Foreword: Since Android 6.0, Google officially launched a standard Android fingerprint framework, which ended the fragmented situation of various fingerprint manufacturers and promoted the development of capacitive fingerprints in Android; since Synopsys' off-screen fingerprint solution was born in 2017, Later, Goodix and other fingerprint manufacturers followed up, and the Android screen fingerprint solution technology emerged in an endless stream; however, starting from Android 12, Google updated the Android fingerprint framework and added the support of the screen fingerprint. This article will explain the new fingerprint framework one by one. Record your own learning process
Note: At present, the code modification of the fingerprint framework is relatively large. The author has android_12.0.0_r34, and the test mobile phone used is pixel 3xl
1. Fingerprint startup process
1. The init process parses the init.rc file to start the HAL layer fingerprint service
init: Setting property 'ro.build.fingerprint' to 'Android/aosp_crosshatch/crosshatch:12/SP1A.210812.016.C2/eng.20221212.113415:userdebug/test-keys'
init: Parsing file /vendor/etc/init/[email protected]...
From the log output of the author's mobile phone, you can see that the fingerprint init file is vendor/etc/init/[email protected]
Through the fingerprint init.rc file, start the [email protected] executable file under the /vendor/bin/hw/ path
2. Execute the HAL layer fingerprint serivce and notify the TEE environment Load fingerprint TA
From the log above, we can see two key points
pid-1297 D fpc fingerprint hwbinder service startingQSEECOM: qseecom_load_app: App with id 2 (fpctzappfingerprint) now loadedIt can be seen that the HAL layer fingerprint service is started, the fingerprint Hal layer code is called, and the TEE is notified to load the name
fpctzappfingerprint program
Note: here temporarily skip the explanation of the HAL layer
Summarize:
- When the init process starts, it parses the [email protected] file, and starts the HAL fingerprint Service through this file
- During the startup process of Fingerprint Service, go back and notify TEE to load the program named fpctzappfingerprint
3. Start the Framework layer fingerprint service
SystemServerTiming system_process I StartFingerprintSensor
SystemServiceManager system_process I Starting com.android.server.biometrics.sensors.fingerprint.Fin...
FintgerprintService system_process E FingerprintService
FintgerprintService system_process E onStart
Lines 2466 to 2478 in the SystemServer.java file start FingerprintService, BiometricService and
The three Framework layer systems of AuthService will serve; the constructor and oStart method of these three system-level services will be called
The constructor of FingerprintService creates an object of the FingerprintServiceWrapper class, and then the onStart method of FingerprintService calls the publishBinderService method
FingerprintServiceWrapper inherits the IFingerprintService.Stub method, and through the above publishBinderService method; start this FingerprintServiceWrapper remote server,
Through the comments on line 168, you know that its client is FingerprintManager, and you can verify whether it is correct later
/**
* Receives the incoming binder calls from FingerprintManager.
*/Summarize:
- SystemServer calls the constructor and onStart method of FingerprintService
- FingerprintService creates an object of the FingerprintServiceWrapper class in its constructor.
This class is a Binder remote server - FingerprintService starts the remote server FingerprintServiceWrapper in the onStart method
2. Framework fingerprint service connects to HAL layer fingerprint service
As mentioned above, the fingerprint starts from booting to the startup process of the Framework; the Hal layer fingerprint service and the Framework fingerprint service have been started respectively; but there is no bridge yet.
FingeprintintService I FingerprintServiceWrapper registerAuthenticators
After countless Log trace printing, it was found that the registerAuthenticators method of FingerprintServiceWrapper will be called
Then through code search, it is found that it will be called by the registerAuthenticators method of AuthService.java
Enter the AuthService.java file, the registerAuthenticators method is as follows
In the 690 to 693 lines of code, it is found that the implementation class of the IFingerprintService interface calls the registerAuthenticators of the IFingerprintService interface; it can be guessed from it that this mInjector.getFingeprintService() obtains the FingerprintServiceWrapper server described above as the corresponding client, so through The registerAuthenticators method finally calls the registerAuthenticators method of the FingerprintServiceWrapper on the server side;
Through tracking, it is found that the registerAuthenticators method of AuthService is called by its onStart method; so now it is relatively clear that the onStart method of AuthService is also called because AuthService is called by SystemServer
Summarize:
- SystemServer calls the constructor and onStart method of AuthService
- AuthService calls its own registerAuthenticators method in the onStart method, and
calls
the registerAuthenticators function of the remote server FingerprintServiceWrapper by obtaining the client corresponding to the FingerprintServiceWrapper server