1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_SENSOR_SERVICE_H 18 #define ANDROID_SENSOR_SERVICE_H 19 20 #include "SensorList.h" 21 #include "RecentEventLogger.h" 22 23 #include <android-base/macros.h> 24 #include <binder/AppOpsManager.h> 25 #include <binder/BinderService.h> 26 #include <binder/IUidObserver.h> 27 #include <cutils/compiler.h> 28 #include <cutils/multiuser.h> 29 #include <sensor/ISensorServer.h> 30 #include <sensor/ISensorEventConnection.h> 31 #include <sensor/Sensor.h> 32 #include "android/hardware/BnSensorPrivacyListener.h" 33 34 #include <utils/AndroidThreads.h> 35 #include <utils/KeyedVector.h> 36 #include <utils/Looper.h> 37 #include <utils/SortedVector.h> 38 #include <utils/String8.h> 39 #include <utils/Vector.h> 40 #include <utils/threads.h> 41 42 #include <stdint.h> 43 #include <sys/types.h> 44 #include <unordered_map> 45 #include <unordered_set> 46 #include <vector> 47 48 #if __clang__ 49 // Clang warns about SensorEventConnection::dump hiding BBinder::dump. The cause isn't fixable 50 // without changing the API, so let's tell clang this is indeed intentional. 51 #pragma clang diagnostic ignored "-Woverloaded-virtual" 52 #endif 53 54 // --------------------------------------------------------------------------- 55 #define IGNORE_HARDWARE_FUSION false 56 #define DEBUG_CONNECTIONS false 57 // Max size is 100 KB which is enough to accept a batch of about 1000 events. 58 #define MAX_SOCKET_BUFFER_SIZE_BATCHED (100 * 1024) 59 // For older HALs which don't support batching, use a smaller socket buffer size. 60 #define SOCKET_BUFFER_SIZE_NON_BATCHED (4 * 1024) 61 62 #define SENSOR_REGISTRATIONS_BUF_SIZE 200 63 64 namespace android { 65 // --------------------------------------------------------------------------- 66 class SensorInterface; 67 68 class SensorService : 69 public BinderService<SensorService>, 70 public BnSensorServer, 71 protected Thread 72 { 73 // nested class/struct for internal use 74 class SensorEventConnection; 75 class SensorDirectConnection; 76 77 public: 78 void cleanupConnection(SensorEventConnection* connection); 79 void cleanupConnection(SensorDirectConnection* c); 80 81 status_t enable(const sp<SensorEventConnection>& connection, int handle, 82 nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags, 83 const String16& opPackageName); 84 85 status_t disable(const sp<SensorEventConnection>& connection, int handle); 86 87 status_t setEventRate(const sp<SensorEventConnection>& connection, int handle, nsecs_t ns, 88 const String16& opPackageName); 89 90 status_t flushSensor(const sp<SensorEventConnection>& connection, 91 const String16& opPackageName); 92 93 94 virtual status_t shellCommand(int in, int out, int err, Vector<String16>& args); 95 96 private: 97 friend class BinderService<SensorService>; 98 99 // nested class/struct for internal use 100 class ConnectionSafeAutolock; 101 class SensorConnectionHolder; 102 class SensorEventAckReceiver; 103 class SensorRecord; 104 class SensorRegistrationInfo; 105 106 // Promoting a SensorEventConnection or SensorDirectConnection from wp to sp must be done with 107 // mLock held, but destroying that sp must be done unlocked to avoid a race condition that 108 // causes a deadlock (remote dies while we hold a local sp, then our decStrong() call invokes 109 // the dtor -> cleanupConnection() tries to re-lock the mutex). This class ensures safe usage 110 // by wrapping a Mutex::Autolock on SensorService's mLock, plus vectors that hold promoted sp<> 111 // references until the lock is released, when they are safely destroyed. 112 // All read accesses to the connection lists in mConnectionHolder must be done via this class. 113 class ConnectionSafeAutolock final { 114 public: 115 // Returns a list of non-null promoted connection references 116 const std::vector<sp<SensorEventConnection>>& getActiveConnections(); 117 const std::vector<sp<SensorDirectConnection>>& getDirectConnections(); 118 119 private: 120 // Constructed via SensorConnectionHolder::lock() 121 friend class SensorConnectionHolder; 122 explicit ConnectionSafeAutolock(SensorConnectionHolder& holder, Mutex& mutex); 123 DISALLOW_IMPLICIT_CONSTRUCTORS(ConnectionSafeAutolock); 124 125 // NOTE: Order of these members is important, as the destructor for non-static members 126 // get invoked in the reverse order of their declaration. Here we are relying on the 127 // Autolock to be destroyed *before* the vectors, so the sp<> objects are destroyed without 128 // the lock held, which avoids the deadlock. 129 SensorConnectionHolder& mConnectionHolder; 130 std::vector<std::vector<sp<SensorEventConnection>>> mReferencedActiveConnections; 131 std::vector<std::vector<sp<SensorDirectConnection>>> mReferencedDirectConnections; 132 Mutex::Autolock mAutolock; 133 134 template<typename ConnectionType> 135 const std::vector<sp<ConnectionType>>& getConnectionsHelper( 136 const SortedVector<wp<ConnectionType>>& connectionList, 137 std::vector<std::vector<sp<ConnectionType>>>* referenceHolder); 138 }; 139 140 // Encapsulates the collection of active SensorEventConection and SensorDirectConnection 141 // references. Write access is done through this class with mLock held, but all read access 142 // must be routed through ConnectionSafeAutolock. 143 class SensorConnectionHolder { 144 public: 145 void addEventConnectionIfNotPresent(const sp<SensorEventConnection>& connection); 146 void removeEventConnection(const wp<SensorEventConnection>& connection); 147 148 void addDirectConnection(const sp<SensorDirectConnection>& connection); 149 void removeDirectConnection(const wp<SensorDirectConnection>& connection); 150 151 // Pass in the mutex that protects this connection holder; acquires the lock and returns an 152 // object that can be used to safely read the lists of connections 153 ConnectionSafeAutolock lock(Mutex& mutex); 154 155 private: 156 friend class ConnectionSafeAutolock; 157 SortedVector< wp<SensorEventConnection> > mActiveConnections; 158 SortedVector< wp<SensorDirectConnection> > mDirectConnections; 159 }; 160 161 // If accessing a sensor we need to make sure the UID has access to it. If 162 // the app UID is idle then it cannot access sensors and gets no trigger 163 // events, no on-change events, flush event behavior does not change, and 164 // recurring events are the same as the first one delivered in idle state 165 // emulating no sensor change. As soon as the app UID transitions to an 166 // active state we will start reporting events as usual and vise versa. This 167 // approach transparently handles observing sensors while the app UID transitions 168 // between idle/active state avoiding to get stuck in a state receiving sensor 169 // data while idle or not receiving sensor data while active. 170 class UidPolicy : public BnUidObserver { 171 public: UidPolicy(wp<SensorService> service)172 explicit UidPolicy(wp<SensorService> service) 173 : mService(service) {} 174 void registerSelf(); 175 void unregisterSelf(); 176 177 bool isUidActive(uid_t uid); 178 179 void onUidGone(uid_t uid, bool disabled); 180 void onUidActive(uid_t uid); 181 void onUidIdle(uid_t uid, bool disabled); onUidStateChanged(uid_t uid __unused,int32_t procState __unused,int64_t procStateSeq __unused)182 void onUidStateChanged(uid_t uid __unused, int32_t procState __unused, 183 int64_t procStateSeq __unused) {} 184 185 void addOverrideUid(uid_t uid, bool active); 186 void removeOverrideUid(uid_t uid); 187 private: 188 bool isUidActiveLocked(uid_t uid); 189 void updateOverrideUid(uid_t uid, bool active, bool insert); 190 191 Mutex mUidLock; 192 wp<SensorService> mService; 193 std::unordered_set<uid_t> mActiveUids; 194 std::unordered_map<uid_t, bool> mOverrideUids; 195 }; 196 197 // Sensor privacy allows a user to disable access to all sensors on the device. When 198 // enabled sensor privacy will prevent all apps, including active apps, from accessing 199 // sensors, they will not receive trigger nor on-change events, flush event behavior 200 // does not change, and recurring events are the same as the first one delivered when 201 // sensor privacy was enabled. All sensor direct connections will be stopped as well 202 // and new direct connections will not be allowed while sensor privacy is enabled. 203 // Once sensor privacy is disabled access to sensors will be restored for active 204 // apps, previously stopped direct connections will be restarted, and new direct 205 // connections will be allowed again. 206 class SensorPrivacyPolicy : public hardware::BnSensorPrivacyListener { 207 public: SensorPrivacyPolicy(wp<SensorService> service)208 explicit SensorPrivacyPolicy(wp<SensorService> service) : mService(service) {} 209 void registerSelf(); 210 void unregisterSelf(); 211 212 bool isSensorPrivacyEnabled(); 213 214 binder::Status onSensorPrivacyChanged(bool enabled); 215 216 private: 217 wp<SensorService> mService; 218 std::atomic_bool mSensorPrivacyEnabled; 219 }; 220 221 enum Mode { 222 // The regular operating mode where any application can register/unregister/call flush on 223 // sensors. 224 NORMAL = 0, 225 // This mode is only used for testing purposes. Not all HALs support this mode. In this mode, 226 // the HAL ignores the sensor data provided by physical sensors and accepts the data that is 227 // injected from the SensorService as if it were the real sensor data. This mode is primarily 228 // used for testing various algorithms like vendor provided SensorFusion, Step Counter and 229 // Step Detector etc. Typically in this mode, there will be a client (a 230 // SensorEventConnection) which will be injecting sensor data into the HAL. Normal apps can 231 // unregister and register for any sensor that supports injection. Registering to sensors 232 // that do not support injection will give an error. TODO(aakella) : Allow exactly one 233 // client to inject sensor data at a time. 234 DATA_INJECTION = 1, 235 // This mode is used only for testing sensors. Each sensor can be tested in isolation with 236 // the required sampling_rate and maxReportLatency parameters without having to think about 237 // the data rates requested by other applications. End user devices are always expected to be 238 // in NORMAL mode. When this mode is first activated, all active sensors from all connections 239 // are disabled. Calling flush() will return an error. In this mode, only the requests from 240 // selected apps whose package names are whitelisted are allowed (typically CTS apps). Only 241 // these apps can register/unregister/call flush() on sensors. If SensorService switches to 242 // NORMAL mode again, all sensors that were previously registered to are activated with the 243 // corresponding paramaters if the application hasn't unregistered for sensors in the mean 244 // time. NOTE: Non whitelisted app whose sensors were previously deactivated may still 245 // receive events if a whitelisted app requests data from the same sensor. 246 RESTRICTED = 2 247 248 // State Transitions supported. 249 // RESTRICTED <--- NORMAL ---> DATA_INJECTION 250 // ---> <--- 251 252 // Shell commands to switch modes in SensorService. 253 // 1) Put SensorService in RESTRICTED mode with packageName .cts. If it is already in 254 // restricted mode it is treated as a NO_OP (and packageName is NOT changed). 255 // 256 // $ adb shell dumpsys sensorservice restrict .cts. 257 // 258 // 2) Put SensorService in DATA_INJECTION mode with packageName .xts. If it is already in 259 // data_injection mode it is treated as a NO_OP (and packageName is NOT changed). 260 // 261 // $ adb shell dumpsys sensorservice data_injection .xts. 262 // 263 // 3) Reset sensorservice back to NORMAL mode. 264 // $ adb shell dumpsys sensorservice enable 265 }; 266 267 static const char* WAKE_LOCK_NAME; getServiceName()268 static char const* getServiceName() ANDROID_API { return "sensorservice"; } 269 SensorService() ANDROID_API; 270 virtual ~SensorService(); 271 272 virtual void onFirstRef(); 273 274 // Thread interface 275 virtual bool threadLoop(); 276 277 // ISensorServer interface 278 virtual Vector<Sensor> getSensorList(const String16& opPackageName); 279 virtual Vector<Sensor> getDynamicSensorList(const String16& opPackageName); 280 virtual sp<ISensorEventConnection> createSensorEventConnection( 281 const String8& packageName, 282 int requestedMode, const String16& opPackageName); 283 virtual int isDataInjectionEnabled(); 284 virtual sp<ISensorEventConnection> createSensorDirectConnection(const String16& opPackageName, 285 uint32_t size, int32_t type, int32_t format, const native_handle *resource); 286 virtual int setOperationParameter( 287 int32_t handle, int32_t type, const Vector<float> &floats, const Vector<int32_t> &ints); 288 virtual status_t dump(int fd, const Vector<String16>& args); 289 String8 getSensorName(int handle) const; 290 bool isVirtualSensor(int handle) const; 291 sp<SensorInterface> getSensorInterfaceFromHandle(int handle) const; 292 bool isWakeUpSensor(int type) const; 293 void recordLastValueLocked(sensors_event_t const* buffer, size_t count); 294 static void sortEventBuffer(sensors_event_t* buffer, size_t count); 295 const Sensor& registerSensor(SensorInterface* sensor, 296 bool isDebug = false, bool isVirtual = false); 297 const Sensor& registerVirtualSensor(SensorInterface* sensor, bool isDebug = false); 298 const Sensor& registerDynamicSensorLocked(SensorInterface* sensor, bool isDebug = false); 299 bool unregisterDynamicSensorLocked(int handle); 300 status_t cleanupWithoutDisable(const sp<SensorEventConnection>& connection, int handle); 301 status_t cleanupWithoutDisableLocked(const sp<SensorEventConnection>& connection, int handle); 302 void cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection, 303 sensors_event_t const* buffer, const int count); 304 static bool canAccessSensor(const Sensor& sensor, const char* operation, 305 const String16& opPackageName); 306 static bool hasPermissionForSensor(const Sensor& sensor); 307 static int getTargetSdkVersion(const String16& opPackageName); 308 // SensorService acquires a partial wakelock for delivering events from wake up sensors. This 309 // method checks whether all the events from these wake up sensors have been delivered to the 310 // corresponding applications, if yes the wakelock is released. 311 void checkWakeLockState(); 312 void checkWakeLockStateLocked(ConnectionSafeAutolock* connLock); 313 bool isWakeLockAcquired(); 314 bool isWakeUpSensorEvent(const sensors_event_t& event) const; 315 316 sp<Looper> getLooper() const; 317 318 // Reset mWakeLockRefCounts for all SensorEventConnections to zero. This may happen if 319 // SensorService did not receive any acknowledgements from apps which have registered for 320 // wake_up sensors. 321 void resetAllWakeLockRefCounts(); 322 323 // Acquire or release wake_lock. If wake_lock is acquired, set the timeout in the looper to 5 324 // seconds and wake the looper. 325 void setWakeLockAcquiredLocked(bool acquire); 326 327 // Send events from the event cache for this particular connection. 328 void sendEventsFromCache(const sp<SensorEventConnection>& connection); 329 330 // If SensorService is operating in RESTRICTED mode, only select whitelisted packages are 331 // allowed to register for or call flush on sensors. Typically only cts test packages are 332 // allowed. 333 bool isWhiteListedPackage(const String8& packageName); 334 bool isOperationPermitted(const String16& opPackageName); 335 336 // Reset the state of SensorService to NORMAL mode. 337 status_t resetToNormalMode(); 338 status_t resetToNormalModeLocked(); 339 340 // Transforms the UUIDs for all the sensors into proper IDs. 341 void makeUuidsIntoIdsForSensorList(Vector<Sensor> &sensorList) const; 342 // Gets the appropriate ID from the given UUID. 343 int32_t getIdFromUuid(const Sensor::uuid_t &uuid) const; 344 // Either read from storage or create a new one. 345 static bool initializeHmacKey(); 346 347 // Enable SCHED_FIFO priority for thread 348 void enableSchedFifoMode(); 349 350 // Sets whether the given UID can get sensor data 351 void setSensorAccess(uid_t uid, bool hasAccess); 352 353 // Overrides the UID state as if it is idle 354 status_t handleSetUidState(Vector<String16>& args, int err); 355 // Clears the override for the UID state 356 status_t handleResetUidState(Vector<String16>& args, int err); 357 // Gets the UID state 358 status_t handleGetUidState(Vector<String16>& args, int out, int err); 359 // Prints the shell command help 360 status_t printHelp(int out); 361 362 // temporarily stops all active direct connections and disables all sensors 363 void disableAllSensors(); 364 void disableAllSensorsLocked(ConnectionSafeAutolock* connLock); 365 // restarts the previously stopped direct connections and enables all sensors 366 void enableAllSensors(); 367 void enableAllSensorsLocked(ConnectionSafeAutolock* connLock); 368 369 static uint8_t sHmacGlobalKey[128]; 370 static bool sHmacGlobalKeyIsValid; 371 372 SensorServiceUtil::SensorList mSensors; 373 status_t mInitCheck; 374 375 // Socket buffersize used to initialize BitTube. This size depends on whether batching is 376 // supported or not. 377 uint32_t mSocketBufferSize; 378 sp<Looper> mLooper; 379 sp<SensorEventAckReceiver> mAckReceiver; 380 381 // protected by mLock 382 mutable Mutex mLock; 383 DefaultKeyedVector<int, SensorRecord*> mActiveSensors; 384 std::unordered_set<int> mActiveVirtualSensors; 385 SensorConnectionHolder mConnectionHolder; 386 bool mWakeLockAcquired; 387 sensors_event_t *mSensorEventBuffer, *mSensorEventScratch; 388 // WARNING: these SensorEventConnection instances must not be promoted to sp, except via 389 // modification to add support for them in ConnectionSafeAutolock 390 wp<const SensorEventConnection> * mMapFlushEventsToConnections; 391 std::unordered_map<int, SensorServiceUtil::RecentEventLogger*> mRecentEvent; 392 Mode mCurrentOperatingMode; 393 394 // This packagaName is set when SensorService is in RESTRICTED or DATA_INJECTION mode. Only 395 // applications with this packageName are allowed to activate/deactivate or call flush on 396 // sensors. To run CTS this is can be set to ".cts." and only CTS tests will get access to 397 // sensors. 398 String8 mWhiteListedPackage; 399 400 int mNextSensorRegIndex; 401 Vector<SensorRegistrationInfo> mLastNSensorRegistrations; 402 403 sp<UidPolicy> mUidPolicy; 404 sp<SensorPrivacyPolicy> mSensorPrivacyPolicy; 405 406 static AppOpsManager sAppOpsManager; 407 static std::map<String16, int> sPackageTargetVersion; 408 static Mutex sPackageTargetVersionLock; 409 }; 410 411 } // namespace android 412 #endif // ANDROID_SENSOR_SERVICE_H 413