/*
|
* Copyright (C) 2019 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
|
package com.android.server;
|
import static android.service.watchdog.ExplicitHealthCheckService.EXTRA_HEALTH_CHECK_PASSED_PACKAGE;
|
import static android.service.watchdog.ExplicitHealthCheckService.EXTRA_REQUESTED_PACKAGES;
|
import static android.service.watchdog.ExplicitHealthCheckService.EXTRA_SUPPORTED_PACKAGES;
|
import static android.service.watchdog.ExplicitHealthCheckService.PackageConfig;
|
|
import android.Manifest;
|
import android.annotation.MainThread;
|
import android.annotation.Nullable;
|
import android.content.ComponentName;
|
import android.content.Context;
|
import android.content.Intent;
|
import android.content.ServiceConnection;
|
import android.content.pm.PackageManager;
|
import android.content.pm.ResolveInfo;
|
import android.content.pm.ServiceInfo;
|
import android.os.IBinder;
|
import android.os.RemoteCallback;
|
import android.os.RemoteException;
|
import android.os.UserHandle;
|
import android.service.watchdog.ExplicitHealthCheckService;
|
import android.service.watchdog.IExplicitHealthCheckService;
|
import android.text.TextUtils;
|
import android.util.ArraySet;
|
import android.util.Slog;
|
|
import com.android.internal.annotations.GuardedBy;
|
import com.android.internal.util.Preconditions;
|
|
import java.util.Collection;
|
import java.util.Collections;
|
import java.util.Iterator;
|
import java.util.List;
|
import java.util.Set;
|
import java.util.function.Consumer;
|
|
// TODO(b/120598832): Add tests
|
/**
|
* Controls the connections with {@link ExplicitHealthCheckService}.
|
*/
|
class ExplicitHealthCheckController {
|
private static final String TAG = "ExplicitHealthCheckController";
|
private final Object mLock = new Object();
|
private final Context mContext;
|
|
// Called everytime a package passes the health check, so the watchdog is notified of the
|
// passing check. In practice, should never be null after it has been #setEnabled.
|
// To prevent deadlocks between the controller and watchdog threads, we have
|
// a lock invariant to ALWAYS acquire the PackageWatchdog#mLock before #mLock in this class.
|
// It's easier to just NOT hold #mLock when calling into watchdog code on this consumer.
|
@GuardedBy("mLock") @Nullable private Consumer<String> mPassedConsumer;
|
// Called everytime after a successful #syncRequest call, so the watchdog can receive packages
|
// supporting health checks and update its internal state. In practice, should never be null
|
// after it has been #setEnabled.
|
// To prevent deadlocks between the controller and watchdog threads, we have
|
// a lock invariant to ALWAYS acquire the PackageWatchdog#mLock before #mLock in this class.
|
// It's easier to just NOT hold #mLock when calling into watchdog code on this consumer.
|
@GuardedBy("mLock") @Nullable private Consumer<List<PackageConfig>> mSupportedConsumer;
|
// Called everytime we need to notify the watchdog to sync requests between itself and the
|
// health check service. In practice, should never be null after it has been #setEnabled.
|
// To prevent deadlocks between the controller and watchdog threads, we have
|
// a lock invariant to ALWAYS acquire the PackageWatchdog#mLock before #mLock in this class.
|
// It's easier to just NOT hold #mLock when calling into watchdog code on this runnable.
|
@GuardedBy("mLock") @Nullable private Runnable mNotifySyncRunnable;
|
// Actual binder object to the explicit health check service.
|
@GuardedBy("mLock") @Nullable private IExplicitHealthCheckService mRemoteService;
|
// Connection to the explicit health check service, necessary to unbind.
|
// We should only try to bind if mConnection is null, non-null indicates we
|
// are connected or at least connecting.
|
@GuardedBy("mLock") @Nullable private ServiceConnection mConnection;
|
// Bind state of the explicit health check service.
|
@GuardedBy("mLock") private boolean mEnabled;
|
|
ExplicitHealthCheckController(Context context) {
|
mContext = context;
|
}
|
|
/** Enables or disables explicit health checks. */
|
public void setEnabled(boolean enabled) {
|
synchronized (mLock) {
|
Slog.i(TAG, "Explicit health checks " + (enabled ? "enabled." : "disabled."));
|
mEnabled = enabled;
|
}
|
}
|
|
/**
|
* Sets callbacks to listen to important events from the controller.
|
*
|
* <p> Should be called once at initialization before any other calls to the controller to
|
* ensure a happens-before relationship of the set parameters and visibility on other threads.
|
*/
|
public void setCallbacks(Consumer<String> passedConsumer,
|
Consumer<List<PackageConfig>> supportedConsumer, Runnable notifySyncRunnable) {
|
synchronized (mLock) {
|
if (mPassedConsumer != null || mSupportedConsumer != null
|
|| mNotifySyncRunnable != null) {
|
Slog.wtf(TAG, "Resetting health check controller callbacks");
|
}
|
|
mPassedConsumer = Preconditions.checkNotNull(passedConsumer);
|
mSupportedConsumer = Preconditions.checkNotNull(supportedConsumer);
|
mNotifySyncRunnable = Preconditions.checkNotNull(notifySyncRunnable);
|
}
|
}
|
|
/**
|
* Calls the health check service to request or cancel packages based on
|
* {@code newRequestedPackages}.
|
*
|
* <p> Supported packages in {@code newRequestedPackages} that have not been previously
|
* requested will be requested while supported packages not in {@code newRequestedPackages}
|
* but were previously requested will be cancelled.
|
*
|
* <p> This handles binding and unbinding to the health check service as required.
|
*
|
* <p> Note, calling this may modify {@code newRequestedPackages}.
|
*
|
* <p> Note, this method is not thread safe, all calls should be serialized.
|
*/
|
public void syncRequests(Set<String> newRequestedPackages) {
|
boolean enabled;
|
synchronized (mLock) {
|
enabled = mEnabled;
|
}
|
|
if (!enabled) {
|
Slog.i(TAG, "Health checks disabled, no supported packages");
|
// Call outside lock
|
mSupportedConsumer.accept(Collections.emptyList());
|
return;
|
}
|
|
getSupportedPackages(supportedPackageConfigs -> {
|
// Notify the watchdog without lock held
|
mSupportedConsumer.accept(supportedPackageConfigs);
|
getRequestedPackages(previousRequestedPackages -> {
|
synchronized (mLock) {
|
// Hold lock so requests and cancellations are sent atomically.
|
// It is important we don't mix requests from multiple threads.
|
|
Set<String> supportedPackages = new ArraySet<>();
|
for (PackageConfig config : supportedPackageConfigs) {
|
supportedPackages.add(config.getPackageName());
|
}
|
// Note, this may modify newRequestedPackages
|
newRequestedPackages.retainAll(supportedPackages);
|
|
// Cancel packages no longer requested
|
actOnDifference(previousRequestedPackages,
|
newRequestedPackages, p -> cancel(p));
|
// Request packages not yet requested
|
actOnDifference(newRequestedPackages,
|
previousRequestedPackages, p -> request(p));
|
|
if (newRequestedPackages.isEmpty()) {
|
Slog.i(TAG, "No more health check requests, unbinding...");
|
unbindService();
|
return;
|
}
|
}
|
});
|
});
|
}
|
|
private void actOnDifference(Collection<String> collection1, Collection<String> collection2,
|
Consumer<String> action) {
|
Iterator<String> iterator = collection1.iterator();
|
while (iterator.hasNext()) {
|
String packageName = iterator.next();
|
if (!collection2.contains(packageName)) {
|
action.accept(packageName);
|
}
|
}
|
}
|
|
/**
|
* Requests an explicit health check for {@code packageName}.
|
* After this request, the callback registered on {@link #setCallbacks} can receive explicit
|
* health check passed results.
|
*/
|
private void request(String packageName) {
|
synchronized (mLock) {
|
if (!prepareServiceLocked("request health check for " + packageName)) {
|
return;
|
}
|
|
Slog.i(TAG, "Requesting health check for package " + packageName);
|
try {
|
mRemoteService.request(packageName);
|
} catch (RemoteException e) {
|
Slog.w(TAG, "Failed to request health check for package " + packageName, e);
|
}
|
}
|
}
|
|
/**
|
* Cancels all explicit health checks for {@code packageName}.
|
* After this request, the callback registered on {@link #setCallbacks} can no longer receive
|
* explicit health check passed results.
|
*/
|
private void cancel(String packageName) {
|
synchronized (mLock) {
|
if (!prepareServiceLocked("cancel health check for " + packageName)) {
|
return;
|
}
|
|
Slog.i(TAG, "Cancelling health check for package " + packageName);
|
try {
|
mRemoteService.cancel(packageName);
|
} catch (RemoteException e) {
|
// Do nothing, if the service is down, when it comes up, we will sync requests,
|
// if there's some other error, retrying wouldn't fix anyways.
|
Slog.w(TAG, "Failed to cancel health check for package " + packageName, e);
|
}
|
}
|
}
|
|
/**
|
* Returns the packages that we can request explicit health checks for.
|
* The packages will be returned to the {@code consumer}.
|
*/
|
private void getSupportedPackages(Consumer<List<PackageConfig>> consumer) {
|
synchronized (mLock) {
|
if (!prepareServiceLocked("get health check supported packages")) {
|
return;
|
}
|
|
Slog.d(TAG, "Getting health check supported packages");
|
try {
|
mRemoteService.getSupportedPackages(new RemoteCallback(result -> {
|
List<PackageConfig> packages =
|
result.getParcelableArrayList(EXTRA_SUPPORTED_PACKAGES);
|
Slog.i(TAG, "Explicit health check supported packages " + packages);
|
consumer.accept(packages);
|
}));
|
} catch (RemoteException e) {
|
// Request failed, treat as if all observed packages are supported, if any packages
|
// expire during this period, we may incorrectly treat it as failing health checks
|
// even if we don't support health checks for the package.
|
Slog.w(TAG, "Failed to get health check supported packages", e);
|
}
|
}
|
}
|
|
/**
|
* Returns the packages for which health checks are currently in progress.
|
* The packages will be returned to the {@code consumer}.
|
*/
|
private void getRequestedPackages(Consumer<List<String>> consumer) {
|
synchronized (mLock) {
|
if (!prepareServiceLocked("get health check requested packages")) {
|
return;
|
}
|
|
Slog.d(TAG, "Getting health check requested packages");
|
try {
|
mRemoteService.getRequestedPackages(new RemoteCallback(result -> {
|
List<String> packages = result.getStringArrayList(EXTRA_REQUESTED_PACKAGES);
|
Slog.i(TAG, "Explicit health check requested packages " + packages);
|
consumer.accept(packages);
|
}));
|
} catch (RemoteException e) {
|
// Request failed, treat as if we haven't requested any packages, if any packages
|
// were actually requested, they will not be cancelled now. May be cancelled later
|
Slog.w(TAG, "Failed to get health check requested packages", e);
|
}
|
}
|
}
|
|
/**
|
* Binds to the explicit health check service if the controller is enabled and
|
* not already bound.
|
*/
|
private void bindService() {
|
synchronized (mLock) {
|
if (!mEnabled || mConnection != null || mRemoteService != null) {
|
if (!mEnabled) {
|
Slog.i(TAG, "Not binding to service, service disabled");
|
} else if (mRemoteService != null) {
|
Slog.i(TAG, "Not binding to service, service already connected");
|
} else {
|
Slog.i(TAG, "Not binding to service, service already connecting");
|
}
|
return;
|
}
|
ComponentName component = getServiceComponentNameLocked();
|
if (component == null) {
|
Slog.wtf(TAG, "Explicit health check service not found");
|
return;
|
}
|
|
Intent intent = new Intent();
|
intent.setComponent(component);
|
mConnection = new ServiceConnection() {
|
@Override
|
public void onServiceConnected(ComponentName name, IBinder service) {
|
Slog.i(TAG, "Explicit health check service is connected " + name);
|
initState(service);
|
}
|
|
@Override
|
@MainThread
|
public void onServiceDisconnected(ComponentName name) {
|
// Service crashed or process was killed, #onServiceConnected will be called.
|
// Don't need to re-bind.
|
Slog.i(TAG, "Explicit health check service is disconnected " + name);
|
synchronized (mLock) {
|
mRemoteService = null;
|
}
|
}
|
|
@Override
|
public void onBindingDied(ComponentName name) {
|
// Application hosting service probably got updated
|
// Need to re-bind.
|
Slog.i(TAG, "Explicit health check service binding is dead. Rebind: " + name);
|
unbindService();
|
bindService();
|
}
|
|
@Override
|
public void onNullBinding(ComponentName name) {
|
// Should never happen. Service returned null from #onBind.
|
Slog.wtf(TAG, "Explicit health check service binding is null?? " + name);
|
}
|
};
|
|
mContext.bindServiceAsUser(intent, mConnection,
|
Context.BIND_AUTO_CREATE, UserHandle.of(UserHandle.USER_SYSTEM));
|
Slog.i(TAG, "Explicit health check service is bound");
|
}
|
}
|
|
/** Unbinds the explicit health check service. */
|
private void unbindService() {
|
synchronized (mLock) {
|
if (mRemoteService != null) {
|
mContext.unbindService(mConnection);
|
mRemoteService = null;
|
mConnection = null;
|
}
|
Slog.i(TAG, "Explicit health check service is unbound");
|
}
|
}
|
|
@GuardedBy("mLock")
|
@Nullable
|
private ServiceInfo getServiceInfoLocked() {
|
final String packageName =
|
mContext.getPackageManager().getServicesSystemSharedLibraryPackageName();
|
if (packageName == null) {
|
Slog.w(TAG, "no external services package!");
|
return null;
|
}
|
|
final Intent intent = new Intent(ExplicitHealthCheckService.SERVICE_INTERFACE);
|
intent.setPackage(packageName);
|
final ResolveInfo resolveInfo = mContext.getPackageManager().resolveService(intent,
|
PackageManager.GET_SERVICES | PackageManager.GET_META_DATA);
|
if (resolveInfo == null || resolveInfo.serviceInfo == null) {
|
Slog.w(TAG, "No valid components found.");
|
return null;
|
}
|
return resolveInfo.serviceInfo;
|
}
|
|
@GuardedBy("mLock")
|
@Nullable
|
private ComponentName getServiceComponentNameLocked() {
|
final ServiceInfo serviceInfo = getServiceInfoLocked();
|
if (serviceInfo == null) {
|
return null;
|
}
|
|
final ComponentName name = new ComponentName(serviceInfo.packageName, serviceInfo.name);
|
if (!Manifest.permission.BIND_EXPLICIT_HEALTH_CHECK_SERVICE
|
.equals(serviceInfo.permission)) {
|
Slog.w(TAG, name.flattenToShortString() + " does not require permission "
|
+ Manifest.permission.BIND_EXPLICIT_HEALTH_CHECK_SERVICE);
|
return null;
|
}
|
return name;
|
}
|
|
private void initState(IBinder service) {
|
synchronized (mLock) {
|
if (!mEnabled) {
|
Slog.w(TAG, "Attempting to connect disabled service?? Unbinding...");
|
// Very unlikely, but we disabled the service after binding but before we connected
|
unbindService();
|
return;
|
}
|
mRemoteService = IExplicitHealthCheckService.Stub.asInterface(service);
|
try {
|
mRemoteService.setCallback(new RemoteCallback(result -> {
|
String packageName = result.getString(EXTRA_HEALTH_CHECK_PASSED_PACKAGE);
|
if (!TextUtils.isEmpty(packageName)) {
|
if (mPassedConsumer == null) {
|
Slog.wtf(TAG, "Health check passed for package " + packageName
|
+ "but no consumer registered.");
|
} else {
|
// Call without lock held
|
mPassedConsumer.accept(packageName);
|
}
|
} else {
|
Slog.wtf(TAG, "Empty package passed explicit health check?");
|
}
|
}));
|
Slog.i(TAG, "Service initialized, syncing requests");
|
} catch (RemoteException e) {
|
Slog.wtf(TAG, "Could not setCallback on explicit health check service");
|
}
|
}
|
// Calling outside lock
|
mNotifySyncRunnable.run();
|
}
|
|
/**
|
* Prepares the health check service to receive requests.
|
*
|
* @return {@code true} if it is ready and we can proceed with a request,
|
* {@code false} otherwise. If it is not ready, and the service is enabled,
|
* we will bind and the request should be automatically attempted later.
|
*/
|
@GuardedBy("mLock")
|
private boolean prepareServiceLocked(String action) {
|
if (mRemoteService != null && mEnabled) {
|
return true;
|
}
|
Slog.i(TAG, "Service not ready to " + action
|
+ (mEnabled ? ". Binding..." : ". Disabled"));
|
if (mEnabled) {
|
bindService();
|
}
|
return false;
|
}
|
}
|
