启动流程
原文链接:https://blog.csdn.net/weixin_43943188/article/details/88321101
开机自启动系统服务
/frameworks/base/services/java/com/android/server/SystemServer.java
1817 if (hasFeatureFingerprint) {
1818 traceBeginAndSlog("StartFingerprintSensor");
1819 mSystemServiceManager.startService(FingerprintService.class);
1820 traceEnd();
1821 }
判断了是否系统里面集成了指纹功能,执行startService(FingerprintService)
/frameworks/base/services/core/java/com/android/server/SystemServiceManager.java
124 public void startService(@NonNull final SystemService service) {
125 // Register it.
126 mServices.add(service);
127 // Start it.
128 long time = SystemClock.elapsedRealtime();
129 try {
130 service.onStart();
131 } catch (RuntimeException ex) {
132 throw new RuntimeException("Failed to start service " + service.getClass().getName()
133 + ": onStart threw an exception", ex);
134 }
135 warnIfTooLong(SystemClock.elapsedRealtime() - time, service, "onStart");
136 }
service.onStart(),这个意思就是FingerprintService.java里面的onStart将被调用
/frameworks/base/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
725 public void onStart() {
726 super.onStart();
727 publishBinderService(Context.FINGERPRINT_SERVICE, new FingerprintServiceWrapper());
728 SystemServerInitThreadPool.get().submit(this::getFingerprintDaemon, TAG + ".onStart");
729 }
调用this::getFingerprintDaemon,这是FingerprintService和HAL层进行通信
904 /** Gets the fingerprint daemon */
905 private synchronized IBiometricsFingerprint getFingerprintDaemon() {
906 if (mDaemon == null) {
907 Slog.v(TAG, "mDaemon was null, reconnect to fingerprint");
908 try {
909 mDaemon = IBiometricsFingerprint.getService();
910 } catch (java.util.NoSuchElementException e) {
911 // Service doesn't exist or cannot be opened. Logged below.
912 } catch (RemoteException e) {
913 Slog.e(TAG, "Failed to get biometric interface", e);
914 }
915 if (mDaemon == null) {
916 Slog.w(TAG, "fingerprint HIDL not available");
917 return null;
918 }
919
920 mDaemon.asBinder().linkToDeath(this, 0);
921
922 try {
923 mHalDeviceId = mDaemon.setNotify(mDaemonCallback);
924 } catch (RemoteException e) {
925 Slog.e(TAG, "Failed to open fingerprint HAL", e);
926 mDaemon = null; // try again later!
927 }
928
929 if (DEBUG) Slog.v(TAG, "Fingerprint HAL id: " + mHalDeviceId);
930 if (mHalDeviceId != 0) {
931 loadAuthenticatorIds();
932 updateActiveGroup(ActivityManager.getCurrentUser(), null);
933 doTemplateCleanupForUser(ActivityManager.getCurrentUser());
934 } else {
935 Slog.w(TAG, "Failed to open Fingerprint HAL!");
936 MetricsLogger.count(getContext(), "fingerprintd_openhal_error", 1);
937 mDaemon = null;
938 }
939 }
940 return mDaemon;
941 }
首先获取IBiometricsFingerprint服务.那这个服务是在哪呢,又是如何启动的呢?
909 mDaemon = IBiometricsFingerprint.getService();
进入到如下的路径:
/hardware/interfaces/biometrics/fingerprint/2.1/default/android.hardware.biometrics.fingerprint@2.1-service.rc
1 service vendor.fps_hal /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service
2 # "class hal" causes a race condition on some devices due to files created
3 # in /data. As a workaround, postpone startup until later in boot once
4 # /data is mounted.
5 class late_start
6 user system
7 group system input uhid
8 writepid /dev/cpuset/system-background/tasks
启动了一个android.hardware.biometrics.fingerprint@2.1-service服务
服务的内容是什么?
在同路径下Android.bp里有描述:
1 cc_binary {
2 name: "android.hardware.biometrics.fingerprint@2.1-service",
3 defaults: ["hidl_defaults"],
4 init_rc: ["android.hardware.biometrics.fingerprint@2.1-service.rc"],
5 vendor: true,
6 relative_install_path: "hw",
7 srcs: [
8 "BiometricsFingerprint.cpp",
9 "service.cpp",
10 ],
11
12 shared_libs: [
13 "libcutils",
14 "liblog",
15 "libhidlbase",
16 "libhidltransport",
17 "libhardware",
18 "libutils",
19 "android.hardware.biometrics.fingerprint@2.1",
20 ],
21
22 }
同路径下有两个源文件service.cpp 和BiometricsFingerprint.cpp
进入到service.cpp
32 int main() {
33 android::sp<IBiometricsFingerprint> bio = BiometricsFingerprint::getInstance();
34
35 configureRpcThreadpool(1, true /*callerWillJoin*/);
36
37 if (bio != nullptr) {
38 if (::android::OK != bio->registerAsService()) {
39 return 1;
40 }
41 } else {
42 ALOGE("Can't create instance of BiometricsFingerprint, nullptr");
43 }
44
45 joinRpcThreadpool();
46
47 return 0; // should never get here
48 }
上面代码是为了将bio注册为服务,这个服务是通过getInstance()方法得到的,bio是一个IBiometricsFingerprint类型的sp指针。
回到FingerprintService.java文件里getFingerprintDaemon方法
922 try {
923 mHalDeviceId = mDaemon.setNotify(mDaemonCallback);
924 } catch (RemoteException e) {
925 Slog.e(TAG, "Failed to open fingerprint HAL", e);
926 mDaemon = null; // try again later!
927 }
mDaemon就是刚刚提到的IBiometricsFingerprint类型服务。由于前面的rc自启动了这个服务,service.cpp里面是注册好了IBiometricsFingerprint的,所以这里可以拿到这个服务。
下面的操作如何解释
923 mHalDeviceId = mDaemon.setNotify(mDaemonCallback);
mDaemon看成是IBiometricsFingerprint类的对象。那这样是调用对象的成员函数。但是这个类并不是在进程FingerprintService.java里面的呀,似乎看起来就像调用本地接口一样,你可能想到了,对的,这里又是binder这个IPC进程间通信了。
通信的双方分别是:
/frameworks/base/services/core/java/com/android/server/fingerprint/FingerprintService.java
/hardware/interfaces/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
那FingerprintManager和FingerprintService进行binder通信,有IFingerprintService.aidl的AIDL语言,那这里是否有类似的呢?
有的!!这就是Android8.0新引入的binder接口了,/dev/hwbinder了,使用的语言是HIDL,后缀名是.hal文件。
文件在哪呢?
/hardware/interfaces/biometrics/fingerprint/2.1/IBiometricsFingerprint.hal
/hardware/interfaces/biometrics/fingerprint/2.1/IBiometricsFingerprintClientCallback.hal
IBiometricsFingerprint.hal文件里:
17 package android.hardware.biometrics.fingerprint@2.1;
18
19 import IBiometricsFingerprintClientCallback;
20
21 interface IBiometricsFingerprint {
22 /**
23 * Set notification callback:
24 * Registers a user function that must receive notifications from the HAL
25 * This call must block if the HAL state machine is in busy state until HAL
26 * leaves the busy state.
27 *
28 * @return deviceId is a unique handle for this fingerprint device
29 */
30 @callflow(next={"setActiveGroup"})
31 @entry
32 setNotify(IBiometricsFingerprintClientCallback clientCallback)
33 generates (uint64_t deviceId);
如上是有是有setNotify接口的。
所以FingerprintService.java就是通过hwbinder也就是新的HIDL语言与我们的HAL层也就是BiometricsFingerprint.cpp通信。
让我们以C/S的模型来理解就是:
FingerprintService.java充当client,知道接口说明,利用HIDL binder可以直接调用本地接口一样与其他进程进行通信。
BiometricsFingerprint.cpp充当server,对接口进行实现。
进入到文件BiometricsFingerprint.cpp进行查看:
161 Return<uint64_t> BiometricsFingerprint::setNotify(
162 const sp<IBiometricsFingerprintClientCallback>& clientCallback) {
163 std::lock_guard<std::mutex> lock(mClientCallbackMutex);
164 mClientCallback = clientCallback;
165 // This is here because HAL 2.1 doesn't have a way to propagate a
166 // unique token for its driver. Subsequent versions should send a unique
167 // token for each call to setNotify(). This is fine as long as there's only
168 // one fingerprint device on the platform.
169 return reinterpret_cast<uint64_t>(mDevice);
170 }
实现好了setNotify接口
service.cpp的如下这句话
32 int main() {
33 android::sp<IBiometricsFingerprint> bio = BiometricsFingerprint::getInstance();
刚刚只是说明了FingerprintService是如何能够拿到IBiometricsFingerprint服务的,但是我们还没有分析BiometricsFingerprint::getInstance()的具体操作细节,这是非常关键的一步:打开HAL接口!!!
我们进入到文件BiometricsFingerprint.cpp,查看如下:
222 IBiometricsFingerprint* BiometricsFingerprint::getInstance() {
223 if (!sInstance) {
224 sInstance = new BiometricsFingerprint();
225 }
226 return sInstance;
227 }
如上我们看到是构造了一个BiometricsFingerprint类,继续查看:
58 BiometricsFingerprint::BiometricsFingerprint() : mClientCallback(nullptr), mDevice(nullptr) {
59 sInstance = this; // keep track of the most recent instance
60 mDevice = openHal();
61 if (!mDevice) {
62 ALOGE("Can't open HAL module");
63 }
64 }
这里我们可以看到,sInstance就是BiometricsFingerprint对象本身,而mDevice就是HAL里面的设备。
这里的openHal我们继续查看:
229 fingerprint_device_t* BiometricsFingerprint::openHal() {
230 int err;
231 const hw_module_t *hw_mdl = nullptr;
232 /**
233 Chipone_fpsensor start.
234 Using following codes to cover your codes completely.
235 **/
236 fingerprint_device_t* fp_device = nullptr;
237 ALOGD("Opening fingerprint hal library...");
238 for(int i = 0; i < FP_VARIANT_KEYS_COUNT; i++) {
239 if (0 != (err = hw_get_module(variant_keys[i], &hw_mdl))) {
240 ALOGE("Can't open fingerprint HW Module, error: %d", err);
241 continue;
242 }
243
244 if (hw_mdl == nullptr) {
245 ALOGE("No valid fingerprint module");
246 continue;
247 }
248
249 fingerprint_module_t const *module =
250 reinterpret_cast<const fingerprint_module_t*>(hw_mdl);
251 if (module->common.methods->open == nullptr) {
252 ALOGE("No valid open method");
253 continue;
254 }
255
256 hw_device_t *device = nullptr;
257
258 if (0 != (err = module->common.methods->open(hw_mdl, nullptr, &device))) {
259 ALOGE("Can't open fingerprint methods, error: %d", err);
260 continue;
261 }
262
263 if (kVersion != device->version) {
264 // enforce version on new devices because of HIDL@2.1 translation layer
265 ALOGE("Wrong fp version. Expected %d, got %d", kVersion, device->version);
266 continue;
267 }
268
269 fp_device = reinterpret_cast<fingerprint_device_t*>(device);
270 if (0 != (err =
271 fp_device->set_notify(fp_device, BiometricsFingerprint::notify))) {
272 ALOGE("Can't register fingerprint module callback, error: %d", err);
273 fp_device = nullptr;
274 continue;
275 }
276
277 ALOGE("fingerprint HAL successfully initialized,cur sensor = %s",variant_keys[i]);
278 break;
279 }
280 /**
281 Chipone_fpsensor end.
282 **/
283 return fp_device;
284 }
是通过查找模块FINGERPRINT_HARDWARE_MODULE_ID这个ID找到,然后调用里面的open方法得到设备。那这个FINGERPRINT_HARDWARE_MODULE_ID在哪呢?
进入到如下文件:
/hardware/libhardware/modules/fingerprint/fingerprint.c
114 fingerprint_module_t HAL_MODULE_INFO_SYM = {
115 .common = {
116 .tag = HARDWARE_MODULE_TAG,
117 .module_api_version = FINGERPRINT_MODULE_API_VERSION_2_0,
118 .hal_api_version = HARDWARE_HAL_API_VERSION,
119 .id = FINGERPRINT_HARDWARE_MODULE_ID,
120 .name = "Demo Fingerprint HAL",
121 .author = "The Android Open Source Project",
122 .methods = &fingerprint_module_methods,
123 },
124 };
所以就找到这个文件了,里面定义了open方法:
110 static struct hw_module_methods_t fingerprint_module_methods = {
111 .open = fingerprint_open,
112 };
我们进入到fingerprint_open里面:
80 static int fingerprint_open(const hw_module_t* module, const char __unused *id,
81 hw_device_t** device)
82 {
83 if (device == NULL) {
84 ALOGE("NULL device on open");
85 return -EINVAL;
86 }
87
88 fingerprint_device_t *dev = malloc(sizeof(fingerprint_device_t));
89 memset(dev, 0, sizeof(fingerprint_device_t));
90
91 dev->common.tag = HARDWARE_DEVICE_TAG;
92 dev->common.version = FINGERPRINT_MODULE_API_VERSION_2_0;
93 dev->common.module = (struct hw_module_t*) module;
94 dev->common.close = fingerprint_close;
95
96 dev->pre_enroll = fingerprint_pre_enroll;
97 dev->enroll = fingerprint_enroll;
98 dev->get_authenticator_id = fingerprint_get_auth_id;
99 dev->cancel = fingerprint_cancel;
100 dev->remove = fingerprint_remove;
101 dev->set_active_group = fingerprint_set_active_group;
102 dev->authenticate = fingerprint_authenticate;
103 dev->set_notify = set_notify_callback;
104 dev->notify = NULL;
105
106 *device = (hw_device_t*) dev;
107 return 0;
108 }
可以看到这里创建好了设备,并且对注册、识别等接口都进行了定义。
所以我们可以知道,注册流程一般是如下这样:
FingerprintService.java->BiometricsFingerprint.cpp->fingerprint.c
我们进入到fingerprint.c的注册方法里面查看:
43 static int fingerprint_enroll(struct fingerprint_device __unused *dev,
44 const hw_auth_token_t __unused *hat,
45 uint32_t __unused gid,
46 uint32_t __unused timeout_sec) {
47 return FINGERPRINT_ERROR;
48 }
可以看到,如上是直接返回错误,并没有任何实现,这是什么原因呢?
这是由于,这是需要指纹IC厂商自行实现的呀,指纹IC厂商需要在这里接入,创建自己的HAL层代码,并且CA代码,最终接入到TA代码,大概含义就是:
FingerprintService.java->BiometricsFingerprint.cpp->fingerprint.c->vendorHal.cpp->vendorCA.cpp--------TEE环境->TA.cll