 *
2514 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)2515 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
2516 tBTA_AV_CB* p_cb = &bta_av_cb;
2517 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2518
2519 log::info("peer_addr: {} rc_handle:{}", p_msg->peer_addr, p_msg->handle);
2520
2521 tBTA_AV bta_av_data = {
2522 .rc_browse_open =
2523 {
2524 .rc_handle = p_msg->handle,
2525 .peer_addr = p_msg->peer_addr,
2526 .status = BTA_AV_SUCCESS,
2527 },
2528 };
2529
2530 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
2531 }
2532
2533 /*******************************************************************************
2534 *
2535 * Function bta_av_rc_browse_closed
2536 *
2537 * Description AVRC browsing channel is closed
2538 *
2539 * Returns void
2540 *
2541 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)2542 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2543 tBTA_AV_CB* p_cb = &bta_av_cb;
2544 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2545
2546 log::info("peer_addr: {} rc_handle:{}", p_msg->peer_addr, p_msg->handle);
2547
2548 tBTA_AV bta_av_data = {
2549 .rc_browse_close =
2550 {
2551 .rc_handle = p_msg->handle,
2552 .peer_addr = p_msg->peer_addr,
2553 },
2554 };
2555
2556 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2557 }
2558
2559 /*******************************************************************************
2560 *
2561 * Function bta_av_rc_disc
2562 *
2563 * Description start AVRC SDP discovery.
2564 *
2565 * Returns void
2566 *
2567 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2568 void bta_av_rc_disc(uint8_t disc) {
2569 tBTA_AV_CB* p_cb = &bta_av_cb;
2570 tAVRC_SDP_DB_PARAMS db_params;
2571 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST, ATTR_ID_BT_PROFILE_DESC_LIST,
2572 ATTR_ID_SUPPORTED_FEATURES, ATTR_ID_ADDITION_PROTO_DESC_LISTS};
2573 uint8_t hdi;
2574 tBTA_AV_SCB* p_scb;
2575 RawAddress peer_addr = RawAddress::kEmpty;
2576 uint8_t rc_handle;
2577
2578 log::verbose("disc: 0x{:x}, bta_av_cb.disc: 0x{:x}", disc, bta_av_cb.disc);
2579 if ((bta_av_cb.disc != 0) || (disc == 0)) {
2580 return;
2581 }
2582
2583 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2584 /* this is the rc handle/index to tBTA_AV_RCB */
2585 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2586 if (p_cb->rcb[rc_handle].lidx) {
2587 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2588 }
2589 } else {
2590 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2591 p_scb = p_cb->p_scb[hdi];
2592
2593 if (p_scb) {
2594 log::verbose("rc_handle {}", p_scb->rc_handle);
2595 peer_addr = p_scb->PeerAddress();
2596 }
2597 }
2598
2599 if (!peer_addr.IsEmpty()) {
2600 /* allocate discovery database */
2601 if (p_cb->p_disc_db == NULL) {
2602 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2603 }
2604
2605 /* set up parameters */
2606 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2607 db_params.num_attr = sizeof(attr_list) / sizeof(uint16_t);
2608 db_params.p_db = p_cb->p_disc_db;
2609 db_params.p_attrs = attr_list;
2610
2611 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2612 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr, &db_params,
2613 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2614 p_cb->disc = disc;
2615 log::verbose("disc 0x{:x}", p_cb->disc);
2616 }
2617 }
2618 }
2619
2620 /*******************************************************************************
2621 *
2622 * Function bta_av_dereg_comp
2623 *
2624 * Description deregister complete. free the stream control block.
2625 *
2626 * Returns void
2627 *
2628 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2629 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2630 tBTA_AV_CB* p_cb = &bta_av_cb;
2631 tBTA_AV_SCB* p_scb;
2632 tBTA_UTL_COD cod = {
2633 .minor = BTM_COD_MINOR_UNCLASSIFIED,
2634 .major = BTM_COD_MAJOR_UNCLASSIFIED,
2635 .service = 0,
2636 };
2637
2638 uint8_t mask;
2639 BT_HDR* p_buf;
2640
2641 /* find the stream control block */
2642 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2643
2644 if (p_scb) {
2645 log::verbose("deregistered {}(h{})", p_scb->chnl, p_scb->hndl);
2646 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2647 p_cb->reg_audio &= ~mask;
2648 if ((p_cb->conn_audio & mask) && p_cb->audio_open_cnt) {
2649 /* this channel is still marked as open. decrease the count */
2650 p_cb->audio_open_cnt--;
2651 }
2652 p_cb->conn_audio &= ~mask;
2653
2654 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2655 /* make sure no buffers are in a2dp_list */
2656 while (!list_is_empty(p_scb->a2dp_list)) {
2657 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2658 list_remove(p_scb->a2dp_list, p_buf);
2659 osi_free(p_buf);
2660 }
2661 }
2662
2663 /* remove the A2DP SDP record, if no more audio stream is left */
2664 if (!p_cb->reg_audio) {
2665 /* Only remove the SDP record if we're the ones that created it */
2666 if (is_new_avrcp_enabled()) {
2667 log::verbose(
2668 "newavrcp is the owner of the AVRCP Target SDP record. Don't dereg the SDP record");
2669 } else {
2670 log::verbose("newavrcp is not enabled. Remove SDP record");
2671 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2672 }
2673
2674 if (p_cb->sdp_a2dp_handle) {
2675 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2676 p_cb->sdp_a2dp_handle = 0;
2677 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2678 }
2679
2680 if (p_cb->sdp_a2dp_snk_handle) {
2681 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2682 p_cb->sdp_a2dp_snk_handle = 0;
2683 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2684 }
2685 }
2686
2687 bta_av_free_scb(p_scb);
2688 }
2689
2690 log::verbose("audio 0x{:x}, disable:{}", p_cb->reg_audio, p_cb->disabling);
2691 /* if no stream control block is active */
2692 if (p_cb->reg_audio == 0) {
2693 /* deregister from AVDT */
2694 bta_ar_dereg_avdt();
2695
2696 /* deregister from AVCT */
2697 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2698 bta_ar_dereg_avct();
2699
2700 if (p_cb->disabling) {
2701 p_cb->disabling = false;
2702 // reset enabling parameters
2703 p_cb->features = 0;
2704 p_cb->sec_mask = 0;
2705 bta_av_cb.sink_features = 0;
2706 bta_av_cb.reg_role = 0;
2707 }
2708
2709 /* Clear the Capturing service class bit */
2710 cod.service = BTM_COD_SERVICE_CAPTURING;
2711 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2712 }
2713 }
2714