本章主要整理Android 指紋啟動流程，側重于hal和framework部分。

下圖圖片出處 →

Boot ROM，Android設備上電后，首先會從處理器片上ROM的啟動引導代碼開始執行，片上ROM會尋找Bootloader代碼，并加載到內存。主要就是上電讓系統啟動。

Bootloader開始執行，首先負責完成硬件的初始化，然后找到Linux內核代碼，并加載到內存。

啟動過程中，bootloader(默認是bootable/bootloader/lk)會根據機器硬件信息選擇合適的devicetree（dts）裝入內存，如果采用pin id兼容，那么在此時就可以通過讀取ID pin的值（這個是硬件拉的，跟硬件工程師確認是怎么對應IC的即可）判斷指紋的IC了。

Kernel，Linux內核開始啟動，初始化各種軟硬件環境，加載驅動程序，掛載根文件系統，在系統文件中尋找init.rc文件，并啟動init進程。Kernel中，加載指紋驅動，根據傳入的dts信息創建設備節點，注冊設備。

Init，初始化和啟動屬性服務，并且啟動Zygote進程。

找到android.hardware.biometrics.fingerprint@2.1-service.rc，啟動android.hardware.biometrics.fingerprint@2.1-service，會去open fingerprint.deault.so，等待與上層通信。

Zygote進程啟動，創建java虛擬機并為java虛擬機注冊JNI方法，創建服務器端Socket，啟動SystemServer進程。

SystemServer進程啟動，啟動Binder線程池和SystemServiceManager，并且啟動各種系統服務。會啟動Fingerprintservice

以上是從Android啟動流程看每個階段指紋的啟動流程 ，下面依次詳細展開介紹。

主要就是設備節點驅動的注冊，在此不再詳細說了，重點關注probe函數。

首先，hardware/interfaces/biometrics/fingerprint/2.1/default/android.hardware.biometrics.fingerprint@2.1-service.rc（以下簡稱2.1 rc）

service vendor.fps_hal /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service # 'class hal' causes a race condition on some devices due to files created # in /data. As a workaround, postpone startup until later in boot once # /data is mounted. class late_start user system group system input writepid /dev/cpuset/system-background/tasks

會使位于系統vendor/bin/hw下的android.hardware.biometrics.fingerprint@2.1-service（以下簡稱2.1 bin）開機自啟動，啟動后會注冊2.1 service

該bin服務對應的代碼在：hardware/interfaces/biometrics/fingerprint/2.1/default/service.cpp，整個注冊過程只有兩步，首先實例化傳入的 IBiometricsFingerprint 接口對象，然后通過 registerAsService 將服務注冊到 hwservicemanager。

int main() { android::sp<IBiometricsFingerprint> bio = BiometricsFingerprint::getInstance(); configureRpcThreadpool(1, true /*callerWillJoin*/); if (bio != nullptr) {if (::android::OK != bio->registerAsService()) { //*****注冊服務***** return 1;} } else {ALOGE('Can’t create instance of BiometricsFingerprint, nullptr'); } joinRpcThreadpool(); return 0; // should never get here}

hardware/interfaces/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp，重點關注openHal函數，會去打開fingerprint.default.so

fingerprint_device_t* BiometricsFingerprint::openHal() { int err; const hw_module_t *hw_mdl = nullptr; ALOGD('Opening fingerprint hal library...'); //*******打開fingerprint.default.so******** if (0 != (err = hw_get_module(FINGERPRINT_HARDWARE_MODULE_ID, &hw_mdl))) {ALOGE('Can’t open fingerprint HW Module, error: %d', err);return nullptr; } if (hw_mdl == nullptr) {ALOGE('No valid fingerprint module');return nullptr; } fingerprint_module_t const *module =reinterpret_cast<const fingerprint_module_t*>(hw_mdl); if (module->common.methods->open == nullptr) {ALOGE('No valid open method');return nullptr; } hw_device_t *device = nullptr; if (0 != (err = module->common.methods->open(hw_mdl, nullptr, &device))) {ALOGE('Can’t open fingerprint methods, error: %d', err);return nullptr; } if (kVersion != device->version) {// enforce version on new devices because of HIDL@2.1 translation layerALOGE('Wrong fp version. Expected %d, got %d', kVersion, device->version);return nullptr; } fingerprint_device_t* fp_device =reinterpret_cast<fingerprint_device_t*>(device); if (0 != (err = fp_device->set_notify(fp_device, BiometricsFingerprint::notify))) {ALOGE('Can’t register fingerprint module callback, error: %d', err);return nullptr; } return fp_device;}

關于fingerprint.default.so這個都是供應商提供的，一般都不開源，不過Android原生也是有這部分代碼的（當然只是看看，并不能使用）

hardware/libhardware/include/hardware/fingerprint.h

hardware/libhardware/modules/fingerprint/fingerprint.c

這部分代碼不再展開貼在這里了，大家可以自行去看看，主要就是fingerprint_open打開設備（設備節點），然后定義了一系列函數。

dev->common.tag = HARDWARE_DEVICE_TAG;dev->common.version = FINGERPRINT_MODULE_API_VERSION_2_0;dev->common.module = (struct hw_module_t*) module;dev->common.close = fingerprint_close;dev->pre_enroll = fingerprint_pre_enroll;dev->enroll = fingerprint_enroll;dev->get_authenticator_id = fingerprint_get_auth_id;dev->cancel = fingerprint_cancel;dev->remove = fingerprint_remove;dev->set_active_group = fingerprint_set_active_group;dev->authenticate = fingerprint_authenticate;dev->set_notify = set_notify_callback;四.framework層

首先是SystemServer啟動后，會去判斷設備是否支持指紋，如果有start FingerprintService

frameworks/base/services/java/com/android/server/SystemServer.java

if (mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) { traceBeginAndSlog('StartFingerprintSensor'); mSystemServiceManager.startService(FingerprintService.class); traceEnd();}

此處mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)的判斷，大家可以去frameworks/base/core/java/android/content/pm/PackageManager.java中追代碼看看，邏輯很簡單。

就是判斷系統內vendor/etc/permissions目錄下是否有：android.hardware.fingerprint.xml 文件

調試的那篇說過這個配置是setting里有沒有指紋選項的關鍵：

PRODUCT_COPY_FILES := frameworks/native/data/etc/android.hardware.fingerprint.xml:vendor/etc/permissions/android.hardware.fingerprint.xml

下面轉到，frameworks/base/services/core/java/com/android/server/fingerprint/FingerprintService.java，以下代碼前半部分是與hal 2.1 service通信的部分，通過mDaemon = IBiometricsFingerprint.getService()，獲取2.1 service

后半部分可以看出其繼承IFingerprintService.aidl，這個aidl類就是實現Manager和Service通信的橋梁。

public synchronized IBiometricsFingerprint getFingerprintDaemon() {if (mDaemon == null) { Slog.v(TAG, 'mDaemon was null, reconnect to fingerprint'); try {mDaemon = IBiometricsFingerprint.getService(); } catch (java.util.NoSuchElementException e) {// Service doesn’t exist or cannot be opened. Logged below. } catch (RemoteException e) {Slog.e(TAG, 'Failed to get biometric interface', e); } if (mDaemon == null) {Slog.w(TAG, 'fingerprint HIDL not available');return null; } mDaemon.asBinder().linkToDeath(this, 0); try {mHalDeviceId = mDaemon.setNotify(mDaemonCallback); } catch (RemoteException e) {Slog.e(TAG, 'Failed to open fingerprint HAL', e);mDaemon = null; // try again later! } if (DEBUG) Slog.v(TAG, 'Fingerprint HAL id: ' + mHalDeviceId); if (mHalDeviceId != 0) {loadAuthenticatorIds();updateActiveGroup(ActivityManager.getCurrentUser(), null);doFingerprintCleanupForUser(ActivityManager.getCurrentUser()); } else {Slog.w(TAG, 'Failed to open Fingerprint HAL!');MetricsLogger.count(mContext, 'fingerprintd_openhal_error', 1);mDaemon = null; } //************************************************************************************// private final class FingerprintServiceWrapper extends IFingerprintService.Stub {@Override // Binder callpublic long preEnroll(IBinder token) { checkPermission(MANAGE_FINGERPRINT); return startPreEnroll(token);} @Override // Binder callpublic int postEnroll(IBinder token) { checkPermission(MANAGE_FINGERPRINT); return startPostEnroll(token);} @Override // Binder callpublic void enroll(final IBinder token, final byte[] cryptoToken, final int userId,final IFingerprintServiceReceiver receiver, final int flags,final String opPackageName) { checkPermission(MANAGE_FINGERPRINT); final int limit = mContext.getResources().getInteger( com.android.internal.R.integer.config_fingerprintMaxTemplatesPerUser); final int enrolled = FingerprintService.this.getEnrolledFingerprints(userId).size(); if (enrolled >= limit) {Slog.w(TAG, 'Too many fingerprints registered');return; }}return mDaemon; }

對FingerprintService再往上一層的封裝是FingerprintManager，應用app可以直接和它通信

frameworks/base/core/java/android/hardware/fingerprint/FingerprintManager.java （以下為搜索mService的代碼，大家可以自己去看看）

private IFingerprintService mService;if (mService != null) try { mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags, if (mService != null) {mService.authenticate(mToken, sessionId, userId, mServiceReceiver, if (mService != null) try { mService.enroll(mToken, token, userId, mServiceReceiver, flags, if (mService != null) try { result = mService.preEnroll(mToken);if (mService != null) try { result = mService.postEnroll(mToken);if (mService != null) try { mService.setActiveUser(userId);if (mService != null) try { mService.remove(mToken, fp.getFingerId(), fp.getGroupId(), userId, mServiceReceiver); mService.remove(mToken, fp.getFingerId(), fp.getGroupId(), userId, mServiceReceiver);if (mService != null) try { mService.enumerate(mToken, userId, mServiceReceiver); if (mService != null) {mService.rename(fpId, userId, newName);if (mService != null) try { return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName());if (mService != null) try { return mService.hasEnrolledFingerprints(if (mService != null) try { return mService.hasEnrolledFingerprints(userId, mContext.getOpPackageName());if (mService != null) {return mService.isHardwareDetected(deviceId, mContext.getOpPackageName());if (mService != null) {return mService.getAuthenticatorId(mContext.getOpPackageName());if (mService != null) {mService.resetTimeout(token);if (mService == null) {if (mService != null) try { mService.cancelEnrollment(mToken);if (mService != null) try { mService.cancelAuthentication(mToken, mContext.getOpPackageName());

以上代碼大家可以發現FingerprintManager其實并沒有真正實現什么接口，都是調用的IFingerprintService，這里就用到aidl了，FingerprintManager通過aidl的Stub獲取了Fingerprintservice，然后在這里去調用這個service的方法，以操作service，這就是aidl的作用。

frameworks/base/core/java/android/hardware/fingerprint/IFingerprintService.aidl （大家如果去看完整的代碼，這里的接口是和FingerprintManager中調用的完全一致的）

interface IFingerprintService { // Authenticate the given sessionId with a fingerprint void authenticate(IBinder token, long sessionId, int userId, IFingerprintServiceReceiver receiver, int flags, String opPackageName, in Bundle bundle, IBiometricPromptReceiver dialogReceiver); // Cancel authentication for the given sessionId void cancelAuthentication(IBinder token, String opPackageName); // Start fingerprint enrollment void enroll(IBinder token, in byte [] cryptoToken, int groupId, IFingerprintServiceReceiver receiver, int flags, String opPackageName); // Cancel enrollment in progress void cancelEnrollment(IBinder token); // Any errors resulting from this call will be returned to the listener void remove(IBinder token, int fingerId, int groupId, int userId, IFingerprintServiceReceiver receiver); // Rename the fingerprint specified by fingerId and groupId to the given name void rename(int fingerId, int groupId, String name); // Get a list of enrolled fingerprints in the given group. List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName); // Determine if HAL is loaded and ready boolean isHardwareDetected(long deviceId, String opPackageName); // Get a pre-enrollment authentication token long preEnroll(IBinder token); // Finish an enrollment sequence and invalidate the authentication token int postEnroll(IBinder token); 五.總結

根據以上可以畫出這樣一張流程圖（以下以匯頂指紋為例，流程上都是一樣的）

System APP下發注冊命令->FingerprintManager收到命令->FingerprintService收到命令->（2.1 service）BiometricsFingerprint收到命令->(fingerprint.default.so)Fingerprint.cpp收到命令->指紋CA收到命令->指紋TA收到命令->SPI采集數據算法進行注冊等

以上就是全面解析Android系統指紋啟動流程的詳細內容，更多關于Android啟動流程的資料請關注好吧啦網其它相關文章！