1 /* 2 * Copyright (C) 2016 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BLUEKITCHEN 24 * GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #define BTSTACK_FILE__ "avrcp.c" 39 40 #include <stdint.h> 41 #include <string.h> 42 // snprintf 43 #include <stdio.h> 44 45 #include "bluetooth_psm.h" 46 #include "bluetooth_sdp.h" 47 #include "btstack_debug.h" 48 #include "btstack_event.h" 49 #include "btstack_memory.h" 50 #include "classic/sdp_client.h" 51 #include "classic/sdp_util.h" 52 #include "classic/avrcp.h" 53 54 55 typedef struct { 56 uint8_t parse_sdp_record; 57 uint32_t record_id; 58 uint16_t avrcp_cid; 59 uint16_t avrcp_l2cap_psm; 60 uint16_t avrcp_version; 61 62 uint16_t browsing_l2cap_psm; 63 uint16_t browsing_version; 64 uint16_t cover_art_l2cap_psm; 65 } avrcp_sdp_query_context_t; 66 67 static void avrcp_packet_handler(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size); 68 static void avrcp_start_next_sdp_query(void); 69 70 static const char * avrcp_default_controller_service_name = "BTstack AVRCP Controller Service"; 71 static const char * avrcp_default_controller_service_provider_name = "BTstack AVRCP Controller Service Provider"; 72 static const char * avrcp_defaul_target_service_name = "BTstack AVRCP Target Service"; 73 static const char * avrcp_default_target_service_provider_name = "BTstack AVRCP Target Service Provider"; 74 75 static const char * avrcp_subunit_type_name[] = { 76 "MONITOR", "AUDIO", "PRINTER", "DISC", "TAPE_RECORDER_PLAYER", "TUNER", 77 "CA", "CAMERA", "RESERVED", "PANEL", "BULLETIN_BOARD", "CAMERA_STORAGE", 78 "VENDOR_UNIQUE", "RESERVED_FOR_ALL_SUBUNIT_TYPES", 79 "EXTENDED_TO_NEXT_BYTE", "UNIT", "ERROR" 80 }; 81 82 // default subunit info: single PANEL subunit 83 static const uint8_t avrcp_default_subunit_info[] = { AVRCP_SUBUNIT_TYPE_PANEL << 3}; 84 85 // globals 86 static bool avrcp_l2cap_service_registered = false; 87 88 // connections 89 static uint16_t avrcp_cid_counter; 90 static btstack_linked_list_t avrcp_connections; 91 92 // higher layer callbacks 93 static btstack_packet_handler_t avrcp_callback; 94 static btstack_packet_handler_t avrcp_controller_packet_handler; 95 static btstack_packet_handler_t avrcp_target_packet_handler; 96 97 // sdp query 98 static btstack_context_callback_registration_t avrcp_sdp_query_registration; 99 static avrcp_sdp_query_context_t avrcp_sdp_query_context; 100 static uint8_t avrcp_sdp_query_attribute_value[45]; 101 static const unsigned int avrcp_sdp_query_attribute_value_buffer_size = sizeof(avrcp_sdp_query_attribute_value); 102 103 static void (*avrcp_browsing_sdp_query_complete_handler)(avrcp_connection_t * connection, uint8_t status); 104 105 106 const char * avrcp_subunit2str(uint16_t index){ 107 if (index <= 11) return avrcp_subunit_type_name[index]; 108 if ((index >= 0x1C) && (index <= 0x1F)) return avrcp_subunit_type_name[index - 0x10]; 109 return avrcp_subunit_type_name[16]; 110 } 111 112 static const char * avrcp_event_name[] = { 113 "ERROR", "PLAYBACK_STATUS_CHANGED", 114 "TRACK_CHANGED", "TRACK_REACHED_END", "TRACK_REACHED_START", 115 "PLAYBACK_POS_CHANGED", "BATT_STATUS_CHANGED", "SYSTEM_STATUS_CHANGED", 116 "PLAYER_APPLICATION_SETTING_CHANGED", "NOW_PLAYING_CONTENT_CHANGED", 117 "AVAILABLE_PLAYERS_CHANGED", "ADDRESSED_PLAYER_CHANGED", "UIDS_CHANGED", "VOLUME_CHANGED" 118 }; 119 const char * avrcp_event2str(uint16_t index){ 120 if (index <= 0x0d) return avrcp_event_name[index]; 121 return avrcp_event_name[0]; 122 } 123 124 static const char * avrcp_operation_name[] = { 125 "SKIP", NULL, NULL, NULL, NULL, 126 "VOLUME_UP", "VOLUME_DOWN", "MUTE", "PLAY", "STOP", "PAUSE", NULL, 127 "REWIND", "FAST_FORWARD", NULL, "FORWARD", "BACKWARD" // 0x4C 128 }; 129 130 const char * avrcp_operation2str(uint8_t operation_id){ 131 char * name = NULL; 132 if ((operation_id >= AVRCP_OPERATION_ID_SKIP) && (operation_id <= AVRCP_OPERATION_ID_BACKWARD)){ 133 name = (char *)avrcp_operation_name[operation_id - AVRCP_OPERATION_ID_SKIP]; 134 } 135 if (name == NULL){ 136 static char buffer[13]; 137 snprintf(buffer, sizeof(buffer), "Unknown 0x%02x", operation_id); 138 buffer[sizeof(buffer)-1] = 0; 139 return buffer; 140 } else { 141 return name; 142 } 143 } 144 145 static const char * avrcp_media_attribute_id_name[] = { 146 "NONE", "TITLE", "ARTIST", "ALBUM", "TRACK", "TOTAL TRACKS", "GENRE", "SONG LENGTH" 147 }; 148 const char * avrcp_attribute2str(uint8_t index){ 149 if (index > 7){ 150 index = 0; 151 } 152 return avrcp_media_attribute_id_name[0]; 153 } 154 155 static const char * avrcp_play_status_name[] = { 156 "STOPPED", "PLAYING", "PAUSED", "FORWARD SEEK", "REVERSE SEEK", 157 "ERROR" // 0xFF 158 }; 159 const char * avrcp_play_status2str(uint8_t index){ 160 if (index > 4){ 161 index = 5; 162 } 163 return avrcp_play_status_name[index]; 164 } 165 166 static const char * avrcp_ctype_name[] = { 167 "CONTROL", 168 "STATUS", 169 "SPECIFIC_INQUIRY", 170 "NOTIFY", 171 "GENERAL_INQUIRY", 172 "RESERVED5", 173 "RESERVED6", 174 "RESERVED7", 175 "NOT IMPLEMENTED IN REMOTE", 176 "ACCEPTED BY REMOTE", 177 "REJECTED BY REMOTE", 178 "IN_TRANSITION", 179 "IMPLEMENTED_STABLE", 180 "CHANGED_STABLE", 181 "RESERVED", 182 "INTERIM" 183 }; 184 static const uint16_t avrcp_ctype_name_num = 16; 185 186 const char * avrcp_ctype2str(uint8_t index){ 187 if (index < avrcp_ctype_name_num){ 188 return avrcp_ctype_name[index]; 189 } 190 return "NONE"; 191 } 192 193 static const char * avrcp_shuffle_mode_name[] = { 194 "SHUFFLE OFF", 195 "SHUFFLE ALL TRACKS", 196 "SHUFFLE GROUP" 197 }; 198 199 const char * avrcp_shuffle2str(uint8_t index){ 200 if ((index >= 1) && (index <= 3)) return avrcp_shuffle_mode_name[index-1]; 201 return "NONE"; 202 } 203 204 static const char * avrcp_repeat_mode_name[] = { 205 "REPEAT OFF", 206 "REPEAT SINGLE TRACK", 207 "REPEAT ALL TRACKS", 208 "REPEAT GROUP" 209 }; 210 211 const char * avrcp_repeat2str(uint8_t index){ 212 if ((index >= 1) && (index <= 4)) return avrcp_repeat_mode_name[index-1]; 213 return "NONE"; 214 } 215 216 static const char * notification_name[] = { 217 "INVALID_INDEX", 218 "PLAYBACK_STATUS_CHANGED", 219 "TRACK_CHANGED", 220 "TRACK_REACHED_END", 221 "TRACK_REACHED_START", 222 "PLAYBACK_POS_CHANGED", 223 "BATT_STATUS_CHANGED", 224 "SYSTEM_STATUS_CHANGED", 225 "PLAYER_APPLICATION_SETTING_CHANGED", 226 "NOW_PLAYING_CONTENT_CHANGED", 227 "AVAILABLE_PLAYERS_CHANGED", 228 "ADDRESSED_PLAYER_CHANGED", 229 "UIDS_CHANGED", 230 "VOLUME_CHANGED", 231 "MAX_VALUE" 232 }; 233 234 const char * avrcp_notification2str(avrcp_notification_event_id_t index){ 235 if ((index >= AVRCP_NOTIFICATION_EVENT_FIRST_INDEX) && (index <= AVRCP_NOTIFICATION_EVENT_LAST_INDEX)){ 236 return notification_name[index]; 237 } 238 return notification_name[0]; 239 } 240 241 btstack_linked_list_t avrcp_get_connections(void){ 242 return avrcp_connections; 243 } 244 245 uint8_t avrcp_cmd_opcode(uint8_t *packet, uint16_t size){ 246 uint8_t cmd_opcode_index = 5; 247 if (cmd_opcode_index > size) return AVRCP_CMD_OPCODE_UNDEFINED; 248 return packet[cmd_opcode_index]; 249 } 250 251 void avrcp_create_sdp_record(uint8_t controller, uint8_t * service, uint32_t service_record_handle, uint8_t browsing, uint16_t supported_features, 252 const char * service_name, const char * service_provider_name){ 253 uint8_t* attribute; 254 de_create_sequence(service); 255 256 // 0x0000 "Service Record Handle" 257 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_SERVICE_RECORD_HANDLE); 258 de_add_number(service, DE_UINT, DE_SIZE_32, service_record_handle); 259 260 // 0x0001 "Service Class ID List" 261 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_SERVICE_CLASS_ID_LIST); 262 attribute = de_push_sequence(service); 263 { 264 if (controller){ 265 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL); 266 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_CONTROLLER); 267 } else { 268 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_TARGET); 269 } 270 } 271 de_pop_sequence(service, attribute); 272 273 // 0x0004 "Protocol Descriptor List" 274 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_PROTOCOL_DESCRIPTOR_LIST); 275 attribute = de_push_sequence(service); 276 { 277 uint8_t* l2cpProtocol = de_push_sequence(attribute); 278 { 279 de_add_number(l2cpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_L2CAP); 280 de_add_number(l2cpProtocol, DE_UINT, DE_SIZE_16, BLUETOOTH_PSM_AVCTP); 281 } 282 de_pop_sequence(attribute, l2cpProtocol); 283 284 uint8_t* avctpProtocol = de_push_sequence(attribute); 285 { 286 de_add_number(avctpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_AVCTP); // avctpProtocol_service 287 de_add_number(avctpProtocol, DE_UINT, DE_SIZE_16, 0x0104); // version 288 } 289 de_pop_sequence(attribute, avctpProtocol); 290 } 291 de_pop_sequence(service, attribute); 292 293 // 0x0005 "Public Browse Group" 294 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_BROWSE_GROUP_LIST); // public browse group 295 attribute = de_push_sequence(service); 296 { 297 de_add_number(attribute, DE_UUID, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_PUBLIC_BROWSE_ROOT); 298 } 299 de_pop_sequence(service, attribute); 300 301 // 0x0009 "Bluetooth Profile Descriptor List" 302 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_BLUETOOTH_PROFILE_DESCRIPTOR_LIST); 303 attribute = de_push_sequence(service); 304 { 305 uint8_t *avrcProfile = de_push_sequence(attribute); 306 { 307 de_add_number(avrcProfile, DE_UUID, DE_SIZE_16, BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL); 308 de_add_number(avrcProfile, DE_UINT, DE_SIZE_16, 0x0106); 309 } 310 de_pop_sequence(attribute, avrcProfile); 311 } 312 de_pop_sequence(service, attribute); 313 314 // 0x000d "Additional Bluetooth Profile Descriptor List" 315 if (browsing){ 316 de_add_number(service, DE_UINT, DE_SIZE_16, BLUETOOTH_ATTRIBUTE_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS); 317 attribute = de_push_sequence(service); 318 { 319 uint8_t * des = de_push_sequence(attribute); 320 { 321 uint8_t* browsing_l2cpProtocol = de_push_sequence(des); 322 { 323 de_add_number(browsing_l2cpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_L2CAP); 324 de_add_number(browsing_l2cpProtocol, DE_UINT, DE_SIZE_16, BLUETOOTH_PSM_AVCTP_BROWSING); 325 } 326 de_pop_sequence(des, browsing_l2cpProtocol); 327 328 uint8_t* browsing_avctpProtocol = de_push_sequence(des); 329 { 330 de_add_number(browsing_avctpProtocol, DE_UUID, DE_SIZE_16, BLUETOOTH_PROTOCOL_AVCTP); // browsing_avctpProtocol_service 331 de_add_number(browsing_avctpProtocol, DE_UINT, DE_SIZE_16, 0x0104); // version 332 } 333 de_pop_sequence(des, browsing_avctpProtocol); 334 } 335 de_pop_sequence(attribute, des); 336 } 337 de_pop_sequence(service, attribute); 338 } 339 340 341 // 0x0100 "Service Name" 342 de_add_number(service, DE_UINT, DE_SIZE_16, 0x0100); 343 if (service_name){ 344 de_add_data(service, DE_STRING, (uint16_t) strlen(service_name), (uint8_t *) service_name); 345 } else { 346 if (controller){ 347 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_default_controller_service_name), (uint8_t *) avrcp_default_controller_service_name); 348 } else { 349 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_defaul_target_service_name), (uint8_t *) avrcp_defaul_target_service_name); 350 } 351 } 352 353 // 0x0100 "Provider Name" 354 de_add_number(service, DE_UINT, DE_SIZE_16, 0x0102); 355 if (service_provider_name){ 356 de_add_data(service, DE_STRING, (uint16_t) strlen(service_provider_name), (uint8_t *) service_provider_name); 357 } else { 358 if (controller){ 359 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_default_controller_service_provider_name), (uint8_t *) avrcp_default_controller_service_provider_name); 360 } else { 361 de_add_data(service, DE_STRING, (uint16_t) strlen(avrcp_default_target_service_provider_name), (uint8_t *) avrcp_default_target_service_provider_name); 362 } 363 } 364 365 // 0x0311 "Supported Features" 366 de_add_number(service, DE_UINT, DE_SIZE_16, 0x0311); 367 de_add_number(service, DE_UINT, DE_SIZE_16, supported_features); 368 } 369 370 uint16_t avctp_get_num_bytes_for_header(avctp_packet_type_t avctp_packet_type) { 371 switch (avctp_packet_type){ 372 case AVCTP_SINGLE_PACKET: 373 // AVCTP message: transport header (1), pid (2) 374 return 3; 375 case AVCTP_START_PACKET: 376 // AVCTP message: transport header (1), num_packets (1), pid (2) 377 return 4; 378 default: 379 // AVCTP message: transport header (1) 380 return 1; 381 } 382 } 383 384 uint16_t avrcp_get_num_bytes_for_header(avrcp_command_opcode_t command_opcode, avctp_packet_type_t avctp_packet_type) { 385 switch (avctp_packet_type){ 386 case AVCTP_SINGLE_PACKET: 387 case AVCTP_START_PACKET: 388 break; 389 default: 390 return 0; 391 } 392 393 uint16_t offset = 3; // AVRCP message: cmd type (1), subunit (1), opcode (1) 394 switch (command_opcode){ 395 case AVRCP_CMD_OPCODE_VENDOR_DEPENDENT: 396 offset += 7; // AVRCP message: company (3), pdu id(1), AVRCP packet type (1), param_len (2) 397 break; 398 case AVRCP_CMD_OPCODE_PASS_THROUGH: 399 offset += 3; // AVRCP message: operation id (1), param_len (2) 400 break; 401 default: 402 break; 403 } 404 return offset; 405 } 406 407 static uint16_t avrcp_get_num_free_bytes_for_payload(uint16_t l2cap_mtu, avrcp_command_opcode_t command_opcode, avctp_packet_type_t avctp_packet_type){ 408 uint16_t max_frame_size = btstack_min(l2cap_mtu, AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE); 409 uint16_t payload_offset = avctp_get_num_bytes_for_header(avctp_packet_type) + 410 avrcp_get_num_bytes_for_header(command_opcode, avctp_packet_type); 411 412 btstack_assert(max_frame_size >= payload_offset); 413 return (max_frame_size - payload_offset); 414 } 415 416 417 avctp_packet_type_t avctp_get_packet_type(avrcp_connection_t * connection, uint16_t * max_payload_size){ 418 if (connection->l2cap_mtu >= AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE){ 419 return AVCTP_SINGLE_PACKET; 420 } 421 422 if (connection->data_offset == 0){ 423 uint16_t max_payload_size_for_single_packet = avrcp_get_num_free_bytes_for_payload(connection->l2cap_mtu, 424 connection->command_opcode, 425 AVCTP_SINGLE_PACKET); 426 if (max_payload_size_for_single_packet >= connection->data_len){ 427 *max_payload_size = max_payload_size_for_single_packet; 428 return AVCTP_SINGLE_PACKET; 429 } else { 430 uint16_t max_payload_size_for_start_packet = max_payload_size_for_single_packet - 1; 431 *max_payload_size = max_payload_size_for_start_packet; 432 return AVCTP_START_PACKET; 433 } 434 } else { 435 // both packet types have the same single byte AVCTP header 436 *max_payload_size = avrcp_get_num_free_bytes_for_payload(connection->l2cap_mtu, 437 connection->command_opcode, 438 AVCTP_CONTINUE_PACKET); 439 if ((connection->data_len - connection->data_offset) > *max_payload_size){ 440 return AVCTP_CONTINUE_PACKET; 441 } else { 442 return AVCTP_END_PACKET; 443 } 444 } 445 } 446 447 avrcp_packet_type_t avrcp_get_packet_type(avrcp_connection_t * connection){ 448 switch (connection->avctp_packet_type) { 449 case AVCTP_SINGLE_PACKET: 450 case AVCTP_START_PACKET: 451 break; 452 default: 453 return connection->avrcp_packet_type; 454 } 455 456 uint16_t payload_offset = avctp_get_num_bytes_for_header(connection->avctp_packet_type) + 457 avrcp_get_num_bytes_for_header(connection->command_opcode, connection->avctp_packet_type); 458 uint16_t bytes_to_send = (connection->data_len - connection->data_offset) + payload_offset; 459 460 if (connection->data_offset == 0){ 461 if (bytes_to_send <= AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE){ 462 return AVRCP_SINGLE_PACKET; 463 } else { 464 return AVRCP_START_PACKET; 465 } 466 } else { 467 if (bytes_to_send > AVRCP_MAX_AV_C_MESSAGE_FRAME_SIZE){ 468 return AVRCP_CONTINUE_PACKET; 469 } else { 470 return AVRCP_END_PACKET; 471 } 472 } 473 } 474 475 avrcp_connection_t * avrcp_get_connection_for_bd_addr_for_role(avrcp_role_t role, bd_addr_t addr){ 476 btstack_linked_list_iterator_t it; 477 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 478 while (btstack_linked_list_iterator_has_next(&it)){ 479 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 480 if (connection->role != role) continue; 481 if (memcmp(addr, connection->remote_addr, 6) != 0) continue; 482 return connection; 483 } 484 return NULL; 485 } 486 487 avrcp_connection_t * avrcp_get_connection_for_l2cap_signaling_cid_for_role(avrcp_role_t role, uint16_t l2cap_cid){ 488 btstack_linked_list_iterator_t it; 489 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 490 while (btstack_linked_list_iterator_has_next(&it)){ 491 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 492 if (connection->role != role) continue; 493 if (connection->l2cap_signaling_cid != l2cap_cid) continue; 494 return connection; 495 } 496 return NULL; 497 } 498 499 avrcp_connection_t * avrcp_get_connection_for_avrcp_cid_for_role(avrcp_role_t role, uint16_t avrcp_cid){ 500 btstack_linked_list_iterator_t it; 501 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 502 while (btstack_linked_list_iterator_has_next(&it)){ 503 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 504 if (connection->role != role) continue; 505 if (connection->avrcp_cid != avrcp_cid) continue; 506 return connection; 507 } 508 return NULL; 509 } 510 511 avrcp_connection_t * avrcp_get_connection_for_browsing_cid_for_role(avrcp_role_t role, uint16_t browsing_cid){ 512 btstack_linked_list_iterator_t it; 513 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 514 while (btstack_linked_list_iterator_has_next(&it)){ 515 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 516 if (connection->role != role) continue; 517 if (connection->avrcp_browsing_cid != browsing_cid) continue; 518 return connection; 519 } 520 return NULL; 521 } 522 523 avrcp_connection_t * avrcp_get_connection_for_browsing_l2cap_cid_for_role(avrcp_role_t role, uint16_t browsing_l2cap_cid){ 524 btstack_linked_list_iterator_t it; 525 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 526 while (btstack_linked_list_iterator_has_next(&it)){ 527 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 528 if (connection->role != role) continue; 529 if (connection->browsing_connection && (connection->browsing_connection->l2cap_browsing_cid != browsing_l2cap_cid)) continue; 530 return connection; 531 } 532 return NULL; 533 } 534 535 avrcp_browsing_connection_t * avrcp_get_browsing_connection_for_l2cap_cid_for_role(avrcp_role_t role, uint16_t l2cap_cid){ 536 btstack_linked_list_iterator_t it; 537 btstack_linked_list_iterator_init(&it, (btstack_linked_list_t *) &avrcp_connections); 538 while (btstack_linked_list_iterator_has_next(&it)){ 539 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 540 if (connection->role != role) continue; 541 if (connection->browsing_connection && (connection->browsing_connection->l2cap_browsing_cid != l2cap_cid)) continue; 542 return connection->browsing_connection; 543 } 544 return NULL; 545 } 546 547 void avrcp_request_can_send_now(avrcp_connection_t * connection, uint16_t l2cap_cid){ 548 connection->wait_to_send = true; 549 l2cap_request_can_send_now_event(l2cap_cid); 550 } 551 552 uint16_t avrcp_get_next_cid(avrcp_role_t role){ 553 do { 554 if (avrcp_cid_counter == 0xffff) { 555 avrcp_cid_counter = 1; 556 } else { 557 avrcp_cid_counter++; 558 } 559 } while (avrcp_get_connection_for_avrcp_cid_for_role(role, avrcp_cid_counter) != NULL) ; 560 return avrcp_cid_counter; 561 } 562 563 static avrcp_connection_t * avrcp_create_connection(avrcp_role_t role, bd_addr_t remote_addr){ 564 avrcp_connection_t * connection = btstack_memory_avrcp_connection_get(); 565 if (!connection){ 566 log_error("Not enough memory to create connection for role %d", role); 567 return NULL; 568 } 569 570 connection->state = AVCTP_CONNECTION_IDLE; 571 connection->role = role; 572 573 connection->transaction_id = 0xFF; 574 connection->transaction_id_counter = 0; 575 576 connection->controller_max_num_fragments = 0xFF; 577 578 // setup default unit / subunit info 579 connection->company_id = 0xffffff; 580 connection->target_unit_type = AVRCP_SUBUNIT_TYPE_PANEL; 581 connection->target_subunit_info_data_size = sizeof(avrcp_default_subunit_info); 582 connection->target_subunit_info_data = avrcp_default_subunit_info; 583 584 log_info("avrcp_create_connection, role %d", role); 585 (void)memcpy(connection->remote_addr, remote_addr, 6); 586 btstack_linked_list_add(&avrcp_connections, (btstack_linked_item_t *) connection); 587 return connection; 588 } 589 590 static void avrcp_finalize_connection(avrcp_connection_t * connection){ 591 btstack_run_loop_remove_timer(&connection->retry_timer); 592 btstack_run_loop_remove_timer(&connection->controller_press_and_hold_cmd_timer); 593 btstack_linked_list_remove(&avrcp_connections, (btstack_linked_item_t*) connection); 594 btstack_memory_avrcp_connection_free(connection); 595 } 596 597 static void avrcp_emit_connection_established(uint16_t avrcp_cid, bd_addr_t addr, hci_con_handle_t con_handle, uint8_t status){ 598 btstack_assert(avrcp_callback != NULL); 599 600 uint8_t event[14]; 601 int pos = 0; 602 event[pos++] = HCI_EVENT_AVRCP_META; 603 event[pos++] = sizeof(event) - 2; 604 event[pos++] = AVRCP_SUBEVENT_CONNECTION_ESTABLISHED; 605 event[pos++] = status; 606 little_endian_store_16(event, pos, avrcp_cid); 607 pos += 2; 608 reverse_bd_addr(addr,&event[pos]); 609 pos += 6; 610 little_endian_store_16(event, pos, con_handle); 611 pos += 2; 612 (*avrcp_callback)(HCI_EVENT_PACKET, 0, event, sizeof(event)); 613 } 614 615 static void avrcp_emit_connection_closed(uint16_t avrcp_cid){ 616 btstack_assert(avrcp_callback != NULL); 617 618 uint8_t event[5]; 619 int pos = 0; 620 event[pos++] = HCI_EVENT_AVRCP_META; 621 event[pos++] = sizeof(event) - 2; 622 event[pos++] = AVRCP_SUBEVENT_CONNECTION_RELEASED; 623 little_endian_store_16(event, pos, avrcp_cid); 624 pos += 2; 625 (*avrcp_callback)(HCI_EVENT_PACKET, 0, event, sizeof(event)); 626 } 627 628 uint16_t avrcp_sdp_query_browsing_l2cap_psm(void){ 629 return avrcp_sdp_query_context.browsing_l2cap_psm; 630 } 631 632 void avrcp_handle_sdp_client_query_attribute_value(uint8_t *packet){ 633 des_iterator_t des_list_it; 634 635 des_iterator_t additional_protocol_descriptor_list_it; 636 des_iterator_t protocol_descriptor_list_it; 637 des_iterator_t protocol_it; 638 uint8_t protocol_descriptor_id; 639 640 // Handle new SDP record 641 if (sdp_event_query_attribute_byte_get_record_id(packet) != avrcp_sdp_query_context.record_id) { 642 avrcp_sdp_query_context.record_id = sdp_event_query_attribute_byte_get_record_id(packet); 643 avrcp_sdp_query_context.parse_sdp_record = 0; 644 // log_info("SDP Record: Nr: %d", record_id); 645 } 646 647 if (sdp_event_query_attribute_byte_get_attribute_length(packet) <= avrcp_sdp_query_attribute_value_buffer_size) { 648 avrcp_sdp_query_attribute_value[sdp_event_query_attribute_byte_get_data_offset(packet)] = sdp_event_query_attribute_byte_get_data(packet); 649 650 if ((uint16_t)(sdp_event_query_attribute_byte_get_data_offset(packet)+1) == sdp_event_query_attribute_byte_get_attribute_length(packet)) { 651 switch(sdp_event_query_attribute_byte_get_attribute_id(packet)) { 652 case BLUETOOTH_ATTRIBUTE_SERVICE_CLASS_ID_LIST: 653 if (de_get_element_type(avrcp_sdp_query_attribute_value) != DE_DES) break; 654 for (des_iterator_init(&des_list_it, avrcp_sdp_query_attribute_value); des_iterator_has_more(&des_list_it); des_iterator_next(&des_list_it)) { 655 uint8_t * element = des_iterator_get_element(&des_list_it); 656 if (de_get_element_type(element) != DE_UUID) continue; 657 uint32_t uuid = de_get_uuid32(element); 658 switch (uuid){ 659 case BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_TARGET: 660 case BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL: 661 case BLUETOOTH_SERVICE_CLASS_AV_REMOTE_CONTROL_CONTROLLER: 662 avrcp_sdp_query_context.parse_sdp_record = 1; 663 break; 664 default: 665 break; 666 } 667 } 668 break; 669 670 case BLUETOOTH_ATTRIBUTE_PROTOCOL_DESCRIPTOR_LIST: 671 if (!avrcp_sdp_query_context.parse_sdp_record) break; 672 673 for (des_iterator_init(&protocol_descriptor_list_it, avrcp_sdp_query_attribute_value); des_iterator_has_more(&protocol_descriptor_list_it); des_iterator_next(&protocol_descriptor_list_it)) { 674 675 if (des_iterator_get_type(&protocol_descriptor_list_it) != DE_DES) continue; 676 uint8_t * protocol_descriptor_list_element = des_iterator_get_element(&protocol_descriptor_list_it); 677 678 des_iterator_init(&protocol_it, protocol_descriptor_list_element); 679 uint8_t * protocol_element = des_iterator_get_element(&protocol_it); 680 681 if (de_get_element_type(protocol_element) != DE_UUID) continue; 682 683 uint32_t uuid = de_get_uuid32(protocol_element); 684 des_iterator_next(&protocol_it); 685 switch (uuid){ 686 case BLUETOOTH_PROTOCOL_L2CAP: 687 if (!des_iterator_has_more(&protocol_it)) continue; 688 de_element_get_uint16(des_iterator_get_element(&protocol_it), &avrcp_sdp_query_context.avrcp_l2cap_psm); 689 break; 690 case BLUETOOTH_PROTOCOL_AVCTP: 691 if (!des_iterator_has_more(&protocol_it)) continue; 692 de_element_get_uint16(des_iterator_get_element(&protocol_it), &avrcp_sdp_query_context.avrcp_version); 693 break; 694 default: 695 break; 696 } 697 } 698 break; 699 700 case BLUETOOTH_ATTRIBUTE_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS: 701 if (!avrcp_sdp_query_context.parse_sdp_record) break; 702 703 protocol_descriptor_id = 0; 704 705 for ( des_iterator_init(&additional_protocol_descriptor_list_it, avrcp_sdp_query_attribute_value); 706 des_iterator_has_more(&additional_protocol_descriptor_list_it); 707 des_iterator_next(&additional_protocol_descriptor_list_it)) { 708 709 if (des_iterator_get_type(&additional_protocol_descriptor_list_it) != DE_DES) continue; 710 uint8_t *additional_protocol_descriptor_element = des_iterator_get_element(&additional_protocol_descriptor_list_it); 711 712 for ( des_iterator_init(&protocol_descriptor_list_it,additional_protocol_descriptor_element); 713 des_iterator_has_more(&protocol_descriptor_list_it); 714 des_iterator_next(&protocol_descriptor_list_it)) { 715 716 if (des_iterator_get_type(&protocol_descriptor_list_it) != DE_DES) continue; 717 718 uint8_t * protocol_descriptor_list_element = des_iterator_get_element(&protocol_descriptor_list_it); 719 720 des_iterator_init(&protocol_it, protocol_descriptor_list_element); 721 uint8_t * protocol_element = des_iterator_get_element(&protocol_it); 722 723 if (de_get_element_type(protocol_element) != DE_UUID) continue; 724 725 uint32_t uuid = de_get_uuid32(protocol_element); 726 des_iterator_next(&protocol_it); 727 switch (uuid) { 728 case BLUETOOTH_PROTOCOL_L2CAP: 729 if (!des_iterator_has_more(&protocol_it)) continue; 730 switch (protocol_descriptor_id) { 731 case 0: 732 de_element_get_uint16(des_iterator_get_element(&protocol_it), 733 &avrcp_sdp_query_context.browsing_l2cap_psm); 734 break; 735 case 1: 736 de_element_get_uint16(des_iterator_get_element(&protocol_it), 737 &avrcp_sdp_query_context.cover_art_l2cap_psm); 738 break; 739 default: 740 break; 741 } 742 break; 743 case BLUETOOTH_PROTOCOL_AVCTP: 744 if (!des_iterator_has_more(&protocol_it)) continue; 745 de_element_get_uint16(des_iterator_get_element(&protocol_it), 746 &avrcp_sdp_query_context.browsing_version); 747 break; 748 default: 749 break; 750 } 751 } 752 protocol_descriptor_id++; 753 } 754 break; 755 756 default: 757 break; 758 } 759 } 760 } else { 761 log_error("SDP attribute value buffer size exceeded: available %d, required %d", avrcp_sdp_query_attribute_value_buffer_size, sdp_event_query_attribute_byte_get_attribute_length(packet)); 762 } 763 } 764 765 static void avrcp_signaling_handle_sdp_query_complete(avrcp_connection_t * connection, uint8_t status){ 766 767 // l2cap available? 768 if (status == ERROR_CODE_SUCCESS){ 769 if (avrcp_sdp_query_context.avrcp_l2cap_psm == 0){ 770 status = SDP_SERVICE_NOT_FOUND; 771 } 772 } 773 774 if (status == ERROR_CODE_SUCCESS){ 775 // ready to connect 776 connection->state = AVCTP_CONNECTION_W2_L2CAP_CONNECT; 777 778 // check if both events have been handled 779 avrcp_connection_t * connection_with_opposite_role; 780 switch (connection->role){ 781 case AVRCP_CONTROLLER: 782 connection_with_opposite_role = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, connection->avrcp_cid); 783 break; 784 case AVRCP_TARGET: 785 connection_with_opposite_role = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, connection->avrcp_cid); 786 break; 787 default: 788 btstack_assert(false); 789 return; 790 } 791 if (connection_with_opposite_role->state == AVCTP_CONNECTION_W4_L2CAP_CONNECTED){ 792 connection->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 793 connection_with_opposite_role->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 794 l2cap_create_channel(&avrcp_packet_handler, connection->remote_addr, connection->avrcp_l2cap_psm, l2cap_max_mtu(), NULL); 795 } 796 } else { 797 log_info("AVRCP: SDP query failed with status 0x%02x.", status); 798 avrcp_emit_connection_established(connection->avrcp_cid, connection->remote_addr, connection->con_handle, status); 799 avrcp_finalize_connection(connection); 800 } 801 } 802 803 static void avrcp_handle_sdp_query_completed(avrcp_connection_t * connection, uint8_t status){ 804 btstack_assert(connection != NULL); 805 806 // cache SDP result on success 807 if (status == ERROR_CODE_SUCCESS){ 808 connection->avrcp_l2cap_psm = avrcp_sdp_query_context.avrcp_l2cap_psm; 809 connection->browsing_version = avrcp_sdp_query_context.browsing_version; 810 connection->browsing_l2cap_psm = avrcp_sdp_query_context.browsing_l2cap_psm; 811 #ifdef ENABLE_AVRCP_COVER_ART 812 connection->cover_art_psm = avrcp_sdp_query_context.cover_art_l2cap_psm; 813 #endif 814 } 815 816 // SDP Signaling Query? 817 if (connection->state == AVCTP_CONNECTION_W4_SDP_QUERY_COMPLETE){ 818 avrcp_signaling_handle_sdp_query_complete(connection, status); 819 return; 820 } 821 // Browsing SDP <- Browsing Connection <- Existing SDP Connection => it wasn't an SDP query for signaling 822 if (avrcp_browsing_sdp_query_complete_handler != NULL){ 823 (*avrcp_browsing_sdp_query_complete_handler)(connection, status); 824 } 825 } 826 827 static void avrcp_handle_sdp_client_query_result(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 828 UNUSED(packet_type); 829 UNUSED(channel); 830 UNUSED(size); 831 832 avrcp_connection_t * avrcp_target_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_sdp_query_context.avrcp_cid); 833 avrcp_connection_t * avrcp_controller_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_sdp_query_context.avrcp_cid); 834 bool state_ok = (avrcp_target_connection != NULL) && (avrcp_controller_connection != NULL); 835 836 if (!state_ok){ 837 // something wrong, nevertheless, start next sdp query if this one is complete 838 if (hci_event_packet_get_type(packet) == SDP_EVENT_QUERY_COMPLETE){ 839 avrcp_sdp_query_context.avrcp_cid = 0; 840 avrcp_start_next_sdp_query(); 841 } 842 return; 843 } 844 845 uint8_t status; 846 847 switch (hci_event_packet_get_type(packet)){ 848 case SDP_EVENT_QUERY_ATTRIBUTE_VALUE: 849 avrcp_handle_sdp_client_query_attribute_value(packet); 850 return; 851 852 case SDP_EVENT_QUERY_COMPLETE: 853 // handle result 854 status = sdp_event_query_complete_get_status(packet); 855 avrcp_handle_sdp_query_completed(avrcp_controller_connection, status); 856 avrcp_handle_sdp_query_completed(avrcp_target_connection, status); 857 858 // query done, start next one 859 avrcp_sdp_query_context.avrcp_cid = 0; 860 avrcp_start_next_sdp_query(); 861 break; 862 863 default: 864 return; 865 } 866 867 } 868 869 static void avrcp_handle_start_sdp_client_query(void * context){ 870 UNUSED(context); 871 872 avrcp_connection_t * avrcp_target_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_sdp_query_context.avrcp_cid); 873 avrcp_connection_t * avrcp_controller_connection = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_sdp_query_context.avrcp_cid); 874 bool state_ok = (avrcp_target_connection != NULL) && (avrcp_controller_connection != NULL); 875 if (state_ok == false){ 876 // connection seems to got finalized in the meantime, just trigger next query 877 avrcp_start_next_sdp_query(); 878 return; 879 } 880 881 // prevent triggering SDP query twice (for each role once) 882 avrcp_target_connection->trigger_sdp_query = false; 883 avrcp_controller_connection->trigger_sdp_query = false; 884 885 sdp_client_query_uuid16(&avrcp_handle_sdp_client_query_result, avrcp_target_connection->remote_addr, BLUETOOTH_PROTOCOL_AVCTP); 886 } 887 888 static void avrcp_start_next_sdp_query(void) { 889 if (avrcp_sdp_query_context.avrcp_cid != 0) { 890 return; 891 } 892 btstack_linked_list_iterator_t it; 893 btstack_linked_list_iterator_init(&it, &avrcp_connections); 894 while (btstack_linked_list_iterator_has_next(&it)){ 895 avrcp_connection_t * connection = (avrcp_connection_t *)btstack_linked_list_iterator_next(&it); 896 if (connection->trigger_sdp_query == false) continue; 897 898 // we're ready => setup avrcp_sdp_query_context and request sdp query 899 avrcp_sdp_query_context.avrcp_cid = connection->avrcp_cid; 900 avrcp_sdp_query_context.avrcp_l2cap_psm = 0; 901 avrcp_sdp_query_context.avrcp_version = 0; 902 avrcp_sdp_query_registration.callback = &avrcp_handle_start_sdp_client_query; 903 uint8_t status = sdp_client_register_query_callback(&avrcp_sdp_query_registration); 904 btstack_assert(status == ERROR_CODE_SUCCESS); 905 break; 906 } 907 } 908 909 static avrcp_connection_t * avrcp_handle_incoming_connection_for_role(avrcp_role_t role, avrcp_connection_t * connection, bd_addr_t event_addr, hci_con_handle_t con_handle, uint16_t local_cid, uint16_t avrcp_cid){ 910 if (connection == NULL){ 911 connection = avrcp_create_connection(role, event_addr); 912 } 913 if (connection) { 914 connection->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 915 connection->l2cap_signaling_cid = local_cid; 916 connection->avrcp_cid = avrcp_cid; 917 connection->con_handle = con_handle; 918 btstack_run_loop_remove_timer(&connection->retry_timer); 919 } 920 return connection; 921 } 922 923 static void avrcp_handle_open_connection(avrcp_connection_t * connection, hci_con_handle_t con_handle, uint16_t local_cid, uint16_t l2cap_mtu){ 924 connection->l2cap_signaling_cid = local_cid; 925 connection->l2cap_mtu = l2cap_mtu; 926 connection->con_handle = con_handle; 927 connection->incoming_declined = false; 928 connection->target_song_length_ms = 0xFFFFFFFF; 929 connection->target_song_position_ms = 0xFFFFFFFF; 930 memset(connection->target_track_id, 0xFF, 8); 931 connection->target_track_selected = false; 932 connection->target_track_changed = false; 933 connection->target_playback_status = AVRCP_PLAYBACK_STATUS_STOPPED; 934 connection->state = AVCTP_CONNECTION_OPENED; 935 936 log_info("L2CAP_EVENT_CHANNEL_OPENED avrcp_cid 0x%02x, l2cap_signaling_cid 0x%02x, role %d, state %d", connection->avrcp_cid, connection->l2cap_signaling_cid, connection->role, connection->state); 937 } 938 939 static void avrcp_retry_timer_timeout_handler(btstack_timer_source_t * timer){ 940 uint16_t avrcp_cid = (uint16_t)(uintptr_t) btstack_run_loop_get_timer_context(timer); 941 avrcp_connection_t * connection_controller = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_cid); 942 if (connection_controller == NULL) return; 943 avrcp_connection_t * connection_target = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_cid); 944 if (connection_target == NULL) return; 945 946 if (connection_controller->state == AVCTP_CONNECTION_W2_L2CAP_RETRY){ 947 connection_controller->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 948 connection_target->state = AVCTP_CONNECTION_W4_L2CAP_CONNECTED; 949 l2cap_create_channel(&avrcp_packet_handler, connection_controller->remote_addr, connection_controller->avrcp_l2cap_psm, l2cap_max_mtu(), NULL); 950 } 951 } 952 953 static void avrcp_retry_timer_start(avrcp_connection_t * connection){ 954 btstack_run_loop_set_timer_handler(&connection->retry_timer, avrcp_retry_timer_timeout_handler); 955 btstack_run_loop_set_timer_context(&connection->retry_timer, (void *)(uintptr_t)connection->avrcp_cid); 956 957 // add some jitter/randomness to reconnect delay 958 uint32_t timeout = 100 + (btstack_run_loop_get_time_ms() & 0x7F); 959 btstack_run_loop_set_timer(&connection->retry_timer, timeout); 960 961 btstack_run_loop_add_timer(&connection->retry_timer); 962 } 963 964 static avrcp_frame_type_t avrcp_get_frame_type(uint8_t header){ 965 return (avrcp_frame_type_t)((header & 0x02) >> 1); 966 } 967 968 static void avrcp_packet_handler(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 969 UNUSED(channel); 970 UNUSED(size); 971 bd_addr_t event_addr; 972 uint16_t local_cid; 973 uint16_t l2cap_mtu; 974 uint8_t status; 975 bool decline_connection; 976 bool outoing_active; 977 hci_con_handle_t con_handle; 978 979 avrcp_connection_t * connection_controller; 980 avrcp_connection_t * connection_target; 981 bool can_send; 982 983 switch (packet_type) { 984 case HCI_EVENT_PACKET: 985 switch (hci_event_packet_get_type(packet)) { 986 987 case L2CAP_EVENT_INCOMING_CONNECTION: 988 btstack_assert(avrcp_controller_packet_handler != NULL); 989 btstack_assert(avrcp_target_packet_handler != NULL); 990 991 l2cap_event_incoming_connection_get_address(packet, event_addr); 992 local_cid = l2cap_event_incoming_connection_get_local_cid(packet); 993 con_handle = l2cap_event_incoming_connection_get_handle(packet); 994 995 outoing_active = false; 996 connection_target = avrcp_get_connection_for_bd_addr_for_role(AVRCP_TARGET, event_addr); 997 if (connection_target != NULL){ 998 if (connection_target->state == AVCTP_CONNECTION_W4_L2CAP_CONNECTED){ 999 outoing_active = true; 1000 connection_target->incoming_declined = true; 1001 } 1002 } 1003 1004 connection_controller = avrcp_get_connection_for_bd_addr_for_role(AVRCP_CONTROLLER, event_addr); 1005 if (connection_controller != NULL){ 1006 if (connection_controller->state == AVCTP_CONNECTION_W4_L2CAP_CONNECTED) { 1007 outoing_active = true; 1008 connection_controller->incoming_declined = true; 1009 } 1010 } 1011 1012 decline_connection = outoing_active; 1013 if (decline_connection == false){ 1014 uint16_t avrcp_cid; 1015 if ((connection_controller == NULL) || (connection_target == NULL)){ 1016 avrcp_cid = avrcp_get_next_cid(AVRCP_CONTROLLER); 1017 } else { 1018 avrcp_cid = connection_controller->avrcp_cid; 1019 } 1020 // create two connection objects (both) 1021 connection_target = avrcp_handle_incoming_connection_for_role(AVRCP_TARGET, connection_target, event_addr, con_handle, local_cid, avrcp_cid); 1022 connection_controller = avrcp_handle_incoming_connection_for_role(AVRCP_CONTROLLER, connection_controller, event_addr, con_handle, local_cid, avrcp_cid); 1023 if ((connection_target == NULL) || (connection_controller == NULL)){ 1024 decline_connection = true; 1025 if (connection_target) { 1026 avrcp_finalize_connection(connection_target); 1027 } 1028 if (connection_controller) { 1029 avrcp_finalize_connection(connection_controller); 1030 } 1031 } 1032 } 1033 if (decline_connection){ 1034 l2cap_decline_connection(local_cid); 1035 } else { 1036 log_info("AVRCP: L2CAP_EVENT_INCOMING_CONNECTION local cid 0x%02x, state %d", local_cid, connection_controller->state); 1037 l2cap_accept_connection(local_cid); 1038 } 1039 break; 1040 1041 case L2CAP_EVENT_CHANNEL_OPENED: 1042 l2cap_event_channel_opened_get_address(packet, event_addr); 1043 status = l2cap_event_channel_opened_get_status(packet); 1044 local_cid = l2cap_event_channel_opened_get_local_cid(packet); 1045 l2cap_mtu = l2cap_event_channel_opened_get_remote_mtu(packet); 1046 con_handle = l2cap_event_channel_opened_get_handle(packet); 1047 1048 connection_controller = avrcp_get_connection_for_bd_addr_for_role(AVRCP_CONTROLLER, event_addr); 1049 connection_target = avrcp_get_connection_for_bd_addr_for_role(AVRCP_TARGET, event_addr); 1050 1051 // incoming: structs are already created in L2CAP_EVENT_INCOMING_CONNECTION 1052 // outgoing: structs are cteated in avrcp_connect() 1053 if ((connection_controller == NULL) || (connection_target == NULL)) { 1054 break; 1055 } 1056 1057 switch (status){ 1058 case ERROR_CODE_SUCCESS: 1059 avrcp_handle_open_connection(connection_target, con_handle, local_cid, l2cap_mtu); 1060 avrcp_handle_open_connection(connection_controller, con_handle, local_cid, l2cap_mtu); 1061 avrcp_emit_connection_established(connection_controller->avrcp_cid, event_addr, con_handle, status); 1062 return; 1063 case L2CAP_CONNECTION_RESPONSE_RESULT_REFUSED_RESOURCES: 1064 if (connection_controller->incoming_declined == true){ 1065 log_info("Incoming connection was declined, and the outgoing failed"); 1066 connection_controller->state = AVCTP_CONNECTION_W2_L2CAP_RETRY; 1067 connection_controller->incoming_declined = false; 1068 connection_target->state = AVCTP_CONNECTION_W2_L2CAP_RETRY; 1069 connection_target->incoming_declined = false; 1070 avrcp_retry_timer_start(connection_controller); 1071 return; 1072 } 1073 break; 1074 default: 1075 break; 1076 } 1077 log_info("L2CAP connection to connection %s failed. status code 0x%02x", bd_addr_to_str(event_addr), status); 1078 avrcp_emit_connection_established(connection_controller->avrcp_cid, event_addr, con_handle, status); 1079 avrcp_finalize_connection(connection_controller); 1080 avrcp_finalize_connection(connection_target); 1081 1082 break; 1083 1084 case L2CAP_EVENT_CHANNEL_CLOSED: 1085 local_cid = l2cap_event_channel_closed_get_local_cid(packet); 1086 1087 connection_controller = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_CONTROLLER, local_cid); 1088 connection_target = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_TARGET, local_cid); 1089 if ((connection_controller == NULL) || (connection_target == NULL)) { 1090 break; 1091 } 1092 avrcp_emit_connection_closed(connection_controller->avrcp_cid); 1093 avrcp_finalize_connection(connection_controller); 1094 avrcp_finalize_connection(connection_target); 1095 break; 1096 1097 case L2CAP_EVENT_CAN_SEND_NOW: 1098 local_cid = l2cap_event_can_send_now_get_local_cid(packet); 1099 can_send = true; 1100 1101 connection_target = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_TARGET, local_cid); 1102 if ((connection_target != NULL) && connection_target->wait_to_send){ 1103 connection_target->wait_to_send = false; 1104 (*avrcp_target_packet_handler)(HCI_EVENT_PACKET, channel, packet, size); 1105 can_send = false; 1106 } 1107 1108 connection_controller = avrcp_get_connection_for_l2cap_signaling_cid_for_role(AVRCP_CONTROLLER, local_cid); 1109 if ((connection_controller != NULL) && connection_controller->wait_to_send){ 1110 if (can_send){ 1111 connection_controller->wait_to_send = false; 1112 (*avrcp_controller_packet_handler)(HCI_EVENT_PACKET, channel, packet, size); 1113 } else { 1114 l2cap_request_can_send_now_event(local_cid); 1115 } 1116 } 1117 break; 1118 1119 default: 1120 break; 1121 } 1122 break; 1123 1124 case L2CAP_DATA_PACKET: 1125 switch (avrcp_get_frame_type(packet[0])){ 1126 case AVRCP_RESPONSE_FRAME: 1127 (*avrcp_controller_packet_handler)(packet_type, channel, packet, size); 1128 break; 1129 case AVRCP_COMMAND_FRAME: 1130 default: // make compiler happy 1131 (*avrcp_target_packet_handler)(packet_type, channel, packet, size); 1132 break; 1133 } 1134 break; 1135 1136 default: 1137 break; 1138 } 1139 } 1140 1141 void avrcp_init(void){ 1142 avrcp_connections = NULL; 1143 if (avrcp_l2cap_service_registered) return; 1144 1145 int status = l2cap_register_service(&avrcp_packet_handler, BLUETOOTH_PSM_AVCTP, 0xffff, gap_get_security_level()); 1146 if (status != ERROR_CODE_SUCCESS) return; 1147 avrcp_l2cap_service_registered = true; 1148 } 1149 1150 void avrcp_register_controller_packet_handler(btstack_packet_handler_t callback){ 1151 // note: called by avrcp_controller_init 1152 avrcp_controller_packet_handler = callback; 1153 } 1154 1155 void avrcp_register_target_packet_handler(btstack_packet_handler_t callback){ 1156 // note: called by avrcp_target_init 1157 avrcp_target_packet_handler = callback; 1158 } 1159 1160 void avrcp_register_packet_handler(btstack_packet_handler_t callback){ 1161 btstack_assert(callback != NULL); 1162 avrcp_callback = callback; 1163 } 1164 1165 void avrcp_register_browsing_sdp_query_complete_handler(void (*callback)(avrcp_connection_t * connection, uint8_t status)){ 1166 btstack_assert(callback != NULL); 1167 avrcp_browsing_sdp_query_complete_handler = callback; 1168 } 1169 1170 1171 void avrcp_trigger_sdp_query(avrcp_connection_t *connection_controller, avrcp_connection_t *connection_target) { 1172 connection_controller->trigger_sdp_query = true; 1173 connection_target->trigger_sdp_query = true; 1174 1175 avrcp_start_next_sdp_query(); 1176 } 1177 1178 uint8_t avrcp_connect(bd_addr_t remote_addr, uint16_t * avrcp_cid){ 1179 btstack_assert(avrcp_controller_packet_handler != NULL); 1180 btstack_assert(avrcp_target_packet_handler != NULL); 1181 1182 avrcp_connection_t * connection_controller = avrcp_get_connection_for_bd_addr_for_role(AVRCP_CONTROLLER, remote_addr); 1183 if (connection_controller){ 1184 return ERROR_CODE_COMMAND_DISALLOWED; 1185 } 1186 avrcp_connection_t * connection_target = avrcp_get_connection_for_bd_addr_for_role(AVRCP_TARGET, remote_addr); 1187 if (connection_target){ 1188 return ERROR_CODE_COMMAND_DISALLOWED; 1189 } 1190 1191 uint16_t cid = avrcp_get_next_cid(AVRCP_CONTROLLER); 1192 1193 connection_controller = avrcp_create_connection(AVRCP_CONTROLLER, remote_addr); 1194 if (!connection_controller) return BTSTACK_MEMORY_ALLOC_FAILED; 1195 1196 connection_target = avrcp_create_connection(AVRCP_TARGET, remote_addr); 1197 if (!connection_target){ 1198 avrcp_finalize_connection(connection_controller); 1199 return BTSTACK_MEMORY_ALLOC_FAILED; 1200 } 1201 1202 if (avrcp_cid != NULL){ 1203 *avrcp_cid = cid; 1204 } 1205 1206 connection_controller->avrcp_cid = cid; 1207 connection_target->avrcp_cid = cid; 1208 1209 connection_controller->state = AVCTP_CONNECTION_W4_SDP_QUERY_COMPLETE; 1210 connection_target->state = AVCTP_CONNECTION_W4_SDP_QUERY_COMPLETE; 1211 1212 avrcp_trigger_sdp_query(connection_controller, connection_target); 1213 1214 return ERROR_CODE_SUCCESS; 1215 } 1216 1217 uint8_t avrcp_disconnect(uint16_t avrcp_cid){ 1218 avrcp_connection_t * connection_controller = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_CONTROLLER, avrcp_cid); 1219 if (!connection_controller){ 1220 return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER; 1221 } 1222 avrcp_connection_t * connection_target = avrcp_get_connection_for_avrcp_cid_for_role(AVRCP_TARGET, avrcp_cid); 1223 if (!connection_target){ 1224 return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER; 1225 } 1226 if (connection_controller->browsing_connection){ 1227 l2cap_disconnect(connection_controller->browsing_connection->l2cap_browsing_cid); 1228 } 1229 l2cap_disconnect(connection_controller->l2cap_signaling_cid); 1230 return ERROR_CODE_SUCCESS; 1231 } 1232 1233 void avrcp_deinit(void){ 1234 avrcp_l2cap_service_registered = false; 1235 1236 avrcp_cid_counter = 0; 1237 avrcp_connections = NULL; 1238 1239 avrcp_callback = NULL; 1240 avrcp_controller_packet_handler = NULL; 1241 avrcp_target_packet_handler = NULL; 1242 1243 (void) memset(&avrcp_sdp_query_registration, 0, sizeof(avrcp_sdp_query_registration)); 1244 (void) memset(&avrcp_sdp_query_context, 0, sizeof(avrcp_sdp_query_context_t)); 1245 (void) memset(avrcp_sdp_query_attribute_value, 0, sizeof(avrcp_sdp_query_attribute_value)); 1246 } 1247 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 1248 #define FUZZ_CID 0x44 1249 #define FUZZ_CON_HANDLE 0x0001 1250 static bd_addr_t remote_addr = { 0x33, 0x33, 0x33, 0x33, 0x33, 0x33 }; 1251 void avrcp_init_fuzz(void){ 1252 // setup avrcp connections for cid 1253 avrcp_connection_t * connection_controller = avrcp_create_connection(AVRCP_CONTROLLER, remote_addr); 1254 avrcp_connection_t * connection_target = avrcp_create_connection(AVRCP_TARGET, remote_addr); 1255 avrcp_handle_open_connection(connection_controller, FUZZ_CON_HANDLE, FUZZ_CID, 999); 1256 avrcp_handle_open_connection(connection_target, FUZZ_CON_HANDLE, FUZZ_CID, 999); 1257 } 1258 void avrcp_packet_handler_fuzz(uint8_t *packet, uint16_t size){ 1259 avrcp_packet_handler(L2CAP_DATA_PACKET, FUZZ_CID, packet, size); 1260 } 1261 #endif 1262