Chad Brubaker | 90f391f | 2018-10-19 10:26:19 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2018 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server; |
| 18 | |
| 19 | import static android.content.pm.PackageManager.PERMISSION_GRANTED; |
| 20 | |
| 21 | import android.app.ActivityManager; |
| 22 | import android.content.Context; |
| 23 | import android.hardware.ISensorPrivacyListener; |
| 24 | import android.hardware.ISensorPrivacyManager; |
| 25 | import android.location.LocationManager; |
| 26 | import android.net.ConnectivityManager; |
| 27 | import android.os.Environment; |
| 28 | import android.os.Handler; |
| 29 | import android.os.IBinder; |
| 30 | import android.os.Looper; |
| 31 | import android.os.RemoteCallbackList; |
| 32 | import android.os.RemoteException; |
| 33 | import android.os.UserHandle; |
| 34 | import android.provider.Settings; |
| 35 | import android.util.ArrayMap; |
| 36 | import android.util.AtomicFile; |
| 37 | import android.util.Log; |
| 38 | import android.util.Xml; |
| 39 | |
| 40 | import com.android.internal.annotations.GuardedBy; |
| 41 | import com.android.internal.util.FastXmlSerializer; |
| 42 | import com.android.internal.util.XmlUtils; |
| 43 | import com.android.internal.util.function.pooled.PooledLambda; |
| 44 | |
| 45 | import org.xmlpull.v1.XmlPullParser; |
| 46 | import org.xmlpull.v1.XmlPullParserException; |
| 47 | import org.xmlpull.v1.XmlSerializer; |
| 48 | |
| 49 | import java.io.File; |
| 50 | import java.io.FileInputStream; |
| 51 | import java.io.FileOutputStream; |
| 52 | import java.io.IOException; |
| 53 | import java.nio.charset.StandardCharsets; |
| 54 | import java.util.NoSuchElementException; |
| 55 | |
| 56 | /** @hide */ |
| 57 | public final class SensorPrivacyService extends SystemService { |
| 58 | |
| 59 | private static final String TAG = "SensorPrivacyService"; |
| 60 | |
| 61 | private static final String SENSOR_PRIVACY_XML_FILE = "sensor_privacy.xml"; |
| 62 | private static final String XML_TAG_SENSOR_PRIVACY = "sensor-privacy"; |
| 63 | private static final String XML_ATTRIBUTE_ENABLED = "enabled"; |
| 64 | |
| 65 | private final SensorPrivacyServiceImpl mSensorPrivacyServiceImpl; |
| 66 | |
| 67 | public SensorPrivacyService(Context context) { |
| 68 | super(context); |
| 69 | mSensorPrivacyServiceImpl = new SensorPrivacyServiceImpl(context); |
| 70 | } |
| 71 | |
| 72 | @Override |
| 73 | public void onStart() { |
| 74 | publishBinderService(Context.SENSOR_PRIVACY_SERVICE, mSensorPrivacyServiceImpl); |
| 75 | } |
| 76 | |
| 77 | class SensorPrivacyServiceImpl extends ISensorPrivacyManager.Stub { |
| 78 | |
| 79 | private final SensorPrivacyHandler mHandler; |
| 80 | private final Context mContext; |
| 81 | private final Object mLock = new Object(); |
| 82 | @GuardedBy("mLock") |
| 83 | private final AtomicFile mAtomicFile; |
| 84 | @GuardedBy("mLock") |
| 85 | private boolean mEnabled; |
| 86 | |
| 87 | SensorPrivacyServiceImpl(Context context) { |
| 88 | mContext = context; |
| 89 | mHandler = new SensorPrivacyHandler(FgThread.get().getLooper(), mContext); |
| 90 | File sensorPrivacyFile = new File(Environment.getDataSystemDirectory(), |
| 91 | SENSOR_PRIVACY_XML_FILE); |
| 92 | mAtomicFile = new AtomicFile(sensorPrivacyFile); |
| 93 | synchronized (mLock) { |
| 94 | mEnabled = readPersistedSensorPrivacyEnabledLocked(); |
| 95 | } |
| 96 | } |
| 97 | |
| 98 | /** |
| 99 | * Sets the sensor privacy to the provided state and notifies all listeners of the new |
| 100 | * state. |
| 101 | */ |
| 102 | @Override |
| 103 | public void setSensorPrivacy(boolean enable) { |
| 104 | enforceSensorPrivacyPermission(); |
| 105 | synchronized (mLock) { |
| 106 | mEnabled = enable; |
| 107 | FileOutputStream outputStream = null; |
| 108 | try { |
| 109 | XmlSerializer serializer = new FastXmlSerializer(); |
| 110 | outputStream = mAtomicFile.startWrite(); |
| 111 | serializer.setOutput(outputStream, StandardCharsets.UTF_8.name()); |
| 112 | serializer.startDocument(null, true); |
| 113 | serializer.startTag(null, XML_TAG_SENSOR_PRIVACY); |
| 114 | serializer.attribute(null, XML_ATTRIBUTE_ENABLED, String.valueOf(enable)); |
| 115 | serializer.endTag(null, XML_TAG_SENSOR_PRIVACY); |
| 116 | serializer.endDocument(); |
| 117 | mAtomicFile.finishWrite(outputStream); |
| 118 | } catch (IOException e) { |
| 119 | Log.e(TAG, "Caught an exception persisting the sensor privacy state: ", e); |
| 120 | mAtomicFile.failWrite(outputStream); |
| 121 | } |
| 122 | } |
| 123 | mHandler.onSensorPrivacyChanged(enable); |
| 124 | } |
| 125 | |
| 126 | /** |
| 127 | * Enforces the caller contains the necessary permission to change the state of sensor |
| 128 | * privacy. |
| 129 | */ |
| 130 | private void enforceSensorPrivacyPermission() { |
| 131 | if (mContext.checkCallingOrSelfPermission( |
| 132 | android.Manifest.permission.MANAGE_SENSOR_PRIVACY) == PERMISSION_GRANTED) { |
| 133 | return; |
| 134 | } |
| 135 | throw new SecurityException( |
| 136 | "Changing sensor privacy requires the following permission: " |
| 137 | + android.Manifest.permission.MANAGE_SENSOR_PRIVACY); |
| 138 | } |
| 139 | |
| 140 | /** |
| 141 | * Returns whether sensor privacy is enabled. |
| 142 | */ |
| 143 | @Override |
| 144 | public boolean isSensorPrivacyEnabled() { |
| 145 | synchronized (mLock) { |
| 146 | return mEnabled; |
| 147 | } |
| 148 | } |
| 149 | |
| 150 | /** |
| 151 | * Returns the state of sensor privacy from persistent storage. |
| 152 | */ |
| 153 | private boolean readPersistedSensorPrivacyEnabledLocked() { |
| 154 | // if the file does not exist then sensor privacy has not yet been enabled on |
| 155 | // the device. |
| 156 | if (!mAtomicFile.exists()) { |
| 157 | return false; |
| 158 | } |
| 159 | boolean enabled; |
| 160 | try (FileInputStream inputStream = mAtomicFile.openRead()) { |
| 161 | XmlPullParser parser = Xml.newPullParser(); |
| 162 | parser.setInput(inputStream, StandardCharsets.UTF_8.name()); |
| 163 | XmlUtils.beginDocument(parser, XML_TAG_SENSOR_PRIVACY); |
| 164 | parser.next(); |
| 165 | String tagName = parser.getName(); |
| 166 | enabled = Boolean.valueOf(parser.getAttributeValue(null, XML_ATTRIBUTE_ENABLED)); |
| 167 | } catch (IOException | XmlPullParserException e) { |
| 168 | Log.e(TAG, "Caught an exception reading the state from storage: ", e); |
| 169 | // Delete the file to prevent the same error on subsequent calls and assume sensor |
| 170 | // privacy is not enabled. |
| 171 | mAtomicFile.delete(); |
| 172 | enabled = false; |
| 173 | } |
| 174 | return enabled; |
| 175 | } |
| 176 | |
| 177 | /** |
| 178 | * Persists the state of sensor privacy. |
| 179 | */ |
| 180 | private void persistSensorPrivacyState() { |
| 181 | synchronized (mLock) { |
| 182 | FileOutputStream outputStream = null; |
| 183 | try { |
| 184 | XmlSerializer serializer = new FastXmlSerializer(); |
| 185 | outputStream = mAtomicFile.startWrite(); |
| 186 | serializer.setOutput(outputStream, StandardCharsets.UTF_8.name()); |
| 187 | serializer.startDocument(null, true); |
| 188 | serializer.startTag(null, XML_TAG_SENSOR_PRIVACY); |
| 189 | serializer.attribute(null, XML_ATTRIBUTE_ENABLED, String.valueOf(mEnabled)); |
| 190 | serializer.endTag(null, XML_TAG_SENSOR_PRIVACY); |
| 191 | serializer.endDocument(); |
| 192 | mAtomicFile.finishWrite(outputStream); |
| 193 | } catch (IOException e) { |
| 194 | Log.e(TAG, "Caught an exception persisting the sensor privacy state: ", e); |
| 195 | mAtomicFile.failWrite(outputStream); |
| 196 | } |
| 197 | } |
| 198 | } |
| 199 | |
| 200 | /** |
| 201 | * Registers a listener to be notified when the sensor privacy state changes. |
| 202 | */ |
| 203 | @Override |
| 204 | public void addSensorPrivacyListener(ISensorPrivacyListener listener) { |
| 205 | if (listener == null) { |
| 206 | throw new NullPointerException("listener cannot be null"); |
| 207 | } |
| 208 | mHandler.addListener(listener); |
| 209 | } |
| 210 | |
| 211 | /** |
| 212 | * Unregisters a listener from sensor privacy state change notifications. |
| 213 | */ |
| 214 | @Override |
| 215 | public void removeSensorPrivacyListener(ISensorPrivacyListener listener) { |
| 216 | if (listener == null) { |
| 217 | throw new NullPointerException("listener cannot be null"); |
| 218 | } |
| 219 | mHandler.removeListener(listener); |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | /** |
| 224 | * Handles sensor privacy state changes and notifying listeners of the change. |
| 225 | */ |
| 226 | private final class SensorPrivacyHandler extends Handler { |
| 227 | private static final int MESSAGE_SENSOR_PRIVACY_CHANGED = 1; |
| 228 | |
| 229 | private final Object mListenerLock = new Object(); |
| 230 | |
| 231 | @GuardedBy("mListenerLock") |
| 232 | private final RemoteCallbackList<ISensorPrivacyListener> mListeners = |
| 233 | new RemoteCallbackList<>(); |
| 234 | private final ArrayMap<ISensorPrivacyListener, DeathRecipient> mDeathRecipients; |
| 235 | private final Context mContext; |
| 236 | |
| 237 | SensorPrivacyHandler(Looper looper, Context context) { |
| 238 | super(looper); |
| 239 | mDeathRecipients = new ArrayMap<>(); |
| 240 | mContext = context; |
| 241 | } |
| 242 | |
| 243 | public void onSensorPrivacyChanged(boolean enabled) { |
| 244 | sendMessage(PooledLambda.obtainMessage(SensorPrivacyHandler::handleSensorPrivacyChanged, |
| 245 | this, enabled)); |
| 246 | sendMessage( |
| 247 | PooledLambda.obtainMessage(SensorPrivacyServiceImpl::persistSensorPrivacyState, |
| 248 | mSensorPrivacyServiceImpl)); |
| 249 | } |
| 250 | |
| 251 | public void addListener(ISensorPrivacyListener listener) { |
| 252 | synchronized (mListenerLock) { |
| 253 | DeathRecipient deathRecipient = new DeathRecipient(listener); |
| 254 | mDeathRecipients.put(listener, deathRecipient); |
| 255 | mListeners.register(listener); |
| 256 | } |
| 257 | } |
| 258 | |
| 259 | public void removeListener(ISensorPrivacyListener listener) { |
| 260 | synchronized (mListenerLock) { |
| 261 | DeathRecipient deathRecipient = mDeathRecipients.remove(listener); |
| 262 | if (deathRecipient != null) { |
| 263 | deathRecipient.destroy(); |
| 264 | } |
| 265 | mListeners.unregister(listener); |
| 266 | } |
| 267 | } |
| 268 | |
| 269 | public void handleSensorPrivacyChanged(boolean enabled) { |
| 270 | final int count = mListeners.beginBroadcast(); |
| 271 | for (int i = 0; i < count; i++) { |
| 272 | ISensorPrivacyListener listener = mListeners.getBroadcastItem(i); |
| 273 | try { |
| 274 | listener.onSensorPrivacyChanged(enabled); |
| 275 | } catch (RemoteException e) { |
| 276 | Log.e(TAG, "Caught an exception notifying listener " + listener + ": ", e); |
| 277 | } |
| 278 | } |
| 279 | mListeners.finishBroadcast(); |
| 280 | // Handle the state of all sensors managed by this service. |
| 281 | SensorState.handleSensorPrivacyToggled(mContext, enabled); |
| 282 | } |
| 283 | } |
| 284 | |
| 285 | private final class DeathRecipient implements IBinder.DeathRecipient { |
| 286 | |
| 287 | private ISensorPrivacyListener mListener; |
| 288 | |
| 289 | DeathRecipient(ISensorPrivacyListener listener) { |
| 290 | mListener = listener; |
| 291 | try { |
| 292 | mListener.asBinder().linkToDeath(this, 0); |
| 293 | } catch (RemoteException e) { |
| 294 | } |
| 295 | } |
| 296 | |
| 297 | @Override |
| 298 | public void binderDied() { |
| 299 | mSensorPrivacyServiceImpl.removeSensorPrivacyListener(mListener); |
| 300 | } |
| 301 | |
| 302 | public void destroy() { |
| 303 | try { |
| 304 | mListener.asBinder().unlinkToDeath(this, 0); |
| 305 | } catch (NoSuchElementException e) { |
| 306 | } |
| 307 | } |
| 308 | } |
| 309 | |
| 310 | /** |
| 311 | * Maintains the state of the sensors when sensor privacy is enabled to return them to their |
| 312 | * original state when sensor privacy is disabled. |
| 313 | */ |
| 314 | private static final class SensorState { |
| 315 | |
| 316 | private static Object sLock = new Object(); |
| 317 | @GuardedBy("sLock") |
| 318 | private static SensorState sPreviousState; |
| 319 | |
| 320 | private boolean mAirplaneEnabled; |
| 321 | private boolean mLocationEnabled; |
| 322 | |
| 323 | SensorState(boolean airplaneEnabled, boolean locationEnabled) { |
| 324 | mAirplaneEnabled = airplaneEnabled; |
| 325 | mLocationEnabled = locationEnabled; |
| 326 | } |
| 327 | |
| 328 | public static void handleSensorPrivacyToggled(Context context, boolean enabled) { |
| 329 | synchronized (sLock) { |
| 330 | SensorState state; |
| 331 | if (enabled) { |
| 332 | // if sensor privacy is being enabled then obtain the current state of the |
| 333 | // sensors to be persisted and restored when sensor privacy is disabled. |
| 334 | state = getCurrentSensorState(context); |
| 335 | } else { |
| 336 | // else obtain the previous sensor state to be restored, first from the saved |
| 337 | // state if available, otherwise attempt to read it from Settings. |
| 338 | if (sPreviousState != null) { |
| 339 | state = sPreviousState; |
| 340 | } else { |
| 341 | state = getPersistedSensorState(context); |
| 342 | } |
| 343 | // if the previous state is not available then return without attempting to |
| 344 | // modify the sensor state. |
| 345 | if (state == null) { |
| 346 | return; |
| 347 | } |
| 348 | } |
| 349 | // The SensorState represents the state of the sensor before sensor privacy was |
| 350 | // enabled; if airplane mode was not enabled then the state of airplane mode should |
| 351 | // be the same as the state of sensor privacy. |
| 352 | if (!state.mAirplaneEnabled) { |
| 353 | setAirplaneMode(context, enabled); |
| 354 | } |
| 355 | // Similar to airplane mode the state of location should be the opposite of sensor |
| 356 | // privacy mode, if it was enabled when sensor privacy was enabled then it should be |
| 357 | // disabled. If location is disabled when sensor privacy is enabled then it will be |
| 358 | // left disabled when sensor privacy is disabled. |
| 359 | if (state.mLocationEnabled) { |
| 360 | setLocationEnabled(context, !enabled); |
| 361 | } |
| 362 | |
| 363 | // if sensor privacy is being enabled then persist the current state. |
| 364 | if (enabled) { |
| 365 | sPreviousState = state; |
| 366 | persistState(context, sPreviousState); |
| 367 | } |
| 368 | } |
| 369 | } |
| 370 | |
| 371 | public static SensorState getCurrentSensorState(Context context) { |
| 372 | LocationManager locationManager = (LocationManager) context.getSystemService( |
| 373 | Context.LOCATION_SERVICE); |
| 374 | boolean airplaneEnabled = Settings.Global.getInt(context.getContentResolver(), |
| 375 | Settings.Global.AIRPLANE_MODE_ON, 0) != 0; |
| 376 | boolean locationEnabled = locationManager.isLocationEnabled(); |
| 377 | return new SensorState(airplaneEnabled, locationEnabled); |
| 378 | } |
| 379 | |
| 380 | public static void persistState(Context context, SensorState state) { |
| 381 | StringBuilder stateValue = new StringBuilder(); |
| 382 | stateValue.append(state.mAirplaneEnabled |
| 383 | ? Settings.Secure.MAINTAIN_AIRPLANE_MODE_AFTER_SP_DISABLED |
| 384 | : Settings.Secure.DISABLE_AIRPLANE_MODE_AFTER_SP_DISABLED); |
| 385 | stateValue.append(","); |
| 386 | stateValue.append( |
| 387 | state.mLocationEnabled ? Settings.Secure.REENABLE_LOCATION_AFTER_SP_DISABLED |
| 388 | : Settings.Secure.MAINTAIN_LOCATION_AFTER_SP_DISABLED); |
| 389 | Settings.Secure.putString(context.getContentResolver(), |
| 390 | Settings.Secure.SENSOR_PRIVACY_SENSOR_STATE, stateValue.toString()); |
| 391 | } |
| 392 | |
| 393 | public static SensorState getPersistedSensorState(Context context) { |
| 394 | String persistedState = Settings.Secure.getString(context.getContentResolver(), |
| 395 | Settings.Secure.SENSOR_PRIVACY_SENSOR_STATE); |
| 396 | if (persistedState == null) { |
| 397 | Log.e(TAG, "The persisted sensor state could not be obtained from Settings"); |
| 398 | return null; |
| 399 | } |
| 400 | String[] sensorStates = persistedState.split(","); |
| 401 | if (sensorStates.length < 2) { |
| 402 | Log.e(TAG, "The persisted sensor state does not contain the expected values: " |
| 403 | + persistedState); |
| 404 | return null; |
| 405 | } |
| 406 | boolean airplaneEnabled = sensorStates[0].equals( |
| 407 | Settings.Secure.MAINTAIN_AIRPLANE_MODE_AFTER_SP_DISABLED); |
| 408 | boolean locationEnabled = sensorStates[1].equals( |
| 409 | Settings.Secure.REENABLE_LOCATION_AFTER_SP_DISABLED); |
| 410 | return new SensorState(airplaneEnabled, locationEnabled); |
| 411 | } |
| 412 | |
| 413 | private static void setAirplaneMode(Context context, boolean enable) { |
| 414 | ConnectivityManager connectivityManager = |
| 415 | (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE); |
| 416 | connectivityManager.setAirplaneMode(enable); |
| 417 | } |
| 418 | |
| 419 | private static void setLocationEnabled(Context context, boolean enable) { |
| 420 | LocationManager locationManager = (LocationManager) context.getSystemService( |
| 421 | Context.LOCATION_SERVICE); |
| 422 | locationManager.setLocationEnabledForUser(enable, |
| 423 | UserHandle.of(ActivityManager.getCurrentUser())); |
| 424 | } |
| 425 | } |
| 426 | } |