本章主要整理Android 指纹启动流程,侧重于hal和framework部分。
一.从Android系统启动流程看指纹启动流程
下图图片出处 →
第一阶段
Boot ROM,Android设备上电后,首先会从处理器片上ROM的启动引导代码开始执行,片上ROM会寻找Bootloader代码,并加载到内存。主要就是上电让系统启动。
第二阶段
Bootloader开始执行,首先负责完成硬件的初始化,然后找到Linux内核代码,并加载到内存。
启动过程中,bootloader(默认是bootable/bootloader/lk)会根据机器硬件信息选择合适的devicetree(dts)装入内存,如果采用pin id兼容,那么在此时就可以通过读取ID pin的值(这个是硬件拉的,跟硬件工程师确认是怎么对应IC的即可)判断指纹的IC了。
第三阶段
Kernel,Linux内核开始启动,初始化各种软硬件环境,加载驱动程序,挂载根文件系统,在系统文件中寻找init.rc文件,并启动init进程。Kernel中,加载指纹驱动,根据传入的dts信息创建设备节点,注册设备。
第四阶段
Init,初始化和启动属性服务,并且启动Zygote进程。
找到[email protected],启动[email protected],会去open fingerprint.deault.so,等待与上层通信。
第五阶段
Zygote进程启动,创建java虚拟机并为java虚拟机注册JNI方法,创建服务器端Socket,启动SystemServer进程。
第六阶段
SystemServer进程启动,启动Binder线程池和SystemServiceManager,并且启动各种系统服务。会启动Fingerprintservice
以上是从Android启动流程看每个阶段指纹的启动流程 ,下面依次详细展开介绍。
二.驱动层
主要就是设备节点驱动的注册,在此不再详细说了,重点关注probe函数。
三.hal层
首先,hardware/interfaces/biometrics/fingerprint/2.1/default/[email protected](以下简称2.1 rc)
service vendor.fps_hal /vendor/bin/hw/[email protected] # "class hal" causes a race condition on some devices due to files created # in /data. As a workaround, postpone startup until later in boot once # /data is mounted. class late_start user system group system input writepid /dev/cpuset/system-background/tasks
会使位于系统vendor/bin/hw下的[email protected](以下简称2.1 bin)开机自启动,启动后会注册2.1 service
该bin服务对应的代码在:hardware/interfaces/biometrics/fingerprint/2.1/default/service.cpp,整个注册过程只有两步,首先实例化传入的 IBiometricsFingerprint 接口对象,然后通过 registerAsService 将服务注册到 hwservicemanager。
int main() {
android::sp<IBiometricsFingerprint> bio = BiometricsFingerprint::getInstance();
configureRpcThreadpool(1, true /*callerWillJoin*/);
if (bio != nullptr) {
if (::android::OK != bio->registerAsService()) { //*****注册服务*****
return 1;
}
} else {
ALOGE("Can't create instance of BiometricsFingerprint, nullptr");
}
joinRpcThreadpool();
return 0; // should never get here
}
hardware/interfaces/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp,重点关注openHal函数,会去打开fingerprint.default.so
fingerprint_device_t* BiometricsFingerprint::openHal() {
int err;
const hw_module_t *hw_mdl = nullptr;
ALOGD("Opening fingerprint hal library...");
//*******打开fingerprint.default.so********
if (0 != (err = hw_get_module(FINGERPRINT_HARDWARE_MODULE_ID, &hw_mdl))) {
ALOGE("Can't open fingerprint HW Module, error: %d", err);
return nullptr;
}
if (hw_mdl == nullptr) {
ALOGE("No valid fingerprint module");
return nullptr;
}
fingerprint_module_t const *module =
reinterpret_cast<const fingerprint_module_t*>(hw_mdl);
if (module->common.methods->open == nullptr) {
ALOGE("No valid open method");
return nullptr;
}
hw_device_t *device = nullptr;
if (0 != (err = module->common.methods->open(hw_mdl, nullptr, &device))) {
ALOGE("Can't open fingerprint methods, error: %d", err);
return nullptr;
}
if (kVersion != device->version) {
// enforce version on new devices because of [email protected] translation layer
ALOGE("Wrong fp version. Expected %d, got %d", kVersion, device->version);
return nullptr;
}
fingerprint_device_t* fp_device =
reinterpret_cast<fingerprint_device_t*>(device);
if (0 != (err =
fp_device->set_notify(fp_device, BiometricsFingerprint::notify))) {
ALOGE("Can't register fingerprint module callback, error: %d", err);
return nullptr;
}
return fp_device;
}
关于fingerprint.default.so这个都是供应商提供的,一般都不开源,不过Android原生也是有这部分代码的(当然只是看看,并不能使用)
hardware/libhardware/include/hardware/fingerprint.h
hardware/libhardware/modules/fingerprint/fingerprint.c
这部分代码不再展开贴在这里了,大家可以自行去看看,主要就是fingerprint_open打开设备(设备节点),然后定义了一系列函数。
dev->common.tag = HARDWARE_DEVICE_TAG; dev->common.version = FINGERPRINT_MODULE_API_VERSION_2_0; dev->common.module = (struct hw_module_t*) module; dev->common.close = fingerprint_close; dev->pre_enroll = fingerprint_pre_enroll; dev->enroll = fingerprint_enroll; dev->get_authenticator_id = fingerprint_get_auth_id; dev->cancel = fingerprint_cancel; dev->remove = fingerprint_remove; dev->set_active_group = fingerprint_set_active_group; dev->authenticate = fingerprint_authenticate; dev->set_notify = set_notify_callback;
四.framework层
首先是SystemServer启动后,会去判断设备是否支持指纹,如果有start FingerprintService
frameworks/base/services/java/com/android/server/SystemServer.java
if (mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {
traceBeginAndSlog("StartFingerprintSensor");
mSystemServiceManager.startService(FingerprintService.class);
traceEnd();
}
此处mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)的判断,大家可以去frameworks/base/core/java/android/content/pm/PackageManager.java中追代码看看,逻辑很简单。
就是判断系统内vendor/etc/permissions目录下是否有:android.hardware.fingerprint.xml 文件
调试的那篇说过这个配置是setting里有没有指纹选项的关键:
PRODUCT_COPY_FILES := frameworks/native/data/etc/android.hardware.fingerprint.xml:vendor/etc/permissions/android.hardware.fingerprint.xml
下面转到,frameworks/base/services/core/java/com/android/server/fingerprint/FingerprintService.java,以下代码前半部分是与hal 2.1 service通信的部分,通过mDaemon = IBiometricsFingerprint.getService(),获取2.1 service
后半部分可以看出其继承IFingerprintService.aidl,这个aidl类就是实现Manager和Service通信的桥梁。
public synchronized IBiometricsFingerprint getFingerprintDaemon() {
if (mDaemon == null) {
Slog.v(TAG, "mDaemon was null, reconnect to fingerprint");
try {
mDaemon = IBiometricsFingerprint.getService();
} catch (java.util.NoSuchElementException e) {
// Service doesn't exist or cannot be opened. Logged below.
} catch (RemoteException e) {
Slog.e(TAG, "Failed to get biometric interface", e);
}
if (mDaemon == null) {
Slog.w(TAG, "fingerprint HIDL not available");
return null;
}
mDaemon.asBinder().linkToDeath(this, 0);
try {
mHalDeviceId = mDaemon.setNotify(mDaemonCallback);
} catch (RemoteException e) {
Slog.e(TAG, "Failed to open fingerprint HAL", e);
mDaemon = null; // try again later!
}
if (DEBUG) Slog.v(TAG, "Fingerprint HAL id: " + mHalDeviceId);
if (mHalDeviceId != 0) {
loadAuthenticatorIds();
updateActiveGroup(ActivityManager.getCurrentUser(), null);
doFingerprintCleanupForUser(ActivityManager.getCurrentUser());
} else {
Slog.w(TAG, "Failed to open Fingerprint HAL!");
MetricsLogger.count(mContext, "fingerprintd_openhal_error", 1);
mDaemon = null;
}
//************************************************************************************//
private final class FingerprintServiceWrapper extends IFingerprintService.Stub {
@Override // Binder call
public long preEnroll(IBinder token) {
checkPermission(MANAGE_FINGERPRINT);
return startPreEnroll(token);
}
@Override // Binder call
public int postEnroll(IBinder token) {
checkPermission(MANAGE_FINGERPRINT);
return startPostEnroll(token);
}
@Override // Binder call
public void enroll(final IBinder token, final byte[] cryptoToken, final int userId,
final IFingerprintServiceReceiver receiver, final int flags,
final String opPackageName) {
checkPermission(MANAGE_FINGERPRINT);
final int limit = mContext.getResources().getInteger(
com.android.internal.R.integer.config_fingerprintMaxTemplatesPerUser);
final int enrolled = FingerprintService.this.getEnrolledFingerprints(userId).size();
if (enrolled >= limit) {
Slog.w(TAG, "Too many fingerprints registered");
return;
}
}
return mDaemon;
}
对FingerprintService再往上一层的封装是FingerprintManager,应用app可以直接和它通信
frameworks/base/core/java/android/hardware/fingerprint/FingerprintManager.java (以下为搜索mService的代码,大家可以自己去看看)
private IFingerprintService mService;
if (mService != null) try {
mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags,
if (mService != null) {
mService.authenticate(mToken, sessionId, userId, mServiceReceiver,
if (mService != null) try {
mService.enroll(mToken, token, userId, mServiceReceiver, flags,
if (mService != null) try {
result = mService.preEnroll(mToken);
if (mService != null) try {
result = mService.postEnroll(mToken);
if (mService != null) try {
mService.setActiveUser(userId);
if (mService != null) try {
mService.remove(mToken, fp.getFingerId(), fp.getGroupId(), userId, mServiceReceiver);
mService.remove(mToken, fp.getFingerId(), fp.getGroupId(), userId, mServiceReceiver);
if (mService != null) try {
mService.enumerate(mToken, userId, mServiceReceiver);
if (mService != null) {
mService.rename(fpId, userId, newName);
if (mService != null) try {
return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName());
if (mService != null) try {
return mService.hasEnrolledFingerprints(
if (mService != null) try {
return mService.hasEnrolledFingerprints(userId, mContext.getOpPackageName());
if (mService != null) {
return mService.isHardwareDetected(deviceId, mContext.getOpPackageName());
if (mService != null) {
return mService.getAuthenticatorId(mContext.getOpPackageName());
if (mService != null) {
mService.resetTimeout(token);
if (mService == null) {
if (mService != null) try {
mService.cancelEnrollment(mToken);
if (mService != null) try {
mService.cancelAuthentication(mToken, mContext.getOpPackageName());
以上代码大家可以发现FingerprintManager其实并没有真正实现什么接口,都是调用的IFingerprintService,这里就用到aidl了,FingerprintManager通过aidl的Stub获取了Fingerprintservice,然后在这里去调用这个service的方法,以操作service,这就是aidl的作用。
frameworks/base/core/java/android/hardware/fingerprint/IFingerprintService.aidl (大家如果去看完整的代码,这里的接口是和FingerprintManager中调用的完全一致的)
interface IFingerprintService {
// Authenticate the given sessionId with a fingerprint
void authenticate(IBinder token, long sessionId, int userId,
IFingerprintServiceReceiver receiver, int flags, String opPackageName,
in Bundle bundle, IBiometricPromptReceiver dialogReceiver);
// Cancel authentication for the given sessionId
void cancelAuthentication(IBinder token, String opPackageName);
// Start fingerprint enrollment
void enroll(IBinder token, in byte [] cryptoToken, int groupId, IFingerprintServiceReceiver receiver,
int flags, String opPackageName);
// Cancel enrollment in progress
void cancelEnrollment(IBinder token);
// Any errors resulting from this call will be returned to the listener
void remove(IBinder token, int fingerId, int groupId, int userId,
IFingerprintServiceReceiver receiver);
// Rename the fingerprint specified by fingerId and groupId to the given name
void rename(int fingerId, int groupId, String name);
// Get a list of enrolled fingerprints in the given group.
List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName);
// Determine if HAL is loaded and ready
boolean isHardwareDetected(long deviceId, String opPackageName);
// Get a pre-enrollment authentication token
long preEnroll(IBinder token);
// Finish an enrollment sequence and invalidate the authentication token
int postEnroll(IBinder token);
五.总结
根据以上可以画出这样一张流程图(以下以汇顶指纹为例,流程上都是一样的)
System APP下发注册命令->FingerprintManager收到命令->FingerprintService收到命令->(2.1 service)BiometricsFingerprint收到命令->(fingerprint.default.so)Fingerprint.cpp收到命令->指纹CA收到命令->指纹TA收到命令->SPI采集数据\算法进行注册等
以上就是全面解析Android系统指纹启动流程的详细内容,更多关于Android启动流程的资料请关注华域联盟其它相关文章!
本文由 华域联盟 原创撰写:华域联盟 » 全面解析Android系统指纹启动流程
转载请保留出处和原文链接:https://www.cnhackhy.com/109222.htm
