1 /******************************************************************************
2 *
3 * Copyright 2004-2016 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains action functions for advanced audio/video main state
22 * machine.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_bta_av"
27
28 #include "bt_target.h"
29
30 #include <base/logging.h>
31 #include <string.h>
32
33 #include "avdt_api.h"
34 #include "avrcp_service.h"
35 #include "bta_av_api.h"
36 #include "bta_av_int.h"
37 #include "l2c_api.h"
38 #include "osi/include/list.h"
39 #include "osi/include/log.h"
40 #include "osi/include/osi.h"
41 #include "osi/include/properties.h"
42 #include "utl.h"
43
44 #if (BTA_AR_INCLUDED == TRUE)
45 #include "bta_ar_api.h"
46 #endif
47
48 /*****************************************************************************
49 * Constants
50 ****************************************************************************/
51 /* the timeout to wait for open req after setconfig for incoming connections */
52 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
53 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
54 #endif
55
56 /* Time to wait for signalling from SNK when it is initiated from SNK. */
57 /* If not, we will start signalling from SRC. */
58 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
59 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
60 #endif
61
62 static void bta_av_accept_signalling_timer_cback(void* data);
63
64 #ifndef AVRC_MIN_META_CMD_LEN
65 #define AVRC_MIN_META_CMD_LEN 20
66 #endif
67
68 /*******************************************************************************
69 *
70 * Function bta_av_get_rcb_by_shdl
71 *
72 * Description find the RCB associated with the given SCB handle.
73 *
74 * Returns tBTA_AV_RCB
75 *
76 ******************************************************************************/
bta_av_get_rcb_by_shdl(uint8_t shdl)77 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
78 tBTA_AV_RCB* p_rcb = NULL;
79 int i;
80
81 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
82 if (bta_av_cb.rcb[i].shdl == shdl &&
83 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
84 p_rcb = &bta_av_cb.rcb[i];
85 break;
86 }
87 }
88 return p_rcb;
89 }
90 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
91
92 /*******************************************************************************
93 *
94 * Function bta_av_del_rc
95 *
96 * Description delete the given AVRC handle.
97 *
98 * Returns void
99 *
100 ******************************************************************************/
bta_av_del_rc(tBTA_AV_RCB * p_rcb)101 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
102 tBTA_AV_SCB* p_scb;
103 uint8_t rc_handle; /* connected AVRCP handle */
104
105 p_scb = NULL;
106 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
107 if (p_rcb->shdl) {
108 /* Validate array index*/
109 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
110 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
111 }
112 if (p_scb) {
113 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
114 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
115 if (p_scb->rc_handle == p_rcb->handle)
116 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
117 /* just in case the RC timer is active
118 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
119 BTA_AV_CHNL_AUDIO) */
120 alarm_cancel(p_scb->avrc_ct_timer);
121 }
122 }
123
124 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
125 __func__, p_rcb->handle, p_rcb->status,
126 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
127 rc_handle = p_rcb->handle;
128 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
129 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
130 p_rcb->status = 0;
131 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
132 p_rcb->shdl = 0;
133 p_rcb->lidx = 0;
134 }
135 /* else ACP && connected. do not clear the handle yet */
136 AVRC_Close(rc_handle);
137 if (rc_handle == bta_av_cb.rc_acp_handle)
138 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
139 APPL_TRACE_EVENT(
140 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
141 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
142 p_rcb->lidx);
143 }
144 }
145
146 /*******************************************************************************
147 *
148 * Function bta_av_close_all_rc
149 *
150 * Description close the all AVRC handle.
151 *
152 * Returns void
153 *
154 ******************************************************************************/
bta_av_close_all_rc(tBTA_AV_CB * p_cb)155 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
156 int i;
157
158 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
159 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
160 bta_av_del_rc(&bta_av_cb.rcb[i]);
161 }
162 }
163
164 /*******************************************************************************
165 *
166 * Function bta_av_del_sdp_rec
167 *
168 * Description delete the given SDP record handle.
169 *
170 * Returns void
171 *
172 ******************************************************************************/
bta_av_del_sdp_rec(uint32_t * p_sdp_handle)173 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
174 if (*p_sdp_handle != 0) {
175 SDP_DeleteRecord(*p_sdp_handle);
176 *p_sdp_handle = 0;
177 }
178 }
179
180 /*******************************************************************************
181 *
182 * Function bta_av_avrc_sdp_cback
183 *
184 * Description AVRCP service discovery callback.
185 *
186 * Returns void
187 *
188 ******************************************************************************/
bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status)189 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
190 BT_HDR* p_msg = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
191
192 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
193
194 bta_sys_sendmsg(p_msg);
195 }
196
197 /*******************************************************************************
198 *
199 * Function bta_av_rc_ctrl_cback
200 *
201 * Description AVRCP control callback.
202 *
203 * Returns void
204 *
205 ******************************************************************************/
bta_av_rc_ctrl_cback(uint8_t handle,uint8_t event,UNUSED_ATTR uint16_t result,const RawAddress * peer_addr)206 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
207 UNUSED_ATTR uint16_t result,
208 const RawAddress* peer_addr) {
209 uint16_t msg_event = 0;
210
211 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
212 if (event == AVRC_OPEN_IND_EVT) {
213 /* save handle of opened connection
214 bta_av_cb.rc_handle = handle;*/
215
216 msg_event = BTA_AV_AVRC_OPEN_EVT;
217 } else if (event == AVRC_CLOSE_IND_EVT) {
218 msg_event = BTA_AV_AVRC_CLOSE_EVT;
219 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
220 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
221 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
222 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
223 }
224
225 if (msg_event) {
226 tBTA_AV_RC_CONN_CHG* p_msg =
227 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
228 p_msg->hdr.event = msg_event;
229 p_msg->handle = handle;
230 if (peer_addr) p_msg->peer_addr = *peer_addr;
231 bta_sys_sendmsg(p_msg);
232 }
233 }
234
235 /*******************************************************************************
236 *
237 * Function bta_av_rc_msg_cback
238 *
239 * Description AVRCP message callback.
240 *
241 * Returns void
242 *
243 ******************************************************************************/
bta_av_rc_msg_cback(uint8_t handle,uint8_t label,uint8_t opcode,tAVRC_MSG * p_msg)244 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
245 tAVRC_MSG* p_msg) {
246 uint8_t* p_data_src = NULL;
247 uint16_t data_len = 0;
248
249 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
250
251 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
252 */
253
254 /* Get size of payload data (for vendor and passthrough messages only; for
255 * browsing
256 * messages, use zero-copy) */
257 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
258 p_data_src = p_msg->vendor.p_vendor_data;
259 data_len = (uint16_t)p_msg->vendor.vendor_len;
260 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
261 p_data_src = p_msg->pass.p_pass_data;
262 data_len = (uint16_t)p_msg->pass.pass_len;
263 }
264
265 /* Create a copy of the message */
266 tBTA_AV_RC_MSG* p_buf =
267 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
268
269 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
270 p_buf->handle = handle;
271 p_buf->label = label;
272 p_buf->opcode = opcode;
273 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
274 /* Copy the data payload, and set the pointer to it */
275 if (p_data_src != NULL) {
276 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
277 memcpy(p_data_dst, p_data_src, data_len);
278
279 /* Update bta message buffer to point to payload data */
280 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
281 * already points to original avrc buffer) */
282 if (opcode == AVRC_OP_VENDOR)
283 p_buf->msg.vendor.p_vendor_data = p_data_dst;
284 else if (opcode == AVRC_OP_PASS_THRU)
285 p_buf->msg.pass.p_pass_data = p_data_dst;
286 }
287
288 if (opcode == AVRC_OP_BROWSE) {
289 /* set p_pkt to NULL, so avrc would not free the buffer */
290 p_msg->browse.p_browse_pkt = NULL;
291 }
292
293 bta_sys_sendmsg(p_buf);
294 }
295
296 /*******************************************************************************
297 *
298 * Function bta_av_rc_create
299 *
300 * Description alloc RCB and call AVRC_Open
301 *
302 * Returns the created rc handle
303 *
304 ******************************************************************************/
bta_av_rc_create(tBTA_AV_CB * p_cb,uint8_t role,uint8_t shdl,uint8_t lidx)305 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
306 uint8_t lidx) {
307 if (is_new_avrcp_enabled()) {
308 APPL_TRACE_WARNING("%s: Skipping RC creation for the old AVRCP profile",
309 __func__);
310 return BTA_AV_RC_HANDLE_NONE;
311 }
312
313 tAVRC_CONN_CB ccb;
314 RawAddress bda = RawAddress::kAny;
315 uint8_t status = BTA_AV_RC_ROLE_ACP;
316 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
317 int i;
318 uint8_t rc_handle;
319 tBTA_AV_RCB* p_rcb;
320
321 if (role == AVCT_INT) {
322 bda = p_scb->PeerAddress();
323 status = BTA_AV_RC_ROLE_INT;
324 } else {
325 p_rcb = bta_av_get_rcb_by_shdl(shdl);
326 if (p_rcb != NULL) {
327 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
328 return p_rcb->handle;
329 }
330 }
331
332 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
333 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
334 ccb.company_id = p_bta_av_cfg->company_id;
335 ccb.conn = role;
336 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
337 */
338 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
339 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
340
341 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
342 return BTA_AV_RC_HANDLE_NONE;
343
344 i = rc_handle;
345 p_rcb = &p_cb->rcb[i];
346
347 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
348 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
349 }
350
351 p_rcb->handle = rc_handle;
352 p_rcb->status = status;
353 p_rcb->shdl = shdl;
354 p_rcb->lidx = lidx;
355 p_rcb->peer_features = 0;
356 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
357 /* this LIDX is reserved for the AVRCP ACP connection */
358 p_cb->rc_acp_handle = p_rcb->handle;
359 p_cb->rc_acp_idx = (i + 1);
360 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
361 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
362 }
363 APPL_TRACE_DEBUG(
364 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
365 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
366
367 return rc_handle;
368 }
369
370 /*******************************************************************************
371 *
372 * Function bta_av_valid_group_navi_msg
373 *
374 * Description Check if it is Group Navigation Msg for Metadata
375 *
376 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
377 *
378 ******************************************************************************/
bta_av_group_navi_supported(uint8_t len,uint8_t * p_data,bool is_inquiry)379 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
380 bool is_inquiry) {
381 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
382 uint8_t* p_ptr = p_data;
383 uint16_t u16;
384 uint32_t u32;
385
386 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
387 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
388 BE_STREAM_TO_UINT16(u16, p_ptr);
389
390 if (u32 == AVRC_CO_METADATA) {
391 if (is_inquiry) {
392 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
393 } else {
394 if (u16 <= AVRC_PDU_PREV_GROUP)
395 ret = AVRC_RSP_ACCEPT;
396 else
397 ret = AVRC_RSP_REJ;
398 }
399 }
400 }
401
402 return ret;
403 }
404
405 /*******************************************************************************
406 *
407 * Function bta_av_op_supported
408 *
409 * Description Check if remote control operation is supported.
410 *
411 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
412 *
413 ******************************************************************************/
bta_av_op_supported(tBTA_AV_RC rc_id,bool is_inquiry)414 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
415 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
416
417 if (p_bta_av_rc_id) {
418 if (is_inquiry) {
419 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
420 ret_code = AVRC_RSP_IMPL_STBL;
421 }
422 } else {
423 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
424 ret_code = AVRC_RSP_ACCEPT;
425 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
426 p_bta_av_rc_id_ac) {
427 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
428 ret_code = AVRC_RSP_INTERIM;
429 }
430 }
431 }
432 }
433 return ret_code;
434 }
435
436 /*******************************************************************************
437 *
438 * Function bta_av_find_lcb
439 *
440 * Description Given BD_addr, find the associated LCB.
441 *
442 * Returns NULL, if not found.
443 *
444 ******************************************************************************/
bta_av_find_lcb(const RawAddress & addr,uint8_t op)445 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
446 tBTA_AV_CB* p_cb = &bta_av_cb;
447 int xx;
448 uint8_t mask;
449 tBTA_AV_LCB* p_lcb = NULL;
450
451 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__, addr.ToString().c_str(),
452 op);
453 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
454 mask = 1 << xx; /* the used mask for this lcb */
455 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
456 p_lcb = &p_cb->lcb[xx];
457 if (op == BTA_AV_LCB_FREE) {
458 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
459 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
460 }
461 break;
462 }
463 }
464 return p_lcb;
465 }
466
467 /*******************************************************************************
468 *
469 * Function bta_av_rc_opened
470 *
471 * Description Set AVRCP state to opened.
472 *
473 * Returns void
474 *
475 ******************************************************************************/
bta_av_rc_opened(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)476 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
477 tBTA_AV_RC_OPEN rc_open;
478 tBTA_AV_SCB* p_scb;
479 int i;
480 uint8_t shdl = 0;
481 tBTA_AV_LCB* p_lcb;
482 tBTA_AV_RCB* p_rcb;
483 uint8_t tmp;
484 uint8_t disc = 0;
485
486 /* find the SCB & stop the timer */
487 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
488 p_scb = p_cb->p_scb[i];
489 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
490 p_scb->rc_handle = p_data->rc_conn_chg.handle;
491 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
492 p_scb->rc_handle);
493 shdl = i + 1;
494 LOG_INFO(LOG_TAG, "%s: allow incoming AVRCP connections:%d", __func__,
495 p_scb->use_rc);
496 alarm_cancel(p_scb->avrc_ct_timer);
497 disc = p_scb->hndl;
498 break;
499 }
500 }
501
502 i = p_data->rc_conn_chg.handle;
503 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
504 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
505 return;
506 }
507
508 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
509 p_cb->features, p_cb->rcb[i].peer_features);
510
511 /* listen to browsing channel when the connection is open,
512 * if peer initiated AVRCP connection and local device supports browsing
513 * channel */
514 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
515
516 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
517 /* rc is opened on the RC only ACP channel, but is for a specific
518 * SCB -> need to switch RCBs */
519 p_rcb = bta_av_get_rcb_by_shdl(shdl);
520 if (p_rcb) {
521 p_rcb->shdl = p_cb->rcb[i].shdl;
522 tmp = p_rcb->lidx;
523 p_rcb->lidx = p_cb->rcb[i].lidx;
524 p_cb->rcb[i].lidx = tmp;
525 p_cb->rc_acp_handle = p_rcb->handle;
526 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
527 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
528 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
529 }
530 }
531
532 p_cb->rcb[i].shdl = shdl;
533 rc_open.rc_handle = i;
534 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
535 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
536 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
537
538 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
539 /* no associated SCB -> connected to an RC only device
540 * update the index to the extra LCB */
541 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
542 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
543 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
544 p_cb->rcb[i].lidx = p_lcb->lidx;
545 p_lcb->conn_msk = 1;
546 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
547 __func__, p_lcb->addr.ToString().c_str(), i,
548 p_cb->rcb[i].lidx, p_lcb->conn_msk);
549 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
550 }
551
552 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
553 rc_open.peer_features = p_cb->rcb[i].peer_features;
554 rc_open.status = BTA_AV_SUCCESS;
555 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
556 p_cb->features, rc_open.peer_features);
557 if (rc_open.peer_features == 0) {
558 /* we have not done SDP on peer RC capabilities.
559 * peer must have initiated the RC connection */
560 if (p_cb->features & BTA_AV_FEAT_RCCT)
561 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
562 if (p_cb->features & BTA_AV_FEAT_RCTG)
563 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
564
565 bta_av_rc_disc(disc);
566 }
567 tBTA_AV bta_av_data;
568 bta_av_data.rc_open = rc_open;
569 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
570
571 /* if local initiated AVRCP connection and both peer and locals device support
572 * browsing channel, open the browsing channel now
573 * TODO (sanketa): Some TG would not broadcast browse feature hence check
574 * inter-op. */
575 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
576 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
577 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
578 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
579 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
580 }
581 }
582
583 /*******************************************************************************
584 *
585 * Function bta_av_rc_remote_cmd
586 *
587 * Description Send an AVRCP remote control command.
588 *
589 * Returns void
590 *
591 ******************************************************************************/
bta_av_rc_remote_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)592 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
593 tBTA_AV_RCB* p_rcb;
594 if (p_cb->features & BTA_AV_FEAT_RCCT) {
595 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
596 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
597 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
598 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
599 &p_data->api_remote_cmd.msg);
600 }
601 }
602 }
603 }
604
605 /*******************************************************************************
606 *
607 * Function bta_av_rc_vendor_cmd
608 *
609 * Description Send an AVRCP vendor specific command.
610 *
611 * Returns void
612 *
613 ******************************************************************************/
bta_av_rc_vendor_cmd(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)614 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
615 tBTA_AV_RCB* p_rcb;
616 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
617 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
618 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
619 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
620 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
621 &p_data->api_vendor.msg);
622 }
623 }
624 }
625
626 /*******************************************************************************
627 *
628 * Function bta_av_rc_vendor_rsp
629 *
630 * Description Send an AVRCP vendor specific response.
631 *
632 * Returns void
633 *
634 ******************************************************************************/
bta_av_rc_vendor_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)635 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
636 tBTA_AV_RCB* p_rcb;
637 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
638 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
639 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
640 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
641 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
642 &p_data->api_vendor.msg);
643 }
644 }
645 }
646
647 /*******************************************************************************
648 *
649 * Function bta_av_rc_meta_rsp
650 *
651 * Description Send an AVRCP metadata/advanced control command/response.
652 *
653 * Returns void
654 *
655 ******************************************************************************/
bta_av_rc_meta_rsp(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)656 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
657 tBTA_AV_RCB* p_rcb;
658 bool do_free = true;
659
660 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
661 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
662 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
663 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
664 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
665 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
666 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
667 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
668 do_free = false;
669 }
670 }
671 }
672
673 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
674 }
675
676 /*******************************************************************************
677 *
678 * Function bta_av_rc_free_rsp
679 *
680 * Description free an AVRCP metadata command buffer.
681 *
682 * Returns void
683 *
684 ******************************************************************************/
bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)685 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
686 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
687 }
688
689 /*******************************************************************************
690 *
691 * Function bta_av_rc_free_browse_msg
692 *
693 * Description free an AVRCP browse message buffer.
694 *
695 * Returns void
696 *
697 ******************************************************************************/
bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)698 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
699 tBTA_AV_DATA* p_data) {
700 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
701 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
702 }
703 }
704
705 /*******************************************************************************
706 *
707 * Function bta_av_chk_notif_evt_id
708 *
709 * Description make sure the requested player id is valid.
710 *
711 * Returns BTA_AV_STS_NO_RSP, if no error
712 *
713 ******************************************************************************/
bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR * p_vendor)714 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
715 tAVRC_STS status = BTA_AV_STS_NO_RSP;
716 uint8_t xx;
717 uint16_t u16;
718 uint8_t* p = p_vendor->p_vendor_data + 2;
719
720 BE_STREAM_TO_UINT16(u16, p);
721 /* double check the fixed length */
722 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
723 status = AVRC_STS_INTERNAL_ERR;
724 } else {
725 /* make sure the player_id is valid */
726 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
727 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
728 break;
729 }
730 }
731 if (xx == p_bta_av_cfg->num_evt_ids) {
732 status = AVRC_STS_BAD_PARAM;
733 }
734 }
735
736 return status;
737 }
738
739 /*******************************************************************************
740 *
741 * Function bta_av_proc_meta_cmd
742 *
743 * Description Process an AVRCP metadata command from the peer.
744 *
745 * Returns true to respond immediately
746 *
747 ******************************************************************************/
bta_av_proc_meta_cmd(tAVRC_RESPONSE * p_rc_rsp,tBTA_AV_RC_MSG * p_msg,uint8_t * p_ctype)748 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
749 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
750 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
751 uint8_t u8, pdu, *p;
752 uint16_t u16;
753 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
754
755 pdu = *(p_vendor->p_vendor_data);
756 p_rc_rsp->pdu = pdu;
757 *p_ctype = AVRC_RSP_REJ;
758
759 /* Check to ansure a valid minimum meta data length */
760 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
761 /* reject it */
762 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
763 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
764 p_vendor->vendor_len);
765 return 0;
766 }
767
768 /* Metadata messages only use PANEL sub-unit type */
769 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
770 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
771 /* reject it */
772 evt = 0;
773 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
774 p_vendor->vendor_len = 0;
775 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
776 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
777 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
778 p_vendor->hdr.ctype);
779 /* reject invalid message without reporting to app */
780 evt = 0;
781 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
782 } else {
783 switch (pdu) {
784 case AVRC_PDU_GET_CAPABILITIES:
785 /* process GetCapabilities command without reporting the event to app */
786 evt = 0;
787 u8 = *(p_vendor->p_vendor_data + 4);
788 p = p_vendor->p_vendor_data + 2;
789 p_rc_rsp->get_caps.capability_id = u8;
790 BE_STREAM_TO_UINT16(u16, p);
791 if ((u16 != 1) || (p_vendor->vendor_len != 5)) {
792 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
793 } else {
794 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
795 if (u8 == AVRC_CAP_COMPANY_ID) {
796 *p_ctype = AVRC_RSP_IMPL_STBL;
797 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
798 memcpy(p_rc_rsp->get_caps.param.company_id,
799 p_bta_av_cfg->p_meta_co_ids,
800 (p_bta_av_cfg->num_co_ids << 2));
801 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
802 *p_ctype = AVRC_RSP_IMPL_STBL;
803 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
804 memcpy(p_rc_rsp->get_caps.param.event_id,
805 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
806 } else {
807 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
808 /* reject - unknown capability ID */
809 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
810 }
811 }
812 break;
813
814 case AVRC_PDU_REGISTER_NOTIFICATION:
815 /* make sure the event_id is implemented */
816 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
817 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
818 break;
819 }
820 }
821
822 return evt;
823 }
824
825 /*******************************************************************************
826 *
827 * Function bta_av_rc_msg
828 *
829 * Description Process an AVRCP message from the peer.
830 *
831 * Returns void
832 *
833 ******************************************************************************/
bta_av_rc_msg(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)834 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
835 tBTA_AV_EVT evt = 0;
836 tBTA_AV av;
837 BT_HDR* p_pkt = NULL;
838 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
839 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
840 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
841 uint8_t ctype = 0;
842 tAVRC_RESPONSE rc_rsp;
843
844 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
845
846 if (NULL == p_data) {
847 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
848 return;
849 }
850
851 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
852 p_data->rc_msg.msg.hdr.ctype);
853
854 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
855 /* if this is a pass thru command */
856 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
857 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
858 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
859 /* check if operation is supported */
860 char avrcp_ct_support[PROPERTY_VALUE_MAX];
861 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
862 "false");
863 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
864 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
865 if (p_cb->features & BTA_AV_FEAT_METADATA)
866 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
867 p_data->rc_msg.msg.pass.pass_len,
868 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
869 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
870 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
871 !strcmp(avrcp_ct_support, "true")) {
872 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
873 } else {
874 p_data->rc_msg.msg.hdr.ctype =
875 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
876 }
877
878 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
879
880 /* send response */
881 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
882 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
883 &p_data->rc_msg.msg.pass);
884
885 /* set up for callback if supported */
886 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
887 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
888 evt = BTA_AV_REMOTE_CMD_EVT;
889 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
890 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
891 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
892 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
893 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
894 av.remote_cmd.label = p_data->rc_msg.label;
895 }
896 }
897 /* else if this is a pass thru response */
898 /* id response type is not impl, we have to release label */
899 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
900 /* set up for callback */
901 evt = BTA_AV_REMOTE_RSP_EVT;
902 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
903 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
904 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
905 av.remote_rsp.label = p_data->rc_msg.label;
906
907 /* If this response is for vendor unique command */
908 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
909 (p_data->rc_msg.msg.pass.pass_len > 0)) {
910 av.remote_rsp.p_data =
911 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
912 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
913 p_data->rc_msg.msg.pass.pass_len);
914 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
915 p_data->rc_msg.msg.pass.pass_len);
916 }
917 }
918 /* must be a bad ctype -> reject*/
919 else {
920 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
921 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
922 &p_data->rc_msg.msg.pass);
923 }
924 }
925 /* else if this is a vendor specific command or response */
926 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
927 /* set up for callback */
928 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
929 av.vendor_cmd.company_id = p_vendor->company_id;
930 av.vendor_cmd.label = p_data->rc_msg.label;
931 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
932 av.vendor_cmd.len = p_vendor->vendor_len;
933
934 /* if configured to support vendor specific and it's a command */
935 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
936 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
937 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
938 (p_vendor->company_id == AVRC_CO_METADATA)) {
939 av.meta_msg.p_msg = &p_data->rc_msg.msg;
940 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
941 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
942 } else {
943 evt = BTA_AV_VENDOR_CMD_EVT;
944 }
945 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
946 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
947 /* else if configured to support vendor specific and it's a response */
948 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
949 (p_vendor->company_id == AVRC_CO_METADATA)) {
950 av.meta_msg.p_msg = &p_data->rc_msg.msg;
951 evt = BTA_AV_META_MSG_EVT;
952 } else {
953 evt = BTA_AV_VENDOR_RSP_EVT;
954 }
955 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
956 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
957 /* else if not configured to support vendor specific and it's a command */
958 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
959 /* reject it */
960 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
961 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
962 } else {
963 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
964 }
965 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
966 &p_data->rc_msg.msg.vendor);
967 }
968 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
969 /* set up for callback */
970 av.meta_msg.rc_handle = p_data->rc_msg.handle;
971 av.meta_msg.company_id = p_vendor->company_id;
972 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
973 av.meta_msg.label = p_data->rc_msg.label;
974 av.meta_msg.p_msg = &p_data->rc_msg.msg;
975 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
976 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
977 evt = BTA_AV_META_MSG_EVT;
978 }
979
980 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
981 if (!p_pkt) {
982 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
983 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
984 }
985 if (p_pkt)
986 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
987 }
988
989 /* call callback */
990 if (evt != 0) {
991 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
992 (*p_cb->p_cback)(evt, &av);
993 /* If browsing message, then free the browse message buffer */
994 bta_av_rc_free_browse_msg(p_cb, p_data);
995 }
996 }
997
998 /*******************************************************************************
999 *
1000 * Function bta_av_rc_close
1001 *
1002 * Description close the specified AVRC handle.
1003 *
1004 * Returns void
1005 *
1006 ******************************************************************************/
bta_av_rc_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1007 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1008 uint16_t handle = p_data->hdr.layer_specific;
1009 tBTA_AV_SCB* p_scb;
1010 tBTA_AV_RCB* p_rcb;
1011
1012 if (handle < BTA_AV_NUM_RCB) {
1013 p_rcb = &p_cb->rcb[handle];
1014
1015 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1016 p_rcb->status);
1017 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1018 if (p_rcb->shdl) {
1019 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1020 if (p_scb) {
1021 /* just in case the RC timer is active
1022 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1023 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1024 alarm_cancel(p_scb->avrc_ct_timer);
1025 }
1026 }
1027
1028 AVRC_Close(p_rcb->handle);
1029 }
1030 }
1031 }
1032
1033 /*******************************************************************************
1034 *
1035 * Function bta_av_rc_browse_close
1036 *
1037 * Description Empty placeholder.
1038 *
1039 * Returns void
1040 *
1041 ******************************************************************************/
bta_av_rc_browse_close(tBTA_AV_CB * p_cb,tBTA_AV_DATA * p_data)1042 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1043 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1044 }
1045
1046 /*******************************************************************************
1047 *
1048 * Function bta_av_get_shdl
1049 *
1050 * Returns The index to p_scb[]
1051 *
1052 ******************************************************************************/
bta_av_get_shdl(tBTA_AV_SCB * p_scb)1053 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1054 int i;
1055 uint8_t shdl = 0;
1056 /* find the SCB & stop the timer */
1057 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1058 if (p_scb == bta_av_cb.p_scb[i]) {
1059 shdl = i + 1;
1060 break;
1061 }
1062 }
1063 return shdl;
1064 }
1065
1066 /*******************************************************************************
1067 *
1068 * Function bta_av_stream_chg
1069 *
1070 * Description audio streaming status changed.
1071 *
1072 * Returns void
1073 *
1074 ******************************************************************************/
bta_av_stream_chg(tBTA_AV_SCB * p_scb,bool started)1075 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1076 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1077
1078 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1079 p_scb->PeerAddress().ToString().c_str(),
1080 logbool(started).c_str(), started_msk);
1081
1082 if (started) {
1083 bta_av_cb.audio_streams |= started_msk;
1084 /* Let L2CAP know this channel is processed with high priority */
1085 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1086 } else {
1087 bta_av_cb.audio_streams &= ~started_msk;
1088 /* Let L2CAP know this channel is processed with low priority */
1089 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1090 }
1091 }
1092
1093 /*******************************************************************************
1094 *
1095 * Function bta_av_conn_chg
1096 *
1097 * Description connetion status changed.
1098 * Open an AVRCP acceptor channel, if new conn.
1099 *
1100 * Returns void
1101 *
1102 ******************************************************************************/
bta_av_conn_chg(tBTA_AV_DATA * p_data)1103 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1104 tBTA_AV_CB* p_cb = &bta_av_cb;
1105 tBTA_AV_SCB* p_scb = NULL;
1106 tBTA_AV_SCB* p_scbi;
1107 uint8_t mask;
1108 uint8_t conn_msk;
1109 uint8_t old_msk;
1110 int i;
1111 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1112 tBTA_AV_LCB* p_lcb;
1113 tBTA_AV_LCB* p_lcb_rc;
1114 tBTA_AV_RCB *p_rcb, *p_rcb2;
1115 bool chk_restore = false;
1116
1117 /* Validate array index*/
1118 if (index < BTA_AV_NUM_STRS) {
1119 p_scb = p_cb->p_scb[index];
1120 }
1121 mask = BTA_AV_HNDL_TO_MSK(index);
1122 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1123 conn_msk = 1 << (index + 1);
1124 if (p_data->conn_chg.is_up) {
1125 /* set the conned mask for this channel */
1126 if (p_scb) {
1127 if (p_lcb) {
1128 p_lcb->conn_msk |= conn_msk;
1129 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1130 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1131 bta_av_cb.rcb[i].shdl = index + 1;
1132 APPL_TRACE_DEBUG(
1133 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1134 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1135 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1136 break;
1137 }
1138 }
1139 }
1140 old_msk = p_cb->conn_audio;
1141 p_cb->conn_audio |= mask;
1142
1143 if ((old_msk & mask) == 0) {
1144 /* increase the audio open count, if not set yet */
1145 bta_av_cb.audio_open_cnt++;
1146 }
1147
1148 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1149 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1150 /* check if the AVRCP ACP channel is already connected */
1151 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1152 p_cb->rc_acp_idx) {
1153 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1154 APPL_TRACE_DEBUG(
1155 "%s: rc_acp is connected && conn_chg on same addr "
1156 "p_lcb_rc->conn_msk:x%x",
1157 __func__, p_lcb_rc->conn_msk);
1158 /* check if the RC is connected to the scb addr */
1159 LOG_INFO(LOG_TAG, "%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s",
1160 __func__, p_lcb_rc->addr.ToString().c_str(),
1161 p_data->conn_chg.peer_addr.ToString().c_str());
1162
1163 if (p_lcb_rc->conn_msk &&
1164 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1165 /* AVRCP is already connected.
1166 * need to update the association betwen SCB and RCB */
1167 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1168 p_lcb_rc->lidx = 0;
1169 p_scb->rc_handle = p_cb->rc_acp_handle;
1170 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1171 p_rcb->shdl = bta_av_get_shdl(p_scb);
1172 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1173 index + 1, p_rcb->shdl, p_scb->rc_handle);
1174
1175 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1176 if (p_rcb2) {
1177 /* found the RCB that was created to associated with this SCB */
1178 p_cb->rc_acp_handle = p_rcb2->handle;
1179 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1180 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1181 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1182 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1183 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1184 p_rcb2->handle, p_rcb2->lidx,
1185 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1186 }
1187 p_rcb->lidx = p_lcb->lidx;
1188 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1189 p_rcb->handle, p_rcb->lidx,
1190 p_cb->lcb[p_rcb->lidx - 1].lidx);
1191 }
1192 }
1193 }
1194 } else {
1195 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1196 /* this channel is still marked as open. decrease the count */
1197 bta_av_cb.audio_open_cnt--;
1198 }
1199
1200 /* clear the conned mask for this channel */
1201 p_cb->conn_audio &= ~mask;
1202 if (p_scb) {
1203 // The stream is closed. Clear the state.
1204 p_scb->OnDisconnected();
1205 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1206 if (p_lcb) {
1207 p_lcb->conn_msk &= ~conn_msk;
1208 }
1209 /* audio channel is down. make sure the INT channel is down */
1210 /* just in case the RC timer is active
1211 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1212 { alarm_cancel(p_scb->avrc_ct_timer); }
1213 /* one audio channel goes down. check if we need to restore high
1214 * priority */
1215 chk_restore = true;
1216 }
1217 }
1218
1219 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1220 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1221 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1222 __func__, i, bta_av_cb.rcb[i].handle,
1223 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1224 bta_av_cb.rcb[i].lidx);
1225 if (bta_av_cb.rcb[i].shdl == index + 1) {
1226 bta_av_del_rc(&bta_av_cb.rcb[i]);
1227 /* since the connection is already down and info was removed, clean
1228 * reference */
1229 bta_av_cb.rcb[i].shdl = 0;
1230 break;
1231 }
1232 }
1233
1234 if (p_cb->conn_audio == 0) {
1235 /* if both channels are not connected,
1236 * close all RC channels */
1237 bta_av_close_all_rc(p_cb);
1238 }
1239
1240 /* if the AVRCP is no longer listening, create the listening channel */
1241 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1242 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1243 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1244 }
1245
1246 APPL_TRACE_DEBUG(
1247 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1248 "audio_open_cnt:%d",
1249 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1250 p_cb->audio_open_cnt);
1251
1252 if (chk_restore) {
1253 if (p_cb->audio_open_cnt == 1) {
1254 /* one audio channel goes down and there's one audio channel remains open.
1255 * restore the switch role in default link policy */
1256 bta_sys_set_default_policy(BTA_ID_AV, HCI_ENABLE_MASTER_SLAVE_SWITCH);
1257 /* allow role switch, if this is the last connection */
1258 bta_av_restore_switch();
1259 }
1260 if (p_cb->audio_open_cnt) {
1261 /* adjust flush timeout settings to longer period */
1262 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1263 p_scbi = bta_av_cb.p_scb[i];
1264 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1265 /* may need to update the flush timeout of this already started stream
1266 */
1267 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1268 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1269 L2CA_SetFlushTimeout(
1270 p_scbi->PeerAddress(),
1271 p_bta_av_cfg->p_audio_flush_to[p_scbi->co_started - 1]);
1272 }
1273 }
1274 }
1275 }
1276 }
1277 }
1278
1279 /*******************************************************************************
1280 *
1281 * Function bta_av_disable
1282 *
1283 * Description disable AV.
1284 *
1285 * Returns void
1286 *
1287 ******************************************************************************/
bta_av_disable(tBTA_AV_CB * p_cb,UNUSED_ATTR tBTA_AV_DATA * p_data)1288 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1289 BT_HDR hdr;
1290 uint16_t xx;
1291
1292 p_cb->disabling = true;
1293
1294 bta_av_close_all_rc(p_cb);
1295
1296 osi_free_and_reset((void**)&p_cb->p_disc_db);
1297
1298 /* disable audio/video - de-register all channels,
1299 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1300 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1301 if (p_cb->p_scb[xx] != NULL) {
1302 hdr.layer_specific = xx + 1;
1303 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1304 }
1305 }
1306
1307 alarm_free(p_cb->link_signalling_timer);
1308 p_cb->link_signalling_timer = NULL;
1309 alarm_free(p_cb->accept_signalling_timer);
1310 p_cb->accept_signalling_timer = NULL;
1311 }
1312
1313 /*******************************************************************************
1314 *
1315 * Function bta_av_api_disconnect
1316 *
1317 * Description .
1318 *
1319 * Returns void
1320 *
1321 ******************************************************************************/
bta_av_api_disconnect(tBTA_AV_DATA * p_data)1322 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1323 AVDT_DisconnectReq(p_data->api_discnt.bd_addr, bta_av_conn_cback);
1324 alarm_cancel(bta_av_cb.link_signalling_timer);
1325 }
1326
1327 /**
1328 * Find the index for the free LCB entry to use.
1329 *
1330 * The selection order is:
1331 * (1) Find the index if there is already SCB entry for the peer address
1332 * (2) If there is no SCB entry for the peer address, find the first
1333 * SCB entry that is not assigned.
1334 *
1335 * @param peer_address the peer address to use
1336 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1337 * if no entry is found
1338 */
bta_av_find_lcb_index_by_scb_and_address(const RawAddress & peer_address)1339 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1340 const RawAddress& peer_address) {
1341 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1342 peer_address.ToString().c_str(), bta_av_cb.conn_lcb);
1343
1344 // Find the index if there is already SCB entry for the peer address
1345 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1346 uint8_t mask = 1 << index;
1347 if (mask & bta_av_cb.conn_lcb) {
1348 continue;
1349 }
1350 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1351 if (p_scb == nullptr) {
1352 continue;
1353 }
1354 if (p_scb->PeerAddress() == peer_address) {
1355 return index;
1356 }
1357 }
1358
1359 // Find the first SCB entry that is not assigned.
1360 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1361 uint8_t mask = 1 << index;
1362 if (mask & bta_av_cb.conn_lcb) {
1363 continue;
1364 }
1365 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1366 if (p_scb == nullptr) {
1367 continue;
1368 }
1369 if (!p_scb->IsAssigned()) {
1370 return index;
1371 }
1372 }
1373
1374 return BTA_AV_NUM_LINKS;
1375 }
1376
1377 /*******************************************************************************
1378 *
1379 * Function bta_av_sig_chg
1380 *
1381 * Description process AVDT signal channel up/down.
1382 *
1383 * Returns void
1384 *
1385 ******************************************************************************/
bta_av_sig_chg(tBTA_AV_DATA * p_data)1386 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1387 uint16_t event = p_data->str_msg.hdr.layer_specific;
1388 tBTA_AV_CB* p_cb = &bta_av_cb;
1389 uint32_t xx;
1390 uint8_t mask;
1391 tBTA_AV_LCB* p_lcb = NULL;
1392
1393 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1394 if (event == AVDT_CONNECT_IND_EVT) {
1395 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1396 p_data->str_msg.bd_addr.ToString().c_str());
1397
1398 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1399 if (!p_lcb) {
1400 /* if the address does not have an LCB yet, alloc one */
1401 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1402
1403 /* check if we found something */
1404 if (xx >= BTA_AV_NUM_LINKS) {
1405 /* We do not have scb for this avdt connection. */
1406 /* Silently close the connection. */
1407 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1408 __func__, p_data->str_msg.bd_addr.ToString().c_str());
1409 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1410 return;
1411 }
1412 LOG_INFO(LOG_TAG,
1413 "%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1414 __func__, p_data->str_msg.bd_addr.ToString().c_str(), xx);
1415
1416 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1417 mask = 1 << xx;
1418 p_lcb = &p_cb->lcb[xx];
1419 p_lcb->lidx = xx + 1;
1420 p_lcb->addr = p_data->str_msg.bd_addr;
1421 p_lcb->conn_msk = 0; /* clear the connect mask */
1422 /* start listening when the signal channel is open */
1423 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1424 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1425 }
1426 /* this entry is not used yet. */
1427 p_cb->conn_lcb |= mask; /* mark it as used */
1428 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1429 if (p_data->hdr.offset == AVDT_ACP) {
1430 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1431 __func__);
1432 p_scb->OnConnected(p_data->str_msg.bd_addr);
1433 p_scb->use_rc = true; /* allowing RC for incoming connection */
1434 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1435
1436 /* The Pending Event should be sent as soon as the L2CAP signalling
1437 * channel
1438 * is set up, which is NOW. Earlier this was done only after
1439 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1440 * The following function shall send the event and start the
1441 * recurring timer
1442 */
1443 bta_av_signalling_timer(NULL);
1444
1445 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1446 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1447 /* Possible collision : need to avoid outgoing processing while the
1448 * timer is running */
1449 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1450 alarm_set_on_mloop(
1451 p_cb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1452 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1453 }
1454 }
1455 }
1456 #if (BTA_AR_INCLUDED == TRUE)
1457 else if (event == BTA_AR_AVDT_CONN_EVT) {
1458 alarm_cancel(bta_av_cb.link_signalling_timer);
1459 }
1460 #endif
1461 else {
1462 /* disconnected. */
1463 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb is %d", __func__,
1464 bta_av_cb.conn_lcb);
1465
1466 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1467 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1468 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1469 /* clean up ssm */
1470 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1471 if (p_cb->p_scb[xx] &&
1472 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1473 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1474 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1475 p_cb->p_scb[xx]->PeerAddress());
1476 }
1477 mask = 1 << (xx + 1);
1478 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1479 p_cb->p_scb[xx] &&
1480 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1481 APPL_TRACE_WARNING("%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s",
1482 __func__,
1483 p_cb->p_scb[xx]->PeerAddress().ToString().c_str());
1484 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1485 }
1486 }
1487 }
1488 }
1489 APPL_TRACE_DEBUG("%s: sig_chg conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
1490 }
1491
1492 /*******************************************************************************
1493 *
1494 * Function bta_av_signalling_timer
1495 *
1496 * Description process the signal channel timer. This timer is started
1497 * when the AVDTP signal channel is connected. If no profile
1498 * is connected, the timer goes off every
1499 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1500 *
1501 * Returns void
1502 *
1503 ******************************************************************************/
bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA * p_data)1504 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1505 tBTA_AV_CB* p_cb = &bta_av_cb;
1506 int xx;
1507 uint8_t mask;
1508 tBTA_AV_LCB* p_lcb = NULL;
1509
1510 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1511 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1512 p_lcb = &p_cb->lcb[xx];
1513 mask = 1 << xx;
1514 APPL_TRACE_DEBUG(
1515 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1516 xx, p_cb->conn_lcb, p_lcb->addr.ToString().c_str(), p_lcb->conn_msk,
1517 p_lcb->lidx);
1518 if (mask & p_cb->conn_lcb) {
1519 /* this entry is used. check if it is connected */
1520 if (!p_lcb->conn_msk) {
1521 bta_sys_start_timer(p_cb->link_signalling_timer,
1522 BTA_AV_SIGNALLING_TIMEOUT_MS,
1523 BTA_AV_SIGNALLING_TIMER_EVT, 0);
1524 tBTA_AV_PEND pend;
1525 pend.bd_addr = p_lcb->addr;
1526 tBTA_AV bta_av_data;
1527 bta_av_data.pend = pend;
1528 APPL_TRACE_DEBUG(
1529 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1530 __func__, pend.bd_addr.ToString().c_str(), xx, p_lcb->conn_msk,
1531 p_lcb->lidx);
1532 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1533 }
1534 }
1535 }
1536 }
1537
1538 /*******************************************************************************
1539 *
1540 * Function bta_av_accept_signalling_timer_cback
1541 *
1542 * Description Process the timeout when SRC is accepting connection
1543 * and SNK did not start signalling.
1544 *
1545 * Returns void
1546 *
1547 ******************************************************************************/
bta_av_accept_signalling_timer_cback(void * data)1548 static void bta_av_accept_signalling_timer_cback(void* data) {
1549 uint32_t inx = PTR_TO_UINT(data);
1550 tBTA_AV_CB* p_cb = &bta_av_cb;
1551 tBTA_AV_SCB* p_scb = NULL;
1552 if (inx < BTA_AV_NUM_STRS) {
1553 p_scb = p_cb->p_scb[inx];
1554 }
1555 if (p_scb) {
1556 APPL_TRACE_DEBUG("%s: coll_mask = 0x%02X", __func__, p_scb->coll_mask);
1557
1558 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1559 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1560
1561 if (bta_av_is_scb_opening(p_scb)) {
1562 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1563 p_scb->sdp_discovery_started);
1564 if (p_scb->sdp_discovery_started) {
1565 /* We are still doing SDP. Run the timer again. */
1566 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1567
1568 alarm_set_on_mloop(p_cb->accept_signalling_timer,
1569 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1570 bta_av_accept_signalling_timer_cback,
1571 UINT_TO_PTR(inx));
1572 } else {
1573 /* SNK did not start signalling, resume signalling process. */
1574 bta_av_discover_req(p_scb, NULL);
1575 }
1576 } else if (bta_av_is_scb_incoming(p_scb)) {
1577 /* Stay in incoming state if SNK does not start signalling */
1578
1579 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1580 /* API open was called right after SNK opened L2C connection. */
1581 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1582 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1583
1584 /* BTA_AV_API_OPEN_EVT */
1585 tBTA_AV_API_OPEN* p_buf =
1586 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1587 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1588 bta_sys_sendmsg(p_buf);
1589 }
1590 }
1591 }
1592 }
1593 }
1594
1595 /*******************************************************************************
1596 *
1597 * Function bta_av_check_peer_features
1598 *
1599 * Description check supported features on the peer device from the SDP
1600 * record and return the feature mask
1601 *
1602 * Returns tBTA_AV_FEAT peer device feature mask
1603 *
1604 ******************************************************************************/
bta_av_check_peer_features(uint16_t service_uuid)1605 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1606 tBTA_AV_FEAT peer_features = 0;
1607 tBTA_AV_CB* p_cb = &bta_av_cb;
1608 tSDP_DISC_REC* p_rec = NULL;
1609 tSDP_DISC_ATTR* p_attr;
1610 uint16_t peer_rc_version = 0;
1611 uint16_t categories = 0;
1612
1613 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1614 /* loop through all records we found */
1615 while (true) {
1616 /* get next record; if none found, we're done */
1617 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1618 if (p_rec == NULL) {
1619 break;
1620 }
1621
1622 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1623 NULL) {
1624 /* find peer features */
1625 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1626 NULL)) {
1627 peer_features |= BTA_AV_FEAT_RCCT;
1628 }
1629 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1630 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1631 peer_features |= BTA_AV_FEAT_RCTG;
1632 }
1633 }
1634
1635 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1636 /* get profile version (if failure, version parameter is not updated) */
1637 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1638 &peer_rc_version);
1639 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1640
1641 if (peer_rc_version >= AVRC_REV_1_3)
1642 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1643
1644 if (peer_rc_version >= AVRC_REV_1_4) {
1645 /* get supported categories */
1646 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1647 if (p_attr != NULL) {
1648 categories = p_attr->attr_value.v.u16;
1649 if (categories & AVRC_SUPF_CT_CAT2)
1650 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1651 if (categories & AVRC_SUPF_CT_BROWSE)
1652 peer_features |= (BTA_AV_FEAT_BROWSE);
1653 }
1654 }
1655 }
1656 }
1657 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1658 return peer_features;
1659 }
1660
1661 /*******************************************************************************
1662 *
1663 * Function bta_avk_check_peer_features
1664 *
1665 * Description check supported features on the peer device from the SDP
1666 * record and return the feature mask
1667 *
1668 * Returns tBTA_AV_FEAT peer device feature mask
1669 *
1670 ******************************************************************************/
bta_avk_check_peer_features(uint16_t service_uuid)1671 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1672 tBTA_AV_FEAT peer_features = 0;
1673 tBTA_AV_CB* p_cb = &bta_av_cb;
1674
1675 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1676
1677 /* loop through all records we found */
1678 tSDP_DISC_REC* p_rec =
1679 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1680 while (p_rec) {
1681 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1682 service_uuid);
1683
1684 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1685 NULL) {
1686 /* find peer features */
1687 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1688 NULL)) {
1689 peer_features |= BTA_AV_FEAT_RCCT;
1690 }
1691 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1692 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1693 peer_features |= BTA_AV_FEAT_RCTG;
1694 }
1695 }
1696
1697 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1698 /* get profile version (if failure, version parameter is not updated) */
1699 uint16_t peer_rc_version = 0;
1700 bool val = SDP_FindProfileVersionInRec(
1701 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1702 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1703 __func__, peer_rc_version, val);
1704
1705 if (peer_rc_version >= AVRC_REV_1_3)
1706 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1707
1708 /*
1709 * Though Absolute Volume came after in 1.4 and above, but there are few
1710 * devices
1711 * in market which supports absolute Volume and they are still 1.3
1712 * TO avoid IOT issuses with those devices, we check for 1.3 as minimum
1713 * version
1714 */
1715 if (peer_rc_version >= AVRC_REV_1_3) {
1716 /* get supported features */
1717 tSDP_DISC_ATTR* p_attr =
1718 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1719 if (p_attr != NULL) {
1720 uint16_t categories = p_attr->attr_value.v.u16;
1721 if (categories & AVRC_SUPF_CT_CAT2)
1722 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1723 if (categories & AVRC_SUPF_CT_APP_SETTINGS)
1724 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1725 if (categories & AVRC_SUPF_CT_BROWSE)
1726 peer_features |= (BTA_AV_FEAT_BROWSE);
1727 }
1728 }
1729 }
1730 /* get next record; if none found, we're done */
1731 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1732 }
1733 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1734 return peer_features;
1735 }
1736
1737 /*******************************************************************************
1738 *
1739 * Function bta_av_rc_disc_done
1740 *
1741 * Description Handle AVRCP service discovery results. If matching
1742 * service found, open AVRCP connection.
1743 *
1744 * Returns void
1745 *
1746 ******************************************************************************/
bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA * p_data)1747 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1748 tBTA_AV_CB* p_cb = &bta_av_cb;
1749 tBTA_AV_SCB* p_scb = NULL;
1750 tBTA_AV_LCB* p_lcb;
1751 uint8_t rc_handle;
1752 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1753
1754 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1755 if (!p_cb->disc) {
1756 return;
1757 }
1758
1759 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1760 /* this is the rc handle/index to tBTA_AV_RCB */
1761 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1762 } else {
1763 /* Validate array index*/
1764 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1765 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1766 }
1767 if (p_scb) {
1768 rc_handle = p_scb->rc_handle;
1769 } else {
1770 p_cb->disc = 0;
1771 return;
1772 }
1773 }
1774
1775 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1776 #if (BTA_AV_SINK_INCLUDED == TRUE)
1777 if (p_cb->sdp_a2dp_snk_handle) {
1778 /* This is Sink + CT + TG(Abs Vol) */
1779 peer_features =
1780 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1781 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
1782 peer_features);
1783 if (BTA_AV_FEAT_ADV_CTRL &
1784 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1785 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1786 } else
1787 #endif
1788 if (p_cb->sdp_a2dp_handle) {
1789 /* check peer version and whether support CT and TG role */
1790 peer_features =
1791 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1792 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1793 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1794 /* if we support advance control and peer does not, check their support on
1795 * TG role
1796 * some implementation uses 1.3 on CT ans 1.4 on TG */
1797 peer_features |=
1798 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1799 }
1800
1801 /* Change our features if the remote AVRCP version is 1.3 or less */
1802 tSDP_DISC_REC* p_rec = nullptr;
1803 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1804 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
1805 if (p_rec != NULL &&
1806 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
1807 /* get profile version (if failure, version parameter is not updated) */
1808 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
1809 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1810 &peer_rc_version);
1811 if (peer_rc_version <= AVRC_REV_1_3) {
1812 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
1813 __func__);
1814 p_bta_av_cfg = &bta_av_cfg_compatibility;
1815 }
1816 }
1817 }
1818
1819 p_cb->disc = 0;
1820 osi_free_and_reset((void**)&p_cb->p_disc_db);
1821
1822 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
1823 peer_features, p_cb->features);
1824
1825 /* if we have no rc connection */
1826 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1827 if (p_scb) {
1828 /* if peer remote control service matches ours and USE_RC is true */
1829 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1830 (peer_features & BTA_AV_FEAT_RCTG)) ||
1831 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
1832 (peer_features & BTA_AV_FEAT_RCCT)))) {
1833 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
1834 if (p_lcb) {
1835 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
1836 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
1837 p_cb->rcb[rc_handle].peer_features = peer_features;
1838 } else {
1839 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
1840 }
1841 } else if (p_scb->use_rc) {
1842 /* can not find AVRC on peer device. report failure */
1843 p_scb->use_rc = false;
1844 tBTA_AV_RC_OPEN rc_open;
1845 rc_open.peer_addr = p_scb->PeerAddress();
1846 rc_open.peer_features = 0;
1847 rc_open.status = BTA_AV_FAIL_SDP;
1848 tBTA_AV bta_av_data;
1849 bta_av_data.rc_open = rc_open;
1850 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
1851 }
1852 }
1853 } else {
1854 tBTA_AV_RC_FEAT rc_feat;
1855 p_cb->rcb[rc_handle].peer_features = peer_features;
1856 rc_feat.rc_handle = rc_handle;
1857 rc_feat.peer_features = peer_features;
1858 if (p_scb == NULL) {
1859 /*
1860 * In case scb is not created by the time we are done with SDP
1861 * we still need to send RC feature event. So we need to get BD
1862 * from Message
1863 */
1864 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx].addr;
1865 } else {
1866 rc_feat.peer_addr = p_scb->PeerAddress();
1867 }
1868 tBTA_AV bta_av_data;
1869 bta_av_data.rc_feat = rc_feat;
1870 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_data);
1871 }
1872 }
1873
1874 /*******************************************************************************
1875 *
1876 * Function bta_av_rc_closed
1877 *
1878 * Description Set AVRCP state to closed.
1879 *
1880 * Returns void
1881 *
1882 ******************************************************************************/
bta_av_rc_closed(tBTA_AV_DATA * p_data)1883 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
1884 tBTA_AV_CB* p_cb = &bta_av_cb;
1885 tBTA_AV_RC_CLOSE rc_close;
1886 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1887 tBTA_AV_RCB* p_rcb;
1888 tBTA_AV_SCB* p_scb;
1889 int i;
1890 bool conn = false;
1891 tBTA_AV_LCB* p_lcb;
1892
1893 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
1894 p_scb = NULL;
1895 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
1896 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1897 p_rcb = &p_cb->rcb[i];
1898 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
1899 p_rcb->handle, p_rcb->status);
1900 if (p_rcb->handle == p_msg->handle) {
1901 rc_close.rc_handle = i;
1902 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
1903 p_rcb->peer_features = 0;
1904 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
1905 p_rcb->lidx);
1906 if (p_rcb->shdl) {
1907 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
1908 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1909 }
1910 if (p_scb) {
1911 rc_close.peer_addr = p_scb->PeerAddress();
1912 if (p_scb->rc_handle == p_rcb->handle)
1913 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
1914 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
1915 p_scb->rc_handle);
1916 }
1917 p_rcb->shdl = 0;
1918 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
1919 /* if the RCB uses the extra LCB, use the addr for event and clean it */
1920 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
1921 rc_close.peer_addr = p_msg->peer_addr;
1922 LOG_INFO(LOG_TAG, "%s: rc_only closed bd_addr: %s", __func__,
1923 p_msg->peer_addr.ToString().c_str());
1924 p_lcb->conn_msk = 0;
1925 p_lcb->lidx = 0;
1926 }
1927 p_rcb->lidx = 0;
1928
1929 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
1930 /* AVCT CCB is deallocated */
1931 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
1932 p_rcb->status = 0;
1933 } else {
1934 /* AVCT CCB is still there. dealloc */
1935 bta_av_del_rc(p_rcb);
1936
1937 /* if the AVRCP is no longer listening, create the listening channel */
1938 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1939 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1940 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1941 }
1942 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
1943 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
1944 /* at least one channel is still connected */
1945 conn = true;
1946 }
1947 }
1948
1949 if (!conn) {
1950 /* no AVRC channels are connected, go back to INIT state */
1951 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
1952 }
1953
1954 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
1955 rc_close.rc_handle = p_msg->handle;
1956 rc_close.peer_addr = p_msg->peer_addr;
1957 }
1958 tBTA_AV bta_av_data;
1959 bta_av_data.rc_close = rc_close;
1960 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
1961 }
1962
1963 /*******************************************************************************
1964 *
1965 * Function bta_av_rc_browse_opened
1966 *
1967 * Description AVRC browsing channel is opened
1968 *
1969 * Returns void
1970 *
1971 ******************************************************************************/
bta_av_rc_browse_opened(tBTA_AV_DATA * p_data)1972 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
1973 tBTA_AV_CB* p_cb = &bta_av_cb;
1974 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
1975 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
1976
1977 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
1978 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
1979
1980 rc_browse_open.status = BTA_AV_SUCCESS;
1981 rc_browse_open.rc_handle = p_msg->handle;
1982 rc_browse_open.peer_addr = p_msg->peer_addr;
1983
1984 tBTA_AV bta_av_data;
1985 bta_av_data.rc_browse_open = rc_browse_open;
1986 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
1987 }
1988
1989 /*******************************************************************************
1990 *
1991 * Function bta_av_rc_browse_closed
1992 *
1993 * Description AVRC browsing channel is closed
1994 *
1995 * Returns void
1996 *
1997 ******************************************************************************/
bta_av_rc_browse_closed(tBTA_AV_DATA * p_data)1998 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
1999 tBTA_AV_CB* p_cb = &bta_av_cb;
2000 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2001 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2002
2003 LOG_INFO(LOG_TAG, "%s: peer_addr: %s rc_handle:%d", __func__,
2004 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2005
2006 rc_browse_close.rc_handle = p_msg->handle;
2007 rc_browse_close.peer_addr = p_msg->peer_addr;
2008
2009 tBTA_AV bta_av_data;
2010 bta_av_data.rc_browse_close = rc_browse_close;
2011 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2012 }
2013
2014 /*******************************************************************************
2015 *
2016 * Function bta_av_rc_disc
2017 *
2018 * Description start AVRC SDP discovery.
2019 *
2020 * Returns void
2021 *
2022 ******************************************************************************/
bta_av_rc_disc(uint8_t disc)2023 void bta_av_rc_disc(uint8_t disc) {
2024 tBTA_AV_CB* p_cb = &bta_av_cb;
2025 tAVRC_SDP_DB_PARAMS db_params;
2026 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2027 ATTR_ID_BT_PROFILE_DESC_LIST,
2028 ATTR_ID_SUPPORTED_FEATURES};
2029 uint8_t hdi;
2030 tBTA_AV_SCB* p_scb;
2031 RawAddress peer_addr = RawAddress::kEmpty;
2032 uint8_t rc_handle;
2033
2034 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2035 bta_av_cb.disc);
2036 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2037
2038 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2039 /* this is the rc handle/index to tBTA_AV_RCB */
2040 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2041 if (p_cb->rcb[rc_handle].lidx) {
2042 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2043 }
2044 } else {
2045 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2046 p_scb = p_cb->p_scb[hdi];
2047
2048 if (p_scb) {
2049 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2050 peer_addr = p_scb->PeerAddress();
2051 }
2052 }
2053
2054 if (!peer_addr.IsEmpty()) {
2055 /* allocate discovery database */
2056 if (p_cb->p_disc_db == NULL)
2057 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2058
2059 /* set up parameters */
2060 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2061 db_params.num_attr = 3;
2062 db_params.p_db = p_cb->p_disc_db;
2063 db_params.p_attrs = attr_list;
2064
2065 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2066 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2067 &db_params,
2068 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2069 p_cb->disc = disc;
2070 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2071 }
2072 }
2073 }
2074
2075 /*******************************************************************************
2076 *
2077 * Function bta_av_dereg_comp
2078 *
2079 * Description deregister complete. free the stream control block.
2080 *
2081 * Returns void
2082 *
2083 ******************************************************************************/
bta_av_dereg_comp(tBTA_AV_DATA * p_data)2084 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2085 tBTA_AV_CB* p_cb = &bta_av_cb;
2086 tBTA_AV_SCB* p_scb;
2087 tBTA_UTL_COD cod;
2088 uint8_t mask;
2089 BT_HDR* p_buf;
2090
2091 /* find the stream control block */
2092 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2093
2094 if (p_scb) {
2095 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2096 p_scb->hndl);
2097 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2098 p_cb->reg_audio &= ~mask;
2099 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
2100 /* this channel is still marked as open. decrease the count */
2101 bta_av_cb.audio_open_cnt--;
2102 }
2103 p_cb->conn_audio &= ~mask;
2104
2105 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2106 /* make sure no buffers are in a2dp_list */
2107 while (!list_is_empty(p_scb->a2dp_list)) {
2108 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2109 list_remove(p_scb->a2dp_list, p_buf);
2110 osi_free(p_buf);
2111 }
2112 }
2113
2114 /* remove the A2DP SDP record, if no more audio stream is left */
2115 if (!p_cb->reg_audio) {
2116 #if (BTA_AR_INCLUDED == TRUE)
2117 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL, BTA_ID_AV);
2118 #endif
2119 if (p_cb->sdp_a2dp_handle) {
2120 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2121 p_cb->sdp_a2dp_handle = 0;
2122 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2123 }
2124
2125 #if (BTA_AV_SINK_INCLUDED == TRUE)
2126 if (p_cb->sdp_a2dp_snk_handle) {
2127 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2128 p_cb->sdp_a2dp_snk_handle = 0;
2129 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2130 }
2131 #endif
2132 }
2133
2134 bta_av_free_scb(p_scb);
2135 }
2136
2137 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2138 p_cb->disabling);
2139 /* if no stream control block is active */
2140 if (p_cb->reg_audio == 0) {
2141 #if (BTA_AR_INCLUDED == TRUE)
2142 /* deregister from AVDT */
2143 bta_ar_dereg_avdt(BTA_ID_AV);
2144
2145 /* deregister from AVCT */
2146 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET, BTA_ID_AV);
2147 bta_ar_dereg_avct(BTA_ID_AV);
2148 #endif
2149
2150 if (p_cb->disabling) {
2151 p_cb->disabling = false;
2152 bta_av_cb.features = 0;
2153 }
2154
2155 /* Clear the Capturing service class bit */
2156 cod.service = BTM_COD_SERVICE_CAPTURING;
2157 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
2158 }
2159 }
2160