SlideShare une entreprise Scribd logo

Android 5.0 Lollipop platform change investigation report

H
hidenorly

Android 5.0 Lollipop brings huge change, compare to before. This report includes statistics from source code with data and hidden features from source code & git log investigation.

Mobile
1  sur  30
Télécharger pour lire hors ligne
Lollipop platform change まとめ @hidenorly
Statistics about L
Source code size comparison [GB] ( 9.54GB ) (13.63GB) 42.8% UP
New public API additions 6309 1783 x3.54! diff -u -r -N jb-mr2/frameworks/base/api/current.txt kkmr2/frameworks/base/api/current.txt | grep "^+" | grep "public " | wc -l diff -u -r -N kkmr2/frameworks/base/api/current.txt l/frameworks/base/api/current.txt | grep "^+" | grep "public " | wc -l
Changed files (frameworks/base) 4475 2162 x2.07 diff -u -r -N --exclude=*.xml --exclude=.git --exclude=*.html --exclude=*.png --exclude=*.jpeg --exclude=*.jar --exclude=*.jd --exclude=*.js --exclude=*.css jb-mr2/frameworks/base kkmr2/frameworks/base | grep “^+++” | wc -l
Diff size comparion (frameworks/base) 19.14 61.33 x3.2 $ diff -u -r -N --exclude=*.xml --exclude=.git --exclude=*.html --exclude=*.png --exclude=*.jpeg --exclude=*.jar --exclude=*.jd --exclude=*.js --exclude=*.css jb-mr2/frameworks/base kkmr2/frameworks/base > jbmr2-kkmr2-frameworks-base.txt $ diff -u -r -N --exclude=*.xml --exclude=.git --exclude=*.html --exclude=*.png --exclude=*.jpeg --exclude=*.jar --exclude=*.jd --exclude=*.js --elude=*.css kkmr2/frameworks/base l-snapshot/frameworks/base > kkmr2-l-frameworks-base.txt
Services in frameworks/base/services $ du -ak | grep ".java" | grep service -i | grep -v "tests" 63 85
Door to know what’s Lollipop
What’s new about L CDD? ● CDD stands for Compatible Definition Document. ● But L CDD is NOT published yet. ● Please check ○ http://source.android.com/compatibility/ ○ http://source.android.com/compatibility/android-cdd.pdf
Nexus & the platform support
Nexus6 is 560dpi device ● Nexus6 uses 560dpi! ○ But it is 492.8dpi (sqrt(2560^2+1440^2)/5.96inch) ○ 492.8dpi Commit a3fb40d5f492825bb86769f541620baca5616e05 Author: Dianne Hackborn <hackbod@google.com> Date: Tue Aug 12 15:06:50 2014 -0700 Add 560dpi, and some other stuff. ● Ideal combination is… 2560x1440/5.25inch = 560dpi
Nexus9 is the 1st 64bit ARMv8 device ARMv8 crypto extension support ● Userland (external/openssl) ○ Update ARM assembly patch ● kernel ○ Crypto extension for linux kernel crypto API ■ dm-crypt and dm-verity use this. ● Other 64bits ○ Please check my previous presentation also.
Appendix. AES perf (single core) by Geekbench3 0.039 0.034 0.708 2744 1.19 991 50.5 76.8
What’s new L - inside of L -
Security ● All of domain are enforced. ○ http://source.android.com/devices/tech/security/se-linux.html ■ In the Android 5.0 (L) release, Android moves to full enforcement of SELinux. ..snip.. In short, Android is shifting from enforcement on a limited set of crucial domains (installd, netd, vold and zygote) to everything (more than 60 domains). This means manufacturers will have to better understand and scale their SELinux implementations to provide compatible devices. Understand that: ● Everything is in enforcing mode in the 5.0 release ● No processes other than init should run in the init domain ● Any generic denial (for a block_device, socket_device, default_service, etc.) indicates that device needs a special domain
Default encryption by vold ● What we’ve added for Android 5.0 ○ Created fast encryption, which only encrypts used blocks on the data partition to avoid first boot taking a long time. Only ext4 and f2fs filesystems currently support fast encryption. ○ Added the forceencrypt flag to encrypt on first boot. ○ Added support for patterns and encryption without a password. ○ Added hardware-backed storage of the encryption key. See Storing the encrypted key for more details. Caution: Devices upgraded to Android 5.0 and then encrypted may be returned to an unencrypted state by factory data reset. New Android 5.0 devices encrypted at first boot cannot be returned to an unencrypted state. ● In system/vold/cryptfs.c #define DEFAULT_PASSWORD "64656661756c745f70617373776f7264"
dm-verity ● dm-verity is block level integrity check mechanism. ○ Used on Chromium OS. ● Lollipop supports dm-verity (fully). ○ build/target/product/verity.mk ■ PRODUCT_SUPPORTS_VERITY := true ■ PRODUCT_VERITY_SIGNING_KEY ○ Kernel: CONFIG_DM_VERITY
Block level FOTA Switching to block-oriented OTAs To enable dm-verity on your devices, you must move from file-based "over the air" (OTA) updates to block-oriented OTAs. This is needed because during OTA, Android attempts to change the contents of the system partition at the filesystem layer. And since OTA works on a file-by-file basis, it is not guaranteed to write files in a consistent order, have a consistent last modified time or superblock, or even place the blocks in the same location on the block device. For this reason, file-based OTAs will fail on a dm-verity-enabled device.The device will not boot after OTA. ● ota_from_target_files --block Generate a block-based OTA if possible. Will fall back to a file-based OTA if the target_files is older and doesn't support block-based OTAs.
ART’s AOT impacts ● Prebuilt (odex) WITH_PREDEXOPT:=true Odex size is approx. x3 sizeof classes.dex (In Google I/O, it was announced that the size was x2. 4 of dex.) ● And the odex was copied to /data/dalvik-cache
Application location <pre-installed> ● /system/{app|priv-app}/apkname/ ○ apkname.apk (apk itself) ○ lib/[arm|arm64]/hoge.so (natibe library (extracted)) ○ [arm|arm64]/apkname.odex (if WITH_DEXPREOPT:=true) ● commit 1e9189a276e967a7a74ff44a44cf627764396954 Author: Jeff Sharkey <jsharkey@android.com> Date: Thu Jul 17 10:56:48 2014 -0700 Support cluster-style installs for bundled apps.
Application location <user-installed> ● /data/app/packagename-1/base.apk ○ Same as installed apk file itself ● /data/dalvik-cache/ arm/data@app@packagename- 1@base.apk@classes.dex ○ AOT result
logcat on adb install hogeApp.apk Copying /data/local/tmp/hogeApp.apk to base.apk Renaming /data/app/vmdl1863917432.tmp to /data/app/com.hoge.hogeApp-1 /data/app/com.hoge.hogeApp-1/base.apk pkg=com.hoge.hogeApp isa=arm vmSafeMode=false /system/bin/dex2oat --zip-fd=6 --zip-location=/data/app/com.hoge.hogeApp- 1/base.apk --oat-fd=7 --oat-location=/data/dalvik-cache/arm/data@app@com. hoge.hogeApp-1@base.apk@classes.dex --instruction-set=arm --instruction-set- features=div --runtime-arg -Xms64m --runtime-arg -Xmx512m restoreAtInstall pkg=com.hoge.hogeApp token=15 restoreSet=0 Finishing install immediately
@SystemApi /** * Indicates an API is exposed for use by bundled system applications. * <p> * These APIs are not guaranteed to remain consistent release-to-release, * and are not for use by apps linking against the Android SDK. * </p><p> * This annotation should only appear on API that is already marked <pre>@hide</pre>. * </p> * * @hide */ /work/l/frameworks/base$ grep "@SystemApi" -nr ./* | wc -l 489
Services… welcome & farewell from frameworks/base/services ● Added ○ BackgroundDexOptService ○ FingerprintService ○ HdmiControlService ○ JobSchedulerService / JobServiceContext ○ KeySetManagerService ○ LauncherAppsService ○ ManagedServices ○ MediaProjectionManagerService ○ MediaSessionService ○ MmsServiceBroker ○ MountServiceIdler ○ NetworkScoreService ○ PackageInstallerService ○ PersistentDataBlockService ○ RestrictionsManagerService ○ ServiceThread ○ SystemService/SystemServiceManager ○ TrustManagerService ○ TvInputManagerService ○ UserUsageStatsService ○ VoiceInteractionManagerService/VoiceInteractionManagerServiceImpl ○ WebViewUpdateService ● Gone? ○ IIdleMaintenanceService ○ RecognitionManagerService ○ WifiService (-> frameworks/opt/net/wifi/service/java/com/a ndroid/server/wifi)
SystemWebView ● Generate symlinks to libwebviewchromium. so in /system/priv-app ● Make the WebView Java library into an APK. ● Move WebView resources to separate APK ● Update framework resource references. ● Prepare WebView library APK. ● Include pak files in the WebView apk.
New HAL since L ● hardware/libhardware ○ activity_recognition.h ○ audio_alsaops.h ○ bt_hf_client.h ○ bt_mce.h ○ fingerprint.h ○ hdmi_cec.h ○ nfc_tag.h ○ sound_trigger.h ○ tv_input.h ○ vibrator.h ● hardware/libhardware_legacy ○ gscan.h ○ link_layer_stats.h ○ rtt.h ○ tdls.h ○ wifi_hal.h
Finger print HAL typedef struct fingerprint_enroll { uint32_t id; /* samples_remaining goes from N (no data collected, but N scans needed) * to 0 (no more data is needed to build a template). * The progress indication may be augmented by a bitmap encoded indication * of finger area that needs to be presented by the user. * Bit numbers mapped to physical location: * * distal * +-+-+-+ * |2|1|0| * |5|4|3| * medial |8|7|6| lateral * |b|a|9| * |e|d|c| * +-+-+-+ * proximal * */ uint16_t data_collected_bmp; uint16_t samples_remaining; } fingerprint_enroll_t; typedef struct fingerprint_msg { fingerprint_msg_type_t type; union { uint64_t raw; fingerprint_error_t error; fingerprint_enroll_t enroll; fingerprint_removed_t removed; fingerprint_acquired_t acquired; fingerprint_processed_t processed; } data; } fingerprint_msg_t;
sound_trigger HAL * Retrieve implementation properties. int (*get_properties)(const struct sound_trigger_hw_device *dev, struct sound_trigger_properties *properties); * Load a sound model. Once loaded, recognition of this model can be started and stopped. * Only one active recognition per model at a time. The SoundTrigger service will handle * concurrent recognition requests by different users/applications on the same model. * The implementation returns a unique handle used by other functions (unload_sound_model(), * start_recognition(), etc... int (*load_sound_model)(const struct sound_trigger_hw_device *dev, struct sound_trigger_sound_model *sound_model, sound_model_callback_t callback, void *cookie, sound_model_handle_t *handle); * Unload a sound model. A sound model can be unloaded to make room for a new one to overcome * implementation limitations. int (*unload_sound_model)(const struct sound_trigger_hw_device *dev, sound_model_handle_t handle); /* Start recognition on a given model. Only one recognition active at a time per model. * Once recognition succeeds of fails, the callback is called. * TODO: group recognition configuration parameters into one struct and add key phrase options. int (*start_recognition)(const struct sound_trigger_hw_device *dev, sound_model_handle_t sound_model_handle, const struct sound_trigger_recognition_config *config, recognition_callback_t callback, void *cookie); /* Stop recognition on a given model. * The implementation does not have to call the callback when stopped via this method. int (*stop_recognition)(const struct sound_trigger_hw_device *dev, sound_model_handle_t sound_model_handle);
High definition audio? Float mixer seems not to be used AudioMixer.cpp in frameworks/av // Set kUseNewMixer to true to use the new mixer engine. Otherwise the // original code will be used. This is false for now. static const bool kUseNewMixer = false; // Set kUseFloat to true to allow floating input into the mixer engine. // If kUseNewMixer is false, this is ignored or may be overridden internally // because of downmix/upmix support. static const bool kUseFloat = true; t->mMixerInFormat = kUseFloat && kUseNewMixer ? AUDIO_FORMAT_PCM_FLOAT : AUDIO_FORMAT_PCM_16_BIT; https://www.google.com/events/io/io14videos/0f228fb0-42e0-e311-b297-00155d5066d7
Multidex as platform build # Build the master framework library. # The framework contains too many method references (>64K) for poor old DEX. # So we first build the framework as a monolithic static library then split it # up into smaller pieces. LOCAL_MODULE := framework LOCAL_DX_FLAGS := --core-library --multi-dex See more

Recommandé

Integrity Protection for Embedded Systems
Integrity Protection for Embedded SystemsIntegrity Protection for Embedded Systems
Integrity Protection for Embedded Systems
Samsung Open Source Group
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt Introduction
Logic Solutions, Inc.
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
OWASP
 
U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0
GlobalLogic Ukraine
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
ARM Architecture and Meltdown/Spectre
ARM Architecture and Meltdown/SpectreARM Architecture and Meltdown/Spectre
ARM Architecture and Meltdown/Spectre
GlobalLogic Ukraine
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Anne Nicolas
 
LAS16-403: GDB Linux Kernel Awareness
LAS16-403: GDB Linux Kernel AwarenessLAS16-403: GDB Linux Kernel Awareness
LAS16-403: GDB Linux Kernel Awareness
Linaro
 

Recommandé

Integrity Protection for Embedded Systems
Integrity Protection for Embedded SystemsIntegrity Protection for Embedded Systems
Integrity Protection for Embedded Systems
Samsung Open Source Group
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt Introduction
Logic Solutions, Inc.
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
OWASP
 
U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0
GlobalLogic Ukraine
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
ARM Architecture and Meltdown/Spectre
ARM Architecture and Meltdown/SpectreARM Architecture and Meltdown/Spectre
ARM Architecture and Meltdown/Spectre
GlobalLogic Ukraine
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Anne Nicolas
 
LAS16-403: GDB Linux Kernel Awareness
LAS16-403: GDB Linux Kernel AwarenessLAS16-403: GDB Linux Kernel Awareness
LAS16-403: GDB Linux Kernel Awareness
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
Linaro
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
David Pasek
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
Anne Nicolas
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
Priyanka Aash
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
Tuned
TunedTuned
Tuned
Reanimation Bk
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
GlobalLogic Ukraine
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
Linux : PSCI
Linux : PSCILinux : PSCI
Linux : PSCI
Mr. Vengineer
 
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Security Session
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
Linaro
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
Cyber Security Alliance
 
Defense
DefenseDefense
Defense
Tawfiq Shah
 
Debugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesDebugging linux kernel tools and techniques
Debugging linux kernel tools and techniques
Satpal Parmar
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Anne Nicolas
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
JobScheduler Code Reading
JobScheduler Code ReadingJobScheduler Code Reading
JobScheduler Code Reading
Shinobu Okano
 
Running Code in the Android Stack at ELCE 2013
Running Code in the Android Stack at ELCE 2013Running Code in the Android Stack at ELCE 2013
Running Code in the Android Stack at ELCE 2013
Opersys inc.
 

Contenu connexe

Tendances

Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
Linaro
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
David Pasek
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
Anne Nicolas
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
Priyanka Aash
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
Linaro
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Anne Nicolas
 

Tendances (20)

Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processor
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
Tuned
TunedTuned
Tuned
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
 
Linux : PSCI
Linux : PSCILinux : PSCI
Linux : PSCI
 
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
Wintel Hell: průvodce devíti kruhy Dantova technologického pekla / MARTIN HRO...
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
Defense
DefenseDefense
Defense
 
Debugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesDebugging linux kernel tools and techniques
Debugging linux kernel tools and techniques
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
 

En vedette

Running Code in the Android Stack at ELCE 2013
Running Code in the Android Stack at ELCE 2013Running Code in the Android Stack at ELCE 2013
Running Code in the Android Stack at ELCE 2013
Opersys inc.
 

En vedette (8)

JobScheduler Code Reading
JobScheduler Code ReadingJobScheduler Code Reading
JobScheduler Code Reading
 
Running Code in the Android Stack at ELCE 2013
Running Code in the Android Stack at ELCE 2013Running Code in the Android Stack at ELCE 2013
Running Code in the Android Stack at ELCE 2013
 
Java9 and Project Jigsaw
Java9 and Project JigsawJava9 and Project Jigsaw
Java9 and Project Jigsaw
 
EMSCRIPTEN: 將應用快速 PORT 到 JAVASCRIPT 上的神物
EMSCRIPTEN: 將應用快速 PORT 到 JAVASCRIPT 上的神物EMSCRIPTEN: 將應用快速 PORT 到 JAVASCRIPT 上的神物
EMSCRIPTEN: 將應用快速 PORT 到 JAVASCRIPT 上的神物
 
Chromium OS Introduction
Chromium OS IntroductionChromium OS Introduction
Chromium OS Introduction
 
Java9新機能概要
Java9新機能概要Java9新機能概要
Java9新機能概要
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in Android
 
10のJava9で変わるJava8の嫌なとこ!
10のJava9で変わるJava8の嫌なとこ!10のJava9で変わるJava8の嫌なとこ!
10のJava9で変わるJava8の嫌なとこ!
 

Similaire à Android 5.0 Lollipop platform change investigation report

26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
Linaro
 
Php Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick RethansPhp Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick Rethans
Bachkoutou Toutou
 
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin
 
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
Diane Mueller
 

Similaire à Android 5.0 Lollipop platform change investigation report (20)

Embedded Android
Embedded AndroidEmbedded Android
Embedded Android
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Beyond printk: Efficient Zynq UltraScale+ MPSoC Linux Debugging and Development
Beyond printk: Efficient Zynq UltraScale+ MPSoC Linux Debugging and DevelopmentBeyond printk: Efficient Zynq UltraScale+ MPSoC Linux Debugging and Development
Beyond printk: Efficient Zynq UltraScale+ MPSoC Linux Debugging and Development
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
7 hands on
7 hands on7 hands on
7 hands on
 
Linkmeup v076(2019-06).2
Linkmeup v076(2019-06).2Linkmeup v076(2019-06).2
Linkmeup v076(2019-06).2
 
Cloud firewall logging
Cloud firewall loggingCloud firewall logging
Cloud firewall logging
 
Labs_BT_20221017.pptx
Labs_BT_20221017.pptxLabs_BT_20221017.pptx
Labs_BT_20221017.pptx
 
FRIDA 101 Android
FRIDA 101 AndroidFRIDA 101 Android
FRIDA 101 Android
 
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
 
Practical Operation Automation with StackStorm
Practical Operation Automation with StackStormPractical Operation Automation with StackStorm
Practical Operation Automation with StackStorm
 
Php Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick RethansPhp Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick Rethans
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
 
Backtrack Manual Part4
Backtrack Manual Part4Backtrack Manual Part4
Backtrack Manual Part4
 
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
OpenShift Origin Community Day (Boston) Extending OpenShift Origin: Build You...
 
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
OpenShift Origin Community Day (Boston) Writing Cartridges V2 by Jhon Honce
 
Readme
ReadmeReadme
Readme
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
 
Investigation report on 64 bit support and some of new features in aosp master
Investigation report on 64 bit support and some of new features in aosp masterInvestigation report on 64 bit support and some of new features in aosp master
Investigation report on 64 bit support and some of new features in aosp master
 
Android Development Tools
Android Development ToolsAndroid Development Tools
Android Development Tools
 

Dernier

9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
nishacall1
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Cara Menggugurkan Kandungan 087776558899
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
nishacall1
 

Dernier (6)

9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
Leading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfLeading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdf
 

Android 5.0 Lollipop platform change investigation report

  • 1. Lollipop platform change まとめ @hidenorly
  • 3. Source code size comparison [GB] ( 9.54GB ) (13.63GB) 42.8% UP
  • 4. New public API additions 6309 1783 x3.54! diff -u -r -N jb-mr2/frameworks/base/api/current.txt kkmr2/frameworks/base/api/current.txt | grep "^+" | grep "public " | wc -l diff -u -r -N kkmr2/frameworks/base/api/current.txt l/frameworks/base/api/current.txt | grep "^+" | grep "public " | wc -l
  • 5. Changed files (frameworks/base) 4475 2162 x2.07 diff -u -r -N --exclude=*.xml --exclude=.git --exclude=*.html --exclude=*.png --exclude=*.jpeg --exclude=*.jar --exclude=*.jd --exclude=*.js --exclude=*.css jb-mr2/frameworks/base kkmr2/frameworks/base | grep “^+++” | wc -l
  • 6. Diff size comparion (frameworks/base) 19.14 61.33 x3.2 $ diff -u -r -N --exclude=*.xml --exclude=.git --exclude=*.html --exclude=*.png --exclude=*.jpeg --exclude=*.jar --exclude=*.jd --exclude=*.js --exclude=*.css jb-mr2/frameworks/base kkmr2/frameworks/base > jbmr2-kkmr2-frameworks-base.txt $ diff -u -r -N --exclude=*.xml --exclude=.git --exclude=*.html --exclude=*.png --exclude=*.jpeg --exclude=*.jar --exclude=*.jd --exclude=*.js --elude=*.css kkmr2/frameworks/base l-snapshot/frameworks/base > kkmr2-l-frameworks-base.txt
  • 7. Services in frameworks/base/services $ du -ak | grep ".java" | grep service -i | grep -v "tests" 63 85
  • 8. Door to know what’s Lollipop
  • 9. What’s new about L CDD? ● CDD stands for Compatible Definition Document. ● But L CDD is NOT published yet. ● Please check ○ http://source.android.com/compatibility/ ○ http://source.android.com/compatibility/android-cdd.pdf
  • 10. Nexus & the platform support
  • 11. Nexus6 is 560dpi device ● Nexus6 uses 560dpi! ○ But it is 492.8dpi (sqrt(2560^2+1440^2)/5.96inch) ○ 492.8dpi Commit a3fb40d5f492825bb86769f541620baca5616e05 Author: Dianne Hackborn <hackbod@google.com> Date: Tue Aug 12 15:06:50 2014 -0700 Add 560dpi, and some other stuff. ● Ideal combination is… 2560x1440/5.25inch = 560dpi
  • 12. Nexus9 is the 1st 64bit ARMv8 device ARMv8 crypto extension support ● Userland (external/openssl) ○ Update ARM assembly patch ● kernel ○ Crypto extension for linux kernel crypto API ■ dm-crypt and dm-verity use this. ● Other 64bits ○ Please check my previous presentation also.
  • 13. Appendix. AES perf (single core) by Geekbench3 0.039 0.034 0.708 2744 1.19 991 50.5 76.8
  • 14. What’s new L - inside of L -
  • 15. Security ● All of domain are enforced. ○ http://source.android.com/devices/tech/security/se-linux.html ■ In the Android 5.0 (L) release, Android moves to full enforcement of SELinux. ..snip.. In short, Android is shifting from enforcement on a limited set of crucial domains (installd, netd, vold and zygote) to everything (more than 60 domains). This means manufacturers will have to better understand and scale their SELinux implementations to provide compatible devices. Understand that: ● Everything is in enforcing mode in the 5.0 release ● No processes other than init should run in the init domain ● Any generic denial (for a block_device, socket_device, default_service, etc.) indicates that device needs a special domain
  • 16. Default encryption by vold ● What we’ve added for Android 5.0 ○ Created fast encryption, which only encrypts used blocks on the data partition to avoid first boot taking a long time. Only ext4 and f2fs filesystems currently support fast encryption. ○ Added the forceencrypt flag to encrypt on first boot. ○ Added support for patterns and encryption without a password. ○ Added hardware-backed storage of the encryption key. See Storing the encrypted key for more details. Caution: Devices upgraded to Android 5.0 and then encrypted may be returned to an unencrypted state by factory data reset. New Android 5.0 devices encrypted at first boot cannot be returned to an unencrypted state. ● In system/vold/cryptfs.c #define DEFAULT_PASSWORD "64656661756c745f70617373776f7264"
  • 17. dm-verity ● dm-verity is block level integrity check mechanism. ○ Used on Chromium OS. ● Lollipop supports dm-verity (fully). ○ build/target/product/verity.mk ■ PRODUCT_SUPPORTS_VERITY := true ■ PRODUCT_VERITY_SIGNING_KEY ○ Kernel: CONFIG_DM_VERITY
  • 18. Block level FOTA Switching to block-oriented OTAs To enable dm-verity on your devices, you must move from file-based "over the air" (OTA) updates to block-oriented OTAs. This is needed because during OTA, Android attempts to change the contents of the system partition at the filesystem layer. And since OTA works on a file-by-file basis, it is not guaranteed to write files in a consistent order, have a consistent last modified time or superblock, or even place the blocks in the same location on the block device. For this reason, file-based OTAs will fail on a dm-verity-enabled device.The device will not boot after OTA. ● ota_from_target_files --block Generate a block-based OTA if possible. Will fall back to a file-based OTA if the target_files is older and doesn't support block-based OTAs.
  • 19. ART’s AOT impacts ● Prebuilt (odex) WITH_PREDEXOPT:=true Odex size is approx. x3 sizeof classes.dex (In Google I/O, it was announced that the size was x2. 4 of dex.) ● And the odex was copied to /data/dalvik-cache
  • 20. Application location <pre-installed> ● /system/{app|priv-app}/apkname/ ○ apkname.apk (apk itself) ○ lib/[arm|arm64]/hoge.so (natibe library (extracted)) ○ [arm|arm64]/apkname.odex (if WITH_DEXPREOPT:=true) ● commit 1e9189a276e967a7a74ff44a44cf627764396954 Author: Jeff Sharkey <jsharkey@android.com> Date: Thu Jul 17 10:56:48 2014 -0700 Support cluster-style installs for bundled apps.
  • 21. Application location <user-installed> ● /data/app/packagename-1/base.apk ○ Same as installed apk file itself ● /data/dalvik-cache/ arm/data@app@packagename- 1@base.apk@classes.dex ○ AOT result
  • 22. logcat on adb install hogeApp.apk Copying /data/local/tmp/hogeApp.apk to base.apk Renaming /data/app/vmdl1863917432.tmp to /data/app/com.hoge.hogeApp-1 /data/app/com.hoge.hogeApp-1/base.apk pkg=com.hoge.hogeApp isa=arm vmSafeMode=false /system/bin/dex2oat --zip-fd=6 --zip-location=/data/app/com.hoge.hogeApp- 1/base.apk --oat-fd=7 --oat-location=/data/dalvik-cache/arm/data@app@com. hoge.hogeApp-1@base.apk@classes.dex --instruction-set=arm --instruction-set- features=div --runtime-arg -Xms64m --runtime-arg -Xmx512m restoreAtInstall pkg=com.hoge.hogeApp token=15 restoreSet=0 Finishing install immediately
  • 23. @SystemApi /** * Indicates an API is exposed for use by bundled system applications. * <p> * These APIs are not guaranteed to remain consistent release-to-release, * and are not for use by apps linking against the Android SDK. * </p><p> * This annotation should only appear on API that is already marked <pre>@hide</pre>. * </p> * * @hide */ /work/l/frameworks/base$ grep "@SystemApi" -nr ./* | wc -l 489
  • 24. Services… welcome & farewell from frameworks/base/services ● Added ○ BackgroundDexOptService ○ FingerprintService ○ HdmiControlService ○ JobSchedulerService / JobServiceContext ○ KeySetManagerService ○ LauncherAppsService ○ ManagedServices ○ MediaProjectionManagerService ○ MediaSessionService ○ MmsServiceBroker ○ MountServiceIdler ○ NetworkScoreService ○ PackageInstallerService ○ PersistentDataBlockService ○ RestrictionsManagerService ○ ServiceThread ○ SystemService/SystemServiceManager ○ TrustManagerService ○ TvInputManagerService ○ UserUsageStatsService ○ VoiceInteractionManagerService/VoiceInteractionManagerServiceImpl ○ WebViewUpdateService ● Gone? ○ IIdleMaintenanceService ○ RecognitionManagerService ○ WifiService (-> frameworks/opt/net/wifi/service/java/com/a ndroid/server/wifi)
  • 25. SystemWebView ● Generate symlinks to libwebviewchromium. so in /system/priv-app ● Make the WebView Java library into an APK. ● Move WebView resources to separate APK ● Update framework resource references. ● Prepare WebView library APK. ● Include pak files in the WebView apk.
  • 26. New HAL since L ● hardware/libhardware ○ activity_recognition.h ○ audio_alsaops.h ○ bt_hf_client.h ○ bt_mce.h ○ fingerprint.h ○ hdmi_cec.h ○ nfc_tag.h ○ sound_trigger.h ○ tv_input.h ○ vibrator.h ● hardware/libhardware_legacy ○ gscan.h ○ link_layer_stats.h ○ rtt.h ○ tdls.h ○ wifi_hal.h
  • 27. Finger print HAL typedef struct fingerprint_enroll { uint32_t id; /* samples_remaining goes from N (no data collected, but N scans needed) * to 0 (no more data is needed to build a template). * The progress indication may be augmented by a bitmap encoded indication * of finger area that needs to be presented by the user. * Bit numbers mapped to physical location: * * distal * +-+-+-+ * |2|1|0| * |5|4|3| * medial |8|7|6| lateral * |b|a|9| * |e|d|c| * +-+-+-+ * proximal * */ uint16_t data_collected_bmp; uint16_t samples_remaining; } fingerprint_enroll_t; typedef struct fingerprint_msg { fingerprint_msg_type_t type; union { uint64_t raw; fingerprint_error_t error; fingerprint_enroll_t enroll; fingerprint_removed_t removed; fingerprint_acquired_t acquired; fingerprint_processed_t processed; } data; } fingerprint_msg_t;
  • 28. sound_trigger HAL * Retrieve implementation properties. int (*get_properties)(const struct sound_trigger_hw_device *dev, struct sound_trigger_properties *properties); * Load a sound model. Once loaded, recognition of this model can be started and stopped. * Only one active recognition per model at a time. The SoundTrigger service will handle * concurrent recognition requests by different users/applications on the same model. * The implementation returns a unique handle used by other functions (unload_sound_model(), * start_recognition(), etc... int (*load_sound_model)(const struct sound_trigger_hw_device *dev, struct sound_trigger_sound_model *sound_model, sound_model_callback_t callback, void *cookie, sound_model_handle_t *handle); * Unload a sound model. A sound model can be unloaded to make room for a new one to overcome * implementation limitations. int (*unload_sound_model)(const struct sound_trigger_hw_device *dev, sound_model_handle_t handle); /* Start recognition on a given model. Only one recognition active at a time per model. * Once recognition succeeds of fails, the callback is called. * TODO: group recognition configuration parameters into one struct and add key phrase options. int (*start_recognition)(const struct sound_trigger_hw_device *dev, sound_model_handle_t sound_model_handle, const struct sound_trigger_recognition_config *config, recognition_callback_t callback, void *cookie); /* Stop recognition on a given model. * The implementation does not have to call the callback when stopped via this method. int (*stop_recognition)(const struct sound_trigger_hw_device *dev, sound_model_handle_t sound_model_handle);
  • 29. High definition audio? Float mixer seems not to be used AudioMixer.cpp in frameworks/av // Set kUseNewMixer to true to use the new mixer engine. Otherwise the // original code will be used. This is false for now. static const bool kUseNewMixer = false; // Set kUseFloat to true to allow floating input into the mixer engine. // If kUseNewMixer is false, this is ignored or may be overridden internally // because of downmix/upmix support. static const bool kUseFloat = true; t->mMixerInFormat = kUseFloat && kUseNewMixer ? AUDIO_FORMAT_PCM_FLOAT : AUDIO_FORMAT_PCM_16_BIT; https://www.google.com/events/io/io14videos/0f228fb0-42e0-e311-b297-00155d5066d7
  • 30. Multidex as platform build # Build the master framework library. # The framework contains too many method references (>64K) for poor old DEX. # So we first build the framework as a monolithic static library then split it # up into smaller pieces. LOCAL_MODULE := framework LOCAL_DX_FLAGS := --core-library --multi-dex See more