profiles/audio/avctp.c

   1 /*
   2  *
   3  *  BlueZ - Bluetooth protocol stack for Linux
   4  *
   5  *  Copyright (C) 2006-2010  Nokia Corporation
   6  *  Copyright (C) 2004-2010  Marcel Holtmann <marcel@holtmann.org>
   7  *  Copyright (C) 2011  Texas Instruments, Inc.
   8  *
   9  *
  10  *  This program is free software; you can redistribute it and/or modify
  11  *  it under the terms of the GNU General Public License as published by
  12  *  the Free Software Foundation; either version 2 of the License, or
  13  *  (at your option) any later version.
  14  *
  15  *  This program is distributed in the hope that it will be useful,
  16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  *  GNU General Public License for more details.
  19  *
  20  *  You should have received a copy of the GNU General Public License
  21  *  along with this program; if not, write to the Free Software
  22  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  23  *
  24  */
  25
  26 #ifdef HAVE_CONFIG_H
  27 #include <config.h>
  28 #endif
  29
  30 #include <stdlib.h>
  31 #include <stdint.h>
  32 #include <stdbool.h>
  33 #include <errno.h>
  34 #include <unistd.h>
  35 #include <assert.h>
  36 #include <signal.h>
  37 #include <sys/types.h>
  38 #include <sys/stat.h>
  39 #include <fcntl.h>
  40 #include <netinet/in.h>
  41
  42 #include <glib.h>
  43
  44 #include "lib/bluetooth.h"
  45 #include "lib/sdp.h"
  46 #include "lib/l2cap.h"
  47 #include "lib/uuid.h"
  48
  49 #include "btio/btio.h"
  50 #include "src/adapter.h"
  51 #include "src/device.h"
  52 #include "src/log.h"
  53 #include "src/error.h"
  54 #include "src/uinput.h"
  55
  56 #include "avctp.h"
  57 #include "avrcp.h"
  58
  59 /* AV/C Panel 1.23, page 76:
  60  * command with the pressed value is valid for two seconds
  61  */
  62 #define AVC_PRESS_TIMEOUT       2
  63
  64 #define QUIRK_NO_RELEASE 1 << 0
  65
  66 /* Message types */
  67 #define AVCTP_COMMAND           0
  68 #define AVCTP_RESPONSE          1
  69
  70 /* Packet types */
  71 #define AVCTP_PACKET_SINGLE     0
  72 #define AVCTP_PACKET_START      1
  73 #define AVCTP_PACKET_CONTINUE   2
  74 #define AVCTP_PACKET_END        3
  75
  76 #if __BYTE_ORDER == __LITTLE_ENDIAN
  77
  78 struct avctp_header {
  79         uint8_t ipid:1;
  80         uint8_t cr:1;
  81         uint8_t packet_type:2;
  82         uint8_t transaction:4;
  83         uint16_t pid;
  84 } __attribute__ ((packed));
  85 #define AVCTP_HEADER_LENGTH 3
  86
  87 struct avc_header {
  88         uint8_t code:4;
  89         uint8_t _hdr0:4;
  90         uint8_t subunit_id:3;
  91         uint8_t subunit_type:5;
  92         uint8_t opcode;
  93 } __attribute__ ((packed));
  94
  95 #elif __BYTE_ORDER == __BIG_ENDIAN
  96
  97 struct avctp_header {
  98         uint8_t transaction:4;
  99         uint8_t packet_type:2;
 100         uint8_t cr:1;
 101         uint8_t ipid:1;
 102         uint16_t pid;
 103 } __attribute__ ((packed));
 104 #define AVCTP_HEADER_LENGTH 3
 105
 106 struct avc_header {
 107         uint8_t _hdr0:4;
 108         uint8_t code:4;
 109         uint8_t subunit_type:5;
 110         uint8_t subunit_id:3;
 111         uint8_t opcode;
 112 } __attribute__ ((packed));
 113
 114 #else
 115 #error "Unknown byte order"
 116 #endif
 117
 118 struct avctp_state_callback {
 119         avctp_state_cb cb;
 120         struct btd_device *dev;
 121         unsigned int id;
 122         void *user_data;
 123 };
 124
 125 struct avctp_server {
 126         struct btd_adapter *adapter;
 127         GIOChannel *control_io;
 128         GIOChannel *browsing_io;
 129         GSList *sessions;
 130 };
 131
 132 struct avctp_control_req {
 133         struct avctp_pending_req *p;
 134         uint8_t code;
 135         uint8_t subunit;
 136         uint8_t op;
 137         uint8_t *operands;
 138         uint16_t operand_count;
 139         avctp_rsp_cb func;
 140         void *user_data;
 141 };
 142
 143 struct avctp_browsing_req {
 144         struct avctp_pending_req *p;
 145         uint8_t *operands;
 146         uint16_t operand_count;
 147         avctp_browsing_rsp_cb func;
 148         void *user_data;
 149 };
 150
 151 typedef int (*avctp_process_cb) (void *data);
 152
 153 struct avctp_pending_req {
 154         struct avctp_channel *chan;
 155         uint8_t transaction;
 156         guint timeout;
 157         int err;
 158         avctp_process_cb process;
 159         void *data;
 160         GDestroyNotify destroy;
 161 };
 162
 163 struct avctp_channel {
 164         struct avctp *session;
 165         GIOChannel *io;
 166         uint8_t transaction;
 167         guint watch;
 168         uint16_t imtu;
 169         uint16_t omtu;
 170         uint8_t *buffer;
 171         GSList *handlers;
 172         struct avctp_pending_req *p;
 173         GQueue *queue;
 174         GSList *processed;
 175         guint process_id;
 176         GDestroyNotify destroy;
 177 };
 178
 179 struct key_pressed {
 180         uint16_t op;
 181         guint timer;
 182 };
 183
 184 struct avctp {
 185         struct avctp_server *server;
 186         struct btd_device *device;
 187
 188         avctp_state_t state;
 189
 190         int uinput;
 191
 192         guint auth_id;
 193         unsigned int passthrough_id;
 194         unsigned int unit_id;
 195         unsigned int subunit_id;
 196
 197         struct avctp_channel *control;
 198         struct avctp_channel *browsing;
 199
 200         struct avctp_passthrough_handler *handler;
 201
 202         uint8_t key_quirks[256];
 203         struct key_pressed key;
 204         bool initiator;
 205 };
 206
 207 struct avctp_passthrough_handler {
 208         avctp_passthrough_cb cb;
 209         void *user_data;
 210         unsigned int id;
 211 };
 212
 213 struct avctp_pdu_handler {
 214         uint8_t opcode;
 215         avctp_control_pdu_cb cb;
 216         void *user_data;
 217         unsigned int id;
 218 };
 219
 220 struct avctp_browsing_pdu_handler {
 221         avctp_browsing_pdu_cb cb;
 222         void *user_data;
 223         unsigned int id;
 224         GDestroyNotify destroy;
 225 };
 226
 227 static struct {
 228         const char *name;
 229         uint8_t avc;
 230         uint16_t uinput;
 231 } key_map[] = {
 232         { "SELECT",             AVC_SELECT,             KEY_SELECT },
 233         { "UP",                 AVC_UP,                 KEY_UP },
 234         { "DOWN",               AVC_DOWN,               KEY_DOWN },
 235         { "LEFT",               AVC_LEFT,               KEY_LEFT },
 236         { "RIGHT",              AVC_RIGHT,              KEY_RIGHT },
 237         { "ROOT MENU",          AVC_ROOT_MENU,          KEY_MENU },
 238         { "CONTENTS MENU",      AVC_CONTENTS_MENU,      KEY_PROGRAM },
 239         { "FAVORITE MENU",      AVC_FAVORITE_MENU,      KEY_FAVORITES },
 240         { "EXIT",               AVC_EXIT,               KEY_EXIT },
 241         { "ON DEMAND MENU",     AVC_ON_DEMAND_MENU,     KEY_MENU },
 242         { "APPS MENU",          AVC_APPS_MENU,          KEY_MENU },
 243         { "0",                  AVC_0,                  KEY_0 },
 244         { "1",                  AVC_1,                  KEY_1 },
 245         { "2",                  AVC_2,                  KEY_2 },
 246         { "3",                  AVC_3,                  KEY_3 },
 247         { "4",                  AVC_4,                  KEY_4 },
 248         { "5",                  AVC_5,                  KEY_5 },
 249         { "6",                  AVC_6,                  KEY_6 },
 250         { "7",                  AVC_7,                  KEY_7 },
 251         { "8",                  AVC_8,                  KEY_8 },
 252         { "9",                  AVC_9,                  KEY_9 },
 253         { "DOT",                AVC_DOT,                KEY_DOT },
 254         { "ENTER",              AVC_ENTER,              KEY_ENTER },
 255         { "CHANNEL UP",         AVC_CHANNEL_UP,         KEY_CHANNELUP },
 256         { "CHANNEL DOWN",       AVC_CHANNEL_DOWN,       KEY_CHANNELDOWN },
 257         { "CHANNEL PREVIOUS",   AVC_CHANNEL_PREVIOUS,   KEY_LAST },
 258         { "INPUT SELECT",       AVC_INPUT_SELECT,       KEY_CONFIG },
 259         { "INFO",               AVC_INFO,               KEY_INFO },
 260         { "HELP",               AVC_HELP,               KEY_HELP },
 261         { "POWER",              AVC_POWER,              KEY_POWER2 },
 262         { "VOLUME UP",          AVC_VOLUME_UP,          KEY_VOLUMEUP },
 263         { "VOLUME DOWN",        AVC_VOLUME_DOWN,        KEY_VOLUMEDOWN },
 264         { "MUTE",               AVC_MUTE,               KEY_MUTE },
 265         { "PLAY",               AVC_PLAY,               KEY_PLAYCD },
 266         { "STOP",               AVC_STOP,               KEY_STOPCD },
 267         { "PAUSE",              AVC_PAUSE,              KEY_PAUSECD },
 268         { "FORWARD",            AVC_FORWARD,            KEY_NEXTSONG },
 269         { "BACKWARD",           AVC_BACKWARD,           KEY_PREVIOUSSONG },
 270         { "RECORD",             AVC_RECORD,             KEY_RECORD },
 271         { "REWIND",             AVC_REWIND,             KEY_REWIND },
 272         { "FAST FORWARD",       AVC_FAST_FORWARD,       KEY_FASTFORWARD },
 273         { "LIST",               AVC_LIST,               KEY_LIST },
 274         { "F1",                 AVC_F1,                 KEY_F1 },
 275         { "F2",                 AVC_F2,                 KEY_F2 },
 276         { "F3",                 AVC_F3,                 KEY_F3 },
 277         { "F4",                 AVC_F4,                 KEY_F4 },
 278         { "F5",                 AVC_F5,                 KEY_F5 },
 279         { "F6",                 AVC_F6,                 KEY_F6 },
 280         { "F7",                 AVC_F7,                 KEY_F7 },
 281         { "F8",                 AVC_F8,                 KEY_F8 },
 282         { "F9",                 AVC_F9,                 KEY_F9 },
 283         { "RED",                AVC_RED,                KEY_RED },
 284         { "GREEN",              AVC_GREEN,              KEY_GREEN },
 285         { "BLUE",               AVC_BLUE,               KEY_BLUE },
 286         { "YELLOW",             AVC_YELLOW,             KEY_YELLOW },
 287         { NULL }
 288 };
 289
 290 static GSList *callbacks = NULL;
 291 static GSList *servers = NULL;
 292
 293 static void auth_cb(DBusError *derr, void *user_data);
 294 static gboolean process_queue(gpointer user_data);
 295 static gboolean avctp_passthrough_rsp(struct avctp *session, uint8_t code,
 296                                         uint8_t subunit, uint8_t *operands,
 297                                         size_t operand_count, void *user_data);
 298
 299 static int send_event(int fd, uint16_t type, uint16_t code, int32_t value)
 300 {
 301         struct uinput_event event;
 302
 303         memset(&event, 0, sizeof(event));
 304         event.type      = type;
 305         event.code      = code;
 306         event.value     = value;
 307
 308         return write(fd, &event, sizeof(event));
 309 }
 310
 311 static void send_key(int fd, uint16_t key, int pressed)
 312 {
 313         if (fd < 0)
 314                 return;
 315
 316         send_event(fd, EV_KEY, key, pressed);
 317         send_event(fd, EV_SYN, SYN_REPORT, 0);
 318 }
 319
 320 static gboolean auto_release(gpointer user_data)
 321 {
 322         struct avctp *session = user_data;
 323 #ifdef __TIZEN_PATCH__
 324         uint16_t op = session->key.op;
 325 #endif
 326
 327         DBG("AV/C: key press timeout");
 328
 329 #ifdef __TIZEN_PATCH__
 330         if (op != KEY_FASTFORWARD && op != KEY_REWIND) {
 331                 session->key.timer = 0;
 332                 send_key(session->uinput, op, 0);
 333         } else {
 334                 return TRUE;
 335         }
 336 #else
 337         session->key.timer = 0;
 338         send_key(session->uinput, session->key.op, 0);
 339 #endif
 340
 341         return FALSE;
 342 }
 343
 344 #ifdef __TIZEN_PATCH__
 345 extern void avrcp_stop_position_timer(void);
 346 #endif
 347
 348 static void handle_press(struct avctp *session, uint16_t op)
 349 {
 350         if (session->key.timer > 0) {
 351                 g_source_remove(session->key.timer);
 352
 353                 /* Only auto release if keys are different */
 354                 if (session->key.op == op)
 355                         goto done;
 356 #ifndef __TIZEN_PATCH__
 357                 send_key(session->uinput, session->key.op, 0);
 358 #endif
 359         }
 360
 361         session->key.op = op;
 362
 363         send_key(session->uinput, op, 1);
 364
 365 done:
 366         session->key.timer = g_timeout_add_seconds(AVC_PRESS_TIMEOUT,
 367                                                         auto_release, session);
 368 }
 369
 370 static void handle_release(struct avctp *session, uint16_t op)
 371 {
 372         if (session->key.timer > 0) {
 373                 g_source_remove(session->key.timer);
 374                 session->key.timer = 0;
 375         }
 376
 377         send_key(session->uinput, op, 0);
 378 }
 379 #ifdef __TIZEN_PATCH__
 380 extern void avrcp_stop_position_timer(void);
 381 #endif
 382
 383 static size_t handle_panel_passthrough(struct avctp *session,
 384                                         uint8_t transaction, uint8_t *code,
 385                                         uint8_t *subunit, uint8_t *operands,
 386                                         size_t operand_count, void *user_data)
 387 {
 388         struct avctp_passthrough_handler *handler = session->handler;
 389         const char *status;
 390         int pressed, i;
 391
 392         if (*code != AVC_CTYPE_CONTROL || *subunit != AVC_SUBUNIT_PANEL) {
 393                 *code = AVC_CTYPE_REJECTED;
 394                 return operand_count;
 395         }
 396
 397         if (operand_count == 0)
 398                 goto done;
 399
 400         if (operands[0] & 0x80) {
 401                 status = "released";
 402                 pressed = 0;
 403         } else {
 404                 status = "pressed";
 405                 pressed = 1;
 406         }
 407
 408         if (session->key.timer == 0 && handler != NULL) {
 409                 if (handler->cb(session, operands[0] & 0x7F,
 410                                                 pressed, handler->user_data))
 411                         goto done;
 412         }
 413
 414         for (i = 0; key_map[i].name != NULL; i++) {
 415                 uint8_t key_quirks;
 416
 417                 if ((operands[0] & 0x7F) != key_map[i].avc)
 418                         continue;
 419
 420                 DBG("AV/C: %s %s", key_map[i].name, status);
 421
 422                 key_quirks = session->key_quirks[key_map[i].avc];
 423
 424                 if (key_quirks & QUIRK_NO_RELEASE) {
 425                         if (!pressed) {
 426                                 DBG("AV/C: Ignoring release");
 427                                 break;
 428                         }
 429
 430                         DBG("AV/C: treating key press as press + release");
 431                         send_key(session->uinput, key_map[i].uinput, 1);
 432                         send_key(session->uinput, key_map[i].uinput, 0);
 433                         break;
 434                 }
 435
 436                 if (pressed) {
 437                         handle_press(session, key_map[i].uinput);
 438 #ifdef __TIZEN_PATCH__
 439                         if (key_map[i].avc == AVC_REWIND)
 440                                 avrcp_stop_position_timer();
 441 #endif
 442                 } else
 443                         handle_release(session, key_map[i].uinput);
 444
 445                 break;
 446         }
 447
 448         if (key_map[i].name == NULL) {
 449                 DBG("AV/C: unknown button 0x%02X %s",
 450                                                 operands[0] & 0x7F, status);
 451                 *code = AVC_CTYPE_NOT_IMPLEMENTED;
 452                 return operand_count;
 453         }
 454
 455 done:
 456         *code = AVC_CTYPE_ACCEPTED;
 457         return operand_count;
 458 }
 459
 460 static size_t handle_unit_info(struct avctp *session,
 461                                         uint8_t transaction, uint8_t *code,
 462                                         uint8_t *subunit, uint8_t *operands,
 463                                         size_t operand_count, void *user_data)
 464 {
 465         if (*code != AVC_CTYPE_STATUS) {
 466                 *code = AVC_CTYPE_REJECTED;
 467                 return 0;
 468         }
 469
 470         *code = AVC_CTYPE_STABLE;
 471
 472         /* The first operand should be 0x07 for the UNITINFO response.
 473          * Neither AVRCP (section 22.1, page 117) nor AVC Digital
 474          * Interface Command Set (section 9.2.1, page 45) specs
 475          * explain this value but both use it */
 476         if (operand_count >= 1)
 477                 operands[0] = 0x07;
 478         if (operand_count >= 2)
 479                 operands[1] = AVC_SUBUNIT_PANEL << 3;
 480
 481         DBG("reply to AVC_OP_UNITINFO");
 482
 483         return operand_count;
 484 }
 485
 486 static size_t handle_subunit_info(struct avctp *session,
 487                                         uint8_t transaction, uint8_t *code,
 488                                         uint8_t *subunit, uint8_t *operands,
 489                                         size_t operand_count, void *user_data)
 490 {
 491         if (*code != AVC_CTYPE_STATUS) {
 492                 *code = AVC_CTYPE_REJECTED;
 493                 return 0;
 494         }
 495
 496         *code = AVC_CTYPE_STABLE;
 497
 498         /* The first operand should be 0x07 for the UNITINFO response.
 499          * Neither AVRCP (section 22.1, page 117) nor AVC Digital
 500          * Interface Command Set (section 9.2.1, page 45) specs
 501          * explain this value but both use it */
 502         if (operand_count >= 2)
 503                 operands[1] = AVC_SUBUNIT_PANEL << 3;
 504
 505         DBG("reply to AVC_OP_SUBUNITINFO");
 506
 507         return operand_count;
 508 }
 509
 510 static struct avctp_pdu_handler *find_handler(GSList *list, uint8_t opcode)
 511 {
 512         for (; list; list = list->next) {
 513                 struct avctp_pdu_handler *handler = list->data;
 514
 515                 if (handler->opcode == opcode)
 516                         return handler;
 517         }
 518
 519         return NULL;
 520 }
 521
 522 static void pending_destroy(gpointer data, gpointer user_data)
 523 {
 524         struct avctp_pending_req *req = data;
 525
 526         if (req->destroy)
 527                 req->destroy(req->data);
 528
 529         if (req->timeout > 0)
 530                 g_source_remove(req->timeout);
 531
 532         g_free(req);
 533 }
 534
 535 static void avctp_channel_destroy(struct avctp_channel *chan)
 536 {
 537         g_io_channel_shutdown(chan->io, TRUE, NULL);
 538         g_io_channel_unref(chan->io);
 539
 540         if (chan->watch)
 541                 g_source_remove(chan->watch);
 542
 543         if (chan->p)
 544                 pending_destroy(chan->p, NULL);
 545
 546         if (chan->process_id > 0)
 547                 g_source_remove(chan->process_id);
 548
 549         if (chan->destroy)
 550                 chan->destroy(chan);
 551
 552         g_free(chan->buffer);
 553         g_queue_foreach(chan->queue, pending_destroy, NULL);
 554         g_queue_free(chan->queue);
 555         g_slist_foreach(chan->processed, pending_destroy, NULL);
 556         g_slist_free(chan->processed);
 557         g_slist_free_full(chan->handlers, g_free);
 558         g_free(chan);
 559 }
 560
 561 static void avctp_disconnected(struct avctp *session)
 562 {
 563         struct avctp_server *server;
 564
 565         if (!session)
 566                 return;
 567
 568         if (session->browsing)
 569                 avctp_channel_destroy(session->browsing);
 570
 571         if (session->control)
 572                 avctp_channel_destroy(session->control);
 573
 574         if (session->auth_id != 0) {
 575                 btd_cancel_authorization(session->auth_id);
 576                 session->auth_id = 0;
 577         }
 578
 579         if (session->key.timer > 0)
 580                 g_source_remove(session->key.timer);
 581
 582         if (session->uinput >= 0) {
 583                 char address[18];
 584
 585                 ba2str(device_get_address(session->device), address);
 586                 DBG("AVCTP: closing uinput for %s", address);
 587
 588                 ioctl(session->uinput, UI_DEV_DESTROY);
 589                 close(session->uinput);
 590                 session->uinput = -1;
 591         }
 592
 593         server = session->server;
 594         server->sessions = g_slist_remove(server->sessions, session);
 595         btd_device_unref(session->device);
 596         g_free(session);
 597 }
 598
 599 static void avctp_set_state(struct avctp *session, avctp_state_t new_state,
 600                                                                         int err)
 601 {
 602         GSList *l;
 603         avctp_state_t old_state = session->state;
 604
 605         session->state = new_state;
 606
 607         for (l = callbacks; l != NULL; l = l->next) {
 608                 struct avctp_state_callback *cb = l->data;
 609
 610                 if (cb->dev && cb->dev != session->device)
 611                         continue;
 612
 613                 cb->cb(session->device, old_state, new_state, err,
 614                                                                 cb->user_data);
 615         }
 616
 617         switch (new_state) {
 618         case AVCTP_STATE_DISCONNECTED:
 619                 DBG("AVCTP Disconnected");
 620                 avctp_disconnected(session);
 621                 break;
 622         case AVCTP_STATE_CONNECTING:
 623                 DBG("AVCTP Connecting");
 624                 break;
 625         case AVCTP_STATE_CONNECTED:
 626                 DBG("AVCTP Connected");
 627                 break;
 628         case AVCTP_STATE_BROWSING_CONNECTING:
 629                 DBG("AVCTP Browsing Connecting");
 630                 break;
 631         case AVCTP_STATE_BROWSING_CONNECTED:
 632                 DBG("AVCTP Browsing Connected");
 633                 break;
 634         default:
 635                 error("Invalid AVCTP state %d", new_state);
 636                 return;
 637         }
 638 }
 639
 640 static int avctp_send(struct avctp_channel *control, uint8_t transaction,
 641                                 uint8_t cr, uint8_t code,
 642                                 uint8_t subunit, uint8_t opcode,
 643                                 uint8_t *operands, size_t operand_count)
 644 {
 645         struct avctp_header *avctp;
 646         struct avc_header *avc;
 647         struct msghdr msg;
 648         struct iovec iov[2];
 649         int sk, err = 0;
 650
 651         iov[0].iov_base = control->buffer;
 652         iov[0].iov_len  = sizeof(*avctp) + sizeof(*avc);
 653         iov[1].iov_base = operands;
 654         iov[1].iov_len  = operand_count;
 655
 656         if (control->omtu < (iov[0].iov_len + iov[1].iov_len))
 657                 return -EOVERFLOW;
 658
 659         sk = g_io_channel_unix_get_fd(control->io);
 660
 661         memset(control->buffer, 0, iov[0].iov_len);
 662
 663         avctp = (void *) control->buffer;
 664         avc = (void *) avctp + sizeof(*avctp);
 665
 666         avctp->transaction = transaction;
 667         avctp->packet_type = AVCTP_PACKET_SINGLE;
 668         avctp->cr = cr;
 669         avctp->pid = htons(AV_REMOTE_SVCLASS_ID);
 670
 671         avc->code = code;
 672         avc->subunit_type = subunit;
 673         avc->opcode = opcode;
 674
 675         memset(&msg, 0, sizeof(msg));
 676         msg.msg_iov = iov;
 677         msg.msg_iovlen = 2;
 678
 679         if (sendmsg(sk, &msg, 0) < 0)
 680                 err = -errno;
 681
 682         return err;
 683 }
 684
 685 static int avctp_browsing_send(struct avctp_channel *browsing,
 686                                 uint8_t transaction, uint8_t cr,
 687                                 uint8_t *operands, size_t operand_count)
 688 {
 689         struct avctp_header *avctp;
 690         struct msghdr msg;
 691         struct iovec iov[2];
 692         int sk, err = 0;
 693
 694         iov[0].iov_base = browsing->buffer;
 695         iov[0].iov_len  = sizeof(*avctp);
 696         iov[1].iov_base = operands;
 697         iov[1].iov_len  = operand_count;
 698
 699         if (browsing->omtu < (iov[0].iov_len + iov[1].iov_len))
 700                 return -EOVERFLOW;
 701
 702         sk = g_io_channel_unix_get_fd(browsing->io);
 703
 704         memset(browsing->buffer, 0, iov[0].iov_len);
 705
 706         avctp = (void *) browsing->buffer;
 707
 708         avctp->transaction = transaction;
 709         avctp->packet_type = AVCTP_PACKET_SINGLE;
 710         avctp->cr = cr;
 711         avctp->pid = htons(AV_REMOTE_SVCLASS_ID);
 712
 713         memset(&msg, 0, sizeof(msg));
 714         msg.msg_iov = iov;
 715         msg.msg_iovlen = 2;
 716
 717         if (sendmsg(sk, &msg, 0) < 0)
 718                 err = -errno;
 719
 720         return err;
 721 }
 722
 723 static void control_req_destroy(void *data)
 724 {
 725         struct avctp_control_req *req = data;
 726         struct avctp_pending_req *p = req->p;
 727         struct avctp *session = p->chan->session;
 728
 729         if (p->err == 0 || req->func == NULL)
 730                 goto done;
 731
 732         req->func(session, AVC_CTYPE_REJECTED, req->subunit, NULL, 0,
 733                                                         req->user_data);
 734
 735 done:
 736         g_free(req->operands);
 737         g_free(req);
 738 }
 739
 740 static void browsing_req_destroy(void *data)
 741 {
 742         struct avctp_browsing_req *req = data;
 743         struct avctp_pending_req *p = req->p;
 744         struct avctp *session = p->chan->session;
 745
 746         if (p->err == 0 || req->func == NULL)
 747                 goto done;
 748
 749         req->func(session, NULL, 0, req->user_data);
 750
 751 done:
 752         g_free(req->operands);
 753         g_free(req);
 754 }
 755
 756 static gboolean req_timeout(gpointer user_data)
 757 {
 758         struct avctp_channel *chan = user_data;
 759         struct avctp_pending_req *p = chan->p;
 760
 761         DBG("transaction %u", p->transaction);
 762
 763         p->timeout = 0;
 764         p->err = -ETIMEDOUT;
 765
 766         pending_destroy(p, NULL);
 767         chan->p = NULL;
 768
 769         if (chan->process_id == 0)
 770                 chan->process_id = g_idle_add(process_queue, chan);
 771
 772         return FALSE;
 773 }
 774
 775 static int process_control(void *data)
 776 {
 777         struct avctp_control_req *req = data;
 778         struct avctp_pending_req *p = req->p;
 779
 780         return avctp_send(p->chan, p->transaction, AVCTP_COMMAND, req->code,
 781                                         req->subunit, req->op,
 782                                         req->operands, req->operand_count);
 783 }
 784
 785 static int process_browsing(void *data)
 786 {
 787         struct avctp_browsing_req *req = data;
 788         struct avctp_pending_req *p = req->p;
 789
 790         return avctp_browsing_send(p->chan, p->transaction, AVCTP_COMMAND,
 791                                         req->operands, req->operand_count);
 792 }
 793
 794 static gboolean process_queue(void *user_data)
 795 {
 796         struct avctp_channel *chan = user_data;
 797         struct avctp_pending_req *p = chan->p;
 798
 799         chan->process_id = 0;
 800
 801         if (p != NULL)
 802                 return FALSE;
 803
 804         while ((p = g_queue_pop_head(chan->queue))) {
 805
 806                 if (p->process(p->data) == 0)
 807                         break;
 808
 809                 pending_destroy(p, NULL);
 810         }
 811
 812         if (p == NULL)
 813                 return FALSE;
 814
 815         chan->p = p;
 816 #ifdef __TIZEN_PATCH__
 817         p->timeout = g_timeout_add_seconds(5, req_timeout, chan);
 818 #else
 819         p->timeout = g_timeout_add_seconds(2, req_timeout, chan);
 820 #endif
 821
 822         return FALSE;
 823
 824 }
 825
 826 static void control_response(struct avctp_channel *control,
 827                                         struct avctp_header *avctp,
 828                                         struct avc_header *avc,
 829                                         uint8_t *operands,
 830                                         size_t operand_count)
 831 {
 832         struct avctp_pending_req *p = control->p;
 833         struct avctp_control_req *req;
 834         GSList *l;
 835
 836         if (p && p->transaction == avctp->transaction) {
 837                 control->processed = g_slist_prepend(control->processed, p);
 838
 839                 if (p->timeout > 0) {
 840                         g_source_remove(p->timeout);
 841                         p->timeout = 0;
 842                 }
 843
 844                 control->p = NULL;
 845
 846                 if (control->process_id == 0)
 847                         control->process_id = g_idle_add(process_queue,
 848                                                                 control);
 849         }
 850
 851         for (l = control->processed; l; l = l->next) {
 852                 p = l->data;
 853                 req = p->data;
 854
 855                 if (p->transaction != avctp->transaction)
 856                         continue;
 857
 858                 if (req->func && req->func(control->session, avc->code,
 859                                                 avc->subunit_type,
 860                                                 operands, operand_count,
 861                                                 req->user_data))
 862                         return;
 863
 864                 control->processed = g_slist_remove(control->processed, p);
 865                 pending_destroy(p, NULL);
 866
 867                 return;
 868         }
 869 }
 870
 871 static void browsing_response(struct avctp_channel *browsing,
 872                                         struct avctp_header *avctp,
 873                                         uint8_t *operands,
 874                                         size_t operand_count)
 875 {
 876         struct avctp_pending_req *p = browsing->p;
 877         struct avctp_browsing_req *req;
 878         GSList *l;
 879
 880         if (p && p->transaction == avctp->transaction) {
 881                 browsing->processed = g_slist_prepend(browsing->processed, p);
 882
 883                 if (p->timeout > 0) {
 884                         g_source_remove(p->timeout);
 885                         p->timeout = 0;
 886                 }
 887
 888                 browsing->p = NULL;
 889
 890                 if (browsing->process_id == 0)
 891                         browsing->process_id = g_idle_add(process_queue,
 892                                                                 browsing);
 893         }
 894
 895         for (l = browsing->processed; l; l = l->next) {
 896                 p = l->data;
 897                 req = p->data;
 898
 899                 if (p->transaction != avctp->transaction)
 900                         continue;
 901
 902                 if (req->func && req->func(browsing->session, operands,
 903                                                 operand_count, req->user_data))
 904                         return;
 905
 906                 browsing->processed = g_slist_remove(browsing->processed, p);
 907                 pending_destroy(p, NULL);
 908
 909                 return;
 910         }
 911 }
 912
 913 static gboolean session_browsing_cb(GIOChannel *chan, GIOCondition cond,
 914                                 gpointer data)
 915 {
 916         struct avctp *session = data;
 917         struct avctp_channel *browsing = session->browsing;
 918         uint8_t *buf = browsing->buffer;
 919         uint8_t *operands;
 920         struct avctp_header *avctp;
 921         int sock, ret, packet_size, operand_count;
 922         struct avctp_browsing_pdu_handler *handler;
 923
 924         if (cond & (G_IO_ERR | G_IO_HUP | G_IO_NVAL))
 925                 goto failed;
 926
 927         sock = g_io_channel_unix_get_fd(chan);
 928
 929         ret = read(sock, buf, browsing->imtu);
 930         if (ret <= 0)
 931                 goto failed;
 932
 933         avctp = (struct avctp_header *) buf;
 934
 935         if (avctp->packet_type != AVCTP_PACKET_SINGLE)
 936                 goto failed;
 937
 938         operands = buf + AVCTP_HEADER_LENGTH;
 939         ret -= AVCTP_HEADER_LENGTH;
 940         operand_count = ret;
 941
 942         if (avctp->cr == AVCTP_RESPONSE) {
 943                 browsing_response(browsing, avctp, operands, operand_count);
 944                 return TRUE;
 945         }
 946
 947         packet_size = AVCTP_HEADER_LENGTH;
 948         avctp->cr = AVCTP_RESPONSE;
 949
 950         handler = g_slist_nth_data(browsing->handlers, 0);
 951         if (handler == NULL) {
 952                 DBG("handler not found");
 953                 packet_size += avrcp_browsing_general_reject(operands);
 954                 goto send;
 955         }
 956
 957         packet_size += handler->cb(session, avctp->transaction,
 958                                                 operands, operand_count,
 959                                                 handler->user_data);
 960
 961 send:
 962         if (packet_size != 0) {
 963                 ret = write(sock, buf, packet_size);
 964                 if (ret != packet_size)
 965                         goto failed;
 966         }
 967
 968         return TRUE;
 969
 970 failed:
 971         DBG("AVCTP Browsing: disconnected");
 972         avctp_set_state(session, AVCTP_STATE_CONNECTED, 0);
 973
 974         if (session->browsing) {
 975                 avctp_channel_destroy(session->browsing);
 976                 session->browsing = NULL;
 977         }
 978
 979         return FALSE;
 980 }
 981
 982 static gboolean session_cb(GIOChannel *chan, GIOCondition cond, gpointer data)
 983 {
 984         struct avctp *session = data;
 985         struct avctp_channel *control = session->control;
 986         uint8_t *buf = control->buffer;
 987         uint8_t *operands, code, subunit;
 988         struct avctp_header *avctp;
 989         struct avc_header *avc;
 990         int ret, packet_size, operand_count, sock;
 991         struct avctp_pdu_handler *handler;
 992
 993         if (cond & (G_IO_ERR | G_IO_HUP | G_IO_NVAL))
 994                 goto failed;
 995
 996         sock = g_io_channel_unix_get_fd(chan);
 997
 998         ret = read(sock, buf, control->imtu);
 999         if (ret <= 0)
1000                 goto failed;
1001
1002         if (ret < AVCTP_HEADER_LENGTH) {
1003                 error("Too small AVCTP packet");
1004                 goto failed;
1005         }
1006
1007         avctp = (struct avctp_header *) buf;
1008
1009         ret -= AVCTP_HEADER_LENGTH;
1010         if (ret < AVC_HEADER_LENGTH) {
1011                 error("Too small AVC packet");
1012                 goto failed;
1013         }
1014
1015         avc = (struct avc_header *) (buf + AVCTP_HEADER_LENGTH);
1016
1017         ret -= AVC_HEADER_LENGTH;
1018
1019         operands = (uint8_t *) avc + AVC_HEADER_LENGTH;
1020         operand_count = ret;
1021
1022         if (avctp->cr == AVCTP_RESPONSE) {
1023                 control_response(control, avctp, avc, operands, operand_count);
1024                 return TRUE;
1025         }
1026
1027         packet_size = AVCTP_HEADER_LENGTH + AVC_HEADER_LENGTH;
1028         avctp->cr = AVCTP_RESPONSE;
1029
1030         if (avctp->packet_type != AVCTP_PACKET_SINGLE) {
1031                 avc->code = AVC_CTYPE_NOT_IMPLEMENTED;
1032                 goto done;
1033         }
1034
1035         if (avctp->pid != htons(AV_REMOTE_SVCLASS_ID)) {
1036                 avctp->ipid = 1;
1037                 packet_size = AVCTP_HEADER_LENGTH;
1038                 goto done;
1039         }
1040
1041         handler = find_handler(control->handlers, avc->opcode);
1042         if (!handler) {
1043                 DBG("handler not found for 0x%02x", avc->opcode);
1044                 packet_size += avrcp_handle_vendor_reject(&code, operands);
1045                 avc->code = code;
1046                 goto done;
1047         }
1048
1049         code = avc->code;
1050         subunit = avc->subunit_type;
1051
1052         packet_size += handler->cb(session, avctp->transaction, &code,
1053                                         &subunit, operands, operand_count,
1054                                         handler->user_data);
1055
1056         avc->code = code;
1057         avc->subunit_type = subunit;
1058
1059 done:
1060         ret = write(sock, buf, packet_size);
1061         if (ret != packet_size)
1062                 goto failed;
1063
1064         return TRUE;
1065
1066 failed:
1067         DBG("AVCTP session %p got disconnected", session);
1068         avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
1069         return FALSE;
1070 }
1071
1072 static int uinput_create(char *name)
1073 {
1074         struct uinput_dev dev;
1075         int fd, err, i;
1076
1077         fd = open("/dev/uinput", O_RDWR);
1078         if (fd < 0) {
1079                 fd = open("/dev/input/uinput", O_RDWR);
1080                 if (fd < 0) {
1081                         fd = open("/dev/misc/uinput", O_RDWR);
1082                         if (fd < 0) {
1083                                 err = -errno;
1084                                 error("Can't open input device: %s (%d)",
1085                                                         strerror(-err), -err);
1086                                 return err;
1087                         }
1088                 }
1089         }
1090
1091         memset(&dev, 0, sizeof(dev));
1092         if (name)
1093                 strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE - 1);
1094
1095         dev.id.bustype = BUS_BLUETOOTH;
1096         dev.id.vendor  = 0x0000;
1097         dev.id.product = 0x0000;
1098         dev.id.version = 0x0000;
1099
1100         if (write(fd, &dev, sizeof(dev)) < 0) {
1101                 err = -errno;
1102                 error("Can't write device information: %s (%d)",
1103                                                 strerror(-err), -err);
1104                 close(fd);
1105                 return err;
1106         }
1107
1108         ioctl(fd, UI_SET_EVBIT, EV_KEY);
1109         ioctl(fd, UI_SET_EVBIT, EV_REL);
1110         ioctl(fd, UI_SET_EVBIT, EV_REP);
1111         ioctl(fd, UI_SET_EVBIT, EV_SYN);
1112
1113         for (i = 0; key_map[i].name != NULL; i++)
1114                 ioctl(fd, UI_SET_KEYBIT, key_map[i].uinput);
1115
1116         if (ioctl(fd, UI_DEV_CREATE, NULL) < 0) {
1117                 err = -errno;
1118                 error("Can't create uinput device: %s (%d)",
1119                                                 strerror(-err), -err);
1120                 close(fd);
1121                 return err;
1122         }
1123
1124         send_event(fd, EV_REP, REP_DELAY, 300);
1125
1126         return fd;
1127 }
1128
1129 static void init_uinput(struct avctp *session)
1130 {
1131         char address[18], name[248 + 1];
1132
1133         device_get_name(session->device, name, sizeof(name));
1134         if (g_str_equal(name, "Nokia CK-20W")) {
1135                 session->key_quirks[AVC_FORWARD] |= QUIRK_NO_RELEASE;
1136                 session->key_quirks[AVC_BACKWARD] |= QUIRK_NO_RELEASE;
1137                 session->key_quirks[AVC_PLAY] |= QUIRK_NO_RELEASE;
1138                 session->key_quirks[AVC_PAUSE] |= QUIRK_NO_RELEASE;
1139         }
1140
1141         ba2str(device_get_address(session->device), address);
1142         session->uinput = uinput_create(address);
1143         if (session->uinput < 0)
1144                 error("AVRCP: failed to init uinput for %s", address);
1145         else
1146                 DBG("AVRCP: uinput initialized for %s", address);
1147 }
1148
1149 static struct avctp_channel *avctp_channel_create(struct avctp *session,
1150                                                         GIOChannel *io,
1151                                                         GDestroyNotify destroy)
1152 {
1153         struct avctp_channel *chan;
1154
1155         chan = g_new0(struct avctp_channel, 1);
1156         chan->session = session;
1157         chan->io = g_io_channel_ref(io);
1158         chan->queue = g_queue_new();
1159         chan->destroy = destroy;
1160
1161         return chan;
1162 }
1163
1164 static void handler_free(void *data)
1165 {
1166         struct avctp_browsing_pdu_handler *handler = data;
1167
1168         if (handler->destroy)
1169                 handler->destroy(handler->user_data);
1170
1171         g_free(data);
1172 }
1173
1174 static void avctp_destroy_browsing(void *data)
1175 {
1176         struct avctp_channel *chan = data;
1177
1178         g_slist_free_full(chan->handlers, handler_free);
1179
1180         chan->handlers = NULL;
1181 }
1182
1183 static void avctp_connect_browsing_cb(GIOChannel *chan, GError *err,
1184                                                         gpointer data)
1185 {
1186         struct avctp *session = data;
1187         struct avctp_channel *browsing = session->browsing;
1188         char address[18];
1189         uint16_t imtu, omtu;
1190         GError *gerr = NULL;
1191
1192         if (err) {
1193                 error("Browsing: %s", err->message);
1194                 goto fail;
1195         }
1196
1197         bt_io_get(chan, &gerr,
1198                         BT_IO_OPT_DEST, &address,
1199                         BT_IO_OPT_IMTU, &imtu,
1200                         BT_IO_OPT_OMTU, &omtu,
1201                         BT_IO_OPT_INVALID);
1202         if (gerr) {
1203                 error("%s", gerr->message);
1204                 g_io_channel_shutdown(chan, TRUE, NULL);
1205                 g_io_channel_unref(chan);
1206                 g_error_free(gerr);
1207                 goto fail;
1208         }
1209
1210         DBG("AVCTP Browsing: connected to %s", address);
1211
1212         if (browsing == NULL) {
1213                 browsing = avctp_channel_create(session, chan,
1214                                                 avctp_destroy_browsing);
1215                 session->browsing = browsing;
1216         }
1217
1218         browsing->imtu = imtu;
1219         browsing->omtu = omtu;
1220         browsing->buffer = g_malloc0(MAX(imtu, omtu));
1221         browsing->watch = g_io_add_watch(session->browsing->io,
1222                                 G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL,
1223                                 (GIOFunc) session_browsing_cb, session);
1224
1225         avctp_set_state(session, AVCTP_STATE_BROWSING_CONNECTED, 0);
1226
1227         /* Process any request that was pending the connection to complete */
1228         if (browsing->process_id == 0 && !g_queue_is_empty(browsing->queue))
1229                 browsing->process_id = g_idle_add(process_queue, browsing);
1230
1231         return;
1232
1233 fail:
1234         avctp_set_state(session, AVCTP_STATE_CONNECTED, 0);
1235
1236         if (session->browsing) {
1237                 avctp_channel_destroy(session->browsing);
1238                 session->browsing = NULL;
1239         }
1240 }
1241
1242 static void avctp_connect_cb(GIOChannel *chan, GError *err, gpointer data)
1243 {
1244         struct avctp *session = data;
1245         char address[18];
1246         uint16_t imtu, omtu;
1247         GError *gerr = NULL;
1248
1249         if (err) {
1250                 avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
1251                 error("%s", err->message);
1252                 return;
1253         }
1254
1255         bt_io_get(chan, &gerr,
1256                         BT_IO_OPT_DEST, &address,
1257                         BT_IO_OPT_IMTU, &imtu,
1258                         BT_IO_OPT_IMTU, &omtu,
1259                         BT_IO_OPT_INVALID);
1260         if (gerr) {
1261                 avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
1262                 error("%s", gerr->message);
1263                 g_error_free(gerr);
1264                 return;
1265         }
1266
1267         DBG("AVCTP: connected to %s", address);
1268
1269         if (session->control == NULL)
1270                 session->control = avctp_channel_create(session, chan, NULL);
1271
1272         session->control->imtu = imtu;
1273         session->control->omtu = omtu;
1274         session->control->buffer = g_malloc0(MAX(imtu, omtu));
1275         session->control->watch = g_io_add_watch(session->control->io,
1276                                 G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL,
1277                                 (GIOFunc) session_cb, session);
1278
1279         session->passthrough_id = avctp_register_pdu_handler(session,
1280                                                 AVC_OP_PASSTHROUGH,
1281                                                 handle_panel_passthrough,
1282                                                 NULL);
1283         session->unit_id = avctp_register_pdu_handler(session,
1284                                                 AVC_OP_UNITINFO,
1285                                                 handle_unit_info,
1286                                                 NULL);
1287         session->subunit_id = avctp_register_pdu_handler(session,
1288                                                 AVC_OP_SUBUNITINFO,
1289                                                 handle_subunit_info,
1290                                                 NULL);
1291
1292         init_uinput(session);
1293
1294         avctp_set_state(session, AVCTP_STATE_CONNECTED, 0);
1295 }
1296
1297 static void auth_cb(DBusError *derr, void *user_data)
1298 {
1299         struct avctp *session = user_data;
1300         GError *err = NULL;
1301
1302         session->auth_id = 0;
1303
1304         if (session->control->watch > 0) {
1305                 g_source_remove(session->control->watch);
1306                 session->control->watch = 0;
1307         }
1308
1309         if (derr && dbus_error_is_set(derr)) {
1310                 error("Access denied: %s", derr->message);
1311                 avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
1312                 return;
1313         }
1314
1315         if (!bt_io_accept(session->control->io, avctp_connect_cb, session,
1316                                                                 NULL, &err)) {
1317                 error("bt_io_accept: %s", err->message);
1318                 g_error_free(err);
1319                 avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
1320         }
1321 }
1322
1323 static struct avctp_server *find_server(GSList *list, struct btd_adapter *a)
1324 {
1325         for (; list; list = list->next) {
1326                 struct avctp_server *server = list->data;
1327
1328                 if (server->adapter == a)
1329                         return server;
1330         }
1331
1332         return NULL;
1333 }
1334
1335 static struct avctp *find_session(GSList *list, struct btd_device *device)
1336 {
1337         for (; list != NULL; list = g_slist_next(list)) {
1338                 struct avctp *s = list->data;
1339
1340                 if (s->device == device)
1341                         return s;
1342         }
1343
1344         return NULL;
1345 }
1346
1347 static struct avctp *avctp_get_internal(struct btd_device *device)
1348 {
1349         struct avctp_server *server;
1350         struct avctp *session;
1351
1352         server = find_server(servers, device_get_adapter(device));
1353         if (server == NULL)
1354                 return NULL;
1355
1356         session = find_session(server->sessions, device);
1357         if (session)
1358                 return session;
1359
1360         session = g_new0(struct avctp, 1);
1361
1362         session->server = server;
1363         session->device = btd_device_ref(device);
1364         session->state = AVCTP_STATE_DISCONNECTED;
1365         session->uinput = -1;
1366
1367         server->sessions = g_slist_append(server->sessions, session);
1368
1369         return session;
1370 }
1371
1372 static void avctp_control_confirm(struct avctp *session, GIOChannel *chan,
1373                                                 struct btd_device *dev)
1374 {
1375         const bdaddr_t *src;
1376         const bdaddr_t *dst;
1377
1378         if (session->control != NULL) {
1379                 error("Control: Refusing unexpected connect");
1380                 g_io_channel_shutdown(chan, TRUE, NULL);
1381
1382                 /*
1383                  * Close AVCTP channel if remote tried connect
1384                  * at the same time
1385                  * AVRCP SPEC V1.5 4.1.1 Connection Establishment
1386                  */
1387                 avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EAGAIN);
1388                 return;
1389         }
1390
1391         avctp_set_state(session, AVCTP_STATE_CONNECTING, 0);
1392         session->control = avctp_channel_create(session, chan, NULL);
1393
1394         src = btd_adapter_get_address(device_get_adapter(dev));
1395         dst = device_get_address(dev);
1396
1397 #ifdef __TIZEN_PATCH__
1398         session->auth_id = btd_request_authorization(src, dst,
1399                                                         AVRCP_TARGET_UUID,
1400                                                         auth_cb, session);
1401 #else
1402         session->auth_id = btd_request_authorization(src, dst,
1403                                                         AVRCP_REMOTE_UUID,
1404                                                         auth_cb, session);
1405 #endif
1406         if (session->auth_id == 0)
1407                 goto drop;
1408
1409         session->control->watch = g_io_add_watch(chan, G_IO_ERR | G_IO_HUP |
1410                                                 G_IO_NVAL, session_cb, session);
1411         return;
1412
1413 drop:
1414         avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
1415 }
1416
1417 static void avctp_browsing_confirm(struct avctp *session, GIOChannel *chan,
1418                                                 struct btd_device *dev)
1419 {
1420         GError *err = NULL;
1421
1422         if (session->control == NULL || session->browsing != NULL) {
1423                 error("Browsing: Refusing unexpected connect");
1424                 g_io_channel_shutdown(chan, TRUE, NULL);
1425                 return;
1426         }
1427
1428         if (bt_io_accept(chan, avctp_connect_browsing_cb, session, NULL,
1429                                                                 &err)) {
1430                 avctp_set_state(session, AVCTP_STATE_BROWSING_CONNECTING, 0);
1431                 return;
1432         }
1433
1434         error("Browsing: %s", err->message);
1435         g_error_free(err);
1436
1437         return;
1438 }
1439
1440 static void avctp_confirm_cb(GIOChannel *chan, gpointer data)
1441 {
1442         struct avctp *session;
1443         char address[18];
1444         bdaddr_t src, dst;
1445         GError *err = NULL;
1446         uint16_t psm;
1447         struct btd_device *device;
1448
1449         bt_io_get(chan, &err,
1450                         BT_IO_OPT_SOURCE_BDADDR, &src,
1451                         BT_IO_OPT_DEST_BDADDR, &dst,
1452                         BT_IO_OPT_DEST, address,
1453                         BT_IO_OPT_PSM, &psm,
1454                         BT_IO_OPT_INVALID);
1455         if (err) {
1456                 error("%s", err->message);
1457                 g_error_free(err);
1458                 g_io_channel_shutdown(chan, TRUE, NULL);
1459                 return;
1460         }
1461
1462         DBG("AVCTP: incoming connect from %s", address);
1463
1464         device = btd_adapter_find_device(adapter_find(&src), &dst,
1465                                                                 BDADDR_BREDR);
1466         if (!device)
1467                 return;
1468
1469 #ifdef __TIZEN_PATCH__
1470         char name[10];
1471         device_get_name(device, name, sizeof(name));
1472         DBG("name : %s", name);
1473         if (g_str_equal(name, "PLT_M50")) {
1474                 DBG("Don't accept avrcp connection with this headset");
1475                 return;
1476         }
1477 #endif
1478
1479         session = avctp_get_internal(device);
1480         if (session == NULL)
1481                 return;
1482
1483         if (btd_device_get_service(device, AVRCP_REMOTE_UUID) == NULL)
1484                 btd_device_add_uuid(device, AVRCP_REMOTE_UUID);
1485
1486         if (btd_device_get_service(device, AVRCP_TARGET_UUID) == NULL)
1487                 btd_device_add_uuid(device, AVRCP_TARGET_UUID);
1488
1489         switch (psm) {
1490         case AVCTP_CONTROL_PSM:
1491                 avctp_control_confirm(session, chan, device);
1492                 break;
1493         case AVCTP_BROWSING_PSM:
1494                 avctp_browsing_confirm(session, chan, device);
1495                 break;
1496         }
1497
1498         return;
1499 }
1500
1501 static GIOChannel *avctp_server_socket(const bdaddr_t *src, gboolean master,
1502                                                 uint8_t mode, uint16_t psm)
1503 {
1504         GError *err = NULL;
1505         GIOChannel *io;
1506
1507         io = bt_io_listen(NULL, avctp_confirm_cb, NULL,
1508                                 NULL, &err,
1509                                 BT_IO_OPT_SOURCE_BDADDR, src,
1510                                 BT_IO_OPT_PSM, psm,
1511                                 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
1512                                 BT_IO_OPT_MASTER, master,
1513                                 BT_IO_OPT_MODE, mode,
1514                                 BT_IO_OPT_INVALID);
1515         if (!io) {
1516                 error("%s", err->message);
1517                 g_error_free(err);
1518         }
1519
1520         return io;
1521 }
1522
1523 int avctp_register(struct btd_adapter *adapter, gboolean master)
1524 {
1525         struct avctp_server *server;
1526         const bdaddr_t *src = btd_adapter_get_address(adapter);
1527
1528         server = g_new0(struct avctp_server, 1);
1529
1530         server->control_io = avctp_server_socket(src, master, L2CAP_MODE_BASIC,
1531                                                         AVCTP_CONTROL_PSM);
1532         if (!server->control_io) {
1533                 g_free(server);
1534                 return -1;
1535         }
1536         server->browsing_io = avctp_server_socket(src, master, L2CAP_MODE_ERTM,
1537                                                         AVCTP_BROWSING_PSM);
1538         if (!server->browsing_io) {
1539                 if (server->control_io) {
1540                         g_io_channel_shutdown(server->control_io, TRUE, NULL);
1541                         g_io_channel_unref(server->control_io);
1542                         server->control_io = NULL;
1543                 }
1544                 g_free(server);
1545                 return -1;
1546         }
1547
1548         server->adapter = btd_adapter_ref(adapter);
1549
1550         servers = g_slist_append(servers, server);
1551
1552         return 0;
1553 }
1554
1555 void avctp_unregister(struct btd_adapter *adapter)
1556 {
1557         struct avctp_server *server;
1558
1559         server = find_server(servers, adapter);
1560         if (!server)
1561                 return;
1562
1563         while (server->sessions)
1564                 avctp_disconnected(server->sessions->data);
1565
1566         servers = g_slist_remove(servers, server);
1567
1568         g_io_channel_shutdown(server->browsing_io, TRUE, NULL);
1569         g_io_channel_unref(server->browsing_io);
1570         server->browsing_io = NULL;
1571
1572         g_io_channel_shutdown(server->control_io, TRUE, NULL);
1573         g_io_channel_unref(server->control_io);
1574         btd_adapter_unref(server->adapter);
1575         g_free(server);
1576 }
1577
1578 static struct avctp_pending_req *pending_create(struct avctp_channel *chan,
1579                                                 avctp_process_cb process,
1580                                                 void *data,
1581                                                 GDestroyNotify destroy)
1582 {
1583         struct avctp_pending_req *p;
1584         GSList *l, *tmp;
1585
1586         if (!chan->processed)
1587                 goto done;
1588
1589         tmp = g_slist_copy(chan->processed);
1590
1591         /* Find first unused transaction id */
1592         for (l = tmp; l; l = g_slist_next(l)) {
1593                 struct avctp_pending_req *req = l->data;
1594
1595                 if (req->transaction == chan->transaction) {
1596                         chan->transaction++;
1597                         chan->transaction %= 16;
1598                         tmp = g_slist_delete_link(tmp, l);
1599                         l = tmp;
1600                 }
1601         }
1602
1603         g_slist_free(tmp);
1604
1605 done:
1606         p = g_new0(struct avctp_pending_req, 1);
1607         p->chan = chan;
1608         p->transaction = chan->transaction;
1609         p->process = process;
1610         p->data = data;
1611         p->destroy = destroy;
1612
1613         chan->transaction++;
1614         chan->transaction %= 16;
1615
1616         return p;
1617 }
1618
1619 static int avctp_send_req(struct avctp *session, uint8_t code,
1620                                 uint8_t subunit, uint8_t opcode,
1621                                 uint8_t *operands, size_t operand_count,
1622                                 avctp_rsp_cb func, void *user_data)
1623 {
1624         struct avctp_channel *control = session->control;
1625         struct avctp_pending_req *p;
1626         struct avctp_control_req *req;
1627
1628         if (control == NULL)
1629                 return -ENOTCONN;
1630
1631         req = g_new0(struct avctp_control_req, 1);
1632         req->code = code;
1633         req->subunit = subunit;
1634         req->op = opcode;
1635         req->func = func;
1636         req->operands = g_memdup(operands, operand_count);
1637         req->operand_count = operand_count;
1638         req->user_data = user_data;
1639
1640         p = pending_create(control, process_control, req, control_req_destroy);
1641
1642         req->p = p;
1643
1644         g_queue_push_tail(control->queue, p);
1645
1646         if (control->process_id == 0)
1647                 control->process_id = g_idle_add(process_queue, control);
1648
1649         return 0;
1650 }
1651
1652 int avctp_send_browsing_req(struct avctp *session,
1653                                 uint8_t *operands, size_t operand_count,
1654                                 avctp_browsing_rsp_cb func, void *user_data)
1655 {
1656         struct avctp_channel *browsing = session->browsing;
1657         struct avctp_pending_req *p;
1658         struct avctp_browsing_req *req;
1659
1660         if (browsing == NULL)
1661                 return -ENOTCONN;
1662
1663         req = g_new0(struct avctp_browsing_req, 1);
1664         req->func = func;
1665         req->operands = g_memdup(operands, operand_count);
1666         req->operand_count = operand_count;
1667         req->user_data = user_data;
1668
1669         p = pending_create(browsing, process_browsing, req,
1670                         browsing_req_destroy);
1671
1672         req->p = p;
1673
1674         g_queue_push_tail(browsing->queue, p);
1675
1676         /* Connection did not complete, delay process of the request */
1677         if (browsing->watch == 0)
1678                 return 0;
1679
1680         if (browsing->process_id == 0)
1681                 browsing->process_id = g_idle_add(process_queue, browsing);
1682
1683         return 0;
1684 }
1685
1686 static const char *op2str(uint8_t op)
1687 {
1688         int i;
1689
1690         for (i = 0; key_map[i].name != NULL; i++) {
1691                 if ((op & 0x7F) == key_map[i].avc)
1692                         return key_map[i].name;
1693         }
1694
1695         return "UNKNOWN";
1696 }
1697
1698 static int avctp_passthrough_press(struct avctp *session, uint8_t op)
1699 {
1700         uint8_t operands[2];
1701
1702         DBG("%s", op2str(op));
1703
1704         /* Button pressed */
1705         operands[0] = op & 0x7f;
1706         operands[1] = 0;
1707
1708         return avctp_send_req(session, AVC_CTYPE_CONTROL,
1709                                 AVC_SUBUNIT_PANEL, AVC_OP_PASSTHROUGH,
1710                                 operands, sizeof(operands),
1711                                 avctp_passthrough_rsp, NULL);
1712 }
1713
1714 static int avctp_passthrough_release(struct avctp *session, uint8_t op)
1715 {
1716         uint8_t operands[2];
1717
1718         DBG("%s", op2str(op));
1719
1720         /* Button released */
1721         operands[0] = op | 0x80;
1722         operands[1] = 0;
1723
1724         return avctp_send_req(session, AVC_CTYPE_CONTROL,
1725                                 AVC_SUBUNIT_PANEL, AVC_OP_PASSTHROUGH,
1726                                 operands, sizeof(operands),
1727                                 NULL, NULL);
1728 }
1729
1730 static gboolean repeat_timeout(gpointer user_data)
1731 {
1732         struct avctp *session = user_data;
1733
1734         avctp_passthrough_release(session, session->key.op);
1735 #ifndef __TIZEN_PATCH__
1736         avctp_passthrough_press(session, session->key.op);
1737
1738         return TRUE;
1739 #else
1740         return FALSE;
1741 #endif
1742 }
1743
1744 static void release_pressed(struct avctp *session)
1745 {
1746 #ifdef __TIZEN_PATCH__
1747         if (session->key.op != AVC_FAST_FORWARD && session->key.op != AVC_REWIND)
1748 #endif
1749         avctp_passthrough_release(session, session->key.op);
1750
1751         if (session->key.timer > 0)
1752                 g_source_remove(session->key.timer);
1753
1754         session->key.timer = 0;
1755 }
1756
1757 static bool set_pressed(struct avctp *session, uint8_t op)
1758 {
1759         if (session->key.timer > 0) {
1760                 if (session->key.op == op)
1761                         return TRUE;
1762                 release_pressed(session);
1763         }
1764
1765         if (op != AVC_FAST_FORWARD && op != AVC_REWIND)
1766                 return FALSE;
1767
1768         session->key.op = op;
1769         session->key.timer = g_timeout_add_seconds(AVC_PRESS_TIMEOUT,
1770                                                         repeat_timeout,
1771                                                         session);
1772
1773         return TRUE;
1774 }
1775
1776 static gboolean avctp_passthrough_rsp(struct avctp *session, uint8_t code,
1777                                         uint8_t subunit, uint8_t *operands,
1778                                         size_t operand_count, void *user_data)
1779 {
1780         if (code != AVC_CTYPE_ACCEPTED)
1781                 return FALSE;
1782
1783         if (set_pressed(session, operands[0]))
1784                 return FALSE;
1785
1786         avctp_passthrough_release(session, operands[0]);
1787
1788         return FALSE;
1789 }
1790
1791 int avctp_send_passthrough(struct avctp *session, uint8_t op)
1792 {
1793         /* Auto release if key pressed */
1794         if (session->key.timer > 0)
1795                 release_pressed(session);
1796
1797         return avctp_passthrough_press(session, op);
1798 }
1799 #ifdef __TIZEN_PATCH__
1800 int avctp_send_release_passthrough(struct avctp *session, uint8_t op)
1801 {
1802         DBG("+");
1803
1804         if (op != AVC_FAST_FORWARD && op != AVC_REWIND)
1805                 return FALSE;
1806
1807         /* Auto release if key pressed */
1808         if (session->key.timer > 0)
1809                 g_source_remove(session->key.timer);
1810         session->key.timer = 0;
1811
1812         DBG("-");
1813         return avctp_passthrough_release(session, op);
1814 }
1815 #endif
1816 int avctp_send_vendordep(struct avctp *session, uint8_t transaction,
1817                                 uint8_t code, uint8_t subunit,
1818                                 uint8_t *operands, size_t operand_count)
1819 {
1820         struct avctp_channel *control = session->control;
1821
1822         if (control == NULL)
1823                 return -ENOTCONN;
1824
1825         return avctp_send(control, transaction, AVCTP_RESPONSE, code, subunit,
1826                                         AVC_OP_VENDORDEP, operands, operand_count);
1827 }
1828
1829 int avctp_send_vendordep_req(struct avctp *session, uint8_t code,
1830                                         uint8_t subunit, uint8_t *operands,
1831                                         size_t operand_count,
1832                                         avctp_rsp_cb func, void *user_data)
1833 {
1834         return avctp_send_req(session, code, subunit, AVC_OP_VENDORDEP,
1835                                                 operands, operand_count,
1836                                                 func, user_data);
1837 }
1838
1839 unsigned int avctp_add_state_cb(struct btd_device *dev, avctp_state_cb cb,
1840                                                         void *user_data)
1841 {
1842         struct avctp_state_callback *state_cb;
1843         static unsigned int id = 0;
1844
1845         state_cb = g_new(struct avctp_state_callback, 1);
1846         state_cb->cb = cb;
1847         state_cb->dev = dev;
1848         state_cb->id = ++id;
1849         state_cb->user_data = user_data;
1850
1851         callbacks = g_slist_append(callbacks, state_cb);
1852
1853         return state_cb->id;
1854 }
1855
1856 gboolean avctp_remove_state_cb(unsigned int id)
1857 {
1858         GSList *l;
1859
1860         for (l = callbacks; l != NULL; l = l->next) {
1861                 struct avctp_state_callback *cb = l->data;
1862                 if (cb && cb->id == id) {
1863                         callbacks = g_slist_remove(callbacks, cb);
1864                         g_free(cb);
1865                         return TRUE;
1866                 }
1867         }
1868
1869         return FALSE;
1870 }
1871
1872 unsigned int avctp_register_passthrough_handler(struct avctp *session,
1873                                                 avctp_passthrough_cb cb,
1874                                                 void *user_data)
1875 {
1876         struct avctp_channel *control = session->control;
1877         struct avctp_passthrough_handler *handler;
1878         static unsigned int id = 0;
1879
1880         if (control == NULL || session->handler != NULL)
1881                 return 0;
1882
1883         handler = g_new(struct avctp_passthrough_handler, 1);
1884         handler->cb = cb;
1885         handler->user_data = user_data;
1886         handler->id = ++id;
1887
1888         session->handler = handler;
1889
1890         return handler->id;
1891 }
1892
1893 bool avctp_unregister_passthrough_handler(unsigned int id)
1894 {
1895         GSList *l;
1896
1897         for (l = servers; l; l = l->next) {
1898                 struct avctp_server *server = l->data;
1899                 GSList *s;
1900
1901                 for (s = server->sessions; s; s = s->next) {
1902                         struct avctp *session = s->data;
1903
1904                         if (session->handler == NULL)
1905                                 continue;
1906
1907                         if (session->handler->id == id) {
1908                                 g_free(session->handler);
1909                                 session->handler = NULL;
1910                                 return true;
1911                         }
1912                 }
1913         }
1914
1915         return false;
1916 }
1917
1918 unsigned int avctp_register_pdu_handler(struct avctp *session, uint8_t opcode,
1919                                                 avctp_control_pdu_cb cb,
1920                                                 void *user_data)
1921 {
1922         struct avctp_channel *control = session->control;
1923         struct avctp_pdu_handler *handler;
1924         static unsigned int id = 0;
1925
1926         if (control == NULL)
1927                 return 0;
1928
1929         handler = find_handler(control->handlers, opcode);
1930         if (handler)
1931                 return 0;
1932
1933         handler = g_new(struct avctp_pdu_handler, 1);
1934         handler->opcode = opcode;
1935         handler->cb = cb;
1936         handler->user_data = user_data;
1937         handler->id = ++id;
1938
1939         control->handlers = g_slist_append(control->handlers, handler);
1940
1941         return handler->id;
1942 }
1943
1944 unsigned int avctp_register_browsing_pdu_handler(struct avctp *session,
1945                                                 avctp_browsing_pdu_cb cb,
1946                                                 void *user_data,
1947                                                 GDestroyNotify destroy)
1948 {
1949         struct avctp_channel *browsing = session->browsing;
1950         struct avctp_browsing_pdu_handler *handler;
1951         static unsigned int id = 0;
1952
1953         if (browsing == NULL)
1954                 return 0;
1955
1956         if (browsing->handlers != NULL)
1957                 return 0;
1958
1959         handler = g_new(struct avctp_browsing_pdu_handler, 1);
1960         handler->cb = cb;
1961         handler->user_data = user_data;
1962         handler->id = ++id;
1963         handler->destroy = destroy;
1964
1965         browsing->handlers = g_slist_append(browsing->handlers, handler);
1966
1967         return handler->id;
1968 }
1969
1970 gboolean avctp_unregister_pdu_handler(unsigned int id)
1971 {
1972         GSList *l;
1973
1974         for (l = servers; l; l = l->next) {
1975                 struct avctp_server *server = l->data;
1976                 GSList *s;
1977
1978                 for (s = server->sessions; s; s = s->next) {
1979                         struct avctp *session = s->data;
1980                         struct avctp_channel *control = session->control;
1981                         GSList *h;
1982
1983                         if (control == NULL)
1984                                 continue;
1985
1986                         for (h = control->handlers; h; h = h->next) {
1987                                 struct avctp_pdu_handler *handler = h->data;
1988
1989                                 if (handler->id != id)
1990                                         continue;
1991
1992                                 control->handlers = g_slist_remove(
1993                                                         control->handlers,
1994                                                         handler);
1995                                 g_free(handler);
1996                                 return TRUE;
1997                         }
1998                 }
1999         }
2000
2001         return FALSE;
2002 }
2003
2004 gboolean avctp_unregister_browsing_pdu_handler(unsigned int id)
2005 {
2006         GSList *l;
2007
2008         for (l = servers; l; l = l->next) {
2009                 struct avctp_server *server = l->data;
2010                 GSList *s;
2011
2012                 for (s = server->sessions; s; s = s->next) {
2013                         struct avctp *session = s->data;
2014                         struct avctp_channel *browsing = session->browsing;
2015                         GSList *h;
2016
2017                         if (browsing == NULL)
2018                                 continue;
2019
2020                         for (h = browsing->handlers; h; h = h->next) {
2021                                 struct avctp_browsing_pdu_handler *handler =
2022                                                                 h->data;
2023
2024                                 if (handler->id != id)
2025                                         continue;
2026
2027                                 browsing->handlers = g_slist_remove(
2028                                                         browsing->handlers,
2029                                                         handler);
2030                                 g_free(handler);
2031                                 return TRUE;
2032                         }
2033                 }
2034         }
2035
2036         return FALSE;
2037 }
2038
2039 struct avctp *avctp_connect(struct btd_device *device)
2040 {
2041         struct avctp *session;
2042         GError *err = NULL;
2043         GIOChannel *io;
2044         const bdaddr_t *src;
2045
2046         session = avctp_get_internal(device);
2047         if (!session)
2048                 return NULL;
2049
2050         if (session->state > AVCTP_STATE_DISCONNECTED)
2051                 return session;
2052
2053         avctp_set_state(session, AVCTP_STATE_CONNECTING, 0);
2054
2055         src = btd_adapter_get_address(session->server->adapter);
2056
2057         io = bt_io_connect(avctp_connect_cb, session, NULL, &err,
2058                                 BT_IO_OPT_SOURCE_BDADDR, src,
2059                                 BT_IO_OPT_DEST_BDADDR,
2060                                 device_get_address(session->device),
2061                                 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
2062                                 BT_IO_OPT_PSM, AVCTP_CONTROL_PSM,
2063                                 BT_IO_OPT_INVALID);
2064         if (err) {
2065                 avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
2066                 error("%s", err->message);
2067                 g_error_free(err);
2068                 return NULL;
2069         }
2070
2071         session->control = avctp_channel_create(session, io, NULL);
2072         session->initiator = true;
2073         g_io_channel_unref(io);
2074
2075         return session;
2076 }
2077
2078 int avctp_connect_browsing(struct avctp *session)
2079 {
2080         const bdaddr_t *src;
2081         GError *err = NULL;
2082         GIOChannel *io;
2083
2084         if (session->state != AVCTP_STATE_CONNECTED)
2085                 return -ENOTCONN;
2086
2087         if (session->browsing != NULL)
2088                 return 0;
2089
2090         avctp_set_state(session, AVCTP_STATE_BROWSING_CONNECTING, 0);
2091
2092         src = btd_adapter_get_address(session->server->adapter);
2093
2094         io = bt_io_connect(avctp_connect_browsing_cb, session, NULL, &err,
2095                                 BT_IO_OPT_SOURCE_BDADDR, src,
2096                                 BT_IO_OPT_DEST_BDADDR,
2097                                 device_get_address(session->device),
2098                                 BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM,
2099                                 BT_IO_OPT_PSM, AVCTP_BROWSING_PSM,
2100                                 BT_IO_OPT_MODE, L2CAP_MODE_ERTM,
2101                                 BT_IO_OPT_INVALID);
2102         if (err) {
2103                 error("%s", err->message);
2104                 g_error_free(err);
2105                 return -EIO;
2106         }
2107
2108         session->browsing = avctp_channel_create(session, io,
2109                                                 avctp_destroy_browsing);
2110         g_io_channel_unref(io);
2111
2112         return 0;
2113 }
2114
2115 void avctp_disconnect(struct avctp *session)
2116 {
2117         if (session->state == AVCTP_STATE_DISCONNECTED)
2118                 return;
2119
2120         avctp_set_state(session, AVCTP_STATE_DISCONNECTED, -EIO);
2121 }
2122
2123 struct avctp *avctp_get(struct btd_device *device)
2124 {
2125         return avctp_get_internal(device);
2126 }
2127
2128 bool avctp_is_initiator(struct avctp *session)
2129 {
2130         return session->initiator;
2131 }