1 /******************************************************************************
3 * Copyright 2004-2016 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains action functions for advanced audio/video main state
24 ******************************************************************************/
26 #define LOG_TAG "bt_bta_av"
28 #include "bt_target.h"
30 #include <base/logging.h>
34 #include "avrcp_service.h"
35 #include "bta_av_api.h"
36 #include "bta_av_int.h"
39 #include "osi/include/list.h"
40 #include "osi/include/log.h"
41 #include "osi/include/osi.h"
42 #include "osi/include/properties.h"
43 #include "stack/include/acl_api.h"
46 #include "bta_ar_api.h"
48 /*****************************************************************************
50 ****************************************************************************/
51 /* the timeout to wait for open req after setconfig for incoming connections */
52 #ifndef BTA_AV_SIGNALLING_TIMEOUT_MS
53 #define BTA_AV_SIGNALLING_TIMEOUT_MS (8 * 1000) /* 8 seconds */
56 /* Time to wait for signalling from SNK when it is initiated from SNK. */
57 /* If not, we will start signalling from SRC. */
58 #ifndef BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS
59 #define BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS (2 * 1000) /* 2 seconds */
62 static void bta_av_accept_signalling_timer_cback(void* data);
64 #ifndef AVRC_MIN_META_CMD_LEN
65 #define AVRC_MIN_META_CMD_LEN 20
68 /*******************************************************************************
70 * Function bta_av_get_rcb_by_shdl
72 * Description find the RCB associated with the given SCB handle.
76 ******************************************************************************/
77 tBTA_AV_RCB* bta_av_get_rcb_by_shdl(uint8_t shdl) {
78 tBTA_AV_RCB* p_rcb = NULL;
81 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
82 if (bta_av_cb.rcb[i].shdl == shdl &&
83 bta_av_cb.rcb[i].handle != BTA_AV_RC_HANDLE_NONE) {
84 p_rcb = &bta_av_cb.rcb[i];
90 #define BTA_AV_STS_NO_RSP 0xFF /* a number not used by tAVRC_STS */
92 /*******************************************************************************
94 * Function bta_av_del_rc
96 * Description delete the given AVRC handle.
100 ******************************************************************************/
101 void bta_av_del_rc(tBTA_AV_RCB* p_rcb) {
103 uint8_t rc_handle; /* connected AVRCP handle */
106 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
108 /* Validate array index*/
109 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
110 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
113 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d rc_handle:%d", __func__,
114 p_rcb->shdl, p_scb->rc_handle, p_rcb->handle);
115 if (p_scb->rc_handle == p_rcb->handle)
116 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
117 /* just in case the RC timer is active
118 if (bta_av_cb.features & BTA_AV_FEAT_RCCT && p_scb->chnl ==
119 BTA_AV_CHNL_AUDIO) */
120 alarm_cancel(p_scb->avrc_ct_timer);
124 APPL_TRACE_EVENT("%s: handle: %d status=0x%x, rc_acp_handle:%d, idx:%d",
125 __func__, p_rcb->handle, p_rcb->status,
126 bta_av_cb.rc_acp_handle, bta_av_cb.rc_acp_idx);
127 rc_handle = p_rcb->handle;
128 if (!(p_rcb->status & BTA_AV_RC_CONN_MASK) ||
129 ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
131 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
135 /* else ACP && connected. do not clear the handle yet */
136 AVRC_Close(rc_handle);
137 if (rc_handle == bta_av_cb.rc_acp_handle)
138 bta_av_cb.rc_acp_handle = BTA_AV_RC_HANDLE_NONE;
140 "%s: end del_rc handle: %d status=0x%x, rc_acp_handle:%d, lidx:%d",
141 __func__, p_rcb->handle, p_rcb->status, bta_av_cb.rc_acp_handle,
146 /*******************************************************************************
148 * Function bta_av_close_all_rc
150 * Description close the all AVRC handle.
154 ******************************************************************************/
155 static void bta_av_close_all_rc(tBTA_AV_CB* p_cb) {
158 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
159 if ((p_cb->disabling) || (bta_av_cb.rcb[i].shdl != 0))
160 bta_av_del_rc(&bta_av_cb.rcb[i]);
164 /*******************************************************************************
166 * Function bta_av_del_sdp_rec
168 * Description delete the given SDP record handle.
172 ******************************************************************************/
173 static void bta_av_del_sdp_rec(uint32_t* p_sdp_handle) {
174 if (*p_sdp_handle != 0) {
175 SDP_DeleteRecord(*p_sdp_handle);
180 /*******************************************************************************
182 * Function bta_av_avrc_sdp_cback
184 * Description AVRCP service discovery callback.
188 ******************************************************************************/
189 static void bta_av_avrc_sdp_cback(UNUSED_ATTR uint16_t status) {
190 BT_HDR* p_msg = (BT_HDR*)osi_malloc(sizeof(BT_HDR));
192 p_msg->event = BTA_AV_SDP_AVRC_DISC_EVT;
194 bta_sys_sendmsg(p_msg);
197 /*******************************************************************************
199 * Function bta_av_rc_ctrl_cback
201 * Description AVRCP control callback.
205 ******************************************************************************/
206 static void bta_av_rc_ctrl_cback(uint8_t handle, uint8_t event,
207 UNUSED_ATTR uint16_t result,
208 const RawAddress* peer_addr) {
209 uint16_t msg_event = 0;
211 APPL_TRACE_EVENT("%s: handle: %d event=0x%x", __func__, handle, event);
212 if (event == AVRC_OPEN_IND_EVT) {
213 /* save handle of opened connection
214 bta_av_cb.rc_handle = handle;*/
216 msg_event = BTA_AV_AVRC_OPEN_EVT;
217 } else if (event == AVRC_CLOSE_IND_EVT) {
218 msg_event = BTA_AV_AVRC_CLOSE_EVT;
219 } else if (event == AVRC_BROWSE_OPEN_IND_EVT) {
220 msg_event = BTA_AV_AVRC_BROWSE_OPEN_EVT;
221 } else if (event == AVRC_BROWSE_CLOSE_IND_EVT) {
222 msg_event = BTA_AV_AVRC_BROWSE_CLOSE_EVT;
226 tBTA_AV_RC_CONN_CHG* p_msg =
227 (tBTA_AV_RC_CONN_CHG*)osi_malloc(sizeof(tBTA_AV_RC_CONN_CHG));
228 p_msg->hdr.event = msg_event;
229 p_msg->handle = handle;
230 if (peer_addr) p_msg->peer_addr = *peer_addr;
231 bta_sys_sendmsg(p_msg);
235 /*******************************************************************************
237 * Function bta_av_rc_msg_cback
239 * Description AVRCP message callback.
243 ******************************************************************************/
244 static void bta_av_rc_msg_cback(uint8_t handle, uint8_t label, uint8_t opcode,
246 uint8_t* p_data_src = NULL;
247 uint16_t data_len = 0;
249 APPL_TRACE_DEBUG("%s: handle: %u opcode=0x%x", __func__, handle, opcode);
251 /* Copy avrc packet into BTA message buffer (for sending to BTA state machine)
254 /* Get size of payload data (for vendor and passthrough messages only; for
256 * messages, use zero-copy) */
257 if (opcode == AVRC_OP_VENDOR && p_msg->vendor.p_vendor_data != NULL) {
258 p_data_src = p_msg->vendor.p_vendor_data;
259 data_len = (uint16_t)p_msg->vendor.vendor_len;
260 } else if (opcode == AVRC_OP_PASS_THRU && p_msg->pass.p_pass_data != NULL) {
261 p_data_src = p_msg->pass.p_pass_data;
262 data_len = (uint16_t)p_msg->pass.pass_len;
265 /* Create a copy of the message */
266 tBTA_AV_RC_MSG* p_buf =
267 (tBTA_AV_RC_MSG*)osi_malloc(sizeof(tBTA_AV_RC_MSG) + data_len);
269 p_buf->hdr.event = BTA_AV_AVRC_MSG_EVT;
270 p_buf->handle = handle;
271 p_buf->label = label;
272 p_buf->opcode = opcode;
273 memcpy(&p_buf->msg, p_msg, sizeof(tAVRC_MSG));
274 /* Copy the data payload, and set the pointer to it */
275 if (p_data_src != NULL) {
276 uint8_t* p_data_dst = (uint8_t*)(p_buf + 1);
277 memcpy(p_data_dst, p_data_src, data_len);
279 /* Update bta message buffer to point to payload data */
280 /* (Note AVRC_OP_BROWSING uses zero-copy: p_buf->msg.browse.p_browse_data
281 * already points to original avrc buffer) */
282 if (opcode == AVRC_OP_VENDOR)
283 p_buf->msg.vendor.p_vendor_data = p_data_dst;
284 else if (opcode == AVRC_OP_PASS_THRU)
285 p_buf->msg.pass.p_pass_data = p_data_dst;
288 if (opcode == AVRC_OP_BROWSE) {
289 /* set p_pkt to NULL, so avrc would not free the buffer */
290 p_msg->browse.p_browse_pkt = NULL;
293 bta_sys_sendmsg(p_buf);
296 /*******************************************************************************
298 * Function bta_av_rc_create
300 * Description alloc RCB and call AVRC_Open
302 * Returns the created rc handle
304 ******************************************************************************/
305 uint8_t bta_av_rc_create(tBTA_AV_CB* p_cb, uint8_t role, uint8_t shdl,
307 if (is_new_avrcp_enabled()) {
308 LOG_INFO("Skipping RC creation for the old AVRCP profile");
309 return BTA_AV_RC_HANDLE_NONE;
313 RawAddress bda = RawAddress::kAny;
314 uint8_t status = BTA_AV_RC_ROLE_ACP;
319 if (role == AVCT_INT) {
320 // Can't grab a stream control block that doesn't have a valid handle
323 "%s: Can't grab stream control block for shdl = %d -> index = %d",
324 __func__, shdl, shdl - 1);
325 return BTA_AV_RC_HANDLE_NONE;
327 tBTA_AV_SCB* p_scb = p_cb->p_scb[shdl - 1];
328 bda = p_scb->PeerAddress();
329 status = BTA_AV_RC_ROLE_INT;
331 p_rcb = bta_av_get_rcb_by_shdl(shdl);
333 APPL_TRACE_ERROR("%s: ACP handle exist for shdl:%d", __func__, shdl);
335 return p_rcb->handle;
339 ccb.ctrl_cback = base::Bind(bta_av_rc_ctrl_cback);
340 ccb.msg_cback = base::Bind(bta_av_rc_msg_cback);
341 ccb.company_id = p_bta_av_cfg->company_id;
343 /* note: BTA_AV_FEAT_RCTG = AVRC_CT_TARGET, BTA_AV_FEAT_RCCT = AVRC_CT_CONTROL
345 ccb.control = p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_RCCT |
346 BTA_AV_FEAT_METADATA | AVRC_CT_PASSIVE);
348 if (AVRC_Open(&rc_handle, &ccb, bda) != AVRC_SUCCESS)
349 return BTA_AV_RC_HANDLE_NONE;
352 p_rcb = &p_cb->rcb[i];
354 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
355 APPL_TRACE_ERROR("%s: found duplicated handle:%d", __func__, rc_handle);
358 p_rcb->handle = rc_handle;
359 p_rcb->status = status;
362 p_rcb->peer_features = 0;
363 p_rcb->cover_art_psm = 0;
364 if (lidx == (BTA_AV_NUM_LINKS + 1)) {
365 /* this LIDX is reserved for the AVRCP ACP connection */
366 p_cb->rc_acp_handle = p_rcb->handle;
367 p_cb->rc_acp_idx = (i + 1);
368 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d idx:%d", __func__,
369 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
372 "%s: create %d, role: %d, shdl:%d, rc_handle:%d, lidx:%d, status:0x%x",
373 __func__, i, role, shdl, p_rcb->handle, lidx, p_rcb->status);
378 /*******************************************************************************
380 * Function bta_av_valid_group_navi_msg
382 * Description Check if it is Group Navigation Msg for Metadata
384 * Returns AVRC_RSP_ACCEPT or AVRC_RSP_NOT_IMPL
386 ******************************************************************************/
387 static tBTA_AV_CODE bta_av_group_navi_supported(uint8_t len, uint8_t* p_data,
389 tBTA_AV_CODE ret = AVRC_RSP_NOT_IMPL;
390 uint8_t* p_ptr = p_data;
394 if (p_bta_av_cfg->avrc_group && len == BTA_GROUP_NAVI_MSG_OP_DATA_LEN) {
395 BTA_AV_BE_STREAM_TO_CO_ID(u32, p_ptr);
396 BE_STREAM_TO_UINT16(u16, p_ptr);
398 if (u32 == AVRC_CO_METADATA) {
400 if (u16 <= AVRC_PDU_PREV_GROUP) ret = AVRC_RSP_IMPL_STBL;
402 if (u16 <= AVRC_PDU_PREV_GROUP)
403 ret = AVRC_RSP_ACCEPT;
413 /*******************************************************************************
415 * Function bta_av_op_supported
417 * Description Check if remote control operation is supported.
419 * Returns AVRC_RSP_ACCEPT of supported, AVRC_RSP_NOT_IMPL if not.
421 ******************************************************************************/
422 static tBTA_AV_CODE bta_av_op_supported(tBTA_AV_RC rc_id, bool is_inquiry) {
423 tBTA_AV_CODE ret_code = AVRC_RSP_NOT_IMPL;
425 if (p_bta_av_rc_id) {
427 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
428 ret_code = AVRC_RSP_IMPL_STBL;
431 if (p_bta_av_rc_id[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
432 ret_code = AVRC_RSP_ACCEPT;
433 } else if ((p_bta_av_cfg->rc_pass_rsp == AVRC_RSP_INTERIM) &&
435 if (p_bta_av_rc_id_ac[rc_id >> 4] & (1 << (rc_id & 0x0F))) {
436 ret_code = AVRC_RSP_INTERIM;
444 /*******************************************************************************
446 * Function bta_av_find_lcb
448 * Description Given BD_addr, find the associated LCB.
450 * Returns NULL, if not found.
452 ******************************************************************************/
453 tBTA_AV_LCB* bta_av_find_lcb(const RawAddress& addr, uint8_t op) {
454 tBTA_AV_CB* p_cb = &bta_av_cb;
457 tBTA_AV_LCB* p_lcb = NULL;
459 APPL_TRACE_DEBUG("%s: address: %s op:%d", __func__, addr.ToString().c_str(),
461 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
462 mask = 1 << xx; /* the used mask for this lcb */
463 if ((mask & p_cb->conn_lcb) && p_cb->lcb[xx].addr == addr) {
464 p_lcb = &p_cb->lcb[xx];
465 if (op == BTA_AV_LCB_FREE) {
466 p_cb->conn_lcb &= ~mask; /* clear the connect mask */
467 APPL_TRACE_DEBUG("%s: conn_lcb: 0x%x", __func__, p_cb->conn_lcb);
475 /*******************************************************************************
477 * Function bta_av_rc_opened
479 * Description Set AVRCP state to opened.
483 ******************************************************************************/
484 void bta_av_rc_opened(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
485 tBTA_AV_RC_OPEN rc_open;
494 /* find the SCB & stop the timer */
495 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
496 p_scb = p_cb->p_scb[i];
497 if (p_scb && p_scb->PeerAddress() == p_data->rc_conn_chg.peer_addr) {
498 p_scb->rc_handle = p_data->rc_conn_chg.handle;
499 APPL_TRACE_DEBUG("%s: shdl:%d, srch %d", __func__, i + 1,
502 LOG_INFO("%s: allow incoming AVRCP connections:%d", __func__,
504 alarm_cancel(p_scb->avrc_ct_timer);
510 i = p_data->rc_conn_chg.handle;
511 if (p_cb->rcb[i].handle == BTA_AV_RC_HANDLE_NONE) {
512 APPL_TRACE_ERROR("%s: not a valid handle:%d any more", __func__, i);
516 APPL_TRACE_DEBUG("%s: local features %d peer features %d", __func__,
517 p_cb->features, p_cb->rcb[i].peer_features);
519 /* listen to browsing channel when the connection is open,
520 * if peer initiated AVRCP connection and local device supports browsing
522 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_ACP);
524 if (p_cb->rcb[i].lidx == (BTA_AV_NUM_LINKS + 1) && shdl != 0) {
525 /* rc is opened on the RC only ACP channel, but is for a specific
526 * SCB -> need to switch RCBs */
527 p_rcb = bta_av_get_rcb_by_shdl(shdl);
529 p_rcb->shdl = p_cb->rcb[i].shdl;
531 p_rcb->lidx = p_cb->rcb[i].lidx;
532 p_cb->rcb[i].lidx = tmp;
533 p_cb->rc_acp_handle = p_rcb->handle;
534 p_cb->rc_acp_idx = (p_rcb - p_cb->rcb) + 1;
535 APPL_TRACE_DEBUG("%s: switching RCB rc_acp_handle:%d idx:%d", __func__,
536 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
540 p_cb->rcb[i].shdl = shdl;
541 rc_open.rc_handle = i;
542 APPL_TRACE_ERROR("%s: rcb[%d] shdl:%d lidx:%d/%d", __func__, i, shdl,
543 p_cb->rcb[i].lidx, p_cb->lcb[BTA_AV_NUM_LINKS].lidx);
544 p_cb->rcb[i].status |= BTA_AV_RC_CONN_MASK;
546 if (!shdl && 0 == p_cb->lcb[BTA_AV_NUM_LINKS].lidx) {
547 /* no associated SCB -> connected to an RC only device
548 * update the index to the extra LCB */
549 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
550 p_lcb->addr = p_data->rc_conn_chg.peer_addr;
551 p_lcb->lidx = BTA_AV_NUM_LINKS + 1;
552 p_cb->rcb[i].lidx = p_lcb->lidx;
554 APPL_TRACE_ERROR("%s: bd_addr: %s rcb[%d].lidx=%d, lcb.conn_msk=x%x",
555 __func__, p_lcb->addr.ToString().c_str(), i,
556 p_cb->rcb[i].lidx, p_lcb->conn_msk);
557 disc = p_data->rc_conn_chg.handle | BTA_AV_CHNL_MSK;
560 rc_open.peer_addr = p_data->rc_conn_chg.peer_addr;
561 rc_open.peer_features = p_cb->rcb[i].peer_features;
562 rc_open.cover_art_psm = p_cb->rcb[i].cover_art_psm;
563 rc_open.status = BTA_AV_SUCCESS;
564 APPL_TRACE_DEBUG("%s: local features:x%x peer_features:x%x", __func__,
565 p_cb->features, rc_open.peer_features);
566 APPL_TRACE_DEBUG("%s: cover art psm:x%x", __func__, rc_open.cover_art_psm);
567 if (rc_open.peer_features == 0) {
568 /* we have not done SDP on peer RC capabilities.
569 * peer must have initiated the RC connection */
570 if (p_cb->features & BTA_AV_FEAT_RCCT)
571 rc_open.peer_features |= BTA_AV_FEAT_RCTG;
572 if (p_cb->features & BTA_AV_FEAT_RCTG)
573 rc_open.peer_features |= BTA_AV_FEAT_RCCT;
575 bta_av_rc_disc(disc);
578 bta_av_data.rc_open = rc_open;
579 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
581 /* if local initiated AVRCP connection and both peer and locals device support
582 * browsing channel, open the browsing channel now
583 * TODO (sanketa): Some TG would not broadcast browse feature hence check
585 if ((p_cb->features & BTA_AV_FEAT_BROWSE) &&
586 (rc_open.peer_features & BTA_AV_FEAT_BROWSE) &&
587 ((p_cb->rcb[i].status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT)) {
588 APPL_TRACE_DEBUG("%s: opening AVRC Browse channel", __func__);
589 AVRC_OpenBrowse(p_data->rc_conn_chg.handle, AVCT_INT);
593 /*******************************************************************************
595 * Function bta_av_rc_remote_cmd
597 * Description Send an AVRCP remote control command.
601 ******************************************************************************/
602 void bta_av_rc_remote_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
604 if (p_cb->features & BTA_AV_FEAT_RCCT) {
605 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
606 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
607 if (p_rcb->status & BTA_AV_RC_CONN_MASK) {
608 AVRC_PassCmd(p_rcb->handle, p_data->api_remote_cmd.label,
609 &p_data->api_remote_cmd.msg);
615 /*******************************************************************************
617 * Function bta_av_rc_vendor_cmd
619 * Description Send an AVRCP vendor specific command.
623 ******************************************************************************/
624 void bta_av_rc_vendor_cmd(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
626 if ((p_cb->features & (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) ==
627 (BTA_AV_FEAT_RCCT | BTA_AV_FEAT_VENDOR)) {
628 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
629 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
630 AVRC_VendorCmd(p_rcb->handle, p_data->api_vendor.label,
631 &p_data->api_vendor.msg);
636 /*******************************************************************************
638 * Function bta_av_rc_vendor_rsp
640 * Description Send an AVRCP vendor specific response.
644 ******************************************************************************/
645 void bta_av_rc_vendor_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
647 if ((p_cb->features & (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) ==
648 (BTA_AV_FEAT_RCTG | BTA_AV_FEAT_VENDOR)) {
649 if (p_data->hdr.layer_specific < BTA_AV_NUM_RCB) {
650 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
651 AVRC_VendorRsp(p_rcb->handle, p_data->api_vendor.label,
652 &p_data->api_vendor.msg);
657 /*******************************************************************************
659 * Function bta_av_rc_meta_rsp
661 * Description Send an AVRCP metadata/advanced control command/response.
665 ******************************************************************************/
666 void bta_av_rc_meta_rsp(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
670 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
671 (p_data->hdr.layer_specific < BTA_AV_NUM_RCB)) {
672 if ((p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCTG)) ||
673 (!p_data->api_meta_rsp.is_rsp && (p_cb->features & BTA_AV_FEAT_RCCT))) {
674 p_rcb = &p_cb->rcb[p_data->hdr.layer_specific];
675 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
676 AVRC_MsgReq(p_rcb->handle, p_data->api_meta_rsp.label,
677 p_data->api_meta_rsp.rsp_code, p_data->api_meta_rsp.p_pkt);
683 if (do_free) osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
686 /*******************************************************************************
688 * Function bta_av_rc_free_rsp
690 * Description free an AVRCP metadata command buffer.
694 ******************************************************************************/
695 void bta_av_rc_free_rsp(UNUSED_ATTR tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
696 osi_free_and_reset((void**)&p_data->api_meta_rsp.p_pkt);
699 /*******************************************************************************
701 * Function bta_av_rc_free_browse_msg
703 * Description free an AVRCP browse message buffer.
707 ******************************************************************************/
708 void bta_av_rc_free_browse_msg(UNUSED_ATTR tBTA_AV_CB* p_cb,
709 tBTA_AV_DATA* p_data) {
710 if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
711 osi_free_and_reset((void**)&p_data->rc_msg.msg.browse.p_browse_pkt);
715 /*******************************************************************************
717 * Function bta_av_chk_notif_evt_id
719 * Description make sure the requested player id is valid.
721 * Returns BTA_AV_STS_NO_RSP, if no error
723 ******************************************************************************/
724 static tAVRC_STS bta_av_chk_notif_evt_id(tAVRC_MSG_VENDOR* p_vendor) {
725 tAVRC_STS status = BTA_AV_STS_NO_RSP;
728 uint8_t* p = p_vendor->p_vendor_data + 2;
730 BE_STREAM_TO_UINT16(u16, p);
731 /* double check the fixed length */
732 if ((u16 != 5) || (p_vendor->vendor_len != 9)) {
733 status = AVRC_STS_INTERNAL_ERR;
735 /* make sure the player_id is valid */
736 for (xx = 0; xx < p_bta_av_cfg->num_evt_ids; xx++) {
737 if (*p == p_bta_av_cfg->p_meta_evt_ids[xx]) {
741 if (xx == p_bta_av_cfg->num_evt_ids) {
742 status = AVRC_STS_BAD_PARAM;
749 /*******************************************************************************
751 * Function bta_av_proc_meta_cmd
753 * Description Process an AVRCP metadata command from the peer.
755 * Returns true to respond immediately
757 ******************************************************************************/
758 tBTA_AV_EVT bta_av_proc_meta_cmd(tAVRC_RESPONSE* p_rc_rsp,
759 tBTA_AV_RC_MSG* p_msg, uint8_t* p_ctype) {
760 tBTA_AV_EVT evt = BTA_AV_META_MSG_EVT;
763 tAVRC_MSG_VENDOR* p_vendor = &p_msg->msg.vendor;
765 pdu = *(p_vendor->p_vendor_data);
767 *p_ctype = AVRC_RSP_REJ;
769 /* Check to ansure a valid minimum meta data length */
770 if ((AVRC_MIN_META_CMD_LEN + p_vendor->vendor_len) > AVRC_META_CMD_BUF_SIZE) {
772 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
773 APPL_TRACE_ERROR("%s: Invalid meta-command length: %d", __func__,
774 p_vendor->vendor_len);
778 /* Metadata messages only use PANEL sub-unit type */
779 if (p_vendor->hdr.subunit_type != AVRC_SUB_PANEL) {
780 APPL_TRACE_DEBUG("%s: SUBUNIT must be PANEL", __func__);
783 p_vendor->hdr.ctype = AVRC_RSP_NOT_IMPL;
784 p_vendor->vendor_len = 0;
785 p_rc_rsp->rsp.status = AVRC_STS_BAD_PARAM;
786 } else if (!AVRC_IsValidAvcType(pdu, p_vendor->hdr.ctype)) {
787 APPL_TRACE_DEBUG("%s: Invalid pdu/ctype: 0x%x, %d", __func__, pdu,
788 p_vendor->hdr.ctype);
789 /* reject invalid message without reporting to app */
791 p_rc_rsp->rsp.status = AVRC_STS_BAD_CMD;
794 case AVRC_PDU_GET_CAPABILITIES:
795 /* process GetCapabilities command without reporting the event to app */
797 if (p_vendor->vendor_len != 5) {
798 android_errorWriteLog(0x534e4554, "111893951");
799 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
802 u8 = *(p_vendor->p_vendor_data + 4);
803 p = p_vendor->p_vendor_data + 2;
804 p_rc_rsp->get_caps.capability_id = u8;
805 BE_STREAM_TO_UINT16(u16, p);
807 p_rc_rsp->get_caps.status = AVRC_STS_INTERNAL_ERR;
809 p_rc_rsp->get_caps.status = AVRC_STS_NO_ERROR;
810 if (u8 == AVRC_CAP_COMPANY_ID) {
811 *p_ctype = AVRC_RSP_IMPL_STBL;
812 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_co_ids;
813 memcpy(p_rc_rsp->get_caps.param.company_id,
814 p_bta_av_cfg->p_meta_co_ids,
815 (p_bta_av_cfg->num_co_ids << 2));
816 } else if (u8 == AVRC_CAP_EVENTS_SUPPORTED) {
817 *p_ctype = AVRC_RSP_IMPL_STBL;
818 p_rc_rsp->get_caps.count = p_bta_av_cfg->num_evt_ids;
819 memcpy(p_rc_rsp->get_caps.param.event_id,
820 p_bta_av_cfg->p_meta_evt_ids, p_bta_av_cfg->num_evt_ids);
822 APPL_TRACE_DEBUG("%s: Invalid capability ID: 0x%x", __func__, u8);
823 /* reject - unknown capability ID */
824 p_rc_rsp->get_caps.status = AVRC_STS_BAD_PARAM;
829 case AVRC_PDU_REGISTER_NOTIFICATION:
830 /* make sure the event_id is implemented */
831 p_rc_rsp->rsp.status = bta_av_chk_notif_evt_id(p_vendor);
832 if (p_rc_rsp->rsp.status != BTA_AV_STS_NO_RSP) evt = 0;
840 /*******************************************************************************
842 * Function bta_av_rc_msg
844 * Description Process an AVRCP message from the peer.
848 ******************************************************************************/
849 void bta_av_rc_msg(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
852 BT_HDR* p_pkt = NULL;
853 tAVRC_MSG_VENDOR* p_vendor = &p_data->rc_msg.msg.vendor;
854 bool is_inquiry = ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
855 p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ);
857 tAVRC_RESPONSE rc_rsp;
859 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
861 if (NULL == p_data) {
862 APPL_TRACE_ERROR("%s: Message from peer with no data", __func__);
866 APPL_TRACE_DEBUG("%s: opcode=%x, ctype=%x", __func__, p_data->rc_msg.opcode,
867 p_data->rc_msg.msg.hdr.ctype);
869 if (p_data->rc_msg.opcode == AVRC_OP_PASS_THRU) {
870 /* if this is a pass thru command */
871 if ((p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_CTRL) ||
872 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_SPEC_INQ) ||
873 (p_data->rc_msg.msg.hdr.ctype == AVRC_CMD_GEN_INQ)) {
874 /* check if operation is supported */
875 char avrcp_ct_support[PROPERTY_VALUE_MAX];
876 osi_property_get("bluetooth.pts.avrcp_ct.support", avrcp_ct_support,
878 if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
879 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
880 if (p_cb->features & BTA_AV_FEAT_METADATA)
881 p_data->rc_msg.msg.hdr.ctype = bta_av_group_navi_supported(
882 p_data->rc_msg.msg.pass.pass_len,
883 p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
884 } else if (((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_UP) ||
885 (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VOL_DOWN)) &&
886 !strcmp(avrcp_ct_support, "true")) {
887 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_ACCEPT;
889 p_data->rc_msg.msg.hdr.ctype =
890 bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
893 APPL_TRACE_DEBUG("%s: ctype %d", __func__, p_data->rc_msg.msg.hdr.ctype)
896 if (p_data->rc_msg.msg.hdr.ctype != AVRC_RSP_INTERIM)
897 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
898 &p_data->rc_msg.msg.pass);
900 /* set up for callback if supported */
901 if (p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_ACCEPT ||
902 p_data->rc_msg.msg.hdr.ctype == AVRC_RSP_INTERIM) {
903 evt = BTA_AV_REMOTE_CMD_EVT;
904 av.remote_cmd.rc_id = p_data->rc_msg.msg.pass.op_id;
905 av.remote_cmd.key_state = p_data->rc_msg.msg.pass.state;
906 av.remote_cmd.p_data = p_data->rc_msg.msg.pass.p_pass_data;
907 av.remote_cmd.len = p_data->rc_msg.msg.pass.pass_len;
908 memcpy(&av.remote_cmd.hdr, &p_data->rc_msg.msg.hdr, sizeof(tAVRC_HDR));
909 av.remote_cmd.label = p_data->rc_msg.label;
912 /* else if this is a pass thru response */
913 /* id response type is not impl, we have to release label */
914 else if (p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
915 /* set up for callback */
916 evt = BTA_AV_REMOTE_RSP_EVT;
917 av.remote_rsp.rc_id = p_data->rc_msg.msg.pass.op_id;
918 av.remote_rsp.key_state = p_data->rc_msg.msg.pass.state;
919 av.remote_rsp.rsp_code = p_data->rc_msg.msg.hdr.ctype;
920 av.remote_rsp.label = p_data->rc_msg.label;
922 /* If this response is for vendor unique command */
923 if ((p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) &&
924 (p_data->rc_msg.msg.pass.pass_len > 0)) {
925 av.remote_rsp.p_data =
926 (uint8_t*)osi_malloc(p_data->rc_msg.msg.pass.pass_len);
927 APPL_TRACE_DEBUG("%s: Vendor Unique data len = %d", __func__,
928 p_data->rc_msg.msg.pass.pass_len);
929 memcpy(av.remote_rsp.p_data, p_data->rc_msg.msg.pass.p_pass_data,
930 p_data->rc_msg.msg.pass.pass_len);
933 /* must be a bad ctype -> reject*/
935 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
936 AVRC_PassRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
937 &p_data->rc_msg.msg.pass);
940 /* else if this is a vendor specific command or response */
941 else if (p_data->rc_msg.opcode == AVRC_OP_VENDOR) {
942 /* set up for callback */
943 av.vendor_cmd.code = p_data->rc_msg.msg.hdr.ctype;
944 av.vendor_cmd.company_id = p_vendor->company_id;
945 av.vendor_cmd.label = p_data->rc_msg.label;
946 av.vendor_cmd.p_data = p_vendor->p_vendor_data;
947 av.vendor_cmd.len = p_vendor->vendor_len;
949 /* if configured to support vendor specific and it's a command */
950 if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
951 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
952 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
953 (p_vendor->company_id == AVRC_CO_METADATA)) {
954 av.meta_msg.p_msg = &p_data->rc_msg.msg;
955 rc_rsp.rsp.status = BTA_AV_STS_NO_RSP;
956 evt = bta_av_proc_meta_cmd(&rc_rsp, &p_data->rc_msg, &ctype);
958 evt = BTA_AV_VENDOR_CMD_EVT;
960 } else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
961 p_data->rc_msg.msg.hdr.ctype >= AVRC_RSP_NOT_IMPL) {
962 /* else if configured to support vendor specific and it's a response */
963 if ((p_cb->features & BTA_AV_FEAT_METADATA) &&
964 (p_vendor->company_id == AVRC_CO_METADATA)) {
965 av.meta_msg.p_msg = &p_data->rc_msg.msg;
966 evt = BTA_AV_META_MSG_EVT;
968 evt = BTA_AV_VENDOR_RSP_EVT;
970 } else if (!(p_cb->features & BTA_AV_FEAT_VENDOR) &&
971 p_data->rc_msg.msg.hdr.ctype <= AVRC_CMD_GEN_INQ) {
972 /* else if not configured to support vendor specific and it's a command */
973 if (p_data->rc_msg.msg.vendor.p_vendor_data[0] == AVRC_PDU_INVALID) {
975 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_REJ;
976 p_data->rc_msg.msg.vendor.p_vendor_data[4] = AVRC_STS_BAD_CMD;
978 p_data->rc_msg.msg.hdr.ctype = AVRC_RSP_NOT_IMPL;
980 AVRC_VendorRsp(p_data->rc_msg.handle, p_data->rc_msg.label,
981 &p_data->rc_msg.msg.vendor);
983 } else if (p_data->rc_msg.opcode == AVRC_OP_BROWSE) {
984 /* set up for callback */
985 av.meta_msg.rc_handle = p_data->rc_msg.handle;
986 av.meta_msg.company_id = p_vendor->company_id;
987 av.meta_msg.code = p_data->rc_msg.msg.hdr.ctype;
988 av.meta_msg.label = p_data->rc_msg.label;
989 av.meta_msg.p_msg = &p_data->rc_msg.msg;
990 av.meta_msg.p_data = p_data->rc_msg.msg.browse.p_browse_data;
991 av.meta_msg.len = p_data->rc_msg.msg.browse.browse_len;
992 evt = BTA_AV_META_MSG_EVT;
995 if (evt == 0 && rc_rsp.rsp.status != BTA_AV_STS_NO_RSP) {
997 rc_rsp.rsp.opcode = p_data->rc_msg.opcode;
998 AVRC_BldResponse(0, &rc_rsp, &p_pkt);
1001 AVRC_MsgReq(p_data->rc_msg.handle, p_data->rc_msg.label, ctype, p_pkt);
1006 av.remote_cmd.rc_handle = p_data->rc_msg.handle;
1007 (*p_cb->p_cback)(evt, &av);
1008 /* If browsing message, then free the browse message buffer */
1009 bta_av_rc_free_browse_msg(p_cb, p_data);
1013 /*******************************************************************************
1015 * Function bta_av_rc_close
1017 * Description close the specified AVRC handle.
1021 ******************************************************************************/
1022 void bta_av_rc_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1023 uint16_t handle = p_data->hdr.layer_specific;
1027 if (handle < BTA_AV_NUM_RCB) {
1028 p_rcb = &p_cb->rcb[handle];
1030 APPL_TRACE_DEBUG("%s: handle: %d, status=0x%x", __func__, p_rcb->handle,
1032 if (p_rcb->handle != BTA_AV_RC_HANDLE_NONE) {
1034 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
1036 /* just in case the RC timer is active
1037 if (bta_av_cb.features & BTA_AV_FEAT_RCCT &&
1038 p_scb->chnl == BTA_AV_CHNL_AUDIO) */
1039 alarm_cancel(p_scb->avrc_ct_timer);
1043 AVRC_Close(p_rcb->handle);
1048 /*******************************************************************************
1050 * Function bta_av_rc_browse_close
1052 * Description Empty placeholder.
1056 ******************************************************************************/
1057 void bta_av_rc_browse_close(tBTA_AV_CB* p_cb, tBTA_AV_DATA* p_data) {
1058 APPL_TRACE_WARNING("%s: empty placeholder does nothing!", __func__);
1061 /*******************************************************************************
1063 * Function bta_av_get_shdl
1065 * Returns The index to p_scb[]
1067 ******************************************************************************/
1068 static uint8_t bta_av_get_shdl(tBTA_AV_SCB* p_scb) {
1071 /* find the SCB & stop the timer */
1072 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1073 if (p_scb == bta_av_cb.p_scb[i]) {
1081 /*******************************************************************************
1083 * Function bta_av_stream_chg
1085 * Description audio streaming status changed.
1089 ******************************************************************************/
1090 void bta_av_stream_chg(tBTA_AV_SCB* p_scb, bool started) {
1091 uint8_t started_msk = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
1093 APPL_TRACE_DEBUG("%s: peer %s started:%s started_msk:0x%x", __func__,
1094 p_scb->PeerAddress().ToString().c_str(),
1095 logbool(started).c_str(), started_msk);
1098 /* Let L2CAP know this channel is processed with high priority */
1099 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_HIGH);
1101 /* Let L2CAP know this channel is processed with low priority */
1102 L2CA_SetAclPriority(p_scb->PeerAddress(), L2CAP_PRIORITY_NORMAL);
1106 /*******************************************************************************
1108 * Function bta_av_conn_chg
1110 * Description connetion status changed.
1111 * Open an AVRCP acceptor channel, if new conn.
1115 ******************************************************************************/
1116 void bta_av_conn_chg(tBTA_AV_DATA* p_data) {
1117 tBTA_AV_CB* p_cb = &bta_av_cb;
1118 tBTA_AV_SCB* p_scb = NULL;
1119 tBTA_AV_SCB* p_scbi;
1124 int index = (p_data->hdr.layer_specific & BTA_AV_HNDL_MSK) - 1;
1126 tBTA_AV_LCB* p_lcb_rc;
1127 tBTA_AV_RCB *p_rcb, *p_rcb2;
1128 bool chk_restore = false;
1130 /* Validate array index*/
1131 if (index < BTA_AV_NUM_STRS) {
1132 p_scb = p_cb->p_scb[index];
1134 mask = BTA_AV_HNDL_TO_MSK(index);
1135 p_lcb = bta_av_find_lcb(p_data->conn_chg.peer_addr, BTA_AV_LCB_FIND);
1136 conn_msk = 1 << (index + 1);
1137 if (p_data->conn_chg.is_up) {
1138 /* set the conned mask for this channel */
1141 p_lcb->conn_msk |= conn_msk;
1142 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1143 if (bta_av_cb.rcb[i].lidx == p_lcb->lidx) {
1144 bta_av_cb.rcb[i].shdl = index + 1;
1146 "%s: conn_chg up[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1147 __func__, i, bta_av_cb.rcb[i].handle, bta_av_cb.rcb[i].status,
1148 bta_av_cb.rcb[i].shdl, bta_av_cb.rcb[i].lidx);
1153 old_msk = p_cb->conn_audio;
1154 p_cb->conn_audio |= mask;
1156 if ((old_msk & mask) == 0) {
1157 /* increase the audio open count, if not set yet */
1158 bta_av_cb.audio_open_cnt++;
1161 APPL_TRACE_DEBUG("%s: rc_acp_handle:%d rc_acp_idx:%d", __func__,
1162 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1163 /* check if the AVRCP ACP channel is already connected */
1164 if (p_lcb && p_cb->rc_acp_handle != BTA_AV_RC_HANDLE_NONE &&
1166 p_lcb_rc = &p_cb->lcb[BTA_AV_NUM_LINKS];
1168 "%s: rc_acp is connected && conn_chg on same addr "
1169 "p_lcb_rc->conn_msk:x%x",
1170 __func__, p_lcb_rc->conn_msk);
1171 /* check if the RC is connected to the scb addr */
1172 LOG_INFO("%s: p_lcb_rc->addr: %s conn_chg.peer_addr: %s", __func__,
1173 p_lcb_rc->addr.ToString().c_str(),
1174 p_data->conn_chg.peer_addr.ToString().c_str());
1176 if (p_lcb_rc->conn_msk &&
1177 p_lcb_rc->addr == p_data->conn_chg.peer_addr) {
1178 /* AVRCP is already connected.
1179 * need to update the association betwen SCB and RCB */
1180 p_lcb_rc->conn_msk = 0; /* indicate RC ONLY is not connected */
1182 p_scb->rc_handle = p_cb->rc_acp_handle;
1183 p_rcb = &p_cb->rcb[p_cb->rc_acp_idx - 1];
1184 p_rcb->shdl = bta_av_get_shdl(p_scb);
1185 APPL_TRACE_DEBUG("%s: update rc_acp shdl:%d/%d srch:%d", __func__,
1186 index + 1, p_rcb->shdl, p_scb->rc_handle);
1188 p_rcb2 = bta_av_get_rcb_by_shdl(p_rcb->shdl);
1190 /* found the RCB that was created to associated with this SCB */
1191 p_cb->rc_acp_handle = p_rcb2->handle;
1192 p_cb->rc_acp_idx = (p_rcb2 - p_cb->rcb) + 1;
1193 APPL_TRACE_DEBUG("%s: new rc_acp_handle:%d, idx:%d", __func__,
1194 p_cb->rc_acp_handle, p_cb->rc_acp_idx);
1195 p_rcb2->lidx = (BTA_AV_NUM_LINKS + 1);
1196 APPL_TRACE_DEBUG("%s: rc2 handle:%d lidx:%d/%d", __func__,
1197 p_rcb2->handle, p_rcb2->lidx,
1198 p_cb->lcb[p_rcb2->lidx - 1].lidx);
1200 p_rcb->lidx = p_lcb->lidx;
1201 APPL_TRACE_DEBUG("%s: rc handle:%d lidx:%d/%d", __func__,
1202 p_rcb->handle, p_rcb->lidx,
1203 p_cb->lcb[p_rcb->lidx - 1].lidx);
1208 if ((p_cb->conn_audio & mask) && bta_av_cb.audio_open_cnt) {
1209 /* this channel is still marked as open. decrease the count */
1210 bta_av_cb.audio_open_cnt--;
1213 /* clear the conned mask for this channel */
1214 p_cb->conn_audio &= ~mask;
1216 // The stream is closed. Clear the state.
1217 p_scb->OnDisconnected();
1218 if (p_scb->chnl == BTA_AV_CHNL_AUDIO) {
1220 p_lcb->conn_msk &= ~conn_msk;
1222 /* audio channel is down. make sure the INT channel is down */
1223 /* just in case the RC timer is active
1224 if (p_cb->features & BTA_AV_FEAT_RCCT) */
1225 { alarm_cancel(p_scb->avrc_ct_timer); }
1226 /* one audio channel goes down. check if we need to restore high
1232 APPL_TRACE_DEBUG("%s: shdl:%d", __func__, index + 1);
1233 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
1234 APPL_TRACE_DEBUG("%s: conn_chg dn[%d]: %d, status=0x%x, shdl:%d, lidx:%d",
1235 __func__, i, bta_av_cb.rcb[i].handle,
1236 bta_av_cb.rcb[i].status, bta_av_cb.rcb[i].shdl,
1237 bta_av_cb.rcb[i].lidx);
1238 if (bta_av_cb.rcb[i].shdl == index + 1) {
1239 bta_av_del_rc(&bta_av_cb.rcb[i]);
1240 /* since the connection is already down and info was removed, clean
1242 bta_av_cb.rcb[i].shdl = 0;
1247 if (p_cb->conn_audio == 0) {
1248 /* if both channels are not connected,
1249 * close all RC channels */
1250 bta_av_close_all_rc(p_cb);
1253 /* if the AVRCP is no longer listening, create the listening channel */
1254 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE &&
1255 bta_av_cb.features & BTA_AV_FEAT_RCTG)
1256 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
1260 "%s: audio:%x up:%d conn_msk:0x%x chk_restore:%d "
1261 "audio_open_cnt:%d",
1262 __func__, p_cb->conn_audio, p_data->conn_chg.is_up, conn_msk, chk_restore,
1263 p_cb->audio_open_cnt);
1266 if (p_cb->audio_open_cnt == 1) {
1267 /* one audio channel goes down and there's one audio channel remains open.
1268 * restore the switch role in default link policy */
1269 BTM_default_unblock_role_switch();
1270 bta_av_restore_switch();
1272 if (p_cb->audio_open_cnt) {
1273 /* adjust flush timeout settings to longer period */
1274 for (i = 0; i < BTA_AV_NUM_STRS; i++) {
1275 p_scbi = bta_av_cb.p_scb[i];
1276 if (p_scbi && p_scbi->chnl == BTA_AV_CHNL_AUDIO && p_scbi->co_started) {
1277 /* may need to update the flush timeout of this already started stream
1279 if (p_scbi->co_started != bta_av_cb.audio_open_cnt) {
1280 p_scbi->co_started = bta_av_cb.audio_open_cnt;
1288 /*******************************************************************************
1290 * Function bta_av_disable
1292 * Description disable AV.
1296 ******************************************************************************/
1297 void bta_av_disable(tBTA_AV_CB* p_cb, UNUSED_ATTR tBTA_AV_DATA* p_data) {
1299 bool disabling_in_progress = false;
1302 p_cb->disabling = true;
1304 bta_av_close_all_rc(p_cb);
1306 osi_free_and_reset((void**)&p_cb->p_disc_db);
1308 /* disable audio/video - de-register all channels,
1309 * expect BTA_AV_DEREG_COMP_EVT when deregister is complete */
1310 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1311 if (p_cb->p_scb[xx] != NULL) {
1312 hdr.layer_specific = xx + 1;
1313 bta_av_api_deregister((tBTA_AV_DATA*)&hdr);
1314 disabling_in_progress = true;
1317 // Since All channels are deregistering by API_DEREGISTER, the DEREG_COMP_EVT
1318 // would come first before API_DISABLE if there is no connections, and it is
1319 // no needed to setup this disabling flag.
1320 p_cb->disabling = disabling_in_progress;
1322 alarm_free(p_cb->link_signalling_timer);
1323 p_cb->link_signalling_timer = NULL;
1324 alarm_free(p_cb->accept_signalling_timer);
1325 p_cb->accept_signalling_timer = NULL;
1328 /*******************************************************************************
1330 * Function bta_av_api_disconnect
1336 ******************************************************************************/
1337 void bta_av_api_disconnect(tBTA_AV_DATA* p_data) {
1338 AVDT_DisconnectReq(p_data->api_discnt.bd_addr, bta_av_conn_cback);
1339 alarm_cancel(bta_av_cb.link_signalling_timer);
1343 * Find the index for the free LCB entry to use.
1345 * The selection order is:
1346 * (1) Find the index if there is already SCB entry for the peer address
1347 * (2) If there is no SCB entry for the peer address, find the first
1348 * SCB entry that is not assigned.
1350 * @param peer_address the peer address to use
1351 * @return the index for the free LCB entry to use or BTA_AV_NUM_LINKS
1352 * if no entry is found
1354 static uint8_t bta_av_find_lcb_index_by_scb_and_address(
1355 const RawAddress& peer_address) {
1356 APPL_TRACE_DEBUG("%s: peer_address: %s conn_lcb: 0x%x", __func__,
1357 peer_address.ToString().c_str(), bta_av_cb.conn_lcb);
1359 // Find the index if there is already SCB entry for the peer address
1360 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1361 uint8_t mask = 1 << index;
1362 if (mask & bta_av_cb.conn_lcb) {
1365 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1366 if (p_scb == nullptr) {
1369 if (p_scb->PeerAddress() == peer_address) {
1374 // Find the first SCB entry that is not assigned.
1375 for (uint8_t index = 0; index < BTA_AV_NUM_LINKS; index++) {
1376 uint8_t mask = 1 << index;
1377 if (mask & bta_av_cb.conn_lcb) {
1380 tBTA_AV_SCB* p_scb = bta_av_cb.p_scb[index];
1381 if (p_scb == nullptr) {
1384 if (!p_scb->IsAssigned()) {
1389 return BTA_AV_NUM_LINKS;
1392 /*******************************************************************************
1394 * Function bta_av_sig_chg
1396 * Description process AVDT signal channel up/down.
1400 ******************************************************************************/
1401 void bta_av_sig_chg(tBTA_AV_DATA* p_data) {
1402 uint16_t event = p_data->str_msg.hdr.layer_specific;
1403 tBTA_AV_CB* p_cb = &bta_av_cb;
1406 tBTA_AV_LCB* p_lcb = NULL;
1408 APPL_TRACE_DEBUG("%s: event: %d", __func__, event);
1409 if (event == AVDT_CONNECT_IND_EVT) {
1410 APPL_TRACE_DEBUG("%s: AVDT_CONNECT_IND_EVT: peer %s", __func__,
1411 p_data->str_msg.bd_addr.ToString().c_str());
1413 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FIND);
1415 /* if the address does not have an LCB yet, alloc one */
1416 xx = bta_av_find_lcb_index_by_scb_and_address(p_data->str_msg.bd_addr);
1418 /* check if we found something */
1419 if (xx >= BTA_AV_NUM_LINKS) {
1420 /* We do not have scb for this avdt connection. */
1421 /* Silently close the connection. */
1422 APPL_TRACE_ERROR("%s: av scb not available for avdt connection for %s",
1423 __func__, p_data->str_msg.bd_addr.ToString().c_str());
1424 AVDT_DisconnectReq(p_data->str_msg.bd_addr, NULL);
1427 LOG_INFO("%s: AVDT_CONNECT_IND_EVT: peer %s selected lcb_index %d",
1428 __func__, p_data->str_msg.bd_addr.ToString().c_str(), xx);
1430 tBTA_AV_SCB* p_scb = p_cb->p_scb[xx];
1432 p_lcb = &p_cb->lcb[xx];
1433 p_lcb->lidx = xx + 1;
1434 p_lcb->addr = p_data->str_msg.bd_addr;
1435 p_lcb->conn_msk = 0; /* clear the connect mask */
1436 /* start listening when the signal channel is open */
1437 if (p_cb->features & BTA_AV_FEAT_RCTG) {
1438 bta_av_rc_create(p_cb, AVCT_ACP, 0, p_lcb->lidx);
1440 /* this entry is not used yet. */
1441 p_cb->conn_lcb |= mask; /* mark it as used */
1442 APPL_TRACE_DEBUG("%s: start sig timer %d", __func__, p_data->hdr.offset);
1443 if (p_data->hdr.offset == AVDT_ACP) {
1444 APPL_TRACE_DEBUG("%s: Incoming L2CAP acquired, set state as incoming",
1446 p_scb->OnConnected(p_data->str_msg.bd_addr);
1447 p_scb->use_rc = true; /* allowing RC for incoming connection */
1448 bta_av_ssm_execute(p_scb, BTA_AV_ACP_CONNECT_EVT, p_data);
1450 /* The Pending Event should be sent as soon as the L2CAP signalling
1452 * is set up, which is NOW. Earlier this was done only after
1453 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1454 * The following function shall send the event and start the
1457 bta_av_signalling_timer(NULL);
1459 APPL_TRACE_DEBUG("%s: Re-start timer for AVDTP service", __func__);
1460 bta_sys_conn_open(BTA_ID_AV, p_scb->app_id, p_scb->PeerAddress());
1461 /* Possible collision : need to avoid outgoing processing while the
1462 * timer is running */
1463 p_scb->coll_mask = BTA_AV_COLL_INC_TMR;
1465 p_cb->accept_signalling_timer, BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1466 bta_av_accept_signalling_timer_cback, UINT_TO_PTR(xx));
1470 else if (event == BTA_AR_AVDT_CONN_EVT) {
1471 alarm_cancel(bta_av_cb.link_signalling_timer);
1475 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x", __func__,
1476 bta_av_cb.conn_lcb);
1478 p_lcb = bta_av_find_lcb(p_data->str_msg.bd_addr, BTA_AV_LCB_FREE);
1479 if (p_lcb && (p_lcb->conn_msk || bta_av_cb.conn_lcb)) {
1480 APPL_TRACE_DEBUG("%s: conn_msk: 0x%x", __func__, p_lcb->conn_msk);
1482 for (xx = 0; xx < BTA_AV_NUM_STRS; xx++) {
1483 if (p_cb->p_scb[xx] &&
1484 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1485 APPL_TRACE_DEBUG("%s: Closing timer for AVDTP service", __func__);
1486 bta_sys_conn_close(BTA_ID_AV, p_cb->p_scb[xx]->app_id,
1487 p_cb->p_scb[xx]->PeerAddress());
1489 mask = 1 << (xx + 1);
1490 if (((mask & p_lcb->conn_msk) || bta_av_cb.conn_lcb) &&
1492 p_cb->p_scb[xx]->PeerAddress() == p_data->str_msg.bd_addr) {
1493 APPL_TRACE_WARNING("%s: Sending AVDT_DISCONNECT_EVT peer_addr=%s",
1495 p_cb->p_scb[xx]->PeerAddress().ToString().c_str());
1496 bta_av_ssm_execute(p_cb->p_scb[xx], BTA_AV_AVDT_DISCONNECT_EVT, NULL);
1501 APPL_TRACE_DEBUG("%s: bta_av_cb.conn_lcb=0x%x after sig_chg", __func__,
1505 /*******************************************************************************
1507 * Function bta_av_signalling_timer
1509 * Description process the signal channel timer. This timer is started
1510 * when the AVDTP signal channel is connected. If no profile
1511 * is connected, the timer goes off every
1512 * BTA_AV_SIGNALLING_TIMEOUT_MS.
1516 ******************************************************************************/
1517 void bta_av_signalling_timer(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1518 tBTA_AV_CB* p_cb = &bta_av_cb;
1521 tBTA_AV_LCB* p_lcb = NULL;
1523 APPL_TRACE_DEBUG("%s: conn_lcb=0x%x", __func__, p_cb->conn_lcb);
1524 for (xx = 0; xx < BTA_AV_NUM_LINKS; xx++) {
1525 p_lcb = &p_cb->lcb[xx];
1528 "%s: index=%d conn_lcb=0x%x peer=%s conn_mask=0x%x lidx=%d", __func__,
1529 xx, p_cb->conn_lcb, p_lcb->addr.ToString().c_str(), p_lcb->conn_msk,
1531 if (mask & p_cb->conn_lcb) {
1532 /* this entry is used. check if it is connected */
1533 if (!p_lcb->conn_msk) {
1534 bta_sys_start_timer(p_cb->link_signalling_timer,
1535 BTA_AV_SIGNALLING_TIMEOUT_MS,
1536 BTA_AV_SIGNALLING_TIMER_EVT, 0);
1538 pend.bd_addr = p_lcb->addr;
1539 tBTA_AV bta_av_data;
1540 bta_av_data.pend = pend;
1542 "%s: BTA_AV_PENDING_EVT for %s index=%d conn_mask=0x%x lidx=%d",
1543 __func__, pend.bd_addr.ToString().c_str(), xx, p_lcb->conn_msk,
1545 (*p_cb->p_cback)(BTA_AV_PENDING_EVT, &bta_av_data);
1551 /*******************************************************************************
1553 * Function bta_av_accept_signalling_timer_cback
1555 * Description Process the timeout when SRC is accepting connection
1556 * and SNK did not start signalling.
1560 ******************************************************************************/
1561 static void bta_av_accept_signalling_timer_cback(void* data) {
1562 uint32_t inx = PTR_TO_UINT(data);
1563 tBTA_AV_CB* p_cb = &bta_av_cb;
1564 tBTA_AV_SCB* p_scb = NULL;
1565 if (inx < BTA_AV_NUM_STRS) {
1566 p_scb = p_cb->p_scb[inx];
1569 APPL_TRACE_DEBUG("%s: coll_mask=0x%02x", __func__, p_scb->coll_mask);
1571 if (p_scb->coll_mask & BTA_AV_COLL_INC_TMR) {
1572 p_scb->coll_mask &= ~BTA_AV_COLL_INC_TMR;
1574 if (bta_av_is_scb_opening(p_scb)) {
1575 APPL_TRACE_DEBUG("%s: stream state opening: SDP started = %d", __func__,
1576 p_scb->sdp_discovery_started);
1577 if (p_scb->sdp_discovery_started) {
1578 /* We are still doing SDP. Run the timer again. */
1579 p_scb->coll_mask |= BTA_AV_COLL_INC_TMR;
1581 alarm_set_on_mloop(p_cb->accept_signalling_timer,
1582 BTA_AV_ACCEPT_SIGNALLING_TIMEOUT_MS,
1583 bta_av_accept_signalling_timer_cback,
1586 /* SNK did not start signalling, resume signalling process. */
1587 bta_av_discover_req(p_scb, NULL);
1589 } else if (bta_av_is_scb_incoming(p_scb)) {
1590 /* Stay in incoming state if SNK does not start signalling */
1592 APPL_TRACE_DEBUG("%s: stream state incoming", __func__);
1593 /* API open was called right after SNK opened L2C connection. */
1594 if (p_scb->coll_mask & BTA_AV_COLL_API_CALLED) {
1595 p_scb->coll_mask &= ~BTA_AV_COLL_API_CALLED;
1597 /* BTA_AV_API_OPEN_EVT */
1598 tBTA_AV_API_OPEN* p_buf =
1599 (tBTA_AV_API_OPEN*)osi_malloc(sizeof(tBTA_AV_API_OPEN));
1600 memcpy(p_buf, &(p_scb->open_api), sizeof(tBTA_AV_API_OPEN));
1601 bta_sys_sendmsg(p_buf);
1608 /*******************************************************************************
1610 * Function bta_av_check_peer_features
1612 * Description check supported features on the peer device from the SDP
1613 * record and return the feature mask
1615 * Returns tBTA_AV_FEAT peer device feature mask
1617 ******************************************************************************/
1618 tBTA_AV_FEAT bta_av_check_peer_features(uint16_t service_uuid) {
1619 tBTA_AV_FEAT peer_features = 0;
1620 tBTA_AV_CB* p_cb = &bta_av_cb;
1621 tSDP_DISC_REC* p_rec = NULL;
1622 tSDP_DISC_ATTR* p_attr;
1623 uint16_t peer_rc_version = 0;
1624 uint16_t categories = 0;
1626 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1627 /* loop through all records we found */
1629 /* get next record; if none found, we're done */
1630 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1631 if (p_rec == NULL) {
1635 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1637 /* find peer features */
1638 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1640 peer_features |= BTA_AV_FEAT_RCCT;
1642 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1643 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1644 peer_features |= BTA_AV_FEAT_RCTG;
1648 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1649 /* get profile version (if failure, version parameter is not updated) */
1650 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1652 APPL_TRACE_DEBUG("%s: peer_rc_version 0x%x", __func__, peer_rc_version);
1654 if (peer_rc_version >= AVRC_REV_1_3)
1655 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1657 if (peer_rc_version >= AVRC_REV_1_4) {
1658 /* get supported categories */
1659 p_attr = SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1660 if (p_attr != NULL) {
1661 categories = p_attr->attr_value.v.u16;
1662 if (categories & AVRC_SUPF_CT_CAT2)
1663 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1664 if (categories & AVRC_SUPF_CT_BROWSE)
1665 peer_features |= (BTA_AV_FEAT_BROWSE);
1670 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1671 return peer_features;
1674 /*******************************************************************************
1676 * Function bta_avk_check_peer_features
1678 * Description check supported features on the peer device from the SDP
1679 * record and return the feature mask
1681 * Returns tBTA_AV_FEAT peer device feature mask
1683 ******************************************************************************/
1684 tBTA_AV_FEAT bta_avk_check_peer_features(uint16_t service_uuid) {
1685 tBTA_AV_FEAT peer_features = 0;
1686 tBTA_AV_CB* p_cb = &bta_av_cb;
1688 APPL_TRACE_DEBUG("%s: service_uuid:x%x", __func__, service_uuid);
1690 /* loop through all records we found */
1691 tSDP_DISC_REC* p_rec =
1692 SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, NULL);
1694 APPL_TRACE_DEBUG("%s: found Service record for x%x", __func__,
1697 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_SERVICE_CLASS_ID_LIST)) !=
1699 /* find peer features */
1700 if (SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1702 peer_features |= BTA_AV_FEAT_RCCT;
1704 if (SDP_FindServiceInDb(p_cb->p_disc_db,
1705 UUID_SERVCLASS_AV_REM_CTRL_TARGET, NULL)) {
1706 peer_features |= BTA_AV_FEAT_RCTG;
1710 if ((SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST)) != NULL) {
1711 /* get profile version (if failure, version parameter is not updated) */
1712 uint16_t peer_rc_version = 0;
1713 bool val = SDP_FindProfileVersionInRec(
1714 p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL, &peer_rc_version);
1715 APPL_TRACE_DEBUG("%s: peer_rc_version for TG 0x%x, profile_found %d",
1716 __func__, peer_rc_version, val);
1718 if (peer_rc_version >= AVRC_REV_1_3)
1719 peer_features |= (BTA_AV_FEAT_VENDOR | BTA_AV_FEAT_METADATA);
1721 /* Get supported features */
1722 tSDP_DISC_ATTR* p_attr =
1723 SDP_FindAttributeInRec(p_rec, ATTR_ID_SUPPORTED_FEATURES);
1724 if (p_attr != NULL) {
1725 uint16_t categories = p_attr->attr_value.v.u16;
1727 * Though Absolute Volume came after in 1.4 and above, but there are
1728 * few devices in market which supports absolute Volume and they are
1729 * still 1.3. To avoid IOP issuses with those devices, we check for
1730 * 1.3 as minimum version
1732 if (peer_rc_version >= AVRC_REV_1_3) {
1733 if (categories & AVRC_SUPF_TG_CAT2)
1734 peer_features |= (BTA_AV_FEAT_ADV_CTRL);
1735 if (categories & AVRC_SUPF_TG_APP_SETTINGS)
1736 peer_features |= (BTA_AV_FEAT_APP_SETTING);
1737 if (categories & AVRC_SUPF_TG_BROWSE)
1738 peer_features |= (BTA_AV_FEAT_BROWSE);
1741 /* AVRCP Cover Artwork over BIP */
1742 if (peer_rc_version >= AVRC_REV_1_6) {
1743 if (service_uuid == UUID_SERVCLASS_AV_REM_CTRL_TARGET &&
1744 categories & AVRC_SUPF_TG_PLAYER_COVER_ART)
1745 peer_features |= (BTA_AV_FEAT_COVER_ARTWORK);
1749 /* get next record; if none found, we're done */
1750 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db, service_uuid, p_rec);
1752 APPL_TRACE_DEBUG("%s: peer_features:x%x", __func__, peer_features);
1753 return peer_features;
1756 /******************************************************************************
1758 * Function bta_avk_get_cover_art_psm
1760 * Description Get the PSM associated with the AVRCP Target cover art
1763 * Returns uint16_t PSM value used to get cover artwork, or 0x0000 if
1764 * one does not exist.
1766 *****************************************************************************/
1767 uint16_t bta_avk_get_cover_art_psm() {
1768 APPL_TRACE_DEBUG("%s: searching for cover art psm", __func__);
1769 /* Cover Art L2CAP PSM is only available on a target device */
1770 tBTA_AV_CB* p_cb = &bta_av_cb;
1771 tSDP_DISC_REC* p_rec =
1772 SDP_FindServiceInDb(p_cb->p_disc_db, UUID_SERVCLASS_AV_REM_CTRL_TARGET,
1775 tSDP_DISC_ATTR* p_attr =
1776 (SDP_FindAttributeInRec(p_rec, ATTR_ID_ADDITION_PROTO_DESC_LISTS));
1778 * If we have the Additional Protocol Description Lists attribute then we
1779 * specifically want the list that is an L2CAP protocol leading to OBEX.
1780 * Because the is a case where cover art is supported and browsing isn't
1781 * we need to check each list for the one we want.
1783 * This means we need to do drop down into the protocol list and do a
1784 * "for each protocol, for each protocol element, for each protocol element
1785 * list parameter, if the parameter is L2CAP then find the PSM associated
1786 * with it, then make sure we see OBEX in that same protocol"
1788 if (p_attr != NULL && SDP_DISC_ATTR_TYPE(p_attr->attr_len_type)
1789 == DATA_ELE_SEQ_DESC_TYPE) {
1790 // Point to first in List of protocols (i.e [(L2CAP -> AVCTP),
1791 // (L2CAP -> OBEX)])
1792 tSDP_DISC_ATTR* p_protocol_list = p_attr->attr_value.v.p_sub_attr;
1793 while (p_protocol_list != NULL) {
1794 if (SDP_DISC_ATTR_TYPE(p_protocol_list->attr_len_type)
1795 == DATA_ELE_SEQ_DESC_TYPE) {
1796 // Point to fist in list of protocol elements (i.e. [L2CAP, AVCTP])
1797 tSDP_DISC_ATTR* p_protocol =
1798 p_protocol_list->attr_value.v.p_sub_attr;
1799 bool protocol_has_obex = false;
1800 bool protocol_has_l2cap = false;
1801 uint16_t psm = 0x0000;
1802 while (p_protocol) {
1803 if (SDP_DISC_ATTR_TYPE(p_protocol->attr_len_type)
1804 == DATA_ELE_SEQ_DESC_TYPE) {
1805 // Point to first item protocol parameters list (i.e [UUID=L2CAP,
1807 tSDP_DISC_ATTR* p_protocol_param =
1808 p_protocol->attr_value.v.p_sub_attr;
1810 * Currently there's only ever one UUID and one parameter. L2cap
1811 * has a single PSM, AVCTP has a version and OBEX has nothing.
1812 * Change this if that ever changes.
1814 uint16_t protocol_uuid = 0;
1815 uint16_t protocol_param = 0;
1816 while (p_protocol_param) {
1817 uint16_t param_type =
1818 SDP_DISC_ATTR_TYPE(p_protocol_param->attr_len_type);
1819 uint16_t param_len =
1820 SDP_DISC_ATTR_LEN(p_protocol_param->attr_len_type);
1821 if (param_type == UUID_DESC_TYPE) {
1822 protocol_uuid = p_protocol_param->attr_value.v.u16;
1823 } else if (param_type == UINT_DESC_TYPE) {
1824 protocol_param = (param_len == 2)
1825 ? p_protocol_param->attr_value.v.u16
1826 : p_protocol_param->attr_value.v.u8;
1827 } /* else dont care */
1828 p_protocol_param = p_protocol_param->p_next_attr; // next
1830 // If we've found L2CAP then the parameter is a PSM
1831 if (protocol_uuid == UUID_PROTOCOL_L2CAP) {
1832 protocol_has_l2cap = true;
1833 psm = protocol_param;
1834 } else if (protocol_uuid == UUID_PROTOCOL_OBEX) {
1835 protocol_has_obex = true;
1838 // If this protocol has l2cap and obex then we're found the BIP PSM
1839 if (protocol_has_l2cap && protocol_has_obex) {
1840 APPL_TRACE_DEBUG("%s: found psm 0x%x", __func__, psm);
1843 p_protocol = p_protocol->p_next_attr; // next protocol element
1846 p_protocol_list = p_protocol_list->p_next_attr; // next protocol
1849 /* get next record; if none found, we're done */
1850 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1851 UUID_SERVCLASS_AV_REM_CTRL_TARGET, p_rec);
1853 /* L2CAP PSM range is 0x1000-0xFFFF so 0x0000 is safe default invalid */
1854 APPL_TRACE_DEBUG("%s: could not find a BIP psm", __func__);
1858 /*******************************************************************************
1860 * Function bta_av_rc_disc_done
1862 * Description Handle AVRCP service discovery results. If matching
1863 * service found, open AVRCP connection.
1867 ******************************************************************************/
1868 void bta_av_rc_disc_done(UNUSED_ATTR tBTA_AV_DATA* p_data) {
1869 tBTA_AV_CB* p_cb = &bta_av_cb;
1870 tBTA_AV_SCB* p_scb = NULL;
1873 tBTA_AV_FEAT peer_features = 0; /* peer features mask */
1874 uint16_t cover_art_psm = 0x0000;
1876 APPL_TRACE_DEBUG("%s: bta_av_rc_disc_done disc:x%x", __func__, p_cb->disc);
1881 if ((p_cb->disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
1882 /* this is the rc handle/index to tBTA_AV_RCB */
1883 rc_handle = p_cb->disc & (~BTA_AV_CHNL_MSK);
1885 /* Validate array index*/
1886 if (((p_cb->disc & BTA_AV_HNDL_MSK) - 1) < BTA_AV_NUM_STRS) {
1887 p_scb = p_cb->p_scb[(p_cb->disc & BTA_AV_HNDL_MSK) - 1];
1890 rc_handle = p_scb->rc_handle;
1897 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, rc_handle);
1898 #if (BTA_AV_SINK_INCLUDED == TRUE)
1899 if (p_cb->sdp_a2dp_snk_handle) {
1900 /* This is Sink + CT + TG(Abs Vol) */
1902 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1903 APPL_TRACE_DEBUG("%s: populating rem ctrl target features %d", __func__,
1905 if (BTA_AV_FEAT_ADV_CTRL &
1906 bta_avk_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL))
1907 peer_features |= (BTA_AV_FEAT_ADV_CTRL | BTA_AV_FEAT_RCCT);
1909 if (peer_features & BTA_AV_FEAT_COVER_ARTWORK)
1910 cover_art_psm = bta_avk_get_cover_art_psm();
1912 APPL_TRACE_DEBUG("%s: populating rem ctrl target bip psm 0x%x", __func__,
1916 if (p_cb->sdp_a2dp_handle) {
1917 /* check peer version and whether support CT and TG role */
1919 bta_av_check_peer_features(UUID_SERVCLASS_AV_REMOTE_CONTROL);
1920 if ((p_cb->features & BTA_AV_FEAT_ADV_CTRL) &&
1921 ((peer_features & BTA_AV_FEAT_ADV_CTRL) == 0)) {
1922 /* if we support advance control and peer does not, check their support on
1924 * some implementation uses 1.3 on CT ans 1.4 on TG */
1926 bta_av_check_peer_features(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
1929 /* Change our features if the remote AVRCP version is 1.3 or less */
1930 tSDP_DISC_REC* p_rec = nullptr;
1931 p_rec = SDP_FindServiceInDb(p_cb->p_disc_db,
1932 UUID_SERVCLASS_AV_REMOTE_CONTROL, p_rec);
1933 if (p_rec != NULL &&
1934 SDP_FindAttributeInRec(p_rec, ATTR_ID_BT_PROFILE_DESC_LIST) != NULL) {
1935 /* get profile version (if failure, version parameter is not updated) */
1936 uint16_t peer_rc_version = 0xFFFF; // Don't change the AVRCP version
1937 SDP_FindProfileVersionInRec(p_rec, UUID_SERVCLASS_AV_REMOTE_CONTROL,
1939 if (peer_rc_version <= AVRC_REV_1_3) {
1940 APPL_TRACE_DEBUG("%s: Using AVRCP 1.3 Capabilities with remote device",
1942 p_bta_av_cfg = &bta_av_cfg_compatibility;
1948 osi_free_and_reset((void**)&p_cb->p_disc_db);
1950 APPL_TRACE_DEBUG("%s: peer_features 0x%x, features 0x%x", __func__,
1951 peer_features, p_cb->features);
1953 /* if we have no rc connection */
1954 if (rc_handle == BTA_AV_RC_HANDLE_NONE) {
1956 /* if peer remote control service matches ours and USE_RC is true */
1957 if ((((p_cb->features & BTA_AV_FEAT_RCCT) &&
1958 (peer_features & BTA_AV_FEAT_RCTG)) ||
1959 ((p_cb->features & BTA_AV_FEAT_RCTG) &&
1960 (peer_features & BTA_AV_FEAT_RCCT)))) {
1961 p_lcb = bta_av_find_lcb(p_scb->PeerAddress(), BTA_AV_LCB_FIND);
1963 rc_handle = bta_av_rc_create(p_cb, AVCT_INT,
1964 (uint8_t)(p_scb->hdi + 1), p_lcb->lidx);
1965 p_cb->rcb[rc_handle].peer_features = peer_features;
1966 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
1968 APPL_TRACE_ERROR("%s: can not find LCB!!", __func__);
1970 } else if (p_scb->use_rc) {
1971 /* can not find AVRC on peer device. report failure */
1972 p_scb->use_rc = false;
1973 tBTA_AV_RC_OPEN rc_open;
1974 rc_open.peer_addr = p_scb->PeerAddress();
1975 rc_open.peer_features = 0;
1976 rc_open.cover_art_psm = 0;
1977 rc_open.status = BTA_AV_FAIL_SDP;
1978 tBTA_AV bta_av_data;
1979 bta_av_data.rc_open = rc_open;
1980 (*p_cb->p_cback)(BTA_AV_RC_OPEN_EVT, &bta_av_data);
1984 tBTA_AV_RC_FEAT rc_feat;
1985 p_cb->rcb[rc_handle].peer_features = peer_features;
1986 rc_feat.rc_handle = rc_handle;
1987 rc_feat.peer_features = peer_features;
1988 if (p_scb == NULL) {
1990 * In case scb is not created by the time we are done with SDP
1991 * we still need to send RC feature event. So we need to get BD
1992 * from Message. Note that lidx is 1 based not 0 based
1994 rc_feat.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
1996 rc_feat.peer_addr = p_scb->PeerAddress();
1999 tBTA_AV bta_av_feat;
2000 bta_av_feat.rc_feat = rc_feat;
2001 (*p_cb->p_cback)(BTA_AV_RC_FEAT_EVT, &bta_av_feat);
2004 APPL_TRACE_DEBUG("%s: Send PSM data", __func__);
2005 tBTA_AV_RC_PSM rc_psm;
2006 p_cb->rcb[rc_handle].cover_art_psm = cover_art_psm;
2007 rc_psm.rc_handle = rc_handle;
2008 rc_psm.cover_art_psm = cover_art_psm;
2009 if (p_scb == NULL) {
2010 rc_psm.peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2012 rc_psm.peer_addr = p_scb->PeerAddress();
2015 APPL_TRACE_DEBUG("%s: rc_psm = 0x%x", __func__, rc_psm.cover_art_psm);
2018 bta_av_psm.rc_cover_art_psm = rc_psm;
2019 (*p_cb->p_cback)(BTA_AV_RC_PSM_EVT, &bta_av_psm);
2023 /*******************************************************************************
2025 * Function bta_av_rc_closed
2027 * Description Set AVRCP state to closed.
2031 ******************************************************************************/
2032 void bta_av_rc_closed(tBTA_AV_DATA* p_data) {
2033 tBTA_AV_CB* p_cb = &bta_av_cb;
2034 tBTA_AV_RC_CLOSE rc_close;
2035 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2042 rc_close.rc_handle = BTA_AV_RC_HANDLE_NONE;
2044 APPL_TRACE_DEBUG("%s: rc_handle:%d", __func__, p_msg->handle);
2045 for (i = 0; i < BTA_AV_NUM_RCB; i++) {
2046 p_rcb = &p_cb->rcb[i];
2047 APPL_TRACE_DEBUG("%s: rcb[%d] rc_handle:%d, status=0x%x", __func__, i,
2048 p_rcb->handle, p_rcb->status);
2049 if (p_rcb->handle == p_msg->handle) {
2050 rc_close.rc_handle = i;
2051 p_rcb->status &= ~BTA_AV_RC_CONN_MASK;
2052 p_rcb->peer_features = 0;
2053 p_rcb->cover_art_psm = 0;
2054 APPL_TRACE_DEBUG("%s: shdl:%d, lidx:%d", __func__, p_rcb->shdl,
2057 if ((p_rcb->shdl - 1) < BTA_AV_NUM_STRS) {
2058 p_scb = bta_av_cb.p_scb[p_rcb->shdl - 1];
2061 rc_close.peer_addr = p_scb->PeerAddress();
2062 if (p_scb->rc_handle == p_rcb->handle)
2063 p_scb->rc_handle = BTA_AV_RC_HANDLE_NONE;
2064 APPL_TRACE_DEBUG("%s: shdl:%d, srch:%d", __func__, p_rcb->shdl,
2068 } else if (p_rcb->lidx == (BTA_AV_NUM_LINKS + 1)) {
2069 /* if the RCB uses the extra LCB, use the addr for event and clean it */
2070 p_lcb = &p_cb->lcb[BTA_AV_NUM_LINKS];
2071 rc_close.peer_addr = p_msg->peer_addr;
2072 LOG_INFO("%s: rc_only closed bd_addr: %s", __func__,
2073 p_msg->peer_addr.ToString().c_str());
2074 p_lcb->conn_msk = 0;
2079 if ((p_rcb->status & BTA_AV_RC_ROLE_MASK) == BTA_AV_RC_ROLE_INT) {
2080 /* AVCT CCB is deallocated */
2081 p_rcb->handle = BTA_AV_RC_HANDLE_NONE;
2084 /* AVCT CCB is still there. dealloc */
2085 bta_av_del_rc(p_rcb);
2087 } else if ((p_rcb->handle != BTA_AV_RC_HANDLE_NONE) &&
2088 (p_rcb->status & BTA_AV_RC_CONN_MASK)) {
2089 /* at least one channel is still connected */
2095 /* no AVRC channels are connected, go back to INIT state */
2096 bta_av_sm_execute(p_cb, BTA_AV_AVRC_NONE_EVT, NULL);
2099 if (rc_close.rc_handle == BTA_AV_RC_HANDLE_NONE) {
2100 rc_close.rc_handle = p_msg->handle;
2101 rc_close.peer_addr = p_msg->peer_addr;
2103 tBTA_AV bta_av_data;
2104 bta_av_data.rc_close = rc_close;
2105 (*p_cb->p_cback)(BTA_AV_RC_CLOSE_EVT, &bta_av_data);
2106 if (bta_av_cb.rc_acp_handle == BTA_AV_RC_HANDLE_NONE
2107 && bta_av_cb.features & BTA_AV_FEAT_RCTG)
2108 bta_av_rc_create(&bta_av_cb, AVCT_ACP, 0, BTA_AV_NUM_LINKS + 1);
2111 /*******************************************************************************
2113 * Function bta_av_rc_browse_opened
2115 * Description AVRC browsing channel is opened
2119 ******************************************************************************/
2120 void bta_av_rc_browse_opened(tBTA_AV_DATA* p_data) {
2121 tBTA_AV_CB* p_cb = &bta_av_cb;
2122 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2123 tBTA_AV_RC_BROWSE_OPEN rc_browse_open;
2125 LOG_INFO("%s: peer_addr: %s rc_handle:%d", __func__,
2126 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2128 rc_browse_open.status = BTA_AV_SUCCESS;
2129 rc_browse_open.rc_handle = p_msg->handle;
2130 rc_browse_open.peer_addr = p_msg->peer_addr;
2132 tBTA_AV bta_av_data;
2133 bta_av_data.rc_browse_open = rc_browse_open;
2134 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_OPEN_EVT, &bta_av_data);
2137 /*******************************************************************************
2139 * Function bta_av_rc_browse_closed
2141 * Description AVRC browsing channel is closed
2145 ******************************************************************************/
2146 void bta_av_rc_browse_closed(tBTA_AV_DATA* p_data) {
2147 tBTA_AV_CB* p_cb = &bta_av_cb;
2148 tBTA_AV_RC_CONN_CHG* p_msg = (tBTA_AV_RC_CONN_CHG*)p_data;
2149 tBTA_AV_RC_BROWSE_CLOSE rc_browse_close;
2151 LOG_INFO("%s: peer_addr: %s rc_handle:%d", __func__,
2152 p_msg->peer_addr.ToString().c_str(), p_msg->handle);
2154 rc_browse_close.rc_handle = p_msg->handle;
2155 rc_browse_close.peer_addr = p_msg->peer_addr;
2157 tBTA_AV bta_av_data;
2158 bta_av_data.rc_browse_close = rc_browse_close;
2159 (*p_cb->p_cback)(BTA_AV_RC_BROWSE_CLOSE_EVT, &bta_av_data);
2162 /*******************************************************************************
2164 * Function bta_av_rc_disc
2166 * Description start AVRC SDP discovery.
2170 ******************************************************************************/
2171 void bta_av_rc_disc(uint8_t disc) {
2172 tBTA_AV_CB* p_cb = &bta_av_cb;
2173 tAVRC_SDP_DB_PARAMS db_params;
2174 uint16_t attr_list[] = {ATTR_ID_SERVICE_CLASS_ID_LIST,
2175 ATTR_ID_BT_PROFILE_DESC_LIST,
2176 ATTR_ID_SUPPORTED_FEATURES,
2177 ATTR_ID_ADDITION_PROTO_DESC_LISTS};
2180 RawAddress peer_addr = RawAddress::kEmpty;
2183 APPL_TRACE_DEBUG("%s: disc: 0x%x, bta_av_cb.disc: 0x%x", __func__, disc,
2185 if ((bta_av_cb.disc != 0) || (disc == 0)) return;
2187 if ((disc & BTA_AV_CHNL_MSK) == BTA_AV_CHNL_MSK) {
2188 /* this is the rc handle/index to tBTA_AV_RCB */
2189 rc_handle = disc & (~BTA_AV_CHNL_MSK);
2190 if (p_cb->rcb[rc_handle].lidx) {
2191 peer_addr = p_cb->lcb[p_cb->rcb[rc_handle].lidx - 1].addr;
2194 hdi = (disc & BTA_AV_HNDL_MSK) - 1;
2195 p_scb = p_cb->p_scb[hdi];
2198 APPL_TRACE_DEBUG("%s: rc_handle %d", __func__, p_scb->rc_handle);
2199 peer_addr = p_scb->PeerAddress();
2203 if (!peer_addr.IsEmpty()) {
2204 /* allocate discovery database */
2205 if (p_cb->p_disc_db == NULL)
2206 p_cb->p_disc_db = (tSDP_DISCOVERY_DB*)osi_malloc(BTA_AV_DISC_BUF_SIZE);
2208 /* set up parameters */
2209 db_params.db_len = BTA_AV_DISC_BUF_SIZE;
2210 db_params.num_attr = sizeof(attr_list) / sizeof(uint16_t);
2211 db_params.p_db = p_cb->p_disc_db;
2212 db_params.p_attrs = attr_list;
2214 /* searching for UUID_SERVCLASS_AV_REMOTE_CONTROL gets both TG and CT */
2215 if (AVRC_FindService(UUID_SERVCLASS_AV_REMOTE_CONTROL, peer_addr,
2217 base::Bind(bta_av_avrc_sdp_cback)) == AVRC_SUCCESS) {
2219 APPL_TRACE_DEBUG("%s: disc 0x%x", __func__, p_cb->disc);
2224 /*******************************************************************************
2226 * Function bta_av_dereg_comp
2228 * Description deregister complete. free the stream control block.
2232 ******************************************************************************/
2233 void bta_av_dereg_comp(tBTA_AV_DATA* p_data) {
2234 tBTA_AV_CB* p_cb = &bta_av_cb;
2240 /* find the stream control block */
2241 p_scb = bta_av_hndl_to_scb(p_data->hdr.layer_specific);
2244 APPL_TRACE_DEBUG("%s: deregistered %d(h%d)", __func__, p_scb->chnl,
2246 mask = BTA_AV_HNDL_TO_MSK(p_scb->hdi);
2247 p_cb->reg_audio &= ~mask;
2248 if ((p_cb->conn_audio & mask) && p_cb->audio_open_cnt) {
2249 /* this channel is still marked as open. decrease the count */
2250 p_cb->audio_open_cnt--;
2252 p_cb->conn_audio &= ~mask;
2254 if (p_scb->q_tag == BTA_AV_Q_TAG_STREAM && p_scb->a2dp_list) {
2255 /* make sure no buffers are in a2dp_list */
2256 while (!list_is_empty(p_scb->a2dp_list)) {
2257 p_buf = (BT_HDR*)list_front(p_scb->a2dp_list);
2258 list_remove(p_scb->a2dp_list, p_buf);
2263 /* remove the A2DP SDP record, if no more audio stream is left */
2264 if (!p_cb->reg_audio) {
2266 /* Only remove the SDP record if we're the ones that created it */
2267 if (is_new_avrcp_enabled()) {
2268 APPL_TRACE_DEBUG("%s: newavrcp is the owner of the AVRCP Target SDP "
2269 "record. Don't dereg the SDP record", __func__);
2271 APPL_TRACE_DEBUG("%s: newavrcp is not enabled. Remove SDP record",
2273 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REMOTE_CONTROL);
2276 if (p_cb->sdp_a2dp_handle) {
2277 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_handle);
2278 p_cb->sdp_a2dp_handle = 0;
2279 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SOURCE);
2282 #if (BTA_AV_SINK_INCLUDED == TRUE)
2283 if (p_cb->sdp_a2dp_snk_handle) {
2284 bta_av_del_sdp_rec(&p_cb->sdp_a2dp_snk_handle);
2285 p_cb->sdp_a2dp_snk_handle = 0;
2286 bta_sys_remove_uuid(UUID_SERVCLASS_AUDIO_SINK);
2291 bta_av_free_scb(p_scb);
2294 APPL_TRACE_DEBUG("%s: audio 0x%x, disable:%d", __func__, p_cb->reg_audio,
2296 /* if no stream control block is active */
2297 if (p_cb->reg_audio == 0) {
2298 /* deregister from AVDT */
2299 bta_ar_dereg_avdt();
2301 /* deregister from AVCT */
2302 bta_ar_dereg_avrc(UUID_SERVCLASS_AV_REM_CTRL_TARGET);
2303 bta_ar_dereg_avct();
2305 if (p_cb->disabling) {
2306 p_cb->disabling = false;
2307 // reset enabling parameters
2312 /* Clear the Capturing service class bit */
2313 cod.service = BTM_COD_SERVICE_CAPTURING;
2314 utl_set_device_class(&cod, BTA_UTL_CLR_COD_SERVICE_CLASS);
OSDN Git Service
