1 /*
2  * Copyright (C) 2010 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #pragma GCC system_header
20 
21 /**
22  * Native input transport.
23  *
24  * The InputChannel provides a mechanism for exchanging InputMessage structures across processes.
25  *
26  * The InputPublisher and InputConsumer each handle one end-point of an input channel.
27  * The InputPublisher is used by the input dispatcher to send events to the application.
28  * The InputConsumer is used by the application to receive events from the input dispatcher.
29  */
30 
31 #include <string>
32 #include <unordered_map>
33 
34 #include <android-base/chrono_utils.h>
35 #include <android-base/result.h>
36 #include <android-base/unique_fd.h>
37 
38 #include <android/os/InputChannelCore.h>
39 #include <binder/IBinder.h>
40 #include <input/Input.h>
41 #include <input/InputVerifier.h>
42 #include <sys/stat.h>
43 #include <ui/Transform.h>
44 #include <utils/BitSet.h>
45 #include <utils/Errors.h>
46 #include <utils/Timers.h>
47 
48 namespace android {
49 class Parcel;
50 
51 /*
52  * Intermediate representation used to send input events and related signals.
53  *
54  * Note that this structure is used for IPCs so its layout must be identical
55  * on 64 and 32 bit processes. This is tested in StructLayout_test.cpp.
56  *
57  * Since the struct must be aligned to an 8-byte boundary, there could be uninitialized bytes
58  * in-between the defined fields. This padding data should be explicitly accounted for by adding
59  * "empty" fields into the struct. This data is memset to zero before sending the struct across
60  * the socket. Adding the explicit fields ensures that the memset is not optimized away by the
61  * compiler. When a new field is added to the struct, the corresponding change
62  * in StructLayout_test should be made.
63  */
64 struct InputMessage {
65     enum class Type : uint32_t {
66         KEY,
67         MOTION,
68         FINISHED,
69         FOCUS,
70         CAPTURE,
71         DRAG,
72         TIMELINE,
73         TOUCH_MODE,
74 
75         ftl_last = TOUCH_MODE
76     };
77 
78     struct Header {
79         Type type; // 4 bytes
80         uint32_t seq;
81     } header;
82 
83     // For keys and motions, rely on the fact that std::array takes up exactly as much space
84     // as the underlying data. This is not guaranteed by C++, but it simplifies the conversions.
85     static_assert(sizeof(std::array<uint8_t, 32>) == 32);
86 
87     // For bool values, rely on the fact that they take up exactly one byte. This is not guaranteed
88     // by C++ and is implementation-dependent, but it simplifies the conversions.
89     static_assert(sizeof(bool) == 1);
90 
91     // Body *must* be 8 byte aligned.
92     union Body {
93         struct Key {
94             int32_t eventId;
95             uint32_t empty1;
96             nsecs_t eventTime __attribute__((aligned(8)));
97             int32_t deviceId;
98             int32_t source;
99             int32_t displayId;
100             std::array<uint8_t, 32> hmac;
101             int32_t action;
102             int32_t flags;
103             int32_t keyCode;
104             int32_t scanCode;
105             int32_t metaState;
106             int32_t repeatCount;
107             uint32_t empty2;
108             nsecs_t downTime __attribute__((aligned(8)));
109 
sizeInputMessage::Body::Key110             inline size_t size() const { return sizeof(Key); }
111         } key;
112 
113         struct Motion {
114             int32_t eventId;
115             uint32_t pointerCount;
116             nsecs_t eventTime __attribute__((aligned(8)));
117             int32_t deviceId;
118             int32_t source;
119             int32_t displayId;
120             std::array<uint8_t, 32> hmac;
121             int32_t action;
122             int32_t actionButton;
123             int32_t flags;
124             int32_t metaState;
125             int32_t buttonState;
126             MotionClassification classification; // base type: uint8_t
127             uint8_t empty2[3];                   // 3 bytes to fill gap created by classification
128             int32_t edgeFlags;
129             nsecs_t downTime __attribute__((aligned(8)));
130             float dsdx; // Begin window transform
131             float dtdx; //
132             float dtdy; //
133             float dsdy; //
134             float tx;   //
135             float ty;   // End window transform
136             float xPrecision;
137             float yPrecision;
138             float xCursorPosition;
139             float yCursorPosition;
140             float dsdxRaw; // Begin raw transform
141             float dtdxRaw; //
142             float dtdyRaw; //
143             float dsdyRaw; //
144             float txRaw;   //
145             float tyRaw;   // End raw transform
146             /**
147              * The "pointers" field must be the last field of the struct InputMessage.
148              * When we send the struct InputMessage across the socket, we are not
149              * writing the entire "pointers" array, but only the pointerCount portion
150              * of it as an optimization. Adding a field after "pointers" would break this.
151              */
152             struct Pointer {
153                 PointerProperties properties;
154                 PointerCoords coords;
155             } pointers[MAX_POINTERS] __attribute__((aligned(8)));
156 
getActionIdInputMessage::Body::Motion157             int32_t getActionId() const {
158                 uint32_t index = (action & AMOTION_EVENT_ACTION_POINTER_INDEX_MASK)
159                         >> AMOTION_EVENT_ACTION_POINTER_INDEX_SHIFT;
160                 return pointers[index].properties.id;
161             }
162 
sizeInputMessage::Body::Motion163             inline size_t size() const {
164                 return sizeof(Motion) - sizeof(Pointer) * MAX_POINTERS
165                         + sizeof(Pointer) * pointerCount;
166             }
167         } motion;
168 
169         struct Finished {
170             bool handled;
171             uint8_t empty[7];
172             nsecs_t consumeTime; // The time when the event was consumed by the receiving end
173 
sizeInputMessage::Body::Finished174             inline size_t size() const { return sizeof(Finished); }
175         } finished;
176 
177         struct Focus {
178             int32_t eventId;
179             // The following 2 fields take up 4 bytes total
180             bool hasFocus;
181             uint8_t empty[3];
182 
sizeInputMessage::Body::Focus183             inline size_t size() const { return sizeof(Focus); }
184         } focus;
185 
186         struct Capture {
187             int32_t eventId;
188             bool pointerCaptureEnabled;
189             uint8_t empty[3];
190 
sizeInputMessage::Body::Capture191             inline size_t size() const { return sizeof(Capture); }
192         } capture;
193 
194         struct Drag {
195             int32_t eventId;
196             float x;
197             float y;
198             bool isExiting;
199             uint8_t empty[3];
200 
sizeInputMessage::Body::Drag201             inline size_t size() const { return sizeof(Drag); }
202         } drag;
203 
204         struct Timeline {
205             int32_t eventId;
206             uint32_t empty;
207             std::array<nsecs_t, GraphicsTimeline::SIZE> graphicsTimeline;
208 
sizeInputMessage::Body::Timeline209             inline size_t size() const { return sizeof(Timeline); }
210         } timeline;
211 
212         struct TouchMode {
213             int32_t eventId;
214             // The following 2 fields take up 4 bytes total
215             bool isInTouchMode;
216             uint8_t empty[3];
217 
sizeInputMessage::Body::TouchMode218             inline size_t size() const { return sizeof(TouchMode); }
219         } touchMode;
220     } __attribute__((aligned(8))) body;
221 
222     bool isValid(size_t actualSize) const;
223     size_t size() const;
224     void getSanitizedCopy(InputMessage* msg) const;
225 };
226 
227 /*
228  * An input channel consists of a local unix domain socket used to send and receive
229  * input messages across processes.  Each channel has a descriptive name for debugging purposes.
230  *
231  * Each endpoint has its own InputChannel object that specifies its file descriptor.
232  * For parceling, this relies on android::os::InputChannelCore, defined in aidl.
233  *
234  * The input channel is closed when all references to it are released.
235  */
236 class InputChannel : private android::os::InputChannelCore {
237 public:
238     static std::unique_ptr<InputChannel> create(android::os::InputChannelCore&& parceledChannel);
239     ~InputChannel();
240 
241     /**
242      * Create a pair of input channels.
243      * The two returned input channels are equivalent, and are labeled as "server" and "client"
244      * for convenience. The two input channels share the same token.
245      *
246      * Return OK on success.
247      */
248     static status_t openInputChannelPair(const std::string& name,
249                                          std::unique_ptr<InputChannel>& outServerChannel,
250                                          std::unique_ptr<InputChannel>& outClientChannel);
251 
getName()252     inline std::string getName() const { return name; }
getFd()253     inline int getFd() const { return fd.get(); }
254 
255     /* Send a message to the other endpoint.
256      *
257      * If the channel is full then the message is guaranteed not to have been sent at all.
258      * Try again after the consumer has sent a finished signal indicating that it has
259      * consumed some of the pending messages from the channel.
260      *
261      * Return OK on success.
262      * Return WOULD_BLOCK if the channel is full.
263      * Return DEAD_OBJECT if the channel's peer has been closed.
264      * Other errors probably indicate that the channel is broken.
265      */
266     status_t sendMessage(const InputMessage* msg);
267 
268     /* Receive a message sent by the other endpoint.
269      *
270      * If there is no message present, try again after poll() indicates that the fd
271      * is readable.
272      *
273      * Return OK on success.
274      * Return WOULD_BLOCK if there is no message present.
275      * Return DEAD_OBJECT if the channel's peer has been closed.
276      * Other errors probably indicate that the channel is broken.
277      */
278     status_t receiveMessage(InputMessage* msg);
279 
280     /* Tells whether there is a message in the channel available to be received.
281      *
282      * This is only a performance hint and may return false negative results. Clients should not
283      * rely on availability of the message based on the return value.
284      */
285     bool probablyHasInput() const;
286 
287     /* Wait until there is a message in the channel.
288      *
289      * The |timeout| specifies how long to block waiting for an input event to appear. Negative
290      * values are not allowed.
291      *
292      * In some cases returning before timeout expiration can happen without a message available.
293      * This could happen after the channel was closed on the other side. Another possible reason
294      * is incorrect setup of the channel.
295      */
296     void waitForMessage(std::chrono::milliseconds timeout) const;
297 
298     /* Return a new object that has a duplicate of this channel's fd. */
299     std::unique_ptr<InputChannel> dup() const;
300 
301     void copyTo(android::os::InputChannelCore& outChannel) const;
302 
303     /**
304      * Similar to "copyTo", but it takes ownership of the provided InputChannel (and after this is
305      * called, it destroys it).
306      * @param from the InputChannel that should be converted to InputChannelCore
307      * @param outChannel the pre-allocated InputChannelCore to which to transfer the 'from' channel
308      */
309     static void moveChannel(std::unique_ptr<InputChannel> from,
310                             android::os::InputChannelCore& outChannel);
311 
312     /**
313      * The connection token is used to identify the input connection, i.e.
314      * the pair of input channels that were created simultaneously. Input channels
315      * are always created in pairs, and the token can be used to find the server-side
316      * input channel from the client-side input channel, and vice versa.
317      *
318      * Do not use connection token to check equality of a specific input channel object
319      * to another, because two different (client and server) input channels will share the
320      * same connection token.
321      *
322      * Return the token that identifies this connection.
323      */
324     sp<IBinder> getConnectionToken() const;
325 
326 private:
327     static std::unique_ptr<InputChannel> create(const std::string& name,
328                                                 android::base::unique_fd fd, sp<IBinder> token);
329 
330     InputChannel(const std::string name, android::base::unique_fd fd, sp<IBinder> token);
331 };
332 
333 /*
334  * Publishes input events to an input channel.
335  */
336 class InputPublisher {
337 public:
338     /* Creates a publisher associated with an input channel. */
339     explicit InputPublisher(const std::shared_ptr<InputChannel>& channel);
340 
341     /* Destroys the publisher and releases its input channel. */
342     ~InputPublisher();
343 
344     /* Gets the underlying input channel. */
getChannel()345     inline InputChannel& getChannel() const { return *mChannel; }
346 
347     /* Publishes a key event to the input channel.
348      *
349      * Returns OK on success.
350      * Returns WOULD_BLOCK if the channel is full.
351      * Returns DEAD_OBJECT if the channel's peer has been closed.
352      * Returns BAD_VALUE if seq is 0.
353      * Other errors probably indicate that the channel is broken.
354      */
355     status_t publishKeyEvent(uint32_t seq, int32_t eventId, int32_t deviceId, int32_t source,
356                              ui::LogicalDisplayId displayId, std::array<uint8_t, 32> hmac,
357                              int32_t action, int32_t flags, int32_t keyCode, int32_t scanCode,
358                              int32_t metaState, int32_t repeatCount, nsecs_t downTime,
359                              nsecs_t eventTime);
360 
361     /* Publishes a motion event to the input channel.
362      *
363      * Returns OK on success.
364      * Returns WOULD_BLOCK if the channel is full.
365      * Returns DEAD_OBJECT if the channel's peer has been closed.
366      * Returns BAD_VALUE if seq is 0 or if pointerCount is less than 1 or greater than MAX_POINTERS.
367      * Other errors probably indicate that the channel is broken.
368      */
369     status_t publishMotionEvent(uint32_t seq, int32_t eventId, int32_t deviceId, int32_t source,
370                                 ui::LogicalDisplayId displayId, std::array<uint8_t, 32> hmac,
371                                 int32_t action, int32_t actionButton, int32_t flags,
372                                 int32_t edgeFlags, int32_t metaState, int32_t buttonState,
373                                 MotionClassification classification, const ui::Transform& transform,
374                                 float xPrecision, float yPrecision, float xCursorPosition,
375                                 float yCursorPosition, const ui::Transform& rawTransform,
376                                 nsecs_t downTime, nsecs_t eventTime, uint32_t pointerCount,
377                                 const PointerProperties* pointerProperties,
378                                 const PointerCoords* pointerCoords);
379 
380     /* Publishes a focus event to the input channel.
381      *
382      * Returns OK on success.
383      * Returns WOULD_BLOCK if the channel is full.
384      * Returns DEAD_OBJECT if the channel's peer has been closed.
385      * Other errors probably indicate that the channel is broken.
386      */
387     status_t publishFocusEvent(uint32_t seq, int32_t eventId, bool hasFocus);
388 
389     /* Publishes a capture event to the input channel.
390      *
391      * Returns OK on success.
392      * Returns WOULD_BLOCK if the channel is full.
393      * Returns DEAD_OBJECT if the channel's peer has been closed.
394      * Other errors probably indicate that the channel is broken.
395      */
396     status_t publishCaptureEvent(uint32_t seq, int32_t eventId, bool pointerCaptureEnabled);
397 
398     /* Publishes a drag event to the input channel.
399      *
400      * Returns OK on success.
401      * Returns WOULD_BLOCK if the channel is full.
402      * Returns DEAD_OBJECT if the channel's peer has been closed.
403      * Other errors probably indicate that the channel is broken.
404      */
405     status_t publishDragEvent(uint32_t seq, int32_t eventId, float x, float y, bool isExiting);
406 
407     /* Publishes a touch mode event to the input channel.
408      *
409      * Returns OK on success.
410      * Returns WOULD_BLOCK if the channel is full.
411      * Returns DEAD_OBJECT if the channel's peer has been closed.
412      * Other errors probably indicate that the channel is broken.
413      */
414     status_t publishTouchModeEvent(uint32_t seq, int32_t eventId, bool isInTouchMode);
415 
416     struct Finished {
417         uint32_t seq;
418         bool handled;
419         nsecs_t consumeTime;
420     };
421 
422     struct Timeline {
423         int32_t inputEventId;
424         std::array<nsecs_t, GraphicsTimeline::SIZE> graphicsTimeline;
425     };
426 
427     typedef std::variant<Finished, Timeline> ConsumerResponse;
428     /* Receive a signal from the consumer in reply to the original dispatch signal.
429      * If a signal was received, returns a Finished or a Timeline object.
430      * The InputConsumer should return a Finished object for every InputMessage that it is sent
431      * to confirm that it has been processed and that the InputConsumer is responsive.
432      * If several InputMessages are sent to InputConsumer, it's possible to receive Finished
433      * events out of order for those messages.
434      *
435      * The Timeline object is returned whenever the receiving end has processed a graphical frame
436      * and is returning the timeline of the frame. Not all input events will cause a Timeline
437      * object to be returned, and there is not guarantee about when it will arrive.
438      *
439      * If an object of Finished is returned, the returned sequence number is never 0 unless the
440      * operation failed.
441      *
442      * Returned error codes:
443      *         OK on success.
444      *         WOULD_BLOCK if there is no signal present.
445      *         DEAD_OBJECT if the channel's peer has been closed.
446      *         Other errors probably indicate that the channel is broken.
447      */
448     android::base::Result<ConsumerResponse> receiveConsumerResponse();
449 
450 private:
451     std::shared_ptr<InputChannel> mChannel;
452     InputVerifier mInputVerifier;
453 };
454 
455 } // namespace android
456