1 /* 2 * Copyright (C) 2016 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BLUEKITCHEN 24 * GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #define BTSTACK_FILE__ "avrcp.c" 39 40 #include <stdint.h> 41 #include <string.h> 42 // snprintf 43 #include <stdio.h> 44 45 #include "bluetooth_psm.h" 46 #include "bluetooth_sdp.h" 47 #include "btstack_debug.h" 48 #include "btstack_event.h" 49 #include "btstack_memory.h" 50 #include "classic/sdp_client.h" 51 #include "classic/sdp_util.h" 52 #include "classic/avrcp.h" 53 54 55 typedef struct { 56 uint8_t parse_sdp_record; 57 uint32_t record_id; 58 uint16_t avrcp_cid; 59 uint16_t avrcp_l2cap_psm; 60 uint16_t avrcp_version; 61 62 uint16_t browsing_l2cap_psm; 63 uint16_t browsing_version; 64 uint16_t cover_art_l2cap_psm; 65 } avrcp_sdp_query_context_t; 66 67 static void avrcp_packet_handler(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size); 68 static void avrcp_start_next_sdp_query(void); 69 70 static const char * avrcp_default_controller_service_name = "BTstack AVRCP Controller Service"; 71 static const char * avrcp_default_controller_service_provider_name = "BTstack AVRCP Controller Service Provider"; 72 static const char * avrcp_defaul_target_service_name = "BTstack AVRCP Target Service"; 73 static const char * avrcp_default_target_service_provider_name = "BTstack AVRCP Target Service Provider"; 74 75 static const char * avrcp_subunit_type_name[] = { 76 "MONITOR", "AUDIO", "PRINTER", "DISC", "TAPE_RECORDER_PLAYER", "TUNER", 77 "CA", "CAMERA", "RESERVED", "PANEL", "BULLETIN_BOARD", "CAMERA_STORAGE", 78 "VENDOR_UNIQUE", "RESERVED_FOR_ALL_SUBUNIT_TYPES", 79 "EXTENDED_TO_NEXT_BYTE", "UNIT", "ERROR" 80 }; 81 82 // default subunit info: single PANEL subunit 83 static const uint8_t avrcp_default_subunit_info[] = { AVRCP_SUBUNIT_TYPE_PANEL << 3}; 84 85 // globals 86 static bool avrcp_l2cap_service_registered = false; 87 88 // connections 89 static uint16_t avrcp_cid_counter; 90 static btstack_linked_list_t avrcp_connections; 91 92 // higher layer callbacks 93 static btstack_packet_handler_t avrcp_callback; 94 static btstack_packet_handler_t avrcp_controller_packet_handler; 95 static btstack_packet_handler_t avrcp_target_packet_handler; 96 97 // sdp query 98 static btstack_context_callback_registration_t avrcp_sdp_query_registration; 99 static avrcp_sdp_query_context_t avrcp_sdp_query_context; 100 static uint8_t avrcp_sdp_query_attribute_value[45]; 101 static const unsigned int avrcp_sdp_query_attribute_value_buffer_size = sizeof(avrcp_sdp_query_attribute_value); 102 103 static void (*avrcp_browsing_sdp_query_complete_handler)(avrcp_connection_t * connection, uint8_t status); 104 105 106 const char * avrcp_subunit2str(uint16_t index){ 107 if (index <= 11) return avrcp_subunit_type_name[index]; 108 if ((index >= 0x1C) && (index <= 0x1F)) return avrcp_subunit_type_name[index - 0x10]; 109 return avrcp_subunit_type_name[16]; 110 } 111 112 static const char * avrcp_event_name[] = { 113 "ERROR", "PLAYBACK_STATUS_CHANGED", 114 "TRACK_CHANGED", "TRACK_REACHED_END", "TRACK_REACHED_START", 115 "PLAYBACK_POS_CHANGED", "BATT_STATUS_CHANGED", "SYSTEM_STATUS_CHANGED", 116 "PLAYER_APPLICATION_SETTING_CHANGED", "NOW_PLAYING_CONTENT_CHANGED", 117 "AVAILABLE_PLAYERS_CHANGED", "ADDRESSED_PLAYER_CHANGED", "UIDS_CHANGED", "VOLUME_CHANGED" 118 }; 119 const char * avrcp_event2str(uint16_t index){ 120 if (index <= 0x0d) return avrcp_event_name[index]; 121 return avrcp_event_name[0]; 122 } 123 124 static const char * avrcp_operation_name[] = { 125 "SKIP", NULL, NULL, NULL, NULL, 126 "VOLUME_UP", "VOLUME_DOWN", "MUTE", "PLAY", "STOP", "PAUSE", NULL, 127 "REWIND", "FAST_FORWARD", NULL, "FORWARD", "BACKWARD" // 0x4C 128 }; 129 130 const char * avrcp_operation2str(uint8_t operation_id){ 131 char * name = NULL; 132 if ((operation_id >= AVRCP_OPERATION_ID_SKIP) && (operation_id <= AVRCP_OPERATION_ID_BACKWARD)){ 133 name = (char *)avrcp_operation_name[operation_id - AVRCP_OPERATION_ID_SKIP]; 134 } 135 if (name == NULL){ 136 static char buffer[13]; 137 snprintf(buffer, sizeof(buffer), "Unknown 0x%02x", operation_id); 138 buffer[sizeof(buffer)-1] = 0; 139 return buffer; 140 } else { 141 return name; 142 } 143 } 144 145 static const char * avrcp_media_attribute_id_name[] = { 146 "NONE", "TITLE", "ARTIST", "ALBUM", "TRACK", "TOTAL TRACKS", "GENRE", "SONG LENGTH" 147 }; 148 const char * avrcp_attribute2str(uint8_t index){ 149 if (index > 7){ 150 index = 0; 151 } 152 return avrcp_media_attribute_id_name[0]; 153 } 154 155 static const char * avrcp_play_status_name[] = { 156 "STOPPED", "PLAYING", "PAUSED", "FORWARD SEEK", "REVERSE SEEK", 157 "ERROR" // 0xFF 158 }; 159 const char * avrcp_play_status2str(uint8_t index){ 160 if (index > 4){ 161 index = 5; 162 } 163 return avrcp_play_status_name[index]; 164 } 165 166 static const char * avrcp_ctype_name[] = { 167 "CONTROL", 168 "STATUS", 169 "SPECIFIC_INQUIRY", 170 "NOTIFY", 171 "GENERAL_INQUIRY", 172 "RESERVED5", 173 "RESERVED6", 174 "RESERVED7", 175 "NOT IMPLEMENTED IN REMOTE", 176 "ACCEPTED BY REMOTE", 177 "REJECTED BY REMOTE", 178 "IN_TRANSITION", 179 "IMPLEMENTED_STABLE", 180 "CHANGED_STABLE", 181 "RESERVED", 182 "INTERIM" 183 }; 184 static const uint16_t avrcp_ctype_name_num = 16; 185 186 const char * avrcp_ctype2str(uint8_t index){ 187 if (index < avrcp_ctype_name_num){ 188 return avrcp_ctype_name[index]; 189 } 190 return "NONE"; 191 } 192 193 static const char * avrcp_shuffle_mode_name[] = { 194 "SHUFFLE OFF", 195 "SHUFFLE ALL TRACKS", 196 "SHUFFLE GROUP" 197 }; 198 199 const char * avrcp_shuffle2str(uint8_t index){ 200 if ((index >= 1) && (index <= 3)) return avrcp_shuffle_mode_name[index-1]; 201 return "NONE"; 202 } 203 204 static const char * avrcp_repeat_mode_name[] = { 205 "REPEAT OFF", 206 "REPEAT SINGLE TRACK", 207 "REPEAT ALL TRACKS", 208 "REPEAT GROUP" 209 }; 210 211 const char * avrcp_repeat2str(uint8_t index){ 212 if ((index >= 1) && (index <= 4)) return avrcp_repeat_mode_name[index-1]; 213 return "NONE"; 214 } 215 216 static const char * notification_name[] = { 217 "INVALID_INDEX", 218 "PLAYBACK_STATUS_CHANGED", 219 "TRACK_CHANGED", 220 "TRACK_REACHED_END", 221 "TRACK_REACHED_START", 222 "PLAYBACK_POS_CHANGED", 223 "BATT_STATUS_CHANGED", 224 "SYSTEM_STATUS_CHANGED", 225 "PLAYER_APPLICATION_SETTING_CHANGED", 226 "NOW_PLAYING_CONTENT_CHANGED", 227 "AVAILABLE_PLAYERS_CHANGED", 228 "ADDRESSED_PLAYER_CHANGED", 229 "UIDS_CHANGED", 230 "VOLUME_CHANGED", 231 "MAX_VALUE" 232 }; 233 234 const char * avrcp_notification2str(avrcp_notification_event_id_t index){ 235 if ((index >= AVRCP_NOTIFICATION_EVENT_FIRST_INDEX) && (index <= AVRCP_NOTIFICATION_EVENT_LAST_INDEX)){ 236 return notification_name[index]; 237 } 238 return notification_name[0]; 239 } 240 241 btstack_linked_list_t avrcp_get_connections(void){ 242 return avrcp_connections; 243 } 244 245 uint8_t avrcp_cmd_opcode(uint8_t *packet, uint16_t size){ 246 uint8_t cmd_opcode_index = 5; 247 if (cmd_opcode_index > size) return AVRCP_CMD_OPCODE_UNDEFINED; 248 return packet[cmd_opcode_index]; 249 } 250 251 void avrcp_create_sdp_record(uint8_t controller, uint8_t * service, uint32_t service_record_handle, uint8_t browsing, uint16_t supported_features, 252 const char * service_name, const char * service_provider_name){ 253 uint8_t* attribute; 254 de_create_sequence(service); 255 256 // 0x0000 "Service Record Handle" 257 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_SERVICE_RECORD_HANDLE); 258 de_add_number(service, DE_UINT, DE_SIZE_32, service_record_handle); 259 260 // 0x0001 "Service Class ID List" 261 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_SERVICE_CLASS_ID_LIST); 262 attribute = de_push_sequence(service); 263 { 264 if (controller){ 265 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL); 266 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_CONTROLLER); 267 } else { 268 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_TARGET); 269 } 270 } 271 de_pop_sequence(service, attribute); 272 273 // 0x0004 "Protocol Descriptor List" 274 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_PROTOCOL_DESCRIPTOR_LIST); 275 attribute = de_push_sequence(service); 276 { 277 uint8_t* l2cpProtocol = de_push_sequence(attribute); 278 { 279 de_add_number(l2cpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_L2CAP); 280 de_add_number(l2cpProtocol, DE_UINT, DE_SIZE_16, BLUETOOTH_PSM_AVCTP); 281 } 282 de_pop_sequence(attribute, l2cpProtocol); 283 284 uint8_t* avctpProtocol = de_push_sequence(attribute); 285 { 286 de_add_number(avctpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_AVCTP); // avctpProtocol_service 287 de_add_number(avctpProtocol, DE_UINT, DE_SIZE_16, 0x0104); // version 288 } 289 de_pop_sequence(attribute, avctpProtocol); 290 } 291 de_pop_sequence(service, attribute); 292 293 // 0x0005 "Public Browse Group" 294 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_BROWSE_GROUP_LIST); // public browse group 295 attribute = de_push_sequence(service); 296 { 297 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_PUBLIC_BROWSE_ROOT); 298 } 299 de_pop_sequence(service, attribute); 300 301 // 0x0009 "Bluetooth Profile Descriptor List" 302 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_BLUETOOTH_PROFILE_DESCRIPTOR_LIST); 303 attribute = de_push_sequence(service); 304 { 305 uint8_t *avrcProfile = de_push_sequence(attribute); 306 { 307 de_add_number(avrcProfile, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL); 308 de_add_number(avrcProfile, DE_UINT, DE_SIZE_16, 0x0106); 309 } 310 de_pop_sequence(attribute, avrcProfile); 311 } 312 de_pop_sequence(service, attribute); 313 314 // 0x000d "Additional Bluetooth Profile Descriptor List" 315 if (browsing){ 316 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS); 317 attribute = de_push_sequence(service); 318 { 319 uint8_t * des = de_push_sequence(attribute); 320 { 321 uint8_t* browsing_l2cpProtocol = de_push_sequence(des); 322 { 323 de_add_number(browsing_l2cpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_L2CAP); 324 de_add_number(browsing_l2cpProtocol, DE_UINT, DE_SIZE_16, BLUETOOTH_PSM_AVCTP_BROWSING); 325 } 326 de_pop_sequence(des, browsing_l2cpProtocol); 327 328 uint8_t* browsing_avctpProtocol = de_push_sequence(des); 329 { 330 de_add_number(browsing_avctpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_AVCTP); // browsing_avctpProtocol_service 331 de_add_number(browsing_avctpProtocol, DE_UINT, DE_SIZE_16, 0x0104); // version 332 } 333 de_pop_sequence(des, browsing_avctpProtocol); 334 } 335 de_pop_sequence(attribute, des); 336 } 337 de_pop_sequence(service, attribute); 338 } 339 340 341 // 0x0100 "Service Name" 342 de_add_number(service, DE_UINT, DE_SIZE_16, 0x0100); 343 if (service_name){ 344 de_add_data(service, DE_STRING, (uint16_t) strlen(service_name), (uint8_t *) service_name); 345 } else { 346 if (controller){ 347 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_default_controller_service_name), (uint8_t *) avrcp_default_controller_service_name); 348 } else { 349 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_defaul_target_service_name), (uint8_t *) avrcp_defaul_target_service_name); 350 } 351 } 352 353 // 0x0100 "Provider Name" 354 de_add_number(service, DE_UINT, DE_SIZE_16, 0x0102); 355 if (service_provider_name){ 356 de_add_data(service, DE_STRING, (uint16_t) strlen(service_provider_name), (uint8_t *) service_provider_name); 357 } else { 358 if (controller){ 359 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_default_controller_service_provider_name), (uint8_t *) avrcp_default_controller_service_provider_name); 360 } else { 361 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_default_target_service_provider_name), (uint8_t *) avrcp_default_target_service_provider_name); 362 } 363 } 364 365 // 0x0311 "Supported Features" 366 de_add_number(service, DE_UINT, DE_SIZE_16, 0x0311); 367 de_add_number(service, DE_UINT, DE_SIZE_16, supported_features); 368 } 369 370 uint16_t avctp_get_num_bytes_for_header(avctp_packet_type_t avctp_packet_type) { 371 switch (avctp_packet_type){ 372 case AVCTP_SINGLE_PACKET: 373 // AVCTP message: transport header (1), pid (2) 374 return 3; 375 case AVCTP_START_PACKET: 376 // AVCTP message: transport header (1), num_packets (1), pid (2) 377 return 4; 378 default: 379 // AVCTP message: transport header (1) 380 return 1; 381 } 382 } 383 384 uint16_t avrcp_get_num_bytes_for_header(avrcp_command_opcode_t command_opcode, avctp_packet_type_t avctp_packet_type) { 385 switch (avctp_packet_type){ 386 case AVCTP_SINGLE_PACKET: 387 case AVCTP_START_PACKET: 388 break; 389 default: 390 return 0; 391 } 392 393 uint16_t offset = 3; // AVRCP message: cmd type (1), subunit (1), opcode (1) 394 switch (command_opcode){ 395 case AVRCP_CMD_OPCODE_VENDOR_DEPENDENT: 396 offset += 7; // AVRCP message: company (3), pdu id(1), AVRCP packet type (1), param_len (2) 397 break; 398 case AVRCP_CMD_OPCODE_PASS_THROUGH: 399 offset += 3; // AVRCP message: operation id (1), param_len (2) 400 break; 401 default: 402 break; 403 } 404 return offset; 405 } 406 407 static uint16_t avrcp_get_num_free_bytes_for_payload(uint16_t l2cap_mtu, avrcp_command_opcode_t command_opcode, avctp_packet_type_t avctp_packet_type){ 408 uint16_t max_frame_size = btstack_min(l2cap_mtu, AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE); 409 uint16_t payload_offset = avctp_get_num_bytes_for_header(avctp_packet_type) + 410 avrcp_get_num_bytes_for_header(command_opcode, avctp_packet_type); 411 412 btstack_assert(max_frame_size >= payload_offset); 413 return (max_frame_size - payload_offset); 414 } 415 416 417 avctp_packet_type_t avctp_get_packet_type(avrcp_connection_t * connection, uint16_t * max_payload_size){ 418 if (connection->l2cap_mtu >= AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE){ 419 return AVCTP_SINGLE_PACKET; 420 } 421 422 if (connection->data_offset == 0){ 423 uint16_t max_payload_size_for_single_packet = avrcp_get_num_free_bytes_for_payload(connection->l2cap_mtu, 424 connection->command_opcode, 425 AVCTP_SINGLE_PACKET); 426 if (max_payload_size_for_single_packet >= connection->data_len){ 427 *max_payload_size = max_payload_size_for_single_packet; 428 return AVCTP_SINGLE_PACKET; 429 } else { 430 uint16_t max_payload_size_for_start_packet = max_payload_size_for_single_packet - 1; 431 *max_payload_size = max_payload_size_for_start_packet; 432 return AVCTP_START_PACKET; 433 } 434 } else { 435 // both packet types have the same single byte AVCTP header 436 *max_payload_size = avrcp_get_num_free_bytes_for_payload(connection->l2cap_mtu, 437 connection->command_opcode, 438 AVCTP_CONTINUE_PACKET); 439 if ((connection->data_len - connection->data_offset) > *max_payload_size){ 440 return AVCTP_CONTINUE_PACKET; 441 } else { 442 return AVCTP_END_PACKET; 443 } 444 } 445 } 446 447 avrcp_packet_type_t avrcp_get_packet_type(avrcp_connection_t * connection){ 448 switch (connection->avctp_packet_type) { 449 case AVCTP_SINGLE_PACKET: 450 case AVCTP_START_PACKET: 451 break; 452 default: 453 return connection->avrcp_packet_type; 454 } 455 456 uint16_t payload_offset = avctp_get_num_bytes_for_header(connection->avctp_packet_type) + 457 avrcp_get_num_bytes_for_header(connection->command_opcode, connection->avctp_packet_type); 458 uint16_t bytes_to_send = (connection->data_len - connection->data_offset) + payload_offset; 459 460 if (connection->data_offset == 0){ 461 if (bytes_to_send <= AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE){ 462 return AVRCP_SINGLE_PACKET; 463 } else { 464 return AVRCP_START_PACKET; 465 } 466 } else { 467 if (bytes_to_send > AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE){ 468 return AVRCP_CONTINUE_PACKET; 469 } else { 470 return AVRCP_END_PACKET; 471 } 472 } 473 } 474 475 avrcp_connection_t * avrcp_get_connection_for_bd_addr_for_role(avrcp_role_t role, bd_addr_t addr){ 476 btstack_linked_list_iterator_t it; 477 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 478 while (btstack_linked_list_iterator_has_next(&it)){ 479 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 480 if (connection->role != role) continue; 481 if (memcmp(addr, connection->remote_addr, 6) != 0) continue; 482 return connection; 483 } 484 return NULL; 485 } 486 487 avrcp_connection_t * avrcp_get_connection_for_l2cap_signaling_cid_for_role(avrcp_role_t role, uint16_t l2cap_cid){ 488 btstack_linked_list_iterator_t it; 489 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 490 while (btstack_linked_list_iterator_has_next(&it)){ 491 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 492 if (connection->role != role) continue; 493 if (connection->l2cap_signaling_cid != l2cap_cid) continue; 494 return connection; 495 } 496 return NULL; 497 } 498 499 avrcp_connection_t * avrcp_get_connection_for_avrcp_cid_for_role(avrcp_role_t role, uint16_t avrcp_cid){ 500 btstack_linked_list_iterator_t it; 501 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 502 while (btstack_linked_list_iterator_has_next(&it)){ 503 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 504 if (connection->role != role) continue; 505 if (connection->avrcp_cid != avrcp_cid) continue; 506 return connection; 507 } 508 return NULL; 509 } 510 511 avrcp_connection_t * avrcp_get_connection_for_browsing_cid_for_role(avrcp_role_t role, uint16_t browsing_cid){ 512 btstack_linked_list_iterator_t it; 513 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 514 while (btstack_linked_list_iterator_has_next(&it)){ 515 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 516 if (connection->role != role) continue; 517 if (connection->avrcp_browsing_cid != browsing_cid) continue; 518 return connection; 519 } 520 return NULL; 521 } 522 523 avrcp_connection_t * avrcp_get_connection_for_browsing_l2cap_cid_for_role(avrcp_role_t role, uint16_t browsing_l2cap_cid){ 524 btstack_linked_list_iterator_t it; 525 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 526 while (btstack_linked_list_iterator_has_next(&it)){ 527 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 528 if (connection->role != role) continue; 529 if (connection->browsing_connection && (connection->browsing_connection->l2cap_browsing_cid != browsing_l2cap_cid)) continue; 530 return connection; 531 } 532 return NULL; 533 } 534 535 avrcp_browsing_connection_t * avrcp_get_browsing_connection_for_l2cap_cid_for_role(avrcp_role_t role, uint16_t l2cap_cid){ 536 btstack_linked_list_iterator_t it; 537 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 538 while (btstack_linked_list_iterator_has_next(&it)){ 539 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 540 if (connection->role != role) continue; 541 if (connection->browsing_connection && (connection->browsing_connection->l2cap_browsing_cid != l2cap_cid)) continue; 542 return connection->browsing_connection; 543 } 544 return NULL; 545 } 546 547 void avrcp_request_can_send_now(avrcp_connection_t * connection, uint16_t l2cap_cid){ 548 connection->wait_to_send = true; 549 l2cap_request_can_send_now_event(l2cap_cid); 550 } 551 552 uint16_t avrcp_get_next_cid(avrcp_role_t role){ 553 do { 554 if (avrcp_cid_counter == 0xffff) { 555 avrcp_cid_counter = 1; 556 } else { 557 avrcp_cid_counter++; 558 } 559 } while (avrcp_get_connection_for_avrcp_cid_for_role(role, avrcp_cid_counter) != NULL) ; 560 return avrcp_cid_counter; 561 } 562 563 static avrcp_connection_t * avrcp_create_connection(avrcp_role_t role, bd_addr_t remote_addr){ 564 avrcp_connection_t * connection = btstack_memory_avrcp_connection_get(); 565 if (!connection){ 566 log_error("Not enough memory to create connection for role %d", role); 567 return NULL; 568 } 569 570 connection->state = AVCTP_CONNECTION_IDLE; 571 connection->role = role; 572 573 connection->transaction_id = 0xFF; 574 connection->transaction_id_counter = 0; 575 576 connection->controller_max_num_fragments = 0xFF; 577 578 // setup default unit / subunit info 579 connection->company_id = 0xffffff; 580 connection->target_unit_type = AVRCP_SUBUNIT_TYPE_PANEL; 581 connection->target_subunit_info_data_size = sizeof(avrcp_default_subunit_info); 582 connection->target_subunit_info_data = avrcp_default_subunit_info; 583 584 log_info("avrcp_create_connection, role %d", role); 585 (void)memcpy(connection->remote_addr, remote_addr, 6); 586 btstack_linked_list_add(&avrcp_connections, (btstack_linked_item_t *) connection); 587 return connection; 588 } 589 590 static void avrcp_finalize_connection(avrcp_connection_t * connection){ 591 btstack_run_loop_remove_timer(&connection->retry_timer); 592 btstack_run_loop_remove_timer(&connection->controller_press_and_hold_cmd_timer); 593 btstack_linked_list_remove(&avrcp_connections, (btstack_linked_item_t*) connection); 594 btstack_memory_avrcp_connection_free(connection); 595 } 596 597 static void avrcp_emit_connection_established(uint16_t avrcp_cid, bd_addr_t addr, hci_con_handle_t con_handle, uint8_t status){ 598 btstack_assert(avrcp_callback != NULL); 599 600 uint8_t event[14]; 601 int pos = 0; 602 event[pos++] = HCI_EVENT_AVRCP_META; 603 event[pos++] = sizeof(event) - 2; 604 event[pos++] = AVRCP_SUBEVENT_CONNECTION_ESTABLISHED; 605 event[pos++] = status; 606 little_endian_store_16(event, pos, avrcp_cid); 607 pos += 2; 608 reverse_bd_addr(addr,&event[pos]); 609 pos += 6; 610 little_endian_store_16(event, pos, con_handle); 611 pos += 2; 612 (*avrcp_callback)(HCI_EVENT_PACKET, 0, event, sizeof(event)); 613 } 614 615 static void avrcp_emit_connection_closed(uint16_t avrcp_cid){ 616 btstack_assert(avrcp_callback != NULL); 617 618 uint8_t event[5]; 619 int pos = 0; 620 event[pos++] = HCI_EVENT_AVRCP_META; 621 event[pos++] = sizeof(event) - 2; 622 event[pos++] = AVRCP_SUBEVENT_CONNECTION_RELEASED; 623 little_endian_store_16(event, pos, avrcp_cid); 624 pos += 2; 625 (*avrcp_callback)(HCI_EVENT_PACKET, 0, event, sizeof(event)); 626 } 627 628 uint16_t avrcp_sdp_query_browsing_l2cap_psm(void){ 629 return avrcp_sdp_query_context.browsing_l2cap_psm; 630 } 631 632 void avrcp_handle_sdp_client_query_attribute_value(uint8_t *packet){ 633 des_iterator_t des_list_it; 634 635 des_iterator_t additional_protocol_descriptor_list_it; 636 des_iterator_t protocol_descriptor_list_it; 637 des_iterator_t protocol_it; 638 uint8_t protocol_descriptor_id; 639 640 // Handle new SDP record 641 if (sdp_event_query_attribute_byte_get_record_id(packet) != avrcp_sdp_query_context.record_id) { 642 avrcp_sdp_query_context.record_id = sdp_event_query_attribute_byte_get_record_id(packet); 643 avrcp_sdp_query_context.parse_sdp_record = 0; 644 // log_info("SDP Record: Nr: %d", record_id); 645 } 646 647 if (sdp_event_query_attribute_byte_get_attribute_length(packet) <= avrcp_sdp_query_attribute_value_buffer_size) { 648 avrcp_sdp_query_attribute_value[sdp_event_query_attribute_byte_get_data_offset(packet)] = sdp_event_query_attribute_byte_get_data(packet); 649 650 if ((uint16_t)(sdp_event_query_attribute_byte_get_data_offset(packet)+1) == sdp_event_query_attribute_byte_get_attribute_length(packet)) { 651 switch(sdp_event_query_attribute_byte_get_attribute_id(packet)) { 652 case BLUETOOTH_ATTRIBUTE_SERVICE_CLASS_ID_LIST: 653 if (de_get_element_type(avrcp_sdp_query_attribute_value) != DE_DES) break; 654 for (des_iterator_init(&des_list_it, avrcp_sdp_query_attribute_value); des_iterator_has_more(&des_list_it); des_iterator_next(&des_list_it)) { 655 uint8_t * element = des_iterator_get_element(&des_list_it); 656 if (de_get_element_type(element) != DE_UUID) continue; 657 uint32_t uuid = de_get_uuid32(element); 658 switch (uuid){ 659 case BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_TARGET: 660 case BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL: 661 case BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_CONTROLLER: 662 avrcp_sdp_query_context.parse_sdp_record = 1; 663 break; 664 default: 665 break; 666 } 667 } 668 break; 669 670 case BLUETOOTH_ATTRIBUTE_PROTOCOL_DESCRIPTOR_LIST: 671 if (!avrcp_sdp_query_context.parse_sdp_record) break; 672 673 for (des_iterator_init(&protocol_descriptor_list_it, avrcp_sdp_query_attribute_value); des_iterator_has_more(&protocol_descriptor_list_it); des_iterator_next(&protocol_descriptor_list_it)) { 674 675 if (des_iterator_get_type(&protocol_descriptor_list_it) != DE_DES) continue; 676 uint8_t * protocol_descriptor_list_element = des_iterator_get_element(&protocol_descriptor_list_it); 677 678 des_iterator_init(&protocol_it, protocol_descriptor_list_element); 679 uint8_t * protocol_element = des_iterator_get_element(&protocol_it); 680 681 if (de_get_element_type(protocol_element) != DE_UUID) continue; 682 683 uint32_t uuid = de_get_uuid32(protocol_element); 684 des_iterator_next(&protocol_it); 685 switch (uuid){ 686 case BLUETOOTH_PROTOCOL_L2CAP: 687 if (!des_iterator_has_more(&protocol_it)) continue; 688 de_element_get_uint16(des_iterator_get_element(&protocol_it), &avrcp_sdp_query_context.avrcp_l2cap_psm); 689 break; 690 case BLUETOOTH_PROTOCOL_AVCTP: 691 if (!des_iterator_has_more(&protocol_it)) continue; 692 de_element_get_uint16(des_iterator_get_element(&protocol_it), &avrcp_sdp_query_context.avrcp_version); 693 break; 694 default: 695 break; 696 } 697 } 698 break; 699 700 case BLUETOOTH_ATTRIBUTE_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS: 701 if (!avrcp_sdp_query_context.parse_sdp_record) break; 702 703 protocol_descriptor_id = 0; 704 705 for ( des_iterator_init(&additional_protocol_descriptor_list_it, avrcp_sdp_query_attribute_value); 706 des_iterator_has_more(&additional_protocol_descriptor_list_it); 707 des_iterator_next(&additional_protocol_descriptor_list_it)) { 708 709 if (des_iterator_get_type(&additional_protocol_descriptor_list_it) != DE_DES) continue; 710 uint8_t *additional_protocol_descriptor_element = des_iterator_get_element(&additional_protocol_descriptor_list_it); 711 712 for ( des_iterator_init(&protocol_descriptor_list_it,additional_protocol_descriptor_element); 713 des_iterator_has_more(&protocol_descriptor_list_it); 714 des_iterator_next(&protocol_descriptor_list_it)) { 715 716 if (des_iterator_get_type(&protocol_descriptor_list_it) != DE_DES) continue; 717 718 uint8_t * protocol_descriptor_list_element = des_iterator_get_element(&protocol_descriptor_list_it); 719 720 des_iterator_init(&protocol_it, protocol_descriptor_list_element); 721 uint8_t * protocol_element = des_iterator_get_element(&protocol_it); 722 723 if (de_get_element_type(protocol_element) != DE_UUID) continue; 724 725 uint32_t uuid = de_get_uuid32(protocol_element); 726 des_iterator_next(&protocol_it); 727 switch (uuid) { 728 case BLUETOOTH_PROTOCOL_L2CAP: 729 if (!des_iterator_has_more(&protocol_it)) continue; 730 switch (protocol_descriptor_id) { 731 case 0: 732 de_element_get_uint16(des_iterator_get_element(&protocol_it), 733 &avrcp_sdp_query_context.browsing_l2cap_psm); 734 break; 735 case 1: 736 de_element_get_uint16(des_iterator_get_element(&protocol_it), 737 &avrcp_sdp_query_context.cover_art_l2cap_psm); 738 break; 739 default: 740 break; 741 } 742 break; 743 case BLUETOOTH_PROTOCOL_AVCTP: 744 if (!des_iterator_has_more(&protocol_it)) continue; 745 de_element_get_uint16(des_iterator_get_element(&protocol_it), 746 &avrcp_sdp_query_context.browsing_version); 747 break; 748 default: 749 break; 750 } 751 } 752 protocol_descriptor_id++; 753 } 754 break; 755 756 default: 757 break; 758 } 759 } 760 } else { 761 log_error("SDP attribute value buffer size exceeded: available %d, required %d", avrcp_sdp_query_attribute_value_buffer_size, sdp_event_query_attribute_byte_get_attribute_length(packet)); 762 } 763 } 764 765 static void avrcp_signaling_handle_sdp_query_complete(avrcp_connection_t * connection, uint8_t status){ 766 767 // l2cap available? 768 if (status == ERROR_CODE_SUCCESS){ 769 if (avrcp_sdp_query_context.avrcp_l2cap_psm == 0){ 770 status = SDP_SERVICE_NOT_FOUND; 771 } 772 } 773 774 if (status == ERROR_CODE_SUCCESS){ 775 // ready to connect 776 connection->state = AVCTP_CONNECTION_W2_L2CAP_CONNECT; 777 778 // check if both events have been handled 779 avrcp_connection_t * connection_with_opposite_role; 780 switch (connection->role){ 781 case AVRCP_CONTROLLER: 782 connection_with_opposite_role = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, connection->avrcp_cid); 783 break; 784 case AVRCP_TARGET: 785 connection_with_opposite_role = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, connection->avrcp_cid); 786 break; 787 default: 788 btstack_assert(false); 789 return; 790 } 791 if (connection_with_opposite_role->state == AVCTP_CONNECTION_W4_L2CAP_CONNECTED){ 792 connection->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 793 connection_with_opposite_role->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 794 l2cap_create_channel(&avrcp_packet_handler, connection->remote_addr, connection->avrcp_l2cap_psm, l2cap_max_mtu(), NULL); 795 } 796 } else { 797 log_info("AVRCP: SDP query failed with status 0x%02x.", status); 798 avrcp_emit_connection_established(connection->avrcp_cid, connection->remote_addr, connection->con_handle, status); 799 avrcp_finalize_connection(connection); 800 } 801 } 802 803 static void avrcp_handle_sdp_query_completed(avrcp_connection_t * connection, uint8_t status){ 804 btstack_assert(connection != NULL); 805 806 // cache SDP result on success 807 if (status == ERROR_CODE_SUCCESS){ 808 connection->avrcp_l2cap_psm = avrcp_sdp_query_context.avrcp_l2cap_psm; 809 connection->browsing_version = avrcp_sdp_query_context.browsing_version; 810 connection->browsing_l2cap_psm = avrcp_sdp_query_context.browsing_l2cap_psm; 811 } 812 813 // SDP Signaling Query? 814 if (connection->state == AVCTP_CONNECTION_W4_SDP_QUERY_COMPLETE){ 815 avrcp_signaling_handle_sdp_query_complete(connection, status); 816 return; 817 } 818 // Browsing SDP <- Browsing Connection <- Existing SDP Connection => it wasn't an SDP query for signaling 819 if (avrcp_browsing_sdp_query_complete_handler != NULL){ 820 (*avrcp_browsing_sdp_query_complete_handler)(connection, status); 821 } 822 } 823 824 static void avrcp_handle_sdp_client_query_result(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 825 UNUSED(packet_type); 826 UNUSED(channel); 827 UNUSED(size); 828 829 avrcp_connection_t * avrcp_target_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_sdp_query_context.avrcp_cid); 830 avrcp_connection_t * avrcp_controller_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_sdp_query_context.avrcp_cid); 831 bool state_ok = (avrcp_target_connection != NULL) && (avrcp_controller_connection != NULL); 832 833 if (!state_ok){ 834 // something wrong, nevertheless, start next sdp query if this one is complete 835 if (hci_event_packet_get_type(packet) == SDP_EVENT_QUERY_COMPLETE){ 836 avrcp_sdp_query_context.avrcp_cid = 0; 837 avrcp_start_next_sdp_query(); 838 } 839 return; 840 } 841 842 uint8_t status; 843 844 switch (hci_event_packet_get_type(packet)){ 845 case SDP_EVENT_QUERY_ATTRIBUTE_VALUE: 846 avrcp_handle_sdp_client_query_attribute_value(packet); 847 return; 848 849 case SDP_EVENT_QUERY_COMPLETE: 850 // handle result 851 status = sdp_event_query_complete_get_status(packet); 852 avrcp_handle_sdp_query_completed(avrcp_controller_connection, status); 853 avrcp_handle_sdp_query_completed(avrcp_target_connection, status); 854 855 // query done, start next one 856 avrcp_sdp_query_context.avrcp_cid = 0; 857 avrcp_start_next_sdp_query(); 858 break; 859 860 default: 861 return; 862 } 863 864 } 865 866 static void avrcp_handle_start_sdp_client_query(void * context){ 867 UNUSED(context); 868 869 avrcp_connection_t * avrcp_target_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_sdp_query_context.avrcp_cid); 870 avrcp_connection_t * avrcp_controller_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_sdp_query_context.avrcp_cid); 871 bool state_ok = (avrcp_target_connection != NULL) && (avrcp_controller_connection != NULL); 872 if (state_ok == false){ 873 // connection seems to got finalized in the meantime, just trigger next query 874 avrcp_start_next_sdp_query(); 875 return; 876 } 877 878 // prevent triggering SDP query twice (for each role once) 879 avrcp_target_connection->trigger_sdp_query = false; 880 avrcp_controller_connection->trigger_sdp_query = false; 881 882 sdp_client_query_uuid16(&avrcp_handle_sdp_client_query_result, avrcp_target_connection->remote_addr, BLUETOOTH_PROTOCOL_AVCTP); 883 } 884 885 static void avrcp_start_next_sdp_query(void) { 886 if (avrcp_sdp_query_context.avrcp_cid != 0) { 887 return; 888 } 889 btstack_linked_list_iterator_t it; 890 btstack_linked_list_iterator_init(&it, &avrcp_connections); 891 while (btstack_linked_list_iterator_has_next(&it)){ 892 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 893 if (connection->trigger_sdp_query == false) continue; 894 895 // we're ready => setup avrcp_sdp_query_context and request sdp query 896 avrcp_sdp_query_context.avrcp_cid = connection->avrcp_cid; 897 avrcp_sdp_query_context.avrcp_l2cap_psm = 0; 898 avrcp_sdp_query_context.avrcp_version = 0; 899 avrcp_sdp_query_registration.callback = &avrcp_handle_start_sdp_client_query; 900 uint8_t status = sdp_client_register_query_callback(&avrcp_sdp_query_registration); 901 btstack_assert(status == ERROR_CODE_SUCCESS); 902 break; 903 } 904 } 905 906 static avrcp_connection_t * avrcp_handle_incoming_connection_for_role(avrcp_role_t role, avrcp_connection_t * connection, bd_addr_t event_addr, hci_con_handle_t con_handle, uint16_t local_cid, uint16_t avrcp_cid){ 907 if (connection == NULL){ 908 connection = avrcp_create_connection(role, event_addr); 909 } 910 if (connection) { 911 connection->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 912 connection->l2cap_signaling_cid = local_cid; 913 connection->avrcp_cid = avrcp_cid; 914 connection->con_handle = con_handle; 915 btstack_run_loop_remove_timer(&connection->retry_timer); 916 } 917 return connection; 918 } 919 920 static void avrcp_handle_open_connection(avrcp_connection_t * connection, hci_con_handle_t con_handle, uint16_t local_cid, uint16_t l2cap_mtu){ 921 connection->l2cap_signaling_cid = local_cid; 922 connection->l2cap_mtu = l2cap_mtu; 923 connection->con_handle = con_handle; 924 connection->incoming_declined = false; 925 connection->target_song_length_ms = 0xFFFFFFFF; 926 connection->target_song_position_ms = 0xFFFFFFFF; 927 memset(connection->target_track_id, 0xFF, 8); 928 connection->target_track_selected = false; 929 connection->target_track_changed = false; 930 connection->target_playback_status = AVRCP_PLAYBACK_STATUS_STOPPED; 931 connection->state = AVCTP_CONNECTION_OPENED; 932 933 log_info("L2CAP_EVENT_CHANNEL_OPENED avrcp_cid 0x%02x, l2cap_signaling_cid 0x%02x, role %d, state %d", connection->avrcp_cid, connection->l2cap_signaling_cid, connection->role, connection->state); 934 } 935 936 static void avrcp_retry_timer_timeout_handler(btstack_timer_source_t * timer){ 937 uint16_t avrcp_cid = (uint16_t)(uintptr_t) btstack_run_loop_get_timer_context(timer); 938 avrcp_connection_t * connection_controller = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_cid); 939 if (connection_controller == NULL) return; 940 avrcp_connection_t * connection_target = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_cid); 941 if (connection_target == NULL) return; 942 943 if (connection_controller->state == AVCTP_CONNECTION_W2_L2CAP_RETRY){ 944 connection_controller->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 945 connection_target->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 946 l2cap_create_channel(&avrcp_packet_handler, connection_controller->remote_addr, connection_controller->avrcp_l2cap_psm, l2cap_max_mtu(), NULL); 947 } 948 } 949 950 static void avrcp_retry_timer_start(avrcp_connection_t * connection){ 951 btstack_run_loop_set_timer_handler(&connection->retry_timer, avrcp_retry_timer_timeout_handler); 952 btstack_run_loop_set_timer_context(&connection->retry_timer, (void *)(uintptr_t)connection->avrcp_cid); 953 954 // add some jitter/randomness to reconnect delay 955 uint32_t timeout = 100 + (btstack_run_loop_get_time_ms() & 0x7F); 956 btstack_run_loop_set_timer(&connection->retry_timer, timeout); 957 958 btstack_run_loop_add_timer(&connection->retry_timer); 959 } 960 961 static avrcp_frame_type_t avrcp_get_frame_type(uint8_t header){ 962 return (avrcp_frame_type_t)((header & 0x02) >> 1); 963 } 964 965 static void avrcp_packet_handler(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 966 UNUSED(channel); 967 UNUSED(size); 968 bd_addr_t event_addr; 969 uint16_t local_cid; 970 uint16_t l2cap_mtu; 971 uint8_t status; 972 bool decline_connection; 973 bool outoing_active; 974 hci_con_handle_t con_handle; 975 976 avrcp_connection_t * connection_controller; 977 avrcp_connection_t * connection_target; 978 bool can_send; 979 980 switch (packet_type) { 981 case HCI_EVENT_PACKET: 982 switch (hci_event_packet_get_type(packet)) { 983 984 case L2CAP_EVENT_INCOMING_CONNECTION: 985 btstack_assert(avrcp_controller_packet_handler != NULL); 986 btstack_assert(avrcp_target_packet_handler != NULL); 987 988 l2cap_event_incoming_connection_get_address(packet, event_addr); 989 local_cid = l2cap_event_incoming_connection_get_local_cid(packet); 990 con_handle = l2cap_event_incoming_connection_get_handle(packet); 991 992 outoing_active = false; 993 connection_target = avrcp_get_connection_for_bd_addr_for_role(AVRCP_TARGET, event_addr); 994 if (connection_target != NULL){ 995 if (connection_target->state == AVCTP_CONNECTION_W4_L2CAP_CONNECTED){ 996 outoing_active = true; 997 connection_target->incoming_declined = true; 998 } 999 } 1000 1001 connection_controller = avrcp_get_connection_for_bd_addr_for_role(AVRCP_CONTROLLER, event_addr); 1002 if (connection_controller != NULL){ 1003 if (connection_controller->state == AVCTP_CONNECTION_W4_L2CAP_CONNECTED) { 1004 outoing_active = true; 1005 connection_controller->incoming_declined = true; 1006 } 1007 } 1008 1009 decline_connection = outoing_active; 1010 if (decline_connection == false){ 1011 uint16_t avrcp_cid; 1012 if ((connection_controller == NULL) || (connection_target == NULL)){ 1013 avrcp_cid = avrcp_get_next_cid(AVRCP_CONTROLLER); 1014 } else { 1015 avrcp_cid = connection_controller->avrcp_cid; 1016 } 1017 // create two connection objects (both) 1018 connection_target = avrcp_handle_incoming_connection_for_role(AVRCP_TARGET, connection_target, event_addr, con_handle, local_cid, avrcp_cid); 1019 connection_controller = avrcp_handle_incoming_connection_for_role(AVRCP_CONTROLLER, connection_controller, event_addr, con_handle, local_cid, avrcp_cid); 1020 if ((connection_target == NULL) || (connection_controller == NULL)){ 1021 decline_connection = true; 1022 if (connection_target) { 1023 avrcp_finalize_connection(connection_target); 1024 } 1025 if (connection_controller) { 1026 avrcp_finalize_connection(connection_controller); 1027 } 1028 } 1029 } 1030 if (decline_connection){ 1031 l2cap_decline_connection(local_cid); 1032 } else { 1033 log_info("AVRCP: L2CAP_EVENT_INCOMING_CONNECTION local cid 0x%02x, state %d", local_cid, connection_controller->state); 1034 l2cap_accept_connection(local_cid); 1035 } 1036 break; 1037 1038 case L2CAP_EVENT_CHANNEL_OPENED: 1039 l2cap_event_channel_opened_get_address(packet, event_addr); 1040 status = l2cap_event_channel_opened_get_status(packet); 1041 local_cid = l2cap_event_channel_opened_get_local_cid(packet); 1042 l2cap_mtu = l2cap_event_channel_opened_get_remote_mtu(packet); 1043 con_handle = l2cap_event_channel_opened_get_handle(packet); 1044 1045 connection_controller = avrcp_get_connection_for_bd_addr_for_role(AVRCP_CONTROLLER, event_addr); 1046 connection_target = avrcp_get_connection_for_bd_addr_for_role(AVRCP_TARGET, event_addr); 1047 1048 // incoming: structs are already created in L2CAP_EVENT_INCOMING_CONNECTION 1049 // outgoing: structs are cteated in avrcp_connect() 1050 if ((connection_controller == NULL) || (connection_target == NULL)) { 1051 break; 1052 } 1053 1054 switch (status){ 1055 case ERROR_CODE_SUCCESS: 1056 avrcp_handle_open_connection(connection_target, con_handle, local_cid, l2cap_mtu); 1057 avrcp_handle_open_connection(connection_controller, con_handle, local_cid, l2cap_mtu); 1058 avrcp_emit_connection_established(connection_controller->avrcp_cid, event_addr, con_handle, status); 1059 return; 1060 case L2CAP_CONNECTION_RESPONSE_RESULT_REFUSED_RESOURCES: 1061 if (connection_controller->incoming_declined == true){ 1062 log_info("Incoming connection was declined, and the outgoing failed"); 1063 connection_controller->state = AVCTP_CONNECTION_W2_L2CAP_RETRY; 1064 connection_controller->incoming_declined = false; 1065 connection_target->state = AVCTP_CONNECTION_W2_L2CAP_RETRY; 1066 connection_target->incoming_declined = false; 1067 avrcp_retry_timer_start(connection_controller); 1068 return; 1069 } 1070 break; 1071 default: 1072 break; 1073 } 1074 log_info("L2CAP connection to connection %s failed. status code 0x%02x", bd_addr_to_str(event_addr), status); 1075 avrcp_emit_connection_established(connection_controller->avrcp_cid, event_addr, con_handle, status); 1076 avrcp_finalize_connection(connection_controller); 1077 avrcp_finalize_connection(connection_target); 1078 1079 break; 1080 1081 case L2CAP_EVENT_CHANNEL_CLOSED: 1082 local_cid = l2cap_event_channel_closed_get_local_cid(packet); 1083 1084 connection_controller = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_CONTROLLER, local_cid); 1085 connection_target = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_TARGET, local_cid); 1086 if ((connection_controller == NULL) || (connection_target == NULL)) { 1087 break; 1088 } 1089 avrcp_emit_connection_closed(connection_controller->avrcp_cid); 1090 avrcp_finalize_connection(connection_controller); 1091 avrcp_finalize_connection(connection_target); 1092 break; 1093 1094 case L2CAP_EVENT_CAN_SEND_NOW: 1095 local_cid = l2cap_event_can_send_now_get_local_cid(packet); 1096 can_send = true; 1097 1098 connection_target = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_TARGET, local_cid); 1099 if ((connection_target != NULL) && connection_target->wait_to_send){ 1100 connection_target->wait_to_send = false; 1101 (*avrcp_target_packet_handler)(HCI_EVENT_PACKET, channel, packet, size); 1102 can_send = false; 1103 } 1104 1105 connection_controller = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_CONTROLLER, local_cid); 1106 if ((connection_controller != NULL) && connection_controller->wait_to_send){ 1107 if (can_send){ 1108 connection_controller->wait_to_send = false; 1109 (*avrcp_controller_packet_handler)(HCI_EVENT_PACKET, channel, packet, size); 1110 } else { 1111 l2cap_request_can_send_now_event(local_cid); 1112 } 1113 } 1114 break; 1115 1116 default: 1117 break; 1118 } 1119 break; 1120 1121 case L2CAP_DATA_PACKET: 1122 switch (avrcp_get_frame_type(packet[0])){ 1123 case AVRCP_RESPONSE_FRAME: 1124 (*avrcp_controller_packet_handler)(packet_type, channel, packet, size); 1125 break; 1126 case AVRCP_COMMAND_FRAME: 1127 default: // make compiler happy 1128 (*avrcp_target_packet_handler)(packet_type, channel, packet, size); 1129 break; 1130 } 1131 break; 1132 1133 default: 1134 break; 1135 } 1136 } 1137 1138 void avrcp_init(void){ 1139 avrcp_connections = NULL; 1140 if (avrcp_l2cap_service_registered) return; 1141 1142 int status = l2cap_register_service(&avrcp_packet_handler, BLUETOOTH_PSM_AVCTP, 0xffff, gap_get_security_level()); 1143 if (status != ERROR_CODE_SUCCESS) return; 1144 avrcp_l2cap_service_registered = true; 1145 } 1146 1147 void avrcp_register_controller_packet_handler(btstack_packet_handler_t callback){ 1148 // note: called by avrcp_controller_init 1149 avrcp_controller_packet_handler = callback; 1150 } 1151 1152 void avrcp_register_target_packet_handler(btstack_packet_handler_t callback){ 1153 // note: called by avrcp_target_init 1154 avrcp_target_packet_handler = callback; 1155 } 1156 1157 void avrcp_register_packet_handler(btstack_packet_handler_t callback){ 1158 btstack_assert(callback != NULL); 1159 avrcp_callback = callback; 1160 } 1161 1162 void avrcp_register_browsing_sdp_query_complete_handler(void (*callback)(avrcp_connection_t * connection, uint8_t status)){ 1163 btstack_assert(callback != NULL); 1164 avrcp_browsing_sdp_query_complete_handler = callback; 1165 } 1166 1167 1168 void avrcp_trigger_sdp_query(avrcp_connection_t *connection_controller, avrcp_connection_t *connection_target) { 1169 connection_controller->trigger_sdp_query = true; 1170 connection_target->trigger_sdp_query = true; 1171 1172 avrcp_start_next_sdp_query(); 1173 } 1174 1175 uint8_t avrcp_connect(bd_addr_t remote_addr, uint16_t * avrcp_cid){ 1176 btstack_assert(avrcp_controller_packet_handler != NULL); 1177 btstack_assert(avrcp_target_packet_handler != NULL); 1178 1179 avrcp_connection_t * connection_controller = avrcp_get_connection_for_bd_addr_for_role(AVRCP_CONTROLLER, remote_addr); 1180 if (connection_controller){ 1181 return ERROR_CODE_COMMAND_DISALLOWED; 1182 } 1183 avrcp_connection_t * connection_target = avrcp_get_connection_for_bd_addr_for_role(AVRCP_TARGET, remote_addr); 1184 if (connection_target){ 1185 return ERROR_CODE_COMMAND_DISALLOWED; 1186 } 1187 1188 uint16_t cid = avrcp_get_next_cid(AVRCP_CONTROLLER); 1189 1190 connection_controller = avrcp_create_connection(AVRCP_CONTROLLER, remote_addr); 1191 if (!connection_controller) return BTSTACK_MEMORY_ALLOC_FAILED; 1192 1193 connection_target = avrcp_create_connection(AVRCP_TARGET, remote_addr); 1194 if (!connection_target){ 1195 avrcp_finalize_connection(connection_controller); 1196 return BTSTACK_MEMORY_ALLOC_FAILED; 1197 } 1198 1199 if (avrcp_cid != NULL){ 1200 *avrcp_cid = cid; 1201 } 1202 1203 connection_controller->avrcp_cid = cid; 1204 connection_target->avrcp_cid = cid; 1205 1206 connection_controller->state = AVCTP_CONNECTION_W4_SDP_QUERY_COMPLETE; 1207 connection_target->state = AVCTP_CONNECTION_W4_SDP_QUERY_COMPLETE; 1208 1209 avrcp_trigger_sdp_query(connection_controller, connection_target); 1210 1211 return ERROR_CODE_SUCCESS; 1212 } 1213 1214 uint8_t avrcp_disconnect(uint16_t avrcp_cid){ 1215 avrcp_connection_t * connection_controller = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_cid); 1216 if (!connection_controller){ 1217 return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER; 1218 } 1219 avrcp_connection_t * connection_target = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_cid); 1220 if (!connection_target){ 1221 return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER; 1222 } 1223 if (connection_controller->browsing_connection){ 1224 l2cap_disconnect(connection_controller->browsing_connection->l2cap_browsing_cid); 1225 } 1226 l2cap_disconnect(connection_controller->l2cap_signaling_cid); 1227 return ERROR_CODE_SUCCESS; 1228 } 1229 1230 void avrcp_deinit(void){ 1231 avrcp_l2cap_service_registered = false; 1232 1233 avrcp_cid_counter = 0; 1234 avrcp_connections = NULL; 1235 1236 avrcp_callback = NULL; 1237 avrcp_controller_packet_handler = NULL; 1238 avrcp_target_packet_handler = NULL; 1239 1240 (void) memset(&avrcp_sdp_query_registration, 0, sizeof(avrcp_sdp_query_registration)); 1241 (void) memset(&avrcp_sdp_query_context, 0, sizeof(avrcp_sdp_query_context_t)); 1242 (void) memset(avrcp_sdp_query_attribute_value, 0, sizeof(avrcp_sdp_query_attribute_value)); 1243 } 1244 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 1245 #define FUZZ_CID 0x44 1246 #define FUZZ_CON_HANDLE 0x0001 1247 static bd_addr_t remote_addr = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x33 }; 1248 void avrcp_init_fuzz(void){ 1249 // setup avrcp connections for cid 1250 avrcp_connection_t * connection_controller = avrcp_create_connection(AVRCP_CONTROLLER, remote_addr); 1251 avrcp_connection_t * connection_target = avrcp_create_connection(AVRCP_TARGET, remote_addr); 1252 avrcp_handle_open_connection(connection_controller, FUZZ_CON_HANDLE, FUZZ_CID, 999); 1253 avrcp_handle_open_connection(connection_target, FUZZ_CON_HANDLE, FUZZ_CID, 999); 1254 } 1255 void avrcp_packet_handler_fuzz(uint8_t *packet, uint16_t size){ 1256 avrcp_packet_handler(L2CAP_DATA_PACKET, FUZZ_CID, packet, size); 1257 } 1258 #endif 1259