1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include "SensorService.h"
17
18 #include <aidl/android/hardware/sensors/ISensors.h>
19 #include <android-base/strings.h>
20 #include <android/content/pm/IPackageManagerNative.h>
21 #include <android/util/ProtoOutputStream.h>
22 #include <binder/ActivityManager.h>
23 #include <binder/BinderService.h>
24 #include <binder/IServiceManager.h>
25 #include <binder/PermissionCache.h>
26 #include <binder/PermissionController.h>
27 #include <com_android_frameworks_sensorservice_flags.h>
28 #include <cutils/ashmem.h>
29 #include <cutils/misc.h>
30 #include <cutils/properties.h>
31 #include <frameworks/base/core/proto/android/service/sensor_service.proto.h>
32 #include <hardware/sensors.h>
33 #include <hardware_legacy/power.h>
34 #include <inttypes.h>
35 #include <log/log.h>
36 #include <math.h>
37 #include <openssl/digest.h>
38 #include <openssl/hmac.h>
39 #include <openssl/rand.h>
40 #include <private/android_filesystem_config.h>
41 #include <sched.h>
42 #include <sensor/SensorEventQueue.h>
43 #include <sensorprivacy/SensorPrivacyManager.h>
44 #include <stdint.h>
45 #include <sys/socket.h>
46 #include <sys/stat.h>
47 #include <sys/types.h>
48 #include <unistd.h>
49 #include <utils/SystemClock.h>
50
51 #include <condition_variable>
52 #include <ctime>
53 #include <future>
54 #include <mutex>
55 #include <string>
56
57 #include "BatteryService.h"
58 #include "CorrectedGyroSensor.h"
59 #include "GravitySensor.h"
60 #include "LimitedAxesImuSensor.h"
61 #include "LinearAccelerationSensor.h"
62 #include "OrientationSensor.h"
63 #include "RotationVectorSensor.h"
64 #include "SensorDirectConnection.h"
65 #include "SensorEventAckReceiver.h"
66 #include "SensorEventConnection.h"
67 #include "SensorFusion.h"
68 #include "SensorInterface.h"
69 #include "SensorRecord.h"
70 #include "SensorRegistrationInfo.h"
71 #include "SensorServiceUtils.h"
72
73 using namespace std::chrono_literals;
74 namespace sensorservice_flags = com::android::frameworks::sensorservice::flags;
75
76 namespace android {
77 // ---------------------------------------------------------------------------
78
79 /*
80 * Notes:
81 *
82 * - what about a gyro-corrected magnetic-field sensor?
83 * - run mag sensor from time to time to force calibration
84 * - gravity sensor length is wrong (=> drift in linear-acc sensor)
85 *
86 */
87
88 const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
89 uint8_t SensorService::sHmacGlobalKey[128] = {};
90 bool SensorService::sHmacGlobalKeyIsValid = false;
91 std::map<String16, int> SensorService::sPackageTargetVersion;
92 Mutex SensorService::sPackageTargetVersionLock;
93 String16 SensorService::sSensorInterfaceDescriptorPrefix =
94 String16("android.frameworks.sensorservice");
95 AppOpsManager SensorService::sAppOpsManager;
96 std::atomic_uint64_t SensorService::curProxCallbackSeq(0);
97 std::atomic_uint64_t SensorService::completedCallbackSeq(0);
98
99 #define SENSOR_SERVICE_DIR "/data/system/sensor_service"
100 #define SENSOR_SERVICE_HMAC_KEY_FILE SENSOR_SERVICE_DIR "/hmac_key"
101 #define SENSOR_SERVICE_SCHED_FIFO_PRIORITY 10
102
103 // Permissions.
104 static const String16 sAccessHighSensorSamplingRatePermission(
105 "android.permission.HIGH_SAMPLING_RATE_SENSORS");
106 static const String16 sDumpPermission("android.permission.DUMP");
107 static const String16 sLocationHardwarePermission("android.permission.LOCATION_HARDWARE");
108 static const String16 sManageSensorsPermission("android.permission.MANAGE_SENSORS");
109
110 namespace {
111
nextRuntimeSensorHandle()112 int32_t nextRuntimeSensorHandle() {
113 using ::aidl::android::hardware::sensors::ISensors;
114 static int32_t nextHandle = ISensors::RUNTIME_SENSORS_HANDLE_BASE;
115 if (nextHandle == ISensors::RUNTIME_SENSORS_HANDLE_END) {
116 return -1;
117 }
118 return nextHandle++;
119 }
120
121 class RuntimeSensorCallbackProxy : public RuntimeSensor::SensorCallback {
122 public:
RuntimeSensorCallbackProxy(sp<SensorService::RuntimeSensorCallback> callback)123 RuntimeSensorCallbackProxy(sp<SensorService::RuntimeSensorCallback> callback)
124 : mCallback(std::move(callback)) {}
onConfigurationChanged(int handle,bool enabled,int64_t samplingPeriodNs,int64_t batchReportLatencyNs)125 status_t onConfigurationChanged(int handle, bool enabled, int64_t samplingPeriodNs,
126 int64_t batchReportLatencyNs) override {
127 return mCallback->onConfigurationChanged(handle, enabled, samplingPeriodNs,
128 batchReportLatencyNs);
129 }
130 private:
131 sp<SensorService::RuntimeSensorCallback> mCallback;
132 };
133
134 } // namespace
135
isAutomotive()136 static bool isAutomotive() {
137 sp<IServiceManager> serviceManager = defaultServiceManager();
138 if (serviceManager.get() == nullptr) {
139 ALOGE("%s: unable to access native ServiceManager", __func__);
140 return false;
141 }
142
143 sp<content::pm::IPackageManagerNative> packageManager;
144 sp<IBinder> binder = serviceManager->waitForService(String16("package_native"));
145 packageManager = interface_cast<content::pm::IPackageManagerNative>(binder);
146 if (packageManager == nullptr) {
147 ALOGE("%s: unable to access native PackageManager", __func__);
148 return false;
149 }
150
151 bool isAutomotive = false;
152 binder::Status status =
153 packageManager->hasSystemFeature(String16("android.hardware.type.automotive"), 0,
154 &isAutomotive);
155 if (!status.isOk()) {
156 ALOGE("%s: hasSystemFeature failed: %s", __func__, status.exceptionMessage().c_str());
157 return false;
158 }
159
160 return isAutomotive;
161 }
162
SensorService()163 SensorService::SensorService()
164 : mInitCheck(NO_INIT), mSocketBufferSize(SOCKET_BUFFER_SIZE_NON_BATCHED),
165 mWakeLockAcquired(false), mLastReportedProxIsActive(false) {
166 mUidPolicy = new UidPolicy(this);
167 mSensorPrivacyPolicy = new SensorPrivacyPolicy(this);
168 mMicSensorPrivacyPolicy = new MicrophonePrivacyPolicy(this);
169 }
170
registerRuntimeSensor(const sensor_t & sensor,int deviceId,sp<RuntimeSensorCallback> callback)171 int SensorService::registerRuntimeSensor(
172 const sensor_t& sensor, int deviceId, sp<RuntimeSensorCallback> callback) {
173 int handle = 0;
174 while (handle == 0 || !mSensors.isNewHandle(handle)) {
175 handle = nextRuntimeSensorHandle();
176 if (handle < 0) {
177 // Ran out of the dedicated range for runtime sensors.
178 return handle;
179 }
180 }
181
182 ALOGI("Registering runtime sensor handle 0x%x, type %d, name %s",
183 handle, sensor.type, sensor.name);
184
185 sp<RuntimeSensor::SensorCallback> runtimeSensorCallback(
186 new RuntimeSensorCallbackProxy(callback));
187 sensor_t runtimeSensor = sensor;
188 // force the handle to be consistent
189 runtimeSensor.handle = handle;
190 auto si = std::make_shared<RuntimeSensor>(runtimeSensor, std::move(runtimeSensorCallback));
191
192 Mutex::Autolock _l(mLock);
193 if (!registerSensor(std::move(si), /* isDebug= */ false, /* isVirtual= */ false, deviceId)) {
194 // The registration was unsuccessful.
195 return mSensors.getNonSensor().getHandle();
196 }
197
198 if (mRuntimeSensorCallbacks.find(deviceId) == mRuntimeSensorCallbacks.end()) {
199 mRuntimeSensorCallbacks.emplace(deviceId, callback);
200 }
201
202 if (mRuntimeSensorHandler == nullptr) {
203 mRuntimeSensorEventBuffer =
204 new sensors_event_t[SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT];
205 mRuntimeSensorHandler = new RuntimeSensorHandler(this);
206 // Use PRIORITY_URGENT_DISPLAY as the injected sensor events should be dispatched as soon as
207 // possible, and also for consistency within the SensorService.
208 mRuntimeSensorHandler->run("RuntimeSensorHandler", PRIORITY_URGENT_DISPLAY);
209 }
210
211 return handle;
212 }
213
unregisterRuntimeSensor(int handle)214 status_t SensorService::unregisterRuntimeSensor(int handle) {
215 ALOGI("Unregistering runtime sensor handle 0x%x disconnected", handle);
216 int deviceId = getDeviceIdFromHandle(handle);
217 {
218 Mutex::Autolock _l(mLock);
219 if (!unregisterDynamicSensorLocked(handle)) {
220 ALOGE("Runtime sensor release error.");
221 return UNKNOWN_ERROR;
222 }
223 }
224
225 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
226 for (const sp<SensorEventConnection>& connection : connLock.getActiveConnections()) {
227 connection->removeSensor(handle);
228 }
229
230 // If this was the last sensor for this device, remove its callback.
231 bool deviceHasSensors = false;
232 mSensors.forEachEntry(
233 [&deviceId, &deviceHasSensors] (const SensorServiceUtil::SensorList::Entry& e) -> bool {
234 if (e.deviceId == deviceId) {
235 deviceHasSensors = true;
236 return false; // stop iterating
237 }
238 return true;
239 });
240 if (!deviceHasSensors) {
241 mRuntimeSensorCallbacks.erase(deviceId);
242 }
243 return OK;
244 }
245
sendRuntimeSensorEvent(const sensors_event_t & event)246 status_t SensorService::sendRuntimeSensorEvent(const sensors_event_t& event) {
247 std::unique_lock<std::mutex> lock(mRutimeSensorThreadMutex);
248 mRuntimeSensorEventQueue.push(event);
249 mRuntimeSensorsCv.notify_all();
250 return OK;
251 }
252
initializeHmacKey()253 bool SensorService::initializeHmacKey() {
254 int fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_RDONLY|O_CLOEXEC);
255 if (fd != -1) {
256 int result = read(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
257 close(fd);
258 if (result == sizeof(sHmacGlobalKey)) {
259 return true;
260 }
261 ALOGW("Unable to read HMAC key; generating new one.");
262 }
263
264 if (RAND_bytes(sHmacGlobalKey, sizeof(sHmacGlobalKey)) == -1) {
265 ALOGW("Can't generate HMAC key; dynamic sensor getId() will be wrong.");
266 return false;
267 }
268
269 // We need to make sure this is only readable to us.
270 bool wroteKey = false;
271 mkdir(SENSOR_SERVICE_DIR, S_IRWXU);
272 fd = open(SENSOR_SERVICE_HMAC_KEY_FILE, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC,
273 S_IRUSR|S_IWUSR);
274 if (fd != -1) {
275 int result = write(fd, sHmacGlobalKey, sizeof(sHmacGlobalKey));
276 close(fd);
277 wroteKey = (result == sizeof(sHmacGlobalKey));
278 }
279 if (wroteKey) {
280 ALOGI("Generated new HMAC key.");
281 } else {
282 ALOGW("Unable to write HMAC key; dynamic sensor getId() will change "
283 "after reboot.");
284 }
285 // Even if we failed to write the key we return true, because we did
286 // initialize the HMAC key.
287 return true;
288 }
289
290 // Set main thread to SCHED_FIFO to lower sensor event latency when system is under load
enableSchedFifoMode()291 void SensorService::enableSchedFifoMode() {
292 struct sched_param param = {0};
293 param.sched_priority = SENSOR_SERVICE_SCHED_FIFO_PRIORITY;
294 if (sched_setscheduler(getTid(), SCHED_FIFO | SCHED_RESET_ON_FORK, ¶m) != 0) {
295 ALOGE("Couldn't set SCHED_FIFO for SensorService thread");
296 }
297 }
298
onFirstRef()299 void SensorService::onFirstRef() {
300 ALOGD("nuSensorService starting...");
301 SensorDevice& dev(SensorDevice::getInstance());
302
303 sHmacGlobalKeyIsValid = initializeHmacKey();
304
305 if (dev.initCheck() == NO_ERROR) {
306 sensor_t const* list;
307 ssize_t count = dev.getSensorList(&list);
308 if (count > 0) {
309 bool hasGyro = false, hasAccel = false, hasMag = false;
310 bool hasGyroUncalibrated = false;
311 bool hasAccelUncalibrated = false;
312 uint32_t virtualSensorsNeeds =
313 (1<<SENSOR_TYPE_GRAVITY) |
314 (1<<SENSOR_TYPE_LINEAR_ACCELERATION) |
315 (1<<SENSOR_TYPE_ROTATION_VECTOR) |
316 (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR) |
317 (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR);
318
319 for (ssize_t i=0 ; i<count ; i++) {
320 bool useThisSensor = true;
321
322 switch (list[i].type) {
323 case SENSOR_TYPE_ACCELEROMETER:
324 hasAccel = true;
325 break;
326 case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED:
327 hasAccelUncalibrated = true;
328 break;
329 case SENSOR_TYPE_MAGNETIC_FIELD:
330 hasMag = true;
331 break;
332 case SENSOR_TYPE_GYROSCOPE:
333 hasGyro = true;
334 break;
335 case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
336 hasGyroUncalibrated = true;
337 break;
338 case SENSOR_TYPE_DYNAMIC_SENSOR_META:
339 if (sensorservice_flags::dynamic_sensor_hal_reconnect_handling()) {
340 mDynamicMetaSensorHandle = list[i].handle;
341 }
342 break;
343 case SENSOR_TYPE_GRAVITY:
344 case SENSOR_TYPE_LINEAR_ACCELERATION:
345 case SENSOR_TYPE_ROTATION_VECTOR:
346 case SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR:
347 case SENSOR_TYPE_GAME_ROTATION_VECTOR:
348 if (IGNORE_HARDWARE_FUSION) {
349 useThisSensor = false;
350 } else {
351 virtualSensorsNeeds &= ~(1<<list[i].type);
352 }
353 break;
354 default:
355 break;
356 }
357 if (useThisSensor) {
358 if (list[i].type == SENSOR_TYPE_PROXIMITY) {
359 auto s = std::make_shared<ProximitySensor>(list[i], *this);
360 const int handle = s->getSensor().getHandle();
361 if (registerSensor(std::move(s))) {
362 mProxSensorHandles.push_back(handle);
363 }
364 } else {
365 registerSensor(std::make_shared<HardwareSensor>(list[i]));
366 }
367 }
368 }
369
370 // it's safe to instantiate the SensorFusion object here
371 // (it wants to be instantiated after h/w sensors have been
372 // registered)
373 SensorFusion::getInstance();
374
375 if ((hasGyro || hasGyroUncalibrated) && hasAccel && hasMag) {
376 // Add Android virtual sensors if they're not already
377 // available in the HAL
378 bool needRotationVector =
379 (virtualSensorsNeeds & (1<<SENSOR_TYPE_ROTATION_VECTOR)) != 0;
380 registerVirtualSensor(std::make_shared<RotationVectorSensor>(),
381 /* isDebug= */ !needRotationVector);
382 registerVirtualSensor(std::make_shared<OrientationSensor>(),
383 /* isDebug= */ !needRotationVector);
384
385 // virtual debugging sensors are not for user
386 registerVirtualSensor(std::make_shared<CorrectedGyroSensor>(list, count),
387 /* isDebug= */ true);
388 registerVirtualSensor(std::make_shared<GyroDriftSensor>(), /* isDebug= */ true);
389 }
390
391 if (hasAccel && (hasGyro || hasGyroUncalibrated)) {
392 bool needGravitySensor = (virtualSensorsNeeds & (1<<SENSOR_TYPE_GRAVITY)) != 0;
393 registerVirtualSensor(std::make_shared<GravitySensor>(list, count),
394 /* isDebug= */ !needGravitySensor);
395
396 bool needLinearAcceleration =
397 (virtualSensorsNeeds & (1<<SENSOR_TYPE_LINEAR_ACCELERATION)) != 0;
398 registerVirtualSensor(std::make_shared<LinearAccelerationSensor>(list, count),
399 /* isDebug= */ !needLinearAcceleration);
400
401 bool needGameRotationVector =
402 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GAME_ROTATION_VECTOR)) != 0;
403 registerVirtualSensor(std::make_shared<GameRotationVectorSensor>(),
404 /* isDebug= */ !needGameRotationVector);
405 }
406
407 if (hasAccel && hasMag) {
408 bool needGeoMagRotationVector =
409 (virtualSensorsNeeds & (1<<SENSOR_TYPE_GEOMAGNETIC_ROTATION_VECTOR)) != 0;
410 registerVirtualSensor(std::make_shared<GeoMagRotationVectorSensor>(),
411 /* isDebug= */ !needGeoMagRotationVector);
412 }
413
414 if (isAutomotive()) {
415 if (hasAccel) {
416 registerVirtualSensor(
417 std::make_shared<LimitedAxesImuSensor>(
418 list, count, SENSOR_TYPE_ACCELEROMETER));
419 }
420
421 if (hasGyro) {
422 registerVirtualSensor(
423 std::make_shared<LimitedAxesImuSensor>(
424 list, count, SENSOR_TYPE_GYROSCOPE));
425 }
426
427 if (hasAccelUncalibrated) {
428 registerVirtualSensor(
429 std::make_shared<LimitedAxesImuSensor>(
430 list, count, SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED));
431 }
432
433 if (hasGyroUncalibrated) {
434 registerVirtualSensor(
435 std::make_shared<LimitedAxesImuSensor>(
436 list, count, SENSOR_TYPE_GYROSCOPE_UNCALIBRATED));
437 }
438 }
439
440 // Check if the device really supports batching by looking at the FIFO event
441 // counts for each sensor.
442 bool batchingSupported = false;
443 mSensors.forEachSensor(
444 [&batchingSupported] (const Sensor& s) -> bool {
445 if (s.getFifoMaxEventCount() > 0) {
446 batchingSupported = true;
447 }
448 return !batchingSupported;
449 });
450
451 if (batchingSupported) {
452 // Increase socket buffer size to a max of 100 KB for batching capabilities.
453 mSocketBufferSize = MAX_SOCKET_BUFFER_SIZE_BATCHED;
454 } else {
455 mSocketBufferSize = SOCKET_BUFFER_SIZE_NON_BATCHED;
456 }
457
458 // Compare the socketBufferSize value against the system limits and limit
459 // it to maxSystemSocketBufferSize if necessary.
460 FILE *fp = fopen("/proc/sys/net/core/wmem_max", "r");
461 char line[128];
462 if (fp != nullptr && fgets(line, sizeof(line), fp) != nullptr) {
463 line[sizeof(line) - 1] = '\0';
464 size_t maxSystemSocketBufferSize;
465 sscanf(line, "%zu", &maxSystemSocketBufferSize);
466 if (mSocketBufferSize > maxSystemSocketBufferSize) {
467 mSocketBufferSize = maxSystemSocketBufferSize;
468 }
469 }
470 if (fp) {
471 fclose(fp);
472 }
473
474 mWakeLockAcquired = false;
475 mLooper = new Looper(false);
476 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
477 mSensorEventBuffer = new sensors_event_t[minBufferSize];
478 mSensorEventScratch = new sensors_event_t[minBufferSize];
479 mRuntimeSensorEventBuffer = nullptr;
480 mMapFlushEventsToConnections = new wp<const SensorEventConnection> [minBufferSize];
481 mCurrentOperatingMode = NORMAL;
482
483 mNextSensorRegIndex = 0;
484 for (int i = 0; i < SENSOR_REGISTRATIONS_BUF_SIZE; ++i) {
485 mLastNSensorRegistrations.push();
486 }
487
488 mInitCheck = NO_ERROR;
489 mAckReceiver = new SensorEventAckReceiver(this);
490 mAckReceiver->run("SensorEventAckReceiver", PRIORITY_URGENT_DISPLAY);
491 run("SensorService", PRIORITY_URGENT_DISPLAY);
492
493 // priority can only be changed after run
494 enableSchedFifoMode();
495
496 // Start watching UID changes to apply policy.
497 mUidPolicy->registerSelf();
498
499 // Start watching sensor privacy changes
500 mSensorPrivacyPolicy->registerSelf();
501
502 // Start watching mic sensor privacy changes
503 mMicSensorPrivacyPolicy->registerSelf();
504 }
505 }
506 }
507
onUidStateChanged(uid_t uid,UidState state)508 void SensorService::onUidStateChanged(uid_t uid, UidState state) {
509 SensorDevice& dev(SensorDevice::getInstance());
510
511 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
512 for (const sp<SensorEventConnection>& conn : connLock.getActiveConnections()) {
513 if (conn->getUid() == uid) {
514 dev.setUidStateForConnection(conn.get(), state);
515 }
516 }
517
518 for (const sp<SensorDirectConnection>& conn : connLock.getDirectConnections()) {
519 if (conn->getUid() == uid) {
520 // Update sensor subscriptions if needed
521 bool hasAccess = hasSensorAccessLocked(conn->getUid(), conn->getOpPackageName());
522 conn->onSensorAccessChanged(hasAccess);
523 }
524 }
525 checkAndReportProxStateChangeLocked();
526 }
527
hasSensorAccess(uid_t uid,const String16 & opPackageName)528 bool SensorService::hasSensorAccess(uid_t uid, const String16& opPackageName) {
529 Mutex::Autolock _l(mLock);
530 return hasSensorAccessLocked(uid, opPackageName);
531 }
532
hasSensorAccessLocked(uid_t uid,const String16 & opPackageName)533 bool SensorService::hasSensorAccessLocked(uid_t uid, const String16& opPackageName) {
534 return !mSensorPrivacyPolicy->isSensorPrivacyEnabled()
535 && isUidActive(uid) && !isOperationRestrictedLocked(opPackageName);
536 }
537
registerSensor(std::shared_ptr<SensorInterface> s,bool isDebug,bool isVirtual,int deviceId)538 bool SensorService::registerSensor(std::shared_ptr<SensorInterface> s, bool isDebug, bool isVirtual,
539 int deviceId) {
540 const int handle = s->getSensor().getHandle();
541 const int type = s->getSensor().getType();
542 if (mSensors.add(handle, std::move(s), isDebug, isVirtual, deviceId)) {
543 mRecentEvent.emplace(handle, new SensorServiceUtil::RecentEventLogger(type));
544 return true;
545 } else {
546 LOG_FATAL("Failed to register sensor with handle %d", handle);
547 return false;
548 }
549 }
550
registerDynamicSensorLocked(std::shared_ptr<SensorInterface> s,bool isDebug)551 bool SensorService::registerDynamicSensorLocked(std::shared_ptr<SensorInterface> s, bool isDebug) {
552 return registerSensor(std::move(s), isDebug);
553 }
554
unregisterDynamicSensorLocked(int handle)555 bool SensorService::unregisterDynamicSensorLocked(int handle) {
556 bool ret = mSensors.remove(handle);
557
558 const auto i = mRecentEvent.find(handle);
559 if (i != mRecentEvent.end()) {
560 delete i->second;
561 mRecentEvent.erase(i);
562 }
563 return ret;
564 }
565
registerVirtualSensor(std::shared_ptr<SensorInterface> s,bool isDebug)566 bool SensorService::registerVirtualSensor(std::shared_ptr<SensorInterface> s, bool isDebug) {
567 return registerSensor(std::move(s), isDebug, true);
568 }
569
~SensorService()570 SensorService::~SensorService() {
571 for (auto && entry : mRecentEvent) {
572 delete entry.second;
573 }
574 mUidPolicy->unregisterSelf();
575 mSensorPrivacyPolicy->unregisterSelf();
576 mMicSensorPrivacyPolicy->unregisterSelf();
577 }
578
dump(int fd,const Vector<String16> & args)579 status_t SensorService::dump(int fd, const Vector<String16>& args) {
580 String8 result;
581 if (!PermissionCache::checkCallingPermission(sDumpPermission)) {
582 result.appendFormat("Permission Denial: can't dump SensorService from pid=%d, uid=%d\n",
583 IPCThreadState::self()->getCallingPid(),
584 IPCThreadState::self()->getCallingUid());
585 } else {
586 bool privileged = IPCThreadState::self()->getCallingUid() == 0;
587 if (args.size() > 2) {
588 return INVALID_OPERATION;
589 }
590 if (args.size() > 0) {
591 Mode targetOperatingMode = NORMAL;
592 std::string inputStringMode = String8(args[0]).c_str();
593 if (getTargetOperatingMode(inputStringMode, &targetOperatingMode)) {
594 status_t error = changeOperatingMode(args, targetOperatingMode);
595 // Dump the latest state only if no error was encountered.
596 if (error != NO_ERROR) {
597 return error;
598 }
599 }
600 }
601
602 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
603 // Run the following logic if a transition isn't requested above based on the input
604 // argument parsing.
605 if (args.size() == 1 && args[0] == String16("--proto")) {
606 return dumpProtoLocked(fd, &connLock);
607 } else if (!mSensors.hasAnySensor()) {
608 result.append("No Sensors on the device\n");
609 result.appendFormat("devInitCheck : %d\n", SensorDevice::getInstance().initCheck());
610 } else {
611 // Default dump the sensor list and debugging information.
612 //
613 timespec curTime;
614 clock_gettime(CLOCK_REALTIME, &curTime);
615 struct tm* timeinfo = localtime(&(curTime.tv_sec));
616 result.appendFormat("Captured at: %02d:%02d:%02d.%03d\n", timeinfo->tm_hour,
617 timeinfo->tm_min, timeinfo->tm_sec, (int)ns2ms(curTime.tv_nsec));
618 result.append("Sensor Device:\n");
619 result.append(SensorDevice::getInstance().dump().c_str());
620
621 result.append("Sensor List:\n");
622 result.append(mSensors.dump().c_str());
623
624 result.append("Fusion States:\n");
625 SensorFusion::getInstance().dump(result);
626
627 result.append("Recent Sensor events:\n");
628 for (auto&& i : mRecentEvent) {
629 std::shared_ptr<SensorInterface> s = getSensorInterfaceFromHandle(i.first);
630 if (!i.second->isEmpty() && s != nullptr) {
631 if (privileged || s->getSensor().getRequiredPermission().empty()) {
632 i.second->setFormat("normal");
633 } else {
634 i.second->setFormat("mask_data");
635 }
636 // if there is events and sensor does not need special permission.
637 result.appendFormat("%s: ", s->getSensor().getName().c_str());
638 result.append(i.second->dump().c_str());
639 }
640 }
641
642 result.append("Active sensors:\n");
643 SensorDevice& dev = SensorDevice::getInstance();
644 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
645 int handle = mActiveSensors.keyAt(i);
646 if (dev.isSensorActive(handle)) {
647 result.appendFormat("%s (handle=0x%08x, connections=%zu)\n",
648 getSensorName(handle).c_str(),
649 handle,
650 mActiveSensors.valueAt(i)->getNumConnections());
651 }
652 }
653
654 result.appendFormat("Socket Buffer size = %zd events\n",
655 mSocketBufferSize/sizeof(sensors_event_t));
656 result.appendFormat("WakeLock Status: %s \n", mWakeLockAcquired ? "acquired" :
657 "not held");
658 result.appendFormat("Mode :");
659 switch(mCurrentOperatingMode) {
660 case NORMAL:
661 result.appendFormat(" NORMAL\n");
662 break;
663 case RESTRICTED:
664 result.appendFormat(" RESTRICTED : %s\n", mAllowListedPackage.c_str());
665 break;
666 case DATA_INJECTION:
667 result.appendFormat(" DATA_INJECTION : %s\n", mAllowListedPackage.c_str());
668 break;
669 case REPLAY_DATA_INJECTION:
670 result.appendFormat(" REPLAY_DATA_INJECTION : %s\n",
671 mAllowListedPackage.c_str());
672 break;
673 case HAL_BYPASS_REPLAY_DATA_INJECTION:
674 result.appendFormat(" HAL_BYPASS_REPLAY_DATA_INJECTION : %s\n",
675 mAllowListedPackage.c_str());
676 break;
677 default:
678 result.appendFormat(" UNKNOWN\n");
679 break;
680 }
681 result.appendFormat("Sensor Privacy: %s\n",
682 mSensorPrivacyPolicy->isSensorPrivacyEnabled() ? "enabled" : "disabled");
683
684 const auto& activeConnections = connLock.getActiveConnections();
685 result.appendFormat("%zd open event connections\n", activeConnections.size());
686 for (size_t i=0 ; i < activeConnections.size() ; i++) {
687 result.appendFormat("Connection Number: %zu \n", i);
688 activeConnections[i]->dump(result);
689 }
690
691 const auto& directConnections = connLock.getDirectConnections();
692 result.appendFormat("%zd open direct connections\n", directConnections.size());
693 for (size_t i = 0 ; i < directConnections.size() ; i++) {
694 result.appendFormat("Direct connection %zu:\n", i);
695 directConnections[i]->dump(result);
696 }
697
698 result.appendFormat("Previous Registrations:\n");
699 // Log in the reverse chronological order.
700 int currentIndex = (mNextSensorRegIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
701 SENSOR_REGISTRATIONS_BUF_SIZE;
702 const int startIndex = currentIndex;
703 do {
704 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[currentIndex];
705 if (SensorRegistrationInfo::isSentinel(reg_info)) {
706 // Ignore sentinel, proceed to next item.
707 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
708 SENSOR_REGISTRATIONS_BUF_SIZE;
709 continue;
710 }
711 result.appendFormat("%s\n", reg_info.dump(this).c_str());
712 currentIndex = (currentIndex - 1 + SENSOR_REGISTRATIONS_BUF_SIZE) %
713 SENSOR_REGISTRATIONS_BUF_SIZE;
714 } while(startIndex != currentIndex);
715 }
716 }
717 write(fd, result.c_str(), result.size());
718 return NO_ERROR;
719 }
720
721 /**
722 * Dump debugging information as android.service.SensorServiceProto protobuf message using
723 * ProtoOutputStream.
724 *
725 * See proto definition and some notes about ProtoOutputStream in
726 * frameworks/base/core/proto/android/service/sensor_service.proto
727 */
dumpProtoLocked(int fd,ConnectionSafeAutolock * connLock) const728 status_t SensorService::dumpProtoLocked(int fd, ConnectionSafeAutolock* connLock) const {
729 using namespace service::SensorServiceProto;
730 util::ProtoOutputStream proto;
731 proto.write(INIT_STATUS, int(SensorDevice::getInstance().initCheck()));
732 if (!mSensors.hasAnySensor()) {
733 return proto.flush(fd) ? OK : UNKNOWN_ERROR;
734 }
735 const bool privileged = IPCThreadState::self()->getCallingUid() == 0;
736
737 timespec curTime;
738 clock_gettime(CLOCK_REALTIME, &curTime);
739 proto.write(CURRENT_TIME_MS, curTime.tv_sec * 1000 + ns2ms(curTime.tv_nsec));
740
741 // Write SensorDeviceProto
742 uint64_t token = proto.start(SENSOR_DEVICE);
743 SensorDevice::getInstance().dump(&proto);
744 proto.end(token);
745
746 // Write SensorListProto
747 token = proto.start(SENSORS);
748 mSensors.dump(&proto);
749 proto.end(token);
750
751 // Write SensorFusionProto
752 token = proto.start(FUSION_STATE);
753 SensorFusion::getInstance().dump(&proto);
754 proto.end(token);
755
756 // Write SensorEventsProto
757 token = proto.start(SENSOR_EVENTS);
758 for (auto&& i : mRecentEvent) {
759 std::shared_ptr<SensorInterface> s = getSensorInterfaceFromHandle(i.first);
760 if (!i.second->isEmpty() && s != nullptr) {
761 i.second->setFormat(privileged || s->getSensor().getRequiredPermission().empty() ?
762 "normal" : "mask_data");
763 const uint64_t mToken = proto.start(service::SensorEventsProto::RECENT_EVENTS_LOGS);
764 proto.write(service::SensorEventsProto::RecentEventsLog::NAME,
765 std::string(s->getSensor().getName().c_str()));
766 i.second->dump(&proto);
767 proto.end(mToken);
768 }
769 }
770 proto.end(token);
771
772 // Write ActiveSensorProto
773 SensorDevice& dev = SensorDevice::getInstance();
774 for (size_t i=0 ; i<mActiveSensors.size() ; i++) {
775 int handle = mActiveSensors.keyAt(i);
776 if (dev.isSensorActive(handle)) {
777 token = proto.start(ACTIVE_SENSORS);
778 proto.write(service::ActiveSensorProto::NAME,
779 std::string(getSensorName(handle).c_str()));
780 proto.write(service::ActiveSensorProto::HANDLE, handle);
781 proto.write(service::ActiveSensorProto::NUM_CONNECTIONS,
782 int(mActiveSensors.valueAt(i)->getNumConnections()));
783 proto.end(token);
784 }
785 }
786
787 proto.write(SOCKET_BUFFER_SIZE, int(mSocketBufferSize));
788 proto.write(SOCKET_BUFFER_SIZE_IN_EVENTS, int(mSocketBufferSize / sizeof(sensors_event_t)));
789 proto.write(WAKE_LOCK_ACQUIRED, mWakeLockAcquired);
790
791 switch(mCurrentOperatingMode) {
792 case NORMAL:
793 proto.write(OPERATING_MODE, OP_MODE_NORMAL);
794 break;
795 case RESTRICTED:
796 proto.write(OPERATING_MODE, OP_MODE_RESTRICTED);
797 proto.write(WHITELISTED_PACKAGE, std::string(mAllowListedPackage.c_str()));
798 break;
799 case DATA_INJECTION:
800 proto.write(OPERATING_MODE, OP_MODE_DATA_INJECTION);
801 proto.write(WHITELISTED_PACKAGE, std::string(mAllowListedPackage.c_str()));
802 break;
803 default:
804 proto.write(OPERATING_MODE, OP_MODE_UNKNOWN);
805 }
806 proto.write(SENSOR_PRIVACY, mSensorPrivacyPolicy->isSensorPrivacyEnabled());
807
808 // Write repeated SensorEventConnectionProto
809 const auto& activeConnections = connLock->getActiveConnections();
810 for (size_t i = 0; i < activeConnections.size(); i++) {
811 token = proto.start(ACTIVE_CONNECTIONS);
812 activeConnections[i]->dump(&proto);
813 proto.end(token);
814 }
815
816 // Write repeated SensorDirectConnectionProto
817 const auto& directConnections = connLock->getDirectConnections();
818 for (size_t i = 0 ; i < directConnections.size() ; i++) {
819 token = proto.start(DIRECT_CONNECTIONS);
820 directConnections[i]->dump(&proto);
821 proto.end(token);
822 }
823
824 // Write repeated SensorRegistrationInfoProto
825 const int startIndex = mNextSensorRegIndex;
826 int curr = startIndex;
827 do {
828 const SensorRegistrationInfo& reg_info = mLastNSensorRegistrations[curr];
829 if (SensorRegistrationInfo::isSentinel(reg_info)) {
830 // Ignore sentinel, proceed to next item.
831 curr = (curr + 1 + SENSOR_REGISTRATIONS_BUF_SIZE) % SENSOR_REGISTRATIONS_BUF_SIZE;
832 continue;
833 }
834 token = proto.start(PREVIOUS_REGISTRATIONS);
835 reg_info.dump(&proto);
836 proto.end(token);
837 curr = (curr + 1 + SENSOR_REGISTRATIONS_BUF_SIZE) % SENSOR_REGISTRATIONS_BUF_SIZE;
838 } while (startIndex != curr);
839
840 return proto.flush(fd) ? OK : UNKNOWN_ERROR;
841 }
842
disableAllSensors()843 void SensorService::disableAllSensors() {
844 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
845 disableAllSensorsLocked(&connLock);
846 }
847
disableAllSensorsLocked(ConnectionSafeAutolock * connLock)848 void SensorService::disableAllSensorsLocked(ConnectionSafeAutolock* connLock) {
849 SensorDevice& dev(SensorDevice::getInstance());
850 for (const sp<SensorDirectConnection>& conn : connLock->getDirectConnections()) {
851 bool hasAccess = hasSensorAccessLocked(conn->getUid(), conn->getOpPackageName());
852 conn->onSensorAccessChanged(hasAccess);
853 }
854 dev.disableAllSensors();
855 checkAndReportProxStateChangeLocked();
856 // Clear all pending flush connections for all active sensors. If one of the active
857 // connections has called flush() and the underlying sensor has been disabled before a
858 // flush complete event is returned, we need to remove the connection from this queue.
859 for (size_t i=0 ; i< mActiveSensors.size(); ++i) {
860 mActiveSensors.valueAt(i)->clearAllPendingFlushConnections();
861 }
862 }
863
enableAllSensors()864 void SensorService::enableAllSensors() {
865 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
866 enableAllSensorsLocked(&connLock);
867 }
868
enableAllSensorsLocked(ConnectionSafeAutolock * connLock)869 void SensorService::enableAllSensorsLocked(ConnectionSafeAutolock* connLock) {
870 // sensors should only be enabled if the operating state is not restricted and sensor
871 // privacy is not enabled.
872 if (mCurrentOperatingMode == RESTRICTED || mSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
873 ALOGW("Sensors cannot be enabled: mCurrentOperatingMode = %d, sensor privacy = %s",
874 mCurrentOperatingMode,
875 mSensorPrivacyPolicy->isSensorPrivacyEnabled() ? "enabled" : "disabled");
876 return;
877 }
878 SensorDevice& dev(SensorDevice::getInstance());
879 dev.enableAllSensors();
880 for (const sp<SensorDirectConnection>& conn : connLock->getDirectConnections()) {
881 bool hasAccess = hasSensorAccessLocked(conn->getUid(), conn->getOpPackageName());
882 conn->onSensorAccessChanged(hasAccess);
883 }
884 checkAndReportProxStateChangeLocked();
885 }
886
capRates()887 void SensorService::capRates() {
888 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
889 for (const sp<SensorDirectConnection>& conn : connLock.getDirectConnections()) {
890 conn->onMicSensorAccessChanged(true);
891 }
892
893 for (const sp<SensorEventConnection>& conn : connLock.getActiveConnections()) {
894 conn->onMicSensorAccessChanged(true);
895 }
896 }
897
uncapRates()898 void SensorService::uncapRates() {
899 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
900 for (const sp<SensorDirectConnection>& conn : connLock.getDirectConnections()) {
901 conn->onMicSensorAccessChanged(false);
902 }
903
904 for (const sp<SensorEventConnection>& conn : connLock.getActiveConnections()) {
905 conn->onMicSensorAccessChanged(false);
906 }
907 }
908
909 // NOTE: This is a remote API - make sure all args are validated
shellCommand(int in,int out,int err,Vector<String16> & args)910 status_t SensorService::shellCommand(int in, int out, int err, Vector<String16>& args) {
911 if (!checkCallingPermission(sManageSensorsPermission, nullptr, nullptr)) {
912 return PERMISSION_DENIED;
913 }
914 if (args.size() == 0) {
915 return BAD_INDEX;
916 }
917 if (in == BAD_TYPE || out == BAD_TYPE || err == BAD_TYPE) {
918 return BAD_VALUE;
919 }
920 if (args[0] == String16("set-uid-state")) {
921 return handleSetUidState(args, err);
922 } else if (args[0] == String16("reset-uid-state")) {
923 return handleResetUidState(args, err);
924 } else if (args[0] == String16("get-uid-state")) {
925 return handleGetUidState(args, out, err);
926 } else if (args[0] == String16("unrestrict-ht")) {
927 mHtRestricted = false;
928 return NO_ERROR;
929 } else if (args[0] == String16("restrict-ht")) {
930 mHtRestricted = true;
931 return NO_ERROR;
932 } else if (args.size() == 1 && args[0] == String16("help")) {
933 printHelp(out);
934 return NO_ERROR;
935 }
936 printHelp(err);
937 return BAD_VALUE;
938 }
939
getUidForPackage(String16 packageName,int userId,uid_t & uid,int err)940 static status_t getUidForPackage(String16 packageName, int userId, /*inout*/uid_t& uid, int err) {
941 PermissionController pc;
942 uid = pc.getPackageUid(packageName, 0);
943 if (uid <= 0) {
944 ALOGE("Unknown package: '%s'", String8(packageName).c_str());
945 dprintf(err, "Unknown package: '%s'\n", String8(packageName).c_str());
946 return BAD_VALUE;
947 }
948
949 if (userId < 0) {
950 ALOGE("Invalid user: %d", userId);
951 dprintf(err, "Invalid user: %d\n", userId);
952 return BAD_VALUE;
953 }
954
955 uid = multiuser_get_uid(userId, uid);
956 return NO_ERROR;
957 }
958
handleSetUidState(Vector<String16> & args,int err)959 status_t SensorService::handleSetUidState(Vector<String16>& args, int err) {
960 // Valid arg.size() is 3 or 5, args.size() is 5 with --user option.
961 if (!(args.size() == 3 || args.size() == 5)) {
962 printHelp(err);
963 return BAD_VALUE;
964 }
965
966 bool active = false;
967 if (args[2] == String16("active")) {
968 active = true;
969 } else if ((args[2] != String16("idle"))) {
970 ALOGE("Expected active or idle but got: '%s'", String8(args[2]).c_str());
971 return BAD_VALUE;
972 }
973
974 int userId = 0;
975 if (args.size() == 5 && args[3] == String16("--user")) {
976 userId = atoi(String8(args[4]));
977 }
978
979 uid_t uid;
980 if (getUidForPackage(args[1], userId, uid, err) != NO_ERROR) {
981 return BAD_VALUE;
982 }
983
984 mUidPolicy->addOverrideUid(uid, active);
985 return NO_ERROR;
986 }
987
handleResetUidState(Vector<String16> & args,int err)988 status_t SensorService::handleResetUidState(Vector<String16>& args, int err) {
989 // Valid arg.size() is 2 or 4, args.size() is 4 with --user option.
990 if (!(args.size() == 2 || args.size() == 4)) {
991 printHelp(err);
992 return BAD_VALUE;
993 }
994
995 int userId = 0;
996 if (args.size() == 4 && args[2] == String16("--user")) {
997 userId = atoi(String8(args[3]));
998 }
999
1000 uid_t uid;
1001 if (getUidForPackage(args[1], userId, uid, err) == BAD_VALUE) {
1002 return BAD_VALUE;
1003 }
1004
1005 mUidPolicy->removeOverrideUid(uid);
1006 return NO_ERROR;
1007 }
1008
handleGetUidState(Vector<String16> & args,int out,int err)1009 status_t SensorService::handleGetUidState(Vector<String16>& args, int out, int err) {
1010 // Valid arg.size() is 2 or 4, args.size() is 4 with --user option.
1011 if (!(args.size() == 2 || args.size() == 4)) {
1012 printHelp(err);
1013 return BAD_VALUE;
1014 }
1015
1016 int userId = 0;
1017 if (args.size() == 4 && args[2] == String16("--user")) {
1018 userId = atoi(String8(args[3]));
1019 }
1020
1021 uid_t uid;
1022 if (getUidForPackage(args[1], userId, uid, err) == BAD_VALUE) {
1023 return BAD_VALUE;
1024 }
1025
1026 if (mUidPolicy->isUidActive(uid)) {
1027 return dprintf(out, "active\n");
1028 } else {
1029 return dprintf(out, "idle\n");
1030 }
1031 }
1032
printHelp(int out)1033 status_t SensorService::printHelp(int out) {
1034 return dprintf(out, "Sensor service commands:\n"
1035 " get-uid-state <PACKAGE> [--user USER_ID] gets the uid state\n"
1036 " set-uid-state <PACKAGE> <active|idle> [--user USER_ID] overrides the uid state\n"
1037 " reset-uid-state <PACKAGE> [--user USER_ID] clears the uid state override\n"
1038 " help print this message\n");
1039 }
1040
1041 //TODO: move to SensorEventConnection later
cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection> & connection,sensors_event_t const * buffer,const int count)1042 void SensorService::cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
1043 sensors_event_t const* buffer, const int count) {
1044 for (int i=0 ; i<count ; i++) {
1045 int handle = buffer[i].sensor;
1046 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
1047 handle = buffer[i].meta_data.sensor;
1048 }
1049 if (connection->hasSensor(handle)) {
1050 std::shared_ptr<SensorInterface> si = getSensorInterfaceFromHandle(handle);
1051 // If this buffer has an event from a one_shot sensor and this connection is registered
1052 // for this particular one_shot sensor, try cleaning up the connection.
1053 if (si != nullptr &&
1054 si->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
1055 si->autoDisable(connection.get(), handle);
1056 cleanupWithoutDisableLocked(connection, handle);
1057 }
1058
1059 }
1060 }
1061 }
1062
sendEventsToAllClients(const std::vector<sp<SensorEventConnection>> & activeConnections,ssize_t count)1063 void SensorService::sendEventsToAllClients(
1064 const std::vector<sp<SensorEventConnection>>& activeConnections,
1065 ssize_t count) {
1066 // Send our events to clients. Check the state of wake lock for each client
1067 // and release the lock if none of the clients need it.
1068 bool needsWakeLock = false;
1069 for (const sp<SensorEventConnection>& connection : activeConnections) {
1070 connection->sendEvents(mSensorEventBuffer, count, mSensorEventScratch,
1071 mMapFlushEventsToConnections);
1072 needsWakeLock |= connection->needsWakeLock();
1073 // If the connection has one-shot sensors, it may be cleaned up after
1074 // first trigger. Early check for one-shot sensors.
1075 if (connection->hasOneShotSensors()) {
1076 cleanupAutoDisabledSensorLocked(connection, mSensorEventBuffer, count);
1077 }
1078 }
1079
1080 if (mWakeLockAcquired && !needsWakeLock) {
1081 setWakeLockAcquiredLocked(false);
1082 }
1083 }
1084
disconnectDynamicSensor(int handle,const std::vector<sp<SensorEventConnection>> & activeConnections)1085 void SensorService::disconnectDynamicSensor(
1086 int handle,
1087 const std::vector<sp<SensorEventConnection>>& activeConnections) {
1088 ALOGI("Dynamic sensor handle 0x%x disconnected", handle);
1089 SensorDevice::getInstance().handleDynamicSensorConnection(
1090 handle, false /*connected*/);
1091 if (!unregisterDynamicSensorLocked(handle)) {
1092 ALOGE("Dynamic sensor release error.");
1093 }
1094 for (const sp<SensorEventConnection>& connection : activeConnections) {
1095 connection->removeSensor(handle);
1096 }
1097 }
1098
handleDeviceReconnection(SensorDevice & device)1099 void SensorService::handleDeviceReconnection(SensorDevice& device) {
1100 if (sensorservice_flags::dynamic_sensor_hal_reconnect_handling()) {
1101 const std::vector<sp<SensorEventConnection>> activeConnections =
1102 mConnectionHolder.lock(mLock).getActiveConnections();
1103
1104 for (int32_t handle : device.getDynamicSensorHandles()) {
1105 if (mDynamicMetaSensorHandle.has_value()) {
1106 // Sending one event at a time to prevent the number of handle is more than the
1107 // buffer can hold.
1108 mSensorEventBuffer[0].type = SENSOR_TYPE_DYNAMIC_SENSOR_META;
1109 mSensorEventBuffer[0].sensor = *mDynamicMetaSensorHandle;
1110 mSensorEventBuffer[0].dynamic_sensor_meta.connected = false;
1111 mSensorEventBuffer[0].dynamic_sensor_meta.handle = handle;
1112 mMapFlushEventsToConnections[0] = nullptr;
1113
1114 disconnectDynamicSensor(handle, activeConnections);
1115 sendEventsToAllClients(activeConnections, 1);
1116 } else {
1117 ALOGE("Failed to find mDynamicMetaSensorHandle during init.");
1118 break;
1119 }
1120 }
1121 }
1122 device.reconnect();
1123 }
1124
threadLoop()1125 bool SensorService::threadLoop() {
1126 ALOGD("nuSensorService thread starting...");
1127
1128 // each virtual sensor could generate an event per "real" event, that's why we need to size
1129 // numEventMax much smaller than MAX_RECEIVE_BUFFER_EVENT_COUNT. in practice, this is too
1130 // aggressive, but guaranteed to be enough.
1131 const size_t vcount = mSensors.getVirtualSensors().size();
1132 const size_t minBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
1133 const size_t numEventMax = minBufferSize / (1 + vcount);
1134
1135 SensorDevice& device(SensorDevice::getInstance());
1136
1137 const int halVersion = device.getHalDeviceVersion();
1138 do {
1139 ssize_t count = device.poll(mSensorEventBuffer, numEventMax);
1140 if (count < 0) {
1141 if (count == DEAD_OBJECT && device.isReconnecting()) {
1142 handleDeviceReconnection(device);
1143 continue;
1144 } else {
1145 ALOGE("sensor poll failed (%s)", strerror(-count));
1146 break;
1147 }
1148 }
1149
1150 // Reset sensors_event_t.flags to zero for all events in the buffer.
1151 for (int i = 0; i < count; i++) {
1152 mSensorEventBuffer[i].flags = 0;
1153 }
1154 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1155
1156 // Poll has returned. Hold a wakelock if one of the events is from a wake up sensor. The
1157 // rest of this loop is under a critical section protected by mLock. Acquiring a wakeLock,
1158 // sending events to clients (incrementing SensorEventConnection::mWakeLockRefCount) should
1159 // not be interleaved with decrementing SensorEventConnection::mWakeLockRefCount and
1160 // releasing the wakelock.
1161 uint32_t wakeEvents = 0;
1162 for (int i = 0; i < count; i++) {
1163 if (isWakeUpSensorEvent(mSensorEventBuffer[i])) {
1164 wakeEvents++;
1165 }
1166 }
1167
1168 if (wakeEvents > 0) {
1169 if (!mWakeLockAcquired) {
1170 setWakeLockAcquiredLocked(true);
1171 }
1172 device.writeWakeLockHandled(wakeEvents);
1173 }
1174 recordLastValueLocked(mSensorEventBuffer, count);
1175
1176 // handle virtual sensors
1177 if (count && vcount) {
1178 sensors_event_t const * const event = mSensorEventBuffer;
1179 if (!mActiveVirtualSensors.empty()) {
1180 size_t k = 0;
1181 SensorFusion& fusion(SensorFusion::getInstance());
1182 if (fusion.isEnabled()) {
1183 for (size_t i=0 ; i<size_t(count) ; i++) {
1184 fusion.process(event[i]);
1185 }
1186 }
1187 for (size_t i=0 ; i<size_t(count) && k<minBufferSize ; i++) {
1188 for (int handle : mActiveVirtualSensors) {
1189 if (count + k >= minBufferSize) {
1190 ALOGE("buffer too small to hold all events: "
1191 "count=%zd, k=%zu, size=%zu",
1192 count, k, minBufferSize);
1193 break;
1194 }
1195 sensors_event_t out;
1196 std::shared_ptr<SensorInterface> si = getSensorInterfaceFromHandle(handle);
1197 if (si == nullptr) {
1198 ALOGE("handle %d is not an valid virtual sensor", handle);
1199 continue;
1200 }
1201
1202 if (si->process(&out, event[i])) {
1203 mSensorEventBuffer[count + k] = out;
1204 k++;
1205 }
1206 }
1207 }
1208 if (k) {
1209 // record the last synthesized values
1210 recordLastValueLocked(&mSensorEventBuffer[count], k);
1211 count += k;
1212 sortEventBuffer(mSensorEventBuffer, count);
1213 }
1214 }
1215 }
1216
1217 // handle backward compatibility for RotationVector sensor
1218 if (halVersion < SENSORS_DEVICE_API_VERSION_1_0) {
1219 for (int i = 0; i < count; i++) {
1220 if (mSensorEventBuffer[i].type == SENSOR_TYPE_ROTATION_VECTOR) {
1221 // All the 4 components of the quaternion should be available
1222 // No heading accuracy. Set it to -1
1223 mSensorEventBuffer[i].data[4] = -1;
1224 }
1225 }
1226 }
1227
1228 // Cache the list of active connections, since we use it in multiple places below but won't
1229 // modify it here
1230 const std::vector<sp<SensorEventConnection>> activeConnections = connLock.getActiveConnections();
1231
1232 for (int i = 0; i < count; ++i) {
1233 // Map flush_complete_events in the buffer to SensorEventConnections which called flush
1234 // on the hardware sensor. mapFlushEventsToConnections[i] will be the
1235 // SensorEventConnection mapped to the corresponding flush_complete_event in
1236 // mSensorEventBuffer[i] if such a mapping exists (NULL otherwise).
1237 mMapFlushEventsToConnections[i] = nullptr;
1238 if (mSensorEventBuffer[i].type == SENSOR_TYPE_META_DATA) {
1239 const int sensor_handle = mSensorEventBuffer[i].meta_data.sensor;
1240 SensorRecord* rec = mActiveSensors.valueFor(sensor_handle);
1241 if (rec != nullptr) {
1242 mMapFlushEventsToConnections[i] = rec->getFirstPendingFlushConnection();
1243 rec->removeFirstPendingFlushConnection();
1244 }
1245 }
1246 // handle dynamic sensor meta events, process registration and unregistration of dynamic
1247 // sensor based on content of event.
1248 if (mSensorEventBuffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META) {
1249 if (mSensorEventBuffer[i].dynamic_sensor_meta.connected) {
1250 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
1251 const sensor_t& dynamicSensor =
1252 *(mSensorEventBuffer[i].dynamic_sensor_meta.sensor);
1253 ALOGI("Dynamic sensor handle 0x%x connected, type %d, name %s",
1254 handle, dynamicSensor.type, dynamicSensor.name);
1255
1256 if (mSensors.isNewHandle(handle)) {
1257 const auto& uuid = mSensorEventBuffer[i].dynamic_sensor_meta.uuid;
1258 sensor_t s = dynamicSensor;
1259 // make sure the dynamic sensor flag is set
1260 s.flags |= DYNAMIC_SENSOR_MASK;
1261 // force the handle to be consistent
1262 s.handle = handle;
1263
1264 auto si = std::make_shared<HardwareSensor>(s, uuid);
1265
1266 // This will release hold on dynamic sensor meta, so it should be called
1267 // after Sensor object is created.
1268 device.handleDynamicSensorConnection(handle, true /*connected*/);
1269 registerDynamicSensorLocked(std::move(si));
1270 } else {
1271 ALOGE("Handle %d has been used, cannot use again before reboot.", handle);
1272 }
1273 } else {
1274 int handle = mSensorEventBuffer[i].dynamic_sensor_meta.handle;
1275 disconnectDynamicSensor(handle, activeConnections);
1276 if (sensorservice_flags::
1277 sensor_service_clear_dynamic_sensor_data_at_the_end()) {
1278 device.cleanupDisconnectedDynamicSensor(handle);
1279 }
1280 }
1281 }
1282 }
1283
1284 // Send our events to clients. Check the state of wake lock for each client and release the
1285 // lock if none of the clients need it.
1286 sendEventsToAllClients(activeConnections, count);
1287 } while (!Thread::exitPending());
1288
1289 ALOGW("Exiting SensorService::threadLoop => aborting...");
1290 abort();
1291 return false;
1292 }
1293
processRuntimeSensorEvents()1294 void SensorService::processRuntimeSensorEvents() {
1295 size_t count = 0;
1296 const size_t maxBufferSize = SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT;
1297
1298 {
1299 std::unique_lock<std::mutex> lock(mRutimeSensorThreadMutex);
1300
1301 if (mRuntimeSensorEventQueue.empty()) {
1302 mRuntimeSensorsCv.wait(lock, [this] { return !mRuntimeSensorEventQueue.empty(); });
1303 }
1304
1305 // Pop the events from the queue into the buffer until it's empty or the buffer is full.
1306 while (!mRuntimeSensorEventQueue.empty()) {
1307 if (count >= maxBufferSize) {
1308 ALOGE("buffer too small to hold all events: count=%zd, size=%zu", count,
1309 maxBufferSize);
1310 break;
1311 }
1312 mRuntimeSensorEventBuffer[count] = mRuntimeSensorEventQueue.front();
1313 mRuntimeSensorEventQueue.pop();
1314 count++;
1315 }
1316 }
1317
1318 if (count) {
1319 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1320
1321 recordLastValueLocked(mRuntimeSensorEventBuffer, count);
1322 sortEventBuffer(mRuntimeSensorEventBuffer, count);
1323
1324 for (const sp<SensorEventConnection>& connection : connLock.getActiveConnections()) {
1325 connection->sendEvents(mRuntimeSensorEventBuffer, count, /* scratch= */ nullptr,
1326 /* mapFlushEventsToConnections= */ nullptr);
1327 if (connection->hasOneShotSensors()) {
1328 cleanupAutoDisabledSensorLocked(connection, mRuntimeSensorEventBuffer, count);
1329 }
1330 }
1331 }
1332 }
1333
getLooper() const1334 sp<Looper> SensorService::getLooper() const {
1335 return mLooper;
1336 }
1337
resetAllWakeLockRefCounts()1338 void SensorService::resetAllWakeLockRefCounts() {
1339 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1340 for (const sp<SensorEventConnection>& connection : connLock.getActiveConnections()) {
1341 connection->resetWakeLockRefCount();
1342 }
1343 setWakeLockAcquiredLocked(false);
1344 }
1345
setWakeLockAcquiredLocked(bool acquire)1346 void SensorService::setWakeLockAcquiredLocked(bool acquire) {
1347 if (acquire) {
1348 if (!mWakeLockAcquired) {
1349 acquire_wake_lock(PARTIAL_WAKE_LOCK, WAKE_LOCK_NAME);
1350 mWakeLockAcquired = true;
1351 }
1352 mLooper->wake();
1353 } else {
1354 if (mWakeLockAcquired) {
1355 release_wake_lock(WAKE_LOCK_NAME);
1356 mWakeLockAcquired = false;
1357 }
1358 }
1359 }
1360
isWakeLockAcquired()1361 bool SensorService::isWakeLockAcquired() {
1362 Mutex::Autolock _l(mLock);
1363 return mWakeLockAcquired;
1364 }
1365
threadLoop()1366 bool SensorService::SensorEventAckReceiver::threadLoop() {
1367 ALOGD("new thread SensorEventAckReceiver");
1368 sp<Looper> looper = mService->getLooper();
1369 do {
1370 bool wakeLockAcquired = mService->isWakeLockAcquired();
1371 int timeout = -1;
1372 if (wakeLockAcquired) timeout = 5000;
1373 int ret = looper->pollOnce(timeout);
1374 if (ret == ALOOPER_POLL_TIMEOUT) {
1375 mService->resetAllWakeLockRefCounts();
1376 }
1377 } while(!Thread::exitPending());
1378 return false;
1379 }
1380
threadLoop()1381 bool SensorService::RuntimeSensorHandler::threadLoop() {
1382 ALOGD("new thread RuntimeSensorHandler");
1383 do {
1384 mService->processRuntimeSensorEvents();
1385 } while (!Thread::exitPending());
1386 return false;
1387 }
1388
recordLastValueLocked(const sensors_event_t * buffer,size_t count)1389 void SensorService::recordLastValueLocked(
1390 const sensors_event_t* buffer, size_t count) {
1391 for (size_t i = 0; i < count; i++) {
1392 if (buffer[i].type == SENSOR_TYPE_META_DATA ||
1393 buffer[i].type == SENSOR_TYPE_DYNAMIC_SENSOR_META ||
1394 buffer[i].type == SENSOR_TYPE_ADDITIONAL_INFO) {
1395 continue;
1396 }
1397
1398 auto logger = mRecentEvent.find(buffer[i].sensor);
1399 if (logger != mRecentEvent.end()) {
1400 logger->second->addEvent(buffer[i]);
1401 }
1402 }
1403 }
1404
sortEventBuffer(sensors_event_t * buffer,size_t count)1405 void SensorService::sortEventBuffer(sensors_event_t* buffer, size_t count) {
1406 struct compar {
1407 static int cmp(void const* lhs, void const* rhs) {
1408 sensors_event_t const* l = static_cast<sensors_event_t const*>(lhs);
1409 sensors_event_t const* r = static_cast<sensors_event_t const*>(rhs);
1410 return l->timestamp - r->timestamp;
1411 }
1412 };
1413 qsort(buffer, count, sizeof(sensors_event_t), compar::cmp);
1414 }
1415
getSensorName(int handle) const1416 String8 SensorService::getSensorName(int handle) const {
1417 return mSensors.getName(handle);
1418 }
1419
getSensorStringType(int handle) const1420 String8 SensorService::getSensorStringType(int handle) const {
1421 return mSensors.getStringType(handle);
1422 }
1423
isVirtualSensor(int handle) const1424 bool SensorService::isVirtualSensor(int handle) const {
1425 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1426 return sensor != nullptr && sensor->isVirtual();
1427 }
1428
isWakeUpSensorEvent(const sensors_event_t & event) const1429 bool SensorService::isWakeUpSensorEvent(const sensors_event_t& event) const {
1430 int handle = event.sensor;
1431 if (event.type == SENSOR_TYPE_META_DATA) {
1432 handle = event.meta_data.sensor;
1433 }
1434 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1435 return sensor != nullptr && sensor->getSensor().isWakeUpSensor();
1436 }
1437
getIdFromUuid(const Sensor::uuid_t & uuid) const1438 int32_t SensorService::getIdFromUuid(const Sensor::uuid_t &uuid) const {
1439 if ((uuid.i64[0] == 0) && (uuid.i64[1] == 0)) {
1440 // UUID is not supported for this device.
1441 return 0;
1442 }
1443 if ((uuid.i64[0] == INT64_C(~0)) && (uuid.i64[1] == INT64_C(~0))) {
1444 // This sensor can be uniquely identified in the system by
1445 // the combination of its type and name.
1446 return -1;
1447 }
1448
1449 // We have a dynamic sensor.
1450
1451 if (!sHmacGlobalKeyIsValid) {
1452 // Rather than risk exposing UUIDs, we slow down dynamic sensors.
1453 ALOGW("HMAC key failure; dynamic sensor getId() will be wrong.");
1454 return 0;
1455 }
1456
1457 // We want each app author/publisher to get a different ID, so that the
1458 // same dynamic sensor cannot be tracked across apps by multiple
1459 // authors/publishers. So we use both our UUID and our User ID.
1460 // Note potential confusion:
1461 // UUID => Universally Unique Identifier.
1462 // UID => User Identifier.
1463 // We refrain from using "uid" except as needed by API to try to
1464 // keep this distinction clear.
1465
1466 auto appUserId = IPCThreadState::self()->getCallingUid();
1467 uint8_t uuidAndApp[sizeof(uuid) + sizeof(appUserId)];
1468 memcpy(uuidAndApp, &uuid, sizeof(uuid));
1469 memcpy(uuidAndApp + sizeof(uuid), &appUserId, sizeof(appUserId));
1470
1471 // Now we use our key on our UUID/app combo to get the hash.
1472 uint8_t hash[EVP_MAX_MD_SIZE];
1473 unsigned int hashLen;
1474 if (HMAC(EVP_sha256(),
1475 sHmacGlobalKey, sizeof(sHmacGlobalKey),
1476 uuidAndApp, sizeof(uuidAndApp),
1477 hash, &hashLen) == nullptr) {
1478 // Rather than risk exposing UUIDs, we slow down dynamic sensors.
1479 ALOGW("HMAC failure; dynamic sensor getId() will be wrong.");
1480 return 0;
1481 }
1482
1483 int32_t id = 0;
1484 if (hashLen < sizeof(id)) {
1485 // We never expect this case, but out of paranoia, we handle it.
1486 // Our 'id' length is already quite small, we don't want the
1487 // effective length of it to be even smaller.
1488 // Rather than risk exposing UUIDs, we cripple dynamic sensors.
1489 ALOGW("HMAC insufficient; dynamic sensor getId() will be wrong.");
1490 return 0;
1491 }
1492
1493 // This is almost certainly less than all of 'hash', but it's as secure
1494 // as we can be with our current 'id' length.
1495 memcpy(&id, hash, sizeof(id));
1496
1497 // Note at the beginning of the function that we return the values of
1498 // 0 and -1 to represent special cases. As a result, we can't return
1499 // those as dynamic sensor IDs. If we happened to hash to one of those
1500 // values, we change 'id' so we report as a dynamic sensor, and not as
1501 // one of those special cases.
1502 if (id == -1) {
1503 id = -2;
1504 } else if (id == 0) {
1505 id = 1;
1506 }
1507 return id;
1508 }
1509
makeUuidsIntoIdsForSensorList(Vector<Sensor> & sensorList) const1510 void SensorService::makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const {
1511 for (auto &sensor : sensorList) {
1512 int32_t id = getIdFromUuid(sensor.getUuid());
1513 sensor.setId(id);
1514 // The sensor UUID must always be anonymized here for non privileged clients.
1515 // There is no other checks after this point before returning to client process.
1516 if (!isAudioServerOrSystemServerUid(IPCThreadState::self()->getCallingUid())) {
1517 sensor.anonymizeUuid();
1518 }
1519 }
1520 }
1521
getSensorList(const String16 & opPackageName)1522 Vector<Sensor> SensorService::getSensorList(const String16& opPackageName) {
1523 char value[PROPERTY_VALUE_MAX];
1524 property_get("debug.sensors", value, "0");
1525 const Vector<Sensor>& initialSensorList = (atoi(value)) ?
1526 mSensors.getUserDebugSensors() : mSensors.getUserSensors();
1527 Vector<Sensor> accessibleSensorList;
1528
1529 resetTargetSdkVersionCache(opPackageName);
1530 bool isCapped = isRateCappedBasedOnPermission(opPackageName);
1531 for (size_t i = 0; i < initialSensorList.size(); i++) {
1532 Sensor sensor = initialSensorList[i];
1533 if (isCapped && isSensorInCappedSet(sensor.getType())) {
1534 sensor.capMinDelayMicros(SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS / 1000);
1535 sensor.capHighestDirectReportRateLevel(SENSOR_SERVICE_CAPPED_SAMPLING_RATE_LEVEL);
1536 }
1537 accessibleSensorList.add(sensor);
1538 }
1539 makeUuidsIntoIdsForSensorList(accessibleSensorList);
1540 return accessibleSensorList;
1541 }
1542
addSensorIfAccessible(const String16 & opPackageName,const Sensor & sensor,Vector<Sensor> & accessibleSensorList)1543 void SensorService::addSensorIfAccessible(const String16& opPackageName, const Sensor& sensor,
1544 Vector<Sensor>& accessibleSensorList) {
1545 if (canAccessSensor(sensor, "can't see", opPackageName)) {
1546 accessibleSensorList.add(sensor);
1547 } else if (sensor.getType() != SENSOR_TYPE_HEAD_TRACKER) {
1548 ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
1549 sensor.getName().c_str(), sensor.getRequiredPermission().c_str(),
1550 sensor.getRequiredAppOp());
1551 }
1552 }
1553
getDynamicSensorList(const String16 & opPackageName)1554 Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
1555 Vector<Sensor> accessibleSensorList;
1556 mSensors.forEachSensor(
1557 [this, &opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
1558 if (sensor.isDynamicSensor()) {
1559 addSensorIfAccessible(opPackageName, sensor, accessibleSensorList);
1560 }
1561 return true;
1562 });
1563 makeUuidsIntoIdsForSensorList(accessibleSensorList);
1564 return accessibleSensorList;
1565 }
1566
getRuntimeSensorList(const String16 & opPackageName,int deviceId)1567 Vector<Sensor> SensorService::getRuntimeSensorList(const String16& opPackageName, int deviceId) {
1568 Vector<Sensor> accessibleSensorList;
1569 mSensors.forEachEntry(
1570 [this, &opPackageName, deviceId, &accessibleSensorList] (
1571 const SensorServiceUtil::SensorList::Entry& e) -> bool {
1572 if (e.deviceId == deviceId) {
1573 addSensorIfAccessible(opPackageName, e.si->getSensor(), accessibleSensorList);
1574 }
1575 return true;
1576 });
1577 makeUuidsIntoIdsForSensorList(accessibleSensorList);
1578 return accessibleSensorList;
1579 }
1580
createSensorEventConnection(const String8 & packageName,int requestedMode,const String16 & opPackageName,const String16 & attributionTag)1581 sp<ISensorEventConnection> SensorService::createSensorEventConnection(const String8& packageName,
1582 int requestedMode, const String16& opPackageName, const String16& attributionTag) {
1583 // Only 4 modes supported for a SensorEventConnection ... NORMAL, DATA_INJECTION,
1584 // REPLAY_DATA_INJECTION and HAL_BYPASS_REPLAY_DATA_INJECTION
1585 if (requestedMode != NORMAL && !isInjectionMode(requestedMode)) {
1586 ALOGE(
1587 "Failed to create sensor event connection: invalid request mode. "
1588 "requestMode: %d",
1589 requestedMode);
1590 return nullptr;
1591 }
1592 resetTargetSdkVersionCache(opPackageName);
1593
1594 Mutex::Autolock _l(mLock);
1595 // To create a client in DATA_INJECTION mode to inject data, SensorService should already be
1596 // operating in DI mode.
1597 if (requestedMode == DATA_INJECTION) {
1598 if (mCurrentOperatingMode != DATA_INJECTION) {
1599 ALOGE(
1600 "Failed to create sensor event connection: sensor service not in "
1601 "DI mode when creating a client in DATA_INJECTION mode");
1602 return nullptr;
1603 }
1604 if (!isAllowListedPackage(packageName)) {
1605 ALOGE(
1606 "Failed to create sensor event connection: package %s not in "
1607 "allowed list for DATA_INJECTION mode",
1608 packageName.c_str());
1609 return nullptr;
1610 }
1611 }
1612
1613 uid_t uid = IPCThreadState::self()->getCallingUid();
1614 pid_t pid = IPCThreadState::self()->getCallingPid();
1615
1616 String8 connPackageName =
1617 (packageName == "") ? String8::format("unknown_package_pid_%d", pid) : packageName;
1618 String16 connOpPackageName =
1619 (opPackageName == String16("")) ? String16(connPackageName) : opPackageName;
1620 sp<SensorEventConnection> result(new SensorEventConnection(this, uid, connPackageName,
1621 isInjectionMode(requestedMode),
1622 connOpPackageName, attributionTag));
1623 if (isInjectionMode(requestedMode)) {
1624 mConnectionHolder.addEventConnectionIfNotPresent(result);
1625 // Add the associated file descriptor to the Looper for polling whenever there is data to
1626 // be injected.
1627 result->updateLooperRegistration(mLooper);
1628 }
1629 return result;
1630 }
1631
isDataInjectionEnabled()1632 int SensorService::isDataInjectionEnabled() {
1633 Mutex::Autolock _l(mLock);
1634 return mCurrentOperatingMode == DATA_INJECTION;
1635 }
1636
isReplayDataInjectionEnabled()1637 int SensorService::isReplayDataInjectionEnabled() {
1638 Mutex::Autolock _l(mLock);
1639 return mCurrentOperatingMode == REPLAY_DATA_INJECTION;
1640 }
1641
isHalBypassReplayDataInjectionEnabled()1642 int SensorService::isHalBypassReplayDataInjectionEnabled() {
1643 Mutex::Autolock _l(mLock);
1644 return mCurrentOperatingMode == HAL_BYPASS_REPLAY_DATA_INJECTION;
1645 }
1646
isInjectionMode(int mode)1647 bool SensorService::isInjectionMode(int mode) {
1648 return (mode == DATA_INJECTION || mode == REPLAY_DATA_INJECTION ||
1649 mode == HAL_BYPASS_REPLAY_DATA_INJECTION);
1650 }
1651
createSensorDirectConnection(const String16 & opPackageName,int deviceId,uint32_t size,int32_t type,int32_t format,const native_handle * resource)1652 sp<ISensorEventConnection> SensorService::createSensorDirectConnection(
1653 const String16& opPackageName, int deviceId, uint32_t size, int32_t type, int32_t format,
1654 const native_handle *resource) {
1655 resetTargetSdkVersionCache(opPackageName);
1656 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1657
1658 // No new direct connections are allowed when sensor privacy is enabled
1659 if (mSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
1660 ALOGE("Cannot create new direct connections when sensor privacy is enabled");
1661 return nullptr;
1662 }
1663
1664 struct sensors_direct_mem_t mem = {
1665 .type = type,
1666 .format = format,
1667 .size = size,
1668 .handle = resource,
1669 };
1670 uid_t uid = IPCThreadState::self()->getCallingUid();
1671
1672 if (mem.handle == nullptr) {
1673 ALOGE("Failed to clone resource handle");
1674 return nullptr;
1675 }
1676
1677 // check format
1678 if (format != SENSOR_DIRECT_FMT_SENSORS_EVENT) {
1679 ALOGE("Direct channel format %d is unsupported!", format);
1680 return nullptr;
1681 }
1682
1683 // check for duplication
1684 for (const sp<SensorDirectConnection>& connection : connLock.getDirectConnections()) {
1685 if (connection->isEquivalent(&mem)) {
1686 ALOGE("Duplicate create channel request for the same share memory");
1687 return nullptr;
1688 }
1689 }
1690
1691 // check specific to memory type
1692 switch(type) {
1693 case SENSOR_DIRECT_MEM_TYPE_ASHMEM: { // channel backed by ashmem
1694 if (resource->numFds < 1) {
1695 ALOGE("Ashmem direct channel requires a memory region to be supplied");
1696 android_errorWriteLog(0x534e4554, "70986337"); // SafetyNet
1697 return nullptr;
1698 }
1699 int fd = resource->data[0];
1700 if (!ashmem_valid(fd)) {
1701 ALOGE("Supplied Ashmem memory region is invalid");
1702 return nullptr;
1703 }
1704
1705 int size2 = ashmem_get_size_region(fd);
1706 // check size consistency
1707 if (size2 < static_cast<int64_t>(size)) {
1708 ALOGE("Ashmem direct channel size %" PRIu32 " greater than shared memory size %d",
1709 size, size2);
1710 return nullptr;
1711 }
1712 break;
1713 }
1714 case SENSOR_DIRECT_MEM_TYPE_GRALLOC:
1715 // no specific checks for gralloc
1716 break;
1717 default:
1718 ALOGE("Unknown direct connection memory type %d", type);
1719 return nullptr;
1720 }
1721
1722 native_handle_t *clone = native_handle_clone(resource);
1723 if (!clone) {
1724 return nullptr;
1725 }
1726 native_handle_set_fdsan_tag(clone);
1727
1728 sp<SensorDirectConnection> conn;
1729 int channelHandle = 0;
1730 if (deviceId == RuntimeSensor::DEFAULT_DEVICE_ID) {
1731 SensorDevice& dev(SensorDevice::getInstance());
1732 channelHandle = dev.registerDirectChannel(&mem);
1733 } else {
1734 auto runtimeSensorCallback = mRuntimeSensorCallbacks.find(deviceId);
1735 if (runtimeSensorCallback == mRuntimeSensorCallbacks.end()) {
1736 ALOGE("Runtime sensor callback for deviceId %d not found", deviceId);
1737 } else {
1738 int fd = dup(clone->data[0]);
1739 channelHandle = runtimeSensorCallback->second->onDirectChannelCreated(fd);
1740 }
1741 }
1742
1743 if (channelHandle <= 0) {
1744 ALOGE("SensorDevice::registerDirectChannel returns %d", channelHandle);
1745 } else {
1746 mem.handle = clone;
1747 IPCThreadState* thread = IPCThreadState::self();
1748 pid_t pid = (thread != nullptr) ? thread->getCallingPid() : -1;
1749 conn = new SensorDirectConnection(this, uid, pid, &mem, channelHandle, opPackageName,
1750 deviceId);
1751 }
1752
1753 if (conn == nullptr) {
1754 native_handle_close_with_tag(clone);
1755 native_handle_delete(clone);
1756 } else {
1757 // add to list of direct connections
1758 // sensor service should never hold pointer or sp of SensorDirectConnection object.
1759 mConnectionHolder.addDirectConnection(conn);
1760 }
1761 return conn;
1762 }
1763
configureRuntimeSensorDirectChannel(int sensorHandle,const SensorDirectConnection * c,const sensors_direct_cfg_t * config)1764 int SensorService::configureRuntimeSensorDirectChannel(
1765 int sensorHandle, const SensorDirectConnection* c, const sensors_direct_cfg_t* config) {
1766 int deviceId = c->getDeviceId();
1767 int sensorDeviceId = getDeviceIdFromHandle(sensorHandle);
1768 if (sensorDeviceId != c->getDeviceId()) {
1769 ALOGE("Cannot configure direct channel created for device %d with a sensor that belongs "
1770 "to device %d", c->getDeviceId(), sensorDeviceId);
1771 return BAD_VALUE;
1772 }
1773 auto runtimeSensorCallback = mRuntimeSensorCallbacks.find(deviceId);
1774 if (runtimeSensorCallback == mRuntimeSensorCallbacks.end()) {
1775 ALOGE("Runtime sensor callback for deviceId %d not found", deviceId);
1776 return BAD_VALUE;
1777 }
1778 return runtimeSensorCallback->second->onDirectChannelConfigured(
1779 c->getHalChannelHandle(), sensorHandle, config->rate_level);
1780 }
1781
setOperationParameter(int32_t handle,int32_t type,const Vector<float> & floats,const Vector<int32_t> & ints)1782 int SensorService::setOperationParameter(
1783 int32_t handle, int32_t type,
1784 const Vector<float> &floats, const Vector<int32_t> &ints) {
1785 Mutex::Autolock _l(mLock);
1786
1787 if (!checkCallingPermission(sLocationHardwarePermission, nullptr, nullptr)) {
1788 return PERMISSION_DENIED;
1789 }
1790
1791 bool isFloat = true;
1792 bool isCustom = false;
1793 size_t expectSize = INT32_MAX;
1794 switch (type) {
1795 case AINFO_LOCAL_GEOMAGNETIC_FIELD:
1796 isFloat = true;
1797 expectSize = 3;
1798 break;
1799 case AINFO_LOCAL_GRAVITY:
1800 isFloat = true;
1801 expectSize = 1;
1802 break;
1803 case AINFO_DOCK_STATE:
1804 case AINFO_HIGH_PERFORMANCE_MODE:
1805 case AINFO_MAGNETIC_FIELD_CALIBRATION:
1806 isFloat = false;
1807 expectSize = 1;
1808 break;
1809 default:
1810 // CUSTOM events must only contain float data; it may have variable size
1811 if (type < AINFO_CUSTOM_START || type >= AINFO_DEBUGGING_START ||
1812 ints.size() ||
1813 sizeof(additional_info_event_t::data_float)/sizeof(float) < floats.size() ||
1814 handle < 0) {
1815 return BAD_VALUE;
1816 }
1817 isFloat = true;
1818 isCustom = true;
1819 expectSize = floats.size();
1820 break;
1821 }
1822
1823 if (!isCustom && handle != -1) {
1824 return BAD_VALUE;
1825 }
1826
1827 // three events: first one is begin tag, last one is end tag, the one in the middle
1828 // is the payload.
1829 sensors_event_t event[3];
1830 int64_t timestamp = elapsedRealtimeNano();
1831 for (sensors_event_t* i = event; i < event + 3; i++) {
1832 *i = (sensors_event_t) {
1833 .version = sizeof(sensors_event_t),
1834 .sensor = handle,
1835 .type = SENSOR_TYPE_ADDITIONAL_INFO,
1836 .timestamp = timestamp++,
1837 .additional_info = (additional_info_event_t) {
1838 .serial = 0
1839 }
1840 };
1841 }
1842
1843 event[0].additional_info.type = AINFO_BEGIN;
1844 event[1].additional_info.type = type;
1845 event[2].additional_info.type = AINFO_END;
1846
1847 if (isFloat) {
1848 if (floats.size() != expectSize) {
1849 return BAD_VALUE;
1850 }
1851 for (size_t i = 0; i < expectSize; ++i) {
1852 event[1].additional_info.data_float[i] = floats[i];
1853 }
1854 } else {
1855 if (ints.size() != expectSize) {
1856 return BAD_VALUE;
1857 }
1858 for (size_t i = 0; i < expectSize; ++i) {
1859 event[1].additional_info.data_int32[i] = ints[i];
1860 }
1861 }
1862
1863 SensorDevice& dev(SensorDevice::getInstance());
1864 for (sensors_event_t* i = event; i < event + 3; i++) {
1865 int ret = dev.injectSensorData(i);
1866 if (ret != NO_ERROR) {
1867 return ret;
1868 }
1869 }
1870 return NO_ERROR;
1871 }
1872
resetToNormalMode()1873 status_t SensorService::resetToNormalMode() {
1874 Mutex::Autolock _l(mLock);
1875 return resetToNormalModeLocked();
1876 }
1877
resetToNormalModeLocked()1878 status_t SensorService::resetToNormalModeLocked() {
1879 SensorDevice& dev(SensorDevice::getInstance());
1880 status_t err = dev.setMode(NORMAL);
1881 if (err == NO_ERROR) {
1882 mCurrentOperatingMode = NORMAL;
1883 dev.enableAllSensors();
1884 checkAndReportProxStateChangeLocked();
1885 }
1886 return err;
1887 }
1888
cleanupConnection(SensorEventConnection * c)1889 void SensorService::cleanupConnection(SensorEventConnection* c) {
1890 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
1891 const wp<SensorEventConnection> connection(c);
1892 size_t size = mActiveSensors.size();
1893 ALOGD_IF(DEBUG_CONNECTIONS, "%zu active sensors", size);
1894 for (size_t i=0 ; i<size ; ) {
1895 int handle = mActiveSensors.keyAt(i);
1896 if (c->hasSensor(handle)) {
1897 ALOGD_IF(DEBUG_CONNECTIONS, "%zu: disabling handle=0x%08x", i, handle);
1898 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
1899 if (sensor != nullptr) {
1900 sensor->activate(c, false);
1901 } else {
1902 ALOGE("sensor interface of handle=0x%08x is null!", handle);
1903 }
1904 if (c->removeSensor(handle)) {
1905 BatteryService::disableSensor(c->getUid(), handle);
1906 }
1907 }
1908 SensorRecord* rec = mActiveSensors.valueAt(i);
1909 ALOGE_IF(!rec, "mActiveSensors[%zu] is null (handle=0x%08x)!", i, handle);
1910 ALOGD_IF(DEBUG_CONNECTIONS,
1911 "removing connection %p for sensor[%zu].handle=0x%08x",
1912 c, i, handle);
1913
1914 if (rec && rec->removeConnection(connection)) {
1915 ALOGD_IF(DEBUG_CONNECTIONS, "... and it was the last connection");
1916 mActiveSensors.removeItemsAt(i, 1);
1917 mActiveVirtualSensors.erase(handle);
1918 delete rec;
1919 size--;
1920 } else {
1921 i++;
1922 }
1923 }
1924 c->updateLooperRegistration(mLooper);
1925 mConnectionHolder.removeEventConnection(connection);
1926 if (c->needsWakeLock()) {
1927 checkWakeLockStateLocked(&connLock);
1928 }
1929
1930 SensorDevice& dev(SensorDevice::getInstance());
1931 dev.notifyConnectionDestroyed(c);
1932 }
1933
cleanupConnection(SensorDirectConnection * c)1934 void SensorService::cleanupConnection(SensorDirectConnection* c) {
1935 Mutex::Autolock _l(mLock);
1936
1937 int deviceId = c->getDeviceId();
1938 if (deviceId == RuntimeSensor::DEFAULT_DEVICE_ID) {
1939 SensorDevice& dev(SensorDevice::getInstance());
1940 dev.unregisterDirectChannel(c->getHalChannelHandle());
1941 } else {
1942 auto runtimeSensorCallback = mRuntimeSensorCallbacks.find(deviceId);
1943 if (runtimeSensorCallback != mRuntimeSensorCallbacks.end()) {
1944 runtimeSensorCallback->second->onDirectChannelDestroyed(c->getHalChannelHandle());
1945 } else {
1946 ALOGE("Runtime sensor callback for deviceId %d not found", deviceId);
1947 }
1948 }
1949 mConnectionHolder.removeDirectConnection(c);
1950 }
1951
checkAndReportProxStateChangeLocked()1952 void SensorService::checkAndReportProxStateChangeLocked() {
1953 if (mProxSensorHandles.empty()) return;
1954
1955 SensorDevice& dev(SensorDevice::getInstance());
1956 bool isActive = false;
1957 for (auto& sensor : mProxSensorHandles) {
1958 if (dev.isSensorActive(sensor)) {
1959 isActive = true;
1960 break;
1961 }
1962 }
1963 if (isActive != mLastReportedProxIsActive) {
1964 notifyProximityStateLocked(isActive, mProximityActiveListeners);
1965 mLastReportedProxIsActive = isActive;
1966 }
1967 }
1968
notifyProximityStateLocked(const bool isActive,const std::vector<sp<ProximityActiveListener>> & listeners)1969 void SensorService::notifyProximityStateLocked(
1970 const bool isActive,
1971 const std::vector<sp<ProximityActiveListener>>& listeners) {
1972 const uint64_t mySeq = ++curProxCallbackSeq;
1973 std::thread t([isActive, mySeq, listenersCopy = listeners]() {
1974 while (completedCallbackSeq.load() != mySeq - 1)
1975 std::this_thread::sleep_for(1ms);
1976 for (auto& listener : listenersCopy)
1977 listener->onProximityActive(isActive);
1978 completedCallbackSeq++;
1979 });
1980 t.detach();
1981 }
1982
addProximityActiveListener(const sp<ProximityActiveListener> & callback)1983 status_t SensorService::addProximityActiveListener(const sp<ProximityActiveListener>& callback) {
1984 if (callback == nullptr) {
1985 return BAD_VALUE;
1986 }
1987
1988 Mutex::Autolock _l(mLock);
1989
1990 // Check if the callback was already added.
1991 for (const auto& cb : mProximityActiveListeners) {
1992 if (cb == callback) {
1993 return ALREADY_EXISTS;
1994 }
1995 }
1996
1997 mProximityActiveListeners.push_back(callback);
1998 std::vector<sp<ProximityActiveListener>> listener(1, callback);
1999 notifyProximityStateLocked(mLastReportedProxIsActive, listener);
2000 return OK;
2001 }
2002
removeProximityActiveListener(const sp<ProximityActiveListener> & callback)2003 status_t SensorService::removeProximityActiveListener(
2004 const sp<ProximityActiveListener>& callback) {
2005 if (callback == nullptr) {
2006 return BAD_VALUE;
2007 }
2008
2009 Mutex::Autolock _l(mLock);
2010
2011 for (auto iter = mProximityActiveListeners.begin();
2012 iter != mProximityActiveListeners.end();
2013 ++iter) {
2014 if (*iter == callback) {
2015 mProximityActiveListeners.erase(iter);
2016 return OK;
2017 }
2018 }
2019 return NAME_NOT_FOUND;
2020 }
2021
getSensorInterfaceFromHandle(int handle) const2022 std::shared_ptr<SensorInterface> SensorService::getSensorInterfaceFromHandle(int handle) const {
2023 return mSensors.getInterface(handle);
2024 }
2025
getDeviceIdFromHandle(int handle) const2026 int SensorService::getDeviceIdFromHandle(int handle) const {
2027 int deviceId = RuntimeSensor::DEFAULT_DEVICE_ID;
2028 mSensors.forEachEntry(
2029 [&deviceId, handle] (const SensorServiceUtil::SensorList::Entry& e) -> bool {
2030 if (e.si->getSensor().getHandle() == handle) {
2031 deviceId = e.deviceId;
2032 return false; // stop iterating
2033 }
2034 return true;
2035 });
2036 return deviceId;
2037 }
2038
enable(const sp<SensorEventConnection> & connection,int handle,nsecs_t samplingPeriodNs,nsecs_t maxBatchReportLatencyNs,int reservedFlags,const String16 & opPackageName)2039 status_t SensorService::enable(const sp<SensorEventConnection>& connection,
2040 int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
2041 const String16& opPackageName) {
2042 if (mInitCheck != NO_ERROR)
2043 return mInitCheck;
2044
2045 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
2046 if (sensor == nullptr ||
2047 !canAccessSensor(sensor->getSensor(), "Tried enabling", opPackageName)) {
2048 return BAD_VALUE;
2049 }
2050
2051 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
2052 if (mCurrentOperatingMode != NORMAL &&
2053 !isInjectionMode(mCurrentOperatingMode) &&
2054 !isAllowListedPackage(connection->getPackageName())) {
2055 return INVALID_OPERATION;
2056 }
2057
2058 SensorRecord* rec = mActiveSensors.valueFor(handle);
2059 if (rec == nullptr) {
2060 rec = new SensorRecord(connection);
2061 mActiveSensors.add(handle, rec);
2062 if (sensor->isVirtual()) {
2063 mActiveVirtualSensors.emplace(handle);
2064 }
2065
2066 // There was no SensorRecord for this sensor which means it was previously disabled. Mark
2067 // the recent event as stale to ensure that the previous event is not sent to a client. This
2068 // ensures on-change events that were generated during a previous sensor activation are not
2069 // erroneously sent to newly connected clients, especially if a second client registers for
2070 // an on-change sensor before the first client receives the updated event. Once an updated
2071 // event is received, the recent events will be marked as current, and any new clients will
2072 // immediately receive the most recent event.
2073 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
2074 auto logger = mRecentEvent.find(handle);
2075 if (logger != mRecentEvent.end()) {
2076 logger->second->setLastEventStale();
2077 }
2078 }
2079 } else {
2080 if (rec->addConnection(connection)) {
2081 // this sensor is already activated, but we are adding a connection that uses it.
2082 // Immediately send down the last known value of the requested sensor if it's not a
2083 // "continuous" sensor.
2084 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ON_CHANGE) {
2085 // NOTE: The wake_up flag of this event may get set to
2086 // WAKE_UP_SENSOR_EVENT_NEEDS_ACK if this is a wake_up event.
2087
2088 auto logger = mRecentEvent.find(handle);
2089 if (logger != mRecentEvent.end()) {
2090 sensors_event_t event;
2091 // Verify that the last sensor event was generated from the current activation
2092 // of the sensor. If not, it is possible for an on-change sensor to receive a
2093 // sensor event that is stale if two clients re-activate the sensor
2094 // simultaneously.
2095 if(logger->second->populateLastEventIfCurrent(&event)) {
2096 event.sensor = handle;
2097 if (event.version == sizeof(sensors_event_t)) {
2098 if (isWakeUpSensorEvent(event) && !mWakeLockAcquired) {
2099 setWakeLockAcquiredLocked(true);
2100 }
2101 connection->sendEvents(&event, 1, nullptr);
2102 if (!connection->needsWakeLock() && mWakeLockAcquired) {
2103 checkWakeLockStateLocked(&connLock);
2104 }
2105 }
2106 }
2107 }
2108 }
2109 }
2110 }
2111
2112 if (connection->addSensor(handle)) {
2113 BatteryService::enableSensor(connection->getUid(), handle);
2114 // the sensor was added (which means it wasn't already there)
2115 // so, see if this connection becomes active
2116 mConnectionHolder.addEventConnectionIfNotPresent(connection);
2117 } else {
2118 ALOGW("sensor %08x already enabled in connection %p (ignoring)",
2119 handle, connection.get());
2120 }
2121
2122 // Check maximum delay for the sensor.
2123 nsecs_t maxDelayNs = sensor->getSensor().getMaxDelay() * 1000LL;
2124 if (maxDelayNs > 0 && (samplingPeriodNs > maxDelayNs)) {
2125 samplingPeriodNs = maxDelayNs;
2126 }
2127
2128 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
2129 if (samplingPeriodNs < minDelayNs) {
2130 samplingPeriodNs = minDelayNs;
2131 }
2132
2133 ALOGD_IF(DEBUG_CONNECTIONS, "Calling batch handle==%d flags=%d"
2134 "rate=%" PRId64 " timeout== %" PRId64"",
2135 handle, reservedFlags, samplingPeriodNs, maxBatchReportLatencyNs);
2136
2137 status_t err = sensor->batch(connection.get(), handle, 0, samplingPeriodNs,
2138 maxBatchReportLatencyNs);
2139
2140 // Call flush() before calling activate() on the sensor. Wait for a first
2141 // flush complete event before sending events on this connection. Ignore
2142 // one-shot sensors which don't support flush(). Ignore on-change sensors
2143 // to maintain the on-change logic (any on-change events except the initial
2144 // one should be trigger by a change in value). Also if this sensor isn't
2145 // already active, don't call flush().
2146 if (err == NO_ERROR &&
2147 sensor->getSensor().getReportingMode() == AREPORTING_MODE_CONTINUOUS &&
2148 rec->getNumConnections() > 1) {
2149 connection->setFirstFlushPending(handle, true);
2150 status_t err_flush = sensor->flush(connection.get(), handle);
2151 // Flush may return error if the underlying h/w sensor uses an older HAL.
2152 if (err_flush == NO_ERROR) {
2153 rec->addPendingFlushConnection(connection.get());
2154 } else {
2155 connection->setFirstFlushPending(handle, false);
2156 }
2157 }
2158
2159 if (err == NO_ERROR) {
2160 ALOGD_IF(DEBUG_CONNECTIONS, "Calling activate on %d", handle);
2161 err = sensor->activate(connection.get(), true);
2162 }
2163
2164 if (err == NO_ERROR) {
2165 connection->updateLooperRegistration(mLooper);
2166
2167 if (sensor->getSensor().getRequiredPermission().size() > 0 &&
2168 sensor->getSensor().getRequiredAppOp() >= 0) {
2169 connection->mHandleToAppOp[handle] = sensor->getSensor().getRequiredAppOp();
2170 }
2171 }
2172
2173 if (err != NO_ERROR) {
2174 // batch/activate has failed, reset our state.
2175 cleanupWithoutDisableLocked(connection, handle);
2176 }
2177
2178 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
2179 SensorRegistrationInfo(handle, connection->getPackageName(), samplingPeriodNs,
2180 maxBatchReportLatencyNs, /*activate=*/ true, err);
2181 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
2182 return err;
2183 }
2184
disable(const sp<SensorEventConnection> & connection,int handle)2185 status_t SensorService::disable(const sp<SensorEventConnection>& connection, int handle) {
2186 if (mInitCheck != NO_ERROR)
2187 return mInitCheck;
2188
2189 Mutex::Autolock _l(mLock);
2190 status_t err = cleanupWithoutDisableLocked(connection, handle);
2191 if (err == NO_ERROR) {
2192 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
2193 err = sensor != nullptr ? sensor->activate(connection.get(), false) : status_t(BAD_VALUE);
2194 }
2195 mLastNSensorRegistrations.editItemAt(mNextSensorRegIndex) =
2196 SensorRegistrationInfo(handle, connection->getPackageName(), 0, 0, /*activate=*/ false, err);
2197 mNextSensorRegIndex = (mNextSensorRegIndex + 1) % SENSOR_REGISTRATIONS_BUF_SIZE;
2198 return err;
2199 }
2200
cleanupWithoutDisable(const sp<SensorEventConnection> & connection,int handle)2201 status_t SensorService::cleanupWithoutDisable(
2202 const sp<SensorEventConnection>& connection, int handle) {
2203 Mutex::Autolock _l(mLock);
2204 return cleanupWithoutDisableLocked(connection, handle);
2205 }
2206
cleanupWithoutDisableLocked(const sp<SensorEventConnection> & connection,int handle)2207 status_t SensorService::cleanupWithoutDisableLocked(
2208 const sp<SensorEventConnection>& connection, int handle) {
2209 SensorRecord* rec = mActiveSensors.valueFor(handle);
2210 if (rec) {
2211 // see if this connection becomes inactive
2212 if (connection->removeSensor(handle)) {
2213 BatteryService::disableSensor(connection->getUid(), handle);
2214 }
2215 if (connection->hasAnySensor() == false) {
2216 connection->updateLooperRegistration(mLooper);
2217 mConnectionHolder.removeEventConnection(connection);
2218 }
2219 // see if this sensor becomes inactive
2220 if (rec->removeConnection(connection)) {
2221 mActiveSensors.removeItem(handle);
2222 mActiveVirtualSensors.erase(handle);
2223 delete rec;
2224 }
2225 return NO_ERROR;
2226 }
2227 return BAD_VALUE;
2228 }
2229
setEventRate(const sp<SensorEventConnection> & connection,int handle,nsecs_t ns,const String16 & opPackageName)2230 status_t SensorService::setEventRate(const sp<SensorEventConnection>& connection,
2231 int handle, nsecs_t ns, const String16& opPackageName) {
2232 if (mInitCheck != NO_ERROR)
2233 return mInitCheck;
2234
2235 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
2236 if (sensor == nullptr ||
2237 !canAccessSensor(sensor->getSensor(), "Tried configuring", opPackageName)) {
2238 return BAD_VALUE;
2239 }
2240
2241 if (ns < 0)
2242 return BAD_VALUE;
2243
2244 nsecs_t minDelayNs = sensor->getSensor().getMinDelayNs();
2245 if (ns < minDelayNs) {
2246 ns = minDelayNs;
2247 }
2248
2249 return sensor->setDelay(connection.get(), handle, ns);
2250 }
2251
flushSensor(const sp<SensorEventConnection> & connection,const String16 & opPackageName)2252 status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
2253 const String16& opPackageName) {
2254 if (mInitCheck != NO_ERROR) return mInitCheck;
2255 SensorDevice& dev(SensorDevice::getInstance());
2256 const int halVersion = dev.getHalDeviceVersion();
2257 status_t err(NO_ERROR);
2258 Mutex::Autolock _l(mLock);
2259 // Loop through all sensors for this connection and call flush on each of them.
2260 for (int handle : connection->getActiveSensorHandles()) {
2261 std::shared_ptr<SensorInterface> sensor = getSensorInterfaceFromHandle(handle);
2262 if (sensor == nullptr) {
2263 continue;
2264 }
2265 if (sensor->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
2266 ALOGE("flush called on a one-shot sensor");
2267 err = INVALID_OPERATION;
2268 continue;
2269 }
2270 if (halVersion <= SENSORS_DEVICE_API_VERSION_1_0 || isVirtualSensor(handle)) {
2271 // For older devices just increment pending flush count which will send a trivial
2272 // flush complete event.
2273 if (!connection->incrementPendingFlushCountIfHasAccess(handle)) {
2274 ALOGE("flush called on an inaccessible sensor");
2275 err = INVALID_OPERATION;
2276 }
2277 } else {
2278 if (!canAccessSensor(sensor->getSensor(), "Tried flushing", opPackageName)) {
2279 err = INVALID_OPERATION;
2280 continue;
2281 }
2282 status_t err_flush = sensor->flush(connection.get(), handle);
2283 if (err_flush == NO_ERROR) {
2284 SensorRecord* rec = mActiveSensors.valueFor(handle);
2285 if (rec != nullptr) rec->addPendingFlushConnection(connection);
2286 }
2287 err = (err_flush != NO_ERROR) ? err_flush : err;
2288 }
2289 }
2290 return err;
2291 }
2292
canAccessSensor(const Sensor & sensor,const char * operation,const String16 & opPackageName)2293 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
2294 const String16& opPackageName) {
2295 // Special case for Head Tracker sensor type: currently restricted to system usage only, unless
2296 // the restriction is specially lifted for testing
2297 if (sensor.getType() == SENSOR_TYPE_HEAD_TRACKER &&
2298 !isAudioServerOrSystemServerUid(IPCThreadState::self()->getCallingUid())) {
2299 if (!mHtRestricted) {
2300 ALOGI("Permitting access to HT sensor type outside system (%s)",
2301 String8(opPackageName).c_str());
2302 } else {
2303 ALOGW("%s %s a sensor (%s) as a non-system client", String8(opPackageName).c_str(),
2304 operation, sensor.getName().c_str());
2305 return false;
2306 }
2307 }
2308
2309 // Check if a permission is required for this sensor
2310 if (sensor.getRequiredPermission().length() <= 0) {
2311 return true;
2312 }
2313
2314 const int32_t opCode = sensor.getRequiredAppOp();
2315 int targetSdkVersion = getTargetSdkVersion(opPackageName);
2316
2317 bool canAccess = false;
2318 if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__ &&
2319 (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||
2320 sensor.getType() == SENSOR_TYPE_STEP_DETECTOR)) {
2321 // Allow access to step sensors if the application targets pre-Q, which is before the
2322 // requirement to hold the AR permission to access Step Counter and Step Detector events
2323 // was introduced.
2324 canAccess = true;
2325 } else if (IPCThreadState::self()->getCallingUid() == AID_SYSTEM) {
2326 // Allow access if it is requested from system.
2327 canAccess = true;
2328 } else if (hasPermissionForSensor(sensor)) {
2329 // Ensure that the AppOp is allowed, or that there is no necessary app op
2330 // for the sensor
2331 if (opCode >= 0) {
2332 const int32_t appOpMode =
2333 sAppOpsManager.checkOp(opCode, IPCThreadState::self()->getCallingUid(),
2334 opPackageName);
2335 canAccess = (appOpMode == AppOpsManager::MODE_ALLOWED);
2336 } else {
2337 canAccess = true;
2338 }
2339 }
2340
2341 if (!canAccess) {
2342 ALOGE("%s %s a sensor (%s) without holding %s", String8(opPackageName).c_str(),
2343 operation, sensor.getName().c_str(), sensor.getRequiredPermission().c_str());
2344 }
2345
2346 return canAccess;
2347 }
2348
hasPermissionForSensor(const Sensor & sensor)2349 bool SensorService::hasPermissionForSensor(const Sensor& sensor) {
2350 bool hasPermission = false;
2351 const String8& requiredPermission = sensor.getRequiredPermission();
2352
2353 // Runtime permissions can't use the cache as they may change.
2354 if (sensor.isRequiredPermissionRuntime()) {
2355 hasPermission = checkPermission(String16(requiredPermission),
2356 IPCThreadState::self()->getCallingPid(),
2357 IPCThreadState::self()->getCallingUid(),
2358 /*logPermissionFailure=*/ false);
2359 } else {
2360 hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
2361 }
2362 return hasPermission;
2363 }
2364
getTargetSdkVersion(const String16 & opPackageName)2365 int SensorService::getTargetSdkVersion(const String16& opPackageName) {
2366 // Don't query the SDK version for the ISensorManager descriptor as it
2367 // doesn't have one. This descriptor tends to be used for VNDK clients, but
2368 // can technically be set by anyone so don't give it elevated privileges.
2369 bool isVNDK = opPackageName.startsWith(sSensorInterfaceDescriptorPrefix) &&
2370 opPackageName.contains(String16("@"));
2371 if (isVNDK) {
2372 return -1;
2373 }
2374
2375 Mutex::Autolock packageLock(sPackageTargetVersionLock);
2376 int targetSdkVersion = -1;
2377 auto entry = sPackageTargetVersion.find(opPackageName);
2378 if (entry != sPackageTargetVersion.end()) {
2379 targetSdkVersion = entry->second;
2380 } else {
2381 sp<IBinder> binder = defaultServiceManager()->getService(String16("package_native"));
2382 if (binder != nullptr) {
2383 sp<content::pm::IPackageManagerNative> packageManager =
2384 interface_cast<content::pm::IPackageManagerNative>(binder);
2385 if (packageManager != nullptr) {
2386 binder::Status status = packageManager->getTargetSdkVersionForPackage(
2387 opPackageName, &targetSdkVersion);
2388 if (!status.isOk()) {
2389 targetSdkVersion = -1;
2390 }
2391 }
2392 }
2393 sPackageTargetVersion[opPackageName] = targetSdkVersion;
2394 }
2395 return targetSdkVersion;
2396 }
2397
resetTargetSdkVersionCache(const String16 & opPackageName)2398 void SensorService::resetTargetSdkVersionCache(const String16& opPackageName) {
2399 Mutex::Autolock packageLock(sPackageTargetVersionLock);
2400 auto iter = sPackageTargetVersion.find(opPackageName);
2401 if (iter != sPackageTargetVersion.end()) {
2402 sPackageTargetVersion.erase(iter);
2403 }
2404 }
2405
getTargetOperatingMode(const std::string & inputString,Mode * targetModeOut)2406 bool SensorService::getTargetOperatingMode(const std::string &inputString, Mode *targetModeOut) {
2407 if (inputString == std::string("restrict")) {
2408 *targetModeOut = RESTRICTED;
2409 return true;
2410 }
2411 if (inputString == std::string("enable")) {
2412 *targetModeOut = NORMAL;
2413 return true;
2414 }
2415 if (inputString == std::string("data_injection")) {
2416 *targetModeOut = DATA_INJECTION;
2417 return true;
2418 }
2419 if (inputString == std::string("replay_data_injection")) {
2420 *targetModeOut = REPLAY_DATA_INJECTION;
2421 return true;
2422 }
2423 if (inputString == std::string("hal_bypass_replay_data_injection")) {
2424 *targetModeOut = HAL_BYPASS_REPLAY_DATA_INJECTION;
2425 return true;
2426 }
2427 return false;
2428 }
2429
changeOperatingMode(const Vector<String16> & args,Mode targetOperatingMode)2430 status_t SensorService::changeOperatingMode(const Vector<String16>& args,
2431 Mode targetOperatingMode) {
2432 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
2433 SensorDevice& dev(SensorDevice::getInstance());
2434 if (mCurrentOperatingMode == targetOperatingMode) {
2435 return NO_ERROR;
2436 }
2437 if (targetOperatingMode != NORMAL && args.size() < 2) {
2438 return INVALID_OPERATION;
2439 }
2440 switch (targetOperatingMode) {
2441 case NORMAL:
2442 // If currently in restricted mode, reset back to NORMAL mode else ignore.
2443 if (mCurrentOperatingMode == RESTRICTED) {
2444 mCurrentOperatingMode = NORMAL;
2445 // enable sensors and recover all sensor direct report
2446 enableAllSensorsLocked(&connLock);
2447 }
2448 if (mCurrentOperatingMode == REPLAY_DATA_INJECTION) {
2449 dev.disableAllSensors();
2450 }
2451 if (mCurrentOperatingMode == DATA_INJECTION ||
2452 mCurrentOperatingMode == REPLAY_DATA_INJECTION ||
2453 mCurrentOperatingMode == HAL_BYPASS_REPLAY_DATA_INJECTION) {
2454 resetToNormalModeLocked();
2455 }
2456 mAllowListedPackage.clear();
2457 return status_t(NO_ERROR);
2458 case RESTRICTED:
2459 // If in any mode other than normal, ignore.
2460 if (mCurrentOperatingMode != NORMAL) {
2461 return INVALID_OPERATION;
2462 }
2463
2464 mCurrentOperatingMode = RESTRICTED;
2465 // temporarily stop all sensor direct report and disable sensors
2466 disableAllSensorsLocked(&connLock);
2467 mAllowListedPackage = String8(args[1]);
2468 return status_t(NO_ERROR);
2469 case HAL_BYPASS_REPLAY_DATA_INJECTION:
2470 FALLTHROUGH_INTENDED;
2471 case REPLAY_DATA_INJECTION:
2472 if (SensorServiceUtil::isUserBuild()) {
2473 return INVALID_OPERATION;
2474 }
2475 FALLTHROUGH_INTENDED;
2476 case DATA_INJECTION:
2477 if (mCurrentOperatingMode == NORMAL) {
2478 dev.disableAllSensors();
2479 status_t err = NO_ERROR;
2480 if (targetOperatingMode == HAL_BYPASS_REPLAY_DATA_INJECTION) {
2481 // Set SensorDevice to HAL_BYPASS_REPLAY_DATA_INJECTION_MODE. This value is not
2482 // injected into the HAL, nor will any events be injected into the HAL
2483 err = dev.setMode(HAL_BYPASS_REPLAY_DATA_INJECTION);
2484 } else {
2485 // Otherwise use DATA_INJECTION here since this value goes to the HAL and the HAL
2486 // doesn't have an understanding of replay vs. normal data injection.
2487 err = dev.setMode(DATA_INJECTION);
2488 }
2489 if (err == NO_ERROR) {
2490 mCurrentOperatingMode = targetOperatingMode;
2491 }
2492 if (err != NO_ERROR || targetOperatingMode == REPLAY_DATA_INJECTION) {
2493 // Re-enable sensors.
2494 dev.enableAllSensors();
2495 }
2496 mAllowListedPackage = String8(args[1]);
2497 return NO_ERROR;
2498 } else {
2499 // Transition to data injection mode supported only from NORMAL mode.
2500 return INVALID_OPERATION;
2501 }
2502 break;
2503 default:
2504 break;
2505 }
2506 return NO_ERROR;
2507 }
2508
checkWakeLockState()2509 void SensorService::checkWakeLockState() {
2510 ConnectionSafeAutolock connLock = mConnectionHolder.lock(mLock);
2511 checkWakeLockStateLocked(&connLock);
2512 }
2513
checkWakeLockStateLocked(ConnectionSafeAutolock * connLock)2514 void SensorService::checkWakeLockStateLocked(ConnectionSafeAutolock* connLock) {
2515 if (!mWakeLockAcquired) {
2516 return;
2517 }
2518 bool releaseLock = true;
2519 for (const sp<SensorEventConnection>& connection : connLock->getActiveConnections()) {
2520 if (connection->needsWakeLock()) {
2521 releaseLock = false;
2522 break;
2523 }
2524 }
2525 if (releaseLock) {
2526 setWakeLockAcquiredLocked(false);
2527 }
2528 }
2529
sendEventsFromCache(const sp<SensorEventConnection> & connection)2530 void SensorService::sendEventsFromCache(const sp<SensorEventConnection>& connection) {
2531 Mutex::Autolock _l(mLock);
2532 connection->writeToSocketFromCache();
2533 if (connection->needsWakeLock()) {
2534 setWakeLockAcquiredLocked(true);
2535 }
2536 }
2537
isAllowListedPackage(const String8 & packageName)2538 bool SensorService::isAllowListedPackage(const String8& packageName) {
2539 return (packageName.contains(mAllowListedPackage.c_str()));
2540 }
2541
isOperationRestrictedLocked(const String16 & opPackageName)2542 bool SensorService::isOperationRestrictedLocked(const String16& opPackageName) {
2543 if (mCurrentOperatingMode == RESTRICTED) {
2544 String8 package(opPackageName);
2545 return !isAllowListedPackage(package);
2546 }
2547 return false;
2548 }
2549
registerSelf()2550 void SensorService::UidPolicy::registerSelf() {
2551 ActivityManager am;
2552 am.registerUidObserver(this, ActivityManager::UID_OBSERVER_GONE
2553 | ActivityManager::UID_OBSERVER_IDLE
2554 | ActivityManager::UID_OBSERVER_ACTIVE,
2555 ActivityManager::PROCESS_STATE_UNKNOWN,
2556 String16("android"));
2557 }
2558
unregisterSelf()2559 void SensorService::UidPolicy::unregisterSelf() {
2560 ActivityManager am;
2561 am.unregisterUidObserver(this);
2562 }
2563
onUidGone(__unused uid_t uid,__unused bool disabled)2564 void SensorService::UidPolicy::onUidGone(__unused uid_t uid, __unused bool disabled) {
2565 onUidIdle(uid, disabled);
2566 }
2567
onUidActive(uid_t uid)2568 void SensorService::UidPolicy::onUidActive(uid_t uid) {
2569 {
2570 Mutex::Autolock _l(mUidLock);
2571 mActiveUids.insert(uid);
2572 }
2573 sp<SensorService> service = mService.promote();
2574 if (service != nullptr) {
2575 service->onUidStateChanged(uid, UID_STATE_ACTIVE);
2576 }
2577 }
2578
onUidIdle(uid_t uid,__unused bool disabled)2579 void SensorService::UidPolicy::onUidIdle(uid_t uid, __unused bool disabled) {
2580 bool deleted = false;
2581 {
2582 Mutex::Autolock _l(mUidLock);
2583 if (mActiveUids.erase(uid) > 0) {
2584 deleted = true;
2585 }
2586 }
2587 if (deleted) {
2588 sp<SensorService> service = mService.promote();
2589 if (service != nullptr) {
2590 service->onUidStateChanged(uid, UID_STATE_IDLE);
2591 }
2592 }
2593 }
2594
addOverrideUid(uid_t uid,bool active)2595 void SensorService::UidPolicy::addOverrideUid(uid_t uid, bool active) {
2596 updateOverrideUid(uid, active, true);
2597 }
2598
removeOverrideUid(uid_t uid)2599 void SensorService::UidPolicy::removeOverrideUid(uid_t uid) {
2600 updateOverrideUid(uid, false, false);
2601 }
2602
updateOverrideUid(uid_t uid,bool active,bool insert)2603 void SensorService::UidPolicy::updateOverrideUid(uid_t uid, bool active, bool insert) {
2604 bool wasActive = false;
2605 bool isActive = false;
2606 {
2607 Mutex::Autolock _l(mUidLock);
2608 wasActive = isUidActiveLocked(uid);
2609 mOverrideUids.erase(uid);
2610 if (insert) {
2611 mOverrideUids.insert(std::pair<uid_t, bool>(uid, active));
2612 }
2613 isActive = isUidActiveLocked(uid);
2614 }
2615 if (wasActive != isActive) {
2616 sp<SensorService> service = mService.promote();
2617 if (service != nullptr) {
2618 service->onUidStateChanged(uid, isActive ? UID_STATE_ACTIVE : UID_STATE_IDLE);
2619 }
2620 }
2621 }
2622
isUidActive(uid_t uid)2623 bool SensorService::UidPolicy::isUidActive(uid_t uid) {
2624 // Non-app UIDs are considered always active
2625 if (uid < FIRST_APPLICATION_UID) {
2626 return true;
2627 }
2628 Mutex::Autolock _l(mUidLock);
2629 return isUidActiveLocked(uid);
2630 }
2631
isUidActiveLocked(uid_t uid)2632 bool SensorService::UidPolicy::isUidActiveLocked(uid_t uid) {
2633 // Non-app UIDs are considered always active
2634 if (uid < FIRST_APPLICATION_UID) {
2635 return true;
2636 }
2637 auto it = mOverrideUids.find(uid);
2638 if (it != mOverrideUids.end()) {
2639 return it->second;
2640 }
2641 return mActiveUids.find(uid) != mActiveUids.end();
2642 }
2643
isUidActive(uid_t uid)2644 bool SensorService::isUidActive(uid_t uid) {
2645 return mUidPolicy->isUidActive(uid);
2646 }
2647
isRateCappedBasedOnPermission(const String16 & opPackageName)2648 bool SensorService::isRateCappedBasedOnPermission(const String16& opPackageName) {
2649 int targetSdk = getTargetSdkVersion(opPackageName);
2650 bool hasSamplingRatePermission = checkPermission(sAccessHighSensorSamplingRatePermission,
2651 IPCThreadState::self()->getCallingPid(),
2652 IPCThreadState::self()->getCallingUid(),
2653 /*logPermissionFailure=*/ false);
2654 if (targetSdk < __ANDROID_API_S__ ||
2655 (targetSdk >= __ANDROID_API_S__ && hasSamplingRatePermission)) {
2656 return false;
2657 }
2658 return true;
2659 }
2660
2661 /**
2662 * Checks if a sensor should be capped according to HIGH_SAMPLING_RATE_SENSORS
2663 * permission.
2664 *
2665 * This needs to be kept in sync with the list defined on the Java side
2666 * in frameworks/base/core/java/android/hardware/SystemSensorManager.java
2667 */
isSensorInCappedSet(int sensorType)2668 bool SensorService::isSensorInCappedSet(int sensorType) {
2669 return (sensorType == SENSOR_TYPE_ACCELEROMETER
2670 || sensorType == SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED
2671 || sensorType == SENSOR_TYPE_GYROSCOPE
2672 || sensorType == SENSOR_TYPE_GYROSCOPE_UNCALIBRATED
2673 || sensorType == SENSOR_TYPE_MAGNETIC_FIELD
2674 || sensorType == SENSOR_TYPE_MAGNETIC_FIELD_UNCALIBRATED);
2675 }
2676
adjustSamplingPeriodBasedOnMicAndPermission(nsecs_t * requestedPeriodNs,const String16 & opPackageName)2677 status_t SensorService::adjustSamplingPeriodBasedOnMicAndPermission(nsecs_t* requestedPeriodNs,
2678 const String16& opPackageName) {
2679 if (*requestedPeriodNs >= SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS) {
2680 return OK;
2681 }
2682 bool shouldCapBasedOnPermission = isRateCappedBasedOnPermission(opPackageName);
2683 if (shouldCapBasedOnPermission) {
2684 *requestedPeriodNs = SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS;
2685 if (isPackageDebuggable(opPackageName)) {
2686 return PERMISSION_DENIED;
2687 }
2688 return OK;
2689 }
2690 if (mMicSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
2691 *requestedPeriodNs = SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS;
2692 return OK;
2693 }
2694 return OK;
2695 }
2696
adjustRateLevelBasedOnMicAndPermission(int * requestedRateLevel,const String16 & opPackageName)2697 status_t SensorService::adjustRateLevelBasedOnMicAndPermission(int* requestedRateLevel,
2698 const String16& opPackageName) {
2699 if (*requestedRateLevel <= SENSOR_SERVICE_CAPPED_SAMPLING_RATE_LEVEL) {
2700 return OK;
2701 }
2702 bool shouldCapBasedOnPermission = isRateCappedBasedOnPermission(opPackageName);
2703 if (shouldCapBasedOnPermission) {
2704 *requestedRateLevel = SENSOR_SERVICE_CAPPED_SAMPLING_RATE_LEVEL;
2705 if (isPackageDebuggable(opPackageName)) {
2706 return PERMISSION_DENIED;
2707 }
2708 return OK;
2709 }
2710 if (mMicSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
2711 *requestedRateLevel = SENSOR_SERVICE_CAPPED_SAMPLING_RATE_LEVEL;
2712 return OK;
2713 }
2714 return OK;
2715 }
2716
registerSelf()2717 void SensorService::SensorPrivacyPolicy::registerSelf() {
2718 AutoCallerClear acc;
2719 SensorPrivacyManager spm;
2720 mSensorPrivacyEnabled = spm.isSensorPrivacyEnabled();
2721 spm.addSensorPrivacyListener(this);
2722 }
2723
unregisterSelf()2724 void SensorService::SensorPrivacyPolicy::unregisterSelf() {
2725 AutoCallerClear acc;
2726 SensorPrivacyManager spm;
2727 spm.removeSensorPrivacyListener(this);
2728 }
2729
isSensorPrivacyEnabled()2730 bool SensorService::SensorPrivacyPolicy::isSensorPrivacyEnabled() {
2731 return mSensorPrivacyEnabled;
2732 }
2733
onSensorPrivacyChanged(int toggleType __unused,int sensor __unused,bool enabled)2734 binder::Status SensorService::SensorPrivacyPolicy::onSensorPrivacyChanged(int toggleType __unused,
2735 int sensor __unused, bool enabled) {
2736 mSensorPrivacyEnabled = enabled;
2737 sp<SensorService> service = mService.promote();
2738
2739 if (service != nullptr) {
2740 if (enabled) {
2741 service->disableAllSensors();
2742 } else {
2743 service->enableAllSensors();
2744 }
2745 }
2746 return binder::Status::ok();
2747 }
2748
registerSelf()2749 void SensorService::MicrophonePrivacyPolicy::registerSelf() {
2750 AutoCallerClear acc;
2751 SensorPrivacyManager spm;
2752 mSensorPrivacyEnabled =
2753 spm.isToggleSensorPrivacyEnabled(
2754 SensorPrivacyManager::TOGGLE_TYPE_SOFTWARE,
2755 SensorPrivacyManager::TOGGLE_SENSOR_MICROPHONE)
2756 || spm.isToggleSensorPrivacyEnabled(
2757 SensorPrivacyManager::TOGGLE_TYPE_HARDWARE,
2758 SensorPrivacyManager::TOGGLE_SENSOR_MICROPHONE);
2759 spm.addToggleSensorPrivacyListener(this);
2760 }
2761
unregisterSelf()2762 void SensorService::MicrophonePrivacyPolicy::unregisterSelf() {
2763 AutoCallerClear acc;
2764 SensorPrivacyManager spm;
2765 spm.removeToggleSensorPrivacyListener(this);
2766 }
2767
onSensorPrivacyChanged(int toggleType __unused,int sensor,bool enabled)2768 binder::Status SensorService::MicrophonePrivacyPolicy::onSensorPrivacyChanged(int toggleType __unused,
2769 int sensor, bool enabled) {
2770 if (sensor != SensorPrivacyManager::TOGGLE_SENSOR_MICROPHONE) {
2771 return binder::Status::ok();
2772 }
2773 mSensorPrivacyEnabled = enabled;
2774 sp<SensorService> service = mService.promote();
2775
2776 if (service != nullptr) {
2777 if (enabled) {
2778 service->capRates();
2779 } else {
2780 service->uncapRates();
2781 }
2782 }
2783 return binder::Status::ok();
2784 }
2785
ConnectionSafeAutolock(SensorService::SensorConnectionHolder & holder,Mutex & mutex)2786 SensorService::ConnectionSafeAutolock::ConnectionSafeAutolock(
2787 SensorService::SensorConnectionHolder& holder, Mutex& mutex)
2788 : mConnectionHolder(holder), mAutolock(mutex) {}
2789
2790 template<typename ConnectionType>
getConnectionsHelper(const SortedVector<wp<ConnectionType>> & connectionList,std::vector<std::vector<sp<ConnectionType>>> * referenceHolder)2791 const std::vector<sp<ConnectionType>>& SensorService::ConnectionSafeAutolock::getConnectionsHelper(
2792 const SortedVector<wp<ConnectionType>>& connectionList,
2793 std::vector<std::vector<sp<ConnectionType>>>* referenceHolder) {
2794 referenceHolder->emplace_back();
2795 std::vector<sp<ConnectionType>>& connections = referenceHolder->back();
2796 for (const wp<ConnectionType>& weakConnection : connectionList){
2797 sp<ConnectionType> connection = weakConnection.promote();
2798 if (connection != nullptr) {
2799 connections.push_back(std::move(connection));
2800 }
2801 }
2802 return connections;
2803 }
2804
2805 const std::vector<sp<SensorService::SensorEventConnection>>&
getActiveConnections()2806 SensorService::ConnectionSafeAutolock::getActiveConnections() {
2807 return getConnectionsHelper(mConnectionHolder.mActiveConnections,
2808 &mReferencedActiveConnections);
2809 }
2810
2811 const std::vector<sp<SensorService::SensorDirectConnection>>&
getDirectConnections()2812 SensorService::ConnectionSafeAutolock::getDirectConnections() {
2813 return getConnectionsHelper(mConnectionHolder.mDirectConnections,
2814 &mReferencedDirectConnections);
2815 }
2816
addEventConnectionIfNotPresent(const sp<SensorService::SensorEventConnection> & connection)2817 void SensorService::SensorConnectionHolder::addEventConnectionIfNotPresent(
2818 const sp<SensorService::SensorEventConnection>& connection) {
2819 if (mActiveConnections.indexOf(connection) < 0) {
2820 mActiveConnections.add(connection);
2821 }
2822 }
2823
removeEventConnection(const wp<SensorService::SensorEventConnection> & connection)2824 void SensorService::SensorConnectionHolder::removeEventConnection(
2825 const wp<SensorService::SensorEventConnection>& connection) {
2826 mActiveConnections.remove(connection);
2827 }
2828
addDirectConnection(const sp<SensorService::SensorDirectConnection> & connection)2829 void SensorService::SensorConnectionHolder::addDirectConnection(
2830 const sp<SensorService::SensorDirectConnection>& connection) {
2831 mDirectConnections.add(connection);
2832 }
2833
removeDirectConnection(const wp<SensorService::SensorDirectConnection> & connection)2834 void SensorService::SensorConnectionHolder::removeDirectConnection(
2835 const wp<SensorService::SensorDirectConnection>& connection) {
2836 mDirectConnections.remove(connection);
2837 }
2838
lock(Mutex & mutex)2839 SensorService::ConnectionSafeAutolock SensorService::SensorConnectionHolder::lock(Mutex& mutex) {
2840 return ConnectionSafeAutolock(*this, mutex);
2841 }
2842
isPackageDebuggable(const String16 & opPackageName)2843 bool SensorService::isPackageDebuggable(const String16& opPackageName) {
2844 bool debugMode = false;
2845 sp<IBinder> binder = defaultServiceManager()->getService(String16("package_native"));
2846 if (binder != nullptr) {
2847 sp<content::pm::IPackageManagerNative> packageManager =
2848 interface_cast<content::pm::IPackageManagerNative>(binder);
2849 if (packageManager != nullptr) {
2850 binder::Status status = packageManager->isPackageDebuggable(
2851 opPackageName, &debugMode);
2852 }
2853 }
2854 return debugMode;
2855 }
2856 } // namespace android
2857