1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <cutils/properties.h>
18
19 #include <binder/AppOpsManager.h>
20 #include <binder/BinderService.h>
21 #include <binder/IServiceManager.h>
22 #include <binder/PermissionCache.h>
23
24 #include <gui/SensorEventQueue.h>
25
26 #include <hardware/sensors.h>
27 #include <hardware_legacy/power.h>
28
29 #include <openssl/digest.h>
30 #include <openssl/hmac.h>
31 #include <openssl/rand.h>
32
33 #include "BatteryService.h"
34 #include "CorrectedGyroSensor.h"
35 #include "GravitySensor.h"
36 #include "LinearAccelerationSensor.h"
37 #include "OrientationSensor.h"
38 #include "RotationVectorSensor.h"
39 #include "SensorFusion.h"
40 #include "SensorInterface.h"
41
42 #include "SensorService.h"
43 #include "SensorEventAckReceiver.h"
44 #include "SensorEventConnection.h"
45 #include "SensorRecord.h"
46 #include "SensorRegistrationInfo.h"
47
48 #include <inttypes.h>
49 #include <math.h>
50 #include <stdint.h>
51 #include <sys/socket.h>
52 #include <sys/stat.h>
53 #include <sys/types.h>
54 #include <unistd.h>
55
56 namespace android {
57 // ---------------------------------------------------------------------------
58
59 /*
60 * Notes:
61 *
62 * - what about a gyro-corrected magnetic-field sensor?
63 * - run mag sensor from time to time to force calibration
64 * - gravity sensor length is wrong (=> drift in linear-acc sensor)
65 *
66 */
67
68 const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
69 uint8_t SensorService::sHmacGlobalKey[128] = {};
70 bool SensorService::sHmacGlobalKeyIsValid = false;
71
72 #define SENSOR_SERVICE_DIR "/data/system/sensor_service"
73 #define SENSOR_SERVICE_HMAC_KEY_FILE SENSOR_SERVICE_DIR "/hmac_key"
74
75 // Permissions.
76 static const String16 sDump("android.permission.DUMP");
77
SensorService()78 SensorService::SensorService()
79 : mInitCheck(NO_INIT), mSocketBufferSize(SOCKET_BUFFER_SIZE_NON_BATCHED),
80 mWakeLockAcquired(false) {
81 }
82
initializeHmacKey()83 bool SensorService::initializeHmacKey() {
84 int fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_RDONLY|O_CLOEXEC);
85 if (fd != -1) {
86 int result = read(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
87 close(fd);
88 if (result == sizeof(sHmacGlobalKey)) {
89 return true;
90 }
91 ALOGW("Unable to read HMAC key; generating new one.");
92 }
93
94 if (RAND_bytes(sHmacGlobalKey, sizeof(sHmacGlobalKey)) == -1) {
95 ALOGW("Can't generate HMAC key; dynamic sensor getId() will be wrong.");
96 return false;
97 }
98
99 // We need to make sure this is only readable to us.
100 bool wroteKey = false;
101 mkdir(SENSOR_SERVICE_DIR, S_IRWXU);
102 fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC,
103 S_IRUSR|S_IWUSR);
104 if (fd != -1) {
105 int result = write(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
106 close(fd);
107 wroteKey = (result == sizeof(sHmacGlobalKey));
108 }
109 if (wroteKey) {
110 ALOGI("Generated new HMAC key.");
111 } else {
112 ALOGW("Unable to write HMAC key; dynamic sensor getId() will change "
113 "after reboot.");
114 }
115 // Even if we failed to write the key we return true, because we did
116 // initialize the HMAC key.
117 return true;
118 }
119
onFirstRef()120 void SensorService::onFirstRef() {
121 ALOGD("nuSensorService starting...");
122 SensorDevice& dev(SensorDevice::getInstance());
123
124 sHmacGlobalKeyIsValid = initializeHmacKey();
125
126 if (dev.initCheck() == NO_ERROR) {
127 sensor_t const* list;
128 ssize_t count = dev.getSensorList(&list);
129 if (count > 0) {
130 ssize_t orientationIndex = -1;
131 bool hasGyro = false, hasAccel = false, hasMag = false;
132 uint32_t virtualSensorsNeeds =
133 (1<<SENSOR_TYPE_GRAVITY) |
134 (1<<SENSOR_TYPE_LINEAR_ACCELERATION) |
135 (1<<SENSOR_TYPE_ROTATION_VECTOR) |
136 (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR) |
137 (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR);
138
139 for (ssize_t i=0 ; i<count ; i++) {
140 bool useThisSensor=true;
141
142 switch (list[i].type) {
143 case SENSOR_TYPE_ACCELEROMETER:
144 hasAccel = true;
145 break;
146 case SENSOR_TYPE_MAGNETIC_FIELD:
147 hasMag = true;
148 break;
149 case SENSOR_TYPE_ORIENTATION:
150 orientationIndex = i;
151 break;
152 case SENSOR_TYPE_GYROSCOPE:
153 case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
154 hasGyro = true;
155 break;
156 case SENSOR_TYPE_GRAVITY:
157 case SENSOR_TYPE_LINEAR_ACCELERATION:
158 case SENSOR_TYPE_ROTATION_VECTOR:
159 case SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR:
160 case SENSOR_TYPE_GAME_ROTATION_VECTOR:
161 if (IGNORE_HARDWARE_FUSION) {
162 useThisSensor = false;
163 } else {
164 virtualSensorsNeeds &= ~(1<<list[i].type);
165 }
166 break;
167 }
168 if (useThisSensor) {
169 registerSensor( new HardwareSensor(list[i]) );
170 }
171 }
172
173 // it's safe to instantiate the SensorFusion object here
174 // (it wants to be instantiated after h/w sensors have been
175 // registered)
176 SensorFusion::getInstance();
177
178 if (hasGyro && hasAccel && hasMag) {
179 // Add Android virtual sensors if they're not already
180 // available in the HAL
181 bool needRotationVector =
182 (virtualSensorsNeeds & (1<<SENSOR_TYPE_ROTATION_VECTOR)) != 0;
183
184 registerSensor(new RotationVectorSensor(), !needRotationVector, true);
185 registerSensor(new OrientationSensor(), !needRotationVector, true);
186
187 bool needLinearAcceleration =
188 (virtualSensorsNeeds & (1<<SENSOR_TYPE_LINEAR_ACCELERATION)) != 0;
189
190 registerSensor(new LinearAccelerationSensor(list, count),
191 !needLinearAcceleration, true);
192
193 // virtual debugging sensors are not for user
194 registerSensor( new CorrectedGyroSensor(list, count), true, true);
195 registerSensor( new GyroDriftSensor(), true, true);
196 }
197
198 if (hasAccel && hasGyro) {
199 bool needGravitySensor = (virtualSensorsNeeds & (1<<SENSOR_TYPE_GRAVITY)) != 0;
200 registerSensor(new GravitySensor(list, count), !needGravitySensor, true);
201
202 bool needGameRotationVector =
203 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR)) != 0;
204 registerSensor(new GameRotationVectorSensor(), !needGameRotationVector, true);
205 }
206
207 if (hasAccel && hasMag) {
208 bool needGeoMagRotationVector =
209 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR)) != 0;
210 registerSensor(new GeoMagRotationVectorSensor(), !needGeoMagRotationVector, true);
211 }
212
213 // Check if the device really supports batching by looking at the FIFO event
214 // counts for each sensor.
215 bool batchingSupported = false;
216 mSensors.forEachSensor(
217 [&batchingSupported] (const Sensor& s) -> bool {
218 if (s.getFifoMaxEventCount() > 0) {
219 batchingSupported = true;
220 }
221 return !batchingSupported;
222 });
223
224 if (batchingSupported) {
225 // Increase socket buffer size to a max of 100 KB for batching capabilities.
226 mSocketBufferSize = MAX_SOCKET_BUFFER_SIZE_BATCHED;
227 } else {
228 mSocketBufferSize = SOCKET_BUFFER_SIZE_NON_BATCHED;
229 }
230
231 // Compare the socketBufferSize value against the system limits and limit
232 // it to maxSystemSocketBufferSize if necessary.
233 FILE *fp = fopen("/proc/sys/net/core/wmem_max", "r");
234 char line[128];
235 if (fp != NULL && fgets(line, sizeof(line), fp) != NULL) {
236 line[sizeof(line) - 1] = '\0';
237 size_t maxSystemSocketBufferSize;
238 sscanf(line, "%zu", &maxSystemSocketBufferSize);
239 if (mSocketBufferSize > maxSystemSocketBufferSize) {
240 mSocketBufferSize = maxSystemSocketBufferSize;
241 }
242 }
243 if (fp) {
244 fclose(fp);
245 }
246
247 mWakeLockAcquired = false;
248 mLooper = new Looper(false);
249 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
250 mSensorEventBuffer = new sensors_event_t[minBufferSize];
251 mSensorEventScratch = new sensors_event_t[minBufferSize];
252 mMapFlushEventsToConnections = new SensorEventConnection const * [minBufferSize];
253 mCurrentOperatingMode = NORMAL;
254
255 mNextSensorRegIndex = 0;
256 for (int i = 0; i < SENSOR_REGISTRATIONS_BUF_SIZE; ++i) {
257 mLastNSensorRegistrations.push();
258 }
259
260 mInitCheck = NO_ERROR;
261 mAckReceiver = new SensorEventAckReceiver(this);
262 mAckReceiver->run("SensorEventAckReceiver", PRIORITY_URGENT_DISPLAY);
263 run("SensorService", PRIORITY_URGENT_DISPLAY);
264 }
265 }
266 }
267
registerSensor(SensorInterface * s,bool isDebug,bool isVirtual)268 const Sensor& SensorService::registerSensor(SensorInterface* s, bool isDebug, bool isVirtual) {
269 int handle = s->getSensor().getHandle();
270 int type = s->getSensor().getType();
271 if (mSensors.add(handle, s, isDebug, isVirtual)){
272 mRecentEvent.emplace(handle, new RecentEventLogger(type));
273 return s->getSensor();
274 } else {
275 return mSensors.getNonSensor();
276 }
277 }
278
registerDynamicSensorLocked(SensorInterface * s,bool isDebug)279 const Sensor& SensorService::registerDynamicSensorLocked(SensorInterface* s, bool isDebug) {
280 return registerSensor(s, isDebug);
281 }
282
unregisterDynamicSensorLocked(int handle)283 bool SensorService::unregisterDynamicSensorLocked(int handle) {
284 bool ret = mSensors.remove(handle);
285
286 const auto i = mRecentEvent.find(handle);
287 if (i != mRecentEvent.end()) {
288 delete i->second;
289 mRecentEvent.erase(i);
290 }
291 return ret;
292 }
293
registerVirtualSensor(SensorInterface * s,bool isDebug)294 const Sensor& SensorService::registerVirtualSensor(SensorInterface* s, bool isDebug) {
295 return registerSensor(s, isDebug, true);
296 }
297
~SensorService()298 SensorService::~SensorService() {
299 for (auto && entry : mRecentEvent) {
300 delete entry.second;
301 }
302 }
303
dump(int fd,const Vector<String16> & args)304 status_t SensorService::dump(int fd, const Vector<String16>& args) {
305 String8 result;
306 if (!PermissionCache::checkCallingPermission(sDump)) {
307 result.appendFormat("Permission Denial: can't dump SensorService from pid=%d, uid=%d\n",
308 IPCThreadState::self()->getCallingPid(),
309 IPCThreadState::self()->getCallingUid());
310 } else {
311 if (args.size() > 2) {
312 return INVALID_OPERATION;
313 }
314 Mutex::Autolock _l(mLock);
315 SensorDevice& dev(SensorDevice::getInstance());
316 if (args.size() == 2 && args[0] == String16("restrict")) {
317 // If already in restricted mode. Ignore.
318 if (mCurrentOperatingMode == RESTRICTED) {
319 return status_t(NO_ERROR);
320 }
321 // If in any mode other than normal, ignore.
322 if (mCurrentOperatingMode != NORMAL) {
323 return INVALID_OPERATION;
324 }
325 mCurrentOperatingMode = RESTRICTED;
326 dev.disableAllSensors();
327 // Clear all pending flush connections for all active sensors. If one of the active
328 // connections has called flush() and the underlying sensor has been disabled before a
329 // flush complete event is returned, we need to remove the connection from this queue.
330 for (size_t i=0 ; i< mActiveSensors.size(); ++i) {
331 mActiveSensors.valueAt(i)->clearAllPendingFlushConnections();
332 }
333 mWhiteListedPackage.setTo(String8(args[1]));
334 return status_t(NO_ERROR);
335 } else if (args.size() == 1 && args[0] == String16("enable")) {
336 // If currently in restricted mode, reset back to NORMAL mode else ignore.
337 if (mCurrentOperatingMode == RESTRICTED) {
338 mCurrentOperatingMode = NORMAL;
339 dev.enableAllSensors();
340 }
341 if (mCurrentOperatingMode == DATA_INJECTION) {
342 resetToNormalModeLocked();
343 }
344 mWhiteListedPackage.clear();
345 return status_t(NO_ERROR);
346 } else if (args.size() == 2 && args[0] == String16("data_injection")) {
347 if (mCurrentOperatingMode == NORMAL) {
348 dev.disableAllSensors();
349 status_t err = dev.setMode(DATA_INJECTION);
350 if (err == NO_ERROR) {
351 mCurrentOperatingMode = DATA_INJECTION;
352 } else {
353 // Re-enable sensors.
354 dev.enableAllSensors();
355 }
356 mWhiteListedPackage.setTo(String8(args[1]));
357 return NO_ERROR;
358 } else if (mCurrentOperatingMode == DATA_INJECTION) {
359 // Already in DATA_INJECTION mode. Treat this as a no_op.
360 return NO_ERROR;
361 } else {
362 // Transition to data injection mode supported only from NORMAL mode.
363 return INVALID_OPERATION;
364 }
365 } else if (!mSensors.hasAnySensor()) {
366 result.append("No Sensors on the device\n");
367 } else {
368 // Default dump the sensor list and debugging information.
369 //
370 result.append("Sensor Device:\n");
371 result.append(SensorDevice::getInstance().dump().c_str());
372
373 result.append("Sensor List:\n");
374 result.append(mSensors.dump().c_str());
375
376 result.append("Fusion States:\n");
377 SensorFusion::getInstance().dump(result);
378
379 result.append("Recent Sensor events:\n");
380 for (auto&& i : mRecentEvent) {
381 sp<SensorInterface> s = mSensors.getInterface(i.first);
382 if (!i.second->isEmpty() &&
383 s->getSensor().getRequiredPermission().isEmpty()) {
384 // if there is events and sensor does not need special permission.
385 result.appendFormat("%s: ", s->getSensor().getName().string());
386 result.append(i.second->dump().c_str());
387 }
388 }
389
390 result.append("Active sensors:\n");
391 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
392 int handle = mActiveSensors.keyAt(i);
393 result.appendFormat("%s (handle=0x%08x, connections=%zu)\n",
394 getSensorName(handle).string(),
395 handle,
396 mActiveSensors.valueAt(i)->getNumConnections());
397 }
398
399 result.appendFormat("Socket Buffer size = %zd events\n",
400 mSocketBufferSize/sizeof(sensors_event_t));
401 result.appendFormat("WakeLock Status: %s \n", mWakeLockAcquired ? "acquired" :
402 "not held");
403 result.appendFormat("Mode :");
404 switch(mCurrentOperatingMode) {
405 case NORMAL:
406 result.appendFormat(" NORMAL\n");
407 break;
408 case RESTRICTED:
409 result.appendFormat(" RESTRICTED : %s\n", mWhiteListedPackage.string());
410 break;
411 case DATA_INJECTION:
412 result.appendFormat(" DATA_INJECTION : %s\n", mWhiteListedPackage.string());
413 }
414 result.appendFormat("%zd active connections\n", mActiveConnections.size());
415
416 for (size_t i=0 ; i < mActiveConnections.size() ; i++) {
417 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
418 if (connection != 0) {
419 result.appendFormat("Connection Number: %zu \n", i);
420 connection->dump(result);
421 }
422 }
423
424 result.appendFormat("Previous Registrations:\n");
425 // Log in the reverse chronological order.
426 int currentIndex = (mNextSensorRegIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
427 SENSOR_REGISTRATIONS_BUF_SIZE;
428 const int startIndex = currentIndex;
429 do {
430 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[currentIndex];
431 if (SensorRegistrationInfo::isSentinel(reg_info)) {
432 // Ignore sentinel, proceed to next item.
433 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
434 SENSOR_REGISTRATIONS_BUF_SIZE;
435 continue;
436 }
437 if (reg_info.mActivated) {
438 result.appendFormat("%02d:%02d:%02d activated package=%s handle=0x%08x "
439 "samplingRate=%dus maxReportLatency=%dus\n",
440 reg_info.mHour, reg_info.mMin, reg_info.mSec,
441 reg_info.mPackageName.string(), reg_info.mSensorHandle,
442 reg_info.mSamplingRateUs, reg_info.mMaxReportLatencyUs);
443 } else {
444 result.appendFormat("%02d:%02d:%02d de-activated package=%s handle=0x%08x\n",
445 reg_info.mHour, reg_info.mMin, reg_info.mSec,
446 reg_info.mPackageName.string(), reg_info.mSensorHandle);
447 }
448 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
449 SENSOR_REGISTRATIONS_BUF_SIZE;
450 } while(startIndex != currentIndex);
451 }
452 }
453 write(fd, result.string(), result.size());
454 return NO_ERROR;
455 }
456
457 //TODO: move to SensorEventConnection later
cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection> & connection,sensors_event_t const * buffer,const int count)458 void SensorService::cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
459 sensors_event_t const* buffer, const int count) {
460 for (int i=0 ; i<count ; i++) {
461 int handle = buffer[i].sensor;
462 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
463 handle = buffer[i].meta_data.sensor;
464 }
465 if (connection->hasSensor(handle)) {
466 sp<SensorInterface> si = getSensorInterfaceFromHandle(handle);
467 // If this buffer has an event from a one_shot sensor and this connection is registered
468 // for this particular one_shot sensor, try cleaning up the connection.
469 if (si != nullptr &&
470 si->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
471 si->autoDisable(connection.get(), handle);
472 cleanupWithoutDisableLocked(connection, handle);
473 }
474
475 }
476 }
477 }
478
threadLoop()479 bool SensorService::threadLoop() {
480 ALOGD("nuSensorService thread starting...");
481
482 // each virtual sensor could generate an event per "real" event, that's why we need to size
483 // numEventMax much smaller than MAX_RECEIVE_BUFFER_EVENT_COUNT. in practice, this is too
484 // aggressive, but guaranteed to be enough.
485 const size_t vcount = mSensors.getVirtualSensors().size();
486 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
487 const size_t numEventMax = minBufferSize / (1 + vcount);
488
489 SensorDevice& device(SensorDevice::getInstance());
490
491 const int halVersion = device.getHalDeviceVersion();
492 do {
493 ssize_t count = device.poll(mSensorEventBuffer, numEventMax);
494 if (count < 0) {
495 ALOGE("sensor poll failed (%s)", strerror(-count));
496 break;
497 }
498
499 // Reset sensors_event_t.flags to zero for all events in the buffer.
500 for (int i = 0; i < count; i++) {
501 mSensorEventBuffer[i].flags = 0;
502 }
503
504 // Make a copy of the connection vector as some connections may be removed during the course
505 // of this loop (especially when one-shot sensor events are present in the sensor_event
506 // buffer). Promote all connections to StrongPointers before the lock is acquired. If the
507 // destructor of the sp gets called when the lock is acquired, it may result in a deadlock
508 // as ~SensorEventConnection() needs to acquire mLock again for cleanup. So copy all the
509 // strongPointers to a vector before the lock is acquired.
510 SortedVector< sp<SensorEventConnection> > activeConnections;
511 populateActiveConnections(&activeConnections);
512
513 Mutex::Autolock _l(mLock);
514 // Poll has returned. Hold a wakelock if one of the events is from a wake up sensor. The
515 // rest of this loop is under a critical section protected by mLock. Acquiring a wakeLock,
516 // sending events to clients (incrementing SensorEventConnection::mWakeLockRefCount) should
517 // not be interleaved with decrementing SensorEventConnection::mWakeLockRefCount and
518 // releasing the wakelock.
519 bool bufferHasWakeUpEvent = false;
520 for (int i = 0; i < count; i++) {
521 if (isWakeUpSensorEvent(mSensorEventBuffer[i])) {
522 bufferHasWakeUpEvent = true;
523 break;
524 }
525 }
526
527 if (bufferHasWakeUpEvent && !mWakeLockAcquired) {
528 setWakeLockAcquiredLocked(true);
529 }
530 recordLastValueLocked(mSensorEventBuffer, count);
531
532 // handle virtual sensors
533 if (count && vcount) {
534 sensors_event_t const * const event = mSensorEventBuffer;
535 if (!mActiveVirtualSensors.empty()) {
536 size_t k = 0;
537 SensorFusion& fusion(SensorFusion::getInstance());
538 if (fusion.isEnabled()) {
539 for (size_t i=0 ; i<size_t(count) ; i++) {
540 fusion.process(event[i]);
541 }
542 }
543 for (size_t i=0 ; i<size_t(count) && k<minBufferSize ; i++) {
544 for (int handle : mActiveVirtualSensors) {
545 if (count + k >= minBufferSize) {
546 ALOGE("buffer too small to hold all events: "
547 "count=%zd, k=%zu, size=%zu",
548 count, k, minBufferSize);
549 break;
550 }
551 sensors_event_t out;
552 sp<SensorInterface> si = mSensors.getInterface(handle);
553 if (si == nullptr) {
554 ALOGE("handle %d is not an valid virtual sensor", handle);
555 continue;
556 }
557
558 if (si->process(&out, event[i])) {
559 mSensorEventBuffer[count + k] = out;
560 k++;
561 }
562 }
563 }
564 if (k) {
565 // record the last synthesized values
566 recordLastValueLocked(&mSensorEventBuffer[count], k);
567 count += k;
568 // sort the buffer by time-stamps
569 sortEventBuffer(mSensorEventBuffer, count);
570 }
571 }
572 }
573
574 // handle backward compatibility for RotationVector sensor
575 if (halVersion < SENSORS_DEVICE_API_VERSION_1_0) {
576 for (int i = 0; i < count; i++) {
577 if (mSensorEventBuffer[i].type == SENSOR_TYPE_ROTATION_VECTOR) {
578 // All the 4 components of the quaternion should be available
579 // No heading accuracy. Set it to -1
580 mSensorEventBuffer[i].data[4] = -1;
581 }
582 }
583 }
584
585 for (int i = 0; i < count; ++i) {
586 // Map flush_complete_events in the buffer to SensorEventConnections which called flush
587 // on the hardware sensor. mapFlushEventsToConnections[i] will be the
588 // SensorEventConnection mapped to the corresponding flush_complete_event in
589 // mSensorEventBuffer[i] if such a mapping exists (NULL otherwise).
590 mMapFlushEventsToConnections[i] = NULL;
591 if (mSensorEventBuffer[i].type == SENSOR_TYPE_META_DATA) {
592 const int sensor_handle = mSensorEventBuffer[i].meta_data.sensor;
593 SensorRecord* rec = mActiveSensors.valueFor(sensor_handle);
594 if (rec != NULL) {
595 mMapFlushEventsToConnections[i] = rec->getFirstPendingFlushConnection();
596 rec->removeFirstPendingFlushConnection();
597 }
598 }
599
600 // handle dynamic sensor meta events, process registration and unregistration of dynamic
601 // sensor based on content of event.
602 if (mSensorEventBuffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META) {
603 if (mSensorEventBuffer[i].dynamic_sensor_meta.connected) {
604 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
605 const sensor_t& dynamicSensor =
606 *(mSensorEventBuffer[i].dynamic_sensor_meta.sensor);
607 ALOGI("Dynamic sensor handle 0x%x connected, type %d, name %s",
608 handle, dynamicSensor.type, dynamicSensor.name);
609
610 if (mSensors.isNewHandle(handle)) {
611 const auto& uuid = mSensorEventBuffer[i].dynamic_sensor_meta.uuid;
612 sensor_t s = dynamicSensor;
613 // make sure the dynamic sensor flag is set
614 s.flags |= DYNAMIC_SENSOR_MASK;
615 // force the handle to be consistent
616 s.handle = handle;
617
618 SensorInterface *si = new HardwareSensor(s, uuid);
619
620 // This will release hold on dynamic sensor meta, so it should be called
621 // after Sensor object is created.
622 device.handleDynamicSensorConnection(handle, true /*connected*/);
623 registerDynamicSensorLocked(si);
624 } else {
625 ALOGE("Handle %d has been used, cannot use again before reboot.", handle);
626 }
627 } else {
628 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
629 ALOGI("Dynamic sensor handle 0x%x disconnected", handle);
630
631 device.handleDynamicSensorConnection(handle, false /*connected*/);
632 if (!unregisterDynamicSensorLocked(handle)) {
633 ALOGE("Dynamic sensor release error.");
634 }
635
636 size_t numConnections = activeConnections.size();
637 for (size_t i=0 ; i < numConnections; ++i) {
638 if (activeConnections[i] != NULL) {
639 activeConnections[i]->removeSensor(handle);
640 }
641 }
642 }
643 }
644 }
645
646
647 // Send our events to clients. Check the state of wake lock for each client and release the
648 // lock if none of the clients need it.
649 bool needsWakeLock = false;
650 size_t numConnections = activeConnections.size();
651 for (size_t i=0 ; i < numConnections; ++i) {
652 if (activeConnections[i] != 0) {
653 activeConnections[i]->sendEvents(mSensorEventBuffer, count, mSensorEventScratch,
654 mMapFlushEventsToConnections);
655 needsWakeLock |= activeConnections[i]->needsWakeLock();
656 // If the connection has one-shot sensors, it may be cleaned up after first trigger.
657 // Early check for one-shot sensors.
658 if (activeConnections[i]->hasOneShotSensors()) {
659 cleanupAutoDisabledSensorLocked(activeConnections[i], mSensorEventBuffer,
660 count);
661 }
662 }
663 }
664
665 if (mWakeLockAcquired && !needsWakeLock) {
666 setWakeLockAcquiredLocked(false);
667 }
668 } while (!Thread::exitPending());
669
670 ALOGW("Exiting SensorService::threadLoop => aborting...");
671 abort();
672 return false;
673 }
674
getLooper() const675 sp<Looper> SensorService::getLooper() const {
676 return mLooper;
677 }
678
resetAllWakeLockRefCounts()679 void SensorService::resetAllWakeLockRefCounts() {
680 SortedVector< sp<SensorEventConnection> > activeConnections;
681 populateActiveConnections(&activeConnections);
682 {
683 Mutex::Autolock _l(mLock);
684 for (size_t i=0 ; i < activeConnections.size(); ++i) {
685 if (activeConnections[i] != 0) {
686 activeConnections[i]->resetWakeLockRefCount();
687 }
688 }
689 setWakeLockAcquiredLocked(false);
690 }
691 }
692
setWakeLockAcquiredLocked(bool acquire)693 void SensorService::setWakeLockAcquiredLocked(bool acquire) {
694 if (acquire) {
695 if (!mWakeLockAcquired) {
696 acquire_wake_lock(PARTIAL_WAKE_LOCK, WAKE_LOCK_NAME);
697 mWakeLockAcquired = true;
698 }
699 mLooper->wake();
700 } else {
701 if (mWakeLockAcquired) {
702 release_wake_lock(WAKE_LOCK_NAME);
703 mWakeLockAcquired = false;
704 }
705 }
706 }
707
isWakeLockAcquired()708 bool SensorService::isWakeLockAcquired() {
709 Mutex::Autolock _l(mLock);
710 return mWakeLockAcquired;
711 }
712
threadLoop()713 bool SensorService::SensorEventAckReceiver::threadLoop() {
714 ALOGD("new thread SensorEventAckReceiver");
715 sp<Looper> looper = mService->getLooper();
716 do {
717 bool wakeLockAcquired = mService->isWakeLockAcquired();
718 int timeout = -1;
719 if (wakeLockAcquired) timeout = 5000;
720 int ret = looper->pollOnce(timeout);
721 if (ret == ALOOPER_POLL_TIMEOUT) {
722 mService->resetAllWakeLockRefCounts();
723 }
724 } while(!Thread::exitPending());
725 return false;
726 }
727
recordLastValueLocked(const sensors_event_t * buffer,size_t count)728 void SensorService::recordLastValueLocked(
729 const sensors_event_t* buffer, size_t count) {
730 for (size_t i = 0; i < count; i++) {
731 if (buffer[i].type == SENSOR_TYPE_META_DATA ||
732 buffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META ||
733 buffer[i].type == SENSOR_TYPE_ADDITIONAL_INFO) {
734 continue;
735 }
736
737 auto logger = mRecentEvent.find(buffer[i].sensor);
738 if (logger != mRecentEvent.end()) {
739 logger->second->addEvent(buffer[i]);
740 }
741 }
742 }
743
sortEventBuffer(sensors_event_t * buffer,size_t count)744 void SensorService::sortEventBuffer(sensors_event_t* buffer, size_t count) {
745 struct compar {
746 static int cmp(void const* lhs, void const* rhs) {
747 sensors_event_t const* l = static_cast<sensors_event_t const*>(lhs);
748 sensors_event_t const* r = static_cast<sensors_event_t const*>(rhs);
749 return l->timestamp - r->timestamp;
750 }
751 };
752 qsort(buffer, count, sizeof(sensors_event_t), compar::cmp);
753 }
754
getSensorName(int handle) const755 String8 SensorService::getSensorName(int handle) const {
756 return mSensors.getName(handle);
757 }
758
isVirtualSensor(int handle) const759 bool SensorService::isVirtualSensor(int handle) const {
760 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
761 return sensor != nullptr && sensor->isVirtual();
762 }
763
isWakeUpSensorEvent(const sensors_event_t & event) const764 bool SensorService::isWakeUpSensorEvent(const sensors_event_t& event) const {
765 int handle = event.sensor;
766 if (event.type == SENSOR_TYPE_META_DATA) {
767 handle = event.meta_data.sensor;
768 }
769 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
770 return sensor != nullptr && sensor->getSensor().isWakeUpSensor();
771 }
772
getIdFromUuid(const Sensor::uuid_t & uuid) const773 int32_t SensorService::getIdFromUuid(const Sensor::uuid_t &uuid) const {
774 if ((uuid.i64[0] == 0) && (uuid.i64[1] == 0)) {
775 // UUID is not supported for this device.
776 return 0;
777 }
778 if ((uuid.i64[0] == INT64_C(~0)) && (uuid.i64[1] == INT64_C(~0))) {
779 // This sensor can be uniquely identified in the system by
780 // the combination of its type and name.
781 return -1;
782 }
783
784 // We have a dynamic sensor.
785
786 if (!sHmacGlobalKeyIsValid) {
787 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
788 ALOGW("HMAC key failure; dynamic sensor getId() will be wrong.");
789 return 0;
790 }
791
792 // We want each app author/publisher to get a different ID, so that the
793 // same dynamic sensor cannot be tracked across apps by multiple
794 // authors/publishers. So we use both our UUID and our User ID.
795 // Note potential confusion:
796 // UUID => Universally Unique Identifier.
797 // UID => User Identifier.
798 // We refrain from using "uid" except as needed by API to try to
799 // keep this distinction clear.
800
801 auto appUserId = IPCThreadState::self()->getCallingUid();
802 uint8_t uuidAndApp[sizeof(uuid) + sizeof(appUserId)];
803 memcpy(uuidAndApp, &uuid, sizeof(uuid));
804 memcpy(uuidAndApp + sizeof(uuid), &appUserId, sizeof(appUserId));
805
806 // Now we use our key on our UUID/app combo to get the hash.
807 uint8_t hash[EVP_MAX_MD_SIZE];
808 unsigned int hashLen;
809 if (HMAC(EVP_sha256(),
810 sHmacGlobalKey, sizeof(sHmacGlobalKey),
811 uuidAndApp, sizeof(uuidAndApp),
812 hash, &hashLen) == nullptr) {
813 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
814 ALOGW("HMAC failure; dynamic sensor getId() will be wrong.");
815 return 0;
816 }
817
818 int32_t id = 0;
819 if (hashLen < sizeof(id)) {
820 // We never expect this case, but out of paranoia, we handle it.
821 // Our 'id' length is already quite small, we don't want the
822 // effective length of it to be even smaller.
823 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
824 ALOGW("HMAC insufficient; dynamic sensor getId() will be wrong.");
825 return 0;
826 }
827
828 // This is almost certainly less than all of 'hash', but it's as secure
829 // as we can be with our current 'id' length.
830 memcpy(&id, hash, sizeof(id));
831
832 // Note at the beginning of the function that we return the values of
833 // 0 and -1 to represent special cases. As a result, we can't return
834 // those as dynamic sensor IDs. If we happened to hash to one of those
835 // values, we change 'id' so we report as a dynamic sensor, and not as
836 // one of those special cases.
837 if (id == -1) {
838 id = -2;
839 } else if (id == 0) {
840 id = 1;
841 }
842 return id;
843 }
844
makeUuidsIntoIdsForSensorList(Vector<Sensor> & sensorList) const845 void SensorService::makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const {
846 for (auto &sensor : sensorList) {
847 int32_t id = getIdFromUuid(sensor.getUuid());
848 sensor.setId(id);
849 }
850 }
851
getSensorList(const String16 & opPackageName)852 Vector<Sensor> SensorService::getSensorList(const String16& opPackageName) {
853 char value[PROPERTY_VALUE_MAX];
854 property_get("debug.sensors", value, "0");
855 const Vector<Sensor>& initialSensorList = (atoi(value)) ?
856 mSensors.getUserDebugSensors() : mSensors.getUserSensors();
857 Vector<Sensor> accessibleSensorList;
858 for (size_t i = 0; i < initialSensorList.size(); i++) {
859 Sensor sensor = initialSensorList[i];
860 if (canAccessSensor(sensor, "getSensorList", opPackageName)) {
861 accessibleSensorList.add(sensor);
862 } else {
863 ALOGI("Skipped sensor %s because it requires permission %s and app op %d",
864 sensor.getName().string(),
865 sensor.getRequiredPermission().string(),
866 sensor.getRequiredAppOp());
867 }
868 }
869 makeUuidsIntoIdsForSensorList(accessibleSensorList);
870 return accessibleSensorList;
871 }
872
getDynamicSensorList(const String16 & opPackageName)873 Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
874 Vector<Sensor> accessibleSensorList;
875 mSensors.forEachSensor(
876 [&opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
877 if (sensor.isDynamicSensor()) {
878 if (canAccessSensor(sensor, "getDynamicSensorList", opPackageName)) {
879 accessibleSensorList.add(sensor);
880 } else {
881 ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
882 sensor.getName().string(),
883 sensor.getRequiredPermission().string(),
884 sensor.getRequiredAppOp());
885 }
886 }
887 return true;
888 });
889 makeUuidsIntoIdsForSensorList(accessibleSensorList);
890 return accessibleSensorList;
891 }
892
createSensorEventConnection(const String8 & packageName,int requestedMode,const String16 & opPackageName)893 sp<ISensorEventConnection> SensorService::createSensorEventConnection(const String8& packageName,
894 int requestedMode, const String16& opPackageName) {
895 // Only 2 modes supported for a SensorEventConnection ... NORMAL and DATA_INJECTION.
896 if (requestedMode != NORMAL && requestedMode != DATA_INJECTION) {
897 return NULL;
898 }
899
900 Mutex::Autolock _l(mLock);
901 // To create a client in DATA_INJECTION mode to inject data, SensorService should already be
902 // operating in DI mode.
903 if (requestedMode == DATA_INJECTION) {
904 if (mCurrentOperatingMode != DATA_INJECTION) return NULL;
905 if (!isWhiteListedPackage(packageName)) return NULL;
906 }
907
908 uid_t uid = IPCThreadState::self()->getCallingUid();
909 sp<SensorEventConnection> result(new SensorEventConnection(this, uid, packageName,
910 requestedMode == DATA_INJECTION, opPackageName));
911 if (requestedMode == DATA_INJECTION) {
912 if (mActiveConnections.indexOf(result) < 0) {
913 mActiveConnections.add(result);
914 }
915 // Add the associated file descriptor to the Looper for polling whenever there is data to
916 // be injected.
917 result->updateLooperRegistration(mLooper);
918 }
919 return result;
920 }
921
isDataInjectionEnabled()922 int SensorService::isDataInjectionEnabled() {
923 Mutex::Autolock _l(mLock);
924 return (mCurrentOperatingMode == DATA_INJECTION);
925 }
926
resetToNormalMode()927 status_t SensorService::resetToNormalMode() {
928 Mutex::Autolock _l(mLock);
929 return resetToNormalModeLocked();
930 }
931
resetToNormalModeLocked()932 status_t SensorService::resetToNormalModeLocked() {
933 SensorDevice& dev(SensorDevice::getInstance());
934 dev.enableAllSensors();
935 status_t err = dev.setMode(NORMAL);
936 mCurrentOperatingMode = NORMAL;
937 return err;
938 }
939
cleanupConnection(SensorEventConnection * c)940 void SensorService::cleanupConnection(SensorEventConnection* c) {
941 Mutex::Autolock _l(mLock);
942 const wp<SensorEventConnection> connection(c);
943 size_t size = mActiveSensors.size();
944 ALOGD_IF(DEBUG_CONNECTIONS, "%zu active sensors", size);
945 for (size_t i=0 ; i<size ; ) {
946 int handle = mActiveSensors.keyAt(i);
947 if (c->hasSensor(handle)) {
948 ALOGD_IF(DEBUG_CONNECTIONS, "%zu: disabling handle=0x%08x", i, handle);
949 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
950 if (sensor != nullptr) {
951 sensor->activate(c, false);
952 } else {
953 ALOGE("sensor interface of handle=0x%08x is null!", handle);
954 }
955 c->removeSensor(handle);
956 }
957 SensorRecord* rec = mActiveSensors.valueAt(i);
958 ALOGE_IF(!rec, "mActiveSensors[%zu] is null (handle=0x%08x)!", i, handle);
959 ALOGD_IF(DEBUG_CONNECTIONS,
960 "removing connection %p for sensor[%zu].handle=0x%08x",
961 c, i, handle);
962
963 if (rec && rec->removeConnection(connection)) {
964 ALOGD_IF(DEBUG_CONNECTIONS, "... and it was the last connection");
965 mActiveSensors.removeItemsAt(i, 1);
966 mActiveVirtualSensors.erase(handle);
967 delete rec;
968 size--;
969 } else {
970 i++;
971 }
972 }
973 c->updateLooperRegistration(mLooper);
974 mActiveConnections.remove(connection);
975 BatteryService::cleanup(c->getUid());
976 if (c->needsWakeLock()) {
977 checkWakeLockStateLocked();
978 }
979 }
980
getSensorInterfaceFromHandle(int handle) const981 sp<SensorInterface> SensorService::getSensorInterfaceFromHandle(int handle) const {
982 return mSensors.getInterface(handle);
983 }
984
985
enable(const sp<SensorEventConnection> & connection,int handle,nsecs_t samplingPeriodNs,nsecs_t maxBatchReportLatencyNs,int reservedFlags,const String16 & opPackageName)986 status_t SensorService::enable(const sp<SensorEventConnection>& connection,
987 int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
988 const String16& opPackageName) {
989 if (mInitCheck != NO_ERROR)
990 return mInitCheck;
991
992 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
993 if (sensor == nullptr ||
994 !canAccessSensor(sensor->getSensor(), "Tried enabling", opPackageName)) {
995 return BAD_VALUE;
996 }
997
998 Mutex::Autolock _l(mLock);
999 if ((mCurrentOperatingMode == RESTRICTED || mCurrentOperatingMode == DATA_INJECTION)
1000 && !isWhiteListedPackage(connection->getPackageName())) {
1001 return INVALID_OPERATION;
1002 }
1003
1004 SensorRecord* rec = mActiveSensors.valueFor(handle);
1005 if (rec == 0) {
1006 rec = new SensorRecord(connection);
1007 mActiveSensors.add(handle, rec);
1008 if (sensor->isVirtual()) {
1009 mActiveVirtualSensors.emplace(handle);
1010 }
1011 } else {
1012 if (rec->addConnection(connection)) {
1013 // this sensor is already activated, but we are adding a connection that uses it.
1014 // Immediately send down the last known value of the requested sensor if it's not a
1015 // "continuous" sensor.
1016 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
1017 // NOTE: The wake_up flag of this event may get set to
1018 // WAKE_UP_SENSOR_EVENT_NEEDS_ACK if this is a wake_up event.
1019
1020 auto logger = mRecentEvent.find(handle);
1021 if (logger != mRecentEvent.end()) {
1022 sensors_event_t event;
1023 // It is unlikely that this buffer is empty as the sensor is already active.
1024 // One possible corner case may be two applications activating an on-change
1025 // sensor at the same time.
1026 if(logger->second->populateLastEvent(&event)) {
1027 event.sensor = handle;
1028 if (event.version == sizeof(sensors_event_t)) {
1029 if (isWakeUpSensorEvent(event) && !mWakeLockAcquired) {
1030 setWakeLockAcquiredLocked(true);
1031 }
1032 connection->sendEvents(&event, 1, NULL);
1033 if (!connection->needsWakeLock() && mWakeLockAcquired) {
1034 checkWakeLockStateLocked();
1035 }
1036 }
1037 }
1038 }
1039 }
1040 }
1041 }
1042
1043 if (connection->addSensor(handle)) {
1044 BatteryService::enableSensor(connection->getUid(), handle);
1045 // the sensor was added (which means it wasn't already there)
1046 // so, see if this connection becomes active
1047 if (mActiveConnections.indexOf(connection) < 0) {
1048 mActiveConnections.add(connection);
1049 }
1050 } else {
1051 ALOGW("sensor %08x already enabled in connection %p (ignoring)",
1052 handle, connection.get());
1053 }
1054
1055 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1056 if (samplingPeriodNs < minDelayNs) {
1057 samplingPeriodNs = minDelayNs;
1058 }
1059
1060 ALOGD_IF(DEBUG_CONNECTIONS, "Calling batch handle==%d flags=%d"
1061 "rate=%" PRId64 " timeout== %" PRId64"",
1062 handle, reservedFlags, samplingPeriodNs, maxBatchReportLatencyNs);
1063
1064 status_t err = sensor->batch(connection.get(), handle, 0, samplingPeriodNs,
1065 maxBatchReportLatencyNs);
1066
1067 // Call flush() before calling activate() on the sensor. Wait for a first
1068 // flush complete event before sending events on this connection. Ignore
1069 // one-shot sensors which don't support flush(). Ignore on-change sensors
1070 // to maintain the on-change logic (any on-change events except the initial
1071 // one should be trigger by a change in value). Also if this sensor isn't
1072 // already active, don't call flush().
1073 if (err == NO_ERROR &&
1074 sensor->getSensor().getReportingMode() == AREPORTING_MODE_CONTINUOUS &&
1075 rec->getNumConnections() > 1) {
1076 connection->setFirstFlushPending(handle, true);
1077 status_t err_flush = sensor->flush(connection.get(), handle);
1078 // Flush may return error if the underlying h/w sensor uses an older HAL.
1079 if (err_flush == NO_ERROR) {
1080 rec->addPendingFlushConnection(connection.get());
1081 } else {
1082 connection->setFirstFlushPending(handle, false);
1083 }
1084 }
1085
1086 if (err == NO_ERROR) {
1087 ALOGD_IF(DEBUG_CONNECTIONS, "Calling activate on %d", handle);
1088 err = sensor->activate(connection.get(), true);
1089 }
1090
1091 if (err == NO_ERROR) {
1092 connection->updateLooperRegistration(mLooper);
1093 SensorRegistrationInfo ®_info =
1094 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex);
1095 reg_info.mSensorHandle = handle;
1096 reg_info.mSamplingRateUs = samplingPeriodNs/1000;
1097 reg_info.mMaxReportLatencyUs = maxBatchReportLatencyNs/1000;
1098 reg_info.mActivated = true;
1099 reg_info.mPackageName = connection->getPackageName();
1100 time_t rawtime = time(NULL);
1101 struct tm * timeinfo = localtime(&rawtime);
1102 reg_info.mHour = timeinfo->tm_hour;
1103 reg_info.mMin = timeinfo->tm_min;
1104 reg_info.mSec = timeinfo->tm_sec;
1105 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1106 }
1107
1108 if (err != NO_ERROR) {
1109 // batch/activate has failed, reset our state.
1110 cleanupWithoutDisableLocked(connection, handle);
1111 }
1112 return err;
1113 }
1114
disable(const sp<SensorEventConnection> & connection,int handle)1115 status_t SensorService::disable(const sp<SensorEventConnection>& connection, int handle) {
1116 if (mInitCheck != NO_ERROR)
1117 return mInitCheck;
1118
1119 Mutex::Autolock _l(mLock);
1120 status_t err = cleanupWithoutDisableLocked(connection, handle);
1121 if (err == NO_ERROR) {
1122 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1123 err = sensor != nullptr ? sensor->activate(connection.get(), false) : status_t(BAD_VALUE);
1124
1125 }
1126 if (err == NO_ERROR) {
1127 SensorRegistrationInfo ®_info =
1128 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex);
1129 reg_info.mActivated = false;
1130 reg_info.mPackageName= connection->getPackageName();
1131 reg_info.mSensorHandle = handle;
1132 time_t rawtime = time(NULL);
1133 struct tm * timeinfo = localtime(&rawtime);
1134 reg_info.mHour = timeinfo->tm_hour;
1135 reg_info.mMin = timeinfo->tm_min;
1136 reg_info.mSec = timeinfo->tm_sec;
1137 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
1138 }
1139 return err;
1140 }
1141
cleanupWithoutDisable(const sp<SensorEventConnection> & connection,int handle)1142 status_t SensorService::cleanupWithoutDisable(
1143 const sp<SensorEventConnection>& connection, int handle) {
1144 Mutex::Autolock _l(mLock);
1145 return cleanupWithoutDisableLocked(connection, handle);
1146 }
1147
cleanupWithoutDisableLocked(const sp<SensorEventConnection> & connection,int handle)1148 status_t SensorService::cleanupWithoutDisableLocked(
1149 const sp<SensorEventConnection>& connection, int handle) {
1150 SensorRecord* rec = mActiveSensors.valueFor(handle);
1151 if (rec) {
1152 // see if this connection becomes inactive
1153 if (connection->removeSensor(handle)) {
1154 BatteryService::disableSensor(connection->getUid(), handle);
1155 }
1156 if (connection->hasAnySensor() == false) {
1157 connection->updateLooperRegistration(mLooper);
1158 mActiveConnections.remove(connection);
1159 }
1160 // see if this sensor becomes inactive
1161 if (rec->removeConnection(connection)) {
1162 mActiveSensors.removeItem(handle);
1163 mActiveVirtualSensors.erase(handle);
1164 delete rec;
1165 }
1166 return NO_ERROR;
1167 }
1168 return BAD_VALUE;
1169 }
1170
setEventRate(const sp<SensorEventConnection> & connection,int handle,nsecs_t ns,const String16 & opPackageName)1171 status_t SensorService::setEventRate(const sp<SensorEventConnection>& connection,
1172 int handle, nsecs_t ns, const String16& opPackageName) {
1173 if (mInitCheck != NO_ERROR)
1174 return mInitCheck;
1175
1176 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1177 if (sensor == nullptr ||
1178 !canAccessSensor(sensor->getSensor(), "Tried configuring", opPackageName)) {
1179 return BAD_VALUE;
1180 }
1181
1182 if (ns < 0)
1183 return BAD_VALUE;
1184
1185 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
1186 if (ns < minDelayNs) {
1187 ns = minDelayNs;
1188 }
1189
1190 return sensor->setDelay(connection.get(), handle, ns);
1191 }
1192
flushSensor(const sp<SensorEventConnection> & connection,const String16 & opPackageName)1193 status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
1194 const String16& opPackageName) {
1195 if (mInitCheck != NO_ERROR) return mInitCheck;
1196 SensorDevice& dev(SensorDevice::getInstance());
1197 const int halVersion = dev.getHalDeviceVersion();
1198 status_t err(NO_ERROR);
1199 Mutex::Autolock _l(mLock);
1200 // Loop through all sensors for this connection and call flush on each of them.
1201 for (size_t i = 0; i < connection->mSensorInfo.size(); ++i) {
1202 const int handle = connection->mSensorInfo.keyAt(i);
1203 sp<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1204 if (sensor == nullptr) {
1205 continue;
1206 }
1207 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
1208 ALOGE("flush called on a one-shot sensor");
1209 err = INVALID_OPERATION;
1210 continue;
1211 }
1212 if (halVersion <= SENSORS_DEVICE_API_VERSION_1_0 || isVirtualSensor(handle)) {
1213 // For older devices just increment pending flush count which will send a trivial
1214 // flush complete event.
1215 connection->incrementPendingFlushCount(handle);
1216 } else {
1217 if (!canAccessSensor(sensor->getSensor(), "Tried flushing", opPackageName)) {
1218 err = INVALID_OPERATION;
1219 continue;
1220 }
1221 status_t err_flush = sensor->flush(connection.get(), handle);
1222 if (err_flush == NO_ERROR) {
1223 SensorRecord* rec = mActiveSensors.valueFor(handle);
1224 if (rec != NULL) rec->addPendingFlushConnection(connection);
1225 }
1226 err = (err_flush != NO_ERROR) ? err_flush : err;
1227 }
1228 }
1229 return err;
1230 }
1231
canAccessSensor(const Sensor & sensor,const char * operation,const String16 & opPackageName)1232 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
1233 const String16& opPackageName) {
1234 const String8& requiredPermission = sensor.getRequiredPermission();
1235
1236 if (requiredPermission.length() <= 0) {
1237 return true;
1238 }
1239
1240 bool hasPermission = false;
1241
1242 // Runtime permissions can't use the cache as they may change.
1243 if (sensor.isRequiredPermissionRuntime()) {
1244 hasPermission = checkPermission(String16(requiredPermission),
1245 IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
1246 } else {
1247 hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
1248 }
1249
1250 if (!hasPermission) {
1251 ALOGE("%s a sensor (%s) without holding its required permission: %s",
1252 operation, sensor.getName().string(), sensor.getRequiredPermission().string());
1253 return false;
1254 }
1255
1256 const int32_t opCode = sensor.getRequiredAppOp();
1257 if (opCode >= 0) {
1258 AppOpsManager appOps;
1259 if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
1260 != AppOpsManager::MODE_ALLOWED) {
1261 ALOGE("%s a sensor (%s) without enabled required app op: %d",
1262 operation, sensor.getName().string(), opCode);
1263 return false;
1264 }
1265 }
1266
1267 return true;
1268 }
1269
checkWakeLockState()1270 void SensorService::checkWakeLockState() {
1271 Mutex::Autolock _l(mLock);
1272 checkWakeLockStateLocked();
1273 }
1274
checkWakeLockStateLocked()1275 void SensorService::checkWakeLockStateLocked() {
1276 if (!mWakeLockAcquired) {
1277 return;
1278 }
1279 bool releaseLock = true;
1280 for (size_t i=0 ; i<mActiveConnections.size() ; i++) {
1281 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
1282 if (connection != 0) {
1283 if (connection->needsWakeLock()) {
1284 releaseLock = false;
1285 break;
1286 }
1287 }
1288 }
1289 if (releaseLock) {
1290 setWakeLockAcquiredLocked(false);
1291 }
1292 }
1293
sendEventsFromCache(const sp<SensorEventConnection> & connection)1294 void SensorService::sendEventsFromCache(const sp<SensorEventConnection>& connection) {
1295 Mutex::Autolock _l(mLock);
1296 connection->writeToSocketFromCache();
1297 if (connection->needsWakeLock()) {
1298 setWakeLockAcquiredLocked(true);
1299 }
1300 }
1301
populateActiveConnections(SortedVector<sp<SensorEventConnection>> * activeConnections)1302 void SensorService::populateActiveConnections(
1303 SortedVector< sp<SensorEventConnection> >* activeConnections) {
1304 Mutex::Autolock _l(mLock);
1305 for (size_t i=0 ; i < mActiveConnections.size(); ++i) {
1306 sp<SensorEventConnection> connection(mActiveConnections[i].promote());
1307 if (connection != 0) {
1308 activeConnections->add(connection);
1309 }
1310 }
1311 }
1312
isWhiteListedPackage(const String8 & packageName)1313 bool SensorService::isWhiteListedPackage(const String8& packageName) {
1314 return (packageName.contains(mWhiteListedPackage.string()));
1315 }
1316
1317 }; // namespace android
1318
1319