1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <cutils/properties.h>
18
19 #include <binder/AppOpsManager.h>
20 #include <binder/BinderService.h>
21 #include <binder/IServiceManager.h>
22 #include <binder/PermissionCache.h>
23
24 #include <gui/SensorEventQueue.h>
25
26 #include <hardware/sensors.h>
27 #include <hardware_legacy/power.h>
28
29 #include <openssl/digest.h>
30 #include <openssl/hmac.h>
31 #include <openssl/rand.h>
32
33 #include "BatteryService.h"
34 #include "CorrectedGyroSensor.h"
35 #include "GravitySensor.h"
36 #include "LinearAccelerationSensor.h"
37 #include "OrientationSensor.h"
38 #include "RotationVectorSensor.h"
39 #include "SensorFusion.h"
40 #include "SensorInterface.h"
41
42 #include "SensorService.h"
43 #include "SensorEventAckReceiver.h"
44 #include "SensorEventConnection.h"
45 #include "SensorRecord.h"
46 #include "SensorRegistrationInfo.h"
47
48 #include <inttypes.h>
49 #include <math.h>
50 #include <sched.h>
51 #include <stdint.h>
52 #include <sys/socket.h>
53 #include <sys/stat.h>
54 #include <sys/types.h>
55 #include <unistd.h>
56
57 namespace android {
58 // ---------------------------------------------------------------------------
59
60 /*
61 * Notes:
62 *
63 * - what about a gyro-corrected magnetic-field sensor?
64 * - run mag sensor from time to time to force calibration
65 * - gravity sensor length is wrong (=> drift in linear-acc sensor)
66 *
67 */
68
69 const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
70 uint8_t SensorService::sHmacGlobalKey[128] = {};
71 bool SensorService::sHmacGlobalKeyIsValid = false;
72
73 #define SENSOR_SERVICE_DIR "/data/system/sensor_service"
74 #define SENSOR_SERVICE_HMAC_KEY_FILE SENSOR_SERVICE_DIR "/hmac_key"
75 #define SENSOR_SERVICE_SCHED_FIFO_PRIORITY 10
76
77 // Permissions.
78 static const String16 sDump("android.permission.DUMP");
79
SensorService()80 SensorService::SensorService()
81 : mInitCheck(NO_INIT), mSocketBufferSize(SOCKET_BUFFER_SIZE_NON_BATCHED),
82 mWakeLockAcquired(false) {
83 }
84
initializeHmacKey()85 bool SensorService::initializeHmacKey() {
86 int fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_RDONLY|O_CLOEXEC);
87 if (fd != -1) {
88 int result = read(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
89 close(fd);
90 if (result == sizeof(sHmacGlobalKey)) {
91 return true;
92 }
93 ALOGW("Unable to read HMAC key; generating new one.");
94 }
95
96 if (RAND_bytes(sHmacGlobalKey, sizeof(sHmacGlobalKey)) == -1) {
97 ALOGW("Can't generate HMAC key; dynamic sensor getId() will be wrong.");
98 return false;
99 }
100
101 // We need to make sure this is only readable to us.
102 bool wroteKey = false;
103 mkdir(SENSOR_SERVICE_DIR, S_IRWXU);
104 fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC,
105 S_IRUSR|S_IWUSR);
106 if (fd != -1) {
107 int result = write(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
108 close(fd);
109 wroteKey = (result == sizeof(sHmacGlobalKey));
110 }
111 if (wroteKey) {
112 ALOGI("Generated new HMAC key.");
113 } else {
114 ALOGW("Unable to write HMAC key; dynamic sensor getId() will change "
115 "after reboot.");
116 }
117 // Even if we failed to write the key we return true, because we did
118 // initialize the HMAC key.
119 return true;
120 }
121
122 // Set main thread to SCHED_FIFO to lower sensor event latency when system is under load
enableSchedFifoMode()123 void SensorService::enableSchedFifoMode() {
124 struct sched_param param = {0};
125 param.sched_priority = SENSOR_SERVICE_SCHED_FIFO_PRIORITY;
126 if (sched_setscheduler(getTid(), SCHED_FIFO | SCHED_RESET_ON_FORK, ¶m) != 0) {
127 ALOGE("Couldn't set SCHED_FIFO for SensorService thread");
128 }
129 }
130
onFirstRef()131 void SensorService::onFirstRef() {
132 ALOGD("nuSensorService starting...");
133 SensorDevice& dev(SensorDevice::getInstance());
134
135 sHmacGlobalKeyIsValid = initializeHmacKey();
136
137 if (dev.initCheck() == NO_ERROR) {
138 sensor_t const* list;
139 ssize_t count = dev.getSensorList(&list);
140 if (count > 0) {
141 ssize_t orientationIndex = -1;
142 bool hasGyro = false, hasAccel = false, hasMag = false;
143 uint32_t virtualSensorsNeeds =
144 (1<<SENSOR_TYPE_GRAVITY) |
145 (1<<SENSOR_TYPE_LINEAR_ACCELERATION) |
146 (1<<SENSOR_TYPE_ROTATION_VECTOR) |
147 (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR) |
148 (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR);
149
150 for (ssize_t i=0 ; i<count ; i++) {
151 bool useThisSensor=true;
152
153 switch (list[i].type) {
154 case SENSOR_TYPE_ACCELEROMETER:
155 hasAccel = true;
156 break;
157 case SENSOR_TYPE_MAGNETIC_FIELD:
158 hasMag = true;
159 break;
160 case SENSOR_TYPE_ORIENTATION:
161 orientationIndex = i;
162 break;
163 case SENSOR_TYPE_GYROSCOPE:
164 case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
165 hasGyro = true;
166 break;
167 case SENSOR_TYPE_GRAVITY:
168 case SENSOR_TYPE_LINEAR_ACCELERATION:
169 case SENSOR_TYPE_ROTATION_VECTOR:
170 case SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR:
171 case SENSOR_TYPE_GAME_ROTATION_VECTOR:
172 if (IGNORE_HARDWARE_FUSION) {
173 useThisSensor = false;
174 } else {
175 virtualSensorsNeeds &= ~(1<<list[i].type);
176 }
177 break;
178 }
179 if (useThisSensor) {
180 registerSensor( new HardwareSensor(list[i]) );
181 }
182 }
183
184 // it's safe to instantiate the SensorFusion object here
185 // (it wants to be instantiated after h/w sensors have been
186 // registered)
187 SensorFusion::getInstance();
188
189 if (hasGyro && hasAccel && hasMag) {
190 // Add Android virtual sensors if they're not already
191 // available in the HAL
192 bool needRotationVector =
193 (virtualSensorsNeeds & (1<<SENSOR_TYPE_ROTATION_VECTOR)) != 0;
194
195 registerSensor(new RotationVectorSensor(), !needRotationVector, true);
196 registerSensor(new OrientationSensor(), !needRotationVector, true);
197
198 bool needLinearAcceleration =
199 (virtualSensorsNeeds & (1<<SENSOR_TYPE_LINEAR_ACCELERATION)) != 0;
200
201 registerSensor(new LinearAccelerationSensor(list, count),
202 !needLinearAcceleration, true);
203
204 // virtual debugging sensors are not for user
205 registerSensor( new CorrectedGyroSensor(list, count), true, true);
206 registerSensor( new GyroDriftSensor(), true, true);
207 }
208
209 if (hasAccel && hasGyro) {
210 bool needGravitySensor = (virtualSensorsNeeds & (1<<SENSOR_TYPE_GRAVITY)) != 0;
211 registerSensor(new GravitySensor(list, count), !needGravitySensor, true);
212
213 bool needGameRotationVector =
214 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR)) != 0;
215 registerSensor(new GameRotationVectorSensor(), !needGameRotationVector, true);
216 }
217
218 if (hasAccel && hasMag) {
219 bool needGeoMagRotationVector =
220 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR)) != 0;
221 registerSensor(new GeoMagRotationVectorSensor(), !needGeoMagRotationVector, true);
222 }
223
224 // Check if the device really supports batching by looking at the FIFO event
225 // counts for each sensor.
226 bool batchingSupported = false;
227 mSensors.forEachSensor(
228 [&batchingSupported] (const Sensor& s) -> bool {
229 if (s.getFifoMaxEventCount() > 0) {
230 batchingSupported = true;
231 }
232 return !batchingSupported;
233 });
234
235 if (batchingSupported) {
236 // Increase socket buffer size to a max of 100 KB for batching capabilities.
237 mSocketBufferSize = MAX_SOCKET_BUFFER_SIZE_BATCHED;
238 } else {
239 mSocketBufferSize = SOCKET_BUFFER_SIZE_NON_BATCHED;
240 }
241
242 // Compare the socketBufferSize value against the system limits and limit
243 // it to maxSystemSocketBufferSize if necessary.
244 FILE *fp = fopen("/proc/sys/net/core/wmem_max", "r");
245 char line[128];
246 if (fp != NULL && fgets(line, sizeof(line), fp) != NULL) {
247 line[sizeof(line) - 1] = '\0';
248 size_t maxSystemSocketBufferSize;
249 sscanf(line, "%zu", &maxSystemSocketBufferSize);
250 if (mSocketBufferSize > maxSystemSocketBufferSize) {
251 mSocketBufferSize = maxSystemSocketBufferSize;
252 }
253 }
254 if (fp) {
255 fclose(fp);
256 }
257
258 mWakeLockAcquired = false;
259 mLooper = new Looper(false);
260 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
261 mSensorEventBuffer = new sensors_event_t[minBufferSize];
262 mSensorEventScratch = new sensors_event_t[minBufferSize];
263 mMapFlushEventsToConnections = new wp<const SensorEventConnection> [minBufferSize];
264 mCurrentOperatingMode = NORMAL;
265
266 mNextSensorRegIndex = 0;
267 for (int i = 0; i < SENSOR_REGISTRATIONS_BUF_SIZE; ++i) {
268 mLastNSensorRegistrations.push();
269 }
270
271 mInitCheck = NO_ERROR;
272 mAckReceiver = new SensorEventAckReceiver(this);
273 mAckReceiver->run("SensorEventAckReceiver", PRIORITY_URGENT_DISPLAY);
274 run("SensorService", PRIORITY_URGENT_DISPLAY);
275
276 // priority can only be changed after run
277 enableSchedFifoMode();
278 }
279 }
280 }
281
registerSensor(SensorInterface * s,bool isDebug,bool isVirtual)282 const Sensor& SensorService::registerSensor(SensorInterface* s, bool isDebug, bool isVirtual) {
283 int handle = s->getSensor().getHandle();
284 int type = s->getSensor().getType();
285 if (mSensors.add(handle, s, isDebug, isVirtual)){
286 mRecentEvent.emplace(handle, new RecentEventLogger(type));
287 return s->getSensor();
288 } else {
289 return mSensors.getNonSensor();
290 }
291 }
292
registerDynamicSensorLocked(SensorInterface * s,bool isDebug)293 const Sensor& SensorService::registerDynamicSensorLocked(SensorInterface* s, bool isDebug) {
294 return registerSensor(s, isDebug);
295 }
296
unregisterDynamicSensorLocked(int handle)297 bool SensorService::unregisterDynamicSensorLocked(int handle) {
298 bool ret = mSensors.remove(handle);
299
300 const auto i = mRecentEvent.find(handle);
301 if (i != mRecentEvent.end()) {
302 delete i->second;
303 mRecentEvent.erase(i);
304 }
305 return ret;
306 }
307
registerVirtualSensor(SensorInterface * s,bool isDebug)308 const Sensor& SensorService::registerVirtualSensor(SensorInterface* s, bool isDebug) {
309 return registerSensor(s, isDebug, true);
310 }
311
~SensorService()312 SensorService::~SensorService() {
313 for (auto && entry : mRecentEvent) {
314 delete entry.second;
315 }
316 }
317
dump(int fd,const Vector<String16> & args)318 status_t SensorService::dump(int fd, const Vector<String16>& args) {
319 String8 result;
320 if (!PermissionCache::checkCallingPermission(sDump)) {
321 result.appendFormat("Permission Denial: can't dump SensorService from pid=%d, uid=%d\n",
322 IPCThreadState::self()->getCallingPid(),
323 IPCThreadState::self()->getCallingUid());
324 } else {
325 bool privileged = IPCThreadState::self()->getCallingUid() == 0;
326 if (args.size() > 2) {
327 return INVALID_OPERATION;
328 }
329 Mutex::Autolock _l(mLock);
330 SensorDevice& dev(SensorDevice::getInstance());
331 if (args.size() == 2 && args[0] == String16("restrict")) {
332 // If already in restricted mode. Ignore.
333 if (mCurrentOperatingMode == RESTRICTED) {
334 return status_t(NO_ERROR);
335 }
336 // If in any mode other than normal, ignore.
337 if (mCurrentOperatingMode != NORMAL) {
338 return INVALID_OPERATION;
339 }
340 mCurrentOperatingMode = RESTRICTED;
341 dev.disableAllSensors();
342 // Clear all pending flush connections for all active sensors. If one of the active
343 // connections has called flush() and the underlying sensor has been disabled before a
344 // flush complete event is returned, we need to remove the connection from this queue.
345 for (size_t i=0 ; i< mActiveSensors.size(); ++i) {
346 mActiveSensors.valueAt(i)->clearAllPendingFlushConnections();
347 }
348 mWhiteListedPackage.setTo(String8(args[1]));
349 return status_t(NO_ERROR);
350 } else if (args.size() == 1 && args[0] == String16("enable")) {
351 // If currently in restricted mode, reset back to NORMAL mode else ignore.
352 if (mCurrentOperatingMode == RESTRICTED) {
353 mCurrentOperatingMode = NORMAL;
354 dev.enableAllSensors();
355 }
356 if (mCurrentOperatingMode == DATA_INJECTION) {
357 resetToNormalModeLocked();
358 }
359 mWhiteListedPackage.clear();
360 return status_t(NO_ERROR);
361 } else if (args.size() == 2 && args[0] == String16("data_injection")) {
362 if (mCurrentOperatingMode == NORMAL) {
363 dev.disableAllSensors();
364 status_t err = dev.setMode(DATA_INJECTION);
365 if (err == NO_ERROR) {
366 mCurrentOperatingMode = DATA_INJECTION;
367 } else {
368 // Re-enable sensors.
369 dev.enableAllSensors();
370 }
371 mWhiteListedPackage.setTo(String8(args[1]));
372 return NO_ERROR;
373 } else if (mCurrentOperatingMode == DATA_INJECTION) {
374 // Already in DATA_INJECTION mode. Treat this as a no_op.
375 return NO_ERROR;
376 } else {
377 // Transition to data injection mode supported only from NORMAL mode.
378 return INVALID_OPERATION;
379 }
380 } else if (!mSensors.hasAnySensor()) {
381 result.append("No Sensors on the device\n");
382 } else {
383 // Default dump the sensor list and debugging information.
384 //
385 result.append("Sensor Device:\n");
386 result.append(SensorDevice::getInstance().dump().c_str());
387
388 result.append("Sensor List:\n");
389 result.append(mSensors.dump().c_str());
390
391 result.append("Fusion States:\n");
392 SensorFusion::getInstance().dump(result);
393
394 result.append("Recent Sensor events:\n");
395 for (auto&& i : mRecentEvent) {
396 sp<SensorInterface> s = mSensors.getInterface(i.first);
397 if (!i.second->isEmpty()) {
398 if (privileged || s->getSensor().getRequiredPermission().isEmpty()) {
399 i.second->setFormat("normal");
400 } else {
401 i.second->setFormat("mask_data");
402 }
403 // if there is events and sensor does not need special permission.
404 result.appendFormat("%s: ", s->getSensor().getName().string());
405 result.append(i.second->dump().c_str());
406 }
407 }
408
409 result.append("Active sensors:\n");
410 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
411 int handle = mActiveSensors.keyAt(i);
412 result.appendFormat("%s (handle=0x%08x, connections=%zu)\n",
413 getSensorName(handle).string(),
414 handle,
415 mActiveSensors.valueAt(i)->getNumConnections());
416 }
417
418 result.appendFormat("Socket Buffer size = %zd events\n",
419 mSocketBufferSize/sizeof(sensors_event_t));
420 result.appendFormat("WakeLock Status: %s \n", mWakeLockAcquired ? "acquired" :
421 "not held");
422 result.appendFormat("Mode :");
423 switch(mCurrentOperatingMode) {
424 case NORMAL:
425 result.appendFormat(" NORMAL\n");
426 break;
427 case RESTRICTED:
428 result.appendFormat(" RESTRICTED : %s\n", mWhiteListedPackage.string());
429 break;
430 case DATA_INJECTION:
431 result.appendFormat(" DATA_INJECTION : %s\n", mWhiteListedPackage.string());
432 }
433 result.appendFormat("%zd active connections\n", mActiveConnections.size());
434
435 for (size_t i=0 ; i < mActiveConnections.size() ; i++) {
436 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
437 if (connection != 0) {
438 result.appendFormat("Connection Number: %zu \n", i);
439 connection->dump(result);
440 }
441 }
442
443 result.appendFormat("Previous Registrations:\n");
444 // Log in the reverse chronological order.
445 int currentIndex = (mNextSensorRegIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
446 SENSOR_REGISTRATIONS_BUF_SIZE;
447 const int startIndex = currentIndex;
448 do {
449 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[currentIndex];
450 if (SensorRegistrationInfo::isSentinel(reg_info)) {
451 // Ignore sentinel, proceed to next item.
452 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
453 SENSOR_REGISTRATIONS_BUF_SIZE;
454 continue;
455 }
456 if (reg_info.mActivated) {
457 result.appendFormat("%02d:%02d:%02d activated handle=0x%08x "
458 "samplingRate=%dus maxReportLatency=%dus package=%s\n",
459 reg_info.mHour, reg_info.mMin, reg_info.mSec, reg_info.mSensorHandle,
460 reg_info.mSamplingRateUs, reg_info.mMaxReportLatencyUs,
461 reg_info.mPackageName.string());
462 } else {
463 result.appendFormat("%02d:%02d:%02d de-activated handle=0x%08x package=%s\n",
464 reg_info.mHour, reg_info.mMin, reg_info.mSec,
465 reg_info.mSensorHandle, reg_info.mPackageName.string());
466 }
467 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
468 SENSOR_REGISTRATIONS_BUF_SIZE;
469 } while(startIndex != currentIndex);
470 }
471 }
472 write(fd, result.string(), result.size());
473 return NO_ERROR;
474 }
475
476 //TODO: move to SensorEventConnection later
cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection> & connection,sensors_event_t const * buffer,const int count)477 void SensorService::cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
478 sensors_event_t const* buffer, const int count) {
479 for (int i=0 ; i<count ; i++) {
480 int handle = buffer[i].sensor;
481 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
482 handle = buffer[i].meta_data.sensor;
483 }
484 if (connection->hasSensor(handle)) {
485 sp<SensorInterface> si = getSensorInterfaceFromHandle(handle);
486 // If this buffer has an event from a one_shot sensor and this connection is registered
487 // for this particular one_shot sensor, try cleaning up the connection.
488 if (si != nullptr &&
489 si->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
490 si->autoDisable(connection.get(), handle);
491 cleanupWithoutDisableLocked(connection, handle);
492 }
493
494 }
495 }
496 }
497
threadLoop()498 bool SensorService::threadLoop() {
499 ALOGD("nuSensorService thread starting...");
500
501 // each virtual sensor could generate an event per "real" event, that's why we need to size
502 // numEventMax much smaller than MAX_RECEIVE_BUFFER_EVENT_COUNT. in practice, this is too
503 // aggressive, but guaranteed to be enough.
504 const size_t vcount = mSensors.getVirtualSensors().size();
505 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
506 const size_t numEventMax = minBufferSize / (1 + vcount);
507
508 SensorDevice& device(SensorDevice::getInstance());
509
510 const int halVersion = device.getHalDeviceVersion();
511 do {
512 ssize_t count = device.poll(mSensorEventBuffer, numEventMax);
513 if (count < 0) {
514 ALOGE("sensor poll failed (%s)", strerror(-count));
515 break;
516 }
517
518 // Reset sensors_event_t.flags to zero for all events in the buffer.
519 for (int i = 0; i < count; i++) {
520 mSensorEventBuffer[i].flags = 0;
521 }
522
523 // Make a copy of the connection vector as some connections may be removed during the course
524 // of this loop (especially when one-shot sensor events are present in the sensor_event
525 // buffer). Promote all connections to StrongPointers before the lock is acquired. If the
526 // destructor of the sp gets called when the lock is acquired, it may result in a deadlock
527 // as ~SensorEventConnection() needs to acquire mLock again for cleanup. So copy all the
528 // strongPointers to a vector before the lock is acquired.
529 SortedVector< sp<SensorEventConnection> > activeConnections;
530 populateActiveConnections(&activeConnections);
531
532 Mutex::Autolock _l(mLock);
533 // Poll has returned. Hold a wakelock if one of the events is from a wake up sensor. The
534 // rest of this loop is under a critical section protected by mLock. Acquiring a wakeLock,
535 // sending events to clients (incrementing SensorEventConnection::mWakeLockRefCount) should
536 // not be interleaved with decrementing SensorEventConnection::mWakeLockRefCount and
537 // releasing the wakelock.
538 bool bufferHasWakeUpEvent = false;
539 for (int i = 0; i < count; i++) {
540 if (isWakeUpSensorEvent(mSensorEventBuffer[i])) {
541 bufferHasWakeUpEvent = true;
542 break;
543 }
544 }
545
546 if (bufferHasWakeUpEvent && !mWakeLockAcquired) {
547 setWakeLockAcquiredLocked(true);
548 }
549 recordLastValueLocked(mSensorEventBuffer, count);
550
551 // handle virtual sensors
552 if (count && vcount) {
553 sensors_event_t const * const event = mSensorEventBuffer;
554 if (!mActiveVirtualSensors.empty()) {
555 size_t k = 0;
556 SensorFusion& fusion(SensorFusion::getInstance());
557 if (fusion.isEnabled()) {
558 for (size_t i=0 ; i<size_t(count) ; i++) {
559 fusion.process(event[i]);
560 }
561 }
562 for (size_t i=0 ; i<size_t(count) && k<minBufferSize ; i++) {
563 for (int handle : mActiveVirtualSensors) {
564 if (count + k >= minBufferSize) {
565 ALOGE("buffer too small to hold all events: "
566 "count=%zd, k=%zu, size=%zu",
567 count, k, minBufferSize);
568 break;
569 }
570 sensors_event_t out;
571 sp<SensorInterface> si = mSensors.getInterface(handle);
572 if (si == nullptr) {
573 ALOGE("handle %d is not an valid virtual sensor", handle);
574 continue;
575 }
576
577 if (si->process(&out, event[i])) {
578 mSensorEventBuffer[count + k] = out;
579 k++;
580 }
581 }
582 }
583 if (k) {
584 // record the last synthesized values
585 recordLastValueLocked(&mSensorEventBuffer[count], k);
586 count += k;
587 // sort the buffer by time-stamps
588 sortEventBuffer(mSensorEventBuffer, count);
589 }
590 }
591 }
592
593 // handle backward compatibility for RotationVector sensor
594 if (halVersion < SENSORS_DEVICE_API_VERSION_1_0) {
595 for (int i = 0; i < count; i++) {
596 if (mSensorEventBuffer[i].type == SENSOR_TYPE_ROTATION_VECTOR) {
597 // All the 4 components of the quaternion should be available
598 // No heading accuracy. Set it to -1
599 mSensorEventBuffer[i].data[4] = -1;
600 }
601 }
602 }
603
604 for (int i = 0; i < count; ++i) {
605 // Map flush_complete_events in the buffer to SensorEventConnections which called flush
606 // on the hardware sensor. mapFlushEventsToConnections[i] will be the
607 // SensorEventConnection mapped to the corresponding flush_complete_event in
608 // mSensorEventBuffer[i] if such a mapping exists (NULL otherwise).
609 mMapFlushEventsToConnections[i] = NULL;
610 if (mSensorEventBuffer[i].type == SENSOR_TYPE_META_DATA) {
611 const int sensor_handle = mSensorEventBuffer[i].meta_data.sensor;
612 SensorRecord* rec = mActiveSensors.valueFor(sensor_handle);
613 if (rec != NULL) {
614 mMapFlushEventsToConnections[i] = rec->getFirstPendingFlushConnection();
615 rec->removeFirstPendingFlushConnection();
616 }
617 }
618
619 // handle dynamic sensor meta events, process registration and unregistration of dynamic
620 // sensor based on content of event.
621 if (mSensorEventBuffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META) {
622 if (mSensorEventBuffer[i].dynamic_sensor_meta.connected) {
623 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
624 const sensor_t& dynamicSensor =
625 *(mSensorEventBuffer[i].dynamic_sensor_meta.sensor);
626 ALOGI("Dynamic sensor handle 0x%x connected, type %d, name %s",
627 handle, dynamicSensor.type, dynamicSensor.name);
628
629 if (mSensors.isNewHandle(handle)) {
630 const auto& uuid = mSensorEventBuffer[i].dynamic_sensor_meta.uuid;
631 sensor_t s = dynamicSensor;
632 // make sure the dynamic sensor flag is set
633 s.flags |= DYNAMIC_SENSOR_MASK;
634 // force the handle to be consistent
635 s.handle = handle;
636
637 SensorInterface *si = new HardwareSensor(s, uuid);
638
639 // This will release hold on dynamic sensor meta, so it should be called
640 // after Sensor object is created.
641 device.handleDynamicSensorConnection(handle, true /*connected*/);
642 registerDynamicSensorLocked(si);
643 } else {
644 ALOGE("Handle %d has been used, cannot use again before reboot.", handle);
645 }
646 } else {
647 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
648 ALOGI("Dynamic sensor handle 0x%x disconnected", handle);
649
650 device.handleDynamicSensorConnection(handle, false /*connected*/);
651 if (!unregisterDynamicSensorLocked(handle)) {
652 ALOGE("Dynamic sensor release error.");
653 }
654
655 size_t numConnections = activeConnections.size();
656 for (size_t i=0 ; i < numConnections; ++i) {
657 if (activeConnections[i] != NULL) {
658 activeConnections[i]->removeSensor(handle);
659 }
660 }
661 }
662 }
663 }
664
665
666 // Send our events to clients. Check the state of wake lock for each client and release the
667 // lock if none of the clients need it.
668 bool needsWakeLock = false;
669 size_t numConnections = activeConnections.size();
670 for (size_t i=0 ; i < numConnections; ++i) {
671 if (activeConnections[i] != 0) {
672 activeConnections[i]->sendEvents(mSensorEventBuffer, count, mSensorEventScratch,
673 mMapFlushEventsToConnections);
674 needsWakeLock |= activeConnections[i]->needsWakeLock();
675 // If the connection has one-shot sensors, it may be cleaned up after first trigger.
676 // Early check for one-shot sensors.
677 if (activeConnections[i]->hasOneShotSensors()) {
678 cleanupAutoDisabledSensorLocked(activeConnections[i], mSensorEventBuffer,
679 count);
680 }
681 }
682 }
683
684 if (mWakeLockAcquired && !needsWakeLock) {
685 setWakeLockAcquiredLocked(false);
686 }
687 } while (!Thread::exitPending());
688
689 ALOGW("Exiting SensorService::threadLoop => aborting...");
690 abort();
691 return false;
692 }
693
getLooper() const694 sp<Looper> SensorService::getLooper() const {
695 return mLooper;
696 }
697
resetAllWakeLockRefCounts()698 void SensorService::resetAllWakeLockRefCounts() {
699 SortedVector< sp<SensorEventConnection> > activeConnections;
700 populateActiveConnections(&activeConnections);
701 {
702 Mutex::Autolock _l(mLock);
703 for (size_t i=0 ; i < activeConnections.size(); ++i) {
704 if (activeConnections[i] != 0) {
705 activeConnections[i]->resetWakeLockRefCount();
706 }
707 }
708 setWakeLockAcquiredLocked(false);
709 }
710 }
711
setWakeLockAcquiredLocked(bool acquire)712 void SensorService::setWakeLockAcquiredLocked(bool acquire) {
713 if (acquire) {
714 if (!mWakeLockAcquired) {
715 acquire_wake_lock(PARTIAL_WAKE_LOCK, WAKE_LOCK_NAME);
716 mWakeLockAcquired = true;
717 }
718 mLooper->wake();
719 } else {
720 if (mWakeLockAcquired) {
721 release_wake_lock(WAKE_LOCK_NAME);
722 mWakeLockAcquired = false;
723 }
724 }
725 }
726
isWakeLockAcquired()727 bool SensorService::isWakeLockAcquired() {
728 Mutex::Autolock _l(mLock);
729 return mWakeLockAcquired;
730 }
731
threadLoop()732 bool SensorService::SensorEventAckReceiver::threadLoop() {
733 ALOGD("new thread SensorEventAckReceiver");
734 sp<Looper> looper = mService->getLooper();
735 do {
736 bool wakeLockAcquired = mService->isWakeLockAcquired();
737 int timeout = -1;
738 if (wakeLockAcquired) timeout = 5000;
739 int ret = looper->pollOnce(timeout);
740 if (ret == ALOOPER_POLL_TIMEOUT) {
741 mService->resetAllWakeLockRefCounts();
742 }
743 } while(!Thread::exitPending());
744 return false;
745 }
746
recordLastValueLocked(const sensors_event_t * buffer,size_t count)747 void SensorService::recordLastValueLocked(
748 const sensors_event_t* buffer, size_t count) {
749 for (size_t i = 0; i < count; i++) {
750 if (buffer[i].type == SENSOR_TYPE_META_DATA ||
751 buffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META ||
752 buffer[i].type == SENSOR_TYPE_ADDITIONAL_INFO) {
753 continue;
754 }
755
756 auto logger = mRecentEvent.find(buffer[i].sensor);
757 if (logger != mRecentEvent.end()) {
758 logger->second->addEvent(buffer[i]);
759 }
760 }
761 }
762
sortEventBuffer(sensors_event_t * buffer,size_t count)763 void SensorService::sortEventBuffer(sensors_event_t* buffer, size_t count) {
764 struct compar {
765 static int cmp(void const* lhs, void const* rhs) {
766 sensors_event_t const* l = static_cast<sensors_event_t const*>(lhs);
767 sensors_event_t const* r = static_cast<sensors_event_t const*>(rhs);
768 return l->timestamp - r->timestamp;
769 }
770 };
771 qsort(buffer, count, sizeof(sensors_event_t), compar::cmp);
772 }
773
getSensorName(int handle) const774 String8 SensorService::getSensorName(int handle) const {
775 return mSensors.getName(handle);
776 }
777
isVirtualSensor(int handle) const778 bool SensorService::isVirtualSensor(int handle) const {
779 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
780 return sensor != nullptr && sensor->isVirtual();
781 }
782
isWakeUpSensorEvent(const sensors_event_t & event) const783 bool SensorService::isWakeUpSensorEvent(const sensors_event_t& event) const {
784 int handle = event.sensor;
785 if (event.type == SENSOR_TYPE_META_DATA) {
786 handle = event.meta_data.sensor;
787 }
788 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
789 return sensor != nullptr && sensor->getSensor().isWakeUpSensor();
790 }
791
getIdFromUuid(const Sensor::uuid_t & uuid) const792 int32_t SensorService::getIdFromUuid(const Sensor::uuid_t &uuid) const {
793 if ((uuid.i64[0] == 0) && (uuid.i64[1] == 0)) {
794 // UUID is not supported for this device.
795 return 0;
796 }
797 if ((uuid.i64[0] == INT64_C(~0)) && (uuid.i64[1] == INT64_C(~0))) {
798 // This sensor can be uniquely identified in the system by
799 // the combination of its type and name.
800 return -1;
801 }
802
803 // We have a dynamic sensor.
804
805 if (!sHmacGlobalKeyIsValid) {
806 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
807 ALOGW("HMAC key failure; dynamic sensor getId() will be wrong.");
808 return 0;
809 }
810
811 // We want each app author/publisher to get a different ID, so that the
812 // same dynamic sensor cannot be tracked across apps by multiple
813 // authors/publishers. So we use both our UUID and our User ID.
814 // Note potential confusion:
815 // UUID => Universally Unique Identifier.
816 // UID => User Identifier.
817 // We refrain from using "uid" except as needed by API to try to
818 // keep this distinction clear.
819
820 auto appUserId = IPCThreadState::self()->getCallingUid();
821 uint8_t uuidAndApp[sizeof(uuid) + sizeof(appUserId)];
822 memcpy(uuidAndApp, &uuid, sizeof(uuid));
823 memcpy(uuidAndApp + sizeof(uuid), &appUserId, sizeof(appUserId));
824
825 // Now we use our key on our UUID/app combo to get the hash.
826 uint8_t hash[EVP_MAX_MD_SIZE];
827 unsigned int hashLen;
828 if (HMAC(EVP_sha256(),
829 sHmacGlobalKey, sizeof(sHmacGlobalKey),
830 uuidAndApp, sizeof(uuidAndApp),
831 hash, &hashLen) == nullptr) {
832 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
833 ALOGW("HMAC failure; dynamic sensor getId() will be wrong.");
834 return 0;
835 }
836
837 int32_t id = 0;
838 if (hashLen < sizeof(id)) {
839 // We never expect this case, but out of paranoia, we handle it.
840 // Our 'id' length is already quite small, we don't want the
841 // effective length of it to be even smaller.
842 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
843 ALOGW("HMAC insufficient; dynamic sensor getId() will be wrong.");
844 return 0;
845 }
846
847 // This is almost certainly less than all of 'hash', but it's as secure
848 // as we can be with our current 'id' length.
849 memcpy(&id, hash, sizeof(id));
850
851 // Note at the beginning of the function that we return the values of
852 // 0 and -1 to represent special cases. As a result, we can't return
853 // those as dynamic sensor IDs. If we happened to hash to one of those
854 // values, we change 'id' so we report as a dynamic sensor, and not as
855 // one of those special cases.
856 if (id == -1) {
857 id = -2;
858 } else if (id == 0) {
859 id = 1;
860 }
861 return id;
862 }
863
makeUuidsIntoIdsForSensorList(Vector<Sensor> & sensorList) const864 void SensorService::makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const {
865 for (auto &sensor : sensorList) {
866 int32_t id = getIdFromUuid(sensor.getUuid());
867 sensor.setId(id);
868 }
869 }
870
getSensorList(const String16 & opPackageName)871 Vector<Sensor> SensorService::getSensorList(const String16& opPackageName) {
872 char value[PROPERTY_VALUE_MAX];
873 property_get("debug.sensors", value, "0");
874 const Vector<Sensor>& initialSensorList = (atoi(value)) ?
875 mSensors.getUserDebugSensors() : mSensors.getUserSensors();
876 Vector<Sensor> accessibleSensorList;
877 for (size_t i = 0; i < initialSensorList.size(); i++) {
878 Sensor sensor = initialSensorList[i];
879 if (canAccessSensor(sensor, "getSensorList", opPackageName)) {
880 accessibleSensorList.add(sensor);
881 } else {
882 ALOGI("Skipped sensor %s because it requires permission %s and app op %d",
883 sensor.getName().string(),
884 sensor.getRequiredPermission().string(),
885 sensor.getRequiredAppOp());
886 }
887 }
888 makeUuidsIntoIdsForSensorList(accessibleSensorList);
889 return accessibleSensorList;
890 }
891
getDynamicSensorList(const String16 & opPackageName)892 Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
893 Vector<Sensor> accessibleSensorList;
894 mSensors.forEachSensor(
895 [&opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
896 if (sensor.isDynamicSensor()) {
897 if (canAccessSensor(sensor, "getDynamicSensorList", opPackageName)) {
898 accessibleSensorList.add(sensor);
899 } else {
900 ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
901 sensor.getName().string(),
902 sensor.getRequiredPermission().string(),
903 sensor.getRequiredAppOp());
904 }
905 }
906 return true;
907 });
908 makeUuidsIntoIdsForSensorList(accessibleSensorList);
909 return accessibleSensorList;
910 }
911
createSensorEventConnection(const String8 & packageName,int requestedMode,const String16 & opPackageName)912 sp<ISensorEventConnection> SensorService::createSensorEventConnection(const String8& packageName,
913 int requestedMode, const String16& opPackageName) {
914 // Only 2 modes supported for a SensorEventConnection ... NORMAL and DATA_INJECTION.
915 if (requestedMode != NORMAL && requestedMode != DATA_INJECTION) {
916 return NULL;
917 }
918
919 Mutex::Autolock _l(mLock);
920 // To create a client in DATA_INJECTION mode to inject data, SensorService should already be
921 // operating in DI mode.
922 if (requestedMode == DATA_INJECTION) {
923 if (mCurrentOperatingMode != DATA_INJECTION) return NULL;
924 if (!isWhiteListedPackage(packageName)) return NULL;
925 }
926
927 uid_t uid = IPCThreadState::self()->getCallingUid();
928 sp<SensorEventConnection> result(new SensorEventConnection(this, uid, packageName,
929 requestedMode == DATA_INJECTION, opPackageName));
930 if (requestedMode == DATA_INJECTION) {
931 if (mActiveConnections.indexOf(result) < 0) {
932 mActiveConnections.add(result);
933 }
934 // Add the associated file descriptor to the Looper for polling whenever there is data to
935 // be injected.
936 result->updateLooperRegistration(mLooper);
937 }
938 return result;
939 }
940
isDataInjectionEnabled()941 int SensorService::isDataInjectionEnabled() {
942 Mutex::Autolock _l(mLock);
943 return (mCurrentOperatingMode == DATA_INJECTION);
944 }
945
resetToNormalMode()946 status_t SensorService::resetToNormalMode() {
947 Mutex::Autolock _l(mLock);
948 return resetToNormalModeLocked();
949 }
950
resetToNormalModeLocked()951 status_t SensorService::resetToNormalModeLocked() {
952 SensorDevice& dev(SensorDevice::getInstance());
953 dev.enableAllSensors();
954 status_t err = dev.setMode(NORMAL);
955 mCurrentOperatingMode = NORMAL;
956 return err;
957 }
958
cleanupConnection(SensorEventConnection * c)959 void SensorService::cleanupConnection(SensorEventConnection* c) {
960 Mutex::Autolock _l(mLock);
961 const wp<SensorEventConnection> connection(c);
962 size_t size = mActiveSensors.size();
963 ALOGD_IF(DEBUG_CONNECTIONS, "%zu active sensors", size);
964 for (size_t i=0 ; i<size ; ) {
965 int handle = mActiveSensors.keyAt(i);
966 if (c->hasSensor(handle)) {
967 ALOGD_IF(DEBUG_CONNECTIONS, "%zu: disabling handle=0x%08x", i, handle);
968 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
969 if (sensor != nullptr) {
970 sensor->activate(c, false);
971 } else {
972 ALOGE("sensor interface of handle=0x%08x is null!", handle);
973 }
974 c->removeSensor(handle);
975 }
976 SensorRecord* rec = mActiveSensors.valueAt(i);
977 ALOGE_IF(!rec, "mActiveSensors[%zu] is null (handle=0x%08x)!", i, handle);
978 ALOGD_IF(DEBUG_CONNECTIONS,
979 "removing connection %p for sensor[%zu].handle=0x%08x",
980 c, i, handle);
981
982 if (rec && rec->removeConnection(connection)) {
983 ALOGD_IF(DEBUG_CONNECTIONS, "... and it was the last connection");
984 mActiveSensors.removeItemsAt(i, 1);
985 mActiveVirtualSensors.erase(handle);
986 delete rec;
987 size--;
988 } else {
989 i++;
990 }
991 }
992 c->updateLooperRegistration(mLooper);
993 mActiveConnections.remove(connection);
994 BatteryService::cleanup(c->getUid());
995 if (c->needsWakeLock()) {
996 checkWakeLockStateLocked();
997 }
998
999 SensorDevice& dev(SensorDevice::getInstance());
1000 dev.notifyConnectionDestroyed(c);
1001 }
1002
getSensorInterfaceFromHandle(int handle) const1003 sp<SensorInterface> SensorService::getSensorInterfaceFromHandle(int handle) const {
1004 return mSensors.getInterface(handle);
1005 }
1006
1007
enable(const sp<SensorEventConnection> & connection,int handle,nsecs_t samplingPeriodNs,nsecs_t maxBatchReportLatencyNs,int reservedFlags,const String16 & opPackageName)1008 status_t SensorService::enable(const sp<SensorEventConnection>& connection,
1009 int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
1010 const String16& opPackageName) {
1011 if (mInitCheck != NO_ERROR)
1012 return mInitCheck;
1013
1014 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1015 if (sensor == nullptr ||
1016 !canAccessSensor(sensor->getSensor(), "Tried enabling", opPackageName)) {
1017 return BAD_VALUE;
1018 }
1019
1020 Mutex::Autolock _l(mLock);
1021 if ((mCurrentOperatingMode == RESTRICTED || mCurrentOperatingMode == DATA_INJECTION)
1022 && !isWhiteListedPackage(connection->getPackageName())) {
1023 return INVALID_OPERATION;
1024 }
1025
1026 SensorRecord* rec = mActiveSensors.valueFor(handle);
1027 if (rec == 0) {
1028 rec = new SensorRecord(connection);
1029 mActiveSensors.add(handle, rec);
1030 if (sensor->isVirtual()) {
1031 mActiveVirtualSensors.emplace(handle);
1032 }
1033 } else {
1034 if (rec->addConnection(connection)) {
1035 // this sensor is already activated, but we are adding a connection that uses it.
1036 // Immediately send down the last known value of the requested sensor if it's not a
1037 // "continuous" sensor.
1038 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
1039 // NOTE: The wake_up flag of this event may get set to
1040 // WAKE_UP_SENSOR_EVENT_NEEDS_ACK if this is a wake_up event.
1041
1042 auto logger = mRecentEvent.find(handle);
1043 if (logger != mRecentEvent.end()) {
1044 sensors_event_t event;
1045 // It is unlikely that this buffer is empty as the sensor is already active.
1046 // One possible corner case may be two applications activating an on-change
1047 // sensor at the same time.
1048 if(logger->second->populateLastEvent(&event)) {
1049 event.sensor = handle;
1050 if (event.version == sizeof(sensors_event_t)) {
1051 if (isWakeUpSensorEvent(event) && !mWakeLockAcquired) {
1052 setWakeLockAcquiredLocked(true);
1053 }
1054 connection->sendEvents(&event, 1, NULL);
1055 if (!connection->needsWakeLock() && mWakeLockAcquired) {
1056 checkWakeLockStateLocked();
1057 }
1058 }
1059 }
1060 }
1061 }
1062 }
1063 }
1064
1065 if (connection->addSensor(handle)) {
1066 BatteryService::enableSensor(connection->getUid(), handle);
1067 // the sensor was added (which means it wasn't already there)
1068 // so, see if this connection becomes active
1069 if (mActiveConnections.indexOf(connection) < 0) {
1070 mActiveConnections.add(connection);
1071 }
1072 } else {
1073 ALOGW("sensor %08x already enabled in connection %p (ignoring)",
1074 handle, connection.get());
1075 }
1076
1077 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1078 if (samplingPeriodNs < minDelayNs) {
1079 samplingPeriodNs = minDelayNs;
1080 }
1081
1082 ALOGD_IF(DEBUG_CONNECTIONS, "Calling batch handle==%d flags=%d"
1083 "rate=%" PRId64 " timeout== %" PRId64"",
1084 handle, reservedFlags, samplingPeriodNs, maxBatchReportLatencyNs);
1085
1086 status_t err = sensor->batch(connection.get(), handle, 0, samplingPeriodNs,
1087 maxBatchReportLatencyNs);
1088
1089 // Call flush() before calling activate() on the sensor. Wait for a first
1090 // flush complete event before sending events on this connection. Ignore
1091 // one-shot sensors which don't support flush(). Ignore on-change sensors
1092 // to maintain the on-change logic (any on-change events except the initial
1093 // one should be trigger by a change in value). Also if this sensor isn't
1094 // already active, don't call flush().
1095 if (err == NO_ERROR &&
1096 sensor->getSensor().getReportingMode() == AREPORTING_MODE_CONTINUOUS &&
1097 rec->getNumConnections() > 1) {
1098 connection->setFirstFlushPending(handle, true);
1099 status_t err_flush = sensor->flush(connection.get(), handle);
1100 // Flush may return error if the underlying h/w sensor uses an older HAL.
1101 if (err_flush == NO_ERROR) {
1102 rec->addPendingFlushConnection(connection.get());
1103 } else {
1104 connection->setFirstFlushPending(handle, false);
1105 }
1106 }
1107
1108 if (err == NO_ERROR) {
1109 ALOGD_IF(DEBUG_CONNECTIONS, "Calling activate on %d", handle);
1110 err = sensor->activate(connection.get(), true);
1111 }
1112
1113 if (err == NO_ERROR) {
1114 connection->updateLooperRegistration(mLooper);
1115 SensorRegistrationInfo ®_info =
1116 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex);
1117 reg_info.mSensorHandle = handle;
1118 reg_info.mSamplingRateUs = samplingPeriodNs/1000;
1119 reg_info.mMaxReportLatencyUs = maxBatchReportLatencyNs/1000;
1120 reg_info.mActivated = true;
1121 reg_info.mPackageName = connection->getPackageName();
1122 time_t rawtime = time(NULL);
1123 struct tm * timeinfo = localtime(&rawtime);
1124 reg_info.mHour = timeinfo->tm_hour;
1125 reg_info.mMin = timeinfo->tm_min;
1126 reg_info.mSec = timeinfo->tm_sec;
1127 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1128 }
1129
1130 if (err != NO_ERROR) {
1131 // batch/activate has failed, reset our state.
1132 cleanupWithoutDisableLocked(connection, handle);
1133 }
1134 return err;
1135 }
1136
disable(const sp<SensorEventConnection> & connection,int handle)1137 status_t SensorService::disable(const sp<SensorEventConnection>& connection, int handle) {
1138 if (mInitCheck != NO_ERROR)
1139 return mInitCheck;
1140
1141 Mutex::Autolock _l(mLock);
1142 status_t err = cleanupWithoutDisableLocked(connection, handle);
1143 if (err == NO_ERROR) {
1144 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1145 err = sensor != nullptr ? sensor->activate(connection.get(), false) : status_t(BAD_VALUE);
1146
1147 }
1148 if (err == NO_ERROR) {
1149 SensorRegistrationInfo ®_info =
1150 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex);
1151 reg_info.mActivated = false;
1152 reg_info.mPackageName= connection->getPackageName();
1153 reg_info.mSensorHandle = handle;
1154 time_t rawtime = time(NULL);
1155 struct tm * timeinfo = localtime(&rawtime);
1156 reg_info.mHour = timeinfo->tm_hour;
1157 reg_info.mMin = timeinfo->tm_min;
1158 reg_info.mSec = timeinfo->tm_sec;
1159 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1160 }
1161 return err;
1162 }
1163
cleanupWithoutDisable(const sp<SensorEventConnection> & connection,int handle)1164 status_t SensorService::cleanupWithoutDisable(
1165 const sp<SensorEventConnection>& connection, int handle) {
1166 Mutex::Autolock _l(mLock);
1167 return cleanupWithoutDisableLocked(connection, handle);
1168 }
1169
cleanupWithoutDisableLocked(const sp<SensorEventConnection> & connection,int handle)1170 status_t SensorService::cleanupWithoutDisableLocked(
1171 const sp<SensorEventConnection>& connection, int handle) {
1172 SensorRecord* rec = mActiveSensors.valueFor(handle);
1173 if (rec) {
1174 // see if this connection becomes inactive
1175 if (connection->removeSensor(handle)) {
1176 BatteryService::disableSensor(connection->getUid(), handle);
1177 }
1178 if (connection->hasAnySensor() == false) {
1179 connection->updateLooperRegistration(mLooper);
1180 mActiveConnections.remove(connection);
1181 }
1182 // see if this sensor becomes inactive
1183 if (rec->removeConnection(connection)) {
1184 mActiveSensors.removeItem(handle);
1185 mActiveVirtualSensors.erase(handle);
1186 delete rec;
1187 }
1188 return NO_ERROR;
1189 }
1190 return BAD_VALUE;
1191 }
1192
setEventRate(const sp<SensorEventConnection> & connection,int handle,nsecs_t ns,const String16 & opPackageName)1193 status_t SensorService::setEventRate(const sp<SensorEventConnection>& connection,
1194 int handle, nsecs_t ns, const String16& opPackageName) {
1195 if (mInitCheck != NO_ERROR)
1196 return mInitCheck;
1197
1198 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1199 if (sensor == nullptr ||
1200 !canAccessSensor(sensor->getSensor(), "Tried configuring", opPackageName)) {
1201 return BAD_VALUE;
1202 }
1203
1204 if (ns < 0)
1205 return BAD_VALUE;
1206
1207 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1208 if (ns < minDelayNs) {
1209 ns = minDelayNs;
1210 }
1211
1212 return sensor->setDelay(connection.get(), handle, ns);
1213 }
1214
flushSensor(const sp<SensorEventConnection> & connection,const String16 & opPackageName)1215 status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
1216 const String16& opPackageName) {
1217 if (mInitCheck != NO_ERROR) return mInitCheck;
1218 SensorDevice& dev(SensorDevice::getInstance());
1219 const int halVersion = dev.getHalDeviceVersion();
1220 status_t err(NO_ERROR);
1221 Mutex::Autolock _l(mLock);
1222 // Loop through all sensors for this connection and call flush on each of them.
1223 for (size_t i = 0; i < connection->mSensorInfo.size(); ++i) {
1224 const int handle = connection->mSensorInfo.keyAt(i);
1225 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1226 if (sensor == nullptr) {
1227 continue;
1228 }
1229 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
1230 ALOGE("flush called on a one-shot sensor");
1231 err = INVALID_OPERATION;
1232 continue;
1233 }
1234 if (halVersion <= SENSORS_DEVICE_API_VERSION_1_0 || isVirtualSensor(handle)) {
1235 // For older devices just increment pending flush count which will send a trivial
1236 // flush complete event.
1237 connection->incrementPendingFlushCount(handle);
1238 } else {
1239 if (!canAccessSensor(sensor->getSensor(), "Tried flushing", opPackageName)) {
1240 err = INVALID_OPERATION;
1241 continue;
1242 }
1243 status_t err_flush = sensor->flush(connection.get(), handle);
1244 if (err_flush == NO_ERROR) {
1245 SensorRecord* rec = mActiveSensors.valueFor(handle);
1246 if (rec != NULL) rec->addPendingFlushConnection(connection);
1247 }
1248 err = (err_flush != NO_ERROR) ? err_flush : err;
1249 }
1250 }
1251 return err;
1252 }
1253
canAccessSensor(const Sensor & sensor,const char * operation,const String16 & opPackageName)1254 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
1255 const String16& opPackageName) {
1256 const String8& requiredPermission = sensor.getRequiredPermission();
1257
1258 if (requiredPermission.length() <= 0) {
1259 return true;
1260 }
1261
1262 bool hasPermission = false;
1263
1264 // Runtime permissions can't use the cache as they may change.
1265 if (sensor.isRequiredPermissionRuntime()) {
1266 hasPermission = checkPermission(String16(requiredPermission),
1267 IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
1268 } else {
1269 hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
1270 }
1271
1272 if (!hasPermission) {
1273 ALOGE("%s a sensor (%s) without holding its required permission: %s",
1274 operation, sensor.getName().string(), sensor.getRequiredPermission().string());
1275 return false;
1276 }
1277
1278 const int32_t opCode = sensor.getRequiredAppOp();
1279 if (opCode >= 0) {
1280 AppOpsManager appOps;
1281 if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
1282 != AppOpsManager::MODE_ALLOWED) {
1283 ALOGE("%s a sensor (%s) without enabled required app op: %d",
1284 operation, sensor.getName().string(), opCode);
1285 return false;
1286 }
1287 }
1288
1289 return true;
1290 }
1291
checkWakeLockState()1292 void SensorService::checkWakeLockState() {
1293 Mutex::Autolock _l(mLock);
1294 checkWakeLockStateLocked();
1295 }
1296
checkWakeLockStateLocked()1297 void SensorService::checkWakeLockStateLocked() {
1298 if (!mWakeLockAcquired) {
1299 return;
1300 }
1301 bool releaseLock = true;
1302 for (size_t i=0 ; i<mActiveConnections.size() ; i++) {
1303 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
1304 if (connection != 0) {
1305 if (connection->needsWakeLock()) {
1306 releaseLock = false;
1307 break;
1308 }
1309 }
1310 }
1311 if (releaseLock) {
1312 setWakeLockAcquiredLocked(false);
1313 }
1314 }
1315
sendEventsFromCache(const sp<SensorEventConnection> & connection)1316 void SensorService::sendEventsFromCache(const sp<SensorEventConnection>& connection) {
1317 Mutex::Autolock _l(mLock);
1318 connection->writeToSocketFromCache();
1319 if (connection->needsWakeLock()) {
1320 setWakeLockAcquiredLocked(true);
1321 }
1322 }
1323
populateActiveConnections(SortedVector<sp<SensorEventConnection>> * activeConnections)1324 void SensorService::populateActiveConnections(
1325 SortedVector< sp<SensorEventConnection> >* activeConnections) {
1326 Mutex::Autolock _l(mLock);
1327 for (size_t i=0 ; i < mActiveConnections.size(); ++i) {
1328 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
1329 if (connection != 0) {
1330 activeConnections->add(connection);
1331 }
1332 }
1333 }
1334
isWhiteListedPackage(const String8 & packageName)1335 bool SensorService::isWhiteListedPackage(const String8& packageName) {
1336 return (packageName.contains(mWhiteListedPackage.string()));
1337 }
1338
1339 }; // namespace android
1340
1341