全面解析Android系统指纹启动流程

本章主要整理Android 指纹启动流程，侧重于hal和framework部分。

下图图片出处 →

Boot ROM，Android设备上电后，首先会从处理器片上ROM的启动引导代码开始执行，片上ROM会寻找Bootloader代码，并加载到内存。主要就是上电让系统启动。

Bootloader开始执行，首先负责完成硬件的初始化，然后找到Linux内核代码，并加载到内存。

启动过程中，bootloader(默认是bootable/bootloader/lk)会根据机器硬件信息选择合适的devicetree（dts）装入内存，如果采用pin id兼容，那么在此时就可以通过读取ID pin的值（这个是硬件拉的，跟硬件工程师确认是怎么对应IC的即可）判断指纹的IC了。

Kernel，Linux内核开始启动，初始化各种软硬件环境，加载驱动程序，挂载根文件系统，在系统文件中寻找init.rc文件，并启动init进程。Kernel中，加载指纹驱动，根据传入的dts信息创建设备节点，注册设备。

Init，初始化和启动属性服务，并且启动Zygote进程。

找到android.hardware.biometrics.fingerprint@2.1-service.rc，启动android.hardware.biometrics.fingerprint@2.1-service，会去open fingerprint.deault.so，等待与上层通信。

Zygote进程启动，创建java虚拟机并为java虚拟机注册JNI方法，创建服务器端Socket，启动SystemServer进程。

SystemServer进程启动，启动Binder线程池和SystemServiceManager，并且启动各种系统服务。会启动Fingerprintservice

以上是从Android启动流程看每个阶段指纹的启动流程 ，下面依次详细展开介绍。

主要就是设备节点驱动的注册，在此不再详细说了，重点关注probe函数。

首先，hardware/interfaces/biometrics/fingerprint/2.1/default/android.hardware.biometrics.fingerprint@2.1-service.rc（以下简称2.1 rc）

service vendor.fps_hal /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service # 'class hal' causes a race condition on some devices due to files created # in /data. As a workaround, postpone startup until later in boot once # /data is mounted. class late_start user system group system input writepid /dev/cpuset/system-background/tasks

会使位于系统vendor/bin/hw下的android.hardware.biometrics.fingerprint@2.1-service（以下简称2.1 bin）开机自启动，启动后会注册2.1 service

该bin服务对应的代码在：hardware/interfaces/biometrics/fingerprint/2.1/default/service.cpp，整个注册过程只有两步，首先实例化传入的 IBiometricsFingerprint 接口对象，然后通过 registerAsService 将服务注册到 hwservicemanager。

int main() { android::sp<IBiometricsFingerprint> bio = BiometricsFingerprint::getInstance(); configureRpcThreadpool(1, true /*callerWillJoin*/); if (bio != nullptr) {if (::android::OK != bio->registerAsService()) { //*****注册服务***** return 1;} } else {ALOGE('Can’t create instance of BiometricsFingerprint, nullptr'); } joinRpcThreadpool(); return 0; // should never get here}

hardware/interfaces/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp，重点关注openHal函数，会去打开fingerprint.default.so

fingerprint_device_t* BiometricsFingerprint::openHal() { int err; const hw_module_t *hw_mdl = nullptr; ALOGD('Opening fingerprint hal library...'); //*******打开fingerprint.default.so******** if (0 != (err = hw_get_module(FINGERPRINT_HARDWARE_MODULE_ID, &hw_mdl))) {ALOGE('Can’t open fingerprint HW Module, error: %d', err);return nullptr; } if (hw_mdl == nullptr) {ALOGE('No valid fingerprint module');return nullptr; } fingerprint_module_t const *module =reinterpret_cast<const fingerprint_module_t*>(hw_mdl); if (module->common.methods->open == nullptr) {ALOGE('No valid open method');return nullptr; } hw_device_t *device = nullptr; if (0 != (err = module->common.methods->open(hw_mdl, nullptr, &device))) {ALOGE('Can’t open fingerprint methods, error: %d', err);return nullptr; } if (kVersion != device->version) {// enforce version on new devices because of HIDL@2.1 translation layerALOGE('Wrong fp version. Expected %d, got %d', kVersion, device->version);return nullptr; } fingerprint_device_t* fp_device =reinterpret_cast<fingerprint_device_t*>(device); if (0 != (err = fp_device->set_notify(fp_device, BiometricsFingerprint::notify))) {ALOGE('Can’t register fingerprint module callback, error: %d', err);return nullptr; } return fp_device;}

关于fingerprint.default.so这个都是供应商提供的，一般都不开源，不过Android原生也是有这部分代码的（当然只是看看，并不能使用）

hardware/libhardware/include/hardware/fingerprint.h

hardware/libhardware/modules/fingerprint/fingerprint.c

这部分代码不再展开贴在这里了，大家可以自行去看看，主要就是fingerprint_open打开设备（设备节点），然后定义了一系列函数。

dev->common.tag = HARDWARE_DEVICE_TAG;dev->common.version = FINGERPRINT_MODULE_API_VERSION_2_0;dev->common.module = (struct hw_module_t*) module;dev->common.close = fingerprint_close;dev->pre_enroll = fingerprint_pre_enroll;dev->enroll = fingerprint_enroll;dev->get_authenticator_id = fingerprint_get_auth_id;dev->cancel = fingerprint_cancel;dev->remove = fingerprint_remove;dev->set_active_group = fingerprint_set_active_group;dev->authenticate = fingerprint_authenticate;dev->set_notify = set_notify_callback;四.framework层

首先是SystemServer启动后，会去判断设备是否支持指纹，如果有start FingerprintService

frameworks/base/services/java/com/android/server/SystemServer.java

if (mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) { traceBeginAndSlog('StartFingerprintSensor'); mSystemServiceManager.startService(FingerprintService.class); traceEnd();}

此处mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)的判断，大家可以去frameworks/base/core/java/android/content/pm/PackageManager.java中追代码看看，逻辑很简单。

就是判断系统内vendor/etc/permissions目录下是否有：android.hardware.fingerprint.xml 文件

调试的那篇说过这个配置是setting里有没有指纹选项的关键：

PRODUCT_COPY_FILES := frameworks/native/data/etc/android.hardware.fingerprint.xml:vendor/etc/permissions/android.hardware.fingerprint.xml

下面转到，frameworks/base/services/core/java/com/android/server/fingerprint/FingerprintService.java，以下代码前半部分是与hal 2.1 service通信的部分，通过mDaemon = IBiometricsFingerprint.getService()，获取2.1 service

后半部分可以看出其继承IFingerprintService.aidl，这个aidl类就是实现Manager和Service通信的桥梁。

public synchronized IBiometricsFingerprint getFingerprintDaemon() {if (mDaemon == null) { Slog.v(TAG, 'mDaemon was null, reconnect to fingerprint'); try {mDaemon = IBiometricsFingerprint.getService(); } catch (java.util.NoSuchElementException e) {// Service doesn’t exist or cannot be opened. Logged below. } catch (RemoteException e) {Slog.e(TAG, 'Failed to get biometric interface', e); } if (mDaemon == null) {Slog.w(TAG, 'fingerprint HIDL not available');return null; } mDaemon.asBinder().linkToDeath(this, 0); try {mHalDeviceId = mDaemon.setNotify(mDaemonCallback); } catch (RemoteException e) {Slog.e(TAG, 'Failed to open fingerprint HAL', e);mDaemon = null; // try again later! } if (DEBUG) Slog.v(TAG, 'Fingerprint HAL id: ' + mHalDeviceId); if (mHalDeviceId != 0) {loadAuthenticatorIds();updateActiveGroup(ActivityManager.getCurrentUser(), null);doFingerprintCleanupForUser(ActivityManager.getCurrentUser()); } else {Slog.w(TAG, 'Failed to open Fingerprint HAL!');MetricsLogger.count(mContext, 'fingerprintd_openhal_error', 1);mDaemon = null; } //************************************************************************************// private final class FingerprintServiceWrapper extends IFingerprintService.Stub {@Override // Binder callpublic long preEnroll(IBinder token) { checkPermission(MANAGE_FINGERPRINT); return startPreEnroll(token);} @Override // Binder callpublic int postEnroll(IBinder token) { checkPermission(MANAGE_FINGERPRINT); return startPostEnroll(token);} @Override // Binder callpublic void enroll(final IBinder token, final byte[] cryptoToken, final int userId,final IFingerprintServiceReceiver receiver, final int flags,final String opPackageName) { checkPermission(MANAGE_FINGERPRINT); final int limit = mContext.getResources().getInteger( com.android.internal.R.integer.config_fingerprintMaxTemplatesPerUser); final int enrolled = FingerprintService.this.getEnrolledFingerprints(userId).size(); if (enrolled >= limit) {Slog.w(TAG, 'Too many fingerprints registered');return; }}return mDaemon; }

对FingerprintService再往上一层的封装是FingerprintManager，应用app可以直接和它通信

frameworks/base/core/java/android/hardware/fingerprint/FingerprintManager.java （以下为搜索mService的代码，大家可以自己去看看）

private IFingerprintService mService;if (mService != null) try { mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags, if (mService != null) {mService.authenticate(mToken, sessionId, userId, mServiceReceiver, if (mService != null) try { mService.enroll(mToken, token, userId, mServiceReceiver, flags, if (mService != null) try { result = mService.preEnroll(mToken);if (mService != null) try { result = mService.postEnroll(mToken);if (mService != null) try { mService.setActiveUser(userId);if (mService != null) try { mService.remove(mToken, fp.getFingerId(), fp.getGroupId(), userId, mServiceReceiver); mService.remove(mToken, fp.getFingerId(), fp.getGroupId(), userId, mServiceReceiver);if (mService != null) try { mService.enumerate(mToken, userId, mServiceReceiver); if (mService != null) {mService.rename(fpId, userId, newName);if (mService != null) try { return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName());if (mService != null) try { return mService.hasEnrolledFingerprints(if (mService != null) try { return mService.hasEnrolledFingerprints(userId, mContext.getOpPackageName());if (mService != null) {return mService.isHardwareDetected(deviceId, mContext.getOpPackageName());if (mService != null) {return mService.getAuthenticatorId(mContext.getOpPackageName());if (mService != null) {mService.resetTimeout(token);if (mService == null) {if (mService != null) try { mService.cancelEnrollment(mToken);if (mService != null) try { mService.cancelAuthentication(mToken, mContext.getOpPackageName());

以上代码大家可以发现FingerprintManager其实并没有真正实现什么接口，都是调用的IFingerprintService，这里就用到aidl了，FingerprintManager通过aidl的Stub获取了Fingerprintservice，然后在这里去调用这个service的方法，以操作service，这就是aidl的作用。

frameworks/base/core/java/android/hardware/fingerprint/IFingerprintService.aidl （大家如果去看完整的代码，这里的接口是和FingerprintManager中调用的完全一致的）

interface IFingerprintService { // Authenticate the given sessionId with a fingerprint void authenticate(IBinder token, long sessionId, int userId, IFingerprintServiceReceiver receiver, int flags, String opPackageName, in Bundle bundle, IBiometricPromptReceiver dialogReceiver); // Cancel authentication for the given sessionId void cancelAuthentication(IBinder token, String opPackageName); // Start fingerprint enrollment void enroll(IBinder token, in byte [] cryptoToken, int groupId, IFingerprintServiceReceiver receiver, int flags, String opPackageName); // Cancel enrollment in progress void cancelEnrollment(IBinder token); // Any errors resulting from this call will be returned to the listener void remove(IBinder token, int fingerId, int groupId, int userId, IFingerprintServiceReceiver receiver); // Rename the fingerprint specified by fingerId and groupId to the given name void rename(int fingerId, int groupId, String name); // Get a list of enrolled fingerprints in the given group. List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName); // Determine if HAL is loaded and ready boolean isHardwareDetected(long deviceId, String opPackageName); // Get a pre-enrollment authentication token long preEnroll(IBinder token); // Finish an enrollment sequence and invalidate the authentication token int postEnroll(IBinder token); 五.总结

根据以上可以画出这样一张流程图（以下以汇顶指纹为例，流程上都是一样的）

System APP下发注册命令->FingerprintManager收到命令->FingerprintService收到命令->（2.1 service）BiometricsFingerprint收到命令->(fingerprint.default.so)Fingerprint.cpp收到命令->指纹CA收到命令->指纹TA收到命令->SPI采集数据算法进行注册等

以上就是全面解析Android系统指纹启动流程的详细内容，更多关于Android启动流程的资料请关注好吧啦网其它相关文章！