1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <algorithm>
18 #include <android-base/logging.h>
19 #include <android-base/properties.h>
20 #include <chrono>
21 #include <dirent.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <inttypes.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <sys/stat.h>
30 #include <sys/time.h>
31
32 #define LOG_TAG "MtpServer"
33
34 #include "MtpDebug.h"
35 #include "IMtpDatabase.h"
36 #include "MtpDescriptors.h"
37 #include "MtpDevHandle.h"
38 #include "MtpFfsCompatHandle.h"
39 #include "MtpFfsHandle.h"
40 #include "MtpObjectInfo.h"
41 #include "MtpProperty.h"
42 #include "MtpServer.h"
43 #include "MtpStorage.h"
44 #include "MtpStringBuffer.h"
45 #include "android-base/strings.h"
46
47 namespace android {
48 static const int SN_EVENT_LOG_ID = 0x534e4554;
49
50 static const MtpOperationCode kSupportedOperationCodes[] = {
51 MTP_OPERATION_GET_DEVICE_INFO,
52 MTP_OPERATION_OPEN_SESSION,
53 MTP_OPERATION_CLOSE_SESSION,
54 MTP_OPERATION_GET_STORAGE_IDS,
55 MTP_OPERATION_GET_STORAGE_INFO,
56 MTP_OPERATION_GET_NUM_OBJECTS,
57 MTP_OPERATION_GET_OBJECT_HANDLES,
58 MTP_OPERATION_GET_OBJECT_INFO,
59 MTP_OPERATION_GET_OBJECT,
60 MTP_OPERATION_GET_THUMB,
61 MTP_OPERATION_DELETE_OBJECT,
62 MTP_OPERATION_SEND_OBJECT_INFO,
63 MTP_OPERATION_SEND_OBJECT,
64 // MTP_OPERATION_INITIATE_CAPTURE,
65 // MTP_OPERATION_FORMAT_STORE,
66 MTP_OPERATION_RESET_DEVICE,
67 // MTP_OPERATION_SELF_TEST,
68 // MTP_OPERATION_SET_OBJECT_PROTECTION,
69 // MTP_OPERATION_POWER_DOWN,
70 MTP_OPERATION_GET_DEVICE_PROP_DESC,
71 MTP_OPERATION_GET_DEVICE_PROP_VALUE,
72 MTP_OPERATION_SET_DEVICE_PROP_VALUE,
73 MTP_OPERATION_RESET_DEVICE_PROP_VALUE,
74 // MTP_OPERATION_TERMINATE_OPEN_CAPTURE,
75 MTP_OPERATION_MOVE_OBJECT,
76 MTP_OPERATION_COPY_OBJECT,
77 MTP_OPERATION_GET_PARTIAL_OBJECT,
78 // MTP_OPERATION_INITIATE_OPEN_CAPTURE,
79 MTP_OPERATION_GET_OBJECT_PROPS_SUPPORTED,
80 MTP_OPERATION_GET_OBJECT_PROP_DESC,
81 MTP_OPERATION_GET_OBJECT_PROP_VALUE,
82 MTP_OPERATION_SET_OBJECT_PROP_VALUE,
83 MTP_OPERATION_GET_OBJECT_PROP_LIST,
84 // MTP_OPERATION_SET_OBJECT_PROP_LIST,
85 // MTP_OPERATION_GET_INTERDEPENDENT_PROP_DESC,
86 // MTP_OPERATION_SEND_OBJECT_PROP_LIST,
87 MTP_OPERATION_GET_OBJECT_REFERENCES,
88 MTP_OPERATION_SET_OBJECT_REFERENCES,
89 // MTP_OPERATION_SKIP,
90 // Android extension for direct file IO
91 MTP_OPERATION_GET_PARTIAL_OBJECT_64,
92 MTP_OPERATION_SEND_PARTIAL_OBJECT,
93 MTP_OPERATION_TRUNCATE_OBJECT,
94 MTP_OPERATION_BEGIN_EDIT_OBJECT,
95 MTP_OPERATION_END_EDIT_OBJECT,
96 };
97
98 static const MtpEventCode kSupportedEventCodes[] = {
99 MTP_EVENT_OBJECT_ADDED,
100 MTP_EVENT_OBJECT_REMOVED,
101 MTP_EVENT_STORE_ADDED,
102 MTP_EVENT_STORE_REMOVED,
103 MTP_EVENT_DEVICE_PROP_CHANGED,
104 MTP_EVENT_OBJECT_INFO_CHANGED,
105 };
106
MtpServer(IMtpDatabase * database,int controlFd,bool ptp,const char * deviceInfoManufacturer,const char * deviceInfoModel,const char * deviceInfoDeviceVersion,const char * deviceInfoSerialNumber)107 MtpServer::MtpServer(IMtpDatabase* database, int controlFd, bool ptp,
108 const char *deviceInfoManufacturer,
109 const char *deviceInfoModel,
110 const char *deviceInfoDeviceVersion,
111 const char *deviceInfoSerialNumber)
112 : mDatabase(database),
113 mPtp(ptp),
114 mDeviceInfoManufacturer(deviceInfoManufacturer),
115 mDeviceInfoModel(deviceInfoModel),
116 mDeviceInfoDeviceVersion(deviceInfoDeviceVersion),
117 mDeviceInfoSerialNumber(deviceInfoSerialNumber),
118 mSessionID(0),
119 mSessionOpen(false),
120 mSendObjectHandle(kInvalidObjectHandle),
121 mSendObjectFormat(0),
122 mSendObjectFileSize(0),
123 mSendObjectModifiedTime(0)
124 {
125 bool ffs_ok = access(FFS_MTP_EP0, W_OK) == 0;
126 if (ffs_ok) {
127 bool aio_compat = android::base::GetBoolProperty("sys.usb.ffs.aio_compat", false);
128 mHandle = aio_compat ? new MtpFfsCompatHandle(controlFd) : new MtpFfsHandle(controlFd);
129 } else {
130 mHandle = new MtpDevHandle();
131 }
132 }
133
~MtpServer()134 MtpServer::~MtpServer() {
135 }
136
addStorage(MtpStorage * storage)137 void MtpServer::addStorage(MtpStorage* storage) {
138 std::lock_guard<std::mutex> lg(mMutex);
139
140 mStorages.push_back(storage);
141 sendStoreAdded(storage->getStorageID());
142 }
143
removeStorage(MtpStorage * storage)144 void MtpServer::removeStorage(MtpStorage* storage) {
145 std::lock_guard<std::mutex> lg(mMutex);
146 auto iter = std::find(mStorages.begin(), mStorages.end(), storage);
147 if (iter != mStorages.end()) {
148 sendStoreRemoved(storage->getStorageID());
149 mStorages.erase(iter);
150 }
151 }
152
getStorage(MtpStorageID id)153 MtpStorage* MtpServer::getStorage(MtpStorageID id) {
154 if (id == 0)
155 return mStorages[0];
156 for (MtpStorage *storage : mStorages) {
157 if (storage->getStorageID() == id)
158 return storage;
159 }
160 return nullptr;
161 }
162
hasStorage(MtpStorageID id)163 bool MtpServer::hasStorage(MtpStorageID id) {
164 if (id == 0 || id == 0xFFFFFFFF)
165 return mStorages.size() > 0;
166 return (getStorage(id) != nullptr);
167 }
168
run()169 void MtpServer::run() {
170 if (mHandle->start(mPtp)) {
171 ALOGE("Failed to start usb driver!");
172 mHandle->close();
173 return;
174 }
175
176 while (1) {
177 int ret = mRequest.read(mHandle);
178 if (ret < 0) {
179 ALOGE("request read returned %d, errno: %d", ret, errno);
180 if (errno == ECANCELED) {
181 // return to top of loop and wait for next command
182 continue;
183 }
184 break;
185 }
186 MtpOperationCode operation = mRequest.getOperationCode();
187 MtpTransactionID transaction = mRequest.getTransactionID();
188
189 ALOGV("operation: %s", MtpDebug::getOperationCodeName(operation));
190 // FIXME need to generalize this
191 bool dataIn = (operation == MTP_OPERATION_SEND_OBJECT_INFO
192 || operation == MTP_OPERATION_SET_OBJECT_REFERENCES
193 || operation == MTP_OPERATION_SET_OBJECT_PROP_VALUE
194 || operation == MTP_OPERATION_SET_DEVICE_PROP_VALUE);
195 if (dataIn) {
196 int ret = mData.read(mHandle);
197 if (ret < 0) {
198 ALOGE("data read returned %d, errno: %d", ret, errno);
199 if (errno == ECANCELED) {
200 // return to top of loop and wait for next command
201 continue;
202 }
203 break;
204 }
205 ALOGV("received data:");
206 } else {
207 mData.reset();
208 }
209
210 if (handleRequest()) {
211 if (!dataIn && mData.hasData()) {
212 mData.setOperationCode(operation);
213 mData.setTransactionID(transaction);
214 ALOGV("sending data:");
215 ret = mData.write(mHandle);
216 if (ret < 0) {
217 ALOGE("request write returned %d, errno: %d", ret, errno);
218 if (errno == ECANCELED) {
219 // return to top of loop and wait for next command
220 continue;
221 }
222 break;
223 }
224 }
225
226 mResponse.setTransactionID(transaction);
227 ALOGV("sending response %04X", mResponse.getResponseCode());
228 ret = mResponse.write(mHandle);
229 const int savedErrno = errno;
230 if (ret < 0) {
231 ALOGE("request write returned %d, errno: %d", ret, errno);
232 if (savedErrno == ECANCELED) {
233 // return to top of loop and wait for next command
234 continue;
235 }
236 break;
237 }
238 } else {
239 ALOGV("skipping response\n");
240 }
241 }
242
243 // commit any open edits
244 int count = mObjectEditList.size();
245 for (int i = 0; i < count; i++) {
246 ObjectEdit* edit = mObjectEditList[i];
247 commitEdit(edit);
248 delete edit;
249 }
250 mObjectEditList.clear();
251
252 mHandle->close();
253 }
254
sendObjectAdded(MtpObjectHandle handle)255 void MtpServer::sendObjectAdded(MtpObjectHandle handle) {
256 ALOGV("sendObjectAdded %d\n", handle);
257 sendEvent(MTP_EVENT_OBJECT_ADDED, handle);
258 }
259
sendObjectRemoved(MtpObjectHandle handle)260 void MtpServer::sendObjectRemoved(MtpObjectHandle handle) {
261 ALOGV("sendObjectRemoved %d\n", handle);
262 sendEvent(MTP_EVENT_OBJECT_REMOVED, handle);
263 }
264
sendObjectInfoChanged(MtpObjectHandle handle)265 void MtpServer::sendObjectInfoChanged(MtpObjectHandle handle) {
266 ALOGV("sendObjectInfoChanged %d\n", handle);
267 sendEvent(MTP_EVENT_OBJECT_INFO_CHANGED, handle);
268 }
269
sendStoreAdded(MtpStorageID id)270 void MtpServer::sendStoreAdded(MtpStorageID id) {
271 ALOGV("sendStoreAdded %08X\n", id);
272 sendEvent(MTP_EVENT_STORE_ADDED, id);
273 }
274
sendStoreRemoved(MtpStorageID id)275 void MtpServer::sendStoreRemoved(MtpStorageID id) {
276 ALOGV("sendStoreRemoved %08X\n", id);
277 sendEvent(MTP_EVENT_STORE_REMOVED, id);
278 }
279
sendDevicePropertyChanged(MtpDeviceProperty property)280 void MtpServer::sendDevicePropertyChanged(MtpDeviceProperty property) {
281 ALOGV("sendDevicePropertyChanged %d\n", property);
282 sendEvent(MTP_EVENT_DEVICE_PROP_CHANGED, property);
283 }
284
sendEvent(MtpEventCode code,uint32_t param1)285 void MtpServer::sendEvent(MtpEventCode code, uint32_t param1) {
286 if (mSessionOpen) {
287 mEvent.setEventCode(code);
288 mEvent.setTransactionID(mRequest.getTransactionID());
289 mEvent.setParameter(1, param1);
290 if (mEvent.write(mHandle))
291 ALOGE("Mtp send event failed: %s", strerror(errno));
292 }
293 }
294
addEditObject(MtpObjectHandle handle,MtpStringBuffer & path,uint64_t size,MtpObjectFormat format,int fd)295 void MtpServer::addEditObject(MtpObjectHandle handle, MtpStringBuffer& path,
296 uint64_t size, MtpObjectFormat format, int fd) {
297 ObjectEdit* edit = new ObjectEdit(handle, path, size, format, fd);
298 mObjectEditList.push_back(edit);
299 }
300
getEditObject(MtpObjectHandle handle)301 MtpServer::ObjectEdit* MtpServer::getEditObject(MtpObjectHandle handle) {
302 int count = mObjectEditList.size();
303 for (int i = 0; i < count; i++) {
304 ObjectEdit* edit = mObjectEditList[i];
305 if (edit->mHandle == handle) return edit;
306 }
307 return nullptr;
308 }
309
removeEditObject(MtpObjectHandle handle)310 void MtpServer::removeEditObject(MtpObjectHandle handle) {
311 int count = mObjectEditList.size();
312 for (int i = 0; i < count; i++) {
313 ObjectEdit* edit = mObjectEditList[i];
314 if (edit->mHandle == handle) {
315 delete edit;
316 mObjectEditList.erase(mObjectEditList.begin() + i);
317 return;
318 }
319 }
320 ALOGE("ObjectEdit not found in removeEditObject");
321 }
322
commitEdit(ObjectEdit * edit)323 void MtpServer::commitEdit(ObjectEdit* edit) {
324 mDatabase->rescanFile((const char *)edit->mPath, edit->mHandle, edit->mFormat);
325 }
326
327
handleRequest()328 bool MtpServer::handleRequest() {
329 std::lock_guard<std::mutex> lg(mMutex);
330
331 MtpOperationCode operation = mRequest.getOperationCode();
332 MtpResponseCode response;
333
334 mResponse.reset();
335
336 if (mSendObjectHandle != kInvalidObjectHandle && operation != MTP_OPERATION_SEND_OBJECT) {
337 mSendObjectHandle = kInvalidObjectHandle;
338 mSendObjectFormat = 0;
339 mSendObjectModifiedTime = 0;
340 }
341
342 int containertype = mRequest.getContainerType();
343 if (containertype != MTP_CONTAINER_TYPE_COMMAND) {
344 ALOGE("wrong container type %d", containertype);
345 return false;
346 }
347
348 ALOGV("got command %s (%x)", MtpDebug::getOperationCodeName(operation), operation);
349
350 switch (operation) {
351 case MTP_OPERATION_GET_DEVICE_INFO:
352 response = doGetDeviceInfo();
353 break;
354 case MTP_OPERATION_OPEN_SESSION:
355 response = doOpenSession();
356 break;
357 case MTP_OPERATION_RESET_DEVICE:
358 case MTP_OPERATION_CLOSE_SESSION:
359 response = doCloseSession();
360 break;
361 case MTP_OPERATION_GET_STORAGE_IDS:
362 response = doGetStorageIDs();
363 break;
364 case MTP_OPERATION_GET_STORAGE_INFO:
365 response = doGetStorageInfo();
366 break;
367 case MTP_OPERATION_GET_OBJECT_PROPS_SUPPORTED:
368 response = doGetObjectPropsSupported();
369 break;
370 case MTP_OPERATION_GET_OBJECT_HANDLES:
371 response = doGetObjectHandles();
372 break;
373 case MTP_OPERATION_GET_NUM_OBJECTS:
374 response = doGetNumObjects();
375 break;
376 case MTP_OPERATION_GET_OBJECT_REFERENCES:
377 response = doGetObjectReferences();
378 break;
379 case MTP_OPERATION_SET_OBJECT_REFERENCES:
380 response = doSetObjectReferences();
381 break;
382 case MTP_OPERATION_GET_OBJECT_PROP_VALUE:
383 response = doGetObjectPropValue();
384 break;
385 case MTP_OPERATION_SET_OBJECT_PROP_VALUE:
386 response = doSetObjectPropValue();
387 break;
388 case MTP_OPERATION_GET_DEVICE_PROP_VALUE:
389 response = doGetDevicePropValue();
390 break;
391 case MTP_OPERATION_SET_DEVICE_PROP_VALUE:
392 response = doSetDevicePropValue();
393 break;
394 case MTP_OPERATION_RESET_DEVICE_PROP_VALUE:
395 response = doResetDevicePropValue();
396 break;
397 case MTP_OPERATION_GET_OBJECT_PROP_LIST:
398 response = doGetObjectPropList();
399 break;
400 case MTP_OPERATION_GET_OBJECT_INFO:
401 response = doGetObjectInfo();
402 break;
403 case MTP_OPERATION_GET_OBJECT:
404 response = doGetObject();
405 break;
406 case MTP_OPERATION_GET_THUMB:
407 response = doGetThumb();
408 break;
409 case MTP_OPERATION_GET_PARTIAL_OBJECT:
410 case MTP_OPERATION_GET_PARTIAL_OBJECT_64:
411 response = doGetPartialObject(operation);
412 break;
413 case MTP_OPERATION_SEND_OBJECT_INFO:
414 response = doSendObjectInfo();
415 break;
416 case MTP_OPERATION_SEND_OBJECT:
417 response = doSendObject();
418 break;
419 case MTP_OPERATION_DELETE_OBJECT:
420 response = doDeleteObject();
421 break;
422 case MTP_OPERATION_COPY_OBJECT:
423 response = doCopyObject();
424 break;
425 case MTP_OPERATION_MOVE_OBJECT:
426 response = doMoveObject();
427 break;
428 case MTP_OPERATION_GET_OBJECT_PROP_DESC:
429 response = doGetObjectPropDesc();
430 break;
431 case MTP_OPERATION_GET_DEVICE_PROP_DESC:
432 response = doGetDevicePropDesc();
433 break;
434 case MTP_OPERATION_SEND_PARTIAL_OBJECT:
435 response = doSendPartialObject();
436 break;
437 case MTP_OPERATION_TRUNCATE_OBJECT:
438 response = doTruncateObject();
439 break;
440 case MTP_OPERATION_BEGIN_EDIT_OBJECT:
441 response = doBeginEditObject();
442 break;
443 case MTP_OPERATION_END_EDIT_OBJECT:
444 response = doEndEditObject();
445 break;
446 default:
447 ALOGE("got unsupported command %s (%x)",
448 MtpDebug::getOperationCodeName(operation), operation);
449 response = MTP_RESPONSE_OPERATION_NOT_SUPPORTED;
450 break;
451 }
452
453 if (response != MTP_RESPONSE_OK)
454 ALOGW("[MTP] got response 0x%X in command %s (%x)", response,
455 MtpDebug::getOperationCodeName(operation), operation);
456 if (response == MTP_RESPONSE_TRANSACTION_CANCELLED)
457 return false;
458 mResponse.setResponseCode(response);
459 return true;
460 }
461
doGetDeviceInfo()462 MtpResponseCode MtpServer::doGetDeviceInfo() {
463 MtpStringBuffer string;
464
465 MtpObjectFormatList* playbackFormats = mDatabase->getSupportedPlaybackFormats();
466 MtpObjectFormatList* captureFormats = mDatabase->getSupportedCaptureFormats();
467 MtpDevicePropertyList* deviceProperties = mDatabase->getSupportedDeviceProperties();
468
469 // fill in device info
470 mData.putUInt16(MTP_STANDARD_VERSION);
471 if (mPtp) {
472 mData.putUInt32(0);
473 } else {
474 // MTP Vendor Extension ID
475 mData.putUInt32(6);
476 }
477 mData.putUInt16(MTP_STANDARD_VERSION);
478 if (mPtp) {
479 // no extensions
480 string.set("");
481 } else {
482 // MTP extensions
483 string.set("microsoft.com: 1.0; android.com: 1.0;");
484 }
485 mData.putString(string); // MTP Extensions
486 mData.putUInt16(0); //Functional Mode
487 mData.putAUInt16(kSupportedOperationCodes,
488 sizeof(kSupportedOperationCodes) / sizeof(uint16_t)); // Operations Supported
489 mData.putAUInt16(kSupportedEventCodes,
490 sizeof(kSupportedEventCodes) / sizeof(uint16_t)); // Events Supported
491 mData.putAUInt16(deviceProperties); // Device Properties Supported
492 mData.putAUInt16(captureFormats); // Capture Formats
493 mData.putAUInt16(playbackFormats); // Playback Formats
494
495 mData.putString(mDeviceInfoManufacturer); // Manufacturer
496 mData.putString(mDeviceInfoModel); // Model
497 mData.putString(mDeviceInfoDeviceVersion); // Device Version
498 mData.putString(mDeviceInfoSerialNumber); // Serial Number
499
500 delete playbackFormats;
501 delete captureFormats;
502 delete deviceProperties;
503
504 return MTP_RESPONSE_OK;
505 }
506
doOpenSession()507 MtpResponseCode MtpServer::doOpenSession() {
508 if (mSessionOpen) {
509 mResponse.setParameter(1, mSessionID);
510 return MTP_RESPONSE_SESSION_ALREADY_OPEN;
511 }
512 if (mRequest.getParameterCount() < 1)
513 return MTP_RESPONSE_INVALID_PARAMETER;
514
515 mSessionID = mRequest.getParameter(1);
516 mSessionOpen = true;
517
518 return MTP_RESPONSE_OK;
519 }
520
doCloseSession()521 MtpResponseCode MtpServer::doCloseSession() {
522 if (!mSessionOpen)
523 return MTP_RESPONSE_SESSION_NOT_OPEN;
524 mSessionID = 0;
525 mSessionOpen = false;
526 return MTP_RESPONSE_OK;
527 }
528
doGetStorageIDs()529 MtpResponseCode MtpServer::doGetStorageIDs() {
530 if (!mSessionOpen)
531 return MTP_RESPONSE_SESSION_NOT_OPEN;
532
533 int count = mStorages.size();
534 mData.putUInt32(count);
535 for (int i = 0; i < count; i++)
536 mData.putUInt32(mStorages[i]->getStorageID());
537
538 return MTP_RESPONSE_OK;
539 }
540
doGetStorageInfo()541 MtpResponseCode MtpServer::doGetStorageInfo() {
542 MtpStringBuffer string;
543
544 if (!mSessionOpen)
545 return MTP_RESPONSE_SESSION_NOT_OPEN;
546 if (mRequest.getParameterCount() < 1)
547 return MTP_RESPONSE_INVALID_PARAMETER;
548
549 MtpStorageID id = mRequest.getParameter(1);
550 MtpStorage* storage = getStorage(id);
551 if (!storage)
552 return MTP_RESPONSE_INVALID_STORAGE_ID;
553
554 mData.putUInt16(storage->getType());
555 mData.putUInt16(storage->getFileSystemType());
556 mData.putUInt16(storage->getAccessCapability());
557 mData.putUInt64(storage->getMaxCapacity());
558 mData.putUInt64(storage->getFreeSpace());
559 mData.putUInt32(1024*1024*1024); // Free Space in Objects
560 string.set(storage->getDescription());
561 mData.putString(string);
562 mData.putEmptyString(); // Volume Identifier
563
564 return MTP_RESPONSE_OK;
565 }
566
doGetObjectPropsSupported()567 MtpResponseCode MtpServer::doGetObjectPropsSupported() {
568 if (!mSessionOpen)
569 return MTP_RESPONSE_SESSION_NOT_OPEN;
570 if (mRequest.getParameterCount() < 1)
571 return MTP_RESPONSE_INVALID_PARAMETER;
572 MtpObjectFormat format = mRequest.getParameter(1);
573 MtpObjectPropertyList* properties = mDatabase->getSupportedObjectProperties(format);
574 mData.putAUInt16(properties);
575 delete properties;
576 return MTP_RESPONSE_OK;
577 }
578
doGetObjectHandles()579 MtpResponseCode MtpServer::doGetObjectHandles() {
580 if (!mSessionOpen)
581 return MTP_RESPONSE_SESSION_NOT_OPEN;
582 if (mRequest.getParameterCount() < 3)
583 return MTP_RESPONSE_INVALID_PARAMETER;
584 MtpStorageID storageID = mRequest.getParameter(1); // 0xFFFFFFFF for all storage
585 MtpObjectFormat format = mRequest.getParameter(2); // 0 for all formats
586 MtpObjectHandle parent = mRequest.getParameter(3); // 0xFFFFFFFF for objects with no parent
587 // 0x00000000 for all objects
588
589 if (!hasStorage(storageID))
590 return MTP_RESPONSE_INVALID_STORAGE_ID;
591
592 MtpObjectHandleList* handles = mDatabase->getObjectList(storageID, format, parent);
593 if (handles == NULL)
594 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
595 mData.putAUInt32(handles);
596 delete handles;
597 return MTP_RESPONSE_OK;
598 }
599
doGetNumObjects()600 MtpResponseCode MtpServer::doGetNumObjects() {
601 if (!mSessionOpen)
602 return MTP_RESPONSE_SESSION_NOT_OPEN;
603 if (mRequest.getParameterCount() < 3)
604 return MTP_RESPONSE_INVALID_PARAMETER;
605 MtpStorageID storageID = mRequest.getParameter(1); // 0xFFFFFFFF for all storage
606 MtpObjectFormat format = mRequest.getParameter(2); // 0 for all formats
607 MtpObjectHandle parent = mRequest.getParameter(3); // 0xFFFFFFFF for objects with no parent
608 // 0x00000000 for all objects
609 if (!hasStorage(storageID))
610 return MTP_RESPONSE_INVALID_STORAGE_ID;
611
612 int count = mDatabase->getNumObjects(storageID, format, parent);
613 if (count >= 0) {
614 mResponse.setParameter(1, count);
615 return MTP_RESPONSE_OK;
616 } else {
617 mResponse.setParameter(1, 0);
618 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
619 }
620 }
621
doGetObjectReferences()622 MtpResponseCode MtpServer::doGetObjectReferences() {
623 if (!mSessionOpen)
624 return MTP_RESPONSE_SESSION_NOT_OPEN;
625 if (!hasStorage())
626 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
627 if (mRequest.getParameterCount() < 1)
628 return MTP_RESPONSE_INVALID_PARAMETER;
629 MtpObjectHandle handle = mRequest.getParameter(1);
630
631 // FIXME - check for invalid object handle
632 MtpObjectHandleList* handles = mDatabase->getObjectReferences(handle);
633 if (handles) {
634 mData.putAUInt32(handles);
635 delete handles;
636 } else {
637 mData.putEmptyArray();
638 }
639 return MTP_RESPONSE_OK;
640 }
641
doSetObjectReferences()642 MtpResponseCode MtpServer::doSetObjectReferences() {
643 if (!mSessionOpen)
644 return MTP_RESPONSE_SESSION_NOT_OPEN;
645 if (!hasStorage())
646 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
647 if (mRequest.getParameterCount() < 1)
648 return MTP_RESPONSE_INVALID_PARAMETER;
649 MtpStorageID handle = mRequest.getParameter(1);
650
651 MtpObjectHandleList* references = mData.getAUInt32();
652 if (!references)
653 return MTP_RESPONSE_INVALID_PARAMETER;
654 MtpResponseCode result = mDatabase->setObjectReferences(handle, references);
655 delete references;
656 return result;
657 }
658
doGetObjectPropValue()659 MtpResponseCode MtpServer::doGetObjectPropValue() {
660 if (!hasStorage())
661 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
662 if (mRequest.getParameterCount() < 2)
663 return MTP_RESPONSE_INVALID_PARAMETER;
664 MtpObjectHandle handle = mRequest.getParameter(1);
665 MtpObjectProperty property = mRequest.getParameter(2);
666 ALOGV("GetObjectPropValue %d %s (0x%04X)\n", handle,
667 MtpDebug::getObjectPropCodeName(property), property);
668
669 return mDatabase->getObjectPropertyValue(handle, property, mData);
670 }
671
doSetObjectPropValue()672 MtpResponseCode MtpServer::doSetObjectPropValue() {
673 if (!hasStorage())
674 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
675 if (mRequest.getParameterCount() < 2)
676 return MTP_RESPONSE_INVALID_PARAMETER;
677 MtpObjectHandle handle = mRequest.getParameter(1);
678 MtpObjectProperty property = mRequest.getParameter(2);
679 ALOGV("SetObjectPropValue %d %s\n", handle,
680 MtpDebug::getObjectPropCodeName(property));
681
682 return mDatabase->setObjectPropertyValue(handle, property, mData);
683 }
684
doGetDevicePropValue()685 MtpResponseCode MtpServer::doGetDevicePropValue() {
686 if (mRequest.getParameterCount() < 1)
687 return MTP_RESPONSE_INVALID_PARAMETER;
688 MtpDeviceProperty property = mRequest.getParameter(1);
689 ALOGV("GetDevicePropValue %s\n",
690 MtpDebug::getDevicePropCodeName(property));
691
692 return mDatabase->getDevicePropertyValue(property, mData);
693 }
694
doSetDevicePropValue()695 MtpResponseCode MtpServer::doSetDevicePropValue() {
696 if (mRequest.getParameterCount() < 1)
697 return MTP_RESPONSE_INVALID_PARAMETER;
698 MtpDeviceProperty property = mRequest.getParameter(1);
699 ALOGV("SetDevicePropValue %s\n",
700 MtpDebug::getDevicePropCodeName(property));
701
702 return mDatabase->setDevicePropertyValue(property, mData);
703 }
704
doResetDevicePropValue()705 MtpResponseCode MtpServer::doResetDevicePropValue() {
706 if (mRequest.getParameterCount() < 1)
707 return MTP_RESPONSE_INVALID_PARAMETER;
708 MtpDeviceProperty property = mRequest.getParameter(1);
709 ALOGV("ResetDevicePropValue %s\n",
710 MtpDebug::getDevicePropCodeName(property));
711
712 return mDatabase->resetDeviceProperty(property);
713 }
714
doGetObjectPropList()715 MtpResponseCode MtpServer::doGetObjectPropList() {
716 if (!hasStorage())
717 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
718 if (mRequest.getParameterCount() < 5)
719 return MTP_RESPONSE_INVALID_PARAMETER;
720
721 MtpObjectHandle handle = mRequest.getParameter(1);
722 // use uint32_t so we can support 0xFFFFFFFF
723 uint32_t format = mRequest.getParameter(2);
724 uint32_t property = mRequest.getParameter(3);
725 int groupCode = mRequest.getParameter(4);
726 int depth = mRequest.getParameter(5);
727 ALOGV("GetObjectPropList %d format: %s property: %s group: %d depth: %d\n",
728 handle, MtpDebug::getFormatCodeName(format),
729 MtpDebug::getObjectPropCodeName(property), groupCode, depth);
730
731 return mDatabase->getObjectPropertyList(handle, format, property, groupCode, depth, mData);
732 }
733
doGetObjectInfo()734 MtpResponseCode MtpServer::doGetObjectInfo() {
735 if (!hasStorage())
736 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
737 if (mRequest.getParameterCount() < 1)
738 return MTP_RESPONSE_INVALID_PARAMETER;
739 MtpObjectHandle handle = mRequest.getParameter(1);
740 MtpObjectInfo info(handle);
741 MtpResponseCode result = mDatabase->getObjectInfo(handle, info);
742 if (result == MTP_RESPONSE_OK) {
743 char date[20];
744
745 mData.putUInt32(info.mStorageID);
746 mData.putUInt16(info.mFormat);
747 mData.putUInt16(info.mProtectionStatus);
748
749 // if object is being edited the database size may be out of date
750 uint32_t size = info.mCompressedSize;
751 ObjectEdit* edit = getEditObject(handle);
752 if (edit)
753 size = (edit->mSize > 0xFFFFFFFFLL ? 0xFFFFFFFF : (uint32_t)edit->mSize);
754 mData.putUInt32(size);
755
756 mData.putUInt16(info.mThumbFormat);
757 mData.putUInt32(info.mThumbCompressedSize);
758 mData.putUInt32(info.mThumbPixWidth);
759 mData.putUInt32(info.mThumbPixHeight);
760 mData.putUInt32(info.mImagePixWidth);
761 mData.putUInt32(info.mImagePixHeight);
762 mData.putUInt32(info.mImagePixDepth);
763 mData.putUInt32(info.mParent);
764 mData.putUInt16(info.mAssociationType);
765 mData.putUInt32(info.mAssociationDesc);
766 mData.putUInt32(info.mSequenceNumber);
767 mData.putString(info.mName);
768 formatDateTime(info.mDateCreated, date, sizeof(date));
769 mData.putString(date); // date created
770 formatDateTime(info.mDateModified, date, sizeof(date));
771 mData.putString(date); // date modified
772 mData.putEmptyString(); // keywords
773 }
774 return result;
775 }
776
doGetObject()777 MtpResponseCode MtpServer::doGetObject() {
778 if (!hasStorage())
779 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
780 if (mRequest.getParameterCount() < 1)
781 return MTP_RESPONSE_INVALID_PARAMETER;
782 MtpObjectHandle handle = mRequest.getParameter(1);
783 MtpStringBuffer pathBuf;
784 int64_t fileLength;
785 MtpObjectFormat format;
786 int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength, format);
787 if (result != MTP_RESPONSE_OK)
788 return result;
789
790 auto start = std::chrono::steady_clock::now();
791
792 const char* filePath = (const char *)pathBuf;
793 mtp_file_range mfr;
794 mfr.fd = open(filePath, O_RDONLY);
795 if (mfr.fd < 0) {
796 return MTP_RESPONSE_GENERAL_ERROR;
797 }
798 mfr.offset = 0;
799 mfr.length = fileLength;
800 mfr.command = mRequest.getOperationCode();
801 mfr.transaction_id = mRequest.getTransactionID();
802
803 // then transfer the file
804 int ret = mHandle->sendFile(mfr);
805 if (ret < 0) {
806 ALOGE("Mtp send file got error %s", strerror(errno));
807 if (errno == ECANCELED) {
808 result = MTP_RESPONSE_TRANSACTION_CANCELLED;
809 } else {
810 result = MTP_RESPONSE_GENERAL_ERROR;
811 }
812 } else {
813 result = MTP_RESPONSE_OK;
814 }
815
816 auto end = std::chrono::steady_clock::now();
817 std::chrono::duration<double> diff = end - start;
818 struct stat sstat;
819 fstat(mfr.fd, &sstat);
820 uint64_t finalsize = sstat.st_size;
821 ALOGV("Sent a file over MTP. Time: %f s, Size: %" PRIu64 ", Rate: %f bytes/s",
822 diff.count(), finalsize, ((double) finalsize) / diff.count());
823 closeObjFd(mfr.fd, filePath);
824 return result;
825 }
826
doGetThumb()827 MtpResponseCode MtpServer::doGetThumb() {
828 if (mRequest.getParameterCount() < 1)
829 return MTP_RESPONSE_INVALID_PARAMETER;
830 MtpObjectHandle handle = mRequest.getParameter(1);
831 size_t thumbSize;
832 void* thumb = mDatabase->getThumbnail(handle, thumbSize);
833 if (thumb) {
834 // send data
835 mData.setOperationCode(mRequest.getOperationCode());
836 mData.setTransactionID(mRequest.getTransactionID());
837 mData.writeData(mHandle, thumb, thumbSize);
838 free(thumb);
839 return MTP_RESPONSE_OK;
840 } else {
841 return MTP_RESPONSE_GENERAL_ERROR;
842 }
843 }
844
doGetPartialObject(MtpOperationCode operation)845 MtpResponseCode MtpServer::doGetPartialObject(MtpOperationCode operation) {
846 if (!hasStorage())
847 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
848 MtpObjectHandle handle = mRequest.getParameter(1);
849 uint64_t offset;
850 uint32_t length;
851 offset = mRequest.getParameter(2);
852 if (operation == MTP_OPERATION_GET_PARTIAL_OBJECT_64) {
853 // MTP_OPERATION_GET_PARTIAL_OBJECT_64 takes 4 arguments
854 if (mRequest.getParameterCount() < 4)
855 return MTP_RESPONSE_INVALID_PARAMETER;
856
857 // android extension with 64 bit offset
858 uint64_t offset2 = mRequest.getParameter(3);
859 offset = offset | (offset2 << 32);
860 length = mRequest.getParameter(4);
861 } else {
862 // MTP_OPERATION_GET_PARTIAL_OBJECT takes 3 arguments
863 if (mRequest.getParameterCount() < 3)
864 return MTP_RESPONSE_INVALID_PARAMETER;
865
866 // standard GetPartialObject
867 length = mRequest.getParameter(3);
868 }
869 MtpStringBuffer pathBuf;
870 int64_t fileLength;
871 MtpObjectFormat format;
872 int result = mDatabase->getObjectFilePath(handle, pathBuf, fileLength, format);
873 if (result != MTP_RESPONSE_OK)
874 return result;
875 if (offset + length > (uint64_t)fileLength)
876 length = fileLength - offset;
877
878 const char* filePath = (const char *)pathBuf;
879 ALOGV("sending partial %s %" PRIu64 " %" PRIu32, filePath, offset, length);
880 mtp_file_range mfr;
881 mfr.fd = open(filePath, O_RDONLY);
882 if (mfr.fd < 0) {
883 return MTP_RESPONSE_GENERAL_ERROR;
884 }
885 mfr.offset = offset;
886 mfr.length = length;
887 mfr.command = mRequest.getOperationCode();
888 mfr.transaction_id = mRequest.getTransactionID();
889 mResponse.setParameter(1, length);
890
891 // transfer the file
892 int ret = mHandle->sendFile(mfr);
893 ALOGV("MTP_SEND_FILE_WITH_HEADER returned %d\n", ret);
894 result = MTP_RESPONSE_OK;
895 if (ret < 0) {
896 if (errno == ECANCELED)
897 result = MTP_RESPONSE_TRANSACTION_CANCELLED;
898 else
899 result = MTP_RESPONSE_GENERAL_ERROR;
900 }
901 closeObjFd(mfr.fd, filePath);
902 return result;
903 }
904
doSendObjectInfo()905 MtpResponseCode MtpServer::doSendObjectInfo() {
906 MtpStringBuffer path;
907 uint16_t temp16;
908 uint32_t temp32;
909
910 if (mRequest.getParameterCount() < 2)
911 return MTP_RESPONSE_INVALID_PARAMETER;
912 MtpStorageID storageID = mRequest.getParameter(1);
913 MtpStorage* storage = getStorage(storageID);
914 MtpObjectHandle parent = mRequest.getParameter(2);
915 if (!storage)
916 return MTP_RESPONSE_INVALID_STORAGE_ID;
917
918 // special case the root
919 if (parent == MTP_PARENT_ROOT) {
920 path.set(storage->getPath());
921 parent = 0;
922 } else {
923 int64_t length;
924 MtpObjectFormat format;
925 int result = mDatabase->getObjectFilePath(parent, path, length, format);
926 if (result != MTP_RESPONSE_OK)
927 return result;
928 if (format != MTP_FORMAT_ASSOCIATION)
929 return MTP_RESPONSE_INVALID_PARENT_OBJECT;
930 }
931
932 // read only the fields we need
933 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // storage ID
934 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER;
935 MtpObjectFormat format = temp16;
936 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER; // protection status
937 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER;
938 mSendObjectFileSize = temp32;
939 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb format
940 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb compressed size
941 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb pix width
942 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // thumb pix height
943 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // image pix width
944 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // image pix height
945 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // image bit depth
946 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // parent
947 if (!mData.getUInt16(temp16)) return MTP_RESPONSE_INVALID_PARAMETER;
948 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER;
949 if (!mData.getUInt32(temp32)) return MTP_RESPONSE_INVALID_PARAMETER; // sequence number
950 MtpStringBuffer name, created, modified;
951 if (!mData.getString(name)) return MTP_RESPONSE_INVALID_PARAMETER; // file name
952 if (name.isEmpty()) {
953 ALOGE("empty name");
954 return MTP_RESPONSE_INVALID_PARAMETER;
955 }
956 if (!mData.getString(created)) return MTP_RESPONSE_INVALID_PARAMETER; // date created
957 if (!mData.getString(modified)) return MTP_RESPONSE_INVALID_PARAMETER; // date modified
958 // keywords follow
959
960 int type = storage->getType();
961 if (type == MTP_STORAGE_REMOVABLE_RAM) {
962 std::string str = android::base::Trim((const char*)name);
963 name.set(str.c_str());
964 }
965 ALOGV("name: %s format: 0x%04X (%s)\n", (const char*)name, format,
966 MtpDebug::getFormatCodeName(format));
967 time_t modifiedTime;
968 if (!parseDateTime(modified, modifiedTime))
969 modifiedTime = 0;
970
971 if ((strcmp(name, ".") == 0) || (strcmp(name, "..") == 0) ||
972 (strchr(name, '/') != NULL)) {
973 char errMsg[80];
974
975 snprintf(errMsg, sizeof(errMsg), "Invalid name: %s", (const char *) name);
976 ALOGE("%s (b/130656917)", errMsg);
977 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "130656917", -1, errMsg,
978 strlen(errMsg));
979
980 return MTP_RESPONSE_INVALID_PARAMETER;
981 }
982 if (path[path.size() - 1] != '/')
983 path.append("/");
984 path.append(name);
985
986 // check space first
987 if (mSendObjectFileSize > storage->getFreeSpace())
988 return MTP_RESPONSE_STORAGE_FULL;
989 uint64_t maxFileSize = storage->getMaxFileSize();
990 // check storage max file size
991 if (maxFileSize != 0) {
992 // if mSendObjectFileSize is 0xFFFFFFFF, then all we know is the file size
993 // is >= 0xFFFFFFFF
994 if (mSendObjectFileSize > maxFileSize || mSendObjectFileSize == 0xFFFFFFFF)
995 return MTP_RESPONSE_OBJECT_TOO_LARGE;
996 }
997
998 ALOGV("path: %s parent: %d storageID: %08X", (const char*)path, parent, storageID);
999 MtpObjectHandle handle = mDatabase->beginSendObject((const char*)path, format,
1000 parent, storageID);
1001 ALOGD("handle: %d, parent: %d, storageID: %08X", handle, parent, storageID);
1002 if (handle == kInvalidObjectHandle) {
1003 return MTP_RESPONSE_GENERAL_ERROR;
1004 }
1005
1006 if (format == MTP_FORMAT_ASSOCIATION) {
1007 int ret = makeFolder((const char *)path);
1008 if (ret)
1009 return MTP_RESPONSE_GENERAL_ERROR;
1010
1011 // SendObject does not get sent for directories, so call endSendObject here instead
1012 mDatabase->endSendObject(handle, MTP_RESPONSE_OK);
1013 }
1014 mSendObjectFilePath = path;
1015 // save the handle for the SendObject call, which should follow
1016 mSendObjectHandle = handle;
1017 mSendObjectFormat = format;
1018 mSendObjectModifiedTime = modifiedTime;
1019
1020 mResponse.setParameter(1, storageID);
1021 mResponse.setParameter(2, parent);
1022 mResponse.setParameter(3, handle);
1023
1024 return MTP_RESPONSE_OK;
1025 }
1026
doMoveObject()1027 MtpResponseCode MtpServer::doMoveObject() {
1028 if (!hasStorage())
1029 return MTP_RESPONSE_GENERAL_ERROR;
1030 if (mRequest.getParameterCount() < 3)
1031 return MTP_RESPONSE_INVALID_PARAMETER;
1032 MtpObjectHandle objectHandle = mRequest.getParameter(1);
1033 MtpStorageID storageID = mRequest.getParameter(2);
1034 MtpStorage* storage = getStorage(storageID);
1035 MtpObjectHandle parent = mRequest.getParameter(3);
1036 if (!storage)
1037 return MTP_RESPONSE_INVALID_STORAGE_ID;
1038 MtpStringBuffer path;
1039 MtpResponseCode result;
1040
1041 MtpStringBuffer fromPath;
1042 int64_t fileLength;
1043 MtpObjectFormat format;
1044 MtpObjectInfo info(objectHandle);
1045 result = mDatabase->getObjectInfo(objectHandle, info);
1046 if (result != MTP_RESPONSE_OK)
1047 return result;
1048 result = mDatabase->getObjectFilePath(objectHandle, fromPath, fileLength, format);
1049 if (result != MTP_RESPONSE_OK)
1050 return result;
1051
1052 // special case the root
1053 if (parent == 0) {
1054 path.set(storage->getPath());
1055 } else {
1056 int64_t parentLength;
1057 MtpObjectFormat parentFormat;
1058 result = mDatabase->getObjectFilePath(parent, path, parentLength, parentFormat);
1059 if (result != MTP_RESPONSE_OK)
1060 return result;
1061 if (parentFormat != MTP_FORMAT_ASSOCIATION)
1062 return MTP_RESPONSE_INVALID_PARENT_OBJECT;
1063 }
1064
1065 if (path[path.size() - 1] != '/')
1066 path.append("/");
1067 path.append(info.mName);
1068
1069 result = mDatabase->beginMoveObject(objectHandle, parent, storageID);
1070 if (result != MTP_RESPONSE_OK)
1071 return result;
1072
1073 if (info.mStorageID == storageID) {
1074 ALOGV("Moving file from %s to %s", (const char*)fromPath, (const char*)path);
1075 if (renameTo(fromPath, path)) {
1076 PLOG(ERROR) << "rename() failed from " << fromPath << " to " << path;
1077 result = MTP_RESPONSE_GENERAL_ERROR;
1078 }
1079 } else {
1080 ALOGV("Moving across storages from %s to %s", (const char*)fromPath, (const char*)path);
1081 if (format == MTP_FORMAT_ASSOCIATION) {
1082 int ret = makeFolder((const char *)path);
1083 ret += copyRecursive(fromPath, path);
1084 if (ret) {
1085 result = MTP_RESPONSE_GENERAL_ERROR;
1086 } else {
1087 deletePath(fromPath);
1088 }
1089 } else {
1090 if (copyFile(fromPath, path)) {
1091 result = MTP_RESPONSE_GENERAL_ERROR;
1092 } else {
1093 deletePath(fromPath);
1094 }
1095 }
1096 }
1097
1098 // If the move failed, undo the database change
1099 mDatabase->endMoveObject(info.mParent, parent, info.mStorageID, storageID, objectHandle,
1100 result == MTP_RESPONSE_OK);
1101
1102 return result;
1103 }
1104
doCopyObject()1105 MtpResponseCode MtpServer::doCopyObject() {
1106 if (!hasStorage())
1107 return MTP_RESPONSE_GENERAL_ERROR;
1108 MtpResponseCode result = MTP_RESPONSE_OK;
1109 if (mRequest.getParameterCount() < 3)
1110 return MTP_RESPONSE_INVALID_PARAMETER;
1111 MtpObjectHandle objectHandle = mRequest.getParameter(1);
1112 MtpStorageID storageID = mRequest.getParameter(2);
1113 MtpStorage* storage = getStorage(storageID);
1114 MtpObjectHandle parent = mRequest.getParameter(3);
1115 if (!storage)
1116 return MTP_RESPONSE_INVALID_STORAGE_ID;
1117 MtpStringBuffer path;
1118
1119 MtpStringBuffer fromPath;
1120 int64_t fileLength;
1121 MtpObjectFormat format;
1122 MtpObjectInfo info(objectHandle);
1123 result = mDatabase->getObjectInfo(objectHandle, info);
1124 if (result != MTP_RESPONSE_OK)
1125 return result;
1126 result = mDatabase->getObjectFilePath(objectHandle, fromPath, fileLength, format);
1127 if (result != MTP_RESPONSE_OK)
1128 return result;
1129
1130 // special case the root
1131 if (parent == 0) {
1132 path.set(storage->getPath());
1133 } else {
1134 int64_t parentLength;
1135 MtpObjectFormat parentFormat;
1136 result = mDatabase->getObjectFilePath(parent, path, parentLength, parentFormat);
1137 if (result != MTP_RESPONSE_OK)
1138 return result;
1139 if (parentFormat != MTP_FORMAT_ASSOCIATION)
1140 return MTP_RESPONSE_INVALID_PARENT_OBJECT;
1141 }
1142
1143 // check space first
1144 if ((uint64_t) fileLength > storage->getFreeSpace())
1145 return MTP_RESPONSE_STORAGE_FULL;
1146
1147 if (path[path.size() - 1] != '/')
1148 path.append("/");
1149 path.append(info.mName);
1150
1151 MtpObjectHandle handle = mDatabase->beginCopyObject(objectHandle, parent, storageID);
1152 if (handle == kInvalidObjectHandle) {
1153 return MTP_RESPONSE_GENERAL_ERROR;
1154 }
1155
1156 ALOGV("Copying file from %s to %s", (const char*)fromPath, (const char*)path);
1157 if (format == MTP_FORMAT_ASSOCIATION) {
1158 int ret = makeFolder((const char *)path);
1159 ret += copyRecursive(fromPath, path);
1160 if (ret) {
1161 result = MTP_RESPONSE_GENERAL_ERROR;
1162 }
1163 } else {
1164 if (copyFile(fromPath, path)) {
1165 result = MTP_RESPONSE_GENERAL_ERROR;
1166 }
1167 }
1168
1169 mDatabase->endCopyObject(handle, result);
1170 mResponse.setParameter(1, handle);
1171 return result;
1172 }
1173
doSendObject()1174 MtpResponseCode MtpServer::doSendObject() {
1175 if (!hasStorage())
1176 return MTP_RESPONSE_GENERAL_ERROR;
1177 MtpResponseCode result = MTP_RESPONSE_OK;
1178 mode_t mask;
1179 int ret, initialData;
1180 bool isCanceled = false;
1181 struct stat sstat = {};
1182
1183 auto start = std::chrono::steady_clock::now();
1184
1185 if (mSendObjectHandle == kInvalidObjectHandle) {
1186 ALOGE("Expected SendObjectInfo before SendObject");
1187 result = MTP_RESPONSE_NO_VALID_OBJECT_INFO;
1188 goto done;
1189 }
1190
1191 // read the header, and possibly some data
1192 ret = mData.read(mHandle);
1193 if (ret < MTP_CONTAINER_HEADER_SIZE) {
1194 result = MTP_RESPONSE_GENERAL_ERROR;
1195 goto done;
1196 }
1197 initialData = ret - MTP_CONTAINER_HEADER_SIZE;
1198
1199 if (mSendObjectFormat == MTP_FORMAT_ASSOCIATION) {
1200 if (initialData != 0)
1201 ALOGE("Expected folder size to be 0!");
1202 mSendObjectHandle = kInvalidObjectHandle;
1203 mSendObjectFormat = 0;
1204 mSendObjectModifiedTime = 0;
1205 return result;
1206 }
1207
1208 mtp_file_range mfr;
1209 mfr.fd = open(mSendObjectFilePath, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
1210 if (mfr.fd < 0) {
1211 result = MTP_RESPONSE_GENERAL_ERROR;
1212 goto done;
1213 }
1214 fchown(mfr.fd, getuid(), FILE_GROUP);
1215 // set permissions
1216 mask = umask(0);
1217 fchmod(mfr.fd, FILE_PERM);
1218 umask(mask);
1219
1220 if (initialData > 0) {
1221 ret = write(mfr.fd, mData.getData(), initialData);
1222 }
1223
1224 if (ret < 0) {
1225 ALOGE("failed to write initial data");
1226 result = MTP_RESPONSE_GENERAL_ERROR;
1227 } else {
1228 mfr.offset = initialData;
1229 if (mSendObjectFileSize == 0xFFFFFFFF) {
1230 // tell driver to read until it receives a short packet
1231 mfr.length = 0xFFFFFFFF;
1232 } else {
1233 mfr.length = mSendObjectFileSize - initialData;
1234 }
1235
1236 mfr.command = 0;
1237 mfr.transaction_id = 0;
1238
1239 // transfer the file
1240 ret = mHandle->receiveFile(mfr, mfr.length == 0 &&
1241 initialData == MTP_BUFFER_SIZE - MTP_CONTAINER_HEADER_SIZE);
1242 if ((ret < 0) && (errno == ECANCELED)) {
1243 isCanceled = true;
1244 }
1245 }
1246
1247 if (mSendObjectModifiedTime) {
1248 struct timespec newTime[2];
1249 newTime[0].tv_nsec = UTIME_NOW;
1250 newTime[1].tv_sec = mSendObjectModifiedTime;
1251 newTime[1].tv_nsec = 0;
1252 if (futimens(mfr.fd, newTime) < 0) {
1253 ALOGW("changing modified time failed, %s", strerror(errno));
1254 }
1255 }
1256
1257 fstat(mfr.fd, &sstat);
1258 closeObjFd(mfr.fd, mSendObjectFilePath);
1259
1260 if (ret < 0) {
1261 ALOGE("Mtp receive file got error %s", strerror(errno));
1262 unlink(mSendObjectFilePath);
1263 if (isCanceled)
1264 result = MTP_RESPONSE_TRANSACTION_CANCELLED;
1265 else
1266 result = MTP_RESPONSE_GENERAL_ERROR;
1267 }
1268
1269 done:
1270 // reset so we don't attempt to send the data back
1271 mData.reset();
1272
1273 mDatabase->endSendObject(mSendObjectHandle, result == MTP_RESPONSE_OK);
1274 mSendObjectHandle = kInvalidObjectHandle;
1275 mSendObjectFormat = 0;
1276 mSendObjectModifiedTime = 0;
1277
1278 auto end = std::chrono::steady_clock::now();
1279 std::chrono::duration<double> diff = end - start;
1280 uint64_t finalsize = sstat.st_size;
1281 ALOGV("Got a file over MTP. Time: %fs, Size: %" PRIu64 ", Rate: %f bytes/s",
1282 diff.count(), finalsize, ((double) finalsize) / diff.count());
1283 return result;
1284 }
1285
doDeleteObject()1286 MtpResponseCode MtpServer::doDeleteObject() {
1287 if (!hasStorage())
1288 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
1289 if (mRequest.getParameterCount() < 1)
1290 return MTP_RESPONSE_INVALID_PARAMETER;
1291 MtpObjectHandle handle = mRequest.getParameter(1);
1292 MtpObjectFormat format;
1293 // FIXME - support deleting all objects if handle is 0xFFFFFFFF
1294 // FIXME - implement deleting objects by format
1295
1296 MtpStringBuffer filePath;
1297 int64_t fileLength;
1298 int result = mDatabase->getObjectFilePath(handle, filePath, fileLength, format);
1299 if (result != MTP_RESPONSE_OK)
1300 return result;
1301
1302 // Don't delete the actual files unless the database deletion is allowed
1303 result = mDatabase->beginDeleteObject(handle);
1304 if (result != MTP_RESPONSE_OK)
1305 return result;
1306
1307 bool success = deletePath((const char *)filePath);
1308
1309 mDatabase->endDeleteObject(handle, success);
1310 return success ? result : MTP_RESPONSE_PARTIAL_DELETION;
1311 }
1312
doGetObjectPropDesc()1313 MtpResponseCode MtpServer::doGetObjectPropDesc() {
1314 if (mRequest.getParameterCount() < 2)
1315 return MTP_RESPONSE_INVALID_PARAMETER;
1316 MtpObjectProperty propCode = mRequest.getParameter(1);
1317 MtpObjectFormat format = mRequest.getParameter(2);
1318 ALOGV("GetObjectPropDesc %s %s\n", MtpDebug::getObjectPropCodeName(propCode),
1319 MtpDebug::getFormatCodeName(format));
1320 MtpProperty* property = mDatabase->getObjectPropertyDesc(propCode, format);
1321 if (!property)
1322 return MTP_RESPONSE_OBJECT_PROP_NOT_SUPPORTED;
1323 property->write(mData);
1324 delete property;
1325 return MTP_RESPONSE_OK;
1326 }
1327
doGetDevicePropDesc()1328 MtpResponseCode MtpServer::doGetDevicePropDesc() {
1329 if (mRequest.getParameterCount() < 1)
1330 return MTP_RESPONSE_INVALID_PARAMETER;
1331 MtpDeviceProperty propCode = mRequest.getParameter(1);
1332 ALOGV("GetDevicePropDesc %s\n", MtpDebug::getDevicePropCodeName(propCode));
1333 MtpProperty* property = mDatabase->getDevicePropertyDesc(propCode);
1334 if (!property)
1335 return MTP_RESPONSE_DEVICE_PROP_NOT_SUPPORTED;
1336 property->write(mData);
1337 delete property;
1338 return MTP_RESPONSE_OK;
1339 }
1340
doSendPartialObject()1341 MtpResponseCode MtpServer::doSendPartialObject() {
1342 if (!hasStorage())
1343 return MTP_RESPONSE_INVALID_OBJECT_HANDLE;
1344 if (mRequest.getParameterCount() < 4)
1345 return MTP_RESPONSE_INVALID_PARAMETER;
1346 MtpObjectHandle handle = mRequest.getParameter(1);
1347 uint64_t offset = mRequest.getParameter(2);
1348 uint64_t offset2 = mRequest.getParameter(3);
1349 offset = offset | (offset2 << 32);
1350 uint32_t length = mRequest.getParameter(4);
1351
1352 ObjectEdit* edit = getEditObject(handle);
1353 if (!edit) {
1354 ALOGE("object not open for edit in doSendPartialObject");
1355 return MTP_RESPONSE_GENERAL_ERROR;
1356 }
1357
1358 // can't start writing past the end of the file
1359 if (offset > edit->mSize) {
1360 ALOGD("writing past end of object, offset: %" PRIu64 ", edit->mSize: %" PRIu64,
1361 offset, edit->mSize);
1362 return MTP_RESPONSE_GENERAL_ERROR;
1363 }
1364
1365 const char* filePath = (const char *)edit->mPath;
1366 ALOGV("receiving partial %s %" PRIu64 " %" PRIu32, filePath, offset, length);
1367
1368 // read the header, and possibly some data
1369 int ret = mData.read(mHandle);
1370 if (ret < MTP_CONTAINER_HEADER_SIZE)
1371 return MTP_RESPONSE_GENERAL_ERROR;
1372 int initialData = ret - MTP_CONTAINER_HEADER_SIZE;
1373
1374 if (initialData > 0) {
1375 ret = pwrite(edit->mFD, mData.getData(), initialData, offset);
1376 offset += initialData;
1377 length -= initialData;
1378 }
1379
1380 bool isCanceled = false;
1381 if (ret < 0) {
1382 ALOGE("failed to write initial data");
1383 } else {
1384 mtp_file_range mfr;
1385 mfr.fd = edit->mFD;
1386 mfr.offset = offset;
1387 mfr.length = length;
1388 mfr.command = 0;
1389 mfr.transaction_id = 0;
1390
1391 // transfer the file
1392 ret = mHandle->receiveFile(mfr, mfr.length == 0 &&
1393 initialData == MTP_BUFFER_SIZE - MTP_CONTAINER_HEADER_SIZE);
1394 if ((ret < 0) && (errno == ECANCELED)) {
1395 isCanceled = true;
1396 }
1397 }
1398 if (ret < 0) {
1399 mResponse.setParameter(1, 0);
1400 if (isCanceled)
1401 return MTP_RESPONSE_TRANSACTION_CANCELLED;
1402 else
1403 return MTP_RESPONSE_GENERAL_ERROR;
1404 }
1405
1406 // reset so we don't attempt to send this back
1407 mData.reset();
1408 mResponse.setParameter(1, length);
1409 uint64_t end = offset + length;
1410 if (end > edit->mSize) {
1411 edit->mSize = end;
1412 }
1413 return MTP_RESPONSE_OK;
1414 }
1415
doTruncateObject()1416 MtpResponseCode MtpServer::doTruncateObject() {
1417 if (mRequest.getParameterCount() < 3)
1418 return MTP_RESPONSE_INVALID_PARAMETER;
1419 MtpObjectHandle handle = mRequest.getParameter(1);
1420 ObjectEdit* edit = getEditObject(handle);
1421 if (!edit) {
1422 ALOGE("object not open for edit in doTruncateObject");
1423 return MTP_RESPONSE_GENERAL_ERROR;
1424 }
1425
1426 uint64_t offset = mRequest.getParameter(2);
1427 uint64_t offset2 = mRequest.getParameter(3);
1428 offset |= (offset2 << 32);
1429 if (ftruncate(edit->mFD, offset) != 0) {
1430 return MTP_RESPONSE_GENERAL_ERROR;
1431 } else {
1432 edit->mSize = offset;
1433 return MTP_RESPONSE_OK;
1434 }
1435 }
1436
doBeginEditObject()1437 MtpResponseCode MtpServer::doBeginEditObject() {
1438 if (mRequest.getParameterCount() < 1)
1439 return MTP_RESPONSE_INVALID_PARAMETER;
1440 MtpObjectHandle handle = mRequest.getParameter(1);
1441 if (getEditObject(handle)) {
1442 ALOGE("object already open for edit in doBeginEditObject");
1443 return MTP_RESPONSE_GENERAL_ERROR;
1444 }
1445
1446 MtpStringBuffer path;
1447 int64_t fileLength;
1448 MtpObjectFormat format;
1449 int result = mDatabase->getObjectFilePath(handle, path, fileLength, format);
1450 if (result != MTP_RESPONSE_OK)
1451 return result;
1452
1453 int fd = open((const char *)path, O_RDWR | O_EXCL);
1454 if (fd < 0) {
1455 ALOGE("open failed for %s in doBeginEditObject (%d)", (const char *)path, errno);
1456 return MTP_RESPONSE_GENERAL_ERROR;
1457 }
1458
1459 addEditObject(handle, path, fileLength, format, fd);
1460 return MTP_RESPONSE_OK;
1461 }
1462
doEndEditObject()1463 MtpResponseCode MtpServer::doEndEditObject() {
1464 if (mRequest.getParameterCount() < 1)
1465 return MTP_RESPONSE_INVALID_PARAMETER;
1466 MtpObjectHandle handle = mRequest.getParameter(1);
1467 ObjectEdit* edit = getEditObject(handle);
1468 if (!edit) {
1469 ALOGE("object not open for edit in doEndEditObject");
1470 return MTP_RESPONSE_GENERAL_ERROR;
1471 }
1472
1473 commitEdit(edit);
1474 removeEditObject(handle);
1475 return MTP_RESPONSE_OK;
1476 }
1477
1478 } // namespace android
1479