1 /******************************************************************************
2 *
3 * Copyright (C) 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include "bt_target.h"
29
30 #include <string.h>
31
32 #include "avdt_api.h"
33 #include "bta_av_api.h"
34 #include "bta_av_int.h"
35 #include "l2c_api.h"
36 #include "osi/include/list.h"
37 #include "osi/include/log.h"
38 #include "osi/include/osi.h"
39 #include "osi/include/properties.h"
40 #include "utl.h"
41
42 #if (BTA_AR_INCLUDED == TRUE)
43 #include "bta_ar_api.h"
44 #endif
45
46 /*****************************************************************************
47 * Constants
48 ****************************************************************************/
49 /* the timeout to wait for open req after setconfig for incoming connections */
50 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
51 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
52 #endif
53
54 /* Time to wait for signalling from SNK when it is initiated from SNK. */
55 /* If not, we will start signalling from SRC. */
56 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
57 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
58 #endif
59
60 extern fixed_queue_t* btu_bta_alarm_queue;
61
62 static void bta_av_accept_signalling_timer_cback(void* data);
63
64 #ifndef AVRC_MIN_META_CMD_LEN
65 #define AVRC_MIN_META_CMD_LEN 20
66 #endif
67
68 /*******************************************************************************
69 *
70 * Function bta_av_get_rcb_by_shdl
71 *
72 * Description find the RCB associated with the given SCB handle.
73 *
74 * Returns tBTA_AV_RCB
75 *
76 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)77 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
78 tBTA_AV_RCB* p_rcb = NULL;
79 int i;
80
81 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
82 if (bta_av_cb.rcb[i].shdl == shdl &&
83 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
84 p_rcb = &bta_av_cb.rcb[i];
85 break;
86 }
87 }
88 return p_rcb;
89 }
90 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
91
92 /*******************************************************************************
93 *
94 * Function bta_av_del_rc
95 *
96 * Description delete the given AVRC handle.
97 *
98 * Returns void
99 *
100 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)101 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
102 tBTA_AV_SCB* p_scb;
103 uint8_t rc_handle; /* connected AVRCP handle */
104
105 p_scb = NULL;
106 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
107 if (p_rcb->shdl) {
108 /* Validate array index*/
109 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
110 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
111 }
112 if (p_scb) {
113 APPL_TRACE_DEBUG("bta_av_del_rc shdl:%d, srch:%d rc_handle:%d",
114 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
115 if (p_scb->rc_handle == p_rcb->handle)
116 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
117 /* just in case the RC timer is active
118 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
119 BTA_AV_CHNL_AUDIO) */
120 alarm_cancel(p_scb->avrc_ct_timer);
121 }
122 }
123
124 APPL_TRACE_EVENT(
125 "bta_av_del_rc handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
126 p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
127 bta_av_cb.rc_acp_idx);
128 rc_handle = p_rcb->handle;
129 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
130 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
131 p_rcb->status = 0;
132 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
133 p_rcb->shdl = 0;
134 p_rcb->lidx = 0;
135 }
136 /* else ACP && connected. do not clear the handle yet */
137 AVRC_Close(rc_handle);
138 if (rc_handle == bta_av_cb.rc_acp_handle)
139 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
140 APPL_TRACE_EVENT(
141 "end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
142 p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle, p_rcb->lidx);
143 }
144 }
145
146 /*******************************************************************************
147 *
148 * Function bta_av_close_all_rc
149 *
150 * Description close the all AVRC handle.
151 *
152 * Returns void
153 *
154 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)155 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
156 int i;
157
158 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
159 if ((p_cb->disabling == true) || (bta_av_cb.rcb[i].shdl != 0))
160 bta_av_del_rc(&bta_av_cb.rcb[i]);
161 }
162 }
163
164 /*******************************************************************************
165 *
166 * Function bta_av_del_sdp_rec
167 *
168 * Description delete the given SDP record handle.
169 *
170 * Returns void
171 *
172 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)173 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
174 if (*p_sdp_handle != 0) {
175 SDP_DeleteRecord(*p_sdp_handle);
176 *p_sdp_handle = 0;
177 }
178 }
179
180 /*******************************************************************************
181 *
182 * Function bta_av_avrc_sdp_cback
183 *
184 * Description AVRCP service discovery callback.
185 *
186 * Returns void
187 *
188 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)189 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
190 BT_HDR* p_msg = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
191
192 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
193
194 bta_sys_sendmsg(p_msg);
195 }
196
197 /*******************************************************************************
198 *
199 * Function bta_av_rc_ctrl_cback
200 *
201 * Description AVRCP control callback.
202 *
203 * Returns void
204 *
205 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,BD_ADDR peer_addr)206 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
207 UNUSED_ATTR uint16_t result,
208 BD_ADDR peer_addr) {
209 uint16_t msg_event = 0;
210
211 APPL_TRACE_EVENT("%s handle: %d event=0x%x", __func__, handle, event);
212 if (event == AVRC_OPEN_IND_EVT) {
213 /* save handle of opened connection
214 bta_av_cb.rc_handle = handle;*/
215
216 msg_event = BTA_AV_AVRC_OPEN_EVT;
217 } else if (event == AVRC_CLOSE_IND_EVT) {
218 msg_event = BTA_AV_AVRC_CLOSE_EVT;
219 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
220 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
221 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
222 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
223 }
224
225 if (msg_event) {
226 tBTA_AV_RC_CONN_CHG* p_msg =
227 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
228 p_msg->hdr.event = msg_event;
229 p_msg->handle = handle;
230 if (peer_addr) bdcpy(p_msg->peer_addr, peer_addr);
231 bta_sys_sendmsg(p_msg);
232 }
233 }
234
235 /*******************************************************************************
236 *
237 * Function bta_av_rc_msg_cback
238 *
239 * Description AVRCP message callback.
240 *
241 * Returns void
242 *
243 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)244 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
245 tAVRC_MSG* p_msg) {
246 uint8_t* p_data_src = NULL;
247 uint16_t data_len = 0;
248
249 APPL_TRACE_DEBUG("%s handle: %u opcode=0x%x", __func__, handle, opcode);
250
251 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
252 */
253
254 /* Get size of payload data (for vendor and passthrough messages only; for
255 * browsing
256 * messages, use zero-copy) */
257 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
258 p_data_src = p_msg->vendor.p_vendor_data;
259 data_len = (uint16_t)p_msg->vendor.vendor_len;
260 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
261 p_data_src = p_msg->pass.p_pass_data;
262 data_len = (uint16_t)p_msg->pass.pass_len;
263 }
264
265 /* Create a copy of the message */
266 tBTA_AV_RC_MSG* p_buf =
267 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
268
269 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
270 p_buf->handle = handle;
271 p_buf->label = label;
272 p_buf->opcode = opcode;
273 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
274 /* Copy the data payload, and set the pointer to it */
275 if (p_data_src != NULL) {
276 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
277 memcpy(p_data_dst, p_data_src, data_len);
278
279 /* Update bta message buffer to point to payload data */
280 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
281 * already points to original avrc buffer) */
282 if (opcode == AVRC_OP_VENDOR)
283 p_buf->msg.vendor.p_vendor_data = p_data_dst;
284 else if (opcode == AVRC_OP_PASS_THRU)
285 p_buf->msg.pass.p_pass_data = p_data_dst;
286 }
287
288 if (opcode == AVRC_OP_BROWSE) {
289 /* set p_pkt to NULL, so avrc would not free the buffer */
290 p_msg->browse.p_browse_pkt = NULL;
291 }
292
293 bta_sys_sendmsg(p_buf);
294 }
295
296 /*******************************************************************************
297 *
298 * Function bta_av_rc_create
299 *
300 * Description alloc RCB and call AVRC_Open
301 *
302 * Returns the created rc handle
303 *
304 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)305 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
306 uint8_t lidx) {
307 tAVRC_CONN_CB ccb;
308 BD_ADDR_PTR bda = (BD_ADDR_PTR)bd_addr_any;
309 uint8_t status = BTA_AV_RC_ROLE_ACP;
310 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
311 int i;
312 uint8_t rc_handle;
313 tBTA_AV_RCB* p_rcb;
314
315 if (role == AVCT_INT) {
316 bda = p_scb->peer_addr;
317 status = BTA_AV_RC_ROLE_INT;
318 } else {
319 p_rcb = bta_av_get_rcb_by_shdl(shdl);
320 if (p_rcb != NULL) {
321 APPL_TRACE_ERROR("bta_av_rc_create ACP handle exist for shdl:%d", shdl);
322 return p_rcb->handle;
323 }
324 }
325
326 ccb.p_ctrl_cback = bta_av_rc_ctrl_cback;
327 ccb.p_msg_cback = bta_av_rc_msg_cback;
328 ccb.company_id = p_bta_av_cfg->company_id;
329 ccb.conn = role;
330 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
331 */
332 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
333 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
334
335 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
336 return BTA_AV_RC_HANDLE_NONE;
337
338 i = rc_handle;
339 p_rcb = &p_cb->rcb[i];
340
341 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
342 APPL_TRACE_ERROR("bta_av_rc_create found duplicated handle:%d", rc_handle);
343 }
344
345 p_rcb->handle = rc_handle;
346 p_rcb->status = status;
347 p_rcb->shdl = shdl;
348 p_rcb->lidx = lidx;
349 p_rcb->peer_features = 0;
350 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
351 /* this LIDX is reserved for the AVRCP ACP connection */
352 p_cb->rc_acp_handle = p_rcb->handle;
353 p_cb->rc_acp_idx = (i + 1);
354 APPL_TRACE_DEBUG("rc_acp_handle:%d idx:%d", p_cb->rc_acp_handle,
355 p_cb->rc_acp_idx);
356 }
357 APPL_TRACE_DEBUG(
358 "create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x", i,
359 role, shdl, p_rcb->handle, lidx, p_rcb->status);
360
361 return rc_handle;
362 }
363
364 /*******************************************************************************
365 *
366 * Function bta_av_valid_group_navi_msg
367 *
368 * Description Check if it is Group Navigation Msg for Metadata
369 *
370 * Returns BTA_AV_RSP_ACCEPT or BTA_AV_RSP_NOT_IMPL.
371 *
372 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)373 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
374 bool is_inquiry) {
375 tBTA_AV_CODE ret = BTA_AV_RSP_NOT_IMPL;
376 uint8_t* p_ptr = p_data;
377 uint16_t u16;
378 uint32_t u32;
379
380 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
381 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
382 BE_STREAM_TO_UINT16(u16, p_ptr);
383
384 if (u32 == AVRC_CO_METADATA) {
385 if (is_inquiry) {
386 if (u16 <= AVRC_PDU_PREV_GROUP) ret = BTA_AV_RSP_IMPL_STBL;
387 } else {
388 if (u16 <= AVRC_PDU_PREV_GROUP)
389 ret = BTA_AV_RSP_ACCEPT;
390 else
391 ret = BTA_AV_RSP_REJ;
392 }
393 }
394 }
395
396 return ret;
397 }
398
399 /*******************************************************************************
400 *
401 * Function bta_av_op_supported
402 *
403 * Description Check if remote control operation is supported.
404 *
405 * Returns BTA_AV_RSP_ACCEPT of supported, BTA_AV_RSP_NOT_IMPL if not.
406 *
407 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)408 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
409 tBTA_AV_CODE ret_code = BTA_AV_RSP_NOT_IMPL;
410
411 if (p_bta_av_rc_id) {
412 if (is_inquiry) {
413 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
414 ret_code = BTA_AV_RSP_IMPL_STBL;
415 }
416 } else {
417 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
418 ret_code = BTA_AV_RSP_ACCEPT;
419 } else if ((p_bta_av_cfg->rc_pass_rsp == BTA_AV_RSP_INTERIM) &&
420 p_bta_av_rc_id_ac) {
421 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
422 ret_code = BTA_AV_RSP_INTERIM;
423 }
424 }
425 }
426 }
427 return ret_code;
428 }
429
430 /*******************************************************************************
431 *
432 * Function bta_av_find_lcb
433 *
434 * Description Given BD_addr, find the associated LCB.
435 *
436 * Returns NULL, if not found.
437 *
438 ******************************************************************************/
bta_av_find_lcb(BD_ADDR addr,uint8_t op)439 tBTA_AV_LCB* bta_av_find_lcb(BD_ADDR addr, uint8_t op) {
440 tBTA_AV_CB* p_cb = &bta_av_cb;
441 int xx;
442 uint8_t mask;
443 tBTA_AV_LCB* p_lcb = NULL;
444
445 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
446 mask = 1 << xx; /* the used mask for this lcb */
447 if ((mask & p_cb->conn_lcb) && 0 == (bdcmp(p_cb->lcb[xx].addr, addr))) {
448 p_lcb = &p_cb->lcb[xx];
449 if (op == BTA_AV_LCB_FREE) {
450 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
451 APPL_TRACE_DEBUG("conn_lcb: 0x%x", p_cb->conn_lcb);
452 }
453 break;
454 }
455 }
456 return p_lcb;
457 }
458
459 /*******************************************************************************
460 *
461 * Function bta_av_rc_opened
462 *
463 * Description Set AVRCP state to opened.
464 *
465 * Returns void
466 *
467 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)468 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
469 tBTA_AV_RC_OPEN rc_open;
470 tBTA_AV_SCB* p_scb;
471 int i;
472 uint8_t shdl = 0;
473 tBTA_AV_LCB* p_lcb;
474 tBTA_AV_RCB* p_rcb;
475 uint8_t tmp;
476 uint8_t disc = 0;
477
478 /* find the SCB & stop the timer */
479 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
480 p_scb = p_cb->p_scb[i];
481 if (p_scb && bdcmp(p_scb->peer_addr, p_data->rc_conn_chg.peer_addr) == 0) {
482 p_scb->rc_handle = p_data->rc_conn_chg.handle;
483 APPL_TRACE_DEBUG("bta_av_rc_opened shdl:%d, srch %d", i + 1,
484 p_scb->rc_handle);
485 shdl = i + 1;
486 LOG_INFO(LOG_TAG, "%s allow incoming AVRCP connections:%d", __func__,
487 p_scb->use_rc);
488 alarm_cancel(p_scb->avrc_ct_timer);
489 disc = p_scb->hndl;
490 break;
491 }
492 }
493
494 i = p_data->rc_conn_chg.handle;
495 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
496 APPL_TRACE_ERROR("not a valid handle:%d any more", i);
497 return;
498 }
499
500 APPL_TRACE_DEBUG("%s local features %d peer features %d", __func__,
501 p_cb->features, p_cb->rcb[i].peer_features);
502
503 /* listen to browsing channel when the connection is open,
504 * if peer initiated AVRCP connection and local device supports browsing
505 * channel */
506 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
507
508 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
509 /* rc is opened on the RC only ACP channel, but is for a specific
510 * SCB -> need to switch RCBs */
511 p_rcb = bta_av_get_rcb_by_shdl(shdl);
512 if (p_rcb) {
513 p_rcb->shdl = p_cb->rcb[i].shdl;
514 tmp = p_rcb->lidx;
515 p_rcb->lidx = p_cb->rcb[i].lidx;
516 p_cb->rcb[i].lidx = tmp;
517 p_cb->rc_acp_handle = p_rcb->handle;
518 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
519 APPL_TRACE_DEBUG("switching RCB rc_acp_handle:%d idx:%d",
520 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
521 }
522 }
523
524 p_cb->rcb[i].shdl = shdl;
525 rc_open.rc_handle = i;
526 APPL_TRACE_ERROR("bta_av_rc_opened rcb[%d] shdl:%d lidx:%d/%d", i, shdl,
527 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
528 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
529
530 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
531 /* no associated SCB -> connected to an RC only device
532 * update the index to the extra LCB */
533 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
534 bdcpy(p_lcb->addr, p_data->rc_conn_chg.peer_addr);
535 APPL_TRACE_DEBUG("rc_only bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
536 p_lcb->addr[0], p_lcb->addr[1], p_lcb->addr[2],
537 p_lcb->addr[3], p_lcb->addr[4], p_lcb->addr[5]);
538 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
539 p_cb->rcb[i].lidx = p_lcb->lidx;
540 p_lcb->conn_msk = 1;
541 APPL_TRACE_ERROR("rcb[%d].lidx=%d, lcb.conn_msk=x%x", i, p_cb->rcb[i].lidx,
542 p_lcb->conn_msk);
543 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
544 }
545
546 bdcpy(rc_open.peer_addr, p_data->rc_conn_chg.peer_addr);
547 rc_open.peer_features = p_cb->rcb[i].peer_features;
548 rc_open.status = BTA_AV_SUCCESS;
549 APPL_TRACE_DEBUG("%s local features:x%x peer_features:x%x", __func__,
550 p_cb->features, rc_open.peer_features);
551 if (rc_open.peer_features == 0) {
552 /* we have not done SDP on peer RC capabilities.
553 * peer must have initiated the RC connection */
554 if (p_cb->features & BTA_AV_FEAT_RCCT)
555 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
556 if (p_cb->features & BTA_AV_FEAT_RCTG)
557 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
558
559 bta_av_rc_disc(disc);
560 }
561 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, (tBTA_AV*)&rc_open);
562
563 /* if local initiated AVRCP connection and both peer and locals device support
564 * browsing channel, open the browsing channel now
565 * TODO (sanketa): Some TG would not broadcast browse feature hence check
566 * inter-op. */
567 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
568 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
569 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
570 APPL_TRACE_DEBUG("%s opening AVRC Browse channel", __func__);
571 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
572 }
573 }
574
575 /*******************************************************************************
576 *
577 * Function bta_av_rc_remote_cmd
578 *
579 * Description Send an AVRCP remote control command.
580 *
581 * Returns void
582 *
583 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)584 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
585 tBTA_AV_RCB* p_rcb;
586 if (p_cb->features & BTA_AV_FEAT_RCCT) {
587 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
588 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
589 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
590 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
591 &p_data->api_remote_cmd.msg);
592 }
593 }
594 }
595 }
596
597 /*******************************************************************************
598 *
599 * Function bta_av_rc_vendor_cmd
600 *
601 * Description Send an AVRCP vendor specific command.
602 *
603 * Returns void
604 *
605 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)606 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
607 tBTA_AV_RCB* p_rcb;
608 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
609 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
610 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
611 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
612 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
613 &p_data->api_vendor.msg);
614 }
615 }
616 }
617
618 /*******************************************************************************
619 *
620 * Function bta_av_rc_vendor_rsp
621 *
622 * Description Send an AVRCP vendor specific response.
623 *
624 * Returns void
625 *
626 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)627 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
628 tBTA_AV_RCB* p_rcb;
629 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
630 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
631 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
632 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
633 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
634 &p_data->api_vendor.msg);
635 }
636 }
637 }
638
639 /*******************************************************************************
640 *
641 * Function bta_av_rc_meta_rsp
642 *
643 * Description Send an AVRCP metadata/advanced control command/response.
644 *
645 * Returns void
646 *
647 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)648 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
649 tBTA_AV_RCB* p_rcb;
650 bool do_free = true;
651
652 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
653 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
654 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
655 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
656 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
657 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
658 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
659 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
660 do_free = false;
661 }
662 }
663 }
664
665 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
666 }
667
668 /*******************************************************************************
669 *
670 * Function bta_av_rc_free_rsp
671 *
672 * Description free an AVRCP metadata command buffer.
673 *
674 * Returns void
675 *
676 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)677 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
678 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
679 }
680
681 /*******************************************************************************
682 *
683 * Function bta_av_rc_free_browse_msg
684 *
685 * Description free an AVRCP browse message buffer.
686 *
687 * Returns void
688 *
689 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)690 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
691 tBTA_AV_DATA* p_data) {
692 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
693 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
694 }
695 }
696
697 /*******************************************************************************
698 *
699 * Function bta_av_chk_notif_evt_id
700 *
701 * Description make sure the requested player id is valid.
702 *
703 * Returns BTA_AV_STS_NO_RSP, if no error
704 *
705 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)706 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
707 tAVRC_STS status = BTA_AV_STS_NO_RSP;
708 uint8_t xx;
709 uint16_t u16;
710 uint8_t* p = p_vendor->p_vendor_data + 2;
711
712 BE_STREAM_TO_UINT16(u16, p);
713 /* double check the fixed length */
714 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
715 status = AVRC_STS_INTERNAL_ERR;
716 } else {
717 /* make sure the player_id is valid */
718 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
719 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
720 break;
721 }
722 }
723 if (xx == p_bta_av_cfg->num_evt_ids) {
724 status = AVRC_STS_BAD_PARAM;
725 }
726 }
727
728 return status;
729 }
730
731 /*******************************************************************************
732 *
733 * Function bta_av_proc_meta_cmd
734 *
735 * Description Process an AVRCP metadata command from the peer.
736 *
737 * Returns true to respond immediately
738 *
739 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)740 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
741 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
742 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
743 uint8_t u8, pdu, *p;
744 uint16_t u16;
745 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
746
747 #if (AVRC_METADATA_INCLUDED == TRUE)
748 pdu = *(p_vendor->p_vendor_data);
749 p_rc_rsp->pdu = pdu;
750 *p_ctype = AVRC_RSP_REJ;
751
752 /* Check to ansure a valid minimum meta data length */
753 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
754 /* reject it */
755 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
756 APPL_TRACE_ERROR("%s Invalid meta-command length: %d", __func__,
757 p_vendor->vendor_len);
758 return 0;
759 }
760
761 /* Metadata messages only use PANEL sub-unit type */
762 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
763 APPL_TRACE_DEBUG("SUBUNIT must be PANEL");
764 /* reject it */
765 evt = 0;
766 p_vendor->hdr.ctype = BTA_AV_RSP_NOT_IMPL;
767 p_vendor->vendor_len = 0;
768 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
769 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
770 APPL_TRACE_DEBUG("Invalid pdu/ctype: 0x%x, %d", pdu, p_vendor->hdr.ctype);
771 /* reject invalid message without reporting to app */
772 evt = 0;
773 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
774 } else {
775 switch (pdu) {
776 case AVRC_PDU_GET_CAPABILITIES:
777 /* process GetCapabilities command without reporting the event to app */
778 evt = 0;
779 u8 = *(p_vendor->p_vendor_data + 4);
780 p = p_vendor->p_vendor_data + 2;
781 p_rc_rsp->get_caps.capability_id = u8;
782 BE_STREAM_TO_UINT16(u16, p);
783 if ((u16 != 1) || (p_vendor->vendor_len != 5)) {
784 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
785 } else {
786 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
787 if (u8 == AVRC_CAP_COMPANY_ID) {
788 *p_ctype = AVRC_RSP_IMPL_STBL;
789 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
790 memcpy(p_rc_rsp->get_caps.param.company_id,
791 p_bta_av_cfg->p_meta_co_ids,
792 (p_bta_av_cfg->num_co_ids << 2));
793 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
794 *p_ctype = AVRC_RSP_IMPL_STBL;
795 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
796 memcpy(p_rc_rsp->get_caps.param.event_id,
797 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
798 } else {
799 APPL_TRACE_DEBUG("Invalid capability ID: 0x%x", u8);
800 /* reject - unknown capability ID */
801 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
802 }
803 }
804 break;
805
806 case AVRC_PDU_REGISTER_NOTIFICATION:
807 /* make sure the event_id is implemented */
808 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
809 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
810 break;
811 }
812 }
813 #else
814 APPL_TRACE_DEBUG("AVRCP 1.3 Metadata not supporteed. Reject command.");
815 /* reject invalid message without reporting to app */
816 evt = 0;
817 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
818 #endif
819
820 return evt;
821 }
822
823 /*******************************************************************************
824 *
825 * Function bta_av_rc_msg
826 *
827 * Description Process an AVRCP message from the peer.
828 *
829 * Returns void
830 *
831 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)832 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
833 tBTA_AV_EVT evt = 0;
834 tBTA_AV av;
835 BT_HDR* p_pkt = NULL;
836 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
837 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
838 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
839 #if (AVRC_METADATA_INCLUDED == TRUE)
840 uint8_t ctype = 0;
841 tAVRC_RESPONSE rc_rsp;
842
843 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
844 #endif
845
846 if (NULL == p_data) {
847 APPL_TRACE_ERROR("Message from peer with no data in %s", __func__);
848 return;
849 }
850
851 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
852 p_data->rc_msg.msg.hdr.ctype);
853
854 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
855 /* if this is a pass thru command */
856 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
857 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
858 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
859 /* check if operation is supported */
860 char avrcp_ct_support[PROPERTY_VALUE_MAX];
861 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
862 "false");
863 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
864 p_data->rc_msg.msg.hdr.ctype = BTA_AV_RSP_NOT_IMPL;
865 #if (AVRC_METADATA_INCLUDED == TRUE)
866 if (p_cb->features & BTA_AV_FEAT_METADATA)
867 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
868 p_data->rc_msg.msg.pass.pass_len,
869 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
870 #endif
871 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
872 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
873 !strcmp(avrcp_ct_support, "true")) {
874 p_data->rc_msg.msg.hdr.ctype = BTA_AV_RSP_ACCEPT;
875 } else {
876 p_data->rc_msg.msg.hdr.ctype =
877 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
878 }
879
880 APPL_TRACE_DEBUG("ctype %d", p_data->rc_msg.msg.hdr.ctype)
881
882 /* send response */
883 if (p_data->rc_msg.msg.hdr.ctype != BTA_AV_RSP_INTERIM)
884 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
885 &p_data->rc_msg.msg.pass);
886
887 /* set up for callback if supported */
888 if (p_data->rc_msg.msg.hdr.ctype == BTA_AV_RSP_ACCEPT ||
889 p_data->rc_msg.msg.hdr.ctype == BTA_AV_RSP_INTERIM) {
890 evt = BTA_AV_REMOTE_CMD_EVT;
891 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
892 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
893 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
894 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
895 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
896 av.remote_cmd.label = p_data->rc_msg.label;
897 }
898 }
899 /* else if this is a pass thru response */
900 /* id response type is not impl, we have to release label */
901 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
902 /* set up for callback */
903 evt = BTA_AV_REMOTE_RSP_EVT;
904 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
905 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
906 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
907 av.remote_rsp.label = p_data->rc_msg.label;
908
909 /* If this response is for vendor unique command */
910 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
911 (p_data->rc_msg.msg.pass.pass_len > 0)) {
912 av.remote_rsp.p_data =
913 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
914 APPL_TRACE_DEBUG("Vendor Unique data len = %d",
915 p_data->rc_msg.msg.pass.pass_len);
916 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
917 p_data->rc_msg.msg.pass.pass_len);
918 }
919 }
920 /* must be a bad ctype -> reject*/
921 else {
922 p_data->rc_msg.msg.hdr.ctype = BTA_AV_RSP_REJ;
923 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
924 &p_data->rc_msg.msg.pass);
925 }
926 }
927 /* else if this is a vendor specific command or response */
928 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
929 /* set up for callback */
930 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
931 av.vendor_cmd.company_id = p_vendor->company_id;
932 av.vendor_cmd.label = p_data->rc_msg.label;
933 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
934 av.vendor_cmd.len = p_vendor->vendor_len;
935
936 /* if configured to support vendor specific and it's a command */
937 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
938 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
939 #if (AVRC_METADATA_INCLUDED == TRUE)
940 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
941 (p_vendor->company_id == AVRC_CO_METADATA)) {
942 av.meta_msg.p_msg = &p_data->rc_msg.msg;
943 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
944 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
945 } else
946 #endif
947 evt = BTA_AV_VENDOR_CMD_EVT;
948 }
949 /* else if configured to support vendor specific and it's a response */
950 else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
951 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
952 #if (AVRC_METADATA_INCLUDED == TRUE)
953 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
954 (p_vendor->company_id == AVRC_CO_METADATA)) {
955 av.meta_msg.p_msg = &p_data->rc_msg.msg;
956 evt = BTA_AV_META_MSG_EVT;
957 } else
958 #endif
959 evt = BTA_AV_VENDOR_RSP_EVT;
960
961 }
962 /* else if not configured to support vendor specific and it's a command */
963 else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
964 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
965 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
966 /* reject it */
967 p_data->rc_msg.msg.hdr.ctype = BTA_AV_RSP_REJ;
968 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
969 } else
970 p_data->rc_msg.msg.hdr.ctype = BTA_AV_RSP_NOT_IMPL;
971 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
972 &p_data->rc_msg.msg.vendor);
973 }
974 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
975 /* set up for callback */
976 av.meta_msg.rc_handle = p_data->rc_msg.handle;
977 av.meta_msg.company_id = p_vendor->company_id;
978 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
979 av.meta_msg.label = p_data->rc_msg.label;
980 av.meta_msg.p_msg = &p_data->rc_msg.msg;
981 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
982 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
983 evt = BTA_AV_META_MSG_EVT;
984 }
985
986 #if (AVRC_METADATA_INCLUDED == TRUE)
987 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
988 if (!p_pkt) {
989 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
990 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
991 }
992 if (p_pkt)
993 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
994 }
995 #endif
996
997 /* call callback */
998 if (evt != 0) {
999 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1000 (*p_cb->p_cback)(evt, &av);
1001 /* If browsing message, then free the browse message buffer */
1002 bta_av_rc_free_browse_msg(p_cb, p_data);
1003 }
1004 }
1005
1006 /*******************************************************************************
1007 *
1008 * Function bta_av_rc_close
1009 *
1010 * Description close the specified AVRC handle.
1011 *
1012 * Returns void
1013 *
1014 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1015 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1016 uint16_t handle = p_data->hdr.layer_specific;
1017 tBTA_AV_SCB* p_scb;
1018 tBTA_AV_RCB* p_rcb;
1019
1020 if (handle < BTA_AV_NUM_RCB) {
1021 p_rcb = &p_cb->rcb[handle];
1022
1023 APPL_TRACE_DEBUG("%s handle: %d, status=0x%x", __func__, p_rcb->handle,
1024 p_rcb->status);
1025 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1026 if (p_rcb->shdl) {
1027 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1028 if (p_scb) {
1029 /* just in case the RC timer is active
1030 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1031 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1032 alarm_cancel(p_scb->avrc_ct_timer);
1033 }
1034 }
1035
1036 AVRC_Close(p_rcb->handle);
1037 }
1038 }
1039 }
1040
1041 /*******************************************************************************
1042 *
1043 * Function bta_av_rc_browse_close
1044 *
1045 * Description Empty placeholder.
1046 *
1047 * Returns void
1048 *
1049 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1050 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1051 APPL_TRACE_WARNING("%s empty placeholder does nothing!", __func__);
1052 }
1053
1054 /*******************************************************************************
1055 *
1056 * Function bta_av_get_shdl
1057 *
1058 * Returns The index to p_scb[]
1059 *
1060 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1061 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1062 int i;
1063 uint8_t shdl = 0;
1064 /* find the SCB & stop the timer */
1065 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1066 if (p_scb == bta_av_cb.p_scb[i]) {
1067 shdl = i + 1;
1068 break;
1069 }
1070 }
1071 return shdl;
1072 }
1073
1074 /*******************************************************************************
1075 *
1076 * Function bta_av_stream_chg
1077 *
1078 * Description audio streaming status changed.
1079 *
1080 * Returns void
1081 *
1082 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1083 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1084 uint8_t started_msk;
1085 int i;
1086 uint8_t* p_streams;
1087 bool no_streams = false;
1088 tBTA_AV_SCB* p_scbi;
1089
1090 started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1091 APPL_TRACE_DEBUG("bta_av_stream_chg started:%d started_msk:x%x chnl:x%x",
1092 started, started_msk, p_scb->chnl);
1093 if (BTA_AV_CHNL_AUDIO == p_scb->chnl)
1094 p_streams = &bta_av_cb.audio_streams;
1095 else
1096 p_streams = &bta_av_cb.video_streams;
1097
1098 if (started) {
1099 /* Let L2CAP know this channel is processed with high priority */
1100 L2CA_SetAclPriority(p_scb->peer_addr, L2CAP_PRIORITY_HIGH);
1101 (*p_streams) |= started_msk;
1102 } else {
1103 (*p_streams) &= ~started_msk;
1104 }
1105
1106 if (!started) {
1107 i = 0;
1108 if (BTA_AV_CHNL_AUDIO == p_scb->chnl) {
1109 if (bta_av_cb.video_streams == 0) no_streams = true;
1110 } else {
1111 no_streams = true;
1112 if (bta_av_cb.audio_streams) {
1113 for (; i < BTA_AV_NUM_STRS; i++) {
1114 p_scbi = bta_av_cb.p_scb[i];
1115 /* scb is used and started */
1116 if (p_scbi && (bta_av_cb.audio_streams & BTA_AV_HNDL_TO_MSK(i)) &&
1117 bdcmp(p_scbi->peer_addr, p_scb->peer_addr) == 0) {
1118 no_streams = false;
1119 break;
1120 }
1121 }
1122 }
1123 }
1124
1125 APPL_TRACE_DEBUG("no_streams:%d i:%d, audio_streams:x%x, video_streams:x%x",
1126 no_streams, i, bta_av_cb.audio_streams,
1127 bta_av_cb.video_streams);
1128 if (no_streams) {
1129 /* Let L2CAP know this channel is processed with low priority */
1130 L2CA_SetAclPriority(p_scb->peer_addr, L2CAP_PRIORITY_NORMAL);
1131 }
1132 }
1133 }
1134
1135 /*******************************************************************************
1136 *
1137 * Function bta_av_conn_chg
1138 *
1139 * Description connetion status changed.
1140 * Open an AVRCP acceptor channel, if new conn.
1141 *
1142 * Returns void
1143 *
1144 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1145 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1146 tBTA_AV_CB* p_cb = &bta_av_cb;
1147 tBTA_AV_SCB* p_scb = NULL;
1148 tBTA_AV_SCB* p_scbi;
1149 uint8_t mask;
1150 uint8_t conn_msk;
1151 uint8_t old_msk;
1152 int i;
1153 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1154 tBTA_AV_LCB* p_lcb;
1155 tBTA_AV_LCB* p_lcb_rc;
1156 tBTA_AV_RCB *p_rcb, *p_rcb2;
1157 bool chk_restore = false;
1158
1159 /* Validate array index*/
1160 if (index < BTA_AV_NUM_STRS) {
1161 p_scb = p_cb->p_scb[index];
1162 }
1163 mask = BTA_AV_HNDL_TO_MSK(index);
1164 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1165 conn_msk = 1 << (index + 1);
1166 if (p_data->conn_chg.is_up) {
1167 /* set the conned mask for this channel */
1168 if (p_scb) {
1169 if (p_lcb) {
1170 p_lcb->conn_msk |= conn_msk;
1171 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1172 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1173 bta_av_cb.rcb[i].shdl = index + 1;
1174 APPL_TRACE_DEBUG(
1175 "conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d", i,
1176 bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1177 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1178 break;
1179 }
1180 }
1181 }
1182 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1183 old_msk = p_cb->conn_audio;
1184 p_cb->conn_audio |= mask;
1185 } else {
1186 old_msk = p_cb->conn_video;
1187 p_cb->conn_video |= mask;
1188 }
1189
1190 if ((old_msk & mask) == 0) {
1191 /* increase the audio open count, if not set yet */
1192 bta_av_cb.audio_open_cnt++;
1193 }
1194
1195 APPL_TRACE_DEBUG("rc_acp_handle:%d rc_acp_idx:%d", p_cb->rc_acp_handle,
1196 p_cb->rc_acp_idx);
1197 /* check if the AVRCP ACP channel is already connected */
1198 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1199 p_cb->rc_acp_idx) {
1200 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1201 APPL_TRACE_DEBUG(
1202 "rc_acp is connected && conn_chg on same addr "
1203 "p_lcb_rc->conn_msk:x%x",
1204 p_lcb_rc->conn_msk);
1205 /* check if the RC is connected to the scb addr */
1206 APPL_TRACE_DEBUG("p_lcb_rc->addr: %02x:%02x:%02x:%02x:%02x:%02x",
1207 p_lcb_rc->addr[0], p_lcb_rc->addr[1],
1208 p_lcb_rc->addr[2], p_lcb_rc->addr[3],
1209 p_lcb_rc->addr[4], p_lcb_rc->addr[5]);
1210 APPL_TRACE_DEBUG(
1211 "conn_chg.peer_addr: %02x:%02x:%02x:%02x:%02x:%02x",
1212 p_data->conn_chg.peer_addr[0], p_data->conn_chg.peer_addr[1],
1213 p_data->conn_chg.peer_addr[2], p_data->conn_chg.peer_addr[3],
1214 p_data->conn_chg.peer_addr[4], p_data->conn_chg.peer_addr[5]);
1215 if (p_lcb_rc->conn_msk &&
1216 bdcmp(p_lcb_rc->addr, p_data->conn_chg.peer_addr) == 0) {
1217 /* AVRCP is already connected.
1218 * need to update the association betwen SCB and RCB */
1219 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1220 p_lcb_rc->lidx = 0;
1221 p_scb->rc_handle = p_cb->rc_acp_handle;
1222 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1223 p_rcb->shdl = bta_av_get_shdl(p_scb);
1224 APPL_TRACE_DEBUG("update rc_acp shdl:%d/%d srch:%d", index + 1,
1225 p_rcb->shdl, p_scb->rc_handle);
1226
1227 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1228 if (p_rcb2) {
1229 /* found the RCB that was created to associated with this SCB */
1230 p_cb->rc_acp_handle = p_rcb2->handle;
1231 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1232 APPL_TRACE_DEBUG("new rc_acp_handle:%d, idx:%d",
1233 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1234 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1235 APPL_TRACE_DEBUG("rc2 handle:%d lidx:%d/%d", p_rcb2->handle,
1236 p_rcb2->lidx, p_cb->lcb[p_rcb2->lidx - 1].lidx);
1237 }
1238 p_rcb->lidx = p_lcb->lidx;
1239 APPL_TRACE_DEBUG("rc handle:%d lidx:%d/%d", p_rcb->handle,
1240 p_rcb->lidx, p_cb->lcb[p_rcb->lidx - 1].lidx);
1241 }
1242 }
1243 }
1244 } else {
1245 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1246 /* this channel is still marked as open. decrease the count */
1247 bta_av_cb.audio_open_cnt--;
1248 }
1249
1250 /* clear the conned mask for this channel */
1251 p_cb->conn_audio &= ~mask;
1252 p_cb->conn_video &= ~mask;
1253 if (p_scb) {
1254 /* the stream is closed.
1255 * clear the peer address, so it would not mess up the AVRCP for the next
1256 * round of operation */
1257 bdcpy(p_scb->peer_addr, bd_addr_null);
1258 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1259 if (p_lcb) {
1260 p_lcb->conn_msk &= ~conn_msk;
1261 }
1262 /* audio channel is down. make sure the INT channel is down */
1263 /* just in case the RC timer is active
1264 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1265 { alarm_cancel(p_scb->avrc_ct_timer); }
1266 /* one audio channel goes down. check if we need to restore high
1267 * priority */
1268 chk_restore = true;
1269 }
1270 }
1271
1272 APPL_TRACE_DEBUG("bta_av_conn_chg shdl:%d", index + 1);
1273 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1274 APPL_TRACE_DEBUG("conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d", i,
1275 bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1276 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1277 if (bta_av_cb.rcb[i].shdl == index + 1) {
1278 bta_av_del_rc(&bta_av_cb.rcb[i]);
1279 /* since the connection is already down and info was removed, clean
1280 * reference */
1281 bta_av_cb.rcb[i].shdl = 0;
1282 break;
1283 }
1284 }
1285
1286 if (p_cb->conn_audio == 0 && p_cb->conn_video == 0) {
1287 /* if both channels are not connected,
1288 * close all RC channels */
1289 bta_av_close_all_rc(p_cb);
1290 }
1291
1292 /* if the AVRCP is no longer listening, create the listening channel */
1293 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1294 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1295 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1296 }
1297
1298 APPL_TRACE_DEBUG(
1299 "bta_av_conn_chg audio:%x video:%x up:%d conn_msk:0x%x chk_restore:%d "
1300 "audio_open_cnt:%d",
1301 p_cb->conn_audio, p_cb->conn_video, p_data->conn_chg.is_up, conn_msk,
1302 chk_restore, p_cb->audio_open_cnt);
1303
1304 if (chk_restore) {
1305 if (p_cb->audio_open_cnt == 1) {
1306 /* one audio channel goes down and there's one audio channel remains open.
1307 * restore the switch role in default link policy */
1308 bta_sys_set_default_policy(BTA_ID_AV, HCI_ENABLE_MASTER_SLAVE_SWITCH);
1309 /* allow role switch, if this is the last connection */
1310 bta_av_restore_switch();
1311 }
1312 if (p_cb->audio_open_cnt) {
1313 /* adjust flush timeout settings to longer period */
1314 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1315 p_scbi = bta_av_cb.p_scb[i];
1316 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1317 /* may need to update the flush timeout of this already started stream
1318 */
1319 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1320 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1321 L2CA_SetFlushTimeout(
1322 p_scbi->peer_addr,
1323 p_bta_av_cfg->p_audio_flush_to[p_scbi->co_started - 1]);
1324 }
1325 }
1326 }
1327 }
1328 }
1329 }
1330
1331 /*******************************************************************************
1332 *
1333 * Function bta_av_disable
1334 *
1335 * Description disable AV.
1336 *
1337 * Returns void
1338 *
1339 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1340 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1341 BT_HDR hdr;
1342 uint16_t xx;
1343
1344 p_cb->disabling = true;
1345
1346 bta_av_close_all_rc(p_cb);
1347
1348 osi_free_and_reset((void**)&p_cb->p_disc_db);
1349
1350 /* disable audio/video - de-register all channels,
1351 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1352 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1353 if (p_cb->p_scb[xx] != NULL) {
1354 hdr.layer_specific = xx + 1;
1355 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1356 }
1357 }
1358
1359 alarm_free(p_cb->link_signalling_timer);
1360 p_cb->link_signalling_timer = NULL;
1361 alarm_free(p_cb->accept_signalling_timer);
1362 p_cb->accept_signalling_timer = NULL;
1363 }
1364
1365 /*******************************************************************************
1366 *
1367 * Function bta_av_api_disconnect
1368 *
1369 * Description .
1370 *
1371 * Returns void
1372 *
1373 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1374 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1375 AVDT_DisconnectReq(p_data->api_discnt.bd_addr, bta_av_conn_cback);
1376 alarm_cancel(bta_av_cb.link_signalling_timer);
1377 }
1378
1379 /*******************************************************************************
1380 *
1381 * Function bta_av_sig_chg
1382 *
1383 * Description process AVDT signal channel up/down.
1384 *
1385 * Returns void
1386 *
1387 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1388 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1389 uint16_t event = p_data->str_msg.hdr.layer_specific;
1390 tBTA_AV_CB* p_cb = &bta_av_cb;
1391 uint32_t xx;
1392 uint8_t mask;
1393 tBTA_AV_LCB* p_lcb = NULL;
1394
1395 APPL_TRACE_DEBUG("bta_av_sig_chg event: %d", event);
1396 if (event == AVDT_CONNECT_IND_EVT) {
1397 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1398 if (!p_lcb) {
1399 /* if the address does not have an LCB yet, alloc one */
1400 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1401 mask = 1 << xx;
1402 APPL_TRACE_DEBUG("conn_lcb: 0x%x", p_cb->conn_lcb);
1403 /* look for a p_lcb with its p_scb registered */
1404 if ((!(mask & p_cb->conn_lcb)) && (p_cb->p_scb[xx] != NULL)) {
1405 p_lcb = &p_cb->lcb[xx];
1406 p_lcb->lidx = xx + 1;
1407 bdcpy(p_lcb->addr, p_data->str_msg.bd_addr);
1408 p_lcb->conn_msk = 0; /* clear the connect mask */
1409 /* start listening when the signal channel is open */
1410 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1411 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1412 }
1413 /* this entry is not used yet. */
1414 p_cb->conn_lcb |= mask; /* mark it as used */
1415 APPL_TRACE_DEBUG("start sig timer %d", p_data->hdr.offset);
1416 if (p_data->hdr.offset == AVDT_ACP) {
1417 APPL_TRACE_DEBUG("Incoming L2CAP acquired, set state as incoming",
1418 NULL);
1419 bdcpy(p_cb->p_scb[xx]->peer_addr, p_data->str_msg.bd_addr);
1420 p_cb->p_scb[xx]->use_rc =
1421 true; /* allowing RC for incoming connection */
1422 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_ACP_CONNECT_EVT, p_data);
1423
1424 /* The Pending Event should be sent as soon as the L2CAP signalling
1425 * channel
1426 * is set up, which is NOW. Earlier this was done only after
1427 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1428 * The following function shall send the event and start the
1429 * recurring timer
1430 */
1431 bta_av_signalling_timer(NULL);
1432
1433 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1434 bta_sys_conn_open(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1435 p_cb->p_scb[xx]->peer_addr);
1436 /* Possible collision : need to avoid outgoing processing while the
1437 * timer is running */
1438 p_cb->p_scb[xx]->coll_mask = BTA_AV_COLL_INC_TMR;
1439 alarm_set_on_queue(p_cb->accept_signalling_timer,
1440 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1441 bta_av_accept_signalling_timer_cback,
1442 UINT_TO_PTR(xx), btu_bta_alarm_queue);
1443 }
1444 break;
1445 }
1446 }
1447
1448 /* check if we found something */
1449 if (xx == BTA_AV_NUM_LINKS) {
1450 /* We do not have scb for this avdt connection. */
1451 /* Silently close the connection. */
1452 APPL_TRACE_ERROR("av scb not available for avdt connection");
1453 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1454 return;
1455 }
1456 }
1457 }
1458 #if (BTA_AR_INCLUDED == TRUE)
1459 else if (event == BTA_AR_AVDT_CONN_EVT) {
1460 alarm_cancel(bta_av_cb.link_signalling_timer);
1461 }
1462 #endif
1463 else {
1464 /* disconnected. */
1465 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb is %d", __func__,
1466 bta_av_cb.conn_lcb);
1467
1468 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1469 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1470 APPL_TRACE_DEBUG("conn_msk: 0x%x", p_lcb->conn_msk);
1471 /* clean up ssm */
1472 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1473 if ((p_cb->p_scb[xx]) &&
1474 (bdcmp(p_cb->p_scb[xx]->peer_addr, p_data->str_msg.bd_addr) == 0)) {
1475 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1476 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1477 p_cb->p_scb[xx]->peer_addr);
1478 }
1479 mask = 1 << (xx + 1);
1480 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1481 (p_cb->p_scb[xx]) &&
1482 (bdcmp(p_cb->p_scb[xx]->peer_addr, p_data->str_msg.bd_addr) == 0)) {
1483 APPL_TRACE_DEBUG("%s: Sending AVDT_DISCONNECT_EVT", __func__);
1484 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1485 }
1486 }
1487 }
1488 }
1489 APPL_TRACE_DEBUG("%s: sig_chg conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
1490 }
1491
1492 /*******************************************************************************
1493 *
1494 * Function bta_av_signalling_timer
1495 *
1496 * Description process the signal channel timer. This timer is started
1497 * when the AVDTP signal channel is connected. If no profile
1498 * is connected, the timer goes off every
1499 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1500 *
1501 * Returns void
1502 *
1503 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1504 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1505 tBTA_AV_CB* p_cb = &bta_av_cb;
1506 int xx;
1507 uint8_t mask;
1508 tBTA_AV_LCB* p_lcb = NULL;
1509 tBTA_AV_PEND pend;
1510
1511 APPL_TRACE_DEBUG("%s", __func__);
1512 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1513 mask = 1 << xx;
1514 if (mask & p_cb->conn_lcb) {
1515 /* this entry is used. check if it is connected */
1516 p_lcb = &p_cb->lcb[xx];
1517 if (!p_lcb->conn_msk) {
1518 bta_sys_start_timer(p_cb->link_signalling_timer,
1519 BTA_AV_SIGNALLING_TIMEOUT_MS,
1520 BTA_AV_SIGNALLING_TIMER_EVT, 0);
1521 bdcpy(pend.bd_addr, p_lcb->addr);
1522 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, (tBTA_AV*)&pend);
1523 }
1524 }
1525 }
1526 }
1527
1528 /*******************************************************************************
1529 *
1530 * Function bta_av_accept_signalling_timer_cback
1531 *
1532 * Description Process the timeout when SRC is accepting connection
1533 * and SNK did not start signalling.
1534 *
1535 * Returns void
1536 *
1537 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1538 static void bta_av_accept_signalling_timer_cback(void* data) {
1539 uint32_t inx = PTR_TO_UINT(data);
1540 tBTA_AV_CB* p_cb = &bta_av_cb;
1541 tBTA_AV_SCB* p_scb = NULL;
1542 if (inx < BTA_AV_NUM_STRS) {
1543 p_scb = p_cb->p_scb[inx];
1544 }
1545 if (p_scb) {
1546 APPL_TRACE_DEBUG("%s coll_mask = 0x%02X", __func__, p_scb->coll_mask);
1547
1548 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1549 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1550
1551 if (bta_av_is_scb_opening(p_scb)) {
1552 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1553 p_scb->sdp_discovery_started);
1554 if (p_scb->sdp_discovery_started) {
1555 /* We are still doing SDP. Run the timer again. */
1556 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1557
1558 alarm_set_on_queue(p_cb->accept_signalling_timer,
1559 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1560 bta_av_accept_signalling_timer_cback,
1561 UINT_TO_PTR(inx), btu_bta_alarm_queue);
1562 } else {
1563 /* SNK did not start signalling, resume signalling process. */
1564 bta_av_discover_req(p_scb, NULL);
1565 }
1566 } else if (bta_av_is_scb_incoming(p_scb)) {
1567 /* Stay in incoming state if SNK does not start signalling */
1568
1569 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1570 /* API open was called right after SNK opened L2C connection. */
1571 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1572 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1573
1574 /* BTA_AV_API_OPEN_EVT */
1575 tBTA_AV_API_OPEN* p_buf =
1576 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1577 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1578 bta_sys_sendmsg(p_buf);
1579 }
1580 }
1581 }
1582 }
1583 }
1584
1585 /*******************************************************************************
1586 *
1587 * Function bta_av_check_peer_features
1588 *
1589 * Description check supported features on the peer device from the SDP
1590 * record and return the feature mask
1591 *
1592 * Returns tBTA_AV_FEAT peer device feature mask
1593 *
1594 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1595 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1596 tBTA_AV_FEAT peer_features = 0;
1597 tBTA_AV_CB* p_cb = &bta_av_cb;
1598 tSDP_DISC_REC* p_rec = NULL;
1599 tSDP_DISC_ATTR* p_attr;
1600 uint16_t peer_rc_version = 0;
1601 uint16_t categories = 0;
1602
1603 APPL_TRACE_DEBUG("bta_av_check_peer_features service_uuid:x%x", service_uuid);
1604 /* loop through all records we found */
1605 while (true) {
1606 /* get next record; if none found, we're done */
1607 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1608 if (p_rec == NULL) {
1609 break;
1610 }
1611
1612 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1613 NULL) {
1614 /* find peer features */
1615 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1616 NULL)) {
1617 peer_features |= BTA_AV_FEAT_RCCT;
1618 }
1619 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1620 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1621 peer_features |= BTA_AV_FEAT_RCTG;
1622 }
1623 }
1624
1625 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1626 /* get profile version (if failure, version parameter is not updated) */
1627 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1628 &peer_rc_version);
1629 APPL_TRACE_DEBUG("peer_rc_version 0x%x", peer_rc_version);
1630
1631 if (peer_rc_version >= AVRC_REV_1_3)
1632 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1633
1634 if (peer_rc_version >= AVRC_REV_1_4) {
1635 /* get supported categories */
1636 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1637 if (p_attr != NULL) {
1638 categories = p_attr->attr_value.v.u16;
1639 if (categories & AVRC_SUPF_CT_CAT2)
1640 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1641 if (categories & AVRC_SUPF_CT_BROWSE)
1642 peer_features |= (BTA_AV_FEAT_BROWSE);
1643 }
1644 }
1645 }
1646 }
1647 APPL_TRACE_DEBUG("peer_features:x%x", peer_features);
1648 return peer_features;
1649 }
1650
1651 /*******************************************************************************
1652 *
1653 * Function bta_avk_check_peer_features
1654 *
1655 * Description check supported features on the peer device from the SDP
1656 * record and return the feature mask
1657 *
1658 * Returns tBTA_AV_FEAT peer device feature mask
1659 *
1660 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1661 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1662 tBTA_AV_FEAT peer_features = 0;
1663 tBTA_AV_CB* p_cb = &bta_av_cb;
1664
1665 APPL_TRACE_DEBUG("%s service_uuid:x%x", __func__, service_uuid);
1666
1667 /* loop through all records we found */
1668 tSDP_DISC_REC* p_rec =
1669 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1670 while (p_rec) {
1671 APPL_TRACE_DEBUG("%s found Service record for x%x", __func__, service_uuid);
1672
1673 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1674 NULL) {
1675 /* find peer features */
1676 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1677 NULL)) {
1678 peer_features |= BTA_AV_FEAT_RCCT;
1679 }
1680 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1681 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1682 peer_features |= BTA_AV_FEAT_RCTG;
1683 }
1684 }
1685
1686 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1687 /* get profile version (if failure, version parameter is not updated) */
1688 uint16_t peer_rc_version = 0;
1689 bool val = SDP_FindProfileVersionInRec(
1690 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1691 APPL_TRACE_DEBUG("%s peer_rc_version for TG 0x%x, profile_found %d",
1692 __func__, peer_rc_version, val);
1693
1694 if (peer_rc_version >= AVRC_REV_1_3)
1695 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1696
1697 /*
1698 * Though Absolute Volume came after in 1.4 and above, but there are few
1699 * devices
1700 * in market which supports absolute Volume and they are still 1.3
1701 * TO avoid IOT issuses with those devices, we check for 1.3 as minimum
1702 * version
1703 */
1704 if (peer_rc_version >= AVRC_REV_1_3) {
1705 /* get supported features */
1706 tSDP_DISC_ATTR* p_attr =
1707 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1708 if (p_attr != NULL) {
1709 uint16_t categories = p_attr->attr_value.v.u16;
1710 if (categories & AVRC_SUPF_CT_CAT2)
1711 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1712 if (categories & AVRC_SUPF_CT_APP_SETTINGS)
1713 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1714 if (categories & AVRC_SUPF_CT_BROWSE)
1715 peer_features |= (BTA_AV_FEAT_BROWSE);
1716 }
1717 }
1718 }
1719 /* get next record; if none found, we're done */
1720 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1721 }
1722 APPL_TRACE_DEBUG("%s peer_features:x%x", __func__, peer_features);
1723 return peer_features;
1724 }
1725
1726 /*******************************************************************************
1727 *
1728 * Function bta_av_rc_disc_done
1729 *
1730 * Description Handle AVRCP service discovery results. If matching
1731 * service found, open AVRCP connection.
1732 *
1733 * Returns void
1734 *
1735 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1736 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1737 tBTA_AV_CB* p_cb = &bta_av_cb;
1738 tBTA_AV_SCB* p_scb = NULL;
1739 tBTA_AV_LCB* p_lcb;
1740 tBTA_AV_RC_OPEN rc_open;
1741 tBTA_AV_RC_FEAT rc_feat;
1742 uint8_t rc_handle;
1743 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1744
1745 APPL_TRACE_DEBUG("%s bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1746 if (!p_cb->disc) {
1747 return;
1748 }
1749
1750 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1751 /* this is the rc handle/index to tBTA_AV_RCB */
1752 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1753 } else {
1754 /* Validate array index*/
1755 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1756 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1757 }
1758 if (p_scb) {
1759 rc_handle = p_scb->rc_handle;
1760 } else {
1761 p_cb->disc = 0;
1762 return;
1763 }
1764 }
1765
1766 APPL_TRACE_DEBUG("%s rc_handle %d", __func__, rc_handle);
1767 #if (BTA_AV_SINK_INCLUDED == TRUE)
1768 if (p_cb->sdp_a2dp_snk_handle) {
1769 /* This is Sink + CT + TG(Abs Vol) */
1770 peer_features =
1771 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1772 APPL_TRACE_DEBUG("%s populating rem ctrl target features %d", __func__,
1773 peer_features);
1774 if (BTA_AV_FEAT_ADV_CTRL &
1775 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1776 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1777 } else
1778 #endif
1779 if (p_cb->sdp_a2dp_handle) {
1780 /* check peer version and whether support CT and TG role */
1781 peer_features =
1782 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1783 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1784 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1785 /* if we support advance control and peer does not, check their support on
1786 * TG role
1787 * some implementation uses 1.3 on CT ans 1.4 on TG */
1788 peer_features |=
1789 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1790 }
1791 }
1792
1793 p_cb->disc = 0;
1794 osi_free_and_reset((void**)&p_cb->p_disc_db);
1795
1796 APPL_TRACE_DEBUG("peer_features 0x%x, features 0x%x", peer_features,
1797 p_cb->features);
1798
1799 /* if we have no rc connection */
1800 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1801 if (p_scb) {
1802 /* if peer remote control service matches ours and USE_RC is true */
1803 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1804 (peer_features & BTA_AV_FEAT_RCTG)) ||
1805 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
1806 (peer_features & BTA_AV_FEAT_RCCT)))) {
1807 p_lcb = bta_av_find_lcb(p_scb->peer_addr, BTA_AV_LCB_FIND);
1808 if (p_lcb) {
1809 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
1810 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
1811 p_cb->rcb[rc_handle].peer_features = peer_features;
1812 } else {
1813 APPL_TRACE_ERROR("can not find LCB!!");
1814 }
1815 } else if (p_scb->use_rc) {
1816 /* can not find AVRC on peer device. report failure */
1817 p_scb->use_rc = false;
1818 bdcpy(rc_open.peer_addr, p_scb->peer_addr);
1819 rc_open.peer_features = 0;
1820 rc_open.status = BTA_AV_FAIL_SDP;
1821 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, (tBTA_AV*)&rc_open);
1822 }
1823 }
1824 } else {
1825 p_cb->rcb[rc_handle].peer_features = peer_features;
1826 rc_feat.rc_handle = rc_handle;
1827 rc_feat.peer_features = peer_features;
1828 if (p_scb == NULL) {
1829 /*
1830 * In case scb is not created by the time we are done with SDP
1831 * we still need to send RC feature event. So we need to get BD
1832 * from Message
1833 */
1834 bdcpy(rc_feat.peer_addr, p_cb->lcb[p_cb->rcb[rc_handle].lidx].addr);
1835 } else
1836 bdcpy(rc_feat.peer_addr, p_scb->peer_addr);
1837 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, (tBTA_AV*)&rc_feat);
1838 }
1839 }
1840
1841 /*******************************************************************************
1842 *
1843 * Function bta_av_rc_closed
1844 *
1845 * Description Set AVRCP state to closed.
1846 *
1847 * Returns void
1848 *
1849 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)1850 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
1851 tBTA_AV_CB* p_cb = &bta_av_cb;
1852 tBTA_AV_RC_CLOSE rc_close;
1853 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1854 tBTA_AV_RCB* p_rcb;
1855 tBTA_AV_SCB* p_scb;
1856 int i;
1857 bool conn = false;
1858 tBTA_AV_LCB* p_lcb;
1859
1860 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
1861 p_scb = NULL;
1862 APPL_TRACE_DEBUG("bta_av_rc_closed rc_handle:%d", p_msg->handle);
1863 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1864 p_rcb = &p_cb->rcb[i];
1865 APPL_TRACE_DEBUG("bta_av_rc_closed rcb[%d] rc_handle:%d, status=0x%x", i,
1866 p_rcb->handle, p_rcb->status);
1867 if (p_rcb->handle == p_msg->handle) {
1868 rc_close.rc_handle = i;
1869 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
1870 p_rcb->peer_features = 0;
1871 APPL_TRACE_DEBUG(" shdl:%d, lidx:%d", p_rcb->shdl, p_rcb->lidx);
1872 if (p_rcb->shdl) {
1873 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
1874 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1875 }
1876 if (p_scb) {
1877 bdcpy(rc_close.peer_addr, p_scb->peer_addr);
1878 if (p_scb->rc_handle == p_rcb->handle)
1879 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
1880 APPL_TRACE_DEBUG("shdl:%d, srch:%d", p_rcb->shdl, p_scb->rc_handle);
1881 }
1882 p_rcb->shdl = 0;
1883 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
1884 /* if the RCB uses the extra LCB, use the addr for event and clean it */
1885 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
1886 bdcpy(rc_close.peer_addr, p_msg->peer_addr);
1887 APPL_TRACE_DEBUG("rc_only closed bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1888 p_msg->peer_addr[0], p_msg->peer_addr[1],
1889 p_msg->peer_addr[2], p_msg->peer_addr[3],
1890 p_msg->peer_addr[4], p_msg->peer_addr[5]);
1891 p_lcb->conn_msk = 0;
1892 p_lcb->lidx = 0;
1893 }
1894 p_rcb->lidx = 0;
1895
1896 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
1897 /* AVCT CCB is deallocated */
1898 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
1899 p_rcb->status = 0;
1900 } else {
1901 /* AVCT CCB is still there. dealloc */
1902 bta_av_del_rc(p_rcb);
1903
1904 /* if the AVRCP is no longer listening, create the listening channel */
1905 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1906 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1907 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1908 }
1909 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
1910 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
1911 /* at least one channel is still connected */
1912 conn = true;
1913 }
1914 }
1915
1916 if (!conn) {
1917 /* no AVRC channels are connected, go back to INIT state */
1918 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
1919 }
1920
1921 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
1922 rc_close.rc_handle = p_msg->handle;
1923 bdcpy(rc_close.peer_addr, p_msg->peer_addr);
1924 }
1925 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, (tBTA_AV*)&rc_close);
1926 }
1927
1928 /*******************************************************************************
1929 *
1930 * Function bta_av_rc_browse_opened
1931 *
1932 * Description AVRC browsing channel is opened
1933 *
1934 * Returns void
1935 *
1936 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)1937 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
1938 tBTA_AV_CB* p_cb = &bta_av_cb;
1939 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1940 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
1941
1942 APPL_TRACE_DEBUG(
1943 "bta_av_rc_browse_opened bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1944 p_msg->peer_addr[0], p_msg->peer_addr[1], p_msg->peer_addr[2],
1945 p_msg->peer_addr[3], p_msg->peer_addr[4], p_msg->peer_addr[5]);
1946 APPL_TRACE_DEBUG("bta_av_rc_browse_opened rc_handle:%d", p_msg->handle);
1947
1948 rc_browse_open.status = BTA_AV_SUCCESS;
1949 rc_browse_open.rc_handle = p_msg->handle;
1950 bdcpy(rc_browse_open.peer_addr, p_msg->peer_addr);
1951
1952 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, (tBTA_AV*)&rc_browse_open);
1953 }
1954
1955 /*******************************************************************************
1956 *
1957 * Function bta_av_rc_browse_closed
1958 *
1959 * Description AVRC browsing channel is closed
1960 *
1961 * Returns void
1962 *
1963 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)1964 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
1965 tBTA_AV_CB* p_cb = &bta_av_cb;
1966 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1967 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
1968
1969 APPL_TRACE_DEBUG(
1970 "bta_av_rc_browse_closed bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1971 p_msg->peer_addr[0], p_msg->peer_addr[1], p_msg->peer_addr[2],
1972 p_msg->peer_addr[3], p_msg->peer_addr[4], p_msg->peer_addr[5]);
1973 APPL_TRACE_DEBUG("bta_av_rc_browse_closed rc_handle:%d", p_msg->handle);
1974
1975 rc_browse_close.rc_handle = p_msg->handle;
1976 bdcpy(rc_browse_close.peer_addr, p_msg->peer_addr);
1977
1978 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, (tBTA_AV*)&rc_browse_close);
1979 }
1980
1981 /*******************************************************************************
1982 *
1983 * Function bta_av_rc_disc
1984 *
1985 * Description start AVRC SDP discovery.
1986 *
1987 * Returns void
1988 *
1989 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)1990 void bta_av_rc_disc(uint8_t disc) {
1991 tBTA_AV_CB* p_cb = &bta_av_cb;
1992 tAVRC_SDP_DB_PARAMS db_params;
1993 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
1994 ATTR_ID_BT_PROFILE_DESC_LIST,
1995 ATTR_ID_SUPPORTED_FEATURES};
1996 uint8_t hdi;
1997 tBTA_AV_SCB* p_scb;
1998 uint8_t* p_addr = NULL;
1999 uint8_t rc_handle;
2000
2001 APPL_TRACE_DEBUG("bta_av_rc_disc 0x%x, %d", disc, bta_av_cb.disc);
2002 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2003
2004 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2005 /* this is the rc handle/index to tBTA_AV_RCB */
2006 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2007 if (p_cb->rcb[rc_handle].lidx) {
2008 p_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2009 }
2010 } else {
2011 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2012 p_scb = p_cb->p_scb[hdi];
2013
2014 if (p_scb) {
2015 APPL_TRACE_DEBUG("rc_handle %d", p_scb->rc_handle);
2016 p_addr = p_scb->peer_addr;
2017 }
2018 }
2019
2020 if (p_addr) {
2021 /* allocate discovery database */
2022 if (p_cb->p_disc_db == NULL)
2023 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2024
2025 /* set up parameters */
2026 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2027 db_params.num_attr = 3;
2028 db_params.p_db = p_cb->p_disc_db;
2029 db_params.p_attrs = attr_list;
2030
2031 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2032 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, p_addr, &db_params,
2033 bta_av_avrc_sdp_cback) == AVRC_SUCCESS) {
2034 p_cb->disc = disc;
2035 APPL_TRACE_DEBUG("disc %d", p_cb->disc);
2036 }
2037 }
2038 }
2039
2040 /*******************************************************************************
2041 *
2042 * Function bta_av_dereg_comp
2043 *
2044 * Description deregister complete. free the stream control block.
2045 *
2046 * Returns void
2047 *
2048 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2049 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2050 tBTA_AV_CB* p_cb = &bta_av_cb;
2051 tBTA_AV_SCB* p_scb;
2052 tBTA_UTL_COD cod;
2053 uint8_t mask;
2054 BT_HDR* p_buf;
2055
2056 /* find the stream control block */
2057 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2058
2059 if (p_scb) {
2060 APPL_TRACE_DEBUG("deregistered %d(h%d)", p_scb->chnl, p_scb->hndl);
2061 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2062 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
2063 p_cb->reg_audio &= ~mask;
2064 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
2065 /* this channel is still marked as open. decrease the count */
2066 bta_av_cb.audio_open_cnt--;
2067 }
2068 p_cb->conn_audio &= ~mask;
2069
2070 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2071 /* make sure no buffers are in a2dp_list */
2072 while (!list_is_empty(p_scb->a2dp_list)) {
2073 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2074 list_remove(p_scb->a2dp_list, p_buf);
2075 osi_free(p_buf);
2076 }
2077 }
2078
2079 /* remove the A2DP SDP record, if no more audio stream is left */
2080 if (!p_cb->reg_audio) {
2081 #if (BTA_AR_INCLUDED == TRUE)
2082 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL, BTA_ID_AV);
2083 #endif
2084 if (p_cb->sdp_a2dp_handle) {
2085 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2086 p_cb->sdp_a2dp_handle = 0;
2087 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2088 }
2089
2090 #if (BTA_AV_SINK_INCLUDED == TRUE)
2091 if (p_cb->sdp_a2dp_snk_handle) {
2092 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2093 p_cb->sdp_a2dp_snk_handle = 0;
2094 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2095 }
2096 #endif
2097 }
2098 } else {
2099 p_cb->reg_video &= ~mask;
2100 /* make sure that this channel is not connected */
2101 p_cb->conn_video &= ~mask;
2102 /* remove the VDP SDP record, (only one video stream at most) */
2103 bta_av_del_sdp_rec(&p_cb->sdp_vdp_handle);
2104 bta_sys_remove_uuid(UUID_SERVCLASS_VIDEO_SOURCE);
2105 }
2106
2107 /* make sure that the timer is not active */
2108 alarm_cancel(p_scb->avrc_ct_timer);
2109 osi_free_and_reset((void**)&p_cb->p_scb[p_scb->hdi]);
2110 }
2111
2112 APPL_TRACE_DEBUG("audio 0x%x, video: 0x%x, disable:%d", p_cb->reg_audio,
2113 p_cb->reg_video, p_cb->disabling);
2114 /* if no stream control block is active */
2115 if ((p_cb->reg_audio + p_cb->reg_video) == 0) {
2116 #if (BTA_AR_INCLUDED == TRUE)
2117 /* deregister from AVDT */
2118 bta_ar_dereg_avdt(BTA_ID_AV);
2119
2120 /* deregister from AVCT */
2121 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET, BTA_ID_AV);
2122 bta_ar_dereg_avct(BTA_ID_AV);
2123 #endif
2124
2125 if (p_cb->disabling) {
2126 p_cb->disabling = false;
2127 bta_av_cb.features = 0;
2128 }
2129
2130 /* Clear the Capturing service class bit */
2131 cod.service = BTM_COD_SERVICE_CAPTURING;
2132 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2133 }
2134 }
2135