1 /*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <log/log.h>
18 #include <sys/socket.h>
19 #include <utils/threads.h>
20
21 #include <android/util/ProtoOutputStream.h>
22 #include <frameworks/base/core/proto/android/service/sensor_service.proto.h>
23 #include <sensor/SensorEventQueue.h>
24
25 #include "vec.h"
26 #include "BatteryService.h"
27 #include "SensorEventConnection.h"
28 #include "SensorDevice.h"
29
30 #define UNUSED(x) (void)(x)
31
32 namespace android {
33 namespace {
34
35 // Used as the default value for the target SDK until it's obtained via getTargetSdkVersion.
36 constexpr int kTargetSdkUnknown = 0;
37
38 } // namespace
39
SensorEventConnection(const sp<SensorService> & service,uid_t uid,String8 packageName,bool isDataInjectionMode,const String16 & opPackageName,const String16 & attributionTag)40 SensorService::SensorEventConnection::SensorEventConnection(
41 const sp<SensorService>& service, uid_t uid, String8 packageName, bool isDataInjectionMode,
42 const String16& opPackageName, const String16& attributionTag)
43 : mService(service), mUid(uid), mWakeLockRefCount(0), mHasLooperCallbacks(false),
44 mDead(false), mDataInjectionMode(isDataInjectionMode), mEventCache(nullptr),
45 mCacheSize(0), mMaxCacheSize(0), mTimeOfLastEventDrop(0), mEventsDropped(0),
46 mPackageName(packageName), mOpPackageName(opPackageName), mAttributionTag(attributionTag),
47 mTargetSdk(kTargetSdkUnknown), mDestroyed(false) {
48 mUserId = multiuser_get_user_id(mUid);
49 mChannel = new BitTube(mService->mSocketBufferSize);
50 #if DEBUG_CONNECTIONS
51 mEventsReceived = mEventsSentFromCache = mEventsSent = 0;
52 mTotalAcksNeeded = mTotalAcksReceived = 0;
53 #endif
54 }
55
~SensorEventConnection()56 SensorService::SensorEventConnection::~SensorEventConnection() {
57 ALOGD_IF(DEBUG_CONNECTIONS, "~SensorEventConnection(%p)", this);
58 destroy();
59 delete[] mEventCache;
60 }
61
destroy()62 void SensorService::SensorEventConnection::destroy() {
63 if (!mDestroyed.exchange(true)) {
64 mService->cleanupConnection(this);
65 }
66 }
67
onFirstRef()68 void SensorService::SensorEventConnection::onFirstRef() {
69 LooperCallback::onFirstRef();
70 }
71
needsWakeLock()72 bool SensorService::SensorEventConnection::needsWakeLock() {
73 Mutex::Autolock _l(mConnectionLock);
74 return !mDead && mWakeLockRefCount > 0;
75 }
76
resetWakeLockRefCount()77 void SensorService::SensorEventConnection::resetWakeLockRefCount() {
78 Mutex::Autolock _l(mConnectionLock);
79 mWakeLockRefCount = 0;
80 }
81
dump(String8 & result)82 void SensorService::SensorEventConnection::dump(String8& result) {
83 Mutex::Autolock _l(mConnectionLock);
84 result.appendFormat("\tOperating Mode: ");
85 if (!mService->isAllowListedPackage(getPackageName())) {
86 result.append("RESTRICTED\n");
87 } else if (mDataInjectionMode) {
88 result.append("DATA_INJECTION\n");
89 } else {
90 result.append("NORMAL\n");
91 }
92 result.appendFormat("\t %s | WakeLockRefCount %d | uid %d | cache size %d | "
93 "max cache size %d | has sensor access: %s\n",
94 mPackageName.c_str(), mWakeLockRefCount, mUid, mCacheSize, mMaxCacheSize,
95 hasSensorAccess() ? "true" : "false");
96 for (auto& it : mSensorInfo) {
97 const FlushInfo& flushInfo = it.second;
98 result.appendFormat("\t %s 0x%08x | first flush pending: %s | pending flush events %d \n",
99 mService->getSensorName(it.first).c_str(), it.first,
100 flushInfo.mFirstFlushPending ? "true" : "false",
101 flushInfo.mPendingFlushEventsToSend);
102 }
103 #if DEBUG_CONNECTIONS
104 result.appendFormat("\t events recvd: %d | sent %d | cache %d | dropped %d |"
105 " total_acks_needed %d | total_acks_recvd %d\n",
106 mEventsReceived,
107 mEventsSent,
108 mEventsSentFromCache,
109 mEventsReceived - (mEventsSentFromCache + mEventsSent + mCacheSize),
110 mTotalAcksNeeded,
111 mTotalAcksReceived);
112 #endif
113 }
114
115 /**
116 * Dump debugging information as android.service.SensorEventConnectionProto protobuf message using
117 * ProtoOutputStream.
118 *
119 * See proto definition and some notes about ProtoOutputStream in
120 * frameworks/base/core/proto/android/service/sensor_service.proto
121 */
dump(util::ProtoOutputStream * proto) const122 void SensorService::SensorEventConnection::dump(util::ProtoOutputStream* proto) const {
123 using namespace service::SensorEventConnectionProto;
124 Mutex::Autolock _l(mConnectionLock);
125
126 if (!mService->isAllowListedPackage(getPackageName())) {
127 proto->write(OPERATING_MODE, OP_MODE_RESTRICTED);
128 } else if (mDataInjectionMode) {
129 proto->write(OPERATING_MODE, OP_MODE_DATA_INJECTION);
130 } else {
131 proto->write(OPERATING_MODE, OP_MODE_NORMAL);
132 }
133 proto->write(PACKAGE_NAME, std::string(mPackageName.c_str()));
134 proto->write(WAKE_LOCK_REF_COUNT, int32_t(mWakeLockRefCount));
135 proto->write(UID, int32_t(mUid));
136 proto->write(CACHE_SIZE, int32_t(mCacheSize));
137 proto->write(MAX_CACHE_SIZE, int32_t(mMaxCacheSize));
138 for (auto& it : mSensorInfo) {
139 const FlushInfo& flushInfo = it.second;
140 const uint64_t token = proto->start(FLUSH_INFOS);
141 proto->write(FlushInfoProto::SENSOR_NAME,
142 std::string(mService->getSensorName(it.first)));
143 proto->write(FlushInfoProto::SENSOR_HANDLE, it.first);
144 proto->write(FlushInfoProto::FIRST_FLUSH_PENDING, flushInfo.mFirstFlushPending);
145 proto->write(FlushInfoProto::PENDING_FLUSH_EVENTS_TO_SEND,
146 flushInfo.mPendingFlushEventsToSend);
147 proto->end(token);
148 }
149 #if DEBUG_CONNECTIONS
150 proto->write(EVENTS_RECEIVED, mEventsReceived);
151 proto->write(EVENTS_SENT, mEventsSent);
152 proto->write(EVENTS_CACHE, mEventsSentFromCache);
153 proto->write(EVENTS_DROPPED, mEventsReceived - (mEventsSentFromCache + mEventsSent +
154 mCacheSize));
155 proto->write(TOTAL_ACKS_NEEDED, mTotalAcksNeeded);
156 proto->write(TOTAL_ACKS_RECEIVED, mTotalAcksReceived);
157 #endif
158 }
159
addSensor(int32_t handle)160 bool SensorService::SensorEventConnection::addSensor(int32_t handle) {
161 Mutex::Autolock _l(mConnectionLock);
162 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
163 if (si == nullptr ||
164 !mService->canAccessSensor(si->getSensor(), "Add to SensorEventConnection: ",
165 mOpPackageName) ||
166 mSensorInfo.count(handle) > 0) {
167 return false;
168 }
169 mSensorInfo[handle] = FlushInfo();
170 return true;
171 }
172
removeSensor(int32_t handle)173 bool SensorService::SensorEventConnection::removeSensor(int32_t handle) {
174 Mutex::Autolock _l(mConnectionLock);
175 if (mSensorInfo.erase(handle) > 0) {
176 return true;
177 }
178 return false;
179 }
180
getActiveSensorHandles() const181 std::vector<int32_t> SensorService::SensorEventConnection::getActiveSensorHandles() const {
182 Mutex::Autolock _l(mConnectionLock);
183 std::vector<int32_t> list;
184 for (auto& it : mSensorInfo) {
185 list.push_back(it.first);
186 }
187 return list;
188 }
189
hasSensor(int32_t handle) const190 bool SensorService::SensorEventConnection::hasSensor(int32_t handle) const {
191 Mutex::Autolock _l(mConnectionLock);
192 return mSensorInfo.count(handle) > 0;
193 }
194
hasAnySensor() const195 bool SensorService::SensorEventConnection::hasAnySensor() const {
196 Mutex::Autolock _l(mConnectionLock);
197 return mSensorInfo.size() ? true : false;
198 }
199
hasOneShotSensors() const200 bool SensorService::SensorEventConnection::hasOneShotSensors() const {
201 Mutex::Autolock _l(mConnectionLock);
202 for (auto &it : mSensorInfo) {
203 const int handle = it.first;
204 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
205 if (si != nullptr && si->getSensor().getReportingMode() == AREPORTING_MODE_ONE_SHOT) {
206 return true;
207 }
208 }
209 return false;
210 }
211
getPackageName() const212 String8 SensorService::SensorEventConnection::getPackageName() const {
213 return mPackageName;
214 }
215
setFirstFlushPending(int32_t handle,bool value)216 void SensorService::SensorEventConnection::setFirstFlushPending(int32_t handle,
217 bool value) {
218 Mutex::Autolock _l(mConnectionLock);
219 if (mSensorInfo.count(handle) > 0) {
220 FlushInfo& flushInfo = mSensorInfo[handle];
221 flushInfo.mFirstFlushPending = value;
222 }
223 }
224
updateLooperRegistration(const sp<Looper> & looper)225 void SensorService::SensorEventConnection::updateLooperRegistration(const sp<Looper>& looper) {
226 Mutex::Autolock _l(mConnectionLock);
227 updateLooperRegistrationLocked(looper);
228 }
229
updateLooperRegistrationLocked(const sp<Looper> & looper)230 void SensorService::SensorEventConnection::updateLooperRegistrationLocked(
231 const sp<Looper>& looper) {
232 bool isConnectionActive = (mSensorInfo.size() > 0 && !mDataInjectionMode) ||
233 mDataInjectionMode;
234 // If all sensors are unregistered OR Looper has encountered an error, we can remove the Fd from
235 // the Looper if it has been previously added.
236 if (!isConnectionActive || mDead) { if (mHasLooperCallbacks) {
237 ALOGD_IF(DEBUG_CONNECTIONS, "%p removeFd fd=%d", this,
238 mChannel->getSendFd());
239 looper->removeFd(mChannel->getSendFd()); mHasLooperCallbacks = false; }
240 return; }
241
242 int looper_flags = 0;
243 if (mCacheSize > 0) looper_flags |= ALOOPER_EVENT_OUTPUT;
244 if (mDataInjectionMode) looper_flags |= ALOOPER_EVENT_INPUT;
245 for (auto& it : mSensorInfo) {
246 const int handle = it.first;
247 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
248 if (si != nullptr && si->getSensor().isWakeUpSensor()) {
249 looper_flags |= ALOOPER_EVENT_INPUT;
250 }
251 }
252
253 // If flags is still set to zero, we don't need to add this fd to the Looper, if the fd has
254 // already been added, remove it. This is likely to happen when ALL the events stored in the
255 // cache have been sent to the corresponding app.
256 if (looper_flags == 0) {
257 if (mHasLooperCallbacks) {
258 ALOGD_IF(DEBUG_CONNECTIONS, "removeFd fd=%d", mChannel->getSendFd());
259 looper->removeFd(mChannel->getSendFd());
260 mHasLooperCallbacks = false;
261 }
262 return;
263 }
264
265 // Add the file descriptor to the Looper for receiving acknowledegments if the app has
266 // registered for wake-up sensors OR for sending events in the cache.
267 int ret = looper->addFd(mChannel->getSendFd(), 0, looper_flags, this, nullptr);
268 if (ret == 1) {
269 ALOGD_IF(DEBUG_CONNECTIONS, "%p addFd fd=%d", this, mChannel->getSendFd());
270 mHasLooperCallbacks = true;
271 } else {
272 ALOGE("Looper::addFd failed ret=%d fd=%d", ret, mChannel->getSendFd());
273 }
274 }
275
incrementPendingFlushCountIfHasAccess(int32_t handle)276 bool SensorService::SensorEventConnection::incrementPendingFlushCountIfHasAccess(int32_t handle) {
277 if (hasSensorAccess()) {
278 Mutex::Autolock _l(mConnectionLock);
279 if (mSensorInfo.count(handle) > 0) {
280 FlushInfo& flushInfo = mSensorInfo[handle];
281 flushInfo.mPendingFlushEventsToSend++;
282 }
283 return true;
284 } else {
285 return false;
286 }
287 }
288
sendEvents(sensors_event_t const * buffer,size_t numEvents,sensors_event_t * scratch,wp<const SensorEventConnection> const * mapFlushEventsToConnections)289 status_t SensorService::SensorEventConnection::sendEvents(
290 sensors_event_t const* buffer, size_t numEvents,
291 sensors_event_t* scratch,
292 wp<const SensorEventConnection> const * mapFlushEventsToConnections) {
293 // filter out events not for this connection
294
295 std::unique_ptr<sensors_event_t[]> sanitizedBuffer;
296
297 int count = 0;
298 Mutex::Autolock _l(mConnectionLock);
299 if (scratch) {
300 size_t i=0;
301 while (i<numEvents) {
302 int32_t sensor_handle = buffer[i].sensor;
303 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
304 ALOGD_IF(DEBUG_CONNECTIONS, "flush complete event sensor==%d ",
305 buffer[i].meta_data.sensor);
306 // Setting sensor_handle to the correct sensor to ensure the sensor events per
307 // connection are filtered correctly. buffer[i].sensor is zero for meta_data
308 // events.
309 sensor_handle = buffer[i].meta_data.sensor;
310 }
311
312 // Check if this connection has registered for this sensor. If not continue to the
313 // next sensor_event.
314 if (mSensorInfo.count(sensor_handle) == 0) {
315 ++i;
316 continue;
317 }
318
319 FlushInfo& flushInfo = mSensorInfo[sensor_handle];
320 // Check if there is a pending flush_complete event for this sensor on this connection.
321 if (buffer[i].type == SENSOR_TYPE_META_DATA && flushInfo.mFirstFlushPending == true &&
322 mapFlushEventsToConnections[i] == this) {
323 flushInfo.mFirstFlushPending = false;
324 ALOGD_IF(DEBUG_CONNECTIONS, "First flush event for sensor==%d ",
325 buffer[i].meta_data.sensor);
326 ++i;
327 continue;
328 }
329
330 // If there is a pending flush complete event for this sensor on this connection,
331 // ignore the event and proceed to the next.
332 if (flushInfo.mFirstFlushPending) {
333 ++i;
334 continue;
335 }
336
337 do {
338 // Keep copying events into the scratch buffer as long as they are regular
339 // sensor_events are from the same sensor_handle OR they are flush_complete_events
340 // from the same sensor_handle AND the current connection is mapped to the
341 // corresponding flush_complete_event.
342 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
343 if (mapFlushEventsToConnections[i] == this) {
344 scratch[count++] = buffer[i];
345 }
346 } else {
347 // Regular sensor event, just copy it to the scratch buffer after checking
348 // the AppOp.
349 if (hasSensorAccess() && noteOpIfRequired(buffer[i])) {
350 scratch[count++] = buffer[i];
351 }
352 }
353 i++;
354 } while ((i<numEvents) && ((buffer[i].sensor == sensor_handle &&
355 buffer[i].type != SENSOR_TYPE_META_DATA) ||
356 (buffer[i].type == SENSOR_TYPE_META_DATA &&
357 buffer[i].meta_data.sensor == sensor_handle)));
358 }
359 } else {
360 if (hasSensorAccess()) {
361 scratch = const_cast<sensors_event_t *>(buffer);
362 count = numEvents;
363 } else {
364 sanitizedBuffer.reset(new sensors_event_t[numEvents]);
365 scratch = sanitizedBuffer.get();
366 for (size_t i = 0; i < numEvents; i++) {
367 if (buffer[i].type == SENSOR_TYPE_META_DATA) {
368 scratch[count++] = buffer[i++];
369 }
370 }
371 }
372 }
373
374 sendPendingFlushEventsLocked();
375 // Early return if there are no events for this connection.
376 if (count == 0) {
377 return status_t(NO_ERROR);
378 }
379
380 #if DEBUG_CONNECTIONS
381 mEventsReceived += count;
382 #endif
383 if (mCacheSize != 0) {
384 // There are some events in the cache which need to be sent first. Copy this buffer to
385 // the end of cache.
386 appendEventsToCacheLocked(scratch, count);
387 return status_t(NO_ERROR);
388 }
389
390 int index_wake_up_event = -1;
391 if (hasSensorAccess()) {
392 index_wake_up_event = findWakeUpSensorEventLocked(scratch, count);
393 if (index_wake_up_event >= 0) {
394 BatteryService::noteWakeupSensorEvent(scratch[index_wake_up_event].timestamp,
395 mUid, scratch[index_wake_up_event].sensor);
396 scratch[index_wake_up_event].flags |= WAKE_UP_SENSOR_EVENT_NEEDS_ACK;
397 ++mWakeLockRefCount;
398 #if DEBUG_CONNECTIONS
399 ++mTotalAcksNeeded;
400 #endif
401 }
402 }
403
404 // NOTE: ASensorEvent and sensors_event_t are the same type.
405 ssize_t size = SensorEventQueue::write(mChannel,
406 reinterpret_cast<ASensorEvent const*>(scratch), count);
407 if (size < 0) {
408 // Write error, copy events to local cache.
409 if (index_wake_up_event >= 0) {
410 // If there was a wake_up sensor_event, reset the flag.
411 scratch[index_wake_up_event].flags &= ~WAKE_UP_SENSOR_EVENT_NEEDS_ACK;
412 if (mWakeLockRefCount > 0) {
413 --mWakeLockRefCount;
414 }
415 #if DEBUG_CONNECTIONS
416 --mTotalAcksNeeded;
417 #endif
418 }
419 if (mEventCache == nullptr) {
420 mMaxCacheSize = computeMaxCacheSizeLocked();
421 mEventCache = new sensors_event_t[mMaxCacheSize];
422 mCacheSize = 0;
423 }
424 // Save the events so that they can be written later
425 appendEventsToCacheLocked(scratch, count);
426
427 // Add this file descriptor to the looper to get a callback when this fd is available for
428 // writing.
429 updateLooperRegistrationLocked(mService->getLooper());
430 return size;
431 }
432
433 #if DEBUG_CONNECTIONS
434 if (size > 0) {
435 mEventsSent += count;
436 }
437 #endif
438
439 return size < 0 ? status_t(size) : status_t(NO_ERROR);
440 }
441
hasSensorAccess()442 bool SensorService::SensorEventConnection::hasSensorAccess() {
443 return mService->isUidActive(mUid)
444 && !mService->mSensorPrivacyPolicy->isSensorPrivacyEnabled();
445 }
446
noteOpIfRequired(const sensors_event_t & event)447 bool SensorService::SensorEventConnection::noteOpIfRequired(const sensors_event_t& event) {
448 bool success = true;
449 const auto iter = mHandleToAppOp.find(event.sensor);
450 if (iter != mHandleToAppOp.end()) {
451 if (mTargetSdk == kTargetSdkUnknown) {
452 // getTargetSdkVersion returns -1 if it fails so this operation should only be run once
453 // per connection and then cached. Perform this here as opposed to in the constructor to
454 // avoid log spam for NDK/VNDK clients that don't use sensors guarded with permissions
455 // and pass in invalid op package names.
456 mTargetSdk = SensorService::getTargetSdkVersion(mOpPackageName);
457 }
458
459 // Special handling for step count/detect backwards compatibility: if the app's target SDK
460 // is pre-Q, still permit delivering events to the app even if permission isn't granted
461 // (since this permission was only introduced in Q)
462 if ((event.type == SENSOR_TYPE_STEP_COUNTER || event.type == SENSOR_TYPE_STEP_DETECTOR) &&
463 mTargetSdk > 0 && mTargetSdk <= __ANDROID_API_P__) {
464 success = true;
465 } else if (mUid == AID_SYSTEM) {
466 // Allow access if it is requested from system.
467 success = true;
468 } else {
469 int32_t sensorHandle = event.sensor;
470 String16 noteMsg("Sensor event (");
471 noteMsg.append(String16(mService->getSensorStringType(sensorHandle)));
472 noteMsg.append(String16(")"));
473 int32_t appOpMode = mService->sAppOpsManager.noteOp(iter->second, mUid, mOpPackageName,
474 mAttributionTag, noteMsg);
475 success = (appOpMode == AppOpsManager::MODE_ALLOWED);
476 }
477 }
478 return success;
479 }
480
reAllocateCacheLocked(sensors_event_t const * scratch,int count)481 void SensorService::SensorEventConnection::reAllocateCacheLocked(sensors_event_t const* scratch,
482 int count) {
483 sensors_event_t *eventCache_new;
484 const int new_cache_size = computeMaxCacheSizeLocked();
485 // Allocate new cache, copy over events from the old cache & scratch, free up memory.
486 eventCache_new = new sensors_event_t[new_cache_size];
487 memcpy(eventCache_new, mEventCache, mCacheSize * sizeof(sensors_event_t));
488 memcpy(&eventCache_new[mCacheSize], scratch, count * sizeof(sensors_event_t));
489
490 ALOGD_IF(DEBUG_CONNECTIONS, "reAllocateCacheLocked maxCacheSize=%d %d", mMaxCacheSize,
491 new_cache_size);
492
493 delete[] mEventCache;
494 mEventCache = eventCache_new;
495 mCacheSize += count;
496 mMaxCacheSize = new_cache_size;
497 }
498
appendEventsToCacheLocked(sensors_event_t const * events,int count)499 void SensorService::SensorEventConnection::appendEventsToCacheLocked(sensors_event_t const* events,
500 int count) {
501 if (count <= 0) {
502 return;
503 } else if (mCacheSize + count <= mMaxCacheSize) {
504 // The events fit within the current cache: add them
505 memcpy(&mEventCache[mCacheSize], events, count * sizeof(sensors_event_t));
506 mCacheSize += count;
507 } else if (mCacheSize + count <= computeMaxCacheSizeLocked()) {
508 // The events fit within a resized cache: resize the cache and add the events
509 reAllocateCacheLocked(events, count);
510 } else {
511 // The events do not fit within the cache: drop the oldest events.
512 int freeSpace = mMaxCacheSize - mCacheSize;
513
514 // Drop up to the currently cached number of events to make room for new events
515 int cachedEventsToDrop = std::min(mCacheSize, count - freeSpace);
516
517 // New events need to be dropped if there are more new events than the size of the cache
518 int newEventsToDrop = std::max(0, count - mMaxCacheSize);
519
520 // Determine the number of new events to copy into the cache
521 int eventsToCopy = std::min(mMaxCacheSize, count);
522
523 constexpr nsecs_t kMinimumTimeBetweenDropLogNs = 2 * 1000 * 1000 * 1000; // 2 sec
524 if (events[0].timestamp - mTimeOfLastEventDrop > kMinimumTimeBetweenDropLogNs) {
525 ALOGW("Dropping %d cached events (%d/%d) to save %d/%d new events. %d events previously"
526 " dropped", cachedEventsToDrop, mCacheSize, mMaxCacheSize, eventsToCopy,
527 count, mEventsDropped);
528 mEventsDropped = 0;
529 mTimeOfLastEventDrop = events[0].timestamp;
530 } else {
531 // Record the number dropped
532 mEventsDropped += cachedEventsToDrop + newEventsToDrop;
533 }
534
535 // Check for any flush complete events in the events that will be dropped
536 countFlushCompleteEventsLocked(mEventCache, cachedEventsToDrop);
537 countFlushCompleteEventsLocked(events, newEventsToDrop);
538
539 // Only shift the events if they will not all be overwritten
540 if (eventsToCopy != mMaxCacheSize) {
541 memmove(mEventCache, &mEventCache[cachedEventsToDrop],
542 (mCacheSize - cachedEventsToDrop) * sizeof(sensors_event_t));
543 }
544 mCacheSize -= cachedEventsToDrop;
545
546 // Copy the events into the cache
547 memcpy(&mEventCache[mCacheSize], &events[newEventsToDrop],
548 eventsToCopy * sizeof(sensors_event_t));
549 mCacheSize += eventsToCopy;
550 }
551 }
552
sendPendingFlushEventsLocked()553 void SensorService::SensorEventConnection::sendPendingFlushEventsLocked() {
554 ASensorEvent flushCompleteEvent;
555 memset(&flushCompleteEvent, 0, sizeof(flushCompleteEvent));
556 flushCompleteEvent.type = SENSOR_TYPE_META_DATA;
557 // Loop through all the sensors for this connection and check if there are any pending
558 // flush complete events to be sent.
559 for (auto& it : mSensorInfo) {
560 const int handle = it.first;
561 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
562 if (si == nullptr) {
563 continue;
564 }
565
566 FlushInfo& flushInfo = it.second;
567 while (flushInfo.mPendingFlushEventsToSend > 0) {
568 flushCompleteEvent.meta_data.sensor = handle;
569 bool wakeUpSensor = si->getSensor().isWakeUpSensor();
570 if (wakeUpSensor) {
571 ++mWakeLockRefCount;
572 flushCompleteEvent.flags |= WAKE_UP_SENSOR_EVENT_NEEDS_ACK;
573 }
574 ssize_t size = SensorEventQueue::write(mChannel, &flushCompleteEvent, 1);
575 if (size < 0) {
576 if (wakeUpSensor) --mWakeLockRefCount;
577 return;
578 }
579 ALOGD_IF(DEBUG_CONNECTIONS, "sent dropped flush complete event==%d ",
580 flushCompleteEvent.meta_data.sensor);
581 flushInfo.mPendingFlushEventsToSend--;
582 }
583 }
584 }
585
writeToSocketFromCache()586 void SensorService::SensorEventConnection::writeToSocketFromCache() {
587 // At a time write at most half the size of the receiver buffer in SensorEventQueue OR
588 // half the size of the socket buffer allocated in BitTube whichever is smaller.
589 const int maxWriteSize = helpers::min(SensorEventQueue::MAX_RECEIVE_BUFFER_EVENT_COUNT/2,
590 int(mService->mSocketBufferSize/(sizeof(sensors_event_t)*2)));
591 Mutex::Autolock _l(mConnectionLock);
592 // Send pending flush complete events (if any)
593 sendPendingFlushEventsLocked();
594 for (int numEventsSent = 0; numEventsSent < mCacheSize;) {
595 const int numEventsToWrite = helpers::min(mCacheSize - numEventsSent, maxWriteSize);
596 int index_wake_up_event = -1;
597 if (hasSensorAccess()) {
598 index_wake_up_event =
599 findWakeUpSensorEventLocked(mEventCache + numEventsSent, numEventsToWrite);
600 if (index_wake_up_event >= 0) {
601 mEventCache[index_wake_up_event + numEventsSent].flags |=
602 WAKE_UP_SENSOR_EVENT_NEEDS_ACK;
603 ++mWakeLockRefCount;
604 #if DEBUG_CONNECTIONS
605 ++mTotalAcksNeeded;
606 #endif
607 }
608 }
609
610 ssize_t size = SensorEventQueue::write(mChannel,
611 reinterpret_cast<ASensorEvent const*>(mEventCache + numEventsSent),
612 numEventsToWrite);
613 if (size < 0) {
614 if (index_wake_up_event >= 0) {
615 // If there was a wake_up sensor_event, reset the flag.
616 mEventCache[index_wake_up_event + numEventsSent].flags &=
617 ~WAKE_UP_SENSOR_EVENT_NEEDS_ACK;
618 if (mWakeLockRefCount > 0) {
619 --mWakeLockRefCount;
620 }
621 #if DEBUG_CONNECTIONS
622 --mTotalAcksNeeded;
623 #endif
624 }
625 memmove(mEventCache, &mEventCache[numEventsSent],
626 (mCacheSize - numEventsSent) * sizeof(sensors_event_t));
627 ALOGD_IF(DEBUG_CONNECTIONS, "wrote %d events from cache size==%d ",
628 numEventsSent, mCacheSize);
629 mCacheSize -= numEventsSent;
630 return;
631 }
632 numEventsSent += numEventsToWrite;
633 #if DEBUG_CONNECTIONS
634 mEventsSentFromCache += numEventsToWrite;
635 #endif
636 }
637 ALOGD_IF(DEBUG_CONNECTIONS, "wrote all events from cache size=%d ", mCacheSize);
638 // All events from the cache have been sent. Reset cache size to zero.
639 mCacheSize = 0;
640 // There are no more events in the cache. We don't need to poll for write on the fd.
641 // Update Looper registration.
642 updateLooperRegistrationLocked(mService->getLooper());
643 }
644
countFlushCompleteEventsLocked(sensors_event_t const * scratch,const int numEventsDropped)645 void SensorService::SensorEventConnection::countFlushCompleteEventsLocked(
646 sensors_event_t const* scratch, const int numEventsDropped) {
647 ALOGD_IF(DEBUG_CONNECTIONS, "dropping %d events ", numEventsDropped);
648 // Count flushComplete events in the events that are about to the dropped. These will be sent
649 // separately before the next batch of events.
650 for (int j = 0; j < numEventsDropped; ++j) {
651 if (scratch[j].type == SENSOR_TYPE_META_DATA) {
652 if (mSensorInfo.count(scratch[j].meta_data.sensor) == 0) {
653 ALOGW("%s: sensor 0x%x is not found in connection",
654 __func__, scratch[j].meta_data.sensor);
655 continue;
656 }
657
658 FlushInfo& flushInfo = mSensorInfo[scratch[j].meta_data.sensor];
659 flushInfo.mPendingFlushEventsToSend++;
660 ALOGD_IF(DEBUG_CONNECTIONS, "increment pendingFlushCount %d",
661 flushInfo.mPendingFlushEventsToSend);
662 }
663 }
664 return;
665 }
666
findWakeUpSensorEventLocked(sensors_event_t const * scratch,const int count)667 int SensorService::SensorEventConnection::findWakeUpSensorEventLocked(
668 sensors_event_t const* scratch, const int count) {
669 for (int i = 0; i < count; ++i) {
670 if (mService->isWakeUpSensorEvent(scratch[i])) {
671 return i;
672 }
673 }
674 return -1;
675 }
676
getSensorChannel() const677 sp<BitTube> SensorService::SensorEventConnection::getSensorChannel() const
678 {
679 return mChannel;
680 }
681
enableDisable(int handle,bool enabled,nsecs_t samplingPeriodNs,nsecs_t maxBatchReportLatencyNs,int reservedFlags)682 status_t SensorService::SensorEventConnection::enableDisable(
683 int handle, bool enabled, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs,
684 int reservedFlags)
685 {
686 if (mDestroyed) {
687 android_errorWriteLog(0x534e4554, "168211968");
688 return DEAD_OBJECT;
689 }
690
691 status_t err;
692 if (enabled) {
693 nsecs_t requestedSamplingPeriodNs = samplingPeriodNs;
694 bool isSensorCapped = false;
695 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
696 if (si != nullptr) {
697 const Sensor& s = si->getSensor();
698 if (mService->isSensorInCappedSet(s.getType())) {
699 isSensorCapped = true;
700 }
701 }
702 if (isSensorCapped) {
703 err = mService->adjustSamplingPeriodBasedOnMicAndPermission(&samplingPeriodNs,
704 String16(mOpPackageName));
705 if (err != OK) {
706 return err;
707 }
708 }
709 err = mService->enable(this, handle, samplingPeriodNs, maxBatchReportLatencyNs,
710 reservedFlags, mOpPackageName);
711 if (err == OK && isSensorCapped) {
712 if ((requestedSamplingPeriodNs >= SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS) ||
713 !isRateCappedBasedOnPermission()) {
714 Mutex::Autolock _l(mConnectionLock);
715 mMicSamplingPeriodBackup[handle] = requestedSamplingPeriodNs;
716 } else {
717 Mutex::Autolock _l(mConnectionLock);
718 mMicSamplingPeriodBackup[handle] = SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS;
719 }
720 }
721
722 } else {
723 err = mService->disable(this, handle);
724 Mutex::Autolock _l(mConnectionLock);
725 mMicSamplingPeriodBackup.erase(handle);
726 }
727 return err;
728 }
729
setEventRate(int handle,nsecs_t samplingPeriodNs)730 status_t SensorService::SensorEventConnection::setEventRate(int handle, nsecs_t samplingPeriodNs) {
731 if (mDestroyed) {
732 android_errorWriteLog(0x534e4554, "168211968");
733 return DEAD_OBJECT;
734 }
735
736 nsecs_t requestedSamplingPeriodNs = samplingPeriodNs;
737 bool isSensorCapped = false;
738 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
739 if (si != nullptr) {
740 const Sensor& s = si->getSensor();
741 if (mService->isSensorInCappedSet(s.getType())) {
742 isSensorCapped = true;
743 }
744 }
745 if (isSensorCapped) {
746 status_t err = mService->adjustSamplingPeriodBasedOnMicAndPermission(&samplingPeriodNs,
747 String16(mOpPackageName));
748 if (err != OK) {
749 return err;
750 }
751 }
752 status_t ret = mService->setEventRate(this, handle, samplingPeriodNs, mOpPackageName);
753 if (ret == OK && isSensorCapped) {
754 if ((requestedSamplingPeriodNs >= SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS) ||
755 !isRateCappedBasedOnPermission()) {
756 Mutex::Autolock _l(mConnectionLock);
757 mMicSamplingPeriodBackup[handle] = requestedSamplingPeriodNs;
758 } else {
759 Mutex::Autolock _l(mConnectionLock);
760 mMicSamplingPeriodBackup[handle] = SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS;
761 }
762 }
763 return ret;
764 }
765
onMicSensorAccessChanged(bool isMicToggleOn)766 void SensorService::SensorEventConnection::onMicSensorAccessChanged(bool isMicToggleOn) {
767 if (isMicToggleOn) {
768 capRates();
769 } else {
770 uncapRates();
771 }
772 }
773
capRates()774 void SensorService::SensorEventConnection::capRates() {
775 Mutex::Autolock _l(mConnectionLock);
776 SensorDevice& dev(SensorDevice::getInstance());
777 for (auto &i : mMicSamplingPeriodBackup) {
778 int handle = i.first;
779 nsecs_t samplingPeriodNs = i.second;
780 if (samplingPeriodNs < SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS) {
781 if (hasSensorAccess()) {
782 mService->setEventRate(this, handle, SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS,
783 mOpPackageName);
784 } else {
785 // Update SensorDevice with the capped rate so that when sensor access is restored,
786 // the correct event rate is used.
787 dev.onMicSensorAccessChanged(this, handle,
788 SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS);
789 }
790 }
791 }
792 }
793
uncapRates()794 void SensorService::SensorEventConnection::uncapRates() {
795 Mutex::Autolock _l(mConnectionLock);
796 SensorDevice& dev(SensorDevice::getInstance());
797 for (auto &i : mMicSamplingPeriodBackup) {
798 int handle = i.first;
799 nsecs_t samplingPeriodNs = i.second;
800 if (samplingPeriodNs < SENSOR_SERVICE_CAPPED_SAMPLING_PERIOD_NS) {
801 if (hasSensorAccess()) {
802 mService->setEventRate(this, handle, samplingPeriodNs, mOpPackageName);
803 } else {
804 // Update SensorDevice with the uncapped rate so that when sensor access is
805 // restored, the correct event rate is used.
806 dev.onMicSensorAccessChanged(this, handle, samplingPeriodNs);
807 }
808 }
809 }
810 }
811
flush()812 status_t SensorService::SensorEventConnection::flush() {
813 if (mDestroyed) {
814 return DEAD_OBJECT;
815 }
816
817 return mService->flushSensor(this, mOpPackageName);
818 }
819
configureChannel(int handle,int rateLevel)820 int32_t SensorService::SensorEventConnection::configureChannel(int handle, int rateLevel) {
821 // SensorEventConnection does not support configureChannel, parameters not used
822 UNUSED(handle);
823 UNUSED(rateLevel);
824 return INVALID_OPERATION;
825 }
826
handleEvent(int fd,int events,void *)827 int SensorService::SensorEventConnection::handleEvent(int fd, int events, void* /*data*/) {
828 if (events & ALOOPER_EVENT_HANGUP || events & ALOOPER_EVENT_ERROR) {
829 {
830 // If the Looper encounters some error, set the flag mDead, reset mWakeLockRefCount,
831 // and remove the fd from Looper. Call checkWakeLockState to know if SensorService
832 // can release the wake-lock.
833 ALOGD_IF(DEBUG_CONNECTIONS, "%p Looper error %d", this, fd);
834 Mutex::Autolock _l(mConnectionLock);
835 mDead = true;
836 mWakeLockRefCount = 0;
837 updateLooperRegistrationLocked(mService->getLooper());
838 }
839 mService->checkWakeLockState();
840 if (mDataInjectionMode) {
841 // If the Looper has encountered some error in data injection mode, reset SensorService
842 // back to normal mode.
843 mService->resetToNormalMode();
844 mDataInjectionMode = false;
845 }
846 return 1;
847 }
848
849 if (events & ALOOPER_EVENT_INPUT) {
850 unsigned char buf[sizeof(sensors_event_t)];
851 ssize_t numBytesRead = ::recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
852 {
853 Mutex::Autolock _l(mConnectionLock);
854 if (numBytesRead == sizeof(sensors_event_t)) {
855 if (!mDataInjectionMode) {
856 ALOGE("Data injected in normal mode, dropping event"
857 "package=%s uid=%d", mPackageName.c_str(), mUid);
858 // Unregister call backs.
859 return 0;
860 }
861 if (!mService->isAllowListedPackage(mPackageName)) {
862 ALOGE("App not allowed to inject data, dropping event"
863 "package=%s uid=%d", mPackageName.c_str(), mUid);
864 return 0;
865 }
866 sensors_event_t sensor_event;
867 memcpy(&sensor_event, buf, sizeof(sensors_event_t));
868 std::shared_ptr<SensorInterface> si =
869 mService->getSensorInterfaceFromHandle(sensor_event.sensor);
870 if (si == nullptr) {
871 return 1;
872 }
873
874 SensorDevice& dev(SensorDevice::getInstance());
875 sensor_event.type = si->getSensor().getType();
876 dev.injectSensorData(&sensor_event);
877 #if DEBUG_CONNECTIONS
878 ++mEventsReceived;
879 #endif
880 } else if (numBytesRead == sizeof(uint32_t)) {
881 uint32_t numAcks = 0;
882 memcpy(&numAcks, buf, numBytesRead);
883 // Check to ensure there are no read errors in recv, numAcks is always
884 // within the range and not zero. If any of the above don't hold reset
885 // mWakeLockRefCount to zero.
886 if (numAcks > 0 && numAcks < mWakeLockRefCount) {
887 mWakeLockRefCount -= numAcks;
888 } else {
889 mWakeLockRefCount = 0;
890 }
891 #if DEBUG_CONNECTIONS
892 mTotalAcksReceived += numAcks;
893 #endif
894 } else {
895 // Read error, reset wakelock refcount.
896 mWakeLockRefCount = 0;
897 }
898 }
899 // Check if wakelock can be released by sensorservice. mConnectionLock needs to be released
900 // here as checkWakeLockState() will need it.
901 if (mWakeLockRefCount == 0) {
902 mService->checkWakeLockState();
903 }
904 // continue getting callbacks.
905 return 1;
906 }
907
908 if (events & ALOOPER_EVENT_OUTPUT) {
909 // send sensor data that is stored in mEventCache for this connection.
910 mService->sendEventsFromCache(this);
911 }
912 return 1;
913 }
914
computeMaxCacheSizeLocked() const915 int SensorService::SensorEventConnection::computeMaxCacheSizeLocked() const {
916 size_t fifoWakeUpSensors = 0;
917 size_t fifoNonWakeUpSensors = 0;
918 for (auto& it : mSensorInfo) {
919 std::shared_ptr<SensorInterface> si = mService->getSensorInterfaceFromHandle(it.first);
920 if (si == nullptr) {
921 continue;
922 }
923 const Sensor& sensor = si->getSensor();
924 if (sensor.getFifoReservedEventCount() == sensor.getFifoMaxEventCount()) {
925 // Each sensor has a reserved fifo. Sum up the fifo sizes for all wake up sensors and
926 // non wake_up sensors.
927 if (sensor.isWakeUpSensor()) {
928 fifoWakeUpSensors += sensor.getFifoReservedEventCount();
929 } else {
930 fifoNonWakeUpSensors += sensor.getFifoReservedEventCount();
931 }
932 } else {
933 // Shared fifo. Compute the max of the fifo sizes for wake_up and non_wake up sensors.
934 if (sensor.isWakeUpSensor()) {
935 fifoWakeUpSensors = fifoWakeUpSensors > sensor.getFifoMaxEventCount() ?
936 fifoWakeUpSensors : sensor.getFifoMaxEventCount();
937
938 } else {
939 fifoNonWakeUpSensors = fifoNonWakeUpSensors > sensor.getFifoMaxEventCount() ?
940 fifoNonWakeUpSensors : sensor.getFifoMaxEventCount();
941
942 }
943 }
944 }
945 if (fifoWakeUpSensors + fifoNonWakeUpSensors == 0) {
946 // It is extremely unlikely that there is a write failure in non batch mode. Return a cache
947 // size that is equal to that of the batch mode.
948 // ALOGW("Write failure in non-batch mode");
949 return MAX_SOCKET_BUFFER_SIZE_BATCHED/sizeof(sensors_event_t);
950 }
951 return fifoWakeUpSensors + fifoNonWakeUpSensors;
952 }
953
954 } // namespace android
955
956