1 /*
2  * Copyright (C) 2010 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "MtpDevice"
18 
19 #include "MtpDebug.h"
20 #include "MtpDevice.h"
21 #include "MtpDeviceInfo.h"
22 #include "MtpEventPacket.h"
23 #include "MtpObjectInfo.h"
24 #include "MtpProperty.h"
25 #include "MtpStorageInfo.h"
26 #include "MtpStringBuffer.h"
27 #include "MtpUtils.h"
28 
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <sys/types.h>
32 #include <sys/ioctl.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35 #include <errno.h>
36 #include <endian.h>
37 
38 #include <usbhost/usbhost.h>
39 
40 namespace android {
41 
42 namespace {
43 
44 static constexpr int USB_CONTROL_TRANSFER_TIMEOUT_MS = 200;
45 
46 }  // namespace
47 
48 #if 0
49 static bool isMtpDevice(uint16_t vendor, uint16_t product) {
50     // Sandisk Sansa Fuze
51     if (vendor == 0x0781 && product == 0x74c2)
52         return true;
53     // Samsung YP-Z5
54     if (vendor == 0x04e8 && product == 0x503c)
55         return true;
56     return false;
57 }
58 #endif
59 
60 namespace {
61 
writeToFd(void * data,uint32_t,uint32_t length,void * clientData)62 bool writeToFd(void* data, uint32_t /* unused_offset */, uint32_t length, void* clientData) {
63     const int fd = *static_cast<int*>(clientData);
64     const ssize_t result = write(fd, data, length);
65     if (result < 0) {
66         return false;
67     }
68     return static_cast<uint32_t>(result) == length;
69 }
70 
71 }  // namespace
72 
open(const char * deviceName,int fd)73 MtpDevice* MtpDevice::open(const char* deviceName, int fd) {
74     struct usb_device *device = usb_device_new(deviceName, fd);
75     if (!device) {
76         ALOGE("usb_device_new failed for %s", deviceName);
77         return NULL;
78     }
79 
80     struct usb_descriptor_header* desc;
81     struct usb_descriptor_iter iter;
82 
83     usb_descriptor_iter_init(device, &iter);
84 
85     while ((desc = usb_descriptor_iter_next(&iter)) != NULL) {
86         if (desc->bDescriptorType == USB_DT_INTERFACE) {
87             struct usb_interface_descriptor *interface = (struct usb_interface_descriptor *)desc;
88 
89             if (interface->bInterfaceClass == USB_CLASS_STILL_IMAGE &&
90                 interface->bInterfaceSubClass == 1 && // Still Image Capture
91                 interface->bInterfaceProtocol == 1)     // Picture Transfer Protocol (PIMA 15470)
92             {
93                 char* manufacturerName = usb_device_get_manufacturer_name(device,
94                         USB_CONTROL_TRANSFER_TIMEOUT_MS);
95                 char* productName = usb_device_get_product_name(device,
96                         USB_CONTROL_TRANSFER_TIMEOUT_MS);
97                 ALOGD("Found camera: \"%s\" \"%s\"\n", manufacturerName, productName);
98                 free(manufacturerName);
99                 free(productName);
100             } else if (interface->bInterfaceClass == 0xFF &&
101                     interface->bInterfaceSubClass == 0xFF &&
102                     interface->bInterfaceProtocol == 0) {
103                 char* interfaceName = usb_device_get_string(device, interface->iInterface,
104                         USB_CONTROL_TRANSFER_TIMEOUT_MS);
105                 if (!interfaceName) {
106                     continue;
107                 } else if (strcmp(interfaceName, "MTP")) {
108                     free(interfaceName);
109                     continue;
110                 }
111                 free(interfaceName);
112 
113                 // Looks like an android style MTP device
114                 char* manufacturerName = usb_device_get_manufacturer_name(device,
115                         USB_CONTROL_TRANSFER_TIMEOUT_MS);
116                 char* productName = usb_device_get_product_name(device,
117                         USB_CONTROL_TRANSFER_TIMEOUT_MS);
118                 ALOGD("Found MTP device: \"%s\" \"%s\"\n", manufacturerName, productName);
119                 free(manufacturerName);
120                 free(productName);
121             }
122 #if 0
123              else {
124                 // look for special cased devices based on vendor/product ID
125                 // we are doing this mainly for testing purposes
126                 uint16_t vendor = usb_device_get_vendor_id(device);
127                 uint16_t product = usb_device_get_product_id(device);
128                 if (!isMtpDevice(vendor, product)) {
129                     // not an MTP or PTP device
130                     continue;
131                 }
132                 // request MTP OS string and descriptor
133                 // some music players need to see this before entering MTP mode.
134                 char buffer[256];
135                 memset(buffer, 0, sizeof(buffer));
136                 int ret = usb_device_control_transfer(device,
137                         USB_DIR_IN|USB_RECIP_DEVICE|USB_TYPE_STANDARD,
138                         USB_REQ_GET_DESCRIPTOR, (USB_DT_STRING << 8) | 0xEE,
139                         0, buffer, sizeof(buffer), 0);
140                 printf("usb_device_control_transfer returned %d errno: %d\n", ret, errno);
141                 if (ret > 0) {
142                     printf("got MTP string %s\n", buffer);
143                     ret = usb_device_control_transfer(device,
144                             USB_DIR_IN|USB_RECIP_DEVICE|USB_TYPE_VENDOR, 1,
145                             0, 4, buffer, sizeof(buffer), 0);
146                     printf("OS descriptor got %d\n", ret);
147                 } else {
148                     printf("no MTP string\n");
149                 }
150             }
151 #else
152             else {
153                 continue;
154             }
155 #endif
156             // if we got here, then we have a likely MTP or PTP device
157 
158             // interface should be followed by three endpoints
159             struct usb_endpoint_descriptor *ep;
160             struct usb_endpoint_descriptor *ep_in_desc = NULL;
161             struct usb_endpoint_descriptor *ep_out_desc = NULL;
162             struct usb_endpoint_descriptor *ep_intr_desc = NULL;
163             //USB3 add USB_DT_SS_ENDPOINT_COMP as companion descriptor;
164             struct usb_ss_ep_comp_descriptor *ep_ss_ep_comp_desc = NULL;
165             for (int i = 0; i < 3; i++) {
166                 ep = (struct usb_endpoint_descriptor *)usb_descriptor_iter_next(&iter);
167                 if (ep && ep->bDescriptorType == USB_DT_SS_ENDPOINT_COMP) {
168                     ALOGD("Descriptor type is USB_DT_SS_ENDPOINT_COMP for USB3 \n");
169                     ep_ss_ep_comp_desc = (usb_ss_ep_comp_descriptor*)ep;
170                     ep = (struct usb_endpoint_descriptor *)usb_descriptor_iter_next(&iter);
171                  }
172 
173                 if (!ep || ep->bDescriptorType != USB_DT_ENDPOINT) {
174                     ALOGE("endpoints not found\n");
175                     usb_device_close(device);
176                     return NULL;
177                 }
178 
179                 if (ep->bmAttributes == USB_ENDPOINT_XFER_BULK) {
180                     if (ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK)
181                         ep_in_desc = ep;
182                     else
183                         ep_out_desc = ep;
184                 } else if (ep->bmAttributes == USB_ENDPOINT_XFER_INT &&
185                     ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK) {
186                     ep_intr_desc = ep;
187                 }
188             }
189             if (!ep_in_desc || !ep_out_desc || !ep_intr_desc) {
190                 ALOGE("endpoints not found\n");
191                 usb_device_close(device);
192                 return NULL;
193             }
194 
195             int ret = usb_device_claim_interface(device, interface->bInterfaceNumber);
196             if (ret && errno == EBUSY) {
197                 // disconnect kernel driver and try again
198                 usb_device_connect_kernel_driver(device, interface->bInterfaceNumber, false);
199                 ret = usb_device_claim_interface(device, interface->bInterfaceNumber);
200             }
201             if (ret) {
202                 ALOGE("usb_device_claim_interface failed errno: %d\n", errno);
203                 usb_device_close(device);
204                 return NULL;
205             }
206 
207             MtpDevice* mtpDevice = new MtpDevice(device, interface->bInterfaceNumber,
208                         ep_in_desc, ep_out_desc, ep_intr_desc);
209             mtpDevice->initialize();
210             return mtpDevice;
211         }
212     }
213 
214     usb_device_close(device);
215     ALOGE("device not found");
216     return NULL;
217 }
218 
MtpDevice(struct usb_device * device,int interface,const struct usb_endpoint_descriptor * ep_in,const struct usb_endpoint_descriptor * ep_out,const struct usb_endpoint_descriptor * ep_intr)219 MtpDevice::MtpDevice(struct usb_device* device, int interface,
220             const struct usb_endpoint_descriptor *ep_in,
221             const struct usb_endpoint_descriptor *ep_out,
222             const struct usb_endpoint_descriptor *ep_intr)
223     :   mDevice(device),
224         mInterface(interface),
225         mRequestIn1(NULL),
226         mRequestIn2(NULL),
227         mRequestOut(NULL),
228         mRequestIntr(NULL),
229         mDeviceInfo(NULL),
230         mSessionID(0),
231         mTransactionID(0),
232         mReceivedResponse(false),
233         mProcessingEvent(false),
234         mCurrentEventHandle(0),
235         mLastSendObjectInfoTransactionID(0),
236         mLastSendObjectInfoObjectHandle(0),
237         mPacketDivisionMode(FIRST_PACKET_HAS_PAYLOAD)
238 {
239     mRequestIn1 = usb_request_new(device, ep_in);
240     mRequestIn2 = usb_request_new(device, ep_in);
241     mRequestOut = usb_request_new(device, ep_out);
242     mRequestIntr = usb_request_new(device, ep_intr);
243 }
244 
~MtpDevice()245 MtpDevice::~MtpDevice() {
246     close();
247     for (size_t i = 0; i < mDeviceProperties.size(); i++)
248         delete mDeviceProperties[i];
249     usb_request_free(mRequestIn1);
250     usb_request_free(mRequestIn2);
251     usb_request_free(mRequestOut);
252     usb_request_free(mRequestIntr);
253 }
254 
initialize()255 void MtpDevice::initialize() {
256     openSession();
257     mDeviceInfo = getDeviceInfo();
258     if (mDeviceInfo) {
259         if (mDeviceInfo->mDeviceProperties) {
260             int count = mDeviceInfo->mDeviceProperties->size();
261             for (int i = 0; i < count; i++) {
262                 MtpDeviceProperty propCode = (*mDeviceInfo->mDeviceProperties)[i];
263                 MtpProperty* property = getDevicePropDesc(propCode);
264                 if (property)
265                     mDeviceProperties.push_back(property);
266             }
267         }
268     }
269 }
270 
close()271 void MtpDevice::close() {
272     if (mDevice) {
273         usb_device_release_interface(mDevice, mInterface);
274         usb_device_close(mDevice);
275         mDevice = NULL;
276     }
277 }
278 
print()279 void MtpDevice::print() {
280     if (!mDeviceInfo)
281         return;
282 
283     mDeviceInfo->print();
284 
285     if (mDeviceInfo->mDeviceProperties) {
286         ALOGI("***** DEVICE PROPERTIES *****\n");
287         int count = mDeviceInfo->mDeviceProperties->size();
288         for (int i = 0; i < count; i++) {
289             MtpDeviceProperty propCode = (*mDeviceInfo->mDeviceProperties)[i];
290             MtpProperty* property = getDevicePropDesc(propCode);
291             if (property) {
292                 property->print();
293                 delete property;
294             }
295         }
296     }
297 
298     if (mDeviceInfo->mPlaybackFormats) {
299             ALOGI("***** OBJECT PROPERTIES *****\n");
300         int count = mDeviceInfo->mPlaybackFormats->size();
301         for (int i = 0; i < count; i++) {
302             MtpObjectFormat format = (*mDeviceInfo->mPlaybackFormats)[i];
303             ALOGI("*** FORMAT: %s\n", MtpDebug::getFormatCodeName(format));
304             MtpObjectPropertyList* props = getObjectPropsSupported(format);
305             if (props) {
306                 for (size_t j = 0; j < props->size(); j++) {
307                     MtpObjectProperty prop = (*props)[j];
308                     MtpProperty* property = getObjectPropDesc(prop, format);
309                     if (property) {
310                         property->print();
311                         delete property;
312                     } else {
313                         ALOGE("could not fetch property: %s",
314                                 MtpDebug::getObjectPropCodeName(prop));
315                     }
316                 }
317             }
318         }
319     }
320 }
321 
getDeviceName()322 const char* MtpDevice::getDeviceName() {
323     if (mDevice)
324         return usb_device_get_name(mDevice);
325     else
326         return "???";
327 }
328 
openSession()329 bool MtpDevice::openSession() {
330     std::lock_guard<std::mutex> lg(mMutex);
331 
332     mSessionID = 0;
333     mTransactionID = 0;
334     MtpSessionID newSession = 1;
335     mRequest.reset();
336     mRequest.setParameter(1, newSession);
337     if (!sendRequest(MTP_OPERATION_OPEN_SESSION))
338         return false;
339     MtpResponseCode ret = readResponse();
340     if (ret == MTP_RESPONSE_SESSION_ALREADY_OPEN)
341         newSession = mResponse.getParameter(1);
342     else if (ret != MTP_RESPONSE_OK)
343         return false;
344 
345     mSessionID = newSession;
346     mTransactionID = 1;
347     return true;
348 }
349 
closeSession()350 bool MtpDevice::closeSession() {
351     // FIXME
352     return true;
353 }
354 
getDeviceInfo()355 MtpDeviceInfo* MtpDevice::getDeviceInfo() {
356     std::lock_guard<std::mutex> lg(mMutex);
357 
358     mRequest.reset();
359     if (!sendRequest(MTP_OPERATION_GET_DEVICE_INFO))
360         return NULL;
361     if (!readData())
362         return NULL;
363     MtpResponseCode ret = readResponse();
364     if (ret == MTP_RESPONSE_OK) {
365         MtpDeviceInfo* info = new MtpDeviceInfo;
366         if (info->read(mData))
367             return info;
368         else
369             delete info;
370     }
371     return NULL;
372 }
373 
getStorageIDs()374 MtpStorageIDList* MtpDevice::getStorageIDs() {
375     std::lock_guard<std::mutex> lg(mMutex);
376 
377     mRequest.reset();
378     if (!sendRequest(MTP_OPERATION_GET_STORAGE_IDS))
379         return NULL;
380     if (!readData())
381         return NULL;
382     MtpResponseCode ret = readResponse();
383     if (ret == MTP_RESPONSE_OK) {
384         return mData.getAUInt32();
385     }
386     return NULL;
387 }
388 
getStorageInfo(MtpStorageID storageID)389 MtpStorageInfo* MtpDevice::getStorageInfo(MtpStorageID storageID) {
390     std::lock_guard<std::mutex> lg(mMutex);
391 
392     mRequest.reset();
393     mRequest.setParameter(1, storageID);
394     if (!sendRequest(MTP_OPERATION_GET_STORAGE_INFO))
395         return NULL;
396     if (!readData())
397         return NULL;
398     MtpResponseCode ret = readResponse();
399     if (ret == MTP_RESPONSE_OK) {
400         MtpStorageInfo* info = new MtpStorageInfo(storageID);
401         if (info->read(mData))
402             return info;
403         else
404             delete info;
405     }
406     return NULL;
407 }
408 
getObjectHandles(MtpStorageID storageID,MtpObjectFormat format,MtpObjectHandle parent)409 MtpObjectHandleList* MtpDevice::getObjectHandles(MtpStorageID storageID,
410             MtpObjectFormat format, MtpObjectHandle parent) {
411     std::lock_guard<std::mutex> lg(mMutex);
412 
413     mRequest.reset();
414     mRequest.setParameter(1, storageID);
415     mRequest.setParameter(2, format);
416     mRequest.setParameter(3, parent);
417     if (!sendRequest(MTP_OPERATION_GET_OBJECT_HANDLES))
418         return NULL;
419     if (!readData())
420         return NULL;
421     MtpResponseCode ret = readResponse();
422     if (ret == MTP_RESPONSE_OK) {
423         return mData.getAUInt32();
424     }
425     return NULL;
426 }
427 
getObjectInfo(MtpObjectHandle handle)428 MtpObjectInfo* MtpDevice::getObjectInfo(MtpObjectHandle handle) {
429     std::lock_guard<std::mutex> lg(mMutex);
430 
431     // FIXME - we might want to add some caching here
432 
433     mRequest.reset();
434     mRequest.setParameter(1, handle);
435     if (!sendRequest(MTP_OPERATION_GET_OBJECT_INFO))
436         return NULL;
437     if (!readData())
438         return NULL;
439     MtpResponseCode ret = readResponse();
440     if (ret == MTP_RESPONSE_OK) {
441         MtpObjectInfo* info = new MtpObjectInfo(handle);
442         if (info->read(mData))
443             return info;
444         else
445             delete info;
446     }
447     return NULL;
448 }
449 
getThumbnail(MtpObjectHandle handle,int & outLength)450 void* MtpDevice::getThumbnail(MtpObjectHandle handle, int& outLength) {
451     std::lock_guard<std::mutex> lg(mMutex);
452 
453     mRequest.reset();
454     mRequest.setParameter(1, handle);
455     if (sendRequest(MTP_OPERATION_GET_THUMB) && readData()) {
456         MtpResponseCode ret = readResponse();
457         if (ret == MTP_RESPONSE_OK) {
458             return mData.getData(&outLength);
459         }
460     }
461     outLength = 0;
462     return NULL;
463 }
464 
sendObjectInfo(MtpObjectInfo * info)465 MtpObjectHandle MtpDevice::sendObjectInfo(MtpObjectInfo* info) {
466     std::lock_guard<std::mutex> lg(mMutex);
467 
468     mRequest.reset();
469     MtpObjectHandle parent = info->mParent;
470     if (parent == 0)
471         parent = MTP_PARENT_ROOT;
472 
473     mRequest.setParameter(1, info->mStorageID);
474     mRequest.setParameter(2, parent);
475 
476     mData.reset();
477     mData.putUInt32(info->mStorageID);
478     mData.putUInt16(info->mFormat);
479     mData.putUInt16(info->mProtectionStatus);
480     mData.putUInt32(info->mCompressedSize);
481     mData.putUInt16(info->mThumbFormat);
482     mData.putUInt32(info->mThumbCompressedSize);
483     mData.putUInt32(info->mThumbPixWidth);
484     mData.putUInt32(info->mThumbPixHeight);
485     mData.putUInt32(info->mImagePixWidth);
486     mData.putUInt32(info->mImagePixHeight);
487     mData.putUInt32(info->mImagePixDepth);
488     mData.putUInt32(info->mParent);
489     mData.putUInt16(info->mAssociationType);
490     mData.putUInt32(info->mAssociationDesc);
491     mData.putUInt32(info->mSequenceNumber);
492     mData.putString(info->mName);
493 
494     char created[100], modified[100];
495     formatDateTime(info->mDateCreated, created, sizeof(created));
496     formatDateTime(info->mDateModified, modified, sizeof(modified));
497 
498     mData.putString(created);
499     mData.putString(modified);
500     if (info->mKeywords)
501         mData.putString(info->mKeywords);
502     else
503         mData.putEmptyString();
504 
505    if (sendRequest(MTP_OPERATION_SEND_OBJECT_INFO) && sendData()) {
506         MtpResponseCode ret = readResponse();
507         if (ret == MTP_RESPONSE_OK) {
508             mLastSendObjectInfoTransactionID = mRequest.getTransactionID();
509             mLastSendObjectInfoObjectHandle = mResponse.getParameter(3);
510             info->mStorageID = mResponse.getParameter(1);
511             info->mParent = mResponse.getParameter(2);
512             info->mHandle = mResponse.getParameter(3);
513             return info->mHandle;
514         }
515     }
516     return (MtpObjectHandle)-1;
517 }
518 
sendObject(MtpObjectHandle handle,uint32_t size,int srcFD)519 bool MtpDevice::sendObject(MtpObjectHandle handle, uint32_t size, int srcFD) {
520     std::lock_guard<std::mutex> lg(mMutex);
521 
522     if (mLastSendObjectInfoTransactionID + 1 != mTransactionID ||
523             mLastSendObjectInfoObjectHandle != handle) {
524         ALOGE("A sendObject request must follow the sendObjectInfo request.");
525         return false;
526     }
527 
528     mRequest.reset();
529     if (sendRequest(MTP_OPERATION_SEND_OBJECT)) {
530         mData.setOperationCode(mRequest.getOperationCode());
531         mData.setTransactionID(mRequest.getTransactionID());
532         const int64_t writeResult = mData.write(mRequestOut, mPacketDivisionMode, srcFD, size);
533         const MtpResponseCode ret = readResponse();
534         return ret == MTP_RESPONSE_OK && writeResult > 0;
535     }
536     return false;
537 }
538 
deleteObject(MtpObjectHandle handle)539 bool MtpDevice::deleteObject(MtpObjectHandle handle) {
540     std::lock_guard<std::mutex> lg(mMutex);
541 
542     mRequest.reset();
543     mRequest.setParameter(1, handle);
544     if (sendRequest(MTP_OPERATION_DELETE_OBJECT)) {
545         MtpResponseCode ret = readResponse();
546         if (ret == MTP_RESPONSE_OK)
547             return true;
548     }
549     return false;
550 }
551 
getParent(MtpObjectHandle handle)552 MtpObjectHandle MtpDevice::getParent(MtpObjectHandle handle) {
553     MtpObjectInfo* info = getObjectInfo(handle);
554     if (info) {
555         MtpObjectHandle parent = info->mParent;
556         delete info;
557         return parent;
558     } else {
559         return -1;
560     }
561 }
562 
getStorageID(MtpObjectHandle handle)563 MtpObjectHandle MtpDevice::getStorageID(MtpObjectHandle handle) {
564     MtpObjectInfo* info = getObjectInfo(handle);
565     if (info) {
566         MtpObjectHandle storageId = info->mStorageID;
567         delete info;
568         return storageId;
569     } else {
570         return -1;
571     }
572 }
573 
getObjectPropsSupported(MtpObjectFormat format)574 MtpObjectPropertyList* MtpDevice::getObjectPropsSupported(MtpObjectFormat format) {
575     std::lock_guard<std::mutex> lg(mMutex);
576 
577     mRequest.reset();
578     mRequest.setParameter(1, format);
579     if (!sendRequest(MTP_OPERATION_GET_OBJECT_PROPS_SUPPORTED))
580         return NULL;
581     if (!readData())
582         return NULL;
583     MtpResponseCode ret = readResponse();
584     if (ret == MTP_RESPONSE_OK) {
585         return mData.getAUInt16();
586     }
587     return NULL;
588 
589 }
590 
getDevicePropDesc(MtpDeviceProperty code)591 MtpProperty* MtpDevice::getDevicePropDesc(MtpDeviceProperty code) {
592     std::lock_guard<std::mutex> lg(mMutex);
593 
594     mRequest.reset();
595     mRequest.setParameter(1, code);
596     if (!sendRequest(MTP_OPERATION_GET_DEVICE_PROP_DESC))
597         return NULL;
598     if (!readData())
599         return NULL;
600     MtpResponseCode ret = readResponse();
601     if (ret == MTP_RESPONSE_OK) {
602         MtpProperty* property = new MtpProperty;
603         if (property->read(mData))
604             return property;
605         else
606             delete property;
607     }
608     return NULL;
609 }
610 
setDevicePropValueStr(MtpProperty * property)611 bool MtpDevice::setDevicePropValueStr(MtpProperty* property) {
612     if (property == nullptr)
613         return false;
614 
615     std::lock_guard<std::mutex> lg(mMutex);
616 
617     if (property->getDataType() != MTP_TYPE_STR) {
618         return false;
619     }
620 
621     mRequest.reset();
622     mRequest.setParameter(1, property->getPropertyCode());
623 
624     mData.reset();
625     mData.putString(property->getCurrentValue().str);
626 
627    if (sendRequest(MTP_OPERATION_SET_DEVICE_PROP_VALUE) && sendData()) {
628         MtpResponseCode ret = readResponse();
629         if (ret != MTP_RESPONSE_OK) {
630             ALOGW("%s: Response=0x%04X\n", __func__, ret);
631             return false;
632         }
633     }
634     return true;
635 }
636 
getObjectPropDesc(MtpObjectProperty code,MtpObjectFormat format)637 MtpProperty* MtpDevice::getObjectPropDesc(MtpObjectProperty code, MtpObjectFormat format) {
638     std::lock_guard<std::mutex> lg(mMutex);
639 
640     mRequest.reset();
641     mRequest.setParameter(1, code);
642     mRequest.setParameter(2, format);
643     if (!sendRequest(MTP_OPERATION_GET_OBJECT_PROP_DESC))
644         return NULL;
645     if (!readData())
646         return NULL;
647     const MtpResponseCode ret = readResponse();
648     if (ret == MTP_RESPONSE_OK) {
649         MtpProperty* property = new MtpProperty;
650         if (property->read(mData))
651             return property;
652         else
653             delete property;
654     }
655     return NULL;
656 }
657 
getObjectPropValue(MtpObjectHandle handle,MtpProperty * property)658 bool MtpDevice::getObjectPropValue(MtpObjectHandle handle, MtpProperty* property) {
659     if (property == nullptr)
660         return false;
661 
662     std::lock_guard<std::mutex> lg(mMutex);
663 
664     mRequest.reset();
665     mRequest.setParameter(1, handle);
666     mRequest.setParameter(2, property->getPropertyCode());
667     if (!sendRequest(MTP_OPERATION_GET_OBJECT_PROP_VALUE))
668         return false;
669     if (!readData())
670         return false;
671     if (readResponse() != MTP_RESPONSE_OK)
672         return false;
673     property->setCurrentValue(mData);
674     return true;
675 }
676 
readObject(MtpObjectHandle handle,ReadObjectCallback callback,uint32_t expectedLength,void * clientData)677 bool MtpDevice::readObject(MtpObjectHandle handle,
678                            ReadObjectCallback callback,
679                            uint32_t expectedLength,
680                            void* clientData) {
681     return readObjectInternal(handle, callback, &expectedLength, clientData);
682 }
683 
684 // reads the object's data and writes it to the specified file path
readObject(MtpObjectHandle handle,const char * destPath,int group,int perm)685 bool MtpDevice::readObject(MtpObjectHandle handle, const char* destPath, int group, int perm) {
686     ALOGD("readObject: %s", destPath);
687     int fd = ::open(destPath, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
688     if (fd < 0) {
689         ALOGE("open failed for %s", destPath);
690         return false;
691     }
692 
693     fchown(fd, getuid(), group);
694     // set permissions
695     int mask = umask(0);
696     fchmod(fd, perm);
697     umask(mask);
698 
699     bool result = readObject(handle, fd);
700     ::close(fd);
701     return result;
702 }
703 
readObject(MtpObjectHandle handle,int fd)704 bool MtpDevice::readObject(MtpObjectHandle handle, int fd) {
705     ALOGD("readObject: %d", fd);
706     return readObjectInternal(handle, writeToFd, NULL /* expected size */, &fd);
707 }
708 
readObjectInternal(MtpObjectHandle handle,ReadObjectCallback callback,const uint32_t * expectedLength,void * clientData)709 bool MtpDevice::readObjectInternal(MtpObjectHandle handle,
710                                    ReadObjectCallback callback,
711                                    const uint32_t* expectedLength,
712                                    void* clientData) {
713     std::lock_guard<std::mutex> lg(mMutex);
714 
715     mRequest.reset();
716     mRequest.setParameter(1, handle);
717     if (!sendRequest(MTP_OPERATION_GET_OBJECT)) {
718         ALOGE("Failed to send a read request.");
719         return false;
720     }
721 
722     return readData(callback, expectedLength, nullptr, clientData);
723 }
724 
readData(ReadObjectCallback callback,const uint32_t * expectedLength,uint32_t * writtenSize,void * clientData)725 bool MtpDevice::readData(ReadObjectCallback callback,
726                             const uint32_t* expectedLength,
727                             uint32_t* writtenSize,
728                             void* clientData) {
729     if (!mData.readDataHeader(mRequestIn1)) {
730         ALOGE("Failed to read header.");
731         return false;
732     }
733 
734     // If object size 0 byte, the remote device may reply a response packet without sending any data
735     // packets.
736     if (mData.getContainerType() == MTP_CONTAINER_TYPE_RESPONSE) {
737         mResponse.copyFrom(mData);
738         return mResponse.getResponseCode() == MTP_RESPONSE_OK;
739     }
740 
741     const uint32_t fullLength = mData.getContainerLength();
742     if (fullLength < MTP_CONTAINER_HEADER_SIZE) {
743         ALOGE("fullLength is too short: %d", fullLength);
744         return false;
745     }
746     const uint32_t length = fullLength - MTP_CONTAINER_HEADER_SIZE;
747     if (expectedLength && length != *expectedLength) {
748         ALOGE("readObject error length: %d", fullLength);
749         return false;
750     }
751 
752     uint32_t offset = 0;
753     bool writingError = false;
754 
755     {
756         int initialDataLength = 0;
757         void* const initialData = mData.getData(&initialDataLength);
758         if (fullLength > MTP_CONTAINER_HEADER_SIZE && initialDataLength == 0) {
759             // According to the MTP spec, the responder (MTP device) can choose two ways of sending
760             // data. a) The first packet contains the head and as much of the payload as possible
761             // b) The first packet contains only the header. The initiator (MTP host) needs
762             // to remember which way the responder used, and send upcoming data in the same way.
763             ALOGD("Found short packet that contains only a header.");
764             mPacketDivisionMode = FIRST_PACKET_ONLY_HEADER;
765         }
766         if (initialData) {
767             if (initialDataLength > 0) {
768                 if (!callback(initialData, offset, initialDataLength, clientData)) {
769                     ALOGE("Failed to write initial data.");
770                     writingError = true;
771                 }
772                 offset += initialDataLength;
773             }
774             free(initialData);
775         }
776     }
777 
778     // USB reads greater than 16K don't work.
779     char buffer1[MTP_BUFFER_SIZE], buffer2[MTP_BUFFER_SIZE];
780     mRequestIn1->buffer = buffer1;
781     mRequestIn2->buffer = buffer2;
782     struct usb_request* req = NULL;
783 
784     while (offset < length) {
785         // Wait for previous read to complete.
786         void* writeBuffer = NULL;
787         int writeLength = 0;
788         if (req) {
789             const int read = mData.readDataWait(mDevice);
790             if (read < 0) {
791                 ALOGE("readDataWait failed.");
792                 return false;
793             }
794             writeBuffer = req->buffer;
795             writeLength = read;
796         }
797 
798         // Request to read next chunk.
799         const uint32_t nextOffset = offset + writeLength;
800         if (nextOffset < length) {
801             // Queue up a read request.
802             const size_t remaining = length - nextOffset;
803             req = (req == mRequestIn1 ? mRequestIn2 : mRequestIn1);
804             req->buffer_length = remaining > MTP_BUFFER_SIZE ?
805                     static_cast<size_t>(MTP_BUFFER_SIZE) : remaining;
806             if (mData.readDataAsync(req) != 0) {
807                 ALOGE("readDataAsync failed");
808                 return false;
809             }
810         }
811 
812         // Write previous buffer.
813         if (writeBuffer && !writingError) {
814             if (!callback(writeBuffer, offset, writeLength, clientData)) {
815                 ALOGE("write failed");
816                 writingError = true;
817             }
818         }
819         offset = nextOffset;
820     }
821 
822     if (writtenSize) {
823         *writtenSize = length;
824     }
825 
826     return readResponse() == MTP_RESPONSE_OK;
827 }
828 
readPartialObject(MtpObjectHandle handle,uint32_t offset,uint32_t size,uint32_t * writtenSize,ReadObjectCallback callback,void * clientData)829 bool MtpDevice::readPartialObject(MtpObjectHandle handle,
830                                   uint32_t offset,
831                                   uint32_t size,
832                                   uint32_t *writtenSize,
833                                   ReadObjectCallback callback,
834                                   void* clientData) {
835     std::lock_guard<std::mutex> lg(mMutex);
836 
837     mRequest.reset();
838     mRequest.setParameter(1, handle);
839     mRequest.setParameter(2, offset);
840     mRequest.setParameter(3, size);
841     if (!sendRequest(MTP_OPERATION_GET_PARTIAL_OBJECT)) {
842         ALOGE("Failed to send a read request.");
843         return false;
844     }
845     // The expected size is null because it requires the exact number of bytes to read though
846     // MTP_OPERATION_GET_PARTIAL_OBJECT allows devices to return shorter length of bytes than
847     // requested. Destination's buffer length should be checked in |callback|.
848     return readData(callback, nullptr /* expected size */, writtenSize, clientData);
849 }
850 
readPartialObject64(MtpObjectHandle handle,uint64_t offset,uint32_t size,uint32_t * writtenSize,ReadObjectCallback callback,void * clientData)851 bool MtpDevice::readPartialObject64(MtpObjectHandle handle,
852                                     uint64_t offset,
853                                     uint32_t size,
854                                     uint32_t *writtenSize,
855                                     ReadObjectCallback callback,
856                                     void* clientData) {
857     std::lock_guard<std::mutex> lg(mMutex);
858 
859     mRequest.reset();
860     mRequest.setParameter(1, handle);
861     mRequest.setParameter(2, 0xffffffff & offset);
862     mRequest.setParameter(3, 0xffffffff & (offset >> 32));
863     mRequest.setParameter(4, size);
864     if (!sendRequest(MTP_OPERATION_GET_PARTIAL_OBJECT_64)) {
865         ALOGE("Failed to send a read request.");
866         return false;
867     }
868     // The expected size is null because it requires the exact number of bytes to read though
869     // MTP_OPERATION_GET_PARTIAL_OBJECT_64 allows devices to return shorter length of bytes than
870     // requested. Destination's buffer length should be checked in |callback|.
871     return readData(callback, nullptr /* expected size */, writtenSize, clientData);
872 }
873 
sendRequest(MtpOperationCode operation)874 bool MtpDevice::sendRequest(MtpOperationCode operation) {
875     ALOGV("sendRequest: %s\n", MtpDebug::getOperationCodeName(operation));
876     mReceivedResponse = false;
877     mRequest.setOperationCode(operation);
878     if (mTransactionID > 0)
879         mRequest.setTransactionID(mTransactionID++);
880     int ret = mRequest.write(mRequestOut);
881     mRequest.dump();
882     return (ret > 0);
883 }
884 
sendData()885 bool MtpDevice::sendData() {
886     ALOGV("sendData\n");
887     mData.setOperationCode(mRequest.getOperationCode());
888     mData.setTransactionID(mRequest.getTransactionID());
889     int ret = mData.write(mRequestOut, mPacketDivisionMode);
890     mData.dump();
891     return (ret >= 0);
892 }
893 
readData()894 bool MtpDevice::readData() {
895     mData.reset();
896     int ret = mData.read(mRequestIn1);
897     ALOGV("readData returned %d\n", ret);
898     if (ret >= MTP_CONTAINER_HEADER_SIZE) {
899         if (mData.getContainerType() == MTP_CONTAINER_TYPE_RESPONSE) {
900             ALOGD("got response packet instead of data packet");
901             // we got a response packet rather than data
902             // copy it to mResponse
903             mResponse.copyFrom(mData);
904             mReceivedResponse = true;
905             return false;
906         }
907         mData.dump();
908         return true;
909     }
910     else {
911         ALOGV("readResponse failed\n");
912         return false;
913     }
914 }
915 
readResponse()916 MtpResponseCode MtpDevice::readResponse() {
917     ALOGV("readResponse\n");
918     if (mReceivedResponse) {
919         mReceivedResponse = false;
920         return mResponse.getResponseCode();
921     }
922     int ret = mResponse.read(mRequestIn1);
923     // handle zero length packets, which might occur if the data transfer
924     // ends on a packet boundary
925     if (ret == 0)
926         ret = mResponse.read(mRequestIn1);
927     if (ret >= MTP_CONTAINER_HEADER_SIZE) {
928         mResponse.dump();
929         return mResponse.getResponseCode();
930     } else {
931         ALOGD("readResponse failed\n");
932         return -1;
933     }
934 }
935 
submitEventRequest()936 int MtpDevice::submitEventRequest() {
937     if (!mEventMutex.try_lock()) {
938         // An event is being reaped on another thread.
939         return -1;
940     }
941     if (mProcessingEvent) {
942         // An event request was submitted, but no reapEventRequest called so far.
943         return -1;
944     }
945     std::lock_guard<std::mutex> lg(mEventMutexForInterrupt);
946     mEventPacket.sendRequest(mRequestIntr);
947     const int currentHandle = ++mCurrentEventHandle;
948     mProcessingEvent = true;
949     mEventMutex.unlock();
950     return currentHandle;
951 }
952 
reapEventRequest(int handle,uint32_t (* parameters)[3])953 int MtpDevice::reapEventRequest(int handle, uint32_t (*parameters)[3]) {
954     std::lock_guard<std::mutex> lg(mEventMutex);
955     if (!mProcessingEvent || mCurrentEventHandle != handle || !parameters) {
956         return -1;
957     }
958     mProcessingEvent = false;
959     const int readSize = mEventPacket.readResponse(mRequestIntr->dev);
960     const int result = mEventPacket.getEventCode();
961     // MTP event has three parameters.
962     (*parameters)[0] = mEventPacket.getParameter(1);
963     (*parameters)[1] = mEventPacket.getParameter(2);
964     (*parameters)[2] = mEventPacket.getParameter(3);
965     return readSize != 0 ? result : 0;
966 }
967 
discardEventRequest(int handle)968 void MtpDevice::discardEventRequest(int handle) {
969     std::lock_guard<std::mutex> lg(mEventMutexForInterrupt);
970     if (mCurrentEventHandle != handle) {
971         return;
972     }
973     usb_request_cancel(mRequestIntr);
974 }
975 
976 }  // namespace android
977