1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <binder/AppOpsManager.h>
17 #include <binder/BinderService.h>
18 #include <binder/IServiceManager.h>
19 #include <binder/PermissionCache.h>
20 #include <cutils/ashmem.h>
21 #include <cutils/properties.h>
22 #include <hardware/sensors.h>
23 #include <hardware_legacy/power.h>
24 #include <openssl/digest.h>
25 #include <openssl/hmac.h>
26 #include <openssl/rand.h>
27 #include <sensor/SensorEventQueue.h>
28 #include <utils/SystemClock.h>
29
30 #include "BatteryService.h"
31 #include "CorrectedGyroSensor.h"
32 #include "GravitySensor.h"
33 #include "LinearAccelerationSensor.h"
34 #include "OrientationSensor.h"
35 #include "RotationVectorSensor.h"
36 #include "SensorFusion.h"
37 #include "SensorInterface.h"
38
39 #include "SensorService.h"
40 #include "SensorDirectConnection.h"
41 #include "SensorEventAckReceiver.h"
42 #include "SensorEventConnection.h"
43 #include "SensorRecord.h"
44 #include "SensorRegistrationInfo.h"
45
46 #include <inttypes.h>
47 #include <math.h>
48 #include <sched.h>
49 #include <stdint.h>
50 #include <sys/socket.h>
51 #include <sys/stat.h>
52 #include <sys/types.h>
53 #include <unistd.h>
54
55 namespace android {
56 // ---------------------------------------------------------------------------
57
58 /*
59 * Notes:
60 *
61 * - what about a gyro-corrected magnetic-field sensor?
62 * - run mag sensor from time to time to force calibration
63 * - gravity sensor length is wrong (=> drift in linear-acc sensor)
64 *
65 */
66
67 const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
68 uint8_t SensorService::sHmacGlobalKey[128] = {};
69 bool SensorService::sHmacGlobalKeyIsValid = false;
70
71 #define SENSOR_SERVICE_DIR "/data/system/sensor_service"
72 #define SENSOR_SERVICE_HMAC_KEY_FILE SENSOR_SERVICE_DIR "/hmac_key"
73 #define SENSOR_SERVICE_SCHED_FIFO_PRIORITY 10
74
75 // Permissions.
76 static const String16 sDumpPermission("android.permission.DUMP");
77 static const String16 sLocationHardwarePermission("android.permission.LOCATION_HARDWARE");
78
SensorService()79 SensorService::SensorService()
80 : mInitCheck(NO_INIT), mSocketBufferSize(SOCKET_BUFFER_SIZE_NON_BATCHED),
81 mWakeLockAcquired(false) {
82 }
83
initializeHmacKey()84 bool SensorService::initializeHmacKey() {
85 int fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_RDONLY|O_CLOEXEC);
86 if (fd != -1) {
87 int result = read(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
88 close(fd);
89 if (result == sizeof(sHmacGlobalKey)) {
90 return true;
91 }
92 ALOGW("Unable to read HMAC key; generating new one.");
93 }
94
95 if (RAND_bytes(sHmacGlobalKey, sizeof(sHmacGlobalKey)) == -1) {
96 ALOGW("Can't generate HMAC key; dynamic sensor getId() will be wrong.");
97 return false;
98 }
99
100 // We need to make sure this is only readable to us.
101 bool wroteKey = false;
102 mkdir(SENSOR_SERVICE_DIR, S_IRWXU);
103 fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC,
104 S_IRUSR|S_IWUSR);
105 if (fd != -1) {
106 int result = write(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
107 close(fd);
108 wroteKey = (result == sizeof(sHmacGlobalKey));
109 }
110 if (wroteKey) {
111 ALOGI("Generated new HMAC key.");
112 } else {
113 ALOGW("Unable to write HMAC key; dynamic sensor getId() will change "
114 "after reboot.");
115 }
116 // Even if we failed to write the key we return true, because we did
117 // initialize the HMAC key.
118 return true;
119 }
120
121 // Set main thread to SCHED_FIFO to lower sensor event latency when system is under load
enableSchedFifoMode()122 void SensorService::enableSchedFifoMode() {
123 struct sched_param param = {0};
124 param.sched_priority = SENSOR_SERVICE_SCHED_FIFO_PRIORITY;
125 if (sched_setscheduler(getTid(), SCHED_FIFO | SCHED_RESET_ON_FORK, ¶m) != 0) {
126 ALOGE("Couldn't set SCHED_FIFO for SensorService thread");
127 }
128 }
129
onFirstRef()130 void SensorService::onFirstRef() {
131 ALOGD("nuSensorService starting...");
132 SensorDevice& dev(SensorDevice::getInstance());
133
134 sHmacGlobalKeyIsValid = initializeHmacKey();
135
136 if (dev.initCheck() == NO_ERROR) {
137 sensor_t const* list;
138 ssize_t count = dev.getSensorList(&list);
139 if (count > 0) {
140 ssize_t orientationIndex = -1;
141 bool hasGyro = false, hasAccel = false, hasMag = false;
142 uint32_t virtualSensorsNeeds =
143 (1<<SENSOR_TYPE_GRAVITY) |
144 (1<<SENSOR_TYPE_LINEAR_ACCELERATION) |
145 (1<<SENSOR_TYPE_ROTATION_VECTOR) |
146 (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR) |
147 (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR);
148
149 for (ssize_t i=0 ; i<count ; i++) {
150 bool useThisSensor=true;
151
152 switch (list[i].type) {
153 case SENSOR_TYPE_ACCELEROMETER:
154 hasAccel = true;
155 break;
156 case SENSOR_TYPE_MAGNETIC_FIELD:
157 hasMag = true;
158 break;
159 case SENSOR_TYPE_ORIENTATION:
160 orientationIndex = i;
161 break;
162 case SENSOR_TYPE_GYROSCOPE:
163 case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
164 hasGyro = true;
165 break;
166 case SENSOR_TYPE_GRAVITY:
167 case SENSOR_TYPE_LINEAR_ACCELERATION:
168 case SENSOR_TYPE_ROTATION_VECTOR:
169 case SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR:
170 case SENSOR_TYPE_GAME_ROTATION_VECTOR:
171 if (IGNORE_HARDWARE_FUSION) {
172 useThisSensor = false;
173 } else {
174 virtualSensorsNeeds &= ~(1<<list[i].type);
175 }
176 break;
177 }
178 if (useThisSensor) {
179 registerSensor( new HardwareSensor(list[i]) );
180 }
181 }
182
183 // it's safe to instantiate the SensorFusion object here
184 // (it wants to be instantiated after h/w sensors have been
185 // registered)
186 SensorFusion::getInstance();
187
188 if (hasGyro && hasAccel && hasMag) {
189 // Add Android virtual sensors if they're not already
190 // available in the HAL
191 bool needRotationVector =
192 (virtualSensorsNeeds & (1<<SENSOR_TYPE_ROTATION_VECTOR)) != 0;
193
194 registerSensor(new RotationVectorSensor(), !needRotationVector, true);
195 registerSensor(new OrientationSensor(), !needRotationVector, true);
196
197 bool needLinearAcceleration =
198 (virtualSensorsNeeds & (1<<SENSOR_TYPE_LINEAR_ACCELERATION)) != 0;
199
200 registerSensor(new LinearAccelerationSensor(list, count),
201 !needLinearAcceleration, true);
202
203 // virtual debugging sensors are not for user
204 registerSensor( new CorrectedGyroSensor(list, count), true, true);
205 registerSensor( new GyroDriftSensor(), true, true);
206 }
207
208 if (hasAccel && hasGyro) {
209 bool needGravitySensor = (virtualSensorsNeeds & (1<<SENSOR_TYPE_GRAVITY)) != 0;
210 registerSensor(new GravitySensor(list, count), !needGravitySensor, true);
211
212 bool needGameRotationVector =
213 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR)) != 0;
214 registerSensor(new GameRotationVectorSensor(), !needGameRotationVector, true);
215 }
216
217 if (hasAccel && hasMag) {
218 bool needGeoMagRotationVector =
219 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR)) != 0;
220 registerSensor(new GeoMagRotationVectorSensor(), !needGeoMagRotationVector, true);
221 }
222
223 // Check if the device really supports batching by looking at the FIFO event
224 // counts for each sensor.
225 bool batchingSupported = false;
226 mSensors.forEachSensor(
227 [&batchingSupported] (const Sensor& s) -> bool {
228 if (s.getFifoMaxEventCount() > 0) {
229 batchingSupported = true;
230 }
231 return !batchingSupported;
232 });
233
234 if (batchingSupported) {
235 // Increase socket buffer size to a max of 100 KB for batching capabilities.
236 mSocketBufferSize = MAX_SOCKET_BUFFER_SIZE_BATCHED;
237 } else {
238 mSocketBufferSize = SOCKET_BUFFER_SIZE_NON_BATCHED;
239 }
240
241 // Compare the socketBufferSize value against the system limits and limit
242 // it to maxSystemSocketBufferSize if necessary.
243 FILE *fp = fopen("/proc/sys/net/core/wmem_max", "r");
244 char line[128];
245 if (fp != NULL && fgets(line, sizeof(line), fp) != NULL) {
246 line[sizeof(line) - 1] = '\0';
247 size_t maxSystemSocketBufferSize;
248 sscanf(line, "%zu", &maxSystemSocketBufferSize);
249 if (mSocketBufferSize > maxSystemSocketBufferSize) {
250 mSocketBufferSize = maxSystemSocketBufferSize;
251 }
252 }
253 if (fp) {
254 fclose(fp);
255 }
256
257 mWakeLockAcquired = false;
258 mLooper = new Looper(false);
259 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
260 mSensorEventBuffer = new sensors_event_t[minBufferSize];
261 mSensorEventScratch = new sensors_event_t[minBufferSize];
262 mMapFlushEventsToConnections = new wp<const SensorEventConnection> [minBufferSize];
263 mCurrentOperatingMode = NORMAL;
264
265 mNextSensorRegIndex = 0;
266 for (int i = 0; i < SENSOR_REGISTRATIONS_BUF_SIZE; ++i) {
267 mLastNSensorRegistrations.push();
268 }
269
270 mInitCheck = NO_ERROR;
271 mAckReceiver = new SensorEventAckReceiver(this);
272 mAckReceiver->run("SensorEventAckReceiver", PRIORITY_URGENT_DISPLAY);
273 run("SensorService", PRIORITY_URGENT_DISPLAY);
274
275 // priority can only be changed after run
276 enableSchedFifoMode();
277 }
278 }
279 }
280
registerSensor(SensorInterface * s,bool isDebug,bool isVirtual)281 const Sensor& SensorService::registerSensor(SensorInterface* s, bool isDebug, bool isVirtual) {
282 int handle = s->getSensor().getHandle();
283 int type = s->getSensor().getType();
284 if (mSensors.add(handle, s, isDebug, isVirtual)){
285 mRecentEvent.emplace(handle, new RecentEventLogger(type));
286 return s->getSensor();
287 } else {
288 return mSensors.getNonSensor();
289 }
290 }
291
registerDynamicSensorLocked(SensorInterface * s,bool isDebug)292 const Sensor& SensorService::registerDynamicSensorLocked(SensorInterface* s, bool isDebug) {
293 return registerSensor(s, isDebug);
294 }
295
unregisterDynamicSensorLocked(int handle)296 bool SensorService::unregisterDynamicSensorLocked(int handle) {
297 bool ret = mSensors.remove(handle);
298
299 const auto i = mRecentEvent.find(handle);
300 if (i != mRecentEvent.end()) {
301 delete i->second;
302 mRecentEvent.erase(i);
303 }
304 return ret;
305 }
306
registerVirtualSensor(SensorInterface * s,bool isDebug)307 const Sensor& SensorService::registerVirtualSensor(SensorInterface* s, bool isDebug) {
308 return registerSensor(s, isDebug, true);
309 }
310
~SensorService()311 SensorService::~SensorService() {
312 for (auto && entry : mRecentEvent) {
313 delete entry.second;
314 }
315 }
316
dump(int fd,const Vector<String16> & args)317 status_t SensorService::dump(int fd, const Vector<String16>& args) {
318 String8 result;
319 if (!PermissionCache::checkCallingPermission(sDumpPermission)) {
320 result.appendFormat("Permission Denial: can't dump SensorService from pid=%d, uid=%d\n",
321 IPCThreadState::self()->getCallingPid(),
322 IPCThreadState::self()->getCallingUid());
323 } else {
324 bool privileged = IPCThreadState::self()->getCallingUid() == 0;
325 if (args.size() > 2) {
326 return INVALID_OPERATION;
327 }
328 Mutex::Autolock _l(mLock);
329 SensorDevice& dev(SensorDevice::getInstance());
330 if (args.size() == 2 && args[0] == String16("restrict")) {
331 // If already in restricted mode. Ignore.
332 if (mCurrentOperatingMode == RESTRICTED) {
333 return status_t(NO_ERROR);
334 }
335 // If in any mode other than normal, ignore.
336 if (mCurrentOperatingMode != NORMAL) {
337 return INVALID_OPERATION;
338 }
339
340 mCurrentOperatingMode = RESTRICTED;
341 // temporarily stop all sensor direct report
342 for (auto &i : mDirectConnections) {
343 sp<SensorDirectConnection> connection(i.promote());
344 if (connection != nullptr) {
345 connection->stopAll(true /* backupRecord */);
346 }
347 }
348
349 dev.disableAllSensors();
350 // Clear all pending flush connections for all active sensors. If one of the active
351 // connections has called flush() and the underlying sensor has been disabled before a
352 // flush complete event is returned, we need to remove the connection from this queue.
353 for (size_t i=0 ; i< mActiveSensors.size(); ++i) {
354 mActiveSensors.valueAt(i)->clearAllPendingFlushConnections();
355 }
356 mWhiteListedPackage.setTo(String8(args[1]));
357 return status_t(NO_ERROR);
358 } else if (args.size() == 1 && args[0] == String16("enable")) {
359 // If currently in restricted mode, reset back to NORMAL mode else ignore.
360 if (mCurrentOperatingMode == RESTRICTED) {
361 mCurrentOperatingMode = NORMAL;
362 dev.enableAllSensors();
363 // recover all sensor direct report
364 for (auto &i : mDirectConnections) {
365 sp<SensorDirectConnection> connection(i.promote());
366 if (connection != nullptr) {
367 connection->recoverAll();
368 }
369 }
370 }
371 if (mCurrentOperatingMode == DATA_INJECTION) {
372 resetToNormalModeLocked();
373 }
374 mWhiteListedPackage.clear();
375 return status_t(NO_ERROR);
376 } else if (args.size() == 2 && args[0] == String16("data_injection")) {
377 if (mCurrentOperatingMode == NORMAL) {
378 dev.disableAllSensors();
379 status_t err = dev.setMode(DATA_INJECTION);
380 if (err == NO_ERROR) {
381 mCurrentOperatingMode = DATA_INJECTION;
382 } else {
383 // Re-enable sensors.
384 dev.enableAllSensors();
385 }
386 mWhiteListedPackage.setTo(String8(args[1]));
387 return NO_ERROR;
388 } else if (mCurrentOperatingMode == DATA_INJECTION) {
389 // Already in DATA_INJECTION mode. Treat this as a no_op.
390 return NO_ERROR;
391 } else {
392 // Transition to data injection mode supported only from NORMAL mode.
393 return INVALID_OPERATION;
394 }
395 } else if (!mSensors.hasAnySensor()) {
396 result.append("No Sensors on the device\n");
397 } else {
398 // Default dump the sensor list and debugging information.
399 //
400 result.append("Sensor Device:\n");
401 result.append(SensorDevice::getInstance().dump().c_str());
402
403 result.append("Sensor List:\n");
404 result.append(mSensors.dump().c_str());
405
406 result.append("Fusion States:\n");
407 SensorFusion::getInstance().dump(result);
408
409 result.append("Recent Sensor events:\n");
410 for (auto&& i : mRecentEvent) {
411 sp<SensorInterface> s = mSensors.getInterface(i.first);
412 if (!i.second->isEmpty()) {
413 if (privileged || s->getSensor().getRequiredPermission().isEmpty()) {
414 i.second->setFormat("normal");
415 } else {
416 i.second->setFormat("mask_data");
417 }
418 // if there is events and sensor does not need special permission.
419 result.appendFormat("%s: ", s->getSensor().getName().string());
420 result.append(i.second->dump().c_str());
421 }
422 }
423
424 result.append("Active sensors:\n");
425 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
426 int handle = mActiveSensors.keyAt(i);
427 result.appendFormat("%s (handle=0x%08x, connections=%zu)\n",
428 getSensorName(handle).string(),
429 handle,
430 mActiveSensors.valueAt(i)->getNumConnections());
431 }
432
433 result.appendFormat("Socket Buffer size = %zd events\n",
434 mSocketBufferSize/sizeof(sensors_event_t));
435 result.appendFormat("WakeLock Status: %s \n", mWakeLockAcquired ? "acquired" :
436 "not held");
437 result.appendFormat("Mode :");
438 switch(mCurrentOperatingMode) {
439 case NORMAL:
440 result.appendFormat(" NORMAL\n");
441 break;
442 case RESTRICTED:
443 result.appendFormat(" RESTRICTED : %s\n", mWhiteListedPackage.string());
444 break;
445 case DATA_INJECTION:
446 result.appendFormat(" DATA_INJECTION : %s\n", mWhiteListedPackage.string());
447 }
448
449 result.appendFormat("%zd active connections\n", mActiveConnections.size());
450 for (size_t i=0 ; i < mActiveConnections.size() ; i++) {
451 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
452 if (connection != 0) {
453 result.appendFormat("Connection Number: %zu \n", i);
454 connection->dump(result);
455 }
456 }
457
458 result.appendFormat("%zd direct connections\n", mDirectConnections.size());
459 for (size_t i = 0 ; i < mDirectConnections.size() ; i++) {
460 sp<SensorDirectConnection> connection(mDirectConnections[i].promote());
461 if (connection != nullptr) {
462 result.appendFormat("Direct connection %zu:\n", i);
463 connection->dump(result);
464 }
465 }
466
467 result.appendFormat("Previous Registrations:\n");
468 // Log in the reverse chronological order.
469 int currentIndex = (mNextSensorRegIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
470 SENSOR_REGISTRATIONS_BUF_SIZE;
471 const int startIndex = currentIndex;
472 do {
473 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[currentIndex];
474 if (SensorRegistrationInfo::isSentinel(reg_info)) {
475 // Ignore sentinel, proceed to next item.
476 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
477 SENSOR_REGISTRATIONS_BUF_SIZE;
478 continue;
479 }
480 result.appendFormat("%s\n", reg_info.dump().c_str());
481 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
482 SENSOR_REGISTRATIONS_BUF_SIZE;
483 } while(startIndex != currentIndex);
484 }
485 }
486 write(fd, result.string(), result.size());
487 return NO_ERROR;
488 }
489
490 //TODO: move to SensorEventConnection later
cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection> & connection,sensors_event_t const * buffer,const int count)491 void SensorService::cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
492 sensors_event_t const* buffer, const int count) {
493 for (int i=0 ; i<count ; i++) {
494 int handle = buffer[i].sensor;
495 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
496 handle = buffer[i].meta_data.sensor;
497 }
498 if (connection->hasSensor(handle)) {
499 sp<SensorInterface> si = getSensorInterfaceFromHandle(handle);
500 // If this buffer has an event from a one_shot sensor and this connection is registered
501 // for this particular one_shot sensor, try cleaning up the connection.
502 if (si != nullptr &&
503 si->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
504 si->autoDisable(connection.get(), handle);
505 cleanupWithoutDisableLocked(connection, handle);
506 }
507
508 }
509 }
510 }
511
threadLoop()512 bool SensorService::threadLoop() {
513 ALOGD("nuSensorService thread starting...");
514
515 // each virtual sensor could generate an event per "real" event, that's why we need to size
516 // numEventMax much smaller than MAX_RECEIVE_BUFFER_EVENT_COUNT. in practice, this is too
517 // aggressive, but guaranteed to be enough.
518 const size_t vcount = mSensors.getVirtualSensors().size();
519 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
520 const size_t numEventMax = minBufferSize / (1 + vcount);
521
522 SensorDevice& device(SensorDevice::getInstance());
523
524 const int halVersion = device.getHalDeviceVersion();
525 do {
526 ssize_t count = device.poll(mSensorEventBuffer, numEventMax);
527 if (count < 0) {
528 ALOGE("sensor poll failed (%s)", strerror(-count));
529 break;
530 }
531
532 // Reset sensors_event_t.flags to zero for all events in the buffer.
533 for (int i = 0; i < count; i++) {
534 mSensorEventBuffer[i].flags = 0;
535 }
536
537 // Make a copy of the connection vector as some connections may be removed during the course
538 // of this loop (especially when one-shot sensor events are present in the sensor_event
539 // buffer). Promote all connections to StrongPointers before the lock is acquired. If the
540 // destructor of the sp gets called when the lock is acquired, it may result in a deadlock
541 // as ~SensorEventConnection() needs to acquire mLock again for cleanup. So copy all the
542 // strongPointers to a vector before the lock is acquired.
543 SortedVector< sp<SensorEventConnection> > activeConnections;
544 populateActiveConnections(&activeConnections);
545
546 Mutex::Autolock _l(mLock);
547 // Poll has returned. Hold a wakelock if one of the events is from a wake up sensor. The
548 // rest of this loop is under a critical section protected by mLock. Acquiring a wakeLock,
549 // sending events to clients (incrementing SensorEventConnection::mWakeLockRefCount) should
550 // not be interleaved with decrementing SensorEventConnection::mWakeLockRefCount and
551 // releasing the wakelock.
552 bool bufferHasWakeUpEvent = false;
553 for (int i = 0; i < count; i++) {
554 if (isWakeUpSensorEvent(mSensorEventBuffer[i])) {
555 bufferHasWakeUpEvent = true;
556 break;
557 }
558 }
559
560 if (bufferHasWakeUpEvent && !mWakeLockAcquired) {
561 setWakeLockAcquiredLocked(true);
562 }
563 recordLastValueLocked(mSensorEventBuffer, count);
564
565 // handle virtual sensors
566 if (count && vcount) {
567 sensors_event_t const * const event = mSensorEventBuffer;
568 if (!mActiveVirtualSensors.empty()) {
569 size_t k = 0;
570 SensorFusion& fusion(SensorFusion::getInstance());
571 if (fusion.isEnabled()) {
572 for (size_t i=0 ; i<size_t(count) ; i++) {
573 fusion.process(event[i]);
574 }
575 }
576 for (size_t i=0 ; i<size_t(count) && k<minBufferSize ; i++) {
577 for (int handle : mActiveVirtualSensors) {
578 if (count + k >= minBufferSize) {
579 ALOGE("buffer too small to hold all events: "
580 "count=%zd, k=%zu, size=%zu",
581 count, k, minBufferSize);
582 break;
583 }
584 sensors_event_t out;
585 sp<SensorInterface> si = mSensors.getInterface(handle);
586 if (si == nullptr) {
587 ALOGE("handle %d is not an valid virtual sensor", handle);
588 continue;
589 }
590
591 if (si->process(&out, event[i])) {
592 mSensorEventBuffer[count + k] = out;
593 k++;
594 }
595 }
596 }
597 if (k) {
598 // record the last synthesized values
599 recordLastValueLocked(&mSensorEventBuffer[count], k);
600 count += k;
601 // sort the buffer by time-stamps
602 sortEventBuffer(mSensorEventBuffer, count);
603 }
604 }
605 }
606
607 // handle backward compatibility for RotationVector sensor
608 if (halVersion < SENSORS_DEVICE_API_VERSION_1_0) {
609 for (int i = 0; i < count; i++) {
610 if (mSensorEventBuffer[i].type == SENSOR_TYPE_ROTATION_VECTOR) {
611 // All the 4 components of the quaternion should be available
612 // No heading accuracy. Set it to -1
613 mSensorEventBuffer[i].data[4] = -1;
614 }
615 }
616 }
617
618 for (int i = 0; i < count; ++i) {
619 // Map flush_complete_events in the buffer to SensorEventConnections which called flush
620 // on the hardware sensor. mapFlushEventsToConnections[i] will be the
621 // SensorEventConnection mapped to the corresponding flush_complete_event in
622 // mSensorEventBuffer[i] if such a mapping exists (NULL otherwise).
623 mMapFlushEventsToConnections[i] = NULL;
624 if (mSensorEventBuffer[i].type == SENSOR_TYPE_META_DATA) {
625 const int sensor_handle = mSensorEventBuffer[i].meta_data.sensor;
626 SensorRecord* rec = mActiveSensors.valueFor(sensor_handle);
627 if (rec != NULL) {
628 mMapFlushEventsToConnections[i] = rec->getFirstPendingFlushConnection();
629 rec->removeFirstPendingFlushConnection();
630 }
631 }
632
633 // handle dynamic sensor meta events, process registration and unregistration of dynamic
634 // sensor based on content of event.
635 if (mSensorEventBuffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META) {
636 if (mSensorEventBuffer[i].dynamic_sensor_meta.connected) {
637 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
638 const sensor_t& dynamicSensor =
639 *(mSensorEventBuffer[i].dynamic_sensor_meta.sensor);
640 ALOGI("Dynamic sensor handle 0x%x connected, type %d, name %s",
641 handle, dynamicSensor.type, dynamicSensor.name);
642
643 if (mSensors.isNewHandle(handle)) {
644 const auto& uuid = mSensorEventBuffer[i].dynamic_sensor_meta.uuid;
645 sensor_t s = dynamicSensor;
646 // make sure the dynamic sensor flag is set
647 s.flags |= DYNAMIC_SENSOR_MASK;
648 // force the handle to be consistent
649 s.handle = handle;
650
651 SensorInterface *si = new HardwareSensor(s, uuid);
652
653 // This will release hold on dynamic sensor meta, so it should be called
654 // after Sensor object is created.
655 device.handleDynamicSensorConnection(handle, true /*connected*/);
656 registerDynamicSensorLocked(si);
657 } else {
658 ALOGE("Handle %d has been used, cannot use again before reboot.", handle);
659 }
660 } else {
661 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
662 ALOGI("Dynamic sensor handle 0x%x disconnected", handle);
663
664 device.handleDynamicSensorConnection(handle, false /*connected*/);
665 if (!unregisterDynamicSensorLocked(handle)) {
666 ALOGE("Dynamic sensor release error.");
667 }
668
669 size_t numConnections = activeConnections.size();
670 for (size_t i=0 ; i < numConnections; ++i) {
671 if (activeConnections[i] != NULL) {
672 activeConnections[i]->removeSensor(handle);
673 }
674 }
675 }
676 }
677 }
678
679
680 // Send our events to clients. Check the state of wake lock for each client and release the
681 // lock if none of the clients need it.
682 bool needsWakeLock = false;
683 size_t numConnections = activeConnections.size();
684 for (size_t i=0 ; i < numConnections; ++i) {
685 if (activeConnections[i] != 0) {
686 activeConnections[i]->sendEvents(mSensorEventBuffer, count, mSensorEventScratch,
687 mMapFlushEventsToConnections);
688 needsWakeLock |= activeConnections[i]->needsWakeLock();
689 // If the connection has one-shot sensors, it may be cleaned up after first trigger.
690 // Early check for one-shot sensors.
691 if (activeConnections[i]->hasOneShotSensors()) {
692 cleanupAutoDisabledSensorLocked(activeConnections[i], mSensorEventBuffer,
693 count);
694 }
695 }
696 }
697
698 if (mWakeLockAcquired && !needsWakeLock) {
699 setWakeLockAcquiredLocked(false);
700 }
701 } while (!Thread::exitPending());
702
703 ALOGW("Exiting SensorService::threadLoop => aborting...");
704 abort();
705 return false;
706 }
707
getLooper() const708 sp<Looper> SensorService::getLooper() const {
709 return mLooper;
710 }
711
resetAllWakeLockRefCounts()712 void SensorService::resetAllWakeLockRefCounts() {
713 SortedVector< sp<SensorEventConnection> > activeConnections;
714 populateActiveConnections(&activeConnections);
715 {
716 Mutex::Autolock _l(mLock);
717 for (size_t i=0 ; i < activeConnections.size(); ++i) {
718 if (activeConnections[i] != 0) {
719 activeConnections[i]->resetWakeLockRefCount();
720 }
721 }
722 setWakeLockAcquiredLocked(false);
723 }
724 }
725
setWakeLockAcquiredLocked(bool acquire)726 void SensorService::setWakeLockAcquiredLocked(bool acquire) {
727 if (acquire) {
728 if (!mWakeLockAcquired) {
729 acquire_wake_lock(PARTIAL_WAKE_LOCK, WAKE_LOCK_NAME);
730 mWakeLockAcquired = true;
731 }
732 mLooper->wake();
733 } else {
734 if (mWakeLockAcquired) {
735 release_wake_lock(WAKE_LOCK_NAME);
736 mWakeLockAcquired = false;
737 }
738 }
739 }
740
isWakeLockAcquired()741 bool SensorService::isWakeLockAcquired() {
742 Mutex::Autolock _l(mLock);
743 return mWakeLockAcquired;
744 }
745
threadLoop()746 bool SensorService::SensorEventAckReceiver::threadLoop() {
747 ALOGD("new thread SensorEventAckReceiver");
748 sp<Looper> looper = mService->getLooper();
749 do {
750 bool wakeLockAcquired = mService->isWakeLockAcquired();
751 int timeout = -1;
752 if (wakeLockAcquired) timeout = 5000;
753 int ret = looper->pollOnce(timeout);
754 if (ret == ALOOPER_POLL_TIMEOUT) {
755 mService->resetAllWakeLockRefCounts();
756 }
757 } while(!Thread::exitPending());
758 return false;
759 }
760
recordLastValueLocked(const sensors_event_t * buffer,size_t count)761 void SensorService::recordLastValueLocked(
762 const sensors_event_t* buffer, size_t count) {
763 for (size_t i = 0; i < count; i++) {
764 if (buffer[i].type == SENSOR_TYPE_META_DATA ||
765 buffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META ||
766 buffer[i].type == SENSOR_TYPE_ADDITIONAL_INFO) {
767 continue;
768 }
769
770 auto logger = mRecentEvent.find(buffer[i].sensor);
771 if (logger != mRecentEvent.end()) {
772 logger->second->addEvent(buffer[i]);
773 }
774 }
775 }
776
sortEventBuffer(sensors_event_t * buffer,size_t count)777 void SensorService::sortEventBuffer(sensors_event_t* buffer, size_t count) {
778 struct compar {
779 static int cmp(void const* lhs, void const* rhs) {
780 sensors_event_t const* l = static_cast<sensors_event_t const*>(lhs);
781 sensors_event_t const* r = static_cast<sensors_event_t const*>(rhs);
782 return l->timestamp - r->timestamp;
783 }
784 };
785 qsort(buffer, count, sizeof(sensors_event_t), compar::cmp);
786 }
787
getSensorName(int handle) const788 String8 SensorService::getSensorName(int handle) const {
789 return mSensors.getName(handle);
790 }
791
isVirtualSensor(int handle) const792 bool SensorService::isVirtualSensor(int handle) const {
793 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
794 return sensor != nullptr && sensor->isVirtual();
795 }
796
isWakeUpSensorEvent(const sensors_event_t & event) const797 bool SensorService::isWakeUpSensorEvent(const sensors_event_t& event) const {
798 int handle = event.sensor;
799 if (event.type == SENSOR_TYPE_META_DATA) {
800 handle = event.meta_data.sensor;
801 }
802 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
803 return sensor != nullptr && sensor->getSensor().isWakeUpSensor();
804 }
805
getIdFromUuid(const Sensor::uuid_t & uuid) const806 int32_t SensorService::getIdFromUuid(const Sensor::uuid_t &uuid) const {
807 if ((uuid.i64[0] == 0) && (uuid.i64[1] == 0)) {
808 // UUID is not supported for this device.
809 return 0;
810 }
811 if ((uuid.i64[0] == INT64_C(~0)) && (uuid.i64[1] == INT64_C(~0))) {
812 // This sensor can be uniquely identified in the system by
813 // the combination of its type and name.
814 return -1;
815 }
816
817 // We have a dynamic sensor.
818
819 if (!sHmacGlobalKeyIsValid) {
820 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
821 ALOGW("HMAC key failure; dynamic sensor getId() will be wrong.");
822 return 0;
823 }
824
825 // We want each app author/publisher to get a different ID, so that the
826 // same dynamic sensor cannot be tracked across apps by multiple
827 // authors/publishers. So we use both our UUID and our User ID.
828 // Note potential confusion:
829 // UUID => Universally Unique Identifier.
830 // UID => User Identifier.
831 // We refrain from using "uid" except as needed by API to try to
832 // keep this distinction clear.
833
834 auto appUserId = IPCThreadState::self()->getCallingUid();
835 uint8_t uuidAndApp[sizeof(uuid) + sizeof(appUserId)];
836 memcpy(uuidAndApp, &uuid, sizeof(uuid));
837 memcpy(uuidAndApp + sizeof(uuid), &appUserId, sizeof(appUserId));
838
839 // Now we use our key on our UUID/app combo to get the hash.
840 uint8_t hash[EVP_MAX_MD_SIZE];
841 unsigned int hashLen;
842 if (HMAC(EVP_sha256(),
843 sHmacGlobalKey, sizeof(sHmacGlobalKey),
844 uuidAndApp, sizeof(uuidAndApp),
845 hash, &hashLen) == nullptr) {
846 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
847 ALOGW("HMAC failure; dynamic sensor getId() will be wrong.");
848 return 0;
849 }
850
851 int32_t id = 0;
852 if (hashLen < sizeof(id)) {
853 // We never expect this case, but out of paranoia, we handle it.
854 // Our 'id' length is already quite small, we don't want the
855 // effective length of it to be even smaller.
856 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
857 ALOGW("HMAC insufficient; dynamic sensor getId() will be wrong.");
858 return 0;
859 }
860
861 // This is almost certainly less than all of 'hash', but it's as secure
862 // as we can be with our current 'id' length.
863 memcpy(&id, hash, sizeof(id));
864
865 // Note at the beginning of the function that we return the values of
866 // 0 and -1 to represent special cases. As a result, we can't return
867 // those as dynamic sensor IDs. If we happened to hash to one of those
868 // values, we change 'id' so we report as a dynamic sensor, and not as
869 // one of those special cases.
870 if (id == -1) {
871 id = -2;
872 } else if (id == 0) {
873 id = 1;
874 }
875 return id;
876 }
877
makeUuidsIntoIdsForSensorList(Vector<Sensor> & sensorList) const878 void SensorService::makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const {
879 for (auto &sensor : sensorList) {
880 int32_t id = getIdFromUuid(sensor.getUuid());
881 sensor.setId(id);
882 }
883 }
884
getSensorList(const String16 &)885 Vector<Sensor> SensorService::getSensorList(const String16& /* opPackageName */) {
886 char value[PROPERTY_VALUE_MAX];
887 property_get("debug.sensors", value, "0");
888 const Vector<Sensor>& initialSensorList = (atoi(value)) ?
889 mSensors.getUserDebugSensors() : mSensors.getUserSensors();
890 Vector<Sensor> accessibleSensorList;
891 for (size_t i = 0; i < initialSensorList.size(); i++) {
892 Sensor sensor = initialSensorList[i];
893 accessibleSensorList.add(sensor);
894 }
895 makeUuidsIntoIdsForSensorList(accessibleSensorList);
896 return accessibleSensorList;
897 }
898
getDynamicSensorList(const String16 & opPackageName)899 Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
900 Vector<Sensor> accessibleSensorList;
901 mSensors.forEachSensor(
902 [&opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
903 if (sensor.isDynamicSensor()) {
904 if (canAccessSensor(sensor, "getDynamicSensorList", opPackageName)) {
905 accessibleSensorList.add(sensor);
906 } else {
907 ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
908 sensor.getName().string(),
909 sensor.getRequiredPermission().string(),
910 sensor.getRequiredAppOp());
911 }
912 }
913 return true;
914 });
915 makeUuidsIntoIdsForSensorList(accessibleSensorList);
916 return accessibleSensorList;
917 }
918
createSensorEventConnection(const String8 & packageName,int requestedMode,const String16 & opPackageName)919 sp<ISensorEventConnection> SensorService::createSensorEventConnection(const String8& packageName,
920 int requestedMode, const String16& opPackageName) {
921 // Only 2 modes supported for a SensorEventConnection ... NORMAL and DATA_INJECTION.
922 if (requestedMode != NORMAL && requestedMode != DATA_INJECTION) {
923 return NULL;
924 }
925
926 Mutex::Autolock _l(mLock);
927 // To create a client in DATA_INJECTION mode to inject data, SensorService should already be
928 // operating in DI mode.
929 if (requestedMode == DATA_INJECTION) {
930 if (mCurrentOperatingMode != DATA_INJECTION) return NULL;
931 if (!isWhiteListedPackage(packageName)) return NULL;
932 }
933
934 uid_t uid = IPCThreadState::self()->getCallingUid();
935 sp<SensorEventConnection> result(new SensorEventConnection(this, uid, packageName,
936 requestedMode == DATA_INJECTION, opPackageName));
937 if (requestedMode == DATA_INJECTION) {
938 if (mActiveConnections.indexOf(result) < 0) {
939 mActiveConnections.add(result);
940 }
941 // Add the associated file descriptor to the Looper for polling whenever there is data to
942 // be injected.
943 result->updateLooperRegistration(mLooper);
944 }
945 return result;
946 }
947
isDataInjectionEnabled()948 int SensorService::isDataInjectionEnabled() {
949 Mutex::Autolock _l(mLock);
950 return (mCurrentOperatingMode == DATA_INJECTION);
951 }
952
createSensorDirectConnection(const String16 & opPackageName,uint32_t size,int32_t type,int32_t format,const native_handle * resource)953 sp<ISensorEventConnection> SensorService::createSensorDirectConnection(
954 const String16& opPackageName, uint32_t size, int32_t type, int32_t format,
955 const native_handle *resource) {
956 Mutex::Autolock _l(mLock);
957
958 struct sensors_direct_mem_t mem = {
959 .type = type,
960 .format = format,
961 .size = size,
962 .handle = resource,
963 };
964 uid_t uid = IPCThreadState::self()->getCallingUid();
965
966 if (mem.handle == nullptr) {
967 ALOGE("Failed to clone resource handle");
968 return nullptr;
969 }
970
971 // check format
972 if (format != SENSOR_DIRECT_FMT_SENSORS_EVENT) {
973 ALOGE("Direct channel format %d is unsupported!", format);
974 return nullptr;
975 }
976
977 // check for duplication
978 for (auto &i : mDirectConnections) {
979 sp<SensorDirectConnection> connection(i.promote());
980 if (connection != nullptr && connection->isEquivalent(&mem)) {
981 ALOGE("Duplicate create channel request for the same share memory");
982 return nullptr;
983 }
984 }
985
986 // check specific to memory type
987 switch(type) {
988 case SENSOR_DIRECT_MEM_TYPE_ASHMEM: { // channel backed by ashmem
989 int fd = resource->data[0];
990 int size2 = ashmem_get_size_region(fd);
991 // check size consistency
992 if (size2 < static_cast<int>(size)) {
993 ALOGE("Ashmem direct channel size %" PRIu32 " greater than shared memory size %d",
994 size, size2);
995 return nullptr;
996 }
997 break;
998 }
999 case SENSOR_DIRECT_MEM_TYPE_GRALLOC:
1000 // no specific checks for gralloc
1001 break;
1002 default:
1003 ALOGE("Unknown direct connection memory type %d", type);
1004 return nullptr;
1005 }
1006
1007 native_handle_t *clone = native_handle_clone(resource);
1008 if (!clone) {
1009 return nullptr;
1010 }
1011
1012 SensorDirectConnection* conn = nullptr;
1013 SensorDevice& dev(SensorDevice::getInstance());
1014 int channelHandle = dev.registerDirectChannel(&mem);
1015
1016 if (channelHandle <= 0) {
1017 ALOGE("SensorDevice::registerDirectChannel returns %d", channelHandle);
1018 } else {
1019 mem.handle = clone;
1020 conn = new SensorDirectConnection(this, uid, &mem, channelHandle, opPackageName);
1021 }
1022
1023 if (conn == nullptr) {
1024 native_handle_close(clone);
1025 native_handle_delete(clone);
1026 } else {
1027 // add to list of direct connections
1028 // sensor service should never hold pointer or sp of SensorDirectConnection object.
1029 mDirectConnections.add(wp<SensorDirectConnection>(conn));
1030 }
1031 return conn;
1032 }
1033
setOperationParameter(int32_t type,const Vector<float> & floats,const Vector<int32_t> & ints)1034 int SensorService::setOperationParameter(
1035 int32_t type, const Vector<float> &floats, const Vector<int32_t> &ints) {
1036 Mutex::Autolock _l(mLock);
1037
1038 // check permission
1039 int32_t uid;
1040 bool hasPermission = checkCallingPermission(sLocationHardwarePermission, nullptr, &uid);
1041 if (!hasPermission || (uid != 1000 && uid != 0)) {
1042 return PERMISSION_DENIED;
1043 }
1044
1045 bool isFloat = true;
1046 size_t expectSize = INT32_MAX;
1047 switch (type) {
1048 case AINFO_LOCAL_GEOMAGNETIC_FIELD:
1049 isFloat = true;
1050 expectSize = 3;
1051 break;
1052 case AINFO_LOCAL_GRAVITY:
1053 isFloat = true;
1054 expectSize = 1;
1055 break;
1056 case AINFO_DOCK_STATE:
1057 case AINFO_HIGH_PERFORMANCE_MODE:
1058 case AINFO_MAGNETIC_FIELD_CALIBRATION:
1059 isFloat = false;
1060 expectSize = 1;
1061 break;
1062 default:
1063 return BAD_VALUE;
1064 }
1065
1066 // three events: first one is begin tag, last one is end tag, the one in the middle
1067 // is the payload.
1068 sensors_event_t event[3];
1069 int64_t timestamp = elapsedRealtimeNano();
1070 for (sensors_event_t* i = event; i < event + 3; i++) {
1071 *i = (sensors_event_t) {
1072 .version = sizeof(sensors_event_t),
1073 .sensor = SENSORS_HANDLE_BASE - 1, // sensor that never exists
1074 .type = SENSOR_TYPE_ADDITIONAL_INFO,
1075 .timestamp = timestamp++,
1076 .additional_info = (additional_info_event_t) {
1077 .serial = 0
1078 }
1079 };
1080 }
1081
1082 event[0].additional_info.type = AINFO_BEGIN;
1083 event[1].additional_info.type = type;
1084 event[2].additional_info.type = AINFO_END;
1085
1086 if (isFloat) {
1087 if (floats.size() != expectSize) {
1088 return BAD_VALUE;
1089 }
1090 for (size_t i = 0; i < expectSize; ++i) {
1091 event[1].additional_info.data_float[i] = floats[i];
1092 }
1093 } else {
1094 if (ints.size() != expectSize) {
1095 return BAD_VALUE;
1096 }
1097 for (size_t i = 0; i < expectSize; ++i) {
1098 event[1].additional_info.data_int32[i] = ints[i];
1099 }
1100 }
1101
1102 SensorDevice& dev(SensorDevice::getInstance());
1103 for (sensors_event_t* i = event; i < event + 3; i++) {
1104 int ret = dev.injectSensorData(i);
1105 if (ret != NO_ERROR) {
1106 return ret;
1107 }
1108 }
1109 return NO_ERROR;
1110 }
1111
resetToNormalMode()1112 status_t SensorService::resetToNormalMode() {
1113 Mutex::Autolock _l(mLock);
1114 return resetToNormalModeLocked();
1115 }
1116
resetToNormalModeLocked()1117 status_t SensorService::resetToNormalModeLocked() {
1118 SensorDevice& dev(SensorDevice::getInstance());
1119 status_t err = dev.setMode(NORMAL);
1120 if (err == NO_ERROR) {
1121 mCurrentOperatingMode = NORMAL;
1122 dev.enableAllSensors();
1123 }
1124 return err;
1125 }
1126
cleanupConnection(SensorEventConnection * c)1127 void SensorService::cleanupConnection(SensorEventConnection* c) {
1128 Mutex::Autolock _l(mLock);
1129 const wp<SensorEventConnection> connection(c);
1130 size_t size = mActiveSensors.size();
1131 ALOGD_IF(DEBUG_CONNECTIONS, "%zu active sensors", size);
1132 for (size_t i=0 ; i<size ; ) {
1133 int handle = mActiveSensors.keyAt(i);
1134 if (c->hasSensor(handle)) {
1135 ALOGD_IF(DEBUG_CONNECTIONS, "%zu: disabling handle=0x%08x", i, handle);
1136 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1137 if (sensor != nullptr) {
1138 sensor->activate(c, false);
1139 } else {
1140 ALOGE("sensor interface of handle=0x%08x is null!", handle);
1141 }
1142 c->removeSensor(handle);
1143 }
1144 SensorRecord* rec = mActiveSensors.valueAt(i);
1145 ALOGE_IF(!rec, "mActiveSensors[%zu] is null (handle=0x%08x)!", i, handle);
1146 ALOGD_IF(DEBUG_CONNECTIONS,
1147 "removing connection %p for sensor[%zu].handle=0x%08x",
1148 c, i, handle);
1149
1150 if (rec && rec->removeConnection(connection)) {
1151 ALOGD_IF(DEBUG_CONNECTIONS, "... and it was the last connection");
1152 mActiveSensors.removeItemsAt(i, 1);
1153 mActiveVirtualSensors.erase(handle);
1154 delete rec;
1155 size--;
1156 } else {
1157 i++;
1158 }
1159 }
1160 c->updateLooperRegistration(mLooper);
1161 mActiveConnections.remove(connection);
1162 BatteryService::cleanup(c->getUid());
1163 if (c->needsWakeLock()) {
1164 checkWakeLockStateLocked();
1165 }
1166
1167 SensorDevice& dev(SensorDevice::getInstance());
1168 dev.notifyConnectionDestroyed(c);
1169 }
1170
cleanupConnection(SensorDirectConnection * c)1171 void SensorService::cleanupConnection(SensorDirectConnection* c) {
1172 Mutex::Autolock _l(mLock);
1173
1174 SensorDevice& dev(SensorDevice::getInstance());
1175 dev.unregisterDirectChannel(c->getHalChannelHandle());
1176 mDirectConnections.remove(c);
1177 }
1178
getSensorInterfaceFromHandle(int handle) const1179 sp<SensorInterface> SensorService::getSensorInterfaceFromHandle(int handle) const {
1180 return mSensors.getInterface(handle);
1181 }
1182
enable(const sp<SensorEventConnection> & connection,int handle,nsecs_t samplingPeriodNs,nsecs_t maxBatchReportLatencyNs,int reservedFlags,const String16 & opPackageName)1183 status_t SensorService::enable(const sp<SensorEventConnection>& connection,
1184 int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
1185 const String16& opPackageName) {
1186 if (mInitCheck != NO_ERROR)
1187 return mInitCheck;
1188
1189 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1190 if (sensor == nullptr ||
1191 !canAccessSensor(sensor->getSensor(), "Tried enabling", opPackageName)) {
1192 return BAD_VALUE;
1193 }
1194
1195 Mutex::Autolock _l(mLock);
1196 if (mCurrentOperatingMode != NORMAL
1197 && !isWhiteListedPackage(connection->getPackageName())) {
1198 return INVALID_OPERATION;
1199 }
1200
1201 SensorRecord* rec = mActiveSensors.valueFor(handle);
1202 if (rec == 0) {
1203 rec = new SensorRecord(connection);
1204 mActiveSensors.add(handle, rec);
1205 if (sensor->isVirtual()) {
1206 mActiveVirtualSensors.emplace(handle);
1207 }
1208 } else {
1209 if (rec->addConnection(connection)) {
1210 // this sensor is already activated, but we are adding a connection that uses it.
1211 // Immediately send down the last known value of the requested sensor if it's not a
1212 // "continuous" sensor.
1213 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
1214 // NOTE: The wake_up flag of this event may get set to
1215 // WAKE_UP_SENSOR_EVENT_NEEDS_ACK if this is a wake_up event.
1216
1217 auto logger = mRecentEvent.find(handle);
1218 if (logger != mRecentEvent.end()) {
1219 sensors_event_t event;
1220 // It is unlikely that this buffer is empty as the sensor is already active.
1221 // One possible corner case may be two applications activating an on-change
1222 // sensor at the same time.
1223 if(logger->second->populateLastEvent(&event)) {
1224 event.sensor = handle;
1225 if (event.version == sizeof(sensors_event_t)) {
1226 if (isWakeUpSensorEvent(event) && !mWakeLockAcquired) {
1227 setWakeLockAcquiredLocked(true);
1228 }
1229 connection->sendEvents(&event, 1, NULL);
1230 if (!connection->needsWakeLock() && mWakeLockAcquired) {
1231 checkWakeLockStateLocked();
1232 }
1233 }
1234 }
1235 }
1236 }
1237 }
1238 }
1239
1240 if (connection->addSensor(handle)) {
1241 BatteryService::enableSensor(connection->getUid(), handle);
1242 // the sensor was added (which means it wasn't already there)
1243 // so, see if this connection becomes active
1244 if (mActiveConnections.indexOf(connection) < 0) {
1245 mActiveConnections.add(connection);
1246 }
1247 } else {
1248 ALOGW("sensor %08x already enabled in connection %p (ignoring)",
1249 handle, connection.get());
1250 }
1251
1252 // Check maximum delay for the sensor.
1253 nsecs_t maxDelayNs = sensor->getSensor().getMaxDelay() * 1000LL;
1254 if (maxDelayNs > 0 && (samplingPeriodNs > maxDelayNs)) {
1255 samplingPeriodNs = maxDelayNs;
1256 }
1257
1258 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1259 if (samplingPeriodNs < minDelayNs) {
1260 samplingPeriodNs = minDelayNs;
1261 }
1262
1263 ALOGD_IF(DEBUG_CONNECTIONS, "Calling batch handle==%d flags=%d"
1264 "rate=%" PRId64 " timeout== %" PRId64"",
1265 handle, reservedFlags, samplingPeriodNs, maxBatchReportLatencyNs);
1266
1267 status_t err = sensor->batch(connection.get(), handle, 0, samplingPeriodNs,
1268 maxBatchReportLatencyNs);
1269
1270 // Call flush() before calling activate() on the sensor. Wait for a first
1271 // flush complete event before sending events on this connection. Ignore
1272 // one-shot sensors which don't support flush(). Ignore on-change sensors
1273 // to maintain the on-change logic (any on-change events except the initial
1274 // one should be trigger by a change in value). Also if this sensor isn't
1275 // already active, don't call flush().
1276 if (err == NO_ERROR &&
1277 sensor->getSensor().getReportingMode() == AREPORTING_MODE_CONTINUOUS &&
1278 rec->getNumConnections() > 1) {
1279 connection->setFirstFlushPending(handle, true);
1280 status_t err_flush = sensor->flush(connection.get(), handle);
1281 // Flush may return error if the underlying h/w sensor uses an older HAL.
1282 if (err_flush == NO_ERROR) {
1283 rec->addPendingFlushConnection(connection.get());
1284 } else {
1285 connection->setFirstFlushPending(handle, false);
1286 }
1287 }
1288
1289 if (err == NO_ERROR) {
1290 ALOGD_IF(DEBUG_CONNECTIONS, "Calling activate on %d", handle);
1291 err = sensor->activate(connection.get(), true);
1292 }
1293
1294 if (err == NO_ERROR) {
1295 connection->updateLooperRegistration(mLooper);
1296
1297 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
1298 SensorRegistrationInfo(handle, connection->getPackageName(),
1299 samplingPeriodNs, maxBatchReportLatencyNs, true);
1300 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1301 }
1302
1303 if (err != NO_ERROR) {
1304 // batch/activate has failed, reset our state.
1305 cleanupWithoutDisableLocked(connection, handle);
1306 }
1307 return err;
1308 }
1309
disable(const sp<SensorEventConnection> & connection,int handle)1310 status_t SensorService::disable(const sp<SensorEventConnection>& connection, int handle) {
1311 if (mInitCheck != NO_ERROR)
1312 return mInitCheck;
1313
1314 Mutex::Autolock _l(mLock);
1315 status_t err = cleanupWithoutDisableLocked(connection, handle);
1316 if (err == NO_ERROR) {
1317 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1318 err = sensor != nullptr ? sensor->activate(connection.get(), false) : status_t(BAD_VALUE);
1319
1320 }
1321 if (err == NO_ERROR) {
1322 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
1323 SensorRegistrationInfo(handle, connection->getPackageName(), 0, 0, false);
1324 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1325 }
1326 return err;
1327 }
1328
cleanupWithoutDisable(const sp<SensorEventConnection> & connection,int handle)1329 status_t SensorService::cleanupWithoutDisable(
1330 const sp<SensorEventConnection>& connection, int handle) {
1331 Mutex::Autolock _l(mLock);
1332 return cleanupWithoutDisableLocked(connection, handle);
1333 }
1334
cleanupWithoutDisableLocked(const sp<SensorEventConnection> & connection,int handle)1335 status_t SensorService::cleanupWithoutDisableLocked(
1336 const sp<SensorEventConnection>& connection, int handle) {
1337 SensorRecord* rec = mActiveSensors.valueFor(handle);
1338 if (rec) {
1339 // see if this connection becomes inactive
1340 if (connection->removeSensor(handle)) {
1341 BatteryService::disableSensor(connection->getUid(), handle);
1342 }
1343 if (connection->hasAnySensor() == false) {
1344 connection->updateLooperRegistration(mLooper);
1345 mActiveConnections.remove(connection);
1346 }
1347 // see if this sensor becomes inactive
1348 if (rec->removeConnection(connection)) {
1349 mActiveSensors.removeItem(handle);
1350 mActiveVirtualSensors.erase(handle);
1351 delete rec;
1352 }
1353 return NO_ERROR;
1354 }
1355 return BAD_VALUE;
1356 }
1357
setEventRate(const sp<SensorEventConnection> & connection,int handle,nsecs_t ns,const String16 & opPackageName)1358 status_t SensorService::setEventRate(const sp<SensorEventConnection>& connection,
1359 int handle, nsecs_t ns, const String16& opPackageName) {
1360 if (mInitCheck != NO_ERROR)
1361 return mInitCheck;
1362
1363 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1364 if (sensor == nullptr ||
1365 !canAccessSensor(sensor->getSensor(), "Tried configuring", opPackageName)) {
1366 return BAD_VALUE;
1367 }
1368
1369 if (ns < 0)
1370 return BAD_VALUE;
1371
1372 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1373 if (ns < minDelayNs) {
1374 ns = minDelayNs;
1375 }
1376
1377 return sensor->setDelay(connection.get(), handle, ns);
1378 }
1379
flushSensor(const sp<SensorEventConnection> & connection,const String16 & opPackageName)1380 status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
1381 const String16& opPackageName) {
1382 if (mInitCheck != NO_ERROR) return mInitCheck;
1383 SensorDevice& dev(SensorDevice::getInstance());
1384 const int halVersion = dev.getHalDeviceVersion();
1385 status_t err(NO_ERROR);
1386 Mutex::Autolock _l(mLock);
1387 // Loop through all sensors for this connection and call flush on each of them.
1388 for (size_t i = 0; i < connection->mSensorInfo.size(); ++i) {
1389 const int handle = connection->mSensorInfo.keyAt(i);
1390 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1391 if (sensor == nullptr) {
1392 continue;
1393 }
1394 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
1395 ALOGE("flush called on a one-shot sensor");
1396 err = INVALID_OPERATION;
1397 continue;
1398 }
1399 if (halVersion <= SENSORS_DEVICE_API_VERSION_1_0 || isVirtualSensor(handle)) {
1400 // For older devices just increment pending flush count which will send a trivial
1401 // flush complete event.
1402 connection->incrementPendingFlushCount(handle);
1403 } else {
1404 if (!canAccessSensor(sensor->getSensor(), "Tried flushing", opPackageName)) {
1405 err = INVALID_OPERATION;
1406 continue;
1407 }
1408 status_t err_flush = sensor->flush(connection.get(), handle);
1409 if (err_flush == NO_ERROR) {
1410 SensorRecord* rec = mActiveSensors.valueFor(handle);
1411 if (rec != NULL) rec->addPendingFlushConnection(connection);
1412 }
1413 err = (err_flush != NO_ERROR) ? err_flush : err;
1414 }
1415 }
1416 return err;
1417 }
1418
canAccessSensor(const Sensor & sensor,const char * operation,const String16 & opPackageName)1419 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
1420 const String16& opPackageName) {
1421 const String8& requiredPermission = sensor.getRequiredPermission();
1422
1423 if (requiredPermission.length() <= 0) {
1424 return true;
1425 }
1426
1427 bool hasPermission = false;
1428
1429 // Runtime permissions can't use the cache as they may change.
1430 if (sensor.isRequiredPermissionRuntime()) {
1431 hasPermission = checkPermission(String16(requiredPermission),
1432 IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
1433 } else {
1434 hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
1435 }
1436
1437 if (!hasPermission) {
1438 ALOGE("%s a sensor (%s) without holding its required permission: %s",
1439 operation, sensor.getName().string(), sensor.getRequiredPermission().string());
1440 return false;
1441 }
1442
1443 const int32_t opCode = sensor.getRequiredAppOp();
1444 if (opCode >= 0) {
1445 AppOpsManager appOps;
1446 if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
1447 != AppOpsManager::MODE_ALLOWED) {
1448 ALOGE("%s a sensor (%s) without enabled required app op: %d",
1449 operation, sensor.getName().string(), opCode);
1450 return false;
1451 }
1452 }
1453
1454 return true;
1455 }
1456
checkWakeLockState()1457 void SensorService::checkWakeLockState() {
1458 Mutex::Autolock _l(mLock);
1459 checkWakeLockStateLocked();
1460 }
1461
checkWakeLockStateLocked()1462 void SensorService::checkWakeLockStateLocked() {
1463 if (!mWakeLockAcquired) {
1464 return;
1465 }
1466 bool releaseLock = true;
1467 for (size_t i=0 ; i<mActiveConnections.size() ; i++) {
1468 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
1469 if (connection != 0) {
1470 if (connection->needsWakeLock()) {
1471 releaseLock = false;
1472 break;
1473 }
1474 }
1475 }
1476 if (releaseLock) {
1477 setWakeLockAcquiredLocked(false);
1478 }
1479 }
1480
sendEventsFromCache(const sp<SensorEventConnection> & connection)1481 void SensorService::sendEventsFromCache(const sp<SensorEventConnection>& connection) {
1482 Mutex::Autolock _l(mLock);
1483 connection->writeToSocketFromCache();
1484 if (connection->needsWakeLock()) {
1485 setWakeLockAcquiredLocked(true);
1486 }
1487 }
1488
populateActiveConnections(SortedVector<sp<SensorEventConnection>> * activeConnections)1489 void SensorService::populateActiveConnections(
1490 SortedVector< sp<SensorEventConnection> >* activeConnections) {
1491 Mutex::Autolock _l(mLock);
1492 for (size_t i=0 ; i < mActiveConnections.size(); ++i) {
1493 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
1494 if (connection != 0) {
1495 activeConnections->add(connection);
1496 }
1497 }
1498 }
1499
isWhiteListedPackage(const String8 & packageName)1500 bool SensorService::isWhiteListedPackage(const String8& packageName) {
1501 return (packageName.contains(mWhiteListedPackage.string()));
1502 }
1503
isOperationRestricted(const String16 & opPackageName)1504 bool SensorService::isOperationRestricted(const String16& opPackageName) {
1505 Mutex::Autolock _l(mLock);
1506 if (mCurrentOperatingMode != RESTRICTED) {
1507 String8 package(opPackageName);
1508 return !isWhiteListedPackage(package);
1509 }
1510 return false;
1511 }
1512
1513 }; // namespace android
1514