1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //#define LOG_NDEBUG 0
18 #define LOG_TAG "MediaMetricsService"
19 #include <utils/Log.h>
20
21 #include "MediaMetricsService.h"
22 #include "ValidateId.h"
23 #include "iface_statsd.h"
24
25 #include <pwd.h> //getpwuid
26
27 #include <android-base/stringprintf.h>
28 #include <android/content/pm/IPackageManagerNative.h> // package info
29 #include <audio_utils/clock.h> // clock conversions
30 #include <binder/IPCThreadState.h> // get calling uid
31 #include <binder/IServiceManager.h> // checkCallingPermission
32 #include <cutils/properties.h> // for property_get
33 #include <mediautils/MemoryLeakTrackUtil.h>
34 #include <memunreachable/memunreachable.h>
35 #include <private/android_filesystem_config.h> // UID
36 #include <stats_media_metrics.h>
37
38 #include <set>
39
40 namespace android {
41
42 using base::StringPrintf;
43 using mediametrics::Item;
44 using mediametrics::startsWith;
45
46 // individual records kept in memory: age or count
47 // age: <= 28 hours (1 1/6 days)
48 // count: hard limit of # records
49 // (0 for either of these disables that threshold)
50 //
51 static constexpr nsecs_t kMaxRecordAgeNs = 28 * 3600 * NANOS_PER_SECOND;
52
53 // Max records to keep in queue which dump out for bugreports.
54 static constexpr size_t kMaxRecords = 2500;
55
56 // max we expire in a single call, to constrain how long we hold the
57 // mutex, which also constrains how long a client might wait.
58 static constexpr size_t kMaxExpiredAtOnce = 50;
59
60 // TODO: need to look at tuning kMaxRecords and friends for low-memory devices
61
62 /* static */
roundTime(nsecs_t timeNs)63 nsecs_t MediaMetricsService::roundTime(nsecs_t timeNs)
64 {
65 return (timeNs + NANOS_PER_SECOND / 2) / NANOS_PER_SECOND * NANOS_PER_SECOND;
66 }
67
68 /* static */
useUidForPackage(const std::string & package,const std::string & installer)69 bool MediaMetricsService::useUidForPackage(
70 const std::string& package, const std::string& installer)
71 {
72 // NOLINTBEGIN(bugprone-branch-clone)
73 if (strchr(package.c_str(), '.') == nullptr) {
74 return false; // not of form 'com.whatever...'; assume internal and ok
75 } else if (strncmp(package.c_str(), "android.", 8) == 0) {
76 return false; // android.* packages are assumed fine
77 } else if (strncmp(installer.c_str(), "com.android.", 12) == 0) {
78 return false; // from play store
79 } else if (strncmp(installer.c_str(), "com.google.", 11) == 0) {
80 return false; // some google source
81 } else if (strcmp(installer.c_str(), "preload") == 0) {
82 return false; // preloads
83 } else {
84 return true; // we're not sure where it came from, use uid only.
85 }
86 // NOLINTEND(bugprone-branch-clone)
87 }
88
89 /* static */
90 std::pair<std::string, int64_t>
getSanitizedPackageNameAndVersionCode(uid_t uid)91 MediaMetricsService::getSanitizedPackageNameAndVersionCode(uid_t uid) {
92 const std::shared_ptr<const mediautils::UidInfo::Info> info =
93 mediautils::UidInfo::getInfo(uid);
94 if (useUidForPackage(info->package, info->installer)) {
95 return { std::to_string(uid), /* versionCode */ 0 };
96 } else {
97 return { info->package, info->versionCode };
98 }
99 }
100
MediaMetricsService()101 MediaMetricsService::MediaMetricsService()
102 : mMaxRecords(kMaxRecords),
103 mMaxRecordAgeNs(kMaxRecordAgeNs),
104 mMaxRecordsExpiredAtOnce(kMaxExpiredAtOnce)
105 {
106 ALOGD("%s", __func__);
107 }
108
~MediaMetricsService()109 MediaMetricsService::~MediaMetricsService()
110 {
111 ALOGD("%s", __func__);
112 // the class destructor clears anyhow, but we enforce clearing items first.
113 mItemsDiscarded += (int64_t)mItems.size();
114 mItems.clear();
115 }
116
submitInternal(mediametrics::Item * item,bool release)117 status_t MediaMetricsService::submitInternal(mediametrics::Item *item, bool release)
118 {
119 // calling PID is 0 for one-way calls.
120 const pid_t pid = IPCThreadState::self()->getCallingPid();
121 const pid_t pid_given = item->getPid();
122 const uid_t uid = IPCThreadState::self()->getCallingUid();
123 const uid_t uid_given = item->getUid();
124
125 //ALOGD("%s: caller pid=%d uid=%d, item pid=%d uid=%d", __func__,
126 // (int)pid, (int)uid, (int) pid_given, (int)uid_given);
127
128 bool isTrusted;
129 switch (uid) {
130 case AID_AUDIOSERVER:
131 case AID_BLUETOOTH:
132 case AID_CAMERA:
133 case AID_DRM:
134 case AID_MEDIA:
135 case AID_MEDIA_CODEC:
136 case AID_MEDIA_EX:
137 case AID_MEDIA_DRM:
138 // case AID_SHELL: // DEBUG ONLY - used for mediametrics_tests to add new keys
139 case AID_SYSTEM:
140 // trusted source, only override default values
141 isTrusted = true;
142 if (uid_given == (uid_t)-1) {
143 item->setUid(uid);
144 }
145 if (pid_given == (pid_t)-1) {
146 item->setPid(pid); // if one-way then this is 0.
147 }
148 break;
149 default:
150 isTrusted = false;
151 item->setPid(pid); // always use calling pid, if one-way then this is 0.
152 item->setUid(uid);
153 break;
154 }
155
156 // Overwrite package name and version if the caller was untrusted or empty
157 if (!isTrusted || item->getPkgName().empty()) {
158 const uid_t uidItem = item->getUid();
159 const auto [ pkgName, version ] =
160 MediaMetricsService::getSanitizedPackageNameAndVersionCode(uidItem);
161 item->setPkgName(pkgName);
162 item->setPkgVersionCode(version);
163 }
164
165 ALOGV("%s: isTrusted:%d given uid %d; sanitized uid: %d sanitized pkg: %s "
166 "sanitized pkg version: %lld",
167 __func__,
168 (int)isTrusted,
169 uid_given, item->getUid(),
170 item->getPkgName().c_str(),
171 (long long)item->getPkgVersionCode());
172
173 mItemsSubmitted++;
174
175 // validate the record; we discard if we don't like it
176 if (isContentValid(item, isTrusted) == false) {
177 if (release) delete item;
178 return PERMISSION_DENIED;
179 }
180
181 // XXX: if we have a sessionid in the new record, look to make
182 // sure it doesn't appear in the finalized list.
183
184 if (item->count() == 0) {
185 ALOGV("%s: dropping empty record...", __func__);
186 if (release) delete item;
187 return BAD_VALUE;
188 }
189
190 if (!isTrusted || item->getTimestamp() == 0) {
191 // Statsd logs two times for events: ElapsedRealTimeNs (BOOTTIME) and
192 // WallClockTimeNs (REALTIME), but currently logs REALTIME to cloud.
193 //
194 // For consistency and correlation with other logging mechanisms
195 // we use REALTIME here.
196 const int64_t now = systemTime(SYSTEM_TIME_REALTIME);
197 item->setTimestamp(now);
198 }
199
200 // now attach either the item or its dup to a const shared pointer
201 std::shared_ptr<const mediametrics::Item> sitem(release ? item : item->dup());
202
203 // register log session ids with singleton.
204 if (startsWith(item->getKey(), "metrics.manager")) {
205 std::string logSessionId;
206 if (item->get("logSessionId", &logSessionId)
207 && mediametrics::stringutils::isLogSessionId(logSessionId.c_str())) {
208 mediametrics::ValidateId::get()->registerId(logSessionId);
209 }
210 }
211
212 (void)mAudioAnalytics.submit(sitem, isTrusted);
213
214 (void)dump2Statsd(sitem, mStatsdLog); // failure should be logged in function.
215 saveItem(sitem);
216 return NO_ERROR;
217 }
218
dump(int fd,const Vector<String16> & args)219 status_t MediaMetricsService::dump(int fd, const Vector<String16>& args)
220 {
221 if (checkCallingPermission(String16("android.permission.DUMP")) == false) {
222 const std::string result = StringPrintf("Permission Denial: "
223 "can't dump MediaMetricsService from pid=%d, uid=%d\n",
224 IPCThreadState::self()->getCallingPid(),
225 IPCThreadState::self()->getCallingUid());
226 write(fd, result.c_str(), result.size());
227 return NO_ERROR;
228 }
229
230 static const String16 allOption("--all");
231 static const String16 clearOption("--clear");
232 static const String16 heapOption("--heap");
233 static const String16 helpOption("--help");
234 static const String16 prefixOption("--prefix");
235 static const String16 sinceOption("--since");
236 static const String16 unreachableOption("--unreachable");
237
238 bool all = false;
239 bool clear = false;
240 bool heap = false;
241 bool unreachable = false;
242 int64_t sinceNs = 0;
243 std::string prefix;
244
245 const size_t n = args.size();
246 for (size_t i = 0; i < n; i++) {
247 if (args[i] == allOption) {
248 all = true;
249 } else if (args[i] == clearOption) {
250 clear = true;
251 } else if (args[i] == heapOption) {
252 heap = true;
253 } else if (args[i] == helpOption) {
254 // TODO: consider function area dumping.
255 // dumpsys media.metrics audiotrack,codec
256 // or dumpsys media.metrics audiotrack codec
257
258 static constexpr char result[] =
259 "Recognized parameters:\n"
260 "--all show all records\n"
261 "--clear clear out saved records\n"
262 "--heap show heap usage (top 100)\n"
263 "--help display help\n"
264 "--prefix X process records for component X\n"
265 "--since X X < 0: records from -X seconds in the past\n"
266 " X = 0: ignore\n"
267 " X > 0: records from X seconds since Unix epoch\n"
268 "--unreachable show unreachable memory (leaks)\n";
269 write(fd, result, std::size(result));
270 return NO_ERROR;
271 } else if (args[i] == prefixOption) {
272 ++i;
273 if (i < n) {
274 prefix = String8(args[i]).c_str();
275 }
276 } else if (args[i] == sinceOption) {
277 ++i;
278 if (i < n) {
279 String8 value(args[i]);
280 char *endp;
281 const char *p = value.c_str();
282 const auto sec = (int64_t)strtoll(p, &endp, 10);
283 if (endp == p || *endp != '\0' || sec == 0) {
284 sinceNs = 0;
285 } else if (sec < 0) {
286 sinceNs = systemTime(SYSTEM_TIME_REALTIME) + sec * NANOS_PER_SECOND;
287 } else {
288 sinceNs = sec * NANOS_PER_SECOND;
289 }
290 }
291 } else if (args[i] == unreachableOption) {
292 unreachable = true;
293 }
294 }
295 std::stringstream result;
296 {
297 std::lock_guard _l(mLock);
298
299 if (clear) {
300 mItemsDiscarded += (int64_t)mItems.size();
301 mItems.clear();
302 mAudioAnalytics.clear();
303 } else {
304 result << StringPrintf("Dump of the %s process:\n", kServiceName);
305 const char *prefixptr = prefix.size() > 0 ? prefix.c_str() : nullptr;
306 result << dumpHeaders(sinceNs, prefixptr);
307 result << dumpQueue(sinceNs, prefixptr);
308
309 // TODO: maybe consider a better way of dumping audio analytics info.
310 const int32_t linesToDump = all ? INT32_MAX : 1000;
311 auto [ dumpString, lines ] = mAudioAnalytics.dump(
312 all, linesToDump, sinceNs, prefixptr);
313 result << dumpString;
314 if (lines == linesToDump) {
315 result << "-- some lines may be truncated --\n";
316 }
317
318 const int32_t heatLinesToDump = all ? INT32_MAX : 20;
319 const auto [ heatDumpString, heatLines] =
320 mAudioAnalytics.dumpHeatMap(heatLinesToDump);
321 result << "\n" << heatDumpString;
322 if (heatLines == heatLinesToDump) {
323 result << "-- some lines may be truncated --\n";
324 }
325
326 const int32_t healthLinesToDump = all ? INT32_MAX : 15;
327 result << "\nHealth Message Log:";
328 const auto [ healthDumpString, healthLines ] =
329 mAudioAnalytics.dumpHealth(healthLinesToDump);
330 result << "\n" << healthDumpString;
331 if (healthLines == healthLinesToDump) {
332 result << "-- some lines may be truncated --\n";
333 }
334
335 const int32_t spatializerLinesToDump = all ? INT32_MAX : 15;
336 result << "\nSpatializer Message Log:";
337 const auto [ spatializerDumpString, spatializerLines ] =
338 mAudioAnalytics.dumpSpatializer(spatializerLinesToDump);
339 result << "\n" << spatializerDumpString;
340 if (spatializerLines == spatializerLinesToDump) {
341 result << "-- some lines may be truncated --\n";
342 }
343
344 result << "\nLogSessionId:\n"
345 << mediametrics::ValidateId::get()->dump();
346
347 // Dump the statsd atoms we sent out.
348 result << "\nStatsd atoms:\n"
349 << mStatsdLog->dumpToString(" " /* prefix */,
350 all ? STATSD_LOG_LINES_MAX : STATSD_LOG_LINES_DUMP);
351 }
352 }
353 const std::string str = result.str();
354 write(fd, str.c_str(), str.size());
355
356 // Check heap and unreachable memory outside of lock.
357 if (heap) {
358 dprintf(fd, "\nDumping heap:\n");
359 std::string s = dumpMemoryAddresses(100 /* limit */);
360 write(fd, s.c_str(), s.size());
361 }
362 if (unreachable) {
363 dprintf(fd, "\nDumping unreachable memory:\n");
364 // TODO - should limit be an argument parameter?
365 std::string s = GetUnreachableMemoryString(true /* contents */, 100 /* limit */);
366 write(fd, s.c_str(), s.size());
367 }
368 return NO_ERROR;
369 }
370
371 // dump headers
dumpHeaders(int64_t sinceNs,const char * prefix)372 std::string MediaMetricsService::dumpHeaders(int64_t sinceNs, const char* prefix)
373 {
374 std::stringstream result;
375 if (mediametrics::Item::isEnabled()) {
376 result << "Metrics gathering: enabled\n";
377 } else {
378 result << "Metrics gathering: DISABLED via property\n";
379 }
380 result << StringPrintf(
381 "Since Boot: Submissions: %lld Accepted: %lld\n",
382 (long long)mItemsSubmitted.load(), (long long)mItemsFinalized);
383 result << StringPrintf(
384 "Records Discarded: %lld (by Count: %lld by Expiration: %lld)\n",
385 (long long)mItemsDiscarded, (long long)mItemsDiscardedCount,
386 (long long)mItemsDiscardedExpire);
387 if (prefix != nullptr) {
388 result << "Restricting to prefix " << prefix << "\n";
389 }
390 if (sinceNs != 0) {
391 result << "Emitting Queue entries more recent than: " << sinceNs << "\n";
392 }
393 return result.str();
394 }
395
396 // TODO: should prefix be a set<string>?
dumpQueue(int64_t sinceNs,const char * prefix)397 std::string MediaMetricsService::dumpQueue(int64_t sinceNs, const char* prefix)
398 {
399 if (mItems.empty()) {
400 return "empty\n";
401 }
402 std::stringstream result;
403 int slot = 0;
404 for (const auto &item : mItems) { // TODO: consider std::lower_bound() on mItems
405 if (item->getTimestamp() < sinceNs) { // sinceNs == 0 means all items shown
406 continue;
407 }
408 if (prefix != nullptr && !startsWith(item->getKey(), prefix)) {
409 ALOGV("%s: omit '%s', it's not '%s'",
410 __func__, item->getKey().c_str(), prefix);
411 continue;
412 }
413 result << StringPrintf("%5d: %s\n", slot, item->toString().c_str());
414 slot++;
415 }
416 return result.str();
417 }
418
419 //
420 // Our Cheap in-core, non-persistent records management.
421
422 // if item != NULL, it's the item we just inserted
423 // true == more items eligible to be recovered
expirations(const std::shared_ptr<const mediametrics::Item> & item)424 bool MediaMetricsService::expirations(const std::shared_ptr<const mediametrics::Item>& item)
425 {
426 bool more = false;
427
428 // check queue size
429 size_t overlimit = 0;
430 if (mMaxRecords > 0 && mItems.size() > mMaxRecords) {
431 overlimit = mItems.size() - mMaxRecords;
432 if (overlimit > mMaxRecordsExpiredAtOnce) {
433 more = true;
434 overlimit = mMaxRecordsExpiredAtOnce;
435 }
436 }
437
438 // check queue times
439 size_t expired = 0;
440 if (!more && mMaxRecordAgeNs > 0) {
441 const nsecs_t now = systemTime(SYSTEM_TIME_REALTIME);
442 // we check one at a time, skip search would be more efficient.
443 size_t i = overlimit;
444 for (; i < mItems.size(); ++i) {
445 auto &oitem = mItems[i];
446 nsecs_t when = oitem->getTimestamp();
447 if (oitem.get() == item.get()) {
448 break;
449 }
450 if (now > when && (now - when) <= mMaxRecordAgeNs) {
451 break; // Note SYSTEM_TIME_REALTIME may not be monotonic.
452 }
453 if (i >= mMaxRecordsExpiredAtOnce) {
454 // this represents "one too many"; tell caller there are
455 // more to be reclaimed.
456 more = true;
457 break;
458 }
459 }
460 expired = i - overlimit;
461 }
462
463 if (const size_t toErase = overlimit + expired;
464 toErase > 0) {
465 mItemsDiscardedCount += (int64_t)overlimit;
466 mItemsDiscardedExpire += (int64_t)expired;
467 mItemsDiscarded += (int64_t)toErase;
468 mItems.erase(mItems.begin(), mItems.begin() + (ptrdiff_t)toErase); // erase from front
469 }
470 return more;
471 }
472
processExpirations()473 void MediaMetricsService::processExpirations()
474 {
475 bool more;
476 do {
477 sleep(1);
478 std::lock_guard _l(mLock);
479 more = expirations(nullptr);
480 } while (more);
481 }
482
saveItem(const std::shared_ptr<const mediametrics::Item> & item)483 void MediaMetricsService::saveItem(const std::shared_ptr<const mediametrics::Item>& item)
484 {
485 std::lock_guard _l(mLock);
486 // we assume the items are roughly in time order.
487 mItems.emplace_back(item);
488 if (isPullable(item->getKey())) {
489 registerStatsdCallbacksIfNeeded();
490 mPullableItems[item->getKey()].emplace_back(item);
491 }
492 ++mItemsFinalized;
493 if (expirations(item)
494 && (!mExpireFuture.valid()
495 || mExpireFuture.wait_for(std::chrono::seconds(0)) == std::future_status::ready)) {
496 mExpireFuture = std::async(std::launch::async, [this] { processExpirations(); });
497 }
498 }
499
500 /* static */
isContentValid(const mediametrics::Item * item,bool isTrusted)501 bool MediaMetricsService::isContentValid(const mediametrics::Item *item, bool isTrusted)
502 {
503 if (isTrusted) return true;
504 // untrusted uids can only send us a limited set of keys
505 const std::string &key = item->getKey();
506 if (startsWith(key, "audio.")) return true;
507 if (startsWith(key, "drm.vendor.")) return true;
508 if (startsWith(key, "mediadrm.")) return true;
509
510 // the list of allowedKey uses statsd_handlers
511 // in iface_statsd.cpp as reference
512 // drmmanager is from a trusted uid, therefore not needed here
513 for (const char *allowedKey : {
514 // legacy audio
515 "audiopolicy",
516 "audiorecord",
517 "audiothread",
518 "audiotrack",
519 // other media
520 "codec",
521 "videofreeze",
522 "videojudder",
523 "extractor",
524 "mediadrm",
525 "mediaparser",
526 "nuplayer",
527 }) {
528 if (key == allowedKey) {
529 return true;
530 }
531 }
532 ALOGD("%s: invalid key: %s", __func__, item->toString().c_str());
533 return false;
534 }
535
536 // are we rate limited, normally false
isRateLimited(mediametrics::Item *) const537 bool MediaMetricsService::isRateLimited(mediametrics::Item *) const
538 {
539 return false;
540 }
541
registerStatsdCallbacksIfNeeded()542 void MediaMetricsService::registerStatsdCallbacksIfNeeded()
543 {
544 if (mStatsdRegistered.test_and_set()) {
545 return;
546 }
547 auto tag = stats::media_metrics::MEDIA_DRM_ACTIVITY_INFO;
548 auto cb = MediaMetricsService::pullAtomCallback;
549 AStatsManager_setPullAtomCallback(tag, /* metadata */ nullptr, cb, this);
550 }
551
552 /* static */
isPullable(const std::string & key)553 bool MediaMetricsService::isPullable(const std::string &key)
554 {
555 static const std::set<std::string> pullableKeys{
556 "mediadrm",
557 };
558 return pullableKeys.count(key);
559 }
560
561 /* static */
atomTagToKey(int32_t atomTag)562 std::string MediaMetricsService::atomTagToKey(int32_t atomTag)
563 {
564 switch (atomTag) {
565 case stats::media_metrics::MEDIA_DRM_ACTIVITY_INFO:
566 return "mediadrm";
567 }
568 return {};
569 }
570
571 /* static */
pullAtomCallback(int32_t atomTag,AStatsEventList * data,void * cookie)572 AStatsManager_PullAtomCallbackReturn MediaMetricsService::pullAtomCallback(
573 int32_t atomTag, AStatsEventList* data, void* cookie)
574 {
575 MediaMetricsService* svc = reinterpret_cast<MediaMetricsService*>(cookie);
576 return svc->pullItems(atomTag, data);
577 }
578
pullItems(int32_t atomTag,AStatsEventList * data)579 AStatsManager_PullAtomCallbackReturn MediaMetricsService::pullItems(
580 int32_t atomTag, AStatsEventList* data)
581 {
582 const std::string key(atomTagToKey(atomTag));
583 if (key.empty()) {
584 return AStatsManager_PULL_SKIP;
585 }
586 std::lock_guard _l(mLock);
587 bool dumped = false;
588 for (auto &item : mPullableItems[key]) {
589 if (const auto sitem = item.lock()) {
590 dumped |= dump2Statsd(sitem, data, mStatsdLog);
591 }
592 }
593 mPullableItems[key].clear();
594 return dumped ? AStatsManager_PULL_SUCCESS : AStatsManager_PULL_SKIP;
595 }
596 } // namespace android
597