1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <android/content/pm/IPackageManagerNative.h>
17 #include <android/util/ProtoOutputStream.h>
18 #include <frameworks/base/core/proto/android/service/sensor_service.proto.h>
19 #include <binder/ActivityManager.h>
20 #include <binder/BinderService.h>
21 #include <binder/IServiceManager.h>
22 #include <binder/PermissionCache.h>
23 #include <binder/PermissionController.h>
24 #include <cutils/ashmem.h>
25 #include <cutils/misc.h>
26 #include <cutils/properties.h>
27 #include <hardware/sensors.h>
28 #include <hardware_legacy/power.h>
29 #include <log/log.h>
30 #include <openssl/digest.h>
31 #include <openssl/hmac.h>
32 #include <openssl/rand.h>
33 #include <sensor/SensorEventQueue.h>
34 #include <sensorprivacy/SensorPrivacyManager.h>
35 #include <utils/SystemClock.h>
36
37 #include "BatteryService.h"
38 #include "CorrectedGyroSensor.h"
39 #include "GravitySensor.h"
40 #include "LinearAccelerationSensor.h"
41 #include "OrientationSensor.h"
42 #include "RotationVectorSensor.h"
43 #include "SensorFusion.h"
44 #include "SensorInterface.h"
45
46 #include "SensorService.h"
47 #include "SensorDirectConnection.h"
48 #include "SensorEventAckReceiver.h"
49 #include "SensorEventConnection.h"
50 #include "SensorRecord.h"
51 #include "SensorRegistrationInfo.h"
52
53 #include <ctime>
54 #include <inttypes.h>
55 #include <math.h>
56 #include <sched.h>
57 #include <stdint.h>
58 #include <sys/socket.h>
59 #include <sys/stat.h>
60 #include <sys/types.h>
61 #include <unistd.h>
62
63 #include <private/android_filesystem_config.h>
64
65 namespace android {
66 // ---------------------------------------------------------------------------
67
68 /*
69 * Notes:
70 *
71 * - what about a gyro-corrected magnetic-field sensor?
72 * - run mag sensor from time to time to force calibration
73 * - gravity sensor length is wrong (=> drift in linear-acc sensor)
74 *
75 */
76
77 const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
78 uint8_t SensorService::sHmacGlobalKey[128] = {};
79 bool SensorService::sHmacGlobalKeyIsValid = false;
80 std::map<String16, int> SensorService::sPackageTargetVersion;
81 Mutex SensorService::sPackageTargetVersionLock;
82 AppOpsManager SensorService::sAppOpsManager;
83
84 #define SENSOR_SERVICE_DIR "/data/system/sensor_service"
85 #define SENSOR_SERVICE_HMAC_KEY_FILE SENSOR_SERVICE_DIR "/hmac_key"
86 #define SENSOR_SERVICE_SCHED_FIFO_PRIORITY 10
87
88 // Permissions.
89 static const String16 sDumpPermission("android.permission.DUMP");
90 static const String16 sLocationHardwarePermission("android.permission.LOCATION_HARDWARE");
91 static const String16 sManageSensorsPermission("android.permission.MANAGE_SENSORS");
92
SensorService()93 SensorService::SensorService()
94 : mInitCheck(NO_INIT), mSocketBufferSize(SOCKET_BUFFER_SIZE_NON_BATCHED),
95 mWakeLockAcquired(false) {
96 mUidPolicy = new UidPolicy(this);
97 mSensorPrivacyPolicy = new SensorPrivacyPolicy(this);
98 }
99
initializeHmacKey()100 bool SensorService::initializeHmacKey() {
101 int fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_RDONLY|O_CLOEXEC);
102 if (fd != -1) {
103 int result = read(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
104 close(fd);
105 if (result == sizeof(sHmacGlobalKey)) {
106 return true;
107 }
108 ALOGW("Unable to read HMAC key; generating new one.");
109 }
110
111 if (RAND_bytes(sHmacGlobalKey, sizeof(sHmacGlobalKey)) == -1) {
112 ALOGW("Can't generate HMAC key; dynamic sensor getId() will be wrong.");
113 return false;
114 }
115
116 // We need to make sure this is only readable to us.
117 bool wroteKey = false;
118 mkdir(SENSOR_SERVICE_DIR, S_IRWXU);
119 fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC,
120 S_IRUSR|S_IWUSR);
121 if (fd != -1) {
122 int result = write(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
123 close(fd);
124 wroteKey = (result == sizeof(sHmacGlobalKey));
125 }
126 if (wroteKey) {
127 ALOGI("Generated new HMAC key.");
128 } else {
129 ALOGW("Unable to write HMAC key; dynamic sensor getId() will change "
130 "after reboot.");
131 }
132 // Even if we failed to write the key we return true, because we did
133 // initialize the HMAC key.
134 return true;
135 }
136
137 // Set main thread to SCHED_FIFO to lower sensor event latency when system is under load
enableSchedFifoMode()138 void SensorService::enableSchedFifoMode() {
139 struct sched_param param = {0};
140 param.sched_priority = SENSOR_SERVICE_SCHED_FIFO_PRIORITY;
141 if (sched_setscheduler(getTid(), SCHED_FIFO | SCHED_RESET_ON_FORK, ¶m) != 0) {
142 ALOGE("Couldn't set SCHED_FIFO for SensorService thread");
143 }
144 }
145
onFirstRef()146 void SensorService::onFirstRef() {
147 ALOGD("nuSensorService starting...");
148 SensorDevice& dev(SensorDevice::getInstance());
149
150 sHmacGlobalKeyIsValid = initializeHmacKey();
151
152 if (dev.initCheck() == NO_ERROR) {
153 sensor_t const* list;
154 ssize_t count = dev.getSensorList(&list);
155 if (count > 0) {
156 ssize_t orientationIndex = -1;
157 bool hasGyro = false, hasAccel = false, hasMag = false;
158 uint32_t virtualSensorsNeeds =
159 (1<<SENSOR_TYPE_GRAVITY) |
160 (1<<SENSOR_TYPE_LINEAR_ACCELERATION) |
161 (1<<SENSOR_TYPE_ROTATION_VECTOR) |
162 (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR) |
163 (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR);
164
165 for (ssize_t i=0 ; i<count ; i++) {
166 bool useThisSensor=true;
167
168 switch (list[i].type) {
169 case SENSOR_TYPE_ACCELEROMETER:
170 hasAccel = true;
171 break;
172 case SENSOR_TYPE_MAGNETIC_FIELD:
173 hasMag = true;
174 break;
175 case SENSOR_TYPE_ORIENTATION:
176 orientationIndex = i;
177 break;
178 case SENSOR_TYPE_GYROSCOPE:
179 case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
180 hasGyro = true;
181 break;
182 case SENSOR_TYPE_GRAVITY:
183 case SENSOR_TYPE_LINEAR_ACCELERATION:
184 case SENSOR_TYPE_ROTATION_VECTOR:
185 case SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR:
186 case SENSOR_TYPE_GAME_ROTATION_VECTOR:
187 if (IGNORE_HARDWARE_FUSION) {
188 useThisSensor = false;
189 } else {
190 virtualSensorsNeeds &= ~(1<<list[i].type);
191 }
192 break;
193 }
194 if (useThisSensor) {
195 registerSensor( new HardwareSensor(list[i]) );
196 }
197 }
198
199 // it's safe to instantiate the SensorFusion object here
200 // (it wants to be instantiated after h/w sensors have been
201 // registered)
202 SensorFusion::getInstance();
203
204 if (hasGyro && hasAccel && hasMag) {
205 // Add Android virtual sensors if they're not already
206 // available in the HAL
207 bool needRotationVector =
208 (virtualSensorsNeeds & (1<<SENSOR_TYPE_ROTATION_VECTOR)) != 0;
209
210 registerSensor(new RotationVectorSensor(), !needRotationVector, true);
211 registerSensor(new OrientationSensor(), !needRotationVector, true);
212
213 // virtual debugging sensors are not for user
214 registerSensor( new CorrectedGyroSensor(list, count), true, true);
215 registerSensor( new GyroDriftSensor(), true, true);
216 }
217
218 if (hasAccel && hasGyro) {
219 bool needGravitySensor = (virtualSensorsNeeds & (1<<SENSOR_TYPE_GRAVITY)) != 0;
220 registerSensor(new GravitySensor(list, count), !needGravitySensor, true);
221
222 bool needLinearAcceleration =
223 (virtualSensorsNeeds & (1<<SENSOR_TYPE_LINEAR_ACCELERATION)) != 0;
224 registerSensor(new LinearAccelerationSensor(list, count),
225 !needLinearAcceleration, true);
226
227 bool needGameRotationVector =
228 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR)) != 0;
229 registerSensor(new GameRotationVectorSensor(), !needGameRotationVector, true);
230 }
231
232 if (hasAccel && hasMag) {
233 bool needGeoMagRotationVector =
234 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR)) != 0;
235 registerSensor(new GeoMagRotationVectorSensor(), !needGeoMagRotationVector, true);
236 }
237
238 // Check if the device really supports batching by looking at the FIFO event
239 // counts for each sensor.
240 bool batchingSupported = false;
241 mSensors.forEachSensor(
242 [&batchingSupported] (const Sensor& s) -> bool {
243 if (s.getFifoMaxEventCount() > 0) {
244 batchingSupported = true;
245 }
246 return !batchingSupported;
247 });
248
249 if (batchingSupported) {
250 // Increase socket buffer size to a max of 100 KB for batching capabilities.
251 mSocketBufferSize = MAX_SOCKET_BUFFER_SIZE_BATCHED;
252 } else {
253 mSocketBufferSize = SOCKET_BUFFER_SIZE_NON_BATCHED;
254 }
255
256 // Compare the socketBufferSize value against the system limits and limit
257 // it to maxSystemSocketBufferSize if necessary.
258 FILE *fp = fopen("/proc/sys/net/core/wmem_max", "r");
259 char line[128];
260 if (fp != nullptr && fgets(line, sizeof(line), fp) != nullptr) {
261 line[sizeof(line) - 1] = '\0';
262 size_t maxSystemSocketBufferSize;
263 sscanf(line, "%zu", &maxSystemSocketBufferSize);
264 if (mSocketBufferSize > maxSystemSocketBufferSize) {
265 mSocketBufferSize = maxSystemSocketBufferSize;
266 }
267 }
268 if (fp) {
269 fclose(fp);
270 }
271
272 mWakeLockAcquired = false;
273 mLooper = new Looper(false);
274 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
275 mSensorEventBuffer = new sensors_event_t[minBufferSize];
276 mSensorEventScratch = new sensors_event_t[minBufferSize];
277 mMapFlushEventsToConnections = new wp<const SensorEventConnection> [minBufferSize];
278 mCurrentOperatingMode = NORMAL;
279
280 mNextSensorRegIndex = 0;
281 for (int i = 0; i < SENSOR_REGISTRATIONS_BUF_SIZE; ++i) {
282 mLastNSensorRegistrations.push();
283 }
284
285 mInitCheck = NO_ERROR;
286 mAckReceiver = new SensorEventAckReceiver(this);
287 mAckReceiver->run("SensorEventAckReceiver", PRIORITY_URGENT_DISPLAY);
288 run("SensorService", PRIORITY_URGENT_DISPLAY);
289
290 // priority can only be changed after run
291 enableSchedFifoMode();
292
293 // Start watching UID changes to apply policy.
294 mUidPolicy->registerSelf();
295
296 // Start watching sensor privacy changes
297 mSensorPrivacyPolicy->registerSelf();
298 }
299 }
300 }
301
onUidStateChanged(uid_t uid,UidState state)302 void SensorService::onUidStateChanged(uid_t uid, UidState state) {
303 SensorDevice& dev(SensorDevice::getInstance());
304
305 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
306 for (const sp<SensorEventConnection>& conn : connLock.getActiveConnections()) {
307 if (conn->getUid() == uid) {
308 dev.setUidStateForConnection(conn.get(), state);
309 }
310 }
311
312 for (const sp<SensorDirectConnection>& conn : connLock.getDirectConnections()) {
313 if (conn->getUid() == uid) {
314 // Update sensor subscriptions if needed
315 bool hasAccess = hasSensorAccessLocked(conn->getUid(), conn->getOpPackageName());
316 conn->onSensorAccessChanged(hasAccess);
317 }
318 }
319 }
320
hasSensorAccess(uid_t uid,const String16 & opPackageName)321 bool SensorService::hasSensorAccess(uid_t uid, const String16& opPackageName) {
322 Mutex::Autolock _l(mLock);
323 return hasSensorAccessLocked(uid, opPackageName);
324 }
325
hasSensorAccessLocked(uid_t uid,const String16 & opPackageName)326 bool SensorService::hasSensorAccessLocked(uid_t uid, const String16& opPackageName) {
327 return !mSensorPrivacyPolicy->isSensorPrivacyEnabled()
328 && isUidActive(uid) && !isOperationRestrictedLocked(opPackageName);
329 }
330
registerSensor(SensorInterface * s,bool isDebug,bool isVirtual)331 const Sensor& SensorService::registerSensor(SensorInterface* s, bool isDebug, bool isVirtual) {
332 int handle = s->getSensor().getHandle();
333 int type = s->getSensor().getType();
334 if (mSensors.add(handle, s, isDebug, isVirtual)){
335 mRecentEvent.emplace(handle, new SensorServiceUtil::RecentEventLogger(type));
336 return s->getSensor();
337 } else {
338 return mSensors.getNonSensor();
339 }
340 }
341
registerDynamicSensorLocked(SensorInterface * s,bool isDebug)342 const Sensor& SensorService::registerDynamicSensorLocked(SensorInterface* s, bool isDebug) {
343 return registerSensor(s, isDebug);
344 }
345
unregisterDynamicSensorLocked(int handle)346 bool SensorService::unregisterDynamicSensorLocked(int handle) {
347 bool ret = mSensors.remove(handle);
348
349 const auto i = mRecentEvent.find(handle);
350 if (i != mRecentEvent.end()) {
351 delete i->second;
352 mRecentEvent.erase(i);
353 }
354 return ret;
355 }
356
registerVirtualSensor(SensorInterface * s,bool isDebug)357 const Sensor& SensorService::registerVirtualSensor(SensorInterface* s, bool isDebug) {
358 return registerSensor(s, isDebug, true);
359 }
360
~SensorService()361 SensorService::~SensorService() {
362 for (auto && entry : mRecentEvent) {
363 delete entry.second;
364 }
365 mUidPolicy->unregisterSelf();
366 mSensorPrivacyPolicy->unregisterSelf();
367 }
368
dump(int fd,const Vector<String16> & args)369 status_t SensorService::dump(int fd, const Vector<String16>& args) {
370 String8 result;
371 if (!PermissionCache::checkCallingPermission(sDumpPermission)) {
372 result.appendFormat("Permission Denial: can't dump SensorService from pid=%d, uid=%d\n",
373 IPCThreadState::self()->getCallingPid(),
374 IPCThreadState::self()->getCallingUid());
375 } else {
376 bool privileged = IPCThreadState::self()->getCallingUid() == 0;
377 if (args.size() > 2) {
378 return INVALID_OPERATION;
379 }
380 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
381 SensorDevice& dev(SensorDevice::getInstance());
382 if (args.size() == 2 && args[0] == String16("restrict")) {
383 // If already in restricted mode. Ignore.
384 if (mCurrentOperatingMode == RESTRICTED) {
385 return status_t(NO_ERROR);
386 }
387 // If in any mode other than normal, ignore.
388 if (mCurrentOperatingMode != NORMAL) {
389 return INVALID_OPERATION;
390 }
391
392 mCurrentOperatingMode = RESTRICTED;
393 // temporarily stop all sensor direct report and disable sensors
394 disableAllSensorsLocked(&connLock);
395 mWhiteListedPackage.setTo(String8(args[1]));
396 return status_t(NO_ERROR);
397 } else if (args.size() == 1 && args[0] == String16("enable")) {
398 // If currently in restricted mode, reset back to NORMAL mode else ignore.
399 if (mCurrentOperatingMode == RESTRICTED) {
400 mCurrentOperatingMode = NORMAL;
401 // enable sensors and recover all sensor direct report
402 enableAllSensorsLocked(&connLock);
403 }
404 if (mCurrentOperatingMode == DATA_INJECTION) {
405 resetToNormalModeLocked();
406 }
407 mWhiteListedPackage.clear();
408 return status_t(NO_ERROR);
409 } else if (args.size() == 2 && args[0] == String16("data_injection")) {
410 if (mCurrentOperatingMode == NORMAL) {
411 dev.disableAllSensors();
412 status_t err = dev.setMode(DATA_INJECTION);
413 if (err == NO_ERROR) {
414 mCurrentOperatingMode = DATA_INJECTION;
415 } else {
416 // Re-enable sensors.
417 dev.enableAllSensors();
418 }
419 mWhiteListedPackage.setTo(String8(args[1]));
420 return NO_ERROR;
421 } else if (mCurrentOperatingMode == DATA_INJECTION) {
422 // Already in DATA_INJECTION mode. Treat this as a no_op.
423 return NO_ERROR;
424 } else {
425 // Transition to data injection mode supported only from NORMAL mode.
426 return INVALID_OPERATION;
427 }
428 } else if (args.size() == 1 && args[0] == String16("--proto")) {
429 return dumpProtoLocked(fd, &connLock);
430 } else if (!mSensors.hasAnySensor()) {
431 result.append("No Sensors on the device\n");
432 result.appendFormat("devInitCheck : %d\n", SensorDevice::getInstance().initCheck());
433 } else {
434 // Default dump the sensor list and debugging information.
435 //
436 timespec curTime;
437 clock_gettime(CLOCK_REALTIME, &curTime);
438 struct tm* timeinfo = localtime(&(curTime.tv_sec));
439 result.appendFormat("Captured at: %02d:%02d:%02d.%03d\n", timeinfo->tm_hour,
440 timeinfo->tm_min, timeinfo->tm_sec, (int)ns2ms(curTime.tv_nsec));
441 result.append("Sensor Device:\n");
442 result.append(SensorDevice::getInstance().dump().c_str());
443
444 result.append("Sensor List:\n");
445 result.append(mSensors.dump().c_str());
446
447 result.append("Fusion States:\n");
448 SensorFusion::getInstance().dump(result);
449
450 result.append("Recent Sensor events:\n");
451 for (auto&& i : mRecentEvent) {
452 sp<SensorInterface> s = mSensors.getInterface(i.first);
453 if (!i.second->isEmpty()) {
454 if (privileged || s->getSensor().getRequiredPermission().isEmpty()) {
455 i.second->setFormat("normal");
456 } else {
457 i.second->setFormat("mask_data");
458 }
459 // if there is events and sensor does not need special permission.
460 result.appendFormat("%s: ", s->getSensor().getName().string());
461 result.append(i.second->dump().c_str());
462 }
463 }
464
465 result.append("Active sensors:\n");
466 SensorDevice& dev = SensorDevice::getInstance();
467 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
468 int handle = mActiveSensors.keyAt(i);
469 if (dev.isSensorActive(handle)) {
470 result.appendFormat("%s (handle=0x%08x, connections=%zu)\n",
471 getSensorName(handle).string(),
472 handle,
473 mActiveSensors.valueAt(i)->getNumConnections());
474 }
475 }
476
477 result.appendFormat("Socket Buffer size = %zd events\n",
478 mSocketBufferSize/sizeof(sensors_event_t));
479 result.appendFormat("WakeLock Status: %s \n", mWakeLockAcquired ? "acquired" :
480 "not held");
481 result.appendFormat("Mode :");
482 switch(mCurrentOperatingMode) {
483 case NORMAL:
484 result.appendFormat(" NORMAL\n");
485 break;
486 case RESTRICTED:
487 result.appendFormat(" RESTRICTED : %s\n", mWhiteListedPackage.string());
488 break;
489 case DATA_INJECTION:
490 result.appendFormat(" DATA_INJECTION : %s\n", mWhiteListedPackage.string());
491 }
492 result.appendFormat("Sensor Privacy: %s\n",
493 mSensorPrivacyPolicy->isSensorPrivacyEnabled() ? "enabled" : "disabled");
494
495 const auto& activeConnections = connLock.getActiveConnections();
496 result.appendFormat("%zd active connections\n", activeConnections.size());
497 for (size_t i=0 ; i < activeConnections.size() ; i++) {
498 result.appendFormat("Connection Number: %zu \n", i);
499 activeConnections[i]->dump(result);
500 }
501
502 const auto& directConnections = connLock.getDirectConnections();
503 result.appendFormat("%zd direct connections\n", directConnections.size());
504 for (size_t i = 0 ; i < directConnections.size() ; i++) {
505 result.appendFormat("Direct connection %zu:\n", i);
506 directConnections[i]->dump(result);
507 }
508
509 result.appendFormat("Previous Registrations:\n");
510 // Log in the reverse chronological order.
511 int currentIndex = (mNextSensorRegIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
512 SENSOR_REGISTRATIONS_BUF_SIZE;
513 const int startIndex = currentIndex;
514 do {
515 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[currentIndex];
516 if (SensorRegistrationInfo::isSentinel(reg_info)) {
517 // Ignore sentinel, proceed to next item.
518 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
519 SENSOR_REGISTRATIONS_BUF_SIZE;
520 continue;
521 }
522 result.appendFormat("%s\n", reg_info.dump().c_str());
523 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
524 SENSOR_REGISTRATIONS_BUF_SIZE;
525 } while(startIndex != currentIndex);
526 }
527 }
528 write(fd, result.string(), result.size());
529 return NO_ERROR;
530 }
531
532 /**
533 * Dump debugging information as android.service.SensorServiceProto protobuf message using
534 * ProtoOutputStream.
535 *
536 * See proto definition and some notes about ProtoOutputStream in
537 * frameworks/base/core/proto/android/service/sensor_service.proto
538 */
dumpProtoLocked(int fd,ConnectionSafeAutolock * connLock) const539 status_t SensorService::dumpProtoLocked(int fd, ConnectionSafeAutolock* connLock) const {
540 using namespace service::SensorServiceProto;
541 util::ProtoOutputStream proto;
542 proto.write(INIT_STATUS, int(SensorDevice::getInstance().initCheck()));
543 if (!mSensors.hasAnySensor()) {
544 return proto.flush(fd) ? OK : UNKNOWN_ERROR;
545 }
546 const bool privileged = IPCThreadState::self()->getCallingUid() == 0;
547
548 timespec curTime;
549 clock_gettime(CLOCK_REALTIME, &curTime);
550 proto.write(CURRENT_TIME_MS, curTime.tv_sec * 1000 + ns2ms(curTime.tv_nsec));
551
552 // Write SensorDeviceProto
553 uint64_t token = proto.start(SENSOR_DEVICE);
554 SensorDevice::getInstance().dump(&proto);
555 proto.end(token);
556
557 // Write SensorListProto
558 token = proto.start(SENSORS);
559 mSensors.dump(&proto);
560 proto.end(token);
561
562 // Write SensorFusionProto
563 token = proto.start(FUSION_STATE);
564 SensorFusion::getInstance().dump(&proto);
565 proto.end(token);
566
567 // Write SensorEventsProto
568 token = proto.start(SENSOR_EVENTS);
569 for (auto&& i : mRecentEvent) {
570 sp<SensorInterface> s = mSensors.getInterface(i.first);
571 if (!i.second->isEmpty()) {
572 i.second->setFormat(privileged || s->getSensor().getRequiredPermission().isEmpty() ?
573 "normal" : "mask_data");
574 const uint64_t mToken = proto.start(service::SensorEventsProto::RECENT_EVENTS_LOGS);
575 proto.write(service::SensorEventsProto::RecentEventsLog::NAME,
576 std::string(s->getSensor().getName().string()));
577 i.second->dump(&proto);
578 proto.end(mToken);
579 }
580 }
581 proto.end(token);
582
583 // Write ActiveSensorProto
584 SensorDevice& dev = SensorDevice::getInstance();
585 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
586 int handle = mActiveSensors.keyAt(i);
587 if (dev.isSensorActive(handle)) {
588 token = proto.start(ACTIVE_SENSORS);
589 proto.write(service::ActiveSensorProto::NAME,
590 std::string(getSensorName(handle).string()));
591 proto.write(service::ActiveSensorProto::HANDLE, handle);
592 proto.write(service::ActiveSensorProto::NUM_CONNECTIONS,
593 int(mActiveSensors.valueAt(i)->getNumConnections()));
594 proto.end(token);
595 }
596 }
597
598 proto.write(SOCKET_BUFFER_SIZE, int(mSocketBufferSize));
599 proto.write(SOCKET_BUFFER_SIZE_IN_EVENTS, int(mSocketBufferSize / sizeof(sensors_event_t)));
600 proto.write(WAKE_LOCK_ACQUIRED, mWakeLockAcquired);
601
602 switch(mCurrentOperatingMode) {
603 case NORMAL:
604 proto.write(OPERATING_MODE, OP_MODE_NORMAL);
605 break;
606 case RESTRICTED:
607 proto.write(OPERATING_MODE, OP_MODE_RESTRICTED);
608 proto.write(WHITELISTED_PACKAGE, std::string(mWhiteListedPackage.string()));
609 break;
610 case DATA_INJECTION:
611 proto.write(OPERATING_MODE, OP_MODE_DATA_INJECTION);
612 proto.write(WHITELISTED_PACKAGE, std::string(mWhiteListedPackage.string()));
613 break;
614 default:
615 proto.write(OPERATING_MODE, OP_MODE_UNKNOWN);
616 }
617 proto.write(SENSOR_PRIVACY, mSensorPrivacyPolicy->isSensorPrivacyEnabled());
618
619 // Write repeated SensorEventConnectionProto
620 const auto& activeConnections = connLock->getActiveConnections();
621 for (size_t i = 0; i < activeConnections.size(); i++) {
622 token = proto.start(ACTIVE_CONNECTIONS);
623 activeConnections[i]->dump(&proto);
624 proto.end(token);
625 }
626
627 // Write repeated SensorDirectConnectionProto
628 const auto& directConnections = connLock->getDirectConnections();
629 for (size_t i = 0 ; i < directConnections.size() ; i++) {
630 token = proto.start(DIRECT_CONNECTIONS);
631 directConnections[i]->dump(&proto);
632 proto.end(token);
633 }
634
635 // Write repeated SensorRegistrationInfoProto
636 const int startIndex = mNextSensorRegIndex;
637 int curr = startIndex;
638 do {
639 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[curr];
640 if (SensorRegistrationInfo::isSentinel(reg_info)) {
641 // Ignore sentinel, proceed to next item.
642 curr = (curr + 1 + SENSOR_REGISTRATIONS_BUF_SIZE) % SENSOR_REGISTRATIONS_BUF_SIZE;
643 continue;
644 }
645 token = proto.start(PREVIOUS_REGISTRATIONS);
646 reg_info.dump(&proto);
647 proto.end(token);
648 curr = (curr + 1 + SENSOR_REGISTRATIONS_BUF_SIZE) % SENSOR_REGISTRATIONS_BUF_SIZE;
649 } while (startIndex != curr);
650
651 return proto.flush(fd) ? OK : UNKNOWN_ERROR;
652 }
653
disableAllSensors()654 void SensorService::disableAllSensors() {
655 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
656 disableAllSensorsLocked(&connLock);
657 }
658
disableAllSensorsLocked(ConnectionSafeAutolock * connLock)659 void SensorService::disableAllSensorsLocked(ConnectionSafeAutolock* connLock) {
660 SensorDevice& dev(SensorDevice::getInstance());
661 for (const sp<SensorDirectConnection>& conn : connLock->getDirectConnections()) {
662 bool hasAccess = hasSensorAccessLocked(conn->getUid(), conn->getOpPackageName());
663 conn->onSensorAccessChanged(hasAccess);
664 }
665 dev.disableAllSensors();
666 // Clear all pending flush connections for all active sensors. If one of the active
667 // connections has called flush() and the underlying sensor has been disabled before a
668 // flush complete event is returned, we need to remove the connection from this queue.
669 for (size_t i=0 ; i< mActiveSensors.size(); ++i) {
670 mActiveSensors.valueAt(i)->clearAllPendingFlushConnections();
671 }
672 }
673
enableAllSensors()674 void SensorService::enableAllSensors() {
675 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
676 enableAllSensorsLocked(&connLock);
677 }
678
enableAllSensorsLocked(ConnectionSafeAutolock * connLock)679 void SensorService::enableAllSensorsLocked(ConnectionSafeAutolock* connLock) {
680 // sensors should only be enabled if the operating state is not restricted and sensor
681 // privacy is not enabled.
682 if (mCurrentOperatingMode == RESTRICTED || mSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
683 ALOGW("Sensors cannot be enabled: mCurrentOperatingMode = %d, sensor privacy = %s",
684 mCurrentOperatingMode,
685 mSensorPrivacyPolicy->isSensorPrivacyEnabled() ? "enabled" : "disabled");
686 return;
687 }
688 SensorDevice& dev(SensorDevice::getInstance());
689 dev.enableAllSensors();
690 for (const sp<SensorDirectConnection>& conn : connLock->getDirectConnections()) {
691 bool hasAccess = hasSensorAccessLocked(conn->getUid(), conn->getOpPackageName());
692 conn->onSensorAccessChanged(hasAccess);
693 }
694 }
695
696
697 // NOTE: This is a remote API - make sure all args are validated
shellCommand(int in,int out,int err,Vector<String16> & args)698 status_t SensorService::shellCommand(int in, int out, int err, Vector<String16>& args) {
699 if (!checkCallingPermission(sManageSensorsPermission, nullptr, nullptr)) {
700 return PERMISSION_DENIED;
701 }
702 if (in == BAD_TYPE || out == BAD_TYPE || err == BAD_TYPE) {
703 return BAD_VALUE;
704 }
705 if (args[0] == String16("set-uid-state")) {
706 return handleSetUidState(args, err);
707 } else if (args[0] == String16("reset-uid-state")) {
708 return handleResetUidState(args, err);
709 } else if (args[0] == String16("get-uid-state")) {
710 return handleGetUidState(args, out, err);
711 } else if (args.size() == 1 && args[0] == String16("help")) {
712 printHelp(out);
713 return NO_ERROR;
714 }
715 printHelp(err);
716 return BAD_VALUE;
717 }
718
getUidForPackage(String16 packageName,int userId,uid_t & uid,int err)719 static status_t getUidForPackage(String16 packageName, int userId, /*inout*/uid_t& uid, int err) {
720 PermissionController pc;
721 uid = pc.getPackageUid(packageName, 0);
722 if (uid <= 0) {
723 ALOGE("Unknown package: '%s'", String8(packageName).string());
724 dprintf(err, "Unknown package: '%s'\n", String8(packageName).string());
725 return BAD_VALUE;
726 }
727
728 if (userId < 0) {
729 ALOGE("Invalid user: %d", userId);
730 dprintf(err, "Invalid user: %d\n", userId);
731 return BAD_VALUE;
732 }
733
734 uid = multiuser_get_uid(userId, uid);
735 return NO_ERROR;
736 }
737
handleSetUidState(Vector<String16> & args,int err)738 status_t SensorService::handleSetUidState(Vector<String16>& args, int err) {
739 // Valid arg.size() is 3 or 5, args.size() is 5 with --user option.
740 if (!(args.size() == 3 || args.size() == 5)) {
741 printHelp(err);
742 return BAD_VALUE;
743 }
744
745 bool active = false;
746 if (args[2] == String16("active")) {
747 active = true;
748 } else if ((args[2] != String16("idle"))) {
749 ALOGE("Expected active or idle but got: '%s'", String8(args[2]).string());
750 return BAD_VALUE;
751 }
752
753 int userId = 0;
754 if (args.size() == 5 && args[3] == String16("--user")) {
755 userId = atoi(String8(args[4]));
756 }
757
758 uid_t uid;
759 if (getUidForPackage(args[1], userId, uid, err) != NO_ERROR) {
760 return BAD_VALUE;
761 }
762
763 mUidPolicy->addOverrideUid(uid, active);
764 return NO_ERROR;
765 }
766
handleResetUidState(Vector<String16> & args,int err)767 status_t SensorService::handleResetUidState(Vector<String16>& args, int err) {
768 // Valid arg.size() is 2 or 4, args.size() is 4 with --user option.
769 if (!(args.size() == 2 || args.size() == 4)) {
770 printHelp(err);
771 return BAD_VALUE;
772 }
773
774 int userId = 0;
775 if (args.size() == 4 && args[2] == String16("--user")) {
776 userId = atoi(String8(args[3]));
777 }
778
779 uid_t uid;
780 if (getUidForPackage(args[1], userId, uid, err) == BAD_VALUE) {
781 return BAD_VALUE;
782 }
783
784 mUidPolicy->removeOverrideUid(uid);
785 return NO_ERROR;
786 }
787
handleGetUidState(Vector<String16> & args,int out,int err)788 status_t SensorService::handleGetUidState(Vector<String16>& args, int out, int err) {
789 // Valid arg.size() is 2 or 4, args.size() is 4 with --user option.
790 if (!(args.size() == 2 || args.size() == 4)) {
791 printHelp(err);
792 return BAD_VALUE;
793 }
794
795 int userId = 0;
796 if (args.size() == 4 && args[2] == String16("--user")) {
797 userId = atoi(String8(args[3]));
798 }
799
800 uid_t uid;
801 if (getUidForPackage(args[1], userId, uid, err) == BAD_VALUE) {
802 return BAD_VALUE;
803 }
804
805 if (mUidPolicy->isUidActive(uid)) {
806 return dprintf(out, "active\n");
807 } else {
808 return dprintf(out, "idle\n");
809 }
810 }
811
printHelp(int out)812 status_t SensorService::printHelp(int out) {
813 return dprintf(out, "Sensor service commands:\n"
814 " get-uid-state <PACKAGE> [--user USER_ID] gets the uid state\n"
815 " set-uid-state <PACKAGE> <active|idle> [--user USER_ID] overrides the uid state\n"
816 " reset-uid-state <PACKAGE> [--user USER_ID] clears the uid state override\n"
817 " help print this message\n");
818 }
819
820 //TODO: move to SensorEventConnection later
cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection> & connection,sensors_event_t const * buffer,const int count)821 void SensorService::cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
822 sensors_event_t const* buffer, const int count) {
823 for (int i=0 ; i<count ; i++) {
824 int handle = buffer[i].sensor;
825 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
826 handle = buffer[i].meta_data.sensor;
827 }
828 if (connection->hasSensor(handle)) {
829 sp<SensorInterface> si = getSensorInterfaceFromHandle(handle);
830 // If this buffer has an event from a one_shot sensor and this connection is registered
831 // for this particular one_shot sensor, try cleaning up the connection.
832 if (si != nullptr &&
833 si->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
834 si->autoDisable(connection.get(), handle);
835 cleanupWithoutDisableLocked(connection, handle);
836 }
837
838 }
839 }
840 }
841
threadLoop()842 bool SensorService::threadLoop() {
843 ALOGD("nuSensorService thread starting...");
844
845 // each virtual sensor could generate an event per "real" event, that's why we need to size
846 // numEventMax much smaller than MAX_RECEIVE_BUFFER_EVENT_COUNT. in practice, this is too
847 // aggressive, but guaranteed to be enough.
848 const size_t vcount = mSensors.getVirtualSensors().size();
849 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
850 const size_t numEventMax = minBufferSize / (1 + vcount);
851
852 SensorDevice& device(SensorDevice::getInstance());
853
854 const int halVersion = device.getHalDeviceVersion();
855 do {
856 ssize_t count = device.poll(mSensorEventBuffer, numEventMax);
857 if (count < 0) {
858 if(count == DEAD_OBJECT && device.isReconnecting()) {
859 device.reconnect();
860 continue;
861 } else {
862 ALOGE("sensor poll failed (%s)", strerror(-count));
863 break;
864 }
865 }
866
867 // Reset sensors_event_t.flags to zero for all events in the buffer.
868 for (int i = 0; i < count; i++) {
869 mSensorEventBuffer[i].flags = 0;
870 }
871 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
872
873 // Poll has returned. Hold a wakelock if one of the events is from a wake up sensor. The
874 // rest of this loop is under a critical section protected by mLock. Acquiring a wakeLock,
875 // sending events to clients (incrementing SensorEventConnection::mWakeLockRefCount) should
876 // not be interleaved with decrementing SensorEventConnection::mWakeLockRefCount and
877 // releasing the wakelock.
878 uint32_t wakeEvents = 0;
879 for (int i = 0; i < count; i++) {
880 if (isWakeUpSensorEvent(mSensorEventBuffer[i])) {
881 wakeEvents++;
882 }
883 }
884
885 if (wakeEvents > 0) {
886 if (!mWakeLockAcquired) {
887 setWakeLockAcquiredLocked(true);
888 }
889 device.writeWakeLockHandled(wakeEvents);
890 }
891 recordLastValueLocked(mSensorEventBuffer, count);
892
893 // handle virtual sensors
894 if (count && vcount) {
895 sensors_event_t const * const event = mSensorEventBuffer;
896 if (!mActiveVirtualSensors.empty()) {
897 size_t k = 0;
898 SensorFusion& fusion(SensorFusion::getInstance());
899 if (fusion.isEnabled()) {
900 for (size_t i=0 ; i<size_t(count) ; i++) {
901 fusion.process(event[i]);
902 }
903 }
904 for (size_t i=0 ; i<size_t(count) && k<minBufferSize ; i++) {
905 for (int handle : mActiveVirtualSensors) {
906 if (count + k >= minBufferSize) {
907 ALOGE("buffer too small to hold all events: "
908 "count=%zd, k=%zu, size=%zu",
909 count, k, minBufferSize);
910 break;
911 }
912 sensors_event_t out;
913 sp<SensorInterface> si = mSensors.getInterface(handle);
914 if (si == nullptr) {
915 ALOGE("handle %d is not an valid virtual sensor", handle);
916 continue;
917 }
918
919 if (si->process(&out, event[i])) {
920 mSensorEventBuffer[count + k] = out;
921 k++;
922 }
923 }
924 }
925 if (k) {
926 // record the last synthesized values
927 recordLastValueLocked(&mSensorEventBuffer[count], k);
928 count += k;
929 // sort the buffer by time-stamps
930 sortEventBuffer(mSensorEventBuffer, count);
931 }
932 }
933 }
934
935 // handle backward compatibility for RotationVector sensor
936 if (halVersion < SENSORS_DEVICE_API_VERSION_1_0) {
937 for (int i = 0; i < count; i++) {
938 if (mSensorEventBuffer[i].type == SENSOR_TYPE_ROTATION_VECTOR) {
939 // All the 4 components of the quaternion should be available
940 // No heading accuracy. Set it to -1
941 mSensorEventBuffer[i].data[4] = -1;
942 }
943 }
944 }
945
946 // Cache the list of active connections, since we use it in multiple places below but won't
947 // modify it here
948 const std::vector<sp<SensorEventConnection>> activeConnections = connLock.getActiveConnections();
949
950 for (int i = 0; i < count; ++i) {
951 // Map flush_complete_events in the buffer to SensorEventConnections which called flush
952 // on the hardware sensor. mapFlushEventsToConnections[i] will be the
953 // SensorEventConnection mapped to the corresponding flush_complete_event in
954 // mSensorEventBuffer[i] if such a mapping exists (NULL otherwise).
955 mMapFlushEventsToConnections[i] = nullptr;
956 if (mSensorEventBuffer[i].type == SENSOR_TYPE_META_DATA) {
957 const int sensor_handle = mSensorEventBuffer[i].meta_data.sensor;
958 SensorRecord* rec = mActiveSensors.valueFor(sensor_handle);
959 if (rec != nullptr) {
960 mMapFlushEventsToConnections[i] = rec->getFirstPendingFlushConnection();
961 rec->removeFirstPendingFlushConnection();
962 }
963 }
964
965 // handle dynamic sensor meta events, process registration and unregistration of dynamic
966 // sensor based on content of event.
967 if (mSensorEventBuffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META) {
968 if (mSensorEventBuffer[i].dynamic_sensor_meta.connected) {
969 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
970 const sensor_t& dynamicSensor =
971 *(mSensorEventBuffer[i].dynamic_sensor_meta.sensor);
972 ALOGI("Dynamic sensor handle 0x%x connected, type %d, name %s",
973 handle, dynamicSensor.type, dynamicSensor.name);
974
975 if (mSensors.isNewHandle(handle)) {
976 const auto& uuid = mSensorEventBuffer[i].dynamic_sensor_meta.uuid;
977 sensor_t s = dynamicSensor;
978 // make sure the dynamic sensor flag is set
979 s.flags |= DYNAMIC_SENSOR_MASK;
980 // force the handle to be consistent
981 s.handle = handle;
982
983 SensorInterface *si = new HardwareSensor(s, uuid);
984
985 // This will release hold on dynamic sensor meta, so it should be called
986 // after Sensor object is created.
987 device.handleDynamicSensorConnection(handle, true /*connected*/);
988 registerDynamicSensorLocked(si);
989 } else {
990 ALOGE("Handle %d has been used, cannot use again before reboot.", handle);
991 }
992 } else {
993 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
994 ALOGI("Dynamic sensor handle 0x%x disconnected", handle);
995
996 device.handleDynamicSensorConnection(handle, false /*connected*/);
997 if (!unregisterDynamicSensorLocked(handle)) {
998 ALOGE("Dynamic sensor release error.");
999 }
1000
1001 for (const sp<SensorEventConnection>& connection : activeConnections) {
1002 connection->removeSensor(handle);
1003 }
1004 }
1005 }
1006 }
1007
1008 // Send our events to clients. Check the state of wake lock for each client and release the
1009 // lock if none of the clients need it.
1010 bool needsWakeLock = false;
1011 for (const sp<SensorEventConnection>& connection : activeConnections) {
1012 connection->sendEvents(mSensorEventBuffer, count, mSensorEventScratch,
1013 mMapFlushEventsToConnections);
1014 needsWakeLock |= connection->needsWakeLock();
1015 // If the connection has one-shot sensors, it may be cleaned up after first trigger.
1016 // Early check for one-shot sensors.
1017 if (connection->hasOneShotSensors()) {
1018 cleanupAutoDisabledSensorLocked(connection, mSensorEventBuffer, count);
1019 }
1020 }
1021
1022 if (mWakeLockAcquired && !needsWakeLock) {
1023 setWakeLockAcquiredLocked(false);
1024 }
1025 } while (!Thread::exitPending());
1026
1027 ALOGW("Exiting SensorService::threadLoop => aborting...");
1028 abort();
1029 return false;
1030 }
1031
getLooper() const1032 sp<Looper> SensorService::getLooper() const {
1033 return mLooper;
1034 }
1035
resetAllWakeLockRefCounts()1036 void SensorService::resetAllWakeLockRefCounts() {
1037 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1038 for (const sp<SensorEventConnection>& connection : connLock.getActiveConnections()) {
1039 connection->resetWakeLockRefCount();
1040 }
1041 setWakeLockAcquiredLocked(false);
1042 }
1043
setWakeLockAcquiredLocked(bool acquire)1044 void SensorService::setWakeLockAcquiredLocked(bool acquire) {
1045 if (acquire) {
1046 if (!mWakeLockAcquired) {
1047 acquire_wake_lock(PARTIAL_WAKE_LOCK, WAKE_LOCK_NAME);
1048 mWakeLockAcquired = true;
1049 }
1050 mLooper->wake();
1051 } else {
1052 if (mWakeLockAcquired) {
1053 release_wake_lock(WAKE_LOCK_NAME);
1054 mWakeLockAcquired = false;
1055 }
1056 }
1057 }
1058
isWakeLockAcquired()1059 bool SensorService::isWakeLockAcquired() {
1060 Mutex::Autolock _l(mLock);
1061 return mWakeLockAcquired;
1062 }
1063
threadLoop()1064 bool SensorService::SensorEventAckReceiver::threadLoop() {
1065 ALOGD("new thread SensorEventAckReceiver");
1066 sp<Looper> looper = mService->getLooper();
1067 do {
1068 bool wakeLockAcquired = mService->isWakeLockAcquired();
1069 int timeout = -1;
1070 if (wakeLockAcquired) timeout = 5000;
1071 int ret = looper->pollOnce(timeout);
1072 if (ret == ALOOPER_POLL_TIMEOUT) {
1073 mService->resetAllWakeLockRefCounts();
1074 }
1075 } while(!Thread::exitPending());
1076 return false;
1077 }
1078
recordLastValueLocked(const sensors_event_t * buffer,size_t count)1079 void SensorService::recordLastValueLocked(
1080 const sensors_event_t* buffer, size_t count) {
1081 for (size_t i = 0; i < count; i++) {
1082 if (buffer[i].type == SENSOR_TYPE_META_DATA ||
1083 buffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META ||
1084 buffer[i].type == SENSOR_TYPE_ADDITIONAL_INFO) {
1085 continue;
1086 }
1087
1088 auto logger = mRecentEvent.find(buffer[i].sensor);
1089 if (logger != mRecentEvent.end()) {
1090 logger->second->addEvent(buffer[i]);
1091 }
1092 }
1093 }
1094
sortEventBuffer(sensors_event_t * buffer,size_t count)1095 void SensorService::sortEventBuffer(sensors_event_t* buffer, size_t count) {
1096 struct compar {
1097 static int cmp(void const* lhs, void const* rhs) {
1098 sensors_event_t const* l = static_cast<sensors_event_t const*>(lhs);
1099 sensors_event_t const* r = static_cast<sensors_event_t const*>(rhs);
1100 return l->timestamp - r->timestamp;
1101 }
1102 };
1103 qsort(buffer, count, sizeof(sensors_event_t), compar::cmp);
1104 }
1105
getSensorName(int handle) const1106 String8 SensorService::getSensorName(int handle) const {
1107 return mSensors.getName(handle);
1108 }
1109
isVirtualSensor(int handle) const1110 bool SensorService::isVirtualSensor(int handle) const {
1111 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1112 return sensor != nullptr && sensor->isVirtual();
1113 }
1114
isWakeUpSensorEvent(const sensors_event_t & event) const1115 bool SensorService::isWakeUpSensorEvent(const sensors_event_t& event) const {
1116 int handle = event.sensor;
1117 if (event.type == SENSOR_TYPE_META_DATA) {
1118 handle = event.meta_data.sensor;
1119 }
1120 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1121 return sensor != nullptr && sensor->getSensor().isWakeUpSensor();
1122 }
1123
getIdFromUuid(const Sensor::uuid_t & uuid) const1124 int32_t SensorService::getIdFromUuid(const Sensor::uuid_t &uuid) const {
1125 if ((uuid.i64[0] == 0) && (uuid.i64[1] == 0)) {
1126 // UUID is not supported for this device.
1127 return 0;
1128 }
1129 if ((uuid.i64[0] == INT64_C(~0)) && (uuid.i64[1] == INT64_C(~0))) {
1130 // This sensor can be uniquely identified in the system by
1131 // the combination of its type and name.
1132 return -1;
1133 }
1134
1135 // We have a dynamic sensor.
1136
1137 if (!sHmacGlobalKeyIsValid) {
1138 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
1139 ALOGW("HMAC key failure; dynamic sensor getId() will be wrong.");
1140 return 0;
1141 }
1142
1143 // We want each app author/publisher to get a different ID, so that the
1144 // same dynamic sensor cannot be tracked across apps by multiple
1145 // authors/publishers. So we use both our UUID and our User ID.
1146 // Note potential confusion:
1147 // UUID => Universally Unique Identifier.
1148 // UID => User Identifier.
1149 // We refrain from using "uid" except as needed by API to try to
1150 // keep this distinction clear.
1151
1152 auto appUserId = IPCThreadState::self()->getCallingUid();
1153 uint8_t uuidAndApp[sizeof(uuid) + sizeof(appUserId)];
1154 memcpy(uuidAndApp, &uuid, sizeof(uuid));
1155 memcpy(uuidAndApp + sizeof(uuid), &appUserId, sizeof(appUserId));
1156
1157 // Now we use our key on our UUID/app combo to get the hash.
1158 uint8_t hash[EVP_MAX_MD_SIZE];
1159 unsigned int hashLen;
1160 if (HMAC(EVP_sha256(),
1161 sHmacGlobalKey, sizeof(sHmacGlobalKey),
1162 uuidAndApp, sizeof(uuidAndApp),
1163 hash, &hashLen) == nullptr) {
1164 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
1165 ALOGW("HMAC failure; dynamic sensor getId() will be wrong.");
1166 return 0;
1167 }
1168
1169 int32_t id = 0;
1170 if (hashLen < sizeof(id)) {
1171 // We never expect this case, but out of paranoia, we handle it.
1172 // Our 'id' length is already quite small, we don't want the
1173 // effective length of it to be even smaller.
1174 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
1175 ALOGW("HMAC insufficient; dynamic sensor getId() will be wrong.");
1176 return 0;
1177 }
1178
1179 // This is almost certainly less than all of 'hash', but it's as secure
1180 // as we can be with our current 'id' length.
1181 memcpy(&id, hash, sizeof(id));
1182
1183 // Note at the beginning of the function that we return the values of
1184 // 0 and -1 to represent special cases. As a result, we can't return
1185 // those as dynamic sensor IDs. If we happened to hash to one of those
1186 // values, we change 'id' so we report as a dynamic sensor, and not as
1187 // one of those special cases.
1188 if (id == -1) {
1189 id = -2;
1190 } else if (id == 0) {
1191 id = 1;
1192 }
1193 return id;
1194 }
1195
makeUuidsIntoIdsForSensorList(Vector<Sensor> & sensorList) const1196 void SensorService::makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const {
1197 for (auto &sensor : sensorList) {
1198 int32_t id = getIdFromUuid(sensor.getUuid());
1199 sensor.setId(id);
1200 }
1201 }
1202
getSensorList(const String16 &)1203 Vector<Sensor> SensorService::getSensorList(const String16& /* opPackageName */) {
1204 char value[PROPERTY_VALUE_MAX];
1205 property_get("debug.sensors", value, "0");
1206 const Vector<Sensor>& initialSensorList = (atoi(value)) ?
1207 mSensors.getUserDebugSensors() : mSensors.getUserSensors();
1208 Vector<Sensor> accessibleSensorList;
1209 for (size_t i = 0; i < initialSensorList.size(); i++) {
1210 Sensor sensor = initialSensorList[i];
1211 accessibleSensorList.add(sensor);
1212 }
1213 makeUuidsIntoIdsForSensorList(accessibleSensorList);
1214 return accessibleSensorList;
1215 }
1216
getDynamicSensorList(const String16 & opPackageName)1217 Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
1218 Vector<Sensor> accessibleSensorList;
1219 mSensors.forEachSensor(
1220 [&opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
1221 if (sensor.isDynamicSensor()) {
1222 if (canAccessSensor(sensor, "getDynamicSensorList", opPackageName)) {
1223 accessibleSensorList.add(sensor);
1224 } else {
1225 ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
1226 sensor.getName().string(),
1227 sensor.getRequiredPermission().string(),
1228 sensor.getRequiredAppOp());
1229 }
1230 }
1231 return true;
1232 });
1233 makeUuidsIntoIdsForSensorList(accessibleSensorList);
1234 return accessibleSensorList;
1235 }
1236
createSensorEventConnection(const String8 & packageName,int requestedMode,const String16 & opPackageName)1237 sp<ISensorEventConnection> SensorService::createSensorEventConnection(const String8& packageName,
1238 int requestedMode, const String16& opPackageName) {
1239 // Only 2 modes supported for a SensorEventConnection ... NORMAL and DATA_INJECTION.
1240 if (requestedMode != NORMAL && requestedMode != DATA_INJECTION) {
1241 return nullptr;
1242 }
1243
1244 Mutex::Autolock _l(mLock);
1245 // To create a client in DATA_INJECTION mode to inject data, SensorService should already be
1246 // operating in DI mode.
1247 if (requestedMode == DATA_INJECTION) {
1248 if (mCurrentOperatingMode != DATA_INJECTION) return nullptr;
1249 if (!isWhiteListedPackage(packageName)) return nullptr;
1250 }
1251
1252 uid_t uid = IPCThreadState::self()->getCallingUid();
1253 pid_t pid = IPCThreadState::self()->getCallingPid();
1254
1255 String8 connPackageName =
1256 (packageName == "") ? String8::format("unknown_package_pid_%d", pid) : packageName;
1257 String16 connOpPackageName =
1258 (opPackageName == String16("")) ? String16(connPackageName) : opPackageName;
1259 sp<SensorEventConnection> result(new SensorEventConnection(this, uid, connPackageName,
1260 requestedMode == DATA_INJECTION, connOpPackageName));
1261 if (requestedMode == DATA_INJECTION) {
1262 mConnectionHolder.addEventConnectionIfNotPresent(result);
1263 // Add the associated file descriptor to the Looper for polling whenever there is data to
1264 // be injected.
1265 result->updateLooperRegistration(mLooper);
1266 }
1267 return result;
1268 }
1269
isDataInjectionEnabled()1270 int SensorService::isDataInjectionEnabled() {
1271 Mutex::Autolock _l(mLock);
1272 return (mCurrentOperatingMode == DATA_INJECTION);
1273 }
1274
createSensorDirectConnection(const String16 & opPackageName,uint32_t size,int32_t type,int32_t format,const native_handle * resource)1275 sp<ISensorEventConnection> SensorService::createSensorDirectConnection(
1276 const String16& opPackageName, uint32_t size, int32_t type, int32_t format,
1277 const native_handle *resource) {
1278 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1279
1280 // No new direct connections are allowed when sensor privacy is enabled
1281 if (mSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
1282 ALOGE("Cannot create new direct connections when sensor privacy is enabled");
1283 return nullptr;
1284 }
1285
1286 struct sensors_direct_mem_t mem = {
1287 .type = type,
1288 .format = format,
1289 .size = size,
1290 .handle = resource,
1291 };
1292 uid_t uid = IPCThreadState::self()->getCallingUid();
1293
1294 if (mem.handle == nullptr) {
1295 ALOGE("Failed to clone resource handle");
1296 return nullptr;
1297 }
1298
1299 // check format
1300 if (format != SENSOR_DIRECT_FMT_SENSORS_EVENT) {
1301 ALOGE("Direct channel format %d is unsupported!", format);
1302 return nullptr;
1303 }
1304
1305 // check for duplication
1306 for (const sp<SensorDirectConnection>& connection : connLock.getDirectConnections()) {
1307 if (connection->isEquivalent(&mem)) {
1308 ALOGE("Duplicate create channel request for the same share memory");
1309 return nullptr;
1310 }
1311 }
1312
1313 // check specific to memory type
1314 switch(type) {
1315 case SENSOR_DIRECT_MEM_TYPE_ASHMEM: { // channel backed by ashmem
1316 if (resource->numFds < 1) {
1317 ALOGE("Ashmem direct channel requires a memory region to be supplied");
1318 android_errorWriteLog(0x534e4554, "70986337"); // SafetyNet
1319 return nullptr;
1320 }
1321 int fd = resource->data[0];
1322 if (!ashmem_valid(fd)) {
1323 ALOGE("Supplied Ashmem memory region is invalid");
1324 return nullptr;
1325 }
1326
1327 int size2 = ashmem_get_size_region(fd);
1328 // check size consistency
1329 if (size2 < static_cast<int64_t>(size)) {
1330 ALOGE("Ashmem direct channel size %" PRIu32 " greater than shared memory size %d",
1331 size, size2);
1332 return nullptr;
1333 }
1334 break;
1335 }
1336 case SENSOR_DIRECT_MEM_TYPE_GRALLOC:
1337 // no specific checks for gralloc
1338 break;
1339 default:
1340 ALOGE("Unknown direct connection memory type %d", type);
1341 return nullptr;
1342 }
1343
1344 native_handle_t *clone = native_handle_clone(resource);
1345 if (!clone) {
1346 return nullptr;
1347 }
1348
1349 sp<SensorDirectConnection> conn;
1350 SensorDevice& dev(SensorDevice::getInstance());
1351 int channelHandle = dev.registerDirectChannel(&mem);
1352
1353 if (channelHandle <= 0) {
1354 ALOGE("SensorDevice::registerDirectChannel returns %d", channelHandle);
1355 } else {
1356 mem.handle = clone;
1357 conn = new SensorDirectConnection(this, uid, &mem, channelHandle, opPackageName);
1358 }
1359
1360 if (conn == nullptr) {
1361 native_handle_close(clone);
1362 native_handle_delete(clone);
1363 } else {
1364 // add to list of direct connections
1365 // sensor service should never hold pointer or sp of SensorDirectConnection object.
1366 mConnectionHolder.addDirectConnection(conn);
1367 }
1368 return conn;
1369 }
1370
setOperationParameter(int32_t handle,int32_t type,const Vector<float> & floats,const Vector<int32_t> & ints)1371 int SensorService::setOperationParameter(
1372 int32_t handle, int32_t type,
1373 const Vector<float> &floats, const Vector<int32_t> &ints) {
1374 Mutex::Autolock _l(mLock);
1375
1376 if (!checkCallingPermission(sLocationHardwarePermission, nullptr, nullptr)) {
1377 return PERMISSION_DENIED;
1378 }
1379
1380 bool isFloat = true;
1381 bool isCustom = false;
1382 size_t expectSize = INT32_MAX;
1383 switch (type) {
1384 case AINFO_LOCAL_GEOMAGNETIC_FIELD:
1385 isFloat = true;
1386 expectSize = 3;
1387 break;
1388 case AINFO_LOCAL_GRAVITY:
1389 isFloat = true;
1390 expectSize = 1;
1391 break;
1392 case AINFO_DOCK_STATE:
1393 case AINFO_HIGH_PERFORMANCE_MODE:
1394 case AINFO_MAGNETIC_FIELD_CALIBRATION:
1395 isFloat = false;
1396 expectSize = 1;
1397 break;
1398 default:
1399 // CUSTOM events must only contain float data; it may have variable size
1400 if (type < AINFO_CUSTOM_START || type >= AINFO_DEBUGGING_START ||
1401 ints.size() ||
1402 sizeof(additional_info_event_t::data_float)/sizeof(float) < floats.size() ||
1403 handle < 0) {
1404 return BAD_VALUE;
1405 }
1406 isFloat = true;
1407 isCustom = true;
1408 expectSize = floats.size();
1409 break;
1410 }
1411
1412 if (!isCustom && handle != -1) {
1413 return BAD_VALUE;
1414 }
1415
1416 // three events: first one is begin tag, last one is end tag, the one in the middle
1417 // is the payload.
1418 sensors_event_t event[3];
1419 int64_t timestamp = elapsedRealtimeNano();
1420 for (sensors_event_t* i = event; i < event + 3; i++) {
1421 *i = (sensors_event_t) {
1422 .version = sizeof(sensors_event_t),
1423 .sensor = handle,
1424 .type = SENSOR_TYPE_ADDITIONAL_INFO,
1425 .timestamp = timestamp++,
1426 .additional_info = (additional_info_event_t) {
1427 .serial = 0
1428 }
1429 };
1430 }
1431
1432 event[0].additional_info.type = AINFO_BEGIN;
1433 event[1].additional_info.type = type;
1434 event[2].additional_info.type = AINFO_END;
1435
1436 if (isFloat) {
1437 if (floats.size() != expectSize) {
1438 return BAD_VALUE;
1439 }
1440 for (size_t i = 0; i < expectSize; ++i) {
1441 event[1].additional_info.data_float[i] = floats[i];
1442 }
1443 } else {
1444 if (ints.size() != expectSize) {
1445 return BAD_VALUE;
1446 }
1447 for (size_t i = 0; i < expectSize; ++i) {
1448 event[1].additional_info.data_int32[i] = ints[i];
1449 }
1450 }
1451
1452 SensorDevice& dev(SensorDevice::getInstance());
1453 for (sensors_event_t* i = event; i < event + 3; i++) {
1454 int ret = dev.injectSensorData(i);
1455 if (ret != NO_ERROR) {
1456 return ret;
1457 }
1458 }
1459 return NO_ERROR;
1460 }
1461
resetToNormalMode()1462 status_t SensorService::resetToNormalMode() {
1463 Mutex::Autolock _l(mLock);
1464 return resetToNormalModeLocked();
1465 }
1466
resetToNormalModeLocked()1467 status_t SensorService::resetToNormalModeLocked() {
1468 SensorDevice& dev(SensorDevice::getInstance());
1469 status_t err = dev.setMode(NORMAL);
1470 if (err == NO_ERROR) {
1471 mCurrentOperatingMode = NORMAL;
1472 dev.enableAllSensors();
1473 }
1474 return err;
1475 }
1476
cleanupConnection(SensorEventConnection * c)1477 void SensorService::cleanupConnection(SensorEventConnection* c) {
1478 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1479 const wp<SensorEventConnection> connection(c);
1480 size_t size = mActiveSensors.size();
1481 ALOGD_IF(DEBUG_CONNECTIONS, "%zu active sensors", size);
1482 for (size_t i=0 ; i<size ; ) {
1483 int handle = mActiveSensors.keyAt(i);
1484 if (c->hasSensor(handle)) {
1485 ALOGD_IF(DEBUG_CONNECTIONS, "%zu: disabling handle=0x%08x", i, handle);
1486 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1487 if (sensor != nullptr) {
1488 sensor->activate(c, false);
1489 } else {
1490 ALOGE("sensor interface of handle=0x%08x is null!", handle);
1491 }
1492 c->removeSensor(handle);
1493 }
1494 SensorRecord* rec = mActiveSensors.valueAt(i);
1495 ALOGE_IF(!rec, "mActiveSensors[%zu] is null (handle=0x%08x)!", i, handle);
1496 ALOGD_IF(DEBUG_CONNECTIONS,
1497 "removing connection %p for sensor[%zu].handle=0x%08x",
1498 c, i, handle);
1499
1500 if (rec && rec->removeConnection(connection)) {
1501 ALOGD_IF(DEBUG_CONNECTIONS, "... and it was the last connection");
1502 mActiveSensors.removeItemsAt(i, 1);
1503 mActiveVirtualSensors.erase(handle);
1504 delete rec;
1505 size--;
1506 } else {
1507 i++;
1508 }
1509 }
1510 c->updateLooperRegistration(mLooper);
1511 mConnectionHolder.removeEventConnection(connection);
1512 BatteryService::cleanup(c->getUid());
1513 if (c->needsWakeLock()) {
1514 checkWakeLockStateLocked(&connLock);
1515 }
1516
1517 {
1518 Mutex::Autolock packageLock(sPackageTargetVersionLock);
1519 auto iter = sPackageTargetVersion.find(c->mOpPackageName);
1520 if (iter != sPackageTargetVersion.end()) {
1521 sPackageTargetVersion.erase(iter);
1522 }
1523 }
1524
1525 SensorDevice& dev(SensorDevice::getInstance());
1526 dev.notifyConnectionDestroyed(c);
1527 }
1528
cleanupConnection(SensorDirectConnection * c)1529 void SensorService::cleanupConnection(SensorDirectConnection* c) {
1530 Mutex::Autolock _l(mLock);
1531
1532 SensorDevice& dev(SensorDevice::getInstance());
1533 dev.unregisterDirectChannel(c->getHalChannelHandle());
1534 mConnectionHolder.removeDirectConnection(c);
1535 }
1536
getSensorInterfaceFromHandle(int handle) const1537 sp<SensorInterface> SensorService::getSensorInterfaceFromHandle(int handle) const {
1538 return mSensors.getInterface(handle);
1539 }
1540
enable(const sp<SensorEventConnection> & connection,int handle,nsecs_t samplingPeriodNs,nsecs_t maxBatchReportLatencyNs,int reservedFlags,const String16 & opPackageName)1541 status_t SensorService::enable(const sp<SensorEventConnection>& connection,
1542 int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
1543 const String16& opPackageName) {
1544 if (mInitCheck != NO_ERROR)
1545 return mInitCheck;
1546
1547 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1548 if (sensor == nullptr ||
1549 !canAccessSensor(sensor->getSensor(), "Tried enabling", opPackageName)) {
1550 return BAD_VALUE;
1551 }
1552
1553 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1554 if (mCurrentOperatingMode != NORMAL
1555 && !isWhiteListedPackage(connection->getPackageName())) {
1556 return INVALID_OPERATION;
1557 }
1558
1559 SensorRecord* rec = mActiveSensors.valueFor(handle);
1560 if (rec == nullptr) {
1561 rec = new SensorRecord(connection);
1562 mActiveSensors.add(handle, rec);
1563 if (sensor->isVirtual()) {
1564 mActiveVirtualSensors.emplace(handle);
1565 }
1566
1567 // There was no SensorRecord for this sensor which means it was previously disabled. Mark
1568 // the recent event as stale to ensure that the previous event is not sent to a client. This
1569 // ensures on-change events that were generated during a previous sensor activation are not
1570 // erroneously sent to newly connected clients, especially if a second client registers for
1571 // an on-change sensor before the first client receives the updated event. Once an updated
1572 // event is received, the recent events will be marked as current, and any new clients will
1573 // immediately receive the most recent event.
1574 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
1575 auto logger = mRecentEvent.find(handle);
1576 if (logger != mRecentEvent.end()) {
1577 logger->second->setLastEventStale();
1578 }
1579 }
1580 } else {
1581 if (rec->addConnection(connection)) {
1582 // this sensor is already activated, but we are adding a connection that uses it.
1583 // Immediately send down the last known value of the requested sensor if it's not a
1584 // "continuous" sensor.
1585 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
1586 // NOTE: The wake_up flag of this event may get set to
1587 // WAKE_UP_SENSOR_EVENT_NEEDS_ACK if this is a wake_up event.
1588
1589 auto logger = mRecentEvent.find(handle);
1590 if (logger != mRecentEvent.end()) {
1591 sensors_event_t event;
1592 // Verify that the last sensor event was generated from the current activation
1593 // of the sensor. If not, it is possible for an on-change sensor to receive a
1594 // sensor event that is stale if two clients re-activate the sensor
1595 // simultaneously.
1596 if(logger->second->populateLastEventIfCurrent(&event)) {
1597 event.sensor = handle;
1598 if (event.version == sizeof(sensors_event_t)) {
1599 if (isWakeUpSensorEvent(event) && !mWakeLockAcquired) {
1600 setWakeLockAcquiredLocked(true);
1601 }
1602 connection->sendEvents(&event, 1, nullptr);
1603 if (!connection->needsWakeLock() && mWakeLockAcquired) {
1604 checkWakeLockStateLocked(&connLock);
1605 }
1606 }
1607 }
1608 }
1609 }
1610 }
1611 }
1612
1613 if (connection->addSensor(handle)) {
1614 BatteryService::enableSensor(connection->getUid(), handle);
1615 // the sensor was added (which means it wasn't already there)
1616 // so, see if this connection becomes active
1617 mConnectionHolder.addEventConnectionIfNotPresent(connection);
1618 } else {
1619 ALOGW("sensor %08x already enabled in connection %p (ignoring)",
1620 handle, connection.get());
1621 }
1622
1623 // Check maximum delay for the sensor.
1624 nsecs_t maxDelayNs = sensor->getSensor().getMaxDelay() * 1000LL;
1625 if (maxDelayNs > 0 && (samplingPeriodNs > maxDelayNs)) {
1626 samplingPeriodNs = maxDelayNs;
1627 }
1628
1629 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1630 if (samplingPeriodNs < minDelayNs) {
1631 samplingPeriodNs = minDelayNs;
1632 }
1633
1634 ALOGD_IF(DEBUG_CONNECTIONS, "Calling batch handle==%d flags=%d"
1635 "rate=%" PRId64 " timeout== %" PRId64"",
1636 handle, reservedFlags, samplingPeriodNs, maxBatchReportLatencyNs);
1637
1638 status_t err = sensor->batch(connection.get(), handle, 0, samplingPeriodNs,
1639 maxBatchReportLatencyNs);
1640
1641 // Call flush() before calling activate() on the sensor. Wait for a first
1642 // flush complete event before sending events on this connection. Ignore
1643 // one-shot sensors which don't support flush(). Ignore on-change sensors
1644 // to maintain the on-change logic (any on-change events except the initial
1645 // one should be trigger by a change in value). Also if this sensor isn't
1646 // already active, don't call flush().
1647 if (err == NO_ERROR &&
1648 sensor->getSensor().getReportingMode() == AREPORTING_MODE_CONTINUOUS &&
1649 rec->getNumConnections() > 1) {
1650 connection->setFirstFlushPending(handle, true);
1651 status_t err_flush = sensor->flush(connection.get(), handle);
1652 // Flush may return error if the underlying h/w sensor uses an older HAL.
1653 if (err_flush == NO_ERROR) {
1654 rec->addPendingFlushConnection(connection.get());
1655 } else {
1656 connection->setFirstFlushPending(handle, false);
1657 }
1658 }
1659
1660 if (err == NO_ERROR) {
1661 ALOGD_IF(DEBUG_CONNECTIONS, "Calling activate on %d", handle);
1662 err = sensor->activate(connection.get(), true);
1663 }
1664
1665 if (err == NO_ERROR) {
1666 connection->updateLooperRegistration(mLooper);
1667
1668 if (sensor->getSensor().getRequiredPermission().size() > 0 &&
1669 sensor->getSensor().getRequiredAppOp() >= 0) {
1670 connection->mHandleToAppOp[handle] = sensor->getSensor().getRequiredAppOp();
1671 }
1672
1673 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
1674 SensorRegistrationInfo(handle, connection->getPackageName(),
1675 samplingPeriodNs, maxBatchReportLatencyNs, true);
1676 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1677 }
1678
1679 if (err != NO_ERROR) {
1680 // batch/activate has failed, reset our state.
1681 cleanupWithoutDisableLocked(connection, handle);
1682 }
1683 return err;
1684 }
1685
disable(const sp<SensorEventConnection> & connection,int handle)1686 status_t SensorService::disable(const sp<SensorEventConnection>& connection, int handle) {
1687 if (mInitCheck != NO_ERROR)
1688 return mInitCheck;
1689
1690 Mutex::Autolock _l(mLock);
1691 status_t err = cleanupWithoutDisableLocked(connection, handle);
1692 if (err == NO_ERROR) {
1693 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1694 err = sensor != nullptr ? sensor->activate(connection.get(), false) : status_t(BAD_VALUE);
1695
1696 }
1697 if (err == NO_ERROR) {
1698 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
1699 SensorRegistrationInfo(handle, connection->getPackageName(), 0, 0, false);
1700 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1701 }
1702 return err;
1703 }
1704
cleanupWithoutDisable(const sp<SensorEventConnection> & connection,int handle)1705 status_t SensorService::cleanupWithoutDisable(
1706 const sp<SensorEventConnection>& connection, int handle) {
1707 Mutex::Autolock _l(mLock);
1708 return cleanupWithoutDisableLocked(connection, handle);
1709 }
1710
cleanupWithoutDisableLocked(const sp<SensorEventConnection> & connection,int handle)1711 status_t SensorService::cleanupWithoutDisableLocked(
1712 const sp<SensorEventConnection>& connection, int handle) {
1713 SensorRecord* rec = mActiveSensors.valueFor(handle);
1714 if (rec) {
1715 // see if this connection becomes inactive
1716 if (connection->removeSensor(handle)) {
1717 BatteryService::disableSensor(connection->getUid(), handle);
1718 }
1719 if (connection->hasAnySensor() == false) {
1720 connection->updateLooperRegistration(mLooper);
1721 mConnectionHolder.removeEventConnection(connection);
1722 }
1723 // see if this sensor becomes inactive
1724 if (rec->removeConnection(connection)) {
1725 mActiveSensors.removeItem(handle);
1726 mActiveVirtualSensors.erase(handle);
1727 delete rec;
1728 }
1729 return NO_ERROR;
1730 }
1731 return BAD_VALUE;
1732 }
1733
setEventRate(const sp<SensorEventConnection> & connection,int handle,nsecs_t ns,const String16 & opPackageName)1734 status_t SensorService::setEventRate(const sp<SensorEventConnection>& connection,
1735 int handle, nsecs_t ns, const String16& opPackageName) {
1736 if (mInitCheck != NO_ERROR)
1737 return mInitCheck;
1738
1739 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1740 if (sensor == nullptr ||
1741 !canAccessSensor(sensor->getSensor(), "Tried configuring", opPackageName)) {
1742 return BAD_VALUE;
1743 }
1744
1745 if (ns < 0)
1746 return BAD_VALUE;
1747
1748 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1749 if (ns < minDelayNs) {
1750 ns = minDelayNs;
1751 }
1752
1753 return sensor->setDelay(connection.get(), handle, ns);
1754 }
1755
flushSensor(const sp<SensorEventConnection> & connection,const String16 & opPackageName)1756 status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
1757 const String16& opPackageName) {
1758 if (mInitCheck != NO_ERROR) return mInitCheck;
1759 SensorDevice& dev(SensorDevice::getInstance());
1760 const int halVersion = dev.getHalDeviceVersion();
1761 status_t err(NO_ERROR);
1762 Mutex::Autolock _l(mLock);
1763 // Loop through all sensors for this connection and call flush on each of them.
1764 for (int handle : connection->getActiveSensorHandles()) {
1765 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1766 if (sensor == nullptr) {
1767 continue;
1768 }
1769 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
1770 ALOGE("flush called on a one-shot sensor");
1771 err = INVALID_OPERATION;
1772 continue;
1773 }
1774 if (halVersion <= SENSORS_DEVICE_API_VERSION_1_0 || isVirtualSensor(handle)) {
1775 // For older devices just increment pending flush count which will send a trivial
1776 // flush complete event.
1777 if (!connection->incrementPendingFlushCountIfHasAccess(handle)) {
1778 ALOGE("flush called on an inaccessible sensor");
1779 err = INVALID_OPERATION;
1780 }
1781 } else {
1782 if (!canAccessSensor(sensor->getSensor(), "Tried flushing", opPackageName)) {
1783 err = INVALID_OPERATION;
1784 continue;
1785 }
1786 status_t err_flush = sensor->flush(connection.get(), handle);
1787 if (err_flush == NO_ERROR) {
1788 SensorRecord* rec = mActiveSensors.valueFor(handle);
1789 if (rec != nullptr) rec->addPendingFlushConnection(connection);
1790 }
1791 err = (err_flush != NO_ERROR) ? err_flush : err;
1792 }
1793 }
1794 return err;
1795 }
1796
canAccessSensor(const Sensor & sensor,const char * operation,const String16 & opPackageName)1797 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
1798 const String16& opPackageName) {
1799 // Check if a permission is required for this sensor
1800 if (sensor.getRequiredPermission().length() <= 0) {
1801 return true;
1802 }
1803
1804 const int32_t opCode = sensor.getRequiredAppOp();
1805 const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
1806 IPCThreadState::self()->getCallingUid(), opPackageName);
1807 bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED;
1808 int targetSdkVersion = getTargetSdkVersion(opPackageName);
1809
1810 bool canAccess = false;
1811 if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__ &&
1812 (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||
1813 sensor.getType() == SENSOR_TYPE_STEP_DETECTOR)) {
1814 // Allow access to step sensors if the application targets pre-Q, which is before the
1815 // requirement to hold the AR permission to access Step Counter and Step Detector events
1816 // was introduced.
1817 canAccess = true;
1818 } else if (hasPermissionForSensor(sensor)) {
1819 // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
1820 if (opCode < 0 || appOpAllowed) {
1821 canAccess = true;
1822 }
1823 }
1824
1825 if (canAccess) {
1826 sAppOpsManager.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName);
1827 } else {
1828 ALOGE("%s %s a sensor (%s) without holding %s", String8(opPackageName).string(),
1829 operation, sensor.getName().string(), sensor.getRequiredPermission().string());
1830 }
1831
1832 return canAccess;
1833 }
1834
hasPermissionForSensor(const Sensor & sensor)1835 bool SensorService::hasPermissionForSensor(const Sensor& sensor) {
1836 bool hasPermission = false;
1837 const String8& requiredPermission = sensor.getRequiredPermission();
1838
1839 // Runtime permissions can't use the cache as they may change.
1840 if (sensor.isRequiredPermissionRuntime()) {
1841 hasPermission = checkPermission(String16(requiredPermission),
1842 IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
1843 } else {
1844 hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
1845 }
1846 return hasPermission;
1847 }
1848
getTargetSdkVersion(const String16 & opPackageName)1849 int SensorService::getTargetSdkVersion(const String16& opPackageName) {
1850 Mutex::Autolock packageLock(sPackageTargetVersionLock);
1851 int targetSdkVersion = -1;
1852 auto entry = sPackageTargetVersion.find(opPackageName);
1853 if (entry != sPackageTargetVersion.end()) {
1854 targetSdkVersion = entry->second;
1855 } else {
1856 sp<IBinder> binder = defaultServiceManager()->getService(String16("package_native"));
1857 if (binder != nullptr) {
1858 sp<content::pm::IPackageManagerNative> packageManager =
1859 interface_cast<content::pm::IPackageManagerNative>(binder);
1860 if (packageManager != nullptr) {
1861 binder::Status status = packageManager->getTargetSdkVersionForPackage(
1862 opPackageName, &targetSdkVersion);
1863 if (!status.isOk()) {
1864 targetSdkVersion = -1;
1865 }
1866 }
1867 }
1868 sPackageTargetVersion[opPackageName] = targetSdkVersion;
1869 }
1870 return targetSdkVersion;
1871 }
1872
checkWakeLockState()1873 void SensorService::checkWakeLockState() {
1874 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1875 checkWakeLockStateLocked(&connLock);
1876 }
1877
checkWakeLockStateLocked(ConnectionSafeAutolock * connLock)1878 void SensorService::checkWakeLockStateLocked(ConnectionSafeAutolock* connLock) {
1879 if (!mWakeLockAcquired) {
1880 return;
1881 }
1882 bool releaseLock = true;
1883 for (const sp<SensorEventConnection>& connection : connLock->getActiveConnections()) {
1884 if (connection->needsWakeLock()) {
1885 releaseLock = false;
1886 break;
1887 }
1888 }
1889 if (releaseLock) {
1890 setWakeLockAcquiredLocked(false);
1891 }
1892 }
1893
sendEventsFromCache(const sp<SensorEventConnection> & connection)1894 void SensorService::sendEventsFromCache(const sp<SensorEventConnection>& connection) {
1895 Mutex::Autolock _l(mLock);
1896 connection->writeToSocketFromCache();
1897 if (connection->needsWakeLock()) {
1898 setWakeLockAcquiredLocked(true);
1899 }
1900 }
1901
isWhiteListedPackage(const String8 & packageName)1902 bool SensorService::isWhiteListedPackage(const String8& packageName) {
1903 return (packageName.contains(mWhiteListedPackage.string()));
1904 }
1905
isOperationRestrictedLocked(const String16 & opPackageName)1906 bool SensorService::isOperationRestrictedLocked(const String16& opPackageName) {
1907 if (mCurrentOperatingMode == RESTRICTED) {
1908 String8 package(opPackageName);
1909 return !isWhiteListedPackage(package);
1910 }
1911 return false;
1912 }
1913
registerSelf()1914 void SensorService::UidPolicy::registerSelf() {
1915 ActivityManager am;
1916 am.registerUidObserver(this, ActivityManager::UID_OBSERVER_GONE
1917 | ActivityManager::UID_OBSERVER_IDLE
1918 | ActivityManager::UID_OBSERVER_ACTIVE,
1919 ActivityManager::PROCESS_STATE_UNKNOWN,
1920 String16("android"));
1921 }
1922
unregisterSelf()1923 void SensorService::UidPolicy::unregisterSelf() {
1924 ActivityManager am;
1925 am.unregisterUidObserver(this);
1926 }
1927
onUidGone(__unused uid_t uid,__unused bool disabled)1928 void SensorService::UidPolicy::onUidGone(__unused uid_t uid, __unused bool disabled) {
1929 onUidIdle(uid, disabled);
1930 }
1931
onUidActive(uid_t uid)1932 void SensorService::UidPolicy::onUidActive(uid_t uid) {
1933 {
1934 Mutex::Autolock _l(mUidLock);
1935 mActiveUids.insert(uid);
1936 }
1937 sp<SensorService> service = mService.promote();
1938 if (service != nullptr) {
1939 service->onUidStateChanged(uid, UID_STATE_ACTIVE);
1940 }
1941 }
1942
onUidIdle(uid_t uid,__unused bool disabled)1943 void SensorService::UidPolicy::onUidIdle(uid_t uid, __unused bool disabled) {
1944 bool deleted = false;
1945 {
1946 Mutex::Autolock _l(mUidLock);
1947 if (mActiveUids.erase(uid) > 0) {
1948 deleted = true;
1949 }
1950 }
1951 if (deleted) {
1952 sp<SensorService> service = mService.promote();
1953 if (service != nullptr) {
1954 service->onUidStateChanged(uid, UID_STATE_IDLE);
1955 }
1956 }
1957 }
1958
addOverrideUid(uid_t uid,bool active)1959 void SensorService::UidPolicy::addOverrideUid(uid_t uid, bool active) {
1960 updateOverrideUid(uid, active, true);
1961 }
1962
removeOverrideUid(uid_t uid)1963 void SensorService::UidPolicy::removeOverrideUid(uid_t uid) {
1964 updateOverrideUid(uid, false, false);
1965 }
1966
updateOverrideUid(uid_t uid,bool active,bool insert)1967 void SensorService::UidPolicy::updateOverrideUid(uid_t uid, bool active, bool insert) {
1968 bool wasActive = false;
1969 bool isActive = false;
1970 {
1971 Mutex::Autolock _l(mUidLock);
1972 wasActive = isUidActiveLocked(uid);
1973 mOverrideUids.erase(uid);
1974 if (insert) {
1975 mOverrideUids.insert(std::pair<uid_t, bool>(uid, active));
1976 }
1977 isActive = isUidActiveLocked(uid);
1978 }
1979 if (wasActive != isActive) {
1980 sp<SensorService> service = mService.promote();
1981 if (service != nullptr) {
1982 service->onUidStateChanged(uid, isActive ? UID_STATE_ACTIVE : UID_STATE_IDLE);
1983 }
1984 }
1985 }
1986
isUidActive(uid_t uid)1987 bool SensorService::UidPolicy::isUidActive(uid_t uid) {
1988 // Non-app UIDs are considered always active
1989 if (uid < FIRST_APPLICATION_UID) {
1990 return true;
1991 }
1992 Mutex::Autolock _l(mUidLock);
1993 return isUidActiveLocked(uid);
1994 }
1995
isUidActiveLocked(uid_t uid)1996 bool SensorService::UidPolicy::isUidActiveLocked(uid_t uid) {
1997 // Non-app UIDs are considered always active
1998 if (uid < FIRST_APPLICATION_UID) {
1999 return true;
2000 }
2001 auto it = mOverrideUids.find(uid);
2002 if (it != mOverrideUids.end()) {
2003 return it->second;
2004 }
2005 return mActiveUids.find(uid) != mActiveUids.end();
2006 }
2007
isUidActive(uid_t uid)2008 bool SensorService::isUidActive(uid_t uid) {
2009 return mUidPolicy->isUidActive(uid);
2010 }
2011
registerSelf()2012 void SensorService::SensorPrivacyPolicy::registerSelf() {
2013 SensorPrivacyManager spm;
2014 mSensorPrivacyEnabled = spm.isSensorPrivacyEnabled();
2015 spm.addSensorPrivacyListener(this);
2016 }
2017
unregisterSelf()2018 void SensorService::SensorPrivacyPolicy::unregisterSelf() {
2019 SensorPrivacyManager spm;
2020 spm.removeSensorPrivacyListener(this);
2021 }
2022
isSensorPrivacyEnabled()2023 bool SensorService::SensorPrivacyPolicy::isSensorPrivacyEnabled() {
2024 return mSensorPrivacyEnabled;
2025 }
2026
onSensorPrivacyChanged(bool enabled)2027 binder::Status SensorService::SensorPrivacyPolicy::onSensorPrivacyChanged(bool enabled) {
2028 mSensorPrivacyEnabled = enabled;
2029 sp<SensorService> service = mService.promote();
2030 if (service != nullptr) {
2031 if (enabled) {
2032 service->disableAllSensors();
2033 } else {
2034 service->enableAllSensors();
2035 }
2036 }
2037 return binder::Status::ok();
2038 }
2039
ConnectionSafeAutolock(SensorService::SensorConnectionHolder & holder,Mutex & mutex)2040 SensorService::ConnectionSafeAutolock::ConnectionSafeAutolock(
2041 SensorService::SensorConnectionHolder& holder, Mutex& mutex)
2042 : mConnectionHolder(holder), mAutolock(mutex) {}
2043
2044 template<typename ConnectionType>
getConnectionsHelper(const SortedVector<wp<ConnectionType>> & connectionList,std::vector<std::vector<sp<ConnectionType>>> * referenceHolder)2045 const std::vector<sp<ConnectionType>>& SensorService::ConnectionSafeAutolock::getConnectionsHelper(
2046 const SortedVector<wp<ConnectionType>>& connectionList,
2047 std::vector<std::vector<sp<ConnectionType>>>* referenceHolder) {
2048 referenceHolder->emplace_back();
2049 std::vector<sp<ConnectionType>>& connections = referenceHolder->back();
2050 for (const wp<ConnectionType>& weakConnection : connectionList){
2051 sp<ConnectionType> connection = weakConnection.promote();
2052 if (connection != nullptr) {
2053 connections.push_back(std::move(connection));
2054 }
2055 }
2056 return connections;
2057 }
2058
2059 const std::vector<sp<SensorService::SensorEventConnection>>&
getActiveConnections()2060 SensorService::ConnectionSafeAutolock::getActiveConnections() {
2061 return getConnectionsHelper(mConnectionHolder.mActiveConnections,
2062 &mReferencedActiveConnections);
2063 }
2064
2065 const std::vector<sp<SensorService::SensorDirectConnection>>&
getDirectConnections()2066 SensorService::ConnectionSafeAutolock::getDirectConnections() {
2067 return getConnectionsHelper(mConnectionHolder.mDirectConnections,
2068 &mReferencedDirectConnections);
2069 }
2070
addEventConnectionIfNotPresent(const sp<SensorService::SensorEventConnection> & connection)2071 void SensorService::SensorConnectionHolder::addEventConnectionIfNotPresent(
2072 const sp<SensorService::SensorEventConnection>& connection) {
2073 if (mActiveConnections.indexOf(connection) < 0) {
2074 mActiveConnections.add(connection);
2075 }
2076 }
2077
removeEventConnection(const wp<SensorService::SensorEventConnection> & connection)2078 void SensorService::SensorConnectionHolder::removeEventConnection(
2079 const wp<SensorService::SensorEventConnection>& connection) {
2080 mActiveConnections.remove(connection);
2081 }
2082
addDirectConnection(const sp<SensorService::SensorDirectConnection> & connection)2083 void SensorService::SensorConnectionHolder::addDirectConnection(
2084 const sp<SensorService::SensorDirectConnection>& connection) {
2085 mDirectConnections.add(connection);
2086 }
2087
removeDirectConnection(const wp<SensorService::SensorDirectConnection> & connection)2088 void SensorService::SensorConnectionHolder::removeDirectConnection(
2089 const wp<SensorService::SensorDirectConnection>& connection) {
2090 mDirectConnections.remove(connection);
2091 }
2092
lock(Mutex & mutex)2093 SensorService::ConnectionSafeAutolock SensorService::SensorConnectionHolder::lock(Mutex& mutex) {
2094 return ConnectionSafeAutolock(*this, mutex);
2095 }
2096
2097 } // namespace android
2098