1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_SENSOR_SERVICE_H 18 #define ANDROID_SENSOR_SERVICE_H 19 20 #include "SensorList.h" 21 #include "RecentEventLogger.h" 22 23 #include <binder/AppOpsManager.h> 24 #include <binder/BinderService.h> 25 #include <binder/IUidObserver.h> 26 #include <cutils/compiler.h> 27 #include <cutils/multiuser.h> 28 #include <sensor/ISensorServer.h> 29 #include <sensor/ISensorEventConnection.h> 30 #include <sensor/Sensor.h> 31 #include "android/hardware/BnSensorPrivacyListener.h" 32 33 #include <utils/AndroidThreads.h> 34 #include <utils/KeyedVector.h> 35 #include <utils/Looper.h> 36 #include <utils/SortedVector.h> 37 #include <utils/String8.h> 38 #include <utils/Vector.h> 39 #include <utils/threads.h> 40 41 #include <stdint.h> 42 #include <sys/types.h> 43 #include <unordered_map> 44 #include <unordered_set> 45 46 #if __clang__ 47 // Clang warns about SensorEventConnection::dump hiding BBinder::dump. The cause isn't fixable 48 // without changing the API, so let's tell clang this is indeed intentional. 49 #pragma clang diagnostic ignored "-Woverloaded-virtual" 50 #endif 51 52 // --------------------------------------------------------------------------- 53 #define IGNORE_HARDWARE_FUSION false 54 #define DEBUG_CONNECTIONS false 55 // Max size is 100 KB which is enough to accept a batch of about 1000 events. 56 #define MAX_SOCKET_BUFFER_SIZE_BATCHED (100 * 1024) 57 // For older HALs which don't support batching, use a smaller socket buffer size. 58 #define SOCKET_BUFFER_SIZE_NON_BATCHED (4 * 1024) 59 60 #define SENSOR_REGISTRATIONS_BUF_SIZE 200 61 62 namespace android { 63 // --------------------------------------------------------------------------- 64 class SensorInterface; 65 66 class SensorService : 67 public BinderService<SensorService>, 68 public BnSensorServer, 69 protected Thread 70 { 71 // nested class/struct for internal use 72 class SensorEventConnection; 73 class SensorDirectConnection; 74 75 public: 76 void cleanupConnection(SensorEventConnection* connection); 77 void cleanupConnection(SensorDirectConnection* c); 78 79 status_t enable(const sp<SensorEventConnection>& connection, int handle, 80 nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags, 81 const String16& opPackageName); 82 83 status_t disable(const sp<SensorEventConnection>& connection, int handle); 84 85 status_t setEventRate(const sp<SensorEventConnection>& connection, int handle, nsecs_t ns, 86 const String16& opPackageName); 87 88 status_t flushSensor(const sp<SensorEventConnection>& connection, 89 const String16& opPackageName); 90 91 92 virtual status_t shellCommand(int in, int out, int err, Vector<String16>& args); 93 94 private: 95 friend class BinderService<SensorService>; 96 97 // nested class/struct for internal use 98 class SensorRecord; 99 class SensorEventAckReceiver; 100 class SensorRegistrationInfo; 101 102 // If accessing a sensor we need to make sure the UID has access to it. If 103 // the app UID is idle then it cannot access sensors and gets no trigger 104 // events, no on-change events, flush event behavior does not change, and 105 // recurring events are the same as the first one delivered in idle state 106 // emulating no sensor change. As soon as the app UID transitions to an 107 // active state we will start reporting events as usual and vise versa. This 108 // approach transparently handles observing sensors while the app UID transitions 109 // between idle/active state avoiding to get stuck in a state receiving sensor 110 // data while idle or not receiving sensor data while active. 111 class UidPolicy : public BnUidObserver { 112 public: UidPolicy(wp<SensorService> service)113 explicit UidPolicy(wp<SensorService> service) 114 : mService(service) {} 115 void registerSelf(); 116 void unregisterSelf(); 117 118 bool isUidActive(uid_t uid); 119 120 void onUidGone(uid_t uid, bool disabled); 121 void onUidActive(uid_t uid); 122 void onUidIdle(uid_t uid, bool disabled); onUidStateChanged(uid_t uid __unused,int32_t procState __unused,int64_t procStateSeq __unused)123 void onUidStateChanged(uid_t uid __unused, int32_t procState __unused, 124 int64_t procStateSeq __unused) {} 125 126 void addOverrideUid(uid_t uid, bool active); 127 void removeOverrideUid(uid_t uid); 128 private: 129 bool isUidActiveLocked(uid_t uid); 130 void updateOverrideUid(uid_t uid, bool active, bool insert); 131 132 Mutex mUidLock; 133 wp<SensorService> mService; 134 std::unordered_set<uid_t> mActiveUids; 135 std::unordered_map<uid_t, bool> mOverrideUids; 136 }; 137 138 // Sensor privacy allows a user to disable access to all sensors on the device. When 139 // enabled sensor privacy will prevent all apps, including active apps, from accessing 140 // sensors, they will not receive trigger nor on-change events, flush event behavior 141 // does not change, and recurring events are the same as the first one delivered when 142 // sensor privacy was enabled. All sensor direct connections will be stopped as well 143 // and new direct connections will not be allowed while sensor privacy is enabled. 144 // Once sensor privacy is disabled access to sensors will be restored for active 145 // apps, previously stopped direct connections will be restarted, and new direct 146 // connections will be allowed again. 147 class SensorPrivacyPolicy : public hardware::BnSensorPrivacyListener { 148 public: SensorPrivacyPolicy(wp<SensorService> service)149 explicit SensorPrivacyPolicy(wp<SensorService> service) : mService(service) {} 150 void registerSelf(); 151 void unregisterSelf(); 152 153 bool isSensorPrivacyEnabled(); 154 155 binder::Status onSensorPrivacyChanged(bool enabled); 156 157 private: 158 wp<SensorService> mService; 159 std::atomic_bool mSensorPrivacyEnabled; 160 }; 161 162 enum Mode { 163 // The regular operating mode where any application can register/unregister/call flush on 164 // sensors. 165 NORMAL = 0, 166 // This mode is only used for testing purposes. Not all HALs support this mode. In this mode, 167 // the HAL ignores the sensor data provided by physical sensors and accepts the data that is 168 // injected from the SensorService as if it were the real sensor data. This mode is primarily 169 // used for testing various algorithms like vendor provided SensorFusion, Step Counter and 170 // Step Detector etc. Typically in this mode, there will be a client (a 171 // SensorEventConnection) which will be injecting sensor data into the HAL. Normal apps can 172 // unregister and register for any sensor that supports injection. Registering to sensors 173 // that do not support injection will give an error. TODO(aakella) : Allow exactly one 174 // client to inject sensor data at a time. 175 DATA_INJECTION = 1, 176 // This mode is used only for testing sensors. Each sensor can be tested in isolation with 177 // the required sampling_rate and maxReportLatency parameters without having to think about 178 // the data rates requested by other applications. End user devices are always expected to be 179 // in NORMAL mode. When this mode is first activated, all active sensors from all connections 180 // are disabled. Calling flush() will return an error. In this mode, only the requests from 181 // selected apps whose package names are whitelisted are allowed (typically CTS apps). Only 182 // these apps can register/unregister/call flush() on sensors. If SensorService switches to 183 // NORMAL mode again, all sensors that were previously registered to are activated with the 184 // corresponding paramaters if the application hasn't unregistered for sensors in the mean 185 // time. NOTE: Non whitelisted app whose sensors were previously deactivated may still 186 // receive events if a whitelisted app requests data from the same sensor. 187 RESTRICTED = 2 188 189 // State Transitions supported. 190 // RESTRICTED <--- NORMAL ---> DATA_INJECTION 191 // ---> <--- 192 193 // Shell commands to switch modes in SensorService. 194 // 1) Put SensorService in RESTRICTED mode with packageName .cts. If it is already in 195 // restricted mode it is treated as a NO_OP (and packageName is NOT changed). 196 // 197 // $ adb shell dumpsys sensorservice restrict .cts. 198 // 199 // 2) Put SensorService in DATA_INJECTION mode with packageName .xts. If it is already in 200 // data_injection mode it is treated as a NO_OP (and packageName is NOT changed). 201 // 202 // $ adb shell dumpsys sensorservice data_injection .xts. 203 // 204 // 3) Reset sensorservice back to NORMAL mode. 205 // $ adb shell dumpsys sensorservice enable 206 }; 207 208 static const char* WAKE_LOCK_NAME; getServiceName()209 static char const* getServiceName() ANDROID_API { return "sensorservice"; } 210 SensorService() ANDROID_API; 211 virtual ~SensorService(); 212 213 virtual void onFirstRef(); 214 215 // Thread interface 216 virtual bool threadLoop(); 217 218 // ISensorServer interface 219 virtual Vector<Sensor> getSensorList(const String16& opPackageName); 220 virtual Vector<Sensor> getDynamicSensorList(const String16& opPackageName); 221 virtual sp<ISensorEventConnection> createSensorEventConnection( 222 const String8& packageName, 223 int requestedMode, const String16& opPackageName); 224 virtual int isDataInjectionEnabled(); 225 virtual sp<ISensorEventConnection> createSensorDirectConnection(const String16& opPackageName, 226 uint32_t size, int32_t type, int32_t format, const native_handle *resource); 227 virtual int setOperationParameter( 228 int32_t handle, int32_t type, const Vector<float> &floats, const Vector<int32_t> &ints); 229 virtual status_t dump(int fd, const Vector<String16>& args); 230 String8 getSensorName(int handle) const; 231 bool isVirtualSensor(int handle) const; 232 sp<SensorInterface> getSensorInterfaceFromHandle(int handle) const; 233 bool isWakeUpSensor(int type) const; 234 void recordLastValueLocked(sensors_event_t const* buffer, size_t count); 235 static void sortEventBuffer(sensors_event_t* buffer, size_t count); 236 const Sensor& registerSensor(SensorInterface* sensor, 237 bool isDebug = false, bool isVirtual = false); 238 const Sensor& registerVirtualSensor(SensorInterface* sensor, bool isDebug = false); 239 const Sensor& registerDynamicSensorLocked(SensorInterface* sensor, bool isDebug = false); 240 bool unregisterDynamicSensorLocked(int handle); 241 status_t cleanupWithoutDisable(const sp<SensorEventConnection>& connection, int handle); 242 status_t cleanupWithoutDisableLocked(const sp<SensorEventConnection>& connection, int handle); 243 void cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection, 244 sensors_event_t const* buffer, const int count); 245 static bool canAccessSensor(const Sensor& sensor, const char* operation, 246 const String16& opPackageName); 247 static bool hasPermissionForSensor(const Sensor& sensor); 248 static int getTargetSdkVersion(const String16& opPackageName); 249 // SensorService acquires a partial wakelock for delivering events from wake up sensors. This 250 // method checks whether all the events from these wake up sensors have been delivered to the 251 // corresponding applications, if yes the wakelock is released. 252 void checkWakeLockState(); 253 void checkWakeLockStateLocked(); 254 bool isWakeLockAcquired(); 255 bool isWakeUpSensorEvent(const sensors_event_t& event) const; 256 257 sp<Looper> getLooper() const; 258 259 // Reset mWakeLockRefCounts for all SensorEventConnections to zero. This may happen if 260 // SensorService did not receive any acknowledgements from apps which have registered for 261 // wake_up sensors. 262 void resetAllWakeLockRefCounts(); 263 264 // Acquire or release wake_lock. If wake_lock is acquired, set the timeout in the looper to 5 265 // seconds and wake the looper. 266 void setWakeLockAcquiredLocked(bool acquire); 267 268 // Send events from the event cache for this particular connection. 269 void sendEventsFromCache(const sp<SensorEventConnection>& connection); 270 271 // Promote all weak referecences in mActiveConnections vector to strong references and add them 272 // to the output vector. 273 void populateActiveConnections( SortedVector< sp<SensorEventConnection> >* activeConnections); 274 275 // If SensorService is operating in RESTRICTED mode, only select whitelisted packages are 276 // allowed to register for or call flush on sensors. Typically only cts test packages are 277 // allowed. 278 bool isWhiteListedPackage(const String8& packageName); 279 bool isOperationPermitted(const String16& opPackageName); 280 281 // Reset the state of SensorService to NORMAL mode. 282 status_t resetToNormalMode(); 283 status_t resetToNormalModeLocked(); 284 285 // Transforms the UUIDs for all the sensors into proper IDs. 286 void makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const; 287 // Gets the appropriate ID from the given UUID. 288 int32_t getIdFromUuid(const Sensor::uuid_t &uuid) const; 289 // Either read from storage or create a new one. 290 static bool initializeHmacKey(); 291 292 // Enable SCHED_FIFO priority for thread 293 void enableSchedFifoMode(); 294 295 // Sets whether the given UID can get sensor data 296 void setSensorAccess(uid_t uid, bool hasAccess); 297 298 // Overrides the UID state as if it is idle 299 status_t handleSetUidState(Vector<String16>& args, int err); 300 // Clears the override for the UID state 301 status_t handleResetUidState(Vector<String16>& args, int err); 302 // Gets the UID state 303 status_t handleGetUidState(Vector<String16>& args, int out, int err); 304 // Prints the shell command help 305 status_t printHelp(int out); 306 307 // temporarily stops all active direct connections and disables all sensors 308 void disableAllSensors(); 309 void disableAllSensorsLocked(); 310 // restarts the previously stopped direct connections and enables all sensors 311 void enableAllSensors(); 312 void enableAllSensorsLocked(); 313 314 static uint8_t sHmacGlobalKey[128]; 315 static bool sHmacGlobalKeyIsValid; 316 317 SensorServiceUtil::SensorList mSensors; 318 status_t mInitCheck; 319 320 // Socket buffersize used to initialize BitTube. This size depends on whether batching is 321 // supported or not. 322 uint32_t mSocketBufferSize; 323 sp<Looper> mLooper; 324 sp<SensorEventAckReceiver> mAckReceiver; 325 326 // protected by mLock 327 mutable Mutex mLock; 328 DefaultKeyedVector<int, SensorRecord*> mActiveSensors; 329 std::unordered_set<int> mActiveVirtualSensors; 330 SortedVector< wp<SensorEventConnection> > mActiveConnections; 331 bool mWakeLockAcquired; 332 sensors_event_t *mSensorEventBuffer, *mSensorEventScratch; 333 wp<const SensorEventConnection> * mMapFlushEventsToConnections; 334 std::unordered_map<int, SensorServiceUtil::RecentEventLogger*> mRecentEvent; 335 SortedVector< wp<SensorDirectConnection> > mDirectConnections; 336 Mode mCurrentOperatingMode; 337 338 // This packagaName is set when SensorService is in RESTRICTED or DATA_INJECTION mode. Only 339 // applications with this packageName are allowed to activate/deactivate or call flush on 340 // sensors. To run CTS this is can be set to ".cts." and only CTS tests will get access to 341 // sensors. 342 String8 mWhiteListedPackage; 343 344 int mNextSensorRegIndex; 345 Vector<SensorRegistrationInfo> mLastNSensorRegistrations; 346 347 sp<UidPolicy> mUidPolicy; 348 sp<SensorPrivacyPolicy> mSensorPrivacyPolicy; 349 350 static AppOpsManager sAppOpsManager; 351 static std::map<String16, int> sPackageTargetVersion; 352 static Mutex sPackageTargetVersionLock; 353 }; 354 355 } // namespace android 356 #endif // ANDROID_SENSOR_SERVICE_H 357